From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-devel-bounces+larch=yhetil.org@gnu.org>
Received: from mp12.migadu.com ([2001:41d0:2:bcc0::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms5.migadu.com with LMTPS
	id cDlAJZwoRWNlHgAAbAwnHQ
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Tue, 11 Oct 2022 10:26:04 +0200
Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp12.migadu.com with LMTPS
	id CP0+JZwoRWPK4gAAauVa8A
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Tue, 11 Oct 2022 10:26:04 +0200
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 5396637D3F
	for <larch@yhetil.org>; Tue, 11 Oct 2022 10:26:04 +0200 (CEST)
Received: from localhost ([::1]:42364 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	id 1oiAaR-00026h-IZ
	for larch@yhetil.org; Tue, 11 Oct 2022 04:26:03 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:48822)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <levenson@mmer.org>) id 1oiA9R-0002RC-HQ
 for guix-devel@gnu.org; Tue, 11 Oct 2022 03:58:09 -0400
Received: from mail.mmer.org ([178.22.65.174]:47210)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <levenson@mmer.org>)
 id 1oiA9K-00088S-Ok; Tue, 11 Oct 2022 03:58:09 -0400
Received: from mail.mmer.org (localhost [127.0.0.1])
 by mail.mmer.org (OpenSMTPD) with ESMTP id 95214f5f;
 Tue, 11 Oct 2022 07:57:54 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=mmer.org; h=from:to:cc
 :subject:references:date:message-id:mime-version:content-type
 :content-transfer-encoding; s=dkim; bh=+s7WKNp5YHAyM7Tk5fbVhfWt9
 bTAYhiJlutqnJ0UcT8=; b=7rEYRYa8wgIOHui08PJjhRXUqWFtPJI3ZjcpKSiCj
 A3flWQ4uFKfvcM06H/1XFzmCcU+VvE5jbbKTfqmlgt7e51tsADTyacdrejLlQo5z
 Seb2IR98Na0fSjJdaGJ3pxasjUGtIH9glxBhbJ12c7GHGHQHlWvY2KbET5UXZbfo
 wI=
Received: from delta.lan (j74210.upc-j.chello.nl [24.132.74.210])
 by mail.mmer.org (OpenSMTPD) with ESMTPSA id a5ad3a80
 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO); 
 Tue, 11 Oct 2022 07:57:54 +0000 (UTC)
From: Alexey Abramov <levenson@mmer.org>
To: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Cc: guix-devel@gnu.org,  Julien Lepiller <julien@lepiller.eu>
Subject: Re: Advanced network configuration
References: <875yh0sr5c.fsf@delta.lan> <87fsg2sgml.fsf@gnu.org>
 <87zge9m70d.fsf@delta.lan> <875ygr1zer.fsf@gnu.org>
Date: Tue, 11 Oct 2022 09:57:42 +0200
Message-ID: <87edve6bd5.fsf@delta.lan>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/29.0.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass client-ip=178.22.65.174; envelope-from=levenson@mmer.org;
 helo=mail.mmer.org
X-Spam_score_int: -16
X-Spam_score: -1.7
X-Spam_bar: -
X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, DKIM_INVALID=0.1,
 DKIM_SIGNED=0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=no autolearn_force=no
X-Spam_action: no action
X-BeenThere: guix-devel@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Development of GNU Guix and the GNU System distribution."
 <guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+larch=yhetil.org@gnu.org>
X-Migadu-Flow: FLOW_IN
X-Migadu-Country: US
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1665476764;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 references:references:list-id:list-help:list-unsubscribe:
	 list-subscribe:list-post:dkim-signature;
	bh=dsSfBs/QQiR3rV29IM8obTj09mojBwMM6h1JCXExhGs=;
	b=c8wY8UGaAhZdPdOiy/ELaXCc0IBJp0jDJRGr0y3ayo3DygvFgs6xFw1usczJwzvi8CAspK
	wyyjkLyqh7hGwrTzuOOlMNv+XXZ2s1C/1XtQVOgWLMHT7bpFYEsF7v79tZJEeHAIL4jtaj
	ZirlULKFad0aqqDvQRA73hwMFO5qtLBZ2JT9EliRfwsim+nD+ENppObs7O4NlNBMdf7FTK
	RUnLwTzqo4iM+L11QBanqNtp5Ufcow6+avQhJ+T4aowV3F8YkIxlQCNepLjDyw14qy8OSp
	HjGAF/gBeieigsNMru4C0F3NoxNCF2NJ7ibPq1AC07EBamODAN5vEdIiaBUeFg==
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1665476764; a=rsa-sha256; cv=none;
	b=uykGJcjY/cfCYI7GQvGwc1eSM76S6Q+q5AwHJL9NSP2OaURJanRs8NnShZB21KrlwdCf8v
	3xa4kqVZ3Ja5R0eG5EccT+K/C3uM72KYPBn3lmb3rskDbSxZ7db6rHzyLrRAxUs8bTt0y6
	VK6FPDFDAO3+h0hvZfcoMIEz4hQ4d0Awuu5kzJFtU8EZwy21qdw7YxXrAtBtpFik57d8Ki
	Ah9BLaxAeSkuZ1p51pcjgu50PziBR/z74Mwenw4jYwTprmCEWtvrWqSCHoZ2M76bzPz/ZN
	4OdewpAN2BgUVBEFJXZk6sTfxYX2g3qpnpX5YpsPTkEyrtmlJy2YgZ7gTbCg3A==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=pass header.d=mmer.org header.s=dkim header.b=7rEYRYa8;
	dmarc=pass (policy=reject) header.from=mmer.org;
	spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"
X-Migadu-Spam-Score: -2.40
Authentication-Results: aspmx1.migadu.com;
	dkim=pass header.d=mmer.org header.s=dkim header.b=7rEYRYa8;
	dmarc=pass (policy=reject) header.from=mmer.org;
	spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"
X-Migadu-Queue-Id: 5396637D3F
X-Spam-Score: -2.40
X-Migadu-Scanner: scn1.migadu.com
X-TUID: Ozh37Xv6HI0R

