Send connman mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.01.org/mailman/listinfo/connman
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of connman digest..."
Today's Topics:
1. Re: connman-vpnd does not reconnect after resume (Patrik Flykt)
2. [PATCH 1/3] [Pacrunner]: Domains are looked up to match the
host. (Atul Anand)
3. [PATCH 2/3] [Pacrunner]: unit: new test proxy_domain added.
(Atul Anand)
4. [PATCH 3/3] [Pacrunner]: Docs: edited to point out the usage
of Domains. (Atul Anand)
5. R: R: [RFC] Wi-Fi Protected Setup (WPS) connection
(MANIEZZO Marco (MM))
----------------------------------------------------------------------
Message: 1
Date: Thu, 16 Jun 2016 11:53:17 +0300
From: Patrik Flykt <[email protected]>
To: Vasiliy Tolstov <[email protected]>
Cc: connman <[email protected]>, Daniel Wagner <[email protected]>
Subject: Re: connman-vpnd does not reconnect after resume
Message-ID: <[email protected]>
Content-Type: text/plain; charset="UTF-8"
On Wed, 2016-06-15 at 14:25 +0300, Vasiliy Tolstov wrote:
> 2016-06-10 12:07 GMT+03:00 Patrik Flykt <[email protected]
> >:
> > Due to unknown reasons this can happen, and I have seen it
> > sometimes in
> > the past with openconnect. Does a reconnect solve your problem in
> > all
> > cases? If yes, there is something going on between the VPN daemon
> > and
> > connman-vpnd that doesn't properly work or convey the state(s) the
> > VPN
> > daemon is in. Which needs more investigation, of course.
>
>
> Does i need to provide more info to fix this issue?
Yes. Unfortunately I'm not sure what so it'll take additional time to
figure out. Full logs from connman-vpnd -d and also the full logs from
the VPN daemon in question will shed some light on the issue. Then
let's hope there is someone with enough time to go through the logs and
do the necessary head scratching on this mailing list...
Cheers,
Patrik
------------------------------
Message: 2
Date: Thu, 16 Jun 2016 16:45:53 +0530
From: Atul Anand <[email protected]>
To: [email protected]
Cc: [email protected], Atul Anand <[email protected]>
Subject: [PATCH 1/3] [Pacrunner]: Domains are looked up to match the
host.
Message-ID: <[email protected]>
Pacrunner now scan stored domains to match the host of URL.
In this way the most appropriate proxy config is selected to
answer the proxy query.
---
src/manager.c | 7 +-
src/pacrunner.h | 2 +
src/proxy.c | 214 +++++++++++++++++++++++++++++++++++++++++++++++++++++---
3 files changed, 211 insertions(+), 12 deletions(-)
diff --git a/src/manager.c b/src/manager.c
index 1676466..5a8b4fd 100644
--- a/src/manager.c
+++ b/src/manager.c
@@ -35,7 +35,6 @@ struct proxy_config {
DBusConnection *conn;
guint watch;
- char **domains;
char **nameservers;
struct pacrunner_proxy *proxy;
@@ -58,7 +57,6 @@ static void destroy_config(gpointer data)
if (config->watch > 0)
g_dbus_remove_watch(config->conn, config->watch);
- g_strfreev(config->domains);
g_strfreev(config->nameservers);
