Send connman mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.01.org/mailman/listinfo/connman
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of connman digest..."
Today's Topics:
1. Aw: Re: [PATCH] service: Add EnableOnlineCheck config option
(Ingo Albrecht)
2. [PATCH 1/1] doc: add online check information (Ingo Albrecht)
3. Aw: Re: [PATCH] service: Add EnableOnlineCheck config option
(Ingo Albrecht)
4. [PATCH v2 1/1] doc: add online check information (Ingo Albrecht)
5. Monitoring online status (Antoine Aubert)
----------------------------------------------------------------------
Message: 1
Date: Tue, 14 Feb 2017 10:27:31 +0100
From: "Ingo Albrecht" <[email protected]>
To: "Marcel Holtmann" <[email protected]>
Cc: [email protected]
Subject: Aw: Re: [PATCH] service: Add EnableOnlineCheck config option
Message-ID:
<trinity-5f5dc18f-07a3-4f96-9366-839022eefd19-1487064451696@3capp-gmx-bs08>
Content-Type: text/plain; charset=UTF-8
> Gesendet: Sonntag, 05. Februar 2017 um 15:06 Uhr
> Von: "Marcel Holtmann" <[email protected]>
> An: "Ingo Albrecht" <[email protected]>
> Cc: [email protected]
> Betreff: Re: [PATCH] service: Add EnableOnlineCheck config option
>
> Hi Ingo,
>
> >>> Global config option, which allows to enable/disable (enabled by default)
> >>> use of http get in wispr to transition a default service from READY to
> >>> ONLINE state.
> >>
> >> Isn't
> >>
> >> ./configure --disable-wispr
> >>
> >> good enough?
> >>
> >> Thanks,
> >> Daniel
> >
> > Hi,
> >
> > no it isn't.
> > In fact the online check as it is done so far (default enabled, no option
> > to turn it off, no mention of it in the manpage, no privacy policy
> > available for the nginx server replying on how it cycles logs) can quickly
> > get this project into trouble. The current implementation clearly violates
> > privacy laws (EU-wide for starters).
>
> you mean /dev/null which is the current log file storage and log rotation
> policy. And for the open source version of ConnMan, you know exactly what it
> sends and where. That is the point behind it.
>
> If you want to change it, you have to modify it. And thanks to the GPL
> license requirement, publish the source of that change. A configuration file
> will not force that and then the ConnMan side can become the black box.
>
> Regards
>
> Marcel
>
>
Hi Marcel,
good to learn about log rotation policy and motivation.
I send a small doc patch in the next message which, while it cannot assert
compliance with Telemediengesetz & friends, may help end users figure about the
functionality. I hope that's ok. I'll be glad to amend it, or add contribute
more doc once functionality changes.
Regards,
Ingo
------------------------------
Message: 2
Date: Tue, 14 Feb 2017 10:28:03 +0100
From: "Ingo Albrecht" <[email protected]>
To: [email protected]
Subject: [PATCH 1/1] doc: add online check information
Message-ID:
<trinity-3f73a964-a9c4-4154-a8a8-78300b15b282-1487064483688@3capp-gmx-bs08>
Content-Type: text/plain; charset=UTF-8
Add new info from connman.net server admin to README.
Mention the online check in the manual so that end users have a reference on
functionality.
---
diff --git a/README b/README
index 1e066ce7..2cc1cb6a 100644
--- a/README
+++ b/README
@@ -389,7 +389,10 @@ During the online check procedure, ConnMan will
temporarily install
a host route to both the ipv4.connman.net and ipv6.connman.net so that
the online check query can be directed via the correct network
interface which the connected service is using. This host route is
-automatically removed when the online check is done.
+automatically removed when the online check is done. While ConnMan has no
+option to skip or diaable the online check, note that the server expressly
+does not log any connection information, including IPv4/6 addresses of
+connecting clients.
ConnMan sends this very minimal information in http header when doing
the online check request (example):
diff --git a/doc/connman.conf.5.in b/doc/connman.conf.5.in
index 9b28aada..c113ac3c 100644
--- a/doc/connman.conf.5.in
+++ b/doc/connman.conf.5.in
@@ -145,5 +145,15 @@ ethernet tethering.
AllowHostnameUpdates = false
TetheringTechnologies = ethernet,wifi,bluetooth,gadget
.fi
+.SH "NOTES"
+When a service is connected, ConnMan tries to detect if it has internet
+connectivity or not. During this online check procedure, ConnMan will
+temporarily install a host route to both the ipv4.connman.net and
+ipv6.connman.net so that the online check query can be directed via the
+correct network interface which the connected service is using.
+
+Currently there is no option to skip or disable this online check. ConnMan,
+however, limits transmitted data to a minimum. See the ConnMan README for
+more information.
.SH "SEE ALSO"
------------------------------
Message: 3
Date: Tue, 14 Feb 2017 10:43:24 +0100
From: "Ingo Albrecht" <[email protected]>
To: "Marcel Holtmann" <[email protected]>
Cc: "Daniel Wagner" <[email protected]>, [email protected]
Subject: Aw: Re: [PATCH] service: Add EnableOnlineCheck config option
Message-ID:
<trinity-69a48c0f-f92b-4283-a2aa-29aae94dce38-1487065404423@3capp-gmx-bs08>
Content-Type: text/plain; charset=UTF-8
> Gesendet: Sonntag, 05. Februar 2017 um 15:19 Uhr
> Von: "Marcel Holtmann" <[email protected]>
> An: "Daniel Wagner" <[email protected]>
> Cc: "Ingo Albrecht" <[email protected]>, [email protected]
> Betreff: Re: [PATCH] service: Add EnableOnlineCheck config option
>
> Hi Daniel,
>
> >> While I appreciate the work, being able to --disable-wispr during
> >> configure unfortunately is a functionality trade-off for all end-users,
> >> who would rather be able to configure it at runtime.[1]
> >
> > Oh well, I agree, runtime config it is?
