Re: Interface description support

[Michael van Elst <mlelstv%serpens.de@localhost>]

On Tue, Jun 25, 2019 at 09:49:46AM +0200, Manuel Bouyer wrote:
> On Mon, Jun 24, 2019 at 09:56:35PM -0000, Michael van Elst wrote:
> > IMHO such functionality doesn't belong into the kernel, it's much easier
> > to have a configuration syntax with variables or macros to achieve hte
> > same.
> 
> Exept it would make it harder to use in e.g. packet filters.
> The interface may not exist when the packet filter rule file is parsed
> (e.g. in a Xen dom0)

For some packet filters that's not even a question as these are
attached to specific interfaces. For new interfaces you need
to load new rules and that can be handled in userland.

npf, working in the IP layer, needs to filter packets according to
interface. That allows more complex matching in the kernel, which
makes it easier to use. But is pushing complexity into the kernel
the right thing?


Greetings,
-- 
                                Michael van Elst
Internet: mlelstv%serpens.de@localhost
                                "A potential Snark may lurk in every tree."