Send connman mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.01.org/mailman/listinfo/connman
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of connman digest..."
Today's Topics:
1. [PATCH v3 6/8] session: Remove old session rules and routes
after a config change ([email protected])
2. [PATCH v3 7/8] client: Add session source ip rule
([email protected])
3. [PATCH v3 8/8] doc: Session multi-interface routing
([email protected])
----------------------------------------------------------------------
Message: 1
Date: Wed, 25 Jan 2017 18:13:16 +0000
From: [email protected]
To: [email protected]
Subject: [PATCH v3 6/8] session: Remove old session rules and routes
after a config change
Message-ID: <[email protected]>
From: Lukasz Nowak <[email protected]>
When a session disconnects due to a config change:
- AllowedBearers does not contain a connected service
- AllowedInterface is not in a connected service
several objects created by the session's previous config do not
get removed:
- iproute2 fwmark/table rules
- firewall fwmark rules
- session's routing table
This change cleans up state of the session correctly on each config change.
---
src/session.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/session.c b/src/session.c
index 509abe2..3ea2963 100644
--- a/src/session.c
+++ b/src/session.c
@@ -1158,6 +1158,7 @@ static DBusMessage *change_session(DBusConnection *conn,
session->active = false;
session_deactivate(session);
+ update_session_state(session);
g_slist_free(info->config.allowed_bearers);
session->user_allowed_bearers = allowed_bearers;
@@ -1185,6 +1186,7 @@ static DBusMessage *change_session(DBusConnection *conn,
session->active = false;
session_deactivate(session);
+ update_session_state(session);
g_free(session->user_allowed_interface);
/* empty string means allow any interface */
--
2.7.4
------------------------------
Message: 2
Date: Wed, 25 Jan 2017 18:13:17 +0000
From: [email protected]
To: [email protected]
Subject: [PATCH v3 7/8] client: Add session source ip rule
Message-ID: <[email protected]>
From: Lukasz Nowak <[email protected]>
Add a session config field to enable/disable creation of the
source ip rule in iptables by a session.
---
client/commands.c | 25 +++++++++++++++++++++++++
1 file changed, 25 insertions(+)
diff --git a/client/commands.c b/client/commands.c
index c41e9b4..583095b 100644
--- a/client/commands.c
+++ b/client/commands.c
@@ -1897,6 +1897,7 @@ static int session_config(char *args[], int num,
struct config_append append;
char c;
char *ifname;
+ dbus_bool_t source_ip_rule;
while (index < num && args[index]) {
append.opts = &args[index];
@@ -1935,6 +1936,29 @@ static int session_config(char *args[], int num,
DBUS_TYPE_STRING, &ifname);
append.values = 2;
break;
+ case 's':
+ if (!args[index + 1]) {
+ res = -EINVAL;
+ break;
+ }
+ switch (parse_boolean(args[index + 1])) {
+ case 1:
+ source_ip_rule = TRUE;
+ break;
+ case 0:
+ source_ip_rule = FALSE;
+ break;
+ default:
+ res = -EINVAL;
+ break;
+ }
+
+ res = __connmanctl_dbus_session_change(connection,
+ session_path, session_config_return,
+ "SourceIPRule", "SourceIPRule",
+ DBUS_TYPE_BOOLEAN, &source_ip_rule);
+ append.values = 2;
+ break;
default:
res = -EINVAL;
@@ -2223,6 +2247,7 @@ static struct connman_option session_options[] = {
{"bearers", 'b', "<technology1> [<technology2> [...]]"},
{"type", 't', "local|internet|any"},
{"ifname", 'i', "[<interface_name>]"},
+ {"srciprule", 's', "yes|no"},
{ NULL, }
};
--
2.7.4
------------------------------
Message: 3
Date: Wed, 25 Jan 2017 18:13:18 +0000
From: [email protected]
To: [email protected]
Subject: [PATCH v3 8/8] doc: Session multi-interface routing
Message-ID: <[email protected]>
From: Lukasz Nowak <[email protected]>
Update session overview and API documents to demonstrate how sessions
can be used to maintain multiple connections in parallel.
---
doc/session-api.txt | 23 +++++++++++++++++++++++
doc/session-overview.txt | 31 +++++++++++++++++++++++++++++++
2 files changed, 54 insertions(+)
diff --git a/doc/session-api.txt b/doc/session-api.txt
index 3aac535..f089c56 100644
--- a/doc/session-api.txt
+++ b/doc/session-api.txt
@@ -182,3 +182,26 @@ Settings string State [readonly]
(This setting will be removed when the unique process
identification problem is solved.)
+ string AllowedInterface [readwrite]
+
+ This field is used to bind a session to a specific
+ network interface. If this field is empty, the first
+ interface from a list of available ones will be used.
+ Also "*" string matches any interface.
+
+ Only one interface may be specified.
+
+ If a specified network interface is not available
+ (e.g. because AllowedBearers filters it out), the
+ session will not go online.
+
+ boolean SourceIPRule [readwrite]
+
+ If set to true the session will create source IP
+ address rule in the firewall, which redirects traffic
+ to that session's routing table.
+
+ Each session maintains a dedicated routing table, with
+ a default route. When the source IP rule is enabled,
+ an application can select which session/interface to
+ send traffic on, using bind-before-connect mechanism.
diff --git a/doc/session-overview.txt b/doc/session-overview.txt
index 2393167..976c351 100644
--- a/doc/session-overview.txt
+++ b/doc/session-overview.txt
@@ -92,3 +92,34 @@ The default session configuration does not enable the per
application
routing. Sessions are still useful in this setup, because the
notification of sessions is still available, e.g. the online/offline
notification.
+
+
+Multiple per-session routing tables
+===================================
+
+Sessions can be used in an environment with multiple network interfaces,
+where an application needs to direct outside traffic through a selected
+interface(s). ConnMan can maintain multiple sessions in a connected
+stated, and the application can dynamically, on a per-socket basis,
+select which session is used to route traffic.
+
+Example use cases are:
+- monitoring liveness of multiple connected interfaces, by sending
+ end-to-end heartbeat traffic on all of them in parallel.
+- prioritising traffic - e.g. sensitive data can be transferred over a slow,
+ but secure connection, while big, public downloads use a second session
+
+By default, ConnMan maintains only one online service. So it is impossible
+to send external traffic (routed through a gateway) on multiple interfaces.
+In order to enable this functionality, an application needs to issue the
+following API calls:
+- create multiple sessions, one for each interface to be used
+- set each session's AllowedInterface config field to the required interface
+ name (eth0, eth1, wlan0, ppp0, etc.)
+- set each session's SourceIPRule config field to true
+- connect each session (or the service it is using)
+
+That will instruct ConnMan to create multiple routing tables, with default
+routes in them. After that, the application can issue a bind() call on each
+socket, using required interface's source IP address. The bind() call must
+be made before a connect() call on a socket.
--
2.7.4
------------------------------
Subject: Digest Footer
_______________________________________________
connman mailing list
[email protected]
https://lists.01.org/mailman/listinfo/connman
------------------------------
End of connman Digest, Vol 15, Issue 31
***************************************
