On Thu, Sep 12, 2013 at 05:18:39PM +0200, Martin Pieuchot wrote: > > For example, you have to query the IfIndex via SNMP to get further > > information, like the ifName or statistics, and most monitoring > > systems would save interface information based on the index - they > > would not recognize that tun0 with if_index 10 is the same interface > > (from an OpenBSD point of view) as tun0 with an if_index 11. It is > > not guaranteed in OpenBSD, but we shouldn't make it worse. > > All our interface drivers are associated to one index when they are > attached and it does not change. > > The only thing is that tun(4) is special because internally when it > switches from L3 to L2 or vice versa it detaches and reattaches itself. > That's why this hack of reusing the last index is needed. >
It also matters if you create destroy and re-create any other cloner interface (vlan, ...). > But if I understand correctly what you're saying about querying the > IfIndex, I find it even more dangerous to reuse the last index, > because I can create a configuration where I change an interface > while keeping the same index (with usb interfaces for example). > I think that's nonsense. > FWIW it would be interesting to modify tun(4) so that it doesn't > need to detach/reattach itself when switching between mode, this > would allow us to stop reusing the last index. > Or you could simply rewrite tun(4)? Isn't there any other way to do what you want without stopping to reuse the index? SNMP simply expects that if_indexes are fairly static, linear, and without holes. Why should we change that in OpenBSD? Is there any security reason to "randomize" the indexes - No. Reyk
