[H-GEN] IPTables problem

Russell Stuart russell at stuart.id.au
Mon Jul 19 20:55:12 EDT 2004


On Tue, 2004-07-20 at 09:50, Robert Brockway wrote:
> I mean device aliases.  The original kernel config option to turn them on
> (before they became standard) was "Enable device aliases" or something
> very similar.  I believe this is still their official name.

Hmmm.  Again, I am not sure what a "device alias" is, at least
in the current iproute2 kernels.  I am not familiar with the
model used by the 2.2 kernels.  From man ifconfig:

  "Since kernel release 2.2 there are no explicit interface
  statistics for alias interfaces  anymore.  The statistics
  printed for the original address are shared with all alias
  addresses on the same device."

Reading between the lines, I suspect that 2.2 implemented
multiple addresses by creating what appeared to be a separate
device for each address.  These were called "device aliases".
One implication of this design choice was that each alias
has its own statistics.

There are no "device aliases" now.  A network device can
have only one name, although that name can be changed.  Each
device can have multiple addresses assigned to it.  You can,
if you wish, assign a name to each of those addresses.  This
name is meant to have the format "deviceName:%d", but this
isn't always enforced by the kernel.  The ":%d" is optional.
ifconfig referred to these are "address aliases", but that
aren't really aliases as each address can have only one
name.

If you are looking in the kernel, the address names are
stored in:
  include/linux/inetdevice.h:struct in_ifaddr.ifa_label.
The device names are stored in:
  include/linux/netdevice.h:struct net_device.name.

If netfilter code in the kernel does not ever refer to
in_ifaddr.ifa_label. It only uses device.name.  Thus the
-i switch to iptables refers to the device name, not an
address name.

I have never found a use for address names.  I assume they
are there purely for backward compatibility with ifconfig -
for people who didn't learn to use the new "ip" command.
That was a perfectly reasonable position to take, as there
was bugger all documentation for the "ip" command and
*NONE* for "tc".  I learnt how to use them by reading
the source.  It took a long while.






More information about the General mailing list