From c6e700fbae3f2c8f4d3ec93e364cccd7ba9d458e Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Wed, 2 Oct 2024 08:32:56 +0200
Subject: [PATCH] network time: take IPv6 addresses into account; closes #7934

Adhere to standard binding behaviour of other components:

Use the address read to get all addresses and binding ok instead
of using the arcane "interface name" bind option.  CARP VIPs are
ignored although allowed to be selected... something we should just
remove since interfaces_addresses() will load all aliases as well.

We also will not get tentative or otherwise unusable addresses.
Next stop for this code is probaby MVC conversion.
---
 src/etc/inc/interfaces.inc         |  4 ++--
 src/etc/inc/plugins.inc.d/ntpd.inc | 38 ++++++++++++++++++++----------
 src/www/services_ntpd.php          |  2 +-
 src/www/status_ntpd.php            |  4 ++--
 4 files changed, 30 insertions(+), 18 deletions(-)

diff --git a/src/etc/inc/interfaces.inc b/src/etc/inc/interfaces.inc
index 9707c0c3c..e81e48759 100644
--- a/src/etc/inc/interfaces.inc
+++ b/src/etc/inc/interfaces.inc
@@ -3846,7 +3846,7 @@ function ip_in_interface_alias_subnet($interface, $ipalias)
     return false;
 }
 
-function get_interface_ip($interface = 'wan', $ifconfig_details = null)
+function get_interface_ip($interface, $ifconfig_details = null)
 {
     if (is_ipaddrv4($interface)) {
         return $interface;
@@ -3867,7 +3867,7 @@ function get_interface_ip($interface = 'wan', $ifconfig_details = null)
     return $ip;
 }
 
-function get_interface_ipv6($interface = 'wan', $ifconfig_details = null, $mode = 'primary')
+function get_interface_ipv6($interface, $ifconfig_details = null, $mode = 'primary')
 {
     if (is_ipaddrv6($interface)) {
         return $interface;
diff --git a/src/etc/inc/plugins.inc.d/ntpd.inc b/src/etc/inc/plugins.inc.d/ntpd.inc
index ec56e8512..69ca51268 100644
--- a/src/etc/inc/plugins.inc.d/ntpd.inc
+++ b/src/etc/inc/plugins.inc.d/ntpd.inc
@@ -1,7 +1,7 @@
 <?php
 
 /*
- * Copyright (C) 2016-2022 Franco Fichtner <franco@opnsense.org>
+ * Copyright (C) 2016-2024 Franco Fichtner <franco@opnsense.org>
  * Copyright (C) 2004-2007 Scott Ullrich <sullrich@gmail.com>
  * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>
  * All rights reserved.
@@ -424,21 +424,33 @@ function ntpd_configure_do($verbose = false)
         $ntpcfg .= "leapfile /var/db/leap-seconds\n";
     }
 
-    $interfaces = [];
-    if (isset($config['ntpd']['interface'])) {
-        $interfaces = explode(',', $config['ntpd']['interface']);
-    }
+    /* only bind to given interfaces or IP aliases */
+    if (!empty($config['ntpd']['interface'])) {
+        $ntpifs = ['lo0'];
+        $ntpaddrs = [];
+
+        foreach (explode(',', $config['ntpd']['interface']) as $interface) {
+            if (!is_ipaddr($interface)) {
+                $ntpifs[] = $interface;
+            } else {
+                $ntpaddrs[] = $interface;
+            }
+            /* XXX _vip constructs have always been ignored */
+        }
+
+        foreach (interfaces_addresses($ntpifs) as $tmpaddr => $info) {
+            if (!$info['bind']) {
+                continue;
+            }
+
+            $ntpaddrs[] = $tmpaddr;
+        }
 
-    if (is_array($interfaces) && count($interfaces)) {
         $ntpcfg .= "interface ignore all\n";
         $ntpcfg .= "interface ignore wildcard\n";
-        foreach ($interfaces as $interface) {
-            if (!is_ipaddr($interface)) {
-                $interface = get_real_interface($interface);
-            }
-            if (!empty($interface)) {
-                $ntpcfg .= "interface listen {$interface}\n";
-            }
+
+        foreach ($ntpaddrs as $addr) {
+            $ntpcfg .= "interface listen {$addr}\n";
         }
     }
 
diff --git a/src/www/services_ntpd.php b/src/www/services_ntpd.php
index 7af782da3..44d782e42 100644
--- a/src/www/services_ntpd.php
+++ b/src/www/services_ntpd.php
@@ -334,7 +334,7 @@ include("head.inc");
                       <select id="interface" name="interface[]" multiple="multiple" class="selectpicker" title="<?= html_safe(gettext('All (recommended)')) ?>">
 <?php
                       foreach ($interfaces as $iface => $ifacename):
-                          if (!is_ipaddr(get_interface_ip($iface)) && !is_ipaddr($iface)) {
+                          if (!is_ipaddr($iface) && !is_ipaddrv4(get_interface_ip($iface)) && !is_ipaddrv6(get_interface_ipv6($iface))) {
                               continue;
                           }?>
                           <option value="<?=$iface;?>" <?= !empty($pconfig['interface']) && in_array($iface, $pconfig['interface']) ? 'selected="selected"' : '' ?>>
diff --git a/src/www/status_ntpd.php b/src/www/status_ntpd.php
index 5b1337038..008b816d1 100644
--- a/src/www/status_ntpd.php
+++ b/src/www/status_ntpd.php
@@ -161,7 +161,7 @@ require_once("interfaces.inc");
         }
     }
 
-if (isset($config['ntpd']['gps']['type']) && ($config['ntpd']['gps']['type'] == 'SureGPS') && (isset($gps_ok))) {
+if (isset($config['ntpd']['gps']['type']) && ($config['ntpd']['gps']['type'] == 'SureGPS') && isset($gps_ok)) {
     //GSV message is only enabled by init commands in services_ntpd_gps.php for SureGPS board
     $gpsport = fopen("/dev/gps0", "r+");
     while ($gpsport) {
@@ -237,7 +237,7 @@ include("head.inc");
               </tbody>
             </table>
 <?php
-            if ($gps_ok):
+            if (isset($gps_ok)):
             $gps_goo_lnk = 2; ?>
             <table class="table table-striped">
               <thead>