Hello,
I want to ad my $0.02.
On Sat, Jun 03, 2000 at 09:18:18AM -0700, Mitchell Blank Jr wrote:
> > Devices map to physical devices i.e ports in your lingo. How many of those
> > do you see in your average Linux machine?
>
> The problem is that if you only think about the "common" network types
> (ethernet, PPP, etc) this line gets blurred, since there's a one-to-one
> corresponance between:
> * physical devices
> * network devices (i.e. things that you can bind IP addresses to,
> netfilter based on, tcpdump of)
>
> Any sane implementation of VLANs needs to be a network device in the
> second sense.
Network devices in the second sense is only an abstraction.
Linux kernel do not bind IP addresses for devices. IP address assignment to
any device is just an entry in routing table "local". The kernel keeps
information about the correspondence about IP address and device only for
backward compatibility to help ifconfig and other obsolete network management
software to work. I'm very thankful to Alexey for removing finally the
long-standing mistake of correspondence between IP addresses and devices from
the kernel.
Netfilters isn't a big problem, too. A specific VLAN-id matching netfilter
module is a clean and powerful solution.
I think that the current VLAN implementation slightly abuses the notion of
device. And it doesn't relate to the number of devices and the efficiency of
search algorithms. The current VLAN implementation is a pure packet-mangling
code. It misses one of the most important properties of network devices -
flow control. Any code that doesn't provide flow control isn't a device, but a
code just manipulating of packet contents.
The current kernel infrastructure for packet mangling may still need some
adjustments, but it at least exists. I'm encouraging to consider VLAN
implementation as just a netfilter module.
Best regards
Andrey V.
Savochkin
|