On 11/13/2012 11:44 PM, Andrew Stitcher wrote:
I've been working on getting the qpid C++ broker to listen only on specific network interfaces if that is desired.
I think that this isn't possible on most systems because IP addresses belong to the system, not individual interfaces. But I think that it is sufficient to explain in the documentation that configuring interfaces only affects the addresses picked up by Qpid, and does not directly prevent hosts on other interfaces from connecting to the service.
* Error behaviour The broker may be unable (for whatever reason) to listen on the specified ports (Perhaps the specified network interface doesn't exist; perhaps the specified address isn't actually an address of a connected interface etc.). In this case we will not fall back to listening on every network interface - the assumption here is that specifying some interfaces is a deliberate restriction, quite possibly for security reasons and so we must "fail safe" and not expose the broker to potentially hostile network traffic because of a misconfiguration.
Do you intend to retry periodically, checking if the configured interface has come up? I think NetworkManager can generate events which would help with that. But other software does this as well (ntpd, for example).
-- Florian Weimer / Red Hat Product Security Team --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
