From owner-freebsd-current@FreeBSD.ORG Tue Jun 2 22:06:13 2009 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7C02010656B5; Tue, 2 Jun 2009 22:06:13 +0000 (UTC) (envelope-from brooks@lor.one-eyed-alien.net) Received: from lor.one-eyed-alien.net (cl-162.ewr-01.us.sixxs.net [IPv6:2001:4830:1200:a1::2]) by mx1.freebsd.org (Postfix) with ESMTP id 01F0E8FC15; Tue, 2 Jun 2009 22:06:12 +0000 (UTC) (envelope-from brooks@lor.one-eyed-alien.net) Received: from lor.one-eyed-alien.net (localhost [127.0.0.1]) by lor.one-eyed-alien.net (8.14.3/8.14.3) with ESMTP id n52M6Odo018821; Tue, 2 Jun 2009 17:06:24 -0500 (CDT) (envelope-from brooks@lor.one-eyed-alien.net) Received: (from brooks@localhost) by lor.one-eyed-alien.net (8.14.3/8.14.3/Submit) id n52M6OeV018820; Tue, 2 Jun 2009 17:06:24 -0500 (CDT) (envelope-from brooks) Date: Tue, 2 Jun 2009 17:06:24 -0500 From: Brooks Davis To: David Kelly Message-ID: <20090602220624.GD15552@lor.one-eyed-alien.net> References: <4A257B82.1000701@FreeBSD.org> <20090602205125.GA75470@Grumpy.DynDNS.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="hxkXGo8AKqTJ+9QI" Content-Disposition: inline In-Reply-To: <20090602205125.GA75470@Grumpy.DynDNS.org> User-Agent: Mutt/1.5.17 (2007-11-01) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-3.0 (lor.one-eyed-alien.net [127.0.0.1]); Tue, 02 Jun 2009 17:06:24 -0500 (CDT) Cc: Doug Barton , freebsd-stable@freebsd.org, Ruben van Staveren , freebsd-current@freebsd.org Subject: Re: Do you use a value other than AUTO for network_interfaces? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Jun 2009 22:06:14 -0000 --hxkXGo8AKqTJ+9QI Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jun 02, 2009 at 03:51:25PM -0500, David Kelly wrote: > On Tue, Jun 02, 2009 at 10:30:46PM +0200, Ruben van Staveren wrote: > >=20 > > On 2 Jun 2009, at 21:20, Doug Barton wrote: > >=20 > > >Up till Sunday in 8-current, and for a long time in general > > >network.subr (part of the rc.d system) has emitted a warning that > > >values of network_interfaces other than AUTO are deprecated. I > > >removed that warning in HEAD Sunday, and there is no a discussion > > >about whether or not it should be put back, and whether or not there > > >is any need for the user to specify the list of network interfaces at > > >all. > >=20 > > Well, I do. > >=20 > > I only want to configure only the interfaces that are connected and > > that I know about. especially in combination with IPv6 there is a nit > > that you'll get autoconfiguration for all interfaces unless they are > > all explicitly configured. >=20 > And while I'm not currently using anything other than AUTO I would think > there is a security ramification if someone were to plug in to a > supposedly unused port, then reboot the machine to prompt AUTO to > configure their interface. >=20 > Its not just a security thing, its an "idiot-proof" thing. If someone is > moving machines around I don't want them to come up and partially work > if the wires are plugged into the wrong holes. Would rather it be > completely broken. >=20 > I think its good that there is an AUTO *option*. Is also OK that it be > the default. I don't think mandatory AUTO is good, if I want a port > disabled then I want it to stay disabled. To repeat what I wrote earlier today on another list there's no need to worry about hot plugged or newly added interfaces getting magically configured to do dhcp or anything else[0]. For the system to do something with an interface the following must be true: - It makes it in to the list of interfaces somehow (either by adding it to network_interfaces or leaving network_interfaces alone) - It actually exists or is create early in the process via cloned_interfaces, gif_interfaces, etc - The ifconfig_ variable is set (I think i can be "", but "up" is always a good choice if you just want a stub. - The ifconfig_ variable must not contain the NOAUTO keyword. If all of those things are true, the interface will be configured at startup or on insert. Otherwise, it won't be. -- Brooks [0] This is at least true in the IPv4 case, the IPv6 case really needs work. I thought someone had patches to bring the IPv6 support up to par with the IPv4 case, but they haven't been committed yet. --hxkXGo8AKqTJ+9QI Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (FreeBSD) iD8DBQFKJaJfXY6L6fI4GtQRAsTIAJ44ujZ0IyN+UOFfrEYO+fOuoPJU/QCfUQ9L QDD118Wna7ApeNBlsLL0pcE= =56aR -----END PGP SIGNATURE----- --hxkXGo8AKqTJ+9QI--