summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorVincent Blut <vincent.debian@free.fr>2017-01-16 17:37:59 +0100
committerVincent Blut <vincent.debian@free.fr>2017-01-16 17:37:59 +0100
commit7095e70bea486d51b3d303ef2e4eed61628970f4 (patch)
treeb4fa2368d2eb6b1aed7766e7d263e1787c30677d /doc
parent53e3fdbcd5a0daa3dba21532d87fe65c048a9dd9 (diff)
New upstream version 3.0
Diffstat (limited to 'doc')
-rw-r--r--doc/Makefile.in8
-rw-r--r--doc/chrony.conf.adoc332
-rw-r--r--doc/chrony.conf.man.in424
-rw-r--r--doc/chronyc.adoc105
-rw-r--r--doc/chronyc.man.in149
-rw-r--r--doc/chronyd.adoc30
-rw-r--r--doc/chronyd.man.in36
-rw-r--r--doc/faq.adoc43
8 files changed, 918 insertions, 209 deletions
diff --git a/doc/Makefile.in b/doc/Makefile.in
index bd405df..1777da5 100644
--- a/doc/Makefile.in
+++ b/doc/Makefile.in
@@ -13,19 +13,23 @@ BINDIR = @BINDIR@
SBINDIR = @SBINDIR@
MANDIR = @MANDIR@
DOCDIR = @DOCDIR@
-CHRONYSOCKDIR = @CHRONYSOCKDIR@
+CHRONYRUNDIR = @CHRONYRUNDIR@
CHRONYVARDIR = @CHRONYVARDIR@
CHRONY_VERSION = @CHRONY_VERSION@
DEFAULT_USER = @DEFAULT_USER@
DEFAULT_HWCLOCK_FILE = @DEFAULT_HWCLOCK_FILE@
+DEFAULT_PID_FILE = @DEFAULT_PID_FILE@
+DEFAULT_RTC_DEVICE = @DEFAULT_RTC_DEVICE@
SED_COMMANDS = "s%\@SYSCONFDIR\@%$(SYSCONFDIR)%g;\
s%\@BINDIR\@%$(BINDIR)%g;\
s%\@SBINDIR\@%$(SBINDIR)%g;\
s%\@CHRONY_VERSION\@%$(CHRONY_VERSION)%g;\
s%\@DEFAULT_HWCLOCK_FILE\@%$(DEFAULT_HWCLOCK_FILE)%g;\
+ s%\@DEFAULT_PID_FILE\@%$(DEFAULT_PID_FILE)%g;\
+ s%\@DEFAULT_RTC_DEVICE\@%$(DEFAULT_RTC_DEVICE)%g;\
s%\@DEFAULT_USER\@%$(DEFAULT_USER)%g;\
- s%\@CHRONYSOCKDIR\@%$(CHRONYSOCKDIR)%g;\
+ s%\@CHRONYRUNDIR\@%$(CHRONYRUNDIR)%g;\
s%\@CHRONYVARDIR\@%$(CHRONYVARDIR)%g;"
man: $(MAN_FILES) $(MAN_IN_FILES)
diff --git a/doc/chrony.conf.adoc b/doc/chrony.conf.adoc
index 5fb68a3..3ea7287 100644
--- a/doc/chrony.conf.adoc
+++ b/doc/chrony.conf.adoc
@@ -1,7 +1,8 @@
// This file is part of chrony
//
// Copyright (C) Richard P. Curnow 1997-2003
-// Copyright (C) Miroslav Lichvar 2009-2016
+// Copyright (C) Stephen Wadeley 2016
+// Copyright (C) Miroslav Lichvar 2009-2017
//
// This program is free software; you can redistribute it and/or modify
// it under the terms of version 2 of the GNU General Public License as
@@ -105,17 +106,25 @@ If the user knows that round trip delays above a certain level should cause the
measurement to be ignored, this level can be defined with the *maxdelay*
option. For example, *maxdelay 0.3* would indicate that measurements with a
round-trip delay of 0.3 seconds or more should be ignored. The default value is
-3 seconds.
+3 seconds and the maximum value is 1000 seconds.
*maxdelayratio* _ratio_:::
This option is similar to the maxdelay option above. *chronyd* keeps a record
of the minimum round-trip delay amongst the previous measurements that it has
buffered. If a measurement has a round trip delay that is greater than the
-maxdelayratio times the minimum delay, it will be rejected.
+maxdelayratio times the minimum delay, it will be rejected. This option works
+only in the *server* directive when not in the interleaved mode.
*maxdelaydevratio* _ratio_:::
If a measurement has a ratio of the increase in the round-trip delay from the
minimum delay amongst the previous measurements to the standard deviation of
the previous measurements that is greater than the specified ratio, it will be
rejected. The default is 10.0.
+*offset* _offset_:::
+This option specifies a correction (in seconds) which will be applied to
+offsets measured with this source. It's particularly useful to compensate for a
+known asymmetry in network delay or timestamping errors. For example, if
+packets sent to the source were on average delayed by 100 microseconds more
+than packets sent from the source back, the correction would be -0.00005 (-50
+microseconds). The default is 0.0.
*minsamples* _samples_:::
Set the minimum number of samples kept for this source. This overrides the
<<minsamples,*minsamples*>> directive.
@@ -149,11 +158,28 @@ clock. Together with the *trust* option this might be useful to allow a trusted
authenticated source to be safely combined with unauthenticated sources in
order to improve the accuracy of the clock. They can be selected and used for
synchronisation only if they agree with the trusted and required source.
+*xleave*:::
+This option enables an interleaved mode which allows the server or the peer to
+send transmit timestamps captured after the actual transmission (e.g. when the
+server or the peer is running *chronyd* with software (kernel) or hardware
+timestamping). This can significantly improve the accuracy of the measurements.
++
+The interleaved mode is compatible with servers that support only the basic
+mode, but peers must both support and have enabled the interleaved mode,
+otherwise the synchronisation will work only in one direction. Note that even
+servers that support the interleaved mode might respond in the basic mode as
+the interleaved mode requires the servers to keep some state for each client
+and the state might be dropped when there are too many clients (e.g.
+<<clientloglimit,*clientloglimit*>> is too small), or it might be overwritten
+by other clients that have the same IP address (e.g. computers behind NAT or
+someone sending requests with a spoofed source address). The *presend* option
+can be used to shorten the interval in which the server has to keep the state
+for this computer and be able to respond in the interleaved mode.
*polltarget* _target_:::
Target number of measurements to use for the regression algorithm which
*chronyd* will try to maintain by adjusting the polling interval between
*minpoll* and *maxpoll*. A higher target makes *chronyd* prefer shorter polling
-intervals. The default is 6 and a useful range is from 6 to 60.
+intervals. The default is 8 and a useful range is from 6 to 60.
*port* _port_:::
This option allows the UDP port on which the server understands NTP requests to
be specified. For normal servers this option should not be required (the
@@ -177,8 +203,11 @@ presend 9
----
+
when the polling interval is 512 seconds or more, an extra NTP client packet
-will be sent to the server a short time (4 seconds) before making the actual
+will be sent to the server a short time (2 seconds) before making the actual
measurement.
++
+The *presend* option cannot be used in the *peer* directive. If it is used
+with the *xleave* option, *chronyd* will send two extra packets instead of one.
*minstratum* _stratum_:::
When the synchronisation source is selected from available sources, sources
with lower stratum are normally slightly preferred. This option can be used to
@@ -187,9 +216,13 @@ avoid selecting that source. This is useful with low stratum sources that are
known to be unreliable or inaccurate and which should be used only when other
sources are unreachable.
*version* _version_:::
-This option sets the NTP version number used in packets sent to the server.
-This can be useful when the server runs an old NTP implementation that does not
-respond to newer versions. The default version number is 4.
+This option sets the NTP version of packets sent to the server. This can be
+useful when the server runs an old NTP implementation that does not respond to
+requests using a newer version. The default version depends on whether a key is
+specified by the *key* option and which authentication hash function the key
+is using. If the output size of the hash function is longer than 160 bits, the
+default version is 3 for compatibility with older *chronyd* servers. Otherwise,
+the default version is 4.
[[pool]]*pool* _name_ [_option_]...::
The syntax of this directive is similar to that for the <<server,*server*>>
@@ -218,26 +251,33 @@ pool pool.ntp.org iburst maxsources 3
[[peer]]*peer* _hostname_ [_option_]...::
The syntax of this directive is identical to that for the <<server,*server*>>
-directive, except that it is used to specify an NTP peer rather than an NTP
-server.
+directive, except that it specifies a symmetric association with an NTP peer
+instead of a client/server association with an NTP server. A single symmetric
+association allows the peers to be both servers and clients to each other. This
+is mainly useful when the NTP implementation of the peer (e.g. *ntpd*) supports
+ephemeral symmetric associations and does not need to be configured with an
+address of this host. *chronyd* does not support ephemeral associations.
+
When a key is specified by the *key* option to enable authentication, both
-peers must be configured to use the same key and the same key number.
-+
-Please note that NTP peers that are not configured with a key to enable
-authentication are vulnerable to a denial-of-service attack. An attacker
-knowing that NTP hosts A and B are peering with each other can send a packet
-with random timestamps to host A with source address of B which will set the
-NTP state variables on A to the values sent by the attacker. Host A will then
-send on its next poll to B a packet with an origin timestamp that does not match
-the transmit timestamp of B and the packet will be dropped. If the attacker
-does this periodically for both hosts, they will not be able to synchronise to
-each other.
-+
-This attack can be prevented by enabling authentication with the *key* option,
-or by using the <<server,*server*>> directive on both sides to specify the other
-host as a server instead of a peer. The disadvantage of the *server* directive
-is that it will double the network traffic between the two hosts.
+peers must use the same key and the same key number.
++
+Note that the symmetric mode is less secure than the client/server mode. A
+denial-of-service attack is possible on unauthenticated symmetric associations,
+i.e. when the peer was specified without the *key* option. An attacker who does
+not see network traffic between two hosts, but knows that they are peering with
+each other, can periodically send them unauthenticated packets with spoofed
+source addresses in order to disrupt their NTP state and prevent them from
+synchronising to each other. When the association is authenticated, an attacker
+who does see the network traffic, but cannot prevent the packets from reaching
+the other host, can still disrupt the state by replaying old packets. The
+attacker has effectively the same power as a man-in-the-middle attacker. A
+partial protection against this attack is implemented in *chronyd*, which can
+protect the peers if they are using the same polling interval and they never
+sent an authenticated packet with a timestamp from future, but it should not be
+relied on as it is difficult to ensure the conditions are met. If two hosts
+should be able to synchronise to each other in both directions, it is
+recommended to use two separate client/server associations (specified by the
+<<server,*server*>> directive on both hosts) instead.
[[initstepslew]]*initstepslew* _step-threshold_ [_hostname_]...::
In normal operation, *chronyd* slews the time when it needs to adjust the
@@ -395,6 +435,11 @@ This option sets the rate of the pulses in the PPS signal (in Hz). This option
controls how the pulses will be completed with real time. To actually receive
more than one pulse per second, a negative *dpoll* has to be specified (-3 for
a 5Hz signal). The default is 1.
