[ntp:bk-ntp-dev-send] BitKeeper diffs

Harlan Stenn stenn at deacon.udel.edu
Fri Aug 31 02:07:43 UTC 2012


#### ChangeSet ####
2012-08-30 22:01:12-04:00, stenn at deacon.udel.edu
  Potential bugfix for agtexi-cmd.tpl

==== ChangeLog ====
2012-08-30 22:00:51-04:00, stenn at deacon.udel.edu +1 -0
  Potential bugfix for agtexi-cmd.tpl

--- 1.1157/ChangeLog	2012-08-30 20:42:29 -04:00
+++ 1.1158/ChangeLog	2012-08-30 22:00:51 -04:00
@@ -1,5 +1,6 @@
 * Begin support for autogen maintaining ntp.conf and ntp.keys docs.
 * Upgrade to autogen-5.16.2 and libopts-36.5.11.
+* Potential bugfix for agtexi-cmd.tpl.
 (4.2.7p295) 2012/08/11 Released by Harlan Stenn <stenn at ntp.org>
 * Look for syslog's facilitynames[].
 (4.2.7p294) 2012/08/08 Released by Harlan Stenn <stenn at ntp.org>

==== sntp/ag-tpl/agtexi-cmd.tpl ====
2012-08-30 21:50:08-04:00, stenn at deacon.udel.edu +884 -0
  BitKeeper file /deacon/backroom/ntp-dev-autogen/sntp/ag-tpl/agtexi-cmd.tpl

--- /dev/null	2012-08-30 22:06:47 -04:00
+++ 1.1/sntp/ag-tpl/agtexi-cmd.tpl	2012-08-30 21:50:08 -04:00
@@ -0,0 +1,884 @@
+[= AutoGen5 template -*- Mode: texinfo -*-
+
+texi
+
+#  Documentation template
+#
+# Time-stamp:        "2012-08-11 08:33:08 bkorb"
+# Author:            Bruce Korb <bkorb at gnu.org>
+#
+#  This file is part of AutoOpts, a companion to AutoGen.
+#  AutoOpts is free software.
+#  AutoOpts is Copyright (c) 1992-2012 by Bruce Korb - all rights reserved
+#
+#  AutoOpts is available under any one of two licenses.  The license
+#  in use must be one of these two and the choice is under the control
+#  of the user of the license.
+#
+#   The GNU Lesser General Public License, version 3 or later
+#      See the files "COPYING.lgplv3" and "COPYING.gplv3"
+#
+#   The Modified Berkeley Software Distribution License
+#      See the file "COPYING.mbsd"
+#
+#  These files have the following md5sums:
+#
+#  43b91e8ca915626ed3818ffb1b71248b COPYING.gplv3
+#  06a1a2e4760c90ea5e1dad8dfaac4d39 COPYING.lgplv3
+#  66a5cedaf62c4b2637025f049f9b826f COPYING.mbsd
+
+=][=
+
+INVOKE initialization                   =][=
+
+(out-push-new (string-substitute (out-name) ".texi" ".menu"))
+
+(ag-fprintf 0 "* %-32s Invoking %s\n"
+    (string-append program-name " Invocation::")
+    program-name )
+
+(out-pop)
+(if (exist? "explain")
+    (emit (string-append "\n" (get "explain") "\n")) )
+(set! tmp-str (get "option-doc-format" "texi"))
+(divert-convert tmp-str)
+
+=][=
+
+IF (match-value? == "doc-section.ds-type" "DESCRIPTION") =][=
+
+  FOR doc-section   =][=
+    IF (== (get "ds-type") "DESCRIPTION") =][=
+       (define cvt-fn (get "ds-format" "texi"))
+       (if (not (== cvt-fn "texi"))
+           (divert-convert cvt-fn) ) =][=
+       (emit (string-append "\n" (get "ds-text") "\n"))
+       =][=
+       BREAK        =][=
+
+    ENDIF           =][=
+  ENDFOR            =][=
+
+ELSE                =][=
+
+(join "\n\n"
+    (if (exist? "prog-info-descrip")
+        (stack  "prog-info-descrip")
+        (if (exist? "prog-man-descrip")
+            (stack  "prog-man-descrip")
+            (if (exist? "prog-descrip")
+                (stack  "prog-descrip")
+                (stack  "detail")
+)   )   )   )       =][=
+
+ENDIF               =][=
+
+(convert-divert)    =]
+
+This [=(string-downcase doc-level)=] was generated by @strong{AutoGen},
+using the @code{agtexi-cmd} template and the option descriptions for the [=(.
+coded-prog-name)=] program.[= (name-copyright) =]
+
+ at menu
+[=
+  (out-push-new) (out-suspend "menu")
+  (out-push-new)        =][=
+
+INVOKE emit-usage-opt   =][=
+
+;;  FOR all options, ...
+;;
+(define opt-name       "")
+(define extra-ct       0)
+(define extra-text     "")
+(define optname-from "A-Z_^")
+(define optname-to   "a-z--")
+(define invalid-doc   "* INVALID *")
+(if (exist? "preserve-case") (begin
+   (set! optname-from "_^")
+   (set! optname-to   "--") ))
+(if (and have-doc-options (not (exist? "flag[].documentation"))) (begin
+    (ag-fprintf "menu" menu-entry-fmt
+                "base-options:: " "Base options")
+    (print-node opt-name "Base options")
+)   )
+
+=][=#
+
+ at c = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =][=
+
+FOR flag                        =][=
+
+  (set! opt-name (string-tr! (get "name") optname-from optname-to))
+  (if (exist? "documentation")
+      (begin
+          (set! label-str (string-append opt-name " options"))
+          (ag-fprintf "menu" menu-entry-fmt
+              (string-append opt-name ":: ") label-str)
+          (print-node opt-name label-str)
+          (ag-fprintf 0 "\n%s." (get "descrip"))
+          (set! tmp-str (get "documentation"))
+          (if (> (string-length tmp-str) 1)
+              (ag-fprintf 0 "\n%s" tmp-str))
+      )
+      (begin
+        (set! tmp-str (get "doc" invalid-doc))
+        (if (< 0 (string-length tmp-str)) (begin
+          (set! label-str (string-append opt-name " option"
+                (if (exist? "value")
+                    (string-append " (-" (get "value") ")")
+                    "" )  ))
+          (if have-doc-options
+            (ag-fprintf 0 opt-node-fmt opt-name label-str)
+            (begin
+              (ag-fprintf "menu" menu-entry-fmt
+                  (string-append opt-name ":: ") label-str)
+              (print-node opt-name label-str)
+            )
+          )
+          (ag-fprintf 0 "\n at cindex %s-%s" down-prog-name opt-name)
+        ) )
+      )
+  )                             =][=
+
+  IF (and (not (exist? "documentation"))
+          (< 0 (string-length tmp-str)) )
+    =][=
+    IF (exist? "aliases")       =][=
+      INVOKE emit-aliases       =][=
+    ELSE                        =][=
+      INVOKE emit-opt-text      =][=
+    ENDIF                       =][=
+  ENDIF                         =][=
+
+ENDFOR flag                     =][=
+
+IF
+   (define home-rc-files (exist? "homerc"))
+   (define environ-init  (exist? "environrc"))
+   (or home-rc-files environ-init)
+   =][=
+
+   INVOKE emit-presets          =][=
+
+ENDIF                           =][=
+
+INVOKE emit-exit-status         =][=
+INVOKE emit-doc-sections        =][=
+
+(out-suspend "opt-desc")
+(out-resume "menu")
+(emit (out-pop #t))
+(emit "@end menu\n")
+(out-resume "opt-desc")
+(out-pop #t)                    =][=#
+
+ at c = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =][=
+
+DEFINE emit-doc-sections        =][=
+
+FOR doc-section                 =][=
+
+  IF  (define opt-name (string-capitalize! (get "ds-type")))
+      (or (== opt-name "Exit Status")
+          (== opt-name "Description")
+          (exist? "omit-texi")) =][=
+    CONTINUE                    =][=
+  ENDIF                         =][=
+
+  (ag-fprintf "menu" menu-entry-fmt (string-append opt-name "::") opt-name)
+  (set! label-str (string-append
+        down-prog-name " " (string-capitalize opt-name)))
+  (print-node opt-name label-str)
+  (define cvt-fn (get "ds-format" "texi"))
+  (if (not (== cvt-fn "texi"))
+      (divert-convert cvt-fn) ) =][=
+  (emit (string-append "\n" (get "ds-text") "\n"))
+  (convert-divert)              =][=
+
+ENDFOR  doc-section             =][=
+
+ENDDEF emit-doc-sections
+
+ at c = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =][=
+
+DEFINE emit-exit-status         =][=
+ (ag-fprintf "menu" menu-entry-fmt "exit status::" "exit status")
+ (print-node "exit status" (string-append program-name " exit status")) =]
+
+One of the following exit values will be returned:
+ at table @samp
+ at item 0 (EXIT_[=
+  (set! tmp-str (get "exit-name[0]" "SUCCESS"))
+  (string-upcase (string->c-name! tmp-str))
+  =])
+[=
+  (define need-ex-noinput  (exist? "homerc"))
+  (define need-ex-software #t)
+  (get "exit-desc[0]" "Successful program execution.")=]
+ at item 1 (EXIT_[=
+
+  (set! tmp-str (get "exit-name[1]" "FAILURE"))
+  (string-upcase (string->c-name! tmp-str))=])
+[= (get "exit-desc[1]"
+        "The operation failed or the command syntax was not valid.") =][=
+
+FOR exit-desc (for-from 2)   =][=
+  (if (= (for-index) 66)
+      (set! need-ex-noinput  #f)
+      (if (= (for-index) 70)
+          (set! need-ex-software #f) ))
+  (set! tmp-str (get (sprintf "exit-name[%d]" (for-index)) "* unnamed *"))
+  (sprintf "\n at item %d (EXIT_%s)\n%s" (for-index)
+    (string-upcase (string->c-name! tmp-str))
+    (get (sprintf "exit-desc[%d]" (for-index))))
+  =][=
+ENDFOR exit-desc                        =][=
+
+(if need-ex-noinput
+    (emit "\n at item 66 (EX_NOINPUT)
+A specified configuration file could not be loaded."))
+
+(if need-ex-noinput
+    (emit "\n at item 70 (EX_SOFTWARE)
+libopts had an internal operational error.  Please report
+it to autogen-users@@lists.sourceforge.net.  Thank you."))
+=]
+ at end table[=
+
+ENDDEF emit-exit-status
+
+ at c = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =][=
+
+DEFINE emit-aliases             =]
+
+This is an alias for the [= aliases =] option,
+[= (sprintf "@pxref{%1$s %2$s, the %2$s option documentation}.\n"
+      down-prog-name (get "aliases")) =][=
+
+ENDDEF emit-aliases
+
+ at c = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =][=
+
+DEFINE emit-opt-text            =]
+
+This is the ``[=(string-downcase! (get "descrip"))=]'' option.[=
+    IF (exist? "arg-type")     =]
+This option takes an [= (if (exist? "arg-optional") "optional " "")
+ =]argument [= arg-type =][=
+(if (exist? "arg-name") (string-append " @file{"
+    (string-substitute (get "arg-name") "@" "@@") "}"))
+ =].[=
+    ENDIF           =][=
+
+    (set! extra-ct 0)
+    (out-push-new)  =][=
+
+    IF (exist? "min") =]@item
+is required to appear on the command line.
+[=    (set! extra-ct (+ extra-ct 1)) =][=
+    ENDIF=][=
+
+    IF (exist? "max") =]@item
+may appear [=
+      IF % max (== "%s" "NOLIMIT")
+         =]an unlimited number of times[=
+      ELSE
+         =]up to [=max=] times[=
+      ENDIF=].
+[=    (set! extra-ct (+ extra-ct 1)) =][=
+    ENDIF=][=
+
+    IF (exist? "enabled") =]@item
+is enabled by default.
+[=    (set! extra-ct (+ extra-ct 1)) =][=
+    ENDIF=][=
+
+    IF (exist? "ifdef") =]@item
+must be compiled in by defining @code{[=(get "ifdef")
+      =]} during the compilation.
+[=    (set! extra-ct (+ extra-ct 1)) =][=
+    ENDIF =][=
+
+    IF (exist? "ifndef") =]@item
+must be compiled in by @strong{un}-defining @code{[=(get "ifndef")
+      =]} during the compilation.
+[=    (set! extra-ct (+ extra-ct 1)) =][=
+    ENDIF=][=
+
+    IF (exist? "no_preset") =]@item
+may not be preset with environment variables or configuration (rc/ini) files.
+[=    (set! extra-ct (+ extra-ct 1)) =][=
+    ENDIF=][=
+
+    IF (exist? "equivalence") =]@item
+is a member of the [=equivalence=] class of options.
+[=    (set! extra-ct (+ extra-ct 1)) =][=
+    ENDIF=][=
+
+    IF (exist? "flags_must") =]@item
+must appear in combination with the following options:
+[=    FOR flags_must ", " =][=flags_must=][=
+      ENDFOR=].
+[=    (set! extra-ct (+ extra-ct 1)) =][=
+    ENDIF=][=
+
+    IF (exist? "flags_cant") =]@item
+must not appear in combination with any of the following options:
+[=    FOR flags_cant ", " =][=flags_cant=][=
+      ENDFOR=].
+[=    (set! extra-ct (+ extra-ct 1)) =][=
+    ENDIF=][=
+
+    IF  (~* (get "arg-type") "key|set") =]@item
+This option takes a keyword as its argument[=
+
+      CASE arg-type   =][=
+      =* key          =][= (set! extra-ct (+ extra-ct 1)) =].
+The argument sets an enumeration value that can be tested by comparing[=
+
+      =* set          =][= (set! extra-ct (+ extra-ct 1)) =] list.
+Each entry turns on or off membership bits.  These bits can be tested
+with bit tests against[=
+      ESAC arg-type   =] the option value macro ([=
+(string-upcase (string-append
+(if (exist? "prefix") (string-append (get "prefix") "_") "")
+"OPT_VALUE_" (get "name")  )) =]).
+The available keywords are:
+ at example
+[= (shell (string-append
+   "${CLexe:-columns} -I4 --spread=1 -W50 <<\\" heredoc-marker
+   (join "\n" (stack "keyword") "\n")
+   heredoc-marker
+   )  ) =]
+ at end example
+[=
+
+      IF (=* (get "arg-type") "key") =]
+or their numeric equivalent.[=
+      ENDIF =][=
+
+    ENDIF key/set arg =][=
+
+    IF (> extra-ct 0) =][=
+      (set! extra-text (out-pop #t)) =]
+
+ at noindent
+This option has some usage constraints.  It:
+ at itemize @bullet
+[=(. extra-text)
+=]@end itemize
+[=  ELSE  =][=
+      (out-pop) =][=
+    ENDIF =][=
+
+?% doc "\n%s" "\nThis option has no @samp{doc} documentation." =][=
+  IF (exist? "deprecated") =]
+
+ at strong{NOTE: THIS OPTION IS DEPRECATED}[=
+
+  ENDIF     =][=
+
+ENDDEF emit-opt-text
+
+ at c = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =][=
+
+DEFINE set-home-rc-vars          =][=
+  CASE homerc                    =][=
+  ==*  '$@'                      =][=
+       (set! explain-pkgdatadir #t)
+       (set! cfg-file-name (string-substitute (get "homerc")
+          "$@" "$(pkgdatadir)")) =][=
+
+  ==   '.'                       =][=
+       (set! cfg-file-name "$PWD")
+       (set! env-var-list (string-append env-var-list "PWD, "))
+       =][=
+
+  ==*  './'                      =][=
+       (set! explain-pkgdatadir #t)
+       (set! env-var-list  (string-append env-var-list "PWD, "))
+       (set! cfg-file-name (string-append "$PWD" (substring (get "homerc") 1)))
+       =][=
+
+  ~~*  '\$[A-Za-z]'              =][=
+       (set! cfg-file-name (get "homerc"))
+       (set! env-var-list (string-append env-var-list
+             (shellf "echo '%s' | sed 's/^.//;s#/.*##'" cfg-file-name)
+             ", " ))
+       =][=
+
+  == "" =][= (set! cfg-file-name "") =][=
+
+  *                              =][=
+       (set! cfg-file-name (get "homerc"))  =][=
+  ESAC                           =][=
+
+ENDDEF set-home-rc-vars
+
+ at c = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =][=
+
+DEFINE emit-multiple-rc         \=]
+[=
+  (define explain-pkgdatadir #f)
+  (define env-var-list       "")
+  rc-count =] places for configuration files:
+ at itemize @bullet[=
+FOR homerc                       =][=
+  INVOKE set-home-rc-vars        =][=
+  (if (> (string-length cfg-file-name) 0)
+      (sprintf "\n at item\n%s"  cfg-file-name ))
+  =][=
+
+ENDFOR homerc                    =]
+ at end itemize[=
+ (if explain-pkgdatadir (ag-fprintf 0
+"\nThe value for @code{$(pkgdatadir)} is recorded at package configure time
+and replaced by @file{libopts} when @file{%s} runs." program-name))
+
+(if (> (string-length env-var-list) 1)
+    (shell (string-append
+"list='@code{'`echo '" env-var-list "' | \
+  sed -e 's#, $##' \
+      -e 's#, #}, @code{#g' \
+      -e 's#, \\([^ ][^ ]*\\)$#, and \\1#'`\\}
+echo
+echo 'The environment variables' ${list}
+echo 'are expanded and replaced when @file{" program-name "} runs.'"
+))  ) =]
+For any of these that are plain files, they are simply processed.
+For any that are directories, then a file named @file{[=
+ (if (exist? "rcfile") (get "rcfile")
+     (string-append "." program-name "rc"))=]} is searched for
+within that directory and processed.
+[=
+
+ENDDEF emit-multiple-rc
+
+ at c = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =][=
+
+DEFINE emit-one-rc-dir              =][=
+  (define env-var-list       "")
+  (define explain-pkgdatadir #f)    =][=
+  INVOKE set-home-rc-vars
+
+=]@file{[=(. cfg-file-name) =]} for configuration (option) data.[=
+  IF (. explain-pkgdatadir)         =]
+The value for @code{$(pkgdatadir)} is recorded at package configure time
+and replaced by @file{libopts} when @file{[=prog-name=]} runs.
+[=ENDIF=][=
+(if (> (string-length env-var-list) 1)
+    (sprintf
+"\nThe environment variable @code{%s} is expanded and replaced when
+the program runs" env-var-list)) =]
+If this is a plain file, it is simply processed.
+If it is a directory, then a file named @file{[=
+(if (exist? "rcfile") (get "rcfile")
+     (string-append "." program-name "rc"))
+=]} is searched for within that directory.[=
+
+ENDDEF emit-one-rc-dir
+
+ at c = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =][=
+
+DEFINE emit-rc-file-info                =]
+
+ at noindent
+ at code{libopts} will search in [=
+
+    IF (define rc-count (count "homerc"))
+       (define cfg-file-name "")
+       (> rc-count 1)           =][=
+
+       INVOKE emit-multiple-rc  =][=
+    
+    ELSE                        =][=
+       INVOKE emit-one-rc-dir   =][=
+    ENDIF (> rc-count 1)
+
+=]
+
+Configuration files may be in a wide variety of formats.
+The basic format is an option name followed by a value (argument) on the
+same line.  Values may be separated from the option name with a colon,
+equal sign or simply white space.  Values may be continued across multiple
+lines by escaping the newline with a backslash.
+
+Multiple programs may also share the same initialization file.
+Common options are collected at the top, followed by program specific
+segments.  The segments are separated by lines like:
+ at example
+[[=(. UP-PROG-NAME)=]]
+ at end example
+ at noindent
+or by
+ at example
+<?program [= prog-name =]>
+ at end example
+ at noindent
+Do not mix these styles within one configuration file.
+
+Compound values and carefully constructed string values may also be
+specified using XML syntax:
+ at example
+<option-name>
+   <sub-opt>...<...>...</sub-opt>
+</option-name>
+ at end example
+ at noindent
+yielding an @code{option-name.sub-opt} string value of
+ at example
+"...<...>..."
+ at end example
+ at code{AutoOpts} does not track suboptions.  You simply note that it is a
+hierarchicly valued option.  @code{AutoOpts} does provide a means for searching
+the associated name/value pair list (see: optionFindValue).[=
+
+ENDDEF emit-rc-file-info
+
+ at c = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =][=
+
+DEFINE emit-presets                     =]
+
+[=
+  (ag-fprintf "menu" menu-entry-fmt "config::"
+           (string-append "presetting/configuring " down-prog-name) )
+
+ (print-node "config"
+      (string-append "presetting/configuring " program-name) ) =]
+
+Any option that is not marked as @i{not presettable} may be preset by
+loading values from [=
+
+IF
+
+   (if home-rc-files (emit
+       "configuration (\"rc\" or \"ini\") files"))
+
+   environ-init
+
+  =][=
+  (if home-rc-files (emit ", and values from "))
+  =]environment variables named @code{[=(. UP-PROG-NAME)=]} and @code{[=
+(. UP-PROG-NAME)=]_<OPTION_NAME>}.  @code{<OPTION_NAME>} must be one of
+the options listed above in upper case and segmented with underscores.
+The @code{[=(. UP-PROG-NAME)=]} variable will be tokenized and parsed like
+the command line.  The remaining variables are tested for existence and their
+values are treated like option arguments[=
+  ENDIF  have environment inits         =].
+[=
+
+  IF (. home-rc-files)                  =][=
+     INVOKE emit-rc-file-info           =][=
+  ENDIF home-rc-files                   =]
+
+The command line options relating to configuration and/or usage help are:
+[=
+
+IF (exist? "version")                   =]
+@[= (. head-level) =] version[= (flag-string "version-value" "v") =]
+
+Print the program version to standard out, optionally with licensing
+information, then exit 0.  The optional argument specifies how much licensing
+detail to provide.  The default is to print [=
+(if (exist? "gnu-usage") "the license name with the version" "just the version")
+=].  The licensing infomation may be selected with an option argument.  Only the
+first letter of the argument is examined:
+
+ at table @samp
+ at item version
+Only print the version.[=
+(if (not (exist? "gnu-usage")) "  This is the default.")=]
+ at item copyright
+Name the copyright usage licensing terms.[=
+(if (exist? "gnu-usage") "  This is the default.")=]
+ at item verbose
+Print the full copyright usage licensing terms.
+ at end table
+[=
+ENDIF version                           =][=
+
+IF (exist? "usage-opt")                 =]
+@[= (. head-level) =] usage[= (flag-string "usage-value" "u") =]
+
+Print abbreviated usage to standard out, then exit 0.
+[=
+ENDIF usage-opt                         =][=
+
+IF (exist? "vendor-opt")                =]
+@[= (. head-level) =] vendor-option (-W)
+
+Options that do not have flag values specified must be specified with
+ at code{-W} and the long option name.  That long name is the argument to
+this option.  Any options so named that require an argument must have
+that argument attached to the option name either with quoting or an
+equal sign.
+[=
+ENDIF vendor-opt                        =][=
+
+IF (exist? "resettable")                =]
+@[= (. head-level) =] reset-option[= (flag-string "reset-value" "R") =]
+
+Resets the specified option to the compiled-in initial state.
+This will undo anything that may have been set by configuration files.
+The option argument may be either the option flag character or its long name.
+[=
+ENDIF resettable                        =][=
+
+IF (exist? "home-rc")                   =][=
+  IF (exist? "disable-save")            =]
+@[= (. head-level) =] save-opts[= (flag-string "save-opts-value" ">") =]
+
+Saves the final, configured option state to the specified file (the optional
+option argument).  If no file is specified, then it will be saved to the
+highest priority (last named) @file{rc-file} in the search list.
+[=
+  ENDIF disable-save                    =][=
+
+  IF (exist? "disable-load")            =]
+@[= (. head-level) =] load-opts[= (flag-string "load-opts-value" "<") =]
+
+Loads the named configuration file.
+[=
+  ENDIF disable-load                    =][=
+ENDIF home-rc                           =][=
+
+ENDDEF emit-presets
+
+ at c = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =][=
+
+DEFINE header                          \=]
+\input texinfo
+ at c -*-texinfo-*-
+ at c %**start of header
+ at setfilename [= (string-append down-prog-name ".info") =]
+ at settitle [= (sprintf (if (exist? "package") "%2$s - %1$s" "%s")
+             (get "package")  (get "prog-title")) =]
+ at c %**end of header
+ at setchapternewpage off
+ at titlepage
+ at sp 10
+ at comment The title is printed in a large font.
+ at center @titlefont{Sample Title}
+
+ at c The following two commands start the copyright page.
+ at page
+ at vskip 0pt plus 1filll
+[= (name-copyright) =][=
+IF (exist? "copyright.type") =]
+[= (license-full (get "copyright.type") program-name ""
+    (get "copyright.owner" (get "copyright.author" ""))
+    (get "copyright.date") ) =][=
+ENDIF =]
+ at end titlepage
+ at node Top, [= prog-name =] usage, , (dir)
+ at top [= prog-title =]
+[=
+
+ENDDEF header
+
+ at c = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =][=
+
+DEFINE emit-usage-opt                   =][=
+
+  (define label-str (string-append
+          program-name " help/usage (@option{" help-opt "})"))
+  (ag-fprintf "menu" menu-entry-fmt "usage::" label-str)
+  (sprintf node-fmt "usage" label-str) =]
+ at cindex [=(. down-prog-name)=] help
+
+This is the automatically generated usage text for [= prog-name =].
+
+The text printed is the same whether selected with the @code{help} option
+(@option{[= (. help-opt) =]}) or the @code{more-help} option (@option{[=
+(. more-help-opt) =]}).  @code{more-help} will print
+the usage text by passing it through a pager program.
+ at code{more-help} is disabled on platforms without a working
+ at code{fork(2)} function.  The @code{PAGER} environment variable is
+used to select the program, defaulting to @file{more}.  Both will exit
+with a status code of 0.
+
+ at exampleindent 0
+ at example
+[= (out-push-new) =]
+prog_name=[= (. program-name) =]
+PROG=./${prog_name}
+test -f ${PROG} || {
+  PROG=`echo $PROG | tr '[A-Z]' '[a-z]'`
+  test -f ${PROG} || PROG=`echo $PROG | tr x_ x-`
+}
+if [ ! -f ${PROG} ]
+then
+  if [= (string-append program-name " " help-opt) =] > /dev/null 2>&1
+  then PROG=`command -v ${prog_name}`
+  else PROG="echo ${prog_name} is unavailable - no "
+  fi
+fi
+${PROG} [=(. help-opt)=] 2>&1 | \
+    sed -e "s/USAGE:  lt-${prog_name} /USAGE:  ${prog_name} /" \
+        -e 's/@/@@/g;s/{/@{/g;s/}/@}/g' \
+        -e 's/	/        /g'
+[= (shell (out-pop #t))         =]
+ at end example
+ at exampleindent 4
+[=
+
+ENDDEF emit-usage-opt
+
+ at c = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =][=
+
+DEFINE initialization                   =][=
+
+
+  (shell "CLexe=${AGexe%/autogen}/columns")
+
+
+  ;; divert-convert  divert text for conversion to .texi format
+  ;; convert-divert  convert the diversion done with divert-convert
+  ;;
+  (define divert-convert (lambda (diversion-type) (begin
+     (set! was-diverted
+           (not (or (== diversion-type "texi") (== diversion-type ""))))
+     (if was-diverted   (begin
+         (set! cvt-script
+               (find-file (string-append diversion-type "2texi")))
+         (if (not (defined? 'cvt-script))
+             (error (sprintf "unknown source format type: %s" diversion-type)) )
+         (out-push-new) ))  )))
+
+  (define heredoc-marker "_Unlikely_Here_Doc_Marker_\n")
+  (define convert-divert (lambda ()
+     (if was-diverted (shell (string-append
+         cvt-script "<<\\" heredoc-marker (out-pop #t) "\n" heredoc-marker
+  )) )))
+
+  (define was-diverted   #f)
+  (define diversion-type "")
+  (define cvt-script     "")
+  (define tmp-str        "")
+
+  (define name-copyright (lambda ()
+      (if (exist? "copyright")
+          (string-append "\nThis software is released under "
+             (license-name (get "copyright.type" "an unknown copyright"))
+             "." ) ) ))
+
+  (make-tmp-dir)
+  (define program-name      (get "prog-name"))
+  (define down-prog-name    (string-downcase program-name))
+  (define UP-PROG-NAME      (string-upcase   program-name))
+  (shellf "export AG_DEF_PROG_NAME=%s" program-name)
+  (define doc-level         (getenv "LEVEL"))
+  (if (not (string? doc-level))
+      (set! doc-level "section"))
+  (define file-name         (string-append down-prog-name ".texi"))
+  (define coded-prog-name   (string-append "@code{" down-prog-name "}"))
+
+  (define replace-prog-name (lambda (nm)
+     (string-substitute (get nm) down-prog-name coded-prog-name )  ))
+
+  (define have-doc-options  (exist? "flag.documentation"))
+  (define print-menu        #t)
+  (define do-doc-nodes      #f)
+  (define menu-entry-fmt    (string-append
+                            "* " down-prog-name " %-24s %s\n"))
+  (define emit-menu-entry   (lambda (is-doc) (not is-doc)))
+  (if have-doc-options
+      (set! emit-menu-entry (lambda (is-doc) is-doc))  )
+  (define chk-flag-val      (exist? "flag.value"))
+  (define flag-string       (lambda (v-nm v-df) (if (not chk-flag-val) ""
+     (string-append " (-"
+        (if (exist? v-nm) (get v-nm) v-df)
+        ")")  )))
+
+  (define help-opt "")
+  (if (exist? "long-opts")
+      (set! help-opt "--help")
+  (if (not (exist? "flag.value"))
+      (set! help-opt "help")
+  (if (not (exist? "help-value"))
+      (set! help-opt "-?")
+      (begin
+         (set! tmp-str (get "help-value"))
+         (if (> (string-length tmp-str) 0)
+             (set! help-opt (string-append "-" tmp-str))
+             (set! help-opt "--help")
+      )  )
+  )))
+
+  (define more-help-opt "")
+  (if (exist? "long-opts")
+      (set! more-help-opt "--more-help")
+  (if (not (exist? "flag.value"))
+      (set! more-help-opt "more-help")
+  (if (not (exist? "more-help-value"))
+      (set! more-help-opt "-!")
+      (begin
+         (set! tmp-str (get "more-help-value"))
+         (if (> (string-length tmp-str) 0)
+             (set! help-opt (string-append "-" tmp-str))
+             (set! help-opt "--more-help")
+      )  )
+  )))
+
+  =][=
+
+  CASE (. doc-level)    =][=
+    == document         =][= INVOKE header =][=
+       (define sub-level  "chapter")
+       (define head-level "heading")       =][=
+    == chapter          =][=
+       (define sub-level  "section")
+       (define head-level "subheading")    =][=
+    == section          =][=
+       (define sub-level "subsection")
+       (define head-level "subsubheading") =][=
+    == subsection       =][=
+       (define sub-level "subsubsection")
+       (define head-level "subsubheading") =][=
+
+    * =][=(error (sprintf "invalid doc level: %s\n" doc-level)) =][=
+
+  ESAC doc level        =][=
+
+  (define node-fmt (string-append
+     "\n at node " down-prog-name " %s\n@" sub-level " %s"))
+  (define print-node        (lambda (a b) (ag-fprintf 0 node-fmt a b) ))
+
+  (define opt-node-fmt (if have-doc-options
+     (string-append "\n@" head-level
+        " %2$s.\n at anchor{" down-prog-name " %1$s}")
+     node-fmt
+  ))
+
+  (define exit-sts-fmt "\n\n at node %1$s %2$s\n@%3$s %1$s %2$s\n")
+  =][=
+
+  IF (not (== doc-level "document"))    =][=
+     (set! file-name (string-append "invoke-" file-name))
+       \=]
+ at node [= prog-name      =] Invocation
+@[=(. doc-level)        =] Invoking [= prog-name =]
+ at pindex [= prog-name    =]
+ at cindex [= prog-title   =][=
+
+FOR concept =]
+ at cindex [= concept      =][=
+ENDFOR                  =][=
+
+  ENDIF document component
+
+=]
+ at ignore
+[=
+
+(out-move file-name)
+(dne "# " "# ")
+
+=]
+ at end ignore
+[=
+
+ENDDEF initialization
+
+ at c agtexi-cmd.tpl ends here =]

==== sntp/ag-tpl/agtexi-cmd.tpl ====
2012-08-30 21:50:08-04:00, stenn at deacon.udel.edu +0 -0

#### ChangeSet ####
2012-08-30 21:48:02-04:00, stenn at deacon.udel.edu
  Begin support for autogen maintaining ntp.conf and ntp.keys docs

==== .point-changed-filelist ====
2012-08-30 21:47:54-04:00, stenn at deacon.udel.edu +15 -7
  Begin support for autogen maintaining ntp.conf and ntp.keys docs

--- 1.13/.point-changed-filelist	2011-06-23 03:26:54 -04:00
+++ 1.14/.point-changed-filelist	2012-08-30 21:47:54 -04:00
@@ -1,51 +1,59 @@
 ChangeLog
+ntpd/invoke-ntpd.texi
+ntpd/ntp.conf.5man
+ntpd/ntp.conf.5mdoc
+ntpd/ntp.conf.man.in
+ntpd/ntp.conf.mdoc.in
+ntpd/ntp.keys.5man
+ntpd/ntp.keys.5mdoc
+ntpd/ntp.keys.man.in
+ntpd/ntp.keys.mdoc.in
 ntpd/ntpd-opts.c
 ntpd/ntpd-opts.h
-ntpd/ntpd-opts.texi
 ntpd/ntpd.1ntpdman
 ntpd/ntpd.1ntpdmdoc
 ntpd/ntpd.man.in
 ntpd/ntpd.mdoc.in
+ntpdc/invoke-ntpdc.texi
 ntpdc/ntpdc-opts.c
 ntpdc/ntpdc-opts.h
-ntpdc/ntpdc-opts.texi
 ntpdc/ntpdc.1ntpdcman
 ntpdc/ntpdc.1ntpdcmdoc
 ntpdc/ntpdc.html
 ntpdc/ntpdc.man.in
 ntpdc/ntpdc.mdoc.in
+ntpq/invoke-ntpq.texi
 ntpq/ntpq-opts.c
 ntpq/ntpq-opts.h
-ntpq/ntpq-opts.texi
 ntpq/ntpq.1ntpqman
 ntpq/ntpq.1ntpqmdoc
 ntpq/ntpq.man.in
 ntpq/ntpq.mdoc.in
+ntpsnmpd/invoke-ntpsnmpd.texi
 ntpsnmpd/ntpsnmpd-opts.c
 ntpsnmpd/ntpsnmpd-opts.h
-ntpsnmpd/ntpsnmpd-opts.texi
 ntpsnmpd/ntpsnmpd.1ntpsnmpdman
 ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc
 ntpsnmpd/ntpsnmpd.man.in
 ntpsnmpd/ntpsnmpd.mdoc.in
 packageinfo.sh
-scripts/ntp-wait-opts.texi
+scripts/invoke-ntp-wait.texi
 scripts/ntp-wait.1ntp-waitman
 scripts/ntp-wait.1ntp-waitmdoc
 scripts/ntp-wait.html
 scripts/ntp-wait.man.in
 scripts/ntp-wait.mdoc.in
+sntp/invoke-sntp.texi
 sntp/sntp-opts.c
 sntp/sntp-opts.h
-sntp/sntp-opts.texi
 sntp/sntp.1sntpman
 sntp/sntp.1sntpmdoc
 sntp/sntp.html
 sntp/sntp.man.in
 sntp/sntp.mdoc.in
+util/invoke-ntp-keygen.texi
 util/ntp-keygen-opts.c
 util/ntp-keygen-opts.h
-util/ntp-keygen-opts.texi
 util/ntp-keygen.1ntp-keygenman
 util/ntp-keygen.1ntp-keygenmdoc
 util/ntp-keygen.man.in

#### ChangeSet ####
2012-08-30 20:44:10-04:00, stenn at psp-deb1.ntp.org
  Begin support for autogen maintaining ntp.conf and ntp.keys docs

==== ChangeLog ====
2012-08-30 20:42:29-04:00, stenn at psp-deb1.ntp.org +1 -0
  Begin support for autogen maintaining ntp.conf and ntp.keys docs

--- 1.1156/ChangeLog	2012-08-12 00:32:17 -04:00
+++ 1.1157/ChangeLog	2012-08-30 20:42:29 -04:00
@@ -1,3 +1,4 @@
+* Begin support for autogen maintaining ntp.conf and ntp.keys docs.
 * Upgrade to autogen-5.16.2 and libopts-36.5.11.
 (4.2.7p295) 2012/08/11 Released by Harlan Stenn <stenn at ntp.org>
 * Look for syslog's facilitynames[].

==== ntpd/ntp.conf.5man ====
2012-08-30 20:37:36-04:00, stenn at psp-deb1.ntp.org +2915 -0
  BitKeeper file /home/stenn/ntp-dev-autogen/ntpd/ntp.conf.5man

--- /dev/null	2012-08-30 22:06:47 -04:00
+++ 1.1/ntpd/ntp.conf.5man	2012-08-30 20:37:36 -04:00
@@ -0,0 +1,2915 @@
+.TH ntp.conf 5man "11 Aug 2012" "4.2.7p295" "File Formats"
+.\"
+.\"  EDIT THIS FILE WITH CAUTION  (ntp.man)
+.\"  
+.\"  It has been AutoGen-ed  August 11, 2012 at 08:57:44 PM by AutoGen 5.16.2
+.\"  From the definitions    ntp.conf.def
+.\"  and the template file   agman-cmd.tpl
+.\"
+.SH NAME
+ntp.conf \- Network Time Protocol (NTP) daemon configuration file format
+.SH SYNOPSIS
+.B ntp.conf
+.\" Long options only
+.RB [ \-\-\fIopt\-name\fP [ = "| ] \fIvalue\fP]]..."
+.PP
+All arguments must be options.
+.PP
+.SH DESCRIPTION
+The
+.B XXX Program Name
+configuration file is read at initial startup by the
+.Xr ntpd 1ntpdmdoc
+daemon in order to specify the synchronization sources,
+modes and other related information.
+Usually, it is installed in the
+.Pa /etc
+directory,
+but could be installed elsewhere
+(see the daemon's
+c
+command line option).
+.PP
+The file format is similar to other
+.Ux
+configuration files.
+Comments begin with a
+.Ql #
+character and extend to the end of the line;
+blank lines are ignored.
+Configuration commands consist of an initial keyword
+followed by a list of arguments,
+some of which may be optional, separated by whitespace.
+Commands may not be continued over multiple lines.
+Arguments may be host names,
+host addresses written in numeric, dotted-quad form,
+integers, floating point numbers (when specifying times in seconds)
+and text strings.
+.PP
+The rest of this page describes the configuration and control options.
+The
+.Qq Notes on Configuring NTP and Setting up a NTP Subnet
+page
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp )
+contains an extended discussion of these options.
+In addition to the discussion of general
+.Sx Configuration Options ,
+there are sections describing the following supported functionality
+and the options used to control it:
+.in +4
+.ti -4
+\fB*\fP
+
+.Sx Authentication Support
+.ti -4
+\fB*\fP
+
+.Sx Monitoring Support
+.ti -4
+\fB*\fP
+
+.Sx Access Control Support
+.ti -4
+\fB*\fP
+
+.Sx Automatic NTP Configuration Options
+.ti -4
+\fB*\fP
+
+.Sx Reference Clock Support
+.ti -4
+\fB*\fP
+
+.Sx Miscellaneous Options
+.in -4
+.PP
+Following these is a section describing
+.Sx Miscellaneous Options .
+While there is a rich set of options available,
+the only required option is one or more
+.Ic server ,
+.Ic peer ,
+.Ic broadcast
+or
+.Ic manycastclient
+commands.
+.SH Configuration Support
+Following is a description of the configuration commands in
+NTPv4.
+These commands have the same basic functions as in NTPv3 and
+in some cases new functions and new arguments.
+There are two
+classes of commands, configuration commands that configure a
+persistent association with a remote server or peer or reference
+clock, and auxiliary commands that specify environmental variables
+that control various related operations.
+.SS Configuration Commands
+The various modes are determined by the command keyword and the
+type of the required IP address.
+Addresses are classed by type as
+(s) a remote server or peer (IPv4 class A, B and C), (b) the
+broadcast address of a local interface, (m) a multicast address (IPv4
+class D), or (r) a reference clock address (127.127.x.x).
+Note that
+only those options applicable to each command are listed below.
+Use
+of options not listed may not be caught as an error, but may result
+in some weird and even destructive behavior.
+.PP
+If the Basic Socket Interface Extensions for IPv6 (RFC-2553)
+is detected, support for the IPv6 address family is generated
+in addition to the default support of the IPv4 address family.
+In a few cases, including the reslist billboard generated
+by ntpdc, IPv6 addresses are automatically generated.
+IPv6 addresses can be identified by the presence of colons
+.Dq \&:
+in the address field.
+IPv6 addresses can be used almost everywhere where
+IPv4 addresses can be used,
+with the exception of reference clock addresses,
+which are always IPv4.
+.PP
+Note that in contexts where a host name is expected, a
+4
+qualifier preceding
+the host name forces DNS resolution to the IPv4 namespace,
+while a
+6
+qualifier forces DNS resolution to the IPv6 namespace.
+See IPv6 references for the
+equivalent classes for that address family.
+.TP
+.BR Xo Ic server Ar address
+[ "\fIkey\fR" "\fIkey\fR" \&| "\fIautokey\fR" ]
+[ "\fIburst\fR" ]
+[ "\fIiburst\fR" ]
+[ "\fIversion\fR" "\fIversion\fR" ]
+[ "\fIprefer\fR" ]
+[ "\fIminpoll\fR" "\fIminpoll\fR" ]
+[ "\fImaxpoll\fR" "\fImaxpoll\fR" ]
+.Xc
+.TP
+.BR Xo Ic peer Ar address
+[ "\fIkey\fR" "\fIkey\fR" \&| "\fIautokey\fR" ]
+[ "\fIversion\fR" "\fIversion\fR" ]
+[ "\fIprefer\fR" ]
+[ "\fIminpoll\fR" "\fIminpoll\fR" ]
+[ "\fImaxpoll\fR" "\fImaxpoll\fR" ]
+.Xc
+.TP
+.BR Xo Ic broadcast Ar address
+[ "\fIkey\fR" "\fIkey\fR" \&| "\fIautokey\fR" ]
+[ "\fIversion\fR" "\fIversion\fR" ]
+[ "\fIprefer\fR" ]
+[ "\fIminpoll\fR" "\fIminpoll\fR" ]
+[ "\fIttl\fR" "\fIttl\fR" ]
+.Xc
+.TP
+.BR Xo Ic manycastclient Ar address
+[ "\fIkey\fR" "\fIkey\fR" \&| "\fIautokey\fR" ]
+[ "\fIversion\fR" "\fIversion\fR" ]
+[ "\fIprefer\fR" ]
+[ "\fIminpoll\fR" "\fIminpoll\fR" ]
+[ "\fImaxpoll\fR" "\fImaxpoll\fR" ]
+[ "\fIttl\fR" "\fIttl\fR" ]
+.Xc
+.PP
+These four commands specify the time server name or address to
+be used and the mode in which to operate.
+The
+\fIaddress\fR
+can be
+either a DNS name or an IP address in dotted-quad notation.
+Additional information on association behavior can be found in the
+.Qq Association Management
+page
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp ) .
+.TP
+.BR Ic server
+For type s and r addresses, this command mobilizes a persistent
+client mode association with the specified remote server or local
+radio clock.
+In this mode the local clock can synchronized to the
+remote server, but the remote server can never be synchronized to
+the local clock.
+This command should
+.I not
+be used for type
+b or m addresses.
+.TP
+.BR Ic peer
+For type s addresses (only), this command mobilizes a
+persistent symmetric-active mode association with the specified
+remote peer.
+In this mode the local clock can be synchronized to
+the remote peer or the remote peer can be synchronized to the local
+clock.
+This is useful in a network of servers where, depending on
+various failure scenarios, either the local or remote peer may be
+the better source of time.
+This command should NOT be used for type
+b, m or r addresses.
+.TP
+.BR Ic broadcast
+For type b and m addresses (only), this
+command mobilizes a persistent broadcast mode association.
+Multiple
+commands can be used to specify multiple local broadcast interfaces
+(subnets) and/or multiple multicast groups.
+Note that local
+broadcast messages go only to the interface associated with the
+subnet specified, but multicast messages go to all interfaces.
+In broadcast mode the local server sends periodic broadcast
+messages to a client population at the
+\fIaddress\fR
+specified, which is usually the broadcast address on (one of) the
+local network(s) or a multicast address assigned to NTP.
+The IANA
+has assigned the multicast group address IPv4 224.0.1.1 and
+IPv6 ff05::101 (site local) exclusively to
+NTP, but other nonconflicting addresses can be used to contain the
+messages within administrative boundaries.
+Ordinarily, this
+specification applies only to the local server operating as a
+sender; for operation as a broadcast client, see the
+.Ic broadcastclient
+or
+.Ic multicastclient
+commands
+below.
+.TP
+.BR Ic manycastclient
+For type m addresses (only), this command mobilizes a
+manycast client mode association for the multicast address
+specified.
+In this case a specific address must be supplied which
+matches the address used on the
+.Ic manycastserver
+command for
+the designated manycast servers.
+The NTP multicast address
+224.0.1.1 assigned by the IANA should NOT be used, unless specific
+means are taken to avoid spraying large areas of the Internet with
+these messages and causing a possibly massive implosion of replies
+at the sender.
+The
+.Ic manycastserver
+command specifies that the local server
+is to operate in client mode with the remote servers that are
+discovered as the result of broadcast/multicast messages.
+The
+client broadcasts a request message to the group address associated
+with the specified
+\fIaddress\fR
+and specifically enabled
+servers respond to these messages.
+The client selects the servers
+providing the best time and continues as with the
+.Ic server
+command.
+The remaining servers are discarded as if never
+heard.
+.PP
+Options:
+.TP
+.BR Cm autokey
+All packets sent to and received from the server or peer are to
+include authentication fields encrypted using the autokey scheme
+described in
+.Sx Authentication Options .
+.TP
+.BR Cm burst
+when the server is reachable, send a burst of eight packets
+instead of the usual one.
+The packet spacing is normally 2 s;
+however, the spacing between the first and second packets
+can be changed with the calldelay command to allow
+additional time for a modem or ISDN call to complete.
+This is designed to improve timekeeping quality
+with the
+.Ic server
+command and s addresses.
+.TP
+.BR Cm iburst
+When the server is unreachable, send a burst of eight packets
+instead of the usual one.
+The packet spacing is normally 2 s;
+however, the spacing between the first two packets can be
+changed with the calldelay command to allow
+additional time for a modem or ISDN call to complete.
+This is designed to speed the initial synchronization
+acquisition with the
+.Ic server
+command and s addresses and when
+.Xr ntpd 1ntpdmdoc
+is started with the
+q
+option.
+.TP
+.BR Cm key Ar key
+All packets sent to and received from the server or peer are to
+include authentication fields encrypted using the specified
+\fIkey\fR
+identifier with values from 1 to 65534, inclusive.
+The
+default is to include no encryption field.
+.TP
+.BR Cm minpoll Ar minpoll
+.TP
+.BR Cm maxpoll Ar maxpoll
+These options specify the minimum and maximum poll intervals
+for NTP messages, as a power of 2 in seconds
+The maximum poll
+interval defaults to 10 (1,024 s), but can be increased by the
+.Cm maxpoll
+option to an upper limit of 17 (36.4 h).
+The
+minimum poll interval defaults to 6 (64 s), but can be decreased by
+the
+.Cm minpoll
+option to a lower limit of 4 (16 s).
+.TP
+.BR Cm noselect
+Marks the server as unused, except for display purposes.
+The server is discarded by the selection algroithm.
+.TP
+.BR Cm prefer
+Marks the server as preferred.
+All other things being equal,
+this host will be chosen for synchronization among a set of
+correctly operating hosts.
+See the
+.Qq Mitigation Rules and the prefer Keyword
+page
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp )
+for further information.
+.TP
+.BR Cm ttl Ar ttl
+This option is used only with broadcast server and manycast
+client modes.
+It specifies the time-to-live
+\fIttl\fR
+to
+use on broadcast server and multicast server and the maximum
+\fIttl\fR
+for the expanding ring search with manycast
+client packets.
+Selection of the proper value, which defaults to
+127, is something of a black art and should be coordinated with the
+network administrator.
+.TP
+.BR Cm version Ar version
+Specifies the version number to be used for outgoing NTP
+packets.
+Versions 1-4 are the choices, with version 4 the
+default.
+.SS Auxiliary Commands
+.TP
+.BR Ic broadcastclient
+This command enables reception of broadcast server messages to
+any local interface (type b) address.
+Upon receiving a message for
+the first time, the broadcast client measures the nominal server
+propagation delay using a brief client/server exchange with the
+server, then enters the broadcast client mode, in which it
+synchronizes to succeeding broadcast messages.
+Note that, in order
+to avoid accidental or malicious disruption in this mode, both the
+server and client should operate using symmetric-key or public-key
+authentication as described in
+.Sx Authentication Options .
+.TP
+.BR Ic manycastserver Ar address ...
+This command enables reception of manycast client messages to
+the multicast group address(es) (type m) specified.
+At least one
+address is required, but the NTP multicast address 224.0.1.1
+assigned by the IANA should NOT be used, unless specific means are
+taken to limit the span of the reply and avoid a possibly massive
+implosion at the original sender.
+Note that, in order to avoid
+accidental or malicious disruption in this mode, both the server
+and client should operate using symmetric-key or public-key
+authentication as described in
+.Sx Authentication Options .
+.TP
+.BR Ic multicastclient Ar address ...
+This command enables reception of multicast server messages to
+the multicast group address(es) (type m) specified.
+Upon receiving
+a message for the first time, the multicast client measures the
+nominal server propagation delay using a brief client/server
+exchange with the server, then enters the broadcast client mode, in
+which it synchronizes to succeeding multicast messages.
+Note that,
+in order to avoid accidental or malicious disruption in this mode,
+both the server and client should operate using symmetric-key or
+public-key authentication as described in
+.Sx Authentication Options .
+.SH Authentication Support
+Authentication support allows the NTP client to verify that the
+server is in fact known and trusted and not an intruder intending
+accidentally or on purpose to masquerade as that server.
+The NTPv3
+specification RFC-1305 defines a scheme which provides
+cryptographic authentication of received NTP packets.
+Originally,
+this was done using the Data Encryption Standard (DES) algorithm
+operating in Cipher Block Chaining (CBC) mode, commonly called
+DES-CBC.
+Subsequently, this was replaced by the RSA Message Digest
+5 (MD5) algorithm using a private key, commonly called keyed-MD5.
+Either algorithm computes a message digest, or one-way hash, which
+can be used to verify the server has the correct private key and
+key identifier.
+.PP
+NTPv4 retains the NTPv3 scheme, properly described as symmetric key
+cryptography and, in addition, provides a new Autokey scheme
+based on public key cryptography.
+Public key cryptography is generally considered more secure
+than symmetric key cryptography, since the security is based
+on a private value which is generated by each server and
+never revealed.
+With Autokey all key distribution and
+management functions involve only public values, which
+considerably simplifies key distribution and storage.
+Public key management is based on X.509 certificates,
+which can be provided by commercial services or
+produced by utility programs in the OpenSSL software library
+or the NTPv4 distribution.
+.PP
+While the algorithms for symmetric key cryptography are
+included in the NTPv4 distribution, public key cryptography
+requires the OpenSSL software library to be installed
+before building the NTP distribution.
+Directions for doing that
+are on the Building and Installing the Distribution page.
+.PP
+Authentication is configured separately for each association
+using the
+.Cm key
+or
+.Cm autokey
+subcommand on the
+.Ic peer ,
+.Ic server ,
+.Ic broadcast
+and
+.Ic manycastclient
+configuration commands as described in
+.Sx Configuration Options
+page.
+The authentication
+options described below specify the locations of the key files,
+if other than default, which symmetric keys are trusted
+and the interval between various operations, if other than default.
+.PP
+Authentication is always enabled,
+although ineffective if not configured as
+described below.
+If a NTP packet arrives
+including a message authentication
+code (MAC), it is accepted only if it
+passes all cryptographic checks.
+The
+checks require correct key ID, key value
+and message digest.
+If the packet has
+been modified in any way or replayed
+by an intruder, it will fail one or more
+of these checks and be discarded.
+Furthermore, the Autokey scheme requires a
+preliminary protocol exchange to obtain
+the server certificate, verify its
+credentials and initialize the protocol
+.PP
+The
+.Cm auth
+flag controls whether new associations or
+remote configuration commands require cryptographic authentication.
+This flag can be set or reset by the
+.Ic enable
+and
+.Ic disable
+commands and also by remote
+configuration commands sent by a
+.Xr ntpdc 1ntpdcmdoc
+program running in
+another machine.
+If this flag is enabled, which is the default
+case, new broadcast client and symmetric passive associations and
+remote configuration commands must be cryptographically
+authenticated using either symmetric key or public key cryptography.
+If this
+flag is disabled, these operations are effective
+even if not cryptographic
+authenticated.
+It should be understood
+that operating with the
+.Ic auth
+flag disabled invites a significant vulnerability
+where a rogue hacker can
+masquerade as a falseticker and seriously
+disrupt system timekeeping.
+It is
+important to note that this flag has no purpose
+other than to allow or disallow
+a new association in response to new broadcast
+and symmetric active messages
+and remote configuration commands and, in particular,
+the flag has no effect on
+the authentication process itself.
+.PP
+An attractive alternative where multicast support is available
+is manycast mode, in which clients periodically troll
+for servers as described in the
+.Sx Automatic NTP Configuration Options
+page.
+Either symmetric key or public key
+cryptographic authentication can be used in this mode.
+The principle advantage
+of manycast mode is that potential servers need not be
+configured in advance,
+since the client finds them during regular operation,
+and the configuration
+files for all clients can be identical.
+.PP
+The security model and protocol schemes for
+both symmetric key and public key
+cryptography are summarized below;
+further details are in the briefings, papers
+and reports at the NTP project page linked from
+.Li http://www.ntp.org/ .
+.SS Symmetric-Key Cryptography
+The original RFC-1305 specification allows any one of possibly
+65,534 keys, each distinguished by a 32-bit key identifier, to
+authenticate an association.
+The servers and clients involved must
+agree on the key and key identifier to
+authenticate NTP packets.
+Keys and
+related information are specified in a key
+file, usually called
+.Pa ntp.keys ,
+which must be distributed and stored using
+secure means beyond the scope of the NTP protocol itself.
+Besides the keys used
+for ordinary NTP associations,
+additional keys can be used as passwords for the
+.Xr ntpq 1ntpqmdoc
+and
+.Xr ntpdc 1ntpdcmdoc
+utility programs.
+.PP
+When
+.Xr ntpd 1ntpdmdoc
+is first started, it reads the key file specified in the
+.Ic keys
+configuration command and installs the keys
+in the key cache.
+However,
+individual keys must be activated with the
+.Ic trusted
+command before use.
+This
+allows, for instance, the installation of possibly
+several batches of keys and
+then activating or deactivating each batch
+remotely using
+.Xr ntpdc 1ntpdcmdoc .
+This also provides a revocation capability that can be used
+if a key becomes compromised.
+The
+.Ic requestkey
+command selects the key used as the password for the
+.Xr ntpdc 1ntpdcmdoc
+utility, while the
+.Ic controlkey
+command selects the key used as the password for the
+.Xr ntpq 1ntpqmdoc
+utility.
+.SS Public Key Cryptography
+NTPv4 supports the original NTPv3 symmetric key scheme
+described in RFC-1305 and in addition the Autokey protocol,
+which is based on public key cryptography.
+The Autokey Version 2 protocol described on the Autokey Protocol
+page verifies packet integrity using MD5 message digests
+and verifies the source with digital signatures and any of several
+digest/signature schemes.
+Optional identity schemes described on the Identity Schemes
+page and based on cryptographic challenge/response algorithms
+are also available.
+Using all of these schemes provides strong security against
+replay with or without modification, spoofing, masquerade
+and most forms of clogging attacks.
+.\" .Pp
+.\" The cryptographic means necessary for all Autokey operations
+.\" is provided by the OpenSSL software library.
+.\" This library is available from http://www.openssl.org/
+.\" and can be installed using the procedures outlined
+.\" in the Building and Installing the Distribution page.
+.\" Once installed,
+.\" the configure and build
+.\" process automatically detects the library and links
+.\" the library routines required.
+.PP
+The Autokey protocol has several modes of operation
+corresponding to the various NTP modes supported.
+Most modes use a special cookie which can be
+computed independently by the client and server,
+but encrypted in transmission.
+All modes use in addition a variant of the S-KEY scheme,
+in which a pseudo-random key list is generated and used
+in reverse order.
+These schemes are described along with an executive summary,
+current status, briefing slides and reading list on the
+.Sx Autonomous Authentication
+page.
+.PP
+The specific cryptographic environment used by Autokey servers
+and clients is determined by a set of files
+and soft links generated by the
+.Xr ntp-keygen 1ntpkeygenmdoc
+program.
+This includes a required host key file,
+required certificate file and optional sign key file,
+leapsecond file and identity scheme files.
+The
+digest/signature scheme is specified in the X.509 certificate
+along with the matching sign key.
+There are several schemes
+available in the OpenSSL software library, each identified
+by a specific string such as
+.Cm md5WithRSAEncryption ,
+which stands for the MD5 message digest with RSA
+encryption scheme.
+The current NTP distribution supports
+all the schemes in the OpenSSL library, including
+those based on RSA and DSA digital signatures.
+.PP
+NTP secure groups can be used to define cryptographic compartments
+and security hierarchies.
+It is important that every host
+in the group be able to construct a certificate trail to one
+or more trusted hosts in the same group.
+Each group
+host runs the Autokey protocol to obtain the certificates
+for all hosts along the trail to one or more trusted hosts.
+This requires the configuration file in all hosts to be
+engineered so that, even under anticipated failure conditions,
+the NTP subnet will form such that every group host can find
+a trail to at least one trusted host.
+.SS Naming and Addressing
+It is important to note that Autokey does not use DNS to
+resolve addresses, since DNS can't be completely trusted
+until the name servers have synchronized clocks.
+The cryptographic name used by Autokey to bind the host identity
+credentials and cryptographic values must be independent
+of interface, network and any other naming convention.
+The name appears in the host certificate in either or both
+the subject and issuer fields, so protection against
+DNS compromise is essential.
+.PP
+By convention, the name of an Autokey host is the name returned
+by the Unix
+.Xr gethostname 2
+system call or equivalent in other systems.
+By the system design
+model, there are no provisions to allow alternate names or aliases.
+However, this is not to say that DNS aliases, different names
+for each interface, etc., are constrained in any way.
+.PP
+It is also important to note that Autokey verifies authenticity
+using the host name, network address and public keys,
+all of which are bound together by the protocol specifically
+to deflect masquerade attacks.
+For this reason Autokey
+includes the source and destinatino IP addresses in message digest
+computations and so the same addresses must be available
+at both the server and client.
+For this reason operation
+with network address translation schemes is not possible.
+This reflects the intended robust security model where government
+and corporate NTP servers are operated outside firewall perimeters.
+.SS Operation
+A specific combination of authentication scheme (none,
+symmetric key, public key) and identity scheme is called
+a cryptotype, although not all combinations are compatible.
+There may be management configurations where the clients,
+servers and peers may not all support the same cryptotypes.
+A secure NTPv4 subnet can be configured in many ways while
+keeping in mind the principles explained above and
+in this section.
+Note however that some cryptotype
+combinations may successfully interoperate with each other,
+but may not represent good security practice.
+.PP
+The cryptotype of an association is determined at the time
+of mobilization, either at configuration time or some time
+later when a message of appropriate cryptotype arrives.
+When mobilized by a
+.Ic server
+or
+.Ic peer
+configuration command and no
+.Ic key
+or
+.Ic autokey
+subcommands are present, the association is not
+authenticated; if the
+.Ic key
+subcommand is present, the association is authenticated
+using the symmetric key ID specified; if the
+.Ic autokey
+subcommand is present, the association is authenticated
+using Autokey.
+.PP
+When multiple identity schemes are supported in the Autokey
+protocol, the first message exchange determines which one is used.
+The client request message contains bits corresponding
+to which schemes it has available.
+The server response message
+contains bits corresponding to which schemes it has available.
+Both server and client match the received bits with their own
+and select a common scheme.
+.PP
+Following the principle that time is a public value,
+a server responds to any client packet that matches
+its cryptotype capabilities.
+Thus, a server receiving
+an unauthenticated packet will respond with an unauthenticated
+packet, while the same server receiving a packet of a cryptotype
+it supports will respond with packets of that cryptotype.
+However, unconfigured broadcast or manycast client
+associations or symmetric passive associations will not be
+mobilized unless the server supports a cryptotype compatible
+with the first packet received.
+By default, unauthenticated associations will not be mobilized
+unless overridden in a decidedly dangerous way.
+.PP
+Some examples may help to reduce confusion.
+Client Alice has no specific cryptotype selected.
+Server Bob has both a symmetric key file and minimal Autokey files.
+Alice's unauthenticated messages arrive at Bob, who replies with
+unauthenticated messages.
+Cathy has a copy of Bob's symmetric
+key file and has selected key ID 4 in messages to Bob.
+Bob verifies the message with his key ID 4.
+If it's the
+same key and the message is verified, Bob sends Cathy a reply
+authenticated with that key.
+If verification fails,
+Bob sends Cathy a thing called a crypto-NAK, which tells her
+something broke.
+She can see the evidence using the ntpq program.
+.PP
+Denise has rolled her own host key and certificate.
+She also uses one of the identity schemes as Bob.
+She sends the first Autokey message to Bob and they
+both dance the protocol authentication and identity steps.
+If all comes out okay, Denise and Bob continue as described above.
+.PP
+It should be clear from the above that Bob can support
+all the girls at the same time, as long as he has compatible
+authentication and identity credentials.
+Now, Bob can act just like the girls in his own choice of servers;
+he can run multiple configured associations with multiple different
+servers (or the same server, although that might not be useful).
+But, wise security policy might preclude some cryptotype
+combinations; for instance, running an identity scheme
+with one server and no authentication with another might not be wise.
+.SS Key Management
+The cryptographic values used by the Autokey protocol are
+incorporated as a set of files generated by the
+.Xr ntp-keygen 1ntpkeygenmdoc
+utility program, including symmetric key, host key and
+public certificate files, as well as sign key, identity parameters
+and leapseconds files.
+Alternatively, host and sign keys and
+certificate files can be generated by the OpenSSL utilities
+and certificates can be imported from public certificate
+authorities.
+Note that symmetric keys are necessary for the
+.Xr ntpq 1ntpqmdoc
+and
+.Xr ntpdc 1ntpdcmdoc
+utility programs.
+The remaining files are necessary only for the
+Autokey protocol.
+.PP
+Certificates imported from OpenSSL or public certificate
+authorities have certian limitations.
+The certificate should be in ASN.1 syntax, X.509 Version 3
+format and encoded in PEM, which is the same format
+used by OpenSSL.
+The overall length of the certificate encoded
+in ASN.1 must not exceed 1024 bytes.
+The subject distinguished
+name field (CN) is the fully qualified name of the host
+on which it is used; the remaining subject fields are ignored.
+The certificate extension fields must not contain either
+a subject key identifier or a issuer key identifier field;
+however, an extended key usage field for a trusted host must
+contain the value
+.Cm trustRoot ; .
+Other extension fields are ignored.
+.SS Authentication Commands
+.TP
+.BR Ic autokey Op Ar logsec
+Specifies the interval between regenerations of the session key
+list used with the Autokey protocol.
+Note that the size of the key
+list for each association depends on this interval and the current
+poll interval.
+The default value is 12 (4096 s or about 1.1 hours).
+For poll intervals above the specified interval, a session key list
+with a single entry will be regenerated for every message
+sent.
+.TP
+.BR Ic controlkey Ar key
+Specifies the key identifier to use with the
+.Xr ntpq 1ntpqmdoc
+utility, which uses the standard
+protocol defined in RFC-1305.
+The
+\fIkey\fR
+argument is
+the key identifier for a trusted key, where the value can be in the
+range 1 to 65,534, inclusive.
+.TP
+.BR Xo Ic crypto
+[ "\fIcert\fR" "\fIfile\fR" ]
+[ "\fIleap\fR" "\fIfile\fR" ]
+[ "\fIrandfile\fR" "\fIfile\fR" ]
+[ "\fIhost\fR" "\fIfile\fR" ]
+[ "\fIsign\fR" "\fIfile\fR" ]
+[ "\fIgq\fR" "\fIfile\fR" ]
+[ "\fIgqpar\fR" "\fIfile\fR" ]
+[ "\fIiffpar\fR" "\fIfile\fR" ]
+[ "\fImvpar\fR" "\fIfile\fR" ]
+[ "\fIpw\fR" "\fIpassword\fR" ]
+.Xc
+This command requires the OpenSSL library.
+It activates public key
+cryptography, selects the message digest and signature
+encryption scheme and loads the required private and public
+values described above.
+If one or more files are left unspecified,
+the default names are used as described above.
+Unless the complete path and name of the file are specified, the
+location of a file is relative to the keys directory specified
+in the
+.Ic keysdir
+command or default
+.Pa /usr/local/etc .
+Following are the subcommands:
+.in +4
+.ti -4
+.IR Cm cert Ar file
+Specifies the location of the required host public certificate file.
+This overrides the link
+.Pa ntpkey_cert_ Ns Ar hostname
+in the keys directory.
+.ti -4
+.IR Cm gqpar Ar file
+Specifies the location of the optional GQ parameters file.
+This
+overrides the link
+.Pa ntpkey_gq_ Ns Ar hostname
+in the keys directory.
+.ti -4
+.IR Cm host Ar file
+Specifies the location of the required host key file.
+This overrides
+the link
+.Pa ntpkey_key_ Ns Ar hostname
+in the keys directory.
+.ti -4
+.IR Cm iffpar Ar file
+Specifies the location of the optional IFF parameters file.This
+overrides the link
+.Pa ntpkey_iff_ Ns Ar hostname
+in the keys directory.
+.ti -4
+.IR Cm leap Ar file
+Specifies the location of the optional leapsecond file.
+This overrides the link
+.Pa ntpkey_leap
+in the keys directory.
+.ti -4
+.IR Cm mvpar Ar file
+Specifies the location of the optional MV parameters file.
+This
+overrides the link
+.Pa ntpkey_mv_ Ns Ar hostname
+in the keys directory.
+.ti -4
+.IR Cm pw Ar password
+Specifies the password to decrypt files containing private keys and
+identity parameters.
+This is required only if these files have been
+encrypted.
+.ti -4
+.IR Cm randfile Ar file
+Specifies the location of the random seed file used by the OpenSSL
+library.
+The defaults are described in the main text above.
+.ti -4
+.IR Cm sign Ar file
+Specifies the location of the optional sign key file.
+This overrides
+the link
+.Pa ntpkey_sign_ Ns Ar hostname
+in the keys directory.
+If this file is
+not found, the host key is also the sign key.
+.in -4
+.TP
+.BR Ic keys Ar keyfile
+Specifies the complete path and location of the MD5 key file
+containing the keys and key identifiers used by
+.Xr ntpd 1ntpdmdoc ,
+.Xr ntpq 1ntpqmdoc
+and
+.Xr ntpdc 1ntpdcmdoc
+when operating with symmetric key cryptography.
+This is the same operation as the
+k
+command line option.
+.TP
+.BR Ic keysdir Ar path
+This command specifies the default directory path for
+cryptographic keys, parameters and certificates.
+The default is
+.Pa /usr/local/etc/ .
+.TP
+.BR Ic requestkey Ar key
+Specifies the key identifier to use with the
+.Xr ntpdc 1ntpdcmdoc
+utility program, which uses a
+proprietary protocol specific to this implementation of
+.Xr ntpd 1ntpdmdoc .
+The
+\fIkey\fR
+argument is a key identifier
+for the trusted key, where the value can be in the range 1 to
+65,534, inclusive.
+.TP
+.BR Ic revoke Ar logsec
+Specifies the interval between re-randomization of certain
+cryptographic values used by the Autokey scheme, as a power of 2 in
+seconds.
+These values need to be updated frequently in order to
+deflect brute-force attacks on the algorithms of the scheme;
+however, updating some values is a relatively expensive operation.
+The default interval is 16 (65,536 s or about 18 hours).
+For poll
+intervals above the specified interval, the values will be updated
+for every message sent.
+.TP
+.BR Ic trustedkey Ar key ...
+Specifies the key identifiers which are trusted for the
+purposes of authenticating peers with symmetric key cryptography,
+as well as keys used by the
+.Xr ntpq 1ntpqmdoc
+and
+.Xr ntpdc 1ntpdcmdoc
+programs.
+The authentication procedures require that both the local
+and remote servers share the same key and key identifier for this
+purpose, although different keys can be used with different
+servers.
+The
+\fIkey\fR
+arguments are 32-bit unsigned
+integers with values from 1 to 65,534.
+.SS Error Codes
+The following error codes are reported via the NTP control
+and monitoring protocol trap mechanism.
+.TP
+.BR 101
+.Pq bad field format or length
+The packet has invalid version, length or format.
+.TP
+.BR 102
+.Pq bad timestamp
+The packet timestamp is the same or older than the most recent received.
+This could be due to a replay or a server clock time step.
+.TP
+.BR 103
+.Pq bad filestamp
+The packet filestamp is the same or older than the most recent received.
+This could be due to a replay or a key file generation error.
+.TP
+.BR 104
+.Pq bad or missing public key
+The public key is missing, has incorrect format or is an unsupported type.
+.TP
+.BR 105
+.Pq unsupported digest type
+The server requires an unsupported digest/signature scheme.
+.TP
+.BR 106
+.Pq mismatched digest types
+Not used.
+.TP
+.BR 107
+.Pq bad signature length
+The signature length does not match the current public key.
+.TP
+.BR 108
+.Pq signature not verified
+The message fails the signature check.
+It could be bogus or signed by a
+different private key.
+.TP
+.BR 109
+.Pq certificate not verified
+The certificate is invalid or signed with the wrong key.
+.TP
+.BR 110
+.Pq certificate not verified
+The certificate is not yet valid or has expired or the signature could not
+be verified.
+.TP
+.BR 111
+.Pq bad or missing cookie
+The cookie is missing, corrupted or bogus.
+.TP
+.BR 112
+.Pq bad or missing leapseconds table
+The leapseconds table is missing, corrupted or bogus.
+.TP
+.BR 113
+.Pq bad or missing certificate
+The certificate is missing, corrupted or bogus.
+.TP
+.BR 114
+.Pq bad or missing identity
+The identity key is missing, corrupt or bogus.
+.SH Monitoring Support
+.Xr ntpd 1ntpdmdoc
+includes a comprehensive monitoring facility suitable
+for continuous, long term recording of server and client
+timekeeping performance.
+See the
+.Ic statistics
+command below
+for a listing and example of each type of statistics currently
+supported.
+Statistic files are managed using file generation sets
+and scripts in the
+.Pa ./scripts
+directory of this distribution.
+Using
+these facilities and
+.Ux
+.Xr cron 8
+jobs, the data can be
+automatically summarized and archived for retrospective analysis.
+.SS Monitoring Commands
+.TP
+.BR Ic statistics Ar name ...
+Enables writing of statistics records.
+Currently, four kinds of
+\fIname\fR
+statistics are supported.
+.in +4
+.ti -4
+.IR Cm clockstats
+Enables recording of clock driver statistics information.
+Each update
+received from a clock driver appends a line of the following form to
+the file generation set named
+.Cm clockstats :
+.br
+.in +4
+.nf
+49213 525.624 127.127.4.1 93 226 00:08:29.606 D
+.in -4
+.fi
+.PP
+The first two fields show the date (Modified Julian Day) and time
+(seconds and fraction past UTC midnight).
+The next field shows the
+clock address in dotted-quad notation.
+The final field shows the last
+timecode received from the clock in decoded ASCII format, where
+meaningful.
+In some clock drivers a good deal of additional information
+can be gathered and displayed as well.
+See information specific to each
+clock for further details.
+.ti -4
+.IR Cm cryptostats
+This option requires the OpenSSL cryptographic software library.
+It
+enables recording of cryptographic public key protocol information.
+Each message received by the protocol module appends a line of the
+following form to the file generation set named
+.Cm cryptostats :
+.br
+.in +4
+.nf
+49213 525.624 127.127.4.1 message
+.in -4
+.fi
+.PP
+The first two fields show the date (Modified Julian Day) and time
+(seconds and fraction past UTC midnight).
+The next field shows the peer
+address in dotted-quad notation, The final message field includes the
+message type and certain ancillary information.
+See the
+.Sx Authentication Options
+section for further information.
+.ti -4
+.IR Cm loopstats
+Enables recording of loop filter statistics information.
+Each
+update of the local clock outputs a line of the following form to
+the file generation set named
+.Cm loopstats :
+.br
+.in +4
+.nf
+50935 75440.031 0.000006019 13.778190 0.000351733 0.0133806
+.in -4
+.fi
+.PP
+The first two fields show the date (Modified Julian Day) and
+time (seconds and fraction past UTC midnight).
+The next five fields
+show time offset (seconds), frequency offset (parts per million -
+PPM), RMS jitter (seconds), Allan deviation (PPM) and clock
+discipline time constant.
+.ti -4
+.IR Cm peerstats
+Enables recording of peer statistics information.
+This includes
+statistics records of all peers of a NTP server and of special
+signals, where present and configured.
+Each valid update appends a
+line of the following form to the current element of a file
+generation set named
+.Cm peerstats :
+.br
+.in +4
+.nf
+48773 10847.650 127.127.4.1 9714 -0.001605376 0.000000000 0.001424877 0.000958674
+.in -4
+.fi
+.PP
+The first two fields show the date (Modified Julian Day) and
+time (seconds and fraction past UTC midnight).
+The next two fields
+show the peer address in dotted-quad notation and status,
+respectively.
+The status field is encoded in hex in the format
+described in Appendix A of the NTP specification RFC 1305.
+The final four fields show the offset,
+delay, dispersion and RMS jitter, all in seconds.
+.ti -4
+.IR Cm rawstats
+Enables recording of raw-timestamp statistics information.
+This
+includes statistics records of all peers of a NTP server and of
+special signals, where present and configured.
+Each NTP message
+received from a peer or clock driver appends a line of the
+following form to the file generation set named
+.Cm rawstats :
+.br
+.in +4
+.nf
+50928 2132.543 128.4.1.1 128.4.1.20 3102453281.584327000 3102453281.58622800031 02453332.540806000 3102453332.541458000
+.in -4
+.fi
+.PP
+The first two fields show the date (Modified Julian Day) and
+time (seconds and fraction past UTC midnight).
+The next two fields
+show the remote peer or clock address followed by the local address
+in dotted-quad notation.
+The final four fields show the originate,
+receive, transmit and final NTP timestamps in order.
+The timestamp
+values are as received and before processing by the various data
+smoothing and mitigation algorithms.
+.ti -4
+.IR Cm sysstats
+Enables recording of ntpd statistics counters on a periodic basis.
+Each
+hour a line of the following form is appended to the file generation
+set named
+.Cm sysstats :
+.br
+.in +4
+.nf
+50928 2132.543 36000 81965 0 9546 56 71793 512 540 10 147
+.in -4
+.fi
+.PP
+The first two fields show the date (Modified Julian Day) and time
+(seconds and fraction past UTC midnight).
+The remaining ten fields show
+the statistics counter values accumulated since the last generated
+line.
+.in +4
+.ti -4
+.IR Time since restart Cm 36000
+Time in hours since the system was last rebooted.
+.ti -4
+.IR Packets received Cm 81965
+Total number of packets received.
+.ti -4
+.IR Packets processed Cm 0
+Number of packets received in response to previous packets sent
+.ti -4
+.IR Current version Cm 9546
+Number of packets matching the current NTP version.
+.ti -4
+.IR Previous version Cm 56
+Number of packets matching the previous NTP version.
+.ti -4
+.IR Bad version Cm 71793
+Number of packets matching neither NTP version.
+.ti -4
+.IR Access denied Cm 512
+Number of packets denied access for any reason.
+.ti -4
+.IR Bad length or format Cm 540
+Number of packets with invalid length, format or port number.
+.ti -4
+.IR Bad authentication Cm 10
+Number of packets not verified as authentic.
+.ti -4
+.IR Rate exceeded Cm 147
+Number of packets discarded due to rate limitation.
+.in -4
+.ti -4
+.IR Cm statsdir Ar directory_path
+Indicates the full path of a directory where statistics files
+should be created (see below).
+This keyword allows
+the (otherwise constant)
+.Cm filegen
+filename prefix to be modified for file generation sets, which
+is useful for handling statistics logs.
+.ti -4
+.IR Cm filegen Ar name Xo
+[ "\fIfile\fR" "\fIfilename\fR" ]
+[ "\fItype\fR" "\fItypename\fR" ]
+[ "\fIlink\fR" | nolink ]
+[ "\fIenable\fR" | disable ]
+.Xc
+Configures setting of generation file set name.
+Generation
+file sets provide a means for handling files that are
+continuously growing during the lifetime of a server.
+Server statistics are a typical example for such files.
+Generation file sets provide access to a set of files used
+to store the actual data.
+At any time at most one element
+of the set is being written to.
+The type given specifies
+when and how data will be directed to a new element of the set.
+This way, information stored in elements of a file set
+that are currently unused are available for administrational
+operations without the risk of disturbing the operation of ntpd.
+(Most important: they can be removed to free space for new data
+produced.)
+.PP
+Note that this command can be sent from the
+.Xr ntpdc 1ntpdcmdoc
+program running at a remote location.
+.in +4
+.ti -4
+.IR Cm name
+This is the type of the statistics records, as shown in the
+.Cm statistics
+command.
+.ti -4
+.IR Cm file Ar filename
+This is the file name for the statistics records.
+Filenames of set
+members are built from three concatenated elements
+\fICm prefix ,\fR
+\fICm filename\fR
+and
+\fICm suffix :\fR
+.in +4
+.ti -4
+.IR Cm prefix
+This is a constant filename path.
+It is not subject to
+modifications via the
+\fIfilegen\fR
+option.
+It is defined by the
+server, usually specified as a compile-time constant.
+It may,
+however, be configurable for individual file generation sets
+via other commands.
+For example, the prefix used with
+\fIloopstats\fR
+and
+\fIpeerstats\fR
+generation can be configured using the
+\fIstatsdir\fR
+option explained above.
+.ti -4
+.IR Cm filename
+This string is directly concatenated to the prefix mentioned
+above (no intervening
+.Ql / ) .
+This can be modified using
+the file argument to the
+\fIfilegen\fR
+statement.
+No
+.Pa ..
+elements are
+allowed in this component to prevent filenames referring to
+parts outside the filesystem hierarchy denoted by
+\fIprefix .\fR
+.ti -4
+.IR Cm suffix
+This part is reflects individual elements of a file set.
+It is
+generated according to the type of a file set.
+.in -4
+.ti -4
+.IR Cm type Ar typename
+A file generation set is characterized by its type.
+The following
+types are supported:
+.in +4
+.ti -4
+.IR Cm none
+The file set is actually a single plain file.
+.ti -4
+.IR Cm pid
+One element of file set is used per incarnation of a ntpd
+server.
+This type does not perform any changes to file set
+members during runtime, however it provides an easy way of
+separating files belonging to different
+.Xr ntpd 1ntpdmdoc
+server incarnations.
+The set member filename is built by appending a
+.Ql \&.
+to concatenated
+\fIprefix\fR
+and
+\fIfilename\fR
+strings, and
+appending the decimal representation of the process ID of the
+.Xr ntpd 1ntpdmdoc
+server process.
+.ti -4
+.IR Cm day
+One file generation set element is created per day.
+A day is
+defined as the period between 00:00 and 24:00 UTC.
+The file set
+member suffix consists of a
+.Ql \&.
+and a day specification in
+the form
+.Cm YYYYMMdd .
+.Cm YYYY
+is a 4-digit year number (e.g., 1992).
+.Cm MM
+is a two digit month number.
+.Cm dd
+is a two digit day number.
+Thus, all information written at 10 December 1992 would end up
+in a file named
+\fIprefix\fR
+\fIfilename Ns .19921210 .\fR
+.ti -4
+.IR Cm week
+Any file set member contains data related to a certain week of
+a year.
+The term week is defined by computing day-of-year
+modulo 7.
+Elements of such a file generation set are
+distinguished by appending the following suffix to the file set
+filename base: A dot, a 4-digit year number, the letter
+.Cm W ,
+and a 2-digit week number.
+For example, information from January,
+10th 1992 would end up in a file with suffix
+.No . Ns Ar 1992W1 .
+.ti -4
+.IR Cm month
+One generation file set element is generated per month.
+The
+file name suffix consists of a dot, a 4-digit year number, and
+a 2-digit month.
+.ti -4
+.IR Cm year
+One generation file element is generated per year.
+The filename
+suffix consists of a dot and a 4 digit year number.
+.ti -4
+.IR Cm age
+This type of file generation sets changes to a new element of
+the file set every 24 hours of server operation.
+The filename
+suffix consists of a dot, the letter
+.Cm a ,
+and an 8-digit number.
+This number is taken to be the number of seconds the server is
+running at the start of the corresponding 24-hour period.
+Information is only written to a file generation by specifying
+.Cm enable ;
+output is prevented by specifying
+.Cm disable .
+.in -4
+.ti -4
+.IR Cm link | nolink
+It is convenient to be able to access the current element of a file
+generation set by a fixed name.
+This feature is enabled by
+specifying
+.Cm link
+and disabled using
+.Cm nolink .
+If link is specified, a
+hard link from the current file set element to a file without
+suffix is created.
+When there is already a file with this name and
+the number of links of this file is one, it is renamed appending a
+dot, the letter
+.Cm C ,
+and the pid of the ntpd server process.
+When the
+number of links is greater than one, the file is unlinked.
+This
+allows the current file to be accessed by a constant name.
+.ti -4
+.IR Cm enable \&| Cm disable
+Enables or disables the recording function.
+.in -4
+.in -4
+.SH Access Control Support
+The
+.Xr ntpd 1ntpdmdoc
+daemon implements a general purpose address/mask based restriction
+list.
+The list contains address/match entries sorted first
+by increasing address values and and then by increasing mask values.
+A match occurs when the bitwise AND of the mask and the packet
+source address is equal to the bitwise AND of the mask and
+address in the list.
+The list is searched in order with the
+last match found defining the restriction flags associated
+with the entry.
+Additional information and examples can be found in the
+.Qq Notes on Configuring NTP and Setting up a NTP Subnet
+page
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp ) .
+.PP
+The restriction facility was implemented in conformance
+with the access policies for the original NSFnet backbone
+time servers.
+Later the facility was expanded to deflect
+cryptographic and clogging attacks.
+While this facility may
+be useful for keeping unwanted or broken or malicious clients
+from congesting innocent servers, it should not be considered
+an alternative to the NTP authentication facilities.
+Source address based restrictions are easily circumvented
+by a determined cracker.
+.PP
+Clients can be denied service because they are explicitly
+included in the restrict list created by the restrict command
+or implicitly as the result of cryptographic or rate limit
+violations.
+Cryptographic violations include certificate
+or identity verification failure; rate limit violations generally
+result from defective NTP implementations that send packets
+at abusive rates.
+Some violations cause denied service
+only for the offending packet, others cause denied service
+for a timed period and others cause the denied service for
+an indefinate period.
+When a client or network is denied access
+for an indefinate period, the only way at present to remove
+the restrictions is by restarting the server.
+.SS The Kiss-of-Death Packet
+Ordinarily, packets denied service are simply dropped with no
+further action except incrementing statistics counters.
+Sometimes a
+more proactive response is needed, such as a server message that
+explicitly requests the client to stop sending and leave a message
+for the system operator.
+A special packet format has been created
+for this purpose called the "kiss-of-death" (KoD) packet.
+KoD packets have the leap bits set unsynchronized and stratum set
+to zero and the reference identifier field set to a four-byte
+ASCII code.
+If the
+.Cm noserve
+or
+.Cm notrust
+flag of the matching restrict list entry is set,
+the code is "DENY"; if the
+.Cm limited
+flag is set and the rate limit
+is exceeded, the code is "RATE".
+Finally, if a cryptographic violation occurs, the code is "CRYP".
+.PP
+A client receiving a KoD performs a set of sanity checks to
+minimize security exposure, then updates the stratum and
+reference identifier peer variables, sets the access
+denied (TEST4) bit in the peer flash variable and sends
+a message to the log.
+As long as the TEST4 bit is set,
+the client will send no further packets to the server.
+The only way at present to recover from this condition is
+to restart the protocol at both the client and server.
+This
+happens automatically at the client when the association times out.
+It will happen at the server only if the server operator cooperates.
+.SS Access Control Commands
+.TP
+.BR Xo Ic discard
+[ "\fIaverage\fR" "\fIavg\fR" ]
+[ "\fIminimum\fR" "\fImin\fR" ]
+[ "\fImonitor\fR" "\fIprob\fR" ]
+.Xc
+Set the parameters of the
+.Cm limited
+facility which protects the server from
+client abuse.
+The
+.Cm average
+subcommand specifies the minimum average packet
+spacing, while the
+.Cm minimum
+subcommand specifies the minimum packet spacing.
+Packets that violate these minima are discarded
+and a kiss-o'-death packet returned if enabled.
+The default
+minimum average and minimum are 5 and 2, respectively.
+The monitor subcommand specifies the probability of discard
+for packets that overflow the rate-control window.
+.TP
+.BR Xo Ic restrict address
+[ "\fImask\fR" "\fImask\fR" ]
+[ "\fIflag\fR" ... ]
+.Xc
+The
+\fIaddress\fR
+argument expressed in
+dotted-quad form is the address of a host or network.
+Alternatively, the
+\fIaddress\fR
+argument can be a valid host DNS name.
+The
+\fImask\fR
+argument expressed in dotted-quad form defaults to
+.Cm 255.255.255.255 ,
+meaning that the
+\fIaddress\fR
+is treated as the address of an individual host.
+A default entry (address
+.Cm 0.0.0.0 ,
+mask
+.Cm 0.0.0.0 )
+is always included and is always the first entry in the list.
+Note that text string
+.Cm default ,
+with no mask option, may
+be used to indicate the default entry.
+In the current implementation,
+.Cm flag
+always
+restricts access, i.e., an entry with no flags indicates that free
+access to the server is to be given.
+The flags are not orthogonal,
+in that more restrictive flags will often make less restrictive
+ones redundant.
+The flags can generally be classed into two
+categories, those which restrict time service and those which
+restrict informational queries and attempts to do run-time
+reconfiguration of the server.
+One or more of the following flags
+may be specified:
+.in +4
+.ti -4
+.IR Cm ignore
+Deny packets of all kinds, including
+.Xr ntpq 1ntpqmdoc
+and
+.Xr ntpdc 1ntpdcmdoc
+queries.
+.ti -4
+.IR Cm kod
+If this flag is set when an access violation occurs, a kiss-o'-death
+(KoD) packet is sent.
+KoD packets are rate limited to no more than one
+per second.
+If another KoD packet occurs within one second after the
+last one, the packet is dropped.
+.ti -4
+.IR Cm limited
+Deny service if the packet spacing violates the lower limits specified
+in the discard command.
+A history of clients is kept using the
+monitoring capability of
+.Xr ntpd 1ntpdmdoc .
+Thus, monitoring is always active as
+long as there is a restriction entry with the
+.Cm limited
+flag.
+.ti -4
+.IR Cm lowpriotrap
+Declare traps set by matching hosts to be low priority.
+The
+number of traps a server can maintain is limited (the current limit
+is 3).
+Traps are usually assigned on a first come, first served
+basis, with later trap requestors being denied service.
+This flag
+modifies the assignment algorithm by allowing low priority traps to
+be overridden by later requests for normal priority traps.
+.ti -4
+.IR Cm nomodify
+Deny
+.Xr ntpq 1ntpqmdoc
+and
+.Xr ntpdc 1ntpdcmdoc
+queries which attempt to modify the state of the
+server (i.e., run time reconfiguration).
+Queries which return
+information are permitted.
+.ti -4
+.IR Cm noquery
+Deny
+.Xr ntpq 1ntpqmdoc
+and
+.Xr ntpdc 1ntpdcmdoc
+queries.
+Time service is not affected.
+.ti -4
+.IR Cm nopeer
+Deny packets which would result in mobilizing a new association.
+This
+includes broadcast and symmetric active packets when a configured
+association does not exist.
+.ti -4
+.IR Cm noserve
+Deny all packets except
+.Xr ntpq 1ntpqmdoc
+and
+.Xr ntpdc 1ntpdcmdoc
+queries.
+.ti -4
+.IR Cm notrap
+Decline to provide mode 6 control message trap service to matching
+hosts.
+The trap service is a subsystem of the ntpdq control message
+protocol which is intended for use by remote event logging programs.
+.ti -4
+.IR Cm notrust
+Deny service unless the packet is cryptographically authenticated.
+.ti -4
+.IR Cm ntpport
+This is actually a match algorithm modifier, rather than a
+restriction flag.
+Its presence causes the restriction entry to be
+matched only if the source port in the packet is the standard NTP
+UDP port (123).
+Both
+.Cm ntpport
+and
+.Cm non-ntpport
+may
+be specified.
+The
+.Cm ntpport
+is considered more specific and
+is sorted later in the list.
+.ti -4
+.IR Cm version
+Deny packets that do not match the current NTP version.
+.in -4
+.PP
+Default restriction list entries with the flags ignore, interface,
+ntpport, for each of the local host's interface addresses are
+inserted into the table at startup to prevent the server
+from attempting to synchronize to its own time.
+A default entry is also always present, though if it is
+otherwise unconfigured; no flags are associated
+with the default entry (i.e., everything besides your own
+NTP server is unrestricted).
+.SH Automatic NTP Configuration Options
+.SS Manycasting
+Manycasting is a automatic discovery and configuration paradigm
+new to NTPv4.
+It is intended as a means for a multicast client
+to troll the nearby network neighborhood to find cooperating
+manycast servers, validate them using cryptographic means
+and evaluate their time values with respect to other servers
+that might be lurking in the vicinity.
+The intended result is that each manycast client mobilizes
+client associations with some number of the "best"
+of the nearby manycast servers, yet automatically reconfigures
+to sustain this number of servers should one or another fail.
+.PP
+Note that the manycasting paradigm does not coincide
+with the anycast paradigm described in RFC-1546,
+which is designed to find a single server from a clique
+of servers providing the same service.
+The manycast paradigm is designed to find a plurality
+of redundant servers satisfying defined optimality criteria.
+.PP
+Manycasting can be used with either symmetric key
+or public key cryptography.
+The public key infrastructure (PKI)
+offers the best protection against compromised keys
+and is generally considered stronger, at least with relatively
+large key sizes.
+It is implemented using the Autokey protocol and
+the OpenSSL cryptographic library available from
+.Li http://www.openssl.org/ .
+The library can also be used with other NTPv4 modes
+as well and is highly recommended, especially for broadcast modes.
+.PP
+A persistent manycast client association is configured
+using the manycastclient command, which is similar to the
+server command but with a multicast (IPv4 class
+.Cm D
+or IPv6 prefix
+.Cm FF )
+group address.
+The IANA has designated IPv4 address 224.1.1.1
+and IPv6 address FF05::101 (site local) for NTP.
+When more servers are needed, it broadcasts manycast
+client messages to this address at the minimum feasible rate
+and minimum feasible time-to-live (TTL) hops, depending
+on how many servers have already been found.
+There can be as many manycast client associations
+as different group address, each one serving as a template
+for a future ephemeral unicast client/server association.
+.PP
+Manycast servers configured with the
+.Ic manycastserver
+command listen on the specified group address for manycast
+client messages.
+Note the distinction between manycast client,
+which actively broadcasts messages, and manycast server,
+which passively responds to them.
+If a manycast server is
+in scope of the current TTL and is itself synchronized
+to a valid source and operating at a stratum level equal
+to or lower than the manycast client, it replies to the
+manycast client message with an ordinary unicast server message.
+.PP
+The manycast client receiving this message mobilizes
+an ephemeral client/server association according to the
+matching manycast client template, but only if cryptographically
+authenticated and the server stratum is less than or equal
+to the client stratum.
+Authentication is explicitly required
+and either symmetric key or public key (Autokey) can be used.
+Then, the client polls the server at its unicast address
+in burst mode in order to reliably set the host clock
+and validate the source.
+This normally results
+in a volley of eight client/server at 2-s intervals
+during which both the synchronization and cryptographic
+protocols run concurrently.
+Following the volley,
+the client runs the NTP intersection and clustering
+algorithms, which act to discard all but the "best"
+associations according to stratum and synchronization
+distance.
+The surviving associations then continue
+in ordinary client/server mode.
+.PP
+The manycast client polling strategy is designed to reduce
+as much as possible the volume of manycast client messages
+and the effects of implosion due to near-simultaneous
+arrival of manycast server messages.
+The strategy is determined by the
+.Ic manycastclient ,
+.Ic tos
+and
+.Ic ttl
+configuration commands.
+The manycast poll interval is
+normally eight times the system poll interval,
+which starts out at the
+.Cm minpoll
+value specified in the
+.Ic manycastclient ,
+command and, under normal circumstances, increments to the
+.Cm maxpolll
+value specified in this command.
+Initially, the TTL is
+set at the minimum hops specified by the ttl command.
+At each retransmission the TTL is increased until reaching
+the maximum hops specified by this command or a sufficient
+number client associations have been found.
+Further retransmissions use the same TTL.
+.PP
+The quality and reliability of the suite of associations
+discovered by the manycast client is determined by the NTP
+mitigation algorithms and the
+.Cm minclock
+and
+.Cm minsane
+values specified in the
+.Ic tos
+configuration command.
+At least
+.Cm minsane
+candidate servers must be available and the mitigation
+algorithms produce at least
+.Cm minclock
+survivors in order to synchronize the clock.
+Byzantine agreement principles require at least four
+candidates in order to correctly discard a single falseticker.
+For legacy purposes,
+.Cm minsane
+defaults to 1 and
+.Cm minclock
+defaults to 3.
+For manycast service
+.Cm minsane
+should be explicitly set to 4, assuming at least that
+number of servers are available.
+.PP
+If at least
+.Cm minclock
+servers are found, the manycast poll interval is immediately
+set to eight times
+.Cm maxpoll .
+If less than
+.Cm minclock
+servers are found when the TTL has reached the maximum hops,
+the manycast poll interval is doubled.
+For each transmission
+after that, the poll interval is doubled again until
+reaching the maximum of eight times
+.Cm maxpoll .
+Further transmissions use the same poll interval and
+TTL values.
+Note that while all this is going on,
+each client/server association found is operating normally
+it the system poll interval.
+.PP
+Administratively scoped multicast boundaries are normally
+specified by the network router configuration and,
+in the case of IPv6, the link/site scope prefix.
+By default, the increment for TTL hops is 32 starting
+from 31; however, the
+.Ic ttl
+configuration command can be
+used to modify the values to match the scope rules.
+.PP
+It is often useful to narrow the range of acceptable
+servers which can be found by manycast client associations.
+Because manycast servers respond only when the client
+stratum is equal to or greater than the server stratum,
+primary (stratum 1) servers fill find only primary servers
+in TTL range, which is probably the most common objective.
+However, unless configured otherwise, all manycast clients
+in TTL range will eventually find all primary servers
+in TTL range, which is probably not the most common
+objective in large networks.
+The
+.Ic tos
+command can be used to modify this behavior.
+Servers with stratum below
+.Cm floor
+or above
+.Cm ceiling
+specified in the
+.Ic tos
+command are strongly discouraged during the selection
+process; however, these servers may be temporally
+accepted if the number of servers within TTL range is
+less than
+.Cm minclock .
+.PP
+The above actions occur for each manycast client message,
+which repeats at the designated poll interval.
+However, once the ephemeral client association is mobilized,
+subsequent manycast server replies are discarded,
+since that would result in a duplicate association.
+If during a poll interval the number of client associations
+falls below
+.Cm minclock ,
+all manycast client prototype associations are reset
+to the initial poll interval and TTL hops and operation
+resumes from the beginning.
+It is important to avoid
+frequent manycast client messages, since each one requires
+all manycast servers in TTL range to respond.
+The result could well be an implosion, either minor or major,
+depending on the number of servers in range.
+The recommended value for
+.Cm maxpoll
+is 12 (4,096 s).
+.PP
+It is possible and frequently useful to configure a host
+as both manycast client and manycast server.
+A number of hosts configured this way and sharing a common
+group address will automatically organize themselves
+in an optimum configuration based on stratum and
+synchronization distance.
+For example, consider an NTP
+subnet of two primary servers and a hundred or more
+dependent clients.
+With two exceptions, all servers
+and clients have identical configuration files including both
+.Ic multicastclient
+and
+.Ic multicastserver
+commands using, for instance, multicast group address
+239.1.1.1.
+The only exception is that each primary server
+configuration file must include commands for the primary
+reference source such as a GPS receiver.
+.PP
+The remaining configuration files for all secondary
+servers and clients have the same contents, except for the
+.Ic tos
+command, which is specific for each stratum level.
+For stratum 1 and stratum 2 servers, that command is
+not necessary.
+For stratum 3 and above servers the
+.Cm floor
+value is set to the intended stratum number.
+Thus, all stratum 3 configuration files are identical,
+all stratum 4 files are identical and so forth.
+.PP
+Once operations have stabilized in this scenario,
+the primary servers will find the primary reference source
+and each other, since they both operate at the same
+stratum (1), but not with any secondary server or client,
+since these operate at a higher stratum.
+The secondary
+servers will find the servers at the same stratum level.
+If one of the primary servers loses its GPS receiver,
+it will continue to operate as a client and other clients
+will time out the corresponding association and
+re-associate accordingly.
+.PP
+Some administrators prefer to avoid running
+.Xr ntpd 1ntpdmdoc
+continuously and run either
+.Xr ntpdate 8
+or
+.Xr ntpd 1ntpdmdoc
+q
+as a cron job.
+In either case the servers must be
+configured in advance and the program fails if none are
+available when the cron job runs.
+A really slick
+application of manycast is with
+.Xr ntpd 1ntpdmdoc
+q .
+The program wakes up, scans the local landscape looking
+for the usual suspects, selects the best from among
+the rascals, sets the clock and then departs.
+Servers do not have to be configured in advance and
+all clients throughout the network can have the same
+configuration file.
+.SS Manycast Interactions with Autokey
+Each time a manycast client sends a client mode packet
+to a multicast group address, all manycast servers
+in scope generate a reply including the host name
+and status word.
+The manycast clients then run
+the Autokey protocol, which collects and verifies
+all certificates involved.
+Following the burst interval
+all but three survivors are cast off,
+but the certificates remain in the local cache.
+It often happens that several complete signing trails
+from the client to the primary servers are collected in this way.
+.PP
+About once an hour or less often if the poll interval
+exceeds this, the client regenerates the Autokey key list.
+This is in general transparent in client/server mode.
+However, about once per day the server private value
+used to generate cookies is refreshed along with all
+manycast client associations.
+In this case all
+cryptographic values including certificates is refreshed.
+If a new certificate has been generated since
+the last refresh epoch, it will automatically revoke
+all prior certificates that happen to be in the
+certificate cache.
+At the same time, the manycast
+scheme starts all over from the beginning and
+the expanding ring shrinks to the minimum and increments
+from there while collecting all servers in scope.
+.SS Manycast Options
+.TP
+.BR Xo Ic tos
+.Oo
+.Cm ceiling Ar ceiling |
+.Cm cohort { 0 | 1 } |
+.Cm floor Ar floor |
+.Cm minclock Ar minclock |
+.Cm minsane Ar minsane
+.Oc
+.Xc
+This command affects the clock selection and clustering
+algorithms.
+It can be used to select the quality and
+quantity of peers used to synchronize the system clock
+and is most useful in manycast mode.
+The variables operate
+as follows:
+.in +4
+.ti -4
+.IR Cm ceiling Ar ceiling
+Peers with strata above
+.Cm ceiling
+will be discarded if there are at least
+.Cm minclock
+peers remaining.
+This value defaults to 15, but can be changed
+to any number from 1 to 15.
+.ti -4
+.IR Cm cohort Bro 0 | 1 Brc
+This is a binary flag which enables (0) or disables (1)
+manycast server replies to manycast clients with the same
+stratum level.
+This is useful to reduce implosions where
+large numbers of clients with the same stratum level
+are present.
+The default is to enable these replies.
+.ti -4
+.IR Cm floor Ar floor
+Peers with strata below
+.Cm floor
+will be discarded if there are at least
+.Cm minclock
+peers remaining.
+This value defaults to 1, but can be changed
+to any number from 1 to 15.
+.ti -4
+.IR Cm minclock Ar minclock
+The clustering algorithm repeatedly casts out outlyer
+associations until no more than
+.Cm minclock
+associations remain.
+This value defaults to 3,
+but can be changed to any number from 1 to the number of
+configured sources.
+.ti -4
+.IR Cm minsane Ar minsane
+This is the minimum number of candidates available
+to the clock selection algorithm in order to produce
+one or more truechimers for the clustering algorithm.
+If fewer than this number are available, the clock is
+undisciplined and allowed to run free.
+The default is 1
+for legacy purposes.
+However, according to principles of
+Byzantine agreement,
+.Cm minsane
+should be at least 4 in order to detect and discard
+a single falseticker.
+.in -4
+.TP
+.BR Cm ttl Ar hop ...
+This command specifies a list of TTL values in increasing
+order, up to 8 values can be specified.
+In manycast mode these values are used in turn
+in an expanding-ring search.
+The default is eight
+multiples of 32 starting at 31.
+.SH Reference Clock Support
+The NTP Version 4 daemon supports some three dozen different radio,
+satellite and modem reference clocks plus a special pseudo-clock
+used for backup or when no other clock source is available.
+Detailed descriptions of individual device drivers and options can
+be found in the
+.Qq Reference Clock Drivers
+page
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp ) .
+Additional information can be found in the pages linked
+there, including the
+.Qq Debugging Hints for Reference Clock Drivers
+and
+.Qq How To Write a Reference Clock Driver
+pages
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp ) .
+In addition, support for a PPS
+signal is available as described in the
+.Qq Pulse-per-second (PPS) Signal Interfacing
+page
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp ) .
+Many
+drivers support special line discipline/streams modules which can
+significantly improve the accuracy using the driver.
+These are
+described in the
+.Qq Line Disciplines and Streams Drivers
+page
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp ) .
+.PP
+A reference clock will generally (though not always) be a radio
+timecode receiver which is synchronized to a source of standard
+time such as the services offered by the NRC in Canada and NIST and
+USNO in the US.
+The interface between the computer and the timecode
+receiver is device dependent, but is usually a serial port.
+A
+device driver specific to each reference clock must be selected and
+compiled in the distribution; however, most common radio, satellite
+and modem clocks are included by default.
+Note that an attempt to
+configure a reference clock when the driver has not been compiled
+or the hardware port has not been appropriately configured results
+in a scalding remark to the system log file, but is otherwise non
+hazardous.
+.PP
+For the purposes of configuration,
+.Xr ntpd 1ntpdmdoc
+treats
+reference clocks in a manner analogous to normal NTP peers as much
+as possible.
+Reference clocks are identified by a syntactically
+correct but invalid IP address, in order to distinguish them from
+normal NTP peers.
+Reference clock addresses are of the form
+.Sm off
+.Li 127.127. Ar t . Ar u ,
+.Sm on
+where
+\fIt\fR
+is an integer
+denoting the clock type and
+\fIu\fR
+indicates the unit
+number in the range 0-3.
+While it may seem overkill, it is in fact
+sometimes useful to configure multiple reference clocks of the same
+type, in which case the unit numbers must be unique.
+.PP
+The
+.Ic server
+command is used to configure a reference
+clock, where the
+\fIaddress\fR
+argument in that command
+is the clock address.
+The
+.Cm key ,
+.Cm version
+and
+.Cm ttl
+options are not used for reference clock support.
+The
+.Cm mode
+option is added for reference clock support, as
+described below.
+The
+.Cm prefer
+option can be useful to
+persuade the server to cherish a reference clock with somewhat more
+enthusiasm than other reference clocks or peers.
+Further
+information on this option can be found in the
+.Qq Mitigation Rules and the prefer Keyword
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp )
+page.
+The
+.Cm minpoll
+and
+.Cm maxpoll
+options have
+meaning only for selected clock drivers.
+See the individual clock
+driver document pages for additional information.
+.PP
+The
+.Ic fudge
+command is used to provide additional
+information for individual clock drivers and normally follows
+immediately after the
+.Ic server
+command.
+The
+\fIaddress\fR
+argument specifies the clock address.
+The
+.Cm refid
+and
+.Cm stratum
+options can be used to
+override the defaults for the device.
+There are two optional
+device-dependent time offsets and four flags that can be included
+in the
+.Ic fudge
+command as well.
+.PP
+The stratum number of a reference clock is by default zero.
+Since the
+.Xr ntpd 1ntpdmdoc
+daemon adds one to the stratum of each
+peer, a primary server ordinarily displays an external stratum of
+one.
+In order to provide engineered backups, it is often useful to
+specify the reference clock stratum as greater than zero.
+The
+.Cm stratum
+option is used for this purpose.
+Also, in cases
+involving both a reference clock and a pulse-per-second (PPS)
+discipline signal, it is useful to specify the reference clock
+identifier as other than the default, depending on the driver.
+The
+.Cm refid
+option is used for this purpose.
+Except where noted,
+these options apply to all clock drivers.
+.SS Reference Clock Commands
+.TP
+.BR Xo Ic server
+.Sm off
+.Li 127.127. Ar t . Ar u
+.Sm on
+[ "\fIprefer\fR" ]
+[ "\fImode\fR" "\fIint\fR" ]
+[ "\fIminpoll\fR" "\fIint\fR" ]
+[ "\fImaxpoll\fR" "\fIint\fR" ]
+.Xc
+This command can be used to configure reference clocks in
+special ways.
+The options are interpreted as follows:
+.in +4
+.ti -4
+.IR Cm prefer
+Marks the reference clock as preferred.
+All other things being
+equal, this host will be chosen for synchronization among a set of
+correctly operating hosts.
+See the
+.Qq Mitigation Rules and the prefer Keyword
+page
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp )
+for further information.
+.ti -4
+.IR Cm mode Ar int
+Specifies a mode number which is interpreted in a
+device-specific fashion.
+For instance, it selects a dialing
+protocol in the ACTS driver and a device subtype in the
+parse
+drivers.
+.ti -4
+.IR Cm minpoll Ar int
+.ti -4
+.IR Cm maxpoll Ar int
+These options specify the minimum and maximum polling interval
+for reference clock messages, as a power of 2 in seconds
+For
+most directly connected reference clocks, both
+.Cm minpoll
+and
+.Cm maxpoll
+default to 6 (64 s).
+For modem reference clocks,
+.Cm minpoll
+defaults to 10 (17.1 m) and
+.Cm maxpoll
+defaults to 14 (4.5 h).
+The allowable range is 4 (16 s) to 17 (36.4 h) inclusive.
+.in -4
+.TP
+.BR Xo Ic fudge
+.Sm off
+.Li 127.127. Ar t . Ar u
+.Sm on
+[ "\fItime1\fR" "\fIsec\fR" ]
+[ "\fItime2\fR" "\fIsec\fR" ]
+[ "\fIstratum\fR" "\fIint\fR" ]
+[ "\fIrefid\fR" "\fIstring\fR" ]
+[ "\fImode\fR" "\fIint\fR" ]
+[ "\fIflag1\fR" "\fI0\fR" \&| "\fI1\fR" ]
+[ "\fIflag2\fR" "\fI0\fR" \&| "\fI1\fR" ]
+[ "\fIflag3\fR" "\fI0\fR" \&| "\fI1\fR" ]
+[ "\fIflag4\fR" "\fI0\fR" \&| "\fI1\fR" ]
+.Xc
+This command can be used to configure reference clocks in
+special ways.
+It must immediately follow the
+.Ic server
+command which configures the driver.
+Note that the same capability
+is possible at run time using the
+.Xr ntpdc 1ntpdcmdoc
+program.
+The options are interpreted as
+follows:
+.in +4
+.ti -4
+.IR Cm time1 Ar sec
+Specifies a constant to be added to the time offset produced by
+the driver, a fixed-point decimal number in seconds.
+This is used
+as a calibration constant to adjust the nominal time offset of a
+particular clock to agree with an external standard, such as a
+precision PPS signal.
+It also provides a way to correct a
+systematic error or bias due to serial port or operating system
+latencies, different cable lengths or receiver internal delay.
+The
+specified offset is in addition to the propagation delay provided
+by other means, such as internal DIPswitches.
+Where a calibration
+for an individual system and driver is available, an approximate
+correction is noted in the driver documentation pages.
+Note: in order to facilitate calibration when more than one
+radio clock or PPS signal is supported, a special calibration
+feature is available.
+It takes the form of an argument to the
+.Ic enable
+command described in
+.Sx Miscellaneous Options
+page and operates as described in the
+.Qq Reference Clock Drivers
+page
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp ) .
+.ti -4
+.IR Cm time2 Ar secs
+Specifies a fixed-point decimal number in seconds, which is
+interpreted in a driver-dependent way.
+See the descriptions of
+specific drivers in the
+.Qq Reference Clock Drivers
+page
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp ) .
+.ti -4
+.IR Cm stratum Ar int
+Specifies the stratum number assigned to the driver, an integer
+between 0 and 15.
+This number overrides the default stratum number
+ordinarily assigned by the driver itself, usually zero.
+.ti -4
+.IR Cm refid Ar string
+Specifies an ASCII string of from one to four characters which
+defines the reference identifier used by the driver.
+This string
+overrides the default identifier ordinarily assigned by the driver
+itself.
+.ti -4
+.IR Cm mode Ar int
+Specifies a mode number which is interpreted in a
+device-specific fashion.
+For instance, it selects a dialing
+protocol in the ACTS driver and a device subtype in the
+parse
+drivers.
+.ti -4
+.IR Cm flag1 Cm 0 \&| Cm 1
+.ti -4
+.IR Cm flag2 Cm 0 \&| Cm 1
+.ti -4
+.IR Cm flag3 Cm 0 \&| Cm 1
+.ti -4
+.IR Cm flag4 Cm 0 \&| Cm 1
+These four flags are used for customizing the clock driver.
+The
+interpretation of these values, and whether they are used at all,
+is a function of the particular clock driver.
+However, by
+convention
+.Cm flag4
+is used to enable recording monitoring
+data to the
+.Cm clockstats
+file configured with the
+.Ic filegen
+command.
+Further information on the
+.Ic filegen
+command can be found in
+.Sx Monitoring Options .
+.in -4
+.SH Miscellaneous Options
+.TP
+.BR Ic broadcastdelay Ar seconds
+The broadcast and multicast modes require a special calibration
+to determine the network delay between the local and remote
+servers.
+Ordinarily, this is done automatically by the initial
+protocol exchanges between the client and server.
+In some cases,
+the calibration procedure may fail due to network or server access
+controls, for example.
+This command specifies the default delay to
+be used under these circumstances.
+Typically (for Ethernet), a
+number between 0.003 and 0.007 seconds is appropriate.
+The default
+when this command is not used is 0.004 seconds.
+.TP
+.BR Ic calldelay Ar delay
+This option controls the delay in seconds between the first and second
+packets sent in burst or iburst mode to allow additional time for a modem
+or ISDN call to complete.
+.TP
+.BR Ic driftfile Ar driftfile
+This command specifies the complete path and name of the file used to
+record the frequency of the local clock oscillator.
+This is the same
+operation as the
+f
+command line option.
+If the file exists, it is read at
+startup in order to set the initial frequency and then updated once per
+hour with the current frequency computed by the daemon.
+If the file name is
+specified, but the file itself does not exist, the starts with an initial
+frequency of zero and creates the file when writing it for the first time.
+If this command is not given, the daemon will always start with an initial
+frequency of zero.
+.PP
+The file format consists of a single line containing a single
+floating point number, which records the frequency offset measured
+in parts-per-million (PPM).
+The file is updated by first writing
+the current drift value into a temporary file and then renaming
+this file to replace the old version.
+This implies that
+.Xr ntpd 1ntpdmdoc
+must have write permission for the directory the
+drift file is located in, and that file system links, symbolic or
+otherwise, should be avoided.
+.TP
+.BR Xo Ic enable
+.Oo
+.Cm auth | Cm bclient |
+.Cm calibrate | Cm kernel |
+.Cm monitor | Cm ntp |
+.Cm pps | Cm stats
+.Oc
+.Xc
+.TP
+.BR Xo Ic disable
+.Oo
+.Cm auth | Cm bclient |
+.Cm calibrate | Cm kernel |
+.Cm monitor | Cm ntp |
+.Cm pps | Cm stats
+.Oc
+.Xc
+Provides a way to enable or disable various server options.
+Flags not mentioned are unaffected.
+Note that all of these flags
+can be controlled remotely using the
+.Xr ntpdc 1ntpdcmdoc
+utility program.
+.in +4
+.ti -4
+.IR Cm auth
+Enables the server to synchronize with unconfigured peers only if the
+peer has been correctly authenticated using either public key or
+private key cryptography.
+The default for this flag is
+.Ic enable .
+.ti -4
+.IR Cm bclient
+Enables the server to listen for a message from a broadcast or
+multicast server, as in the
+.Ic multicastclient
+command with default
+address.
+The default for this flag is
+.Ic disable .
+.ti -4
+.IR Cm calibrate
+Enables the calibrate feature for reference clocks.
+The default for
+this flag is
+.Ic disable .
+.ti -4
+.IR Cm kernel
+Enables the kernel time discipline, if available.
+The default for this
+flag is
+.Ic enable
+if support is available, otherwise
+.Ic disable .
+.ti -4
+.IR Cm monitor
+Enables the monitoring facility.
+See the
+.Xr ntpdc 1ntpdcmdoc
+program
+and the
+.Ic monlist
+command or further information.
+The
+default for this flag is
+.Ic enable .
+.ti -4
+.IR Cm ntp
+Enables time and frequency discipline.
+In effect, this switch opens and
+closes the feedback loop, which is useful for testing.
+The default for
+this flag is
+.Ic enable .
+.ti -4
+.IR Cm pps
+Enables the pulse-per-second (PPS) signal when frequency and time is
+disciplined by the precision time kernel modifications.
+See the
+.Qq A Kernel Model for Precision Timekeeping
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp )
+page for further information.
+The default for this flag is
+.Ic disable .
+.ti -4
+.IR Cm stats
+Enables the statistics facility.
+See the
+.Sx Monitoring Options
+section for further information.
+The default for this flag is
+.Ic disable .
+.in -4
+.TP
+.BR Ic includefile Ar includefile
+This command allows additional configuration commands
+to be included from a separate file.
+Include files may
+be nested to a depth of five; upon reaching the end of any
+include file, command processing resumes in the previous
+configuration file.
+This option is useful for sites that run
+.Xr ntpd 1ntpdmdoc
+on multiple hosts, with (mostly) common options (e.g., a
+restriction list).
+.TP
+.BR Ic logconfig Ar configkeyword
+This command controls the amount and type of output written to
+the system
+.Xr syslog 3
+facility or the alternate
+.Ic logfile
+log file.
+By default, all output is turned on.
+All
+\fIconfigkeyword\fR
+keywords can be prefixed with
+.Ql = ,
+.Ql +
+and
+.Ql - ,
+where
+.Ql =
+sets the
+.Xr syslog 3
+priority mask,
+.Ql +
+adds and
+.Ql -
+removes
+messages.
+.Xr syslog 3
+messages can be controlled in four
+classes
+.Po
+.Cm clock ,
+.Cm peer ,
+.Cm sys
+and
+.Cm sync
+.Pc .
+Within these classes four types of messages can be
+controlled: informational messages
+.Po
+.Cm info
+.Pc ,
+event messages
+.Po
+.Cm events
+.Pc ,
+statistics messages
+.Po
+.Cm statistics
+.Pc
+and
+status messages
+.Po
+.Cm status
+.Pc .
+.PP
+Configuration keywords are formed by concatenating the message class with
+the event class.
+The
+.Cm all
+prefix can be used instead of a message class.
+A
+message class may also be followed by the
+.Cm all
+keyword to enable/disable all
+messages of the respective message class.Thus, a minimal log configuration
+could look like this:
+.br
+.in +4
+.nf
+logconfig =syncstatus +sysevents
+.in -4
+.fi
+.PP
+This would just list the synchronizations state of
+.Xr ntpd 1ntpdmdoc
+and the major system events.
+For a simple reference server, the
+following minimum message configuration could be useful:
+.br
+.in +4
+.nf
+logconfig =syncall +clockall
+.in -4
+.fi
+.PP
+This configuration will list all clock information and
+synchronization information.
+All other events and messages about
+peers, system events and so on is suppressed.
+.TP
+.BR Ic logfile Ar logfile
+This command specifies the location of an alternate log file to
+be used instead of the default system
+.Xr syslog 3
+facility.
+This is the same operation as the -l command line option.
+.TP
+.BR Ic setvar Ar variable Op Cm default
+This command adds an additional system variable.
+These
+variables can be used to distribute additional information such as
+the access policy.
+If the variable of the form
+.Sm off
+.Va name = Ar value
+.Sm on
+is followed by the
+.Cm default
+keyword, the
+variable will be listed as part of the default system variables
+.Po
+.Xr ntpq 1ntpqmdoc
+.Ic rv
+command
+.Pc ) .
+These additional variables serve
+informational purposes only.
+They are not related to the protocol
+other that they can be listed.
+The known protocol variables will
+always override any variables defined via the
+.Ic setvar
+mechanism.
+There are three special variables that contain the names
+of all variable of the same group.
+The
+.Va sys_var_list
+holds
+the names of all system variables.
+The
+.Va peer_var_list
+holds
+the names of all peer variables and the
+.Va clock_var_list
+holds the names of the reference clock variables.
+.TP
+.BR Xo Ic tinker
+.Oo
+.Cm allan Ar allan |
+.Cm dispersion Ar dispersion |
+.Cm freq Ar freq |
+.Cm huffpuff Ar huffpuff |
+.Cm panic Ar panic |
+.Cm step Ar srep |
+.Cm stepout Ar stepout
+.Oc
+.Xc
+This command can be used to alter several system variables in
+very exceptional circumstances.
+It should occur in the
+configuration file before any other configuration options.
+The
+default values of these variables have been carefully optimized for
+a wide range of network speeds and reliability expectations.
+In
+general, they interact in intricate ways that are hard to predict
+and some combinations can result in some very nasty behavior.
+Very
+rarely is it necessary to change the default values; but, some
+folks cannot resist twisting the knobs anyway and this command is
+for them.
+Emphasis added: twisters are on their own and can expect
+no help from the support group.
+.PP
+The variables operate as follows:
+.in +4
+.ti -4
+.IR Cm allan Ar allan
+The argument becomes the new value for the minimum Allan
+intercept, which is a parameter of the PLL/FLL clock discipline
+algorithm.
+The value in log2 seconds defaults to 7 (1024 s), which is also the lower
+limit.
+.ti -4
+.IR Cm dispersion Ar dispersion
+The argument becomes the new value for the dispersion increase rate,
+normally .000015 s/s.
+.ti -4
+.IR Cm freq Ar freq
+The argument becomes the initial value of the frequency offset in
+parts-per-million.
+This overrides the value in the frequency file, if
+present, and avoids the initial training state if it is not.
+.ti -4
+.IR Cm huffpuff Ar huffpuff
+The argument becomes the new value for the experimental
+huff-n'-puff filter span, which determines the most recent interval
+the algorithm will search for a minimum delay.
+The lower limit is
+900 s (15 m), but a more reasonable value is 7200 (2 hours).
+There
+is no default, since the filter is not enabled unless this command
+is given.
+.ti -4
+.IR Cm panic Ar panic
+The argument is the panic threshold, normally 1000 s.
+If set to zero,
+the panic sanity check is disabled and a clock offset of any value will
+be accepted.
+.ti -4
+.IR Cm step Ar step
+The argument is the step threshold, which by default is 0.128 s.
+It can
+be set to any positive number in seconds.
+If set to zero, step
+adjustments will never occur.
+Note: The kernel time discipline is
+disabled if the step threshold is set to zero or greater than the
+default.
+.ti -4
+.IR Cm stepout Ar stepout
+The argument is the stepout timeout, which by default is 900 s.
+It can
+be set to any positive number in seconds.
+If set to zero, the stepout
+pulses will not be suppressed.
+.in -4
+.TP
+.BR Xo Ic trap Ar host_address
+[ "\fIport\fR" "\fIport_number\fR" ]
+[ "\fIinterface\fR" "\fIinterface_address\fR" ]
+.Xc
+This command configures a trap receiver at the given host
+address and port number for sending messages with the specified
+local interface address.
+If the port number is unspecified, a value
+of 18447 is used.
+If the interface address is not specified, the
+message is sent with a source address of the local interface the
+message is sent through.
+Note that on a multihomed host the
+interface used may vary from time to time with routing changes.
+.PP
+The trap receiver will generally log event messages and other
+information from the server in a log file.
+While such monitor
+programs may also request their own trap dynamically, configuring a
+trap receiver will ensure that no messages are lost when the server
+is started.
+.TP
+.BR Cm hop Ar ...
+This command specifies a list of TTL values in increasing order, up to 8
+values can be specified.
+In manycast mode these values are used in turn in
+an expanding-ring search.
+The default is eight multiples of 32 starting at
+31.
+.SH "OPTIONS"
+.TP
+.BR \-\-help
+Display usage information and exit.
+.TP
+.BR \-\-more-help
+Pass the extended usage information through a pager.
+.TP
+.BR \-\-version "[=\fI{v|c|n}\fP]"
+Output version of program and exit.  The default mode is `v', a simple
+version.  The `c' mode will print copyright information and `n' will
+print the full copyright notice.
+.SH "OPTION PRESETS"
+Any option that is not marked as \fInot presettable\fP may be preset
+by loading values from environment variables named:
+.nf
+  \fBNTP_CONF_<option-name>\fP or \fBNTP_CONF\fP
+.fi
+.ad
+.SH "ENVIRONMENT"
+See \fBOPTION PRESETS\fP for configuration environment variables.
+.SH FILES
+.TP
+.BR Pa /etc/ntp.conf
+the default name of the configuration file
+.TP
+.BR Pa ntp.keys
+private MD5 keys
+.TP
+.BR Pa ntpkey
+RSA private key
+.TP
+.BR Pa ntpkey_ Ns Ar host
+RSA public key
+.TP
+.BR Pa ntp_dh
+Diffie-Hellman agreement parameters
+.SH "EXIT STATUS"
+One of the following exit values will be returned:
+.TP
+.BR 0 " (EXIT_SUCCESS)"
+Successful program execution.
+.TP
+.BR 1 " (EXIT_FAILURE)"
+The operation failed or the command syntax was not valid.
+.SH "SEE ALSO"
+.SH SEE ALSO
+.Xr ntpd 1ntpdmdoc ,
+.Xr ntpdc 1ntpdcmdoc ,
+.Xr ntpq 1ntpqmdoc
+.PP
+In addition to the manual pages provided,
+comprehensive documentation is available on the world wide web
+at
+.Li http://www.ntp.org/ .
+A snapshot of this documentation is available in HTML format in
+.Pa /usr/share/doc/ntp .
+.Rs
+.%A David L. Mills
+.%T Network Time Protocol (Version 4)
+.%O RFC5905
+.Re
+.SH "AUTHORS"
+The University of Delaware
+.SH "COPYRIGHT"
+Copyright (C) 1970-2012 The University of Delaware all rights reserved.
+This program is released under the terms of the NTP license, <http://ntp.org/license>.
+.SH BUGS
+The syntax checking is not picky; some combinations of
+ridiculous and even hilarious options and modes may not be
+detected.
+.PP
+The
+.Pa ntpkey_ Ns Ar host
+files are really digital
+certificates.
+These should be obtained via secure directory
+services when they become universally available.Please send bug reports to: http://bugs.ntp.org, bugs at ntp.org
+.SH NOTES
+This document is derived from FreeBSD..Pp
+This manual page was \fIAutoGen\fP-erated from the \fBntp.conf\fP
+option definitions.

