From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RuoAb-00022F-9p for garchives@archives.gentoo.org; Tue, 07 Feb 2012 16:45:30 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 3F457E067D; Tue, 7 Feb 2012 16:45:14 +0000 (UTC) Received: from mail-gx0-f181.google.com (mail-gx0-f181.google.com [209.85.161.181]) by pigeon.gentoo.org (Postfix) with ESMTP id B63E8E0665 for ; Tue, 7 Feb 2012 16:44:28 +0000 (UTC) Received: by ggnv5 with SMTP id v5so2937389ggn.40 for ; Tue, 07 Feb 2012 08:44:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=sender:date:from:to:subject:message-id:mail-followup-to:references :mime-version:content-type:content-disposition:in-reply-to :user-agent; bh=rm81+rIWe4LUIQIDGSpmV/hWUilpNOqCzT7pwJ+2WAA=; b=WEFh5XcMKuxu0Rji8OI0syCT92Wn9w0EYrHH0+gXIhCCkyHzcpMAOWnG1bEuSlwFJs cBBfJCXH5ex0L+mhdTqz+8vTwkV0s5vx0A1ueiLiHt/hgyyXIvfBlkIjlng43+JoYAN2 EpCHfN/n67Zw5LwCuo3Q2oTrK7QE1dU45sBpQ= Received: by 10.236.131.5 with SMTP id l5mr32547435yhi.128.1328633068033; Tue, 07 Feb 2012 08:44:28 -0800 (PST) Received: from linux1 (cpe-76-187-77-158.tx.res.rr.com. [76.187.77.158]) by mx.google.com with ESMTPS id n32sm44154412ani.8.2012.02.07.08.44.25 (version=SSLv3 cipher=OTHER); Tue, 07 Feb 2012 08:44:26 -0800 (PST) Sender: William Hubbs Received: by linux1 (sSMTP sendmail emulation); Tue, 07 Feb 2012 10:44:18 -0600 Date: Tue, 7 Feb 2012 10:44:18 -0600 From: William Hubbs To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] rfc: only the loopback interface should provide net Message-ID: <20120207164418.GA4579@linux1> Mail-Followup-To: gentoo-dev@lists.gentoo.org References: <20120206210451.GA1940@linux1> <1328570113.8348.53.camel@rook> <20120207064348.GA3036@linux1> <1328603319.8348.81.camel@rook> <4F313792.7050502@gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="tThc/1wpZn/ma/RB" Content-Disposition: inline In-Reply-To: <4F313792.7050502@gentoo.org> User-Agent: Mutt/1.5.21 (2010-09-15) X-Archives-Salt: db78dc8c-9d06-4116-83da-755212f1d8e8 X-Archives-Hash: c6bdefab530a4b60f6730d279e5e6fc1 --tThc/1wpZn/ma/RB Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Feb 07, 2012 at 09:39:14AM -0500, Ian Stakenvicius wrote: > On 07/02/12 03:28 AM, Alexandre Rostovtsev wrote: > >=20 > > If I want to connect to pool.ntp.org to sync the system clock, or > > to my company's vpn gateway for telecommuting, or to tor to encrypt > > my traffic, or to a dynamic dns provider to update my machine's > > record, I do not care in the least which interface I use. >=20 > This is not actually true. You care, in that you want to be sure that > the iface connects to the internet (or at least the network that said > target sits on). >=20 > Many systems that have multiple interfaces have only some of them that > route out to the rest of the world, and when depending on a generic > 'net' that includes -all- of them, it's more likely that the, say, > static private net iface will be configured (and therefore 'net' > considered started) significantly before the one that can route to the > internet, and therefore ntp-client's attempts at connecting to > pool.ntp.org will fail. >=20 > I think that "Category 2" needs to be separated into "2a - any > network", and "2b - any public network". For instance, the service > 'net' (for 2a) and service 'inet' (for 2b). If this were the default > case, then Cat.2 packages that by default want to connect to the > internet could 'need inet', and then the user would only have to > define which interfaces are included (or excluded) from satisfying 'inet'. You mean cat 1 actually; cat 2 are the listeners, like sshd, which don't care as long as some interface is active. > The trick that I see here is that init.d scripts have to have their > 'depends' set up in such a way that the services can be separated > based on their need for public network or any network, so that the > user doesn't have to mess with those. By default I think it makes > sense to keep both the 'net' and 'inet' pools the same (ie, all ifaces > but net.lo*), but have a simple ability to separate interfaces from > the 'public net' pool in rc.conf when they do not provide a public > network connection. If we add an internet pool, I would rather it start out with no interfaces and have the user be required to add the interface(s) to it. William --tThc/1wpZn/ma/RB Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) iEYEARECAAYFAk8xVOIACgkQblQW9DDEZTgLNgCfQ19aoJ6fn3VUH7UN1dcToMZl vH4AoKLzm7nxDNTiyq/8rQGrIls9M2NO =Ouew -----END PGP SIGNATURE----- --tThc/1wpZn/ma/RB--