+*maxlockage* _pulses_:::
+This option specifies in number of pulses how old can be samples from the
+refclock specified by the *lock* option to be paired with the pulses.
+Increasing this value is useful when the samples are produced at a lower rate
+than the pulses. The default is 2.
*offset* _offset_:::
This option can be used to compensate for a constant error. The specified
offset (in seconds) is applied to all samples produced by the reference clock.
@@ -506,12 +551,12 @@ saved.
An example of the directive is:
+
----
-dumpdir @CHRONYVARDIR@
+dumpdir @CHRONYRUNDIR@
----
+
-A source whose reference ID (the IP address for IPv4 sources) is _1.2.3.4_
-would have its measurement history saved in the file
-_/var/lib/chrony/1.2.3.4.dat_.
+A source whose IP address is _1.2.3.4_ would have its measurement history saved
+in the file _@CHRONYRUNDIR@/1.2.3.4.dat_. History of reference clocks is saved
+to files named by their reference ID in form of _refid:XXXXXXXX.dat_.
[[dumponexit]]*dumponexit*::
If this directive is present, it indicates that *chronyd* should save the
@@ -529,7 +574,7 @@ useful range is 4 to 64.
The *minsamples* directive sets the default minimum number of samples that
*chronyd* should keep for each source. This setting can be overridden for
individual sources in the <<server,*server*>> and <<refclock,*refclock*>>
-directives. The default value is 0. The useful range is 4 to 64.
+directives. The default value is 6. The useful range is 4 to 64.
=== Source selection
@@ -561,6 +606,13 @@ Setting *maxdistance* to a larger value can be useful to allow synchronisation
with a server that only has a very infrequent connection to its sources and can
accumulate a large dispersion between updates of its clock.
+[[maxjitter]]*maxjitter* _jitter_::
+The *maxjitter* directive sets the maximum allowed jitter of the sources to not
+be rejected by the source selection algorithm. This prevents synchronisation
+with sources that have a small root distance, but their time is too variable.
++
+By default, the maximum jitter is 1 second.
+
[[minsources]]*minsources* _sources_::
The *minsources* directive sets the minimum number of sources that need to be
considered as selectable in the source selection algorithm before the local
@@ -942,7 +994,7 @@ both a client of its servers, and a server to other clients.
Examples of the use of the directive are as follows:
+
----
-allow foo.example.net
+allow 1.2.3.4
allow 1.2
allow 3.4.5
allow 6.7.8/22
@@ -953,7 +1005,8 @@ allow ::/0
allow
----
+
-The first directive allows the named node to be an NTP client of this computer.
+The first directive allows a node with IPv4 address _1.2.3.4_ to be an NTP
+client of this computer.
The second directive allows any node with an IPv4 address of the form _1.2.x.y_
(with _x_ and _y_ arbitrary) to be an NTP client of this computer. Likewise,
the third directive allows any node with an IPv4 address of the form _3.4.5.x_
@@ -994,6 +1047,10 @@ Within a configuration file this capability is probably rather moot; however,
it is of greater use for reconfiguration at run-time via *chronyc* with the
<<chronyc.adoc#allow,*allow all*>> command.
+
+The directive allows a hostname to be specified instead of an IP address, but
+the name must be resolvable when *chronyd* is started (i.e. *chronyd* needs
+to be started when the network is already up and DNS is working).
++
Note, if the <<initstepslew,*initstepslew*>> directive is used in the
configuration file, each of the computers listed in that directive must allow
client access by this computer for it to work.
@@ -1008,25 +1065,20 @@ There is also a *deny all* directive with similar behaviour to the *allow all*
directive.
[[bindaddress]]*bindaddress* _address_::
-The *bindaddress* directive allows you to restrict the network interface to
-which *chronyd* will listen for NTP requests. This provides an additional level
-of access restriction above that available through the <<deny,*deny*>>
-mechanism.
+The *bindaddress* directive binds the socket on which *chronyd* listens for NTP
+requests to a local address of the computer. On systems other than Linux, the
+address of the computer needs to be already configured when *chronyd* is
+started.
+
-Suppose you have a local network with addresses in the _192.168.1.0_
-subnet together with an Internet connection. The network interface's IP
-address is _192.168.1.1_. Suppose you want to block all access through the
-Internet connection. You could add the line:
+An example of the use of the directive is:
+
----
bindaddress 192.168.1.1
----
+
-to the configuration file.
-+
-For each of the IPv4 and IPv6 protocols, only one *bindaddress* directive can be
-specified. Therefore, it is not useful on computers which should serve NTP on
-multiple network interfaces.
+Currently, for each of the IPv4 and IPv6 protocols, only one *bindaddress*
+directive can be specified. Therefore, it is not useful on computers which
+should serve NTP on multiple network interfaces.
[[broadcast]]*broadcast* _interval_ _address_ [_port_]::
The *broadcast* directive is used to declare a broadcast address to which
@@ -1065,8 +1117,10 @@ directive.
[[clientloglimit]]*clientloglimit* _limit_::
This directive specifies the maximum amount of memory that *chronyd* is allowed
-to allocate for logging of client accesses. The default limit is 524288 bytes,
-which allows monitoring of several thousands of addresses at the same time.
+to allocate for logging of client accesses and the state that *chronyd* as an
+NTP server needs to support the interleaved mode for its clients. The default
+limit is 524288 bytes, which is sufficient for monitoring about four thousand
+clients at the same time.
+
In older *chrony* versions if the limit was set to 0, the memory allocation was
unlimited.
@@ -1080,7 +1134,8 @@ clientloglimit 1048576
[[noclientlog]]*noclientlog*::
This directive, which takes no arguments, specifies that client accesses are
not to be logged. Normally they are logged, allowing statistics to be reported
-using the <<chronyc.adoc#clients,*clients*>> command in *chronyc*.
+using the <<chronyc.adoc#clients,*clients*>> command in *chronyc*. This option
+also effectively disables server support for the NTP interleaved mode.
[[local]]*local* [_option_]...::
The *local* directive enables a local reference mode, which allows *chronyd*
@@ -1142,6 +1197,23 @@ An example of the directive is:
local stratum 10 orphan
----
+[[ntpsigndsocket]]*ntpsigndsocket* _directory_::
+This directive specifies the location of the Samba *ntp_signd* socket when it
+is running as a Domain Controller (DC). If *chronyd* is compiled with this
+feature, responses to MS-SNTP clients will be signed by the *smbd* daemon.
++
+Note that MS-SNTP requests are not authenticated and any client that is allowed
+to access the server by the <<allow,*allow*>> directive, or the
+<<chronyc.adoc#allow,*allow*>> command in *chronyc*, can get an MS-SNTP
+response signed with a trust account's password and try to crack the password
+in a brute-force attack. Access to the server should be carefully controlled.
++
+An example of the directive is:
++
+----
+ntpsigndsocket /var/lib/samba/ntp_signd
+----
+
[[port]]*port* _port_::
This option allows you to configure the port on which *chronyd* will listen for
NTP requests. The port will be open only when an address is allowed by the
@@ -1171,7 +1243,10 @@ in any order):
*interval*:::
This option sets the minimum interval between responses. It is defined as a
power of 2 in seconds. The default value is 3 (8 seconds). The minimum value
-is -4 and the maximum value is 12.
+is -19 (524288 packets per second) and the maximum value is 12 (one packet per
+4096 seconds). Note that with values below -4 the rate limiting is coarse
+(responses are allowed in bursts, even if the interval between them is shorter
+than the specified interval).
*burst*:::
This option sets the maximum number of responses that can be sent in a burst,
temporarily exceeding the limit specified by the *interval* option. This is
@@ -1183,20 +1258,20 @@ This option sets the rate at which responses are randomly allowed even if the
limits specified by the *interval* and *burst* options are exceeded. This is
necessary to prevent an attacker who is sending requests with a spoofed
source address from completely blocking responses to that address. The leak
-rate is defined as a power of 1/2 and it is 3 by default, i.e. on average at
-least every eighth request has a response. The minimum value is 1 and the
+rate is defined as a power of 1/2 and it is 2 by default, i.e. on average at
+least every fourth request has a response. The minimum value is 1 and the
maximum value is 4.
::
+
An example use of the directive is:
+
----
-ratelimit interval 4 burst 4
+ratelimit interval 1 burst 16
----
+
-This would reduce the response rate for IP addresses that send packets on
-average more frequently than once per 16 seconds or send packets in bursts
-of more than 4 packets.
+This would reduce the response rate for IP addresses sending packets on average
+more than once per 2 seconds, or sending packets in bursts of more than 16
+packets, by up to 75% (with default *leak* of 2).
[[smoothtime]]*smoothtime* _max-freq_ _max-wander_ [*leaponly*]::
The *smoothtime* directive can be used to enable smoothing of the time that
@@ -1251,16 +1326,17 @@ smoothtime 50000 0.01
=== Command and monitoring access
[[bindcmdaddress]]*bindcmdaddress* _address_::
-The *bindcmdaddress* directive allows you to specify the network interface on
-which *chronyd* will listen for monitoring command packets (issued by
-*chronyc*). This provides an additional level of access restriction above that
-available through the <<cmddeny,*cmddeny*>> mechanism.
+The *bindcmdaddress* directive allows you to specify an IP address of an
+interface on which *chronyd* will listen for monitoring command packets (issued
+by *chronyc*). On systems other than Linux, the address of the interface needs
+to be already configured when *chronyd* is started.
+
This directive can also change the path of the Unix domain command socket,
which is used by *chronyc* to send configuration commands. The socket must be
in a directory that is accessible only by the root or _chrony_ user. The
directory will be created on start if it does not exist. The compiled-in default
-path of the socket is _@CHRONYSOCKDIR@/chronyd.sock_.
+path of the socket is _@CHRONYRUNDIR@/chronyd.sock_. The socket can be
+disabled by setting the path to _/_.
+
By default, *chronyd* binds to the loopback interface (with addresses
_127.0.0.1_ and _::1_). This blocks all access except from localhost. To listen
@@ -1273,8 +1349,8 @@ bindcmdaddress ::
+
to the configuration file.
+
-For each of the IPv4 and IPv6 protocols, only one *bindcmdaddress* directive can be
-specified.
+For each of the IPv4, IPv6, and Unix domain protocols, only one
+*bindcmdaddress* directive can be specified.
+
An example that sets the path of the Unix domain command socket is:
+
@@ -1324,8 +1400,8 @@ need to be run with the *-p 257* switch to inter-operate correctly.)
[[cmdratelimit]]*cmdratelimit* [_option_]...::
This directive enables response rate limiting for command packets. It is
similar to the <<ratelimit,*ratelimit*>> directive, except responses to
-localhost are never limited and the default interval is 1 (2 seconds), the default
-burst is 16, and the default leak rate is 2.
+localhost are never limited and the default interval is -4 (16 packets per
+second).
+
An example of the use of the directive is:
+
@@ -1368,7 +1444,7 @@ This would set the threshold error to 30 seconds.
