Send connman mailing list submissions to
[email protected]
To subscribe or unsubscribe via email, send a message with subject or
body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of connman digest..."
Today's Topics:
1. Re: [PATCH 01/11] vpn: Return transport ident with get_property()
(Daniel Wagner)
2. Re: [PATCH 02/11] provider: Add function to get transport ident from VPN
(Daniel Wagner)
3. Re: [PATCH 03/11] service: Sort VPNs using the transport service if
connected
(Daniel Wagner)
4. Re: [PATCH 04/11] ipconfig: Refactor /proc value get/set to separate
functions
(Daniel Wagner)
5. Re: [PATCH 05/11] ipconfig: Add forced disabling of IPv6 and support IPv6
method restore
(Daniel Wagner)
6. Re: [PATCH 06/11] network: Adopt to new IPv6 disabled functionality of
ipconfig.c
(Daniel Wagner)
7. Re: [PATCH 08/11] provider: Toggle IPv6 on the transport of IPv4 VPN
connection
(Daniel Wagner)
8. [PATCH 2/2] wireguard: Copy interfance names obeying lengths rules
(Daniel Wagner)
9. [PATCH 1/2] ethernet: Copy interfance names obeying lengths rules
(Daniel Wagner)
10. Re: [PATCH 1/2] ethernet: Copy interfance names obeying
lengths rules (Daniel Wagner)
----------------------------------------------------------------------
Date: Mon, 5 Apr 2021 16:03:17 +0200
From: Daniel Wagner <[email protected]>
Subject: Re: [PATCH 01/11] vpn: Return transport ident with
get_property()
To: Jussi Laakkonen <[email protected]>
Cc: [email protected]
Message-ID: <[email protected]>
Content-Type: text/plain; charset=us-ascii
On Thu, Apr 01, 2021 at 05:46:08PM +0300, Jussi Laakkonen wrote:
> Return the service_ident with "Transport" keyword given to
> get_property(). Plugin tracks the transport and this is can be used
> elsewhere as well.
>
> It is important to free the service_ident after notifying provider about
> state change as the service_ident is used for IPv6 checks when disconnecting.
Patch applied. Thanks!
------------------------------
Date: Mon, 5 Apr 2021 16:04:51 +0200
From: Daniel Wagner <[email protected]>
Subject: Re: [PATCH 02/11] provider: Add function to get transport
ident from VPN
To: Jussi Laakkonen <[email protected]>
Cc: [email protected]
Message-ID: <[email protected]>
Content-Type: text/plain; charset=us-ascii
On Thu, Apr 01, 2021 at 05:46:09PM +0300, Jussi Laakkonen wrote:
> Get the ident of the transport of the VPN. Use get_property() callback
> with "Transport" to get the value.
Patch applied. Only a small nitpick which I fixed during committing. Thanks!
> +const char * __connman_provider_get_transport_ident(
> + struct connman_provider *provider)
> +{
> + if (!provider)
> + return NULL;
> +
> + if (provider->driver && provider->driver->get_property)
> + return provider->driver->get_property(provider, "Transport");
I've merged the two ifs together.
------------------------------
Date: Mon, 5 Apr 2021 16:05:09 +0200
From: Daniel Wagner <[email protected]>
Subject: Re: [PATCH 03/11] service: Sort VPNs using the transport
service if connected
To: Jussi Laakkonen <[email protected]>
Cc: [email protected]
Message-ID: <[email protected]>
Content-Type: text/plain; charset=us-ascii
On Thu, Apr 01, 2021 at 05:46:10PM +0300, Jussi Laakkonen wrote:
> Use the transport to verify the order of the connected VPN services. If
> there is a transport service in use that ranks lower than an another
> service it means that the order must be changed based on comparing the
> transport and the service instead of comparing VPN and the service. This
> is because the higher ranking service should then become the transport
> of the VPN.
>
> This ensures that when the list is sorted the transport check in
> plugins/vpn.c will make VPN to switch to the new transport that is
> enabled to be the default. Use of the service ident from hash table for
> searching is used because the index cannot be retrieved from the list
> while sorting the list.
Patch applied. Thanks.
------------------------------
Date: Mon, 5 Apr 2021 16:05:26 +0200
From: Daniel Wagner <[email protected]>
Subject: Re: [PATCH 04/11] ipconfig: Refactor /proc value get/set to
separate functions
To: Jussi Laakkonen <[email protected]>
Cc: [email protected]
Message-ID: <[email protected]>
Content-Type: text/plain; charset=us-ascii
On Thu, Apr 01, 2021 at 05:46:11PM +0300, Jussi Laakkonen wrote:
> Refactor getting and setting the proc conf values, have read and write
> in their own respective general functions. If write/read is issued
> without interface name (NULL) then "all" section is used to follow the
> old behavior.
Patch applied. Thanks!
------------------------------
Date: Mon, 5 Apr 2021 16:17:26 +0200
From: Daniel Wagner <[email protected]>
Subject: Re: [PATCH 05/11] ipconfig: Add forced disabling of IPv6 and
support IPv6 method restore
To: Jussi Laakkonen <[email protected]>
Cc: [email protected]
Message-ID: <[email protected]>
Content-Type: text/plain; charset=us-ascii
On Thu, Apr 01, 2021 at 05:46:12PM +0300, Jussi Laakkonen wrote:
> Support complete disabling of IPv6 on both system and interface levels.
> Disabling of IPv6 completely albeit temporarily is required when there
> can be multiple connected technologies and a VPN is connected over IPv4
> using an dual-stack transport and/or there is another technology with
> dual-stack or only IPv6 in use. This approach effectively ensures that
> no data from an IPv4 VPN leaks to any other interface. A DNS server
> returning replies to AAAA requests may return an IPv6 address, which
> could be then used over IPv6 routing on another technolology that is not
> acting as the transport of the VPN.
>
> Add getter and setter for the internal IPv6 status. When enabling check
> the status with connman_inet_is_ipv6_supported(). It is not the
> intention to disable IPv6 system-wide since there may be interfaces that
> should not be managed by ConnMan and are handled for other OS needs
> where IPv6 is required, e.g., VoLTE may be one of them.
>
> Add a "ipv6_force_disabled" toggle to indicate that the particular
> device tied to ipconfig should not have IPv6 enabled. This toggle is to
> be used in scenarios where IPv6 should be prevented from reinstating
> unless forcefully enabled. Added separate setter and getter functions
> for the value (__connman_ipconfig_ipv6_{set,get}_force_disabled()).
>
> When checking IPv6 enabled state return false if ipv6_force_disabled is
> set as that is the real status of IPv6. The /proc disable_ipv6 can
> change when kernel processes ICMPv6 (RA/RS) packets and brings the IPv6
> interface up so using only the disable_ipv6 value is not consistent
> enough in case when IPv6 has been forcefully disabled.
I am struggling understanding this paragraph. The first sentence is a
bit hard to grasp.
> This change will prevent from changing the IPv6 status until it has
> it has been forcefully enabled, until that -EOPNOSUPP is returned.
> The most prominent use case for this is to prevent data as well as DNS
> leak to IPv6 when IPv4 only VPN is connected over a transport supporting
> both IPv4 and IPv6 connectivity.
>
> In addition to changing disable_ipv6 value also the autoconf option is
> managed.
Just as side note, ConnMan should drop using autoconf in future but this
is for later.
Patch looks good. I'll test it.
------------------------------
Date: Mon, 5 Apr 2021 16:20:20 +0200
From: Daniel Wagner <[email protected]>
Subject: Re: [PATCH 06/11] network: Adopt to new IPv6 disabled
functionality of ipconfig.c
To: Jussi Laakkonen <[email protected]>
Cc: [email protected]
Message-ID: <[email protected]>
Content-Type: text/plain; charset=us-ascii
On Thu, Apr 01, 2021 at 05:46:13PM +0300, Jussi Laakkonen wrote:
> @@ -898,7 +900,8 @@ static void autoconf_ipv6_set(struct connman_network
> *network)
>
> __connman_ipconfig_enable(ipconfig);
>
> - __connman_ipconfig_enable_ipv6(ipconfig);
> + if (__connman_ipconfig_enable_ipv6(ipconfig))
> + return;
Maybe we should disable the ipconfig if this fails?
------------------------------
Date: Mon, 5 Apr 2021 16:40:26 +0200
From: Daniel Wagner <[email protected]>
Subject: Re: [PATCH 08/11] provider: Toggle IPv6 on the transport of
IPv4 VPN connection
To: Jussi Laakkonen <[email protected]>
Cc: [email protected]
Message-ID: <[email protected]>
Content-Type: text/plain; charset=us-ascii
On Thu, Apr 01, 2021 at 05:46:15PM +0300, Jussi Laakkonen wrote:
> static int provider_indicate_state(struct connman_provider *provider,
> enum connman_service_state state)
> {
> + int err;
> +
> DBG("state %d", state);
>
> + switch (state) {
> + case CONNMAN_SERVICE_STATE_UNKNOWN:
> + case CONNMAN_SERVICE_STATE_IDLE:
> + case CONNMAN_SERVICE_STATE_ASSOCIATION:
> + case CONNMAN_SERVICE_STATE_CONFIGURATION:
> + break;
> + case CONNMAN_SERVICE_STATE_READY:
> + case CONNMAN_SERVICE_STATE_ONLINE:
> + if (provider->family != AF_INET)
> + break;
> +
> + err = __connman_provider_set_ipv6_for_connected(provider,
> + false);
> + if (err && err != -EALREADY)
> + DBG("cannot disable IPv6 on provider %p transport",
> + provider);
> + break;
This disables IPv6 for all VPN tunnels not just for pure IPv4 VPNs. I
think you need to check the ipconfig if IPv6 should be disabled. I have
actually an IPv4/IPv6 VPN service to test ;)
------------------------------
Date: Mon, 5 Apr 2021 17:29:43 +0200
From: Daniel Wagner <[email protected]>
Subject: [PATCH 2/2] wireguard: Copy interfance names obeying lengths
rules
To: [email protected]
Cc: Daniel Wagner <[email protected]>
Message-ID: <[email protected]>
Content-Type: text/plain; charset=UTF-8
gcc points out the destination buffer has the same size the specified
bound for the string.
