Hi guys even more information.
Having now the WiFi Ready and ETH online connmanctl> services *AO Wired ethernet_68b599eda216_cable *AR Gianfranco's iPhone wifi_0024d76e6c38_4769616e6672616e636f2773206950686f6e65_managed_psk Having the iptables updated accordingly: ———————————————————————————— root@ale:/var/log# ip rule show 0: from all lookup local 32764: from all fwmark 0x101 lookup 257 32765: from all fwmark 0x100 lookup 256 32766: from all lookup main 32767: from all lookup default ———————————————————————————— ———————————————————————————— root@ale:/var/log# ip route show table 0x101 ———————————————————————————— ———————————————————————————— root@ale:/var/log# ip route show table 0x100 default via 192.168.1.1 dev eth0 ———————————————————————————— ———————————————————————————— wifisession@jf:~$ id uid=1002(wifisession) gid=1002(wifisession) groups=1002(wifisession),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),115(lpadmin),131(sambashare),1000(jf) ———————————————————————————— ———————————————————————————— ethsession@jf:~$ id uid=1001(ethsession) gid=1001(ethsession) groups=1001(ethsession),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),115(lpadmin),131(sambashare),1000(jf) ———————————————————————————— Adding the following rules to monitoring the traffic: ———————————————————————————— iptables -N out0 iptables -A OUTPUT -m owner --uid-owner 1002 -j out0 iptables -A out0 -j LOG --log-level info --log-prefix "WiFi MARK " iptables -A out0 -j ACCEPT iptables -N out1 iptables -A OUTPUT -m owner --uid-owner 1001 -j out1 iptables -A out1 -j LOG --log-level info --log-prefix "ETH MARK " iptables -A out1 -j ACCEPT ———————————————————————————— from /var/log/kern.log I can see that the packages are correctly marked. The ETH MARK are recorded once, from a shell with ethsession (user) i launched “curl ifconfig.me <http://ifconfig.me/>”. The WiFi MARK are recorded once, from a shell with wifisession (user) i launched “curl ifconfig.me <http://ifconfig.me/>”. ———————————————————————————— Jul 3 15:02:41 ale kernel: [ 427.490173] ETH MARK IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=57 TOS=0x00 PREC=0x00 TTL=64 ID=12443 DF PROTO=UDP SPT=55257 DPT=53 LEN=37 MARK=0x100 Jul 3 15:02:41 ale kernel: [ 427.490225] ETH MARK IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=57 TOS=0x00 PREC=0x00 TTL=64 ID=12444 DF PROTO=UDP SPT=55257 DPT=53 LEN=37 MARK=0x100 Jul 3 15:02:41 ale kernel: [ 427.493484] ETH MARK IN= OUT=eth0 SRC=192.168.1.100 DST=153.121.72.211 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=31963 DF PROTO=TCP SPT=42991 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 MARK=0x100 Jul 3 15:02:42 ale kernel: [ 428.491696] ETH MARK IN= OUT=eth0 SRC=192.168.1.100 DST=153.121.72.211 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=31964 DF PROTO=TCP SPT=42991 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 MARK=0x100 Jul 3 15:02:44 ale kernel: [ 430.494549] ETH MARK IN= OUT=eth0 SRC=192.168.1.100 DST=153.121.72.211 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=31965 DF PROTO=TCP SPT=42991 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 MARK=0x100 Jul 3 15:02:48 ale kernel: [ 434.496260] ETH MARK IN= OUT=eth0 SRC=192.168.1.100 DST=153.121.72.211 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=31966 DF PROTO=TCP SPT=42991 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 MARK=0x100 Jul 3 15:03:04 ale kernel: [ 450.683299] WiFi MARK IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=57 TOS=0x00 PREC=0x00 TTL=64 ID=14660 DF PROTO=UDP SPT=47491 DPT=53 LEN=37 MARK=0x101 Jul 3 15:03:04 ale kernel: [ 450.683510] WiFi MARK IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=57 TOS=0x00 PREC=0x00 TTL=64 ID=14662 DF PROTO=UDP SPT=47491 DPT=53 LEN=37 MARK=0x101 Jul 3 15:03:04 ale kernel: [ 450.686479] WiFi MARK IN= OUT=eth0 SRC=192.168.1.100 DST=153.121.72.211 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=29982 DF PROTO=TCP SPT=42992 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 MARK=0x101 Jul 3 15:03:05 ale kernel: [ 451.682453] WiFi MARK IN= OUT=eth0 SRC=192.168.1.100 DST=153.121.72.211 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=29983 DF PROTO=TCP SPT=42992 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 MARK=0x101 Jul 3 15:03:07 ale kernel: [ 453.685272] WiFi MARK IN= OUT=eth0 SRC=192.168.1.100 DST=153.121.72.211 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=29984 DF PROTO=TCP SPT=42992 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 MARK=0x101 Jul 3 15:03:07 ale kernel: [ 454.001584] WiFi MARK IN= OUT=eth0 SRC=192.168.1.100 DST=153.121.72.211 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=29985 DF PROTO=TCP SPT=42992 DPT=80 WINDOW=229 RES=0x00 ACK URGP=0 MARK=0x101 Jul 3 15:03:07 ale kernel: [ 454.001740] WiFi MARK IN= OUT=eth0 SRC=192.168.1.100 DST=153.121.72.211 LEN=127 TOS=0x00 PREC=0x00 TTL=64 ID=29986 DF PROTO=TCP SPT=42992 DPT=80 WINDOW=229 RES=0x00 ACK PSH URGP=0 MARK=0x101 Jul 3 15:03:08 ale kernel: [ 454.672724] WiFi MARK IN= OUT=eth0 SRC=192.168.1.100 DST=153.121.72.211 LEN=127 TOS=0x00 PREC=0x00 TTL=64 ID=29987 DF PROTO=TCP SPT=42992 DPT=80 WINDOW=229 RES=0x00 ACK PSH URGP=0 MARK=0x101 Jul 3 15:03:09 ale kernel: [ 455.620203] WiFi MARK IN= OUT=eth0 SRC=192.168.1.100 DST=153.121.72.211 LEN=127 TOS=0x00 PREC=0x00 TTL=64 ID=29988 DF PROTO=TCP SPT=42992 DPT=80 WINDOW=229 RES=0x00 ACK PSH URGP=0 MARK=0x101 Jul 3 15:03:13 ale kernel: [ 460.110496] WiFi MARK IN= OUT=eth0 SRC=192.168.1.100 DST=153.121.72.211 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=29989 DF PROTO=TCP SPT=42992 DPT=80 WINDOW=229 RES=0x00 ACK FIN URGP=0 MARK=0x101 ———————————————————————————— > On 03 Jul 2015, at 14:29, Gianfranco Casanova <[email protected]> > wrote: > > Hi guys > > me again > > I did the test once again using my iPhone to avoid problem with the subnet. > Following also the result for the iptables you asked. > > I’m adding the LOG to the marker and see if the packages are marked (seems to > me yes, I was doing “by hand” for testing purposes the same as the ConnMan is > meant to do and I sow the packages marked correctly in /var/log/kern.log). > > The most relevant information is that: > > ——————— > root@jf:/home/jf# ip route show table 0x100 > ——————— > > ——————— > root@jf:/home/jf# ip route show table 0x101 > default via 172.20.10.1 dev wlan0 > ——————— > > Can be that Ubuntu for security reason is doing something preventing to go to > Internet via eth0? > > Following the other LOG for the test > > ——————— > ethsession@jf:~$ connmanctl > connmanctl> services > *AO Wired ethernet_68b599eda216_cable > connmanctl> session on > Session /sessions/_1_77/net/connman/connmanctl2210 created > Session Update = { > State = disconnected > Name = > IPv4 = [ ] > IPv6 = [ ] > Interface = > Bearer = > ConnectionType = internet > AllowedBearers = [ ethernet ] > } > connmanctl> services > *AO Gianfranco's iPhone > wifi_0024d76e6c38_4769616e6672616e636f2773206950686f6e65_managed_psk > *AR Wired ethernet_68b599eda216_cable > connmanctl> exit > ethsession@jf:~$ id > uid=1001(ethsession) gid=1001(ethsession) > groups=1001(ethsession),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),115(lpadmin),131(sambashare),1000(jf) > > ethsession@jf:~$ curl ifconfig.me <http://ifconfig.me/> > 91.253.148.158 (from the Phone) > ——————— > > > ——————— > wifisession@jf:~$ connmanctl > connmanctl> services > *AO Wired ethernet_68b599eda216_cable > connmanctl> services > *AO Wired ethernet_68b599eda216_cable > *Aa Gianfranco's iPhone > wifi_0024d76e6c38_4769616e6672616e636f2773206950686f6e65_managed_psk > > connmanctl> session on > Session /sessions/_1_78/net/connman/connmanctl2211 created > Session Update = { > State = online > Name = Gianfranco's iPhone > IPv4 = [ Method=dhcp, Address=172.20.10.10, Netmask=255.255.255.240, > Gateway=172.20.10.1 ] > IPv6 = [ ] > Interface = wlan0 > Bearer = wifi > ConnectionType = internet > AllowedBearers = [ wifi ] > } > Session /sessions/_1_78/net/connman/connmanctl2211 connected > > connmanctl> session connect > connmanctl> services > *AO Gianfranco's iPhone > wifi_0024d76e6c38_4769616e6672616e636f2773206950686f6e65_managed_psk > *AR Wired ethernet_68b599eda216_cable > connmanctl> exit > > wifisession@jf:~$ id > uid=1002(wifisession) gid=1002(wifisession) > groups=1002(wifisession),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),115(lpadmin),131(sambashare),1000(jf) > > wifisession@jf:~$ curl ifconfig.me <http://ifconfig.me/> > 91.253.148.158 (from the Phone) > ——————— > > ——————— > root@jf:/home/jf# ifconfig > eth0 Link encap:Ethernet HWaddr 68:b5:99:ed:a2:16 > inet addr:192.168.1.100 Bcast:192.168.1.255 Mask:255.255.255.0 > inet6 addr: fe80::6ab5:99ff:feed:a216/64 Scope:Link > UP BROADCAST RUNNING MULTICAST DYNAMIC MTU:1500 Metric:1 > RX packets:84 errors:0 dropped:0 overruns:0 frame:0 > TX packets:101 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:18449 (18.4 KB) TX bytes:13899 (13.8 KB) > Interrupt:20 Memory:d7500000-d7520000 > > lo Link encap:Local Loopback > inet addr:127.0.0.1 Mask:255.0.0.0 > inet6 addr: ::1/128 Scope:Host > UP LOOPBACK RUNNING MTU:65536 Metric:1 > RX packets:1008 errors:0 dropped:0 overruns:0 frame:0 > TX packets:1008 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:86690 (86.6 KB) TX bytes:86690 (86.6 KB) > > wlan0 Link encap:Ethernet HWaddr 00:24:d7:6e:6c:38 > inet addr:172.20.10.10 Bcast:172.20.10.15 Mask:255.255.255.240 > inet6 addr: fe80::224:d7ff:fe6e:6c38/64 Scope:Link > UP BROADCAST RUNNING MULTICAST DYNAMIC MTU:1500 Metric:1 > RX packets:28 errors:0 dropped:0 overruns:0 frame:0 > TX packets:76 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:3264 (3.2 KB) TX bytes:13115 (13.1 KB) > ——————— > > ——————— > root@jf:/home/jf# ip rule show > 0: from all lookup local > 32764: from all fwmark 0x101 lookup 257 > 32765: from all fwmark 0x100 lookup 256 > 32766: from all lookup main > 32767: from all lookup default > ——————— > > ——————— > root@jf:/home/jf# route -n > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use Iface > 0.0.0.0 172.20.10.1 0.0.0.0 UG 0 0 0 wlan0 > 8.8.4.4 192.168.1.1 255.255.255.255 UGH 0 0 0 eth0 > 8.8.8.8 192.168.1.1 255.255.255.255 UGH 0 0 0 eth0 > 172.20.10.0 0.0.0.0 255.255.255.240 U 0 0 0 wlan0 > 172.20.10.1 0.0.0.0 255.255.255.255 UH 0 0 0 wlan0 > 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 > 192.168.1.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 > ——————— > > ——————— > root@jf:/home/jf# iptables -t mangle -L > Chain PREROUTING (policy ACCEPT) > target prot opt source destination > > Chain INPUT (policy ACCEPT) > target prot opt source destination > connman-INPUT all -- anywhere anywhere > > Chain FORWARD (policy ACCEPT) > target prot opt source destination > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > connman-OUTPUT all -- anywhere anywhere > > Chain POSTROUTING (policy ACCEPT) > target prot opt source destination > connman-POSTROUTING all -- anywhere anywhere > > Chain connman-INPUT (1 references) > target prot opt source destination > CONNMARK all -- anywhere anywhere CONNMARK restore > > Chain connman-OUTPUT (1 references) > target prot opt source destination > MARK all -- anywhere anywhere owner UID match > ethsession MARK set 0x100 > MARK all -- anywhere anywhere owner UID match > wifisession MARK set 0x101 > > Chain connman-POSTROUTING (1 references) > target prot opt source destination > CONNMARK all -- anywhere anywhere CONNMARK save > ——————— > > ——————— > root@jf:/home/jf# iptables -t filter -L > Chain INPUT (policy ACCEPT) > target prot opt source destination > > Chain FORWARD (policy ACCEPT) > target prot opt source destination > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > ——————— > > ——————— > root@jf:/home/jf# cat /etc/iproute2/rt_tables > # > # reserved values > # > 255 local > 254 main > 253 default > 0 unspec > # > # local > # > #1 inr.ruhep > ——————— > > ——————— > root@jf:/home/jf# ip route show table 0x100 > ——————— > > ——————— > root@jf:/home/jf# ip route show table 0x101 > default via 172.20.10.1 dev wlan0 > ——————— > > > > > > >> On 03 Jul 2015, at 10:48, Patrik Flykt <[email protected] >> <mailto:[email protected]>> wrote: >> >> Hi, >> >> On Fri, 2015-07-03 at 09:12 +0200, Gianfranco Casanova wrote: >> >>> ethsession: >>> >>> connmanctl> session on >>> Session /sessions/_1_116/net/connman/connmanctl4383 created >>> Session Update = { >>> State = disconnected >> ... >>> ConnectionType = internet >>> AllowedBearers = [ ethernet ] >> >> So the correct 'ethernet' bearer is now selected. Good. As only one >> connection at a time can be in state 'online', only one session at a >> time can use type 'internet'; i.e. 'online' maps 1:1 to 'internet'. >> Therefore this is in line with the current connmanctl services output >> below. >> >>> wifisession: >>> >>> connmanctl> session on >>> Session /sessions/_1_117/net/connman/connmanctl4384 created >>> Session Update = { >>> State = online >> ... >>> Bearer = wifi >>> ConnectionType = internet >>> AllowedBearers = [ wifi ] >> >> Same here. >> >>> connmanctl> services >>> *AO abwifi-low wifi_0024d76e6c38_6162776966692d6c6f77_managed_psk >>> *AR Wired ethernet_68b599eda216_cable >> >> The wifi session can request state 'internet' and it will be connected, >> if the ethernet session does the same it is reported as being >> disconnected. >> >>> $> ip rule show >>> >>> 0: from all lookup local >>> 0: from all lookup main >>> 0: from all fwmark 0x1 lookup 1 >>> 0: from all fwmark 0x100 lookup ISP1 >>> 0: from all fwmark 0x101 lookup ISP2 >> >> Looks fine. ISP1 and ISP2 are in /etc/iproute2/rt_tables, right? ConnMan >> reuses the fwmark as the table name, so these have the values 256 and >> 257 respectively. Note that the fwmark value is not static and depends >> on the order of the sessions being activated. With this ISP1 and ISP2 >> strings will not always be mapped to the intended ISP1 and ISP2... >> >> What does 'ip route show table 0x100' and 'ip route show table 0x101' >> show here? Don't configure any of these tables manually in advance, let >> ConnMan handle the table and entry creation. >> >>> $> route -n >>> >>> >>> Kernel IP routing table >>> Destination Gateway Genmask Flags Metric Ref Use >>> Iface >>> 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 >>> wlan0 >>> 8.8.4.4 192.168.1.1 255.255.255.255 UGH 0 0 0 >>> wlan0 >>> 8.8.4.4 192.168.1.1 255.255.255.255 UGH 0 0 0 eth0 >>> 8.8.8.8 192.168.1.1 255.255.255.255 UGH 0 0 0 >>> wlan0 >>> 8.8.8.8 192.168.1.1 255.255.255.255 UGH 0 0 0 eth0 >>> 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 >>> 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 >>> wlan0 >>> 192.168.1.1 0.0.0.0 255.255.255.255 UH 0 0 0 >>> wlan0 >>> 192.168.1.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 >> >> This command shows the default routing table used for everybody else not >> matched by UIDs to specific tables. >> >> >>> $> iptables -t mangle -L >> ... >>> Chain connman-INPUT (1 references) >>> target prot opt source destination >>> CONNMARK all -- anywhere anywhere CONNMARK >>> restore >>> >>> >>> Chain connman-OUTPUT (1 references) >>> target prot opt source destination >>> MARK all -- anywhere anywhere owner UID >>> match ethsession MARK set 0x100 >>> MARK all -- anywhere anywhere owner UID >>> match wifisession MARK set 0x101 >>> >>> >>> Chain connman-POSTROUTING (1 references) >>> target prot opt source destination >>> CONNMARK all -- anywhere anywhere CONNMARK save >> >> Looks fine. >> >> All of this is now working correctly. Please check the output of 'ip >> route show table 0x...' >> >> Cheers, >> >> Patrik >> >> >> > _______________________________________________ connman mailing list [email protected] https://lists.connman.net/mailman/listinfo/connman
