Send connman mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.01.org/mailman/listinfo/connman
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of connman digest..."
Today's Topics:
1. [PATCHv3 4/5] doc: Add tap device related configuration
options for VPNC (Hendrik Donner)
2. [PATCHv3 0/5] vpn: Add support for tap devices (Hendrik Donner)
3. [PATCHv3 1/5] doc: Add tap device related configuration
options for OpenVPN (Hendrik Donner)
4. [PATCHv3 2/5] vpn: Add tap device support (Hendrik Donner)
5. [PATCHv3 3/5] openvpn: Add support for tap devices
(Hendrik Donner)
6. [PATCHv3 5/5] vpnc: Add support for tap devices (Hendrik Donner)
7. Re: [PATCHv3 5/5] vpnc: Add support for tap devices
(Hendrik Donner)
8. Remove an additional DBUS count (Naveen Singh)
9. Re: Remove an additional DBUS call (Naveen Singh)
----------------------------------------------------------------------
Message: 1
Date: Wed, 2 Mar 2016 23:31:37 +0100
From: Hendrik Donner <[email protected]>
To: [email protected]
Subject: [PATCHv3 4/5] doc: Add tap device related configuration
options for VPNC
Message-ID: <[email protected]>
---
doc/connman-vpn-provider.config.5.in | 4 ++++
doc/vpn-config-format.txt | 3 +++
2 files changed, 7 insertions(+)
diff --git a/doc/connman-vpn-provider.config.5.in
b/doc/connman-vpn-provider.config.5.in
index 6b5306a..ef70435 100644
--- a/doc/connman-vpn-provider.config.5.in
+++ b/doc/connman-vpn-provider.config.5.in
@@ -201,6 +201,10 @@ Enable single DES encryption.
.TP
.B VPNC.NoEncryption=true \fR|\fB false
Enable usage of no encryption for data traffic.
+.TP
+.BI VPNC.DeviceType= tun \fR|\fB tap
+Whether the VPN should use a tun (OSI layer 3) or tap (OSI layer 2) device.
+Defaults to tun if omitted.
.SS L2TP
The following keys are optional for l2tp (\fBxl2tp.conf\fP(5), \fBpppd\fP(8))
networks:
diff --git a/doc/vpn-config-format.txt b/doc/vpn-config-format.txt
index 64eaeba..0bc62c0 100644
--- a/doc/vpn-config-format.txt
+++ b/doc/vpn-config-format.txt
@@ -131,6 +131,9 @@ VPNC VPN supports following options (see vpnc(8) for
details):
VPNC.SingleDES Enable Single DES enables single DES encryption (O)
VPNC.NoEncryption Enable no encryption enables using no encryption for data
traffic (O)
+ VPNC.DeviceType Interface mode Whether the VPN should use a tun
(OSI
+ layer 3) or tap (OSI layer 2)
device.
+ Value is "tun" (default) or "tap"
(O)
L2TP VPN supports following options (see xl2tpd.conf(5) and pppd(8) for
details)
Option name xl2tpd config value Description
--
2.7.2
------------------------------
Message: 2
Date: Wed, 2 Mar 2016 23:31:33 +0100
From: Hendrik Donner <[email protected]>
To: [email protected]
Subject: [PATCHv3 0/5] vpn: Add support for tap devices
Message-ID: <[email protected]>
Updated patch series for VPN tap device support.
The first three patches add general support for tap device creation and the
OpenVPN configuration part. I successfully tested this part against my own
OpenVPN server.
The last two patches add the VPNC configuration part. I could only compile
test those changes.
