September 2016 - connman

[PATCH 0/2] DHCPv6 infinite expiry times

by Patrik Flykt

Hi, This patch set is heavily influenced by the patch set from wangfe(a)nestlabs.com. The difference is that T1, T2 and expiry timeouts are all set to 0xffffffff (infinite) when the expiry time is infinite. With this it is believed any further changes will be much smaller, as the code already checks for T1 and T2 being unequal to 0xffffffff. Wang Feng, does this work with your setup? Cheers, Patrik Patrik Flykt (2): dhcpv6: Return -EISCONN when the expiry time is inifinite gdhcp: Set T1 and T2 to infinite if expiry time is infinite gdhcp/client.c | 9 ++++++--- src/dhcpv6.c | 5 +++++ 2 files changed, 11 insertions(+), 3 deletions(-) -- 2.8.1

3 years, 5 months

5
10
0 / 0

[PATCH] Adds support for additional wpa_supplicant options

by Lichtinger, Bernhard

Hi, I added support for the following wpa_supplicant options to connman: subject_match, altsubject_match, domain_suffix_match, domain_match they are used for 802.1X aka. enterprise-wpa to check the authentication server's certificate in order to prevent MITM attacks using a valid certificate issued by the same root-CA as configured by CACertFile. More details at https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf I would be happy if you integrate it. Regards, Bernhard