g_free(config->sender);
@@ -224,12 +222,13 @@ static DBusMessage *create_proxy_config(DBusConnection
*conn,
goto done;
}
- config->domains = domains;
config->nameservers = nameservers;
- domains = NULL;
nameservers = NULL;
+ if (pacrunner_proxy_set_domains(config->proxy, domains) < 0)
+ pacrunner_error("Failed to set proxy domains");
+
if (g_str_equal(method, "direct")) {
if (pacrunner_proxy_set_direct(config->proxy) < 0)
pacrunner_error("Failed to set direct proxy");
diff --git a/src/pacrunner.h b/src/pacrunner.h
index 6731d7c..db534cf 100644
--- a/src/pacrunner.h
+++ b/src/pacrunner.h
@@ -63,6 +63,8 @@ void pacrunner_proxy_unref(struct pacrunner_proxy *proxy);
const char *pacrunner_proxy_get_interface(struct pacrunner_proxy *proxy);
const char *pacrunner_proxy_get_script(struct pacrunner_proxy *proxy);
+int pacrunner_proxy_set_domains(struct pacrunner_proxy *proxy,
+ char **domains);
int pacrunner_proxy_set_direct(struct pacrunner_proxy *proxy);
int pacrunner_proxy_set_manual(struct pacrunner_proxy *proxy,
char **servers, char **excludes);
diff --git a/src/proxy.c b/src/proxy.c
index 8bb03af..2ebc75d 100644
--- a/src/proxy.c
+++ b/src/proxy.c
@@ -23,6 +23,9 @@
#include <config.h>
#endif
+#include <string.h>
+#include <stdlib.h>
+#include <arpa/inet.h>
#include <errno.h>
#include <pthread.h>
@@ -37,6 +40,17 @@ struct pacrunner_proxy {
char *script;
GList **servers;
GList **excludes;
+ GList *domains;
+};
+
+struct proxy_domain {
+ char *domain;
+ int proto;
+ union {
+ struct in_addr ip4;
+ struct in6_addr ip6;
+ } addr;
+ int mask;
};
static GList *proxy_list = NULL;
@@ -77,6 +91,15 @@ struct pacrunner_proxy *pacrunner_proxy_ref(struct
pacrunner_proxy *proxy)
return proxy;
}
+static void proxy_domain_destroy(gpointer data)
+{
+ struct proxy_domain *domain = data;
+ g_return_if_fail(domain != NULL);
+
+ g_free(domain->domain);
+ g_free(domain);
+}
+
static void reset_proxy(struct pacrunner_proxy *proxy)
{
DBG("proxy %p", proxy);
@@ -92,6 +115,10 @@ static void reset_proxy(struct pacrunner_proxy *proxy)
__pacrunner_manual_destroy_excludes(proxy->excludes);
proxy->excludes = NULL;
+
+ if (proxy->domains)
+ g_list_free_full(proxy->domains, proxy_domain_destroy);
+ proxy->domains = NULL;
}
void pacrunner_proxy_unref(struct pacrunner_proxy *proxy)
@@ -130,6 +157,76 @@ const char *pacrunner_proxy_get_script(struct
pacrunner_proxy *proxy)
return proxy->script;
}
+int pacrunner_proxy_set_domains(struct pacrunner_proxy *proxy, char **domains)
+{
+ int len;
+ char *slash, **domain;
+ char ip[INET6_ADDRSTRLEN + 1];
+
+ DBG("proxy %p domains %p", proxy, domains);
+
+ if (!proxy)
+ return -EINVAL;
+
+ if (!domains)
+ return -EINVAL;
+
+ for (domain = domains; *domain; domain++) {
+ struct proxy_domain *data;
+
+ data = g_malloc0(sizeof(struct proxy_domain));
+
+ slash = strchr(*domain, '/');
+ if (!slash) {
+ data->domain = g_strdup(*domain);
+ data->proto = 0;
+
+ proxy->domains = g_list_append(proxy->domains, data);
+ continue;
+ }
+
+ len = slash - *domain;
+ if (len > INET6_ADDRSTRLEN) {
+ g_free(data);
+ continue;
+ }
+
+ strncpy(ip, *domain, len);
+ ip[len] = '\0';
+
+ if (inet_pton(AF_INET, ip, &(data->addr.ip4)) == 1) {
+ data->domain = NULL;
+ data->proto = 4;
+
+ errno = 0;
+ data->mask = strtol(slash + 1, NULL, 10);
+ if (errno || data->mask < 0 || data->mask > 32) {
+ g_free(data);
+ continue;
+ }
+
+ proxy->domains = g_list_append(proxy->domains, data);
+ } else if (inet_pton(AF_INET6, ip, &(data->addr.ip6)) == 1) {
+ data->domain = NULL;
+ data->proto = 6;
+
+ errno = 0;
+ data->mask = strtol(slash + 1, NULL, 10);
+ if (errno || data->mask < 0 || data->mask > 128) {
+ g_free(data);
+ continue;
+ }
+
+ proxy->domains = g_list_append(proxy->domains, data);
+ } else {
+ g_free(data);
+ continue;
+ }
+ }
+
+ return 0;
+}
+
static int set_method(struct pacrunner_proxy *proxy,
enum pacrunner_proxy_method method)
{
@@ -324,10 +421,61 @@ int pacrunner_proxy_disable(struct pacrunner_proxy *proxy)
return 0;
}
+static int compare_legacy_ip_in_net(struct in_addr *host,
+ struct proxy_domain *match)
+{
+ if (ntohl(host->s_addr ^ match->addr.ip4.s_addr) >> (32 - match->mask))
+ return -1;
+
+ return 0;
+}
+
+static int compare_ipv6_in_net(struct in6_addr *host,
+ struct proxy_domain *match)
+{
+ int i, shift;
+
+ for (i = 0; i < (match->mask)/8; i++) {
+ if (host->s6_addr[i] != match->addr.ip6.s6_addr[i])
+ return -1;
+ }
+
+ if ((match->mask) % 8) {
+ /**
+ * If mask bits are not multiple of 8 , 1-7 bits are left
+ * to be compared.
+ */
+ shift = 8 - (match->mask - (i*8));
+
+ if ((host->s6_addr[i] >> shift) !=
+ (match->addr.ip6.s6_addr[i] >> shift))
+ return -1;
+ }
+
+ return 0;
+}
+
+static int compare_host_in_domain(const char *host, struct proxy_domain *match)
+{
+ size_t hlen = strlen(host);
+ size_t dlen = strlen(match->domain);
+
+ if ((hlen >= dlen) && (strcmp(host + (hlen - dlen),
+ match->domain) == 0)) {
+ if (hlen == dlen || host[hlen - dlen - 1] == '.')
+ return 0;
+ }
+
+ return -1;
+}
+
char *pacrunner_proxy_lookup(const char *url, const char *host)
{
- GList *list;
- struct pacrunner_proxy *selected_proxy = NULL;
+ GList *l, *list;
+ struct in_addr ip4_addr;
+ struct in6_addr ip6_addr;
+ struct pacrunner_proxy *selected_proxy = NULL, *default_proxy = NULL;
+ int protocol = 0;
DBG("url %s host %s", url, host);
@@ -340,17 +488,67 @@ char *pacrunner_proxy_lookup(const char *url, const char
*host)
return NULL;
}
+ if (inet_pton(AF_INET, host, &ip4_addr) == 1) {
+ protocol = 4;
+ } else if (inet_pton(AF_INET6, host, &ip6_addr) == 1) {
+ protocol = 6;
+ } else if (host[0] == '[') {
+ char ip[INET6_ADDRSTRLEN + 1];
+ int len = strlen(host);
+
+ if (len < INET6_ADDRSTRLEN + 2 && host[len - 1] == ']') {
+ strncpy(ip, host + 1, len - 2);
+ ip[len - 2] = '\0';
+
+ if (inet_pton(AF_INET6, ip, &ip6_addr) == 1)
+ protocol = 6;
+ }
+ }
+
for (list = g_list_first(proxy_list); list; list = g_list_next(list)) {
struct pacrunner_proxy *proxy = list->data;
