| 1 |
Hi Alexander, |
| 2 |
|
| 3 |
On Mon, Feb 06, 2012 at 06:15:13PM -0500, Alexandre Rostovtsev wrote: |
| 4 |
> I agree with the existence of the problem, but strongly disagree with |
| 5 |
> the solution. |
| 6 |
|
| 7 |
Actually you have sort of helped me nail down the problem more. The |
| 8 |
issue is that the "net" service is broken. I'll try to point out how. |
| 9 |
|
| 10 |
> 1. Services that connect to remote machines via any available network |
| 11 |
> interface. |
| 12 |
> 2. Services that listen to connections from remote machines on any |
| 13 |
> available network interface, and run correctly even if no non-lo |
| 14 |
> interfaces are up. |
| 15 |
> 3. Services that require a specific network interface, bind to a |
| 16 |
> specific address, or connect to a specific machine on the local subnet. |
| 17 |
> |
| 18 |
> Category 1 includes things like ntp-client (in the typical use case). |
| 19 |
> Category 2 includes things like sshd (in the typical use case). |
| 20 |
> Category 3 includes things like netmount (in the typical use case), or |
| 21 |
> your example of sshd that's bound to a specific static IP. |
| 22 |
> |
| 23 |
> The proposal to provide net only from loopback may help with startup |
| 24 |
> issues for Category 2, but would break Category 1. (Category 3 is broken |
| 25 |
> in either case unless the user adds the appropriate rc_need lines |
| 26 |
> in /etc/conf.d). |
| 27 |
|
| 28 |
Whether or not you break category one depends on how you define a remote |
| 29 |
machine. This is where I think the net service is broken. |
| 30 |
|
| 31 |
It is possible to have a lo interface active, without having any |
| 32 |
other network interfaces active. In the normal use case, your category |
| 33 |
one services will start (because they see that net is provided), and |
| 34 |
fail, because they can't make their connection over the loopback |
| 35 |
interface. |
| 36 |
|
| 37 |
> My counterproposal is to |
| 38 |
> (a) fix init scripts for Category 2 so that instead of "use net" or |
| 39 |
> "need net", they only "use net.lo" or "need net.lo"; and |
| 40 |
|
| 41 |
I think it would be better if I provided another service these scripts |
| 42 |
could use|need, because the loopback goes by at least one name other than |
| 43 |
"lo" that I know of, and that is "lo0", so if I don't provide a service, |
| 44 |
all of these scripts would have to conditionally use or need at least lo |
| 45 |
or lo0 depending on which platform they are running on. |
| 46 |
|
| 47 |
For the normal use case, I submit that category one should not care |
| 48 |
about the loopback interface, since we don't make remote connections |
| 49 |
that way. That would mean that loopback would not provide net by |
| 50 |
default. |
| 51 |
|
| 52 |
William |
Archives