date:20131119


On 19/11/13 02:45, Brian Inglis wrote:


W32tm is an SNTP service intended to synchronize time on
workstations in a domain to a domain controller at intervals.


w32time WAS such a service, and possibly still is out of the box. 
However, give or take implementation errors, it can be configured to act 
as an NTP V3 service.


___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] how did ntp service set the maxallowphaseoffset

On 19/11/13 06:05, xiaoniao112...@gmail.com wrote:

在 2013年11月19日星期二UTC+8上午10时45分44秒，Brian Inglis写道：

On 2013-11-18 01:30, xiaoniao112...@gmail.com wrote: hello : I had recently start a work
about ntp service ,my friends and me use windows and linux to sync time in ntp.we could use
w32time service to sync linux in ntp.In windows we could I found that in the registry：
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\ MaxAllowedPhaseOffset may be
could set the offset time between the local time and the server that they will be synchronize. If
out of range of MaxAllowedPhaseOffset in seconds ,they synchronize,otherwise not. But I have
a question that Is there a paremeter in ntp service that control the offset like in registry
above in windows. W32tm is an SNTP service intended to synchronize time on workstations in a
domain to a domain controller at intervals.NTP service is intended to maintain accurate time on
clients and servers across the internet, where the accuracy willdepend on your budget and effort,
from 100ms with poolservers to 1us with referenc

e clock hardware and kernel PPS support.W32tm service parameters documented at
http://technet.microsoft.com/en-us/library/cc773263%28v=ws.10%29.aspx, may be
compared to options from NTP docs @ doc.ntp.org:e.g. Configuration Commands and
OptionsMiscellaneous Commands tinker - modify sacred system parameters
(dangerous) http://doc.ntp.org/4.2.6p5/miscopt.html#tinker for current stable
release 4.2.6p5tinker.. panic panic Specifies the panic threshold in
seconds with default 1000 s. If set to zero, the panic sanity check is disabled
and a clock offset of any value will be accepted step step Specifies the
step threshold in seconds. The default without this command is 0.128 s. If set
to zero, step adjustments will never occur. Note: The kernel time discipline is
disabled if the step threshold is set to zero or greater than 0.5 s stepout
stepout Specifies the stepout threshold in seconds. The default without this
command is 900 s. If set to zero, popcorn spikes will not be suppre
ssed.So tinker step is similar to W32tm MaxAllowedPhaseOffset except for different
service levels:The default value for domain members is 300. The default value for
stand-alone clients and servers is 1. and the W32tm slew requirement:
|CurrentTimeOffset| / (PhaseCorrectRate*UpdateInterval) SystemClockRate / 2
-- -- Take care. Thanks, Brian Inglis
___questions mailing list
questi...@lists.ntp.orghttp://lists.ntp.org/listinfo/questions

But I have a question,how can I set this value,I just use it in a LAN to
Synchonize the time in the LAN.So is that a stand-alone clients and servers.If
it is ,which command should I use to change this value in LINUX OS.

In /etc/ntpd.conf, or whatever your OS calls that file.

Note that ntpd was not really designed for use without a reference
clock. If you are careful, you can do so, but it is easy to create
configurations that behave badly.

___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] how did ntp service set the maxallowphaseoffset

2013-11-19 Thread Brian Inglis


On 2013-11-18 23:05, xiaoniao112...@gmail.com wrote:

On 2013-11-18 01:30, xiaoniao112...@gmail.com wrote: hello :



But I have a question,how can I set this value,
I just use it in a LAN to Synchonize the time in the LAN.
So is that a stand-alone clients and servers.
If it is ,which command should I use to change this value in LINUX OS.


I presume you refer to ntpd/tinker step?
This parameter alters when the daemon decides the system time offset is
too high to be disciplined by slewing the system clock rate, and it has
to fall back to step the time by the offset.
This will depend on the maximum system clock rate change headroom
available on each system, given the inherent frequency drift of each
system.

You should not need to change this parameter:
tinker - modify sacred system parameters (dangerous)!

On most systems, a step should only be necessary when you start the ntpd
daemon and the ntpd startup option -g --panicgate will allow a single
large adjustment to be made when ntpd has made its initial offset estimate
from other network time servers or a local hardware reference clock.

