NetworkManager creating a new connection ‘eth0′ that does not work, Part 4

Further to my previous post, this is to report the result of another experiment. By doing all the following I can stop NetworkManager creating an invalid second eth0 connection:

  • Enable IPv6 system-wide in /etc/modprobe.d/aliases.conf by commenting-out ‘alias net-pf-10 off‘.
  • Disable use of IPv6 by the Avahi daemon in /etc/avahi/avahi-daemon.conf (see the four additional lines given in my previous post).
  • Use plasma-nm to edit the connection profile for ‘eth0′ that I had already created. Click on the IPv6 tab and ensure ‘Method: Ignored‘ is selected. Click on the IPv4 tab and ensure ‘Method: Automatic‘ is selected and ‘IPv4 is required for this connection‘ is ticked. Ticking ‘IPv4 is required for this connection‘ adds the line ‘may-fail=false‘ in the [ipv4] section in the file /etc/NetworkManager/system-connections/eth0 (the default value for may-fail is ‘true‘ if the box has not been ticked and may-fail has not been assigned in the file).

The various experiments I have conducted are summarised in the following table:

Laptop WiFi switch off off off off off on
IPv6 enabled in aliases.conf yes no yes yes yes yes
IPv6 enabled in avahi-daemon.conf yes yes no no yes yes
[ipv6] method= ignore ignore ignore ignore ignore ignore
[ipv4] method= auto auto auto auto auto auto
[ipv4] may-fail= true true true false false false
Invalid second eth0 created usually no usually no yes yes

As disabling IPv6 system-wide makes it impossible for NetworkManager to use IPv6, the above table can actually be written as follows:

Laptop WiFi switch off off off off off on
IPv6 enabled in aliases.conf yes no yes yes yes yes
IPv6 enabled in avahi-daemon.conf yes yes||no no no yes yes
[ipv6] method= ignore ignore ignore ignore ignore ignore
[ipv4] method= auto auto auto auto auto auto
[ipv4] may-fail= true true||false true false false false
Invalid second eth0 created usually no usually no yes yes

I still think there is a bug in NetworkManager. I would not have expected NetworkManager to create a second eth0 connection and make it an IPv6 Link-Local connection when all the following are true:

  • /etc/NetworkManager.conf has ‘no-auto-default=eth0‘ in the [main] section.
  • IPv4 is required for this connection‘ is not ticked in plasma-nm (i.e. the [ipv4] section in /etc/NetworkManager/system-connections/eth0 contains either the line ‘may-fail=true‘ or the line ‘may-fail=‘).
  • Method: Automatic‘ is selected for IPv4 (‘method=auto‘ under [ipv4] in /etc/NetworkManager/system-connections/eth0).
  • Method: Ignored‘ is selected for IPv6 (‘method=ignore‘ under [ipv6] in /etc/NetworkManager/system-connections/eth0) and the other fields on the IPv6 tab have been rendered unselectable as a result.

Anyway, I will keep IPv6 disabled in /etc/avahi/avahi-daemon.conf and IPv6 enabled system-wide. This seems to be the first thing to try if you’re experiencing the creation of an invalid additional eth0 connection with an IPv6 Link-Local address and you’re sure that none of the net.* services are running.

NetworkManager creating a new connection ‘eth0′ that does not work, Part 3

I’m even more convinced the problem discussed in my previous post is due to a bug in NetworkManager. I believe the issue with the Avahi daemon generating an IPv6 Link-Local address is a consequence of NetworkManager not always activating an interface and therefore not obtaining an IPv4 address, i.e. the IPv6 Link-Local address produced by the Avahi daemon is a side effect, not the root cause.

After my previous post I discovered that adding ‘use-ipv6=no‘ in /etc/avahi/avahi-daemon.conf (my Experiment 2) had not prevented avahi-daemon using IPv6. However, adding the following lines in /etc/avahi/avahi-daemon.conf defintely does prevent avahi-daemon from using IPv6 in my installation:

use-ipv4=yes
use-ipv6=no
publish-a-on-ipv6=no
publish-aaaa-on-ipv4=no

You can see in the message log below that the Avahi daemon is no longer generating an IPv6 Link-Local address. However, even with IPv6 disabled in avahi-daemon, an invalid second eth0 connection with an IPv6 Link-Local address still occurs in my installation. This indicates the problem is not caused by the Avahi daemon.

