Re: [PATCH 2/3] systemd: Use environment file for connmand debug options
On Wed, Mar 13, 2013 at 9:36 AM, Marcel Holtmann wrote: >> src/connman.service.in | 3 ++- >> 1 file changed, 2 insertions(+), 1 deletion(-) >> >> diff --git a/src/connman.service.in b/src/connman.service.in >> index 2e9e4d5..fa57d4e 100644 >> --- a/src/connman.service.in >> +++ b/src/connman.service.in >> @@ -6,7 +6,8 @@ After=syslog.target >> Type=dbus >> BusName=net.connman >> Restart=on-failure >> -ExecStart=@prefix@/sbin/connmand -n >> +EnvironmentFile=-@sysconfdir@/connman/connmand.env >> +ExecStart=@prefix@/sbin/connmand -n $DEBUG >> StandardOutput=null > > if we want to do that, then using a directory or blob file support is better. > > I still question why this is a better approach then manually adding the > service file. Since you still need to restart the daemon. > > In general we want to be able to enable/disable debug messages at runtime. > That is where I want this to go. Same as the kernel allows to enable/disable > dynamic debug at runtime. Something like `connmanctl debug [bool]` ? Auke ___ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman
Re: [PATCH 2/3] systemd: Use environment file for connmand debug options
Hi Jukka, > src/connman.service.in | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/src/connman.service.in b/src/connman.service.in > index 2e9e4d5..fa57d4e 100644 > --- a/src/connman.service.in > +++ b/src/connman.service.in > @@ -6,7 +6,8 @@ After=syslog.target > Type=dbus > BusName=net.connman > Restart=on-failure > -ExecStart=@prefix@/sbin/connmand -n > +EnvironmentFile=-@sysconfdir@/connman/connmand.env > +ExecStart=@prefix@/sbin/connmand -n $DEBUG > StandardOutput=null if we want to do that, then using a directory or blob file support is better. I still question why this is a better approach then manually adding the service file. Since you still need to restart the daemon. In general we want to be able to enable/disable debug messages at runtime. That is where I want this to go. Same as the kernel allows to enable/disable dynamic debug at runtime. Regards Marcel ___ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman
Re: [PATCH 0/5] Add current git HEAD commit id to version prints
Hi Jukka, > there was someone in irc/ml missing information about what is > the git HEAD commit id of the connman sources when the binary was > built. I have been also missing this information lately so decided > to generate this piece of data. > > Cheers, > Jukka > > > Jukka Rissanen (5): > build: Script to generate current git HEAD commit id > gitignore: Ignore the generated include/connman-git-commit.h > build: Try to create include/connman-git-commit.h file > log: Print current git HEAD commit id when log is initialized > main: Print git HEAD commit id if known in -v option > > .gitignore | 1 + > Makefile.am| 13 ++--- > configure.ac | 3 ++- > src/gen-git-commit | 32 > src/log.c | 7 ++- > src/main.c | 6 +- > 6 files changed, 56 insertions(+), 6 deletions(-) > create mode 100755 src/gen-git-commit frankly, I do not like this approach at all. You are hacking this into the source code. That is not a good idea. If you want to do this, then VERSION should be set with the git commit id. This is a build system only issue. It has nothing to do with the source code of the daemon. Regards Marcel ___ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman
[PATCH v0 10/10] test-iptables: Add firewall API tests
From: Daniel Wagner
---
Makefile.am | 2 +-
tools/iptables-unit.c | 95 +++
2 files changed, 90 insertions(+), 7 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index 4c99ff5..78b1b33 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -312,7 +312,7 @@ tools_session_test_LDADD = @GLIB_LIBS@ @DBUS_LIBS@ -ldl
tools_iptables_unit_CFLAGS = @DBUS_CFLAGS@ @GLIB_CFLAGS@ @XTABLES_CFLAGS@ \
-DIPTABLES_SAVE=\""${IPTABLES_SAVE}"\"
tools_iptables_unit_SOURCES = $(gdbus_sources) src/log.c \
-src/iptables.c src/nat.c tools/iptables-unit.c
+src/iptables.c src/firewall.c src/nat.c tools/iptables-unit.c
tools_iptables_unit_LDADD = @GLIB_LIBS@ @DBUS_LIBS@ @XTABLES_LIBS@ -ldl
endif
diff --git a/tools/iptables-unit.c b/tools/iptables-unit.c
index 14f58ad..3af6374 100644
--- a/tools/iptables-unit.c
+++ b/tools/iptables-unit.c
@@ -33,6 +33,7 @@ static connman_bool_t assert_rule(const char *table_name,
const char *rule)
{
char *cmd, *output, **lines;
GError **error = NULL;
+ connman_bool_t found = FALSE;
int i;
cmd = g_strdup_printf(IPTABLES_SAVE " -t %s", table_name);
@@ -43,16 +44,14 @@ static connman_bool_t assert_rule(const char *table_name,
const char *rule)
g_free(output);
for (i = 0; lines[i] != NULL; i++) {
- DBG("lines[%02d]: %s\n", i, lines[i]);
+ DBG("%s\n", lines[i]);
+
if (g_strcmp0(lines[i], rule) == 0)
- break;
+ found = TRUE;
}
g_strfreev(lines);
- if (lines[i] == NULL)
- return FALSE;
-
- return TRUE;
+ return found;
}
static void assert_rule_exists(const char *table_name, const char *rule)
@@ -406,6 +405,85 @@ static void test_nat_basic1(void)
g_free(service);
}
+static void test_firewall_basic0(void)
+{
+ struct firewall_context *ctx;
+ int err;
+
+ ctx = __connman_firewall_create();
+ g_assert(ctx != NULL);
+
+ err = __connman_firewall_add_rule(ctx, "filter", "INPUT",
+ "-m mark --mark 999 -j LOG");
+ g_assert(err == 0);
+
+ err = __connman_firewall_enable(ctx);
+ g_assert(err == 0);
+
+ assert_rule_exists("filter", ":connman-INPUT - [0:0]");
+ assert_rule_exists("filter", "-A INPUT -j connman-INPUT");
+ assert_rule_exists("filter", "-A connman-INPUT -m mark --mark 0x3e7 -j
LOG");
+
+ err = __connman_firewall_disable(ctx);
+ g_assert(err == 0);
+
+ assert_rule_not_exists("filter", ":connman-INPUT - [0:0]");
+ assert_rule_not_exists("filter", "-A INPUT -j connman-INPUT");
+ assert_rule_not_exists("filter", "-A connman-INPUT -m mark --mark 0x3e7
-j LOG");
+
+ __connman_firewall_destroy(ctx);
+}
+
+static void test_firewall_basic1(void)
+{
+ struct firewall_context *ctx;
+ int err;
+
+ ctx = __connman_firewall_create();
+ g_assert(ctx != NULL);
+
+ err = __connman_firewall_add_rule(ctx, "filter", "INPUT",
+ "-m mark --mark 999 -j LOG");
+ g_assert(err == 0);
+
+ err = __connman_firewall_add_rule(ctx, "filter", "OUTPUT",
+ "-m mark --mark 999 -j LOG");
+ g_assert(err == 0);
+
+ err = __connman_firewall_enable(ctx);
+ g_assert(err == 0);
+
+ err = __connman_firewall_disable(ctx);
+ g_assert(err == 0);
+
+ __connman_firewall_destroy(ctx);
+}
+
+static void test_firewall_basic2(void)
+{
+ struct firewall_context *ctx;
+ int err;
+
+ ctx = __connman_firewall_create();
+ g_assert(ctx != NULL);
+
+ err = __connman_firewall_add_rule(ctx, "mangle", "INPUT",
+ "-j CONNMARK --restore-mark");
+ g_assert(err == 0);
+
+ err = __connman_firewall_add_rule(ctx, "mangle", "POSTROUTING",
+ "-j CONNMARK --save-mark");
+ g_assert(err == 0);
+
+ err = __connman_firewall_enable(ctx);
+ g_assert(err == 0);
+
+ err = __connman_firewall_disable(ctx);
+ g_assert(err == 0);
+
+ __connman_firewall_destroy(ctx);
+}
+
static gchar *option_debug = NULL;
static gboolean parse_debug(const char *key, const char *value,
@@ -452,6 +530,7 @@ int main(int argc, char *argv[])
"Unit Tests Connection Manager", VERSION);
__connman_iptables_init();
+ __connman_firewall_init();
__connman_nat_init();
g_test_add_func("/iptables/chain0", test_iptables_chain0);
@@ -464,10 +543,14 @@ int main(int argc, char *argv[])
g_test_add_func("/iptables/target0", test_iptables_target0);
g_test_add_func("/nat/basic0", test_nat_basic0);
g_test_add_func("/nat/basic1", test_nat_basic1);
+ g_test_add_func("/firewall/basic0
[PATCH v0 09/10] firewall: Maintain iptables rules in dedicated ConnMan chains
From: Daniel Wagner
Instead appending ConnMan iptables rules into the builtin chains
we append them into chains managed by ConnMan.
If a rule needs to be inserted into a bultin chain, ConnMan
will create a 'connman-' prefixed builtin chain name and appends
the user rules there. Then ConnMan will insert a unconditional jump
rule in the builtin chain.
Basically,
iptables -t filter -A INPUT -m mark --mark 1 -j LOG
will be translated to this:
iptables -t filter -N connman-INPUT
iptables -t filter -A connman-INPUT -m mark --mark 1 -j LOG
iptables -t filter -I INPUT -j connman-INPUT
When the last rule in a managed chain is removed, the managed
chain will also be removed.
---
src/firewall.c | 180 +++--
1 file changed, 174 insertions(+), 6 deletions(-)
diff --git a/src/firewall.c b/src/firewall.c
index 76c97a6..9dbef7f 100644
--- a/src/firewall.c
+++ b/src/firewall.c
@@ -23,6 +23,8 @@
#include
#endif
+#include
+
#include
#include
@@ -38,6 +40,11 @@ static const char *builtin_chains[] = {
[NF_IP_POST_ROUTING]= "POSTROUTING",
};
+struct connman_managed_table {
+ char *name;
+ unsigned int chains[NF_INET_NUMHOOKS];
+};
+
struct fw_rule {
char *table;
char *chain;
@@ -48,6 +55,8 @@ struct firewall_context {
GList *rules;
};
+static GSList *managed_tables;
+
static int chain_to_index(const char *chain_name)
{
if (!g_strcmp0(builtin_chains[NF_IP_PRE_ROUTING], chain_name))
@@ -72,6 +81,165 @@ static int managed_chain_to_index(const char *chain_name)
return chain_to_index(chain_name + strlen(CHAIN_PREFIX));
}
+static int insert_managed_chain(const char *table_name, int id)
+{
+ char *rule, *managed_chain;
+ int err;
+
+ managed_chain = g_strdup_printf("%s%s", CHAIN_PREFIX,
+ builtin_chains[id]);
+
+ err = __connman_iptables_new_chain(table_name, managed_chain);
+ if (err < 0)
+ goto out;
+
+ rule = g_strdup_printf("-j %s", managed_chain);
+ err = __connman_iptables_insert(table_name, builtin_chains[id], rule);
+ g_free(rule);
+ if (err < 0) {
+ __connman_iptables_delete_chain(table_name, managed_chain);
+ goto out;
+ }
+
+out:
+ g_free(managed_chain);
+
+ return err;
+}
+
+static int delete_managed_chain(const char *table_name, int id)
+{
+ char *rule, *managed_chain;
+ int err;
+
+ managed_chain = g_strdup_printf("%s%s", CHAIN_PREFIX,
+ builtin_chains[id]);
+
+ rule = g_strdup_printf("-j %s", managed_chain);
+ err = __connman_iptables_delete(table_name, builtin_chains[id], rule);
+ g_free(rule);
+
+ if (err < 0)
+ goto out;
+
+ err = __connman_iptables_delete_chain(table_name, managed_chain);
+
+out:
+ g_free(managed_chain);
+
+ return err;
+}
+
+static int insert_managed_rule(const char *table_name,
+ const char *chain_name,
+ const char *rule_spec)
+{
+ struct connman_managed_table *mtable = NULL;
+ GSList *list;
+ char *chain;
+ int id, err;
+
+ id = chain_to_index(chain_name);
+ if (id < 0) {
+ /* This chain is not managed */
+ chain = g_strdup(chain_name);
+ goto out;
+ }
+
+ for (list = managed_tables; list != NULL; list = list->next) {
+ mtable = list->data;
+
+ if (g_strcmp0(mtable->name, table_name) == 0)
+ break;
+
+ mtable = NULL;
+ }
+
+ if (mtable == NULL) {
+ mtable = g_new0(struct connman_managed_table, 1);
+ mtable->name = g_strdup(table_name);
+
+ managed_tables = g_slist_prepend(managed_tables, mtable);
+ }
+
+ if (mtable->chains[id] == 0) {
+ DBG("table %s add managed chain for %s",
+ table_name, chain_name);
+
+ err = insert_managed_chain(table_name, id);
+ if (err < 0)
+ return err;
+ }
+
+ mtable->chains[id]++;
+ chain = g_strdup_printf("%s%s", CHAIN_PREFIX, chain_name);
+
+out:
+ err = __connman_iptables_append(table_name, chain, rule_spec);
+
+ g_free(chain);
+
+ return err;
+ }
+
+static int delete_managed_rule(const char *table_name,
+ const char *chain_name,
+ const char *rule_spec)
+ {
+ struct connman_managed_table *mtable = NULL;
+ GSList *list;
+ int id, err;
+ char *managed_chain;
+
+ id = chain_to_index(chain_name);
+ if (id < 0) {
+ /* This chain is not managed */
+ return __connman_iptables_delete(table_name, chain_name,
+
[PATCH v0 07/10] firewall: Flush managed chains
From: Daniel Wagner
ConnMan maintains its own chain per builtin chain. The managed
chain have a prefix 'connman-' and one rule in the corresponding
builtin chain which jumps uncoditional to the managed chain.
