r config.
You would need to have the "noepeer" option in the restrictions to
prevent that, but this option is not supported in the ntp package you
are using.
--
Miroslav Lichvar
--
This is questions@lists.ntp.org
Subscribe: questions+subscr...@lists.ntp.org
Unsubscribe: questions+unsubscr...@lists.ntp.org
p on the ARM device.
Another possibility is to start ntpd normally and wait for it to set the
clock. There is the ntp-wait script for that. On systemd-based
distributions there is a time-sync target which delay start of services
that need accurate clock.
--
Miro
to any timestamp smaller than that.
That should work as long as you update/rebuild the application at least
once per ~136 years.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
make a consistent slew on the leap second. So, the
easiest way to fix this is to make a slew on the server and hide the
leap second from the clients. When you internally do this everywhere and
you want to provide a public NTP service, it's easier
On Mon, Oct 19, 2020 at 12:43:47PM +0200, Vitezslav Samel wrote:
> On Mon, Oct 19, 2020 at 09:49:36AM +0200, Miroslav Lichvar wrote:
> > Not an FPGA, but the Intel I210 costs about $50 and it has a nice
> > hardware clock with PPS input/output, which is well supported in
> >
n the PCIe bus between the
PPS-timestamping hardware, CPU, and the NIC, which allows you to make
an NTP server accurate to few tens of nanoseconds.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
tried. I prefer OpenWrt on these
small computers.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
The interrupt latency of the PPS timestamping is probably much larger
than any errors related to GPS, so I'd say it doesn't matter.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
robably need to patch ntpd to report the values in a better
precision.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
jitter seems to be the jitter of the system clock as it is being
updated with offsets, and sys_jitter seems to be the jitter of the
selected peer, or the combined peers after clustering.
https://www.eecis.udel.edu/~mills/ntp/html/cluster.html
--
Miro
o their difference is the offset as it
was before.
But this completely ignores the process that is controlling the clock,
so I'm not sure what value this exercise has.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
On 2020-06-08, a...@avtodoria.ru wrote:
> понедельник, 8 июня 2020 г., 10:52:36 UTC+3 пользователь Miroslav
> Lichvar написал:
>> If you need something to report a large offset to ntpd via SHM, you
>> could try this program for testing leap seconds:
>>
>> https
offset
you want.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
On 2019-08-17, Michael Haardt wrote:
> Miroslav Lichvar writes:
>> I think you do. To prevent the source from being rejected as a
>> falseticker it needs to have a larger root distance. That could be from
>> a larger dispersion or delay. You modified the refclock jit
a minimum delay. But adjusting it in
the refclock specific code, as you did, makes perfect sense to me.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
l. If
the error is moving only very slowly, the sawtooth pattern would be
visible in the offset reported by ntpd.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
a typical error of NTP
in a local network, so maybe that's why people don't like refclocks over
USB.
However, with a custom driver and firmware it's possible to reduce the
offset and jitter to few microseconds. See this great post from Dan
Drown:
https://blog.dan.drown.org/p
nt all
variables of the peer with ntpq -c "rv $ASSID" and look for "jitter"
and "filtdisp".
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
's a larger jitter or the clock is less stable.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
ly overload
the DNS servers.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
.465 -0.125 0.110
> +10.99.99.20010.99.99.100 2 u 55 256 3772.238 -0.015 0.107
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
..
Those (and yours) didn't make it back to the newsgroup where the
question was posted. The gateway seems to work only in the direction
to the mailing list.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
ntp-4.2.8 versions should truncate digests longer than 160 bits
(192-bit MAC). What version were you testing? I'm not sure in which one
exactly this was introduced.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
ke this:
iptables -t raw -I PREROUTING -p udp -m udp --dport 123 -j CT --notrack
iptables -t raw -I OUTPUT -p udp -m udp --sport 123 -j CT --notrack
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
On Tue, Mar 12, 2019 at 01:24:52PM -0400, Danny Mayer wrote:
> On 3/12/19 4:22 AM, Miroslav Lichvar wrote:
> > On 2019-03-11, Nelson Bolyard wrote:
> >> NTPv3 supported MD5 and SHA1 Message Authentication Code (MACs) of
> >> length 16 and 20 bytes respectively.
SHA256 MACs.
>
> Are longer MACs sent in their entirety?
> Are they truncated to 20 bytes? or to 16 bytes?