Mar 18 22:17:31 localhost syslog-ng[8316]: syslog-ng starting up; version='3.6.2'
Mar 18 22:17:32 localhost NetworkManager[8346]: <info>  NetworkManager (version 1.0.0) is starting...
Mar 18 22:17:32 localhost NetworkManager[8346]: <info>  Read config: /etc/NetworkManager/NetworkManager.conf
Mar 18 22:17:32 localhost NetworkManager[8346]: <info>  WEXT support is enabled
Mar 18 22:17:34 localhost kernel: fglrx_pci 0000:01:00.0: irq 34 for MSI/MSI-X
Mar 18 22:17:34 localhost kernel: <6>[fglrx] Firegl kernel thread PID: 8351
Mar 18 22:17:34 localhost kernel: <6>[fglrx] Firegl kernel thread PID: 8352
Mar 18 22:17:34 localhost kernel: <6>[fglrx] Firegl kernel thread PID: 8353
Mar 18 22:17:34 localhost kernel: <6>[fglrx] IRQ 34 Enabled
Mar 18 22:17:34 localhost kernel: <6>[fglrx] Reserved FB block: Shared offset:0, size:1000000 
Mar 18 22:17:34 localhost kernel: <6>[fglrx] Reserved FB block: Unshared offset:f7e2000, size:4000 
Mar 18 22:17:34 localhost kernel: <6>[fglrx] Reserved FB block: Unshared offset:f7e6000, size:51a000 
Mar 18 22:17:34 localhost kernel: <6>[fglrx] Reserved FB block: Unshared offset:3fff3000, size:d000 
Mar 18 22:17:33 localhost NetworkManager[8346]: <info>  Loaded plugin keyfile: (c) 2007 - 2013 Red Hat, Inc.  To report bugs please use the NetworkManager mailing list.
Mar 18 22:17:33 localhost NetworkManager[8346]: <info>  new connection /etc/NetworkManager/system-connections/Cisco00497
Mar 18 22:17:33 localhost NetworkManager[8346]: <info>  new connection /etc/NetworkManager/system-connections/eth0
Mar 18 22:17:33 localhost NetworkManager[8346]: <info>  new connection /etc/NetworkManager/system-connections/DIRECT-HeC460 Series
Mar 18 22:17:33 localhost NetworkManager[8346]: <info>  monitoring kernel firmware directory '/lib/firmware'.
Mar 18 22:17:33 localhost NetworkManager[8346]: <info>  rfkill0: found WiFi radio killswitch (at /sys/devices/pci0000:00/0000:00:1c.1/0000:03:00.0/ieee80211/phy0/rfkill0) (driver iwlwifi)
Mar 18 22:17:33 localhost NetworkManager[8346]: <info>  WiFi hardware radio set enabled
Mar 18 22:17:33 localhost NetworkManager[8346]: <info>  WWAN hardware radio set enabled
Mar 18 22:17:33 localhost /etc/init.d/NetworkManager[8326]: WARNING: NetworkManager has started, but is inactive
Mar 18 22:17:33 localhost NetworkManager[8346]: <info>  Loaded device plugin: /usr/lib64/NetworkManager/libnm-device-plugin-bluetooth.so
Mar 18 22:17:33 localhost NetworkManager[8346]: <info>  Loaded device plugin: /usr/lib64/NetworkManager/libnm-device-plugin-adsl.so
Mar 18 22:17:33 localhost NetworkManager[8346]: <info>  Loaded device plugin: /usr/lib64/NetworkManager/libnm-device-plugin-wwan.so
Mar 18 22:17:33 localhost NetworkManager[8346]: <info>  Loaded device plugin: /usr/lib64/NetworkManager/libnm-device-plugin-wifi.so
Mar 18 22:17:33 localhost NetworkManager[8346]: <info>  WiFi disabled by radio killswitch; enabled by state file
Mar 18 22:17:33 localhost NetworkManager[8346]: <info>  WWAN enabled by radio killswitch; enabled by state file
Mar 18 22:17:33 localhost NetworkManager[8346]: <info>  WiMAX enabled by radio killswitch; enabled by state file
Mar 18 22:17:33 localhost NetworkManager[8346]: <info>  Networking is enabled by state file
Mar 18 22:17:33 localhost NetworkManager[8346]: <info>  (lo): link connected
Mar 18 22:17:33 localhost NetworkManager[8346]: <info>  (lo): carrier is ON
Mar 18 22:17:33 localhost NetworkManager[8346]: <info>  (lo): new Generic device (driver: 'unknown' ifindex: 1)
Mar 18 22:17:33 localhost NetworkManager[8346]: <info>  (lo): exported as /org/freedesktop/NetworkManager/Devices/0
Mar 18 22:17:33 localhost NetworkManager[8346]: <info>  (eth0): link connected
Mar 18 22:17:33 localhost NetworkManager[8346]: <info>  (eth0): carrier is ON
Mar 18 22:17:33 localhost NetworkManager[8346]: <info>  (eth0): new Ethernet device (driver: 'atl1c' ifindex: 2)
Mar 18 22:17:33 localhost NetworkManager[8346]: <info>  (eth0): exported as /org/freedesktop/NetworkManager/Devices/1
Mar 18 22:17:33 localhost NetworkManager[8346]: <info>  (eth0): device state change: unmanaged -> unavailable (reason 'connection-assumed') [10 20 41]
Mar 18 22:17:33 localhost NetworkManager[8346]: <info>  (eth0): device state change: unavailable -> disconnected (reason 'connection-assumed') [20 30 41]
Mar 18 22:17:33 localhost NetworkManager[8346]: <info>  startup complete
Mar 18 22:17:33 localhost NetworkManager[8346]: <info>  (eth0): Activation: starting connection 'eth0'
Mar 18 22:17:33 localhost NetworkManager[8346]: <info>  (eth0): Activation: Stage 1 of 5 (Device Prepare) scheduled...
Mar 18 22:17:33 localhost NetworkManager[8346]: <info>  (wlan0): using nl80211 for WiFi device control
Mar 18 22:17:33 localhost NetworkManager[8346]: <info>  (wlan0): new 802.11 WiFi device (driver: 'iwlwifi' ifindex: 3)
Mar 18 22:17:33 localhost NetworkManager[8346]: <info>  (wlan0): exported as /org/freedesktop/NetworkManager/Devices/2
Mar 18 22:17:33 localhost NetworkManager[8346]: <info>  (wlan0): device state change: unmanaged -> unavailable (reason 'managed') [10 20 2]
Mar 18 22:17:33 localhost NetworkManager[8346]: <info>  (wlan0): preparing device
Mar 18 22:17:33 localhost NetworkManager[8346]: <info>  (eth0): Activation: Stage 1 of 5 (Device Prepare) started...
Mar 18 22:17:33 localhost NetworkManager[8346]: <info>  (eth0): device state change: disconnected -> prepare (reason 'none') [30 40 0]
Mar 18 22:17:33 localhost NetworkManager[8346]: <info>  (eth0): Activation: Stage 2 of 5 (Device Configure) scheduled...
Mar 18 22:17:33 localhost NetworkManager[8346]: <info>  (eth0): Activation: Stage 1 of 5 (Device Prepare) complete.
Mar 18 22:17:33 localhost NetworkManager[8346]: <info>  (eth0): Activation: Stage 2 of 5 (Device Configure) starting...
Mar 18 22:17:33 localhost NetworkManager[8346]: <info>  (eth0): device state change: prepare -> config (reason 'none') [40 50 0]
Mar 18 22:17:33 localhost NetworkManager[8346]: <info>  (eth0): Activation: Stage 2 of 5 (Device Configure) successful.
Mar 18 22:17:33 localhost NetworkManager[8346]: <info>  (eth0): Activation: Stage 3 of 5 (IP Configure Start) scheduled.
Mar 18 22:17:33 localhost NetworkManager[8346]: <info>  (eth0): Activation: Stage 2 of 5 (Device Configure) complete.
Mar 18 22:17:33 localhost NetworkManager[8346]: <info>  (eth0): Activation: Stage 3 of 5 (IP Configure Start) started...
Mar 18 22:17:33 localhost NetworkManager[8346]: <info>  (eth0): device state change: config -> ip-config (reason 'none') [50 70 0]
Mar 18 22:17:33 localhost dbus[7763]: [system] Activating service name='org.freedesktop.ModemManager1' (using servicehelper)
Mar 18 22:17:33 localhost NetworkManager[8346]: <info>  (eth0): Activation: Stage 5 of 5 (IPv6 Commit) scheduled...
Mar 18 22:17:33 localhost NetworkManager[8346]: <info>  (eth0): Activation: Stage 3 of 5 (IP Configure Start) complete.
Mar 18 22:17:33 localhost NetworkManager[8346]: <info>  (eth0): Activation: Stage 5 of 5 (IPv6 Commit) started...
Mar 18 22:17:33 localhost NetworkManager[8346]: <info>  (eth0): device state change: ip-config -> ip-check (reason 'none') [70 80 0]
Mar 18 22:17:33 localhost NetworkManager[8346]: <info>  (eth0): Activation: Stage 5 of 5 (IPv6 Commit) complete.
Mar 18 22:17:33 localhost NetworkManager[8346]: <info>  (eth0): device state change: ip-check -> secondaries (reason 'none') [80 90 0]
Mar 18 22:17:33 localhost NetworkManager[8346]: <info>  (eth0): device state change: secondaries -> activated (reason 'none') [90 100 0]
Mar 18 22:17:33 localhost NetworkManager[8346]: <info>  NetworkManager state is now CONNECTED_LOCAL
Mar 18 22:17:33 localhost acpid[8386]: starting up with netlink and the input layer
Mar 18 22:17:33 localhost acpid[8386]: 6 rules loaded
Mar 18 22:17:33 localhost acpid[8386]: waiting for events: event logging is off
Mar 18 22:17:34 localhost ModemManager[8385]: <info>  ModemManager (version 1.4.2) starting in system bus...
Mar 18 22:17:34 localhost NetworkManager[8346]: <info>  (eth0): Activation: successful, device activated.
Mar 18 22:17:34 localhost dbus[7763]: [system] Activating service name='org.freedesktop.nm_dispatcher' (using servicehelper)
Mar 18 22:17:34 localhost dbus[7763]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
Mar 18 22:17:34 localhost nm-dispatcher[8435]: Dispatching action 'up' for eth0
Mar 18 22:17:34 localhost rpc.statd[8451]: Version 1.3.2 starting
Mar 18 22:17:34 localhost rpc.statd[8451]: Flags: TI-RPC 
Mar 18 22:17:34 localhost /etc/init.d/NetworkManager[8457]: status: inactive
Mar 18 22:17:34 localhost rpc.statd[8451]: Running as root.  chown /var/lib/nfs to choose different user
Mar 18 22:17:34 localhost /etc/init.d/NetworkManager[8469]: status: inactive
Mar 18 22:17:34 localhost dbus[7763]: [system] Successfully activated service 'org.freedesktop.ModemManager1'
Mar 18 22:17:34 localhost NetworkManager[8346]: <info>  ModemManager disappeared from bus
Mar 18 22:17:34 localhost NetworkManager[8346]: <info>  ModemManager available in the bus
Mar 18 22:17:35 localhost sm-notify[8556]: Version 1.3.2 starting
Mar 18 22:17:35 localhost avahi-daemon[8585]: Found user 'avahi' (UID 108) and group 'avahi' (GID 444).
Mar 18 22:17:35 localhost avahi-daemon[8585]: Successfully dropped root privileges.
Mar 18 22:17:35 localhost avahi-daemon[8585]: avahi-daemon 0.6.31 starting up.
Mar 18 22:17:35 localhost avahi-daemon[8585]: Successfully called chroot().
Mar 18 22:17:35 localhost avahi-daemon[8585]: Successfully dropped remaining capabilities.
Mar 18 22:17:35 localhost avahi-daemon[8585]: Loading service file /services/sftp-ssh.service.
Mar 18 22:17:35 localhost avahi-daemon[8585]: Loading service file /services/ssh.service.
Mar 18 22:17:35 localhost avahi-daemon[8585]: Network interface enumeration completed.
Mar 18 22:17:35 localhost avahi-daemon[8585]: Registering HINFO record with values 'X86_64'/'LINUX'.
Mar 18 22:17:35 localhost avahi-daemon[8585]: Server startup complete. Host name is meshedgedx.local. Local service cookie is 3778762828.
Mar 18 22:17:35 localhost avahi-daemon[8585]: Service "meshedgedx" (/services/ssh.service) successfully established.
Mar 18 22:17:35 localhost avahi-daemon[8585]: Service "meshedgedx" (/services/sftp-ssh.service) successfully established.
Mar 18 22:17:35 localhost ntpd[8645]: ntpd 4.2.8@1.3265-o Wed  4 Mar 02:23:30 UTC 2015 (1): Starting
Mar 18 22:17:35 localhost ntpd[8645]: Command line: ntpd -g -q
Mar 18 22:17:35 localhost ntpd[8645]: proto: precision = 0.061 usec (-24)
Mar 18 22:17:35 localhost ntpd[8645]: Listen and drop on 0 v6wildcard [::]:123
Mar 18 22:17:35 localhost ntpd[8645]: Listen and drop on 1 v4wildcard 0.0.0.0:123
Mar 18 22:17:35 localhost ntpd[8645]: Listen normally on 2 lo 127.0.0.1:123
Mar 18 22:17:35 localhost ntpd[8645]: Listen normally on 3 lo [::1]:123
Mar 18 22:17:35 localhost ntpd[8645]: Listen normally on 4 eth0 [fe80::725a:b6ff:fe3e:c18a%2]:123
Mar 18 22:17:35 localhost ntpd[8645]: Listening on routing socket on fd #21 for interface updates
Mar 18 22:17:36 localhost kernel: fbcondecor: console 1 using theme 'Emergance'
Mar 18 22:17:37 localhost kernel: fbcondecor: switched decor state to 'on' on console 1
Mar 18 22:17:37 localhost kernel: fbcondecor: console 2 using theme 'Emergance'
Mar 18 22:17:37 localhost kernel: fbcondecor: switched decor state to 'on' on console 2
Mar 18 22:17:37 localhost kernel: fbcondecor: console 3 using theme 'Emergance'
Mar 18 22:17:37 localhost kernel: fbcondecor: switched decor state to 'on' on console 3
Mar 18 22:17:37 localhost kernel: fbcondecor: console 4 using theme 'Emergance'
Mar 18 22:17:37 localhost kernel: fbcondecor: switched decor state to 'on' on console 4
Mar 18 22:17:37 localhost kernel: fbcondecor: console 5 using theme 'Emergance'
Mar 18 22:17:37 localhost kernel: fbcondecor: switched decor state to 'on' on console 5
Mar 18 22:17:36 localhost bluetoothd[8787]: Bluetooth daemon 5.28
Mar 18 22:17:36 localhost bluetoothd[8787]: Starting SDP server
Mar 18 22:17:37 localhost kernel: Bluetooth: Core ver 2.19
Mar 18 22:17:37 localhost kernel: NET: Registered protocol family 31
Mar 18 22:17:37 localhost kernel: Bluetooth: HCI device and connection manager initialized
Mar 18 22:17:37 localhost kernel: Bluetooth: HCI socket layer initialized
Mar 18 22:17:37 localhost kernel: Bluetooth: L2CAP socket layer initialized
Mar 18 22:17:37 localhost kernel: Bluetooth: SCO socket layer initialized
Mar 18 22:17:38 localhost kernel: Bluetooth: BNEP (Ethernet Emulation) ver 1.3
Mar 18 22:17:38 localhost kernel: Bluetooth: BNEP filters: protocol multicast
Mar 18 22:17:38 localhost kernel: Bluetooth: BNEP socket layer initialized
Mar 18 22:17:36 localhost bluetoothd[8787]: Bluetooth management interface 1.7 initialized
Mar 18 22:17:36 localhost NetworkManager[8346]: <info>  use BlueZ version 5
Mar 18 22:17:37 localhost ModemManager[8385]: <warn>  Couldn't find support for device at '/sys/devices/pci0000:00/0000:00:1c.1/0000:03:00.0': not supported by any plugin
Mar 18 22:17:37 localhost ModemManager[8385]: <warn>  Couldn't find support for device at '/sys/devices/pci0000:00/0000:00:1c.2/0000:04:00.0': not supported by any plugin
Mar 18 22:17:39 localhost dbus[7763]: [system] Activating service name='org.freedesktop.ColorManager' (using servicehelper)
Mar 18 22:17:39 localhost dbus[7763]: [system] Successfully activated service 'org.freedesktop.ColorManager'
Mar 18 22:17:41 localhost kernel: nf_conntrack: automatic helper assignment is deprecated and it will be removed soon. Use the iptables CT target to attach helpers instead.
Mar 18 22:17:43 localhost kernel: [UFW BLOCK] IN=eth0 OUT= MAC= SRC=fe80:0000:0000:0000:725a:b6ff:fe3e:c18a DST=ff02:0000:0000:0000:0000:0000:0000:0001 LEN=64 TC=0 HOPLIMIT=1 FLOWLBL=0 PROTO=UDP SPT=8612 DPT=8612 LEN=24 
Mar 18 22:17:43 localhost kernel: [UFW BLOCK] IN=eth0 OUT= MAC= SRC=fe80:0000:0000:0000:725a:b6ff:fe3e:c18a DST=ff02:0000:0000:0000:0000:0000:0000:0001 LEN=64 TC=0 HOPLIMIT=1 FLOWLBL=0 PROTO=UDP SPT=8612 DPT=8612 LEN=24 
Mar 18 22:17:43 localhost laptop-mode[8947]: Laptop mode 
Mar 18 22:17:43 localhost laptop-mode[8948]: enabled, not active
Mar 18 22:17:58 localhost kernel: Installing knfsd (copyright (C) 1996 okir@monad.swb.de).
Mar 18 22:17:58 localhost rpc.mountd[9741]: Version 1.3.2 starting
Mar 18 22:17:59 localhost kernel: NFSD: Using /var/lib/nfs/v4recovery as the NFSv4 state recovery directory
Mar 18 22:17:59 localhost kernel: NFSD: starting 90-second grace period (net ffffffff81c3d580)
Mar 18 22:17:58 localhost sm-notify[9760]: Version 1.3.2 starting
Mar 18 22:17:58 localhost sm-notify[9760]: Already notifying clients; Exiting!
Mar 18 22:18:00 localhost sshd[9816]: Server listening on 0.0.0.0 port 22.
Mar 18 22:18:00 localhost sshd[9816]: Server listening on :: port 22.
Mar 18 22:18:00 localhost cron[9870]: (CRON) STARTUP (V5.0)
Mar 18 22:18:00 localhost su[9899]: Successful su for fitzcarraldo by root
Mar 18 22:18:00 localhost su[9899]: + /dev/console root:fitzcarraldo
Mar 18 22:18:00 localhost su[9899]: pam_unix(su:session): session opened for user fitzcarraldo by (uid=0)
Mar 18 22:18:01 localhost dbus[7763]: [system] Activating service name='org.freedesktop.RealtimeKit1' (using servicehelper)
Mar 18 22:18:01 localhost dbus[7763]: [system] Successfully activated service 'org.freedesktop.RealtimeKit1'
Mar 18 22:18:01 localhost rtkit-daemon[9906]: Successfully called chroot.
Mar 18 22:18:01 localhost rtkit-daemon[9906]: Successfully dropped privileges.
Mar 18 22:18:01 localhost rtkit-daemon[9906]: Successfully limited resources.
Mar 18 22:18:01 localhost rtkit-daemon[9906]: Running.
Mar 18 22:18:01 localhost rtkit-daemon[9906]: Watchdog thread running.
Mar 18 22:18:01 localhost rtkit-daemon[9906]: Canary thread running.
Mar 18 22:18:01 localhost kdm[8833]: :0[8833]: pam_unix(kde:session): session opened for user fitzcarraldo by (uid=0)
Mar 18 22:18:01 localhost kdm[8833]: :0[8833]: pam_ck_connector(kde:session): nox11 mode, ignoring PAM_TTY :0
Mar 18 22:18:03 localhost pulseaudio[9904]: [pulseaudio] sink.c: Default and alternate sample rates are the same.
Mar 18 22:18:03 localhost rtkit-daemon[9906]: Supervising 0 threads of 0 processes of 1 users.
Mar 18 22:18:03 localhost rtkit-daemon[9906]: Supervising 0 threads of 0 processes of 1 users.
Mar 18 22:18:03 localhost rtkit-daemon[9906]: Supervising 0 threads of 0 processes of 1 users.
Mar 18 22:18:03 localhost rtkit-daemon[9906]: Supervising 0 threads of 0 processes of 1 users.
Mar 18 22:18:03 localhost rtkit-daemon[9906]: Supervising 0 threads of 0 processes of 1 users.
Mar 18 22:18:03 localhost pulseaudio[9904]: [pulseaudio] source.c: Default and alternate sample rates are the same.
Mar 18 22:18:03 localhost rtkit-daemon[9906]: Supervising 0 threads of 0 processes of 1 users.
Mar 18 22:18:03 localhost rtkit-daemon[9906]: Supervising 0 threads of 0 processes of 1 users.
Mar 18 22:18:03 localhost rtkit-daemon[9906]: Supervising 0 threads of 0 processes of 1 users.
Mar 18 22:18:03 localhost rtkit-daemon[9906]: Supervising 0 threads of 0 processes of 1 users.
Mar 18 22:18:03 localhost rtkit-daemon[9906]: Supervising 0 threads of 0 processes of 1 users.
Mar 18 22:18:03 localhost pulseaudio[9904]: [pulseaudio] module-jackdbus-detect.c: Unable to contact D-Bus session bus: org.freedesktop.DBus.Error.NotSupported: Unable to autolaunch a dbus-daemon without a $DISPLAY for X11
Mar 18 22:18:03 localhost pulseaudio[9904]: [pulseaudio] module.c: Failed to load module "module-jackdbus-detect" (argument: "channels=2"): initialization failed.
Mar 18 22:18:04 localhost pulseaudio[9904]: [pulseaudio] main.c: Module load failed.
Mar 18 22:18:04 localhost pulseaudio[9904]: [pulseaudio] server-lookup.c: Unable to contact D-Bus: org.freedesktop.DBus.Error.NotSupported: Unable to autolaunch a dbus-daemon without a $DISPLAY for X11
Mar 18 22:18:04 localhost pulseaudio[9904]: [pulseaudio] main.c: Unable to contact D-Bus: org.freedesktop.DBus.Error.NotSupported: Unable to autolaunch a dbus-daemon without a $DISPLAY for X11
Mar 18 22:18:04 localhost su[9899]: pam_unix(su:session): session closed for user fitzcarraldo
Mar 18 22:18:04 localhost su[9964]: Successful su for fitzcarraldo by root
Mar 18 22:18:04 localhost su[9964]: + /dev/console root:fitzcarraldo
Mar 18 22:18:04 localhost su[9964]: pam_unix(su:session): session opened for user fitzcarraldo by (uid=0)
Mar 18 22:18:04 localhost su[9964]: pam_unix(su:session): session closed for user fitzcarraldo
Mar 18 22:18:04 localhost su[9966]: Successful su for fitzcarraldo by root
Mar 18 22:18:04 localhost su[9966]: + /dev/console root:fitzcarraldo
Mar 18 22:18:04 localhost su[9966]: pam_unix(su:session): session opened for user fitzcarraldo by (uid=0)
Mar 18 22:18:04 localhost su[9966]: pam_unix(su:session): session closed for user fitzcarraldo
Mar 18 22:18:04 localhost su[9968]: Successful su for fitzcarraldo by root
Mar 18 22:18:04 localhost su[9968]: + /dev/console root:fitzcarraldo
Mar 18 22:18:04 localhost su[9968]: pam_unix(su:session): session opened for user fitzcarraldo by (uid=0)
Mar 18 22:18:04 localhost su[9968]: pam_unix(su:session): session closed for user fitzcarraldo
Mar 18 22:18:15 localhost dbus[7763]: [system] Activating service name='org.freedesktop.UPower' (using servicehelper)
Mar 18 22:18:15 localhost dbus[7763]: [system] Successfully activated service 'org.freedesktop.UPower'
Mar 18 22:18:17 localhost dbus[7763]: [system] Activating service name='org.freedesktop.UDisks2' (using servicehelper)
Mar 18 22:18:17 localhost udisksd[10120]: udisks daemon version 2.1.4 starting
Mar 18 22:18:17 localhost dbus[7763]: [system] Successfully activated service 'org.freedesktop.UDisks2'
Mar 18 22:18:17 localhost udisksd[10120]: Acquired the name org.freedesktop.UDisks2 on the system message bus
Mar 18 22:18:19 localhost kernel: [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:16:fa:25:28:01:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=0 PROTO=2 
Mar 18 22:18:54 localhost hp-systray[10453]: hp-systray[10453]: error: option -s not recognized
Mar 18 22:18:55 localhost rtkit-daemon[9906]: Successfully made thread 10469 of process 10469 (/usr/bin/pulseaudio) owned by '1000' high priority at nice level -11.
Mar 18 22:18:55 localhost rtkit-daemon[9906]: Supervising 1 threads of 1 processes of 1 users.
Mar 18 22:18:55 localhost pulseaudio[10469]: [pulseaudio] pid.c: Daemon already running.
Mar 18 22:18:56 localhost rtkit-daemon[9906]: Successfully made thread 10485 of process 10485 (/usr/bin/pulseaudio) owned by '1000' high priority at nice level -11.
Mar 18 22:18:56 localhost rtkit-daemon[9906]: Supervising 1 threads of 1 processes of 1 users.
Mar 18 22:18:56 localhost pulseaudio[10485]: [pulseaudio] pid.c: Daemon already running.
Mar 18 22:19:04 localhost polkitd[7911]: Registered Authentication Agent for unix-session:/org/freedesktop/ConsoleKit/Session1 (system bus name :1.52 [/usr/lib64/kde4/libexec/polkit-kde-authentication-agent-1], object path /org/kde/PolicyKit1/AuthenticationAgent, locale en_GB.UTF-8)
Mar 18 22:19:10 localhost su[10569]: Successful su for root by fitzcarraldo
Mar 18 22:19:10 localhost su[10569]: + /dev/pts/0 fitzcarraldo:root
Mar 18 22:19:10 localhost su[10569]: pam_unix(su:session): session opened for user root by fitzcarraldo(uid=1000)
Mar 18 22:19:26 localhost pulseaudio[9904]: [alsa-sink-ALC272 Analog] alsa-sink.c: ALSA woke us up to write new data to the device, but there was actually nothing to write!
Mar 18 22:19:26 localhost pulseaudio[9904]: [alsa-sink-ALC272 Analog] alsa-sink.c: Most likely this is a bug in the ALSA driver 'snd_hda_intel'. Please report this issue to the ALSA developers.
Mar 18 22:19:26 localhost pulseaudio[9904]: [alsa-sink-ALC272 Analog] alsa-sink.c: We were woken up with POLLOUT set -- however a subsequent snd_pcm_avail() returned 0 or another value < min_avail.
Mar 18 22:20:01 localhost cron[10670]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons)

In the cases when NetworkManager activates a connection correctly and there is no invalid second eth0 connection, the log contains a message like the following:

Mar 16 22:23:47 localhost NetworkManager[6688]: <info>  Auto-activating connection 'eth0'.

Notice there is no such message in the message log above.

The only way I can be sure of preventing NetworkManager creating an invalid second eth0 connection is to disable IPv6 system-wide by uncommenting the line ‘alias net-pf-10 off‘ in the file /etc/modprobe.d/aliases.conf.

So, to me, this looks like a bug in NetworkManager 1.0.0 (I have been experiencing it since Version 0.9.10.0).

More on NetworkManager creating a new connection ‘eth0′ that does not work

In a previous post I described a problem I have been experiencing with NetworkManager since Version 0.9.10.0 (I am now using Version 1.0.0): sometimes, but not always, there is an invalid second eth0 connection when my laptop boots. This invalid second eth0 connection has only IPv6 Link-Local enabled (i.e. IPv4 and IPv6 are disabled) and is Active. As a result the existing eth0 connection for IPv4 I previously created is Available but unable to connect.

While on a work trip and using my laptop on an office network and an hotel network I made some changes to my installation (see the above-mentioned previous post) that seemed to fix this problem on those networks. However, on returning home and connecting my laptop to my home network, I found the problem still exists. This makes me wonder if a race condition is occurring, as network latency can differ between networks. Could it be that my home network takes longer to assign an IPv4 address than the office and hotel networks I used, which results in NetworkManager creating a second eth0 connection with IPv4 and IPv6 disabled? Or perhaps there is a race condition between services but network latency has nothing to do with it. In retrospect, I should have checked the contents of the log file /var/log/messages while on my work trip to see if those networks were providing my laptop with an IPv6 address in addition to an IPv4 address, i.e. check if the IPv6 address was not just a Link-Local address.

But why is NetworkManager creating any additional connection at all when NetworkManager.conf in my installation currently contains ‘no-auto-default=eth0‘? Surely this must be a bug in NetworkManager?

I have found virtually no mention of this behaviour on the Web. Debian bug report no. 755202 appears to describe the same problem. I started experiencing the problem in Gentoo Linux (~amd64 installation using OpenRC) after I upgraded NetworkManager to Version 0.9.10.0 too, and it has continued occurring up to the current version of NetworkManager (1.0.0). Fellow Gentoo Linux user Keivan Moradi’s fix (Message #79 in the aforementioned Debian bug report) did not cure the problem for me, and, anyway, my wired NIC uses a different driver (atl1c module) which appears to be stable in my installation.

CentOS bug report no. 0007435 also appears to report the same behaviour, but I’m not sure.

NetworkManager usually (but not always) creates an invalid second eth0 connection when my laptop boots and an Ethernet cable is connected to my home network. The second eth0 connection is shown as Active in plasma-nm (the KDE front-end for NetworkManager) but only has an IPv6 Link-Local connection configured (i.e. IPv4 is shown as Disabled). If I click on Disconnect in plasma-nm then this ‘rogue’ eth0 connection disappears from plasma-nm. Once the invalid IPv6 Link-Local connection has been disconnected, the valid IPv4 eth0 available connection can connect to the network and access the Internet.

I examined /var/log/messages when the invalid second eth0 connection occurs and when it doesn’t, and the invalid eth0 connection only seems to occur when NetworkManager appears to have first started earlier than syslog-ng began logging. When NetworkManager first starts after syslog-ng began logging, I can see it launches dhcpcd and acquires an IPv4 address. avahi-daemon does not seem to be the cause of the problem if I understand the log file correctly. Anyway, my experiments described below seem to exonerate the Avahi daemon. I could be misinterpreting what is going on, but that’s how it looks to my inexpert eyes. In Debian bug report no. 755202 some commenters refer to extra interfaces with names such as ‘eth0:avahi’ being listed by the ifconfig command when the problem occurs, but I wonder if that is just a side effect. Anyway, the ifconfig command does not list such interfaces in my case.

I tried the following experiments:

1. I commented out the entire contents of the file /etc/conf.d/net (the configuration file for initscripts /etc/init.d/net.*) — which I think is analogous to Debian’s /etc/network/interfaces file — but it did not stop the invalid second eth0 connection occurring.

2. I added ‘use-ipv6=no‘ and, later, ‘use-ipv4=no‘ in the file /etc/avahi/avahi-daemon.conf but they did not stop the invalid second eth0 connection occurring.

3. I added ‘deny-interfaces=eth0‘ in the file /etc/avahi/avahi-daemon.conf but it did not stop the invalid second eth0 connection occurring.

4. In my installation, the ‘local‘ service (launched by initscript /etc/init.d/local) has always been allocated to two runlevels: ‘default‘ and ‘nonetwork‘. I de-allocated the ‘local‘ service from the ‘nonetwork‘ runlevel but this did not stop the invalid second eth0 connection occurring.

5. In my installation, the ‘net.lo‘ service (launched by initscript /etc/init.d/net.lo) has always been allocated to the ‘boot‘ runlevel (the other net.* services, such as ‘net.eth0‘ and ‘net.wlan0‘, have never been allocated to a runlevel in my installation). I de-allocated ‘net.lo‘ from the ‘boot‘ runlevel but it did not stop the invalid eth0 connection occurring.

As experiments 4 and 5 did not stop the laptop accessing the Internet once I had deleted the invalid second eth0 connection, I have left the ‘local‘ service in the ‘default‘ runlevel only, and I have left the ‘net.lo‘ service unallocated to a runlevel.

6. Since the invalid eth0 connection is allocated an IPv6 Link-Local address rather than an IPv4 address on my home network, I tried a work-around: I disabled IPv6 system-wide by un-commenting the line ‘alias net-pf-10 off‘ in the file /etc/modprobe.d/aliases.conf. Now a second eth0 connection is no longer created, and the valid eth0 IPv4 connection I created previously connects automatically. I have not rebooted many times yet, so I don’t know if this work-around has eliminated the problem for good, but it looks promising.

Nevertheless I would like to find the root cause of the problem, rather than settling for a work-around of disabling IPv6 system-wide. Given that, when IPv6 is enabled, a second eth0 connection is sometimes not created and the ‘good’ IPv4 eth0 connection I created previously can connect, hopefully it should be possible somehow to have both IPv6 and IPv4 enabled system-wide without an invalid eth0 connection ever being created. Could NetworkManager be modified so that it does not create a connection if the DHCP client launched by NetworkManager does not obtain an IP address, for example?

This is not the end of the story, I’m sure.