Before you consider changing this, you need to calibrate the inherent
frequency drift of *each* system's hardware clock crystal, to see
whether and what values might be feasible on *each* system.

To make a decision on whether this could be useful, please find a good
translation to your language of Linux man hwclock(8), adjtimex(8), ntpd(8),
and the NTP docs (or try Google Translate on the doc.ntp.org web site pages).

Someone else asked: what are you trying to do by changing this parameter?
The defaults have been set based on running and simulating different control
algorithms, settings, and scenarios.

Start by using the defaults and setup described in the Quick Start section
or set by your distribution in the default ntp.conf provided.

If nothing is provided use pool servers with an ntp.conf statement like:
pool asia.pool.ntp.org
or one of the country pools shown at http://www.pool.ntp.org/zone/asia
cn.pool.ntp.org, hk.pool.ntp.org, sg.pool.ntp.org, tw.pool.ntp.org.
--
Take care. Thanks, Brian Inglis
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] Panic threshold code

A C writes:
 If I'm reading the code correctly (for 4.2.7p270 at the moment), in
 ntp_loopfilter.c at line 245 (or nearby for newer versions) I see:
 
 if (fabs(fp_offset)  clock_panic  clock_panic  0  !allow_panic) {
snprintf(tbuf, sizeof(tbuf),
   %+.0f s; set clock manually within %.0f s.,
fp_offset, clock_panic);
report_event(EVNT_SYSFAULT, NULL, tbuf);
return (-1);
 }
 
 I am assuming this is the segment of code that will cause ntpd to abort
 entirely if the panic threshold (default 1000 s) is exceeded?

Yes.  And the value can be changed (0 means don't exit if the offset is
huge) and one can start ntpd with -g to wiggle allow_panic to let the
first adjustment happen regardless of how big it is.
-- 
Harlan Stenn st...@ntp.org
http://networktimefoundation.org - be a member!

___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] how did ntp service set the maxallowphaseoffset

2013-11-19 Thread Brian Inglis


On 2013-11-19 00:57, David Woolley wrote:

On 19/11/13 02:45, Brian Inglis wrote:


W32tm is an SNTP service intended to synchronize time on
workstations in a domain to a domain controller at intervals.


w32time WAS such a service, and possibly still is out of the box.
However, give or take implementation errors, it can be configured
to act as an NTP V3 service.


With about the same accuracy as a drift compensation TSR and the
NIST ACTS dial up service used from Windows 3  95 on a dial up link!
A number of the parameters have a resolution of seconds!
Given the NTP and w32tm rate control settings, we know w32tm will be
unable to slew and have to step adjust the offsets on some systems,
not just those with broken hardware clocks.
--
Take care. Thanks, Brian Inglis
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] how did ntp service set the maxallowphaseoffset

2013-11-19 Thread Brian Inglis


On 2013-11-19 00:55, David Woolley wrote:

On 19/11/13 06:05, xiaoniao112...@gmail.com wrote:


But I have a question,how can I set this value,I just use it in a LAN to 
Synchonize the time in the LAN.So is that a stand-alone clients and servers.If 
it is ,which command should I use to change this value in LINUX OS.



In /etc/ntpd.conf, or whatever your OS calls that file.

Note that ntpd was not really designed for use without a reference clock.

...at the top of the network time hierarchy: stratum 1.
It was designed for use with local and remote network time servers at all
lower stratum levels; evident in the default control settings.


If you are careful, you can do so, but it is easy to create configurations
that behave badly.

...and hard to create good configurations without reading and understanding
the docs, sometimes the code, and possibly also the book.

--
Take care. Thanks, Brian Inglis
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] how did ntp service set the maxallowphaseoffset

2013-11-19 Thread xiaoniao112233

在 2013年11月19日星期二UTC+8下午5时06分42秒，Brian Inglis写道：
 On 2013-11-19 00:55, David Woolley wrote:  On 19/11/13 06:05, 
 xiaoniao112...@gmail.com wrote:   But I have a question,how can I set 
 this value,I just use it in a LAN to Synchonize the time in the LAN.So is 
 that a stand-alone clients and servers.If it is ,which command should I use 
 to change this value in LINUX OS.In /etc/ntpd.conf, or whatever your 
 OS calls that file.   Note that ntpd was not really designed for use 
 without a reference clock. ...at the top of the network time hierarchy: 
 stratum 1. It was designed for use with local and remote network time servers 
 at all lower stratum levels; evident in the default control settings.  If 
 you are careful, you can do so, but it is easy to create configurations  
 that behave badly. ...and hard to create good configurations without reading 
 and understanding the docs, sometimes the code, and possibly also the book. 
 -- Take care. Thanks, Brian Inglis

Thanks a lot for your suggestion.