3 years, 6 months

3
8
0 / 0

[PATCH] tethering: Add verification to bridge creation and configuration

by Jose Blanquicet

In case there is an error while setting up the bridge for WiFi tethering, ConnMan will anyway indicate success and the removed interface will remain removed and could not be use anymore. This patch aims to avoid such a situation by adding a verification after setting up the bridge set-up and in case there is an error stop the process and do not remove the interface. Integration of this verification to others tethering technologies has to be evaluated and implemented in case it is advantageous. --- include/technology.h | 2 +- plugins/bluetooth.c | 5 +++++ plugins/ethernet.c | 5 +++++ plugins/gadget.c | 5 +++++ plugins/wifi.c | 23 ++++++++++++++++++----- src/connman.h | 2 +- src/technology.c | 19 ++++++++++++------- src/tethering.c | 16 +++++++++------- 8 files changed, 56 insertions(+), 21 deletions(-) diff --git a/include/technology.h b/include/technology.h index d7fcdde..97db660 100644 --- a/include/technology.h +++ b/include/technology.h @@ -36,7 +36,7 @@ extern "C" { struct connman_technology; -void connman_technology_tethering_notify(struct connman_technology *technology, +int connman_technology_tethering_notify(struct connman_technology *technology, bool enabled); int connman_technology_set_regdom(const char *alpha2); void connman_technology_regdom_notify(struct connman_technology *technology, diff --git a/plugins/bluetooth.c b/plugins/bluetooth.c index 401bb30..46ac7e6 100644 --- a/plugins/bluetooth.c +++ b/plugins/bluetooth.c @@ -692,6 +692,11 @@ static void tethering_create_cb(DBusMessage *message, void *user_data) DBG("bridge %s %s", tethering->bridge, tethering->enable ? "enabled": "disabled"); + /* + * TODO: In case of enabling, use return value to check + * if bridge was created and DHCP Server was + * configured/started successfully before continuing. + */ if (tethering->technology) connman_technology_tethering_notify(tethering->technology, tethering->enable); diff --git a/plugins/ethernet.c b/plugins/ethernet.c index 9a4d741..942b003 100644 --- a/plugins/ethernet.c +++ b/plugins/ethernet.c @@ -371,6 +371,11 @@ static void eth_tech_enable_tethering(struct connman_technology *technology, remove_network(device, ethernet); } + /* + * TODO: Use return value to check if bridge was created + * and DHCP Server was configured/started successfully + * before continuing. + */ connman_technology_tethering_notify(technology, true); connman_inet_ifup(index); diff --git a/plugins/gadget.c b/plugins/gadget.c index 94f6648..fbe784f 100644 --- a/plugins/gadget.c +++ b/plugins/gadget.c @@ -265,6 +265,11 @@ static void gadget_tech_enable_tethering(struct connman_technology *technology, remove_network(device, gadget); } + /* + * TODO: Use return value to check if bridge was created + * and DHCP Server was configured/started successfully + * before continuing. + */ connman_technology_tethering_notify(technology, true); connman_inet_ifup(index); diff --git a/plugins/wifi.c b/plugins/wifi.c index 8bde9c0..1b25739 100644 --- a/plugins/wifi.c +++ b/plugins/wifi.c @@ -3138,13 +3138,14 @@ static void sta_remove_callback(int result, DBG("ifname %s result %d ", info->ifname, result); if ((result < 0) || (info->wifi->ap_supported != WIFI_AP_SUPPORTED)) { - info->wifi->tethering = true; + info->wifi->tethering = false; + connman_technology_tethering_notify(info->technology, false); g_free(info->ifname); g_free(info->ssid); g_free(info); - if (info->wifi->ap_supported == WIFI_AP_SUPPORTED){ + if (info->wifi->ap_supported == WIFI_AP_SUPPORTED) { g_free(info->wifi->tethering_param->ssid); g_free(info->wifi->tethering_param); info->wifi->tethering_param = NULL; @@ -3154,8 +3155,6 @@ static void sta_remove_callback(int result, info->wifi->interface = NULL; - connman_technology_tethering_notify(info->technology, true); - g_supplicant_interface_create(info->ifname, driver, info->wifi->bridge, ap_create_callback, info); @@ -3171,7 +3170,7 @@ static int enable_wifi_tethering(struct connman_technology *technology, struct wifi_tethering_info *info; const char *ifname; unsigned int mode; - int err; + int err, bridge_result = 0; for (list = iface_list; list; list = list->next) { wifi = list->data; @@ -3230,6 +3229,11 @@ static int enable_wifi_tethering(struct connman_technology *technology, info->wifi->tethering = true; info->wifi->ap_supported = WIFI_AP_SUPPORTED; + bridge_result = + connman_technology_tethering_notify(technology, true); + if (bridge_result < 0) + goto failed; + err = g_supplicant_interface_remove(interface, sta_remove_callback, info); @@ -3244,6 +3248,15 @@ static int enable_wifi_tethering(struct connman_technology *technology, g_free(info); g_free(wifi->tethering_param); wifi->tethering_param = NULL; + + if (bridge_result < 0) { + /* + * If it was an error while setting up the bridge then + * do not try again on another interface, bridge set-up + * does not depend on it. + */ + break; + } } return -EOPNOTSUPP; diff --git a/src/connman.h b/src/connman.h index 401e3d7..ce3ef8d 100644 --- a/src/connman.h +++ b/src/connman.h @@ -620,7 +620,7 @@ int __connman_tethering_init(void); void __connman_tethering_cleanup(void); const char *__connman_tethering_get_bridge(void); -void __connman_tethering_set_enabled(void); +int __connman_tethering_set_enabled(void); void __connman_tethering_set_disabled(void); int __connman_private_network_request(DBusMessage *msg, const char *owner); diff --git a/src/technology.c b/src/technology.c index 660af52..6f91af7 100644 --- a/src/technology.c +++ b/src/technology.c @@ -211,22 +211,27 @@ static void tethering_changed(struct connman_technology *technology) technology_save(technology); } -void connman_technology_tethering_notify(struct connman_technology *technology, +int connman_technology_tethering_notify(struct connman_technology *technology, bool enabled) { + int err; + DBG("technology %p enabled %u", technology, enabled); if (technology->tethering == enabled) - return; + return -EALREADY; - technology->tethering = enabled; + if (enabled) { + err = __connman_tethering_set_enabled(); + if (err < 0) + return err; + } else + __connman_tethering_set_disabled(); + technology->tethering = enabled; tethering_changed(technology); - if (enabled) - __connman_tethering_set_enabled(); - else - __connman_tethering_set_disabled(); + return 0; } static int set_tethering(struct connman_technology *technology, diff --git a/src/tethering.c b/src/tethering.c index 3153349..9d72bce 100644 --- a/src/tethering.c +++ b/src/tethering.c @@ -181,7 +181,7 @@ static void tethering_restart(struct connman_ippool *pool, void *user_data) __connman_tethering_set_enabled(); } -void __connman_tethering_set_enabled(void) +int __connman_tethering_set_enabled(void) { int index; int err; @@ -197,12 +197,12 @@ void __connman_tethering_set_enabled(void) DBG("enabled %d", tethering_enabled + 1); if (__sync_fetch_and_add(&tethering_enabled, 1) != 0) - return; + return -EACCES; err = __connman_bridge_create(BRIDGE_NAME); if (err < 0) { __sync_fetch_and_sub(&tethering_enabled, 1); - return; + return -EOPNOTSUPP; } index = connman_inet_ifindex(BRIDGE_NAME); @@ -212,7 +212,7 @@ void __connman_tethering_set_enabled(void) connman_error("Fail to create IP pool"); __connman_bridge_remove(BRIDGE_NAME); __sync_fetch_and_sub(&tethering_enabled, 1); - return; + return -EADDRNOTAVAIL; } gateway = __connman_ippool_get_gateway(dhcp_ippool); @@ -228,7 +228,7 @@ void __connman_tethering_set_enabled(void) __connman_ippool_unref(dhcp_ippool); __connman_bridge_remove(BRIDGE_NAME); __sync_fetch_and_sub(&tethering_enabled, 1); - return; + return -EADDRNOTAVAIL; } ns = connman_setting_get_string_list("FallbackNameservers"); @@ -264,7 +264,7 @@ void __connman_tethering_set_enabled(void) __connman_ippool_unref(dhcp_ippool); __connman_bridge_remove(BRIDGE_NAME); __sync_fetch_and_sub(&tethering_enabled, 1); - return; + return -EOPNOTSUPP; } prefixlen = connman_ipaddress_calc_netmask_len(subnet_mask); @@ -276,7 +276,7 @@ void __connman_tethering_set_enabled(void) __connman_ippool_unref(dhcp_ippool); __connman_bridge_remove(BRIDGE_NAME); __sync_fetch_and_sub(&tethering_enabled, 1); - return; + return -EOPNOTSUPP; } err = __connman_ipv6pd_setup(BRIDGE_NAME); @@ -285,6 +285,8 @@ void __connman_tethering_set_enabled(void) strerror(-err)); DBG("tethering started"); + + return 0; } void __connman_tethering_set_disabled(void) -- 1.9.1

