On Sun, 10 Mar 2013 10:08:07 +0100 Jouke Witteveen <j.witteveen@gmail.com> wrote:
On Sat, Mar 9, 2013 at 8:46 PM, Leonid Isaev <lisaev@umail.iu.edu> wrote:
On Sat, 9 Mar 2013 14:22:17 +0100 Jouke Witteveen <j.witteveen@gmail.com> wrote:
On Fri, Mar 8, 2013 at 9:02 PM, Leonid Isaev <lisaev@umail.iu.edu> wrote:
Hi,
I have been running testing/netctl for a couple of days now and noticed some issues (some of which are not really netctl specific). I thought it might be better to bring them up here, as opposed to flyspray.
1. There used to be a DHCP_OPTIONS variable in netcfg, but it is never mentioned in netctl documentation. Meanwhile, ip_set() in globals, does have DHCPOptions. Was making this variable invisible to the user intentional? It is quite convenient when dealing with buggy DHCP servers (e.g. -d switch for dhcpcd)...
By the capitalization, you can tell that DHCPOptions is intended to be usable in profiles. However, this feature went undocumented because in the past users have made a mess with it. For instance, by backgrounding the daemon. If DHCP servers are buggy, they should be fixed, thats not netctl's fault. However, if you can come up with a
I agree, so I usually send a part of daemon.log to our IT... not sure if it helps though.
piece of documentation that makes users not want to use this variable, I'd love to include it.
Will do.
2. There is a WPADriver variable whuch is not read if a profile is included in a group by netctl-auto (because profiles are parsed in separate subshells). This a good thing, as different profiles can have incompatible values of WPADriver, but I think it should be included in documentation (it can seriously confuse a user, myself included, who looks at ps auxww).
Your new documentation suggests the same holds for other variables too, but I cannot quickly see which ones. If WPADriver is the only one, I would prefer the suggestion is removed from the documentation ;-).
WPAConfigFile? But this is logically for wpa-config security which is incompatible with netctl-auto (there is a comment in netctl-auto, but I'd also make it clear in netctl.special). The reason why I mentioned it is because I tried to make netctl call wpa_supplicant with -Dnl80211, but wext kept showing up...
So basically, WPADriver is the only ignored option in netctl-auto?
Yes, correct.
OTOH, is there any case when we need such a control? E.g. doesn't -D nl80211,wext work always? So perhaps there is no practical use for WPADriver in the 1st place.
For wired connections, we use the 'wired' driver. Being able to choose your driver is a valuable option, but just as in the DHCPOptions case one that most users should not be bothered with.
Completely forgot about those :) But whouldn't the type "ethernet" be sufficient, i.e. if "Auth8021X=yes", then use "WPADriver=wired" automatically?
3. This is the main issue, albeit also present in netcfg. With wpa_supplicant 2.0 and wpa_actiond 1.4 we noticed a sizeable delay when shutting down netctl-auto (resp. net-auto-wireless) in a WPA-EAP environment. This is somehow related to the fact that wpa_actiond is never killed by netctl/netcfg which only terminates wpa_supplicant/dhcp client. The real problem may be in wpa_supplicant, but regardless, netctl/netcfg should properly clean up after itself.
What is the problem, precisely? If wpa_actiond sees the supplicant has disappeared, it quits.
Please see https://mailman.archlinux.org/pipermail/arch-general/2013-March/033036.html. Basically, with wpa_actiond 1.4 (which IIRC includes wpa_ctrl code from wpa_supplicant 2.0) some of us noticed ~10sec delays when netctl-auto is stopped. Currently I can only test this on a WPA enterprise univ. network. Of course, I can't prove that this is not a bug in wpa_actiond, but it doesn't seem that way. Since I have a hw control and light indicator on my laptop wifi card, I can tell that interface is down, but systemd waits for something, and the only thing which is not killed by netctl is wpa_actiond. Killing it explicitly helps in my case at least.
Interesting. If you've got a lot of time, you could try to find the wpa_actiond commit that introduced this delay. I wouldn't be surprised if reverting dadc6 would remove the delay. Another thing you could try is increase the delay on line 106 of netctl's lib/8021x.
That patch seems reasonable, and since this has not been noticed before, worked OK with wpa_supplicant 1.0. But I haven't tried reverting it yet. I also haven't played with timeout in 8021x, but I think that wpa_supplicant is dead during the delay because my wifi interface is down (indicator light goes red)...
I would say that the correct way of terminating is sending the 'terminate' call to the supplicant. This should take care of both wpa_supplicant and wpa_actiond. The current netctl code gives the supplicant and wpa_actiond 1 second to die. After that, it kills the supplicant (but not wpa_actiond).
I always thought that 'wpa_cli wlan0 terminate' will effectively send a sigterm to wpa_supplicant, so do we ever get to killing the latter explicitly? And if we do, perhaps it should be 'kill -kill'?
But regardless as long as netctl cleans up wpa_supplicant and dhcpcd, why not other daemons it spawned?
We could do a similar timeout thing as for wpa_supplicant, but in the end it would be nice if everything just terminates after our 'friendly' request.
In a systemd setting, this all seems perfectly fine, doesn't it?
Yes, iff one can ensure that the daemons are killed in a correct order.
However the following question is valid: is there any way we can rely on systemd's cgroup mechanism to trim the clean-up code? If it is only possible to start a profile as a systemd service, then I'd say there is no need to terminate wpa_supplicant (in wpa_stop()); dhcpcd is a different story though as I don't know how it would behave when interface suddenly disappears (if wpa_supplicant is killed first). So, I think it is OK to leave some processes in netctl's cgroup after ExecStop=... returns but not all.
I am gonna think about not forcefully killing the supplicant. Indeed, systemd should be able to deal with this for us.
Best, L. PS: BTW I forgot to thank you for the great job you did on netctl :)
Glad to be working with you.
Pts. (2) and (3) are 'fixed' by the following small patch...
Cheers,
-- Leonid Isaev GnuPG key: 0x164B5A6D Fingerprint: C0DF 20D0 C075 C3F1 E1BE 775A A7AE F6CB 164B 5A6D
Regards, - Jouke
-- Leonid Isaev GnuPG key: 0x164B5A6D Fingerprint: C0DF 20D0 C075 C3F1 E1BE 775A A7AE F6CB 164B 5A6D
-- Leonid Isaev GnuPG key: 0x164B5A6D Fingerprint: C0DF 20D0 C075 C3F1 E1BE 775A A7AE F6CB 164B 5A6D