On 02/16/2020 06:21 AM, Jouni Malinen wrote:
On Fri, Feb 07, 2020 at 01:10:14AM -0800, greearb@xxxxxxxxxxxxxxx wrote:
This lets things work better on multi-homed networks.
What is the issue on multi-homed networks? Isn't the local IP routing
configured properly to find the target IP address here? And what is that
DNS server configuration about? It seems to be doing more than just
binding "dns to wlan interface".. It would be good to split this into
three patches to address those apparently different parts: (1) bind HTTP
TCP/IP socket into a specific interface (from the hs20-osu-client -S
command line argument), (2) bind DNS UDP socket into a specific
interface, and (3) allow system DNS server IP addresses to be
overridden.
I have management network (assume eth0) pointing to local lab and internet.
For testing, I want wlans to talk to AP that may give out different DNS
server (ie, itself).
For the same reason, I want to force http and DNS out the wlan, so even if it is
the same DNS IP or subnet, it goes out the correct interface to the AP under test.
Binding in this way also allows use of VRF or IP rule routing tables per wlan.
I think if you bind one thing, you should bind everything. But, if you want me
to split it up, I will do so. Would you like individual command line args for each
of the 3 things?
diff --git a/hs20/client/osu_client.c b/hs20/client/osu_client.c
+void check_dns_file(struct hs20_osu_client* ctx)
+{
+ /* Look for DNS servers in case user specified a place to look. */
+ if (ctx->dns_file) {
+ FILE *f;
+ char buf[100];
+
+ f = fopen(ctx->dns_file, "r");
+ if (f) {
+ if (fgets(buf, sizeof(buf), f)) {
+ wpa_printf(MSG_DEBUG, "Checking DNS file: %s contents: %s",I don't rel
+ ctx->dns_file, buf);
+ if (strncmp(buf, "DNS:", 4) == 0) {
..
Why would this need an external file? Wouldn't it be simpler to provide
the list of DNS server IP addresses on the command line with the new
command line argument -D that added here to point to a file?
Because you don't know what DNS the OSEN AP will give out before you do the
initial connect.
That said, there are more problems because there is no way I can find to over-ride
the DNS resolver in webkit, so probably I am going to have to use LD_PRELOAD to override
the gethostbyname and similar library calls, which I think means I have to know the DNS before starting
the osuclient (and thus webkit) anyway.
@@ -3241,6 +3277,7 @@ int main(int argc, char *argv[])
break;
case 'S':
ctx.ifname = optarg;
+ ctx.do_bind_iface = 1;
break;
Couldn't this break some existing cases if do_bind_iface is hardcoded
for both HTTPS and DNS unconditionally? The current use of -S<ifname> is
to specify which wpa_supplicant control interface to connect to. I'm not
confident that it is the same as the interface used for all TCP/IP
packets needed in all testing scenarios.
In a real connection scenario, *all* routing and DNS will go out the wlan because the user
has no other connection to the internet while logging on to wifi, right?
And, I doubt there are more than about 3 people in the world who are using this code :)
But, if you disagree, let me know and I'll create a new command line arg for this.
Thanks,
Ben
--
Ben Greear <greearb@xxxxxxxxxxxxxxx>
Candela Technologies Inc http://www.candelatech.com
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
