Difference between revisions of "Funtoo Linux Networking"

Revision as of 03:58, 28 November 2011 (edit) Drobbins (Talk) (→‎General Variables) ← Older edit		Revision as of 03:59, 28 November 2011 (edit) (undo) Drobbins (Talk) (→‎OpenResolv and resolv.conf) Newer edit →
Line 122:		Line 122:
	=== OpenResolv and resolv.conf ===		=== OpenResolv and resolv.conf ===
−	OpenResolv will be used to set DNS information provided by the <tt>nameservers</tt> and <tt>domain</tt> variables when the <tt>netif.eth0</tt> is brought up. The OpenResolv framework will add entries to <tt>/etc/resolv.conf</tt>, and will also handle removing these entries when the interface is brought down. This way, <tt>/etc/resolv.conf</tt> should always contain current information and should not need to be manually edited by the system administrator. <tt>dhcpcd</tt> will use OpenResolv for updating system DNS information as well.	+	OpenResolv will be used to set DNS information provided by the <tt>nameservers</tt>, <tt>domain</tt> and <tt>search</tt> variables when an interface is brought up. The OpenResolv framework will add entries to <tt>/etc/resolv.conf</tt>, and will also handle removing these entries when the interface is brought down. This way, <tt>/etc/resolv.conf</tt> should always contain current information and should not need to be manually edited by the system administrator. <tt>dhcpcd</tt> will use OpenResolv for updating system DNS information as well.
	=== Network-Dependent Services ===		=== Network-Dependent Services ===

---

Revision as of 03:59, 28 November 2011

This document explains how to configure your network settings by explaining the network configuration functionality available in Funtoo Linux. Also covered is dhcpcd 5.x, Wi-Fi (IEEE 802.11) configuration, and the OpenResolv framework.

BSD 2-Clause Funtoo License This work is free software. Source code is available. Copyright 2009-2011 Funtoo Technologies. You can redistribute and/or modify it under the terms of the 2-clause BSD license. Alternatively you may (at your option) use any other license that has been publicly approved for use with this program by Funtoo Technologies (or its successors, if any.)

Contents 1 Introduction 2 A Gentle Introduction to Funtoo Network Configuration 2.1 The Easy (Dynamic) Way 2.2 The Modular Way 2.3 Configuration Variables 2.3.1 Interface Variables 2.3.1.1 Broadcast Address 2.3.1.2 Not Specifying An Address 2.3.1.3 Viewing All Configured IP Addresses 2.4 General Variables 2.4.1 VLAN Variables 2.5 OpenResolv and resolv.conf 2.6 Network-Dependent Services 2.7 Multiple Network Configurations 2.8 Alternate Configs 2.9 Interface Renaming 2.10 Basic VLAN Configuration 2.11 Custom VLAN Names 2.12 Basic Bridge Configuration 2.13 More Complex Network Configuration 2.13.1 netif_create 2.13.2 netif_depend 2.13.3 netif_pre_up 2.13.4 netif_post_up 2.13.5 netif_pre_down 2.13.6 netif_post_down 2.13.7 netif_destroy 2.13.8 How It Works 3 Wireless Configuration 3.1 802.11 Passphrases 3.2 Wireless Firmware 4 Other Network Configurations

Introduction

Funtoo Linux has its own core network configuration system that differs somewhat from upstream network configuration systems used in Gentoo Linux and OpenRC.

In this document, I will explain the unique additions and changes to the Funtoo network configuration and show you how to use this system to configure your network.

I'll also explain how to use dhcpcd 5.x for managing network interfaces on DHCP-based networks, and will also cover OpenRC stacked runlevel configuration, Wi-Fi (IEEE 802.11) configuration, and the OpenResolv framework, which is enabled in Funtoo Linux by default.

A Gentle Introduction to Funtoo Network Configuration

Before I get into the technical details of configuring your network, it's important to understand that Funtoo Linux has a number of different options available to you for network configuration, with more likely to be added in the future. Each approach is different and has its own strengths and weaknesses, and this is, in my opinion, a good thing.

