tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Interface description support



Just my 3 cents...

dms> But it also occurs to me that calling it a "description" is misleading
dms> if it's really an alternative name.  To me, "description" would be
dms> something like "Inter-office VPN" or "4th floor desktops".   [...]

Yepp, that's actually how I understand the initial proposal.
I come from a cisco background where an "interface description" as
an optional comment, and *only* a comment;  still, it tremendously
helps preserving sanity:

	shake>  show interface description | exclude down
	Interface                      Status         Protocol Description
	Vl1                            up             up       
	Fa0/1                          up             up       uplink
	Fa0/2                          up             up       ry
	Fa0/8                          up             up       alexis

The
	#define IFDESCRSIZE 64

from the proposed patch would be exactly appropriate for this purpose
("4th floor desktops").

[OpenBSD uses "ifconfig ... description <value>" is this sense.]


dms>                                                     [...]   What's been
dms> getting discussed here I would call an "alias", though I'd want to find
dms> a different word for it because ifconfig(8)'s command line already has
dms> an "alias" keyword.

FWIW, the linux iproute2 tools happen to use this nomenclature ("ip link set
eth0 alias outbound".   "label" comes to mind, too.

And I would prefer a very simple, rigid syntax for it.  Just one word
such as "inside" or "egress" is all I'd need for this "label" purpose.
This would allow sh or awk scripts parsing ifconfig/route/packetfilter
to remain on sane side.  The nightmares start with "multiple words
in quotes" -- please, don't make us go this route for labels.

[OpenBSD uses "ifconfig ... group <group-name>" for this purpose
      group group-name
	     Assign the interface to a "group".  group-name may not be
	     longer than 15 characters and must not end with a digit.
	     Any interface can be in multiple groups.
]


Lastly, I am *not* a great fan from the macro mechanism in npf where the
effective situation:

	# npfctl show
	[...]
	group "external" on vioif0
		ruleset "blacklistd" all
		pass final all

requires an extra translation to find the corresponding configuration
statements in /etc/npf.conf:

	$ext_if = "vioif0"
	[...]
	group "external" on $ext_if {
		ruleset "blacklistd"
		pass final all
	}

If description labels (as a replacement for such macros) could be preserved
in both these views, this would ease things a lot.  I even wouldn't mind
having to use/see explicit syntax for this goal.  (OpenBSD's pf happens
to do without.)

								Martin


Home | Main Index | Thread Index | Old Index