| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 22 Nov 2007 16:25:22 +0100 From: Wolfgang Walter <wolfgang.walter@...dentenwerk.mhn.de> To: netdev@...r.kernel.org Subject: Re: [PATCHv6 0/3] Interface group patches From: Patrick McHardy > I'm working on the incremental ruleset changing API BTW :) > One of the changes will be that interface matching is not > a default part of every rule, and without wildcards it will > use the ifindex. But since the cost of this feature seems > pretty low, I don't see a compelling reason against it. Using ifindex instead of string matching the interface name in -i and -o would be a serious problem as it changes the semantics. 1) Now you can match a non existing interface. This is certainly used. I.e. with vlan interfaces, ppp etc. 2) Now your rule will match an interface even if the ifindex of the interface changes. This is used (i.e. you activate a backup interface and rename it, build new bridges etc.). If one wants to use the ifindex instead of a string match on the name one should explicitly request that (i.e. by using "-i =eth0" or something like that). Regards, -- Wolfgang Walter Studentenwerk München Anstalt des öffentlichen Rechts - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists