Ubuntu
ntp package

Bug #604283
Comment #14

Comment 14 for bug 604283

Revision history for this message

Brian Burch (brian-pingtoo) wrote on 2012-04-06: Re: Certain services do not listen on 127.0.1.1

#14

I am convinced this bug has more-or-less become irrelevant now that most applications have been reworked to use the dual ip stack, so I think it can be closed against ifupdown.

With specific reference to ntp, I have looked carefully at the behaviour of ntpd on oneiric 11.10 version 1:4.2.6.p2+dfsg-1ubuntu12.

It is listening on udp 0.0.0.0:123, which confirms that it would accept a packet addressed to 127.0.1.1. However, I note that my own ntpd is also listening on udp 127.0.0.1:123, which is redundant.

This is undoubtedly triggered by my /etc/ntp.conf, which uses one of the recommended set of restrict statements as follows:

# By default, exchange time with everybody, but don't allow configuration.
restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery

# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict ::1

It seems as if ntpd uses specific sockets to implement its restrict rules, which is a very peculiar design decision. After reading the documentation, I tried changing my configuration as follows:

restrict 127.0.0.0 mask 255.0.0.0

... but that was not 100% successful - here is the syslog:

Apr 6 09:15:04 schizo ntpd[24872]: ntpd 4.2.6p2@1.2194 Fri Sep 2 18:37:15 UTC 2011 (1)
Apr 6 09:15:04 schizo ntpd[24873]: proto: precision = 0.596 usec
Apr 6 09:15:04 schizo ntpd[24873]: ntp_io: estimated max descriptors: 1024, initial socket boundary: 16
Apr 6 09:15:04 schizo ntpd[24873]: Listen and drop on 0 v4wildcard 0.0.0.0 UDP 123
Apr 6 09:15:04 schizo ntpd[24873]: Listen and drop on 1 v6wildcard :: UDP 123
Apr 6 09:15:04 schizo ntpd[24873]: Listen normally on 2 lo 127.0.0.1 UDP 123
Apr 6 09:15:04 schizo ntpd[24873]: Listen normally on 3 eth0 10.1.252.200 UDP 123
Apr 6 09:15:04 schizo ntpd[24873]: Listen normally on 4 eth0 fe80::218:f3ff:fe43:7e4f UDP 123
Apr 6 09:15:04 schizo ntpd[24873]: Listen normally on 5 lo ::1 UDP 123
Apr 6 09:15:04 schizo ntpd[24873]: attempt to configure invalid address 127.0.1.1

I do not have any restrict statements for the individual interfaces, so it isn't clear to me why ntpd needs to have different sockets for each of its implicit and explicit restrict rules.

Curiously, my attempt to supply the correct mask for the lo interface was partially acceptable, because ntpd discovered the 127.0.1.1 interface and subsequently found something wrong with it. Without looking at the code, I can't say whether there is a bug in ntpd.

I am convinced this bug has more-or-less become irrelevant now that most applications have been reworked to use the dual ip stack, so I think it can be closed against ifupdown.

With specific reference to ntp, I have looked carefully at the behaviour of ntpd on oneiric 11.10 version 1:4.2.6.p2+dfsg-1ubuntu12.

It is listening on udp 0.0.0.0:123, which confirms that it would accept a packet addressed to 127.0.1.1. However, I note that my own ntpd is also listening on udp 127.0.0.1:123, which is redundant.

This is undoubtedly triggered by my /etc/ntp.conf, which uses one of the recommended set of restrict statements as follows:

# By default, exchange time with everybody, but don't allow configuration.
restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery

# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict ::1

It seems as if ntpd uses specific sockets to implement its restrict rules, which is a very peculiar design decision. After reading the documentation, I tried changing my configuration as follows:

restrict 127.0.0.0 mask 255.0.0.0

... but that was not 100% successful - here is the syslog:

Apr  6 09:15:04 schizo ntpd[24872]: ntpd 4.2.6p2@1.2194 Fri Sep  2 18:37:15 UTC 2011 (1)
Apr  6 09:15:04 schizo ntpd[24873]: proto: precision = 0.596 usec
Apr  6 09:15:04 schizo ntpd[24873]: ntp_io: estimated max descriptors: 1024, initial socket boundary: 16
Apr  6 09:15:04 schizo ntpd[24873]: Listen and drop on 0 v4wildcard 0.0.0.0 UDP 123
Apr  6 09:15:04 schizo ntpd[24873]: Listen and drop on 1 v6wildcard :: UDP 123
Apr  6 09:15:04 schizo ntpd[24873]: Listen normally on 2 lo 127.0.0.1 UDP 123
Apr  6 09:15:04 schizo ntpd[24873]: Listen normally on 3 eth0 10.1.252.200 UDP 123
Apr  6 09:15:04 schizo ntpd[24873]: Listen normally on 4 eth0 fe80::218:f3ff:fe43:7e4f UDP 123
Apr  6 09:15:04 schizo ntpd[24873]: Listen normally on 5 lo ::1 UDP 123
Apr  6 09:15:04 schizo ntpd[24873]: attempt to configure invalid address 127.0.1.1

I do not have any restrict statements for the individual interfaces, so it isn't clear to me why ntpd needs to have different sockets for each of its implicit and explicit restrict rules.

Ubuntuntp package

Comment 14 for bug 604283

Ubuntu
ntp package