[6bone] IPv6 NTP testing

Frederick Bruckman fredb@immanent.net
Wed, 20 Aug 2003 18:24:41 -0500 (CDT)


On Wed, 20 Aug 2003, Pim van Pelt wrote:

> On Wed, Aug 20, 2003 at 10:28:59AM -0400, Kimmo Suominen wrote:
> | Let's see if I understood this correctly way back...
> |
> | ntpd needs to send responses back using the same IP address that it
> | received the original request on.  To track the addresses, it uses
> | separate file descriptors.
> I understand this, thanks for the explanation. It sounds like a good
> approach, but I do not really want ntpd to bind (and service requests)
> from just any IP address. Looking at my list:

> | | AND on the UDP unspecified address in both protocol families:
> | | udp6       0      0  *.123                  *.*
> | | udp4       0      0  *.123                  *.*
> What good do these do if we already listen to specific IPs ?

I believe that's to catch IP addresses that were configured after the
daemon was started. There are obvious problems with the entire plan.
Consider the case of symetric peers, where neither node is responding
to a packet from the other, but rather, both try to time it to send
packets at roughly the send time.

> What I'd like is some syntax on the command prompt to force binding of
> IPs, such as ntpd -B [2001:7b8:3:2c::123] -B 213.136.12.53, making
> the daemon keep its hands off of  IPs it should not be touching.

You're not the first person to ask for this on a newsgroup or public
list. HOWEVER, there doesn't seem to be a single request for it in the
list of open bugs on bugzilla.ntp.org (hint).

By the way, there is an "-L" option not to listen to virtual IP's, but
it's a hack that only works on Linux, as the distinction doesn't even
make sense on other OS's. It's not as if you'd necessarily want the
"real" IP, whatever that means, to handle the ntpd traffic anyhow.
For what it's worth, I do like the idea of a "-B" option, but I would
also like an "interface" keyword.

Frederick