Do you use a value other than AUTO for network_interfaces?

Brooks Davis brooks at freebsd.org
Tue Jun 2 22:06:14 UTC 2009


On Tue, Jun 02, 2009 at 03:51:25PM -0500, David Kelly wrote:
> On Tue, Jun 02, 2009 at 10:30:46PM +0200, Ruben van Staveren wrote:
> > 
> > On 2 Jun 2009, at 21:20, Doug Barton wrote:
> > 
> > >Up till Sunday in 8-current, and for a long time in general
> > >network.subr (part of the rc.d system) has emitted a warning that
> > >values of network_interfaces other than AUTO are deprecated. I
> > >removed that warning in HEAD Sunday, and there is no a discussion
> > >about whether or not it should be put back, and whether or not there
> > >is any need for the user to specify the list of network interfaces at
> > >all.
> > 
> > Well, I do.
> > 
> > I only want to configure only the interfaces that are connected and
> > that I know about. especially in combination with IPv6 there is a nit
> > that you'll get autoconfiguration for all interfaces unless they are
> > all explicitly configured.
> 
> And while I'm not currently using anything other than AUTO I would think
> there is a security ramification if someone were to plug in to a
> supposedly unused port, then reboot the machine to prompt AUTO to
> configure their interface.
> 
> Its not just a security thing, its an "idiot-proof" thing. If someone is
> moving machines around I don't want them to come up and partially work
> if the wires are plugged into the wrong holes. Would rather it be
> completely broken.
> 
> I think its good that there is an AUTO *option*. Is also OK that it be
> the default. I don't think mandatory AUTO is good, if I want a port
> disabled then I want it to stay disabled.

To repeat what I wrote earlier today on another list there's no need
to worry about hot plugged or newly added interfaces getting magically
configured to do dhcp or anything else[0].  For the system to do
something with an interface the following must be true:

 - It makes it in to the list of interfaces somehow (either by adding it
   to network_interfaces or leaving network_interfaces alone)
 - It actually exists or is create early in the process via
   cloned_interfaces, gif_interfaces, etc
 - The ifconfig_<if> variable is set (I think i can be "", but "up" is
   always a good choice if you just want a stub.
 - The ifconfig_<if> variable must not contain the NOAUTO keyword.

If all of those things are true, the interface will be configured at
startup or on insert.  Otherwise, it won't be.

-- Brooks

[0] This is at least true in the IPv4 case, the IPv6 case really needs
work.  I thought someone had patches to bring the IPv6 support up to
par with the IPv4 case, but they haven't been committed yet.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20090602/98afd370/attachment.pgp


More information about the freebsd-stable mailing list