The Easy (Dynamic) Way

When configuring your network, one option is to skip traditional network configuration and simply rely on DHCP. This is by far the simplest method of configuring your network. If you are on a wired network, no other steps are typically required beyond enabling a DHCP client, and Funtoo Linux includes dhcpcd 5.x by default. To enable DHCP at system startup, you would add dhcpcd to your default runlevel as follows:

# rc-update add dhcpcd default

To enable DHCP immediately, you would follow the previous command with an rc command, which would start the dhcpcd client you just added:

# rc

If you're on a wired network and have the necessary drivers in your kernel, then this should get you going. For wireless networks, more steps are required which will be covered later in this document.

For now, it's important to note that dhcpcd 5.x will manage all available network interfaces by default. If you want to run a DHCP client on all but one interface, you can add the appropriate denyinterfaces option to /etc/dhcpcd.conf:

# manage all interfaces but eth0 with dhcpcd
denyinterfaces eth0

You can also use the Funtoo Linux networking scripts to start a DHCP client just on a specific interface. This functionality requires openrc-0.8.3-r2 or later. To do this, don't enable /etc/init.d/dhcpcd directly. Instead, use the Funtoo Linux dhcpcd template to start it on only one interface:

# cd /etc/init.d
# ln -s netif.tmpl netif.eth0
# rc-update add netif.eth0 default
# echo template=dhcpcd > /etc/conf.d/netif.eth0
# rc (to start)

This uses the Funtoo Linux template-based network scripts to enable a DHCP client only on eth0. This is a very good method for using a DHCP client on a multi-homed system where one network uses dynamic configuration and the other uses static configuration.

The Modular Way

Funtoo Linux offers its own modular, template-based network configuration system. This system offers a lot of flexibility for configuring network interfaces, essentially serving as a "network interface construction kit." This system can be used by itself, or even combined with dhcpcd, as shown in the previous section.

Here are the key components of the template-based network configuration system:

1. /etc/init.d/netif.lo -- An init script that configures the localhost interface.

2. /etc/netif.d -- This is a directory that contains various network configuration templates. Each of these templates is focused on configuring a particular type of network interface, such as a general static IP-based interface, a bridge interface, a bond interface, etc.

3. /etc/init.d/netif.tmpl -- This is the master init script for the template-based network configuration system. New interfaces are added to your system by creating symbolic links to this file in /etc/init.d.

So, if you wanted to use this system to configure eth0 with a static IP address, you would create a netif.eth0 symlink to netif.tmpl as follows:

# cd /etc/init.d
# ln -s netif.tmpl netif.eth0

Then, you would create an /etc/conf.d/netif.eth0 configuration file that would specify which template to use from the /etc/netif.d directory:

template="interface"
ipaddr="10.0.1.200/24"
gateway="10.0.1.1"
nameservers="10.0.1.1 10.0.1.2"
domain="funtoo.org"

To complete our static IP network configuration we would need to:

# rc-update add netif.eth0 default

When configuring your own static network interface, one of ipaddr or ipaddrs is required and should specify the IP address(es) to configure for this interface, in "a.b.c.d/netmask" format. Optional parameters include gateway, which defines a default gateway for your entire network, and if set should specify the gateway's IP address. In addition, domain and nameservers (space-separated if more than one) can be used to specify DNS information for this interface.

Configuration Variables

Interface Variables

The ipaddr and ipaddrs variables are supported by the interface and bridge templates, and are used to specify a single or multiple IPv4 or IPv6 address(es) for the interface. IP addresses should be specified in 'IP/netmask' format, such as 10.0.0.1/24. Multiple IP addresses can be specified delimited by whitespace:</p>

ipaddrs="10.0.0.1/24 10.0.0.2/24"

Broadcast Address

By default, a broadcast address will be calculated based on the IP address and network mask. If you need to manually specify a broadcast address, use the following format for your IP address:

ipaddrs="10.0.0.1/24;broadcast=1.0.1.255 10.0.0.2/24"

Not Specifying An Address

Note that in some cases, you may choose to not specify ipaddr or ipaddrs for a bridge template. That is allowed. If you don't want to specify an IP address for a regular interface, you can choose to use the interface template without an IP address specified in the config, or use the interface-noip template instead, for the sake of clarity.

Viewing All Configured IP Addresses

Also note that if you specify multiple IPv4 addresses, ifconfig will only show the first IP address. To view all IP addresses associated with the interface, use the ip addr show command.

General Variables

The following variables are enabled by default for all network scripts, and if specified will trigger a corresponding configuration action:

• nameservers: Set DNS nameservers using OpenResolv. Specify multiple IPv4 or IPv6 nameservers like this: "1.2.3.4 1.2.3.5 1.2.3.6"
• search: Set DNS search information using OpenResolv.
• domain: Set DNS domain using OpenResolv.
• gateway: Define a default IPv4 gateway on this interface.
• gateway6: Define a default IPv6 gateway on this interface.
• route: Specify a semi-colon delimited list of IPv4 routes to apply when this interface is brought up. Will be appended to ip -4 route add.
• route6: Specify a semi-colon delimited list of IPv6 routes to apply when this interface is brought up. Will be appended to ip -6 route add.
• mtu: Set Maximum Transmit Unit for the interface
• slaves: Set slave interfaces of this interface (for bridges, etc.) All slaves will automatically be depended upon, and will also automatically have their mtu set to that of the current interface, if an mtu is specified for the current interface. This setting is required for the bond template and optional for the bridge template.

VLAN Variables

VLAN support is enabled by default for all network configuration scripts. If a network script has a name in the format netif.ethX.Y, then it is assumed to be a VLAN interface referencing trunk ethX and VLAN ID Y. If you desire a custom name for your VLAN interface, you can name your interface whatever you'd like and specify the following variables in your interface config:

• trunk: VLAN trunk interface, e.g. "eth0"
• vlan: VLAN id, e.g. "32"

OpenResolv and resolv.conf

OpenResolv will be used to set DNS information provided by the nameservers, domain and search variables when an interface is brought up. The OpenResolv framework will add entries to /etc/resolv.conf, and will also handle removing these entries when the interface is brought down. This way, /etc/resolv.conf should always contain current information and should not need to be manually edited by the system administrator. dhcpcd will use OpenResolv for updating system DNS information as well.

Network-Dependent Services

One important difference between Gentoo Linux and Funtoo Linux is that, in Funtoo Linux, network-dependent services only strictly depend on netif.lo. This means that if another network service requires an interface to be up, such as samba requiring eth0, then the system administrator must specify this relationship by adding the following line to /etc/conf.d/samba:

rc_need="netif.eth0"

This will have the effect of ensuring that netif.eth0 is started prior to samba and that samba is stopped prior to stopping netif.eth0.

Many network services, especially those that listen on all network intefaces, don't need an rc_need line in order to function properly. Avoiding the use of rc_need when required will optimize boot times and allow more network services to remain available when network interfaces are brought up and down by the system administrator.

Multiple Network Configurations

For information on how to have multiple, independent network configurations, please see Stacked Runlevels.

Alternate Configs

If you need to run the same service with different configuration parameters depending upon runlevel, then you'll be happy to know that you can specify runlevel-specific conf.d files by appending a . <runlevel> suffix. In this particular example, we could imagine a situation where we had two child runlevels named home and work:

/etc/conf.d/netif.eth0.home
/etc/conf.d/netif.eth0.work

Note that this feature works for all init scripts, not just network configuration scripts.

Interface Renaming

Funtoo network scripts now support interface renaming, so you can create an interface called lan if you would like. To so this, simply specify the MAC address of the interface you would like to rename using the macaddr variable:

macaddr="00:15:17:19:b6:a3"

If this MAC address is part of the netif.lan configuration file, then when this interface starts, whatever interface currently has the MAC address of 00:15:17:19:b6:a3 (i.e. eth5) will be renamed to lan prior to the interface being brought up, and will show up in ifconfig and ip commands as being an interface named lan.

