NetworkManagerNetworkManager — network management daemon |
Synopsis
NetworkManager [OPTIONS...]
Description
The NetworkManager daemon attempts to make networking configuration and operation as painless and automatic as possible by managing the primary network connection and other network interfaces, like Ethernet, Wi-Fi, and Mobile Broadband devices. NetworkManager will connect any network device when a connection for that device becomes available, unless that behavior is disabled. Information about networking is exported via a D-Bus interface to any interested application, providing a rich API with which to inspect and control network settings and operation.
Dispatcher scripts
NetworkManager will execute scripts in the
/etc/NetworkManager/dispatcher.d
directory or subdirectories in
alphabetical order in response to network events. Each script should
be a regular executable file owned by root. Furthermore, it must not be
writable by group or other, and not setuid.
Each script receives two arguments, the first being the interface name of the
device an operation just happened on, and second the action. For device actions,
the interface is the name of the kernel interface suitable for IP configuration.
Thus it is either VPN_IP_IFACE, DEVICE_IP_IFACE, or DEVICE_IFACE, as applicable.
For the hostname
action the device name is always "none"
and for connectivity-change
it is empty.
The actions are:
|
The interface is connected to the network but is not
yet fully activated. Scripts acting on this event must be placed or
symlinked into the |
|
The interface has been activated. |
|
The interface will be deactivated but has not yet been
disconnected from the network. Scripts acting on this event must be
placed or symlinked into the |
|
The interface has been deactivated. |
|
The VPN is connected to the network but is not yet
fully activated. Scripts acting on this event must be placed or
symlinked into the |
|
A VPN connection has been activated. |
|
The VPN will be deactivated but has not yet been
disconnected from the network. Scripts acting on this event must be
placed or symlinked into the |
|
A VPN connection has been deactivated. |
|
The system hostname has been updated. Use gethostname(2) to retrieve it. The interface name (first argument) is empty and no environment variable is set for this action. |
|
The DHCPv4 lease has changed (renewed, rebound, etc). |
|
The DHCPv6 lease has changed (renewed, rebound, etc). |
|
The network connectivity state has changed (no connectivity, went online, etc). |
The environment contains more information about the interface and the connection. The following variables are available for the use in the dispatcher scripts:
|
The dispatcher action like "up" or "dhcp4-change", identical to the first command line argument. Since NetworkManager 1.12.0. |
|
The UUID of the connection profile. |
|
The name (ID) of the connection profile. |
|
The NetworkManager D-Bus path of the connection. |
|
The backing file name of the connection profile (if any). |
|
If "1", this indicates that the connection describes a network configuration created outside of NetworkManager. |
|
The interface name of the control interface of the device.
Depending on the device type, this differs from
|
|
The IP interface name of the device. This is the network interface on which IP addresses and routes will be configured. |
|
The IPv4 address in the format "address/prefix gateway", where N is a number from 0 to (# IPv4 addresses - 1). gateway item in this variable is deprecated, use IP4_GATEWAY instead. |
|
The variable contains the number of IPv4 addresses the script may expect. |
|
The gateway IPv4 address in traditional numbers-and-dots notation. |
|
The IPv4 route in the format "address/prefix next-hop metric", where N is a number from 0 to (# IPv4 routes - 1). |
|
The variable contains the number of IPv4 routes the script may expect. |
|
The variable contains a space-separated list of the DNS servers. |
|
The variable contains a space-separated list of the search domains. |
|
If the connection used DHCP for address configuration, the received DHCP configuration is passed in the environment using standard DHCP option names, prefixed with "DHCP4_", like "DHCP4_HOST_NAME=foobar". |
|
The same variables as for IPv4 are available for IPv6, but the prefixes are IP6_ and DHCP6_ instead. |
|
The network connectivity state, which can take the values defined by the NMConnectivityState type, from the org.freedesktop.NetworkManager D-Bus API: unknown, none, portal, limited or full. Note: this variable will only be set for connectivity-change actions. |
In case of VPN, VPN_IP_IFACE is set, and IP4_*, IP6_* variables with VPN prefix are exported too, like VPN_IP4_ADDRESS_0, VPN_IP4_NUM_ADDRESSES.
Dispatcher scripts are run one at a time, but asynchronously from the main
NetworkManager process, and will be killed if they run for too long. If your script
might take arbitrarily long to complete, you should spawn a child process and have the
parent return immediately. Scripts that are symbolic links pointing inside the
/etc/NetworkManager/dispatcher.d/no-wait.d/
directory are run immediately, without
waiting for the termination of previous scripts, and in parallel. Also beware that
once a script is queued, it will always be run, even if a later event renders it
obsolete. (Eg, if an interface goes up, and then back down again quickly, it is
possible that one or more "up" scripts will be run after the interface has gone down.)
