Hi Daniel,

On 30 May 2017 at 06:10, Daniel Wagner <wagi@monom.org> wrote:
Old is for sure not the right term, it is from a different millennium! :)

Yes, it is one from the vaults... I wish I was in a position to replace it.

The iptables code in ConnMan is known to be not 100% correct on how it creates the iptables. It seems to okay for modern kernels but that is just luck. One way around this problem could be to replace the ConnMan code which creates the iptables with calling iptables shell command.

Obviously there would be some forks involved but that would be the simplest solution in your situation I suppose. I wouldn't recommend to spend time figuring out what ConnMan is doing and what the kernel expects. I spend far too many hours myself on this topic. That's why I recommend to use the nftable implementation usally but that is probably not going to fly with 2.6.

Thanks for the helpful suggestion. Has anyone else ever tried to do this?

Would you be able to point me in the right direction in terms of what functional layer to insert iptables shell commands?
I can see that at __connman_iptables_insert() for example, I have a fairly complete iptables parameter list already.
Should I just ifdef out the existing iptables API calls? The code is fairly daunting to understand completely, so any help appreciated.

I got wifi working today, so I'm pretty pleased that side was so easy. It's just the gadget interface that will take a bit more work.