lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <200711221625.22544.wolfgang.walter@studentenwerk.mhn.de>
Date:	Thu, 22 Nov 2007 16:25:22 +0100
From:	Wolfgang Walter <wolfgang.walter@...dentenwerk.mhn.de>
To:	netdev@...r.kernel.org
Subject: Re: [PATCHv6 0/3] Interface group patches

From: Patrick McHardy

> I'm working on the incremental ruleset changing API BTW :)
> One of the changes will be that interface matching is not
> a default part of every rule, and without wildcards it will
> use the ifindex. But since the cost of this feature seems
> pretty low, I don't see a compelling reason against it.

Using ifindex instead of string matching the interface name in -i and -o
 would be a serious problem as it changes the semantics.

1) Now you can match a non existing interface. This is certainly used. I.e.
with vlan interfaces, ppp etc.
2) Now your rule will match an interface even if the ifindex of the interface
changes. This is used (i.e. you activate a backup interface and rename it,
build new bridges etc.).

If one wants to use the ifindex instead of a string match on the name one
should explicitly request that (i.e. by using "-i =eth0" or something like
that).

Regards,
--
Wolfgang Walter
Studentenwerk München
Anstalt des öffentlichen Rechts
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