* [gentoo-dev] Proposal: networking startup script rewrite
@ 2003-10-13 18:56 Michael J. Cohen
2003-10-13 22:09 ` Stroller
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: Michael J. Cohen @ 2003-10-13 18:56 UTC (permalink / raw
To: gentoo-dev
After wrestling with our current net implementation to get bridged interfaces
and vlans working, which ended in me just setting up things in local.start, I
figured a rewrite of our network scripts is in order.
I have made a primitive version of the rewrite available here:
http://325i.org/proposed-net-replacement
It is useless in its current state and only provided as an example.
The reason for this rewrite is twofold: ease of configuration and ease of
maintenance.
Here are a few of my ideas for the evolution of this currently primitive
rewrite:
* all networking related configuration should take place in /etc/conf.d/net,
thus eliminating /etc/conf.d/iptables and such
* bringing interfaces up and down should be handled by one script that
recognizes all possible up and down configurations of an interface, for
example, 802.1[d,q] (bridge,vlan), netfilter, dhcp, bootp..
* configuration of iptables, ipsec, routing, etc should be handled by the up/
down script calling the appropriate /etc/init.d scripts with the appropriate
arguments. these scripts would have to parse /etc/conf.d/net or rely on some
of the functions in /etc/init.d/net to parse it if the user should decide to
start/restart/reload a script individually
If anyone has any input, please feel free to speak your mind.
I would love to see gentoo become the easiest distro to configure network
interfaces for *any* and *all* possible configurations, and I feel that this
is the first step to achieve that goal.
------
Michael J. Cohen
--
gentoo-dev@gentoo.org mailing list
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: [gentoo-dev] Proposal: networking startup script rewrite 2003-10-13 18:56 [gentoo-dev] Proposal: networking startup script rewrite Michael J. Cohen @ 2003-10-13 22:09 ` Stroller [not found] ` <D1EAAB31-FDC9-11D7-BA49-000A95795F3E@stellar.eclipse.co.uk> 2003-10-14 15:21 ` William Hubbs 2 siblings, 0 replies; 5+ messages in thread From: Stroller @ 2003-10-13 22:09 UTC (permalink / raw To: gentoo-dev On 13 Oct 2003, at 7:56 pm, Michael J. Cohen wrote: > After wrestling with our current net implementation to get bridged > interfaces > and vlans working, which ended in me just setting up things in > local.start, I > figured a rewrite of our network scripts is in order. > > I have made a primitive version of the rewrite available here: > http://325i.org/proposed-net-replacement > > It is useless in its current state and only provided as an example. Michael, I'm not really sure what you regard as the failings of the current /init.d/net configuration. I have to say that I spent a couple of days struggling with it myself, and although I did whine about it at the time (see my postings <http://tinyurl.com/qsjh>) the upshot is that I rather like it the way it is. I'd agree that if a script to call `brctl` appropriately was installed by net-misc/bridge-utils then it would make configuration a lot easier, but this is a simple addition to a single package, rather than a rewrite of the whole framework. I really would like to see such an inclusion, considering that the bridging code is, I believe, incorporated into the upcoming 2.6. Bridging works fine here & fairly seamlessly with the current framework. I found that everything fell into place once I moved /etc/conf.d/net to /etc/conf.d/net.eth0 & /etc/conf.d/net.eth1, so that it's contents (particularly with respect to gateways) are ignored by my /etc/conf.d/net.br0 script. Not much in addition is required to get everything up & running - I would have been glad to provide my scripts, if I had seen your posting to -user. I don't know much (erm... well, anything) about VLANs, so I'm probably missing some of your reasoning against the current system. Actually, I don't know much about anything, so maybe you could explain (like an RFC or a GLEP, maybe?), listing the problems of the current system & how your solution would resolve them..? I'm sorry if I seem biased or antagonistic, but really don't like the idea of uniting the network scripts in anyway like you describe. I may have struggled with them myself, but that's only because I'm so incompetent - I got there in the end. I once tried parsing one of Mandrake's network initialisation scripts, but floundered wildly - with Gentoo you know intuitively to look for iptables stuff in /etc/conf.d/iptables and so on. The only improvements I'd no ask for in the init scripts are more commenting - I'm firmly of the school that believes in 2 lines of comments for every line of code. I'd like to see all code human-readable for a newbie to the language. Stroller. -- gentoo-dev@gentoo.org mailing list ^ permalink raw reply [flat|nested] 5+ messages in thread