For information, the services currently used are shown below:

meshedgedx fitzcarraldo # rc-status --all
Runlevel: nonetwork
Runlevel: shutdown
 killprocs                               [  stopped  ]
 savecache                               [  stopped  ]
 mount-ro                                [  stopped  ]
Runlevel: sysinit
 devfs                                   [  started  ]
 tmpfiles.dev                            [  started  ]
 sysfs                                   [  started  ]
 dmesg                                   [  started  ]
 udev                                    [  started  ]
Runlevel: boot
 hwclock                                 [  started  ]
 modules                                 [  started  ]
 device-mapper                           [  started  ]
 fsck                                    [  started  ]
 root                                    [  started  ]
 mtab                                    [  started  ]
 localmount                              [  started  ]
 sysctl                                  [  started  ]
 bootmisc                                [  started  ]
 termencoding                            [  started  ]
 keymaps                                 [  started  ]
 swapfiles                               [  started  ]
 ufw                                     [  started  ]
 procfs                                  [  started  ]
 dbus                                    [  started  ]
 tmpfiles.setup                          [  started  ]
 serial                                  [  started  ]
 hostname                                [  started  ]
 consolekit                              [  started  ]
 consolefont                             [  started  ]
 xdm                                     [  started  ]
 loopback                                [  started  ]
Runlevel: single
Runlevel: default
 swap                                    [  started  ]
 bluetooth                               [  started  ]
 syslog-ng                               [  started  ]
 sshd                                    [  started  ]
 fbcondecor                              [  started  ]
 atd                                     [  started  ]
 NetworkManager                          [  started  ]
 avahi-daemon                            [  started  ]
 cupsd                                   [  started  ]
 mdadm                                   [  started  ]
 acpid                                   [  started  ]
 nfsclient                               [  started  ]
 netmount                                [  started  ]
 alsasound                               [  started  ]
 laptop_mode                             [  started  ]
 cups-browsed                            [  started  ]
 hddtemp                                 [  started  ]
 mysql                                   [  started  ]
 nfs                                     [  started  ]
 samba                                   [  started  ]
 urandom                                 [  started  ]
 vixie-cron                              [  started  ]
 local                                   [  started  ]
Dynamic Runlevel: hotplugged
Dynamic Runlevel: needed
 rpcbind                                 [  started  ]
 rpc.statd                               [  started  ]
 rpc.pipefs                              [  started  ]
 rpc.idmapd                              [  started  ]
 xdm-setup                               [  started  ]
Dynamic Runlevel: manual
meshedgedx fitzcarraldo #

The allocations of services to runlevels are shown below:

meshedgedx fitzcarraldo # rc-update show -v
           NetworkManager |      default
 NetworkManagerDispatcher |
                    acpid |      default
                alsasound |      default
                  apache2 |
                      atd |      default
               atieventsd |
             avahi-daemon |      default
           avahi-dnsconfd |
                bluetooth |      default
                 bootmisc | boot
                   brltty |
             busybox-ntpd |
         busybox-watchdog |
                 cgconfig |
                    cgred |
                  cgroups |
                    clamd |
              consolefont | boot
               consolekit | boot
          courier-authlib |
                 cpupower |
             cups-browsed |      default
                    cupsd |      default
                     dbus | boot
                  deluged |
                    devfs |                                        sysinit
            device-mapper | boot
                      dgc |
                   dhcpcd |
                  dmcrypt |
                    dmesg |                                        sysinit
                 dmeventd |
                  dropbox |
                    eposd |
               fancontrol |
               fbcondecor |      default
                     fsck | boot
                     fuse |
               git-daemon |
                 gkrellmd |
                      gpm |
                     gpsd |
                  hddtemp |      default
                   hdparm |
          heimdal-kadmind |
              heimdal-kcm |
              heimdal-kdc |
         heimdal-kpasswdd |
                 hostname | boot
                   hsqldb |
                  hwclock | boot
                ip6tables |
                 iptables |
                   irexec |
                  keymaps | boot
                killprocs |                        shutdown
        kmod-static-nodes |
              laptop_mode |      default
                    lircd |
                   lircmd |
               lm_sensors |
                    local |      default
               localmount | boot
                 loopback | boot
                      lvm |
           lvm-monitoring |
                  lvmetad |
                    mdadm |      default
                   mdraid |
            microcode_ctl |
                  modules | boot
                 mount-ro |                        shutdown
                     mtab | boot
                multipath |
               multipathd |
                    mysql |      default
                      nas |
                  net.aol |
                 net.ath0 |
                 net.ath1 |
                 net.ath2 |
                 net.ath3 |
                 net.ath4 |
                 net.eth0 |
                 net.eth1 |
                 net.eth2 |
                 net.eth3 |
                 net.eth4 |
                 net.eth5 |
                 net.eth6 |
                 net.eth7 |
                 net.eth8 |
                   net.lo |
                 net.ppp0 |
                 net.ppp1 |
                 net.ppp2 |
                 net.ppp3 |
                  net.ra0 |
                  net.ra1 |
                  net.ra2 |
                  net.ra3 |
                  net.ra4 |
                  net.ra5 |
                net.wlan0 |
                net.wlan1 |
                net.wlan2 |
                net.wlan3 |
                 netmount |      default
                      nfs |      default
                nfsclient |      default
                 nfsmount |
               ntp-client |
  ntp-client.bak.20141013 |
                     ntpd |
                  numlock |
                  pciparm |
                  pktcdvd |
                   polipo |
                   procfs | boot
                  pwcheck |
                pydoc-2.7 |
                pydoc-3.2 |
                pydoc-3.3 |
                pydoc-3.4 |
              rename_ethX |
                   rfcomm |
                     root | boot
               rpc.idmapd |
               rpc.pipefs |
                rpc.statd |
                  rpcbind |
                rrdcached |
                   rsyncd |
                    samba |      default
                    saned |
                saslauthd |
                savecache |                        shutdown
                   serial | boot
                     slpd |
                   smartd |
                    snmpd |
                snmptrapd |
                     sntp |
                     sshd |      default
                 svnserve |
                     swap |      default
                swapfiles | boot
                  swclock |
                   sysctl | boot
                    sysfs |                                        sysinit
                syslog-ng |      default
    system-tools-backends |
             termencoding | boot
                 timidity |
             tmpfiles.dev |                                        sysinit
           tmpfiles.setup | boot
                      tor |
                   twistd |
                     udev |                                        sysinit
                      ufw | boot
                  urandom |      default
               vboxwebsrv |
               vixie-cron |      default
                     vpnc |
           wpa_supplicant |
                      xdm | boot
                xdm-setup |
                   xinetd |
meshedgedx fitzcarraldo #

My installation has the following six runlevels:

meshedgedx fitzcarraldo # ls /etc/runlevels
boot default nonetwork shutdown single sysinit

NetworkManager creates a new connection ‘eth0′ that does not work

Several months ago a new entry ‘eth0′ began appearing under ‘Available connections‘ in the KDE plasma-nm widget (the KDE GUI front-end to NetworkManager) in my Gentoo Linux installation. However, there was already an automatically-created entry ‘Wired connection 1′ for the wired interface. In the plasma-nm GUI I could see that both entries were for the same interface (eth0) and MAC address. My laptop could access the Internet via the connection ‘Wired connection 1′ as usual, but not via the new connection ‘eth0′. And if I deleted ‘eth0′ in the plasma-nm GUI, ‘Wired connection 1′ could not access the Internet until I recreated ‘eth0′ manually.

Apart from the fact that two entries for the same interface is unnecessary, it was annoying because sometimes ‘eth0′ automatically became the active connection instead of ‘Wired connection 1′, despite the fact that only ‘Wired connection 1′ had ‘Automatically connect to this network when it is available’ ticked in the plasma-nm GUI. When this happened, the network icon on the Panel showed an active connection but in fact the laptop could not connect to the Internet. However, the connection did work as expected on the occasions when ‘Wired connection 1′ automatically became the active connection or if I switched manually to ‘Wired connection 1′ via the plasma-nm GUI.

Even more strangely, if I happened to be using WiFi when no Ethernet cable was connected, very occasionally the network icon on the Panel would change from a wireless icon to a wired icon and connection to the Internet would be lost. I would then have to re-select the wireless network in order to reconnect to the Internet.

As my laptop has only one Ethernet port, and as there was previously no ‘eth0′ entry under ‘Available connections‘, initially I thought that the new entry occurred because I had recently installed a new version of udev. I have the parameter net.ifnames=0 in the kernel boot line to stop udev/eudev using the so-called Predictable Network Interface Names, and I have the following udev/eudev rules files relating to networking:

# ls -la /etc/udev/rules.d/*net*
lrwxrwxrwx 1 root root    9 Nov 30 15:25 80-net-setup-link.rules -> /dev/null
# ls -la /lib64/udev/rules.d/*net*
-rw-r--r-- 1 root root  452 Nov  7 09:57 /lib64/udev/rules.d/75-net-description.rules
-rw-r--r-- 1 root root 1734 Jan 28 18:29 /lib64/udev/rules.d/77-mm-huawei-net-port-types.rules
-rw-r--r-- 1 root root  491 Nov  7 09:57 /lib64/udev/rules.d/80-net-name-slot.rules
-rw-r--r-- 1 root root  280 Jan 24 00:41 /lib64/udev/rules.d/90-network.rules

Perhaps udev (well, eudev, as I switched to using eudev after the problem started) did have something to do with the new entry, but I began to suspect that NetworkManager was the culprit. I think the problem first occurred after installing NetworkManager 0.9.10.0 last October, but it remained after I installed NetworkManager 1.0.0, until today when I made the various changes described further on.

I had merged NetworkManager 1.0.0 and preceding versions since 0.9.8.8 with USE flags -dhclient and dhcpcd, i.e. NetworkManager in my installation uses the DHCP client dhcpcd instead of dhclient. (I used to merge NetworkManager to use dhclient but found it did not work with 0.9.8.8 and later versions of NetworkManager.)

The relevant network services running in my installation are as follows, and nothing looks incorrect to me:

# rc-update show | grep -i net
       NetworkManager |      default
                local |      default nonetwork
               net.lo | boot
             netmount |      default
# rc-status | grep -i net
NetworkManager                                                    [ started ]
netmount                                                          [ started ]
# rc-update show | grep dh
# rc-status | grep dh
# rc-update -v show | grep supplicant
wpa_supplicant |
# rc-status | grep supplicant
#

NetworkManager itself launches the DHCP client, so the installation should not be configured to launch a DHCP client. Indeed the output above shows that no DHCP client service is configured to run independently of NetworkManager, and I also double-checked that multiple instances of a DHCP client are not running (they’re not):

# ps -C NetworkManager
  PID TTY          TIME CMD
 6481 ?        00:00:22 NetworkManager
# ps -C dhcpcd
  PID TTY          TIME CMD
10378 ?        00:00:00 dhcpcd
# ps -C dhclient
  PID TTY          TIME CMD
#

As far as WiFi is concerned, NetworkManager itself launches wpa_supplicant, so the installation should not be configured to launch wpa_supplicant. Indeed the output from rc-update and rc-status above shows that no wpa_supplicant service is configured to run independently of NetworkManager, and I also double-checked that multiple instances of wpa_supplicant are not running (they’re not):

# ps -C wpa_supplicant
  PID TTY          TIME CMD
 6491 ?        00:00:00 wpa_supplicant
#

So, as far as I could tell, there was nothing wrong with the non-NetworkManager side of my installation.

I thought the problem might be due to the settings in the file /etc/NetworkManager/NetworkManager.conf, which contained the following:

[main]
plugins=keyfile
dhcp=dhcpcd

[ifnet]
managed=true
auto_refresh=false

[keyfile]
hostname=meshedgedx

I studied the manual pages for NetworkManager.conf:

# man NetworkManager.conf

If I understand correctly, the ifnet plug-in is Gentoo-specific (see References 3, 4 and 5 further on). The entries under [ifnet] in my NetworkManager.conf file were redundant in any case because the ifnet plug-in was not included in the plugins list under [main], so I deleted the entire [ifnet] section. There is no mention of the ifnet plug-in on the NetworkManager.conf manual page or in the Gentoo Linux Wiki article on NetworkManager, and a cursory look in the Gentoo ebuild for NetworkManager 1.0.0 clearly indicates the ifnet plug-in is broken. See, for example, the following comment in the ebuild:

# ifnet plugin always disabled until someone volunteers to actively
# maintain and fix it

and the following warning messages in the ebuild if the user has included ifnet in plugin=<plugin list> in NetworkManager.conf:

ewarn "Ifnet plugin is now disabled because of it being unattended"
ewarn "and unmaintained for a long time, leading to some unfixed bugs"
ewarn "and new problems appearing. We will now use upstream 'keyfile'"
ewarn "plugin."
ewarn "Because of this, you will likely need to reconfigure some of"
ewarn "your networks. To do this you can rely on Gnome control center,"
ewarn "nm-connection-editor or nmtui tools for example once updated"
ewarn "NetworkManager version is installed."
ewarn "You seem to use 'ifnet' plugin in ${EROOT}etc/NetworkManager/NetworkManager.conf"
ewarn "Since it won't be used, you will need to stop setting ifnet plugin there."

I modified NetworkManager.conf to contain the following:

[main]
plugins=keyfile
dhcp=dhcpcd
no-auto-default=eth0

[keyfile]
hostname=meshedgedx

Note that the ifnet plug-in was not specified in the plugins list in the [main] section of my previous NetworkManager.conf so it was not the cause of my problem, but I hoped that adding no-auto-default=eth0 to NetworkManager.conf would solve the problem. I deleted the ‘Wired connection 1′ entry from the plasma-nm GUI, ticked ‘Automatically connect to this network when it is available’ for the ‘eth0′ entry and made sure that option was not ticked for any of the other entries under ‘Available connections‘, then rebooted. There was no longer an entry ‘Wired connection 1′ in the plasma-nm widget GUI, just an entry for ‘eth0′, and the installation connected automatically to the wired network and I could access the Internet, but did not reconnect to the wired network if I removed and reinserted the Ethernet cable when also connected to a wireless network. So I was not home and dry yet.

I have read on various Web sites that NetworkManager prefers wired connections over wireless connections. I assume this is because NetworkManager sets a higher metric for the wired connection.

