From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Rua4y-0001r5-CY for garchives@archives.gentoo.org; Tue, 07 Feb 2012 01:42:44 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 56146E0527; Tue, 7 Feb 2012 01:42:32 +0000 (UTC) Received: from mail-tul01m020-f181.google.com (mail-tul01m020-f181.google.com [209.85.214.181]) by pigeon.gentoo.org (Postfix) with ESMTP id 047DDE04C7 for ; Tue, 7 Feb 2012 01:41:55 +0000 (UTC) Received: by obbup10 with SMTP id up10so8751756obb.40 for ; Mon, 06 Feb 2012 17:41:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=sender:date:from:to:subject:message-id:mail-followup-to:references :mime-version:content-type:content-disposition:in-reply-to :user-agent; bh=Ljd3QTFvf8SJU7hirnppriH4EbePgO/D734j7dgW9PU=; b=PGeiUE3zxiUQdTSdMrGiG7/jY6drENute2jFZ9ov5ePKLRxuCDivnuI/dQ+e4CpqeL fuEaDSDFOZdTeGxquCaKA1GRuv49kYaPCfz4s+D3mtq35SQv6M/jgHvbigTmfz2qeWb6 zuhaXV9bHOHzvPkTZtkp1qHYUVlEOPO3p4jtc= Received: by 10.182.54.114 with SMTP id i18mr15067836obp.49.1328578915436; Mon, 06 Feb 2012 17:41:55 -0800 (PST) Received: from linux1 (cpe-76-187-77-158.tx.res.rr.com. [76.187.77.158]) by mx.google.com with ESMTPS id ml8sm20520931obc.0.2012.02.06.17.41.53 (version=SSLv3 cipher=OTHER); Mon, 06 Feb 2012 17:41:55 -0800 (PST) Sender: William Hubbs Received: by linux1 (sSMTP sendmail emulation); Mon, 06 Feb 2012 19:41:15 -0600 Date: Mon, 6 Feb 2012 19:41:15 -0600 From: William Hubbs To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] rfc: only the loopback interface should provide net Message-ID: <20120207014115.GA2683@linux1> Mail-Followup-To: gentoo-dev@lists.gentoo.org References: <20120206210451.GA1940@linux1> <1328570113.8348.53.camel@rook> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="LZvS9be/3tNcYl/X" Content-Disposition: inline In-Reply-To: <1328570113.8348.53.camel@rook> User-Agent: Mutt/1.5.21 (2010-09-15) X-Archives-Salt: e5659fbf-4fc5-47ca-897a-4287c4f7d5df X-Archives-Hash: 0728ffbe9ff5f53e5afcc4ae0c2d195a --LZvS9be/3tNcYl/X Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi Alexander, On Mon, Feb 06, 2012 at 06:15:13PM -0500, Alexandre Rostovtsev wrote: > I agree with the existence of the problem, but strongly disagree with > the solution. =20 Actually you have sort of helped me nail down the problem more. The issue is that the "net" service is broken. I'll try to point out how. > 1. Services that connect to remote machines via any available network > interface. > 2. Services that listen to connections from remote machines on any > available network interface, and run correctly even if no non-lo > interfaces are up. > 3. Services that require a specific network interface, bind to a > specific address, or connect to a specific machine on the local subnet. > > Category 1 includes things like ntp-client (in the typical use case). > Category 2 includes things like sshd (in the typical use case). > Category 3 includes things like netmount (in the typical use case), or > your example of sshd that's bound to a specific static IP. >=20 > The proposal to provide net only from loopback may help with startup > issues for Category 2, but would break Category 1. (Category 3 is broken > in either case unless the user adds the appropriate rc_need lines > in /etc/conf.d). Whether or not you break category one depends on how you define a remote machine. This is where I think the net service is broken. =20 It is possible to have a lo interface active, without having any other network interfaces active. In the normal use case, your category one services will start (because they see that net is provided), and fail, because they can't make their connection over the loopback interface. > My counterproposal is to=20 > (a) fix init scripts for Category 2 so that instead of "use net" or > "need net", they only "use net.lo" or "need net.lo"; and I think it would be better if I provided another service these scripts could use|need, because the loopback goes by at least one name other than "lo" that I know of, and that is "lo0", so if I don't provide a service, all of these scripts would have to conditionally use or need at least lo or lo0 depending on which platform they are running on. For the normal use case, I submit that category one should not care about the loopback interface, since we don't make remote connections that way. That would mean that loopback would not provide net by default. William --LZvS9be/3tNcYl/X Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) iEYEARECAAYFAk8wgTsACgkQblQW9DDEZTgy4ACePEzq0ST8UxfDXpYcd5TVfbPG HGcAoL0VllU9yDoeeECGKEAd4uApVZNX =ZwTg -----END PGP SIGNATURE----- --LZvS9be/3tNcYl/X--