Options
The following options are understood:
|
Print the NetworkManager software version and exit. |
|
Print NetworkManager's available options and exit. |
|
Do not daemonize. |
|
Do not daemonize, and direct log output to the controlling terminal in addition to syslog. |
|
Specify location of a PID file. The PID file is used for storing PID of the running process and prevents running multiple instances. |
|
Specify file for storing state of the
NetworkManager persistently. If not specified, the default
value of |
|
Specify configuration file to set up various
settings for NetworkManager. If not specified, the default
value of |
|
Quit after all devices reach a stable state.
The optional |
|
List plugins used to manage system-wide
connection settings. This list has preference over plugins
specified in the configuration file. See |
|
Sets how much information NetworkManager sends to the log destination (usually
syslog's "daemon" facility). By default, only informational, warning, and error
messages are logged. See the section on |
|
A comma-separated list specifying which operations are logged to the log
destination (usually syslog). By default, most domains are logging-enabled.
See the section on |
|
Print the NetworkManager configuration to stdout and exit. |
Udev Properties
udev(7) device manager is used for the network device discovery. The following property influences how NetworkManager manages the devices:
|
If set to |
SIGNALS
NetworkManager process handles the following signals:
|
The signal causes a reload of NetworkManager's configuration.
Note that not all configuration parameters can be changed at
runtime and therefore some changes may be applied only after
the next restart of the daemon.
A SIGHUP also involves further reloading actions, like doing
a DNS update and restarting the DNS plugin. The latter can be
useful for example when using the dnsmasq plugin and changing
its configuration in |
|
The signal forces a rewrite of DNS configuration. Contrary to SIGHUP, this does not restart the DNS plugin and will not interrupt name resolution. In the future, further actions may be added. A SIGUSR1 means to write out data like resolv.conf, or refresh a cache. It is a subset of what is done for SIGHUP without reloading configuration from disk. |
|
The signal has no effect at the moment but is reserved for future use. |
An alternative to a signal to reload configuration is the Reload D-Bus call. It allows for more fine-grained selection of what to reload, it only returns after the reload is complete, and it is guarded by PolicyKit.
Debugging
NetworkManager only configures your system. So when your networking setup doesn't work as expected, the first step is to look at your system to understand what is actually configured, and whether that is correct. The second step is to find out how to tell NetworkManager to do the right thing.
You can for example try to ping hosts (by
IP address or DNS name), look at ip link show, ip address show and ip route show,
and look at /etc/resolv.conf
for name resolution issues.
Also look at the connection profiles that you have configured in NetworkManager (nmcli connection
and nmcli connection show "$PROFILE")
and the configured interfaces (nmcli device).
If that does not suffice, look at the logfiles of NetworkManager. NetworkManager
logs to syslog, so depending on your system configuration you can call journalctl
to get the logs.
By default, NetworkManager logs are not verbose and thus not very helpful for investigating
a problem in detail. You can change the logging level at runtime with nmcli general logging level TRACE domains ALL.
But usually a better way is to collect full logs from the start, by configuring
level=TRACE
in NetworkManager.conf. See
NetworkManager.conf(5)
manual. Note that trace logs of NetworkManager are verbose and systemd-journald might rate limit
some lines. Possibly disable rate limiting first with the RateLimitIntervalSec
and
RateLimitBurst
options of journald (see
journald.conf(5) manual).
/var/lib/NetworkManager/secret_key and /etc/machine-id
The identity of a machine is important as various settings depend on it. For example,
ipv6.addr-gen-mode=stable
and ethernet.cloned-mac-address=stable
generate identifiers by hashing the machine's identity. See also the
connection.stable-id
connection property which is a per-profile seed
that gets hashed with the machine identity for generating such addresses and identifiers.
If you backup and restore a machine, the identity of the machine probably should be preserved.
In that case, preserve the files /var/lib/NetworkManager/secret_key
and
/etc/machine-id
. On the other hand, if you clone a virtual machine, you
probably want that the clone has a different identity. There is already existing tooling on Linux for
handling /etc/machine-id
(see
machine-id(5)).
The identity of the machine is determined by the /var/lib/NetworkManager/secret_key
.
If such a file does not exist, NetworkManager will create a file with random content. To generate
a new identity just delete the file and after restart a new file will be created.
The file should be read-only to root and contain at least 16 bytes that will be used to seed the various places
where a stable identifier is used.
Since 1.16.0, NetworkManager supports a version 2 of secret-keys. For such keys
/var/lib/NetworkManager/secret_key
starts with ASCII "nm-v2:"
followed by at least 32 bytes of random data.
Also, recent versions of NetworkManager always create such kinds of secret-keys, when
the file does not yet exist.
With version 2 of the secret-key, /etc/machine-id
is also hashed as part
of the generation for addresses and identifiers. The advantage is that you can keep /var/lib/NetworkManager/secret_key
stable, and only regenerate /etc/machine-id
when cloning a VM.
See Also
NetworkManager home page, NetworkManager.conf(5), nmcli(1), nmcli-examples(7), nm-online(1), nm-settings(5), nm-applet(1), nm-connection-editor(1), udev(7)