1.\" 2.\" $FreeBSD$ 3.\" 4.Dd May 17, 2006 5.Dt NTPQ 8 6.Os 7.Sh NAME 8.Nm ntpq 9.Nd standard NTP query program 10.Sh SYNOPSIS 11.Nm 12.Op Fl inp 13.Op Fl c Ar command 14.Op Ar host 15.Op Ar ... 16.Sh DESCRIPTION 17The 18.Nm 19utility is used to monitor NTP daemon 20.Xr ntpd 8 21operations and determine performance. 22It uses the standard NTP mode 6 control message formats 23defined in Appendix B of the NTPv3 specification RFC1305. 24The same formats are used in NTPv4, although some of the variables 25have changed and new ones added. 26The description on this page is for the NTPv4 variables. 27.Pp 28The program can be run either in interactive mode or controlled 29using command line arguments. 30Requests to read and write arbitrary variables can be assembled, 31with raw and pretty-printed output options being available. 32The 33.Nm 34can also obtain and print a list of peers in a common format 35by sendingmultiple queries to the server. 36.Pp 37If one or more request options is included on the command line 38when 39.Nm 40is executed, each of the requests will be sent 41to the NTP servers running on each of the hosts given as command 42line arguments, or on localhost by default. 43If no request options 44are given, 45.Nm 46will attempt to read commands from the 47standard input and execute these on the NTP server running on the 48first host given on the command line, again defaulting to localhost 49when no other host is specified. 50The 51.Nm 52utility will prompt for 53commands if the standard input is a terminal device. 54.Pp 55The 56.Nm 57utility uses NTP mode 6 packets to communicate with the 58NTP server, and hence can be used to query any compatible server on 59the network which permits it. 60Note that since NTP is a UDP protocol 61this communication will be somewhat unreliable, especially over 62large distances in terms of network topology. 63The 64.Nm 65utility makes 66one attempt to retransmit requests, and will time requests out if 67the remote host is not heard from within a suitable timeout 68time. 69.Pp 70For examples and usage, see the 71.Qq NTP Debugging Techniques 72page 73(available as part of the HTML documentation 74provided in 75.Pa /usr/share/doc/ntp ) . 76.Pp 77The following options are available: 78.Bl -tag -width indent 79.It Fl 4 80Force DNS resolution of following host names on the command line to the 81IPv4 namespace. 82.It Fl 6 83Force DNS resolution of following host names on the command line to the 84IPv6 namespace. 85.It Fl c 86The following argument is interpreted as an interactive format 87command and is added to the list of commands to be executed on the 88specified host(s). 89Multiple 90.Fl c 91options may be given. 92.It Fl d 93Turn on debugging mode. 94.It Fl i 95Force 96.Nm 97to operate in interactive mode. 98Prompts 99will be written to the standard output and commands read from the 100standard input. 101.It Fl n 102Output all host addresses in dotted-quad numeric format rather 103than converting to the canonical host names. 104.It Fl p 105Print a list of the peers known to the server as well as a 106summary of their state. 107This is equivalent to the 108.Ic peers 109interactive command. 110.El 111.Pp 112Note that in contexts where a host name is expected, a 113.Fl 4 114qualifier preceding the host name forces DNS resolution to the 115IPv4 namespace, while a 116.Fl 6 117qualifier forces DNS resolution to the IPv6 namespace. 118Specifying a 119command line option other than 120.Fl i 121or 122.Fl n 123will 124cause the specified query (queries) to be sent to the indicated 125host(s) immediately. 126Otherwise, 127.Nm 128will attempt to read 129interactive format commands from the standard input. 130.Ss "Internal Commands" 131Interactive format commands consist of a keyword followed by zero 132to four arguments. 133Only enough characters of the full keyword to 134uniquely identify the command need be typed. 135The output of a 136command is normally sent to the standard output, but optionally the 137output of individual commands may be sent to a file by appending a 138.Ql \&> , 139followed by a file name, to the command line. 140A 141number of interactive format commands are executed entirely within 142the 143.Nm 144utility itself and do not result in NTP mode 6 145requests being sent to a server. 146These are described following. 147.Bl -tag -width indent 148.It Ic \&? Op Ar command_keyword 149.It Ic help Op Ar command_keyword 150A 151.Sq Ic \&? 