From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-dev+bounces-49710-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1Rua4y-0001r5-CY
	for garchives@archives.gentoo.org; Tue, 07 Feb 2012 01:42:44 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 56146E0527;
	Tue,  7 Feb 2012 01:42:32 +0000 (UTC)
Received: from mail-tul01m020-f181.google.com (mail-tul01m020-f181.google.com [209.85.214.181])
	by pigeon.gentoo.org (Postfix) with ESMTP id 047DDE04C7
	for <gentoo-dev@lists.gentoo.org>; Tue,  7 Feb 2012 01:41:55 +0000 (UTC)
Received: by obbup10 with SMTP id up10so8751756obb.40
        for <gentoo-dev@lists.gentoo.org>; Mon, 06 Feb 2012 17:41:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=sender:date:from:to:subject:message-id:mail-followup-to:references
         :mime-version:content-type:content-disposition:in-reply-to
         :user-agent;
        bh=Ljd3QTFvf8SJU7hirnppriH4EbePgO/D734j7dgW9PU=;
        b=PGeiUE3zxiUQdTSdMrGiG7/jY6drENute2jFZ9ov5ePKLRxuCDivnuI/dQ+e4CpqeL
         fuEaDSDFOZdTeGxquCaKA1GRuv49kYaPCfz4s+D3mtq35SQv6M/jgHvbigTmfz2qeWb6
         zuhaXV9bHOHzvPkTZtkp1qHYUVlEOPO3p4jtc=
Received: by 10.182.54.114 with SMTP id i18mr15067836obp.49.1328578915436;
        Mon, 06 Feb 2012 17:41:55 -0800 (PST)
Received: from linux1 (cpe-76-187-77-158.tx.res.rr.com. [76.187.77.158])
        by mx.google.com with ESMTPS id ml8sm20520931obc.0.2012.02.06.17.41.53
        (version=SSLv3 cipher=OTHER);
        Mon, 06 Feb 2012 17:41:55 -0800 (PST)
Sender: William Hubbs <w.d.hubbs@gmail.com>
Received: by linux1 (sSMTP sendmail emulation); Mon, 06 Feb 2012 19:41:15 -0600
Date: Mon, 6 Feb 2012 19:41:15 -0600
From: William Hubbs <williamh@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] rfc: only the loopback interface should provide net
Message-ID: <20120207014115.GA2683@linux1>
Mail-Followup-To: gentoo-dev@lists.gentoo.org
References: <20120206210451.GA1940@linux1>
 <1328570113.8348.53.camel@rook>
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@lists.gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="LZvS9be/3tNcYl/X"
Content-Disposition: inline
In-Reply-To: <1328570113.8348.53.camel@rook>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Archives-Salt: e5659fbf-4fc5-47ca-897a-4287c4f7d5df
X-Archives-Hash: 0728ffbe9ff5f53e5afcc4ae0c2d195a


--LZvS9be/3tNcYl/X
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi Alexander,

On Mon, Feb 06, 2012 at 06:15:13PM -0500, Alexandre Rostovtsev wrote:
> I agree with the existence of the problem, but strongly disagree with
> the solution.
=20
 Actually you have sort of helped me nail down the problem more. The
 issue is that the "net" service is broken. I'll try to point out how.

> 1. Services that connect to remote machines via any available network
> interface.
> 2. Services that listen to connections from remote machines on any
> available network interface, and run correctly even if no non-lo
> interfaces are up.
> 3. Services that require a specific network interface, bind to a
> specific address, or connect to a specific machine on the local subnet.
>
> Category 1 includes things like ntp-client (in the typical use case).
> Category 2 includes things like sshd (in the typical use case).
> Category 3 includes things like netmount (in the typical use case), or
> your example of sshd that's bound to a specific static IP.
>=20
> The proposal to provide net only from loopback may help with startup
> issues for Category 2, but would break Category 1. (Category 3 is broken
> in either case unless the user adds the appropriate rc_need lines
> in /etc/conf.d).

Whether or not you break category one depends on how you define a remote
machine. This is where I think the net service is broken.
=20
It is possible to have a lo interface active, without having any
other network interfaces active. In the normal use case, your category
one services will start (because they see that net is provided), and
fail, because they can't make their connection over the loopback
interface.

> My counterproposal is to=20
> (a) fix init scripts for Category 2 so that instead of "use net" or
> "need net", they only "use net.lo" or "need net.lo"; and

I think it would be better if I provided another service these scripts
could use|need, because the loopback goes by at least one name other than
"lo" that I know of, and that is "lo0", so if I don't provide a service,
all of these scripts would have to conditionally use or need at least lo
or lo0 depending on which platform they are running on.

For the normal use case, I submit that category one should not care
about the loopback interface, since we don't make remote connections
that way. That would mean that loopback would not provide net by
default.

William



--LZvS9be/3tNcYl/X
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)

iEYEARECAAYFAk8wgTsACgkQblQW9DDEZTgy4ACePEzq0ST8UxfDXpYcd5TVfbPG
HGcAoL0VllU9yDoeeECGKEAd4uApVZNX
=ZwTg
-----END PGP SIGNATURE-----

--LZvS9be/3tNcYl/X--