[ntp:hackers] What does "interface listen wildcard" do?

Danny Mayer mayer at ntp.org
Sun Jul 14 03:30:05 UTC 2013


On 7/13/2013 9:39 PM, Philip Prindeville wrote:
> 
> On Jul 13, 2013, at 9:11 AM, Danny Mayer <mayer at ntp.org> wrote:
> 
>> On 7/12/2013 8:20 PM, Brian Utterback wrote:
>>> On 07/12/13 17:51, Danny Mayer wrote:
>>>> On 7/12/2013 3:52 PM, Philip Prindeville wrote:
>>>>> On Jul 12, 2013, at 6:03 AM, Brian Utterback
>>>>> <brian.utterback at oracle.com> wrote:
>>>>>
>>>>>> On 7/12/2013 11:59 AM, Danny Mayer wrote:
>>>>>>> It's not as simple as that. Admins want to make sure that NTP clients
>>>>>>> don't try that address for NTP packets. They actually want it to
>>>>>>> return
>>>>>>> "refused" so that those clients don't try. Accepting and dropping
>>>>>>> packets means that something is accepting the packets. Dropping
>>>>>>> them is
>>>>>>> not the same thing at all.
>>>>>> As I pointed out, we listen on the wildcard address now, by default.
>>>>>> We don't refuse them, we drop them right now.
>>>>>>
>>>>>> Brian Utterback
>>>>>
>>>>> You can't refuse the packet: it's a stateless connection.
>>>>>
>>>> Exactly. That was my point.
>>>>
>>>> Danny
>>>>
>>>
>>> Now I am confused. As Philip said at another point in the thread, from
>>> the point of view of the sender, either a response comes back (read and
>>> accepted), no response comes back (read and dropped) or an ICMP comes
>>> back (nobody listening at that socket).  For packets that would be
>>> delivered to the wildcard address socket, the second scenario occurs,
>>> that is no response comes back.
>>
>> Yes you are confused. This is not just about the receiving ntpd server,
>> it's also about the sender. If the sender gets nothing back it's not the
>> same as getting a connection refused error.
> 
> I guess I don't understand how you have a "connection refused" on a connectionless protocol.

Yes you're right. I've been spending too much time dealing with TCP issues.

Danny




More information about the hackers mailing list