lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20190520205358.GB25473@unicorn.suse.cz> Date: Mon, 20 May 2019 22:53:58 +0200 From: Michal Kubecek <mkubecek@...e.cz> To: netdev@...r.kernel.org Cc: "M. Buecher" <maddes+kernel@...des.net>, Matthias May <matthias.may@...atec.com>, Heiner Kallweit <hkallweit1@...il.com> Subject: Re: IP-Aliasing for IPv6? On Mon, May 20, 2019 at 10:23:03PM +0200, M. Buecher wrote: > Used feature is the label option of `ip`, which works for IPv4, but not with > IPv6. The only reason for having these labels is to allow old tools like ifconfig to partially work even if the underlying implementation changed. There is no need for labels with IPv6 as even ifconfig (and the ioctl interface it uses) does not pretend there are virtual interfaces and 1:1 mapping between interfaces and addresses and usess add/remove to add or remove addresses to/from the list. > Goal: Use virtual interfaces to run separate instances of a service on > different IP addresses on the same machine. > For example with dnsmasq I use `-interface ens192` for the normal main > instance, while using `-interface ens192:0` and `-interfaces ens192:1` for > special instances only assigned to specific machines via their MAC > addresses. Configuration syntax based on "listening on an interface" is in most cases a historical relic because this "interface" is just used to get the address the daemon is to listen on (bind the listening socket to). Most daemons support also identifying the listening address(es) directly which should be preferred as then your configuration matches what the daemon is actually doing. (There are exceptions, e.g. "ping -I eth1" does something different than "ping -I 1.2.3.4" but these are rather rare.) Any daemon supporting IPv6 should definitely support setting the listening address(es) directly. > What is the correct name when I use the label option of the ip command? > The "IP-Aliasing" doc was the only one I could find on kernel.org that fit > the way labels are assigned with ip. They are just labels. The term "IP aliasing" denotes the older implementation in 2.0 kernels where there were actual virtual interfaces, allowing you to assign the extra addresses to them. Since kernel 2.2, it's no longer the case, there is just the actual interface and it has a list of IPv4 addresses. Michal Kubecek
Powered by blists - more mailing lists