| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
We must copy the response buffer before fixing the packet length.
Otherwise the packet length will go wrong if the request contained
EDNS0 data.
|
|
We were not handling client sent partial TCP messages correctly.
This meant that ConnMan would block if the client using TCP would
not send full DNS request.
When a new TCP client connects in tcp_listener_event(), a new
TCP channel is created to handle a partial client message if
all of the message is not already available. The partial TCP
message is patched together in tcp_client_event(). When all of
the TCP message has been received, the message is processed in
read_tcp_data(). The client has to send the DNS request within two
seconds before the connection is closed by ConnMan.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
We add IPv6 loopback address to resolv.conf if we have created
an IPv6 listening socket to port 53. Also remove ::1 from resolv.conf
when deleting the proxy.
|
|
Do not bind to ANY address so that other DNS server applications
can be used on the same host for interfaces that are not managed
by ConnMan. This means that we only create DNS listeners on loopback
and tethering interfaces.
|
|
The returned address is used when we need to have a listening
socket tied to specific interface and address, and do not want to
bind to any address.
|
|
If we receive nameservers from vpnd we must set them in provider.
The connman_provider_set_nameservers() function needs changes
because we get the nameservers as an array, it makes no sense to
convert the array to string and then back to array.
|
|
If we are trying to connect a service and there is another
service connecting, then we disconnect the pending service
and connect the new one.
Fixes BMC#25981
|
|
Highly inspired by:
https://git.kernel.org/cgit/linux/kernel/git/shemminger/bridge-utils.git/commit/?id=5eebb7f9288b7881ffb929b1fd494fe3ac3be27d
As Russel puts it in his commit message for bridge-utils:
Linux 3.8 has a header, include/uapi/linux/if_bridge.h that uses a
struct in6_addr but doesn't define it. The trivial seeming fix of
including the header that does define it causes more problems. The
problem was discussed on mailing lists in January 2013. The final
suggestion I found was here:
http://www.redhat.com/archives/libvir-list/2013-January/msg01253.html
This is intended to implement that suggestion.
This changeset transplants this trivial fix to connman.
|
|
We did not send the IP config changed signal during disconnect.
This can confuse the dbus signal listeners.
Fixes BMC#25989
|
|
If we are changing IPv4 config, then send only IPv4 changed signal
and not the IPv6 one. Same is done for IPv6 config when it changes.
|
|
If IPv4 address is missing then DHCPv4 is used. If IPv6 address is missing,
then SLAAC or DHCPv6 is used. This was specified in doc/config-format.txt
but implementation was missing.
We also allow the IP address to contain "off", "dhcp" or "auto" string,
so user can specify how the IP address can be set for the interface.
Fixes BMC#25985
|
|
Instead appending ConnMan iptables rules into the builtin chains
we append them into chains managed by ConnMan.
If a rule needs to be inserted into a bultin chain, ConnMan
will create a 'connman-' prefixed builtin chain name and appends
the user rules there. Then ConnMan will insert a unconditional jump
rule in the builtin chain.
Basically,
iptables -t filter -A INPUT -m mark --mark 1 -j LOG
will be translated to this:
iptables -t filter -N connman-INPUT
iptables -t filter -A connman-INPUT -m mark --mark 1 -j LOG
iptables -t filter -I INPUT -j connman-INPUT
When the last rule in a managed chain is removed, the managed
chain will also be removed.
|
|
The main idea behind this API is to collect several iptables rules
together and enable or disable in one go.
For this a context is created via __connman_firewall_create() and
the rules added to this context via __connman_firewall_add_rule().
In order to append all rules __connman_firewall_enable() has
to be called. To remove all rules associated with one context
__connman_firewall_disable() has to be used.
If something goes awry the code tries to get back to the initial
state.
|
|
ConnMan maintains its own chain per builtin chain. The managed
chain have a prefix 'connman-' and one rule in the corresponding
builtin chain which jumps uncoditional to the managed chain.
In case ConnMan crashed we need to cleanup first.
|
|
|
|
We will implement the ConnMan iptables specific part in a different
file and leave the iptables.c file as small as possible.
