Update.
Seems there is no cross-platform way to listen only specific network
interface.
And there is no good platform-specific way too.
On Linux:
- It can be easily done with iptables. However it is out of OpenHPI scope.
- There is setsockopt(SO_BINDTODEVICE). But it was described as deprecated
and it requires root rights.
I have examined several network services and found they used bind() call.
They did convert interface name to interface address and called bind().
Which is actually socket address binding but not the network interface
binding.
And the socket binded to the interface address stops working if the
interface address is changed.
For example DHCP server can change the interface address. And an User can
do this too.
NTPd developers introduced periodical check for interface address change.
It can be good way.
So the question I have again now: what is more desirable:
- to allow HPI traffic only on the specified network interface
- to allow HPI traffic only to the specified IP address
?
Anton Pak
On Tue, 09 Nov 2010 16:55:26 +0300, Andy Cress <[email protected]>
wrote:
> Anton,
>
> I believe it should be way #2 below, since eth0 will change less and be
> less dependent on virtual IPs, etc.
>
> Andy
>
> -----Original Message-----
> From: Anton Pak [mailto:[email protected]]
> Sent: Tuesday, November 09, 2010 7:45 AM
> To: OpenHPI-devel
> Subject: [Openhpi-devel] About feature request #3094859 "Add a
> possibility to listen only specified network interfaces"
>
> Hello!
>
> I have some uncertainty about the way it will work.
>
> There are several ways:
>
> 1) Use IP addresses to which to bind daemon socket ( i.e. introduce
> OPENHPI_DAEMON_BIND_ADDRESS=192.168.1.1)
>
> 2) Use network interface names to which to bind daemon socket (i.e.
> introduce OPENHPI_DAEMON_INTERFACE=eth0)
>
> 3) Way #1 but reuse existing OPENHPI_DAEMON_HOST variable instead of new
>
> OPENHPI_DAEMON_BIND_ADDRESS
>
> Also there is a question if we should support several bind addresses /
> interfaces.
>
> And there is a question about 127.0.0.1 / lo. Should it be always
> binded?
> Should it be configured?
>
> Looking forward for your opinions.
>
> Anton Pak
>
>
> ------------------------------------------------------------------------
> ------
> The Next 800 Companies to Lead America's Growth: New Video Whitepaper
> David G. Thomson, author of the best-selling book "Blueprint to a
> Billion" shares his insights and actions to help propel your
> business during the next growth cycle. Listen Now!
> http://p.sf.net/sfu/SAP-dev2dev
> _______________________________________________
> Openhpi-devel mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/openhpi-devel
>
> ------------------------------------------------------------------------------
> The Next 800 Companies to Lead America's Growth: New Video Whitepaper
> David G. Thomson, author of the best-selling book "Blueprint to a
> Billion" shares his insights and actions to help propel your
> business during the next growth cycle. Listen Now!
> http://p.sf.net/sfu/SAP-dev2dev
> _______________________________________________
> Openhpi-devel mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/openhpi-devel
------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires
February 28th, so secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________
Openhpi-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openhpi-devel
