Age | Commit message (Collapse) | Author | Files | Lines |
|
If we receive nameservers from vpnd we must set them in provider.
The connman_provider_set_nameservers() function needs changes
because we get the nameservers as an array, it makes no sense to
convert the array to string and then back to array.
|
|
This terminates the body of stop_autoscan if autoscan is
not active. Per MEEGO-25987 <http://bugs.meego.com/show_bug.cgi?id=25987>,
running stop_autoscan when changing connected services can prematurely and
incorrectly terminate a new, in-flight service connection and result in a
failure of that connection with "net.connman.Error.OperationAborted:
Operation aborted".
When a scan is started, all networks are marked unavailable. Should the check
added in this patch not be present, device scanning is set to false and all
not yet found networks are removed. Thus the service will not be able to
connect if its network wasn't already found.
|
|
If we are trying to connect a service and there is another
service connecting, then we disconnect the pending service
and connect the new one.
Fixes BMC#25981
|
|
The immutable field might be left uninitialized without this.
|
|
Highly inspired by:
https://git.kernel.org/cgit/linux/kernel/git/shemminger/bridge-utils.git/commit/?id=5eebb7f9288b7881ffb929b1fd494fe3ac3be27d
As Russel puts it in his commit message for bridge-utils:
Linux 3.8 has a header, include/uapi/linux/if_bridge.h that uses a
struct in6_addr but doesn't define it. The trivial seeming fix of
including the header that does define it causes more problems. The
problem was discussed on mailing lists in January 2013. The final
suggestion I found was here:
http://www.redhat.com/archives/libvir-list/2013-January/msg01253.html
This is intended to implement that suggestion.
This changeset transplants this trivial fix to connman.
|
|
We did not send the IP config changed signal during disconnect.
This can confuse the dbus signal listeners.
Fixes BMC#25989
|
|
If we are changing IPv4 config, then send only IPv4 changed signal
and not the IPv6 one. Same is done for IPv6 config when it changes.
|
|
If IPv4 address is missing then DHCPv4 is used. If IPv6 address is missing,
then SLAAC or DHCPv6 is used. This was specified in doc/config-format.txt
but implementation was missing.
We also allow the IP address to contain "off", "dhcp" or "auto" string,
so user can specify how the IP address can be set for the interface.
Fixes BMC#25985
|
|
|
|
Instead appending ConnMan iptables rules into the builtin chains
we append them into chains managed by ConnMan.
If a rule needs to be inserted into a bultin chain, ConnMan
will create a 'connman-' prefixed builtin chain name and appends
the user rules there. Then ConnMan will insert a unconditional jump
rule in the builtin chain.
Basically,
iptables -t filter -A INPUT -m mark --mark 1 -j LOG
will be translated to this:
iptables -t filter -N connman-INPUT
iptables -t filter -A connman-INPUT -m mark --mark 1 -j LOG
iptables -t filter -I INPUT -j connman-INPUT
When the last rule in a managed chain is removed, the managed
chain will also be removed.
|
|
The main idea behind this API is to collect several iptables rules
together and enable or disable in one go.
For this a context is created via __connman_firewall_create() and
the rules added to this context via __connman_firewall_add_rule().
In order to append all rules __connman_firewall_enable() has
to be called. To remove all rules associated with one context
__connman_firewall_disable() has to be used.
If something goes awry the code tries to get back to the initial
state.
|
|
ConnMan maintains its own chain per builtin chain. The managed
chain have a prefix 'connman-' and one rule in the corresponding
builtin chain which jumps uncoditional to the managed chain.
In case ConnMan crashed we need to cleanup first.
|
|
|
|
We will implement the ConnMan iptables specific part in a different
file and leave the iptables.c file as small as possible.
Therefore, we move the flushing part out, but we need a way to
find our chains on bootup (left over from a crash). Let's add an
interater which walks over all chains which allows a higher level
to find the chains it is looking for (e.g. connman-INPUT)
|
|
There is a common pattern when writing a callback function. Let's
add a few helper for this.
