Date: Tue, 28 Mar 2006 08:24:31 -0800 From: Brooks Davis <brooks@one-eyed-alien.net> To: Max Laier <max@love2party.net> Cc: freebsd-net@freebsd.org, Brooks Davis <brooks@freebsd.org> Subject: Re: Interface groups (from OpenBSD) Message-ID: <20060328162431.GA9637@odin.ac.hmc.edu> In-Reply-To: <200603281131.28240.max@love2party.net> References: <200603281131.28240.max@love2party.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--YiEDa0DAkWCtVeE4 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Mar 28, 2006 at 11:31:22AM +0200, Max Laier wrote: > Hi, >=20 > while porting OpenBSD 3.9 (soon to be released) pf I stumbled on interfac= e=20 > groups. This is a mechanism to group arbitrary interfaces into logical= =20 > groups. It is just naming (not functional change), but it helps to conve= y=20 > semantic information (e.g. group "LAN", "DMZ" ...) about your interface t= o=20 > supporting applications. This way you can write a policies for interface= =20 > group "LAN" and have it applied to all the VLAN interfaces that come and = go. =20 > Administration is done via ifconfig. We currently have "ifconfig name" w= hich=20 > does part of the job. >=20 > My question: Does that sound like something interesting for us and should= I go=20 > for importing it into FreeBSD proper, or is it not at all interesting and= we=20 > don't want it (in which case I'd hack something up for pf). Sounds like a reasonable feature. I think it's orthogional to renaming. > Technical reasoning: A proper import would add an additional TAILQ link = into=20 > struct ifnet (which is a great deal of ABI change and causes the usual=20 > headaches). The hack would use a single void *, but we'd have to pay for= the=20 > additional indirection. Also yet another config tool would be required t= o=20 > administer the interface <-> group binding. Adding a TAILQ to the end of struct ifnet would not be an ABI change in 6 because drivers don't know or care how big struct ifnet is anymore and I can't think of an implementation where the drive code would need to care. -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --YiEDa0DAkWCtVeE4 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFEKWM+XY6L6fI4GtQRAhoQAJ41pqwaheC1iAd5jcmXk6nPTUQCpACfcYly wiFAsgULr9EQ9ldqSuWYXwg= =X5zs -----END PGP SIGNATURE----- --YiEDa0DAkWCtVeE4--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060328162431.GA9637>