___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] Pool returns IPv6 address to IPv4 query

2013-11-19 Thread Brian Utterback

Just as a point of interest, one of the most heated debates I have ever 
been involved in internally here at Oracle was concerning whether 
getaddrinfo (as defined by POSIX) should or should not return IPv6 
addresses if the system only has IPv4 interfaces and/or only the 
loopback IPv6 address. The getaddrinfo call was designed to work 
efficiently on both dual stack and single stack systems, but the wording 
in the standard is slightly ambiguous especially considering the case 
that the host you are looking up might actually belong to the system you 
are on.


On 11/18/13 16:01, Danny Mayer wrote:

On 11/18/2013 2:44 PM, A C wrote:

On 11/18/2013 11:18, Majdi S. Abbas wrote:


The fact that it's even trying means you didn't start ntpd with
-4, and the host has at least one IPv6 interface (this might be as
simple as v6 enabled on the loopback.)

So, either ensure that v6 is fully disabled on the host, or add
-4 to your ntpd startup parameters.


lo0 did indeed have a v6 address configured (hadn't noticed) though my
eth0 does not.  I would not have expected ntpd to use v6 if any one
interface did not have it.  Up until this point it never returned a v6
address on lookup so that's probably why I never noticed that v6 had
been enabled again (recent upgrade of OS).  I've disabled all v6 now and
added -4 for good measure.

ntpd will use whatever addresses it gets back from DNS. If you don't
specify that you only want IPv4 addresses and it gets an IPv6 address it
will attempt to use it. This is a DNS and configuration issue not an ntp
issue. This is true of all applications (whether client or server) these
days.

Danny

___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions



--
blu

Always code as if the guy who ends up maintaining your code will be a
violent psychopath who knows where you live. - Martin Golding
---|
Brian Utterback - Solaris RPE, Oracle Corporation.
Ph:603-262-3916, Em:brian.utterb...@oracle.com

___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] Pool returns IPv6 address to IPv4 query

That must have been a short discussion. getaddrinfo() has nothing to do
with the IP stack. getaddrinfo()'s job is to get information from the
nameservers you specify in resolv.conf or wherever else the OS has that
information. Its job is NOT to make decisions about what it should ask
for. That's the programmer's job when setting up the API call as to what
addresses to ask for.

Would you like dig, nslookup, host, etc. to not give you all the
information when you are analyzing a problem? (the BIND versions use
their own internal versions of getaddrinfo, I am using these as an example).

Applications and Servers can make their own decisions about what data to
fetch and use, not getaddrinfo's.

Danny

On 11/19/2013 9:02 AM, Brian Utterback wrote:
 Just as a point of interest, one of the most heated debates I have ever
 been involved in internally here at Oracle was concerning whether
 getaddrinfo (as defined by POSIX) should or should not return IPv6
 addresses if the system only has IPv4 interfaces and/or only the
 loopback IPv6 address. The getaddrinfo call was designed to work
 efficiently on both dual stack and single stack systems, but the wording
 in the standard is slightly ambiguous especially considering the case
 that the host you are looking up might actually belong to the system you
 are on.
 
 On 11/18/13 16:01, Danny Mayer wrote:
 On 11/18/2013 2:44 PM, A C wrote:
 On 11/18/2013 11:18, Majdi S. Abbas wrote:

 The fact that it's even trying means you didn't start ntpd with
 -4, and the host has at least one IPv6 interface (this might be as
 simple as v6 enabled on the loopback.)

