Tuesday, April 3, 2012

ifconfig and "interfaces"

This post is about my encounter with network "interfaces" on OS X Lion during the last few days. It's in the category of letting google "catalog my head." I haven't figured out the fundamental problem, but I learned a few things along the way and I want to record them.

Here is the text of my post to a site that will remain unnamed (due to my considerable embarassment, as I'll explain in a bit):

I started with a simple idea: do bad guys knock on the door of my LAN very often, and does the Airport Extreme keep logs that would tell me anything about it. It didn't seem like Airport Utility was going to get me very far.

In the middle of a long saga involving installation of a tool called mrtg, I bailed out from a perl script to set various configuration parameters for use of snmp because it became clear that I had no idea what I was doing.

I come back to Terminal and do ifconfig and notice three new interfaces (not there just before the previous adventure):

gif0: flags=8010 mtu 1280
stf0: flags=0<> mtu 1280
fw0: flags=8863 mtu 4078
lladdr 60:fb:42:ff:fe:f4:cd:9e
media: autoselect
status: inactive

So I have two questions: where can I find out more about these "interfaces." And even more important, after I reset my Airport to factory default, and reinstalled OS X Lion on my machine, with a wiped disk, why are they still there? Where is that info stored and how would I modify it? I tried various ifconfig commands but they're like Arnold, they always come back.
As to finding out more about the interfaces, one can simply do man gif. As often happens with man, the text leads to an ever expanding web of stuff I don't understand, but the gist is clear, these things relate to IPv6. I had already seen this page on apple.stackexchange which translates some of the man details into english. But it gives me no idea as to how these started appearing in my output from ifconfig. So I asked another question, this time in a more appropriate forum (apple.stackexchange). The answers all indicate that these things are "benign," but unfortunately give no indication of where they came from. Also, it occurs to me that my impression of when they appeared may be mistaken, hence my comment:

As to why the interfaces appeared, my best guess is that while they showed up after the snmp adventure, they weren't caused by it.
because I cannot explain things in any other way except to think that my computer sets up these things when it boots, and something in a plist somewhere has changed to modify what appears with ifconfig, and that whatever it is, it is present after a clean install of Lion. It's Apple that's messing with me here. These interfaces are clearly controlled by the OS X boot process.

Two things one might have thought would work, but do not:

Using Network Prefs to remove FireWire causes it to go away in the GUI, but it's still there in ifconfig, even with a re-boot. According to the man page for ifconfig it looks like this should work:

sudo ifconfig gif0 destroy

and it makes gif0 go away (though not stf0), but on reboot it comes back. So, things are still mysterious.

In the meantime (almost done), found something that looks really interesting (no python package required for this):

>>> from SystemConfiguration import *
>>> interfaces = SCNetworkInterfaceCopyAll()
>>> for interface in interfaces:
...     bsd_name = SCNetworkInterfaceGetBSDName(interface)
...     display_name = SCNetworkInterfaceGetBSDName(interface)
...     print "BSD: %s , Display: %s" %(bsd_name, display_name)
... 
BSD: Bluetooth-Modem , Display: Bluetooth-Modem
BSD: en0 , Display: en0
BSD: fw0 , Display: fw0
BSD: en1 , Display: en1

There seem to be a lot of SystemConfiguration APIs available from Python

>>> import SystemConfiguration
>>> len(dir(SystemConfiguration))
4338

Curious, that this does not give gif0 and stf0, nor the "loopback" interface.

And finally, what happened with the other question/answer site? The problem is that I had not realized (to quote the FAQ):

and it is not about…

Anything in a home setting

It's even in bold type in the FAQ. So I made three mistakes: I posted about a home topic and I complained when a guy with big rep down-modded me without even answering what I thought was a reasonable question. After that, they got about as mad as you can get on the web.

My bad.