[ntp:hackers] IPv6 ntp-dev replying with wrong source address?

Frederick Bruckman fredb at immanent.net
Wed Jul 9 16:59:26 PDT 2003


On Wed, 9 Jul 2003, David Malone wrote:

> I've a few FreeBSD machine running ntp-dev from about the 7th of
> June. I noticed that one of the machines was ignoring replies from
> another. The machine that is sending the reply has two global
> unicast IPv6 addresses and seems to be replying with with the
> wrong one:
>
> transmit: at 69 2001:bb0:dd0:cc01::2->2001:770:68:1ff:202:b3ff:fe65:604b mode 3
> receive: at 69 2001:bb0:dd0:cc01::2<-2001:770:68:ff::1 mode 4 code 3
>
> I guess it is possible this has been fixed since then?

RFC 3484 makes it clear that source address selection is the job of
the OS. Moreover, FreeBSD seems to be doing the right thing here by
choosing the manually configured address over the auto-configured
address (assuming they're on the same interface). RFC 3484 also says
the OS is supposed to let you configure the rules for choosing, yet
no OS actually lets you do that yet, as far as I know.

The "bug" in ntpd is that it's not recognizing the two addresses as
coming from the same host. Of course, there's no conceivable way that
ntpd *could* glean that information from the addresses alone, which is
what I believe it tries to do now. It'd need some other source for the
information, like DNS (somewhat analogously to MX records).

Can't you just configure the other machine to use 2001:770:68:ff::1?

Frederick



More information about the hackers mailing list