Send connman mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.01.org/mailman/listinfo/connman
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of connman digest..."
Today's Topics:
1. Re: [PATCH] Adds support for additional wpa_supplicant
options (Daniel Wagner)
2. RE: Issue in setting nameserver and default route
(Priyaranjan Singh)
3. [PATCH] Adds support for additional wpa_supplicant options
(Bernhard Lichtinger)
4. RE: [PATCH 1/2] dhcpv6: Return -EISCONN when the expiry time
is inifinite (Blanquicet-Melendez Jose (MM))
----------------------------------------------------------------------
Message: 1
Date: Thu, 1 Dec 2016 21:00:26 +0100
From: Daniel Wagner <[email protected]>
To: "Lichtinger, Bernhard" <[email protected]>
Cc: "[email protected]" <[email protected]>,
"[email protected]" <[email protected]>
Subject: Re: [PATCH] Adds support for additional wpa_supplicant
options
Message-ID: <[email protected]>
Content-Type: text/plain; charset=windows-1252; format=flowed
Hi Bernhard,
On 12/01/2016 03:52 PM, Lichtinger, Bernhard wrote:
> Hi Daniel,
>
>> Sorry for the delay. This patch fell through the cracks. I saw your question
>> on IRC. It was before I setup my patchwork [1] for tracking the state of
>> patches.
>
> It's no problem.
>
>
>> From what I can tell, this shouldn't be a problem at all. Can you just
>> rebase your patch and sent it again?
>
> I think I managed to rebase my patch:
I can't really extract it. It seems to be 'reformated'. I was not able
to get it recovered. Can you resend it with git send-email?
Thanks,
Daniel
------------------------------
Message: 2
Date: Fri, 2 Dec 2016 09:21:29 +0000
From: Priyaranjan Singh <[email protected]>
To: "[email protected]" <[email protected]>
Subject: RE: Issue in setting nameserver and default route
Message-ID:
<bm1pr01mb043533b6b871022af280ede98d...@bm1pr01mb0435.indprd01.prod.outlook.com>
Content-Type: text/plain; charset="us-ascii"
Hello,
We have got Telephony device connected to usb0 interface with my Linux embedded
system. This Telephony device doesn't have DHCP Server.
Using connman API, we are setting static route and nameserver information.
With the logs we can very well verify that connman accepted this new values but
reverting this value soon.
Note: Telephony device has been given highest priority in the connman service
order list. Also using log I cannot see service order changing is happening.
Basic steps: My application is setting below properties. Listening for the
change from connman. In case connman is reverting this change, application is
setting back to static values.
For "nameserver" we are setting " Nameservers.Configuration" property
For "route" we are setting " IPv4.Configuration" property (Method, Address,
Netmask, Gateway)
Result:
1) When application is setting "nameserver", for entire lifecycle connman is
clearing the value and My application is setting it back. This is going in loop.
-If application is writing static nameserver to "resolv.conf" file directly. We
are not observing any issues.
- What will be side effect in case application is directly writing to
resolv.conf
2) When application is reading " IPv4" property, if "method" is not "manual"
then setting " IPv4.Configuration". Application is checking this on
SERVICESCHANGED and PROPERTYCHANGED signal from connman
-usb0 interface is getting added and removed by connman continuously ==>
connman Log " usb0 {add} route" & " usb0 {del} route" is continuously coming
- This is causing state change to "configuration" -> "idle" ->
"ready"
Do you know reason for this issue? Are we consuming connman APIs in wrong way?
Thanks in advance.
Best Regards,
PriyaranjanS
This message contains information that may be privileged or confidential and is
the property of the KPIT Technologies Ltd. It is intended only for the person
to whom it is addressed. If you are not the intended recipient, you are not
authorized to read, print, retain copy, disseminate, distribute, or use this
message or any part thereof. If you receive this message in error, please
notify the sender immediately and delete all copies of this message. KPIT
Technologies Ltd. does not accept any liability for virus infected mails.
------------------------------
Message: 3
Date: Fri, 2 Dec 2016 10:22:12 +0100
From: Bernhard Lichtinger <[email protected]>
To: [email protected]
Subject: [PATCH] Adds support for additional wpa_supplicant options
Message-ID: <[email protected]>
subject_match, altsubject_match, domain_suffix_match,
domain_match
they are used for 802.1X aka. enterprise-wpa to check
the authentication server's certificate in order to
prevent MITM attacks using a valid certificate issued
by the same root-CA as configured by CACertFile.
