On Jun 07, Adam Foxson wrote:
> On Sat, Jun 07, 2003 at 12:32:42PM -0400, Kurt Starsinic wrote:
> > 1. It's not *actually* using the official registry, as
> > advertised; the port numbers are hard-coded.
>
> Thanks for the taking the time to draw up your concerns. Actually, it
> *is* using the official registry, as advertised. There is an undocumented
> internal method named _create_db which takes the official registry at
> http://www.iana.org/assignments/port-numbers and converts it into the
> internal representation to which you're referring.
Ah. I only saw that new() calls _init_db(), which reads from <DATA>.
And I now see that there's no way to easily use the output from
_create_db(), without editing the module's source.
> I do this for several reasons, and the top reason is that it results in a
> distribution that *tremdously* smaller than if it would not have been
> translated to an internal representation . . . . If you still feel there
> should be an implementation change for this point, please feel free to
> suggest one that you feel would be better. :-)
I'd suggest a few things. Use any, all, or none:
Document _create_db().
Have _create_db() remove the ports you don't like (it appears
to me that you hand-edited its output before incorporating
it in the module), unless you agree with me (see below) that
the ports shouldn't be removed.
Don't put the data into __DATA__. Have the module run
_create_db(), and put its output in a separate data file,
on installation.
> > Thus, if the registry is updated, I have no way of knowing that
> > the entries I'm using are outdated, and no way of
> > forcing an update.
>
> There is a method last_updated() that will return the date that the IANA
> port registry, that was translated, stated that it was last updated.
> Ostensibly, there is no current means by which one could force an update,
> but I had planned to keep a good eye on it and release new versions as
> necessary.
I think it's better if updating the data doesn't require updating
the module. Organizations and software distros with tight software
control management will be more likely to use it then.
> If I do include a means by which to allow users of N::I::P to force an
> update how would you envision that working?
As I alluded to above, _init_db() should read from a file, and
_create_db() should write to same; then the user, given sufficient
privileges, could call _create_db() to force an update.
> > 2. You leave out some ports "with no associated protocols."
> > I'm not sure what the value of this is; as a naive user, I
> > would expect that the module maps as in IANA's registry,
> > not as in what protocols are actually known to be deployed
> > in the wild.
>
> Well, the problem with the sixteen services that you mention is simply that
> in the port registry they have no protocols associated with them, thus I
> have no idea as to how they should be "correctly represented". I figured it
> would be better to disclude them than to guess, being that all of the
> methods require either a port and protocol, or service and protocol. I
> regard these particular entries, in the port registry, as clerical
> mistakes, since the thousands of other services do indeed have associated
> protocols. If you have any ideas as to how this can best be dealt with, I
> am all ears.
I would suggest that the protocol should be '', and while I'm
armchair protocol-tweaking, I'll suggest that '' as a protocol in
port2svc() and port2desc() should match any protocol, in which case
they would return a list of matches. E.g.:
$iana->port2svc(113); # Returns qw(ident auth)
$iana->port2desc(7300); # Returns 'The Swiss Exchange'
I would say that leaving them out is a bad idea. I, for example,
would use this module to:
Implement tools like nmap or netstat, where *I* might choose
to assume that those ports were assigned to TCP and UDP (this
is my best guess about what the entries actually mean).
Check if a port is assigned to anything. Again, I might
choose to assume that they're assigned to TCP and UDP (and
SCTP and TDP).
The long and the short of it is that I'd like to see all the
information that's in the database, whether or not it's complete.
- Kurt
