Hi all, Lukas and me have put together an agenda for the BoF: https://pad.riseup.net/p/gFV8pU15gNbjrEtvVBJm-keep
Current text copied below. We're unlikeley to make it through everything but we've already tried to put the important stuff at the top :-). DebConf 2025 – Networking BoF ============================= ## CfP Submission https://debconf25.debconf.org/talks/124-networking-bof/ Title: Networking BoF (45min, Systems administration, automation and orchestration) Blink and you missed it: Debian grew a Networking Team and we invite you to join and discuss our future direction. Team: https://wiki.debian.org/Teams/NetworkingTeam Networking is a critical piece in any contemporary Operating System with an enormous surface area. It brings into intimate contact large bodies of code, countless technical decisions encoded within and people identifying strongly with all of it. The Debian project's overarching uncoordinated do-ocracy is ill-suited to endure this friction without igniting conflicts in this area. We want to improve the situation by creating a place for friendly consensus to build inside the project so that come release time's crunch Debian's users aren't the ones feeling the heat🔥. The agenda for this inaugural session includes: - Sustainable maintenance of our Networking Stacks - Testing & QA of Network components - Technical improvements in: DNS handling, Multihoming, VRFs, IPv6 and VPN Security. Full agenda: https://pad.riseup.net/p/gFV8pU15gNbjrEtvVBJm-keep Keywords: ifupdown, dhcpcd-base, ifupdown-ng, NetworkManager, systemd-networkd, systemd-resolved, resolvconf, openresolv. Speakers: slyon, dxld Agenda ------ - Building a strong Networking Team - Collective responsibility - Team should have a clear direction we can communicate to the rest of the project. - Decision-making: Vote/Consensus? Team Membership criteria? - Santiago — maintainer of classic ifupdown — raised a Request For Help. Suggesting that we should aim for a replacement: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101366 - ifupdown's Priority:important has historically been a contested discussion topic. - Planning for Forky - Diversity or Unity? ifupdown{,-ng}, systemd-networkd, NetworkManager, netplan.io - Deprecation of NetworkManager ifupdown plugin? (@mbiebl) - Decide on place for team repos - Team group on Salsa? DebConf 2024 consensus: use "debian/" namespace. Suggestion: https://salsa.debian.org/networking-team/ - Future work: Multihoming that Just-Works™ https://datatracker.ietf.org/doc/html/draft-gont-6man-multi-ipv6-spec-01 - Need DNS "query routing" feature somewhere and hook it up. - dnsmasq, unbound: have the right features. unsure about sd-resolved - resolvconf, openresolv: need to grow an interface for it - Alternatively: libc stub, i.e. NSS, support could also help here. - Related: "Provisioning Domains" (PvD, RFC 8801, 2020) https://datatracker.ietf.org/doc/html/rfc8801 - Future work: Reviewing and Maintaining VPN Software Security - "A Glance through the VPN Looking Glass" - 2015 - DNS hijack using DHCP shananigans - TCP connection hijacking - 2019 - Weak host model - https://lwn.net/Articles/806546/ - "Tunnel Crack" - 2023 - ip-rule(1) misconfiguration - Bypassing Tunnels: Leaking VPN Client Traffic by Abusing Routing Tables https://tunnelcrack.mathyvanhoef.com/details.html - "Tunnel Vision" - 2024 - DHCP shananigans dejavu: LAN addressing and route-option https://www.tunnelvisionbug.com/ - Future Direction - Better control over system-wide DNS configuration to allow for hijack mitigation. - Improve VRF integration in VPN Software. Can be a very small change. See eg. #1041355 in wg-quick. -> Codify good practices into debian-policy. - Retrospective: Default mDNS provider conflict and decision - mDNS provider for Trixie is Avahi per tech-ctte decision. - sd-resolved mDNS disablement via /usr/lib/systemd/resolved.conf.d/00-disable-mdns.conf - TC discussion: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098914 - Ubuntu decided on Avahi too: https://lists.ubuntu.com/archives/ubuntu-devel/2023-March/042499.html - Problem: dhcpcd-base breaking changes in Trixie compared to Bookworm See discussion on already-resolved DDNS issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089598#62 -> Filing RC bugs for inet stanza change and slaac privacy default TBD by @dxld - Problem: sd-resolved integration with Trixie's new default DHCP client. "DNS server disappears when using systemd-resolved" https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103719 - Direction: Towards an IPv6 Single-stack - Quick introduction and status report (@dxld). - IPv6-only - maintain connectivity with legacy IPv4-only internet. Tech: NAT64, CLAT, SIIT-DC, PREF64. - IPv6-mostly - turning off IPv4 stack via DHCP signaling. https://datatracker.ietf.org/doc/html/draft-ietf-v6ops-6mops-01 - Future work: More Testing - The (lack of) systemd-udevd can cause issues when mangling network interfaces e.g. in NetworkManager testing: https://salsa.debian.org/utopia-team/network-manager/-/merge_requests/13 - Use VMs (amd64 only) in addition to LXC containers to execute tests. - Many packages lack testing. Let's fix this! By default, `isolation-machine` tests are not executed in DebCI. Superficial tests don't help. Many packages don't have any integration tests. Improvements can be easy. Examples: https://salsa.debian.org/debian/wireguard/-/merge_requests/8 https://salsa.debian.org/DebianOnMobile-team/modemmanager/-/merge_requests/26 https://salsa.debian.org/utopia-team/avahi/-/merge_requests/17 https://salsa.debian.org/utopia-team/network-manager/-/merge_requests/13 - Bonus: Tests executed in Salsa-CI. --Daniel
signature.asc
Description: PGP signature
