From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-dev+bounces-49716-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1RuoAb-00022F-9p
	for garchives@archives.gentoo.org; Tue, 07 Feb 2012 16:45:30 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 3F457E067D;
	Tue,  7 Feb 2012 16:45:14 +0000 (UTC)
Received: from mail-gx0-f181.google.com (mail-gx0-f181.google.com [209.85.161.181])
	by pigeon.gentoo.org (Postfix) with ESMTP id B63E8E0665
	for <gentoo-dev@lists.gentoo.org>; Tue,  7 Feb 2012 16:44:28 +0000 (UTC)
Received: by ggnv5 with SMTP id v5so2937389ggn.40
        for <gentoo-dev@lists.gentoo.org>; Tue, 07 Feb 2012 08:44:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=sender:date:from:to:subject:message-id:mail-followup-to:references
         :mime-version:content-type:content-disposition:in-reply-to
         :user-agent;
        bh=rm81+rIWe4LUIQIDGSpmV/hWUilpNOqCzT7pwJ+2WAA=;
        b=WEFh5XcMKuxu0Rji8OI0syCT92Wn9w0EYrHH0+gXIhCCkyHzcpMAOWnG1bEuSlwFJs
         cBBfJCXH5ex0L+mhdTqz+8vTwkV0s5vx0A1ueiLiHt/hgyyXIvfBlkIjlng43+JoYAN2
         EpCHfN/n67Zw5LwCuo3Q2oTrK7QE1dU45sBpQ=
Received: by 10.236.131.5 with SMTP id l5mr32547435yhi.128.1328633068033;
        Tue, 07 Feb 2012 08:44:28 -0800 (PST)
Received: from linux1 (cpe-76-187-77-158.tx.res.rr.com. [76.187.77.158])
        by mx.google.com with ESMTPS id n32sm44154412ani.8.2012.02.07.08.44.25
        (version=SSLv3 cipher=OTHER);
        Tue, 07 Feb 2012 08:44:26 -0800 (PST)
Sender: William Hubbs <w.d.hubbs@gmail.com>
Received: by linux1 (sSMTP sendmail emulation); Tue, 07 Feb 2012 10:44:18 -0600
Date: Tue, 7 Feb 2012 10:44:18 -0600
From: William Hubbs <williamh@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] rfc: only the loopback interface should provide net
Message-ID: <20120207164418.GA4579@linux1>
Mail-Followup-To: gentoo-dev@lists.gentoo.org
References: <20120206210451.GA1940@linux1>
 <1328570113.8348.53.camel@rook>
 <20120207064348.GA3036@linux1>
 <1328603319.8348.81.camel@rook>
 <4F313792.7050502@gentoo.org>
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@lists.gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="tThc/1wpZn/ma/RB"
Content-Disposition: inline
In-Reply-To: <4F313792.7050502@gentoo.org>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Archives-Salt: db78dc8c-9d06-4116-83da-755212f1d8e8
X-Archives-Hash: c6bdefab530a4b60f6730d279e5e6fc1


--tThc/1wpZn/ma/RB
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Feb 07, 2012 at 09:39:14AM -0500, Ian Stakenvicius wrote:
> On 07/02/12 03:28 AM, Alexandre Rostovtsev wrote:
> >=20
> > If I want to connect to pool.ntp.org to sync the system clock, or
> > to my company's vpn gateway for telecommuting, or to tor to encrypt
> > my traffic, or to a dynamic dns provider to update my machine's
> > record, I do not care in the least which interface I use.
>=20
> This is not actually true.  You care, in that you want to be sure that
> the iface connects to the internet (or at least the network that said
> target sits on).
>=20
> Many systems that have multiple interfaces have only some of them that
> route out to the rest of the world, and when depending on a generic
> 'net' that includes -all- of them, it's more likely that the, say,
> static private net iface will be configured (and therefore 'net'
> considered started) significantly before the one that can route to the
> internet, and therefore ntp-client's attempts at connecting to
> pool.ntp.org will fail.
>=20
> I think that "Category 2" needs to be separated into "2a - any
> network", and "2b - any public network".  For instance, the service
> 'net' (for 2a) and service 'inet' (for 2b).  If this were the default
> case, then Cat.2 packages that by default want to connect to the
> internet could 'need inet', and then the user would only have to
> define which interfaces are included (or excluded) from satisfying 'inet'.

You mean cat 1 actually; cat 2 are the listeners, like sshd, which don't
care as long as some interface is active.

> The trick that I see here is that init.d scripts have to have their
> 'depends' set up in such a way that the services can be separated
> based on their need for public network or any network, so that the
> user doesn't have to mess with those.  By default I think it makes
> sense to keep both the 'net' and 'inet' pools the same (ie, all ifaces
> but net.lo*), but have a simple ability to separate interfaces from
> the 'public net' pool in rc.conf when they do not provide a public
> network connection.

If we add an internet pool, I would rather it start out with no
interfaces and have the user be required to add the interface(s) to it.

William


--tThc/1wpZn/ma/RB
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)

iEYEARECAAYFAk8xVOIACgkQblQW9DDEZTgLNgCfQ19aoJ6fn3VUH7UN1dcToMZl
vH4AoKLzm7nxDNTiyq/8rQGrIls9M2NO
=Ouew
-----END PGP SIGNATURE-----

--tThc/1wpZn/ma/RB--