[ntp:hackers] What does "interface listen wildcard" do?

Brian Utterback brian.utterback at oracle.com
Sat Jul 13 00:20:20 UTC 2013

On 07/12/13 17:51, Danny Mayer wrote:
> On 7/12/2013 3:52 PM, Philip Prindeville wrote:
>> On Jul 12, 2013, at 6:03 AM, Brian Utterback <brian.utterback at oracle.com> wrote:
>>> On 7/12/2013 11:59 AM, Danny Mayer wrote:
>>>> It's not as simple as that. Admins want to make sure that NTP clients
>>>> don't try that address for NTP packets. They actually want it to return
>>>> "refused" so that those clients don't try. Accepting and dropping
>>>> packets means that something is accepting the packets. Dropping them is
>>>> not the same thing at all.
>>> As I pointed out, we listen on the wildcard address now, by default. We don't refuse them, we drop them right now.
>>> Brian Utterback
>> You can't refuse the packet: it's a stateless connection.
> Exactly. That was my point.
> Danny

Now I am confused. As Philip said at another point in the thread, from 
the point of view of the sender, either a response comes back (read and 
accepted), no response comes back (read and dropped) or an ICMP comes 
back (nobody listening at that socket).  For packets that would be 
delivered to the wildcard address socket, the second scenario occurs, 
that is no response comes back.

 From the point of view of ntpd, either the packet is read and delivered 
to the application or the application never sees it. Currently the 
former occurs, the packet is read on the socket that is bound to the 
wildcard and then dropped.


Always code as if the guy who ends up maintaining your code will be a
violent psychopath who knows where you live. - Martin Golding
Brian Utterback - Solaris RPE, Oracle Corporation.
Ph:603-262-3916, Em:brian.utterback at oracle.com

More information about the hackers mailing list