 So, either ensure that v6 is fully disabled on the host, or add
 -4 to your ntpd startup parameters.

 lo0 did indeed have a v6 address configured (hadn't noticed) though my
 eth0 does not.  I would not have expected ntpd to use v6 if any one
 interface did not have it.  Up until this point it never returned a v6
 address on lookup so that's probably why I never noticed that v6 had
 been enabled again (recent upgrade of OS).  I've disabled all v6 now and
 added -4 for good measure.
 ntpd will use whatever addresses it gets back from DNS. If you don't
 specify that you only want IPv4 addresses and it gets an IPv6 address it
 will attempt to use it. This is a DNS and configuration issue not an ntp
 issue. This is true of all applications (whether client or server) these
 days.

 Danny

 ___
 questions mailing list
 questions@lists.ntp.org
 http://lists.ntp.org/listinfo/questions
 
 

___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] Is there something with greater detail on interface besides the manpage?

Harlan Stenn st...@ntp.org wrote:
 You might want:

  interface ignore all
  interface listen 127.0.0.1 # if you want localhost ntpq to work
  interface listen a.b.c.d   # enumerate the IPs you want to use

Thanks.  I take it then that wildcard charaters in matching on
interface names aren't a go :) My further complication is these
systems get their IPs via DHCP (I should have listed that in the first
place, sorry) and some are bonded and some are not bonded, but the
component names of the interfaces in the bond(s) are the same
namespace as when they are not bonded.  For example I may have
systems with a bond0 using eth2 and eth3 and some systems just using
eth2.  I *may* though be able to split the config files between such
systems - that remains to be determined and if not is, arguably a
failing at my end.

Wildcard - that is listening on INADDR_ANY basically?

thanks,

rick
-- 
It is not a question of half full or empty - the glass has a leak.
The real question is Can it be patched?
these opinions are mine, all mine; HP might not want them anyway... :)
feel free to post, OR email to rick.jones2 in hp.com but NOT BOTH...

___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] Pool returns IPv6 address to IPv4 query

Danny Mayer ma...@ntp.org wrote:
 That must have been a short discussion. getaddrinfo() has nothing to
 do with the IP stack. getaddrinfo()'s job is to get information from
 the nameservers you specify in resolv.conf or wherever else the OS
 has that information. Its job is NOT to make decisions about what it
 should ask for. That's the programmer's job when setting up the API
 call as to what addresses to ask for.

I suspect it all boils down to the behaviour when one sets
AI_ADDRCONFIG in the getaddrinfo() call.  When that is set, ostensibly
getaddrinfo() is supposed to filter-out any reponses that are of a
type that cannot be used by the application.  The decision made was if
there were no non-loopback-interface IPv6 addresses configured, 
records would not be returned from the getaddrinfo() call.  Similarly
for A recorecords if there were no IPv4 addresses configured on the
system.

Later, when interfaces started getting auto-configured, local scope
IPv6 addresses, there was a call to change that to be don't return
IPv6 addresses unless there is a better-than-local-scope IPv6 address
assigned.  Started causing me all manner of pain in netperf :( Not
sure where that stands now in the Linux world.

rick jones
-- 
oxymoron n, Hummer H2 with California Save Our Coasts and Oceans plates
these opinions are mine, all mine; HP might not want them anyway... :)
feel free to post, OR email to rick.jones2 in hp.com but NOT BOTH...

___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] Pool returns IPv6 address to IPv4 query

2013-11-19 Thread Brian Utterback


On 11/19/2013 12:33 PM, Rick Jones wrote:

Danny Mayer ma...@ntp.org wrote:

That must have been a short discussion. getaddrinfo() has nothing to
do with the IP stack. getaddrinfo()'s job is to get information from
the nameservers you specify in resolv.conf or wherever else the OS
has that information. Its job is NOT to make decisions about what it
should ask for. That's the programmer's job when setting up the API
call as to what addresses to ask for.

I suspect it all boils down to the behaviour when one sets
AI_ADDRCONFIG in the getaddrinfo() call.  When that is set, ostensibly
getaddrinfo() is supposed to filter-out any reponses that are of a
type that cannot be used by the application.  The decision made was if
there were no non-loopback-interface IPv6 addresses configured, 
records would not be returned from the getaddrinfo() call.  Similarly
for A recorecords if there were no IPv4 addresses configured on the
system.

