On 30 May 2017 at 06:10, Daniel Wagner <wagi(a)monom.org> wrote:
Old is for sure not the right term, it is from a different millennium! :)
Yes, it is one from the vaults... I wish I was in a position to replace it.
The iptables code in ConnMan is known to be not 100% correct on how it
creates the iptables. It seems to okay for modern kernels but that is
luck. One way around this problem could be to replace the ConnMan code
which creates the iptables with calling iptables shell command.
Obviously there would be some forks involved but that would be the
simplest solution in your situation I suppose. I wouldn't recommend to
spend time figuring out what ConnMan is doing and what the kernel expects.
I spend far too many hours myself on this topic. That's why I recommend to
use the nftable implementation usally but that is probably not going to fly
Thanks for the helpful suggestion. Has anyone else ever tried to do this?
Would you be able to point me in the right direction in terms of what
functional layer to insert iptables shell commands?
I can see that at __connman_iptables_insert() for example, I have a fairly
complete iptables parameter list already.
Should I just ifdef out the existing iptables API calls? The code is fairly
daunting to understand completely, so any help appreciated.
I got wifi working today, so I'm pretty pleased that side was so easy. It's
just the gadget interface that will take a bit more work.