Re: Connman VPN: Do not replace default route
Hi,
On 03.02.2013 19:11, Yevhen Kyriukha wrote:
2013/2/3 Jukka Rissanen jukka.rissa...@gmail.com:
Hi,
On 2 February 2013 15:02, Yevhen Kyriukha kirg...@gmail.com wrote:
My VPN server already push information about routes like:
server 10.10.10.0 255.255.255.0
and
push route 10.10.10.0 255.255.255.0 vpn_gateway
If I use openvpn without connman the behavior is correct (routes are
replaced only if I push redirect-gateway from the server).
This sounds like a bug.
Can you do following:
- start vpnd with connman-vpnd -n -d and direct the output to a file
- start test/monitor-vpn and direct the output to a file
- connect to your vpn (you should see server pushed routes in debug
output and also in monitor output)
- after successful connection run test/vpn-get to see if we are really
missing the ServerRoutes
Cheers,
Jukka
Ok, I did these steps and here's what I got:
When I run connman-vpnd -n -d program closes immediately (you can
find output in connman-vpn.log file that is attached). Is it
correct? Seems that system activates connman-vpnd by dbus.
The log says
No VPN configurations found, quitting.
Meaning that you do not have any VPN configurations around. Did you
remove all your VPN configurations from disk or are you running with
read only filesystem for /var/lib/connman?
In output of 'monitor-vpn' I see the following line:
ServerRoutes = [[{ ProtocolFamily=4 Netmask=255.255.255.0
Network=10.10.10.0 Gateway=10.10.10.81 }][{ ProtocolFamily=4
Netmask=255.255.255.0 Network=10.10.10.0 Gateway=10.10.10.81 }]]
And output of 'vpn-get' contains following:
ServerRoutes = [[{ ProtocolFamily=4 Netmask=255.255.255.0
Network=10.10.10.0 Gateway=10.10.10.81 }][{ ProtocolFamily=4
Netmask=255.255.255.0 Network=10.10.10.0 Gateway=10.10.10.81 }]]
This looks correct.
But 'route -n' gives me the same picture that I was talking before
(vpn is a default route iface).
This is expected as you have not moved the services yet.
If the /var/lib/connman is non-existent, then you will have weird
problems anyway.
Cheers,
Jukka
___
connman mailing list
connman@connman.net
http://lists.connman.net/listinfo/connman
[PATCH] test: Fix simple-agent so it can run even if service files are missing
Fixes BMC#25964
---
test/simple-agent | 23 +++
1 file changed, 15 insertions(+), 8 deletions(-)
diff --git a/test/simple-agent b/test/simple-agent
index 2487b7b..01c82ba 100755
--- a/test/simple-agent
+++ b/test/simple-agent
@@ -276,7 +276,7 @@ def vpnNameOwnerChanged(proxy):
'net.connman.vpn.Manager')
vpn_manager.RegisterAgent(path)
except:
- print vpn agent registered
+ print vpn agent is not registered
else:
print(vpnd is disconnected from system bus)
vpn_manager = None
@@ -307,10 +307,14 @@ if __name__ == '__main__':
path = /test/agent
object = Agent(bus, path)
- vpn_manager = dbus.Interface(bus.get_object('net.connman.vpn', /),
- 'net.connman.vpn.Manager')
- vpn_path = /test/vpn_agent
- vpn_object = VpnAgent(bus, vpn_path)
+ try:
+ vpn_manager = dbus.Interface(bus.get_object('net.connman.vpn',
/),
+ 'net.connman.vpn.Manager')
+ vpn_path = /test/vpn_agent
+ vpn_object = VpnAgent(bus, vpn_path)
+ except:
+ vpn_manager = None
+ print net.connman.vpn is not present
if len(sys.argv) = 2:
for arg in sys.argv[1:]:
@@ -340,9 +344,12 @@ if __name__ == '__main__':
except:
print Cannot register connman agent.
- vpn_manager.RegisterAgent(vpn_path)
-
- bus.watch_name_owner('net.connman.vpn', vpnNameOwnerChanged)
+ if vpn_manager != None:
+ try:
+ vpn_manager.RegisterAgent(vpn_path)
+ bus.watch_name_owner('net.connman.vpn',
vpnNameOwnerChanged)
+ except:
+ Cannot register vpn agent
mainloop = gobject.MainLoop()
mainloop.run()
--
1.8.1.2
___
connman mailing list
connman@connman.net
http://lists.connman.net/listinfo/connman
[PATCH v3 4/4] ipconfig: User proper address structure when appending IPv4 info
From: Patrik Flykt patrik.fl...@linux.intel.com --- src/ipconfig.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ipconfig.c b/src/ipconfig.c index 9535e9f..27c86b3 100644 --- a/src/ipconfig.c +++ b/src/ipconfig.c @@ -1742,10 +1742,10 @@ void __connman_ipconfig_append_ipv4(struct connman_ipconfig *ipconfig, return; case CONNMAN_IPCONFIG_METHOD_FIXED: + case CONNMAN_IPCONFIG_METHOD_MANUAL: append_addr = ipconfig-address; break; - case CONNMAN_IPCONFIG_METHOD_MANUAL: case CONNMAN_IPCONFIG_METHOD_DHCP: append_addr = ipconfig-system; break; -- 1.7.10.4 ___ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman
[PATCH v3 0/4] Fix invalid IP addresses
From: Patrik Flykt patrik.fl...@linux.intel.com Hi, This patch set fixes the code to first validate the IP addresses given via D-Bus before attempting to use them. v3 refactors the code and updates patch 03 so that the new ipconfig is properly enabled. v3 adds also a new patch 04 that includes an IPv4 info fix where the ip address was not appended properly. Please test, Patrik Patrik Flykt (4): ipconfig: Add checks for invalid IPv4/IPv6 addresses service: Factor out ipconfig creation service: Validate the IP addresses before use ipconfig: User proper address structure when appending IPv4 info src/ipconfig.c | 28 -- src/service.c | 157 ++-- 2 files changed, 120 insertions(+), 65 deletions(-) -- 1.7.10.4 ___ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman
[PATCH v3 3/4] service: Validate the IP addresses before use
From: Patrik Flykt patrik.fl...@linux.intel.com
When setting IP address information via D-Bus, first create a new ipconfig
structure to hold the values. If the values were validated correctly, update
the service ipconfig structure with the new values. In order to achieve
this, refactor the existing code.
Fixes BMC#25930
---
src/service.c | 99 +
1 file changed, 58 insertions(+), 41 deletions(-)
diff --git a/src/service.c b/src/service.c
index ea7bbf0..78c062d 100644
--- a/src/service.c
+++ b/src/service.c
@@ -2961,48 +2961,66 @@ error:
}
static int set_ipconfig(struct connman_service *service,
- struct connman_ipconfig *ipconfig,
- DBusMessageIter *array,
- enum connman_service_state state,
- enum connman_service_state *new_state)
+ enum connman_ipconfig_type type, DBusMessageIter *array,
+ enum connman_service_state *new_state)
{
- enum connman_ipconfig_method old_method;
- enum connman_ipconfig_method method = CONNMAN_IPCONFIG_METHOD_UNKNOWN;
- enum connman_ipconfig_type type;
- int err;
+ struct connman_ipconfig *ipconfig, *new_ipconfig;
+ enum connman_ipconfig_method old_method, new_method;
+ enum connman_service_state state;
+ int err, index;
- if (ipconfig == NULL)
+ if (type == CONNMAN_IPCONFIG_TYPE_IPV4) {
+ ipconfig = service-ipconfig_ipv4;
+ state = service-state_ipv4;
+ } else if (type == CONNMAN_IPCONFIG_TYPE_IPV6) {
+ ipconfig = service-ipconfig_ipv6;
+ state = service-state_ipv6;
+ } else
return -EINVAL;
+ if (ipconfig == NULL)
+ return -ENXIO;
+
+ index = __connman_ipconfig_get_index(ipconfig);
+
+ if (type == CONNMAN_IPCONFIG_TYPE_IPV4)
+ new_ipconfig = create_ip4config(service, index,
+ CONNMAN_IPCONFIG_METHOD_UNKNOWN);
+ else
+ new_ipconfig = create_ip6config(service, index);
+
+ err = __connman_ipconfig_set_config(new_ipconfig, array);
+ if (err 0) {
+ __connman_ipconfig_unref(new_ipconfig);
+ return err;
+ }
+
old_method = __connman_ipconfig_get_method(ipconfig);
+ new_method = __connman_ipconfig_get_method(new_ipconfig);