I am on a work trip at the moment and cannot use a dynamic wired connection, only a static wired connection, but I can see that NetworkManager 1.0.0 does set a higher-priority metric for wired connections:

# # Now with both dynamic wireless and static wired:
# ip route show
default via 10.90.21.1 dev eth0  proto static  metric 100
default via 10.96.0.1 dev wlan0  proto static  metric 600
10.90.21.0/24 dev eth0  proto kernel  scope link  src 10.90.21.112  metric 100
10.96.0.0/16 dev wlan0  proto kernel  scope link  src 10.96.87.86
10.96.0.0/16 dev wlan0  proto kernel  scope link  src 10.96.87.86  metric 303
127.0.0.0/8 dev lo  scope host
127.0.0.0/8 via 127.0.0.1 dev lo
192.0.2.1 via 10.96.0.1 dev wlan0  proto dhcp  metric 600
#

10.90.21.1 is the IP address of the gateway for the wired connection, and 10.90.21.112 is the IP address of my laptop’s wired interface. The smaller the metric value, the higher the routing priority. Notice that the metric for the eth0 interface is 100 whereas the metric for the wlan0 interface is 600, so it does appear that NetworkManager favours a wired connection over a wireless connection when both are active.

After doing all the above, I came across Debian bug report no. 755202: network-manager: keeps creating and using new connection “eth0″ that does not work which appears to be exactly what I was experiencing. Various people posted solutions that worked in their particular circumstances, so I am none the wiser. Gentoo user Keivan Moradi posted message no. 79 on that bug report, about a warning message he found in the NetworkManager log file regarding a file /etc/NetworkManager/system-connections/.keep_net-misc_networkmanager-0, and he then deleted the latter file. I found the same message in /var/log/messages:

# grep networkmanager /var/log/messages
Feb  9 04:10:05 localhost NetworkManager[10355]: <warn>      error in connection /etc/NetworkManager/system-connections/.keep_net-misc_networkmanager-0: invalid connection: connection.type: property is missing
Feb 11 15:53:05 localhost NetworkManager[13143]: <warn>      error in connection /etc/NetworkManager/system-connections/.keep_net-misc_networkmanager-0: invalid connection: connection.type: property is missing

The file /etc/NetworkManager/system-connections/.keep_net-misc_networkmanager-0 also existed in my installation, so I also deleted it. It was a zero-length file and I do not know if it had anything to do with my problem:

# ls -la /etc/NetworkManager/system-connections/.keep_net-misc_networkmanager-0
-rw------- 1 root root 0 Jan 20 00:09 /etc/NetworkManager/system-connections/.keep_net-misc_networkmanager-0
# rm /etc/NetworkManager/system-connections/.keep_net-misc_networkmanager-0
#

Anyway, the file /etc/NetworkManager/system-connections/.keep_net-misc_networkmanager-0 has not reappeared since I deleted it.

Keivan Moradi had ‘id=Wired‘ under [connection] in the file /etc/NetworkManager/system-connections/eth0, and he decided to change the name of the file from ‘eth0‘ to ‘Wired‘. However, in my case the file name and the id in the file /etc/NetworkManager/system-connections/eth0 are both ‘eth0‘:

# cat /etc/NetworkManager/system-connections/eth0
[ethernet]
mac-address=70:5A:B6:3E:C1:8A
mac-address-blacklist=

[connection]
id=eth0
uuid=cb3d5786-f947-44b8-92f7-8471fc94c568
type=ethernet
permissions=
secondaries=

[ipv6]
method=ignore
dns-search=

[ipv4]
method=auto
dns-search=

I had already deleted and recreated the connection ‘eth0′ in the plasma-nm GUI by the time I checked the contents of the directory /etc/NetworkManager/system-connections/ so I do not know if the original file name and id were the same. I had also already deleted the connection ‘Wired connection 1′ in the plasma-nm GUI by the time I checked the contents of the directory; presumably files for connections ‘Wired connection 1′ and ‘eth0′ both existed in /etc/NetworkManager/system-connections/ before then. I do not know why the zero-length file .keep_net-misc_networkmanager-0 was created, but no further files have appeared in the directory since I deleted the connection ‘Wired connection 1′ and the file .keep_net-misc_networkmanager-0.

Keivan Moradi was also previously using a buggy r8169 kernel module (Realtek Ethernet hardware) and switched to using the r8168 module, but I am using a Qualcomm Atheros AR8131 Gigabit Ethernet card and an Intel Corporation Ultimate N WiFi Link 5300 card, so that part of his problem cannot be a factor in my case.

Anyway, as I wrote earlier, I no longer have two connection entries for the wired interface, and NetworkManager no longer creates automatically a second connection entry for the wired interface. And now if I am already connected to a wireless network, NetworkManager connects/reconnects automatically to a wired network with the ‘Automatically connect’ option ticked. So it looks like my problem is completely solved, although I reserve judgement until I have been able to use the laptop in my home network (which has the same router for both wired and wireless connections, whereas the wired network and wireless network are separate networks in the office in which I am now working).

Conclusion

If you had the patience to read all the above, I am impressed! If you also understood it, I am doubly impressed!

To cut a long story short, if you are experiencing a similar problem to mine, I recommend you do the following:

  1. Check that your network driver is reliable. You can search the Web to see if other users have experienced problems with the same driver you are using.

  2. Make sure the contents of NetworkManager.conf are correct. Read the NetworkManager.conf man page and the GNOME Wiki page on NetworkManager settings to find out what options are available.

  3. Delete all the files (i.e. including hidden files) in the directory /etc/NetworkManager/system-connections/ and recreate your connections via either the NetworkManager GUI (e.g. plasma-nm in KDE or nm-applet in GNOME) or NetworkManager TUI (nmtui).

References

  1. man NetworkManager.conf
  2. Gentoo Linux Wiki – NetworkManager
  3. GNOME Wiki – NetworkManager SystemSettings – Configuration Plugins
  4. Gentoo NetworkManager Plugin
  5. Another Gentoo Dev – Ifnet updates for NetworkManager 0.9

UPDATE (March 10, 2015): Well, I was right to reserve judgement until I was able to use my laptop with my home network. I am now back at home and an Ethernet cable is plugged into my laptop’s RJ45 socket. Even with the changes I made, when I boot the laptop NetworkManager sometimes (but not always) has two connections named ‘eth0′, one of them the ‘Active connection’ (but not able to connect to the Internet) and the other an ‘Available connection’. In this situation the wired network icon on the Panel has a yellow question mark superimposed. If I delete the ‘eth0′ active connection and use the other ‘eth0′, the latter works as expected and I have no trouble connecting to the Internet. In Debian bug report no. 755202 (see the link further up) user Frederik Himpe added a comment on March 4, 2015 that he is also still experiencing this problem and “It looks like there is a race somewhere, causing the network interface to be brought up before Network Manager is started, and this prevents correct configuration by NM”. So the problem is still unresolved. Hmm … I wonder if udev does have something to do with it after all.

UPDATE (March 12, 2015): The problem persists. I disabled use of IPv6 in /etc/avahi/avahi-daemon.conf to see if the Avahi daemon has something to do with the problem, but that made no difference. Later I also disabled use of IPv4 in /etc/avahi/avahi-daemon.conf, but that made no difference either. So it looks like the Avahi daemon is not the culprit. Checking via the plasma-nm GUI I notice that the ‘rogue’ eth0 Active connection has IPv4 disabled and IPv6 Link-Local enabled. So why is NetworkManager creating a second eth0 connection just for IPv6 Link-Local? And why on Earth is NetworkManager creating any additional connection at all when NetworkManager.conf contains no-auto-default=eth0? Surely this must be a bug in NetworkManager 1.0.0?

UPDATE (March 17, 2015): I have been investigating the problem further: see my latest blog post for details.

Preventing a DNS Leak and WebRTC Leak when using Tor in Linux

Background

I have added to my 2011 Tor post a note on how to avoid a DNS Leak and WebRTC Leak, but am repeating it here in a new post, along with a Bash script that can be used to toggle the relevant Firefox user preferences before and after using Firefox with Tor, which makes the process easier.

The original eleven steps I gave in my above-mentioned post will not prevent the so-called DNS Leak problem. If your Web browser is not configured correctly it will still use your ISP’s DNS servers instead of the DNS servers favoured by Tor, in which case your ISP will know which sites you are accessing. See What is a DNS leak? for details. Reference 1 at the end of this post is a link to an article about DNS leakage, and Reference 2 is a link to an article on the Tor Browser, a browser designed to help avoid DNS leakage.

Furthermore, now that WebRTC is incorporated in some browsers, a ‘WebRTC Leak‘ is also possible if you have not configured your browser correctly.

Using the Tor Browser

Instead of performing Steps 1 to 11 in my original Tor post, download the Tor Browser, unpack it (no installation is required) and use that browser. Reference 3 below is a link to the download page, and Reference 4 below is a link to the instructions on how to unpack the tarball and launch the browser.

If you want even more security, you could instead download the ISO for the Tails Linux distribution, burn a LiveDVD or LivePenDrive — see my post Help for Windows users: How to create a Linux LiveCD, LiveDVD or LivePenDrive from an ISO file if you don’t know how to do that — and launch the browser from a Live Environment.

Using Tor with Firefox

However, if you still want to use the method I gave in my original Tor post then you could try all the additional steps given below to stop DNS leakage and WebRTC leakage.

  1. Use the OpenDNS servers instead of your ISP’s DNS servers. That will not help, though, if your ISP is using a Transparent DNS Proxy.
  2. Make the following changes to the preferences in Firefox (enter about:config in the Firefox address bar):
    Preference Name                       Status   Type     Value
    network.dns.disableIPv6               default  boolean  false  Change to true
    network.dns.disablePrefetch           default  boolean  false  Change to true
    network.proxy.socks_remote_dns        default  boolean  false  Change to true
    browser.safebrowsing.enabled          default  boolean  true   Change to false
    browser.safebrowsing.malware.enabled  default  boolean  true   Change to false
    media.peerconnection.enabled          default  boolean  true   Change to false
    

    (When you have finished using Tor, set media.peerconnection.enabled back to true if you want to use WebRTC. If you also want Firefox to warn you of phishing Web sites and Web sites that download malware, also set browser.safebrowsing.enabled and browser.safebrowsing.enabled back to true after you have finished using Tor.)

    You may be wondering why I disable IPv6 DNS requests. It is because some IPv6-capable DNS servers may return an IPv4 address when an IPv6 address is requested. I disable the two ‘safe browsing’ preferences because, if enabled, they cause Firefox to compare visited URLs against a remotely-stored blacklist or submit URLs to a third party to determine whether a site is legitimate, and I don’t want the possibility of Firefox contacting other sites outside Tor or trying to find an IP address for a URL. The PeerConnection preference relates to WebRTC, and I disable that to stop Firefox contacting STUN servers (see Reference 5 below).

  3. Test if there is still leakage by visiting the DNS leak test Web site and clicking on the Standard test button, and visiting the IP/DNS Detect site.

Furthermore, do not forget to use a Private Browsing window in Firefox.

Automate the editing of Firefox user preferences

Using about:config to change the user preferences in Firefox is laborious, so I created a Bash script edit_firefox.sh to toggle the relevant user preferences:

