1. 26 Sep, 2018 2 commits
  2. 25 Sep, 2018 2 commits
    • Jussi Laakkonen's avatar
      vpn: Reset flags before calling vpn_newlink() if VPN interface was up · 7c587111
      Jussi Laakkonen authored
      This fixes the issue of VPN provider not being set ready as VPN
      interface was already up when vpn_notify() was called. It is required to
      reset the flags before calling vpn_newlink(), otherwise the state of the
      VPN provider is not changed.
      This would result in a situation where VPN provider settings were not
      sent to connmand and later adding the routes of a VPN will fail as the
      interface index was not updated. Also other information (interface type,
      nameservers, domain) of the VPN provider is outdated. This happens when
      same VPN is re-connected after transport service has been changed.
    • Jussi Laakkonen's avatar
      vpn: Add remove function callback to VPN driver · a50b74a8
      Jussi Laakkonen authored
      This commit adds remove function callback to the VPN driver structure.
      The prototype is int (remove*) (struct vpn_provider *provider) and is to
      be registered within the VPN plugin.
      This function is called from vpn/plugins/vpn.c when removing a provider
      after it has been stopped. It is meant for VPNs that need to cleanup
      some VPN specific content when removed or to notify other services after
  3. 14 Sep, 2018 9 commits
  4. 13 Sep, 2018 1 commit
  5. 12 Sep, 2018 1 commit
    • Jussi Laakkonen's avatar
      [connman-vpn] Increasing delay in VPN autoconnect. Contributes to JB#42337 · 992c05e5
      Jussi Laakkonen authored
      This commit changes the vpn autoconnection to operate as follows:
       - Try to connect a VPN if the default transport service is connected
       - Stop autoconnecting if there is no transport service
       - Stop autoconnecting if default transport service is not connected
       - Stop autoconnecting if default transport service is connected VPN
       - Keep loop running when a VPN is in connecting state
       - When kept in loop increase the delay periodically
      In order to show indication to the user it is important to let
      autoconnect try to connect a VPN. Otherwise in case of network going
      down to ready from online, or connecting a network which has no access
      to Internet there is no indication that VPN is being connected.
      The autoconnect function will be kept in main loop if there are VPNs to
      automatically connect and the delay will increase based on the attempt
      count. Every VPN_AUTOCONNECT_TIMEOUT_STEP (30) increases the delay with
      1s up to 10s. The amount of attempts after which the delay no longer
      initial call the delay is 1s, increasing up to 10s.
      Each call to vpn_auto_connect() is changed to remove the timeout
      function from main loop in order to reset the attempt counter and the
      delay. This way each change happening in networking conditions that
      triggers call to do_auto_connect() will also reset these and gets the
      autoconnect running with no delay, otherwise there may be a max. 10s
      delay before VPN is even attempted to connect.
      Each connman service change now triggers vpn_auto_connect() (ecf3ce06) so
      it is safe to drop out from main loop after no connected is found.
      Except ready -> online state change does not trigger anything.
      This reduces battery usage on situation, where VPN is to be connected
      automatically but the network goes offline (e.g., during night) so the
      VPN autoconnect would not be continuously running in the background with
      1s intervals. Also, in case a VPN server goes unavailable for a short or
      longer period this will first try to connect more rapidly in the first
      30 tries and increase the delay periodically.
  6. 03 Sep, 2018 3 commits
    • Peter Meerwald-Stadler's avatar
      rtnl: Bail out if interface name is blacklisted · 18866d96
      Peter Meerwald-Stadler authored
      read_uevent() checks if the interface name is blacklisted, but then
      continues to open the corresponding uevent file, and happily sets SERIVCE_TYPE
      and DEVICE_TYPE (nullifying the blacklisting)
      this leads to the following logging when starting connmand -I wlan0
        Ignoring interface wlan0 (filtered)
        Adding interface wlan0 [ wifi ]
      fix this by bailing out from read_uevent() as soon as we find the device
      is blacklisted
    • Jussi Laakkonen's avatar
      connection: Check for active flag when updating default gateway · e308e380
      Jussi Laakkonen authored
      Set default gateway if it has been updated or if it has not been set as
      active yet.