Later, when interfaces started getting auto-configured, local scope
IPv6 addresses, there was a call to change that to be don't return
IPv6 addresses unless there is a better-than-local-scope IPv6 address
assigned.  Started causing me all manner of pain in netperf :( Not
sure where that stands now in the Linux world.

rick jones
Yes, that was the issue. Further complicating it was what do you return 
if you have no IPv6 interfaces and you set AI_ADDRCONFIG and you pass in 
a literal IPv6 address. The problem is that getaddrinfo replaces both 
gethostbyname and inet_aton, each of which you might expect to have 
different results in that case. We had people citing two RFC's and the 
ipng working group mailing list. Great fun.


Brian utterback

Brian Utterback
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] Pool returns IPv6 address to IPv4 query

On 11/19/2013 12:33 PM, Rick Jones wrote:
 Danny Mayer ma...@ntp.org wrote:
 That must have been a short discussion. getaddrinfo() has nothing to
 do with the IP stack. getaddrinfo()'s job is to get information from
 the nameservers you specify in resolv.conf or wherever else the OS
 has that information. Its job is NOT to make decisions about what it
 should ask for. That's the programmer's job when setting up the API
 call as to what addresses to ask for.
 
 I suspect it all boils down to the behaviour when one sets
 AI_ADDRCONFIG in the getaddrinfo() call.  When that is set, ostensibly
 getaddrinfo() is supposed to filter-out any reponses that are of a
 type that cannot be used by the application.  The decision made was if
 there were no non-loopback-interface IPv6 addresses configured, 
 records would not be returned from the getaddrinfo() call.  Similarly
 for A recorecords if there were no IPv4 addresses configured on the
 system.

That's not the what you need to do if you only want IPv4. You need to
set ai_family to AF_INET in the hints structure before making the call.
IF you specify -4 on the ntpd command line, that's what we do when
fetching IP addresses from the name server. There's no magic here, it
just works.

Danny


___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] Pool returns IPv6 address to IPv4 query

On 11/19/2013 1:01 PM, Brian Utterback wrote:
 On 11/19/2013 12:33 PM, Rick Jones wrote:
 Danny Mayer ma...@ntp.org wrote:
 That must have been a short discussion. getaddrinfo() has nothing to
 do with the IP stack. getaddrinfo()'s job is to get information from
 the nameservers you specify in resolv.conf or wherever else the OS
 has that information. Its job is NOT to make decisions about what it
 should ask for. That's the programmer's job when setting up the API
 call as to what addresses to ask for.
 I suspect it all boils down to the behaviour when one sets
 AI_ADDRCONFIG in the getaddrinfo() call.  When that is set, ostensibly
 getaddrinfo() is supposed to filter-out any reponses that are of a
 type that cannot be used by the application.  The decision made was if
 there were no non-loopback-interface IPv6 addresses configured, 
 records would not be returned from the getaddrinfo() call.  Similarly
 for A recorecords if there were no IPv4 addresses configured on the
 system.

 Later, when interfaces started getting auto-configured, local scope
 IPv6 addresses, there was a call to change that to be don't return
 IPv6 addresses unless there is a better-than-local-scope IPv6 address
 assigned.  Started causing me all manner of pain in netperf :( Not
 sure where that stands now in the Linux world.

 rick jones
 Yes, that was the issue. Further complicating it was what do you return
 if you have no IPv6 interfaces and you set AI_ADDRCONFIG and you pass in
 a literal IPv6 address. The problem is that getaddrinfo replaces both
 gethostbyname and inet_aton, each of which you might expect to have
 different results in that case. We had people citing two RFC's and the
 ipng working group mailing list. Great fun.
 

I think you mean inet_ntoa. As I already said you should be setting the
ai_family in the hints structure and you want to have it only a
particular type of address. If you want to pass an IP address you should
be setting AI_NUMERICHOST in ai_flags of the hint structure. Note that
inet_ntoa does not perform a lookup. It's just a formatter.

Danny
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] Is there something with greater detail on interface besides the manpage?