#!/bin/bash
# Script to change Firefox user preferences rather than
# using about:config from within Firefox.
# Make sure you only run this script when Firefox is not running.
#
FILE="/home/fitzcarraldo/.mozilla/firefox/fm8q09x0.default/prefs.js"
#
#
STATE=$(grep media.peerconnection.enabled $FILE | cut -c 43- | cut -d')' -f1)
if ! grep -q media.peerconnection.enabled $FILE ; then
  echo 'user_pref("media.peerconnection.enabled", false);' >> $FILE
  echo 'Added media.peerconnection.enabled false (secure) to prefs.js'
elif [ $STATE = "true" ]; then
     sed -i s/^.*media.peerconnection.enabled.*$/'user_pref("media.peerconnection.enabled", false);'/ $FILE
     echo 'media.peerconnection.enabled changed to false (secure) in prefs.js'
  else
     sed -i s/^.*media.peerconnection.enabled.*$/'user_pref("media.peerconnection.enabled", true);'/ $FILE
     echo 'media.peerconnection.enabled changed to true (not secure) in prefs.js'
fi
#
STATE=$(grep browser.safebrowsing.malware.enabled $FILE | cut -c 51- | cut -d')' -f1)
if ! grep -q browser.safebrowsing.malware.enabled $FILE ; then
  echo 'user_pref("browser.safebrowsing.malware.enabled", false);' >> $FILE
  echo 'Added browser.safebrowsing.malware.enabled false (secure) to prefs.js'
elif [ $STATE = "true" ]; then
     sed -i s/^.*browser.safebrowsing.malware.enabled.*$/'user_pref("browser.safebrowsing.malware.enabled", false);'/ $FILE
     echo 'browser.safebrowsing.malware.enabled changed to false (secure) in prefs.js'
  else
     sed -i s/^.*browser.safebrowsing.malware.enabled.*$/'user_pref("browser.safebrowsing.malware.enabled", true);'/ $FILE
     echo 'browser.safebrowsing.malware.enabled changed to true (not secure) in prefs.js'
fi
#
STATE=$(grep browser.safebrowsing.enabled $FILE | cut -c 43- | cut -d')' -f1)
if ! grep -q browser.safebrowsing.enabled $FILE ; then
  echo 'user_pref("browser.safebrowsing.enabled", false);' >> $FILE
  echo 'Added browser.safebrowsing.enabled false (secure) to prefs.js'
elif [ $STATE = "true" ]; then
     sed -i s/^.*browser.safebrowsing.enabled.*$/'user_pref("browser.safebrowsing.enabled", false);'/ $FILE
     echo 'browser.safebrowsing.enabled changed to false (secure) in prefs.js'
  else
     sed -i s/^.*browser.safebrowsing.enabled.*$/'user_pref("browser.safebrowsing.enabled", true);'/ $FILE
     echo 'browser.safebrowsing.enabled changed to true (not secure) in prefs.js'
fi
#
STATE=$(grep network.proxy.socks_remote_dns $FILE | cut -c 45- | cut -d')' -f1)
if ! grep -q network.proxy.socks_remote_dns $FILE ; then
  echo 'user_pref("network.proxy.socks_remote_dns", true);' >> $FILE
  echo 'Added network.proxy.socks_remote_dns true (secure) to prefs.js'
elif [ $STATE = "true" ]; then
     sed -i s/^.*network.proxy.socks_remote_dns.*$/'user_pref("network.proxy.socks_remote_dns", false);'/ $FILE
     echo 'network.proxy.socks_remote_dns changed to false (not secure) in prefs.js'
  else
     sed -i s/^.*network.proxy.socks_remote_dns.*$/'user_pref("network.proxy.socks_remote_dns", true);'/ $FILE
     echo 'network.proxy.socks_remote_dns changed to true (secure) in prefs.js'
fi
#
STATE=$(grep network.dns.disablePrefetch $FILE | cut -c 42- | cut -d')' -f1)
if ! grep -q network.dns.disablePrefetch $FILE ; then
  echo 'user_pref("network.dns.disablePrefetch", true);' >> $FILE
  echo 'Added network.dns.disablePrefetch true (secure) to prefs.js'
elif [ $STATE = "true" ]; then
     sed -i s/^.*network.dns.disablePrefetch.*$/'user_pref("network.dns.disablePrefetch", false);'/ $FILE
     echo 'network.dns.disablePrefetch changed to false (not secure) in prefs.js'
  else
     sed -i s/^.*network.dns.disablePrefetch.*$/'user_pref("network.dns.disablePrefetch", true);'/ $FILE
     echo 'network.dns.disablePrefetch changed to true (secure) in prefs.js'
fi
#
STATE=$(grep network.dns.disableIPv6 $FILE | cut -c 38- | cut -d')' -f1)
if ! grep -q network.dns.disableIPv6 $FILE ; then
  echo 'user_pref("network.dns.disableIPv6", true);' >> $FILE
  echo 'Added network.dns.disableIPv6 true (secure) to prefs.js'
elif [ $STATE = "true" ]; then
     sed -i s/^.*network.dns.disableIPv6.*$/'user_pref("network.dns.disableIPv6", false);'/ $FILE
     echo 'network.dns.disableIPv6 changed to false (not secure) in prefs.js'
  else
     sed -i s/^.*network.dns.disableIPv6.*$/'user_pref("network.dns.disableIPv6", true);'/ $FILE
     echo 'network.dns.disableIPv6 changed to true (secure) in prefs.js'
fi

You will need to change the path to the Firefox prefs.js file in the sixth line of the script, to suit your installation. If you have the utility mlocate installed you can find the file easily by using the command:

$ locate prefs.js | grep firefox

You will also need to make the script executable:

$ chmod +x edit_firefox.sh

You can see below how the script works:

$ ./edit_firefox.sh
media.peerconnection.enabled changed to false (secure) in prefs.js
browser.safebrowsing.malware.enabled changed to false (secure) in prefs.js
browser.safebrowsing.enabled changed to false (secure) in prefs.js
network.proxy.socks_remote_dns changed to true (secure) in prefs.js
network.dns.disablePrefetch changed to true (secure) in prefs.js
network.dns.disableIPv6 changed to true (secure) in prefs.js
$ ./edit_firefox.sh
media.peerconnection.enabled changed to true (not secure) in prefs.js
browser.safebrowsing.malware.enabled changed to true (not secure) in prefs.js
browser.safebrowsing.enabled changed to true (not secure) in prefs.js
network.proxy.socks_remote_dns changed to false (not secure) in prefs.js
network.dns.disablePrefetch changed to false (not secure) in prefs.js
network.dns.disableIPv6 changed to false (not secure) in prefs.js
$

Procedure to use Tor

So, if I am not using the Tor Browser, in summary I do the following (refer to my 2011 Tor post for the details):

  1. Launch Polipo from a Konsole window.
  2. Launch Vidalia from a Konsole window.
  3. Launch edit_firefox.sh to make sure the relevant user preferences are set securely.
  4. Launch Firefox and change the network settings to enable use of Polipo and Vidalia.
  5. Launch a Firefox Private Browsing window and close the original window.
  6. Visit TorCheck at Xenobite.eu, What Is My IP Address?, DNS leak test and IP/DNS Detect to be sure I am using Tor and that there is no DNS leak or WebRTC leak.

The router provided by my ISP does not allow me to change its DNS server settings. Using the router’s Web browser interface I was able to view the IP addresses of the DNS servers the router uses (Whois Lookup is a good place to check to whom an IP address belongs), and they are indeed owned by the ISP. However, the leak test Web sites I mention above show me that there is no DNS leakage to the ISP’s DNS servers when I have performed all the steps above.

When I have finished using Tor, I do the following:

  1. Exit Firefox.
  2. Stop Tor from the Vidalia GUI, exit Vidalia and end the Konsole session.
  3. Stop Polipo and end the Konsole session.
  4. Launch edit_firefox.sh to set the relevant user preferences back to their original settings.
  5. Launch Firefox and change the network settings back to the original settings.

References

1. Preventing Tor DNS Leaks
2. Tor new advice (February 2014)
3. Download Tor Browser
4. Linux Instructions for Tor Browser
5. New Browser Based Flaw Leaks VPN Users’ IP Addresses

Virus infection in Windows 8.1 Connected Account

Although I use Linux on my own machines, the family PC runs Windows 8.1 (awful OS, by the way). When I bought the PC I installed AVG AntiVirus Free. As a way of thanking AVG for the free application, I allow the application to send anonymous data about detected threats back to AVG so that the company can improve the detection capabilities of its products.

Anyway, a couple of days ago while I was using the family PC to browse the Web, AVG AntiVirus Free popped-up a window informing me it had detected the trojan VBS/Dropper. Whilst it was able to isolate and remove the threat, re-infection kept recurring periodically and frequently. Each time AVG AntiVirus Free was able to isolate and remove the threat. I launched a full scan (including looking inside archive files etc.) of all hard drives several times, but AVG AntiVirus Free always reported that there were no infected files.

Screen snapshot 1 - VBS/Dropper infection

Whenever the AVG AntiVirus Free window popped-up warning that it had detected the trojan, the message showed that the infected file was in a long directory path, and the infected object was named livecomm.exe. Searching the Web showed me that Livecomm.exe is also known as ‘Communications Service’ and is something to do with the Metro application for e-mail (server in the ‘Cloud’). So I launched the Metro Mail application (it was not running previously) and deleted all the e-mails in the Junk, Deleted and POP folders of my Microsoft Hotmail account (the POP folder contains copies of e-mails downloaded by the e-mail client on my main laptop). Lo and behold, there were no more pop-up warnings from AVG AntiVirus Free regarding VBS/Dropper. Presumably one of the deleted unread e-mails or unread junk e-mails either contained an infected attachment or a link to an infected remote file.

I’m posting this because I did not find anything on the Web regarding this phenomenon, and it looks to me like a problem that occurs specifically on Windows 8/8.1 when a user has a Windows account on the PC that is connected to his/her Microsoft e-mail account (what Microsoft refers to as ‘Connected Account’). If I understand the design correctly, the LiveComm.exe service communicates with remote servers in the ‘Cloud’, so I assume this is another pathway for virus infection in Windows 8 and above that users need to be aware of.

Synchronising the clock using NTP in Sabayon Linux

In my previous post I explained how to install Sabayon Linux via the command line from the Sabayon Linux ‘SpinBase’ ISO.

If the system clock in your current installation is not being synchronised with an external time server over the Internet, the simplest way to achieve this is to install the net-misc/ntp package and configure systemd as shown below.

Note that I use net-misc/ntp rather than net-misc/chrony because the latter does not work in my Sabayon Linux installation; after I have configured the Chrony daemon, the command ‘systemctl status chronyd‘ returns the error message ‘Can’t initialise from real time clock, driver not loaded’. Of course, if Chrony happens to be installed and is working fine, you don’t need to do anything at all. But if Chrony is not working correctly and you want to try the ntp daemon instead, before performing the steps below you’ll first need to disable Chrony as explained under ‘Caveat’ at the end of this post.

  1. Install the ntp package:

    # equo install ntp

  2. Enable the ntp daemon so that it starts at boot:

    # systemctl enable ntpd
    # timedatectl set-ntp true

  3. Start the ntp daemon running now:

    # systemctl start ntpd

  4. Check whether the daemon is running:

    # systemctl status ntpd

Below I show the console output for the complete sequence from Step 2 to Step 4 with the command ‘timedatectl status‘ between each step so that you can see the effect. Note that I had previously set the hardware clock time (which, by default, systemd assumes to be UTC) to be the same time as local time. Since BST and UTC do not coincide, clearly both clocks should not both contain 10:06, so watch what happens below once the NTP daemon is launched.

sabayon fitzcarraldo # timedatectl status
      Local time: Mon 2014-09-22 10:06:06 BST
  Universal time: Mon 2014-09-22 09:06:06 UTC
        RTC time: Mon 2014-09-22 10:06:07
        Timezone: Europe/London (BST, +0100)
     NTP enabled: no
NTP synchronized: no
 RTC in local TZ: no
      DST active: yes
 Last DST change: DST began at
                  Sun 2014-03-30 00:59:59 GMT
                  Sun 2014-03-30 02:00:00 BST
 Next DST change: DST ends (the clock jumps one hour backwards) at
                  Sun 2014-10-26 01:59:59 BST
                  Sun 2014-10-26 01:00:00 GMT
sabayon fitzcarraldo # systemctl enable ntpd
ln -s '/usr/lib/systemd/system/ntpd.service' '/etc/systemd/system/multi-user.target.wants/ntpd.service'
sabayon fitzcarraldo # timedatectl status
      Local time: Mon 2014-09-22 10:06:39 BST
  Universal time: Mon 2014-09-22 09:06:39 UTC
        RTC time: Mon 2014-09-22 10:06:39
        Timezone: Europe/London (BST, +0100)
     NTP enabled: no
NTP synchronized: no
 RTC in local TZ: no
      DST active: yes
 Last DST change: DST began at
                  Sun 2014-03-30 00:59:59 GMT
                  Sun 2014-03-30 02:00:00 BST
 Next DST change: DST ends (the clock jumps one hour backwards) at
                  Sun 2014-10-26 01:59:59 BST
                  Sun 2014-10-26 01:00:00 GMT
sabayon fitzcarraldo # timedatectl set-ntp true
sabayon fitzcarraldo # timedatectl status
      Local time: Mon 2014-09-22 10:06:57 BST
  Universal time: Mon 2014-09-22 09:06:57 UTC
        RTC time: Mon 2014-09-22 10:06:58
        Timezone: Europe/London (BST, +0100)
     NTP enabled: yes
NTP synchronized: no
 RTC in local TZ: no
      DST active: yes
 Last DST change: DST began at
                  Sun 2014-03-30 00:59:59 GMT
                  Sun 2014-03-30 02:00:00 BST
 Next DST change: DST ends (the clock jumps one hour backwards) at
                  Sun 2014-10-26 01:59:59 BST
                  Sun 2014-10-26 01:00:00 GMT
sabayon fitzcarraldo # systemctl start ntpd
sabayon fitzcarraldo # timedatectl status
      Local time: Mon 2014-09-22 10:07:13 BST
  Universal time: Mon 2014-09-22 09:07:13 UTC
        RTC time: Mon 2014-09-22 09:07:13
        Timezone: Europe/London (BST, +0100)
     NTP enabled: yes
NTP synchronized: yes
 RTC in local TZ: no
      DST active: yes
 Last DST change: DST began at
                  Sun 2014-03-30 00:59:59 GMT
                  Sun 2014-03-30 02:00:00 BST
 Next DST change: DST ends (the clock jumps one hour backwards) at
                  Sun 2014-10-26 01:59:59 BST
                  Sun 2014-10-26 01:00:00 GMT
sabayon fitzcarraldo # systemctl status ntpd
ntpd.service - Network Time Service
   Loaded: loaded (/usr/lib/systemd/system/ntpd.service; enabled)
   Active: active (running) since Mon 2014-09-22 10:07:11 BST; 23s ago
 Main PID: 2420 (ntpd)
   CGroup: /system.slice/ntpd.service
           └─2420 /usr/sbin/ntpd -g -n

Sep 22 10:07:11 sabayon ntpd[2420]: Listen normally on 5 eth0 fe80::a00:27ff:fe86:21f3 UDP 123
Sep 22 10:07:11 sabayon ntpd[2420]: peers refreshed
Sep 22 10:07:11 sabayon ntpd[2420]: Listening on routing socket on fd #22 for interface updates
Sep 22 10:07:13 sabayon ntpd[2420]: Deferring DNS for 0.gentoo.pool.ntp.org 1
Sep 22 10:07:14 sabayon ntpd[2420]: Deferring DNS for 1.gentoo.pool.ntp.org 1
Sep 22 10:07:15 sabayon ntpd[2420]: Deferring DNS for 2.gentoo.pool.ntp.org 1
Sep 22 10:07:16 sabayon ntpd[2420]: Deferring DNS for 3.gentoo.pool.ntp.org 1
Sep 22 10:07:18 sabayon ntpd_intres[2422]: DNS 0.gentoo.pool.ntp.org -> 85.236.36.4
Sep 22 10:07:18 sabayon ntpd_intres[2422]: DNS 1.gentoo.pool.ntp.org -> 78.46.197.35
Sep 22 10:07:18 sabayon ntpd_intres[2422]: DNS 2.gentoo.pool.ntp.org -> 91.234.160.19
sabayon fitzcarraldo #

Notice that the NTP daemon synchronised the RTC (hardware clock) time to UTC (I had previously set the hardware clock time to be the same as local time to show what would happen when the NTP deamon was launched). That is correct: notice ‘RTC in local TZ: no‘ in the output above, meaning that systemd by default assumes the time in the RTC is UTC.