[[rtcdevice]]*rtcdevice* _device_::
The *rtcdevice* directive sets the path to the device file for accessing the
-RTC. The default path is _/dev/rtc_.
+RTC. The default path is _@DEFAULT_RTC_DEVICE@_.
[[rtcfile]]*rtcfile* _file_::
The *rtcfile* directive defines the name of the file in which *chronyd* can
@@ -1421,7 +1497,7 @@ cannot be used with the <<rtcfile,*rtcfile*>> directive.
+
On Linux, the RTC copy is performed by the kernel every 11 minutes.
+
-On Mac OS X, <<chronyd,*chronyd*>> will perform the RTC copy every 60 minutes
+On macOS, <<chronyd,*chronyd*>> will perform the RTC copy every 60 minutes
when the system clock is in a synchronised state.
+
On other systems this directive does nothing.
@@ -1440,8 +1516,8 @@ called _measurements.log_. An example line (which actually appears as a single
line in the file) from the log file is shown below.
+
----
-2015-10-13 05:40:50 203.0.113.15 N 2 111 111 1111 10 10 1.0 \
- -4.966e-03 2.296e-01 1.577e-05 1.615e-01 7.446e-03
+2016-11-09 05:40:50 203.0.113.15 N 2 111 111 1111 10 10 1.0 \
+ -4.966e-03 2.296e-01 1.577e-05 1.615e-01 7.446e-03 CB00717B 4B D K
----
+
The columns are as follows (the quantities in square brackets are the values
@@ -1471,6 +1547,13 @@ from the example line above):
. The peer dispersion (_epsilon_ in RFC 5905). [1.577e-05]
. The root delay (_DELTA_ in RFC 5905). [1.615e-01]
. The root dispersion (_EPSILON_ in RFC 5905). [7.446e-03]
+. Reference ID of the server's source as a hexadecimal number. [CB00717B]
+. NTP mode of the received packet (_1_=active peer, _2_=passive peer,
+ _3_=server, _B_=basic, _I_=interleaved). [4B]
+. Source of the local transmit timestamp
+ (_D_=daemon, _K_=kernel, _H_=hardware). [D]
+. Source of the local receive timestamp
+ (_D_=daemon, _K_=kernel, _H_=hardware). [K]
+
*statistics*:::
This option logs information about the regression processing to a file called
@@ -1478,8 +1561,8 @@ _statistics.log_. An example line (which actually appears as a single line in
the file) from the log file is shown below.
+
----
-2015-07-22 05:40:50 203.0.113.15 6.261e-03 -3.247e-03 \
- 2.220e-03 1.874e-06 1.080e-06 7.8e-02 16 0 8
+2016-08-10 05:40:50 203.0.113.15 6.261e-03 -3.247e-03 \
+ 2.220e-03 1.874e-06 1.080e-06 7.8e-02 16 0 8 0.00
----
+
The columns are as follows (the quantities in square brackets are the values
@@ -1514,6 +1597,11 @@ from the example line above):
to be discarded. The number of runs for the data that is being retained is
tabulated. Values of approximately half the number of samples are expected.
[8]
+. The estimated asymmetry of network jitter on the path to the source which was
+ used to correct the measured offsets. The asymmetry can be between -0.5 and
+ 0.5. A negative value means the delay of packets sent to the source is
+ more variable than the delay of packets sent from the source back. [0.00,
+ i.e. no correction for asymmetry]
+
*tracking*:::
This option logs changes to the estimate of the system's gain or loss rate, and
@@ -1693,6 +1781,58 @@ sendmail binary.
=== Miscellaneous
+[[hwtimestamp]]*hwtimestamp* _interface_ [_option_]...::
+This directive enables hardware timestamping of NTP packets sent to and
+received from the specified network interface. The network interface controller
+(NIC) uses its own clock to accurately timestamp the actual transmissions and
+receptions, avoiding processing and queueing delays in the kernel, network
+driver, and hardware. This can significantly improve the accuracy of the
+timestamps and the measured offset, which is used for synchronisation of the
+system clock. In order to get the best results, both sides receiving and
+sending NTP packets (i.e. server and client, or two peers) need to use HW
+timestamping. If the server or peer supports the interleaved mode, it needs to
+be enabled by the *xleave* option in the <<server,*server*>> or the
+<<peer,*peer*>> directive.
++
+This directive is supported on Linux 3.19 and newer. The NIC must support HW
+timestamping, which can be verified with the *ethtool -T* command. The list of
+capabilities should include _SOF_TIMESTAMPING_RAW_HARDWARE_,
+_SOF_TIMESTAMPING_TX_HARDWARE_, _SOF_TIMESTAMPING_RX_HARDWARE_, and the filter
+modes should have _HWTSTAMP_FILTER_ALL_. When *chronyd* is running, no other
+process should be working with the clock on the NIC. If no *hwtimestamp*
+directive is specified, *chronyd* will try to use software (kernel)
+timestamping. With both hardware and software timestamping there are
+some limitations on which packets can be actually timestamped, e.g. transmit
+timestamping does not currently work with IPv6 packets using IP options and
+hardware receive timestamping does not work with packets from bridged
+interfaces. The timestamping used in measurements is indicated in the
+_measurements.log_ file if enabled by the <<log,*log measurements*>> directive,
+and the <<chronyc.adoc#ntpdata,*ntpdata*>> report in *chronyc*.
++
+If the specified interface is _*_, *chronyd* will try to enable HW timestamping
+on all available interfaces.
++
+The *hwtimestamp* directive has the following options:
++
+*txcomp* _compensation_:::
+This option specifies the difference in seconds between the actual transmission
+time at the physical layer and the reported transmit timestamp. This value will
+be added to transmit timestamps obtained from the NIC. The default value is 0.
+*rxcomp* _compensation_:::
+This option specifies the difference in seconds between the reported receive
+timestamp and the actual reception time at the physical layer. This value will
+be subtracted from receive timestamps obtained from the NIC. The default value
+is 0.
+::
++
+Examples of the directive are:
++
+----
+hwtimestamp eth0
+hwtimestamp eth1 txcomp 300e-9 rxcomp 645e-9
+hwtimestamp *
+----
+
[[include]]*include* _pattern_::
The *include* directive includes a configuration file or multiple configuration
files if a wildcard pattern is specified. This can be useful when maintaining
@@ -1755,8 +1895,8 @@ significant impact on performance as *chronyd's* memory usage is modest. The
[[pidfile]]*pidfile* _file_::
*chronyd* always writes its process ID (PID) to a file, and checks this file on
-startup to see if another *chronyd* may already be running on the system. By
-default, the file used is _/var/run/chronyd.pid_. The *pidfile* directive
+startup to see if another *chronyd* might already be running on the system. By
+default, the file used is _@DEFAULT_PID_FILE@_. The *pidfile* directive
allows the name to be changed, e.g.:
+
----
@@ -1765,8 +1905,8 @@ pidfile /run/chronyd.pid
[[sched_priority]]*sched_priority* _priority_::
On Linux, the *sched_priority* directive will select the SCHED_FIFO real-time
-scheduler at the specified priority (which must be between 0 and 100). On Mac
-OS X, this option must have either a value of 0 (the default) to disable the
+scheduler at the specified priority (which must be between 0 and 100). On
+macOS, this option must have either a value of 0 (the default) to disable the
thread time constraint policy or 1 for the policy to be enabled. Other systems
do not support this option.
+
@@ -1781,7 +1921,7 @@ wait for the scheduler to get around to running it. You should not use this
unless you really need it. The *sched_setscheduler(2)* man page has more
details.
+
-On Mac OS X, this directive uses the *thread_policy_set()* kernel call to
+On macOS, this directive uses the *thread_policy_set()* kernel call to
specify real-time scheduling. As noted for Linux, you should not use this
directive unless you really need it.
@@ -1790,7 +1930,7 @@ The *user* directive sets the name of the system user to which *chronyd* will
switch after start in order to drop root privileges.
+
On Linux, *chronyd* needs to be compiled with support for the *libcap* library.
-On Mac OS X, FreeBSD, NetBSD and Solaris *chronyd* forks into two processes.
+On macOS, FreeBSD, NetBSD and Solaris *chronyd* forks into two processes.
The child process retains root privileges, but can only perform a very limited
range of privileged system calls on behalf of the parent.
+
@@ -2094,6 +2234,44 @@ For the system shutdown, *chronyd* should receive a SIGTERM several seconds
before the final SIGKILL; the SIGTERM causes the measurement histories and RTC
information to be saved.
+=== Public NTP server
+
+*chronyd* can be configured to operate as a public NTP server, e.g. to join the
+http://www.pool.ntp.org/en/join.html[pool.ntp.org] project. The configuration
+is similar to the NTP client with permanent connection, except it needs to
+allow client access from all addresses. It is recommended to find at least four
+good servers (e.g. from the pool, or on the NTP homepage). If the server has a
+hardware reference clock (e.g. a GPS receiver), it can be specified by the
+<<refclock,*refclock*>> directive.
+
+The amount of memory used for logging client accesses can be increased in order
+to enable clients to use the interleaved mode even when the server has a large
+number of clients, and better support rate limiting if it is enabled by the
+<<ratelimit,*ratelimit*>> directive. The system timezone database, if it is
+kept up to date and includes the *right/UTC* timezone, can be used as a
+reliable source to determine when a leap second will be applied to UTC. The
+*-r* option with the <<dumpdir,*dumpdir*>> directive shortens the time in which
+*chronyd* will not be able to serve time to its clients when it needs to be
+restarted (e.g. after upgrading to a newer version, or a change in the
+configuration).
+
+The configuration file could look like:
+
+----
+server foo.example.net iburst
+server bar.example.net iburst
+server baz.example.net iburst
+server qux.example.net iburst
+makestep 1.0 3
+rtcsync
+allow
+clientloglimit 100000000
+leapsectz right/UTC
+driftfile @CHRONYVARDIR@/drift
+dumpdir @CHRONYRUNDIR@
+dumponexit
+----
+
== SEE ALSO
<<chronyc.adoc#,*chronyc(1)*>>, <<chronyd.adoc#,*chronyd(8)*>>
diff --git a/doc/chrony.conf.man.in b/doc/chrony.conf.man.in
index edc5847..3823bc5 100644
--- a/doc/chrony.conf.man.in
+++ b/doc/chrony.conf.man.in
@@ -2,12 +2,12 @@
.\" Title: chrony.conf
.\" Author: [see the "AUTHORS" section]
.\" Generator: Asciidoctor 1.5.4
-.\" Date: 2016-11-21
+.\" Date: 2017-01-12
.\" Manual: Configuration Files
.\" Source: chrony @CHRONY_VERSION@
.\" Language: English
.\"
-.TH "CHRONY.CONF" "5" "2016-11-21" "chrony @CHRONY_VERSION@" "Configuration Files"
+.TH "CHRONY.CONF" "5" "2017-01-12" "chrony @CHRONY_VERSION@" "Configuration Files"
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.ss \n[.ss] 0
@@ -113,7 +113,7 @@ If the user knows that round trip delays above a certain level should cause the
measurement to be ignored, this level can be defined with the \fBmaxdelay\fP
option. For example, \fBmaxdelay 0.3\fP would indicate that measurements with a
round\-trip delay of 0.3 seconds or more should be ignored. The default value is
-3 seconds.
+3 seconds and the maximum value is 1000 seconds.
.RE
.sp
\fBmaxdelayratio\fP \fIratio\fP
@@ -121,7 +121,8 @@ round\-trip delay of 0.3 seconds or more should be ignored. The default value is
This option is similar to the maxdelay option above. \fBchronyd\fP keeps a record
of the minimum round\-trip delay amongst the previous measurements that it has
buffered. If a measurement has a round trip delay that is greater than the
-maxdelayratio times the minimum delay, it will be rejected.
+maxdelayratio times the minimum delay, it will be rejected. This option works
+only in the \fBserver\fP directive when not in the interleaved mode.
.RE
.sp
\fBmaxdelaydevratio\fP \fIratio\fP
@@ -132,6 +133,16 @@ the previous measurements that is greater than the specified ratio, it will be
rejected. The default is 10.0.
.RE
.sp
+\fBoffset\fP \fIoffset\fP
+.RS 4
+This option specifies a correction (in seconds) which will be applied to
+offsets measured with this source. It\(cqs particularly useful to compensate for a
+known asymmetry in network delay or timestamping errors. For example, if
+packets sent to the source were on average delayed by 100 microseconds more
+than packets sent from the source back, the correction would be \-0.00005 (\-50
+microseconds). The default is 0.0.
+.RE
+.sp
\fBminsamples\fP \fIsamples\fP
.RS 4
Set the minimum number of samples kept for this source. This overrides the
@@ -189,12 +200,32 @@ order to improve the accuracy of the clock. They can be selected and used for
synchronisation only if they agree with the trusted and required source.
.RE
.sp
+\fBxleave\fP
+.RS 4
+This option enables an interleaved mode which allows the server or the peer to
+send transmit timestamps captured after the actual transmission (e.g. when the
+server or the peer is running \fBchronyd\fP with software (kernel) or hardware
+timestamping). This can significantly improve the accuracy of the measurements.
+.sp
+The interleaved mode is compatible with servers that support only the basic
+mode, but peers must both support and have enabled the interleaved mode,
+otherwise the synchronisation will work only in one direction. Note that even
+servers that support the interleaved mode might respond in the basic mode as
+the interleaved mode requires the servers to keep some state for each client
+and the state might be dropped when there are too many clients (e.g.
+\fBclientloglimit\fP is too small), or it might be overwritten
+by other clients that have the same IP address (e.g. computers behind NAT or
+someone sending requests with a spoofed source address). The \fBpresend\fP option
+can be used to shorten the interval in which the server has to keep the state
+for this computer and be able to respond in the interleaved mode.
+.RE
+.sp
\fBpolltarget\fP \fItarget\fP
.RS 4
Target number of measurements to use for the regression algorithm which
\fBchronyd\fP will try to maintain by adjusting the polling interval between
\fBminpoll\fP and \fBmaxpoll\fP. A higher target makes \fBchronyd\fP prefer shorter polling
-intervals. The default is 6 and a useful range is from 6 to 60.
+intervals. The default is 8 and a useful range is from 6 to 60.
.RE
.sp
\fBport\fP \fIport\fP
@@ -230,8 +261,11 @@ presend 9
.\}
.sp
when the polling interval is 512 seconds or more, an extra NTP client packet
-will be sent to the server a short time (4 seconds) before making the actual
+will be sent to the server a short time (2 seconds) before making the actual
measurement.
+.sp
+The \fBpresend\fP option cannot be used in the \fBpeer\fP directive. If it is used
+with the \fBxleave\fP option, \fBchronyd\fP will send two extra packets instead of one.
.RE
.sp
\fBminstratum\fP \fIstratum\fP
@@ -246,9 +280,13 @@ sources are unreachable.
.sp
\fBversion\fP \fIversion\fP
.RS 4
-This option sets the NTP version number used in packets sent to the server.
-This can be useful when the server runs an old NTP implementation that does not
-respond to newer versions. The default version number is 4.
+This option sets the NTP version of packets sent to the server. This can be
+useful when the server runs an old NTP implementation that does not respond to
+requests using a newer version. The default version depends on whether a key is
+specified by the \fBkey\fP option and which authentication hash function the key
+is using. If the output size of the hash function is longer than 160 bits, the
+default version is 3 for compatibility with older \fBchronyd\fP servers. Otherwise,
+the default version is 4.
.RE
.RE
.sp
@@ -288,26 +326,33 @@ pool pool.ntp.org iburst maxsources 3
\fBpeer\fP \fIhostname\fP [\fIoption\fP]...
.RS 4
The syntax of this directive is identical to that for the \fBserver\fP
-directive, except that it is used to specify an NTP peer rather than an NTP
-server.
+directive, except that it specifies a symmetric association with an NTP peer
+instead of a client/server association with an NTP server. A single symmetric
+association allows the peers to be both servers and clients to each other. This
+is mainly useful when the NTP implementation of the peer (e.g. \fBntpd\fP) supports
+ephemeral symmetric associations and does not need to be configured with an
+address of this host. \fBchronyd\fP does not support ephemeral associations.
.sp
When a key is specified by the \fBkey\fP option to enable authentication, both
-peers must be configured to use the same key and the same key number.
-.sp
-Please note that NTP peers that are not configured with a key to enable
-authentication are vulnerable to a denial\-of\-service attack. An attacker
-knowing that NTP hosts A and B are peering with each other can send a packet
-with random timestamps to host A with source address of B which will set the
-NTP state variables on A to the values sent by the attacker. Host A will then
-send on its next poll to B a packet with an origin timestamp that does not match
-the transmit timestamp of B and the packet will be dropped. If the attacker
-does this periodically for both hosts, they will not be able to synchronise to
-each other.
-.sp
-This attack can be prevented by enabling authentication with the \fBkey\fP option,
-or by using the \fBserver\fP directive on both sides to specify the other
-host as a server instead of a peer. The disadvantage of the \fBserver\fP directive
-is that it will double the network traffic between the two hosts.
+peers must use the same key and the same key number.
+.sp
+Note that the symmetric mode is less secure than the client/server mode. A
+denial\-of\-service attack is possible on unauthenticated symmetric associations,
+i.e. when the peer was specified without the \fBkey\fP option. An attacker who does
+not see network traffic between two hosts, but knows that they are peering with
+each other, can periodically send them unauthenticated packets with spoofed
+source addresses in order to disrupt their NTP state and prevent them from
+synchronising to each other. When the association is authenticated, an attacker
+who does see the network traffic, but cannot prevent the packets from reaching
+the other host, can still disrupt the state by replaying old packets. The
+attacker has effectively the same power as a man\-in\-the\-middle attacker. A
+partial protection against this attack is implemented in \fBchronyd\fP, which can
+protect the peers if they are using the same polling interval and they never
+sent an authenticated packet with a timestamp from future, but it should not be
+relied on as it is difficult to ensure the conditions are met. If two hosts
+should be able to synchronise to each other in both directions, it is
+recommended to use two separate client/server associations (specified by the
+\fBserver\fP directive on both hosts) instead.
.RE
.sp
\fBinitstepslew\fP \fIstep\-threshold\fP [\fIhostname\fP]...
@@ -526,6 +571,14 @@ more than one pulse per second, a negative \fBdpoll\fP has to be specified (\-3
a 5Hz signal). The default is 1.
.RE
.sp
+\fBmaxlockage\fP \fIpulses\fP
+.RS 4
+This option specifies in number of pulses how old can be samples from the
+refclock specified by the \fBlock\fP option to be paired with the pulses.
+Increasing this value is useful when the samples are produced at a lower rate
+than the pulses. The default is 2.
+.RE
+.sp
\fBoffset\fP \fIoffset\fP
.RS 4
This option can be used to compensate for a constant error. The specified
@@ -686,15 +739,15 @@ An example of the directive is:
.RS 4
.\}
.nf
-dumpdir @CHRONYVARDIR@
+dumpdir @CHRONYRUNDIR@
.fi
.if n \{\
.RE
.\}
.sp
-A source whose reference ID (the IP address for IPv4 sources) is \fI1.2.3.4\fP
-would have its measurement history saved in the file
-\fI/var/lib/chrony/1.2.3.4.dat\fP.
+A source whose IP address is \fI1.2.3.4\fP would have its measurement history saved
+in the file \fI@CHRONYRUNDIR@/1.2.3.4.dat\fP. History of reference clocks is saved
+to files named by their reference ID in form of \fIrefid:XXXXXXXX.dat\fP.
.RE
.sp
\fBdumponexit\fP
@@ -718,7 +771,7 @@ useful range is 4 to 64.
The \fBminsamples\fP directive sets the default minimum number of samples that
\fBchronyd\fP should keep for each source. This setting can be overridden for
individual sources in the \fBserver\fP and \fBrefclock\fP
-directives. The default value is 0. The useful range is 4 to 64.
+directives. The default value is 6. The useful range is 4 to 64.
.RE
.SS "Source selection"
.sp
@@ -754,6 +807,15 @@ with a server that only has a very infrequent connection to its sources and can
accumulate a large dispersion between updates of its clock.
.RE
.sp
+\fBmaxjitter\fP \fIjitter\fP
+.RS 4
+The \fBmaxjitter\fP directive sets the maximum allowed jitter of the sources to not
+be rejected by the source selection algorithm. This prevents synchronisation
+with sources that have a small root distance, but their time is too variable.
+.sp
+By default, the maximum jitter is 1 second.
+.RE
+.sp
\fBminsources\fP \fIsources\fP
.RS 4
The \fBminsources\fP directive sets the minimum number of sources that need to be
@@ -1245,7 +1307,7 @@ Examples of the use of the directive are as follows:
.RS 4
.\}
.nf
-allow foo.example.net
+allow 1.2.3.4
allow 1.2
allow 3.4.5
allow 6.7.8/22
@@ -1259,7 +1321,8 @@ allow
.RE
.\}
.sp
-The first directive allows the named node to be an NTP client of this computer.
+The first directive allows a node with IPv4 address \fI1.2.3.4\fP to be an NTP
+client of this computer.
The second directive allows any node with an IPv4 address of the form \fI1.2.x.y\fP
(with \fIx\fP and \fIy\fP arbitrary) to be an NTP client of this computer. Likewise,
the third directive allows any node with an IPv4 address of the form \fI3.4.5.x\fP
@@ -1312,6 +1375,10 @@ Within a configuration file this capability is probably rather moot; however,
it is of greater use for reconfiguration at run\-time via \fBchronyc\fP with the
\fBallow all\fP command.
.sp
+The directive allows a hostname to be specified instead of an IP address, but
+the name must be resolvable when \fBchronyd\fP is started (i.e. \fBchronyd\fP needs
+to be started when the network is already up and DNS is working).
+.sp
Note, if the \fBinitstepslew\fP directive is used in the
configuration file, each of the computers listed in that directive must allow
client access by this computer for it to work.
@@ -1330,15 +1397,12 @@ directive.
