Re: Advanced network configuration

[Alexey Abramov]

Hi,

Ludovic Courtès <ludo@gnu.org> writes:

> Hi!
>
> Alexey Abramov <levenson@mmer.org> skribis:
>
> [...]
>

[...]

>
> I would do that by having ‘networking’ depend on ‘firewall’ (say).
>
> Does that make sense?
>
> It’d be interesting to see whether we need something beyond this.

But what if I just want to stop a firewall? Won't that trigger
network to restart in that case?

>> Applications have to be able to gracefully shutdown their network
>> connections.  Is it the case right now, I don't know?
>
> What do you mean?

If you run a simple VM with openssh, login there via ssh client and run
'herd power-off root' from the QEMU serial console, the VM will be
shutdown, but your ssh connection won't know anything about it and the
socket will be left in a ESTABLISHED state! By typing there system will
keep trying to send data over there wire (Send-Q).

--8<---------------cut here---------------start------------->8---
root@delta ~# ss -ta -A all '( dport = :ssh )' dst 192.168.10.100/24
Netid             State             Recv-Q             Send-Q                   
      Local Address:Port                            Peer Address:Port           
 Process             
tcp               ESTAB             0                  288                      
       192.168.10.1:48106                         192.168.10.100:ssh            
                     
--8<---------------cut here---------------end--------------->8---

There is no such a problem with shutdown command by the way. 

>> I am checking (shepherd services) where `shutdown-services' defined, and
>> seems like it just walks across %services hash table. Am I missing
>> something?
>
> Correct, there’s nothing fancy going on there.
>
> Thanks,
> Ludo’.

-- 
Alexey