Re: [ntp:questions] NTPQ -P shows both IP and DNS name (parsing problem)
On 21/06/2017 13:49, roman.mescherya...@gmail.com wrote: вторник, 20 июня 2017 г., 19:38:53 UTC+3 пользователь David Woolley написал: I think you are expected to use the relevant management request directly, rather than parse output intended for humans. That would avoid process startup, filtering, and DNS costs. What does it mean to “use the relevant management request directly”? I’m new to NTP and Linux and this phrase is not clear to me. If it makes any difference, my program is written on Python and running under Raspbian OS. ntpq works by sending special "management" request UDP packets to the queried server and then parsing the resulting "management" reply UDP packets. The default is to query the server on 127.0.0.1 (or ::1 for IPv6). Some (most?, all?) of these "management" packets are documented in the NTPv4 protocol RFC. Their relationships with ntpq command line options can be found (if nowhere else) in the ntpq source code. Converting that source code from C to Python is left as an educational exercise for fans that BBC children's program ;-) Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] NTPQ -P shows both IP and DNS name (parsing problem)
- On Jun 21, 2017, at 7:49 AM, roman mescheryakov roman.mescherya...@gmail.com wrote: > вторник, 20 июня 2017 г., 19:38:53 UTC+3 пользователь David Woolley написал: >> I think you are expected to use the relevant management request >> directly, rather than parse output intended for humans. That would >> avoid process startup, filtering, and DNS costs. > > What does it mean to “use the relevant management request directly”? I’m new > to > NTP and Linux and this phrase is not clear to me. If it makes any difference, > my program is written on Python and running under Raspbian OS. I believe David is suggesting looking at the raw statistics for the ntpd application (usually found in /var/log/ntpstats and enabled in ntp.conf) if you're going to have a program doing something useful with it. The ntpq application is really meant more for "human" consumption and makes assumptions about things and have a high overhead that may not be right for you. Here's a sample of my peerstats log: root@catl1w66dgeist:/var/log/ntpstats# tail -f /var/log/ntpstats/peerstats 57925 45005.219 2001::15:1109::10 141a 0.05074 0.001475794 0.015326216 0.000123019 57925 45065.271 2001::2:1109::11 133a -0.35581 0.053438858 0.019286290 0.82599 57925 45203.271 184.XXX.140.10 1424 -0.08371 0.053683156 0.015259027 0.000232662 57925 45273.271 2001::2:1109::10 1324 0.000186344 0.053677174 0.019365864 0.000155594 You can get all the useful raw data and present/use it however you like. Here's a good reference to the available monitoring statistics: http://doc.ntp.org/4.2.4/monopt.html Dan -- Dan Geist dan(@)polter.net ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] NTPQ -P shows both IP and DNS name (parsing problem)
вторник, 20 июня 2017 г., 19:38:53 UTC+3 пользователь David Woolley написал: > I think you are expected to use the relevant management request > directly, rather than parse output intended for humans. That would > avoid process startup, filtering, and DNS costs. What does it mean to “use the relevant management request directly”? I’m new to NTP and Linux and this phrase is not clear to me. If it makes any difference, my program is written on Python and running under Raspbian OS. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] NTPQ -P shows both IP and DNS name (parsing problem)
On 20/06/17 14:55, roman.mescherya...@gmail.com wrote: -193.11.114.43 (tor1.mdfnet.se) See the line starting with “-193.11.114.43 (tor1.mdfnet.se)” This strange peer breaks extracting fields by index. For the above example it extracts “(“ as “refid” value instead of “75.17.28.47” and “29.118” as “offset” value instead of “-0.185”. I think you are expected to use the relevant management request directly, rather than parse output intended for humans. That would avoid process startup, filtering, and DNS costs. Is this behaviour a bug or a feature? " Whilst I haven't looked at the code, I wonder if tor is Totally Off the Record", in which case it is quite likely it doesn't reverse resolve correctly. My guess is that it is displaying the information in this form because the reverse resolved name doesn't match the one used, and therefore indicates a possible security issue. In this case, it looks like it reverse resolves to a non-existent domain name. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
[ntp:questions] NTPQ -P shows both IP and DNS name (parsing problem)
Hello everyone, The software developed by me uses ntpq -p to periodically (every 10 seconds) check ntpd time syncing status. ntpq output is parsed and fields “peer”, “refid” and “offset” are extracted by index. This works fine until some strange peer appears in the list for which both IP and DNS name are returned: remote refid st t when poll reach delay offset jitter == 0.debian.pool.n .POOL. 16 p-800.0000.000 0.002 1.debian.pool.n .POOL. 16 p-800.0000.000 0.002 2.debian.pool.n .POOL. 16 p-800.0000.000 0.002 3.debian.pool.n .POOL. 16 p-800.0000.000 0.002 LOCAL(0).LOCL. 10 l 328 100.0000.000 0.002 *193.11.114.43 ( 75.17.28.47 2 u887 29.118 -0.185 2.276 5.20.0.20 193.219.61.110 2 u787 82.7140.315 0.717 -Time100.Stupi.S .PPS.1 u887 29.916 -2.316 2.894 +ntp2.ivlan.net 194.190.168.12 u8875.426 -0.772 2.666 +ntp1.ivlan.net 194.190.168.12 u8878.8400.888 1.217 bagnikita.com 89.109.251.242 u1877.504 -1.115 1.227 78.140.251.2194.190.168.12 u187 14.4410.937 1.559 mx2.volgaship.c 131.188.3.2232 u 1083 13.515 -0.317 0.939 See the line starting with “*193.11.114.43 (“ If I run “ntpq -pw”, then the output is the following: remote refid st t when poll reach delay offset jitter == 0.debian.pool.ntp.org .POOL. 16 p-800.0000.000 0.002 1.debian.pool.ntp.org .POOL. 16 p-800.0000.000 0.002 2.debian.pool.ntp.org .POOL. 16 p-800.0000.000 0.002 3.debian.pool.ntp.org .POOL. 16 p-800.0000.000 0.002 LOCAL(0).LOCL. 10 l 588 2000.0000.000 0.002 -193.11.114.43 (tor1.mdfnet.se) 75.17.28.47 2 u48 77 32.7371.864 0.675 -5.20.0.20 193.219.61.110 2 u38 77 84.743 -0.631 0.543 *Time100.Stupi.SE .PPS.1 u48 77 30.9451.135 1.137 +ntp2.ivlan.net 194.190.168.12 u48 779.2371.225 0.860 +ntp1.ivlan.net 194.190.168.12 u48 779.0851.165 1.026 -bagnikita.com 89.109.251.242 u78 377.879 -0.385 0.591 +78.140.251.2194.190.168.12 u78 37 14.3240.418 1.500 -mx2.volgaship.com 131.188.3.2232 u68 37 13.515 -0.317 1.479 See the line starting with “-193.11.114.43 (tor1.mdfnet.se)” This strange peer breaks extracting fields by index. For the above example it extracts “(“ as “refid” value instead of “75.17.28.47” and “29.118” as “offset” value instead of “-0.185”. ntpq version is 4.2.8p10@1.3728-o Mon May 8 10:30:41 UTC 2017 (1) Is this behaviour a bug or a feature? Kind regards, Roman Mescheryakov ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions