From owner-freebsd-stable@freebsd.org Tue Oct 20 22:53:13 2015 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 186EFA1AD3A for ; Tue, 20 Oct 2015 22:53:13 +0000 (UTC) (envelope-from marck@rinet.ru) Received: from woozle.rinet.ru (woozle.rinet.ru [195.54.192.68]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9BA6A1A81 for ; Tue, 20 Oct 2015 22:53:12 +0000 (UTC) (envelope-from marck@rinet.ru) Received: from localhost (localhost [127.0.0.1]) by woozle.rinet.ru (8.14.5/8.14.5) with ESMTP id t9KMllOq080221 for ; Wed, 21 Oct 2015 01:47:47 +0300 (MSK) (envelope-from marck@rinet.ru) Date: Wed, 21 Oct 2015 01:47:47 +0300 (MSK) From: Dmitry Morozovsky To: freebsd-stable@FreeBSD.org Subject: ntpd and router with a *lot* of addresses Message-ID: User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) X-NCC-RegID: ru.rinet X-OpenPGP-Key-ID: 6B691B03 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (woozle.rinet.ru [0.0.0.0]); Wed, 21 Oct 2015 01:47:47 +0300 (MSK) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Oct 2015 22:53:13 -0000 Dear colleagues, Yesterday we'd found/stepped on a bit of trouble: on some of our FreeBSD-based routers (hundreds of vlans, etc): Oct 20 22:12:46 gwn4 ntpd[86421]: ntpd 4.2.4p5-a (1) Oct 20 22:12:46 gwn4 ntpd[86422]: Too many sockets in use, FD_SETSIZE 1024 exceeded Actually, machine has to listen on 123 on just 2-3 interfaces (two upstream vlans and lo0), but googling leads me just to -L option which is not described in the manual page nor seams to work (I did not look at the sources yet though). Is there any way to restrict interfaces on which ntpd is listening (modulo jail, which has another/orthogonal set of restrictions)? As usual -- thanks in advance! :) -- Sincerely, D.Marck [DM5020, MCK-RIPE, DM3-RIPN] [ FreeBSD committer: marck@FreeBSD.org ] ------------------------------------------------------------------------ *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck@rinet.ru *** ------------------------------------------------------------------------