[ntp:questions] Max number of lines that ntpdc -c monlist could display

mills at udel.edu mills at udel.edu
Fri May 4 12:51:39 UTC 2007


Martin,

Let's review the facts.

1. The ntpdc program was implemented 18 years ago primarily as a 
debugging tool, not as a production measurement and control tool. The 
ntpq program is intended for that.

2. The monlist facility is intended only as a flood defense mechanism 
and not a general purpose investigation tool.

3. The maximum LRU size specification in the order of several hundred 
was never the primary intent. Setting the LRU size to 1920 results in 
over 120 UDP packets returned in the monlist command. This requires the 
intermediate gateways and switches to handle a burst of that magnitude. 
This can set off a flood alarm and result in a terrorist alert.

4. The ntpdc program is old, rotten and ill-conceived. It must 
eventually be retired and replaced by a purpose-built tool based on TCP. 
There are no plans to do this other than add functionality to the 
standard product ntpq.

5. Should folks have need of a LRU list in the order of several hundred 
or more, substantial effort will be needed to move the protocol to TCP.

The bottom line is that what you see is what you get and bug reports to 
"fix" the LRU size will not be implemented.

Dave

Martin Burnicki wrote:
> Danny Mayer wrote:
> 
>>Ronan Flood wrote:
>>
>>>mayer at ntp.isc.org (Danny Mayer) wrote:
>>>
>>>
>>>>Eugen COCA wrote:
>>>>
>>>>>What is the maximum number of lines that
>>>>>
>>>>>ntpdc -c monlist
>>>>>
>>>>>command could display ?
>>>>
>>>>#define     MAXMONMEM       600     /* we allocate up to 600 structures */
>>>
>>>I have that set to 1920 in ntp-4.2.2, which I calculate is the maximum
>>>number of IPv4 addresses that can be returned to ntpdc without changing
>>>the protocol (max 128 UDP packets).  Note that I need to use an earlier
>>>version of ntpdc, which is not IPv6 aware, to get the full list.  I also
>>>had to increase ntpdc's receive socket buffer size to cope
>>>(rbufsize = INITDATASIZE * 9), but that might be an OS issue.
>>>
>>
>>Can you file a bug report on this?
> 
> 
> Shouldn't this be handled with bug #286:
> "ntpdc -nc monlist output failure when amount of clients is over 512"
> https://ntp.isc.org/bugs/show_bug.cgi?id=286
> 
> Martin




More information about the questions mailing list