From nobody@FreeBSD.org  Fri Oct 11 11:51:04 2002
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 538ED37B401
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 11 Oct 2002 11:51:04 -0700 (PDT)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1419943E7B
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 11 Oct 2002 11:51:04 -0700 (PDT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.12.6/8.12.6) with ESMTP id g9BIp37R004762
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 11 Oct 2002 11:51:03 -0700 (PDT)
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.12.6/8.12.6/Submit) id g9BIp35F004761;
	Fri, 11 Oct 2002 11:51:03 -0700 (PDT)
Message-Id: <200210111851.g9BIp35F004761@www.freebsd.org>
Date: Fri, 11 Oct 2002 11:51:03 -0700 (PDT)
From: "Michael R. Wayne" <wayne@staff.msen.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: ntpd binds to local aliases
X-Send-Pr-Version: www-1.0

>Number:         43938
>Category:       bin
>Synopsis:       ntpd binds to local aliases
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    roberto
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Oct 11 12:00:07 PDT 2002
>Closed-Date:    Thu Jul 22 09:20:04 GMT 2004
>Last-Modified:  Thu Jul 22 09:20:04 GMT 2004
>Originator:     Michael R. Wayne
>Release:        4.5, 4.7
>Organization:
Msen, Inc.
>Environment:
4.5-RELEASE-p20, 4.7-RC      
>Description:
Using a virtual web server, with lines like:
ifconfig_lo0_alias19="inet 148.59.66.19   netmask 255.255.255.255 "
in /etc/rc, ntpd will bind to each of the virtual interfaces.  

There is an (undocumented) option, -L, which purports to enable this behaviour, but on our systems we found no way to disable it.  

Further, there is a but in code prior to that which is testing a value that has never been set.  Does not seem to be a problem under FreeBSD but is a bug nontheless.
>How-To-Repeat:
Enable virtual interfaces, start ntpd.
>Fix:
I have a 25 line patch which corrects the problem, including printing debug information where appropriate and documenting the other issue.  I'm not about to post it into a web form though.
>Release-Note:
>Audit-Trail:

From: "Michael R. Wayne" <wayne@staff.msen.com>
To: freebsd-gnats-submit@FreeBSD.org
Cc:  
Subject: Re: bin/43938: ntpd binds to local aliases
Date: Fri, 11 Oct 2002 15:19:44 -0400

 Here is the patch.  It includes a comment regarding the error
 serveral lines earlier.  This code is only invoked at startup so
 the change is fairly low risk.  It properly honors the values of
 -d (debug) and -L (undocumented virtual IP address support).
 
 Works properly on our web servers, continues to listen on 127.0.0.1
 but not on any aliased IP addresses (unless you specify -L).
 
 /\/\ \/\/
 
 
 
 *** /home/wayne/ntp_io.c.ORIG   Fri Oct 11 09:47:32 2002
 --- ntp_io.c    Fri Oct 11 11:52:01 2002
 ***************
 *** 472,477 ****
 --- 472,502 ----
   #  ifndef SYS_WINNT
                         inter_list[i].flags |= INT_LOOPBACK;
   #  endif /* not SYS_WINNT */
 + /* Start Msen fix for ntpd binding to all aliased IP addresses on the loopback interface (wayne@msen.com) */
 +                       /* Here, we know we are on the loopback interface.  Unless
 +                        * we are told to listen to virtual IP addresses (-L option),
 +                        * we want to exclude any address that is not 127.0.0.1
 +                        */
 + 
 +                       /* Note:  The code 13 lines above this one tests the value of 
 +                        * inter_list[i].sin.sin_addr.s_addr, but has never set a value for it.
 +                        * While this does not affect us under FreeBSD, it is a bug and 
 +                        * we need to notify the ntpd maintainers.
 +                        */
 +                       inter_list[i].sin = *(struct sockaddr_in *)&ifr->ifr_addr; 
 +                       if (inter_list[i].sin.sin_addr.s_addr != inet_addr("127.0.0.1")) {
 +                               if (listen_to_virtual_ips) {
 +                                       if (debug)
 +                                               printf("Using %s - Virtual IP aliased on loopback\n", inet_ntoa((inter_list[i].sin.sin_addr)));
 +                               } else {
 +                                       if (debug)
 +                                               printf("Ignoring %s - Virtual IP aliased on loopback\n", inet_ntoa((inter_list[i].sin.sin_addr)));
 +                               }
 +                       } else {
 +                               if (debug)
 +                                       printf("Using %s - Primary address on loopback\n", inet_ntoa((inter_list[i].sin.sin_addr)));
 +                       }
 + /* End Msen fix for ntpd binding to all aliased IP addresses on the loopback interface (wayne@msen.com) */
                         if (loopback_interface == 0)
                         {
                                 loopback_interface = &inter_list[i];
 
Responsible-Changed-From-To: freebsd-bugs->roberto 
Responsible-Changed-By: kris 
Responsible-Changed-When: Fri Jul 18 15:16:08 PDT 2003 
Responsible-Changed-Why:  
Assign to ntp maintainer 

http://www.freebsd.org/cgi/query-pr.cgi?pr=43938 
State-Changed-From-To: open->closed 
State-Changed-By: roberto 
State-Changed-When: Thu Jul 22 09:18:16 GMT 2004 
State-Changed-Why:  
Upstream authors don't want to add an option to bind to specific 
interfaces, sorry.  If you need it badly, lease have a look at OpenNTPd 
<http://www.openntpd/> 

http://www.freebsd.org/cgi/query-pr.cgi?pr=43938 
>Unformatted:
