diff options
| author |  sommerfeld <sommerfeld@sommerfeld.dev> | 2026-05-22 14:28:17 +0100 |
|---|---|---|
| committer | sommerfeld <sommerfeld@sommerfeld.dev> | 2026-05-22 14:28:17 +0100 |
| commit | 1dfee96401c03666aa3eeec7a40fbc42ff05e1b3 (patch) | |
| tree | 84578472ea25facca0df315a91be99758fcf4720 /etc/systemd/network | |
| parent | 18277fc1ec921dfcfa61c0b2f0b40fb62cfa070f (diff) | |
| download | dotfiles-1dfee96401c03666aa3eeec7a40fbc42ff05e1b3.tar.gz dotfiles-1dfee96401c03666aa3eeec7a40fbc42ff05e1b3.tar.bz2 dotfiles-1dfee96401c03666aa3eeec7a40fbc42ff05e1b3.zip | |
fix(net): positive-match physical NICs into bond0
Name= negation list was failing in practice — veth/waydroid interfaces
were still being enslaved into bond0, taking down host networking.
Switch to positive matching: Path=pci-*|platform-* AND Name=en* AND
Type=ether. Virtual interfaces (veth, virbr, waydroid0, docker0, ...)
have no udev ID_PATH and never start with 'en', so they're cleanly
excluded by the AND of all three keys.
Diffstat (limited to 'etc/systemd/network')
| -rw-r--r-- | etc/systemd/network/30-ethernet-bond0.network | 23 |
1 files changed, 9 insertions, 14 deletions
diff --git a/etc/systemd/network/30-ethernet-bond0.network b/etc/systemd/network/30-ethernet-bond0.network index 32d6d40..31f14a2 100644 --- a/etc/systemd/network/30-ethernet-bond0.network +++ b/etc/systemd/network/30-ethernet-bond0.network @@ -1,20 +1,15 @@ -# NOTE: Type=ether matches ALL ethernet interfaces. Any future USB/Thunderbolt -# ethernet dongle would be auto-enslaved into bond0. If that becomes a problem, -# narrow the [Match] section to MACAddress= or a persistent Name= (e.g. enp*s0). +# Match only real, physical ethernet via Path= (PCI + USB) and udev's +# predictable name pattern. This is more robust than Type=ether + Name= negation: +# negations on Name= matched veth/virbr/waydroid interfaces in practice, which +# enslaved them into bond0 and broke host networking (waydroid, libvirt, etc.). # -# Name= negations below exclude virtual interfaces that should NEVER be enslaved: -# vnet* — libvirt tap devices (VM NICs) -# virbr* — libvirt bridges -# tap* — generic TAP interfaces -# veth* — container/namespace veth pairs -# docker*, br-*, podman* — container engine bridges -# waydroid* — waydroid's Android container bridge (waydroid0) -# Without these, e.g. libvirt VM taps get pulled into bond0 and lose their bridge, -# breaking VM networking (DHCP, NAT). Waydroid is especially catastrophic: -# enslaving waydroid0 into bond0 takes down the host's default route. +# Path=pci-* covers built-in PCIe NICs (enpXsY, ethN). +# Path=platform-* covers SoC-attached NICs (none on x86 laptops but harmless). +# Name=enx* covers USB ethernet dongles, which have no stable PCI path. [Match] +Path=pci-* platform-* +Name=en* enx* Type=ether -Name=!vnet* !virbr* !tap* !veth* !docker* !br-* !podman* !waydroid* [Network] Bond=bond0 |