Send connman mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.01.org/mailman/listinfo/connman
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of connman digest..."
Today's Topics:
1. [PATCH] gdhcp: use opened listening socket to send DHCP renew
request (Feng Wang)
2. RE: [RFC] vpn: Restrict connman-vpnd capabilities (Andrew Bibb)
3. Re: [RFC] vpn: Restrict connman-vpnd capabilities (Patrik Flykt)
4. Delete WiFi access points via dbus (Pushkin Andrei)
5. Fwd: [PATCH] gsupplicant: Mem leak in wpa_s because
"RemoveNetwork" not called (Naveen Singh)
----------------------------------------------------------------------
Message: 1
Date: Tue, 9 Feb 2016 12:24:03 -0800
From: Feng Wang <[email protected]>
To: [email protected]
Subject: [PATCH] gdhcp: use opened listening socket to send DHCP renew
request
Message-ID: <[email protected]>
It fix DHCP ACK lost issue when doing DHCP renewal.
When doing DHCP renew, 2 sockets are opened. One is for
listening DHCP ACK, the other is for transmitting DHCP request
which is closed immediately after transmitting is done. But in
some cases, the socket is closed after the DHCP ACK is received.
The kernel will route the packet to the transmitting socket
because it has a better match result(dst ip/port etc). And the
packet was dropped when the socket was closed.
---
gdhcp/client.c | 6 ++++--
gdhcp/common.c | 60 +++++++++++++++++++++++++++++++++++-----------------------
gdhcp/common.h | 2 +-
3 files changed, 41 insertions(+), 27 deletions(-)
diff --git a/gdhcp/client.c b/gdhcp/client.c
index 3bf8cb2..ad587b1 100644
--- a/gdhcp/client.c
+++ b/gdhcp/client.c
@@ -502,7 +502,8 @@ static int send_request(GDHCPClient *dhcp_client)
if (dhcp_client->state == RENEWING)
return dhcp_send_kernel_packet(&packet,
dhcp_client->requested_ip, CLIENT_PORT,
- dhcp_client->server_ip, SERVER_PORT);
+ dhcp_client->server_ip, SERVER_PORT,
+ dhcp_client->listener_sockfd);
return dhcp_send_raw_packet(&packet, INADDR_ANY, CLIENT_PORT,
INADDR_BROADCAST, SERVER_PORT,
@@ -526,7 +527,8 @@ static int send_release(GDHCPClient *dhcp_client,
dhcp_add_option_uint32(&packet, DHCP_SERVER_ID, server);
return dhcp_send_kernel_packet(&packet, ciaddr, CLIENT_PORT,
- server, SERVER_PORT);
+ server, SERVER_PORT,
+ dhcp_client->listener_sockfd);
}
static gboolean ipv4ll_probe_timeout(gpointer dhcp_data);
diff --git a/gdhcp/common.c b/gdhcp/common.c
index f3d4677..f0a9aa6 100644
--- a/gdhcp/common.c
+++ b/gdhcp/common.c
@@ -626,44 +626,56 @@ int dhcp_send_raw_packet(struct dhcp_packet *dhcp_pkt,
int dhcp_send_kernel_packet(struct dhcp_packet *dhcp_pkt,
uint32_t source_ip, int source_port,
- uint32_t dest_ip, int dest_port)
+ uint32_t dest_ip, int dest_port, int fd)
{
struct sockaddr_in client;
- int fd, n, opt = 1;
+ int n, opt = 1;
enum {
DHCP_SIZE = sizeof(struct dhcp_packet) -
EXTEND_FOR_BUGGY_SERVERS,
};
- fd = socket(PF_INET, SOCK_DGRAM | SOCK_CLOEXEC, IPPROTO_UDP);
- if (fd < 0)
- return -errno;
+ if (fd < 0) {
+ /* no socket opened, open a new socket to tx the packet and
close it */
+ fd = socket(PF_INET, SOCK_DGRAM | SOCK_CLOEXEC, IPPROTO_UDP);
+ if (fd < 0)
+ return -errno;
+
+ setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt));
+
+ memset(&client, 0, sizeof(client));
+ client.sin_family = AF_INET;