if (is_connecting_state(service, state) ||
is_connected_state(service, state))
__connman_network_clear_ipconfig(service-network, ipconfig);
-
- err = __connman_ipconfig_set_config(ipconfig, array);
- method = __connman_ipconfig_get_method(ipconfig);
- type = __connman_ipconfig_get_config_type(ipconfig);
+ __connman_ipconfig_unref(ipconfig);
if (type == CONNMAN_IPCONFIG_TYPE_IPV4) {
- if (err == 0 old_method == CONNMAN_IPCONFIG_METHOD_OFF
- method == CONNMAN_IPCONFIG_METHOD_DHCP) {
- *new_state = service-state_ipv4;
- __connman_ipconfig_enable(ipconfig);
- __connman_service_auto_connect();
- }
-
+ service-ipconfig_ipv4 = new_ipconfig;
} else if (type == CONNMAN_IPCONFIG_TYPE_IPV6) {
- if (err == 0 old_method == CONNMAN_IPCONFIG_METHOD_OFF
- method == CONNMAN_IPCONFIG_METHOD_AUTO) {
+ service-ipconfig_ipv6 = new_ipconfig;
+ }
+
+ __connman_ipconfig_enable(new_ipconfig);
+
+ if (new_method != old_method) {
+ if (type == CONNMAN_IPCONFIG_TYPE_IPV4)
+ *new_state = service-state_ipv4;
+ else
*new_state = service-state_ipv6;
- __connman_ipconfig_enable(ipconfig);
- __connman_service_auto_connect();
- }
+ __connman_service_auto_connect();
}
- DBG(err %d ipconfig %p type %d method %d state %s, err, ipconfig,
- type, method, state2string(*new_state));
+ DBG(err %d ipconfig %p type %d method %d state %s, err, new_ipconfig,
+ type, new_method, state2string(*new_state));
return err;
}
@@ -3207,9 +3225,10 @@ static DBusMessage *set_property(DBusConnection *conn,
} else if (g_str_equal(name, IPv4.Configuration) == TRUE ||
g_str_equal(name, IPv6.Configuration)) {
- struct connman_ipconfig *ipv4 = NULL, *ipv6 = NULL;
enum connman_service_state state =
CONNMAN_SERVICE_STATE_UNKNOWN;
+ enum connman_ipconfig_type type =
+ CONNMAN_IPCONFIG_TYPE_UNKNOWN;
int err = 0;
DBG(%s, name);
@@ -3218,33 +3237,31 @@
[PATCH v3 2/4] service: Factor out ipconfig creation
From: Patrik Flykt patrik.fl...@linux.intel.com
The caller has to set the created ipconfig into its data structures.
---
src/service.c | 58 +
1 file changed, 38 insertions(+), 20 deletions(-)
diff --git a/src/service.c b/src/service.c
index a1d4a2f..ea7bbf0 100644
--- a/src/service.c
+++ b/src/service.c
@@ -127,6 +127,12 @@ struct connman_service {
static connman_bool_t allow_property_changed(struct connman_service *service);
+static struct connman_ipconfig *create_ip4config(struct connman_service
*service,
+ int index, enum connman_ipconfig_method method);
+static struct connman_ipconfig *create_ip6config(struct connman_service
*service,
+ int index);
+
+
struct find_data {
const char *path;
struct connman_service *service;
@@ -6042,31 +6048,40 @@ static const struct connman_ipconfig_ops service_ops = {
.route_unset= service_route_changed,
};
-static void setup_ip4config(struct connman_service *service, int index,
- enum connman_ipconfig_method method)
+static struct connman_ipconfig *create_ip4config(struct connman_service
*service,
+ int index, enum connman_ipconfig_method method)
{
- service-ipconfig_ipv4 = __connman_ipconfig_create(index,
+ struct connman_ipconfig *ipconfig_ipv4;
+
+ ipconfig_ipv4 = __connman_ipconfig_create(index,
CONNMAN_IPCONFIG_TYPE_IPV4);
- if (service-ipconfig_ipv4 == NULL)
- return;
+ if (ipconfig_ipv4 == NULL)
+ return NULL;
- __connman_ipconfig_set_method(service-ipconfig_ipv4, method);
+ __connman_ipconfig_set_method(ipconfig_ipv4, method);
- __connman_ipconfig_set_data(service-ipconfig_ipv4, service);
+ __connman_ipconfig_set_data(ipconfig_ipv4, service);
- __connman_ipconfig_set_ops(service-ipconfig_ipv4, service_ops);
+ __connman_ipconfig_set_ops(ipconfig_ipv4, service_ops);
+
+ return ipconfig_ipv4;
}
-static void setup_ip6config(struct connman_service *service, int index)
+static struct connman_ipconfig *create_ip6config(struct connman_service
*service,
+ int index)
{
- service-ipconfig_ipv6 = __connman_ipconfig_create(index,
+ struct connman_ipconfig *ipconfig_ipv6;
+
+ ipconfig_ipv6 = __connman_ipconfig_create(index,
CONNMAN_IPCONFIG_TYPE_IPV6);
- if (service-ipconfig_ipv6 == NULL)
- return;
+ if (ipconfig_ipv6 == NULL)
+ return NULL;
+
+ __connman_ipconfig_set_data(ipconfig_ipv6, service);
- __connman_ipconfig_set_data(service-ipconfig_ipv6, service);
+ __connman_ipconfig_set_ops(ipconfig_ipv6, service_ops);
- __connman_ipconfig_set_ops(service-ipconfig_ipv6, service_ops);
+ return ipconfig_ipv6;
}
void __connman_service_read_ip4config(struct connman_service *service)
@@ -6094,7 +6109,8 @@ void connman_service_create_ip4config(struct
connman_service *service,
if (service-ipconfig_ipv4 != NULL)
return;
- setup_ip4config(service, index, CONNMAN_IPCONFIG_METHOD_DHCP);
+ service-ipconfig_ipv4 = create_ip4config(service, index,
+ CONNMAN_IPCONFIG_METHOD_DHCP);
__connman_service_read_ip4config(service);
}
@@ -6123,7 +6139,7 @@ void connman_service_create_ip6config(struct
connman_service *service,
if (service-ipconfig_ipv6 != NULL)
return;
- setup_ip6config(service, index);
+ service-ipconfig_ipv6 = create_ip6config(service, index);
__connman_service_read_ip6config(service);
}
@@ -6421,10 +6437,11 @@ struct connman_service *
__connman_service_create_from_network(struct connman_ne
index = connman_network_get_index(network);
if (service-ipconfig_ipv4 == NULL)
- setup_ip4config(service, index, CONNMAN_IPCONFIG_METHOD_DHCP);
+ service-ipconfig_ipv4 = create_ip4config(service, index,
+ CONNMAN_IPCONFIG_METHOD_DHCP);
if (service-ipconfig_ipv6 == NULL)
- setup_ip6config(service, index);
+ service-ipconfig_ipv6 = create_ip6config(service, index);
service_register(service);
@@ -6576,10 +6593,11 @@ __connman_service_create_from_provider(struct
connman_provider *provider)
service-strength = 0;
if (service-ipconfig_ipv4 == NULL)
- setup_ip4config(service, index, CONNMAN_IPCONFIG_METHOD_MANUAL);
+ service-ipconfig_ipv4 = create_ip4config(service, index,
+ CONNMAN_IPCONFIG_METHOD_MANUAL);
if (service-ipconfig_ipv6 == NULL)
- setup_ip6config(service, index);
+ service-ipconfig_ipv6 = create_ip6config(service, index);
service_register(service);
[PATCH v3 1/4] ipconfig: Add checks for invalid IPv4/IPv6 addresses
From: Patrik Flykt patrik.fl...@linux.intel.com
Also fine tune returned errors.
---
src/ipconfig.c | 26 +++---
1 file changed, 23 insertions(+), 3 deletions(-)
diff --git a/src/ipconfig.c b/src/ipconfig.c
index 9ca3316..9535e9f 100644
--- a/src/ipconfig.c
+++ b/src/ipconfig.c
@@ -1933,6 +1933,7 @@ int __connman_ipconfig_set_config(struct connman_ipconfig
*ipconfig,
*privacy_string = NULL;
int prefix_length = 0, privacy = 0;
DBusMessageIter dict;
+ int type = -1;
DBG(ipconfig %p, ipconfig);
@@ -2021,7 +2022,7 @@ int __connman_ipconfig_set_config(struct connman_ipconfig
*ipconfig,
case CONNMAN_IPCONFIG_METHOD_AUTO:
if (ipconfig-type != CONNMAN_IPCONFIG_TYPE_IPV6)
- return -EINVAL;
+ return -EOPNOTSUPP;
ipconfig-method = method;
if (privacy_string != NULL)
@@ -2030,7 +2031,26 @@ int __connman_ipconfig_set_config(struct
connman_ipconfig *ipconfig,
break;
case CONNMAN_IPCONFIG_METHOD_MANUAL:
- if (address == NULL)
+ switch (ipconfig-type) {
+ case CONNMAN_IPCONFIG_TYPE_IPV4:
+ type = AF_INET;
+ break;
+ case CONNMAN_IPCONFIG_TYPE_IPV6:
+ type = AF_INET6;
+ break;
+ case CONNMAN_IPCONFIG_TYPE_UNKNOWN:
+ type = -1;
+ break;
+ }
+
+ if ((address != NULL connman_inet_check_ipaddress(address)
+ != type) ||
+ (netmask != NULL
+ connman_inet_check_ipaddress(netmask)
+ != type) ||
+ (gateway != NULL
+ connman_inet_check_ipaddress(gateway)
+ != type))
return -EINVAL;
ipconfig-method = method;
@@ -2045,7 +2065,7 @@ int __connman_ipconfig_set_config(struct connman_ipconfig
*ipconfig,
break;
case CONNMAN_IPCONFIG_METHOD_DHCP:
- if (ipconfig-type == CONNMAN_IPCONFIG_TYPE_IPV6)
+ if (ipconfig-type != CONNMAN_IPCONFIG_TYPE_IPV4)
return -EOPNOTSUPP;
ipconfig-method = method;
--
1.7.10.4
___
connman mailing list
connman@connman.net
http://lists.connman.net/listinfo/connman
