Daniel Wagner [Thu, 21 Feb 2013 16:42:28 +0000 (17:42 +0100)]
iptables: Free xtables entry when removing one entry from the table
Daniel Wagner [Thu, 21 Feb 2013 16:42:27 +0000 (17:42 +0100)]
test-iptables: Fix memory leak
Daniel Wagner [Thu, 21 Feb 2013 16:42:26 +0000 (17:42 +0100)]
test-iptables: Delete all rules in target0
Patrik Flykt [Wed, 20 Feb 2013 11:53:36 +0000 (13:53 +0200)]
client: Remove the now obsolete command parsing functions
Patrik Flykt [Wed, 20 Feb 2013 11:45:52 +0000 (13:45 +0200)]
client: Remove unused functions
Remove find_service() as it is no longer used and match_service_name()
which was only used by find_service().
Patrik Flykt [Wed, 20 Feb 2013 11:43:57 +0000 (13:43 +0200)]
client: Factor out monitor command
Patrik Flykt [Wed, 20 Feb 2013 11:29:37 +0000 (13:29 +0200)]
client: Create monitor helper functions
Patrik Flykt [Tue, 19 Feb 2013 20:42:48 +0000 (22:42 +0200)]
client: Factor out technology enable and disable commands
Patrik Flykt [Tue, 19 Feb 2013 20:41:47 +0000 (22:41 +0200)]
client: Wait for a reply from Manager API
Patrik Flykt [Tue, 19 Feb 2013 20:39:57 +0000 (22:39 +0200)]
client: Wait for a reply from Technology API
Also reduce logging.
Patrik Flykt [Tue, 19 Feb 2013 20:20:01 +0000 (22:20 +0200)]
client: Factor out scan command
Patrik Flykt [Tue, 19 Feb 2013 20:18:47 +0000 (22:18 +0200)]
client: Reduce technology logging
Reduce technology logging messages and modify the remaining one. Also
free the DBusError.
Patrik Flykt [Tue, 19 Feb 2013 20:00:08 +0000 (22:00 +0200)]
client: Factor out disconnect command
Patrik Flykt [Tue, 19 Feb 2013 19:57:24 +0000 (21:57 +0200)]
client: Factor out connect command
Patrik Flykt [Tue, 19 Feb 2013 19:55:42 +0000 (21:55 +0200)]
client: Don't look up service on connect or disconnect
Attempt to connect or disconnect without looking up the service in
advace. Fix memory leak and update the error message.
Patrik Flykt [Tue, 19 Feb 2013 19:36:24 +0000 (21:36 +0200)]
client: Factor out technologies command
Patrik Flykt [Tue, 19 Feb 2013 19:34:15 +0000 (21:34 +0200)]
client: Factor out state command
Patrik Flykt [Tue, 19 Feb 2013 19:33:32 +0000 (21:33 +0200)]
client: Print out any errors on command execution
Patrik Flykt [Tue, 19 Feb 2013 13:29:04 +0000 (15:29 +0200)]
client: Factor out config command
Using the lengths returned from the property setting functions more than
one config option can be specified on the command line. Use the simple
argument parsing function as getopt is slightly limited in functionality.
Patrik Flykt [Wed, 20 Feb 2013 08:49:48 +0000 (10:49 +0200)]
client: Wait for a reply when removing service
Patrik Flykt [Tue, 19 Feb 2013 13:24:14 +0000 (15:24 +0200)]
client: Fix setting service properties
Set properties for a service ignoring any cached lookups. Send the method
call only if ther is no error. When sending, wait for the result in order
to see if the method call succeeded.
Patrik Flykt [Wed, 20 Feb 2013 13:55:44 +0000 (15:55 +0200)]
client: Quick fix for parsing IPv6.Configuration correctly
Fixes BMC#25925
Patrik Flykt [Tue, 19 Feb 2013 13:20:05 +0000 (15:20 +0200)]
client: Return number of arguments processed when setting properties
Patrik Flykt [Tue, 19 Feb 2013 13:16:52 +0000 (15:16 +0200)]
client: Return number of proxies added
Patrik Flykt [Tue, 19 Feb 2013 13:13:03 +0000 (15:13 +0200)]
client: Return the number of proxy arguments discovered
Patrik Flykt [Tue, 19 Feb 2013 12:44:23 +0000 (14:44 +0200)]
client: Return the number of added dict entries
Check that both the dict entry name and data are non-NULL, the dict data
does not start with '--' indicating a new option and that the length is
not exhausted. Return the number of dict entries.