      The check for active interface is required in cases that are induced by
      a race condition caused by a change of interfaces that are either too
      fast or too slow to go down, or to get up. In such case the interface
      that should be used as default gateway may end up with no default route
      set in routing table.
      This is because the change happens in a situation where the old default
      service A going down is still online, when the new service B that is
      becoming the new default, is still in ready state. The new default
      service B is not detected as default gateway because of the service list
      order. The new service B has been added to gateway_hash and the routes
      other than the default route have been set into routing table.
      After this the routes of the old default service A are removed but
      because of the old default service A still being the default service
      according to service list, the removal of routes of the old default
      service A does not get the new default gateway B to be selected as the
      default gateway. After this the old default service A is properly
      disconnected and set to idle setting the new default service B as the
      default service.
      The next call to this update gateway function results in a situation where
      updated flag is not set, hence new default service B is the only one in
      the gateway_hash. By checking also the active flag of the gateway the
      new default gateway B in the scenario above will have a default route
      set also in routing table.
      [connman] Check active flag when updating gateway. Contributes to JB#42017
    • Jussi Laakkonen's avatar
      connection: Set and unset active flag when changing default gateway · 5a2d3f9d
      Jussi Laakkonen authored
      The active flag for gateway should be set also when it is set or unset
      as default gateway as it is done with VPN gateways. The active flag is
      used in finding the active gateway (find_active_gateway(), choosing the
      default gateway (choose_default_gateway()), updating the default gateway
      (__connman_connection_update_gateway()) and to delete routes
      The active flag is set/unset when adding or removing the gateway but not
      touched when updating the interface using set_default_gateway() and
      unset_default_gateway(). This adds setting of the flag in both of the
      uses of the set/unset default gateway and unset_default_gateway(). This
      adds setting of the flag in both of the uses of the set/unset default
      [connman] Set/unset active flag if changing gw. Contributes to JB#42017
  7. 30 Aug, 2018 1 commit
    • Slava Monich's avatar
      service: Initialize order for VPN services · d8d5c412
      Slava Monich authored
      If the default value of do_split_routing is 0 (false) then
      according to set_split_routing() the default order for VPN
      services should be 10. If the whole structure is zeroed on
      initialization, do_split_routing and order for VPN services
      were left in inconsistent state.
  8. 22 Aug, 2018 3 commits
  9. 21 Aug, 2018 3 commits
  10. 20 Aug, 2018 1 commit
    • Jussi Laakkonen's avatar
      [connman] Default service change checks simplified. Contributes to JB#42337 · e87f3a90
      Jussi Laakkonen authored
      Simplified the checking of the current default in case it is a VPN. The
      change is not to be made if the current default service depends on the
      new default service and is connected. Otherwise, the VPN as current
      default must be disconnected regardless of its state. The check of
      whether the new service is allowed to be set is done earlier in
      This fixes the issue of DNSs not being enabled as the change of default
      service was prematurely terminated because only the depending service
      pointer was checked for NULL. Occurs in a scenario when change is to be
      made but the VPN is not connected and depends on the new default
  11. 17 Aug, 2018 11 commits
    • Jussi Laakkonen's avatar
      Merge branch 'jb41939_2' into 'upgrade-2.2.1' · f9dd21b6
      Jussi Laakkonen authored
      Improve VPN bookkeeping and default service selection logic, also include DNS servers of non-default route VPNs to use.
      See merge request !125
    • Jussi Laakkonen's avatar
      [connman] Notify even when default does not change. Contributes to JB#42337 · 49f5f7db
      Jussi Laakkonen authored
      Call notifier even when default service does not change. This fixes an
      important issue of DNS servers not being enabled and causing network not
      to work (e.g., bad address from DNS). In order to keep the DNS servers
      of the default service enabled notifier must be used to inform
      dnsproxy.c and others using the notifier.
    • Jussi Laakkonen's avatar
      [connman-vpn] Improve auto connection of VPNs. Contributes to JB#42337 · e0daaad5
      Jussi Laakkonen authored
      Added more checks for run_vpn_auto_connect(): 1) delay connecting of VPN
      if the current default service is not yet online but in ready state and
      2) stop VPN auto connection if there is no default service in online
      state or the default service is connected VPN. This will be added to
      main loop when there is a change in the default service.
      Additionally keep the run_vpn_auto_connect() in main loop with 1s delay
      after the first run in order to re-connect any VPN that should be
      connected. Because of errors in network conditions the VPN can get
      disconnected for a multiple reasons. By keeping the auto connect
      function in the main loop the VPN that should be connected will be
      attempted until user decides to disable it. If there is no VPN to
      automatically connect remove it from main loop.
      Removed unsetting of VPN autoconnect in vpn/plugins/vpn.c:vpn_notify()
      to make the toggling of autoconnect setting completely a user setting.
      ConnMan should not disable it for the first error it encounters.
      Added vpn_auto_connect() to each location where service autoconnection
      was used for VPNs - run_auto_connect() skips VPN services. Now in case
      of addition, removal, disconnect or failure vpn auto connect will be
      added to mainloop. A helper function, do_auto_connect() was added to run
      appropriate auto connect function.
    • Jussi Laakkonen's avatar
      [connman] Use transport service of VPN in compare. Fixes JB#42655 · 3749fb9c
      Jussi Laakkonen authored
      Utilize the transport services of VPNs (depends_on) when comparing
      services in service_list_sort() compare function service_compare().
      If service_a is a connected VPN compare the transport service to
      service_b. Unless service_a's transport service is service_b.
      If service_b is a connected VPN compare the transport service
      to service_a. Unless service_b's transport service is service_a.
    • Jussi Laakkonen's avatar
      [connman] Increase service online state checks. Contributes to JB#42337 · 297cd3d5
      Jussi Laakkonen authored
      Added a function to check if service is in online state.
      Improved checking of default service selection in
      allow_service_over_default() by allowing a service to be set over a
      non-connected default service. Also, if the transport service of a VPN
      that is current default is online but the new service is not online the
      change is not made. Additionally, if the current default is online but
      new service is not the change is not allowed.
    • Jussi Laakkonen's avatar
      [connman] Traverse service list only with debug. Contributes to JB#42337 · c6aeeddf
      Jussi Laakkonen authored
      Added check for debug mode when traversing service list for debugging
      purposes. The list of services is traversed only when debug is set on
      and service info needs to be printed.
      Also, changed to use correct nameserver_add_all() function within
      service.c instead of resolver.c one. The service's nameservers and
      domains are added properly if the default has been changed.
    • Jussi Laakkonen's avatar
      [connman] Improve service autoconnection. Contributes to JB#42337 · 12dfbb56
      Jussi Laakkonen authored
      When setting a NULL default service call autoconnection of services.
      This is important since when dropping out of range of a WLAN network,
      for instance, the mobile data should be brought up as quick as possible
      if available.
      Also added more checks into auto_connect_service() that when the active
      count is 0 it does not always mean that autoconnection of services can
      be stopped. The scenario where WLAN network is lost and mobile data is
      on but exists as a idle service in the services list the mere check for
      active_count amount is not enough since there may be a preferred tech
      in the list that should be connected. Thus, a check for preferred
      requirement and if such tech has been found is added. The above scenario
      would result in some cases a delay of ~90s when dropping out from WLAN
      and getting the mobile data online again.
    • Jussi Laakkonen's avatar
      [connman] Check default route in service list sort. Contributes to JB#42337 · 6325ada6
      Jussi Laakkonen authored
      Added a check for default route in service list sorting function. Prefer
      the service being as default route in the order of services. VPN as
      non-default route should be lower than connected transport service.
      Also fix get_connected_default_route_service() function to return NULL
      when no connected service exists.
    • Jussi Laakkonen's avatar
      [connman] Use DNS of depending non-default route VPN. Contributes to JB#42337 · ff3caa01
      Jussi Laakkonen authored
      Added a functionality to the dnsproxy which includes the DNS servers of
      the VPNs that depend on the current default service. The DNS servers of
      a VPN are included only when it is not used as default route. The DNS
      servers of a depending VPN service are enabled at creation stage and as
      well as when default service changes.
    • Jussi Laakkonen's avatar
      [connman] Improve default service selection logic. Contributes to JB#41939 · fec3267a
      Jussi Laakkonen authored
      This commit improves the logic to select the default service. The order
      of the technologies is used from the preferred techs list. If the
      service is higher on the list (index is smaller) and the new service is
      lower in the list (index is bigger) the new service will not be set as
      With VPN being the default the dependency of the VPN is checked that if
      the new service outranks the current transport service of the VPN being
      as default service. In such case where new service, e.g. WiFi is
      connected and VPN uses cellular, VPN will be disconnected and
      reconnected over WiFi.
      Added also more vpn autoconnection in case the default service is not
      changed. Also if the default service is being set NULL and there is some
      service that is connected that connected service is used instead of
    • Jussi Laakkonen's avatar
      [connman] Bookkeeping of VPN connections. Contributes to JB#41939 · cd2882db
      Jussi Laakkonen authored
      Added bookkeeping of VPN connections to track which transport service
      was used to connect a VPN service. The pointer to the current default
      service recorded for each connecting VPN and if a service is being
      disconnected all the VPNs using the technique with that index are
      Improved default_changed() behavior to disconnect the depending VPN
      services when default is changed, or to disconnect the VPN service if it
      was the previous default. If the new default service is depending on the
      previous default service VPNs are not disconnected to prevent
      connect-disconnect loops.
  12. 16 Aug, 2018 3 commits
    • Jussi Laakkonen's avatar
      [connman-vpn] Set autoconnect off if dialog canceled. Fixes JB#42666 · 0dd62f1e
      Jussi Laakkonen authored
      This fix disables autoconnect for VPN if login dialog is canceled.
      Canceling VPN login dialog calls vpn-provider.c
      vpn_provider_indicate_error() which in case of error sets the state of
      VPN as failed. With this fix autoconnecting of the canceled VPN is
      stopped in case login fails.
    • Slava Monich's avatar
      [vpn] Fix memory leak · 2527acde
      Slava Monich authored
      ==10939== 20 bytes in 4 blocks are definitely lost in loss record 199 of 429
      ==10939==    at 0x483F3EC: malloc (vg_replace_malloc.c)
      ==10939==    by 0x4C7E35F: g_malloc (gmem.c)
      ==10939==    by 0x4C962BD: g_strdup (gstrfuncs.c)
      ==10939==    by 0x1945B: vpn_create_tun (vpn.c)
      ==10939==    by 0x19C83: vpn_connect (vpn.c)
      ==10939==    by 0x292DF: __vpn_provider_connect (vpn-provider.c)
      ==10939==    by 0x27797: do_connect (vpn-provider.c)
      ==10939==    by 0x46853: process_message (object.c)
      ==10939==    by 0x486AB: generic_message (object.c)
      ==10939==    by 0x49BDFE1: _dbus_object_tree_dispatch_and_unlock (dbus-object-tree.c)
      ==10939==    by 0x49B4071: dbus_connection_dispatch (dbus-connection.c)
      ==10939==    by 0x43A8B: message_dispatch (mainloop.c)
    • Slava Monich's avatar
      [openvpn] Don't create pipes that we don't use. JB#42681 · 375fa845
      Slava Monich authored
      The caller of g_spawn_async_with_pipes() is responsible for closing
      the pipes but we neither closed nor used those.