[pkg-ntp-maintainers] Bug#448811: option -L seems not correctly interpreted by ntpd

Jean-Marc Lacroix jeanmarc.lacroix at free.fr
Thu Nov 1 06:39:21 UTC 2007 

Package:  ntp
Version:  4.2.2.p4+dfsg-2
Severity: serious

On a dedicated 86 Linux router launching ntp server vith ip alias
interface, I would like to run ntpd in order to listen ntp traffic only
on a single virtual interface. ( It seems the definition of -L option )

My config is ...
-> uname -a
Linux obiwan 2.6.23.jml-054 #1 SMP PREEMPT Thu Oct 11 22:32:06 CEST 2007 i686
GNU/Linux

-> dpkg -l |grep  libc6
ii  libc6  2.3.6.ds1-13    GNU C Library: Shared libraries

-> ip addr ls dev eth0
3: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1480 qdisc pfifo_fast qlen 1000
    link/ether 52:54:00:eb:e8:16 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.10/22 brd 192.168.1.255 scope global eth0
    inet 192.168.2.4/32 scope global eth0:srvscanner
    inet 192.168.2.9/32 scope global eth0:srv-ntp-2
    inet 192.168.2.17/32 scope global eth0:srvdns-2
    inet 192.168.2.19/32 scope global eth0:srvsmtp-1
    inet 192.168.2.20/32 scope global eth0:srvmail-3
    inet 192.168.2.22/32 scope global eth0:srvwins-1
    inet6 fe80::5054:ff:feeb:e816/64 scope link
       valid_lft forever preferred_lft forever

... I would like ntpd listen only on eth0:srv-ntp-2, so when running
command...

sudo /usr/sbin/ntpd -p /var/run/ntpd.pid -u 104:113 -g -A -i /tmp -L
eth0:srv-ntp-2

then on syslog-ng output, i have....

Nov  1 07:27:32 s_all at obiwan/obiwan ntpd[11740]: ntpd 4.2.2p4 at 1.1585-o Sun Mar 
4 13:21:35 UTC 2007 (1)
Nov  1 07:27:32 s_all at obiwan/obiwan ntpd[11742]: precision = 3.000 usec
Nov  1 07:27:32 s_all at obiwan/obiwan ntpd[11742]: Listening on interface
wildcard, 0.0.0.0#123 Disabled
Nov  1 07:27:32 s_all at obiwan/obiwan ntpd[11742]: Listening on interface
wildcard, ::#123 Disabled
Nov  1 07:27:32 s_all at obiwan/obiwan ntpd[11742]: Listening on interface eth0,
fe80::5054:ff:feeb:e816#123 Disabled
Nov  1 07:27:32 s_all at obiwan/obiwan ntpd[11742]: Listening on interface lo,
::1#123 Disabled
Nov  1 07:27:32 s_all at obiwan/obiwan ntpd[11742]: Listening on interface eth1,
fe80::210:83ff:fe01:3bb8#123 Disabled
Nov  1 07:27:32 s_all at obiwan/obiwan ntpd[11742]: Listening on interface lo,
127.0.0.1#123 Enabled
Nov  1 07:27:32 s_all at obiwan/obiwan ntpd[11742]: Listening on interface eth1,
192.168.13.254#123 Disabled
Nov  1 07:27:32 s_all at obiwan/obiwan ntpd[11742]: Listening on interface
eth1:vpn-wifi-2, 192.168.13.253#123 Disabled
Nov  1 07:27:32 s_all at obiwan/obiwan ntpd[11742]: Listening on interface eth0,
192.168.1.10#123 Disabled
Nov  1 07:27:32 s_all at obiwan/obiwan ntpd[11742]: Listening on interface
eth0:srvscanner, 192.168.2.4#123 Disabled
Nov  1 07:27:32 s_all at obiwan/obiwan ntpd[11742]: Listening on interface
eth0:srv-ntp-2, 192.168.2.9#123 Enabled
Nov  1 07:27:32 s_all at obiwan/obiwan ntpd[11742]: Listening on interface
eth0:srvdns-2, 192.168.2.17#123 Disabled
Nov  1 07:27:32 s_all at obiwan/obiwan ntpd[11742]: Listening on interface
eth0:srvsmtp-1, 192.168.2.19#123 Disabled
Nov  1 07:27:32 s_all at obiwan/obiwan ntpd[11742]: Listening on interface
eth0:srvmail-3, 192.168.2.20#123 Disabled
Nov  1 07:27:32 s_all at obiwan/obiwan ntpd[11742]: Listening on interface
eth0:srvwins-1, 192.168.2.22#123 Disabled
Nov  1 07:27:32 s_all at obiwan/obiwan ntpd[11742]: kernel time sync status 0040
I

It seems that ntp listen only on 192.168.2.9, because it
is an alias interface as specifed in command line, but....

The problem is about the netstat command.
It seems all sockets are still open
-> netstat -a |grep ntp
udp        0      0 srvwins-1.belinda:ntp   *:*
udp        0      0 srvmail-3.belinda:ntp   *:*
udp        0      0 srvsmtp-1.belinda:ntp   *:*
udp        0      0 srvdns-2.belinda:ntp    *:*
udp        0      0 srv-ntp-2.belinda:ntp   *:*
udp        0      0 srvscanner.belinda:ntp  *:*
udp        0      0 obiwan.belinda:ntp      *:*
udp        0      0 192.168.13.253:ntp      *:*
udp        0      0 obiwan-eth1.belinda:ntp *:*
udp        0      0 localhost:ntp           *:*
udp        0      0 *:ntp                   *:*
udp6       0      0 fe80::210:83ff:fe01:ntp *:*
udp6       0      0 ip6-localhost:ntp       *:*
udp6       0      0 fe80::5054:ff:feeb::ntp *:*
udp6       0      0 *:ntp                   *:*

Are you sure all socket marked as 'disabled ' in syslog is closed ?

best regards

--

More information about the pkg-ntp-maintainers mailing list