Peter Memishian wrote: > > btw, it isn't the privileged applications that you're protecting, > > it is the users themselves - it looks like the choice is to protect > > them when they run ifconfig rather than dladm. I hope that doesn't > > lead to too much confusion...because while the dladm command has > > succeeded but the ifconfig one failed, there would still appear to > > be room for confusion, vis a vis: > > > > # ifconfig vni0 inet6 plumb > > # dladm rename-link ce0 vni0 > > # snoop -d vni0 > > > > What happens now? > > Cathy could answer this definitively, but offhand: /dev/net is searched > first by dlpi_open(), so they end up snooping on what was formerly ce0.
That is correct. Thanks - Cathy > Given that no packets flow over the IP vni interface at the DLPI layer, > that seems like the right behavior to me. But the whole example seems > convoluted. >
