connman Digest, Vol 16, Issue 12

[connman-request]

Send connman mailing list submissions to
        connman@lists.01.org

To subscribe or unsubscribe via the World Wide Web, visit
        https://lists.01.org/mailman/listinfo/connman
or, via email, send a message with subject or body 'help' to
        connman-requ...@lists.01.org

You can reach the person managing the list at
        connman-ow...@lists.01.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of connman digest..."


Today's Topics:

   1. Re: ofono: cellular service disconnect makes it disappear
      (Daniel Wagner)
   2. Re: [PATCH] service: Add EnableOnlineCheck config option
      (Daniel Wagner)
   3. iptables - ignoring the entries from other processes (Usman S)
   4. [PATCH v1 0/3] Use /dev/random instead of /dev/urandom
      (Daniel Wagner)
   5. [PATCH v1 1/3] gdhcp: Use /dev/random instead of /dev/urandom
      (Daniel Wagner)
   6. [PATCH v1 2/3] util: Use /dev/random instead of /dev/urandom
      (Daniel Wagner)
   7. [PATCH v1 3/3] README: Add GnuTLS seciont on
      GNUTLS_NO_EXPLICIT_INIT (Daniel Wagner)
   8. Re: [PATCH v1 0/3] Use /dev/random instead of /dev/urandom
      (Slava Monich)
   9. Re: [PATCH v1 0/3] Use /dev/random instead of /dev/urandom
      (Daniel Wagner)
  10. Re: [PATCH v1 0/3] Use /dev/random instead of /dev/urandom
      (Denis Kenzior)


----------------------------------------------------------------------

Message: 1
Date: Mon, 6 Feb 2017 22:09:21 +0100
From: Daniel Wagner <w...@monom.org>
To: Patrik Flykt <patrik.fl...@linux.intel.com>, Daryl Nebrich
        <darylnebr...@gmail.com>, Andr? Draszik  <g...@andred.net>
Cc: connman@lists.01.org
Subject: Re: ofono: cellular service disconnect makes it disappear
Message-ID: <5cf77909-dfaa-c981-e28e-3f27eb26f...@monom.org>
Content-Type: text/plain; charset=utf-8; format=flowed

Hi Patrik,

On 02/06/2017 02:19 PM, Patrik Flykt wrote:
> On Fri, 2017-02-03 at 07:58 +0100, Daniel Wagner wrote:
>> Cellular should also autoconnect if you ask me. So if that snippet
>> below is needed to get it rolling, I suggest to send it as proper
>> patch and I will review it :)
>
> There is already DefaultAutoConnectTechnologies in main.conf that takes
> care of this behavior.

True. I got the impression that we might have a regression somewhere in 
the autoconnect path.

Thanks,
Daniel


------------------------------

Message: 2
Date: Mon, 6 Feb 2017 22:16:41 +0100
From: Daniel Wagner <w...@monom.org>
To: Marcel Holtmann <mar...@holtmann.org>
Cc: connman@lists.01.org
Subject: Re: [PATCH] service: Add EnableOnlineCheck config option
Message-ID: <0ec4659b-2ed0-550f-f09f-733b16f2d...@monom.org>
Content-Type: text/plain; charset=utf-8; format=flowed

Hi Marcel,

On 02/05/2017 03:19 PM, Marcel Holtmann wrote:
>>> While I appreciate the work, being able to --disable-wispr during
>>> configure unfortunately is a functionality trade-off for all end-users,
>>> who would rather be able to configure it at runtime.[1]
>>
>> Oh well, I agree, runtime config it is?
>
> not without proper and detailed documentation. The potential for
> shooting themselves in the foot is too high. Most companies will
> underestimate the requirements for actually running the server.

Okay, got it. We start documenting in doc/online-check.txt (or any 
better name).

> And everybody will underestimate the reason for X-ConnMan-Status
> field. I had these discussion before and most people do not understand
> the massive mess the WiFi portals are causing. I am totally fine if
> someone wants to fully disable this feature at compile time.

I am fine with this approach too. I just got tired to answer the same 
question all the time :) And I would say we just stay in READY state in 
this case, no auto state transition to ONLINE.

> I could probably spent hours talking about the lessons learned from
> running connman.net server. It is something interesting in what happens
> and what is needed to make this fly.

I would attend such talk :)

Thanks,
Daniel


------------------------------

Message: 3
Date: Mon, 6 Feb 2017 22:57:59 +0100
From: Usman S <usmanabu...@gmail.com>
To: connman@lists.01.org
Subject: iptables - ignoring the entries from other processes
Message-ID:
        <campzcoxhyh__cg+y456atc6xntt2nuuhg5qc-xvqiv_crev...@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8

Hi all,

Please ignore if this was discussed earlier and maybe I am too naive
here. I could see that ConnMan does not seems to keep track of the
rules which did not go through it. Maybe it should read the table
everytime before it commits a change so that the existing entries will
not be disturbed. Also I think we should also include the important
xtables_lock before read and release after committing so that it is
clean like iptables does. Yeah, the drawback could that if someone
else is holding and has not released, Connman would be blocked as well
but this seems to me a generic problem. Please let me know your
comments.

