10:59 a.m.
Until now for root NFS you either had to manually blacklist
the interface or disable connman all together
This patch automatically blacklists the interface the NFS server
is reachable from and populates the resolver entries that the
DHCP server provided on startup.
It is now possible to use a vanilla rootfs tarball without
having to manually edit connman configuration entries.
---
src/connman.h | 3 +
src/device.c | 5 +
src/inet.c | 294 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
src/resolver.c | 8 ++
4 files changed, 310 insertions(+)
diff --git a/src/connman.h b/src/connman.h
index ce3ef8d..f85d243 100644
--- a/src/connman.h
+++ b/src/connman.h
@@ -244,6 +244,9 @@ int __connman_inet_del_default_from_table(uint32_t table_id, int
ifindex, const
int __connman_inet_get_address_netmask(int ifindex,
struct sockaddr_in *address, struct sockaddr_in *netmask);
+bool __connman_inet_isrootnfs_device(const char *devname);
+char **__connman_inet_get_pnp_nameservers(const char *pnp_file);
+
#include <connman/resolver.h>
int __connman_resolver_init(gboolean dnsproxy);
diff --git a/src/device.c b/src/device.c
index 742b3c4..2e1a3cd 100644
--- a/src/device.c
+++ b/src/device.c
@@ -1321,6 +1321,11 @@ nodevice:
}
list:
+ if (__connman_inet_isrootnfs_device(devname)) {
+ DBG("ignoring device %s (rootnfs)", devname);
+ return true;
+ }
+
blacklisted_interfaces =
connman_setting_get_string_list("NetworkInterfaceBlacklist");
if (!blacklisted_interfaces)
diff --git a/src/inet.c b/src/inet.c
index 803f0e6..0f2151c 100644
--- a/src/inet.c
+++ b/src/inet.c
@@ -2964,3 +2964,297 @@ out:
close(sk);
return ret;
}
+
+static int get_nfs_server_ip(const char *cmdline_file, const char *pnp_file,
+ struct in_addr *addr)
+{
+ char *s, *nfsargs;
+ int len;
+ char addrstr[INET_ADDRSTRLEN];
+ struct in_addr taddr;
+ GError *error = NULL;
+ char *cmdline = NULL;
+ char *pnp = NULL;
+ char **args = NULL;
+ char **pnpent = NULL;
+ char **pp = NULL;
+ int err = -1;
+
+ if (!cmdline_file)
+ cmdline_file = "/proc/cmdline";
+ if (!pnp_file)
+ pnp_file = "/proc/net/pnp";
+ if (!addr)
+ addr = &taddr;
+ addr->s_addr = INADDR_NONE;
+
+ if (!g_file_get_contents(cmdline_file, &cmdline, NULL, &error)) {
+ connman_error("%s: Cannot read %s %s\n", __func__,
+ cmdline_file, error->message);
+ goto out;
+ }
+
+ if (!g_file_get_contents(pnp_file, &pnp, NULL, &error)) {
+ connman_error("%s: Cannot read %s %s\n", __func__,
+ pnp_file, error->message);
+ goto out;
+ }
+
+ len = strlen(cmdline);
+ if (len <= 1) {
+ /* too short */
+ goto out;
+ }
+ /* remove newline */
+ if (cmdline[len - 1] == '\n')
+ cmdline[--len] = '\0';
+
+ /* split in arguments (seperated by space) */
+ args = g_strsplit(cmdline, " ", 0);
+ if (!args) {
+ connman_error("%s: Cannot split cmdline \"%s\"\n", __func__,
+ cmdline);
+ goto out;
+ }
+
+ /* split in entries (by newlines) */
+ pnpent = g_strsplit(pnp, "\n", 0);
+ if (!pnpent) {
+ connman_error("%s: Cannot split pnp at file \"%s\"\n", __func__,
+ pnp_file);
+ goto out;
+ }
+
+ /* first find root argument */
+ for (pp = args; *pp; pp++) {
+ if (!strcmp(*pp, "root=/dev/nfs"))
+ break;
+ }
+ /* no rootnfs found */
+ if (!*pp)
+ goto out;
+
+ /* locate nfsroot argument */
+ for (pp = args; *pp; pp++) {
+ if (!strncmp(*pp, "nfsroot=", strlen("nfsroot=")))
+ break;
+ }
+ /* no nfsroot argument found */
+ if (!*pp)
+ goto out;
+
+ /* determine if nfsroot server is provided */
+ nfsargs = strchr(*pp, '=');
+ if (!nfsargs)
+ goto out;
+ nfsargs++;
+
+ /* find whether serverip is present */
