Send connman mailing list submissions to
[email protected]
To subscribe or unsubscribe via email, send a message with subject or
body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of connman digest..."
Today's Topics:
1. Re: [PATCH v2] iwd: Mark network avaible after scaning
(Daniel Wagner)
2. [PATCH 0/2] WireGuard/VPN small tweaks. (Daniel Wagner)
3. [PATCH 1/2] wireguard: Regular reresolve endpoint address
(Daniel Wagner)
4. [PATCH 2/2] vpn: Make domain parameter optional (Daniel Wagner)
----------------------------------------------------------------------
Date: Sun, 22 Mar 2020 19:16:52 +0100
From: Daniel Wagner <[email protected]>
Subject: Re: [PATCH v2] iwd: Mark network avaible after scaning
To: [email protected]
Message-ID: <[email protected]>
Content-Type: text/plain; charset=us-ascii
On Thu, Mar 19, 2020 at 09:39:15AM +0100, Daniel Wagner wrote:
> connman_device_set_scanning() marks all networks as unavailable during
> the scan period. The iwd plugin needs mark the network available
> again.
Patch applied.
------------------------------
Date: Sun, 22 Mar 2020 21:13:24 +0100
From: Daniel Wagner <[email protected]>
Subject: [PATCH 0/2] WireGuard/VPN small tweaks.
To: [email protected]
Cc: Daniel Wagner <[email protected]>
Message-ID: <[email protected]>
Christian Hewitt had some feedback/wisches from the LibreELEC project.
https://forum.libreelec.tv/thread/17965-add-wireguard-support/?pageNo=2
Daniel Wagner (2):
wireguard: Regular reresolve endpoint address
vpn: Make domain parameter optional
doc/vpn-config-format.txt | 2 +-
vpn/plugins/wireguard.c | 87 +++++++++++++++++++++++++++++++++++----
vpn/vpn-config.c | 2 +-
vpn/vpn-provider.c | 11 ++---
4 files changed, 88 insertions(+), 14 deletions(-)
--
2.25.1
------------------------------
Date: Sun, 22 Mar 2020 21:13:25 +0100
From: Daniel Wagner <[email protected]>
Subject: [PATCH 1/2] wireguard: Regular reresolve endpoint address
To: [email protected]
Cc: Daniel Wagner <[email protected]>
Message-ID: <[email protected]>
In case the WireGuard endpoint is hosted on a dynamic IP address, the
endpoint might change during runtime. Reresolve the endpoint on a
regular basis and update the WireGuard device when it IP address has
changed.
Reported by Christian Hewitt
---
vpn/plugins/wireguard.c | 87 +++++++++++++++++++++++++++++++++++++----
1 file changed, 80 insertions(+), 7 deletions(-)
diff --git a/vpn/plugins/wireguard.c b/vpn/plugins/wireguard.c
index de2dbda3878e..536adbf15b6d 100644
--- a/vpn/plugins/wireguard.c
+++ b/vpn/plugins/wireguard.c
@@ -49,6 +49,16 @@
#include "vpn.h"
#include "wireguard.h"
+#define DNS_RERESOLVE_TIMEOUT 20
+
+struct wireguard_info {
+ struct wg_device device;
+ struct wg_peer peer;
+ char *endpoint_fqdn;
+ char *port;
+ int reresolve_id;
+};
+
static int parse_key(const char *str, wg_key key)
{
unsigned char *buf;
@@ -116,7 +126,7 @@ static int parse_allowed_ips(const char *allowed_ips,
wg_peer *peer)
return 0;
}
-static int parse_endpoint(const char *host, const char *port, wg_peer *peer)
+static int parse_endpoint(const char *host, const char *port, struct sockaddr
*addr)
{
struct addrinfo hints;
struct addrinfo *result, *rp;
@@ -151,7 +161,7 @@ static int parse_endpoint(const char *host, const char
*port, wg_peer *peer)
return -EINVAL;
}
- memcpy(&peer->endpoint.addr, rp->ai_addr, rp->ai_addrlen);
+ memcpy(addr, rp->ai_addr, rp->ai_addrlen);
freeaddrinfo(result);
return 0;
@@ -236,10 +246,59 @@ static char *get_ifname(void)
return NULL;
}
-struct wireguard_info {
- struct wg_device device;
- struct wg_peer peer;
-};
+static bool sockaddr_cmp_addr(struct sockaddr *a, struct sockaddr *b)
+{
+ if (a->sa_family != b->sa_family)
+ return false;
+
+ if (a->sa_family == AF_INET) {
+ struct sockaddr_in *a4 = (struct sockaddr_in *)a;
+ struct sockaddr_in *b4 = (struct sockaddr_in *)b;
+
+ return !memcmp(a4, b4, sizeof(struct sockaddr_in));
+ } else if (a->sa_family == AF_INET6) {
+ struct sockaddr_in6 *a6 = (struct sockaddr_in6 *)a;
+ struct sockaddr_in6 *b6 = (struct sockaddr_in6 *)b;
+
+ return !memcmp(a6->sin6_addr.s6_addr,
+ b6->sin6_addr.s6_addr,
+ sizeof(a6->sin6_addr.s6_addr));
+ }
+
+ return false;
+}
+
+static gboolean wg_dns_reresolve_cb(gpointer user_data)
+{
+ struct wireguard_info *info = user_data;
+ int err;
+ struct sockaddr addr;
+
+ DBG("");
+
+ err = parse_endpoint(info->endpoint_fqdn,
+ info->port, &addr);
+ if (err)
+ return TRUE;
+
+ if (sockaddr_cmp_addr(&addr, &info->peer.endpoint.addr))
+ return TRUE;
+
+ if (addr.sa_family == AF_INET)
