New feature: restrict address/cidr
Gary E. Miller
gem at rellim.com
Sat Jun 10 17:16:09 UTC 2017
Yo Achim!
On Sat, 10 Jun 2017 10:51:21 +0200
Achim Gratz via devel <devel at ntpsec.org> wrote:
> Am 10.06.2017 um 04:59 schrieb Gary E. Miller via devel:
> >> Slightly strange example. I'd expect 10.0.0.0 mask 255.0.0.0 ==
> >> 10.0.0.0/8 or 10.169.0.0 mask 255.255.0.0 == 10.169.0.0/16
> >
> > Your expectations are not mine. Got a citation that says your
> > examples are not only correct, but to be insisted on?
>
> Well, the number after the slash is the prefix length (contigous
> bits), so you've either overspecified the network part or the mask
> doesn't cover enough of the prefix.
Over specified the nextwork part. Which is very common. Like when
you set your host IP on an interface, and specify the network at the
same time.
> > Why? ntpd never complained about the mask before. I've never seen
> > any program complain about such usage. It is very convenient as
> > the user can simply cut/paste rfom his 'ifconfig' or 'ip addr'
> > output.
>
> So what did it do in this case? It would either ignore some part of
> the IP address being specified (which could then be any number,
> including the canonical "0") or not apply the given mask correctly.
Same thing ntpd has always done. It ignores the over specified part.
You can see this with 'ntpq -c reslist'.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem at rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20170610/91eb6149/attachment.bin>
More information about the devel
mailing list