152by itself will print a list of all the command 153keywords known to this incarnation of 154.Nm . 155A 156.Sq Ic \&? 157followed by a command keyword will print function and usage 158information about the command. 159This command is probably a better 160source of information about 161.Nm 162than this manual 163page. 164.It Xo Ic addvars 165.Ar variable_name Ns Op = Ns Ar value ... 166.Xc 167.It Ic rmvars Ar variable_name ... 168.It Ic clearvars 169The data carried by NTP mode 6 messages consists of a list of 170items of the form 171.Ql variable_name=value , 172where the 173.Ql =value 174is ignored, and can be omitted, 175in requests to the server to read variables. 176The 177.Nm 178utility maintains an internal list in which data to be included in control 179messages can be assembled, and sent using the 180.Ic readlist 181and 182.Ic writelist 183commands described below. 184The 185.Ic addvars 186command allows variables and their optional values to be added to 187the list. 188If more than one variable is to be added, the list should 189be comma-separated and not contain white space. 190The 191.Ic rmvars 192command can be used to remove individual variables from the list, 193while the 194.Ic clearlist 195command removes all variables from the 196list. 197.It Ic cooked 198Causes output from query commands to be "cooked", so that 199variables which are recognized by 200.Nm 201will have their 202values reformatted for human consumption. 203Variables which 204.Nm 205thinks should have a decodable value but did not are 206marked with a trailing 207.Ql \&? . 208.It Xo Ic debug 209.Cm more | 210.Cm less | 211.Cm off 212.Xc 213Turns internal query program debugging on and off. 214.It Ic delay Ar milliseconds 215Specify a time interval to be added to timestamps included in 216requests which require authentication. 217This is used to enable 218(unreliable) server reconfiguration over long delay network paths 219or between machines whose clocks are unsynchronized. 220Actually the 221server does not now require timestamps in authenticated requests, 222so this command may be obsolete. 223.It Ic host Ar hostname 224Set the host to which future queries will be sent. 225Hostname may 226be either a host name or a numeric address. 227.It Ic hostnames Cm yes | Cm no 228If 229.Cm yes 230is specified, host names are printed in 231information displays. 232If 233.Cm no 234is specified, numeric 235addresses are printed instead. 236The default is 237.Cm yes , 238unless 239modified using the command line 240.Fl n 241switch. 242.It Ic keyid Ar keyid 243This command specifies the key number to be used to authenticate 244configuration requests. 245This must correspond to a key number the server has 246been configured to use for this purpose. 247.It Xo Ic ntpversion 248.Cm 1 | 249.Cm 2 | 250.Cm 3 | 251.Cm 4 252.Xc 253Sets the NTP version number which 254.Nm 255claims in 256packets. 257Defaults to 3, Note that mode 6 control messages (and 258modes, for that matter) did not exist in NTP version 1. 259There appear 260to be no servers left which demand version 1. 261.It Ic passwd 262This command prompts for a password (which will not be echoed) which will 263be used to authenticate configuration requests. 264The password must 265correspond to the key configured for NTP server for this purpose. 266.It Ic quit 267Exit 268.Nm . 269.It Ic raw 270Causes all output from query commands is printed as received 271from the remote server. 272The only formatting/interpretation done on 273the data is to transform nonascii data into a printable (but barely 274understandable) form. 275.It Ic timeout Ar milliseconds 276Specify a timeout period for responses to server queries. 277The 278default is about 5000 milliseconds. 279Note that since 280.Nm 281retries each query once after a timeout, the total waiting time for 282a timeout will be twice the timeout value set. 283.El 284.Ss Control Message Commands 285Each association known to an NTP server has a 16 bit integer association 286identifier. 287NTP control messages which carry peer variables must identify the 288peer the values correspond to by including its association ID. 289An association 290ID of 0 is special, and indicates the variables are system variables, whose 291names are drawn from a separate name space. 292.Pp 293Control message commands result in one or more NTP mode 6 294messages being sent to the server, and cause the data returned to 295be printed in some format. 