[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Proposal: Network configuration file format



On Wed, Aug 04, 1999 at 10:13:17AM +0200, Rene Mayrhofer wrote:
> Here is my proposal for a network configuration file format.

Hmmm. I suppose that's my cue.

Included in netbase 3.14-4 (and the short lived 3.14-3 too actually),
and currently available for i386, m68k and alpha, are a couple of
binaries "/sbin/ifup" and "/sbin/ifdown", and a configuration file
"/etc/network/interfaces".

Note, this is existing, working, even partially tested (!) code.

It more or less works for standard ethernet based configs (hardcoded
addresses, bootp and pcmcia cards should all work; dhcp is a bit flakey),
coping with network routes under 2.0 and 2.2, and so on.

It should expand gracefully to support ipv6 and ipx, and should support
wacky networking via ax25 and stuff too.

It has some nominal support for schemes (add "scheme foo" before one
group of interfaces, and "scheme bar" before another and use "ifup -s
foo eth0" or "ifup -s bar eth0" to select which one you want), but I
have a feeling how it works probably needs to change.

The source is my second attempt at a literate program, so *theoretically*
you should be able to take the source to bed and read it and *enjoy* it,
but in reality... Well, YMMV.

If you download the source, and have a look at the *.defn files, you
should get some idea how to handle different address families (inet6, ipx,
or whatever). Patches to support some of those better would be welcome.

The two biggest changes I expect are support for logical interfaces
("extppp" which may turn out to be ppp1 sometimes instead of ppp0, or
similar) and schemes (I expect these two to influence each other); and I
expect the .defn format to become a little snazzier to make configuration
files more pleasant to write.

Actually, the other biggest change I expect is an "/etc/interface/up.d/"
directory for handling any services that need to be reconfigured/restarted
when interfaces change; for example proxy redirectors, bind, NFS mounts,
etc.

Anyway. Have a look at /etc/network/interfaces and play around. The "-v"
and "-n" (verbose, and no-act) will probably be useful. If you use "-n"
it'll tell you exactly what commands it would run.

Oh. For reference:

[aj@azure ~]$ cat /etc/init.d/network 
#!/bin/sh
ifup -a
[aj@azure ~]$ _

(actually, I lie. I have some firewalling rules in there too)

Patches, proposals, praise and prestidigitation on any of the above is
quite welcome.

> 5.1 An example as I would use it for my home network:
> # The local network.
> network "internal" {
>   # The main connection to the internal network.
>   interface "eth0" { addressv4 10.0.0.4 }
>   # This is for testing apache's virtual server capabilities
>   interface "eth0:0" { addressv4 dhcp }
>   networkv4 10.0.0.0;
>   netmaskv4 255.255.255.0;
>   broadcastv4 10.0.0.255;
> }

scheme internal
iface eth0 inet4 static
	address 10.0.0.4
	netmask 255.0.0.0
	network 10.0.0.0
	broadcast 10.255.255.255

iface eth0:0 inet4 dhcp
	# erm. I think. this may or may not work. Does dhcp over an
	# alias actually work?

> # a direct connection to a other local network that provides some services
> network "untrusted" {
>   interface "eth1" { addressv4 192.168.1.34 }
>   networkv4 192.168.1.0;
>   netmaskv4 255.255.254.0;

Is this what you mean? It's the same as 192.168.0.0/255.255.254.0 ?

>   broadcastv4 192.168.2.255;

This also seems weird?

> }

scheme untrusted
iface eth1 inet static
	address 192.168.1.34
	network 192.168.1.0
	netmask 255.255.254.0
	broadcast 192.168.2.255

> # For using Vmware's network capabilities.
> network "vmnet" {
>   interface "vmnet0" { addressv4 10.0.1.1 }
>   networkv4 10.0.1.0;
>   netmaskv4 255.255.255.0;
>   broadcastv4 10.0.1.255;
> }

(left as an exercise to the interested reader :)

> # The ISDN connection to the outside
> network "isdn" {
>   interface "isdn0" { 
>     addressv4 193.170.191.36;
>     ptpaddressv4 193.170.191.33;
>   }
>   networkv4 193.170.191.32;
>   netmaskv4 255.255.255.240;
>   arp false;
>   # A shell script sets this to true if I want automatic connections to
> be made
>   enabled false;
>   # Maybe we should put in the ISDN settings here too (telephone number,
>   # protocol, ...)
> }

I've never actually had the pleasure of setting up an ISDN interface. I
expect you'd want to write a special defn for it though, and have something
like:

iface isdn0 inet isdn
    noauto
    address 193.170.191.36
    ptpaddress 193.170.191.33
    network 193.170.191.32 
    netmask 255.255.255.240
    # whatever other parameters isdn takes

(use "ifup isdn0" by hand, instead of expecting it to come up as part of
/etc/init.d/network (ie, ifup -a))

> # The default route to the internet
> route default {
>   gatewayv4 193.170.190.33;
> }

    gateway 193.170.190.33 
        # in the appropriate iface block

> # Now some firewalling rules
> # masquerade the internal network to the internet, but do www access
> over a
> # (transparent) proxy on the local host

These I don't have at all. I'm not convinced they're *incredibly*
necessary.

> rule { from "dialin" to "internet" masquerade }
> rule { from "dialin" to "internal" reject incoming }

These could be kind of cute, though.

Cheers,
a "I'll take `show you the code' for 100 points, please" j

-- 
Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. PGP encrypted mail preferred.

 ``The thing is: trying to be too generic is EVIL. It's stupid, it 
        results in slower code, and it results in more bugs.''
                                        -- Linus Torvalds

Attachment: pgpVbWwfqmSIw.pgp
Description: PGP signature


Reply to: