[OpenIndiana-discuss] OI Hipster becomes unreachable over network after a certain length of uptime
Joshua M. Clulow
josh at sysmgr.org
Fri Apr 15 22:58:39 UTC 2022
On Fri, 15 Apr 2022 at 09:23, stes at PANDORA.BE <stes at telenet.be> wrote:
> > This is indeed a bug:
> > 14006 ipv4-routing should not be enabled by default
> > https://www.illumos.org/issues/14006
> Should ipv4-routing not be enabled or should it not be installed as part of the 'minimal' server type ?
Whether it is installed or not, the routing setup service should not
have a special case like it does today that tries to guess at whether
or not this daemon should be enabled. The operator should be required
to turn it on explicitly via routeadm, or potentially via SMF.
> https://www.illumos.org/issues/8587
Ah, that is indeed effectively a duplicate of #14006, but with a less
crisp description. I've closed that one out in favour of 14006.
> I am not sure there is a bug here. Also I'd say that this is not really an installer bug.
There is definitely a bug, and yes, it's not an installer bug. It's a
bug in the machinery behind routeadm and routing setup in the core of
the OS.
> I am writing 'problem' between quotes as it is unclear to me that it is really a problem, although that from a 'disabling unnecessary daemons' perspective (hardening) it could be considered a problem, but thanks to IPS packaging easy to uninstall/fix.
It definitely is a problem. Enabling the routing daemon may cause the
system to uncritically consume routes sent from remote hosts, and at a
minimum will unhelpfully adjust the routing table in some cases.
The service should be able to be installed without being enabled, as
it is today, by guessing at the operator intent by looking at the
current (dynamic!) state of the network stack and configuration.
Whether to include it by default in newly installed systems seems more
of a distribution-level question, but unrelated to how it works when
it is installed.
Cheers.
--
Joshua M. Clulow
http://blog.sysmgr.org
More information about the openindiana-discuss
mailing list