By the way, in case you’re wondering, the NTP daemon of course synchronises the time in the system clock too. You do not need to worry: the system clock uses the local time of the time zone you previously configured (see my previous post), so the Linux date command and the clock of the Desktop Environment will show you local time by default.

Caveat
Note that I am using the ntp daemon instead of the Chrony daemon or the OpenNTPD daemon. If Chrony happens to be installed and active in your Sabayon Linux installation, before performing any of the above steps you’ll first need to do the following:

  1. Uninstall the Chrony package:

    # equo remove chrony

  2. Disable the Chrony daemon so that it does not start at boot:

    # systemctl disable chronyd
    # timedatectl set-ntp false

  3. Stop the Chrony daemon running now:

    # systemctl stop chronyd

  4. Check whether the daemon is still running:

    # systemctl status chronyd

WebRTC – A viable alternative to Skype

webrtc_logoSkype for Linux 4.3 and upwards requires the use of PulseAudio, which has caused discontent amongst those Linux users who do not use PulseAudio. Although I do use PulseAudio, I recently found out about WebRTC, an API (application programming interface) for browser-based communication offering most of the functions provided by Skype, namely: voice calling, video chat, text chat, file sharing and screen sharing. The official WebRTC site states:

WebRTC is a free, open project that enables web browsers with Real-Time Communications (RTC) capabilities via simple JavaScript APIs. The WebRTC components have been optimized to best serve this purpose.

Our mission: To enable rich, high quality, RTC applications to be developed in the browser via simple JavaScript APIs and HTML5.

WebRTC was originally released by Google but is now a draft standard of the World Wide Web Consortium, and is supported by Chrome, Firefox and Opera browsers. Several commercial Web sites offer WebRTC-based communications to fee-paying customers, but I thought I would try WebRTC by using one of the so-called ‘demo’ WebRTC pages. AppRTC is a WebRTC demo page which can be reached from a link on the official WebRTC site, but I prefer Multi-Party WebRTC Demo by TokBox which offers a more polished experience with better features. Both are free to use and viable substitutes to Skype for video chatting (one-to-one or conference).

So, how do you actually use WebRTC-based sites? Below is a quick guide to get you going.

Text and video chatting

Open the following URL in Chrome or Firefox:

https://opentokrtc.com/

Enter a Room Name that is likely to be unique. I used ‘fitzchat’ (without the quotes), but you can use any name you want.

The other party or parties can do the same thing, i.e. they enter the same Room Name as you, and you will all become connected.

Alternatively, to send an e-mail invitation to someone, click on the URL at the top of the pane on the right-hand side (which is Invite: https://opentokrtc.com/fitzchat in this example, as I chose to name the Room ‘fitzchat’). The partially visible pane at the right-hand side of the browser window will slide into full view when you click on it.

That’s all there is to it. You should see a video window showing each party, and they should see the same. Each party should also be able to hear the other parties. In the top right-hand corner of each video window is an icon (microphone for you; speaker for each of the other parties) which you can click on to mute/un-mute that party.

Click on the partially visible pane at the right-hand side of the browser window. Notice the ‘chat bar’ at the bottom where you enter commands and chat text. Read the grey instructions listed near the top of the pane:

Welcome to OpenTokRTC by TokBox
Type /nick your_name to change your name
Type /list to see list of users in the room
Type /help to see a list of commands
Type /hide to hide chat bar
Type /focus to lead the group
Type /unfocus to put everybody on equal standing

For example, to give myself a meaningful name instead of the default username Guest-0120e48c which was given to me automatically, I entered the following:

           /nick Fitz

Screen sharing

I found that screen sharing already works well in Chrome 36.0.1985.125 but is not yet supported in Firefox 31.0. It will be supported in Firefox 32 or 33, apparently, or you can already use Firefox Nightly providing you add the appropriate preferences via about:config.

To be able to share screens in Chrome, I had to perform two steps: enable a Chrome flag and install a Chrome extension. The two steps, which do not need to be repeated, are given below (see Ref. 1).

To enable screen sharing in Chrome, do the following:

  1. Open a new tab or window in Chrome.
  2. Copy the following link: chrome://flags/#enable-usermedia-screen-capture and paste it in the location bar.
  3. Click on the ‘Enable’ link below ‘Enable screen capture support in getUserMedia().’ at the very top of the screen.
  4. Click on the ‘Relaunch Now’ button at the bottom of the page to restart Chrome.

To install the screen sharing extension in Chrome, do the following:

  1. Launch Chrome and click on the Menu icon.
  2. Click on ‘Settings’.
  3. Click on ‘Extensions’.
  4. Click on ‘Get more extensions’ and search for ‘webrtc’.
  5. Download ‘WebRTC Desktop Sharing’.
  6. This places an icon to the right of the URL bar in Chrome.

To share your screen or just a window, do the following in Chrome:

  1. Click on the ‘Share Desktop’ icon to the right of the URL bar and select either ‘Screen’ or the window you wish to share.
  2. Click ‘Share’.
  3. When sharing has started in a new Chrome window, select the URL of the relevant tab in that window and send it to the other parties via the chat pane on the right-hand side of the first browser window.

To stop sharing, click on ‘Stop sharing’ and click on the ‘Share Desktop’ icon to the right of the URL bar to get it to return to displaying the ‘Share Desktop’ icon instead of the || (Pause) icon.

File sharing

I did not bother to try file sharing using WebRTC, but there are various Web sites you can use to do that. One such is ShareDrop, and googling will find others.

Caveats

Chrome 36.0.1985.125 and Firefox 31.0 were used in this trial (I did not try Opera). I found that video chat worked faultlessly when both parties were using Chrome, and when both parties were using Firefox. However, when one of the parties was using Firefox and the other was using Chrome, I could not see myself in one of the video boxes in the browser window (although I could see the other party in the other video box in the browser window). Furthermore, there was a grey bar across the middle of the video images in the AppRTC demo, whereas the Multi-Party WebRTC Demo video images were normal. Other than those two issues, the experience was smooth and straightforward. My recommendation would therefore be to use Multi-Party WebRTC Demo and for all the parties to use the same browser, be it Chrome or Firefox. If you want to share your screen or a window, the logical choice at the moment would be Chrome.

References

1 LiveMinutes Blog – Beta Testers: How To Activate Screen Sharing!

UPDATE (January 2, 2015): Mozilla has added a button to Firefox 34 to provide account-free video chat using WebRTC. Mozilla calls this feature ‘Firefox Hello’.

https://support.mozilla.org/en-US/kb/where-firefox-hello-button

I have it in Firefox 34.0.5 (I had to drag the ‘Hello’ button from ‘Customise’ | ‘Additional Tools and Features’). It works quite well. I didn’t bother creating an account; I just clicked on the ‘Email’ button to e-mail the automatically-generated URL to someone, and he clicked on the URL in the e-mail he received, which launched Firefox on his laptop and rang Firefox on my laptop. We tried both video and audio-only conversations, and both worked well. Firefox Hello is not as polished as Skype but, if Mozilla keeps working on it, they could end up with a good product.

Installing and using the Pipelight browser plug-in with Firefox 30 for Linux

pipelight-logoI use Gentoo Linux (~amd64) on my main laptop. Although I do not use Netflix or any of the other streaming video services that require the Microsoft Silverlight browser plug-in, I do need to use a browser with the Silverlight plug-in to access an office Intranet site. So I was interested in installing the Pipelight plug-in.

Although Pipelight works with most of the Silverlight test sites I have found on the Web, I cannot get it to work with the above-mentioned office Intranet site, which is why I ended up installing Firefox for Windows and Silverlight in WINE (see my previous post). Anyway, below I explain how I installed and configured Pipelight 0.2.7.1 and Firefox 30.0 for Linux. Even if you use a different Linux distribution to me, almost all of this post will still be relevant; only the package installation commands will differ.

Google Chrome 34 and onwards does not support NPAPI, so Pipelight does not work any more with Chrome. Actually, Mozilla has disabled some NPAPI support by default in Firefox 30: with the exception of the Flash plug-in you have to explicitly give permission for plug-ins to be activated via Click-to-Activate (also known as Click-to-Play). You can configure how Firefox Click-to-Activate behaves via Open menu > Add-ons > Plugins (choose either ‘Ask to Activate’, ‘Always Activate’ or ‘Never Activate’). See ‘Issues related to plugins – 4.1 Click to Play in Mozilla browser versions 23 and above‘ on the mozillaZine Website and ‘How to always activate a plugin for a trusted website‘ on the Mozilla Support Website.

I updated an existing Pipelight ebuild so that it will install the latest version of Pipelight (0.2.7.1) via a Portage local overlay. You can download the new ebuild from Gentoo Bugzilla Bug Report No. 481596 (see Comment 40). I can only get it to merge by using the binary-pluginloader USE flag. [Update August 18, 2014: The package is now in the main Portage tree, at least for ~amd64]

Installation

Install Firefox if it has not already been installed:

root # emerge firefox

Install Pipelight (installation fails unless I disable binary-pluginloader):

root # USE="-binary-pluginloader" emerge pipelight

Install WINE with the Compholio patches:

root # USE="pipelight" emerge wine

As you can see below, I have wine-1.7.21 and pipelight-0.7.2.1 installed.

user $ eix -I wine
[I] app-emulation/wine
Available versions: 1.2.3^t (~)1.3.28^t 1.4.1^t 1.6.1^t 1.6.2^t (~)1.7.0^t (~)1.7.3^t (~)1.7.4^t (~)1.7.8^t (~)1.7.9^t (~)1.7.10^t (~)1.7.11^t (~)1.7.12^t (~)1.7.13^t (~)1.7.14^t (~)1.7.15^t (~)1.7.16^t (~)1.7.17^t (~)1.7.18^t (~)1.7.19-r1^t (~)1.7.20^t (~)1.7.21^t **9999^t {+X (+)alsa capi cups custom-cflags dbus dos (+)fontconfig +gecko gnutls gphoto2 gsm gstreamer jack (+)jpeg lcms ldap +mono mp3 nas ncurses netapi nls odbc openal opencl +opengl osmesa (+)oss +perl pipelight (+)png +prelink pulseaudio +realtime +run-exes samba scanner selinux (+)ssl test +threads +truetype (+)udisks v4l +win32 +win64 xcomposite xinerama (+)xml ABI_MIPS="n32 n64 o32" ABI_PPC="32 64" ABI_X86="(+)32 (+)64 x32" ELIBC="glibc" LINGUAS="ar bg ca cs da de el en en_US eo es fa fi fr he hi hr hu it ja ko lt ml nb_NO nl or pa pl pt_BR pt_PT rm ro ru sk sl sr_RS@cyrillic sr_RS@latin sv te th tr uk wa zh_CN zh_TW"}
Installed versions: 1.7.21^t(13:39:36 06/07/14)(X alsa cups fontconfig gecko gphoto2 gsm jpeg lcms mp3 ncurses nls openal opengl perl pipelight png prelink pulseaudio realtime run-exes scanner ssl threads truetype udisks v4l xinerama xml -capi -custom-cflags -dos -gstreamer -ldap -mono -netapi -odbc -opencl -osmesa -oss -samba -selinux -test -xcomposite ABI_MIPS="-n32 -n64 -o32" ABI_PPC="-32 -64" ABI_X86="32 64 -x32" ELIBC="glibc" LINGUAS="en pt_BR -ar -bg -ca -cs -da -de -el -en_US -eo -es -fa -fi -fr -he -hi -hr -hu -it -ja -ko -lt -ml -nb_NO -nl -or -pa -pl -pt_PT -rm -ro -ru -sk -sl -sr_RS@cyrillic -sr_RS@latin -sv -te -th -tr -uk -wa -zh_CN -zh_TW")
Homepage: http://www.winehq.org/
Description: Free implementation of Windows(tm) on Unix

user $ eix -I pipelight
[I] www-plugins/pipelight
Available versions: (~)0.2.3[1] (~)0.2.6[2] (~)0.2.7.1[2] {adobereader +binary-pluginloader flash foxitpdf grandstream installation-dialogs npactivex roblox shockwave +silverlight static unity3d}
Installed versions: 0.2.7.1[2](21:57:35 10/07/14)(silverlight -adobereader -binary-pluginloader -flash -foxitpdf -grandstream -installation-dialogs -npactivex -roblox -shockwave -static -unity3d)
Homepage: http://fds-team.de/cms/index.html https://launchpad.net/pipelight
Description: A browser plugin which allows one to use windows-only plugins inside Linux browsers.

