[ntp:questions] NTPv4 Peer Event Codes - secret decoder ring sought

Joseph Gwinn joegwinn at comcast.net
Fri Mar 19 20:55:58 UTC 2010


In article <81ed5f77-97a2-474d-8c1a-346b2192c4ae at v34g2000prm.googlegroups.com>,
 Dave Hart <davehart at gmail.com> wrote:

> On Mar 18, 13:49 UTC, Joseph Gwinn <joegw... at comcast.net> wrote:
> >  Dave Hart <daveh... at gmail.com> wrote:
> > > If you want to be able to decode these bits for ntpd versions from
> > > before and after the change correctly, you need to query the version
> > > string of ntpd, sadly, such as with:
> >
> > > ntpq -c "rv 0 version"
> >
> > So that's how you get the NTP version (rather than the ntpq version)!
> >
> > When our sysadmins first installed NTPv4, they used the version command of 
> > ntpq, which said "4".  Check!  
> >
> > I came by a few days later to look at the purported NTPv4 loopstats and
> > peerstats files, and (ever suspicious) checked to see what version of NTP 
> > had infact generated them.  Still NTPv3.  The sysadmins had been snookered by 
> > ntpq, which failed to make unambiguous whose version it was reporting upon.  
> >
> > This had also happened to me back in the days of NTPv3, but I was saved because
> > I knew that "4" could not be the answer.  But I never did figure out how to 
> > get ntpq to tell me the version of the ntp daemon.
> C:\NTPb\bin>ntpq --version
> ntpq - standard NTP query program - Ver. 4.2.7p20
> C:\NTPb\bin>ntpq -c version
> ntpq 4.2.7p20 at 1.2137-o Mar 18 15:04:17.18 (UTC-00:00) 2010  (4)
> C:\NTPb\bin>ntpq -c "rv 0 version"
> version="ntpd 4.2.7p20 at 1.2137-o Mar 14 8:23:33.64 (UTC-00:00) 2010
> (9)"
> C:\NTPb\bin>
> The first two commands above are both reporting on the ntpq version,
> in slightly different form.  The third reports on the local ntpd
> version.  Tack on a hostname or IP address, and it'll tell you about a
> remote ntpd version, if you're allowed to use ntpq with the server in
> question.

This is a very useful summary.  I'll pass it on to the sysadmins.

> > Is there available a written discussion of which changes were made and why? 
> >  
> > This could be worth reading.
> If there is, it would be in the archives of committers@, hackers@, or
> questions at lists.ntp.org (all browsable via http://lists.ntp.org/) from
> around May 13, 2008.  I was not active on the lists at that time.

I'll poke around.  It will no doubt help understanding the genesis of the status 
codes and their descriptions in 

> > Looking at the code you suggested, I also see that the variable names are the
> > same as in NTPv3 (and the names imply the original NTPv3 meanings), but the new
> > NTPv4 comments on those variables seem to contradict the meanings implied by the
> > names.  Not knowing the history makes it difficult to figure out just what 
> > is now meant.
> I believe the 2008 changes were part of overall cleanup to bring the
> reference implementation in-line with the draft NTP v4 specification.
> The RFC form of that document has just been approved by the IESG and
> should be a "proposed standard RFC" before too many more weeks.
> Please refer to that document in your search for meaning:
> <ftp://ftp.rfc-editor.org/in-notes/internet-drafts/draft-ietf-ntp-ntpv4-proto-13.txt>
> Which is derived from the less ASCII-hamstrung:
> http://www.eecis.udel.edu/~mills/database/reports/ntp4/ntp4.pdf

I have read ntp4.pdf (dated June 2006), and it says nothing of status codes and 
the like.  I assume that this is intentional, and that one is expected to 
consult the online documentation for such information.  Perhaps the text ties to 
the codes in decode.html#peer.



More information about the questions mailing list