[RFI - fw3 zones] raw netdev semantics

anon45274024 · January 13, 2020, 9:04pm

From ^[1]

device - List of raw network device names attached to this zone, e.g. ppp+ to match any PPP interface.

What I find confusing:

device vs. interface in the same sentence and appearing sort of conflicting
how can ppp+ be considered a raw device at all, e.g. considering ^[2] stipulating pppoe-$interface as interface but there is no pppoe-$device?

I would have thought that a raw netdev is a physical port, such as ethX or lanX, probably also radioX.

Thus appreciate to learn what counts as raw netdev and what defines it in the OpenWrt context/lingo.

^[1] https://openwrt.org/docs/guide-user/firewall/firewall_configuration
^[2] https://git.openwrt.org/?p=project%2Fnetifd.git&a=search&h=HEAD&st=grep&s=ppp

lleachii · January 13, 2020, 10:20pm

I've noticed that these terms are not always consistent across pages. The network config page uses the terms "[OpenWrt] logical interface" and "physical interface":

Sections of the type interface declare logical networks serving as containers for IP address settings, aliases, routes, physical interface names and startfirewall_rules - they play a central role within the LEDE configuration concept.

~ https://openwrt.org/docs/guide-user/base-system/basic-networking#interfaces

From the Wiki page, "interface" clearly describes an OpenWrt-enumerated config defining one logical network. An interface can include multiple physical interfaces.

In your instance, I think "raw" should be replaced with "physical interface". Also note that network is commonly used in zone definitions (which lists the logical interfaces), not device (which lists the physical interfaces).

anon45274024 · January 14, 2020, 8:35am

And how does that jibe with

e.g. ppp+ to match any PPP interface.

?

jow · January 14, 2020, 8:43am

Iptables supports a special + placeholder syntax for -i and -o flags. ppp+ will match any Linux network device (the things you see in ifconfig or ip link) starting with ppp.

anon45274024 · January 14, 2020, 9:03am

source code^[3] does not seem to define PPP+ as netdev and it would appear that nftables does not either.

^[3] https://github.com/torvalds/linux/blob/master/include/linux/netdevice.h

jow · January 14, 2020, 9:29am

Well PPP+ isn't a netdev, it is a wildcard pattern matching things like ppp0, pppoe-wan, pppfoo etc. which are netdevs.

system · January 24, 2020, 9:29am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.