--- contrib/ntp/ntpd/cmd_args.c +++ contrib/ntp/ntpd/cmd_args.c @@ -14,8 +14,9 @@ */ extern char const *progname; int listen_to_virtual_ips = 0; +char *bindaddr = NULL; -static const char *ntp_options = "aAbc:dD:f:gk:l:LmnN:p:P:qr:s:t:v:V:x"; +static const char *ntp_options = "aAbc:dD:f:gh:k:l:LmnN:p:P:qr:s:t:v:V:x"; #ifdef HAVE_NETINFO extern int check_netinfo; @@ -76,6 +77,9 @@ ++errflg; break; #endif + case 'h': + bindaddr = ntp_optarg; + break; case 'L': listen_to_virtual_ips = 1; break; @@ -123,6 +127,7 @@ (void) fprintf(stderr, "\t\t[ -f freq_file ] [ -k key_file ] [ -l log_file ]\n"); (void) fprintf(stderr, "\t\t[ -p pid_file ] [ -r broad_delay ] [ -s statdir ]\n"); (void) fprintf(stderr, "\t\t[ -t trust_key ] [ -v sys_var ] [ -V default_sysvar ]\n"); + (void) fprintf(stderr, "\t\t[ -h bind_address ]\n"); #if defined(HAVE_SCHED_SETSCHEDULER) (void) fprintf(stderr, "\t\t[ -P fixed_process_priority ]\n"); #endif @@ -218,6 +223,7 @@ getauthkeys(ntp_optarg); break; + case 'h': /* already done at pre-scan */ case 'L': /* already done at pre-scan */ case 'l': /* already done at pre-scan */ break; @@ -304,6 +310,7 @@ (void) fprintf(stderr, "\t\t[ -f freq_file ] [ -k key_file ] [ -l log_file ]\n"); (void) fprintf(stderr, "\t\t[ -p pid_file ] [ -r broad_delay ] [ -s statdir ]\n"); (void) fprintf(stderr, "\t\t[ -t trust_key ] [ -v sys_var ] [ -V default_sysvar ]\n"); + (void) fprintf(stderr, "\t\t[ -h bind_address ]\n"); #if defined(HAVE_SCHED_SETSCHEDULER) (void) fprintf(stderr, "\t\t[ -P fixed_process_priority ]\n"); #endif --- contrib/ntp/ntpd/ntp_io.c +++ contrib/ntp/ntpd/ntp_io.c @@ -40,6 +40,7 @@ #if _BSDI_VERSION >= 199510 # include #endif +#include #if defined(VMS) /* most likely UCX-specific */ @@ -204,6 +205,9 @@ int i, j; struct ifaddrs *ifaddrs, *ifap; struct sockaddr_in resmask; + extern char *bindaddr; + struct hostent *host_addr; + struct in_addr in_host_addr; #if _BSDI_VERSION < 199701 struct ifaddrs *lp; int num_if; @@ -217,6 +221,9 @@ struct ifreq ifreq, *ifr; int n, i, j, vs, size = 0; struct sockaddr_in resmask; + extern char *bindaddr; + struct hostent *host_addr; + struct in_addr in_host_addr; #endif /* _BSDI_VERSION >= 199510 */ #ifdef DEBUG @@ -224,20 +231,27 @@ printf("create_sockets(%d)\n", ntohs( (u_short) port)); #endif - /* - * create pseudo-interface with wildcard address - */ - inter_list[0].sin.sin_family = AF_INET; - inter_list[0].sin.sin_port = port; - inter_list[0].sin.sin_addr.s_addr = htonl(INADDR_ANY); - (void) strncpy(inter_list[0].name, "wildcard", - sizeof(inter_list[0].name)); - inter_list[0].mask.sin_addr.s_addr = htonl(~ (u_int32)0); - inter_list[0].received = 0; - inter_list[0].sent = 0; - inter_list[0].notsent = 0; - inter_list[0].flags = INT_BROADCAST; - any_interface = &inter_list[0]; + if (bindaddr == NULL) + { /* + * create pseudo-interface with wildcard address + */ + inter_list[0].sin.sin_family = AF_INET; + inter_list[0].sin.sin_port = port; + inter_list[0].sin.sin_addr.s_addr = htonl(INADDR_ANY); + (void) strncpy(inter_list[0].name, "wildcard", + sizeof(inter_list[0].name)); + inter_list[0].mask.sin_addr.s_addr = htonl(~ (u_int32)0); + inter_list[0].received = 0; + inter_list[0].sent = 0; + inter_list[0].notsent = 0; + inter_list[0].flags = INT_BROADCAST; + any_interface = &inter_list[0]; + }else + { + host_addr = gethostbyname(bindaddr); + bcopy(host_addr->h_addr, &in_host_addr.s_addr, sizeof(struct in_addr)); + } + #if _BSDI_VERSION >= 199510 #if _BSDI_VERSION >= 199701 @@ -350,7 +364,7 @@ } # endif /* not USE_STREAMS_DEVICE_FOR_IF_CONFIG */ - i = 1; + i = ((bindaddr != NULL) ? 0 : 1); # if !defined(SYS_WINNT) ifc.ifc_len = sizeof(buf); # endif @@ -413,6 +427,7 @@ } if (debug) printf("OK\n"); +/* if (bindaddr != NULL) continue; ***********************************************/ if ( # ifdef VMS /* VMS+UCX */ @@ -585,11 +600,16 @@ inter_list[i].sin.sin_addr.s_addr) { break; } - if (j == i) - i++; - if (i > MAXINTERFACES) - break; - } + if (bindaddr != NULL) + { if (i > 0) break; + if (inter_list[j].sin.sin_addr.s_addr == in_host_addr.s_addr) + { i++; + break; + } + }else + { if (j == i) i++; + if (i > MAXINTERFACES) break; + } } closesocket(vs); #endif /* _BSDI_VERSION >= 199510 */ @@ -622,19 +642,21 @@ } #if defined(MCAST) - /* - * enable possible multicast reception on the broadcast socket - */ - inter_list[0].bcast.sin_addr.s_addr = htonl(INADDR_ANY); - inter_list[0].bcast.sin_family = AF_INET; - inter_list[0].bcast.sin_port = port; + if (bindaddr == NULL) { + /* + * enable possible multicast reception on the broadcast socket + */ + inter_list[0].bcast.sin_addr.s_addr = htonl(INADDR_ANY); + inter_list[0].bcast.sin_family = AF_INET; + inter_list[0].bcast.sin_port = port; + } #endif /* MCAST */ /* * Blacklist all bound interface addresses */ resmask.sin_addr.s_addr = ~ (u_int32)0; - for (i = 1; i < ninterfaces; i++) + for (i = (bindaddr == NULL) ? 1 : 0; i < ninterfaces; i++) hack_restrict(RESTRICT_FLAGS, &inter_list[i].sin, &resmask, RESM_NTPONLY|RESM_INTERFACE, RES_IGNORE); #ifdef DEBUG --- contrib/ntp/html/ntpd.htm +++ contrib/ntp/html/ntpd.htm @@ -19,7 +19,7 @@

Synopsis

ntpd [ -aAbdgLmNPqx ] [ -c conffile ] [ -f -driftfile ] [ -g ] [ -k keyfile ] [ -l logfile ] +driftfile ] [ -g ] [ -h address ] [ -k keyfile ] [ -l logfile ] [ -N high ] [ -p pidfile ] [ -r broadcastdelay ] [ -s statsdir ] [ -t key ] [ -v variable ] [ -V variable ] [ -x ] @@ -311,6 +311,10 @@ any value without restriction; however, this can happen only once. After that, ntpd will exit if the limit is exceeded. This option can be used with the -q option. + +
-h address
+ +
Specify the only IP address to bind to.
-k keyfile
--- usr.sbin/ntp/doc/ntpd.8 +++ usr.sbin/ntp/doc/ntpd.8 @@ -13,6 +13,7 @@ .Op Fl c Ar conffile .Op Fl D Ar level .Op Fl f Ar driftfile +.Op Fl h Ar addpess .Op Fl k Ar keyfile .Op Fl l Ar logfile .Op Fl N Cm high @@ -110,6 +111,8 @@ Specify debugging level directly. .It Fl f Ar driftfile Specify the name and path of the drift file. +.It Fl h Ar address +Specify the only IP address to bind to. .It Fl g Normally, .Nm