Thanks,
Usman


------------------------------

Message: 4
Date: Tue,  7 Feb 2017 07:49:35 +0100
From: Daniel Wagner <w...@monom.org>
To: connman@lists.01.org
Cc: Shrikant Bobade <bobadeshrik...@gmail.com>, Daniel Wagner
        <w...@monom.org>
Subject: [PATCH v1 0/3] Use /dev/random instead of /dev/urandom
Message-ID: <20170207064938.27686-1-w...@monom.org>
Content-Type: text/plain; charset=UTF-8

Hi,

Is short don't block on /dev/urandom, use /dev/random.

See http://www.2uo.de/myths-about-urandom/ for more details.

Thanks,
Daniel

Daniel Wagner (3):
  gdhcp: Use /dev/random instead of /dev/urandom
  util: Use /dev/random instead of /dev/urandom
  README: Add GnuTLS seciont on GNUTLS_NO_EXPLICIT_INIT

 README         | 16 ++++++++++++++++
 gdhcp/common.c |  3 +--
 src/util.c     | 10 +++++-----
 3 files changed, 22 insertions(+), 7 deletions(-)

-- 
2.9.3


------------------------------

Message: 5
Date: Tue,  7 Feb 2017 07:49:36 +0100
From: Daniel Wagner <w...@monom.org>
To: connman@lists.01.org
Cc: Shrikant Bobade <bobadeshrik...@gmail.com>, Daniel Wagner
        <w...@monom.org>
Subject: [PATCH v1 1/3] gdhcp: Use /dev/random instead of /dev/urandom
Message-ID: <20170207064938.27686-2-w...@monom.org>
Content-Type: text/plain; charset=UTF-8

On recent Linux system /dev/random and /dev/urandom use the exact same
cryptographically secure pseudorandom number generator, they only
differ in very few ways that have nothing to do with ?true?
randomness.

Though /dev/urandom has the property to block if the entry pool is
empty. Furthermore, the corresponding RFCs do not request a
cryptographically sound source. So we can safely use /dev/random here.
---
 gdhcp/common.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/gdhcp/common.c b/gdhcp/common.c
index 146fc05..52e786c 100644
--- a/gdhcp/common.c
+++ b/gdhcp/common.c
@@ -60,7 +60,6 @@ static const DHCPOption client_options[] = {
        { OPTION_UNKNOWN,               0x00 },
 };
 
-#define URANDOM "/dev/urandom"
 static int random_fd = -1;
 
 int dhcp_get_random(uint64_t *val)
@@ -68,7 +67,7 @@ int dhcp_get_random(uint64_t *val)
        int r;
 
        if (random_fd < 0) {
-               random_fd = open(URANDOM, O_RDONLY);
+               random_fd = open("/dev/random", O_RDONLY);
                if (random_fd < 0) {
                        r = -errno;
                        *val = random();
-- 
2.9.3


------------------------------

Message: 6
Date: Tue,  7 Feb 2017 07:49:37 +0100
From: Daniel Wagner <w...@monom.org>
To: connman@lists.01.org
Cc: Shrikant Bobade <bobadeshrik...@gmail.com>, Daniel Wagner
        <w...@monom.org>
Subject: [PATCH v1 2/3] util: Use /dev/random instead of /dev/urandom
Message-ID: <20170207064938.27686-3-w...@monom.org>
Content-Type: text/plain; charset=UTF-8

On recent Linux system /dev/random and /dev/urandom use the exact same
cryptographically secure pseudorandom number generator, they only
differ in very few ways that have nothing to do with ?true?
randomness.

Though /dev/urandom has the property to block if the entry pool is
empty.

Non of the users of __connman_util_get_random (DHCP, DNS) request
cryptographically sound source so we can safely use /dev/random.
---
 src/util.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/util.c b/src/util.c
index 732d451..80652d9 100644
--- a/src/util.c
+++ b/src/util.c
@@ -34,7 +34,7 @@
 
 #include "connman.h"
 
-#define URANDOM "/dev/urandom"
+#define DEV_RANDOM "/dev/random"
 
 static int f = -1;
 
@@ -48,11 +48,11 @@ int __connman_util_get_random(uint64_t *val)
        r = read(f, val, sizeof(uint64_t));
        if (r < 0) {
                r = -errno;
-               connman_warn_once("Could not read from "URANDOM);
+               connman_warn_once("Could not read from "DEV_RANDOM);
                *val = random();
        } else if (r != sizeof(uint64_t)) {
                r = -EIO;
-               connman_warn_once("Short read from "URANDOM);
+               connman_warn_once("Short read from "DEV_RANDOM);
                *val = random();
        }
 
@@ -66,10 +66,10 @@ int __connman_util_init(void)
        if (f >= 0)
                return 0;
 
