Darren Reed writes:
> What about adding "bind_interface" (at both the global inetd
> level and on a per service basis) ?

Yikes.

I don't see how such a request is even possible.  First, we'd have to
create some sort of Linux-like "bind to interface" misfeature on
Solaris, as the kernel currently doesn't do what I think you're
asking.

To do that, we'd have to have some clear semantics.  How does it
interact with exclusive binding?  What happens as interfaces are
configured and removed?

Or do we just dispense with actual binding and instead do IP_RECVIF
inside inetd, and drop connections that don't match?

There may be some very narrow cases in which "bind to interface" makes
some sense (implementing DHCP/BOOTP without resorting to DLPI would
likely be one), but I don't think any of them match up with regular
inetd services.

Instead, if what's wanted here (as I suspect) is some sort of linkage
between the services configured on the system, and the packet filters
established on the system interfaces, then that's probably what should
be addressed.  Windows seems to do a fairly decent job at this, but we
don't.

-- 
James Carlson, KISS Network                    <james.d.carlson at sun.com>
Sun Microsystems / 1 Network Drive         71.232W   Vox +1 781 442 2084
MS UBUR02-212 / Burlington MA 01803-2757   42.496N   Fax +1 781 442 1677

Reply via email to