Why can't connman automatically enable and connect to cellular network interface?
by JH
Hi,
I installed oFono plugin to an embedded system where the cellular is
used, I suppose that the connman should automatically enable and
connect to cellular when it first time boot up, it didn't, I have to
manually run the connmanctl command to enable and to connect it. In a
product due to limited Flash storage size, I'll not install connmanctl
and there will be no manual interactive process, how can I set up
connman to automatically enable and connect to cellular network
interface?
Thank you.
Kind regards,
- jupiter
7 months
dnsproxy: invalid answer where there are no DNS servers available
by Nuno Gonçalves
Hi,
Typing "ping abcd", where abcd does not exist on /etc/hosts or in the
search domains, will usually hang for a while with Connman.
I've compared with other systems and my conclusion is that libnss_dns
is retrying the DNS request to connman, since connman answer does not
include the query field.
This behaviour comes from [1], where both a invalid Query and no
upstream servers are handled in the same way.
I believe the query field must be part of the answer when the Query
message was valid, but just happens to not be possible to resolve.
Thanks,
Nuno
[1] https://git.kernel.org/pub/scm/network/connman/connman.git/tree/src/dnspr...
1 year
IPv6 privacy extensions with connman
by Christian
Hi there,
I am trying to activate IPv6 with privacy extension. (On a Libreelec
system, running on a Raspberry Pi 3).
First, I encountered a spelling mistake: The option for "IPv6.privacy"
actually has to be spelled "prefered" to work. With the correct
spelling "preferred" nothing happened. Only after changing it to the
wrong spelling a second IPv6 was generated and the option showed up in
the service (listed as: Privacy=prefered).
Second, after setting the privacy option to "prefered", I get an
additional IPv6, however it is set as "scope global secondary dynamic".
Privacy extensions should normally be "scope global temporary dynamic"
and get deprecated after some time.
Am I having the wrong configuration here or are these bugs?
Kind Regards
Christian
1 year, 2 months
[PATCH] config: Add support matching on device name for provisioning
by Daniel Wagner
While matching on the MAC address is working for plain interfaces, it
wont work for managing VLAN interfaces. The VLAN interfaces share the
same MAC address with the parent interface.
The argument that the MAC address is the only stable way to identify a
device is a bit weak because the MAC can be changed via udev or other
means.
Furthermore, with systemd's feature of stable interface name it makes
things a lot easier for embedded system with a pre-provisioning
rootfs. Such devices have different MAC address but all of them have
the same interface name.
---
doc/config-format.txt | 2 ++
doc/connman-service.config.5.in | 9 +++++++++
src/config.c | 27 +++++++++++++++++++++++++++
3 files changed, 38 insertions(+)
diff --git a/doc/config-format.txt b/doc/config-format.txt
index 584220f0bf0e..cdde9cbcf676 100644
--- a/doc/config-format.txt
+++ b/doc/config-format.txt
@@ -59,6 +59,8 @@ an identifier unique to the config file.
interface is used. The byte values must have prefix 0 added,
the bytes must be separated by ":" char and its length must be
exactly 2 + 1 + 2 + 1 + 2 + 1 + 2 + 1 + 2 + 1 + 2 = 17 characters.
+- DeviceName: The interface name where this setting should be applied, e.g.
+ eth0. The MAC address will take preference over DeviceName in matching.
- Nameservers: Comma separated list of nameservers
- SearchDomains: Comma separated list of DNS search domains
- Timeservers: Comma separated list of timeservers
diff --git a/doc/connman-service.config.5.in b/doc/connman-service.config.5.in
index eb63f225b515..701f61f9ea13 100644
--- a/doc/connman-service.config.5.in
+++ b/doc/connman-service.config.5.in
@@ -59,6 +59,10 @@ IPv6 privacy settings as per RFC3041.
MAC address of the interface to be used. If not specified, the first
found interface is used. Must be in format ab:cd:ef:01:23:45.
.TP
+.BI DeviceName= ifname
+Device name the interface to be used, e.g. eth0. MAC takes preference
+over DeviceName.
+.TP
.BI Nameservers= servers
Comma separated list of nameservers.