In case ConnMan crashed we need to cleanup first.
---
src/firewall.c | 107 +
1 file changed, 107 insertions(+)
diff --git a/src/firewall.c b/src/firewall.c
index e8b7e20..47a5c9d 100644
--- a/src/firewall.c
+++ b/src/firewall.c
@@ -23,12 +23,119 @@
#include
#endif
+#include
+#include
+
#include "connman.h"
+#define CHAIN_PREFIX "connman-"
+
+static const char *builtin_chains[] = {
+ [NF_IP_PRE_ROUTING] = "PREROUTING",
+ [NF_IP_LOCAL_IN]= "INPUT",
+ [NF_IP_FORWARD] = "FORWARD",
+ [NF_IP_LOCAL_OUT] = "OUTPUT",
+ [NF_IP_POST_ROUTING]= "POSTROUTING",
+};
+
+static int chain_to_index(const char *chain_name)
+{
+ if (!g_strcmp0(builtin_chains[NF_IP_PRE_ROUTING], chain_name))
+ return NF_IP_PRE_ROUTING;
+ if (!g_strcmp0(builtin_chains[NF_IP_LOCAL_IN], chain_name))
+ return NF_IP_LOCAL_IN;
+ if (!g_strcmp0(builtin_chains[NF_IP_FORWARD], chain_name))
+ return NF_IP_FORWARD;
+ if (!g_strcmp0(builtin_chains[NF_IP_LOCAL_OUT], chain_name))
+ return NF_IP_LOCAL_OUT;
+ if (!g_strcmp0(builtin_chains[NF_IP_POST_ROUTING], chain_name))
+ return NF_IP_POST_ROUTING;
+
+ return -1;
+}
+
+static int managed_chain_to_index(const char *chain_name)
+{
+ if (g_str_has_prefix(chain_name, CHAIN_PREFIX) == FALSE)
+ return -1;
+
+ return chain_to_index(chain_name + strlen(CHAIN_PREFIX));
+}
+
+static void iterate_chains_cb(const char *chain_name, void *user_data)
+{
+ GSList **chains = user_data;
+ int id;
+
+ id = managed_chain_to_index(chain_name);
+ if (id < 0)
+ return;
+
+ *chains = g_slist_prepend(*chains, GINT_TO_POINTER(id));
+}
+
+static void flush_table(const char *table_name)
+{
+ GSList *chains = NULL, *list;
+ char *rule, *managed_chain;
+ int id, err;
+
+ __connman_iptables_iterate_chains(table_name, iterate_chains_cb,
+ &chains);
+
+ for (list = chains; list != NULL; list = list->next) {
+ id = GPOINTER_TO_INT(list->data);
+
+ managed_chain = g_strdup_printf("%s%s", CHAIN_PREFIX,
+ builtin_chains[id]);
+
+ rule = g_strdup_printf("-j %s", managed_chain);
+ err = __connman_iptables_delete(table_name,
+ builtin_chains[id], rule);
+ if (err < 0) {
+ connman_warn("Failed to delete jump rule '%s': %s",
+ rule, strerror(-err));
+ }
+ g_free(rule);
+
+ err = __connman_iptables_flush_chain(table_name, managed_chain);
+ if (err < 0) {
+ connman_warn("Failed to flush chain '%s': %s",
+ managed_chain, strerror(-err));
+ }
+ err = __connman_iptables_delete_chain(table_name,
managed_chain);
+ if (err < 0) {
+ connman_warn("Failed to delete chain '%s': %s",
+ managed_chain, strerror(-err));
+ }
+
+ g_free(managed_chain);
+ }
+
+ err = __connman_iptables_commit(table_name);
+ if (err < 0) {
+ connman_warn("Failed to flush table '%s': %s",
+ table_name, strerror(-err));
+ }
+
+ g_slist_free(chains);
+}
+
+static void flush_all_tables(void)
+{
+ /* Flush the tables ConnMan might have modified */
+
+ flush_table("filter");
+ flush_table("mangle");
+ flush_table("nat");
+}
+
int __connman_firewall_init(void)
{
DBG("");
+ flush_all_tables();
+
return 0;
}
--
1.8.2.rc3.16.gce432ca
___
connman mailing list
connman@connman.net
http://lists.connman.net/listinfo/connman
[PATCH v0 08/10] firewall: Add firewall API
From: Daniel Wagner
The main idea behind this API is to collect several iptables rules
together and enable or disable in one go.
For this a context is created via __connman_firewall_create() and
the rules added to this context via __connman_firewall_add_rule().
In order to append all rules __connman_firewall_enable() has
to be called. To remove all rules associated with one context
__connman_firewall_disable() has to be used.
If something goes awry the code tries to get back to the initial
state.
---
src/connman.h | 11 +
src/firewall.c | 128 +
2 files changed, 139 insertions(+)
diff --git a/src/connman.h b/src/connman.h
index e09c22e..d9f5c53 100644
--- a/src/connman.h
+++ b/src/connman.h
@@ -881,5 +881,16 @@ int __connman_nat_enable(const char *name, const char
*address,
void __connman_nat_disable(const char *name);
+struct firewall_context;
+
+struct firewall_context *__connman_firewall_create(void);
+void __connman_firewall_destroy(struct firewall_context *ctx);
+int __connman_firewall_add_rule(struct firewall_context *ctx,
+ const char *table,
+ const char *chain,
+ const char *rule_fmt, ...);
+int __connman_firewall_enable(struct firewall_context *ctx);
+int __connman_firewall_disable(struct firewall_context *ctx);
+
int __connman_firewall_init(void);
void __connman_firewall_cleanup(void);
diff --git a/src/firewall.c b/src/firewall.c
index 47a5c9d..76c97a6 100644
--- a/src/firewall.c
+++ b/src/firewall.c
@@ -38,6 +38,16 @@ static const char *builtin_chains[] = {
[NF_IP_POST_ROUTING]= "POSTROUTING",
};
+struct fw_rule {
+ char *table;
+ char *chain;
+ char *rule_spec;
+};
+
+struct firewall_context {
+ GList *rules;
+};
+
static int chain_to_index(const char *chain_name)
{
if (!g_strcmp0(builtin_chains[NF_IP_PRE_ROUTING], chain_name))
@@ -62,6 +72,124 @@ static int managed_chain_to_index(const char *chain_name)
return chain_to_index(chain_name + strlen(CHAIN_PREFIX));
}
+static void cleanup_fw_rule(gpointer user_data)
+{
+ struct fw_rule *rule = user_data;
+
+ g_free(rule->rule_spec);
+ g_free(rule->chain);
+ g_free(rule->table);
+ g_free(rule);
+}
+
+struct firewall_context *__connman_firewall_create(void)
+{
+ struct firewall_context *ctx;
+
+ ctx = g_new0(struct firewall_context, 1);
+
+ return ctx;
+}
+
+void __connman_firewall_destroy(struct firewall_context *ctx)
+{
+ g_list_free_full(ctx->rules, cleanup_fw_rule);
+ g_free(ctx);
+}
+
+int __connman_firewall_add_rule(struct firewall_context *ctx,
+ const char *table,
+ const char *chain,
+ const char *rule_fmt, ...)
+{
+ va_list args;
+ char *rule_spec;
+ struct fw_rule *rule;
+
+ va_start(args, rule_fmt);
+
+ rule_spec = g_strdup_vprintf(rule_fmt, args);
+
+ va_end(args);
+
+ rule = g_new0(struct fw_rule, 1);
+
+ rule->table = g_strdup(table);
+ rule->chain = g_strdup(chain);
+ rule->rule_spec = rule_spec;
+
+ ctx->rules = g_list_append(ctx->rules, rule);
+
+ return 0;
+}
+
+static int firewall_disable(GList *rules)
+{
+ struct fw_rule *rule;
+ GList *list;
+ int err;
+
+ for (list = rules; list != NULL; list = g_list_previous(list)) {
+ rule = list->data;
+
+ err = __connman_iptables_delete(rule->table,
+ rule->chain,
+ rule->rule_spec);
+ if (err < 0) {
+ connman_error("Cannot remove previously installed "
+ "iptables rules: %s", strerror(-err));
+ break;
+ }
+
+ err = __connman_iptables_commit(rule->table);
+ if (err < 0) {
+ connman_error("Cannot remove previously installed "
+ "iptables rules: %s", strerror(-err));
+ break;
+ }
+ }
+
+ return err;
+}
+
+int __connman_firewall_enable(struct firewall_context *ctx)
+{
+ struct fw_rule *rule;
+ GList *list;
+ int err;
+
+ for (list = g_list_first(ctx->rules); list != NULL;
+ list = g_list_next(list)) {
+ rule = list->data;
+
+ DBG("%s %s %s", rule->table, rule->chain, rule->rule_spec);
+
+ err = __connman_iptables_append(rule->table,
+ rule->chain,
+ rule->rule_spec);
+ if (err < 0)
+ goto err;
+
+ err = __connman_iptables_commit(rule->table);
+ if (err < 0)
+
[PATCH v0 05/10] iptables: Add chain iterator
From: Daniel Wagner
We will implement the ConnMan iptables specific part in a different
file and leave the iptables.c file as small as possible.
Therefore, we move the flushing part out, but we need a way to
find our chains on bootup (left over from a crash). Let's add an
interater which walks over all chains which allows a higher level
to find the chains it is looking for (e.g. connman-INPUT)
---
src/connman.h | 6 ++
src/iptables.c | 44 +---
2 files changed, 19 insertions(+), 31 deletions(-)
diff --git a/src/connman.h b/src/connman.h
index 8e26304..6b81477 100644
--- a/src/connman.h
+++ b/src/connman.h
@@ -810,6 +810,12 @@ int __connman_iptables_delete(const char *table_name,
const char *chain,
const char *rule_spec);
+typedef void (*connman_iptables_iterate_chains_cb_t) (const char *chain_name,
+ void *user_data);
+int __connman_iptables_iterate_chains(const char *table_name,
+ connman_iptables_iterate_chains_cb_t cb,
+ void *user_data);
+
int __connman_iptables_init(void);
void __connman_iptables_cleanup(void);
int __connman_iptables_commit(const char *table_name);
diff --git a/src/iptables.c b/src/iptables.c
index 017ba34..345617c 100644
--- a/src/iptables.c
+++ b/src/iptables.c
@@ -36,8 +36,6 @@
#include "connman.h"
-void flush_table(const char *name);
-
/*
* Some comments on how the iptables API works (some of them from the
* source code from iptables and the kernel):
@@ -2310,9 +2308,9 @@ static int flush_table_cb(struct ipt_entry *entry, int
builtin,
unsigned int hook, size_t size,
unsigned int offset, void *user_data)
{
- GSList **chains = user_data;
+ struct cb_data *cbd = user_data;
+ connman_iptables_iterate_chains_cb_t cb = cbd->cb;
struct xt_entry_target *target;
- char *name;
if (offset + entry->next_offset == size)
return 0;
@@ -2320,50 +2318,34 @@ static int flush_table_cb(struct ipt_entry *entry, int
builtin,
target = ipt_get_target(entry);
if (!g_strcmp0(target->u.user.name, IPT_ERROR_TARGET))
- name = g_strdup((const char*)target->data);
+ (*cb)((const char*)target->data, cbd->user_data);
else if (builtin >= 0)
- name = g_strdup(hooknames[builtin]);
- else
- return 0;
-
- *chains = g_slist_prepend(*chains, name);
+ (*cb)(hooknames[builtin], cbd->user_data);
return 0;
}
-void flush_table(const char *name)
+int __connman_iptables_iterate_chains(const char *table_name,
+ connman_iptables_iterate_chains_cb_t cb,
+ void *user_data)
{
- GSList *chains = NULL, *list;
+ struct cb_data *cbd = cb_data_new(cb, user_data);
struct connman_iptables *table;
- table = get_table(name);
+ table = get_table(table_name);
if (table == NULL)
- return;
+ return -EINVAL;
iterate_entries(table->blob_entries->entrytable,
table->info->valid_hooks,
table->info->hook_entry,
table->info->underflow,
table->blob_entries->size,
- flush_table_cb, &chains);
-
-
- /*
-* The offset update code is fragile and it works
-* only safe if we remove elements and move forwards
-* in the table.
