Resuming the great cleanup
hmurray at megapathdsl.net
Tue May 29 18:58:31 UTC 2018
Achim Gratz <Stromeko at nexgo.de> said:
> However, there is still value in the knowledge of which interface the packet
> came in so that ntpd can place different levels of trust depending on
> whether it's from a private (virtual) network segement, an internal or
> public network. Also, this information would potentially be quite valuable
> to get a better grip on asymmetric network delays, which are dominating the
> residual timing error on many types of networks these days.
You can get most of that information from the dest IP address. I think
that's all ntpd is doing. It's not really filtering on interface but on IP
Address associated with the interface.
The interesting case is when the box itself is a router. So a packet for
address A might actually arrive on interface B expecting the box to forward
it. A bad guy on network B could forge packets and still get them in. There
is probably a security bug there, but I don't see one.
These are my opinions. I hate spam.
More information about the devel