[1] "sabayon" /var/lib/layman/sabayon
[2] "local_overlay" /usr/local/portage

Now update the dependency-installer script and enable the plug-in:

user $ sudo pipelight-plugin --update # sudo has to be used for this command only.
user $ pipelight-plugin --enable silverlight

Applies to AMD ATI GPUs only: My main laptop has an AMD ATI HD 5850 GPU, and hardware acceleration causes Firefox to hang when the Pipelight plug-in is enabled, so I have to disable hardware acceleration:

user $ cp /usr/share/pipelight/configs/pipelight-silverlight5.1 ~/.config/

Edit the Pipelight configuration file:

user $ nano ~/.config/pipelight-silverlight5.1

In order to force GPU acceleration uncomment the line:
overwriteArg = enableGPUAcceleration=true

In order to disable GPU acceleration (even if your graphic driver is probably supported) uncomment the line:
overwriteArg = enableGPUAcceleration=false

Instead of disabling GPU hardware acceleration in the Pipelight configuration file (pipelight-silverlight5.1), I could have instead done it each time I launch Firefox by entering the following command:

user $ PIPELIGHT_GPUACCELERATION=0 firefox

But I prefer to be able to enter just the following command:

user $ firefox

or to launch Firefox from the as-installed entry for Firefox in the Desktop Environment’s launcher menu.

After launching Firefox for the first time, a series of pop-up windows will show that the Silverlight plug-in is being installed. Once the final pop-up window has closed, install the Firefox extension User Agent Overrider (do not install User Agent Switcher or any other user agent selection extension for Firefox), click on the down-arrow of the User Agent Overrider icon in Firefox and select ‘Windows / Firefox 29′ from the pull-down menu. I also selected ‘Preferences…’ and added another user agent string to the end of the list:

# Custom
Windows / Firefox 15: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20120427 Firefox/15.0a1

Check that the plug-in is installed correctly

Enter about:plugins in the Firefox Address bar to check which plug-ins are installed, their version and current state.

Use the Pipelight diagnostic page to check the plug-in is working.

Pipelight options

To see what commands the Pipelight plug-in supports, enter the following command in a Konsole/Terminal window:

user $ pipelight-plugin --help

Further information

Below are some links to Silverlight tests and other information regarding Pipelight and Silverlight.

Silverlight test pages

Silverlight Version Test

Bubblemark animation test

Silverlight Project Test Page | Deep Zoom

Silverlight DRM Test (Select ‘No DRM’ because the following bug report says that the Silverlight DRM test at the aforementioned Web page is broken and Microsoft will not fix it: Bug 762056.)

Becky’s Silverlight Test Site

Microsoft Silverlight – IIS Smooth Streaming Demo

Experience IIS Smooth Streaming

Silverlight Project Test Page | Deep Zoom Tag Browser

Microsoft Case Studies

Silverlight Demos

Here is an article on Netflix’s intention to dump the awful Silverlight plug-in:
Netflix to dump Silverlight, Microsoft’s stalled technology

Background information on the Pipelight project

This presentation was made by the Pipelight developers:
Pipelight – Windows browser plugins on Linux

Useful pages on the Pipelight Web site

Pipelight | News

This page, about selecting a User Agent String that will work, is important to read if you’re having problems:
Pipelight | Installation – User Agent

Background reading on User Agent Strings

How to Change Your Browser’s User Agent Without Installing Any Extensions

The IE10 User-Agent String

You can find out your current user agent string by using the following link:
What’s My User Agent?

Alternative to using Pipelight

If you still have trouble viewing Web pages that use Silverlight, you might like to try an alternative approach: use Firefox for Windows and the Silverlight plug-in in WINE. See my previous blog post Installing Firefox for Windows and the Silverlight plug-in in WINE.

Installing Firefox for Windows and the Silverlight plug-in in WINE

I use 64-bit (~amd64) multilib Gentoo Linux on my main laptop, and had been using successfully Version 0.2.3 of the Pipelight browser plug-in in 64-bit Firefox 29.0.1 for Linux to access an office Intranet Web site that uses Microsoft Silverlight. However, after installing 64-bit Firefox 30.0 for Linux recently I found that Mozilla has removed NPAPI support by default in Firefox 30, and Web sites using Silverlight would no longer load.

By updating Pipelight to Version 0.2.6 and changing the user agent string — see ‘Firefox UserAgent Switcher list‘ — I was able to browse in Firefox 30.0 for Linux only some of the Web sites that use Silverlight, but the aforementioned Intranet Web site would no longer load and displayed the following error message instead:

It appears the browser you are using to access this site is unsupported. Please use one of the following browsers …

· Internet Explorer 8.0

· Internet Explorer 9.0

· Internet Explorer 10.0

If you are using one of these browsers and you are still seeing this message, please contact company support.

I tried changing Firefox’s user agent string to the following, which I found from the post ‘Firefox UserAgent Switcher list‘:

Mozilla/5.0 (compatible; MSIE 10.6; Windows NT 6.1; Trident/5.0; InfoPath.2; SLCC1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 2.0.50727) 3gpp-gba UNTRUSTED/1.0

That user agent string allowed the Intranet’s Web page to start loading, but a window popped-up displaying the error message shown below and Firefox stopped responding (froze).

Error reading Localization file

[Xml_UnexpectedTokens2]
Arguments: Content-Type,”,’,4,18
Debugging resource strings unavailable. Often the key and arguments provide
sufficient information to diagnose the problem. See http://go.microsoft.com/fwlink/?
linkid=106663&Version=5.1.30214.00&File=System.Xml.dll&Key=Xml_UnexpectedTokens2

After trying various user agent strings without success I decided to install 64-bit Firefox 30.0 for Windows and the 64-bit Silverlight plug-in in WINE. The 64-bit Firefox 30.0 for Windows installed successfully and I could launch it and browse the Internet. However, I found that the 64-bit Silverlight plug-in would not install (according to a message in the Silverlight Installer window, installation of the plug-in crashed at 82% complete), so I then installed 32-bit Firefox 30.0 for Windows with the 32-bit Silverlight plug-in, and that worked. Below I list the steps I used to install and configure 32-bit Firefox 30.0 with the 32-bit Silverlight plug-in in WINE (which, in my installation, was compiled to support both 32-bit and 64-bit Windows applications).

Installation and configuration of 32-bit Firefox for Windows and the Silverlight plug-in

1. I used a Web browser to download the file ‘Firefox Setup 30.0.exe‘ from the Mozilla Firefox Web site to the /home/fitzcarraldo/Downloads/ directory. The Mozilla Web site offers a choice of localised versions, so I downloaded the installer for Firefox for Windows in British English.

2. I opened a Konsole window and entered the following commands:

$ cd
$ export WINEPREFIX=$HOME/.wine-firefox
$ export WINEARCH="win32"
$ winecfg # Set Windows Version to Window 7.
$ cd ./.wine-firefox/drive_c/
$ wget http://winetricks.org/winetricks # Download winetricks so I can install Windows fonts.
$ chmod +x winetricks # Make winetricks script executable.
$ ./winetricks # Launch winetricks and install Windows fonts.
$ cp /home/fitzcarraldo/Downloads/Firefox\ Setup\ 30.0.exe .
$ wine Firefox\ Setup\ 30.0.exe
$ env WINEPREFIX="/home/fitzcarraldo/.wine-firefox" WINEARCH="win32" wine /home/fitzcarraldo/.wine-firefox/drive_c/Program\ Files/Mozilla\ Firefox/firefox.exe # Launch Firefox and download the Silverlight installer.

N.B. Keep the Konsole window open and use it to enter all the commands listed in this post.

Notice that I downloaded and launched the excellent winetricks script so that I could install some Windows fonts that Firefox for Windows might need to use. When the winetricks window opens, all I needed to do was:

  • Select ‘Select the default wineprefix’ and click ‘OK’
  • Select ‘Install a font’and click ‘OK’.
  • Select ‘allfonts’ and click ‘OK’.
  • Optionally, if you have an LCD monitor and you would like to enable subpixel font smoothing, select ‘Change Settings’ then ‘fontsmooth=rgb’ and click ‘OK’.

3. I used the 32-bit Firefox for Windows Web browser to download the Silverlight plug-in installer to the /home/fitzcarraldo/Downloads/ directory. The files downloaded were Silverlight.exe and Silverlight.exe:Zone.Identifier which were both downloaded when I clicked on the ‘Click to Install’ button on the ‘Get Microsoft Silverlight‘ Web page and I then moved them from the directory /home/fitzcarraldo/Desktop/ to the /home/fitzcarraldo/Downloads/ directory.

4. I exited Firefox for Windows and installed the Silverlight plug-in:

$ cp /home/fitzcarraldo/Downloads/Silverlight* .
$ wine Silverlight.exe # Now install 32-bit Silverlight.

5. Then I launched Firefox for Windows again to configure the User Agent:

$ env WINEPREFIX="/home/fitzcarraldo/.wine-firefox" WINEARCH="win32" wine /home/fitzcarraldo/.wine-firefox/drive_c/Program\ Files/Mozilla\ Firefox/firefox.exe

I entered ‘about:config‘ (without the quotes) in the Address bar and added a new preference named general.useragent.override containing the following string (it is a User Agent string for Microsoft Internet Explorer 10.6 in 32-bit Windows 7):

Mozilla/5.0 (compatible; MSIE 10.6; Windows NT 6.1; Trident/5.0; InfoPath.2; SLCC1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 2.0.50727) 3gpp-gba UNTRUSTED/1.0

N.B. This is the user agent string I used to get a specific office’s Intranet Web site that uses Silverlight to load in the Firefox 30.0 for Windows browser. You may need to use a different user agent string for the particular Web site you want to load. Use a search engine to search the Web for suitable user agent strings for the specific Web site you wish to browse. I have seen various user agent strings given for Netflix, for example, so you may have to try several to find one that works for you.

Alternatively, rather than using about:config you could install a Firefox extension such as User Agent Switcher and the associated ‘useragentswitcher.xml‘ file (see the ‘Firefox UserAgent Switcher list’ reference above for details of how to install), which would allow you to add, edit and select user agent strings more easily. An alternative to User Agent Switcher is the Firefox extension User Agent Overrider which may give you better results than User Agent Switcher on some Web sites that use Silverlight. I have tried it and it enables me to view the Silverlight test pages on the Web (I selected ‘Windows / Firefox 29′ from the User Agent Overrider pull-down menu).

6. I also made sure that plugins.click_to_play is set to ‘true’ (it should be by default) and I gave permission to Firefox to use the Silverlight plug-in on the relevant Web site I wish to use (Open menu > Add-ons > Plugins). See ‘Issues related to plugins – 4.1 Click to Play in Mozilla browser versions 23 and above‘ on the mozillaZine Website and ‘How to always activate a plugin for a trusted website‘ on the Mozilla Support Website.

Launching Firefox for Windows correctly in Linux

To launch Firefox for Windows from the command line you will need to enter either of the following commands:

$ env WINEPREFIX="/home/fitzcarraldo/.wine-firefox" WINEARCH="win32" wine /home/fitzcarraldo/.wine-firefox/drive_c/Program\ Files/Mozilla\ Firefox/firefox.exe

$ env WINEPREFIX="/home/fitzcarraldo/.wine-firefox" WINEARCH="win32" wine C:\\windows\\command\\start.exe /Unix /home/fitzcarraldo/.wine-firefox/dosdevices/c:/users/Public/Start\ Menu/Programs/Mozilla\ Firefox.lnk

Alternatively, you can set up a Desktop Configuration File (.desktop file) on your Desktop and/or an entry in the Desktop Environment’s launcher menu. In my case, WINE took care of doing both of those during the installation of Firefox for Windows, and it used the standard Firefox icon. I just needed to edit the entry’s command for launching Firefox, to make it match one of the commands listed above.

Postscript

Regarding the file Silverlight.exe:Zone.Identifier that was downloaded when I downloaded the Silverlight installer (Silverlight.exe), I had never come across such a file type before but have now found out what it is:

File that contains metadata describing the security zones associated with another file; generated automatically when a file is downloaded from the Internet or received as an email attachment; often created by Internet Explorer.

See the article .ZONE.IDENTIFIER File Extension for details.

You can therefore forget about the Silverlight.exe:Zone.Identifier file (if one even exists in your case). The important thing is to download the Silverlight installer, which is a single .exe file.

Follow

Get every new post delivered to your Inbox.

Join 56 other followers