.sp
\fBbindaddress\fP \fIaddress\fP
.RS 4
-The \fBbindaddress\fP directive allows you to restrict the network interface to
-which \fBchronyd\fP will listen for NTP requests. This provides an additional level
-of access restriction above that available through the \fBdeny\fP
-mechanism.
+The \fBbindaddress\fP directive binds the socket on which \fBchronyd\fP listens for NTP
+requests to a local address of the computer. On systems other than Linux, the
+address of the computer needs to be already configured when \fBchronyd\fP is
+started.
.sp
-Suppose you have a local network with addresses in the \fI192.168.1.0\fP
-subnet together with an Internet connection. The network interface\(cqs IP
-address is \fI192.168.1.1\fP. Suppose you want to block all access through the
-Internet connection. You could add the line:
+An example of the use of the directive is:
.sp
.if n \{\
.RS 4
@@ -1350,11 +1414,9 @@ bindaddress 192.168.1.1
.RE
.\}
.sp
-to the configuration file.
-.sp
-For each of the IPv4 and IPv6 protocols, only one \fBbindaddress\fP directive can be
-specified. Therefore, it is not useful on computers which should serve NTP on
-multiple network interfaces.
+Currently, for each of the IPv4 and IPv6 protocols, only one \fBbindaddress\fP
+directive can be specified. Therefore, it is not useful on computers which
+should serve NTP on multiple network interfaces.
.RE
.sp
\fBbroadcast\fP \fIinterval\fP \fIaddress\fP [\fIport\fP]
@@ -1403,8 +1465,10 @@ directive.
\fBclientloglimit\fP \fIlimit\fP
.RS 4
This directive specifies the maximum amount of memory that \fBchronyd\fP is allowed
-to allocate for logging of client accesses. The default limit is 524288 bytes,
-which allows monitoring of several thousands of addresses at the same time.
+to allocate for logging of client accesses and the state that \fBchronyd\fP as an
+NTP server needs to support the interleaved mode for its clients. The default
+limit is 524288 bytes, which is sufficient for monitoring about four thousand
+clients at the same time.
.sp
In older \fBchrony\fP versions if the limit was set to 0, the memory allocation was
unlimited.
@@ -1426,7 +1490,8 @@ clientloglimit 1048576
.RS 4
This directive, which takes no arguments, specifies that client accesses are
not to be logged. Normally they are logged, allowing statistics to be reported
-using the \fBclients\fP command in \fBchronyc\fP.
+using the \fBclients\fP command in \fBchronyc\fP. This option
+also effectively disables server support for the NTP interleaved mode.
.RE
.sp
\fBlocal\fP [\fIoption\fP]...
@@ -1514,6 +1579,31 @@ local stratum 10 orphan
.\}
.RE
.sp
+\fBntpsigndsocket\fP \fIdirectory\fP
+.RS 4
+This directive specifies the location of the Samba \fBntp_signd\fP socket when it
+is running as a Domain Controller (DC). If \fBchronyd\fP is compiled with this
+feature, responses to MS\-SNTP clients will be signed by the \fBsmbd\fP daemon.
+.sp
+Note that MS\-SNTP requests are not authenticated and any client that is allowed
+to access the server by the \fBallow\fP directive, or the
+\fBallow\fP command in \fBchronyc\fP, can get an MS\-SNTP
+response signed with a trust account\(cqs password and try to crack the password
+in a brute\-force attack. Access to the server should be carefully controlled.
+.sp
+An example of the directive is:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+ntpsigndsocket /var/lib/samba/ntp_signd
+.fi
+.if n \{\
+.RE
+.\}
+.RE
+.sp
\fBport\fP \fIport\fP
.RS 4
This option allows you to configure the port on which \fBchronyd\fP will listen for
@@ -1547,7 +1637,10 @@ in any order):
.RS 4
This option sets the minimum interval between responses. It is defined as a
power of 2 in seconds. The default value is 3 (8 seconds). The minimum value
-is \-4 and the maximum value is 12.
+is \-19 (524288 packets per second) and the maximum value is 12 (one packet per
+4096 seconds). Note that with values below \-4 the rate limiting is coarse
+(responses are allowed in bursts, even if the interval between them is shorter
+than the specified interval).
.RE
.sp
\fBburst\fP
@@ -1565,8 +1658,8 @@ This option sets the rate at which responses are randomly allowed even if the
limits specified by the \fBinterval\fP and \fBburst\fP options are exceeded. This is
necessary to prevent an attacker who is sending requests with a spoofed
source address from completely blocking responses to that address. The leak
-rate is defined as a power of 1/2 and it is 3 by default, i.e. on average at
-least every eighth request has a response. The minimum value is 1 and the
+rate is defined as a power of 1/2 and it is 2 by default, i.e. on average at
+least every fourth request has a response. The minimum value is 1 and the
maximum value is 4.
.RE
.RE
@@ -1580,15 +1673,15 @@ An example use of the directive is:
.RS 4
.\}
.nf
-ratelimit interval 4 burst 4
+ratelimit interval 1 burst 16
.fi
.if n \{\
.RE
.\}
.sp
-This would reduce the response rate for IP addresses that send packets on
-average more frequently than once per 16 seconds or send packets in bursts
-of more than 4 packets.
+This would reduce the response rate for IP addresses sending packets on average
+more than once per 2 seconds, or sending packets in bursts of more than 16
+packets, by up to 75% (with default \fBleak\fP of 2).
.RE
.sp
\fBsmoothtime\fP \fImax\-freq\fP \fImax\-wander\fP [\fBleaponly\fP]
@@ -1658,16 +1751,17 @@ smoothtime 50000 0.01
.sp
\fBbindcmdaddress\fP \fIaddress\fP
.RS 4
-The \fBbindcmdaddress\fP directive allows you to specify the network interface on
-which \fBchronyd\fP will listen for monitoring command packets (issued by
-\fBchronyc\fP). This provides an additional level of access restriction above that
-available through the \fBcmddeny\fP mechanism.
+The \fBbindcmdaddress\fP directive allows you to specify an IP address of an
+interface on which \fBchronyd\fP will listen for monitoring command packets (issued
+by \fBchronyc\fP). On systems other than Linux, the address of the interface needs
+to be already configured when \fBchronyd\fP is started.
.sp
This directive can also change the path of the Unix domain command socket,
which is used by \fBchronyc\fP to send configuration commands. The socket must be
in a directory that is accessible only by the root or \fIchrony\fP user. The
directory will be created on start if it does not exist. The compiled\-in default
-path of the socket is \fI@CHRONYSOCKDIR@/chronyd.sock\fP.
+path of the socket is \fI@CHRONYRUNDIR@/chronyd.sock\fP. The socket can be
+disabled by setting the path to \fI/\fP.
.sp
By default, \fBchronyd\fP binds to the loopback interface (with addresses
\fI127.0.0.1\fP and \fI::1\fP). This blocks all access except from localhost. To listen
@@ -1686,8 +1780,8 @@ bindcmdaddress ::
.sp
to the configuration file.
.sp
-For each of the IPv4 and IPv6 protocols, only one \fBbindcmdaddress\fP directive can be
-specified.
+For each of the IPv4, IPv6, and Unix domain protocols, only one
+\fBbindcmdaddress\fP directive can be specified.
.sp
An example that sets the path of the Unix domain command socket is:
.sp
@@ -1757,8 +1851,8 @@ need to be run with the \fB\-p 257\fP switch to inter\-operate correctly.)
.RS 4
This directive enables response rate limiting for command packets. It is
similar to the \fBratelimit\fP directive, except responses to
-localhost are never limited and the default interval is 1 (2 seconds), the default
-burst is 16, and the default leak rate is 2.
+localhost are never limited and the default interval is \-4 (16 packets per
+second).
.sp
An example of the use of the directive is:
.sp
@@ -1824,7 +1918,7 @@ This would set the threshold error to 30 seconds.
\fBrtcdevice\fP \fIdevice\fP
.RS 4
The \fBrtcdevice\fP directive sets the path to the device file for accessing the
-RTC. The default path is \fI/dev/rtc\fP.
+RTC. The default path is \fI@DEFAULT_RTC_DEVICE@\fP.
.RE
.sp
\fBrtcfile\fP \fIfile\fP
@@ -1918,7 +2012,7 @@ cannot be used with the \fBrtcfile\fP directive.
.sp
On Linux, the RTC copy is performed by the kernel every 11 minutes.
.sp
-On Mac OS X, \fBchronyd\fP will perform the RTC copy every 60 minutes
+On macOS, \fBchronyd\fP will perform the RTC copy every 60 minutes
when the system clock is in a synchronised state.
.sp
On other systems this directive does nothing.
@@ -1942,8 +2036,8 @@ line in the file) from the log file is shown below.
.RS 4
.\}
.nf
-2015\-10\-13 05:40:50 203.0.113.15 N 2 111 111 1111 10 10 1.0 \(rs
- \-4.966e\-03 2.296e\-01 1.577e\-05 1.615e\-01 7.446e\-03
+2016\-11\-09 05:40:50 203.0.113.15 N 2 111 111 1111 10 10 1.0 \(rs
+ \-4.966e\-03 2.296e\-01 1.577e\-05 1.615e\-01 7.446e\-03 CB00717B 4B D K
.fi
.if n \{\
.RE
@@ -2135,6 +2229,53 @@ The root delay (\fIDELTA\fP in RFC 5905). [1.615e\-01]
.\}
The root dispersion (\fIEPSILON\fP in RFC 5905). [7.446e\-03]
.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04' 17.\h'+01'\c
+.\}
+.el \{\
+.sp -1
+.IP " 17." 4.2
+.\}
+Reference ID of the server\(cqs source as a hexadecimal number. [CB00717B]
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04' 18.\h'+01'\c
+.\}
+.el \{\
+.sp -1
+.IP " 18." 4.2
+.\}
+NTP mode of the received packet (\fI1\fP=active peer, \fI2\fP=passive peer,
+\fI3\fP=server, \fIB\fP=basic, \fII\fP=interleaved). [4B]
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04' 19.\h'+01'\c
+.\}
+.el \{\
+.sp -1
+.IP " 19." 4.2
+.\}
+Source of the local transmit timestamp
+(\fID\fP=daemon, \fIK\fP=kernel, \fIH\fP=hardware). [D]
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04' 20.\h'+01'\c
+.\}
+.el \{\
+.sp -1
+.IP " 20." 4.2
+.\}
+Source of the local receive timestamp
+(\fID\fP=daemon, \fIK\fP=kernel, \fIH\fP=hardware). [K]
+.RE
.RE
.sp
\fBstatistics\fP
@@ -2147,8 +2288,8 @@ the file) from the log file is shown below.
.RS 4
.\}
.nf
-2015\-07\-22 05:40:50 203.0.113.15 6.261e\-03 \-3.247e\-03 \(rs
- 2.220e\-03 1.874e\-06 1.080e\-06 7.8e\-02 16 0 8
+2016\-08\-10 05:40:50 203.0.113.15 6.261e\-03 \-3.247e\-03 \(rs
+ 2.220e\-03 1.874e\-06 1.080e\-06 7.8e\-02 16 0 8 0.00
.fi
.if n \{\
.RE
@@ -2305,6 +2446,21 @@ to be discarded. The number of runs for the data that is being retained is
tabulated. Values of approximately half the number of samples are expected.
