From owner-cvs-all@FreeBSD.ORG Thu Jan 26 21:00:11 2006 Return-Path: X-Original-To: cvs-all@freebsd.org Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 35FFF16A422; Thu, 26 Jan 2006 21:00:11 +0000 (GMT) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from transport.cksoft.de (transport.cksoft.de [62.111.66.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id 99F5B43D46; Thu, 26 Jan 2006 21:00:10 +0000 (GMT) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from transport.cksoft.de (localhost [127.0.0.1]) by transport.cksoft.de (Postfix) with ESMTP id 4E19B1FFDE7; Thu, 26 Jan 2006 22:00:08 +0100 (CET) Received: by transport.cksoft.de (Postfix, from userid 66) id 6DE7F1FFDE6; Thu, 26 Jan 2006 22:00:05 +0100 (CET) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id C23F444487E; Thu, 26 Jan 2006 20:58:18 +0000 (UTC) Date: Thu, 26 Jan 2006 20:58:18 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Gleb Smirnoff In-Reply-To: <20060126195806.GC83922@FreeBSD.org> Message-ID: <20060126202334.W24703@maildrop.int.zabbadoz.net> References: <200601261306.k0QD6o4P070834@repoman.freebsd.org> <43D927B4.9040602@elischer.org> <20060126195806.GC83922@FreeBSD.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Virus-Scanned: by AMaViS cksoft-s20020300-20031204bz on transport.cksoft.de Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org, Julian Elischer , cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/netgraph ng_pppoe.c X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Jan 2006 21:00:11 -0000 On Thu, 26 Jan 2006, Gleb Smirnoff wrote: Hi, some brain-dump... > The other change I'm planning to do is the following - if the > original PADI had empty Service-Name, and we are servicing a > specific Service-Name, then return remove empty one from PADO, > returning only our specific Service-Name. Why would you want that? I haven't re-read the RFC but I think it said that PADOs have to include the Service-Name the client requested first, optionally followed by other Services-Names the AC may want to announce. Only in PADS you will then reply with only the one Name you accepted. I can see the problem with your change and the above coming: What would happen if you a) accepted the 'any service' request b) replied with 'any service' and 'service-name1, ...' c) the client now requests 'any service' d) you don't want to serve 'any service' Well you should have been silent from a) to b) *ups* Ok, so the only solution to this problem is what should also be in that RFC - it's a ploicy decicion of the AC -- of what to accept as Service-Name in a PADI. We had a clear policy up to now name it closed system. With your change we will have an open system (everyone will see the Service-Names we may serve if requested). The first thing might be a sysctl to toggle old and new behavior but actually one may also want to decide on a peer by peer base depending on a lookup perhaps based on mac address and/or Service-Name requested or even simpler on a per ("Ethernet") port base and fall back to a default poilcy if there is nothing (no hook) to do such a lookup. [ I am () ethernet because it's not always a physical ethernet port at the other end at the AC ] The other question is what to do with clients requesting Service-Names we don't know of but we know that we should serve the client? I think this is a common scenario here in DE that some clients set a Service-Name to "foo" and the ACs silently ignore and just serves it (server all Service-Names policy)[1]. It's also a policy decision that people might need ... [1] There are people speculating what will happen if they need to make use of service-names ... ;) Fun with nnK users ... -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT