[PATCH] Force BSS expiration
by Yasser
We were having a problem with our wifi scanning, where the list of
wifi available would become empty and would not be repopulated until
after a long delay. Researching the problem it seemed that it was
related to BSS expiration age. There were already some people who had
faced the same issue, so inspired by this we developed the following
patch which allows us to set the BSS expiration age to match ConnMan
long scanning interval to avoid the loss of networks during a long
interval between two scans.
diff --git a/gsupplicant/gsupplicant.h b/gsupplicant/gsupplicant.h
index bfb52db..08d6b9e 100644
--- a/gsupplicant/gsupplicant.h
+++ b/gsupplicant/gsupplicant.h
@@ -267,7 +267,8 @@ int
g_supplicant_interface_connect(GSupplicantInterface *interface,
int g_supplicant_interface_disconnect(GSupplicantInterface *interface,
GSupplicantInterfaceCallback callback,
void *user_data);
-
+int g_supplicant_interface_set_bss_expiration_age(GSupplicantInterface
*interface,
+ unsigned int
bss_expiration_age);
int g_supplicant_interface_set_apscan(GSupplicantInterface *interface,
unsigned int ap_scan);
diff --git a/gsupplicant/supplicant.c b/gsupplicant/supplicant.c
index 6052f7b..fe6ad48 100644
--- a/gsupplicant/supplicant.c
+++ b/gsupplicant/supplicant.c
@@ -981,6 +981,46 @@ static void interface_capability(const char *key,
DBusMessageIter *iter,
key, dbus_message_iter_get_arg_type(iter));
}
+struct g_supplicant_bss_expiration_age
+{
+ GSupplicantInterface *interface;
+ unsigned int bss_expiration_age;
+};
+
+static void set_bss_expiration_age(DBusMessageIter *iter, void *user_data)
+{
+ struct g_supplicant_bss_expiration_age *data = user_data;
+ unsigned int bss_expiration_age = data->bss_expiration_age;
+
+ dbus_free(data);
+ dbus_message_iter_append_basic(iter, DBUS_TYPE_UINT32,
&bss_expiration_age);
+}
+
+int g_supplicant_interface_set_bss_expiration_age(GSupplicantInterface
*interface,
+ unsigned int
bss_expiration_age)
+{
+ struct g_supplicant_bss_expiration_age *data;
+ int ret;
+
+ data = dbus_malloc0(sizeof(*data));
+
+ if (!data)
+ return -ENOMEM;
+
+ data->bss_expiration_age = bss_expiration_age;
+ data->interface = interface;
+
+ ret = supplicant_dbus_property_set(interface->path,
+ SUPPLICANT_INTERFACE ".Interface",
+ "BSSExpireAge", DBUS_TYPE_UINT32_AS_STRING,
+ set_bss_expiration_age, NULL, data, NULL);
+ if (ret < 0)
+ dbus_free(data);
+
+ return ret;
+}
+
+
struct set_apscan_data
{
unsigned int ap_scan;
diff --git a/plugins/wifi.c b/plugins/wifi.c
index 910b739..57b63e2 100644
--- a/plugins/wifi.c
+++ b/plugins/wifi.c
@@ -1522,6 +1522,7 @@ static void interface_create_callback(int result,
void *user_data)
{
struct wifi_data *wifi = user_data;
+ char * bgscan_range_max;
DBG("result %d ifname %s, wifi %p", result,
g_supplicant_interface_get_ifname(interface),
@@ -1537,6 +1538,13 @@ static void interface_create_callback(int result,
wifi->interface_ready = true;
finalize_interface_creation(wifi);
}
+ /* Force the BSS expiration age to match ConnMan long scanning
interval to avoid the loss of networks during a long interval between
two scannings. */
+ if ((bgscan_range_max = strrchr(BGSCAN_DEFAULT,':')) != NULL &&
+
g_supplicant_interface_set_bss_expiration_age(interface,
strtol(bgscan_range_max + 1, (char**)NULL, 10) + 10) >= 0) {
+ DBG("bss expiration age successfully updated");
+ } else {
+ DBG("bss expiration age update has failed");
+ }
}
static int wifi_enable(struct connman_device *device)
2 months, 1 week
Re: dhcp discover timeout
by Daniel Wagner
Hi Pieter,
On Wed, Oct 07, 2020 at 10:12:03AM +0000, Pieter Cardoen wrote:
> We are using connman as network manager for our embedded devices. We are currently facing an issue regarding DHCP.
>
> I've noted that if a service is configured to use DHCP, a DHCP discover message is sent multiple times (DISCOVER_RETRIES). If the DHCP server doesn't respond in time, a fallback scenario is used and a fixed static IP address is configured instead.
>
> For or application, this behaviour is unexpected and a device should keep sending discover messages until the end of times 😋.
>
> We currently applied a dirty fix (see below). What is the reason of this fallback behaviour and is it possible to configure connman to keep sending discovers in a better way?
Which version of ConnMan are you using. The current version should keep
sending DHCP discovery message.
Thanks,
Daniel
3 months
[PATCH 1/2] vpn: Annotate fallthrough correctly
by Daniel Wagner
gcc is complaining as it doesn't reconnize the comment. Update
the comment so that gcc is happy.
---
vpn/vpn-util.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/vpn/vpn-util.c b/vpn/vpn-util.c
index abd2cd34b85c..9ef14d38c235 100644
--- a/vpn/vpn-util.c
+++ b/vpn/vpn-util.c
@@ -175,7 +175,8 @@ int vpn_util_create_path(const char *path, uid_t uid, gid_t grp, int mode)
if (!g_file_test(dir_p, G_FILE_TEST_IS_DIR))
goto out;
- /* Fall through to chmod as the dir exists */
+ /* Do a chmod as the dir exists */
+ /* fallthrough */
case -EISDIR:
/* Exists as dir, just chmod and change owner */
err = g_chmod(dir_p, mode);
--
2.29.0
4 months
Disconnect with unspecified reason leads to network being blocked
by cpastore@ivenix.com
On a Cisco wireless controller, in the case of a session timeout my devices sometimes get deathenticated with reason code 1 (unspecified reason) - in this case it seems connman assumes that the client was blocked, when that's not necessarily the case (code from plugins/wifi.c below). Is this the correct behavior? Is there any way to unblock the network without re-starting connman?
code from plugins/wifi.c:
/* See table 8-36 Reason codes in IEEE Std 802.11 */
switch (wifi->disconnect_code) {
case 1: /* Unspecified reason */
/* Let's assume it's because we got blocked */
case 6: /* Class 2 frame received from nonauthenticated STA */
connman_network_set_error(network,
CONNMAN_NETWORK_ERROR_BLOCKED);
break;
thanks
Christopher Pastore
4 months
connman 1.33 yocto pyro and 'online' state
by Mauro Ziliani
Hi all
I put connman in my bsp (yocto pyro on imx6dl)
Connman receive the setup from dhcp on eth0, with all informations on
dns, gateway and so on.
The state of connman and eth0 stay 'ready'.
If I setup the nameservers by hands from connmanctl with
config ethernet_XXXX --nameservers 8.8.4.4
connman and ethernet_XXXX go online immediatelly.
This is the setup of ethernet_XXX before config
Type = ethernet
Security = [ ]
State = ready
Favorite = True
Immutable = False
AutoConnect = True
Name = Wired
Ethernet = [ Method=auto, Interface=eth0, Address=XXXX, MTU=1500 ]
IPv4 = [ Method=dhcp, Address=192.168.1.41, Netmask=255.255.255.0,
Gateway=192.168.1.1 ]
IPv4.Configuration = [ Method=dhcp ]
IPv6 = [ ]
IPv6.Configuration = [ Method=auto, Privacy=disabled ]
Nameservers = [ 8.8.4.4 ]
Nameservers.Configuration = [ ]
Timeservers = [ ntp1.inrim.it, 192.168.1.1 ]
Timeservers.Configuration = [ ntp1.inrim.it ]
Domains = [ ]
Domains.Configuration = [ ]
Proxy = [ Method=direct ]
Proxy.Configuration = [ ]
Provider = [ ]
This is after config
Type = ethernet
Security = [ ]
State = ready
Favorite = True
Immutable = False
AutoConnect = True
Name = Wired
Ethernet = [ Method=auto, Interface=eth0, Address=XXXX, MTU=1500 ]
IPv4 = [ Method=dhcp, Address=192.168.1.41, Netmask=255.255.255.0,
Gateway=192.168.1.1 ]
IPv4.Configuration = [ Method=dhcp ]
IPv6 = [ ]
IPv6.Configuration = [ Method=auto, Privacy=disabled ]
Nameservers = [ 8.8.4.4 ]
Nameservers.Configuration = [ ]
Timeservers = [ ntp1.inrim.it, 192.168.1.1 ]
Timeservers.Configuration = [ ntp1.inrim.it ]
Domains = [ ]
Domains.Configuration = [ ]
Proxy = [ Method=direct ]
Proxy.Configuration = [ ]
Provider = [ ]
The router is an EdgeRouter X Ubiquity
Any iadea?
