r config.
You would need to have the "noepeer" option in the restrictions to
prevent that, but this option is not supported in the ntp package you
are using.
--
Miroslav Lichvar
--
This is questions@lists.ntp.org
Subscribe: questions+subscr...@lists.ntp.org
Unsubscribe: questions+unsubscr...@lists.ntp.org
p on the ARM device.
Another possibility is to start ntpd normally and wait for it to set the
clock. There is the ntp-wait script for that. On systemd-based
distributions there is a time-sync target which delay start of services
that need accurate clock.
--
Miro
d add 2**32 seconds to any timestamp smaller than that.
That should work as long as you update/rebuild the application at least
once per ~136 years.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
igured to make a consistent slew on the leap second. So, the
easiest way to fix this is to make a slew on the server and hide the
leap second from the clients. When you internally do this everywhere and
you want to provide a public NTP service, i
On Mon, Oct 19, 2020 at 12:43:47PM +0200, Vitezslav Samel wrote:
> On Mon, Oct 19, 2020 at 09:49:36AM +0200, Miroslav Lichvar wrote:
> > Not an FPGA, but the Intel I210 costs about $50 and it has a nice
> > hardware clock with PPS input/output, which is well supported in
> >
y asymmetries on the PCIe bus between the
PPS-timestamping hardware, CPU, and the NIC, which allows you to make
an NTP server accurate to few tens of nanoseconds.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
ast time I tried. I prefer OpenWrt on these
small computers.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
PPS.
The interrupt latency of the PPS timestamping is probably much larger
than any errors related to GPS, so I'd say it doesn't matter.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
robably need to patch ntpd to report the values in a better
precision.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
nce?
clk_jitter seems to be the jitter of the system clock as it is being
updated with offsets, and sys_jitter seems to be the jitter of the
selected peer, or the combined peers after clustering.
https://www.eecis.udel.edu/~mills/ntp/html/cluster.html
ffset, so their difference is the offset as it
was before.
But this completely ignores the process that is controlling the clock,
so I'm not sure what value this exercise has.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
On 2020-06-08, a...@avtodoria.ru wrote:
> понедельник, 8 июня 2020 г., 10:52:36 UTC+3 пользователь Miroslav
> Lichvar написал:
>> If you need something to report a large offset to ntpd via SHM, you
>> could try this program for testing leap seconds:
>>
>> https
eport any offset
you want.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
On 2019-08-17, Michael Haardt wrote:
> Miroslav Lichvar writes:
>> I think you do. To prevent the source from being rejected as a
>> falseticker it needs to have a larger root distance. That could be from
>> a larger dispersion or delay. You modified the refclock jitter, wh
cify a minimum delay. But adjusting it in
the refclock specific code, as you did, makes perfect sense to me.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
l. If
the error is moving only very slowly, the sawtooth pattern would be
visible in the offset reported by ntpd.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
than a typical error of NTP
in a local network, so maybe that's why people don't like refclocks over
USB.
However, with a custom driver and firmware it's possible to reduce the
offset and jitter to few microseconds. See this great post from Dan
Drown:
https://
nt all
variables of the peer with ntpq -c "rv $ASSID" and look for "jitter"
and "filtdisp".
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
's a larger jitter or the clock is less stable.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
clock hopping and possibly overload
the DNS servers.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
3771.465 -0.125 0.110
> +10.99.99.20010.99.99.100 2 u 55 256 3772.238 -0.015 0.107
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
he newsgroup may want to
check the archives of the list to see if anyone responded there.)
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
..
Those (and yours) didn't make it back to the newsgroup where the
question was posted. The gateway seems to work only in the direction
to the mailing list.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
his is that.
Latest ntp-4.2.8 versions should truncate digests longer than 160 bits
(192-bit MAC). What version were you testing? I'm not sure in which one
exactly this was introduced.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
ke this:
iptables -t raw -I PREROUTING -p udp -m udp --dport 123 -j CT --notrack
iptables -t raw -I OUTPUT -p udp -m udp --sport 123 -j CT --notrack
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
On Tue, Mar 12, 2019 at 01:24:52PM -0400, Danny Mayer wrote:
> On 3/12/19 4:22 AM, Miroslav Lichvar wrote:
> > On 2019-03-11, Nelson Bolyard wrote:
> >> NTPv3 supported MD5 and SHA1 Message Authentication Code (MACs) of
> >> length 16 and 20 bytes respectively.
ACs.
>
> Are longer MACs sent in their entirety?
> Are they truncated to 20 bytes? or to 16 bytes?