- if (proxy->method == PACRUNNER_PROXY_METHOD_MANUAL ||
- proxy->method == PACRUNNER_PROXY_METHOD_AUTO) {
- selected_proxy = proxy;
- break;
- } else if (proxy->method == PACRUNNER_PROXY_METHOD_DIRECT)
- selected_proxy = proxy;
+ if (!proxy->domains) {
+ if (!default_proxy)
+ default_proxy = proxy;
+ continue;
+ }
+
+ for (l = g_list_first(proxy->domains); l; l = g_list_next(l)) {
+ struct proxy_domain *data = l->data;
+
+ if (data->proto != protocol)
+ continue;
+
+ switch (protocol) {
+ case 4:
+ if (compare_legacy_ip_in_net(&ip4_addr,
+ data) == 0) {
+ selected_proxy = proxy;
+ goto found;
+ }
+ break;
+ case 6:
+ if (compare_ipv6_in_net(&ip6_addr,
+ data) == 0) {
+ selected_proxy = proxy;
+ goto found;
+ }
+ break;
+ default:
+ if (compare_host_in_domain(host, data) == 0) {
+ selected_proxy = proxy;
+ goto found;
+ }
+ break;
+ }
+ }
}
+ if (!selected_proxy)
+ selected_proxy = default_proxy;
+
+found:
pthread_mutex_unlock(&proxy_mutex);
if (!selected_proxy)
--
2.5.5
------------------------------
Message: 3
Date: Thu, 16 Jun 2016 16:45:54 +0530
From: Atul Anand <[email protected]>
To: [email protected]
Cc: [email protected], Atul Anand <[email protected]>
Subject: [PATCH 2/3] [Pacrunner]: unit: new test proxy_domain added.
Message-ID: <[email protected]>
Content-Type: text/plain; charset=UTF-8
A new test proxy_domain.test has been added which tests all
conditions to see whether Pacrunner answer correctly using Domains.
---
unit/suite/manual_basic.test | 2 +
unit/suite/manual_exclude.test | 2 +
unit/suite/pac_basic.test | 2 +
unit/suite/pac_direct.test | 2 +
unit/suite/proxy_domain.test | 37 ++++++++++++++++++
unit/suite/stub.test | 3 ++
unit/test-pacrunner.c | 86 ++++++++++++++++++++++++++++++++++++++++--
7 files changed, 130 insertions(+), 4 deletions(-)
create mode 100644 unit/suite/proxy_domain.test
diff --git a/unit/suite/manual_basic.test b/unit/suite/manual_basic.test
index a5ec3a1..4406d9c 100644
--- a/unit/suite/manual_basic.test
+++ b/unit/suite/manual_basic.test
@@ -10,6 +10,8 @@ socks4://sockproxy.internal.com
[excludes]
+[domains]
+
[config]
VALID
diff --git a/unit/suite/manual_exclude.test b/unit/suite/manual_exclude.test
index c155743..211ae16 100644
--- a/unit/suite/manual_exclude.test
+++ b/unit/suite/manual_exclude.test
@@ -15,6 +15,8 @@ ftp://
*net
tri*
+[domains]
+
[config]
VALID
diff --git a/unit/suite/pac_basic.test b/unit/suite/pac_basic.test
index 58af200..c63757e 100644
--- a/unit/suite/pac_basic.test
+++ b/unit/suite/pac_basic.test
@@ -17,6 +17,8 @@ function FindProxyForURL(url, host)
[excludes]
+[domains]
+
[config]
VALID
diff --git a/unit/suite/pac_direct.test b/unit/suite/pac_direct.test
index 3164872..b820abc 100644
--- a/unit/suite/pac_direct.test
+++ b/unit/suite/pac_direct.test
@@ -11,6 +11,8 @@ function FindProxyForURL(url, host)
[excludes]
+[domains]
+
[config]
VALID
diff --git a/unit/suite/proxy_domain.test b/unit/suite/proxy_domain.test
new file mode 100644
