bin/128886: ntpd -L flag doesn't work

Timothy Cava timothy.cava at
Sat Nov 15 04:00:12 PST 2008

>Number:         128886
>Category:       bin
>Synopsis:       ntpd -L flag doesn't work
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Nov 15 12:00:11 UTC 2008
>Originator:     Timothy Cava
>Release:        7.0-STABLE
FreeBSD summit.localdomain 7.0-STABLE FreeBSD 7.0-STABLE #5: Sun Mar  9 06:03:02 PDT 2008     root at summit.localdomain:/usr/obj/usr/src/sys/SUMMIT  i386
ntpd's -L flag is supposed to prevent listening on "virtual ips", but doesn't because address_okay() (ntp_io.c:938) determines an address is virtual if it has a ':' in its name. Our aliases don't so it ends up listening on every address.

NOTE: The problem remains in sources from today (2008-11-15).
Add "-L" to ntpd_flags in /etc/rc.conf, /etc/rc.d/ntpd restart, sockstat |grep ntpd and notice it listens on every ip.
Make address_okay() check (ntp_io.c:938) if an interface is an alias or not in a BSD way.


More information about the freebsd-bugs mailing list