[parent not found: <D1EAAB31-FDC9-11D7-BA49-000A95795F3E@stellar.eclipse.co.uk>]
* Re: [gentoo-dev] Proposal: networking startup script rewrite [not found] ` <D1EAAB31-FDC9-11D7-BA49-000A95795F3E@stellar.eclipse.co.uk> @ 2003-10-14 2:17 ` Michael J. Cohen 2003-10-14 14:09 ` Stroller 0 siblings, 1 reply; 5+ messages in thread From: Michael J. Cohen @ 2003-10-14 2:17 UTC (permalink / raw To: gentoo-dev > I'm not really sure what you regard as the failings of the current > /init.d/net configuration. I have to say that I spent a couple of days > struggling with it myself, and although I did whine about it at the > time (see my postings <http://tinyurl.com/qsjh>) the upshot is that I > rather like it the way it is. Having /etc/init.d/net.eth[1,2,..] installed by the user does not mean that it is automagically updated with a new install or with etc-update. only basic configuration is achieved with the current setup. etc-updating 99 files is a pain, but it often happens when upgrading baselayout, etc. If a user wipes out his configs for iptables etc by overwriting accidentally, he is in a bind. However if we do not provide a / etc/conf.d/net and only a /etc/conf.d/net.sample; this is allievated. > I'd agree that if a script to call `brctl` appropriately was installed > by net-misc/bridge-utils then it would make configuration a lot easier, > but this is a simple addition to a single package, rather than a > rewrite of the whole framework. I really would like to see such an > inclusion, considering that the bridging code is, I believe, > incorporated into the upcoming 2.6. Currently, there are several unrelated scripts for each userspace networking tool. iptables, (your proposed bridge-utils), ipsec... This is a bit backwards, and it relies on the initscripts' ability to order correctly. If we load net as one script, we know exactly what is going on and in what order and thus might be able to speed up booting by backgrounding processes that are known to potentially take time. The new system would most likely call the related /etc/init.d/bridge script or similar in order to set things up, rather than invoking brctl directly. This would save some headaches with updating the script every time we package up some new network tool. > Bridging works fine here & fairly seamlessly with the current > framework. I found that everything fell into place once I moved > /etc/conf.d/net to /etc/conf.d/net.eth0 & /etc/conf.d/net.eth1, so that > it's contents (particularly with respect to gateways) are ignored by my > /etc/conf.d/net.br0 script. Not much in addition is required to get > everything up & running - I would have been glad to provide my scripts, > if I had seen your posting to -user. What about wireless + roaming, advanced routing/bridging, ipsec, vpns, vlans, pppoe... all of these things either are not supported or are broken up into tiny bits of configuration files everywhere. It would be much easier if we had one manual with plenty of examples and one configuration file for people to edit. Not only is it easier on the developers, but it is easier on the user for updates and for configuration. The user no longer needs to hunt down where he made what change to what interface in what file. > I don't know much (erm... well, anything) about VLANs, so I'm probably > missing some of your reasoning against the current system. Actually, I > don't know much about anything, so maybe you could explain (like an RFC > or a GLEP, maybe?), listing the problems of the current system & how > your solution would resolve them..? It was mentioned to me that it was quite challenging to add VLAN suport into the current net scripts. > I'm sorry if I seem biased or antagonistic, but really don't like the > idea of uniting the network scripts in anyway like you describe. I may > have struggled with them myself, but that's only because I'm so > incompetent - I got there in the end. I once tried parsing one of > Mandrake's network initialisation scripts, but floundered wildly - with > Gentoo you know intuitively to look for iptables stuff in > /etc/conf.d/iptables and so on. Seems like it would make more sense to me if /etc/conf.d/net was your one stop shop for all your networking needs. > The only improvements I'd no ask for in the init scripts are more > commenting - I'm firmly of the school that believes in 2 lines of > comments for every line of code. I'd like to see all code > human-readable for a newbie to the language. Agreed. sometimes 5 or 6 is warranted