From Mandriva

Why not using NetworkManager for wireless in Mandriva Linux 2006?

NetworkManager is a Gnome tool, initiated by RedHat, that intends to simplify network configuration.

Contents 1 Disclaimer 2 Summary 3 Critics 3.1 Missing features in NetworkManager 3.2 Conflicts with current network configuration system 3.3 Interesting features already implemented in NetworkManager 3.3.1 Wireless network scans 3.3.2 VPN configuration 3.3.3 Passwordless configuration 3.4 Needed features not yet present in NetworkManager 3.5 Admnistration 3.6 Development, conception, costs 3.7 D-Bus to netlink/sockets proxy 3.8 Ideas for Mandriva

Disclaimer

This critic has been written during Mandriva Linux 2006 development, some points may not be relevant anymore.

Summary

While the final result of NetworkManager looks nice, its implementation isn't really suitable for integration in Mandriva. It rewrites in C all the code of our current network scripts (ifup, service network), and isn't really compatible with the current configuration files (ifcfg). NetworkManager could be a complete replacement of the network scripts, but there are some arguments against this. Here's another analysis of current situation.

Critics

Missing features in NetworkManager

NetworkManager is supposed to be able to read network settings from the current system configuration (ifcfg files). But it is really incomplete by now, it supports only basic settings. We would have to add support for advanced settings such as dhcp clients options, metric settings, mii and ethtool options. This involves adding a lot of code in NetworkManager core.

Conflicts with current network configuration system

NetworkManager doesn't cohabit well with the plain old network configuration scripts. It creates its own configuration "space", which can conflict with the system configuration. It can read only some parts of the configuration in ifcfg files, and it isn't able to write these files. Therefore, the tools have to be duplicated for each configuration "space". See this post to have a small glimpse: http://mail.gnome.org/archives/networkmanager-list/2005-July/msg00043.html

Interesting features already implemented in NetworkManager

Wireless network scans

The must-have feature in Mandriva Linux 2006 is wireless network monitoring. The wireless applet from NetworkManager looks really nice:

http://www.gnome.org/projects/NetworkManager/images/wireless-at-tealuxe.png

Wireless network monitoring could be achieved by relying on wpasupplicant_. Unfortunately, it doesn't handle several level of communication permissions for frontends, so an application that is able to read scan results will also be able to modify the configuration. So, a daemon forwarding scan results (run as root) to a userspace application would be required (using D-Bus for example). Such a daemon would take less than 2 Mb of virtual memory.

VPN configuration

Another interesting feature is VPN configuration. We don't have it in Mandriva yet, and it would be nice to handle it. It claims to support NAT travesal and IPSec over UDP. They use vpnc to do that: http://www.unix-ag.uni-kl.de/~massar/vpnc/

NetworkManager is basically just a frontend over vpnc, to provide the good command line arguments. See this screenshot:

http://rlove.org/images/networkmanager-vpn-20050707.png

This point is really a good feature of NetworkManager.

Passwordless configuration

NetworkManager allows modification of wireless settings without the root password. That's a nice feature, but we really need to think how to do that for all the Mandriva tools, not only for network related ones (for example printer configuration).

Needed features not yet present in NetworkManager

NetworkManager doesn't support WPA yet, while we have some pretty basic support in drakconnect. Their development policy seems to be to use libraries to do that. This would involve libifying wpa_supplicant, and adding some backend code in NetworkManager again. A good alternative would be to use a running wpasupplicant_ daemon and its Unix domain sockets to communicate.

Admnistration

NetworkManager isn't easily deployable for now. It stores most of its settings in gconf, which isn't really the best way for an administrator to store system configurations. See some pointers in this thread: http://mail.gnome.org/archives/networkmanager-list/2004-December/msg00036.html . Furthermore, the administrator may have to manage two configuration "spaces" if he wants to use both old configuration system and NetworkManager.

Development, conception, costs

The main point is: is it worth improving NetworkManager to get Mandriva network configuration power or should we implement the NetworkManager features we need in Mandriva tools and daemons?

NetworkManager authors are currently rewriting features that are already implemented by plain old tools (ifup scripts, wpa_supplicant daemon). While I think their approach with VPN configuration is correct (using the external vpnc utility to do the real work), the global one isn't. NetworkManager takes care of wireless scanning, route monitoring, wireless settings application, interface settings application.

It's better to write/use tools dedicated to specific tasks, and have a frontend to configure them and doesn't have to do the dirty work. A daemon that takes care of all the low-level configuration isn't desirable: it makes debugging really hard, it duplicates work done in other tools, and coding new features can't be easily tested indivudally. Most admins find the Unix way a lot better (reusing existing tools instead of building a monolithic application).

It will cost less to write a small monitoring daemon than to use NetworkManager and implement there needed features. Maintenance costs are also to be considered. Sure, NetworkManager is support by RedHat, Fedora and Novell, but they won't do for us the integration with the Mandriva Linux distribution. NetworkManager is now part of the Gnome project.

Though, if some small tools are reused, some parts of them may have to be maintained as well. But if an issue has to be resolved, contribution to existing projects is better than reinventing the wheel.

D-Bus to netlink/sockets proxy

A daemon monitoring wireless events can be written. It can be really simple: open wpasupplicant_ socket, listen on D-Bus, and be a proxy for scan results requests. Communication with wpa_supplicant can be done through a Unix socket, only readable by root by default (_ctrl_interface_group=0_ in /etc/wpa_supplicant.conf)

To see how simple it is, you can have a look at these examples:

• http://code.eikke.com/kevent-dbus/uevent_listen-dbus.c
• http://vrfy.org/projects/kdbusd/kdbusd.c

This daemon could also handle rt_netlink events to alert monitoring applications of route status, this will avoid each one to have to handle the rt_netlink socket by itself. It could be merged with others daemons currently written for next release (MandiDaemon for Interactive Firewall). It can be nice to write a generic daemon to proxy requests from D-Bus to Unix sockets or netlinks, with a plugin system using dlopen().

This is currently implemented in the MandiDaemon, a kind of sockets to D-Bus proxy/bridge.

Ideas for Mandriva

Plans are to keep current network configuration systems for all devices, even wireless. The missing features such as VPN support could be easily added in ifup scripts. Wireless monitoring will be implemented using wpa_supplicant and a small proxy daemon over D-Bus. wpa_supplicant may not work really well with all wireless chipsets currently, but it's being worked at.