I was wondering if anyone has insight into this problem I ran into. While adjusting the link properties for an existing vnic, I found that if you try to add more than 243 characters worth of comma separated IP addresses to the allowed-ips= property, it results in the error "dladm: property list too long". Here is an example to show what I mean. The command (all on one line):
dladm set-linkprop -t -p allowed-ips=28.42.112.131,28.42.112.132,28.42.112.133,28.42.112.134,28.42.112.135,28.42.112.136,28.42.112.137,28.42.112.138,28.42.112.139,28.42.112.140,28.42.112.141,28.42.112.142,28.42.112.143,28.42.112.144,28.42.112.145,28.42.112.146,28.42.112.147,28.42.112.148 ywo378_0 Will result in the following error: dladm: property list too long 'allowed-ips=28.42.112.131,28.42.112.132,28.42.112.133,28.42.112.134,28.42.112.135,28.42.112.136,28.42.112.137,28.42.112.138,28.42.112.139,28.42.112.140,28.42.112.141,28.42.112.142,28.42.112.143,28.42.112.144,28.42.112.145,28.42.112.146,28.42.112.147,28.42' This simply means that, depending on the IP address length, you can fit 15-30 IP addresses with comma separation into the allowed-ips property using the dladm command. Just off the top of my head, it looks like the DLADM_STRSIZE being set to 256 may be related to this issue. I am sure I am not the only security conscious person who has ran into this issue. Does anyone have any idea how to get around this limitation besides rebuilding from source code? Jonathan Kinney http://www.simplywebhosting.com _______________________________________________ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
