Lmst

#LinuxNetworking

#ifstate 1.13.7 was released:
https://codeberg.org/liske/ifstate/releases/tag/1.13.7

(already available in @alpinelinux edge + 3.22 + 3.21 + 3.20 + 3.19 and in @m4rc3l's Nix flake https://codeberg.org/m4rc3l/ifstate.nix)

This maintenance release fixes some minor netns and routing related issues.

There is an open issue when using ifstate as a notify fifo script in keepalived: https://codeberg.org/liske/ifstate/issues/105 - when keepalived is reloaded any changes on vrrp constraint settings in ifstate may not apply.

#linuxnetworking #keepalived #AlpineLinux

#LTMLinuxTips - Day 5

🗺️ Check your public IP From terminal (with more detail):

curl -s https://ipinfo.io

Useful for remote access or VPN checks.

#LinuxNetworking #Privacy #Linux #OpenSource

This raises the (academic) question:

All interfaces of a Linux host are unnumbered (except for lo). A default route has been configured using a connected route.

Q: Is it possible to route packets to external addresses and which source IP address will be used?

A: Yes, the kernel just uses 0.0.0.0 as source ip 😳 🤯

IP 0.0.0.0.53768 > 9.9.9.9.53: Flags [S], seq 2818144202, win 64240, options [mss 1460,sackOK,TS val 2532946536 ecr 0,nop,wscale 7], length 0

#linuxnetworking #ip #legacy

Screenshot of a tiled terminal. In the upper tile the output of a tcpdump command shows packets from 0.0.0.0 to 9.9.9.9. In the lower tile the output of "ip -br addr" and "ip ro" is shown. The command "telnet 9.9.9.9 53" is trying to connect.

The interfaces of a Linux host have only IPv6 link-local addresses assigned. The Linux kernel has learned a on-link prefix (without M flag, no prefixes with A flag) and a default IPv6 route.

Q: What happens when trying to send IPv6 packets to an global-unicast addresses from this host?

A: Packets are send from the link-local address to global-unicast addresses 😳 🤯

IP6 fe80::8c52:5aff:fe15:3720 > 2620:0:871:9000::77: ICMP6, echo request, id 17175, seq 7, length 64

#linuxnetworking #ipv6

bird 2.17.1 was released and according to the release announcement it seems that bird 2.17 and 3.1 will be shipped with Debian trixie and get long-time support. 💪 🥳

https://bird.network.cz/pipermail/bird-users/2025-May/018195.html

#bird2 #bird3 #linuxnetworking #debian

@dermb Das dürfte an der "doppelten" Connected Route liegen wenn die bridge im gleichen Prefix liegt wie das eth0. Wenn der Kernel noch die Route via eth0 bevorzugt geht das schief, da über die Slave Interfaces keine Pakete direkt gesendet oder empfangen werden können - die müssen immer erst durch die Bridge.

Wenn man die Connencted Route entfernt geht es dann auch… und die IP von eth0 ist übrigens dann trotzdem erreichbar weil arp_ignore per default auf 0 gestellt ist.

#linuxnetworking

Screenshot von iproute2 Befehlen die das beschriebene Problem im Beispiel nachstellt. Der Terminal Text lautet:

root@clempner:~# ip -br addr
lo DOWN
br0 UP 192.168.42.3/24 fe80::3812:f5ff:fe5f:9d04/64
eth0@if13 UP 192.168.42.2/24 fe80::f838:50ff:fe77:57a1/64
root@clempner:~# ip ro
192.168.42.0/24 dev eth0 proto kernel scope link src 192.168.42.2
192.168.42.0/24 dev br0 proto kernel scope link src 192.168.42.3
root@clempner:~# ip ro get 192.168.42.1
192.168.42.1 dev eth0 src 192.168.42.2 uid 0
cache
root@clempner:~# ip ro del 192.168.42.0/24 dev eth0

#ifstate 1.13.5 was released:
https://codeberg.org/liske/ifstate/releases/tag/1.13.5

(already available in @alpinelinux edge + 3.21 + 3.20 + 3.19 and in @m4rc3l's Nix flake https://codeberg.org/m4rc3l/ifstate.nix)

This maintenance release fixes an exception breaking ifstate when pyroute2 0.9.1+ is used.

#linuxnetworking #pyroute2

How to Measure and Monitor Network Latency in Linux Using ping, mtr, and smokeping #network #ping #mtr #smokeping #linux #linuxnetworking #troubleshooting #commandline
https://ostechnix.com/monitor-network-latency-linux-ping-mtr-smokeping/

Das Wetter ist hier so lala: statt eines schönen Landregens ist alles nur grau bewölkt 🤪 … also gute Gelegenheit meinen CLT Vortrag nachzuarbeiten:

Ihr findet neben der Aufzeichnung jetzt auch die Folien als PDF: https://chemnitzer.linux-tage.de/2025/de/programm/beitrag/306

Wer sich für die Demos interessiert findet hier die Quellen für das Ansible Deployment: https://codeberg.org/liske/clt2025-liske-firewalls

(Bei @clt_news ist wohl auch schlechtes Wetter, die Folien wurden innerhalb von 15min verlinkt 😅 - Danke! 🙏 )

#clt2025 #linuxnetworking #ifstate

#ifstate 1.13.4 was released:
https://codeberg.org/liske/ifstate/releases/tag/1.13.4

(already available in @alpinelinux edge + 3.21 + 3.20 + 3.19 and in @m4rc3l's Nix flake https://codeberg.org/m4rc3l/ifstate.nix)