==== ntpd/ntp.conf.5man ====
2012-08-30 20:37:36-04:00, stenn at psp-deb1.ntp.org +0 -0

==== ntpd/ntp.conf.5mdoc ====
2012-08-30 20:37:36-04:00, stenn at psp-deb1.ntp.org +2749 -0
  BitKeeper file /home/stenn/ntp-dev-autogen/ntpd/ntp.conf.5mdoc

--- /dev/null	2012-08-30 22:06:47 -04:00
+++ 1.1/ntpd/ntp.conf.5mdoc	2012-08-30 20:37:36 -04:00
@@ -0,0 +1,2749 @@
+.Dd August 11 2012
+.Dt NTP_CONF 5mdoc File Formats
+.Os FreeBSD 6.4-STABLE
+.\"  EDIT THIS FILE WITH CAUTION  (ntp.mdoc)
+.\"  
+.\"  It has been AutoGen-ed  August 11, 2012 at 08:57:34 PM by AutoGen 5.16.2
+.\"  From the definitions    ntp.conf.def
+.\"  and the template file   agmdoc-cmd.tpl
+.Sh NAME
+.Nm ntp.conf
+.Nd Network Time Protocol (NTP) daemon configuration file format
+.Sh SYNOPSIS
+.Nm
+.Op Fl \-option-name
+.Op Fl \-option-name Ar value
+.Pp
+All arguments must be options.
+.Pp
+.Sh DESCRIPTION
+The
+.Nm
+configuration file is read at initial startup by the
+.Xr ntpd 1ntpdmdoc
+daemon in order to specify the synchronization sources,
+modes and other related information.
+Usually, it is installed in the
+.Pa /etc
+directory,
+but could be installed elsewhere
+(see the daemon's
+.Fl c
+command line option).
+.Pp
+The file format is similar to other
+.Ux
+configuration files.
+Comments begin with a
+.Ql #
+character and extend to the end of the line;
+blank lines are ignored.
+Configuration commands consist of an initial keyword
+followed by a list of arguments,
+some of which may be optional, separated by whitespace.
+Commands may not be continued over multiple lines.
+Arguments may be host names,
+host addresses written in numeric, dotted-quad form,
+integers, floating point numbers (when specifying times in seconds)
+and text strings.
+.Pp
+The rest of this page describes the configuration and control options.
+The
+.Qq Notes on Configuring NTP and Setting up a NTP Subnet
+page
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp )
+contains an extended discussion of these options.
+In addition to the discussion of general
+.Sx Configuration Options ,
+there are sections describing the following supported functionality
+and the options used to control it:
+.Bl -bullet -offset indent
+.It
+.Sx Authentication Support
+.It
+.Sx Monitoring Support
+.It
+.Sx Access Control Support
+.It
+.Sx Automatic NTP Configuration Options
+.It
+.Sx Reference Clock Support
+.It
+.Sx Miscellaneous Options
+.El
+.Pp
+Following these is a section describing
+.Sx Miscellaneous Options .
+While there is a rich set of options available,
+the only required option is one or more
+.Ic server ,
+.Ic peer ,
+.Ic broadcast
+or
+.Ic manycastclient
+commands.
+.Sh Configuration Support
+Following is a description of the configuration commands in
+NTPv4.
+These commands have the same basic functions as in NTPv3 and
+in some cases new functions and new arguments.
+There are two
+classes of commands, configuration commands that configure a
+persistent association with a remote server or peer or reference
+clock, and auxiliary commands that specify environmental variables
+that control various related operations.
+.Ss Configuration Commands
+The various modes are determined by the command keyword and the
+type of the required IP address.
+Addresses are classed by type as
+(s) a remote server or peer (IPv4 class A, B and C), (b) the
+broadcast address of a local interface, (m) a multicast address (IPv4
+class D), or (r) a reference clock address (127.127.x.x).
+Note that
+only those options applicable to each command are listed below.
+Use
+of options not listed may not be caught as an error, but may result
+in some weird and even destructive behavior.
+.Pp
+If the Basic Socket Interface Extensions for IPv6 (RFC-2553)
+is detected, support for the IPv6 address family is generated
+in addition to the default support of the IPv4 address family.
+In a few cases, including the reslist billboard generated
+by ntpdc, IPv6 addresses are automatically generated.
+IPv6 addresses can be identified by the presence of colons
+.Dq \&:
+in the address field.
+IPv6 addresses can be used almost everywhere where
+IPv4 addresses can be used,
+with the exception of reference clock addresses,
+which are always IPv4.
+.Pp
+Note that in contexts where a host name is expected, a
+.Fl 4
+qualifier preceding
+the host name forces DNS resolution to the IPv4 namespace,
+while a
+.Fl 6
+qualifier forces DNS resolution to the IPv6 namespace.
+See IPv6 references for the
+equivalent classes for that address family.
+.Bl -tag -width indent
+.It Xo Ic server Ar address
+.Op Cm key Ar key \&| Cm autokey
+.Op Cm burst
+.Op Cm iburst
+.Op Cm version Ar version
+.Op Cm prefer
+.Op Cm minpoll Ar minpoll
+.Op Cm maxpoll Ar maxpoll
+.Xc
+.It Xo Ic peer Ar address
+.Op Cm key Ar key \&| Cm autokey
+.Op Cm version Ar version
+.Op Cm prefer
+.Op Cm minpoll Ar minpoll
+.Op Cm maxpoll Ar maxpoll
+.Xc
+.It Xo Ic broadcast Ar address
+.Op Cm key Ar key \&| Cm autokey
+.Op Cm version Ar version
+.Op Cm prefer
+.Op Cm minpoll Ar minpoll
+.Op Cm ttl Ar ttl
+.Xc
+.It Xo Ic manycastclient Ar address
+.Op Cm key Ar key \&| Cm autokey
+.Op Cm version Ar version
+.Op Cm prefer
+.Op Cm minpoll Ar minpoll
+.Op Cm maxpoll Ar maxpoll
+.Op Cm ttl Ar ttl
+.Xc
+.El
+.Pp
+These four commands specify the time server name or address to
+be used and the mode in which to operate.
+The
+.Ar address
+can be
+either a DNS name or an IP address in dotted-quad notation.
+Additional information on association behavior can be found in the
+.Qq Association Management
+page
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp ) .
+.Bl -tag -width indent
+.It Ic server
+For type s and r addresses, this command mobilizes a persistent
+client mode association with the specified remote server or local
+radio clock.
+In this mode the local clock can synchronized to the
+remote server, but the remote server can never be synchronized to
+the local clock.
+This command should
+.Em not
+be used for type
+b or m addresses.
+.It Ic peer
+For type s addresses (only), this command mobilizes a
+persistent symmetric-active mode association with the specified
+remote peer.
+In this mode the local clock can be synchronized to
+the remote peer or the remote peer can be synchronized to the local
+clock.
+This is useful in a network of servers where, depending on
+various failure scenarios, either the local or remote peer may be
+the better source of time.
+This command should NOT be used for type
+b, m or r addresses.
+.It Ic broadcast
+For type b and m addresses (only), this
+command mobilizes a persistent broadcast mode association.
+Multiple
+commands can be used to specify multiple local broadcast interfaces
+(subnets) and/or multiple multicast groups.
+Note that local
+broadcast messages go only to the interface associated with the
+subnet specified, but multicast messages go to all interfaces.
+In broadcast mode the local server sends periodic broadcast
+messages to a client population at the
+.Ar address
+specified, which is usually the broadcast address on (one of) the
+local network(s) or a multicast address assigned to NTP.
+The IANA
+has assigned the multicast group address IPv4 224.0.1.1 and
+IPv6 ff05::101 (site local) exclusively to
+NTP, but other nonconflicting addresses can be used to contain the
+messages within administrative boundaries.
+Ordinarily, this
+specification applies only to the local server operating as a
+sender; for operation as a broadcast client, see the
+.Ic broadcastclient
+or
+.Ic multicastclient
+commands
+below.
+.It Ic manycastclient
+For type m addresses (only), this command mobilizes a
+manycast client mode association for the multicast address
+specified.
+In this case a specific address must be supplied which
+matches the address used on the
+.Ic manycastserver
+command for
+the designated manycast servers.
+The NTP multicast address
+224.0.1.1 assigned by the IANA should NOT be used, unless specific
+means are taken to avoid spraying large areas of the Internet with
+these messages and causing a possibly massive implosion of replies
+at the sender.
+The
+.Ic manycastserver
+command specifies that the local server
+is to operate in client mode with the remote servers that are
+discovered as the result of broadcast/multicast messages.
+The
+client broadcasts a request message to the group address associated
+with the specified
+.Ar address
+and specifically enabled
+servers respond to these messages.
+The client selects the servers
+providing the best time and continues as with the
+.Ic server
+command.
+The remaining servers are discarded as if never
+heard.
+.El
+.Pp
+Options:
+.Bl -tag -width indent
+.It Cm autokey
+All packets sent to and received from the server or peer are to
+include authentication fields encrypted using the autokey scheme
+described in
+.Sx Authentication Options .
+.It Cm burst
+when the server is reachable, send a burst of eight packets
+instead of the usual one.
+The packet spacing is normally 2 s;
+however, the spacing between the first and second packets
+can be changed with the calldelay command to allow
+additional time for a modem or ISDN call to complete.
+This is designed to improve timekeeping quality
+with the
+.Ic server
+command and s addresses.
+.It Cm iburst
+When the server is unreachable, send a burst of eight packets
+instead of the usual one.
+The packet spacing is normally 2 s;
+however, the spacing between the first two packets can be
+changed with the calldelay command to allow
+additional time for a modem or ISDN call to complete.
+This is designed to speed the initial synchronization
+acquisition with the
+.Ic server
+command and s addresses and when
+.Xr ntpd 1ntpdmdoc
+is started with the
+.Fl q
+option.
+.It Cm key Ar key
+All packets sent to and received from the server or peer are to
+include authentication fields encrypted using the specified
+.Ar key
+identifier with values from 1 to 65534, inclusive.
+The
+default is to include no encryption field.
+.It Cm minpoll Ar minpoll
+.It Cm maxpoll Ar maxpoll
+These options specify the minimum and maximum poll intervals
+for NTP messages, as a power of 2 in seconds
+The maximum poll
+interval defaults to 10 (1,024 s), but can be increased by the
+.Cm maxpoll
+option to an upper limit of 17 (36.4 h).
+The
+minimum poll interval defaults to 6 (64 s), but can be decreased by
+the
+.Cm minpoll
+option to a lower limit of 4 (16 s).
+.It Cm noselect
+Marks the server as unused, except for display purposes.
+The server is discarded by the selection algroithm.
+.It Cm prefer
+Marks the server as preferred.
+All other things being equal,
+this host will be chosen for synchronization among a set of
+correctly operating hosts.
+See the
+.Qq Mitigation Rules and the prefer Keyword
+page
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp )
+for further information.
+.It Cm ttl Ar ttl
+This option is used only with broadcast server and manycast
+client modes.
+It specifies the time-to-live
+.Ar ttl
+to
+use on broadcast server and multicast server and the maximum
+.Ar ttl
+for the expanding ring search with manycast
+client packets.
+Selection of the proper value, which defaults to
+127, is something of a black art and should be coordinated with the
+network administrator.
+.It Cm version Ar version
+Specifies the version number to be used for outgoing NTP
+packets.
+Versions 1-4 are the choices, with version 4 the
+default.
+.El
+.Ss Auxiliary Commands
+.Bl -tag -width indent
+.It Ic broadcastclient
+This command enables reception of broadcast server messages to
+any local interface (type b) address.
+Upon receiving a message for
+the first time, the broadcast client measures the nominal server
+propagation delay using a brief client/server exchange with the
+server, then enters the broadcast client mode, in which it
+synchronizes to succeeding broadcast messages.
+Note that, in order
+to avoid accidental or malicious disruption in this mode, both the
+server and client should operate using symmetric-key or public-key
+authentication as described in
+.Sx Authentication Options .
+.It Ic manycastserver Ar address ...
+This command enables reception of manycast client messages to
+the multicast group address(es) (type m) specified.
+At least one
+address is required, but the NTP multicast address 224.0.1.1
+assigned by the IANA should NOT be used, unless specific means are
+taken to limit the span of the reply and avoid a possibly massive
+implosion at the original sender.
+Note that, in order to avoid
+accidental or malicious disruption in this mode, both the server
+and client should operate using symmetric-key or public-key
+authentication as described in
+.Sx Authentication Options .
+.It Ic multicastclient Ar address ...
+This command enables reception of multicast server messages to
+the multicast group address(es) (type m) specified.
+Upon receiving
+a message for the first time, the multicast client measures the
+nominal server propagation delay using a brief client/server
+exchange with the server, then enters the broadcast client mode, in
+which it synchronizes to succeeding multicast messages.
+Note that,
+in order to avoid accidental or malicious disruption in this mode,
+both the server and client should operate using symmetric-key or
+public-key authentication as described in
+.Sx Authentication Options .
+.El
+.Sh Authentication Support
+Authentication support allows the NTP client to verify that the
+server is in fact known and trusted and not an intruder intending
+accidentally or on purpose to masquerade as that server.
+The NTPv3
+specification RFC-1305 defines a scheme which provides
+cryptographic authentication of received NTP packets.
+Originally,
+this was done using the Data Encryption Standard (DES) algorithm
+operating in Cipher Block Chaining (CBC) mode, commonly called
+DES-CBC.
+Subsequently, this was replaced by the RSA Message Digest
+5 (MD5) algorithm using a private key, commonly called keyed-MD5.
+Either algorithm computes a message digest, or one-way hash, which
+can be used to verify the server has the correct private key and
+key identifier.
+.Pp
+NTPv4 retains the NTPv3 scheme, properly described as symmetric key
+cryptography and, in addition, provides a new Autokey scheme
+based on public key cryptography.
+Public key cryptography is generally considered more secure
+than symmetric key cryptography, since the security is based
+on a private value which is generated by each server and
+never revealed.
+With Autokey all key distribution and
+management functions involve only public values, which
+considerably simplifies key distribution and storage.
+Public key management is based on X.509 certificates,
+which can be provided by commercial services or
+produced by utility programs in the OpenSSL software library
+or the NTPv4 distribution.
+.Pp
+While the algorithms for symmetric key cryptography are
+included in the NTPv4 distribution, public key cryptography
+requires the OpenSSL software library to be installed
+before building the NTP distribution.
+Directions for doing that
+are on the Building and Installing the Distribution page.
+.Pp
+Authentication is configured separately for each association
+using the
+.Cm key
+or
+.Cm autokey
+subcommand on the
+.Ic peer ,
+.Ic server ,
+.Ic broadcast
+and
+.Ic manycastclient
+configuration commands as described in
+.Sx Configuration Options
+page.
+The authentication
+options described below specify the locations of the key files,
+if other than default, which symmetric keys are trusted
+and the interval between various operations, if other than default.
+.Pp
+Authentication is always enabled,
+although ineffective if not configured as
+described below.
+If a NTP packet arrives
+including a message authentication
+code (MAC), it is accepted only if it
+passes all cryptographic checks.
+The
+checks require correct key ID, key value
+and message digest.
+If the packet has
+been modified in any way or replayed
+by an intruder, it will fail one or more
+of these checks and be discarded.
+Furthermore, the Autokey scheme requires a
+preliminary protocol exchange to obtain
+the server certificate, verify its
+credentials and initialize the protocol
+.Pp
+The
+.Cm auth
+flag controls whether new associations or
+remote configuration commands require cryptographic authentication.
+This flag can be set or reset by the
+.Ic enable
+and
+.Ic disable
+commands and also by remote
+configuration commands sent by a
+.Xr ntpdc 1ntpdcmdoc
+program running in
+another machine.
+If this flag is enabled, which is the default
+case, new broadcast client and symmetric passive associations and
+remote configuration commands must be cryptographically
+authenticated using either symmetric key or public key cryptography.
+If this
+flag is disabled, these operations are effective
+even if not cryptographic
+authenticated.
+It should be understood
+that operating with the
+.Ic auth
+flag disabled invites a significant vulnerability
+where a rogue hacker can
+masquerade as a falseticker and seriously
+disrupt system timekeeping.
+It is
+important to note that this flag has no purpose
+other than to allow or disallow
+a new association in response to new broadcast
+and symmetric active messages
+and remote configuration commands and, in particular,
+the flag has no effect on
+the authentication process itself.
+.Pp
+An attractive alternative where multicast support is available
+is manycast mode, in which clients periodically troll
+for servers as described in the
+.Sx Automatic NTP Configuration Options
+page.
+Either symmetric key or public key
+cryptographic authentication can be used in this mode.
+The principle advantage
+of manycast mode is that potential servers need not be
+configured in advance,
+since the client finds them during regular operation,
+and the configuration
+files for all clients can be identical.
+.Pp
+The security model and protocol schemes for
+both symmetric key and public key
+cryptography are summarized below;
+further details are in the briefings, papers
+and reports at the NTP project page linked from
+.Li http://www.ntp.org/ .
+.Ss Symmetric-Key Cryptography
+The original RFC-1305 specification allows any one of possibly
+65,534 keys, each distinguished by a 32-bit key identifier, to
+authenticate an association.
+The servers and clients involved must
+agree on the key and key identifier to
+authenticate NTP packets.
+Keys and
+related information are specified in a key
+file, usually called
+.Pa ntp.keys ,
+which must be distributed and stored using
+secure means beyond the scope of the NTP protocol itself.
+Besides the keys used
+for ordinary NTP associations,
+additional keys can be used as passwords for the
+.Xr ntpq 1ntpqmdoc
+and
+.Xr ntpdc 1ntpdcmdoc
+utility programs.
+.Pp
+When
+.Xr ntpd 1ntpdmdoc
+is first started, it reads the key file specified in the
+.Ic keys
+configuration command and installs the keys
+in the key cache.
+However,
+individual keys must be activated with the
+.Ic trusted
+command before use.
+This
+allows, for instance, the installation of possibly
+several batches of keys and
+then activating or deactivating each batch
+remotely using
+.Xr ntpdc 1ntpdcmdoc .
+This also provides a revocation capability that can be used
+if a key becomes compromised.
+The
+.Ic requestkey
+command selects the key used as the password for the
+.Xr ntpdc 1ntpdcmdoc
+utility, while the
+.Ic controlkey
+command selects the key used as the password for the
+.Xr ntpq 1ntpqmdoc
+utility.
+.Ss Public Key Cryptography
+NTPv4 supports the original NTPv3 symmetric key scheme
+described in RFC-1305 and in addition the Autokey protocol,
+which is based on public key cryptography.
+The Autokey Version 2 protocol described on the Autokey Protocol
+page verifies packet integrity using MD5 message digests
+and verifies the source with digital signatures and any of several
+digest/signature schemes.
+Optional identity schemes described on the Identity Schemes
+page and based on cryptographic challenge/response algorithms
+are also available.
+Using all of these schemes provides strong security against
+replay with or without modification, spoofing, masquerade
+and most forms of clogging attacks.
+.\" .Pp
+.\" The cryptographic means necessary for all Autokey operations
+.\" is provided by the OpenSSL software library.
+.\" This library is available from http://www.openssl.org/
+.\" and can be installed using the procedures outlined
+.\" in the Building and Installing the Distribution page.
+.\" Once installed,
+.\" the configure and build
+.\" process automatically detects the library and links
+.\" the library routines required.
+.Pp
+The Autokey protocol has several modes of operation
+corresponding to the various NTP modes supported.
+Most modes use a special cookie which can be
+computed independently by the client and server,
+but encrypted in transmission.
+All modes use in addition a variant of the S-KEY scheme,
+in which a pseudo-random key list is generated and used
+in reverse order.
+These schemes are described along with an executive summary,
+current status, briefing slides and reading list on the
+.Sx Autonomous Authentication
+page.
+.Pp
+The specific cryptographic environment used by Autokey servers
+and clients is determined by a set of files
+and soft links generated by the
+.Xr ntp-keygen 1ntpkeygenmdoc
+program.
+This includes a required host key file,
+required certificate file and optional sign key file,
+leapsecond file and identity scheme files.
+The
+digest/signature scheme is specified in the X.509 certificate
+along with the matching sign key.
+There are several schemes
+available in the OpenSSL software library, each identified
+by a specific string such as
+.Cm md5WithRSAEncryption ,
+which stands for the MD5 message digest with RSA
+encryption scheme.
+The current NTP distribution supports
+all the schemes in the OpenSSL library, including
+those based on RSA and DSA digital signatures.
+.Pp
+NTP secure groups can be used to define cryptographic compartments
+and security hierarchies.
+It is important that every host
+in the group be able to construct a certificate trail to one
+or more trusted hosts in the same group.
+Each group
+host runs the Autokey protocol to obtain the certificates
+for all hosts along the trail to one or more trusted hosts.
+This requires the configuration file in all hosts to be
+engineered so that, even under anticipated failure conditions,
+the NTP subnet will form such that every group host can find
+a trail to at least one trusted host.
+.Ss Naming and Addressing
+It is important to note that Autokey does not use DNS to
+resolve addresses, since DNS can't be completely trusted
+until the name servers have synchronized clocks.
+The cryptographic name used by Autokey to bind the host identity
+credentials and cryptographic values must be independent
+of interface, network and any other naming convention.
+The name appears in the host certificate in either or both
+the subject and issuer fields, so protection against
+DNS compromise is essential.
+.Pp
+By convention, the name of an Autokey host is the name returned
+by the Unix
+.Xr gethostname 2
+system call or equivalent in other systems.
+By the system design
+model, there are no provisions to allow alternate names or aliases.
+However, this is not to say that DNS aliases, different names
+for each interface, etc., are constrained in any way.
+.Pp
+It is also important to note that Autokey verifies authenticity
+using the host name, network address and public keys,
+all of which are bound together by the protocol specifically
+to deflect masquerade attacks.
+For this reason Autokey
+includes the source and destinatino IP addresses in message digest
+computations and so the same addresses must be available
+at both the server and client.
+For this reason operation
+with network address translation schemes is not possible.
+This reflects the intended robust security model where government
+and corporate NTP servers are operated outside firewall perimeters.
+.Ss Operation
+A specific combination of authentication scheme (none,
+symmetric key, public key) and identity scheme is called
+a cryptotype, although not all combinations are compatible.
+There may be management configurations where the clients,
+servers and peers may not all support the same cryptotypes.
+A secure NTPv4 subnet can be configured in many ways while
+keeping in mind the principles explained above and
+in this section.
+Note however that some cryptotype
+combinations may successfully interoperate with each other,
+but may not represent good security practice.
+.Pp
+The cryptotype of an association is determined at the time
+of mobilization, either at configuration time or some time
+later when a message of appropriate cryptotype arrives.
+When mobilized by a
+.Ic server
+or
+.Ic peer
+configuration command and no
+.Ic key
+or
+.Ic autokey
+subcommands are present, the association is not
+authenticated; if the
+.Ic key
+subcommand is present, the association is authenticated
+using the symmetric key ID specified; if the
+.Ic autokey
+subcommand is present, the association is authenticated
+using Autokey.
+.Pp
+When multiple identity schemes are supported in the Autokey
+protocol, the first message exchange determines which one is used.
+The client request message contains bits corresponding
+to which schemes it has available.
+The server response message
+contains bits corresponding to which schemes it has available.
+Both server and client match the received bits with their own
+and select a common scheme.
+.Pp
+Following the principle that time is a public value,
+a server responds to any client packet that matches
+its cryptotype capabilities.
+Thus, a server receiving
+an unauthenticated packet will respond with an unauthenticated
+packet, while the same server receiving a packet of a cryptotype
+it supports will respond with packets of that cryptotype.
+However, unconfigured broadcast or manycast client
+associations or symmetric passive associations will not be
+mobilized unless the server supports a cryptotype compatible
+with the first packet received.
+By default, unauthenticated associations will not be mobilized
+unless overridden in a decidedly dangerous way.
+.Pp
+Some examples may help to reduce confusion.
+Client Alice has no specific cryptotype selected.
+Server Bob has both a symmetric key file and minimal Autokey files.
+Alice's unauthenticated messages arrive at Bob, who replies with
+unauthenticated messages.
+Cathy has a copy of Bob's symmetric
+key file and has selected key ID 4 in messages to Bob.
+Bob verifies the message with his key ID 4.
+If it's the
+same key and the message is verified, Bob sends Cathy a reply
+authenticated with that key.
+If verification fails,
+Bob sends Cathy a thing called a crypto-NAK, which tells her
+something broke.
+She can see the evidence using the ntpq program.
+.Pp
+Denise has rolled her own host key and certificate.
+She also uses one of the identity schemes as Bob.
+She sends the first Autokey message to Bob and they
+both dance the protocol authentication and identity steps.
+If all comes out okay, Denise and Bob continue as described above.
+.Pp
+It should be clear from the above that Bob can support
+all the girls at the same time, as long as he has compatible
+authentication and identity credentials.
+Now, Bob can act just like the girls in his own choice of servers;
+he can run multiple configured associations with multiple different
+servers (or the same server, although that might not be useful).
+But, wise security policy might preclude some cryptotype
+combinations; for instance, running an identity scheme
+with one server and no authentication with another might not be wise.
+.Ss Key Management
+The cryptographic values used by the Autokey protocol are
+incorporated as a set of files generated by the
+.Xr ntp-keygen 1ntpkeygenmdoc
+utility program, including symmetric key, host key and
+public certificate files, as well as sign key, identity parameters
+and leapseconds files.
+Alternatively, host and sign keys and
+certificate files can be generated by the OpenSSL utilities
+and certificates can be imported from public certificate
+authorities.
+Note that symmetric keys are necessary for the
+.Xr ntpq 1ntpqmdoc
+and
+.Xr ntpdc 1ntpdcmdoc
+utility programs.
+The remaining files are necessary only for the
+Autokey protocol.
+.Pp
+Certificates imported from OpenSSL or public certificate
+authorities have certian limitations.
+The certificate should be in ASN.1 syntax, X.509 Version 3
+format and encoded in PEM, which is the same format
+used by OpenSSL.
+The overall length of the certificate encoded
+in ASN.1 must not exceed 1024 bytes.
+The subject distinguished
+name field (CN) is the fully qualified name of the host
+on which it is used; the remaining subject fields are ignored.
+The certificate extension fields must not contain either
+a subject key identifier or a issuer key identifier field;
+however, an extended key usage field for a trusted host must
+contain the value
+.Cm trustRoot ; .
+Other extension fields are ignored.
+.Ss Authentication Commands
+.Bl -tag -width indent
+.It Ic autokey Op Ar logsec
+Specifies the interval between regenerations of the session key
+list used with the Autokey protocol.
+Note that the size of the key
+list for each association depends on this interval and the current
+poll interval.
+The default value is 12 (4096 s or about 1.1 hours).
+For poll intervals above the specified interval, a session key list
+with a single entry will be regenerated for every message
+sent.
+.It Ic controlkey Ar key
+Specifies the key identifier to use with the
+.Xr ntpq 1ntpqmdoc
+utility, which uses the standard
+protocol defined in RFC-1305.
+The
+.Ar key
+argument is
+the key identifier for a trusted key, where the value can be in the
+range 1 to 65,534, inclusive.
+.It Xo Ic crypto
+.Op Cm cert Ar file
+.Op Cm leap Ar file
+.Op Cm randfile Ar file
+.Op Cm host Ar file
+.Op Cm sign Ar file
+.Op Cm gq Ar file
+.Op Cm gqpar Ar file
+.Op Cm iffpar Ar file
+.Op Cm mvpar Ar file
+.Op Cm pw Ar password
+.Xc
+This command requires the OpenSSL library.
+It activates public key
+cryptography, selects the message digest and signature
+encryption scheme and loads the required private and public
+values described above.
+If one or more files are left unspecified,
+the default names are used as described above.
+Unless the complete path and name of the file are specified, the
+location of a file is relative to the keys directory specified
+in the
+.Ic keysdir
+command or default
+.Pa /usr/local/etc .
+Following are the subcommands:
+.Bl -tag -width indent
+.It Cm cert Ar file
+Specifies the location of the required host public certificate file.
+This overrides the link
+.Pa ntpkey_cert_ Ns Ar hostname
+in the keys directory.
+.It Cm gqpar Ar file
+Specifies the location of the optional GQ parameters file.
+This
+overrides the link
+.Pa ntpkey_gq_ Ns Ar hostname
+in the keys directory.
+.It Cm host Ar file
+Specifies the location of the required host key file.
+This overrides
+the link
+.Pa ntpkey_key_ Ns Ar hostname
+in the keys directory.
+.It Cm iffpar Ar file
+Specifies the location of the optional IFF parameters file.This
+overrides the link
+.Pa ntpkey_iff_ Ns Ar hostname
+in the keys directory.
+.It Cm leap Ar file
+Specifies the location of the optional leapsecond file.
+This overrides the link
+.Pa ntpkey_leap
+in the keys directory.
+.It Cm mvpar Ar file
+Specifies the location of the optional MV parameters file.
+This
+overrides the link
+.Pa ntpkey_mv_ Ns Ar hostname
+in the keys directory.
+.It Cm pw Ar password
+Specifies the password to decrypt files containing private keys and
+identity parameters.
+This is required only if these files have been
+encrypted.
+.It Cm randfile Ar file
+Specifies the location of the random seed file used by the OpenSSL
+library.
+The defaults are described in the main text above.
+.It Cm sign Ar file
+Specifies the location of the optional sign key file.
+This overrides
+the link
+.Pa ntpkey_sign_ Ns Ar hostname
+in the keys directory.
+If this file is
+not found, the host key is also the sign key.
+.El
+.It Ic keys Ar keyfile
+Specifies the complete path and location of the MD5 key file
+containing the keys and key identifiers used by
+.Xr ntpd 1ntpdmdoc ,
+.Xr ntpq 1ntpqmdoc
+and
+.Xr ntpdc 1ntpdcmdoc
+when operating with symmetric key cryptography.
+This is the same operation as the
+.Fl k
+command line option.
+.It Ic keysdir Ar path
+This command specifies the default directory path for
+cryptographic keys, parameters and certificates.
+The default is
+.Pa /usr/local/etc/ .
+.It Ic requestkey Ar key
+Specifies the key identifier to use with the
+.Xr ntpdc 1ntpdcmdoc
+utility program, which uses a
+proprietary protocol specific to this implementation of
+.Xr ntpd 1ntpdmdoc .
+The
+.Ar key
+argument is a key identifier
+for the trusted key, where the value can be in the range 1 to
+65,534, inclusive.
+.It Ic revoke Ar logsec
+Specifies the interval between re-randomization of certain
+cryptographic values used by the Autokey scheme, as a power of 2 in
+seconds.
+These values need to be updated frequently in order to
+deflect brute-force attacks on the algorithms of the scheme;
+however, updating some values is a relatively expensive operation.
+The default interval is 16 (65,536 s or about 18 hours).
+For poll
+intervals above the specified interval, the values will be updated
+for every message sent.
+.It Ic trustedkey Ar key ...
+Specifies the key identifiers which are trusted for the
+purposes of authenticating peers with symmetric key cryptography,
+as well as keys used by the
+.Xr ntpq 1ntpqmdoc
+and
+.Xr ntpdc 1ntpdcmdoc
+programs.
+The authentication procedures require that both the local
+and remote servers share the same key and key identifier for this
+purpose, although different keys can be used with different
+servers.
+The
+.Ar key
+arguments are 32-bit unsigned
+integers with values from 1 to 65,534.
+.El
+.Ss Error Codes
+The following error codes are reported via the NTP control
+and monitoring protocol trap mechanism.
+.Bl -tag -width indent
+.It 101
+.Pq bad field format or length
+The packet has invalid version, length or format.
+.It 102
+.Pq bad timestamp
+The packet timestamp is the same or older than the most recent received.
+This could be due to a replay or a server clock time step.
+.It 103
+.Pq bad filestamp
+The packet filestamp is the same or older than the most recent received.
+This could be due to a replay or a key file generation error.
+.It 104
+.Pq bad or missing public key
+The public key is missing, has incorrect format or is an unsupported type.
+.It 105
+.Pq unsupported digest type
+The server requires an unsupported digest/signature scheme.
+.It 106
+.Pq mismatched digest types
+Not used.
+.It 107
+.Pq bad signature length
+The signature length does not match the current public key.
+.It 108
+.Pq signature not verified
+The message fails the signature check.
+It could be bogus or signed by a
+different private key.
+.It 109
+.Pq certificate not verified
+The certificate is invalid or signed with the wrong key.
+.It 110
+.Pq certificate not verified
+The certificate is not yet valid or has expired or the signature could not
+be verified.
+.It 111
+.Pq bad or missing cookie
+The cookie is missing, corrupted or bogus.
+.It 112
+.Pq bad or missing leapseconds table
+The leapseconds table is missing, corrupted or bogus.
+.It 113
+.Pq bad or missing certificate
+The certificate is missing, corrupted or bogus.
+.It 114
+.Pq bad or missing identity
+The identity key is missing, corrupt or bogus.
+.El
+.Sh Monitoring Support
+.Xr ntpd 1ntpdmdoc
+includes a comprehensive monitoring facility suitable
+for continuous, long term recording of server and client
+timekeeping performance.
+See the
+.Ic statistics
+command below
+for a listing and example of each type of statistics currently
+supported.
+Statistic files are managed using file generation sets
+and scripts in the
+.Pa ./scripts
+directory of this distribution.
+Using
+these facilities and
+.Ux
+.Xr cron 8
+jobs, the data can be
+automatically summarized and archived for retrospective analysis.
+.Ss Monitoring Commands
+.Bl -tag -width indent
+.It Ic statistics Ar name ...
+Enables writing of statistics records.
+Currently, four kinds of
+.Ar name
+statistics are supported.
+.Bl -tag -width indent
+.It Cm clockstats
+Enables recording of clock driver statistics information.
+Each update
+received from a clock driver appends a line of the following form to
+the file generation set named
+.Cm clockstats :
+.Bd -literal
+49213 525.624 127.127.4.1 93 226 00:08:29.606 D
+.Ed
+.Pp
+The first two fields show the date (Modified Julian Day) and time
+(seconds and fraction past UTC midnight).
+The next field shows the
+clock address in dotted-quad notation.
+The final field shows the last
+timecode received from the clock in decoded ASCII format, where
+meaningful.
+In some clock drivers a good deal of additional information
+can be gathered and displayed as well.
+See information specific to each
+clock for further details.
+.It Cm cryptostats
+This option requires the OpenSSL cryptographic software library.
+It
+enables recording of cryptographic public key protocol information.
+Each message received by the protocol module appends a line of the
+following form to the file generation set named
+.Cm cryptostats :
+.Bd -literal
+49213 525.624 127.127.4.1 message
+.Ed
+.Pp
+The first two fields show the date (Modified Julian Day) and time
+(seconds and fraction past UTC midnight).
+The next field shows the peer
+address in dotted-quad notation, The final message field includes the
+message type and certain ancillary information.
+See the
+.Sx Authentication Options
+section for further information.
+.It Cm loopstats
+Enables recording of loop filter statistics information.
+Each
+update of the local clock outputs a line of the following form to
+the file generation set named
+.Cm loopstats :
+.Bd -literal
+50935 75440.031 0.000006019 13.778190 0.000351733 0.0133806
+.Ed
+.Pp
+The first two fields show the date (Modified Julian Day) and
+time (seconds and fraction past UTC midnight).
+The next five fields
+show time offset (seconds), frequency offset (parts per million -
+PPM), RMS jitter (seconds), Allan deviation (PPM) and clock
+discipline time constant.
+.It Cm peerstats
+Enables recording of peer statistics information.
+This includes
+statistics records of all peers of a NTP server and of special
+signals, where present and configured.
+Each valid update appends a
+line of the following form to the current element of a file
+generation set named
+.Cm peerstats :
+.Bd -literal
+48773 10847.650 127.127.4.1 9714 -0.001605376 0.000000000 0.001424877 0.000958674
+.Ed
+.Pp
+The first two fields show the date (Modified Julian Day) and
+time (seconds and fraction past UTC midnight).
+The next two fields
+show the peer address in dotted-quad notation and status,
+respectively.
+The status field is encoded in hex in the format
+described in Appendix A of the NTP specification RFC 1305.
+The final four fields show the offset,
+delay, dispersion and RMS jitter, all in seconds.
+.It Cm rawstats
+Enables recording of raw-timestamp statistics information.
+This
+includes statistics records of all peers of a NTP server and of
+special signals, where present and configured.
+Each NTP message
+received from a peer or clock driver appends a line of the
+following form to the file generation set named
+.Cm rawstats :
+.Bd -literal
+50928 2132.543 128.4.1.1 128.4.1.20 3102453281.584327000 3102453281.58622800031 02453332.540806000 3102453332.541458000
+.Ed
+.Pp
+The first two fields show the date (Modified Julian Day) and
+time (seconds and fraction past UTC midnight).
+The next two fields
+show the remote peer or clock address followed by the local address
+in dotted-quad notation.
+The final four fields show the originate,
+receive, transmit and final NTP timestamps in order.
+The timestamp
+values are as received and before processing by the various data
+smoothing and mitigation algorithms.
+.It Cm sysstats
+Enables recording of ntpd statistics counters on a periodic basis.
+Each
+hour a line of the following form is appended to the file generation
+set named
+.Cm sysstats :
+.Bd -literal
+50928 2132.543 36000 81965 0 9546 56 71793 512 540 10 147
+.Ed
+.Pp
+The first two fields show the date (Modified Julian Day) and time
+(seconds and fraction past UTC midnight).
+The remaining ten fields show
+the statistics counter values accumulated since the last generated
+line.
+.Bl -tag -width indent
+.It Time since restart Cm 36000
+Time in hours since the system was last rebooted.
+.It Packets received Cm 81965
+Total number of packets received.
+.It Packets processed Cm 0
+Number of packets received in response to previous packets sent
+.It Current version Cm 9546
+Number of packets matching the current NTP version.
+.It Previous version Cm 56
+Number of packets matching the previous NTP version.
+.It Bad version Cm 71793
+Number of packets matching neither NTP version.
+.It Access denied Cm 512
+Number of packets denied access for any reason.
+.It Bad length or format Cm 540
+Number of packets with invalid length, format or port number.
+.It Bad authentication Cm 10
+Number of packets not verified as authentic.
+.It Rate exceeded Cm 147
+Number of packets discarded due to rate limitation.
+.El
+.It Cm statsdir Ar directory_path
+Indicates the full path of a directory where statistics files
+should be created (see below).
+This keyword allows
+the (otherwise constant)
+.Cm filegen
+filename prefix to be modified for file generation sets, which
+is useful for handling statistics logs.
+.It Cm filegen Ar name Xo
+.Op Cm file Ar filename
+.Op Cm type Ar typename
+.Op Cm link | nolink
+.Op Cm enable | disable
+.Xc
+Configures setting of generation file set name.
+Generation
+file sets provide a means for handling files that are
+continuously growing during the lifetime of a server.
+Server statistics are a typical example for such files.
+Generation file sets provide access to a set of files used
+to store the actual data.
+At any time at most one element
+of the set is being written to.
+The type given specifies
+when and how data will be directed to a new element of the set.
+This way, information stored in elements of a file set
+that are currently unused are available for administrational
+operations without the risk of disturbing the operation of ntpd.
+(Most important: they can be removed to free space for new data
+produced.)
+.Pp
+Note that this command can be sent from the
+.Xr ntpdc 1ntpdcmdoc
+program running at a remote location.
+.Bl -tag -width indent
+.It Cm name
+This is the type of the statistics records, as shown in the
+.Cm statistics
+command.
+.It Cm file Ar filename
+This is the file name for the statistics records.
+Filenames of set
+members are built from three concatenated elements
+.Ar Cm prefix ,
+.Ar Cm filename
+and
+.Ar Cm suffix :
+.Bl -tag -width indent
+.It Cm prefix
+This is a constant filename path.
+It is not subject to
+modifications via the
+.Ar filegen
+option.
+It is defined by the
+server, usually specified as a compile-time constant.
+It may,
+however, be configurable for individual file generation sets
+via other commands.
+For example, the prefix used with
+.Ar loopstats
+and
+.Ar peerstats
+generation can be configured using the
+.Ar statsdir
+option explained above.
+.It Cm filename
+This string is directly concatenated to the prefix mentioned
+above (no intervening
+.Ql / ) .
+This can be modified using
+the file argument to the
+.Ar filegen
+statement.
+No
+.Pa ..
+elements are
+allowed in this component to prevent filenames referring to
+parts outside the filesystem hierarchy denoted by
+.Ar prefix .
+.It Cm suffix
+This part is reflects individual elements of a file set.
+It is
+generated according to the type of a file set.
+.El
+.It Cm type Ar typename
+A file generation set is characterized by its type.
+The following
+types are supported:
+.Bl -tag -width indent
+.It Cm none
+The file set is actually a single plain file.
+.It Cm pid
+One element of file set is used per incarnation of a ntpd
+server.
+This type does not perform any changes to file set
+members during runtime, however it provides an easy way of
+separating files belonging to different
+.Xr ntpd 1ntpdmdoc
+server incarnations.
+The set member filename is built by appending a
+.Ql \&.
+to concatenated
+.Ar prefix
+and
+.Ar filename
+strings, and
+appending the decimal representation of the process ID of the
+.Xr ntpd 1ntpdmdoc
+server process.
+.It Cm day
+One file generation set element is created per day.
+A day is
+defined as the period between 00:00 and 24:00 UTC.
+The file set
+member suffix consists of a
+.Ql \&.
+and a day specification in
+the form
+.Cm YYYYMMdd .
+.Cm YYYY
+is a 4-digit year number (e.g., 1992).
+.Cm MM
+is a two digit month number.
+.Cm dd
+is a two digit day number.
+Thus, all information written at 10 December 1992 would end up
+in a file named
+.Ar prefix
+.Ar filename Ns .19921210 .
+.It Cm week
+Any file set member contains data related to a certain week of
+a year.
+The term week is defined by computing day-of-year
+modulo 7.
+Elements of such a file generation set are
+distinguished by appending the following suffix to the file set
+filename base: A dot, a 4-digit year number, the letter
+.Cm W ,
+and a 2-digit week number.
+For example, information from January,
+10th 1992 would end up in a file with suffix
+.No . Ns Ar 1992W1 .
+.It Cm month
+One generation file set element is generated per month.
+The
+file name suffix consists of a dot, a 4-digit year number, and
+a 2-digit month.
+.It Cm year
+One generation file element is generated per year.
+The filename
+suffix consists of a dot and a 4 digit year number.
+.It Cm age
+This type of file generation sets changes to a new element of
+the file set every 24 hours of server operation.
+The filename
+suffix consists of a dot, the letter
+.Cm a ,
+and an 8-digit number.
+This number is taken to be the number of seconds the server is
+running at the start of the corresponding 24-hour period.
+Information is only written to a file generation by specifying
+.Cm enable ;
+output is prevented by specifying
+.Cm disable .
+.El
+.It Cm link | nolink
+It is convenient to be able to access the current element of a file
+generation set by a fixed name.
+This feature is enabled by
+specifying
+.Cm link
+and disabled using
+.Cm nolink .
+If link is specified, a
+hard link from the current file set element to a file without
+suffix is created.
+When there is already a file with this name and
+the number of links of this file is one, it is renamed appending a
+dot, the letter
+.Cm C ,
+and the pid of the ntpd server process.
+When the
+number of links is greater than one, the file is unlinked.
+This
+allows the current file to be accessed by a constant name.
+.It Cm enable \&| Cm disable
+Enables or disables the recording function.
+.El
+.El
+.El
+.Sh Access Control Support
+The
+.Xr ntpd 1ntpdmdoc
+daemon implements a general purpose address/mask based restriction
+list.
+The list contains address/match entries sorted first
+by increasing address values and and then by increasing mask values.
+A match occurs when the bitwise AND of the mask and the packet
+source address is equal to the bitwise AND of the mask and
+address in the list.
+The list is searched in order with the
+last match found defining the restriction flags associated
+with the entry.
+Additional information and examples can be found in the
+.Qq Notes on Configuring NTP and Setting up a NTP Subnet
+page
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp ) .
+.Pp
+The restriction facility was implemented in conformance
+with the access policies for the original NSFnet backbone
+time servers.
+Later the facility was expanded to deflect
+cryptographic and clogging attacks.
+While this facility may
+be useful for keeping unwanted or broken or malicious clients
+from congesting innocent servers, it should not be considered
+an alternative to the NTP authentication facilities.
+Source address based restrictions are easily circumvented
+by a determined cracker.
+.Pp
+Clients can be denied service because they are explicitly
+included in the restrict list created by the restrict command
+or implicitly as the result of cryptographic or rate limit
+violations.
+Cryptographic violations include certificate
+or identity verification failure; rate limit violations generally
+result from defective NTP implementations that send packets
+at abusive rates.
+Some violations cause denied service
+only for the offending packet, others cause denied service
+for a timed period and others cause the denied service for
+an indefinate period.
+When a client or network is denied access
+for an indefinate period, the only way at present to remove
+the restrictions is by restarting the server.
+.Ss The Kiss-of-Death Packet
+Ordinarily, packets denied service are simply dropped with no
+further action except incrementing statistics counters.
+Sometimes a
+more proactive response is needed, such as a server message that
+explicitly requests the client to stop sending and leave a message
+for the system operator.
+A special packet format has been created
+for this purpose called the "kiss-of-death" (KoD) packet.
+KoD packets have the leap bits set unsynchronized and stratum set
+to zero and the reference identifier field set to a four-byte
+ASCII code.
+If the
+.Cm noserve
+or
+.Cm notrust
+flag of the matching restrict list entry is set,
+the code is "DENY"; if the
+.Cm limited
+flag is set and the rate limit
+is exceeded, the code is "RATE".
+Finally, if a cryptographic violation occurs, the code is "CRYP".
+.Pp
+A client receiving a KoD performs a set of sanity checks to
+minimize security exposure, then updates the stratum and
+reference identifier peer variables, sets the access
+denied (TEST4) bit in the peer flash variable and sends
+a message to the log.
+As long as the TEST4 bit is set,
+the client will send no further packets to the server.
+The only way at present to recover from this condition is
+to restart the protocol at both the client and server.
+This
+happens automatically at the client when the association times out.
+It will happen at the server only if the server operator cooperates.
+.Ss Access Control Commands
+.Bl -tag -width indent
+.It Xo Ic discard
+.Op Cm average Ar avg
+.Op Cm minimum Ar min
+.Op Cm monitor Ar prob
+.Xc
+Set the parameters of the
+.Cm limited
+facility which protects the server from
+client abuse.
+The
+.Cm average
+subcommand specifies the minimum average packet
+spacing, while the
+.Cm minimum
+subcommand specifies the minimum packet spacing.
+Packets that violate these minima are discarded
+and a kiss-o'-death packet returned if enabled.
+The default
+minimum average and minimum are 5 and 2, respectively.
+The monitor subcommand specifies the probability of discard
+for packets that overflow the rate-control window.
+.It Xo Ic restrict address
+.Op Cm mask Ar mask
+.Op Ar flag ...
+.Xc
+The
+.Ar address
+argument expressed in
+dotted-quad form is the address of a host or network.
+Alternatively, the
+.Ar address
+argument can be a valid host DNS name.
+The
+.Ar mask
+argument expressed in dotted-quad form defaults to
+.Cm 255.255.255.255 ,
+meaning that the
+.Ar address
+is treated as the address of an individual host.
+A default entry (address
+.Cm 0.0.0.0 ,
+mask
+.Cm 0.0.0.0 )
+is always included and is always the first entry in the list.
+Note that text string
+.Cm default ,
+with no mask option, may
+be used to indicate the default entry.
+In the current implementation,
+.Cm flag
+always
+restricts access, i.e., an entry with no flags indicates that free
+access to the server is to be given.
+The flags are not orthogonal,
+in that more restrictive flags will often make less restrictive
+ones redundant.
+The flags can generally be classed into two
+categories, those which restrict time service and those which
+restrict informational queries and attempts to do run-time
+reconfiguration of the server.
+One or more of the following flags
+may be specified:
+.Bl -tag -width indent
+.It Cm ignore
+Deny packets of all kinds, including
+.Xr ntpq 1ntpqmdoc
+and
+.Xr ntpdc 1ntpdcmdoc
+queries.
+.It Cm kod
+If this flag is set when an access violation occurs, a kiss-o'-death
+(KoD) packet is sent.
+KoD packets are rate limited to no more than one
+per second.
+If another KoD packet occurs within one second after the
+last one, the packet is dropped.
+.It Cm limited
+Deny service if the packet spacing violates the lower limits specified
+in the discard command.
+A history of clients is kept using the
+monitoring capability of
+.Xr ntpd 1ntpdmdoc .
+Thus, monitoring is always active as
+long as there is a restriction entry with the
+.Cm limited
+flag.
+.It Cm lowpriotrap
+Declare traps set by matching hosts to be low priority.
+The
+number of traps a server can maintain is limited (the current limit
+is 3).
+Traps are usually assigned on a first come, first served
+basis, with later trap requestors being denied service.
+This flag
+modifies the assignment algorithm by allowing low priority traps to
+be overridden by later requests for normal priority traps.
+.It Cm nomodify
+Deny
+.Xr ntpq 1ntpqmdoc
+and
+.Xr ntpdc 1ntpdcmdoc
+queries which attempt to modify the state of the
+server (i.e., run time reconfiguration).
+Queries which return
+information are permitted.
+.It Cm noquery
+Deny
+.Xr ntpq 1ntpqmdoc
+and
+.Xr ntpdc 1ntpdcmdoc
+queries.
+Time service is not affected.
+.It Cm nopeer
+Deny packets which would result in mobilizing a new association.
+This
+includes broadcast and symmetric active packets when a configured
+association does not exist.
+.It Cm noserve
+Deny all packets except
+.Xr ntpq 1ntpqmdoc
+and
+.Xr ntpdc 1ntpdcmdoc
+queries.
+.It Cm notrap
+Decline to provide mode 6 control message trap service to matching
+hosts.
+The trap service is a subsystem of the ntpdq control message
+protocol which is intended for use by remote event logging programs.
+.It Cm notrust
+Deny service unless the packet is cryptographically authenticated.
+.It Cm ntpport
+This is actually a match algorithm modifier, rather than a
+restriction flag.
+Its presence causes the restriction entry to be
+matched only if the source port in the packet is the standard NTP
+UDP port (123).
+Both
+.Cm ntpport
+and
+.Cm non-ntpport
+may
+be specified.
+The
+.Cm ntpport
+is considered more specific and
+is sorted later in the list.
+.It Cm version
+Deny packets that do not match the current NTP version.
+.El
+.Pp
+Default restriction list entries with the flags ignore, interface,
+ntpport, for each of the local host's interface addresses are
+inserted into the table at startup to prevent the server
+from attempting to synchronize to its own time.
+A default entry is also always present, though if it is
+otherwise unconfigured; no flags are associated
+with the default entry (i.e., everything besides your own
+NTP server is unrestricted).
+.El
+.Sh Automatic NTP Configuration Options
+.Ss Manycasting
+Manycasting is a automatic discovery and configuration paradigm
+new to NTPv4.
+It is intended as a means for a multicast client
+to troll the nearby network neighborhood to find cooperating
+manycast servers, validate them using cryptographic means
+and evaluate their time values with respect to other servers
+that might be lurking in the vicinity.
+The intended result is that each manycast client mobilizes
+client associations with some number of the "best"
+of the nearby manycast servers, yet automatically reconfigures
+to sustain this number of servers should one or another fail.
+.Pp
+Note that the manycasting paradigm does not coincide
+with the anycast paradigm described in RFC-1546,
+which is designed to find a single server from a clique
+of servers providing the same service.
+The manycast paradigm is designed to find a plurality
+of redundant servers satisfying defined optimality criteria.
+.Pp
+Manycasting can be used with either symmetric key
+or public key cryptography.
+The public key infrastructure (PKI)
+offers the best protection against compromised keys
+and is generally considered stronger, at least with relatively
+large key sizes.
+It is implemented using the Autokey protocol and
+the OpenSSL cryptographic library available from
+.Li http://www.openssl.org/ .
+The library can also be used with other NTPv4 modes
+as well and is highly recommended, especially for broadcast modes.
+.Pp
+A persistent manycast client association is configured
+using the manycastclient command, which is similar to the
+server command but with a multicast (IPv4 class
+.Cm D
+or IPv6 prefix
+.Cm FF )
+group address.
+The IANA has designated IPv4 address 224.1.1.1
+and IPv6 address FF05::101 (site local) for NTP.
+When more servers are needed, it broadcasts manycast
+client messages to this address at the minimum feasible rate
+and minimum feasible time-to-live (TTL) hops, depending
+on how many servers have already been found.
+There can be as many manycast client associations
+as different group address, each one serving as a template
+for a future ephemeral unicast client/server association.
+.Pp
+Manycast servers configured with the
+.Ic manycastserver
+command listen on the specified group address for manycast
+client messages.
+Note the distinction between manycast client,
+which actively broadcasts messages, and manycast server,
+which passively responds to them.
+If a manycast server is
+in scope of the current TTL and is itself synchronized
+to a valid source and operating at a stratum level equal
+to or lower than the manycast client, it replies to the
+manycast client message with an ordinary unicast server message.
+.Pp
+The manycast client receiving this message mobilizes
+an ephemeral client/server association according to the
+matching manycast client template, but only if cryptographically
+authenticated and the server stratum is less than or equal
+to the client stratum.
+Authentication is explicitly required
+and either symmetric key or public key (Autokey) can be used.
+Then, the client polls the server at its unicast address
+in burst mode in order to reliably set the host clock
+and validate the source.
+This normally results
+in a volley of eight client/server at 2-s intervals
+during which both the synchronization and cryptographic
+protocols run concurrently.
+Following the volley,
+the client runs the NTP intersection and clustering
+algorithms, which act to discard all but the "best"
+associations according to stratum and synchronization
+distance.
+The surviving associations then continue
+in ordinary client/server mode.
+.Pp
+The manycast client polling strategy is designed to reduce
+as much as possible the volume of manycast client messages
+and the effects of implosion due to near-simultaneous
+arrival of manycast server messages.
+The strategy is determined by the
+.Ic manycastclient ,
+.Ic tos
+and
+.Ic ttl
+configuration commands.
+The manycast poll interval is
+normally eight times the system poll interval,
+which starts out at the
+.Cm minpoll
+value specified in the
+.Ic manycastclient ,
+command and, under normal circumstances, increments to the
+.Cm maxpolll
+value specified in this command.
+Initially, the TTL is
+set at the minimum hops specified by the ttl command.
+At each retransmission the TTL is increased until reaching
+the maximum hops specified by this command or a sufficient
+number client associations have been found.
+Further retransmissions use the same TTL.
+.Pp
+The quality and reliability of the suite of associations
+discovered by the manycast client is determined by the NTP
+mitigation algorithms and the
+.Cm minclock
+and
+.Cm minsane
+values specified in the
+.Ic tos
+configuration command.
+At least
+.Cm minsane
+candidate servers must be available and the mitigation
+algorithms produce at least
+.Cm minclock
+survivors in order to synchronize the clock.
+Byzantine agreement principles require at least four
+candidates in order to correctly discard a single falseticker.
+For legacy purposes,
+.Cm minsane
+defaults to 1 and
+.Cm minclock
+defaults to 3.
+For manycast service
+.Cm minsane
+should be explicitly set to 4, assuming at least that
+number of servers are available.
+.Pp
+If at least
+.Cm minclock
+servers are found, the manycast poll interval is immediately
+set to eight times
+.Cm maxpoll .
+If less than
+.Cm minclock
+servers are found when the TTL has reached the maximum hops,
+the manycast poll interval is doubled.
+For each transmission
+after that, the poll interval is doubled again until
+reaching the maximum of eight times
+.Cm maxpoll .
+Further transmissions use the same poll interval and
+TTL values.
+Note that while all this is going on,
+each client/server association found is operating normally
+it the system poll interval.
+.Pp
+Administratively scoped multicast boundaries are normally
+specified by the network router configuration and,
+in the case of IPv6, the link/site scope prefix.
+By default, the increment for TTL hops is 32 starting
+from 31; however, the
+.Ic ttl
+configuration command can be
+used to modify the values to match the scope rules.
+.Pp
+It is often useful to narrow the range of acceptable
+servers which can be found by manycast client associations.
+Because manycast servers respond only when the client
+stratum is equal to or greater than the server stratum,
+primary (stratum 1) servers fill find only primary servers
+in TTL range, which is probably the most common objective.
+However, unless configured otherwise, all manycast clients
+in TTL range will eventually find all primary servers
+in TTL range, which is probably not the most common
+objective in large networks.
+The
+.Ic tos
+command can be used to modify this behavior.
+Servers with stratum below
+.Cm floor
+or above
+.Cm ceiling
+specified in the
+.Ic tos
+command are strongly discouraged during the selection
+process; however, these servers may be temporally
+accepted if the number of servers within TTL range is
+less than
+.Cm minclock .
+.Pp
+The above actions occur for each manycast client message,
+which repeats at the designated poll interval.
+However, once the ephemeral client association is mobilized,
+subsequent manycast server replies are discarded,
+since that would result in a duplicate association.
+If during a poll interval the number of client associations
+falls below
+.Cm minclock ,
+all manycast client prototype associations are reset
+to the initial poll interval and TTL hops and operation
+resumes from the beginning.
+It is important to avoid
+frequent manycast client messages, since each one requires
+all manycast servers in TTL range to respond.
+The result could well be an implosion, either minor or major,
+depending on the number of servers in range.
+The recommended value for
+.Cm maxpoll
+is 12 (4,096 s).
+.Pp
+It is possible and frequently useful to configure a host
+as both manycast client and manycast server.
+A number of hosts configured this way and sharing a common
+group address will automatically organize themselves
+in an optimum configuration based on stratum and
+synchronization distance.
+For example, consider an NTP
+subnet of two primary servers and a hundred or more
+dependent clients.
+With two exceptions, all servers
+and clients have identical configuration files including both
+.Ic multicastclient
+and
+.Ic multicastserver
+commands using, for instance, multicast group address
+239.1.1.1.
+The only exception is that each primary server
+configuration file must include commands for the primary
+reference source such as a GPS receiver.
+.Pp
+The remaining configuration files for all secondary
+servers and clients have the same contents, except for the
+.Ic tos
+command, which is specific for each stratum level.
+For stratum 1 and stratum 2 servers, that command is
+not necessary.
+For stratum 3 and above servers the
+.Cm floor
+value is set to the intended stratum number.
+Thus, all stratum 3 configuration files are identical,
+all stratum 4 files are identical and so forth.
+.Pp
+Once operations have stabilized in this scenario,
+the primary servers will find the primary reference source
+and each other, since they both operate at the same
+stratum (1), but not with any secondary server or client,
+since these operate at a higher stratum.
+The secondary
+servers will find the servers at the same stratum level.
+If one of the primary servers loses its GPS receiver,
+it will continue to operate as a client and other clients
+will time out the corresponding association and
+re-associate accordingly.
+.Pp
+Some administrators prefer to avoid running
+.Xr ntpd 1ntpdmdoc
+continuously and run either
+.Xr ntpdate 8
+or
+.Xr ntpd 1ntpdmdoc
+.Fl q
+as a cron job.
+In either case the servers must be
+configured in advance and the program fails if none are
+available when the cron job runs.
+A really slick
+application of manycast is with
+.Xr ntpd 1ntpdmdoc
+.Fl q .
+The program wakes up, scans the local landscape looking
+for the usual suspects, selects the best from among
+the rascals, sets the clock and then departs.
+Servers do not have to be configured in advance and
+all clients throughout the network can have the same
+configuration file.
+.Ss Manycast Interactions with Autokey
+Each time a manycast client sends a client mode packet
+to a multicast group address, all manycast servers
+in scope generate a reply including the host name
+and status word.
+The manycast clients then run
+the Autokey protocol, which collects and verifies
+all certificates involved.
+Following the burst interval
+all but three survivors are cast off,
+but the certificates remain in the local cache.
+It often happens that several complete signing trails
+from the client to the primary servers are collected in this way.
+.Pp
+About once an hour or less often if the poll interval
+exceeds this, the client regenerates the Autokey key list.
+This is in general transparent in client/server mode.
+However, about once per day the server private value
+used to generate cookies is refreshed along with all
+manycast client associations.
+In this case all
+cryptographic values including certificates is refreshed.
+If a new certificate has been generated since
+the last refresh epoch, it will automatically revoke
+all prior certificates that happen to be in the
+certificate cache.
+At the same time, the manycast
+scheme starts all over from the beginning and
+the expanding ring shrinks to the minimum and increments
+from there while collecting all servers in scope.
+.Ss Manycast Options
+.Bl -tag -width indent
+.It Xo Ic tos
+.Oo
+.Cm ceiling Ar ceiling |
+.Cm cohort { 0 | 1 } |
+.Cm floor Ar floor |
+.Cm minclock Ar minclock |
+.Cm minsane Ar minsane
+.Oc
+.Xc
+This command affects the clock selection and clustering
+algorithms.
+It can be used to select the quality and
+quantity of peers used to synchronize the system clock
+and is most useful in manycast mode.
+The variables operate
+as follows:
+.Bl -tag -width indent
+.It Cm ceiling Ar ceiling
+Peers with strata above
+.Cm ceiling
+will be discarded if there are at least
+.Cm minclock
+peers remaining.
+This value defaults to 15, but can be changed
+to any number from 1 to 15.
+.It Cm cohort Bro 0 | 1 Brc
+This is a binary flag which enables (0) or disables (1)
+manycast server replies to manycast clients with the same
+stratum level.
+This is useful to reduce implosions where
+large numbers of clients with the same stratum level
+are present.
+The default is to enable these replies.
+.It Cm floor Ar floor
+Peers with strata below
+.Cm floor
+will be discarded if there are at least
+.Cm minclock
+peers remaining.
+This value defaults to 1, but can be changed
+to any number from 1 to 15.
+.It Cm minclock Ar minclock
+The clustering algorithm repeatedly casts out outlyer
+associations until no more than
+.Cm minclock
+associations remain.
+This value defaults to 3,
+but can be changed to any number from 1 to the number of
+configured sources.
+.It Cm minsane Ar minsane
+This is the minimum number of candidates available
+to the clock selection algorithm in order to produce
+one or more truechimers for the clustering algorithm.
+If fewer than this number are available, the clock is
+undisciplined and allowed to run free.
+The default is 1
+for legacy purposes.
+However, according to principles of
+Byzantine agreement,
+.Cm minsane
+should be at least 4 in order to detect and discard
+a single falseticker.
+.El
+.It Cm ttl Ar hop ...
+This command specifies a list of TTL values in increasing
+order, up to 8 values can be specified.
+In manycast mode these values are used in turn
+in an expanding-ring search.
+The default is eight
+multiples of 32 starting at 31.
+.El
+.Sh Reference Clock Support
+The NTP Version 4 daemon supports some three dozen different radio,
+satellite and modem reference clocks plus a special pseudo-clock
+used for backup or when no other clock source is available.
+Detailed descriptions of individual device drivers and options can
+be found in the
+.Qq Reference Clock Drivers
+page
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp ) .
+Additional information can be found in the pages linked
+there, including the
+.Qq Debugging Hints for Reference Clock Drivers
+and
+.Qq How To Write a Reference Clock Driver
+pages
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp ) .
+In addition, support for a PPS
+signal is available as described in the
+.Qq Pulse-per-second (PPS) Signal Interfacing
+page
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp ) .
+Many
+drivers support special line discipline/streams modules which can
+significantly improve the accuracy using the driver.
+These are
+described in the
+.Qq Line Disciplines and Streams Drivers
+page
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp ) .
+.Pp
+A reference clock will generally (though not always) be a radio
+timecode receiver which is synchronized to a source of standard
+time such as the services offered by the NRC in Canada and NIST and
+USNO in the US.
+The interface between the computer and the timecode
+receiver is device dependent, but is usually a serial port.
+A
+device driver specific to each reference clock must be selected and
+compiled in the distribution; however, most common radio, satellite
+and modem clocks are included by default.
+Note that an attempt to
+configure a reference clock when the driver has not been compiled
+or the hardware port has not been appropriately configured results
+in a scalding remark to the system log file, but is otherwise non
+hazardous.
+.Pp
+For the purposes of configuration,
+.Xr ntpd 1ntpdmdoc
+treats
+reference clocks in a manner analogous to normal NTP peers as much
+as possible.
+Reference clocks are identified by a syntactically
+correct but invalid IP address, in order to distinguish them from
+normal NTP peers.
+Reference clock addresses are of the form
+.Sm off
+.Li 127.127. Ar t . Ar u ,
+.Sm on
+where
+.Ar t
+is an integer
+denoting the clock type and
+.Ar u
+indicates the unit
+number in the range 0-3.
+While it may seem overkill, it is in fact
+sometimes useful to configure multiple reference clocks of the same
+type, in which case the unit numbers must be unique.
+.Pp
+The
+.Ic server
+command is used to configure a reference
+clock, where the
+.Ar address
+argument in that command
+is the clock address.
+The
+.Cm key ,
+.Cm version
+and
+.Cm ttl
+options are not used for reference clock support.
+The
+.Cm mode
+option is added for reference clock support, as
+described below.
+The
+.Cm prefer
+option can be useful to
+persuade the server to cherish a reference clock with somewhat more
+enthusiasm than other reference clocks or peers.
+Further
+information on this option can be found in the
+.Qq Mitigation Rules and the prefer Keyword
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp )
+page.
+The
+.Cm minpoll
+and
+.Cm maxpoll
+options have
+meaning only for selected clock drivers.
+See the individual clock
+driver document pages for additional information.
+.Pp
+The
+.Ic fudge
+command is used to provide additional
+information for individual clock drivers and normally follows
+immediately after the
+.Ic server
+command.
+The
+.Ar address
+argument specifies the clock address.
+The
+.Cm refid
+and
+.Cm stratum
+options can be used to
+override the defaults for the device.
+There are two optional
+device-dependent time offsets and four flags that can be included
+in the
+.Ic fudge
+command as well.
+.Pp
+The stratum number of a reference clock is by default zero.
+Since the
+.Xr ntpd 1ntpdmdoc
+daemon adds one to the stratum of each
+peer, a primary server ordinarily displays an external stratum of
+one.
+In order to provide engineered backups, it is often useful to
+specify the reference clock stratum as greater than zero.
+The
+.Cm stratum
+option is used for this purpose.
+Also, in cases
+involving both a reference clock and a pulse-per-second (PPS)
+discipline signal, it is useful to specify the reference clock
+identifier as other than the default, depending on the driver.
+The
+.Cm refid
+option is used for this purpose.
+Except where noted,
+these options apply to all clock drivers.
+.Ss Reference Clock Commands
+.Bl -tag -width indent
+.It Xo Ic server
+.Sm off
+.Li 127.127. Ar t . Ar u
+.Sm on
+.Op Cm prefer
+.Op Cm mode Ar int
+.Op Cm minpoll Ar int
+.Op Cm maxpoll Ar int
+.Xc
+This command can be used to configure reference clocks in
+special ways.
+The options are interpreted as follows:
+.Bl -tag -width indent
+.It Cm prefer
+Marks the reference clock as preferred.
+All other things being
+equal, this host will be chosen for synchronization among a set of
+correctly operating hosts.
+See the
+.Qq Mitigation Rules and the prefer Keyword
+page
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp )
+for further information.
+.It Cm mode Ar int
+Specifies a mode number which is interpreted in a
+device-specific fashion.
+For instance, it selects a dialing
+protocol in the ACTS driver and a device subtype in the
+parse
+drivers.
+.It Cm minpoll Ar int
+.It Cm maxpoll Ar int
+These options specify the minimum and maximum polling interval
+for reference clock messages, as a power of 2 in seconds
+For
+most directly connected reference clocks, both
+.Cm minpoll
+and
+.Cm maxpoll
+default to 6 (64 s).
+For modem reference clocks,
+.Cm minpoll
+defaults to 10 (17.1 m) and
+.Cm maxpoll
+defaults to 14 (4.5 h).
+The allowable range is 4 (16 s) to 17 (36.4 h) inclusive.
+.El
+.It Xo Ic fudge
+.Sm off
+.Li 127.127. Ar t . Ar u
+.Sm on
+.Op Cm time1 Ar sec
+.Op Cm time2 Ar sec
+.Op Cm stratum Ar int
+.Op Cm refid Ar string
+.Op Cm mode Ar int
+.Op Cm flag1 Cm 0 \&| Cm 1
+.Op Cm flag2 Cm 0 \&| Cm 1
+.Op Cm flag3 Cm 0 \&| Cm 1
+.Op Cm flag4 Cm 0 \&| Cm 1
+.Xc
+This command can be used to configure reference clocks in
+special ways.
+It must immediately follow the
+.Ic server
+command which configures the driver.
+Note that the same capability
+is possible at run time using the
+.Xr ntpdc 1ntpdcmdoc
+program.
+The options are interpreted as
+follows:
+.Bl -tag -width indent
+.It Cm time1 Ar sec
+Specifies a constant to be added to the time offset produced by
+the driver, a fixed-point decimal number in seconds.
+This is used
+as a calibration constant to adjust the nominal time offset of a
+particular clock to agree with an external standard, such as a
+precision PPS signal.
+It also provides a way to correct a
+systematic error or bias due to serial port or operating system
+latencies, different cable lengths or receiver internal delay.
+The
+specified offset is in addition to the propagation delay provided
+by other means, such as internal DIPswitches.
+Where a calibration
+for an individual system and driver is available, an approximate
+correction is noted in the driver documentation pages.
+Note: in order to facilitate calibration when more than one
+radio clock or PPS signal is supported, a special calibration
+feature is available.
+It takes the form of an argument to the
+.Ic enable
+command described in
+.Sx Miscellaneous Options
+page and operates as described in the
+.Qq Reference Clock Drivers
+page
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp ) .
+.It Cm time2 Ar secs
+Specifies a fixed-point decimal number in seconds, which is
+interpreted in a driver-dependent way.
+See the descriptions of
+specific drivers in the
+.Qq Reference Clock Drivers
+page
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp ) .
+.It Cm stratum Ar int
+Specifies the stratum number assigned to the driver, an integer
+between 0 and 15.
+This number overrides the default stratum number
+ordinarily assigned by the driver itself, usually zero.
+.It Cm refid Ar string
+Specifies an ASCII string of from one to four characters which
+defines the reference identifier used by the driver.
+This string
+overrides the default identifier ordinarily assigned by the driver
+itself.
+.It Cm mode Ar int
+Specifies a mode number which is interpreted in a
+device-specific fashion.
+For instance, it selects a dialing
+protocol in the ACTS driver and a device subtype in the
+parse
+drivers.
+.It Cm flag1 Cm 0 \&| Cm 1
+.It Cm flag2 Cm 0 \&| Cm 1
+.It Cm flag3 Cm 0 \&| Cm 1
+.It Cm flag4 Cm 0 \&| Cm 1
+These four flags are used for customizing the clock driver.
+The
+interpretation of these values, and whether they are used at all,
+is a function of the particular clock driver.
+However, by
+convention
+.Cm flag4
+is used to enable recording monitoring
+data to the
+.Cm clockstats
+file configured with the
+.Ic filegen
+command.
+Further information on the
+.Ic filegen
+command can be found in
+.Sx Monitoring Options .
+.El
+.El
+.Sh Miscellaneous Options
+.Bl -tag -width indent
+.It Ic broadcastdelay Ar seconds
+The broadcast and multicast modes require a special calibration
+to determine the network delay between the local and remote
+servers.
+Ordinarily, this is done automatically by the initial
+protocol exchanges between the client and server.
+In some cases,
+the calibration procedure may fail due to network or server access
+controls, for example.
+This command specifies the default delay to
+be used under these circumstances.
+Typically (for Ethernet), a
+number between 0.003 and 0.007 seconds is appropriate.
+The default
+when this command is not used is 0.004 seconds.
+.It Ic calldelay Ar delay
+This option controls the delay in seconds between the first and second
+packets sent in burst or iburst mode to allow additional time for a modem
+or ISDN call to complete.
+.It Ic driftfile Ar driftfile
+This command specifies the complete path and name of the file used to
+record the frequency of the local clock oscillator.
+This is the same
+operation as the
+.Fl f
+command line option.
+If the file exists, it is read at
+startup in order to set the initial frequency and then updated once per
+hour with the current frequency computed by the daemon.
+If the file name is
+specified, but the file itself does not exist, the starts with an initial
+frequency of zero and creates the file when writing it for the first time.
+If this command is not given, the daemon will always start with an initial
+frequency of zero.
+.Pp
+The file format consists of a single line containing a single
+floating point number, which records the frequency offset measured
+in parts-per-million (PPM).
+The file is updated by first writing
+the current drift value into a temporary file and then renaming
+this file to replace the old version.
+This implies that
+.Xr ntpd 1ntpdmdoc
+must have write permission for the directory the
+drift file is located in, and that file system links, symbolic or
+otherwise, should be avoided.
+.It Xo Ic enable
+.Oo
+.Cm auth | Cm bclient |
+.Cm calibrate | Cm kernel |
+.Cm monitor | Cm ntp |
+.Cm pps | Cm stats
+.Oc
+.Xc
+.It Xo Ic disable
+.Oo
+.Cm auth | Cm bclient |
+.Cm calibrate | Cm kernel |
+.Cm monitor | Cm ntp |
+.Cm pps | Cm stats
+.Oc
+.Xc
+Provides a way to enable or disable various server options.
+Flags not mentioned are unaffected.
+Note that all of these flags
+can be controlled remotely using the
+.Xr ntpdc 1ntpdcmdoc
+utility program.
+.Bl -tag -width indent
+.It Cm auth
+Enables the server to synchronize with unconfigured peers only if the
+peer has been correctly authenticated using either public key or
+private key cryptography.
+The default for this flag is
+.Ic enable .
+.It Cm bclient
+Enables the server to listen for a message from a broadcast or
+multicast server, as in the
+.Ic multicastclient
+command with default
+address.
+The default for this flag is
+.Ic disable .
+.It Cm calibrate
+Enables the calibrate feature for reference clocks.
+The default for
+this flag is
+.Ic disable .
+.It Cm kernel
+Enables the kernel time discipline, if available.
+The default for this
+flag is
+.Ic enable
+if support is available, otherwise
+.Ic disable .
+.It Cm monitor
+Enables the monitoring facility.
+See the
+.Xr ntpdc 1ntpdcmdoc
+program
+and the
+.Ic monlist
+command or further information.
+The
+default for this flag is
+.Ic enable .
+.It Cm ntp
+Enables time and frequency discipline.
+In effect, this switch opens and
+closes the feedback loop, which is useful for testing.
+The default for
+this flag is
+.Ic enable .
+.It Cm pps
+Enables the pulse-per-second (PPS) signal when frequency and time is
+disciplined by the precision time kernel modifications.
+See the
+.Qq A Kernel Model for Precision Timekeeping
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp )
+page for further information.
+The default for this flag is
+.Ic disable .
+.It Cm stats
+Enables the statistics facility.
+See the
+.Sx Monitoring Options
+section for further information.
+The default for this flag is
+.Ic disable .
+.El
+.It Ic includefile Ar includefile
+This command allows additional configuration commands
+to be included from a separate file.
+Include files may
+be nested to a depth of five; upon reaching the end of any
+include file, command processing resumes in the previous
+configuration file.
+This option is useful for sites that run
+.Xr ntpd 1ntpdmdoc
+on multiple hosts, with (mostly) common options (e.g., a
+restriction list).
+.It Ic logconfig Ar configkeyword
+This command controls the amount and type of output written to
+the system
+.Xr syslog 3
+facility or the alternate
+.Ic logfile
+log file.
+By default, all output is turned on.
+All
+.Ar configkeyword
+keywords can be prefixed with
+.Ql = ,
+.Ql +
+and
+.Ql - ,
+where
+.Ql =
+sets the
+.Xr syslog 3
+priority mask,
+.Ql +
+adds and
+.Ql -
+removes
+messages.
+.Xr syslog 3
+messages can be controlled in four
+classes
+.Po
+.Cm clock ,
+.Cm peer ,
+.Cm sys
+and
+.Cm sync
+.Pc .
+Within these classes four types of messages can be
+controlled: informational messages
+.Po
+.Cm info
+.Pc ,
+event messages
+.Po
+.Cm events
+.Pc ,
+statistics messages
+.Po
+.Cm statistics
+.Pc
+and
+status messages
+.Po
+.Cm status
+.Pc .
+.Pp
+Configuration keywords are formed by concatenating the message class with
+the event class.
+The
+.Cm all
+prefix can be used instead of a message class.
+A
+message class may also be followed by the
+.Cm all
+keyword to enable/disable all
+messages of the respective message class.Thus, a minimal log configuration
+could look like this:
+.Bd -literal
+logconfig =syncstatus +sysevents
+.Ed
+.Pp
+This would just list the synchronizations state of
+.Xr ntpd 1ntpdmdoc
+and the major system events.
+For a simple reference server, the
+following minimum message configuration could be useful:
+.Bd -literal
+logconfig =syncall +clockall
+.Ed
+.Pp
+This configuration will list all clock information and
+synchronization information.
+All other events and messages about
+peers, system events and so on is suppressed.
+.It Ic logfile Ar logfile
+This command specifies the location of an alternate log file to
+be used instead of the default system
+.Xr syslog 3
+facility.
+This is the same operation as the -l command line option.
+.It Ic setvar Ar variable Op Cm default
+This command adds an additional system variable.
+These
+variables can be used to distribute additional information such as
+the access policy.
+If the variable of the form
+.Sm off
+.Va name = Ar value
+.Sm on
+is followed by the
+.Cm default
+keyword, the
+variable will be listed as part of the default system variables
+.Po
+.Xr ntpq 1ntpqmdoc
+.Ic rv
+command
+.Pc ) .
+These additional variables serve
+informational purposes only.
+They are not related to the protocol
+other that they can be listed.
+The known protocol variables will
+always override any variables defined via the
+.Ic setvar
+mechanism.
+There are three special variables that contain the names
+of all variable of the same group.
+The
+.Va sys_var_list
+holds
+the names of all system variables.
+The
+.Va peer_var_list
+holds
+the names of all peer variables and the
+.Va clock_var_list
+holds the names of the reference clock variables.
+.It Xo Ic tinker
+.Oo
+.Cm allan Ar allan |
+.Cm dispersion Ar dispersion |
+.Cm freq Ar freq |
+.Cm huffpuff Ar huffpuff |
+.Cm panic Ar panic |
+.Cm step Ar srep |
+.Cm stepout Ar stepout
+.Oc
+.Xc
+This command can be used to alter several system variables in
+very exceptional circumstances.
+It should occur in the
+configuration file before any other configuration options.
+The
+default values of these variables have been carefully optimized for
+a wide range of network speeds and reliability expectations.
+In
+general, they interact in intricate ways that are hard to predict
+and some combinations can result in some very nasty behavior.
+Very
+rarely is it necessary to change the default values; but, some
+folks cannot resist twisting the knobs anyway and this command is
+for them.
+Emphasis added: twisters are on their own and can expect
+no help from the support group.
+.Pp
+The variables operate as follows:
+.Bl -tag -width indent
+.It Cm allan Ar allan
+The argument becomes the new value for the minimum Allan
+intercept, which is a parameter of the PLL/FLL clock discipline
+algorithm.
+The value in log2 seconds defaults to 7 (1024 s), which is also the lower
+limit.
+.It Cm dispersion Ar dispersion
+The argument becomes the new value for the dispersion increase rate,
+normally .000015 s/s.
+.It Cm freq Ar freq
+The argument becomes the initial value of the frequency offset in
+parts-per-million.
+This overrides the value in the frequency file, if
+present, and avoids the initial training state if it is not.
+.It Cm huffpuff Ar huffpuff
+The argument becomes the new value for the experimental
+huff-n'-puff filter span, which determines the most recent interval
+the algorithm will search for a minimum delay.
+The lower limit is
+900 s (15 m), but a more reasonable value is 7200 (2 hours).
+There
+is no default, since the filter is not enabled unless this command
+is given.
+.It Cm panic Ar panic
+The argument is the panic threshold, normally 1000 s.
+If set to zero,
+the panic sanity check is disabled and a clock offset of any value will
+be accepted.
+.It Cm step Ar step
+The argument is the step threshold, which by default is 0.128 s.
+It can
+be set to any positive number in seconds.
+If set to zero, step
+adjustments will never occur.
+Note: The kernel time discipline is
+disabled if the step threshold is set to zero or greater than the
+default.
+.It Cm stepout Ar stepout
+The argument is the stepout timeout, which by default is 900 s.
+It can
+be set to any positive number in seconds.
+If set to zero, the stepout
+pulses will not be suppressed.
+.El
+.It Xo Ic trap Ar host_address
+.Op Cm port Ar port_number
+.Op Cm interface Ar interface_address
+.Xc
+This command configures a trap receiver at the given host
+address and port number for sending messages with the specified
+local interface address.
+If the port number is unspecified, a value
+of 18447 is used.
+If the interface address is not specified, the
+message is sent with a source address of the local interface the
+message is sent through.
+Note that on a multihomed host the
+interface used may vary from time to time with routing changes.
+.Pp
+The trap receiver will generally log event messages and other
+information from the server in a log file.
+While such monitor
+programs may also request their own trap dynamically, configuring a
+trap receiver will ensure that no messages are lost when the server
+is started.
+.It Cm hop Ar ...
+This command specifies a list of TTL values in increasing order, up to 8
+values can be specified.
+In manycast mode these values are used in turn in
+an expanding-ring search.
+The default is eight multiples of 32 starting at
+31.
+.El
+.Sh "OPTIONS"
+.Bl -tag
+.It \-\-help
+Display usage information and exit.
+.It \-\-more-help
+Pass the extended usage information through a pager.
+.It \-\-version "[=\fI{v|c|n}\fP]"
+Output version of program and exit.  The default mode is `v', a simple
+version.  The `c' mode will print copyright information and `n' will
+print the full copyright notice.
+.El
+.Sh "OPTION PRESETS"
+Any option that is not marked as \fInot presettable\fP may be preset
+by loading values from environment variables named:
+.nf
+  \fBNTP_CONF_<option-name>\fP or \fBNTP_CONF\fP
+.fi
+.ad
+.Sh "ENVIRONMENT"
+See \fBOPTION PRESETS\fP for configuration environment variables.
+.Sh FILES
+.Bl -tag -width /etc/ntp.drift -compact
+.It Pa /etc/ntp.conf
+the default name of the configuration file
+.It Pa ntp.keys
+private MD5 keys
+.It Pa ntpkey
+RSA private key
+.It Pa ntpkey_ Ns Ar host
+RSA public key
+.It Pa ntp_dh
+Diffie-Hellman agreement parameters
+.El
+.Sh "EXIT STATUS"
+One of the following exit values will be returned:
+.Bl -tag
+.It 0 " (EXIT_SUCCESS)"
+Successful program execution.
+.It 1 " (EXIT_FAILURE)"
+The operation failed or the command syntax was not valid.
+.El
+.Sh "SEE ALSO"
+.Sh SEE ALSO
+.Xr ntpd 1ntpdmdoc ,
+.Xr ntpdc 1ntpdcmdoc ,
+.Xr ntpq 1ntpqmdoc
+.Pp
+In addition to the manual pages provided,
+comprehensive documentation is available on the world wide web
+at
+.Li http://www.ntp.org/ .
+A snapshot of this documentation is available in HTML format in
+.Pa /usr/share/doc/ntp .
+.Rs
+.%A David L. Mills
+.%T Network Time Protocol (Version 4)
+.%O RFC5905
+.Re
+.Sh "AUTHORS"
+The University of Delaware
+.Sh "COPYRIGHT"
+Copyright (C) 1970-2012 The University of Delaware all rights reserved.
+This program is released under the terms of the NTP license, <http://ntp.org/license>.
+.Sh BUGS
+The syntax checking is not picky; some combinations of
+ridiculous and even hilarious options and modes may not be
+detected.
+.Pp
+The
+.Pa ntpkey_ Ns Ar host
+files are really digital
+certificates.
+These should be obtained via secure directory
+services when they become universally available.Please send bug reports to: http://bugs.ntp.org, bugs at ntp.org
+.Sh NOTES
+This document is derived from FreeBSD..Pp
+This manual page was \fIAutoGen\fP-erated from the \fBntp.conf\fP
+option definitions.

==== ntpd/ntp.conf.5mdoc ====
2012-08-30 20:37:36-04:00, stenn at psp-deb1.ntp.org +0 -0

==== ntpd/ntp.conf.def ====
2012-08-30 20:37:37-04:00, stenn at psp-deb1.ntp.org +2746 -0
  BitKeeper file /home/stenn/ntp-dev-autogen/ntpd/ntp.conf.def

--- /dev/null	2012-08-30 22:06:47 -04:00
+++ 1.1/ntpd/ntp.conf.def	2012-08-30 20:37:37 -04:00
@@ -0,0 +1,2746 @@
+/* -*- Mode: Text -*- */
+
+autogen definitions options;
+
+#include copyright.def
+
+// We want the synopsis to be "/etc/ntp.conf" but we need the prog-name
+// to be ntp.conf - the latter is also how autogen produces the output
+// file name.
+prog-name	= "ntp.conf";
+prog-title	= "Network Time Protocol (NTP) daemon configuration file format";
+
+/* explain: Additional information whenever the usage routine is invoked */
+explain = <<- _END_EXPLAIN
+	_END_EXPLAIN;
+
+doc-section	= {
+  ds-type	= 'DESCRIPTION';
+  ds-format	= 'mdoc';
+  ds-text	= <<- _END_PROG_MDOC_DESCRIP
+The
+.Nm
+configuration file is read at initial startup by the
+.Xr ntpd 1ntpdmdoc
+daemon in order to specify the synchronization sources,
+modes and other related information.
+Usually, it is installed in the
+.Pa /etc
+directory,
+but could be installed elsewhere
+(see the daemon's
+.Fl c
+command line option).
+.Pp
+The file format is similar to other
+.Ux
+configuration files.
+Comments begin with a
+.Ql #
+character and extend to the end of the line;
+blank lines are ignored.
+Configuration commands consist of an initial keyword
+followed by a list of arguments,
+some of which may be optional, separated by whitespace.
+Commands may not be continued over multiple lines.
+Arguments may be host names,
+host addresses written in numeric, dotted-quad form,
+integers, floating point numbers (when specifying times in seconds)
+and text strings.
+.Pp
+The rest of this page describes the configuration and control options.
+The
+.Qq Notes on Configuring NTP and Setting up a NTP Subnet
+page
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp )
+contains an extended discussion of these options.
+In addition to the discussion of general
+.Sx Configuration Options ,
+there are sections describing the following supported functionality
+and the options used to control it:
+.Bl -bullet -offset indent
+.It
+.Sx Authentication Support
+.It
+.Sx Monitoring Support
+.It
+.Sx Access Control Support
+.It
+.Sx Automatic NTP Configuration Options
+.It
+.Sx Reference Clock Support
+.It
+.Sx Miscellaneous Options
+.El
+.Pp
+Following these is a section describing
+.Sx Miscellaneous Options .
+While there is a rich set of options available,
+the only required option is one or more
+.Ic server ,
+.Ic peer ,
+.Ic broadcast
+or
+.Ic manycastclient
+commands.
+.Sh Configuration Support
+Following is a description of the configuration commands in
+NTPv4.
+These commands have the same basic functions as in NTPv3 and
+in some cases new functions and new arguments.
+There are two
+classes of commands, configuration commands that configure a
+persistent association with a remote server or peer or reference
+clock, and auxiliary commands that specify environmental variables
+that control various related operations.
+.Ss Configuration Commands
+The various modes are determined by the command keyword and the
+type of the required IP address.
+Addresses are classed by type as
+(s) a remote server or peer (IPv4 class A, B and C), (b) the
+broadcast address of a local interface, (m) a multicast address (IPv4
+class D), or (r) a reference clock address (127.127.x.x).
+Note that
+only those options applicable to each command are listed below.
+Use
+of options not listed may not be caught as an error, but may result
+in some weird and even destructive behavior.
+.Pp
+If the Basic Socket Interface Extensions for IPv6 (RFC-2553)
+is detected, support for the IPv6 address family is generated
+in addition to the default support of the IPv4 address family.
+In a few cases, including the reslist billboard generated
+by ntpdc, IPv6 addresses are automatically generated.
+IPv6 addresses can be identified by the presence of colons
+.Dq \&:
+in the address field.
+IPv6 addresses can be used almost everywhere where
+IPv4 addresses can be used,
+with the exception of reference clock addresses,
+which are always IPv4.
+.Pp
+Note that in contexts where a host name is expected, a
+.Fl 4
+qualifier preceding
+the host name forces DNS resolution to the IPv4 namespace,
+while a
+.Fl 6
+qualifier forces DNS resolution to the IPv6 namespace.
+See IPv6 references for the
+equivalent classes for that address family.
+.Bl -tag -width indent
+.It Xo Ic server Ar address
+.Op Cm key Ar key \&| Cm autokey
+.Op Cm burst
+.Op Cm iburst
+.Op Cm version Ar version
+.Op Cm prefer
+.Op Cm minpoll Ar minpoll
+.Op Cm maxpoll Ar maxpoll
+.Xc
+.It Xo Ic peer Ar address
+.Op Cm key Ar key \&| Cm autokey
+.Op Cm version Ar version
+.Op Cm prefer
+.Op Cm minpoll Ar minpoll
+.Op Cm maxpoll Ar maxpoll
+.Xc
+.It Xo Ic broadcast Ar address
+.Op Cm key Ar key \&| Cm autokey
+.Op Cm version Ar version
+.Op Cm prefer
+.Op Cm minpoll Ar minpoll
+.Op Cm ttl Ar ttl
+.Xc
+.It Xo Ic manycastclient Ar address
+.Op Cm key Ar key \&| Cm autokey
+.Op Cm version Ar version
+.Op Cm prefer
+.Op Cm minpoll Ar minpoll
+.Op Cm maxpoll Ar maxpoll
+.Op Cm ttl Ar ttl
+.Xc
+.El
+.Pp
+These four commands specify the time server name or address to
+be used and the mode in which to operate.
+The
+.Ar address
+can be
+either a DNS name or an IP address in dotted-quad notation.
+Additional information on association behavior can be found in the
+.Qq Association Management
+page
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp ) .
+.Bl -tag -width indent
+.It Ic server
+For type s and r addresses, this command mobilizes a persistent
+client mode association with the specified remote server or local
+radio clock.
+In this mode the local clock can synchronized to the
+remote server, but the remote server can never be synchronized to
+the local clock.
+This command should
+.Em not
+be used for type
+b or m addresses.
+.It Ic peer
+For type s addresses (only), this command mobilizes a
+persistent symmetric-active mode association with the specified
+remote peer.
+In this mode the local clock can be synchronized to
+the remote peer or the remote peer can be synchronized to the local
+clock.
+This is useful in a network of servers where, depending on
+various failure scenarios, either the local or remote peer may be
+the better source of time.
+This command should NOT be used for type
+b, m or r addresses.
+.It Ic broadcast
+For type b and m addresses (only), this
+command mobilizes a persistent broadcast mode association.
+Multiple
+commands can be used to specify multiple local broadcast interfaces
+(subnets) and/or multiple multicast groups.
+Note that local
+broadcast messages go only to the interface associated with the
+subnet specified, but multicast messages go to all interfaces.
+In broadcast mode the local server sends periodic broadcast
+messages to a client population at the
+.Ar address
+specified, which is usually the broadcast address on (one of) the
+local network(s) or a multicast address assigned to NTP.
+The IANA
+has assigned the multicast group address IPv4 224.0.1.1 and
+IPv6 ff05::101 (site local) exclusively to
+NTP, but other nonconflicting addresses can be used to contain the
+messages within administrative boundaries.
+Ordinarily, this
+specification applies only to the local server operating as a
+sender; for operation as a broadcast client, see the
+.Ic broadcastclient
+or
+.Ic multicastclient
+commands
+below.
+.It Ic manycastclient
+For type m addresses (only), this command mobilizes a
+manycast client mode association for the multicast address
+specified.
+In this case a specific address must be supplied which
+matches the address used on the
+.Ic manycastserver
+command for
+the designated manycast servers.
+The NTP multicast address
+224.0.1.1 assigned by the IANA should NOT be used, unless specific
+means are taken to avoid spraying large areas of the Internet with
+these messages and causing a possibly massive implosion of replies
+at the sender.
+The
+.Ic manycastserver
+command specifies that the local server
+is to operate in client mode with the remote servers that are
+discovered as the result of broadcast/multicast messages.
+The
+client broadcasts a request message to the group address associated
+with the specified
+.Ar address
+and specifically enabled
+servers respond to these messages.
+The client selects the servers
+providing the best time and continues as with the
+.Ic server
+command.
+The remaining servers are discarded as if never
+heard.
+.El
+.Pp
+Options:
+.Bl -tag -width indent
+.It Cm autokey
+All packets sent to and received from the server or peer are to
+include authentication fields encrypted using the autokey scheme
+described in
+.Sx Authentication Options .
+.It Cm burst
+when the server is reachable, send a burst of eight packets
+instead of the usual one.
+The packet spacing is normally 2 s;
+however, the spacing between the first and second packets
+can be changed with the calldelay command to allow
+additional time for a modem or ISDN call to complete.
+This is designed to improve timekeeping quality
+with the
+.Ic server
+command and s addresses.
+.It Cm iburst
+When the server is unreachable, send a burst of eight packets
+instead of the usual one.
+The packet spacing is normally 2 s;
+however, the spacing between the first two packets can be
+changed with the calldelay command to allow
+additional time for a modem or ISDN call to complete.
+This is designed to speed the initial synchronization
+acquisition with the
+.Ic server
+command and s addresses and when
+.Xr ntpd 1ntpdmdoc
+is started with the
+.Fl q
+option.
+.It Cm key Ar key
+All packets sent to and received from the server or peer are to
+include authentication fields encrypted using the specified
+.Ar key
+identifier with values from 1 to 65534, inclusive.
+The
+default is to include no encryption field.
+.It Cm minpoll Ar minpoll
+.It Cm maxpoll Ar maxpoll
+These options specify the minimum and maximum poll intervals
+for NTP messages, as a power of 2 in seconds
+The maximum poll
+interval defaults to 10 (1,024 s), but can be increased by the
+.Cm maxpoll
+option to an upper limit of 17 (36.4 h).
+The
+minimum poll interval defaults to 6 (64 s), but can be decreased by
+the
+.Cm minpoll
+option to a lower limit of 4 (16 s).
+.It Cm noselect
+Marks the server as unused, except for display purposes.
+The server is discarded by the selection algroithm.
+.It Cm prefer
+Marks the server as preferred.
+All other things being equal,
+this host will be chosen for synchronization among a set of
+correctly operating hosts.
+See the
+.Qq Mitigation Rules and the prefer Keyword
+page
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp )
+for further information.
+.It Cm ttl Ar ttl
+This option is used only with broadcast server and manycast
+client modes.
+It specifies the time-to-live
+.Ar ttl
+to
+use on broadcast server and multicast server and the maximum
+.Ar ttl
+for the expanding ring search with manycast
+client packets.
+Selection of the proper value, which defaults to
+127, is something of a black art and should be coordinated with the
+network administrator.
+.It Cm version Ar version
+Specifies the version number to be used for outgoing NTP
+packets.
+Versions 1-4 are the choices, with version 4 the
+default.
+.El
+.Ss Auxiliary Commands
+.Bl -tag -width indent
+.It Ic broadcastclient
+This command enables reception of broadcast server messages to
+any local interface (type b) address.
+Upon receiving a message for
+the first time, the broadcast client measures the nominal server
+propagation delay using a brief client/server exchange with the
+server, then enters the broadcast client mode, in which it
+synchronizes to succeeding broadcast messages.
+Note that, in order
+to avoid accidental or malicious disruption in this mode, both the
+server and client should operate using symmetric-key or public-key
+authentication as described in
+.Sx Authentication Options .
+.It Ic manycastserver Ar address ...
+This command enables reception of manycast client messages to
+the multicast group address(es) (type m) specified.
+At least one
+address is required, but the NTP multicast address 224.0.1.1
+assigned by the IANA should NOT be used, unless specific means are
+taken to limit the span of the reply and avoid a possibly massive
+implosion at the original sender.
+Note that, in order to avoid
+accidental or malicious disruption in this mode, both the server
+and client should operate using symmetric-key or public-key
+authentication as described in
+.Sx Authentication Options .
+.It Ic multicastclient Ar address ...
+This command enables reception of multicast server messages to
+the multicast group address(es) (type m) specified.
+Upon receiving
+a message for the first time, the multicast client measures the
+nominal server propagation delay using a brief client/server
+exchange with the server, then enters the broadcast client mode, in
+which it synchronizes to succeeding multicast messages.
+Note that,
+in order to avoid accidental or malicious disruption in this mode,
+both the server and client should operate using symmetric-key or
+public-key authentication as described in
+.Sx Authentication Options .
+.El
+.Sh Authentication Support
+Authentication support allows the NTP client to verify that the
+server is in fact known and trusted and not an intruder intending
+accidentally or on purpose to masquerade as that server.
+The NTPv3
+specification RFC-1305 defines a scheme which provides
+cryptographic authentication of received NTP packets.
+Originally,
+this was done using the Data Encryption Standard (DES) algorithm
+operating in Cipher Block Chaining (CBC) mode, commonly called
+DES-CBC.
+Subsequently, this was replaced by the RSA Message Digest
+5 (MD5) algorithm using a private key, commonly called keyed-MD5.
+Either algorithm computes a message digest, or one-way hash, which
+can be used to verify the server has the correct private key and
+key identifier.
+.Pp
+NTPv4 retains the NTPv3 scheme, properly described as symmetric key
+cryptography and, in addition, provides a new Autokey scheme
+based on public key cryptography.
+Public key cryptography is generally considered more secure
+than symmetric key cryptography, since the security is based
+on a private value which is generated by each server and
+never revealed.
+With Autokey all key distribution and
+management functions involve only public values, which
+considerably simplifies key distribution and storage.
+Public key management is based on X.509 certificates,
+which can be provided by commercial services or
+produced by utility programs in the OpenSSL software library
+or the NTPv4 distribution.
+.Pp
+While the algorithms for symmetric key cryptography are
+included in the NTPv4 distribution, public key cryptography
+requires the OpenSSL software library to be installed
+before building the NTP distribution.
+Directions for doing that
+are on the Building and Installing the Distribution page.
+.Pp
+Authentication is configured separately for each association
+using the
+.Cm key
+or
+.Cm autokey
+subcommand on the
+.Ic peer ,
+.Ic server ,
+.Ic broadcast
+and
+.Ic manycastclient
+configuration commands as described in
+.Sx Configuration Options
+page.
+The authentication
+options described below specify the locations of the key files,
+if other than default, which symmetric keys are trusted
+and the interval between various operations, if other than default.
+.Pp
+Authentication is always enabled,
+although ineffective if not configured as
+described below.
+If a NTP packet arrives
+including a message authentication
+code (MAC), it is accepted only if it
+passes all cryptographic checks.
+The
+checks require correct key ID, key value
+and message digest.
+If the packet has
+been modified in any way or replayed
+by an intruder, it will fail one or more
+of these checks and be discarded.
+Furthermore, the Autokey scheme requires a
+preliminary protocol exchange to obtain
+the server certificate, verify its
+credentials and initialize the protocol
+.Pp
+The
+.Cm auth
+flag controls whether new associations or
+remote configuration commands require cryptographic authentication.
+This flag can be set or reset by the
+.Ic enable
+and
+.Ic disable
+commands and also by remote
+configuration commands sent by a
+.Xr ntpdc 1ntpdcmdoc
+program running in
+another machine.
+If this flag is enabled, which is the default
+case, new broadcast client and symmetric passive associations and
+remote configuration commands must be cryptographically
+authenticated using either symmetric key or public key cryptography.
+If this
+flag is disabled, these operations are effective
+even if not cryptographic
+authenticated.
+It should be understood
+that operating with the
+.Ic auth
+flag disabled invites a significant vulnerability
+where a rogue hacker can
+masquerade as a falseticker and seriously
+disrupt system timekeeping.
+It is
+important to note that this flag has no purpose
+other than to allow or disallow
+a new association in response to new broadcast
+and symmetric active messages
+and remote configuration commands and, in particular,
+the flag has no effect on
+the authentication process itself.
+.Pp
+An attractive alternative where multicast support is available
+is manycast mode, in which clients periodically troll
+for servers as described in the
+.Sx Automatic NTP Configuration Options
+page.
+Either symmetric key or public key
+cryptographic authentication can be used in this mode.
+The principle advantage
+of manycast mode is that potential servers need not be
+configured in advance,
+since the client finds them during regular operation,
+and the configuration
+files for all clients can be identical.
+.Pp
+The security model and protocol schemes for
+both symmetric key and public key
+cryptography are summarized below;
+further details are in the briefings, papers
+and reports at the NTP project page linked from
+.Li http://www.ntp.org/ .
+.Ss Symmetric-Key Cryptography
+The original RFC-1305 specification allows any one of possibly
+65,534 keys, each distinguished by a 32-bit key identifier, to
+authenticate an association.
+The servers and clients involved must
+agree on the key and key identifier to
+authenticate NTP packets.
+Keys and
+related information are specified in a key
+file, usually called
+.Pa ntp.keys ,
+which must be distributed and stored using
+secure means beyond the scope of the NTP protocol itself.
+Besides the keys used
+for ordinary NTP associations,
+additional keys can be used as passwords for the
+.Xr ntpq 1ntpqmdoc
+and
+.Xr ntpdc 1ntpdcmdoc
+utility programs.
+.Pp
+When
+.Xr ntpd 1ntpdmdoc
+is first started, it reads the key file specified in the
+.Ic keys
+configuration command and installs the keys
+in the key cache.
+However,
+individual keys must be activated with the
+.Ic trusted
+command before use.
+This
+allows, for instance, the installation of possibly
+several batches of keys and
+then activating or deactivating each batch
+remotely using
+.Xr ntpdc 1ntpdcmdoc .
+This also provides a revocation capability that can be used
+if a key becomes compromised.
+The
+.Ic requestkey
+command selects the key used as the password for the
+.Xr ntpdc 1ntpdcmdoc
+utility, while the
+.Ic controlkey
+command selects the key used as the password for the
+.Xr ntpq 1ntpqmdoc
+utility.
+.Ss Public Key Cryptography
+NTPv4 supports the original NTPv3 symmetric key scheme
+described in RFC-1305 and in addition the Autokey protocol,
+which is based on public key cryptography.
+The Autokey Version 2 protocol described on the Autokey Protocol
+page verifies packet integrity using MD5 message digests
+and verifies the source with digital signatures and any of several
+digest/signature schemes.
+Optional identity schemes described on the Identity Schemes
+page and based on cryptographic challenge/response algorithms
+are also available.
+Using all of these schemes provides strong security against
+replay with or without modification, spoofing, masquerade
+and most forms of clogging attacks.
+.\" .Pp
+.\" The cryptographic means necessary for all Autokey operations
+.\" is provided by the OpenSSL software library.
+.\" This library is available from http://www.openssl.org/
+.\" and can be installed using the procedures outlined
+.\" in the Building and Installing the Distribution page.
+.\" Once installed,
+.\" the configure and build
+.\" process automatically detects the library and links
+.\" the library routines required.
+.Pp
+The Autokey protocol has several modes of operation
+corresponding to the various NTP modes supported.
+Most modes use a special cookie which can be
+computed independently by the client and server,
+but encrypted in transmission.
+All modes use in addition a variant of the S-KEY scheme,
+in which a pseudo-random key list is generated and used
+in reverse order.
+These schemes are described along with an executive summary,
+current status, briefing slides and reading list on the
+.Sx Autonomous Authentication
+page.
+.Pp
+The specific cryptographic environment used by Autokey servers
+and clients is determined by a set of files
+and soft links generated by the
+.Xr ntp-keygen 1ntpkeygenmdoc
+program.
+This includes a required host key file,
+required certificate file and optional sign key file,
+leapsecond file and identity scheme files.
+The
+digest/signature scheme is specified in the X.509 certificate
+along with the matching sign key.
+There are several schemes
+available in the OpenSSL software library, each identified
+by a specific string such as
+.Cm md5WithRSAEncryption ,
+which stands for the MD5 message digest with RSA
+encryption scheme.
+The current NTP distribution supports
+all the schemes in the OpenSSL library, including
+those based on RSA and DSA digital signatures.
+.Pp
+NTP secure groups can be used to define cryptographic compartments
+and security hierarchies.
+It is important that every host
+in the group be able to construct a certificate trail to one
+or more trusted hosts in the same group.
+Each group
+host runs the Autokey protocol to obtain the certificates
+for all hosts along the trail to one or more trusted hosts.
+This requires the configuration file in all hosts to be
+engineered so that, even under anticipated failure conditions,
+the NTP subnet will form such that every group host can find
+a trail to at least one trusted host.
+.Ss Naming and Addressing
+It is important to note that Autokey does not use DNS to
+resolve addresses, since DNS can't be completely trusted
+until the name servers have synchronized clocks.
+The cryptographic name used by Autokey to bind the host identity
+credentials and cryptographic values must be independent
+of interface, network and any other naming convention.
+The name appears in the host certificate in either or both
+the subject and issuer fields, so protection against
+DNS compromise is essential.
+.Pp
+By convention, the name of an Autokey host is the name returned
+by the Unix
+.Xr gethostname 2
+system call or equivalent in other systems.
+By the system design
+model, there are no provisions to allow alternate names or aliases.
+However, this is not to say that DNS aliases, different names
+for each interface, etc., are constrained in any way.
+.Pp
+It is also important to note that Autokey verifies authenticity
+using the host name, network address and public keys,
+all of which are bound together by the protocol specifically
+to deflect masquerade attacks.
+For this reason Autokey
+includes the source and destinatino IP addresses in message digest
+computations and so the same addresses must be available
+at both the server and client.
+For this reason operation
+with network address translation schemes is not possible.
+This reflects the intended robust security model where government
+and corporate NTP servers are operated outside firewall perimeters.
+.Ss Operation
+A specific combination of authentication scheme (none,
+symmetric key, public key) and identity scheme is called
+a cryptotype, although not all combinations are compatible.
+There may be management configurations where the clients,
+servers and peers may not all support the same cryptotypes.
+A secure NTPv4 subnet can be configured in many ways while
+keeping in mind the principles explained above and
+in this section.
+Note however that some cryptotype
+combinations may successfully interoperate with each other,
+but may not represent good security practice.
+.Pp
+The cryptotype of an association is determined at the time
+of mobilization, either at configuration time or some time
+later when a message of appropriate cryptotype arrives.
+When mobilized by a
+.Ic server
+or
+.Ic peer
+configuration command and no
+.Ic key
+or
+.Ic autokey
+subcommands are present, the association is not
+authenticated; if the
+.Ic key
+subcommand is present, the association is authenticated
+using the symmetric key ID specified; if the
+.Ic autokey
+subcommand is present, the association is authenticated
+using Autokey.
+.Pp
+When multiple identity schemes are supported in the Autokey
+protocol, the first message exchange determines which one is used.
+The client request message contains bits corresponding
+to which schemes it has available.
+The server response message
+contains bits corresponding to which schemes it has available.
+Both server and client match the received bits with their own
+and select a common scheme.
+.Pp
+Following the principle that time is a public value,
+a server responds to any client packet that matches
+its cryptotype capabilities.
+Thus, a server receiving
+an unauthenticated packet will respond with an unauthenticated
+packet, while the same server receiving a packet of a cryptotype
+it supports will respond with packets of that cryptotype.
+However, unconfigured broadcast or manycast client
+associations or symmetric passive associations will not be
+mobilized unless the server supports a cryptotype compatible
+with the first packet received.
+By default, unauthenticated associations will not be mobilized
+unless overridden in a decidedly dangerous way.
+.Pp
+Some examples may help to reduce confusion.
+Client Alice has no specific cryptotype selected.
+Server Bob has both a symmetric key file and minimal Autokey files.
+Alice's unauthenticated messages arrive at Bob, who replies with
+unauthenticated messages.
+Cathy has a copy of Bob's symmetric
+key file and has selected key ID 4 in messages to Bob.
+Bob verifies the message with his key ID 4.
+If it's the
+same key and the message is verified, Bob sends Cathy a reply
+authenticated with that key.
+If verification fails,
+Bob sends Cathy a thing called a crypto-NAK, which tells her
+something broke.
+She can see the evidence using the ntpq program.
+.Pp
+Denise has rolled her own host key and certificate.
+She also uses one of the identity schemes as Bob.
+She sends the first Autokey message to Bob and they
+both dance the protocol authentication and identity steps.
+If all comes out okay, Denise and Bob continue as described above.
+.Pp
+It should be clear from the above that Bob can support
+all the girls at the same time, as long as he has compatible
+authentication and identity credentials.
+Now, Bob can act just like the girls in his own choice of servers;
+he can run multiple configured associations with multiple different
+servers (or the same server, although that might not be useful).
+But, wise security policy might preclude some cryptotype
+combinations; for instance, running an identity scheme
+with one server and no authentication with another might not be wise.
+.Ss Key Management
+The cryptographic values used by the Autokey protocol are
+incorporated as a set of files generated by the
+.Xr ntp-keygen 1ntpkeygenmdoc
+utility program, including symmetric key, host key and
+public certificate files, as well as sign key, identity parameters
+and leapseconds files.
+Alternatively, host and sign keys and
+certificate files can be generated by the OpenSSL utilities
+and certificates can be imported from public certificate
+authorities.
+Note that symmetric keys are necessary for the
+.Xr ntpq 1ntpqmdoc
+and
+.Xr ntpdc 1ntpdcmdoc
+utility programs.
+The remaining files are necessary only for the
+Autokey protocol.
+.Pp
+Certificates imported from OpenSSL or public certificate
+authorities have certian limitations.
+The certificate should be in ASN.1 syntax, X.509 Version 3
+format and encoded in PEM, which is the same format
+used by OpenSSL.
+The overall length of the certificate encoded
+in ASN.1 must not exceed 1024 bytes.
+The subject distinguished
+name field (CN) is the fully qualified name of the host
+on which it is used; the remaining subject fields are ignored.
+The certificate extension fields must not contain either
+a subject key identifier or a issuer key identifier field;
+however, an extended key usage field for a trusted host must
+contain the value
+.Cm trustRoot ; .
+Other extension fields are ignored.
+.Ss Authentication Commands
+.Bl -tag -width indent
+.It Ic autokey Op Ar logsec
+Specifies the interval between regenerations of the session key
+list used with the Autokey protocol.
+Note that the size of the key
+list for each association depends on this interval and the current
+poll interval.
+The default value is 12 (4096 s or about 1.1 hours).
+For poll intervals above the specified interval, a session key list
+with a single entry will be regenerated for every message
+sent.
+.It Ic controlkey Ar key
+Specifies the key identifier to use with the
+.Xr ntpq 1ntpqmdoc
+utility, which uses the standard
+protocol defined in RFC-1305.
+The
+.Ar key
+argument is
+the key identifier for a trusted key, where the value can be in the
+range 1 to 65,534, inclusive.
+.It Xo Ic crypto
+.Op Cm cert Ar file
+.Op Cm leap Ar file
+.Op Cm randfile Ar file
+.Op Cm host Ar file
+.Op Cm sign Ar file
+.Op Cm gq Ar file
+.Op Cm gqpar Ar file
+.Op Cm iffpar Ar file
+.Op Cm mvpar Ar file
+.Op Cm pw Ar password
+.Xc
+This command requires the OpenSSL library.
+It activates public key
+cryptography, selects the message digest and signature
+encryption scheme and loads the required private and public
+values described above.
+If one or more files are left unspecified,
+the default names are used as described above.
+Unless the complete path and name of the file are specified, the
+location of a file is relative to the keys directory specified
+in the
+.Ic keysdir
+command or default
+.Pa /usr/local/etc .
+Following are the subcommands:
+.Bl -tag -width indent
+.It Cm cert Ar file
+Specifies the location of the required host public certificate file.
+This overrides the link
+.Pa ntpkey_cert_ Ns Ar hostname
+in the keys directory.
+.It Cm gqpar Ar file
+Specifies the location of the optional GQ parameters file.
+This
+overrides the link
+.Pa ntpkey_gq_ Ns Ar hostname
+in the keys directory.
+.It Cm host Ar file
+Specifies the location of the required host key file.
+This overrides
+the link
+.Pa ntpkey_key_ Ns Ar hostname
+in the keys directory.
+.It Cm iffpar Ar file
+Specifies the location of the optional IFF parameters file.This
+overrides the link
+.Pa ntpkey_iff_ Ns Ar hostname
+in the keys directory.
+.It Cm leap Ar file
+Specifies the location of the optional leapsecond file.
+This overrides the link
+.Pa ntpkey_leap
+in the keys directory.
+.It Cm mvpar Ar file
+Specifies the location of the optional MV parameters file.
+This
+overrides the link
+.Pa ntpkey_mv_ Ns Ar hostname
+in the keys directory.
+.It Cm pw Ar password
+Specifies the password to decrypt files containing private keys and
+identity parameters.
+This is required only if these files have been
+encrypted.
+.It Cm randfile Ar file
+Specifies the location of the random seed file used by the OpenSSL
+library.
+The defaults are described in the main text above.
+.It Cm sign Ar file
+Specifies the location of the optional sign key file.
+This overrides
+the link
+.Pa ntpkey_sign_ Ns Ar hostname
+in the keys directory.
+If this file is
+not found, the host key is also the sign key.
+.El
+.It Ic keys Ar keyfile
+Specifies the complete path and location of the MD5 key file
+containing the keys and key identifiers used by
+.Xr ntpd 1ntpdmdoc ,
+.Xr ntpq 1ntpqmdoc
+and
+.Xr ntpdc 1ntpdcmdoc
+when operating with symmetric key cryptography.
+This is the same operation as the
+.Fl k
+command line option.
+.It Ic keysdir Ar path
+This command specifies the default directory path for
+cryptographic keys, parameters and certificates.
+The default is
+.Pa /usr/local/etc/ .
+.It Ic requestkey Ar key
+Specifies the key identifier to use with the
+.Xr ntpdc 1ntpdcmdoc
+utility program, which uses a
+proprietary protocol specific to this implementation of
+.Xr ntpd 1ntpdmdoc .
+The
+.Ar key
+argument is a key identifier
+for the trusted key, where the value can be in the range 1 to
+65,534, inclusive.
+.It Ic revoke Ar logsec
+Specifies the interval between re-randomization of certain
+cryptographic values used by the Autokey scheme, as a power of 2 in
+seconds.
+These values need to be updated frequently in order to
+deflect brute-force attacks on the algorithms of the scheme;
+however, updating some values is a relatively expensive operation.
+The default interval is 16 (65,536 s or about 18 hours).
+For poll
+intervals above the specified interval, the values will be updated
+for every message sent.
+.It Ic trustedkey Ar key ...
+Specifies the key identifiers which are trusted for the
+purposes of authenticating peers with symmetric key cryptography,
+as well as keys used by the
+.Xr ntpq 1ntpqmdoc
+and
+.Xr ntpdc 1ntpdcmdoc
+programs.
+The authentication procedures require that both the local
+and remote servers share the same key and key identifier for this
+purpose, although different keys can be used with different
+servers.
+The
+.Ar key
+arguments are 32-bit unsigned
+integers with values from 1 to 65,534.
+.El
+.Ss Error Codes
+The following error codes are reported via the NTP control
+and monitoring protocol trap mechanism.
+.Bl -tag -width indent
+.It 101
+.Pq bad field format or length
+The packet has invalid version, length or format.
+.It 102
+.Pq bad timestamp
+The packet timestamp is the same or older than the most recent received.
+This could be due to a replay or a server clock time step.
+.It 103
+.Pq bad filestamp
+The packet filestamp is the same or older than the most recent received.
+This could be due to a replay or a key file generation error.
+.It 104
+.Pq bad or missing public key
+The public key is missing, has incorrect format or is an unsupported type.
+.It 105
+.Pq unsupported digest type
+The server requires an unsupported digest/signature scheme.
+.It 106
+.Pq mismatched digest types
+Not used.
+.It 107
+.Pq bad signature length
+The signature length does not match the current public key.
+.It 108
+.Pq signature not verified
+The message fails the signature check.
+It could be bogus or signed by a
+different private key.
+.It 109
+.Pq certificate not verified
+The certificate is invalid or signed with the wrong key.
+.It 110
+.Pq certificate not verified
+The certificate is not yet valid or has expired or the signature could not
+be verified.
+.It 111
+.Pq bad or missing cookie
+The cookie is missing, corrupted or bogus.
+.It 112
+.Pq bad or missing leapseconds table
+The leapseconds table is missing, corrupted or bogus.
+.It 113
+.Pq bad or missing certificate
+The certificate is missing, corrupted or bogus.
+.It 114
+.Pq bad or missing identity
+The identity key is missing, corrupt or bogus.
+.El
+.Sh Monitoring Support
+.Xr ntpd 1ntpdmdoc
+includes a comprehensive monitoring facility suitable
+for continuous, long term recording of server and client
+timekeeping performance.
+See the
+.Ic statistics
+command below
+for a listing and example of each type of statistics currently
+supported.
+Statistic files are managed using file generation sets
+and scripts in the
+.Pa ./scripts
+directory of this distribution.
+Using
+these facilities and
+.Ux
+.Xr cron 8
+jobs, the data can be
+automatically summarized and archived for retrospective analysis.
+.Ss Monitoring Commands
+.Bl -tag -width indent
+.It Ic statistics Ar name ...
+Enables writing of statistics records.
+Currently, four kinds of
+.Ar name
+statistics are supported.
+.Bl -tag -width indent
+.It Cm clockstats
+Enables recording of clock driver statistics information.
+Each update
+received from a clock driver appends a line of the following form to
+the file generation set named
+.Cm clockstats :
+.Bd -literal
+49213 525.624 127.127.4.1 93 226 00:08:29.606 D
+.Ed
+.Pp
+The first two fields show the date (Modified Julian Day) and time
+(seconds and fraction past UTC midnight).
+The next field shows the
+clock address in dotted-quad notation.
+The final field shows the last
+timecode received from the clock in decoded ASCII format, where
+meaningful.
+In some clock drivers a good deal of additional information
+can be gathered and displayed as well.
+See information specific to each
+clock for further details.
+.It Cm cryptostats
+This option requires the OpenSSL cryptographic software library.
+It
+enables recording of cryptographic public key protocol information.
+Each message received by the protocol module appends a line of the
+following form to the file generation set named
+.Cm cryptostats :
+.Bd -literal
+49213 525.624 127.127.4.1 message
+.Ed
+.Pp
+The first two fields show the date (Modified Julian Day) and time
+(seconds and fraction past UTC midnight).
+The next field shows the peer
+address in dotted-quad notation, The final message field includes the
+message type and certain ancillary information.
+See the
+.Sx Authentication Options
+section for further information.
+.It Cm loopstats
+Enables recording of loop filter statistics information.
+Each
+update of the local clock outputs a line of the following form to
+the file generation set named
+.Cm loopstats :
+.Bd -literal
+50935 75440.031 0.000006019 13.778190 0.000351733 0.0133806
+.Ed
+.Pp
+The first two fields show the date (Modified Julian Day) and
+time (seconds and fraction past UTC midnight).
+The next five fields
+show time offset (seconds), frequency offset (parts per million -
+PPM), RMS jitter (seconds), Allan deviation (PPM) and clock
+discipline time constant.
+.It Cm peerstats
+Enables recording of peer statistics information.
+This includes
+statistics records of all peers of a NTP server and of special
+signals, where present and configured.
+Each valid update appends a
+line of the following form to the current element of a file
+generation set named
+.Cm peerstats :
+.Bd -literal
+48773 10847.650 127.127.4.1 9714 -0.001605376 0.000000000 0.001424877 0.000958674
+.Ed
+.Pp
+The first two fields show the date (Modified Julian Day) and
+time (seconds and fraction past UTC midnight).
+The next two fields
+show the peer address in dotted-quad notation and status,
+respectively.
+The status field is encoded in hex in the format
+described in Appendix A of the NTP specification RFC 1305.
+The final four fields show the offset,
+delay, dispersion and RMS jitter, all in seconds.
+.It Cm rawstats
+Enables recording of raw-timestamp statistics information.
+This
+includes statistics records of all peers of a NTP server and of
+special signals, where present and configured.
+Each NTP message
+received from a peer or clock driver appends a line of the
+following form to the file generation set named
+.Cm rawstats :
+.Bd -literal
+50928 2132.543 128.4.1.1 128.4.1.20 3102453281.584327000 3102453281.58622800031 02453332.540806000 3102453332.541458000
+.Ed
+.Pp
+The first two fields show the date (Modified Julian Day) and
+time (seconds and fraction past UTC midnight).
+The next two fields
+show the remote peer or clock address followed by the local address
+in dotted-quad notation.
+The final four fields show the originate,
+receive, transmit and final NTP timestamps in order.
+The timestamp
+values are as received and before processing by the various data
+smoothing and mitigation algorithms.
+.It Cm sysstats
+Enables recording of ntpd statistics counters on a periodic basis.
+Each
+hour a line of the following form is appended to the file generation
+set named
+.Cm sysstats :
+.Bd -literal
+50928 2132.543 36000 81965 0 9546 56 71793 512 540 10 147
+.Ed
+.Pp
+The first two fields show the date (Modified Julian Day) and time
+(seconds and fraction past UTC midnight).
+The remaining ten fields show
+the statistics counter values accumulated since the last generated
+line.
+.Bl -tag -width indent
+.It Time since restart Cm 36000
+Time in hours since the system was last rebooted.
+.It Packets received Cm 81965
+Total number of packets received.
+.It Packets processed Cm 0
+Number of packets received in response to previous packets sent
+.It Current version Cm 9546
+Number of packets matching the current NTP version.
+.It Previous version Cm 56
+Number of packets matching the previous NTP version.
+.It Bad version Cm 71793
+Number of packets matching neither NTP version.
+.It Access denied Cm 512
+Number of packets denied access for any reason.
+.It Bad length or format Cm 540
+Number of packets with invalid length, format or port number.
+.It Bad authentication Cm 10
+Number of packets not verified as authentic.
+.It Rate exceeded Cm 147
+Number of packets discarded due to rate limitation.
+.El
+.It Cm statsdir Ar directory_path
+Indicates the full path of a directory where statistics files
+should be created (see below).
+This keyword allows
+the (otherwise constant)
+.Cm filegen
+filename prefix to be modified for file generation sets, which
+is useful for handling statistics logs.
+.It Cm filegen Ar name Xo
+.Op Cm file Ar filename
+.Op Cm type Ar typename
+.Op Cm link | nolink
+.Op Cm enable | disable
+.Xc
+Configures setting of generation file set name.
+Generation
+file sets provide a means for handling files that are
+continuously growing during the lifetime of a server.
+Server statistics are a typical example for such files.
+Generation file sets provide access to a set of files used
+to store the actual data.
+At any time at most one element
+of the set is being written to.
+The type given specifies
+when and how data will be directed to a new element of the set.
+This way, information stored in elements of a file set
+that are currently unused are available for administrational
+operations without the risk of disturbing the operation of ntpd.
+(Most important: they can be removed to free space for new data
+produced.)
+.Pp
+Note that this command can be sent from the
+.Xr ntpdc 1ntpdcmdoc
+program running at a remote location.
+.Bl -tag -width indent
+.It Cm name
+This is the type of the statistics records, as shown in the
+.Cm statistics
+command.
+.It Cm file Ar filename
+This is the file name for the statistics records.
+Filenames of set
+members are built from three concatenated elements
+.Ar Cm prefix ,
+.Ar Cm filename
+and
+.Ar Cm suffix :
+.Bl -tag -width indent
+.It Cm prefix
+This is a constant filename path.
+It is not subject to
+modifications via the
+.Ar filegen
+option.
+It is defined by the
+server, usually specified as a compile-time constant.
+It may,
+however, be configurable for individual file generation sets
+via other commands.
+For example, the prefix used with
+.Ar loopstats
+and
+.Ar peerstats
+generation can be configured using the
+.Ar statsdir
+option explained above.
+.It Cm filename
+This string is directly concatenated to the prefix mentioned
+above (no intervening
+.Ql / ) .
+This can be modified using
+the file argument to the
+.Ar filegen
+statement.
+No
+.Pa ..
+elements are
+allowed in this component to prevent filenames referring to
+parts outside the filesystem hierarchy denoted by
+.Ar prefix .
+.It Cm suffix
+This part is reflects individual elements of a file set.
+It is
+generated according to the type of a file set.
+.El
+.It Cm type Ar typename
+A file generation set is characterized by its type.
+The following
+types are supported:
+.Bl -tag -width indent
+.It Cm none
+The file set is actually a single plain file.
+.It Cm pid
+One element of file set is used per incarnation of a ntpd
+server.
+This type does not perform any changes to file set
+members during runtime, however it provides an easy way of
+separating files belonging to different
+.Xr ntpd 1ntpdmdoc
+server incarnations.
+The set member filename is built by appending a
+.Ql \&.
+to concatenated
+.Ar prefix
+and
+.Ar filename
+strings, and
+appending the decimal representation of the process ID of the
+.Xr ntpd 1ntpdmdoc
+server process.
+.It Cm day
+One file generation set element is created per day.
+A day is
+defined as the period between 00:00 and 24:00 UTC.
+The file set
+member suffix consists of a
+.Ql \&.
+and a day specification in
+the form
+.Cm YYYYMMdd .
+.Cm YYYY
+is a 4-digit year number (e.g., 1992).
+.Cm MM
+is a two digit month number.
+.Cm dd
+is a two digit day number.
+Thus, all information written at 10 December 1992 would end up
+in a file named
+.Ar prefix
+.Ar filename Ns .19921210 .
+.It Cm week
+Any file set member contains data related to a certain week of
+a year.
+The term week is defined by computing day-of-year
+modulo 7.
+Elements of such a file generation set are
+distinguished by appending the following suffix to the file set
+filename base: A dot, a 4-digit year number, the letter
+.Cm W ,
+and a 2-digit week number.
+For example, information from January,
+10th 1992 would end up in a file with suffix
+.No . Ns Ar 1992W1 .
+.It Cm month
+One generation file set element is generated per month.
+The
+file name suffix consists of a dot, a 4-digit year number, and
+a 2-digit month.
+.It Cm year
+One generation file element is generated per year.
+The filename
+suffix consists of a dot and a 4 digit year number.
+.It Cm age
+This type of file generation sets changes to a new element of
+the file set every 24 hours of server operation.
+The filename
+suffix consists of a dot, the letter
+.Cm a ,
+and an 8-digit number.
+This number is taken to be the number of seconds the server is
+running at the start of the corresponding 24-hour period.
+Information is only written to a file generation by specifying
+.Cm enable ;
+output is prevented by specifying
+.Cm disable .
+.El
+.It Cm link | nolink
+It is convenient to be able to access the current element of a file
+generation set by a fixed name.
+This feature is enabled by
+specifying
+.Cm link
+and disabled using
+.Cm nolink .
+If link is specified, a
+hard link from the current file set element to a file without
+suffix is created.
+When there is already a file with this name and
+the number of links of this file is one, it is renamed appending a
+dot, the letter
+.Cm C ,
+and the pid of the ntpd server process.
+When the
+number of links is greater than one, the file is unlinked.
+This
+allows the current file to be accessed by a constant name.
+.It Cm enable \&| Cm disable
+Enables or disables the recording function.
+.El
+.El
+.El
+.Sh Access Control Support
+The
+.Xr ntpd 1ntpdmdoc
+daemon implements a general purpose address/mask based restriction
+list.
+The list contains address/match entries sorted first
+by increasing address values and and then by increasing mask values.
+A match occurs when the bitwise AND of the mask and the packet
+source address is equal to the bitwise AND of the mask and
+address in the list.
+The list is searched in order with the
+last match found defining the restriction flags associated
+with the entry.
+Additional information and examples can be found in the
+.Qq Notes on Configuring NTP and Setting up a NTP Subnet
+page
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp ) .
+.Pp
+The restriction facility was implemented in conformance
+with the access policies for the original NSFnet backbone
+time servers.
+Later the facility was expanded to deflect
+cryptographic and clogging attacks.
+While this facility may
+be useful for keeping unwanted or broken or malicious clients
+from congesting innocent servers, it should not be considered
+an alternative to the NTP authentication facilities.
+Source address based restrictions are easily circumvented
+by a determined cracker.
+.Pp
+Clients can be denied service because they are explicitly
+included in the restrict list created by the restrict command
+or implicitly as the result of cryptographic or rate limit
+violations.
+Cryptographic violations include certificate
+or identity verification failure; rate limit violations generally
+result from defective NTP implementations that send packets
+at abusive rates.
+Some violations cause denied service
+only for the offending packet, others cause denied service
+for a timed period and others cause the denied service for
+an indefinate period.
+When a client or network is denied access
+for an indefinate period, the only way at present to remove
+the restrictions is by restarting the server.
+.Ss The Kiss-of-Death Packet
+Ordinarily, packets denied service are simply dropped with no
+further action except incrementing statistics counters.
+Sometimes a
+more proactive response is needed, such as a server message that
+explicitly requests the client to stop sending and leave a message
+for the system operator.
+A special packet format has been created
+for this purpose called the "kiss-of-death" (KoD) packet.
+KoD packets have the leap bits set unsynchronized and stratum set
+to zero and the reference identifier field set to a four-byte
+ASCII code.
+If the
+.Cm noserve
+or
+.Cm notrust
+flag of the matching restrict list entry is set,
+the code is "DENY"; if the
+.Cm limited
+flag is set and the rate limit
+is exceeded, the code is "RATE".
+Finally, if a cryptographic violation occurs, the code is "CRYP".
+.Pp
+A client receiving a KoD performs a set of sanity checks to
+minimize security exposure, then updates the stratum and
+reference identifier peer variables, sets the access
+denied (TEST4) bit in the peer flash variable and sends
+a message to the log.
+As long as the TEST4 bit is set,
+the client will send no further packets to the server.
+The only way at present to recover from this condition is
+to restart the protocol at both the client and server.
+This
+happens automatically at the client when the association times out.
+It will happen at the server only if the server operator cooperates.
+.Ss Access Control Commands
+.Bl -tag -width indent
+.It Xo Ic discard
+.Op Cm average Ar avg
+.Op Cm minimum Ar min
+.Op Cm monitor Ar prob
+.Xc
+Set the parameters of the
+.Cm limited
+facility which protects the server from
+client abuse.
+The
+.Cm average
+subcommand specifies the minimum average packet
+spacing, while the
+.Cm minimum
+subcommand specifies the minimum packet spacing.
+Packets that violate these minima are discarded
+and a kiss-o'-death packet returned if enabled.
+The default
+minimum average and minimum are 5 and 2, respectively.
+The monitor subcommand specifies the probability of discard
+for packets that overflow the rate-control window.
+.It Xo Ic restrict address
+.Op Cm mask Ar mask
+.Op Ar flag ...
+.Xc
+The
+.Ar address
+argument expressed in
+dotted-quad form is the address of a host or network.
+Alternatively, the
+.Ar address
+argument can be a valid host DNS name.
+The
+.Ar mask
+argument expressed in dotted-quad form defaults to
+.Cm 255.255.255.255 ,
+meaning that the
+.Ar address
+is treated as the address of an individual host.
+A default entry (address
+.Cm 0.0.0.0 ,
+mask
+.Cm 0.0.0.0 )
+is always included and is always the first entry in the list.
+Note that text string
+.Cm default ,
+with no mask option, may
+be used to indicate the default entry.
+In the current implementation,
+.Cm flag
+always
+restricts access, i.e., an entry with no flags indicates that free
+access to the server is to be given.
+The flags are not orthogonal,
+in that more restrictive flags will often make less restrictive
+ones redundant.
+The flags can generally be classed into two
+categories, those which restrict time service and those which
+restrict informational queries and attempts to do run-time
+reconfiguration of the server.
+One or more of the following flags
+may be specified:
+.Bl -tag -width indent
+.It Cm ignore
+Deny packets of all kinds, including
+.Xr ntpq 1ntpqmdoc
+and
+.Xr ntpdc 1ntpdcmdoc
+queries.
+.It Cm kod
+If this flag is set when an access violation occurs, a kiss-o'-death
+(KoD) packet is sent.
+KoD packets are rate limited to no more than one
+per second.
+If another KoD packet occurs within one second after the
+last one, the packet is dropped.
+.It Cm limited
+Deny service if the packet spacing violates the lower limits specified
+in the discard command.
+A history of clients is kept using the
+monitoring capability of
+.Xr ntpd 1ntpdmdoc .
+Thus, monitoring is always active as
+long as there is a restriction entry with the
+.Cm limited
+flag.
+.It Cm lowpriotrap
+Declare traps set by matching hosts to be low priority.
+The
+number of traps a server can maintain is limited (the current limit
+is 3).
+Traps are usually assigned on a first come, first served
+basis, with later trap requestors being denied service.
+This flag
+modifies the assignment algorithm by allowing low priority traps to
+be overridden by later requests for normal priority traps.
+.It Cm nomodify
+Deny
+.Xr ntpq 1ntpqmdoc
+and
+.Xr ntpdc 1ntpdcmdoc
+queries which attempt to modify the state of the
+server (i.e., run time reconfiguration).
+Queries which return
+information are permitted.
+.It Cm noquery
+Deny
+.Xr ntpq 1ntpqmdoc
+and
+.Xr ntpdc 1ntpdcmdoc
+queries.
+Time service is not affected.
+.It Cm nopeer
+Deny packets which would result in mobilizing a new association.
+This
+includes broadcast and symmetric active packets when a configured
+association does not exist.
+.It Cm noserve
+Deny all packets except
+.Xr ntpq 1ntpqmdoc
+and
+.Xr ntpdc 1ntpdcmdoc
+queries.
+.It Cm notrap
+Decline to provide mode 6 control message trap service to matching
+hosts.
+The trap service is a subsystem of the ntpdq control message
+protocol which is intended for use by remote event logging programs.
+.It Cm notrust
+Deny service unless the packet is cryptographically authenticated.
+.It Cm ntpport
+This is actually a match algorithm modifier, rather than a
+restriction flag.
+Its presence causes the restriction entry to be
+matched only if the source port in the packet is the standard NTP
+UDP port (123).
+Both
+.Cm ntpport
+and
+.Cm non-ntpport
+may
+be specified.
+The
+.Cm ntpport
+is considered more specific and
+is sorted later in the list.
+.It Cm version
+Deny packets that do not match the current NTP version.
+.El
+.Pp
+Default restriction list entries with the flags ignore, interface,
+ntpport, for each of the local host's interface addresses are
+inserted into the table at startup to prevent the server
+from attempting to synchronize to its own time.
+A default entry is also always present, though if it is
+otherwise unconfigured; no flags are associated
+with the default entry (i.e., everything besides your own
+NTP server is unrestricted).
+.El
+.Sh Automatic NTP Configuration Options
+.Ss Manycasting
+Manycasting is a automatic discovery and configuration paradigm
+new to NTPv4.
+It is intended as a means for a multicast client
+to troll the nearby network neighborhood to find cooperating
+manycast servers, validate them using cryptographic means
+and evaluate their time values with respect to other servers
+that might be lurking in the vicinity.
+The intended result is that each manycast client mobilizes
+client associations with some number of the "best"
+of the nearby manycast servers, yet automatically reconfigures
+to sustain this number of servers should one or another fail.
+.Pp
+Note that the manycasting paradigm does not coincide
+with the anycast paradigm described in RFC-1546,
+which is designed to find a single server from a clique
+of servers providing the same service.
+The manycast paradigm is designed to find a plurality
+of redundant servers satisfying defined optimality criteria.
+.Pp
+Manycasting can be used with either symmetric key
+or public key cryptography.
+The public key infrastructure (PKI)
+offers the best protection against compromised keys
+and is generally considered stronger, at least with relatively
+large key sizes.
+It is implemented using the Autokey protocol and
+the OpenSSL cryptographic library available from
+.Li http://www.openssl.org/ .
+The library can also be used with other NTPv4 modes
+as well and is highly recommended, especially for broadcast modes.
+.Pp
+A persistent manycast client association is configured
+using the manycastclient command, which is similar to the
+server command but with a multicast (IPv4 class
+.Cm D
+or IPv6 prefix
+.Cm FF )
+group address.
+The IANA has designated IPv4 address 224.1.1.1
+and IPv6 address FF05::101 (site local) for NTP.
+When more servers are needed, it broadcasts manycast
+client messages to this address at the minimum feasible rate
+and minimum feasible time-to-live (TTL) hops, depending
+on how many servers have already been found.
+There can be as many manycast client associations
+as different group address, each one serving as a template
+for a future ephemeral unicast client/server association.
+.Pp
+Manycast servers configured with the
+.Ic manycastserver
+command listen on the specified group address for manycast
+client messages.
+Note the distinction between manycast client,
+which actively broadcasts messages, and manycast server,
+which passively responds to them.
+If a manycast server is
+in scope of the current TTL and is itself synchronized
+to a valid source and operating at a stratum level equal
+to or lower than the manycast client, it replies to the
+manycast client message with an ordinary unicast server message.
+.Pp
+The manycast client receiving this message mobilizes
+an ephemeral client/server association according to the
+matching manycast client template, but only if cryptographically
+authenticated and the server stratum is less than or equal
+to the client stratum.
+Authentication is explicitly required
+and either symmetric key or public key (Autokey) can be used.
+Then, the client polls the server at its unicast address
+in burst mode in order to reliably set the host clock
+and validate the source.
+This normally results
+in a volley of eight client/server at 2-s intervals
+during which both the synchronization and cryptographic
+protocols run concurrently.
+Following the volley,
+the client runs the NTP intersection and clustering
+algorithms, which act to discard all but the "best"
+associations according to stratum and synchronization
+distance.
+The surviving associations then continue
+in ordinary client/server mode.
+.Pp
+The manycast client polling strategy is designed to reduce
+as much as possible the volume of manycast client messages
+and the effects of implosion due to near-simultaneous
+arrival of manycast server messages.
+The strategy is determined by the
+.Ic manycastclient ,
+.Ic tos
+and
+.Ic ttl
+configuration commands.
+The manycast poll interval is
+normally eight times the system poll interval,
+which starts out at the
+.Cm minpoll
+value specified in the
+.Ic manycastclient ,
+command and, under normal circumstances, increments to the
+.Cm maxpolll
+value specified in this command.
+Initially, the TTL is
+set at the minimum hops specified by the ttl command.
+At each retransmission the TTL is increased until reaching
+the maximum hops specified by this command or a sufficient
+number client associations have been found.
+Further retransmissions use the same TTL.
+.Pp
+The quality and reliability of the suite of associations
+discovered by the manycast client is determined by the NTP
+mitigation algorithms and the
+.Cm minclock
+and
+.Cm minsane
+values specified in the
+.Ic tos
+configuration command.
+At least
+.Cm minsane
+candidate servers must be available and the mitigation
+algorithms produce at least
+.Cm minclock
+survivors in order to synchronize the clock.
+Byzantine agreement principles require at least four
+candidates in order to correctly discard a single falseticker.
+For legacy purposes,
+.Cm minsane
+defaults to 1 and
+.Cm minclock
+defaults to 3.
+For manycast service
+.Cm minsane
+should be explicitly set to 4, assuming at least that
+number of servers are available.
+.Pp
+If at least
+.Cm minclock
+servers are found, the manycast poll interval is immediately
+set to eight times
+.Cm maxpoll .
+If less than
+.Cm minclock
+servers are found when the TTL has reached the maximum hops,
+the manycast poll interval is doubled.
+For each transmission
+after that, the poll interval is doubled again until
+reaching the maximum of eight times
+.Cm maxpoll .
+Further transmissions use the same poll interval and
+TTL values.
+Note that while all this is going on,
+each client/server association found is operating normally
+it the system poll interval.
+.Pp
+Administratively scoped multicast boundaries are normally
+specified by the network router configuration and,
+in the case of IPv6, the link/site scope prefix.
+By default, the increment for TTL hops is 32 starting
+from 31; however, the
+.Ic ttl
+configuration command can be
+used to modify the values to match the scope rules.
+.Pp
+It is often useful to narrow the range of acceptable
+servers which can be found by manycast client associations.
+Because manycast servers respond only when the client
+stratum is equal to or greater than the server stratum,
+primary (stratum 1) servers fill find only primary servers
+in TTL range, which is probably the most common objective.
+However, unless configured otherwise, all manycast clients
+in TTL range will eventually find all primary servers
+in TTL range, which is probably not the most common
+objective in large networks.
+The
+.Ic tos
+command can be used to modify this behavior.
+Servers with stratum below
+.Cm floor
+or above
+.Cm ceiling
+specified in the
+.Ic tos
+command are strongly discouraged during the selection
+process; however, these servers may be temporally
+accepted if the number of servers within TTL range is
+less than
+.Cm minclock .
+.Pp
+The above actions occur for each manycast client message,
+which repeats at the designated poll interval.
+However, once the ephemeral client association is mobilized,
+subsequent manycast server replies are discarded,
+since that would result in a duplicate association.
+If during a poll interval the number of client associations
+falls below
+.Cm minclock ,
+all manycast client prototype associations are reset
+to the initial poll interval and TTL hops and operation
+resumes from the beginning.
+It is important to avoid
+frequent manycast client messages, since each one requires
+all manycast servers in TTL range to respond.
+The result could well be an implosion, either minor or major,
+depending on the number of servers in range.
+The recommended value for
+.Cm maxpoll
+is 12 (4,096 s).
+.Pp
+It is possible and frequently useful to configure a host
+as both manycast client and manycast server.
+A number of hosts configured this way and sharing a common
+group address will automatically organize themselves
+in an optimum configuration based on stratum and
+synchronization distance.
+For example, consider an NTP
+subnet of two primary servers and a hundred or more
+dependent clients.
+With two exceptions, all servers
+and clients have identical configuration files including both
+.Ic multicastclient
+and
+.Ic multicastserver
+commands using, for instance, multicast group address
+239.1.1.1.
+The only exception is that each primary server
+configuration file must include commands for the primary
+reference source such as a GPS receiver.
+.Pp
+The remaining configuration files for all secondary
+servers and clients have the same contents, except for the
+.Ic tos
+command, which is specific for each stratum level.
+For stratum 1 and stratum 2 servers, that command is
+not necessary.
+For stratum 3 and above servers the
+.Cm floor
+value is set to the intended stratum number.
+Thus, all stratum 3 configuration files are identical,
+all stratum 4 files are identical and so forth.
+.Pp
+Once operations have stabilized in this scenario,
+the primary servers will find the primary reference source
+and each other, since they both operate at the same
+stratum (1), but not with any secondary server or client,
+since these operate at a higher stratum.
+The secondary
+servers will find the servers at the same stratum level.
+If one of the primary servers loses its GPS receiver,
+it will continue to operate as a client and other clients
+will time out the corresponding association and
+re-associate accordingly.
+.Pp
+Some administrators prefer to avoid running
+.Xr ntpd 1ntpdmdoc
+continuously and run either
+.Xr ntpdate 8
+or
+.Xr ntpd 1ntpdmdoc
+.Fl q
+as a cron job.
+In either case the servers must be
+configured in advance and the program fails if none are
+available when the cron job runs.
+A really slick
+application of manycast is with
+.Xr ntpd 1ntpdmdoc
+.Fl q .
+The program wakes up, scans the local landscape looking
+for the usual suspects, selects the best from among
+the rascals, sets the clock and then departs.
+Servers do not have to be configured in advance and
+all clients throughout the network can have the same
+configuration file.
+.Ss Manycast Interactions with Autokey
+Each time a manycast client sends a client mode packet
+to a multicast group address, all manycast servers
+in scope generate a reply including the host name
+and status word.
+The manycast clients then run
+the Autokey protocol, which collects and verifies
+all certificates involved.
+Following the burst interval
+all but three survivors are cast off,
+but the certificates remain in the local cache.
+It often happens that several complete signing trails
+from the client to the primary servers are collected in this way.
+.Pp
+About once an hour or less often if the poll interval
+exceeds this, the client regenerates the Autokey key list.
+This is in general transparent in client/server mode.
+However, about once per day the server private value
+used to generate cookies is refreshed along with all
+manycast client associations.
+In this case all
+cryptographic values including certificates is refreshed.
+If a new certificate has been generated since
+the last refresh epoch, it will automatically revoke
+all prior certificates that happen to be in the
+certificate cache.
+At the same time, the manycast
+scheme starts all over from the beginning and
+the expanding ring shrinks to the minimum and increments
+from there while collecting all servers in scope.
+.Ss Manycast Options
+.Bl -tag -width indent
+.It Xo Ic tos
+.Oo
+.Cm ceiling Ar ceiling |
+.Cm cohort { 0 | 1 } |
+.Cm floor Ar floor |
+.Cm minclock Ar minclock |
+.Cm minsane Ar minsane
+.Oc
+.Xc
+This command affects the clock selection and clustering
+algorithms.
+It can be used to select the quality and
+quantity of peers used to synchronize the system clock
+and is most useful in manycast mode.
+The variables operate
+as follows:
+.Bl -tag -width indent
+.It Cm ceiling Ar ceiling
+Peers with strata above
+.Cm ceiling
+will be discarded if there are at least
+.Cm minclock
+peers remaining.
+This value defaults to 15, but can be changed
+to any number from 1 to 15.
+.It Cm cohort Bro 0 | 1 Brc
+This is a binary flag which enables (0) or disables (1)
+manycast server replies to manycast clients with the same
+stratum level.
+This is useful to reduce implosions where
+large numbers of clients with the same stratum level
+are present.
+The default is to enable these replies.
+.It Cm floor Ar floor
+Peers with strata below
+.Cm floor
+will be discarded if there are at least
+.Cm minclock
+peers remaining.
+This value defaults to 1, but can be changed
+to any number from 1 to 15.
+.It Cm minclock Ar minclock
+The clustering algorithm repeatedly casts out outlyer
+associations until no more than
+.Cm minclock
+associations remain.
+This value defaults to 3,
+but can be changed to any number from 1 to the number of
+configured sources.
+.It Cm minsane Ar minsane
+This is the minimum number of candidates available
+to the clock selection algorithm in order to produce
+one or more truechimers for the clustering algorithm.
+If fewer than this number are available, the clock is
+undisciplined and allowed to run free.
+The default is 1
+for legacy purposes.
+However, according to principles of
+Byzantine agreement,
+.Cm minsane
+should be at least 4 in order to detect and discard
+a single falseticker.
+.El
+.It Cm ttl Ar hop ...
+This command specifies a list of TTL values in increasing
+order, up to 8 values can be specified.
+In manycast mode these values are used in turn
+in an expanding-ring search.
+The default is eight
+multiples of 32 starting at 31.
+.El
+.Sh Reference Clock Support
+The NTP Version 4 daemon supports some three dozen different radio,
+satellite and modem reference clocks plus a special pseudo-clock
+used for backup or when no other clock source is available.
+Detailed descriptions of individual device drivers and options can
+be found in the
+.Qq Reference Clock Drivers
+page
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp ) .
+Additional information can be found in the pages linked
+there, including the
+.Qq Debugging Hints for Reference Clock Drivers
+and
+.Qq How To Write a Reference Clock Driver
+pages
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp ) .
+In addition, support for a PPS
+signal is available as described in the
+.Qq Pulse-per-second (PPS) Signal Interfacing
+page
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp ) .
+Many
+drivers support special line discipline/streams modules which can
+significantly improve the accuracy using the driver.
+These are
+described in the
+.Qq Line Disciplines and Streams Drivers
+page
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp ) .
+.Pp
+A reference clock will generally (though not always) be a radio
+timecode receiver which is synchronized to a source of standard
+time such as the services offered by the NRC in Canada and NIST and
+USNO in the US.
+The interface between the computer and the timecode
+receiver is device dependent, but is usually a serial port.
+A
+device driver specific to each reference clock must be selected and
+compiled in the distribution; however, most common radio, satellite
+and modem clocks are included by default.
+Note that an attempt to
+configure a reference clock when the driver has not been compiled
+or the hardware port has not been appropriately configured results
+in a scalding remark to the system log file, but is otherwise non
+hazardous.
+.Pp
+For the purposes of configuration,
+.Xr ntpd 1ntpdmdoc
+treats
+reference clocks in a manner analogous to normal NTP peers as much
+as possible.
+Reference clocks are identified by a syntactically
+correct but invalid IP address, in order to distinguish them from
+normal NTP peers.
+Reference clock addresses are of the form
+.Sm off
+.Li 127.127. Ar t . Ar u ,
+.Sm on
+where
+.Ar t
+is an integer
+denoting the clock type and
+.Ar u
+indicates the unit
+number in the range 0-3.
+While it may seem overkill, it is in fact
+sometimes useful to configure multiple reference clocks of the same
+type, in which case the unit numbers must be unique.
+.Pp
+The
+.Ic server
+command is used to configure a reference
+clock, where the
+.Ar address
+argument in that command
+is the clock address.
+The
+.Cm key ,
+.Cm version
+and
+.Cm ttl
+options are not used for reference clock support.
+The
+.Cm mode
+option is added for reference clock support, as
+described below.
+The
+.Cm prefer
+option can be useful to
+persuade the server to cherish a reference clock with somewhat more
+enthusiasm than other reference clocks or peers.
+Further
+information on this option can be found in the
+.Qq Mitigation Rules and the prefer Keyword
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp )
+page.
+The
+.Cm minpoll
+and
+.Cm maxpoll
+options have
+meaning only for selected clock drivers.
+See the individual clock
+driver document pages for additional information.
+.Pp
+The
+.Ic fudge
+command is used to provide additional
+information for individual clock drivers and normally follows
+immediately after the
+.Ic server
+command.
+The
+.Ar address
+argument specifies the clock address.
+The
+.Cm refid
+and
+.Cm stratum
+options can be used to
+override the defaults for the device.
+There are two optional
+device-dependent time offsets and four flags that can be included
+in the
+.Ic fudge
+command as well.
+.Pp
+The stratum number of a reference clock is by default zero.
+Since the
+.Xr ntpd 1ntpdmdoc
+daemon adds one to the stratum of each
+peer, a primary server ordinarily displays an external stratum of
+one.
+In order to provide engineered backups, it is often useful to
+specify the reference clock stratum as greater than zero.
+The
+.Cm stratum
+option is used for this purpose.
+Also, in cases
+involving both a reference clock and a pulse-per-second (PPS)
+discipline signal, it is useful to specify the reference clock
+identifier as other than the default, depending on the driver.
+The
+.Cm refid
+option is used for this purpose.
+Except where noted,
+these options apply to all clock drivers.
+.Ss Reference Clock Commands
+.Bl -tag -width indent
+.It Xo Ic server
+.Sm off
+.Li 127.127. Ar t . Ar u
+.Sm on
+.Op Cm prefer
+.Op Cm mode Ar int
+.Op Cm minpoll Ar int
+.Op Cm maxpoll Ar int
+.Xc
+This command can be used to configure reference clocks in
+special ways.
+The options are interpreted as follows:
+.Bl -tag -width indent
+.It Cm prefer
+Marks the reference clock as preferred.
+All other things being
+equal, this host will be chosen for synchronization among a set of
+correctly operating hosts.
+See the
+.Qq Mitigation Rules and the prefer Keyword
+page
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp )
+for further information.
+.It Cm mode Ar int
+Specifies a mode number which is interpreted in a
+device-specific fashion.
+For instance, it selects a dialing
+protocol in the ACTS driver and a device subtype in the
+parse
+drivers.
+.It Cm minpoll Ar int
+.It Cm maxpoll Ar int
+These options specify the minimum and maximum polling interval
+for reference clock messages, as a power of 2 in seconds
+For
+most directly connected reference clocks, both
+.Cm minpoll
+and
+.Cm maxpoll
+default to 6 (64 s).
+For modem reference clocks,
+.Cm minpoll
+defaults to 10 (17.1 m) and
+.Cm maxpoll
+defaults to 14 (4.5 h).
+The allowable range is 4 (16 s) to 17 (36.4 h) inclusive.
+.El
+.It Xo Ic fudge
+.Sm off
+.Li 127.127. Ar t . Ar u
+.Sm on
+.Op Cm time1 Ar sec
+.Op Cm time2 Ar sec
+.Op Cm stratum Ar int
+.Op Cm refid Ar string
+.Op Cm mode Ar int
+.Op Cm flag1 Cm 0 \&| Cm 1
+.Op Cm flag2 Cm 0 \&| Cm 1
+.Op Cm flag3 Cm 0 \&| Cm 1
+.Op Cm flag4 Cm 0 \&| Cm 1
+.Xc
+This command can be used to configure reference clocks in
+special ways.
+It must immediately follow the
+.Ic server
+command which configures the driver.
+Note that the same capability
+is possible at run time using the
+.Xr ntpdc 1ntpdcmdoc
+program.
+The options are interpreted as
+follows:
+.Bl -tag -width indent
+.It Cm time1 Ar sec
+Specifies a constant to be added to the time offset produced by
+the driver, a fixed-point decimal number in seconds.
+This is used
+as a calibration constant to adjust the nominal time offset of a
+particular clock to agree with an external standard, such as a
+precision PPS signal.
+It also provides a way to correct a
+systematic error or bias due to serial port or operating system
+latencies, different cable lengths or receiver internal delay.
+The
+specified offset is in addition to the propagation delay provided
+by other means, such as internal DIPswitches.
+Where a calibration
+for an individual system and driver is available, an approximate
+correction is noted in the driver documentation pages.
+Note: in order to facilitate calibration when more than one
+radio clock or PPS signal is supported, a special calibration
+feature is available.
+It takes the form of an argument to the
+.Ic enable
+command described in
+.Sx Miscellaneous Options
+page and operates as described in the
+.Qq Reference Clock Drivers
+page
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp ) .
+.It Cm time2 Ar secs
+Specifies a fixed-point decimal number in seconds, which is
+interpreted in a driver-dependent way.
+See the descriptions of
+specific drivers in the
+.Qq Reference Clock Drivers
+page
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp ) .
+.It Cm stratum Ar int
+Specifies the stratum number assigned to the driver, an integer
+between 0 and 15.
+This number overrides the default stratum number
+ordinarily assigned by the driver itself, usually zero.
+.It Cm refid Ar string
+Specifies an ASCII string of from one to four characters which
+defines the reference identifier used by the driver.
+This string
+overrides the default identifier ordinarily assigned by the driver
+itself.
+.It Cm mode Ar int
+Specifies a mode number which is interpreted in a
+device-specific fashion.
+For instance, it selects a dialing
+protocol in the ACTS driver and a device subtype in the
+parse
+drivers.
+.It Cm flag1 Cm 0 \&| Cm 1
+.It Cm flag2 Cm 0 \&| Cm 1
+.It Cm flag3 Cm 0 \&| Cm 1
+.It Cm flag4 Cm 0 \&| Cm 1
+These four flags are used for customizing the clock driver.
+The
+interpretation of these values, and whether they are used at all,
+is a function of the particular clock driver.
+However, by
+convention
+.Cm flag4
+is used to enable recording monitoring
+data to the
+.Cm clockstats
+file configured with the
+.Ic filegen
+command.
+Further information on the
+.Ic filegen
+command can be found in
+.Sx Monitoring Options .
+.El
+.El
+.Sh Miscellaneous Options
+.Bl -tag -width indent
+.It Ic broadcastdelay Ar seconds
+The broadcast and multicast modes require a special calibration
+to determine the network delay between the local and remote
+servers.
+Ordinarily, this is done automatically by the initial
+protocol exchanges between the client and server.
+In some cases,
+the calibration procedure may fail due to network or server access
+controls, for example.
+This command specifies the default delay to
+be used under these circumstances.
+Typically (for Ethernet), a
+number between 0.003 and 0.007 seconds is appropriate.
+The default
+when this command is not used is 0.004 seconds.
+.It Ic calldelay Ar delay
+This option controls the delay in seconds between the first and second
+packets sent in burst or iburst mode to allow additional time for a modem
+or ISDN call to complete.
+.It Ic driftfile Ar driftfile
+This command specifies the complete path and name of the file used to
+record the frequency of the local clock oscillator.
+This is the same
+operation as the
+.Fl f
+command line option.
+If the file exists, it is read at
+startup in order to set the initial frequency and then updated once per
+hour with the current frequency computed by the daemon.
+If the file name is
+specified, but the file itself does not exist, the starts with an initial
+frequency of zero and creates the file when writing it for the first time.
+If this command is not given, the daemon will always start with an initial
+frequency of zero.
+.Pp
+The file format consists of a single line containing a single
+floating point number, which records the frequency offset measured
+in parts-per-million (PPM).
+The file is updated by first writing
+the current drift value into a temporary file and then renaming
+this file to replace the old version.
+This implies that
+.Xr ntpd 1ntpdmdoc
+must have write permission for the directory the
+drift file is located in, and that file system links, symbolic or
+otherwise, should be avoided.
+.It Xo Ic enable
+.Oo
+.Cm auth | Cm bclient |
+.Cm calibrate | Cm kernel |
+.Cm monitor | Cm ntp |
+.Cm pps | Cm stats
+.Oc
+.Xc
+.It Xo Ic disable
+.Oo
+.Cm auth | Cm bclient |
+.Cm calibrate | Cm kernel |
+.Cm monitor | Cm ntp |
+.Cm pps | Cm stats
+.Oc
+.Xc
+Provides a way to enable or disable various server options.
+Flags not mentioned are unaffected.
+Note that all of these flags
+can be controlled remotely using the
+.Xr ntpdc 1ntpdcmdoc
+utility program.
+.Bl -tag -width indent
+.It Cm auth
+Enables the server to synchronize with unconfigured peers only if the
+peer has been correctly authenticated using either public key or
+private key cryptography.
+The default for this flag is
+.Ic enable .
+.It Cm bclient
+Enables the server to listen for a message from a broadcast or
+multicast server, as in the
+.Ic multicastclient
+command with default
+address.
+The default for this flag is
+.Ic disable .
+.It Cm calibrate
+Enables the calibrate feature for reference clocks.
+The default for
+this flag is
+.Ic disable .
+.It Cm kernel
+Enables the kernel time discipline, if available.
+The default for this
+flag is
+.Ic enable
+if support is available, otherwise
+.Ic disable .
+.It Cm monitor
+Enables the monitoring facility.
+See the
+.Xr ntpdc 1ntpdcmdoc
+program
+and the
+.Ic monlist
+command or further information.
+The
+default for this flag is
+.Ic enable .
+.It Cm ntp
+Enables time and frequency discipline.
+In effect, this switch opens and
+closes the feedback loop, which is useful for testing.
+The default for
+this flag is
+.Ic enable .
+.It Cm pps
+Enables the pulse-per-second (PPS) signal when frequency and time is
+disciplined by the precision time kernel modifications.
+See the
+.Qq A Kernel Model for Precision Timekeeping
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp )
+page for further information.
+The default for this flag is
+.Ic disable .
+.It Cm stats
+Enables the statistics facility.
+See the
+.Sx Monitoring Options
+section for further information.
+The default for this flag is
+.Ic disable .
+.El
+.It Ic includefile Ar includefile
+This command allows additional configuration commands
+to be included from a separate file.
+Include files may
+be nested to a depth of five; upon reaching the end of any
+include file, command processing resumes in the previous
+configuration file.
+This option is useful for sites that run
+.Xr ntpd 1ntpdmdoc
+on multiple hosts, with (mostly) common options (e.g., a
+restriction list).
+.It Ic logconfig Ar configkeyword
+This command controls the amount and type of output written to
+the system
+.Xr syslog 3
+facility or the alternate
+.Ic logfile
+log file.
+By default, all output is turned on.
+All
+.Ar configkeyword
+keywords can be prefixed with
+.Ql = ,
+.Ql +
+and
+.Ql - ,
+where
+.Ql =
+sets the
+.Xr syslog 3
+priority mask,
+.Ql +
+adds and
+.Ql -
+removes
+messages.
+.Xr syslog 3
+messages can be controlled in four
+classes
+.Po
+.Cm clock ,
+.Cm peer ,
+.Cm sys
+and
+.Cm sync
+.Pc .
+Within these classes four types of messages can be
+controlled: informational messages
+.Po
+.Cm info
+.Pc ,
+event messages
+.Po
+.Cm events
+.Pc ,
+statistics messages
+.Po
+.Cm statistics
+.Pc
+and
+status messages
+.Po
+.Cm status
+.Pc .
+.Pp
+Configuration keywords are formed by concatenating the message class with
+the event class.
+The
+.Cm all
+prefix can be used instead of a message class.
+A
+message class may also be followed by the
+.Cm all
+keyword to enable/disable all
+messages of the respective message class.Thus, a minimal log configuration
+could look like this:
+.Bd -literal
+logconfig =syncstatus +sysevents
+.Ed
+.Pp
+This would just list the synchronizations state of
+.Xr ntpd 1ntpdmdoc
+and the major system events.
+For a simple reference server, the
+following minimum message configuration could be useful:
+.Bd -literal
+logconfig =syncall +clockall
+.Ed
+.Pp
+This configuration will list all clock information and
+synchronization information.
+All other events and messages about
+peers, system events and so on is suppressed.
+.It Ic logfile Ar logfile
+This command specifies the location of an alternate log file to
+be used instead of the default system
+.Xr syslog 3
+facility.
+This is the same operation as the -l command line option.
+.It Ic setvar Ar variable Op Cm default
+This command adds an additional system variable.
+These
+variables can be used to distribute additional information such as
+the access policy.
+If the variable of the form
+.Sm off
+.Va name = Ar value
+.Sm on
+is followed by the
+.Cm default
+keyword, the
+variable will be listed as part of the default system variables
+.Po
+.Xr ntpq 1ntpqmdoc
+.Ic rv
+command
+.Pc ) .
+These additional variables serve
+informational purposes only.
+They are not related to the protocol
+other that they can be listed.
+The known protocol variables will
+always override any variables defined via the
+.Ic setvar
+mechanism.
+There are three special variables that contain the names
+of all variable of the same group.
+The
+.Va sys_var_list
+holds
+the names of all system variables.
+The
+.Va peer_var_list
+holds
+the names of all peer variables and the
+.Va clock_var_list
+holds the names of the reference clock variables.
+.It Xo Ic tinker
+.Oo
+.Cm allan Ar allan |
+.Cm dispersion Ar dispersion |
+.Cm freq Ar freq |
+.Cm huffpuff Ar huffpuff |
+.Cm panic Ar panic |
+.Cm step Ar srep |
+.Cm stepout Ar stepout
+.Oc
+.Xc
+This command can be used to alter several system variables in
+very exceptional circumstances.
+It should occur in the
+configuration file before any other configuration options.
+The
+default values of these variables have been carefully optimized for
+a wide range of network speeds and reliability expectations.
+In
+general, they interact in intricate ways that are hard to predict
+and some combinations can result in some very nasty behavior.
+Very
+rarely is it necessary to change the default values; but, some
+folks cannot resist twisting the knobs anyway and this command is
+for them.
+Emphasis added: twisters are on their own and can expect
+no help from the support group.
+.Pp
+The variables operate as follows:
+.Bl -tag -width indent
+.It Cm allan Ar allan
+The argument becomes the new value for the minimum Allan
+intercept, which is a parameter of the PLL/FLL clock discipline
+algorithm.
+The value in log2 seconds defaults to 7 (1024 s), which is also the lower
+limit.
+.It Cm dispersion Ar dispersion
+The argument becomes the new value for the dispersion increase rate,
+normally .000015 s/s.
+.It Cm freq Ar freq
+The argument becomes the initial value of the frequency offset in
+parts-per-million.
+This overrides the value in the frequency file, if
+present, and avoids the initial training state if it is not.
+.It Cm huffpuff Ar huffpuff
+The argument becomes the new value for the experimental
+huff-n'-puff filter span, which determines the most recent interval
+the algorithm will search for a minimum delay.
+The lower limit is
+900 s (15 m), but a more reasonable value is 7200 (2 hours).
+There
+is no default, since the filter is not enabled unless this command
+is given.
+.It Cm panic Ar panic
+The argument is the panic threshold, normally 1000 s.
+If set to zero,
+the panic sanity check is disabled and a clock offset of any value will
+be accepted.
+.It Cm step Ar step
+The argument is the step threshold, which by default is 0.128 s.
+It can
+be set to any positive number in seconds.
+If set to zero, step
+adjustments will never occur.
+Note: The kernel time discipline is
+disabled if the step threshold is set to zero or greater than the
+default.
+.It Cm stepout Ar stepout
+The argument is the stepout timeout, which by default is 900 s.
+It can
+be set to any positive number in seconds.
+If set to zero, the stepout
+pulses will not be suppressed.
+.El
+.It Xo Ic trap Ar host_address
+.Op Cm port Ar port_number
+.Op Cm interface Ar interface_address
+.Xc
+This command configures a trap receiver at the given host
+address and port number for sending messages with the specified
+local interface address.
+If the port number is unspecified, a value
+of 18447 is used.
+If the interface address is not specified, the
+message is sent with a source address of the local interface the
+message is sent through.
+Note that on a multihomed host the
+interface used may vary from time to time with routing changes.
+.Pp
+The trap receiver will generally log event messages and other
+information from the server in a log file.
+While such monitor
+programs may also request their own trap dynamically, configuring a
+trap receiver will ensure that no messages are lost when the server
+is started.
+.It Cm hop Ar ...
+This command specifies a list of TTL values in increasing order, up to 8
+values can be specified.
+In manycast mode these values are used in turn in
+an expanding-ring search.
+The default is eight multiples of 32 starting at
+31.
+.El
+	_END_PROG_MDOC_DESCRIP;
+};
+
+/*
+prog-info-descrip = <<- _END_PROG_INFO_DESCRIP
+	_END_PROG_INFO_DESCRIP;
+*/
+
+doc-section	= {
+  ds-type	= 'FILES';
+  ds-format	= 'mdoc';
+  ds-text	= <<- _END_MDOC_FILES
+.Bl -tag -width /etc/ntp.drift -compact
+.It Pa /etc/ntp.conf
+the default name of the configuration file
+.It Pa ntp.keys
+private MD5 keys
+.It Pa ntpkey
+RSA private key
+.It Pa ntpkey_ Ns Ar host
+RSA public key
+.It Pa ntp_dh
+Diffie-Hellman agreement parameters
+.El
+	_END_MDOC_FILES;
+};
+
+doc-section	= {
+  ds-type	= 'SEE ALSO';
+  ds-format	= 'mdoc';
+  ds-text	= <<- _END_MDOC_SEE_ALSO
+.Sh SEE ALSO
+.Xr ntpd 1ntpdmdoc ,
+.Xr ntpdc 1ntpdcmdoc ,
+.Xr ntpq 1ntpqmdoc
+.Pp
+In addition to the manual pages provided,
+comprehensive documentation is available on the world wide web
+at
+.Li http://www.ntp.org/ .
+A snapshot of this documentation is available in HTML format in
+.Pa /usr/share/doc/ntp .
+.Rs
+.%A David L. Mills
+.%T Network Time Protocol (Version 4)
+.%O RFC5905
+.Re
+	_END_MDOC_SEE_ALSO;
+};
+
+doc-section	= {
+  ds-type	= 'BUGS';
+  ds-format	= 'mdoc';
+  ds-text	= <<- _END_MDOC_BUGS
+The syntax checking is not picky; some combinations of
+ridiculous and even hilarious options and modes may not be
+detected.
+.Pp
+The
+.Pa ntpkey_ Ns Ar host
+files are really digital
+certificates.
+These should be obtained via secure directory
+services when they become universally available.
+	_END_MDOC_BUGS;
+};
+
+doc-section	= {
+  ds-type	= 'NOTES';
+  ds-format	= 'mdoc';
+  ds-text	= <<- _END_MDOC_NOTES
+This document is derived from FreeBSD.
+	_END_MDOC_NOTES;
+};

==== ntpd/ntp.conf.def ====
2012-08-30 20:37:37-04:00, stenn at psp-deb1.ntp.org +0 -0

==== ntpd/ntp.conf.man.in ====
2012-08-30 20:37:37-04:00, stenn at psp-deb1.ntp.org +2915 -0
  BitKeeper file /home/stenn/ntp-dev-autogen/ntpd/ntp.conf.man.in

--- /dev/null	2012-08-30 22:06:47 -04:00
+++ 1.1/ntpd/ntp.conf.man.in	2012-08-30 20:37:37 -04:00
@@ -0,0 +1,2915 @@
+.TH ntp.conf 5 "11 Aug 2012" "4.2.7p295" "File Formats"
+.\"
+.\"  EDIT THIS FILE WITH CAUTION  (ntp.man)
+.\"  
+.\"  It has been AutoGen-ed  August 11, 2012 at 08:57:44 PM by AutoGen 5.16.2
+.\"  From the definitions    ntp.conf.def
+.\"  and the template file   agman-cmd.tpl
+.\"
+.SH NAME
+ntp.conf \- Network Time Protocol (NTP) daemon configuration file format
+.SH SYNOPSIS
+.B ntp.conf
+.\" Long options only
+.RB [ \-\-\fIopt\-name\fP [ = "| ] \fIvalue\fP]]..."
+.PP
+All arguments must be options.
+.PP
+.SH DESCRIPTION
+The
+.B XXX Program Name
+configuration file is read at initial startup by the
+.Xr ntpd @NTPD_MS@
+daemon in order to specify the synchronization sources,
+modes and other related information.
+Usually, it is installed in the
+.Pa /etc
+directory,
+but could be installed elsewhere
+(see the daemon's
+c
+command line option).
+.PP
+The file format is similar to other
+.Ux
+configuration files.
+Comments begin with a
+.Ql #
+character and extend to the end of the line;
+blank lines are ignored.
+Configuration commands consist of an initial keyword
+followed by a list of arguments,
+some of which may be optional, separated by whitespace.
+Commands may not be continued over multiple lines.
+Arguments may be host names,
+host addresses written in numeric, dotted-quad form,
+integers, floating point numbers (when specifying times in seconds)
+and text strings.
+.PP
+The rest of this page describes the configuration and control options.
+The
+.Qq Notes on Configuring NTP and Setting up a NTP Subnet
+page
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp )
+contains an extended discussion of these options.
+In addition to the discussion of general
+.Sx Configuration Options ,
+there are sections describing the following supported functionality
+and the options used to control it:
+.in +4
+.ti -4
+\fB*\fP
+
+.Sx Authentication Support
+.ti -4
+\fB*\fP
+
+.Sx Monitoring Support
+.ti -4
+\fB*\fP
+
+.Sx Access Control Support
+.ti -4
+\fB*\fP
+
+.Sx Automatic NTP Configuration Options
+.ti -4
+\fB*\fP
+
+.Sx Reference Clock Support
+.ti -4
+\fB*\fP
+
+.Sx Miscellaneous Options
+.in -4
+.PP
+Following these is a section describing
+.Sx Miscellaneous Options .
+While there is a rich set of options available,
+the only required option is one or more
+.Ic server ,
+.Ic peer ,
+.Ic broadcast
+or
+.Ic manycastclient
+commands.
+.SH Configuration Support
+Following is a description of the configuration commands in
+NTPv4.
+These commands have the same basic functions as in NTPv3 and
+in some cases new functions and new arguments.
+There are two
+classes of commands, configuration commands that configure a
+persistent association with a remote server or peer or reference
+clock, and auxiliary commands that specify environmental variables
+that control various related operations.
+.SS Configuration Commands
+The various modes are determined by the command keyword and the
+type of the required IP address.
+Addresses are classed by type as
+(s) a remote server or peer (IPv4 class A, B and C), (b) the
+broadcast address of a local interface, (m) a multicast address (IPv4
+class D), or (r) a reference clock address (127.127.x.x).
+Note that
+only those options applicable to each command are listed below.
+Use
+of options not listed may not be caught as an error, but may result
+in some weird and even destructive behavior.
+.PP
+If the Basic Socket Interface Extensions for IPv6 (RFC-2553)
+is detected, support for the IPv6 address family is generated
+in addition to the default support of the IPv4 address family.
+In a few cases, including the reslist billboard generated
+by ntpdc, IPv6 addresses are automatically generated.
+IPv6 addresses can be identified by the presence of colons
+.Dq \&:
+in the address field.
+IPv6 addresses can be used almost everywhere where
+IPv4 addresses can be used,
+with the exception of reference clock addresses,
+which are always IPv4.
+.PP
+Note that in contexts where a host name is expected, a
+4
+qualifier preceding
+the host name forces DNS resolution to the IPv4 namespace,
+while a
+6
+qualifier forces DNS resolution to the IPv6 namespace.
+See IPv6 references for the
+equivalent classes for that address family.
+.TP
+.BR Xo Ic server Ar address
+[ "\fIkey\fR" "\fIkey\fR" \&| "\fIautokey\fR" ]
+[ "\fIburst\fR" ]
+[ "\fIiburst\fR" ]
+[ "\fIversion\fR" "\fIversion\fR" ]
+[ "\fIprefer\fR" ]
+[ "\fIminpoll\fR" "\fIminpoll\fR" ]
+[ "\fImaxpoll\fR" "\fImaxpoll\fR" ]
+.Xc
+.TP
+.BR Xo Ic peer Ar address
+[ "\fIkey\fR" "\fIkey\fR" \&| "\fIautokey\fR" ]
+[ "\fIversion\fR" "\fIversion\fR" ]
+[ "\fIprefer\fR" ]
+[ "\fIminpoll\fR" "\fIminpoll\fR" ]
+[ "\fImaxpoll\fR" "\fImaxpoll\fR" ]
+.Xc
+.TP
+.BR Xo Ic broadcast Ar address
+[ "\fIkey\fR" "\fIkey\fR" \&| "\fIautokey\fR" ]
+[ "\fIversion\fR" "\fIversion\fR" ]
+[ "\fIprefer\fR" ]
+[ "\fIminpoll\fR" "\fIminpoll\fR" ]
+[ "\fIttl\fR" "\fIttl\fR" ]
+.Xc
+.TP
+.BR Xo Ic manycastclient Ar address
+[ "\fIkey\fR" "\fIkey\fR" \&| "\fIautokey\fR" ]
+[ "\fIversion\fR" "\fIversion\fR" ]
+[ "\fIprefer\fR" ]
+[ "\fIminpoll\fR" "\fIminpoll\fR" ]
+[ "\fImaxpoll\fR" "\fImaxpoll\fR" ]
+[ "\fIttl\fR" "\fIttl\fR" ]
+.Xc
+.PP
+These four commands specify the time server name or address to
+be used and the mode in which to operate.
+The
+\fIaddress\fR
+can be
+either a DNS name or an IP address in dotted-quad notation.
+Additional information on association behavior can be found in the
+.Qq Association Management
+page
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp ) .
+.TP
+.BR Ic server
+For type s and r addresses, this command mobilizes a persistent
+client mode association with the specified remote server or local
+radio clock.
+In this mode the local clock can synchronized to the
+remote server, but the remote server can never be synchronized to
+the local clock.
+This command should
+.I not
+be used for type
+b or m addresses.
+.TP
+.BR Ic peer
+For type s addresses (only), this command mobilizes a
+persistent symmetric-active mode association with the specified
+remote peer.
+In this mode the local clock can be synchronized to
+the remote peer or the remote peer can be synchronized to the local
+clock.
+This is useful in a network of servers where, depending on
+various failure scenarios, either the local or remote peer may be
+the better source of time.
+This command should NOT be used for type
+b, m or r addresses.
+.TP
+.BR Ic broadcast
+For type b and m addresses (only), this
+command mobilizes a persistent broadcast mode association.
+Multiple
+commands can be used to specify multiple local broadcast interfaces
+(subnets) and/or multiple multicast groups.
+Note that local
+broadcast messages go only to the interface associated with the
+subnet specified, but multicast messages go to all interfaces.
+In broadcast mode the local server sends periodic broadcast
+messages to a client population at the
+\fIaddress\fR
+specified, which is usually the broadcast address on (one of) the
+local network(s) or a multicast address assigned to NTP.
+The IANA
+has assigned the multicast group address IPv4 224.0.1.1 and
+IPv6 ff05::101 (site local) exclusively to
+NTP, but other nonconflicting addresses can be used to contain the
+messages within administrative boundaries.
+Ordinarily, this
+specification applies only to the local server operating as a
+sender; for operation as a broadcast client, see the
+.Ic broadcastclient
+or
+.Ic multicastclient
+commands
+below.
+.TP
+.BR Ic manycastclient
+For type m addresses (only), this command mobilizes a
+manycast client mode association for the multicast address
+specified.
+In this case a specific address must be supplied which
+matches the address used on the
+.Ic manycastserver
+command for
+the designated manycast servers.
+The NTP multicast address
+224.0.1.1 assigned by the IANA should NOT be used, unless specific
+means are taken to avoid spraying large areas of the Internet with
+these messages and causing a possibly massive implosion of replies
+at the sender.
+The
+.Ic manycastserver
+command specifies that the local server
+is to operate in client mode with the remote servers that are
+discovered as the result of broadcast/multicast messages.
+The
+client broadcasts a request message to the group address associated
+with the specified
+\fIaddress\fR
+and specifically enabled
+servers respond to these messages.
+The client selects the servers
+providing the best time and continues as with the
+.Ic server
+command.
+The remaining servers are discarded as if never
+heard.
+.PP
+Options:
+.TP
+.BR Cm autokey
+All packets sent to and received from the server or peer are to
+include authentication fields encrypted using the autokey scheme
+described in
+.Sx Authentication Options .
+.TP
+.BR Cm burst
+when the server is reachable, send a burst of eight packets
+instead of the usual one.
+The packet spacing is normally 2 s;
+however, the spacing between the first and second packets
+can be changed with the calldelay command to allow
+additional time for a modem or ISDN call to complete.
+This is designed to improve timekeeping quality
+with the
+.Ic server
+command and s addresses.
+.TP
+.BR Cm iburst
+When the server is unreachable, send a burst of eight packets
+instead of the usual one.
+The packet spacing is normally 2 s;
+however, the spacing between the first two packets can be
+changed with the calldelay command to allow
+additional time for a modem or ISDN call to complete.
+This is designed to speed the initial synchronization
+acquisition with the
+.Ic server
+command and s addresses and when
+.Xr ntpd @NTPD_MS@
+is started with the
+q
+option.
+.TP
+.BR Cm key Ar key
+All packets sent to and received from the server or peer are to
+include authentication fields encrypted using the specified
+\fIkey\fR
+identifier with values from 1 to 65534, inclusive.
+The
+default is to include no encryption field.
+.TP
+.BR Cm minpoll Ar minpoll
+.TP
+.BR Cm maxpoll Ar maxpoll
+These options specify the minimum and maximum poll intervals
+for NTP messages, as a power of 2 in seconds
+The maximum poll
+interval defaults to 10 (1,024 s), but can be increased by the
+.Cm maxpoll
+option to an upper limit of 17 (36.4 h).
+The
+minimum poll interval defaults to 6 (64 s), but can be decreased by
+the
+.Cm minpoll
+option to a lower limit of 4 (16 s).
+.TP
+.BR Cm noselect
+Marks the server as unused, except for display purposes.
+The server is discarded by the selection algroithm.
+.TP
+.BR Cm prefer
+Marks the server as preferred.
+All other things being equal,
+this host will be chosen for synchronization among a set of
+correctly operating hosts.
+See the
+.Qq Mitigation Rules and the prefer Keyword
+page
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp )
+for further information.
+.TP
+.BR Cm ttl Ar ttl
+This option is used only with broadcast server and manycast
+client modes.
+It specifies the time-to-live
+\fIttl\fR
+to
+use on broadcast server and multicast server and the maximum
+\fIttl\fR
+for the expanding ring search with manycast
+client packets.
+Selection of the proper value, which defaults to
+127, is something of a black art and should be coordinated with the
+network administrator.
+.TP
+.BR Cm version Ar version
+Specifies the version number to be used for outgoing NTP
+packets.
+Versions 1-4 are the choices, with version 4 the
+default.
+.SS Auxiliary Commands
+.TP
+.BR Ic broadcastclient
+This command enables reception of broadcast server messages to
+any local interface (type b) address.
+Upon receiving a message for
+the first time, the broadcast client measures the nominal server
+propagation delay using a brief client/server exchange with the
+server, then enters the broadcast client mode, in which it
+synchronizes to succeeding broadcast messages.
+Note that, in order
+to avoid accidental or malicious disruption in this mode, both the
+server and client should operate using symmetric-key or public-key
+authentication as described in
+.Sx Authentication Options .
+.TP
+.BR Ic manycastserver Ar address ...
+This command enables reception of manycast client messages to
+the multicast group address(es) (type m) specified.
+At least one
+address is required, but the NTP multicast address 224.0.1.1
+assigned by the IANA should NOT be used, unless specific means are
+taken to limit the span of the reply and avoid a possibly massive
+implosion at the original sender.
+Note that, in order to avoid
+accidental or malicious disruption in this mode, both the server
+and client should operate using symmetric-key or public-key
+authentication as described in
+.Sx Authentication Options .
+.TP
+.BR Ic multicastclient Ar address ...
+This command enables reception of multicast server messages to
+the multicast group address(es) (type m) specified.
+Upon receiving
+a message for the first time, the multicast client measures the
+nominal server propagation delay using a brief client/server
+exchange with the server, then enters the broadcast client mode, in
+which it synchronizes to succeeding multicast messages.
+Note that,
+in order to avoid accidental or malicious disruption in this mode,
+both the server and client should operate using symmetric-key or
+public-key authentication as described in
+.Sx Authentication Options .
+.SH Authentication Support
+Authentication support allows the NTP client to verify that the
+server is in fact known and trusted and not an intruder intending
+accidentally or on purpose to masquerade as that server.
+The NTPv3
+specification RFC-1305 defines a scheme which provides
+cryptographic authentication of received NTP packets.
+Originally,
+this was done using the Data Encryption Standard (DES) algorithm
+operating in Cipher Block Chaining (CBC) mode, commonly called
+DES-CBC.
+Subsequently, this was replaced by the RSA Message Digest
+5 (MD5) algorithm using a private key, commonly called keyed-MD5.
+Either algorithm computes a message digest, or one-way hash, which
+can be used to verify the server has the correct private key and
+key identifier.
+.PP
+NTPv4 retains the NTPv3 scheme, properly described as symmetric key
+cryptography and, in addition, provides a new Autokey scheme
+based on public key cryptography.
+Public key cryptography is generally considered more secure
+than symmetric key cryptography, since the security is based
+on a private value which is generated by each server and
+never revealed.
+With Autokey all key distribution and
+management functions involve only public values, which
+considerably simplifies key distribution and storage.
+Public key management is based on X.509 certificates,
+which can be provided by commercial services or
+produced by utility programs in the OpenSSL software library
+or the NTPv4 distribution.
+.PP
+While the algorithms for symmetric key cryptography are
+included in the NTPv4 distribution, public key cryptography
+requires the OpenSSL software library to be installed
+before building the NTP distribution.
+Directions for doing that
+are on the Building and Installing the Distribution page.
+.PP
+Authentication is configured separately for each association
+using the
+.Cm key
+or
+.Cm autokey
+subcommand on the
+.Ic peer ,
+.Ic server ,
+.Ic broadcast
+and
+.Ic manycastclient
+configuration commands as described in
+.Sx Configuration Options
+page.
+The authentication
+options described below specify the locations of the key files,
+if other than default, which symmetric keys are trusted
+and the interval between various operations, if other than default.
+.PP
+Authentication is always enabled,
+although ineffective if not configured as
+described below.
+If a NTP packet arrives
+including a message authentication
+code (MAC), it is accepted only if it
+passes all cryptographic checks.
+The
+checks require correct key ID, key value
+and message digest.
+If the packet has
+been modified in any way or replayed
+by an intruder, it will fail one or more
+of these checks and be discarded.
+Furthermore, the Autokey scheme requires a
+preliminary protocol exchange to obtain
+the server certificate, verify its
+credentials and initialize the protocol
+.PP
+The
+.Cm auth
+flag controls whether new associations or
+remote configuration commands require cryptographic authentication.
+This flag can be set or reset by the
+.Ic enable
+and
+.Ic disable
+commands and also by remote
+configuration commands sent by a
+.Xr ntpdc @NTPDC_MS@
+program running in
+another machine.
+If this flag is enabled, which is the default
+case, new broadcast client and symmetric passive associations and
+remote configuration commands must be cryptographically
+authenticated using either symmetric key or public key cryptography.
+If this
+flag is disabled, these operations are effective
+even if not cryptographic
+authenticated.
+It should be understood
+that operating with the
+.Ic auth
+flag disabled invites a significant vulnerability
+where a rogue hacker can
+masquerade as a falseticker and seriously
+disrupt system timekeeping.
+It is
+important to note that this flag has no purpose
+other than to allow or disallow
+a new association in response to new broadcast
+and symmetric active messages
+and remote configuration commands and, in particular,
+the flag has no effect on
+the authentication process itself.
+.PP
+An attractive alternative where multicast support is available
+is manycast mode, in which clients periodically troll
+for servers as described in the
+.Sx Automatic NTP Configuration Options
+page.
+Either symmetric key or public key
+cryptographic authentication can be used in this mode.
+The principle advantage
+of manycast mode is that potential servers need not be
+configured in advance,
+since the client finds them during regular operation,
+and the configuration
+files for all clients can be identical.
+.PP
+The security model and protocol schemes for
+both symmetric key and public key
+cryptography are summarized below;
+further details are in the briefings, papers
+and reports at the NTP project page linked from
+.Li http://www.ntp.org/ .
+.SS Symmetric-Key Cryptography
+The original RFC-1305 specification allows any one of possibly
+65,534 keys, each distinguished by a 32-bit key identifier, to
+authenticate an association.
+The servers and clients involved must
+agree on the key and key identifier to
+authenticate NTP packets.
+Keys and
+related information are specified in a key
+file, usually called
+.Pa ntp.keys ,
+which must be distributed and stored using
+secure means beyond the scope of the NTP protocol itself.
+Besides the keys used
+for ordinary NTP associations,
+additional keys can be used as passwords for the
+.Xr ntpq @NTPQ_MS@
+and
+.Xr ntpdc @NTPDC_MS@
+utility programs.
+.PP
+When
+.Xr ntpd @NTPD_MS@
+is first started, it reads the key file specified in the
+.Ic keys
+configuration command and installs the keys
+in the key cache.
+However,
+individual keys must be activated with the
+.Ic trusted
+command before use.
+This
+allows, for instance, the installation of possibly
+several batches of keys and
+then activating or deactivating each batch
+remotely using
+.Xr ntpdc @NTPDC_MS@ .
+This also provides a revocation capability that can be used
+if a key becomes compromised.
+The
+.Ic requestkey
+command selects the key used as the password for the
+.Xr ntpdc @NTPDC_MS@
+utility, while the
+.Ic controlkey
+command selects the key used as the password for the
+.Xr ntpq @NTPQ_MS@
+utility.
+.SS Public Key Cryptography
+NTPv4 supports the original NTPv3 symmetric key scheme
+described in RFC-1305 and in addition the Autokey protocol,
+which is based on public key cryptography.
+The Autokey Version 2 protocol described on the Autokey Protocol
+page verifies packet integrity using MD5 message digests
+and verifies the source with digital signatures and any of several
+digest/signature schemes.
+Optional identity schemes described on the Identity Schemes
+page and based on cryptographic challenge/response algorithms
+are also available.
+Using all of these schemes provides strong security against
+replay with or without modification, spoofing, masquerade
+and most forms of clogging attacks.
+.\" .Pp
+.\" The cryptographic means necessary for all Autokey operations
+.\" is provided by the OpenSSL software library.
+.\" This library is available from http://www.openssl.org/
+.\" and can be installed using the procedures outlined
+.\" in the Building and Installing the Distribution page.
+.\" Once installed,
+.\" the configure and build
+.\" process automatically detects the library and links
+.\" the library routines required.
+.PP
+The Autokey protocol has several modes of operation
+corresponding to the various NTP modes supported.
+Most modes use a special cookie which can be
+computed independently by the client and server,
+but encrypted in transmission.
+All modes use in addition a variant of the S-KEY scheme,
+in which a pseudo-random key list is generated and used
+in reverse order.
+These schemes are described along with an executive summary,
+current status, briefing slides and reading list on the
+.Sx Autonomous Authentication
+page.
+.PP
+The specific cryptographic environment used by Autokey servers
+and clients is determined by a set of files
+and soft links generated by the
+.Xr ntp-keygen 1ntpkeygenmdoc
+program.
+This includes a required host key file,
+required certificate file and optional sign key file,
+leapsecond file and identity scheme files.
+The
+digest/signature scheme is specified in the X.509 certificate
+along with the matching sign key.
+There are several schemes
+available in the OpenSSL software library, each identified
+by a specific string such as
+.Cm md5WithRSAEncryption ,
+which stands for the MD5 message digest with RSA
+encryption scheme.
+The current NTP distribution supports
+all the schemes in the OpenSSL library, including
+those based on RSA and DSA digital signatures.
+.PP
+NTP secure groups can be used to define cryptographic compartments
+and security hierarchies.
+It is important that every host
+in the group be able to construct a certificate trail to one
+or more trusted hosts in the same group.
+Each group
+host runs the Autokey protocol to obtain the certificates
+for all hosts along the trail to one or more trusted hosts.
+This requires the configuration file in all hosts to be
+engineered so that, even under anticipated failure conditions,
+the NTP subnet will form such that every group host can find
+a trail to at least one trusted host.
+.SS Naming and Addressing
+It is important to note that Autokey does not use DNS to
+resolve addresses, since DNS can't be completely trusted
+until the name servers have synchronized clocks.
+The cryptographic name used by Autokey to bind the host identity
+credentials and cryptographic values must be independent
+of interface, network and any other naming convention.
+The name appears in the host certificate in either or both
+the subject and issuer fields, so protection against
+DNS compromise is essential.
+.PP
+By convention, the name of an Autokey host is the name returned
+by the Unix
+.Xr gethostname 2
+system call or equivalent in other systems.
+By the system design
+model, there are no provisions to allow alternate names or aliases.
+However, this is not to say that DNS aliases, different names
+for each interface, etc., are constrained in any way.
+.PP
+It is also important to note that Autokey verifies authenticity
+using the host name, network address and public keys,
+all of which are bound together by the protocol specifically
+to deflect masquerade attacks.
+For this reason Autokey
+includes the source and destinatino IP addresses in message digest
+computations and so the same addresses must be available
+at both the server and client.
+For this reason operation
+with network address translation schemes is not possible.
+This reflects the intended robust security model where government
+and corporate NTP servers are operated outside firewall perimeters.
+.SS Operation
+A specific combination of authentication scheme (none,
+symmetric key, public key) and identity scheme is called
+a cryptotype, although not all combinations are compatible.
+There may be management configurations where the clients,
+servers and peers may not all support the same cryptotypes.
+A secure NTPv4 subnet can be configured in many ways while
+keeping in mind the principles explained above and
+in this section.
+Note however that some cryptotype
+combinations may successfully interoperate with each other,
+but may not represent good security practice.
+.PP
+The cryptotype of an association is determined at the time
+of mobilization, either at configuration time or some time
+later when a message of appropriate cryptotype arrives.
+When mobilized by a
+.Ic server
+or
+.Ic peer
+configuration command and no
+.Ic key
+or
+.Ic autokey
+subcommands are present, the association is not
+authenticated; if the
+.Ic key
+subcommand is present, the association is authenticated
+using the symmetric key ID specified; if the
+.Ic autokey
+subcommand is present, the association is authenticated
+using Autokey.
+.PP
+When multiple identity schemes are supported in the Autokey
+protocol, the first message exchange determines which one is used.
+The client request message contains bits corresponding
+to which schemes it has available.
+The server response message
+contains bits corresponding to which schemes it has available.
+Both server and client match the received bits with their own
+and select a common scheme.
+.PP
+Following the principle that time is a public value,
+a server responds to any client packet that matches
+its cryptotype capabilities.
+Thus, a server receiving
+an unauthenticated packet will respond with an unauthenticated
+packet, while the same server receiving a packet of a cryptotype
+it supports will respond with packets of that cryptotype.
+However, unconfigured broadcast or manycast client
+associations or symmetric passive associations will not be
+mobilized unless the server supports a cryptotype compatible
+with the first packet received.
+By default, unauthenticated associations will not be mobilized
+unless overridden in a decidedly dangerous way.
+.PP
+Some examples may help to reduce confusion.
+Client Alice has no specific cryptotype selected.
+Server Bob has both a symmetric key file and minimal Autokey files.
+Alice's unauthenticated messages arrive at Bob, who replies with
+unauthenticated messages.
+Cathy has a copy of Bob's symmetric
+key file and has selected key ID 4 in messages to Bob.
+Bob verifies the message with his key ID 4.
+If it's the
+same key and the message is verified, Bob sends Cathy a reply
+authenticated with that key.
+If verification fails,
+Bob sends Cathy a thing called a crypto-NAK, which tells her
+something broke.
+She can see the evidence using the ntpq program.
+.PP
+Denise has rolled her own host key and certificate.
+She also uses one of the identity schemes as Bob.
+She sends the first Autokey message to Bob and they
+both dance the protocol authentication and identity steps.
+If all comes out okay, Denise and Bob continue as described above.
+.PP
+It should be clear from the above that Bob can support
+all the girls at the same time, as long as he has compatible
+authentication and identity credentials.
+Now, Bob can act just like the girls in his own choice of servers;
+he can run multiple configured associations with multiple different
+servers (or the same server, although that might not be useful).
+But, wise security policy might preclude some cryptotype
+combinations; for instance, running an identity scheme
+with one server and no authentication with another might not be wise.
+.SS Key Management
+The cryptographic values used by the Autokey protocol are
+incorporated as a set of files generated by the
+.Xr ntp-keygen 1ntpkeygenmdoc
+utility program, including symmetric key, host key and
+public certificate files, as well as sign key, identity parameters
+and leapseconds files.
+Alternatively, host and sign keys and
+certificate files can be generated by the OpenSSL utilities
+and certificates can be imported from public certificate
+authorities.
+Note that symmetric keys are necessary for the
+.Xr ntpq @NTPQ_MS@
+and
+.Xr ntpdc @NTPDC_MS@
+utility programs.
+The remaining files are necessary only for the
+Autokey protocol.
+.PP
+Certificates imported from OpenSSL or public certificate
+authorities have certian limitations.
+The certificate should be in ASN.1 syntax, X.509 Version 3
+format and encoded in PEM, which is the same format
+used by OpenSSL.
+The overall length of the certificate encoded
+in ASN.1 must not exceed 1024 bytes.
+The subject distinguished
+name field (CN) is the fully qualified name of the host
+on which it is used; the remaining subject fields are ignored.
+The certificate extension fields must not contain either
+a subject key identifier or a issuer key identifier field;
+however, an extended key usage field for a trusted host must
+contain the value
+.Cm trustRoot ; .
+Other extension fields are ignored.
+.SS Authentication Commands
+.TP
+.BR Ic autokey Op Ar logsec
+Specifies the interval between regenerations of the session key
+list used with the Autokey protocol.
+Note that the size of the key
+list for each association depends on this interval and the current
+poll interval.
+The default value is 12 (4096 s or about 1.1 hours).
+For poll intervals above the specified interval, a session key list
+with a single entry will be regenerated for every message
+sent.
+.TP
+.BR Ic controlkey Ar key
+Specifies the key identifier to use with the
+.Xr ntpq @NTPQ_MS@
+utility, which uses the standard
+protocol defined in RFC-1305.
+The
+\fIkey\fR
+argument is
+the key identifier for a trusted key, where the value can be in the
+range 1 to 65,534, inclusive.
+.TP
+.BR Xo Ic crypto
+[ "\fIcert\fR" "\fIfile\fR" ]
+[ "\fIleap\fR" "\fIfile\fR" ]
+[ "\fIrandfile\fR" "\fIfile\fR" ]
+[ "\fIhost\fR" "\fIfile\fR" ]
+[ "\fIsign\fR" "\fIfile\fR" ]
+[ "\fIgq\fR" "\fIfile\fR" ]
+[ "\fIgqpar\fR" "\fIfile\fR" ]
+[ "\fIiffpar\fR" "\fIfile\fR" ]
+[ "\fImvpar\fR" "\fIfile\fR" ]
+[ "\fIpw\fR" "\fIpassword\fR" ]
+.Xc
+This command requires the OpenSSL library.
+It activates public key
+cryptography, selects the message digest and signature
+encryption scheme and loads the required private and public
+values described above.
+If one or more files are left unspecified,
+the default names are used as described above.
+Unless the complete path and name of the file are specified, the
+location of a file is relative to the keys directory specified
+in the
+.Ic keysdir
+command or default
+.Pa /usr/local/etc .
+Following are the subcommands:
+.in +4
+.ti -4
+.IR Cm cert Ar file
+Specifies the location of the required host public certificate file.
+This overrides the link
+.Pa ntpkey_cert_ Ns Ar hostname
+in the keys directory.
+.ti -4
+.IR Cm gqpar Ar file
+Specifies the location of the optional GQ parameters file.
+This
+overrides the link
+.Pa ntpkey_gq_ Ns Ar hostname
+in the keys directory.
+.ti -4
+.IR Cm host Ar file
+Specifies the location of the required host key file.
+This overrides
+the link
+.Pa ntpkey_key_ Ns Ar hostname
+in the keys directory.
+.ti -4
+.IR Cm iffpar Ar file
+Specifies the location of the optional IFF parameters file.This
+overrides the link
+.Pa ntpkey_iff_ Ns Ar hostname
+in the keys directory.
+.ti -4
+.IR Cm leap Ar file
+Specifies the location of the optional leapsecond file.
+This overrides the link
+.Pa ntpkey_leap
+in the keys directory.
+.ti -4
+.IR Cm mvpar Ar file
+Specifies the location of the optional MV parameters file.
+This
+overrides the link
+.Pa ntpkey_mv_ Ns Ar hostname
+in the keys directory.
+.ti -4
+.IR Cm pw Ar password
+Specifies the password to decrypt files containing private keys and
+identity parameters.
+This is required only if these files have been
+encrypted.
+.ti -4
+.IR Cm randfile Ar file
+Specifies the location of the random seed file used by the OpenSSL
+library.
+The defaults are described in the main text above.
+.ti -4
+.IR Cm sign Ar file
+Specifies the location of the optional sign key file.
+This overrides
+the link
+.Pa ntpkey_sign_ Ns Ar hostname
+in the keys directory.
+If this file is
+not found, the host key is also the sign key.
+.in -4
+.TP
+.BR Ic keys Ar keyfile
+Specifies the complete path and location of the MD5 key file
+containing the keys and key identifiers used by
+.Xr ntpd @NTPD_MS@ ,
+.Xr ntpq @NTPQ_MS@
+and
+.Xr ntpdc @NTPDC_MS@
+when operating with symmetric key cryptography.
+This is the same operation as the
+k
+command line option.
+.TP
+.BR Ic keysdir Ar path
+This command specifies the default directory path for
+cryptographic keys, parameters and certificates.
+The default is
+.Pa /usr/local/etc/ .
+.TP
+.BR Ic requestkey Ar key
+Specifies the key identifier to use with the
+.Xr ntpdc @NTPDC_MS@
+utility program, which uses a
+proprietary protocol specific to this implementation of
+.Xr ntpd @NTPD_MS@ .
+The
+\fIkey\fR
+argument is a key identifier
+for the trusted key, where the value can be in the range 1 to
+65,534, inclusive.
+.TP
+.BR Ic revoke Ar logsec
+Specifies the interval between re-randomization of certain
+cryptographic values used by the Autokey scheme, as a power of 2 in
+seconds.
+These values need to be updated frequently in order to
+deflect brute-force attacks on the algorithms of the scheme;
+however, updating some values is a relatively expensive operation.
+The default interval is 16 (65,536 s or about 18 hours).
+For poll
+intervals above the specified interval, the values will be updated
+for every message sent.
+.TP
+.BR Ic trustedkey Ar key ...
+Specifies the key identifiers which are trusted for the
+purposes of authenticating peers with symmetric key cryptography,
+as well as keys used by the
+.Xr ntpq @NTPQ_MS@
+and
+.Xr ntpdc @NTPDC_MS@
+programs.
+The authentication procedures require that both the local
+and remote servers share the same key and key identifier for this
+purpose, although different keys can be used with different
+servers.
+The
+\fIkey\fR
+arguments are 32-bit unsigned
+integers with values from 1 to 65,534.
+.SS Error Codes
+The following error codes are reported via the NTP control
+and monitoring protocol trap mechanism.
+.TP
+.BR 101
+.Pq bad field format or length
+The packet has invalid version, length or format.
+.TP
+.BR 102
+.Pq bad timestamp
+The packet timestamp is the same or older than the most recent received.
+This could be due to a replay or a server clock time step.
+.TP
+.BR 103
+.Pq bad filestamp
+The packet filestamp is the same or older than the most recent received.
+This could be due to a replay or a key file generation error.
+.TP
+.BR 104
+.Pq bad or missing public key
+The public key is missing, has incorrect format or is an unsupported type.
+.TP
+.BR 105
+.Pq unsupported digest type
+The server requires an unsupported digest/signature scheme.
+.TP
+.BR 106
+.Pq mismatched digest types
+Not used.
+.TP
+.BR 107
+.Pq bad signature length
+The signature length does not match the current public key.
+.TP
+.BR 108
+.Pq signature not verified
+The message fails the signature check.
+It could be bogus or signed by a
+different private key.
+.TP
+.BR 109
+.Pq certificate not verified
+The certificate is invalid or signed with the wrong key.
+.TP
+.BR 110
+.Pq certificate not verified
+The certificate is not yet valid or has expired or the signature could not
+be verified.
+.TP
+.BR 111
+.Pq bad or missing cookie
+The cookie is missing, corrupted or bogus.
+.TP
+.BR 112
+.Pq bad or missing leapseconds table
+The leapseconds table is missing, corrupted or bogus.
+.TP
+.BR 113
+.Pq bad or missing certificate
+The certificate is missing, corrupted or bogus.
+.TP
+.BR 114
+.Pq bad or missing identity
+The identity key is missing, corrupt or bogus.
+.SH Monitoring Support
+.Xr ntpd @NTPD_MS@
+includes a comprehensive monitoring facility suitable
+for continuous, long term recording of server and client
+timekeeping performance.
+See the
+.Ic statistics
+command below
+for a listing and example of each type of statistics currently
+supported.
+Statistic files are managed using file generation sets
+and scripts in the
+.Pa ./scripts
+directory of this distribution.
+Using
+these facilities and
+.Ux
+.Xr cron 8
+jobs, the data can be
+automatically summarized and archived for retrospective analysis.
+.SS Monitoring Commands
+.TP
+.BR Ic statistics Ar name ...
+Enables writing of statistics records.
+Currently, four kinds of
+\fIname\fR
+statistics are supported.
+.in +4
+.ti -4
+.IR Cm clockstats
+Enables recording of clock driver statistics information.
+Each update
+received from a clock driver appends a line of the following form to
+the file generation set named
+.Cm clockstats :
+.br
+.in +4
+.nf
+49213 525.624 127.127.4.1 93 226 00:08:29.606 D
+.in -4
+.fi
+.PP
+The first two fields show the date (Modified Julian Day) and time
+(seconds and fraction past UTC midnight).
+The next field shows the
+clock address in dotted-quad notation.
+The final field shows the last
+timecode received from the clock in decoded ASCII format, where
+meaningful.
+In some clock drivers a good deal of additional information
+can be gathered and displayed as well.
+See information specific to each
+clock for further details.
+.ti -4
+.IR Cm cryptostats
+This option requires the OpenSSL cryptographic software library.
+It
+enables recording of cryptographic public key protocol information.
+Each message received by the protocol module appends a line of the
+following form to the file generation set named
+.Cm cryptostats :
+.br
+.in +4
+.nf
+49213 525.624 127.127.4.1 message
+.in -4
+.fi
+.PP
+The first two fields show the date (Modified Julian Day) and time
+(seconds and fraction past UTC midnight).
+The next field shows the peer
+address in dotted-quad notation, The final message field includes the
+message type and certain ancillary information.
+See the
+.Sx Authentication Options
+section for further information.
+.ti -4
+.IR Cm loopstats
+Enables recording of loop filter statistics information.
+Each
+update of the local clock outputs a line of the following form to
+the file generation set named
+.Cm loopstats :
+.br
+.in +4
+.nf
+50935 75440.031 0.000006019 13.778190 0.000351733 0.0133806
+.in -4
+.fi
+.PP
+The first two fields show the date (Modified Julian Day) and
+time (seconds and fraction past UTC midnight).
+The next five fields
+show time offset (seconds), frequency offset (parts per million -
+PPM), RMS jitter (seconds), Allan deviation (PPM) and clock
+discipline time constant.
+.ti -4
+.IR Cm peerstats
+Enables recording of peer statistics information.
+This includes
+statistics records of all peers of a NTP server and of special
+signals, where present and configured.
+Each valid update appends a
+line of the following form to the current element of a file
+generation set named
+.Cm peerstats :
+.br
+.in +4
+.nf
+48773 10847.650 127.127.4.1 9714 -0.001605376 0.000000000 0.001424877 0.000958674
+.in -4
+.fi
+.PP
+The first two fields show the date (Modified Julian Day) and
+time (seconds and fraction past UTC midnight).
+The next two fields
+show the peer address in dotted-quad notation and status,
+respectively.
+The status field is encoded in hex in the format
+described in Appendix A of the NTP specification RFC 1305.
+The final four fields show the offset,
+delay, dispersion and RMS jitter, all in seconds.
+.ti -4
+.IR Cm rawstats
+Enables recording of raw-timestamp statistics information.
+This
+includes statistics records of all peers of a NTP server and of
+special signals, where present and configured.
+Each NTP message
+received from a peer or clock driver appends a line of the
+following form to the file generation set named
+.Cm rawstats :
+.br
+.in +4
+.nf
+50928 2132.543 128.4.1.1 128.4.1.20 3102453281.584327000 3102453281.58622800031 02453332.540806000 3102453332.541458000
+.in -4
+.fi
+.PP
+The first two fields show the date (Modified Julian Day) and
+time (seconds and fraction past UTC midnight).
+The next two fields
+show the remote peer or clock address followed by the local address
+in dotted-quad notation.
+The final four fields show the originate,
+receive, transmit and final NTP timestamps in order.
+The timestamp
+values are as received and before processing by the various data
+smoothing and mitigation algorithms.
+.ti -4
+.IR Cm sysstats
+Enables recording of ntpd statistics counters on a periodic basis.
+Each
+hour a line of the following form is appended to the file generation
+set named
+.Cm sysstats :
+.br
+.in +4
+.nf
+50928 2132.543 36000 81965 0 9546 56 71793 512 540 10 147
+.in -4
+.fi
+.PP
+The first two fields show the date (Modified Julian Day) and time
+(seconds and fraction past UTC midnight).
+The remaining ten fields show
+the statistics counter values accumulated since the last generated
+line.
+.in +4
+.ti -4
+.IR Time since restart Cm 36000
+Time in hours since the system was last rebooted.
+.ti -4
+.IR Packets received Cm 81965
+Total number of packets received.
+.ti -4
+.IR Packets processed Cm 0
+Number of packets received in response to previous packets sent
+.ti -4
+.IR Current version Cm 9546
+Number of packets matching the current NTP version.
+.ti -4
+.IR Previous version Cm 56
+Number of packets matching the previous NTP version.
+.ti -4
+.IR Bad version Cm 71793
+Number of packets matching neither NTP version.
+.ti -4
+.IR Access denied Cm 512
+Number of packets denied access for any reason.
+.ti -4
+.IR Bad length or format Cm 540
+Number of packets with invalid length, format or port number.
+.ti -4
+.IR Bad authentication Cm 10
+Number of packets not verified as authentic.
+.ti -4
+.IR Rate exceeded Cm 147
+Number of packets discarded due to rate limitation.
+.in -4
+.ti -4
+.IR Cm statsdir Ar directory_path
+Indicates the full path of a directory where statistics files
+should be created (see below).
+This keyword allows
+the (otherwise constant)
+.Cm filegen
+filename prefix to be modified for file generation sets, which
+is useful for handling statistics logs.
+.ti -4
+.IR Cm filegen Ar name Xo
+[ "\fIfile\fR" "\fIfilename\fR" ]
+[ "\fItype\fR" "\fItypename\fR" ]
+[ "\fIlink\fR" | nolink ]
+[ "\fIenable\fR" | disable ]
+.Xc
+Configures setting of generation file set name.
+Generation
+file sets provide a means for handling files that are
+continuously growing during the lifetime of a server.
+Server statistics are a typical example for such files.
+Generation file sets provide access to a set of files used
+to store the actual data.
+At any time at most one element
+of the set is being written to.
+The type given specifies
+when and how data will be directed to a new element of the set.
+This way, information stored in elements of a file set
+that are currently unused are available for administrational
+operations without the risk of disturbing the operation of ntpd.
+(Most important: they can be removed to free space for new data
+produced.)
+.PP
+Note that this command can be sent from the
+.Xr ntpdc @NTPDC_MS@
+program running at a remote location.
+.in +4
+.ti -4
+.IR Cm name
+This is the type of the statistics records, as shown in the
+.Cm statistics
+command.
+.ti -4
+.IR Cm file Ar filename
+This is the file name for the statistics records.
+Filenames of set
+members are built from three concatenated elements
+\fICm prefix ,\fR
+\fICm filename\fR
+and
+\fICm suffix :\fR
+.in +4
+.ti -4
+.IR Cm prefix
+This is a constant filename path.
+It is not subject to
+modifications via the
+\fIfilegen\fR
+option.
+It is defined by the
+server, usually specified as a compile-time constant.
+It may,
+however, be configurable for individual file generation sets
+via other commands.
+For example, the prefix used with
+\fIloopstats\fR
+and
+\fIpeerstats\fR
+generation can be configured using the
+\fIstatsdir\fR
+option explained above.
+.ti -4
+.IR Cm filename
+This string is directly concatenated to the prefix mentioned
+above (no intervening
+.Ql / ) .
+This can be modified using
+the file argument to the
+\fIfilegen\fR
+statement.
+No
+.Pa ..
+elements are
+allowed in this component to prevent filenames referring to
+parts outside the filesystem hierarchy denoted by
+\fIprefix .\fR
+.ti -4
+.IR Cm suffix
+This part is reflects individual elements of a file set.
+It is
+generated according to the type of a file set.
+.in -4
+.ti -4
+.IR Cm type Ar typename
+A file generation set is characterized by its type.
+The following
+types are supported:
+.in +4
+.ti -4
+.IR Cm none
+The file set is actually a single plain file.
+.ti -4
+.IR Cm pid
+One element of file set is used per incarnation of a ntpd
+server.
+This type does not perform any changes to file set
+members during runtime, however it provides an easy way of
+separating files belonging to different
+.Xr ntpd @NTPD_MS@
+server incarnations.
+The set member filename is built by appending a
+.Ql \&.
+to concatenated
+\fIprefix\fR
+and
+\fIfilename\fR
+strings, and
+appending the decimal representation of the process ID of the
+.Xr ntpd @NTPD_MS@
+server process.
+.ti -4
+.IR Cm day
+One file generation set element is created per day.
+A day is
+defined as the period between 00:00 and 24:00 UTC.
+The file set
+member suffix consists of a
+.Ql \&.
+and a day specification in
+the form
+.Cm YYYYMMdd .
+.Cm YYYY
+is a 4-digit year number (e.g., 1992).
+.Cm MM
+is a two digit month number.
+.Cm dd
+is a two digit day number.
+Thus, all information written at 10 December 1992 would end up
+in a file named
+\fIprefix\fR
+\fIfilename Ns .19921210 .\fR
+.ti -4
+.IR Cm week
+Any file set member contains data related to a certain week of
+a year.
+The term week is defined by computing day-of-year
+modulo 7.
+Elements of such a file generation set are
+distinguished by appending the following suffix to the file set
+filename base: A dot, a 4-digit year number, the letter
+.Cm W ,
+and a 2-digit week number.
+For example, information from January,
+10th 1992 would end up in a file with suffix
+.No . Ns Ar 1992W1 .
+.ti -4
+.IR Cm month
+One generation file set element is generated per month.
+The
+file name suffix consists of a dot, a 4-digit year number, and
+a 2-digit month.
+.ti -4
+.IR Cm year
+One generation file element is generated per year.
+The filename
+suffix consists of a dot and a 4 digit year number.
+.ti -4
+.IR Cm age
+This type of file generation sets changes to a new element of
+the file set every 24 hours of server operation.
+The filename
+suffix consists of a dot, the letter
+.Cm a ,
+and an 8-digit number.
+This number is taken to be the number of seconds the server is
+running at the start of the corresponding 24-hour period.
+Information is only written to a file generation by specifying
+.Cm enable ;
+output is prevented by specifying
+.Cm disable .
+.in -4
+.ti -4
+.IR Cm link | nolink
+It is convenient to be able to access the current element of a file
+generation set by a fixed name.
+This feature is enabled by
+specifying
+.Cm link
+and disabled using
+.Cm nolink .
+If link is specified, a
+hard link from the current file set element to a file without
+suffix is created.
+When there is already a file with this name and
+the number of links of this file is one, it is renamed appending a
+dot, the letter
+.Cm C ,
+and the pid of the ntpd server process.
+When the
+number of links is greater than one, the file is unlinked.
+This
+allows the current file to be accessed by a constant name.
+.ti -4
+.IR Cm enable \&| Cm disable
+Enables or disables the recording function.
+.in -4
+.in -4
+.SH Access Control Support
+The
+.Xr ntpd @NTPD_MS@
+daemon implements a general purpose address/mask based restriction
+list.
+The list contains address/match entries sorted first
+by increasing address values and and then by increasing mask values.
+A match occurs when the bitwise AND of the mask and the packet
+source address is equal to the bitwise AND of the mask and
+address in the list.
+The list is searched in order with the
+last match found defining the restriction flags associated
+with the entry.
+Additional information and examples can be found in the
+.Qq Notes on Configuring NTP and Setting up a NTP Subnet
+page
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp ) .
+.PP
+The restriction facility was implemented in conformance
+with the access policies for the original NSFnet backbone
+time servers.
+Later the facility was expanded to deflect
+cryptographic and clogging attacks.
+While this facility may
+be useful for keeping unwanted or broken or malicious clients
+from congesting innocent servers, it should not be considered
+an alternative to the NTP authentication facilities.
+Source address based restrictions are easily circumvented
+by a determined cracker.
+.PP
+Clients can be denied service because they are explicitly
+included in the restrict list created by the restrict command
+or implicitly as the result of cryptographic or rate limit
+violations.
+Cryptographic violations include certificate
+or identity verification failure; rate limit violations generally
+result from defective NTP implementations that send packets
+at abusive rates.
+Some violations cause denied service
+only for the offending packet, others cause denied service
+for a timed period and others cause the denied service for
+an indefinate period.
+When a client or network is denied access
+for an indefinate period, the only way at present to remove
+the restrictions is by restarting the server.
+.SS The Kiss-of-Death Packet
+Ordinarily, packets denied service are simply dropped with no
+further action except incrementing statistics counters.
+Sometimes a
+more proactive response is needed, such as a server message that
+explicitly requests the client to stop sending and leave a message
+for the system operator.
+A special packet format has been created
+for this purpose called the "kiss-of-death" (KoD) packet.
+KoD packets have the leap bits set unsynchronized and stratum set
+to zero and the reference identifier field set to a four-byte
+ASCII code.
+If the
+.Cm noserve
+or
+.Cm notrust
+flag of the matching restrict list entry is set,
+the code is "DENY"; if the
+.Cm limited
+flag is set and the rate limit
+is exceeded, the code is "RATE".
+Finally, if a cryptographic violation occurs, the code is "CRYP".
+.PP
+A client receiving a KoD performs a set of sanity checks to
+minimize security exposure, then updates the stratum and
+reference identifier peer variables, sets the access
+denied (TEST4) bit in the peer flash variable and sends
+a message to the log.
+As long as the TEST4 bit is set,
+the client will send no further packets to the server.
+The only way at present to recover from this condition is
+to restart the protocol at both the client and server.
+This
+happens automatically at the client when the association times out.
+It will happen at the server only if the server operator cooperates.
+.SS Access Control Commands
+.TP
+.BR Xo Ic discard
+[ "\fIaverage\fR" "\fIavg\fR" ]
+[ "\fIminimum\fR" "\fImin\fR" ]
+[ "\fImonitor\fR" "\fIprob\fR" ]
+.Xc
+Set the parameters of the
+.Cm limited
+facility which protects the server from
+client abuse.
+The
+.Cm average
+subcommand specifies the minimum average packet
+spacing, while the
+.Cm minimum
+subcommand specifies the minimum packet spacing.
+Packets that violate these minima are discarded
+and a kiss-o'-death packet returned if enabled.
+The default
+minimum average and minimum are 5 and 2, respectively.
+The monitor subcommand specifies the probability of discard
+for packets that overflow the rate-control window.
+.TP
+.BR Xo Ic restrict address
+[ "\fImask\fR" "\fImask\fR" ]
+[ "\fIflag\fR" ... ]
+.Xc
+The
+\fIaddress\fR
+argument expressed in
+dotted-quad form is the address of a host or network.
+Alternatively, the
+\fIaddress\fR
+argument can be a valid host DNS name.
+The
+\fImask\fR
+argument expressed in dotted-quad form defaults to
+.Cm 255.255.255.255 ,
+meaning that the
+\fIaddress\fR
+is treated as the address of an individual host.
+A default entry (address
+.Cm 0.0.0.0 ,
+mask
+.Cm 0.0.0.0 )
+is always included and is always the first entry in the list.
+Note that text string
+.Cm default ,
+with no mask option, may
+be used to indicate the default entry.
+In the current implementation,
+.Cm flag
+always
+restricts access, i.e., an entry with no flags indicates that free
+access to the server is to be given.
+The flags are not orthogonal,
+in that more restrictive flags will often make less restrictive
+ones redundant.
+The flags can generally be classed into two
+categories, those which restrict time service and those which
+restrict informational queries and attempts to do run-time
+reconfiguration of the server.
+One or more of the following flags
+may be specified:
+.in +4
+.ti -4
+.IR Cm ignore
+Deny packets of all kinds, including
+.Xr ntpq @NTPQ_MS@
+and
+.Xr ntpdc @NTPDC_MS@
+queries.
+.ti -4
+.IR Cm kod
+If this flag is set when an access violation occurs, a kiss-o'-death
+(KoD) packet is sent.
+KoD packets are rate limited to no more than one
+per second.
+If another KoD packet occurs within one second after the
+last one, the packet is dropped.
+.ti -4
+.IR Cm limited
+Deny service if the packet spacing violates the lower limits specified
+in the discard command.
+A history of clients is kept using the
+monitoring capability of
+.Xr ntpd @NTPD_MS@ .
+Thus, monitoring is always active as
+long as there is a restriction entry with the
+.Cm limited
+flag.
+.ti -4
+.IR Cm lowpriotrap
+Declare traps set by matching hosts to be low priority.
+The
+number of traps a server can maintain is limited (the current limit
+is 3).
+Traps are usually assigned on a first come, first served
+basis, with later trap requestors being denied service.
+This flag
+modifies the assignment algorithm by allowing low priority traps to
+be overridden by later requests for normal priority traps.
+.ti -4
+.IR Cm nomodify
+Deny
+.Xr ntpq @NTPQ_MS@
+and
+.Xr ntpdc @NTPDC_MS@
+queries which attempt to modify the state of the
+server (i.e., run time reconfiguration).
+Queries which return
+information are permitted.
+.ti -4
+.IR Cm noquery
+Deny
+.Xr ntpq @NTPQ_MS@
+and
+.Xr ntpdc @NTPDC_MS@
+queries.
+Time service is not affected.
+.ti -4
+.IR Cm nopeer
+Deny packets which would result in mobilizing a new association.
+This
+includes broadcast and symmetric active packets when a configured
+association does not exist.
+.ti -4
+.IR Cm noserve
+Deny all packets except
+.Xr ntpq @NTPQ_MS@
+and
+.Xr ntpdc @NTPDC_MS@
+queries.
+.ti -4
+.IR Cm notrap
+Decline to provide mode 6 control message trap service to matching
+hosts.
+The trap service is a subsystem of the ntpdq control message
+protocol which is intended for use by remote event logging programs.
+.ti -4
+.IR Cm notrust
+Deny service unless the packet is cryptographically authenticated.
+.ti -4
+.IR Cm ntpport
+This is actually a match algorithm modifier, rather than a
+restriction flag.
+Its presence causes the restriction entry to be
+matched only if the source port in the packet is the standard NTP
+UDP port (123).
+Both
+.Cm ntpport
+and
+.Cm non-ntpport
+may
+be specified.
+The
+.Cm ntpport
+is considered more specific and
+is sorted later in the list.
+.ti -4
+.IR Cm version
+Deny packets that do not match the current NTP version.
+.in -4
+.PP
+Default restriction list entries with the flags ignore, interface,
+ntpport, for each of the local host's interface addresses are
+inserted into the table at startup to prevent the server
+from attempting to synchronize to its own time.
+A default entry is also always present, though if it is
+otherwise unconfigured; no flags are associated
+with the default entry (i.e., everything besides your own
+NTP server is unrestricted).
+.SH Automatic NTP Configuration Options
+.SS Manycasting
+Manycasting is a automatic discovery and configuration paradigm
+new to NTPv4.
+It is intended as a means for a multicast client
+to troll the nearby network neighborhood to find cooperating
+manycast servers, validate them using cryptographic means
+and evaluate their time values with respect to other servers
+that might be lurking in the vicinity.
+The intended result is that each manycast client mobilizes
+client associations with some number of the "best"
+of the nearby manycast servers, yet automatically reconfigures
+to sustain this number of servers should one or another fail.
+.PP
+Note that the manycasting paradigm does not coincide
+with the anycast paradigm described in RFC-1546,
+which is designed to find a single server from a clique
+of servers providing the same service.
+The manycast paradigm is designed to find a plurality
+of redundant servers satisfying defined optimality criteria.
+.PP
+Manycasting can be used with either symmetric key
+or public key cryptography.
+The public key infrastructure (PKI)
+offers the best protection against compromised keys
+and is generally considered stronger, at least with relatively
+large key sizes.
+It is implemented using the Autokey protocol and
+the OpenSSL cryptographic library available from
+.Li http://www.openssl.org/ .
+The library can also be used with other NTPv4 modes
+as well and is highly recommended, especially for broadcast modes.
+.PP
+A persistent manycast client association is configured
+using the manycastclient command, which is similar to the
+server command but with a multicast (IPv4 class
+.Cm D
+or IPv6 prefix
+.Cm FF )
+group address.
+The IANA has designated IPv4 address 224.1.1.1
+and IPv6 address FF05::101 (site local) for NTP.
+When more servers are needed, it broadcasts manycast
+client messages to this address at the minimum feasible rate
+and minimum feasible time-to-live (TTL) hops, depending
+on how many servers have already been found.
+There can be as many manycast client associations
+as different group address, each one serving as a template
+for a future ephemeral unicast client/server association.
+.PP
+Manycast servers configured with the
+.Ic manycastserver
+command listen on the specified group address for manycast
+client messages.
+Note the distinction between manycast client,
+which actively broadcasts messages, and manycast server,
+which passively responds to them.
+If a manycast server is
+in scope of the current TTL and is itself synchronized
+to a valid source and operating at a stratum level equal
+to or lower than the manycast client, it replies to the
+manycast client message with an ordinary unicast server message.
+.PP
+The manycast client receiving this message mobilizes
+an ephemeral client/server association according to the
+matching manycast client template, but only if cryptographically
+authenticated and the server stratum is less than or equal
+to the client stratum.
+Authentication is explicitly required
+and either symmetric key or public key (Autokey) can be used.
+Then, the client polls the server at its unicast address
+in burst mode in order to reliably set the host clock
+and validate the source.
+This normally results
+in a volley of eight client/server at 2-s intervals
+during which both the synchronization and cryptographic
+protocols run concurrently.
+Following the volley,
+the client runs the NTP intersection and clustering
+algorithms, which act to discard all but the "best"
+associations according to stratum and synchronization
+distance.
+The surviving associations then continue
+in ordinary client/server mode.
+.PP
+The manycast client polling strategy is designed to reduce
+as much as possible the volume of manycast client messages
+and the effects of implosion due to near-simultaneous
+arrival of manycast server messages.
+The strategy is determined by the
+.Ic manycastclient ,
+.Ic tos
+and
+.Ic ttl
+configuration commands.
+The manycast poll interval is
+normally eight times the system poll interval,
+which starts out at the
+.Cm minpoll
+value specified in the
+.Ic manycastclient ,
+command and, under normal circumstances, increments to the
+.Cm maxpolll
+value specified in this command.
+Initially, the TTL is
+set at the minimum hops specified by the ttl command.
+At each retransmission the TTL is increased until reaching
+the maximum hops specified by this command or a sufficient
+number client associations have been found.
+Further retransmissions use the same TTL.
+.PP
+The quality and reliability of the suite of associations
+discovered by the manycast client is determined by the NTP
+mitigation algorithms and the
+.Cm minclock
+and
+.Cm minsane
+values specified in the
+.Ic tos
+configuration command.
+At least
+.Cm minsane
+candidate servers must be available and the mitigation
+algorithms produce at least
+.Cm minclock
+survivors in order to synchronize the clock.
+Byzantine agreement principles require at least four
+candidates in order to correctly discard a single falseticker.
+For legacy purposes,
+.Cm minsane
+defaults to 1 and
+.Cm minclock
+defaults to 3.
+For manycast service
+.Cm minsane
+should be explicitly set to 4, assuming at least that
+number of servers are available.
+.PP
+If at least
+.Cm minclock
+servers are found, the manycast poll interval is immediately
+set to eight times
+.Cm maxpoll .
+If less than
+.Cm minclock
+servers are found when the TTL has reached the maximum hops,
+the manycast poll interval is doubled.
+For each transmission
+after that, the poll interval is doubled again until
+reaching the maximum of eight times
+.Cm maxpoll .
+Further transmissions use the same poll interval and
+TTL values.
+Note that while all this is going on,
+each client/server association found is operating normally
+it the system poll interval.
+.PP
+Administratively scoped multicast boundaries are normally
+specified by the network router configuration and,
+in the case of IPv6, the link/site scope prefix.
+By default, the increment for TTL hops is 32 starting
+from 31; however, the
+.Ic ttl
+configuration command can be
+used to modify the values to match the scope rules.
+.PP
+It is often useful to narrow the range of acceptable
+servers which can be found by manycast client associations.
+Because manycast servers respond only when the client
+stratum is equal to or greater than the server stratum,
+primary (stratum 1) servers fill find only primary servers
+in TTL range, which is probably the most common objective.
+However, unless configured otherwise, all manycast clients
+in TTL range will eventually find all primary servers
+in TTL range, which is probably not the most common
+objective in large networks.
+The
+.Ic tos
+command can be used to modify this behavior.
+Servers with stratum below
+.Cm floor
+or above
+.Cm ceiling
+specified in the
+.Ic tos
+command are strongly discouraged during the selection
+process; however, these servers may be temporally
+accepted if the number of servers within TTL range is
+less than
+.Cm minclock .
+.PP
+The above actions occur for each manycast client message,
+which repeats at the designated poll interval.
+However, once the ephemeral client association is mobilized,
+subsequent manycast server replies are discarded,
+since that would result in a duplicate association.
+If during a poll interval the number of client associations
+falls below
+.Cm minclock ,
+all manycast client prototype associations are reset
+to the initial poll interval and TTL hops and operation
+resumes from the beginning.
+It is important to avoid
+frequent manycast client messages, since each one requires
+all manycast servers in TTL range to respond.
+The result could well be an implosion, either minor or major,
+depending on the number of servers in range.
+The recommended value for
+.Cm maxpoll
+is 12 (4,096 s).
+.PP
+It is possible and frequently useful to configure a host
+as both manycast client and manycast server.
+A number of hosts configured this way and sharing a common
+group address will automatically organize themselves
+in an optimum configuration based on stratum and
+synchronization distance.
+For example, consider an NTP
+subnet of two primary servers and a hundred or more
+dependent clients.
+With two exceptions, all servers
+and clients have identical configuration files including both
+.Ic multicastclient
+and
+.Ic multicastserver
+commands using, for instance, multicast group address
+239.1.1.1.
+The only exception is that each primary server
+configuration file must include commands for the primary
+reference source such as a GPS receiver.
+.PP
+The remaining configuration files for all secondary
+servers and clients have the same contents, except for the
+.Ic tos
+command, which is specific for each stratum level.
+For stratum 1 and stratum 2 servers, that command is
+not necessary.
+For stratum 3 and above servers the
+.Cm floor
+value is set to the intended stratum number.
+Thus, all stratum 3 configuration files are identical,
+all stratum 4 files are identical and so forth.
+.PP
+Once operations have stabilized in this scenario,
+the primary servers will find the primary reference source
+and each other, since they both operate at the same
+stratum (1), but not with any secondary server or client,
+since these operate at a higher stratum.
+The secondary
+servers will find the servers at the same stratum level.
+If one of the primary servers loses its GPS receiver,
+it will continue to operate as a client and other clients
+will time out the corresponding association and
+re-associate accordingly.
+.PP
+Some administrators prefer to avoid running
+.Xr ntpd @NTPD_MS@
+continuously and run either
+.Xr ntpdate 8
+or
+.Xr ntpd @NTPD_MS@
+q
+as a cron job.
+In either case the servers must be
+configured in advance and the program fails if none are
+available when the cron job runs.
+A really slick
+application of manycast is with
+.Xr ntpd @NTPD_MS@
+q .
+The program wakes up, scans the local landscape looking
+for the usual suspects, selects the best from among
+the rascals, sets the clock and then departs.
+Servers do not have to be configured in advance and
+all clients throughout the network can have the same
+configuration file.
+.SS Manycast Interactions with Autokey
+Each time a manycast client sends a client mode packet
+to a multicast group address, all manycast servers
+in scope generate a reply including the host name
+and status word.
+The manycast clients then run
+the Autokey protocol, which collects and verifies
+all certificates involved.
+Following the burst interval
+all but three survivors are cast off,
+but the certificates remain in the local cache.
+It often happens that several complete signing trails
+from the client to the primary servers are collected in this way.
+.PP
+About once an hour or less often if the poll interval
+exceeds this, the client regenerates the Autokey key list.
+This is in general transparent in client/server mode.
+However, about once per day the server private value
+used to generate cookies is refreshed along with all
+manycast client associations.
+In this case all
+cryptographic values including certificates is refreshed.
+If a new certificate has been generated since
+the last refresh epoch, it will automatically revoke
+all prior certificates that happen to be in the
+certificate cache.
+At the same time, the manycast
+scheme starts all over from the beginning and
+the expanding ring shrinks to the minimum and increments
+from there while collecting all servers in scope.
+.SS Manycast Options
+.TP
+.BR Xo Ic tos
+.Oo
+.Cm ceiling Ar ceiling |
+.Cm cohort { 0 | 1 } |
+.Cm floor Ar floor |
+.Cm minclock Ar minclock |
+.Cm minsane Ar minsane
+.Oc
+.Xc
+This command affects the clock selection and clustering
+algorithms.
+It can be used to select the quality and
+quantity of peers used to synchronize the system clock
+and is most useful in manycast mode.
+The variables operate
+as follows:
+.in +4
+.ti -4
+.IR Cm ceiling Ar ceiling
+Peers with strata above
+.Cm ceiling
+will be discarded if there are at least
+.Cm minclock
+peers remaining.
+This value defaults to 15, but can be changed
+to any number from 1 to 15.
+.ti -4
+.IR Cm cohort Bro 0 | 1 Brc
+This is a binary flag which enables (0) or disables (1)
+manycast server replies to manycast clients with the same
+stratum level.
+This is useful to reduce implosions where
+large numbers of clients with the same stratum level
+are present.
+The default is to enable these replies.
+.ti -4
+.IR Cm floor Ar floor
+Peers with strata below
+.Cm floor
+will be discarded if there are at least
+.Cm minclock
+peers remaining.
+This value defaults to 1, but can be changed
+to any number from 1 to 15.
+.ti -4
+.IR Cm minclock Ar minclock
+The clustering algorithm repeatedly casts out outlyer
+associations until no more than
+.Cm minclock
+associations remain.
+This value defaults to 3,
+but can be changed to any number from 1 to the number of
+configured sources.
+.ti -4
+.IR Cm minsane Ar minsane
+This is the minimum number of candidates available
+to the clock selection algorithm in order to produce
+one or more truechimers for the clustering algorithm.
+If fewer than this number are available, the clock is
+undisciplined and allowed to run free.
+The default is 1
+for legacy purposes.
+However, according to principles of
+Byzantine agreement,
+.Cm minsane
+should be at least 4 in order to detect and discard
+a single falseticker.
+.in -4
+.TP
+.BR Cm ttl Ar hop ...
+This command specifies a list of TTL values in increasing
+order, up to 8 values can be specified.
+In manycast mode these values are used in turn
+in an expanding-ring search.
+The default is eight
+multiples of 32 starting at 31.
+.SH Reference Clock Support
+The NTP Version 4 daemon supports some three dozen different radio,
+satellite and modem reference clocks plus a special pseudo-clock
+used for backup or when no other clock source is available.
+Detailed descriptions of individual device drivers and options can
+be found in the
+.Qq Reference Clock Drivers
+page
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp ) .
+Additional information can be found in the pages linked
+there, including the
+.Qq Debugging Hints for Reference Clock Drivers
+and
+.Qq How To Write a Reference Clock Driver
+pages
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp ) .
+In addition, support for a PPS
+signal is available as described in the
+.Qq Pulse-per-second (PPS) Signal Interfacing
+page
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp ) .
+Many
+drivers support special line discipline/streams modules which can
+significantly improve the accuracy using the driver.
+These are
+described in the
+.Qq Line Disciplines and Streams Drivers
+page
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp ) .
+.PP
+A reference clock will generally (though not always) be a radio
+timecode receiver which is synchronized to a source of standard
+time such as the services offered by the NRC in Canada and NIST and
+USNO in the US.
+The interface between the computer and the timecode
+receiver is device dependent, but is usually a serial port.
+A
+device driver specific to each reference clock must be selected and
+compiled in the distribution; however, most common radio, satellite
+and modem clocks are included by default.
+Note that an attempt to
+configure a reference clock when the driver has not been compiled
+or the hardware port has not been appropriately configured results
+in a scalding remark to the system log file, but is otherwise non
+hazardous.
+.PP
+For the purposes of configuration,
+.Xr ntpd @NTPD_MS@
+treats
+reference clocks in a manner analogous to normal NTP peers as much
+as possible.
+Reference clocks are identified by a syntactically
+correct but invalid IP address, in order to distinguish them from
+normal NTP peers.
+Reference clock addresses are of the form
+.Sm off
+.Li 127.127. Ar t . Ar u ,
+.Sm on
+where
+\fIt\fR
+is an integer
+denoting the clock type and
+\fIu\fR
+indicates the unit
+number in the range 0-3.
+While it may seem overkill, it is in fact
+sometimes useful to configure multiple reference clocks of the same
+type, in which case the unit numbers must be unique.
+.PP
+The
+.Ic server
+command is used to configure a reference
+clock, where the
+\fIaddress\fR
+argument in that command
+is the clock address.
+The
+.Cm key ,
+.Cm version
+and
+.Cm ttl
+options are not used for reference clock support.
+The
+.Cm mode
+option is added for reference clock support, as
+described below.
+The
+.Cm prefer
+option can be useful to
+persuade the server to cherish a reference clock with somewhat more
+enthusiasm than other reference clocks or peers.
+Further
+information on this option can be found in the
+.Qq Mitigation Rules and the prefer Keyword
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp )
+page.
+The
+.Cm minpoll
+and
+.Cm maxpoll
+options have
+meaning only for selected clock drivers.
+See the individual clock
+driver document pages for additional information.
+.PP
+The
+.Ic fudge
+command is used to provide additional
+information for individual clock drivers and normally follows
+immediately after the
+.Ic server
+command.
+The
+\fIaddress\fR
+argument specifies the clock address.
+The
+.Cm refid
+and
+.Cm stratum
+options can be used to
+override the defaults for the device.
+There are two optional
+device-dependent time offsets and four flags that can be included
+in the
+.Ic fudge
+command as well.
+.PP
+The stratum number of a reference clock is by default zero.
+Since the
+.Xr ntpd @NTPD_MS@
+daemon adds one to the stratum of each
+peer, a primary server ordinarily displays an external stratum of
+one.
+In order to provide engineered backups, it is often useful to
+specify the reference clock stratum as greater than zero.
+The
+.Cm stratum
+option is used for this purpose.
+Also, in cases
+involving both a reference clock and a pulse-per-second (PPS)
+discipline signal, it is useful to specify the reference clock
+identifier as other than the default, depending on the driver.
+The
+.Cm refid
+option is used for this purpose.
+Except where noted,
+these options apply to all clock drivers.
+.SS Reference Clock Commands
+.TP
+.BR Xo Ic server
+.Sm off
+.Li 127.127. Ar t . Ar u
+.Sm on
+[ "\fIprefer\fR" ]
+[ "\fImode\fR" "\fIint\fR" ]
+[ "\fIminpoll\fR" "\fIint\fR" ]
+[ "\fImaxpoll\fR" "\fIint\fR" ]
+.Xc
+This command can be used to configure reference clocks in
+special ways.
+The options are interpreted as follows:
+.in +4
+.ti -4
+.IR Cm prefer
+Marks the reference clock as preferred.
+All other things being
+equal, this host will be chosen for synchronization among a set of
+correctly operating hosts.
+See the
+.Qq Mitigation Rules and the prefer Keyword
+page
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp )
+for further information.
+.ti -4
+.IR Cm mode Ar int
+Specifies a mode number which is interpreted in a
+device-specific fashion.
+For instance, it selects a dialing
+protocol in the ACTS driver and a device subtype in the
+parse
+drivers.
+.ti -4
+.IR Cm minpoll Ar int
+.ti -4
+.IR Cm maxpoll Ar int
+These options specify the minimum and maximum polling interval
+for reference clock messages, as a power of 2 in seconds
+For
+most directly connected reference clocks, both
+.Cm minpoll
+and
+.Cm maxpoll
+default to 6 (64 s).
+For modem reference clocks,
+.Cm minpoll
+defaults to 10 (17.1 m) and
+.Cm maxpoll
+defaults to 14 (4.5 h).
+The allowable range is 4 (16 s) to 17 (36.4 h) inclusive.
+.in -4
+.TP
+.BR Xo Ic fudge
+.Sm off
+.Li 127.127. Ar t . Ar u
+.Sm on
+[ "\fItime1\fR" "\fIsec\fR" ]
+[ "\fItime2\fR" "\fIsec\fR" ]
+[ "\fIstratum\fR" "\fIint\fR" ]
+[ "\fIrefid\fR" "\fIstring\fR" ]
+[ "\fImode\fR" "\fIint\fR" ]
+[ "\fIflag1\fR" "\fI0\fR" \&| "\fI1\fR" ]
+[ "\fIflag2\fR" "\fI0\fR" \&| "\fI1\fR" ]
+[ "\fIflag3\fR" "\fI0\fR" \&| "\fI1\fR" ]
+[ "\fIflag4\fR" "\fI0\fR" \&| "\fI1\fR" ]
+.Xc
+This command can be used to configure reference clocks in
+special ways.
+It must immediately follow the
+.Ic server
+command which configures the driver.
+Note that the same capability
+is possible at run time using the
+.Xr ntpdc @NTPDC_MS@
+program.
+The options are interpreted as
+follows:
+.in +4
+.ti -4
+.IR Cm time1 Ar sec
+Specifies a constant to be added to the time offset produced by
+the driver, a fixed-point decimal number in seconds.
+This is used
+as a calibration constant to adjust the nominal time offset of a
+particular clock to agree with an external standard, such as a
+precision PPS signal.
+It also provides a way to correct a
+systematic error or bias due to serial port or operating system
+latencies, different cable lengths or receiver internal delay.
+The
+specified offset is in addition to the propagation delay provided
+by other means, such as internal DIPswitches.
+Where a calibration
+for an individual system and driver is available, an approximate
+correction is noted in the driver documentation pages.
+Note: in order to facilitate calibration when more than one
+radio clock or PPS signal is supported, a special calibration
+feature is available.
+It takes the form of an argument to the
+.Ic enable
+command described in
+.Sx Miscellaneous Options
+page and operates as described in the
+.Qq Reference Clock Drivers
+page
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp ) .
+.ti -4
+.IR Cm time2 Ar secs
+Specifies a fixed-point decimal number in seconds, which is
+interpreted in a driver-dependent way.
+See the descriptions of
+specific drivers in the
+.Qq Reference Clock Drivers
+page
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp ) .
+.ti -4
+.IR Cm stratum Ar int
+Specifies the stratum number assigned to the driver, an integer
+between 0 and 15.
+This number overrides the default stratum number
+ordinarily assigned by the driver itself, usually zero.
+.ti -4
+.IR Cm refid Ar string
+Specifies an ASCII string of from one to four characters which
+defines the reference identifier used by the driver.
+This string
+overrides the default identifier ordinarily assigned by the driver
+itself.
+.ti -4
+.IR Cm mode Ar int
+Specifies a mode number which is interpreted in a
+device-specific fashion.
+For instance, it selects a dialing
+protocol in the ACTS driver and a device subtype in the
+parse
+drivers.
+.ti -4
+.IR Cm flag1 Cm 0 \&| Cm 1
+.ti -4
+.IR Cm flag2 Cm 0 \&| Cm 1
+.ti -4
+.IR Cm flag3 Cm 0 \&| Cm 1
+.ti -4
+.IR Cm flag4 Cm 0 \&| Cm 1
+These four flags are used for customizing the clock driver.
+The
+interpretation of these values, and whether they are used at all,
+is a function of the particular clock driver.
+However, by
+convention
+.Cm flag4
+is used to enable recording monitoring
+data to the
+.Cm clockstats
+file configured with the
+.Ic filegen
+command.
+Further information on the
+.Ic filegen
+command can be found in
+.Sx Monitoring Options .
+.in -4
+.SH Miscellaneous Options
+.TP
+.BR Ic broadcastdelay Ar seconds
+The broadcast and multicast modes require a special calibration
+to determine the network delay between the local and remote
+servers.
+Ordinarily, this is done automatically by the initial
+protocol exchanges between the client and server.
+In some cases,
+the calibration procedure may fail due to network or server access
+controls, for example.
+This command specifies the default delay to
+be used under these circumstances.
+Typically (for Ethernet), a
+number between 0.003 and 0.007 seconds is appropriate.
+The default
+when this command is not used is 0.004 seconds.
+.TP
+.BR Ic calldelay Ar delay
+This option controls the delay in seconds between the first and second
+packets sent in burst or iburst mode to allow additional time for a modem
+or ISDN call to complete.
+.TP
+.BR Ic driftfile Ar driftfile
+This command specifies the complete path and name of the file used to
+record the frequency of the local clock oscillator.
+This is the same
+operation as the
+f
+command line option.
+If the file exists, it is read at
+startup in order to set the initial frequency and then updated once per
+hour with the current frequency computed by the daemon.
+If the file name is
+specified, but the file itself does not exist, the starts with an initial
+frequency of zero and creates the file when writing it for the first time.
+If this command is not given, the daemon will always start with an initial
+frequency of zero.
+.PP
+The file format consists of a single line containing a single
+floating point number, which records the frequency offset measured
+in parts-per-million (PPM).
+The file is updated by first writing
+the current drift value into a temporary file and then renaming
+this file to replace the old version.
+This implies that
+.Xr ntpd @NTPD_MS@
+must have write permission for the directory the
+drift file is located in, and that file system links, symbolic or
+otherwise, should be avoided.
+.TP
+.BR Xo Ic enable
+.Oo
+.Cm auth | Cm bclient |
+.Cm calibrate | Cm kernel |
+.Cm monitor | Cm ntp |
+.Cm pps | Cm stats
+.Oc
+.Xc
+.TP
+.BR Xo Ic disable
+.Oo
+.Cm auth | Cm bclient |
+.Cm calibrate | Cm kernel |
+.Cm monitor | Cm ntp |
+.Cm pps | Cm stats
+.Oc
+.Xc
+Provides a way to enable or disable various server options.
+Flags not mentioned are unaffected.
+Note that all of these flags
+can be controlled remotely using the
+.Xr ntpdc @NTPDC_MS@
+utility program.
+.in +4
+.ti -4
+.IR Cm auth
+Enables the server to synchronize with unconfigured peers only if the
+peer has been correctly authenticated using either public key or
+private key cryptography.
+The default for this flag is
+.Ic enable .
+.ti -4
+.IR Cm bclient
+Enables the server to listen for a message from a broadcast or
+multicast server, as in the
+.Ic multicastclient
+command with default
+address.
+The default for this flag is
+.Ic disable .
+.ti -4
+.IR Cm calibrate
+Enables the calibrate feature for reference clocks.
+The default for
+this flag is
+.Ic disable .
+.ti -4
+.IR Cm kernel
+Enables the kernel time discipline, if available.
+The default for this
+flag is
+.Ic enable
+if support is available, otherwise
+.Ic disable .
+.ti -4
+.IR Cm monitor
+Enables the monitoring facility.
+See the
+.Xr ntpdc @NTPDC_MS@
+program
+and the
+.Ic monlist
+command or further information.
+The
+default for this flag is
+.Ic enable .
+.ti -4
+.IR Cm ntp
+Enables time and frequency discipline.
+In effect, this switch opens and
+closes the feedback loop, which is useful for testing.
+The default for
+this flag is
+.Ic enable .
+.ti -4
+.IR Cm pps
+Enables the pulse-per-second (PPS) signal when frequency and time is
+disciplined by the precision time kernel modifications.
+See the
+.Qq A Kernel Model for Precision Timekeeping
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp )
+page for further information.
+The default for this flag is
+.Ic disable .
+.ti -4
+.IR Cm stats
+Enables the statistics facility.
+See the
+.Sx Monitoring Options
+section for further information.
+The default for this flag is
+.Ic disable .
+.in -4
+.TP
+.BR Ic includefile Ar includefile
+This command allows additional configuration commands
+to be included from a separate file.
+Include files may
+be nested to a depth of five; upon reaching the end of any
+include file, command processing resumes in the previous
+configuration file.
+This option is useful for sites that run
+.Xr ntpd @NTPD_MS@
+on multiple hosts, with (mostly) common options (e.g., a
+restriction list).
+.TP
+.BR Ic logconfig Ar configkeyword
+This command controls the amount and type of output written to
+the system
+.Xr syslog 3
+facility or the alternate
+.Ic logfile
+log file.
+By default, all output is turned on.
+All
+\fIconfigkeyword\fR
+keywords can be prefixed with
+.Ql = ,
+.Ql +
+and
+.Ql - ,
+where
+.Ql =
+sets the
+.Xr syslog 3
+priority mask,
+.Ql +
+adds and
+.Ql -
+removes
+messages.
+.Xr syslog 3
+messages can be controlled in four
+classes
+.Po
+.Cm clock ,
+.Cm peer ,
+.Cm sys
+and
+.Cm sync
+.Pc .
+Within these classes four types of messages can be
+controlled: informational messages
+.Po
+.Cm info
+.Pc ,
+event messages
+.Po
+.Cm events
+.Pc ,
+statistics messages
+.Po
+.Cm statistics
+.Pc
+and
+status messages
+.Po
+.Cm status
+.Pc .
+.PP
+Configuration keywords are formed by concatenating the message class with
+the event class.
+The
+.Cm all
+prefix can be used instead of a message class.
+A
+message class may also be followed by the
+.Cm all
+keyword to enable/disable all
+messages of the respective message class.Thus, a minimal log configuration
+could look like this:
+.br
+.in +4
+.nf
+logconfig =syncstatus +sysevents
+.in -4
+.fi
+.PP
+This would just list the synchronizations state of
+.Xr ntpd @NTPD_MS@
+and the major system events.
+For a simple reference server, the
+following minimum message configuration could be useful:
+.br
+.in +4
+.nf
+logconfig =syncall +clockall
+.in -4
+.fi
+.PP
+This configuration will list all clock information and
+synchronization information.
+All other events and messages about
+peers, system events and so on is suppressed.
+.TP
+.BR Ic logfile Ar logfile
+This command specifies the location of an alternate log file to
+be used instead of the default system
+.Xr syslog 3
+facility.
+This is the same operation as the -l command line option.
+.TP
+.BR Ic setvar Ar variable Op Cm default
+This command adds an additional system variable.
+These
+variables can be used to distribute additional information such as
+the access policy.
+If the variable of the form
+.Sm off
+.Va name = Ar value
+.Sm on
+is followed by the
+.Cm default
+keyword, the
+variable will be listed as part of the default system variables
+.Po
+.Xr ntpq @NTPQ_MS@
+.Ic rv
+command
+.Pc ) .
+These additional variables serve
+informational purposes only.
+They are not related to the protocol
+other that they can be listed.
+The known protocol variables will
+always override any variables defined via the
+.Ic setvar
+mechanism.
+There are three special variables that contain the names
+of all variable of the same group.
+The
+.Va sys_var_list
+holds
+the names of all system variables.
+The
+.Va peer_var_list
+holds
+the names of all peer variables and the
+.Va clock_var_list
+holds the names of the reference clock variables.
+.TP
+.BR Xo Ic tinker
+.Oo
+.Cm allan Ar allan |
+.Cm dispersion Ar dispersion |
+.Cm freq Ar freq |
+.Cm huffpuff Ar huffpuff |
+.Cm panic Ar panic |
+.Cm step Ar srep |
+.Cm stepout Ar stepout
+.Oc
+.Xc
+This command can be used to alter several system variables in
+very exceptional circumstances.
+It should occur in the
+configuration file before any other configuration options.
+The
+default values of these variables have been carefully optimized for
+a wide range of network speeds and reliability expectations.
+In
+general, they interact in intricate ways that are hard to predict
+and some combinations can result in some very nasty behavior.
+Very
+rarely is it necessary to change the default values; but, some
+folks cannot resist twisting the knobs anyway and this command is
+for them.
+Emphasis added: twisters are on their own and can expect
+no help from the support group.
+.PP
+The variables operate as follows:
+.in +4
+.ti -4
+.IR Cm allan Ar allan
+The argument becomes the new value for the minimum Allan
+intercept, which is a parameter of the PLL/FLL clock discipline
+algorithm.
+The value in log2 seconds defaults to 7 (1024 s), which is also the lower
+limit.
+.ti -4
+.IR Cm dispersion Ar dispersion
+The argument becomes the new value for the dispersion increase rate,
+normally .000015 s/s.
+.ti -4
+.IR Cm freq Ar freq
+The argument becomes the initial value of the frequency offset in
+parts-per-million.
+This overrides the value in the frequency file, if
+present, and avoids the initial training state if it is not.
+.ti -4
+.IR Cm huffpuff Ar huffpuff
+The argument becomes the new value for the experimental
+huff-n'-puff filter span, which determines the most recent interval
+the algorithm will search for a minimum delay.
+The lower limit is
+900 s (15 m), but a more reasonable value is 7200 (2 hours).
+There
+is no default, since the filter is not enabled unless this command
+is given.
+.ti -4
+.IR Cm panic Ar panic
+The argument is the panic threshold, normally 1000 s.
+If set to zero,
+the panic sanity check is disabled and a clock offset of any value will
+be accepted.
+.ti -4
+.IR Cm step Ar step
+The argument is the step threshold, which by default is 0.128 s.
+It can
+be set to any positive number in seconds.
+If set to zero, step
+adjustments will never occur.
+Note: The kernel time discipline is
+disabled if the step threshold is set to zero or greater than the
+default.
+.ti -4
+.IR Cm stepout Ar stepout
+The argument is the stepout timeout, which by default is 900 s.
+It can
+be set to any positive number in seconds.
+If set to zero, the stepout
+pulses will not be suppressed.
+.in -4
+.TP
+.BR Xo Ic trap Ar host_address
+[ "\fIport\fR" "\fIport_number\fR" ]
+[ "\fIinterface\fR" "\fIinterface_address\fR" ]
+.Xc
+This command configures a trap receiver at the given host
+address and port number for sending messages with the specified
+local interface address.
+If the port number is unspecified, a value
+of 18447 is used.
+If the interface address is not specified, the
+message is sent with a source address of the local interface the
+message is sent through.
+Note that on a multihomed host the
+interface used may vary from time to time with routing changes.
+.PP
+The trap receiver will generally log event messages and other
+information from the server in a log file.
+While such monitor
+programs may also request their own trap dynamically, configuring a
+trap receiver will ensure that no messages are lost when the server
+is started.
+.TP
+.BR Cm hop Ar ...
+This command specifies a list of TTL values in increasing order, up to 8
+values can be specified.
+In manycast mode these values are used in turn in
+an expanding-ring search.
+The default is eight multiples of 32 starting at
+31.
+.SH "OPTIONS"
+.TP
+.BR \-\-help
+Display usage information and exit.
+.TP
+.BR \-\-more-help
+Pass the extended usage information through a pager.
+.TP
+.BR \-\-version "[=\fI{v|c|n}\fP]"
+Output version of program and exit.  The default mode is `v', a simple
+version.  The `c' mode will print copyright information and `n' will
+print the full copyright notice.
+.SH "OPTION PRESETS"
+Any option that is not marked as \fInot presettable\fP may be preset
+by loading values from environment variables named:
+.nf
+  \fBNTP_CONF_<option-name>\fP or \fBNTP_CONF\fP
+.fi
+.ad
+.SH "ENVIRONMENT"
+See \fBOPTION PRESETS\fP for configuration environment variables.
+.SH FILES
+.TP
+.BR Pa /etc/ntp.conf
+the default name of the configuration file
+.TP
+.BR Pa ntp.keys
+private MD5 keys
+.TP
+.BR Pa ntpkey
+RSA private key
+.TP
+.BR Pa ntpkey_ Ns Ar host
+RSA public key
+.TP
+.BR Pa ntp_dh
+Diffie-Hellman agreement parameters
+.SH "EXIT STATUS"
+One of the following exit values will be returned:
+.TP
+.BR 0 " (EXIT_SUCCESS)"
+Successful program execution.
+.TP
+.BR 1 " (EXIT_FAILURE)"
+The operation failed or the command syntax was not valid.
+.SH "SEE ALSO"
+.SH SEE ALSO
+.Xr ntpd @NTPD_MS@ ,
+.Xr ntpdc @NTPDC_MS@ ,
+.Xr ntpq @NTPQ_MS@
+.PP
+In addition to the manual pages provided,
+comprehensive documentation is available on the world wide web
+at
+.Li http://www.ntp.org/ .
+A snapshot of this documentation is available in HTML format in
+.Pa /usr/share/doc/ntp .
+.Rs
+.%A David L. Mills
+.%T Network Time Protocol (Version 4)
+.%O RFC5905
+.Re
+.SH "AUTHORS"
+The University of Delaware
+.SH "COPYRIGHT"
+Copyright (C) 1970-2012 The University of Delaware all rights reserved.
+This program is released under the terms of the NTP license, <http://ntp.org/license>.
+.SH BUGS
+The syntax checking is not picky; some combinations of
+ridiculous and even hilarious options and modes may not be
+detected.
+.PP
+The
+.Pa ntpkey_ Ns Ar host
+files are really digital
+certificates.
+These should be obtained via secure directory
+services when they become universally available.Please send bug reports to: http://bugs.ntp.org, bugs at ntp.org
+.SH NOTES
+This document is derived from FreeBSD..Pp
+This manual page was \fIAutoGen\fP-erated from the \fBntp.conf\fP
+option definitions.

==== ntpd/ntp.conf.man.in ====
2012-08-30 20:37:37-04:00, stenn at psp-deb1.ntp.org +0 -0

==== ntpd/ntp.conf.mdoc.in ====
2012-08-30 20:37:37-04:00, stenn at psp-deb1.ntp.org +2749 -0
  BitKeeper file /home/stenn/ntp-dev-autogen/ntpd/ntp.conf.mdoc.in

--- /dev/null	2012-08-30 22:06:47 -04:00
+++ 1.1/ntpd/ntp.conf.mdoc.in	2012-08-30 20:37:37 -04:00
@@ -0,0 +1,2749 @@
+.Dd August 11 2012
+.Dt NTP_CONF 5 File Formats
+.Os FreeBSD 6.4-STABLE
+.\"  EDIT THIS FILE WITH CAUTION  (ntp.mdoc)
+.\"  
+.\"  It has been AutoGen-ed  August 11, 2012 at 08:57:34 PM by AutoGen 5.16.2
+.\"  From the definitions    ntp.conf.def
+.\"  and the template file   agmdoc-cmd.tpl
+.Sh NAME
+.Nm ntp.conf
+.Nd Network Time Protocol (NTP) daemon configuration file format
+.Sh SYNOPSIS
+.Nm
+.Op Fl \-option-name
+.Op Fl \-option-name Ar value
+.Pp
+All arguments must be options.
+.Pp
+.Sh DESCRIPTION
+The
+.Nm
+configuration file is read at initial startup by the
+.Xr ntpd @NTPD_MS@
+daemon in order to specify the synchronization sources,
+modes and other related information.
+Usually, it is installed in the
+.Pa /etc
+directory,
+but could be installed elsewhere
+(see the daemon's
+.Fl c
+command line option).
+.Pp
+The file format is similar to other
+.Ux
+configuration files.
+Comments begin with a
+.Ql #
+character and extend to the end of the line;
+blank lines are ignored.
+Configuration commands consist of an initial keyword
+followed by a list of arguments,
+some of which may be optional, separated by whitespace.
+Commands may not be continued over multiple lines.
+Arguments may be host names,
+host addresses written in numeric, dotted-quad form,
+integers, floating point numbers (when specifying times in seconds)
+and text strings.
+.Pp
+The rest of this page describes the configuration and control options.
+The
+.Qq Notes on Configuring NTP and Setting up a NTP Subnet
+page
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp )
+contains an extended discussion of these options.
+In addition to the discussion of general
+.Sx Configuration Options ,
+there are sections describing the following supported functionality
+and the options used to control it:
+.Bl -bullet -offset indent
+.It
+.Sx Authentication Support
+.It
+.Sx Monitoring Support
+.It
+.Sx Access Control Support
+.It
+.Sx Automatic NTP Configuration Options
+.It
+.Sx Reference Clock Support
+.It
+.Sx Miscellaneous Options
+.El
+.Pp
+Following these is a section describing
+.Sx Miscellaneous Options .
+While there is a rich set of options available,
+the only required option is one or more
+.Ic server ,
+.Ic peer ,
+.Ic broadcast
+or
+.Ic manycastclient
+commands.
+.Sh Configuration Support
+Following is a description of the configuration commands in
+NTPv4.
+These commands have the same basic functions as in NTPv3 and
+in some cases new functions and new arguments.
+There are two
+classes of commands, configuration commands that configure a
+persistent association with a remote server or peer or reference
+clock, and auxiliary commands that specify environmental variables
+that control various related operations.
+.Ss Configuration Commands
+The various modes are determined by the command keyword and the
+type of the required IP address.
+Addresses are classed by type as
+(s) a remote server or peer (IPv4 class A, B and C), (b) the
+broadcast address of a local interface, (m) a multicast address (IPv4
+class D), or (r) a reference clock address (127.127.x.x).
+Note that
+only those options applicable to each command are listed below.
+Use
+of options not listed may not be caught as an error, but may result
+in some weird and even destructive behavior.
+.Pp
+If the Basic Socket Interface Extensions for IPv6 (RFC-2553)
+is detected, support for the IPv6 address family is generated
+in addition to the default support of the IPv4 address family.
+In a few cases, including the reslist billboard generated
+by ntpdc, IPv6 addresses are automatically generated.
+IPv6 addresses can be identified by the presence of colons
+.Dq \&:
+in the address field.
+IPv6 addresses can be used almost everywhere where
+IPv4 addresses can be used,
+with the exception of reference clock addresses,
+which are always IPv4.
+.Pp
+Note that in contexts where a host name is expected, a
+.Fl 4
+qualifier preceding
+the host name forces DNS resolution to the IPv4 namespace,
+while a
+.Fl 6
+qualifier forces DNS resolution to the IPv6 namespace.
+See IPv6 references for the
+equivalent classes for that address family.
+.Bl -tag -width indent
+.It Xo Ic server Ar address
+.Op Cm key Ar key \&| Cm autokey
+.Op Cm burst
+.Op Cm iburst
+.Op Cm version Ar version
+.Op Cm prefer
+.Op Cm minpoll Ar minpoll
+.Op Cm maxpoll Ar maxpoll
+.Xc
+.It Xo Ic peer Ar address
+.Op Cm key Ar key \&| Cm autokey
+.Op Cm version Ar version
+.Op Cm prefer
+.Op Cm minpoll Ar minpoll
+.Op Cm maxpoll Ar maxpoll
+.Xc
+.It Xo Ic broadcast Ar address
+.Op Cm key Ar key \&| Cm autokey
+.Op Cm version Ar version
+.Op Cm prefer
+.Op Cm minpoll Ar minpoll
+.Op Cm ttl Ar ttl
+.Xc
+.It Xo Ic manycastclient Ar address
+.Op Cm key Ar key \&| Cm autokey
+.Op Cm version Ar version
+.Op Cm prefer
+.Op Cm minpoll Ar minpoll
+.Op Cm maxpoll Ar maxpoll
+.Op Cm ttl Ar ttl
+.Xc
+.El
+.Pp
+These four commands specify the time server name or address to
+be used and the mode in which to operate.
+The
+.Ar address
+can be
+either a DNS name or an IP address in dotted-quad notation.
+Additional information on association behavior can be found in the
+.Qq Association Management
+page
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp ) .
+.Bl -tag -width indent
+.It Ic server
+For type s and r addresses, this command mobilizes a persistent
+client mode association with the specified remote server or local
+radio clock.
+In this mode the local clock can synchronized to the
+remote server, but the remote server can never be synchronized to
+the local clock.
+This command should
+.Em not
+be used for type
+b or m addresses.
+.It Ic peer
+For type s addresses (only), this command mobilizes a
+persistent symmetric-active mode association with the specified
+remote peer.
+In this mode the local clock can be synchronized to
+the remote peer or the remote peer can be synchronized to the local
+clock.
+This is useful in a network of servers where, depending on
+various failure scenarios, either the local or remote peer may be
+the better source of time.
+This command should NOT be used for type
+b, m or r addresses.
+.It Ic broadcast
+For type b and m addresses (only), this
+command mobilizes a persistent broadcast mode association.
+Multiple
+commands can be used to specify multiple local broadcast interfaces
+(subnets) and/or multiple multicast groups.
+Note that local
+broadcast messages go only to the interface associated with the
+subnet specified, but multicast messages go to all interfaces.
+In broadcast mode the local server sends periodic broadcast
+messages to a client population at the
+.Ar address
+specified, which is usually the broadcast address on (one of) the
+local network(s) or a multicast address assigned to NTP.
+The IANA
+has assigned the multicast group address IPv4 224.0.1.1 and
+IPv6 ff05::101 (site local) exclusively to
+NTP, but other nonconflicting addresses can be used to contain the
+messages within administrative boundaries.
+Ordinarily, this
+specification applies only to the local server operating as a
+sender; for operation as a broadcast client, see the
+.Ic broadcastclient
+or
+.Ic multicastclient
+commands
+below.
+.It Ic manycastclient
+For type m addresses (only), this command mobilizes a
+manycast client mode association for the multicast address
+specified.
+In this case a specific address must be supplied which
+matches the address used on the
+.Ic manycastserver
+command for
+the designated manycast servers.
+The NTP multicast address
+224.0.1.1 assigned by the IANA should NOT be used, unless specific
+means are taken to avoid spraying large areas of the Internet with
+these messages and causing a possibly massive implosion of replies
+at the sender.
+The
+.Ic manycastserver
+command specifies that the local server
+is to operate in client mode with the remote servers that are
+discovered as the result of broadcast/multicast messages.
+The
+client broadcasts a request message to the group address associated
+with the specified
+.Ar address
+and specifically enabled
+servers respond to these messages.
+The client selects the servers
+providing the best time and continues as with the
+.Ic server
+command.
+The remaining servers are discarded as if never
+heard.
+.El
+.Pp
+Options:
+.Bl -tag -width indent
+.It Cm autokey
+All packets sent to and received from the server or peer are to
+include authentication fields encrypted using the autokey scheme
+described in
+.Sx Authentication Options .
+.It Cm burst
+when the server is reachable, send a burst of eight packets
+instead of the usual one.
+The packet spacing is normally 2 s;
+however, the spacing between the first and second packets
+can be changed with the calldelay command to allow
+additional time for a modem or ISDN call to complete.
+This is designed to improve timekeeping quality
+with the
+.Ic server
+command and s addresses.
+.It Cm iburst
+When the server is unreachable, send a burst of eight packets
+instead of the usual one.
+The packet spacing is normally 2 s;
+however, the spacing between the first two packets can be
+changed with the calldelay command to allow
+additional time for a modem or ISDN call to complete.
+This is designed to speed the initial synchronization
+acquisition with the
+.Ic server
+command and s addresses and when
+.Xr ntpd @NTPD_MS@
+is started with the
+.Fl q
+option.
+.It Cm key Ar key
+All packets sent to and received from the server or peer are to
+include authentication fields encrypted using the specified
+.Ar key
+identifier with values from 1 to 65534, inclusive.
+The
+default is to include no encryption field.
+.It Cm minpoll Ar minpoll
+.It Cm maxpoll Ar maxpoll
+These options specify the minimum and maximum poll intervals
+for NTP messages, as a power of 2 in seconds
+The maximum poll
+interval defaults to 10 (1,024 s), but can be increased by the
+.Cm maxpoll
+option to an upper limit of 17 (36.4 h).
+The
+minimum poll interval defaults to 6 (64 s), but can be decreased by
+the
+.Cm minpoll
+option to a lower limit of 4 (16 s).
+.It Cm noselect
+Marks the server as unused, except for display purposes.
+The server is discarded by the selection algroithm.
+.It Cm prefer
+Marks the server as preferred.
+All other things being equal,
+this host will be chosen for synchronization among a set of
+correctly operating hosts.
+See the
+.Qq Mitigation Rules and the prefer Keyword
+page
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp )
+for further information.
+.It Cm ttl Ar ttl
+This option is used only with broadcast server and manycast
+client modes.
+It specifies the time-to-live
+.Ar ttl
+to
+use on broadcast server and multicast server and the maximum
+.Ar ttl
+for the expanding ring search with manycast
+client packets.
+Selection of the proper value, which defaults to
+127, is something of a black art and should be coordinated with the
+network administrator.
+.It Cm version Ar version
+Specifies the version number to be used for outgoing NTP
+packets.
+Versions 1-4 are the choices, with version 4 the
+default.
+.El
+.Ss Auxiliary Commands
+.Bl -tag -width indent
+.It Ic broadcastclient
+This command enables reception of broadcast server messages to
+any local interface (type b) address.
+Upon receiving a message for
+the first time, the broadcast client measures the nominal server
+propagation delay using a brief client/server exchange with the
+server, then enters the broadcast client mode, in which it
+synchronizes to succeeding broadcast messages.
+Note that, in order
+to avoid accidental or malicious disruption in this mode, both the
+server and client should operate using symmetric-key or public-key
+authentication as described in
+.Sx Authentication Options .
+.It Ic manycastserver Ar address ...
+This command enables reception of manycast client messages to
+the multicast group address(es) (type m) specified.
+At least one
+address is required, but the NTP multicast address 224.0.1.1
+assigned by the IANA should NOT be used, unless specific means are
+taken to limit the span of the reply and avoid a possibly massive
+implosion at the original sender.
+Note that, in order to avoid
+accidental or malicious disruption in this mode, both the server
+and client should operate using symmetric-key or public-key
+authentication as described in
+.Sx Authentication Options .
+.It Ic multicastclient Ar address ...
+This command enables reception of multicast server messages to
+the multicast group address(es) (type m) specified.
+Upon receiving
+a message for the first time, the multicast client measures the
+nominal server propagation delay using a brief client/server
+exchange with the server, then enters the broadcast client mode, in
+which it synchronizes to succeeding multicast messages.
+Note that,
+in order to avoid accidental or malicious disruption in this mode,
+both the server and client should operate using symmetric-key or
+public-key authentication as described in
+.Sx Authentication Options .
+.El
+.Sh Authentication Support
+Authentication support allows the NTP client to verify that the
+server is in fact known and trusted and not an intruder intending
+accidentally or on purpose to masquerade as that server.
+The NTPv3
+specification RFC-1305 defines a scheme which provides
+cryptographic authentication of received NTP packets.
+Originally,
+this was done using the Data Encryption Standard (DES) algorithm
+operating in Cipher Block Chaining (CBC) mode, commonly called
+DES-CBC.
+Subsequently, this was replaced by the RSA Message Digest
+5 (MD5) algorithm using a private key, commonly called keyed-MD5.
+Either algorithm computes a message digest, or one-way hash, which
+can be used to verify the server has the correct private key and
+key identifier.
+.Pp
+NTPv4 retains the NTPv3 scheme, properly described as symmetric key
+cryptography and, in addition, provides a new Autokey scheme
+based on public key cryptography.
+Public key cryptography is generally considered more secure
+than symmetric key cryptography, since the security is based
+on a private value which is generated by each server and
+never revealed.
+With Autokey all key distribution and
+management functions involve only public values, which
+considerably simplifies key distribution and storage.
+Public key management is based on X.509 certificates,
+which can be provided by commercial services or
+produced by utility programs in the OpenSSL software library
+or the NTPv4 distribution.
+.Pp
+While the algorithms for symmetric key cryptography are
+included in the NTPv4 distribution, public key cryptography
+requires the OpenSSL software library to be installed
+before building the NTP distribution.
+Directions for doing that
+are on the Building and Installing the Distribution page.
+.Pp
+Authentication is configured separately for each association
+using the
+.Cm key
+or
+.Cm autokey
+subcommand on the
+.Ic peer ,
+.Ic server ,
+.Ic broadcast
+and
+.Ic manycastclient
+configuration commands as described in
+.Sx Configuration Options
+page.
+The authentication
+options described below specify the locations of the key files,
+if other than default, which symmetric keys are trusted
+and the interval between various operations, if other than default.
+.Pp
+Authentication is always enabled,
+although ineffective if not configured as
+described below.
+If a NTP packet arrives
+including a message authentication
+code (MAC), it is accepted only if it
+passes all cryptographic checks.
+The
+checks require correct key ID, key value
+and message digest.
+If the packet has
+been modified in any way or replayed
+by an intruder, it will fail one or more
+of these checks and be discarded.
+Furthermore, the Autokey scheme requires a
+preliminary protocol exchange to obtain
+the server certificate, verify its
+credentials and initialize the protocol
+.Pp
+The
+.Cm auth
+flag controls whether new associations or
+remote configuration commands require cryptographic authentication.
+This flag can be set or reset by the
+.Ic enable
+and
+.Ic disable
+commands and also by remote
+configuration commands sent by a
+.Xr ntpdc @NTPDC_MS@
+program running in
+another machine.
+If this flag is enabled, which is the default
+case, new broadcast client and symmetric passive associations and
+remote configuration commands must be cryptographically
+authenticated using either symmetric key or public key cryptography.
+If this
+flag is disabled, these operations are effective
+even if not cryptographic
+authenticated.
+It should be understood
+that operating with the
+.Ic auth
+flag disabled invites a significant vulnerability
+where a rogue hacker can
+masquerade as a falseticker and seriously
+disrupt system timekeeping.
+It is
+important to note that this flag has no purpose
+other than to allow or disallow
+a new association in response to new broadcast
+and symmetric active messages
+and remote configuration commands and, in particular,
+the flag has no effect on
+the authentication process itself.
+.Pp
+An attractive alternative where multicast support is available
+is manycast mode, in which clients periodically troll
+for servers as described in the
+.Sx Automatic NTP Configuration Options
+page.
+Either symmetric key or public key
+cryptographic authentication can be used in this mode.
+The principle advantage
+of manycast mode is that potential servers need not be
+configured in advance,
+since the client finds them during regular operation,
+and the configuration
+files for all clients can be identical.
+.Pp
+The security model and protocol schemes for
+both symmetric key and public key
+cryptography are summarized below;
+further details are in the briefings, papers
+and reports at the NTP project page linked from
+.Li http://www.ntp.org/ .
+.Ss Symmetric-Key Cryptography
+The original RFC-1305 specification allows any one of possibly
+65,534 keys, each distinguished by a 32-bit key identifier, to
+authenticate an association.
+The servers and clients involved must
+agree on the key and key identifier to
+authenticate NTP packets.
+Keys and
+related information are specified in a key
+file, usually called
+.Pa ntp.keys ,
+which must be distributed and stored using
+secure means beyond the scope of the NTP protocol itself.
+Besides the keys used
+for ordinary NTP associations,
+additional keys can be used as passwords for the
+.Xr ntpq @NTPQ_MS@
+and
+.Xr ntpdc @NTPDC_MS@
+utility programs.
+.Pp
+When
+.Xr ntpd @NTPD_MS@
+is first started, it reads the key file specified in the
+.Ic keys
+configuration command and installs the keys
+in the key cache.
+However,
+individual keys must be activated with the
+.Ic trusted
+command before use.
+This
+allows, for instance, the installation of possibly
+several batches of keys and
+then activating or deactivating each batch
+remotely using
+.Xr ntpdc @NTPDC_MS@ .
+This also provides a revocation capability that can be used
+if a key becomes compromised.
+The
+.Ic requestkey
+command selects the key used as the password for the
+.Xr ntpdc @NTPDC_MS@
+utility, while the
+.Ic controlkey
+command selects the key used as the password for the
+.Xr ntpq @NTPQ_MS@
+utility.
+.Ss Public Key Cryptography
+NTPv4 supports the original NTPv3 symmetric key scheme
+described in RFC-1305 and in addition the Autokey protocol,
+which is based on public key cryptography.
+The Autokey Version 2 protocol described on the Autokey Protocol
+page verifies packet integrity using MD5 message digests
+and verifies the source with digital signatures and any of several
+digest/signature schemes.
+Optional identity schemes described on the Identity Schemes
+page and based on cryptographic challenge/response algorithms
+are also available.
+Using all of these schemes provides strong security against
+replay with or without modification, spoofing, masquerade
+and most forms of clogging attacks.
+.\" .Pp
+.\" The cryptographic means necessary for all Autokey operations
+.\" is provided by the OpenSSL software library.
+.\" This library is available from http://www.openssl.org/
+.\" and can be installed using the procedures outlined
+.\" in the Building and Installing the Distribution page.
+.\" Once installed,
+.\" the configure and build
+.\" process automatically detects the library and links
+.\" the library routines required.
+.Pp
+The Autokey protocol has several modes of operation
+corresponding to the various NTP modes supported.
+Most modes use a special cookie which can be
+computed independently by the client and server,
+but encrypted in transmission.
+All modes use in addition a variant of the S-KEY scheme,
+in which a pseudo-random key list is generated and used
+in reverse order.
+These schemes are described along with an executive summary,
+current status, briefing slides and reading list on the
+.Sx Autonomous Authentication
+page.
+.Pp
+The specific cryptographic environment used by Autokey servers
+and clients is determined by a set of files
+and soft links generated by the
+.Xr ntp-keygen 1ntpkeygenmdoc
+program.
+This includes a required host key file,
+required certificate file and optional sign key file,
+leapsecond file and identity scheme files.
+The
+digest/signature scheme is specified in the X.509 certificate
+along with the matching sign key.
+There are several schemes
+available in the OpenSSL software library, each identified
+by a specific string such as
+.Cm md5WithRSAEncryption ,
+which stands for the MD5 message digest with RSA
+encryption scheme.
+The current NTP distribution supports
+all the schemes in the OpenSSL library, including
+those based on RSA and DSA digital signatures.
+.Pp
+NTP secure groups can be used to define cryptographic compartments
+and security hierarchies.
+It is important that every host
+in the group be able to construct a certificate trail to one
+or more trusted hosts in the same group.
+Each group
+host runs the Autokey protocol to obtain the certificates
+for all hosts along the trail to one or more trusted hosts.
+This requires the configuration file in all hosts to be
+engineered so that, even under anticipated failure conditions,
+the NTP subnet will form such that every group host can find
+a trail to at least one trusted host.
+.Ss Naming and Addressing
+It is important to note that Autokey does not use DNS to
+resolve addresses, since DNS can't be completely trusted
+until the name servers have synchronized clocks.
+The cryptographic name used by Autokey to bind the host identity
+credentials and cryptographic values must be independent
+of interface, network and any other naming convention.
+The name appears in the host certificate in either or both
+the subject and issuer fields, so protection against
+DNS compromise is essential.
+.Pp
+By convention, the name of an Autokey host is the name returned
+by the Unix
+.Xr gethostname 2
+system call or equivalent in other systems.
+By the system design
+model, there are no provisions to allow alternate names or aliases.
+However, this is not to say that DNS aliases, different names
+for each interface, etc., are constrained in any way.
+.Pp
+It is also important to note that Autokey verifies authenticity
+using the host name, network address and public keys,
+all of which are bound together by the protocol specifically
+to deflect masquerade attacks.
+For this reason Autokey
+includes the source and destinatino IP addresses in message digest
+computations and so the same addresses must be available
+at both the server and client.
+For this reason operation
+with network address translation schemes is not possible.
+This reflects the intended robust security model where government
+and corporate NTP servers are operated outside firewall perimeters.
+.Ss Operation
+A specific combination of authentication scheme (none,
+symmetric key, public key) and identity scheme is called
+a cryptotype, although not all combinations are compatible.
+There may be management configurations where the clients,
+servers and peers may not all support the same cryptotypes.
+A secure NTPv4 subnet can be configured in many ways while
+keeping in mind the principles explained above and
+in this section.
+Note however that some cryptotype
+combinations may successfully interoperate with each other,
+but may not represent good security practice.
+.Pp
+The cryptotype of an association is determined at the time
+of mobilization, either at configuration time or some time
+later when a message of appropriate cryptotype arrives.
+When mobilized by a
+.Ic server
+or
+.Ic peer
+configuration command and no
+.Ic key
+or
+.Ic autokey
+subcommands are present, the association is not
+authenticated; if the
+.Ic key
+subcommand is present, the association is authenticated
+using the symmetric key ID specified; if the
+.Ic autokey
+subcommand is present, the association is authenticated
+using Autokey.
+.Pp
+When multiple identity schemes are supported in the Autokey
+protocol, the first message exchange determines which one is used.
+The client request message contains bits corresponding
+to which schemes it has available.
+The server response message
+contains bits corresponding to which schemes it has available.
+Both server and client match the received bits with their own
+and select a common scheme.
+.Pp
+Following the principle that time is a public value,
+a server responds to any client packet that matches
+its cryptotype capabilities.
+Thus, a server receiving
+an unauthenticated packet will respond with an unauthenticated
+packet, while the same server receiving a packet of a cryptotype
+it supports will respond with packets of that cryptotype.
+However, unconfigured broadcast or manycast client
+associations or symmetric passive associations will not be
+mobilized unless the server supports a cryptotype compatible
+with the first packet received.
+By default, unauthenticated associations will not be mobilized
+unless overridden in a decidedly dangerous way.
+.Pp
+Some examples may help to reduce confusion.
+Client Alice has no specific cryptotype selected.
+Server Bob has both a symmetric key file and minimal Autokey files.
+Alice's unauthenticated messages arrive at Bob, who replies with
+unauthenticated messages.
+Cathy has a copy of Bob's symmetric
+key file and has selected key ID 4 in messages to Bob.
+Bob verifies the message with his key ID 4.
+If it's the
+same key and the message is verified, Bob sends Cathy a reply
+authenticated with that key.
+If verification fails,
+Bob sends Cathy a thing called a crypto-NAK, which tells her
+something broke.
+She can see the evidence using the ntpq program.
+.Pp
+Denise has rolled her own host key and certificate.
+She also uses one of the identity schemes as Bob.
+She sends the first Autokey message to Bob and they
+both dance the protocol authentication and identity steps.
+If all comes out okay, Denise and Bob continue as described above.
+.Pp
+It should be clear from the above that Bob can support
+all the girls at the same time, as long as he has compatible
+authentication and identity credentials.
+Now, Bob can act just like the girls in his own choice of servers;
+he can run multiple configured associations with multiple different
+servers (or the same server, although that might not be useful).
+But, wise security policy might preclude some cryptotype
+combinations; for instance, running an identity scheme
+with one server and no authentication with another might not be wise.
+.Ss Key Management
+The cryptographic values used by the Autokey protocol are
+incorporated as a set of files generated by the
+.Xr ntp-keygen 1ntpkeygenmdoc
+utility program, including symmetric key, host key and
+public certificate files, as well as sign key, identity parameters
+and leapseconds files.
+Alternatively, host and sign keys and
+certificate files can be generated by the OpenSSL utilities
+and certificates can be imported from public certificate
+authorities.
+Note that symmetric keys are necessary for the
+.Xr ntpq @NTPQ_MS@
+and
+.Xr ntpdc @NTPDC_MS@
+utility programs.
+The remaining files are necessary only for the
+Autokey protocol.
+.Pp
+Certificates imported from OpenSSL or public certificate
+authorities have certian limitations.
+The certificate should be in ASN.1 syntax, X.509 Version 3
+format and encoded in PEM, which is the same format
+used by OpenSSL.
+The overall length of the certificate encoded
+in ASN.1 must not exceed 1024 bytes.
+The subject distinguished
+name field (CN) is the fully qualified name of the host
+on which it is used; the remaining subject fields are ignored.
+The certificate extension fields must not contain either
+a subject key identifier or a issuer key identifier field;
+however, an extended key usage field for a trusted host must
+contain the value
+.Cm trustRoot ; .
+Other extension fields are ignored.
+.Ss Authentication Commands
+.Bl -tag -width indent
+.It Ic autokey Op Ar logsec
+Specifies the interval between regenerations of the session key
+list used with the Autokey protocol.
+Note that the size of the key
+list for each association depends on this interval and the current
+poll interval.
+The default value is 12 (4096 s or about 1.1 hours).
+For poll intervals above the specified interval, a session key list
+with a single entry will be regenerated for every message
+sent.
+.It Ic controlkey Ar key
+Specifies the key identifier to use with the
+.Xr ntpq @NTPQ_MS@
+utility, which uses the standard
+protocol defined in RFC-1305.
+The
+.Ar key
+argument is
+the key identifier for a trusted key, where the value can be in the
+range 1 to 65,534, inclusive.
+.It Xo Ic crypto
+.Op Cm cert Ar file
+.Op Cm leap Ar file
+.Op Cm randfile Ar file
+.Op Cm host Ar file
+.Op Cm sign Ar file
+.Op Cm gq Ar file
+.Op Cm gqpar Ar file
+.Op Cm iffpar Ar file
+.Op Cm mvpar Ar file
+.Op Cm pw Ar password
+.Xc
+This command requires the OpenSSL library.
+It activates public key
+cryptography, selects the message digest and signature
+encryption scheme and loads the required private and public
+values described above.
+If one or more files are left unspecified,
+the default names are used as described above.
+Unless the complete path and name of the file are specified, the
+location of a file is relative to the keys directory specified
+in the
+.Ic keysdir
+command or default
+.Pa /usr/local/etc .
+Following are the subcommands:
+.Bl -tag -width indent
+.It Cm cert Ar file
+Specifies the location of the required host public certificate file.
+This overrides the link
+.Pa ntpkey_cert_ Ns Ar hostname
+in the keys directory.
+.It Cm gqpar Ar file
+Specifies the location of the optional GQ parameters file.
+This
+overrides the link
+.Pa ntpkey_gq_ Ns Ar hostname
+in the keys directory.
+.It Cm host Ar file
+Specifies the location of the required host key file.
+This overrides
+the link
+.Pa ntpkey_key_ Ns Ar hostname
+in the keys directory.
+.It Cm iffpar Ar file
+Specifies the location of the optional IFF parameters file.This
+overrides the link
+.Pa ntpkey_iff_ Ns Ar hostname
+in the keys directory.
+.It Cm leap Ar file
+Specifies the location of the optional leapsecond file.
+This overrides the link
+.Pa ntpkey_leap
+in the keys directory.
+.It Cm mvpar Ar file
+Specifies the location of the optional MV parameters file.
+This
+overrides the link
+.Pa ntpkey_mv_ Ns Ar hostname
+in the keys directory.
+.It Cm pw Ar password
+Specifies the password to decrypt files containing private keys and
+identity parameters.
+This is required only if these files have been
+encrypted.
+.It Cm randfile Ar file
+Specifies the location of the random seed file used by the OpenSSL
+library.
+The defaults are described in the main text above.
+.It Cm sign Ar file
+Specifies the location of the optional sign key file.
+This overrides
+the link
+.Pa ntpkey_sign_ Ns Ar hostname
+in the keys directory.
+If this file is
+not found, the host key is also the sign key.
+.El
+.It Ic keys Ar keyfile
+Specifies the complete path and location of the MD5 key file
+containing the keys and key identifiers used by
+.Xr ntpd @NTPD_MS@ ,
+.Xr ntpq @NTPQ_MS@
+and
+.Xr ntpdc @NTPDC_MS@
+when operating with symmetric key cryptography.
+This is the same operation as the
+.Fl k
+command line option.
+.It Ic keysdir Ar path
+This command specifies the default directory path for
+cryptographic keys, parameters and certificates.
+The default is
+.Pa /usr/local/etc/ .
+.It Ic requestkey Ar key
+Specifies the key identifier to use with the
+.Xr ntpdc @NTPDC_MS@
+utility program, which uses a
+proprietary protocol specific to this implementation of
+.Xr ntpd @NTPD_MS@ .
+The
+.Ar key
+argument is a key identifier
+for the trusted key, where the value can be in the range 1 to
+65,534, inclusive.
+.It Ic revoke Ar logsec
+Specifies the interval between re-randomization of certain
+cryptographic values used by the Autokey scheme, as a power of 2 in
+seconds.
+These values need to be updated frequently in order to
+deflect brute-force attacks on the algorithms of the scheme;
+however, updating some values is a relatively expensive operation.
+The default interval is 16 (65,536 s or about 18 hours).
+For poll
+intervals above the specified interval, the values will be updated
+for every message sent.
+.It Ic trustedkey Ar key ...
+Specifies the key identifiers which are trusted for the
+purposes of authenticating peers with symmetric key cryptography,
+as well as keys used by the
+.Xr ntpq @NTPQ_MS@
+and
+.Xr ntpdc @NTPDC_MS@
+programs.
+The authentication procedures require that both the local
+and remote servers share the same key and key identifier for this
+purpose, although different keys can be used with different
+servers.
+The
+.Ar key
+arguments are 32-bit unsigned
+integers with values from 1 to 65,534.
+.El
+.Ss Error Codes
+The following error codes are reported via the NTP control
+and monitoring protocol trap mechanism.
+.Bl -tag -width indent
+.It 101
+.Pq bad field format or length
+The packet has invalid version, length or format.
+.It 102
+.Pq bad timestamp
+The packet timestamp is the same or older than the most recent received.
+This could be due to a replay or a server clock time step.
+.It 103
+.Pq bad filestamp
+The packet filestamp is the same or older than the most recent received.
+This could be due to a replay or a key file generation error.
+.It 104
+.Pq bad or missing public key
+The public key is missing, has incorrect format or is an unsupported type.
+.It 105
+.Pq unsupported digest type
+The server requires an unsupported digest/signature scheme.
+.It 106
+.Pq mismatched digest types
+Not used.
+.It 107
+.Pq bad signature length
+The signature length does not match the current public key.
+.It 108
+.Pq signature not verified
+The message fails the signature check.
+It could be bogus or signed by a
+different private key.
+.It 109
+.Pq certificate not verified
+The certificate is invalid or signed with the wrong key.
+.It 110
+.Pq certificate not verified
+The certificate is not yet valid or has expired or the signature could not
+be verified.
+.It 111
+.Pq bad or missing cookie
+The cookie is missing, corrupted or bogus.
+.It 112
+.Pq bad or missing leapseconds table
+The leapseconds table is missing, corrupted or bogus.
+.It 113
+.Pq bad or missing certificate
+The certificate is missing, corrupted or bogus.
+.It 114
+.Pq bad or missing identity
+The identity key is missing, corrupt or bogus.
+.El
+.Sh Monitoring Support
+.Xr ntpd @NTPD_MS@
+includes a comprehensive monitoring facility suitable
+for continuous, long term recording of server and client
+timekeeping performance.
+See the
+.Ic statistics
+command below
+for a listing and example of each type of statistics currently
+supported.
+Statistic files are managed using file generation sets
+and scripts in the
+.Pa ./scripts
+directory of this distribution.
+Using
+these facilities and
+.Ux
+.Xr cron 8
+jobs, the data can be
+automatically summarized and archived for retrospective analysis.
+.Ss Monitoring Commands
+.Bl -tag -width indent
+.It Ic statistics Ar name ...
+Enables writing of statistics records.
+Currently, four kinds of
+.Ar name
+statistics are supported.
+.Bl -tag -width indent
+.It Cm clockstats
+Enables recording of clock driver statistics information.
+Each update
+received from a clock driver appends a line of the following form to
+the file generation set named
+.Cm clockstats :
+.Bd -literal
+49213 525.624 127.127.4.1 93 226 00:08:29.606 D
+.Ed
+.Pp
+The first two fields show the date (Modified Julian Day) and time
+(seconds and fraction past UTC midnight).
+The next field shows the
+clock address in dotted-quad notation.
+The final field shows the last
+timecode received from the clock in decoded ASCII format, where
+meaningful.
+In some clock drivers a good deal of additional information
+can be gathered and displayed as well.
+See information specific to each
+clock for further details.
+.It Cm cryptostats
+This option requires the OpenSSL cryptographic software library.
+It
+enables recording of cryptographic public key protocol information.
+Each message received by the protocol module appends a line of the
+following form to the file generation set named
+.Cm cryptostats :
+.Bd -literal
+49213 525.624 127.127.4.1 message
+.Ed
+.Pp
+The first two fields show the date (Modified Julian Day) and time
+(seconds and fraction past UTC midnight).
+The next field shows the peer
+address in dotted-quad notation, The final message field includes the
+message type and certain ancillary information.
+See the
+.Sx Authentication Options
+section for further information.
+.It Cm loopstats
+Enables recording of loop filter statistics information.
+Each
+update of the local clock outputs a line of the following form to
+the file generation set named
+.Cm loopstats :
+.Bd -literal
+50935 75440.031 0.000006019 13.778190 0.000351733 0.0133806
+.Ed
+.Pp
+The first two fields show the date (Modified Julian Day) and
+time (seconds and fraction past UTC midnight).
+The next five fields
+show time offset (seconds), frequency offset (parts per million -
+PPM), RMS jitter (seconds), Allan deviation (PPM) and clock
+discipline time constant.
+.It Cm peerstats
+Enables recording of peer statistics information.
+This includes
+statistics records of all peers of a NTP server and of special
+signals, where present and configured.
+Each valid update appends a
+line of the following form to the current element of a file
+generation set named
+.Cm peerstats :
+.Bd -literal
+48773 10847.650 127.127.4.1 9714 -0.001605376 0.000000000 0.001424877 0.000958674
+.Ed
+.Pp
+The first two fields show the date (Modified Julian Day) and
+time (seconds and fraction past UTC midnight).
+The next two fields
+show the peer address in dotted-quad notation and status,
+respectively.
+The status field is encoded in hex in the format
+described in Appendix A of the NTP specification RFC 1305.
+The final four fields show the offset,
+delay, dispersion and RMS jitter, all in seconds.
+.It Cm rawstats
+Enables recording of raw-timestamp statistics information.
+This
+includes statistics records of all peers of a NTP server and of
+special signals, where present and configured.
+Each NTP message
+received from a peer or clock driver appends a line of the
+following form to the file generation set named
+.Cm rawstats :
+.Bd -literal
+50928 2132.543 128.4.1.1 128.4.1.20 3102453281.584327000 3102453281.58622800031 02453332.540806000 3102453332.541458000
+.Ed
+.Pp
+The first two fields show the date (Modified Julian Day) and
+time (seconds and fraction past UTC midnight).
+The next two fields
+show the remote peer or clock address followed by the local address
+in dotted-quad notation.
+The final four fields show the originate,
+receive, transmit and final NTP timestamps in order.
+The timestamp
+values are as received and before processing by the various data
+smoothing and mitigation algorithms.
+.It Cm sysstats
+Enables recording of ntpd statistics counters on a periodic basis.
+Each
+hour a line of the following form is appended to the file generation
+set named
+.Cm sysstats :
+.Bd -literal
+50928 2132.543 36000 81965 0 9546 56 71793 512 540 10 147
+.Ed
+.Pp
+The first two fields show the date (Modified Julian Day) and time
+(seconds and fraction past UTC midnight).
+The remaining ten fields show
+the statistics counter values accumulated since the last generated
+line.
+.Bl -tag -width indent
+.It Time since restart Cm 36000
+Time in hours since the system was last rebooted.
+.It Packets received Cm 81965
+Total number of packets received.
+.It Packets processed Cm 0
+Number of packets received in response to previous packets sent
+.It Current version Cm 9546
+Number of packets matching the current NTP version.
+.It Previous version Cm 56
+Number of packets matching the previous NTP version.
+.It Bad version Cm 71793
+Number of packets matching neither NTP version.
+.It Access denied Cm 512
+Number of packets denied access for any reason.
+.It Bad length or format Cm 540
+Number of packets with invalid length, format or port number.
+.It Bad authentication Cm 10
+Number of packets not verified as authentic.
+.It Rate exceeded Cm 147
+Number of packets discarded due to rate limitation.
+.El
+.It Cm statsdir Ar directory_path
+Indicates the full path of a directory where statistics files
+should be created (see below).
+This keyword allows
+the (otherwise constant)
+.Cm filegen
+filename prefix to be modified for file generation sets, which
+is useful for handling statistics logs.
+.It Cm filegen Ar name Xo
+.Op Cm file Ar filename
+.Op Cm type Ar typename
+.Op Cm link | nolink
+.Op Cm enable | disable
+.Xc
+Configures setting of generation file set name.
+Generation
+file sets provide a means for handling files that are
+continuously growing during the lifetime of a server.
+Server statistics are a typical example for such files.
+Generation file sets provide access to a set of files used
+to store the actual data.
+At any time at most one element
+of the set is being written to.
+The type given specifies
+when and how data will be directed to a new element of the set.
+This way, information stored in elements of a file set
+that are currently unused are available for administrational
+operations without the risk of disturbing the operation of ntpd.
+(Most important: they can be removed to free space for new data
+produced.)
+.Pp
+Note that this command can be sent from the
+.Xr ntpdc @NTPDC_MS@
+program running at a remote location.
+.Bl -tag -width indent
+.It Cm name
+This is the type of the statistics records, as shown in the
+.Cm statistics
+command.
+.It Cm file Ar filename
+This is the file name for the statistics records.
+Filenames of set
+members are built from three concatenated elements
+.Ar Cm prefix ,
+.Ar Cm filename
+and
+.Ar Cm suffix :
+.Bl -tag -width indent
+.It Cm prefix
+This is a constant filename path.
+It is not subject to
+modifications via the
+.Ar filegen
+option.
+It is defined by the
+server, usually specified as a compile-time constant.
+It may,
+however, be configurable for individual file generation sets
+via other commands.
+For example, the prefix used with
+.Ar loopstats
+and
+.Ar peerstats
+generation can be configured using the
+.Ar statsdir
+option explained above.
+.It Cm filename
+This string is directly concatenated to the prefix mentioned
+above (no intervening
+.Ql / ) .
+This can be modified using
+the file argument to the
+.Ar filegen
+statement.
+No
+.Pa ..
+elements are
+allowed in this component to prevent filenames referring to
+parts outside the filesystem hierarchy denoted by
+.Ar prefix .
+.It Cm suffix
+This part is reflects individual elements of a file set.
+It is
+generated according to the type of a file set.
+.El
+.It Cm type Ar typename
+A file generation set is characterized by its type.
+The following
+types are supported:
+.Bl -tag -width indent
+.It Cm none
+The file set is actually a single plain file.
+.It Cm pid
+One element of file set is used per incarnation of a ntpd
+server.
+This type does not perform any changes to file set
+members during runtime, however it provides an easy way of
+separating files belonging to different
+.Xr ntpd @NTPD_MS@
+server incarnations.
+The set member filename is built by appending a
+.Ql \&.
+to concatenated
+.Ar prefix
+and
+.Ar filename
+strings, and
+appending the decimal representation of the process ID of the
+.Xr ntpd @NTPD_MS@
+server process.
+.It Cm day
+One file generation set element is created per day.
+A day is
+defined as the period between 00:00 and 24:00 UTC.
+The file set
+member suffix consists of a
+.Ql \&.
+and a day specification in
+the form
+.Cm YYYYMMdd .
+.Cm YYYY
+is a 4-digit year number (e.g., 1992).
+.Cm MM
+is a two digit month number.
+.Cm dd
+is a two digit day number.
+Thus, all information written at 10 December 1992 would end up
+in a file named
+.Ar prefix
+.Ar filename Ns .19921210 .
+.It Cm week
+Any file set member contains data related to a certain week of
+a year.
+The term week is defined by computing day-of-year
+modulo 7.
+Elements of such a file generation set are
+distinguished by appending the following suffix to the file set
+filename base: A dot, a 4-digit year number, the letter
+.Cm W ,
+and a 2-digit week number.
+For example, information from January,
+10th 1992 would end up in a file with suffix
+.No . Ns Ar 1992W1 .
+.It Cm month
+One generation file set element is generated per month.
+The
+file name suffix consists of a dot, a 4-digit year number, and
+a 2-digit month.
+.It Cm year
+One generation file element is generated per year.
+The filename
+suffix consists of a dot and a 4 digit year number.
+.It Cm age
+This type of file generation sets changes to a new element of
+the file set every 24 hours of server operation.
+The filename
+suffix consists of a dot, the letter
+.Cm a ,
+and an 8-digit number.
+This number is taken to be the number of seconds the server is
+running at the start of the corresponding 24-hour period.
+Information is only written to a file generation by specifying
+.Cm enable ;
+output is prevented by specifying
+.Cm disable .
+.El
+.It Cm link | nolink
+It is convenient to be able to access the current element of a file
+generation set by a fixed name.
+This feature is enabled by
+specifying
+.Cm link
+and disabled using
+.Cm nolink .
+If link is specified, a
+hard link from the current file set element to a file without
+suffix is created.
+When there is already a file with this name and
+the number of links of this file is one, it is renamed appending a
+dot, the letter
+.Cm C ,
+and the pid of the ntpd server process.
+When the
+number of links is greater than one, the file is unlinked.
+This
+allows the current file to be accessed by a constant name.
+.It Cm enable \&| Cm disable
+Enables or disables the recording function.
+.El
+.El
+.El
+.Sh Access Control Support
+The
+.Xr ntpd @NTPD_MS@
+daemon implements a general purpose address/mask based restriction
+list.
+The list contains address/match entries sorted first
+by increasing address values and and then by increasing mask values.
+A match occurs when the bitwise AND of the mask and the packet
+source address is equal to the bitwise AND of the mask and
+address in the list.
+The list is searched in order with the
+last match found defining the restriction flags associated
+with the entry.
+Additional information and examples can be found in the
+.Qq Notes on Configuring NTP and Setting up a NTP Subnet
+page
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp ) .
+.Pp
+The restriction facility was implemented in conformance
+with the access policies for the original NSFnet backbone
+time servers.
+Later the facility was expanded to deflect
+cryptographic and clogging attacks.
+While this facility may
+be useful for keeping unwanted or broken or malicious clients
+from congesting innocent servers, it should not be considered
+an alternative to the NTP authentication facilities.
+Source address based restrictions are easily circumvented
+by a determined cracker.
+.Pp
+Clients can be denied service because they are explicitly
+included in the restrict list created by the restrict command
+or implicitly as the result of cryptographic or rate limit
+violations.
+Cryptographic violations include certificate
+or identity verification failure; rate limit violations generally
+result from defective NTP implementations that send packets
+at abusive rates.
+Some violations cause denied service
+only for the offending packet, others cause denied service
+for a timed period and others cause the denied service for
+an indefinate period.
+When a client or network is denied access
+for an indefinate period, the only way at present to remove
+the restrictions is by restarting the server.
+.Ss The Kiss-of-Death Packet
+Ordinarily, packets denied service are simply dropped with no
+further action except incrementing statistics counters.
+Sometimes a
+more proactive response is needed, such as a server message that
+explicitly requests the client to stop sending and leave a message
+for the system operator.
+A special packet format has been created
+for this purpose called the "kiss-of-death" (KoD) packet.
+KoD packets have the leap bits set unsynchronized and stratum set
+to zero and the reference identifier field set to a four-byte
+ASCII code.
+If the
+.Cm noserve
+or
+.Cm notrust
+flag of the matching restrict list entry is set,
+the code is "DENY"; if the
+.Cm limited
+flag is set and the rate limit
+is exceeded, the code is "RATE".
+Finally, if a cryptographic violation occurs, the code is "CRYP".
+.Pp
+A client receiving a KoD performs a set of sanity checks to
+minimize security exposure, then updates the stratum and
+reference identifier peer variables, sets the access
+denied (TEST4) bit in the peer flash variable and sends
+a message to the log.
+As long as the TEST4 bit is set,
+the client will send no further packets to the server.
+The only way at present to recover from this condition is
+to restart the protocol at both the client and server.
+This
+happens automatically at the client when the association times out.
+It will happen at the server only if the server operator cooperates.
+.Ss Access Control Commands
+.Bl -tag -width indent
+.It Xo Ic discard
+.Op Cm average Ar avg
+.Op Cm minimum Ar min
+.Op Cm monitor Ar prob
+.Xc
+Set the parameters of the
+.Cm limited
+facility which protects the server from
+client abuse.
+The
+.Cm average
+subcommand specifies the minimum average packet
+spacing, while the
+.Cm minimum
+subcommand specifies the minimum packet spacing.
+Packets that violate these minima are discarded
+and a kiss-o'-death packet returned if enabled.
+The default
+minimum average and minimum are 5 and 2, respectively.
+The monitor subcommand specifies the probability of discard
+for packets that overflow the rate-control window.
+.It Xo Ic restrict address
+.Op Cm mask Ar mask
+.Op Ar flag ...
+.Xc
+The
+.Ar address
+argument expressed in
+dotted-quad form is the address of a host or network.
+Alternatively, the
+.Ar address
+argument can be a valid host DNS name.
+The
+.Ar mask
+argument expressed in dotted-quad form defaults to
+.Cm 255.255.255.255 ,
+meaning that the
+.Ar address
+is treated as the address of an individual host.
+A default entry (address
+.Cm 0.0.0.0 ,
+mask
+.Cm 0.0.0.0 )
+is always included and is always the first entry in the list.
+Note that text string
+.Cm default ,
+with no mask option, may
+be used to indicate the default entry.
+In the current implementation,
+.Cm flag
+always
+restricts access, i.e., an entry with no flags indicates that free
+access to the server is to be given.
+The flags are not orthogonal,
+in that more restrictive flags will often make less restrictive
+ones redundant.
+The flags can generally be classed into two
+categories, those which restrict time service and those which
+restrict informational queries and attempts to do run-time
+reconfiguration of the server.
+One or more of the following flags
+may be specified:
+.Bl -tag -width indent
+.It Cm ignore
+Deny packets of all kinds, including
+.Xr ntpq @NTPQ_MS@
+and
+.Xr ntpdc @NTPDC_MS@
+queries.
+.It Cm kod
+If this flag is set when an access violation occurs, a kiss-o'-death
+(KoD) packet is sent.
+KoD packets are rate limited to no more than one
+per second.
+If another KoD packet occurs within one second after the
+last one, the packet is dropped.
+.It Cm limited
+Deny service if the packet spacing violates the lower limits specified
+in the discard command.
+A history of clients is kept using the
+monitoring capability of
+.Xr ntpd @NTPD_MS@ .
+Thus, monitoring is always active as
+long as there is a restriction entry with the
+.Cm limited
+flag.
+.It Cm lowpriotrap
+Declare traps set by matching hosts to be low priority.
+The
+number of traps a server can maintain is limited (the current limit
+is 3).
+Traps are usually assigned on a first come, first served
+basis, with later trap requestors being denied service.
+This flag
+modifies the assignment algorithm by allowing low priority traps to
+be overridden by later requests for normal priority traps.
+.It Cm nomodify
+Deny
+.Xr ntpq @NTPQ_MS@
+and
+.Xr ntpdc @NTPDC_MS@
+queries which attempt to modify the state of the
+server (i.e., run time reconfiguration).
+Queries which return
+information are permitted.
+.It Cm noquery
+Deny
+.Xr ntpq @NTPQ_MS@
+and
+.Xr ntpdc @NTPDC_MS@
+queries.
+Time service is not affected.
+.It Cm nopeer
+Deny packets which would result in mobilizing a new association.
+This
+includes broadcast and symmetric active packets when a configured
+association does not exist.
+.It Cm noserve
+Deny all packets except
+.Xr ntpq @NTPQ_MS@
+and
+.Xr ntpdc @NTPDC_MS@
+queries.
+.It Cm notrap
+Decline to provide mode 6 control message trap service to matching
+hosts.
+The trap service is a subsystem of the ntpdq control message
+protocol which is intended for use by remote event logging programs.
+.It Cm notrust
+Deny service unless the packet is cryptographically authenticated.
+.It Cm ntpport
+This is actually a match algorithm modifier, rather than a
+restriction flag.
+Its presence causes the restriction entry to be
+matched only if the source port in the packet is the standard NTP
+UDP port (123).
+Both
+.Cm ntpport
+and
+.Cm non-ntpport
+may
+be specified.
+The
+.Cm ntpport
+is considered more specific and
+is sorted later in the list.
+.It Cm version
+Deny packets that do not match the current NTP version.
+.El
+.Pp
+Default restriction list entries with the flags ignore, interface,
+ntpport, for each of the local host's interface addresses are
+inserted into the table at startup to prevent the server
+from attempting to synchronize to its own time.
+A default entry is also always present, though if it is
+otherwise unconfigured; no flags are associated
+with the default entry (i.e., everything besides your own
+NTP server is unrestricted).
+.El
+.Sh Automatic NTP Configuration Options
+.Ss Manycasting
+Manycasting is a automatic discovery and configuration paradigm
+new to NTPv4.
+It is intended as a means for a multicast client
+to troll the nearby network neighborhood to find cooperating
+manycast servers, validate them using cryptographic means
+and evaluate their time values with respect to other servers
+that might be lurking in the vicinity.
+The intended result is that each manycast client mobilizes
+client associations with some number of the "best"
+of the nearby manycast servers, yet automatically reconfigures
+to sustain this number of servers should one or another fail.
+.Pp
+Note that the manycasting paradigm does not coincide
+with the anycast paradigm described in RFC-1546,
+which is designed to find a single server from a clique
+of servers providing the same service.
+The manycast paradigm is designed to find a plurality
+of redundant servers satisfying defined optimality criteria.
+.Pp
+Manycasting can be used with either symmetric key
+or public key cryptography.
+The public key infrastructure (PKI)
+offers the best protection against compromised keys
+and is generally considered stronger, at least with relatively
+large key sizes.
+It is implemented using the Autokey protocol and
+the OpenSSL cryptographic library available from
+.Li http://www.openssl.org/ .
+The library can also be used with other NTPv4 modes
+as well and is highly recommended, especially for broadcast modes.
+.Pp
+A persistent manycast client association is configured
+using the manycastclient command, which is similar to the
+server command but with a multicast (IPv4 class
+.Cm D
+or IPv6 prefix
+.Cm FF )
+group address.
+The IANA has designated IPv4 address 224.1.1.1
+and IPv6 address FF05::101 (site local) for NTP.
+When more servers are needed, it broadcasts manycast
+client messages to this address at the minimum feasible rate
+and minimum feasible time-to-live (TTL) hops, depending
+on how many servers have already been found.
+There can be as many manycast client associations
+as different group address, each one serving as a template
+for a future ephemeral unicast client/server association.
+.Pp
+Manycast servers configured with the
+.Ic manycastserver
+command listen on the specified group address for manycast
+client messages.
+Note the distinction between manycast client,
+which actively broadcasts messages, and manycast server,
+which passively responds to them.
+If a manycast server is
+in scope of the current TTL and is itself synchronized
+to a valid source and operating at a stratum level equal
+to or lower than the manycast client, it replies to the
+manycast client message with an ordinary unicast server message.
+.Pp
+The manycast client receiving this message mobilizes
+an ephemeral client/server association according to the
+matching manycast client template, but only if cryptographically
+authenticated and the server stratum is less than or equal
+to the client stratum.
+Authentication is explicitly required
+and either symmetric key or public key (Autokey) can be used.
+Then, the client polls the server at its unicast address
+in burst mode in order to reliably set the host clock
+and validate the source.
+This normally results
+in a volley of eight client/server at 2-s intervals
+during which both the synchronization and cryptographic
+protocols run concurrently.
+Following the volley,
+the client runs the NTP intersection and clustering
+algorithms, which act to discard all but the "best"
+associations according to stratum and synchronization
+distance.
+The surviving associations then continue
+in ordinary client/server mode.
+.Pp
+The manycast client polling strategy is designed to reduce
+as much as possible the volume of manycast client messages
+and the effects of implosion due to near-simultaneous
+arrival of manycast server messages.
+The strategy is determined by the
+.Ic manycastclient ,
+.Ic tos
+and
+.Ic ttl
+configuration commands.
+The manycast poll interval is
+normally eight times the system poll interval,
+which starts out at the
+.Cm minpoll
+value specified in the
+.Ic manycastclient ,
+command and, under normal circumstances, increments to the
+.Cm maxpolll
+value specified in this command.
+Initially, the TTL is
+set at the minimum hops specified by the ttl command.
+At each retransmission the TTL is increased until reaching
+the maximum hops specified by this command or a sufficient
+number client associations have been found.
+Further retransmissions use the same TTL.
+.Pp
+The quality and reliability of the suite of associations
+discovered by the manycast client is determined by the NTP
+mitigation algorithms and the
+.Cm minclock
+and
+.Cm minsane
+values specified in the
+.Ic tos
+configuration command.
+At least
+.Cm minsane
+candidate servers must be available and the mitigation
+algorithms produce at least
+.Cm minclock
+survivors in order to synchronize the clock.
+Byzantine agreement principles require at least four
+candidates in order to correctly discard a single falseticker.
+For legacy purposes,
+.Cm minsane
+defaults to 1 and
+.Cm minclock
+defaults to 3.
+For manycast service
+.Cm minsane
+should be explicitly set to 4, assuming at least that
+number of servers are available.
+.Pp
+If at least
+.Cm minclock
+servers are found, the manycast poll interval is immediately
+set to eight times
+.Cm maxpoll .
+If less than
+.Cm minclock
+servers are found when the TTL has reached the maximum hops,
+the manycast poll interval is doubled.
+For each transmission
+after that, the poll interval is doubled again until
+reaching the maximum of eight times
+.Cm maxpoll .
+Further transmissions use the same poll interval and
+TTL values.
+Note that while all this is going on,
+each client/server association found is operating normally
+it the system poll interval.
+.Pp
+Administratively scoped multicast boundaries are normally
+specified by the network router configuration and,
+in the case of IPv6, the link/site scope prefix.
+By default, the increment for TTL hops is 32 starting
+from 31; however, the
+.Ic ttl
+configuration command can be
+used to modify the values to match the scope rules.
+.Pp
+It is often useful to narrow the range of acceptable
+servers which can be found by manycast client associations.
+Because manycast servers respond only when the client
+stratum is equal to or greater than the server stratum,
+primary (stratum 1) servers fill find only primary servers
+in TTL range, which is probably the most common objective.
+However, unless configured otherwise, all manycast clients
+in TTL range will eventually find all primary servers
+in TTL range, which is probably not the most common
+objective in large networks.
+The
+.Ic tos
+command can be used to modify this behavior.
+Servers with stratum below
+.Cm floor
+or above
+.Cm ceiling
+specified in the
+.Ic tos
+command are strongly discouraged during the selection
+process; however, these servers may be temporally
+accepted if the number of servers within TTL range is
+less than
+.Cm minclock .
+.Pp
+The above actions occur for each manycast client message,
+which repeats at the designated poll interval.
+However, once the ephemeral client association is mobilized,
+subsequent manycast server replies are discarded,
+since that would result in a duplicate association.
+If during a poll interval the number of client associations
+falls below
+.Cm minclock ,
+all manycast client prototype associations are reset
+to the initial poll interval and TTL hops and operation
+resumes from the beginning.
+It is important to avoid
+frequent manycast client messages, since each one requires
+all manycast servers in TTL range to respond.
+The result could well be an implosion, either minor or major,
+depending on the number of servers in range.
+The recommended value for
+.Cm maxpoll
+is 12 (4,096 s).
+.Pp
+It is possible and frequently useful to configure a host
+as both manycast client and manycast server.
+A number of hosts configured this way and sharing a common
+group address will automatically organize themselves
+in an optimum configuration based on stratum and
+synchronization distance.
+For example, consider an NTP
+subnet of two primary servers and a hundred or more
+dependent clients.
+With two exceptions, all servers
+and clients have identical configuration files including both
+.Ic multicastclient
+and
+.Ic multicastserver
+commands using, for instance, multicast group address
+239.1.1.1.
+The only exception is that each primary server
+configuration file must include commands for the primary
+reference source such as a GPS receiver.
+.Pp
+The remaining configuration files for all secondary
+servers and clients have the same contents, except for the
+.Ic tos
+command, which is specific for each stratum level.
+For stratum 1 and stratum 2 servers, that command is
+not necessary.
+For stratum 3 and above servers the
+.Cm floor
+value is set to the intended stratum number.
+Thus, all stratum 3 configuration files are identical,
+all stratum 4 files are identical and so forth.
+.Pp
+Once operations have stabilized in this scenario,
+the primary servers will find the primary reference source
+and each other, since they both operate at the same
+stratum (1), but not with any secondary server or client,
+since these operate at a higher stratum.
+The secondary
+servers will find the servers at the same stratum level.
+If one of the primary servers loses its GPS receiver,
+it will continue to operate as a client and other clients
+will time out the corresponding association and
+re-associate accordingly.
+.Pp
+Some administrators prefer to avoid running
+.Xr ntpd @NTPD_MS@
+continuously and run either
+.Xr ntpdate 8
+or
+.Xr ntpd @NTPD_MS@
+.Fl q
+as a cron job.
+In either case the servers must be
+configured in advance and the program fails if none are
+available when the cron job runs.
+A really slick
+application of manycast is with
+.Xr ntpd @NTPD_MS@
+.Fl q .
+The program wakes up, scans the local landscape looking
+for the usual suspects, selects the best from among
+the rascals, sets the clock and then departs.
+Servers do not have to be configured in advance and
+all clients throughout the network can have the same
+configuration file.
+.Ss Manycast Interactions with Autokey
+Each time a manycast client sends a client mode packet
+to a multicast group address, all manycast servers
+in scope generate a reply including the host name
+and status word.
+The manycast clients then run
+the Autokey protocol, which collects and verifies
+all certificates involved.
+Following the burst interval
+all but three survivors are cast off,
+but the certificates remain in the local cache.
+It often happens that several complete signing trails
+from the client to the primary servers are collected in this way.
+.Pp
+About once an hour or less often if the poll interval
+exceeds this, the client regenerates the Autokey key list.
+This is in general transparent in client/server mode.
+However, about once per day the server private value
+used to generate cookies is refreshed along with all
+manycast client associations.
+In this case all
+cryptographic values including certificates is refreshed.
+If a new certificate has been generated since
+the last refresh epoch, it will automatically revoke
+all prior certificates that happen to be in the
+certificate cache.
+At the same time, the manycast
+scheme starts all over from the beginning and
+the expanding ring shrinks to the minimum and increments
+from there while collecting all servers in scope.
+.Ss Manycast Options
+.Bl -tag -width indent
+.It Xo Ic tos
+.Oo
+.Cm ceiling Ar ceiling |
+.Cm cohort { 0 | 1 } |
+.Cm floor Ar floor |
+.Cm minclock Ar minclock |
+.Cm minsane Ar minsane
+.Oc
+.Xc
+This command affects the clock selection and clustering
+algorithms.
+It can be used to select the quality and
+quantity of peers used to synchronize the system clock
+and is most useful in manycast mode.
+The variables operate
+as follows:
+.Bl -tag -width indent
+.It Cm ceiling Ar ceiling
+Peers with strata above
+.Cm ceiling
+will be discarded if there are at least
+.Cm minclock
+peers remaining.
+This value defaults to 15, but can be changed
+to any number from 1 to 15.
+.It Cm cohort Bro 0 | 1 Brc
+This is a binary flag which enables (0) or disables (1)
+manycast server replies to manycast clients with the same
+stratum level.
+This is useful to reduce implosions where
+large numbers of clients with the same stratum level
+are present.
+The default is to enable these replies.
+.It Cm floor Ar floor
+Peers with strata below
+.Cm floor
+will be discarded if there are at least
+.Cm minclock
+peers remaining.
+This value defaults to 1, but can be changed
+to any number from 1 to 15.
+.It Cm minclock Ar minclock
+The clustering algorithm repeatedly casts out outlyer
+associations until no more than
+.Cm minclock
+associations remain.
+This value defaults to 3,
+but can be changed to any number from 1 to the number of
+configured sources.
+.It Cm minsane Ar minsane
+This is the minimum number of candidates available
+to the clock selection algorithm in order to produce
+one or more truechimers for the clustering algorithm.
+If fewer than this number are available, the clock is
+undisciplined and allowed to run free.
+The default is 1
+for legacy purposes.
+However, according to principles of
+Byzantine agreement,
+.Cm minsane
+should be at least 4 in order to detect and discard
+a single falseticker.
+.El
+.It Cm ttl Ar hop ...
+This command specifies a list of TTL values in increasing
+order, up to 8 values can be specified.
+In manycast mode these values are used in turn
+in an expanding-ring search.
+The default is eight
+multiples of 32 starting at 31.
+.El
+.Sh Reference Clock Support
+The NTP Version 4 daemon supports some three dozen different radio,
+satellite and modem reference clocks plus a special pseudo-clock
+used for backup or when no other clock source is available.
+Detailed descriptions of individual device drivers and options can
+be found in the
+.Qq Reference Clock Drivers
+page
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp ) .
+Additional information can be found in the pages linked
+there, including the
+.Qq Debugging Hints for Reference Clock Drivers
+and
+.Qq How To Write a Reference Clock Driver
+pages
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp ) .
+In addition, support for a PPS
+signal is available as described in the
+.Qq Pulse-per-second (PPS) Signal Interfacing
+page
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp ) .
+Many
+drivers support special line discipline/streams modules which can
+significantly improve the accuracy using the driver.
+These are
+described in the
+.Qq Line Disciplines and Streams Drivers
+page
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp ) .
+.Pp
+A reference clock will generally (though not always) be a radio
+timecode receiver which is synchronized to a source of standard
+time such as the services offered by the NRC in Canada and NIST and
+USNO in the US.
+The interface between the computer and the timecode
+receiver is device dependent, but is usually a serial port.
+A
+device driver specific to each reference clock must be selected and
+compiled in the distribution; however, most common radio, satellite
+and modem clocks are included by default.
+Note that an attempt to
+configure a reference clock when the driver has not been compiled
+or the hardware port has not been appropriately configured results
+in a scalding remark to the system log file, but is otherwise non
+hazardous.
+.Pp
+For the purposes of configuration,
+.Xr ntpd @NTPD_MS@
+treats
+reference clocks in a manner analogous to normal NTP peers as much
+as possible.
+Reference clocks are identified by a syntactically
+correct but invalid IP address, in order to distinguish them from
+normal NTP peers.
+Reference clock addresses are of the form
+.Sm off
+.Li 127.127. Ar t . Ar u ,
+.Sm on
+where
+.Ar t
+is an integer
+denoting the clock type and
+.Ar u
+indicates the unit
+number in the range 0-3.
+While it may seem overkill, it is in fact
+sometimes useful to configure multiple reference clocks of the same
+type, in which case the unit numbers must be unique.
+.Pp
+The
+.Ic server
+command is used to configure a reference
+clock, where the
+.Ar address
+argument in that command
+is the clock address.
+The
+.Cm key ,
+.Cm version
+and
+.Cm ttl
+options are not used for reference clock support.
+The
+.Cm mode
+option is added for reference clock support, as
+described below.
+The
+.Cm prefer
+option can be useful to
+persuade the server to cherish a reference clock with somewhat more
+enthusiasm than other reference clocks or peers.
+Further
+information on this option can be found in the
+.Qq Mitigation Rules and the prefer Keyword
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp )
+page.
+The
+.Cm minpoll
+and
+.Cm maxpoll
+options have
+meaning only for selected clock drivers.
+See the individual clock
+driver document pages for additional information.
+.Pp
+The
+.Ic fudge
+command is used to provide additional
+information for individual clock drivers and normally follows
+immediately after the
+.Ic server
+command.
+The
+.Ar address
+argument specifies the clock address.
+The
+.Cm refid
+and
+.Cm stratum
+options can be used to
+override the defaults for the device.
+There are two optional
+device-dependent time offsets and four flags that can be included
+in the
+.Ic fudge
+command as well.
+.Pp
+The stratum number of a reference clock is by default zero.
+Since the
+.Xr ntpd @NTPD_MS@
+daemon adds one to the stratum of each
+peer, a primary server ordinarily displays an external stratum of
+one.
+In order to provide engineered backups, it is often useful to
+specify the reference clock stratum as greater than zero.
+The
+.Cm stratum
+option is used for this purpose.
+Also, in cases
+involving both a reference clock and a pulse-per-second (PPS)
+discipline signal, it is useful to specify the reference clock
+identifier as other than the default, depending on the driver.
+The
+.Cm refid
+option is used for this purpose.
+Except where noted,
+these options apply to all clock drivers.
+.Ss Reference Clock Commands
+.Bl -tag -width indent
+.It Xo Ic server
+.Sm off
+.Li 127.127. Ar t . Ar u
+.Sm on
+.Op Cm prefer
+.Op Cm mode Ar int
+.Op Cm minpoll Ar int
+.Op Cm maxpoll Ar int
+.Xc
+This command can be used to configure reference clocks in
+special ways.
+The options are interpreted as follows:
+.Bl -tag -width indent
+.It Cm prefer
+Marks the reference clock as preferred.
+All other things being
+equal, this host will be chosen for synchronization among a set of
+correctly operating hosts.
+See the
+.Qq Mitigation Rules and the prefer Keyword
+page
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp )
+for further information.
+.It Cm mode Ar int
+Specifies a mode number which is interpreted in a
+device-specific fashion.
+For instance, it selects a dialing
+protocol in the ACTS driver and a device subtype in the
+parse
+drivers.
+.It Cm minpoll Ar int
+.It Cm maxpoll Ar int
+These options specify the minimum and maximum polling interval
+for reference clock messages, as a power of 2 in seconds
+For
+most directly connected reference clocks, both
+.Cm minpoll
+and
+.Cm maxpoll
+default to 6 (64 s).
+For modem reference clocks,
+.Cm minpoll
+defaults to 10 (17.1 m) and
+.Cm maxpoll
+defaults to 14 (4.5 h).
+The allowable range is 4 (16 s) to 17 (36.4 h) inclusive.
+.El
+.It Xo Ic fudge
+.Sm off
+.Li 127.127. Ar t . Ar u
+.Sm on
+.Op Cm time1 Ar sec
+.Op Cm time2 Ar sec
+.Op Cm stratum Ar int
+.Op Cm refid Ar string
+.Op Cm mode Ar int
+.Op Cm flag1 Cm 0 \&| Cm 1
+.Op Cm flag2 Cm 0 \&| Cm 1
+.Op Cm flag3 Cm 0 \&| Cm 1
+.Op Cm flag4 Cm 0 \&| Cm 1
+.Xc
+This command can be used to configure reference clocks in
+special ways.
+It must immediately follow the
+.Ic server
+command which configures the driver.
+Note that the same capability
+is possible at run time using the
+.Xr ntpdc @NTPDC_MS@
+program.
+The options are interpreted as
+follows:
+.Bl -tag -width indent
+.It Cm time1 Ar sec
+Specifies a constant to be added to the time offset produced by
+the driver, a fixed-point decimal number in seconds.
+This is used
+as a calibration constant to adjust the nominal time offset of a
+particular clock to agree with an external standard, such as a
+precision PPS signal.
+It also provides a way to correct a
+systematic error or bias due to serial port or operating system
+latencies, different cable lengths or receiver internal delay.
+The
+specified offset is in addition to the propagation delay provided
+by other means, such as internal DIPswitches.
+Where a calibration
+for an individual system and driver is available, an approximate
+correction is noted in the driver documentation pages.
+Note: in order to facilitate calibration when more than one
+radio clock or PPS signal is supported, a special calibration
+feature is available.
+It takes the form of an argument to the
+.Ic enable
+command described in
+.Sx Miscellaneous Options
+page and operates as described in the
+.Qq Reference Clock Drivers
+page
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp ) .
+.It Cm time2 Ar secs
+Specifies a fixed-point decimal number in seconds, which is
+interpreted in a driver-dependent way.
+See the descriptions of
+specific drivers in the
+.Qq Reference Clock Drivers
+page
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp ) .
+.It Cm stratum Ar int
+Specifies the stratum number assigned to the driver, an integer
+between 0 and 15.
+This number overrides the default stratum number
+ordinarily assigned by the driver itself, usually zero.
+.It Cm refid Ar string
+Specifies an ASCII string of from one to four characters which
+defines the reference identifier used by the driver.
+This string
+overrides the default identifier ordinarily assigned by the driver
+itself.
+.It Cm mode Ar int
+Specifies a mode number which is interpreted in a
+device-specific fashion.
+For instance, it selects a dialing
+protocol in the ACTS driver and a device subtype in the
+parse
+drivers.
+.It Cm flag1 Cm 0 \&| Cm 1
+.It Cm flag2 Cm 0 \&| Cm 1
+.It Cm flag3 Cm 0 \&| Cm 1
+.It Cm flag4 Cm 0 \&| Cm 1
+These four flags are used for customizing the clock driver.
+The
+interpretation of these values, and whether they are used at all,
+is a function of the particular clock driver.
+However, by
+convention
+.Cm flag4
+is used to enable recording monitoring
+data to the
+.Cm clockstats
+file configured with the
+.Ic filegen
+command.
+Further information on the
+.Ic filegen
+command can be found in
+.Sx Monitoring Options .
+.El
+.El
+.Sh Miscellaneous Options
+.Bl -tag -width indent
+.It Ic broadcastdelay Ar seconds
+The broadcast and multicast modes require a special calibration
+to determine the network delay between the local and remote
+servers.
+Ordinarily, this is done automatically by the initial
+protocol exchanges between the client and server.
+In some cases,
+the calibration procedure may fail due to network or server access
+controls, for example.
+This command specifies the default delay to
+be used under these circumstances.
+Typically (for Ethernet), a
+number between 0.003 and 0.007 seconds is appropriate.
+The default
+when this command is not used is 0.004 seconds.
+.It Ic calldelay Ar delay
+This option controls the delay in seconds between the first and second
+packets sent in burst or iburst mode to allow additional time for a modem
+or ISDN call to complete.
+.It Ic driftfile Ar driftfile
+This command specifies the complete path and name of the file used to
+record the frequency of the local clock oscillator.
+This is the same
+operation as the
+.Fl f
+command line option.
+If the file exists, it is read at
+startup in order to set the initial frequency and then updated once per
+hour with the current frequency computed by the daemon.
+If the file name is
+specified, but the file itself does not exist, the starts with an initial
+frequency of zero and creates the file when writing it for the first time.
+If this command is not given, the daemon will always start with an initial
+frequency of zero.
+.Pp
+The file format consists of a single line containing a single
+floating point number, which records the frequency offset measured
+in parts-per-million (PPM).
+The file is updated by first writing
+the current drift value into a temporary file and then renaming
+this file to replace the old version.
+This implies that
+.Xr ntpd @NTPD_MS@
+must have write permission for the directory the
+drift file is located in, and that file system links, symbolic or
+otherwise, should be avoided.
+.It Xo Ic enable
+.Oo
+.Cm auth | Cm bclient |
+.Cm calibrate | Cm kernel |
+.Cm monitor | Cm ntp |
+.Cm pps | Cm stats
+.Oc
+.Xc
+.It Xo Ic disable
+.Oo
+.Cm auth | Cm bclient |
+.Cm calibrate | Cm kernel |
+.Cm monitor | Cm ntp |
+.Cm pps | Cm stats
+.Oc
+.Xc
+Provides a way to enable or disable various server options.
+Flags not mentioned are unaffected.
+Note that all of these flags
+can be controlled remotely using the
+.Xr ntpdc @NTPDC_MS@
+utility program.
+.Bl -tag -width indent
+.It Cm auth
+Enables the server to synchronize with unconfigured peers only if the
+peer has been correctly authenticated using either public key or
+private key cryptography.
+The default for this flag is
+.Ic enable .
+.It Cm bclient
+Enables the server to listen for a message from a broadcast or
+multicast server, as in the
+.Ic multicastclient
+command with default
+address.
+The default for this flag is
+.Ic disable .
+.It Cm calibrate
+Enables the calibrate feature for reference clocks.
+The default for
+this flag is
+.Ic disable .
+.It Cm kernel
+Enables the kernel time discipline, if available.
+The default for this
+flag is
+.Ic enable
+if support is available, otherwise
+.Ic disable .
+.It Cm monitor
+Enables the monitoring facility.
+See the
+.Xr ntpdc @NTPDC_MS@
+program
+and the
+.Ic monlist
+command or further information.
+The
+default for this flag is
+.Ic enable .
+.It Cm ntp
+Enables time and frequency discipline.
+In effect, this switch opens and
+closes the feedback loop, which is useful for testing.
+The default for
+this flag is
+.Ic enable .
+.It Cm pps
+Enables the pulse-per-second (PPS) signal when frequency and time is
+disciplined by the precision time kernel modifications.
+See the
+.Qq A Kernel Model for Precision Timekeeping
+(available as part of the HTML documentation
+provided in
+.Pa /usr/share/doc/ntp )
+page for further information.
+The default for this flag is
+.Ic disable .
+.It Cm stats
+Enables the statistics facility.
+See the
+.Sx Monitoring Options
+section for further information.
+The default for this flag is
+.Ic disable .
+.El
+.It Ic includefile Ar includefile
+This command allows additional configuration commands
+to be included from a separate file.
+Include files may
+be nested to a depth of five; upon reaching the end of any
+include file, command processing resumes in the previous
+configuration file.
+This option is useful for sites that run
+.Xr ntpd @NTPD_MS@
+on multiple hosts, with (mostly) common options (e.g., a
+restriction list).
+.It Ic logconfig Ar configkeyword
+This command controls the amount and type of output written to
+the system
+.Xr syslog 3
+facility or the alternate
+.Ic logfile
+log file.
+By default, all output is turned on.
+All
+.Ar configkeyword
+keywords can be prefixed with
+.Ql = ,
+.Ql +
+and
+.Ql - ,
+where
+.Ql =
+sets the
+.Xr syslog 3
+priority mask,
+.Ql +
+adds and
+.Ql -
+removes
+messages.
+.Xr syslog 3
+messages can be controlled in four
+classes
+.Po
+.Cm clock ,
+.Cm peer ,
+.Cm sys
+and
+.Cm sync
+.Pc .
+Within these classes four types of messages can be
+controlled: informational messages
+.Po
+.Cm info
+.Pc ,
+event messages
+.Po
+.Cm events
+.Pc ,
+statistics messages
+.Po
+.Cm statistics
+.Pc
+and
+status messages
+.Po
+.Cm status
+.Pc .
+.Pp
+Configuration keywords are formed by concatenating the message class with
+the event class.
+The
+.Cm all
+prefix can be used instead of a message class.
+A
+message class may also be followed by the
+.Cm all
+keyword to enable/disable all
+messages of the respective message class.Thus, a minimal log configuration
+could look like this:
+.Bd -literal
+logconfig =syncstatus +sysevents
+.Ed
+.Pp
+This would just list the synchronizations state of
+.Xr ntpd @NTPD_MS@
+and the major system events.
+For a simple reference server, the
+following minimum message configuration could be useful:
+.Bd -literal
+logconfig =syncall +clockall
+.Ed
+.Pp
+This configuration will list all clock information and
+synchronization information.
+All other events and messages about
+peers, system events and so on is suppressed.
+.It Ic logfile Ar logfile
+This command specifies the location of an alternate log file to
+be used instead of the default system
+.Xr syslog 3
+facility.
+This is the same operation as the -l command line option.
+.It Ic setvar Ar variable Op Cm default
+This command adds an additional system variable.
+These
+variables can be used to distribute additional information such as
+the access policy.
+If the variable of the form
+.Sm off
+.Va name = Ar value
+.Sm on
+is followed by the
+.Cm default
+keyword, the
+variable will be listed as part of the default system variables
+.Po
+.Xr ntpq @NTPQ_MS@
+.Ic rv
+command
+.Pc ) .
+These additional variables serve
+informational purposes only.
+They are not related to the protocol
+other that they can be listed.
+The known protocol variables will
+always override any variables defined via the
+.Ic setvar
+mechanism.
+There are three special variables that contain the names
+of all variable of the same group.
+The
+.Va sys_var_list
+holds
+the names of all system variables.
+The
+.Va peer_var_list
+holds
+the names of all peer variables and the
+.Va clock_var_list
+holds the names of the reference clock variables.
+.It Xo Ic tinker
+.Oo
+.Cm allan Ar allan |
+.Cm dispersion Ar dispersion |
+.Cm freq Ar freq |
+.Cm huffpuff Ar huffpuff |
+.Cm panic Ar panic |
+.Cm step Ar srep |
+.Cm stepout Ar stepout
+.Oc
+.Xc
+This command can be used to alter several system variables in
+very exceptional circumstances.
+It should occur in the
+configuration file before any other configuration options.
+The
+default values of these variables have been carefully optimized for
+a wide range of network speeds and reliability expectations.
+In
+general, they interact in intricate ways that are hard to predict
+and some combinations can result in some very nasty behavior.
+Very
+rarely is it necessary to change the default values; but, some
+folks cannot resist twisting the knobs anyway and this command is
+for them.
+Emphasis added: twisters are on their own and can expect
+no help from the support group.
+.Pp
+The variables operate as follows:
+.Bl -tag -width indent
+.It Cm allan Ar allan
+The argument becomes the new value for the minimum Allan
+intercept, which is a parameter of the PLL/FLL clock discipline
+algorithm.
+The value in log2 seconds defaults to 7 (1024 s), which is also the lower
+limit.
+.It Cm dispersion Ar dispersion
+The argument becomes the new value for the dispersion increase rate,
+normally .000015 s/s.
+.It Cm freq Ar freq
+The argument becomes the initial value of the frequency offset in
+parts-per-million.
+This overrides the value in the frequency file, if
+present, and avoids the initial training state if it is not.
+.It Cm huffpuff Ar huffpuff
+The argument becomes the new value for the experimental
+huff-n'-puff filter span, which determines the most recent interval
+the algorithm will search for a minimum delay.
+The lower limit is
+900 s (15 m), but a more reasonable value is 7200 (2 hours).
+There
+is no default, since the filter is not enabled unless this command
+is given.
+.It Cm panic Ar panic
+The argument is the panic threshold, normally 1000 s.
+If set to zero,
+the panic sanity check is disabled and a clock offset of any value will
+be accepted.
+.It Cm step Ar step
+The argument is the step threshold, which by default is 0.128 s.
+It can
+be set to any positive number in seconds.
+If set to zero, step
+adjustments will never occur.
+Note: The kernel time discipline is
+disabled if the step threshold is set to zero or greater than the
+default.
+.It Cm stepout Ar stepout
+The argument is the stepout timeout, which by default is 900 s.
+It can
+be set to any positive number in seconds.
+If set to zero, the stepout
+pulses will not be suppressed.
+.El
+.It Xo Ic trap Ar host_address
+.Op Cm port Ar port_number
+.Op Cm interface Ar interface_address
+.Xc
+This command configures a trap receiver at the given host
+address and port number for sending messages with the specified
+local interface address.
+If the port number is unspecified, a value
+of 18447 is used.
+If the interface address is not specified, the
+message is sent with a source address of the local interface the
+message is sent through.
+Note that on a multihomed host the
+interface used may vary from time to time with routing changes.
+.Pp
+The trap receiver will generally log event messages and other
+information from the server in a log file.
+While such monitor
+programs may also request their own trap dynamically, configuring a
+trap receiver will ensure that no messages are lost when the server
+is started.
+.It Cm hop Ar ...
+This command specifies a list of TTL values in increasing order, up to 8
+values can be specified.
+In manycast mode these values are used in turn in
+an expanding-ring search.
+The default is eight multiples of 32 starting at
+31.
+.El
+.Sh "OPTIONS"
+.Bl -tag
+.It \-\-help
+Display usage information and exit.
+.It \-\-more-help
+Pass the extended usage information through a pager.
+.It \-\-version "[=\fI{v|c|n}\fP]"
+Output version of program and exit.  The default mode is `v', a simple
+version.  The `c' mode will print copyright information and `n' will
+print the full copyright notice.
+.El
+.Sh "OPTION PRESETS"
+Any option that is not marked as \fInot presettable\fP may be preset
+by loading values from environment variables named:
+.nf
+  \fBNTP_CONF_<option-name>\fP or \fBNTP_CONF\fP
+.fi
+.ad
+.Sh "ENVIRONMENT"
+See \fBOPTION PRESETS\fP for configuration environment variables.
+.Sh FILES
+.Bl -tag -width /etc/ntp.drift -compact
+.It Pa /etc/ntp.conf
+the default name of the configuration file
+.It Pa ntp.keys
+private MD5 keys
+.It Pa ntpkey
+RSA private key
+.It Pa ntpkey_ Ns Ar host
+RSA public key
+.It Pa ntp_dh
+Diffie-Hellman agreement parameters
+.El
+.Sh "EXIT STATUS"
+One of the following exit values will be returned:
+.Bl -tag
+.It 0 " (EXIT_SUCCESS)"
+Successful program execution.
+.It 1 " (EXIT_FAILURE)"
+The operation failed or the command syntax was not valid.
+.El
+.Sh "SEE ALSO"
+.Sh SEE ALSO
+.Xr ntpd @NTPD_MS@ ,
+.Xr ntpdc @NTPDC_MS@ ,
+.Xr ntpq @NTPQ_MS@
+.Pp
+In addition to the manual pages provided,
+comprehensive documentation is available on the world wide web
+at
+.Li http://www.ntp.org/ .
+A snapshot of this documentation is available in HTML format in
+.Pa /usr/share/doc/ntp .
+.Rs
+.%A David L. Mills
+.%T Network Time Protocol (Version 4)
+.%O RFC5905
+.Re
+.Sh "AUTHORS"
+The University of Delaware
+.Sh "COPYRIGHT"
+Copyright (C) 1970-2012 The University of Delaware all rights reserved.
+This program is released under the terms of the NTP license, <http://ntp.org/license>.
+.Sh BUGS
+The syntax checking is not picky; some combinations of
+ridiculous and even hilarious options and modes may not be
+detected.
+.Pp
+The
+.Pa ntpkey_ Ns Ar host
+files are really digital
+certificates.
+These should be obtained via secure directory
+services when they become universally available.Please send bug reports to: http://bugs.ntp.org, bugs at ntp.org
+.Sh NOTES
+This document is derived from FreeBSD..Pp
+This manual page was \fIAutoGen\fP-erated from the \fBntp.conf\fP
+option definitions.

==== ntpd/ntp.conf.mdoc.in ====
2012-08-30 20:37:37-04:00, stenn at psp-deb1.ntp.org +0 -0

==== ntpd/ntp.keys.5man ====
2012-08-30 20:37:37-04:00, stenn at psp-deb1.ntp.org +160 -0
  BitKeeper file /home/stenn/ntp-dev-autogen/ntpd/ntp.keys.5man

--- /dev/null	2012-08-30 22:06:47 -04:00
+++ 1.1/ntpd/ntp.keys.5man	2012-08-30 20:37:37 -04:00
@@ -0,0 +1,160 @@
+.TH ntp.keys 5man "11 Aug 2012" "4.2.7p295" "File Formats"
+.\"
+.\"  EDIT THIS FILE WITH CAUTION  (ntp.man)
+.\"  
+.\"  It has been AutoGen-ed  August 11, 2012 at 08:57:47 PM by AutoGen 5.16.2
+.\"  From the definitions    ntp.keys.def
+.\"  and the template file   agman-cmd.tpl
+.\"
+.SH NAME
+ntp.keys \- NTP key file format
+.SH SYNOPSIS
+.B ntp.keys
+.\" Long options only
+.RB [ \-\-\fIopt\-name\fP [ = "| ] \fIvalue\fP]]..."
+.PP
+All arguments must be options.
+.PP
+.SH DESCRIPTION
+This document describes the format of an NTP key file.
+For a description of the use of this type of file, see the
+.Qq Authentication Support
+section of the
+.Xr ntp.conf 5
+page.
+.PP
+In the case of DES, the keys are 56 bits long with,
+depending on type, a parity check on each byte.
+In the case of MD5, the keys are 64 bits (8 bytes).
+.Xr ntpd 8
+reads its keys from a file specified using the
+k
+command line option or the
+.Ic keys
+statement in the configuration file.
+While key number 0 is fixed by the NTP standard
+(as 56 zero bits)
+and may not be changed,
+one or more of the keys numbered 1 through 15
+may be arbitrarily set in the keys file.
+.PP
+The key file uses the same comment conventions
+as the configuration file.
+Key entries use a fixed format of the form
+.PP
+.D1 Ar keyno type key
+.PP
+where
+\fIkeyno\fR
+is a positive integer,
+\fItype\fR
+is a single character which defines the key format,
+and
+\fIkey\fR
+is the key itself.
+.PP
+The
+\fIkey\fR
+may be given in one of four different formats,
+controlled by the
+\fItype\fR
+character.
+The four key types, and corresponding formats,
+are listed following.
+.TP
+.BR Li S
+The key is a 64-bit hexadecimal number in the format
+specified in the DES specification;
+that is, the high order seven bits of each octet are used
+to form the 56-bit key
+while the low order bit of each octet is given a value
+such that odd parity is maintained for the octet.
+Leading zeroes must be specified
+(i.e., the key must be exactly 16 hex digits long)
+and odd parity must be maintained.
+Hence a zero key, in standard format, would be given as
+.Ql 0101010101010101 .
+.TP
+.BR Li N
+The key is a 64-bit hexadecimal number in the format
+specified in the NTP standard.
+This is the same as the DES format,
+except the bits in each octet have been rotated one bit right
+so that the parity bit is now the high order bit of the octet.
+Leading zeroes must be specified and odd parity must be maintained.
+A zero key in NTP format would be specified as
+.Ql 8080808080808080 .
+.TP
+.BR Li A
+The key is a 1-to-8 character ASCII string.
+A key is formed from this by using the low order 7 bits
+of each ASCII character in the string,
+with zeroes added on the right
+when necessary to form a full width 56-bit key,
+in the same way that encryption keys are formed from
+.Ux
+passwords.
+.TP
+.BR Li M
+The key is a 1-to-8 character ASCII string,
+using the MD5 authentication scheme.
+Note that both the keys and the authentication schemes (DES or MD5)
+must be identical between a set of peers sharing the same key number.
+.PP
+Note that the keys used by the
+.Xr ntpq 8
+and
+.Xr ntpdc 8
+programs are checked against passwords
+requested by the programs and entered by hand,
+so it is generally appropriate to specify these keys in ASCII format.
+.SH "OPTIONS"
+.TP
+.BR \-\-help
+Display usage information and exit.
+.TP
+.BR \-\-more-help
+Pass the extended usage information through a pager.
+.TP
+.BR \-\-version "[=\fI{v|c|n}\fP]"
+Output version of program and exit.  The default mode is `v', a simple
+version.  The `c' mode will print copyright information and `n' will
+print the full copyright notice.
+.SH "OPTION PRESETS"
+Any option that is not marked as \fInot presettable\fP may be preset
+by loading values from environment variables named:
+.nf
+  \fBNTP_KEYS_<option-name>\fP or \fBNTP_KEYS\fP
+.fi
+.ad
+.SH "ENVIRONMENT"
+See \fBOPTION PRESETS\fP for configuration environment variables.
+.SH FILES
+.TP
+.BR Pa /etc/ntp.keys
+the default name of the configuration file
+.SH "EXIT STATUS"
+One of the following exit values will be returned:
+.TP
+.BR 0 " (EXIT_SUCCESS)"
+Successful program execution.
+.TP
+.BR 1 " (EXIT_FAILURE)"
+The operation failed or the command syntax was not valid.
+.SH "SEE ALSO"
+.Xr ntp.conf 5 ,
+.Xr ntpd 1ntpdmdoc ,
+.Xr ntpdate 1ntpdatemdoc ,
+.Xr ntpdc 1ntpdcmdoc ,
+.Xr sntp 1sntpmdoc
+.SH "AUTHORS"
+The University of Delaware
+.SH "COPYRIGHT"
+Copyright (C) 1970-2012 The University of Delaware all rights reserved.
+This program is released under the terms of the NTP license, <http://ntp.org/license>.
+.SH "BUGS"
+Please send bug reports to: http://bugs.ntp.org, bugs at ntp.org
+.SH NOTES
+This document is derived from FreeBSD..Pp
+This manual page was \fIAutoGen\fP-erated from the \fBntp.keys\fP
+option definitions.

==== ntpd/ntp.keys.5man ====
2012-08-30 20:37:37-04:00, stenn at psp-deb1.ntp.org +0 -0

==== ntpd/ntp.keys.5mdoc ====
2012-08-30 20:37:37-04:00, stenn at psp-deb1.ntp.org +159 -0
  BitKeeper file /home/stenn/ntp-dev-autogen/ntpd/ntp.keys.5mdoc

--- /dev/null	2012-08-30 22:06:47 -04:00
+++ 1.1/ntpd/ntp.keys.5mdoc	2012-08-30 20:37:37 -04:00
@@ -0,0 +1,159 @@
+.Dd August 11 2012
+.Dt NTP_KEYS 5mdoc File Formats
+.Os FreeBSD 6.4-STABLE
+.\"  EDIT THIS FILE WITH CAUTION  (ntp.mdoc)
+.\"  
+.\"  It has been AutoGen-ed  August 11, 2012 at 08:57:36 PM by AutoGen 5.16.2
+.\"  From the definitions    ntp.keys.def
+.\"  and the template file   agmdoc-cmd.tpl
+.Sh NAME
+.Nm ntp.keys
+.Nd NTP key file format
+.Sh SYNOPSIS
+.Nm
+.Op Fl \-option-name
+.Op Fl \-option-name Ar value
+.Pp
+All arguments must be options.
+.Pp
+.Sh DESCRIPTION
+This document describes the format of an NTP key file.
+For a description of the use of this type of file, see the
+.Qq Authentication Support
+section of the
+.Xr ntp.conf 5
+page.
+.Pp
+In the case of DES, the keys are 56 bits long with,
+depending on type, a parity check on each byte.
+In the case of MD5, the keys are 64 bits (8 bytes).
+.Xr ntpd 8
+reads its keys from a file specified using the
+.Fl k
+command line option or the
+.Ic keys
+statement in the configuration file.
+While key number 0 is fixed by the NTP standard
+(as 56 zero bits)
+and may not be changed,
+one or more of the keys numbered 1 through 15
+may be arbitrarily set in the keys file.
+.Pp
+The key file uses the same comment conventions
+as the configuration file.
+Key entries use a fixed format of the form
+.Pp
+.D1 Ar keyno type key
+.Pp
+where
+.Ar keyno
+is a positive integer,
+.Ar type
+is a single character which defines the key format,
+and
+.Ar key
+is the key itself.
+.Pp
+The
+.Ar key
+may be given in one of four different formats,
+controlled by the
+.Ar type
+character.
+The four key types, and corresponding formats,
+are listed following.
+.Bl -tag -width X
+.It Li S
+The key is a 64-bit hexadecimal number in the format
+specified in the DES specification;
+that is, the high order seven bits of each octet are used
+to form the 56-bit key
+while the low order bit of each octet is given a value
+such that odd parity is maintained for the octet.
+Leading zeroes must be specified
+(i.e., the key must be exactly 16 hex digits long)
+and odd parity must be maintained.
+Hence a zero key, in standard format, would be given as
+.Ql 0101010101010101 .
+.It Li N
+The key is a 64-bit hexadecimal number in the format
+specified in the NTP standard.
+This is the same as the DES format,
+except the bits in each octet have been rotated one bit right
+so that the parity bit is now the high order bit of the octet.
+Leading zeroes must be specified and odd parity must be maintained.
+A zero key in NTP format would be specified as
+.Ql 8080808080808080 .
+.It Li A
+The key is a 1-to-8 character ASCII string.
+A key is formed from this by using the low order 7 bits
+of each ASCII character in the string,
+with zeroes added on the right
+when necessary to form a full width 56-bit key,
+in the same way that encryption keys are formed from
+.Ux
+passwords.
+.It Li M
+The key is a 1-to-8 character ASCII string,
+using the MD5 authentication scheme.
+Note that both the keys and the authentication schemes (DES or MD5)
+must be identical between a set of peers sharing the same key number.
+.El
+.Pp
+Note that the keys used by the
+.Xr ntpq 8
+and
+.Xr ntpdc 8
+programs are checked against passwords
+requested by the programs and entered by hand,
+so it is generally appropriate to specify these keys in ASCII format.
+.Sh "OPTIONS"
+.Bl -tag
+.It \-\-help
+Display usage information and exit.
+.It \-\-more-help
+Pass the extended usage information through a pager.
+.It \-\-version "[=\fI{v|c|n}\fP]"
+Output version of program and exit.  The default mode is `v', a simple
+version.  The `c' mode will print copyright information and `n' will
+print the full copyright notice.
+.El
+.Sh "OPTION PRESETS"
+Any option that is not marked as \fInot presettable\fP may be preset
+by loading values from environment variables named:
+.nf
+  \fBNTP_KEYS_<option-name>\fP or \fBNTP_KEYS\fP
+.fi
+.ad
+.Sh "ENVIRONMENT"
+See \fBOPTION PRESETS\fP for configuration environment variables.
+.Sh FILES
+.Bl -tag -width /etc/ntp.keys -compact
+.It Pa /etc/ntp.keys
+the default name of the configuration file
+.El
+.Sh "EXIT STATUS"
+One of the following exit values will be returned:
+.Bl -tag
+.It 0 " (EXIT_SUCCESS)"
+Successful program execution.
+.It 1 " (EXIT_FAILURE)"
+The operation failed or the command syntax was not valid.
+.El
+.Sh "SEE ALSO"
+.Xr ntp.conf 5 ,
+.Xr ntpd 1ntpdmdoc ,
+.Xr ntpdate 1ntpdatemdoc ,
+.Xr ntpdc 1ntpdcmdoc ,
+.Xr sntp 1sntpmdoc
+.Sh "AUTHORS"
+The University of Delaware
+.Sh "COPYRIGHT"
+Copyright (C) 1970-2012 The University of Delaware all rights reserved.
+This program is released under the terms of the NTP license, <http://ntp.org/license>.
+.Sh "BUGS"
+Please send bug reports to: http://bugs.ntp.org, bugs at ntp.org
+.Sh NOTES
+This document is derived from FreeBSD..Pp
+This manual page was \fIAutoGen\fP-erated from the \fBntp.keys\fP
+option definitions.

==== ntpd/ntp.keys.5mdoc ====
2012-08-30 20:37:37-04:00, stenn at psp-deb1.ntp.org +0 -0

==== ntpd/ntp.keys.man.in ====
2012-08-30 20:37:37-04:00, stenn at psp-deb1.ntp.org +160 -0
  BitKeeper file /home/stenn/ntp-dev-autogen/ntpd/ntp.keys.man.in

--- /dev/null	2012-08-30 22:06:47 -04:00
+++ 1.1/ntpd/ntp.keys.man.in	2012-08-30 20:37:37 -04:00
@@ -0,0 +1,160 @@
+.TH ntp.keys 5 "11 Aug 2012" "4.2.7p295" "File Formats"
+.\"
+.\"  EDIT THIS FILE WITH CAUTION  (ntp.man)
+.\"  
+.\"  It has been AutoGen-ed  August 11, 2012 at 08:57:47 PM by AutoGen 5.16.2
+.\"  From the definitions    ntp.keys.def
+.\"  and the template file   agman-cmd.tpl
+.\"
+.SH NAME
+ntp.keys \- NTP key file format
+.SH SYNOPSIS
+.B ntp.keys
+.\" Long options only
+.RB [ \-\-\fIopt\-name\fP [ = "| ] \fIvalue\fP]]..."
+.PP
+All arguments must be options.
+.PP
+.SH DESCRIPTION
+This document describes the format of an NTP key file.
+For a description of the use of this type of file, see the
+.Qq Authentication Support
+section of the
+.Xr ntp.conf 5
+page.
+.PP
+In the case of DES, the keys are 56 bits long with,
+depending on type, a parity check on each byte.
+In the case of MD5, the keys are 64 bits (8 bytes).
+.Xr ntpd 8
+reads its keys from a file specified using the
+k
+command line option or the
+.Ic keys
+statement in the configuration file.
+While key number 0 is fixed by the NTP standard
+(as 56 zero bits)
+and may not be changed,
+one or more of the keys numbered 1 through 15
+may be arbitrarily set in the keys file.
+.PP
+The key file uses the same comment conventions
+as the configuration file.
+Key entries use a fixed format of the form
+.PP
+.D1 Ar keyno type key
+.PP
+where
+\fIkeyno\fR
+is a positive integer,
+\fItype\fR
+is a single character which defines the key format,
+and
+\fIkey\fR
+is the key itself.
+.PP
+The
+\fIkey\fR
+may be given in one of four different formats,
+controlled by the
+\fItype\fR
+character.
+The four key types, and corresponding formats,
+are listed following.
+.TP
+.BR Li S
+The key is a 64-bit hexadecimal number in the format
+specified in the DES specification;
+that is, the high order seven bits of each octet are used
+to form the 56-bit key
+while the low order bit of each octet is given a value
+such that odd parity is maintained for the octet.
+Leading zeroes must be specified
+(i.e., the key must be exactly 16 hex digits long)
+and odd parity must be maintained.
+Hence a zero key, in standard format, would be given as
+.Ql 0101010101010101 .
+.TP
+.BR Li N
+The key is a 64-bit hexadecimal number in the format
+specified in the NTP standard.
+This is the same as the DES format,
+except the bits in each octet have been rotated one bit right
+so that the parity bit is now the high order bit of the octet.
+Leading zeroes must be specified and odd parity must be maintained.
+A zero key in NTP format would be specified as
+.Ql 8080808080808080 .
+.TP
+.BR Li A
+The key is a 1-to-8 character ASCII string.
+A key is formed from this by using the low order 7 bits
+of each ASCII character in the string,
+with zeroes added on the right
+when necessary to form a full width 56-bit key,
+in the same way that encryption keys are formed from
+.Ux
+passwords.
+.TP
+.BR Li M
+The key is a 1-to-8 character ASCII string,
+using the MD5 authentication scheme.
+Note that both the keys and the authentication schemes (DES or MD5)
+must be identical between a set of peers sharing the same key number.
+.PP
+Note that the keys used by the
+.Xr ntpq 8
+and
+.Xr ntpdc 8
+programs are checked against passwords
+requested by the programs and entered by hand,
+so it is generally appropriate to specify these keys in ASCII format.
+.SH "OPTIONS"
+.TP
+.BR \-\-help
+Display usage information and exit.
+.TP
+.BR \-\-more-help
+Pass the extended usage information through a pager.
+.TP
+.BR \-\-version "[=\fI{v|c|n}\fP]"
+Output version of program and exit.  The default mode is `v', a simple
+version.  The `c' mode will print copyright information and `n' will
+print the full copyright notice.
+.SH "OPTION PRESETS"
+Any option that is not marked as \fInot presettable\fP may be preset
+by loading values from environment variables named:
+.nf
+  \fBNTP_KEYS_<option-name>\fP or \fBNTP_KEYS\fP
+.fi
+.ad
+.SH "ENVIRONMENT"
+See \fBOPTION PRESETS\fP for configuration environment variables.
+.SH FILES
+.TP
+.BR Pa /etc/ntp.keys
+the default name of the configuration file
+.SH "EXIT STATUS"
+One of the following exit values will be returned:
+.TP
+.BR 0 " (EXIT_SUCCESS)"
+Successful program execution.
+.TP
+.BR 1 " (EXIT_FAILURE)"
+The operation failed or the command syntax was not valid.
+.SH "SEE ALSO"
+.Xr ntp.conf 5 ,
+.Xr ntpd @NTPD_MS@ ,
+.Xr ntpdate @NTPDATE_MS@ ,
+.Xr ntpdc @NTPDC_MS@ ,
+.Xr sntp @SNTP_MS@
+.SH "AUTHORS"
+The University of Delaware
+.SH "COPYRIGHT"
+Copyright (C) 1970-2012 The University of Delaware all rights reserved.
+This program is released under the terms of the NTP license, <http://ntp.org/license>.
+.SH "BUGS"
+Please send bug reports to: http://bugs.ntp.org, bugs at ntp.org
+.SH NOTES
+This document is derived from FreeBSD..Pp
+This manual page was \fIAutoGen\fP-erated from the \fBntp.keys\fP
+option definitions.

==== ntpd/ntp.keys.man.in ====
2012-08-30 20:37:37-04:00, stenn at psp-deb1.ntp.org +0 -0

==== ntpd/ntp.keys.mdoc.in ====
2012-08-30 20:37:37-04:00, stenn at psp-deb1.ntp.org +159 -0
  BitKeeper file /home/stenn/ntp-dev-autogen/ntpd/ntp.keys.mdoc.in

--- /dev/null	2012-08-30 22:06:47 -04:00
+++ 1.1/ntpd/ntp.keys.mdoc.in	2012-08-30 20:37:37 -04:00
@@ -0,0 +1,159 @@
+.Dd August 11 2012
+.Dt NTP_KEYS 5 File Formats
+.Os FreeBSD 6.4-STABLE
+.\"  EDIT THIS FILE WITH CAUTION  (ntp.mdoc)
+.\"  
+.\"  It has been AutoGen-ed  August 11, 2012 at 08:57:36 PM by AutoGen 5.16.2
+.\"  From the definitions    ntp.keys.def
+.\"  and the template file   agmdoc-cmd.tpl
+.Sh NAME
+.Nm ntp.keys
+.Nd NTP key file format
+.Sh SYNOPSIS
+.Nm
+.Op Fl \-option-name
+.Op Fl \-option-name Ar value
+.Pp
+All arguments must be options.
+.Pp
+.Sh DESCRIPTION
+This document describes the format of an NTP key file.
+For a description of the use of this type of file, see the
+.Qq Authentication Support
+section of the
+.Xr ntp.conf 5
+page.
+.Pp
+In the case of DES, the keys are 56 bits long with,
+depending on type, a parity check on each byte.
+In the case of MD5, the keys are 64 bits (8 bytes).
+.Xr ntpd 8
+reads its keys from a file specified using the
+.Fl k
+command line option or the
+.Ic keys
+statement in the configuration file.
+While key number 0 is fixed by the NTP standard
+(as 56 zero bits)
+and may not be changed,
+one or more of the keys numbered 1 through 15
+may be arbitrarily set in the keys file.
+.Pp
+The key file uses the same comment conventions
+as the configuration file.
+Key entries use a fixed format of the form
+.Pp
+.D1 Ar keyno type key
+.Pp
+where
+.Ar keyno
+is a positive integer,
+.Ar type
+is a single character which defines the key format,
+and
+.Ar key
+is the key itself.
+.Pp
+The
+.Ar key
+may be given in one of four different formats,
+controlled by the
+.Ar type
+character.
+The four key types, and corresponding formats,
+are listed following.
+.Bl -tag -width X
+.It Li S
+The key is a 64-bit hexadecimal number in the format
+specified in the DES specification;
+that is, the high order seven bits of each octet are used
+to form the 56-bit key
+while the low order bit of each octet is given a value
+such that odd parity is maintained for the octet.
+Leading zeroes must be specified
+(i.e., the key must be exactly 16 hex digits long)
+and odd parity must be maintained.
+Hence a zero key, in standard format, would be given as
+.Ql 0101010101010101 .
+.It Li N
+The key is a 64-bit hexadecimal number in the format
+specified in the NTP standard.
+This is the same as the DES format,
+except the bits in each octet have been rotated one bit right
+so that the parity bit is now the high order bit of the octet.
+Leading zeroes must be specified and odd parity must be maintained.
+A zero key in NTP format would be specified as
+.Ql 8080808080808080 .
+.It Li A
+The key is a 1-to-8 character ASCII string.
+A key is formed from this by using the low order 7 bits
+of each ASCII character in the string,
+with zeroes added on the right
+when necessary to form a full width 56-bit key,
+in the same way that encryption keys are formed from
+.Ux
+passwords.
+.It Li M
+The key is a 1-to-8 character ASCII string,
+using the MD5 authentication scheme.
+Note that both the keys and the authentication schemes (DES or MD5)
+must be identical between a set of peers sharing the same key number.
+.El
+.Pp
+Note that the keys used by the
+.Xr ntpq 8
+and
+.Xr ntpdc 8
+programs are checked against passwords
+requested by the programs and entered by hand,
+so it is generally appropriate to specify these keys in ASCII format.
+.Sh "OPTIONS"
+.Bl -tag
+.It \-\-help
+Display usage information and exit.
+.It \-\-more-help
+Pass the extended usage information through a pager.
+.It \-\-version "[=\fI{v|c|n}\fP]"
+Output version of program and exit.  The default mode is `v', a simple
+version.  The `c' mode will print copyright information and `n' will
+print the full copyright notice.
+.El
+.Sh "OPTION PRESETS"
+Any option that is not marked as \fInot presettable\fP may be preset
+by loading values from environment variables named:
+.nf
+  \fBNTP_KEYS_<option-name>\fP or \fBNTP_KEYS\fP
+.fi
+.ad
+.Sh "ENVIRONMENT"
+See \fBOPTION PRESETS\fP for configuration environment variables.
+.Sh FILES
+.Bl -tag -width /etc/ntp.keys -compact
+.It Pa /etc/ntp.keys
+the default name of the configuration file
+.El
+.Sh "EXIT STATUS"
+One of the following exit values will be returned:
+.Bl -tag
+.It 0 " (EXIT_SUCCESS)"
+Successful program execution.
+.It 1 " (EXIT_FAILURE)"
+The operation failed or the command syntax was not valid.
+.El
+.Sh "SEE ALSO"
+.Xr ntp.conf 5 ,
+.Xr ntpd @NTPD_MS@ ,
+.Xr ntpdate @NTPDATE_MS@ ,
+.Xr ntpdc @NTPDC_MS@ ,
+.Xr sntp @SNTP_MS@
+.Sh "AUTHORS"
+The University of Delaware
+.Sh "COPYRIGHT"
+Copyright (C) 1970-2012 The University of Delaware all rights reserved.
+This program is released under the terms of the NTP license, <http://ntp.org/license>.
+.Sh "BUGS"
+Please send bug reports to: http://bugs.ntp.org, bugs at ntp.org
+.Sh NOTES
+This document is derived from FreeBSD..Pp
+This manual page was \fIAutoGen\fP-erated from the \fBntp.keys\fP
+option definitions.

==== ntpd/ntp.keys.mdoc.in ====
2012-08-30 20:37:37-04:00, stenn at psp-deb1.ntp.org +0 -0

#### ChangeSet ####
2012-08-12 04:33:15+00:00, stenn at psp-fb1.ntp.org
  Upgrade to autogen-5.16.2 and libopts-36.5.11

==== ChangeLog ====
2012-08-12 04:32:17+00:00, stenn at psp-fb1.ntp.org +1 -1
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.1155/ChangeLog	2012-08-11 16:06:37 -04:00
+++ 1.1156/ChangeLog	2012-08-12 00:32:17 -04:00
@@ -1,4 +1,4 @@
-* Upgrade to autogen-5.16.2 and libopts-36.4.11.
+* Upgrade to autogen-5.16.2 and libopts-36.5.11.
 (4.2.7p295) 2012/08/11 Released by Harlan Stenn <stenn at ntp.org>
 * Look for syslog's facilitynames[].
 (4.2.7p294) 2012/08/08 Released by Harlan Stenn <stenn at ntp.org>

==== ntpd/invoke-ntpd.texi ====
2012-08-12 04:32:17+00:00, stenn at psp-fb1.ntp.org +360 -132
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.283/ntpd/invoke-ntpd.texi	2012-08-11 16:15:24 -04:00
+++ 1.284/ntpd/invoke-ntpd.texi	2012-08-12 00:32:17 -04:00
@@ -6,13 +6,80 @@
 # 
 # EDIT THIS FILE WITH CAUTION  (invoke-ntpd.texi)
 # 
-# It has been AutoGen-ed  August 11, 2012 at 11:31:48 AM by AutoGen 5.14
+# It has been AutoGen-ed  August 11, 2012 at 08:57:43 PM by AutoGen 5.16.2
 # From the definitions    ntpd-opts.def
 # and the template file   agtexi-cmd.tpl
 @end ignore
 
 
 
+The
+ at code{ntpd}
+utility is an operating system daemon which sets
+and maintains the system time of day in synchronism with Internet
+standard time servers.
+It is a complete implementation of the
+Network Time Protocol (NTP) version 4, as defined by RFC-5905,
+but also retains compatibility with
+version 3, as defined by RFC-1305, and versions 1
+and 2, as defined by RFC-1059 and RFC-1119, respectively.
+
+The
+ at code{ntpd}
+utility does most computations in 64-bit floating point
+arithmetic and does relatively clumsy 64-bit fixed point operations
+only when necessary to preserve the ultimate precision, about 232
+picoseconds.
+While the ultimate precision is not achievable with
+ordinary workstations and networks of today, it may be required
+with future gigahertz CPU clocks and gigabit LANs.
+
+Ordinarily,
+ at code{ntpd}
+reads the
+ at code{ntp.conf(5)}
+configuration file at startup time in order to determine the
+synchronization sources and operating modes.
+It is also possible to
+specify a working, although limited, configuration entirely on the
+command line, obviating the need for a configuration file.
+This may
+be particularly useful when the local host is to be configured as a
+broadcast/multicast client, with all peers being determined by
+listening to broadcasts at run time.
+
+If NetInfo support is built into
+ at code{ntpd},
+then
+ at code{ntpd}
+will attempt to read its configuration from the
+NetInfo if the default
+ at code{ntp.conf(5)}
+file cannot be read and no file is
+specified by the
+ at code{-c} option.
+
+Various internal
+ at code{ntpd}
+variables can be displayed and
+configuration options altered while the
+ at code{ntpd}
+is running
+using the
+ at code{ntpq(8)}
+and
+ at code{ntpdc(8)}
+utility programs.
+
+When
+ at code{ntpd}
+starts it looks at the value of
+ at code{umask(2)},
+and if zero
+ at code{ntpd}
+will set the
+ at code{umask(2)}
+to 022.
 
 This section was generated by @strong{AutoGen},
 using the @code{agtexi-cmd} template and the option descriptions for the @code{ntpd} program.
@@ -49,9 +116,9 @@ This software is released under the NTP 
 * ntpd slew::                   slew option (-x)
 * ntpd usepcc::                 usepcc option
 * ntpd pccfreq::                pccfreq option
+* ntpd mdns::                   mdns option (-m)
 * ntpd config::                 presetting/configuring ntpd
 * ntpd exit status::            exit status
-* ntpd Description::            Description
 * ntpd Usage::                  Usage
 * ntpd Files::                  Files
 * ntpd See Also::               See Also
@@ -73,80 +140,7 @@ with a status code of 0.
 
 @exampleindent 0
 @example
-ntpd - NTP daemon program - Ver. 4.2.7p295
-USAGE:  ntpd [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... \
-                [ <server1> ... <serverN> ]
-  Flg Arg Option-Name    Description
-   -4 no  ipv4           Force IPv4 DNS name resolution
-                                - prohibits these options:
-                                ipv6
-   -6 no  ipv6           Force IPv6 DNS name resolution
-                                - prohibits these options:
-                                ipv4
-   -a no  authreq        Require crypto authentication
-                                - prohibits these options:
-                                authnoreq
-   -A no  authnoreq      Do not require crypto authentication
-                                - prohibits these options:
-                                authreq
-   -b no  bcastsync      Allow us to sync to broadcast servers
-   -c Str configfile     configuration file name
-   -d no  debug-level    Increase output debug message level
-                                - may appear multiple times
-   -D Str set-debug-level Set the output debug message level
-                                - may appear multiple times
-   -f Str driftfile      frequency drift file name
-   -g no  panicgate      Allow the first adjustment to be Big
-                                - may appear multiple times
-   -i --- jaildir        built without --enable-clockctl or --enable-linuxcaps
-   -I Str interface      Listen on an interface name or address
-                                - may appear multiple times
-   -k Str keyfile        path to symmetric keys
-   -l Str logfile        path to the log file
-   -L no  novirtualips   Do not listen to virtual interfaces
-   -n no  nofork         Do not fork
-                                - prohibits these options:
-                                wait-sync
-   -N no  nice           Run at high priority
-   -p Str pidfile        path to the PID file
-   -P Num priority       Process priority
-   -q no  quit           Set the time and quit
-                                - prohibits these options:
-                                saveconfigquit
-                                wait-sync
-   -r Str propagationdelay Broadcast/propagation delay
-      Str saveconfigquit Save parsed configuration and quit
-                                - prohibits these options:
-                                quit
-                                wait-sync
-   -s Str statsdir       Statistics file location
-   -t Str trustedkey     Trusted key number
-                                - may appear multiple times
-   -u --- user           built without --enable-clockctl or --enable-linuxcaps
-   -U Num updateinterval interval in seconds between scans for new or dropped interfaces
-      Str var            make ARG an ntp variable (RW)
-                                - may appear multiple times
-      Str dvar           make ARG an ntp variable (RW|DEF)
-                                - may appear multiple times
-   -w Num wait-sync      Seconds to wait for first clock sync
-                                - prohibits these options:
-                                nofork
-                                quit
-                                saveconfigquit
-   -x no  slew           Slew up to 600 seconds
-   -" opt version        Output version information and exit
-   -? no  help           Display extended usage information and exit
-   -! no  more-help      Extended usage information passed thru pager
-
-Options are specified by doubled hyphens and their name or by a single
-hyphen and the flag character.
-
-
-
-The following option preset mechanisms are supported:
- - examining environment variables named NTPD_*
-
-please send bug reports to:  http://bugs.ntp.org, bugs@@ntp.org
+ntpd is unavailable - no -?
 @end example
 @exampleindent 4
 
@@ -610,6 +604,21 @@ must be compiled in by defining @code{SY
 Force substitution the CPU counter for QueryPerformanceCounter.
 The CPU counter (RDTSC on x86) is used unconditionally with the
 given frequency (in Hz).
+ at node ntpd mdns
+ at subsection mdns option (-m)
+ at cindex ntpd-mdns
+
+This is the ``register with mdns as a ntp server'' option.
+
+ at noindent
+This option has some usage constraints.  It:
+ at itemize @bullet
+ at item
+must be compiled in by defining @code{HAVE_DNSREGISTRATION} during the compilation.
+ at end itemize
+
+Registers as an NTP server with the local mDNS server which allows
+the server to be discovered via mDNS client lookup.
 
 
 @node ntpd config
@@ -651,58 +660,14 @@ Successful program execution.
 @item 1 (EXIT_FAILURE)
 The operation failed or the command syntax was not valid.
 @end table
- at node ntpd Description
- at subsection ntpd Description
-The
-utility is an operating system daemon which sets
-and maintains the system time of day in synchronism with Internet
-standard time servers.
-It is a complete implementation of the
-Network Time Protocol (NTP) version 4, as defined by RFC-5905,
-but also retains compatibility with
-version 3, as defined by RFC-1305, and versions 1
-and 2, as defined by RFC-1059 and RFC-1119, respectively.
-The
-utility does most computations in 64-bit floating point
-arithmetic and does relatively clumsy 64-bit fixed point operations
-only when necessary to preserve the ultimate precision, about 232
-picoseconds.
-While the ultimate precision is not achievable with
-ordinary workstations and networks of today, it may be required
-with future gigahertz CPU clocks and gigabit LANs.
-Ordinarily,
-reads the
-configuration file at startup time in order to determine the
-synchronization sources and operating modes.
-It is also possible to
-specify a working, although limited, configuration entirely on the
-command line, obviating the need for a configuration file.
-This may
-be particularly useful when the local host is to be configured as a
-broadcast/multicast client, with all peers being determined by
-listening to broadcasts at run time.
-If NetInfo support is built into
-then
-will attempt to read its configuration from the
-NetInfo if the default
-file cannot be read and no file is
-specified by the
-option.
-Various internal
-variables can be displayed and
-configuration options altered while the
-is running
-using the
-and
-utility programs.
-When
-starts it looks at the value of
-and if zero
-will set the
-to 022.
 @node ntpd Usage
 @subsection ntpd Usage
+.Ss
+"How
+NTP
+Operates"
 The
+ at code{ntpd}
 utility operates by exchanging messages with
 one or more configured servers over a range of designated poll intervals.
 When
@@ -718,9 +683,15 @@ interval of 64s, several minutes can ela
 set.
 This initial delay to set the clock
 can be safely and dramatically reduced using the
+.Cm
+iburst
 keyword with the
+.Ic
+server
 configuration
 command, as described in
+ at code{ntp.conf(5)}.
+
 Most operating systems and hardware of today incorporate a
 time-of-year (TOY) chip to maintain the time during periods when
 the power is off.
@@ -730,26 +701,32 @@ After the machine has
 synchronized to a NTP server, the operating system corrects the
 chip from time to time.
 In the default case, if
+ at code{ntpd}
 detects that the time on the host
 is more than 1000s from the server time,
+ at code{ntpd}
 assumes something must be terribly wrong and the only
 reliable action is for the operator to intervene and set the clock
 by hand.
 (Reasons for this include there is no TOY chip,
 or its battery is dead, or that the TOY chip is just of poor quality.)
 This causes
+ at code{ntpd}
 to exit with a panic message to
 the system log.
 The
-option overrides this check and the
+ at code{-g} option overrides this check and the
 clock will be set to the server time regardless of the chip time
 (up to 68 years in the past or future \(em
 this is a limitation of the NTPv4 protocol).
 However, and to protect against broken hardware, such as when the
 CMOS battery fails or the clock counter becomes defective, once the
 clock has been set an error greater than 1000s will cause
+ at code{ntpd}
 to exit anyway.
+
 Under ordinary conditions,
+ at code{ntpd}
 adjusts the clock in
 small steps so that the timescale is effectively continuous and
 without discontinuities.
@@ -758,6 +735,7 @@ congestion, the roundtrip delay jitter c
 the synchronization distance, which is equal to one-half the
 roundtrip delay plus error budget terms, can become very large.
 The
+ at code{ntpd}
 algorithms discard sample offsets exceeding 128 ms,
 unless the interval during which no sample offset is less than 128
 ms exceeds 900s.
@@ -766,10 +744,12 @@ offset, steps the clock to the indicated
 In practice this
 reduces the false alarm rate where the clock is stepped in error to
 a vanishingly low incidence.
+
 As the result of this behavior, once the clock has been set it
 very rarely strays more than 128 ms even under extreme cases of
 network path congestion and jitter.
 Sometimes, in particular when
+ at code{ntpd}
 is first started without a valid drift file
 on a system with a large intrinsic drift
 the error might grow to exceed 128 ms,
@@ -779,12 +759,12 @@ in the future relative to the server.
 In some applications, this behavior may be unacceptable.
 There are several solutions, however.
 If the
-option is included on the command line, the clock will
+ at code{-x} option is included on the command line, the clock will
 never be stepped and only slew corrections will be used.
 But this choice comes with a cost that
 should be carefully explored before deciding to use
 the
-option.
+ at code{-x} option.
 The maximum slew rate possible is limited
 to 500 parts-per-million (PPM) as a consequence of the correctness
 principles on which the NTP protocol and algorithm design are
@@ -796,6 +776,7 @@ During this interval the
 local clock will not be consistent with any other network clock and
 the system cannot be used for distributed applications that require
 correctly synchronized network time.
+
 In spite of the above precautions, sometimes when large
 frequency errors are present the resulting time offsets stray
 outside the 128-ms range and an eventual step or slew time
@@ -803,85 +784,142 @@ correction is required.
 If following such a correction the
 frequency error is so large that the first sample is outside the
 acceptable range,
+ at code{ntpd}
 enters the same state as when the
+.Pa
+ntp.drift
 file is not present.
 The intent of this behavior
 is to quickly correct the frequency and restore operation to the
 normal tracking mode.
 In the most extreme cases
 (the host
+.Cm
+time.ien.it
 comes to mind), there may be occasional
 step/slew corrections and subsequent frequency corrections.
 It
 helps in these cases to use the
+.Cm
+burst
 keyword when
 configuring the server, but
 ONLY
 when you have permission to do so from the owner of the target host.
+
 Finally,
 in the past many startup scripts would run
+ at code{ntpdate(8)}
 to get the system clock close to correct before starting
+ at code{ntpd(8)},
 but this was never more than a mediocre hack and is no longer needed.
+
 There is a way to start
+ at code{ntpd(8)}
 that often addresses all of the problems mentioned above.
+.Ss
+"Starting
+NTP
+(Best
+Current
+Practice)"
 First, use the
+.Cm
+iburst
 option on your
+.Cm
+server
 entries.
+
 If you can also keep a good
+.Pa
+ntp.drift
 file then
+ at code{ntpd(8)}
 will effectively "warm-start" and your system's clock will
 be stable in under 11 seconds' time.
+
 As soon as possible in the startup sequence, start
+ at code{ntpd(8)}
 with at least the
-and perhaps the
-options.
+ at code{-g} and perhaps the
+ at code{-N} options.
 Then,
 start the rest of your "normal" processes.
 This will give
+ at code{ntpd(8)}
 as much time as possible to get the system's clock synchronized and stable.
+
 Finally,
 if you have processes like
+.Cm
+dovecot
 or database servers
 that require
 monotonically-increasing time,
 run
+ at code{ntp-wait(8)}
 as late as possible in the boot sequence
 (perhaps with the
-flag)
+ at code{-v} flag)
 and after
+ at code{ntp-wait(8)}
 exits successfully
 it is as safe as it will ever be to start any process that require
 stable time.
+.Ss
+"Frequency
+Discipline"
 The
+ at code{ntpd}
 behavior at startup depends on whether the
 frequency file, usually
+.Pa
+ntp.drift
+,
 exists.
 This file
 contains the latest estimate of clock frequency error.
 When the
+ at code{ntpd}
 is started and the file does not exist, the
+ at code{ntpd}
 enters a special mode designed to quickly adapt to
 the particular system clock oscillator time and frequency error.
 This takes approximately 15 minutes, after which the time and
 frequency are set to nominal values and the
+ at code{ntpd}
 enters
 normal mode, where the time and frequency are continuously tracked
 relative to the server.
 After one hour the frequency file is
 created and the current frequency offset written to it.
 When the
+ at code{ntpd}
 is started and the file does exist, the
+ at code{ntpd}
 frequency is initialized from the file and enters normal mode
 immediately.
 After that the current frequency offset is written to
 the file at hourly intervals.
+.Ss
+"Operating
+Modes"
 The
+ at code{ntpd}
 utility can operate in any of several modes, including
 symmetric active/passive, client/server broadcast/multicast and
 manycast, as described in the
+.Qq
+Association
+Management
 page
 (available as part of the HTML documentation
 provided in
+.Pa
+/usr/share/doc/ntp
+)
+.
 It normally operates continuously while
 monitoring for small changes in frequency and trimming the clock
 for the ultimate precision.
@@ -895,7 +933,9 @@ configure itself automatically.
 This makes it possible to deploy a
 fleet of workstations without specifying configuration details
 specific to the local environment.
+
 By default,
+ at code{ntpd}
 runs in continuous mode where each of
 possibly several external servers is polled at intervals determined
 by an intricate state machine.
@@ -910,24 +950,34 @@ avoid bunching at the servers.
 In addition, should a server become
 unreachable for some time, the poll interval is increased in steps
 to 1024s in order to reduce network overhead.
+
 In some cases it may not be practical for
+ at code{ntpd}
 to run
 continuously.
 A common workaround has been to run the
+ at code{ntpdate(8)}
 program from a
+ at code{cron(8)}
 job at designated
 times.
 However, this program does not have the crafted signal
 processing, error checking and mitigation algorithms of
+ at code{ntpd}.
 The
-option is intended for this purpose.
+ at code{-q} option is intended for this purpose.
 Setting this option will cause
+ at code{ntpd}
 to exit just after
 setting the clock for the first time.
 The procedure for initially
 setting the clock is the same as in continuous mode; most
 applications will probably want to specify the
+.Cm
+iburst
 keyword with the
+.Ic
+server
 configuration command.
 With this
 keyword a volley of messages are exchanged to groom the data and
@@ -936,24 +986,34 @@ If nothing is heard after a
 couple of minutes, the daemon times out and exits.
 After a suitable
 period of mourning, the
+ at code{ntpdate(8)}
 program may be
 retired.
+
 When kernel support is available to discipline the clock
 frequency, which is the case for stock Solaris, Tru64, Linux and
+.Fx
+,
 a useful feature is available to discipline the clock
 frequency.
 First,
+ at code{ntpd}
 is run in continuous mode with
 selected servers in order to measure and record the intrinsic clock
 frequency offset in the frequency file.
 It may take some hours for
 the frequency and offset to settle down.
 Then the
+ at code{ntpd}
 is
 stopped and run in one-time mode as required.
 At each startup, the
 frequency is read from the file and initializes the kernel
 frequency.
+.Ss
+"Poll
+Interval
+Control"
 This version of NTP includes an intricate state machine to
 reduce the network load while maintaining a quality of
 synchronization consistent with the observed jitter and wander.
@@ -965,14 +1025,21 @@ the consequences of changing the poll ad
 default minimum of 64 s to the default maximum of 1,024 s.
 The
 default minimum can be changed with the
+.Ic
+tinker
+.Cm
+minpoll
 command to a value not less than 16 s.
 This value is used for all
 configured associations, unless overridden by the
+.Cm
+minpoll
 option on the configuration command.
 Note that most device drivers
 will not operate properly if the poll interval is less than 64 s
 and that the broadcast server and manycast client associations will
 also use the default, unless overridden.
+
 In some cases involving dial up or toll services, it may be
 useful to increase the minimum interval to a few tens of minutes
 and maximum interval to a day or so.
@@ -989,12 +1056,18 @@ At a minimum of 1,024
 s, for example, the capture range is only 31 PPM.
 If the intrinsic
 error is greater than this, the drift file
+.Pa
+ntp.drift
 will
 have to be specially tailored to reduce the residual error below
 this limit.
 Once this is done, the drift file is automatically
 updated once per hour and is available to initialize the frequency
 on subsequent daemon restarts.
+.Ss
+"The
+huff-n'-puff
+Filter"
 In scenarios where a considerable amount of data are to be
 downloaded or uploaded over telephone modems, timekeeping quality
 can be seriously degraded.
@@ -1004,6 +1077,7 @@ In
 many cases the apparent time errors are so large as to exceed the
 step threshold and a step correction can occur during and after the
 data transfer is in progress.
+
 The huff-n'-puff filter is designed to correct the apparent time
 offset in these cases.
 It depends on knowledge of the propagation
@@ -1020,9 +1094,15 @@ minimum delay.
 The name of the filter reflects the negative (huff)
 and positive (puff) correction, which depends on the sign of the
 offset.
+
 The filter is activated by the
+.Ic
+tinker
 command and
+.Cm
+huffpuff
 keyword, as described in
+ at code{ntp.conf(5)}.
 @node ntpd Files
 @subsection ntpd Files
 @table @samp
@@ -1036,16 +1116,164 @@ the default name of the key file
 @end multitable
 @node ntpd See Also
 @subsection ntpd See Also
+ at code{ntp.conf(5)},
+ at code{ntpdate(8)},
+ at code{ntpdc(8)},
+ at code{ntpq(8)}
+
 In addition to the manual pages provided,
 comprehensive documentation is available on the world wide web
 at
+.Li
+http://www.ntp.org/
+.
 A snapshot of this documentation is available in HTML format in
+.Pa
+/usr/share/doc/ntp
+.
+.Rs
+.%A
+David
+L.
+Mills
+.%T
+Network
+Time
+Protocol
+(Version
+1)
+.%O
+RFC1059
+.Re
+.Rs
+.%A
+David
+L.
+Mills
+.%T
+Network
+Time
+Protocol
+(Version
+2)
+.%O
+RFC1119
+.Re
+.Rs
+.%A
+David
+L.
+Mills
+.%T
+Network
+Time
+Protocol
+(Version
+3)
+.%O
+RFC1305
+.Re
+.Rs
+.%A
+David
+L.
+Mills
+.%A
+J.
+Martin,
+Ed.
+.%A
+J.
+Burbank
+.%A
+W.
+Kasch
+.%T
+Network
+Time
+Protocol
+Version
+4:
+Protocol
+and
+Algorithms
+Specification
+.%O
+RFC5905
+.Re
+.Rs
+.%A
+David
+L.
+Mills
+.%A
+B.
+Haberman,
+Ed.
+.%T
+Network
+Time
+Protocol
+Version
+4:
+Autokey
+Specification
+.%O
+RFC5906
+.Re
+.Rs
+.%A
+H.
+Gerstung
+.%A
+C.
+Elliott
+.%A
+B.
+Haberman,
+Ed.
+.%T
+Definitions
+of
+Managed
+Objects
+for
+Network
+Time
+Protocol
+Version
+4:
+(NTPv4)
+.%O
+RFC5907
+.Re
+.Rs
+.%A
+R.
+Gayraud
+.%A
+B.
+Lourdelet
+.%T
+Network
+Time
+Protocol
+(NTP)
+Server
+Option
+for
+DHCPv6
+.%O
+RFC5908
+.Re
 @node ntpd Bugs
 @subsection ntpd Bugs
 The
+ at code{ntpd}
 utility has gotten rather fat.
 While not huge, it has gotten
 larger than might be desirable for an elevated-priority
+ at code{ntpd}
 running on a workstation, particularly since many of
 the fancy features which consume the space were designed more with
 a busy primary server, rather than a high stratum workstation in

==== ntpd/ntpd-opts.c ====
2012-08-12 04:32:17+00:00, stenn at psp-fb1.ntp.org +309 -261
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.301/ntpd/ntpd-opts.c	2012-08-11 07:33:23 -04:00
+++ 1.302/ntpd/ntpd-opts.c	2012-08-12 00:32:17 -04:00
@@ -1,11 +1,11 @@
 /*  
  *  EDIT THIS FILE WITH CAUTION  (ntpd-opts.c)
  *  
- *  It has been AutoGen-ed  August 11, 2012 at 11:30:29 AM by AutoGen 5.14
+ *  It has been AutoGen-ed  August 11, 2012 at 08:39:25 PM by AutoGen 5.16.2
  *  From the definitions    ntpd-opts.def
  *  and the template file   options
  *
- * Generated from AutoOpts 36:1:11 templates.
+ * Generated from AutoOpts 36:5:11 templates.
  *
  *  AutoOpts is a copyrighted work.  This source file is not encumbered
  *  by AutoOpts licensing, but is provided under the licensing terms chosen
@@ -36,14 +36,15 @@
  *  is provided "as is" without express or implied warranty.
  */
 
+#ifndef __doxygen__
+#define OPTION_CODE_COMPILE 1
+#include "ntpd-opts.h"
 #include <sys/types.h>
 
 #include <limits.h>
 #include <stdio.h>
 #include <stdlib.h>
 
-#define OPTION_CODE_COMPILE 1
-#include "ntpd-opts.h"
 #ifdef  __cplusplus
 extern "C" {
 #endif
@@ -54,10 +55,10 @@ extern FILE * option_usage_fp;
 #define zCopyright      (ntpd_opt_strs+0)
 #define zLicenseDescrip (ntpd_opt_strs+314)
 
-extern tUsageProc optionUsage;
 /*
  *  global included definitions
- */#ifdef __windows
+ */
+#ifdef __windows
   extern int atoi(const char *);
 #else
 # include <stdlib.h>
@@ -70,7 +71,7 @@ extern tUsageProc optionUsage;
 /*
  *  ntpd option static const strings
  */
-static char const ntpd_opt_strs[3053] =
+static char const ntpd_opt_strs[3055] =
 /*     0 */ "ntpd 4.2.7p295\n"
             "Copyright (C) 1970-2012 The University of Delaware, all rights reserved.\n"
             "This is free software. It is licensed for use, modification and\n"
@@ -83,135 +84,135 @@ static char const ntpd_opt_strs[3053] =
             "provided that the above copyright notice appears in all copies and that\n"
             "both the copyright notice and this permission notice appear in supporting\n"
             "documentation, and that the name The University of Delaware not be used in\n"
-            "advertising or publicity pertaining to distribution of the software\n"
-            "without specific, written prior permission. The University of Delaware\n"
-            "makes no representations about the suitability this software for any\n"
-            "purpose. It is provided \"as is\" without express or implied warranty.\n\0"
-/*   952 */ "Force IPv4 DNS name resolution\0"
-/*   983 */ "IPV4\0"
-/*   988 */ "ipv4\0"
-/*   993 */ "Force IPv6 DNS name resolution\0"
-/*  1024 */ "IPV6\0"
-/*  1029 */ "ipv6\0"
-/*  1034 */ "Require crypto authentication\0"
-/*  1064 */ "AUTHREQ\0"
-/*  1072 */ "authreq\0"
-/*  1080 */ "Do not require crypto authentication\0"
-/*  1117 */ "AUTHNOREQ\0"
-/*  1127 */ "authnoreq\0"
-/*  1137 */ "Allow us to sync to broadcast servers\0"
-/*  1175 */ "BCASTSYNC\0"
-/*  1185 */ "bcastsync\0"
-/*  1195 */ "configuration file name\0"
-/*  1219 */ "CONFIGFILE\0"
-/*  1230 */ "configfile\0"
-/*  1241 */ "Increase output debug message level\0"
-/*  1277 */ "DEBUG_LEVEL\0"
-/*  1289 */ "debug-level\0"
-/*  1301 */ "this package was built using 'configure --disable--debug'\0"
-/*  1359 */ "Set the output debug message level\0"
-/*  1394 */ "SET_DEBUG_LEVEL\0"
-/*  1410 */ "set-debug-level\0"
-/*  1426 */ "frequency drift file name\0"
-/*  1452 */ "DRIFTFILE\0"
-/*  1462 */ "driftfile\0"
-/*  1472 */ "Allow the first adjustment to be Big\0"
-/*  1509 */ "PANICGATE\0"
-/*  1519 */ "panicgate\0"
-/*  1529 */ "Jail directory\0"
-/*  1544 */ "JAILDIR\0"
-/*  1552 */ "jaildir\0"
-/*  1560 */ "built without --enable-clockctl or --enable-linuxcaps\0"
-/*  1614 */ "Listen on an interface name or address\0"
-/*  1653 */ "INTERFACE\0"
-/*  1663 */ "interface\0"
-/*  1673 */ "path to symmetric keys\0"
-/*  1696 */ "KEYFILE\0"
-/*  1704 */ "keyfile\0"
-/*  1712 */ "path to the log file\0"
-/*  1733 */ "LOGFILE\0"
-/*  1741 */ "logfile\0"
-/*  1749 */ "Do not listen to virtual interfaces\0"
-/*  1785 */ "NOVIRTUALIPS\0"
-/*  1798 */ "novirtualips\0"
-/*  1811 */ "Modify Multimedia Timer (Windows only)\0"
-/*  1850 */ "MODIFYMMTIMER\0"
-/*  1864 */ "modifymmtimer\0"
-/*  1878 */ "Do not fork\0"
-/*  1890 */ "NOFORK\0"
-/*  1897 */ "nofork\0"
-/*  1904 */ "Run at high priority\0"
-/*  1925 */ "NICE\0"
-/*  1930 */ "nice\0"
-/*  1935 */ "path to the PID file\0"
-/*  1956 */ "PIDFILE\0"
-/*  1964 */ "pidfile\0"
-/*  1972 */ "Process priority\0"
-/*  1989 */ "PRIORITY\0"
-/*  1998 */ "priority\0"
-/*  2007 */ "Set the time and quit\0"
-/*  2029 */ "QUIT\0"
-/*  2034 */ "quit\0"
-/*  2039 */ "Broadcast/propagation delay\0"
-/*  2067 */ "PROPAGATIONDELAY\0"
-/*  2084 */ "propagationdelay\0"
-/*  2101 */ "Save parsed configuration and quit\0"
-/*  2136 */ "SAVECONFIGQUIT\0"
-/*  2151 */ "saveconfigquit\0"
-/*  2166 */ "Statistics file location\0"
-/*  2191 */ "STATSDIR\0"
-/*  2200 */ "statsdir\0"
-/*  2209 */ "Trusted key number\0"
-/*  2228 */ "TRUSTEDKEY\0"
-/*  2239 */ "trustedkey\0"
-/*  2250 */ "Run as userid (or userid:groupid)\0"
-/*  2284 */ "USER\0"
-/*  2289 */ "user\0"
-/*  2294 */ "interval in seconds between scans for new or dropped interfaces\0"
-/*  2358 */ "UPDATEINTERVAL\0"
-/*  2373 */ "updateinterval\0"
-/*  2388 */ "make ARG an ntp variable (RW)\0"
-/*  2418 */ "VAR\0"
-/*  2422 */ "var\0"
-/*  2426 */ "make ARG an ntp variable (RW|DEF)\0"
-/*  2460 */ "DVAR\0"
-/*  2465 */ "dvar\0"
-/*  2470 */ "Seconds to wait for first clock sync\0"
-/*  2507 */ "WAIT_SYNC\0"
-/*  2517 */ "wait-sync\0"
-/*  2527 */ "Slew up to 600 seconds\0"
-/*  2550 */ "SLEW\0"
-/*  2555 */ "slew\0"
-/*  2560 */ "Use CPU cycle counter (Windows only)\0"
-/*  2597 */ "USEPCC\0"
-/*  2604 */ "usepcc\0"
-/*  2611 */ "Force CPU cycle counter use (Windows only)\0"
-/*  2654 */ "PCCFREQ\0"
-/*  2662 */ "pccfreq\0"
-/*  2670 */ "Register with mDNS as a NTP server\0"
-/*  2705 */ "MDNS\0"
-/*  2710 */ "mdns\0"
-/*  2715 */ "Display extended usage information and exit\0"
-/*  2759 */ "help\0"
-/*  2764 */ "Extended usage information passed thru pager\0"
-/*  2809 */ "more-help\0"
-/*  2819 */ "Output version information and exit\0"
-/*  2855 */ "version\0"
-/*  2863 */ "NTPD\0"
-/*  2868 */ "ntpd - NTP daemon program - Ver. 4.2.7p295\n"
+            "advertising or publicity pertaining to distribution of the software without\n"
+            "specific, written prior permission.  The University of Delaware makes no\n"
+            "representations about the suitability this software for any purpose.  It is\n"
+            "provided \"as is\" without express or implied warranty.\n\0"
+/*   954 */ "Force IPv4 DNS name resolution\0"
+/*   985 */ "IPV4\0"
+/*   990 */ "ipv4\0"
+/*   995 */ "Force IPv6 DNS name resolution\0"
+/*  1026 */ "IPV6\0"
+/*  1031 */ "ipv6\0"
+/*  1036 */ "Require crypto authentication\0"
+/*  1066 */ "AUTHREQ\0"
+/*  1074 */ "authreq\0"
+/*  1082 */ "Do not require crypto authentication\0"
+/*  1119 */ "AUTHNOREQ\0"
+/*  1129 */ "authnoreq\0"
+/*  1139 */ "Allow us to sync to broadcast servers\0"
+/*  1177 */ "BCASTSYNC\0"
+/*  1187 */ "bcastsync\0"
+/*  1197 */ "configuration file name\0"
+/*  1221 */ "CONFIGFILE\0"
+/*  1232 */ "configfile\0"
+/*  1243 */ "Increase output debug message level\0"
+/*  1279 */ "DEBUG_LEVEL\0"
+/*  1291 */ "debug-level\0"
+/*  1303 */ "this package was built using 'configure --disable--debug'\0"
+/*  1361 */ "Set the output debug message level\0"
+/*  1396 */ "SET_DEBUG_LEVEL\0"
+/*  1412 */ "set-debug-level\0"
+/*  1428 */ "frequency drift file name\0"
+/*  1454 */ "DRIFTFILE\0"
+/*  1464 */ "driftfile\0"
+/*  1474 */ "Allow the first adjustment to be Big\0"
+/*  1511 */ "PANICGATE\0"
+/*  1521 */ "panicgate\0"
+/*  1531 */ "Jail directory\0"
+/*  1546 */ "JAILDIR\0"
+/*  1554 */ "jaildir\0"
+/*  1562 */ "built without --enable-clockctl or --enable-linuxcaps\0"
+/*  1616 */ "Listen on an interface name or address\0"
+/*  1655 */ "INTERFACE\0"
+/*  1665 */ "interface\0"
+/*  1675 */ "path to symmetric keys\0"
+/*  1698 */ "KEYFILE\0"
+/*  1706 */ "keyfile\0"
+/*  1714 */ "path to the log file\0"
+/*  1735 */ "LOGFILE\0"
+/*  1743 */ "logfile\0"
+/*  1751 */ "Do not listen to virtual interfaces\0"
+/*  1787 */ "NOVIRTUALIPS\0"
+/*  1800 */ "novirtualips\0"
+/*  1813 */ "Modify Multimedia Timer (Windows only)\0"
+/*  1852 */ "MODIFYMMTIMER\0"
+/*  1866 */ "modifymmtimer\0"
+/*  1880 */ "Do not fork\0"
+/*  1892 */ "NOFORK\0"
+/*  1899 */ "nofork\0"
+/*  1906 */ "Run at high priority\0"
+/*  1927 */ "NICE\0"
+/*  1932 */ "nice\0"
+/*  1937 */ "path to the PID file\0"
+/*  1958 */ "PIDFILE\0"
+/*  1966 */ "pidfile\0"
+/*  1974 */ "Process priority\0"
+/*  1991 */ "PRIORITY\0"
+/*  2000 */ "priority\0"
+/*  2009 */ "Set the time and quit\0"
+/*  2031 */ "QUIT\0"
+/*  2036 */ "quit\0"
+/*  2041 */ "Broadcast/propagation delay\0"
+/*  2069 */ "PROPAGATIONDELAY\0"
+/*  2086 */ "propagationdelay\0"
+/*  2103 */ "Save parsed configuration and quit\0"
+/*  2138 */ "SAVECONFIGQUIT\0"
+/*  2153 */ "saveconfigquit\0"
+/*  2168 */ "Statistics file location\0"
+/*  2193 */ "STATSDIR\0"
+/*  2202 */ "statsdir\0"
+/*  2211 */ "Trusted key number\0"
+/*  2230 */ "TRUSTEDKEY\0"
+/*  2241 */ "trustedkey\0"
+/*  2252 */ "Run as userid (or userid:groupid)\0"
+/*  2286 */ "USER\0"
+/*  2291 */ "user\0"
+/*  2296 */ "interval in seconds between scans for new or dropped interfaces\0"
+/*  2360 */ "UPDATEINTERVAL\0"
+/*  2375 */ "updateinterval\0"
+/*  2390 */ "make ARG an ntp variable (RW)\0"
+/*  2420 */ "VAR\0"
+/*  2424 */ "var\0"
+/*  2428 */ "make ARG an ntp variable (RW|DEF)\0"
+/*  2462 */ "DVAR\0"
+/*  2467 */ "dvar\0"
+/*  2472 */ "Seconds to wait for first clock sync\0"
+/*  2509 */ "WAIT_SYNC\0"
+/*  2519 */ "wait-sync\0"
+/*  2529 */ "Slew up to 600 seconds\0"
+/*  2552 */ "SLEW\0"
+/*  2557 */ "slew\0"
+/*  2562 */ "Use CPU cycle counter (Windows only)\0"
+/*  2599 */ "USEPCC\0"
+/*  2606 */ "usepcc\0"
+/*  2613 */ "Force CPU cycle counter use (Windows only)\0"
+/*  2656 */ "PCCFREQ\0"
+/*  2664 */ "pccfreq\0"
+/*  2672 */ "Register with mDNS as a NTP server\0"
+/*  2707 */ "MDNS\0"
+/*  2712 */ "mdns\0"
+/*  2717 */ "Display extended usage information and exit\0"
+/*  2761 */ "help\0"
+/*  2766 */ "Extended usage information passed thru pager\0"
+/*  2811 */ "more-help\0"
+/*  2821 */ "Output version information and exit\0"
+/*  2857 */ "version\0"
+/*  2865 */ "NTPD\0"
+/*  2870 */ "ntpd - NTP daemon program - Ver. 4.2.7p295\n"
             "USAGE:  %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \\\n"
             "\t\t[ <server1> ... <serverN> ]\n\0"
-/*  3001 */ "http://bugs.ntp.org, bugs at ntp.org\0"
-/*  3035 */ "\n\n\0"
-/*  3038 */ "ntpd 4.2.7p295";
+/*  3003 */ "http://bugs.ntp.org, bugs at ntp.org\0"
+/*  3037 */ "\n\n\0"
+/*  3040 */ "ntpd 4.2.7p295";
 