-       f = open(URANDOM, O_RDONLY);
+       f = open(DEV_RANDOM, O_RDONLY);
        if (f < 0) {
                r = -errno;
-               connman_warn("Could not open "URANDOM);
+               connman_warn("Could not open "DEV_RANDOM);
                srandom(time(NULL));
        } else {
                uint64_t val;
-- 
2.9.3


------------------------------

Message: 7
Date: Tue,  7 Feb 2017 07:49:38 +0100
From: Daniel Wagner <w...@monom.org>
To: connman@lists.01.org
Cc: Shrikant Bobade <bobadeshrik...@gmail.com>, Daniel Wagner
        <w...@monom.org>
Subject: [PATCH v1 3/3] README: Add GnuTLS seciont on
        GNUTLS_NO_EXPLICIT_INIT
Message-ID: <20170207064938.27686-4-w...@monom.org>

Warn users of GnuTLS about the behavior of gnutls_global_init() which
might block the loading of ConnMan.
---
 README | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/README b/README
index f4d1895..1e066ce 100644
--- a/README
+++ b/README
@@ -355,6 +355,22 @@ network. While the same setup works well for a WiFi or 
ethernet
 uplink.
 
 
+GnuTLS
+======
+
+When using GnuTLS be aware that depending on the configuration of
+GnuTLS does either an lazy or eager initialization of an internal
+entropy pool using /dev/urandom. On eager initialization the loading
+of ConnMan will be delayed by the link loader until the entropy pool
+is filled. On smaller system this can easily delay the startup of
+ConnMan by several seconds (we had reports of 25 seconds and more
+delay).
+
+GnuTLS allows to switch back to lazy evaluation when the environment
+variable GNUTLS_NO_EXPLICIT_INIT. For more details please read
+the man page to gnutls_global_init(3).
+
+
 Online check
 ============
 
-- 
2.9.3


------------------------------

Message: 8
Date: Tue, 7 Feb 2017 12:16:53 +0300
From: Slava Monich <slava.mon...@jolla.com>
To: connman@lists.01.org
Cc: Daniel Wagner <w...@monom.org>
Subject: Re: [PATCH v1 0/3] Use /dev/random instead of /dev/urandom
Message-ID: <d4fedeb0-44ea-99d1-b1fa-bc65cb385...@jolla.com>
Content-Type: text/plain; charset=windows-1252; format=flowed

Hi Daniel,

> Hi,
>
> Is short don't block on /dev/urandom, use /dev/random.
>
> See http://www.2uo.de/myths-about-urandom/ for more details.
>
> Thanks,
> Daniel
>

I'm a bit confused. I read that web page again and again - it claims 
that it's /dev/urandom which should be used because it never blocks and 
it's /dev/random which DOES block. But your comments imply the opposite 
- that /dev/urandom blocks and /dev/random doesn't.

-Slava


------------------------------

Message: 9
Date: Tue, 7 Feb 2017 19:41:20 +0100
From: Daniel Wagner <w...@monom.org>
To: Slava Monich <slava.mon...@jolla.com>, connman@lists.01.org
Subject: Re: [PATCH v1 0/3] Use /dev/random instead of /dev/urandom
Message-ID: <0d586747-95de-4c33-ed45-3b5e1f2c5...@monom.org>
Content-Type: text/plain; charset=windows-1252; format=flowed

Hi Slava,

On 02/07/2017 10:16 AM, Slava Monich wrote:
> I'm a bit confused. I read that web page again and again - it claims
> that it's /dev/urandom which should be used because it never blocks and
> it's /dev/random which DOES block. But your comments imply the opposite
> - that /dev/urandom blocks and /dev/random doesn't.

Me too. I wasn't really awake as it seems. You are absolutely right, the 
code is fine. Documentation was missing...

Thanks for reviewing! Really appreciated!
Daniel


------------------------------

Message: 10
Date: Tue, 7 Feb 2017 13:03:33 -0600
From: Denis Kenzior <denk...@gmail.com>
To: Daniel Wagner <w...@monom.org>, connman@lists.01.org
Subject: Re: [PATCH v1 0/3] Use /dev/random instead of /dev/urandom
Message-ID: <d926ae18-b429-ec70-8d8b-fae82f0a7...@gmail.com>
Content-Type: text/plain; charset=windows-1252; format=flowed

Hi Daniel,

On 02/07/2017 12:41 PM, Daniel Wagner wrote:
> Hi Slava,
>
> On 02/07/2017 10:16 AM, Slava Monich wrote:
>> I'm a bit confused. I read that web page again and again - it claims
>> that it's /dev/urandom which should be used because it never blocks and
>> it's /dev/random which DOES block. But your comments imply the opposite
>> - that /dev/urandom blocks and /dev/random doesn't.
>
> Me too. I wasn't really awake as it seems. You are absolutely right, the
> code is fine. Documentation was missing...
>

Or better yet, do as ell does and use getrandom().

Regards,
-Denis



------------------------------

Subject: Digest Footer

_______________________________________________
connman mailing list
connman@lists.01.org
https://lists.01.org/mailman/listinfo/connman


------------------------------

End of connman Digest, Vol 16, Issue 12
***************************************