Basic VLAN Configuration

The standard interface template supports VLANs. To use VLAN support, first ensure that your kernel was compiled with VLAN support (the module name is 8021q) :

# grep CONFIG_VLAN /usr/src/linux/.config
CONFIG_VLAN_8021Q=m
CONFIG_VLAN_8021Q_GVRP=y

Then, configure the trunk interface using the interface-noip template. Assuming eth1 is trunked, you would create the file /etc/conf.d/netif.eth1 with the following contents:

template="interface-noip"

Then, create a network interface symlink for the trunk and add it to your default runlevel:

# cd /etc/init.d
# ln -s netif.tmpl netif.eth1
# rc-update add netif.eth1 default

Now, assuming you wanted to configure a VLAN of 32, you would create a config file named /etc/conf.d/netif.eth1.32 that looks something like this:

template="interface"
ipaddr="1.2.3.4/24"
gateway="1.2.3.1"# etc...

Then, create a VLAN network interface symlink and add it to your default runlevel:

# cd /etc/init.d
# ln -s netif.tmpl netif.eth1.32
# rc-update add netif.eth1.32 default

The Funtoo network configuration scripts will automatically recognize the filename netif.eth1.32 as being VLAN 32 of trunk interface netif.eth1.

When the VLAN interface is brought up, it will be named eth1.32.

Custom VLAN Names

However, sometimes you may want to turn off automatic file-based VLAN naming and give your VLAN interface a custom name, such as mgmt. To do this, you would set up the trunk interface in the exact same way as described above, but instead of creating a netif.eth1.32 interface, you would create a netif.mgmt interface, and specify vlan and trunk in the /etc/conf.d/netif.mgmt config file, as follows:

template="interface"
vlan="32"
trunk="eth1"
ipaddr="1.2.3.4/24"
gateway="1.2.3.1"
# etc...

When you specify trunk and vlan in the interface config file, filename-based auto-detecting of VLAN ID and trunk is disabled. Both trunk and vlan must be specified -- you can't specify just one.

Then you would simply create a VLAN network interface symlink for netif.mgmt:

# cd /etc/init.d
# ln -s netif.tmpl netif.mgmt
# rc-update add netif.mgmt default

When the VLAN interface is brought up, it will be named mgmt.

Basic Bridge Configuration

When hosting virtual machines, it can be convenient to use a bridge setup. This example shows how you would create a bridge (br0) with a simple static ip setup, containing a single slave device (eth0).

First, ensure that your kernel is configured to support bridging (the module name is bridge) :

$ grep CONFIG_BRIDGE /usr/src/linux/.config
CONFIG_BRIDGE=m
CONFIG_BRIDGE_IGMP_SNOOPING=y

Then, create the necessary symlinks for the interfaces and add them to your default runlevel :

# cd /etc/init.d/
# ln -s netif.tmpl netif.eth0
# ln -s netif.tmpl netif.br0
# rc-update add netif.br0 default

Then, configure the slave interface /etc/conf.d/netif.eth0 :

template="interface-noip"

... and the bridge interface /etc/conf.d/netif.br0 :

template="bridge"
ipaddr="10.0.1.200/24"
gateway="10.0.1.1"
nameservers="10.0.1.1 10.0.1.2"
domain="funtoo.org"
slaves="netif.eth0"

If you are using dhcpcd, you should ensure that it does not attempt to configure eth0 or br0 by adding the following to /etc/dhcpcd.conf :

# don't attempt to pull an ip address for br0 or its slave device
denyinterfaces eth0 br0

More Complex Network Configuration

If the standard templates don't work for your needs, simply create a new template -- I recommend starting from the interface template for most things:

# cd /etc/netif.d
# cp interface custom

You can now call whatever commands you need to /etc/netif.d/custom. The following shell functions can be defined in a network script:

netif_create

In netif_create, you should call any commands to create the interface if it does not yet exist.

netif_depend

In netif_depend, you can define dependencies, using the functions need and use.

netif_pre_up

In netif_pre_up, you can define network configuration actions to perform prior to bringing the interface up. You can also ensure certain variables are specified by calling require var1 [var2...] here.

netif_post_up

In netif_post_up, you can define network configuration actions to perform after bringing the interface up.

netif_pre_down

In netif_pre_down, you can define network configuration actions to perform prior to bringing the interface down.

netif_post_down

In netif_post_down, you can define network configuration actions to perform after bringing the interface down.

netif_destroy

In netif_destroy, you can call any commands necessary to destroy/delete the interface if it is dynamic in nature (tun/tap, etc.)

