On Wednesday 2010-01-13 14:24, Patrick McHardy wrote:
>>
>> The proposal is to enhance iptables (and other tools which might fail if
>> integrated port 1 does not get named as eth0) to support something like
>[...]
>> + strcpy(vianame, kernel_name);
>> + int vialen = strlen(kernel_name);
>> if ((vialen == 0) || (vialen == 1 && vianame[0] == '+'))
>> memset(mask, 0, IFNAMSIZ);
>> else if (vianame[vialen - 1] == '+') {
>>
>>
>> where kernel_name is the ethN name that will be returned by a library
>> like libnetdevname which will map the user supplied "Embedded_NIC_1"
>> name to the corresponding ethN name, thus bringing in determinism while
>> referring to the network interfaces.
>>
>> Netfilter-devel, would this be acceptable ?
>
>What I don't like very much is that you can't decide whether to
>map the interface names back in order to display a rule the same
>way it was specified. Anyone looking at the output will have to
>know the alias mapping, which seems to defeat the purpose of
>this patch.
By definition, the mapping from aliases to real names is not
bijective, thus not always unambiguously reversible. That also means
there will be problems if either side of a mapping disappears - say,
across a reboot - you are in for some local DoS. That of course also
holds for regular network interface names, but only if you do not use
udev to give them a persistent name.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