+ client.sin_port = htons(source_port);
+ client.sin_addr.s_addr = htonl(source_ip);
+ if (bind(fd, (struct sockaddr *) &client, sizeof(client)) < 0) {
+ close(fd);
+ return -errno;
+ }
- setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt));
+ memset(&client, 0, sizeof(client));
+ client.sin_family = AF_INET;
+ client.sin_port = htons(dest_port);
+ client.sin_addr.s_addr = htonl(dest_ip);
+ if (connect(fd, (struct sockaddr *) &client, sizeof(client)) <
0) {
+ close(fd);
+ return -errno;
+ }
- memset(&client, 0, sizeof(client));
- client.sin_family = AF_INET;
- client.sin_port = htons(source_port);
- client.sin_addr.s_addr = htonl(source_ip);
- if (bind(fd, (struct sockaddr *) &client, sizeof(client)) < 0) {
- close(fd);
- return -errno;
- }
+ n = write(fd, dhcp_pkt, DHCP_SIZE);
- memset(&client, 0, sizeof(client));
- client.sin_family = AF_INET;
- client.sin_port = htons(dest_port);
- client.sin_addr.s_addr = htonl(dest_ip);
- if (connect(fd, (struct sockaddr *) &client, sizeof(client)) < 0) {
close(fd);
- return -errno;
+ } else {
+ /* Using existed socket to transmit the packet */
+ memset(&client, 0, sizeof(client));
+ client.sin_family = AF_INET;
+ client.sin_port = htons(dest_port);
+ client.sin_addr.s_addr = htonl(dest_ip);
+
+ n = sendto(fd, dhcp_pkt, DHCP_SIZE, MSG_DONTWAIT,
+ (struct sockaddr *) &client, sizeof(client));
}
- n = write(fd, dhcp_pkt, DHCP_SIZE);
-
- close(fd);
-
if (n < 0)
return -errno;
diff --git a/gdhcp/common.h b/gdhcp/common.h
index 75abc18..b92d214 100644
--- a/gdhcp/common.h
+++ b/gdhcp/common.h
@@ -209,7 +209,7 @@ int dhcp_send_raw_packet(struct dhcp_packet *dhcp_pkt,
int dhcpv6_send_packet(int index, struct dhcpv6_packet *dhcp_pkt, int len);
int dhcp_send_kernel_packet(struct dhcp_packet *dhcp_pkt,
uint32_t source_ip, int source_port,
- uint32_t dest_ip, int dest_port);
+ uint32_t dest_ip, int dest_port, int fd);
int dhcp_l3_socket(int port, const char *interface, int family);
int dhcp_recv_l3_packet(struct dhcp_packet *packet, int fd);
int dhcpv6_recv_l3_packet(struct dhcpv6_packet **packet, unsigned char *buf,
--
2.7.0.rc3.207.g0ac5344
------------------------------
Message: 2
Date: Tue, 9 Feb 2016 19:24:58 -0500
From: Andrew Bibb <[email protected]>
To: Patrik Flykt <[email protected]>
Cc: "[email protected]" <[email protected]>
Subject: RE: [RFC] vpn: Restrict connman-vpnd capabilities
Message-ID: <[email protected]>
Content-Type: text/plain; charset="iso-8859-1"
> Subject: Re: [RFC] vpn: Restrict connman-vpnd capabilities
> From: [email protected]
> To: [email protected]
> CC: [email protected]
> Date: Tue, 9 Feb 2016 09:01:28 +0200
>
>
> Hi,
>
> On Mon, 2016-02-08 at 20:19 -0500, Andrew Bibb wrote:
> > Pretty much everything is in ~/.local/share. OpenVNP.CACert,
> > OpenVPN.Cert, OpenVPN.Key, OpenVPN.ConfigFile and OpenVPN.AuthUserPass
> > in the Connman provisioning file all point to files which live in a
> > sub-directory inside ~/.local/share. I'm trying to find where it puts
> > temporary files, but not having a lot of luck so far. I'm using a
> > stock Arch Linux install with no other modifications.
> >
> > From your response it sounds as if putting all these in ~/.local/share
> > is not correct. I was doing that because the VPN connection is only for
> > me, no one else.
>
> Reading stuff from ~/.local/share is ok. And works with the current
> systemd .service file. I also have certs stored in ~/ and it works fine
> here.
>
> Writing temporary and other stuff should go somewhere else, as an
> unmodified connman-vpnd will behave as running system-wide. Probably
> openvpn tries to write somewhere else than /var, which is prevented
> for /home by ProtectHome=read-only and /usr and /etc by
> ProtectSystem=full.
>
> Does the openvpn daemon start (ps axu | grep openvpn) ? Does the
> OpenVPN.ConfigFile point temporary or other configuration directories
> somewhere else than /var ?
>
> Somewhere else someone said that between Arch Linux 1.31-1 and 1.31-2
> modifications were made and /var/run/connman/resolv.conf stopped
> working. So at least something with the Arch packaging has changed.
>
> Cheers,
>
> Patrik
>
>
Patrik,
Thank you for all the pointers and time.
The file pointed to by OpenVPN.ConfigFile has no entry for --tmp-dir, so I
tried adding that line with it pointing /var and then /tmp (reboot between) and
no luck.
ps axu | grep openvpn returns one line so it appears that the daemon starts.
In connmanctl immediately after typing "connect" an error is returned:Error
/net/connman/service/SERVICE_NAME: Input/output error
I was thinking it was a permissions error which is what led me to the mailing
list posting. After trying the --tmp-dir option with no luck I removed the
single line:
CapabilityBoundingSet=CAP_KILL CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW
The ProtectHome and ProtectSystem lines I left in and that combination of lines
work. I can make a connection just as it used to.
It is very much sounding like it is not a Connman issue, but rather a packaging
issue. I can open a bug report on Arch. I also want to see what they did
between 1.31-1 and 1-31-2. I upgrade on a weekly basis and completely missed
the 1.31-1 release. It must not have been out there for long.
Andrew
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.01.org/pipermail/connman/attachments/20160209/95c617d1/attachment-0001.html>
------------------------------
Message: 3
Date: Wed, 10 Feb 2016 09:48:25 +0200
From: Patrik Flykt <[email protected]>
To: Andrew Bibb <[email protected]>
Cc: "[email protected]" <[email protected]>
Subject: Re: [RFC] vpn: Restrict connman-vpnd capabilities
Message-ID: <[email protected]>
Content-Type: text/plain; charset="UTF-8"
Hi,
On Tue, 2016-02-09 at 19:24 -0500, Andrew Bibb wrote:
> The file pointed to by OpenVPN.ConfigFile has no entry for --tmp-dir,
> so I tried adding that line with it pointing /var and then /tmp
> (reboot between) and no luck.
--tmp-dir is better placed in /tmp. Stopping the vpn service and killing
connman-vpnd should be enough.
> ps axu | grep openvpn returns one line so it appears that the daemon
> starts.
>
> In connmanctl immediately after typing "connect" an error is returned:
> Error /net/connman/service/SERVICE_NAME: Input/output error
Is connman-vpnd trying to ask input from you? Have a connmanctl running
with 'vpnagent on' to see if the user is prompted for something.
> I was thinking it was a permissions error which is what led me to the
> mailing list posting. After trying the --tmp-dir option with no luck
> I removed the single line:
>
> CapabilityBoundingSet=CAP_KILL CAP_NET_ADMIN CAP_NET_BIND_SERVICE
> CAP_NET_RAW
If this worked, then VPNC started by connman-vpnd needs some extra
capability. For startes check that the VPNC daemon is capable of writing
into the temporary directory as it is one possible source of problems
since the capalities are now limited.
> The ProtectHome and ProtectSystem lines I left in and that combination
> of lines work. I can make a connection just as it used to.
>
>
> It is very much sounding like it is not a Connman issue, but rather a
> packaging issue. I can open a bug report on Arch. I also want to see
> what they did between 1.31-1 and 1-31-2. I upgrade on a weekly basis
> and completely missed the 1.31-1 release. It must not have been out
> there for long.
The 1.31-2 does something funny when symlinking /etc/resolv.conf, it
basically drops the /run direcotory creation. But the previous version,
if installed, has already created the symlink from /etc/resolv.conf or
similar. I was unable to quickly figure out whether something else was
modified, I'm not familiar with Arch Linux packaging.
Cheers,
Patrik
------------------------------
Message: 4
Date: Wed, 10 Feb 2016 11:51:44 +0000
From: Pushkin Andrei <[email protected]>
To: "[email protected]" <[email protected]>
Subject: Delete WiFi access points via dbus
Message-ID:
<b2c6c6c6422e5f47a75eaed990eaefe3029df90...@sv-exmb01-lo1.promwad.corp>
Content-Type: text/plain; charset="koi8-r"
Hi. How I can delete all that connman know about AP (like rm -rf
/var/lib/connman/wifi_SOME_THING) via dbus?
Andrei Pushkin
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.01.org/pipermail/connman/attachments/20160210/d9656cfa/attachment-0001.html>
------------------------------
Message: 5
Date: Wed, 10 Feb 2016 11:08:10 -0800
From: Naveen Singh <[email protected]>
To: [email protected]
Subject: Fwd: [PATCH] gsupplicant: Mem leak in wpa_s because
"RemoveNetwork" not called
Message-ID:
<CAGTDzK=MmPYyb64hC3F=BFtMTKPDU=p=s60g9tkwhyohpjn...@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
Hi All
Looks like this was lost.
Regards
Naveen
---------- Forwarded message ----------
From: Naveen Singh <[email protected]>
Date: Sun, Feb 7, 2016 at 12:06 AM
Subject: [PATCH] gsupplicant: Mem leak in wpa_s because
"RemoveNetwork" not called
To: [email protected]
From: nasingh <[email protected]>
Connman did not call netwok_remove in case AP deauthenticated client causing
wpa_s to re-allocate the ssid pointer even if the next connection attempt
is for the same SSID. This change ensures that at the time of connection
(DBUS Method call AddNetwork) if the network is found not removed, it calls
the dbus API to remove the network and once network is removed, proceed with
the connection.
Tested by running a deauth loop script at the AP end and ensure that wpa_s does
not allocate memory for struct wpa_ssid for all the subsequent
connection attempts. During the test memory usage of wpa_s is monitored.
---
gsupplicant/supplicant.c | 139 ++++++++++++++++++++++++++++++-----------------
1 file changed, 89 insertions(+), 50 deletions(-)
diff --git a/gsupplicant/supplicant.c b/gsupplicant/supplicant.c
index 342cb01..b954e91 100644
--- a/gsupplicant/supplicant.c
+++ b/gsupplicant/supplicant.c
@@ -249,6 +249,51 @@ struct _GSupplicantGroup {
GSList *members;
};
+struct interface_data {
+ GSupplicantInterface *interface;
+ char *path; /* Interface path cannot be taken from interface (above) as
+ * it might have been freed already.
+ */
+ GSupplicantInterfaceCallback callback;
+ void *user_data;
+ bool network_remove_in_progress;
+};
+
+struct interface_create_data {
+ char *ifname;
+ char *driver;
+ char *bridge;
+ GSupplicantInterface *interface;
+ GSupplicantInterfaceCallback callback;
+ void *user_data;
+};
+
+struct interface_connect_data {
+ GSupplicantInterface *interface;
+ char *path;
+ GSupplicantInterfaceCallback callback;
+ void *user_data;
+ bool network_remove_in_progress;
+ union {
+ GSupplicantSSID *ssid;
+ GSupplicantPeerParams *peer;
+ };
+};
+
+struct interface_scan_data {
+ GSupplicantInterface *interface;
+ char *path;
+ GSupplicantInterfaceCallback callback;
+ GSupplicantScanParams *scan_params;
+ void *user_data;
+};
+
+
+static int network_remove(struct interface_data *data);
+static void network_remove_params(DBusMessageIter *iter, void *user_data);
+static void network_remove_result(const char *error,
+ DBusMessageIter *iter, void *user_data);
+
static inline void debug(const char *format, ...)
{
char str[256];
@@ -3476,43 +3521,6 @@ GSupplicantPeer
*g_supplicant_interface_peer_lookup(GSupplicantInterface *interf
return peer;
}
-struct interface_data {
- GSupplicantInterface *interface;
- char *path; /* Interface path cannot be taken from interface (above) as
- * it might have been freed already.
- */
- GSupplicantInterfaceCallback callback;
- void *user_data;
-};
-
-struct interface_create_data {
- char *ifname;
- char *driver;
- char *bridge;
- GSupplicantInterface *interface;
- GSupplicantInterfaceCallback callback;
- void *user_data;
-};
-
-struct interface_connect_data {
- GSupplicantInterface *interface;
- char *path;
- GSupplicantInterfaceCallback callback;
- union {
- GSupplicantSSID *ssid;
- GSupplicantPeerParams *peer;
- };
- void *user_data;
-};
-
-struct interface_scan_data {
- GSupplicantInterface *interface;
- char *path;
- GSupplicantInterfaceCallback callback;
- GSupplicantScanParams *scan_params;
- void *user_data;
-};
-
static void interface_create_data_free(struct interface_create_data *data)
{
g_free(data->ifname);
@@ -4105,7 +4113,6 @@ static void interface_add_network_result(const
char *error,
SUPPLICANT_DBG("PATH: %s", path);
- g_free(interface->network_path);
interface->network_path = g_strdup(path);
supplicant_dbus_method_call(data->interface->path,
@@ -4656,7 +4663,7 @@ int
g_supplicant_interface_connect(GSupplicantInterface *interface,
void *user_data)
{
struct interface_connect_data *data;
- int ret;
+ int ret = 0;
if (!interface)
return -EINVAL;
@@ -4685,12 +4692,33 @@ int
g_supplicant_interface_connect(GSupplicantInterface *interface,
SUPPLICANT_INTERFACE ".Interface.WPS",
"ProcessCredentials", DBUS_TYPE_BOOLEAN_AS_STRING,
wps_process_credentials, wps_start, data, interface);
- } else
- ret = supplicant_dbus_method_call(interface->path,
- SUPPLICANT_INTERFACE ".Interface", "AddNetwork",
- interface_add_network_params,
- interface_add_network_result, data,
- interface);
+ } else {
+ /* By the time there is a request for connect and the network
+ * path is not NULL it means that connman has not removed the
+ * previous network pointer. This can happen in the case AP
+ * deauthenticated client and connman does not remove the
+ * previously connected network pointer. This causes supplicant
+ * to reallocate the memory for struct wpa_ssid again even if it
+ * is the same SSID. This causes memory usage of wpa_supplicnat
+ * to go high. The idea here is that if the previously connected
+ * network is not removed at the time of next connection attempt
+ * check if the network path is not NULL. In case it is non-NULL
+ * first remove the network and then once removal is
successful, add
+ * the network.
+ */
+
+ if (interface->network_path != NULL) {
+ data->network_remove_in_progress = TRUE;
+ network_remove((struct interface_data *)data);
+ }
+ else {
+ ret = supplicant_dbus_method_call(interface->path,
+ SUPPLICANT_INTERFACE
".Interface", "AddNetwork",
+ interface_add_network_params,
+ interface_add_network_result, data,
+ interface);
+ }
+ }
if (ret < 0) {
g_free(data->path);
@@ -4716,12 +4744,23 @@ static void network_remove_result(const char *error,
result = -ECONNABORTED;
}
- g_free(data->path);
+ g_free(data->interface->network_path);
+ data->interface->network_path = NULL;
- if (data->callback)
- data->callback(result, data->interface, data->user_data);
-
- dbus_free(data);
+ if (data->network_remove_in_progress == TRUE) {
+ data->network_remove_in_progress = FALSE;
+ supplicant_dbus_method_call(data->interface->path,
+ SUPPLICANT_INTERFACE ".Interface", "AddNetwork",
+ interface_add_network_params,
+ interface_add_network_result, data,
+ data->interface);
+ }
+ else {
+ g_free(data->path);
+ if (data->callback)
+ data->callback(result, data->interface,
data->user_data);
+ dbus_free(data);
+ }
}
static void network_remove_params(DBusMessageIter *iter, void *user_data)
--
2.7.0.rc3.207.g0ac5344
------------------------------
Subject: Digest Footer
_______________________________________________
connman mailing list
[email protected]
https://lists.01.org/mailman/listinfo/connman
------------------------------
End of connman Digest, Vol 4, Issue 12
**************************************