The digests are truncated to 20 bytes in order to follow RFC 7822.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
23 and udp[8] & 7 == 5'
Yes, assuming nothing is using multicast messaging or switches are
snooping and your machine didn't join the group.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
ts (not
just those sent to a broadcast address) that have the mode field equal
to 5 (broadcast).
tcpdump -n -i eth0 'port 123 and udp[8] & 7 == 5'
If it doesn't print anything, nothing in the network is using the NTP
broadc
r getting requests from privileged
ports different than 123 is NAT. If there are two NTP clients behind
NAT using port 123, one of them will have to get a different port.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
is with values in the 32768-65536 range, which could
be used by a server that lost synchronization long time ago and old
clients following RFC 1305/4330 would misinterpret it as a negative
value.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
~65536 seconds. Large values may be used by servers
that have lost their time source.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
he only thing that has changed in the last few years is how
ntpd handles the error when the PPS discipline cannot be enabled. It
used to be ignored.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
let us know whether the NTP support
> > SHA2 with FIPS enable and disable?
> >
> > If not then please let us know when NTP support for SHA2 in future release?
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
requency offset that was set by ntpd.
If that doesn't help, please enable the loopstats log and post it here
after xntpd has been running for at least a day. I doubt this is an
issue with the server.
--
Miroslav Lichvar
___
questions mailing
lder AIX and
> Solaris hosts running NTP version 3 (xntpd) are experiencing
> excessively large offsets when compared to using NTP version 4.
Can you show some examples?
If you use ntpd on the server, the xntpd clients work ok?
--
Miroslav Lichvar
___
n the
packets. I'm not sure if it's possible to get them from ntpq separately
from the real variables.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
ously so one
> will either be ignored or will be serviced after a delay.
I think some GPS units can be configured to shift the PPS edge by a
specified offset to avoid two PPS signals triggering an interrupt at
the same time.
--
Miroslav Lichvar
___
it's a
problem on the gpsd or ntpd side. However, I'm not sure if this is
supposed to work with GPS over network.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
e
ntpshmmon command. If you don't see any samples, try running gpsd from
command line with -D 9.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
n't work and chrony was compiled with PPS support, you
could use gpsd just for the message-based samples provided in SHM 0
and use the PPS device directly. For example:
refclock PPS /dev/pps0 poll 2 lock NMEA refid GPS
refclock SHM 0 offset 0.5 delay 0.2 refid NMEA noselect
--
Miroslav
he initial offset is larger than 1000 seconds).
With older ntp versions it's recommended to run ntpdate -b before
starting ntpd in order to speed up the initial synchronization.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
that on old Linux kernel only the LOCL server is shown and on the
> newer Linux kernel both the LOCL and POOL are shown? Does it mean that the
> two VMs are synced differently?
Do they use the same ntp version? I think only ntpq from newer (4.2.8)
versions can display the POOL line.
--
ror of the clock. You
might want to set FrequencyError to 0 or "undefined".
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
fault kod notrap nomodify nopeer
>
> restrict 127.0.0.1
> restrict ::1
>
> disable auth
> broadcastclient
> So I wonder: what am I doing wrong? what could be the cause?
I think you need to remove the nopeer restriction on the client, or
enable authentication (server and c
requirement. I thought you were using those stratum-1
servers you have and the requirement for accuracy was 10 or 100
microseconds, not milliseconds.
Anything should do better than 50 milliseconds as long as it's on
local network.
--
Miroslav Lichvar
___
h NICs that support it. In my experience that usually
reduces the jitter down to a sub-microsecond level. Unless the network
is heavily loaded for longer periods of time, it should not be
necessary to use PTP and expensive switches.
--
Miroslav Lichvar
_
problems is the
(in)stability of an ordinary computer oscillator causing. Are the
servers supposed to be able to hold over long periods of time in case
the stratum-1 servers fail?
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
undreds of nanoseconds, but the
choice of NTP servers with such accuracy is very limited. For people
who don't want to spend money on new switches with PTP support, it may
be better to buy a PTP grandmaster and connect it directly to a
machine with two NICs, which wo
legant way of making the local ntpd change its reported
> stratum?
>
> Do I have to customize the local oscillator driver to input the health status?
I think a good approach would be to modify your driver to work as a
SHM reference clock and let ntpd synchronize the system clock.
--
Mir
rs include all received and transmitted NTP
packets, not just clients' requests and responses. That is, it will
include also ntpd's own requests and responses from its servers, and
also ntpdc/ntpq requests and responses, even from localhost.