Best regards,
MZ
4 months
[PATCH 0/5] Add VPN utility functions and system user list to DACPrivileges
by Jussi Laakkonen
Add vpn-util.c for utility functions for VPN core and plugins to use.
Implemented:
- vpn_util_get_passwd() to get struct passwd using user/uid as string
- vpn_util_get_group() to get struct group using group/gid as string
- vpn_util_create_path() to create the path for the requested file, and to
set the ownership and permissions thus, requiring additional capabilities
With the help of vpn_util_create_path() VPNC now can set the pid file to a
location where the running user can create it. Also, replaced some code in
vpn.c in favor of using vpn-util.c functions.
Added "SystemBinaryUsers" string list to DACPrivileges group for vpnd main
config only. This, with the help of the added vpn_settings_is_system_user(),
a plugin, for example, can check if the user set to run the VPN binary is root
or other pre-defined system user to determine appropriate action, like it is
the case with VPNC.
Jussi Laakkonen (5):
vpn-util: Create utility file for VPN core and plugins
vpn: Add CAP_CHOWN CAP_FOWNER capabilities for path creation
vpn-settings: Add SystemBinaryUsers conf option and system user check
vpnc: Support setting the pid file path to /var/run/user
vpn: Use util functions for getting uid and gid
Makefile.am | 2 +-
vpn/connman-vpn.service.in | 2 +-
vpn/plugins/vpn.c | 55 ++--------
vpn/plugins/vpnc.c | 54 ++++++++++
vpn/vpn-settings.c | 63 ++++++++++-
vpn/vpn-util.c | 213 +++++++++++++++++++++++++++++++++++++
vpn/vpn.h | 5 +
7 files changed, 346 insertions(+), 48 deletions(-)
create mode 100644 vpn/vpn-util.c
--
2.20.1
4 months, 1 week
[PATCH] bluetooth: Move DBG statement after initial checks
by Daniel Wagner
gcc complains with format-overflow for the DBG statement for the
bridge argument. Let's move the DBG after the initial checks to avoid
the complain and also make the output more helpful. If we see it in
the log, the bridge has been created.
---
plugins/bluetooth.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/plugins/bluetooth.c b/plugins/bluetooth.c
index f759a902611c..5336103451fc 100644
--- a/plugins/bluetooth.c
+++ b/plugins/bluetooth.c
@@ -717,8 +717,6 @@ static bool tethering_create(const char *path,
const char *method;
bool result;
- DBG("path %s bridge %s", path, bridge);
-
if (!bridge) {
g_free(tethering);
return false;
@@ -730,6 +728,8 @@ static bool tethering_create(const char *path,
return false;
}
+ DBG("path %s bridge %s", path, bridge);
+
tethering->technology = technology;
tethering->bridge = g_strdup(bridge);
tethering->enable = enabled;
--
2.28.0
4 months, 1 week
[PATCH] pptp: Support --idle-wait and --max-echo-wait options
by Jussi Laakkonen
Implement support for --idle-wait and --max-echo-wait options. By
default these are set to 60 if omitted.
Added OPT_PPTP_ONLY to be able to separate these from the PPPD options.
All PPTP options need to be added with "pty" as one option in order for
them to work.
---
vpn/plugins/pptp.c | 31 +++++++++++++++++++------------
1 file changed, 19 insertions(+), 12 deletions(-)
diff --git a/vpn/plugins/pptp.c b/vpn/plugins/pptp.c
index 5fc861e4..0ede6f8b 100644
--- a/vpn/plugins/pptp.c
+++ b/vpn/plugins/pptp.c
@@ -54,15 +54,18 @@
enum {
OPT_STRING = 1,
OPT_BOOL = 2,
+ OPT_PPTP_ONLY = 3,
};
struct {
const char *cm_opt;
const char *pptp_opt;
- const char *vpnc_default;
+ const char *pptp_default;
int type;
} pptp_options[] = {
{ "PPTP.User", "user", NULL, OPT_STRING },
+ { "PPTP.IdleWait", "--idle-wait", NULL, OPT_PPTP_ONLY},
+ { "PPTP.MaxEchoWait", "--max-echo-wait", NULL, OPT_PPTP_ONLY},
{ "PPPD.EchoFailure", "lcp-echo-failure", "0", OPT_STRING },
{ "PPPD.EchoInterval", "lcp-echo-interval", "0", OPT_STRING },
{ "PPPD.Debug", "debug", NULL, OPT_STRING },
@@ -436,7 +439,9 @@ static int run_connect(struct vpn_provider *provider,
vpn_provider_connect_cb_t cb, void *user_data,
const char *username, const char *password)
{
- const char *opt_s, *host;
+ GString *pptp_opt_s;
+ const char *opt_s;
+ const char *host;
char *str;
int err, i;
@@ -450,16 +455,11 @@ static int run_connect(struct vpn_provider *provider,
DBG("username %s password %p", username, password);
host = vpn_provider_get_string(provider, "Host");
- str = g_strdup_printf("%s %s --nolaunchpppd --loglevel 2",
- PPTP, host);
- if (!str) {
- connman_error("can not allocate memory");
- err = -ENOMEM;
- goto done;
- }
- connman_task_add_argument(task, "pty", str);
- g_free(str);
+ /* Create PPTP options for pppd "pty" */
+ pptp_opt_s = g_string_new(NULL);
+ g_string_append_printf(pptp_opt_s, "%s %s --nolaunchpppd --loglevel 2",
+ PPTP, host);
connman_task_add_argument(task, "nodetach", NULL);
connman_task_add_argument(task, "lock", NULL);
@@ -474,7 +474,7 @@ static int run_connect(struct vpn_provider *provider,
opt_s = vpn_provider_get_string(provider,
pptp_options[i].cm_opt);
if (!opt_s)
- opt_s = pptp_options[i].vpnc_default;
+ opt_s = pptp_options[i].pptp_default;
if (!opt_s)
continue;
@@ -485,8 +485,15 @@ static int run_connect(struct vpn_provider *provider,
else if (pptp_options[i].type == OPT_BOOL)
pptp_write_bool_option(task,
pptp_options[i].pptp_opt, opt_s);
+ else if (pptp_options[i].type == OPT_PPTP_ONLY)
+ g_string_append_printf(pptp_opt_s, " %s %s",
+ pptp_options[i].pptp_opt, opt_s);
}
+ str = g_string_free(pptp_opt_s, FALSE);
+ connman_task_add_argument(task, "pty", str);
+ g_free(str);
+
connman_task_add_argument(task, "plugin",
SCRIPTDIR "/libppp-plugin.so");
--
2.20.1
4 months, 1 week
[PATCH] openvpn: Add support for --ping, --ping-exit and --remap-usr1
by Jussi Laakkonen
[openvpn] Add support for --ping, --ping-exit and --remap-usr1. Fixes JB#51497
Add support for --ping (OpenVPN.Ping) and --ping-exit (OpenVPN.PingExit)
configuration values. Set defaults of 10 for ping and 60 for ping exit
from https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
Set --ping-restart only with TCP since with UDP it is more feasible to
use --ping and --ping-exit with the default values if the values are
unset. If with TCP --ping-exit is set ignore --ping-restart as the values
are mutually exclusive.
Add --remap-usr1 option which remaps SIGUSR1 as SIGHUP/SIGTERM in order
to restart the process when errors are detected. OpenVPN does handle
some errors internally and it may not always be good with ConnMan
monitoring it.
