Re: [PATCH] Add setting: UpdateResolvConf

2015-02-04 Thread Martin Tournoij 
On Wed, Feb 4, 2015, at 16:06, Jukka Rissanen wrote:
> You might be able to configure connman to use your 127.0.0.53 server by
> configuring it to each service you are using (have not tested this
> thou). Example: connmanctl config your_service_id --nameservers
> 127.0.0.53
> and then running connman with dnsproxy enabled.

Thanks

Yeah, I saw some settings for this today, but then I need to do this for
every network I connect with, not to mention setting might get "lost" on
upgrades/reinstalls since they're not in /etc...

Simply leaving /etc/resolv.conf alone seems like the simplest/most
foolproof way to me. It gives the user control to do "exotic" (which my
setup apparently is) and/or "smart" things; this fits well with my UNIX
philosophy :-) But I don't know if it also fits with connman's
philosophy ;-)

Another way might be to add some way to (globally) control nameserver
settings from connman, but that's more complicated...

Or connman could be left as-is, and my esoteric setup would be
considered "unsupported" (I would not prefer this, obviously :-) ).

Cheers
___
connman mailing list
connman@connman.net
https://lists.connman.net/mailman/listinfo/connman

Re: [PATCH] Add setting: UpdateResolvConf

2015-02-04 Thread Martin Tournoij 
On Wed, Feb 4, 2015, at 16:06, Tomasz Bursztyka wrote:
> Hi,
> 
> > It makes sense to me to
> > not use every random DNS server out there...
> 
> Sure, but your ubound does not magically resolve names by itself: it 
> does forward the
> DNS queries to whatever has been configured (check 
> /etc/unbound/unbound.conf keyword "forward-zone")
> and cache the results relevantly.

It's not magic :-) But it queries the root server, then .com from that,
and then example.com from that, insofar as I understand DNS. Or maybe I
misunderstood something?

I have no lines with forward-zone in /etc/unbound/unbound.conf

I followed this guide btw: https://wiki.archlinux.org/index.php/Unbound
(but *not* section 2.6 Forwarding queries).
___
connman mailing list
connman@connman.net
https://lists.connman.net/mailman/listinfo/connman

Re: [PATCH] Add setting: UpdateResolvConf

2015-02-04 Thread Martin Tournoij 
On Wed, Feb 4, 2015, at 15:41, Jukka Rissanen wrote:
> Just wondering where do you get the nameserver IP addresses in this
> case? Are you manually updating resolv.conf?

Not sure if I understand this question?

Let me explain my setup in more detail:

- Run unbound on 127.0.0.54

- Run adsuck on 127.0.0.53, this filters ad domains (spoofs reply with
  127.0.0.2), and forwards other queries to 127.0.0.42 (unbound).

- Start connman with --nodnsproxy

- For the root user, run a crontab with:
*/5 * * * * echo 'nameserver 127.0.0.53' > /etc/resolv.conf

unbound works as recursive resolver, no other DNS server required.

This works, except for the first 0 to 5 minutes I connected to a new
network. It's also more than a bit ugly...

Is this a very esoteric setup? I don't know ... It makes sense to me to
not use every random DNS server out there... DNSSEC should ensure I get
responses that haven't been tampered with... I don't know what random
DNS servers do at starbucks do...

Thanks,
Martin
___
connman mailing list
connman@connman.net
https://lists.connman.net/mailman/listinfo/connman

Re: [PATCH] Add setting: UpdateResolvConf

2015-02-04 Thread Martin Tournoij 
On Wed, Feb 4, 2015, at 15:28, Patrik Flykt wrote:
> So if you do a lookup for 'slashdot.org', how is unbound configured to
> properly resolve that name from any network you visit? Google?

If you wanted to, you could still get the DNS servers the DHCP dishes
out with:

  $ connmanctl services wifi_5c514f7cdc83_4c49434f_managed_psk | grep 
Nameserver 

And do something manually with it (by monitoring for changes to connman
or /etc/resolv.conf maybe).
___
connman mailing list
connman@connman.net
https://lists.connman.net/mailman/listinfo/connman

Re: [PATCH] Add setting: UpdateResolvConf

2015-02-04 Thread Martin Tournoij 
On Wed, Feb 4, 2015, at 15:28, Patrik Flykt wrote:
> 
>   Hi,
> 
> On Wed, 2015-02-04 at 15:23 +0100, Martin Tournoij wrote:
> > > How do you pick up the DNS servers when changing networks if ConnMan
> > > never writes the ones obtained via DHCP anywhere? How do you update
> > the
> > > DNS servers at the moment when using your own resolver?
> > 
> > I don't. I run unbound (& adsuck) on my laptop, so it works
> > everywhere.
> 
> So if you do a lookup for 'slashdot.org', how is unbound configured to
> properly resolve that name from any network you visit? Google?

It just works as a recursive resolver, I don't need to rely on any
"external" DNS resolvers (which is how unbound works by default).
___
connman mailing list
connman@connman.net
https://lists.connman.net/mailman/listinfo/connman

Re: [PATCH] Add setting: UpdateResolvConf

2015-02-04 Thread Martin Tournoij 
On Wed, Feb 4, 2015, at 14:59, Patrik Flykt wrote:
> On Tue, 2015-01-06 at 05:01 +0100, Martin Tournoij wrote:
> > This is useful because my laptop runs it's own resolver. Every time I
> > connect, Connman overwrites /etc/resolv.conf, and I need to script
> > around this by overwriting it again after this...
> 
> How do you pick up the DNS servers when changing networks if ConnMan
> never writes the ones obtained via DHCP anywhere? How do you update the
> DNS servers at the moment when using your own resolver?

I don't. I run unbound (& adsuck) on my laptop, so it works everywhere.
___
connman mailing list
connman@connman.net
https://lists.connman.net/mailman/listinfo/connman

Re: [PATCH] Add setting: UpdateResolvConf

2015-02-04 Thread Martin Tournoij 
Hi,

Is there any response on this?

I don't want to badger anyone, but I'm subscribed to the connman mail
list just for this issue. It would like to give my INBOX a break ;-)

Thanks a lot!
Martin
___
connman mailing list
connman@connman.net
https://lists.connman.net/mailman/listinfo/connman

Re: [PATCH] Add setting: UpdateResolvConf

2015-01-06 Thread Martin Tournoij 
On Tue, Jan 6, 2015, at 12:06, Pasi Sjöholm wrote:
> Hi Martin,
> 
> >This patch adds a new setting to main.conf, `UpdateResolvConf' (default
> >true), which controls the updating of /etc/resolv.conf.
> >
> >If set to False, /etc/resolv.conf will not be updated.
> 
> You know there is "--nodnsproxy" option when starting connman?

Yup :-) And I enabled that, but it then updates /etc/resolv.conf with the
settings from the DHCP server, ie.:

  # Generated by Connection Manager
  nameserver 8.8.8.8
  nameserver 8.8.4.4

There is, as far as I've been able to determine, no easy way to prevent this.
___
connman mailing list
connman@connman.net
https://lists.connman.net/mailman/listinfo/connman

[PATCH] Add setting: UpdateResolvConf

2015-01-05 Thread Martin Tournoij 
Hi there,

This patch adds a new setting to main.conf, `UpdateResolvConf' (default
true), which controls the updating of /etc/resolv.conf.

If set to False, /etc/resolv.conf will not be updated.

This is useful because my laptop runs it's own resolver. Every time I
connect, Connman overwrites /etc/resolv.conf, and I need to script
around this by overwriting it again after this...

I didn't update the docs and such, but if this change is okay, I will do
that as well.

PS. I am *not* subscribed to this list! Please CC me in replies!

Thank you,
Martin
diff --git i/src/main.c w/src/main.c
index ba09eb6..c2058bb 100644
--- i/src/main.c
+++ w/src/main.c
@@ -73,6 +73,7 @@ static struct {
bool single_tech;
char **tethering_technologies;
bool persistent_tethering_mode;
+   bool update_resolv_conf;
 } connman_settings  = {
.bg_scan = true,
.pref_timeservers = NULL,
@@ -86,6 +87,7 @@ static struct {
.single_tech = false,
.tethering_technologies = NULL,
.persistent_tethering_mode = false,
+   .update_resolv_conf = true,
 };
 
 #define CONF_BG_SCAN"BackgroundScanning"
@@ -98,8 +100,9 @@ static struct {
 #define CONF_BLACKLISTED_INTERFACES "NetworkInterfaceBlacklist"
 #define CONF_ALLOW_HOSTNAME_UPDATES "AllowHostnameUpdates"
 #define CONF_SINGLE_TECH"SingleConnectedTechnology"
-#define CONF_TETHERING_TECHNOLOGIES  "TetheringTechnologies"
+#define CONF_TETHERING_TECHNOLOGIES "TetheringTechnologies"
 #define CONF_PERSISTENT_TETHERING_MODE  "PersistentTetheringMode"
+#define CONF_UPDATE_RESOLV_CONF "UpdateResolvConf"
 
 static const char *supported_options[] = {
CONF_BG_SCAN,
@@ -114,6 +117,7 @@ static const char *supported_options[] = {
CONF_SINGLE_TECH,
CONF_TETHERING_TECHNOLOGIES,
CONF_PERSISTENT_TETHERING_MODE,
+   CONF_UPDATE_RESOLV_CONF,
NULL
 };
 
@@ -354,6 +358,14 @@ static void parse_config(GKeyFile *config)
connman_settings.persistent_tethering_mode = boolean;
 
g_clear_error(&error);
+
+   boolean = __connman_config_get_bool(config, "General",
+   CONF_UPDATE_RESOLV_CONF,
+   &error);
+   if (!error)
+   connman_settings.update_resolv_conf = boolean;
+
+   g_clear_error(&error);
 }
 
 static int config_init(const char *file)
@@ -528,6 +540,9 @@ bool connman_setting_get_bool(const char *key)
if (g_str_equal(key, CONF_PERSISTENT_TETHERING_MODE))
return connman_settings.persistent_tethering_mode;
 
+   if (g_str_equal(key, CONF_UPDATE_RESOLV_CONF))
+   return connman_settings.update_resolv_conf;
+
return false;
 }
 
diff --git i/src/resolver.c w/src/resolver.c
index 01e7c0e..dff8c10 100644
--- i/src/resolver.c
+++ w/src/resolver.c
@@ -89,6 +89,10 @@ static int resolvfile_export(void)
unsigned int count;
mode_t old_umask;
 
+   if (!connman_setting_get_bool("UpdateResolvConf")) {
+   return 0;
+   }
+
content = g_string_new("# Generated by Connection Manager\n");
 
/*
___
connman mailing list
connman@connman.net
https://lists.connman.net/mailman/listinfo/connman