On 11/19/2013 11:36 AM, Rick Jones wrote:
 Harlan Stenn st...@ntp.org wrote:
 You might want:
 
  interface ignore all
  interface listen 127.0.0.1 # if you want localhost ntpq to work
  interface listen a.b.c.d   # enumerate the IPs you want to use
 
 Thanks.  I take it then that wildcard charaters in matching on
 interface names aren't a go :) My further complication is these
 systems get their IPs via DHCP (I should have listed that in the first
 place, sorry) and some are bonded and some are not bonded, but the
 component names of the interfaces in the bond(s) are the same
 namespace as when they are not bonded.  For example I may have
 systems with a bond0 using eth2 and eth3 and some systems just using
 eth2.  I *may* though be able to split the config files between such
 systems - that remains to be determined and if not is, arguably a
 failing at my end.
 

You can specify 14.15.16.0/24 for example to specify an address on a
particular subnet. Does that help?

 Wildcard - that is listening on INADDR_ANY basically?
 

Yes. But it should be used with caution and only if necessary.

Danny

___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] Is there something with greater detail on interface besides the manpage?

On 11/19/2013 1:50 PM, Danny Mayer wrote:
 On 11/19/2013 11:36 AM, Rick Jones wrote:
 Harlan Stenn st...@ntp.org wrote:
 You might want:

  interface ignore all
  interface listen 127.0.0.1 # if you want localhost ntpq to work
  interface listen a.b.c.d   # enumerate the IPs you want to use

 Thanks.  I take it then that wildcard charaters in matching on
 interface names aren't a go :) My further complication is these
 systems get their IPs via DHCP (I should have listed that in the first
 place, sorry) and some are bonded and some are not bonded, but the
 component names of the interfaces in the bond(s) are the same
 namespace as when they are not bonded.  For example I may have
 systems with a bond0 using eth2 and eth3 and some systems just using
 eth2.  I *may* though be able to split the config files between such
 systems - that remains to be determined and if not is, arguably a
 failing at my end.

 
 You can specify 14.15.16.0/24 for example to specify an address on a
 particular subnet. Does that help?

I didn't answer your original question. Try here:
https://support.ntp.org/bin/view/Dev/ListenOn

Danny


___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] Pool returns IPv6 address to IPv4 query

Danny Mayer ma...@ntp.org wrote:
 That's not the what you need to do if you only want IPv4. You need
 to set ai_family to AF_INET in the hints structure before making the
 call.  IF you specify -4 on the ntpd command line, that's what we do
 when fetching IP addresses from the name server. There's no magic
 here, it just works.

Probably drifting even farther, but that wasn't the issue so much
behind getaddrinfo()'s altered behaviour.  It was that applications,
which were ambidextrous (could do either v4 or v6), started getting
IPv6 addresses, but for which there was not actual IPv6 connectivity.
Getting the global IPv6 address(es) for mumble.fadTLD when all one had
were link-scope IPv6 addresses and no through connectivity.  If those
happened to be earlier in the list, the application could end-up
waiting for the connection timeout before proceeding to the next ones.
It wasn't that the application didn't want an IPv6 address so much as
it wanted only addresses there was a (perceived to be) reasonable
chance of success reaching.

People waiting on the application(s) were impatient, and so pushed
(perhaps transitively through the applciation developers) to have
getaddrinfo() AI_ADDRCONFIG only return IPv6 addresses when there was
something other than link-scope IPv6 addresses assigned to the system.
While IPv6 is supposed to (?) eliminate NAT, I suspect there are still
cases with link-scope addresses that go through NAT, which means that
heuristic/expedient of don't give IPv6 unless there is
better-than-link-scope configured may not really be such a good one.

Where it all stands today wrt the various getaddrinfo()
implementations, I'm not entirely sure.

rick jones
-- 
The glass is neither half-empty nor half-full. The glass has a leak.
The real question is Can it be patched?
these opinions are mine, all mine; HP might not want them anyway... :)
feel free to post, OR email to rick.jones2 in hp.com but NOT BOTH...

