57 messages in org.freebsd.freebsd-stableDesired behaviour of "ifconfig -alias"| From | Sent On | Attachments |
|---|---|---|
| Kevin Way | Feb 9, 2007 9:35 pm | |
| Jeremy Chadwick | Feb 9, 2007 9:48 pm | |
| Brooks Davis | Feb 9, 2007 10:54 pm | |
| JoaoBR | Feb 10, 2007 1:00 am | |
| Kevin Way | Feb 10, 2007 2:13 am | |
| Jeremy Chadwick | Feb 10, 2007 2:47 am | |
| Ian Smith | Feb 10, 2007 5:12 am | |
| JoaoBR | Feb 10, 2007 10:16 am | |
| Michael Nottebrock | Feb 10, 2007 12:15 pm | |
| Ian Smith | Feb 10, 2007 2:19 pm | |
| Bruce M. Simpson | Feb 11, 2007 1:35 am | |
| Oliver Fromme | Feb 12, 2007 2:26 pm | |
| Brooks Davis | Feb 12, 2007 2:42 pm | |
| Jeremy Chadwick | Feb 12, 2007 3:36 pm | |
| Oliver Fromme | Feb 12, 2007 4:22 pm | |
| Brooks Davis | Feb 12, 2007 4:36 pm | |
| JoaoBR | Feb 12, 2007 5:27 pm | |
| Oliver Fromme | Feb 12, 2007 5:39 pm | |
| Brooks Davis | Feb 12, 2007 5:59 pm | |
| Oliver Fromme | Feb 12, 2007 6:09 pm | |
| Oliver Fromme | Feb 12, 2007 6:23 pm | |
| Brooks Davis | Feb 12, 2007 6:40 pm | |
| Jeremy Chadwick | Feb 12, 2007 7:16 pm | |
| Brooks Davis | Feb 12, 2007 7:27 pm | |
| John Hay | Feb 12, 2007 7:32 pm | |
| Jeremy Chadwick | Feb 12, 2007 7:34 pm | |
| Brooks Davis | Feb 12, 2007 7:43 pm | |
| Freddie Cash | Feb 12, 2007 7:47 pm | |
| JoaoBR | Feb 12, 2007 7:54 pm | |
| JoaoBR | Feb 12, 2007 9:17 pm | |
| Oliver Fromme | Feb 12, 2007 10:04 pm | |
| J. T. Farmer | Feb 12, 2007 11:14 pm | |
| Kevin Way | Feb 12, 2007 11:26 pm | |
| Joerg Pernfuss | Feb 13, 2007 2:01 am | |
| Brooks Davis | Feb 13, 2007 2:23 am | |
| Sam Leffler | Feb 13, 2007 4:00 am | |
| Freddie Cash | Feb 13, 2007 6:08 am | |
| JoaoBR | Feb 13, 2007 7:43 am | |
| Oliver Fromme | Feb 13, 2007 7:57 am | |
| JoaoBR | Feb 13, 2007 8:52 am | |
| Oliver Fromme | Feb 13, 2007 10:38 am | |
| Oliver Fromme | Feb 13, 2007 10:47 am | |
| Bruce M. Simpson | Feb 13, 2007 1:17 pm | |
| Freddie Cash | Feb 13, 2007 5:14 pm | |
| Pete French | Feb 13, 2007 5:19 pm | |
| Freddie Cash | Feb 13, 2007 5:22 pm | |
| Freddie Cash | Feb 13, 2007 5:44 pm | |
| Jeremy Chadwick | Feb 13, 2007 6:08 pm | |
| Oliver Fromme | Feb 13, 2007 6:37 pm | |
| Oliver Fromme | Feb 13, 2007 6:41 pm | |
| Freddie Cash | Feb 13, 2007 6:55 pm | |
| sth...@nethelp.no | Feb 13, 2007 7:02 pm | |
| Joan Picanyol i Puig | Feb 13, 2007 7:04 pm | |
| Patrick M. Hausen | Feb 13, 2007 7:10 pm | |
| Oliver Fromme | Feb 13, 2007 8:06 pm | |
| Oliver Fromme | Feb 13, 2007 8:36 pm | |
| Jeremy Chadwick | Feb 13, 2007 9:32 pm |
| Subject: | Desired behaviour of "ifconfig -alias" | |
|---|---|---|
| From: | Oliver Fromme (ol...@lurza.secnetix.de) | |
| Date: | Feb 13, 2007 8:06:22 pm | |
| List: | org.freebsd.freebsd-stable | |
sth...@nethelp.no wrote:
In that situation, wouldn't deleting the primary IP cause connection issues for the rest of the IPs?
No. I can delete _any_ of the above IP addresses, and the others would still work perfectly fine. I already did things like that (on a different machine).
As for outgoing connections: It is true that the kernel picks a random matching IP address to be the source IP, which happens to be the first one, but that's just as coincidence as "-alias" picking the first one if none is given. ;-)
If it is indeed true that the kernel picks a *random* IP address for the source IP, I'd have to say that's not at all good enough.
Well, "random" was probably misleading, I'm sorry. It should better be called "arbitrary", I think.
I'm all for being able to use the same netmask for several addresses in the same subnet (I have asked for this before) - but the source IP used by traffic generated from the host itself *must* be predictable.
It _is_ predictable, it is the first address currently configured on the interface. But doing so is (was) an arbitrary decision.
Of course, if you remove the first address, it will simply use the next one (which will then become the first one).
On the other hand, if you need to guarantee that a certain address is used as source IP for outgoing connections, then you should explicitly bind the socket to that address. Many programs have an option to do that, or -- if they don't -- it's usually not too difficult to insert a bind(2) call into the source yourself. Another way to do it is to run the program inside a jail; you don't even have to set up a chroot if you don't want to: # jail / `hostname` $IP /path/to/program
I would advise against relying on the current behaviour that the kernel always picks the first address as the source address for a subnet for unbound sockets.
Best regards Oliver
-- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Gesch?ftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht M?n- chen, HRB 125758, Gesch?ftsf?hrer: Maik Bachmann, Olaf Erb, Ralf Gebhart Any opinions expressed in this message are personal to the author and may not necessarily reflect the opinions of secnetix GmbH & Co KG in any way. FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd
"And believe me, as a C++ programmer, I don't hesitate to question the decisions of language designers. After a decent amount of C++ exposure, Python's flaws seem ridiculously small." -- Ville Vainio