Therefore, we move the flushing part out, but we need a way to
find our chains on bootup (left over from a crash). Let's add an
interater which walks over all chains which allows a higher level
to find the chains it is looking for (e.g. connman-INPUT)
|
|
This was wrongly removed with commit 161efbae
|
|
Add a boolean helper to distinguish between insert and append operations.
When chain_head == chain_tail->prev, the builtin chain is empty which makes
an intended append operation equivalent to an insert operation.
|
|
If dnsproxy is not in use, like when connman has been started
with -r option, then the listener_table will be NULL which can
cause crash in hash table lookup call.
|
|
entry_head and entry_return are allocated via g_try_malloc0().
|
|
After removing one or more rules the builtin hooks need to be updated
accordingly. iptables_flush_chain() and iptables_delete_rule()
share a common code part.
|
|
The list pointer is invalid after remove_table_entry(). Since
we entering the 'if' body only for the first rule in a builtin
chain we can safely update list to point to the next element.
|
|
The second argument is not used anymore, let's remove it. The funciton
name doesn't really match to its implementation, so it's also time
to rename it.
|
|
We need to see a bit more in detail what happens when
CONNMAN_IPTABLES_DEBUG is not set, for example the removing/flushing
during bootup.
Also remove the DBG() from parse_rule_spec() because all callers
already have a DBG(). So not much additional information here.
|
|
pre_load_table() is called always with table == NULL, we end up
keep trying to load the kernel modules even though the table
is already loaded. Therefore, move the lookup one level up.
|
|
Streamline this file with the rest of ConnMan's code base.
|
|
The API changed between 1.4.10 (version code 5) and 1.4.11 (version code 6)
and we needed to workaround with a bunch of ugly ifdefs. 1.4.11 was
released on 26.05.2011 and even Debian testing ships 1.4.14 these days.
|
|
In order to allow our test tool iptables-tests to dump a table
we need an dump function. The only user will be this tool. That allows
the linker to remove this code, so no additional code size.
|
|
If the service is provisioned via .config file, then user is only
able to set the AutoConnect status of the service. All the other
settings must be set from the .config file.
Fixes BMC#25984
|
|
|
|
Following patch will introduce provider remove function that can
be used from vpn plugin so rename the current removal function to
reflect better its usage.
|
|
|
|
|
|
The -i or --device command line option contains the device names
that we should use. Unfortunately the check fails if there are
multiple interfaces in that list and we ignore the interfaces instead.
Fixes BMC#25979
|
|
Commit ba052f1f "iptables: Add split out iptables commands"
introduced a bug. __connman_iptables_append() should
call iptables_append_rule() instead of iptables_insert_rule().
|
|
|
|
The policy is kept at the end of the chain not at the beginning.
Currently, the code assumes that the builtin chain is empty.
|
|
The linked list is tracking all loading modules. Since we do not
unload once they are loaded (xtables does not support this), we
might up leaving prepare_matches() before we update the
option table. Since we carefully reset the global xtable state
after executing one rule, this check is wrong, e.g. if we add
to similar rules (same matches (mark, nfacct)). In this case
the second rule would not be parsed correctly. Nasty nasty iptables parser!
|
|
|
|
Updating the builtin and hook index is more complex then one
would expect. In order to be able to update them correctly
we need also to pass in the underflow table to the iterate
function. To improve the readability the valid_hook magic
has been moved into next_hook_entry_index() which does exactly
as the name says.
|
|
A fallthrough rule is one which has the default target name,
does not have a verdict and is not a jump rule.
is_fallthrough() is called excluslive from the insert path,
thus the value of verdict will be 0 for a fallthrough rule.
|
|
This is needed to make a service go online in the case where it was
already connected and then manual IPv4 & nameservers settings are
applied. In that case, wispr is restarted with the new IP settings, but
the nameservers have not been set yet, so the wispr test fails and the
service remains in ready state.
|
|
The point here is to create a virtual configuration, which does not come
from a real file. This is a handy way for plugins to be able to provision
services without creating any file on the FS.
In case of a wifi configuration type and if connect is requested, it will
trigger a scan, thus leading to a possible service being provisioned by
such virtual configuration. If so and if connect was requested: the service
will be asked to connect.
|
|
|