 /*
  *  ipv4 option description with
  *  "Must also have options" and "Incompatible options":
  */
-#define IPV4_DESC      (ntpd_opt_strs+952)
-#define IPV4_NAME      (ntpd_opt_strs+983)
-#define IPV4_name      (ntpd_opt_strs+988)
+#define IPV4_DESC      (ntpd_opt_strs+954)
+#define IPV4_NAME      (ntpd_opt_strs+985)
+#define IPV4_name      (ntpd_opt_strs+990)
 static int const aIpv4CantList[] = {
     INDEX_OPT_IPV6, NO_EQUIVALENT };
 #define IPV4_FLAGS     (OPTST_DISABLED)
@@ -220,9 +221,9 @@ static int const aIpv4CantList[] = {
  *  ipv6 option description with
  *  "Must also have options" and "Incompatible options":
  */
-#define IPV6_DESC      (ntpd_opt_strs+993)
-#define IPV6_NAME      (ntpd_opt_strs+1024)
-#define IPV6_name      (ntpd_opt_strs+1029)
+#define IPV6_DESC      (ntpd_opt_strs+995)
+#define IPV6_NAME      (ntpd_opt_strs+1026)
+#define IPV6_name      (ntpd_opt_strs+1031)
 static int const aIpv6CantList[] = {
     INDEX_OPT_IPV4, NO_EQUIVALENT };
 #define IPV6_FLAGS     (OPTST_DISABLED)
@@ -231,9 +232,9 @@ static int const aIpv6CantList[] = {
  *  authreq option description with
  *  "Must also have options" and "Incompatible options":
  */
-#define AUTHREQ_DESC      (ntpd_opt_strs+1034)
-#define AUTHREQ_NAME      (ntpd_opt_strs+1064)
-#define AUTHREQ_name      (ntpd_opt_strs+1072)
+#define AUTHREQ_DESC      (ntpd_opt_strs+1036)
+#define AUTHREQ_NAME      (ntpd_opt_strs+1066)
+#define AUTHREQ_name      (ntpd_opt_strs+1074)
 static int const aAuthreqCantList[] = {
     INDEX_OPT_AUTHNOREQ, NO_EQUIVALENT };
 #define AUTHREQ_FLAGS     (OPTST_DISABLED)
@@ -242,9 +243,9 @@ static int const aAuthreqCantList[] = {
  *  authnoreq option description with
  *  "Must also have options" and "Incompatible options":
  */
-#define AUTHNOREQ_DESC      (ntpd_opt_strs+1080)
-#define AUTHNOREQ_NAME      (ntpd_opt_strs+1117)
-#define AUTHNOREQ_name      (ntpd_opt_strs+1127)
+#define AUTHNOREQ_DESC      (ntpd_opt_strs+1082)
+#define AUTHNOREQ_NAME      (ntpd_opt_strs+1119)
+#define AUTHNOREQ_name      (ntpd_opt_strs+1129)
 static int const aAuthnoreqCantList[] = {
     INDEX_OPT_AUTHREQ, NO_EQUIVALENT };
 #define AUTHNOREQ_FLAGS     (OPTST_DISABLED)
@@ -252,17 +253,17 @@ static int const aAuthnoreqCantList[] = 
 /*
  *  bcastsync option description:
  */
-#define BCASTSYNC_DESC      (ntpd_opt_strs+1137)
-#define BCASTSYNC_NAME      (ntpd_opt_strs+1175)
-#define BCASTSYNC_name      (ntpd_opt_strs+1185)
+#define BCASTSYNC_DESC      (ntpd_opt_strs+1139)
+#define BCASTSYNC_NAME      (ntpd_opt_strs+1177)
+#define BCASTSYNC_name      (ntpd_opt_strs+1187)
 #define BCASTSYNC_FLAGS     (OPTST_DISABLED)
 
 /*
  *  configfile option description:
  */
-#define CONFIGFILE_DESC      (ntpd_opt_strs+1195)
-#define CONFIGFILE_NAME      (ntpd_opt_strs+1219)
-#define CONFIGFILE_name      (ntpd_opt_strs+1230)
+#define CONFIGFILE_DESC      (ntpd_opt_strs+1197)
+#define CONFIGFILE_NAME      (ntpd_opt_strs+1221)
+#define CONFIGFILE_name      (ntpd_opt_strs+1232)
 #define CONFIGFILE_FLAGS     (OPTST_DISABLED \
         | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
 
@@ -270,111 +271,111 @@ static int const aAuthnoreqCantList[] = 
  *  debug-level option description:
  */
 #ifdef DEBUG
-#define DEBUG_LEVEL_DESC      (ntpd_opt_strs+1241)
-#define DEBUG_LEVEL_NAME      (ntpd_opt_strs+1277)
-#define DEBUG_LEVEL_name      (ntpd_opt_strs+1289)
+#define DEBUG_LEVEL_DESC      (ntpd_opt_strs+1243)
+#define DEBUG_LEVEL_NAME      (ntpd_opt_strs+1279)
+#define DEBUG_LEVEL_name      (ntpd_opt_strs+1291)
 #define DEBUG_LEVEL_FLAGS     (OPTST_DISABLED)
 
 #else   /* disable debug-level */
 #define DEBUG_LEVEL_FLAGS     (OPTST_OMITTED | OPTST_NO_INIT)
 #define DEBUG_LEVEL_NAME      NULL
-#define DEBUG_LEVEL_DESC      (ntpd_opt_strs+1301)
-#define DEBUG_LEVEL_name      (ntpd_opt_strs+1289)
+#define DEBUG_LEVEL_DESC      (ntpd_opt_strs+1303)
+#define DEBUG_LEVEL_name      (ntpd_opt_strs+1291)
 #endif  /* DEBUG */
 
 /*
  *  set-debug-level option description:
  */
 #ifdef DEBUG
-#define SET_DEBUG_LEVEL_DESC      (ntpd_opt_strs+1359)
-#define SET_DEBUG_LEVEL_NAME      (ntpd_opt_strs+1394)
-#define SET_DEBUG_LEVEL_name      (ntpd_opt_strs+1410)
+#define SET_DEBUG_LEVEL_DESC      (ntpd_opt_strs+1361)
+#define SET_DEBUG_LEVEL_NAME      (ntpd_opt_strs+1396)
+#define SET_DEBUG_LEVEL_name      (ntpd_opt_strs+1412)
 #define SET_DEBUG_LEVEL_FLAGS     (OPTST_DISABLED \
         | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
 
 #else   /* disable set-debug-level */
 #define SET_DEBUG_LEVEL_FLAGS     (OPTST_OMITTED | OPTST_NO_INIT)
 #define SET_DEBUG_LEVEL_NAME      NULL
-#define SET_DEBUG_LEVEL_DESC      (ntpd_opt_strs+1301)
-#define SET_DEBUG_LEVEL_name      (ntpd_opt_strs+1410)
+#define SET_DEBUG_LEVEL_DESC      (ntpd_opt_strs+1303)
+#define SET_DEBUG_LEVEL_name      (ntpd_opt_strs+1412)
 #endif  /* DEBUG */
 
 /*
  *  driftfile option description:
  */
-#define DRIFTFILE_DESC      (ntpd_opt_strs+1426)
-#define DRIFTFILE_NAME      (ntpd_opt_strs+1452)
-#define DRIFTFILE_name      (ntpd_opt_strs+1462)
+#define DRIFTFILE_DESC      (ntpd_opt_strs+1428)
+#define DRIFTFILE_NAME      (ntpd_opt_strs+1454)
+#define DRIFTFILE_name      (ntpd_opt_strs+1464)
 #define DRIFTFILE_FLAGS     (OPTST_DISABLED \
         | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
 
 /*
  *  panicgate option description:
  */
-#define PANICGATE_DESC      (ntpd_opt_strs+1472)
-#define PANICGATE_NAME      (ntpd_opt_strs+1509)
-#define PANICGATE_name      (ntpd_opt_strs+1519)
+#define PANICGATE_DESC      (ntpd_opt_strs+1474)
+#define PANICGATE_NAME      (ntpd_opt_strs+1511)
+#define PANICGATE_name      (ntpd_opt_strs+1521)
 #define PANICGATE_FLAGS     (OPTST_DISABLED)
 
 /*
  *  jaildir option description:
  */
 #ifdef HAVE_DROPROOT
-#define JAILDIR_DESC      (ntpd_opt_strs+1529)
-#define JAILDIR_NAME      (ntpd_opt_strs+1544)
-#define JAILDIR_name      (ntpd_opt_strs+1552)
+#define JAILDIR_DESC      (ntpd_opt_strs+1531)
+#define JAILDIR_NAME      (ntpd_opt_strs+1546)
+#define JAILDIR_name      (ntpd_opt_strs+1554)
 #define JAILDIR_FLAGS     (OPTST_DISABLED \
         | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
 
 #else   /* disable jaildir */
 #define JAILDIR_FLAGS     (OPTST_OMITTED | OPTST_NO_INIT)
 #define JAILDIR_NAME      NULL
-#define JAILDIR_DESC      (ntpd_opt_strs+1560)
-#define JAILDIR_name      (ntpd_opt_strs+1552)
+#define JAILDIR_DESC      (ntpd_opt_strs+1562)
+#define JAILDIR_name      (ntpd_opt_strs+1554)
 #endif  /* HAVE_DROPROOT */
 
 /*
  *  interface option description:
  */
-#define INTERFACE_DESC      (ntpd_opt_strs+1614)
-#define INTERFACE_NAME      (ntpd_opt_strs+1653)
-#define INTERFACE_name      (ntpd_opt_strs+1663)
+#define INTERFACE_DESC      (ntpd_opt_strs+1616)
+#define INTERFACE_NAME      (ntpd_opt_strs+1655)
+#define INTERFACE_name      (ntpd_opt_strs+1665)
 #define INTERFACE_FLAGS     (OPTST_DISABLED | OPTST_STACKED \
         | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
 
 /*
  *  keyfile option description:
  */
-#define KEYFILE_DESC      (ntpd_opt_strs+1673)
-#define KEYFILE_NAME      (ntpd_opt_strs+1696)
-#define KEYFILE_name      (ntpd_opt_strs+1704)
+#define KEYFILE_DESC      (ntpd_opt_strs+1675)
+#define KEYFILE_NAME      (ntpd_opt_strs+1698)
+#define KEYFILE_name      (ntpd_opt_strs+1706)
 #define KEYFILE_FLAGS     (OPTST_DISABLED \
         | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
 
 /*
  *  logfile option description:
  */
-#define LOGFILE_DESC      (ntpd_opt_strs+1712)
-#define LOGFILE_NAME      (ntpd_opt_strs+1733)
-#define LOGFILE_name      (ntpd_opt_strs+1741)
+#define LOGFILE_DESC      (ntpd_opt_strs+1714)
+#define LOGFILE_NAME      (ntpd_opt_strs+1735)
+#define LOGFILE_name      (ntpd_opt_strs+1743)
 #define LOGFILE_FLAGS     (OPTST_DISABLED \
         | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
 
 /*
  *  novirtualips option description:
  */
-#define NOVIRTUALIPS_DESC      (ntpd_opt_strs+1749)
-#define NOVIRTUALIPS_NAME      (ntpd_opt_strs+1785)
-#define NOVIRTUALIPS_name      (ntpd_opt_strs+1798)
+#define NOVIRTUALIPS_DESC      (ntpd_opt_strs+1751)
+#define NOVIRTUALIPS_NAME      (ntpd_opt_strs+1787)
+#define NOVIRTUALIPS_name      (ntpd_opt_strs+1800)
 #define NOVIRTUALIPS_FLAGS     (OPTST_DISABLED)
 
 /*
  *  modifymmtimer option description:
  */
 #ifdef SYS_WINNT
-#define MODIFYMMTIMER_DESC      (ntpd_opt_strs+1811)
-#define MODIFYMMTIMER_NAME      (ntpd_opt_strs+1850)
-#define MODIFYMMTIMER_name      (ntpd_opt_strs+1864)
+#define MODIFYMMTIMER_DESC      (ntpd_opt_strs+1813)
+#define MODIFYMMTIMER_NAME      (ntpd_opt_strs+1852)
+#define MODIFYMMTIMER_name      (ntpd_opt_strs+1866)
 #define MODIFYMMTIMER_FLAGS     (OPTST_DISABLED)
 
 #else   /* disable modifymmtimer */
@@ -388,9 +389,9 @@ static int const aAuthnoreqCantList[] = 
  *  nofork option description with
  *  "Must also have options" and "Incompatible options":
  */
-#define NOFORK_DESC      (ntpd_opt_strs+1878)
-#define NOFORK_NAME      (ntpd_opt_strs+1890)
-#define NOFORK_name      (ntpd_opt_strs+1897)
+#define NOFORK_DESC      (ntpd_opt_strs+1880)
+#define NOFORK_NAME      (ntpd_opt_strs+1892)
+#define NOFORK_name      (ntpd_opt_strs+1899)
 static int const aNoforkCantList[] = {
     INDEX_OPT_WAIT_SYNC, NO_EQUIVALENT };
 #define NOFORK_FLAGS     (OPTST_DISABLED)
@@ -398,26 +399,26 @@ static int const aNoforkCantList[] = {
 /*
  *  nice option description:
  */
-#define NICE_DESC      (ntpd_opt_strs+1904)
-#define NICE_NAME      (ntpd_opt_strs+1925)
-#define NICE_name      (ntpd_opt_strs+1930)
+#define NICE_DESC      (ntpd_opt_strs+1906)
+#define NICE_NAME      (ntpd_opt_strs+1927)
+#define NICE_name      (ntpd_opt_strs+1932)
 #define NICE_FLAGS     (OPTST_DISABLED)
 
 /*
  *  pidfile option description:
  */
-#define PIDFILE_DESC      (ntpd_opt_strs+1935)
-#define PIDFILE_NAME      (ntpd_opt_strs+1956)
-#define PIDFILE_name      (ntpd_opt_strs+1964)
+#define PIDFILE_DESC      (ntpd_opt_strs+1937)
+#define PIDFILE_NAME      (ntpd_opt_strs+1958)
+#define PIDFILE_name      (ntpd_opt_strs+1966)
 #define PIDFILE_FLAGS     (OPTST_DISABLED \
         | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
 
 /*
  *  priority option description:
  */
-#define PRIORITY_DESC      (ntpd_opt_strs+1972)
-#define PRIORITY_NAME      (ntpd_opt_strs+1989)
-#define PRIORITY_name      (ntpd_opt_strs+1998)
+#define PRIORITY_DESC      (ntpd_opt_strs+1974)
+#define PRIORITY_NAME      (ntpd_opt_strs+1991)
+#define PRIORITY_name      (ntpd_opt_strs+2000)
 #define PRIORITY_FLAGS     (OPTST_DISABLED \
         | OPTST_SET_ARGTYPE(OPARG_TYPE_NUMERIC))
 
@@ -425,9 +426,9 @@ static int const aNoforkCantList[] = {
  *  quit option description with
  *  "Must also have options" and "Incompatible options":
  */
-#define QUIT_DESC      (ntpd_opt_strs+2007)
-#define QUIT_NAME      (ntpd_opt_strs+2029)
-#define QUIT_name      (ntpd_opt_strs+2034)
+#define QUIT_DESC      (ntpd_opt_strs+2009)
+#define QUIT_NAME      (ntpd_opt_strs+2031)
+#define QUIT_name      (ntpd_opt_strs+2036)
 static int const aQuitCantList[] = {
     INDEX_OPT_SAVECONFIGQUIT,
     INDEX_OPT_WAIT_SYNC, NO_EQUIVALENT };
@@ -436,9 +437,9 @@ static int const aQuitCantList[] = {
 /*
  *  propagationdelay option description:
  */
-#define PROPAGATIONDELAY_DESC      (ntpd_opt_strs+2039)
-#define PROPAGATIONDELAY_NAME      (ntpd_opt_strs+2067)
-#define PROPAGATIONDELAY_name      (ntpd_opt_strs+2084)
+#define PROPAGATIONDELAY_DESC      (ntpd_opt_strs+2041)
+#define PROPAGATIONDELAY_NAME      (ntpd_opt_strs+2069)
+#define PROPAGATIONDELAY_name      (ntpd_opt_strs+2086)
 #define PROPAGATIONDELAY_FLAGS     (OPTST_DISABLED \
         | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
 
@@ -447,9 +448,9 @@ static int const aQuitCantList[] = {
  *  "Must also have options" and "Incompatible options":
  */
 #ifdef SAVECONFIG
-#define SAVECONFIGQUIT_DESC      (ntpd_opt_strs+2101)
-#define SAVECONFIGQUIT_NAME      (ntpd_opt_strs+2136)
-#define SAVECONFIGQUIT_name      (ntpd_opt_strs+2151)
+#define SAVECONFIGQUIT_DESC      (ntpd_opt_strs+2103)
+#define SAVECONFIGQUIT_NAME      (ntpd_opt_strs+2138)
+#define SAVECONFIGQUIT_name      (ntpd_opt_strs+2153)
 static int const aSaveconfigquitCantList[] = {
     INDEX_OPT_QUIT,
     INDEX_OPT_WAIT_SYNC, NO_EQUIVALENT };
@@ -467,18 +468,18 @@ static int const aSaveconfigquitCantList
 /*
  *  statsdir option description:
  */
-#define STATSDIR_DESC      (ntpd_opt_strs+2166)
-#define STATSDIR_NAME      (ntpd_opt_strs+2191)
-#define STATSDIR_name      (ntpd_opt_strs+2200)
+#define STATSDIR_DESC      (ntpd_opt_strs+2168)
+#define STATSDIR_NAME      (ntpd_opt_strs+2193)
+#define STATSDIR_name      (ntpd_opt_strs+2202)
 #define STATSDIR_FLAGS     (OPTST_DISABLED \
         | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
 
 /*
  *  trustedkey option description:
  */
-#define TRUSTEDKEY_DESC      (ntpd_opt_strs+2209)
-#define TRUSTEDKEY_NAME      (ntpd_opt_strs+2228)
-#define TRUSTEDKEY_name      (ntpd_opt_strs+2239)
+#define TRUSTEDKEY_DESC      (ntpd_opt_strs+2211)
+#define TRUSTEDKEY_NAME      (ntpd_opt_strs+2230)
+#define TRUSTEDKEY_name      (ntpd_opt_strs+2241)
 #define TRUSTEDKEY_FLAGS     (OPTST_DISABLED | OPTST_STACKED \
         | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
 
@@ -486,43 +487,43 @@ static int const aSaveconfigquitCantList
  *  user option description:
  */
 #ifdef HAVE_DROPROOT
-#define USER_DESC      (ntpd_opt_strs+2250)
-#define USER_NAME      (ntpd_opt_strs+2284)
-#define USER_name      (ntpd_opt_strs+2289)
+#define USER_DESC      (ntpd_opt_strs+2252)
+#define USER_NAME      (ntpd_opt_strs+2286)
+#define USER_name      (ntpd_opt_strs+2291)
 #define USER_FLAGS     (OPTST_DISABLED \
         | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
 
 #else   /* disable user */
 #define USER_FLAGS     (OPTST_OMITTED | OPTST_NO_INIT)
 #define USER_NAME      NULL
-#define USER_DESC      (ntpd_opt_strs+1560)
-#define USER_name      (ntpd_opt_strs+2289)
+#define USER_DESC      (ntpd_opt_strs+1562)
+#define USER_name      (ntpd_opt_strs+2291)
 #endif  /* HAVE_DROPROOT */
 
 /*
  *  updateinterval option description:
  */
-#define UPDATEINTERVAL_DESC      (ntpd_opt_strs+2294)
-#define UPDATEINTERVAL_NAME      (ntpd_opt_strs+2358)
-#define UPDATEINTERVAL_name      (ntpd_opt_strs+2373)
+#define UPDATEINTERVAL_DESC      (ntpd_opt_strs+2296)
+#define UPDATEINTERVAL_NAME      (ntpd_opt_strs+2360)
+#define UPDATEINTERVAL_name      (ntpd_opt_strs+2375)
 #define UPDATEINTERVAL_FLAGS     (OPTST_DISABLED \
         | OPTST_SET_ARGTYPE(OPARG_TYPE_NUMERIC))
 
 /*
  *  var option description:
  */
-#define VAR_DESC      (ntpd_opt_strs+2388)
-#define VAR_NAME      (ntpd_opt_strs+2418)
-#define VAR_name      (ntpd_opt_strs+2422)
+#define VAR_DESC      (ntpd_opt_strs+2390)
+#define VAR_NAME      (ntpd_opt_strs+2420)
+#define VAR_name      (ntpd_opt_strs+2424)
 #define VAR_FLAGS     (OPTST_DISABLED | OPTST_STACKED \
         | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
 
 /*
  *  dvar option description:
  */
-#define DVAR_DESC      (ntpd_opt_strs+2426)
-#define DVAR_NAME      (ntpd_opt_strs+2460)
-#define DVAR_name      (ntpd_opt_strs+2465)
+#define DVAR_DESC      (ntpd_opt_strs+2428)
+#define DVAR_NAME      (ntpd_opt_strs+2462)
+#define DVAR_name      (ntpd_opt_strs+2467)
 #define DVAR_FLAGS     (OPTST_DISABLED | OPTST_STACKED \
         | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
 
@@ -531,9 +532,9 @@ static int const aSaveconfigquitCantList
  *  "Must also have options" and "Incompatible options":
  */
 #ifdef HAVE_WORKING_FORK
-#define WAIT_SYNC_DESC      (ntpd_opt_strs+2470)
-#define WAIT_SYNC_NAME      (ntpd_opt_strs+2507)
-#define WAIT_SYNC_name      (ntpd_opt_strs+2517)
+#define WAIT_SYNC_DESC      (ntpd_opt_strs+2472)
+#define WAIT_SYNC_NAME      (ntpd_opt_strs+2509)
+#define WAIT_SYNC_name      (ntpd_opt_strs+2519)
 static int const aWait_SyncCantList[] = {
     INDEX_OPT_NOFORK,
     INDEX_OPT_QUIT,
@@ -552,18 +553,18 @@ static int const aWait_SyncCantList[] = 
 /*
  *  slew option description:
  */
-#define SLEW_DESC      (ntpd_opt_strs+2527)
-#define SLEW_NAME      (ntpd_opt_strs+2550)
-#define SLEW_name      (ntpd_opt_strs+2555)
+#define SLEW_DESC      (ntpd_opt_strs+2529)
+#define SLEW_NAME      (ntpd_opt_strs+2552)
+#define SLEW_name      (ntpd_opt_strs+2557)
 #define SLEW_FLAGS     (OPTST_DISABLED)
 
 /*
  *  usepcc option description:
  */
 #ifdef SYS_WINNT
-#define USEPCC_DESC      (ntpd_opt_strs+2560)
-#define USEPCC_NAME      (ntpd_opt_strs+2597)
-#define USEPCC_name      (ntpd_opt_strs+2604)
+#define USEPCC_DESC      (ntpd_opt_strs+2562)
+#define USEPCC_NAME      (ntpd_opt_strs+2599)
+#define USEPCC_name      (ntpd_opt_strs+2606)
 #define USEPCC_FLAGS     (OPTST_DISABLED)
 
 #else   /* disable usepcc */
@@ -577,9 +578,9 @@ static int const aWait_SyncCantList[] = 
  *  pccfreq option description:
  */
 #ifdef SYS_WINNT
-#define PCCFREQ_DESC      (ntpd_opt_strs+2611)
-#define PCCFREQ_NAME      (ntpd_opt_strs+2654)
-#define PCCFREQ_name      (ntpd_opt_strs+2662)
+#define PCCFREQ_DESC      (ntpd_opt_strs+2613)
+#define PCCFREQ_NAME      (ntpd_opt_strs+2656)
+#define PCCFREQ_name      (ntpd_opt_strs+2664)
 #define PCCFREQ_FLAGS     (OPTST_DISABLED \
         | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
 
@@ -594,9 +595,9 @@ static int const aWait_SyncCantList[] = 
  *  mdns option description:
  */
 #ifdef HAVE_DNSREGISTRATION
-#define MDNS_DESC      (ntpd_opt_strs+2670)
-#define MDNS_NAME      (ntpd_opt_strs+2705)
-#define MDNS_name      (ntpd_opt_strs+2710)
+#define MDNS_DESC      (ntpd_opt_strs+2672)
+#define MDNS_NAME      (ntpd_opt_strs+2707)
+#define MDNS_name      (ntpd_opt_strs+2712)
 #define MDNS_FLAGS     (OPTST_DISABLED)
 
 #else   /* disable mdns */
@@ -609,11 +610,11 @@ static int const aWait_SyncCantList[] = 
 /*
  *  Help/More_Help/Version option descriptions:
  */
-#define HELP_DESC       (ntpd_opt_strs+2715)
-#define HELP_name       (ntpd_opt_strs+2759)
+#define HELP_DESC       (ntpd_opt_strs+2717)
+#define HELP_name       (ntpd_opt_strs+2761)
 #ifdef HAVE_WORKING_FORK
-#define MORE_HELP_DESC  (ntpd_opt_strs+2764)
-#define MORE_HELP_name  (ntpd_opt_strs+2809)
+#define MORE_HELP_DESC  (ntpd_opt_strs+2766)
+#define MORE_HELP_name  (ntpd_opt_strs+2811)
 #define MORE_HELP_FLAGS (OPTST_IMM | OPTST_NO_INIT)
 #else
 #define MORE_HELP_DESC  NULL
@@ -626,8 +627,8 @@ static int const aWait_SyncCantList[] = 
 #  define VER_FLAGS     (OPTST_SET_ARGTYPE(OPARG_TYPE_STRING) | \
                          OPTST_ARG_OPTIONAL | OPTST_IMM | OPTST_NO_INIT)
 #endif
-#define VER_DESC        (ntpd_opt_strs+2819)
-#define VER_name        (ntpd_opt_strs+2855)
+#define VER_DESC        (ntpd_opt_strs+2821)
+#define VER_name        (ntpd_opt_strs+2857)
 /*
  *  Declare option callback procedures
  */
@@ -667,13 +668,14 @@ static tOptProc
  */
 #define SET_DEBUG_LEVEL_OPT_PROC doOptSet_Debug_Level
 
-#define SET_DEBUG_LEVEL_OPT_PROC doOptSet_Debug_Level
 #endif /* defined(TEST_NTPD_OPTS) */
 #define VER_PROC        ntpOptionPrintVersion
 
-/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
- *
- *  Define the Ntpd Option Descriptions.
+/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
+/**
+ *  Define the ntpd Option Descriptions.
+ * This is an array of OPTION_CT entries, one for each
+ * option that the ntpd program responds to.
  */
 static tOptDesc optDesc[OPTION_CT] = {
   {  /* entry idx, value */ 0, VALUE_OPT_IPV4,
@@ -1126,17 +1128,17 @@ static tOptDesc optDesc[OPTION_CT] = {
 
 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
  *
- *  Define the Ntpd Option Environment
+ *  Define the ntpd Option Environment
  */
-#define zPROGNAME       (ntpd_opt_strs+2863)
-#define zUsageTitle     (ntpd_opt_strs+2868)
+#define zPROGNAME       (ntpd_opt_strs+2865)
+#define zUsageTitle     (ntpd_opt_strs+2870)
 #define zRcName         NULL
 #define apzHomeList     NULL
-#define zBugsAddr       (ntpd_opt_strs+3001)
-#define zExplain        (ntpd_opt_strs+3035)
+#define zBugsAddr       (ntpd_opt_strs+3003)
+#define zExplain        (ntpd_opt_strs+3037)
 #define zDetail         (NULL)
-#define zFullVersion    (ntpd_opt_strs+3038)
-/* extracted from optcode.tlib near line 315 */
+#define zFullVersion    (ntpd_opt_strs+3040)
+/* extracted from optcode.tlib near line 350 */
 
 #if defined(ENABLE_NLS)
 # define OPTPROC_BASE OPTPROC_TRANSLATE
@@ -1151,21 +1153,35 @@ static tOptDesc optDesc[OPTION_CT] = {
 
 #define ntpd_short_usage (NULL)
 
+#endif /* not defined __doxygen__ */
+
 /*
  *  Create the static procedure(s) declared above.
  */
+/**
+ * The callout function that invokes the optionUsage function.
+ *
+ * @param pOptions the AutoOpts option description structure
+ * @param pOptDesc the descriptor for the "help" (usage) option.
+ * @noreturn
+ */
 static void
 doUsageOpt(tOptions * pOptions, tOptDesc * pOptDesc)
 {
+    optionUsage(&ntpdOptions, NTPD_EXIT_SUCCESS);
+    /* NOTREACHED */
+    (void)pOptDesc;
     (void)pOptions;
-    USAGE(NTPD_EXIT_SUCCESS);
 }
 
 #if ! defined(TEST_NTPD_OPTS)
 
-/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
+/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
+/**
+ * Code to handle the set-debug-level option, when DEBUG is #define-d.
  *
- *   For the set-debug-level option, when DEBUG is #define-d.
+ * @param pOptions the ntpd options data structure
+ * @param pOptDesc the option descriptor for this option.
  */
 #ifdef DEBUG
 static void
@@ -1173,15 +1189,24 @@ doOptSet_Debug_Level(tOptions* pOptions,
 {
     /* extracted from ntpdbase-opts.def, line 100 */
 DESC(DEBUG_LEVEL).optOccCt = atoi( pOptDesc->pzLastArg );
+    (void)pOptions;
 }
 #endif /* defined DEBUG */
 #endif /* defined(TEST_NTPD_OPTS) */
-/* extracted from optmain.tlib near line 128 */
+/* extracted from optmain.tlib near line 48 */
 
 #if defined(TEST_NTPD_OPTS) /* TEST MAIN PROCEDURE: */
 
 extern void optionPutShell(tOptions*);
 
+/**
+ * Generated main procedure.  This will emit text that a Bourne shell can
+ * process to handle its command line arguments.
+ *
+ * @param argc argument count
+ * @param argv argument vector
+ * @returns program exit code
+ */
 int
 main(int argc, char ** argv)
 {
@@ -1194,12 +1219,19 @@ main(int argc, char ** argv)
     return res;
 }
 #endif  /* defined TEST_NTPD_OPTS */
-/* extracted from optmain.tlib near line 1148 */
+/* extracted from optmain.tlib near line 1146 */
 
+/**
+ * The directory containing the data associated with ntpd.
+ */
 #ifndef  PKGDATADIR
 # define PKGDATADIR ""
 #endif
 
+/**
+ * Information about the person or institution that packaged ntpd
+ * for the current distribution.
+ */
 #ifndef  WITH_PACKAGER
 # define ntpd_packager_info NULL
 #else
@@ -1215,7 +1247,13 @@ static char const ntpd_packager_info[] =
 # endif
     "\n";
 #endif
+#ifndef __doxygen__
 
+#endif /* __doxygen__ */
+/**
+ * The option definitions for ntpd.  The one structure that
+ * binds them all.
+ */
 tOptions ntpdOptions = {
     OPTIONS_STRUCT_VERSION,
     0, NULL,                    /* original argc + argv    */
@@ -1259,7 +1297,16 @@ tOptions ntpdOptions = {
 static char* AO_gettext(char const* pz);
 static void  coerce_it(void** s);
 
-static char*
+/**
+ * AutoGen specific wrapper function for gettext.
+ * It relies on the macro _() to convert from English to the target
+ * language, then strdup-duplicates the result string.
+ *
+ * @param[in] pz the input text used as a lookup key.
+ * @returns the translated text (if there is one),
+ *   or the original text (if not).
+ */
+static char *
 AO_gettext(char const* pz)
 {
     char* pzRes;
@@ -1279,8 +1326,9 @@ AO_gettext(char const* pz)
 static void coerce_it(void** s) { *s = AO_gettext(*s);
 }
 
-/*
- *  This invokes the translation code (e.g. gettext(3)).
+/**
+ * Translate all the translatable strings in the ntpdOptions
+ * structure defined above.  This is done only once.
  */
 static void
 translate_option_strings(void)

==== ntpd/ntpd-opts.h ====
2012-08-12 04:32:17+00:00, stenn at psp-fb1.ntp.org +12 -5
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.301/ntpd/ntpd-opts.h	2012-08-11 07:33:23 -04:00
+++ 1.302/ntpd/ntpd-opts.h	2012-08-12 00:32:17 -04:00
@@ -1,11 +1,11 @@
 /*  
  *  EDIT THIS FILE WITH CAUTION  (ntpd-opts.h)
  *  
- *  It has been AutoGen-ed  August 11, 2012 at 11:30:29 AM by AutoGen 5.14
+ *  It has been AutoGen-ed  August 11, 2012 at 08:39:25 PM by AutoGen 5.16.2
  *  From the definitions    ntpd-opts.def
  *  and the template file   options
  *
- * Generated from AutoOpts 36:1:11 templates.
+ * Generated from AutoOpts 36:5:11 templates.
  *
  *  AutoOpts is a copyrighted work.  This header file is not encumbered
  *  by AutoOpts licensing, but is provided under the licensing terms chosen
@@ -53,7 +53,7 @@
  *  tolerable version is at least as old as what was current when the header
  *  template was released.
  */
-#define AO_TEMPLATE_VERSION 147457
+#define AO_TEMPLATE_VERSION 147461
 #if (AO_TEMPLATE_VERSION < OPTIONS_MINIMUM_VERSION) \
  || (AO_TEMPLATE_VERSION > OPTIONS_STRUCT_VERSION)
 # error option template version mismatches autoopts/options.h header
@@ -134,7 +134,8 @@ typedef enum {
  */
 typedef enum {
     NTPD_EXIT_SUCCESS = 0,
-    NTPD_EXIT_FAILURE = 1
+    NTPD_EXIT_FAILURE = 1,
+    NTPD_EXIT_LIBOPTS_FAILURE = 70
 } ntpd_exit_code_t;
 /*
  *  Make sure there are no #define name conflicts with the option names
@@ -371,7 +372,7 @@ typedef enum {
                 ntpdOptions.pzCurOpt  = NULL)
 #define START_OPT       RESTART_OPT(1)
 #define USAGE(c)        (*ntpdOptions.pUsageProc)(&ntpdOptions, c)
-/* extracted from opthead.tlib near line 469 */
+/* extracted from opthead.tlib near line 484 */
 
 #ifdef  __cplusplus
 extern "C" {
@@ -387,6 +388,12 @@ extern tOptions ntpdOptions;
 #if defined(ENABLE_NLS)
 # ifndef _
 #   include <stdio.h>
+#   ifndef HAVE_GETTEXT
+      extern char * gettext(char const *);
+#   else
+#     include <libintl.h>
+#   endif
+
 static inline char* aoGetsText(char const* pz) {
     if (pz == NULL) return NULL;
     return (char*)gettext(pz);

==== ntpd/ntpd.1ntpdman ====
2012-08-12 04:32:18+00:00, stenn at psp-fb1.ntp.org +43 -43
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.112/ntpd/ntpd.1ntpdman	2012-08-11 07:33:23 -04:00
+++ 1.113/ntpd/ntpd.1ntpdman	2012-08-12 00:32:18 -04:00
@@ -2,7 +2,7 @@
 .\"
 .\"  EDIT THIS FILE WITH CAUTION  (ntpd-opts.man)
 .\"  
-.\"  It has been AutoGen-ed  August 11, 2012 at 11:31:44 AM by AutoGen 5.14
+.\"  It has been AutoGen-ed  August 11, 2012 at 08:57:48 PM by AutoGen 5.16.2
 .\"  From the definitions    ntpd-opts.def
 .\"  and the template file   agman-cmd.tpl
 .\"
@@ -15,7 +15,7 @@ ntpd \- NTP daemon program
 .PP
 .SH DESCRIPTION
 The
-.B 
+.B XXX Program Name
 utility is an operating system daemon which sets
 and maintains the system time of day in synchronism with Internet
 standard time servers.
@@ -26,7 +26,7 @@ version 3, as defined by RFC-1305, and v
 and 2, as defined by RFC-1059 and RFC-1119, respectively.
 .PP
 The
-.B 
+.B XXX Program Name
 utility does most computations in 64-bit floating point
 arithmetic and does relatively clumsy 64-bit fixed point operations
 only when necessary to preserve the ultimate precision, about 232
@@ -36,7 +36,7 @@ ordinary workstations and networks of to
 with future gigahertz CPU clocks and gigabit LANs.
 .PP
 Ordinarily,
-.B 
+.B XXX Program Name
 reads the
 .Xr ntp.conf 5
 configuration file at startup time in order to determine the
@@ -50,9 +50,9 @@ broadcast/multicast client, with all pee
 listening to broadcasts at run time.
 .PP
 If NetInfo support is built into
-.B  ,
+.B XXX Program Name ,
 then
-.B 
+.B XXX Program Name
 will attempt to read its configuration from the
 NetInfo if the default
 .Xr ntp.conf 5
@@ -62,10 +62,10 @@ c
 option.
 .PP
 Various internal
-.B 
+.B XXX Program Name
 variables can be displayed and
 configuration options altered while the
-.B 
+.B XXX Program Name
 is running
 using the
 .Xr ntpq 8
@@ -74,11 +74,11 @@ and
 utility programs.
 .PP
 When
-.B 
+.B XXX Program Name
 starts it looks at the value of
 .Xr umask 2 ,
 and if zero
-.B 
+.B XXX Program Name
 will set the
 .Xr umask 2
 to 022.
@@ -197,7 +197,7 @@ Open the network address given, or all t
 given interface name.  This option may appear multiple times.  This option
 also implies not opening other addresses, except wildcard and localhost.
 This option is deprecated. Please consider using the configuration file
-interface command, which is more versatile. 
+interface command, which is more versatile.
 .TP
 .BR \-k " \fIstring\fP, " \-\-keyfile "=" \fIstring\fP
 path to symmetric keys.
@@ -413,9 +413,9 @@ by loading values from environment varia
 .fi
 .ad
 .SH USAGE
-.Ss "How NTP Operates"
+.SS "How NTP Operates"
 The
-.B 
+.B XXX Program Name
 utility operates by exchanging messages with
 one or more configured servers over a range of designated poll intervals.
 When
@@ -447,17 +447,17 @@ After the machine has
 synchronized to a NTP server, the operating system corrects the
 chip from time to time.
 In the default case, if
-.B 
+.B XXX Program Name
 detects that the time on the host
 is more than 1000s from the server time,
-.B 
+.B XXX Program Name
 assumes something must be terribly wrong and the only
 reliable action is for the operator to intervene and set the clock
 by hand.
 (Reasons for this include there is no TOY chip,
 or its battery is dead, or that the TOY chip is just of poor quality.)
 This causes
-.B 
+.B XXX Program Name
 to exit with a panic message to
 the system log.
 The
@@ -469,11 +469,11 @@ this is a limitation of the NTPv4 protoc
 However, and to protect against broken hardware, such as when the
 CMOS battery fails or the clock counter becomes defective, once the
 clock has been set an error greater than 1000s will cause
-.B 
+.B XXX Program Name
 to exit anyway.
 .PP
 Under ordinary conditions,
-.B 
+.B XXX Program Name
 adjusts the clock in
 small steps so that the timescale is effectively continuous and
 without discontinuities.
@@ -482,7 +482,7 @@ congestion, the roundtrip delay jitter c
 the synchronization distance, which is equal to one-half the
 roundtrip delay plus error budget terms, can become very large.
 The
-.B 
+.B XXX Program Name
 algorithms discard sample offsets exceeding 128 ms,
 unless the interval during which no sample offset is less than 128
 ms exceeds 900s.
@@ -496,7 +496,7 @@ As the result of this behavior, once the
 very rarely strays more than 128 ms even under extreme cases of
 network path congestion and jitter.
 Sometimes, in particular when
-.B 
+.B XXX Program Name
 is first started without a valid drift file
 on a system with a large intrinsic drift
 the error might grow to exceed 128 ms,
@@ -533,7 +533,7 @@ correction is required.
 If following such a correction the
 frequency error is so large that the first sample is outside the
 acceptable range,
-.B 
+.B XXX Program Name
 enters the same state as when the
 .Pa ntp.drift
 file is not present.
@@ -563,7 +563,7 @@ but this was never more than a mediocre 
 There is a way to start
 .Xr ntpd 8
 that often addresses all of the problems mentioned above.
-.Ss "Starting NTP (Best Current Practice)"
+.SS "Starting NTP (Best Current Practice)"
 First, use the
 .Cm iburst
 option on your
@@ -607,9 +607,9 @@ and after
 exits successfully
 it is as safe as it will ever be to start any process that require
 stable time.
-.Ss "Frequency Discipline"
+.SS "Frequency Discipline"
 The
-.B 
+.B XXX Program Name
 behavior at startup depends on whether the
 frequency file, usually
 .Pa ntp.drift ,
@@ -617,30 +617,30 @@ exists.
 This file
 contains the latest estimate of clock frequency error.
 When the
-.B 
+.B XXX Program Name
 is started and the file does not exist, the
-.B 
+.B XXX Program Name
 enters a special mode designed to quickly adapt to
 the particular system clock oscillator time and frequency error.
 This takes approximately 15 minutes, after which the time and
 frequency are set to nominal values and the
-.B 
+.B XXX Program Name
 enters
 normal mode, where the time and frequency are continuously tracked
 relative to the server.
 After one hour the frequency file is
 created and the current frequency offset written to it.
 When the
-.B 
+.B XXX Program Name
 is started and the file does exist, the
-.B 
+.B XXX Program Name
 frequency is initialized from the file and enters normal mode
 immediately.
 After that the current frequency offset is written to
 the file at hourly intervals.
-.Ss "Operating Modes"
+.SS "Operating Modes"
 The
-.B 
+.B XXX Program Name
 utility can operate in any of several modes, including
 symmetric active/passive, client/server broadcast/multicast and
 manycast, as described in the
@@ -664,7 +664,7 @@ fleet of workstations without specifying
 specific to the local environment.
 .PP
 By default,
-.B 
+.B XXX Program Name
 runs in continuous mode where each of
 possibly several external servers is polled at intervals determined
 by an intricate state machine.
@@ -681,7 +681,7 @@ unreachable for some time, the poll inte
 to 1024s in order to reduce network overhead.
 .PP
 In some cases it may not be practical for
-.B 
+.B XXX Program Name
 to run
 continuously.
 A common workaround has been to run the
@@ -692,12 +692,12 @@ job at designated
 times.
 However, this program does not have the crafted signal
 processing, error checking and mitigation algorithms of
-.B  .
+.B XXX Program Name .
 The
 q
 option is intended for this purpose.
 Setting this option will cause
-.B 
+.B XXX Program Name
 to exit just after
 setting the clock for the first time.
 The procedure for initially
@@ -724,20 +724,20 @@ frequency, which is the case for stock S
 a useful feature is available to discipline the clock
 frequency.
 First,
-.B 
+.B XXX Program Name
 is run in continuous mode with
 selected servers in order to measure and record the intrinsic clock
 frequency offset in the frequency file.
 It may take some hours for
 the frequency and offset to settle down.
 Then the
-.B 
+.B XXX Program Name
 is
 stopped and run in one-time mode as required.
 At each startup, the
 frequency is read from the file and initializes the kernel
 frequency.
-.Ss "Poll Interval Control"
+.SS "Poll Interval Control"
 This version of NTP includes an intricate state machine to
 reduce the network load while maintaining a quality of
 synchronization consistent with the observed jitter and wander.
@@ -784,7 +784,7 @@ this limit.
 Once this is done, the drift file is automatically
 updated once per hour and is available to initialize the frequency
 on subsequent daemon restarts.
-.Ss "The huff-n'-puff Filter"
+.SS "The huff-n'-puff Filter"
 In scenarios where a considerable amount of data are to be
 downloaded or uploaded over telephone modems, timekeeping quality
 can be seriously degraded.
@@ -833,10 +833,10 @@ the default name of the key file
 .SH "EXIT STATUS"
 One of the following exit values will be returned:
 .TP
-.BR 0
+.BR 0 " (EXIT_SUCCESS)"
 Successful program execution.
 .TP
-.BR 1
+.BR 1 " (EXIT_FAILURE)"
 The operation failed or the command syntax was not valid.
 .SH "SEE ALSO"
 .Xr ntp.conf 5 ,
@@ -899,11 +899,11 @@ Copyright (C) 1970-2012 The University o
 This program is released under the terms of the NTP license, <http://ntp.org/license>.
 .SH BUGS
 The
-.B 
+.B XXX Program Name
 utility has gotten rather fat.
 While not huge, it has gotten
 larger than might be desirable for an elevated-priority
-.B 
+.B XXX Program Name
 running on a workstation, particularly since many of
 the fancy features which consume the space were designed more with
 a busy primary server, rather than a high stratum workstation in

==== ntpd/ntpd.1ntpdmdoc ====
2012-08-12 04:32:18+00:00, stenn at psp-fb1.ntp.org +13 -9
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.112/ntpd/ntpd.1ntpdmdoc	2012-08-11 07:33:23 -04:00
+++ 1.113/ntpd/ntpd.1ntpdmdoc	2012-08-12 00:32:18 -04:00
@@ -1,9 +1,9 @@
 .Dd August 11 2012
 .Dt NTPD 1ntpdmdoc User Commands
-.Os SunOS 5.10
+.Os FreeBSD 6.4-STABLE
 .\"  EDIT THIS FILE WITH CAUTION  (ntpd-opts.mdoc)
 .\"  
-.\"  It has been AutoGen-ed  August 11, 2012 at 11:31:48 AM by AutoGen 5.14
+.\"  It has been AutoGen-ed  August 11, 2012 at 08:57:39 PM by AutoGen 5.16.2
 .\"  From the definitions    ntpd-opts.def
 .\"  and the template file   agmdoc-cmd.tpl
 .Sh NAME
@@ -121,6 +121,7 @@ This is almost never a good idea.
 .It  \-b ", " -\-bcastsync
 Allow us to sync to broadcast servers.
 .sp
+.sp
 .It  \-c " \fIstring\fP, " \-\-configfile "=" \fIstring\fP
 configuration file name.
 .sp
@@ -178,9 +179,9 @@ option.
 This option is only available if the OS supports adjusting the clock
 without full root privileges.
 This option is supported under NetBSD (configure with
---enable-clockctl
+-\-enable\-clockctl
 ) and Linux (configure with
---enable-linuxcaps
+-\-enable\-linuxcaps
 ).
 .It  \-I " \fIiface\fP, " \-\-interface "=" \fIiface\fP
 Listen on an interface name or address.
@@ -190,7 +191,7 @@ Open the network address given, or all t
 given interface name.  This option may appear multiple times.  This option
 also implies not opening other addresses, except wildcard and localhost.
 This option is deprecated. Please consider using the configuration file
-interface command, which is more versatile. 
+interface command, which is more versatile.
 .It  \-k " \fIstring\fP, " \-\-keyfile "=" \fIstring\fP
 path to symmetric keys.
 .sp
@@ -226,6 +227,7 @@ Do not fork.
 This option must not appear in combination with any of the following options:
 wait-sync.
 .sp
+.sp
 .It  \-N ", " -\-nice
 Run at high priority.
 .sp
@@ -297,9 +299,9 @@ Specify a user, and optionally a group, 
 This option is only available if the OS supports adjusting the clock
 without full root privileges.
 This option is supported under NetBSD (configure with
---enable-clockctl
+-\-enable\-clockctl
 ) and Linux (configure with
---enable-linuxcaps
+-\-enable\-linuxcaps
 ).
 .It  \-U " \fInumber\fP, " \-\-updateinterval "=" \fInumber\fP
 interval in seconds between scans for new or dropped interfaces.
@@ -313,10 +315,12 @@ Use 0 to disable scanning. 60 seconds is
 make ARG an ntp variable (RW).
 This option may appear an unlimited number of times.
 .sp
+.sp
 .It  \-\-dvar "=\fIndvar\fP"
 make ARG an ntp variable (RW|DEF).
 This option may appear an unlimited number of times.
 .sp
+.sp
 .It  \-w " \fInumber\fP, " \-\-wait\-sync "=" \fInumber\fP
 Seconds to wait for first clock sync.
 This option must not appear in combination with any of the following options:
@@ -801,9 +805,9 @@ the default name of the key file
 .Sh "EXIT STATUS"
 One of the following exit values will be returned:
 .Bl -tag
-.It 0
+.It 0 " (EXIT_SUCCESS)"
 Successful program execution.
-.It 1
+.It 1 " (EXIT_FAILURE)"
 The operation failed or the command syntax was not valid.
 .El
 .Sh "SEE ALSO"

==== ntpd/ntpd.man.in ====
2012-08-12 04:32:18+00:00, stenn at psp-fb1.ntp.org +43 -43
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.112/ntpd/ntpd.man.in	2012-08-11 07:33:23 -04:00
+++ 1.113/ntpd/ntpd.man.in	2012-08-12 00:32:18 -04:00
@@ -2,7 +2,7 @@
 .\"
 .\"  EDIT THIS FILE WITH CAUTION  (ntpd-opts.man)
 .\"  
-.\"  It has been AutoGen-ed  August 11, 2012 at 11:31:44 AM by AutoGen 5.14
+.\"  It has been AutoGen-ed  August 11, 2012 at 08:57:48 PM by AutoGen 5.16.2
 .\"  From the definitions    ntpd-opts.def
 .\"  and the template file   agman-cmd.tpl
 .\"
@@ -15,7 +15,7 @@ ntpd \- NTP daemon program
 .PP
 .SH DESCRIPTION
 The
-.B 
+.B XXX Program Name
 utility is an operating system daemon which sets
 and maintains the system time of day in synchronism with Internet
 standard time servers.
@@ -26,7 +26,7 @@ version 3, as defined by RFC-1305, and v
 and 2, as defined by RFC-1059 and RFC-1119, respectively.
 .PP
 The
-.B 
+.B XXX Program Name
 utility does most computations in 64-bit floating point
 arithmetic and does relatively clumsy 64-bit fixed point operations
 only when necessary to preserve the ultimate precision, about 232
@@ -36,7 +36,7 @@ ordinary workstations and networks of to
 with future gigahertz CPU clocks and gigabit LANs.
 .PP
 Ordinarily,
-.B 
+.B XXX Program Name
 reads the
 .Xr ntp.conf 5
 configuration file at startup time in order to determine the
@@ -50,9 +50,9 @@ broadcast/multicast client, with all pee
 listening to broadcasts at run time.
 .PP
 If NetInfo support is built into
-.B  ,
+.B XXX Program Name ,
 then
-.B 
+.B XXX Program Name
 will attempt to read its configuration from the
 NetInfo if the default
 .Xr ntp.conf 5
@@ -62,10 +62,10 @@ c
 option.
 .PP
 Various internal
-.B 
+.B XXX Program Name
 variables can be displayed and
 configuration options altered while the
-.B 
+.B XXX Program Name
 is running
 using the
 .Xr ntpq 8
@@ -74,11 +74,11 @@ and
 utility programs.
 .PP
 When
-.B 
+.B XXX Program Name
 starts it looks at the value of
 .Xr umask 2 ,
 and if zero
-.B 
+.B XXX Program Name
 will set the
 .Xr umask 2
 to 022.
@@ -197,7 +197,7 @@ Open the network address given, or all t
 given interface name.  This option may appear multiple times.  This option
 also implies not opening other addresses, except wildcard and localhost.
 This option is deprecated. Please consider using the configuration file
-interface command, which is more versatile. 
+interface command, which is more versatile.
 .TP
 .BR \-k " \fIstring\fP, " \-\-keyfile "=" \fIstring\fP
 path to symmetric keys.
@@ -413,9 +413,9 @@ by loading values from environment varia
 .fi
 .ad
 .SH USAGE
-.Ss "How NTP Operates"
+.SS "How NTP Operates"
 The
-.B 
+.B XXX Program Name
 utility operates by exchanging messages with
 one or more configured servers over a range of designated poll intervals.
 When
@@ -447,17 +447,17 @@ After the machine has
 synchronized to a NTP server, the operating system corrects the
 chip from time to time.
 In the default case, if
-.B 
+.B XXX Program Name
 detects that the time on the host
 is more than 1000s from the server time,
-.B 
+.B XXX Program Name
 assumes something must be terribly wrong and the only
 reliable action is for the operator to intervene and set the clock
 by hand.
 (Reasons for this include there is no TOY chip,
 or its battery is dead, or that the TOY chip is just of poor quality.)
 This causes
-.B 
+.B XXX Program Name
 to exit with a panic message to
 the system log.
 The
@@ -469,11 +469,11 @@ this is a limitation of the NTPv4 protoc
 However, and to protect against broken hardware, such as when the
 CMOS battery fails or the clock counter becomes defective, once the
 clock has been set an error greater than 1000s will cause
-.B 
+.B XXX Program Name
 to exit anyway.
 .PP
 Under ordinary conditions,
-.B 
+.B XXX Program Name
 adjusts the clock in
 small steps so that the timescale is effectively continuous and
 without discontinuities.
@@ -482,7 +482,7 @@ congestion, the roundtrip delay jitter c
 the synchronization distance, which is equal to one-half the
 roundtrip delay plus error budget terms, can become very large.
 The
-.B 
+.B XXX Program Name
 algorithms discard sample offsets exceeding 128 ms,
 unless the interval during which no sample offset is less than 128
 ms exceeds 900s.
@@ -496,7 +496,7 @@ As the result of this behavior, once the
 very rarely strays more than 128 ms even under extreme cases of
 network path congestion and jitter.
 Sometimes, in particular when
-.B 
+.B XXX Program Name
 is first started without a valid drift file
 on a system with a large intrinsic drift
 the error might grow to exceed 128 ms,
@@ -533,7 +533,7 @@ correction is required.
 If following such a correction the
 frequency error is so large that the first sample is outside the
 acceptable range,
-.B 
+.B XXX Program Name
 enters the same state as when the
 .Pa ntp.drift
 file is not present.
@@ -563,7 +563,7 @@ but this was never more than a mediocre 
 There is a way to start
 .Xr ntpd 8
 that often addresses all of the problems mentioned above.
-.Ss "Starting NTP (Best Current Practice)"
+.SS "Starting NTP (Best Current Practice)"
 First, use the
 .Cm iburst
 option on your
@@ -607,9 +607,9 @@ and after
 exits successfully
 it is as safe as it will ever be to start any process that require
 stable time.
-.Ss "Frequency Discipline"
+.SS "Frequency Discipline"
 The
-.B 
+.B XXX Program Name
 behavior at startup depends on whether the
 frequency file, usually
 .Pa ntp.drift ,
@@ -617,30 +617,30 @@ exists.
 This file
 contains the latest estimate of clock frequency error.
 When the
-.B 
+.B XXX Program Name
 is started and the file does not exist, the
-.B 
+.B XXX Program Name
 enters a special mode designed to quickly adapt to
 the particular system clock oscillator time and frequency error.
 This takes approximately 15 minutes, after which the time and
 frequency are set to nominal values and the
-.B 
+.B XXX Program Name
 enters
 normal mode, where the time and frequency are continuously tracked
 relative to the server.
 After one hour the frequency file is
 created and the current frequency offset written to it.
 When the
-.B 
+.B XXX Program Name
 is started and the file does exist, the
-.B 
+.B XXX Program Name
 frequency is initialized from the file and enters normal mode
 immediately.
 After that the current frequency offset is written to
 the file at hourly intervals.
-.Ss "Operating Modes"
+.SS "Operating Modes"
 The
-.B 
+.B XXX Program Name
 utility can operate in any of several modes, including
 symmetric active/passive, client/server broadcast/multicast and
 manycast, as described in the
@@ -664,7 +664,7 @@ fleet of workstations without specifying
 specific to the local environment.
 .PP
 By default,
-.B 
+.B XXX Program Name
 runs in continuous mode where each of
 possibly several external servers is polled at intervals determined
 by an intricate state machine.
@@ -681,7 +681,7 @@ unreachable for some time, the poll inte
 to 1024s in order to reduce network overhead.
 .PP
 In some cases it may not be practical for
-.B 
+.B XXX Program Name
 to run
 continuously.
 A common workaround has been to run the
@@ -692,12 +692,12 @@ job at designated
 times.
 However, this program does not have the crafted signal
 processing, error checking and mitigation algorithms of
-.B  .
+.B XXX Program Name .
 The
 q
 option is intended for this purpose.
 Setting this option will cause
-.B 
+.B XXX Program Name
 to exit just after
 setting the clock for the first time.
 The procedure for initially
@@ -724,20 +724,20 @@ frequency, which is the case for stock S
 a useful feature is available to discipline the clock
 frequency.
 First,
-.B 
+.B XXX Program Name
 is run in continuous mode with
 selected servers in order to measure and record the intrinsic clock
 frequency offset in the frequency file.
 It may take some hours for
 the frequency and offset to settle down.
 Then the
-.B 
+.B XXX Program Name
 is
 stopped and run in one-time mode as required.
 At each startup, the
 frequency is read from the file and initializes the kernel
 frequency.
-.Ss "Poll Interval Control"
+.SS "Poll Interval Control"
 This version of NTP includes an intricate state machine to
 reduce the network load while maintaining a quality of
 synchronization consistent with the observed jitter and wander.
@@ -784,7 +784,7 @@ this limit.
 Once this is done, the drift file is automatically
 updated once per hour and is available to initialize the frequency
 on subsequent daemon restarts.
-.Ss "The huff-n'-puff Filter"
+.SS "The huff-n'-puff Filter"
 In scenarios where a considerable amount of data are to be
 downloaded or uploaded over telephone modems, timekeeping quality
 can be seriously degraded.
@@ -833,10 +833,10 @@ the default name of the key file
 .SH "EXIT STATUS"
 One of the following exit values will be returned:
 .TP
-.BR 0
+.BR 0 " (EXIT_SUCCESS)"
 Successful program execution.
 .TP
-.BR 1
+.BR 1 " (EXIT_FAILURE)"
 The operation failed or the command syntax was not valid.
 .SH "SEE ALSO"
 .Xr ntp.conf 5 ,
@@ -899,11 +899,11 @@ Copyright (C) 1970-2012 The University o
 This program is released under the terms of the NTP license, <http://ntp.org/license>.
 .SH BUGS
 The
-.B 
+.B XXX Program Name
 utility has gotten rather fat.
 While not huge, it has gotten
 larger than might be desirable for an elevated-priority
-.B 
+.B XXX Program Name
 running on a workstation, particularly since many of
 the fancy features which consume the space were designed more with
 a busy primary server, rather than a high stratum workstation in

==== ntpd/ntpd.mdoc.in ====
2012-08-12 04:32:18+00:00, stenn at psp-fb1.ntp.org +13 -9
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.112/ntpd/ntpd.mdoc.in	2012-08-11 07:33:23 -04:00
+++ 1.113/ntpd/ntpd.mdoc.in	2012-08-12 00:32:18 -04:00
@@ -1,9 +1,9 @@
 .Dd August 11 2012
 .Dt NTPD @NTPD_MS@ User Commands
-.Os SunOS 5.10
+.Os FreeBSD 6.4-STABLE
 .\"  EDIT THIS FILE WITH CAUTION  (ntpd-opts.mdoc)
 .\"  
-.\"  It has been AutoGen-ed  August 11, 2012 at 11:31:48 AM by AutoGen 5.14
+.\"  It has been AutoGen-ed  August 11, 2012 at 08:57:39 PM by AutoGen 5.16.2
 .\"  From the definitions    ntpd-opts.def
 .\"  and the template file   agmdoc-cmd.tpl
 .Sh NAME
@@ -121,6 +121,7 @@ This is almost never a good idea.
 .It  \-b ", " -\-bcastsync
 Allow us to sync to broadcast servers.
 .sp
+.sp
 .It  \-c " \fIstring\fP, " \-\-configfile "=" \fIstring\fP
 configuration file name.
 .sp
@@ -178,9 +179,9 @@ option.
 This option is only available if the OS supports adjusting the clock
 without full root privileges.
 This option is supported under NetBSD (configure with
---enable-clockctl
+-\-enable\-clockctl
 ) and Linux (configure with
---enable-linuxcaps
+-\-enable\-linuxcaps
 ).
 .It  \-I " \fIiface\fP, " \-\-interface "=" \fIiface\fP
 Listen on an interface name or address.
@@ -190,7 +191,7 @@ Open the network address given, or all t
 given interface name.  This option may appear multiple times.  This option
 also implies not opening other addresses, except wildcard and localhost.
 This option is deprecated. Please consider using the configuration file
-interface command, which is more versatile. 
+interface command, which is more versatile.
 .It  \-k " \fIstring\fP, " \-\-keyfile "=" \fIstring\fP
 path to symmetric keys.
 .sp
@@ -226,6 +227,7 @@ Do not fork.
 This option must not appear in combination with any of the following options:
 wait-sync.
 .sp
+.sp
 .It  \-N ", " -\-nice
 Run at high priority.
 .sp
@@ -297,9 +299,9 @@ Specify a user, and optionally a group, 
 This option is only available if the OS supports adjusting the clock
 without full root privileges.
 This option is supported under NetBSD (configure with
---enable-clockctl
+-\-enable\-clockctl
 ) and Linux (configure with
---enable-linuxcaps
+-\-enable\-linuxcaps
 ).
 .It  \-U " \fInumber\fP, " \-\-updateinterval "=" \fInumber\fP
 interval in seconds between scans for new or dropped interfaces.
@@ -313,10 +315,12 @@ Use 0 to disable scanning. 60 seconds is
 make ARG an ntp variable (RW).
 This option may appear an unlimited number of times.
 .sp
+.sp
 .It  \-\-dvar "=\fIndvar\fP"
 make ARG an ntp variable (RW|DEF).
 This option may appear an unlimited number of times.
 .sp
+.sp
 .It  \-w " \fInumber\fP, " \-\-wait\-sync "=" \fInumber\fP
 Seconds to wait for first clock sync.
 This option must not appear in combination with any of the following options:
@@ -801,9 +805,9 @@ the default name of the key file
 .Sh "EXIT STATUS"
 One of the following exit values will be returned:
 .Bl -tag
-.It 0
+.It 0 " (EXIT_SUCCESS)"
 Successful program execution.
-.It 1
+.It 1 " (EXIT_FAILURE)"
 The operation failed or the command syntax was not valid.
 .El
 .Sh "SEE ALSO"

==== ntpd/ntpdsim-opts.c ====
2012-08-12 04:32:18+00:00, stenn at psp-fb1.ntp.org +112 -53
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.19/ntpd/ntpdsim-opts.c	2012-05-08 01:46:38 -04:00
+++ 1.20/ntpd/ntpdsim-opts.c	2012-08-12 00:32:18 -04:00
@@ -1,11 +1,11 @@
 /*  
  *  EDIT THIS FILE WITH CAUTION  (ntpdsim-opts.c)
  *  
- *  It has been AutoGen-ed  May  1, 2012 at 09:18:07 AM by AutoGen 5.16pre31
+ *  It has been AutoGen-ed  August 11, 2012 at 08:39:22 PM by AutoGen 5.16.2
  *  From the definitions    ntpdsim-opts.def
  *  and the template file   options
  *
- * Generated from AutoOpts 36:4:11 templates.
+ * Generated from AutoOpts 36:5:11 templates.
  *
  *  AutoOpts is a copyrighted work.  This source file is not encumbered
  *  by AutoOpts licensing, but is provided under the licensing terms chosen
@@ -36,6 +36,7 @@
  *  is provided "as is" without express or implied warranty.
  */
 
+#ifndef __doxygen__
 #define OPTION_CODE_COMPILE 1
 #include "ntpdsim-opts.h"
 #include <sys/types.h>
@@ -70,8 +71,8 @@ extern FILE * option_usage_fp;
 /*
  *  ntpdsim option static const strings
  */
-static char const ntpdsim_opt_strs[3123] =
-/*     0 */ "ntpdsim 4.2.7p272\n"
+static char const ntpdsim_opt_strs[3168] =
+/*     0 */ "ntpdsim 4.2.7p295\n"
             "Copyright (C) 1970-2012 The University of Delaware, all rights reserved.\n"
             "This is free software. It is licensed for use, modification and\n"
             "redistribution under the terms of the NTP License, copies of which\n"
@@ -188,27 +189,30 @@ static char const ntpdsim_opt_strs[3123]
 /*  2616 */ "Force CPU cycle counter use (Windows only)\0"
 /*  2659 */ "PCCFREQ\0"
 /*  2667 */ "pccfreq\0"
-/*  2675 */ "Display extended usage information and exit\0"
-/*  2719 */ "help\0"
-/*  2724 */ "Extended usage information passed thru pager\0"
-/*  2769 */ "more-help\0"
-/*  2779 */ "Output version information and exit\0"
-/*  2815 */ "version\0"
-/*  2823 */ "Save the option state to a config file\0"
-/*  2862 */ "save-opts\0"
-/*  2872 */ "Load options from a config file\0"
-/*  2904 */ "LOAD_OPTS\0"
-/*  2914 */ "no-load-opts\0"
-/*  2927 */ "no\0"
-/*  2930 */ "NTPDSIM\0"
-/*  2938 */ "ntpdsim - NTP daemon simulation program - Ver. 4.2.7p272\n"
+/*  2675 */ "Register with mDNS as a NTP server\0"
+/*  2710 */ "MDNS\0"
+/*  2715 */ "mdns\0"
+/*  2720 */ "Display extended usage information and exit\0"
+/*  2764 */ "help\0"
+/*  2769 */ "Extended usage information passed thru pager\0"
+/*  2814 */ "more-help\0"
+/*  2824 */ "Output version information and exit\0"
+/*  2860 */ "version\0"
+/*  2868 */ "Save the option state to a config file\0"
+/*  2907 */ "save-opts\0"
+/*  2917 */ "Load options from a config file\0"
+/*  2949 */ "LOAD_OPTS\0"
+/*  2959 */ "no-load-opts\0"
+/*  2972 */ "no\0"
+/*  2975 */ "NTPDSIM\0"
+/*  2983 */ "ntpdsim - NTP daemon simulation program - Ver. 4.2.7p295\n"
             "USAGE:  %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]...\n\0"
-/*  3053 */ "$HOME\0"
-/*  3059 */ ".\0"
-/*  3061 */ ".ntprc\0"
-/*  3068 */ "http://bugs.ntp.org, bugs at ntp.org\0"
-/*  3102 */ "\n\n\0"
-/*  3105 */ "ntpdsim 4.2.7p272";
+/*  3098 */ "$HOME\0"
+/*  3104 */ ".\0"
+/*  3106 */ ".ntprc\0"
+/*  3113 */ "http://bugs.ntp.org, bugs at ntp.org\0"
+/*  3147 */ "\n\n\0"
+/*  3150 */ "ntpdsim 4.2.7p295";
 
 /*
  *  ipv4 option description with
@@ -596,13 +600,29 @@ static int const aWait_SyncCantList[] = 
 #endif  /* SYS_WINNT */
 
 /*
+ *  mdns option description:
+ */
+#ifdef HAVE_DNSREGISTRATION
+#define MDNS_DESC      (ntpdsim_opt_strs+2675)
+#define MDNS_NAME      (ntpdsim_opt_strs+2710)
+#define MDNS_name      (ntpdsim_opt_strs+2715)
+#define MDNS_FLAGS     (OPTST_DISABLED)
+
+#else   /* disable mdns */
+#define MDNS_FLAGS     (OPTST_OMITTED | OPTST_NO_INIT)
+#define MDNS_NAME      NULL
+#define MDNS_DESC      NULL
+#define MDNS_name      NULL
+#endif  /* HAVE_DNSREGISTRATION */
+
+/*
  *  Help/More_Help/Version option descriptions:
  */
-#define HELP_DESC       (ntpdsim_opt_strs+2675)
-#define HELP_name       (ntpdsim_opt_strs+2719)
+#define HELP_DESC       (ntpdsim_opt_strs+2720)
+#define HELP_name       (ntpdsim_opt_strs+2764)
 #ifdef HAVE_WORKING_FORK
-#define MORE_HELP_DESC  (ntpdsim_opt_strs+2724)
-#define MORE_HELP_name  (ntpdsim_opt_strs+2769)
+#define MORE_HELP_DESC  (ntpdsim_opt_strs+2769)
+#define MORE_HELP_name  (ntpdsim_opt_strs+2814)
 #define MORE_HELP_FLAGS (OPTST_IMM | OPTST_NO_INIT)
 #else
 #define MORE_HELP_DESC  NULL
@@ -615,14 +635,14 @@ static int const aWait_SyncCantList[] = 
 #  define VER_FLAGS     (OPTST_SET_ARGTYPE(OPARG_TYPE_STRING) | \
                          OPTST_ARG_OPTIONAL | OPTST_IMM | OPTST_NO_INIT)
 #endif
-#define VER_DESC        (ntpdsim_opt_strs+2779)
-#define VER_name        (ntpdsim_opt_strs+2815)
-#define SAVE_OPTS_DESC  (ntpdsim_opt_strs+2823)
-#define SAVE_OPTS_name  (ntpdsim_opt_strs+2862)
-#define LOAD_OPTS_DESC     (ntpdsim_opt_strs+2872)
-#define LOAD_OPTS_NAME     (ntpdsim_opt_strs+2904)
-#define NO_LOAD_OPTS_name  (ntpdsim_opt_strs+2914)
-#define LOAD_OPTS_pfx      (ntpdsim_opt_strs+2927)
+#define VER_DESC        (ntpdsim_opt_strs+2824)
+#define VER_name        (ntpdsim_opt_strs+2860)
+#define SAVE_OPTS_DESC  (ntpdsim_opt_strs+2868)
+#define SAVE_OPTS_name  (ntpdsim_opt_strs+2907)
+#define LOAD_OPTS_DESC     (ntpdsim_opt_strs+2917)
+#define LOAD_OPTS_NAME     (ntpdsim_opt_strs+2949)
+#define NO_LOAD_OPTS_name  (ntpdsim_opt_strs+2959)
+#define LOAD_OPTS_pfx      (ntpdsim_opt_strs+2972)
 #define LOAD_OPTS_name     (NO_LOAD_OPTS_name + 3)
 /*
  *  Declare option callback procedures
@@ -666,9 +686,11 @@ static tOptProc
 #endif /* defined(TEST_NTPDSIM_OPTS) */
 #define VER_PROC        ntpOptionPrintVersion
 
-/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
- *
+/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
+/**
  *  Define the ntpdsim Option Descriptions.
+ * This is an array of OPTION_CT entries, one for each
+ * option that the ntpdsim program responds to.
  */
 static tOptDesc optDesc[OPTION_CT] = {
   {  /* entry idx, value */ 0, VALUE_OPT_IPV4,
@@ -1067,6 +1089,18 @@ static tOptDesc optDesc[OPTION_CT] = {
      /* desc, NAME, name */ PCCFREQ_DESC, PCCFREQ_NAME, PCCFREQ_name,
      /* disablement strs */ NULL, NULL },
 
+  {  /* entry idx, value */ 33, VALUE_OPT_MDNS,
+     /* equiv idx, value */ 33, VALUE_OPT_MDNS,
+     /* equivalenced to  */ NO_EQUIVALENT,
+     /* min, max, act ct */ 0, 1, 0,
+     /* opt state flags  */ MDNS_FLAGS, 0,
+     /* last opt argumnt */ { NULL }, /* --mdns */
+     /* arg list/cookie  */ NULL,
+     /* must/cannot opts */ NULL, NULL,
+     /* option proc      */ NULL,
+     /* desc, NAME, name */ MDNS_DESC, MDNS_NAME, MDNS_name,
+     /* disablement strs */ NULL, NULL },
+
   {  /* entry idx, value */ INDEX_OPT_VERSION, VALUE_OPT_VERSION,
      /* equiv idx value  */ NO_EQUIVALENT, VALUE_OPT_VERSION,
      /* equivalenced to  */ NO_EQUIVALENT,
@@ -1137,18 +1171,18 @@ static tOptDesc optDesc[OPTION_CT] = {
  *
  *  Define the ntpdsim Option Environment
  */
-#define zPROGNAME       (ntpdsim_opt_strs+2930)
-#define zUsageTitle     (ntpdsim_opt_strs+2938)
-#define zRcName         (ntpdsim_opt_strs+3061)
+#define zPROGNAME       (ntpdsim_opt_strs+2975)
+#define zUsageTitle     (ntpdsim_opt_strs+2983)
+#define zRcName         (ntpdsim_opt_strs+3106)
 static char const * const apzHomeList[3] = {
-    ntpdsim_opt_strs+3053,
-    ntpdsim_opt_strs+3059,
+    ntpdsim_opt_strs+3098,
+    ntpdsim_opt_strs+3104,
     NULL };
-#define zBugsAddr       (ntpdsim_opt_strs+3068)
+#define zBugsAddr       (ntpdsim_opt_strs+3113)
 #define zExplain        (NULL)
-#define zDetail         (ntpdsim_opt_strs+3102)
-#define zFullVersion    (ntpdsim_opt_strs+3105)
-/* extracted from optcode.tlib near line 349 */
+#define zDetail         (ntpdsim_opt_strs+3147)
+#define zFullVersion    (ntpdsim_opt_strs+3150)
+/* extracted from optcode.tlib near line 350 */
 
 #if defined(ENABLE_NLS)
 # define OPTPROC_BASE OPTPROC_TRANSLATE
@@ -1163,6 +1197,8 @@ static char const * const apzHomeList[3]
 
 #define ntpdsim_short_usage (NULL)
 
+#endif /* not defined __doxygen__ */
+
 /*
  *  Create the static procedure(s) declared above.
  */
@@ -1201,7 +1237,7 @@ DESC(DEBUG_LEVEL).optOccCt = atoi( pOptD
 }
 #endif /* defined DEBUG */
 #endif /* defined(TEST_NTPDSIM_OPTS) */
-/* extracted from optmain.tlib near line 35 */
+/* extracted from optmain.tlib near line 48 */
 
 #if defined(TEST_NTPDSIM_OPTS) /* TEST MAIN PROCEDURE: */
 
@@ -1227,12 +1263,19 @@ main(int argc, char ** argv)
     return res;
 }
 #endif  /* defined TEST_NTPDSIM_OPTS */
-/* extracted from optmain.tlib near line 1113 */
+/* extracted from optmain.tlib near line 1146 */
 
+/**
+ * The directory containing the data associated with ntpdsim.
+ */
 #ifndef  PKGDATADIR
 # define PKGDATADIR ""
 #endif
 
+/**
+ * Information about the person or institution that packaged ntpdsim
+ * for the current distribution.
+ */
 #ifndef  WITH_PACKAGER
 # define ntpdsim_packager_info NULL
 #else
@@ -1248,7 +1291,13 @@ static char const ntpdsim_packager_info[
 # endif
     "\n";
 #endif
+#ifndef __doxygen__
 
+#endif /* __doxygen__ */
+/**
+ * The option definitions for ntpdsim.  The one structure that
+ * binds them all.
+ */
 tOptions ntpdsimOptions = {
     OPTIONS_STRUCT_VERSION,
     0, NULL,                    /* original argc + argv    */
@@ -1277,7 +1326,7 @@ tOptions ntpdsimOptions = {
       NO_EQUIVALENT, /* '-#' option index */
       NO_EQUIVALENT /* index of default opt */
     },
-    38 /* full option count */, 33 /* user option count */,
+    39 /* full option count */, 34 /* user option count */,
     ntpdsim_full_usage, ntpdsim_short_usage,
     NULL, NULL,
     PKGDATADIR, ntpdsim_packager_info
@@ -1293,7 +1342,16 @@ tOptions ntpdsimOptions = {
 static char* AO_gettext(char const* pz);
 static void  coerce_it(void** s);
 
-static char*
+/**
+ * AutoGen specific wrapper function for gettext.
+ * It relies on the macro _() to convert from English to the target
+ * language, then strdup-duplicates the result string.
+ *
+ * @param[in] pz the input text used as a lookup key.
+ * @returns the translated text (if there is one),
+ *   or the original text (if not).
+ */
+static char *
 AO_gettext(char const* pz)
 {
     char* pzRes;
@@ -1313,8 +1371,9 @@ AO_gettext(char const* pz)
 static void coerce_it(void** s) { *s = AO_gettext(*s);
 }
 
-/*
- *  This invokes the translation code (e.g. gettext(3)).
+/**
+ * Translate all the translatable strings in the ntpdsimOptions
+ * structure defined above.  This is done only once.
  */
 static void
 translate_option_strings(void)

==== ntpd/ntpdsim-opts.h ====
2012-08-12 04:32:18+00:00, stenn at psp-fb1.ntp.org +24 -11
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.19/ntpd/ntpdsim-opts.h	2012-05-08 01:46:38 -04:00
+++ 1.20/ntpd/ntpdsim-opts.h	2012-08-12 00:32:18 -04:00
@@ -1,11 +1,11 @@
 /*  
  *  EDIT THIS FILE WITH CAUTION  (ntpdsim-opts.h)
  *  
- *  It has been AutoGen-ed  May  1, 2012 at 09:18:07 AM by AutoGen 5.16pre31
+ *  It has been AutoGen-ed  August 11, 2012 at 08:39:22 PM by AutoGen 5.16.2
  *  From the definitions    ntpdsim-opts.def
  *  and the template file   options
  *
- * Generated from AutoOpts 36:4:11 templates.
+ * Generated from AutoOpts 36:5:11 templates.
  *
  *  AutoOpts is a copyrighted work.  This header file is not encumbered
  *  by AutoOpts licensing, but is provided under the licensing terms chosen
@@ -53,7 +53,7 @@
  *  tolerable version is at least as old as what was current when the header
  *  template was released.
  */
-#define AO_TEMPLATE_VERSION 147460
+#define AO_TEMPLATE_VERSION 147461
 #if (AO_TEMPLATE_VERSION < OPTIONS_MINIMUM_VERSION) \
  || (AO_TEMPLATE_VERSION > OPTIONS_STRUCT_VERSION)
 # error option template version mismatches autoopts/options.h header
@@ -97,16 +97,17 @@ typedef enum {
     INDEX_OPT_SLEW              = 30,
     INDEX_OPT_USEPCC            = 31,
     INDEX_OPT_PCCFREQ           = 32,
-    INDEX_OPT_VERSION           = 33,
-    INDEX_OPT_HELP              = 34,
-    INDEX_OPT_MORE_HELP         = 35,
-    INDEX_OPT_SAVE_OPTS         = 36,
-    INDEX_OPT_LOAD_OPTS         = 37
+    INDEX_OPT_MDNS              = 33,
+    INDEX_OPT_VERSION           = 34,
+    INDEX_OPT_HELP              = 35,
+    INDEX_OPT_MORE_HELP         = 36,
+    INDEX_OPT_SAVE_OPTS         = 37,
+    INDEX_OPT_LOAD_OPTS         = 38
 } teOptIndex;
 
-#define OPTION_CT    38
-#define NTPDSIM_VERSION       "4.2.7p272"
-#define NTPDSIM_FULL_VERSION  "ntpdsim 4.2.7p272"
+#define OPTION_CT    39
+#define NTPDSIM_VERSION       "4.2.7p295"
+#define NTPDSIM_FULL_VERSION  "ntpdsim 4.2.7p295"
 
 /*
  *  Interface defines for all options.  Replace "n" with the UPPER_CASED
@@ -275,6 +276,10 @@ typedef enum {
 #  warning undefining PCCFREQ due to option name conflict
 #  undef   PCCFREQ
 # endif
+# ifdef    MDNS
+#  warning undefining MDNS due to option name conflict
+#  undef   MDNS
+# endif
 #else  /* NO_OPTION_NAME_WARNINGS */
 # undef IPV4
 # undef IPV6
@@ -309,6 +314,7 @@ typedef enum {
 # undef SLEW
 # undef USEPCC
 # undef PCCFREQ
+# undef MDNS
 #endif  /*  NO_OPTION_NAME_WARNINGS */
 
 /* * * * * *
@@ -355,6 +361,7 @@ typedef enum {
 #define VALUE_OPT_SLEW           'x'
 #define VALUE_OPT_USEPCC         31
 #define VALUE_OPT_PCCFREQ        32
+#define VALUE_OPT_MDNS           'm'
 #define VALUE_OPT_HELP          '?'
 #define VALUE_OPT_MORE_HELP     '!'
 #define VALUE_OPT_VERSION       INDEX_OPT_VERSION
@@ -390,6 +397,12 @@ extern tOptions ntpdsimOptions;
 #if defined(ENABLE_NLS)
 # ifndef _
 #   include <stdio.h>
+#   ifndef HAVE_GETTEXT
+      extern char * gettext(char const *);
+#   else
+#     include <libintl.h>
+#   endif
+
 static inline char* aoGetsText(char const* pz) {
     if (pz == NULL) return NULL;
     return (char*)gettext(pz);

==== ntpdc/invoke-ntpdc.texi ====
2012-08-12 04:32:18+00:00, stenn at psp-fb1.ntp.org +421 -72
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.280/ntpdc/invoke-ntpdc.texi	2012-08-11 16:05:27 -04:00
+++ 1.281/ntpdc/invoke-ntpdc.texi	2012-08-12 00:32:18 -04:00
@@ -6,13 +6,30 @@
 # 
 # EDIT THIS FILE WITH CAUTION  (invoke-ntpdc.texi)
 # 
-# It has been AutoGen-ed  August 11, 2012 at 11:32:06 AM by AutoGen 5.14
+# It has been AutoGen-ed  August 11, 2012 at 08:58:03 PM by AutoGen 5.16.2
 # From the definitions    ntpdc-opts.def
 # and the template file   agtexi-cmd.tpl
 @end ignore
 
 
 
+ at code{ntpdc}
+is a utility program used to query
+ at code{ntpd(8)}
+about its
+current state and to request changes in that state.
+It uses NTP mode 7 control message formats described in the source code.
+The program may
+be run either in interactive mode or controlled using command line
+arguments.
+Extensive state and statistics information is available
+through the
+ at code{ntpdc}
+interface.
+In addition, nearly all the
+configuration options which can be specified at startup using
+ntpd's configuration file may also be specified at run time using
+ at code{ntpdc}.
 
 This section was generated by @strong{AutoGen},
 using the @code{agtexi-cmd} template and the option descriptions for the @code{ntpdc} program.
@@ -30,7 +47,6 @@ This software is released under the NTP 
 * ntpdc showpeers::              showpeers option (-s)
 * ntpdc config::                 presetting/configuring ntpdc
 * ntpdc exit status::            exit status
-* ntpdc Description::            Description
 * ntpdc Usage::                  Usage
 * ntpdc See Also::               See Also
 * ntpdc Authors::                Authors
@@ -51,56 +67,7 @@ with a status code of 0.
 
 @exampleindent 0
 @example
-ntpdc - vendor-specific NTPD control program - Ver. 4.2.7p295
-USAGE:  ntpdc [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... [ host ...]
-  Flg Arg Option-Name    Description
-   -4 no  ipv4           Force IPv4 DNS name resolution
-                                - prohibits these options:
-                                ipv6
-   -6 no  ipv6           Force IPv6 DNS name resolution
-                                - prohibits these options:
-                                ipv4
-   -c Str command        run a command and exit
-                                - may appear multiple times
-   -d no  debug-level    Increase debug verbosity level
-                                - may appear multiple times
-   -D Str set-debug-level Set the debug verbosity level
-                                - may appear multiple times
-   -i no  interactive    Force ntpq to operate in interactive mode
-                                - prohibits these options:
-                                command
-                                listpeers
-                                peers
-                                showpeers
-   -l no  listpeers      Print a list of the peers
-                                - prohibits these options:
-                                command
-   -n no  numeric        numeric host addresses
-   -p no  peers          Print a list of the peers
-                                - prohibits these options:
-                                command
-   -s no  showpeers      Show a list of the peers
-                                - prohibits these options:
-                                command
-      opt version        Output version information and exit
-   -? no  help           Display extended usage information and exit
-   -! no  more-help      Extended usage information passed thru pager
-   -> opt save-opts      Save the option state to a config file
-   -< Str load-opts      Load options from a config file
-                                - disabled as --no-load-opts
-                                - may appear multiple times
-
-Options are specified by doubled hyphens and their name or by a single
-hyphen and the flag character.
-
-
-
-The following option preset mechanisms are supported:
- - reading file $HOME/.ntprc
- - reading file ./.ntprc
- - examining environment variables named NTPDC_*
-
-please send bug reports to:  http://bugs.ntp.org, bugs@@ntp.org
+ntpdc is unavailable - no -?
 @end example
 @exampleindent 4
 
@@ -321,38 +288,28 @@ A specified configuration file could not
 libopts had an internal operational error.  Please report
 it to autogen-users@@lists.sourceforge.net.  Thank you.
 @end table
- at node ntpdc Description
- at subsection ntpdc Description
-is a utility program used to query
-about its
-current state and to request changes in that state.
-It uses NTP mode 7 control message formats described in the source code.
-The program may
-be run either in interactive mode or controlled using command line
-arguments.
-Extensive state and statistics information is available
-through the
-interface.
-In addition, nearly all the
-configuration options which can be specified at startup using
-ntpd's configuration file may also be specified at run time using
 @node ntpdc Usage
 @subsection ntpdc Usage
 If one or more request options are included on the command line
 when
+ at code{ntpdc}
 is executed, each of the requests will be sent
 to the NTP servers running on each of the hosts given as command
 line arguments, or on localhost by default.
 If no request options
 are given,
+ at code{ntpdc}
 will attempt to read commands from the
 standard input and execute these on the NTP server running on the
 first host given on the command line, again defaulting to localhost
 when no other host is specified.
 The
+ at code{ntpdc}
 utility will prompt for
 commands if the standard input is a terminal device.
+
 The
+ at code{ntpdc}
 utility uses NTP mode 7 packets to communicate with the
 NTP server, and hence can be used to query any compatible server on
 the network which permits it.
@@ -360,32 +317,42 @@ Note that since NTP is a UDP protocol
 this communication will be somewhat unreliable, especially over
 large distances in terms of network topology.
 The
+ at code{ntpdc}
 utility makes
 no attempt to retransmit requests, and will time requests out if
 the remote host is not heard from within a suitable timeout
 time.
+
 The operation of
+ at code{ntpdc}
 are specific to the particular
 implementation of the
+ at code{ntpd(8)}
 daemon and can be expected to
 work only with this and maybe some previous versions of the daemon.
 Requests from a remote
+ at code{ntpdc}
 utility which affect the
 state of the local server must be authenticated, which requires
 both the remote program and local server share a common key and key
 identifier.
+
 Note that in contexts where a host name is expected, a
-qualifier preceding the host name forces DNS resolution to the IPv4 namespace,
+ at code{-4} qualifier preceding the host name forces DNS resolution to the IPv4 namespace,
 while a
-qualifier forces DNS resolution to the IPv6 namespace.
+ at code{-6} qualifier forces DNS resolution to the IPv6 namespace.
 Specifying a command line option other than
-or
-will cause the specified query (queries) to be sent to
+ at code{-i} or
+ at code{-n} will cause the specified query (queries) to be sent to
 the indicated host(s) immediately.
 Otherwise,
+ at code{ntpdc}
 will
 attempt to read interactive format commands from the standard
 input.
+.Ss
+"Interactive
+Commands"
 Interactive format commands consist of a keyword followed by zero
 to four arguments.
 Only enough characters of the full keyword to
@@ -393,9 +360,14 @@ uniquely identify the command need be ty
 The output of a
 command is normally sent to the standard output, but optionally the
 output of individual commands may be sent to a file by appending a
+.Ql
+\&>
+,
 followed by a file name, to the command line.
+
 A number of interactive format commands are executed entirely
 within the
+ at code{ntpdc}
 utility itself and do not result in NTP
 mode 7 requests being sent to a server.
 These are described
@@ -404,13 +376,21 @@ following.
 @item Ic
 @item Ic
 A
+.Sq
+Ic
+\&?
 will print a list of all the command
 keywords known to this incarnation of
+ at code{ntpdc}.
 A
+.Sq
+Ic
+\&?
 followed by a command keyword will print function and usage
 information about the command.
 This command is probably a better
 source of information about
+ at code{ntpq(8)}
 than this manual
 page.
 @item Ic
@@ -428,15 +408,22 @@ Hostname may
 be either a host name or a numeric address.
 @item Ic
 If
+.Cm
+yes
 is specified, host names are printed in
 information displays.
 If
+.Cm
+no
 is specified, numeric
 addresses are printed instead.
 The default is
+.Cm
+yes
+,
 unless
 modified using the command line
-switch.
+ at code{-n} switch.
 @item Ic
 This command allows the specification of a key number to be
 used to authenticate configuration requests.
@@ -445,6 +432,7 @@ to a key number the server has been conf
 purpose.
 @item Ic
 Exit
+ at code{ntpdc}.
 @item Ic
 This command prompts you to type in a password (which will not
 be echoed) which will be used to authenticate configuration
@@ -457,10 +445,15 @@ Specify a timeout period for responses t
 The
 default is about 8000 milliseconds.
 Note that since
+ at code{ntpdc}
 retries each query once after a timeout, the total waiting time for
 a timeout will be twice the timeout value set.
 
 @end multitable
+.Ss
+"Control
+Message
+Commands"
 Query commands result in NTP mode 7 packets containing requests for
 information being sent to the server.
 These are read-only commands
@@ -484,39 +477,72 @@ stratum of the remote peer (a stratum of
 peer is unsynchronized), the polling interval, in seconds, the
 reachability register, in octal, and the current estimated delay,
 offset and dispersion of the peer, all in seconds.
+
 The character in the left margin indicates the mode this peer
 entry is operating in.
 A
+.Ql
+\&+
 denotes symmetric active, a
+.Ql
+\&-
 indicates symmetric passive, a
+.Ql
+\&=
 means the
 remote server is being polled in client mode, a
+.Ql
+\&^
 indicates that the server is broadcasting to this address, a
+.Ql
+\&~
 denotes that the remote peer is sending broadcasts and a
+.Ql
+\&~
 denotes that the remote peer is sending broadcasts and a
+.Ql
+\&*
 marks the peer the server is currently synchronizing
 to.
+
 The contents of the host field may be one of four forms.
 It may
 be a host name, an IP address, a reference clock implementation
 name with its parameter or
+.Fn
+REFCLK
+"implementation_number"
+"parameter"
+.
 On
+.Ic
+hostnames
+.Cm
+no
 only IP-addresses
 will be displayed.
 @item Ic
 A slightly different peer summary list.
 Identical to the output
 of the
+.Ic
+peers
 command, except for the character in the
 leftmost column.
 Characters only appear beside peers which were
 included in the final stage of the clock selection algorithm.
 A
+.Ql
+\&.
 indicates that this peer was cast off in the falseticker
 detection, while a
+.Ql
+\&+
 indicates that the peer made it
 through.
 A
+.Ql
+\&*
 denotes the peer the server is currently
 synchronizing with.
 @item Ic
@@ -542,23 +568,38 @@ The loop
 filter is the part of NTP which deals with adjusting the local
 system clock.
 The
+.Sq
+offset
 is the last offset given to the
 loop filter by the packet processing code.
 The
+.Sq
+frequency
 is the frequency error of the local clock in parts-per-million
 (ppm).
 The
+.Sq
+time_const
 controls the stiffness of the
 phase-lock loop and thus the speed at which it can adapt to
 oscillator drift.
 The
+.Sq
+watchdog
+timer
 value is the number
 of seconds which have elapsed since the last sample offset was
 given to the loop filter.
 The
+.Cm
+oneline
 and
+.Cm
+multiline
 options specify the format in which this
 information is to be printed, with
+.Cm
+multiline
 as the
 default.
 @item Ic
@@ -566,29 +607,66 @@ Print a variety of system state variable
 to the local server.
 All except the last four lines are described
 in the NTP Version 3 specification, RFC-1305.
+
 The
+.Sq
+system
+flags
 show various system flags, some of
 which can be set and cleared by the
+.Ic
+enable
 and
+.Ic
+disable
 configuration commands, respectively.
 These are
 the
+.Cm
+auth
+,
+.Cm
+bclient
+,
+.Cm
+monitor
+,
+.Cm
+pll
+,
+.Cm
+pps
 and
+.Cm
+stats
 flags.
 See the
+ at code{ntpd(8)}
 documentation for the meaning of these flags.
 There
 are two additional flags which are read only, the
+.Cm
+kernel_pll
 and
+.Cm
+kernel_pps
+.
 These flags indicate
 the synchronization status when the precision time kernel
 modifications are in use.
 The
+.Sq
+kernel_pll
 indicates that
 the local clock is being disciplined by the kernel, while the
+.Sq
+kernel_pps
 indicates the kernel discipline is provided by the PPS
 signal.
+
 The
+.Sq
+stability
 is the residual frequency error remaining
 after the system frequency correction is applied and is intended for
 maintenance and debugging.
@@ -598,15 +676,27 @@ the range .01 to 0.1 ppm.
 If it remains high for some time after
 starting the daemon, something may be wrong with the local clock,
 or the value of the kernel variable
+.Va
+kern.clockrate.tick
 may be
 incorrect.
+
 The
+.Sq
+broadcastdelay
 shows the default broadcast delay,
 as set by the
+.Ic
+broadcastdelay
 configuration command.
+
 The
+.Sq
+authdelay
 shows the default authentication delay,
 as set by the
+.Ic
+authdelay
 configuration command.
 @item Ic
 Print statistics counters maintained in the protocol
@@ -637,14 +727,23 @@ information is provided only by some clo
 undecodable without a copy of the driver source in hand.
 
 @end multitable
+.Ss
+"Runtime
+Configuration
+Requests"
 All requests which cause state changes in the server are
 authenticated by the server using a configured NTP key (the
 facility can also be disabled by the server by not configuring a
 key).
 The key number and the corresponding key must also be made
 known to
+ at code{ntpdc}.
 This can be done using the
+.Ic
+keyid
 and
+.Ic
+passwd
 commands, the latter of which will prompt at the terminal for a
 password to use as the encryption key.
 You will also be prompted
@@ -654,6 +753,7 @@ server is given.
 Authentication not only provides verification that
 the requester has permission to make such changes, but also gives
 an extra degree of protection again transmission errors.
+
 Authenticated requests always include a timestamp in the packet
 data, which is included in the computation of the authentication
 code.
@@ -677,9 +777,20 @@ passwords are chosen, care is taken in t
 protection of keys and appropriate source address restrictions are
 applied, the run time reconfiguration facility should provide an
 adequate level of security.
+
 The following commands all make authenticated requests.
 @table @samp
 @item Xo
+.Op
+Ar
+keyid
+.Op
+Ar
+version
+.Op
+Cm
+prefer
+.Xc
 Add a configured peer association at the given address and
 operating in symmetric active mode.
 Note that an existing
@@ -687,14 +798,20 @@ association with the same peer may be de
 executed, or may simply be converted to conform to the new
 configuration, as appropriate.
 If the optional
+.Ar
+keyid
 is a
 nonzero integer, all outgoing packets to the remote server will
 have an authentication field attached encrypted with this key.
 If
 the value is 0 (or not given) no authentication will be done.
 The
+.Ar
+version
 can be 1, 2 or 3 and defaults to 3.
 The
+.Cm
+prefer
 keyword indicates a preferred peer (and thus will
 be used primarily for clock synchronisation if possible).
 The
@@ -702,14 +819,36 @@ preferred peer also determines the valid
 the preferred peer is suitable for synchronisation so is the PPS
 signal.
 @item Xo
+.Op
+Ar
+keyid
+.Op
+Ar
+version
+.Op
+Cm
+prefer
+.Xc
 Identical to the addpeer command, except that the operating
 mode is client.
 @item Xo
+.Op
+Ar
+keyid
+.Op
+Ar
+version
+.Op
+Cm
+prefer
+.Xc
 Identical to the addpeer command, except that the operating
 mode is broadcast.
 In this case a valid key identifier and key are
 required.
 The
+.Ar
+peer_address
 parameter can be the broadcast
 address of the local network or a multicast group address assigned
 to NTP.
@@ -724,14 +863,84 @@ When appropriate, however, the
 association may persist in an unconfigured mode if the remote peer
 is willing to continue on in this fashion.
 @item Xo
+.Op
+Cm
+time1
+.Op
+Cm
+time2
+.Op
+Ar
+stratum
+.Op
+Ar
+refid
+.Xc
 This command provides a way to set certain data for a reference
 clock.
 See the source listing for further information.
 @item Xo
+.Oo
+.Cm
+auth
+|
+Cm
+bclient
+|
+.Cm
+calibrate
+|
+Cm
+kernel
+|
+.Cm
+monitor
+|
+Cm
+ntp
+|
+.Cm
+pps
+|
+Cm
+stats
+.Oc
+.Xc
 @item Xo
+.Oo
+.Cm
+auth
+|
+Cm
+bclient
+|
+.Cm
+calibrate
+|
+Cm
+kernel
+|
+.Cm
+monitor
+|
+Cm
+ntp
+|
+.Cm
+pps
+|
+Cm
+stats
+.Oc
+.Xc
 These commands operate in the same way as the
+.Ic
+enable
 and
+.Ic
+disable
 configuration file commands of
+ at code{ntpd(8)}.
 @table @samp
 @item Cm
 Enables the server to synchronize with unconfigured peers only
@@ -752,6 +961,7 @@ The default for this flag is enable if s
 @item Cm
 Enables the monitoring facility.
 See the
+ at code{ntpdc(8)}.
 program and the monlist command or further information.
 The default for this flag is enable.
 @item Cm
@@ -763,57 +973,195 @@ The default for this flag is enable.
 Enables the pulse-per-second (PPS) signal when frequency
 and time is disciplined by the precision time kernel modifications.
 See the
+.Qq
+A
+Kernel
+Model
+for
+Precision
+Timekeeping
 (available as part of the HTML documentation
 provided in
+.Pa
+/usr/share/doc/ntp
+)
 page for further information.
 The default for this flag is disable.
 @item Cm
 Enables the statistics facility.
 See the
+.Sx
+Monitoring
+Options
 section of
+ at code{ntp.conf(5)}
 for further information.
 The default for this flag is disable.
 
 @end multitable
+.It
+Xo
+Ic
+restrict
+Ar
+address
+Ar
+mask
+.Ar
+flag
+Oo
+Ar
+...
+Oc
+.Xc
 This command operates in the same way as the
+.Ic
+restrict
 configuration file commands of
+ at code{ntpd(8)}.
+.It
+Xo
+Ic
+unrestrict
+Ar
+address
+Ar
+mask
+.Ar
+flag
+Oo
+Ar
+...
+Oc
+.Xc
 Unrestrict the matching entry from the restrict list.
+.It
+Xo
+Ic
+delrestrict
+Ar
+address
+Ar
+mask
+.Op
+Cm
+ntpport
+.Xc
 Delete the matching entry from the restrict list.
+.It
+Ic
+readkeys
 Causes the current set of authentication keys to be purged and
 a new set to be obtained by rereading the keys file (which must
 have been specified in the
+ at code{ntpd(8)}
 configuration file).
 This
 allows encryption keys to be changed without restarting the
 server.
+.It
+Ic
+trustedkey
+Ar
+keyid
+Oo
+Ar
+...
+Oc
+.It
+Ic
+untrustedkey
+Ar
+keyid
+Oo
+Ar
+...
+Oc
 These commands operate in the same way as the
+.Ic
+trustedkey
 and
+.Ic
+untrustedkey
 configuration file
 commands of
+ at code{ntpd(8)}.
+.It
+Ic
+authinfo
 Returns information concerning the authentication module,
 including known keys and counts of encryptions and decryptions
 which have been done.
+.It
+Ic
+traps
 Display the traps set in the server.
 See the source listing for
 further information.
+.It
+Xo
+Ic
+addtrap
+Ar
+address
+.Op
+Ar
+port
+.Op
+Ar
+interface
+.Xc
 Set a trap for asynchronous messages.
 See the source listing
 for further information.
+.It
+Xo
+Ic
+clrtrap
+Ar
+address
+.Op
+Ar
+port
+.Op
+Ar
+interface
+.Xc
 Clear a trap for asynchronous messages.
 See the source listing
 for further information.
+.It
+Ic
+reset
 Clear the statistics counters in various modules of the server.
 See the source listing for further information.
 
 @end multitable
 @node ntpdc See Also
 @subsection ntpdc See Also
+ at code{ntp.conf(5)},
+ at code{ntpd(8)}
+.Rs
+.%A
+David
+L.
+Mills
+.%T
+Network
+Time
+Protocol
+(Version
+3)
+.%O
+RFC1305
+.Re
 @node ntpdc Authors
 @subsection ntpdc Authors
 The formatting directives in this document came from FreeBSD.
 @node ntpdc Bugs
 @subsection ntpdc Bugs
 The
+ at code{ntpdc}
 utility is a crude hack.
 Much of the information it shows is
 deadly boring and could only be loved by its implementer.
@@ -822,4 +1170,5 @@ program was designed so that new (and te
 to hack in, at great expense to the program's ease of use.
 Despite
 this, the program is occasionally useful.
+
 Please report bugs to http://bugs.ntp.org .

==== ntpdc/ntpdc-opts.c ====
2012-08-12 04:32:18+00:00, stenn at psp-fb1.ntp.org +172 -124
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.295/ntpdc/ntpdc-opts.c	2012-08-11 07:33:23 -04:00
+++ 1.296/ntpdc/ntpdc-opts.c	2012-08-12 00:32:18 -04:00
@@ -1,11 +1,11 @@
 /*  
  *  EDIT THIS FILE WITH CAUTION  (ntpdc-opts.c)
  *  
- *  It has been AutoGen-ed  August 11, 2012 at 11:31:53 AM by AutoGen 5.14
+ *  It has been AutoGen-ed  August 11, 2012 at 08:39:27 PM by AutoGen 5.16.2
  *  From the definitions    ntpdc-opts.def
  *  and the template file   options
  *
- * Generated from AutoOpts 36:1:11 templates.
+ * Generated from AutoOpts 36:5:11 templates.
  *
  *  AutoOpts is a copyrighted work.  This source file is not encumbered
  *  by AutoOpts licensing, but is provided under the licensing terms chosen
@@ -36,14 +36,15 @@
  *  is provided "as is" without express or implied warranty.
  */
 
+#ifndef __doxygen__
+#define OPTION_CODE_COMPILE 1
+#include "ntpdc-opts.h"
 #include <sys/types.h>
 
 #include <limits.h>
 #include <stdio.h>
 #include <stdlib.h>
 
-#define OPTION_CODE_COMPILE 1
-#include "ntpdc-opts.h"
 #ifdef  __cplusplus
 extern "C" {
 #endif
@@ -54,10 +55,10 @@ extern FILE * option_usage_fp;
 #define zCopyright      (ntpdc_opt_strs+0)
 #define zLicenseDescrip (ntpdc_opt_strs+315)
 
-extern tUsageProc optionUsage;
 /*
  *  global included definitions
- */#ifdef __windows
+ */
+#ifdef __windows
   extern int atoi(const char*);
 #else
 # include <stdlib.h>
@@ -70,7 +71,7 @@ extern tUsageProc optionUsage;
 /*
  *  ntpdc option static const strings
  */
-static char const ntpdc_opt_strs[1860] =
+static char const ntpdc_opt_strs[1862] =
 /*     0 */ "ntpdc 4.2.7p295\n"
             "Copyright (C) 1970-2012 The University of Delaware, all rights reserved.\n"
             "This is free software. It is licensed for use, modification and\n"
@@ -83,68 +84,68 @@ static char const ntpdc_opt_strs[1860] =
             "provided that the above copyright notice appears in all copies and that\n"
             "both the copyright notice and this permission notice appear in supporting\n"
             "documentation, and that the name The University of Delaware not be used in\n"
-            "advertising or publicity pertaining to distribution of the software\n"
-            "without specific, written prior permission. The University of Delaware\n"
-            "makes no representations about the suitability this software for any\n"
-            "purpose. It is provided \"as is\" without express or implied warranty.\n\0"
-/*   953 */ "Force IPv4 DNS name resolution\0"
-/*   984 */ "IPV4\0"
-/*   989 */ "ipv4\0"
-/*   994 */ "Force IPv6 DNS name resolution\0"
-/*  1025 */ "IPV6\0"
-/*  1030 */ "ipv6\0"
-/*  1035 */ "run a command and exit\0"
-/*  1058 */ "COMMAND\0"
-/*  1066 */ "command\0"
-/*  1074 */ "Increase debug verbosity level\0"
-/*  1105 */ "DEBUG_LEVEL\0"
-/*  1117 */ "debug-level\0"
-/*  1129 */ "Set the debug verbosity level\0"
-/*  1159 */ "SET_DEBUG_LEVEL\0"
-/*  1175 */ "set-debug-level\0"
-/*  1191 */ "Force ntpq to operate in interactive mode\0"
-/*  1233 */ "INTERACTIVE\0"
-/*  1245 */ "interactive\0"
-/*  1257 */ "Print a list of the peers\0"
-/*  1283 */ "LISTPEERS\0"
-/*  1293 */ "listpeers\0"
-/*  1303 */ "numeric host addresses\0"
-/*  1326 */ "NUMERIC\0"
-/*  1334 */ "numeric\0"
-/*  1342 */ "PEERS\0"
-/*  1348 */ "peers\0"
-/*  1354 */ "Show a list of the peers\0"
-/*  1379 */ "SHOWPEERS\0"
-/*  1389 */ "showpeers\0"
-/*  1399 */ "Display extended usage information and exit\0"
-/*  1443 */ "help\0"
-/*  1448 */ "Extended usage information passed thru pager\0"
-/*  1493 */ "more-help\0"
-/*  1503 */ "Output version information and exit\0"
-/*  1539 */ "version\0"
-/*  1547 */ "Save the option state to a config file\0"
-/*  1586 */ "save-opts\0"
-/*  1596 */ "Load options from a config file\0"
-/*  1628 */ "LOAD_OPTS\0"
-/*  1638 */ "no-load-opts\0"
-/*  1651 */ "no\0"
-/*  1654 */ "NTPDC\0"
-/*  1660 */ "ntpdc - vendor-specific NTPD control program - Ver. 4.2.7p295\n"
+            "advertising or publicity pertaining to distribution of the software without\n"
+            "specific, written prior permission.  The University of Delaware makes no\n"
+            "representations about the suitability this software for any purpose.  It is\n"
+            "provided \"as is\" without express or implied warranty.\n\0"
+/*   955 */ "Force IPv4 DNS name resolution\0"
+/*   986 */ "IPV4\0"
+/*   991 */ "ipv4\0"
+/*   996 */ "Force IPv6 DNS name resolution\0"
+/*  1027 */ "IPV6\0"
+/*  1032 */ "ipv6\0"
+/*  1037 */ "run a command and exit\0"
+/*  1060 */ "COMMAND\0"
+/*  1068 */ "command\0"
+/*  1076 */ "Increase debug verbosity level\0"
+/*  1107 */ "DEBUG_LEVEL\0"
+/*  1119 */ "debug-level\0"
+/*  1131 */ "Set the debug verbosity level\0"
+/*  1161 */ "SET_DEBUG_LEVEL\0"
+/*  1177 */ "set-debug-level\0"
+/*  1193 */ "Force ntpq to operate in interactive mode\0"
+/*  1235 */ "INTERACTIVE\0"
+/*  1247 */ "interactive\0"
+/*  1259 */ "Print a list of the peers\0"
+/*  1285 */ "LISTPEERS\0"
+/*  1295 */ "listpeers\0"
+/*  1305 */ "numeric host addresses\0"
+/*  1328 */ "NUMERIC\0"
+/*  1336 */ "numeric\0"
+/*  1344 */ "PEERS\0"
+/*  1350 */ "peers\0"
+/*  1356 */ "Show a list of the peers\0"
+/*  1381 */ "SHOWPEERS\0"
+/*  1391 */ "showpeers\0"
+/*  1401 */ "Display extended usage information and exit\0"
+/*  1445 */ "help\0"
+/*  1450 */ "Extended usage information passed thru pager\0"
+/*  1495 */ "more-help\0"
+/*  1505 */ "Output version information and exit\0"
+/*  1541 */ "version\0"
+/*  1549 */ "Save the option state to a config file\0"
+/*  1588 */ "save-opts\0"
+/*  1598 */ "Load options from a config file\0"
+/*  1630 */ "LOAD_OPTS\0"
+/*  1640 */ "no-load-opts\0"
+/*  1653 */ "no\0"
+/*  1656 */ "NTPDC\0"
+/*  1662 */ "ntpdc - vendor-specific NTPD control program - Ver. 4.2.7p295\n"
             "USAGE:  %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]\n\0"
-/*  1792 */ ".ntprc\0"
-/*  1799 */ "$HOME\0"
-/*  1805 */ ".\0"
-/*  1807 */ "http://bugs.ntp.org, bugs at ntp.org\0"
-/*  1841 */ "\n\n\0"
-/*  1844 */ "ntpdc 4.2.7p295";
+/*  1794 */ "$HOME\0"
+/*  1800 */ ".\0"
+/*  1802 */ ".ntprc\0"
+/*  1809 */ "http://bugs.ntp.org, bugs at ntp.org\0"
+/*  1843 */ "\n\n\0"
+/*  1846 */ "ntpdc 4.2.7p295";
 
 /*
  *  ipv4 option description with
  *  "Must also have options" and "Incompatible options":
  */
-#define IPV4_DESC      (ntpdc_opt_strs+953)
-#define IPV4_NAME      (ntpdc_opt_strs+984)
-#define IPV4_name      (ntpdc_opt_strs+989)
+#define IPV4_DESC      (ntpdc_opt_strs+955)
+#define IPV4_NAME      (ntpdc_opt_strs+986)
+#define IPV4_name      (ntpdc_opt_strs+991)
 static int const aIpv4CantList[] = {
     INDEX_OPT_IPV6, NO_EQUIVALENT };
 #define IPV4_FLAGS     (OPTST_DISABLED)
@@ -153,9 +154,9 @@ static int const aIpv4CantList[] = {
  *  ipv6 option description with
  *  "Must also have options" and "Incompatible options":
  */
-#define IPV6_DESC      (ntpdc_opt_strs+994)
-#define IPV6_NAME      (ntpdc_opt_strs+1025)
-#define IPV6_name      (ntpdc_opt_strs+1030)
+#define IPV6_DESC      (ntpdc_opt_strs+996)
+#define IPV6_NAME      (ntpdc_opt_strs+1027)
+#define IPV6_name      (ntpdc_opt_strs+1032)
 static int const aIpv6CantList[] = {
     INDEX_OPT_IPV4, NO_EQUIVALENT };
 #define IPV6_FLAGS     (OPTST_DISABLED)
@@ -163,26 +164,26 @@ static int const aIpv6CantList[] = {
 /*
  *  command option description:
  */
-#define COMMAND_DESC      (ntpdc_opt_strs+1035)
-#define COMMAND_NAME      (ntpdc_opt_strs+1058)
-#define COMMAND_name      (ntpdc_opt_strs+1066)
+#define COMMAND_DESC      (ntpdc_opt_strs+1037)
+#define COMMAND_NAME      (ntpdc_opt_strs+1060)
+#define COMMAND_name      (ntpdc_opt_strs+1068)
 #define COMMAND_FLAGS     (OPTST_DISABLED | OPTST_STACKED \
         | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
 
 /*
  *  debug-level option description:
  */
-#define DEBUG_LEVEL_DESC      (ntpdc_opt_strs+1074)
-#define DEBUG_LEVEL_NAME      (ntpdc_opt_strs+1105)
-#define DEBUG_LEVEL_name      (ntpdc_opt_strs+1117)
+#define DEBUG_LEVEL_DESC      (ntpdc_opt_strs+1076)
+#define DEBUG_LEVEL_NAME      (ntpdc_opt_strs+1107)
+#define DEBUG_LEVEL_name      (ntpdc_opt_strs+1119)
 #define DEBUG_LEVEL_FLAGS     (OPTST_DISABLED)
 
 /*
  *  set-debug-level option description:
  */
-#define SET_DEBUG_LEVEL_DESC      (ntpdc_opt_strs+1129)
-#define SET_DEBUG_LEVEL_NAME      (ntpdc_opt_strs+1159)
-#define SET_DEBUG_LEVEL_name      (ntpdc_opt_strs+1175)
+#define SET_DEBUG_LEVEL_DESC      (ntpdc_opt_strs+1131)
+#define SET_DEBUG_LEVEL_NAME      (ntpdc_opt_strs+1161)
+#define SET_DEBUG_LEVEL_name      (ntpdc_opt_strs+1177)
 #define SET_DEBUG_LEVEL_FLAGS     (OPTST_DISABLED \
         | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
 
@@ -190,9 +191,9 @@ static int const aIpv6CantList[] = {
  *  interactive option description with
  *  "Must also have options" and "Incompatible options":
  */
-#define INTERACTIVE_DESC      (ntpdc_opt_strs+1191)
-#define INTERACTIVE_NAME      (ntpdc_opt_strs+1233)
-#define INTERACTIVE_name      (ntpdc_opt_strs+1245)
+#define INTERACTIVE_DESC      (ntpdc_opt_strs+1193)
+#define INTERACTIVE_NAME      (ntpdc_opt_strs+1235)
+#define INTERACTIVE_name      (ntpdc_opt_strs+1247)
 static int const aInteractiveCantList[] = {
     INDEX_OPT_COMMAND,
     INDEX_OPT_LISTPEERS,
@@ -204,9 +205,9 @@ static int const aInteractiveCantList[] 
  *  listpeers option description with
  *  "Must also have options" and "Incompatible options":
  */
-#define LISTPEERS_DESC      (ntpdc_opt_strs+1257)
-#define LISTPEERS_NAME      (ntpdc_opt_strs+1283)
-#define LISTPEERS_name      (ntpdc_opt_strs+1293)
+#define LISTPEERS_DESC      (ntpdc_opt_strs+1259)
+#define LISTPEERS_NAME      (ntpdc_opt_strs+1285)
+#define LISTPEERS_name      (ntpdc_opt_strs+1295)
 static int const aListpeersCantList[] = {
     INDEX_OPT_COMMAND, NO_EQUIVALENT };
 #define LISTPEERS_FLAGS     (OPTST_DISABLED)
@@ -214,18 +215,18 @@ static int const aListpeersCantList[] = 
 /*
  *  numeric option description:
  */
-#define NUMERIC_DESC      (ntpdc_opt_strs+1303)
-#define NUMERIC_NAME      (ntpdc_opt_strs+1326)
-#define NUMERIC_name      (ntpdc_opt_strs+1334)
+#define NUMERIC_DESC      (ntpdc_opt_strs+1305)
+#define NUMERIC_NAME      (ntpdc_opt_strs+1328)
+#define NUMERIC_name      (ntpdc_opt_strs+1336)
 #define NUMERIC_FLAGS     (OPTST_DISABLED)
 
 /*
  *  peers option description with
  *  "Must also have options" and "Incompatible options":
  */
-#define PEERS_DESC      (ntpdc_opt_strs+1257)
-#define PEERS_NAME      (ntpdc_opt_strs+1342)
-#define PEERS_name      (ntpdc_opt_strs+1348)
+#define PEERS_DESC      (ntpdc_opt_strs+1259)
+#define PEERS_NAME      (ntpdc_opt_strs+1344)
+#define PEERS_name      (ntpdc_opt_strs+1350)
 static int const aPeersCantList[] = {
     INDEX_OPT_COMMAND, NO_EQUIVALENT };
 #define PEERS_FLAGS     (OPTST_DISABLED)
@@ -234,9 +235,9 @@ static int const aPeersCantList[] = {
  *  showpeers option description with
  *  "Must also have options" and "Incompatible options":
  */
-#define SHOWPEERS_DESC      (ntpdc_opt_strs+1354)
-#define SHOWPEERS_NAME      (ntpdc_opt_strs+1379)
-#define SHOWPEERS_name      (ntpdc_opt_strs+1389)
+#define SHOWPEERS_DESC      (ntpdc_opt_strs+1356)
+#define SHOWPEERS_NAME      (ntpdc_opt_strs+1381)
+#define SHOWPEERS_name      (ntpdc_opt_strs+1391)
 static int const aShowpeersCantList[] = {
     INDEX_OPT_COMMAND, NO_EQUIVALENT };
 #define SHOWPEERS_FLAGS     (OPTST_DISABLED)
@@ -244,11 +245,11 @@ static int const aShowpeersCantList[] = 
 /*
  *  Help/More_Help/Version option descriptions:
  */
-#define HELP_DESC       (ntpdc_opt_strs+1399)
-#define HELP_name       (ntpdc_opt_strs+1443)
+#define HELP_DESC       (ntpdc_opt_strs+1401)
+#define HELP_name       (ntpdc_opt_strs+1445)
 #ifdef HAVE_WORKING_FORK
-#define MORE_HELP_DESC  (ntpdc_opt_strs+1448)
-#define MORE_HELP_name  (ntpdc_opt_strs+1493)
+#define MORE_HELP_DESC  (ntpdc_opt_strs+1450)
+#define MORE_HELP_name  (ntpdc_opt_strs+1495)
 #define MORE_HELP_FLAGS (OPTST_IMM | OPTST_NO_INIT)
 #else
 #define MORE_HELP_DESC  NULL
@@ -261,14 +262,14 @@ static int const aShowpeersCantList[] = 
 #  define VER_FLAGS     (OPTST_SET_ARGTYPE(OPARG_TYPE_STRING) | \
                          OPTST_ARG_OPTIONAL | OPTST_IMM | OPTST_NO_INIT)
 #endif
-#define VER_DESC        (ntpdc_opt_strs+1503)
-#define VER_name        (ntpdc_opt_strs+1539)
-#define SAVE_OPTS_DESC  (ntpdc_opt_strs+1547)
-#define SAVE_OPTS_name  (ntpdc_opt_strs+1586)
-#define LOAD_OPTS_DESC     (ntpdc_opt_strs+1596)
-#define LOAD_OPTS_NAME     (ntpdc_opt_strs+1628)
-#define NO_LOAD_OPTS_name  (ntpdc_opt_strs+1638)
-#define LOAD_OPTS_pfx      (ntpdc_opt_strs+1651)
+#define VER_DESC        (ntpdc_opt_strs+1505)
+#define VER_name        (ntpdc_opt_strs+1541)
+#define SAVE_OPTS_DESC  (ntpdc_opt_strs+1549)
+#define SAVE_OPTS_name  (ntpdc_opt_strs+1588)
+#define LOAD_OPTS_DESC     (ntpdc_opt_strs+1598)
+#define LOAD_OPTS_NAME     (ntpdc_opt_strs+1630)
+#define NO_LOAD_OPTS_name  (ntpdc_opt_strs+1640)
+#define LOAD_OPTS_pfx      (ntpdc_opt_strs+1653)
 #define LOAD_OPTS_name     (NO_LOAD_OPTS_name + 3)
 /*
  *  Declare option callback procedures
@@ -304,13 +305,14 @@ static tOptProc
  */
 #define SET_DEBUG_LEVEL_OPT_PROC doOptSet_Debug_Level
 
-#define SET_DEBUG_LEVEL_OPT_PROC doOptSet_Debug_Level
 #endif /* defined(TEST_NTPDC_OPTS) */
 #define VER_PROC        ntpOptionPrintVersion
 
-/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
- *
- *  Define the Ntpdc Option Descriptions.
+/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
+/**
+ *  Define the ntpdc Option Descriptions.
+ * This is an array of OPTION_CT entries, one for each
+ * option that the ntpdc program responds to.
  */
 static tOptDesc optDesc[OPTION_CT] = {
   {  /* entry idx, value */ 0, VALUE_OPT_IPV4,
@@ -501,20 +503,20 @@ static tOptDesc optDesc[OPTION_CT] = {
 
 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
  *
- *  Define the Ntpdc Option Environment
+ *  Define the ntpdc Option Environment
  */
-#define zPROGNAME       (ntpdc_opt_strs+1654)
-#define zUsageTitle     (ntpdc_opt_strs+1660)
-#define zRcName         (ntpdc_opt_strs+1792)
+#define zPROGNAME       (ntpdc_opt_strs+1656)
+#define zUsageTitle     (ntpdc_opt_strs+1662)
+#define zRcName         (ntpdc_opt_strs+1802)
 static char const * const apzHomeList[3] = {
-    ntpdc_opt_strs+1799,
-    ntpdc_opt_strs+1805,
+    ntpdc_opt_strs+1794,
+    ntpdc_opt_strs+1800,
     NULL };
-#define zBugsAddr       (ntpdc_opt_strs+1807)
-#define zExplain        (ntpdc_opt_strs+1841)
+#define zBugsAddr       (ntpdc_opt_strs+1809)
+#define zExplain        (ntpdc_opt_strs+1843)
 #define zDetail         (NULL)
-#define zFullVersion    (ntpdc_opt_strs+1844)
-/* extracted from optcode.tlib near line 315 */
+#define zFullVersion    (ntpdc_opt_strs+1846)
+/* extracted from optcode.tlib near line 350 */
 
 #if defined(ENABLE_NLS)
 # define OPTPROC_BASE OPTPROC_TRANSLATE
@@ -529,35 +531,58 @@ static char const * const apzHomeList[3]
 
 #define ntpdc_short_usage (NULL)
 
+#endif /* not defined __doxygen__ */
+
 /*
  *  Create the static procedure(s) declared above.
  */
+/**
+ * The callout function that invokes the optionUsage function.
+ *
+ * @param pOptions the AutoOpts option description structure
+ * @param pOptDesc the descriptor for the "help" (usage) option.
+ * @noreturn
+ */
 static void
 doUsageOpt(tOptions * pOptions, tOptDesc * pOptDesc)
 {
+    optionUsage(&ntpdcOptions, NTPDC_EXIT_SUCCESS);
+    /* NOTREACHED */
+    (void)pOptDesc;
     (void)pOptions;
-    USAGE(NTPDC_EXIT_SUCCESS);
 }
 
 #if ! defined(TEST_NTPDC_OPTS)
 
-/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
+/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
+/**
+ * Code to handle the set-debug-level option.
  *
- *   For the set-debug-level option.
+ * @param pOptions the ntpdc options data structure
+ * @param pOptDesc the option descriptor for this option.
  */
 static void
 doOptSet_Debug_Level(tOptions* pOptions, tOptDesc* pOptDesc)
 {
     /* extracted from debug-opt.def, line 26 */
 DESC(DEBUG_LEVEL).optOccCt = atoi( pOptDesc->pzLastArg );
+    (void)pOptions;
 }
 #endif /* defined(TEST_NTPDC_OPTS) */
-/* extracted from optmain.tlib near line 128 */
+/* extracted from optmain.tlib near line 48 */
 
 #if defined(TEST_NTPDC_OPTS) /* TEST MAIN PROCEDURE: */
 
 extern void optionPutShell(tOptions*);
 
+/**
+ * Generated main procedure.  This will emit text that a Bourne shell can
+ * process to handle its command line arguments.
+ *
+ * @param argc argument count
+ * @param argv argument vector
+ * @returns program exit code
+ */
 int
 main(int argc, char ** argv)
 {
@@ -570,12 +595,19 @@ main(int argc, char ** argv)
     return res;
 }
 #endif  /* defined TEST_NTPDC_OPTS */
-/* extracted from optmain.tlib near line 1148 */
+/* extracted from optmain.tlib near line 1146 */
 
+/**
+ * The directory containing the data associated with ntpdc.
+ */
 #ifndef  PKGDATADIR
 # define PKGDATADIR ""
 #endif
 
+/**
+ * Information about the person or institution that packaged ntpdc
+ * for the current distribution.
+ */
 #ifndef  WITH_PACKAGER
 # define ntpdc_packager_info NULL
 #else
@@ -591,7 +623,13 @@ static char const ntpdc_packager_info[] 
 # endif
     "\n";
 #endif
+#ifndef __doxygen__
 
+#endif /* __doxygen__ */
+/**
+ * The option definitions for ntpdc.  The one structure that
+ * binds them all.
+ */
 tOptions ntpdcOptions = {
     OPTIONS_STRUCT_VERSION,
     0, NULL,                    /* original argc + argv    */
@@ -635,7 +673,16 @@ tOptions ntpdcOptions = {
 static char* AO_gettext(char const* pz);
 static void  coerce_it(void** s);
 
-static char*
+/**
+ * AutoGen specific wrapper function for gettext.
+ * It relies on the macro _() to convert from English to the target
+ * language, then strdup-duplicates the result string.
+ *
+ * @param[in] pz the input text used as a lookup key.
+ * @returns the translated text (if there is one),
+ *   or the original text (if not).
+ */
+static char *
 AO_gettext(char const* pz)
 {
     char* pzRes;
@@ -655,8 +702,9 @@ AO_gettext(char const* pz)
 static void coerce_it(void** s) { *s = AO_gettext(*s);
 }
 
-/*
- *  This invokes the translation code (e.g. gettext(3)).
+/**
+ * Translate all the translatable strings in the ntpdcOptions
+ * structure defined above.  This is done only once.
  */
 static void
 translate_option_strings(void)

==== ntpdc/ntpdc-opts.h ====
2012-08-12 04:32:18+00:00, stenn at psp-fb1.ntp.org +13 -5
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.295/ntpdc/ntpdc-opts.h	2012-08-11 07:33:23 -04:00
+++ 1.296/ntpdc/ntpdc-opts.h	2012-08-12 00:32:18 -04:00
@@ -1,11 +1,11 @@
 /*  
  *  EDIT THIS FILE WITH CAUTION  (ntpdc-opts.h)
  *  
- *  It has been AutoGen-ed  August 11, 2012 at 11:31:53 AM by AutoGen 5.14
+ *  It has been AutoGen-ed  August 11, 2012 at 08:39:27 PM by AutoGen 5.16.2
  *  From the definitions    ntpdc-opts.def
  *  and the template file   options
  *
- * Generated from AutoOpts 36:1:11 templates.
+ * Generated from AutoOpts 36:5:11 templates.
  *
  *  AutoOpts is a copyrighted work.  This header file is not encumbered
  *  by AutoOpts licensing, but is provided under the licensing terms chosen
@@ -53,7 +53,7 @@
  *  tolerable version is at least as old as what was current when the header
  *  template was released.
  */
-#define AO_TEMPLATE_VERSION 147457
+#define AO_TEMPLATE_VERSION 147461
 #if (AO_TEMPLATE_VERSION < OPTIONS_MINIMUM_VERSION) \
  || (AO_TEMPLATE_VERSION > OPTIONS_STRUCT_VERSION)
 # error option template version mismatches autoopts/options.h header
@@ -112,7 +112,9 @@ typedef enum {
  */
 typedef enum {
     NTPDC_EXIT_SUCCESS = 0,
-    NTPDC_EXIT_FAILURE = 1
+    NTPDC_EXIT_FAILURE = 1,
+    NTPDC_EXIT_NO_CONFIG_INPUT = 66,
+    NTPDC_EXIT_LIBOPTS_FAILURE = 70
 } ntpdc_exit_code_t;
 /*
  *  Make sure there are no #define name conflicts with the option names
@@ -204,7 +206,7 @@ typedef enum {
                 ntpdcOptions.pzCurOpt  = NULL)
 #define START_OPT       RESTART_OPT(1)
 #define USAGE(c)        (*ntpdcOptions.pUsageProc)(&ntpdcOptions, c)
-/* extracted from opthead.tlib near line 469 */
+/* extracted from opthead.tlib near line 484 */
 
 #ifdef  __cplusplus
 extern "C" {
@@ -220,6 +222,12 @@ extern tOptions ntpdcOptions;
 #if defined(ENABLE_NLS)
 # ifndef _
 #   include <stdio.h>
+#   ifndef HAVE_GETTEXT
+      extern char * gettext(char const *);
+#   else
+#     include <libintl.h>
+#   endif
+
 static inline char* aoGetsText(char const* pz) {
     if (pz == NULL) return NULL;
     return (char*)gettext(pz);

==== ntpdc/ntpdc.1ntpdcman ====
2012-08-12 04:32:18+00:00, stenn at psp-fb1.ntp.org +28 -21
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.111/ntpdc/ntpdc.1ntpdcman	2012-08-11 07:33:23 -04:00
+++ 1.112/ntpdc/ntpdc.1ntpdcman	2012-08-12 00:32:18 -04:00
@@ -2,7 +2,7 @@
 .\"
 .\"  EDIT THIS FILE WITH CAUTION  (ntpdc-opts.man)
 .\"  
-.\"  It has been AutoGen-ed  August 11, 2012 at 11:32:03 AM by AutoGen 5.14
+.\"  It has been AutoGen-ed  August 11, 2012 at 08:58:05 PM by AutoGen 5.16.2
 .\"  From the definitions    ntpdc-opts.def
 .\"  and the template file   agman-cmd.tpl
 .\"
@@ -14,7 +14,7 @@ ntpdc \- vendor-specific NTPD control pr
 .RB [ \-\fIflag\fP " [\fIvalue\fP]]... [" \-\-\fIopt\-name\fP " [[=| ]\fIvalue\fP]]..." [ host ...]
 .PP
 .SH DESCRIPTION
-.B 
+.B XXX Program Name
 is a utility program used to query
 .Xr ntpd 8
 about its
@@ -25,12 +25,12 @@ be run either in interactive mode or con
 arguments.
 Extensive state and statistics information is available
 through the
-.B 
+.B XXX Program Name
 interface.
 In addition, nearly all the
 configuration options which can be specified at startup using
 ntpd's configuration file may also be specified at run time using
-.B  .
+.B XXX Program Name .
 .SH "OPTIONS"
 .TP
 .BR \-4 ", " -\-ipv4
@@ -87,7 +87,7 @@ their state. This is equivalent to the '
 numeric host addresses.
 .sp
 Output all host addresses in dotted-quad numeric format rather than
-converting to the canonical host names. 
+converting to the canonical host names.
 .TP
 .BR \-p ", " -\-peers
 Print a list of the peers.
@@ -141,24 +141,24 @@ is searched for within those directories
 .SH USAGE
 If one or more request options are included on the command line
 when
-.B 
+.B XXX Program Name
 is executed, each of the requests will be sent
 to the NTP servers running on each of the hosts given as command
 line arguments, or on localhost by default.
 If no request options
 are given,
-.B 
+.B XXX Program Name
 will attempt to read commands from the
 standard input and execute these on the NTP server running on the
 first host given on the command line, again defaulting to localhost
 when no other host is specified.
 The
-.B 
+.B XXX Program Name
 utility will prompt for
 commands if the standard input is a terminal device.
 .PP
 The
-.B 
+.B XXX Program Name
 utility uses NTP mode 7 packets to communicate with the
 NTP server, and hence can be used to query any compatible server on
 the network which permits it.
@@ -166,21 +166,21 @@ Note that since NTP is a UDP protocol
 this communication will be somewhat unreliable, especially over
 large distances in terms of network topology.
 The
-.B 
+.B XXX Program Name
 utility makes
 no attempt to retransmit requests, and will time requests out if
 the remote host is not heard from within a suitable timeout
 time.
 .PP
 The operation of
-.B 
+.B XXX Program Name
 are specific to the particular
 implementation of the
 .Xr ntpd 8
 daemon and can be expected to
 work only with this and maybe some previous versions of the daemon.
 Requests from a remote
-.B 
+.B XXX Program Name
 utility which affect the
 state of the local server must be authenticated, which requires
 both the remote program and local server share a common key and key
@@ -199,11 +199,11 @@ n
 will cause the specified query (queries) to be sent to
 the indicated host(s) immediately.
 Otherwise,
-.B 
+.B XXX Program Name
 will
 attempt to read interactive format commands from the standard
 input.
-.Ss "Interactive Commands"
+.SS "Interactive Commands"
 Interactive format commands consist of a keyword followed by zero
 to four arguments.
 Only enough characters of the full keyword to
@@ -216,7 +216,7 @@ followed by a file name, to the command 
 .PP
 A number of interactive format commands are executed entirely
 within the
-.B 
+.B XXX Program Name
 utility itself and do not result in NTP
 mode 7 requests being sent to a server.
 These are described
@@ -298,7 +298,7 @@ Note that since
 .Nm
 retries each query once after a timeout, the total waiting time for
 a timeout will be twice the timeout value set.
-.Ss "Control Message Commands"
+.SS "Control Message Commands"
 Query commands result in NTP mode 7 packets containing requests for
 information being sent to the server.
 These are read-only commands
@@ -535,14 +535,14 @@ Obtain debugging information for a refer
 This
 information is provided only by some clock drivers and is mostly
 undecodable without a copy of the driver source in hand.
-.Ss "Runtime Configuration Requests"
+.SS "Runtime Configuration Requests"
 All requests which cause state changes in the server are
 authenticated by the server using a configured NTP key (the
 facility can also be disabled by the server by not configuring a
 key).
 The key number and the corresponding key must also be made
 known to
-.B  .
+.B XXX Program Name .
 This can be done using the
 .Ic keyid
 and
@@ -811,11 +811,18 @@ See \fBOPTION PRESETS\fP for configurati
 .SH "EXIT STATUS"
 One of the following exit values will be returned:
 .TP
-.BR 0
+.BR 0 " (EXIT_SUCCESS)"
 Successful program execution.
 .TP
-.BR 1
+.BR 1 " (EXIT_FAILURE)"
 The operation failed or the command syntax was not valid.
+.TP
+.BR 66 " (EX_NOINPUT)"
+A specified configuration file could not be loaded.
+.TP
+.BR 70 " (EX_SOFTWARE)"
+libopts had an internal operational error.  Please report
+it to autogen-users at lists.sourceforge.net.  Thank you.
 .SH "SEE ALSO"
 .Xr ntp.conf 5 ,
 .Xr ntpd 8
@@ -831,7 +838,7 @@ Copyright (C) 1970-2012 The University o
 This program is released under the terms of the NTP license, <http://ntp.org/license>.
 .SH BUGS
 The
-.B 
+.B XXX Program Name
 utility is a crude hack.
 Much of the information it shows is
 deadly boring and could only be loved by its implementer.