More details at
https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf
---
doc/config-format.txt | 9 ++++
gsupplicant/gsupplicant.h | 4 ++
gsupplicant/supplicant.c | 20 +++++++++
plugins/wifi.c | 12 ++++++
src/config.c | 60 ++++++++++++++++++++++++++
src/connman.h | 8 ++++
src/network.c | 28 ++++++++++++
src/service.c | 108 ++++++++++++++++++++++++++++++++++++++++++++++
8 files changed, 249 insertions(+)
diff --git a/doc/config-format.txt b/doc/config-format.txt
index eae51e0..ed3123a 100644
--- a/doc/config-format.txt
+++ b/doc/config-format.txt
@@ -84,6 +84,15 @@ The following options are valid if Type is "wifi"
to fsid.
- Identity: Identity string for EAP.
- AnonymousIdentity: Anonymous Identity string for EAP.
+- SubjectMatch: Substring to be matched against the subject of the
+ authentication server certificate for EAP.
+- AltSubjectMatch: Semicolon separated string of entries to be matched against
+ the alternative subject name of the authentication server certificate for
EAP.
+- DomainSuffixMatch: Constraint for server domain name. If set, this FQDN is
+ used as a suffix match requirement for the authentication server certificate
+ for EAP.
+- DomainMatch: This FQDN is used as a full match requirement for the
+ authentication server certificate for EAP.
- Phase2: Phase2 (inner authentication with TLS tunnel) authentication method.
Prefix the value with "EAP-" to indicate the usage of an EAP-based inner
authentication method (should only be used with EAP = TTLS).
diff --git a/gsupplicant/gsupplicant.h b/gsupplicant/gsupplicant.h
index 26fd2ca..678cf8b 100644
--- a/gsupplicant/gsupplicant.h
+++ b/gsupplicant/gsupplicant.h
@@ -144,6 +144,10 @@ struct _GSupplicantSSID {
const char *identity;
const char *anonymous_identity;
const char *ca_cert_path;
+ const char *subject_match;
+ const char *altsubject_match;
+ const char *domain_suffix_match;
+ const char *domain_match;
const char *client_cert_path;
const char *private_key_path;
const char *private_key_passphrase;
diff --git a/gsupplicant/supplicant.c b/gsupplicant/supplicant.c
index 7200041..8890447 100644
--- a/gsupplicant/supplicant.c
+++ b/gsupplicant/supplicant.c
@@ -4512,6 +4512,26 @@ static void add_network_security_eap(DBusMessageIter
*dict,
DBUS_TYPE_STRING,
&ssid->anonymous_identity);
+ if(ssid->subject_match)
+ supplicant_dbus_dict_append_basic(dict, "subject_match",
+ DBUS_TYPE_STRING,
+ &ssid->subject_match);
+
+ if(ssid->altsubject_match)
+ supplicant_dbus_dict_append_basic(dict, "altsubject_match",
+ DBUS_TYPE_STRING,
+ &ssid->altsubject_match);
+
+ if(ssid->domain_suffix_match)
+ supplicant_dbus_dict_append_basic(dict, "domain_suffix_match",
+ DBUS_TYPE_STRING,
+
&ssid->domain_suffix_match);
+
+ if(ssid->domain_match)
+ supplicant_dbus_dict_append_basic(dict, "domain_match",
+ DBUS_TYPE_STRING,
+ &ssid->domain_match);
+
g_free(eap_value);
}
diff --git a/plugins/wifi.c b/plugins/wifi.c
index 68b231d..70cec77 100644
--- a/plugins/wifi.c
+++ b/plugins/wifi.c
@@ -88,6 +88,10 @@ struct hidden_params {
unsigned int ssid_len;
char *identity;
char *anonymous_identity;
+ char *subject_match;
+ char *altsubject_match;
+ char *domain_suffix_match;
+ char *domain_match;
char *passphrase;
char *security;
GSupplicantScanParams *scan_params;
@@ -2058,6 +2062,14 @@ static void ssid_init(GSupplicantSSID *ssid, struct
connman_network *network)
"WiFi.AnonymousIdentity");
ssid->ca_cert_path = connman_network_get_string(network,
"WiFi.CACertFile");
+ ssid->subject_match = connman_network_get_string(network,
+ "WiFi.SubjectMatch");
+ ssid->altsubject_match = connman_network_get_string(network,
+ "WiFi.AltSubjectMatch");
+ ssid->domain_suffix_match = connman_network_get_string(network,
