Send connman mailing list submissions to connman@lists.01.org To subscribe or unsubscribe via email, send a message with subject or body 'help' to connman-requ...@lists.01.org
You can reach the person managing the list at connman-ow...@lists.01.org When replying, please edit your Subject line so it is more specific than "Re: Contents of connman digest..." Today's Topics: 1. Re: [PATCH 09/11] service: Change IPv6 support if split routing value changes on IPv4 VPN (Jussi Laakkonen) 2. RE: [PATCH] service: Prevent auto connection during passphrase request (VAUTRIN Emmanuel (Canal Plus Prestataire)) 3. RE: [PATCH] timeserver: Fix time update manual->auto at startup (VAUTRIN Emmanuel (Canal Plus Prestataire)) ---------------------------------------------------------------------- Date: Wed, 7 Apr 2021 13:57:05 +0300 From: Jussi Laakkonen <jussi.laakko...@jolla.com> Subject: Re: [PATCH 09/11] service: Change IPv6 support if split routing value changes on IPv4 VPN To: Daniel Wagner <w...@monom.org> Cc: connman@lists.01.org Message-ID: <2a3e20ec-8af6-8103-20bc-9c7be57d5...@jolla.com> Content-Type: text/plain; charset=utf-8; format=flowed Hi Daniel, On 4/6/21 9:49 PM, Daniel Wagner wrote: > On Tue, Apr 06, 2021 at 05:00:23PM +0300, Jussi Laakkonen wrote: >>>> Just expose that facility from core ConnMan and let the VPN providers >>>> use it as they desire. >> >> I actually had this in mind as a next step to have a per provider option to >> really control whether to disable IPv6 or not. Some amount of work goes to >> that as well and I think OpenConnect and WireGuard plugins are ones that are >> capable of both v4 and v6. >> >> What do you Daniel say, should I try to include that per provider option >> here or work it as later, and perhaps amend the TODO on that part? > > This makes sense to me. I think we shouldn't encoded the policy into > the core itself. Probably it would be good to have the interface and > config interface sorted out first. > I was thinking a simple boolean to struct connman_provider, which is changed via PropertyChanged signals that are listened by plugins/vpn.c and are emitted by vpn/vpn-provider.c. That boolean then replaces the usages of if (provider->family == AF_INET) and is by default set as "true" to indicate that IPv6 should be disabled. The value then can be changed by the a VPN using the: vpn_provider.c:vpn_provider_set_boolean(). In order to minimize changes I though this to be true by default, as I mentioned in other mails to the list, many of the VPN plugins still use IPv4 only. But you'd prefer future proofing more it is all the same to me to do it just the opposite. Still, security is for me an opt-out always :). Or did you have something else in mind? I'm not sure if I followed the last sentence of yours. Cheers, Jussi ------------------------------ Date: Wed, 7 Apr 2021 15:08:48 +0000 From: "VAUTRIN Emmanuel (Canal Plus Prestataire)" <emmanuel.vaut...@cpexterne.org> Subject: RE: [PATCH] service: Prevent auto connection during passphrase request To: Daniel Wagner <w...@monom.org> Cc: "connman@lists.01.org" <connman@lists.01.org> Message-ID: <pr1pr02mb479461508d4bc77ee603d12493...@pr1pr02mb4794.eur prd02.prod.outlook.com> Content-Type: text/plain; charset="iso-8859-1" Avoid concurrent associations between a user connection to a secure service, blocked by an agent passphrase input request, and a starting auto connection on a different service of the same interface. --- src/service.c | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/src/service.c b/src/service.c index 7dfa89f23164..e938ab0e3a80 100644 --- a/src/service.c +++ b/src/service.c @@ -49,6 +49,7 @@ static DBusConnection *connection = NULL; static GList *service_list = NULL; static GHashTable *service_hash = NULL; +static GHashTable *passphrase_requested = NULL; static GSList *counter_list = NULL; static unsigned int autoconnect_id = 0; static unsigned int vpn_autoconnect_id = 0; @@ -4200,6 +4201,7 @@ static bool auto_connect_service(GList *services, bool ignore[MAX_CONNMAN_SERVICE_TYPES] = { }; bool autoconnecting = false; GList *list; + int index; DBG("preferred %d sessions %d reason %s", preferred, active_count, reason2string(reason)); @@ -4215,6 +4217,11 @@ static bool auto_connect_service(GList *services, continue; } + index = __connman_service_get_index(service); + if (g_hash_table_lookup(passphrase_requested, + GINT_TO_POINTER(index))) + return true; + if (service->pending || is_connecting(service->state) || is_connected(service->state)) { @@ -5765,6 +5772,7 @@ static void request_input_cb(struct connman_service *service, struct connman_device *device; const char *security; int err = 0; + int index; DBG("RequestInput return, %p", service); @@ -5827,6 +5835,11 @@ static void request_input_cb(struct connman_service *service, err = __connman_service_set_passphrase(service, passphrase); done: + index = __connman_service_get_index(service); + g_hash_table_replace(passphrase_requested, + GINT_TO_POINTER(index), + GINT_TO_POINTER(false)); + if (err >= 0) { /* We forget any previous error. */ set_error(service, CONNMAN_SERVICE_ERROR_UNKNOWN); @@ -6678,6 +6691,7 @@ static int service_connect(struct connman_service *service) int __connman_service_connect(struct connman_service *service, enum connman_service_connect_reason reason) { + int index; int err; DBG("service %p state %s connect reason %s -> %s", @@ -6758,6 +6772,13 @@ int __connman_service_connect(struct connman_service *service, if (service->hidden && err != -EINPROGRESS) service->pending = pending; + if (err == -EINPROGRESS) { + index = __connman_service_get_index(service); + g_hash_table_replace(passphrase_requested, + GINT_TO_POINTER(index), + GINT_TO_POINTER(true)); + } + return err; } } @@ -7748,6 +7769,8 @@ int __connman_service_init(void) service_hash = g_hash_table_new_full(g_str_hash, g_str_equal, NULL, service_free); + passphrase_requested = g_hash_table_new(g_direct_hash, g_direct_equal); + services_notify = g_new0(struct _services_notify, 1); services_notify->remove = g_hash_table_new_full(g_str_hash, g_str_equal, g_free, NULL); @@ -7780,6 +7803,9 @@ void __connman_service_cleanup(void) g_hash_table_destroy(service_hash); service_hash = NULL; + g_hash_table_destroy(passphrase_requested); + passphrase_requested = NULL; + g_slist_free(counter_list); counter_list = NULL; -- 2.25.1 ------------------------------ Date: Wed, 7 Apr 2021 17:28:50 +0000 From: "VAUTRIN Emmanuel (Canal Plus Prestataire)" <emmanuel.vaut...@cpexterne.org> Subject: RE: [PATCH] timeserver: Fix time update manual->auto at startup To: Daniel Wagner <w...@monom.org> Cc: "connman@lists.01.org" <connman@lists.01.org> Message-ID: <pr1pr02mb479403f9ea2a7eaf706af0c293...@pr1pr02mb4794.eur prd02.prod.outlook.com> Content-Type: text/plain; charset="iso-8859-1" When resetting the time synchronization, always set the associated service, even when the timeserver list is empty, to enable future synchronization, when switching time update from manual to auto. --- src/timeserver.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/timeserver.c b/src/timeserver.c index a55f1f795a9c..9732565c25ca 100644 --- a/src/timeserver.c +++ b/src/timeserver.c @@ -386,6 +386,7 @@ static void ts_reset(struct connman_service *service) __connman_service_timeserver_changed(service, timeservers_list); if (!timeservers_list) { + ts_service = service; DBG("No timeservers set."); return; } -- 2.25.1 ------------------------------ Subject: Digest Footer _______________________________________________ connman mailing list -- connman@lists.01.org To unsubscribe send an email to connman-le...@lists.01.org ------------------------------ End of connman Digest, Vol 66, Issue 12 ***************************************