10

I'm trying to understand what cloned_interfaces in FreeBSD's rc.conf really does.

Manual page says:

cloned_interfaces:

(str) Set to the list of clonable network interfaces to create on this host. Further cloning arguments may be passed to the ifconfig(8) create command for each interface by setting the create_args_<interface> variable. If an interface name is specified with sticky keyword, the interface will not be destroyed even when rc.d/netif script is invoked with stop argument. This is useful when reconfiguring the interface without destroying it. Entries in cloned_interfaces are automatically appended to network_interfaces for configuration.

This doesn't give any useful information of what it does. It is used by for example if_bridge, if_tap and if_epair.

What does it actually do?
Why do I need it for specific network modules and not for others?
Does it create some kind of dummy device?
When is it needed?
Security implications?
Performance implications?

Improve this question
3
  • cloned_interfaces is just shorthand for ifconfig ... create and implemented in /etc/network.subr? Are you asking why you need to call ifconfig ... create? Commented Sep 24, 2018 at 10:26
  • @RichardSmith I'm not asking why I need to call ifconfig create. You just provided partial answer as it's shorthand and something to do with /etc/network.subr. How you arrive from cloned_interfaces to /etc/network.subr? Commented Sep 24, 2018 at 13:12
  • The variables in rc.conf(5) are mostly implemented in rc.subr(8), network.subr, or one of the scripts under /etc/rc.d. It was a process of elimination with some help from grep. Commented Sep 24, 2018 at 13:23

2 Answers 2

Reset to default
9

cloned_interfaces is one of the several settings in rc.conf, rc.conf.local, et al. that control the setting up and shutting down of network interfaces. In the Mewburn rc system it is /etc/rc.d/netif that is mostly responsible for using these settings. With nosh system management the external formats import subsystem takes these settings and translates them into a suite of single-shot and long-running services in /var/local/sv.

Both systems at their bases run ifconfig a lot and run some long-running dæmons.

cloned_interfaces is almost the same as the network_interfaces setting in that it lists network interfaces to be brought up and shut down. The single difference between the twain is that network_interfaces describes network interfaces that pre-exist, because hardware detection (of network interface hardwares) has brought them into existence; whereas cloned_interfaces are network interfaces that are brought into existence by dint of these service startup and shutdown actions alone.

A bridge, tap, or epair network interface does not represent actual network interface hardware. Thus an extra step is necessary in startup and shutdown, the point where a new network interface is cloned and destroyed. This is done with, again, the ifconfig command. The first bridge network interface is cloned by running ifconfig bridge0 create, and destroyed with ifconfig bridge0 destroy. Listing bridge0 in the cloned_interfaces list causes this to happen and these commands to be run first and last; whereas listing it in network_interfaces would not, and the system would assume that there was an existing bridge0 device to be manipulated.

(Technically, the loopback interface is not hardware, either. It is cloned, too; hence the first cloned loopback interface being lo0, for those who have ever wondered about the name. But there is special casing for it because it is not optional as bridges, taps, and epairs are.)

Other than that, the two sets of interfaces are treated the same.

Further reading

Improve this answer
2
  • Does cloned_interfaces ever have physical interfaces listed in it? All are virtual? Commented Sep 24, 2018 at 19:00
  • Yes. See Configuration Examples. For example, by ifconfig lagg0 the physical interfaces fxp1 and fxp0 are listed. Commented Apr 30 at 11:57
5

With cloned_interfaces you can do multiple things, for example:

  • Adjusting FreeBSD Virtual LAN Configuration: VLAN is a group of hosts with a common set of requirements that communicate as if they were attached to the same wire, regardless of their physical location. A VLAN has the same attributes as a physical LAN, but it allows for end stations to be grouped together even if they are not located on the same LAN segment. Network reconfiguration can be done through software instead of physically relocating devices. To make configuration persistence, open /etc/rc.conf:

    vi /etc/rc.conf

Append / modify as follows:

cloned_interfaces="vlan0" ifconfig_vlan0="inet x.x.x.x netmask y.y.y.y vlan 2 vlandev em0"
  • Creating a permanent loopback interface (FreeBSD), by using ifconfig lo1 create, then adding the following to /etc/rc.conf:

cloned_interfaces="lo1"

ifconfig_lo1="inet a.b.c.d/netmask"

where a.b.c.d is the ip address.

  • Linking aggregation/bonding in FreeBSD using link aggregation control protocol LACP: to bond multiple ethernet links together in FreeBSD is fairly simple, for example use LACP which does require some switch configuration to work, then ensure the link aggregation module is started at boot, so edit /boot/loader.conf and add the following line:

    if_lagg_load=”YES”

Now configure the port… in this example we will bond igb0 and bge0 together into a two port LACP bundle. We will assign the IP 192.0.2.10/24 to the interface. Add the following to /etc/rc.conf:

cloned_interfaces=”lagg0″ ifconfig_igb0=”up” ifconfig_bge0=”up” ifconfig_lagg0=”laggproto lacp laggport igb0 laggport bge0 up” ifconfig_lagg0_alias0=”inet 192.0.2.10/24″
  • FreeBSD Jail with Single IP, let's say we have the following scenario: you have a FreeBSD VPS with a single IP and you wish to create a FreeBSD jail for additional security and/or isolation. For this write up I’ll illustrate how you can use a single VPS with a jail create on an internal IP with both NAT access and port-forwarding to the jail for specific ports (web, ssh, etc). Then create the local interface as follows:

In your rc.conf clone the loopback interface to lo1 so that we can use the 192.168., 10., or 172.16.* for our private jail network.

cloned_interfaces="lo1" ipv4_addrs_lo1="192.168.0.1-9/29"

The above will create a lo1 loopback device with 192.168.0.1 thru 192.168.0.9 created on that interface. From here we’ll create a jail with 192.168.0.2. Then we’ll configure PF to allow outbound traffic (NAT) from those local addresses as well as pass web (80) and SSH port to a specific jail IP.

  • Enabling the Bridge: In FreeBSD, if_bridge is a kernel module which is automatically loaded by ifconfig when creating a bridge interface. It is also possible to compile bridge support into a custom kernel by adding device if_bridge to the custom kernel configuration file. The bridge is created using interface cloning. To create the bridge interface:

    # ifconfig bridge create bridge0 # ifconfig bridge0

    bridge0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500 ether 96:3d:4b:f1:79:7a id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200 root id 00:00:00:00:00:00 priority 0 ifcost 0 port 0

When a bridge interface is created, it is automatically assigned a randomly generated Ethernet address. The maxaddr and timeout parameters control how many MAC addresses the bridge will keep in its forwarding table and how many seconds before each entry is removed after it is last seen. The other parameters control how STP operates.

Next, specify which network interfaces to add as members of the bridge. For the bridge to forward packets, all member interfaces and the bridge need to be up:

# ifconfig bridge0 addm fxp0 addm fxp1 up # ifconfig fxp0 up # ifconfig fxp1 up

The bridge can now forward Ethernet frames between fxp0 and fxp1. Add the following lines to /etc/rc.conf so the bridge is created at startup:

cloned_interfaces="bridge0" ifconfig_bridge0="addm fxp0 addm fxp1 up" ifconfig_fxp0="up" ifconfig_fxp1="up"

If the bridge host needs an IP address, set it on the bridge interface, not on the member interfaces. The address can be set statically or via DHCP. This example sets a static IP address:

# ifconfig bridge0 inet 192.168.0.1/24

It is also possible to assign an IPv6 address to a bridge interface. To make the changes permanent, add the addressing information to /etc/rc.conf.

These are some of the applications of cloned_interfaces!!

More: 1, 2, 3, 4

Improve this answer
2
  • This doesn't answer the question. Question is WHY I need cloned_interfaces for these kernel modules? What it does? Commented Sep 23, 2018 at 22:23
  • 2
    To me, this answers the questions quite nicely. Very informative too, thank you. Commented Feb 12, 2022 at 12:34

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.