+
"WiFi.DomainSuffixMatch");
+ ssid->domain_match = connman_network_get_string(network,
+ "WiFi.DomainMatch");
ssid->client_cert_path = connman_network_get_string(network,
"WiFi.ClientCertFile");
ssid->private_key_path = connman_network_get_string(network,
diff --git a/src/config.c b/src/config.c
index ba10fbb..c40f76c 100644
--- a/src/config.c
+++ b/src/config.c
@@ -47,6 +47,10 @@ struct connman_config_service {
char *identity;
char *anonymous_identity;
char *ca_cert_file;
+ char *subject_match;
+ char *altsubject_match;
+ char *domain_suffix_match;
+ char *domain_match;
char *client_cert_file;
char *private_key_file;
char *private_key_passphrase;
@@ -100,6 +104,10 @@ static bool cleanup = false;
#define SERVICE_KEY_PRV_KEY_PASS_TYPE "PrivateKeyPassphraseType"
#define SERVICE_KEY_IDENTITY "Identity"
#define SERVICE_KEY_ANONYMOUS_IDENTITY "AnonymousIdentity"
+#define SERVICE_KEY_SUBJECT_MATCH "SubjectMatch"
+#define SERVICE_KEY_ALT_SUBJECT_MATCH "AltSubjectMatch"
+#define SERVICE_KEY_DOMAIN_SUFF_MATCH "DomainSuffixMatch"
+#define SERVICE_KEY_DOMAIN_MATCH "DomainMatch"
#define SERVICE_KEY_PHASE2 "Phase2"
#define SERVICE_KEY_PASSPHRASE "Passphrase"
#define SERVICE_KEY_SECURITY "Security"
@@ -132,6 +140,10 @@ static const char *service_possible_keys[] = {
SERVICE_KEY_PRV_KEY_PASS_TYPE,
SERVICE_KEY_IDENTITY,
SERVICE_KEY_ANONYMOUS_IDENTITY,
+ SERVICE_KEY_SUBJECT_MATCH,
+ SERVICE_KEY_ALT_SUBJECT_MATCH,
+ SERVICE_KEY_DOMAIN_SUFF_MATCH,
+ SERVICE_KEY_DOMAIN_MATCH,
SERVICE_KEY_PHASE2,
SERVICE_KEY_PASSPHRASE,
SERVICE_KEY_SECURITY,
@@ -225,6 +237,10 @@ free_only:
g_free(config_service->identity);
g_free(config_service->anonymous_identity);
g_free(config_service->ca_cert_file);
+ g_free(config_service->subject_match);
+ g_free(config_service->altsubject_match);
+ g_free(config_service->domain_suffix_match);
+ g_free(config_service->domain_match);
g_free(config_service->client_cert_file);
g_free(config_service->private_key_file);
g_free(config_service->private_key_passphrase);
@@ -666,6 +682,34 @@ static bool load_service(GKeyFile *keyfile, const char
*group,
service->anonymous_identity = str;
}
+ str = __connman_config_get_string(keyfile, group,
+ SERVICE_KEY_SUBJECT_MATCH, NULL);
+ if (str) {
+ g_free(service->subject_match);
+ service->subject_match = str;
+ }
+
+ str = __connman_config_get_string(keyfile, group,
+ SERVICE_KEY_ALT_SUBJECT_MATCH, NULL);
+ if (str) {
+ g_free(service->altsubject_match);
+ service->altsubject_match = str;
+ }
+
+ str = __connman_config_get_string(keyfile, group,
+ SERVICE_KEY_DOMAIN_SUFF_MATCH, NULL);
+ if (str) {
+ g_free(service->domain_suffix_match);
+ service->domain_suffix_match = str;
+ }
+
+ str = __connman_config_get_string(keyfile, group,
+ SERVICE_KEY_DOMAIN_MATCH, NULL);
+ if (str) {
+ g_free(service->domain_match);
+ service->domain_match = str;
+ }
+
str = __connman_config_get_string(keyfile, group, SERVICE_KEY_PHASE2,
NULL);
if (str) {
g_free(service->phase2);
@@ -1060,6 +1104,22 @@ static void provision_service_wifi(struct
connman_config_service *config,
__connman_service_set_string(service, "CACertFile",
config->ca_cert_file);
+ if (config->subject_match)
+ __connman_service_set_string(service, "SubjectMatch",
+ config->subject_match);
+
+ if (config->altsubject_match)
+ __connman_service_set_string(service, "AltSubjectMatch",
+
config->altsubject_match);
+
+ if (config->domain_suffix_match)
+ __connman_service_set_string(service, "DomainSuffixMatch",
+
config->domain_suffix_match);
+
+ if (config->domain_match)
+ __connman_service_set_string(service, "DomainMatch",
+ config->domain_match);
+
if (config->client_cert_file)
__connman_service_set_string(service, "ClientCertFile",
config->client_cert_file);
diff --git a/src/connman.h b/src/connman.h
index f85d243..577c808 100644
--- a/src/connman.h
+++ b/src/connman.h
@@ -779,6 +779,14 @@ void __connman_service_set_identity(struct connman_service
*service,
const char *identity);
void __connman_service_set_anonymous_identity(struct connman_service *service,
const char *anonymous_identity);
+void __connman_service_set_subject_match(struct connman_service *service,
+ const char *subject_match);
+void __connman_service_set_altsubject_match(struct connman_service *service,
+ const char *altsubject_match);
+void __connman_service_set_domain_suffix_match(struct connman_service *service,
+ const char *domain_suffix_match);
+void __connman_service_set_domain_match(struct connman_service *service,
+ const char *domain_match);
void __connman_service_set_agent_identity(struct connman_service *service,
const char *agent_identity);
int __connman_service_set_passphrase(struct connman_service *service,
diff --git a/src/network.c b/src/network.c
index 4c7f2d5..aa82b74 100644
--- a/src/network.c
+++ b/src/network.c
@@ -82,6 +82,10 @@ struct connman_network {
char *anonymous_identity;
char *agent_identity;
char *ca_cert_path;
+ char *subject_match;
+ char *altsubject_match;
+ char *domain_suffix_match;
+ char *domain_match;
char *client_cert_path;
char *private_key_path;
char *private_key_passphrase;
@@ -893,6 +897,10 @@ static void network_destruct(struct connman_network
*network)
g_free(network->wifi.anonymous_identity);
g_free(network->wifi.agent_identity);
g_free(network->wifi.ca_cert_path);
+ g_free(network->wifi.subject_match);
+ g_free(network->wifi.altsubject_match);
+ g_free(network->wifi.domain_suffix_match);
+ g_free(network->wifi.domain_match);
g_free(network->wifi.client_cert_path);
g_free(network->wifi.private_key_path);
g_free(network->wifi.private_key_passphrase);
@@ -1796,6 +1804,18 @@ int connman_network_set_string(struct connman_network
*network,
} else if (g_str_equal(key, "WiFi.CACertFile")) {
g_free(network->wifi.ca_cert_path);
network->wifi.ca_cert_path = g_strdup(value);
+ } else if (g_str_equal(key, "WiFi.SubjectMatch")) {
+ g_free(network->wifi.subject_match);
+ network->wifi.subject_match = g_strdup(value);
+ } else if (g_str_equal(key, "WiFi.AltSubjectMatch")) {
+ g_free(network->wifi.altsubject_match);
+ network->wifi.altsubject_match = g_strdup(value);
+ } else if (g_str_equal(key, "WiFi.DomainSuffixMatch")) {
+ g_free(network->wifi.domain_suffix_match);
+ network->wifi.domain_suffix_match = g_strdup(value);
+ } else if (g_str_equal(key, "WiFi.DomainMatch")) {
+ g_free(network->wifi.domain_match);
+ network->wifi.domain_match = g_strdup(value);
} else if (g_str_equal(key, "WiFi.ClientCertFile")) {
g_free(network->wifi.client_cert_path);
network->wifi.client_cert_path = g_strdup(value);
@@ -1850,6 +1870,14 @@ const char *connman_network_get_string(struct
connman_network *network,
return network->wifi.agent_identity;
else if (g_str_equal(key, "WiFi.CACertFile"))
return network->wifi.ca_cert_path;
+ else if (g_str_equal(key, "WiFi.SubjectMatch"))
+ return network->wifi.subject_match;
+ else if (g_str_equal(key, "WiFi.AltSubjectMatch"))
+ return network->wifi.altsubject_match;
+ else if (g_str_equal(key, "WiFi.DomainSuffixMatch"))
+ return network->wifi.domain_suffix_match;
+ else if (g_str_equal(key, "WiFi.DomainMatch"))
+ return network->wifi.domain_match;
else if (g_str_equal(key, "WiFi.ClientCertFile"))
return network->wifi.client_cert_path;
else if (g_str_equal(key, "WiFi.PrivateKeyFile"))
diff --git a/src/service.c b/src/service.c
index e5a106e..09472ab 100644
--- a/src/service.c
+++ b/src/service.c
@@ -104,6 +104,10 @@ struct connman_service {
char *anonymous_identity;
char *agent_identity;
char *ca_cert_file;
+ char *subject_match;
+ char *altsubject_match;
+ char *domain_suffix_match;
+ char *domain_match;
char *client_cert_file;
char *private_key_file;
char *private_key_passphrase;
@@ -2868,6 +2872,66 @@ void __connman_service_set_anonymous_identity(struct
connman_service *service,
service->anonymous_identity);
}
+void __connman_service_set_subject_match(struct connman_service *service,
+ const char *subject_match)
+{
+ if (service->immutable || service->hidden)
+ return;
+
+ g_free(service->subject_match);
+ service->subject_match = g_strdup(subject_match);
+
+ if (service->network)
+ connman_network_set_string(service->network,
+ "WiFi.SubjectMatch",
+ service->subject_match);
+}
+
+void __connman_service_set_altsubject_match(struct connman_service *service,
+ const char *altsubject_match)
+{
+ if (service->immutable || service->hidden)
+ return;
+
+ g_free(service->altsubject_match);
+ service->altsubject_match = g_strdup(altsubject_match);
+
+ if (service->network)
+ connman_network_set_string(service->network,
+ "WiFi.AltSubjectMatch",
+ service->altsubject_match);
+}
+
+void __connman_service_set_domain_suffix_match(struct connman_service *service,
+ const char *domain_suffix_match)
+{
+ if (service->immutable || service->hidden)
+ return;
+
+ g_free(service->domain_suffix_match);
+ service->domain_suffix_match = g_strdup(domain_suffix_match);
+
+ if (service->network)
+ connman_network_set_string(service->network,
+ "WiFi.DomainSuffixMatch",
+ service->domain_suffix_match);
+}
+
+void __connman_service_set_domain_match(struct connman_service *service,
+ const char *domain_match)
+{
+ if (service->immutable || service->hidden)
+ return;
+
+ g_free(service->domain_match);
+ service->domain_match = g_strdup(domain_match);
+
+ if (service->network)
+ connman_network_set_string(service->network,
+ "WiFi.DomainMatch",
+ service->domain_match);
+}
+
void __connman_service_set_agent_identity(struct connman_service *service,
const char *agent_identity)
{
@@ -4195,6 +4259,18 @@ bool __connman_service_remove(struct connman_service
*service)
g_free(service->anonymous_identity);
service->anonymous_identity = NULL;
+ g_free(service->subject_match);
+ service->subject_match = NULL;
+
+ g_free(service->altsubject_match);
+ service->altsubject_match = NULL;
+
+ g_free(service->domain_suffix_match);
+ service->domain_suffix_match = NULL;
+
+ g_free(service->domain_match);
+ service->domain_match = NULL;
+
g_free(service->agent_identity);
service->agent_identity = NULL;
@@ -4651,6 +4727,10 @@ static void service_free(gpointer user_data)
g_free(service->anonymous_identity);
g_free(service->agent_identity);
g_free(service->ca_cert_file);
+ g_free(service->subject_match);
+ g_free(service->altsubject_match);
+ g_free(service->domain_suffix_match);
+ g_free(service->domain_match);
g_free(service->client_cert_file);
g_free(service->private_key_file);
g_free(service->private_key_passphrase);
@@ -5148,6 +5228,18 @@ void __connman_service_set_string(struct connman_service
*service,
} else if (g_str_equal(key, "CACertFile")) {
g_free(service->ca_cert_file);
service->ca_cert_file = g_strdup(value);
+ } else if (g_str_equal(key, "SubjectMatch")) {
+ g_free(service->subject_match);
+ service->subject_match = g_strdup(value);
+ } else if (g_str_equal(key, "AltSubjectMatch")) {
+ g_free(service->altsubject_match);
+ service->altsubject_match = g_strdup(value);
+ } else if (g_str_equal(key, "DomainSuffixMatch")) {
+ g_free(service->domain_suffix_match);
+ service->domain_suffix_match = g_strdup(value);
+ } else if (g_str_equal(key, "DomainMatch")) {
+ g_free(service->domain_match);
+ service->domain_match = g_strdup(value);
} else if (g_str_equal(key, "ClientCertFile")) {
g_free(service->client_cert_file);
service->client_cert_file = g_strdup(value);
@@ -5989,6 +6081,22 @@ static void prepare_8021x(struct connman_service
*service)
connman_network_set_string(service->network, "WiFi.CACertFile",
service->ca_cert_file);
+ if (service->subject_match)
+ connman_network_set_string(service->network,
"WiFi.SubjectMatch",
+ service->subject_match);
+
+ if (service->altsubject_match)
+ connman_network_set_string(service->network,
"WiFi.AltSubjectMatch",
+
service->altsubject_match);
+
+ if (service->domain_suffix_match)
+ connman_network_set_string(service->network,
"WiFi.DomainSuffixMatch",
+
service->domain_suffix_match);
+
+ if (service->domain_match)
+ connman_network_set_string(service->network, "WiFi.DomainMatch",
+ service->domain_match);
+
if (service->client_cert_file)
connman_network_set_string(service->network,
"WiFi.ClientCertFile",
--
2.9.3 (Apple Git-75)
------------------------------
Message: 4
Date: Fri, 2 Dec 2016 17:38:37 +0000
From: "Blanquicet-Melendez Jose (MM)"
<[email protected]>
To: "[email protected]" <[email protected]>
Cc: "[email protected]" <[email protected]>, Feng Wang
<[email protected]>, Patrik Flykt <[email protected]>
Subject: RE: [PATCH 1/2] dhcpv6: Return -EISCONN when the expiry time
is inifinite
Message-ID: <[email protected]>
Content-Type: text/plain; charset="utf-8"
Hi Daniel,
>> compiling this patch with gcc version 5.3.0 configured for target
>> arm-poky-linux-gnueabi I get error "comparison between signed and
>> unsigned integer expressions [-Werror=sign-compare]". In the past I was
>> using version 4.8.4 and this error did not appear.
>
> gcc gets better and better in detecting such things. So it is not
> surprise to me that a newer version suddenly starts to complain.
>
> I tried to figure out how to solve this. It seems the canonical
> way according the man pages is to use a cast like:
>
> - if (expired == 0xffffffff)
> + if (expired == (time_t)0xffffffff)
>
> Wouldn't mind if someone with more knowledge could answer this question.
Indeed, that is why I replied to this patch; maybe Patrik or Feng Wang could
tell us if that casting could impact the normal behavior of this patch because
I also thought the same solution but I do not actually know the context of this
patch.
>> In addition but not related with this patch I get:
>>
>> /opt/sources/connman/src/iptables.c: In function 'iptables_add_chain':
>> /opt/sources/connman/src/iptables.c:622:10: error: cast increases required
>> alignment of target type [-Werror=cast-align]
>> error = (struct error_target *) entry_head->elems;
>> ^
>> /opt/sources/connman/src/iptables.c:640:13: error: cast increases required
>> alignment of target type [-Werror=cast-align]
>> standard = (struct ipt_standard_target *) entry_return->elems;
>> ^
>> /opt/sources/connman/src/iptables.c: In function 'find_existing_rule':
>> /opt/sources/connman/src/iptables.c:982:12: error: cast increases required
>> alignment of target type [-Werror=cast-align]
>> xt_e_m = (struct xt_entry_match *)entry_test->elems;
>> ^
>> /opt/sources/connman/src/iptables.c:1014:17: error: cast increases required
>> alignment of target type [-Werror=cast-align]
>> tmp_xt_e_m = (struct xt_entry_match *)tmp_e->elems;
>> ^
>> /opt/sources/connman/src/iptables.c: In function 'dump_match':
>> /opt/sources/connman/src/iptables.c:1275:10: error: cast increases required
>> alignment of target type [-Werror=cast-align]
>> match = (struct xt_entry_match *) entry->elems;
>>
>> Has someone updated the gcc version and getting these errors?
