Re: lladdr support for netstart/hostname.if (was: Re: Locking network card configuration)
Miod Vallat wrote: > I'm a bit late to the thread, but whatever its outcome, things have to > work correctly on older sparc64 hardware, where the default behaviour > for on-board and Sun-branded expansion card interfaces is to use the > same MAC address. > > This hints that hostname. should have priority over > hoshname. for the latter will be ambiguous on these > systems. Don't use hostname.MAC in that case. Noone is proposing removing hostname.IF0 support. Just like noone is proposing deleting sed because awk can do the job.
Re: lladdr support for netstart/hostname.if (was: Re: Locking network card configuration)
I'm a bit late to the thread, but whatever its outcome, things have to work correctly on older sparc64 hardware, where the default behaviour for on-board and Sun-branded expansion card interfaces is to use the same MAC address. This hints that hostname. should have priority over hoshname. for the latter will be ambiguous on these systems.
Re: lladdr support for netstart/hostname.if (was: Re: Locking network card configuration)
> On 22 Nov 2022, at 16:13, Andrew Hewus Fresh wrote: > > On Mon, Nov 21, 2022 at 04:56:07PM +0100, Martijn van Duren wrote: >> On Sun, 2022-11-20 at 19:35 -0700, Theo de Raadt wrote: >>> Steve Litt wrote: >>> Vitaliy Makkoveev said on Mon, 21 Nov 2022 03:48:21 +0300 >> On 20 Nov 2022, at 18:06, Odd Martin Baanrud >> wrote: >> >> Hello, >> >> I have a Raspberry Pi 4 with 2 USB NIC’s attached. >> One via USB3 (ure0), and the other via USB2 (ure1). >> Since they are connected to different USB interfaces, I thaught they >> would get configured the same way on reboot. But that’s not the case. >> They became swapped on reboot. >> Is there a way to “lock” the configuration I want? >> So the USB3 NIC always become ure0, and the USB2 ure1. >> >> Regards, Martin >> > > You could parse ifconfig(8) output to determine which names network > interfaces received. But unfortunately, you can’t rename interfaces. During your parsing you could assign each one to an environment variable such that, for instance, $lan contains the network card name of the LAN one, and $wan contains the network name of the one going to the Internet. Unfortunately, this would probably mean changing a lot of existing shellscripts, but it's doable. >>> >>> But that is not the problem. >>> >>> hostname.* installs addresses on an interface, based upon the name of that >>> interface. >>> >>> So it is too late for what you suggest. >>> >>> Unless the suggestion is have each hostname.* do a !command to a script >>> which >>> does the assigning. That is pretty crazy. >>> >>> pf.conf is not the problem either, because that can be entirely written >>> using >>> egress and groups. >>> >>> >>> >>> There is a problem with device attachment -> naming a device at that >>> moment -> using that name in netstart.. but I am not sure how we could >>> solve this without creating bigger problems for everyone else in the >>> other non-hot-plug configurations, which is the majority of users with 1 network device. >>> >>> We also hit this problem with disks, and we worked around it with the >>> DUID subsystem. >>> >>> >>> I suppose there is some argument that we should support hostname.MAC >>> files >>> >> I don't have a usecase for this myself, but it seemed like a nice >> exercise and might get the ball rolling. I also don't have much >> experience with our rc/netstart shellcode, so I'm expecting this diff >> should be taken as a starting-point iff we want something like this. >> >> I've chosen to error out on missing lladdr, duplicate lladdr and when >> there's a hostname.if for both the lladdr and the if variant. This means >> that there's smaller chance for order confusion or doubly applied >> configs. Downside is that if someone decided to backup their hostname.if >> to hostname.lladdr that will break their setup. However, I don't expect >> people to backup their config files in this manner, but you never know. >> >> Errors: >> On duplicate lladdr (in this case em0 and iwx0 in trunk0): >> $ doas sh /usr/src/etc/netstart 88:a4:c2:fb:84:77 >> netstart: /etc/hostname.88:a4:c2:fb:84:77: unique if for lladdr not found. >> >> On missing lladdr: >> $ doas sh /usr/src/etc/netstart 88:a4:c2:fb:84:76 >> netstart: /etc/hostname.88:a4:c2:fb:84:76: unique if for lladdr not found. >> >> And having both hostname.if and hostname.lladdr installed: >> $ doas sh ./netstart 00:11:22:33:44:55 >> netstart: /etc/hostname.00:11:22:33:44:55: duplicate config found in >> /etc/hostname.vio0. >> $ doas sh ./netstart vio0 >> netstart: /etc/hostname.vio0: duplicate config found in >> /etc/hostname.00:11:22:33:44:55. >> >> Two omissions I considered but didn't implement: >> 1) I didn't test if the lladdr is owned by one of `ifconfig -C` >> interfaces. Not sure if this is an upside or downside. >> 2) Allowing /etc/netstart if1 and parsing the hostname.lladdr1 and vice >> versa. > > > I got interested in this, and looked at it a bit. My diff is also a bit > preliminary, but a couple of things. > > First, I only parse ifconfig output once and save the LLADDR_MAP to look > up later. This makes the lookup functions a bit simpler. Also, the > glob now uses xdigit, which seems more correct, unless there's something > I am missing about mac addresses. > > I also thought the error message for `netstart $lladdr` when > /etc/hostname.$lladdr doesn't exist, but /etc/hostname.$if does was poor > (it claimed duplicate configs which wasn't true) so I thought the > easiest solution was to implement your #2 there and allow it to start > the $if when you specify the $lladdr. > > Unfortunately, I then looked at the clock and realized it's time for > bed, but I figured you might be interested in another take, even if it's > probably incomplete. In any case, tomorrow is dinner with friends, so > it will be Wednesday before I again have
Re: lladdr support for netstart/hostname.if (was: Re: Locking network card configuration)
On Mon, Nov 21, 2022 at 04:56:07PM +0100, Martijn van Duren wrote: > On Sun, 2022-11-20 at 19:35 -0700, Theo de Raadt wrote: > > Steve Litt wrote: > > > > > Vitaliy Makkoveev said on Mon, 21 Nov 2022 03:48:21 +0300 > > > > > > > > On 20 Nov 2022, at 18:06, Odd Martin Baanrud > > > > > wrote: > > > > > > > > > > Hello, > > > > > > > > > > I have a Raspberry Pi 4 with 2 USB NIC’s attached. > > > > > One via USB3 (ure0), and the other via USB2 (ure1). > > > > > Since they are connected to different USB interfaces, I thaught they > > > > > would get configured the same way on reboot. But that’s not the case. > > > > > They became swapped on reboot. > > > > > Is there a way to “lock” the configuration I want? > > > > > So the USB3 NIC always become ure0, and the USB2 ure1. > > > > > > > > > > Regards, Martin > > > > > > > > > > > > > You could parse ifconfig(8) output to determine which names network > > > > interfaces received. But unfortunately, you can’t rename interfaces. > > > > > > During your parsing you could assign each one to an environment > > > variable such that, for instance, $lan contains the network card name > > > of the LAN one, and $wan contains the network name of the one going to > > > the Internet. Unfortunately, this would probably mean changing a lot of > > > existing shellscripts, but it's doable. > > > > But that is not the problem. > > > > hostname.* installs addresses on an interface, based upon the name of that > > interface. > > > > So it is too late for what you suggest. > > > > Unless the suggestion is have each hostname.* do a !command to a script > > which > > does the assigning. That is pretty crazy. > > > > pf.conf is not the problem either, because that can be entirely written > > using > > egress and groups. > > > > > > > > There is a problem with device attachment -> naming a device at that > > moment -> using that name in netstart.. but I am not sure how we could > > solve this without creating bigger problems for everyone else in the > > other non-hot-plug configurations, which is the majority of users with > > > 1 network device. > > > > We also hit this problem with disks, and we worked around it with the > > DUID subsystem. > > > > > > I suppose there is some argument that we should support hostname.MAC > > files > > > I don't have a usecase for this myself, but it seemed like a nice > exercise and might get the ball rolling. I also don't have much > experience with our rc/netstart shellcode, so I'm expecting this diff > should be taken as a starting-point iff we want something like this. > > I've chosen to error out on missing lladdr, duplicate lladdr and when > there's a hostname.if for both the lladdr and the if variant. This means > that there's smaller chance for order confusion or doubly applied > configs. Downside is that if someone decided to backup their hostname.if > to hostname.lladdr that will break their setup. However, I don't expect > people to backup their config files in this manner, but you never know. > > Errors: > On duplicate lladdr (in this case em0 and iwx0 in trunk0): > $ doas sh /usr/src/etc/netstart 88:a4:c2:fb:84:77 > netstart: /etc/hostname.88:a4:c2:fb:84:77: unique if for lladdr not found. > > On missing lladdr: > $ doas sh /usr/src/etc/netstart 88:a4:c2:fb:84:76 > netstart: /etc/hostname.88:a4:c2:fb:84:76: unique if for lladdr not found. > > And having both hostname.if and hostname.lladdr installed: > $ doas sh ./netstart 00:11:22:33:44:55 > netstart: /etc/hostname.00:11:22:33:44:55: duplicate config found in > /etc/hostname.vio0. > $ doas sh ./netstart vio0 > netstart: /etc/hostname.vio0: duplicate config found in > /etc/hostname.00:11:22:33:44:55. > > Two omissions I considered but didn't implement: > 1) I didn't test if the lladdr is owned by one of `ifconfig -C` >interfaces. Not sure if this is an upside or downside. > 2) Allowing /etc/netstart if1 and parsing the hostname.lladdr1 and vice >versa. I got interested in this, and looked at it a bit. My diff is also a bit preliminary, but a couple of things. First, I only parse ifconfig output once and save the LLADDR_MAP to look up later. This makes the lookup functions a bit simpler. Also, the glob now uses xdigit, which seems more correct, unless there's something I am missing about mac addresses. I also thought the error message for `netstart $lladdr` when /etc/hostname.$lladdr doesn't exist, but /etc/hostname.$if does was poor (it claimed duplicate configs which wasn't true) so I thought the easiest solution was to implement your #2 there and allow it to start the $if when you specify the $lladdr. Unfortunately, I then looked at the clock and realized it's time for bed, but I figured you might be interested in another take, even if it's probably incomplete. In any case, tomorrow is dinner with friends, so it will be Wednesday before I again have a chance to think on this. Index: etc/netstart
lladdr support for netstart/hostname.if (was: Re: Locking network card configuration)
On Sun, 2022-11-20 at 19:35 -0700, Theo de Raadt wrote:
> Steve Litt wrote:
>
> > Vitaliy Makkoveev said on Mon, 21 Nov 2022 03:48:21 +0300
> >
> > > > On 20 Nov 2022, at 18:06, Odd Martin Baanrud
> > > > wrote:
> > > >
> > > > Hello,
> > > >
> > > > I have a Raspberry Pi 4 with 2 USB NIC’s attached.
> > > > One via USB3 (ure0), and the other via USB2 (ure1).
> > > > Since they are connected to different USB interfaces, I thaught they
> > > > would get configured the same way on reboot. But that’s not the case.
> > > > They became swapped on reboot.
> > > > Is there a way to “lock” the configuration I want?
> > > > So the USB3 NIC always become ure0, and the USB2 ure1.
> > > >
> > > > Regards, Martin
> > > >
> > >
> > > You could parse ifconfig(8) output to determine which names network
> > > interfaces received. But unfortunately, you can’t rename interfaces.
> >
> > During your parsing you could assign each one to an environment
> > variable such that, for instance, $lan contains the network card name
> > of the LAN one, and $wan contains the network name of the one going to
> > the Internet. Unfortunately, this would probably mean changing a lot of
> > existing shellscripts, but it's doable.
>
> But that is not the problem.
>
> hostname.* installs addresses on an interface, based upon the name of that
> interface.
>
> So it is too late for what you suggest.
>
> Unless the suggestion is have each hostname.* do a !command to a script which
> does the assigning. That is pretty crazy.
>
> pf.conf is not the problem either, because that can be entirely written using
> egress and groups.
>
>
>
> There is a problem with device attachment -> naming a device at that
> moment -> using that name in netstart.. but I am not sure how we could
> solve this without creating bigger problems for everyone else in the
> other non-hot-plug configurations, which is the majority of users with
> > 1 network device.
>
> We also hit this problem with disks, and we worked around it with the
> DUID subsystem.
>
>
> I suppose there is some argument that we should support hostname.MAC
> files
>
I don't have a usecase for this myself, but it seemed like a nice
exercise and might get the ball rolling. I also don't have much
experience with our rc/netstart shellcode, so I'm expecting this diff
should be taken as a starting-point iff we want something like this.
I've chosen to error out on missing lladdr, duplicate lladdr and when
there's a hostname.if for both the lladdr and the if variant. This means
that there's smaller chance for order confusion or doubly applied
configs. Downside is that if someone decided to backup their hostname.if
to hostname.lladdr that will break their setup. However, I don't expect
people to backup their config files in this manner, but you never know.
Errors:
On duplicate lladdr (in this case em0 and iwx0 in trunk0):
$ doas sh /usr/src/etc/netstart 88:a4:c2:fb:84:77
netstart: /etc/hostname.88:a4:c2:fb:84:77: unique if for lladdr not found.
On missing lladdr:
$ doas sh /usr/src/etc/netstart 88:a4:c2:fb:84:76
netstart: /etc/hostname.88:a4:c2:fb:84:76: unique if for lladdr not found.
And having both hostname.if and hostname.lladdr installed:
$ doas sh ./netstart 00:11:22:33:44:55
netstart: /etc/hostname.00:11:22:33:44:55: duplicate config found in
/etc/hostname.vio0.
$ doas sh ./netstart vio0
netstart: /etc/hostname.vio0: duplicate config found in
/etc/hostname.00:11:22:33:44:55.
Two omissions I considered but didn't implement:
1) I didn't test if the lladdr is owned by one of `ifconfig -C`
interfaces. Not sure if this is an upside or downside.
2) Allowing /etc/netstart if1 and parsing the hostname.lladdr1 and vice
versa.
martijn@
Index: etc/netstart
===
RCS file: /cvs/src/etc/netstart,v
retrieving revision 1.219
diff -u -p -r1.219 netstart
--- etc/netstart3 Jul 2022 12:14:36 - 1.219
+++ etc/netstart21 Nov 2022 15:40:23 -
@@ -92,6 +92,40 @@ parse_hn_line() {
set +o noglob
}
+# Find if for lladdr
+# Usage: lladdr2if xx:xx:xx:xx:xx:xx
+# Duplicate lladdrs result in error.
+LLADDR_GLOB='[[:alnum:]][[:alnum:]]:[[:alnum:]][[:alnum:]]:'
+LLADDR_GLOB=$LLADDR_GLOB'[[:alnum:]][[:alnum:]]:[[:alnum:]][[:alnum:]]:'
+LLADDR_GLOB=$LLADDR_GLOB'[[:alnum:]][[:alnum:]]:[[:alnum:]][[:alnum:]]'
+lladdr2if() {
+ local _line _if _lladdr="$1"
+
+ _if="$(ifconfig | while IFS= read -- _line; do
+ [[ -n "${_line%%[[:space:]]*}" ]] && _if="${_line%%:*}"
+ if [[ -z "${_line%%[[:space:]]lladdr $LLADDR_GLOB}" && \
+ "${_line##* }" = "$_lladdr" ]]; then
+ print -n -- "$_if "
+ fi
+ done)"
+ [[ -z "$_if" || -n "${_if#* }" ]] && return 1
+ print -- $_if
+}
+
+# Find lladdr for if
+# Usage: if2lladdr if1
+if2lladdr() {
+ local _line _if="$1"
+
+ ifconfig $_if 2>/d