___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] Pool returns IPv6 address to IPv4 query

Brian Utterback brian.utterb...@oracle.com wrote:
 On 11/19/2013 12:33 PM, Rick Jones wrote:

  Later, when interfaces started getting auto-configured, local
  scope IPv6 addresses, there was a call to change that to be don't
  return IPv6 addresses unless there is a better-than-local-scope
  IPv6 address assigned.  Started causing me all manner of pain in
  netperf :( Not sure where that stands now in the Linux world.
 
  rick jones

 Yes, that was the issue. Further complicating it was what do you
 return if you have no IPv6 interfaces and you set AI_ADDRCONFIG and
 you pass in a literal IPv6 address.  The problem is that getaddrinfo
 replaces both gethostbyname and inet_aton, each of which you might
 expect to have different results in that case. We had people citing
 two RFC's and the ipng working group mailing list. Great fun.

That passing-in a literal IPv6 address is precisely where I first
started noticing problems with netperf.  For ages (in Internet Time at
least) it just worked even when all I had were local-scope
(link-scope?) IPv6 addresses configured.  Then someone made a libc
change and life became Quite Unpleasant (tm).

rick jones
-- 
I don't interest myself in why. I think more often in terms of
when, sometimes where; always how much.  - Joubert
these opinions are mine, all mine; HP might not want them anyway... :)
feel free to post, OR email to rick.jones2 in hp.com but NOT BOTH...

___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] Is there something with greater detail on interface besides the manpage?

Danny Mayer ma...@pdmconsulting.net wrote:
  You can specify 14.15.16.0/24 for example to specify an address on a
  particular subnet. Does that help?

It might. I'll speak with some of the operations people and ask them.

 I didn't answer your original question. Try here:
 https://support.ntp.org/bin/view/Dev/ListenOn

Thanks.  For what it is worth, Firefox (25.0 via Ubuntu) seems to be
displeased with the certificate(s) there.  Under Technical Details
it gives:

support.ntp.org uses an invalid security certificate.
The certificate is not trusted because no issuer chain was provided.
(Error code: sec_error_unknown_issuer)

I went ahead and added an exception, but thought I'd pass that along.

rick jones
-- 
the road to hell is paved with business decisions...
these opinions are mine, all mine; HP might not want them anyway... :)
feel free to post, OR email to rick.jones2 in hp.com  but NOT BOTH...

___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] Pool returns IPv6 address to IPv4 query

On 11/19/2013 2:47 PM, Rick Jones wrote:
 Brian Utterback brian.utterb...@oracle.com wrote:
 On 11/19/2013 12:33 PM, Rick Jones wrote:
 
 Later, when interfaces started getting auto-configured, local
 scope IPv6 addresses, there was a call to change that to be don't
 return IPv6 addresses unless there is a better-than-local-scope
 IPv6 address assigned.  Started causing me all manner of pain in
 netperf :( Not sure where that stands now in the Linux world.

 rick jones
 
 Yes, that was the issue. Further complicating it was what do you
 return if you have no IPv6 interfaces and you set AI_ADDRCONFIG and
 you pass in a literal IPv6 address.  The problem is that getaddrinfo
 replaces both gethostbyname and inet_aton, each of which you might
 expect to have different results in that case. We had people citing
 two RFC's and the ipng working group mailing list. Great fun.
 
 That passing-in a literal IPv6 address is precisely where I first
 started noticing problems with netperf.  For ages (in Internet Time at
 least) it just worked even when all I had were local-scope
 (link-scope?) IPv6 addresses configured.  Then someone made a libc
 change and life became Quite Unpleasant (tm).

You should not be using literal IP addresses of either flavor without
also setting the AI_NUMERICHOST flag otherwise it tries to do a DNS
lookup. That's poorly written code otherwise.

Danny

___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] Pool returns IPv6 address to IPv4 query

Danny Mayer ma...@ntp.org wrote:
 On 11/19/2013 2:47 PM, Rick Jones wrote:

  That passing-in a literal IPv6 address is precisely where I first
  started noticing problems with netperf.  For ages (in Internet
  Time at least) it just worked even when all I had were
  local-scope (link-scope?) IPv6 addresses configured.  Then someone
  made a libc change and life became Quite Unpleasant (tm).

 You should not be using literal IP addresses of either flavor
 without also setting the AI_NUMERICHOST flag otherwise it tries to
 do a DNS lookup. That's poorly written code otherwise.

