Starts the query/control program for the Network Time Protocol daemon, xntpd.
The xntpdc command queries the xntpd daemon about its current state and requests changes to that state. It runs either in interactive mode or by using command-line arguments. The xntpdc command interface displays extensive state and statistics information. Nearly all the configuration options that can be specified at start-up using the xntpd daemon's configuration file, can also be specified at run-time using the xntpdc command.
If you enter the xntpdc command with one or more request flags, the NTP servers running on each of the hosts specified (or defaults to local host) receive each request. If you do not enter any request flags, the xntpdc command tries to read commands from standard input and run them on the NTP server running on the first host specified or on the local host by default. It prompts for subcommands if standard input is the terminal.
The xntpdc command uses NTP mode 7 packets to communicate with the NTP server and can query any compatible server on the network that permits it.
The xntpdc command makes no attempt to retransmit requests, and will time-out requests if the remote host does not respond within a suitable time.
Specifying a flag other than -i or -n sends the queries to the specified hosts immediately. Otherwise, the xntpdc command attempts to read interactive format commands from standard input.
Item | Description |
---|---|
-c SubCommand | Specifies an interactive format command. This flag adds SubCommand to the list of commands to run on the specified hosts. You can enter multiple -c flags. |
-i | Specifies interactive mode. Standard output displays prompt and standard input reads commands. |
-l | (lowercase L) Displays a list of the peers known to the servers. This is the same as the listpeers subcommand. |
-n | Displays all host addresses in dotted decimal format (0.0.0.0) rather than the canonical host names. |
-p | Displays a list of the peers known to the server and a summary of their state. This is the same as the peers subcommand. |
-s | Displays a list of the peers known to the server and a summary of their state but in a format different from the -p flag. This is the same as the dmpeers subcommand. |
Item | Description |
---|---|
Host ... | Specifies the hosts. |
You can run a number of interactive format subcommands entirely within the xntpdc command that do not send NTP mode 7 requests to a server. The following subcommands can only be used while running the xntpdc query program.
Interactive Format Subcommands
Interactive format subcommands consist of a keyword followed by zero to four arguments. You only need to type enough characters of the full keyword to uniquely identify the subcommand. The output of a subcommand goes to standard output, but you can redirect the output of individual subcommands to a file by appending a greater-than sign (>), followed by a file name, to the command line.
Item | Description |
---|---|
? [ SubCommand ] | Displays command usage information. When used without SubCommand, displays a list of all the xntpdc command keywords. When used with SubCommand, displays function and usage information about the command. |
help [ SubCommand ] | Same as the ? [ Subcommand ] subcommand. |
delay Milliseconds | Specifies the time interval to add to timestamps included in requests that require authentication. This subcommand enables unreliable server reconfiguration over long delay network paths or between machines whose clocks are unsynchronized. If you enter this subcommand without an argument, it prints the current setting for this subcommand. |
host HostName | Specifies the host to send queries to. HostName may be either a host name or a numeric address. If you enter this subcommand without an argument, it prints the current setting for this subcommand. |
hostnames yes | no | Specifies whether to display the host name (yes) or the numeric address (no). The default is yes unless the -n flag is used. If you enter this subcommand without an argument, it prints the current setting for this subcommand. |
keyid Number | Specifies the server key number to use to authenticate configuration requests. If you enter this subcommand without an argument, it prints the current setting for this subcommand. |
passwd | Prompts you to type in the NTP server authentication password to use to authenticate configuration requests. |
quit | Exits the xntpdc query program. |
timeout Milliseconds | Specifies the time-out period for responses to server queries. The default is 8000 milliseconds. If you enter this subcommand without an argument, it prints the current setting for this subcommand. |
Query Subcommands
The xntpdc query subcommands result in sending NTP mode 7 packets containing requests to the server. These subcommands are read-only (they do not modify the server configuration state).
