A simple framework to switch the services your pc offers depending on what network its connected to.
how:
Using a framework similar to that of runlevels, with additional sections for custom scripts, switching configs, changing firewalls(IPtables).
why:
- More secure - You can't compromise samba if it doesn't run when I connect to your network, you can't catch me on your wifi if you cant ping me (well you can but most people don't know how)
- More convenient - I'm to lazy to run "sudo myscript" after every connection
- Faster boot time - If your not connecting to any networks (about the same if your networking is configured to connect before login)
- Vista can do it - Vista has similar functionality to protect its users and ill be dammed if I cant have it to
I don't know but I already got as far as v0.2 without actually showing anybody the design and figured id put it out there so people can explain why its all wrong while I finish up the code.
Desgin:
Core: (/etc/netprofiles)
run-netprofile - does all the work [bash based of rc]
linkswap.py - switches your config files [python]
- It uses hardlinks I don't know if this is right or wrong, I tried arguing with myself over hardlink vs symlink but don't really know so went with hardlink for performance.
The NetworkManager section (/etc/netprofiles/callers/NetworkManger)
To allow easier expansion, /etc/netprofiles/callers/$name contains the code that depends on external programs (to start with just NetworkManager).
chooseprofile.py - A script is called every time the network changes, this script decided what action to take [python]
- All config choices go in here
- Uses UUID from network manager to identify a network (is this a good idea?, I thought it was better than doing it myself but it makes it harder for people to understand)
- Only interacts with netprofiles by picking one
- Probably needs to hook into system notifications to let the user know what's happening (latter versions)
- More complex than needed so ill move it to bash at some point
- needs to hook into system notifications to let the user know what's happening (latter versions) and needs even more gui (much latter versions)
profilemap - map of uuid -> profile
Profiles: (/etc/netprofiles/profile)
I chose to allow it to be a name as compared to a number as I can see situations where simple numbers don't map up to usage scenarios very well and its also easier to understand this way, however this may have been a bad call as it may make the system vulnerable to attacks, ADVICE?
profile/offline/ - a special profile (although you can edit it yourself of course)
- where the original config files go when replaced (/etc/netprofiles/profile/offline/etc/)
- launched as root (but you can use sudo/su to change that)
- scripts must be numbered
- 0-29 run before taking services down
- 30-69 run while all services are down
- 70-99 run after services are up
- K stop services (stopped in ascending order)
- S start services (started in ascending order)
- R restart services (stopped in ascending order after K then started at the same time as S services)
- N (or any other letter) unchanged services
- these can be links to /etc/rc/ and will not affect weather runlevel changes
- this will allow you to run samba with different configs under home/away
- These are loaded (overwriting previous tables) when the profile starts (but not unloaded when another profile runs).
External
/etc/NetworkManager/80-netprofiles - A dispatcher script that launches chooseprofile.py with arg1 = up/down [bash]
/var/log/netprofiles.log - A log
/var/run/netprofile - A file containing the current netprofile.
Code to follow soon but I'm looking for feedback on the design, information on alternatives.
P.S This is my first blog post so feedback on blogging style/stupid amount of typos would be nice (but I may remove typo comments as i fix them to allow clearer discussion).
No comments:
Post a Comment