On 12 September 2013 17:31, Reyk Floeter <r...@openbsd.org> wrote: > On Thu, Sep 12, 2013 at 05:18:39PM +0200, Martin Pieuchot wrote: >> > For example, you have to query the IfIndex via SNMP to get further >> > information, like the ifName or statistics, and most monitoring >> > systems would save interface information based on the index - they >> > would not recognize that tun0 with if_index 10 is the same interface >> > (from an OpenBSD point of view) as tun0 with an if_index 11. It is >> > not guaranteed in OpenBSD, but we shouldn't make it worse. >> >> All our interface drivers are associated to one index when they are >> attached and it does not change. >> >> The only thing is that tun(4) is special because internally when it >> switches from L3 to L2 or vice versa it detaches and reattaches itself. >> That's why this hack of reusing the last index is needed. >> > > It also matters if you create destroy and re-create any other cloner > interface (vlan, ...). >
it makes no sense whatsoever, reyk. those indices can be easily stolen and nobody guarantees that if you create vlan10, vlan11, then destroy vlan10, create vlan12 and vlan10 that vlan10 will have the same index as before. in fact it might be a different interface created for a different purpose days after. who knows? if snmp client relies on this behavior, it's broken since we have never made any provisions regarding how we use those indices. >> But if I understand correctly what you're saying about querying the >> IfIndex, I find it even more dangerous to reuse the last index, >> because I can create a configuration where I change an interface >> while keeping the same index (with usb interfaces for example). >> > > I think that's nonsense. > looks like you misunderstand the problem we're dealing with here. >> FWIW it would be interesting to modify tun(4) so that it doesn't >> need to detach/reattach itself when switching between mode, this >> would allow us to stop reusing the last index. >> > > Or you could simply rewrite tun(4)? > > Isn't there any other way to do what you want without stopping to > reuse the index? SNMP simply expects that if_indexes are fairly > static, linear, and without holes. Why should we change that in > OpenBSD? Is there any security reason to "randomize" the indexes - > No. > > Reyk > or snmp can simply stop assuming things. if_index wasn't created for snmp in the first place.
