lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 10 Mar 2023 19:41:25 -0800
From:   Stephen Hemminger <stephen@...workplumber.org>
To:     Petr Machata <petrm@...dia.com>
Cc:     "David S. Miller" <davem@...emloft.net>,
        Eric Dumazet <edumazet@...gle.com>,
        Jakub Kicinski <kuba@...nel.org>,
        Paolo Abeni <pabeni@...hat.com>, <netdev@...r.kernel.org>,
        David Ahern <dsahern@...nel.org>,
        Shuah Khan <shuah@...nel.org>,
        "Ido Schimmel" <idosch@...dia.com>, <mlxsw@...dia.com>
Subject: Re: [PATCH net-next 0/5] net: Extend address label support

On Fri, 10 Mar 2023 12:44:53 +0100
Petr Machata <petrm@...dia.com> wrote:

> IPv4 addresses can be tagged with label strings. Unlike IPv6 addrlabels,
> which are used for prioritization of IPv6 addresses, these "ip address
> labels" are simply tags that the userspace can assign to IP addresses
> arbitrarily.
> 
> IPv4 has had support for these tags since before Linux was tracked in GIT.
> However it has never been possible to change the label after it is once
> defined. This limits usefulness of this feature. A userspace that wants to
> change a label might drop and recreate the address, but that disrupts
> routing and is just impractical.
> 
> IPv6 addresses lack support for address labels (in the sense of address
> tags) altogether.
> 
> In this patchset, extend IPv4 to allow changing the label defined at an
> address (in patch #1). Then, in patches #2 and #3, extend IPv6 with a suite
> of address label operations fully analogous with those defined for IPv4.
> Then in patches #4 and #5 add selftest coverage for the feature.
> 
> An example session with the feature in action:
> 
> 	# ip address add dev d 2001:db8:1::1/64 label foo
> 	# ip address show dev d
> 	4: d: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc [...]
> 	    link/ether 06:29:74:fd:1f:eb brd ff:ff:ff:ff:ff:ff
> 	    inet6 2001:db8:1::1/64 scope global foo <--
> 	    valid_lft forever preferred_lft forever
> 	    inet6 fe80::429:74ff:fefd:1feb/64 scope link d
> 	    valid_lft forever preferred_lft forever
> 
> 	# ip address replace dev d 2001:db8:1::1/64 label bar
> 	# ip address show dev d
> 	4: d: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc [...]
> 	    link/ether 06:29:74:fd:1f:eb brd ff:ff:ff:ff:ff:ff
> 	    inet6 2001:db8:1::1/64 scope global bar <--
> 	    valid_lft forever preferred_lft forever
> 	    inet6 fe80::429:74ff:fefd:1feb/64 scope link d
> 	    valid_lft forever preferred_lft forever
> 
> 	# ip address del dev d 2001:db8:1::1/64 label foo
> 	RTNETLINK answers: Cannot assign requested address
> 	# ip address del dev d 2001:db8:1::1/64 label bar

This would add a lot of naming confusion with existing IPv6 address labels.
And MPLS labels.

See man ip-addrlabel for more info.  Can't think of better term for this.
Tag would raise conflicts with vlan/vxlan tag term.
Name would be confusing vs DNS naming.

Also, most of the real world manages addresses through automated services so
doing it with ip address isn't going to help.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