==== ntpdc/ntpdc.1ntpdcmdoc ====
2012-08-12 04:32:18+00:00, stenn at psp-fb1.ntp.org +13 -6
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.111/ntpdc/ntpdc.1ntpdcmdoc	2012-08-11 07:33:23 -04:00
+++ 1.112/ntpdc/ntpdc.1ntpdcmdoc	2012-08-12 00:32:18 -04:00
@@ -1,9 +1,9 @@
 .Dd August 11 2012
 .Dt NTPDC 1ntpdcmdoc User Commands
-.Os SunOS 5.10
+.Os FreeBSD 6.4-STABLE
 .\"  EDIT THIS FILE WITH CAUTION  (ntpdc-opts.mdoc)
 .\"  
-.\"  It has been AutoGen-ed  August 11, 2012 at 11:32:07 AM by AutoGen 5.14
+.\"  It has been AutoGen-ed  August 11, 2012 at 08:58:00 PM by AutoGen 5.16.2
 .\"  From the definitions    ntpdc-opts.def
 .\"  and the template file   agmdoc-cmd.tpl
 .Sh NAME
@@ -62,10 +62,12 @@ host(s).
 Increase debug verbosity level.
 This option may appear an unlimited number of times.
 .sp
+.sp
 .It  \-D " \fIstring\fP, " \-\-set\-debug\-level "=" \fIstring\fP
 Set the debug verbosity level.
 This option may appear an unlimited number of times.
 .sp
+.sp
 .It  \-i ", " -\-interactive
 Force ntpq to operate in interactive mode.
 This option must not appear in combination with any of the following options:
@@ -83,8 +85,8 @@ their state. This is equivalent to the '
 .It  \-n ", " -\-numeric
 numeric host addresses.
 .sp
-Output all host addresses in dotted-quad numeric format rather than
-converting to the canonical host names. 
+Output all host addresses in dotted\-quad numeric format rather than
+converting to the canonical host names.
 .It  \-p ", " -\-peers
 Print a list of the peers.
 This option must not appear in combination with any of the following options:
@@ -757,10 +759,15 @@ See \fBOPTION PRESETS\fP for configurati
 .Sh "EXIT STATUS"
 One of the following exit values will be returned:
 .Bl -tag
-.It 0
+.It 0 " (EXIT_SUCCESS)"
 Successful program execution.
-.It 1
+.It 1 " (EXIT_FAILURE)"
 The operation failed or the command syntax was not valid.
+.It 66 " (EX_NOINPUT)"
+A specified configuration file could not be loaded.
+.It 70 " (EX_SOFTWARE)"
+libopts had an internal operational error.  Please report
+it to autogen-users at lists.sourceforge.net.  Thank you.
 .El
 .Sh "SEE ALSO"
 .Xr ntp.conf 5 ,

==== ntpdc/ntpdc.html ====
2012-08-12 04:32:18+00:00, stenn at psp-fb1.ntp.org +1108 -189
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.123/ntpdc/ntpdc.html	2012-08-11 07:33:23 -04:00
+++ 1.124/ntpdc/ntpdc.html	2012-08-12 00:32:18 -04:00
@@ -3,7 +3,7 @@
 <title>ntpdc: NTPD Control User's Manual</title>
 <meta http-equiv="Content-Type" content="text/html">
 <meta name="description" content="ntpdc: NTPD Control User's Manual">
-<meta name="generator" content="makeinfo 4.7">
+<meta name="generator" content="makeinfo 4.13">
 <link title="Top" rel="top" href="#Top">
 <link href="http://www.gnu.org/software/texinfo/" rel="generator-home" title="Texinfo Homepage">
 <meta http-equiv="Content-Style-Type" content="text/css">
@@ -14,18 +14,20 @@
   pre.smallformat  { font-family:inherit; font-size:smaller }
   pre.smallexample { font-size:smaller }
   pre.smalllisp    { font-size:smaller }
-  span.sc { font-variant:small-caps }
-  span.roman { font-family: serif; font-weight: normal; } 
+  span.sc    { font-variant:small-caps }
+  span.roman { font-family:serif; font-weight:normal; } 
+  span.sansserif { font-family:sans-serif; font-weight:normal; } 
 --></style>
 </head>
 <body>
 <h1 class="settitle">ntpdc: NTPD Control User's Manual</h1>
 <div class="node">
+<a name="Top"></a>
 <p><hr>
-<a name="Top"></a>Next: <a rel="next" accesskey="n" href="#ntpdc-Description">ntpdc Description</a>,
+Next: <a rel="next" accesskey="n" href="#ntpdc-Description">ntpdc Description</a>,
 Previous: <a rel="previous" accesskey="p" href="#dir">(dir)</a>,
 Up: <a rel="up" accesskey="u" href="#dir">(dir)</a>
-<br>
+
 </div>
 
 <h2 class="unnumbered">ntpdc: NTPD Control User Manual</h2>
@@ -41,7 +43,7 @@ well.  It can be run as an interactive c
   <p>The program implements the SNTP protocol as defined by RFC 5905, the NTPv4
 IETF specification.
 
-  <div class="shortcontents">
+                      <div class="shortcontents">
 <h2>Short Contents</h2>
 <ul>
 <a href="#Top">ntpdc: NTPD Control User Manual</a>
@@ -55,9 +57,10 @@ IETF specification.
 </ul>
 
 <div class="node">
-<p><hr>
 <a name="ntpdc-Description"></a>
-<br>
+<p><hr>
+
+
 </div>
 
 <!-- node-name,  next,  previous,  up -->
@@ -76,322 +79,1238 @@ the +4.567 +/- 0.089 secs indicates the 
 error bound of the system clock relative to the server clock.
 
 <div class="node">
-<p><hr>
 <a name="ntpdc-Invocation"></a>
-<br>
+<p><hr>
+
+
 </div>
 
 <h3 class="section">Invoking ntpdc</h3>
 
 <p><a name="index-ntpdc-1"></a><a name="index-vendor_002dspecific-NTPD-control-program-2"></a>
 
-  <p>This section was generated by <strong>AutoGen</strong>,
-the aginfo template and the option descriptions for the <span class="command">ntpdc</span> program.  It documents the <span class="command">ntpdc</span> usage text and option meanings.
+  <p><code>ntpdc</code>
+is a utility program used to query
+<code>ntpd(8)</code>
+about its
+current state and to request changes in that state. 
+It uses NTP mode 7 control message formats described in the source code. 
+The program may
+be run either in interactive mode or controlled using command line
+arguments. 
+Extensive state and statistics information is available
+through the
+<code>ntpdc</code>
+interface. 
+In addition, nearly all the
+configuration options which can be specified at startup using
+ntpd's configuration file may also be specified at run time using
+<code>ntpdc</code>.
 
-  <p>This software is released under a specialized copyright license.
+  <p>This section was generated by <strong>AutoGen</strong>,
+using the <code>agtexi-cmd</code> template and the option descriptions for the <code>ntpdc</code> program. 
+This software is released under the NTP license, <http://ntp.org/license>.
 
 <ul class="menu">
-<li><a accesskey="1" href="#ntpdc-usage">ntpdc usage</a>:                   ntpdc usage help (-?) 
-<li><a accesskey="2" href="#ntpdc-command">ntpdc command</a>:                command option (-c)
-<li><a accesskey="3" href="#ntpdc-debug_002dlevel">ntpdc debug-level</a>:            debug-level option (-d)
-<li><a accesskey="4" href="#ntpdc-interactive">ntpdc interactive</a>:            interactive option (-i)
-<li><a accesskey="5" href="#ntpdc-ipv4">ntpdc ipv4</a>:                   ipv4 option (-4)
-<li><a accesskey="6" href="#ntpdc-ipv6">ntpdc ipv6</a>:                   ipv6 option (-6)
-<li><a accesskey="7" href="#ntpdc-listpeers">ntpdc listpeers</a>:              listpeers option (-l)
-<li><a accesskey="8" href="#ntpdc-numeric">ntpdc numeric</a>:                numeric option (-n)
-<li><a accesskey="9" href="#ntpdc-peers">ntpdc peers</a>:                  peers option (-p)
-<li><a href="#ntpdc-set_002ddebug_002dlevel">ntpdc set-debug-level</a>:        set-debug-level option (-D)
-<li><a href="#ntpdc-showpeers">ntpdc showpeers</a>:              showpeers option (-s)
-</ul>
-
-<div class="node">
-<p><hr>
-<a name="ntpdc-usage"></a>Next: <a rel="next" accesskey="n" href="#ntpdc-command">ntpdc command</a>,
-Up: <a rel="up" accesskey="u" href="#ntpdc-Invocation">ntpdc Invocation</a>
-<br>
-</div>
-
-<h4 class="subsection">ntpdc usage help (-?)</h4>
-
-<p><a name="index-ntpdc_002dusage-3"></a>
-This is the automatically generated usage text for ntpdc:
-
-<pre class="example">ntpdc - vendor-specific NTPD control program - Ver. 4.2.7p295
-USAGE:  ntpdc [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]
-  Flg Arg Option-Name    Description
-   -4 no  ipv4           Force IPv4 DNS name resolution
-                                - prohibits these options:
-                                ipv6
-   -6 no  ipv6           Force IPv6 DNS name resolution
-                                - prohibits these options:
-                                ipv4
-   -c Str command        run a command and exit
-                                - may appear multiple times
-   -d no  debug-level    Increase debug verbosity level
-                                - may appear multiple times
-   -D Str set-debug-level Set the debug verbosity level
-                                - may appear multiple times
-   -i no  interactive    Force ntpq to operate in interactive mode
-                                - prohibits these options:
-                                command
-                                listpeers
-                                peers
-                                showpeers
-   -l no  listpeers      Print a list of the peers
-                                - prohibits these options:
-                                command
-   -n no  numeric        numeric host addresses
-   -p no  peers          Print a list of the peers
-                                - prohibits these options:
-                                command
-   -s no  showpeers      Show a list of the peers
-                                - prohibits these options:
-                                command
-      opt version        Output version information and exit
-   -? no  help           Display extended usage information and exit
-   -! no  more-help      Extended usage information passed thru pager
-   -> opt save-opts      Save the option state to a config file
-   -< Str load-opts      Load options from a config file
-                                - disabled as --no-load-opts
-                                - may appear multiple times
-
-Options are specified by doubled hyphens and their name or by a single
-hyphen and the flag character.
-
-
-
-The following option preset mechanisms are supported:
- - reading file $HOME/.ntprc
- - reading file ./.ntprc
- - examining environment variables named NTPDC_*
+<li><a accesskey="1" href="#ntpdc-usage">ntpdc usage</a>:                   ntpdc help/usage (-?) 
+<li><a accesskey="2" href="#ntpdc-ipv4">ntpdc ipv4</a>:                    ipv4 option (-4)
+<li><a accesskey="3" href="#ntpdc-ipv6">ntpdc ipv6</a>:                    ipv6 option (-6)
+<li><a accesskey="4" href="#ntpdc-command">ntpdc command</a>:                 command option (-c)
+<li><a accesskey="5" href="#ntpdc-interactive">ntpdc interactive</a>:             interactive option (-i)
+<li><a accesskey="6" href="#ntpdc-listpeers">ntpdc listpeers</a>:               listpeers option (-l)
+<li><a accesskey="7" href="#ntpdc-numeric">ntpdc numeric</a>:                 numeric option (-n)
+<li><a accesskey="8" href="#ntpdc-peers">ntpdc peers</a>:                   peers option (-p)
+<li><a accesskey="9" href="#ntpdc-showpeers">ntpdc showpeers</a>:               showpeers option (-s)
+<li><a href="#ntpdc-config">ntpdc config</a>:                  presetting/configuring ntpdc
+<li><a href="#ntpdc-exit-status">ntpdc exit status</a>:             exit status
+<li><a href="#ntpdc-Usage">ntpdc Usage</a>:                   Usage
+<li><a href="#ntpdc-See-Also">ntpdc See Also</a>:                See Also
+<li><a href="#ntpdc-Authors">ntpdc Authors</a>:                 Authors
+<li><a href="#ntpdc-Bugs">ntpdc Bugs</a>:                    Bugs
+</ul>
 
-please send bug reports to:  http://bugs.ntp.org, bugs at ntp.org
-</pre>
-  <div class="node">
+<div class="node">
+<a name="ntpdc-usage"></a>
 <p><hr>
-<a name="ntpdc-command"></a>Next: <a rel="next" accesskey="n" href="#ntpdc-debug_002dlevel">ntpdc debug-level</a>,
-Previous: <a rel="previous" accesskey="p" href="#ntpdc-usage">ntpdc usage</a>,
+Next: <a rel="next" accesskey="n" href="#ntpdc-ipv4">ntpdc ipv4</a>,
 Up: <a rel="up" accesskey="u" href="#ntpdc-Invocation">ntpdc Invocation</a>
-<br>
-</div>
-
-<h4 class="subsection">command option (-c)</h4>
 
-<p><a name="index-ntpdc_002dcommand-4"></a>
-This is the “run a command and exit” option.
+</div>
 
-  <p>This option has some usage constraints.  It:
-     <ul>
-<li>may appear an unlimited number of times. 
-</ul>
+<h4 class="subsection">ntpdc help/usage (-?)</h4>
 
-  <p>The following argument is interpreted as an interactive format command
-and is added to the list of commands to be executed on the specified
-host(s).
+<p><a name="index-ntpdc-help-3"></a>
+This is the automatically generated usage text for ntpdc. 
+The text printed is the same whether for the <code>help</code> option (-?) or the <code>more-help</code> option (-!).  <code>more-help</code> will print
+the usage text by passing it through a pager program. 
+<code>more-help</code> is disabled on platforms without a working
+<code>fork(2)</code> function.  The <code>PAGER</code> environment variable is
+used to select the program, defaulting to <samp><span class="file">more</span></samp>.  Both will exit
+with a status code of 0.
 
-<div class="node">
+<pre class="example">ntpdc is unavailable - no -?
+</pre>
+  <div class="node">
+<a name="ntpdc-ipv4"></a>
 <p><hr>
-<a name="ntpdc-debug_002dlevel"></a>Next: <a rel="next" accesskey="n" href="#ntpdc-interactive">ntpdc interactive</a>,
-Previous: <a rel="previous" accesskey="p" href="#ntpdc-command">ntpdc command</a>,
+Next: <a rel="next" accesskey="n" href="#ntpdc-ipv6">ntpdc ipv6</a>,
+Previous: <a rel="previous" accesskey="p" href="#ntpdc-usage">ntpdc usage</a>,
 Up: <a rel="up" accesskey="u" href="#ntpdc-Invocation">ntpdc Invocation</a>
-<br>
+
 </div>
 
-<h4 class="subsection">debug-level option (-d)</h4>
+<h4 class="subsection">ipv4 option (-4)</h4>
 
-<p><a name="index-ntpdc_002ddebug_002dlevel-5"></a>
-This is the “increase debug verbosity level” option.
+<p><a name="index-ntpdc_002dipv4-4"></a>
+This is the “force ipv4 dns name resolution” option.
 
-  <p>This option has some usage constraints.  It:
+<p class="noindent">This option has some usage constraints.  It:
      <ul>
-<li>may appear an unlimited number of times. 
+<li>must not appear in combination with any of the following options:
+ipv6. 
 </ul>
 
+  <p>Force DNS resolution of following host names on the command line
+to the IPv4 namespace. 
 <div class="node">
+<a name="ntpdc-ipv6"></a>
 <p><hr>
-<a name="ntpdc-interactive"></a>Next: <a rel="next" accesskey="n" href="#ntpdc-ipv4">ntpdc ipv4</a>,
-Previous: <a rel="previous" accesskey="p" href="#ntpdc-debug_002dlevel">ntpdc debug-level</a>,
+Next: <a rel="next" accesskey="n" href="#ntpdc-command">ntpdc command</a>,
+Previous: <a rel="previous" accesskey="p" href="#ntpdc-ipv4">ntpdc ipv4</a>,
 Up: <a rel="up" accesskey="u" href="#ntpdc-Invocation">ntpdc Invocation</a>
-<br>
+
 </div>
 
-<h4 class="subsection">interactive option (-i)</h4>
+<h4 class="subsection">ipv6 option (-6)</h4>
 
-<p><a name="index-ntpdc_002dinteractive-6"></a>
-This is the “force ntpq to operate in interactive mode” option.
+<p><a name="index-ntpdc_002dipv6-5"></a>
+This is the “force ipv6 dns name resolution” option.
 
-  <p>This option has some usage constraints.  It:
+<p class="noindent">This option has some usage constraints.  It:
      <ul>
 <li>must not appear in combination with any of the following options:
-command, listpeers, peers, showpeers. 
+ipv4. 
 </ul>
 
-  <p>Force ntpq to operate in interactive mode.  Prompts will be written
-to the standard output and commands read from the standard input.
-
+  <p>Force DNS resolution of following host names on the command line
+to the IPv6 namespace. 
 <div class="node">
+<a name="ntpdc-command"></a>
 <p><hr>
-<a name="ntpdc-ipv4"></a>Next: <a rel="next" accesskey="n" href="#ntpdc-ipv6">ntpdc ipv6</a>,
-Previous: <a rel="previous" accesskey="p" href="#ntpdc-interactive">ntpdc interactive</a>,
+Next: <a rel="next" accesskey="n" href="#ntpdc-interactive">ntpdc interactive</a>,
+Previous: <a rel="previous" accesskey="p" href="#ntpdc-ipv6">ntpdc ipv6</a>,
 Up: <a rel="up" accesskey="u" href="#ntpdc-Invocation">ntpdc Invocation</a>
-<br>
+
 </div>
 
-<h4 class="subsection">ipv4 option (-4)</h4>
+<h4 class="subsection">command option (-c)</h4>
 
-<p><a name="index-ntpdc_002dipv4-7"></a>
-This is the “force ipv4 dns name resolution” option.
+<p><a name="index-ntpdc_002dcommand-6"></a>
+This is the “run a command and exit” option. 
+This option takes an argument string <samp><span class="file">cmd</span></samp>.
 
-  <p>This option has some usage constraints.  It:
+<p class="noindent">This option has some usage constraints.  It:
      <ul>
-<li>must not appear in combination with any of the following options:
-ipv6. 
+<li>may appear an unlimited number of times. 
 </ul>
 
-  <p>Force DNS resolution of following host names on the command line
-to the IPv4 namespace.
-
+  <p>The following argument is interpreted as an interactive format command
+and is added to the list of commands to be executed on the specified
+host(s). 
 <div class="node">
+<a name="ntpdc-interactive"></a>
 <p><hr>
-<a name="ntpdc-ipv6"></a>Next: <a rel="next" accesskey="n" href="#ntpdc-listpeers">ntpdc listpeers</a>,
-Previous: <a rel="previous" accesskey="p" href="#ntpdc-ipv4">ntpdc ipv4</a>,
+Next: <a rel="next" accesskey="n" href="#ntpdc-listpeers">ntpdc listpeers</a>,
+Previous: <a rel="previous" accesskey="p" href="#ntpdc-command">ntpdc command</a>,
 Up: <a rel="up" accesskey="u" href="#ntpdc-Invocation">ntpdc Invocation</a>
-<br>
+
 </div>
 
-<h4 class="subsection">ipv6 option (-6)</h4>
+<h4 class="subsection">interactive option (-i)</h4>
 
-<p><a name="index-ntpdc_002dipv6-8"></a>
-This is the “force ipv6 dns name resolution” option.
+<p><a name="index-ntpdc_002dinteractive-7"></a>
+This is the “force ntpq to operate in interactive mode” option.
 
-  <p>This option has some usage constraints.  It:
+<p class="noindent">This option has some usage constraints.  It:
      <ul>
 <li>must not appear in combination with any of the following options:
-ipv4. 
+command, listpeers, peers, showpeers. 
 </ul>
 
-  <p>Force DNS resolution of following host names on the command line
-to the IPv6 namespace.
-
+  <p>Force ntpq to operate in interactive mode.  Prompts will be written
+to the standard output and commands read from the standard input. 
 <div class="node">
+<a name="ntpdc-listpeers"></a>
 <p><hr>
-<a name="ntpdc-listpeers"></a>Next: <a rel="next" accesskey="n" href="#ntpdc-numeric">ntpdc numeric</a>,
-Previous: <a rel="previous" accesskey="p" href="#ntpdc-ipv6">ntpdc ipv6</a>,
+Next: <a rel="next" accesskey="n" href="#ntpdc-numeric">ntpdc numeric</a>,
+Previous: <a rel="previous" accesskey="p" href="#ntpdc-interactive">ntpdc interactive</a>,
 Up: <a rel="up" accesskey="u" href="#ntpdc-Invocation">ntpdc Invocation</a>
-<br>
+
 </div>
 
 <h4 class="subsection">listpeers option (-l)</h4>
 
-<p><a name="index-ntpdc_002dlistpeers-9"></a>
+<p><a name="index-ntpdc_002dlistpeers-8"></a>
 This is the “print a list of the peers” option.
 
-  <p>This option has some usage constraints.  It:
+<p class="noindent">This option has some usage constraints.  It:
      <ul>
 <li>must not appear in combination with any of the following options:
 command. 
 </ul>
 
   <p>Print a list of the peers known to the server as well as a summary of
-their state. This is equivalent to the 'listpeers' interactive command.
-
+their state. This is equivalent to the 'listpeers' interactive command. 
 <div class="node">
+<a name="ntpdc-numeric"></a>
 <p><hr>
-<a name="ntpdc-numeric"></a>Next: <a rel="next" accesskey="n" href="#ntpdc-peers">ntpdc peers</a>,
+Next: <a rel="next" accesskey="n" href="#ntpdc-peers">ntpdc peers</a>,
 Previous: <a rel="previous" accesskey="p" href="#ntpdc-listpeers">ntpdc listpeers</a>,
 Up: <a rel="up" accesskey="u" href="#ntpdc-Invocation">ntpdc Invocation</a>
-<br>
+
 </div>
 
 <h4 class="subsection">numeric option (-n)</h4>
 
-<p><a name="index-ntpdc_002dnumeric-10"></a>
+<p><a name="index-ntpdc_002dnumeric-9"></a>
 This is the “numeric host addresses” option. 
 Output all host addresses in dotted-quad numeric format rather than
-converting to the canonical host names.
-
+converting to the canonical host names. 
 <div class="node">
+<a name="ntpdc-peers"></a>
 <p><hr>
-<a name="ntpdc-peers"></a>Next: <a rel="next" accesskey="n" href="#ntpdc-set_002ddebug_002dlevel">ntpdc set-debug-level</a>,
+Next: <a rel="next" accesskey="n" href="#ntpdc-showpeers">ntpdc showpeers</a>,
 Previous: <a rel="previous" accesskey="p" href="#ntpdc-numeric">ntpdc numeric</a>,
 Up: <a rel="up" accesskey="u" href="#ntpdc-Invocation">ntpdc Invocation</a>
-<br>
+
 </div>
 
 <h4 class="subsection">peers option (-p)</h4>
 
-<p><a name="index-ntpdc_002dpeers-11"></a>
+<p><a name="index-ntpdc_002dpeers-10"></a>
 This is the “print a list of the peers” option.
 
-  <p>This option has some usage constraints.  It:
+<p class="noindent">This option has some usage constraints.  It:
      <ul>
 <li>must not appear in combination with any of the following options:
 command. 
 </ul>
 
   <p>Print a list of the peers known to the server as well as a summary
-of their state. This is equivalent to the 'peers' interactive command.
-
+of their state. This is equivalent to the 'peers' interactive command. 
 <div class="node">
+<a name="ntpdc-showpeers"></a>
 <p><hr>
-<a name="ntpdc-set_002ddebug_002dlevel"></a>Next: <a rel="next" accesskey="n" href="#ntpdc-showpeers">ntpdc showpeers</a>,
+Next: <a rel="next" accesskey="n" href="#ntpdc-config">ntpdc config</a>,
 Previous: <a rel="previous" accesskey="p" href="#ntpdc-peers">ntpdc peers</a>,
 Up: <a rel="up" accesskey="u" href="#ntpdc-Invocation">ntpdc Invocation</a>
-<br>
+
 </div>
 
-<h4 class="subsection">set-debug-level option (-D)</h4>
+<h4 class="subsection">showpeers option (-s)</h4>
 
-<p><a name="index-ntpdc_002dset_002ddebug_002dlevel-12"></a>
-This is the “set the debug verbosity level” option.
+<p><a name="index-ntpdc_002dshowpeers-11"></a>
+This is the “show a list of the peers” option.
 
-  <p>This option has some usage constraints.  It:
+<p class="noindent">This option has some usage constraints.  It:
      <ul>
-<li>may appear an unlimited number of times. 
+<li>must not appear in combination with any of the following options:
+command. 
 </ul>
 
+  <p>Print a list of the peers known to the server as well as a summary
+of their state. This is equivalent to the 'dmpeers' interactive command.
+
 <div class="node">
+<a name="ntpdc-config"></a>
 <p><hr>
-<a name="ntpdc-showpeers"></a>Previous: <a rel="previous" accesskey="p" href="#ntpdc-set_002ddebug_002dlevel">ntpdc set-debug-level</a>,
+Next: <a rel="next" accesskey="n" href="#ntpdc-exit-status">ntpdc exit status</a>,
+Previous: <a rel="previous" accesskey="p" href="#ntpdc-showpeers">ntpdc showpeers</a>,
 Up: <a rel="up" accesskey="u" href="#ntpdc-Invocation">ntpdc Invocation</a>
-<br>
+
 </div>
 
-<h4 class="subsection">showpeers option (-s)</h4>
+<h4 class="subsection">presetting/configuring ntpdc</h4>
 
-<p><a name="index-ntpdc_002dshowpeers-13"></a>
-This is the “show a list of the peers” option.
+<p>Any option that is not marked as <i>not presettable</i> may be preset by
+loading values from configuration ("rc" or "ini") files, and values from environment variables named <code>NTPDC</code> and <code>NTPDC_<OPTION_NAME></code>.  <code><OPTION_NAME></code> must be one of
+the options listed above in upper case and segmented with underscores. 
+The <code>NTPDC</code> variable will be tokenized and parsed like
+the command line.  The remaining variables are tested for existence and their
+values are treated like option arguments.
 
-  <p>This option has some usage constraints.  It:
+<p class="noindent"><code>libopts</code> will search in 2 places for configuration files:
      <ul>
-<li>must not appear in combination with any of the following options:
-command. 
+<li>$HOME
+<li>$PWD
 </ul>
+  The environment variables <code>HOME</code>, and <code>PWD</code>
+are expanded and replaced when <samp><span class="file">ntpdc</span></samp> runs. 
+For any of these that are plain files, they are simply processed. 
+For any that are directories, then a file named <samp><span class="file">.ntprc</span></samp> is searched for
+within that directory and processed.
+
+  <p>Configuration files may be in a wide variety of formats. 
+The basic format is an option name followed by a value (argument) on the
+same line.  Values may be separated from the option name with a colon,
+equal sign or simply white space.  Values may be continued across multiple
+lines by escaping the newline with a backslash.
+
+  <p>Multiple programs may also share the same initialization file. 
+Common options are collected at the top, followed by program specific
+segments.  The segments are separated by lines like:
+<pre class="example">    [NTPDC]
+</pre>
+  <p class="noindent">or by
+<pre class="example">    <?program ntpdc>
+</pre>
+  <p class="noindent">Do not mix these styles within one configuration file.
 
-  <p>Print a list of the peers known to the server as well as a summary
-of their state. This is equivalent to the 'dmpeers' interactive command.
+  <p>Compound values and carefully constructed string values may also be
+specified using XML syntax:
+<pre class="example">    <option-name>
+       <sub-opt>...&lt;...&gt;...</sub-opt>
+    </option-name>
+</pre>
+  <p class="noindent">yielding an <code>option-name.sub-opt</code> string value of
+<pre class="example">    "...<...>..."
+</pre>
+  <p><code>AutoOpts</code> does not track suboptions.  You simply note that it is a
+hierarchicly valued option.  <code>AutoOpts</code> does provide a means for searching
+the associated name/value pair list (see: optionFindValue).
+
+  <p>The command line options relating to configuration and/or usage help are:
+
+<h5 class="subsubheading">version (-)</h5>
+
+<p>Print the program version to standard out, optionally with licensing
+information, then exit 0.  The optional argument specifies how much licensing
+detail to provide.  The default is to print just the version.  The licensing infomation may be selected with an option argument.  Only the
+first letter of the argument is examined:
+
+     <dl>
+<dt>‘<samp><span class="samp">version</span></samp>’<dd>Only print the version.  This is the default. 
+<br><dt>‘<samp><span class="samp">copyright</span></samp>’<dd>Name the copyright usage licensing terms. 
+<br><dt>‘<samp><span class="samp">verbose</span></samp>’<dd>Print the full copyright usage licensing terms. 
+</dl>
+
+<div class="node">
+<a name="ntpdc-exit-status"></a>
+<p><hr>
+Next: <a rel="next" accesskey="n" href="#ntpdc-Usage">ntpdc Usage</a>,
+Previous: <a rel="previous" accesskey="p" href="#ntpdc-config">ntpdc config</a>,
+Up: <a rel="up" accesskey="u" href="#ntpdc-Invocation">ntpdc Invocation</a>
+
+</div>
+
+<h4 class="subsection">ntpdc exit status</h4>
+
+<p>One of the following exit values will be returned:
+     <dl>
+<dt>‘<samp><span class="samp">0 (EXIT_SUCCESS)</span></samp>’<dd>Successful program execution. 
+<br><dt>‘<samp><span class="samp">1 (EXIT_FAILURE)</span></samp>’<dd>The operation failed or the command syntax was not valid. 
+<br><dt>‘<samp><span class="samp">66 (EX_NOINPUT)</span></samp>’<dd>A specified configuration file could not be loaded. 
+<br><dt>‘<samp><span class="samp">70 (EX_SOFTWARE)</span></samp>’<dd>libopts had an internal operational error.  Please report
+it to autogen-users at lists.sourceforge.net.  Thank you. 
+</dl>
+  <div class="node">
+<a name="ntpdc-Usage"></a>
+<p><hr>
+Next: <a rel="next" accesskey="n" href="#ntpdc-See-Also">ntpdc See Also</a>,
+Previous: <a rel="previous" accesskey="p" href="#ntpdc-exit-status">ntpdc exit status</a>,
+Up: <a rel="up" accesskey="u" href="#ntpdc-Invocation">ntpdc Invocation</a>
+
+</div>
+
+<h4 class="subsection">ntpdc Usage</h4>
+
+<p>If one or more request options are included on the command line
+when
+<code>ntpdc</code>
+is executed, each of the requests will be sent
+to the NTP servers running on each of the hosts given as command
+line arguments, or on localhost by default. 
+If no request options
+are given,
+<code>ntpdc</code>
+will attempt to read commands from the
+standard input and execute these on the NTP server running on the
+first host given on the command line, again defaulting to localhost
+when no other host is specified. 
+The
+<code>ntpdc</code>
+utility will prompt for
+commands if the standard input is a terminal device.
+
+  <p>The
+<code>ntpdc</code>
+utility uses NTP mode 7 packets to communicate with the
+NTP server, and hence can be used to query any compatible server on
+the network which permits it. 
+Note that since NTP is a UDP protocol
+this communication will be somewhat unreliable, especially over
+large distances in terms of network topology. 
+The
+<code>ntpdc</code>
+utility makes
+no attempt to retransmit requests, and will time requests out if
+the remote host is not heard from within a suitable timeout
+time.
+
+  <p>The operation of
+<code>ntpdc</code>
+are specific to the particular
+implementation of the
+<code>ntpd(8)</code>
+daemon and can be expected to
+work only with this and maybe some previous versions of the daemon. 
+Requests from a remote
+<code>ntpdc</code>
+utility which affect the
+state of the local server must be authenticated, which requires
+both the remote program and local server share a common key and key
+identifier.
+
+  <p>Note that in contexts where a host name is expected, a
+<code>-4</code> qualifier preceding the host name forces DNS resolution to the IPv4 namespace,
+while a
+<code>-6</code> qualifier forces DNS resolution to the IPv6 namespace. 
+Specifying a command line option other than
+<code>-i</code> or
+<code>-n</code> will cause the specified query (queries) to be sent to
+the indicated host(s) immediately. 
+Otherwise,
+<code>ntpdc</code>
+will
+attempt to read interactive format commands from the standard
+input. 
+.Ss
+"Interactive
+Commands"
+Interactive format commands consist of a keyword followed by zero
+to four arguments. 
+Only enough characters of the full keyword to
+uniquely identify the command need be typed. 
+The output of a
+command is normally sent to the standard output, but optionally the
+output of individual commands may be sent to a file by appending a
+.Ql
+\&>
+,
+followed by a file name, to the command line.
+
+  <p>A number of interactive format commands are executed entirely
+within the
+<code>ntpdc</code>
+utility itself and do not result in NTP
+mode 7 requests being sent to a server. 
+These are described
+following.
+     <dl>
+<dt>‘<samp><span class="samp">Ic</span></samp>’<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>A
+.Sq
+Ic
+\&? 
+will print a list of all the command
+keywords known to this incarnation of
+<code>ntpdc</code>. 
+A
+.Sq
+Ic
+\&? 
+followed by a command keyword will print function and usage
+information about the command. 
+This command is probably a better
+source of information about
+<code>ntpq(8)</code>
+than this manual
+page. 
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>Specify a time interval to be added to timestamps included in
+requests which require authentication. 
+This is used to enable
+(unreliable) server reconfiguration over long delay network paths
+or between machines whose clocks are unsynchronized. 
+Actually the
+server does not now require timestamps in authenticated requests,
+so this command may be obsolete. 
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>Set the host to which future queries will be sent. 
+Hostname may
+be either a host name or a numeric address. 
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>If
+.Cm
+yes
+is specified, host names are printed in
+information displays. 
+If
+.Cm
+no
+is specified, numeric
+addresses are printed instead. 
+The default is
+.Cm
+yes
+,
+unless
+modified using the command line
+<code>-n</code> switch. 
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>This command allows the specification of a key number to be
+used to authenticate configuration requests. 
+This must correspond
+to a key number the server has been configured to use for this
+purpose. 
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>Exit
+<code>ntpdc</code>. 
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>This command prompts you to type in a password (which will not
+be echoed) which will be used to authenticate configuration
+requests. 
+The password must correspond to the key configured for
+use by the NTP server for this purpose if such requests are to be
+successful. 
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>Specify a timeout period for responses to server queries. 
+The
+default is about 8000 milliseconds. 
+Note that since
+<code>ntpdc</code>
+retries each query once after a timeout, the total waiting time for
+a timeout will be twice the timeout value set.
+
+     <p>.Ss
+"Control
+Message
+Commands"
+Query commands result in NTP mode 7 packets containing requests for
+information being sent to the server. 
+These are read-only commands
+in that they make no modification of the server configuration
+state.
+          <dl>
+<dt>‘<samp><span class="samp">Ic</span></samp>’<dd>Obtains and prints a brief list of the peers for which the
+server is maintaining state. 
+These should include all configured
+peer associations as well as those peers whose stratum is such that
+they are considered by the server to be possible future
+synchronization candidates. 
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>Obtains a list of peers for which the server is maintaining
+state, along with a summary of that state. 
+Summary information
+includes the address of the remote peer, the local interface
+address (0.0.0.0 if a local address has yet to be determined), the
+stratum of the remote peer (a stratum of 16 indicates the remote
+peer is unsynchronized), the polling interval, in seconds, the
+reachability register, in octal, and the current estimated delay,
+offset and dispersion of the peer, all in seconds.
+
+          <p>The character in the left margin indicates the mode this peer
+entry is operating in. 
+A
+.Ql
+\&+
+denotes symmetric active, a
+.Ql
+\&-
+indicates symmetric passive, a
+.Ql
+\&=
+means the
+remote server is being polled in client mode, a
+.Ql
+\&^
+indicates that the server is broadcasting to this address, a
+.Ql
+\&~
+denotes that the remote peer is sending broadcasts and a
+.Ql
+\&~
+denotes that the remote peer is sending broadcasts and a
+.Ql
+\&*
+marks the peer the server is currently synchronizing
+to.
+
+          <p>The contents of the host field may be one of four forms. 
+It may
+be a host name, an IP address, a reference clock implementation
+name with its parameter or
+.Fn
+REFCLK
+"implementation_number"
+"parameter"
+. 
+On
+.Ic
+hostnames
+.Cm
+no
+only IP-addresses
+will be displayed. 
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>A slightly different peer summary list. 
+Identical to the output
+of the
+.Ic
+peers
+command, except for the character in the
+leftmost column. 
+Characters only appear beside peers which were
+included in the final stage of the clock selection algorithm. 
+A
+.Ql
+\&. 
+indicates that this peer was cast off in the falseticker
+detection, while a
+.Ql
+\&+
+indicates that the peer made it
+through. 
+A
+.Ql
+\&*
+denotes the peer the server is currently
+synchronizing with. 
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>Shows a detailed display of the current peer variables for one
+or more peers. 
+Most of these values are described in the NTP
+Version 2 specification. 
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>Show per-peer statistic counters associated with the specified
+peer(s). 
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>Obtain and print information concerning a peer clock. 
+The
+values obtained provide information on the setting of fudge factors
+and other clock performance information. 
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>Obtain and print kernel phase-lock loop operating parameters. 
+This information is available only if the kernel has been specially
+modified for a precision timekeeping function. 
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>Print the values of selected loop filter variables. 
+The loop
+filter is the part of NTP which deals with adjusting the local
+system clock. 
+The
+.Sq
+offset
+is the last offset given to the
+loop filter by the packet processing code. 
+The
+.Sq
+frequency
+is the frequency error of the local clock in parts-per-million
+(ppm). 
+The
+.Sq
+time_const
+controls the stiffness of the
+phase-lock loop and thus the speed at which it can adapt to
+oscillator drift. 
+The
+.Sq
+watchdog
+timer
+value is the number
+of seconds which have elapsed since the last sample offset was
+given to the loop filter. 
+The
+.Cm
+oneline
+and
+.Cm
+multiline
+options specify the format in which this
+information is to be printed, with
+.Cm
+multiline
+as the
+default. 
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>Print a variety of system state variables, i.e., state related
+to the local server. 
+All except the last four lines are described
+in the NTP Version 3 specification, RFC-1305.
+
+          <p>The
+.Sq
+system
+flags
+show various system flags, some of
+which can be set and cleared by the
+.Ic
+enable
+and
+.Ic
+disable
+configuration commands, respectively. 
+These are
+the
+.Cm
+auth
+,
+.Cm
+bclient
+,
+.Cm
+monitor
+,
+.Cm
+pll
+,
+.Cm
+pps
+and
+.Cm
+stats
+flags. 
+See the
+<code>ntpd(8)</code>
+documentation for the meaning of these flags. 
+There
+are two additional flags which are read only, the
+.Cm
+kernel_pll
+and
+.Cm
+kernel_pps
+. 
+These flags indicate
+the synchronization status when the precision time kernel
+modifications are in use. 
+The
+.Sq
+kernel_pll
+indicates that
+the local clock is being disciplined by the kernel, while the
+.Sq
+kernel_pps
+indicates the kernel discipline is provided by the PPS
+signal.
+
+          <p>The
+.Sq
+stability
+is the residual frequency error remaining
+after the system frequency correction is applied and is intended for
+maintenance and debugging. 
+In most architectures, this value will
+initially decrease from as high as 500 ppm to a nominal value in
+the range .01 to 0.1 ppm. 
+If it remains high for some time after
+starting the daemon, something may be wrong with the local clock,
+or the value of the kernel variable
+.Va
+kern.clockrate.tick
+may be
+incorrect.
+
+          <p>The
+.Sq
+broadcastdelay
+shows the default broadcast delay,
+as set by the
+.Ic
+broadcastdelay
+configuration command.
+
+          <p>The
+.Sq
+authdelay
+shows the default authentication delay,
+as set by the
+.Ic
+authdelay
+configuration command. 
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>Print statistics counters maintained in the protocol
+module. 
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>Print statistics counters related to memory allocation
+code. 
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>Print statistics counters maintained in the input-output
+module. 
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>Print statistics counters maintained in the timer/event queue
+support code. 
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>Obtain and print the server's restriction list. 
+This list is
+(usually) printed in sorted order and may help to understand how
+the restrictions are applied. 
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>Obtain and print traffic counts collected and maintained by the
+monitor facility. 
+The version number should not normally need to be
+specified. 
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>Obtain debugging information for a reference clock driver. 
+This
+information is provided only by some clock drivers and is mostly
+undecodable without a copy of the driver source in hand.
+
+          <p>.Ss
+"Runtime
+Configuration
+Requests"
+All requests which cause state changes in the server are
+authenticated by the server using a configured NTP key (the
+facility can also be disabled by the server by not configuring a
+key). 
+The key number and the corresponding key must also be made
+known to
+<code>ntpdc</code>. 
+This can be done using the
+.Ic
+keyid
+and
+.Ic
+passwd
+commands, the latter of which will prompt at the terminal for a
+password to use as the encryption key. 
+You will also be prompted
+automatically for both the key number and password the first time a
+command which would result in an authenticated request to the
+server is given. 
+Authentication not only provides verification that
+the requester has permission to make such changes, but also gives
+an extra degree of protection again transmission errors.
+
+          <p>Authenticated requests always include a timestamp in the packet
+data, which is included in the computation of the authentication
+code. 
+This timestamp is compared by the server to its receive time
+stamp. 
+If they differ by more than a small amount the request is
+rejected. 
+This is done for two reasons. 
+First, it makes simple
+replay attacks on the server, by someone who might be able to
+overhear traffic on your LAN, much more difficult. 
+Second, it makes
+it more difficult to request configuration changes to your server
+from topologically remote hosts. 
+While the reconfiguration facility
+will work well with a server on the local host, and may work
+adequately between time-synchronized hosts on the same LAN, it will
+work very poorly for more distant hosts. 
+As such, if reasonable
+passwords are chosen, care is taken in the distribution and
+protection of keys and appropriate source address restrictions are
+applied, the run time reconfiguration facility should provide an
+adequate level of security.
+
+          <p>The following commands all make authenticated requests.
+               <dl>
+<dt>‘<samp><span class="samp">Xo</span></samp>’<dd>.Op
+Ar
+keyid
+.Op
+Ar
+version
+.Op
+Cm
+prefer
+.Xc
+Add a configured peer association at the given address and
+operating in symmetric active mode. 
+Note that an existing
+association with the same peer may be deleted when this command is
+executed, or may simply be converted to conform to the new
+configuration, as appropriate. 
+If the optional
+.Ar
+keyid
+is a
+nonzero integer, all outgoing packets to the remote server will
+have an authentication field attached encrypted with this key. 
+If
+the value is 0 (or not given) no authentication will be done. 
+The
+.Ar
+version
+can be 1, 2 or 3 and defaults to 3. 
+The
+.Cm
+prefer
+keyword indicates a preferred peer (and thus will
+be used primarily for clock synchronisation if possible). 
+The
+preferred peer also determines the validity of the PPS signal - if
+the preferred peer is suitable for synchronisation so is the PPS
+signal. 
+<br><dt>‘<samp><span class="samp">Xo</span></samp>’<dd>.Op
+Ar
+keyid
+.Op
+Ar
+version
+.Op
+Cm
+prefer
+.Xc
+Identical to the addpeer command, except that the operating
+mode is client. 
+<br><dt>‘<samp><span class="samp">Xo</span></samp>’<dd>.Op
+Ar
+keyid
+.Op
+Ar
+version
+.Op
+Cm
+prefer
+.Xc
+Identical to the addpeer command, except that the operating
+mode is broadcast. 
+In this case a valid key identifier and key are
+required. 
+The
+.Ar
+peer_address
+parameter can be the broadcast
+address of the local network or a multicast group address assigned
+to NTP. 
+If a multicast address, a multicast-capable kernel is
+required. 
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>This command causes the configured bit to be removed from the
+specified peer(s). 
+In many cases this will cause the peer
+association to be deleted. 
+When appropriate, however, the
+association may persist in an unconfigured mode if the remote peer
+is willing to continue on in this fashion. 
+<br><dt>‘<samp><span class="samp">Xo</span></samp>’<dd>.Op
+Cm
+time1
+.Op
+Cm
+time2
+.Op
+Ar
+stratum
+.Op
+Ar
+refid
+.Xc
+This command provides a way to set certain data for a reference
+clock. 
+See the source listing for further information. 
+<br><dt>‘<samp><span class="samp">Xo</span></samp>’<dd>.Oo
+.Cm
+auth
+|
+Cm
+bclient
+|
+.Cm
+calibrate
+|
+Cm
+kernel
+|
+.Cm
+monitor
+|
+Cm
+ntp
+|
+.Cm
+pps
+|
+Cm
+stats
+.Oc
+.Xc
+<br><dt>‘<samp><span class="samp">Xo</span></samp>’<dd>.Oo
+.Cm
+auth
+|
+Cm
+bclient
+|
+.Cm
+calibrate
+|
+Cm
+kernel
+|
+.Cm
+monitor
+|
+Cm
+ntp
+|
+.Cm
+pps
+|
+Cm
+stats
+.Oc
+.Xc
+These commands operate in the same way as the
+.Ic
+enable
+and
+.Ic
+disable
+configuration file commands of
+<code>ntpd(8)</code>.
+                    <dl>
+<dt>‘<samp><span class="samp">Cm</span></samp>’<dd>Enables the server to synchronize with unconfigured peers only
+if the peer has been correctly authenticated using either public key
+or private key cryptography. 
+The default for this flag is enable. 
+<br><dt>‘<samp><span class="samp">Cm</span></samp>’<dd>Enables the server to listen for a message from a broadcast or
+multicast server, as in the multicastclient command with
+default address. 
+The default for this flag is disable. 
+<br><dt>‘<samp><span class="samp">Cm</span></samp>’<dd>Enables the calibrate feature for reference clocks. 
+The default for this flag is disable. 
+<br><dt>‘<samp><span class="samp">Cm</span></samp>’<dd>Enables the kernel time discipline, if available. 
+The default for this flag is enable if support is available, otherwise disable. 
+<br><dt>‘<samp><span class="samp">Cm</span></samp>’<dd>Enables the monitoring facility. 
+See the
+<code>ntpdc(8)</code>. 
+program and the monlist command or further information. 
+The default for this flag is enable. 
+<br><dt>‘<samp><span class="samp">Cm</span></samp>’<dd>Enables time and frequency discipline. 
+In effect, this switch opens and closes the feedback loop,
+which is useful for testing. 
+The default for this flag is enable. 
+<br><dt>‘<samp><span class="samp">Cm</span></samp>’<dd>Enables the pulse-per-second (PPS) signal when frequency
+and time is disciplined by the precision time kernel modifications. 
+See the
+.Qq
+A
+Kernel
+Model
+for
+Precision
+Timekeeping
+(available as part of the HTML documentation
+provided in
+.Pa
+/usr/share/doc/ntp
+)
+page for further information. 
+The default for this flag is disable. 
+<br><dt>‘<samp><span class="samp">Cm</span></samp>’<dd>Enables the statistics facility. 
+See the
+.Sx
+Monitoring
+Options
+section of
+<code>ntp.conf(5)</code>
+for further information. 
+The default for this flag is disable.
+
+                    <p>.It
+Xo
+Ic
+restrict
+Ar
+address
+Ar
+mask
+.Ar
+flag
+Oo
+Ar
+... 
+Oc
+.Xc
+This command operates in the same way as the
+.Ic
+restrict
+configuration file commands of
+<code>ntpd(8)</code>. 
+.It
+Xo
+Ic
+unrestrict
+Ar
+address
+Ar
+mask
+.Ar
+flag
+Oo
+Ar
+... 
+Oc
+.Xc
+Unrestrict the matching entry from the restrict list. 
+.It
+Xo
+Ic
+delrestrict
+Ar
+address
+Ar
+mask
+.Op
+Cm
+ntpport
+.Xc
+Delete the matching entry from the restrict list. 
+.It
+Ic
+readkeys
+Causes the current set of authentication keys to be purged and
+a new set to be obtained by rereading the keys file (which must
+have been specified in the
+<code>ntpd(8)</code>
+configuration file). 
+This
+allows encryption keys to be changed without restarting the
+server. 
+.It
+Ic
+trustedkey
+Ar
+keyid
+Oo
+Ar
+... 
+Oc
+.It
+Ic
+untrustedkey
+Ar
+keyid
+Oo
+Ar
+... 
+Oc
+These commands operate in the same way as the
+.Ic
+trustedkey
+and
+.Ic
+untrustedkey
+configuration file
+commands of
+<code>ntpd(8)</code>. 
+.It
+Ic
+authinfo
+Returns information concerning the authentication module,
+including known keys and counts of encryptions and decryptions
+which have been done. 
+.It
+Ic
+traps
+Display the traps set in the server. 
+See the source listing for
+further information. 
+.It
+Xo
+Ic
+addtrap
+Ar
+address
+.Op
+Ar
+port
+.Op
+Ar
+interface
+.Xc
+Set a trap for asynchronous messages. 
+See the source listing
+for further information. 
+.It
+Xo
+Ic
+clrtrap
+Ar
+address
+.Op
+Ar
+port
+.Op
+Ar
+interface
+.Xc
+Clear a trap for asynchronous messages. 
+See the source listing
+for further information. 
+.It
+Ic
+reset
+Clear the statistics counters in various modules of the server. 
+See the source listing for further information.
 
 <div class="node">
+<a name="ntpdc-See-Also"></a>
 <p><hr>
+Next: <a rel="next" accesskey="n" href="#ntpdc-Authors">ntpdc Authors</a>,
+Previous: <a rel="previous" accesskey="p" href="#ntpdc-Usage">ntpdc Usage</a>,
+Up: <a rel="up" accesskey="u" href="#ntpdc-Invocation">ntpdc Invocation</a>
+
+</div>
+
+<h4 class="subsection">ntpdc See Also</h4>
+
+                    <p><code>ntp.conf(5)</code>,
+<code>ntpd(8)</code>
+.Rs
+.%A
+David
+L. 
+Mills
+.%T
+Network
+Time
+Protocol
+(Version
+3)
+.%O
+RFC1305
+.Re
+<div class="node">
+<a name="ntpdc-Authors"></a>
+<p><hr>
+Next: <a rel="next" accesskey="n" href="#ntpdc-Bugs">ntpdc Bugs</a>,
+Previous: <a rel="previous" accesskey="p" href="#ntpdc-See-Also">ntpdc See Also</a>,
+Up: <a rel="up" accesskey="u" href="#ntpdc-Invocation">ntpdc Invocation</a>
+
+</div>
+
+<h4 class="subsection">ntpdc Authors</h4>
+
+                    <p>The formatting directives in this document came from FreeBSD. 
+<div class="node">
+<a name="ntpdc-Bugs"></a>
+<p><hr>
+Previous: <a rel="previous" accesskey="p" href="#ntpdc-Authors">ntpdc Authors</a>,
+Up: <a rel="up" accesskey="u" href="#ntpdc-Invocation">ntpdc Invocation</a>
+
+</div>
+
+<h4 class="subsection">ntpdc Bugs</h4>
+
+                    <p>The
+<code>ntpdc</code>
+utility is a crude hack. 
+Much of the information it shows is
+deadly boring and could only be loved by its implementer. 
+The
+program was designed so that new (and temporary) features were easy
+to hack in, at great expense to the program's ease of use. 
+Despite
+this, the program is occasionally useful.
+
+                      <p>Please report bugs to http://bugs.ntp.org .
+
+<div class="node">
 <a name="Usage"></a>
-<br>
+<p><hr>
+
+
 </div>
 
-<!-- node-name,  next,  previous,  up -->
+                    <!-- node-name,  next,  previous,  up -->
 <h3 class="section">Usage</h3>
 
-<p>The simplest use of this program is as an unprivileged command to
+                    <p>The simplest use of this program is as an unprivileged command to
 check the current time, offset, and error in the local clock. 
 For example:
 
-<pre class="example">    ntpdc ntpserver.somewhere
+                    <pre class="example">                        ntpdc ntpserver.somewhere
 </pre>
-  <p>With suitable privilege, it can be run as a command or in a
+                      <p>With suitable privilege, it can be run as a command or in a
 <code>cron</code> job to reset the local clock from a reliable server, like
 the <code>ntpdate</code> and <code>rdate</code> commands. 
 For example:
 
-<pre class="example">    ntpdc -a ntpserver.somewhere
+                    <pre class="example">                        ntpdc -a ntpserver.somewhere
 </pre>
-  </body></html>
+                      </body></html>
 

==== ntpdc/ntpdc.man.in ====
2012-08-12 04:32:18+00:00, stenn at psp-fb1.ntp.org +28 -21
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.111/ntpdc/ntpdc.man.in	2012-08-11 07:33:23 -04:00
+++ 1.112/ntpdc/ntpdc.man.in	2012-08-12 00:32:18 -04:00
@@ -2,7 +2,7 @@
 .\"
 .\"  EDIT THIS FILE WITH CAUTION  (ntpdc-opts.man)
 .\"  
-.\"  It has been AutoGen-ed  August 11, 2012 at 11:32:03 AM by AutoGen 5.14
+.\"  It has been AutoGen-ed  August 11, 2012 at 08:58:05 PM by AutoGen 5.16.2
 .\"  From the definitions    ntpdc-opts.def
 .\"  and the template file   agman-cmd.tpl
 .\"
@@ -14,7 +14,7 @@ ntpdc \- vendor-specific NTPD control pr
 .RB [ \-\fIflag\fP " [\fIvalue\fP]]... [" \-\-\fIopt\-name\fP " [[=| ]\fIvalue\fP]]..." [ host ...]
 .PP
 .SH DESCRIPTION
-.B 
+.B XXX Program Name
 is a utility program used to query
 .Xr ntpd 8
 about its
@@ -25,12 +25,12 @@ be run either in interactive mode or con
 arguments.
 Extensive state and statistics information is available
 through the
-.B 
+.B XXX Program Name
 interface.
 In addition, nearly all the
 configuration options which can be specified at startup using
 ntpd's configuration file may also be specified at run time using
-.B  .
+.B XXX Program Name .
 .SH "OPTIONS"
 .TP
 .BR \-4 ", " -\-ipv4
@@ -87,7 +87,7 @@ their state. This is equivalent to the '
 numeric host addresses.
 .sp
 Output all host addresses in dotted-quad numeric format rather than
-converting to the canonical host names. 
+converting to the canonical host names.
 .TP
 .BR \-p ", " -\-peers
 Print a list of the peers.
@@ -141,24 +141,24 @@ is searched for within those directories
 .SH USAGE
 If one or more request options are included on the command line
 when
-.B 
+.B XXX Program Name
 is executed, each of the requests will be sent
 to the NTP servers running on each of the hosts given as command
 line arguments, or on localhost by default.
 If no request options
 are given,
-.B 
+.B XXX Program Name
 will attempt to read commands from the
 standard input and execute these on the NTP server running on the
 first host given on the command line, again defaulting to localhost
 when no other host is specified.
 The
-.B 
+.B XXX Program Name
 utility will prompt for
 commands if the standard input is a terminal device.
 .PP
 The
-.B 
+.B XXX Program Name
 utility uses NTP mode 7 packets to communicate with the
 NTP server, and hence can be used to query any compatible server on
 the network which permits it.
@@ -166,21 +166,21 @@ Note that since NTP is a UDP protocol
 this communication will be somewhat unreliable, especially over
 large distances in terms of network topology.
 The
-.B 
+.B XXX Program Name
 utility makes
 no attempt to retransmit requests, and will time requests out if
 the remote host is not heard from within a suitable timeout
 time.
 .PP
 The operation of
-.B 
+.B XXX Program Name
 are specific to the particular
 implementation of the
 .Xr ntpd 8
 daemon and can be expected to
 work only with this and maybe some previous versions of the daemon.
 Requests from a remote
-.B 
+.B XXX Program Name
 utility which affect the
 state of the local server must be authenticated, which requires
 both the remote program and local server share a common key and key
@@ -199,11 +199,11 @@ n
 will cause the specified query (queries) to be sent to
 the indicated host(s) immediately.
 Otherwise,
-.B 
+.B XXX Program Name
 will
 attempt to read interactive format commands from the standard
 input.
-.Ss "Interactive Commands"
+.SS "Interactive Commands"
 Interactive format commands consist of a keyword followed by zero
 to four arguments.
 Only enough characters of the full keyword to
@@ -216,7 +216,7 @@ followed by a file name, to the command 
 .PP
 A number of interactive format commands are executed entirely
 within the
-.B 
+.B XXX Program Name
 utility itself and do not result in NTP
 mode 7 requests being sent to a server.
 These are described
@@ -298,7 +298,7 @@ Note that since
 .Nm
 retries each query once after a timeout, the total waiting time for
 a timeout will be twice the timeout value set.
-.Ss "Control Message Commands"
+.SS "Control Message Commands"
 Query commands result in NTP mode 7 packets containing requests for
 information being sent to the server.
 These are read-only commands
@@ -535,14 +535,14 @@ Obtain debugging information for a refer
 This
 information is provided only by some clock drivers and is mostly
 undecodable without a copy of the driver source in hand.
-.Ss "Runtime Configuration Requests"
+.SS "Runtime Configuration Requests"
 All requests which cause state changes in the server are
 authenticated by the server using a configured NTP key (the
 facility can also be disabled by the server by not configuring a
 key).
 The key number and the corresponding key must also be made
 known to
-.B  .
+.B XXX Program Name .
 This can be done using the
 .Ic keyid
 and
@@ -811,11 +811,18 @@ See \fBOPTION PRESETS\fP for configurati
 .SH "EXIT STATUS"
 One of the following exit values will be returned:
 .TP
-.BR 0
+.BR 0 " (EXIT_SUCCESS)"
 Successful program execution.
 .TP
-.BR 1
+.BR 1 " (EXIT_FAILURE)"
 The operation failed or the command syntax was not valid.
+.TP
+.BR 66 " (EX_NOINPUT)"
+A specified configuration file could not be loaded.
+.TP
+.BR 70 " (EX_SOFTWARE)"
+libopts had an internal operational error.  Please report
+it to autogen-users at lists.sourceforge.net.  Thank you.
 .SH "SEE ALSO"
 .Xr ntp.conf 5 ,
 .Xr ntpd 8
@@ -831,7 +838,7 @@ Copyright (C) 1970-2012 The University o
 This program is released under the terms of the NTP license, <http://ntp.org/license>.
 .SH BUGS
 The
-.B 
+.B XXX Program Name
 utility is a crude hack.
 Much of the information it shows is
 deadly boring and could only be loved by its implementer.

==== ntpdc/ntpdc.mdoc.in ====
2012-08-12 04:32:18+00:00, stenn at psp-fb1.ntp.org +13 -6
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.111/ntpdc/ntpdc.mdoc.in	2012-08-11 07:33:23 -04:00
+++ 1.112/ntpdc/ntpdc.mdoc.in	2012-08-12 00:32:18 -04:00
@@ -1,9 +1,9 @@
 .Dd August 11 2012
 .Dt NTPDC @NTPDC_MS@ User Commands
-.Os SunOS 5.10
+.Os FreeBSD 6.4-STABLE
 .\"  EDIT THIS FILE WITH CAUTION  (ntpdc-opts.mdoc)
 .\"  
-.\"  It has been AutoGen-ed  August 11, 2012 at 11:32:07 AM by AutoGen 5.14
+.\"  It has been AutoGen-ed  August 11, 2012 at 08:58:00 PM by AutoGen 5.16.2
 .\"  From the definitions    ntpdc-opts.def
 .\"  and the template file   agmdoc-cmd.tpl
 .Sh NAME
@@ -62,10 +62,12 @@ host(s).
 Increase debug verbosity level.
 This option may appear an unlimited number of times.
 .sp
+.sp
 .It  \-D " \fIstring\fP, " \-\-set\-debug\-level "=" \fIstring\fP
 Set the debug verbosity level.
 This option may appear an unlimited number of times.
 .sp
+.sp
 .It  \-i ", " -\-interactive
 Force ntpq to operate in interactive mode.
 This option must not appear in combination with any of the following options:
@@ -83,8 +85,8 @@ their state. This is equivalent to the '
 .It  \-n ", " -\-numeric
 numeric host addresses.
 .sp
-Output all host addresses in dotted-quad numeric format rather than
-converting to the canonical host names. 
+Output all host addresses in dotted\-quad numeric format rather than
+converting to the canonical host names.
 .It  \-p ", " -\-peers
 Print a list of the peers.
 This option must not appear in combination with any of the following options:
@@ -757,10 +759,15 @@ See \fBOPTION PRESETS\fP for configurati
 .Sh "EXIT STATUS"
 One of the following exit values will be returned:
 .Bl -tag
-.It 0
+.It 0 " (EXIT_SUCCESS)"
 Successful program execution.
-.It 1
+.It 1 " (EXIT_FAILURE)"
 The operation failed or the command syntax was not valid.
+.It 66 " (EX_NOINPUT)"
+A specified configuration file could not be loaded.
+.It 70 " (EX_SOFTWARE)"
+libopts had an internal operational error.  Please report
+it to autogen-users at lists.sourceforge.net.  Thank you.
 .El
 .Sh "SEE ALSO"
 .Xr ntp.conf 5 ,

==== ntpq/invoke-ntpq.texi ====
2012-08-12 04:32:18+00:00, stenn at psp-fb1.ntp.org +285 -237
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.282/ntpq/invoke-ntpq.texi	2012-08-11 16:05:27 -04:00
+++ 1.283/ntpq/invoke-ntpq.texi	2012-08-12 00:32:18 -04:00
@@ -6,12 +6,295 @@
 # 
 # EDIT THIS FILE WITH CAUTION  (invoke-ntpq.texi)
 # 
-# It has been AutoGen-ed  August 11, 2012 at 11:32:33 AM by AutoGen 5.14
+# It has been AutoGen-ed  August 11, 2012 at 08:58:20 PM by AutoGen 5.16.2
 # From the definitions    ntpq-opts.def
 # and the template file   agtexi-cmd.tpl
 @end ignore
 
 
+The
+ at code{ntpq}
+utility program is used to query NTP servers which
+implement the standard NTP mode 6 control message formats defined
+in Appendix B of the NTPv3 specification RFC1305, requesting
+information about current state and/or changes in that state.
+The same formats are used in NTPv4, although some of the
+variables have changed and new ones added. The description on this
+page is for the NTPv4 variables.
+The program may be run either in interactive mode or controlled using
+command line arguments.
+Requests to read and write arbitrary
+variables can be assembled, with raw and pretty-printed output
+options being available.
+The
+ at code{ntpq}
+utility can also obtain and print a
+list of peers in a common format by sending multiple queries to the
+server.
+
+If one or more request options is included on the command line
+when
+ at code{ntpq}
+is executed, each of the requests will be sent
+to the NTP servers running on each of the hosts given as command
+line arguments, or on localhost by default.
+If no request options
+are given,
+ at code{ntpq}
+will attempt to read commands from the
+standard input and execute these on the NTP server running on the
+first host given on the command line, again defaulting to localhost
+when no other host is specified.
+The
+ at code{ntpq}
+utility will prompt for
+commands if the standard input is a terminal device.
+
+ at code{ntpq}
+uses NTP mode 6 packets to communicate with the
+NTP server, and hence can be used to query any compatible server on
+the network which permits it.
+Note that since NTP is a UDP protocol
+this communication will be somewhat unreliable, especially over
+large distances in terms of network topology.
+The
+ at code{ntpq}
+utility makes
+one attempt to retransmit requests, and will time requests out if
+the remote host is not heard from within a suitable timeout
+time.
+
+Specifying a
+command line option other than
+ at code{-i} or
+ at code{-n} will
+cause the specified query (queries) to be sent to the indicated
+host(s) immediately.
+Otherwise,
+ at code{ntpq}
+will attempt to read
+interactive format commands from the standard input.
+.Ss
+"Internal
+Commands"
+Interactive format commands consist of a keyword followed by zero
+to four arguments.
+Only enough characters of the full keyword to
+uniquely identify the command need be typed.
+
+A
+number of interactive format commands are executed entirely within
+the
+ at code{ntpq}
+utility itself and do not result in NTP mode 6
+requests being sent to a server.
+These are described following.
+ at table @samp
+ at item Ic
+ at item Ic
+A
+.Ql
+\&?
+by itself will print a list of all the command
+keywords known to this incarnation of
+ at code{ntpq}.
+A
+.Ql
+\&?
+followed by a command keyword will print function and usage
+information about the command.
+This command is probably a better
+source of information about
+ at code{ntpq}
+than this manual
+page.
+ at item Ic
+.Ic
+...
+.Xc
+ at item Ic
+ at item Ic
+The data carried by NTP mode 6 messages consists of a list of
+items of the form
+.Ql
+variable_name=value
+,
+where the
+.Ql
+=value
+is ignored, and can be omitted,
+in requests to the server to read variables.
+The
+ at code{ntpq}
+utility maintains an internal list in which data to be included in control
+messages can be assembled, and sent using the
+.Ic
+readlist
+and
+.Ic
+writelist
+commands described below.
+The
+.Ic
+addvars
+command allows variables and their optional values to be added to
+the list.
+If more than one variable is to be added, the list should
+be comma-separated and not contain white space.
+The
+.Ic
+rmvars
+command can be used to remove individual variables from the list,
+while the
+.Ic
+clearlist
+command removes all variables from the
+list.
+ at item Ic
+Normally
+ at code{ntpq}
+does not authenticate requests unless
+they are write requests.
+The command
+.Ql
+authenticate
+yes
+causes
+ at code{ntpq}
+to send authentication with all requests it
+makes.
+Authenticated requests causes some servers to handle
+requests slightly differently, and can occasionally melt the CPU in
+fuzzballs if you turn authentication on before doing a
+.Ic
+peer
+display.
+The command
+.Ql
+authenticate
+causes
+ at code{ntpq}
+to display whether or not
+ at code{ntpq}
+is currently autheinticating requests.
+ at item Ic
+Causes output from query commands to be "cooked", so that
+variables which are recognized by
+ at code{ntpq}
+will have their
+values reformatted for human consumption.
+Variables which
+ at code{ntpq}
+thinks should have a decodable value but didn't are
+marked with a trailing
+.Ql
+\&?
+.
+ at item Xo
+.Ic
+debug
+.Oo
+.Cm
+more
+|
+.Cm
+less
+|
+.Cm
+off
+.Oc
+.Xc
+With no argument, displays the current debug level.
+Otherwise, the debug level is changed to the indicated level.
+ at item Ic
+Specify a time interval to be added to timestamps included in
+requests which require authentication.
+This is used to enable
+(unreliable) server reconfiguration over long delay network paths
+or between machines whose clocks are unsynchronized.
+Actually the
+server does not now require timestamps in authenticated requests,
+so this command may be obsolete.
+ at item Ic
+Set the host to which future queries will be sent.
+.Ar
+hostname
+may be either a host name or a numeric address.
+ at item Ic
+If
+.Cm
+yes
+is specified, host names are printed in
+information displays.
+If
+.Cm
+no
+is specified, numeric
+addresses are printed instead.
+The default is
+.Cm
+yes
+,
+unless
+modified using the command line
+ at code{-n} switch.
+ at item Ic
+This command allows the specification of a key number to be
+used to authenticate configuration requests.
+This must correspond
+to a key number the server has been configured to use for this
+purpose.
+ at item Ic
+.Cm
+1
+|
+.Cm
+2
+|
+.Cm
+3
+|
+.Cm
+4
+.Oc
+.Xc
+Sets the NTP version number which
+ at code{ntpq}
+claims in
+packets.
+Defaults to 3, and note that mode 6 control messages (and
+modes, for that matter) didn't exist in NTP version 1.
+There appear
+to be no servers left which demand version 1.
+With no argument, displays the current NTP version that will be used
+when communicating with servers.
+ at item Ic
+Exit
+ at code{ntpq}
+ at item Ic
+This command prompts you to type in a password (which will not
+be echoed) which will be used to authenticate configuration
+requests.
+The password must correspond to the key configured for
+use by the NTP server for this purpose if such requests are to be
+successful.
+ at item Ic
+Causes all output from query commands is printed as received
+from the remote server.
+The only formating/interpretation done on
+the data is to transform nonascii data into a printable (but barely
+understandable) form.
+ at item Ic
+Specify a timeout period for responses to server queries.
+The
+default is about 5000 milliseconds.
+Note that since
+ at code{ntpq}
+retries each query once after a timeout, the total waiting time for
+a timeout will be twice the timeout value set.
+
+ at end multitable
+
 This section was generated by @strong{AutoGen},
 using the @code{agtexi-cmd} template and the option descriptions for the @code{ntpq} program.
 This software is released under the NTP license, <http://ntp.org/license>.
@@ -27,7 +310,6 @@ This software is released under the NTP 
 * ntpq old-rv::                 old-rv option
 * ntpq config::                 presetting/configuring ntpq
 * ntpq exit status::            exit status
-* ntpq Description::            Description
 @end menu
 
 @node ntpq usage
@@ -44,47 +326,7 @@ with a status code of 0.
 
 @exampleindent 0
 @example
-ntpq - standard NTP query program - Ver. 4.2.7p295
-USAGE:  ntpq [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... [ host ...]
-  Flg Arg Option-Name    Description
-   -4 no  ipv4           Force IPv4 DNS name resolution
-                                - prohibits these options:
-                                ipv6
-   -6 no  ipv6           Force IPv6 DNS name resolution
-                                - prohibits these options:
-                                ipv4
-   -c Str command        run a command and exit
-                                - may appear multiple times
-   -d no  debug-level    Increase debug verbosity level
-                                - may appear multiple times
-   -D Str set-debug-level Set the debug verbosity level
-                                - may appear multiple times
-   -p no  peers          Print a list of the peers
-                                - prohibits these options:
-                                interactive
-   -i no  interactive    Force ntpq to operate in interactive mode
-                                - prohibits these options:
-                                command
-                                peers
-   -n no  numeric        numeric host addresses
-      no  old-rv         Always output status line with readvar
-      opt version        Output version information and exit
-   -? no  help           Display extended usage information and exit
-   -! no  more-help      Extended usage information passed thru pager
-   -> opt save-opts      Save the option state to a config file
-   -< Str load-opts      Load options from a config file
-                                - disabled as --no-load-opts
-                                - may appear multiple times
-
-Options are specified by doubled hyphens and their name or by a single
-hyphen and the flag character.
-
-The following option preset mechanisms are supported:
- - reading file $HOME/.ntprc
- - reading file ./.ntprc
- - examining environment variables named NTPQ_*
-
-please send bug reports to:  http://bugs.ntp.org, bugs@@ntp.org
+ntpq is unavailable - no -?
 @end example
 @exampleindent 4
 
@@ -285,197 +527,3 @@ A specified configuration file could not
 libopts had an internal operational error.  Please report
 it to autogen-users@@lists.sourceforge.net.  Thank you.
 @end table
- at node ntpq Description
- at subsection ntpq Description
-
-The
-utility program is used to query NTP servers which
-implement the standard NTP mode 6 control message formats defined
-in Appendix B of the NTPv3 specification RFC1305, requesting
-information about current state and/or changes in that state.
-The same formats are used in NTPv4, although some of the
-variables have changed and new ones added. The description on this
-page is for the NTPv4 variables.
-The program may be run either in interactive mode or controlled using
-command line arguments.
-Requests to read and write arbitrary
-variables can be assembled, with raw and pretty-printed output
-options being available.
-The
-utility can also obtain and print a
-list of peers in a common format by sending multiple queries to the
-server.
-
-If one or more request options is included on the command line
-when
-is executed, each of the requests will be sent
-to the NTP servers running on each of the hosts given as command
-line arguments, or on localhost by default.
-If no request options
-are given,
-will attempt to read commands from the
-standard input and execute these on the NTP server running on the
-first host given on the command line, again defaulting to localhost
-when no other host is specified.
-The
-utility will prompt for
-commands if the standard input is a terminal device.
-
-uses NTP mode 6 packets to communicate with the
-NTP server, and hence can be used to query any compatible server on
-the network which permits it.
-Note that since NTP is a UDP protocol
-this communication will be somewhat unreliable, especially over
-large distances in terms of network topology.
-The
-utility makes
-one attempt to retransmit requests, and will time requests out if
-the remote host is not heard from within a suitable timeout
-time.
-
-Specifying a
-command line option other than
-or
-will
-cause the specified query (queries) to be sent to the indicated
-host(s) immediately.
-Otherwise,
-will attempt to read
-interactive format commands from the standard input.
-Interactive format commands consist of a keyword followed by zero
-to four arguments.
-Only enough characters of the full keyword to
-uniquely identify the command need be typed.
-
-A
-number of interactive format commands are executed entirely within
-the
-utility itself and do not result in NTP mode 6
-requests being sent to a server.
-These are described following.
- at table @samp
- at item Ic
- at item Ic
-A
-by itself will print a list of all the command
-keywords known to this incarnation of
-A
-followed by a command keyword will print function and usage
-information about the command.
-This command is probably a better
-source of information about
-than this manual
-page.
- at item Ic
- at item Ic
- at item Ic
-The data carried by NTP mode 6 messages consists of a list of
-items of the form
-where the
-is ignored, and can be omitted,
-in requests to the server to read variables.
-The
-utility maintains an internal list in which data to be included in control
-messages can be assembled, and sent using the
-and
-commands described below.
-The
-command allows variables and their optional values to be added to
-the list.
-If more than one variable is to be added, the list should
-be comma-separated and not contain white space.
-The
-command can be used to remove individual variables from the list,
-while the
-command removes all variables from the
-list.
- at item Ic
-Normally
-does not authenticate requests unless
-they are write requests.
-The command
-causes
-to send authentication with all requests it
-makes.
-Authenticated requests causes some servers to handle
-requests slightly differently, and can occasionally melt the CPU in
-fuzzballs if you turn authentication on before doing a
-display.
-The command
-causes
-to display whether or not
-is currently autheinticating requests.
- at item Ic
-Causes output from query commands to be "cooked", so that
-variables which are recognized by
-will have their
-values reformatted for human consumption.
-Variables which
-thinks should have a decodable value but didn't are
-marked with a trailing
- at item Xo
-With no argument, displays the current debug level.
-Otherwise, the debug level is changed to the indicated level.
- at item Ic
-Specify a time interval to be added to timestamps included in
-requests which require authentication.
-This is used to enable
-(unreliable) server reconfiguration over long delay network paths
-or between machines whose clocks are unsynchronized.
-Actually the
-server does not now require timestamps in authenticated requests,
-so this command may be obsolete.
- at item Ic
-Set the host to which future queries will be sent.
-may be either a host name or a numeric address.
- at item Ic
-If
-is specified, host names are printed in
-information displays.
-If
-is specified, numeric
-addresses are printed instead.
-The default is
-unless
-modified using the command line
-switch.
- at item Ic
-This command allows the specification of a key number to be
-used to authenticate configuration requests.
-This must correspond
-to a key number the server has been configured to use for this
-purpose.
- at item Ic
-Sets the NTP version number which
-claims in
-packets.
-Defaults to 3, and note that mode 6 control messages (and
-modes, for that matter) didn't exist in NTP version 1.
-There appear
-to be no servers left which demand version 1.
-With no argument, displays the current NTP version that will be used
-when communicating with servers.
- at item Ic
-Exit
- at item Ic
-This command prompts you to type in a password (which will not
-be echoed) which will be used to authenticate configuration
-requests.
-The password must correspond to the key configured for
-use by the NTP server for this purpose if such requests are to be
-successful.
- at item Ic
-Causes all output from query commands is printed as received
-from the remote server.
-The only formating/interpretation done on
-the data is to transform nonascii data into a printable (but barely
-understandable) form.
- at item Ic
-Specify a timeout period for responses to server queries.
-The
-default is about 5000 milliseconds.
-Note that since
-retries each query once after a timeout, the total waiting time for
-a timeout will be twice the timeout value set.
-
- at end multitable

==== ntpq/ntpq-opts.c ====
2012-08-12 04:32:18+00:00, stenn at psp-fb1.ntp.org +165 -119
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.297/ntpq/ntpq-opts.c	2012-08-11 07:33:24 -04:00
+++ 1.298/ntpq/ntpq-opts.c	2012-08-12 00:32:18 -04:00
@@ -1,11 +1,11 @@
 /*  
  *  EDIT THIS FILE WITH CAUTION  (ntpq-opts.c)
  *  
- *  It has been AutoGen-ed  August 11, 2012 at 11:32:08 AM by AutoGen 5.14
+ *  It has been AutoGen-ed  August 11, 2012 at 08:39:29 PM by AutoGen 5.16.2
  *  From the definitions    ntpq-opts.def
  *  and the template file   options
  *
- * Generated from AutoOpts 36:1:11 templates.
+ * Generated from AutoOpts 36:5:11 templates.
  *
  *  AutoOpts is a copyrighted work.  This source file is not encumbered
  *  by AutoOpts licensing, but is provided under the licensing terms chosen
@@ -36,14 +36,15 @@
  *  is provided "as is" without express or implied warranty.
  */
 
+#ifndef __doxygen__
+#define OPTION_CODE_COMPILE 1
+#include "ntpq-opts.h"
 #include <sys/types.h>
 
 #include <limits.h>
 #include <stdio.h>
 #include <stdlib.h>
 
-#define OPTION_CODE_COMPILE 1
-#include "ntpq-opts.h"
 #ifdef  __cplusplus
 extern "C" {
 #endif
@@ -54,10 +55,10 @@ extern FILE * option_usage_fp;
 #define zCopyright      (ntpq_opt_strs+0)
 #define zLicenseDescrip (ntpq_opt_strs+314)
 
-extern tUsageProc optionUsage;
 /*
  *  global included definitions
- */#ifdef __windows
+ */
+#ifdef __windows
   extern int atoi(const char*);
 #else
 # include <stdlib.h>
@@ -70,7 +71,7 @@ extern tUsageProc optionUsage;
 /*
  *  ntpq option static const strings
  */
-static char const ntpq_opt_strs[1831] =
+static char const ntpq_opt_strs[1833] =
 /*     0 */ "ntpq 4.2.7p295\n"
             "Copyright (C) 1970-2012 The University of Delaware, all rights reserved.\n"
             "This is free software. It is licensed for use, modification and\n"
@@ -83,65 +84,65 @@ static char const ntpq_opt_strs[1831] =
             "provided that the above copyright notice appears in all copies and that\n"
             "both the copyright notice and this permission notice appear in supporting\n"
             "documentation, and that the name The University of Delaware not be used in\n"
-            "advertising or publicity pertaining to distribution of the software\n"
-            "without specific, written prior permission. The University of Delaware\n"
-            "makes no representations about the suitability this software for any\n"
-            "purpose. It is provided \"as is\" without express or implied warranty.\n\0"
-/*   952 */ "Force IPv4 DNS name resolution\0"
-/*   983 */ "IPV4\0"
-/*   988 */ "ipv4\0"
-/*   993 */ "Force IPv6 DNS name resolution\0"
-/*  1024 */ "IPV6\0"
-/*  1029 */ "ipv6\0"
-/*  1034 */ "run a command and exit\0"
-/*  1057 */ "COMMAND\0"
-/*  1065 */ "command\0"
-/*  1073 */ "Increase debug verbosity level\0"
-/*  1104 */ "DEBUG_LEVEL\0"
-/*  1116 */ "debug-level\0"
-/*  1128 */ "Set the debug verbosity level\0"
-/*  1158 */ "SET_DEBUG_LEVEL\0"
-/*  1174 */ "set-debug-level\0"
-/*  1190 */ "Print a list of the peers\0"
-/*  1216 */ "PEERS\0"
-/*  1222 */ "peers\0"
-/*  1228 */ "Force ntpq to operate in interactive mode\0"
-/*  1270 */ "INTERACTIVE\0"
-/*  1282 */ "interactive\0"
-/*  1294 */ "numeric host addresses\0"
-/*  1317 */ "NUMERIC\0"
-/*  1325 */ "numeric\0"
-/*  1333 */ "Always output status line with readvar\0"
-/*  1372 */ "OLD_RV\0"
-/*  1379 */ "old-rv\0"
-/*  1386 */ "Display extended usage information and exit\0"
-/*  1430 */ "help\0"
-/*  1435 */ "Extended usage information passed thru pager\0"
-/*  1480 */ "more-help\0"
-/*  1490 */ "Output version information and exit\0"
-/*  1526 */ "version\0"
-/*  1534 */ "Save the option state to a config file\0"
-/*  1573 */ "save-opts\0"
-/*  1583 */ "Load options from a config file\0"
-/*  1615 */ "LOAD_OPTS\0"
-/*  1625 */ "no-load-opts\0"
-/*  1638 */ "no\0"
-/*  1641 */ "NTPQ\0"
-/*  1646 */ "ntpq - standard NTP query program - Ver. 4.2.7p295\n"
+            "advertising or publicity pertaining to distribution of the software without\n"
+            "specific, written prior permission.  The University of Delaware makes no\n"
+            "representations about the suitability this software for any purpose.  It is\n"
+            "provided \"as is\" without express or implied warranty.\n\0"
+/*   954 */ "Force IPv4 DNS name resolution\0"
+/*   985 */ "IPV4\0"
+/*   990 */ "ipv4\0"
+/*   995 */ "Force IPv6 DNS name resolution\0"
+/*  1026 */ "IPV6\0"
+/*  1031 */ "ipv6\0"
+/*  1036 */ "run a command and exit\0"
+/*  1059 */ "COMMAND\0"
+/*  1067 */ "command\0"
+/*  1075 */ "Increase debug verbosity level\0"
+/*  1106 */ "DEBUG_LEVEL\0"
+/*  1118 */ "debug-level\0"
+/*  1130 */ "Set the debug verbosity level\0"
+/*  1160 */ "SET_DEBUG_LEVEL\0"
+/*  1176 */ "set-debug-level\0"
+/*  1192 */ "Print a list of the peers\0"
+/*  1218 */ "PEERS\0"
+/*  1224 */ "peers\0"
+/*  1230 */ "Force ntpq to operate in interactive mode\0"
+/*  1272 */ "INTERACTIVE\0"
+/*  1284 */ "interactive\0"
+/*  1296 */ "numeric host addresses\0"
+/*  1319 */ "NUMERIC\0"
+/*  1327 */ "numeric\0"
+/*  1335 */ "Always output status line with readvar\0"
+/*  1374 */ "OLD_RV\0"
+/*  1381 */ "old-rv\0"
+/*  1388 */ "Display extended usage information and exit\0"
+/*  1432 */ "help\0"
+/*  1437 */ "Extended usage information passed thru pager\0"
+/*  1482 */ "more-help\0"
+/*  1492 */ "Output version information and exit\0"
+/*  1528 */ "version\0"
+/*  1536 */ "Save the option state to a config file\0"
+/*  1575 */ "save-opts\0"
+/*  1585 */ "Load options from a config file\0"
+/*  1617 */ "LOAD_OPTS\0"
+/*  1627 */ "no-load-opts\0"
+/*  1640 */ "no\0"
+/*  1643 */ "NTPQ\0"
+/*  1648 */ "ntpq - standard NTP query program - Ver. 4.2.7p295\n"
             "USAGE:  %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]\n\0"
-/*  1767 */ ".ntprc\0"
-/*  1774 */ "$HOME\0"
-/*  1780 */ ".\0"
-/*  1782 */ "http://bugs.ntp.org, bugs at ntp.org\0"
-/*  1816 */ "ntpq 4.2.7p295";
+/*  1769 */ "$HOME\0"
+/*  1775 */ ".\0"
+/*  1777 */ ".ntprc\0"
+/*  1784 */ "http://bugs.ntp.org, bugs at ntp.org\0"
+/*  1818 */ "ntpq 4.2.7p295";
 
 /*
  *  ipv4 option description with
  *  "Must also have options" and "Incompatible options":
  */
-#define IPV4_DESC      (ntpq_opt_strs+952)
-#define IPV4_NAME      (ntpq_opt_strs+983)
-#define IPV4_name      (ntpq_opt_strs+988)
+#define IPV4_DESC      (ntpq_opt_strs+954)
+#define IPV4_NAME      (ntpq_opt_strs+985)
+#define IPV4_name      (ntpq_opt_strs+990)
 static int const aIpv4CantList[] = {
     INDEX_OPT_IPV6, NO_EQUIVALENT };
 #define IPV4_FLAGS     (OPTST_DISABLED)
@@ -150,9 +151,9 @@ static int const aIpv4CantList[] = {
  *  ipv6 option description with
  *  "Must also have options" and "Incompatible options":
  */
-#define IPV6_DESC      (ntpq_opt_strs+993)
-#define IPV6_NAME      (ntpq_opt_strs+1024)
-#define IPV6_name      (ntpq_opt_strs+1029)
+#define IPV6_DESC      (ntpq_opt_strs+995)
+#define IPV6_NAME      (ntpq_opt_strs+1026)
+#define IPV6_name      (ntpq_opt_strs+1031)
 static int const aIpv6CantList[] = {
     INDEX_OPT_IPV4, NO_EQUIVALENT };
 #define IPV6_FLAGS     (OPTST_DISABLED)
@@ -160,26 +161,26 @@ static int const aIpv6CantList[] = {
 /*
  *  command option description:
  */
-#define COMMAND_DESC      (ntpq_opt_strs+1034)
-#define COMMAND_NAME      (ntpq_opt_strs+1057)
-#define COMMAND_name      (ntpq_opt_strs+1065)
+#define COMMAND_DESC      (ntpq_opt_strs+1036)
+#define COMMAND_NAME      (ntpq_opt_strs+1059)
+#define COMMAND_name      (ntpq_opt_strs+1067)
 #define COMMAND_FLAGS     (OPTST_DISABLED \
         | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
 
 /*
  *  debug-level option description:
  */
-#define DEBUG_LEVEL_DESC      (ntpq_opt_strs+1073)
-#define DEBUG_LEVEL_NAME      (ntpq_opt_strs+1104)
-#define DEBUG_LEVEL_name      (ntpq_opt_strs+1116)
+#define DEBUG_LEVEL_DESC      (ntpq_opt_strs+1075)
+#define DEBUG_LEVEL_NAME      (ntpq_opt_strs+1106)
+#define DEBUG_LEVEL_name      (ntpq_opt_strs+1118)
 #define DEBUG_LEVEL_FLAGS     (OPTST_DISABLED)
 
 /*
  *  set-debug-level option description:
  */
-#define SET_DEBUG_LEVEL_DESC      (ntpq_opt_strs+1128)
-#define SET_DEBUG_LEVEL_NAME      (ntpq_opt_strs+1158)
-#define SET_DEBUG_LEVEL_name      (ntpq_opt_strs+1174)
+#define SET_DEBUG_LEVEL_DESC      (ntpq_opt_strs+1130)
+#define SET_DEBUG_LEVEL_NAME      (ntpq_opt_strs+1160)
+#define SET_DEBUG_LEVEL_name      (ntpq_opt_strs+1176)
 #define SET_DEBUG_LEVEL_FLAGS     (OPTST_DISABLED \
         | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
 
@@ -187,9 +188,9 @@ static int const aIpv6CantList[] = {
  *  peers option description with
  *  "Must also have options" and "Incompatible options":
  */
-#define PEERS_DESC      (ntpq_opt_strs+1190)
-#define PEERS_NAME      (ntpq_opt_strs+1216)
-#define PEERS_name      (ntpq_opt_strs+1222)
+#define PEERS_DESC      (ntpq_opt_strs+1192)
+#define PEERS_NAME      (ntpq_opt_strs+1218)
+#define PEERS_name      (ntpq_opt_strs+1224)
 static int const aPeersCantList[] = {
     INDEX_OPT_INTERACTIVE, NO_EQUIVALENT };
 #define PEERS_FLAGS     (OPTST_DISABLED)
@@ -198,9 +199,9 @@ static int const aPeersCantList[] = {
  *  interactive option description with
  *  "Must also have options" and "Incompatible options":
  */
-#define INTERACTIVE_DESC      (ntpq_opt_strs+1228)
-#define INTERACTIVE_NAME      (ntpq_opt_strs+1270)
-#define INTERACTIVE_name      (ntpq_opt_strs+1282)
+#define INTERACTIVE_DESC      (ntpq_opt_strs+1230)
+#define INTERACTIVE_NAME      (ntpq_opt_strs+1272)
+#define INTERACTIVE_name      (ntpq_opt_strs+1284)
 static int const aInteractiveCantList[] = {
     INDEX_OPT_COMMAND,
     INDEX_OPT_PEERS, NO_EQUIVALENT };
@@ -209,27 +210,27 @@ static int const aInteractiveCantList[] 
 /*
  *  numeric option description:
  */
-#define NUMERIC_DESC      (ntpq_opt_strs+1294)
-#define NUMERIC_NAME      (ntpq_opt_strs+1317)
-#define NUMERIC_name      (ntpq_opt_strs+1325)
+#define NUMERIC_DESC      (ntpq_opt_strs+1296)
+#define NUMERIC_NAME      (ntpq_opt_strs+1319)
+#define NUMERIC_name      (ntpq_opt_strs+1327)
 #define NUMERIC_FLAGS     (OPTST_DISABLED)
 
 /*
  *  old-rv option description:
  */
-#define OLD_RV_DESC      (ntpq_opt_strs+1333)
-#define OLD_RV_NAME      (ntpq_opt_strs+1372)
-#define OLD_RV_name      (ntpq_opt_strs+1379)
+#define OLD_RV_DESC      (ntpq_opt_strs+1335)
+#define OLD_RV_NAME      (ntpq_opt_strs+1374)
+#define OLD_RV_name      (ntpq_opt_strs+1381)
 #define OLD_RV_FLAGS     (OPTST_DISABLED)
 
 /*
  *  Help/More_Help/Version option descriptions:
  */
-#define HELP_DESC       (ntpq_opt_strs+1386)
-#define HELP_name       (ntpq_opt_strs+1430)
+#define HELP_DESC       (ntpq_opt_strs+1388)
+#define HELP_name       (ntpq_opt_strs+1432)
 #ifdef HAVE_WORKING_FORK
-#define MORE_HELP_DESC  (ntpq_opt_strs+1435)
-#define MORE_HELP_name  (ntpq_opt_strs+1480)
+#define MORE_HELP_DESC  (ntpq_opt_strs+1437)
+#define MORE_HELP_name  (ntpq_opt_strs+1482)
 #define MORE_HELP_FLAGS (OPTST_IMM | OPTST_NO_INIT)
 #else
 #define MORE_HELP_DESC  NULL
@@ -242,14 +243,14 @@ static int const aInteractiveCantList[] 
 #  define VER_FLAGS     (OPTST_SET_ARGTYPE(OPARG_TYPE_STRING) | \
                          OPTST_ARG_OPTIONAL | OPTST_IMM | OPTST_NO_INIT)
 #endif
-#define VER_DESC        (ntpq_opt_strs+1490)
-#define VER_name        (ntpq_opt_strs+1526)
-#define SAVE_OPTS_DESC  (ntpq_opt_strs+1534)
-#define SAVE_OPTS_name  (ntpq_opt_strs+1573)
-#define LOAD_OPTS_DESC     (ntpq_opt_strs+1583)
-#define LOAD_OPTS_NAME     (ntpq_opt_strs+1615)
-#define NO_LOAD_OPTS_name  (ntpq_opt_strs+1625)
-#define LOAD_OPTS_pfx      (ntpq_opt_strs+1638)
+#define VER_DESC        (ntpq_opt_strs+1492)
+#define VER_name        (ntpq_opt_strs+1528)
+#define SAVE_OPTS_DESC  (ntpq_opt_strs+1536)
+#define SAVE_OPTS_name  (ntpq_opt_strs+1575)
+#define LOAD_OPTS_DESC     (ntpq_opt_strs+1585)
+#define LOAD_OPTS_NAME     (ntpq_opt_strs+1617)
+#define NO_LOAD_OPTS_name  (ntpq_opt_strs+1627)
+#define LOAD_OPTS_pfx      (ntpq_opt_strs+1640)
 #define LOAD_OPTS_name     (NO_LOAD_OPTS_name + 3)
 /*
  *  Declare option callback procedures
@@ -292,15 +293,14 @@ static tOptProc
 #define SET_DEBUG_LEVEL_OPT_PROC doOptSet_Debug_Level
 #define PEERS_OPT_PROC ntpq_custom_opt_handler
 
-#define COMMAND_OPT_PROC ntpq_custom_opt_handler
-#define SET_DEBUG_LEVEL_OPT_PROC doOptSet_Debug_Level
-#define PEERS_OPT_PROC ntpq_custom_opt_handler
 #endif /* defined(TEST_NTPQ_OPTS) */
 #define VER_PROC        ntpOptionPrintVersion
 
-/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
- *
- *  Define the Ntpq Option Descriptions.
+/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
+/**
+ *  Define the ntpq Option Descriptions.
+ * This is an array of OPTION_CT entries, one for each
+ * option that the ntpq program responds to.
  */
 static tOptDesc optDesc[OPTION_CT] = {
   {  /* entry idx, value */ 0, VALUE_OPT_IPV4,
@@ -479,20 +479,20 @@ static tOptDesc optDesc[OPTION_CT] = {
 
 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
  *
- *  Define the Ntpq Option Environment
+ *  Define the ntpq Option Environment
  */
-#define zPROGNAME       (ntpq_opt_strs+1641)
-#define zUsageTitle     (ntpq_opt_strs+1646)
-#define zRcName         (ntpq_opt_strs+1767)
+#define zPROGNAME       (ntpq_opt_strs+1643)
+#define zUsageTitle     (ntpq_opt_strs+1648)
+#define zRcName         (ntpq_opt_strs+1777)
 static char const * const apzHomeList[3] = {
-    ntpq_opt_strs+1774,
-    ntpq_opt_strs+1780,
+    ntpq_opt_strs+1769,
+    ntpq_opt_strs+1775,
     NULL };
-#define zBugsAddr       (ntpq_opt_strs+1782)
+#define zBugsAddr       (ntpq_opt_strs+1784)
 #define zExplain        (NULL)
 #define zDetail         (NULL)
-#define zFullVersion    (ntpq_opt_strs+1816)
-/* extracted from optcode.tlib near line 315 */
+#define zFullVersion    (ntpq_opt_strs+1818)
+/* extracted from optcode.tlib near line 350 */
 
 #if defined(ENABLE_NLS)
 # define OPTPROC_BASE OPTPROC_TRANSLATE
@@ -507,35 +507,58 @@ static char const * const apzHomeList[3]
 
 #define ntpq_short_usage (NULL)
 
+#endif /* not defined __doxygen__ */
+
 /*
  *  Create the static procedure(s) declared above.
  */
+/**
+ * The callout function that invokes the optionUsage function.
+ *
+ * @param pOptions the AutoOpts option description structure
+ * @param pOptDesc the descriptor for the "help" (usage) option.
+ * @noreturn
+ */
 static void
 doUsageOpt(tOptions * pOptions, tOptDesc * pOptDesc)
 {
+    optionUsage(&ntpqOptions, NTPQ_EXIT_SUCCESS);
+    /* NOTREACHED */
+    (void)pOptDesc;
     (void)pOptions;
-    USAGE(NTPQ_EXIT_SUCCESS);
 }
 
 #if ! defined(TEST_NTPQ_OPTS)
 
-/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
+/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
+/**
+ * Code to handle the set-debug-level option.
  *
- *   For the set-debug-level option.
+ * @param pOptions the ntpq options data structure
+ * @param pOptDesc the option descriptor for this option.
  */
 static void
 doOptSet_Debug_Level(tOptions* pOptions, tOptDesc* pOptDesc)
 {
     /* extracted from debug-opt.def, line 26 */
 DESC(DEBUG_LEVEL).optOccCt = atoi( pOptDesc->pzLastArg );
+    (void)pOptions;
 }
 #endif /* defined(TEST_NTPQ_OPTS) */
-/* extracted from optmain.tlib near line 128 */
+/* extracted from optmain.tlib near line 48 */
 
 #if defined(TEST_NTPQ_OPTS) /* TEST MAIN PROCEDURE: */
 
 extern void optionPutShell(tOptions*);
 
+/**
+ * Generated main procedure.  This will emit text that a Bourne shell can
+ * process to handle its command line arguments.
+ *
+ * @param argc argument count
+ * @param argv argument vector
+ * @returns program exit code
+ */
 int
 main(int argc, char ** argv)
 {
@@ -548,12 +571,19 @@ main(int argc, char ** argv)
     return res;
 }
 #endif  /* defined TEST_NTPQ_OPTS */
-/* extracted from optmain.tlib near line 1148 */
+/* extracted from optmain.tlib near line 1146 */
 
+/**
+ * The directory containing the data associated with ntpq.
+ */
 #ifndef  PKGDATADIR
 # define PKGDATADIR ""
 #endif
 
+/**
+ * Information about the person or institution that packaged ntpq
+ * for the current distribution.
+ */
 #ifndef  WITH_PACKAGER
 # define ntpq_packager_info NULL
 #else
@@ -569,7 +599,13 @@ static char const ntpq_packager_info[] =
 # endif
     "\n";
 #endif
+#ifndef __doxygen__
 
+#endif /* __doxygen__ */
+/**
+ * The option definitions for ntpq.  The one structure that
+ * binds them all.
+ */
 tOptions ntpqOptions = {
     OPTIONS_STRUCT_VERSION,
     0, NULL,                    /* original argc + argv    */
@@ -613,7 +649,16 @@ tOptions ntpqOptions = {
 static char* AO_gettext(char const* pz);
 static void  coerce_it(void** s);
 
-static char*
+/**
+ * AutoGen specific wrapper function for gettext.
+ * It relies on the macro _() to convert from English to the target
+ * language, then strdup-duplicates the result string.
+ *
+ * @param[in] pz the input text used as a lookup key.
+ * @returns the translated text (if there is one),
+ *   or the original text (if not).
+ */
+static char *
 AO_gettext(char const* pz)
 {
     char* pzRes;
@@ -633,8 +678,9 @@ AO_gettext(char const* pz)
 static void coerce_it(void** s) { *s = AO_gettext(*s);
 }
 
-/*
- *  This invokes the translation code (e.g. gettext(3)).
+/**
+ * Translate all the translatable strings in the ntpqOptions
+ * structure defined above.  This is done only once.
  */
 static void
 translate_option_strings(void)

==== ntpq/ntpq-opts.h ====
2012-08-12 04:32:18+00:00, stenn at psp-fb1.ntp.org +13 -5
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.297/ntpq/ntpq-opts.h	2012-08-11 07:33:24 -04:00
+++ 1.298/ntpq/ntpq-opts.h	2012-08-12 00:32:18 -04:00
@@ -1,11 +1,11 @@
 /*  
  *  EDIT THIS FILE WITH CAUTION  (ntpq-opts.h)
  *  
- *  It has been AutoGen-ed  August 11, 2012 at 11:32:08 AM by AutoGen 5.14
+ *  It has been AutoGen-ed  August 11, 2012 at 08:39:29 PM by AutoGen 5.16.2
  *  From the definitions    ntpq-opts.def
  *  and the template file   options
  *
- * Generated from AutoOpts 36:1:11 templates.
+ * Generated from AutoOpts 36:5:11 templates.
  *
  *  AutoOpts is a copyrighted work.  This header file is not encumbered
  *  by AutoOpts licensing, but is provided under the licensing terms chosen
@@ -53,7 +53,7 @@
  *  tolerable version is at least as old as what was current when the header
  *  template was released.
  */
-#define AO_TEMPLATE_VERSION 147457
+#define AO_TEMPLATE_VERSION 147461
 #if (AO_TEMPLATE_VERSION < OPTIONS_MINIMUM_VERSION) \
  || (AO_TEMPLATE_VERSION > OPTIONS_STRUCT_VERSION)
 # error option template version mismatches autoopts/options.h header
@@ -111,7 +111,9 @@ typedef enum {
  */
 typedef enum {
     NTPQ_EXIT_SUCCESS = 0,
-    NTPQ_EXIT_FAILURE = 1
+    NTPQ_EXIT_FAILURE = 1,
+    NTPQ_EXIT_NO_CONFIG_INPUT = 66,
+    NTPQ_EXIT_LIBOPTS_FAILURE = 70
 } ntpq_exit_code_t;
 /*
  *  Make sure there are no #define name conflicts with the option names
@@ -197,7 +199,7 @@ typedef enum {
                 ntpqOptions.pzCurOpt  = NULL)
 #define START_OPT       RESTART_OPT(1)
 #define USAGE(c)        (*ntpqOptions.pUsageProc)(&ntpqOptions, c)
-/* extracted from opthead.tlib near line 469 */
+/* extracted from opthead.tlib near line 484 */
 
 #ifdef  __cplusplus
 extern "C" {
@@ -213,6 +215,12 @@ extern tOptions ntpqOptions;
 #if defined(ENABLE_NLS)
 # ifndef _
 #   include <stdio.h>
+#   ifndef HAVE_GETTEXT
+      extern char * gettext(char const *);
+#   else
+#     include <libintl.h>
+#   endif
+
 static inline char* aoGetsText(char const* pz) {
     if (pz == NULL) return NULL;
     return (char*)gettext(pz);

==== ntpq/ntpq.1ntpqman ====
2012-08-12 04:32:18+00:00, stenn at psp-fb1.ntp.org +22 -15
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.111/ntpq/ntpq.1ntpqman	2012-08-11 07:33:24 -04:00
+++ 1.112/ntpq/ntpq.1ntpqman	2012-08-12 00:32:18 -04:00
@@ -2,7 +2,7 @@
 .\"
 .\"  EDIT THIS FILE WITH CAUTION  (ntpq-opts.man)
 .\"  
-.\"  It has been AutoGen-ed  August 11, 2012 at 11:32:31 AM by AutoGen 5.14
+.\"  It has been AutoGen-ed  August 11, 2012 at 08:58:21 PM by AutoGen 5.16.2
 .\"  From the definitions    ntpq-opts.def
 .\"  and the template file   agman-cmd.tpl
 .\"
@@ -14,7 +14,7 @@ ntpq \- standard NTP query program
 .RB [ \-\fIflag\fP " [\fIvalue\fP]]... [" \-\-\fIopt\-name\fP " [[=| ]\fIvalue\fP]]..." [ host ...]
 .SH DESCRIPTION
 The
-.B 
+.B XXX Program Name
 utility program is used to query NTP servers which
 implement the standard NTP mode 6 control message formats defined
 in Appendix B of the NTPv3 specification RFC1305, requesting
@@ -28,28 +28,28 @@ Requests to read and write arbitrary
 variables can be assembled, with raw and pretty-printed output
 options being available.
 The
-.B 
+.B XXX Program Name
 utility can also obtain and print a
 list of peers in a common format by sending multiple queries to the
 server.
 If one or more request options is included on the command line
 when
-.B 
+.B XXX Program Name
 is executed, each of the requests will be sent
 to the NTP servers running on each of the hosts given as command
 line arguments, or on localhost by default.
 If no request options
 are given,
-.B 
+.B XXX Program Name
 will attempt to read commands from the
 standard input and execute these on the NTP server running on the
 first host given on the command line, again defaulting to localhost
 when no other host is specified.
 The
-.B 
+.B XXX Program Name
 utility will prompt for
 commands if the standard input is a terminal device.
-.B 
+.B XXX Program Name
 uses NTP mode 6 packets to communicate with the
 NTP server, and hence can be used to query any compatible server on
 the network which permits it.
@@ -57,7 +57,7 @@ Note that since NTP is a UDP protocol
 this communication will be somewhat unreliable, especially over
 large distances in terms of network topology.
 The
-.B 
+.B XXX Program Name
 utility makes
 one attempt to retransmit requests, and will time requests out if
 the remote host is not heard from within a suitable timeout
@@ -71,10 +71,10 @@ will
 cause the specified query (queries) to be sent to the indicated
 host(s) immediately.
 Otherwise,
-.B 
+.B XXX Program Name
 will attempt to read
 interactive format commands from the standard input.
-.Ss "Internal Commands"
+.SS "Internal Commands"
 Interactive format commands consist of a keyword followed by zero
 to four arguments.
 Only enough characters of the full keyword to
@@ -82,7 +82,7 @@ uniquely identify the command need be ty
 A
 number of interactive format commands are executed entirely within
 the
-.B 
+.B XXX Program Name
 utility itself and do not result in NTP mode 6
 requests being sent to a server.
 These are described following.
@@ -327,14 +327,14 @@ to the standard output and commands read
 numeric host addresses.
 .sp
 Output all host addresses in dotted-quad numeric format rather than
-converting to the canonical host names. 
+converting to the canonical host names.
 .TP
 .BR \-\-old\-rv
 Always output status line with readvar.
 .sp
 By default, ntpq now suppresses the associd=... line that
 precedes the output of "readvar" (alias "rv") when a single
-variable is requested, such as ntpq -c "rv 0 offset".  This
+variable is requested, such as ntpq \-c "rv 0 offset".  This
 option causes ntpq to include both lines of output for a
 single-variable readvar.  Using an environment variable to
 preset this option in a script will enable both older and
@@ -380,11 +380,18 @@ See \fBOPTION PRESETS\fP for configurati
 .SH "EXIT STATUS"
 One of the following exit values will be returned:
 .TP
-.BR 0
+.BR 0 " (EXIT_SUCCESS)"
 Successful program execution.
 .TP
-.BR 1
+.BR 1 " (EXIT_FAILURE)"
 The operation failed or the command syntax was not valid.
+.TP
+.BR 66 " (EX_NOINPUT)"
+A specified configuration file could not be loaded.
+.TP
+.BR 70 " (EX_SOFTWARE)"
+libopts had an internal operational error.  Please report
+it to autogen-users at lists.sourceforge.net.  Thank you.
 .SH "AUTHORS"
 The University of Delaware
 .SH "COPYRIGHT"

==== ntpq/ntpq.1ntpqmdoc ====
2012-08-12 04:32:19+00:00, stenn at psp-fb1.ntp.org +15 -8
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.111/ntpq/ntpq.1ntpqmdoc	2012-08-11 07:33:24 -04:00
+++ 1.112/ntpq/ntpq.1ntpqmdoc	2012-08-12 00:32:19 -04:00
@@ -1,9 +1,9 @@
 .Dd August 11 2012
 .Dt NTPQ 1ntpqmdoc User Commands
-.Os SunOS 5.10
+.Os FreeBSD 6.4-STABLE
 .\"  EDIT THIS FILE WITH CAUTION  (ntpq-opts.mdoc)
 .\"  
-.\"  It has been AutoGen-ed  August 11, 2012 at 11:32:34 AM by AutoGen 5.14
+.\"  It has been AutoGen-ed  August 11, 2012 at 08:58:17 PM by AutoGen 5.16.2
 .\"  From the definitions    ntpq-opts.def
 .\"  and the template file   agmdoc-cmd.tpl
 .Sh NAME
@@ -288,10 +288,12 @@ host(s).
 Increase debug verbosity level.
 This option may appear an unlimited number of times.
 .sp
+.sp
 .It  \-D " \fIstring\fP, " \-\-set\-debug\-level "=" \fIstring\fP
 Set the debug verbosity level.
 This option may appear an unlimited number of times.
 .sp
+.sp
 .It  \-p ", " -\-peers
 Print a list of the peers.
 This option must not appear in combination with any of the following options:
@@ -309,16 +311,16 @@ to the standard output and commands read
 .It  \-n ", " -\-numeric
 numeric host addresses.
 .sp
-Output all host addresses in dotted-quad numeric format rather than
-converting to the canonical host names. 
+Output all host addresses in dotted\-quad numeric format rather than
+converting to the canonical host names.
 .It  \-\-old\-rv
 Always output status line with readvar.
 .sp
 By default, ntpq now suppresses the associd=... line that
 precedes the output of "readvar" (alias "rv") when a single
-variable is requested, such as ntpq -c "rv 0 offset".  This
+variable is requested, such as ntpq \-c "rv 0 offset".  This
 option causes ntpq to include both lines of output for a
-single-variable readvar.  Using an environment variable to
+single\-variable readvar.  Using an environment variable to
 preset this option in a script will enable both older and
 newer ntpq to behave identically in this regard.
 .It \-? , " \-\-help"
@@ -358,10 +360,15 @@ See \fBOPTION PRESETS\fP for configurati
 .Sh "EXIT STATUS"
 One of the following exit values will be returned:
 .Bl -tag
-.It 0
+.It 0 " (EXIT_SUCCESS)"
 Successful program execution.
-.It 1
+.It 1 " (EXIT_FAILURE)"
 The operation failed or the command syntax was not valid.
+.It 66 " (EX_NOINPUT)"
+A specified configuration file could not be loaded.
+.It 70 " (EX_SOFTWARE)"
+libopts had an internal operational error.  Please report
+it to autogen-users at lists.sourceforge.net.  Thank you.
 .El
 .Sh "AUTHORS"
 The University of Delaware

==== ntpq/ntpq.man.in ====
2012-08-12 04:32:19+00:00, stenn at psp-fb1.ntp.org +22 -15
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.111/ntpq/ntpq.man.in	2012-08-11 07:33:24 -04:00
+++ 1.112/ntpq/ntpq.man.in	2012-08-12 00:32:19 -04:00
@@ -2,7 +2,7 @@
 .\"
 .\"  EDIT THIS FILE WITH CAUTION  (ntpq-opts.man)
 .\"  
-.\"  It has been AutoGen-ed  August 11, 2012 at 11:32:31 AM by AutoGen 5.14
+.\"  It has been AutoGen-ed  August 11, 2012 at 08:58:21 PM by AutoGen 5.16.2
 .\"  From the definitions    ntpq-opts.def
 .\"  and the template file   agman-cmd.tpl
 .\"
@@ -14,7 +14,7 @@ ntpq \- standard NTP query program
 .RB [ \-\fIflag\fP " [\fIvalue\fP]]... [" \-\-\fIopt\-name\fP " [[=| ]\fIvalue\fP]]..." [ host ...]
 .SH DESCRIPTION
 The
-.B 
+.B XXX Program Name
 utility program is used to query NTP servers which
 implement the standard NTP mode 6 control message formats defined
 in Appendix B of the NTPv3 specification RFC1305, requesting
@@ -28,28 +28,28 @@ Requests to read and write arbitrary
 variables can be assembled, with raw and pretty-printed output
 options being available.
 The
-.B 
+.B XXX Program Name
 utility can also obtain and print a
 list of peers in a common format by sending multiple queries to the
 server.
 If one or more request options is included on the command line
 when
-.B 
+.B XXX Program Name
 is executed, each of the requests will be sent
 to the NTP servers running on each of the hosts given as command
 line arguments, or on localhost by default.
 If no request options
 are given,
-.B 
+.B XXX Program Name
 will attempt to read commands from the
 standard input and execute these on the NTP server running on the
 first host given on the command line, again defaulting to localhost
 when no other host is specified.
 The
-.B 
+.B XXX Program Name
 utility will prompt for
 commands if the standard input is a terminal device.
-.B 
+.B XXX Program Name
 uses NTP mode 6 packets to communicate with the
 NTP server, and hence can be used to query any compatible server on
 the network which permits it.
@@ -57,7 +57,7 @@ Note that since NTP is a UDP protocol
 this communication will be somewhat unreliable, especially over
 large distances in terms of network topology.
 The
-.B 
+.B XXX Program Name
 utility makes
 one attempt to retransmit requests, and will time requests out if
 the remote host is not heard from within a suitable timeout
@@ -71,10 +71,10 @@ will
 cause the specified query (queries) to be sent to the indicated
 host(s) immediately.
 Otherwise,
-.B 
+.B XXX Program Name
 will attempt to read
 interactive format commands from the standard input.
-.Ss "Internal Commands"
+.SS "Internal Commands"
 Interactive format commands consist of a keyword followed by zero
 to four arguments.
 Only enough characters of the full keyword to
@@ -82,7 +82,7 @@ uniquely identify the command need be ty
 A
 number of interactive format commands are executed entirely within
 the
-.B 
+.B XXX Program Name
 utility itself and do not result in NTP mode 6
 requests being sent to a server.
 These are described following.
@@ -327,14 +327,14 @@ to the standard output and commands read
 numeric host addresses.
 .sp
 Output all host addresses in dotted-quad numeric format rather than
-converting to the canonical host names. 
+converting to the canonical host names.
 .TP
 .BR \-\-old\-rv
 Always output status line with readvar.
 .sp
 By default, ntpq now suppresses the associd=... line that
 precedes the output of "readvar" (alias "rv") when a single
-variable is requested, such as ntpq -c "rv 0 offset".  This
+variable is requested, such as ntpq \-c "rv 0 offset".  This
 option causes ntpq to include both lines of output for a
 single-variable readvar.  Using an environment variable to
 preset this option in a script will enable both older and
@@ -380,11 +380,18 @@ See \fBOPTION PRESETS\fP for configurati
 .SH "EXIT STATUS"
 One of the following exit values will be returned:
 .TP
-.BR 0
+.BR 0 " (EXIT_SUCCESS)"
 Successful program execution.
 .TP
-.BR 1
+.BR 1 " (EXIT_FAILURE)"
 The operation failed or the command syntax was not valid.
+.TP
+.BR 66 " (EX_NOINPUT)"
+A specified configuration file could not be loaded.
+.TP
+.BR 70 " (EX_SOFTWARE)"
+libopts had an internal operational error.  Please report
+it to autogen-users at lists.sourceforge.net.  Thank you.
 .SH "AUTHORS"
 The University of Delaware
 .SH "COPYRIGHT"

==== ntpq/ntpq.mdoc.in ====
2012-08-12 04:32:19+00:00, stenn at psp-fb1.ntp.org +15 -8
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.111/ntpq/ntpq.mdoc.in	2012-08-11 07:33:24 -04:00
+++ 1.112/ntpq/ntpq.mdoc.in	2012-08-12 00:32:19 -04:00
@@ -1,9 +1,9 @@
 .Dd August 11 2012
 .Dt NTPQ @NTPQ_MS@ User Commands
-.Os SunOS 5.10
+.Os FreeBSD 6.4-STABLE
 .\"  EDIT THIS FILE WITH CAUTION  (ntpq-opts.mdoc)
 .\"  
-.\"  It has been AutoGen-ed  August 11, 2012 at 11:32:34 AM by AutoGen 5.14
+.\"  It has been AutoGen-ed  August 11, 2012 at 08:58:17 PM by AutoGen 5.16.2
 .\"  From the definitions    ntpq-opts.def
 .\"  and the template file   agmdoc-cmd.tpl
 .Sh NAME
@@ -288,10 +288,12 @@ host(s).
 Increase debug verbosity level.
 This option may appear an unlimited number of times.
 .sp
+.sp
 .It  \-D " \fIstring\fP, " \-\-set\-debug\-level "=" \fIstring\fP
 Set the debug verbosity level.
 This option may appear an unlimited number of times.
 .sp
+.sp
 .It  \-p ", " -\-peers
 Print a list of the peers.
 This option must not appear in combination with any of the following options:
@@ -309,16 +311,16 @@ to the standard output and commands read
 .It  \-n ", " -\-numeric
 numeric host addresses.
 .sp
-Output all host addresses in dotted-quad numeric format rather than
-converting to the canonical host names. 
+Output all host addresses in dotted\-quad numeric format rather than
+converting to the canonical host names.
 .It  \-\-old\-rv
 Always output status line with readvar.
 .sp
 By default, ntpq now suppresses the associd=... line that
 precedes the output of "readvar" (alias "rv") when a single
-variable is requested, such as ntpq -c "rv 0 offset".  This
+variable is requested, such as ntpq \-c "rv 0 offset".  This
 option causes ntpq to include both lines of output for a
-single-variable readvar.  Using an environment variable to
+single\-variable readvar.  Using an environment variable to
 preset this option in a script will enable both older and
 newer ntpq to behave identically in this regard.
 .It \-? , " \-\-help"
@@ -358,10 +360,15 @@ See \fBOPTION PRESETS\fP for configurati
 .Sh "EXIT STATUS"
 One of the following exit values will be returned:
 .Bl -tag
-.It 0
+.It 0 " (EXIT_SUCCESS)"
 Successful program execution.
-.It 1
+.It 1 " (EXIT_FAILURE)"
 The operation failed or the command syntax was not valid.
+.It 66 " (EX_NOINPUT)"
+A specified configuration file could not be loaded.
+.It 70 " (EX_SOFTWARE)"
+libopts had an internal operational error.  Please report
+it to autogen-users at lists.sourceforge.net.  Thank you.
 .El
 .Sh "AUTHORS"
 The University of Delaware

==== ntpsnmpd/invoke-ntpsnmpd.texi ====
2012-08-12 04:32:19+00:00, stenn at psp-fb1.ntp.org +5 -29
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.282/ntpsnmpd/invoke-ntpsnmpd.texi	2012-08-11 16:05:27 -04:00
+++ 1.283/ntpsnmpd/invoke-ntpsnmpd.texi	2012-08-12 00:32:19 -04:00
@@ -6,7 +6,7 @@
 # 
 # EDIT THIS FILE WITH CAUTION  (invoke-ntpsnmpd.texi)
 # 
-# It has been AutoGen-ed  August 11, 2012 at 11:32:41 AM by AutoGen 5.14
+# It has been AutoGen-ed  August 11, 2012 at 08:58:30 PM by AutoGen 5.16.2
 # From the definitions    ntpsnmpd-opts.def
 # and the template file   agtexi-cmd.tpl
 @end ignore
@@ -23,7 +23,6 @@ This software is released under the NTP 
 * ntpsnmpd agentxsocket::           agentxsocket option
 * ntpsnmpd config::                 presetting/configuring ntpsnmpd
 * ntpsnmpd exit status::            exit status
-* ntpsnmpd Description::            Description
 * ntpsnmpd Authors::                Authors
 @end menu
 
@@ -41,31 +40,7 @@ with a status code of 0.
 
