netprofile 0.20: the empire strikes back
After the last-year msec rewrite for Mandriva 2009.1, my goal was to do something similar with netprofile, yet another Mandriva-specific tool, with lots of unique functionalities, but.. abandoned for about 4 years.
What is netprofile? The idea of this application is quite simple. For different network environments one requires different network settings. For example, you may use a fixed IP at home, with firewall disabled, and no proxy. At work, you must use a corporate proxy and a DHCP address for your ethernet connection. And while at a LAN house or Internet cafe, a full-featured firewall must be used, your ethernet connection disabled and a tor proxy (for example) to be in effect.
How to achieve this in a working system? Usually you must manually reconfigure the network settings, edit configuration files for network, firewall and proxy, and so on. And this is where netprofile comes into action.
The netprofile uses the concept of network profiles to represent different network environments. You start with the ‘default’ profile, and you may use your system normally. If you want to setup a different network environment, you may ’switch’ to a different profile (a new profile will be created if necessary). Your current settings will be saved to your previous profile, and all changes to system configuration will now apply to your new profile.
To illustrate:
- You configure your system to use fixed IP address and a specific firewall configuration.
- You go to work, where different network environment takes place. You switch to the work profile (‘netprofile switch work’, or using net_applet gui), and if it is the first time you use this profile, it is created with base on your current settings.
- You configure your network card to use DHCP, configure your corporate-specific proxy and firewall settings, and continue using your machine normally.
- When you come back home, you switch the profile back to default, and your previous settings are restored.
You may also specify what network profile to use on boot, by passing the ‘PROFILE=
The new netprofile is based on modular architecture. While we have a core application (netprofile), all functionality is performed by modules. Right now we have the following modules:
- network – to store/restore network settings: ethernet, ppp, isdn, wireless and other connection settings.
- firewall – to manage firewall (iptables and shorewall) settings
- firewall6 – to manage firewall settings for IPv6 networks
- proxy – to manage system-wide proxies.
Also, I am thinking on the following modules:
- netfs – to manage remote shares and network file systems. For example, at work you may access a centralized NFS server, and at home a SMBFS/CIFS connection to your home server.
- authentication – you may use local users at home, and ldap/yp authentication at work. Transparently. With one mouse click/command to switch between them
.
The inevitable question: why do we need it if we have NetworkManager and similar apps? Well, I have a few arguments:
- NetworkManager is great, has a modular design, and also supports network profiles. However, it is focused on network settings only, and not on proxy, firewall, authentication, and so on.
- NetworkManager is also based on a pluggable architecture. However, it is not that easy to write plugins for it.
- Not all distributions support NetworkManager. Netprofile, on its turn, will work on any unix system (or, even better, on anything that support running shell scripts. Yes, you can use it on windows too, with a few hacks ). Of course, it works better on Mandriva because it has drakxtools – Mandriva-specific scripts and applications. And we have draknetprofile as part of drakxtools, which works as shown on the following screenshot:
draknetprofile application to control netprofile profiles in Mandriva Linux
That’s it for now. If you want to experiment with netprofile, feel free to download it and play with it. It should be available on next Mandriva Linux 2010.0 release together with many other exciting new features !
Eugeni, it’s awesome to see you taking up those tools (msec and now netprofile) ! Many thanks ! Making them modular is clearly the way to go, so it’s a very good design.
Maybe your next tool will be drakloop 2.0 ?
It was a very useful tool to build a cryptoloop-encrypted container. But cryptoloop kernel module is now known to be vulnerable to several attacks and it has been deprecated in the linux kernel, so the userspace tool becomes obsolete too. A new luks-based tool would be very nice.
Just one more thing about netprofile : it would be nice to also auto-detect the profile to use. It should also be modular in my opinion : you should create a bunch of “detectors” which are nothing more than scripts able to tell if you’re at home, at work, at your friend’s, etc… and netprofile will take the result of those various detectors into account to decide which profile should be applied. For instance, here, at work and at home, the gateway has a different MAC address : it’s probably rather good “detector”. It has already been suggested in the Mandriva idea box, IIRC.
My next victim should be drakfirewall+drakgw
. I want to improve drakfirewall for it to support port forwarding, internet connection sharing setup, bandwidth limitation and mac-based authentication in a simple way. But I added drakloop into my todo list. Thanks!
eugeny for president! : P
thanks for this great work, i’m looking forward to see your next victim : )
Bye, Marcello
I’m really looking forward to see effects of your work.
Great idea! Great work!
Hi,
Is there any documentation about modules (files) format?
Found FILES, SERVICES and function restore (are these function called on switch netprofil)
THX Regards
Basically, all the documentation is in the /usr/share/doc/netprofile/README file.
The best way to see how it works is by taking a look into a /etc/netprofile/modules/ files. The FILES variable specifies file patterns that should be saved when switching profile; SERVICES specify the services that must be restarted. The ‘restore’ function is called after a new profile is activated, and the ’save’ function is called before a profile contents is saved.
In other word, if you define all those functions and variables, that’s what will happen when you switch from profile ‘a’ to profile ‘b’: the ’save’ function will be called for all modules, then all the files matching FILES variable will be saved into /etc/netprofile/profiles/a/, then all service matching SERVICES pattern will be restarted. After that, the profile ‘b’ will be activated: again, for each module, the files matching FILES variable will be removed from the system (if the module was activated before) and the ones stored inside /etc/netprofile/profiles/b/ / will be placed instead, the services will be restarted, and then the ‘restore’ function will be called.
I’ll clarify this in the README file for the next release, but if you have any questions, do not hesitate to ask!