On 05/29/2017 04:17 AM, Jeff Gray wrote:
I am a new user of connman. The project is an older embedded system
is being updated to use it.
Atmel AT91-RM9200 CPU
Linux-2.6.33-7 - older kernel which I can't upgrade due to binary
drivers. But I can recompile with new modules if needed. I have built
almost everything in the netfilter area as modules after reading several
Old is for sure not the right term, it is from a different millennium! :)
buildroot-2017-02 used to build system, so everything is pretty
apart from the kernel.
Ethernet is working well. I am adding a USB gadget with tethering to
allow the device to be connected to Windows PCs as a USB device. This
requires the DHCP server in connman to be run. usb0 is recognized as a
gadget by connman. Tethering is initiated by sending:
connmanctl tether gadget on
After running my tethering command, lsmod shows:
iptable_filter 1184 1
iptable_nat 3573 0
nf_nat 15825 1 iptable_nat
nf_conntrack_ipv4 11680 3 iptable_nat,nf_nat
nf_conntrack 52431 3 iptable_nat,nf_nat,nf_conntrack_ipv4
nf_defrag_ipv4 857 1 nf_conntrack_ipv4
ip_tables 8885 2 iptable_filter,iptable_nat
x_tables 10528 2 iptable_nat,ip_tables
bridge 45118 0
stp 1318 1 bridge
llc 3094 2 bridge,stp
ipv6 221360 12
ohci_hcd 25436 0
cfg80211 116559 0
rfkill 13468 2 cfg80211
g_ether 42777 0
usbcore 151944 2 ohci_hcd
Running connmand with --debug=src/iptables.c,src/firewall-iptables.c:
Bridge firewalling registered
connmand: Failed to bind UDP listener socket
connmand: Failed to bind TCP listener socket
connmand: DHCP server: option_code 1 option_value 255.255.255.0
connmand: DHCP server: option_code 3 option_value 192.168.0.1
connmand: DHCP server: option_code 6 option_value 192.168.0.1
connmand: src/firewall-iptables.c:enable_rule() nat POSTROUTING -s
-o eth0 -j MASQUERADE
connmand: src/iptables.c:__connman_iptables_new_chain() -t nat -N
connmand: src/iptables.c:iptables_init() nat
ip_tables: (C) 2000-2006 Netfilter Core Team
nf_conntrack version 0.5.0 (464 buckets, 1856 max)
CONFIG_NF_CT_ACCT is deprecated and will be removed soon. Please use
nf_conntrack.acct=1 kernel parameter, acct=1 nf_conntrack module option or
sysctl net.netfilter.nf_conntrack_acct=1 to enable it.
connmand: src/iptables.c:iptables_add_chain() table nat chain
connmand: src/iptables.c:__connman_iptables_insert() -t nat -I
POSTROUTING -j connman-POSTROUTING
connmand: src/iptables.c:iptables_insert_rule() table nat chain
connmand: src/iptables.c:__connman_iptables_delete_chain() -t nat
connmand: src/iptables.c:iptables_delete_chain() table nat chain
connmand: Cannot enable NAT -22/Invalid argument
connmand: Add interface to bridge error No such device
Debugging further I've found that find_chain_head is getting
a target->data value of "ERROR", so it returns null.
iptables_insert_rule detects this, so it returns -EINVAL.
I inserted a system() call to dump iptables just before the error & I
can see that nothing has been defined other than
defaults. connman-POSTROUTING does not exist (but I'm not sure if it's
supposed to at this stage).
connmand appears to be working well in other regards. I can run many
commands & get good results. iptables is also working fine - I can add
NAT chains & rules without error.
At this stage I'm a bit lost as to where to look. Is it a problem with
my kernel/modules not being set up properly or in connman config?
The iptables code in ConnMan is known to be not 100% correct on how it
creates the iptables. It seems to okay for modern kernels but that is
just luck. One way around this problem could be to replace the ConnMan
code which creates the iptables with calling iptables shell command.
Obviously there would be some forks involved but that would be the
simplest solution in your situation I suppose. I wouldn't recommend to
spend time figuring out what ConnMan is doing and what the kernel
expects. I spend far too many hours myself on this topic. That's why I
recommend to use the nftable implementation usally but that is probably
not going to fly with 2.6.