[Bug 1333] ntpd --interface precedence over --novirtualips lost.

bk: 4aca20011c9kyOXzmhnfJ6DaSTSQpw

diff --git a/ChangeLog b/ChangeLog
index b0c29aeab8bdd9cffeb38fb671dc7ecdbf96678f..69260bc40e168c5447b4c3393f58279fac770e57 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,4 @@
+* [Bug 1333] ntpd --interface precedence over --novirtualips lost.
 (4.2.5p227) 2009/10/05 Released by Harlan Stenn <stenn@ntp.org>
 * [Bug 1135] :config fails with "Server disallowed request"
 * [Bug 1330] disallow interface/nic rules when --novirtualips or

diff --git a/ntpd/ntp_io.c b/ntpd/ntp_io.c
index 417a8646f7769ac26da62448ad996f6f11b4c561..b057e0e1f16a9a1c70c54d0671cab2fc43d6ddd5 100644 (file)
--- a/ntpd/ntp_io.c
+++ b/ntpd/ntp_io.c
@@ -1086,14 +1086,6 @@ create_wildcards(
 
 /*
  * add_nic_rule() -- insert a rule entry at the head of nic_rule_list.
- *
- * If this is the first rule (whether from --interface/-I or interface
- * or nic in ntp.conf), first add an implicit first rule to ignore all
- * interfaces.  This, combined with interface_action()'s default in the
- * case of no matching rules (ACTION_LISTEN) implements the traditional
- * default behavior lacking interface configuration of either form
- * while also treating a solitary "nic listen eth0" in ntp.conf as
- * implying all others are ignored, just as -I eth0 does.
  */
 void
 add_nic_rule(
@@ -1106,15 +1098,6 @@ add_nic_rule(
        nic_rule *      rule;
        isc_boolean_t   is_ip;
 
-       if (NULL == nic_rule_list) {
-               rule = emalloc(sizeof(*rule));
-               memset(rule, 0, sizeof(*rule));
-               rule->match_type = MATCH_ALL;
-               rule->action = ACTION_IGNORE;
-               rule->prefixlen = -1;
-               LINK_SLIST(nic_rule_list, rule, next);
-       }
-
        rule = emalloc(sizeof(*rule));
        memset(rule, 0, sizeof(*rule));
        rule->match_type = match_type;
@@ -1196,13 +1179,6 @@ interface_action(
        } else
                isloopback = 0;
 
-       if (!listen_to_virtual_ips && if_name != NULL
-           && (strchr(if_name, ':') != NULL)) {
-
-               DPRINTF(4, ("virtual ip - ignore\n"));
-               return ACTION_IGNORE;
-       }
-
        /*
         * Find any matching NIC rule from --interface / -I or ntp.conf
         * interface/nic rules.
@@ -1274,8 +1250,45 @@ interface_action(
                }
        }
 
-       DPRINTF(4, ("listen\n"));
-       return ACTION_LISTEN;
+       /*
+        * Unless explicitly disabled such as with "nic ignore ::1"
+        * listen on loopback addresses.  Since ntpq and ntpdc query
+        * "localhost" by default, which typically resolves to ::1 and
+        * 127.0.0.1, it's useful to default to listening on both.
+        */
+       if (isloopback) {
+               DPRINTF(4, ("default loopback listen\n"));
+               return ACTION_LISTEN;
+       }
+
+       /*
+        * Check for "virtual IP" (colon in the interface name) after
+        * the rules so that "ntpd --interface eth0:1 -novirtualips"
+        * does indeed listen on eth0:1's addresses.
+        */
+       if (!listen_to_virtual_ips && if_name != NULL
+           && (strchr(if_name, ':') != NULL)) {
+
+               DPRINTF(4, ("virtual ip - ignore\n"));
+               return ACTION_IGNORE;
+       }
+
+       /*
+        * If there are no --interface/-I command-line options and no
+        * interface/nic rules in ntp.conf, the default action is to
+        * listen.  In the presence of rules from either, the default
+        * is to ignore.  This implements ntpd's traditional listen-
+        * every default with no interface listen configuration, and
+        * ensures a single -I eth0 or "nic listen eth0" means do not
+        * listen on any other addresses.
+        */
+       if (NULL == nic_rule_list) {
+               DPRINTF(4, ("default listen\n"));
+               return ACTION_LISTEN;
+       }
+
+       DPRINTF(4, ("implicit ignore\n"));
+       return ACTION_IGNORE;
 }