[ntp:questions] NTPv4 Peer Event Codes - secret decoder ring sought

Joseph Gwinn joegwinn at comcast.net
Thu Mar 18 04:01:01 UTC 2010


In article <joegwinn-1C741D.09115717032010 at news.giganews.com>,
 Joseph Gwinn <joegwinn at comcast.net> wrote:

> Dave,
> 
> In article 
> <8c5b8d60-8780-4bf0-80da-6b1d19410da6 at k24g2000pro.googlegroups.com>,
>  Dave Hart <davehart at gmail.com> wrote:
> 
> > On Mar 17, 03:30 UTC, Joseph Gwinn wrote:
> > > Looking in section B.2.2 of RFC 1305 yields that the Peer Status Field has 
> > > four subfields, the last (rightmost) one of which being the 4-bit Peer Event 
> > > Code (page 57), which is defined for values between 0 and 5, and is "reserved" 
> > > for values 6 to 15.
> > >
> > > Well, I have been seeing two values of Peer Status, 9614 and 963a, both
> > > hexidecimal.  I understand 9614, but 963A is a mystery, as it implies a Peer
> > > Event Code of 10 (the "A" in the rightmost digit), which is undefined and
> > > reserved in RFC 1305.  
> > 
> > Scan for "PEVNT_" in ntp.h:
> > 
> > <http://ntp.bkbits.net:8080/ntp-stable/include/ntp.h?PAGE=anno&REV=4af5f8cfD
> > BBhNWjyJ4XiD74vlioxeg>
> > 
> > #define	PEVNT_MOBIL	(1 | PEER_EVENT) /* mobilize */
> > #define	PEVNT_DEMOBIL	(2 | PEER_EVENT) /* demobilize */
> > #define	PEVNT_UNREACH	(3 | PEER_EVENT) /* unreachable */
> > #define	PEVNT_REACH	(4 | PEER_EVENT) /* reachable */
> > #define	PEVNT_RESTART	(5 | PEER_EVENT) /* restart */
> > #define	PEVNT_REPLY	(6 | PEER_EVENT) /* no reply */
> > #define	PEVNT_RATE	(7 | PEER_EVENT) /* rate exceeded */
> > #define	PEVNT_DENY	(8 | PEER_EVENT) /* access denied */
> > #define PEVNT_ARMED	(9 | PEER_EVENT) /* leap armed */
> > #define	PEVNT_NEWPEER	(10 | PEER_EVENT) /* sys peer */
> > #define	PEVNT_CLOCK	(11 | PEER_EVENT) /* clock event */
> > #define	PEVNT_AUTH	(12 | PEER_EVENT) /* bad auth */
> > #define	PEVNT_POPCORN	(13 | PEER_EVENT) /* popcorn */
> > #define	PEVNT_XLEAVE	(14 | PEER_EVENT) /* interleave mode */
> > #define	PEVNT_XERR	(15 | PEER_EVENT) /* interleave error */
> > #define	PEVNT_TAI	(16 | PEER_EVENT) /* TAI */
> 
> This almost answers the immediate question, but what exactly is a "sys peer" 
> event?
> 
> More generally, the comments on many event codes lack verbs, defeating the 
> reader.  Perhaps these codes are expanded in ntpq; I'll look ...
> 
>  
> > To match the literal text output by ntpd/ntpq when decoding, see also
> > libntp/statestr.c:
> > 
> > <http://ntp.bkbits.net:8080/ntp-stable/libntp/statestr.c?PAGE=anno&REV=4ac6e
> > 036jH41_maMfVXyf2VeiFknzQ>
> 
> ... by following this breadcrumb trail.
> 
> 
> > There may be an easier way, but looking at the source comes naturally
> > to me.
> 
> There isn't an easier way for most people until the NTPv4 documentation is 
> updated, which is essential.  Right now, the NTPv4 documentation points users 
> and sysadmins to an authoritative but incomplete answer.
> 
> I knew that the answer had to be in the ~70,000 lines of NTP source code, but 
> wouldn't really know which rock to look under.  Very few people have the time 
> to know this much source code well enough to find the correct answer, and to 
> know that the found answer is in fact correct.  Which is why the NTPv4 documentation 
> needs to be revised to reflect the as-built NTPv4 code.  NTP has many millions 
> of users, but at most a few hundred developers (where a "developer" is 
> someone who knows his way around the source code).

Well, I started writing the decoder for NTPv4 Peer Status, and soon fetched up 
on the rocks.  It appears from the names that the definitions of the status bits 
have changed.  I recall someone saying on comp.protocols.time.ntp that this was 
the case, and now I see what books like confirmation.  Things have changed, and 
yet one can convince oneself that these old and new variables are actually the 
same.  Maybe it's really true.

Another issue is that the other fields of the Peer Status Word may have changed.  
Which C structures correspond to which tables in the online documentation?  I 
will need enough structure that I can hand-decode an arbitrarily built but 
compliant Peer Status Word. 


Joe Gwinn




More information about the questions mailing list