>
> not without proper and detailed documentation. The potential for shooting
> themselves in the foot is too high. Most companies will underestimate the
> requirements for actually running the server.
>
> And everybody will underestimate the reason for X-ConnMan-Status field. I had
> these discussion before and most people do not understand the massive mess
> the WiFi portals are causing. I am totally fine if someone wants to fully
> disable this feature at compile time.
>
> However all these half baked ideas and then broken instances of ConnMan is
> not something I want to have ever being reported back to the mailing list. I
> even say that ConnMan should print a warning at startup if the portal
> detection code has been disabled.
>
> >> I actually agree with Marcel on the point that making the online
> >> check URL itself configurable introduces other problems.[2][3]
> >
> > The server side of online check needs also be available as source code. I
> > don't think it is okay to rely on a black box for an open source project.
>
> Frankly we had a project for the server side code as an independent self
> written daemon. We never put that into production since all you need is nginx
> and a dead simple config for it. As I said before, you do not store any logs
> and you have to access to the file system and it just runs and runs and runs.
>
> I could probably spent hours talking about the lessons learned from running
> connman.net server. It is something interesting in what happens and what is
> needed to make this fly.
>
> One thing that might cause to re-activate the open source project of the
> server is that fact that I think using HTTPS for the portal detection code
> might be actually something to explore. About 6 month ago, I spent some time
> on this and besides the extra workload for the server (or servers with
> dedicated SSL hardware like QuickAssist), the real power only comes client
> certificates. And that brings in other questions. If someone wants to discuss
> this, I happy to do so, but that is no as easy as some people might think.
> Especially if you take privacy serious.
>
> Regards
>
> Marcel
>
>
My immediate thought here is that there are so many broken portal
implementations which simply discard https packets before captive
authentication is done. So, I'd expect more broken connections while connman
waits for a ssl handshake reply.
What do you expect to gain from HTTPS here?
Regards,
Ingo
------------------------------
Message: 4
Date: Tue, 14 Feb 2017 11:56:30 +0100
From: "Ingo Albrecht" <[email protected]>
To: [email protected]
Subject: [PATCH v2 1/1] doc: add online check information
Message-ID:
<trinity-c77bc22c-2c83-4674-9acc-017629f5055a-1487069790550@3capp-gmx-bs28>
Content-Type: text/plain; charset=UTF-8
Add new info from connman.net server admin to README.
Mention the online check in the manual so that end users have a reference why
the client
opens an external route.
---
diff --git a/README b/README
index 1e066ce7..2cc1cb6a 100644
--- a/README
+++ b/README
@@ -389,7 +389,10 @@ During the online check procedure, ConnMan will
temporarily install
a host route to both the ipv4.connman.net and ipv6.connman.net so that
the online check query can be directed via the correct network
interface which the connected service is using. This host route is
-automatically removed when the online check is done.
+automatically removed when the online check is done. While ConnMan has no
+option to skip or disable the online check, note that the server expressly
+does not log any connection information, including IPv4/6 addresses of
+connecting clients.
ConnMan sends this very minimal information in http header when doing
the online check request (example):
diff --git a/doc/connman.conf.5.in b/doc/connman.conf.5.in
index 9b28aada..c113ac3c 100644
--- a/doc/connman.conf.5.in
+++ b/doc/connman.conf.5.in
@@ -145,5 +145,15 @@ ethernet tethering.
AllowHostnameUpdates = false
TetheringTechnologies = ethernet,wifi,bluetooth,gadget
.fi
+.SH "NOTES"
+When a service is connected, ConnMan tries to detect if it has internet
+connectivity or not. During this online check procedure, ConnMan will
+temporarily install a host route to both ipv4.connman.net and
+ipv6.connman.net so that the online check query can be directed via the
+correct network interface which the connected service is using.
+
+Currently there is no option to skip or disable this online check. ConnMan,
+however, limits transmitted data to a minimum. See the ConnMan README for
+more information.
.SH "SEE ALSO"
------------------------------
Message: 5
Date: Tue, 14 Feb 2017 17:46:39 +0100
From: Antoine Aubert <[email protected]>
To: [email protected]
Subject: Monitoring online status
Message-ID: <[email protected]>
Content-Type: text/plain; charset=utf-8
Hi,
Does connman can monitor 'online' service status ? When 'internet' can't
be reached ? i.e loosing xDSL sync ...
As I understand, once service became online (and all stuff checked), It
never go backward, until hardware event. (unpluged ...) Am I wrong ?
May we use wispr to check connectivity ? By polling ?
Regards,
--
Antoine Aubert
[email protected]
------------------------------
Subject: Digest Footer
_______________________________________________
connman mailing list
[email protected]
https://lists.01.org/mailman/listinfo/connman
------------------------------
End of connman Digest, Vol 16, Issue 17
***************************************
