should looking at an interface with 'ifconfig' trigger a?change ?

Marian Hettwer mh at
Fri Aug 8 14:17:25 UTC 2008

Hi Oliver,

On Fri, 8 Aug 2008 15:18:36 +0200 (CEST), Oliver Fromme
<olli at> wrote:
> Andrew Thompson wrote:
>  > Pete French wrote:
>  > > > The bce driver is not properly generating link state events.
>  > >
>  > > OK, that explains why it doesnt failover - but why does looking at
>  > > with ifconfig make a difference ? surely that should be 'read only ?
>  >
>  > ifconfig will cause the media status to be read from the hardware at
>  > which time the link change is generated as it is different to the
> stored
>  > value.
> Shouldn't that be considered a security flaw?  After all,
> you can perform "ifconfig $IF" inside a jail to list the
> interface configuration, but you're not allowed to make
> any changes.
> Given your description above, it means that it is possible
> to modify the interface configuration (cause a failover)
> from within a jail.  That's not good.  I think that needs
> to be fixed, or at the very least it needs to be properly
> documented.
And regarding documentation. It should be documented, that lagg(4) won't
work very well with bce(4). If it's nowhere documented that bce and
failover with lagg doesn't work, some people might be screwed...

Just my 0,02 cents


More information about the freebsd-stable mailing list