How It Works

You do not specify a function for actually bringing up the interface, because the template-based system does this for you. The template-based system also performs all normal actions required to bring an interface down, so you only need to specify atypical actions that must be performed - such as removing child interfaces or destroying a bridge using brctl.

When you create your own network configuration template, the following capabilities are available for use automatically, as long as the appropriate variables are set in the /etc/conf.d/netif.<ifname> file,, without requiring any explicit steps on your part:

• DNS configuration using domain and nameservers config settings. OpenResolv is used automatically.
• VLAN configuration using auto-naming (netif.ethX.Y) or via custom naming with trunk and vlan config settings.
• Default IPv4 gateway and route configuration using the gateway and route settings.
• Default IPv6 gateway and route configuration using the gateway6 and route6 settings.
• MTU configuration using the mtu setting.
• Auto-depend (and auto-MTU configuration) of slave interfaces specified using slaves setting.
• Renaming of existing network interface (specify MAC address using macaddr setting).

To take advantage of this functionality, simply enable the appropriate variables.

All other necessary network configuration and dependency behavior should be defined using the netif_-prefix functions described above.

Wireless Configuration

Wireless network configuration requires additional steps to the ones outlined above.

For wireless networks, you will need to enable wireless extensions in your kernel, the appropriate wireless modules, and emerge wireless-tools:

# emerge wireless-tools

I also recommend you emerge wpa_supplicant. wpa_supplicant implements modern WPA/WPA2 wireless link-layer encryption, which is necessary for connecting to most modern password-protected wireless networks. After emerging, add to your default runlevel as follows:

# emerge wpa_supplicant

# rc-update add wpa_supplicant default

802.11 Passphrases

The only remaining step is to use the wpa_passphrase utility to store hashed keys (passwords) that wpa_supplicant can use to connect to your favorite wireless networks. This is done as follows:

# wpa_passphrase jims-netgear >> /etc/wpa_supplicant/wpa_supplicant.conf
<enter your passphrase>

Now, when wpa_supplicant encounters an SSID of jims-netgear, it will use the password you entered to authenticate with this access point.

At this point, ensure that dhcpcd has been enabled in your current runlevel and type rc to start everything up. wpa_supplicant should be able to automatically associate with SSIDs in its config file, at which point dhcpcd will take over and acquire an IP address from a DHCP server. This should all happen seamlessly. Use the iwconfig command to see if you have successfully associated with an access point.

Wireless Firmware

Many wireless adapters will now have everything they need to work. However, if you have an Intel wireless adapter, then you may need to install the proper microcode for your device in addition to ensuring that the proper Intel Wireless kernel drivers are available. For my Intel Corporation PRO/Wireless AGN [Shiloh] Network Connection, I need to do the following:

# emerge net-wireless/iwl5000-ucode

udev (running by default) and the Linux kernel firmware loader support (CONFIG_FW_LOADER) will automatically load the microcode when needed.

The version of microcode you need will depend on the kernel you are using. For my RHEL5-based kernel, I had emerge an older version of the microcode to match what my kernel wireless driver was expecting by typing:

# emerge =net-wireless/iwl5000-ucode-5.4.0.11

This installed this file iwlwifi-5000-1.ucode which was required by my RHEL5-based kernel. Just typing emerge net-wireless-iwl5000-ucode installed iwlwifi-500-2.ucode, which my kernel could not use. Before I had the right version of the microcode, I saw an error like this when I viewed the kernel messages by typing dmesg:

iwl5000: iwlwifi-5000-1.ucode firmware file req failed: Reason -2

This error message generally means "I can't find this file iwlwifi-5000-1.ucode that I'm looking for in /lib/firmware." With the proper firmware in place, then the wireless driver will be happy and wpa-supplicant can then bring the wireless interface up.

Other Network Configurations

If you have a network configuration template that might be useful to others, please post it to the funtoo-dev mailing list so we can review it and possibly incorporate it into Funtoo.