TCP connection error , port 443 N: Connect failed errno=13

I am getting the following error in the logread when my Legato application is trying to connect to another server application on the device (which is not in the legato system) via port 443. My adef file has sandboxed: false and the application is being started by an init script. Only this script is kept in the package. When I run my application outside the legato system i.e without starting from legato - I don’t face an issues to connect via port 443 to the server application.

device is FX30s
legato version : 16.10.1
Application: Legacy C application ported for this device

adef file:

sandboxed: false

bundles:
{
file:
{
[xr] Init.sh /bin/

}

}

requires:
{
file:
{
/bin/sh /bin/sh
/etc/hosts /etc/
}

}

processes:
{
envVars:
{
LD_LIBRARY_PATH=/path/to/required/Libs/for_my_Legacy_application
}

run:
{
(Init.sh)
}

maxCoreDumpFileBytes: 100K
maxFileBytes: 20480K
//faultAction: restart

}

maxMemoryBytes: 90440K

start: auto

ERROR:
fx30s user.err Legato: =ERR= |Init.sh[26707] | [2020/06/29 06:22:06:7588] N: Connect failed errno=13

I read from this post that, USB interface does not have much restrictions regarding iptable rules, since sandboxed is set to false I am assuming my app is getting root privileges as well, so I am out of ideas as to why the connection is not working inside the legato system and works properly outside.

you can shut down the firewall by the following command and see if the problem still exists.
iptables -I INPUT -j ACCEPT

Also you can put your script in /tmp, and then using system(“sh /tmp/Init.sh”); in the code and see if the problem still exists.

@jyijyi Thanks for the reply. Shutting down the firewall did not help.
And I did not understand what you meant by putting the init script in the /tmp - do you mean in the legato package?

My scenario is I am using an Init script to start my C application. When I run the script outside legato I have no issues, when i run the script from legato - I am facing the issues. I am only using the script so that I can start my applications from legato, but keep all the required files and stuff in other locations. Also the app is not sandboxed.

I ran into another post that seem to have had a similar scenario: THIS But their issue was solved by changing from ipv6 to ipv4.

In my case, if i do netstat -ent , I am getting the following output:
tcp 0 1 127.0.0.1:36211 127.0.0.1:443 SYN_SENT
But then the app gets killed after some time
Is this due to some setting/permission issue that I have missed. I am very new to Legato.

no, /tmp is the real path in the module as a result, your legato application can run the shell script in /tmp/Init.sh by system() API.

moving the script to /tmp did not help. Im still getting the error
Jun 29 10:01:30 fx30s user.err Legato: =ERR= | startapp[18601] | [2020/06/29 10:01:30:6562] N: Connect failed errno=13

Please attach your script here

Below given is my init script

#!/bin/sh
 cd /home/root/MYLEGACYAPP
./mylegacyapp

I also tested with this example, where I added the url to /etc/hosts as:
192.168.2.2 www.hp.com

Here also, it is having the same behaviour, will connect to the server when run outisde legato, and would not connect when run from legato.

I will make a try tomorrow, my first thought is similar issue to this one

Btw, if you change the line ./mylegacyapp to use curl command, does it work?

I don’t see problem with the latest FW R17:

https://source.sierrawireless.com/resources/airlink/software_downloads/fx30-firmware/fx30-firmware-3g/#sthash.cEmNgXK3.2jGjhTZT.dpbs

Here is my binary of sslconnect_arm.

sslconnect_arm (14.7 KB)
And also I used the following in the unsandboxed legato application:
system("/home/root/sslconnect_arm");

I can see the following legato log:


Jun 30 02:27:36 | hello6[1870] | | Successfully made the TCP connection to: https://www.sierrawireless.com. Successfully enabled SSL/TLS session to: https://www.sierrawireless.com. Retrieved the server’s certificate from: https://www.sierr
Jun 30 02:27:36 | hello6[1870] | | ta: CN=ssl425269.cloudflaressl.com Finished SSL/TLS connection with server: https://www.sierrawireless.com.


Updating to latest firmware solved the tcp issue. Thank you for your time @jyijyi