Re: lladdr support for netstart/hostname.if (was: Re: Locking network card configuration)
Miod Vallat wrote: > I'm a bit late to the thread, but whatever its outcome, things have to > work correctly on older sparc64 hardware, where the default behaviour > for on-board and Sun-branded expansion card interfaces is to use the > same MAC address. > > This hints that hostname. should have priority over > hoshname. for the latter will be ambiguous on these > systems. Don't use hostname.MAC in that case. Noone is proposing removing hostname.IF0 support. Just like noone is proposing deleting sed because awk can do the job.
Re: lladdr support for netstart/hostname.if (was: Re: Locking network card configuration)
I'm a bit late to the thread, but whatever its outcome, things have to work correctly on older sparc64 hardware, where the default behaviour for on-board and Sun-branded expansion card interfaces is to use the same MAC address. This hints that hostname. should have priority over hoshname. for the latter will be ambiguous on these systems.
Re: lladdr support for netstart/hostname.if (was: Re: Locking network card configuration)
> On 22 Nov 2022, at 16:13, Andrew Hewus Fresh wrote: > > On Mon, Nov 21, 2022 at 04:56:07PM +0100, Martijn van Duren wrote: >> On Sun, 2022-11-20 at 19:35 -0700, Theo de Raadt wrote: >>> Steve Litt wrote: >>> Vitaliy Makkoveev said on Mon, 21 Nov 2022 03:48:21 +0300 >> On 20 Nov 2022, at 18:06, Odd Martin Baanrud >> wrote: >> >> Hello, >> >> I have a Raspberry Pi 4 with 2 USB NIC’s attached. >> One via USB3 (ure0), and the other via USB2 (ure1). >> Since they are connected to different USB interfaces, I thaught they >> would get configured the same way on reboot. But that’s not the case. >> They became swapped on reboot. >> Is there a way to “lock” the configuration I want? >> So the USB3 NIC always become ure0, and the USB2 ure1. >> >> Regards, Martin >> > > You could parse ifconfig(8) output to determine which names network > interfaces received. But unfortunately, you can’t rename interfaces. During your parsing you could assign each one to an environment variable such that, for instance, $lan contains the network card name of the LAN one, and $wan contains the network name of the one going to the Internet. Unfortunately, this would probably mean changing a lot of existing shellscripts, but it's doable. >>> >>> But that is not the problem. >>> >>> hostname.* installs addresses on an interface, based upon the name of that >>> interface. >>> >>> So it is too late for what you suggest. >>> >>> Unless the suggestion is have each hostname.* do a !command to a script >>> which >>> does the assigning. That is pretty crazy. >>> >>> pf.conf is not the problem either, because that can be entirely written >>> using >>> egress and groups. >>> >>> >>> >>> There is a problem with device attachment -> naming a device at that >>> moment -> using that name in netstart.. but I am not sure how we could >>> solve this without creating bigger problems for everyone else in the >>> other non-hot-plug configurations, which is the majority of users with 1 network device. >>> >>> We also hit this problem with disks, and we worked around it with the >>> DUID subsystem. >>> >>> >>> I suppose there is some argument that we should support hostname.MAC >>> files >>> >> I don't have a usecase for this myself, but it seemed like a nice >> exercise and might get the ball rolling. I also don't have much >> experience with our rc/netstart shellcode, so I'm expecting this diff >> should be taken as a starting-point iff we want something like this. >> >> I've chosen to error out on missing lladdr, duplicate lladdr and when >> there's a hostname.if for both the lladdr and the if variant. This means >> that there's smaller chance for order confusion or doubly applied >> configs. Downside is that if someone decided to backup their hostname.if >> to hostname.lladdr that will break their setup. However, I don't expect >> people to backup their config files in this manner, but you never know. >> >> Errors: >> On duplicate lladdr (in this case em0 and iwx0 in trunk0): >> $ doas sh /usr/src/etc/netstart 88:a4:c2:fb:84:77 >> netstart: /etc/hostname.88:a4:c2:fb:84:77: unique if for lladdr not found. >> >> On missing lladdr: >> $ doas sh /usr/src/etc/netstart 88:a4:c2:fb:84:76 >> netstart: /etc/hostname.88:a4:c2:fb:84:76: unique if for lladdr not found. >> >> And having both hostname.if and hostname.lladdr installed: >> $ doas sh ./netstart 00:11:22:33:44:55 >> netstart: /etc/hostname.00:11:22:33:44:55: duplicate config found in >> /etc/hostname.vio0. >> $ doas sh ./netstart vio0 >> netstart: /etc/hostname.vio0: duplicate config found in >> /etc/hostname.00:11:22:33:44:55. >> >> Two omissions I considered but didn't implement: >> 1) I didn't test if the lladdr is owned by one of `ifconfig -C` >> interfaces. Not sure if this is an upside or downside. >> 2) Allowing /etc/netstart if1 and parsing the hostname.lladdr1 and vice >> versa. > > > I got interested in this, and looked at it a bit. My diff is also a bit > preliminary, but a couple of things. > > First, I only parse ifconfig output once and save the LLADDR_MAP to look > up later. This makes the lookup functions a bit simpler. Also, the > glob now uses xdigit, which seems more correct, unless there's something > I am missing about mac addresses. > > I also thought the error message for `netstart $lladdr` when > /etc/hostname.$lladdr doesn't exist, but /etc/hostname.$if does was poor > (it claimed duplicate configs which wasn't true) so I thought the > easiest solution was to implement your #2 there and allow it to start > the $if when you specify the $lladdr. > > Unfortunately, I then looked at the clock and realized it's time for > bed, but I figured you might be interested in another take, even if it's > probably incomplete. In any case, tomorrow is dinner with friends, so > it will be Wednesday before I again have
Re: lladdr support for netstart/hostname.if (was: Re: Locking network card configuration)
On Mon, Nov 21, 2022 at 04:56:07PM +0100, Martijn van Duren wrote: > On Sun, 2022-11-20 at 19:35 -0700, Theo de Raadt wrote: > > Steve Litt wrote: > > > > > Vitaliy Makkoveev said on Mon, 21 Nov 2022 03:48:21 +0300 > > > > > > > > On 20 Nov 2022, at 18:06, Odd Martin Baanrud > > > > > wrote: > > > > > > > > > > Hello, > > > > > > > > > > I have a Raspberry Pi 4 with 2 USB NIC’s attached. > > > > > One via USB3 (ure0), and the other via USB2 (ure1). > > > > > Since they are connected to different USB interfaces, I thaught they > > > > > would get configured the same way on reboot. But that’s not the case. > > > > > They became swapped on reboot. > > > > > Is there a way to “lock” the configuration I want? > > > > > So the USB3 NIC always become ure0, and the USB2 ure1. > > > > > > > > > > Regards, Martin > > > > > > > > > > > > > You could parse ifconfig(8) output to determine which names network > > > > interfaces received. But unfortunately, you can’t rename interfaces. > > > > > > During your parsing you could assign each one to an environment > > > variable such that, for instance, $lan contains the network card name > > > of the LAN one, and $wan contains the network name of the one going to > > > the Internet. Unfortunately, this would probably mean changing a lot of > > > existing shellscripts, but it's doable. > > > > But that is not the problem. > > > > hostname.* installs addresses on an interface, based upon the name of that > > interface. > > > > So it is too late for what you suggest. > > > > Unless the suggestion is have each hostname.* do a !command to a script > > which > > does the assigning. That is pretty crazy. > > > > pf.conf is not the problem either, because that can be entirely written > > using > > egress and groups. > > > > > > > > There is a problem with device attachment -> naming a device at that > > moment -> using that name in netstart.. but I am not sure how we could > > solve this without creating bigger problems for everyone else in the > > other non-hot-plug configurations, which is the majority of users with > > > 1 network device. > > > > We also hit this problem with disks, and we worked around it with the > > DUID subsystem. > > > > > > I suppose there is some argument that we should support hostname.MAC > > files > > > I don't have a usecase for this myself, but it seemed like a nice > exercise and might get the ball rolling. I also don't have much > experience with our rc/netstart shellcode, so I'm expecting this diff > should be taken as a starting-point iff we want something like this. > > I've chosen to error out on missing lladdr, duplicate lladdr and when > there's a hostname.if for both the lladdr and the if variant. This means > that there's smaller chance for order confusion or doubly applied > configs. Downside is that if someone decided to backup their hostname.if > to hostname.lladdr that will break their setup. However, I don't expect > people to backup their config files in this manner, but you never know. > > Errors: > On duplicate lladdr (in this case em0 and iwx0 in trunk0): > $ doas sh /usr/src/etc/netstart 88:a4:c2:fb:84:77 > netstart: /etc/hostname.88:a4:c2:fb:84:77: unique if for lladdr not found. > > On missing lladdr: > $ doas sh /usr/src/etc/netstart 88:a4:c2:fb:84:76 > netstart: /etc/hostname.88:a4:c2:fb:84:76: unique if for lladdr not found. > > And having both hostname.if and hostname.lladdr installed: > $ doas sh ./netstart 00:11:22:33:44:55 > netstart: /etc/hostname.00:11:22:33:44:55: duplicate config found in > /etc/hostname.vio0. > $ doas sh ./netstart vio0 > netstart: /etc/hostname.vio0: duplicate config found in > /etc/hostname.00:11:22:33:44:55. > > Two omissions I considered but didn't implement: > 1) I didn't test if the lladdr is owned by one of `ifconfig -C` >interfaces. Not sure if this is an upside or downside. > 2) Allowing /etc/netstart if1 and parsing the hostname.lladdr1 and vice >versa. I got interested in this, and looked at it a bit. My diff is also a bit preliminary, but a couple of things. First, I only parse ifconfig output once and save the LLADDR_MAP to look up later. This makes the lookup functions a bit simpler. Also, the glob now uses xdigit, which seems more correct, unless there's something I am missing about mac addresses. I also thought the error message for `netstart $lladdr` when /etc/hostname.$lladdr doesn't exist, but /etc/hostname.$if does was poor (it claimed duplicate configs which wasn't true) so I thought the easiest solution was to implement your #2 there and allow it to start the $if when you specify the $lladdr. Unfortunately, I then looked at the clock and realized it's time for bed, but I figured you might be interested in another take, even if it's probably incomplete. In any case, tomorrow is dinner with friends, so it will be Wednesday before I again have a chance to think on this. Index: etc/netstart
