[ntp:questions] ntpd IPv6 support on Windows?

Danny Mayer mayer at ntp.isc.org
Mon Jan 12 02:04:51 UTC 2009


Dave Hart wrote:
>>> http://msdn.microsoft.com/en-us/library/ms738520(VS.85).aspx
>> I'm very careful to avoid the WSP* functions. I don't think many people
>> know about the WSP* functions but I am very careful to avoid them as far
>> as possible especially as there are potential security implications.
>> Otherwise I would be using WSP* functions everywhere and avoid the extra
>> overhead of the WSA* functions.
>>
>> Let's not go there.
> 
> I am not suggesting you to go referencing Wsp* functions willy-nilly
> to avoid some perceived (and insignificant) overhead of using
> published APIs.  I'm suggesting you use the published API names like
> getaddrinfo and let Microsoft's runtime binding implementation do what
> it is designed to do.  That it involves macros to inline functions
> with names like WspiapiGetAddrInfo is an implementation detail
> invisible to everyone not using a symbolic debugger against ntp
> binaries on Windows.
> 

That is not correct. These are not macros. The SPI layer is a layer
between Winsock2 and the base layer and there can be multiple SPI layers
and in fact you can specify the order. All of this gets very tricky and
it's one of the reasons why I don't want to go there. Just because
Microsoft provides something doesn't mean that we should use it.

> Please elaborate on the potential security implications of using
> Microsoft's recommended late-binding of getaddrinfo and friends.
> 

The SPI layer is a whole other set of layers that I don't have time to
go into.

> Please accept my apologies for going there, no offense intended.  I am
> just failing to see why bloating ntp source code with Win32-specific
> code that accomplishes exactly what Microsoft's header's already do
> for you is beneficial given the counterarguments I'm hearing so far.
> 

Actually, there's no bloat since there's already code in ntp to support
 non-IPv6 operating systems. The only thing we will be doing is figuring
out whether or not the support is there for IPv6 and calling one or the
other. The only reason to consider Microsoft's code is to support IPv6
on Windows 2000 and I don't see a need to support something that is long
since obsolete.

Danny



More information about the questions mailing list