for things like sed. :) ------ Michael -- gentoo-dev@gentoo.org mailing list ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [gentoo-dev] Proposal: networking startup script rewrite 2003-10-14 2:17 ` Michael J. Cohen @ 2003-10-14 14:09 ` Stroller 0 siblings, 0 replies; 5+ messages in thread From: Stroller @ 2003-10-14 14:09 UTC (permalink / raw To: gentoo-dev [-- Attachment #1: Type: text/plain, Size: 5323 bytes --] Having not dug around in the net startup scripts either deeply or recently, I'm not qualified to comment on all your points, but I'll respond to the ones that I can. On 14 Oct 2003, at 3:17 am, Michael J. Cohen wrote: > > etc-updating 99 files is a pain, but it often happens when upgrading > baselayout, etc. If a user wipes out his configs for iptables etc by > overwriting accidentally, he is in a bind. However if we do not > provide a / > etc/conf.d/net and only a /etc/conf.d/net.sample; this is allievated. Yes, I much prefer this format - perhaps it would be extreme or convoluted to have every configuration file provided as config.example, but I would love to see Gentoo standardising on it for all files that the user is likely to change, at least. >> I'd agree that if a script to call `brctl` appropriately was installed >> by net-misc/bridge-utils then it would make configuration a lot >> easier... > > Currently, there are several unrelated scripts for each userspace > networking > tool. iptables, (your proposed bridge-utils), ipsec... Well, my "proposed" bridge-utils isn't "proposed" - it's in the Portage tree. It is the ebuild for "brctl" and the other user-space Bridging utilities. > The new system would most likely call the related /etc/init.d/bridge > script or > similar in order to set things up, rather than invoking brctl > directly... Erm... well, I rather gathered that the idea of all the separate scripts in /etc/init.d/ was that they could be called independently. In this way they can be added to different runlevels or restarted by the administrator after configuration changes; if one script relies on another there is the "depends" declaration. Would your /etc/init.d/bridge script be safe to call separately like that..? I agree that the `brctl` stuff should not be in the main network scripts. I've attached a copy of my *extremely tatty* /etc/init.d/net.br0 script, so that you can see that this can be done fairly elegantly within the current framework. I just copied my default runlevel to /etc/runlevels/bridge, removed the existing eth0 & eth1 from that runlevel & added net.br0, so I can switch between them at will. Sorry to harp on about it, but if a (much tidier) version of this were distributed with net-misc/bridge-utils then there would be no need at all for the base networking init system to refer to bridging at all; I believe this is much neater for users who are not interested in bridging. > This > would save some headaches with updating the script every time we > package up > some new network tool. Hmmn... y'see I see smaller scripts as easier to maintain. If one developer wants to change (say) the way that wireless LAN cards behave at init, he simply edits that script without having to know about how bridges behave, or risking fouling up that behavior. Of course, if wireless bridges require special cases, then that's a job for the bridging maintainers (whoever they may be). > What about wireless + roaming, advanced routing/bridging, ipsec, vpns, > vlans, > pppoe... all of these things either are not supported or are broken up > into > tiny bits of configuration files everywhere. It would be much easier > if we > had one manual with plenty of examples and one configuration file for > people > to edit. Not only is it easier on the developers, but it is easier on > the > user for updates and for configuration. The user no longer needs to > hunt > down where he made what change to what interface in what file. I disagree. I prefer small configuration files; I find smaller files easier to parse & to deal with than larger ones. YMMV. Locating the appropriate configuration file is simply a matter of `ls /etc/conf.d`. For the developers, I would have thought the same applied - they can edit the notworking file they're interested in without risking b0rking up anything else. I see the current seup as good modularity, but I appreciate this is a matter of preference. >> I don't know much (erm... well, anything) about VLANs, so I'm probably >> missing some of your reasoning against the current system... > > It was mentioned to me that it was quite challenging to add VLAN > suport into > the current net scripts. Ok... if you say so. But I don't know why. Would it be easier to add VLAN support to a single net-startup