Patrik Flykt [Tue, 19 Feb 2013 12:40:44 +0000 (14:40 +0200)]
client: Return the number of added array entries
Check that the array element is non-NULL, does not start with '--' indicating
a new option or that the array length is not exhausted. Return the number of
array elements added.
Patrik Flykt [Tue, 19 Feb 2013 13:26:46 +0000 (15:26 +0200)]
client: Factor out services command
Update the help printout as well, '--properties' is not mandatory. Add a
simple argument parsing function.
Patrik Flykt [Wed, 20 Feb 2013 11:42:05 +0000 (13:42 +0200)]
client: Add boolean parsing helper function
Patrik Flykt [Tue, 12 Feb 2013 19:57:23 +0000 (21:57 +0200)]
client: Fix up interactive option parsing
Use g_strsplit to get a NULL terminated array of chars and compute the
number of array items.
Patrik Flykt [Tue, 12 Feb 2013 19:56:29 +0000 (21:56 +0200)]
client: Make DBusConnection global
Patrik Flykt [Tue, 12 Feb 2013 12:40:15 +0000 (14:40 +0200)]
client: Factor out help implementation
Use command table to produce help text. Add description texts for various
options and use both option and description arrays to produce option help
texts. Remove old help printing function.
Patrik Flykt [Tue, 12 Feb 2013 11:55:34 +0000 (13:55 +0200)]
client: Create prototypes for all commands
Provide the infrastructure to factor out the commands.
Jukka Rissanen [Tue, 19 Feb 2013 08:45:08 +0000 (10:45 +0200)]
vpn-provider: SetProperty works with all properties
Jukka Rissanen [Tue, 19 Feb 2013 08:45:07 +0000 (10:45 +0200)]
vpn-provider: ClearProperty works with all properties
Jukka Rissanen [Tue, 19 Feb 2013 08:45:06 +0000 (10:45 +0200)]
vpn-provider: Allow use of Domain property name
Allow use of both VPN.Domain and Domain property strings.
Jukka Rissanen [Tue, 19 Feb 2013 08:45:05 +0000 (10:45 +0200)]
vpn-provider: Add GetProperties method implementation
Jukka Rissanen [Tue, 19 Feb 2013 08:45:04 +0000 (10:45 +0200)]
vpn-provider: Do not send state property if state is not changed
Jukka Rissanen [Tue, 19 Feb 2013 08:45:03 +0000 (10:45 +0200)]
vpn-provider: Setting VPN properties will send PropertyChanged signal
Jukka Rissanen [Tue, 19 Feb 2013 08:45:02 +0000 (10:45 +0200)]
doc: Add description of GetProperties method
Jukka Rissanen [Tue, 19 Feb 2013 08:45:01 +0000 (10:45 +0200)]
test: Script for getting, setting and clearing VPN properties
Jukka Rissanen [Wed, 13 Feb 2013 15:29:06 +0000 (17:29 +0200)]
vpn-provider: Set the state to FAILURE after auth error
Jukka Rissanen [Wed, 13 Feb 2013 15:29:05 +0000 (17:29 +0200)]
vpn-provider: Go internally into IDLE after FAILURE
Do not stay in FAILURE state as clients like connmand can
get confused about our current state. Symptom for the problem
is that after a failed connect attempt, a new connect attempt
by the client would cause immediately a failure return code
because vpnd is still in FAILURE state. The actual connect
attempt might still succeed but then the client would not
know about the success status.
By setting the state to IDLE we avoid this confusion.
Jukka Rissanen [Wed, 13 Feb 2013 15:29:04 +0000 (17:29 +0200)]
vpn: Ignore VPN UserRoutes and ServerRoutes properties
These properties are not needed here so ignore them.
Jukka Rissanen [Wed, 13 Feb 2013 15:29:03 +0000 (17:29 +0200)]
error: Handle ECONNREFUSED gracefully in dbus error handler
Jukka Rissanen [Wed, 13 Feb 2013 15:29:02 +0000 (17:29 +0200)]
pptp: Set the username/password before starting daemon
This is required in order to avoid free memory access that
is happening if we call vpn_provider_set_string() with same
string that is already in the settings db.
Jukka Rissanen [Wed, 13 Feb 2013 15:29:01 +0000 (17:29 +0200)]
l2tp: Set the username/password before starting daemon
This is required in order to avoid free memory access that
is happening if we call vpn_provider_set_string() with same
string that is already in the settings db.
Jukka Rissanen [Wed, 13 Feb 2013 15:29:00 +0000 (17:29 +0200)]
vpn-provider: Make state debug print more useful
Print the state value as a string as it is useful information.
Jukka Rissanen [Wed, 13 Feb 2013 15:28:59 +0000 (17:28 +0200)]
vpn-provider: Avoid printing password to log files
Add a variant to vpn_provider_set_string() that does not print
sensitive data like password in clear text to log files.
Jukka Rissanen [Wed, 13 Feb 2013 15:28:58 +0000 (17:28 +0200)]
l2tp: Clear password if authentication fails
This allows plugin to query agent so that user can give
correct password.
Jukka Rissanen [Wed, 13 Feb 2013 15:28:57 +0000 (17:28 +0200)]
pptp: Clear password if authentication fails
This allows plugin to query agent so that user can give
new password.
Fixes BMC#25963
Jukka Rissanen [Mon, 18 Feb 2013 15:23:44 +0000 (17:23 +0200)]
main: Create VPN_STORAGEDIR when starting up
Eventually all VPN directories from STORAGEDIR is to be
migrated into VPN_STORAGEDIR
Jukka Rissanen [Mon, 18 Feb 2013 15:23:43 +0000 (17:23 +0200)]
TODO: Add note about removal of L2TP and PPTP prefix for PPP options
Jukka Rissanen [Mon, 18 Feb 2013 15:23:42 +0000 (17:23 +0200)]
vpn-provider: Add extra whitespace
Jukka Rissanen [Mon, 18 Feb 2013 15:23:41 +0000 (17:23 +0200)]
vpn-provider: Add route support in vpn config file
Jukka Rissanen [Mon, 18 Feb 2013 15:23:40 +0000 (17:23 +0200)]
vpn-provider: Remove unprovisioned providers at startup
Check if there are any providers that were provisioned
but their .config file is removed. If such providers are found,
then remove the provider files from file system.
Jukka Rissanen [Mon, 18 Feb 2013 15:23:39 +0000 (17:23 +0200)]
vpn-provider: Type string in provider needs to be in lower case
Jukka Rissanen [Mon, 18 Feb 2013 15:23:38 +0000 (17:23 +0200)]
vpn-config: Provision providers from .config file
Jukka Rissanen [Mon, 18 Feb 2013 15:23:37 +0000 (17:23 +0200)]
vpn-provider: Initial .config file support
Jukka Rissanen [Mon, 18 Feb 2013 15:23:36 +0000 (17:23 +0200)]
storage: Add function to load provider configuration file
Jukka Rissanen [Mon, 18 Feb 2013 15:23:35 +0000 (17:23 +0200)]
doc: VPN config file specification
Jukka Rissanen [Mon, 18 Feb 2013 15:23:34 +0000 (17:23 +0200)]
pptp: Use PPPD prefix for pppd specific options
For backward compatibility purposes, support also the PPTP prefix
for PPPD options.
Jukka Rissanen [Mon, 18 Feb 2013 15:23:33 +0000 (17:23 +0200)]
l2tp: Use PPPD prefix for pppd specific options
For backward compatibility purposes, support also the L2TP prefix
for PPPD options.
Jukka Rissanen [Mon, 18 Feb 2013 15:23:32 +0000 (17:23 +0200)]
l2tp: Add rx and tx bps pppd options
Jukka Rissanen [Mon, 18 Feb 2013 15:23:31 +0000 (17:23 +0200)]
l2tp: Fixed the nodeflate pppd option name
Jukka Rissanen [Mon, 18 Feb 2013 15:23:30 +0000 (17:23 +0200)]
config: Read only wifi config
Jukka Rissanen [Mon, 18 Feb 2013 15:23:29 +0000 (17:23 +0200)]
config: Remove obsolete definition
Patrik Flykt [Mon, 18 Feb 2013 08:40:49 +0000 (10:40 +0200)]
iptables: Cannot flush all rules without API to set them
Currently there exists no API where iptables rules can be set. The flush
code does not touch the default chain policy at the moment. Any pre-
existing iptables rules setting default policy to reject and relying on
individual iptables rules allowing packets going through will prevent
all IP communication. Removing all iptables rules on startup can expose
the device to unwanted traffic as well.
For the time being disable iptables flush on init. Please be careful
with iptables rules and the masquerading ones ConnMan sets when
tethering.
Tomasz Bursztyka [Fri, 15 Feb 2013 10:30:29 +0000 (12:30 +0200)]
gresolv: Optimize the response parser
It will check first if the response belongs to a query,
before interpreting any of its content (rcode, count...).
Tomasz Bursztyka [Fri, 15 Feb 2013 10:30:19 +0000 (12:30 +0200)]
gresolv: Do not remove a query on failure if other results are pending
Fixes BMC#25973
In the case one of the resolving failed, the query is removed and
destroyed from the queue. So the responses of the requests sent to
the other namerservers - which might be successful - will thus be
lost since they cannot be matched anymore to their initial request.
Patrik Flykt [Thu, 14 Feb 2013 21:37:23 +0000 (23:37 +0200)]
gsupplicant: Return zero for max scan SSID parameter
A driver can return a valid max scan SSID value of zero. Thus no fast
scans can be done, so the code falls back to a simple scan instead.
A value of zero is properly handled in plugins/wifi.c. An active scan
for a hidden SSID adds only the SSID parameter to the wpa_supplicant
D-Bus method call, which wpa_supplicant then handles properly.
Some drivers also report a max scan SSID value of one. In some of the
cases that value is bogus, the driver will not be able to do a fast
scan anyway. In addition, it is questionable why only one SSID can be
fast scanned as the feature would not differ much from an active scan
for a hidden network. Thus we set the limit to two, i.e. zero or one
is treated as zero, two or more is reported as is.
Thanks to Grant Erickson and Tomasz Bursztyka for finding and
pinpointing this issue.
Fixes BMC#25971
Denis Kenzior [Thu, 7 Feb 2013 16:22:57 +0000 (10:22 -0600)]
gdbus: Add g_dbus_proxy_set_removed_watch
Marcel Holtmann [Thu, 14 Feb 2013 21:43:23 +0000 (22:43 +0100)]
unit: Fix wrong format identifier for size_t
Marcel Holtmann [Thu, 14 Feb 2013 21:32:23 +0000 (22:32 +0100)]
unit: Add test cases for SHA-1 based PBKDF2 and PRF
Marcel Holtmann [Thu, 14 Feb 2013 21:27:33 +0000 (22:27 +0100)]
shared: Add helpers for SHA-1 based HMAC, PBKDF2 and PRF
Marcel Holtmann [Thu, 14 Feb 2013 15:24:41 +0000 (16:24 +0100)]
shared: Add generic debug and hexdump helpers
Vinicius Costa Gomes [Thu, 7 Feb 2013 17:40:31 +0000 (14:40 -0300)]
gdbus: Fix missing PropertiesChanged signal
If D-Bus ObjectManager is not supported, InterfacesAdded signal
checking needs to be ignored otherwise PropertiesChanged signal
will never be sent.
Jukka Rissanen [Thu, 24 Jan 2013 08:08:56 +0000 (10:08 +0200)]
systemd: Force daemon restart on failure
Important if you have a headless system.
Daniel Wagner [Tue, 12 Feb 2013 09:19:55 +0000 (10:19 +0100)]
iptables: Update the hook entries correctly in iptables_delete_rule()
The builtin value is only valid in the chain head entry and not
in any other entry. That means we need to lookup the head entry
and use that builtin value (== hook id) and then update all
references which follow that chain.
Daniel Wagner [Tue, 12 Feb 2013 09:19:54 +0000 (10:19 +0100)]
iptables: Test if match and target arguments are also the same
We need to verify that also the arguments are the same, e.g.
if we have two rules like
-t filter -A INPUT -m mark --mark 1 -j LOG
-t filter -A INPUT -m mark --mark 2 -j LOG
then the matcher and the target would be the same without looking
at '1' or '2'.
When deleting a rule, we would always remove the first
rule which matches the 'match' type and target type, so let's have a
look also on the arguments. iptables does it the same way.
Daniel Wagner [Tue, 12 Feb 2013 09:19:53 +0000 (10:19 +0100)]
test-iptables: Add chain add remove tests
Daniel Wagner [Tue, 12 Feb 2013 09:19:52 +0000 (10:19 +0100)]
iptables: Fix fallthrough rules
Daniel Wagner [Tue, 12 Feb 2013 09:19:51 +0000 (10:19 +0100)]
test-iptables: Add fallthrough unit test
A fallthrough rule is a one which does not have a verdict, e.g.
ACCEPT, DROP etc.
Daniel Wagner [Tue, 12 Feb 2013 09:19:50 +0000 (10:19 +0100)]
iptables: Remove unused __connman_iptables_command()
Daniel Wagner [Tue, 12 Feb 2013 09:19:49 +0000 (10:19 +0100)]
nat: Use new iptables API
Daniel Wagner [Tue, 12 Feb 2013 09:19:48 +0000 (10:19 +0100)]
test-nat: Move tests to test-iptables
These are iptables related tests. So let's move them over.
Daniel Wagner [Tue, 12 Feb 2013 09:19:47 +0000 (10:19 +0100)]
test-iptables: Add unit test for the new API
Daniel Wagner [Tue, 12 Feb 2013 09:19:46 +0000 (10:19 +0100)]
iptables: Add split out iptables commands
Instead of having a pure string based API, we add two new
main functions, __connman_iptables_append() and
__connman_iptables_remove(). The missing commands will be added later.
To simplify the whole code, the __connman_iptables_command() code
is refactored into smaller pieces: parse_rule_spec() calls a few
functions such as clear_tables_flags() and parse_xt_modules()
which should make the reading of the main parser loop simpler.
Also added a few comments on the parser which is really tricky.
Daniel Wagner [Tue, 12 Feb 2013 09:19:45 +0000 (10:19 +0100)]
nat: No need to 'nat' table anymore
This is done in iptables.c directly.
Daniel Wagner [Tue, 12 Feb 2013 09:19:44 +0000 (10:19 +0100)]
iptables: Flush 'filter' 'mangle' and 'nat' table
The implementation is ugly but there is not much we can do about it, the
iptables API is being just plain stupid here.
Daniel Wagner [Tue, 12 Feb 2013 09:19:43 +0000 (10:19 +0100)]
iptables: Add CONNMAN_IPTABLES_DEBUG environment variable
If CONNMAN_IPTABLES_DEBUG is set, then print the table when it is loaded
and print it the table which will be written.
Also use DBG() instead of connman_info().
Daniel Wagner [Tue, 12 Feb 2013 09:19:42 +0000 (10:19 +0100)]
iptables: Remove dependency on table in iterator_entries_cb_t
With removing the table argument the callback can now either
iterate over buffer we get from the kernel or the one we write
to the kernel.
Daniel Wagner [Tue, 12 Feb 2013 09:19:41 +0000 (10:19 +0100)]
iptables: Do not pass table into dump_match() and dump_target()
Daniel Wagner [Tue, 12 Feb 2013 09:19:40 +0000 (10:19 +0100)]
iptables: Get rid of the iterator macro
Instead implement the iterator loop directly. Since both dump_entry()
and add_entry() have calculated 'builtin' and 'offset' let's pass in
them in as well.
In the next step we are able to remove also the table argument
which will allow us to unify the parsing the table we get
from IPT_SO_GET_ENTRIES and the table we will pass in to the kernel
via IPT_SO_SET_REPLACE.
Daniel Wagner [Tue, 12 Feb 2013 09:19:39 +0000 (10:19 +0100)]
iptables: Clear global parser flags
That allows the parser to be reentrantable.
Daniel Wagner [Tue, 12 Feb 2013 09:19:38 +0000 (10:19 +0100)]
iptables: Make string arguments const
Daniel Wagner [Tue, 12 Feb 2013 09:19:37 +0000 (10:19 +0100)]
iptables: Add some documentation
These are some random notes but should give the next person to debug
iptables some introduction.
Daniel Wagner [Tue, 12 Feb 2013 09:19:36 +0000 (10:19 +0100)]
test-iptables: Add unit test for iptables
Marcel Holtmann [Mon, 11 Feb 2013 19:19:10 +0000 (20:19 +0100)]
gdbus: Don't call property changed callback during client init
When the client uses ObjectManager to init properties, do not call
property changed callbacks. They should only be called once the proxy
added has been successfully signaled since the proxy itself provides
a full copy of available properties.
Patrik Flykt [Mon, 11 Feb 2013 07:26:35 +0000 (09:26 +0200)]
gdhcp: DHCP server IP address is stored in host order
This change affects unicasted DHCP renew and release messages.
A DHCP server receiving packets via a raw socket will get all
packets destined to port 67. If the DHCP server checks the
intended server IP address, the request will fail. If the server
does not care about the IP address being used, it will send a
reply. The reply is not recognized by ConnMan since it is coming
from another IP address than what it was sent to. ConnMan will
retry quite a few times, but eventually settle down and use the
address even without a proper response from the server.