--
Miroslav Lichvar
_
requests and don't care about
individual clients, you could periodically call ntpdc -c iostats and
calculate the rate from the total number of received packets using awk
for instance:
while true; do ntpdc -c iostats; sleep 1; done | \
awk '/received packets/{ print $3 - last
On Fri, Mar 10, 2017 at 02:34:51AM -0500, Majdi S. Abbas wrote:
> On Thu, Mar 09, 2017 at 05:24:35PM +0100, Miroslav Lichvar wrote:
> > Couldn't the malicious client create a larger number of ephemeral
> > associations, using multiple IP addresses, in order to outv
ery clear to me what was the
reason for that. Do you think it would make sense to modify its
behavior to apply to both authenticated and unauthenticated packets?
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
; code or RFCs.
Another reason for the "unsynchronized" leap bits might be a recent step
of the system clock. If the clock is unstable, ntpd may need to step the
clock often (after reaching the threshold of 128ms). I think I've
seen some servers in the pool that behaved like that.
hough it rarely does).
So I have a VPS that is synchronised to it and its time is served
indirectly.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
but it's
not a requirement. There are quite a few openntpd and chrony servers in
the pool, including a couple of my own.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
oseconds on Windows when using an attached
> GPS/PPS device.
Speaking of Windows, does anyone know how well (if at all) work the
NTP implementations in the Windows Subsystem for Linux (WSL) that's now
available in Windows 10?
--
Miroslav Lichvar
__
maxclock 5 - for sync, majority clique requires
> truechimers *>* falsetickers - truechimers == falsetickers is
> *unsynced* - 5 allows 2 servers "off" in some way at the same time
> (e.g. during weekend maintenance windows when servers oft
On Fri, Dec 30, 2016 at 03:32:51PM -0800, Ask Bjørn Hansen wrote:
> On Tuesday, September 6, 2016 at 1:41:10 AM UTC-7, Miroslav Lichvar wrote:
> > On 2016-09-05, a...@ntppool.org wrote:
> > > restrict default kod nomodify notrap nopeer noquery
> > > restrict -6 default
using ntp.
If you need to sync one machine to another, you should use the LOCAL
driver (127.127.1.0) and not the orphan mode. Orphan mode is for cases
where a server should be automatically selected from a group of
unsynchronised servers. In your case only machine can be a server (the
cy pushed
to the limit indicates something is very wrong and it's not just local
clock being too fast or slow.
To me it looks like either the kernel is broken or the reference time
is actually based on the local system time. Or maybe something else is
messing with the clock, overwriting the ntpd
NTP packet. See 7.3 in RFC 5905.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
ccurate.
Broadcast clients would need to create ephemeral symmetric
associations with the server in order to measure the delay accurately.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
ver, and it was supported in switches/routers similarly to PTP,
sub-microsecond accuracy would be possible.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
on in which the offset changed suggests it's the processing
of the server packet that has the extra delay.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
s to the server. See the
archive of the ntp-hackers list for more information.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
e client overshoot a lot and the other
didn't.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
he source code something different from what is described
in the document?
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
rity of the
> survivors show warning, a leap is programmed at the end of the current
> month". What does that "programmed" stand for...?
I think it means setting of the leap status that's reported in NTP
packets and if the kernel discipline is enabled it also sets the
kernel
ght want to start at 23:30 to be sure both server and
client had enough time to synchronize.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
y calling ntp_adjtime()/adjtimex()
with STA_INS in the status field. You could run ntpd in strace to
verify that.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
t; in the logs when I search with `dmesg | grep leap` or `sudo grep leap
> /var/log/syslog`.
Does status printed by ntptime include INS before midnight? Any chance
ntpd is started with the -x option or there is "tinker step" command
in ntp.conf?
--
Miroslav Lichvar
__
w
figure out its phase and frequency error to the real time, and correct
them behind ntpd's back (possibly with the date and ntptime -f
commands).
With chrony you just run "chronyc -a settime xx:xx:xx" once in a while
on the server and it will do the rest for you.
--
Miros
terested in some research on software temperature
compensation itself, how good the measurements need to be for a given
time reference to be useful etc.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
he
source statistics and update the clock.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
seems to have this
configurable (e.g. ublox NEO-6T).
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
get a PPS
with higher rate if possible to minimize the swings due to temperature
changes.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
orm of the tempcomp
configuration. For example, you could divide temperature in 0.1C
intervals and use mean frequency offset as the correction. Not sure
if it needs to be negated or not, I always forget.
I agree it would be nice to have a scrip
the target is O(10) nanoseconds?
