Send connman mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.01.org/mailman/listinfo/connman
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of connman digest..."
Today's Topics:
1. Re: [PATCH 0/1] Don't use gateway as timeserver (Jonah Petri)
----------------------------------------------------------------------
Message: 1
Date: Fri, 4 May 2018 12:13:40 -0400
From: Jonah Petri <[email protected]>
To: [email protected]
Cc: Marcel Holtmann <[email protected]>, [email protected]
Subject: Re: [PATCH 0/1] Don't use gateway as timeserver
Message-ID: <[email protected]>
Content-Type: text/plain; charset=utf-8
> On May 4, 2018, at 12:06 PM, Chris Novakovic <[email protected]> wrote:
>
> Hi Marcel,
>
> On 04/05/2018 08:32, Marcel Holtmann wrote:
>>> On my local network, I've noticed a client using ConnMan sending NTP
>>> packets to an IP address specified in DHCP option 3, even when that IP
>>> address doesn't appear in DHCP option 42. Upon closer inspection, this
>>> is because src/timeserver.c adds the gateway for a particular service to
>>> its list of NTP servers. This behaviour is incorrect: the only
>>> assumption that can be made about a gateway is that it functions as a
>>> router. If an NTP server is also present on the gateway, it is the job
>>> of the DHCP server to inform clients of this via DHCP option 42, which
>>> ConnMan already (correctly) uses when building its list of NTP servers.
>>>
>>> This patch stops ConnMan from automatically adding the IP addresses of
>>> gateways to its list of NTP servers.
>>
>> but we are doing this on purpose. There is a good reason for this.
>
> Could you elaborate on the reason, please? There's nothing in the
> definition of a gateway that compels it to behave as a time server, and
> I can't think of enough cases where they do to justify having this as
> the default behaviour: I've yet to come across an ISP-supplied home
> router that runs its own time server, and enterprises will typically run
> time servers elsewhere in their network rather than dual-purposing the
> gateway. That leaves SOHO routers/home routers running third-party
> firmware, both of which are powerful enough to be configured to
> correctly set DHCP option 42 if they also happen to run an NTP server.
>
>> If you don?t want it that way, then at least this needs to be hidden behind
>> a main.conf option.
>
>
> Given the above, if a main.conf option is introduced for this, the
> default behaviour ought to be not to send NTP traffic to the gateway, as
> there's no prima facie reason for assuming it's capable of responding.
>
>> Or you just set the NTP server for your network.
>
> This doesn't address the problem, I'm afraid: src/timeserver.c adds the
> gateway to the list of time servers regardless of whether DHCP option 42
> is set, so if there is no NTP server in the network, ConnMan will still
> send NTP traffic to the gateway.
>
I want to chime in and say that I have had to disable connman NTP completely
due to this behavior. Empirically there are lots of gateways with
badly-configured NTP servers out there, sending out dead wrong time sync.
We've had certificate validation failures in the field due to gateway-based
timeservers serving up years-wrong dates.
I would definitely prefer to see the treatment of the gateway as a NTP server
disabled by default! Keep it as an option if necessary, but doing it by
default is causing problems.
Best,
Jonah
------------------------------
Subject: Digest Footer
_______________________________________________
connman mailing list
[email protected]
https://lists.01.org/mailman/listinfo/connman
------------------------------
End of connman Digest, Vol 31, Issue 4
**************************************