The digests are truncated to 20 bytes in order to follow RFC 7822.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
7 == 5'
Yes, assuming nothing is using multicast messaging or switches are
snooping and your machine didn't join the group.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
ts (not
just those sent to a broadcast address) that have the mode field equal
to 5 (broadcast).
tcpdump -n -i eth0 'port 123 and udp[8] & 7 == 5'
If it doesn't print anything, nothing in the network is using the NTP
broadcast mode.
--
ting requests from privileged
ports different than 123 is NAT. If there are two NTP clients behind
NAT using port 123, one of them will have to get a different port.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
68-65536 range, which could
be used by a server that lost synchronization long time ago and old
clients following RFC 1305/4330 would misinterpret it as a negative
value.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
s
that have lost their time source.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
hat has changed in the last few years is how
ntpd handles the error when the PPS discipline cannot be enabled. It
used to be ignored.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
ether the NTP support
> > SHA2 with FIPS enable and disable?
> >
> > If not then please let us know when NTP support for SHA2 in future release?
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
ncy offset that was set by ntpd.
If that doesn't help, please enable the loopstats log and post it here
after xntpd has been running for at least a day. I doubt this is an
issue with the server.
--
Miroslav Lichvar
___
questions mailing list
ques
y. Older AIX and
> Solaris hosts running NTP version 3 (xntpd) are experiencing
> excessively large offsets when compared to using NTP version 4.
Can you show some examples?
If you use ntpd on the server, the xntpd clients work ok?
--
Miroslav Lichvar
___
ot sure if it's possible to get them from ntpq separately
from the real variables.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
ly so one
> will either be ignored or will be serviced after a delay.
I think some GPS units can be configured to shift the PPS edge by a
specified offset to avoid two PPS signals triggering an interrupt at
the same time.
--
Miroslav Lichvar
___
questions
blem on the gpsd or ntpd side. However, I'm not sure if this is
supposed to work with GPS over network.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
he
ntpshmmon command. If you don't see any samples, try running gpsd from
command line with -D 9.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
rony was compiled with PPS support, you
could use gpsd just for the message-based samples provided in SHM 0
and use the PPS device directly. For example:
refclock PPS /dev/pps0 poll 2 lock NMEA refid GPS
refclock SHM 0 offset 0.5 delay 0.2 refid NMEA noselect
--
Miroslav Lichvar
a difference (unless the initial offset is larger than 1000 seconds).
With older ntp versions it's recommended to run ntpdate -b before
starting ntpd in order to speed up the initial synchronization.
--
Miroslav Lichvar
___
questions mailing list
that on old Linux kernel only the LOCL server is shown and on the
> newer Linux kernel both the LOCL and POOL are shown? Does it mean that the
> two VMs are synced differently?
Do they use the same ntp version? I think only ntpq from newer (4.2.8)
versions can display the POOL line.
--
f the clock. You
might want to set FrequencyError to 0 or "undefined".
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
kod notrap nomodify nopeer
>
> restrict 127.0.0.1
> restrict ::1
>
> disable auth
> broadcastclient
> So I wonder: what am I doing wrong? what could be the cause?
I think you need to remove the nopeer restriction on the client, or
enable authentication (server and client
irement. I thought you were using those stratum-1
servers you have and the requirement for accuracy was 10 or 100
microseconds, not milliseconds.
Anything should do better than 50 milliseconds as long as it's on
local network.
--
Miroslav Lichvar
___
quest
s that support it. In my experience that usually
reduces the jitter down to a sub-microsecond level. Unless the network
is heavily loaded for longer periods of time, it should not be
necessary to use PTP and expensive switches.
--
Miroslav Lichvar
__
e
(in)stability of an ordinary computer oscillator causing. Are the
servers supposed to be able to hold over long periods of time in case
the stratum-1 servers fail?
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
ut the
choice of NTP servers with such accuracy is very limited. For people
who don't want to spend money on new switches with PTP support, it may
be better to buy a PTP grandmaster and connect it directly to a
machine with two NICs, which would be a PTP slave and an NTP
cal ntpd change its reported
> stratum?
>
> Do I have to customize the local oscillator driver to input the health status?
I think a good approach would be to modify your driver to work as a
SHM reference clock and let ntpd synchronize the system clock.