+ memcpy(&info->peer.endpoint.addr, &addr,
+ sizeof(info->peer.endpoint.addr4));
+ else
+ memcpy(&info->peer.endpoint.addr, &addr,
+ sizeof(info->peer.endpoint.addr6));
+
+ DBG("Endpoint address has changed, udpate WireGuard device");
+ err = wg_set_device(&info->device);
+ if (err)
+ DBG("Failed to update Endpoint address for WireGuard device %s",
+ info->device.name);
+
+ return TRUE;
+}
static int wg_connect(struct vpn_provider *provider,
struct connman_task *task, const char *if_name,
@@ -323,10 +382,13 @@ static int wg_connect(struct vpn_provider *provider,
option = "51820";
gateway = vpn_provider_get_string(provider, "Host");
- err = parse_endpoint(gateway, option, &info->peer);
+ err = parse_endpoint(gateway, option, &info->peer.endpoint.addr);
if (err)
goto done;
+ info->endpoint_fqdn = g_strdup(gateway);
+ info->port = g_strdup(option);
+
option = vpn_provider_get_string(provider, "WireGuard.Address");
if (!option) {
DBG("Missing WireGuard.Address configuration");
@@ -367,6 +429,11 @@ static int wg_connect(struct vpn_provider *provider,
connman_ipaddress_free(ipaddress);
+ if (!err)
+ info->reresolve_id =
+ g_timeout_add_seconds(DNS_RERESOLVE_TIMEOUT,
+ wg_dns_reresolve_cb, info);
+
return err;
}
@@ -377,10 +444,16 @@ static void wg_disconnect(struct vpn_provider *provider)
info = vpn_provider_get_plugin_data(provider);
if (!info)
return;
+
+ if (info->reresolve_id > 0)
+ g_source_remove(info->reresolve_id);
+
vpn_provider_set_plugin_data(provider, NULL);
wg_del_device(info->device.name);
+ g_free(info->endpoint_fqdn);
+ g_free(info->port);
g_free(info);
}
--
2.25.1
------------------------------
Date: Sun, 22 Mar 2020 21:13:26 +0100
From: Daniel Wagner <[email protected]>
Subject: [PATCH 2/2] vpn: Make domain parameter optional
To: [email protected]
Cc: Daniel Wagner <[email protected]>
Message-ID: <[email protected]>
There is no technical requirement to provide the domain name. Thus,
make the domain paremeter optional.
Reported by Christian Hewitt
---
doc/vpn-config-format.txt | 2 +-
vpn/vpn-config.c | 2 +-
vpn/vpn-provider.c | 11 ++++++-----
3 files changed, 8 insertions(+), 7 deletions(-)
diff --git a/doc/vpn-config-format.txt b/doc/vpn-config-format.txt
index 91e2a63653b3..f2adf299128b 100644
--- a/doc/vpn-config-format.txt
+++ b/doc/vpn-config-format.txt
@@ -38,7 +38,7 @@ Replace * with an identifier unique to the config file.
VPN related parameters (M = mandatory, O = optional):
- Name: A user defined name for the VPN (M)
- Host: VPN server IP address (M)
-- Domain: Domain name for the VPN service (M)
+- Domain: Domain name for the VPN service (O)
- Networks: The networks behind the VPN link can be defined here. This can
be missing if all traffic should go via VPN tunnel. If there are more
than one network, then separate them by comma. Format of the entry
diff --git a/vpn/vpn-config.c b/vpn/vpn-config.c
index f56e51ee463a..34a1144d0e03 100644
--- a/vpn/vpn-config.c
+++ b/vpn/vpn-config.c
@@ -229,7 +229,7 @@ static int load_provider(GKeyFile *keyfile, const char
*group,
host = get_string(config_provider, "Host");
domain = get_string(config_provider, "Domain");
- if (host && domain) {
+ if (host) {
char *id = __vpn_provider_create_identifier(host, domain);
struct vpn_provider *provider;
diff --git a/vpn/vpn-provider.c b/vpn/vpn-provider.c
index 5ce932872bbb..bf20ed6e23a1 100644
--- a/vpn/vpn-provider.c
+++ b/vpn/vpn-provider.c
@@ -2166,9 +2166,10 @@ char *__vpn_provider_create_identifier(const char *host,
const char *domain)
{
char *ident;
- ident = g_strdup_printf("%s_%s", host, domain);
- if (!ident)
- return NULL;
+ if (domain)
+ ident = g_strdup_printf("%s_%s", host, domain);
+ else
+ ident = g_strdup_printf("%s", host);
provider_dbus_ident(ident);
@@ -2219,7 +2220,7 @@ int __vpn_provider_create(DBusMessage *msg)
dbus_message_iter_next(&array);
}
- if (!host || !domain)
+ if (!host)
return -EINVAL;
DBG("Type %s name %s networks %p", type, name, networks);
@@ -2404,7 +2405,7 @@ int __vpn_provider_create_from_config(GHashTable
*settings,
networks_str = get_string(settings, "Networks");
networks = parse_user_networks(networks_str);
- if (!host || !domain) {
+ if (!host) {
err = -EINVAL;
goto fail;
}
--
2.25.1
------------------------------
Subject: Digest Footer
_______________________________________________
connman mailing list -- [email protected]
To unsubscribe send an email to [email protected]
------------------------------
End of connman Digest, Vol 53, Issue 18
***************************************
