[Git][NTPsec/ntpsec][master] Document the removal of mostr checking for magic address formats.

Eric S. Raymond gitlab at mg.gitlab.com
Fri Jun 24 11:03:06 UTC 2016 

Eric S. Raymond pushed to branch master at NTPsec / ntpsec


Commits:
0e8642cc by Eric S. Raymond at 2016-06-24T07:01:55-04:00
Document the removal of mostr checking for magic address formats.

In the past, we told reference clocks from real peers by giving the
reference clocks an address of the form 127.127.t.u, where t is the
type and u is the unit number.  In ntpd itself, the filtering that
used to be done based on this magic address prefix is now done
using the is_refclock_packet() test on incoming packets.  The
remaining instances of magic-address testing are in the
configuration-language interpreter only and are used to prevent
inapropriate configuration commands from being applied to
refclock entries.  They'll go away when the configuration syntax
is redesigned.

In theory, therefore, it would now be possible for ntpd to use a
server with an address in the 127.127.t.u range.  In practice this
is probably a bad idea as it would confuse ntpq, which keeps some
of these prefix checks in order to be able to recognize clock packets
by address only (that being all it has to work with).

De-confusing ntpq will require some modifications to mode 6
response formats so that the response to a peer query conveys
*explicitly* whether it's a refclock.  Even so, legacy ntpq
instances will still be confused.

- - - - -


1 changed file:

- include/ntp_net.h


Changes:

=====================================
include/ntp_net.h
=====================================
--- a/include/ntp_net.h
+++ b/include/ntp_net.h
@@ -195,11 +195,27 @@ typedef union {
 
 
 /*
- * We tell reference clocks from real peers by giving the reference
- * clocks an address of the form 127.127.t.u, where t is the type and
- * u is the unit number.  We define some of this here since we will need
- * some sanity checks to make sure this address isn't interpreted as
- * that of a normal peer.
+ * In the past, we told reference clocks from real peers by giving the
+ * reference clocks an address of the form 127.127.t.u, where t is the
+ * type and u is the unit number.  In ntpd itself, the filtering that
+ * used to be done based on this magic address prefix is now done
+ * using the is_refclock_packet() test on incoming packets.  The
+ * remaining instances of magic-address testing are in the
+ * configuration-language interpreter only and are used to prevent
+ * inapropriate configuration commands from being applied to
+ * refclock entries.  They'll go away when the configuration syntax
+ * is redesigned.
+ *
+ * In theory, therefore, it would now be possible for ntpd to use a
+ * server with an address in the 127.127.t.u range.  In practice this 
+ * is probably a bad idea as it would confuse ntpq, which keeps some
+ * of these prefix checks in order to be able to recognize clock packets
+ * by address only (that being all it has to work with).
+ *
+ * De-confusing ntpq will require some modifications to mode 6
+ * response formats so that the response to a peer query conveys
+ * *explicitly* whether it's a refclock.  Even so, legacy ntpq 
+ * instances will still be confused.
  */
 #define	REFCLOCK_ADDR	0x7f7f0000	/* 127.127.0.0 */
 #define	REFCLOCK_MASK	0xffff0000	/* 255.255.0.0 */



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/0e8642ccb73731ec894582381cea4c592d816c74
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ntpsec.org/pipermail/vc/attachments/20160624/5121b569/attachment.html>

More information about the vc mailing list