dhcpcd icon indicating copy to clipboard operation
dhcpcd copied to clipboard
verified publisher icon NetworkConfiguration

implement support for udev ID_NET_MANAGED_BY

Open perkelix opened this issue 5 months ago • 4 comments

networkd and network-manager both implement the variable described in this systemd RFC as an attempt to prevent networking daemons trying to configure the same interfaces. While it's not a panacea (as Lennart Pottering points out on the RFC, someone stupid could set the variable to define 2 network configuration tools for the same interface), it's as good an attempt at idiot-proofing a system as currently available, short of explicitly making packages conflict with each other.

perkelix avatar Jul 20 '25 12:07 perkelix

someone stupid could set the variable to define 2 network configuration tools for the same interface

Why would that be stupid? IPsec runs on top of existing network interfaces without the need to create new ones. And that's just one thing I pulled out.

Anyway, that to one side I'm not really sold on this idea. If an admin wants to run more than one network configuration tool then they should be allowed to. The real battle isn't per interface it's much bigger than that - where the prefix route goes to, what the default route should be, etc etc.

rsmarples avatar Jul 20 '25 13:07 rsmarples

Because it would lead to several network configuration tools competing for control over the same interfaces.

Anyhow, whether you decide to implement support or not is up to you. The link to the RFC (which also documents networkd and network-manager having both implemented this) should provide enough context to make an informed decision.

perkelix avatar Jul 22 '25 09:07 perkelix

Looking at how this is implemented in NM it seems to me we can think of this as an interoperable and system-wide way to configure denyinterfaces.

The idea seems to be admins can still explicitly ask for interfaces to be managed even if ID_NET_MANAGED_BY doesn't match (unlike our allowinterfaces behaves). I think that takes care of the stacked configuration tool use-case.

It seems useful to me in principle if I could add it on ifup and remove it on ifdown (for statically configured ifaces anyway) but I haven't though whether dynamically setting this would even work.

--Daniel

DanielG avatar Oct 25 '25 10:10 DanielG

I haven't though whether dynamically setting this would even work.

I looked into it and the ID_NET_MANAGED_BY property is stored in udev's private database in (eg) /run/udev/data/n1 (where 1 is the interface-index). In principle this could be modified outside of the usual udev rule processing but it seems a bad idea.

IMO the systemd folks just haven't designed this to be dynamically changed. It seems to me an administrator is supposed to statically configure this in udev rules and then network configuration software should respect but not change it.

--Daniel

DanielG avatar Nov 05 '25 11:11 DanielG