[6bone] IPv6 NTP testing

Kimmo Suominen kim@tac.nyc.ny.us
Wed, 20 Aug 2003 20:42:18 -0400


I also think more modern versions of ntpd (4.x?) do this all differently.
I was recently tinkering with the code on NetBSD, and when I offered my
changes to one of the ntpd developers, I learned that that section of
the code is being rewritten from scratch.

Hopefully there are directives in the new code to restrict the selection
of IPs to listen to.  I could have a look, but someone like John Klos
might already know the answer (wasn't he just writing to this list on
this thread earlier...).

Regards,
+ Kim


| From:    Pim van Pelt <pim@ipng.nl>
| Date:    Wed, 20 Aug 2003 22:29:39 +0200
|
| On Wed, Aug 20, 2003 at 10:28:59AM -0400, Kimmo Suominen wrote:
| | Let's see if I understood this correctly way back...
| |
| | ntpd needs to send responses back using the same IP address that it
| | received the original request on.  To track the addresses, it uses
| | separate file descriptors.
| I understand this, thanks for the explanation. It sounds like a good
| approach, but I do not really want ntpd to bind (and service requests)
| from just any IP address. Looking at my list:
|
| | | udp4       0      0  127.0.0.1.123          *.*
| | | udp6       0      0  ::1.123                *.*
| localhost is not needed.
| | | udp6       0      0  fe80:4::1.123          *.*
| | | udp6       0      0  fe80:1::202:b3ff.123   *.*
| linklocal is not needed.
| | | udp6       0      0  2001:7b8:3:2c::5.123   *.*
| This is actually 2001:7b8:3:2c::53 , an authoritative nameserver
| | | udp6       0      0  2001:7b8:3:2c::1.123   *.*
| This is actually 2001:7b8:3:2c::123 (ntp1.bit.nl), the one I'd like ntpd to u
| se
| | | udp6       0      0  2001:7b8:3:2c:20.123   *.*
| This is the EUI64 address of the machine.
| | | udp4       0      0  213.136.12.53.123      *.*
| This is the IPv4 address for ntp1.bit.nl.
| | | udp4       0      0  213.136.12.52.123      *.*
| Caching nameserver .. no ntpd here!
| | | udp4       0      0  213.136.12.51.123      *.*
| Authoritative nameserver, .. no ntpd here!
| | |
| | | AND on the UDP unspecified address in both protocol families:
| | | udp6       0      0  *.123                  *.*
| | | udp4       0      0  *.123                  *.*
| What good do these do if we already listen to specific IPs ?
|
| What I'd like is some syntax on the command prompt to force binding of
| IPs, such as ntpd -B [2001:7b8:3:2c::123] -B 213.136.12.53, making
| the daemon keep its hands off of  IPs it should not be touching.
|
| Anyone care to look into this .. ?