Hi Thomas That is already very helpful for me. I will have a look at it and try to write a patch. Let's see if something comes out that works.
Regards, Adrian On Sat, 2022-05-14 at 21:33 +0200, Thomas Haller wrote: > On Fri, 2022-05-13 at 23:23 +0200, Adrian Freihofer via networkmanager- > list wrote: > > Hi > > > > Is it somehow possible to disable an interface via NetworkManager? > > > > I am thinking of something like: > > > > nmcli connection modify con-eth0 802-3-ethernet.phy disabled > > nmcli connection up con-eth0 > > > > which would basically have the same effect as: > > > > ip link set eth0 down > > > > > > nmcli connection modify con-eth0 802-3-ethernet.phy enabled > > nmcli connection up con-eth0 > > > > which would basically have the same effect as: > > > > ip link set eth0 up > > > > > > The background is a security requirement. Unused interfaces must > > ideally remain disabled at the physical layer when a cable is plugged > > in. Ideally, the LEDs would also remain dark. > > > > If this function does not exist yet, would it be interesting for > > NetworkManager? > > Could the functionality be implemented with reasonable effort or > > would > > it be difficult to implement? > > > > Thank you and regards, > > Adrian > > no, what you ask for is currently not possible. > > > NM always likes to set the interface up, because otherwise it wouldn't > get a carrier event (to know whether a cable is plugged in). Doing that > causes other difficulties, like when the device is "disconnected" in > NetworkManager, then NetworkManager needs to set IPv6 addr-gen-mode > "none". Otherwise, kernel would already add an IPv6 address, which is > more than NetworkManager wants. What would be best, if kernel would > allow to enable carrier-detection on an interface, without all the > other things that "IFF_UP" brings. > > But what you ask for is very sensible. Just not done yet, and it's also > not entirely clear what do to. > > "ethernet.phy no" seems odd to me, because you have to activate a > profile to set it down. Also, most of the other settings of the profile > would be meaningless with "phy no". > > What you already can do, is `nmcli device set $IFNAME managed no`. I > think that is the way. The only problem with this is, that > NetworkManager will give up the interface and leave it to the user an a > not well-defined state. What would even be the right state? If the > device is currently connected, I partly think that NM should just leave > everything up (including all IP addresses). The advantage of that would > be, that setting a device unmanaged does not disconnect you right away. > On the other hand, if the device is currently disconnected and you set > it unmanaged, then I think the addr-gen-mode will stay at "none". That > is confusing to the user, because IPv6 does not work without > modification. Or should NM always deconfigure it? Maybe it is indeed > the latter, and then NM should also set the interface down. > > Patch welcome, but maybe first discuss what it should do in detail :) > Thank you. > > > best, > Thomas > _______________________________________________ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
