lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 1 Dec 2015 10:34:41 -0500
From:	Sowmini Varadhan <sowmini.varadhan@...cle.com>
To:	netdev@...r.kernel.org
Subject: Re: [RFC] Stable interface index option

On (12/01/15 13:04), Maximilian Wilhelm wrote:
> 
> The reason we would like to have those is quite simple: As we operate
> a somewhat larger network we would like to monitor it accordingly and
> see when links get saturated etc. Therefore we used snmp based
> solutions and the net-snmp daemon on all the boxes. Now SNMP uses
> interface indexes for identifying the interfaces. If they aren't
> stable the monitoring software will see a lot of new interfaces now
> and then, e.g. after a OpenVPN server/client restarted (which is bad)
> or even mix up interfaces (which is worse).

FWIW, this is how router implementations such as cisco network OS-es
deal with this issue- every interface has 2 32-bit integers associated
with it, one is the "snmp-ifindex", conformant with rfc 2863, 
that never changes, and encodes positional information like slot#,
chassis#, card type etc.  This number is sparse (i.e., it
is not necessarily a consecutive number space) Encoding is implementation
specific, of course, and macros are supplied if you want to look into
the encoding itself.

the other number is the one used internally by the network stack,
and is subject to frequent change, as interfaces come and go (up/down,
virtual interfaces change etc). This is a packed number-space- next
available index is handed to each interface as it comes up.

SNMP mibs publish the first number, and apps can use that number
to uniquely identify an interface. 

If there are enough apps that rely on an immutable index to identify
an interface, it might be worthwhile to consider this type of approach.

> +	if (!dev->ifindex) {
> +		if (strcmp (dev->name, "gre_ffrl_fra_a") == 0) {
> +			ifindex = 23;
> +		} else if (strcmp (dev->name, "bb-pad-cr01") == 0) {
> +			ifindex = 42;
> +		}

I'm not sure I understand how this would work- are we going to 
pin down the ifindex for some subset of interfaces?
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