index 0000000..8c2c5e4
--- /dev/null
+++ b/unit/suite/proxy_domain.test
@@ -0,0 +1,37 @@
+[title]
+Proxy Domain lookup
+
+[pac]
+
+[servers]
+http://proxy.suite.com
+
+[excludes]
+
+[domains]
+suite.com
+test.suite.com
+172.132.231.6/24
+
+[config]
+VALID
+
+[tests]
+http://foo.suite.com foo.suite.com
+PROXY proxy.suite.com
+http://172.132.231.101/search=?true 172.132.231.101
+PROXY proxy.suite.com
+http://111.121.131.141/page1 111.121.131.141
+DIRECT
+http://notintel.com notintel.com
+DIRECT
+http://intel.com intel.com
+PROXY proxy2.com; PROXY secproxy2.com
+https://bar.domain2.com bar.domain2.com
+PROXY secproxy2.com; PROXY proxy2.com
+http://192.168.4.4/index.html 192.168.4.4
+PROXY proxy2.com; PROXY secproxy2.com
+socks4://baz.domain3.com/xyz baz.domain3.com
+SOCKS4 sockproxy3.com; PROXY proxy3.com
+http://[fe80:96db:12ce::43ef]/ip6.mp4 [fe80:96db:12ce::43ef]
+PROXY proxy3.com; SOCKS4 sockproxy3.com
diff --git a/unit/suite/stub.test b/unit/suite/stub.test
index 12a0426..cde0aeb 100644
--- a/unit/suite/stub.test
+++ b/unit/suite/stub.test
@@ -11,6 +11,9 @@ Stub suite file
[excludes]
#?If so, optional exlusion rules can be written here
+[domains]
+# List of domains are here
+
[config]
#?Result of the configuration: VALID or INVALID
diff --git a/unit/test-pacrunner.c b/unit/test-pacrunner.c
index f234a35..0c4ac69 100644
--- a/unit/test-pacrunner.c
+++ b/unit/test-pacrunner.c
@@ -42,9 +42,10 @@ enum test_suite_part {
SUITE_PAC = 1,
SUITE_SERVERS = 2,
SUITE_EXCLUDES = 3,
- SUITE_CONFIG = 4,
- SUITE_TESTS = 5,
- SUITE_NOTHING = 6,
+ SUITE_DOMAINS = 4,
+ SUITE_CONFIG = 5,
+ SUITE_TESTS = 6,
+ SUITE_NOTHING = 7,
};
enum cu_test_mode {
@@ -58,6 +59,7 @@ struct pacrunner_test_suite {
gchar *pac;
gchar **servers;
gchar **excludes;
+ gchar **domains;
bool config_result;
@@ -67,7 +69,7 @@ struct pacrunner_test_suite {
static struct pacrunner_test_suite *test_suite;
static bool verbose = false;
-static struct pacrunner_proxy *proxy;
+static struct pacrunner_proxy *proxy, *proxy2 = NULL, *proxy3 = NULL;
static bool test_config;
static void free_pacrunner_test_suite(struct pacrunner_test_suite *suite)
@@ -79,6 +81,7 @@ static void free_pacrunner_test_suite(struct
pacrunner_test_suite *suite)
g_free(suite->pac);
g_strfreev(suite->servers);
g_strfreev(suite->excludes);
+ g_strfreev(suite->domains);
g_strfreev(suite->tests);
g_free(suite);
@@ -142,6 +145,13 @@ static void print_test_suite(struct pacrunner_test_suite
*suite)
} else
printf("(none)\n");
+ printf("\nDomains:\n");
+ if (suite->domains) {
+ for (line = suite->domains; *line; line++)
+ printf("%s\n", *line);
+ } else
+ printf("(none)\n");
+
printf("\nConfig result: %s\n",
suite->config_result ? "Valid" : "Invalid");
@@ -240,6 +250,15 @@ static struct pacrunner_test_suite *read_test_suite(const
char *path)
suite->excludes = array;
break;
+ case SUITE_DOMAINS:
+ array = _g_strappendv(suite->domains, *line);
+ if (!array)
+ goto error;
+
+ g_free(suite->domains);
+ suite->domains = array;
+
+ break;
case SUITE_CONFIG:
if (strncmp(*line, "VALID", 5) == 0)
suite->config_result = true;
@@ -272,6 +291,8 @@ static struct pacrunner_test_suite *read_test_suite(const
char *path)
part = SUITE_SERVERS;
else if (strncmp(*line, "[excludes]", 10) == 0)
part = SUITE_EXCLUDES;
+ else if (strncmp(*line, "[domains]", 9) == 0)
+ part = SUITE_DOMAINS;
else if (strncmp(*line, "[config]", 8) == 0)
part = SUITE_CONFIG;
else if (strncmp(*line, "[tests]", 7) == 0)
@@ -338,6 +359,54 @@ static void test_manual_config(void)
CU_ASSERT_TRUE(test_suite->config_result == test_config);
}
+static void test_proxy_domain(void)
+{
+ int val = 0;
+
+ if (pacrunner_proxy_set_domains(proxy, test_suite->domains) != 0)
+ val = -1;
+
+ proxy2 = pacrunner_proxy_create("eth1");
+ if (proxy2) {
+ char *servers[] = {
+ "http://proxy2.com";,
+ "https://secproxy2.com";,
+ NULL};
+ char *domains[] = {
+ "intel.com",
+ "domain2.com",
+ "192.168.4.0/16",
+ NULL};
+
+ if (pacrunner_proxy_set_manual(proxy2, servers, NULL) != 0)
+ val = -1;
+
+ if (pacrunner_proxy_set_domains(proxy2, domains) != 0)
+ val = -1;
+ }
+
+ proxy3 = pacrunner_proxy_create("wl0");
+ if (proxy3) {
+ char *servers[] = {
+ "http://proxy3.com";,
+ "socks4://sockproxy3.com",
+ NULL};
+ char *domains[] = {
+ "redhat.com",
+ "domain3.com",
+ "fe80:96db::/32",
+ NULL};
+
+ if (pacrunner_proxy_set_manual(proxy3, servers, NULL) != 0)
+ val = -1;
+
+ if (pacrunner_proxy_set_domains(proxy3, domains) != 0)
+ val = -1;
+ }
+
+ CU_ASSERT_TRUE(val == 0);
+}
+
static void test_proxy_requests(void)
{
gchar **test_strings;
@@ -430,12 +499,21 @@ static void run_test_suite(const char *test_file_path,
enum cu_test_mode mode)
CU_add_test(cu_suite, "Manual config test",
test_manual_config);
+ if (test_suite->domains)
+ CU_add_test(cu_suite, "Proxy domain test",
+ test_proxy_domain);
+
if (test_suite->config_result && test_suite->tests)
CU_add_test(cu_suite, "Proxy requests test",
test_proxy_requests);
test_config = false;
+ if (test_suite->domains) {
+ pacrunner_proxy_unref(proxy2);
+ pacrunner_proxy_unref(proxy3);
+ }
+
switch (mode) {
case CU_MODE_BASIC:
CU_basic_set_mode(CU_BRM_VERBOSE);
--
2.5.5
------------------------------
Message: 4
Date: Thu, 16 Jun 2016 16:45:55 +0530
From: Atul Anand <[email protected]>
To: [email protected]
Cc: [email protected], Atul Anand <[email protected]>
Subject: [PATCH 3/3] [Pacrunner]: Docs: edited to point out the usage
of Domains.
Message-ID: <[email protected]>
manager-api.txt has been edited to highlight the proper usage of
Domains key which explains that IP ranges can also be added to it
in CIDR form.
---
doc/manager-api.txt | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/doc/manager-api.txt b/doc/manager-api.txt
index ab2f6b9..9e6209d 100644
--- a/doc/manager-api.txt
+++ b/doc/manager-api.txt
@@ -62,7 +62,10 @@ Methods object CreateProxyConfiguration(dict
settings)
array{string} Domains [optional]
- Domain names for which the URL is valid.
+ Domain names and IP range for which this proxy
+ configuration shall be valid. IP range should
+ be in CIDR format. eg:"192.168.1.0/12" for IPv4
+ and similarly for IPv6.
array{string} Nameservers [optional]
--
2.5.5
------------------------------
Message: 5
Date: Thu, 16 Jun 2016 12:24:19 +0000
From: "MANIEZZO Marco (MM)" <[email protected]>
To: Patrik Flykt <[email protected]>, Tomasz Bursztyka
<[email protected]>, "[email protected]"
<[email protected]>
Cc: "Blanquicet-Melendez Jose (MM)"
<[email protected]>
Subject: R: R: [RFC] Wi-Fi Protected Setup (WPS) connection
Message-ID: <[email protected]>
Content-Type: text/plain; charset="utf-8"
Hello Patrik, Tomasz,
Thank you for your feedback. Then the proposal could be:
void Start_STA_WPS(string authentication)
void CancelWPS(void)
void Start_AP_WPS(string authentication)
I removed all parameters except authentication, assuming that connman will
operate in this way:
- when starting connman is informed by the wpa_supplicant of the
interfaces that support P2P => these will be always the last to be considered
when Start_STA_WPS or Start_AP_WPS are called, in case there is a failure (or
WPS not supported) on the other interfaces (STA and AP)
- if the system has multiple interfaces connman will try WPS STA on
STA one for first and not P2P one (that normally also supports STA), and the
same for WPS AP that will be tried on the tethering one, not STA or P2P. that
is very probably what the user wants.
- If there is only one WiFi interface supporting multiple roles (STA,
AP, P2P)
a. Start_STA_WPS
i. If
connected STA: disconnect and then start a WPS STA session
ii. If
connected P2P: disconnect and then start a WPS STA session
iii. If
tethering enabled: disable tethering and start WPS STA session
b. Start_AP_WPS
i. Similar
algorithm of above but for AP
- Authenthication: Empty means PBC, a value means PIN number. This
also means that for enrollee role the UI must generate a valid PIN and provide
it to both connman and to the user so he can enter it in the AP.
- Roles: for STA it is enrollee for AP it is registrar; as requested
it can be extended to support other combination of roles in main.conf
What do you think?
Thanks,
Marco
-----Messaggio originale-----
Da: Patrik Flykt [mailto:[email protected]]
Inviato: venerd? 10 giugno 2016 13:54
A: Tomasz Bursztyka; MANIEZZO Marco (MM); [email protected]
Cc: Blanquicet-Melendez Jose (MM)
Oggetto: Re: R: [RFC] Wi-Fi Protected Setup (WPS) connection
Hi Marco,
On Thu, 2016-06-09 at 16:07 +0200, Tomasz Bursztyka wrote:
> Hi Marco,
>
> > Thank you very much for your feedback. For this proposal we based on
> > this assumption: we are talking about DBUS interfaces, these are not
> > directly the interface the end user will need to understand, in
> > between there must be and application for shell/graphical UI => here
> > the developer may not be a WiFi expert, so we put all the parameters
> > of StartWPS and CancelWPS optional (except authentication), and
> > connman will try to figure out an automatic behavior => this already
> > goes in the direction you proposed
> >
> > On the other hand the automatic behavior may not suit all cases and
> > an expert developer may know how to manage several WiFi interfaces
> > (in our case three, STA, P2P and AP) => in this case the optional
> > parameters can come in handy.
> >
> > ?Ifname" : optional, meaning it can be empty, but with it we don?t
> > need other methods when the UI needs to choose between STA-WPS or
> > AP-WPS, or there is a P2P interface that can be used also as an
> > alternative STA or AP with WPS
>
> Still, ConnMan never uses ifnames as an entry point for a decision.
> Actually, the only place where you will see an interface name is in
> the description of a Service entry (Ethernet dict attribute).
> This is enforced, you can't change that rule :) we don't want users or
> UI code to mess up with interfaces directly.
>
> Make it work for 1 device first.
> For P2P, you could use an alternate method called "Pair()" maybe. The
> role is decided during pairing anyway (if I remember well? this is so
> far away...).
>
> Let's see how to solve that for 2+ device later.
> (devices could be ordered by their support: the device which supports
> more technologies would be the first, etc...
> ConnMan would loop on them, each time StartWPS() - or Pair if
> supported - failed. Just a quick idea.)
I suppose this will be used after setting 'Tethering' true for a technology. I
think ConnMan can pick up a/the tethering WiFi device which supports WPS once
WPS is requested. Then no ifname is needed.
The P2P and STA only interfaces should be identifiable, there exists code that
does try to figure out AP support when tethering (see e.g.
452fa8db3eb7e88fe93c93569f21884697f2d2c6 and where it ended up after
db79090b895f23544d54abbf230efadbae9ec13b).
> > "Type" and "Pin" you are proposing to have only one parameter
> > ?authentication? but when the device with connman is enrollee it
> > must show a PIN to the user, not receive one: then we need to have
> > two parameters (Type, PIN)
>
> We never supported the registrar side on current WPS support in
> ConnMan (as far as I remember at least).
> So if the Agent is requesting about WPS, up to the UI to provide a PIN
> the user would use if user wants to use PIN method.
For the AP case an empty PIN should once again mean "pushbutton", while a PIN
with a value is, well, a pin.
> > like we propose, or if you prefer only one (Authentication) it must
> > be parsed in the following way:
> > - A string like ?PIN? which means the connman must provide
> > a PIN to the GUI so that the user can enter it in the other device
> > (normally the AP)
> > - A string containing a number like ?12345678? which means
> > this is the PIN to be used
> > - Empty: means use PBC
The pin needs to be set beforehand, there are no Agent method calls to be done
for this. And after setting a pin that same entity can call StartWPS to get the
procedure into a running state.
> > ?role? ? optional, meaning it can be empty, but while for the STA I
> > agree with you it mostly is an enrollee, the AP is a more
> > complicated system; why not offer the possibility to the developer
> > to choose the role if he wants (or if he needs)?
>
> AP mode in ConnMan is a very simplistic one. Actually, wpa_s does not
> provide much feature there as well (compared to hostapd).
> You could stick with registrar and that's it.
>
> If you want to differentiate, you could add a configuration entry in
> main.conf (like APWPSMode=<registrar/enrollee> ? registrar would be
> default)
> Less stuff to expose through DBus at least. I would be surprised
> people really care about such option anyway.
Setting the precise role seems to be unnecessary for now. It can be added once
there is evidence that it won't work without. I'm not sure anybody can master
more than a pin and calling start and stop here :-)
> Hope it clarifies things.
I hope my comments do so too.
Cheers,
Patrik
________________________________
VISITA IL NOSTRO NUOVO SITO WEB! - VISIT OUR NEW WEB SITE!
www.magnetimarelli.com
Confidential Notice: This message - including its attachments - may contain
proprietary, confidential and/or legally protected information and is intended
solely for the use of the designated addressee(s) above. If you are not the
intended recipient be aware that any downloading, copying, disclosure,
distribution or use of the contents of the above information is strictly
prohibited.
If you have received this communication by mistake, please forward the message
back to the sender at the email address above, delete the message from all
mailboxes and any other electronic storage medium and destroy all copies.
Disclaimer Notice: Internet communications cannot be guaranteed to be safe or
error-free. Therefore we do not assure that this message is complete or
accurate and we do not accept liability for any errors or omissions in the
contents of this message.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.01.org/pipermail/connman/attachments/20160616/71fc3e25/attachment.html>
------------------------------
Subject: Digest Footer
_______________________________________________
connman mailing list
[email protected]
https://lists.01.org/mailman/listinfo/connman
------------------------------
End of connman Digest, Vol 8, Issue 20
**************************************
