[ntp:hackers] restrict and IPv6 issues

Danny Mayer mayer at ntp.org
Sun May 24 03:46:09 UTC 2009


Dave Hart wrote:
> http://bugs.ntp.org/1192 was just filed pointing out that ntpd
> 4.2.5p177 throws a syntax error given a ntp.conf directive starting
> with:
> 
> restrict -6 default
> 
> I assume that "restrict -6 default" used to work, based on the bug
> report.  In glancing at the code, I see another problem that I
> consider a bug, but I'm interested in hearing from anyone who
> disagrees.  ntpd 4.2.5 maintains two restriction lists, one for IPv4,
> and one for IPv6.  Currently, "restrict default ..." applies to only
> one protocol or the other, IPv4 by default, IPv6 if ntpd was invoked
> with the -6 switch.  It seems to me "restrict default" should apply to
> both protocols.  Once bug 1192 is fixed and "restrict -4 default" and
> "restrict -6 default" are again supported, they should of course apply
> to only the given protocol.

Sorry for the late response, but I'm way behind in my email. There is no
good reason for restrict to be any different for IPv6 than for IPv4 and
if it makes code maintenance easier then they can be merged. However, if
you do specify -4 or -6 the restrict directive should be only applied to
that family. Does this help or are you asking a different question.

> 
> As an aside, my experience with ntpd on IPv6 is extremely limited,
> frustratingly, as over two years after Martin got ntpd IPv6 support
> working on Windows, that code is still in limbo.  I don't run any
> Unix-based machines to test ntpd IPv6 support on myself, though a kind
> NTP user has given me a shell on their Linux box and set me up with
> sudo to be able to run ntpd, however they do not use IPv6.  I'm
> comfortable mucking around in ntp_scanner.c and ntp_parser.y and
> intend to fix 1192 and the bug I identified, but it sure as heck isn't
> to scratch a current itch.  Hopefully it won't be too many more years
> before I can test ntpd IPv6 stuff on my Windows machines.
> 

The code is mostly complete but I still have to add some code for
systems without getaddrinfo() support. It should be in the first
versions of 4.2.7. It works fine on my XP box right now but I need to
finish it.

Danny

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the hackers mailing list