Why grace_period uses IP instead of MAC address?

[thezealousfool]

Question, why does the grace_period mechanism not store MAC addresses? Won't that be more secure than IP addresses?

[akerl]

MAC addresses are only viable over Layer 2, so they’d only be applicable for connections within a LAN. Within a LAN, both IP addresses and MAC addresses are also much more likely to be user-malleable.

While I wasn’t the implementer for the grace_period feature, I’d suspect it’s intended more for the case where you’re exposing a system over Layer3+ (essentially, via the internet or other routed network), where IP address is the applicable identifier.

[ThomasHabets]

Also mac addresses aren't readily available from user space even when the two endpoints are on the same LAN.

[thezealousfool]

Makes sense. Thanks for the clarification @akerl and @ThomasHabets