Wildcard-socket simplification hits a wall

Gary E. Miller gem at rellim.com
Fri Mar 31 23:11:12 UTC 2017 

Yo Hal!

On Fri, 31 Mar 2017 15:39:51 -0700
Hal Murray <hmurray at megapathdsl.net> wrote:

> esr at thyrsus.com said:
> > The problem is not with the code simplification itself.  The
> > problem is that there is a configuration feature called "NIC rules"
> > that depends on knowing what actual physical interface a packet
> > arrived on.  
> 
> Where is that described?
> (grep -i "nic rules" . -r doesn't find anything other than comments
> in the code and ChangeLog.)

https://docs.ntpsec.org/latest/ntp_conf.html

Section: Miscellaneous Options

interface [listen | ignore | drop] [all | ipv4 | ipv6 | wildcard | name | address[/prefixlen]]

        This command controls which network addresses ntpd opens, and
        whether input is dropped without processing. The first parameter
        determines the action for addresses which match the second
        parameter. That parameter specifies a class of addresses, or a
        specific interface name, or an address. In the address case,
        prefixlen determines how many bits must match for this rule to
        apply. ignore prevents opening matching addresses, drop causes
        ntpd to open the address and drop all received packets without
        examination. Multiple interface commands can be used. The
        last rule which matches a particular address determines the
        action for it. interface commands are disabled if any of the
        -I, --interface,-L, or --novirtualips command-line options are
        used. If none of those options are used and no interface actions
        are specified in the configuration file, all available network
        addresses are opened. The nic command is an alias for interface.



RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
	gem at rellim.com  Tel:+1 541 382 8588

	    Veritas liberabit vos. -- Quid est veritas?
    "If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 484 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20170331/eec37bba/attachment.bin>

More information about the devel mailing list