Enabling Connectivity Checking in NetworkManager

[Stéphane Graber]

On 07/10/2012 03:39 PM, Marc Deslauriers wrote:
> On Tue, 2012-07-10 at 15:29 -0400, Stéphane Graber wrote:
>> On 07/10/2012 03:20 PM, Marc Deslauriers wrote:
>>> On Tue, 2012-07-10 at 15:11 -0400, Stéphane Graber wrote:
>>>> On 07/10/2012 03:06 PM, Ted Gould wrote:
>>>>> On Tue, 2012-07-10 at 14:48 -0400, Scott Kitterman wrote:
>>>>>> On Tuesday, July 10, 2012 02:41:35 PM Mathieu Trudel-Lapierre wrote:
>>>>>>> As for the actual change, it is limited to the
>>>>>>> /etc/NetworkManager/NetworkManager.conf file; to which the following
>>>>>>> will be added:
>>>>>>>
>>>>>>> [connectivity]
>>>>>>> uri=http://start.ubuntu.com/connectivity-check.html
>>>>>>> response=Lorem ipsum
>>>>>>>
>>>>>>> See the manual page for NetworkManager.conf(5) for the details of what
>>>>>>> these settings do.
>>>>>>>
>>>>>>> Please let me know if you have questions or think there are good
>>>>>>> reasons not to enable this feature. If there is no response by the end
>>>>>>> of the week, I'd like to proceed with a enabling this in Quantal and
>>>>>>> making sure it gets well tested.
>>>>>>
>>>>>> I think that a significant fraction of Ubuntu's user base is (reasonably) very 
>>>>>> sensitive about privacy issues.  While this is no worse the the NTP check that 
>>>>>> already exists (that is controversial), I don't think it  should be enabled by 
>>>>>> default.
>>>>>
>>>>> I think that for those who are concerned, this is trivial to disable.
>>>>> But, I think what happens for those who are, is that Ubuntu "does the
>>>>> right thing" by default.  If you're at a hotel or other location that
>>>>> captures for a login page, you won't get your mail and apt and ... all
>>>>> downloading bogus stuff.
>>>>>
>>>>> 		--Ted
>>>>
>>>> There are other ways to detect such cases without having the machine
>>>> connect to an external service.
>>>>
>>>> Someone suggested on IRC to implement a doesnt-exist.ubuntu.com which is
>>>> essentially a record that Canonical would guarantee never to exist in
>>>> the ubuntu.com. zone.
>>>>
>>>> If you can resolve or even access that host, then you are behind some
>>>> kind of captive portal/proxy.
>>>>
>>>
>>> That only works if the portal/proxy spoofs DNS. Some don't do that.
>>>
>>> Seriously, there's a whole slew of software on the desktop that connects
>>> to the Internet regularly, I don't see how this is any different. It's
>>> easy to change for paranoid people, and enabling it would make Ubuntu so
>>> much better for a majority of users.
>>>
>>> Marc.
>>
>> Just to clarify, I'm not at all against that change, being one of the
>> ones who asked Mathieu to put that on this todo after looking at 2-3
>> implementation of that check in ubiquity alone that I'd love to get rid off.
>>
>> I'm not sure I like the idea of having NM poke that same address every 5
>> minutes as it sounds like a pretty easy way for anyone to accurately
>> count the number of Ubuntu machines currently running in any given network.
> 
> Meh, there are countless other things that can be used for that
> currently...apt requests, ntp, browser user-agent strings, etc.

None that gives you the guarantee of happening at a given interval.
NTP happens on boot and whenever an interface is brought online, so you
can't really know how many machines that's.

With the connectivity check running exactly every 5 minutes, you can
take a one hour sample of the http traffic on a network, divide by 12
and have a pretty accurate estimate of the number of machines on it.

Given a longer log, you could probably get an even more accurate count
by looking at the exact time different between checks to detect new
machines being turned on or machines disappearing.

>> Sadly it's not how it was implemented in Network Manager, but I think
>> I'd have preferred to have this check be exposed over DBUS so that
>> applications like ubiquity can use that call to query the connectivity
>> on demand.
> 
> I'm confused...Network Manager already exposes connectivity information
> over dbus, and that's what apps are supposed to use...

What I'm saying is that I'd rather a "function" be exported over DBUS
than a "status"/"event".
So that when something needs to know whether they have connectivity they
trigger that test and possibly pass it some more information so that
Network Manager can test it "properly".

Querying the page in the background and poking the application back is
the difficult part of that process, not having a test service up and
running. So I could see quite a few software developers wanting to use
the capability in Network Manager but with their own test service and
possibly with a different protocol.

>> This would also have allowed to extend the check to work with other
>> protocols, letting the client application query for a specific host and
>> protocol if it wants to (with the default being whatever is defined in
>> NetworkManager.conf).
> 
> Well, the idea is apps ask Network Manager, so it can be configured in a
> central location, and not have every app try and override the default...

Sure, in most cases they won't have to and so shouldn't mess with the
default, though I still think being able to override the default is
valuable as it'd let some developers have a way of preventing expensive
API calls when something is wrong on their side too.


For example you could have https://status.launchpad.net/nm.html be
checked by python-launchpadlib, acting as both a connectivty check and
as a service check.

If something wrong happens to LP, an admin could change that page, which
would prevent anyone using that page as a test from querying the API and
increasing the load on the application servers.

> Marc.


-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20120710/dc992b95/attachment.pgp>