You are not logged in.

#1 2013-04-23 16:25:34

Dillweed
Member
From: Washington
Registered: 2007-10-29
Posts: 17

Netctl and mac address spoofing

I was wondering if netctl has the option to set parameters on the nic like PRE_UP in netcfg.  My server has a spoofed mac address and using netcfg I am able to change the mac address before the card is initialized using the PRE_UP parameter in the config file.  Is this possible with netctl?

Dillweed

Offline

#2 2013-04-23 21:36:08

Leonid.I
Member
From: Aethyr
Registered: 2009-03-22
Posts: 947

Re: Netctl and mac address spoofing

Not currently (there is only ExecUpPost). This does seem a bit odd hmm

Although you can create a special systemd unit with "ip link set dev ,,, address xx:xx:..." ordered to start before the corresponding netctl profile.


Arch Linux is more than just GNU/Linux -- it's an adventure

Offline

#3 2013-04-24 15:04:14

Dillweed
Member
From: Washington
Registered: 2007-10-29
Posts: 17

Re: Netctl and mac address spoofing

Yes this is what I saw in the man pages and your suggestion is one I hadn't thought of.  So thank you!

Also, I would of thought that a PRE_UP command or something similar would have been implemented before pushing out.  Does anyone know if this will be put into netctl or where one can request future "features"?

Offline

#4 2013-04-24 15:17:01

Inxsible
Forum Fellow
From: Chicago
Registered: 2008-06-09
Posts: 9,059

Re: Netctl and mac address spoofing

I read a bug report about the same where, a PRE_UP was requested but jouke simply pointed to the fact that you can create a systemd unit to get the same result. So I don't think implementing PRE_UP is high on his todo list.

I tried to look for the link but couldn't find it.


Forum Rules

There's no such thing as a stupid question, but there sure are a lot of inquisitive idiots !

Offline

#5 2013-04-24 17:49:35

Leonid.I
Member
From: Aethyr
Registered: 2009-03-22
Posts: 947

Re: Netctl and mac address spoofing

I have not seen that bugreport (it's not on the flyspray), but still, creating additional systemd units by hand seems a little hackish to me. I'll think what can be done here.

Please note that this unit should not be enabled with "systemctl enable". Instead, I'd modify the unit which starts the netctl profile in question so that it contains

...
Requires=unit_to_spoof_mac.service
After=unit_to_spoof_mac.service
...

This way, unit_to_spoof_mac.service will be started whenever the netctl@<profile>.service unit is started. Also, when the netctl unit is stopped, the MAC address will not return to its original (unspoofed) value.

Alternatively, you could modify netctl@<profile>.service directly and spoof/unspoof MAC via "ExecStartPre=..."/"ExecStopPost=...".

HTH smile

Last edited by Leonid.I (2013-04-24 17:51:03)


Arch Linux is more than just GNU/Linux -- it's an adventure

Offline

#6 2013-04-25 03:54:55

Dillweed
Member
From: Washington
Registered: 2007-10-29
Posts: 17

Re: Netctl and mac address spoofing

thanks again for the tips.

I would think that the ExecStartPre would be the easiest to do and hopefully survive across upgrades.

Offline

#7 2013-04-28 15:54:01

pashkoff
Member
Registered: 2013-04-28
Posts: 3

Re: Netctl and mac address spoofing

Thanks for everyone. I've just got the same problem and this thread was helpful.

I want to point out, that if one needs to spoof mac only for specific network profile, it's possible to do it using configuration file in /etc/systemd/system/netctl@<profile_name>.service.d/

For example, I have netctl profile named "vj", so I've created file

/etc/systemd/system/netctl@vj.service.d/fix-mac.conf

[Service]
ExecStartPre=/sbin/ifconfig wlan0 down
ExecStartPre=/sbin/ifconfig wlan0 hw ether 01:23:45:67:89:ab

Offline

#8 2013-04-30 23:34:20

Xyne
Moderator/TU
Registered: 2008-08-03
Posts: 5,633
Website

Re: Netctl and mac address spoofing

I finally made the switch to netctl today and was completely surprised that they had removed stable features of netcfg. Manually hacking together custom service files and forcing users to fully enable profiles just to get per-profile pre-up and post-down behavior is unreasonable. It is also logically inconsistent given that post-up and pre-down exist.

I have uploaded a patched version that provides support for ExecUpPre and ExecDownPost. Please get it here and test it. If it works as intended then I will likely try to get it included upstream.

For now I have only edited the lib/network file, which seems to work when starting and stopping services manually with netctl. I suspect that hooks are required in lib/auto.action as well, but I'm not sure. Feel free to submit patches or suggest ways to add the hooks there.

Offline

#9 2013-05-01 19:42:51

Leonid.I
Member
From: Aethyr
Registered: 2009-03-22
Posts: 947

Re: Netctl and mac address spoofing

Xyne wrote:

I finally made the switch to netctl today and was completely surprised that they had removed stable features of netcfg. Manually hacking together custom service files and forcing users to fully enable profiles just to get per-profile pre-up and post-down behavior is unreasonable. It is also logically inconsistent given that post-up and pre-down exist.

Except that... it is consistent. The logic of netctl is basically "remove everything which can be done outside of netctl". The PRE_UP and POST_DOWN hooks can be implemented via systemd, as others have pointed out. PRE_DOWN  can't be done using other tools.

I'm not sure why POST_UP is there, as it can be implemented using systemd's ExecStartPost.

Xyne wrote:

I have uploaded a patched version that provides support for ExecUpPre and ExecDownPost. Please get it here and test it. If it works as intended then I will likely try to get it included upstream..

Please don't. This has already been discussed: https://github.com/joukewitteveen/netctl/issues/12 . The truth is that netctl has no way of properly handling the execution of specified commands (what if command fails or mistyped). My understanding is that people have misused the hooks heavily in the past, so they have been removed.

If you really want to do something about netctl, I'd create a unit generator which would add systemd Exec* hookes based on netctl profile hooks, and remove all hook handling from netctl...

Last edited by Leonid.I (2013-05-01 19:44:26)


Arch Linux is more than just GNU/Linux -- it's an adventure

Offline

#10 2013-05-02 03:15:18

Xyne
Moderator/TU
Registered: 2008-08-03
Posts: 5,633
Website

Re: Netctl and mac address spoofing

Leonid.I wrote:

My understanding is that people have misused the hooks heavily in the past, so they have been removed.

What is the logic there? If something is "heavily misused" that generally means that it is useful, no?

I don't see how user incompetence is an argument against a features, especially on Arch. If a user can't type a command correctly or write a script to handle failure, it shouldn't force everyone else to give up the feature.

As for "remove everything which can be done outside of netctl", that would be everything that netctl does. You can manually set up all of your connections, both wired and wireless, without netctl. You can write custom unit files for all such actions.

Surely the point of netctl is to provide a simple interface for managing network connections in a consistent manner, not to apply a jagged Occam's razor.

Please feel free to point me to documentation that allows me to easily enable per-profile pre-up and post-down actions without having systemd services enabled (i.e. I want these actions to be run when starting and stopping services manually). I'll maintain my simple patch as long as I find it useful. Anyone else who would rather add one simple line per-profile rather than clutter up the systemd dir with extra files while faffing about with custom units is welcome to use it.

Offline

#11 2013-05-02 17:13:22

Leonid.I
Member
From: Aethyr
Registered: 2009-03-22
Posts: 947

Re: Netctl and mac address spoofing

Xyne wrote:
Leonid.I wrote:

My understanding is that people have misused the hooks heavily in the past, so they have been removed.

What is the logic there? If something is "heavily misused" that generally means that it is useful, no?

I don't see how user incompetence is an argument against a features, especially on Arch. If a user can't type a command correctly or write a script to handle failure, it shouldn't force everyone else to give up the feature.

It's not "incompetence" per se, but rather  absence of knowledge regarding netctl internals. If you pass a command to a piece of software, you expect it be handled properly, no (otherwise the software is a hack)? Handling hooks properly in a bash script is cumbersome at best (what if command fails/arguments are wrong, etc.). OTOH, systemd is pretty good at tracking processes, so why not let it do its job? As you said, Arch is meant for competent users, so what's the issue with editing systemd units configs?

Xyne wrote:

As for "remove everything which can be done outside of netctl", that would be everything that netctl does. You can manually set up all of your connections, both wired and wireless, without netctl. You can write custom unit files for all such actions.

True, and that's how many people do simple network config. Just search the forums: for a laptop all you need is wpa_supplicant+dhcpcd wrapped in one systemd unit.

But the key word here is "simple". For example, I have 3 bridges on my server, and I'd like to have 1 script to handle them, not 3 nearly identical ones.

Xyne wrote:

Surely the point of netctl is to provide a simple interface for managing network connections in a consistent manner, not to apply a jagged Occam's razor.

Please feel free to point me to documentation that allows me to easily enable per-profile pre-up and post-down actions without having systemd services enabled (i.e. I want these actions to be run when starting and stopping services manually). I'll maintain my simple patch as long as I find it useful. Anyone else who would rather add one simple line per-profile rather than clutter up the systemd dir with extra files while faffing about with custom units is welcome to use it.

You have to be careful with the "per profile" logic. If profiles are switched dynamically and each includes a hook, how do you undo (within netctl) effects of hook_1 before hook_2 is executed? Moreover, most of the time, hook commands are really configurations. The present case is one example. Another example, is interface renaming. Would you do it through a hook or systemd/udevd config?


Arch Linux is more than just GNU/Linux -- it's an adventure

Offline

Board footer

Powered by FluxBB