:: Re: [DNG] simple-netaid-backend deb…
Forside
Slet denne besked
Besvar denne besked
Skribent: Daniel Abrecht
Dato:  
Til: dng
Emne: Re: [DNG] simple-netaid-backend debugged.
On 2019-03-07 19:49, Alessandro Selli wrote:
> Next improvement would be using current commands (ip and iw) in place
> of the obsolete and deprecated ones, i.e. ifconfig and iwconfig:


ifconfig and iwconfig being depracted or obsolete is questionable at
best. They work, get security patches if they need them, provide a
stable interface, and have a stable, parseable output that's known to
not change.

ip and iw on the other hand, well, they aren't suitable to pass
networking information to other programs because they have a less stable
interface. At least with ip, that will get a bit better with the -json
option. But that option isn't in debians version yet.

In addition to this, ifconfig and iwconfig will also work on other unix
systems, such as FreeBSD.

Parsing output in regular programs is more of a hack anyway. Why can't
these tools provide a library for use in regular programs?

There is also the option of using the kernel interfaces directly, but
then the program directly depends on linux.

There really is no good option.


PS: It's not like I don't use ip at all, I do use it's netns feature on
one of my servers to move all it's network interfaces to a different
netns, which I then use for a libvirt container, in which I setup the
routing between the host system, the containers, and the VMs on my
server. There is no reason why ip should do this and not a dedicated
program though.

I think about using network namespaces, and maybe also some filesystem &
user namespaces on my desktop PC too at some point. I could probably
write a pam module to isolate user homes further and put different users
into different network namespaces. That way, I could make sure all
connections of certain users are part of my regular network, and all
connections of another users are always routed over a vpn, a proxy, over
tor, or something similar. But I won't be able to use ip for that. And I
won't get to that any time soon, there is just so much stuff to do. But
linux namespaces are really awesome, I use them all the time, and not
just for containers.