Re: [ntp:questions] NTPQ -P shows both IP and DNS name (parsing problem)

[Jakob Bohm]

On 21/06/2017 13:49, roman.mescherya...@gmail.com wrote:

вторник, 20 июня 2017 г., 19:38:53 UTC+3 пользователь David Woolley написал:

I think you are expected to use the relevant management request
directly, rather than parse output intended for humans.  That would
avoid process startup, filtering, and DNS costs.


What does it mean to “use the relevant management request directly”? I’m new to 
NTP and Linux and this phrase is not clear to me. If it makes any difference, 
my program is written on Python and running under Raspbian OS.



ntpq works by sending special "management" request UDP packets to the
queried server and then parsing the resulting "management" reply UDP
packets.  The default is to query the server on 127.0.0.1 (or ::1 for
IPv6).

Some (most?, all?) of these "management" packets are documented in the
NTPv4 protocol RFC.  Their relationships with ntpq command line options
can be found (if nowhere else) in the ntpq source code.

Converting that source code from C to Python is left as an educational
exercise for fans that BBC children's program ;-)

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] NTPQ -P shows both IP and DNS name (parsing problem)

[Dan Geist]

- On Jun 21, 2017, at 7:49 AM, roman mescheryakov 
roman.mescherya...@gmail.com wrote:

> вторник, 20 июня 2017 г., 19:38:53 UTC+3 пользователь David Woolley написал:
>> I think you are expected to use the relevant management request
>> directly, rather than parse output intended for humans.  That would
>> avoid process startup, filtering, and DNS costs.
> 
> What does it mean to “use the relevant management request directly”? I’m new 
> to
> NTP and Linux and this phrase is not clear to me. If it makes any difference,
> my program is written on Python and running under Raspbian OS.

I believe David is suggesting looking at the raw statistics for the ntpd 
application (usually found in /var/log/ntpstats and enabled in ntp.conf) if 
you're going to have a program doing something useful with it. The ntpq 
application is really meant more for "human" consumption and makes assumptions 
about things and have a high overhead that may not be right for you.

Here's a sample of my peerstats log:

root@catl1w66dgeist:/var/log/ntpstats# tail -f /var/log/ntpstats/peerstats
57925 45005.219 2001::15:1109::10 141a 0.05074 0.001475794 0.015326216 
0.000123019
57925 45065.271 2001::2:1109::11 133a -0.35581 0.053438858 0.019286290 
0.82599
57925 45203.271 184.XXX.140.10 1424 -0.08371 0.053683156 0.015259027 
0.000232662
57925 45273.271 2001::2:1109::10 1324 0.000186344 0.053677174 0.019365864 
0.000155594

You can get all the useful raw data and present/use it however you like. Here's 
a good reference to the available monitoring statistics:
http://doc.ntp.org/4.2.4/monopt.html

Dan

-- 
Dan Geist dan(@)polter.net
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] NTPQ -P shows both IP and DNS name (parsing problem)

[roman . mescheryakov]

вторник, 20 июня 2017 г., 19:38:53 UTC+3 пользователь David Woolley написал:
> I think you are expected to use the relevant management request 
> directly, rather than parse output intended for humans.  That would 
> avoid process startup, filtering, and DNS costs.

What does it mean to “use the relevant management request directly”? I’m new to 
NTP and Linux and this phrase is not clear to me. If it makes any difference, 
my program is written on Python and running under Raspbian OS.

___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] NTPQ -P shows both IP and DNS name (parsing problem)

[David Woolley]

On 20/06/17 14:55, roman.mescherya...@gmail.com wrote:

-193.11.114.43 (tor1.mdfnet.se)

See the line starting with “-193.11.114.43 (tor1.mdfnet.se)”

This strange peer breaks extracting fields by index. For the above example it 
extracts “(“ as “refid” value instead of “75.17.28.47” and “29.118” as “offset” 
value instead of “-0.185”.



I think you are expected to use the relevant management request 
directly, rather than parse output intended for humans.  That would 
avoid process startup, filtering, and DNS costs.




