lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190520205358.GB25473@unicorn.suse.cz>
Date:   Mon, 20 May 2019 22:53:58 +0200
From:   Michal Kubecek <mkubecek@...e.cz>
To:     netdev@...r.kernel.org
Cc:     "M. Buecher" <maddes+kernel@...des.net>,
        Matthias May <matthias.may@...atec.com>,
        Heiner Kallweit <hkallweit1@...il.com>
Subject: Re: IP-Aliasing for IPv6?

On Mon, May 20, 2019 at 10:23:03PM +0200, M. Buecher wrote:
> Used feature is the label option of `ip`, which works for IPv4, but not with
> IPv6.

The only reason for having these labels is to allow old tools like
ifconfig to partially work even if the underlying implementation
changed. There is no need for labels with IPv6 as even ifconfig (and the
ioctl interface it uses) does not pretend there are virtual interfaces
and 1:1 mapping between interfaces and addresses and usess add/remove to
add or remove addresses to/from the list.

> Goal: Use virtual interfaces to run separate instances of a service on
> different IP addresses on the same machine.
> For example with dnsmasq I use `-interface ens192` for the normal main
> instance, while using `-interface ens192:0` and `-interfaces ens192:1` for
> special instances only assigned to specific machines via their MAC
> addresses.

Configuration syntax based on "listening on an interface" is in most
cases a historical relic because  this "interface" is just used to get
the address the daemon is to listen on (bind the listening socket to).
Most daemons support also identifying the listening address(es) directly
which should be preferred as then your configuration matches what the
daemon is actually doing. (There are exceptions, e.g. "ping -I eth1"
does something different than "ping -I 1.2.3.4" but these are rather
rare.) Any daemon supporting IPv6 should definitely support setting the
listening address(es) directly.

> What is the correct name when I use the label option of the ip command?
> The "IP-Aliasing" doc was the only one I could find on kernel.org that fit
> the way labels are assigned with ip.

They are just labels. The term "IP aliasing" denotes the older
implementation in 2.0 kernels where there were actual virtual
interfaces, allowing you to assign the extra addresses to them. Since
kernel 2.2, it's no longer the case, there is just the actual interface
and it has a list of IPv4 addresses.

                                                         Michal Kubecek

Powered by blists - more mailing lists