+ s = strchr(nfsargs, ':');
+ if (s) {
+ len = s - nfsargs;
+ s = nfsargs;
+ } else {
+ /* no serverip, use bootserver */
+ for (pp = pnpent; *pp; pp++) {
+ if (!strncmp(*pp, "bootserver ", strlen("bootserver ")))
+ break;
+ }
+ /* no bootserver found */
+ if (!*pp)
+ goto out;
+ s = *pp + strlen("bootserver ");
+ len = strlen(s);
+ }
+
+ /* copy to addr string buffer */
+ if (len >= sizeof(addrstr)) {
+ connman_error("%s: Bad server\n", __func__);
+ goto out;
+ }
+ memcpy(addrstr, s, len);
+ addrstr[len] = '\0';
+
+ err = inet_pton(AF_INET, addrstr, addr);
+ if (err <= 0) {
+ connman_error("%s: Cannot convert to numeric addr \"%s\"\n",
+ __func__, addrstr);
+ err = -1;
+ goto out;
+ }
+
+ /* all done */
+ err = 0;
+out:
+ g_strfreev(pnpent);
+ g_strfreev(args);
+ if (error)
+ g_error_free(error);
+ g_free(pnp);
+ g_free(cmdline);
+
+ return err;
+}
+
+/* get interface out of which peer is reachable (IPv4 only) */
+static int get_peer_iface(struct in_addr *addr, char *ifname)
+{
+ struct ifaddrs *ifaddr, *ifa;
+ struct sockaddr_in saddr, *ifsaddr;
+ socklen_t socklen;
+ int s;
+ int err = -1;
+
+ /* Obtain address(es) matching host/port */
+ err = getifaddrs(&ifaddr);
+ if (err < 0) {
+ connman_error("%s: getifaddrs() failed %d (%s)\n",
+ __func__, errno, strerror(errno));
+ return -1;
+ }
+
+ s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
+ if (s < 0) {
+ connman_error("%s: socket() failed %d (%s)\n",
+ __func__, errno, strerror(errno));
+ return -1;
+ }
+
+ memset(&saddr, 0, sizeof(saddr));
+ saddr.sin_family = AF_INET;
+ saddr.sin_port = 0; /* any port */
+ saddr.sin_addr = *addr;
+
+ /* no need to bind, connect will select iface */
+ err = connect(s, (struct sockaddr *)&saddr, sizeof(struct sockaddr_in));
+ if (err < 0) {
+ connman_error("%s: connect() failed: %d (%s)\n",
+ __func__, errno, strerror(errno));
+ goto out;
+ }
+
+ socklen = sizeof(saddr);
+ err = getsockname(s, (struct sockaddr *)&saddr, &socklen);
+ if (err < 0) {
+ connman_error("%s: getsockname() failed: %d (%s)\n",
+ __func__, errno, strerror(errno));
+ goto out;
+ }
+
+ err = -1;
+ for (ifa = ifaddr; ifa; ifa = ifa->ifa_next) {
+ if (!ifa->ifa_addr)
+ continue;
+
+ /* only IPv4 address */
+ if (ifa->ifa_addr->sa_family != AF_INET)
+ continue;
+
+ ifsaddr = (struct sockaddr_in *)ifa->ifa_addr;
+
+ /* match address? */
+ if (ifsaddr->sin_addr.s_addr == saddr.sin_addr.s_addr)
+ break;
+ }
+
+ if (ifa) {
+ err = 0;
+ if (ifname)
+ strcpy(ifname, ifa->ifa_name);
+ }
+
+out:
+ close(s);
+
+ freeifaddrs(ifaddr);
+
+ return err;
+}
+
+bool __connman_inet_isrootnfs_device(const char *devname)
+{
+ struct in_addr addr;
+ char ifname[IFNAMSIZ];
+
+ return get_nfs_server_ip(NULL, NULL, &addr) == 0 &&
+ get_peer_iface(&addr, ifname) == 0 &&
+ strcmp(devname, ifname) == 0;
+}
+
+char **__connman_inet_get_pnp_nameservers(const char *pnp_file)
+{
+ char **pp;
+ char *s;
+ int pass, count;
+ GError *error = NULL;
+ char *pnp = NULL;
+ char **pnpent = NULL;
+ char **nameservers = NULL;
+
+ if (!pnp_file)
+ pnp_file = "/proc/net/pnp";
+
+ if (!g_file_get_contents(pnp_file, &pnp, NULL, &error)) {
+ connman_error("%s: Cannot read %s %s\n", __func__,
+ pnp_file, error->message);
+ goto out;
+ }
+
+ /* split in entries (by newlines) */
+ pnpent = g_strsplit(pnp, "\n", 0);
+ if (!pnpent) {
+ connman_error("%s: Cannot split pnp \"%s\"\n", __func__,
+ pnp_file);
+ goto out;
+ }
+
+ /*
+ * Perform two passes to retreive a char ** array of
+ * nameservers that are not 0.0.0.0
+ *
+ * The first pass counts them, the second fills in the
+ * array.
+ */
+ count = 0;
+ nameservers = NULL;
+ for (pass = 1; pass <= 2; pass++) {
+
+ /* at the start of the second pass allocate */
+ if (pass == 2)
+ nameservers = g_new(char *, count + 1);
+
+ count = 0;
+ for (pp = pnpent; *pp; pp++) {
+ /* match 'nameserver ' at the start of each line */
+ if (strncmp(*pp, "nameserver ", strlen("nameserver ")))
+ continue;
+
+ /* compare it against 0.0.0.0 */
+ s = *pp + strlen("nameserver ");
+ if (!strcmp(s, "0.0.0.0"))
+ continue;
+
+ /* on second pass fill in array */
+ if (pass == 2)
+ nameservers[count] = g_strdup(s);
+ count++;
+ }
+
+ /* no nameservers? */
+ if (count == 0)
+ goto out;
+
+ /* and terminate char ** array with NULL */
+ if (pass == 2)
+ nameservers[count] = NULL;
+
+ }
+
+out:
+ g_strfreev(pnpent);
+ g_free(pnp);
+ if (error)
+ g_error_free(error);
+
+ return nameservers;
+}
diff --git a/src/resolver.c b/src/resolver.c
index c4adbc6..75ea5ba 100644
--- a/src/resolver.c
+++ b/src/resolver.c
@@ -659,6 +659,14 @@ int __connman_resolver_init(gboolean dnsproxy)
DBG("dnsproxy %d", dnsproxy);
+ /* get autoip nameservers */
+ ns = __connman_inet_get_pnp_nameservers(NULL);
+ for (i = 0; ns && ns[i]; i += 1) {
+ DBG("pnp server %s", ns[i]);
+ append_resolver(i, NULL, ns[i], 86400, 0);
+ }
+ g_strfreev(ns);
+
if (!dnsproxy)
return 0;
--
2.1.4
11:34 p.m.
Hi Pantelis,
On 11/30/2016 07:59 PM, Pantelis Antoniou wrote:
Until now for root NFS you either had to manually blacklist
the interface or disable connman all together
This patch automatically blacklists the interface the NFS server
is reachable from and populates the resolver entries that the
DHCP server provided on startup.
It is now possible to use a vanilla rootfs tarball without
having to manually edit connman configuration entries.
Thanks for v2. I did get a compile error:
src/inet.c: In function ‘get_nfs_server_ip’:
src/inet.c:3071:10: error: comparison between signed and unsigned
integer expressions [-Werror=sign-compare]
if (len >= sizeof(addrstr)) {
^~
fixed it with this here:
diff --git a/src/inet.c b/src/inet.c
index 0f2151cd4c3e..8e8805408b92 100644
--- a/src/inet.c
+++ b/src/inet.c
@@ -2969,7 +2969,7 @@ static int get_nfs_server_ip(const char
*cmdline_file, const char *pnp_file,
struct in_addr *addr)
{
char *s, *nfsargs;
- int len;
+ size_t len;
char addrstr[INET_ADDRSTRLEN];
struct in_addr taddr;
GError *error = NULL;
Can you double check if the type is correct. A quick test
showed that everything works as expected. That is if one has no
NFS as rootfs everything still works :)
Patch applied and pushed.
Thanks,
Daniel
12:22 a.m.
Hi Daniel,
On Dec 1, 2016, at 09:34 , Daniel Wagner <wagi(a)monom.org>
wrote:
Hi Pantelis,
On 11/30/2016 07:59 PM, Pantelis Antoniou wrote:
> Until now for root NFS you either had to manually blacklist
> the interface or disable connman all together
>
> This patch automatically blacklists the interface the NFS server
> is reachable from and populates the resolver entries that the
> DHCP server provided on startup.
>
> It is now possible to use a vanilla rootfs tarball without
> having to manually edit connman configuration entries.
Thanks for v2. I did get a compile error:
src/inet.c: In function ‘get_nfs_server_ip’:
src/inet.c:3071:10: error: comparison between signed and unsigned integer expressions
[-Werror=sign-compare]
if (len >= sizeof(addrstr)) {
^~
fixed it with this here:
diff --git a/src/inet.c b/src/inet.c
index 0f2151cd4c3e..8e8805408b92 100644
--- a/src/inet.c
+++ b/src/inet.c
@@ -2969,7 +2969,7 @@ static int get_nfs_server_ip(const char *cmdline_file, const char
*pnp_file,
struct in_addr *addr)
{
char *s, *nfsargs;
- int len;
+ size_t len;
char addrstr[INET_ADDRSTRLEN];
struct in_addr taddr;
GError *error = NULL;
Yeah, that’s better; my compiler version let it pass.
Can you double check if the type is correct. A quick test
showed that everything works as expected. That is if one has no
NFS as rootfs everything still works :)
Yep, I will do so.
Patch applied and pushed.
Thank you.
Thanks,
Daniel
Regards
— Pantelis
3:03 a.m.
Hi Daniel,
On Dec 1, 2016, at 09:34 , Daniel Wagner <wagi(a)monom.org>
wrote:
Hi Pantelis,
On 11/30/2016 07:59 PM, Pantelis Antoniou wrote:
> Until now for root NFS you either had to manually blacklist
> the interface or disable connman all together
>
> This patch automatically blacklists the interface the NFS server
> is reachable from and populates the resolver entries that the
> DHCP server provided on startup.
>
> It is now possible to use a vanilla rootfs tarball without
> having to manually edit connman configuration entries.
Thanks for v2. I did get a compile error:
src/inet.c: In function ‘get_nfs_server_ip’:
src/inet.c:3071:10: error: comparison between signed and unsigned integer expressions
[-Werror=sign-compare]
if (len >= sizeof(addrstr)) {
^~
fixed it with this here:
diff --git a/src/inet.c b/src/inet.c
index 0f2151cd4c3e..8e8805408b92 100644
--- a/src/inet.c
+++ b/src/inet.c
@@ -2969,7 +2969,7 @@ static int get_nfs_server_ip(const char *cmdline_file, const char
*pnp_file,
struct in_addr *addr)
{
char *s, *nfsargs;
- int len;
+ size_t len;
char addrstr[INET_ADDRSTRLEN];
struct in_addr taddr;
GError *error = NULL;
Can you double check if the type is correct. A quick test
showed that everything works as expected. That is if one has no
NFS as rootfs everything still works :)
Patch applied and pushed.
Just checked on my side; everything works as expected. I’d love others
to pitch in about their results.
Thanks,
Daniel
Regards
— Pantelis
12:29 a.m.
On Wed, 2016-11-30 at 20:59 +0200, Pantelis Antoniou wrote:
Until now for root NFS you either had to manually blacklist
the interface or disable connman all together
This patch automatically blacklists the interface the NFS server
is reachable from and populates the resolver entries that the
DHCP server provided on startup.
It is now possible to use a vanilla rootfs tarball without
having to manually edit connman configuration entries.
That looks like it supports Legacy IP only. Is that also true of the
kernel's built-in nfsroot support, or did that get brought into the
21st century? And part of the *reason* for not updating the old nfsroot
support in the kernel is that it can be done from an initramfs....
should we attempt to handle that case too?
--
dwmw2
12:39 a.m.
Hi David,
On Dec 1, 2016, at 10:29 , David Woodhouse
<dwmw2(a)infradead.org> wrote:
On Wed, 2016-11-30 at 20:59 +0200, Pantelis Antoniou wrote:
> Until now for root NFS you either had to manually blacklist
> the interface or disable connman all together
>
> This patch automatically blacklists the interface the NFS server
> is reachable from and populates the resolver entries that the
> DHCP server provided on startup.
>
> It is now possible to use a vanilla rootfs tarball without
> having to manually edit connman configuration entries.
That looks like it supports Legacy IP only. Is that also true of the
kernel's built-in nfsroot support, or did that get brought into the
21st century? And part of the *reason* for not updating the old nfsroot
support in the kernel is that it can be done from an initramfs....
should we attempt to handle that case too?
In-kernel support is IPv4 as far as I know so that’s why this is
IPv4 only. It is not hard to add IPv6 support.
When using initram rootnfs and rootnfs? I haven’t tried it but it should
be possible to detect that your root is on an NFS share. All you need is
to find out the server ip and the same method to find the interface to
blacklist.
Personally I dislike using initramfs on embedded systems because a) uses up
memory for not a particularly valid reason b) slows down boot and c) on
an embedded system you have a pretty good chance of booting directly without
needing to load non-free drivers from initramfs. Unfortunately most PC based
distros seem to use it :)
If someone wants to do it, please go ahead ;)
--
dwmw2
Regards
— Pantelis
5:32 a.m.
Hi Pantelis,
On 12/01/2016 09:39 AM, Pantelis Antoniou wrote:
> On Dec 1, 2016, at 10:29 , David Woodhouse
<dwmw2(a)infradead.org> wrote:
>
> On Wed, 2016-11-30 at 20:59 +0200, Pantelis Antoniou wrote:
>> Until now for root NFS you either had to manually blacklist
>> the interface or disable connman all together
>>
>> This patch automatically blacklists the interface the NFS server
>> is reachable from and populates the resolver entries that the
>> DHCP server provided on startup.
>>
>> It is now possible to use a vanilla rootfs tarball without
>> having to manually edit connman configuration entries.
>
> That looks like it supports Legacy IP only. Is that also true of the
> kernel's built-in nfsroot support, or did that get brought into the
> 21st century? And part of the *reason* for not updating the old nfsroot
> support in the kernel is that it can be done from an initramfs....
> should we attempt to handle that case too?
>
In-kernel support is IPv4 as far as I know so that’s why this is
IPv4 only. It is not hard to add IPv6 support.
When using initram rootnfs and rootnfs? I haven’t tried it but it should
be possible to detect that your root is on an NFS share. All you need is
to find out the server ip and the same method to find the interface to
blacklist.
Personally I dislike using initramfs on embedded systems because a) uses up
memory for not a particularly valid reason b) slows down boot and c) on
an embedded system you have a pretty good chance of booting directly without
needing to load non-free drivers from initramfs. Unfortunately most PC based
distros seem to use it :)
If someone wants to do it, please go ahead ;)
At least if you don't want to do it, send a patch which adds it to TODO
file so we don't forget it.
Thanks,
Daniel
7:37 a.m.
Hi Daniel,
On Dec 1, 2016, at 15:32 , Daniel Wagner <wagi(a)monom.org>
wrote:
Hi Pantelis,
On 12/01/2016 09:39 AM, Pantelis Antoniou wrote:
>> On Dec 1, 2016, at 10:29 , David Woodhouse <dwmw2(a)infradead.org> wrote:
>>
>> On Wed, 2016-11-30 at 20:59 +0200, Pantelis Antoniou wrote:
>>> Until now for root NFS you either had to manually blacklist
>>> the interface or disable connman all together
>>>
>>> This patch automatically blacklists the interface the NFS server
>>> is reachable from and populates the resolver entries that the
>>> DHCP server provided on startup.
>>>
>>> It is now possible to use a vanilla rootfs tarball without
>>> having to manually edit connman configuration entries.
>>
>> That looks like it supports Legacy IP only. Is that also true of the
>> kernel's built-in nfsroot support, or did that get brought into the
>> 21st century? And part of the *reason* for not updating the old nfsroot
>> support in the kernel is that it can be done from an initramfs....
>> should we attempt to handle that case too?
>>
>
> In-kernel support is IPv4 as far as I know so that’s why this is
> IPv4 only. It is not hard to add IPv6 support.
>
> When using initram rootnfs and rootnfs? I haven’t tried it but it should
> be possible to detect that your root is on an NFS share. All you need is
> to find out the server ip and the same method to find the interface to
> blacklist.
>
> Personally I dislike using initramfs on embedded systems because a) uses up
> memory for not a particularly valid reason b) slows down boot and c) on
> an embedded system you have a pretty good chance of booting directly without
> needing to load non-free drivers from initramfs. Unfortunately most PC based
> distros seem to use it :)
>
> If someone wants to do it, please go ahead ;)
At least if you don't want to do it, send a patch which adds it to TODO file so we
don't forget it.
I didn’t say that :) I just don’t have a setup that uses this scheme.
If someone else has it and willing to share something that’s easy enough to replicate I
can
give it a whirl.
Thanks,
Daniel
Regards
— Pantelis
11:52 a.m.
Hi Pantelis,
> At least if you don't want to do it, send a patch which adds
it to TODO file so we don't forget it.
>
I didn’t say that :) I just don’t have a setup that uses this scheme.
If someone else has it and willing to share something that’s easy enough to replicate I
can
give it a whirl.
Glad to hear that!
Thanks for taking the task. Really appreciated.
cheers,
daniel
1514
days inactive
1515
days old
8 comments
3 participants
participants (3)
-
Daniel Wagner -
David Woodhouse -
Pantelis Antoniou