.TP
@@ -209,6 +213,11 @@ Name = my_home_wifi
Passphrase = password
IPv4 = 192.168.2.2/255.255.255.0/192.168.2.1
MAC = 06:05:04:03:02:01
+
+[service_vlan]
+Type = ethernet
+DeviceName = enp4s0.1
+IPv4 = 192.168.1.42/255.255.255.0/192.168.1.1
.fi
.SH "SEE ALSO"
.BR connman (8)
diff --git a/src/config.c b/src/config.c
index af4f07e1e578..62023b1072da 100644
--- a/src/config.c
+++ b/src/config.c
@@ -72,6 +72,7 @@ struct connman_config_service {
char *ipv6_gateway;
char *ipv6_privacy;
char *mac;
+ char *devname;
bool mdns;
char **nameservers;
char **search_domains;
@@ -119,6 +120,7 @@ static bool cleanup = false;
#define SERVICE_KEY_IPv6 "IPv6"
#define SERVICE_KEY_IPv6_PRIVACY "IPv6.Privacy"
#define SERVICE_KEY_MAC "MAC"
+#define SERVICE_KEY_DEVICE_NAME "DeviceName"
#define SERVICE_KEY_NAMESERVERS "Nameservers"
#define SERVICE_KEY_SEARCH_DOMAINS "SearchDomains"
#define SERVICE_KEY_TIMESERVERS "Timeservers"
@@ -154,6 +156,7 @@ static const char *service_possible_keys[] = {
SERVICE_KEY_IPv6,
SERVICE_KEY_IPv6_PRIVACY,
SERVICE_KEY_MAC,
+ SERVICE_KEY_DEVICE_NAME,
SERVICE_KEY_MDNS,
SERVICE_KEY_NAMESERVERS,
SERVICE_KEY_SEARCH_DOMAINS,
@@ -257,6 +260,7 @@ static void unregister_service(gpointer data)
g_free(config_service->ipv6_gateway);
g_free(config_service->ipv6_privacy);
g_free(config_service->mac);
+ g_free(config_service->devname);
g_strfreev(config_service->nameservers);
g_strfreev(config_service->search_domains);
g_strfreev(config_service->timeservers);
@@ -478,6 +482,12 @@ static bool load_service_generic(GKeyFile *keyfile,
service->mac = str;
}
+ str = __connman_config_get_string(keyfile, group, SERVICE_KEY_DEVICE_NAME, NULL);
+ if (str) {
+ g_free(service->devname);
+ service->devname = str;
+ }
+
str = __connman_config_get_string(keyfile, group, SERVICE_KEY_DOMAIN, NULL);
if (str) {
g_free(service->domain_name);
@@ -531,6 +541,7 @@ static bool load_service_generic(GKeyFile *keyfile,
g_free(service->ipv6_address);
g_free(service->ipv6_gateway);
g_free(service->mac);
+ g_free(service->devname);
g_free(service);
return false;
@@ -1271,6 +1282,22 @@ static int try_provision_service(struct connman_config_service *config,
if (g_ascii_strcasecmp(device_addr, config->mac) != 0)
return -ENOENT;
+ } else if (config->devname) {
+ struct connman_device *device;
+ const char *devname;
+
+ device = connman_network_get_device(network);
+ if (!device) {
+ connman_error("Network device is missing");
+ return -ENODEV;
+ }
+
+ devname = connman_device_get_string(device, "Interface");
+
+ DBG("wants %s has %s", config->devname, devname);
+
+ if (g_ascii_strcasecmp(devname, config->devname) != 0)
+ return -ENOENT;
}
if (!config->ipv6_address) {
--
2.20.1
1 year, 3 months
[PATCH 0/5] VPN settings and configurable VPN privileges
by Jussi Laakkonen
This set of commits moves the VPN configuration from vpn/main.c into
vpn/vpn-settings.c. The configuration is amended with the option to
define privileges using DAC (user, group and supplementary groups) for
the VPN binary started by VPN plugin.
Settings can be defined for all VPNs in CONFIGDIR/connman-vpn.conf
or separately for each VPN using the plugin name. For example, OpenVPN
configuration is in CONFIGDIR/vpn-plugins/openvpn.conf. Setting a
plugin specific configuration overrides main connman-vpn.conf settings.
If there is no configuration for some parameter set, the default value
is used and if the default value is also missing, nothing is done.
Documentation of this is added to connman-vpn.conf manual pages.
When registering a VPN (vpn_register()) vpn/plugins/vpn.c loads the
plugin specific config (struct vpn_plugin_data). If configuration
exists the returned content is used when connecting the VPN. Config is
loaded only once and is free'd when plugin calls vpn_unregister().
task.c is modified to support a custom task setup function and user
data for it when new task is to be created. This custom task setup
function is executed when the task is being run and the user data is
passed for it to process.
vpn/plugins/vpn.c utilizes this by defining vpn_task_setup() function
to be run at VPN start. This vpn_task_setup() takes the config and sets
group, supplementary groups and user for the VPN plugin binary (in this
order). setgid(), setgroups() and setuid() is used and CAP_SETGID and
CAP_SETUID are, therefore, required.
Setting up groups is a system specific problem, but in general,
following should work at least with OpenVPN:
User = <user for VPN>
Group = vpn
SupplementaryGroups = inet, net_admin
Jussi Laakkonen (5):
vpn: Move settings from main.c to vpn-settings.c
vpn: Add support for configurable user and groups in settings
task: Add support for a custom setup function
vpn: Run VPN plugin binaries with configurable privileges
man: Document VPN config file privilege configuration in
connman-vpn.conf
Makefile.am | 2 +-
doc/connman-vpn.conf.5.in | 34 ++++-
include/task.h | 6 +-
src/task.c | 13 +-
vpn/connman-vpn.service.in | 2 +-
vpn/main.c | 68 +---------
vpn/plugins/vpn.c | 136 +++++++++++++++++++-
vpn/vpn-settings.c | 254 +++++++++++++++++++++++++++++++++++++
vpn/vpn.h | 16 +++
9 files changed, 460 insertions(+), 71 deletions(-)
create mode 100644 vpn/vpn-settings.c
--
2.20.1
1 year, 3 months
[PATCH 0/2] Don't export duplicate entries in resolv.conf
by Daniel Wagner
Fix bug reports on duplicate entries in resolv.conf (-r/--nodnsproxy)
Daniel Wagner (2):
service: Refactor __connman_service_nameserver_append
resolver: Don't export domain or nameserver duplicates
src/resolver.c | 39 ++++++++++++++++++++++++++++++++++-----
src/service.c | 9 +++++----
2 files changed, 39 insertions(+), 9 deletions(-)
--
2.20.1
1 year, 3 months
duplicate entries in /etc/resolv.conf
by Doron Behar
Hello connman devs,
Last update was wonderful - real support for iwd as a WiFi backend is a
great improvement and as I always say when reporting issues here, it's a
real pleasure using connman.
The reason I'm posting this thread is because connman does weird things
with it's /var/run/connman/resolv.conf (which I linked to
/etc/resolv.conf).
I'm connected both with WiFi and Ethernet to my home network but since
I've set PreferredTechnologies=ethernet,wifi my default route is through
the Ethernet connection - exactly as I want it.
I have a few other settings in my /etc/connman/main.conf so perhaps
they are the reason I'm having trouble with /etc/resolv.conf. Here it
is:
[General]
AutoConnectRoamingServices=true
PersistentTetheringMode=true
SingleConnectedTechnology=true
PreferredTechnologies=ethernet,wifi
AllowDomainnameUpdates=false
AllowHostnameUpdates=false
The problem I'm having is that I get duplicate entries in
/etc/resolv.conf, perhaps because I'm connected to the same network
twice. This is the /etc/resolv.conf connman comes up with whenever I
boot:
search Home Home Home
nameserver fdc9:8a32:cbfb:0:16ae:dbff:fe55:f320
nameserver fdc9:8a32:cbfb:0:16ae:dbff:fe55:f320
nameserver 192.168.14.1
Every once in a while (not only after boot), I need to change
/etc/resolv.conf to this when I feel the internet becomes slow:
search Home
nameserver fdc9:8a32:cbfb:0:16ae:dbff:fe55:f320
nameserver 192.168.14.1
Since the `search` entry seems to be related to my domain, I've added
AllowDomainnameUpdates=false in order to mitigate that but it doesn't
help.
Perhaps I don't understand well the configuration file parameters,
although I've read the manpage thoroughly. Anyway, I think connman
should avoid writing a `resolv.conf` file with duplicate entries like it
does to mine.
Waiting for your reply, Thanks.
Doron.
1 year, 3 months
VLAN configuration support
by Langlois, Maxime
Hi,
I am trying to write a configuration file for the following setup, but
unsure if it is supported...
I have a physical interface eth0, on which 2 vlans, say eth0.1 &
eth0.2, are manually created before starting connman.
I need to assign a static link-layer address on eth0.1 and use dhcp on
eth0.2. I know we assign a configuration to a specific interface using
the MAC address, but as the vlan's interfaces have the same MAC address
as the actual physical interface, is it possible to match a
configuration to a specific vlan interface?
Thanks in advance for your support!
--
Maxime Langlois
1 year, 3 months
[PATCH] plugins: Build dynamically loadable VPN plugins
by Jussi Laakkonen
This commit fixes the issue of loading external (library) VPN plugins
using dlopen(). The vpn/plugins/vpn.c source should not be built with
external VPN plugins as vpn/plugins/vpn.c is regarded as a plugin. This
will cause undefined symbol erros when opening the .so using dlopen(),
since vpn.c uses functions defined only for local (builtin) use and are
cannot be accessed by plugins.
The vpn/plugins/vpn.c source must be included in vpn build sources if
there is a single VPN plugin to be built. Both builtin and external
VPN plugins require this. Otherwise, when there are no builtin VPN
plugins included in build, loading of the external plugins will fail as
the vpn/plugins/vpn.c would have never included in connman-vpnd.
---
Makefile.plugins | 25 ++++++++++---------------
1 file changed, 10 insertions(+), 15 deletions(-)
diff --git a/Makefile.plugins b/Makefile.plugins
index dce8b283..7e0bc779 100644
--- a/Makefile.plugins
+++ b/Makefile.plugins
@@ -63,16 +63,15 @@ builtin_modules += vpn
builtin_sources += plugins/vpn.c
if OPENCONNECT
+builtin_vpn_source = vpn/plugins/vpn.c vpn/plugins/vpn.h
if OPENCONNECT_BUILTIN
builtin_vpn_modules += openconnect
builtin_vpn_sources += vpn/plugins/openconnect.c
-builtin_vpn_source = vpn/plugins/vpn.c vpn/plugins/vpn.h
builtin_vpn_cflags += -DOPENCONNECT=\"@OPENCONNECT@\"
else
vpn_plugin_LTLIBRARIES += vpn/plugins/openconnect.la
vpn_plugin_objects += $(plugins_openconnect_la_OBJECTS)
-vpn_plugins_openconnect_la_SOURCES = vpn/plugins/vpn.h vpn/plugins/vpn.c \
- vpn/plugins/openconnect.c
+vpn_plugins_openconnect_la_SOURCES = vpn/plugins/openconnect.c
vpn_plugins_openconnect_la_CFLAGS = $(plugin_cflags) \
-DOPENCONNECT=\"@OPENCONNECT@\" \
-DVPN_STATEDIR=\""$(vpn_statedir)"\" \
@@ -82,16 +81,15 @@ endif
endif
if OPENVPN
+builtin_vpn_source = vpn/plugins/vpn.c vpn/plugins/vpn.h
if OPENVPN_BUILTIN
