Re: Proposal to export mdns and llmnr enabled interfaces

2022-06-04 Thread Petr Menšík via networkmanager-list
I have took a look inside into nss-mdns. Its implementation just 
forwards queries name to avahi daemon, but does not send actual packets 
right from plugin. I guess avahi might receive instructions to 
disable/enable interfaces via dbus or more advanced method. It already 
contains ability to exclude or include selected interfaces. But I am not 
sure if it supports modification of that list runtime.


So at least for mdns the proper solution would be in avahi-daemon.

On 03. 06. 22 19:11, Thomas Haller wrote:

Hi,

On Fri, 2022-06-03 at 13:55 +0200, Petr Menšík via networkmanager-list
wrote:
As this is run-time configuration, maybe it should be the ifindex. The
ifindex tends to uniquely identify an interface. Not completely, if the
signed 32 number wraps or if you move interfaces between namespaces,
but still. On the other hand, interfaces can be renamed.


Anyway.

There are problably some conflicting requirements. E.g. the file should
be simple to parse, but also be expressive and extensible with future
features. Making it fully general (instead of specific only to nss-
mdns) makes it potentially more useful. But it also makes it harder to
design future proof.
It sounds like a good idea to me.


Who would define this API? What does
https://github.com/lathiat/nss-mdns think about this? :)



Thank you for reaching out!!
Thomas


--
Petr Menšík
Software Engineer, RHEL
Red Hat, http://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB

___
networkmanager-list mailing list
networkmanager-list@gnome.org
https://mail.gnome.org/mailman/listinfo/networkmanager-list


Re: Proposal to export mdns and llmnr enabled interfaces

2022-06-03 Thread Thomas Haller via networkmanager-list
Hi,

On Fri, 2022-06-03 at 13:55 +0200, Petr Menšík via networkmanager-list
wrote:
> Hi!
> 
> I would like to propose improvement with mdns (and possible llmnr) 
> resolution. Current Fedora and Ubuntu contains mdns4_minimal in 
> /etc/nsswitch.conf. Which means any name.local gets resolved by mdns
> on 
> every interface and always.
> 
> But network manager has configuration for mdns resolution on each 
> connection. I know it targets primary systemd-resolved, but I think
> it 
> could export those information in a simple way for mdns nss plugin.
> 
> For example into file /run/mdns.interfaces, which would change only
> on 
> each connection change. It would be simple text file, containing on
> each 
> line interface name followed by a list of supported address families.

As this is run-time configuration, maybe it should be the ifindex. The
ifindex tends to uniquely identify an interface. Not completely, if the
signed 32 number wraps or if you move interfaces between namespaces,
but still. On the other hand, interfaces can be renamed. 


Anyway.

There are problably some conflicting requirements. E.g. the file should
be simple to parse, but also be expressive and extensible with future
features. Making it fully general (instead of specific only to nss-
mdns) makes it potentially more useful. But it also makes it harder to
design future proof.


> 
> Current defaults in distribution resolve only over IPv4. I don't see
> a 
> reason for that, so I would enable also IPv6 resolution on any 
> connection, which does not set ipv6.method to disabled. As long as it
> has link-local IPv6 address, mdns might work. But could be restricted
> to 
> connections having public IPv6 address eventually.
> 
> nss-mdns plugin has separate mdns4_minimal (resolve over IPv4 only), 
> mdns6_minimal (resolve over IPv6 only) and mdns_minimal (resolve over
> both). If it would be modified to read /run/mdns.interfaces before
> each 
> query, it could just use single version and provide dynamic
> behaviour, 
> while keeping simple logic in nss plugin.
> 
> I would like to have similar possibility also for LLMNR protocol,
> which 
> si very similar. But does not have any nss plugin in current 
> distributions. I would like to make one eventually.
> 
> I would like to have simple way to allow or restrict multicast 
> resolution on some networks, like public transport or conferences.
> Where 
> I don't trust other devices, so I don't want to ask them for names.
> 
> What would you think?
> 
> The overhead in NM seems minimal, yet it would allow good cooperation
> with the system name resolution. Similar configuration could be also 
> provided by different service, like systemd-networkd or any other.
> 
> What do you think about such change?

It sounds like a good idea to me.


Who would define this API? What does
https://github.com/lathiat/nss-mdns think about this? :)



Thank you for reaching out!!
Thomas

___
networkmanager-list mailing list
networkmanager-list@gnome.org
https://mail.gnome.org/mailman/listinfo/networkmanager-list


Proposal to export mdns and llmnr enabled interfaces

2022-06-03 Thread Petr Menšík via networkmanager-list

Hi!

I would like to propose improvement with mdns (and possible llmnr) 
resolution. Current Fedora and Ubuntu contains mdns4_minimal in 
/etc/nsswitch.conf. Which means any name.local gets resolved by mdns on 
every interface and always.


But network manager has configuration for mdns resolution on each 
connection. I know it targets primary systemd-resolved, but I think it 
could export those information in a simple way for mdns nss plugin.


For example into file /run/mdns.interfaces, which would change only on 
each connection change. It would be simple text file, containing on each 
line interface name followed by a list of supported address families.


Current defaults in distribution resolve only over IPv4. I don't see a 
reason for that, so I would enable also IPv6 resolution on any 
connection, which does not set ipv6.method to disabled. As long as it 
has link-local IPv6 address, mdns might work. But could be restricted to 
connections having public IPv6 address eventually.


nss-mdns plugin has separate mdns4_minimal (resolve over IPv4 only), 
mdns6_minimal (resolve over IPv6 only) and mdns_minimal (resolve over 
both). If it would be modified to read /run/mdns.interfaces before each 
query, it could just use single version and provide dynamic behaviour, 
while keeping simple logic in nss plugin.


I would like to have similar possibility also for LLMNR protocol, which 
si very similar. But does not have any nss plugin in current 
distributions. I would like to make one eventually.


I would like to have simple way to allow or restrict multicast 
resolution on some networks, like public transport or conferences. Where 
I don't trust other devices, so I don't want to ask them for names.


What would you think?

The overhead in NM seems minimal, yet it would allow good cooperation 
with the system name resolution. Similar configuration could be also 
provided by different service, like systemd-networkd or any other.


What do you think about such change?

Regards,
Petr

___
networkmanager-list mailing list
networkmanager-list@gnome.org
https://mail.gnome.org/mailman/listinfo/networkmanager-list