296Most commands currently implemented send 297a single message and expect a single response. 298The current 299exceptions are the peers command, which will send a preprogrammed 300series of messages to obtain the data it needs, and the mreadlist 301and mreadvar commands, which will iterate over a range of 302associations. 303.Bl -tag -width indent 304.It Ic associations 305Obtains and prints a list of association identifiers and peer 306statuses for in-spec peers of the server being queried. 307The list is 308printed in columns. 309The first of these is an index numbering the 310associations from 1 for internal use, the second the actual 311association identifier returned by the server and the third the 312status word for the peer. 313This is followed by a number of columns 314containing data decoded from the status word. 315See the peers command 316for a decode of the 317.Sq condition 318field. 319Note that the data 320returned by the 321.Ic associations 322command is cached internally 323in 324.Nm . 325The index is then of use when dealing with stupid 326servers which use association identifiers which are hard for humans 327to type, in that for any subsequent commands which require an 328association identifier as an argument, the form and index may be 329used as an alternative. 330.It Xo Ic clockvar Op Ar assocID 331.Oo 332.Ar variable_name Ns Op = Ns Ar value ... 333.Oc 334.Ar ... 335.Xc 336.It Xo Ic cv Op Ar assocID 337.Oo 338.Ar variable_name Ns Op = Ns Ar value ... 339.Oc 340.Ar ... 341.Xc 342Requests that a list of the server's clock variables be sent. 343Servers which have a radio clock or other external synchronization 344will respond positively to this. 345If the association identifier is 346omitted or zero the request is for the variables of the 347.Sq system clock 348and will generally get a positive response from all 349servers with a clock. 350If the server treats clocks as pseudo-peers, 351and hence can possibly have more than one clock connected at once, 352referencing the appropriate peer association ID will show the 353variables of a particular clock. 354Omitting the variable list will 355cause the server to return a default variable display. 356.It Ic lassociations 357Obtains and prints a list of association identifiers and peer 358statuses for all associations for which the server is maintaining 359state. 360This command differs from the 361.Ic associations 362command 363only for servers which retain state for out-of-spec client 364associations (i.e., fuzzballs). 365Such associations are normally 366omitted from the display when the 367.Ic associations 368command is 369used, but are included in the output of 370.Ic lassociations . 371.It Ic lpassociations 372Print data for all associations, including out-of-spec client 373associations, from the internally cached list of associations. 374This 375command differs from 376.Ic passociations 377only when dealing with 378fuzzballs. 379.It Ic lpeers 380Like R peers, except a summary of all associations for which 381the server is maintaining state is printed. 382This can produce a much 383longer list of peers from fuzzball servers. 384.It Ic mreadlist Ar assocID Ar assocID 385.It Ic mrl Ar assocID Ar assocID 386Like the 387.Ic readlist 388command, except the query is done 389for each of a range of (nonzero) association IDs. 390This range is 391determined from the association list cached by the most recent 392.Ic associations 393command. 394.It Xo Ic mreadvar Ar assocID Ar assocID 395.Oo 396.Ar variable_name Ns Op = Ns Ar value ... 397.Oc 398.Xc 399.It Xo Ic mrv Ar assocID Ar assocID 400.Oo 401.Ar variable_name Ns Op = Ns Ar value ... 402.Oc 403.Xc 404Like the 405.Ic readvar 406command, except the query is done for 407each of a range of (nonzero) association IDs. 408This range is 409determined from the association list cached by the most recent 410.Ic associations 411command. 412.It Ic opeers 413An old form of the 414.Ic peers 415command with the reference ID 416replaced by the local interface address. 417.It Ic passociations 418Displays association data concerning in-spec peers from the 419internally cached list of associations. 420This command performs 421identically to the 422.Ic associations 423except that it displays 424the internally stored data rather than making a new query. 425.It Ic peers 426Obtains a current list peers of the server, along with a 427summary of each peer's state. 428Summary information includes the 429address of the remote peer, the reference ID (0.0.0.0 if this is 430unknown), the stratum of the remote peer, the type of the peer 431(local, unicast, multicast or broadcast), when the last packet was 432received, the polling interval, in seconds, the reachability 433register, in octal, and the current estimated delay, 434offset and dispersion of the peer, all in milliseconds. 435The character at the left margin of each line shows the 436synchronization status of the association and is a valuable 437diagnostic tool. 438The encoding and meaning of this character, 439called the tally code, is given later in this page. 440.It Ic pstatus Ar assocID 441Sends a read status request to the server for the given 442association. 443The names and values of the peer variables returned 444will be printed. 445Note that the status word from the header is 446displayed preceding the variables, both in hexadecimal and in 447pidgeon English. 448.It Ic readlist Ar assocID 449.It Ic rl Ar assocID 450Requests that the values of the variables in the internal 451variable list be returned by the server. 452If the association ID is 453omitted or is 0 the variables are assumed to be system variables. 454Otherwise they are treated as peer variables. 455If the internal 456variable list is empty a request is sent without data, which should 457induce the remote server to return a default display. 458.It Xo Ic readvar Ar assocID 459.Ar variable_name Ns Op = Ns Ar value 460.Ar ... 461.Xc 462.It Xo Ic rv Ar assocID 463.Ar variable_name Ns Op = Ns Ar value 464.Ar ... 465.Xc 466Requests that the values of the specified variables be returned 467by the server by sending a read variables request. 468If the 469association ID is omitted or is given as zero the variables are 470system variables, otherwise they are peer variables and the values 471returned will be those of the corresponding peer. 472Omitting the 473variable list will send a request with no data which should induce 474the server to return a default display. 475The 476encoding and meaning of the variables derived from NTPv3 is given in 477RFC-1305; the encoding and meaning of the additional NTPv4 variables are 478given later in this page. 479.It Xo Ic writevar Ar assocID 480.Ar variable_name Ns Op = Ns Ar value 481.Ar ... 482.Xc 483Like the readvar request, except the specified variables are 484written instead of read. 485.It Ic writelist Op Ar assocID 486Like the readlist request, except the internal list variables 487are written instead of read. 488.El 489.Ss Tally Codes 490The character in the left margin in the 491.Sq peers 492billboard, 493called the tally code, shows the fate of each association 494in the clock selection process. 495Following is a list of these characters, the pigeon used 496in the 497.Ic rv 498command, and a short explanation of the condition revealed. 499.Bl -tag -width indent 500.It space 501.Pq reject 502The peer is discarded as unreachable, synchronized to this server (synch 503loop) or outrageous synchronization distance. 504.It x 505.Pq falsetick 506The peer is discarded by the intersection algorithm as a falseticker. 507.It \&. 508.Pq excess 509The peer is discarded as not among the first ten peers sorted by 510synchronization distance and so is probably a poor candidate for further 511consideration. 512.It \&- 513.Pq outlyer 514The peer is discarded by the clustering algorithm as an outlyer. 515.It \&+ 516.Pq candidat 517The peer is a survivor and a candidate for the combining algorithm. 518.It \&# 519.Pq selected 520The peer is a survivor, but not among the first six peers sorted by 521synchronization distance. 522If the association is ephemeral, it may be 523demobilized to conserve resources. 524.It \&* 525.Pq sys.peer 526The peer has been declared the system peer and lends its variables to the 527system variables. 528.It o 529.Pq pps.peer 530The peer has been declared the system peer and lends its variables to 531the system variables. 532However, the actual system synchronization is derived 533from a pulse-per-second (PPS) signal, either indirectly via the PPS 534reference clock driver or directly via kernel interface. 535.El 536.Ss System Variables 537The 538.Cm status , 539.Cm leap , 540.Cm stratum , 541.Cm precision , 542.Cm rootdelay , 543.Cm rootdispersion , 544.Cm refid , 545.Cm reftime , 546.Cm poll , 547.Cm offset , 548and 549.Cm frequency 550variables are described in RFC-1305 551specification. 552Additional NTPv4 system variables include the following. 553.Bl -tag -width indent 554.It version 555Everything you might need to know about the software version and generation 556time. 557.It processor 558The processor and kernel identification string. 559.It system 560The operating system version and release identifier. 561.It state 562The state of the clock discipline state machine. 563The values are described 564in the architecture briefing on the NTP Project page linked from 565www.ntp.org. 566.It peer 567The internal integer used to identify the association currently designated 568the system peer. 569.It jitter 570The estimated time error of the system clock measured as an exponential 571average of RMS time differences. 572.It stability 573The estimated frequency stability of the system clock measured as an 574exponential average of RMS frequency differences. 575.El 576.Pp 577When the NTPv4 daemon is compiled with the OpenSSL software library, additional 578system variables are displayed, including some or all of the following, 579depending on the particular dance: 580.Bl -tag -width indent 581.It flags 582The current flags word bits and message digest algorithm identifier (NID) 583in hex format. 584The high order 16 bits of the four-byte word contain the NID 585from the OpenSSL ligrary, while the low-order bits are interpreted as 586follows: 587.Bl -tag -width indent 588.It 0x01 589autokey enabled 590.It 0x02 591NIST leapseconds file loaded 592.It 0x10 593PC identity scheme 594.It 0x20 595IFF identity scheme 596.It 0x40 597GQ identity scheme 598.El 599.It hostname 600The name of the host as returned by the Unix 601.Fn gethostname 602library 603function. 604.It hostkey 605The NTP filestamp of the host key file. 606.It cert 607A list of certificates held by the host. 608Each entry includes the subject, 609issuer, flags and NTP filestamp in order. 610The bits are interpreted as 611follows: 612.Bl -tag -width indent 613.It 0x01 614certificate has been signed by the server 615.It 0x02 616certificate is trusted 617.It 0x04 618certificate is private 619.It 0x08 620certificate contains errors and should not be trusted 621.El 622.It leapseconds 623The NTP filestamp of the NIST leapseconds file. 624.It refresh 625The NTP timestamp when the host public cryptographic values were refreshed 626and signed. 627.It signature 628The host digest/signature scheme name from the OpenSSL library. 629.It tai 630The TAI-UTC offset in seconds obtained from the NIST leapseconds table. 631.El 632.Ss Peer Variables 633The 634.Cm status , 635.Cm srcadr , 636.Cm srcport , 637.Cm dstadr , 638.Cm dstport , 639.Cm leap , 640.Cm stratum , 641.Cm precision , 642.Cm rootdelay , 643.Cm rootdispersion , 644.Cm readh , 645.Cm hmode , 646.Cm pmode , 647.Cm hpoll , 648.Cm ppoll , 649.Cm offset , 650.Cm delay , 651.Cm dspersion , 652.Cm reftime 653variables are described in the RFC-1305 specification, as 654are the timestamps 655.Cm org , 656.Cm rec 657and 658.Cm xmt . 659Additional NTPv4 system variables include 660the following. 661.Bl -tag -width indent 662.It flash 663The flash code for the most recent packet received. 664The encoding and 665meaning of these codes is given later in this page. 666.It jitter 667The estimated time error of the peer clock measured as an exponential 668average of RMS time differences. 669.It unreach 670The value of the counter which records the number of poll intervals since 671the last valid packet was received. 672.El 673.Pp 674When the NTPv4 daemon is compiled with the OpenSSL software library, additional 675peer variables are displayed, including the following: 676.Bl -tag -width indent 677.It flags 678The current flag bits. 679This word is the server host status word with 680additional bits used by the Autokey state machine. 681See the source code for 682the bit encoding. 683.It hostname 684The server host name. 685.It initkey Ar key 686The initial key used by the key list generator in the Autokey protocol. 687.It initsequence Ar index 688The initial index used by the key list generator in the Autokey protocol. 689.It signature 690The server message digest/signature scheme name from the OpenSSL software 691library. 692.It timestamp Ar time 693The NTP timestamp when the last Autokey key list was generated and signed. 694.El 695.Ss Flash Codes 696The 697.Cm flash 698code is a valuable debugging aid displayed in the peer variables 699list. 700It shows the results of the original sanity checks defined in the NTP 701specification RFC-1305 and additional ones added in NTPv4. 702There are 12 tests 703designated 704.Sy TEST1 705through 706.Sy TEST12 . 707The tests are performed in a certain order 708designed to gain maximum diagnostic information while protecting against 709accidental or malicious errors. 710The 711.Sy flash 712variable is initialized to zero as 713each packet is received. 714If after each set of tests one or more bits are set, 715the packet is discarded. 716.Pp 717Tests 718.Sy TEST1 719through 720.Sy TEST3 721check the packet timestamps from which the offset and 722delay are calculated. 723If any bits are set, the packet is discarded; otherwise, 724the packet header variables are saved. 725.Sy TEST4 726and 727.Sy TEST5 728are associated with 729access control and cryptographic authentication. 730If any bits are set, the 731packet is discarded immediately with nothing changed. 732.Pp 733Tests 734.Sy TEST6 735through 736.Sy TEST8 737check the health of the server. 738If any bits are set, 739the packet is discarded; otherwise, the offset and delay relative to the server 740are calculated and saved. 741TEST9 checks the health of the association itself. 742If 743any bits are set, the packet is discarded; otherwise, the saved variables are 744passed to the clock filter and mitigation algorithms. 745.Pp 746Tests 747.Sy TEST10 748through 749.Sy TEST12 750check the authentication state using Autokey 751public-key cryptography, as described in the 752.Sx Authentication Options 753section of 754.Xr ntp.conf 5 . 755If 756any bits are set and the association has previously been marked reachable, the 757packet is discarded; otherwise, the originate and receive timestamps are saved, 758as required by the NTP protocol, and processing continues. 759.Pp 760The 761.Cm flash 762bits for each test are defined as follows. 763.Bl -tag -width indent 764.It 0x001 765.Pq TEST1 766Duplicate packet. 767The packet is at best a casual retransmission and at 768worst a malicious replay. 769.It 0x002 770.Pq TEST2 771Bogus packet. 772The packet is not a reply to a message previously sent. 773This 774can happen when the NTP daemon is restarted and before somebody else 775notices. 776.It 0x004 777.Pq TEST3 778Unsynchronized. 779One or more timestamp fields are invalid. 780This normally 781happens when the first packet from a peer is received. 782.It 0x008 783.Pq TEST4 784Access is denied. 785See the 786.Sx Access Control Support 787section of 788.Xr ntp.conf 5 . 789.It 0x010 790.Pq TEST5 791Cryptographic authentication fails. 792See the 793.Sx Authentication Options 794section of 795.Xr ntp.conf 5 . 796.It 0x020 797.Pq TEST6 798The server is unsynchronized. 799Wind up its clock first. 800.It 0x040 801.Pq TEST7 802The server stratum is at the maximum than 15. 803It is probably unsynchronized 804and its clock needs to be wound up. 805.It 0x080 806.Pq TEST8 807Either the root delay or dispersion is greater than one second, which is 808highly unlikely unless the peer is unsynchronized to Mars. 809.It 0x100 810.Pq TEST9 811Either the peer delay or dispersion is greater than one second, which is 812higly unlikely unless the peer is on Mars. 813.It 0x200 814.Pq TEST10 815The autokey protocol has detected an authentication failure. 816See the 817.Sx Authentication Options 818section of 819.Xr ntp.conf 5 . 820.It 0x400 821.Pq TEST11 822The autokey protocol has not verified the server or peer is proventic and 823has valid public key credentials. 824See the 825.Sx Authentication Options 826section of 827.Xr ntp.conf 5 . 828.It 0x800 829.Pq TEST12 830A protocol or configuration error has occurred in the public key algorithms 831or a possible intrusion event has been detected. 832See the 833.Sx Authentication Options 834section of 835.Xr ntp.conf 5 . 836.El 837.Sh SEE ALSO 838.Xr ntp.conf 5 , 839.Xr ntpd 8 , 840.Xr ntpdc 8 841.Sh BUGS 842The 843.Ic peers 844command is non-atomic and may occasionally result in 845spurious error messages about invalid associations occurring and 846terminating the command. 847The timeout time is a fixed constant, 848which means you wait a long time for timeouts since it assumes sort 849of a worst case. 850The program should improve the timeout estimate as 851it sends queries to a particular host, but does not. 852