From owner-freebsd-bugs  Sun Jun 16  3:10:27 2002
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 9D61937B411
	for <freebsd-bugs@hub.freebsd.org>; Sun, 16 Jun 2002 03:10:04 -0700 (PDT)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.6/8.11.6) id g5GAA4W13217;
	Sun, 16 Jun 2002 03:10:04 -0700 (PDT)
	(envelope-from gnats)
Date: Sun, 16 Jun 2002 03:10:04 -0700 (PDT)
Message-Id: <200206161010.g5GAA4W13217@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
Cc: 
From: Dmitry Morozovsky <marck@rinet.ru>
Subject: Re: i386/39327: bind ntpd to only one IP
Reply-To: Dmitry Morozovsky <marck@rinet.ru>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-bugs>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-bugs>
X-Loop: FreeBSD.org

The following reply was made to PR i386/39327; it has been noted by GNATS.

From: Dmitry Morozovsky <marck@rinet.ru>
To: =?KOI8-r?Q?Noel_K=F6the?= <fbsd@koethe.net>
Cc: freebsd-gnats-submit@FreeBSD.ORG
Subject: Re: i386/39327: bind ntpd to only one IP
Date: Sun, 16 Jun 2002 14:01:07 +0400 (MSD)

 On Sat, 15 Jun 2002, Noel Köthe wrote:
 
 NK> >Description:
 NK>       Its not possible to bind the ntp Daemon to only one IP address.
 
 Here is the possible patch we use for our jail systems (I know ntpd is
 contributed, so the patch should be discussed both with FreeBSD
 maintainers and ntpd author)
 
 It is quick'n'dirty solution -- only command-line -h option available to
 restrict bind list. more appropriate fix would also contain config-file
 directive.
 
 Sincerely,
 D.Marck                                   [DM5020, DM268-RIPE, DM3-RIPN]
 ------------------------------------------------------------------------
 *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck@rinet.ru ***
 ------------------------------------------------------------------------
 Index: contrib/ntp/ntpd/cmd_args.c
 ===================================================================
 RCS file: /ncvs/src/contrib/ntp/ntpd/cmd_args.c,v
 retrieving revision 1.1.1.1.2.1
 diff -u -r1.1.1.1.2.1 cmd_args.c
 --- contrib/ntp/ntpd/cmd_args.c	21 Dec 2001 17:39:12 -0000	1.1.1.1.2.1
 +++ contrib/ntp/ntpd/cmd_args.c	11 May 2002 17:09:07 -0000
 @@ -14,8 +14,9 @@
   */
  extern char const *progname;
  int	listen_to_virtual_ips = 0;
 +u_long	bindonlyaddress = 0;
 
 -static const char *ntp_options = "aAbc:dD:f:gk:l:LmnN:p:P:qr:s:t:v:V:x";
 +static const char *ntp_options = "aAbc:dD:f:gh:k:l:LmnN:p:P:qr:s:t:v:V:x";
 
  #ifdef HAVE_NETINFO
  extern int	check_netinfo;
 @@ -76,6 +77,17 @@
  		    ++errflg;
  		    break;
  #endif
 +		case 'h':
 +		do {
 +			struct in_addr addr;
 +
 +			if (inet_aton(ntp_optarg, &addr) <= 0)
 +				msyslog(LOG_ERR,
 +					"bad ip address: %s", ntp_optarg);
 +			else
 +				bindonlyaddress = addr.s_addr;
 +		} while (0);
 +			break;
  		case 'L':
  		    listen_to_virtual_ips = 1;
  		    break;
 @@ -214,6 +226,9 @@
  			allow_panic = TRUE;
  			break;
 
 +		    case 'h':	/* already done at pre-scan */
 +			break;
 +
  		    case 'k':
  			getauthkeys(ntp_optarg);
  			break;
 @@ -263,7 +278,7 @@
  				}
  			} while (0);
  			break;
 -
 +
  		    case 's':
  			stats_config(STATS_STATSDIR, ntp_optarg);
  			break;
 Index: contrib/ntp/ntpd/ntp_io.c
 ===================================================================
 RCS file: /ncvs/src/contrib/ntp/ntpd/ntp_io.c,v
 retrieving revision 1.1.1.3.2.1
 diff -u -r1.1.1.3.2.1 ntp_io.c
 --- contrib/ntp/ntpd/ntp_io.c	21 Dec 2001 17:39:13 -0000	1.1.1.3.2.1
 +++ contrib/ntp/ntpd/ntp_io.c	11 May 2002 17:06:56 -0000
 @@ -131,6 +131,8 @@
  fd_set activefds;
  int maxactivefd;
 
 +extern	u_long	bindonlyaddress;
 +
  static	int create_sockets	P((u_int));
  static	int open_socket		P((struct sockaddr_in *, int, int));
  static	void	close_socket	P((int));
 @@ -229,14 +231,22 @@
  	 */
  	inter_list[0].sin.sin_family = AF_INET;
  	inter_list[0].sin.sin_port = port;
 -	inter_list[0].sin.sin_addr.s_addr = htonl(INADDR_ANY);
 -	(void) strncpy(inter_list[0].name, "wildcard",
 -		       sizeof(inter_list[0].name));
 -	inter_list[0].mask.sin_addr.s_addr = htonl(~ (u_int32)0);
 +	if (!bindonlyaddress) {
 +		inter_list[0].sin.sin_addr.s_addr = htonl(INADDR_ANY);
 +		(void) strncpy(inter_list[0].name, "wildcard",
 +			       sizeof(inter_list[0].name));
 +		inter_list[0].mask.sin_addr.s_addr = htonl(~ (u_int32)0);
 +		inter_list[0].flags = INT_BROADCAST;
 +	} else {
 +		inter_list[0].sin.sin_addr.s_addr = inet_addr("127.0.0.1");
 +		(void) strncpy(inter_list[0].name, "loopback",
 +			       sizeof(inter_list[0].name));
 +		inter_list[0].mask.sin_addr.s_addr = inet_addr("255.0.0.0");
 +		inter_list[0].flags = INT_LOOPBACK;
 +	}
  	inter_list[0].received = 0;
  	inter_list[0].sent = 0;
  	inter_list[0].notsent = 0;
 -	inter_list[0].flags = INT_BROADCAST;
  	any_interface = &inter_list[0];
 
  #if _BSDI_VERSION >= 199510
 @@ -508,6 +518,13 @@
    			      sizeof(inter_list[i].name));
  # endif
  		inter_list[i].sin = *(struct sockaddr_in *)&ifr->ifr_addr;
 +		if (bindonlyaddress &&
 +		    inter_list[i].sin.sin_addr.s_addr != bindonlyaddress) {
 +			if (debug)
 +			    printf("ignoring %s - not in bindlist\n",
 +				   ifr->ifr_name);
 +			continue;
 +		}
  		inter_list[i].sin.sin_family = AF_INET;
  		inter_list[i].sin.sin_port = port;
 
 

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message