v3:
- rename VPNC.InterfaceMode to VPNC.DeviceType
- only allow tun or tap for {OpenVPN,VPNC}.DeviceType, fallback to tun and print
a warning for bad values
- rework VPNC device handling to mirror the OpenVPN device handling, that should
actually work now
v2:
- split out the man pages and doc changes
- make the tap device configurations OpenVPN and VPNC specific
- get the flags for device creation from VPN plugin configuration via a new
VPN driver function
Hendrik Donner (5):
doc: Add tap device related configuration options for OpenVPN
vpn: Add tap device support
openvpn: Add support for tap devices
doc: Add tap device related configuration options for VPNC
vpnc: Add support for tap devices
doc/connman-vpn-provider.config.5.in | 8 ++++++++
doc/vpn-config-format.txt | 6 ++++++
vpn/plugins/openvpn.c | 33 ++++++++++++++++++++++++++++-
vpn/plugins/vpn.c | 15 +++++++++-----
vpn/plugins/vpn.h | 1 +
vpn/plugins/vpnc.c | 40 +++++++++++++++++++++++++++++++-----
6 files changed, 92 insertions(+), 11 deletions(-)
--
2.7.2
------------------------------
Message: 3
Date: Wed, 2 Mar 2016 23:31:34 +0100
From: Hendrik Donner <[email protected]>
To: [email protected]
Subject: [PATCHv3 1/5] doc: Add tap device related configuration
options for OpenVPN
Message-ID: <[email protected]>
---
doc/connman-vpn-provider.config.5.in | 4 ++++
doc/vpn-config-format.txt | 3 +++
2 files changed, 7 insertions(+)
diff --git a/doc/connman-vpn-provider.config.5.in
b/doc/connman-vpn-provider.config.5.in
index 5393260..6b5306a 100644
--- a/doc/connman-vpn-provider.config.5.in
+++ b/doc/connman-vpn-provider.config.5.in
@@ -145,6 +145,10 @@ Require that remote certificate is signed based on RFC3280
TLS rules.
.TP
.BI OpenVPN.ConfigFile= file
OpenVPN config file for extra options not supported by the OpenVPN plugin.
+.TP
+.BI OpenVPN.DeviceType= tun \fR|\fB tap
+Whether the VPN should use a tun (OSI layer 3) or tap (OSI layer 2) device.
+Defaults to tun if omitted.
.SS VPNC
The following key is mandatory for \fBvpnc\fP(8) networks:
.TP
diff --git a/doc/vpn-config-format.txt b/doc/vpn-config-format.txt
index 1f5bac8..64eaeba 100644
--- a/doc/vpn-config-format.txt
+++ b/doc/vpn-config-format.txt
@@ -105,6 +105,9 @@ OpenVPN VPN supports following options (see openvpn(8) for
details):
OpenVPN.ConfigFile --config OpenVPN config file that can contain
extra options not supported by OpenVPN
plugin (O)
+ OpenVPN.DeviceType --dev-type Whether the VPN should use a tun (OSI
+ layer 3) or tap (OSI layer 2) device.
+ Value is "tun" (default) or "tap" (O)
VPNC VPN supports following options (see vpnc(8) for details):
Option name VPNC config value Description
--
2.7.2
------------------------------
Message: 4
Date: Wed, 2 Mar 2016 23:31:35 +0100
From: Hendrik Donner <[email protected]>
To: [email protected]
Subject: [PATCHv3 2/5] vpn: Add tap device support
Message-ID: <[email protected]>
Allow VPN drivers to implement a function for specifying flags for device
creation. This allows VPN plugins to use tap or tun devices depending on their
configuration.
---
vpn/plugins/vpn.c | 15 ++++++++++-----
vpn/plugins/vpn.h | 1 +
2 files changed, 11 insertions(+), 5 deletions(-)
diff --git a/vpn/plugins/vpn.c b/vpn/plugins/vpn.c
index 1b5af6e..9a42385 100644
--- a/vpn/plugins/vpn.c
+++ b/vpn/plugins/vpn.c
@@ -56,6 +56,7 @@ struct vpn_data {
unsigned int watch;
enum vpn_state state;
struct connman_task *task;
+ int tun_flags;
};
struct vpn_driver_data {
@@ -89,7 +90,7 @@ static int stop_vpn(struct vpn_provider *provider)
return 0;
