New feature: restrict address/cidr

Gary E. Miller gem at
Sat Jun 10 17:16:09 UTC 2017

Yo Achim!

On Sat, 10 Jun 2017 10:51:21 +0200
Achim Gratz via devel <devel at> wrote:

> Am 10.06.2017 um 04:59 schrieb Gary E. Miller via devel:
> >> Slightly strange example.  I'd expect mask ==
> >> or mask ==  
> > 
> > Your expectations are not mine.  Got a citation that says your
> > examples are not only correct, but to be insisted on?  
> Well, the number after the slash is the prefix length (contigous
> bits), so you've either overspecified the network part or the mask
> doesn't cover enough of the prefix.

Over specified the nextwork part.  Which is very common.  Like when
you set your host IP on an interface, and specify the network at the
same time.

> > Why?  ntpd never complained about the mask before.  I've never seen
> > any program complain about such usage.  It is very convenient as
> > the user can simply cut/paste rfom his 'ifconfig' or 'ip addr'
> > output.  
> So what did it do in this case?  It would either ignore some part of
> the IP address being specified (which could then be any number,
> including the canonical "0") or not apply the given mask correctly.

Same thing ntpd has always done.  It ignores the over specified part.
You can see this with 'ntpq -c reslist'.

Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
	gem at  Tel:+1 541 382 8588

	    Veritas liberabit vos. -- Quid est veritas?
    "If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the devel mailing list