[ntp:hackers] 4.2.5p212 has the new 'interface' commands

Dave Hart davehart at gmail.com
Wed Sep 16 05:28:30 UTC 2009


On Wed, Sep 16, 2009 at 5:08 AM, Harlan Stenn <stenn at ntp.org> wrote:
> Folks,
>
> We have an implementation of a new conffiguration command in 4.2.5p212.
>
> I'd appreciate folks checking it out and filing bug reports (if needed)
> and offering feedback, in general.

If you have configured ntpd to allow authenticated ntpdc and ntpq, you
can test this functionality without restarting ntpd a bunch of times.
You'll need a password in a keyfile and several ntp.conf directives to
enable it.  Something like:

==== /etc/ntp.conf:
keys /etc/ntp.keys
trustedkey 3
requestkey 3
controlkey 3
==== /etc/ntp.keys
3 M mypassword

ntpdc's ifstats lets you see which interfaces are open and if received
traffic is dropped (forgive the wrap-unfriendly display):

C:\ntp>ntpdc -c ifstats
Keyid: 1
MD5 Password:
 # A                           Address/Mask/Broadcast T E      IF name
Flg  TL #M  recv  sent  drop  S  PC  uptime
==================================================================================================================
 9 .                        fe80::c0e4:b4ac:73c6:ef29 A E TCP/IPv6 Int
011   0  0     0     0     0 14   0      10
              ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff M
 8 .                            2001:5c0:1000:b::17a5 A E TCP/IPv6 Int
011   0  0     3     4     0  0   4      10
              ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff M
 7 .                        fe80::6dea:c711:c0d3:1bb2 A E TCP/IPv6 Int
011   0  0     0     0     0  8   0      10
              ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff M
 3 .                                      192.168.1.2 A E TCP/IP Inter
079   0  1    44    44     0  0   6     209
                                      255.255.255.248 M
                                          192.168.1.7 B
 2 .                                        127.0.0.1 A E Loopback Int
015   0  0     5   174     0  0   0     209
                                            255.0.0.0 M
 1 .                                               :: A D     wildcard
081   0  0     0     0     0  0   0     209
              ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff M
 0 .                                          0.0.0.0 A D     wildcard
089   0  0     0    84     0  0   0     209
                                      255.255.255.255 M

The column labelled "E" (enabled) contains D for addresses which are
being listened on, but drop all received traffic.  ntpq :config is
handy to try the new interface rules:

C:\ntp>ntpq
ntpq> :config interface ignore ipv6
Keyid: 3
MD5 Password:
Config Succeeded

ntpq> q

C:\ntp>ntpdc -c ifstats
Keyid: 3
MD5 Password:
 # A                           Address/Mask/Broadcast T E      IF name
Flg  TL #M  recv  sent  drop  S  PC  uptime
==================================================================================================================
 3 .                                      192.168.1.2 A E TCP/IP Inter
079   0  1    40    40     0  0   6     137
                                      255.255.255.248 M
                                          192.168.1.7 B
 2 .                                        127.0.0.1 A E Loopback Int
015   0  0     3   158     0  0   0     137
                                            255.0.0.0 M
 1 .                                               :: A D     wildcard
081   0  0     0     0     0  0   0     137
              ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff M
 0 .                                          0.0.0.0 A D     wildcard
089   0  0     0    78     0  0   0     137
                                      255.255.255.255 M

As you can see, loopback and wildcard addresses are specially handled
by ntpd and currently not subject to the rules created by
interface/nic.

Cheers,
Dave Hart


More information about the hackers mailing list