memset(&ifr, 0, sizeof(ifr));
- ifr.ifr_flags = IFF_TUN | IFF_NO_PI;
+ ifr.ifr_flags = data->tun_flags | IFF_NO_PI;
sprintf(ifr.ifr_name, "%s", data->if_name);
fd = open("/dev/net/tun", O_RDWR | O_CLOEXEC);
@@ -335,7 +336,7 @@ static DBusMessage *vpn_notify(struct connman_task *task,
return NULL;
}
-static int vpn_create_tun(struct vpn_provider *provider)
+static int vpn_create_tun(struct vpn_provider *provider, int flags)
{
struct vpn_data *data = vpn_provider_get_data(provider);
struct ifreq ifr;
@@ -355,7 +356,7 @@ static int vpn_create_tun(struct vpn_provider *provider)
}
memset(&ifr, 0, sizeof(ifr));
- ifr.ifr_flags = IFF_TUN | IFF_NO_PI;
+ ifr.ifr_flags = flags | IFF_NO_PI;
for (i = 0; i < 256; i++) {
sprintf(ifr.ifr_name, "vpn%d", i);
@@ -371,6 +372,7 @@ static int vpn_create_tun(struct vpn_provider *provider)
goto exist_err;
}
+ data->tun_flags = flags;
data->if_name = (char *)g_strdup(ifr.ifr_name);
if (!data->if_name) {
connman_error("Failed to allocate memory");
@@ -412,7 +414,7 @@ static int vpn_connect(struct vpn_provider *provider,
struct vpn_data *data = vpn_provider_get_data(provider);
struct vpn_driver_data *vpn_driver_data;
const char *name;
- int ret = 0;
+ int ret = 0, tun_flags = IFF_TUN;
enum vpn_state state = VPN_STATE_UNKNOWN;
if (data)
@@ -460,7 +462,10 @@ static int vpn_connect(struct vpn_provider *provider,
}
if (vpn_driver_data->vpn_driver->flags != VPN_FLAG_NO_TUN) {
- ret = vpn_create_tun(provider);
+ if (vpn_driver_data->vpn_driver->device_flags) {
+ tun_flags =
vpn_driver_data->vpn_driver->device_flags(provider);
+ }
+ ret = vpn_create_tun(provider, tun_flags);
if (ret < 0)
goto exist_err;
}
diff --git a/vpn/plugins/vpn.h b/vpn/plugins/vpn.h
index bf56728..cb94bdc 100644
--- a/vpn/plugins/vpn.h
+++ b/vpn/plugins/vpn.h
@@ -50,6 +50,7 @@ struct vpn_driver {
void (*disconnect) (struct vpn_provider *provider);
int (*error_code) (struct vpn_provider *provider, int exit_code);
int (*save) (struct vpn_provider *provider, GKeyFile *keyfile);
+ int (*device_flags) (struct vpn_provider *provider);
};
int vpn_register(const char *name, struct vpn_driver *driver,
--
2.7.2
------------------------------
Message: 5
Date: Wed, 2 Mar 2016 23:31:36 +0100
From: Hendrik Donner <[email protected]>
To: [email protected]
Subject: [PATCHv3 3/5] openvpn: Add support for tap devices
Message-ID: <[email protected]>
Implement support for the OpenVPN.DeviceType configuration option by
implementing the device flags function and configuring OpenVPN properly.
---
vpn/plugins/openvpn.c | 33 ++++++++++++++++++++++++++++++++-
1 file changed, 32 insertions(+), 1 deletion(-)
diff --git a/vpn/plugins/openvpn.c b/vpn/plugins/openvpn.c
index 9ee5795..75bdcd4 100644
--- a/vpn/plugins/openvpn.c
+++ b/vpn/plugins/openvpn.c
@@ -29,6 +29,7 @@
#include <unistd.h>
#include <stdio.h>
#include <net/if.h>
+#include <linux/if_tun.h>
#include <glib.h>
@@ -71,6 +72,7 @@ struct {
{ "OpenVPN.CompLZO", "--comp-lzo", 0 },
{ "OpenVPN.RemoteCertTls", "--remote-cert-tls", 1 },
{ "OpenVPN.ConfigFile", "--config", 1 },
+ { "OpenVPN.DeviceType", NULL, 1 },
};
struct nameserver_entry {
@@ -362,7 +364,15 @@ static int ov_connect(struct vpn_provider *provider,
connman_task_get_path(task));
connman_task_add_argument(task, "--dev", if_name);
- connman_task_add_argument(task, "--dev-type", "tun");
+ option = vpn_provider_get_string(provider, "OpenVPN.DeviceType");
+ if (option) {
+ connman_task_add_argument(task, "--dev-type", option);
+ } else {
+ /*
+ * Default to tun for backwards compatibility.
