Skip to content

systemd-networkd: Generated network configuration breaks resolved DBus API #18962

New issue
New issue
Closed
Closed
systemd-networkd: Generated network configuration breaks resolved DBus API#18962
Labels
6.topic: nixosIssues or PRs affecting NixOS modules, or package usability issues specific to NixOS
Milestone
19.09
@tadfisher

Description

@tadfisher
tadfisher
opened on Sep 25, 2016

Issue description

network-interfaces-systemd.nix generates /etc/systemd/network/99-main.network which matches all network interfaces, in order to enforce the networking.useDHCP option. This has the effect of forcing all network interfaces to be "managed" by systemd-networkd.

Upstream does not allow managed interfaces to be configured via the org.freedesktop.resolve1 DBus API, as the following transcript demonstrates:

$ busctl call org.freedesktop.resolve1 \
> /org/freedesktop/resolve1 org.freedesktop.resolve1.Manager \
> SetLinkDNS 'ia(iay)' 3 2 2 4 209 222 18 222 2 4 209 222 18 218
Link tun0 is managed.

$ dbus-send --print-reply --system --type=method_call --dest=org.freedesktop.resolve1 /org/freedesktop/resolve1/li
nk/_33 org.freedesktop.DBus.Properties.GetAll string:''
method return time=1474790774.718633 sender=:1.0 -> destination=:1.5 serial=6 reply_serial=2
   array [
      dict entry(
         string "ScopesMask"
         variant             uint64 0
      )
      dict entry(
         string "DNS"
         variant             array [
            ]
      )
# -- snip --

$ cat /run/systemd/netif/links/3
# This is private data. Do not parse.
ADMIN_STATE=configured
OPER_STATE=routable
NETWORK_FILE=/nix/store/dcn980w7p3vwg0jyhfvkbaczdl6kcf2i-network-units/99-main.network
DNS=
NTP=
DOMAINS=
ROUTE_DOMAINS=
LLMNR=yes
MDNS=no
ADDRESSES=
ROUTES=

$ cat /etc/systemd/network/99-main.network
[Match]

[Network]
DHCP=none

Note that the primary motivation for using the resolved DBus API is to manage per-interface DNS, which I do not believe is possible via openresolv. Invoking this API is a clean way to prevent DNS leaks over tun0 when connecting to an OpenVPN server, for example. In this example, tun0 is not configured via networking.interfaces."tun0" and an explicitly-matching .network configuration does not exist.

I've been able to work around this problem with the following in configuration.nix:

# Prevent networkd from managing unconfigured links.                                                    
systemd.network.networks."99-main".enable = false;

A solution that seems reasonable to me would be to treat networking.useDHCP = null; differently from true or false, and refrain from generating a default .network configuration which matches all interfaces. However, this changes the semantics of that option when networking.useNetworkd is enabled.

Steps to reproduce

This can be demonstrated with the following configuration:

networking.useNetworkd = true;
services.resolved.enable = true;

Then using busctl as shown above to attempt setting per-interface DNS or DOMAIN options on any interface which is not configured via networking.interfaces.<name>.

Technical details

  • System: 16.09beta430.c4469ed (Flounder)
  • Nix version: nix-env (Nix) 1.11.4
  • Nixpkgs version: "16.09beta430.c4469ed"

Metadata

Metadata

Assignees

No one assigned

    Labels

    6.topic: nixosIssues or PRs affecting NixOS modules, or package usability issues specific to NixOS

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions