October 2019 - iwd - Ml01.01.Org

[PATCH 1/4] rtnlutil: Add IPv6 route deletion helper

by Tim Kourt

--- src/rtnlutil.c | 31 +++++++++++++++++++++++++++++-- src/rtnlutil.h | 7 +++++++ 2 files changed, 36 insertions(+), 2 deletions(-) diff --git a/src/rtnlutil.c b/src/rtnlutil.c index 4090d311..f90e9dcf 100644 --- a/src/rtnlutil.c +++ b/src/rtnlutil.c @@ -533,7 +533,8 @@ uint32_t rtnl_ifaddr_ipv6_delete(struct l_netlink *rtnl, int ifindex, ip, cb, user_data, destroy); } -uint32_t rtnl_route_ipv6_add_gateway(struct l_netlink *rtnl, int ifindex, +static uint32_t rtnl_route_ipv6_change(struct l_netlink *rtnl, + uint16_t nlmsg_type, int ifindex, const char *gateway, uint32_t priority_offset, uint8_t proto, @@ -581,7 +582,33 @@ uint32_t rtnl_route_ipv6_add_gateway(struct l_netlink *rtnl, int ifindex, sizeof(struct in6_addr)); } - return l_netlink_send(rtnl, RTM_NEWROUTE, flags, rtmmsg, + return l_netlink_send(rtnl, nlmsg_type, flags, rtmmsg, rta_buf - (void *) rtmmsg, cb, user_data, destroy); } + +uint32_t rtnl_route_ipv6_add_gateway(struct l_netlink *rtnl, int ifindex, + const char *gateway, + uint32_t priority_offset, + uint8_t proto, + l_netlink_command_func_t cb, + void *user_data, + l_netlink_destroy_func_t destroy) +{ + return rtnl_route_ipv6_change(rtnl, RTM_NEWROUTE, ifindex, gateway, + priority_offset, proto, cb, + user_data, destroy); +} + +uint32_t rtnl_route_ipv6_delete_gateway(struct l_netlink *rtnl, int ifindex, + const char *gateway, + uint32_t priority_offset, + uint8_t proto, + l_netlink_command_func_t cb, + void *user_data, + l_netlink_destroy_func_t destroy) +{ + return rtnl_route_ipv6_change(rtnl, RTM_DELROUTE, ifindex, gateway, + priority_offset, proto, cb, + user_data, destroy); +} diff --git a/src/rtnlutil.h b/src/rtnlutil.h index 6689e16e..383d562f 100644 --- a/src/rtnlutil.h +++ b/src/rtnlutil.h @@ -90,3 +90,10 @@ uint32_t rtnl_route_ipv6_add_gateway(struct l_netlink *rtnl, int ifindex, l_netlink_command_func_t cb, void *user_data, l_netlink_destroy_func_t destroy); +uint32_t rtnl_route_ipv6_delete_gateway(struct l_netlink *rtnl, int ifindex, + const char *gateway, + uint32_t priority_offset, + uint8_t proto, + l_netlink_command_func_t cb, + void *user_data, + l_netlink_destroy_func_t destroy); -- 2.13.6

