Made more reference to force-sync.

docs/guide/security-guidance.md

@@ -43,6 +43,8 @@ When aborting due to the above thresholds, a log message along the lines of the
 2024-11-28T12:40:32.821717Z  ERROR ntp_proto::algorithm::kalman: Unusually large clock step suggested, please manually verify system clock and reference clock state and restart if appropriate.
 ```
 
+If the clock is significantly wrong, the force-sync command in [ntp-ctl](../man/ntp-ctl.8.md) can be used to manually correct the systemclock back to a reasonable starting point.
+
 ### The risks of rebooting ntpd-rs
 
 Because the `startup-step-panic-threshold` is typically higher than the `single-step-panic-threshold`, rebooting ntpd-rs makes bigger step adjustments possible. Furthermore, rebooting clears the total accumulated step, and repeated reboots can allow an attacker to bypass the protections offered by `accumulated-step-panic-threshold`.

docs/man/ntp.toml.5.md

@@ -294,7 +294,9 @@ time sources is gathered and applied to the system clock.
     this generally indicates a problem. If set to the value `"inf"`, any step
     will be allowed. May either be configured as one number of seconds for both
     forward and backward steps, or separate values for forward and backward
-    steps.
+    steps. When using this, ntp-ctl's force-sync command can still be used to
+    manually set the system time beyond these limits, to recover from a bad
+    system clock.
 
 `accumulated-step-panic-threshold` = *seconds* (**unset**)
 :   Every time the daemon steps the time instead of slowly adjusting the clock

docs/precompiled/man/ntp.toml.5

@@ -367,6 +367,9 @@ generally indicates a problem.
 If set to the value \f[V]\[dq]inf\[dq]\f[R], any step will be allowed.
 May either be configured as one number of seconds for both forward and
 backward steps, or separate values for forward and backward steps.
+When using this, ntp-ctl\[cq]s force-sync command can still be used to
+manually set the system time beyond these limits, to recover from a bad
+system clock.
 .TP
 \f[V]accumulated-step-panic-threshold\f[R] = \f[I]seconds\f[R] (\f[B]unset\f[R])
 Every time the daemon steps the time instead of slowly adjusting the

ntp-proto/src/algorithm/kalman/mod.rs

@@ -220,7 +220,7 @@ impl<C: NtpClock, SourceId: Hash + Eq + Copy + Debug> KalmanClockController<C, S
                 .startup_step_panic_threshold
                 .is_within(change)
             {
-                error!("Unusually large clock step suggested, please manually verify system clock and reference clock state and restart if appropriate.");
+                error!("Unusually large clock step suggested, please manually verify system clock and reference clock state and restart if appropriate. If the clock is significantly wrong, you can use `ntp-ctl force-sync` to correct it.");
                 #[cfg(not(test))]
                 std::process::exit(crate::exitcode::SOFTWARE);
                 #[cfg(test)]
@@ -238,7 +238,7 @@ impl<C: NtpClock, SourceId: Hash + Eq + Copy + Debug> KalmanClockController<C, S
                     .map(|v| self.timedata.accumulated_steps > v)
                     .unwrap_or(false)
             {
-                error!("Unusually large clock step suggested, please manually verify system clock and reference clock state and restart if appropriate.");
+                error!("Unusually large clock step suggested, please manually verify system clock and reference clock state and restart if appropriate. If the clock is significantly wrong, you can use `ntp-ctl force-sync` to correct it.");
                 #[cfg(not(test))]
                 std::process::exit(crate::exitcode::SOFTWARE);
                 #[cfg(test)]