[PATCH] add "tag" to net ifaces

B. James Phillippe (bryan@terran.org)
Mon, 31 May 1999 01:50:22 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Albert D. Cahalan: "Re: dso loading question"
Previous message: Miquel van Smoorenburg: "Re: serial callout devices"

Greetings,

Can anyone comment on the usefulness of this feature (other than me)? :-)

I am considering using this to label interfaces with private values such
that a custom firewall driver can apply default/special rules to an
interface simply by the tag assigned from user-space. Typical values would
be "IF_TAG_HOSTILE", "IF_TAG_TRUSTED", etc. Having this generic int though
could be pretty useful for other things too.

-bp

--
B. James Phillippe		. bryan@terran.org
Software Engineer, WGT Inc.	. http://www.terran.org/~bryan

---------- Forwarded message ----------
Subject: Re: in_device.flags usage, and "tagging" interfaces 
Date: Thu, 27 May 1999 20:25:23 -0700 (PDT)
From: B. James Phillippe <bryan@terran.org>
To: Paul Rusty Russell <Paul.Russell@rustcorp.com.au>, kuznet@ms2.inr.ac.ru

On Sat, 22 May 1999, Paul Rusty Russell wrote:

> In message <199905201634.UAA01960@ms2.inr.ac.ru> you write:
> > Hello!
...
> > He wanted to bundle lots of ifaces to classes. The idea is really good.
> > 
> > With ipchains, if you have bundle of N ppp lines, you will have to
> > multiply number of ipchain rules by N. It is not fatal, but not good.
> 
> No.  Rename them to trust0...trustN, and use ipchains' wildcard
> interface names.

At first I decided to do this, but some co-workers convinced me it was more
work; the problem is primarily in user-space, where some utilities have
hard-coded interface names all over the place (I think pppd in particular).
The other slight deficiency is the need to do strcmp()'s on the interface
name if you have registered your own firewall operations; it would be
faster to switch on an integer.

> Tagging interfaces is an decent idea, but it's not neccessary for
> this.

If you both still believe the idea is worthwhile, take a look at this patch
(on 2.2.9) and let me know if you think it is the right approach:

-bp
--
B. James Phillippe		. bryan@terran.org
Software Engineer, WGT Inc.	. http://www.terran.org/~bryan

Index: include/linux/inetdevice.h
===================================================================
RCS file: /v/CVS-twisp/imports/linux-2.2/include/linux/inetdevice.h,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 inetdevice.h
--- inetdevice.h	1999/04/22 20:58:02	1.1.1.1
+++ inetdevice.h	1999/05/28 03:11:13
@@ -16,6 +16,7 @@
 	int	log_martians;
 	int	forwarding;
 	int	mc_forwarding;
+	int	tag;
 	void	*sysctl;
 };
 
@@ -27,7 +28,6 @@
 	struct in_ifaddr	*ifa_list;	/* IP ifaddr chain		*/
 	struct ip_mc_list	*mc_list;	/* IP multicast filter chain    */
 	unsigned long		mr_v1_seen;
-	unsigned		flags;
 	struct neigh_parms	*arp_parms;
 	struct ipv4_devconf	cnf;
 };
@@ -43,6 +43,7 @@
 #define IN_DEV_SHARED_MEDIA(in_dev)	(ipv4_devconf.shared_media || (in_dev)->cnf.shared_media)
 #define IN_DEV_TX_REDIRECTS(in_dev)	(ipv4_devconf.send_redirects || (in_dev)->cnf.send_redirects)
 #define IN_DEV_SEC_REDIRECTS(in_dev)	(ipv4_devconf.secure_redirects || (in_dev)->cnf.secure_redirects)
+#define IN_DEV_IDTAG(in_dev)		((in_dev)->cnf.tag)
 
 #define IN_DEV_RX_REDIRECTS(in_dev) \
 	((IN_DEV_FORWARD(in_dev) && \
Index: include/linux/sysctl.h
===================================================================
RCS file: /v/CVS-twisp/imports/linux-2.2/include/linux/sysctl.h,v
retrieving revision 1.2
diff -u -r1.2 sysctl.h
--- sysctl.h	1999/05/06 02:40:28	1.2
+++ sysctl.h	1999/05/27 23:56:45
@@ -264,7 +264,8 @@
 	NET_IPV4_CONF_RP_FILTER=8,
 	NET_IPV4_CONF_ACCEPT_SOURCE_ROUTE=9,
 	NET_IPV4_CONF_BOOTP_RELAY=10,
-	NET_IPV4_CONF_LOG_MARTIANS=11
+	NET_IPV4_CONF_LOG_MARTIANS=11,
+	NET_IPV4_CONF_TAG=12
 };
 
 /* /proc/sys/net/ipv6 */
Index: net/ipv4/devinet.c
===================================================================
RCS file: /v/CVS-twisp/imports/linux-2.2/net/ipv4/devinet.c,v
retrieving revision 1.2
diff -u -r1.2 devinet.c
--- devinet.c	1999/05/27 17:39:29	1.2
+++ devinet.c	1999/05/28 01:35:06
@@ -915,7 +915,7 @@
 static struct devinet_sysctl_table
 {
 	struct ctl_table_header *sysctl_header;
-	ctl_table devinet_vars[12];
+	ctl_table devinet_vars[13];
 	ctl_table devinet_dev[2];
 	ctl_table devinet_conf_dir[2];
 	ctl_table devinet_proto_dir[2];
@@ -955,6 +955,9 @@
         {NET_IPV4_CONF_LOG_MARTIANS, "log_martians",
          &ipv4_devconf.log_martians, sizeof(int), 0644, NULL,
          &proc_dointvec},
+	{NET_IPV4_CONF_TAG, "tag",
+	 &ipv4_devconf.tag, sizeof(int), 0644, NULL,
+	 &proc_dointvec},
 	 {0}},
 
 	{{NET_PROTO_CONF_ALL, "all", NULL, 0, 0555, devinet_sysctl.devinet_vars},{0}},



-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/






 Next message: Albert D. Cahalan: "Re: dso loading question"
 Previous message: Miquel van Smoorenburg: "Re: serial callout devices"