Thursday, April 5, 2012

ifconfig and "interfaces" (2)

I'm still puzzling about network interfaces (previous post here). I'm trying to understand why the output from ifconfig has changed to add new interfaces like gif0 and stf0, and whether it's related to something I did (and therefore a potential cause for concern).

At the time it happened, I'd have sworn it was a result of something I had just done in the last hour or two, but it was not undone by a reset of the Airport to factory default, nor by a clean install of OS X.

I'm sure many people could explain this to me in a second, but I can't find them. This morning I was googling various terms and found my own "scratching my head" post coming up as the top hit, and that's certainly not a good sign.

Anyway, I don't have a complete solution but the executive summary so far is:

- interfaces are machine-specific. It does not appear to have anything to do with the Airport (in fact, Airport has its own list of interfaces).

- it appears to be something that the System is doing on boot, but I haven't seen anything in the logs yet to tell me what that is.



To start from the basics, a network interface controller is a piece of hardware that connects a computer to a network, like the internet. So when I think back to that day in 1994 when the IT guys came around and added a gizmo (to my serial port?) and then installed Netscape on my machine, the gizmo or "Ethernet card" was one of these devices.

In the OSI model, the interface comprises layers 1 and 2, where the other layers might be various options like:

3 IPv4
4 TCP or UDP
5 a socket
6 SSL
7 HTTP

I haven't found a good description of how these physical devices are integrated into a modern Mac, but there are a lot of them and it seems that probably most are implemented in software rather than hardware. The man pages for gif and stf:

     gif -- generic tunnel interface
     stf -- 6to4 tunnel interface

indicate that these two are for "tunneling" (wrapping IPv6 somehow to tunnel it over IPv4):

The stf interface supports ``6to4'' IPv6 in IPv4 encapsulation.  It can
     tunnel IPv6 traffic over IPv4, as specified in RFC3056..

     The gif interface is a generic tunneling pseudo device for IPv4 and IPv6.
     It can tunnel IPv[46] traffic over IPv[46]..

     Each gif interface is created at runtime using interface cloning..

Although these can be configured using ifconfig (if stands for interface)

The ifconfig utility is used to assign an address to a network interface
     and/or configure network interface parameters.

> ifconfig gif0
gif0: flags=8010 mtu 1280
> sudo ifconfig gif0 destroy
Password:
> ifconfig gif0 
ifconfig: interface gif0 does not exist

It will come back after reboot.

Also, on my single location ("Automatic"), I deleted all but Wi-Fi in Network Prefs, but the output from ifconfig still shows fw0 etc.

I found a document at Apple called Introduction to System Configuration Programming Guidelines which seems right on point.

The CurrentSet preference always contains the internal ID that represents the currently active set in the Sets preference (in Figure 3-1, this is Setk). When a user selects a different location in Network preferences or from the Apple menu, the preferences monitor notices and updates the dynamic store to reflect the change. For more information on the preferences monitor, see “Preferences Monitor ”).

The remaining two top-level preferences, Sets and NetworkServices, contain the bulk of the information the system needs to configure network services. As you can see in Figure 3-1, a set listed in the Sets dictionary contains the internal IDs that represent individual services listed in the NetworkServices dictionary. The following sections describe the Sets and NetworkServices dictionaries in more detail.

I haven't digested all the details yet, but two key points. First, the "Persistent Store" is saved in this file:

/Library/Preferences/SystemConfiguration/preferences.plist

and if I follow the trail from CurrentSet to Network to ServiceOrder to Interface I see a single DeviceName, which is en1. (Let's not worry where en0 and lo0 come from just yet).

So, if I'm reading this right, my Prefs in the GUI sorta match what's in the file.

The second point is however:

Preferences Monitor
The preferences monitor reads the currently active configuration set specified by the user’s CurrentSet preference and loads the associated preferences into the dynamic store.
..

Kernel Event Monitor
The kernel event monitor maintains a list of all network interfaces defined in the system, the link status associated with each interface, and any assigned addresses. It monitors low-level kernel events and watches the network stacks, keeping track of the link status of each network interface. The kernel event monitor’s main job is to post the status of each network interface in the dynamic store. This frees applications from having to reach into the kernel to find out, for example, if the Ethernet cable is plugged in or if the assigned addresses have changed.

The system also modifies the network interfaces, it's not just from my Network Prefs. Probably what I will need to do is figure out how to navigate SystemConfiguration. Although, if you notice, I only retrieved the three en0, en1 and fw0 using SCNetworkInterfaceCopyAll(), plus one dealing with Bluetooth.

Finally, I made some progress with snmp and the Airport Extreme.

> sudo snmpwalk -v 2c -c public 10.0.1.1
..
IF-MIB::ifDescr.1 = STRING: mgi0
IF-MIB::ifDescr.2 = STRING: mgi1
IF-MIB::ifDescr.3 = STRING: mv0
IF-MIB::ifDescr.4 = STRING: mv1
IF-MIB::ifDescr.5 = STRING: lo0
IF-MIB::ifDescr.6 = STRING: wlan0
IF-MIB::ifDescr.7 = STRING: wlan1
IF-MIB::ifDescr.8 = STRING: pppoe0
IF-MIB::ifDescr.9 = STRING: bridge0
..
IF-MIB::ifType.1 = INTEGER: ethernetCsmacd(6)
IF-MIB::ifType.2 = INTEGER: ethernetCsmacd(6)
IF-MIB::ifType.3 = INTEGER: ieee80211(71)
IF-MIB::ifType.4 = INTEGER: ieee80211(71)
IF-MIB::ifType.5 = INTEGER: softwareLoopback(24)
IF-MIB::ifType.6 = INTEGER: ethernetCsmacd(6)
IF-MIB::ifType.7 = INTEGER: ethernetCsmacd(6)
IF-MIB::ifType.8 = INTEGER: ppp(23)
IF-MIB::ifType.9 = INTEGER: bridge(209)

(why would you label a password---that's what "public" is above---as "community"??) snmp is one of the oddest protocols I've ever seen.

Without getting into all the details, these interfaces are different than the ones I see on my machine. So this is all consistent with interfaces being, in a way, a statement of what the device is capable of doing. They are device-specific.

The Airport settings are not responsible for what I see when I do ifconfig on my machine, and my adventures in snmp land aren't likely to be responsible for the changed output I get from ifconfig.

Since I did a clean install of OS X Lion, it seems clear that I'm mistaken about when these new interfaces appeared. I have to believe now it was probably with the 10.7.3 upgrade.

[ UPDATE: Found the general issues very well explained in this book, though not this specific problem. ]