[PATCH v1 00/11] WireGuard support
by Daniel Wagner
Add WireGuard support to the VPN daemon. This version isn't too bad,
so if no one is speaking up I am going to merge it. We can still clean
up stuff later. The only thing which should be in place from day one
are the config options. Please have a look at them and speak up if you
think these are wrongly named etc.
One thing which needs to be changed after this goes in, are how we
handle the secret data (passwords, etc). Currently, all settings are
showing up in the logs unless the hackish 'hide_value' API is
used. But this is for latter.
changes v1:
- error handling improved
- rewrite of host/ip parsing code
- configuration options overhal
Daniel Wagner (11):
include: Remove unused definition
shared: Remove netlink code
vpn: Remove Host check in plugins
vpn: Add provider only on success to hash table
build: Test for libmnl independent of nftables
vpn: Add WireGuard plugin placeholder
shared: Add Generic Netlink helpers for libmnl
vpn: Add embeddable WireGuard library
vpn: Introduce VPN_FLAG_NO_DAEMON
doc: Document WireGuard VPN plugin
vpn: Add WireGuard support
Makefile.am | 13 +-
Makefile.plugins | 25 +
configure.ac | 23 +-
doc/vpn-config-format.txt | 22 +
include/provider.h | 2 -
src/shared/mnlg.c | 325 ++++++++++++
src/shared/mnlg.h | 27 +
src/shared/netlink.c | 666 -------------------------
src/shared/netlink.h | 53 --
tools/netlink-test.c | 123 -----
vpn/plugins/libwireguard.c | 998 +++++++++++++++++++++++++++++++++++++
vpn/plugins/openconnect.c | 7 -
vpn/plugins/openvpn.c | 6 -
vpn/plugins/pptp.c | 8 +-
vpn/plugins/vpn.c | 51 +-
vpn/plugins/vpn.h | 3 +-
vpn/plugins/vpnc.c | 6 -
vpn/plugins/wireguard.c | 373 ++++++++++++++
vpn/plugins/wireguard.h | 103 ++++
vpn/vpn-config.c | 7 +-
20 files changed, 1951 insertions(+), 890 deletions(-)
create mode 100644 src/shared/mnlg.c
create mode 100644 src/shared/mnlg.h
delete mode 100644 src/shared/netlink.c
delete mode 100644 src/shared/netlink.h
delete mode 100644 tools/netlink-test.c
create mode 100644 vpn/plugins/libwireguard.c
create mode 100644 vpn/plugins/wireguard.c
create mode 100644 vpn/plugins/wireguard.h
--
2.23.0
1 year, 2 months
Is there anyway to get SIM ID?
by JH
Hi,
I am running connman in a 4G LTE device in Linux system, are there
anyway to get SIM ID? and the Operator and LTE signalling strength?
Unfoutuantly, I don't have connmanctl due to the limitation of the
space to install Python.
Thank you.
Kind regards,
- jh
1 year, 2 months
[PATCH] timeserver: reload nameservers when service nameservers change
by Vivien Henriet
This is to fix an issue where connman is unable to resolve ntp hostnames.
When a service switch from a autoconf link local address (169.254.0.0/16)
to an address configured by dhcp, timeserver was not notified and thus
was not reloaded its resolver's nameserver. As a consequence, hostnames
of ntp server were not resolved.
Change-Id: Icfcaba44de922947d03e507008921011bab014d5
---
src/service.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/service.c b/src/service.c
index 552b788f..b7a69f10 100644
--- a/src/service.c
+++ b/src/service.c
@@ -997,8 +997,12 @@ static int nameservers_changed_cb(void *user_data)
service->nameservers_timeout = 0;
if ((is_idle(service->state) && !service->nameservers) ||
- is_connected(service->state))
- dns_changed(service);
+ is_connected(service->state)) {
+ dns_changed(service);
+ if (service == connman_service_get_default())
+ __connman_timeserver_sync(service);
+ }
+
return FALSE;
}
--
2.21.0
1 year, 2 months
The order of a OpenVpn service with topology subnet cannot be changed
due to a missing route
by Thomas Achleitner
Hi,
one of our clients uses a server configuration with topology subnet and
does not push a route from server.
This causes an error when moving the vpn service below the ethernet service
and the default gateway then is the vpn connection.
From the openvpn log i get
Tue Nov 5 09:29:02 2019 SENT CONTROL [test.vpn]: 'PUSH_REQUEST' (status=1)
Tue Nov 5 09:29:02 2019 PUSH: Received control message:
'PUSH_REPLY,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart
120,ifconfig 10.8.0.3 255.255.255.0,peer-id 0'
and the journalctl log states
Nov 05 11:19:46 blue-x21150002 connmand[278]: vpn0 {create} index 12
type 65534 <NONE>
Nov 05 11:19:46 blue-x21150002 connmand[278]: vpn0 {update} flags 4240
<DOWN>
Nov 05 11:19:46 blue-x21150002 connmand[278]: vpn0 {newlink} index 12
address 00:00:00:00:00:00 mtu 1500
Nov 05 11:19:46 blue-x21150002 connmand[278]: vpn0 {newlink} index 12
operstate 2 <DOWN>
Nov 05 11:19:47 blue-x21150002 connman-vpnd[259]: vpn0 {create} index 12
type 65534 <NONE>
Nov 05 11:19:47 blue-x21150002 connman-vpnd[259]: vpn0 {update} flags
4240 <DOWN>
Nov 05 11:19:47 blue-x21150002 connman-vpnd[259]: vpn0 {newlink} index
12 operstate 2 <DOWN>
Nov 05 11:19:49 blue-x21150002 connmand[278]: vpn0 {update} flags 102609
<UP,RUNNING,LOWER_UP>
Nov 05 11:19:49 blue-x21150002 connmand[278]: vpn0 {newlink} index 12
address 00:00:00:00:00:00 mtu 1500
Nov 05 11:19:49 blue-x21150002 connmand[278]: vpn0 {newlink} index 12
operstate 6 <UP>
Nov 05 11:19:49 blue-x21150002 connman-vpnd[259]: vpn0 {update} flags
102609 <UP,RUNNING,LOWER_UP>
Nov 05 11:19:49 blue-x21150002 connman-vpnd[259]: vpn0 {newlink} index
12 operstate 6 <UP>
Nov 05 11:19:49 blue-x21150002 connmand[278]: vpn0 {add} address
10.8.0.3/24 label vpn0 family 2
Nov 05 11:19:49 blue-x21150002 connmand[278]: vpn0 {add} route 10.8.0.0
gw 0.0.0.0 scope 253 <LINK>
Nov 05 11:19:50 blue-x21150002 connmand[278]: Setting domainname to test.vpn
Nov 05 11:19:50 blue-x21150002 connmand[278]: ipconfig state 4 ipconfig
method 1
Nov 05 11:19:50 blue-x21150002 connmand[278]: eth0 {add} route
185.48.116.146 gw 192.168.30.4 scope 0 <UNIVERSE>
Nov 05 11:19:50 blue-x21150002 connmand[278]: eth0 {del} route 0.0.0.0
gw 192.168.30.4 scope 0 <UNIVERSE>
Nov 05 11:19:50 blue-x21150002 connmand[278]: vpn0 {add} route 0.0.0.0
gw 0.0.0.0 scope 253 <LINK>
Nov 05 11:19:50 blue-x21150002 connmand[278]: Cannot move service. No
routes defined for provider test_vpn_test_vpn
i wrote a patch for removing the check and after applying the connection
works
--- a/src/service.c 2019-11-05 12:31:42.310731141 +0100
+++ b/src/service.c 2019-11-05 12:34:54.042859743 +0100
@@ -4820,17 +4820,6 @@
return __connman_error_invalid_service(msg);
if (target->type == CONNMAN_SERVICE_TYPE_VPN) {
- /*
- * We only allow VPN route splitting if there are
- * routes defined for a given VPN.
- */
- if (!__connman_provider_check_routes(target->provider)) {
- connman_info("Cannot move service. "
- "No routes defined for provider %s",
- __connman_provider_get_ident(target->provider));
- return __connman_error_invalid_service(msg);
- }
-
set_split_routing(target, true);
} else
set_split_routing(target, false);
Can this cause any other trouble?
Thank you!
Best regards,
Thomas
1 year, 2 months
[PATCH v0 0/3] Address a couple of warnings
by Daniel Wagner
- Replace deprecated GTimeVal with GDateTime
- Address the gcc string truncation warnings
Daniel Wagner (3):
service: Replace GTimeVal with GDateTime
tools: Replace GTimeVal with GDateTime
plugins/ethernet: Properly NUL-terminated strncpy() operations
plugins/ethernet.c | 7 ++++++-
src/service.c | 42 +++++++++++++++++++++++++++++++++++-------
tools/stats-tool.c | 11 ++++++++---
3 files changed, 49 insertions(+), 11 deletions(-)
--
2.23.0
1 year, 2 months
[PATCH] vpn-provider: make reset_error_counters() static
by Marcus Folkesson
Declare reset_error_counters() as static as it should not be
used in other contexts.
Get rid of this error from GCC 9.1.0:
vpn/vpn-provider.c:865:6: error: no previous declaration for
‘reset_error_counters’ [-Werror=missing-declarations]
865 | void reset_error_counters(struct vpn_provider *provider)
Signed-off-by: Marcus Folkesson <marcus.folkesson(a)gmail.com>
---
vpn/vpn-provider.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/vpn/vpn-provider.c b/vpn/vpn-provider.c
index b8b94cbf..08792ecc 100644
--- a/vpn/vpn-provider.c
+++ b/vpn/vpn-provider.c
@@ -862,7 +862,7 @@ static gchar **create_network_list(GSList *networks, gsize *count)
return result;
}
-void reset_error_counters(struct vpn_provider *provider)
+static void reset_error_counters(struct vpn_provider *provider)
{
if (!provider)
return;
--
2.23.0
1 year, 2 months
[PATCH] plugins/ethernet: fix strncpy errors with GCC>9.1
by Nicola Lunghi
From: Nicola Lunghi <nick83ola(a)gmail.com>
This fixes the following errors:
In function ‘strncpy’,
inlined from ‘get_dsa_port’ at plugins/ethernet.c:102:2:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10:
error: ‘__builtin_strncpy’ specified bound 16 equals destination size
[-Werror=stringop-truncation]
106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In function ‘strncpy’,
inlined from ‘get_dsa_port’ at plugins/ethernet.c:106:2:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10:
error: ‘__builtin_strncpy’ specified bound 24 equals destination size
[-Werror=stringop-truncation]
106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In function ‘strncpy’,
inlined from ‘get_dsa_port’ at plugins/ethernet.c:109:3:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10:
error: ‘__builtin_strncpy’ output may be truncated copying 16 bytes
from a string of length 23 [-Werror=stringop-truncation]
106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
CC plugins/src_connmand-neard.o
CC src/shared/connmand-util.o
CC src/shared/connmand-netlink.o
CC src/shared/connmand-arp.o
In function ‘strncpy’,
inlined from ‘get_vlan_vid’ at plugins/ethernet.c:76:2,
inlined from ‘add_network’ at plugins/ethernet.c:199:9,
inlined from ‘ethernet_newlink’ at plugins/ethernet.c:253:4:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10:
error: ‘__builtin_strncpy’ specified bound 24 equals destination size
[-Werror=stringop-truncation]
106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Nicola Lunghi <nick83ola(a)gmail.com>
---
plugins/ethernet.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/plugins/ethernet.c b/plugins/ethernet.c
index b0395c83..6ceb2266 100644
--- a/plugins/ethernet.c
+++ b/plugins/ethernet.c
@@ -73,7 +73,7 @@ static int get_vlan_vid(const char *ifname)
return -errno;
vifr.cmd = GET_VLAN_VID_CMD;
- strncpy(vifr.device1, ifname, sizeof(vifr.device1));
+ strncpy(vifr.device1, ifname, sizeof(vifr.device1) - 1);
if(ioctl(sk, SIOCSIFVLAN, &vifr) >= 0)
vid = vifr.u.VID;
@@ -99,14 +99,17 @@ static int get_dsa_port(const char *ifname)
return -errno;
memset(&ifr, 0, sizeof(ifr));
- strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
+ strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name) - 1);
/* check if it is a vlan and get physical interface name*/
vifr.cmd = GET_VLAN_REALDEV_NAME_CMD;
- strncpy(vifr.device1, ifname, sizeof(vifr.device1));
+ strncpy(vifr.device1, ifname, sizeof(vifr.device1) - 1);
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wstringop-truncation"
if(ioctl(sk, SIOCSIFVLAN, &vifr) >= 0)
- strncpy(ifr.ifr_name, vifr.u.device2, sizeof(ifr.ifr_name));
+ strncpy(ifr.ifr_name, vifr.u.device2, sizeof(ifr.ifr_name) - 1);
+#pragma GCC diagnostic pop
/* get driver info */
drvinfocmd.cmd = ETHTOOL_GDRVINFO;
--
2.20.1
1 year, 2 months
[PATCH] l2tp: Save 'exclusive' config value in lns context
by Jussi Laakkonen
The config value 'exclusive' must be saved in lns context. This is
because if written to lac context parsing will fail (versions 1.3.8 and
1.3.14 were tested):
xl2tpd[]: parse_config: line 12: 'exclusive' not valid in this context
This went undetected unless the option was set. By default, 'exclusive'
is not written to xl2tpd config. The xl2tpd documentation states that
"Most of those described in the LNS section may be used in a LAC
context, where it make common sense (essentially l2tp procotols tuning
flags and authentication / ppp related ones)."
Added a enum option OPT_L2LNS for defining other options to be used in
lns context only.
---
vpn/plugins/l2tp.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/vpn/plugins/l2tp.c b/vpn/plugins/l2tp.c
index ff5f08b9..422d6782 100644
--- a/vpn/plugins/l2tp.c
+++ b/vpn/plugins/l2tp.c
@@ -65,6 +65,7 @@ enum {
OPT_L2G = 2,
OPT_L2 = 3,
OPT_PPPD = 4,
+ OPT_L2LNS = 5,
};
struct {
@@ -83,7 +84,7 @@ struct {
{ "L2TP.DefaultRoute", "defaultroute", OPT_L2, NULL, OPT_STRING },
{ "L2TP.FlowBit", "flow bit", OPT_L2, NULL, OPT_STRING },
{ "L2TP.TunnelRWS", "tunnel rws", OPT_L2, NULL, OPT_STRING },
- { "L2TP.Exclusive", "exclusive", OPT_L2, NULL, OPT_STRING },
+ { "L2TP.Exclusive", "exclusive", OPT_L2LNS, NULL, OPT_STRING },
{ "L2TP.Autodial", "autodial", OPT_L2, "yes", OPT_STRING },
{ "L2TP.Redial", "redial", OPT_L2, "yes", OPT_STRING },
{ "L2TP.RedialTimeout", "redial timeout", OPT_L2, "10", OPT_STRING },
@@ -454,6 +455,9 @@ static int l2tp_write_config(struct vpn_provider *provider,
l2tp_write_option(fd, "[global]", NULL);
l2tp_write_fields(provider, fd, OPT_L2G);
+ l2tp_write_option(fd, "[lns]", NULL);
+ l2tp_write_fields(provider, fd, OPT_L2LNS);
+
l2tp_write_option(fd, "[lac l2tp]", NULL);
option = vpn_provider_get_string(provider, "Host");
--
2.20.1
1 year, 2 months
[PATCH] vpn: Set to use C locale with tasks used for running VPN processes
by Jussi Laakkonen
Set LANG and LC_ALL to C locale for each task used to run VPN processes.
This ensures that no translations are used.
The user for running VPN process can be changed with DACPrivileges
configuration (see commit 171989601a7a4fadafda20a7e6d30e9ada3fb516). If
the user is changed to other than what connman is ran with a specific
language may have been set. Plugins relying on correct output would fail in
such case.
---
vpn/plugins/vpn.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/vpn/plugins/vpn.c b/vpn/plugins/vpn.c
index eef8550e..16946c80 100644
--- a/vpn/plugins/vpn.c
+++ b/vpn/plugins/vpn.c
@@ -624,6 +624,15 @@ static int vpn_connect(struct vpn_provider *provider,
goto exist_err;
}
+ /*
+ * Change to use C locale, some VPN plugins use screen scraping for
+ * error parsing. To be on the safe side, set both LANG and LC_ALL.
+ * This is required especially when the VPN processes are ran using
+ * user other than root.
+ */
+ connman_task_add_variable(data->task,"LANG", "C");
+ connman_task_add_variable(data->task,"LC_ALL", "C");
+
ret = vpn_driver_data->vpn_driver->connect(provider, data->task,
data->if_name, cb, dbus_sender,
user_data);
--
2.20.1
1 year, 2 months