NetworkManager

[Seth Nickell <snickell redhat com>]

We unfortunately haven't been vocal about this but for the past couple
months Dan Williams has been working on NetworkManager, a network policy
layer for HAL and the freedesktop.org stack in general. See
"NetworkManager" module in CVS. Its in GNOME CVS atm, but only the
applet and thin info caching daemon are GNOME specific. The
NetworkManager daemon itself, which contains the bulk of the code and
all the connection logic, should be suitable for general freedesktop.org
use.

The user experience we have been aiming for is electrical outlet: you
plug in and its on. For example, when I drop my laptop into its dock the
link is detected, DHCP information is fetched, and the network is
automatically moved to the wired device ASAP. If I unplug it immediately
associates with the "best" wireless network (determined by what I've
used it in the past, if it uses WEP, if I have a key stored for it, and
signal strength). 

Bryan, Dan and I have done a lot of work on getting the interaction
subtleties right. For example, we've had pleasant (*ahem*) discussion
with Ullrich Dreper (of glibc fame) about getting apps to detect new
nameservers in resolv.conf instantly so you don't have a 30 second pause
in Epiphany or whatever else is open when you change devices. It also
does nice stuff like encoding passphrases into WEP keys (rather than
requiring typing in the hex).

If I asked it to use a wireless network at Panera bread one day, and
come back there 2 weeks later (assuming a trusted network is not
available that it will silently autoconnect to) it asks if I want to use
Panera's network (and tries the WEP key I used last time before
prompting me for one). If I asked it to use a wireless network at Panera
bread, walk to my car (out of range) and come back several minutes later
it just silently reconnects instead of bothering me. etc etc.

There's also an applet, mostly for wireless stuff: manually telling it
to use a new access point, monitoring signal strength, etc. The applet
is pretty simplistic compared to netapplet: just has a list of networks
in range and lets you select one. But we hope that things like netapplet
can be written on top of network manager with no distro specific hooks
(and they should be much easier to write).

We have been carefully trying to make this a piece of code that can
improve the status quo of desktop networking stack. Obviously there's
going to be some distro specific details (like what you use to fetch
dhcp info), but for example the NetworkManagerRedHat module is only a
couple hundred lines of code (all very simple). There's also debian and
gentoo modules in CVS. But hopefully if NetworkManager does its job, all
other tools can be built on top of NetworkManager and we can be done
with the silly "distros control network devices differently" thing.

Architecture looks like this:

NetworkManager - a daemon that runs as root and provides the
"org.freedesktop.NetworkManager" DBus service to the system bus.
Provides all of the logic for automatically managing networking, and a
solid layer for building user-space tools on top of. Eventually it will
also support static networking, and rewriting command-line tools like
"ifup", "ifdown" etc to use NetworkManager is in the roadmap, but for
now its a desktop network policy layer.

NetworkManagerInfo - user daemon that feeds preferences and other
information (WEP keys, preferred APs, etc, which it stores in GConf) by
providing  a "org.freedesktop.NetworkManagerInfo" DBus service on the
system bus. Only the current console user will be allowed to register
this service thanks to J5's "at_console" DBus security context. It will
also do things like pop up a dialog prompting for WEP keys, or request
permission to connect to an untrusted AP (and has lots of details right
like making the dialog go away if the AP disappears ;-)

Because NM does connections automatically, these two will constitute a
"working system" for many uses. To provide feedback and a little more
control we also have:

NetworkManagerApplet - applet that allows you to specifically bind to a
wireless network, see a list of available networks and their strength,
if they require encryption, etc. Works entirely through talking to
NetworkManager (i.e. no direct networking or wireless code).

NetworkManagerDispatcher - runs scripts in a magic /etc directory in
response to NM events. For example, we have a simple one that starts a
VPN tunnel (w/ vpnc) when the wireless interface establishes a
connection to "rh-wireless". Not how we want to do VPN long term, but a
useful hack for now *grin*

Future plans:

Our next step is to implement VPN support that automatically starts when
you are outside the firewall. We want a standard plugin ABI, so that 3rd
party VPN software likes Cisco's can provide support for their VPN
systems in a standard predictable manner. No more shell scripts running
in terminals to start VPN. ;-)

After that we will probably start considering "server" needs for
NetworkManager such as supporting static IP addresses and porting
existing command line networking infrastructure to use it.

-Seth