Subject: Re: dhcpd(8) _cannot_ be completely disabled on an interface
To: David Laight <David.Laight@btinternet.com>
From: Dennis Ferguson <dennis@juniper.net>
List: tech-security
Date: 01/08/2002 09:04:20
> > >> You need to know the incoming hardware the packet arrived on to
> > >> assign an address to the host, so I hope this is what IP_RECVIF is
> > >> telling you.
> >
> > IP_RECVIF gets you the if_index value for the interface in question.
> > Mapping that to anything useful is up to the packet recipient.
>
> I remember these being discussed at one of the last XNET meetings I
> attanded. I couldn't then work out how if_index numbers helped you
> do anything useful :-)
>
> The guys from sun seemed to think they were vital though.
What you're supposed to have in addition to the index is a way to use
it to query for all the other state associated with the interface. Then
the index can become the canonical way for software to refer to an
interface, leaving the pretty ascii name for humans to use.
I use a kernel which has been modified to support really huge numbers
of interfaces, and I have difficulty imagining how one would do this
without the index. For example, how else would you specify a next hop
for a multicast route which needs to replicate the packet out 100 interfaces?
Using protocol addresses to identify interfaces unnecessarily requires that
all interfaces have addresses, and adds an equally unnecessary protocol
dependency to what is essentially a protocol-independent specification.
Long lists of variable-length ASCII interface names are a possibility, but
are really ugly to deal with compared to a nice, neat array of 100 small
integers.
The index is quite useful, but only if the rest of the infrastructure is
adjusted to make use of it.
> (I recall them being defined as 'small integers' - I always fancy random
> 32 bit ones myself (mathematically small!))
The reason you'd like the integer to remain 'small' (i.e. fairly densely
packed towards 0) is that it makes it possible to do a simple table lookup
to get from the integer to the stuff you need to know about an interface
to do an operation. Randomly-assigned 32-bit values would unnecessarily
require a fancier and more costly data structure to do the same operation.
Dennis Ferguson