1 year, 4 months

2
4
0 / 0

[PATCH v4 1/5] netconfig: Subscribe for IPv6 address changes

by Tim Kourt

The IPv6 addresses changes are maintained in ifaddr_list. --- src/netconfig.c | 92 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 92 insertions(+) diff --git a/src/netconfig.c b/src/netconfig.c index 70481abf..1c8b88dc 100644 --- a/src/netconfig.c +++ b/src/netconfig.c @@ -224,6 +224,23 @@ static char **netconfig_ipv4_get_dns(struct netconfig *netconfig, uint8_t proto) return NULL; } +static bool netconfig_ifaddr_match(const void *a, const void *b) +{ + const struct netconfig_ifaddr *entry = a; + const struct netconfig_ifaddr *query = b; + + if (entry->family != query->family) + return false; + + if (entry->prefix_len != query->prefix_len) + return false; + + if (strcmp(entry->ip, query->ip)) + return false; + + return true; +} + static struct netconfig_ifaddr *netconfig_ifaddr_find( const struct netconfig *netconfig, uint8_t family, uint8_t prefix_len, @@ -335,6 +352,73 @@ static void netconfig_ifaddr_cmd_cb(int error, uint16_t type, netconfig_ifaddr_notify(type, data, len, user_data); } +static void netconfig_ifaddr_ipv6_added(struct netconfig *netconfig, + const struct ifaddrmsg *ifa, + uint32_t len) +{ + struct netconfig_ifaddr *ifaddr; + + ifaddr = l_new(struct netconfig_ifaddr, 1); + ifaddr->family = ifa->ifa_family; + ifaddr->prefix_len = ifa->ifa_prefixlen; + + rtnl_ifaddr_ipv6_extract(ifa, len, &ifaddr->ip); + + l_debug("ifindex %u: ifaddr %s/%u", netconfig->ifindex, ifaddr->ip, + ifaddr->prefix_len); + + l_queue_push_tail(netconfig->ifaddr_list, ifaddr); +} + +static void netconfig_ifaddr_ipv6_deleted(struct netconfig *netconfig, + const struct ifaddrmsg *ifa, + uint32_t len) +{ + struct netconfig_ifaddr *ifaddr; + struct netconfig_ifaddr query; + + rtnl_ifaddr_ipv6_extract(ifa, len, &query.ip); + + query.family = ifa->ifa_family; + query.prefix_len = ifa->ifa_prefixlen; + + ifaddr = l_queue_remove_if(netconfig->ifaddr_list, + netconfig_ifaddr_match, &query); + + l_free(query.ip); + + if (!ifaddr) + return; + + l_debug("ifaddr %s/%u", ifaddr->ip, ifaddr->prefix_len); + + netconfig_ifaddr_destroy(ifaddr); +} + +static void netconfig_ifaddr_ipv6_notify(uint16_t type, const void *data, + uint32_t len, void *user_data) +{ + const struct ifaddrmsg *ifa = data; + struct netconfig *netconfig; + uint32_t bytes; + + netconfig = netconfig_find(ifa->ifa_index); + if (!netconfig) + /* Ignore the interfaces which aren't managed by iwd. */ + return; + + bytes = len - NLMSG_ALIGN(sizeof(struct ifaddrmsg)); + + switch (type) { + case RTM_NEWADDR: + netconfig_ifaddr_ipv6_added(netconfig, ifa, bytes); + break; + case RTM_DELADDR: + netconfig_ifaddr_ipv6_deleted(netconfig, ifa, bytes); + break; + } +} + static void netconfig_route_cmd_cb(int error, uint16_t type, const void *data, uint32_t len, void *user_data) @@ -740,6 +824,14 @@ static int netconfig_init(void) goto error; } + r = l_netlink_register(rtnl, RTNLGRP_IPV6_IFADDR, + netconfig_ifaddr_ipv6_notify, NULL, NULL); + if (!r) { + l_error("netconfig: Failed to register for RTNL link IPv6 " + "address notifications."); + goto error; + } + if (!l_settings_get_uint(iwd_get_config(), "General", "route_priority_offset", &ROUTE_PRIORITY_OFFSET)) -- 2.13.6

1 year, 4 months

2
8
0 / 0

[PATCH v3 1/2] eap-tls-common: update to new ELL TLS APIs

by James Prestwood

--- src/eap-tls-common.c | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) -v3: * Fixed the ca_cert cleanup, l_certchain_free was being used rather than l_cert_free. diff --git a/src/eap-tls-common.c b/src/eap-tls-common.c index b069fcfd..b7a9b674 100644 --- a/src/eap-tls-common.c +++ b/src/eap-tls-common.c @@ -523,6 +523,9 @@ static int eap_tls_handle_fragmented_request(struct eap_state *eap, static bool eap_tls_tunnel_init(struct eap_state *eap) { struct eap_tls_state *eap_tls = eap_get_data(eap); + struct l_certchain *client_cert; + struct l_key *client_key; + struct l_queue *ca_cert; if (eap_tls->tunnel) return false; @@ -543,14 +546,19 @@ static bool eap_tls_tunnel_init(struct eap_state *eap) l_tls_set_debug(eap_tls->tunnel, eap_tls_tunnel_debug, eap, NULL); - if (!l_tls_set_auth_data(eap_tls->tunnel, eap_tls->client_cert, - eap_tls->client_key, - eap_tls->passphrase) || - (eap_tls->ca_cert && - !l_tls_set_cacert(eap_tls->tunnel, - eap_tls->ca_cert))) { + client_cert = l_pem_load_certificate_chain(eap_tls->client_cert); + client_key = l_pem_load_private_key(eap_tls->client_key, + eap_tls->passphrase, NULL); + ca_cert = l_pem_load_certificate_list(eap_tls->ca_cert); + + if (!l_tls_set_auth_data(eap_tls->tunnel, client_cert, client_key) || + (ca_cert && + !l_tls_set_cacert(eap_tls->tunnel, ca_cert))) { l_error("%s: Error loading TLS keys or certificates.", eap_get_method_name(eap)); + l_certchain_free(client_cert); + l_key_free(client_key); + l_queue_destroy(ca_cert, (l_queue_destroy_func_t)l_cert_free); return false; } -- 2.17.1