script than to the present setup..? Can you explain why, please..? >> .... I once tried parsing one of >> Mandrake's network initialisation scripts, but floundered wildly - >> with >> Gentoo you know intuitively to look for iptables stuff in >> /etc/conf.d/iptables and so on. > > Seems like it would make more sense to me if /etc/conf.d/net was your > one stop > shop for all your networking needs. I forgot to explain the reason I had problems with the Mandrake network script I mentioned - because it was so damn big! There were pages of it! On that occasion I was only looking to see how the PPP startup worked - all the pages of Ethernet (and presumably VLAN &c) configuration just confused me impossibly. I now use Ethernet - I have no desire to see PPP options in my configuration scripts. At present /etc/conf.d/ is your one stop shop for all your networking needs - and it's split neatly into manageable departments. Stroller. [-- Attachment #2: net.br0 --] [-- Type: application/octet-stream, Size: 5423 bytes --] #!/sbin/runscript # Joe Stroller's bridge init.d script # Blatantly hacked from Gentoo Inc's /etc/init.d/net.eth0 GPL v2 licence # Config in /etc/conf.d/net # but note changes to "gateway=" definition # For pcmcia users. note that pcmcia must be added to the same # runlevel as the net.* script that needs it. depend() { use pcmcia } checkconfig() { if [ ! -x "$(which brctl)" ] then eerror "It might help if you emerged bridge-utils. I hope you / remembered to patch your kernel." return 1 fi } start() { checkconfig || return 1 local iface_args="$(eval echo \$\{iface_${IFACE}\})" local retval=0 ebegin "Bringing ${IFACE} up" # read from /etc/config.d/net which physical intefaces # are associated with this bridge local br_physicals="$(eval echo \$\{${IFACE}_interfaces\})" # we allocate IP address to bridge virtual iface, # not to physical interfaces for br_if in ${br_physicals} do echo -e "\tinitialising physical interface ${br_if} to IP 0.0.0.0" ifconfig ${br_if} 0.0.0.0 done # create a bridge and assign the Ethernet interfaces to it echo -e "\tcreating virtual bridge interface ${IFACE} (addbr command)" brctl addbr ${IFACE} for br_if in ${br_physicals} do brctl addif ${IFACE} ${br_if} echo -e "\tassigning physical interface ${br_if} to ${IFACE} (addif command)" done echo -e "\tfinally, bringing bridge up with:" echo -e "\t ifconfig ${IFACE} ${iface_args} " # finally bring the bridge up /sbin/ifconfig ${IFACE} ${iface_args} >/dev/null || { retval=$? eend ${retval} "Failed to bring ${IFACE} up" return ${retval} } # Might have to remove this next bit # - it probably needs to wait 30 seconds before testing # ifconfig do not always return failure .. /sbin/ifconfig ${IFACE} &> /dev/null || { retval=$? eend ${retval} "Failed to bring ${IFACE} up" return ${retval} } eend 0 # I'm really not sure if we want aliases on our bridge, # so I'm just leaving this here for the moment. # if [ -n "$(eval echo \$\{alias_${IFACE}\})" ] then local x="" local num=0 local aliasbcast="" local aliasnmask="" ebegin " Adding aliases" for x in $(eval echo \$\{alias_${IFACE}\}) do aliasbcast="$(eval echo \$\{broadcast_${IFACE}\} \| awk \'\{ print \$$((num + 1)) \}\')" if [ -n "${aliasbcast}" ] then aliasbcast="broadcast ${aliasbcast}" fi aliasnmask="$(eval echo \$\{netmask_${IFACE}\} \| awk \'\{ print \$$((num + 1)) \}\')" if [ -n "${aliasnmask}" ] then aliasnmask="netmask ${aliasnmask}" fi ebegin " ${IFACE}:${num}" /sbin/ifconfig ${IFACE}:${num} ${x} \ ${aliasbcast} ${aliasnmask} >/dev/null num=$((num + 1)) eend 0 done save_options "alias" "$(eval echo \$\{alias_${IFACE}\})" fi # I don't need IP v6 right now, so i'm disabling it. # # if [ -n "$(eval echo \$\{inet6_${IFACE}\})" ] # then # local x="" # ebegin " Adding inet6 addresses" # for x in $(eval echo \$\{inet6_${IFACE}\}) # do # ebegin " ${IFACE} inet6 add ${x}" # /sbin/ifconfig ${IFACE} inet6 add ${x} >/dev/null # eend 0 # done # save_options "inet6" "$(eval echo \$\{inet6_${IFACE}\})" # fi # Checks through the list of gateways & sees if any apply to this ${IFACE} # # for gateway in ${gateways} # do if [ -n "${gateway}" ] && [ "${gateway%/*}" = "${IFACE}" ] then ebegin " Setting default gateway" /sbin/route add default gw ${gateway#*/} dev ${gateway%/*} \ netmask 0.0.0.0 metric 1 >/dev/null || { local error=$? ifconfig ${IFACE} down &>/dev/null eend ${error} "Failed to bring ${IFACE} up" stop return ${error} } eend 0 fi # done # Enabling rp_filter causes wacky packets to be auto-dropped by # the kernel if [ -e /proc/sys/net/ipv4/conf/${IFACE}/rp_filter ] then echo 1 > /proc/sys/net/ipv4/conf/${IFACE}/rp_filter fi } stop() { local myalias="$(get_options alias)" ebegin "Bringing ${IFACE} down" # # Also down