>
> We had those buggers in the past once and...
>
> commit d482e18ddf59be92427356420def4d8cdc8f2e7d
> Author: Jukka Rissanen <[email protected]>
> Date: Thu Aug 22 16:00:11 2013 +0300
>
> iptables: Alignment fixes
>
> The alignment of entry, offset and target was not calculated properly.
> This by chance worked for x86 but not for ARM.
>
>
> ... fixed a bunch of them.
>
> Hmm, I don't know how to fix that, any ideas?
>
> A quick peek into the iptables code shows they do it with
> memcpy (random example):
>
> static struct ipt_entry *
> generate_entry(const struct ipt_entry *fw,
> struct xtables_rule_match *matches,
> struct xt_entry_target *target)
> {
> unsigned int size;
> struct xtables_rule_match *matchp;
> struct ipt_entry *e;
>
> size = sizeof(struct ipt_entry);
> for (matchp = matches; matchp; matchp = matchp->next)
> size += matchp->match->m->u.match_size;
>
> e = xtables_malloc(size + target->u.target_size);
> *e = *fw;
> e->target_offset = size;
> e->next_offset = size + target->u.target_size;
>
> size = 0;
> for (matchp = matches; matchp; matchp = matchp->next) {
> memcpy(e->elems + size, matchp->match->m,
> matchp->match->m->u.match_size);
> size += matchp->match->m->u.match_size;
> }
> memcpy(e->elems + size, target, target->u.target_size);
>
> return e;
> }
>
> So is memcpy the solution?
iptables already implements a function to get struct xt_entry_target pointer
from a struct ipt_entry pointer in iptables.h:
static __inline__ struct xt_entry_target *
ipt_get_target(struct ipt_entry *e)
{
return (void *)e + e->target_offset;
}
Then, two of the error could be solve doing this:
- error = (struct error_target *) entry_head->elems;
+ error = (struct error_target *) ipt_get_target(entry_head);
- standard = (struct ipt_standard_target *) entry_return->elems;
+ standard = (struct ipt_standard_target *) ipt_get_target(entry_return);
Do you agree?
On the other hand, to get the struct xt_entry_match pointer from ipt_entry we
could follow the same approach by defining a function like this:
static __inline__ struct xt_entry_match *ipt_get_match(struct ipt_entry *e)
{
return (void *)e->elems;
}
What do you think? I would really appreciate if someone with much more
knowledge on this could test those ideas or suggest a possible solution. In
fact, I am not completely sure if this is actually an alignment problem or only
a casting problem because of different struct type.
Regards,
Jose Blanquicet
VISITA IL NOSTRO SITO WEB! - VISIT OUR WEB SITE! www.magnetimarelli.com
Confidential Notice: This message - including its attachments - may contain
proprietary, confidential and/or legally protected information and is intended
solely for the use of the designated addressee(s) above. If you are not the
intended recipient be aware that any downloading, copying, disclosure,
distribution or use of the contents of the above information is strictly
prohibited. If you have received this communication by mistake, please forward
the message back to the sender at the email address above, delete the message
from all mailboxes and any other electronic storage medium and destroy all
copies. Disclaimer Notice: Internet communications cannot be guaranteed to be
safe or error-free. Therefore we do not assure that this message is complete or
accurate and we do not accept liability for any errors or omissions in the
contents of this message.
------------------------------
Subject: Digest Footer
_______________________________________________
connman mailing list
[email protected]
https://lists.01.org/mailman/listinfo/connman
------------------------------
End of connman Digest, Vol 14, Issue 5
**************************************