I guess I was spoiled by gethostbyname()?  I'll not contest whether
netperf contains poorly written code - it has plenty :) but I'll
point-out that looking at the Linux manpage for getaddrinfo() I get
the impression it is a suggestion rather than a requirement:

   node specifies either a numerical network address (for IPv4,
   numbers-and-dots notation as supported by inet_aton(3); for
   IPv6, hexadecimal string format as supported by inet_pton(3)),
   or a network hostname, whose network addresses are looked up
   and resolved.  If hints.ai_flags contains the AI_NUMERICHOST
   flag then node must be a numerical network address.  The
   AI_NUMERICHOST flag suppresses any potentially lengthy network
   host address lookups.

I parse that as If AI_NUMEICHOST then must be addr rather than If
addr, must be AI_NUMERICHOST.

rick
-- 
A: Because it fouls the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on usenet and in e-mail?

___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] how did ntp service set the maxallowphaseoffset


On 19/11/13 09:06, Brian Inglis wrote:

On 2013-11-19 00:55, David Woolley wrote:

On 19/11/13 06:05, xiaoniao112...@gmail.com wrote:


But I have a question,how can I set this value,I just use it in a
LAN to Synchonize the time in the LAN.So is that a stand-alone
clients and servers.If it is ,which command should I use to change
this value in LINUX OS.



In /etc/ntpd.conf, or whatever your OS calls that file.

Note that ntpd was not really designed for use without a reference clock.

...at the top of the network time hierarchy: stratum 1.
It was designed for use with local and remote network time servers at all
lower stratum levels; evident in the default control settings.


It was designed for use with local secondary servers (and physically 
local reference clock driven ones).  As I understand it, though, the 
local clock driver was first introduced as a mechanism for distributing 
time introduced from a stratum 0 source but bypassing ntpd and going 
direct to the OS.  Use as a don't invalidate the downstream time hack, I 
think, came later.


The most important thing, though, is there should be only one ultimate 
source of time for any ntpd network.  Having two free running candidates 
is a recipe for disaster.





If you are careful, you can do so, but it is easy to create
configurations
that behave badly.

...and hard to create good configurations without reading and understanding
the docs, sometimes the code, and possibly also the book.



But no-one does; they just use the cookbook solutions in the packages.

___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] how did ntp service set the maxallowphaseoffset


On 19/11/13 08:41, Brian Inglis wrote:

Someone else asked: what are you trying to do by changing this parameter?
The defaults have been set based on running and simulating different
control
algorithms, settings, and scenarios.


This is important.

Most people who try to change these settings really have a problem that 
needs solving outside of ntpd and should be asking how to solve that 
problem.


zhe jian shi hen zhongyao.

Da bufen zheme zuo de ren you yi ge mei you guanxi de NTP de wenti. 
tamen yinggai wen zenme xiu hao ta zhengshi de wenti.



___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] Is there something with greater detail on interface besides the manpage?

Rick Jones writes:
 Harlan Stenn st...@ntp.org wrote:
  You might want:
 
   interface ignore all
   interface listen 127.0.0.1 # if you want localhost ntpq to work
   interface listen a.b.c.d   # enumerate the IPs you want to use
 
 Thanks.  I take it then that wildcard charaters in matching on
 interface names aren't a go :)

Not yet, as best as I can recall.

 My further complication is these systems get their IPs via DHCP (I
 should have listed that in the first place, sorry) and some are bonded
 and some are not bonded, but the component names of the interfaces in
 the bond(s) are the same namespace as when they are not bonded.  For
 example I may have systems with a bond0 using eth2 and eth3 and some
 systems just using eth2.  I *may* though be able to split the config
 files between such systems - that remains to be determined and if not
 is, arguably a failing at my end.

How much info that NTP would care about would come from DHCP?

 Wildcard - that is listening on INADDR_ANY basically?

I'll give that a qualified yes, because I haven't looked at the code
in a long time and this may be a place where there is an exception.

H
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] Is there something with greater detail on interface besides the manpage?

Danny Mayer writes:
 I didn't answer your original question. Try here:
 https://support.ntp.org/bin/view/Dev/ListenOn

I don't believe listen-on is implemented that way - we're using the
interface directive instead, and we haven't implemented query-on yet.

H
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] Is there something with greater detail on interface besides the manpage?