[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Request for comment: a new software to manage linux networking features

Dear Debian developers,
My team have been developing a software for my company since 2004, now I have plan to release it to the public, hopefully in an open source license if the management board doesn't object. So I need the peer reviews from the community of the quality of the software, if it's good enough for the community, I'll convince the company to release it, if the quality is not so good, it won't worth the effort to do necessary works to publish it, so I'll just keep it for private use.
To be short, I consider my software "an evolution of ifupdown", so the main part is called "netupdown", the purpose of this software is to use on corporate internet gateway, the main features of the software:
* The configuration file is in XML so netupdown can handle sophisticated configuration. Editing the XML the configuration by hand or by software will be easy and comfortable. 
<?xml version="1.0" encoding="utf-8"?>
<config version="1.0" logLevel="debug">
...
</config>
* The configuration syntax is unified and consistent, for example, I need a VPN tunnel to run on a pppoe connection, the computer has more than one ppp interfaces. You know, ppp numbers are automatically allocated so it's quite troublesome, netupdown can solve this problem because interfaces are mentioned by a fixed name, netupdown will translate it into a name that the kernel can understand when necessary. When the pppoe interface is down, the openvpn process is killed, when the pppoe interface is up again, netupdown will generate the new openvpn option file based on a template, and bind the local ip address to the ip address of pppoe. 
In this case, the configuration is as easy as:
<interface name="fpt1" type="ppp">
<ppp type="pppoe" options="" depend_on="tap1" username="***" password="***"/> 
 <network id="11" name="FPT1" auto="1"/>
</interface>
<interface name="tap7" auto="0" type="ethernet" sub_type="openvpn">
<openvpn remote="210.245.87.151" rport="19817" comp="comp-lzo" depend_on="FPT1"/> 
 <network id="7" name="TAP" auto="1" config="dhcp"/>
</interface>
* netupdown has a strong dependency system, much like Debian's, when the system is operating, an internet connection stops working, all the virtual interfaces depends on it is killed if there is no alternative, and interfaces depends on the ones got killed is killed as well. When the internet connection comes up again, netupdown will rebuilt the configuration file and start the virtual interface again.
* netupdown is created to serve all the need of Linux networking. In one file, people configure not just ordinary ethernet interfaces but also VLAN, VPN, ppp, bridges, bonding interfaces, static routes, multipath routes, firewall, traffic shaping ... This example show how to bridge tap11 with eth0, so we have two interfaces (br0 and tap1) connected to the broadcast domain of eth0, instead of just one (eth0), in my network, this technique is quite useful: 
<interface name="br0" auto="1" type="ethernet" sub_type="bridge">
 <depend_on name="eth0" value="1"/>
 <depend_on name="tap11" value="1"/>
 <network id="3" name="DHCP" auto="0" config="dhcp"/>
</interface>
<interface name="eth0" auto="1" type="ethernet">
</interface>
<interface name="tap1" auto="1" type="ethernet" sub_type="openvpn" hw_addr="xx:xx:xx:xx:xx:xx"> 
 <openvpn remote="127.0.0.1" rport="19821" lport="19811"/>
</interface>
<interface name="tap11" auto="1" type="ethernet" sub_type="openvpn">
 <openvpn remote="127.0.0.1" rport="19811" lport="19821"/>
</interface>
* netupdown is made for computer with multiple connections to the internet (for example, two DSLs to two different ISPs). Actually, the most notable case is that it serve networking on an enterprise internet gateway with 10 DSLs and 1 fiber connection, and the bit rate is excelent. This rule make a simple multipath routing on two interfaces, the internal mechanism of netupdown also do job of iptables connmark rules and iproute2 policy routing to make multipath routing works correctly. 
<mroute id="60" name="default">
 <group>
   <nexthop route="FPT1" weight="2"/>
   <nexthop route="DHCP" weight="1"/>
 </group>
</mroute>
* netupdown pairs with routeskeeper, a daemon using Perl POE non-blocking IO framework to check the availability of connections, each route can has multiple tests (using ping and TCP connect to remote host), when a defined percentage of tests fail, the daemon bring down the route so new connections don't go to the black hole, but going to still funtional connections. This feature keep the user happy because the downtime is minimal. This sample configuration define a set of 3 tests, used for all internet connections of the computer, the number of tests can be many, lower the false negative. We can also define the interval of each test, and many parameters, but I don't mention them all in here. 
<route name="*">
 <test name="PING-google" type="connect" location="gg.gg.gg.gg"/>
 <test name="CONNECT-yahoo" type="connect" location="yy.yy.yy.yy:80"/>
 <test name="CONNECT-kernel" type="connect" location="kk.kk.kk.kk:80"/>
</route>
* There is another component of my software that is under development is to utilise the netfilter netlink socket to watch conntrack table, and log all connection to a database, it's useful for security audit.
* The internal variables are stored in /var/run/netupdown/runtime.env so other programs and scripts can read it easily, each state such as .up_wanted or .up has a timestamp to remember the moment when it happened. 
.Initialized=1203133517
i.br0.configured=1203133518
i.br0.dev=br0
i.br0.explicit=1
i.br0.hw_addr=00:0f:xx:xx:xx:xx
i.br0.up=1203133518
i.br0.up_wanted=1203133518
i.fpt1.configured=1203133596
i.fpt1.dev=ppp0
i.fpt1.explicit=1
i.fpt1.hw_addr=ppp0
i.fpt1.up=1203133596
i.fpt1.up_wanted=1203133575
i.eth0.busy=1203133518
i.eth0.configured=1203133517
i.eth0.dev=eth0
i.eth0.hw_addr=00:0f:xx:xx:xx:xx
i.eth0.up=1203133518
i.eth0.up_wanted=1203133517
i.tap1.configured=1203133553
i.tap1.dev=tap1
i.tap1.explicit=1
i.tap1.hw_addr=00:13:xx:xx:xx:xx
i.tap1.up=1203133553
i.tap1.up_wanted=1203133551
i.tap11.busy=br0
i.tap11.configured=1203133552
i.tap11.dev=tap11
i.tap11.hw_addr=00:ff:xx:xx:xx:xx
i.tap11.up=1203133552
i.tap11.up_wanted=1203133517
mr.default.working_group=1
n.FPT1.dns1=210.245.0.11
n.FPT1.dns2=210.245.86.11
n.FPT1.gw_addr=210.245.0.45
n.FPT1.interface_depend_on=1
n.FPT1.ip_addr=58.187.xx.xx
n.FPT1.mask=255.255.255.255
n.FPT1.mask_len=32
n.FPT1.network_addr=58.187.xx.xx/32
n.FPT1.route_list=FPT1;FPT1,dns
n.FPT1.up=1203133596
n.FPT1.up_wanted=1203133596
r.FPT1,dns.network_name=FPT1
r.FPT1,dns.to=210.245.0.11
r.FPT1,dns.up=1203133596
r.FPT1,dns.via=210.245.0.45
r.FPT1.network_name=FPT1
r.FPT1.up=1203133596
r.FPT1.up_wanted=1203133596
r.FPT1.via=210.245.0.45
After reading the brief overview of my software, please give me your opinions: 
1. What is the quality of idea (1 star to 5 star)
2. What is the quality of the source code (1 to 5)
3. Your other comments
I also attach the source code in this email so you can review it if interested. It's not yet approved to release under an open source license, but it's available for education/research/review usage. 

Best regards,
Nam
PS: I have sent an email to this mailing list but it doesn't appear, perhaps because of the attachment, so I post the links instead 
http://routeskeeper.com/namnd/generalgateway/generalgateway_2.1.2_i386.deb
http://routeskeeper.com/namnd/generalgateway/generalgateway_2.1.2.tar.gz
Example of an "/etc/network/config.xml" http://routeskeeper.com/namnd/generalgateway/config.xml
Reply to: