Networking improvements for Quantal (IPv6, DNS, Network Manager)
Catch all session (should be scheduled in a big slot if possible) for networking in Quantal.
Discussing with Mathieu Trudel, we don't think there's enough to discuss this time around to warrant the usual 2-3 networking related sessions. If we're wrong, then we'll schedule another one.
Blueprint information
- Status:
- Started
- Approver:
- Steve Langasek
- Priority:
- Medium
- Drafter:
- Stéphane Graber
- Direction:
- Approved
- Assignee:
- Stéphane Graber
- Definition:
- Approved
- Series goal:
- Accepted for quantal
- Implementation:
- Started
- Milestone target:
- ubuntu-12.10-beta-1
- Started by
- Kate Stewart
- Completed by
Related branches
Related bugs
Bug #936714: IPv6 DNS search list (DNSSL) isn't passed to userspace by the kernel | Fix Released |
Whiteboard
Pad: http://
Session notes:
Current list of things to discuss (feel free to append items):
- IPv6
+ Bug to fix: https:/
+ Support for PPP (PPPoE and 3G)
- Orange Poland is very interested in this; see how we can help (should be simple, really)
+ Support for VPNs (pptp openconnect, openvpn 2.4 if released by then)
+ Support for tunnel creation in Network Manager (if considered useful?)
+ Providing IPv6 to VMs and containers
- DNS
+ Improving dnsmasq usage to reduce conflicts with other resolvers and other dnsmasq instances (such as these created by libvirt, lxc, Network Manager, the dnsmasq package itself, ...)
+ DNSSEC support, is there anything we can do to improve it? (dnsmasq is currently proxying it, which works when the upstream DNS server supports DNSSEC)
- netcfg
+ Generate Network Manager configuration from netcfg
- 802.1x (network auth, possibly with TPM)
- TPM support requires a patch in NM, cyphermox will take care of it
- NM command-line use cases
+ Make sure nmcli (or some other command-line tool) can create new configurations
- NM Proxy support
- NM Firewall support
- Opinion on version of isc-dhcp-
mathieu-tl, 2012-07-04:
- Proxy support in NM: postponing; doesn't seem like something I'll get to for quantal; but we'll fix the proxy issues in gnome-settings-
- IPv6 tab for VPN: in progress upstream, we should get that "for free" with the new few uploads of NM / with NM 0.9.6.0 or later.
mathieu-tl, 2012-08-06:
- TPM 802.1x patch postponed: somebody else signed up for the work (and that's not new); as soon as I get the tested/revised patch I'll gladly sponsor it.
mathieu-tl, 2012-08-14:
- Discussed SIT with dcbw shortly on IRC, the best course of action for implementing SIT tunnels in NM (which is a good idea in itself) is to mimick roughly how things are done for VLAN and PPPoE, being something roughly between a device and a VPN. Of course, the closest "template" would be VLAN, since it's less closely tied to hardware devices. We'll basically just need to allow providing a gateway address; and the name of the devices to create.
Work Items
Work items:
[cyphermox] Fix IP/PPP contexts parsing in Network Manager/Modem Manager: POSTPONED
[cyphermox] Add support for multiple contexts (with IPv6) for Network Manager, Modem Manager, and m-b-p-i: POSTPONED
[cyphermox] Add the IPv6 tab for VPN plugins in Network Manager: DONE
[cyphermox] Get the patches to dnsmasq/Network Manager for spawning on and binding to the right interfaces going: DONE
[cyphermox] Speak to Dan about SIT tunnelling support in Network Manager: DONE
[cyphermox] Implement SIT tunnels in NM, based on the VLAN support already available: POSTPONED
[cyphermox] Fix the 802.1x TPM patch for Network Manager/
[cyphermox] Add a flag to the VPN connections in Network Manager to force all DNS queries to the VPN DNS server instead of only the subnets/domains advertised by the VPN server: POSTPONED
[cyphermox] Add proxy support in Network Manager (new tab, config in connection files, etc.) (pending discussion with upstream): POSTPONED
[stgraber] Generate Network Manager configuration from the installer (netcfg) (alternate is now gone, so this is hardly a priority): POSTPONED
[stgraber] Document how to connect on a dual-stack ppp connection requiring use of multiple contexts (command line) (http://
[stgraber] Check if we can figure out who sends data over a socket:(loopback socket) so we can implement per-user caches (possible with some ugly tricks: http://
[stgraber] Get the existing IPv6 automated testing running daily and make results public (cleaned up in lp:~stgraber/+junk/v6-testing, sent to QA): DONE
Teach the firewalld DBUS API to ufw (or have NM understand ufw): POSTPONED
Package 6to4:(if-up script for ifupdown, checking an environment variable to know if it needs to set it up): POSTPONED
[stgraber] Investigate switching to another local resolver that better supports DNSSEC (unbound): DONE