[8]
.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04' 13.\h'+01'\c
+.\}
+.el \{\
+.sp -1
+.IP " 13." 4.2
+.\}
+The estimated asymmetry of network jitter on the path to the source which was
+used to correct the measured offsets. The asymmetry can be between \-0.5 and
+0.5. A negative value means the delay of packets sent to the source is
+more variable than the delay of packets sent from the source back. [0.00,
+i.e. no correction for asymmetry]
+.RE
.RE
.sp
\fBtracking\fP
@@ -2877,6 +3033,74 @@ sendmail binary.
.RE
.SS "Miscellaneous"
.sp
+\fBhwtimestamp\fP \fIinterface\fP [\fIoption\fP]...
+.RS 4
+This directive enables hardware timestamping of NTP packets sent to and
+received from the specified network interface. The network interface controller
+(NIC) uses its own clock to accurately timestamp the actual transmissions and
+receptions, avoiding processing and queueing delays in the kernel, network
+driver, and hardware. This can significantly improve the accuracy of the
+timestamps and the measured offset, which is used for synchronisation of the
+system clock. In order to get the best results, both sides receiving and
+sending NTP packets (i.e. server and client, or two peers) need to use HW
+timestamping. If the server or peer supports the interleaved mode, it needs to
+be enabled by the \fBxleave\fP option in the \fBserver\fP or the
+\fBpeer\fP directive.
+.sp
+This directive is supported on Linux 3.19 and newer. The NIC must support HW
+timestamping, which can be verified with the \fBethtool \-T\fP command. The list of
+capabilities should include \fISOF_TIMESTAMPING_RAW_HARDWARE\fP,
+\fISOF_TIMESTAMPING_TX_HARDWARE\fP, \fISOF_TIMESTAMPING_RX_HARDWARE\fP, and the filter
+modes should have \fIHWTSTAMP_FILTER_ALL\fP. When \fBchronyd\fP is running, no other
+process should be working with the clock on the NIC. If no \fBhwtimestamp\fP
+directive is specified, \fBchronyd\fP will try to use software (kernel)
+timestamping. With both hardware and software timestamping there are
+some limitations on which packets can be actually timestamped, e.g. transmit
+timestamping does not currently work with IPv6 packets using IP options and
+hardware receive timestamping does not work with packets from bridged
+interfaces. The timestamping used in measurements is indicated in the
+\fImeasurements.log\fP file if enabled by the \fBlog measurements\fP directive,
+and the \fBntpdata\fP report in \fBchronyc\fP.
+.sp
+If the specified interface is \fI*\fP, \fBchronyd\fP will try to enable HW timestamping
+on all available interfaces.
+.sp
+The \fBhwtimestamp\fP directive has the following options:
+.sp
+\fBtxcomp\fP \fIcompensation\fP
+.RS 4
+This option specifies the difference in seconds between the actual transmission
+time at the physical layer and the reported transmit timestamp. This value will
+be added to transmit timestamps obtained from the NIC. The default value is 0.
+.RE
+.sp
+\fBrxcomp\fP \fIcompensation\fP
+.RS 4
+This option specifies the difference in seconds between the reported receive
+timestamp and the actual reception time at the physical layer. This value will
+be subtracted from receive timestamps obtained from the NIC. The default value
+is 0.
+.RE
+.RE
+.sp
+
+.RS 4
+.sp
+Examples of the directive are:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+hwtimestamp eth0
+hwtimestamp eth1 txcomp 300e\-9 rxcomp 645e\-9
+hwtimestamp *
+.fi
+.if n \{\
+.RE
+.\}
+.RE
+.sp
\fBinclude\fP \fIpattern\fP
.RS 4
The \fBinclude\fP directive includes a configuration file or multiple configuration
@@ -2964,8 +3188,8 @@ significant impact on performance as \fBchronyd\(cqs\fP memory usage is modest.
\fBpidfile\fP \fIfile\fP
.RS 4
\fBchronyd\fP always writes its process ID (PID) to a file, and checks this file on
-startup to see if another \fBchronyd\fP may already be running on the system. By
-default, the file used is \fI/var/run/chronyd.pid\fP. The \fBpidfile\fP directive
+startup to see if another \fBchronyd\fP might already be running on the system. By
+default, the file used is \fI@DEFAULT_PID_FILE@\fP. The \fBpidfile\fP directive
allows the name to be changed, e.g.:
.sp
.if n \{\
@@ -2982,8 +3206,8 @@ pidfile /run/chronyd.pid
\fBsched_priority\fP \fIpriority\fP
.RS 4
On Linux, the \fBsched_priority\fP directive will select the SCHED_FIFO real\-time
-scheduler at the specified priority (which must be between 0 and 100). On Mac
-OS X, this option must have either a value of 0 (the default) to disable the
+scheduler at the specified priority (which must be between 0 and 100). On
+macOS, this option must have either a value of 0 (the default) to disable the
thread time constraint policy or 1 for the policy to be enabled. Other systems
do not support this option.
.sp
@@ -2998,7 +3222,7 @@ wait for the scheduler to get around to running it. You should not use this
unless you really need it. The \fBsched_setscheduler(2)\fP man page has more
details.
.sp
-On Mac OS X, this directive uses the \fBthread_policy_set()\fP kernel call to
+On macOS, this directive uses the \fBthread_policy_set()\fP kernel call to
specify real\-time scheduling. As noted for Linux, you should not use this
directive unless you really need it.
.RE
@@ -3009,7 +3233,7 @@ The \fBuser\fP directive sets the name of the system user to which \fBchronyd\fP
switch after start in order to drop root privileges.
.sp
On Linux, \fBchronyd\fP needs to be compiled with support for the \fBlibcap\fP library.
-On Mac OS X, FreeBSD, NetBSD and Solaris \fBchronyd\fP forks into two processes.
+On macOS, FreeBSD, NetBSD and Solaris \fBchronyd\fP forks into two processes.
The child process retains root privileges, but can only perform a very limited
range of privileged system calls on behalf of the parent.
.sp
@@ -3420,6 +3644,50 @@ configuration file.
For the system shutdown, \fBchronyd\fP should receive a SIGTERM several seconds
before the final SIGKILL; the SIGTERM causes the measurement histories and RTC
information to be saved.
+.SS "Public NTP server"
+.sp
+\fBchronyd\fP can be configured to operate as a public NTP server, e.g. to join the
+.URL "http://www.pool.ntp.org/en/join.html" "pool.ntp.org" " "
+project. The configuration
+is similar to the NTP client with permanent connection, except it needs to
+allow client access from all addresses. It is recommended to find at least four
+good servers (e.g. from the pool, or on the NTP homepage). If the server has a
+hardware reference clock (e.g. a GPS receiver), it can be specified by the
+\fBrefclock\fP directive.
+.sp
+The amount of memory used for logging client accesses can be increased in order
+to enable clients to use the interleaved mode even when the server has a large
+number of clients, and better support rate limiting if it is enabled by the
+\fBratelimit\fP directive. The system timezone database, if it is
+kept up to date and includes the \fBright/UTC\fP timezone, can be used as a
+reliable source to determine when a leap second will be applied to UTC. The
+\fB\-r\fP option with the \fBdumpdir\fP directive shortens the time in which
+\fBchronyd\fP will not be able to serve time to its clients when it needs to be
+restarted (e.g. after upgrading to a newer version, or a change in the
+configuration).
+.sp
+The configuration file could look like:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+server foo.example.net iburst
+server bar.example.net iburst
+server baz.example.net iburst
+server qux.example.net iburst
+makestep 1.0 3
+rtcsync
+allow
+clientloglimit 100000000
+leapsectz right/UTC
+driftfile @CHRONYVARDIR@/drift
+dumpdir @CHRONYRUNDIR@
+dumponexit
+.fi
+.if n \{\
+.RE
+.\}
.SH "SEE ALSO"
.sp
\fBchronyc(1)\fP, \fBchronyd(8)\fP
diff --git a/doc/chronyc.adoc b/doc/chronyc.adoc
index 27574ed..72a9d53 100644
--- a/doc/chronyc.adoc
+++ b/doc/chronyc.adoc
@@ -1,6 +1,7 @@
// This file is part of chrony
//
// Copyright (C) Richard P. Curnow 1997-2003
+// Copyright (C) Stephen Wadeley 2016
// Copyright (C) Miroslav Lichvar 2009-2016
//
// This program is free software; you can redistribute it and/or modify
@@ -44,7 +45,7 @@ There are two ways *chronyc* can access *chronyd*. One is the Internet
Protocol (IPv4 or IPv6) and the other is a Unix domain socket, which is
accessible locally by the root or _chrony_ user. By default, *chronyc* first
tries to connect to the Unix domain socket. The compiled-in default path is
-_@CHRONYSOCKDIR@/chronyd.sock_. If that fails (e.g. because *chronyc* is
+_@CHRONYRUNDIR@/chronyd.sock_. If that fails (e.g. because *chronyc* is
running under a non-root user), it will try to connect to 127.0.0.1 and then
::1.
@@ -74,8 +75,8 @@ With this option hostnames will be resolved only to IPv4 addresses.
With this option hostnames will be resolved only to IPv6 addresses.
*-n*::
-This option disables resolving of IP addresses to hostnames (e.g. to avoid slow
-DNS lookups).
+This option disables resolving of IP addresses to hostnames, e.g. to avoid slow
+DNS lookups. Long addresses will not be truncated to fit into the column.
*-c*::
This option enables printing of reports in a comma-separated values (CSV)
@@ -127,7 +128,7 @@ The *tracking* command displays parameters about the system's clock
performance. An example of the output is shown below.
+
----
-Reference ID : 203.0.113.15 (foo.example.net)
+Reference ID : CB00710F (foo.example.net)
Stratum : 3
Ref time (UTC) : Fri Feb 3 15:00:29 2012
System time : 0.000001501 seconds slow of NTP time
@@ -150,10 +151,14 @@ computer is currently synchronised. For IPv4 addresses, the reference ID is
equal to the address and for IPv6 addresses it is the first 32 bits of the MD5
sum of the address.
+
-If it is _127.127.1.1_ it means the computer is not synchronised to any
-external source and that you have the _local_ mode operating (via the
-<<local,*local*>> command in *chronyc*, or the
+If the reference ID is _7F7F0101_ and there is no name or IP address, it means
+the computer is not synchronised to any external source and that you have the
+_local_ mode operating (via the <<local,*local*>> command in *chronyc*, or the
<<chrony.conf.adoc#local,*local*>> directive in the configuration file).
++
+The reference ID is printed as a hexadecimal number. Note that in older
+versions it used to be printed in quad-dotted notation and could be confused
+with an IPv4 address.
*Stratum*:::
The stratum indicates how many hops away from a computer with an attached
reference clock we are. Such a computer is a stratum-1 computer, so the
@@ -437,6 +442,92 @@ the offline state.
the name of the server or peer was not resolved to an address yet; this source is
not visible in the *sources* and *sourcestats* reports.
+[[ntpdata]]*ntpdata* [_address_]::
+The *ntpdata* command displays the last valid measurement and other
+NTP-specific information about the specified NTP source, or all NTP sources if
+no address was specified. An example of the output is shown below.
++
+----
+Remote address : 203.0.113.15 (CB00710F)
+Remote port : 123
+Local address : 203.0.113.74 (CB00714A)
+Leap status : Normal
+Version : 4
+Mode : Server
+Stratum : 1
+Poll interval : 10 (1024 seconds)
+Precision : -24 (0.000000060 seconds)
+Root delay : 0.000015 seconds
+Root dispersion : 0.000015 seconds
+Reference ID : 47505300 (GPS)
+Reference time : Fri Nov 25 15:22:12 2016
+Offset : -0.000060878 seconds
+Peer delay : 0.000175634 seconds
+Peer dispersion : 0.000000681 seconds
+Response time : 0.000053050 seconds
+Jitter asymmetry: +0.00
+NTP tests : 111 111 1111
+Interleaved : No
+Authenticated : No
+TX timestamping : Kernel
+RX timestamping : Kernel
+Total TX : 24
+Total RX : 24
+Total valid RX : 24
+----
++
+The fields are explained as follows:
++
+*Remote address*:::
+The IP address of the NTP server or peer, and the corresponding reference ID.
+*Remote port*:::
+The UDP port number to which the request was sent. The standard NTP port is
+123.
+*Local address*:::
+The local IP address which received the response, and the corresponding
+reference ID.
+*Leap status*:::
+*Version*:::
+*Mode*:::
+*Stratum*:::
+*Poll interval*:::
+*Precision*:::
+*Root delay*:::
+*Root dispersion*:::
+*Reference ID*:::
+*Reference time*:::
+The NTP values from the last valid response.
+*Offset*:::
+*Peer delay*:::
+*Peer dispersion*:::
+The measured values.
+*Response time*:::
+The time the server or peer spent in processing of the request and waiting
+before sending the response.
+*Jitter asymmetry*:::
+The estimated asymmetry of network jitter on the path to the source. The
+asymmetry can be between -0.5 and 0.5. A negative value means the delay of
+packets sent to the source is more variable than the delay of packets sent
+from the source back.
+*NTP tests*:::
+Results of RFC 5905 tests 1 through 3, 5 through 7, and tests for maximum
+delay, delay ratio, delay dev ratio, and synchronisation loop.
+*Interleaved*:::
+This shows if the response was in the interleaved mode.
+*Authenticated*:::
+This shows if the response was authenticated.
+*TX timestamping*:::
+The source of the local transmit timestamp. Valid values are _Daemon_,
+_Kernel_, and _Hardware_.
+*RX timestamping*:::
+The source of the local receive timestamp.
+*Total TX*:::
+The number of packets sent to the source.
+*Total RX*:::
+The number of all packets received from the source.
+*Total valid RX*:::
+The number of valid packets received from the source.
+
[[add_peer]]*add peer* _address_ [_option_]...::
The *add peer* command allows a new NTP peer to be added whilst
*chronyd* is running.
diff --git a/doc/chronyc.man.in b/doc/chronyc.man.in
index d9fed87..dbb3f37 100644
--- a/doc/chronyc.man.in
+++ b/doc/chronyc.man.in
@@ -2,12 +2,12 @@
.\" Title: chronyc
.\" Author: [see the "AUTHORS" section]
.\" Generator: Asciidoctor 1.5.4
-.\" Date: 2016-11-21
+.\" Date: 2017-01-12
.\" Manual: User manual
.\" Source: chrony @CHRONY_VERSION@
.\" Language: English
.\"
-.TH "CHRONYC" "1" "2016-11-21" "chrony @CHRONY_VERSION@" "User manual"
+.TH "CHRONYC" "1" "2017-01-12" "chrony @CHRONY_VERSION@" "User manual"
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.ss \n[.ss] 0
@@ -38,7 +38,7 @@ There are two ways \fBchronyc\fP can access \fBchronyd\fP. One is the Internet
Protocol (IPv4 or IPv6) and the other is a Unix domain socket, which is
accessible locally by the root or \fIchrony\fP user. By default, \fBchronyc\fP first
tries to connect to the Unix domain socket. The compiled\-in default path is
-\fI@CHRONYSOCKDIR@/chronyd.sock\fP. If that fails (e.g. because \fBchronyc\fP is
+\fI@CHRONYRUNDIR@/chronyd.sock\fP. If that fails (e.g. because \fBchronyc\fP is
running under a non\-root user), it will try to connect to 127.0.0.1 and then
::1.
.sp
@@ -72,8 +72,8 @@ With this option hostnames will be resolved only to IPv6 addresses.
.sp
\fB\-n\fP
.RS 4
-This option disables resolving of IP addresses to hostnames (e.g. to avoid slow
-DNS lookups).
+This option disables resolving of IP addresses to hostnames, e.g. to avoid slow
+DNS lookups. Long addresses will not be truncated to fit into the column.
.RE
.sp
\fB\-c\fP
@@ -144,7 +144,7 @@ performance. An example of the output is shown below.
.RS 4
.\}
.nf
-Reference ID : 203.0.113.15 (foo.example.net)
+Reference ID : CB00710F (foo.example.net)
Stratum : 3
Ref time (UTC) : Fri Feb 3 15:00:29 2012
System time : 0.000001501 seconds slow of NTP time
@@ -171,10 +171,14 @@ computer is currently synchronised. For IPv4 addresses, the reference ID is
equal to the address and for IPv6 addresses it is the first 32 bits of the MD5
sum of the address.
.sp
-If it is \fI127.127.1.1\fP it means the computer is not synchronised to any
-external source and that you have the \fIlocal\fP mode operating (via the
-\fBlocal\fP command in \fBchronyc\fP, or the
+If the reference ID is \fI7F7F0101\fP and there is no name or IP address, it means
+the computer is not synchronised to any external source and that you have the
+\fIlocal\fP mode operating (via the \fBlocal\fP command in \fBchronyc\fP, or the
\fBlocal\fP directive in the configuration file).
+.sp
+The reference ID is printed as a hexadecimal number. Note that in older
+versions it used to be printed in quad\-dotted notation and could be confused
+with an IPv4 address.
.RE
.sp
\fBStratum\fP
@@ -659,6 +663,133 @@ not visible in the \fBsources\fP and \fBsourcestats\fP reports.
.RE
.RE
.sp
+\fBntpdata\fP [\fIaddress\fP]
+.RS 4
+The \fBntpdata\fP command displays the last valid measurement and other
+NTP\-specific information about the specified NTP source, or all NTP sources if
+no address was specified. An example of the output is shown below.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+Remote address : 203.0.113.15 (CB00710F)
+Remote port : 123
+Local address : 203.0.113.74 (CB00714A)
+Leap status : Normal
+Version : 4
+Mode : Server
+Stratum : 1
+Poll interval : 10 (1024 seconds)
+Precision : \-24 (0.000000060 seconds)
+Root delay : 0.000015 seconds
+Root dispersion : 0.000015 seconds
+Reference ID : 47505300 (GPS)
+Reference time : Fri Nov 25 15:22:12 2016
+Offset : \-0.000060878 seconds
+Peer delay : 0.000175634 seconds
+Peer dispersion : 0.000000681 seconds
+Response time : 0.000053050 seconds
+Jitter asymmetry: +0.00
+NTP tests : 111 111 1111
+Interleaved : No
+Authenticated : No
+TX timestamping : Kernel
+RX timestamping : Kernel
+Total TX : 24
+Total RX : 24
+Total valid RX : 24
+.fi
+.if n \{\
+.RE
+.\}
+.sp
+The fields are explained as follows:
+.sp
+\fBRemote address\fP
+.RS 4
+The IP address of the NTP server or peer, and the corresponding reference ID.
+.RE
+.sp
+\fBRemote port\fP
+.RS 4
+The UDP port number to which the request was sent. The standard NTP port is
+123.
+.RE
+.sp
+\fBLocal address\fP
+.RS 4
+The local IP address which received the response, and the corresponding
+reference ID.
+.RE
+.sp
+\fBLeap status\fP, \fBVersion\fP, \fBMode\fP, \fBStratum\fP, \fBPoll interval\fP, \fBPrecision\fP, \fBRoot delay\fP, \fBRoot dispersion\fP, \fBReference ID\fP, \fBReference time\fP
+.RS 4
+The NTP values from the last valid response.
+.RE
+.sp
+\fBOffset\fP, \fBPeer delay\fP, \fBPeer dispersion\fP
+.RS 4
+The measured values.
+.RE
+.sp
+\fBResponse time\fP
+.RS 4
+The time the server or peer spent in processing of the request and waiting
+before sending the response.
+.RE
+.sp
+\fBJitter asymmetry\fP
+.RS 4
+The estimated asymmetry of network jitter on the path to the source. The
+asymmetry can be between \-0.5 and 0.5. A negative value means the delay of
+packets sent to the source is more variable than the delay of packets sent
+from the source back.
+.RE
+.sp
+\fBNTP tests\fP
+.RS 4
+Results of RFC 5905 tests 1 through 3, 5 through 7, and tests for maximum
+delay, delay ratio, delay dev ratio, and synchronisation loop.
+.RE
+.sp
+\fBInterleaved\fP
+.RS 4
+This shows if the response was in the interleaved mode.
+.RE
+.sp
+\fBAuthenticated\fP
+.RS 4
+This shows if the response was authenticated.
+.RE
+.sp
+\fBTX timestamping\fP
+.RS 4
+The source of the local transmit timestamp. Valid values are \fIDaemon\fP,
+\fIKernel\fP, and \fIHardware\fP.
+.RE
+.sp
+\fBRX timestamping\fP
+.RS 4
+The source of the local receive timestamp.
+.RE
+.sp
+\fBTotal TX\fP
+.RS 4
+The number of packets sent to the source.
+.RE
+.sp
+\fBTotal RX\fP
+.RS 4
+The number of all packets received from the source.
+.RE
+.sp
+\fBTotal valid RX\fP
+.RS 4
+The number of valid packets received from the source.
+.RE
+.RE
+.sp
\fBadd peer\fP \fIaddress\fP [\fIoption\fP]...
.RS 4
The \fBadd peer\fP command allows a new NTP peer to be added whilst
diff --git a/doc/chronyd.adoc b/doc/chronyd.adoc
index d54d585..9cb8eff 100644
--- a/doc/chronyd.adoc
+++ b/doc/chronyd.adoc
@@ -75,14 +75,15 @@ This option is similar to *-q*, but it will only print the offset without any
corrections of the clock.
*-r*::
-This option will reload sample histories for each of the servers and refclocks
-being used. These histories are created by using the
-<<chronyc.adoc#dump,*dump*>> command in *chronyc*, or by setting the
-<<chrony.conf.adoc#dumponexit,*dumponexit*>> directive in the configuration
-file. This option is useful if you want to stop and restart *chronyd* briefly
-for any reason, e.g. to install a new version. However, it should be used only
-on systems where the kernel can maintain clock compensation whilst not under
-*chronyd*'s control (i.e. Linux, FreeBSD, NetBSD and Solaris).