Is this behaviour a bug or a feature?

"
Whilst I haven't looked at the code, I wonder if tor is Totally Off the 
Record", in which case it is quite likely it doesn't reverse resolve 
correctly.  My guess is that it is displaying the information in this 
form because the reverse resolved name doesn't match the one used, and 
therefore indicates a possible security issue.


In this case, it looks like it reverse resolves to a non-existent domain 
name.




___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

[ntp:questions] NTPQ -P shows both IP and DNS name (parsing problem)

[roman . mescheryakov]

Hello everyone, 
The software developed by me uses ntpq -p to periodically (every 10 seconds) 
check ntpd time syncing status. ntpq output is parsed and fields “peer”, 
“refid” and “offset” are extracted by index. This works fine until some strange 
peer appears in the list for which both IP and DNS name are returned:
 
 remote   refid  st t when poll reach   delay   offset  
jitter

==
 0.debian.pool.n .POOL.  16 p-800.0000.000  
 0.002
 1.debian.pool.n .POOL.  16 p-800.0000.000  
 0.002
 2.debian.pool.n .POOL.  16 p-800.0000.000  
 0.002
 3.debian.pool.n .POOL.  16 p-800.0000.000  
 0.002
 LOCAL(0).LOCL.  10 l   328   100.0000.000  
 0.002
*193.11.114.43 ( 75.17.28.47  2 u887   29.118   -0.185  
 2.276
 5.20.0.20   193.219.61.110   2 u787   82.7140.315  
 0.717
-Time100.Stupi.S .PPS.1 u887   29.916   -2.316  
 2.894
+ntp2.ivlan.net  194.190.168.12 u8875.426   -0.772  
 2.666
+ntp1.ivlan.net  194.190.168.12 u8878.8400.888  
 1.217
 bagnikita.com   89.109.251.242 u1877.504   -1.115  
 1.227
 78.140.251.2194.190.168.12 u187   14.4410.937  
 1.559
 mx2.volgaship.c 131.188.3.2232 u   1083   13.515   -0.317  
 0.939
 
See the line starting with “*193.11.114.43 (“
 
If I run “ntpq -pw”, then the output is the following:
 
 remote   refid  st t when poll reach   delay   offset  jitter
==
 0.debian.pool.ntp.org
 .POOL.  16 p-800.0000.000   0.002
 1.debian.pool.ntp.org
 .POOL.  16 p-800.0000.000   0.002
 2.debian.pool.ntp.org
 .POOL.  16 p-800.0000.000   0.002
 3.debian.pool.ntp.org
 .POOL.  16 p-800.0000.000   0.002
 LOCAL(0).LOCL.  10 l   588  2000.0000.000   0.002
-193.11.114.43 (tor1.mdfnet.se)
 75.17.28.47  2 u48   77   32.7371.864   0.675
-5.20.0.20   193.219.61.110   2 u38   77   84.743   -0.631   0.543
*Time100.Stupi.SE
 .PPS.1 u48   77   30.9451.135   1.137
+ntp2.ivlan.net  194.190.168.12 u48   779.2371.225   0.860
+ntp1.ivlan.net  194.190.168.12 u48   779.0851.165   1.026
-bagnikita.com   89.109.251.242 u78   377.879   -0.385   0.591
+78.140.251.2194.190.168.12 u78   37   14.3240.418   1.500
-mx2.volgaship.com
 131.188.3.2232 u68   37   13.515   -0.317   1.479
 
See the line starting with “-193.11.114.43 (tor1.mdfnet.se)”
 
This strange peer breaks extracting fields by index. For the above example it 
extracts “(“ as “refid” value instead of “75.17.28.47” and “29.118” as “offset” 
value instead of “-0.185”.
 
ntpq version is 4.2.8p10@1.3728-o Mon May  8 10:30:41 UTC 2017 (1)
 
Is this behaviour a bug or a feature?

Kind regards, Roman Mescheryakov

___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions