Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disabling dynamic interface updates is impossible with POSIX capabilities #23

Open
israel-lugo opened this issue Mar 31, 2017 · 4 comments
Open

Disabling dynamic interface updates is impossible with POSIX capabilities #23

israel-lugo opened this issue Mar 31, 2017 · 4 comments

Comments

@israel-lugo
Copy link

Hello,

I am using ntpd on a Linux router, with a large routing table and many Netlink messages going on. I want to disable dynamic interface updates, due to a constant error "routing socket reports: No buffer space available". I don't really need it, as new interfaces come up perhaps once a year.

The manpage states that one is supposed to be able to disable dynamic interface list updating, by setting -U 0. Except that is impossible: in ntpd/ntpd.c:ntpdmain(), lines 1063-1075 determine whether dynamic updates are performed:

#  if !defined(HAVE_LINUX_CAPABILITIES) && !defined(HAVE_SOLARIS_PRIVS)
		/*
		 * for now assume that the privilege to bind to privileged ports
		 * is associated with running with uid 0 - should be refined on
		 * ports that allow binding to NTP_PORT with uid != 0
		 */
		disable_dynamic_updates |= (sw_uid != 0);  /* also notifies routing message listener */
#  endif /* !HAVE_LINUX_CAPABILITIES && !HAVE_SOLARIS_PRIVS */

		if (disable_dynamic_updates && interface_interval) {
			interface_interval = 0;
			msyslog(LOG_INFO, "running as non-root disables dynamic interface tracking");
		}

These are the only two references to disable_dynamic_updates anywhere in the file. It is never set to 1 anywhere. The only way this is set to 1 would be if we don't have POSIX capabilities and are running non-root. Setting interface_interval to 0 makes absolutely no difference in this case.
@israel-lugo
Copy link
Author

I realize that ntp_timer.c:timer() only calls interface_update() if interface_interval is non-zero, but the fact that I am still getting that message constantly means ntp_io.c:process_routing_msgs() is being called by someone, somewhere, in a timer loop. I have of course verified that the process is running with the proper arguments:

ps u -p 15532 
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
ntp      15532  0.5  0.0 110176  5832 ?        Ssl  18:40   0:10 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -U 0 -u 123:123

@hstenn
Copy link

hstenn commented Aug 14, 2017

Would you please open up an "enhancement" request for this issue at bugs.ntp.org?

@israel-lugo
Copy link
Author

israel-lugo commented Aug 15, 2017
edited
Loading

Thank you for the feedback, @hstenn. I've opened bug 3428.

I've added some further information there, as I assume bugs.ntp.org is the preferred venue, correct?

@hstenn
Copy link

hstenn commented Feb 25, 2018

Hi @israel-lugo - yes, bugs.ntp.org is the better place for this. We'll be looking at your issue after 4.2.8p11 comes out.

@romankachur-mlnx romankachur-mlnx mentioned this issue Feb 28, 2019
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hstenn @israel-lugo