[OpenIndiana-discuss] crippling dladm set-linkprop limitations when setting allowed-ips, resulting in dladm: property list too long

Jonathan Kinney openindiana-discuss at super-geek.com
Wed Jan 26 01:18:58 UTC 2011 

  I did try CIDR masking, and it responds with "invalid IP address".
If that were to work, it would be good enough, but when it comes to
automation, quite a bit of logic to write.  Even if I could
incrementally add to the list, that would be useful, but I do not see
a way to do that either.

Jonathan

On Tue, Jan 25, 2011 at 4:57 PM, Lou Picciano <loupicciano at comcast.net> wrote:
> Jonathan -
>
>
> Though we do use dladm quite a bit, haven't run into this limitation of the allowed property...
>
>
> On the other hand, doesn't this property accept CIDR masking; wouldn't this go a long way toward consolidating your 'allowed' requirements?
>
>
> Lou
>
> ----- Original Message -----
> From: "Jonathan Kinney" <openindiana-discuss at super-geek.com>
> To: openindiana-discuss at openindiana.org
> Sent: Tuesday, January 25, 2011 7:37:37 PM
> Subject: [OpenIndiana-discuss] crippling dladm set-linkprop limitations when setting allowed-ips, resulting in dladm: property list too long
>
> I was wondering if anyone has insight into this problem I ran into.
> While adjusting the link properties for an existing vnic, I found that
> if you try to add more than 243 characters worth of comma separated IP
> addresses to the allowed-ips= property, it results in the error
> "dladm: property list too long". Here is an example to show what I
> mean. The command (all on one line):
>
> dladm set-linkprop -t -p
> allowed-ips=28.42.112.131,28.42.112.132,28.42.112.133,28.42.112.134,28.42.112.135,28.42.112.136,28.42.112.137,28.42.112.138,28.42.112.139,28.42.112.140,28.42.112.141,28.42.112.142,28.42.112.143,28.42.112.144,28.42.112.145,28.42.112.146,28.42.112.147,28.42.112.148
> ywo378_0
>
> Will result in the following error:
>
> dladm: property list too long
> 'allowed-ips=28.42.112.131,28.42.112.132,28.42.112.133,28.42.112.134,28.42.112.135,28.42.112.136,28.42.112.137,28.42.112.138,28.42.112.139,28.42.112.140,28.42.112.141,28.42.112.142,28.42.112.143,28.42.112.144,28.42.112.145,28.42.112.146,28.42.112.147,28.42'
>
> This simply means that, depending on the IP address length, you can
> fit 15-30 IP addresses with comma separation into the allowed-ips
> property using the dladm command. Just off the top of my head, it
> looks like the DLADM_STRSIZE being set to 256 may be related to this
> issue. I am sure I am not the only security conscious person who has
> ran into this issue. Does anyone have any idea how to get around this
> limitation besides rebuilding from source code?
>
> Jonathan Kinney
> http://www.simplywebhosting.com
>
> _______________________________________________
> OpenIndiana-discuss mailing list
> OpenIndiana-discuss at openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss
> _______________________________________________
> OpenIndiana-discuss mailing list
> OpenIndiana-discuss at openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss
>

More information about the OpenIndiana-discuss mailing list