-*/
- chains = g_slist_reverse(chains);
-
- for (list = chains; list != NULL; list = list->next) {
- char *chain = list->data;
+ flush_table_cb, cbd);
- DBG("chain %s", chain);
- iptables_flush_chain(table, chain);
- }
+ g_free(cbd);
- __connman_iptables_commit(name);
- g_slist_free_full(chains, g_free);
+ return 0;
}
int __connman_iptables_init(void)
--
1.8.2.rc3.16.gce432ca
___
connman mailing list
connman@connman.net
http://lists.connman.net/listinfo/connman
[PATCH v0 06/10] firewall: Add firewall file
From: Daniel Wagner
---
Makefile.am| 2 +-
src/connman.h | 4
src/firewall.c | 38 ++
src/main.c | 2 ++
4 files changed, 45 insertions(+), 1 deletion(-)
create mode 100644 src/firewall.c
diff --git a/Makefile.am b/Makefile.am
index d54c693..4c99ff5 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -97,7 +97,7 @@ src_connmand_SOURCES = $(gdbus_sources) $(gdhcp_sources)
$(gweb_sources) \
src/session.c src/tethering.c src/wpad.c src/wispr.c \
src/stats.c src/iptables.c src/dnsproxy.c src/6to4.c \
src/ippool.c src/bridge.c src/nat.c src/ipaddress.c \
- src/inotify.c
+ src/inotify.c src/firewall.c
src_connmand_LDADD = $(builtin_libadd) @GLIB_LIBS@ @DBUS_LIBS@ \
@XTABLES_LIBS@ @GNUTLS_LIBS@ -lresolv -ldl -lrt
diff --git a/src/connman.h b/src/connman.h
index 6b81477..e09c22e 100644
--- a/src/connman.h
+++ b/src/connman.h
@@ -879,3 +879,7 @@ void __connman_nat_cleanup(void);
int __connman_nat_enable(const char *name, const char *address,
unsigned char prefixlen);
void __connman_nat_disable(const char *name);
+
+
+int __connman_firewall_init(void);
+void __connman_firewall_cleanup(void);
diff --git a/src/firewall.c b/src/firewall.c
new file mode 100644
index 000..e8b7e20
--- /dev/null
+++ b/src/firewall.c
@@ -0,0 +1,38 @@
+/*
+ *
+ * Connection Manager
+ *
+ * Copyright (C) 2013 BMW Car IT GmbH.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include
+#endif
+
+#include "connman.h"
+
+int __connman_firewall_init(void)
+{
+ DBG("");
+
+ return 0;
+}
+
+void __connman_firewall_cleanup(void)
+{
+ DBG("");
+}
diff --git a/src/main.c b/src/main.c
index e21d056..0f47943 100644
--- a/src/main.c
+++ b/src/main.c
@@ -633,6 +633,7 @@ int main(int argc, char *argv[])
__connman_ippool_init();
__connman_iptables_init();
+ __connman_firewall_init();
__connman_nat_init();
__connman_tethering_init();
__connman_counter_init();
@@ -693,6 +694,7 @@ int main(int argc, char *argv[])
__connman_counter_cleanup();
__connman_tethering_cleanup();
__connman_nat_cleanup();
+ __connman_firewall_cleanup();
__connman_iptables_cleanup();
__connman_ippool_cleanup();
__connman_device_cleanup();
--
1.8.2.rc3.16.gce432ca
___
connman mailing list
connman@connman.net
http://lists.connman.net/listinfo/connman
[PATCH v0 03/10] iptables-test: Add insert support
From: Daniel Wagner
---
tools/iptables-test.c | 12 ++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/tools/iptables-test.c b/tools/iptables-test.c
index f20404b..1d964b9 100644
--- a/tools/iptables-test.c
+++ b/tools/iptables-test.c
@@ -30,6 +30,7 @@
enum iptables_command {
IPTABLES_COMMAND_APPEND,
+ IPTABLES_COMMAND_INSERT,
IPTABLES_COMMAND_DELETE,
IPTABLES_COMMAND_POLICY,
IPTABLES_COMMAND_CHAIN_INSERT,
@@ -48,12 +49,16 @@ int main(int argc, char *argv[])
opterr = 0;
while ((c = getopt_long(argc, argv,
- "-A:D:P:N:X:F:Lt:", NULL, NULL)) != -1) {
+ "-A:I:D:P:N:X:F:Lt:", NULL, NULL)) != -1) {
switch (c) {
case 'A':
chain = optarg;
cmd = IPTABLES_COMMAND_APPEND;
break;
+ case 'I':
+ chain = optarg;
+ cmd = IPTABLES_COMMAND_INSERT;
+ break;
case 'D':
chain = optarg;
cmd = IPTABLES_COMMAND_DELETE;
@@ -105,6 +110,9 @@ out:
case IPTABLES_COMMAND_APPEND:
err = __connman_iptables_append(table, chain, rule);
break;
+ case IPTABLES_COMMAND_INSERT:
+ err = __connman_iptables_insert(table, chain, rule);
+ break;
case IPTABLES_COMMAND_DELETE:
err = __connman_iptables_delete(table, chain, rule);
break;
@@ -127,7 +135,7 @@ out:
break;
case IPTABLES_COMMAND_UNKNOWN:
printf("Missing command\n");
- printf("usage: iptables-test [-t table] {-A|-D} chain rule\n");
+ printf("usage: iptables-test [-t table] {-A|-I|-D} chain
rule\n");
printf(" iptables-test [-t table] {-N|-X|-F} chain\n");
printf(" iptables-test [-t table] -L\n");
printf(" iptables-test [-t table] -P chain target\n");
--
1.8.2.rc3.16.gce432ca
___
connman mailing list
connman@connman.net
http://lists.connman.net/listinfo/connman
[PATCH v0 02/10] iptables: Add __connman_iptables_insert()
From: Daniel Wagner
This was wrongly removed with commit 161efbae
---
src/connman.h | 3 +++
src/iptables.c | 74 ++
2 files changed, 77 insertions(+)
diff --git a/src/connman.h b/src/connman.h
index 9a607fb..8e26304 100644
--- a/src/connman.h
+++ b/src/connman.h
@@ -803,6 +803,9 @@ int __connman_iptables_change_policy(const char *table_name,
int __connman_iptables_append(const char *table_name,
const char *chain,
const char *rule_spec);
+int __connman_iptables_insert(const char *table_name,
+ const char *chain,
+ const char *rule_spec);
int __connman_iptables_delete(const char *table_name,
const char *chain,
const char *rule_spec);
diff --git a/src/iptables.c b/src/iptables.c
index 8454fcb..017ba34 100644
--- a/src/iptables.c
+++ b/src/iptables.c
@@ -833,6 +833,37 @@ static int iptables_append_rule(struct connman_iptables
*table,
return ret;
}
+static int iptables_insert_rule(struct connman_iptables *table,
+ struct ipt_ip *ip, const char *chain_name,
+ const char *target_name,
+ struct xtables_target *xt_t,
+ struct xtables_rule_match *xt_rm)
+{
+ struct ipt_entry *new_entry;
+ int builtin = -1, ret;
+ GList *chain_head;
+