 @exampleindent 0
 @example
-ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.7p295
-USAGE:  ntpsnmpd [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]...
-  Flg Arg Option-Name    Description
-   -n no  nofork         Do not fork
-   -p no  syslog         Log to syslog()
-      Str agentxsocket   The socket address ntpsnmpd uses to connect to net-snmpd
-      opt version        Output version information and exit
-   -? no  help           Display extended usage information and exit
-   -! no  more-help      Extended usage information passed thru pager
-   -> opt save-opts      Save the option state to a config file
-   -< Str load-opts      Load options from a config file
-                                - disabled as --no-load-opts
-                                - may appear multiple times
-
-Options are specified by doubled hyphens and their name or by a single
-hyphen and the flag character.
-
-
-
-The following option preset mechanisms are supported:
- - reading file $HOME/.ntprc
- - reading file ./.ntprc
- - examining environment variables named NTPSNMPD_*
-
-please send bug reports to:  http://bugs.ntp.org, bugs@@ntp.org
+ntpsnmpd is unavailable - no -?
 @end example
 @exampleindent 4
 
@@ -174,7 +149,8 @@ A specified configuration file could not
 libopts had an internal operational error.  Please report
 it to autogen-users@@lists.sourceforge.net.  Thank you.
 @end table
- at node ntpsnmpd Description
- at subsection ntpsnmpd Description
 @node ntpsnmpd Authors
 @subsection ntpsnmpd Authors
+.An
+"Heiko
+Gerstung"

==== ntpsnmpd/ntpsnmpd-opts.c ====
2012-08-12 04:32:19+00:00, stenn at psp-fb1.ntp.org +125 -81
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.297/ntpsnmpd/ntpsnmpd-opts.c	2012-08-11 07:33:24 -04:00
+++ 1.298/ntpsnmpd/ntpsnmpd-opts.c	2012-08-12 00:32:19 -04:00
@@ -1,11 +1,11 @@
 /*  
  *  EDIT THIS FILE WITH CAUTION  (ntpsnmpd-opts.c)
  *  
- *  It has been AutoGen-ed  August 11, 2012 at 11:32:35 AM by AutoGen 5.14
+ *  It has been AutoGen-ed  August 11, 2012 at 08:39:31 PM by AutoGen 5.16.2
  *  From the definitions    ntpsnmpd-opts.def
  *  and the template file   options
  *
- * Generated from AutoOpts 36:1:11 templates.
+ * Generated from AutoOpts 36:5:11 templates.
  *
  *  AutoOpts is a copyrighted work.  This source file is not encumbered
  *  by AutoOpts licensing, but is provided under the licensing terms chosen
@@ -36,14 +36,15 @@
  *  is provided "as is" without express or implied warranty.
  */
 
+#ifndef __doxygen__
+#define OPTION_CODE_COMPILE 1
+#include "ntpsnmpd-opts.h"
 #include <sys/types.h>
 
 #include <limits.h>
 #include <stdio.h>
 #include <stdlib.h>
 
-#define OPTION_CODE_COMPILE 1
-#include "ntpsnmpd-opts.h"
 #ifdef  __cplusplus
 extern "C" {
 #endif
@@ -54,7 +55,6 @@ extern FILE * option_usage_fp;
 #define zCopyright      (ntpsnmpd_opt_strs+0)
 #define zLicenseDescrip (ntpsnmpd_opt_strs+318)
 
-extern tUsageProc optionUsage;
 
 #ifndef NULL
 #  define NULL 0
@@ -63,7 +63,7 @@ extern tUsageProc optionUsage;
 /*
  *  ntpsnmpd option static const strings
  */
-static char const ntpsnmpd_opt_strs[1559] =
+static char const ntpsnmpd_opt_strs[1561] =
 /*     0 */ "ntpsnmpd 4.2.7p295\n"
             "Copyright (C) 1970-2012 The University of Delaware, all rights reserved.\n"
             "This is free software. It is licensed for use, modification and\n"
@@ -76,76 +76,76 @@ static char const ntpsnmpd_opt_strs[1559
             "provided that the above copyright notice appears in all copies and that\n"
             "both the copyright notice and this permission notice appear in supporting\n"
             "documentation, and that the name The University of Delaware not be used in\n"
-            "advertising or publicity pertaining to distribution of the software\n"
-            "without specific, written prior permission. The University of Delaware\n"
-            "makes no representations about the suitability this software for any\n"
-            "purpose. It is provided \"as is\" without express or implied warranty.\n\0"
-/*   956 */ "Do not fork\0"
-/*   968 */ "NOFORK\0"
-/*   975 */ "nofork\0"
-/*   982 */ "Log to syslog()\0"
-/*   998 */ "SYSLOG\0"
-/*  1005 */ "syslog\0"
-/*  1012 */ "The socket address ntpsnmpd uses to connect to net-snmpd\0"
-/*  1069 */ "AGENTXSOCKET\0"
-/*  1082 */ "agentxsocket\0"
-/*  1095 */ "unix:/var/agentx/master\0"
-/*  1119 */ "Display extended usage information and exit\0"
-/*  1163 */ "help\0"
-/*  1168 */ "Extended usage information passed thru pager\0"
-/*  1213 */ "more-help\0"
-/*  1223 */ "Output version information and exit\0"
-/*  1259 */ "version\0"
-/*  1267 */ "Save the option state to a config file\0"
-/*  1306 */ "save-opts\0"
-/*  1316 */ "Load options from a config file\0"
-/*  1348 */ "LOAD_OPTS\0"
-/*  1358 */ "no-load-opts\0"
-/*  1371 */ "no\0"
-/*  1374 */ "NTPSNMPD\0"
-/*  1383 */ "ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.7p295\n"
+            "advertising or publicity pertaining to distribution of the software without\n"
+            "specific, written prior permission.  The University of Delaware makes no\n"
+            "representations about the suitability this software for any purpose.  It is\n"
+            "provided \"as is\" without express or implied warranty.\n\0"
+/*   958 */ "Do not fork\0"
+/*   970 */ "NOFORK\0"
+/*   977 */ "nofork\0"
+/*   984 */ "Log to syslog()\0"
+/*  1000 */ "SYSLOG\0"
+/*  1007 */ "syslog\0"
+/*  1014 */ "The socket address ntpsnmpd uses to connect to net-snmpd\0"
+/*  1071 */ "AGENTXSOCKET\0"
+/*  1084 */ "agentxsocket\0"
+/*  1097 */ "unix:/var/agentx/master\0"
+/*  1121 */ "Display extended usage information and exit\0"
+/*  1165 */ "help\0"
+/*  1170 */ "Extended usage information passed thru pager\0"
+/*  1215 */ "more-help\0"
+/*  1225 */ "Output version information and exit\0"
+/*  1261 */ "version\0"
+/*  1269 */ "Save the option state to a config file\0"
+/*  1308 */ "save-opts\0"
+/*  1318 */ "Load options from a config file\0"
+/*  1350 */ "LOAD_OPTS\0"
+/*  1360 */ "no-load-opts\0"
+/*  1373 */ "no\0"
+/*  1376 */ "NTPSNMPD\0"
+/*  1385 */ "ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.7p295\n"
             "USAGE:  %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]...\n\0"
-/*  1488 */ ".ntprc\0"
-/*  1495 */ "$HOME\0"
-/*  1501 */ ".\0"
-/*  1503 */ "http://bugs.ntp.org, bugs at ntp.org\0"
-/*  1537 */ "\n\n\0"
-/*  1540 */ "ntpsnmpd 4.2.7p295";
+/*  1490 */ "$HOME\0"
+/*  1496 */ ".\0"
+/*  1498 */ ".ntprc\0"
+/*  1505 */ "http://bugs.ntp.org, bugs at ntp.org\0"
+/*  1539 */ "\n\n\0"
+/*  1542 */ "ntpsnmpd 4.2.7p295";
 
 /*
  *  nofork option description:
  */
-#define NOFORK_DESC      (ntpsnmpd_opt_strs+956)
-#define NOFORK_NAME      (ntpsnmpd_opt_strs+968)
-#define NOFORK_name      (ntpsnmpd_opt_strs+975)
+#define NOFORK_DESC      (ntpsnmpd_opt_strs+958)
+#define NOFORK_NAME      (ntpsnmpd_opt_strs+970)
+#define NOFORK_name      (ntpsnmpd_opt_strs+977)
 #define NOFORK_FLAGS     (OPTST_DISABLED)
 
 /*
  *  syslog option description:
  */
-#define SYSLOG_DESC      (ntpsnmpd_opt_strs+982)
-#define SYSLOG_NAME      (ntpsnmpd_opt_strs+998)
-#define SYSLOG_name      (ntpsnmpd_opt_strs+1005)
+#define SYSLOG_DESC      (ntpsnmpd_opt_strs+984)
+#define SYSLOG_NAME      (ntpsnmpd_opt_strs+1000)
+#define SYSLOG_name      (ntpsnmpd_opt_strs+1007)
 #define SYSLOG_FLAGS     (OPTST_DISABLED)
 
 /*
  *  agentXSocket option description:
  */
-#define AGENTXSOCKET_DESC      (ntpsnmpd_opt_strs+1012)
-#define AGENTXSOCKET_NAME      (ntpsnmpd_opt_strs+1069)
-#define AGENTXSOCKET_name      (ntpsnmpd_opt_strs+1082)
-#define AGENTXSOCKET_DFT_ARG   (ntpsnmpd_opt_strs+1095)
+#define AGENTXSOCKET_DESC      (ntpsnmpd_opt_strs+1014)
+#define AGENTXSOCKET_NAME      (ntpsnmpd_opt_strs+1071)
+#define AGENTXSOCKET_name      (ntpsnmpd_opt_strs+1084)
+#define AGENTXSOCKET_DFT_ARG   (ntpsnmpd_opt_strs+1097)
 #define AGENTXSOCKET_FLAGS     (OPTST_DISABLED \
         | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
 
 /*
  *  Help/More_Help/Version option descriptions:
  */
-#define HELP_DESC       (ntpsnmpd_opt_strs+1119)
-#define HELP_name       (ntpsnmpd_opt_strs+1163)
+#define HELP_DESC       (ntpsnmpd_opt_strs+1121)
+#define HELP_name       (ntpsnmpd_opt_strs+1165)
 #ifdef HAVE_WORKING_FORK
-#define MORE_HELP_DESC  (ntpsnmpd_opt_strs+1168)
-#define MORE_HELP_name  (ntpsnmpd_opt_strs+1213)
+#define MORE_HELP_DESC  (ntpsnmpd_opt_strs+1170)
+#define MORE_HELP_name  (ntpsnmpd_opt_strs+1215)
 #define MORE_HELP_FLAGS (OPTST_IMM | OPTST_NO_INIT)
 #else
 #define MORE_HELP_DESC  NULL
@@ -158,14 +158,14 @@ static char const ntpsnmpd_opt_strs[1559
 #  define VER_FLAGS     (OPTST_SET_ARGTYPE(OPARG_TYPE_STRING) | \
                          OPTST_ARG_OPTIONAL | OPTST_IMM | OPTST_NO_INIT)
 #endif
-#define VER_DESC        (ntpsnmpd_opt_strs+1223)
-#define VER_name        (ntpsnmpd_opt_strs+1259)
-#define SAVE_OPTS_DESC  (ntpsnmpd_opt_strs+1267)
-#define SAVE_OPTS_name  (ntpsnmpd_opt_strs+1306)
-#define LOAD_OPTS_DESC     (ntpsnmpd_opt_strs+1316)
-#define LOAD_OPTS_NAME     (ntpsnmpd_opt_strs+1348)
-#define NO_LOAD_OPTS_name  (ntpsnmpd_opt_strs+1358)
-#define LOAD_OPTS_pfx      (ntpsnmpd_opt_strs+1371)
+#define VER_DESC        (ntpsnmpd_opt_strs+1225)
+#define VER_name        (ntpsnmpd_opt_strs+1261)
+#define SAVE_OPTS_DESC  (ntpsnmpd_opt_strs+1269)
+#define SAVE_OPTS_name  (ntpsnmpd_opt_strs+1308)
+#define LOAD_OPTS_DESC     (ntpsnmpd_opt_strs+1318)
+#define LOAD_OPTS_NAME     (ntpsnmpd_opt_strs+1350)
+#define NO_LOAD_OPTS_name  (ntpsnmpd_opt_strs+1360)
+#define LOAD_OPTS_pfx      (ntpsnmpd_opt_strs+1373)
 #define LOAD_OPTS_name     (NO_LOAD_OPTS_name + 3)
 /*
  *  Declare option callback procedures
@@ -192,9 +192,11 @@ static tOptProc
 #endif /* defined(TEST_NTPSNMPD_OPTS) */
 #define VER_PROC        ntpOptionPrintVersion
 
-/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
- *
- *  Define the Ntpsnmpd Option Descriptions.
+/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
+/**
+ *  Define the ntpsnmpd Option Descriptions.
+ * This is an array of OPTION_CT entries, one for each
+ * option that the ntpsnmpd program responds to.
  */
 static tOptDesc optDesc[OPTION_CT] = {
   {  /* entry idx, value */ 0, VALUE_OPT_NOFORK,
@@ -301,20 +303,20 @@ static tOptDesc optDesc[OPTION_CT] = {
 
 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
  *
- *  Define the Ntpsnmpd Option Environment
+ *  Define the ntpsnmpd Option Environment
  */
-#define zPROGNAME       (ntpsnmpd_opt_strs+1374)
-#define zUsageTitle     (ntpsnmpd_opt_strs+1383)
-#define zRcName         (ntpsnmpd_opt_strs+1488)
+#define zPROGNAME       (ntpsnmpd_opt_strs+1376)
+#define zUsageTitle     (ntpsnmpd_opt_strs+1385)
+#define zRcName         (ntpsnmpd_opt_strs+1498)
 static char const * const apzHomeList[3] = {
-    ntpsnmpd_opt_strs+1495,
-    ntpsnmpd_opt_strs+1501,
+    ntpsnmpd_opt_strs+1490,
+    ntpsnmpd_opt_strs+1496,
     NULL };
-#define zBugsAddr       (ntpsnmpd_opt_strs+1503)
-#define zExplain        (ntpsnmpd_opt_strs+1537)
+#define zBugsAddr       (ntpsnmpd_opt_strs+1505)
+#define zExplain        (ntpsnmpd_opt_strs+1539)
 #define zDetail         (NULL)
-#define zFullVersion    (ntpsnmpd_opt_strs+1540)
-/* extracted from optcode.tlib near line 315 */
+#define zFullVersion    (ntpsnmpd_opt_strs+1542)
+/* extracted from optcode.tlib near line 350 */
 
 #if defined(ENABLE_NLS)
 # define OPTPROC_BASE OPTPROC_TRANSLATE
@@ -329,21 +331,40 @@ static char const * const apzHomeList[3]
 
 #define ntpsnmpd_short_usage (NULL)
 
+#endif /* not defined __doxygen__ */
+
 /*
  *  Create the static procedure(s) declared above.
  */
+/**
+ * The callout function that invokes the optionUsage function.
+ *
+ * @param pOptions the AutoOpts option description structure
+ * @param pOptDesc the descriptor for the "help" (usage) option.
+ * @noreturn
+ */
 static void
 doUsageOpt(tOptions * pOptions, tOptDesc * pOptDesc)
 {
+    optionUsage(&ntpsnmpdOptions, NTPSNMPD_EXIT_SUCCESS);
+    /* NOTREACHED */
+    (void)pOptDesc;
     (void)pOptions;
-    USAGE(NTPSNMPD_EXIT_SUCCESS);
 }
-/* extracted from optmain.tlib near line 128 */
+/* extracted from optmain.tlib near line 48 */
 
 #if defined(TEST_NTPSNMPD_OPTS) /* TEST MAIN PROCEDURE: */
 
 extern void optionPutShell(tOptions*);
 
+/**
+ * Generated main procedure.  This will emit text that a Bourne shell can
+ * process to handle its command line arguments.
+ *
+ * @param argc argument count
+ * @param argv argument vector
+ * @returns program exit code
+ */
 int
 main(int argc, char ** argv)
 {
@@ -356,12 +377,19 @@ main(int argc, char ** argv)
     return res;
 }
 #endif  /* defined TEST_NTPSNMPD_OPTS */
-/* extracted from optmain.tlib near line 1148 */
+/* extracted from optmain.tlib near line 1146 */
 
+/**
+ * The directory containing the data associated with ntpsnmpd.
+ */
 #ifndef  PKGDATADIR
 # define PKGDATADIR ""
 #endif
 
+/**
+ * Information about the person or institution that packaged ntpsnmpd
+ * for the current distribution.
+ */
 #ifndef  WITH_PACKAGER
 # define ntpsnmpd_packager_info NULL
 #else
@@ -377,7 +405,13 @@ static char const ntpsnmpd_packager_info
 # endif
     "\n";
 #endif
+#ifndef __doxygen__
 
+#endif /* __doxygen__ */
+/**
+ * The option definitions for ntpsnmpd.  The one structure that
+ * binds them all.
+ */
 tOptions ntpsnmpdOptions = {
     OPTIONS_STRUCT_VERSION,
     0, NULL,                    /* original argc + argv    */
@@ -422,7 +456,16 @@ tOptions ntpsnmpdOptions = {
 static char* AO_gettext(char const* pz);
 static void  coerce_it(void** s);
 
-static char*
+/**
+ * AutoGen specific wrapper function for gettext.
+ * It relies on the macro _() to convert from English to the target
+ * language, then strdup-duplicates the result string.
+ *
+ * @param[in] pz the input text used as a lookup key.
+ * @returns the translated text (if there is one),
+ *   or the original text (if not).
+ */
+static char *
 AO_gettext(char const* pz)
 {
     char* pzRes;
@@ -442,8 +485,9 @@ AO_gettext(char const* pz)
 static void coerce_it(void** s) { *s = AO_gettext(*s);
 }
 
-/*
- *  This invokes the translation code (e.g. gettext(3)).
+/**
+ * Translate all the translatable strings in the ntpsnmpdOptions
+ * structure defined above.  This is done only once.
  */
 static void
 translate_option_strings(void)

==== ntpsnmpd/ntpsnmpd-opts.h ====
2012-08-12 04:32:19+00:00, stenn at psp-fb1.ntp.org +13 -5
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.297/ntpsnmpd/ntpsnmpd-opts.h	2012-08-11 07:33:24 -04:00
+++ 1.298/ntpsnmpd/ntpsnmpd-opts.h	2012-08-12 00:32:19 -04:00
@@ -1,11 +1,11 @@
 /*  
  *  EDIT THIS FILE WITH CAUTION  (ntpsnmpd-opts.h)
  *  
- *  It has been AutoGen-ed  August 11, 2012 at 11:32:35 AM by AutoGen 5.14
+ *  It has been AutoGen-ed  August 11, 2012 at 08:39:31 PM by AutoGen 5.16.2
  *  From the definitions    ntpsnmpd-opts.def
  *  and the template file   options
  *
- * Generated from AutoOpts 36:1:11 templates.
+ * Generated from AutoOpts 36:5:11 templates.
  *
  *  AutoOpts is a copyrighted work.  This header file is not encumbered
  *  by AutoOpts licensing, but is provided under the licensing terms chosen
@@ -53,7 +53,7 @@
  *  tolerable version is at least as old as what was current when the header
  *  template was released.
  */
-#define AO_TEMPLATE_VERSION 147457
+#define AO_TEMPLATE_VERSION 147461
 #if (AO_TEMPLATE_VERSION < OPTIONS_MINIMUM_VERSION) \
  || (AO_TEMPLATE_VERSION > OPTIONS_STRUCT_VERSION)
 # error option template version mismatches autoopts/options.h header
@@ -105,7 +105,9 @@ typedef enum {
  */
 typedef enum {
     NTPSNMPD_EXIT_SUCCESS = 0,
-    NTPSNMPD_EXIT_FAILURE = 1
+    NTPSNMPD_EXIT_FAILURE = 1,
+    NTPSNMPD_EXIT_NO_CONFIG_INPUT = 66,
+    NTPSNMPD_EXIT_LIBOPTS_FAILURE = 70
 } ntpsnmpd_exit_code_t;
 /*
  *  Make sure there are no #define name conflicts with the option names
@@ -155,7 +157,7 @@ typedef enum {
                 ntpsnmpdOptions.pzCurOpt  = NULL)
 #define START_OPT       RESTART_OPT(1)
 #define USAGE(c)        (*ntpsnmpdOptions.pUsageProc)(&ntpsnmpdOptions, c)
-/* extracted from opthead.tlib near line 469 */
+/* extracted from opthead.tlib near line 484 */
 
 #ifdef  __cplusplus
 extern "C" {
@@ -171,6 +173,12 @@ extern tOptions ntpsnmpdOptions;
 #if defined(ENABLE_NLS)
 # ifndef _
 #   include <stdio.h>
+#   ifndef HAVE_GETTEXT
+      extern char * gettext(char const *);
+#   else
+#     include <libintl.h>
+#   endif
+
 static inline char* aoGetsText(char const* pz) {
     if (pz == NULL) return NULL;
     return (char*)gettext(pz);

==== ntpsnmpd/ntpsnmpd.1ntpsnmpdman ====
2012-08-12 04:32:19+00:00, stenn at psp-fb1.ntp.org +10 -3
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.111/ntpsnmpd/ntpsnmpd.1ntpsnmpdman	2012-08-11 07:33:24 -04:00
+++ 1.112/ntpsnmpd/ntpsnmpd.1ntpsnmpdman	2012-08-12 00:32:19 -04:00
@@ -2,7 +2,7 @@
 .\"
 .\"  EDIT THIS FILE WITH CAUTION  (ntpsnmpd-opts.man)
 .\"  
-.\"  It has been AutoGen-ed  August 11, 2012 at 11:32:39 AM by AutoGen 5.14
+.\"  It has been AutoGen-ed  August 11, 2012 at 08:58:32 PM by AutoGen 5.16.2
 .\"  From the definitions    ntpsnmpd-opts.def
 .\"  and the template file   agman-cmd.tpl
 .\"
@@ -75,11 +75,18 @@ See \fBOPTION PRESETS\fP for configurati
 .SH "EXIT STATUS"
 One of the following exit values will be returned:
 .TP
-.BR 0
+.BR 0 " (EXIT_SUCCESS)"
 Successful program execution.
 .TP
-.BR 1
+.BR 1 " (EXIT_FAILURE)"
 The operation failed or the command syntax was not valid.
+.TP
+.BR 66 " (EX_NOINPUT)"
+A specified configuration file could not be loaded.
+.TP
+.BR 70 " (EX_SOFTWARE)"
+libopts had an internal operational error.  Please report
+it to autogen-users at lists.sourceforge.net.  Thank you.
 .SH AUTHORS
 .An "Heiko Gerstung"
 .SH "COPYRIGHT"

==== ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc ====
2012-08-12 04:32:19+00:00, stenn at psp-fb1.ntp.org +13 -6
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.111/ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc	2012-08-11 07:33:24 -04:00
+++ 1.112/ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc	2012-08-12 00:32:19 -04:00
@@ -1,9 +1,9 @@
 .Dd August 11 2012
 .Dt NTPSNMPD 1ntpsnmpdmdoc User Commands
-.Os SunOS 5.10
+.Os FreeBSD 6.4-STABLE
 .\"  EDIT THIS FILE WITH CAUTION  (ntpsnmpd-opts.mdoc)
 .\"  
-.\"  It has been AutoGen-ed  August 11, 2012 at 11:32:42 AM by AutoGen 5.14
+.\"  It has been AutoGen-ed  August 11, 2012 at 08:58:28 PM by AutoGen 5.16.2
 .\"  From the definitions    ntpsnmpd-opts.def
 .\"  and the template file   agmdoc-cmd.tpl
 .Sh NAME
@@ -24,16 +24,18 @@ All arguments must be options.
 .It  \-n ", " -\-nofork
 Do not fork.
 .sp
+.sp
 .It  \-p ", " -\-syslog
 Log to syslog().
 .sp
+.sp
 .It  \-\-agentxsocket "=\fIstring\fP"
-The socket address ntpsnmpd uses to connect to net-snmpd.
+The socket address ntpsnmpd uses to connect to net\-snmpd.
 The default \fIstring\fP for this option is:
 .ti +4
  unix:/var/agentx/master
 .sp
-[<transport-specifier>:]<transport-address>
+[<transport\-specifier>:]<transport\-address>
 The default is the Unix Domain socket "unix:/var/agentx/master". Another common alternative is tcp:localhost:705.
 .It \-? , " \-\-help"
 Display usage information and exit.
@@ -72,10 +74,15 @@ See \fBOPTION PRESETS\fP for configurati
 .Sh "EXIT STATUS"
 One of the following exit values will be returned:
 .Bl -tag
-.It 0
+.It 0 " (EXIT_SUCCESS)"
 Successful program execution.
-.It 1
+.It 1 " (EXIT_FAILURE)"
 The operation failed or the command syntax was not valid.
+.It 66 " (EX_NOINPUT)"
+A specified configuration file could not be loaded.
+.It 70 " (EX_SOFTWARE)"
+libopts had an internal operational error.  Please report
+it to autogen-users at lists.sourceforge.net.  Thank you.
 .El
 .Sh AUTHORS
 .An "Heiko Gerstung"

==== ntpsnmpd/ntpsnmpd.man.in ====
2012-08-12 04:32:19+00:00, stenn at psp-fb1.ntp.org +10 -3
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.111/ntpsnmpd/ntpsnmpd.man.in	2012-08-11 07:33:24 -04:00
+++ 1.112/ntpsnmpd/ntpsnmpd.man.in	2012-08-12 00:32:19 -04:00
@@ -2,7 +2,7 @@
 .\"
 .\"  EDIT THIS FILE WITH CAUTION  (ntpsnmpd-opts.man)
 .\"  
-.\"  It has been AutoGen-ed  August 11, 2012 at 11:32:39 AM by AutoGen 5.14
+.\"  It has been AutoGen-ed  August 11, 2012 at 08:58:32 PM by AutoGen 5.16.2
 .\"  From the definitions    ntpsnmpd-opts.def
 .\"  and the template file   agman-cmd.tpl
 .\"
@@ -75,11 +75,18 @@ See \fBOPTION PRESETS\fP for configurati
 .SH "EXIT STATUS"
 One of the following exit values will be returned:
 .TP
-.BR 0
+.BR 0 " (EXIT_SUCCESS)"
 Successful program execution.
 .TP
-.BR 1
+.BR 1 " (EXIT_FAILURE)"
 The operation failed or the command syntax was not valid.
+.TP
+.BR 66 " (EX_NOINPUT)"
+A specified configuration file could not be loaded.
+.TP
+.BR 70 " (EX_SOFTWARE)"
+libopts had an internal operational error.  Please report
+it to autogen-users at lists.sourceforge.net.  Thank you.
 .SH AUTHORS
 .An "Heiko Gerstung"
 .SH "COPYRIGHT"

==== ntpsnmpd/ntpsnmpd.mdoc.in ====
2012-08-12 04:32:19+00:00, stenn at psp-fb1.ntp.org +13 -6
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.111/ntpsnmpd/ntpsnmpd.mdoc.in	2012-08-11 07:33:24 -04:00
+++ 1.112/ntpsnmpd/ntpsnmpd.mdoc.in	2012-08-12 00:32:19 -04:00
@@ -1,9 +1,9 @@
 .Dd August 11 2012
 .Dt NTPSNMPD @NTPSNMPD_MS@ User Commands
-.Os SunOS 5.10
+.Os FreeBSD 6.4-STABLE
 .\"  EDIT THIS FILE WITH CAUTION  (ntpsnmpd-opts.mdoc)
 .\"  
-.\"  It has been AutoGen-ed  August 11, 2012 at 11:32:42 AM by AutoGen 5.14
+.\"  It has been AutoGen-ed  August 11, 2012 at 08:58:28 PM by AutoGen 5.16.2
 .\"  From the definitions    ntpsnmpd-opts.def
 .\"  and the template file   agmdoc-cmd.tpl
 .Sh NAME
@@ -24,16 +24,18 @@ All arguments must be options.
 .It  \-n ", " -\-nofork
 Do not fork.
 .sp
+.sp
 .It  \-p ", " -\-syslog
 Log to syslog().
 .sp
+.sp
 .It  \-\-agentxsocket "=\fIstring\fP"
-The socket address ntpsnmpd uses to connect to net-snmpd.
+The socket address ntpsnmpd uses to connect to net\-snmpd.
 The default \fIstring\fP for this option is:
 .ti +4
  unix:/var/agentx/master
 .sp
-[<transport-specifier>:]<transport-address>
+[<transport\-specifier>:]<transport\-address>
 The default is the Unix Domain socket "unix:/var/agentx/master". Another common alternative is tcp:localhost:705.
 .It \-? , " \-\-help"
 Display usage information and exit.
@@ -72,10 +74,15 @@ See \fBOPTION PRESETS\fP for configurati
 .Sh "EXIT STATUS"
 One of the following exit values will be returned:
 .Bl -tag
-.It 0
+.It 0 " (EXIT_SUCCESS)"
 Successful program execution.
-.It 1
+.It 1 " (EXIT_FAILURE)"
 The operation failed or the command syntax was not valid.
+.It 66 " (EX_NOINPUT)"
+A specified configuration file could not be loaded.
+.It 70 " (EX_SOFTWARE)"
+libopts had an internal operational error.  Please report
+it to autogen-users at lists.sourceforge.net.  Thank you.
 .El
 .Sh AUTHORS
 .An "Heiko Gerstung"

==== scripts/invoke-ntp-wait.texi ====
2012-08-12 04:32:19+00:00, stenn at psp-fb1.ntp.org +21 -24
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.100/scripts/invoke-ntp-wait.texi	2012-08-11 16:05:27 -04:00
+++ 1.101/scripts/invoke-ntp-wait.texi	2012-08-12 00:32:19 -04:00
@@ -6,13 +6,29 @@
 # 
 # EDIT THIS FILE WITH CAUTION  (invoke-ntp-wait.texi)
 # 
-# It has been AutoGen-ed  August 11, 2012 at 11:29:48 AM by AutoGen 5.14
+# It has been AutoGen-ed  August 11, 2012 at 08:55:31 PM by AutoGen 5.16.2
 # From the definitions    ntp-wait-opts.def
 # and the template file   agtexi-cmd.tpl
 @end ignore
 
 
 
+ at code{ntp-wait}
+will send at most
+.Ar
+num-tries
+queries to
+ at code{ntpd(8)},
+sleeping for
+.Ar
+secs-between-tries
+after each status return that says
+ at code{ntpd(8)}
+has not yet produced a synchronized and stable system clock.
+
+ at code{ntp-wait}
+will do this quietly, unless the
+ at code{-v} flag is provided.
 
 This section was generated by @strong{AutoGen},
 using the @code{agtexi-cmd} template and the option descriptions for the @code{ntp-wait} program.
@@ -25,7 +41,6 @@ This software is released under the NTP 
 * ntp-wait ::                        option (-v)
 * ntp-wait config::                 presetting/configuring ntp-wait
 * ntp-wait exit status::            exit status
-* ntp-wait Description::            Description
 * ntp-wait Authors::                Authors
 @end menu
 
@@ -43,19 +58,7 @@ with a status code of 0.
 
 @exampleindent 0
 @example
-/deacon/backroom/snaps/ntp-dev/A.snap/scripts/ntp-wait version [unknown] calling Getopt::Std::getopts (version 1.05 [paranoid]),
-running under Perl version 5.8.8.
-
-Usage: ntp-wait [-OPTIONS [-MORE_OPTIONS]] [--] [PROGRAM_ARG1 ...]
-
-The following single-character options are accepted:
-        With arguments: -n -s
-        Boolean (without arguments): -v
-
-Options may be merged together.  -- stops processing of options.
-Space is not required between options and their arguments.
-  [Now continuing due to backward compatibility and excessive paranoia.
-   See ``perldoc Getopt::Std'' about $Getopt::Std::STANDARD_HELP_VERSION.]
+Unknown option: ?
 @end example
 @exampleindent 4
 
@@ -123,14 +126,8 @@ Successful program execution.
 @item 1 (EXIT_FAILURE)
 The operation failed or the command syntax was not valid.
 @end table
- at node ntp-wait Description
- at subsection ntp-wait Description
-will send at most
-queries to
-sleeping for
-after each status return that says
-has not yet produced a synchronized and stable system clock.
-will do this quietly, unless the
-flag is provided.
 @node ntp-wait Authors
 @subsection ntp-wait Authors
+.An
+"Harlan
+Stenn"

==== scripts/ntp-wait.1ntp-waitman ====
2012-08-12 04:32:19+00:00, stenn at psp-fb1.ntp.org +6 -6
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.111/scripts/ntp-wait.1ntp-waitman	2012-08-11 07:33:24 -04:00
+++ 1.112/scripts/ntp-wait.1ntp-waitman	2012-08-12 00:32:19 -04:00
@@ -2,7 +2,7 @@
 .\"
 .\"  EDIT THIS FILE WITH CAUTION  (ntp-wait-opts.man)
 .\"  
-.\"  It has been AutoGen-ed  August 11, 2012 at 11:29:45 AM by AutoGen 5.14
+.\"  It has been AutoGen-ed  August 11, 2012 at 08:55:33 PM by AutoGen 5.16.2
 .\"  From the definitions    ntp-wait-opts.def
 .\"  and the template file   agman-cmd.tpl
 .\"
@@ -16,7 +16,7 @@ ntp-wait \- Wait for ntpd to stabilize t
 All arguments must be options.
 .PP
 .SH DESCRIPTION
-.B 
+.B XXX Program Name
 will send at most
 \fInum-tries\fR
 queries to
@@ -27,7 +27,7 @@ after each status return that says
 .Xr ntpd 8
 has not yet produced a synchronized and stable system clock.
 .PP
-.B 
+.B XXX Program Name
 will do this quietly, unless the
 v
 flag is provided.
@@ -50,7 +50,7 @@ The default \fIsecs\-between\-tries\fP f
 .ti +4
  6
 .sp
-We will sleep for @file{secs-between-tries} after each query of ntpd
+We will sleep for \fIsecs-between-tries\fP after each query of ntpd
 that returns "the time is not yet stable".
 .TP
 .BR \-v ", " -\-
@@ -81,10 +81,10 @@ See \fBOPTION PRESETS\fP for configurati
 .SH "EXIT STATUS"
 One of the following exit values will be returned:
 .TP
-.BR 0
+.BR 0 " (EXIT_SUCCESS)"
 Successful program execution.
 .TP
-.BR 1
+.BR 1 " (EXIT_FAILURE)"
 The operation failed or the command syntax was not valid.
 .SH AUTHORS
 .An "Harlan Stenn"

==== scripts/ntp-wait.1ntp-waitmdoc ====
2012-08-12 04:32:19+00:00, stenn at psp-fb1.ntp.org +6 -6
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.111/scripts/ntp-wait.1ntp-waitmdoc	2012-08-11 07:33:24 -04:00
+++ 1.112/scripts/ntp-wait.1ntp-waitmdoc	2012-08-12 00:32:19 -04:00
@@ -1,9 +1,9 @@
 .Dd August 11 2012
 .Dt NTP_WAIT 1ntp-waitmdoc User Commands
-.Os SunOS 5.10
+.Os FreeBSD 6.4-STABLE
 .\"  EDIT THIS FILE WITH CAUTION  (ntp-wait-opts.mdoc)
 .\"  
-.\"  It has been AutoGen-ed  August 11, 2012 at 11:29:49 AM by AutoGen 5.14
+.\"  It has been AutoGen-ed  August 11, 2012 at 08:55:29 PM by AutoGen 5.16.2
 .\"  From the definitions    ntp-wait-opts.def
 .\"  and the template file   agmdoc-cmd.tpl
 .Sh NAME
@@ -52,12 +52,12 @@ The default \fIsecs\-between\-tries\fP f
 .ti +4
  6
 .sp
-We will sleep for @file{secs-between-tries} after each query of ntpd
+We will sleep for \fIsecs\-between\-tries\fP after each query of ntpd
 that returns "the time is not yet stable".
 .It  \-v ", " -\-
 Be verbose.
 .sp
-By default, ntp-wait is silent.  With this option, ntp-wait
+By default, ntp\-wait is silent.  With this option, ntp\-wait
 will provide status information.
 .It \-? , " \-\-help"
 Display usage information and exit.
@@ -80,9 +80,9 @@ See \fBOPTION PRESETS\fP for configurati
 .Sh "EXIT STATUS"
 One of the following exit values will be returned:
 .Bl -tag
-.It 0
+.It 0 " (EXIT_SUCCESS)"
 Successful program execution.
-.It 1
+.It 1 " (EXIT_FAILURE)"
 The operation failed or the command syntax was not valid.
 .El
 .Sh AUTHORS

==== scripts/ntp-wait.html ====
2012-08-12 04:32:19+00:00, stenn at psp-fb1.ntp.org +162 -37
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.115/scripts/ntp-wait.html	2012-08-11 07:33:24 -04:00
+++ 1.116/scripts/ntp-wait.html	2012-08-12 00:32:19 -04:00
@@ -3,7 +3,7 @@
 <title>Ntp-wait User's Manual</title>
 <meta http-equiv="Content-Type" content="text/html">
 <meta name="description" content="Ntp-wait User's Manual">
-<meta name="generator" content="makeinfo 4.7">
+<meta name="generator" content="makeinfo 4.13">
 <link title="Top" rel="top" href="#Top">
 <link href="http://www.gnu.org/software/texinfo/" rel="generator-home" title="Texinfo Homepage">
 <meta http-equiv="Content-Style-Type" content="text/css">
@@ -14,18 +14,20 @@
   pre.smallformat  { font-family:inherit; font-size:smaller }
   pre.smallexample { font-size:smaller }
   pre.smalllisp    { font-size:smaller }
-  span.sc { font-variant:small-caps }
-  span.roman { font-family: serif; font-weight: normal; } 
+  span.sc    { font-variant:small-caps }
+  span.roman { font-family:serif; font-weight:normal; } 
+  span.sansserif { font-family:sans-serif; font-weight:normal; } 
 --></style>
 </head>
 <body>
 <h1 class="settitle">Ntp-wait User's Manual</h1>
 <div class="node">
+<a name="Top"></a>
 <p><hr>
-<a name="Top"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dwait-Description">ntp-wait Description</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dwait-Description">ntp-wait Description</a>,
 Previous: <a rel="previous" accesskey="p" href="#dir">(dir)</a>,
 Up: <a rel="up" accesskey="u" href="#dir">(dir)</a>
-<br>
+
 </div>
 
 <h2 class="unnumbered">Simple Network Time Protocol User Manual</h2>
@@ -55,9 +57,11 @@ IETF specification.
 </ul>
 
 <div class="node">
-<p><hr>
+<a name="ntp-wait-Description"></a>
 <a name="ntp_002dwait-Description"></a>
-<br>
+<p><hr>
+
+
 </div>
 
 <!-- node-name,  next,  previous,  up -->
@@ -76,71 +80,192 @@ the +4.567 +/- 0.089 secs indicates the 
 error bound of the system clock relative to the server clock.
 
 <div class="node">
-<p><hr>
+<a name="ntp-wait-Invocation"></a>
 <a name="ntp_002dwait-Invocation"></a>
-<br>
+<p><hr>
+
+
 </div>
 
 <h3 class="section">Invoking ntp-wait</h3>
 
 <p><a name="index-ntp_002dwait-1"></a><a name="index-Wait-for-ntpd-to-stabilize-the-system-clock-2"></a>
 
-  <p>This section was generated by <strong>AutoGen</strong>,
-the aginfo template and the option descriptions for the <span class="command">ntp-wait</span> program.  It documents the <span class="command">ntp-wait</span> usage text and option meanings.
+  <p><code>ntp-wait</code>
+will send at most
+.Ar
+num-tries
+queries to
+<code>ntpd(8)</code>,
+sleeping for
+.Ar
+secs-between-tries
+after each status return that says
+<code>ntpd(8)</code>
+has not yet produced a synchronized and stable system clock.
+
+  <p><code>ntp-wait</code>
+will do this quietly, unless the
+<code>-v</code> flag is provided.
 
-  <p>This software is released under a specialized copyright license.
+  <p>This section was generated by <strong>AutoGen</strong>,
+using the <code>agtexi-cmd</code> template and the option descriptions for the <code>ntp-wait</code> program. 
+This software is released under the NTP license, <http://ntp.org/license>.
 
 <ul class="menu">
-<li><a accesskey="1" href="#ntp_002dwait-usage">ntp-wait usage</a>:                   ntp-wait usage help (-?) 
-<li><a accesskey="2" href="#ntp_002dwait">ntp-wait </a>:                        option (-n)
-<li><a accesskey="3" href="#ntp_002dwait">ntp-wait </a>:                        option (-s)
-<li><a accesskey="4" href="#ntp_002dwait">ntp-wait </a>:                        option (-v)
+<li><a accesskey="1" href="#ntp_002dwait-usage">ntp-wait usage</a>:                   ntp-wait help/usage (-?) 
+<li><a accesskey="2" href="#ntp_002dwait">ntp-wait </a>:                         option (-n)
+<li><a accesskey="3" href="#ntp_002dwait">ntp-wait </a>:                         option (-s)
+<li><a accesskey="4" href="#ntp_002dwait">ntp-wait </a>:                         option (-v)
+<li><a accesskey="5" href="#ntp_002dwait-config">ntp-wait config</a>:                  presetting/configuring ntp-wait
+<li><a accesskey="6" href="#ntp_002dwait-exit-status">ntp-wait exit status</a>:             exit status
+<li><a accesskey="7" href="#ntp_002dwait-Authors">ntp-wait Authors</a>:                 Authors
 </ul>
 
 <div class="node">
+<a name="ntp-wait-usage"></a>
+<a name="ntp_002dwait-usage"></a>
 <p><hr>
-<a name="ntp_002dwait-usage"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dwait">ntp-wait</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dwait">ntp-wait</a>,
 Up: <a rel="up" accesskey="u" href="#ntp_002dwait-Invocation">ntp-wait Invocation</a>
-<br>
+
 </div>
 
-<h4 class="subsection">ntp-wait usage help (-?)</h4>
+<h4 class="subsection">ntp-wait help/usage (-?)</h4>
 
-<p><a name="index-ntp_002dwait_002dusage-3"></a>
-This is the automatically generated usage text for ntp-wait:
+<p><a name="index-ntp_002dwait-help-3"></a>
+This is the automatically generated usage text for ntp-wait. 
+The text printed is the same whether for the <code>help</code> option (-?) or the <code>more-help</code> option (-!).  <code>more-help</code> will print
+the usage text by passing it through a pager program. 
+<code>more-help</code> is disabled on platforms without a working
+<code>fork(2)</code> function.  The <code>PAGER</code> environment variable is
+used to select the program, defaulting to <samp><span class="file">more</span></samp>.  Both will exit
+with a status code of 0.
 
-<pre class="example">/deacon/backroom/snaps/ntp-dev/A.snap/scripts/ntp-wait version [unknown] calling Getopt::Std::getopts (version 1.05 [paranoid]),
-running under Perl version 5.8.8.
+<pre class="example">Unknown option: ?
+</pre>
+  <div class="node">
+<a name="ntp-wait"></a>
+<a name="ntp_002dwait"></a>
+<p><hr>
+Next: <a rel="next" accesskey="n" href="#ntp_002dwait-config">ntp-wait config</a>,
+Previous: <a rel="previous" accesskey="p" href="#ntp_002dwait">ntp-wait</a>,
+Up: <a rel="up" accesskey="u" href="#ntp_002dwait-Invocation">ntp-wait Invocation</a>
 
-Usage: ntp-wait [-OPTIONS [-MORE_OPTIONS]] [--] [PROGRAM_ARG1 ...]
+</div>
 
-The following single-character options are accepted:
-        With arguments: -n -s
-        Boolean (without arguments): -v
+<h4 class="subsection">option (-n)</h4>
 
-Options may be merged together.  -- stops processing of options.
-Space is not required between options and their arguments.
-  [Now continuing due to backward compatibility and excessive paranoia.
-   See ``perldoc Getopt::Std'' about $Getopt::Std::STANDARD_HELP_VERSION.]
-</pre>
-  <div class="node">
+<p><a name="index-ntp_002dwait_002d-4"></a>
+This is the “number of times to check ntpd” option. 
+This option takes an argument number <samp><span class="file">num-tries</span></samp>. 
+The maximum number of times we will check ntpd to see if it
+has been able to synchronize and stabilize the system clock. 
+<div class="node">
+<a name="ntp-wait"></a>
+<a name="ntp_002dwait"></a>
 <p><hr>
-<a name="ntp_002dwait"></a>Previous: <a rel="previous" accesskey="p" href="#ntp_002dwait">ntp-wait</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dwait-config">ntp-wait config</a>,
+Previous: <a rel="previous" accesskey="p" href="#ntp_002dwait">ntp-wait</a>,
 Up: <a rel="up" accesskey="u" href="#ntp_002dwait-Invocation">ntp-wait Invocation</a>
-<br>
+
+</div>
+
+<h4 class="subsection">option (-s)</h4>
+
+<p><a name="index-ntp_002dwait_002d-5"></a>
+This is the “how long to sleep between tries” option. 
+This option takes an argument number <samp><span class="file">secs-between-tries</span></samp>. 
+We will sleep for <samp><span class="file">secs-between-tries</span></samp> after each query of ntpd
+that returns "the time is not yet stable". 
+<div class="node">
+<a name="ntp-wait"></a>
+<a name="ntp_002dwait"></a>
+<p><hr>
+Next: <a rel="next" accesskey="n" href="#ntp_002dwait-config">ntp-wait config</a>,
+Previous: <a rel="previous" accesskey="p" href="#ntp_002dwait">ntp-wait</a>,
+Up: <a rel="up" accesskey="u" href="#ntp_002dwait-Invocation">ntp-wait Invocation</a>
+
 </div>
 
 <h4 class="subsection">option (-v)</h4>
 
-<p><a name="index-ntp_002dwait_002d-4"></a>
+<p><a name="index-ntp_002dwait_002d-6"></a>
 This is the “be verbose” option. 
 By default, ntp-wait is silent.  With this option, ntp-wait
 will provide status information.
 
 <div class="node">
+<a name="ntp-wait-config"></a>
+<a name="ntp_002dwait-config"></a>
+<p><hr>
+Next: <a rel="next" accesskey="n" href="#ntp_002dwait-exit-status">ntp-wait exit status</a>,
+Previous: <a rel="previous" accesskey="p" href="#ntp_002dwait">ntp-wait</a>,
+Up: <a rel="up" accesskey="u" href="#ntp_002dwait-Invocation">ntp-wait Invocation</a>
+
+</div>
+
+<h4 class="subsection">presetting/configuring ntp-wait</h4>
+
+<p>Any option that is not marked as <i>not presettable</i> may be preset by
+loading values from environment variables named <code>NTP-WAIT</code> and <code>NTP-WAIT_<OPTION_NAME></code>.  <code><OPTION_NAME></code> must be one of
+the options listed above in upper case and segmented with underscores. 
+The <code>NTP-WAIT</code> variable will be tokenized and parsed like
+the command line.  The remaining variables are tested for existence and their
+values are treated like option arguments.
+
+  <p>The command line options relating to configuration and/or usage help are:
+
+<h5 class="subsubheading">version (-)</h5>
+
+<p>Print the program version to standard out, optionally with licensing
+information, then exit 0.  The optional argument specifies how much licensing
+detail to provide.  The default is to print just the version.  The licensing infomation may be selected with an option argument.  Only the
+first letter of the argument is examined:
+
+     <dl>
+<dt>‘<samp><span class="samp">version</span></samp>’<dd>Only print the version.  This is the default. 
+<br><dt>‘<samp><span class="samp">copyright</span></samp>’<dd>Name the copyright usage licensing terms. 
+<br><dt>‘<samp><span class="samp">verbose</span></samp>’<dd>Print the full copyright usage licensing terms. 
+</dl>
+
+<div class="node">
+<a name="ntp-wait-exit-status"></a>
+<a name="ntp_002dwait-exit-status"></a>
 <p><hr>
+Next: <a rel="next" accesskey="n" href="#ntp_002dwait-Authors">ntp-wait Authors</a>,
+Previous: <a rel="previous" accesskey="p" href="#ntp_002dwait-config">ntp-wait config</a>,
+Up: <a rel="up" accesskey="u" href="#ntp_002dwait-Invocation">ntp-wait Invocation</a>
+
+</div>
+
+<h4 class="subsection">ntp-wait exit status</h4>
+
+<p>One of the following exit values will be returned:
+     <dl>
+<dt>‘<samp><span class="samp">0 (EXIT_SUCCESS)</span></samp>’<dd>Successful program execution. 
+<br><dt>‘<samp><span class="samp">1 (EXIT_FAILURE)</span></samp>’<dd>The operation failed or the command syntax was not valid. 
+</dl>
+  <div class="node">
+<a name="ntp-wait-Authors"></a>
+<a name="ntp_002dwait-Authors"></a>
+<p><hr>
+Previous: <a rel="previous" accesskey="p" href="#ntp_002dwait-exit-status">ntp-wait exit status</a>,
+Up: <a rel="up" accesskey="u" href="#ntp_002dwait-Invocation">ntp-wait Invocation</a>
+
+</div>
+
+<h4 class="subsection">ntp-wait Authors</h4>
+
+<p>.An
+"Harlan
+Stenn"
+
+<div class="node">
 <a name="Usage"></a>
-<br>
+<p><hr>
+
+
 </div>
 
 <!-- node-name,  next,  previous,  up -->

==== scripts/ntp-wait.man.in ====
2012-08-12 04:32:19+00:00, stenn at psp-fb1.ntp.org +6 -6
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.111/scripts/ntp-wait.man.in	2012-08-11 07:33:24 -04:00
+++ 1.112/scripts/ntp-wait.man.in	2012-08-12 00:32:19 -04:00
@@ -2,7 +2,7 @@
 .\"
 .\"  EDIT THIS FILE WITH CAUTION  (ntp-wait-opts.man)
 .\"  
-.\"  It has been AutoGen-ed  August 11, 2012 at 11:29:45 AM by AutoGen 5.14
+.\"  It has been AutoGen-ed  August 11, 2012 at 08:55:33 PM by AutoGen 5.16.2
 .\"  From the definitions    ntp-wait-opts.def
 .\"  and the template file   agman-cmd.tpl
 .\"
@@ -16,7 +16,7 @@ ntp-wait \- Wait for ntpd to stabilize t
 All arguments must be options.
 .PP
 .SH DESCRIPTION
-.B 
+.B XXX Program Name
 will send at most
 \fInum-tries\fR
 queries to
@@ -27,7 +27,7 @@ after each status return that says
 .Xr ntpd 8
 has not yet produced a synchronized and stable system clock.
 .PP
-.B 
+.B XXX Program Name
 will do this quietly, unless the
 v
 flag is provided.
@@ -50,7 +50,7 @@ The default \fIsecs\-between\-tries\fP f
 .ti +4
  6
 .sp
-We will sleep for @file{secs-between-tries} after each query of ntpd
+We will sleep for \fIsecs-between-tries\fP after each query of ntpd
 that returns "the time is not yet stable".
 .TP
 .BR \-v ", " -\-
@@ -81,10 +81,10 @@ See \fBOPTION PRESETS\fP for configurati
 .SH "EXIT STATUS"
 One of the following exit values will be returned:
 .TP
-.BR 0
+.BR 0 " (EXIT_SUCCESS)"
 Successful program execution.
 .TP
-.BR 1
+.BR 1 " (EXIT_FAILURE)"
 The operation failed or the command syntax was not valid.
 .SH AUTHORS
 .An "Harlan Stenn"

==== scripts/ntp-wait.mdoc.in ====
2012-08-12 04:32:19+00:00, stenn at psp-fb1.ntp.org +6 -6
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.111/scripts/ntp-wait.mdoc.in	2012-08-11 07:33:24 -04:00
+++ 1.112/scripts/ntp-wait.mdoc.in	2012-08-12 00:32:19 -04:00
@@ -1,9 +1,9 @@
 .Dd August 11 2012
 .Dt NTP_WAIT @NTP_WAIT_MS@ User Commands
-.Os SunOS 5.10
+.Os FreeBSD 6.4-STABLE
 .\"  EDIT THIS FILE WITH CAUTION  (ntp-wait-opts.mdoc)
 .\"  
-.\"  It has been AutoGen-ed  August 11, 2012 at 11:29:49 AM by AutoGen 5.14
+.\"  It has been AutoGen-ed  August 11, 2012 at 08:55:29 PM by AutoGen 5.16.2
 .\"  From the definitions    ntp-wait-opts.def
 .\"  and the template file   agmdoc-cmd.tpl
 .Sh NAME
@@ -52,12 +52,12 @@ The default \fIsecs\-between\-tries\fP f
 .ti +4
  6
 .sp
-We will sleep for @file{secs-between-tries} after each query of ntpd
+We will sleep for \fIsecs\-between\-tries\fP after each query of ntpd
 that returns "the time is not yet stable".
 .It  \-v ", " -\-
 Be verbose.
 .sp
-By default, ntp-wait is silent.  With this option, ntp-wait
+By default, ntp\-wait is silent.  With this option, ntp\-wait
 will provide status information.
 .It \-? , " \-\-help"
 Display usage information and exit.
@@ -80,9 +80,9 @@ See \fBOPTION PRESETS\fP for configurati
 .Sh "EXIT STATUS"
 One of the following exit values will be returned:
 .Bl -tag
-.It 0
+.It 0 " (EXIT_SUCCESS)"
 Successful program execution.
-.It 1
+.It 1 " (EXIT_FAILURE)"
 The operation failed or the command syntax was not valid.
 .El
 .Sh AUTHORS

==== sntp/include/autogen-version.def ====
2012-08-12 04:32:20+00:00, stenn at psp-fb1.ntp.org +1 -1
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.11/sntp/include/autogen-version.def	2012-07-20 05:59:36 -04:00
+++ 1.12/sntp/include/autogen-version.def	2012-08-12 00:32:20 -04:00
@@ -1,2 +1,2 @@
-#assert (version-compare >= autogen-version "5.16.1")
+#assert (version-compare >= autogen-version "5.16.2")
 guard-option-names;

==== sntp/invoke-sntp.texi ====
2012-08-12 04:32:19+00:00, stenn at psp-fb1.ntp.org +67 -59
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.278/sntp/invoke-sntp.texi	2012-08-11 16:05:27 -04:00
+++ 1.279/sntp/invoke-sntp.texi	2012-08-12 00:32:19 -04:00
@@ -6,55 +6,81 @@
 # 
 # EDIT THIS FILE WITH CAUTION  (invoke-sntp.texi)
 # 
-# It has been AutoGen-ed  August 11, 2012 at 11:33:04 AM by AutoGen 5.14
+# It has been AutoGen-ed  August 11, 2012 at 08:59:07 PM by AutoGen 5.16.2
 # From the definitions    sntp-opts.def
 # and the template file   agtexi-cmd.tpl
 @end ignore
 
 
+
 @code{sntp}
 can be used as an SNTP client to query a NTP or SNTP server and either display
 the time or set the local system's time (given suitable privilege).  It can be
-run as an interactive command or in a
- at code{cron}
+run as an interactive command or from a
+.Ic
+cron
 job.
 
 NTP (the Network Time Protocol) and SNTP (the Simple Network Time Protocol)
 are defined and described by RFC 5905.
 
- at indent
+.PP
 The default is to write the estimated correct local date and time (i.e. not
-UTC) to the standard output in a format like
- at example
-1996-10-15 20:17:25.123 (+0800) +4.567 +/- 0.089 [host] IP sN
- at end example
-where the
- at example
+UTC) to the standard output in a format like:
+
+.Ic
+"'1996-10-15
+20:17:25.123
 (+0800)
- at end example
++4.567
++/-
+0.089
+[host]
+IP
+sN'"
+
+where the
+.Ic
+"'(+0800)'"
 means that to get to UTC from the reported local time one must
 add 8 hours and 0 minutes,
 the
- at example
-+4.567
- at end example
+.Ic
+"'+4.567'"
 indicates the local clock is 4.567 seconds behind the correct time
 (so 4.567 seconds must be added to the local clock to get it to be correct).
 Note that the number of decimals printed for this value will change
 based on the reported precision of the server.
- at example
-+/- 0.089
- at end example
-is the reported @file{synchronization distance} (in seconds),
-which represents the maximum error due to all causes.
+.Ic
+"'+/-
+0.089'"
+is the reported
+.Em
+synchronization
+distance
+(in seconds), which represents the maximum error due to all causes.
 If the server does not report valid data needed to calculate the
 synchronization distance, this will be reported as
- at example
-+/- ?
- at end example
-If the @file{host} is different from the @file{IP}, both will be displayed.
-Otherwise, only the @file{IP} is displayed.
-Finally, the @file{stratum} is reported.
+.Ic
+"'+/-
+?'"
+.
+If the
+.Em
+host
+is different from the
+.Em
+IP
+,
+both will be displayed.
+Otherwise, only the 
+.Em
+IP
+is displayed.
+Finally, the
+.Em
+stratum
+of the host is reported.
 
 This section was generated by @strong{AutoGen},
 using the @code{agtexi-cmd} template and the option descriptions for the @code{sntp} program.
@@ -79,7 +105,6 @@ This software is released under the NTP 
 * sntp wait::                   wait option
 * sntp config::                 presetting/configuring sntp
 * sntp exit status::            exit status
-* sntp Description::            Description
 * sntp Usage::                  Usage
 * sntp Authors::                Authors
 * sntp Bugs::                   Bugs
@@ -437,39 +462,6 @@ A specified configuration file could not
 libopts had an internal operational error.  Please report
 it to autogen-users@@lists.sourceforge.net.  Thank you.
 @end table
- at node sntp Description
- at subsection sntp Description
-can be used as an SNTP client to query a NTP or SNTP server and either display
-the time or set the local system's time (given suitable privilege).  It can be
-run as an interactive command or from a
-job.
-
-NTP (the Network Time Protocol) and SNTP (the Simple Network Time Protocol)
-are defined and described by RFC 5905.
-
-The default is to write the estimated correct local date and time (i.e. not
-UTC) to the standard output in a format like:
-
-
-where the
-means that to get to UTC from the reported local time one must
-add 8 hours and 0 minutes,
-the
-indicates the local clock is 4.567 seconds behind the correct time
-(so 4.567 seconds must be added to the local clock to get it to be correct).
-Note that the number of decimals printed for this value will change
-based on the reported precision of the server.
-is the reported
-(in seconds), which represents the maximum error due to all causes.
-If the server does not report valid data needed to calculate the
-synchronization distance, this will be reported as
-If the
-is different from the
-both will be displayed.
-Otherwise, only the 
-is displayed.
-Finally, the
-of the host is reported.
 @node sntp Usage
 @subsection sntp Usage
 @table @samp
@@ -481,15 +473,31 @@ to check the current time and error in t
 With suitable privilege,
 run as a command
 or from a
+ at code{cron(8)}
 job,
+.Ic
+"sntp
+-a"
 will reset the local clock from a synchronized specified server,
 like the (deprecated)
+ at code{ntpdate(1ntpdatemdoc)},
 or
+ at code{rdate(8)}
 commands.
 
 @end multitable
 @node sntp Authors
 @subsection sntp Authors
+.An
+"Johannes
+Maximilian
+Kuehn"
+.An
+"Harlan
+Stenn"
+.An
+"Dave
+Hart"
 @node sntp Bugs
 @subsection sntp Bugs
 Please report bugs to http://bugs.ntp.org .

==== sntp/libopts/Makefile.am ====
2012-08-12 04:32:20+00:00, stenn at psp-fb1.ntp.org +4 -4
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.14/sntp/libopts/Makefile.am	2012-06-18 03:03:09 -04:00
+++ 1.15/sntp/libopts/Makefile.am	2012-08-12 00:32:20 -04:00
@@ -7,16 +7,16 @@ noinst_LTLIBRARIES      = libopts.la
 endif
 libopts_la_SOURCES      = libopts.c
 libopts_la_CPPFLAGS     = -I$(top_srcdir)
-libopts_la_LDFLAGS      = -version-info  36:4:11
+libopts_la_LDFLAGS      = -version-info  36:5:11
 EXTRA_DIST              = \
     COPYING.gplv3           COPYING.lgplv3          COPYING.mbsd  \
     MakeDefs.inc            README                  ag-char-map.h  \
     alias.c                 ao-strs.c               ao-strs.h  \
     autoopts/usage-txt.h    autoopts/project.h      autoopts/options.h  \
     autoopts.c              autoopts.h              boolean.c  \
-    check.c                 compat/compat.h         compat/windows-config.h  \
-    compat/strdup.c         compat/pathfind.c       compat/snprintf.c  \
-    compat/strchr.c         configfile.c            cook.c  \
+    check.c                 compat/strchr.c         compat/snprintf.c  \
+    compat/pathfind.c       compat/compat.h         compat/windows-config.h  \
+    compat/strdup.c         configfile.c            cook.c  \
     enum.c                  env.c                   file.c  \
     find.c                  genshell.c              genshell.h  \
     load.c                  m4/liboptschk.m4        m4/libopts.m4  \

==== sntp/libopts/ag-char-map.h ====
2012-08-12 04:32:20+00:00, stenn at psp-fb1.ntp.org +322 -308
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.17/sntp/libopts/ag-char-map.h	2012-06-18 03:03:09 -04:00
+++ 1.18/sntp/libopts/ag-char-map.h	2012-08-12 00:32:20 -04:00
@@ -1,6 +1,6 @@
 /*
- *  28 bits for 44 character classifications
- *  generated by char-mapper on 06/17/12 at 15:47:34
+ *  29 bits for 46 character classifications
+ *  generated by char-mapper on 08/11/12 at 09:41:13
  *
  *  This file contains the character classifications
  *  used by AutoGen and AutoOpts for identifying tokens.
@@ -67,6 +67,7 @@
 // underscore      "_"
 // plus            "+"
 // dollar          "$"
+// option-marker   "-"
 // 
 // horiz-white     "\t "
 // alt-white       "\v\f\r\b"
@@ -105,322 +106,335 @@
 // set-separator   "|+"          +end-list-entry
 // signed-number   +inversion    +dec-digit
 // make-script     +dollar       +newline
+// load-line-skip  +horiz-white  +option-marker
 //
 #endif /* 0 -- mapping spec. source */
 
 
 typedef uint32_t ag_char_map_mask_t;
 
-#define  IS_NEWLINE_CHAR( _c)          is_ag_char_map_char((char)( _c), 0x0000001)
-#define SPN_NEWLINE_CHARS(_s)         spn_ag_char_map_chars((char *)_s, 0)
-#define BRK_NEWLINE_CHARS(_s)         brk_ag_char_map_chars((char *)_s, 0)
-#define SPN_NEWLINE_BACK(s,e)         spn_ag_char_map_back((char *)s, (char *)e, 0)
-#define BRK_NEWLINE_BACK(s,e)         brk_ag_char_map_back((char *)s, (char *)e, 0)
-#define  IS_NUL_BYTE_CHAR( _c)         is_ag_char_map_char((char)( _c), 0x0000002)
-#define SPN_NUL_BYTE_CHARS(_s)        spn_ag_char_map_chars((char *)_s, 1)
-#define BRK_NUL_BYTE_CHARS(_s)        brk_ag_char_map_chars((char *)_s, 1)
-#define SPN_NUL_BYTE_BACK(s,e)        spn_ag_char_map_back((char *)s, (char *)e, 1)
-#define BRK_NUL_BYTE_BACK(s,e)        brk_ag_char_map_back((char *)s, (char *)e, 1)
-#define  IS_DIR_SEP_CHAR( _c)          is_ag_char_map_char((char)( _c), 0x0000004)
-#define SPN_DIR_SEP_CHARS(_s)         spn_ag_char_map_chars((char *)_s, 2)
-#define BRK_DIR_SEP_CHARS(_s)         brk_ag_char_map_chars((char *)_s, 2)
-#define SPN_DIR_SEP_BACK(s,e)         spn_ag_char_map_back((char *)s, (char *)e, 2)
-#define BRK_DIR_SEP_BACK(s,e)         brk_ag_char_map_back((char *)s, (char *)e, 2)
-#define  IS_PERCENT_CHAR( _c)          is_ag_char_map_char((char)( _c), 0x0000008)
-#define SPN_PERCENT_CHARS(_s)         spn_ag_char_map_chars((char *)_s, 3)
-#define BRK_PERCENT_CHARS(_s)         brk_ag_char_map_chars((char *)_s, 3)
-#define SPN_PERCENT_BACK(s,e)         spn_ag_char_map_back((char *)s, (char *)e, 3)
-#define BRK_PERCENT_BACK(s,e)         brk_ag_char_map_back((char *)s, (char *)e, 3)
-#define  IS_COMMA_CHAR( _c)            is_ag_char_map_char((char)( _c), 0x0000010)
-#define SPN_COMMA_CHARS(_s)           spn_ag_char_map_chars((char *)_s, 4)
-#define BRK_COMMA_CHARS(_s)           brk_ag_char_map_chars((char *)_s, 4)
-#define SPN_COMMA_BACK(s,e)           spn_ag_char_map_back((char *)s, (char *)e, 4)
-#define BRK_COMMA_BACK(s,e)           brk_ag_char_map_back((char *)s, (char *)e, 4)
-#define  IS_COLON_CHAR( _c)            is_ag_char_map_char((char)( _c), 0x0000020)
-#define SPN_COLON_CHARS(_s)           spn_ag_char_map_chars((char *)_s, 5)
-#define BRK_COLON_CHARS(_s)           brk_ag_char_map_chars((char *)_s, 5)
-#define SPN_COLON_BACK(s,e)           spn_ag_char_map_back((char *)s, (char *)e, 5)
-#define BRK_COLON_BACK(s,e)           brk_ag_char_map_back((char *)s, (char *)e, 5)
-#define  IS_UNDERSCORE_CHAR( _c)       is_ag_char_map_char((char)( _c), 0x0000040)
-#define SPN_UNDERSCORE_CHARS(_s)      spn_ag_char_map_chars((char *)_s, 6)
-#define BRK_UNDERSCORE_CHARS(_s)      brk_ag_char_map_chars((char *)_s, 6)
-#define SPN_UNDERSCORE_BACK(s,e)      spn_ag_char_map_back((char *)s, (char *)e, 6)
-#define BRK_UNDERSCORE_BACK(s,e)      brk_ag_char_map_back((char *)s, (char *)e, 6)
-#define  IS_PLUS_CHAR( _c)             is_ag_char_map_char((char)( _c), 0x0000080)
-#define SPN_PLUS_CHARS(_s)            spn_ag_char_map_chars((char *)_s, 7)
-#define BRK_PLUS_CHARS(_s)            brk_ag_char_map_chars((char *)_s, 7)
-#define SPN_PLUS_BACK(s,e)            spn_ag_char_map_back((char *)s, (char *)e, 7)
-#define BRK_PLUS_BACK(s,e)            brk_ag_char_map_back((char *)s, (char *)e, 7)
-#define  IS_DOLLAR_CHAR( _c)           is_ag_char_map_char((char)( _c), 0x0000100)
-#define SPN_DOLLAR_CHARS(_s)          spn_ag_char_map_chars((char *)_s, 8)
-#define BRK_DOLLAR_CHARS(_s)          brk_ag_char_map_chars((char *)_s, 8)
-#define SPN_DOLLAR_BACK(s,e)          spn_ag_char_map_back((char *)s, (char *)e, 8)
-#define BRK_DOLLAR_BACK(s,e)          brk_ag_char_map_back((char *)s, (char *)e, 8)
-#define  IS_HORIZ_WHITE_CHAR( _c)      is_ag_char_map_char((char)( _c), 0x0000200)
-#define SPN_HORIZ_WHITE_CHARS(_s)     spn_ag_char_map_chars((char *)_s, 9)
-#define BRK_HORIZ_WHITE_CHARS(_s)     brk_ag_char_map_chars((char *)_s, 9)
-#define SPN_HORIZ_WHITE_BACK(s,e)     spn_ag_char_map_back((char *)s, (char *)e, 9)
-#define BRK_HORIZ_WHITE_BACK(s,e)     brk_ag_char_map_back((char *)s, (char *)e, 9)
-#define  IS_ALT_WHITE_CHAR( _c)        is_ag_char_map_char((char)( _c), 0x0000400)
-#define SPN_ALT_WHITE_CHARS(_s)       spn_ag_char_map_chars((char *)_s, 10)
-#define BRK_ALT_WHITE_CHARS(_s)       brk_ag_char_map_chars((char *)_s, 10)
-#define SPN_ALT_WHITE_BACK(s,e)       spn_ag_char_map_back((char *)s, (char *)e, 10)
-#define BRK_ALT_WHITE_BACK(s,e)       brk_ag_char_map_back((char *)s, (char *)e, 10)
-#define  IS_WHITESPACE_CHAR( _c)       is_ag_char_map_char((char)( _c), 0x0000601)
-#define SPN_WHITESPACE_CHARS(_s)      spn_ag_char_map_chars((char *)_s, 11)
-#define BRK_WHITESPACE_CHARS(_s)      brk_ag_char_map_chars((char *)_s, 11)
-#define SPN_WHITESPACE_BACK(s,e)      spn_ag_char_map_back((char *)s, (char *)e, 11)
-#define BRK_WHITESPACE_BACK(s,e)      brk_ag_char_map_back((char *)s, (char *)e, 11)
-#define  IS_NON_NL_WHITE_CHAR( _c)     is_ag_char_map_char((char)( _c), 0x0000600)
-#define SPN_NON_NL_WHITE_CHARS(_s)    spn_ag_char_map_chars((char *)_s, 12)
-#define BRK_NON_NL_WHITE_CHARS(_s)    brk_ag_char_map_chars((char *)_s, 12)
-#define SPN_NON_NL_WHITE_BACK(s,e)    spn_ag_char_map_back((char *)s, (char *)e, 12)
-#define BRK_NON_NL_WHITE_BACK(s,e)    brk_ag_char_map_back((char *)s, (char *)e, 12)
-#define  IS_QUOTE_CHAR( _c)            is_ag_char_map_char((char)( _c), 0x0000800)
-#define SPN_QUOTE_CHARS(_s)           spn_ag_char_map_chars((char *)_s, 13)
-#define BRK_QUOTE_CHARS(_s)           brk_ag_char_map_chars((char *)_s, 13)
-#define SPN_QUOTE_BACK(s,e)           spn_ag_char_map_back((char *)s, (char *)e, 13)
-#define BRK_QUOTE_BACK(s,e)           brk_ag_char_map_back((char *)s, (char *)e, 13)
-#define  IS_PARENTHESES_CHAR( _c)      is_ag_char_map_char((char)( _c), 0x0001000)
-#define SPN_PARENTHESES_CHARS(_s)     spn_ag_char_map_chars((char *)_s, 14)
-#define BRK_PARENTHESES_CHARS(_s)     brk_ag_char_map_chars((char *)_s, 14)
-#define SPN_PARENTHESES_BACK(s,e)     spn_ag_char_map_back((char *)s, (char *)e, 14)
-#define BRK_PARENTHESES_BACK(s,e)     brk_ag_char_map_back((char *)s, (char *)e, 14)
-#define  IS_GRAPHIC_CHAR( _c)          is_ag_char_map_char((char)( _c), 0x0002000)
-#define SPN_GRAPHIC_CHARS(_s)         spn_ag_char_map_chars((char *)_s, 15)
-#define BRK_GRAPHIC_CHARS(_s)         brk_ag_char_map_chars((char *)_s, 15)
-#define SPN_GRAPHIC_BACK(s,e)         spn_ag_char_map_back((char *)s, (char *)e, 15)
-#define BRK_GRAPHIC_BACK(s,e)         brk_ag_char_map_back((char *)s, (char *)e, 15)
-#define  IS_INVERSION_CHAR( _c)        is_ag_char_map_char((char)( _c), 0x0004000)
-#define SPN_INVERSION_CHARS(_s)       spn_ag_char_map_chars((char *)_s, 16)
-#define BRK_INVERSION_CHARS(_s)       brk_ag_char_map_chars((char *)_s, 16)
-#define SPN_INVERSION_BACK(s,e)       spn_ag_char_map_back((char *)s, (char *)e, 16)
-#define BRK_INVERSION_BACK(s,e)       brk_ag_char_map_back((char *)s, (char *)e, 16)
-#define  IS_OCT_DIGIT_CHAR( _c)        is_ag_char_map_char((char)( _c), 0x0008000)
-#define SPN_OCT_DIGIT_CHARS(_s)       spn_ag_char_map_chars((char *)_s, 17)
-#define BRK_OCT_DIGIT_CHARS(_s)       brk_ag_char_map_chars((char *)_s, 17)
-#define SPN_OCT_DIGIT_BACK(s,e)       spn_ag_char_map_back((char *)s, (char *)e, 17)
-#define BRK_OCT_DIGIT_BACK(s,e)       brk_ag_char_map_back((char *)s, (char *)e, 17)
-#define  IS_DEC_DIGIT_CHAR( _c)        is_ag_char_map_char((char)( _c), 0x0018000)
-#define SPN_DEC_DIGIT_CHARS(_s)       spn_ag_char_map_chars((char *)_s, 18)
-#define BRK_DEC_DIGIT_CHARS(_s)       brk_ag_char_map_chars((char *)_s, 18)
-#define SPN_DEC_DIGIT_BACK(s,e)       spn_ag_char_map_back((char *)s, (char *)e, 18)
-#define BRK_DEC_DIGIT_BACK(s,e)       brk_ag_char_map_back((char *)s, (char *)e, 18)
-#define  IS_HEX_DIGIT_CHAR( _c)        is_ag_char_map_char((char)( _c), 0x0038000)
-#define SPN_HEX_DIGIT_CHARS(_s)       spn_ag_char_map_chars((char *)_s, 19)
-#define BRK_HEX_DIGIT_CHARS(_s)       brk_ag_char_map_chars((char *)_s, 19)
-#define SPN_HEX_DIGIT_BACK(s,e)       spn_ag_char_map_back((char *)s, (char *)e, 19)
-#define BRK_HEX_DIGIT_BACK(s,e)       brk_ag_char_map_back((char *)s, (char *)e, 19)
-#define  IS_LOWER_CASE_CHAR( _c)       is_ag_char_map_char((char)( _c), 0x0040000)
-#define SPN_LOWER_CASE_CHARS(_s)      spn_ag_char_map_chars((char *)_s, 20)
-#define BRK_LOWER_CASE_CHARS(_s)      brk_ag_char_map_chars((char *)_s, 20)
-#define SPN_LOWER_CASE_BACK(s,e)      spn_ag_char_map_back((char *)s, (char *)e, 20)
-#define BRK_LOWER_CASE_BACK(s,e)      brk_ag_char_map_back((char *)s, (char *)e, 20)
-#define  IS_UPPER_CASE_CHAR( _c)       is_ag_char_map_char((char)( _c), 0x0080000)
-#define SPN_UPPER_CASE_CHARS(_s)      spn_ag_char_map_chars((char *)_s, 21)
-#define BRK_UPPER_CASE_CHARS(_s)      brk_ag_char_map_chars((char *)_s, 21)
-#define SPN_UPPER_CASE_BACK(s,e)      spn_ag_char_map_back((char *)s, (char *)e, 21)
-#define BRK_UPPER_CASE_BACK(s,e)      brk_ag_char_map_back((char *)s, (char *)e, 21)
-#define  IS_ALPHABETIC_CHAR( _c)       is_ag_char_map_char((char)( _c), 0x00C0000)
-#define SPN_ALPHABETIC_CHARS(_s)      spn_ag_char_map_chars((char *)_s, 22)
-#define BRK_ALPHABETIC_CHARS(_s)      brk_ag_char_map_chars((char *)_s, 22)
-#define SPN_ALPHABETIC_BACK(s,e)      spn_ag_char_map_back((char *)s, (char *)e, 22)
-#define BRK_ALPHABETIC_BACK(s,e)      brk_ag_char_map_back((char *)s, (char *)e, 22)
-#define  IS_ALPHANUMERIC_CHAR( _c)     is_ag_char_map_char((char)( _c), 0x00D8000)
-#define SPN_ALPHANUMERIC_CHARS(_s)    spn_ag_char_map_chars((char *)_s, 23)
-#define BRK_ALPHANUMERIC_CHARS(_s)    brk_ag_char_map_chars((char *)_s, 23)
-#define SPN_ALPHANUMERIC_BACK(s,e)    spn_ag_char_map_back((char *)s, (char *)e, 23)
-#define BRK_ALPHANUMERIC_BACK(s,e)    brk_ag_char_map_back((char *)s, (char *)e, 23)
-#define  IS_VAR_FIRST_CHAR( _c)        is_ag_char_map_char((char)( _c), 0x00C0040)
-#define SPN_VAR_FIRST_CHARS(_s)       spn_ag_char_map_chars((char *)_s, 24)
-#define BRK_VAR_FIRST_CHARS(_s)       brk_ag_char_map_chars((char *)_s, 24)
-#define SPN_VAR_FIRST_BACK(s,e)       spn_ag_char_map_back((char *)s, (char *)e, 24)
-#define BRK_VAR_FIRST_BACK(s,e)       brk_ag_char_map_back((char *)s, (char *)e, 24)
-#define  IS_VARIABLE_NAME_CHAR( _c)    is_ag_char_map_char((char)( _c), 0x00D8040)
-#define SPN_VARIABLE_NAME_CHARS(_s)   spn_ag_char_map_chars((char *)_s, 25)
-#define BRK_VARIABLE_NAME_CHARS(_s)   brk_ag_char_map_chars((char *)_s, 25)
-#define SPN_VARIABLE_NAME_BACK(s,e)   spn_ag_char_map_back((char *)s, (char *)e, 25)
-#define BRK_VARIABLE_NAME_BACK(s,e)   brk_ag_char_map_back((char *)s, (char *)e, 25)
-#define  IS_OPTION_NAME_CHAR( _c)      is_ag_char_map_char((char)( _c), 0x01D8040)
-#define SPN_OPTION_NAME_CHARS(_s)     spn_ag_char_map_chars((char *)_s, 26)
-#define BRK_OPTION_NAME_CHARS(_s)     brk_ag_char_map_chars((char *)_s, 26)
-#define SPN_OPTION_NAME_BACK(s,e)     spn_ag_char_map_back((char *)s, (char *)e, 26)
-#define BRK_OPTION_NAME_BACK(s,e)     brk_ag_char_map_back((char *)s, (char *)e, 26)
-#define  IS_VALUE_NAME_CHAR( _c)       is_ag_char_map_char((char)( _c), 0x01D8060)
-#define SPN_VALUE_NAME_CHARS(_s)      spn_ag_char_map_chars((char *)_s, 27)
-#define BRK_VALUE_NAME_CHARS(_s)      brk_ag_char_map_chars((char *)_s, 27)
-#define SPN_VALUE_NAME_BACK(s,e)      spn_ag_char_map_back((char *)s, (char *)e, 27)
-#define BRK_VALUE_NAME_BACK(s,e)      brk_ag_char_map_back((char *)s, (char *)e, 27)
-#define  IS_NAME_SEP_CHAR( _c)         is_ag_char_map_char((char)( _c), 0x0200000)
-#define SPN_NAME_SEP_CHARS(_s)        spn_ag_char_map_chars((char *)_s, 28)
-#define BRK_NAME_SEP_CHARS(_s)        brk_ag_char_map_chars((char *)_s, 28)
-#define SPN_NAME_SEP_BACK(s,e)        spn_ag_char_map_back((char *)s, (char *)e, 28)
-#define BRK_NAME_SEP_BACK(s,e)        brk_ag_char_map_back((char *)s, (char *)e, 28)
-#define  IS_COMPOUND_NAME_CHAR( _c)    is_ag_char_map_char((char)( _c), 0x03D8260)
-#define SPN_COMPOUND_NAME_CHARS(_s)   spn_ag_char_map_chars((char *)_s, 29)
-#define BRK_COMPOUND_NAME_CHARS(_s)   brk_ag_char_map_chars((char *)_s, 29)
-#define SPN_COMPOUND_NAME_BACK(s,e)   spn_ag_char_map_back((char *)s, (char *)e, 29)
-#define BRK_COMPOUND_NAME_BACK(s,e)   brk_ag_char_map_back((char *)s, (char *)e, 29)
-#define  IS_SCHEME_NOTE_CHAR( _c)      is_ag_char_map_char((char)( _c), 0x0001800)
-#define SPN_SCHEME_NOTE_CHARS(_s)     spn_ag_char_map_chars((char *)_s, 30)
-#define BRK_SCHEME_NOTE_CHARS(_s)     brk_ag_char_map_chars((char *)_s, 30)
-#define SPN_SCHEME_NOTE_BACK(s,e)     spn_ag_char_map_back((char *)s, (char *)e, 30)
-#define BRK_SCHEME_NOTE_BACK(s,e)     brk_ag_char_map_back((char *)s, (char *)e, 30)
-#define  IS_UNQUOTABLE_CHAR( _c)       is_ag_char_map_char((char)( _c), 0x0400000)
-#define SPN_UNQUOTABLE_CHARS(_s)      spn_ag_char_map_chars((char *)_s, 31)
-#define BRK_UNQUOTABLE_CHARS(_s)      brk_ag_char_map_chars((char *)_s, 31)
-#define SPN_UNQUOTABLE_BACK(s,e)      spn_ag_char_map_back((char *)s, (char *)e, 31)
-#define BRK_UNQUOTABLE_BACK(s,e)      brk_ag_char_map_back((char *)s, (char *)e, 31)
-#define  IS_END_XML_TOKEN_CHAR( _c)    is_ag_char_map_char((char)( _c), 0x0800601)
-#define SPN_END_XML_TOKEN_CHARS(_s)   spn_ag_char_map_chars((char *)_s, 32)
-#define BRK_END_XML_TOKEN_CHARS(_s)   brk_ag_char_map_chars((char *)_s, 32)
-#define SPN_END_XML_TOKEN_BACK(s,e)   spn_ag_char_map_back((char *)s, (char *)e, 32)
-#define BRK_END_XML_TOKEN_BACK(s,e)   brk_ag_char_map_back((char *)s, (char *)e, 32)
-#define  IS_PLUS_N_SPACE_CHAR( _c)     is_ag_char_map_char((char)( _c), 0x0000681)
-#define SPN_PLUS_N_SPACE_CHARS(_s)    spn_ag_char_map_chars((char *)_s, 33)
-#define BRK_PLUS_N_SPACE_CHARS(_s)    brk_ag_char_map_chars((char *)_s, 33)
-#define SPN_PLUS_N_SPACE_BACK(s,e)    spn_ag_char_map_back((char *)s, (char *)e, 33)
-#define BRK_PLUS_N_SPACE_BACK(s,e)    brk_ag_char_map_back((char *)s, (char *)e, 33)
-#define  IS_PUNCTUATION_CHAR( _c)      is_ag_char_map_char((char)( _c), 0x1000000)
-#define SPN_PUNCTUATION_CHARS(_s)     spn_ag_char_map_chars((char *)_s, 34)
-#define BRK_PUNCTUATION_CHARS(_s)     brk_ag_char_map_chars((char *)_s, 34)
-#define SPN_PUNCTUATION_BACK(s,e)     spn_ag_char_map_back((char *)s, (char *)e, 34)
-#define BRK_PUNCTUATION_BACK(s,e)     brk_ag_char_map_back((char *)s, (char *)e, 34)
-#define  IS_SUFFIX_CHAR( _c)           is_ag_char_map_char((char)( _c), 0x20D8000)
-#define SPN_SUFFIX_CHARS(_s)          spn_ag_char_map_chars((char *)_s, 35)
-#define BRK_SUFFIX_CHARS(_s)          brk_ag_char_map_chars((char *)_s, 35)
-#define SPN_SUFFIX_BACK(s,e)          spn_ag_char_map_back((char *)s, (char *)e, 35)
-#define BRK_SUFFIX_BACK(s,e)          brk_ag_char_map_back((char *)s, (char *)e, 35)
-#define  IS_SUFFIX_FMT_CHAR( _c)       is_ag_char_map_char((char)( _c), 0x20D800C)
-#define SPN_SUFFIX_FMT_CHARS(_s)      spn_ag_char_map_chars((char *)_s, 36)
-#define BRK_SUFFIX_FMT_CHARS(_s)      brk_ag_char_map_chars((char *)_s, 36)
-#define SPN_SUFFIX_FMT_BACK(s,e)      spn_ag_char_map_back((char *)s, (char *)e, 36)
-#define BRK_SUFFIX_FMT_BACK(s,e)      brk_ag_char_map_back((char *)s, (char *)e, 36)
-#define  IS_FALSE_TYPE_CHAR( _c)       is_ag_char_map_char((char)( _c), 0x4000002)
-#define SPN_FALSE_TYPE_CHARS(_s)      spn_ag_char_map_chars((char *)_s, 37)
-#define BRK_FALSE_TYPE_CHARS(_s)      brk_ag_char_map_chars((char *)_s, 37)
-#define SPN_FALSE_TYPE_BACK(s,e)      spn_ag_char_map_back((char *)s, (char *)e, 37)
-#define BRK_FALSE_TYPE_BACK(s,e)      brk_ag_char_map_back((char *)s, (char *)e, 37)
-#define  IS_FILE_NAME_CHAR( _c)        is_ag_char_map_char((char)( _c), 0x20D8004)
-#define SPN_FILE_NAME_CHARS(_s)       spn_ag_char_map_chars((char *)_s, 38)
-#define BRK_FILE_NAME_CHARS(_s)       brk_ag_char_map_chars((char *)_s, 38)
-#define SPN_FILE_NAME_BACK(s,e)       spn_ag_char_map_back((char *)s, (char *)e, 38)
-#define BRK_FILE_NAME_BACK(s,e)       brk_ag_char_map_back((char *)s, (char *)e, 38)
-#define  IS_END_TOKEN_CHAR( _c)        is_ag_char_map_char((char)( _c), 0x0000603)
-#define SPN_END_TOKEN_CHARS(_s)       spn_ag_char_map_chars((char *)_s, 39)
-#define BRK_END_TOKEN_CHARS(_s)       brk_ag_char_map_chars((char *)_s, 39)
-#define SPN_END_TOKEN_BACK(s,e)       spn_ag_char_map_back((char *)s, (char *)e, 39)
-#define BRK_END_TOKEN_BACK(s,e)       brk_ag_char_map_back((char *)s, (char *)e, 39)
-#define  IS_END_LIST_ENTRY_CHAR( _c)   is_ag_char_map_char((char)( _c), 0x0000613)
-#define SPN_END_LIST_ENTRY_CHARS(_s)  spn_ag_char_map_chars((char *)_s, 40)
-#define BRK_END_LIST_ENTRY_CHARS(_s)  brk_ag_char_map_chars((char *)_s, 40)
-#define SPN_END_LIST_ENTRY_BACK(s,e)  spn_ag_char_map_back((char *)s, (char *)e, 40)
-#define BRK_END_LIST_ENTRY_BACK(s,e)  brk_ag_char_map_back((char *)s, (char *)e, 40)
-#define  IS_SET_SEPARATOR_CHAR( _c)    is_ag_char_map_char((char)( _c), 0x8000613)
-#define SPN_SET_SEPARATOR_CHARS(_s)   spn_ag_char_map_chars((char *)_s, 41)
-#define BRK_SET_SEPARATOR_CHARS(_s)   brk_ag_char_map_chars((char *)_s, 41)
-#define SPN_SET_SEPARATOR_BACK(s,e)   spn_ag_char_map_back((char *)s, (char *)e, 41)
-#define BRK_SET_SEPARATOR_BACK(s,e)   brk_ag_char_map_back((char *)s, (char *)e, 41)
-#define  IS_SIGNED_NUMBER_CHAR( _c)    is_ag_char_map_char((char)( _c), 0x001C000)
-#define SPN_SIGNED_NUMBER_CHARS(_s)   spn_ag_char_map_chars((char *)_s, 42)
-#define BRK_SIGNED_NUMBER_CHARS(_s)   brk_ag_char_map_chars((char *)_s, 42)
-#define SPN_SIGNED_NUMBER_BACK(s,e)   spn_ag_char_map_back((char *)s, (char *)e, 42)
-#define BRK_SIGNED_NUMBER_BACK(s,e)   brk_ag_char_map_back((char *)s, (char *)e, 42)
-#define  IS_MAKE_SCRIPT_CHAR( _c)      is_ag_char_map_char((char)( _c), 0x0000101)
-#define SPN_MAKE_SCRIPT_CHARS(_s)     spn_ag_char_map_chars((char *)_s, 43)
-#define BRK_MAKE_SCRIPT_CHARS(_s)     brk_ag_char_map_chars((char *)_s, 43)
-#define SPN_MAKE_SCRIPT_BACK(s,e)     spn_ag_char_map_back((char *)s, (char *)e, 43)
-#define BRK_MAKE_SCRIPT_BACK(s,e)     brk_ag_char_map_back((char *)s, (char *)e, 43)
+#define  IS_NEWLINE_CHAR( _c)          is_ag_char_map_char((char)(_c), 0x00000001)
+#define SPN_NEWLINE_CHARS(_s)         spn_ag_char_map_chars(_s, 0)
+#define BRK_NEWLINE_CHARS(_s)         brk_ag_char_map_chars(_s, 0)
+#define SPN_NEWLINE_BACK(s,e)         spn_ag_char_map_back(s, e, 0)
+#define BRK_NEWLINE_BACK(s,e)         brk_ag_char_map_back(s, e, 0)
+#define  IS_NUL_BYTE_CHAR( _c)         is_ag_char_map_char((char)(_c), 0x00000002)
+#define SPN_NUL_BYTE_CHARS(_s)        spn_ag_char_map_chars(_s, 1)
+#define BRK_NUL_BYTE_CHARS(_s)        brk_ag_char_map_chars(_s, 1)
+#define SPN_NUL_BYTE_BACK(s,e)        spn_ag_char_map_back(s, e, 1)
+#define BRK_NUL_BYTE_BACK(s,e)        brk_ag_char_map_back(s, e, 1)
+#define  IS_DIR_SEP_CHAR( _c)          is_ag_char_map_char((char)(_c), 0x00000004)
+#define SPN_DIR_SEP_CHARS(_s)         spn_ag_char_map_chars(_s, 2)
+#define BRK_DIR_SEP_CHARS(_s)         brk_ag_char_map_chars(_s, 2)
+#define SPN_DIR_SEP_BACK(s,e)         spn_ag_char_map_back(s, e, 2)
+#define BRK_DIR_SEP_BACK(s,e)         brk_ag_char_map_back(s, e, 2)
+#define  IS_PERCENT_CHAR( _c)          is_ag_char_map_char((char)(_c), 0x00000008)
+#define SPN_PERCENT_CHARS(_s)         spn_ag_char_map_chars(_s, 3)
+#define BRK_PERCENT_CHARS(_s)         brk_ag_char_map_chars(_s, 3)
+#define SPN_PERCENT_BACK(s,e)         spn_ag_char_map_back(s, e, 3)
+#define BRK_PERCENT_BACK(s,e)         brk_ag_char_map_back(s, e, 3)
+#define  IS_COMMA_CHAR( _c)            is_ag_char_map_char((char)(_c), 0x00000010)
+#define SPN_COMMA_CHARS(_s)           spn_ag_char_map_chars(_s, 4)
+#define BRK_COMMA_CHARS(_s)           brk_ag_char_map_chars(_s, 4)
+#define SPN_COMMA_BACK(s,e)           spn_ag_char_map_back(s, e, 4)
+#define BRK_COMMA_BACK(s,e)           brk_ag_char_map_back(s, e, 4)
+#define  IS_COLON_CHAR( _c)            is_ag_char_map_char((char)(_c), 0x00000020)
+#define SPN_COLON_CHARS(_s)           spn_ag_char_map_chars(_s, 5)
+#define BRK_COLON_CHARS(_s)           brk_ag_char_map_chars(_s, 5)
+#define SPN_COLON_BACK(s,e)           spn_ag_char_map_back(s, e, 5)
+#define BRK_COLON_BACK(s,e)           brk_ag_char_map_back(s, e, 5)
+#define  IS_UNDERSCORE_CHAR( _c)       is_ag_char_map_char((char)(_c), 0x00000040)
+#define SPN_UNDERSCORE_CHARS(_s)      spn_ag_char_map_chars(_s, 6)
+#define BRK_UNDERSCORE_CHARS(_s)      brk_ag_char_map_chars(_s, 6)
+#define SPN_UNDERSCORE_BACK(s,e)      spn_ag_char_map_back(s, e, 6)
+#define BRK_UNDERSCORE_BACK(s,e)      brk_ag_char_map_back(s, e, 6)
+#define  IS_PLUS_CHAR( _c)             is_ag_char_map_char((char)(_c), 0x00000080)
+#define SPN_PLUS_CHARS(_s)            spn_ag_char_map_chars(_s, 7)
+#define BRK_PLUS_CHARS(_s)            brk_ag_char_map_chars(_s, 7)
+#define SPN_PLUS_BACK(s,e)            spn_ag_char_map_back(s, e, 7)
+#define BRK_PLUS_BACK(s,e)            brk_ag_char_map_back(s, e, 7)
+#define  IS_DOLLAR_CHAR( _c)           is_ag_char_map_char((char)(_c), 0x00000100)
+#define SPN_DOLLAR_CHARS(_s)          spn_ag_char_map_chars(_s, 8)
+#define BRK_DOLLAR_CHARS(_s)          brk_ag_char_map_chars(_s, 8)
+#define SPN_DOLLAR_BACK(s,e)          spn_ag_char_map_back(s, e, 8)
+#define BRK_DOLLAR_BACK(s,e)          brk_ag_char_map_back(s, e, 8)
+#define  IS_OPTION_MARKER_CHAR( _c)    is_ag_char_map_char((char)(_c), 0x00000200)
+#define SPN_OPTION_MARKER_CHARS(_s)   spn_ag_char_map_chars(_s, 9)
+#define BRK_OPTION_MARKER_CHARS(_s)   brk_ag_char_map_chars(_s, 9)
+#define SPN_OPTION_MARKER_BACK(s,e)   spn_ag_char_map_back(s, e, 9)
+#define BRK_OPTION_MARKER_BACK(s,e)   brk_ag_char_map_back(s, e, 9)
+#define  IS_HORIZ_WHITE_CHAR( _c)      is_ag_char_map_char((char)(_c), 0x00000400)
+#define SPN_HORIZ_WHITE_CHARS(_s)     spn_ag_char_map_chars(_s, 10)
+#define BRK_HORIZ_WHITE_CHARS(_s)     brk_ag_char_map_chars(_s, 10)
+#define SPN_HORIZ_WHITE_BACK(s,e)     spn_ag_char_map_back(s, e, 10)
+#define BRK_HORIZ_WHITE_BACK(s,e)     brk_ag_char_map_back(s, e, 10)
+#define  IS_ALT_WHITE_CHAR( _c)        is_ag_char_map_char((char)(_c), 0x00000800)
+#define SPN_ALT_WHITE_CHARS(_s)       spn_ag_char_map_chars(_s, 11)
+#define BRK_ALT_WHITE_CHARS(_s)       brk_ag_char_map_chars(_s, 11)
+#define SPN_ALT_WHITE_BACK(s,e)       spn_ag_char_map_back(s, e, 11)
+#define BRK_ALT_WHITE_BACK(s,e)       brk_ag_char_map_back(s, e, 11)
+#define  IS_WHITESPACE_CHAR( _c)       is_ag_char_map_char((char)(_c), 0x00000C01)
+#define SPN_WHITESPACE_CHARS(_s)      spn_ag_char_map_chars(_s, 12)
+#define BRK_WHITESPACE_CHARS(_s)      brk_ag_char_map_chars(_s, 12)
+#define SPN_WHITESPACE_BACK(s,e)      spn_ag_char_map_back(s, e, 12)
+#define BRK_WHITESPACE_BACK(s,e)      brk_ag_char_map_back(s, e, 12)
+#define  IS_NON_NL_WHITE_CHAR( _c)     is_ag_char_map_char((char)(_c), 0x00000C00)
+#define SPN_NON_NL_WHITE_CHARS(_s)    spn_ag_char_map_chars(_s, 13)
+#define BRK_NON_NL_WHITE_CHARS(_s)    brk_ag_char_map_chars(_s, 13)
+#define SPN_NON_NL_WHITE_BACK(s,e)    spn_ag_char_map_back(s, e, 13)
+#define BRK_NON_NL_WHITE_BACK(s,e)    brk_ag_char_map_back(s, e, 13)
+#define  IS_QUOTE_CHAR( _c)            is_ag_char_map_char((char)(_c), 0x00001000)
+#define SPN_QUOTE_CHARS(_s)           spn_ag_char_map_chars(_s, 14)
+#define BRK_QUOTE_CHARS(_s)           brk_ag_char_map_chars(_s, 14)
+#define SPN_QUOTE_BACK(s,e)           spn_ag_char_map_back(s, e, 14)
+#define BRK_QUOTE_BACK(s,e)           brk_ag_char_map_back(s, e, 14)
+#define  IS_PARENTHESES_CHAR( _c)      is_ag_char_map_char((char)(_c), 0x00002000)
+#define SPN_PARENTHESES_CHARS(_s)     spn_ag_char_map_chars(_s, 15)
+#define BRK_PARENTHESES_CHARS(_s)     brk_ag_char_map_chars(_s, 15)
+#define SPN_PARENTHESES_BACK(s,e)     spn_ag_char_map_back(s, e, 15)
+#define BRK_PARENTHESES_BACK(s,e)     brk_ag_char_map_back(s, e, 15)
+#define  IS_GRAPHIC_CHAR( _c)          is_ag_char_map_char((char)(_c), 0x00004000)
+#define SPN_GRAPHIC_CHARS(_s)         spn_ag_char_map_chars(_s, 16)
+#define BRK_GRAPHIC_CHARS(_s)         brk_ag_char_map_chars(_s, 16)
+#define SPN_GRAPHIC_BACK(s,e)         spn_ag_char_map_back(s, e, 16)
+#define BRK_GRAPHIC_BACK(s,e)         brk_ag_char_map_back(s, e, 16)
+#define  IS_INVERSION_CHAR( _c)        is_ag_char_map_char((char)(_c), 0x00008000)
+#define SPN_INVERSION_CHARS(_s)       spn_ag_char_map_chars(_s, 17)
+#define BRK_INVERSION_CHARS(_s)       brk_ag_char_map_chars(_s, 17)
+#define SPN_INVERSION_BACK(s,e)       spn_ag_char_map_back(s, e, 17)
+#define BRK_INVERSION_BACK(s,e)       brk_ag_char_map_back(s, e, 17)
+#define  IS_OCT_DIGIT_CHAR( _c)        is_ag_char_map_char((char)(_c), 0x00010000)
+#define SPN_OCT_DIGIT_CHARS(_s)       spn_ag_char_map_chars(_s, 18)
+#define BRK_OCT_DIGIT_CHARS(_s)       brk_ag_char_map_chars(_s, 18)
+#define SPN_OCT_DIGIT_BACK(s,e)       spn_ag_char_map_back(s, e, 18)
+#define BRK_OCT_DIGIT_BACK(s,e)       brk_ag_char_map_back(s, e, 18)
+#define  IS_DEC_DIGIT_CHAR( _c)        is_ag_char_map_char((char)(_c), 0x00030000)
+#define SPN_DEC_DIGIT_CHARS(_s)       spn_ag_char_map_chars(_s, 19)
+#define BRK_DEC_DIGIT_CHARS(_s)       brk_ag_char_map_chars(_s, 19)
+#define SPN_DEC_DIGIT_BACK(s,e)       spn_ag_char_map_back(s, e, 19)
+#define BRK_DEC_DIGIT_BACK(s,e)       brk_ag_char_map_back(s, e, 19)
+#define  IS_HEX_DIGIT_CHAR( _c)        is_ag_char_map_char((char)(_c), 0x00070000)
+#define SPN_HEX_DIGIT_CHARS(_s)       spn_ag_char_map_chars(_s, 20)
+#define BRK_HEX_DIGIT_CHARS(_s)       brk_ag_char_map_chars(_s, 20)
+#define SPN_HEX_DIGIT_BACK(s,e)       spn_ag_char_map_back(s, e, 20)
+#define BRK_HEX_DIGIT_BACK(s,e)       brk_ag_char_map_back(s, e, 20)
+#define  IS_LOWER_CASE_CHAR( _c)       is_ag_char_map_char((char)(_c), 0x00080000)
+#define SPN_LOWER_CASE_CHARS(_s)      spn_ag_char_map_chars(_s, 21)
+#define BRK_LOWER_CASE_CHARS(_s)      brk_ag_char_map_chars(_s, 21)
+#define SPN_LOWER_CASE_BACK(s,e)      spn_ag_char_map_back(s, e, 21)
+#define BRK_LOWER_CASE_BACK(s,e)      brk_ag_char_map_back(s, e, 21)
+#define  IS_UPPER_CASE_CHAR( _c)       is_ag_char_map_char((char)(_c), 0x00100000)
+#define SPN_UPPER_CASE_CHARS(_s)      spn_ag_char_map_chars(_s, 22)
+#define BRK_UPPER_CASE_CHARS(_s)      brk_ag_char_map_chars(_s, 22)
+#define SPN_UPPER_CASE_BACK(s,e)      spn_ag_char_map_back(s, e, 22)
+#define BRK_UPPER_CASE_BACK(s,e)      brk_ag_char_map_back(s, e, 22)
+#define  IS_ALPHABETIC_CHAR( _c)       is_ag_char_map_char((char)(_c), 0x00180000)
+#define SPN_ALPHABETIC_CHARS(_s)      spn_ag_char_map_chars(_s, 23)
+#define BRK_ALPHABETIC_CHARS(_s)      brk_ag_char_map_chars(_s, 23)
+#define SPN_ALPHABETIC_BACK(s,e)      spn_ag_char_map_back(s, e, 23)
+#define BRK_ALPHABETIC_BACK(s,e)      brk_ag_char_map_back(s, e, 23)
+#define  IS_ALPHANUMERIC_CHAR( _c)     is_ag_char_map_char((char)(_c), 0x001B0000)
+#define SPN_ALPHANUMERIC_CHARS(_s)    spn_ag_char_map_chars(_s, 24)
+#define BRK_ALPHANUMERIC_CHARS(_s)    brk_ag_char_map_chars(_s, 24)
+#define SPN_ALPHANUMERIC_BACK(s,e)    spn_ag_char_map_back(s, e, 24)
+#define BRK_ALPHANUMERIC_BACK(s,e)    brk_ag_char_map_back(s, e, 24)
+#define  IS_VAR_FIRST_CHAR( _c)        is_ag_char_map_char((char)(_c), 0x00180040)
+#define SPN_VAR_FIRST_CHARS(_s)       spn_ag_char_map_chars(_s, 25)
+#define BRK_VAR_FIRST_CHARS(_s)       brk_ag_char_map_chars(_s, 25)
+#define SPN_VAR_FIRST_BACK(s,e)       spn_ag_char_map_back(s, e, 25)
+#define BRK_VAR_FIRST_BACK(s,e)       brk_ag_char_map_back(s, e, 25)
+#define  IS_VARIABLE_NAME_CHAR( _c)    is_ag_char_map_char((char)(_c), 0x001B0040)
+#define SPN_VARIABLE_NAME_CHARS(_s)   spn_ag_char_map_chars(_s, 26)
+#define BRK_VARIABLE_NAME_CHARS(_s)   brk_ag_char_map_chars(_s, 26)
+#define SPN_VARIABLE_NAME_BACK(s,e)   spn_ag_char_map_back(s, e, 26)
+#define BRK_VARIABLE_NAME_BACK(s,e)   brk_ag_char_map_back(s, e, 26)
+#define  IS_OPTION_NAME_CHAR( _c)      is_ag_char_map_char((char)(_c), 0x003B0040)
+#define SPN_OPTION_NAME_CHARS(_s)     spn_ag_char_map_chars(_s, 27)
+#define BRK_OPTION_NAME_CHARS(_s)     brk_ag_char_map_chars(_s, 27)
+#define SPN_OPTION_NAME_BACK(s,e)     spn_ag_char_map_back(s, e, 27)
+#define BRK_OPTION_NAME_BACK(s,e)     brk_ag_char_map_back(s, e, 27)
+#define  IS_VALUE_NAME_CHAR( _c)       is_ag_char_map_char((char)(_c), 0x003B0060)
+#define SPN_VALUE_NAME_CHARS(_s)      spn_ag_char_map_chars(_s, 28)
+#define BRK_VALUE_NAME_CHARS(_s)      brk_ag_char_map_chars(_s, 28)
+#define SPN_VALUE_NAME_BACK(s,e)      spn_ag_char_map_back(s, e, 28)
+#define BRK_VALUE_NAME_BACK(s,e)      brk_ag_char_map_back(s, e, 28)
+#define  IS_NAME_SEP_CHAR( _c)         is_ag_char_map_char((char)(_c), 0x00400000)
+#define SPN_NAME_SEP_CHARS(_s)        spn_ag_char_map_chars(_s, 29)
+#define BRK_NAME_SEP_CHARS(_s)        brk_ag_char_map_chars(_s, 29)
+#define SPN_NAME_SEP_BACK(s,e)        spn_ag_char_map_back(s, e, 29)
+#define BRK_NAME_SEP_BACK(s,e)        brk_ag_char_map_back(s, e, 29)
+#define  IS_COMPOUND_NAME_CHAR( _c)    is_ag_char_map_char((char)(_c), 0x007B0460)
+#define SPN_COMPOUND_NAME_CHARS(_s)   spn_ag_char_map_chars(_s, 30)
+#define BRK_COMPOUND_NAME_CHARS(_s)   brk_ag_char_map_chars(_s, 30)
+#define SPN_COMPOUND_NAME_BACK(s,e)   spn_ag_char_map_back(s, e, 30)
+#define BRK_COMPOUND_NAME_BACK(s,e)   brk_ag_char_map_back(s, e, 30)
+#define  IS_SCHEME_NOTE_CHAR( _c)      is_ag_char_map_char((char)(_c), 0x00003000)
+#define SPN_SCHEME_NOTE_CHARS(_s)     spn_ag_char_map_chars(_s, 31)
+#define BRK_SCHEME_NOTE_CHARS(_s)     brk_ag_char_map_chars(_s, 31)
+#define SPN_SCHEME_NOTE_BACK(s,e)     spn_ag_char_map_back(s, e, 31)
+#define BRK_SCHEME_NOTE_BACK(s,e)     brk_ag_char_map_back(s, e, 31)
+#define  IS_UNQUOTABLE_CHAR( _c)       is_ag_char_map_char((char)(_c), 0x00800000)
+#define SPN_UNQUOTABLE_CHARS(_s)      spn_ag_char_map_chars(_s, 32)
+#define BRK_UNQUOTABLE_CHARS(_s)      brk_ag_char_map_chars(_s, 32)
+#define SPN_UNQUOTABLE_BACK(s,e)      spn_ag_char_map_back(s, e, 32)
+#define BRK_UNQUOTABLE_BACK(s,e)      brk_ag_char_map_back(s, e, 32)
+#define  IS_END_XML_TOKEN_CHAR( _c)    is_ag_char_map_char((char)(_c), 0x01000C01)
+#define SPN_END_XML_TOKEN_CHARS(_s)   spn_ag_char_map_chars(_s, 33)
+#define BRK_END_XML_TOKEN_CHARS(_s)   brk_ag_char_map_chars(_s, 33)
+#define SPN_END_XML_TOKEN_BACK(s,e)   spn_ag_char_map_back(s, e, 33)
+#define BRK_END_XML_TOKEN_BACK(s,e)   brk_ag_char_map_back(s, e, 33)
+#define  IS_PLUS_N_SPACE_CHAR( _c)     is_ag_char_map_char((char)(_c), 0x00000C81)
+#define SPN_PLUS_N_SPACE_CHARS(_s)    spn_ag_char_map_chars(_s, 34)
+#define BRK_PLUS_N_SPACE_CHARS(_s)    brk_ag_char_map_chars(_s, 34)
+#define SPN_PLUS_N_SPACE_BACK(s,e)    spn_ag_char_map_back(s, e, 34)
+#define BRK_PLUS_N_SPACE_BACK(s,e)    brk_ag_char_map_back(s, e, 34)
+#define  IS_PUNCTUATION_CHAR( _c)      is_ag_char_map_char((char)(_c), 0x02000000)
+#define SPN_PUNCTUATION_CHARS(_s)     spn_ag_char_map_chars(_s, 35)
+#define BRK_PUNCTUATION_CHARS(_s)     brk_ag_char_map_chars(_s, 35)
+#define SPN_PUNCTUATION_BACK(s,e)     spn_ag_char_map_back(s, e, 35)
+#define BRK_PUNCTUATION_BACK(s,e)     brk_ag_char_map_back(s, e, 35)
+#define  IS_SUFFIX_CHAR( _c)           is_ag_char_map_char((char)(_c), 0x041B0000)
+#define SPN_SUFFIX_CHARS(_s)          spn_ag_char_map_chars(_s, 36)
+#define BRK_SUFFIX_CHARS(_s)          brk_ag_char_map_chars(_s, 36)
+#define SPN_SUFFIX_BACK(s,e)          spn_ag_char_map_back(s, e, 36)
+#define BRK_SUFFIX_BACK(s,e)          brk_ag_char_map_back(s, e, 36)
+#define  IS_SUFFIX_FMT_CHAR( _c)       is_ag_char_map_char((char)(_c), 0x041B000C)
+#define SPN_SUFFIX_FMT_CHARS(_s)      spn_ag_char_map_chars(_s, 37)
+#define BRK_SUFFIX_FMT_CHARS(_s)      brk_ag_char_map_chars(_s, 37)
+#define SPN_SUFFIX_FMT_BACK(s,e)      spn_ag_char_map_back(s, e, 37)
+#define BRK_SUFFIX_FMT_BACK(s,e)      brk_ag_char_map_back(s, e, 37)
+#define  IS_FALSE_TYPE_CHAR( _c)       is_ag_char_map_char((char)(_c), 0x08000002)
+#define SPN_FALSE_TYPE_CHARS(_s)      spn_ag_char_map_chars(_s, 38)
+#define BRK_FALSE_TYPE_CHARS(_s)      brk_ag_char_map_chars(_s, 38)
+#define SPN_FALSE_TYPE_BACK(s,e)      spn_ag_char_map_back(s, e, 38)
+#define BRK_FALSE_TYPE_BACK(s,e)      brk_ag_char_map_back(s, e, 38)
+#define  IS_FILE_NAME_CHAR( _c)        is_ag_char_map_char((char)(_c), 0x041B0004)
+#define SPN_FILE_NAME_CHARS(_s)       spn_ag_char_map_chars(_s, 39)
+#define BRK_FILE_NAME_CHARS(_s)       brk_ag_char_map_chars(_s, 39)
+#define SPN_FILE_NAME_BACK(s,e)       spn_ag_char_map_back(s, e, 39)
+#define BRK_FILE_NAME_BACK(s,e)       brk_ag_char_map_back(s, e, 39)
+#define  IS_END_TOKEN_CHAR( _c)        is_ag_char_map_char((char)(_c), 0x00000C03)
+#define SPN_END_TOKEN_CHARS(_s)       spn_ag_char_map_chars(_s, 40)
+#define BRK_END_TOKEN_CHARS(_s)       brk_ag_char_map_chars(_s, 40)
+#define SPN_END_TOKEN_BACK(s,e)       spn_ag_char_map_back(s, e, 40)
+#define BRK_END_TOKEN_BACK(s,e)       brk_ag_char_map_back(s, e, 40)
+#define  IS_END_LIST_ENTRY_CHAR( _c)   is_ag_char_map_char((char)(_c), 0x00000C13)
+#define SPN_END_LIST_ENTRY_CHARS(_s)  spn_ag_char_map_chars(_s, 41)
+#define BRK_END_LIST_ENTRY_CHARS(_s)  brk_ag_char_map_chars(_s, 41)
+#define SPN_END_LIST_ENTRY_BACK(s,e)  spn_ag_char_map_back(s, e, 41)
+#define BRK_END_LIST_ENTRY_BACK(s,e)  brk_ag_char_map_back(s, e, 41)
+#define  IS_SET_SEPARATOR_CHAR( _c)    is_ag_char_map_char((char)(_c), 0x10000C13)
+#define SPN_SET_SEPARATOR_CHARS(_s)   spn_ag_char_map_chars(_s, 42)
+#define BRK_SET_SEPARATOR_CHARS(_s)   brk_ag_char_map_chars(_s, 42)
+#define SPN_SET_SEPARATOR_BACK(s,e)   spn_ag_char_map_back(s, e, 42)
+#define BRK_SET_SEPARATOR_BACK(s,e)   brk_ag_char_map_back(s, e, 42)
+#define  IS_SIGNED_NUMBER_CHAR( _c)    is_ag_char_map_char((char)(_c), 0x00038000)
+#define SPN_SIGNED_NUMBER_CHARS(_s)   spn_ag_char_map_chars(_s, 43)
+#define BRK_SIGNED_NUMBER_CHARS(_s)   brk_ag_char_map_chars(_s, 43)
+#define SPN_SIGNED_NUMBER_BACK(s,e)   spn_ag_char_map_back(s, e, 43)
+#define BRK_SIGNED_NUMBER_BACK(s,e)   brk_ag_char_map_back(s, e, 43)
+#define  IS_MAKE_SCRIPT_CHAR( _c)      is_ag_char_map_char((char)(_c), 0x00000101)
+#define SPN_MAKE_SCRIPT_CHARS(_s)     spn_ag_char_map_chars(_s, 44)
+#define BRK_MAKE_SCRIPT_CHARS(_s)     brk_ag_char_map_chars(_s, 44)
+#define SPN_MAKE_SCRIPT_BACK(s,e)     spn_ag_char_map_back(s, e, 44)
+#define BRK_MAKE_SCRIPT_BACK(s,e)     brk_ag_char_map_back(s, e, 44)
+#define  IS_LOAD_LINE_SKIP_CHAR( _c)   is_ag_char_map_char((char)(_c), 0x00000600)
+#define SPN_LOAD_LINE_SKIP_CHARS(_s)  spn_ag_char_map_chars(_s, 45)
+#define BRK_LOAD_LINE_SKIP_CHARS(_s)  brk_ag_char_map_chars(_s, 45)
+#define SPN_LOAD_LINE_SKIP_BACK(s,e)  spn_ag_char_map_back(s, e, 45)
+#define BRK_LOAD_LINE_SKIP_BACK(s,e)  brk_ag_char_map_back(s, e, 45)
 
 static ag_char_map_mask_t const ag_char_map_table[128] = {
-  /*NUL*/ 0x0000002, /*x01*/ 0x0000000, /*x02*/ 0x0000000, /*x03*/ 0x0000000,
-  /*x04*/ 0x0000000, /*x05*/ 0x0000000, /*x06*/ 0x0000000, /*BEL*/ 0x0000000,
-  /* BS*/ 0x0000400, /* HT*/ 0x0000200, /* NL*/ 0x0000001, /* VT*/ 0x0000400,
-  /* FF*/ 0x0000400, /* CR*/ 0x0000400, /*x0E*/ 0x0000000, /*x0F*/ 0x0000000,
-  /*x10*/ 0x0000000, /*x11*/ 0x0000000, /*x12*/ 0x0000000, /*x13*/ 0x0000000,
-  /*x14*/ 0x0000000, /*x15*/ 0x0000000, /*x16*/ 0x0000000, /*x17*/ 0x0000000,
-  /*x18*/ 0x0000000, /*x19*/ 0x0000000, /*x1A*/ 0x0000000, /*ESC*/ 0x0000000,
-  /*x1C*/ 0x0000000, /*x1D*/ 0x0000000, /*x1E*/ 0x0000000, /*x1F*/ 0x0000000,
-  /*   */ 0x0000200, /* ! */ 0x1402000, /* " */ 0x1002800, /* # */ 0x1002000,
-  /* $ */ 0x1402100, /* % */ 0x1402008, /* & */ 0x1402000, /* ' */ 0x1002800,
-  /* ( */ 0x1003000, /* ) */ 0x1003000, /* * */ 0x1002000, /* + */ 0x9402080,
-  /* , */ 0x1002010, /* - */ 0x3506000, /* . */ 0x3602000, /* / */ 0x1C02004,
-  /* 0 */ 0x440A000, /* 1 */ 0x040A000, /* 2 */ 0x040A000, /* 3 */ 0x040A000,
-  /* 4 */ 0x040A000, /* 5 */ 0x040A000, /* 6 */ 0x040A000, /* 7 */ 0x040A000,
-  /* 8 */ 0x0412000, /* 9 */ 0x0412000, /* : */ 0x1402020, /* ; */ 0x1002000,
-  /* < */ 0x1002000, /* = */ 0x1002000, /* > */ 0x1802000, /* ? */ 0x1002000,
-  /* @ */ 0x1402000, /* A */ 0x04A2000, /* B */ 0x04A2000, /* C */ 0x04A2000,
-  /* D */ 0x04A2000, /* E */ 0x04A2000, /* F */ 0x44A2000, /* G */ 0x0482000,
-  /* H */ 0x0482000, /* I */ 0x0482000, /* J */ 0x0482000, /* K */ 0x0482000,
-  /* L */ 0x0482000, /* M */ 0x0482000, /* N */ 0x4482000, /* O */ 0x0482000,
-  /* P */ 0x0482000, /* Q */ 0x0482000, /* R */ 0x0482000, /* S */ 0x0482000,
-  /* T */ 0x0482000, /* U */ 0x0482000, /* V */ 0x0482000, /* W */ 0x0482000,
-  /* X */ 0x0482000, /* Y */ 0x0482000, /* Z */ 0x0482000, /* [ */ 0x1202000,
-  /* \ */ 0x1002004, /* ] */ 0x1202000, /* ^ */ 0x1502000, /* _ */ 0x2402040,
-  /* ` */ 0x1002000, /* a */ 0x0462000, /* b */ 0x0462000, /* c */ 0x0462000,
-  /* d */ 0x0462000, /* e */ 0x0462000, /* f */ 0x4462000, /* g */ 0x0442000,
-  /* h */ 0x0442000, /* i */ 0x0442000, /* j */ 0x0442000, /* k */ 0x0442000,
-  /* l */ 0x0442000, /* m */ 0x0442000, /* n */ 0x4442000, /* o */ 0x0442000,
-  /* p */ 0x0442000, /* q */ 0x0442000, /* r */ 0x0442000, /* s */ 0x0442000,
-  /* t */ 0x0442000, /* u */ 0x0442000, /* v */ 0x0442000, /* w */ 0x0442000,
-  /* x */ 0x0442000, /* y */ 0x0442000, /* z */ 0x0442000, /* { */ 0x1002000,
-  /* | */ 0x9402000, /* } */ 0x1002000, /* ~ */ 0x1406000, /*x7F*/ 0x0000000
+  /*NUL*/ 0x00000002, /*x01*/ 0x00000000, /*x02*/ 0x00000000, /*x03*/ 0x00000000,
+  /*x04*/ 0x00000000, /*x05*/ 0x00000000, /*x06*/ 0x00000000, /*BEL*/ 0x00000000,
+  /* BS*/ 0x00000800, /* HT*/ 0x00000400, /* NL*/ 0x00000001, /* VT*/ 0x00000800,
+  /* FF*/ 0x00000800, /* CR*/ 0x00000800, /*x0E*/ 0x00000000, /*x0F*/ 0x00000000,
+  /*x10*/ 0x00000000, /*x11*/ 0x00000000, /*x12*/ 0x00000000, /*x13*/ 0x00000000,
+  /*x14*/ 0x00000000, /*x15*/ 0x00000000, /*x16*/ 0x00000000, /*x17*/ 0x00000000,
+  /*x18*/ 0x00000000, /*x19*/ 0x00000000, /*x1A*/ 0x00000000, /*ESC*/ 0x00000000,
+  /*x1C*/ 0x00000000, /*x1D*/ 0x00000000, /*x1E*/ 0x00000000, /*x1F*/ 0x00000000,
+  /*   */ 0x00000400, /* ! */ 0x02804000, /* " */ 0x02005000, /* # */ 0x02004000,
+  /* $ */ 0x02804100, /* % */ 0x02804008, /* & */ 0x02804000, /* ' */ 0x02005000,
+  /* ( */ 0x02006000, /* ) */ 0x02006000, /* * */ 0x02004000, /* + */ 0x12804080,
+  /* , */ 0x02004010, /* - */ 0x06A0C200, /* . */ 0x06C04000, /* / */ 0x03804004,
+  /* 0 */ 0x08814000, /* 1 */ 0x00814000, /* 2 */ 0x00814000, /* 3 */ 0x00814000,
+  /* 4 */ 0x00814000, /* 5 */ 0x00814000, /* 6 */ 0x00814000, /* 7 */ 0x00814000,
+  /* 8 */ 0x00824000, /* 9 */ 0x00824000, /* : */ 0x02804020, /* ; */ 0x02004000,
+  /* < */ 0x02004000, /* = */ 0x02004000, /* > */ 0x03004000, /* ? */ 0x02004000,
+  /* @ */ 0x02804000, /* A */ 0x00944000, /* B */ 0x00944000, /* C */ 0x00944000,
+  /* D */ 0x00944000, /* E */ 0x00944000, /* F */ 0x08944000, /* G */ 0x00904000,
+  /* H */ 0x00904000, /* I */ 0x00904000, /* J */ 0x00904000, /* K */ 0x00904000,
+  /* L */ 0x00904000, /* M */ 0x00904000, /* N */ 0x08904000, /* O */ 0x00904000,
+  /* P */ 0x00904000, /* Q */ 0x00904000, /* R */ 0x00904000, /* S */ 0x00904000,
+  /* T */ 0x00904000, /* U */ 0x00904000, /* V */ 0x00904000, /* W */ 0x00904000,
+  /* X */ 0x00904000, /* Y */ 0x00904000, /* Z */ 0x00904000, /* [ */ 0x02404000,
+  /* \ */ 0x02004004, /* ] */ 0x02404000, /* ^ */ 0x02A04000, /* _ */ 0x04804040,
+  /* ` */ 0x02004000, /* a */ 0x008C4000, /* b */ 0x008C4000, /* c */ 0x008C4000,
+  /* d */ 0x008C4000, /* e */ 0x008C4000, /* f */ 0x088C4000, /* g */ 0x00884000,
+  /* h */ 0x00884000, /* i */ 0x00884000, /* j */ 0x00884000, /* k */ 0x00884000,
+  /* l */ 0x00884000, /* m */ 0x00884000, /* n */ 0x08884000, /* o */ 0x00884000,
+  /* p */ 0x00884000, /* q */ 0x00884000, /* r */ 0x00884000, /* s */ 0x00884000,
+  /* t */ 0x00884000, /* u */ 0x00884000, /* v */ 0x00884000, /* w */ 0x00884000,
+  /* x */ 0x00884000, /* y */ 0x00884000, /* z */ 0x00884000, /* { */ 0x02004000,
+  /* | */ 0x12804000, /* } */ 0x02004000, /* ~ */ 0x0280C000, /*x7F*/ 0x00000000
 };
 
 #include <stdlib.h>
 #include <string.h>
 
-static unsigned char const * ag_char_map_spanners[44];
+static unsigned char const * ag_char_map_spanners[46];
 /**
  *  Character category masks.  Some categories may have multiple bits,
  *  if their definition incorporates other character categories.
  *  This mask array is only used by calc_ag_char_map_spanners().
  */
-static ag_char_map_mask_t const ag_char_map_masks[44] = {
-    0x0000001, /* NEWLINE         */
-    0x0000002, /* NUL_BYTE        */
-    0x0000004, /* DIR_SEP         */
-    0x0000008, /* PERCENT         */
-    0x0000010, /* COMMA           */
-    0x0000020, /* COLON           */
-    0x0000040, /* UNDERSCORE      */
-    0x0000080, /* PLUS            */
-    0x0000100, /* DOLLAR          */
-    0x0000200, /* HORIZ_WHITE     */
-    0x0000400, /* ALT_WHITE       */
-    0x0000601, /* WHITESPACE      */
-    0x0000600, /* NON_NL_WHITE    */
-    0x0000800, /* QUOTE           */
-    0x0001000, /* PARENTHESES     */
-    0x0002000, /* GRAPHIC         */
-    0x0004000, /* INVERSION       */
-    0x0008000, /* OCT_DIGIT       */
-    0x0018000, /* DEC_DIGIT       */
-    0x0038000, /* HEX_DIGIT       */
-    0x0040000, /* LOWER_CASE      */
-    0x0080000, /* UPPER_CASE      */
-    0x00C0000, /* ALPHABETIC      */
-    0x00D8000, /* ALPHANUMERIC    */
-    0x00C0040, /* VAR_FIRST       */
-    0x00D8040, /* VARIABLE_NAME   */
-    0x01D8040, /* OPTION_NAME     */
-    0x01D8060, /* VALUE_NAME      */
-    0x0200000, /* NAME_SEP        */
-    0x03D8260, /* COMPOUND_NAME   */
-    0x0001800, /* SCHEME_NOTE     */
-    0x0400000, /* UNQUOTABLE      */
-    0x0800601, /* END_XML_TOKEN   */
-    0x0000681, /* PLUS_N_SPACE    */
-    0x1000000, /* PUNCTUATION     */
-    0x20D8000, /* SUFFIX          */
-    0x20D800C, /* SUFFIX_FMT      */
-    0x4000002, /* FALSE_TYPE      */
-    0x20D8004, /* FILE_NAME       */
-    0x0000603, /* END_TOKEN       */
-    0x0000613, /* END_LIST_ENTRY  */
-    0x8000613, /* SET_SEPARATOR   */
-    0x001C000, /* SIGNED_NUMBER   */
-    0x0000101, /* MAKE_SCRIPT     */
+static ag_char_map_mask_t const ag_char_map_masks[46] = {
+    0x00000001, /* NEWLINE         */
+    0x00000002, /* NUL_BYTE        */
+    0x00000004, /* DIR_SEP         */
+    0x00000008, /* PERCENT         */
+    0x00000010, /* COMMA           */
+    0x00000020, /* COLON           */
+    0x00000040, /* UNDERSCORE      */
+    0x00000080, /* PLUS            */
+    0x00000100, /* DOLLAR          */
+    0x00000200, /* OPTION_MARKER   */
+    0x00000400, /* HORIZ_WHITE     */
+    0x00000800, /* ALT_WHITE       */
+    0x00000C01, /* WHITESPACE      */
+    0x00000C00, /* NON_NL_WHITE    */
+    0x00001000, /* QUOTE           */
+    0x00002000, /* PARENTHESES     */
+    0x00004000, /* GRAPHIC         */
+    0x00008000, /* INVERSION       */
+    0x00010000, /* OCT_DIGIT       */
+    0x00030000, /* DEC_DIGIT       */
+    0x00070000, /* HEX_DIGIT       */
+    0x00080000, /* LOWER_CASE      */
+    0x00100000, /* UPPER_CASE      */
+    0x00180000, /* ALPHABETIC      */
+    0x001B0000, /* ALPHANUMERIC    */
+    0x00180040, /* VAR_FIRST       */
+    0x001B0040, /* VARIABLE_NAME   */
+    0x003B0040, /* OPTION_NAME     */
+    0x003B0060, /* VALUE_NAME      */
+    0x00400000, /* NAME_SEP        */
+    0x007B0460, /* COMPOUND_NAME   */
+    0x00003000, /* SCHEME_NOTE     */
+    0x00800000, /* UNQUOTABLE      */
+    0x01000C01, /* END_XML_TOKEN   */
+    0x00000C81, /* PLUS_N_SPACE    */
+    0x02000000, /* PUNCTUATION     */
+    0x041B0000, /* SUFFIX          */
+    0x041B000C, /* SUFFIX_FMT      */
+    0x08000002, /* FALSE_TYPE      */
+    0x041B0004, /* FILE_NAME       */
+    0x00000C03, /* END_TOKEN       */
+    0x00000C13, /* END_LIST_ENTRY  */
+    0x10000C13, /* SET_SEPARATOR   */
+    0x00038000, /* SIGNED_NUMBER   */
+    0x00000101, /* MAKE_SCRIPT     */
+    0x00000600, /* LOAD_LINE_SKIP  */
 };
 
 #define lock_ag_char_map_spanners()
@@ -453,44 +467,44 @@ is_ag_char_map_char(char ch, ag_char_map
 }
 
 static inline char *
-spn_ag_char_map_chars(char * p, unsigned int mask_ix)
+spn_ag_char_map_chars(char const * p, unsigned int mask_ix)
 {
     unsigned char const * v = ag_char_map_spanners[mask_ix];
     if (v == NULL)
         v = calc_ag_char_map_spanners(mask_ix);
     while (v[(unsigned)*p])  p++;
-    return p;
+    return (char *)(uintptr_t)p;
 }
 
 static inline char *
-brk_ag_char_map_chars(char * p, unsigned int mask_ix)
+brk_ag_char_map_chars(char const * p, unsigned int mask_ix)
 {
     unsigned char const * v = ag_char_map_spanners[mask_ix];
     if (v == NULL)
         v = calc_ag_char_map_spanners(mask_ix);
     while ((*p != '\0') && (! v[(unsigned)*p]))  p++;
-    return p;
+    return (char *)(uintptr_t)p;
 }
 
 static inline char *
-spn_ag_char_map_back(char * s, char * e, unsigned int mask_ix)
+spn_ag_char_map_back(char const * s, char const * e, unsigned int mask_ix)
 {
     unsigned char const * v = ag_char_map_spanners[mask_ix];
     if (v == NULL)
         v = calc_ag_char_map_spanners(mask_ix);
     if (s >= e) e = s + strlen(s);
     while ((e > s) && v[(unsigned)e[-1]])  e--;
-    return e;
+    return (char *)(uintptr_t)e;
 }
 
 static inline char *
-brk_ag_char_map_back(char * s, char * e, unsigned int mask_ix)
+brk_ag_char_map_back(char const * s, char const * e, unsigned int mask_ix)
 {
     unsigned char const * v = ag_char_map_spanners[mask_ix];
     if (v == NULL)
         v = calc_ag_char_map_spanners(mask_ix);
     if (s == e) e += strlen(e);
     while ((e > s) && (! v[(unsigned)e[-1]]))  e--;
-    return e;
+    return (char *)(uintptr_t)e;
 }
 #endif /* AG_CHAR_MAP_H_GUARD */

==== sntp/libopts/alias.c ====
2012-08-12 04:32:20+00:00, stenn at psp-fb1.ntp.org +2 -2
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.1/sntp/libopts/alias.c	2012-02-27 01:41:47 -05:00
+++ 1.2/sntp/libopts/alias.c	2012-08-12 00:32:20 -04:00
@@ -2,7 +2,7 @@
 /**
  * \file alias.c
  *
- * Time-stamp:      "2012-02-12 09:41:42 bkorb"
+ * Time-stamp:      "2012-08-11 08:15:43 bkorb"
  *
  *   Automated Options Paged Usage module.
  *
@@ -47,7 +47,7 @@ optionAlias(tOptions * pOpts, tOptDesc *
 {
     tOptDesc * pOD;
 
-    if (pOpts == OPTPROC_EMIT_USAGE)
+    if (pOpts <= OPTPROC_EMIT_LIMIT)
         return 0;
 
     pOD = pOpts->pOptDesc + alias;

==== sntp/libopts/ao-strs.c ====
2012-08-12 04:32:20+00:00, stenn at psp-fb1.ntp.org +52 -52
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.3/sntp/libopts/ao-strs.c	2012-06-18 03:03:09 -04:00
+++ 1.4/sntp/libopts/ao-strs.c	2012-08-12 00:32:20 -04:00
@@ -2,7 +2,7 @@
  * 
  * DO NOT EDIT THIS FILE   (ao-strs.c)
  * 
- * It has been AutoGen-ed  June 17, 2012 at 03:47:34 PM by AutoGen 5.16.1pre8
+ * It has been AutoGen-ed  August 11, 2012 at 09:41:13 AM by AutoGen 5.16.2pre7
  * From the definitions    ao-strs.def
  * and the template file   strings
  *
@@ -38,7 +38,7 @@
  */
 #include "ao-strs.h"
 
