From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RumDY-0007KR-7t for garchives@archives.gentoo.org; Tue, 07 Feb 2012 14:40:24 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 3EBE7E069C; Tue, 7 Feb 2012 14:40:03 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 5EA6DE035C for ; Tue, 7 Feb 2012 14:39:20 +0000 (UTC) Received: from [192.168.1.131] (CPE002401f30b73-CM001cea3ddad8.cpe.net.cable.rogers.com [99.224.72.201]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: axs) by smtp.gentoo.org (Postfix) with ESMTPSA id A407F1B4025 for ; Tue, 7 Feb 2012 14:39:19 +0000 (UTC) Message-ID: <4F313792.7050502@gentoo.org> Date: Tue, 07 Feb 2012 09:39:14 -0500 From: Ian Stakenvicius User-Agent: Mozilla/5.0 (X11; Linux i686; rv:8.0) Gecko/20111220 Thunderbird/8.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] rfc: only the loopback interface should provide net References: <20120206210451.GA1940@linux1> <1328570113.8348.53.camel@rook> <20120207064348.GA3036@linux1> <1328603319.8348.81.camel@rook> In-Reply-To: <1328603319.8348.81.camel@rook> X-Enigmail-Version: 1.3.3 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Archives-Salt: 3412e6a8-a383-492f-81dc-07d9bddbaf5a X-Archives-Hash: 3d227174ad9eb1e354660381468aa147 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 07/02/12 03:28 AM, Alexandre Rostovtsev wrote: > > If I want to connect to pool.ntp.org to sync the system clock, or > to my company's vpn gateway for telecommuting, or to tor to encrypt > my traffic, or to a dynamic dns provider to update my machine's > record, I do not care in the least which interface I use. This is not actually true. You care, in that you want to be sure that the iface connects to the internet (or at least the network that said target sits on). Many systems that have multiple interfaces have only some of them that route out to the rest of the world, and when depending on a generic 'net' that includes -all- of them, it's more likely that the, say, static private net iface will be configured (and therefore 'net' considered started) significantly before the one that can route to the internet, and therefore ntp-client's attempts at connecting to pool.ntp.org will fail. I think that "Category 2" needs to be separated into "2a - any network", and "2b - any public network". For instance, the service 'net' (for 2a) and service 'inet' (for 2b). If this were the default case, then Cat.2 packages that by default want to connect to the internet could 'need inet', and then the user would only have to define which interfaces are included (or excluded) from satisfying 'inet'. The trick that I see here is that init.d scripts have to have their 'depends' set up in such a way that the services can be separated based on their need for public network or any network, so that the user doesn't have to mess with those. By default I think it makes sense to keep both the 'net' and 'inet' pools the same (ie, all ifaces but net.lo*), but have a simple ability to separate interfaces from the 'public net' pool in rc.conf when they do not provide a public network connection. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) iF4EAREIAAYFAk8xN5IACgkQAJxUfCtlWe3hDQD+JKD7AWVep/+v8u7WcdP2ZbxB k9Vmo5NT39WqvWPP3TYA/ReAYy4nAyYC8nbc/dRO53LwXqEP9g8rf+0WJ/aPHXkW =2VMQ -----END PGP SIGNATURE-----