Requesting code review on possible fix for nopeer/pool conflict

Daniel Franke dfoxfranke at
Tue Jul 5 14:32:42 UTC 2016

On 7/5/16, Eric S. Raymond <esr at> wrote:
> Hal's bug report reads like this:
>     restrict nopeer kills using the pool command. (Try it.) The symptom is
>     that no slots ever show up in ntpq -p
>     The nopeer restriction is intended to prevent attackers from
>     pretending to be a peer and then screwing up the local clock. The pool
>     command is using the same peer mechanism to setup a temporary slot. We
>     should be able to bypass that part of the restrict filter. We know
>     what IP address to expect. The server slots already do it.

I think this working as designed. 'restrict nopeer' means "Don't
establish unauthenticated ephemeral associations with this IP
address", which is exactly what pool does. I agree this is stupid
design but I don't think it's a bug. One more reason I need to get my
ACL language implemented and restrict needs to die.

The whole receive() function you're looking at is about to get blown
away in my ntp_proto refactor. Can you hold off on touching it until
next week?

More information about the devel mailing list