tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: proposal: inetd improvements.



On Wed, Jun 02, 2010 at 08:57:54PM +0100, elric%imrryr.org@localhost wrote:
 >>>    4.  % should be defined as an address type and it should expand
 >>>        into a list of IP addresses which is periodically regenerated
 >>>        by iterating over the interfaces,
 >>
 >> I'm curious what the purpose of this is?  The reason I'm asking is that
 >> doing this can just really, really suck on routers which have large
 >> interface configurations (I've seen them with a number of interfaces
 >> configured which overflowed a 16 bit interface index).

...so don't use it there?

 > It's specifically for UDP wait services where the client expects
 > the server to answer from the same IP address to which it sent the
 > request.  E.g. named or krb5kdc.

This can be fixed in the service (as was done in talkd) by doing udp
connect(). There are exotic multihomed setups where this won't
necessarily work, but those should probably be avoided anyway for
machines that host services.

It becomes more important for services where the behavior is supposed
to be different on different interfaces, such as firewall proxies;
even if you wanted to, you can't enumerate the interfaces in
inetd.conf if the list isn't fixed.

-- 
David A. Holland
dholland%netbsd.org@localhost


Home | Main Index | Thread Index | Old Index