3 years, 7 months

2
1
0 / 0

[PATCH v2] service: Add AlwaysConnectedTechnologies option

by Ioan-Adrian Ratiu

Add a new list option that enables auto-connecting all technologies which also contain AutoConnect=true regradless of the setting for PreferredTechnologies. The default AlwaysConnectedTechnologies value is empty which keeps the current behaviour intact, i.e. if a higher preffered technology is already connected, others will not autoconnect. This setting has no effect if SingleConnectedTechnologies is enabled. Based on work originally by Collin Richards <collin.richards(a)ni.com>. Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu(a)ni.com> --- src/main.c | 18 ++++++++++++++++++ src/main.conf | 7 +++++++ src/service.c | 22 ++++++++++++++++++++-- 3 files changed, 45 insertions(+), 2 deletions(-) diff --git a/src/main.c b/src/main.c index fdb4f72..462ac15 100644 --- a/src/main.c +++ b/src/main.c @@ -67,6 +67,7 @@ static struct { char **pref_timeservers; unsigned int *auto_connect; unsigned int *preferred_techs; + unsigned int *always_connected_techs; char **fallback_nameservers; unsigned int timeout_inputreq; unsigned int timeout_browserlaunch; @@ -81,6 +82,7 @@ static struct { .pref_timeservers = NULL, .auto_connect = NULL, .preferred_techs = NULL, + .always_connected_techs = NULL, .fallback_nameservers = NULL, .timeout_inputreq = DEFAULT_INPUT_REQUEST_TIMEOUT, .timeout_browserlaunch = DEFAULT_BROWSER_LAUNCH_TIMEOUT, @@ -95,6 +97,7 @@ static struct { #define CONF_BG_SCAN "BackgroundScanning" #define CONF_PREF_TIMESERVERS "FallbackTimeservers" #define CONF_AUTO_CONNECT "DefaultAutoConnectTechnologies" +#define CONF_ALWAYS_CONNECTED_TECHS "AlwaysConnectedTechnologies" #define CONF_PREFERRED_TECHS "PreferredTechnologies" #define CONF_FALLBACK_NAMESERVERS "FallbackNameservers" #define CONF_TIMEOUT_INPUTREQ "InputRequestTimeout" @@ -110,6 +113,7 @@ static const char *supported_options[] = { CONF_BG_SCAN, CONF_PREF_TIMESERVERS, CONF_AUTO_CONNECT, + CONF_ALWAYS_CONNECTED_TECHS, CONF_PREFERRED_TECHS, CONF_FALLBACK_NAMESERVERS, CONF_TIMEOUT_INPUTREQ, @@ -295,6 +299,17 @@ static void parse_config(GKeyFile *config) g_clear_error(&error); str_list = __connman_config_get_string_list(config, "General", + CONF_ALWAYS_CONNECTED_TECHS, &len, &error); + + if (!error) + connman_settings.always_connected_techs = + parse_service_types(str_list, len); + + g_strfreev(str_list); + + g_clear_error(&error); + + str_list = __connman_config_get_string_list(config, "General", CONF_FALLBACK_NAMESERVERS, &len, &error); if (!error) @@ -572,6 +587,9 @@ unsigned int *connman_setting_get_uint_list(const char *key) if (g_str_equal(key, CONF_PREFERRED_TECHS)) return connman_settings.preferred_techs; + if (g_str_equal(key, CONF_ALWAYS_CONNECTED_TECHS)) + return connman_settings.always_connected_techs; + return NULL; } diff --git a/src/main.conf b/src/main.conf index acceda3..d619413 100644 --- a/src/main.conf +++ b/src/main.conf @@ -101,3 +101,10 @@ # quality. See RFC6343. Default value is false (as recommended by RFC6343 # section 4.1). # Enable6to4 = false + +# List of technologies with AutoConnect = true which are always connected +# regardless of PreferredTechnologies setting. Default value is empty and +# will connect a technology only if it is at a higher preference than any +# other which is already connected. +# This setting has no effect if SingleConnectedTechnologies is enabled. +# AlwaysConnectedTechnologies = diff --git a/src/service.c b/src/service.c index 37af5fc..98acd14 100644 --- a/src/service.c +++ b/src/service.c @@ -3750,6 +3750,19 @@ static GList *preferred_tech_list_get(void) return tech_data.preferred_list; } +bool __connman_service_always_connect(enum connman_service_type type) +{ + unsigned int *always_connected_techs = + connman_setting_get_uint_list("AlwaysConnectedTechnologies"); + int i; + + for (i = 0; always_connected_techs && always_connected_techs[i]; i++) + if (always_connected_techs[i] == type) + return true; + + return false; +} + static bool auto_connect_service(GList *services, enum connman_service_connect_reason reason, bool preferred) @@ -3757,6 +3770,7 @@ static bool auto_connect_service(GList *services, struct connman_service *service = NULL; bool ignore[MAX_CONNMAN_SERVICE_TYPES] = { }; bool autoconnecting = false; + GList *list; DBG("preferred %d sessions %d reason %s", preferred, active_count, @@ -3776,8 +3790,12 @@ static bool auto_connect_service(GList *services, if (service->pending || is_connecting(service) || is_connected(service)) { - if (!active_count) - return true; + if (!active_count) { + if (__connman_service_always_connect(service->type)) + continue; + else + return true; + } ignore[service->type] = true; autoconnecting = true; -- 2.9.3