-char const ao_strs_strtable[6266] =
+char const ao_strs_strtable[6265] =
 /*     0 */ " \t\n"
             ":=\0"
 /*     6 */ "INVALID-%d\0"
@@ -101,14 +101,14 @@ char const ao_strs_strtable[6266] =
 /*   487 */ "%1$s /tmp/use.%2$lu ; rm -f /tmp/use.%2$lu\0"
 /*   530 */ "# # # # # # # # # # -- do not modify this marker --\n"
             "#\n"
-            "#  DO NOT EDIT THIS SECTION\n\0"
-/*   613 */ "%s OF %s\n"
+            "#  DO NOT EDIT THIS SECTION\0"
+/*   612 */ "%s OF %s\n"
             "#\n"
             "#  From here to the next `-- do not modify this marker --',\n"
             "#  the text has been generated %s\n\0"
-/*   719 */ "#  From the %s option definitions\n"
+/*   718 */ "#  From the %s option definitions\n"
             "#\n\0"
-/*   756 */ "\n"
+/*   755 */ "\n"
             "if test -z \"${%1$s_%2$s}\"\n"
             "then\n"
             "  %1$s_%2$s_CT=0\n"
@@ -117,15 +117,15 @@ char const ao_strs_strtable[6266] =
             "  %1$s_%2$s_1=${%1$s_%2$s}\n"
             "fi\n"
             "export %1$s_%2$s_CT\0"
-/*   877 */ "\n"
+/*   876 */ "\n"
             "%1$s_%2$s=${%1$s_%2$s-'%3$s'}\n"
             "%1$s_%2$s_set=false\n"
             "export %1$s_%2$s\0"
-/*   945 */ "\n"
+/*   944 */ "\n"
             "%1$s_%2$s=${%1$s_%2$s}\n"
             "%1$s_%2$s_set=false\n"
             "export %1$s_%2$s\n\0"
-/*  1007 */ "\n"
+/*  1006 */ "\n"
             "OPT_PROCESS=true\n"
             "OPT_ARG=$1\n"
             "while ${OPT_PROCESS} && [ $# -gt 0 ]\n"
@@ -137,14 +137,14 @@ char const ao_strs_strtable[6266] =
             "        OPT_PROCESS=false\n"
             "        shift\n"
             "        ;;\n\0"
-/*  1201 */ "\n"
+/*  1200 */ "\n"
             "OPT_ARG=$1\n"
             "while [ $# -gt 0 ]\n"
             "do\n"
             "    OPT_ELEMENT=''\n"
             "    OPT_ARG_VAL=''\n"
             "    OPT_ARG=${1}\n\0"
-/*  1291 */ "    if [ -n \"${OPT_ARG_VAL}\" ]\n"
+/*  1290 */ "    if [ -n \"${OPT_ARG_VAL}\" ]\n"
             "    then\n"
             "        eval %1$s_${OPT_NAME}${OPT_ELEMENT}=\"'${OPT_ARG_VAL}'\"\n"
             "        export %1$s_${OPT_NAME}${OPT_ELEMENT}\n"
@@ -158,47 +158,47 @@ char const ao_strs_strtable[6266] =
             "unset OPT_CODE    || :\n"
             "unset OPT_ARG_VAL || :\n"
             "%2$s\0"
-/*  1621 */ "\n"
+/*  1620 */ "\n"
             "# # # # # # # # # #\n"
             "#\n"
             "#  END OF AUTOMATED OPTION PROCESSING\n"
             "#\n"
             "# # # # # # # # # # -- do not modify this marker --\n\0"
-/*  1737 */ "        case \"${OPT_CODE}\" in\n\0"
-/*  1768 */ "        '%s' | \\\n\0"
-/*  1786 */ "        '%s' )\n\0"
-/*  1802 */ "        '%c' )\n\0"
-/*  1818 */ "            ;;\n\n\0"
-/*  1835 */ "        * )\n"
+/*  1736 */ "        case \"${OPT_CODE}\" in\n\0"
+/*  1767 */ "        '%s' | \\\n\0"
+/*  1785 */ "        '%s' )\n\0"
+/*  1801 */ "        '%c' )\n\0"
+/*  1817 */ "            ;;\n\n\0"
+/*  1834 */ "        * )\n"
             "            echo Unknown %s: \"${OPT_CODE}\" >&2\n"
             "            echo \"$%s_USAGE_TEXT\"\n"
             "            exit 1\n"
             "            ;;\n"
             "        esac\n\n\0"
-/*  1977 */ "            echo \"$%s_%s_TEXT\"\n"
+/*  1976 */ "            echo \"$%s_%s_TEXT\"\n"
             "            exit 0\n\0"
-/*  2028 */ "            echo \"$%s_LONGUSAGE_TEXT\" | ${PAGER-more}\n"
+/*  2027 */ "            echo \"$%s_LONGUSAGE_TEXT\" | ${PAGER-more}\n"
             "            exit 0\n\0"
-/*  2102 */ "            %s\n\0"
-/*  2118 */ "            if [ $%1$s_%2$s_CT -ge %3$d ] ; then\n"
+/*  2101 */ "            %s\n\0"
+/*  2117 */ "            if [ $%1$s_%2$s_CT -ge %3$d ] ; then\n"
             "                echo Error:  more than %3$d %2$s options >&2\n"
             "                echo \"$%1$s_USAGE_TEXT\"\n"
             "                exit 1 ; fi\n\0"
-/*  2297 */ "            %1$s_%2$s_CT=`expr ${%1$s_%2$s_CT} + 1`\n"
+/*  2296 */ "            %1$s_%2$s_CT=`expr ${%1$s_%2$s_CT} + 1`\n"
             "            OPT_ELEMENT=\"_${%1$s_%2$s_CT}\"\n"
             "            OPT_NAME='%2$s'\n\0"
-/*  2421 */ "            if [ -n \"${%1$s_%2$s}\" ] && ${%1$s_%2$s_set} ; then\n"
+/*  2420 */ "            if [ -n \"${%1$s_%2$s}\" ] && ${%1$s_%2$s_set} ; then\n"
             "                echo Error:  duplicate %2$s option >&2\n"
             "                echo \"$%1$s_USAGE_TEXT\"\n"
             "                exit 1 ; fi\n"
             "            %1$s_%2$s_set=true\n"
             "            OPT_NAME='%2$s'\n\0"
-/*  2668 */ "            %1$s_%2$s_CT=0\n"
+/*  2667 */ "            %1$s_%2$s_CT=0\n"
             "            OPT_ELEMENT=''\n"
             "            %1$s_%2$s='%3$s'\n"
             "            export %1$s_%2$s\n"
             "            OPT_NAME='%2$s'\n\0"
-/*  2809 */ "            if [ -n \"${%1$s_%2$s}\" ] && ${%1$s_%2$s_set} ; then\n"
+/*  2808 */ "            if [ -n \"${%1$s_%2$s}\" ] && ${%1$s_%2$s_set} ; then\n"
             "                echo 'Error:  duplicate %2$s option' >&2\n"
             "                echo \"$%1$s_USAGE_TEXT\"\n"
             "                exit 1 ; fi\n"
@@ -206,20 +206,20 @@ char const ao_strs_strtable[6266] =
             "            %1$s_%2$s='%3$s'\n"
             "            export %1$s_%2$s\n"
             "            OPT_NAME='%2$s'\n\0"
-/*  3116 */ "            eval %1$s_%2$s${OPT_ELEMENT}=true\n"
+/*  3115 */ "            eval %1$s_%2$s${OPT_ELEMENT}=true\n"
             "            export %1$s_%2$s${OPT_ELEMENT}\n"
             "            OPT_ARG_NEEDED=OK\n\0"
-/*  3236 */ "            OPT_ARG_NEEDED=YES\n\0"
-/*  3268 */ "            eval %1$s_%2$s${OPT_ELEMENT}=true\n"
+/*  3235 */ "            OPT_ARG_NEEDED=YES\n\0"
+/*  3267 */ "            eval %1$s_%2$s${OPT_ELEMENT}=true\n"
             "            export %1$s_%2$s${OPT_ELEMENT}\n"
             "            OPT_ARG_NEEDED=NO\n\0"
-/*  3388 */ "        OPT_CODE=`echo \"X${OPT_ARG}\"|sed 's/^X-*//'`\n"
+/*  3387 */ "        OPT_CODE=`echo \"X${OPT_ARG}\"|sed 's/^X-*//'`\n"
             "        shift\n"
             "        OPT_ARG=$1\n"
             "        case \"${OPT_CODE}\" in *=* )\n"
             "            OPT_ARG_VAL=`echo \"${OPT_CODE}\"|sed 's/^[^=]*=//'`\n"
             "            OPT_CODE=`echo \"${OPT_CODE}\"|sed 's/=.*$//'` ;; esac\n\0"
-/*  3639 */ "        case \"${OPT_ARG_NEEDED}\" in\n"
+/*  3638 */ "        case \"${OPT_ARG_NEEDED}\" in\n"
             "        NO )\n"
             "            OPT_ARG_VAL=''\n"
             "            ;;\n"
@@ -247,9 +247,9 @@ char const ao_strs_strtable[6266] =
             "            fi\n"
             "            ;;\n"
             "        esac\n\0"
-/*  4418 */ "        OPT_CODE=`echo \"X${OPT_ARG}\" | sed 's/X-\\(.\\).*/\\1/'`\n"
+/*  4417 */ "        OPT_CODE=`echo \"X${OPT_ARG}\" | sed 's/X-\\(.\\).*/\\1/'`\n"
             "        OPT_ARG=` echo \"X${OPT_ARG}\" | sed 's/X-.//'`\n\0"
-/*  4535 */ "        case \"${OPT_ARG_NEEDED}\" in\n"
+/*  4534 */ "        case \"${OPT_ARG_NEEDED}\" in\n"
             "        NO )\n"
             "            if [ -n \"${OPT_ARG}\" ]\n"
             "            then\n"
@@ -294,30 +294,30 @@ char const ao_strs_strtable[6266] =
             "            fi\n"
             "            ;;\n"
             "        esac\n\0"
-/*  5689 */ "%1$s_%2$s=%3$d # 0x%3$X\n"
+/*  5688 */ "%1$s_%2$s=%3$d # 0x%3$X\n"
             "export %1$s_%2$s\n\0"
-/*  5731 */ "%1$s_%2$s_CT=%3$d\n"
+/*  5730 */ "%1$s_%2$s_CT=%3$d\n"
             "export %1$s_%2$s_CT\n\0"
-/*  5770 */ "OPTION_CT=%d\n"
+/*  5769 */ "OPTION_CT=%d\n"
             "export OPTION_CT\n\0"
-/*  5801 */ "%1$s_%2$s=%3$s\n"
+/*  5800 */ "%1$s_%2$s=%3$s\n"
             "export %1$s_%2$s\n\0"
-/*  5834 */ "%1$s_%2$s='%3$s'\n"
+/*  5833 */ "%1$s_%2$s='%3$s'\n"
             "export %1$s_%2$s\n\0"
-/*  5869 */ "%1$s_%2$s_MODE='%3$s'\n"
+/*  5868 */ "%1$s_%2$s_MODE='%3$s'\n"
             "export %1$s_%2$s_MODE\n\0"
-/*  5914 */ "echo 'Warning:  Cannot load options files' >&2\0"
-/*  5961 */ "echo 'Warning:  Cannot save options files' >&2\0"
-/*  6008 */ "echo 'Warning:  Cannot suppress the loading of options files' >&2\0"
-/*  6074 */ "%1$s_%2$s_TEXT='no %2$s text'\n\0"
-/*  6105 */ "%s WARNING:  cannot save options - \0"
-/*  6141 */ "<%s/>\n\0"
-/*  6148 */ "<%s>\0"
-/*  6153 */ "</%s>\n\0"
-/*  6160 */ "<%s type=%s>\0"
-/*  6173 */ "<%s type=nested>\n\0"
-/*  6191 */ "#x%02X;\0"
-/*  6199 */ "<%1$s type=boolean>%2$s</%1$s>\n\0"
-/*  6231 */ "<%1$s type=integer>0x%2$lX</%1$s>\n";
+/*  5913 */ "echo 'Warning:  Cannot load options files' >&2\0"
+/*  5960 */ "echo 'Warning:  Cannot save options files' >&2\0"
+/*  6007 */ "echo 'Warning:  Cannot suppress the loading of options files' >&2\0"
+/*  6073 */ "%1$s_%2$s_TEXT='no %2$s text'\n\0"
+/*  6104 */ "%s WARNING:  cannot save options - \0"
+/*  6140 */ "<%s/>\n\0"
+/*  6147 */ "<%s>\0"
+/*  6152 */ "</%s>\n\0"
+/*  6159 */ "<%s type=%s>\0"
+/*  6172 */ "<%s type=nested>\n\0"
+/*  6190 */ "#x%02X;\0"
+/*  6198 */ "<%1$s type=boolean>%2$s</%1$s>\n\0"
+/*  6230 */ "<%1$s type=integer>0x%2$lX</%1$s>\n";
 
 /* end of ao-strs.c */

==== sntp/libopts/ao-strs.h ====
2012-08-12 04:32:20+00:00, stenn at psp-fb1.ntp.org +206 -207
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.2/sntp/libopts/ao-strs.h	2012-06-18 03:03:09 -04:00
+++ 1.3/sntp/libopts/ao-strs.h	2012-08-12 00:32:20 -04:00
@@ -2,7 +2,7 @@
  * 
  * DO NOT EDIT THIS FILE   (ao-strs.h)
  * 
- * It has been AutoGen-ed  June 17, 2012 at 03:47:34 PM by AutoGen 5.16.1pre8
+ * It has been AutoGen-ed  August 11, 2012 at 09:41:13 AM by AutoGen 5.16.2pre7
  * From the definitions    ao-strs.def
  * and the template file   strings
  *
@@ -41,211 +41,210 @@
 /*
  * 102 strings in ao_strs_strtable string table
  */
-#define ARG_BREAK_STR                   (ao_strs_strtable+0)
-#define ARG_BREAK_STR_LEN               5
-#define INVALID_FMT                     (ao_strs_strtable+6)
-#define INVALID_FMT_LEN                 10
-#define INVALID_STR                     (ao_strs_strtable+17)
-#define INVALID_STR_LEN                 9
-#define NONE_STR                        (ao_strs_strtable+27)
-#define NONE_STR_LEN                    4
-#define PLUS_STR                        (ao_strs_strtable+32)
-#define PLUS_STR_LEN                    3
-#define OR_STR                          (ao_strs_strtable+36)
-#define OR_STR_LEN                      3
-#define NLSTR_FMT                       (ao_strs_strtable+40)
-#define NLSTR_FMT_LEN                   3
-#define PAGER_NAME                      (ao_strs_strtable+44)
-#define PAGER_NAME_LEN                  5
-#define TMP_USAGE_FMT                   (ao_strs_strtable+50)
-#define TMP_USAGE_FMT_LEN               12
-#define MORE_STR                        (ao_strs_strtable+63)
-#define MORE_STR_LEN                    4
-#define LONG_OPT_MARK                   (ao_strs_strtable+68)
-#define LONG_OPT_MARK_LEN               10
-#define NLSTR_SPACE_FMT                 (ao_strs_strtable+79)
-#define NLSTR_SPACE_FMT_LEN             5
-#define TWO_SPACES_STR                  (ao_strs_strtable+85)
-#define TWO_SPACES_STR_LEN              2
-#define FLAG_OPT_MARK                   (ao_strs_strtable+88)
-#define FLAG_OPT_MARK_LEN               9
-#define END_OPT_SEL_STR                 (ao_strs_strtable+98)
-#define END_OPT_SEL_STR_LEN             12
-#define STDOUT                          (ao_strs_strtable+111)
-#define STDOUT_LEN                      6
-#define TIME_FMT                        (ao_strs_strtable+118)
-#define TIME_FMT_LEN                    21
-#define SHELL_MAGIC                     (ao_strs_strtable+140)
-#define SHELL_MAGIC_LEN                 6
-#define OPT_VAL_FMT                     (ao_strs_strtable+147)
-#define OPT_VAL_FMT_LEN                 6
-#define OPT_END_FMT                     (ao_strs_strtable+154)
-#define OPT_END_FMT_LEN                 14
-#define EMPTY_ARG                       (ao_strs_strtable+169)
-#define EMPTY_ARG_LEN                   2
-#define QUOT_APOS                       (ao_strs_strtable+172)
-#define QUOT_APOS_LEN                   2
-#define QUOT_ARG_FMT                    (ao_strs_strtable+175)
-#define QUOT_ARG_FMT_LEN                4
-#define ARG_BY_NUM_FMT                  (ao_strs_strtable+180)
-#define ARG_BY_NUM_FMT_LEN              9
-#define EXPORT_ARG_FMT                  (ao_strs_strtable+190)
-#define EXPORT_ARG_FMT_LEN              17
-#define set_dash                        (ao_strs_strtable+208)
-#define set_dash_LEN                    6
-#define arg_fmt                         (ao_strs_strtable+215)
-#define arg_fmt_LEN                     5
-#define apostrophy                      (ao_strs_strtable+221)
-#define apostrophy_LEN                  4
-#define init_optct                      (ao_strs_strtable+226)
-#define init_optct_LEN                  13
-#define SHOW_VAL_FMT                    (ao_strs_strtable+240)
-#define SHOW_VAL_FMT_LEN                17
-#define TRUE_STR                        (ao_strs_strtable+258)
-#define TRUE_STR_LEN                    4
-#define FALSE_STR                       (ao_strs_strtable+263)
-#define FALSE_STR_LEN                   5
-#define VER_STR                         (ao_strs_strtable+269)
-#define VER_STR_LEN                     7
-#define OK_NEED_OPT_ARG                 (ao_strs_strtable+277)
-#define OK_NEED_OPT_ARG_LEN             17
-#define NO_ARG_NEEDED                   (ao_strs_strtable+295)
-#define NO_ARG_NEEDED_LEN               17
-#define YES_NEED_OPT_ARG                (ao_strs_strtable+313)
-#define YES_NEED_OPT_ARG_LEN            18
-#define LONG_USE_STR                    (ao_strs_strtable+332)
-#define LONG_USE_STR_LEN                9
-#define FLAG_STR                        (ao_strs_strtable+342)
-#define FLAG_STR_LEN                    4
-#define SET_TEXT_FMT                    (ao_strs_strtable+347)
-#define SET_TEXT_FMT_LEN                12
-#define END_SET_TEXT                    (ao_strs_strtable+360)
-#define END_SET_TEXT_LEN                3
-#define OPTION_STR                      (ao_strs_strtable+364)
-#define OPTION_STR_LEN                  6
-#define SHOW_PROG_ENV                   (ao_strs_strtable+371)
-#define SHOW_PROG_ENV_LEN               19
-#define SET_OFF_FMT                     (ao_strs_strtable+391)
-#define SET_OFF_FMT_LEN                 6
-#define LONG_OPT_MARKER                 (ao_strs_strtable+398)
-#define LONG_OPT_MARKER_LEN             2
-#define BULLET_STR                      (ao_strs_strtable+401)
-#define BULLET_STR_LEN                  6
-#define DEEP_INDENT_STR                 (ao_strs_strtable+408)
-#define DEEP_INDENT_STR_LEN             6
-#define ONE_TAB_STR                     (ao_strs_strtable+415)
-#define ONE_TAB_STR_LEN                 1
-#define NOT_FOUND_STR                   (ao_strs_strtable+417)
-#define NOT_FOUND_STR_LEN               56
-#define ENUM_ERR_SEP_LINE_FMT           (ao_strs_strtable+474)
-#define ENUM_ERR_SEP_LINE_FMT_LEN       5
-#define ENUM_ERR_STR_WIDTH_FMT          (ao_strs_strtable+480)
-#define ENUM_ERR_STR_WIDTH_FMT_LEN      6
-#define PAGE_USAGE_FMT                  (ao_strs_strtable+487)
-#define PAGE_USAGE_FMT_LEN              42
-#define START_MARK                      (ao_strs_strtable+530)
-#define START_MARK_LEN                  82
-#define PREAMBLE_FMT                    (ao_strs_strtable+613)
-#define PREAMBLE_FMT_LEN                105
-#define END_PRE_FMT                     (ao_strs_strtable+719)
-#define END_PRE_FMT_LEN                 36
-#define MULTI_DEF_FMT                   (ao_strs_strtable+756)
-#define MULTI_DEF_FMT_LEN               120
-#define SGL_DEF_FMT                     (ao_strs_strtable+877)
-#define SGL_DEF_FMT_LEN                 67
-#define SGL_NO_DEF_FMT                  (ao_strs_strtable+945)
-#define SGL_NO_DEF_FMT_LEN              61
-#define LOOP_STR                        (ao_strs_strtable+1007)
-#define LOOP_STR_LEN                    193
-#define ONLY_OPTS_LOOP                  (ao_strs_strtable+1201)
-#define ONLY_OPTS_LOOP_LEN              89
-#define zLoopEnd                        (ao_strs_strtable+1291)
-#define zLoopEnd_LEN                    329
-#define END_MARK                        (ao_strs_strtable+1621)
-#define END_MARK_LEN                    115
-#define zOptionCase                     (ao_strs_strtable+1737)
-#define zOptionCase_LEN                 30
-#define zOptionPartName                 (ao_strs_strtable+1768)
-#define zOptionPartName_LEN             17
-#define zOptionFullName                 (ao_strs_strtable+1786)
-#define zOptionFullName_LEN             15
-#define zOptionFlag                     (ao_strs_strtable+1802)
-#define zOptionFlag_LEN                 15
-#define zOptionEndSelect                (ao_strs_strtable+1818)
-#define zOptionEndSelect_LEN            16
-#define UNK_OPT_FMT                     (ao_strs_strtable+1835)
-#define UNK_OPT_FMT_LEN                 141
-#define zTextExit                       (ao_strs_strtable+1977)
-#define zTextExit_LEN                   50
-#define zPagedUsageExit                 (ao_strs_strtable+2028)
-#define zPagedUsageExit_LEN             73
-#define zCmdFmt                         (ao_strs_strtable+2102)
-#define zCmdFmt_LEN                     15
-#define zCountTest                      (ao_strs_strtable+2118)
-#define zCountTest_LEN                  178
-#define MULTI_ARG_FMT                   (ao_strs_strtable+2297)
-#define MULTI_ARG_FMT_LEN               123
-#define SGL_ARG_FMT                     (ao_strs_strtable+2421)
-#define SGL_ARG_FMT_LEN                 246
-#define NO_MULTI_ARG_FMT                (ao_strs_strtable+2668)
-#define NO_MULTI_ARG_FMT_LEN            140
-#define NO_SGL_ARG_FMT                  (ao_strs_strtable+2809)
-#define NO_SGL_ARG_FMT_LEN              306
-#define zMayArg                         (ao_strs_strtable+3116)
-#define zMayArg_LEN                     119
-#define zMustArg                        (ao_strs_strtable+3236)
-#define zMustArg_LEN                    31
-#define zCantArg                        (ao_strs_strtable+3268)
-#define zCantArg_LEN                    119
-#define INIT_LOPT_STR                   (ao_strs_strtable+3388)
-#define INIT_LOPT_STR_LEN               250
-#define LOPT_ARG_FMT                    (ao_strs_strtable+3639)
-#define LOPT_ARG_FMT_LEN                778
-#define INIT_OPT_STR                    (ao_strs_strtable+4418)
-#define INIT_OPT_STR_LEN                116
-#define OPT_ARG_FMT                     (ao_strs_strtable+4535)
-#define OPT_ARG_FMT_LEN                 1153
-#define zOptNumFmt                      (ao_strs_strtable+5689)
-#define zOptNumFmt_LEN                  41
-#define zOptCookieCt                    (ao_strs_strtable+5731)
-#define zOptCookieCt_LEN                38
-#define zOptCtFmt                       (ao_strs_strtable+5770)
-#define zOptCtFmt_LEN                   30
-#define zOptDisabl                      (ao_strs_strtable+5801)
-#define zOptDisabl_LEN                  32
-#define zFullOptFmt                     (ao_strs_strtable+5834)
-#define zFullOptFmt_LEN                 34
-#define zEquivMode                      (ao_strs_strtable+5869)
-#define zEquivMode_LEN                  44
-#define NO_LOAD_WARN                    (ao_strs_strtable+5914)
-#define NO_LOAD_WARN_LEN                46
-#define NO_SAVE_OPTS                    (ao_strs_strtable+5961)
-#define NO_SAVE_OPTS_LEN                46
-#define NO_SUPPRESS_LOAD                (ao_strs_strtable+6008)
-#define NO_SUPPRESS_LOAD_LEN            65
-#define SET_NO_TEXT_FMT                 (ao_strs_strtable+6074)
-#define SET_NO_TEXT_FMT_LEN             30
-#define SAVE_WARN                       (ao_strs_strtable+6105)
-#define SAVE_WARN_LEN                   35
-#define OPEN_CLOSE_FMT                  (ao_strs_strtable+6141)
-#define OPEN_CLOSE_FMT_LEN              6
-#define OPEN_XML_FMT                    (ao_strs_strtable+6148)
-#define OPEN_XML_FMT_LEN                4
-#define END_XML_FMT                     (ao_strs_strtable+6153)
-#define END_XML_FMT_LEN                 6
-#define TYPE_ATR_FMT                    (ao_strs_strtable+6160)
-#define TYPE_ATR_FMT_LEN                12
-#define NULL_ATR_FMT                    (ao_strs_strtable+6141)
-#define NULL_ATR_FMT_LEN                6
-#define NESTED_OPT_FMT                  (ao_strs_strtable+6173)
-#define NESTED_OPT_FMT_LEN              17
-#define XML_HEX_BYTE_FMT                (ao_strs_strtable+6191)
-#define XML_HEX_BYTE_FMT_LEN            7
-#define BOOL_ATR_FMT                    (ao_strs_strtable+6199)
-#define BOOL_ATR_FMT_LEN                31
-#define NUMB_ATR_FMT                    (ao_strs_strtable+6231)
-#define NUMB_ATR_FMT_LEN                34
-
-extern char const ao_strs_strtable[6266];
+#define ARG_BREAK_STR               (ao_strs_strtable+0)
+#define ARG_BREAK_STR_LEN           5
+#define ARG_BY_NUM_FMT              (ao_strs_strtable+180)
+#define ARG_BY_NUM_FMT_LEN          9
+#define BOOL_ATR_FMT                (ao_strs_strtable+6198)
+#define BOOL_ATR_FMT_LEN            31
+#define BULLET_STR                  (ao_strs_strtable+401)
+#define BULLET_STR_LEN              6
+#define DEEP_INDENT_STR             (ao_strs_strtable+408)
+#define DEEP_INDENT_STR_LEN         6
+#define EMPTY_ARG                   (ao_strs_strtable+169)
+#define EMPTY_ARG_LEN               2
+#define END_MARK                    (ao_strs_strtable+1620)
+#define END_MARK_LEN                115
+#define END_OPT_SEL_STR             (ao_strs_strtable+98)
+#define END_OPT_SEL_STR_LEN         12
+#define END_PRE_FMT                 (ao_strs_strtable+718)
+#define END_PRE_FMT_LEN             36
+#define END_SET_TEXT                (ao_strs_strtable+360)
+#define END_SET_TEXT_LEN            3
+#define END_XML_FMT                 (ao_strs_strtable+6152)
+#define END_XML_FMT_LEN             6
+#define ENUM_ERR_SEP_LINE_FMT       (ao_strs_strtable+474)
+#define ENUM_ERR_SEP_LINE_FMT_LEN   5
+#define ENUM_ERR_STR_WIDTH_FMT      (ao_strs_strtable+480)
+#define ENUM_ERR_STR_WIDTH_FMT_LEN  6
+#define EXPORT_ARG_FMT              (ao_strs_strtable+190)
+#define EXPORT_ARG_FMT_LEN          17
+#define FALSE_STR                   (ao_strs_strtable+263)
+#define FALSE_STR_LEN               5
+#define FLAG_OPT_MARK               (ao_strs_strtable+88)
+#define FLAG_OPT_MARK_LEN           9
+#define FLAG_STR                    (ao_strs_strtable+342)
+#define FLAG_STR_LEN                4
+#define INIT_LOPT_STR               (ao_strs_strtable+3387)
+#define INIT_LOPT_STR_LEN           250
+#define INIT_OPT_STR                (ao_strs_strtable+4417)
+#define INIT_OPT_STR_LEN            116
+#define INVALID_FMT                 (ao_strs_strtable+6)
+#define INVALID_FMT_LEN             10
+#define INVALID_STR                 (ao_strs_strtable+17)
+#define INVALID_STR_LEN             9
+#define LONG_OPT_MARK               (ao_strs_strtable+68)
+#define LONG_OPT_MARKER             (ao_strs_strtable+398)
+#define LONG_OPT_MARKER_LEN         2
+#define LONG_OPT_MARK_LEN           10
+#define LONG_USE_STR                (ao_strs_strtable+332)
+#define LONG_USE_STR_LEN            9
+#define LOOP_STR                    (ao_strs_strtable+1006)
+#define LOOP_STR_LEN                193
+#define LOPT_ARG_FMT                (ao_strs_strtable+3638)
+#define LOPT_ARG_FMT_LEN            778
+#define MORE_STR                    (ao_strs_strtable+63)
+#define MORE_STR_LEN                4
+#define MULTI_ARG_FMT               (ao_strs_strtable+2296)
+#define MULTI_ARG_FMT_LEN           123
+#define MULTI_DEF_FMT               (ao_strs_strtable+755)
+#define MULTI_DEF_FMT_LEN           120
+#define NESTED_OPT_FMT              (ao_strs_strtable+6172)
+#define NESTED_OPT_FMT_LEN          17
+#define NLSTR_FMT                   (ao_strs_strtable+40)
+#define NLSTR_FMT_LEN               3
+#define NLSTR_SPACE_FMT             (ao_strs_strtable+79)
+#define NLSTR_SPACE_FMT_LEN         5
+#define NONE_STR                    (ao_strs_strtable+27)
+#define NONE_STR_LEN                4
+#define NOT_FOUND_STR               (ao_strs_strtable+417)
+#define NOT_FOUND_STR_LEN           56
+#define NO_ARG_NEEDED               (ao_strs_strtable+295)
+#define NO_ARG_NEEDED_LEN           17
+#define NO_LOAD_WARN                (ao_strs_strtable+5913)
+#define NO_LOAD_WARN_LEN            46
+#define NO_MULTI_ARG_FMT            (ao_strs_strtable+2667)
+#define NO_MULTI_ARG_FMT_LEN        140
+#define NO_SAVE_OPTS                (ao_strs_strtable+5960)
+#define NO_SAVE_OPTS_LEN            46
+#define NO_SGL_ARG_FMT              (ao_strs_strtable+2808)
+#define NO_SGL_ARG_FMT_LEN          306
+#define NO_SUPPRESS_LOAD            (ao_strs_strtable+6007)
+#define NO_SUPPRESS_LOAD_LEN        65
+#define NULL_ATR_FMT                (ao_strs_strtable+6140)
+#define NULL_ATR_FMT_LEN            6
+#define NUMB_ATR_FMT                (ao_strs_strtable+6230)
+#define NUMB_ATR_FMT_LEN            34
+#define OK_NEED_OPT_ARG             (ao_strs_strtable+277)
+#define OK_NEED_OPT_ARG_LEN         17
+#define ONE_TAB_STR                 (ao_strs_strtable+415)
+#define ONE_TAB_STR_LEN             1
+#define ONLY_OPTS_LOOP              (ao_strs_strtable+1200)
+#define ONLY_OPTS_LOOP_LEN          89
+#define OPEN_CLOSE_FMT              (ao_strs_strtable+6140)
+#define OPEN_CLOSE_FMT_LEN          6
+#define OPEN_XML_FMT                (ao_strs_strtable+6147)
+#define OPEN_XML_FMT_LEN            4
+#define OPTION_STR                  (ao_strs_strtable+364)
+#define OPTION_STR_LEN              6
+#define OPT_ARG_FMT                 (ao_strs_strtable+4534)
+#define OPT_ARG_FMT_LEN             1153
+#define OPT_END_FMT                 (ao_strs_strtable+154)
+#define OPT_END_FMT_LEN             14
+#define OPT_VAL_FMT                 (ao_strs_strtable+147)
+#define OPT_VAL_FMT_LEN             6
+#define OR_STR                      (ao_strs_strtable+36)
+#define OR_STR_LEN                  3
+#define PAGER_NAME                  (ao_strs_strtable+44)
+#define PAGER_NAME_LEN              5
+#define PAGE_USAGE_FMT              (ao_strs_strtable+487)
+#define PAGE_USAGE_FMT_LEN          42
+#define PLUS_STR                    (ao_strs_strtable+32)
+#define PLUS_STR_LEN                3
+#define PREAMBLE_FMT                (ao_strs_strtable+612)
+#define PREAMBLE_FMT_LEN            105
+#define QUOT_APOS                   (ao_strs_strtable+172)
+#define QUOT_APOS_LEN               2
+#define QUOT_ARG_FMT                (ao_strs_strtable+175)
+#define QUOT_ARG_FMT_LEN            4
+#define SAVE_WARN                   (ao_strs_strtable+6104)
+#define SAVE_WARN_LEN               35
+#define SET_NO_TEXT_FMT             (ao_strs_strtable+6073)
+#define SET_NO_TEXT_FMT_LEN         30
+#define SET_OFF_FMT                 (ao_strs_strtable+391)
+#define SET_OFF_FMT_LEN             6
+#define SET_TEXT_FMT                (ao_strs_strtable+347)
+#define SET_TEXT_FMT_LEN            12
+#define SGL_ARG_FMT                 (ao_strs_strtable+2420)
+#define SGL_ARG_FMT_LEN             246
+#define SGL_DEF_FMT                 (ao_strs_strtable+876)
+#define SGL_DEF_FMT_LEN             67
+#define SGL_NO_DEF_FMT              (ao_strs_strtable+944)
+#define SGL_NO_DEF_FMT_LEN          61
+#define SHELL_MAGIC                 (ao_strs_strtable+140)
+#define SHELL_MAGIC_LEN             6
+#define SHOW_PROG_ENV               (ao_strs_strtable+371)
+#define SHOW_PROG_ENV_LEN           19
+#define SHOW_VAL_FMT                (ao_strs_strtable+240)
+#define SHOW_VAL_FMT_LEN            17
+#define START_MARK                  (ao_strs_strtable+530)
+#define START_MARK_LEN              81
+#define STDOUT                      (ao_strs_strtable+111)
+#define STDOUT_LEN                  6
+#define TIME_FMT                    (ao_strs_strtable+118)
+#define TIME_FMT_LEN                21
+#define TMP_USAGE_FMT               (ao_strs_strtable+50)
+#define TMP_USAGE_FMT_LEN           12
+#define TRUE_STR                    (ao_strs_strtable+258)
+#define TRUE_STR_LEN                4
+#define TWO_SPACES_STR              (ao_strs_strtable+85)
+#define TWO_SPACES_STR_LEN          2
+#define TYPE_ATR_FMT                (ao_strs_strtable+6159)
+#define TYPE_ATR_FMT_LEN            12
+#define UNK_OPT_FMT                 (ao_strs_strtable+1834)
+#define UNK_OPT_FMT_LEN             141
+#define VER_STR                     (ao_strs_strtable+269)
+#define VER_STR_LEN                 7
+#define XML_HEX_BYTE_FMT            (ao_strs_strtable+6190)
+#define XML_HEX_BYTE_FMT_LEN        7
+#define YES_NEED_OPT_ARG            (ao_strs_strtable+313)
+#define YES_NEED_OPT_ARG_LEN        18
+#define apostrophy                  (ao_strs_strtable+221)
+#define apostrophy_LEN              4
+#define arg_fmt                     (ao_strs_strtable+215)
+#define arg_fmt_LEN                 5
+#define init_optct                  (ao_strs_strtable+226)
+#define init_optct_LEN              13
+#define set_dash                    (ao_strs_strtable+208)
+#define set_dash_LEN                6
+#define zCantArg                    (ao_strs_strtable+3267)
+#define zCantArg_LEN                119
+#define zCmdFmt                     (ao_strs_strtable+2101)
+#define zCmdFmt_LEN                 15
+#define zCountTest                  (ao_strs_strtable+2117)
+#define zCountTest_LEN              178
+#define zEquivMode                  (ao_strs_strtable+5868)
+#define zEquivMode_LEN              44
+#define zFullOptFmt                 (ao_strs_strtable+5833)
+#define zFullOptFmt_LEN             34
+#define zLoopEnd                    (ao_strs_strtable+1290)
+#define zLoopEnd_LEN                329
+#define zMayArg                     (ao_strs_strtable+3115)
+#define zMayArg_LEN                 119
+#define zMustArg                    (ao_strs_strtable+3235)
+#define zMustArg_LEN                31
+#define zOptCookieCt                (ao_strs_strtable+5730)
+#define zOptCookieCt_LEN            38
+#define zOptCtFmt                   (ao_strs_strtable+5769)
+#define zOptCtFmt_LEN               30
+#define zOptDisabl                  (ao_strs_strtable+5800)
+#define zOptDisabl_LEN              32
+#define zOptNumFmt                  (ao_strs_strtable+5688)
+#define zOptNumFmt_LEN              41
+#define zOptionCase                 (ao_strs_strtable+1736)
+#define zOptionCase_LEN             30
+#define zOptionEndSelect            (ao_strs_strtable+1817)
+#define zOptionEndSelect_LEN        16
+#define zOptionFlag                 (ao_strs_strtable+1801)
+#define zOptionFlag_LEN             15
+#define zOptionFullName             (ao_strs_strtable+1785)
+#define zOptionFullName_LEN         15
+#define zOptionPartName             (ao_strs_strtable+1767)
+#define zOptionPartName_LEN         17
+#define zPagedUsageExit             (ao_strs_strtable+2027)
+#define zPagedUsageExit_LEN         73
+#define zTextExit                   (ao_strs_strtable+1976)
+#define zTextExit_LEN               50
+extern char const ao_strs_strtable[6265];
 
 #endif /* STRINGS_AO_STRS_H_GUARD */

==== sntp/libopts/autoopts/options.h ====
2012-08-12 04:32:21+00:00, stenn at psp-fb1.ntp.org +8 -7
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.16/sntp/libopts/autoopts/options.h	2012-06-18 03:03:15 -04:00
+++ 1.17/sntp/libopts/autoopts/options.h	2012-08-12 00:32:21 -04:00
@@ -2,7 +2,7 @@
  *  
  *  DO NOT EDIT THIS FILE   (options.h)
  *  
- *  It has been AutoGen-ed  June 17, 2012 at 03:47:39 PM by AutoGen 5.16.1pre8
+ *  It has been AutoGen-ed  August 11, 2012 at 09:41:18 AM by AutoGen 5.16.2pre7
  *  From the definitions    funcs.def
  *  and the template file   options_h
  *
@@ -86,8 +86,8 @@
  *  See the relevant generated header file to determine which and what
  *  values for "opt_name" are available.
  */
-#define OPTIONS_STRUCT_VERSION      147460
-#define OPTIONS_VERSION_STRING      "36:4:11"
+#define OPTIONS_STRUCT_VERSION      147461
+#define OPTIONS_VERSION_STRING      "36:5:11"
 #define OPTIONS_MINIMUM_VERSION     102400
 #define OPTIONS_MIN_VER_STRING      "25:0:0"
 #define OPTIONS_VER_TO_NUM(_v, _r)  (((_v) * 4096) + (_r))
@@ -718,13 +718,13 @@ extern void optionFree(tOptions*);
 extern const tOptionValue* optionGetValue(const tOptionValue*, char const*);
 
 
-/* From: load.c line 475
+/* From: load.c line 478
  *
  * optionLoadLine - process a string for an option name and value
  *
  * Arguments:
- *   pOpts        program options descriptor
- *   pzLine       NUL-terminated text
+ *   opts         program options descriptor
+ *   line         NUL-terminated text
  *
  *  This is a client program callable routine for setting options from, for
  *  example, the contents of a file that they read in.  Only one option may
@@ -733,7 +733,8 @@ extern const tOptionValue* optionGetValu
  *  When passed a pointer to the option struct and a string, it will find
  *  the option named by the first token on the string and set the option
  *  argument to the remainder of the string.  The caller must NUL terminate
- *  the string.  Any embedded new lines will be included in the option
+ *  the string.  The caller need not skip over any introductory hyphens.
+ *  Any embedded new lines will be included in the option
  *  argument.  If the input looks like one or more quoted strings, then the
  *  input will be "cooked".  The "cooking" is identical to the string
  *  formation used in AutoGen definition files (@pxref{basic expression}),

==== sntp/libopts/autoopts/usage-txt.h ====
2012-08-12 04:32:21+00:00, stenn at psp-fb1.ntp.org +185 -183
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.16/sntp/libopts/autoopts/usage-txt.h	2012-06-18 03:03:15 -04:00
+++ 1.17/sntp/libopts/autoopts/usage-txt.h	2012-08-12 00:32:21 -04:00
@@ -2,12 +2,12 @@
  *  
  *  DO NOT EDIT THIS FILE   (usage-txt.h)
  *  
- *  It has been AutoGen-ed  June 17, 2012 at 03:47:37 PM by AutoGen 5.16.1pre8
+ *  It has been AutoGen-ed  August 11, 2012 at 09:41:15 AM by AutoGen 5.16.2pre7
  *  From the definitions    usage-txt.def
  *  and the template file   usage-txt.tpl
  *
  *  This file handles all the bookkeeping required for tracking all the little
- *  tiny strings used by the AutoOpts library.  There are 145
+ *  tiny strings used by the AutoOpts library.  There are 146
  *  of them.  This is not versioned because it is entirely internal to the
  *  library and accessed by client code only in a very well-controlled way:
  *  they may substitute translated strings using a procedure that steps through
@@ -50,7 +50,7 @@ typedef struct {
   char*     utpz_GnuTimeArg;
   char*     utpz_GnuNumArg;
   char*     utpz_GnuStrArg;
-  cch_t*    apz_str[ 138 ];
+  cch_t*    apz_str[ 139 ];
 } usage_text_t;
 
 /*
@@ -129,85 +129,86 @@ extern usage_text_t option_usage_text;
 #define zIllVendOptStr        (option_usage_text.apz_str[ 56])
 #define zIntRange             (option_usage_text.apz_str[ 57])
 #define zInvalOptDesc         (option_usage_text.apz_str[ 58])
-#define zLowerBits            (option_usage_text.apz_str[ 59])
-#define zMembers              (option_usage_text.apz_str[ 60])
-#define zMisArg               (option_usage_text.apz_str[ 61])
-#define zMultiEquiv           (option_usage_text.apz_str[ 62])
-#define zMust                 (option_usage_text.apz_str[ 63])
-#define zNeedOne              (option_usage_text.apz_str[ 64])
-#define zNoArg                (option_usage_text.apz_str[ 65])
-#define zNoArgs               (option_usage_text.apz_str[ 66])
-#define zNoCreat              (option_usage_text.apz_str[ 67])
-#define zNoFlags              (option_usage_text.apz_str[ 68])
-#define zNoKey                (option_usage_text.apz_str[ 69])
-#define zNoLim                (option_usage_text.apz_str[ 70])
-#define zNoPreset             (option_usage_text.apz_str[ 71])
-#define zNoResetArg           (option_usage_text.apz_str[ 72])
-#define zNoRq_NoShrtTtl       (option_usage_text.apz_str[ 73])
-#define zNoRq_ShrtTtl         (option_usage_text.apz_str[ 74])
-#define zNoStat               (option_usage_text.apz_str[ 75])
-#define zNoState              (option_usage_text.apz_str[ 76])
-#define zNone                 (option_usage_text.apz_str[ 77])
-#define zNotDef               (option_usage_text.apz_str[ 78])
-#define zNotCmdOpt            (option_usage_text.apz_str[ 79])
-#define zNotEnough            (option_usage_text.apz_str[ 80])
-#define zNotFile              (option_usage_text.apz_str[ 81])
-#define zNotNumber            (option_usage_text.apz_str[ 82])
-#define zNotDate              (option_usage_text.apz_str[ 83])
-#define zNotDuration          (option_usage_text.apz_str[ 84])
-#define zNrmOptFmt            (option_usage_text.apz_str[ 85])
-#define zNumberOpt            (option_usage_text.apz_str[ 86])
-#define zOnlyOne              (option_usage_text.apz_str[ 87])
-#define zOptsOnly             (option_usage_text.apz_str[ 88])
-#define zOutputFail           (option_usage_text.apz_str[ 89])
-#define zPathFmt              (option_usage_text.apz_str[ 90])
-#define zPlsSendBugs          (option_usage_text.apz_str[ 91])
-#define zPreset               (option_usage_text.apz_str[ 92])
-#define zPresetFile           (option_usage_text.apz_str[ 93])
-#define zPresetIntro          (option_usage_text.apz_str[ 94])
-#define zProhib               (option_usage_text.apz_str[ 95])
-#define zReorder              (option_usage_text.apz_str[ 96])
-#define zRange                (option_usage_text.apz_str[ 97])
-#define zRangeAbove           (option_usage_text.apz_str[ 98])
-#define zRangeLie             (option_usage_text.apz_str[ 99])
-#define zRangeOnly            (option_usage_text.apz_str[100])
-#define zRangeOr              (option_usage_text.apz_str[101])
-#define zRangeErr             (option_usage_text.apz_str[102])
-#define zRangeExact           (option_usage_text.apz_str[103])
-#define zRangeScaled          (option_usage_text.apz_str[104])
-#define zRangeUpto            (option_usage_text.apz_str[105])
-#define zResetNotConfig       (option_usage_text.apz_str[106])
-#define zReqFmt               (option_usage_text.apz_str[107])
-#define zReqOptFmt            (option_usage_text.apz_str[108])
-#define zReqThese             (option_usage_text.apz_str[109])
-#define zReq_NoShrtTtl        (option_usage_text.apz_str[110])
-#define zReq_ShrtTtl          (option_usage_text.apz_str[111])
-#define zSepChars             (option_usage_text.apz_str[112])
-#define zSetMemberSettings    (option_usage_text.apz_str[113])
-#define zShrtGnuOptFmt        (option_usage_text.apz_str[114])
-#define zSixSpaces            (option_usage_text.apz_str[115])
-#define zStdBoolArg           (option_usage_text.apz_str[116])
-#define zStdBreak             (option_usage_text.apz_str[117])
-#define zStdFileArg           (option_usage_text.apz_str[118])
-#define zStdKeyArg            (option_usage_text.apz_str[119])
-#define zStdKeyLArg           (option_usage_text.apz_str[120])
-#define zStdTimeArg           (option_usage_text.apz_str[121])
-#define zStdNestArg           (option_usage_text.apz_str[122])
-#define zStdNoArg             (option_usage_text.apz_str[123])
-#define zStdNumArg            (option_usage_text.apz_str[124])
-#define zStdOptArg            (option_usage_text.apz_str[125])
-#define zStdReqArg            (option_usage_text.apz_str[126])
-#define zStdStrArg            (option_usage_text.apz_str[127])
-#define zTabHyp               (option_usage_text.apz_str[128])
-#define zTabHypAnd            (option_usage_text.apz_str[129])
-#define zTabout               (option_usage_text.apz_str[130])
-#define zThreeSpaces          (option_usage_text.apz_str[131])
-#define zTooLarge             (option_usage_text.apz_str[132])
-#define zTwoSpaces            (option_usage_text.apz_str[133])
-#define zUpTo                 (option_usage_text.apz_str[134])
-#define zValidKeys            (option_usage_text.apz_str[135])
-#define zVendOptsAre          (option_usage_text.apz_str[136])
-#define zVendIntro            (option_usage_text.apz_str[137])
+#define zInvalOptName         (option_usage_text.apz_str[ 59])
+#define zLowerBits            (option_usage_text.apz_str[ 60])
+#define zMembers              (option_usage_text.apz_str[ 61])
+#define zMisArg               (option_usage_text.apz_str[ 62])
+#define zMultiEquiv           (option_usage_text.apz_str[ 63])
+#define zMust                 (option_usage_text.apz_str[ 64])
+#define zNeedOne              (option_usage_text.apz_str[ 65])
+#define zNoArg                (option_usage_text.apz_str[ 66])
+#define zNoArgs               (option_usage_text.apz_str[ 67])
+#define zNoCreat              (option_usage_text.apz_str[ 68])
+#define zNoFlags              (option_usage_text.apz_str[ 69])
+#define zNoKey                (option_usage_text.apz_str[ 70])
+#define zNoLim                (option_usage_text.apz_str[ 71])
+#define zNoPreset             (option_usage_text.apz_str[ 72])
+#define zNoResetArg           (option_usage_text.apz_str[ 73])
+#define zNoRq_NoShrtTtl       (option_usage_text.apz_str[ 74])
+#define zNoRq_ShrtTtl         (option_usage_text.apz_str[ 75])
+#define zNoStat               (option_usage_text.apz_str[ 76])
+#define zNoState              (option_usage_text.apz_str[ 77])
+#define zNone                 (option_usage_text.apz_str[ 78])
+#define zNotDef               (option_usage_text.apz_str[ 79])
+#define zNotCmdOpt            (option_usage_text.apz_str[ 80])
+#define zNotEnough            (option_usage_text.apz_str[ 81])
+#define zNotFile              (option_usage_text.apz_str[ 82])
+#define zNotNumber            (option_usage_text.apz_str[ 83])
+#define zNotDate              (option_usage_text.apz_str[ 84])
+#define zNotDuration          (option_usage_text.apz_str[ 85])
+#define zNrmOptFmt            (option_usage_text.apz_str[ 86])
+#define zNumberOpt            (option_usage_text.apz_str[ 87])
+#define zOnlyOne              (option_usage_text.apz_str[ 88])
+#define zOptsOnly             (option_usage_text.apz_str[ 89])
+#define zOutputFail           (option_usage_text.apz_str[ 90])
+#define zPathFmt              (option_usage_text.apz_str[ 91])
+#define zPlsSendBugs          (option_usage_text.apz_str[ 92])
+#define zPreset               (option_usage_text.apz_str[ 93])
+#define zPresetFile           (option_usage_text.apz_str[ 94])
+#define zPresetIntro          (option_usage_text.apz_str[ 95])
+#define zProhib               (option_usage_text.apz_str[ 96])
+#define zReorder              (option_usage_text.apz_str[ 97])
+#define zRange                (option_usage_text.apz_str[ 98])
+#define zRangeAbove           (option_usage_text.apz_str[ 99])
+#define zRangeLie             (option_usage_text.apz_str[100])
+#define zRangeOnly            (option_usage_text.apz_str[101])
+#define zRangeOr              (option_usage_text.apz_str[102])
+#define zRangeErr             (option_usage_text.apz_str[103])
+#define zRangeExact           (option_usage_text.apz_str[104])
+#define zRangeScaled          (option_usage_text.apz_str[105])
+#define zRangeUpto            (option_usage_text.apz_str[106])
+#define zResetNotConfig       (option_usage_text.apz_str[107])
+#define zReqFmt               (option_usage_text.apz_str[108])
+#define zReqOptFmt            (option_usage_text.apz_str[109])
+#define zReqThese             (option_usage_text.apz_str[110])
+#define zReq_NoShrtTtl        (option_usage_text.apz_str[111])
+#define zReq_ShrtTtl          (option_usage_text.apz_str[112])
+#define zSepChars             (option_usage_text.apz_str[113])
+#define zSetMemberSettings    (option_usage_text.apz_str[114])
+#define zShrtGnuOptFmt        (option_usage_text.apz_str[115])
+#define zSixSpaces            (option_usage_text.apz_str[116])
+#define zStdBoolArg           (option_usage_text.apz_str[117])
+#define zStdBreak             (option_usage_text.apz_str[118])
+#define zStdFileArg           (option_usage_text.apz_str[119])
+#define zStdKeyArg            (option_usage_text.apz_str[120])
+#define zStdKeyLArg           (option_usage_text.apz_str[121])
+#define zStdTimeArg           (option_usage_text.apz_str[122])
+#define zStdNestArg           (option_usage_text.apz_str[123])
+#define zStdNoArg             (option_usage_text.apz_str[124])
+#define zStdNumArg            (option_usage_text.apz_str[125])
+#define zStdOptArg            (option_usage_text.apz_str[126])
+#define zStdReqArg            (option_usage_text.apz_str[127])
+#define zStdStrArg            (option_usage_text.apz_str[128])
+#define zTabHyp               (option_usage_text.apz_str[129])
+#define zTabHypAnd            (option_usage_text.apz_str[130])
+#define zTabout               (option_usage_text.apz_str[131])
+#define zThreeSpaces          (option_usage_text.apz_str[132])
+#define zTooLarge             (option_usage_text.apz_str[133])
+#define zTwoSpaces            (option_usage_text.apz_str[134])
+#define zUpTo                 (option_usage_text.apz_str[135])
+#define zValidKeys            (option_usage_text.apz_str[136])
+#define zVendOptsAre          (option_usage_text.apz_str[137])
+#define zVendIntro            (option_usage_text.apz_str[138])
 
   /*
    *  First, set up the strings.  Some of these are writable.  These are all in
@@ -222,7 +223,7 @@ extern usage_text_t option_usage_text;
   static char    eng_zGnuTimeArg[] = "=Tim";
   static char    eng_zGnuNumArg[] = "=num";
   static char    eng_zGnuStrArg[] = "=str";
-static char const usage_txt[4631] =
+static char const usage_txt[4660] =
 /*     0 */ "malloc of %d bytes failed\n\0"
 /*    27 */ "AutoOpts function called without option descriptor\n\0"
 /*    79 */ "\tThis exceeds the compiled library version:  \0"
@@ -292,93 +293,94 @@ static char const usage_txt[4631] =
 /*  2052 */ "%s: unknown vendor extension option -- %s\n\0"
 /*  2095 */ "  or an integer from %d through %d\n\0"
 /*  2131 */ "AutoOpts ERROR:  invalid option descriptor for %s\n\0"
-/*  2182 */ "  or an integer mask with any of the lower %d bits set\n\0"
-/*  2238 */ "\t\t\t\t- is a set membership option\n\0"
-/*  2272 */ "%s: option `%s' requires an argument\n\0"
-/*  2310 */ "Equivalenced option '%s' was equivalenced to both\n"
+/*  2182 */ "%s: invalid option name: %s\n\0"
+/*  2211 */ "  or an integer mask with any of the lower %d bits set\n\0"
+/*  2267 */ "\t\t\t\t- is a set membership option\n\0"
+/*  2301 */ "%s: option `%s' requires an argument\n\0"
+/*  2339 */ "Equivalenced option '%s' was equivalenced to both\n"
             "\t'%s' and '%s'\0"
-/*  2375 */ "\t\t\t\t- must appear between %d and %d times\n\0"
-/*  2418 */ "ERROR:  The %s option is required\n\0"
-/*  2453 */ "%s: option `%s' cannot have an argument\n\0"
-/*  2494 */ "%s: Command line arguments not allowed\n\0"
-/*  2534 */ "error %d (%s) creating %s\n\0"
-/*  2561 */ "Options are specified by single or double hyphens and their name.\n\0"
-/*  2628 */ "%s error:  `%s' does not match any %s keywords\n\0"
-/*  2676 */ "\t\t\t\t- may appear multiple times\n\0"
-/*  2709 */ "\t\t\t\t- may not be preset\n\0"
-/*  2734 */ "The 'reset-option' option requires an argument\n\0"
-/*  2782 */ "   Arg Option-Name    Description\n\0"
-/*  2817 */ "  Flg Arg Option-Name    Description\n\0"
-/*  2855 */ "error %d (%s) stat-ing %s\n\0"
-/*  2882 */ "%s(optionRestore): error: no saved option state\n\0"
-/*  2931 */ "none\0"
-/*  2936 */ "'%s' not defined\n\0"
-/*  2954 */ "'%s' is not a command line option\n\0"
-/*  2989 */ "ERROR:  The %s option must appear %d times\n\0"
-/*  3033 */ "error:  cannot load options from non-regular file %s\n\0"
-/*  3087 */ "%s error:  `%s' is not a recognizable number\n\0"
-/*  3133 */ "%s error:  `%s' is not a recognizable date/time\n\0"
-/*  3182 */ "%s error:  `%s' is not a recognizable time duration\n\0"
-/*  3235 */ " %3s %s\0"
-/*  3243 */ "The '-#<number>' option may omit the hash char\n\0"
-/*  3291 */ "one %s%s option allowed\n\0"
-/*  3316 */ "All arguments are named options.\n\0"
-/*  3350 */ "Write failure to output file\0"
-/*  3379 */ " - reading file %s\0"
-/*  3398 */ "\n"
+/*  2404 */ "\t\t\t\t- must appear between %d and %d times\n\0"
+/*  2447 */ "ERROR:  The %s option is required\n\0"
+/*  2482 */ "%s: option `%s' cannot have an argument\n\0"
+/*  2523 */ "%s: Command line arguments not allowed\n\0"
+/*  2563 */ "error %d (%s) creating %s\n\0"
+/*  2590 */ "Options are specified by single or double hyphens and their name.\n\0"
+/*  2657 */ "%s error:  `%s' does not match any %s keywords\n\0"
+/*  2705 */ "\t\t\t\t- may appear multiple times\n\0"
+/*  2738 */ "\t\t\t\t- may not be preset\n\0"
+/*  2763 */ "The 'reset-option' option requires an argument\n\0"
+/*  2811 */ "   Arg Option-Name    Description\n\0"
+/*  2846 */ "  Flg Arg Option-Name    Description\n\0"
+/*  2884 */ "error %d (%s) stat-ing %s\n\0"
+/*  2911 */ "%s(optionRestore): error: no saved option state\n\0"
+/*  2960 */ "none\0"
+/*  2965 */ "'%s' not defined\n\0"
+/*  2983 */ "'%s' is not a command line option\n\0"
+/*  3018 */ "ERROR:  The %s option must appear %d times\n\0"
+/*  3062 */ "error:  cannot load options from non-regular file %s\n\0"
+/*  3116 */ "%s error:  `%s' is not a recognizable number\n\0"
+/*  3162 */ "%s error:  `%s' is not a recognizable date/time\n\0"
+/*  3211 */ "%s error:  `%s' is not a recognizable time duration\n\0"
+/*  3264 */ " %3s %s\0"
+/*  3272 */ "The '-#<number>' option may omit the hash char\n\0"
+/*  3320 */ "one %s%s option allowed\n\0"
+/*  3345 */ "All arguments are named options.\n\0"
+/*  3379 */ "Write failure to output file\0"
+/*  3408 */ " - reading file %s\0"
+/*  3427 */ "\n"
             "please send bug reports to:  %s\n\0"
-/*  3432 */ "\t\t\t\t- may NOT appear - preset only\n\0"
-/*  3468 */ "#  preset/initialization file\n"
+/*  3461 */ "\t\t\t\t- may NOT appear - preset only\n\0"
+/*  3497 */ "#  preset/initialization file\n"
             "#  %s#\n\0"
-/*  3506 */ "\n"
+/*  3535 */ "\n"
             "The following option preset mechanisms are supported:\n\0"
-/*  3562 */ "prohibits these options:\n\0"
-/*  3588 */ "Operands and options may be intermixed.  They will be reordered.\n\0"
-/*  3654 */ "%s%ld to %ld\0"
-/*  3667 */ "%sgreater than or equal to %ld\0"
-/*  3698 */ "%sIt must lie in one of the ranges:\n\0"
-/*  3735 */ "%sIt must be in the range:\n\0"
-/*  3763 */ ", or\n\0"
-/*  3769 */ "%s error:  %s option value %ld is out of range.\n\0"
-/*  3818 */ "%s%ld exactly\0"
-/*  3832 */ "%sis scalable with a suffix: k/K/m/M/g/G/t/T\n\0"
-/*  3878 */ "%sless than or equal to %ld\0"
-/*  3906 */ "The --reset-option has not been configured.\n\0"
-/*  3951 */ "ERROR:  %s option requires the %s option\n\0"
-/*  3993 */ " %3s %-14s %s\0"
-/*  4007 */ "requires these options:\n\0"
-/*  4032 */ "   Arg Option-Name   Req?  Description\n\0"
-/*  4072 */ "  Flg Arg Option-Name   Req?  Description\n\0"
-/*  4115 */ "-_^\0"
-/*  4119 */ "or you may use a numeric representation.  Preceding these with a '!' will\n"
+/*  3591 */ "prohibits these options:\n\0"
+/*  3617 */ "Operands and options may be intermixed.  They will be reordered.\n\0"
+/*  3683 */ "%s%ld to %ld\0"
+/*  3696 */ "%sgreater than or equal to %ld\0"
+/*  3727 */ "%sIt must lie in one of the ranges:\n\0"
+/*  3764 */ "%sIt must be in the range:\n\0"
+/*  3792 */ ", or\n\0"
+/*  3798 */ "%s error:  %s option value %ld is out of range.\n\0"
+/*  3847 */ "%s%ld exactly\0"
+/*  3861 */ "%sis scalable with a suffix: k/K/m/M/g/G/t/T\n\0"
+/*  3907 */ "%sless than or equal to %ld\0"
+/*  3935 */ "The --reset-option has not been configured.\n\0"
+/*  3980 */ "ERROR:  %s option requires the %s option\n\0"
+/*  4022 */ " %3s %-14s %s\0"
+/*  4036 */ "requires these options:\n\0"
+/*  4061 */ "   Arg Option-Name   Req?  Description\n\0"
+/*  4101 */ "  Flg Arg Option-Name   Req?  Description\n\0"
+/*  4144 */ "-_^\0"
+/*  4148 */ "or you may use a numeric representation.  Preceding these with a '!' will\n"
             "clear the bits, specifying 'none' will clear all bits, and 'all' will set them\n"
             "all.  Multiple entries may be passed as an option argument list.\n\0"
-/*  4338 */ "%s\0"
-/*  4341 */ "      \0"
-/*  4348 */ "T/F\0"
-/*  4352 */ "\n"
+/*  4367 */ "%s\0"
+/*  4370 */ "      \0"
+/*  4377 */ "T/F\0"
+/*  4381 */ "\n"
             "%s\n\n"
             "%s\0"
-/*  4360 */ "Fil\0"
-/*  4364 */ "KWd\0"
-/*  4368 */ "Mbr\0"
-/*  4372 */ "Tim\0"
-/*  4376 */ "Cpx\0"
-/*  4380 */ "no \0"
-/*  4384 */ "Num\0"
-/*  4388 */ "opt\0"
-/*  4392 */ "YES\0"
-/*  4396 */ "Str\0"
-/*  4400 */ "\t\t\t\t- \0"
-/*  4407 */ "\t\t\t\t-- and \0"
-/*  4419 */ "\t\t\t\t%s\n\0"
-/*  4427 */ "   \0"
-/*  4431 */ "%s error:  %s exceeds %s keyword count\n\0"
-/*  4471 */ "  \0"
-/*  4474 */ "\t\t\t\t- may appear up to %d times\n\0"
-/*  4507 */ "The valid \"%s\" option keywords are:\n\0"
-/*  4544 */ "These additional options are:\0"
-/*  4574 */ "The next option supports vendor supported extra options:";
+/*  4389 */ "Fil\0"
+/*  4393 */ "KWd\0"
+/*  4397 */ "Mbr\0"
+/*  4401 */ "Tim\0"
+/*  4405 */ "Cpx\0"
+/*  4409 */ "no \0"
+/*  4413 */ "Num\0"
+/*  4417 */ "opt\0"
+/*  4421 */ "YES\0"
+/*  4425 */ "Str\0"
+/*  4429 */ "\t\t\t\t- \0"
+/*  4436 */ "\t\t\t\t-- and \0"
+/*  4448 */ "\t\t\t\t%s\n\0"
+/*  4456 */ "   \0"
+/*  4460 */ "%s error:  %s exceeds %s keyword count\n\0"
+/*  4500 */ "  \0"
+/*  4503 */ "\t\t\t\t- may appear up to %d times\n\0"
+/*  4536 */ "The valid \"%s\" option keywords are:\n\0"
+/*  4573 */ "These additional options are:\0"
+/*  4603 */ "The next option supports vendor supported extra options:";
 
 
   /*
@@ -387,7 +389,7 @@ static char const usage_txt[4631] =
    *  Aren't you glad you don't maintain this by hand?
    */
   usage_text_t option_usage_text = {
-    145,
+    146,
     eng_zGnuBoolArg, eng_zGnuKeyArg,  eng_zGnuFileArg, eng_zGnuKeyLArg,
     eng_zGnuTimeArg, eng_zGnuNumArg,  eng_zGnuStrArg,
     {
@@ -406,26 +408,26 @@ static char const usage_txt[4631] =
       usage_txt +1837, usage_txt +1864, usage_txt +1970, usage_txt +1976,
       usage_txt +1982, usage_txt +1989, usage_txt +2000, usage_txt +2026,
       usage_txt +2052, usage_txt +2095, usage_txt +2131, usage_txt +2182,
-      usage_txt +2238, usage_txt +2272, usage_txt +2310, usage_txt +2375,
-      usage_txt +2418, usage_txt +2453, usage_txt +2494, usage_txt +2534,
-      usage_txt +2561, usage_txt +2628, usage_txt +2676, usage_txt +2709,
-      usage_txt +2734, usage_txt +2782, usage_txt +2817, usage_txt +2855,
-      usage_txt +2882, usage_txt +2931, usage_txt +2936, usage_txt +2954,
-      usage_txt +2989, usage_txt +3033, usage_txt +3087, usage_txt +3133,
-      usage_txt +3182, usage_txt +3235, usage_txt +3243, usage_txt +3291,
-      usage_txt +3316, usage_txt +3350, usage_txt +3379, usage_txt +3398,
-      usage_txt +3432, usage_txt +3468, usage_txt +3506, usage_txt +3562,
-      usage_txt +3588, usage_txt +3654, usage_txt +3667, usage_txt +3698,
-      usage_txt +3735, usage_txt +3763, usage_txt +3769, usage_txt +3818,
-      usage_txt +3832, usage_txt +3878, usage_txt +3906, usage_txt +3951,
-      usage_txt +3993, usage_txt +4007, usage_txt +4032, usage_txt +4072,
-      usage_txt +4115, usage_txt +4119, usage_txt +4338, usage_txt +4341,
-      usage_txt +4348, usage_txt +4352, usage_txt +4360, usage_txt +4364,
-      usage_txt +4368, usage_txt +4372, usage_txt +4376, usage_txt +4380,
-      usage_txt +4384, usage_txt +4388, usage_txt +4392, usage_txt +4396,
-      usage_txt +4400, usage_txt +4407, usage_txt +4419, usage_txt +4427,
-      usage_txt +4431, usage_txt +4471, usage_txt +4474, usage_txt +4507,
-      usage_txt +4544, usage_txt +4574
+      usage_txt +2211, usage_txt +2267, usage_txt +2301, usage_txt +2339,
+      usage_txt +2404, usage_txt +2447, usage_txt +2482, usage_txt +2523,
+      usage_txt +2563, usage_txt +2590, usage_txt +2657, usage_txt +2705,
+      usage_txt +2738, usage_txt +2763, usage_txt +2811, usage_txt +2846,
+      usage_txt +2884, usage_txt +2911, usage_txt +2960, usage_txt +2965,
+      usage_txt +2983, usage_txt +3018, usage_txt +3062, usage_txt +3116,
+      usage_txt +3162, usage_txt +3211, usage_txt +3264, usage_txt +3272,
+      usage_txt +3320, usage_txt +3345, usage_txt +3379, usage_txt +3408,
+      usage_txt +3427, usage_txt +3461, usage_txt +3497, usage_txt +3535,
+      usage_txt +3591, usage_txt +3617, usage_txt +3683, usage_txt +3696,
+      usage_txt +3727, usage_txt +3764, usage_txt +3792, usage_txt +3798,
+      usage_txt +3847, usage_txt +3861, usage_txt +3907, usage_txt +3935,
+      usage_txt +3980, usage_txt +4022, usage_txt +4036, usage_txt +4061,
+      usage_txt +4101, usage_txt +4144, usage_txt +4148, usage_txt +4367,
+      usage_txt +4370, usage_txt +4377, usage_txt +4381, usage_txt +4389,
+      usage_txt +4393, usage_txt +4397, usage_txt +4401, usage_txt +4405,
+      usage_txt +4409, usage_txt +4413, usage_txt +4417, usage_txt +4421,
+      usage_txt +4425, usage_txt +4429, usage_txt +4436, usage_txt +4448,
+      usage_txt +4456, usage_txt +4460, usage_txt +4500, usage_txt +4503,
+      usage_txt +4536, usage_txt +4573, usage_txt +4603
     }
   };
 

==== sntp/libopts/boolean.c ====
2012-08-12 04:32:20+00:00, stenn at psp-fb1.ntp.org +4 -1
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.9/sntp/libopts/boolean.c	2012-04-14 02:57:19 -04:00
+++ 1.10/sntp/libopts/boolean.c	2012-08-12 00:32:20 -04:00
@@ -2,7 +2,7 @@
 /**
  * \file boolean.c
  *
- * Time-stamp:      "2012-03-31 13:46:19 bkorb"
+ * Time-stamp:      "2012-08-11 08:34:39 bkorb"
  *
  *   Automated Options Paged Usage module.
  *
@@ -49,6 +49,9 @@ optionBooleanVal(tOptions * pOpts, tOptD
     bool  res = true;
 
     (void)pOpts;
+
+    if (pOpts <= OPTPROC_EMIT_LIMIT)
+        return;
 
     if ((pOD->fOptState & OPTST_RESET) != 0)
         return;

==== sntp/libopts/compat/compat.h ====
2012-08-12 04:32:21+00:00, stenn at psp-fb1.ntp.org +4 -2
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.9/sntp/libopts/compat/compat.h	2012-04-14 03:00:36 -04:00
+++ 1.10/sntp/libopts/compat/compat.h	2012-08-12 00:32:21 -04:00
@@ -3,7 +3,7 @@
 /**
  * \file compat.h --- fake the preprocessor into handlng portability
  *
- *  Time-stamp:      "2012-02-28 19:40:44 bkorb"
+ *  Time-stamp:      "2012-08-11 08:17:36 bkorb"
  *
  *  compat.h is free software.
  *  This file is part of AutoGen.
@@ -62,7 +62,9 @@
 
 
 #ifndef HAVE_STRSIGNAL
-   char * strsignal( int signo );
+# ifndef HAVE_RAW_DECL_STRSIGNAL
+   char * strsignal(int signo);
+# endif
 #endif
 
 #define  _GNU_SOURCE    1 /* for strsignal in GNU's libc */

==== sntp/libopts/compat/pathfind.c ====
2012-08-12 04:32:21+00:00, stenn at psp-fb1.ntp.org +2 -1
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.7/sntp/libopts/compat/pathfind.c	2012-04-14 03:00:36 -04:00
+++ 1.8/sntp/libopts/compat/pathfind.c	2012-08-12 00:32:21 -04:00
@@ -4,7 +4,7 @@
 
 /*
  * Author:           Gary V Vaughan <gvaughan at oranda.demon.co.uk>
- * Time-stamp:       "2012-03-31 13:44:42 bkorb"
+ * Time-stamp:       "2012-08-11 08:19:39 bkorb"
  */
 
 /* Code: */
@@ -305,6 +305,7 @@ extract_colon_unit( char* pzDir, char co
             switch (ch) {
             case ':':
                 pzDest[-1] = NUL;
+                /* FALLTHROUGH */
             case NUL:
                 goto copy_done;
             }

==== sntp/libopts/configfile.c ====
2012-08-12 04:32:20+00:00, stenn at psp-fb1.ntp.org +7 -3
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.14/sntp/libopts/configfile.c	2012-04-14 02:57:19 -04:00
+++ 1.15/sntp/libopts/configfile.c	2012-08-12 00:32:20 -04:00
@@ -1,7 +1,7 @@
 /**
  * \file configfile.c
  *
- *  Time-stamp:      "2012-03-31 13:56:11 bkorb"
+ *  Time-stamp:      "2012-08-11 08:34:55 bkorb"
  *
  *  configuration/rc/ini file handling.
  *
@@ -542,6 +542,7 @@ handle_cfg(tOptions * pOpts, tOptState *
             switch (ch) {
             case NUL:
                 pcS = NULL;
+                /* FALLTHROUGH */
 
             case NL:
                 *pcD = NUL;
@@ -549,9 +550,8 @@ handle_cfg(tOptions * pOpts, tOptState *
                 goto copy_done;
 
             case '\\':
-                if (*pcS == NL) {
+                if (*pcS == NL)
                     ch = *(pcS++);
-                }
                 /* FALLTHROUGH */
             default:
                 *(pcD++) = ch;
@@ -1129,6 +1129,9 @@ optionLoadOpt(tOptions * pOpts, tOptDesc
 {
     struct stat sb;
 
+    if (pOpts <= OPTPROC_EMIT_LIMIT)
+        return;
+
     /*
      *  IF the option is not being disabled, THEN load the file.  There must
      *  be a file.  (If it is being disabled, then the disablement processing
@@ -1175,6 +1178,7 @@ parse_attrs(tOptions * pOpts, char * pzT
         if (! IS_WHITESPACE_CHAR(*pzText))
             switch (*pzText) {
             case '/': pType->valType = OPARG_TYPE_NONE;
+                      /* FALLTHROUGH */
             case '>': return pzText;
 
             default:

==== sntp/libopts/enum.c ====
2012-08-12 04:32:20+00:00, stenn at psp-fb1.ntp.org +4 -1
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.3/sntp/libopts/enum.c	2012-04-14 02:57:19 -04:00
+++ 1.4/sntp/libopts/enum.c	2012-08-12 00:32:20 -04:00
@@ -2,7 +2,7 @@
 /**
  * \file enumeration.c
  *
- * Time-stamp:      "2012-03-31 13:22:33 bkorb"
+ * Time-stamp:      "2012-08-11 08:12:58 bkorb"
  *
  *   Automated Options Paged Usage module.
  *
@@ -321,6 +321,9 @@ optionEnumerationVal(tOptions * pOpts, t
     }
 
     default:
+        if ((pOD->fOptState & OPTST_RESET) != 0)
+            break;
+
         res = find_name(pOD->optArg.argString, pOpts, pOD, paz_names, name_ct);
 
         if (pOD->fOptState & OPTST_ALLOC_ARG) {

==== sntp/libopts/env.c ====
2012-08-12 04:32:20+00:00, stenn at psp-fb1.ntp.org +3 -1
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.3/sntp/libopts/env.c	2012-04-14 02:57:19 -04:00
+++ 1.4/sntp/libopts/env.c	2012-08-12 00:32:20 -04:00
@@ -2,7 +2,7 @@
 /**
  * \file environment.c
  *
- * Time-stamp:      "2012-04-01 05:59:15 bkorb"
+ * Time-stamp:      "2012-08-11 08:18:25 bkorb"
  *
  *  This file contains all of the routines that must be linked into
  *  an executable to use the generated option processing.  The optional
@@ -127,6 +127,8 @@ do_env_opt(tOptState * os, char * env_na
        && (streqvcmp(os->pzOptArg, os->pOD->pz_DisablePfx) == 0)) {
         os->flags |= OPTST_DISABLED;
         os->pzOptArg = NULL;
+        handle_opt(pOpts, os);
+        return;
     }
 
     switch (type) {

==== sntp/libopts/find.c ====
2012-08-12 04:32:20+00:00, stenn at psp-fb1.ntp.org +31 -18
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.3/sntp/libopts/find.c	2012-04-14 02:57:19 -04:00
+++ 1.4/sntp/libopts/find.c	2012-08-12 00:32:20 -04:00
@@ -3,7 +3,7 @@
  *
  * @brief Hunt for options in the option descriptor list
  *
- *  Time-stamp:      "2012-01-29 19:07:30 bkorb"
+ *  Time-stamp:      "2012-08-11 08:36:11 bkorb"
  *
  *  This file contains the routines that deal with processing quoted strings
  *  into an internal format.
@@ -44,9 +44,6 @@ parse_opt(char const ** nm_pp, char ** a
         case NUL: return res;
 
         case '=':
-            if (res >= (int)bufsz)
-                return -1;
-
             memcpy(buf, *nm_pp, res);
 
             buf[res] = NUL;
@@ -55,7 +52,8 @@ parse_opt(char const ** nm_pp, char ** a
             return res;
 
         default:
-            res++;
+            if (++res >= (int)bufsz)
+                return -1;
         }
     }
 }
@@ -286,6 +284,12 @@ optionVendorOption(tOptions * pOpts, tOp
     tOptState     opt_st   = OPTSTATE_INITIALIZER(PRESET);
     char const *  vopt_str = pOD->optArg.argString;
 
+    if (pOpts <= OPTPROC_EMIT_LIMIT)
+        return;
+
+    if ((pOD->fOptState & OPTST_RESET) != 0)
+        return;
+
     if ((pOD->fOptState & OPTPROC_IMMEDIATE) == 0)
         opt_st.flags = OPTST_DEFINED;
 
@@ -293,9 +297,10 @@ optionVendorOption(tOptions * pOpts, tOp
        || ! SUCCESSFUL(opt_find_long(pOpts, vopt_str, &opt_st))
        || ! SUCCESSFUL(get_opt_arg(pOpts, &opt_st)) )
     {
-        fprintf(stderr, zIllVendOptStr, vopt_str);
+        fprintf(stderr, zIllVendOptStr, pOpts->pzProgName, vopt_str);
         (*pOpts->pUsageProc)(pOpts, EXIT_FAILURE);
         /* NOTREACHED */
+        _exit(EXIT_FAILURE); /* to be certain */
     }
 
     /*
@@ -321,31 +326,39 @@ optionVendorOption(tOptions * pOpts, tOp
 /**
  *  Find the option descriptor by full name.
  *
- * @param pOpts      option data
- * @param opt_name   name of option to look for
- * @param pOptState  state about current option
+ * @param opts      option data
+ * @param opt_name  name of option to look for
+ * @param state     state about current option
  *
  * @return success status
  */
 LOCAL tSuccess
-opt_find_long(tOptions * pOpts, char const * opt_name, tOptState * pOptState)
+opt_find_long(tOptions * opts, char const * opt_name, tOptState * state)
 {
     char    name_buf[128];
     char *  opt_arg;
     int     nm_len = parse_opt(&opt_name, &opt_arg, name_buf, sizeof(name_buf));
 
-    int     matchIdx = 0;
-    bool disable  = false;
-    int     match_ct =
-        opt_match_ct(pOpts, opt_name, nm_len, &matchIdx, &disable);
+    int     idx = 0;
+    bool    disable  = false;
+    int     ct;
+
+    if (nm_len <= 0) {
+        fprintf(stderr, zInvalOptName, opts->pzProgName, opt_name);
+        (*opts->pUsageProc)(opts, EXIT_FAILURE);
+        /* NOTREACHED */
+        _exit(EXIT_FAILURE); /* to be certain */
+    }
+
+    ct = opt_match_ct(opts, opt_name, nm_len, &idx, &disable);
 
     /*
      *  See if we found one match, no matches or multiple matches.
      */
-    switch (match_ct) {
-    case 1:  return opt_set(pOpts, opt_arg, matchIdx, disable, pOptState);
-    case 0:  return opt_unknown(pOpts, opt_name, opt_arg, pOptState);
-    default: return opt_ambiguous(pOpts, opt_name, match_ct);
+    switch (ct) {
+    case 1:  return opt_set(opts, opt_arg, idx, disable, state);
+    case 0:  return opt_unknown(opts, opt_name, opt_arg, state);
+    default: return opt_ambiguous(opts, opt_name, ct);
     }
 }
 

==== sntp/libopts/genshell.c ====
2012-08-12 04:32:20+00:00, stenn at psp-fb1.ntp.org +3 -3
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.17/sntp/libopts/genshell.c	2012-06-18 03:03:09 -04:00
+++ 1.18/sntp/libopts/genshell.c	2012-08-12 00:32:20 -04:00
@@ -2,11 +2,11 @@
  *  
  *  DO NOT EDIT THIS FILE   (genshell.c)
  *  
- *  It has been AutoGen-ed  June 17, 2012 at 03:47:35 PM by AutoGen 5.16.1pre8
+ *  It has been AutoGen-ed  August 11, 2012 at 09:41:14 AM by AutoGen 5.16.2pre7
  *  From the definitions    genshell.def
  *  and the template file   options
  *
- * Generated from AutoOpts 36:4:11 templates.
+ * Generated from AutoOpts 36:5:11 templates.
  *
  *  AutoOpts is a copyrighted work.  This source file is not encumbered
  *  by AutoOpts licensing, but is provided under the licensing terms chosen
@@ -283,7 +283,7 @@ doUsageOpt(tOptions * pOptions, tOptDesc
     (void)pOptDesc;
     (void)pOptions;
 }
-/* extracted from optmain.tlib near line 1114 */
+/* extracted from optmain.tlib near line 1146 */
 
 /**
  * The directory containing the data associated with genshellopt.

==== sntp/libopts/genshell.h ====
2012-08-12 04:32:20+00:00, stenn at psp-fb1.ntp.org +9 -3
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.17/sntp/libopts/genshell.h	2012-06-18 03:03:09 -04:00
+++ 1.18/sntp/libopts/genshell.h	2012-08-12 00:32:20 -04:00
@@ -2,11 +2,11 @@
  *  
  *  DO NOT EDIT THIS FILE   (genshell.h)
  *  
- *  It has been AutoGen-ed  June 17, 2012 at 03:47:35 PM by AutoGen 5.16.1pre8
+ *  It has been AutoGen-ed  August 11, 2012 at 09:41:14 AM by AutoGen 5.16.2pre7
  *  From the definitions    genshell.def
  *  and the template file   options
  *
- * Generated from AutoOpts 36:4:11 templates.
+ * Generated from AutoOpts 36:5:11 templates.
  *
  *  AutoOpts is a copyrighted work.  This header file is not encumbered
  *  by AutoOpts licensing, but is provided under the licensing terms chosen
@@ -55,7 +55,7 @@
  *  tolerable version is at least as old as what was current when the header
  *  template was released.
  */
-#define AO_TEMPLATE_VERSION 147460
+#define AO_TEMPLATE_VERSION 147461
 #if (AO_TEMPLATE_VERSION < OPTIONS_MINIMUM_VERSION) \
  || (AO_TEMPLATE_VERSION > OPTIONS_STRUCT_VERSION)
 # error option template version mismatches autoopts/options.h header
@@ -142,6 +142,12 @@ extern tOptions genshelloptOptions;
 #if defined(ENABLE_NLS)
 # ifndef _
 #   include <stdio.h>
+#   ifndef HAVE_GETTEXT
+      extern char * gettext(char const *);
+#   else
+#     include <libintl.h>
+#   endif
+
 static inline char* aoGetsText(char const* pz) {
     if (pz == NULL) return NULL;
     return (char*)gettext(pz);

==== sntp/libopts/load.c ====
2012-08-12 04:32:20+00:00, stenn at psp-fb1.ntp.org +67 -63
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.12/sntp/libopts/load.c	2012-04-14 02:57:19 -04:00
+++ 1.13/sntp/libopts/load.c	2012-08-12 00:32:20 -04:00
@@ -1,7 +1,7 @@
 
 /**
  *  \file load.c
- *  Time-stamp:      "2012-03-31 13:13:34 bkorb"
+ *  Time-stamp:      "2012-08-11 08:20:09 bkorb"
  *
  *  This file contains the routines that deal with processing text strings
  *  for options, either from a NUL-terminated string passed in or from an
@@ -34,10 +34,10 @@ add_prog_path(char * pzBuf, int bufSize,
               char const * pzProgPath);
 
 static bool
-add_env_val(char * pzBuf, int bufSize, char const * pzName);
+add_env_val(char * buf, int buf_sz, char const * name);
 
 static char *
-assemble_arg_val(char * pzTxt, tOptionLoadMode mode);
+assemble_arg_val(char * txt, tOptionLoadMode mode);
 /* = = = END-STATIC-FORWARD = = = */
 
 /*=export_func  optionMakePath
@@ -239,64 +239,62 @@ add_prog_path(char * pzBuf, int bufSize,
     return true;
 }
 
-
 static bool
-add_env_val(char * pzBuf, int bufSize, char const * pzName)
+add_env_val(char * buf, int buf_sz, char const * name)
 {
-    char * pzDir = pzBuf;
+    char * dir_part = buf;
 
     for (;;) {
-        int ch = (int)*++pzName;
+        int ch = (int)*++name;
         if (! IS_VALUE_NAME_CHAR(ch))
             break;
-        *(pzDir++) = (char)ch;
+        *(dir_part++) = (char)ch;
     }
 
-    if (pzDir == pzBuf)
+    if (dir_part == buf)
         return false;
 
-    *pzDir = NUL;
+    *dir_part = NUL;
 
-    pzDir = getenv(pzBuf);
+    dir_part = getenv(buf);
 
     /*
      *  Environment value not found -- skip the home list entry
      */
-    if (pzDir == NULL)
+    if (dir_part == NULL)
         return false;
 
-    if (strlen(pzDir) + 1 + strlen(pzName) >= (unsigned)bufSize)
+    if (strlen(dir_part) + 1 + strlen(name) >= (unsigned)buf_sz)
         return false;
 
-    sprintf(pzBuf, "%s%s", pzDir, pzName);
+    sprintf(buf, "%s%s", dir_part, name);
     return true;
 }
 
-
 LOCAL void
-mungeString(char* pzTxt, tOptionLoadMode mode)
+mungeString(char * txt, tOptionLoadMode mode)
 {
     char * pzE;
 
     if (mode == OPTION_LOAD_KEEP)
         return;
 
-    if (IS_WHITESPACE_CHAR(*pzTxt)) {
-        char * pzS = SPN_WHITESPACE_CHARS(pzTxt+1);
+    if (IS_WHITESPACE_CHAR(*txt)) {
+        char * pzS = SPN_WHITESPACE_CHARS(txt+1);
         size_t l   = strlen(pzS) + 1;
-        memmove(pzTxt, pzS, l);
-        pzE = pzTxt + l - 1;
+        memmove(txt, pzS, l);
+        pzE = txt + l - 1;
 
     } else
-        pzE = pzTxt + strlen(pzTxt);
+        pzE = txt + strlen(txt);
 
-    pzE  = SPN_WHITESPACE_BACK(pzTxt, pzE);
+    pzE  = SPN_WHITESPACE_BACK(txt, pzE);
     *pzE = NUL;
 
     if (mode == OPTION_LOAD_UNCOOKED)
         return;
 
-    switch (*pzTxt) {
+    switch (*txt) {
     default: return;
     case '"':
     case '\'': break;
@@ -308,21 +306,20 @@ mungeString(char* pzTxt, tOptionLoadMode
     case '\'': break;
     }
 
-    (void)ao_string_cook(pzTxt, NULL);
+    (void)ao_string_cook(txt, NULL);
 }
 
-
 static char *
-assemble_arg_val(char * pzTxt, tOptionLoadMode mode)
+assemble_arg_val(char * txt, tOptionLoadMode mode)
 {
-    char* pzEnd = strpbrk(pzTxt, ARG_BREAK_STR);
+    char* pzEnd = strpbrk(txt, ARG_BREAK_STR);
     int   space_break;
 
     /*
      *  Not having an argument to a configurable name is okay.
      */
     if (pzEnd == NULL)
-        return pzTxt + strlen(pzTxt);
+        return txt + strlen(txt);
 
     /*
      *  If we are keeping all whitespace, then the  modevalue starts with the
@@ -349,34 +346,41 @@ assemble_arg_val(char * pzTxt, tOptionLo
     return pzEnd;
 }
 
-
-/*
+/**
  *  Load an option from a block of text.  The text must start with the
  *  configurable/option name and be followed by its associated value.
  *  That value may be processed in any of several ways.  See "tOptionLoadMode"
  *  in autoopts.h.
+ *
+ * @param[in,out] opts       program options descriptor
+ * @param[in,out] opt_state  option processing state
+ * @param[in,out] line       source line with long option name in it
+ * @param[in]     direction  current processing direction (preset or not)
+ * @param[in]     load_mode  option loading mode (OPTION_LOAD_*)
  */
 LOCAL void
 loadOptionLine(
-    tOptions*   pOpts,
-    tOptState*  pOS,
-    char*       pzLine,
+    tOptions *  opts,
+    tOptState * opt_state,
+    char *      line,
     tDirection  direction,
     tOptionLoadMode   load_mode )
 {
-    pzLine = SPN_WHITESPACE_CHARS(pzLine);
+    line = SPN_LOAD_LINE_SKIP_CHARS(line);
 
     {
-        char* pzArg = assemble_arg_val(pzLine, load_mode);
+        char * arg = assemble_arg_val(line, load_mode);
 
-        if (! SUCCESSFUL(opt_find_long(pOpts, pzLine, pOS)))
+        if (! SUCCESSFUL(opt_find_long(opts, line, opt_state)))
             return;
-        if (pOS->flags & OPTST_NO_INIT)
+
+        if (opt_state->flags & OPTST_NO_INIT)
             return;
-        pOS->pzOptArg = pzArg;
+
+        opt_state->pzOptArg = arg;
     }
 
-    switch (pOS->flags & (OPTST_IMM|OPTST_DISABLE_IMM)) {
+    switch (opt_state->flags & (OPTST_IMM|OPTST_DISABLE_IMM)) {
     case 0:
         /*
          *  The selected option has no immediate action.
@@ -394,7 +398,7 @@ loadOptionLine(
              *  immediately for enablement, but normally for disablement.
              *  Therefore, skip if disabled.
              */
-            if ((pOS->flags & OPTST_DISABLED) == 0)
+            if ((opt_state->flags & OPTST_DISABLED) == 0)
                 return;
         } else {
             /*
@@ -402,7 +406,7 @@ loadOptionLine(
              *  immediately for enablement, but normally for disablement.
              *  Therefore, skip if NOT disabled.
              */
-            if ((pOS->flags & OPTST_DISABLED) != 0)
+            if ((opt_state->flags & OPTST_DISABLED) != 0)
                 return;
         }
         break;
@@ -414,7 +418,7 @@ loadOptionLine(
              *  immediately for disablement, but normally for disablement.
              *  Therefore, skip if NOT disabled.
              */
-            if ((pOS->flags & OPTST_DISABLED) != 0)
+            if ((opt_state->flags & OPTST_DISABLED) != 0)
                 return;
         } else {
             /*
@@ -422,7 +426,7 @@ loadOptionLine(
              *  immediately for disablement, but normally for disablement.
              *  Therefore, skip if disabled.
              */
-            if ((pOS->flags & OPTST_DISABLED) == 0)
+            if ((opt_state->flags & OPTST_DISABLED) == 0)
                 return;
         }
         break;
@@ -441,43 +445,42 @@ loadOptionLine(
     /*
      *  Fix up the args.
      */
-    if (OPTST_GET_ARGTYPE(pOS->pOD->fOptState) == OPARG_TYPE_NONE) {
-        if (*pOS->pzOptArg != NUL)
+    if (OPTST_GET_ARGTYPE(opt_state->pOD->fOptState) == OPARG_TYPE_NONE) {
+        if (*opt_state->pzOptArg != NUL)
             return;
-        pOS->pzOptArg = NULL;
+        opt_state->pzOptArg = NULL;
 
-    } else if (pOS->pOD->fOptState & OPTST_ARG_OPTIONAL) {
-        if (*pOS->pzOptArg == NUL)
-             pOS->pzOptArg = NULL;
+    } else if (opt_state->pOD->fOptState & OPTST_ARG_OPTIONAL) {
+        if (*opt_state->pzOptArg == NUL)
+             opt_state->pzOptArg = NULL;
         else {
-            AGDUPSTR(pOS->pzOptArg, pOS->pzOptArg, "option argument");
-            pOS->flags |= OPTST_ALLOC_ARG;
+            AGDUPSTR(opt_state->pzOptArg, opt_state->pzOptArg, "opt arg");
+            opt_state->flags |= OPTST_ALLOC_ARG;
         }
 
     } else {
-        if (*pOS->pzOptArg == NUL)
-             pOS->pzOptArg = zNil;
+        if (*opt_state->pzOptArg == NUL)
+             opt_state->pzOptArg = zNil;
         else {
-            AGDUPSTR(pOS->pzOptArg, pOS->pzOptArg, "option argument");
-            pOS->flags |= OPTST_ALLOC_ARG;
+            AGDUPSTR(opt_state->pzOptArg, opt_state->pzOptArg, "opt arg");
+            opt_state->flags |= OPTST_ALLOC_ARG;
         }
     }
 
     {
         tOptionLoadMode sv = option_load_mode;
         option_load_mode = load_mode;
-        handle_opt(pOpts, pOS);
+        handle_opt(opts, opt_state);
         option_load_mode = sv;
     }
 }
 
-
 /*=export_func  optionLoadLine
  *
  * what:  process a string for an option name and value
  *
- * arg:   tOptions*,   pOpts,  program options descriptor
- * arg:   char const*, pzLine, NUL-terminated text
+ * arg:   tOptions*,   opts,  program options descriptor
+ * arg:   char const*, line,  NUL-terminated text
  *
  * doc:
  *
@@ -488,7 +491,8 @@ loadOptionLine(
  *  When passed a pointer to the option struct and a string, it will find
  *  the option named by the first token on the string and set the option
  *  argument to the remainder of the string.  The caller must NUL terminate
- *  the string.  Any embedded new lines will be included in the option
+ *  the string.  The caller need not skip over any introductory hyphens.
+ *  Any embedded new lines will be included in the option
  *  argument.  If the input looks like one or more quoted strings, then the
  *  input will be "cooked".  The "cooking" is identical to the string
  *  formation used in AutoGen definition files (@pxref{basic expression}),
@@ -498,12 +502,12 @@ loadOptionLine(
  *        will cause a warning to print, but the function should return.
 =*/
 void
-optionLoadLine(tOptions * pOpts, char const * pzLine)
+optionLoadLine(tOptions * opts, char const * line)
 {
     tOptState st = OPTSTATE_INITIALIZER(SET);
     char* pz;
-    AGDUPSTR(pz, pzLine, "user option line");
-    loadOptionLine(pOpts, &st, pz, DIRECTION_PROCESS, OPTION_LOAD_COOKED);
+    AGDUPSTR(pz, line, "user option line");
+    loadOptionLine(opts, &st, pz, DIRECTION_PROCESS, OPTION_LOAD_COOKED);
     AGFREE(pz);
 }
 /*

==== sntp/libopts/m4/libopts.m4 ====
2012-08-12 04:32:21+00:00, stenn at psp-fb1.ntp.org +19 -19
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.20/sntp/libopts/m4/libopts.m4	2012-06-18 03:03:25 -04:00
+++ 1.21/sntp/libopts/m4/libopts.m4	2012-08-12 00:32:21 -04:00
@@ -2,7 +2,7 @@ dnl  -*- buffer-read-only: t -*- vi: set
 dnl 
 dnl DO NOT EDIT THIS FILE   (libopts.m4)
 dnl 
-dnl It has been AutoGen-ed  June 17, 2012 at 03:47:31 PM by AutoGen 5.16.1pre8
+dnl It has been AutoGen-ed  August 11, 2012 at 09:41:10 AM by AutoGen 5.16.2pre7
 dnl From the definitions    libopts.def
 dnl and the template file   conftest.tpl
 dnl
@@ -57,22 +57,22 @@ AC_DEFUN([INVOKE_LIBOPTS_MACROS_FIRST],[
            string errno stdlib memory setjmp
   do eval as_ac_var=\${ac_cv_header_${f}_h+set}
      test "${as_ac_var}" = set || {
-       ]AC_MSG_ERROR([You must have ${f}.h on your system])[
+       ]AC_MSG_ERROR([you must have ${f}.h on your system])[
      }
   done
   
   ${lo_have_arg_hdr} || \
-    ]AC_MSG_ERROR([You must have stdarg.h or varargs.h on your system])[
+    ]AC_MSG_ERROR([you must have stdarg.h or varargs.h on your system])[
   
   ${lo_have_str_hdr} || \
-    ]AC_MSG_ERROR([You must have string.h or strings.h on your system])[
+    ]AC_MSG_ERROR([you must have string.h or strings.h on your system])[
   
   ${lo_have_lim_hdr} || \
     ]AC_MSG_ERROR(
-      [You must have one of limits.h, sys/limits.h or values.h])[
+      [you must have one of limits.h, sys/limits.h or values.h])[
   
   ${lo_have_typ_hdr} || \
-    ]AC_MSG_ERROR([You must have inttypes.h or stdint.h on your system])
+    ]AC_MSG_ERROR([you must have inttypes.h or stdint.h on your system])
   
   # ----------------------------------------------------------------------
   # Checks for typedefs
@@ -116,7 +116,7 @@ AC_DEFUN([INVOKE_LIBOPTS_MACROS_FIRST],[
           if ! true ; then exit 1 ; fi
           echo /bin/sh'`
       test -x "$POSIX_SHELL" && break
-      ]AC_ERROR([Cannot locate a working POSIX shell])[
+      ]AC_MSG_ERROR([cannot locate a working POSIX shell])[
   done]
   AC_DEFINE_UNQUOTED([POSIX_SHELL], ["${POSIX_SHELL}"],
            [define to a working POSIX compliant shell])
@@ -209,7 +209,7 @@ AC_DEFUN([LIBOPTS_WITHLIB_REGEX],[
   LIBREGEX_LIBS=""
   AC_MSG_CHECKING([whether libregex functions properly])
   AC_CACHE_VAL([libopts_cv_with_libregex],[
-  AC_TRY_RUN([@%:@include <stdio.h>
+  AC_RUN_IFELSE([@%:@include <stdio.h>
 @%:@include <stdlib.h>
 @%:@include <sys/types.h>
 @%:@include REGEX_HEADER
@@ -230,7 +230,7 @@ int main() {
   }
   return 0; }],
     [libopts_cv_with_libregex=yes], [libopts_cv_with_libregex=no],
-    [libopts_cv_with_libregex=no]) # end of AC_TRY_RUN 
+    [libopts_cv_with_libregex=no]) # end of AC_RUN_IFELSE 
   ]) # end of AC_CACHE_VAL for libopts_cv_with_libregex
   AC_MSG_RESULT([${libopts_cv_with_libregex}])
   if test "X${libopts_cv_with_libregex}" != Xno
@@ -248,14 +248,14 @@ int main() {
 AC_DEFUN([LIBOPTS_RUN_PATHFIND],[
   AC_MSG_CHECKING([whether pathfind(3) works])
   AC_CACHE_VAL([libopts_cv_run_pathfind],[
-  AC_TRY_RUN([@%:@include <string.h>
+  AC_RUN_IFELSE([@%:@include <string.h>
 @%:@include <stdlib.h>
 int main (int argc, char** argv) {
    char* pz = pathfind( getenv( "PATH" ), "sh", "x" );
    return (pz == 0) ? 1 : 0;
 }],
     [libopts_cv_run_pathfind=yes],[libopts_cv_run_pathfind=no],[libopts_cv_run_pathfind=no]
-  ) # end of TRY_RUN
+  ) # end of RUN_IFELSE
   ]) # end of AC_CACHE_VAL for libopts_cv_run_pathfind
   AC_MSG_RESULT([${libopts_cv_run_pathfind}])
   if test "X${libopts_cv_run_pathfind}" != Xno
@@ -291,7 +291,7 @@ echo ${dzero}`
 AC_DEFUN([LIBOPTS_RUN_REALPATH],[
   AC_MSG_CHECKING([whether we have a functional realpath(3C)])
   AC_CACHE_VAL([libopts_cv_run_realpath],[
-  AC_TRY_RUN([@%:@include <limits.h>
+  AC_RUN_IFELSE([@%:@include <limits.h>
 @%:@include <stdlib.h>
 int main (int argc, char** argv) {
 @%:@ifndef PATH_MAX
@@ -303,7 +303,7 @@ choke me!!
    return (pz == zPath) ? 0 : 1;
 }],
     [libopts_cv_run_realpath=yes],[libopts_cv_run_realpath=no],[libopts_cv_run_realpath=no]
-  ) # end of TRY_RUN
+  ) # end of RUN_IFELSE
   ]) # end of AC_CACHE_VAL for libopts_cv_run_realpath
   AC_MSG_RESULT([${libopts_cv_run_realpath}])
   if test "X${libopts_cv_run_realpath}" != Xno
@@ -318,7 +318,7 @@ choke me!!
 AC_DEFUN([LIBOPTS_RUN_STRFTIME],[
   AC_MSG_CHECKING([whether strftime() works])
   AC_CACHE_VAL([libopts_cv_run_strftime],[
-  AC_TRY_RUN([@%:@include <time.h>
+  AC_RUN_IFELSE([@%:@include <time.h>
 @%:@include <string.h>
 char t_buf@<:@ 64 @:>@;
 int main() {
@@ -336,7 +336,7 @@ int main() {
   strftime( t_buf, sizeof( t_buf ), "%A %b %d %j", &tm );
   return (strcmp( t_buf, z ) != 0); }],
     [libopts_cv_run_strftime=yes],[libopts_cv_run_strftime=no],[libopts_cv_run_strftime=no]
-  ) # end of TRY_RUN
+  ) # end of RUN_IFELSE
   ]) # end of AC_CACHE_VAL for libopts_cv_run_strftime
   AC_MSG_RESULT([${libopts_cv_run_strftime}])
   if test "X${libopts_cv_run_strftime}" != Xno
@@ -351,12 +351,12 @@ int main() {
 AC_DEFUN([LIBOPTS_RUN_FOPEN_BINARY],[
   AC_MSG_CHECKING([whether fopen accepts "b" mode])
   AC_CACHE_VAL([libopts_cv_run_fopen_binary],[
-  AC_TRY_RUN([@%:@include <stdio.h>
+  AC_RUN_IFELSE([@%:@include <stdio.h>
 int main (int argc, char** argv) {
 FILE* fp = fopen("conftest. at S|@ac_ext", "rb");
 return (fp == NULL) ? 1 : fclose(fp); }],
     [libopts_cv_run_fopen_binary=yes],[libopts_cv_run_fopen_binary=no],[libopts_cv_run_fopen_binary=no]
-  ) # end of TRY_RUN
+  ) # end of RUN_IFELSE
   ]) # end of AC_CACHE_VAL for libopts_cv_run_fopen_binary
   AC_MSG_RESULT([${libopts_cv_run_fopen_binary}])
   if test "X${libopts_cv_run_fopen_binary}" != Xno
@@ -374,12 +374,12 @@ return (fp == NULL) ? 1 : fclose(fp); }]
 AC_DEFUN([LIBOPTS_RUN_FOPEN_TEXT],[
   AC_MSG_CHECKING([whether fopen accepts "t" mode])
   AC_CACHE_VAL([libopts_cv_run_fopen_text],[
-  AC_TRY_RUN([@%:@include <stdio.h>
+  AC_RUN_IFELSE([@%:@include <stdio.h>
 int main (int argc, char** argv) {
 FILE* fp = fopen("conftest. at S|@ac_ext", "rt");
 return (fp == NULL) ? 1 : fclose(fp); }],
     [libopts_cv_run_fopen_text=yes],[libopts_cv_run_fopen_text=no],[libopts_cv_run_fopen_text=no]
-  ) # end of TRY_RUN
+  ) # end of RUN_IFELSE
   ]) # end of AC_CACHE_VAL for libopts_cv_run_fopen_text
   AC_MSG_RESULT([${libopts_cv_run_fopen_text}])
   if test "X${libopts_cv_run_fopen_text}" != Xno

==== sntp/libopts/makeshell.c ====
2012-08-12 04:32:20+00:00, stenn at psp-fb1.ntp.org +96 -61
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.11/sntp/libopts/makeshell.c	2012-04-14 02:57:19 -04:00
+++ 1.12/sntp/libopts/makeshell.c	2012-08-12 00:32:20 -04:00
@@ -2,7 +2,7 @@
 /**
  * \file makeshell.c
  *
- * Time-stamp:      "2012-04-07 09:03:16 bkorb"
+ * Time-stamp:      "2012-08-11 08:51:32 bkorb"
  *
  *  This module will interpret the options set in the tOptions
  *  structure and create a Bourne shell script capable of parsing them.
@@ -33,6 +33,7 @@ tOptions * optionParseShellOptions = NUL
 static char const * shell_prog = NULL;
 static char * script_leader    = NULL;
 static char * script_trailer   = NULL;
+static char * script_text      = NULL;
 
 /* = = = START-STATIC-FORWARD = = = */
 static void
@@ -60,10 +61,13 @@ static void
 emit_match_expr(char const * pzMatchName, tOptDesc* pCurOpt, tOptions* pOpts);
 
 static void
-emitLong(tOptions * pOpts);
+emit_long(tOptions * pOpts);
+
+static char *
+load_old_output(char const * fname);
 
 static void
-open_out(char const * pzFile);
+open_out(char const * fname);
 /* = = = END-STATIC-FORWARD = = = */
 
 /*=export_func  optionParseShell
@@ -112,7 +116,7 @@ optionParseShell(tOptions * pOpts)
 
         fputs(LONG_OPT_MARK,    stdout);
         fputs(INIT_LOPT_STR,    stdout);
-        emitLong(pOpts);
+        emit_long(pOpts);
         printf(LOPT_ARG_FMT,    pOpts->pzPROGNAME);
         fputs(END_OPT_SEL_STR,  stdout);
 
@@ -122,7 +126,7 @@ optionParseShell(tOptions * pOpts)
     case 0:
         fputs(ONLY_OPTS_LOOP,   stdout);
         fputs(INIT_LOPT_STR,    stdout);
-        emitLong(pOpts);
+        emit_long(pOpts);
         printf(LOPT_ARG_FMT,    pOpts->pzPROGNAME);
         break;
 
@@ -143,7 +147,7 @@ optionParseShell(tOptions * pOpts)
 
         fputs(LONG_OPT_MARK,    stdout);
         fputs(INIT_LOPT_STR,    stdout);
-        emitLong(pOpts);
+        emit_long(pOpts);
         printf(LOPT_ARG_FMT,    pOpts->pzPROGNAME);
         fputs(END_OPT_SEL_STR,  stdout);
 
@@ -172,6 +176,11 @@ optionParseShell(tOptions * pOpts)
         fputs(zOutputFail, stderr);
         exit(EXIT_FAILURE);
     }
+
+    AGFREE(script_text);
+    script_leader    = NULL;
+    script_trailer   = NULL;
+    script_text      = NULL;
 }
 
 #ifdef HAVE_WORKING_FORK
@@ -609,11 +618,11 @@ emit_match_expr(char const * pzMatchName
 }
 
 
-/*
- *  Emit GNU-standard long option handling code
+/**
+ *  Emit GNU-standard long option handling code.
  */
 static void
-emitLong(tOptions * pOpts)
+emit_long(tOptions * pOpts)
 {
     tOptDesc* pOD = pOpts->pOptDesc;
     int       ct  = pOpts->optCt;
@@ -645,70 +654,96 @@ emitLong(tOptions * pOpts)
     printf(UNK_OPT_FMT, OPTION_STR, pOpts->pzPROGNAME);
 }
 
-
-static void
-open_out(char const * pzFile)
+/**
+ * Load the previous shell script output file.  We need to preserve any
+ * hand-edited additions outside of the START_MARK and END_MARKs.
+ *
+ * @param[in] fname  the output file name
+ */
+static char *
+load_old_output(char const * fname)
 {
-    FILE* fp;
-    char* pzData = NULL;
+    /*
+     *  IF we cannot stat the file,
+     *  THEN assume we are creating a new file.
+     *       Skip the loading of the old data.
+     */
+    FILE * fp = fopen(fname, "r" FOPEN_BINARY_FLAG);
     struct stat stbf;
+    char * text;
+    char * scan;
 
-    do  {
-        char*    pzScan;
-        size_t sizeLeft;
+    if (fp == NULL)
+        return NULL;
 
-        /*
-         *  IF we cannot stat the file,
-         *  THEN assume we are creating a new file.
-         *       Skip the loading of the old data.
-         */
-        if (stat(pzFile, &stbf) != 0)
+    /*
+     * If we opened it, we should be able to stat it and it needs
+     * to be a regular file
+     */
+    if ((fstat(fileno(fp), &stbf) != 0) || (! S_ISREG(stbf.st_mode))) {
+        fprintf(stderr, zNotFile, fname);
+        exit(EXIT_FAILURE);
+    }
+
+    scan = text = AGALOC(stbf.st_size + 1, "f data");
+
+    /*
+     *  Read in all the data as fast as our OS will let us.
+     */
+    for (;;) {
+        int inct = fread((void*)scan, (size_t)1, stbf.st_size, fp);
+        if (inct == 0)
             break;
 
-        /*
-         *  The file must be a regular file
-         */
-        if (! S_ISREG(stbf.st_mode)) {
-            fprintf(stderr, zNotFile, pzFile);
-            exit(EXIT_FAILURE);
-        }
+        stbf.st_size -= inct;
 
-        pzData = AGALOC(stbf.st_size + 1, "f data");
-        fp = fopen(pzFile, "r" FOPEN_BINARY_FLAG);
+        if (stbf.st_size == 0)
+            break;
 
-        sizeLeft = (unsigned)stbf.st_size;
-        pzScan   = pzData;
+        scan += inct;
+    }
 
-        /*
-         *  Read in all the data as fast as our OS will let us.
-         */
-        for (;;) {
-            int inct = fread((void*)pzScan, (size_t)1, sizeLeft, fp);
-            if (inct == 0)
-                break;
+    *scan = NUL;
+    fclose(fp);
 
-            pzScan   += inct;
-            sizeLeft -= inct;
+    return text;
+}
 
-            if (sizeLeft == 0)
-                break;
-        }
+/**
+ * Open the specified output file.  If it already exists, load its
+ * contents and save the non-generated (hand edited) portions.
+ * If a "start mark" is found, everything before it is preserved leader.
+ * If not, the entire thing is a trailer.  Assuming the start is found,
+ * then everything after the end marker is the trailer.  If the end
+ * mark is not found, the file is actually corrupt, but we take the
+ * remainder to be the trailer.
+ *
+ * @param[in] fname  the output file name
+ */
+static void
+open_out(char const * fname)
+{
 
-        /*
-         *  NUL-terminate the leader and look for the trailer
-         */
-        *pzScan = NUL;
-        fclose(fp);
-        pzScan  = strstr(pzData, START_MARK);
-        if (pzScan == NULL) {
-            script_trailer = pzData;
+    do  {
+        char * txt = script_text = load_old_output(fname);
+        char * scn;
+
+        if (txt == NULL)
+            break;
+
+        scn = strstr(txt, START_MARK);
+        if (scn == NULL) {
+            script_trailer = txt;
             break;
         }
 
-        *(pzScan++) = NUL;
-        pzScan  = strstr(pzScan, END_MARK);
-        if (pzScan == NULL) {
-            script_trailer = pzData;
+        *(scn++) = NUL;
+        scn = strstr(scn, END_MARK);
+        if (scn == NULL) {
+            /*
+             * The file is corrupt.
+             */
+            script_trailer = txt + strlen(txt) + START_MARK_LEN + 1;
             break;
         }
 
@@ -716,11 +751,11 @@ open_out(char const * pzFile)
          *  Check to see if the data contains our marker.
          *  If it does, then we will skip over it
          */
-        script_trailer = pzScan + END_MARK_LEN;
-        script_leader  = pzData;
+        script_trailer = scn + END_MARK_LEN;
+        script_leader  = txt;
     } while (false);
 
-    if (freopen(pzFile, "w" FOPEN_BINARY_FLAG, stdout) != stdout) {
+    if (freopen(fname, "w" FOPEN_BINARY_FLAG, stdout) != stdout) {
         fprintf(stderr, zFreopenFail, errno, strerror(errno));
         exit(EXIT_FAILURE);
     }

==== sntp/libopts/proto.h ====
2012-08-12 04:32:20+00:00, stenn at psp-fb1.ntp.org +6 -6
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.17/sntp/libopts/proto.h	2012-06-18 03:03:09 -04:00
+++ 1.18/sntp/libopts/proto.h	2012-08-12 00:32:20 -04:00
@@ -1,7 +1,7 @@
 /* -*- buffer-read-only: t -*- vi: set ro:
  *
  * Prototypes for autoopts
- * Generated Sun Jun 17 15:47:44 PDT 2012
+ * Generated Sat Aug 11 09:41:23 PDT 2012
  */
 #ifndef AUTOOPTS_PROTO_H_GUARD
 #define AUTOOPTS_PROTO_H_GUARD 1
@@ -65,7 +65,7 @@ env_presets(tOptions * pOpts, teEnvPrese
  *  Extracted from find.c
  */
 LOCAL tSuccess
-opt_find_long(tOptions * pOpts, char const * opt_name, tOptState * pOptState);
+opt_find_long(tOptions * opts, char const * opt_name, tOptState * state);
 
 LOCAL tSuccess
 opt_find_short(tOptions* pOpts, uint_t optValue, tOptState* pOptState);
@@ -80,13 +80,13 @@ find_opt(tOptions * pOpts, tOptState * p
  *  Extracted from load.c
  */
 LOCAL void
-mungeString(char* pzTxt, tOptionLoadMode mode);
+mungeString(char * txt, tOptionLoadMode mode);
 
 LOCAL void
 loadOptionLine(
-    tOptions*   pOpts,
-    tOptState*  pOS,
-    char*       pzLine,
+    tOptions *  opts,
+    tOptState * opt_state,
+    char *      line,
     tDirection  direction,
     tOptionLoadMode   load_mode );
 

==== sntp/libopts/reset.c ====
2012-08-12 04:32:20+00:00, stenn at psp-fb1.ntp.org +4 -1
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.10/sntp/libopts/reset.c	2012-04-14 02:57:20 -04:00
+++ 1.11/sntp/libopts/reset.c	2012-08-12 00:32:20 -04:00
@@ -2,7 +2,7 @@
 /**
  * \file reset.c
  *
- *  Time-stamp:      "2011-05-24 18:07:16 bkorb"
+ *  Time-stamp:      "2012-08-11 08:35:11 bkorb"
  *
  *  This file is part of AutoOpts, a companion to AutoGen.
  *  AutoOpts is free software.
@@ -74,6 +74,9 @@ optionResetOpt( tOptions* pOpts, tOptDes
     tOptState opt_state = OPTSTATE_INITIALIZER(DEFINED);
     char const * pzArg = pOD->optArg.argString;
     tSuccess     succ;
+
+    if (pOpts <= OPTPROC_EMIT_LIMIT)
+        return;
 
     if (reset_active)
         return;

==== sntp/libopts/stack.c ====
2012-08-12 04:32:20+00:00, stenn at psp-fb1.ntp.org +7 -2
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.9/sntp/libopts/stack.c	2012-04-14 02:57:20 -04:00
+++ 1.10/sntp/libopts/stack.c	2012-08-12 00:32:20 -04:00
@@ -2,7 +2,7 @@
 /**
  * \file stack.c
  *
- *  Time-stamp:      "2012-03-31 13:16:41 bkorb"
+ *  Time-stamp:      "2012-08-11 08:35:28 bkorb"
  *
  *  This is a special option processing routine that will save the
  *  argument to an option in a FIFO queue.
@@ -49,8 +49,12 @@ optionUnstackArg(tOptions * pOpts, tOptD
 
     (void)pOpts;
 
+    if (pOpts <= OPTPROC_EMIT_LIMIT)
+        return;
+
     if ((pOptDesc->fOptState & OPTST_RESET) != 0)
         return;
+
     pAL = (tArgList*)pOptDesc->optCookie;
 
     /*
@@ -234,7 +238,8 @@ optionStackArg(tOptions * pOpts, tOptDes
 {
     char * pz;
 
-    (void)pOpts;
+    if (pOpts <= OPTPROC_EMIT_LIMIT)
+        return;
 
     if ((pOD->fOptState & OPTST_RESET) != 0) {
         tArgList* pAL = (void*)pOD->optCookie;

==== sntp/libopts/time.c ====
2012-08-12 04:32:20+00:00, stenn at psp-fb1.ntp.org +7 -1
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.9/sntp/libopts/time.c	2012-02-27 01:45:17 -05:00
+++ 1.10/sntp/libopts/time.c	2012-08-12 00:32:20 -04:00
@@ -2,7 +2,7 @@
 /**
  * \file time.c
  *
- *  Time-stamp:      "2012-01-29 12:52:31 bkorb"
+ *  Time-stamp:      "2012-08-11 08:34:17 bkorb"
  *
  *  This file is part of AutoOpts, a companion to AutoGen.
  *  AutoOpts is free software.
@@ -40,6 +40,9 @@ optionTimeVal(tOptions * pOpts, tOptDesc
 {
     time_t val;
 
+    if (pOpts <= OPTPROC_EMIT_LIMIT)
+        return;
+
     if ((pOD->fOptState & OPTST_RESET) != 0)
         return;
 
@@ -72,6 +75,9 @@ void
 optionTimeDate(tOptions * pOpts, tOptDesc * pOD)
 {
 #if defined(HAVE_GETDATE_R) && defined(HAVE_PUTENV)
+    if (pOpts <= OPTPROC_EMIT_LIMIT)
+        return;
+
     if ((! HAS_pzPkgDataDir(pOpts)) || (pOpts->pzPkgDataDir == NULL))
         goto default_action;
 

==== sntp/libopts/value-type.h ====
2012-08-12 04:32:20+00:00, stenn at psp-fb1.ntp.org +1 -1
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.17/sntp/libopts/value-type.h	2012-06-18 03:03:10 -04:00
+++ 1.18/sntp/libopts/value-type.h	2012-08-12 00:32:20 -04:00
@@ -1,5 +1,5 @@
 /*
- *  Generated header for gperf generated source Sun Jun 17 15:47:35 PDT 2012
+ *  Generated header for gperf generated source Sat Aug 11 09:41:14 PDT 2012
  *  This file enumerates the list of names and declares the
  *  procedure for mapping string names to the enum value.
  */

==== sntp/libopts/version.c ====
2012-08-12 04:32:21+00:00, stenn at psp-fb1.ntp.org +54 -51
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.10/sntp/libopts/version.c	2012-02-27 01:45:17 -05:00
+++ 1.11/sntp/libopts/version.c	2012-08-12 00:32:21 -04:00
@@ -1,6 +1,6 @@
 
 /*
- * Time-stamp:      "2012-01-29 19:44:24 bkorb"
+ * Time-stamp:      "2012-08-11 08:41:53 bkorb"
  *
  *  This module implements the default usage procedure for
  *  Automated Options.  It may be overridden, of course.
@@ -49,113 +49,116 @@ optionVersion(void)
 /**
  * Select among various ways to emit version information.
  *
- * @param pOpts the option descriptor
+ * @param opts  the option descriptor
  * @param fp    the output stream
  */
 static void
-emit_simple_ver(tOptions * pOpts, FILE * fp)
+emit_simple_ver(tOptions * opts, FILE * fp)
 {
     /*
      *  Use the supplied string
      */
-    if (pOpts->pzFullVersion != NULL)
-        fputs(pOpts->pzFullVersion, fp);
+    if (opts->pzFullVersion != NULL)
+        fputs(opts->pzFullVersion, fp);
 
     /*
      *  Extract the interesting part of the copyright string
      */
-    else if (pOpts->pzCopyright != NULL) {
-        char const * pe = strchr(pOpts->pzCopyright, NL);
+    else if (opts->pzCopyright != NULL) {
+        char const * pe = strchr(opts->pzCopyright, NL);
         if (pe == NULL)
-            pe = pOpts->pzCopyright + strlen(pOpts->pzCopyright);
-        fwrite(pOpts->pzCopyright, 1, pe - pOpts->pzCopyright, fp);
+            pe = opts->pzCopyright + strlen(opts->pzCopyright);
+        fwrite(opts->pzCopyright, 1, pe - opts->pzCopyright, fp);
     }
 
     /*
      *  Extract the interesting part of the usage title string
      */
     else {
-        char const * pe = strchr(pOpts->pzUsageTitle, NL);
+        char const * pe = strchr(opts->pzUsageTitle, NL);
         if (pe == NULL)
-            pe = pOpts->pzUsageTitle + strlen(pOpts->pzUsageTitle);
-        fwrite(pOpts->pzUsageTitle, 1, pe - pOpts->pzUsageTitle, fp);
+            pe = opts->pzUsageTitle + strlen(opts->pzUsageTitle);
+        fwrite(opts->pzUsageTitle, 1, pe - opts->pzUsageTitle, fp);
     }
     fputc(NL, fp);
 }
 
 static void
-emit_copy_ver(tOptions * pOpts, FILE * fp)
+emit_copy_ver(tOptions * opts, FILE * fp)
 {
-    if (pOpts->pzCopyright != NULL)
-        fputs(pOpts->pzCopyright, fp);
+    if (opts->pzCopyright != NULL)
+        fputs(opts->pzCopyright, fp);
 
-    else if (pOpts->pzFullVersion != NULL)
-        fputs(pOpts->pzFullVersion, fp);
+    else if (opts->pzFullVersion != NULL)
+        fputs(opts->pzFullVersion, fp);
 
     else {
-        char const * pe = strchr(pOpts->pzUsageTitle, NL);
+        char const * pe = strchr(opts->pzUsageTitle, NL);
         if (pe == NULL)
-            pe = pOpts->pzUsageTitle + strlen(pOpts->pzUsageTitle);
-        fwrite(pOpts->pzUsageTitle, 1, pe - pOpts->pzCopyright, fp);
+            pe = opts->pzUsageTitle + strlen(opts->pzUsageTitle);
+        fwrite(opts->pzUsageTitle, 1, pe - opts->pzCopyright, fp);
     }
 
     fputc(NL, fp);
 
-    if (HAS_pzPkgDataDir(pOpts) && (pOpts->pzPackager != NULL))
-        fputs(pOpts->pzPackager, fp);
+    if (HAS_pzPkgDataDir(opts) && (opts->pzPackager != NULL))
+        fputs(opts->pzPackager, fp);
 
-    else if (pOpts->pzBugAddr != NULL)
-        fprintf(fp, zPlsSendBugs, pOpts->pzBugAddr);
+    else if (opts->pzBugAddr != NULL)
+        fprintf(fp, zPlsSendBugs, opts->pzBugAddr);
 }
 
 static void
-emit_copy_note(tOptions * pOpts, FILE * fp)
+emit_copy_note(tOptions * opts, FILE * fp)
 {
-    if (pOpts->pzCopyright != NULL) {
-        fputs(pOpts->pzCopyright, fp);
+    if (opts->pzCopyright != NULL) {
+        fputs(opts->pzCopyright, fp);
         fputc(NL, fp);
     }
 
-    if (pOpts->pzCopyNotice != NULL) {
-        fputs(pOpts->pzCopyNotice, fp);
+    if (opts->pzCopyNotice != NULL) {
+        fputs(opts->pzCopyNotice, fp);
         fputc(NL, fp);
     }
 
     fprintf(fp, zAO_Ver, optionVersion());
 
-    if (HAS_pzPkgDataDir(pOpts) && (pOpts->pzPackager != NULL))
-        fputs(pOpts->pzPackager, fp);
+    if (HAS_pzPkgDataDir(opts) && (opts->pzPackager != NULL))
+        fputs(opts->pzPackager, fp);
 
-    else if (pOpts->pzBugAddr != NULL)
-        fprintf(fp, zPlsSendBugs, pOpts->pzBugAddr);
+    else if (opts->pzBugAddr != NULL)
+        fprintf(fp, zPlsSendBugs, opts->pzBugAddr);
 }
 
 static void
-print_ver(tOptions * pOpts, tOptDesc * pOD, FILE * fp)
+print_ver(tOptions * opts, tOptDesc * od, FILE * fp)
 {
     char ch;
 
+    if (opts <= OPTPROC_EMIT_LIMIT)
+        return;
+
     /*
      *  IF we have an argument for this option, use it
      *  Otherwise, default to version only or copyright note,
      *  depending on whether the layout is GNU standard form or not.
      */
-    if (  (pOD->fOptState & OPTST_ARG_OPTIONAL)
-       && (pOD->optArg.argString != NULL)
-       && (pOD->optArg.argString[0] != NUL))
+    if (  (od->fOptState & OPTST_ARG_OPTIONAL)
+       && (od->optArg.argString != NULL)
+       && (od->optArg.argString[0] != NUL))
 
-        ch = pOD->optArg.argString[0];
+        ch = od->optArg.argString[0];
 
     else {
-        set_usage_flags(pOpts, NULL);
-        ch = (pOpts->fOptSet & OPTPROC_GNUUSAGE) ? 'c' : 'v';
+        set_usage_flags(opts, NULL);
+        ch = (opts->fOptSet & OPTPROC_GNUUSAGE) ? 'c' : 'v';
     }
 
     switch (ch) {
     case NUL: /* arg provided, but empty */
-    case 'v': case 'V': emit_simple_ver(pOpts, fp); break;
-    case 'c': case 'C': emit_copy_ver(pOpts, fp);   break;
-    case 'n': case 'N': emit_copy_note(pOpts, fp);  break;
+    case 'v': case 'V': emit_simple_ver(opts, fp); break;
+    case 'c': case 'C': emit_copy_ver(  opts, fp); break;
+    case 'n': case 'N': emit_copy_note( opts, fp); break;
 
     default:
         fprintf(stderr, zBadVerArg, ch);
@@ -174,32 +177,32 @@ print_ver(tOptions * pOpts, tOptDesc * p
  * private:
  *
  * what:  Print the program version
- * arg:   + tOptions* + pOpts    + program options descriptor +
- * arg:   + tOptDesc* + pOptDesc + the descriptor for this arg +
+ * arg:   + tOptions* + opts + program options descriptor +
+ * arg:   + tOptDesc* + od   + the descriptor for this arg +
  *
  * doc:
  *  This routine will print the version to stdout.
 =*/
 void
-optionPrintVersion(tOptions * pOpts, tOptDesc * pOD)
+optionPrintVersion(tOptions * opts, tOptDesc * od)
 {
-    print_ver(pOpts, pOD, stdout);
+    print_ver(opts, od, stdout);
 }
 
 /*=export_func  optionVersionStderr
  * private:
  *
  * what:  Print the program version to stderr
- * arg:   + tOptions* + pOpts    + program options descriptor +
- * arg:   + tOptDesc* + pOptDesc + the descriptor for this arg +
+ * arg:   + tOptions* + opts + program options descriptor +
+ * arg:   + tOptDesc* + od   + the descriptor for this arg +
  *
  * doc:
  *  This routine will print the version to stderr.
 =*/
 void
-optionVersionStderr(tOptions * pOpts, tOptDesc * pOD)
+optionVersionStderr(tOptions * opts, tOptDesc * od)
 {
-    print_ver(pOpts, pOD, stderr);
+    print_ver(opts, od, stderr);
 }
 
 /*

==== sntp/libopts/xat-attribute.h ====
2012-08-12 04:32:21+00:00, stenn at psp-fb1.ntp.org +1 -1
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.17/sntp/libopts/xat-attribute.h	2012-06-18 03:03:10 -04:00
+++ 1.18/sntp/libopts/xat-attribute.h	2012-08-12 00:32:21 -04:00
@@ -1,5 +1,5 @@
 /*
- *  Generated header for gperf generated source Sun Jun 17 15:47:35 PDT 2012
+ *  Generated header for gperf generated source Sat Aug 11 09:41:14 PDT 2012
  *  This file enumerates the list of names and declares the
  *  procedure for mapping string names to the enum value.
  */

==== sntp/sntp-opts.c ====
2012-08-12 04:32:19+00:00, stenn at psp-fb1.ntp.org +265 -195
  Upgrade to autogen-5.16.2 and libopts-36.5.11

--- 1.293/sntp/sntp-opts.c	2012-08-11 07:33:24 -04:00
+++ 1.294/sntp/sntp-opts.c	2012-08-12 00:32:19 -04:00
@@ -1,11 +1,11 @@
 /*  
  *  EDIT THIS FILE WITH CAUTION  (sntp-opts.c)
  *  
- *  It has been AutoGen-ed  August 11, 2012 at 11:22:25 AM by AutoGen 5.14
+ *  It has been AutoGen-ed  August 11, 2012 at 08:39:32 PM by AutoGen 5.16.2
  *  From the definitions    sntp-opts.def
  *  and the template file   options
  *
- * Generated from AutoOpts 36:1:11 templates.
+ * Generated from AutoOpts 36:5:11 templates.
  *
  *  AutoOpts is a copyrighted work.  This source file is not encumbered
  *  by AutoOpts licensing, but is provided under the licensing terms chosen
@@ -36,15 +36,16 @@
  *  is provided "as is" without express or implied warranty.
  */
 
+#ifndef __doxygen__
+#define OPTION_CODE_COMPILE 1
+#include "sntp-opts.h"
 #include <sys/types.h>
 
 #include <limits.h>
 #include <stdio.h>
 #include <stdlib.h>
-
-#define OPTION_CODE_COMPILE 1
-#include "sntp-opts.h"
 #include <errno.h>
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
@@ -55,10 +56,10 @@ extern FILE * option_usage_fp;
 #define zCopyright      (sntp_opt_strs+0)
 #define zLicenseDescrip (sntp_opt_strs+314)
 
-extern tUsageProc optionUsage;
 /*
  *  global included definitions
- */#ifdef __windows
+ */
+#ifdef __windows
   extern int atoi(const char*);
 #else
 # include <stdlib.h>
@@ -71,7 +72,7 @@ extern tUsageProc optionUsage;
 /*
  *  sntp option static const strings
  */
-static char const sntp_opt_strs[2613] =
+static char const sntp_opt_strs[2568] =
 /*     0 */ "sntp 4.2.7p295\n"
             "Copyright (C) 1970-2012 The University of Delaware, all rights reserved.\n"
             "This is free software. It is licensed for use, modification and\n"
@@ -84,98 +85,98 @@ static char const sntp_opt_strs[2613] =
             "provided that the above copyright notice appears in all copies and that\n"
             "both the copyright notice and this permission notice appear in supporting\n"
             "documentation, and that the name The University of Delaware not be used in\n"
-            "advertising or publicity pertaining to distribution of the software\n"
-            "without specific, written prior permission. The University of Delaware\n"
-            "makes no representations about the suitability this software for any\n"
-            "purpose. It is provided \"as is\" without express or implied warranty.\n\0"
-/*   952 */ "Force IPv4 DNS name resolution\0"
-/*   983 */ "IPV4\0"
-/*   988 */ "ipv4\0"
-/*   993 */ "Force IPv6 DNS name resolution\0"
-/*  1024 */ "IPV6\0"
-/*  1029 */ "ipv6\0"
-/*  1034 */ "Enable authentication with the key @var{auth-keynumber}\0"
-/*  1090 */ "AUTHENTICATION\0"
-/*  1105 */