lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4714A4C3.10103@balabit.hu>
Date:	Tue, 16 Oct 2007 13:47:15 +0200
From:	Laszlo Attila Toth <panther@...abit.hu>
To:	hadi@...erus.ca
CC:	netdev@...r.kernel.org, netfilter-devel@...r.kernel.org
Subject: Re: Resend: [IPROUTE2 PATCH] Interface group as new ip link option

jamal írta:
> On Tue, 2007-16-10 at 13:05 +0200, Laszlo Attila Toth wrote:
> 
>> That sounds great but for what whould you like to use? It may help me 
>> for the implementation.
> 
> For example i may want to add a tc rule to a group of interfaces.
> tc BNF roughly looks like:
> tc <object> <operation> <target>
> 
> Where targe is := <dev devname>
> It may be useful to extend "target" to include alternatively a group of
> devices.

Ok, I see.

> 
>> Currently it is not available since the the 
>> net_device structure holds the group id and for this get operation an 
>> iteration (of net_devices) may be necessary...
> 
> I understand - but i would rather do the iteration in the kernel than in
> user space and save myself a gazillion netlink messages.

You are right - that's faster in the kernel and useless to move it to 
userspace.

> 
>> We didn't want to use multiple groups in favour of masked group ids. 
>> What kind of usage needs other implementation?
> 
> Same lazyperson use cases as above; in one case i may want to set a rule
> to group = {eth0, eth1, eth10} and in another {eth0,eth5}. I realize
> this may be more involved something clever for an implementation (eg
> using a bitmap instead of a straight int) - so if it not a simple thing,
> just defer it to some later time.

Hm, the main problem (for me) is that it requires more then one value 
per net device and it should be limited. But if I say it is 5 for 
instance, anyone can say it is not enough for him.


> 
> Ok, now that you are asking, heres another one feature request for
> you;-> It would be nice if i can set a group based on a regular
> expression of a devices name; eg "ppp*". Use case for this, off top of
> my head (without looking at your syntax):
> 
> ip set group 10 ppp*

ip link set ppp0 group 10
also if "ip link set..." works for multiple interfaces it is already 
done. If it is not, it will affect positively all other settings :)

-- 
Attila
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