connman Digest, Vol 19, Issue 15

connman-request Mon, 29 May 2017 12:01:20 -0700

Send connman mailing list submissions to
        [email protected]

To subscribe or unsubscribe via the World Wide Web, visit
        https://lists.01.org/mailman/listinfo/connman
or, via email, send a message with subject or body 'help' to
        [email protected]


You can reach the person managing the list at
        [email protected]

When replying, please edit your Subject line so it is more specific
than "Re: Contents of connman digest..."


Today's Topics:

   1. Iptables error with rule creation (Jeff Gray)


----------------------------------------------------------------------

Message: 1
Date: Mon, 29 May 2017 12:17:58 +1000
From: Jeff Gray <[email protected]>
To: [email protected]
Subject: Iptables error with rule creation
Message-ID:
        <cahb0ztnw2byqiotorbyohejpxkj0zzehqohmcwliqk4nepa...@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"

I am a new user of connman. The project is an older embedded system that is
being updated to use it.

Atmel AT91-RM9200 CPU

Linux-2.6.33-7 - older kernel which I can't upgrade due to binary drivers.
But I can recompile with new modules if needed. I have built almost
everything in the netfilter area as modules after reading several online
guides.

buildroot-2017-02 used to build system, so everything is pretty modern
apart from the kernel.

iptables-1.6.1

connman-1.34


Ethernet is working well. I am adding a USB gadget with tethering to allow
the device to be connected to Windows PCs as a USB device. This requires
the DHCP server in connman to be run. usb0 is recognized as a gadget by
connman. Tethering is initiated by sending:

connmanctl tether gadget on


After running my tethering command, lsmod shows:

iptable_filter          1184  1

iptable_nat             3573  0

nf_nat                 15825  1 iptable_nat

nf_conntrack_ipv4      11680  3 iptable_nat,nf_nat

nf_conntrack           52431  3 iptable_nat,nf_nat,nf_conntrack_ipv4

nf_defrag_ipv4           857  1 nf_conntrack_ipv4

ip_tables               8885  2 iptable_filter,iptable_nat

x_tables               10528  2 iptable_nat,ip_tables

bridge                 45118  0

stp                     1318  1 bridge

llc                     3094  2 bridge,stp

ipv6                  221360 12

ohci_hcd               25436  0

cfg80211              116559  0

rfkill                 13468  2 cfg80211

g_ether                42777  0

usbcore               151944  2 ohci_hcd

Running connmand with --debug=src/iptables.c,src/firewall-iptables.c:
Bridge firewalling registered
connmand[336]: Failed to bind UDP listener socket
connmand[336]: Failed to bind TCP listener socket
connmand[336]: DHCP server: option_code 1 option_value 255.255.255.0
connmand[336]: DHCP server: option_code 3 option_value 192.168.0.1
connmand[336]: DHCP server: option_code 6 option_value 192.168.0.1
connmand[336]: src/firewall-iptables.c:enable_rule() nat POSTROUTING -s
192.168.0.2/24 -o eth0 -j MASQUERADE
connmand[336]: src/iptables.c:__connman_iptables_new_chain() -t nat -N
connman-POSTROUTING
connmand[336]: src/iptables.c:iptables_init() nat
ip_tables: (C) 2000-2006 Netfilter Core Team
nf_conntrack version 0.5.0 (464 buckets, 1856 max)
CONFIG_NF_CT_ACCT is deprecated and will be removed soon. Please use
nf_conntrack.acct=1 kernel parameter, acct=1 nf_conntrack module option or
sysctl net.netfilter.nf_conntrack_acct=1 to enable it.
connmand[336]: src/iptables.c:iptables_add_chain() table nat chain
connman-POSTROUTING
connmand[336]: src/iptables.c:__connman_iptables_insert() -t nat -I
POSTROUTING -j connman-POSTROUTING
connmand[336]: src/iptables.c:iptables_insert_rule() table nat chain
POSTROUTING
connmand[336]: src/iptables.c:__connman_iptables_delete_chain() -t nat -X
connman-POSTROUTING
connmand[336]: src/iptables.c:iptables_delete_chain() table nat chain
connman-POSTROUTING
connmand[336]: Cannot enable NAT -22/Invalid argument
connmand[336]: Add interface to bridge error No such device

Debugging further I've found that find_chain_head is getting a target->data
value of "ERROR", so it returns null. iptables_insert_rule detects this, so
it returns -EINVAL.

I inserted a system() call to dump iptables just before the error & I can
see that nothing has been defined other than defaults. connman-POSTROUTING
does not exist (but I'm not sure if it's supposed to at this stage).

connmand appears to be working well in other regards. I can run many
commands & get good results. iptables is also working fine - I can add NAT
chains & rules without error.

At this stage I'm a bit lost as to where to look. Is it a problem with my
kernel/modules not being set up properly or in connman config?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 
<http://lists.01.org/pipermail/connman/attachments/20170529/56c9ef16/attachment-0001.html>

------------------------------

Subject: Digest Footer

_______________________________________________
connman mailing list
[email protected]
https://lists.01.org/mailman/listinfo/connman


------------------------------

End of connman Digest, Vol 19, Issue 15
***************************************

connman Digest, Vol 19, Issue 15

Reply via email to