It is added to session.h because apart from the core also
the session_policy_local.c will make use of it.
This is shamelessly stolen from oFono.
|
|
|
|
This was wrongly removed with commit 161efbae
|
|
Add a boolean helper to distinguish between insert and append operations.
When chain_head == chain_tail->prev, the builtin chain is empty which makes
an intended append operation equivalent to an insert operation.
|
|
If dnsproxy is not in use, like when connman has been started
with -r option, then the listener_table will be NULL which can
cause crash in hash table lookup call.
|
|
Optionally use iptables-save to check if the rules are installed or
removed on the system instead of relying only on the returned iptables
error code.
Do notice that running tools/iptables-unit will modify and delete existing
iptables firewall rules on your system. Use iptables-unit with caution!
|
|
test-ippool is a pure unit test can therefore be part of the
distcheck target.
|
|
|
|
Reported by Ravikumar Veeramally
|
|
entry_head and entry_return are allocated via g_try_malloc0().
|
|
After removing one or more rules the builtin hooks need to be updated
accordingly. iptables_flush_chain() and iptables_delete_rule()
share a common code part.
|
|
The list pointer is invalid after remove_table_entry(). Since
we entering the 'if' body only for the first rule in a builtin
chain we can safely update list to point to the next element.
|
|
The second argument is not used anymore, let's remove it. The funciton
name doesn't really match to its implementation, so it's also time
to rename it.
|
|
We need to see a bit more in detail what happens when
CONNMAN_IPTABLES_DEBUG is not set, for example the removing/flushing
during bootup.
Also remove the DBG() from parse_rule_spec() because all callers
already have a DBG(). So not much additional information here.
|
|
pre_load_table() is called always with table == NULL, we end up
keep trying to load the kernel modules even though the table
is already loaded. Therefore, move the lookup one level up.
|
|
Streamline this file with the rest of ConnMan's code base.
|
|
The API changed between 1.4.10 (version code 5) and 1.4.11 (version code 6)
and we needed to workaround with a bunch of ugly ifdefs. 1.4.11 was
released on 26.05.2011 and even Debian testing ships 1.4.14 these days.
|
|
It is impossible to see the normal unit test output with all
DBG() enabled by default.
|
|
With the recent changes to iptables.c and the new API iptables-test.c
and iptables.c started to diverge and it is not really possible to
keep those two files in sync. Instead we start using the new API.
Unfortunatly, we need to partially parse argv and concatinate the rest
again together. This is ugly but not much we can do about it.
|
|
In order to allow our test tool iptables-tests to dump a table
we need an dump function. The only user will be this tool. That allows
the linker to remove this code, so no additional code size.
|
|
|
|
These tests depens on ConnMan running and therefore not really a
unit tests. Let's move it to tools.
|
|
Unit tests are suppessed to be run during 'make distcheck' but
iptables-unit needs to be run with root rights.
|
|
|
|
If the service is provisioned via .config file, then user is only
able to set the AutoConnect status of the service. All the other
settings must be set from the .config file.
Fixes BMC#25984
|
|
|
|
The dbus messages from vpnd might come in different order so make
sure we are not trying to access already removed provider.
|
|
|
|
When provider is destroyed in vpnd, we get a notification about
that. We must then remove the provider which will also unref it
so the provider data will get removed properly.
Old code just unreffed the provider but it was left hanging in
service list.
|
|
|
|
Following patch will introduce provider remove function that can
be used from vpn plugin so rename the current removal function to
reflect better its usage.
|
|
Inotify will send modify event after create event when user has
copied the config file into config directory. Because of this
it is useless to act on create event. As a bonus we avoid
create/modify/create loop that was earlier done in the modify event
handling code.
|
|
If the data pointer is left around, then vpn plugin might
accidentally use it if dbus messages are received after
we have cleared the vpn connection.
|
|
The vpnd will not read or save provider data from disk. Only
way to provision VPN is by setting necessary data in VPN .config
file.
|
|
Immutable VPN connection settings cannot be changed by SetProperty or
ClearProperty dbus API.
|
|
|