Re: Removing PF

To: Mindaugas Rasiukevicius <rmind%netbsd.org@localhost>
Subject: Re: Removing PF
From: "John D. Baker" <jdbaker%consolidated.net@localhost>
Date: Sun, 7 Apr 2019 23:47:08 -0500 (CDT)

On Mon, 8 Apr 2019, Mindaugas Rasiukevicius wrote:

> "John D. Baker" <jdbaker%consolidated.net@localhost> wrote:
> > Is it possible to assign multiple addresses in a dynamic fashion
> > (DHCP, PPP[oE], ???) that ifaddrs(netifN) is meaningful?
> 
> ifaddrs(netifN) represents a list of addresses currently assigned the
> interface i.e. it works dynamically, you do not need to `npfctl reload`.

So, to be clear, if an interfaces gains/sheds addresses, ifaddrs(netifN)
will always reflect the current set of addresses on that interface
each time ifaddrs(netifN) is used, correct?

> In fact, in-kernel NPF supports the translation address being a table,
> using which you can dynamically insert/delete anything you want.  I just
> have not decided on the npf.conf(5) syntax for it yet.

Can this insert/delete be done at any position in the table?  I suppose
with some exit-hook script fiddling, 'dhcpcd' could be coaxed into
manipulating such a table.  Is it possible to reference a particular
element in the table by position?

In my use case, the interface will have one address that may change
(be removed and a different one added) at any time for any reason
or no reason (at whim of ISP).  Whatever this address is will be the
translation address for packets leaving the local network(s) and
destined for the wild, wild internet.  (And likewise accepting incoming
connections for permitted externally-visible services and passing them
to hosts on the internal networks.)

The same interface will also have a statically assigned address that
will be the translation address for packets leaving the local network
but destined only for the status/configuration interface of the ADSL
modem (which is on its own private RFC1918 network).

> > Maybe an additional address-selection algorithm that selects any
> > specified elements of the list?
> 
> Using what criteria?  Do you want an additional address selection
> algorithm or do you just want to filter the dynamic list?

If one does not use an address selection algorithm at all, does
ifaddrs(netifN) guarantee an ordering of the list?  If I can guarantee
the ordering of addresses assigned to the interface (such as the
dynamically-assigned address being always first in the list) I suppose
a mechanism to filter based on position in the list is sufficient.

So, I suppose the issue is that although the interface will have
multiple addresses, I wish to treat each address independenly, but
need to do so symbolically as (at least one of) the exact addresses
cannot be known ahead of time or guaranteed to be current.

I don't know if this makes the situation more clear or not.

-- 
|/"\ John D. Baker, KN5UKS               NetBSD     Darwin/MacOS X
|\ / jdbaker[snail]consolidated[flyspeck]net  OpenBSD            FreeBSD
| X  No HTML/proprietary data in email.   BSD just sits there and works!
|/ \ GPGkeyID:  D703 4A7E 479F 63F8 D3F4  BD99 9572 8F23 E4AD 1645

Follow-Ups:
- Re: Removing PF
  - From: Mindaugas Rasiukevicius

References:
- Re: Removing PF
  - From: John D. Baker
- Re: Removing PF
  - From: John D. Baker
- Re: Removing PF
  - From: John D. Baker
- Re: Removing PF
  - From: Mindaugas Rasiukevicius
- Re: Removing PF
  - From: John D. Baker
- Re: Removing PF
  - From: Mindaugas Rasiukevicius

Prev by Date: Re: Removing PF
Next by Date: Re: Removing PF
Previous by Thread: Re: Removing PF
Next by Thread: Re: Removing PF
Indexes:

Home | Main Index | Thread Index | Old Index