Item | Description |
---|---|
clkbug ClockPeerAddress [ Addr2 ] [ Addr3 ] [ Addr4 ] | Displays debugging information for a reference clock driver. Some clock drivers provide this information that is mostly undecodable without a copy of the driver source in hand. |
clockbug ClockPeerAddress [ Addr2 ] [ Addr3 ] [ Addr4 ] | Displays information concerning a peer clock. The values obtained provide information on the setting of fudge factors and other clock performance information. |
dmpeers | Displays a list of peers for which the server is maintaining
state, along with a summary of that state. Identical to the output
of the peers subcommand except for the character in the leftmost
column. Characters only are displayed beside peers that were included
in the final stage of the clock selection algorithm. The possible character in the leftmost column are:
|
iostats | Displays statistics counters maintained in the input-output module. |
kerninfo | Displays kernel phase-lock loop operating parameters. This information is available only if the kernel of the hosts being generated has been specially modified for a precision timekeeping function. |
listpeers | Displays a brief list of the peers for which the server is maintaining state. These include all configured peer associations as well as those peers whose stratum is such that the server considers them to be possible future synchronization candidates. |
loopinfo [ oneline | multiline ] | Displays the values of selected loop filter variables. The loop filter is the part of NTP that adjusts the local system clock. The offset is the last offset given to the loop filter by the packet processing code. The frequency is the frequency error of the local clock in parts-per-million (ppm). The poll adjust controls the stiffness (resistance to change) of the phase-lock loop and the speed at which it can adapt to oscillator drift. The watchdog timer is the number of elapsed seconds since the last sample offset given to the loop filter. The oneline and multiline options specify the format to display this information. The multiline option is the default. |
memstats | Displays statistics counters related to memory allocation code. |
monlist | Displays traffic counts collected and maintained by the monitor facility. |
peers | Displays a list of peers for which the server is maintaining
state, along with a summary of that state. Summary information includes:
The character in the left margin indicates the mode this peer entry is in:
The contents of the host field may be a host name, an IP address, a reference clock implementation name with its parameter or REFCLK (ImplementationNumber, Parameter). Only IP addresses display when using hostnames no. |
pstats PeerAddress [ Addr2 ] [ Addr3 ] [ Addr4 ] | Displays per-peer statistic counters associated with the specified peers. |
reslist | Displays the server's restriction list which may help to understand how the restrictions are applied. |
sysinfo | Displays a variety of system state variables related to the local server. All except the last four lines are described in the NTP Version 3 specification, RFC 1305. The system flags show various system flags, some of which can be set and cleared by the enable and disable configuration statements. The stability is the residual frequency error remaining after applying the system frequency correction. You use it for maintenance and debugging. In most architectures, this value will initially decrease from as high as 500 ppm to a nominal value in the range .01 to 0.1 ppm. If it remains high for some time after starting the daemon, something may be wrong with the local clock, or the value of the kernel variable Tick may be incorrect. The broadcastdelay shows the default broadcast delay, as set by the broadcastdelay configuration statement, while the authdelay shows the default authentication delay, as set by the authdelay configuration statement. |
sysstats | Displays statistics counters maintained in the protocol module. |
timerstats | Displays statistics counters maintained in the timer/event queue support code. |
Runtime Configuration Requests Subcommands
The server authenticates all requests that cause state changes in the server by using a configured NTP key. The server can also disable this facility by not configuring a key. You must make the key number and the corresponding key known to the xtnpdc command. You can do this by using the keyid and passwd subcommands, which prompts at the terminal for a password to use as the encryption key. The xtnpdc command will also prompt you automatically for both the key number and password the first time you give a subcommand that would result in an authenticated request to the server. Authentication not only verifies that the requester has permission to make such changes, but also protects against transmission errors.
Authenticated requests always include a timestamp in the packet data, as does the computation of the authentication code. The server compares this timestamp to the time at which it receives the packet.
The server rejects the request if they differ by more than 10 seconds. This makes simple replay attacks on the server, by someone able to overhear traffic on your LAN, much more difficult. It also makes it more difficult to request configuration changes to your server from topologically remote hosts. While the reconfiguration facility works well with a server on the local host, and may work adequately between time-synchronized hosts on the same LAN, it works very poorly for more distant hosts. So, if you choose reasonable passwords, take care in the distribution and protection of keys and apply appropriate source address restrictions, the run-time reconfiguration facility should provide an adequate level of security.
The following subcommands all make authenticated requests.