the inet6 interfaces # local myinet6="$(get_options inet6)" # if [ -n "${myinet6}" ] # then # local x="" # for x in ${myinet6} # do # /sbin/ifconfig ${IFACE} inet6 del ${x} >/dev/null # done # fi # Do some cleanup in case the amount of aliases change if [ -n "${myalias}" ] then local x="" local num=0 for x in ${myalias} do /sbin/ifconfig ${IFACE}:${num} down >/dev/null num=$((num + 1)) done fi # read from /etc/config.d/net which physical intefaces # are associated with this bridge local br_physicals="$(eval echo \$\{${IFACE}_interfaces\})" # Remove physical interface from bridge virtual interface for br_if in ${br_physicals} do echo -e "\tdisassociating ${br_if} from ${IFACE} (delif command)" brctl delif ${IFACE} ${br_if} done # Actually bring the bridge down echo -e "\tactually ifconfig ${IFACE} down" /sbin/ifconfig ${IFACE} down >/dev/null # Bring interfaces down, too for br_if in ${br_physicals} do echo -e "\talso ifconfig ${br_if} down" ifconfig ${br_if} down done # Night night! echo -e "\tfinally: Bye! Bye! (delbr ${IFACE})" brctl delbr ${IFACE} eend 0 } [-- Attachment #3: Type: text/plain, Size: 37 bytes --] -- gentoo-dev@gentoo.org mailing list ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [gentoo-dev] Proposal: networking startup script rewrite 2003-10-13 18:56 [gentoo-dev] Proposal: networking startup script rewrite Michael J. Cohen 2003-10-13 22:09 ` Stroller [not found] ` <D1EAAB31-FDC9-11D7-BA49-000A95795F3E@stellar.eclipse.co.uk> @ 2003-10-14 15:21 ` William Hubbs 2 siblings, 0 replies; 5+ messages in thread From: William Hubbs @ 2003-10-14 15:21 UTC (permalink / raw To: gentoo development Hi Michael and all, I am going to try to give some input on this also. On Mon, Oct 13, 2003 at 02:56:00PM -0400, Michael J. Cohen wrote: > After wrestling with our current net implementation to get bridged interfaces > and vlans working, which ended in me just setting up things in local.start, I > figured a rewrite of our network scripts is in order. > > I have made a primitive version of the rewrite available here: > http://325i.org/proposed-net-replacement > > It is useless in its current state and only provided as an example. > > The reason for this rewrite is twofold: ease of configuration and ease of > maintenance. > > Here are a few of my ideas for the evolution of this currently primitive > rewrite: > > * all networking related configuration should take place in /etc/conf.d/net, > thus eliminating /etc/conf.d/iptables and such I don't agree that iptables should be a part of this; I think of setting up a firewall as a separate, but related task. I do, however, like the idea of one script, and one config file that controls bring up and down all of the network interfaces. > * bringing interfaces up and down should be handled by one script that > recognizes all possible up and down configurations of an interface, for > example, 802.1[d,q] (bridge,vlan), netfilter, dhcp, bootp.. I agree here. it would be nice to be able to have a script or utility that would handle all of this. Don't shoot me for this, lol, but I thought that debian's ifupdown utility was pretty slick. It had a configuration file that described all of the interfaces, the default gateway and whether or not interfaces should be brought up on bootup, and it was called by a single script that brought all of the interfaces up or down. > * configuration of iptables, ipsec, routing, etc should be handled by the up/ > down script calling the appropriate /etc/init.d scripts with the appropriate > arguments. these scripts would have to parse /etc/conf.d/net or rely on some > of the functions in /etc/init.d/net to parse it if the user should decide to > start/restart/reload a script individually I think these should stay separate. I guess my thinking here is that all systems that need to be on a network don't necessarily need these functions, so why make them part of the net script? > If anyone has any input, please feel free to speak your mind. > > I would love to see gentoo become the easiest distro to configure network > interfaces for *any* and *all* possible configurations, and I feel that this > is the first step to achieve that goal. Let me know what you think. William -- gentoo-dev@gentoo.org mailing list ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2003-10-14 15:21 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-10-13 18:56 [gentoo-dev] Proposal: networking startup script rewrite Michael J. Cohen
2003-10-13 22:09 ` Stroller
[not found] ` <D1EAAB31-FDC9-11D7-BA49-000A95795F3E@stellar.eclipse.co.uk>
2003-10-14 2:17 ` Michael J. Cohen
2003-10-14 14:09 ` Stroller
2003-10-14 15:21 ` William Hubbs
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox