Hi Alexander, On Mon, Feb 06, 2012 at 06:15:13PM -0500, Alexandre Rostovtsev wrote: > I agree with the existence of the problem, but strongly disagree with > the solution. Actually you have sort of helped me nail down the problem more. The issue is that the "net" service is broken. I'll try to point out how.
> 1. Services that connect to remote machines via any available network > interface. > 2. Services that listen to connections from remote machines on any > available network interface, and run correctly even if no non-lo > interfaces are up. > 3. Services that require a specific network interface, bind to a > specific address, or connect to a specific machine on the local subnet. > > Category 1 includes things like ntp-client (in the typical use case). > Category 2 includes things like sshd (in the typical use case). > Category 3 includes things like netmount (in the typical use case), or > your example of sshd that's bound to a specific static IP. > > The proposal to provide net only from loopback may help with startup > issues for Category 2, but would break Category 1. (Category 3 is broken > in either case unless the user adds the appropriate rc_need lines > in /etc/conf.d). Whether or not you break category one depends on how you define a remote machine. This is where I think the net service is broken. It is possible to have a lo interface active, without having any other network interfaces active. In the normal use case, your category one services will start (because they see that net is provided), and fail, because they can't make their connection over the loopback interface. > My counterproposal is to > (a) fix init scripts for Category 2 so that instead of "use net" or > "need net", they only "use net.lo" or "need net.lo"; and I think it would be better if I provided another service these scripts could use|need, because the loopback goes by at least one name other than "lo" that I know of, and that is "lo0", so if I don't provide a service, all of these scripts would have to conditionally use or need at least lo or lo0 depending on which platform they are running on. For the normal use case, I submit that category one should not care about the loopback interface, since we don't make remote connections that way. That would mean that loopback would not provide net by default. William
pgpyiKIq3ImX1.pgp
Description: PGP signature