builtin_vpn_modules += openvpn
builtin_vpn_sources += vpn/plugins/openvpn.c
-builtin_vpn_source = vpn/plugins/vpn.c vpn/plugins/vpn.h
builtin_vpn_cflags += -DOPENVPN=\"@OPENVPN@\"
else
vpn_plugin_LTLIBRARIES += vpn/plugins/openvpn.la
vpn_plugin_objects += $(plugins_openvpn_la_OBJECTS)
-vpn_plugins_openvpn_la_SOURCES = vpn/plugins/vpn.h vpn/plugins/vpn.c \
- vpn/plugins/openvpn.c
+vpn_plugins_openvpn_la_SOURCES = vpn/plugins/openvpn.c
vpn_plugins_openvpn_la_CFLAGS = $(plugin_cflags) -DOPENVPN=\"@OPENVPN@\" \
-DVPN_STATEDIR=\""$(vpn_statedir)"\" \
-DSCRIPTDIR=\""$(build_scriptdir)"\"
@@ -100,16 +98,15 @@ endif
endif
if VPNC
+builtin_vpn_source = vpn/plugins/vpn.c vpn/plugins/vpn.h
if VPNC_BUILTIN
builtin_vpn_modules += vpnc
builtin_vpn_sources += vpn/plugins/vpnc.c
-builtin_vpn_source = vpn/plugins/vpn.c vpn/plugins/vpn.h
builtin_vpn_cflags += -DVPNC=\"@VPNC@\"
else
vpn_plugin_LTLIBRARIES += vpn/plugins/vpnc.la
vpn_plugin_objects += $(plugins_vpnc_la_OBJECTS)
-vpn_plugins_vpnc_la_SOURCES = vpn/plugins/vpn.h vpn/plugins/vpn.c \
- vpn/plugins/vpnc.c
+vpn_plugins_vpnc_la_SOURCES = vpn/plugins/vpnc.c
vpn_plugins_vpnc_la_CFLAGS = $(plugin_cflags) -DVPNC=\"@VPNC@\" \
-DVPN_STATEDIR=\""$(vpn_statedir)"\" \
-DSCRIPTDIR=\""$(build_scriptdir)"\"
@@ -118,16 +115,15 @@ endif
endif
if L2TP
+builtin_vpn_source = vpn/plugins/vpn.c vpn/plugins/vpn.h
if L2TP_BUILTIN
builtin_vpn_modules += l2tp
builtin_vpn_sources += vpn/plugins/l2tp.c
-builtin_vpn_source = vpn/plugins/vpn.c vpn/plugins/vpn.h
builtin_vpn_cflags += -DL2TP=\"@L2TP@\"
else
vpn_plugin_LTLIBRARIES += vpn/plugins/l2tp.la
vpn_plugin_objects += $(plugins_l2tp_la_OBJECTS)
-vpn_plugins_l2tp_la_SOURCES = vpn/plugins/vpn.h vpn/plugins/vpn.c \
- vpn/plugins/l2tp.c
+vpn_plugins_l2tp_la_SOURCES = vpn/plugins/l2tp.c
vpn_plugins_l2tp_la_CFLAGS = $(plugin_cflags) -DL2TP=\"@L2TP@\" \
-DVPN_STATEDIR=\""$(vpn_statedir)"\" \
-DSCRIPTDIR=\""$(build_scriptdir)"\"
@@ -136,16 +132,15 @@ endif
endif
if PPTP
+builtin_vpn_source = vpn/plugins/vpn.c vpn/plugins/vpn.h
if PPTP_BUILTIN
builtin_vpn_modules += pptp
builtin_vpn_sources += vpn/plugins/pptp.c
-builtin_vpn_source = vpn/plugins/vpn.c vpn/plugins/vpn.h
builtin_vpn_cflags += -DPPPD=\"@PPPD@\" -DPPTP=\"@PPTP@\"
else
vpn_plugin_LTLIBRARIES += vpn/plugins/pptp.la
vpn_plugin_objects += $(plugins_pptp_la_OBJECTS)
-vpn_plugins_pptp_la_SOURCES = vpn/plugins/vpn.h vpn/plugins/vpn.c \
- vpn/plugins/pptp.c
+vpn_plugins_pptp_la_SOURCES = vpn/plugins/pptp.c
vpn_plugins_pptp_la_CFLAGS = $(plugin_cflags) -DPPPD=\"@PPPD@\" \
-DPPTP=\"@PPTP@\" \
-DVPN_STATEDIR=\""$(vpn_statedir)"\" \
--
2.20.1
1 year, 3 months
[PATCH] vpn: Rename openconnect-script to vpn-script.
by Jussi Laakkonen
The scripts/openconnect-script.c has nothing OpenConnect specific and is
also used by VPNC. Thus, renaming it to generic vpn-script.c clarifies
the purpose of the script.
