Comment 5 for bug 1546455

AF_UNSPEC is used in calls to getaddrinfo(3) to request either ipv4 or ipv6 addresses. In the parser, we've been filtering out AF_UNSPEC as an option. It's a simple enough patch to enable it:

Index: b/common/Make.rules
===================================================================
--- a/common/Make.rules
+++ b/common/Make.rules
@@ -98,7 +98,7 @@ list_capabilities: /usr/include/linux/ca
 # to mediate. We use PF_ here since that is what is required in
 # bits/socket.h, but we will rewrite these as AF_.

-FILTER_FAMILIES=PF_UNSPEC PF_UNIX
+FILTER_FAMILIES=PF_UNIX

 __FILTER=$(shell echo $(strip $(FILTER_FAMILIES)) | sed -e 's/ /\\\|/g')

However, there's some concern that because the value of AF_UNSPEC is 0, there might be some special handling of that case, or other unexpected issues.

That said, I'm able to reproduce the issue, and adding a rule 'network unspec dgram,' eliminated the rejections that ntpd was creating (whereas adding a rule 'network unspec raw,' as expected, did not).