[hipl-dev] Re: HIPL whitelisting

  • From: Miika Komu <mkomu@xxxxxxxxx>
  • To: hipl-dev@xxxxxxxxxxxxx
  • Date: Tue, 21 Jun 2011 17:32:46 +0300

Hi,

On 06/21/2011 05:21 PM, Christof Mroz wrote:

On Mon, 20 Jun 2011 21:08:08 +0200, Christian Röller (Student RWTH)
<christian.roeller@xxxxxxxxxxxxxx> wrote:


My problem is, that at the moment the interfaces will be recognized by
an index, which is provided by netlink. The problem with this index is,
that it is equal for the physical interface and its alias-interfaces.


I'm too busy to investigate myself right now, but don't `ifconfig` and
`ip` both use netlink as well? And IIRC, both are able to distinguish
between aliases and interfaces, so there may be a solution in the
respective source code.


So my question is:
Has anybody an idea, which other unique indicator(except the index) i
can use to distinguish between all inerfaces, so that i can whitelist
the interfaces in a more conrete way.


A quick glance at the rtnetlink(7) manpage looks like the interface name
can be embedded in the relevant netlink messages as a string, see
IFLA_IFNAME and IFA_LABEL. While I'd never believe what the netlink docs
say, a quick grep through the kernel source looks like it actually
honors these fields...
it that doesn't work, then here's another idea to try. I'm not sure if this is useful, but maybe these could be used for augmenting netlink information: 

http://pubs.opengroup.org/onlinepubs/009695399/functions/if_nameindex.html
http://www.kernel.org/doc/man-pages/online/pages/man3/getifaddrs.3.html
HIPL release 1.0.3 contain a tool (test/listifaces.c) for testing these. Beware that only one netlink socket per process is (or at least was) allowed.

Other related posts:

  1. Home
  2. hipl-dev
  3. Archive
  4. 06-2011