Item | Description |
---|---|
addpeer PeerAddress [ Keyid ] [ Version ] [ prefer ] | Adds a configured peer association operating in symmetric active mode at the specified address. You may delete an existing association with the same peer or simply convert an existing association to conform to the new configuration when using this subcommand. If the Keyid is a nonzero integer, all outgoing packets to the remote server will have an authentication field attached encrypted with this key. To specify no authentication , enter Keyid as 0 or leave blank. The values for Version can be 1, 2 or 3, with 3 as the default. The prefer option indicates a preferred peer used primarily for clock synchronization if possible. The preferred peer also determines the validity of the PPS signal. If the preferred peer is suitable for synchronization, so is the PPS signal. |
addserver PeerAddress [ Keyid ] [ Version ] [ prefer ] | Same as the addpeer subcommand, except that the operating mode is client. |
addtrap Address [ Port ] [ Interface ] | Sets a trap for asynchronous messages at the specified address and port number for sending messages with the specified local interface address. If you do not specify the port number, the value defaults to 18447. If you do not specify the interface address, the value defaults to the source address of the local interface. |
authinfo | Displays information concerning the authentication module, including known keys and counts of encryptions and decryptions performed. |
broadcast PeerAddress [ Keyid ] [ Version ] | Same as the addpeer subcommand, except that the operating mode is broadcast. The PeerAddress can be the broadcast address of the local network or a multicast group address assigned to NTP (224.0.1.1). |
clrtrap Address [ Port ] [ Interface ] | Clears a trap for asynchronous messages at the specified address and port number for sending messages with the specified local interface address. If you do not specify the port number, the value defaults to 18447. If you do not specify the interface address, the value defaults to the source address of the local interface. |
delrestrict Address Mask [ ntpport ] | Deletes the matching entry from the restrict list. |
disable Option ... | Disables various server options. Does not affect options not mentioned. The enable subcommand describes the options. |
enable Option ... | Enables various server options. Does not affect options not
mentioned. You can specify one or more of the following values for Option:
|
fudge PeerAddress [ Time1 ] [ Time2 ] [ Stratum ] [ Refid ] | Provides a way to set certain data for a reference clock.
Time1 and Time2 are in fixed point seconds and used in some clock drivers as calibration constants. Stratum is a number in the range zero to 15 and used to assign a nonstandard operating stratum to the clock. Refid is an ASCII string in the range one to four characters and used to assign a nonstandard reference identifier to the clock. |
monitor yes | no | Enables or disables the monitoring facility. A monitor no subcommand followed by a monitor yes subcommand is a good way of resetting the packet counts. |
readkeys | Purges the current set of authentication keys and obtains a new set by rereading the keys file specified in the xntpd configuration file. This allows you to change encryption keys without restarting the server. |
reset Module | Clears the statistics counters in various modules of the server. You can specify one or more of the following values for Module: io, sys, mem, timer, auth, allpeers. |
restrict Address Mask Option ... | Adds the values of Option to an existing restrict
list entry, or adds a new entry to the list with the specified Option.
The mask option defaults to 255.255.255.255, meaning that Address is
treated as the address of an individual host. You can specify one
or more of the following values for Option:
|
setprecision Precision | Sets the precision that the server advertises. Precision should be a negative integer in the range -4 through -20. |
traps | Displays the traps set in the server. |
trustkey Keyid ... | Adds one or more keys to the trusted key list. When you enable authentication, authenticates peers with trusted time using a trusted key. |
unconfig PeerAddress [ Addr2 ] [ Addr3 ] [ Addr4 ] | Removes the configured bit from the specified peers. In many cases deletes the peer association. When appropriate, however, the association may persist in an unconfigured mode if the remote peer is willing to continue on in this fashion. |
unrestrict Address Mask Option ... | Removes the specified options from the restrict list entry indicated by Address and Mask. The restrict subcommand describes the values for Option. |
untrustkey Keyid ... | Removes one or more keys from the trusted key list. |
This command returns the following exit values:
Item | Description |
---|---|
0 | Successful completion. |
>0 | An error occurred. |
Access Control: You must be part of the system group to run this command.
Auditing Events: N/A
Displays per-peer statistic counters associated with the specified peers.
xntpdc
xntpdc -c "pstats 127.127.1.0" 9.3.149.107
Output
similar to the following is displayed: remote host: LOCAL(0)
local interface: 127.0.0.1
time last received: 49s
time until next send: 15s
reachability change: 818s
packets sent: 13
packets received: 13
bad authentication: 0
bogus origin: 0
duplicate: 0
bad dispersion: 4
bad reference time: 0
candidate order: 1
Item | Description |
---|---|
/usr/sbin/xntpdc | Contains the xntpdc command. |