1 year, 4 months

2
3
0 / 0

[PATCH 1/2] netconfig: Don't re-install IPv4 address on re-configure

by Tim Kourt

--- src/netconfig.c | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/src/netconfig.c b/src/netconfig.c index 4e294512..272a058f 100644 --- a/src/netconfig.c +++ b/src/netconfig.c @@ -645,17 +645,9 @@ bool netconfig_configure(struct netconfig *netconfig, bool netconfig_reconfigure(struct netconfig *netconfig) { if (netconfig->rtm_protocol == RTPROT_DHCP) { - /* - * - * TODO l_dhcp_client to try to request a - * previously used address. - * - * return; - */ + /* TODO l_dhcp_client sending a DHCP inform request */ } - netconfig_ipv4_select_and_install(netconfig); - /* TODO: IPv6 addressing */ return true; -- 2.13.6

1 year, 4 months

1
1
0 / 0

[PATCH 1/2] eap-tls-common: update to new ELL TLS APIs

by James Prestwood

--- src/eap-tls-common.c | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/src/eap-tls-common.c b/src/eap-tls-common.c index b069fcfd..d5b72963 100644 --- a/src/eap-tls-common.c +++ b/src/eap-tls-common.c @@ -523,6 +523,9 @@ static int eap_tls_handle_fragmented_request(struct eap_state *eap, static bool eap_tls_tunnel_init(struct eap_state *eap) { struct eap_tls_state *eap_tls = eap_get_data(eap); + struct l_certchain *client_cert; + struct l_key *client_key; + struct l_queue *ca_cert; if (eap_tls->tunnel) return false; @@ -543,14 +546,20 @@ static bool eap_tls_tunnel_init(struct eap_state *eap) l_tls_set_debug(eap_tls->tunnel, eap_tls_tunnel_debug, eap, NULL); - if (!l_tls_set_auth_data(eap_tls->tunnel, eap_tls->client_cert, - eap_tls->client_key, - eap_tls->passphrase) || - (eap_tls->ca_cert && - !l_tls_set_cacert(eap_tls->tunnel, - eap_tls->ca_cert))) { + client_cert = l_pem_load_certificate_chain(eap_tls->client_cert); + client_key = l_pem_load_private_key(eap_tls->client_key, + eap_tls->passphrase, NULL); + ca_cert = l_pem_load_certificate_list(eap_tls->ca_cert); + + if (!l_tls_set_auth_data(eap_tls->tunnel, client_cert, client_key) || + (ca_cert && + !l_tls_set_cacert(eap_tls->tunnel, ca_cert))) { l_error("%s: Error loading TLS keys or certificates.", eap_get_method_name(eap)); + l_certchain_free(client_cert); + l_key_free(client_key); + l_queue_destroy(ca_cert, + (l_queue_destroy_func_t)l_certchain_free); return false; } -- 2.17.1