+ */
+ connman_task_add_argument(task, "--dev-type", "tun");
+ }
connman_task_add_argument(task, "--persist-tun", NULL);
@@ -395,10 +405,31 @@ done:
return err;
}
+static int ov_device_flags(struct vpn_provider *provider)
+{
+ const char *option;
+
+ option = vpn_provider_get_string(provider, "OpenVPN.DeviceType");
+ if (!option) {
+ return IFF_TUN;
+ }
+
+ if (g_str_equal(option, "tap")) {
+ return IFF_TAP;
+ }
+
+ if (!g_str_equal(option, "tun")) {
+ connman_warn("bad OpenVPN.DeviceType value, falling back to
tun");
+ }
+
+ return IFF_TUN;
+}
+
static struct vpn_driver vpn_driver = {
.notify = ov_notify,
.connect = ov_connect,
.save = ov_save,
+ .device_flags = ov_device_flags,
};
static int openvpn_init(void)
--
2.7.2
------------------------------
Message: 6
Date: Wed, 2 Mar 2016 23:31:38 +0100
From: Hendrik Donner <[email protected]>
To: [email protected]
Subject: [PATCHv3 5/5] vpnc: Add support for tap devices
Message-ID: <[email protected]>
Implement support for the VPNC.InferfaceMode configuration option by
implementing the device flags function and configuring VPNC properly.
---
Only compile tested.
vpn/plugins/vpnc.c | 40 +++++++++++++++++++++++++++++++++++-----
1 file changed, 35 insertions(+), 5 deletions(-)
diff --git a/vpn/plugins/vpnc.c b/vpn/plugins/vpnc.c
index e358d63..759ded9 100644
--- a/vpn/plugins/vpnc.c
+++ b/vpn/plugins/vpnc.c
@@ -29,6 +29,7 @@
#include <unistd.h>
#include <stdio.h>
#include <net/if.h>
+#include <linux/if_tun.h>
#include <glib.h>
@@ -287,7 +288,15 @@ static int vc_connect(struct vpn_provider *provider,
connman_task_add_argument(task, "--no-detach", NULL);
connman_task_add_argument(task, "--ifname", if_name);
- connman_task_add_argument(task, "--ifmode", "tun");
+ option = vpn_provider_get_string(provider, "VPNC.DeviceType");
+ if (option) {
+ connman_task_add_argument(task, "--ifmode", option);
+ } else {
+ /*
+ * Default to tun for backwards compatibility.
+ */
+ connman_task_add_argument(task, "--ifmode", "tun");
+ }
connman_task_add_argument(task, "--script",
SCRIPTDIR "/openconnect-script");
@@ -329,11 +338,32 @@ static int vc_error_code(struct vpn_provider *provider,
int exit_code)
}
}
+static int vc_device_flags(struct vpn_provider *provider)
+{
+ const char *option;
+
+ option = vpn_provider_get_string(provider, "VPNC.DeviceType");
+ if (!option) {
+ return IFF_TUN;
+ }
+
+ if (g_str_equal(option, "tap")) {
+ return IFF_TAP;
+ }
+
+ if (!g_str_equal(option, "tun")) {
+ connman_warn("bad VPNC.DeviceType value, falling back to tun");
+ }
+
+ return IFF_TUN;
+}
+
static struct vpn_driver vpn_driver = {
- .notify = vc_notify,
- .connect = vc_connect,
- .error_code = vc_error_code,
- .save = vc_save,
+ .notify = vc_notify,
+ .connect = vc_connect,
+ .error_code = vc_error_code,
+ .save = vc_save,
+ .device_flags = vc_device_flags,
};
static int vpnc_init(void)
--
2.7.2
------------------------------
Message: 7
Date: Wed, 2 Mar 2016 23:52:21 +0100
From: Hendrik Donner <[email protected]>
To: [email protected]
Subject: Re: [PATCHv3 5/5] vpnc: Add support for tap devices
Message-ID: <[email protected]>
Content-Type: text/plain; charset=windows-1252
Hello,
On 03/02/2016 11:31 PM, Hendrik Donner wrote:
> Implement support for the VPNC.InferfaceMode configuration option by
should now actually say VPNC.DeviceType. (Re)naming is hard...
Best regards,
Hendrik
> implementing the device flags function and configuring VPNC properly.
> ---
> Only compile tested.
>
> vpn/plugins/vpnc.c | 40 +++++++++++++++++++++++++++++++++++-----
> 1 file changed, 35 insertions(+), 5 deletions(-)
>
> diff --git a/vpn/plugins/vpnc.c b/vpn/plugins/vpnc.c
> index e358d63..759ded9 100644
> --- a/vpn/plugins/vpnc.c
> +++ b/vpn/plugins/vpnc.c
> @@ -29,6 +29,7 @@
> #include <unistd.h>
> #include <stdio.h>
> #include <net/if.h>
> +#include <linux/if_tun.h>
>
> #include <glib.h>
>
> @@ -287,7 +288,15 @@ static int vc_connect(struct vpn_provider *provider,
> connman_task_add_argument(task, "--no-detach", NULL);
>
> connman_task_add_argument(task, "--ifname", if_name);
> - connman_task_add_argument(task, "--ifmode", "tun");
> + option = vpn_provider_get_string(provider, "VPNC.DeviceType");
> + if (option) {
> + connman_task_add_argument(task, "--ifmode", option);
> + } else {
> + /*
> + * Default to tun for backwards compatibility.
> + */
> + connman_task_add_argument(task, "--ifmode", "tun");
> + }
>
> connman_task_add_argument(task, "--script",
> SCRIPTDIR "/openconnect-script");
> @@ -329,11 +338,32 @@ static int vc_error_code(struct vpn_provider *provider,
> int exit_code)
> }
> }
>
> +static int vc_device_flags(struct vpn_provider *provider)
> +{
> + const char *option;
> +
> + option = vpn_provider_get_string(provider, "VPNC.DeviceType");
> + if (!option) {
> + return IFF_TUN;
> + }
> +
> + if (g_str_equal(option, "tap")) {
> + return IFF_TAP;
> + }
> +
> + if (!g_str_equal(option, "tun")) {
> + connman_warn("bad VPNC.DeviceType value, falling back to tun");
> + }
> +
> + return IFF_TUN;
> +}
> +
> static struct vpn_driver vpn_driver = {
> - .notify = vc_notify,
> - .connect = vc_connect,
> - .error_code = vc_error_code,
> - .save = vc_save,
> + .notify = vc_notify,
> + .connect = vc_connect,
> + .error_code = vc_error_code,
> + .save = vc_save,
> + .device_flags = vc_device_flags,
> };
>
> static int vpnc_init(void)
>
------------------------------
Message: 8
Date: Wed, 2 Mar 2016 21:50:56 -0800
From: Naveen Singh <[email protected]>
To: [email protected]
Subject: Remove an additional DBUS count
Message-ID:
<cagtdzknzox+tldnsmt7zb9kjmuurm4qdcedofeiw+ub-m-3...@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
Hi Patrik
I was looking into the piece of code in gsupplicant.c (my previous
patch) where if we find that network path is not NULL, I was
unconditionally removing the network. I was thinking that we should be
removing the network only when we know that network that we are going
to add is different than what is already added. (I also remember you
had a code review comment regarding the same). Doing this will surely
avoid an additional DBUS call in case network (or SSID) is same.
I actually was thinking if we can store the SSID string when it gets
added in gsupplicant and compare it against the new SSID (the SSID for
which AddNetwork is being called). Once network is removed we clear
that SSID string.
Do you agree with this solution? I can code this up, test and send a
patch for you to review.
Let me know your thoughts on this.
Regards
Naveen
------------------------------
Message: 9
Date: Wed, 2 Mar 2016 22:23:26 -0800
From: Naveen Singh <[email protected]>
To: [email protected]
Subject: Re: Remove an additional DBUS call
Message-ID:
<CAGTDzKmx2rqaQvxgT-T8o9VJAT=jhkrmxyq0chbmnjsqovs...@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
Modifying the subject
On Wed, Mar 2, 2016 at 9:50 PM, Naveen Singh <[email protected]> wrote:
> Hi Patrik
> I was looking into the piece of code in gsupplicant.c (my previous
> patch) where if we find that network path is not NULL, I was
> unconditionally removing the network. I was thinking that we should be
> removing the network only when we know that network that we are going
> to add is different than what is already added. (I also remember you
> had a code review comment regarding the same). Doing this will surely
> avoid an additional DBUS call in case network (or SSID) is same.
>
> I actually was thinking if we can store the SSID string when it gets
> added in gsupplicant and compare it against the new SSID (the SSID for
> which AddNetwork is being called). Once network is removed we clear
> that SSID string.
>
> Do you agree with this solution? I can code this up, test and send a
> patch for you to review.
>
> Let me know your thoughts on this.
>
> Regards
> Naveen
------------------------------
Subject: Digest Footer
_______________________________________________
connman mailing list
[email protected]
https://lists.01.org/mailman/listinfo/connman
------------------------------
End of connman Digest, Vol 5, Issue 3
*************************************