warning: ‘__builtin_strncpy’ specified bound 16 equals destination size
[-Wstringop-truncation]
Let's make sure we do not overflow the buffer (should not happen as
the names are provide by the kernel and hence should fit).
---
vpn/plugins/wireguard.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/vpn/plugins/wireguard.c b/vpn/plugins/wireguard.c
index 0a86acd04a0e..03658943d8b1 100644
--- a/vpn/plugins/wireguard.c
+++ b/vpn/plugins/wireguard.c
@@ -409,7 +409,7 @@ static int wg_connect(struct vpn_provider *provider,
err = -ENOENT;
goto done;
}
- stpncpy(info->device.name, ifname, sizeof(info->device.name));
+ stpncpy(info->device.name, ifname, sizeof(info->device.name) - 1);
g_free(ifname);
err = wg_add_device(info->device.name);
--
2.30.2
------------------------------
Date: Mon, 5 Apr 2021 17:29:42 +0200
From: Daniel Wagner <[email protected]>
Subject: [PATCH 1/2] ethernet: Copy interfance names obeying lengths
rules
To: [email protected]
Cc: Daniel Wagner <[email protected]>
Message-ID: <[email protected]>
Content-Type: text/plain; charset=UTF-8
gcc points out the destination buffer has the same size the specified
bound for the string:
warning: ‘__builtin_stpncpy’ specified bound 16 equals destination size
[-Wstringop-truncation]
Let's make sure we do not overflow the buffer (should not happen as
the names are provide by the kernel and hence should fit).
---
plugins/ethernet.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/plugins/ethernet.c b/plugins/ethernet.c
index ed4208ad7ec2..6146b1c07c65 100644
--- a/plugins/ethernet.c
+++ b/plugins/ethernet.c
@@ -73,7 +73,7 @@ static int get_vlan_vid(const char *ifname)
return -errno;
vifr.cmd = GET_VLAN_VID_CMD;
- stpncpy(vifr.device1, ifname, sizeof(vifr.device1));
+ stpncpy(vifr.device1, ifname, sizeof(vifr.device1) - 1);
if(ioctl(sk, SIOCSIFVLAN, &vifr) >= 0)
vid = vifr.u.VID;
@@ -99,14 +99,16 @@ static int get_dsa_port(const char *ifname)
return -errno;
memset(&ifr, 0, sizeof(ifr));
- stpncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
+ stpncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name) - 1);
/* check if it is a vlan and get physical interface name*/
vifr.cmd = GET_VLAN_REALDEV_NAME_CMD;
- stpncpy(vifr.device1, ifname, sizeof(vifr.device1));
+ stpncpy(vifr.device1, ifname, sizeof(vifr.device1) - 1);
- if(ioctl(sk, SIOCSIFVLAN, &vifr) >= 0)
- stpncpy(ifr.ifr_name, vifr.u.device2, sizeof(ifr.ifr_name));
+ if(ioctl(sk, SIOCSIFVLAN, &vifr) >= 0) {
+ stpncpy(ifr.ifr_name, vifr.u.device2, sizeof(ifr.ifr_name) - 1);
+ ifr.ifr_name[sizeof(ifr.ifr_name) - 1] = '\0';
+ }
/* get driver info */
drvinfocmd.cmd = ETHTOOL_GDRVINFO;
--
2.30.2
------------------------------
Date: Mon, 5 Apr 2021 17:32:30 +0200
From: Daniel Wagner <[email protected]>
Subject: Re: [PATCH 1/2] ethernet: Copy interfance names obeying
lengths rules
To: [email protected]
Message-ID: <[email protected]>
Content-Type: text/plain; charset=utf-8
On Mon, Apr 05, 2021 at 05:29:42PM +0200, Daniel Wagner wrote:
> gcc points out the destination buffer has the same size the specified
> bound for the string:
>
> warning: ‘__builtin_stpncpy’ specified bound 16 equals destination size
> [-Wstringop-truncation]
>
> Let's make sure we do not overflow the buffer (should not happen as
> the names are provide by the kernel and hence should fit).
Patch applied
------------------------------
Subject: Digest Footer
_______________________________________________
connman mailing list -- [email protected]
To unsubscribe send an email to [email protected]
------------------------------
End of connman Digest, Vol 66, Issue 3
**************************************