I don't think 10 nanoseconds is possible with 1us jitter and normal
unstabilized clock. When using a PTP clock on PCIe as a reference it
can get quite close though, see this graph from stats collected over
a few hours:
https://mlichvar.fedorapeople.org/chrony/refc
On Mon, Feb 16, 2015 at 07:19:39PM +, Rob wrote:
> The PPS refclock has changed is refid from PPP0 to PPP1 with this version.
That is a bug, the refid numbering wasn't supposted to change in the
new version. Fixed in git. Thanks.
--
Miroslav
ultiply by
> 1.056.
In what resolution can be the frequency controlled? I'm not sure if I
remember correctly, I thought it was rather bad and would require
dithering. Looking at nt_clockstuff.c in the ntp distribution, it
certainly doesn't look easy.
--
Miroslav Lichvar
___
On Mon, Feb 16, 2015 at 03:51:07PM +, David Lord wrote:
> Miroslav Lichvar wrote:
> >As a workaround you can add "acquisitionport 123" to chrony.conf to
> >use just one socket for all (client, peer, server) communication,
> >which will effectively disable
On Mon, Feb 16, 2015 at 03:30:52PM +, Rob wrote:
> Miroslav Lichvar wrote:
> > On Mon, Feb 16, 2015 at 02:00:30PM +, Rob wrote:
> >> Is chronyc of 1.31 compatible with chronyd 2.0?
> >
> > Yes, old configuration should still work. But you can use
> > &
On Mon, Feb 16, 2015 at 02:00:30PM +, Rob wrote:
> Is chronyc of 1.31 compatible with chronyd 2.0?
Yes, old configuration should still work. But you can use
"acquisitionport 123" as a workaround if you prefer stable version.
--
Mir
=
*192.168.100.2 176.9.1.148 4 u68 3770.1430.044 0.055
If you compile chrony with --enable-debug, do you see similar Received
and Sent message pairs in the chronyd -d -d output?
--
Miroslav Lichvar
___
questions mailing
On Mon, Feb 16, 2015 at 11:29:31AM +0100, Miroslav Lichvar wrote:
> On Mon, Feb 16, 2015 at 09:59:27AM +, Rob wrote:
> > I have strace'd the daemon and I see that it does receive the datagram
> > from the socket, but it does not send a reply.
>
> Hm, interesting.
's compiled with
--enable-debug) and see if there are any debug messages indicating why
it's dropping the client request. If there aren't any, you could try
it with chrony-2.0-pre1 and see if it's different.
--
Miroslav Lichvar
___
q
tratum 10
> makestep10 3
> refclockPPS /dev/pps0
> server 192.168.42.1 iburst
> server 192.168.42.60iburst
> server 192.168.42.61iburst
> allow 0/0
> cmdallow 192.168.42.0/24
--
Miroslav Lichvar
__
vior than without this
feature.
On systems that use the standard adjtime() slew rate of 500 ppm the
maximum reliable correction is 150 ms, on systems with faster slew
it's proprotionally larger.
[1] https://bugs.ntp.org/show_bug.cgi?id=2021
--
Miroslav Lichvar
_
cation is implemented in NTP. Does anyone know
how far it is? Is anyone working on it?
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
bug.cgi?id=2745
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
On Mon, Jan 26, 2015 at 06:45:58PM +0100, Terje Mathisen wrote:
> Miroslav Lichvar wrote:
> >Here is a test showing error between two clients of a server
> >smearing.a large offset. With the cosine function you can see a large
> >spike when smearing
the clients could be minimized.
Here is a test showing error between two clients of a server
smearing.a large offset. With the cosine function you can see a large
spike when smearing started.
https://mlichvar.fedorapeople.org/tmp/smear_cos.png
https://mlichvar.fedorapeople.org/tmp/smear_sinx.
Do you think
the servers are ready to handle twice as many clients?
[1] http://www.pool.ntp.org/en/use.html
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
pdated to include "tos maxclock 5" to not increase the NTP traffic as
users and OS vendors will be switching to the pool directive? Or
change the default value of maxclock?
[1] http://support.ntp.org/bin/view/Support/ConfiguringNTP#Section_6.10.
--
Miroslav Lichvar
___
he pool than someone on the network path to the internet
running a tool like this:
https://github.com/PentesterES/Delorean/
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
I'm
wondering what would be needed to make it applicable.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
he latest version
- 3.11 is working well for me, 3.10 was not.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
t;true
PPS sync". The PPS and NMEA timestamps are paired in gpsd, so it's not
necessary to add the NMEA source to ntpd. To avoid problems with the
falseticker, you can remove the source from ntpd configuration or use
the noselect option to never use it and only monitor it.
--
Miroslav Li
1 - 100 of 280 matches
Mail list logo