+This option will try to reload and then delete files containing sample
+histories for each of the servers and reference clocks being used. These
+histories are created by using the <<chronyc.adoc#dump,*dump*>> command in
+*chronyc*, or by setting the <<chrony.conf.adoc#dumponexit,*dumponexit*>>
+directive in the configuration file. This option is useful if you want to stop
+and restart *chronyd* briefly for any reason, e.g. to install a new version.
+However, it should be used only on systems where the kernel can maintain clock
+compensation whilst not under *chronyd*'s control (i.e. Linux, FreeBSD, NetBSD
+and Solaris).
*-R*::
When this option is used, the <<chrony.conf.adoc#initstepslew,*initstepslew*>>
@@ -109,13 +110,20 @@ time and the RTC time, the system time will be set to it to restore the time
when *chronyd* was previously stopped. This is useful on computers that have no
RTC or the RTC is broken (e.g. it has no battery).
+*-t* _timeout_::
+This option sets a timeout (in seconds) after which *chronyd* will exit. If the
+clock is not synchronised, it will exit with a non-zero status. This is useful
+with the *-q* or *-Q* option to shorten the maximum time waiting for
+measurements, or with the *-r* option to limit the time when *chronyd* is
+running, but still allow it to adjust the frequency of the system clock.
+
*-u* _user_::
This option sets the name of the system user to which *chronyd* will switch
after start in order to drop root privileges. It overrides the
<<chrony.conf.adoc#user,*user*>> directive (default _@DEFAULT_USER@_).
+
On Linux, *chronyd* needs to be compiled with support for the *libcap* library.
-On Mac OS X, FreeBSD, NetBSD and Solaris *chronyd* forks into two processes.
+On macOS, FreeBSD, NetBSD and Solaris *chronyd* forks into two processes.
The child process retains root privileges, but can only perform a very limited
range of privileged system calls on behalf of the parent.
@@ -134,7 +142,7 @@ killed even in normal operation.
*-P* _priority_::
On Linux, this option will select the SCHED_FIFO real-time scheduler at the
-specified priority (which must be between 0 and 100). On Mac OS X, this option
+specified priority (which must be between 0 and 100). On macOS, this option
must have either a value of 0 (the default) to disable the thread time
constraint policy or 1 for the policy to be enabled. Other systems do not
support this option.
@@ -161,4 +169,4 @@ https://chrony.tuxfamily.org/.
== AUTHORS
-chrony was written by Richard Curnow, Miroslav Lichvar and others.
+chrony was written by Richard Curnow, Miroslav Lichvar, and others.
diff --git a/doc/chronyd.man.in b/doc/chronyd.man.in
index 3b8d74a..e56257e 100644
--- a/doc/chronyd.man.in
+++ b/doc/chronyd.man.in
@@ -2,12 +2,12 @@
.\" Title: chronyd
.\" Author: [see the "AUTHORS" section]
.\" Generator: Asciidoctor 1.5.4
-.\" Date: 2016-11-21
+.\" Date: 2017-01-12
.\" Manual: System Administration
.\" Source: chrony @CHRONY_VERSION@
.\" Language: English
.\"
-.TH "CHRONYD" "8" "2016-11-21" "chrony @CHRONY_VERSION@" "System Administration"
+.TH "CHRONYD" "8" "2017-01-12" "chrony @CHRONY_VERSION@" "System Administration"
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.ss \n[.ss] 0
@@ -83,14 +83,15 @@ corrections of the clock.
.sp
\fB\-r\fP
.RS 4
-This option will reload sample histories for each of the servers and refclocks
-being used. These histories are created by using the
-\fBdump\fP command in \fBchronyc\fP, or by setting the
-\fBdumponexit\fP directive in the configuration
-file. This option is useful if you want to stop and restart \fBchronyd\fP briefly
-for any reason, e.g. to install a new version. However, it should be used only
-on systems where the kernel can maintain clock compensation whilst not under
-\fBchronyd\fP\(cqs control (i.e. Linux, FreeBSD, NetBSD and Solaris).
+This option will try to reload and then delete files containing sample
+histories for each of the servers and reference clocks being used. These
+histories are created by using the \fBdump\fP command in
+\fBchronyc\fP, or by setting the \fBdumponexit\fP
+directive in the configuration file. This option is useful if you want to stop
+and restart \fBchronyd\fP briefly for any reason, e.g. to install a new version.
+However, it should be used only on systems where the kernel can maintain clock
+compensation whilst not under \fBchronyd\fP\(cqs control (i.e. Linux, FreeBSD, NetBSD
+and Solaris).
.RE
.sp
\fB\-R\fP
@@ -122,6 +123,15 @@ when \fBchronyd\fP was previously stopped. This is useful on computers that have
RTC or the RTC is broken (e.g. it has no battery).
.RE
.sp
+\fB\-t\fP \fItimeout\fP
+.RS 4
+This option sets a timeout (in seconds) after which \fBchronyd\fP will exit. If the
+clock is not synchronised, it will exit with a non\-zero status. This is useful
+with the \fB\-q\fP or \fB\-Q\fP option to shorten the maximum time waiting for
+measurements, or with the \fB\-r\fP option to limit the time when \fBchronyd\fP is
+running, but still allow it to adjust the frequency of the system clock.
+.RE
+.sp
\fB\-u\fP \fIuser\fP
.RS 4
This option sets the name of the system user to which \fBchronyd\fP will switch
@@ -129,7 +139,7 @@ after start in order to drop root privileges. It overrides the
\fBuser\fP directive (default \fI@DEFAULT_USER@\fP).
.sp
On Linux, \fBchronyd\fP needs to be compiled with support for the \fBlibcap\fP library.
-On Mac OS X, FreeBSD, NetBSD and Solaris \fBchronyd\fP forks into two processes.
+On macOS, FreeBSD, NetBSD and Solaris \fBchronyd\fP forks into two processes.
The child process retains root privileges, but can only perform a very limited
range of privileged system calls on behalf of the parent.
.RE
@@ -152,7 +162,7 @@ killed even in normal operation.
\fB\-P\fP \fIpriority\fP
.RS 4
On Linux, this option will select the SCHED_FIFO real\-time scheduler at the
-specified priority (which must be between 0 and 100). On Mac OS X, this option
+specified priority (which must be between 0 and 100). On macOS, this option
must have either a value of 0 (the default) to disable the thread time
constraint policy or 1 for the policy to be enabled. Other systems do not
support this option.
@@ -180,4 +190,4 @@ For instructions on how to report bugs, please visit
.URL "https://chrony.tuxfamily.org/" "" "."
.SH "AUTHORS"
.sp
-chrony was written by Richard Curnow, Miroslav Lichvar and others. \ No newline at end of file
+chrony was written by Richard Curnow, Miroslav Lichvar, and others. \ No newline at end of file
diff --git a/doc/faq.adoc b/doc/faq.adoc
index 01076ef..35f0f38 100644
--- a/doc/faq.adoc
+++ b/doc/faq.adoc
@@ -61,8 +61,8 @@ that.
In order to keep the real-time clock (RTC) close to the true time, so the
system time is reasonably close to the true time when it's initialized on the
next boot from the RTC, the `rtcsync` directive enables a mode in which the
-system time is periodically copied to the RTC. It is supported on Linux and Mac
-OS X.
+system time is periodically copied to the RTC. It is supported on Linux and
+macOS.
If you want to use public NTP servers from the
http://www.pool.ntp.org/[pool.ntp.org] project, the minimal _chrony.conf_ file
@@ -148,14 +148,19 @@ network. It's better to use more than one server, three or four is usually
recommended as the minimum, so `chronyd` can detect servers that serve false
time and combine measurements from multiple sources.
+If you have a network card with hardware timestamping supported on Linux, it
+can be enabled by the *hwtimestamp* directive in the _chrony.conf_ file. It
+should make local receive and transmit timestamps of NTP packets much more
+accurate.
+
There are also useful options which can be set in the `server` directive, they
-are `minpoll`, `maxpoll`, `polltarget`, `maxdelay`, `maxdelayratio` and
-`maxdelaydevratio`.
+are `minpoll`, `maxpoll`, `polltarget`, `maxdelay`, `maxdelayratio`,
+`maxdelaydevratio`, and `xleave`.
The first three options set the minimum and maximum allowed polling interval,
and how should be the actual interval adjusted in the specified range. Their
default values are 6 (64 seconds) for `minpoll`, 10 (1024 seconds) for
-`maxpoll` and 6 (samples) for `polltarget`. The default values should be used
+`maxpoll` and 8 (samples) for `polltarget`. The default values should be used
for general servers on the Internet. With your own NTP servers or if have
permission to poll some servers more frequently, setting these options for
shorter polling intervals may significantly improve the accuracy of the system
@@ -189,6 +194,16 @@ with local NTP server
server ntp.local minpoll 2 maxpoll 4 polltarget 30 maxdelaydevratio 2
----
+If your server supports the interleaved mode, the `xleave` option should be
+added to the `server` directive in order to receive server's more accurate
+hardware or kernel transmit timestamps. When combined with local hardware
+timestamping, a sub-microsecond accuracy may be possible. An example could be
+
+----
+server ntp.local minpoll 2 maxpoll 2 xleave
+hwtimestamp eth0
+----
+
=== What happened to the `commandkey` and `generatecommandkey` directives?
They were removed in version 2.2. Authentication is no longer supported in the
@@ -287,12 +302,15 @@ authentication (`commandkey` directive).
=== Why does `chronyc tracking` always print an IPv4 address as reference ID?
-The reference ID is a 32-bit value and is always printed in quad-dotted
-notation, even if the reference source doesn't have an IPv4 address. For IPv4
-addresses, the reference ID is equal to the address, but for IPv6 addresses it
-is the first 32 bits of the MD5 sum of the address. For reference clocks, the
-reference ID is the value specified with the `refid` option in the `refclock`
-directive.
+The reference ID is a 32-bit value and in versions before 3.0 it was printed in
+quad-dotted notation, even if the reference source did not actually have an
+IPv4 address. For IPv4 addresses, the reference ID is equal to the address, but
+for IPv6 addresses it is the first 32 bits of the MD5 sum of the address. For
+reference clocks, the reference ID is the value specified with the `refid`
+option in the `refclock` directive.
+
+Since version 3.0, the reference ID is printed as a hexadecimal number to avoid
+confusion with IPv4 addresses.
If you need to get the IP address of the current reference source, use the `-n`
option to disable resolving of IP addresses and read the second field (printed
@@ -373,7 +391,8 @@ to serve time to clients in the network which support the broadcast client mode
=== Can `chronyd` keep the system clock a fixed offset away from real time?
-This is not possible as the program currently stands.
+Yes. Starting from version 3.0, an offset can be specified by the `offset`
+option for all time sources in the _chrony.conf_ file.
=== What happens if the network connection is dropped without using ``chronyc``'s `offline` command first?
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-27 18:22:45 +0000