Send connman mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.01.org/mailman/listinfo/connman
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of connman digest..."
Today's Topics:
1. Re: [PATCHv2] iptables: Set protocol family in xtables setup.
(Daniel Wagner)
2. Re: Bluetooth services does not appear (Daniel Wagner)
3. Re: connman and openvpn (Daniel Wagner)
4. Re: [PATCH] iptables: Set ip6t_ip6 flags if IPv6 rule
protocol is set. (Daniel Wagner)
----------------------------------------------------------------------
Message: 1
Date: Thu, 14 Feb 2019 20:46:37 +0100
From: Daniel Wagner <[email protected]>
To: Jussi Laakkonen <[email protected]>
Cc: [email protected]
Subject: Re: [PATCHv2] iptables: Set protocol family in xtables setup.
Message-ID: <[email protected]>
Content-Type: text/plain; charset=us-ascii
Hi Jussi,
On Thu, Jan 17, 2019 at 05:26:03PM +0200, Jussi Laakkonen wrote:
> As it turned out, this problem existed because iptables does not fully
> support changing between IP families when used within one session. We use
> iptables 1.6.1 and needed to create a patch for our iptables:
> https://git.merproject.org/mer-core/iptables/commit/2b90df004ab0e4e37cf60a2ab8b331a78d0e1f61#584c4bcf465ca193a1884af9ddb8b0880e242277
> that explains the issue in full.
>
> This required no changes to connman. Although an issue with ip6tables
> protocol detection was noticed (and patch provided).
>
> There is no fix for this issue in upstream iptables. It apparently concerns
> use of iptables with shared libraries, as it is in our case. That patch
> above could be submitted to iptables as well but in our use case, testing
> with iptables 1.8.x is not feasible just yet.
>
> So in summarum; if there are problems with iptables use in connman check if
> above patch to iptables solves the issue.
Thanks for the summary. I feared that we end up in this sitution with
iptables. I wonder if we could use the new compact layer for iptables
and nftables and drop our internal iptables layer completely. Though
this is a lot of work and I personally don't have the drive to do it.
Anyway, great work!
Thanks,
Daniel
------------------------------
Message: 2
Date: Thu, 14 Feb 2019 20:51:22 +0100
From: Daniel Wagner <[email protected]>
To: David Lechner <[email protected]>
Cc: Ferry Toth <[email protected]>, [email protected]
Subject: Re: Bluetooth services does not appear
Message-ID: <[email protected]>
Content-Type: text/plain; charset=iso-8859-1
On Tue, Jan 29, 2019 at 09:49:13PM -0600, David Lechner wrote:
> On 1/29/19 2:22 PM, Ferry Toth wrote:
> >
> > Op 09-01-19 om 16:51 schreef Daniel Wagner:
> > > > root@edison:~# connmanctl
> > > > connmanctl> services
> > > > *AR Wired??????????????? ethernet_00800f951d4d_cable
> > > > ???? Ferry Toth (Galaxy Note3) bluetooth_43341B001FAC_C462EA01AF74
> > > > connmanctl> connect bluetooth_43341B001FAC_C462EA01AF74
> > > > Error /net/connman/service/bluetooth_43341B001FAC_C462EA01AF74:
> > > > Input/output error
> > > >
> > > > Seems like 1 more thing is missing.
> > > Something interesting in the logs?
> > I posted debug logs. Did you have a look?
>
> I had a look, but I didn't see anything helpful. Sorry.
Me neither.
> Maybe there is something in the BlueZ/bluetoothd logs?
>
> Maybe you are missing a kernel option that needs to be
> enabled for ConnMan or BlueZ?
Hmm, good idea. If it would be oFono my tip would CONFIG_TUN. Almost :(
Thanks,
Daniel
------------------------------
Message: 3
Date: Thu, 14 Feb 2019 20:56:16 +0100
From: Daniel Wagner <[email protected]>
To: Cliff McDiarmid <[email protected]>, [email protected]
Subject: Re: connman and openvpn
Message-ID: <[email protected]>
Content-Type: text/plain; charset=utf-8; format=flowed
Hi
On 1/4/19 10:24 PM, Cliff McDiarmid wrote:
> Hi
> I'm using CMST to create a openvpn tunnel with connman. Manually I can
> bring up a VPN service.
Okay, that is good to hear.
> When creating a VPN does connman require the 'openvpn-client@service' to
> be runnng or does it start an instance of Openvpn itself?
This looks like you a systemd service file. ConnMan (connman-vpnd)
starts OpenVPN itself via a start script.
> I ask because I'm having problems getting the client service running and
> also VPN with Connman
You need to run both deamons: connmand and connman-vpnd.
See man connman-vpn-profider.config
Thanks,
Daniel
------------------------------
Message: 4
Date: Thu, 14 Feb 2019 20:58:07 +0100
From: Daniel Wagner <[email protected]>
To: Jussi Laakkonen <[email protected]>
Cc: [email protected]
Subject: Re: [PATCH] iptables: Set ip6t_ip6 flags if IPv6 rule
protocol is set.
Message-ID: <[email protected]>
Content-Type: text/plain; charset=us-ascii
Hi Jussi,
On Thu, Jan 17, 2019 at 04:01:41PM +0200, Jussi Laakkonen wrote:
> Flags is required to be set as IP6T_F_PROTO if protocol for IPv6 rule is
> being set (INCLUDEDIR/linux/netfilter_ipv6/ip6_tables.h). Without this
> being set, ICMPv6 rules, for example, are installed to ip6tables but no
> packet matches the rule as protocol check is skipped in kernel.
Patch applied.
Thanks,
Daniel
------------------------------
Subject: Digest Footer
_______________________________________________
connman mailing list
[email protected]
https://lists.01.org/mailman/listinfo/connman
------------------------------
End of connman Digest, Vol 40, Issue 5
**************************************
