From owner-freebsd-stable@freebsd.org  Tue Oct 20 22:53:13 2015
Return-Path: <owner-freebsd-stable@freebsd.org>
Delivered-To: freebsd-stable@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 186EFA1AD3A
 for <freebsd-stable@mailman.ysv.freebsd.org>;
 Tue, 20 Oct 2015 22:53:13 +0000 (UTC) (envelope-from marck@rinet.ru)
Received: from woozle.rinet.ru (woozle.rinet.ru [195.54.192.68])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 9BA6A1A81
 for <freebsd-stable@FreeBSD.org>; Tue, 20 Oct 2015 22:53:12 +0000 (UTC)
 (envelope-from marck@rinet.ru)
Received: from localhost (localhost [127.0.0.1])
 by woozle.rinet.ru (8.14.5/8.14.5) with ESMTP id t9KMllOq080221
 for <freebsd-stable@FreeBSD.org>; Wed, 21 Oct 2015 01:47:47 +0300 (MSK)
 (envelope-from marck@rinet.ru)
Date: Wed, 21 Oct 2015 01:47:47 +0300 (MSK)
From: Dmitry Morozovsky <marck@rinet.ru>
To: freebsd-stable@FreeBSD.org
Subject: ntpd and router with a *lot* of addresses
Message-ID: <alpine.BSF.2.00.1510210140451.69767@woozle.rinet.ru>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
X-NCC-RegID: ru.rinet
X-OpenPGP-Key-ID: 6B691B03
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3
 (woozle.rinet.ru [0.0.0.0]); Wed, 21 Oct 2015 01:47:47 +0300 (MSK)
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-stable>, 
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Oct 2015 22:53:13 -0000

Dear colleagues,

Yesterday we'd found/stepped on a bit of trouble: on some of our FreeBSD-based 
routers (hundreds of vlans, etc):

Oct 20 22:12:46 <ntp.notice> gwn4 ntpd[86421]: ntpd 4.2.4p5-a (1)
Oct 20 22:12:46 <ntp.err> gwn4 ntpd[86422]: Too many sockets in use, FD_SETSIZE 1024 exceeded

Actually, machine has to listen on 123 on just 2-3 interfaces (two upstream 
vlans and lo0), but googling leads me just to -L option which is not described 
in the manual page nor seams to work (I did not look at the sources yet 
though).

Is there any way to restrict interfaces on which ntpd is listening (modulo 
jail, which has another/orthogonal set of restrictions)?

As usual -- thanks in advance! :)


-- 
Sincerely,
D.Marck                                     [DM5020, MCK-RIPE, DM3-RIPN]
[ FreeBSD committer:                                 marck@FreeBSD.org ]
------------------------------------------------------------------------
*** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck@rinet.ru ***
------------------------------------------------------------------------