3 years, 7 months

2
1
0 / 0

FW: [PATCH] dhcp: Follow the RFC regarding ordrer of "subnet" and "router" option

by Kristian Klausen

Resending because it seems like I need to be subscribed, before I can post. and it impossible to get in contact with any Connman dev (which could check the mail, and allow it to be posted).. At least on #connman on freenode. ---------------------------------------- > From: klausenbusk(a)hotmail.com > To: connman(a)lists.01.org > Subject: [PATCH] dhcp: Follow the RFC regarding ordrer of "subnet" and "router" option > Date: Wed, 28 Sep 2016 22:17:30 +0200 > > The 2132 RFC clearly state, that the "subnet" option should be before > the "router" option. > > "If both the subnet mask and the router option are specified in a DHCP > reply, the subnet mask option MUST be first." > - https://tools.ietf.org/html/rfc2132#section-3.3 > > Some dhcp servers (D-Link DSR-1000) doesn't responds correctly, if that > isn't the case. > For example the D-Link DSR-1000 which respond back with a DHCPACK > containing two "subnet" option but no "router" option. > --- > src/dhcp.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/src/dhcp.c b/src/dhcp.c > index 57e7ac9..4d23581 100644 > --- a/src/dhcp.c > +++ b/src/dhcp.c > @@ -576,8 +576,8 @@ static int dhcp_initialize(struct connman_dhcp *dhcp) > g_dhcp_client_set_request(dhcp_client, G_DHCP_MTU); > } > > - g_dhcp_client_set_request(dhcp_client, G_DHCP_SUBNET); > g_dhcp_client_set_request(dhcp_client, G_DHCP_ROUTER); > + g_dhcp_client_set_request(dhcp_client, G_DHCP_SUBNET); > > g_dhcp_client_register_event(dhcp_client, > G_DHCP_CLIENT_EVENT_LEASE_AVAILABLE, > -- > 2.10.0 > >

3 years, 8 months

2
1
0 / 0

[PATCH 1/3] docs: update manager-api.txt to include BrowserOnly Key

by Atul Anand

It has been documented that we are adding a new dict key BrowserOnly on PACrunner DBus interface. --- doc/manager-api.txt | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/doc/manager-api.txt b/doc/manager-api.txt index 9e6209d..0e0b7aa 100644 --- a/doc/manager-api.txt +++ b/doc/manager-api.txt @@ -60,6 +60,12 @@ Methods object CreateProxyConfiguration(dict settings) Interface name like "wlan0" etc. to provide consistent results for myIpAddress function. + boolean BrowserOnly [optional] + + If this value is set, proxy configuration will + be used for only browser schemes. If no Key is + received PACrunner assumes FALSE by default. + array{string} Domains [optional] Domain names and IP range for which this proxy -- 2.5.5

3 years, 8 months

2
3
0 / 0

[PATCH 0/1] Fix nameserver and search domain ordering when writing resolv.conf

by Sam Nazarko

Hi, This patch fixes an issue where DNS servers and search domains are written to resolv.conf in the reverse order. This has caused problems with some OSMC users that have relied on the primary DNS server to be listed first and have a faulty or intermittent secondary DNS server. While I am in agreement that these users should fix their secondary DNS server, we should still respect the ordering that they configure or get via DHCP. I previously submitted a patch to this mailing list in hope of addressing an issue however the ConnMan mailing list disappeared for a while and I lost my post. This new patch resolves both search domains and DNS servers being out of order. Sam Nazarko

3 years, 8 months

2
2
0 / 0

[PATCH 00/16] Coverity warnings and cleanup

by Peter Meerwald-Stadler

patches 1 to 6 address issues flagged by Coverity patch 7 removes necessary code and an invalid comment patches 8 and 9 are cleanup patch 10 addresses a Coverity issue patch 11 removes unused code patches 12 to 16 unifies get_random() code and moves it into shared/ Peter Meerwald-Stadler (16): dhcpv6: Check setsockopt() retval common: Check setsockopt() retval ntp: Fix unused value gdhcp: Fix potential NULL deref ofono: Fix potential NULL deref peer_service: Setting retval ignored, always overwritten dhcpv6: Remove pointless compute_random() helper build: Fix whitespace Makefile.am util: Make file handle of /dev/urandom static util: Reading from /dev/urandom ignores the number of bytes read shared: Drop unused shared/debugfs.c|.h shared: Add util_get_random() gdhcp: Use util_get_random() gdhcp: Remove dhcp_get_random() Use util_get_random() Remove __connman_util_get_random() Makefile.am | 8 ++--- gdhcp/client.c | 10 +++--- gdhcp/common.c | 53 ++++++++----------------------- gdhcp/common.h | 1 + gdhcp/gdhcp.h | 3 -- gdhcp/ipv4ll.c | 7 ++--- plugins/ofono.c | 3 +- src/config.c | 4 ++- src/connman.h | 3 -- src/dhcp.c | 2 -- src/dhcpv6.c | 20 +++++------- src/dnsproxy.c | 4 +-- src/main.c | 4 +-- src/ntp.c | 3 +- src/peer_service.c | 3 -- src/shared/debugfs.c | 66 --------------------------------------- src/shared/debugfs.h | 24 -------------- src/shared/util.c | 45 +++++++++++++++++++++++++++ src/shared/util.h | 5 +++ src/util.c | 88 ---------------------------------------------------- 20 files changed, 95 insertions(+), 261 deletions(-) delete mode 100644 src/shared/debugfs.c delete mode 100644 src/shared/debugfs.h delete mode 100644 src/util.c -- 2.7.4

3 years, 8 months

3
26
0 / 0

[PATCH] service: Use PreferredTechnologies for service ordering

by Maxime Chevallier

When services have the same state, the PreferredTechnologies list needs to be taken into account for service ordering. This applies when all services are 'ready' but none is 'online'. This patch checks for services in PreferredTechnologies before defaulting to the hardcoded list in service_compare. --- src/service.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/service.c b/src/service.c index 37af5fc..ee10e6c 100644 --- a/src/service.c +++ b/src/service.c @@ -4759,6 +4759,20 @@ static gint service_compare(gconstpointer a, gconstpointer b) return 1; if (service_a->type != service_b->type) { + unsigned int *tech_array; + int i; + + tech_array = connman_setting_get_uint_list( + "PreferredTechnologies"); + if (tech_array) { + for (i = 0; tech_array[i]; i++) { + if (tech_array[i] == service_a->type) + return -1; + + if (tech_array[i] == service_b->type) + return 1; + } + } if (service_a->type == CONNMAN_SERVICE_TYPE_ETHERNET) return -1; -- 2.1.4

3 years, 8 months

2
1
0 / 0

[PATCH v0 0/3] nftable session fixes

by Daniel Wagner

From: Daniel Wagner <daniel.wagner(a)bmw-carit.de> Hi, The first patch removes the connection tracking code from ConnMan. We never really used it. It looks like we are soon having means to enforce network activies via cgroups (eBPF) thanks to Daniel Macks work [1]. So I think its better to have this kind of enforcement in an external component. The second patch does add a warning when nftables fails. It took me a while to figure out what's going on when I forgot to load the right module. So why not just be userfriendly. The last patch moves the marking rule to the route table. I just placed it iniatially into the filter chain. That was wrong. With this, the packets are routed acording the session settings. cheers, daniel [1] https://lwn.net/Articles/701162/ Daniel Wagner (3): nftables: Drop connection tracking nftables: Improve warning messages nftables: Mark packets in the route table src/firewall-nftables.c | 119 ++++++------------------------------------------ 1 file changed, 14 insertions(+), 105 deletions(-) -- 2.7.4

3 years, 8 months

2
5
0 / 0

2020

2019

2018

2017

2016

2015

connman September 2016