+ DBG("table %s chain %s", table->name, chain_name);
+
+ chain_head = find_chain_head(table, chain_name);
+ if (chain_head == NULL)
+ return -EINVAL;
+
+ new_entry = prepare_rule_inclusion(table, ip, chain_name,
+ target_name, xt_t, &builtin, xt_rm, TRUE);
+ if (new_entry == NULL)
+ return -EINVAL;
+
+ if (builtin == -1)
+ chain_head = chain_head->next;
+
+ ret = iptables_add_entry(table, new_entry, chain_head, builtin);
+ if (ret < 0)
+ g_free(new_entry);
+
+ return ret;
+}
+
static gboolean is_same_ipt_entry(struct ipt_entry *i_e1,
struct ipt_entry *i_e2)
{
@@ -2151,6 +2182,49 @@ out:
return err;
}
+int __connman_iptables_insert(const char *table_name,
+ const char *chain,
+ const char *rule_spec)
+{
+ struct connman_iptables *table;
+ struct parse_context *ctx;
+ const char *target_name;
+ int err;
+
+ ctx = g_try_new0(struct parse_context, 1);
+ if (ctx == NULL)
+ return -ENOMEM;
+
+ DBG("-t %s -I %s %s", table_name, chain, rule_spec);
+
+ err = prepare_getopt_args(rule_spec, ctx);
+ if (err < 0)
+ goto out;
+
+ table = get_table(table_name);
+ if (table == NULL) {
+ err = -EINVAL;
+ goto out;
+ }
+
+ err = parse_rule_spec(table, ctx);
+ if (err < 0)
+ goto out;
+
+ if (ctx->xt_t == NULL)
+ target_name = NULL;
+ else
+ target_name = ctx->xt_t->name;
+
+ err = iptables_insert_rule(table, ctx->ip, chain,
+ target_name, ctx->xt_t, ctx->xt_rm);
+out:
+ cleanup_parse_context(ctx);
+ reset_xtables();
+
+ return err;
+}
+
int __connman_iptables_delete(const char *table_name,
const char *chain,
const char *rule_spec)
--
1.8.2.rc3.16.gce432ca
___
connman mailing list
connman@connman.net
http://lists.connman.net/listinfo/connman
[PATCH v0 04/10] connman: Add callback helpers
From: Daniel Wagner
There is a common pattern when writing a callback function. Let's
add a few helper for this.
This is shamelessly stolen from oFono.
---
include/types.h | 19 +++
1 file changed, 19 insertions(+)
diff --git a/include/types.h b/include/types.h
index 0f671ec..051151a 100644
--- a/include/types.h
+++ b/include/types.h
@@ -22,6 +22,8 @@
#ifndef __CONNMAN_TYPES_H
#define __CONNMAN_TYPES_H
+#include
+
#ifdef __cplusplus
extern "C" {
#endif
@@ -38,6 +40,23 @@ typedef int connman_bool_t;
typedef unsigned char connman_uint8_t;
typedef unsigned short connman_uint16_t;
+struct cb_data {
+ void *cb;
+ void *user_data;
+ void *data;
+};
+
+static inline struct cb_data *cb_data_new(void *cb, void *user_data)
+{
+ struct cb_data *ret;
+
+ ret = g_new0(struct cb_data, 1);
+ ret->cb = cb;
+ ret->user_data = user_data;
+
+ return ret;
+}
+
#ifdef __cplusplus
}
#endif
--
1.8.2.rc3.16.gce432ca
___
connman mailing list
connman@connman.net
http://lists.connman.net/listinfo/connman
[PATCH v0 00/10] Add 'firewall' support
From: Daniel Wagner Hi, This series is based on "[PATCH v7] iptables refactoring" series. The orignal title of this series was "[PATCH v0 00/16] Managed iptables API". The first two patches bring back __connman_iptables_insert() which is needed for patch #9. Patch #3 just adds support for '-I' operations to iptables-test. Patch #4 to #7 add support to cleanup iptables rules we might have added in a previous run (ConnMan might have crashed). A context is introduce with (patch #8) which collects several iptables rules which then can be added or removed via in one go (calling __connman_firewall_enable()) ConnMan should not mess with any rules already in the system. Therefore, this series adds support for maintaining ConnMan's own iptables user chains for each builtin chain (patch #9) The final patch just adds some tests to iptables-unit. cheers, daniel Daniel Wagner (10): iptables: Tell prepare_rule_inclusion() rule position iptables: Add __connman_iptables_insert() iptables-test: Add insert support connman: Add callback helpers iptables: Add chain iterator firewall: Add firewall file firewall: Flush managed chains firewall: Add firewall API firewall: Maintain iptables rules in dedicated ConnMan chains test-iptables: Add firewall API tests Makefile.am | 4 +- include/types.h | 19 +++ src/connman.h | 24 +++ src/firewall.c| 441 ++ src/iptables.c| 125 ++ src/main.c| 2 + tools/iptables-test.c | 12 +- tools/iptables-unit.c | 95 ++- 8 files changed, 678 insertions(+), 44 deletions(-) create mode 100644 src/firewall.c -- 1.8.2.rc3.16.gce432ca ___ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman
[PATCH v0 01/10] iptables: Tell prepare_rule_inclusion() rule position
From: Daniel Wagner
prepare_rule_inclusion() is currently working correct for APPEND
operations.
First let's have a look what it does currently:
- user chains will be ignored by this change, because it head->builtin
flag is always -1.
- For builtin chains there are two cases to look at
-- chain is emtpy: In this case chain_head == chain_tail->prev holds true
and we want to 'append' the new rule as chain head right before
the policy rule which marks the end of the chain.
-- chain is not empty: then we don't have to handle the builtin flag
update. The only caller is iptables_append_rule which will put the
new rule before chain_tail->prev anyway.
The next patch brings back iptables_insert_rule() (commit 161efbae1
removed it) but this function will not work for non empty chain. In
this case the condition 'chain_head == chain_tail->prev' is false and
therefore we will not tell via *builtin that this is the new
head. Instead iptables_insert_rule() will insert the new rule at the
second position (see if (builtin == -1) chain_head = chain_head->next)
Therefore we need to tell prepare_rule_inclusion() that the new rule
is always at first position.
---
src/iptables.c | 7 ---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/iptables.c b/src/iptables.c
index 1fd6c42..8454fcb 100644
--- a/src/iptables.c
+++ b/src/iptables.c
@@ -768,7 +768,8 @@ static struct ipt_entry *prepare_rule_inclusion(struct
connman_iptables *table,
struct ipt_ip *ip, const char *chain_name,
const char *target_name,
struct xtables_target *xt_t,
- int *builtin, struct xtables_rule_match *xt_rm)
+ int *builtin, struct xtables_rule_match *xt_rm,
+ connman_bool_t insert_first)
{
GList *chain_tail, *chain_head;
struct ipt_entry *new_entry;
@@ -796,7 +797,7 @@ static struct ipt_entry *prepare_rule_inclusion(struct
connman_iptables *table,
head = chain_head->data;
if (head->builtin < 0)
*builtin = -1;
- else if (chain_head == chain_tail->prev) {
+ else if (insert_first == TRUE || chain_head == chain_tail->prev) {
*builtin = head->builtin;
head->builtin = -1;
}
@@ -821,7 +822,7 @@ static int iptables_append_rule(struct connman_iptables
*table,
return -EINVAL;
new_entry = prepare_rule_inclusion(table, ip, chain_name,
- target_name, xt_t, &builtin, xt_rm);
+ target_name, xt_t, &builtin, xt_rm, FALSE);
if (new_entry == NULL)
return -EINVAL;
--
1.8.2.rc3.16.gce432ca
___
connman mailing list
connman@connman.net
http://lists.connman.net/listinfo/connman
[PATCH 5/5] main: Print git HEAD commit id if known in -v option
---
src/main.c | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/main.c b/src/main.c
index e21d056..9787a31 100644
--- a/src/main.c
+++ b/src/main.c
@@ -36,6 +36,7 @@
#include
#include
+#include
#include "connman.h"
@@ -562,7 +563,10 @@ int main(int argc, char *argv[])
g_option_context_free(context);
if (option_version == TRUE) {
- printf("%s\n", VERSION);
+ if (connman_git_commit() != NULL)
+ printf("%s git %s\n", VERSION, connman_git_commit());
+ else
+ printf("%s\n", VERSION);
exit(0);
}
--
1.7.11.4
___
connman mailing list
connman@connman.net
http://lists.connman.net/listinfo/connman
[PATCH 4/5] log: Print current git HEAD commit id when log is initialized
If the commit id is not known, the print only the version number. --- src/log.c | 7 ++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/log.c b/src/log.c index 4e305a9..f73c638 100644 --- a/src/log.c +++ b/src/log.c @@ -33,6 +33,7 @@ #include #include +#include #include "connman.h" static const char *program_exec; @@ -314,7 +315,11 @@ int __connman_log_init(const char *program, const char *debug, openlog(basename(program), option, LOG_DAEMON); - syslog(LOG_INFO, "%s version %s", program_name, program_version); + if (connman_git_commit() != NULL) + syslog(LOG_INFO, "%s version %s git %s", program_name, + program_version, connman_git_commit()); + else + syslog(LOG_INFO, "%s version %s", program_name, program_version); return 0; } -- 1.7.11.4 ___ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman
[PATCH 3/5] build: Try to create include/connman-git-commit.h file
---
Makefile.am | 13 ++---
configure.ac | 3 ++-
2 files changed, 12 insertions(+), 4 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index 9fc159c..a6c9b73 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -11,7 +11,7 @@ include_HEADERS = include/types.h include/log.h
include/plugin.h \
include/session.h include/ipaddress.h include/agent.h \
include/inotify.h
-nodist_include_HEADERS = include/version.h
+nodist_include_HEADERS = include/version.h include/connman-git-commit.h
noinst_HEADERS = include/rtnl.h include/task.h \
include/dbus.h include/option.h \
@@ -134,7 +134,7 @@ vpn_connman_vpnd_LDFLAGS = -Wl,--export-dynamic \
-Wl,--version-script=$(srcdir)/vpn/vpn.ver
endif
-BUILT_SOURCES = $(local_headers) src/builtin.h
+BUILT_SOURCES = $(local_headers) src/builtin.h include/connman-git-commit.h
if VPN
BUILT_SOURCES += vpn/builtin.h
@@ -199,7 +199,7 @@ src_connmand_CFLAGS = @DBUS_CFLAGS@ @GLIB_CFLAGS@
@XTABLES_CFLAGS@ \
-I$(builddir)/src
EXTRA_DIST = src/genbuiltin src/connman-dbus.conf src/connman-polkit.conf \
- plugins/connman-nmcompat.conf
+ src/gen-git-commit plugins/connman-nmcompat.conf
if VPN
vpn_connman_vpnd_CFLAGS = @DBUS_CFLAGS@ @GLIB_CFLAGS@ \
@@ -382,6 +382,9 @@ src/builtin.h: src/genbuiltin $(builtin_sources)
vpn/builtin.h: src/genbuiltin $(builtin_vpn_sources)
$(AM_V_GEN)$(srcdir)/src/genbuiltin $(builtin_vpn_modules) > $@
+include/connman-git-commit.h: src/gen-git-commit
+ $(AM_V_GEN)$(srcdir)/src/gen-git-commit > $@
+
src/connman.conf: src/connman-dbus.conf src/connman-polkit.conf
if POLKIT
$(AM_V_GEN)cp $(srcdir)/src/connman-polkit.conf $@
@@ -414,6 +417,10 @@ include/connman/version.h: include/version.h
$(AM_V_at)$(MKDIR_P) include/connman
$(AM_V_GEN)$(LN_S) $(abs_top_builddir)/$< $@
+include/connman/connman-git-commit.h: include/connman-git-commit.h
+ $(AM_V_at)$(MKDIR_P) include/connman
+ $(AM_V_GEN)$(LN_S) $(abs_top_builddir)/$< $@
+
include/connman/%.h: $(abs_top_srcdir)/include/%.h
$(AM_V_at)$(MKDIR_P) include/connman
$(AM_V_GEN)$(LN_S) $< $@
diff --git a/configure.ac b/configure.ac
index 2be097d..c174a33 100644
--- a/configure.ac
+++ b/configure.ac
@@ -386,4 +386,5 @@ AM_CONDITIONAL(VPN, test "${enable_openconnect}" != "no" -o
\
AC_OUTPUT(Makefile include/version.h src/connman.service
vpn/connman-vpn.service vpn/net.connman.vpn.service
- scripts/connman doc/version.xml connman.pc)
+ scripts/connman doc/version.xml connman.pc,
+ src/gen-git-commit > include/connman-git-commit.h)
--
1.7.11.4
___
connman mailing list
connman@connman.net
http://lists.connman.net/listinfo/connman
[PATCH 2/5] gitignore: Ignore the generated include/connman-git-commit.h
--- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 8dd554d..92f0a3c 100644 --- a/.gitignore +++ b/.gitignore @@ -27,6 +27,7 @@ autom4te.cache connman.pc include/connman include/version.h +include/connman-git-commit.h src/builtin.h src/connmand src/connman.conf -- 1.7.11.4 ___ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman
[PATCH 0/5] Add current git HEAD commit id to version prints
