tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Temporary IPv6 addresses vs. netgroups



is%netbsd.org@localhost wrote:
On Thu, Jan 31, 2013 at 09:57:17PM +1100, Darren Reed wrote:

I wonder if focusing on addresses is the correct thing to do.

Should we in fact be focusing on network interfaces instead?

No. At least that's a different problem.

We started talking about multiple addresses on the same LAN, some being
randomized and only intended for pseudonymous access to untrusted peers.

The desire is to have an application tell it doesn't want to use them;
think address-authorized lpr or nfs.

What about being able to give an address a "metric" that enabled
a sorting order for address selection?

# ifconfig bge0 alias 192.168.1.1 netmask 255.255.255.0 weight 15
# ifconfig bge0 alais 10.1.1.1 netmask 255.255.252.0 weight 50


Another approach might be to support having the default address to
use as part of the process's properties, so that in the NFS mount
script you can do:

[ -n "$nfs_localaddr" ] && \
sysctl -w "proc.$$.localaddrlist=$nfs_localaddr"

in the various _precmd() bits that start the SunRPC bits.

Another approach might be to support having process-local routing
tables such that you could do:

[ -n "$nfs_ifa" -a -n "$nfs_server" ] && \
route add -host "$nfs_server" -ifa "$nfs_ifa" -proc $$

Both of the sysctl/route approaches more or less dictate using an API
that isn't setsockopt.

Thoughts?

Darren



Home | Main Index | Thread Index | Old Index