Changed OpenConnect and VPNC plugins to use vpn-script. Modified
Makefile.plugins also to use the vpn-script..
---
.gitignore | 2 +-
Makefile.plugins | 8 ++++----
scripts/{openconnect-script.c => vpn-script.c} | 8 +++++---
vpn/plugins/openconnect.c | 3 +--
vpn/plugins/vpnc.c | 3 +--
5 files changed, 12 insertions(+), 12 deletions(-)
rename scripts/{openconnect-script.c => vpn-script.c} (95%)
diff --git a/.gitignore b/.gitignore
index b43336c9..3088a92f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -40,7 +40,7 @@ src/connman-wait-online.service
src/connmand-wait-online
plugins/connman.policy
scripts/connman
-scripts/openconnect-script
+scripts/vpn-script
scripts/openvpn-script
scripts/connman_resolvconf.conf
client/connmanctl
diff --git a/Makefile.plugins b/Makefile.plugins
index 122b2935..87bcc6fc 100644
--- a/Makefile.plugins
+++ b/Makefile.plugins
@@ -191,14 +191,14 @@ plugins_iospm_la_LDFLAGS = $(plugin_ldflags)
endif
if OPENCONNECT
-script_PROGRAMS += scripts/openconnect-script
+script_PROGRAMS += scripts/vpn-script
-scripts_openconnect_script_LDADD = @DBUS_LIBS@
+scripts_vpn_script_LDADD = @DBUS_LIBS@
else
if VPNC
-script_PROGRAMS += scripts/openconnect-script
+script_PROGRAMS += scripts/vpn-script
-scripts_openconnect_script_LDADD = @DBUS_LIBS@
+scripts_vpn_script_LDADD = @DBUS_LIBS@
endif
endif
diff --git a/scripts/openconnect-script.c b/scripts/vpn-script.c
similarity index 95%
rename from scripts/openconnect-script.c
rename to scripts/vpn-script.c
index 5e04144f..6e020e92 100644
--- a/scripts/openconnect-script.c
+++ b/scripts/vpn-script.c
@@ -54,9 +54,11 @@ static void append(DBusMessageIter *dict, const char *pattern)
key = pattern;
value = delim + 1;
- /* We clean the environment before invoking openconnect, but
- might as well still filter out the few things that get
- added that we're not interested in */
+ /*
+ * We clean the environment before invoking openconnect/vpnc,
+ * but might as well still filter out the few things that get
+ * added that we're not interested in
+ */
if (!strcmp(key, "PWD") || !strcmp(key, "_") ||
!strcmp(key, "SHLVL") || !strcmp(key, "connman_busname") ||
!strcmp(key, "connman_network"))
diff --git a/vpn/plugins/openconnect.c b/vpn/plugins/openconnect.c
index 8e74479f..4117471c 100644
--- a/vpn/plugins/openconnect.c
+++ b/vpn/plugins/openconnect.c
@@ -248,8 +248,7 @@ static int run_connect(struct vpn_provider *provider,
connman_task_add_argument(task, "--syslog", NULL);
connman_task_add_argument(task, "--cookie-on-stdin", NULL);
- connman_task_add_argument(task, "--script",
- SCRIPTDIR "/openconnect-script");
+ connman_task_add_argument(task, "--script", SCRIPTDIR "/vpn-script");
connman_task_add_argument(task, "--interface", if_name);
diff --git a/vpn/plugins/vpnc.c b/vpn/plugins/vpnc.c
index af9dbe76..cd9ff688 100644
--- a/vpn/plugins/vpnc.c
+++ b/vpn/plugins/vpnc.c
@@ -298,8 +298,7 @@ static int vc_connect(struct vpn_provider *provider,
connman_task_add_argument(task, "--ifmode", "tun");
}
- connman_task_add_argument(task, "--script",
- SCRIPTDIR "/openconnect-script");
+ connman_task_add_argument(task, "--script", SCRIPTDIR "/vpn-script");
option = vpn_provider_get_string(provider, "VPNC.Debug");
if (option)
--
2.20.1
1 year, 3 months
