I did try CIDR masking, and it responds with "invalid IP address". If that were to work, it would be good enough, but when it comes to automation, quite a bit of logic to write. Even if I could incrementally add to the list, that would be useful, but I do not see a way to do that either.
Jonathan On Tue, Jan 25, 2011 at 4:57 PM, Lou Picciano <loupicci...@comcast.net> wrote: > Jonathan - > > > Though we do use dladm quite a bit, haven't run into this limitation of the > allowed property... > > > On the other hand, doesn't this property accept CIDR masking; wouldn't this > go a long way toward consolidating your 'allowed' requirements? > > > Lou > > ----- Original Message ----- > From: "Jonathan Kinney" <openindiana-disc...@super-geek.com> > To: openindiana-discuss@openindiana.org > Sent: Tuesday, January 25, 2011 7:37:37 PM > Subject: [OpenIndiana-discuss] crippling dladm set-linkprop limitations when > setting allowed-ips, resulting in dladm: property list too long > > I was wondering if anyone has insight into this problem I ran into. > While adjusting the link properties for an existing vnic, I found that > if you try to add more than 243 characters worth of comma separated IP > addresses to the allowed-ips= property, it results in the error > "dladm: property list too long". Here is an example to show what I > mean. The command (all on one line): > > dladm set-linkprop -t -p > allowed-ips=28.42.112.131,28.42.112.132,28.42.112.133,28.42.112.134,28.42.112.135,28.42.112.136,28.42.112.137,28.42.112.138,28.42.112.139,28.42.112.140,28.42.112.141,28.42.112.142,28.42.112.143,28.42.112.144,28.42.112.145,28.42.112.146,28.42.112.147,28.42.112.148 > ywo378_0 > > Will result in the following error: > > dladm: property list too long > 'allowed-ips=28.42.112.131,28.42.112.132,28.42.112.133,28.42.112.134,28.42.112.135,28.42.112.136,28.42.112.137,28.42.112.138,28.42.112.139,28.42.112.140,28.42.112.141,28.42.112.142,28.42.112.143,28.42.112.144,28.42.112.145,28.42.112.146,28.42.112.147,28.42' > > This simply means that, depending on the IP address length, you can > fit 15-30 IP addresses with comma separation into the allowed-ips > property using the dladm command. Just off the top of my head, it > looks like the DLADM_STRSIZE being set to 256 may be related to this > issue. I am sure I am not the only security conscious person who has > ran into this issue. Does anyone have any idea how to get around this > limitation besides rebuilding from source code? > > Jonathan Kinney > http://www.simplywebhosting.com > > _______________________________________________ > OpenIndiana-discuss mailing list > OpenIndiana-discuss@openindiana.org > http://openindiana.org/mailman/listinfo/openindiana-discuss > _______________________________________________ > OpenIndiana-discuss mailing list > OpenIndiana-discuss@openindiana.org > http://openindiana.org/mailman/listinfo/openindiana-discuss > _______________________________________________ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