Hi,

Ludovic Court=C3=A8s <ludo@gnu.org> writes:

> Hi!
>
> Alexey Abramov <levenson@mmer.org> skribis:
>
> [...]
>

[...]

>
> I would do that by having =E2=80=98networking=E2=80=99 depend on =E2=80=
=98firewall=E2=80=99 (say).
>
> Does that make sense?
>
> It=E2=80=99d be interesting to see whether we need something beyond this.

But what if I just want to stop a firewall? Won't that trigger
network to restart in that case?

>> Applications have to be able to gracefully shutdown their network
>> connections.  Is it the case right now, I don't know?
>
> What do you mean?

If you run a simple VM with openssh, login there via ssh client and run
'herd power-off root' from the QEMU serial console, the VM will be
shutdown, but your ssh connection won't know anything about it and the
socket will be left in a ESTABLISHED state! By typing there system will
keep trying to send data over there wire (Send-Q).

--8<---------------cut here---------------start------------->8---
root@delta ~# ss -ta -A all '( dport =3D :ssh )' dst 192.168.10.100/24
Netid             State             Recv-Q             Send-Q              =
           Local Address:Port                            Peer Address:Port =
           Process=20=20=20=20=20=20=20=20=20=20=20=20=20
tcp               ESTAB             0                  288                 =
            192.168.10.1:48106                         192.168.10.100:ssh=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20
--8<---------------cut here---------------end--------------->8---

There is no such a problem with shutdown command by the way.=20

>> I am checking (shepherd services) where `shutdown-services' defined, and
>> seems like it just walks across %services hash table. Am I missing
>> something?
>
> Correct, there=E2=80=99s nothing fancy going on there.
>
> Thanks,
> Ludo=E2=80=99.

--=20
Alexey