Hi, there was someone in irc/ml missing information about what is the git HEAD commit id of the connman sources when the binary was built. I have been also missing this information lately so decided to generate this piece of data. Cheers, Jukka Jukka Rissanen (5): build: Script to generate current git HEAD commit id gitignore: Ignore the generated include/connman-git-commit.h build: Try to create include/connman-git-commit.h file log: Print current git HEAD commit id when log is initialized main: Print git HEAD commit id if known in -v option .gitignore | 1 + Makefile.am| 13 ++--- configure.ac | 3 ++- src/gen-git-commit | 32 src/log.c | 7 ++- src/main.c | 6 +- 6 files changed, 56 insertions(+), 6 deletions(-) create mode 100755 src/gen-git-commit -- 1.7.11.4 ___ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman
[PATCH 1/5] build: Script to generate current git HEAD commit id
--- src/gen-git-commit | 32 1 file changed, 32 insertions(+) create mode 100755 src/gen-git-commit diff --git a/src/gen-git-commit b/src/gen-git-commit new file mode 100755 index 000..7f1898a --- /dev/null +++ b/src/gen-git-commit @@ -0,0 +1,32 @@ +#!/bin/sh + +HEAD=`git rev-parse HEAD 2> /dev/null` +if [ $? -ne 0 ]; then +HEAD=NULL +RET=1 +else +HEAD="\"$HEAD\"" +RET=0 +fi + +cat
[PATCH 2/3] systemd: Use environment file for connmand debug options
--- src/connman.service.in | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/connman.service.in b/src/connman.service.in index 2e9e4d5..fa57d4e 100644 --- a/src/connman.service.in +++ b/src/connman.service.in @@ -6,7 +6,8 @@ After=syslog.target Type=dbus BusName=net.connman Restart=on-failure -ExecStart=@prefix@/sbin/connmand -n +EnvironmentFile=-@sysconfdir@/connman/connmand.env +ExecStart=@prefix@/sbin/connmand -n $DEBUG StandardOutput=null [Install] -- 1.7.11.4 ___ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman
[PATCH 3/3] systemd: Use environment file for connman-vpnd debug options
--- vpn/connman-vpn.service.in | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/vpn/connman-vpn.service.in b/vpn/connman-vpn.service.in index ec02a86..2472f00 100644 --- a/vpn/connman-vpn.service.in +++ b/vpn/connman-vpn.service.in @@ -5,7 +5,8 @@ After=syslog.target [Service] Type=dbus BusName=net.connman.vpn -ExecStart=@prefix@/sbin/connman-vpnd -n +EnvironmentFile=-@sysconfdir@/connman/connman-vpnd.env +ExecStart=@prefix@/sbin/connman-vpnd -n $DEBUG StandardOutput=null [Install] -- 1.7.11.4 ___ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman
[PATCH 0/3] Setting debug options when using systemd
Hi, If one is using systemd to start ConnMan, then activating debugging requires manual editing of connman.service file. That is PITA as one must remember to reload systemd config if changes are made to .service file. This patchset changes that so that user can edit /etc/connman/connmand.env file instead and place debug options there. The env file does not exist by default. Cheers, Jukka Jukka Rissanen (3): doc: Debugging in host that uses systemd systemd: Use environment file for connmand debug options systemd: Use environment file for connman-vpnd debug options README | 16 src/connman.service.in | 3 ++- vpn/connman-vpn.service.in | 3 ++- 3 files changed, 20 insertions(+), 2 deletions(-) -- 1.7.11.4 ___ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman
[PATCH 1/3] doc: Debugging in host that uses systemd
--- README | 16 1 file changed, 16 insertions(+) diff --git a/README b/README index bfb246a..e97b536 100644 --- a/README +++ b/README @@ -246,6 +246,22 @@ Following environment variables can be used: Example: CONNMAN_WEB_DEBUG=1 src/connmand -n +If the host is using systemd when starting ConnMan, then one can activate +debugging easily by creating /etc/connman/connmand.env file and setting +debug options there. By default the env file does not exist. + +The following example would activate debugging in src/s*.c files and +also turn on Internet connectivity check debugging if placed into +connmand.env file: +DEBUG=-d src/s*.c +CONNMAN_WEB_DEBUG=1 + +Note that one should not use quotation marks in env file as the systemd +will not use shell to expand them. + +For connman-vpnd daemon debugging, a similiar /etc/connman/connman-vpnd.env +file can be created. + Kernel configuration -- 1.7.11.4 ___ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman
[PATCH] doc: Information about activating debugging in ConnMan
--- README | 43 +++ 1 file changed, 43 insertions(+) diff --git a/README b/README index 0f86bc1..bfb246a 100644 --- a/README +++ b/README @@ -204,6 +204,49 @@ For a working system, certain configuration options need to be enabled: in order to enable the dbus access. +Activating debugging + + +One can activate debugging prints in ConnMan using -d command line option. +If the -d option has no parameters, then debugging is activated for all +source code files. If the -d option has parameters, they tell which source +code files have debugging activated. One can use wild cards in file names. +Example: +-d Activate all normal debug prints +-d src/service.c This prints debugging info from src/service.c + file only +-d src/network.c:src/ipconfig.c + This activates debug prints in src/network.c + and src/ipconfig.c files. +-d 'src/n*.c'This would activate debug print from all the C source + files starting with letter 'n' in src directory. + Note the quotation marks around option, that is to + prevent shell expansion. +-d '*/n*.c:*/i*.c' Activate debug prints for all C source files starting + with letters 'n' or 'i' in any sub-directory. + +Some components of ConnMan have environment variable activated debug prints. +If the environment variable is set, then corresponding component will print +some extra debugging information. +Following environment variables can be used: +CONNMAN_DHCP_DEBUGDHCPv4 related debug information +CONNMAN_DHCPV6_DEBUG DHCPv6 related debug information +CONNMAN_IPTABLES_DEBUGExtra information when iptables is used +CONNMAN_RESOLV_DEBUG Name resolver debug prints. These debug prints + are used when ConnMan resolves host names for + its own use. + Note that the DNS proxy debug prints do not + use this environment variable. For that, one + can use "-d src/dnsproxy.c" command line option. +CONNMAN_SUPPLICANT_DEBUG Debugging prints for communication between + connmand and wpa_supplicant processes. +CONNMAN_WEB_DEBUG Debug information when ConnMan does Internet + connectivity check in Wispr and 6to4 components. + +Example: +CONNMAN_WEB_DEBUG=1 src/connmand -n + + Kernel configuration -- 1.7.11.4 ___ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman
