Resuming the great cleanup

[Hal Murray]

Achim Gratz <Stromeko at nexgo.de> said:
> However, there is still value in the knowledge of which interface the packet
> came in so that ntpd can place different levels of trust depending on
> whether it's from a private (virtual) network segement, an internal or
> public network.  Also, this information would potentially be quite valuable
> to get a better grip on asymmetric network delays, which are dominating the
> residual timing error on many types of networks these days. 

You can get most of that information from the dest IP address.  I think 
that's all ntpd is doing.  It's not really filtering on interface but on IP 
Address associated with the interface.

The interesting case is when the box itself is a router.  So a packet for 
address A might actually arrive on interface B expecting the box to forward 
it.  A bad guy on network B could forge packets and still get them in.  There 
is probably a security bug there, but I don't see one.

-- 
These are my opinions.  I hate spam.