Interface groups (from OpenBSD)
Max Laier
max at love2party.net
Tue Mar 28 09:32:34 UTC 2006
Hi,
while porting OpenBSD 3.9 (soon to be released) pf I stumbled on interface
groups. This is a mechanism to group arbitrary interfaces into logical
groups. It is just naming (not functional change), but it helps to convey
semantic information (e.g. group "LAN", "DMZ" ...) about your interface to
supporting applications. This way you can write a policies for interface
group "LAN" and have it applied to all the VLAN interfaces that come and go.
Administration is done via ifconfig. We currently have "ifconfig name" which
does part of the job.
My question: Does that sound like something interesting for us and should I go
for importing it into FreeBSD proper, or is it not at all interesting and we
don't want it (in which case I'd hack something up for pf).
Technical reasoning: A proper import would add an additional TAILQ link into
struct ifnet (which is a great deal of ABI change and causes the usual
headaches). The hack would use a single void *, but we'd have to pay for the
additional indirection. Also yet another config tool would be required to
administer the interface <-> group binding.
--
/"\ Best regards, | mlaier at freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier at EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20060328/a15a0cdd/attachment.pgp
More information about the freebsd-net
mailing list