Ticket #193 (new defect)

Opened 1 year ago

Last modified 10 months ago

avahi should default to not using tun/tap devices

Reported by: josh Assigned to: lennart
Priority: major Milestone:
Component: avahi-daemon Version:
Keywords: Cc: josh@freedesktop.org

Description

Whenever I create a virtual machine with a tap device, avahi starts doing mDNS using that tap device. I don't think this should happen by default. In my case, I want those tap devices on an isolated network, and I don't want any host services exposed on them.

Much like avahi defaults to not listening on point-to-point interfaces, I think avahi should avoid listening on tun/tap devices as well. If a system has tun/tap devices, they likely represent some specialized network setup that avahi should not disturb without explicit instruction.

Change History

01/19/08 10:37:37 changed by josh

This ticket relates to #181, but #181 asks for general customizability of the interfaces avahi listens on. This ticket asks only for a general option to avoid listening on tun/tap devices, defaulting to "no". Furthermore, even if the mechanism in #181 becomes part of avahi, this ticket still applies, as it asks for a change in the default treatment of tun/tap devices.

03/27/08 02:18:10 changed by lennart

I don't know how to detect tun/tap devices properly. Matching them by name doesn't really work in days of ifrename and such.

Please provide me with a sane algorithm how I can detect if an interface is tun/tap and then I'll happily change Avahi to ignore all those interfaces.

03/27/08 10:10:24 changed by olemd

I actually like avahi-on-tap devices. My openvpn stuff run with tap-devices to enable things like zeroconf and samba-browsing without having to do anything special.

Tun-devices are point-to-point anyway (aren't they?) so avahi should already ignore them.

03/27/08 10:28:55 changed by olemd

And after reading a bit more, #181 + a default of not binding to tun/tap devices seem sane. But please don't just drop tun/tap support completely.

03/27/08 13:50:45 changed by lennart

tap emulates an ethernet network, and hence cannot be pointopoint, because Ethernet networks genereally are not pointopoint.

mDNS has not been designed for high latency links (which tunnels usually are), hence I see no real problem in disabling it entirely for tap. However, I have no idea how to detect them...