Beeing able to disable e.g. “ppp” or “wireless” support in the code would be very helpful and help to pass security audit. This would require some refactoring to have all e.g. ppp code in one place...
Support all sorts of trigger scripts when interfaces are brought up and down. execute scripts from ifup.d and ifdown.d execute {ifup,ifdown}-connections
try to request (renew) iBFT provided address in iBFT-dhcp mode (but do newer remove it from the interface, even the dhcp server suggests other IP; add additionally instead) to not break iSCSI[, ...] devices.
Autoipv6 Support [in the kernel + daemon directly]
Kernel netlink events are received in the daemon
Currently “autoip” code feels responsible for IP addresses which were provided by dhcpv6 and causes some confusion/conflicts/error messages [DHCPv4/v6 does not write leases].
RDNSS support (nameservers via autoconf): receiving it from kernel is implemented, but currently never used (not written to resolv.conf)
Discover how to deal with it / interview Olaf about ;-) I've looked at it, but have not much idea about / never really tried to effectively use it until now.
Required to support multiple wlan networks per interface and ifplugd sets?
Currently no ifndp-proxy(5) support in the converter at all [virtualization@ISP != bridged(eth0), “routed” VM IP from same network as the IP assigned to eth0 interface]
Handle more global dhcp options? I don't see the need now except of SET_HOSTNAME (IMO crap). Currently parsed DHCLIENT_* options are:
HOSTNAME_OPTION, CLIENT_ID, VENDOR_CLASS_ID, WAIT_AT_BOOT, LEASE_TIME.
Integrate SuSEfirewall2 as firewall extension script
Currently there is an empty wicked extension script called with “up” and “down” similar as in ifup case [which has also “lock/unlock” batch stuff to save some CPU).
just call SuSEfirewall2 from the extension hook.
There are also another things in the schema, but seems to be “how we could make more” examples only.
Cleanup/Remove the additional examples from firewall schema for now
Fix to use reetrant function variants. Most other code (yast2, libvirt, …) are threaded; the use of some functions or own nonreetrant helper-functions (like ni_sockaddr_print) breaks the use of libwicked to implement e.g. libvirt driver or the use in yast2.
It is an initial implementation, not all features complete & enabled yet: currently requesting (and delivering back to wickedd) only non-temporary address and a very minimalistic set of options. Add/enable some important, DHCPv6 specific options and deliver to wicked. The dhcp client <-> server exchange is implemented in most cases, but then data gets discarded.
Code reading the netlink info from kernel is already there, but I've not finished it / events data is not processed at the moment: Finish “auto” mode to follow router-advertisment [network admin suggestion] and “info-only” mode [just options, no address needed for tahi?].
sysctl: Implemented are: disable_ipv6, autoconf, forwarding, accept_redirects, use_tempaddr. Support more: for IPv6, there are more useful to e.g. to catch corner cases, e.g.: accept_ra, proxy-ndp, ...
From TODO file:
ethtool: Most are implemented (offload gso,gro,ufo,tso, …), but not all. Verify: Some (e.g. lro with netxen NIC) can be set after link is up only.
hotplugging: there are some parts/mechanisms, status unknown. as wickedd does not read and execute interface configs itself, I suppose this has to be addressed (ifup supports physical interfaces & bonding slaves).
Netconfig is currently used by all software to update dns/nis config in the system and add ntp servers to ntpd, that is by ifup(ibft,dhcp,ppp), NetworkManager, openvpn, … avahi [at least if configured].
All the variables, especially NETCONFIG_DNS_* and NETCONFIG_*_POLICY are used by yast2 and all sort of modules like yast2-network, yast2-{nis,dhcp,dns} which rely on them / the settings netconfig is applying [e.g. resolv + bind forwarders].
Netconfig(8) supports applying of static/static-asfallback and dynamic nis,ntp,dns settings it receives from dhcp/ppp/NM/avahi/VPN software and applying them to system configuration files (/etc/yp.conf, nisdomain, ntpd at runtime) according t destinations as /etc/resolv.conf and/or dnsmasq/bind [forwarder] and provides provides “priority” / “ranking” support , so e.g. nameserver provided by VPN are written to the front of resolv.conf list, before the settings provided by DHCP [same interface as VPN] and when enabled, also from avahi, but as fallback only.
Support for IBFT / ISCSI, FcoE, NFS, ...
- Reading/using iBFT firmware as config is incomplete. fw parsing is implemented (shell/extension script) and contains config generation from firmware already, but is incomplete and IMO never tested; no support for e.g. iBFT dns servers yet.
- Some mechanisms for “nfsroot” are there, IMO untested/incomplete
- Provide solution for remote-device shutdown order problem:
There is an shutdown order problem, especially with remotedevices, which are using e.g. LVM which is used also by local disks as well. Current “ifup solution” is that the ISCSI / FcoE scripts are putting interfaces into “nfsroot” mode “on the fly” until shutdown and overriding any STARTMODE setting in the ifcfg configs. This causes to: start the dhcp clients in “persistent” mode, that is never remove any IP address from interface and reject to set link down.
Bug #657402: fix broadcast vs. unicast: dhcp renew is broadcasted [has to be unicast to server] are dropped on gateways/relays [e.g. isco routers], when the server is behind a router. Further, AFAIR other requests were not correctly addressed, too.
try to request (renew) iBFT provided address in iBFT-dhcp mode, but do newer remove it from the interface, even dhcp server suggests other one as this could break mouted iSCSI volumes.
What about all the “ifup” hooks installed by another software (e.g. samba-client with its MODIFY_SMB_CONF, xen, ...)? I don't think it makes sense to try to call as they are; it would not work because:
sysconfig scripts/funcions are not available/installed,
different dhcp client in use, … ifup state is not available
perhaps they're not needed at all, e.g. samba-client hook needs to be adopted, xen too.
Wicked implements matching by other references than name, AFAIR by mac and by pci bus id currently [as alternative to udev rules]. How complete is the current “match” implementation [e.g. s390 specific things]?