Resuming the great cleanup

Hal Murray hmurray at
Tue May 29 18:58:31 UTC 2018

Achim Gratz <Stromeko at> said:
> However, there is still value in the knowledge of which interface the packet
> came in so that ntpd can place different levels of trust depending on
> whether it's from a private (virtual) network segement, an internal or
> public network.  Also, this information would potentially be quite valuable
> to get a better grip on asymmetric network delays, which are dominating the
> residual timing error on many types of networks these days. 

You can get most of that information from the dest IP address.  I think 
that's all ntpd is doing.  It's not really filtering on interface but on IP 
Address associated with the interface.

The interesting case is when the box itself is a router.  So a packet for 
address A might actually arrive on interface B expecting the box to forward 
it.  A bad guy on network B could forge packets and still get them in.  There 
is probably a security bug there, but I don't see one.

These are my opinions.  I hate spam.

More information about the devel mailing list