Connman sends tons of unnecessary queries

Topic: Connman sends tons of unnecessary queries (Read 3819 times) previous topic - next topic

0 Members and 7 Guests are viewing this topic.

Connman sends tons of unnecessary queries

26 August 2021, 20:57:33

Hello guys want to let you know that connman sends tons of queries (1 query/2minutes) toward a domain "ipv4.connman.net" . Tried to block it with hosts file but it doesn't work that way. Restarted the pc and still those queries reach DNS server. I blocked it with firewall and black holed it with nextDNS but still tries to send syn packets to connect. I also edited connman.conf to not check the connectivity but still that doesn't do anything, connman no matter what tries to make it's circus thing. Is there any way to get rid of this or i'm doomed forever? I don't want this because it's unnecessary and second it's privacy non respecting. Anyone down the wire can see i use connman as my network manager. Any options left? Thank you and keep on rolling

PS: when i tried to block that domain i used something like this in hosts

Code: [Select]

0.0.0.0   ipv4.connman.net

Re: Connman sends tons of unnecessary queries

Reply #1 – 26 August 2021, 21:23:15

Interesting, I use connman 1.40, and it doesn't make such connections (I check with watch netstat).

Re: Connman sends tons of unnecessary queries

Reply #2 – 26 August 2021, 22:05:29

Yes check it out. From where i am it tries to resolve with this IP addresses 82.165.8.211 over port 80. I will try to use hosts file again this time pointing that domain toward loopback hope it works that way.

Re: Connman sends tons of unnecessary queries

Reply #3 – 26 August 2021, 22:31:33

Yeah it worked sending to loopback

Code: [Select]

127.0.0.1  ipv4.connman.net

Now when i ping that domain it's like pinging 127.0.0.1 my localhost so that query doesn't land anymore on DNS servers but it bounces inside my machine XD. Still think this is not a proper fix as that "connmand -n" to be more accurate keep trying failing at host level but when i check with netstat -atupln still shows me it tries to syn ack that ip

Re: Connman sends tons of unnecessary queries

Reply #4 – 26 August 2021, 22:50:58

After discussing it on Telegram, seems it's a known thing, just connman detecting captive portals:

https://wiki.archlinux.org/title/ConnMan#Unknown_route_on_connection

Quote

This behaviour can be prevented by adding the following to /etc/connman/main.conf:

Quote
[General]
EnableOnlineCheck=false

Don't think it'll make much difference, since none of Artix's inits have an equivalent of systemd's network-online.target.

Re: Connman sends tons of unnecessary queries

Reply #5 – 26 August 2021, 23:02:03

Quote from: capezotte – on 26 August 2021, 22:50:58

EnableOnlineCheck=false

So, that's why connman on my machine doesn't make such connections. Also:

Code: [Select]

# Range of intervals between two online check requests.
# When an online check request fails, another one is triggered after a
# longer interval. The intervals follow the power of two series of numbers
# between OnlineCheckInitialInterval and OnlineCheckMaxInterval.
# Default range is [1, 12], corresponding to the following intervals, in
# seconds: 1, 4, 9, 16, 25, 36, 49, 64, 81, 100, 121 and 144.
# OnlineCheckInitialInterval = 1
# OnlineCheckMaxInterval = 12

Re: Connman sends tons of unnecessary queries

Reply #6 – 26 August 2021, 23:09:10

Well mine still did that until i send it to talk to my localhost. Anyway if i will try to use encrypted dns probably the hosts file approach will fail too cos it would totally bypass it. So in conclusion on runit that "EnableOnlineCheck=false" doesn't have any results, it's like you're doing nothing

Re: Connman sends tons of unnecessary queries

Reply #7 – 26 August 2021, 23:46:14

There's also this:

Code: [Select]

# WARNING: Experimental feature!!!
# In addition to EnableOnlineCheck setting, enable or disable use of HTTP GET
#| to detect the loss of end-to-end connectivity.
# If this setting is false, when the default service transitions to ONLINE
# state, the HTTP GET request is no more called until next cycle, initiated
# by a transition of the default service to DISCONNECT state.
# If this setting is true, the HTTP GET request keeps beeing called to guarantee
# that end-to-end connectivity is still successful. If not, the default service
# will transition to READY state, enabling another service to become the
# default one, in replacement.
EnableOnlineToReadyTransition = false

The entire source code can be seen on kernel.org.

Re: Connman sends tons of unnecessary queries

Reply #8 – 27 August 2021, 01:06:09

Something is not right. According to connman doc (https://git.kernel.org/pub/scm/network/connman/connman.git/tree/README#n388), this connection is used to determine internet connection status. If the server replies right, connman should transit from Ready to Online state, and no more connection attempt is needed. Either the connection is not made or the server doesn't reply right. If you wanna dig in, I would suggest you put a tcpdump/wireshark on to trace what's going on.

These are sample msg exchanges between your system and ipv{4|6}.connman.net

ConnMan sends this very minimal information in http header when doing
the online check request (example):
   Host: ipv4.connman.net
   User-Agent: ConnMan/1.23 wispr
   Connection: close

Currently following information is returned from connman.net if
the connection is successful (200 OK http response code is returned):
   Server: nginx
   Date: Mon, 09 Jun 2014 09:25:42 GMT
   Content-Type: text/html
   Connection: close
   X-ConnMan-Status: online

Re: Connman sends tons of unnecessary queries

Reply #9 – 27 August 2021, 05:56:19

Why would any one with a common sense would want such a feature? I mean that domain/IP would know when you connect/disconnect to the internet in my book that's kinda spyware. Thank you guys for the replies i will try that solution suggested by @strajder "EnableOnlineToReadyTransition = false" thanks once again. Cheers

PS: and i will check it also with wireshark

Re: Connman sends tons of unnecessary queries

Reply #10 – 27 August 2021, 07:15:15

Deleted the other stuff as was not enough accurate

EDIT2
So i've checked and double checked. The thing about connman is as follow.
1) If you try to block at the ip level connman will send 1 query/2 minutes (this was detected with nextdns log)
2) If you try to blackhol it meaning blocking "ipv4.connman.net" at dns level connman will send several ~7hundreds queries/in just few seconds
3) If you let it doing it's thing meaning not blocking it in any way it will call home 82.165.8.211 and after that will remain silent (like any other spyware would do)
4) If you try to block it with hosts file it will ignore that and make it's queries without giving a f

So if you ask me i opted for first choice and gave that ip the middle finger. Strongly think it's not influenced by the init system or other settings is just the way connman was coded. Would be cool if anyone can verify but i doubt anyone would give so much time i gave. Connman 1 - 0 Me

Re: Connman sends tons of unnecessary queries

Reply #11 – 27 August 2021, 20:59:21

Again, no connections to connman.net are being made by connman on my system. I don't think it is related, but I use suite66. I'd say it is probably your setup. Have you perhaps migrated from another distribution or are you using Arch version of connman?

Here's what grep finds on the current git source tree of connman:

Code: [Select]

$ git clone git://git.kernel.org/pub/scm/network/connman/connman.git
$ cd connman
$ grep -r 'connman\.net'
README:from ipv4.connman.net (for IPv4 connectivity) and ipv6.connman.net
README:http://ipv{4|6}.connman.net/online/status.html
README:a host route to both the ipv4.connman.net and ipv6.connman.net so that
README:	Host: ipv4.connman.net
README:Currently following information is returned from connman.net if
src/6to4.c:#define STATUS_URL "http://ipv6.connman.net/online/status.html"
src/wispr.c:#define STATUS_URL_IPV4  "http://ipv4.connman.net/online/status.html"
src/wispr.c:#define STATUS_URL_IPV6  "http://ipv6.connman.net/online/status.html"
src/dnsproxy.c: * Example: caching www.connman.net uses 97 bytes memory.
tools/wispr.c:#define DEFAULT_URL  "http://www.connman.net/online/status.html"
tools/private-network-test.c:	 * IP packet: src: 192.168.219.2 dst www.connman.net
$ grep -r STATUS_URL
src/6to4.c:#define STATUS_URL "http://ipv6.connman.net/online/status.html"
src/6to4.c:		web_request_id = g_web_request_get(web, STATUS_URL,
src/wispr.c:#define STATUS_URL_IPV4  "http://ipv4.connman.net/online/status.html"
src/wispr.c:#define STATUS_URL_IPV6  "http://ipv6.connman.net/online/status.html"
src/wispr.c:		wp_context->status_url = STATUS_URL_IPV4;
src/wispr.c:		wp_context->status_url = STATUS_URL_IPV6;

Here (src/service.c) we can see that if the EnableOnlineCheck is not set to 1, the function start_online_check returns:

Code: [Select]

 static void start_online_check(struct connman_service *service,
                                 enum connman_ipconfig_type type)
 {
         if (!connman_setting_get_bool("EnableOnlineCheck")) {
                 connman_info("Online check disabled. "
                         "Default service remains in READY state.");
                 return;
         }
         enable_online_to_ready_transition =
                 connman_setting_get_bool("EnableOnlineToReadyTransition");
         online_check_initial_interval =
                 connman_setting_get_uint("OnlineCheckInitialInterval");
         online_check_max_interval =
                 connman_setting_get_uint("OnlineCheckMaxInterval");

         if (type != CONNMAN_IPCONFIG_TYPE_IPV4 || check_proxy_setup(service)) {
                 cancel_online_check(service);
                 __connman_service_wispr_start(service, type);
         }
}

Re: Connman sends tons of unnecessary queries

Reply #12 – 27 August 2021, 21:36:31

I've further traced a line of execution which makes a connection to connman.net, regardless of the above settings, but it depends on the Enable6to4 setting being set to true, when its default value is false:

Code: [Select]

# Automatically enable Anycast 6to4 if possible. This is not recommended, as
# the use of 6to4 will generally lead to a severe degradation of connection
# quality. See RFC6343. Default value is false (as recommended by RFC6343
# section 4.1).
# Enable6to4 = false

it's in the file src/6to4.c:

Code: [Select]

static void tun_newlink(unsigned flags, unsigned change, void *user_data)
{
	int index = GPOINTER_TO_INT(user_data);

	if ((newlink_flags & IFF_UP) == (flags & IFF_UP)) {
		newlink_flags = flags;
		return;
	}

	if (flags & IFF_UP) {
		/*
		 * We try to verify that connectivity through tunnel works ok.
		 */
		if (newlink_timeout_id > 0) {
			g_source_remove(newlink_timeout_id);
			newlink_timeout_id = 0;
		}

		web = g_web_new(index);
		if (!web) {
			tunnel_destroy();
			return;
		}

		g_web_set_accept(web, NULL);
		g_web_set_user_agent(web, "ConnMan/%s", VERSION);
		g_web_set_close_connection(web, TRUE);

		if (getenv("CONNMAN_WEB_DEBUG"))
			g_web_set_debug(web, web_debug, "6to4");

		web_request_id = g_web_request_get(web, STATUS_URL,
				web_result, NULL,  NULL);

		newlink_timeout(NULL);
	}

	newlink_flags = flags;
}

This is still problematic, but at least not enabled by default. This should check the EnableOnlineCheck, but it doesn't. Here:

Code: [Select]

static bool apply_lease_available_on_network(GDHCPClient *dhcp_client,
						struct connman_dhcp *dhcp)
{
	char **nameservers, **timeservers, *pac = NULL;
	struct connman_service *service;
	GList *list, *option = NULL;
	int ns_entries;
	int i;

	if (!dhcp->network)
		return true;

	service = connman_service_lookup_from_network(dhcp->network);
	if (!service) {
		connman_error("Can not lookup service");
		return false;
	}

/* ... and so on ... */

	if (connman_setting_get_bool("Enable6to4"))
		__connman_6to4_probe(service);          /* <-- this calls the above function which */
                                                /* makes the connection, unconditionally */

	return true;
}

Re: Connman sends tons of unnecessary queries

Reply #13 – 27 August 2021, 22:17:17

Yeah for the guys with big brains

for sure this is a child play modifying the code but for me is gibberish. I won't dive deeper than that because when they will make an update everything could go back or even get worse. Wonder if network manager is any better or it has same spyware capabilities. I mean they seem to have made a spyware who gather info about every single device that uses connman, unless you block it at the ip level (best solution i think) everybody is on dady "ipv4.connman.net" "facebook"

PS: wonder what the heck the guys maintaining nexdns said when they saw 1000 queries in 10 seconds lol

Anyway thank you @strajder for trying out to find a solution. Perhaps we need to fork connman an make it easier to disable that online check without so much hassle . Cheers

Re: Connman sends tons of unnecessary queries

Reply #14 – 27 August 2021, 22:34:31

Quote from: strajder – on 27 August 2021, 20:59:21

Again, no connections to connman.net are being made by connman on my system.

When you start your machine and you're in the middle of the boot connman already is sending it's packets and after that remains silent. But if you block that ip you'll see how active is in reality.