Date: Wed, 7 Oct 1998 10:20:59 +0200 (SAT) From: Graham Wheeler <gram@cdsec.com> To: tlambert@primenet.com (Terry Lambert) Cc: hackers@FreeBSD.ORG Subject: Re: New inetd.c Message-ID: <199810070820.KAA04373@cdsec.com> In-Reply-To: <199810061844.LAA26434@usr04.primenet.com> from "Terry Lambert" at Oct 6, 98 06:44:16 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> > * a new argument, -X, has been added. If this argument is used, the > > entries in inetd.conf (or whatever config file is used) are > > expected to have an additional initial field, which is the > > address to bind to. A value of `any' will be equivalent to > > the normal behaviour of binding to INADDR_ANY. This provides > > similar functionality to the normal -a argument, but with > > a much finer granularity. It is intended for use in multi-homed > > hosts which have different services available on different > > interfaces. You can check all the changes that were made to > > support this by grepping for the `extended_format' flag in > > the source. > > I think this duplicates the combination of the "-a" combined with > a "configuration file" argument? This isn't a bad idea, but there > are things to be said for seperate configuration files, especially > for split service models (i.e.:, you HUP one inetd and not another, > and you can safely use something like "sed" to modify the file > contents without worrying about enabling/disabling on the wrong > interface. The -X was added for our firewall, where, for various reasons to do with fault tolerance, a single process is preferable to multiple processes. My main aim in posting was to fix the signal handling; I decided that no harm would be done by leaving in the -X change as well (although I did remove some other changes that are of no use to anyone else). > I would be very interested in a binding of the type: > > ed0:192.168.1.1 > ed1:192.168.1.1 > > actually. This would be useful for things like "inline" VPN > machines, where the interface uses one address and by being ganged > inline, "just works"... For the most part, the IP address is used > to select an interface, more often than not, so it's the binding > to an interface that's interesteing, and the IP address less so. That's a nice idea, but how does one bind a socket to an interface, as opposed to an address? -- Dr Graham Wheeler E-mail: gram@cdsec.com Citadel Data Security Phone: +27(21)23-6065/6/7 Internet/Intranet Network Specialists Mobile: +27(83)253-9864 Firewalls/Virtual Private Networks Fax: +27(21)24-3656 Data Security Products WWW: http://www.cdsec.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199810070820.KAA04373>