---
vpn/plugins/openvpn.c | 30 +++++++++++++++++++++++-------
1 file changed, 23 insertions(+), 7 deletions(-)
diff --git a/vpn/plugins/openvpn.c b/vpn/plugins/openvpn.c
index abbf20d4..f11750f5 100644
--- a/vpn/plugins/openvpn.c
+++ b/vpn/plugins/openvpn.c
@@ -83,6 +83,9 @@ struct {
{ "OpenVPN.ConfigFile", "--config", 1 },
{ "OpenVPN.DeviceType", NULL, 1 },
{ "OpenVPN.Verb", "--verb", 1 },
+ { "OpenVPN.Ping", "--ping", 1},
+ { "OpenVPN.PingExit", "--ping-exit", 1},
+ { "OpenVPN.RemapUsr1", "--remap-usr1", 1},
};
struct ov_private_data {
@@ -496,16 +499,13 @@ static int run_connect(struct ov_private_data *data,
connman_task_add_argument(task, "--ifconfig-noexec", NULL);
/*
- * Disable client restarts because we can't handle this at the
- * moment. The problem is that when OpenVPN decides to switch
+ * Disable client restarts with TCP because we can't handle this at
+ * the moment. The problem is that when OpenVPN decides to switch
* from CONNECTED state to RECONNECTING and then to RESOLVE,
* it is not possible to do a DNS lookup. The DNS server is
* not accessible through the tunnel anymore and so we end up
* trying to resolve the OpenVPN servers address.
- */
- connman_task_add_argument(task, "--ping-restart", "0");
-
- /*
+ *
* Disable connetion retrying when OpenVPN is connected over TCP.
* With TCP OpenVPN attempts to handle reconnection silently without
* reporting the error back when establishing a connection or
@@ -515,8 +515,24 @@ static int run_connect(struct ov_private_data *data,
* including DNS.
*/
option = vpn_provider_get_string(provider, "OpenVPN.Proto");
- if (option && g_str_has_prefix(option, "tcp"))
+ if (option && g_str_has_prefix(option, "tcp")) {
+ option = vpn_provider_get_string(provider, "OpenVPN.PingExit");
+ if (!option)
+ connman_task_add_argument(task, "--ping-restart", "0");
+
connman_task_add_argument(task, "--connect-retry-max", "1");
+ /* Apply defaults for --ping and --ping-exit only with UDP protocol. */
+ } else {
+ /* Apply default of 10 second interval for ping if omitted. */
+ option = vpn_provider_get_string(provider, "OpenVPN.Ping");
+ if (!option)
+ connman_task_add_argument(task, "--ping", "10");
+
+ /* Apply default of 60 seconds for ping exit if omitted. */
+ option = vpn_provider_get_string(provider, "OpenVPN.PingExit");
+ if (!option)
+ connman_task_add_argument(task, "--ping-exit", "60");
+ }
err = connman_task_run(task, ov_died, data, NULL, NULL, NULL);
if (err < 0) {
--
2.20.1
4 months, 1 week
[PATCH 0/6] Support SplitRouting variable on vpnd
by Jussi Laakkonen
Add support for SplitRouting variable on vpnd. This is amended to VPN
connection API as boolean parameter and allows to use the API for defining
whether to use the VPN as default route (SplitRouting=false) or not. The value
defaults to false.
On connmand side SplitRouting is exposed for VPN plugin via provider.
SplitRouting is also added to supported D-Bus variables in VPN plugin.
On vpnd side vpn-config.c is amended with support to retrieve boolean from
keyfile and used in vpn-provider.c. Warning is printed if SplitRouting is
attempted to be added as string and thus, vpn_provider_set_boolean() is added.
Additionally checks for whether the default route has been added for a VPN is
implemented. Adding a default route is being prevented for split routed VPNs
and enforced on non-split routed VPNs, when the default route should be set.
Jussi Laakkonen (6):
service: Expose set_split_routing() for internal use
provider: Expose split routing variable in VPN properties
vpn: Add SplitRouting to supported D-Bus variables
vpn-config: Implement function to get boolean from keyfile
vpn-provider: Support split routing option for VPN providers
doc: Document VPN connection SplitRouting boolean
doc/vpn-connection-api.txt | 9 +-
include/provider.h | 2 +
plugins/vpn.c | 16 +++-
src/connman.h | 2 +
src/provider.c | 18 ++++
src/service.c | 23 +++--
vpn/vpn-config.c | 15 +++
vpn/vpn-provider.c | 182 ++++++++++++++++++++++++++++++++-----
vpn/vpn-provider.h | 2 +
vpn/vpn.h | 10 +-
10 files changed, 237 insertions(+), 42 deletions(-)
--
2.20.1
4 months, 1 week
