Hi, while porting OpenBSD 3.9 (soon to be released) pf I stumbled on interface groups. This is a mechanism to group arbitrary interfaces into logical groups. It is just naming (not functional change), but it helps to convey semantic information (e.g. group "LAN", "DMZ" ...) about your interface to supporting applications. This way you can write a policies for interface group "LAN" and have it applied to all the VLAN interfaces that come and go. Administration is done via ifconfig. We currently have "ifconfig name" which does part of the job.
My question: Does that sound like something interesting for us and should I go for importing it into FreeBSD proper, or is it not at all interesting and we don't want it (in which case I'd hack something up for pf). Technical reasoning: A proper import would add an additional TAILQ link into struct ifnet (which is a great deal of ABI change and causes the usual headaches). The hack would use a single void *, but we'd have to pay for the additional indirection. Also yet another config tool would be required to administer the interface <-> group binding. -- /"\ Best regards, | [EMAIL PROTECTED] \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | [EMAIL PROTECTED] / \ ASCII Ribbon Campaign | Against HTML Mail and News
pgp5oljsuesBK.pgp
Description: PGP signature
