Send connman mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.01.org/mailman/listinfo/connman
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of connman digest..."
Today's Topics:
1. [PATCHv2 3/5] openvpn: Add support for tap devices
(Hendrik Donner)
2. [PATCHv2 1/5] doc: Add tap device related configuration
options for OpenVPN (Hendrik Donner)
3. [PATCHv2 0/5] vpn: Add support for tap devices (Hendrik Donner)
4. [PATCHv2 4/5] doc: Add tap device related configuration
options for VPNC (Hendrik Donner)
5. [PATCHv2 2/5] vpn: Add tap device support (Hendrik Donner)
6. [PATCHv2 5/5] vpnc: Add support for tap devices (Hendrik Donner)
----------------------------------------------------------------------
Message: 1
Date: Sat, 27 Feb 2016 20:38:22 +0100
From: Hendrik Donner <[email protected]>
To: [email protected]
Subject: [PATCHv2 3/5] openvpn: Add support for tap devices
Message-ID: <[email protected]>
Implement support for the OpenVPN.DeviceType configuration option by
implementing the device flags function and configuring OpenVPN properly.
Signed-off-by: Hendrik Donner <[email protected]>
---
vpn/plugins/openvpn.c | 23 ++++++++++++++++++++++-
1 file changed, 22 insertions(+), 1 deletion(-)
diff --git a/vpn/plugins/openvpn.c b/vpn/plugins/openvpn.c
index 9ee5795..814d635 100644
--- a/vpn/plugins/openvpn.c
+++ b/vpn/plugins/openvpn.c
@@ -29,6 +29,7 @@
#include <unistd.h>
#include <stdio.h>
#include <net/if.h>
+#include <linux/if_tun.h>
#include <glib.h>
@@ -71,6 +72,7 @@ struct {
{ "OpenVPN.CompLZO", "--comp-lzo", 0 },
{ "OpenVPN.RemoteCertTls", "--remote-cert-tls", 1 },
{ "OpenVPN.ConfigFile", "--config", 1 },
+ { "OpenVPN.DeviceType", NULL, 1 },
};
struct nameserver_entry {
@@ -362,7 +364,15 @@ static int ov_connect(struct vpn_provider *provider,
connman_task_get_path(task));
connman_task_add_argument(task, "--dev", if_name);
- connman_task_add_argument(task, "--dev-type", "tun");
+ option = vpn_provider_get_string(provider, "OpenVPN.DeviceType");
+ if (option) {
+ connman_task_add_argument(task, "--dev-type", option);
+ } else {
+ /*
+ * Default to tun for backwards compatibility.
+ */
+ connman_task_add_argument(task, "--dev-type", "tun");
+ }
connman_task_add_argument(task, "--persist-tun", NULL);
@@ -395,10 +405,21 @@ done:
return err;
}
+static int ov_device_flags(struct vpn_provider *provider)
+{
+ const char *tun;
+ tun = vpn_provider_get_string(provider, "OpenVPN.DeviceType");
+ if (tun) {
+ return g_str_equal(tun, "tap") ? IFF_TAP : IFF_TUN;
+ }
+ return IFF_TUN;
+}
+
static struct vpn_driver vpn_driver = {
.notify = ov_notify,
.connect = ov_connect,
.save = ov_save,
+ .device_flags = ov_device_flags,
};
static int openvpn_init(void)
--
2.7.2
------------------------------
Message: 2
Date: Sat, 27 Feb 2016 20:38:20 +0100
From: Hendrik Donner <[email protected]>
To: [email protected]
Subject: [PATCHv2 1/5] doc: Add tap device related configuration
options for OpenVPN
Message-ID: <[email protected]>
Signed-off-by: Hendrik Donner <[email protected]>
---
doc/connman-vpn-provider.config.5.in | 4 ++++
doc/vpn-config-format.txt | 3 +++
2 files changed, 7 insertions(+)
diff --git a/doc/connman-vpn-provider.config.5.in
b/doc/connman-vpn-provider.config.5.in
index 5393260..6b5306a 100644
--- a/doc/connman-vpn-provider.config.5.in
+++ b/doc/connman-vpn-provider.config.5.in
@@ -145,6 +145,10 @@ Require that remote certificate is signed based on RFC3280
TLS rules.
.TP
.BI OpenVPN.ConfigFile= file
OpenVPN config file for extra options not supported by the OpenVPN plugin.
+.TP
+.BI OpenVPN.DeviceType= tun \fR|\fB tap
+Whether the VPN should use a tun (OSI layer 3) or tap (OSI layer 2) device.
+Defaults to tun if omitted.
.SS VPNC
The following key is mandatory for \fBvpnc\fP(8) networks:
.TP
diff --git a/doc/vpn-config-format.txt b/doc/vpn-config-format.txt
index 1f5bac8..64eaeba 100644
--- a/doc/vpn-config-format.txt
+++ b/doc/vpn-config-format.txt
@@ -105,6 +105,9 @@ OpenVPN VPN supports following options (see openvpn(8) for
details):
OpenVPN.ConfigFile --config OpenVPN config file that can contain
extra options not supported by OpenVPN
plugin (O)
+ OpenVPN.DeviceType --dev-type Whether the VPN should use a tun (OSI
+ layer 3) or tap (OSI layer 2) device.
+ Value is "tun" (default) or "tap" (O)
VPNC VPN supports following options (see vpnc(8) for details):
Option name VPNC config value Description
--
2.7.2
------------------------------
Message: 3
Date: Sat, 27 Feb 2016 20:38:19 +0100
From: Hendrik Donner <[email protected]>
To: [email protected]
Subject: [PATCHv2 0/5] vpn: Add support for tap devices
Message-ID: <[email protected]>
Updated patch series for VPN tap device support.
The first three patches add general support for tap device creation and the
OpenVPN configuration part. I successfully tested this part against my own
OpenVPN server.
The last two patches add the VPNC configuration part. I could only compile
test those changes.
v2:
- split out the man pages and doc changes
- make the tap device configurations OpenVPN and VPNC specific
- get the flags for device creation from VPN plugin configuration via a new
VPN driver function
Hendrik Donner (5):
doc: Add tap device related configuration options for OpenVPN
vpn: Add tap device support
openvpn: Add support for tap devices
doc: Add tap device related configuration options for VPNC
vpnc: Add support for tap devices
doc/connman-vpn-provider.config.5.in | 8 ++++++++
doc/vpn-config-format.txt | 6 ++++++
vpn/plugins/openvpn.c | 23 ++++++++++++++++++++++-
vpn/plugins/vpn.c | 15 ++++++++++-----
vpn/plugins/vpn.h | 1 +
vpn/plugins/vpnc.c | 22 +++++++++++++++++-----
6 files changed, 64 insertions(+), 11 deletions(-)
--
2.7.2
------------------------------
Message: 4
Date: Sat, 27 Feb 2016 20:38:23 +0100
From: Hendrik Donner <[email protected]>
To: [email protected]
Subject: [PATCHv2 4/5] doc: Add tap device related configuration
options for VPNC
Message-ID: <[email protected]>
Signed-off-by: Hendrik Donner <[email protected]>
---
doc/connman-vpn-provider.config.5.in | 4 ++++
doc/vpn-config-format.txt | 3 +++
2 files changed, 7 insertions(+)
diff --git a/doc/connman-vpn-provider.config.5.in
b/doc/connman-vpn-provider.config.5.in
index 6b5306a..7587a85 100644
--- a/doc/connman-vpn-provider.config.5.in
+++ b/doc/connman-vpn-provider.config.5.in
@@ -201,6 +201,10 @@ Enable single DES encryption.
.TP
.B VPNC.NoEncryption=true \fR|\fB false
Enable usage of no encryption for data traffic.
+.TP
+.BI VPNC.InterfaceMode= tun \fR|\fB tap
+Whether the VPN should use a tun (OSI layer 3) or tap (OSI layer 2) device.
+Defaults to tun if omitted.
.SS L2TP
The following keys are optional for l2tp (\fBxl2tp.conf\fP(5), \fBpppd\fP(8))
networks:
diff --git a/doc/vpn-config-format.txt b/doc/vpn-config-format.txt
index 64eaeba..609c1c6 100644
--- a/doc/vpn-config-format.txt
+++ b/doc/vpn-config-format.txt
@@ -131,6 +131,9 @@ VPNC VPN supports following options (see vpnc(8) for
details):
VPNC.SingleDES Enable Single DES enables single DES encryption (O)
VPNC.NoEncryption Enable no encryption enables using no encryption for data
traffic (O)
+ VPNC.InterfaceMode Interface mode Whether the VPN should use a tun
(OSI
+ layer 3) or tap (OSI layer 2)
device.
+ Value is "tun" (default) or "tap"
(O)
L2TP VPN supports following options (see xl2tpd.conf(5) and pppd(8) for
details)
Option name xl2tpd config value Description
--
2.7.2
------------------------------
Message: 5
Date: Sat, 27 Feb 2016 20:38:21 +0100
From: Hendrik Donner <[email protected]>
To: [email protected]
Subject: [PATCHv2 2/5] vpn: Add tap device support
Message-ID: <[email protected]>
Allow VPN drivers to implement a function for specifying flags for device
creation. This allows VPN plugins to use tap or tun devices depending on their
configuration.
Signed-off-by: Hendrik Donner <[email protected]>
---
vpn/plugins/vpn.c | 15 ++++++++++-----
vpn/plugins/vpn.h | 1 +
2 files changed, 11 insertions(+), 5 deletions(-)
diff --git a/vpn/plugins/vpn.c b/vpn/plugins/vpn.c
index 1b5af6e..9a42385 100644
--- a/vpn/plugins/vpn.c
+++ b/vpn/plugins/vpn.c
@@ -56,6 +56,7 @@ struct vpn_data {
unsigned int watch;
enum vpn_state state;
struct connman_task *task;
+ int tun_flags;
};
struct vpn_driver_data {
@@ -89,7 +90,7 @@ static int stop_vpn(struct vpn_provider *provider)
return 0;
memset(&ifr, 0, sizeof(ifr));
- ifr.ifr_flags = IFF_TUN | IFF_NO_PI;
+ ifr.ifr_flags = data->tun_flags | IFF_NO_PI;
sprintf(ifr.ifr_name, "%s", data->if_name);
fd = open("/dev/net/tun", O_RDWR | O_CLOEXEC);
@@ -335,7 +336,7 @@ static DBusMessage *vpn_notify(struct connman_task *task,
return NULL;
}
-static int vpn_create_tun(struct vpn_provider *provider)
+static int vpn_create_tun(struct vpn_provider *provider, int flags)
{
struct vpn_data *data = vpn_provider_get_data(provider);
struct ifreq ifr;
@@ -355,7 +356,7 @@ static int vpn_create_tun(struct vpn_provider *provider)
}
memset(&ifr, 0, sizeof(ifr));
- ifr.ifr_flags = IFF_TUN | IFF_NO_PI;
+ ifr.ifr_flags = flags | IFF_NO_PI;
for (i = 0; i < 256; i++) {
sprintf(ifr.ifr_name, "vpn%d", i);
@@ -371,6 +372,7 @@ static int vpn_create_tun(struct vpn_provider *provider)
goto exist_err;
}
+ data->tun_flags = flags;
data->if_name = (char *)g_strdup(ifr.ifr_name);
if (!data->if_name) {
connman_error("Failed to allocate memory");
@@ -412,7 +414,7 @@ static int vpn_connect(struct vpn_provider *provider,
struct vpn_data *data = vpn_provider_get_data(provider);
struct vpn_driver_data *vpn_driver_data;
const char *name;
- int ret = 0;
+ int ret = 0, tun_flags = IFF_TUN;
enum vpn_state state = VPN_STATE_UNKNOWN;
if (data)
@@ -460,7 +462,10 @@ static int vpn_connect(struct vpn_provider *provider,
}
if (vpn_driver_data->vpn_driver->flags != VPN_FLAG_NO_TUN) {
- ret = vpn_create_tun(provider);
+ if (vpn_driver_data->vpn_driver->device_flags) {
+ tun_flags =
vpn_driver_data->vpn_driver->device_flags(provider);
+ }
+ ret = vpn_create_tun(provider, tun_flags);
if (ret < 0)
goto exist_err;
}
diff --git a/vpn/plugins/vpn.h b/vpn/plugins/vpn.h
index bf56728..cb94bdc 100644
--- a/vpn/plugins/vpn.h
+++ b/vpn/plugins/vpn.h
@@ -50,6 +50,7 @@ struct vpn_driver {
void (*disconnect) (struct vpn_provider *provider);
int (*error_code) (struct vpn_provider *provider, int exit_code);
int (*save) (struct vpn_provider *provider, GKeyFile *keyfile);
+ int (*device_flags) (struct vpn_provider *provider);
};
int vpn_register(const char *name, struct vpn_driver *driver,
--
2.7.2
------------------------------
Message: 6
Date: Sat, 27 Feb 2016 20:38:24 +0100
From: Hendrik Donner <[email protected]>
To: [email protected]
Subject: [PATCHv2 5/5] vpnc: Add support for tap devices
Message-ID: <[email protected]>
Implement support for the VPNC.InferfaceMode configuration option by
implementing the device flags function and configuring VPNC properly.
Signed-off-by: Hendrik Donner <[email protected]>
---
Only compile tested.
vpn/plugins/vpnc.c | 22 +++++++++++++++++-----
1 file changed, 17 insertions(+), 5 deletions(-)
diff --git a/vpn/plugins/vpnc.c b/vpn/plugins/vpnc.c
index e358d63..afe1958 100644
--- a/vpn/plugins/vpnc.c
+++ b/vpn/plugins/vpnc.c
@@ -29,6 +29,7 @@
#include <unistd.h>
#include <stdio.h>
#include <net/if.h>
+#include <linux/if_tun.h>
#include <glib.h>
@@ -80,6 +81,7 @@ struct {
{ "VPNC.SingleDES", "Enable Single DES", NULL, OPT_BOOLEAN, true },
{ "VPNC.NoEncryption", "Enable no encryption", NULL, OPT_BOOLEAN,
true },
+ { "VPNC.InterfaceMode", "Interface Mode", "tun", OPT_STRING, true },
};
static int vc_notify(DBusMessage *msg, struct vpn_provider *provider)
@@ -287,7 +289,6 @@ static int vc_connect(struct vpn_provider *provider,
connman_task_add_argument(task, "--no-detach", NULL);
connman_task_add_argument(task, "--ifname", if_name);
- connman_task_add_argument(task, "--ifmode", "tun");
connman_task_add_argument(task, "--script",
SCRIPTDIR "/openconnect-script");
@@ -329,11 +330,22 @@ static int vc_error_code(struct vpn_provider *provider,
int exit_code)
}
}
+static int vc_device_flags(struct vpn_provider *provider)
+{
+ const char *tun;
+ tun = vpn_provider_get_string(provider, "VPNC.InterfaceMode");
+ if (tun) {
+ return g_str_equal(tun, "tap") ? IFF_TAP : IFF_TUN;
+ }
+ return IFF_TUN;
+}
+
static struct vpn_driver vpn_driver = {
- .notify = vc_notify,
- .connect = vc_connect,
- .error_code = vc_error_code,
- .save = vc_save,
+ .notify = vc_notify,
+ .connect = vc_connect,
+ .error_code = vc_error_code,
+ .save = vc_save,
+ .device_flags = vc_device_flags,
};
static int vpnc_init(void)
--
2.7.2
------------------------------
Subject: Digest Footer
_______________________________________________
connman mailing list
[email protected]
https://lists.01.org/mailman/listinfo/connman
------------------------------
End of connman Digest, Vol 4, Issue 36
**************************************
