[OpenIndiana-discuss] crippling dladm set-linkprop limitations when setting allowed-ips, resulting in dladm: property list too long

Jonathan Kinney openindiana-discuss at super-geek.com
Wed Jan 26 00:37:37 UTC 2011


  I was wondering if anyone has insight into this problem I ran into.
While adjusting the link properties for an existing vnic, I found that
if you try to add more than 243 characters worth of comma separated IP
addresses to the allowed-ips= property, it results in the error
"dladm: property list too long".  Here is an example to show what I
mean.  The command (all on one line):

dladm set-linkprop -t -p
allowed-ips=28.42.112.131,28.42.112.132,28.42.112.133,28.42.112.134,28.42.112.135,28.42.112.136,28.42.112.137,28.42.112.138,28.42.112.139,28.42.112.140,28.42.112.141,28.42.112.142,28.42.112.143,28.42.112.144,28.42.112.145,28.42.112.146,28.42.112.147,28.42.112.148
ywo378_0

Will result in the following error:

dladm: property list too long
'allowed-ips=28.42.112.131,28.42.112.132,28.42.112.133,28.42.112.134,28.42.112.135,28.42.112.136,28.42.112.137,28.42.112.138,28.42.112.139,28.42.112.140,28.42.112.141,28.42.112.142,28.42.112.143,28.42.112.144,28.42.112.145,28.42.112.146,28.42.112.147,28.42'

This simply means that, depending on the IP address length, you can
fit 15-30 IP addresses with comma separation into the allowed-ips
property using the dladm command.  Just off the top of my head, it
looks like the DLADM_STRSIZE being set to 256 may be related to this
issue.  I am sure I am not the only security conscious person who has
ran into this issue.  Does anyone have any idea how to get around this
limitation besides rebuilding from source code?

Jonathan Kinney
http://www.simplywebhosting.com



More information about the OpenIndiana-discuss mailing list