1 year, 4 months

1
1
0 / 0

[PATCH v3 1/5] netconfig: Subscribe for IPv6 address changes

by Tim Kourt

The IPv6 addresses changes are maintained in ifaddr_list. --- src/netconfig.c | 105 ++++++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 98 insertions(+), 7 deletions(-) diff --git a/src/netconfig.c b/src/netconfig.c index 4e294512..c9b0b66e 100644 --- a/src/netconfig.c +++ b/src/netconfig.c @@ -224,6 +224,23 @@ static char **netconfig_ipv4_get_dns(struct netconfig *netconfig, uint8_t proto) return NULL; } +static bool netconfig_ifaddr_match(const void *a, const void *b) +{ + const struct netconfig_ifaddr *entry = a; + const struct netconfig_ifaddr *query = b; + + if (entry->family != query->family) + return false; + + if (entry->prefix_len != query->prefix_len) + return false; + + if (strcmp(entry->ip, query->ip)) + return false; + + return true; +} + static struct netconfig_ifaddr *netconfig_ifaddr_find( const struct netconfig *netconfig, uint8_t family, uint8_t prefix_len, @@ -276,22 +293,22 @@ static void netconfig_ifaddr_deleted(struct netconfig *netconfig, uint32_t len) { struct netconfig_ifaddr *ifaddr; - char *ip; + struct netconfig_ifaddr query; - rtnl_ifaddr_extract(ifa, len, NULL, &ip, NULL); + rtnl_ifaddr_extract(ifa, len, NULL, &query.ip, NULL); - ifaddr = netconfig_ifaddr_find(netconfig, ifa->ifa_family, - ifa->ifa_prefixlen, ip); + query.family = ifa->ifa_family; + query.prefix_len = ifa->ifa_prefixlen; - l_free(ip); + ifaddr = l_queue_remove_if(netconfig->ifaddr_list, + netconfig_ifaddr_match, &query); + l_free(query.ip); if (!ifaddr) return; l_debug("ifaddr %s/%u", ifaddr->ip, ifaddr->prefix_len); - l_queue_remove(netconfig->ifaddr_list, ifaddr); - netconfig_ifaddr_destroy(ifaddr); } @@ -335,6 +352,72 @@ static void netconfig_ifaddr_cmd_cb(int error, uint16_t type, netconfig_ifaddr_notify(type, data, len, user_data); } +static void netconfig_ifaddr_ipv6_added(struct netconfig *netconfig, + const struct ifaddrmsg *ifa, + uint32_t len) +{ + struct netconfig_ifaddr *ifaddr; + + ifaddr = l_new(struct netconfig_ifaddr, 1); + ifaddr->family = ifa->ifa_family; + ifaddr->prefix_len = ifa->ifa_prefixlen; + + rtnl_ifaddr_ipv6_extract(ifa, len, &ifaddr->ip); + + l_debug("ifindex %u: ifaddr %s/%u", netconfig->ifindex, ifaddr->ip, + ifaddr->prefix_len); + + l_queue_push_tail(netconfig->ifaddr_list, ifaddr); +} + +static void netconfig_ifaddr_ipv6_deleted(struct netconfig *netconfig, + const struct ifaddrmsg *ifa, + uint32_t len) +{ + struct netconfig_ifaddr *ifaddr; + char *ip; + + rtnl_ifaddr_ipv6_extract(ifa, len, &ip); + + ifaddr = netconfig_ifaddr_find(netconfig, ifa->ifa_family, + ifa->ifa_prefixlen, ip); + + l_free(ip); + + if (!ifaddr) + return; + + l_debug("ifaddr %s/%u", ifaddr->ip, ifaddr->prefix_len); + + l_queue_remove(netconfig->ifaddr_list, ifaddr); + + netconfig_ifaddr_destroy(ifaddr); +} + +static void netconfig_ifaddr_ipv6_notify(uint16_t type, const void *data, + uint32_t len, void *user_data) +{ + const struct ifaddrmsg *ifa = data; + struct netconfig *netconfig; + uint32_t bytes; + + netconfig = netconfig_find(ifa->ifa_index); + if (!netconfig) + /* Ignore the interfaces which aren't managed by iwd. */ + return; + + bytes = len - NLMSG_ALIGN(sizeof(struct ifaddrmsg)); + + switch (type) { + case RTM_NEWADDR: + netconfig_ifaddr_ipv6_added(netconfig, ifa, bytes); + break; + case RTM_DELADDR: + netconfig_ifaddr_ipv6_deleted(netconfig, ifa, bytes); + break; + } +} + static void netconfig_route_cmd_cb(int error, uint16_t type, const void *data, uint32_t len, void *user_data) @@ -757,6 +840,14 @@ static int netconfig_init(void) goto error; } + r = l_netlink_register(rtnl, RTNLGRP_IPV6_IFADDR, + netconfig_ifaddr_ipv6_notify, NULL, NULL); + if (!r) { + l_error("netconfig: Failed to register for RTNL link IPv6 " + "address notifications."); + goto error; + } + if (!l_settings_get_uint(iwd_get_config(), "General", "route_priority_offset", &ROUTE_PRIORITY_OFFSET)) -- 2.13.6

1 year, 4 months

1
4
0 / 0

2021

2020

2019

iwd October 2019

2021

2020

2019

iwd October 2019 ----- 2021 ----- February 2021 January 2021 ----- 2020 ----- December 2020 November 2020 October 2020 September 2020 August 2020 July 2020 June 2020 May 2020 April 2020 March 2020 February 2020 January 2020 ----- 2019 ----- December 2019 November 2019 October 2019 September 2019

iwd October 2019