NetworkManager 1.4: with better privacy and easier to use

After we released version 1.0 of NetworkManager, it took us sixteen months to reach the 1.2 milestone. This means that it took over a year for some newly added features to reach the user base. Now we are releasing the next major release after just four months.

Guglielmo Marconi, checking out NetworkManager 1.4 Wi-Fi MAC address changing
Guglielmo Marconi, checking out NetworkManager 1.4 Wi-Fi MAC address changing

This improved release cadence was made possible by the excellent work of Red Hat’s Quality Engineering team during the development cycle. Their thorough testing gave us confidence in the new code and dramatically lowered the number of bugs late in the release cycle.

Despite a somewhat shorter release cycle the new version of NetworkManager, while still API and ABI compatible with previous versions, is by no means short on improvements. Let’s take a detailed look!

What’s new?

It is now possible to randomize the MAC address of Ethernet devices to mitigate possibility of tracking. The users can choose between different policies; use a completely random address, or just use different addresses in different networks. For Wi-Fi devices, the same randomization modes are now supported and does no longer require support from wpa-supplicant. You can read more in Thomas’ article on MAC Address spoofing.

API for using configuration snapshots that automatically roll back after a timeout has been added. The remote network configuration tools (think Cockpit) are expected to use this to avoid situations where a mistake in the configuration renders the remote host unreachable.

A new “dns-priority” property of ipv4 and ipv6 settings can be used to tweak the order of servers in resolv.conf. This will make things easier for users who often use multiple active connections.

Following some upstream kernel changes, IPv6 tokenized interface identifiers can be configured. This makes it possible for the system operators to use a router-assigned prefix while still using some well-known host part of the address.

nmcli got some new features too, motivated by the feedback we received in the NetworkManager user survey. Many users will surely welcome that the “connection add” syntax is now consistent with “connection modify”. Those of you who’re used to typing “ifconfig” to get the big picture can now get a quick overview of devices and their configuration by invoking “nmcli” without parameters.

Certain parts of the device configuration, such as IPv4 and IPv6 method or addressing, can now be updated without completely restarting the device configuration. nmcli has been extended with “device modify” and “device reapply” subcommands that build on this functionality.

Canonical contributed support for oFono in place of ModemManager to support mobile broadband connections. The Ubuntu phone has been using this for some time. We’re happy to see it merged in mainline NetworkManager!

Canonical also contributed patches that expose on D-Bus RX/TX counters of transferred bytes per interface. With this client applications can monitor the bandwidth.

VPN plugins are no longer released together with NetworkManager. It is intended that for most plugins no 1.4.0 release exists because the newest version of the plugin works equally well with any NetworkManager version 1.2.0 or newer.

What’s next?

There’s a couple of features that have been worked on, but didn’t quite make the 1.4.0 release. Very likely to be included in the next update are improved proxy support and MACsec.

The efforts of Atul Anand, a Google Summer of Code participant, have turned out to be fruitful. He has done excellent job at improving the support for Proxy (auto-) configuration and his work will be merged very soon.

The Linux kernel 4.6 includes support for a Layer 2 encryption known as MACsec and we’re almost done implementing support for configuring it with NetworkManager.

Happy Networking!

Update 2016/08/30: Added reference to Thomas’ MAC spoofing article

Thanks to Dan Williams, Thomas Haller, Francesco Giudici, Beniamino Galvani, Eric Garver and Sabrina Dubroca for reviewing this article, adding their favourite features and fixing many silly mistakes!

Published by

Lubomir Rintel

A free software enthusiast, Fedora contributor and a NetworkManager developer.

6 thoughts on “NetworkManager 1.4: with better privacy and easier to use”

  1. One may want to be wary of Proxy Auto Configuration, given how it can be abused to track even HTTPS URL’s – deliver a PAC script that logs the URL’s that are sent to it.
    Windows boxes are actually starting to move away from things like WPAD for this reason.

  2. pity 1.4s mac randomization code breaks the wifi on my older Thinkpads from X30 to T43 which have the older intel wifi cards.

  3. #/etc/NetworkManager/conf.d/autoconnect-false-by-default.conf
    [connection]
    connection.autoconnect = false

    # Why is this still impossible?

Leave a Reply

Your email address will not be published. Required fields are marked *