Re: [gentoo-dev] rfc: only the loopback interface should provide net

[William Hubbs <williamh@gentoo.org>]

[-- Attachment #1: Type: text/plain, Size: 2407 bytes --]

Hi Alexander,

On Mon, Feb 06, 2012 at 06:15:13PM -0500, Alexandre Rostovtsev wrote:
> I agree with the existence of the problem, but strongly disagree with
> the solution.
 
 Actually you have sort of helped me nail down the problem more. The
 issue is that the "net" service is broken. I'll try to point out how.

> 1. Services that connect to remote machines via any available network
> interface.
> 2. Services that listen to connections from remote machines on any
> available network interface, and run correctly even if no non-lo
> interfaces are up.
> 3. Services that require a specific network interface, bind to a
> specific address, or connect to a specific machine on the local subnet.
>
> Category 1 includes things like ntp-client (in the typical use case).
> Category 2 includes things like sshd (in the typical use case).
> Category 3 includes things like netmount (in the typical use case), or
> your example of sshd that's bound to a specific static IP.
> 
> The proposal to provide net only from loopback may help with startup
> issues for Category 2, but would break Category 1. (Category 3 is broken
> in either case unless the user adds the appropriate rc_need lines
> in /etc/conf.d).

Whether or not you break category one depends on how you define a remote
machine. This is where I think the net service is broken.
 
It is possible to have a lo interface active, without having any
other network interfaces active. In the normal use case, your category
one services will start (because they see that net is provided), and
fail, because they can't make their connection over the loopback
interface.

> My counterproposal is to 
> (a) fix init scripts for Category 2 so that instead of "use net" or
> "need net", they only "use net.lo" or "need net.lo"; and

I think it would be better if I provided another service these scripts
could use|need, because the loopback goes by at least one name other than
"lo" that I know of, and that is "lo0", so if I don't provide a service,
all of these scripts would have to conditionally use or need at least lo
or lo0 depending on which platform they are running on.

For the normal use case, I submit that category one should not care
about the loopback interface, since we don't make remote connections
that way. That would mean that loopback would not provide net by
default.

William



[-- Attachment #2: Type: application/pgp-signature, Size: 198 bytes --]