[pkg-ntp-maintainers] Bug#455717: source address does not update on route change
martin f krafft
madduck at debian.org
Tue Dec 11 12:08:03 UTC 2007
Package: ntp
Version: 1:4.2.4p4+dfsg-2
Severity: important
I just ran into the following situation: I started NTP before
OpenVPN and it set up a peer from the machine's public IP 1.2.3.4 to
the NTP server's IP, 9.8.7.6.
I then started OpenVPN, which added a route for 9.0.0.0/8 via the
VPN server, using 10.9.8.0/24 as the VPN network/mask.
Now I started seeing the following in the VPN server's logs:
ovpn-foobar[12466]: foobar.madduck.net/1.2.3.4:36393 MULTI: bad
source address from client [1.2.3.4], packet dropped
for every packet ntpd sends. The reason is simply that ntpd somehow
hardcodes 1.2.3.4 as the source address for packets, which it then
hands to the kernel for routing. In this case, the route changed,
and a new source address would have to be used (10.9.8.123), but
ntpd stubbornly continues to stamp outgoing packets with the source
address that was used at the time the process started. It really
should leave this up to the kernel.
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.22-3-amd64 (SMP w/1 CPU core)
Locale: LANG=en_GB, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages ntp depends on:
ii adduser 3.105 add and remove users and groups
ii libc6 2.7-4 GNU C Library: Shared libraries
ii libcap1 1:1.10-14 support for getting/setting POSIX.
ii libreadline5 5.2-3 GNU readline and history libraries
ii libssl0.9.8 0.9.8g-3 SSL shared libraries
ii lsb-base 3.1-24 Linux Standard Base 3.1 init scrip
ii netbase 4.30 Basic TCP/IP networking system
Versions of packages ntp recommends:
ii perl 5.8.8-12 Larry Wall's Practical Extraction
-- no debconf information
--
.''`. martin f. krafft <madduck at debian.org>
: :' : proud Debian developer, author, administrator, and user
`. `'` http://people.debian.org/~madduck - http://debiansystem.info
`- Debian - when you have better things to do than fixing systems
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature (see http://martin-krafft.net/gpg/)
Url : http://lists.alioth.debian.org/pipermail/pkg-ntp-maintainers/attachments/20071211/bdb13d78/attachment.pgp
More information about the pkg-ntp-maintainers
mailing list