Network configuration proposal: little summary
I am very happy with the comments and suggestions I got concerning my
proposal for a new network configuration. Now I want to give a little
summary about what is going to change in my proposed structure (I am
also posting this to debian-admintool as I think it fits there also).
1. After Anthony told me about his new ifup and ifdown commands, I think
I will build up on his code to implement my proposal. In my opinion it
is better to have some partially incomplete, working code than a mostly
complete proposal. I am also very happy that I was offered help by Inaky
Perez Gonzalez. If there are more people working on this the chance of
getting it running soon increases drastically.
What I really want to do with this proposal is set up a killer
application for configuring network stuff in Debian that is way ahead of
other distribution's tools. This is the main cause why I tried to
integrate all parts into one structure. I have no objections against
splitting the information into different config files, but I would like
them to be integrated.
Are there any objections against using Anthony's code ? Is there any
disadvantage of not writing that thing from scratch ?
Anthony, is it possible to modularize your work so that different config
file formats can be used ?
There is still one problem with the current code that has to be solved.
One of my main points was the usage of named networks. These named
networks are used for the definition of routing and firewalling rules
and I think that they make it a lot easier when someone deals with more
than 3 interfaces. Anthony, how could the naming be implemented with
your current file format ?
2. Schemes are a very good idea and they will definitely go into the
system, even if the decision is to write it from scratch.
3. Another excellent idea of Anthony is the usage of .defn files. I want
to use them too.
4. pcmcia, isdn and ppp will have to be supported better. I know about
isdn and pcmcia but I do not have very much experience with ppp
dial-out. There is an addition to my system that deals with ppp from
Inakya that I like and I will try to integrate this.
Now there is question to the maintainers of the pcmcia, isdn and ppp
related packages: Would you like have the options integrated with the
network interface configuration ? It does not have to be in the same
file, I want to have a modular design for reading the information so
that there could be multiple files, a single XML file or whatever
(possibly the new debian configuration management system after a
decision was made). I want to define and implement the structure and
sematics behind this.
Paul Slootman, the maintainer of isdnutils, said already that he wants
to cooperate with this project.
What do the others think ?
5. Brian Basset had the objection that the ipmasq package already did
some of what I am trying to do with my proposal. Yesterday I looked at
the rule files processed by ipmasq and I saw some features that I really
like (mostly the secure way of activating the firewall rules) and that I
will take and implement (that the good point with open source - you
don't have to reinvent the wheel). But ipmasq is aimed at the
experienced Unix user who knows how to read and interpret manual pages.
Please correct me if I am wrong, but ipmasq only deals with activating
already written ipchains (or ipfwadm) statements. This does not
interfere with my activation tool that tries to write these for the
user. I want to have an easy to learn but powerful "language" to write
firewalling rules. These rules get translated into the correct ipchains
statements. We could use my activation agent to write the rules and the
ipmasq script to activate them. Is my assumption (without real knowledge
;-) ) about the purpose of impasq correct (I do not want do things that
have already be done) ?
6. I know that there are at least two other packages for network
interface configuration, but I lost my debian-devel archive due to a
mail server crash. Please could everybody who is working on something
like my proposal drop me a message on how it differs from mine. I really
would like to create something powerful that can handle all features of
the 2.2.x kernels. I am in no way fixed on my proposal, many things can
change if there are better ways to do it. If we work together, we can
create a powerful system.
7. I think the system should build on the tools to configure kernel
2.2.x behaviour (ip, ipchains, ipmasqadm) as they are much more powerful
than the tools for older kernels (ifconfig, ipfwadm). When we use .defn
files, we could write files for using both systems, but I want to
conentrate on the newer tools. Are there any objections agains this ?
7. As I am no official maintainer yet (my application is pending as I
read on this list), somebody would have to spnsor the uploads if the
system is to go into the main distribution. This is no problem for me if
somebody would do that (maybe to experimental at the early stages).