This maintenance release includes a single fix for the configuration of sysctl settings. The bug prevented ifstate from changing more than a single sysctl setting at a time. 🤦

#linuxnetworking

Mein Vortrag von den #clt2025 ist schon als Aufzeichnung verfügbar: https://media.ccc.de/v/clt25-306-firewalls-mandantenfahig-redundant-deklarativ

Vielen Dank an alle die zugeschaut haben/es sich ggf. noch anschauen werden. Ich hoffe es hat euch ein paar neue Einblicke gegeben. Mir hat es wieder sehr viel Spaß gemacht. 🤗

Und großen Dank an das Team der @clt_news und das @c3voc 🙏

#linuxnetworking #ifstate #nftables

How To Check And Secure Open Ports In Linux #Linuxnetworking #Linuxsecurity #Linuxadmin #Linuxhowto #Linux #netstat #ss #firewalld #iptables #nmap #lsof
https://ostechnix.com/check-and-secure-open-ports-in-linux/

📹 OpenWrt One – огляд, тести, розбирання, досвід експлуатації роутера з OpenWrt → (https://www.youtube.com/watch?v=TiIl1VxHt6M)
👤 #ТЕХНОСМАК → (https://www.youtube.com/@TechnoSmak)
@youtubabot: 📹1080p
https://t.me/Decloaking/5967
#OpenWrt #Router #TechReview #Networking #OpenSource #WiFi #Firmware #CustomRouter #TechExploration #LinuxNetworking #DIYNetworking #HomeNetworking #Internet #Security #VPN #SmartHome #TechCommunity #OpenWrtOne #WiFiRouter #WirelessTech #NetworkOptimization #HardwareReview #TechSetup #TechExperiment #OpenSourceFirmware

I've found a hint in sysfs: the `of_node` symlink in `/sys/class/net/$IFACE/` points to different device nodes entries.

dsa → /sys/firmware/devicetree/base/ethernet@1e100000/mac@0
eth0 → /sys/firmware/devicetree/base/ethernet@1e100000/mac@1

It is independent from the name or the netns of the interface. 😅 But it seems to only work on platforms with device tree support.

Any experience with DSA on x86_64 platform? Any chance to get this detail via netlink? 🤯

#linuxnetworking #ifstate #DSA

I wonder how DSA network interfaces can be distinguished reliable. The port interfaces can be easily identified by the phys_port_name IFLA, but what is about the master interfaces?

I've access to a SoC which has a `dsa` and `eth0` interface (besides 4 port ifaces). Both have the same driver, the same businfo and the same mac address. How can they be distinguished at all, even if they have been renamed or moved into a netns?

Any ideas?

#linuxnetworking #ifstate #DSA #netlink #iproute2

Screenshot of `ip -c -d link show dev …` and `ethtool -i …` for the interfaces dsa and eth0. The output, except for the configured MTU, is the same.

Output of the new `ifstate identify` command which can be used to create a config YaML template with interface distinguishers for physical interfaces. This is one of the major changes scheduled for ifstate 2.0.

#TIL sysctl net.ipv4.conf.all.promote_secondaries

When enabled (it is not by default) one can remove the primary (read: first assigned) ipv4 address of an interface w/o removing all other assigned ipv4 addresses. This may help when you need to renumber remotely…
(…and do not have some declarative network configuration tool like #ifstate ;-)

https://sysctl-explorer.net/net/ipv4/promote_secondaries/

#linuxnetworking #IPLegacyProblem

#ifstate 1.13.2 was released:
https://codeberg.org/liske/ifstate/releases/tag/1.13.2

(available in @alpinelinux edge + 3.21 3.20 + 3.19 and in @m4rc3l's Nix flake https://codeberg.org/m4rc3l/ifstate.nix)

This maintenance release includes fixes for configuring FDB entries.

The configuration of VXLAN with non-default UDP ports, unicast and static flooding now works correctly: https://ifstate.net/examples/vxlan.html

#linuxnetworking #ipv6 #vxlan

I noticed that the Alpine Linux kernel had CONFIG_IPV6_OPTIMISTIC_DAD not set.

Opened an issue in @alpinelinux Gitab https://gitlab.alpinelinux.org/alpine/aports/-/issues/16799 today.

Fixed by @ncopa a short time later* for Alpine 3.21 🌬️ 🏁

Rebuild my Alpine ISO image and upgraded the routers in the evening where I missed this features.

Wow that was incredibly fast, I'm still feeling quite dizzy. I am very grateful 🙏

*) we talked about it on IRC and Linux 6.12.8 was just to be packaged 😅

#linuxnetworking #AlpineLinux

Am I correct in thinking that #Ubuntu's default networking configuration, for a non-server install, uses both #NetworkManager for network configuration management and #Systemd Resolved as a local stub DNS resolver?

Because that's how my workstation apparently works, and I don't remember doing anything to configure it that way explicitly.

And what an unholy fucking mess.

#Linux #LinuxNetworking

#ifstate 1.13.1 was released:
https://codeberg.org/liske/ifstate/releases/tag/1.13.1

(available in @alpinelinux edge + 3.20 + 3.19 and in @m4rc3l's Nix flake https://codeberg.org/m4rc3l/ifstate.nix)

You may have guessed it already: there was a bug in ifstate about routes with NLRI from another address family. ifstate's config JSON schema has allowed this for a long time and now it really works 😅

#linuxnetworking #ipv6

#LinuxNetworking

Client Info