--
Miroslav Lichvar
rs include all received and transmitted NTP
packets, not just clients' requests and responses. That is, it will
include also ntpd's own requests and responses from its servers, and
also ntpdc/ntpq requests and responses, even from localhost.
--
Miroslav Lichvar
___
on't care about
individual clients, you could periodically call ntpdc -c iostats and
calculate the rate from the total number of received packets using awk
for instance:
while true; do ntpdc -c iostats; sleep 1; done | \
awk '/received packets/{ print $3 - last; last=$3}'
--
Mirosla
On Fri, Mar 10, 2017 at 02:34:51AM -0500, Majdi S. Abbas wrote:
> On Thu, Mar 09, 2017 at 05:24:35PM +0100, Miroslav Lichvar wrote:
> > Couldn't the malicious client create a larger number of ephemeral
> > associations, using multiple IP addresses, in order to outvote g
the
reason for that. Do you think it would make sense to modify its
behavior to apply to both authenticated and unauthenticated packets?
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
hecked this against
> code or RFCs.
Another reason for the "unsynchronized" leap bits might be a recent step
of the system clock. If the clock is unstable, ntpd may need to step the
clock often (after reaching the threshold of 128ms).
although it rarely does).
So I have a VPS that is synchronised to it and its time is served
indirectly.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
, you can do that. The pool project page recommends ntpd, but it's
not a requirement. There are quite a few openntpd and chrony servers in
the pool, including a couple of my own.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
and GPS antenna
> location), and within 200 microseconds on Windows when using an attached
> GPS/PPS device.
Speaking of Windows, does anyone know how well (if at all) work the
NTP implementations in the Windows Subsystem for Linux (WSL) that's now
available in
maxclock 5 - for sync, majority clique requires
> truechimers *>* falsetickers - truechimers == falsetickers is
> *unsynced* - 5 allows 2 servers "off" in some way at the same time
> (e.g. during weekend maintenance windows when servers oft
On Fri, Dec 30, 2016 at 03:32:51PM -0800, Ask Bjørn Hansen wrote:
> On Tuesday, September 6, 2016 at 1:41:10 AM UTC-7, Miroslav Lichvar wrote:
> > On 2016-09-05, a...@ntppool.org <a...@ntppool.org> wrote:
> > > restrict default kod nomodify notrap nopeer noquery
>
you need to sync one machine to another, you should use the LOCAL
driver (127.127.1.0) and not the orphan mode. Orphan mode is for cases
where a server should be automatically selected from a group of
unsynchronised servers. In your case only machine can be a server (the
one with RTC).
it indicates something is very wrong and it's not just local
clock being too fast or slow.
To me it looks like either the kernel is broken or the reference time
is actually based on the local system time. Or maybe something else is
messing with the clock, overwriting the ntpd's adjustments.
--
Miro
packet. See 7.3 in RFC 5905.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
te.
Broadcast clients would need to create ephemeral symmetric
associations with the server in order to measure the delay accurately.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
t was supported in switches/routers similarly to PTP,
sub-microsecond accuracy would be possible.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
which the offset changed suggests it's the processing
of the server packet that has the extra delay.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
the server. See the
archive of the ntp-hackers list for more information.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
does that programmed stand for...?
I think it means setting of the leap status that's reported in NTP
packets and if the kernel discipline is enabled it also sets the
kernel leap status bits.
--
Miroslav Lichvar
___
questions mailing list
questions
is described
in the document?
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
to be sure both server and
client had enough time to synchronize.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
ntp_adjtime()/adjtimex()
with STA_INS in the status field. You could run ntpd in strace to
verify that.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
` or `sudo grep leap
/var/log/syslog`.
Does status printed by ntptime include INS before midnight? Any chance
ntpd is started with the -x option or there is tinker step command
in ntp.conf?
--
Miroslav Lichvar
___
questions mailing list
questions
(possibly with the date and ntptime -f
commands).
With chrony you just run chronyc -a settime xx:xx:xx once in a while
on the server and it will do the rest for you.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http
.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
in some research on software temperature
compensation itself, how good the measurements need to be for a given
time reference to be useful etc.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
unstabilized clock. When using a PTP clock on PCIe as a reference it
can get quite close though, see this graph from stats collected over
a few hours:
https://mlichvar.fedorapeople.org/chrony/refclock_phc0.png
--
Miroslav Lichvar
___
questions mailing list
temperature in 0.1C
intervals and use mean frequency offset as the correction. Not sure
if it needs to be negated or not, I always forget.
I agree it would be nice to have a script that would automate this
process.
--
Miroslav Lichvar
___
questions mailing
this
configurable (e.g. ublox NEO-6T).
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
to minimize the swings due to temperature
changes.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
On Mon, Feb 16, 2015 at 07:19:39PM +, Rob wrote:
The PPS refclock has changed is refid from PPP0 to PPP1 with this version.
That is a bug, the refid numbering wasn't supposted to change in the
new version. Fixed in git. Thanks.
--
Miroslav Lichvar
On Mon, Feb 16, 2015 at 03:30:52PM +, Rob wrote:
Miroslav Lichvar mlich...@redhat.com wrote:
On Mon, Feb 16, 2015 at 02:00:30PM +, Rob wrote:
Is chronyc of 1.31 compatible with chronyd 2.0?
Yes, old configuration should still work. But you can use
acquisitionport 123
if I
remember correctly, I thought it was rather bad and would require
dithering. Looking at nt_clockstuff.c in the ntp distribution, it
certainly doesn't look easy.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http
On Mon, Feb 16, 2015 at 03:51:07PM +, David Lord wrote:
Miroslav Lichvar wrote:
As a workaround you can add acquisitionport 123 to chrony.conf to
use just one socket for all (client, peer, server) communication,
which will effectively disable the check in which the server's request
0.044 0.055
If you compile chrony with --enable-debug, do you see similar Received
and Sent message pairs in the chronyd -d -d output?
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
On Mon, Feb 16, 2015 at 02:00:30PM +, Rob wrote:
Is chronyc of 1.31 compatible with chronyd 2.0?
Yes, old configuration should still work. But you can use
acquisitionport 123 as a workaround if you prefer stable version.
--
Miroslav Lichvar
with
--enable-debug) and see if there are any debug messages indicating why
it's dropping the client request. If there aren't any, you could try
it with chrony-2.0-pre1 and see if it's different.
--
Miroslav Lichvar
___
questions mailing list
questions
On Mon, Feb 16, 2015 at 11:29:31AM +0100, Miroslav Lichvar wrote:
On Mon, Feb 16, 2015 at 09:59:27AM +, Rob wrote:
I have strace'd the daemon and I see that it does receive the datagram
from the socket, but it does not send a reply.
Hm, interesting. Can you post what follows
refclockPPS /dev/pps0
server 192.168.42.1 iburst
server 192.168.42.60iburst
server 192.168.42.61iburst
allow 0/0
cmdallow192.168.42.0/24
--
Miroslav Lichvar
___
questions mailing list
the standard adjtime() slew rate of 500 ppm the
maximum reliable correction is 150 ms, on systems with faster slew
it's proprotionally larger.
[1] https://bugs.ntp.org/show_bug.cgi?id=2021
--
Miroslav Lichvar
___
questions mailing list
questions
on it?
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
On Mon, Jan 26, 2015 at 06:45:58PM +0100, Terje Mathisen wrote:
Miroslav Lichvar wrote:
Here is a test showing error between two clients of a server
smearing.a large offset. With the cosine function you can see a large
spike when smearing started.
https://mlichvar.fedorapeople.org/tmp
be minimized.
Here is a test showing error between two clients of a server
smearing.a large offset. With the cosine function you can see a large
spike when smearing started.
https://mlichvar.fedorapeople.org/tmp/smear_cos.png
https://mlichvar.fedorapeople.org/tmp/smear_sinx.png
--
Miroslav Lichvar
://www.pool.ntp.org/en/use.html
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
it applicable.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
on the network path to the internet
running a tool like this:
https://github.com/PentesterES/Delorean/
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
to the pool directive? Or
change the default value of maxclock?
[1] http://support.ntp.org/bin/view/Support/ConfiguringNTP#Section_6.10.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
source to ntpd. To avoid problems with the
falseticker, you can remove the source from ntpd configuration or use
the noselect option to never use it and only monitor it.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http
, 3.10 was not.
--
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
is 6 and maxpoll 10, exactly the same as in ntpd.
That the faq as an example uses 2 and 4 is I agree stupid. It is faq. I
have no idea who wrote it.
I wrote it. What exactly is wrong with poll 4 on a LAN?
--
Miroslav Lichvar
___
questions mailing list
1 - 100 of 257 matches
Mail list logo