HIPL

Merge lp:~fahad-aizaz/hipl/hipd-hipfw-conf into lp:hipl

hipd-hipfw-conf
Merge into trunk

Proposed by Fahad Aizaz on 2011-12-15

Status:	Merged
Merged at revision:	6195
Proposed branch:	lp:~fahad-aizaz/hipl/hipd-hipfw-conf
Merge into:	lp:hipl
Diff against target:	150 lines (+17/-59) 7 files modified Makefile.am (+2/-1) debian/hipl-firewall.dirs (+1/-0) debian/hipl-firewall.install (+1/-0) hipfw/hipfw.conf (+11/-0) hipfw/rule_management.c (+0/-58) packaging/hipl.spec (+1/-0) packaging/openwrt/hipl/Makefile.in (+1/-0)
To merge this branch:	bzr merge lp:~fahad-aizaz/hipl/hipd-hipfw-conf
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
Diego Biurrun		2011-12-15	Approve on 2011-12-15
Review via email: mp+85869@code.launchpad.net

Description of the change

Removing run-time generation of hipfw configuration file. The configuration file is now distributed as part of HIP source.

Neccessary changes to distribute and install hipfw configuration file can be seen in the modifications for different distributions including OpenWRT, RPM and Debian. The Makefile.am is also modified to distribute and install hipfw configuration file at its correct path.

Revision history for this message

Diego Biurrun (diego-biurrun) wrote on 2011-12-15:

review approve

On Thu, Dec 15, 2011 at 02:16:26PM +0000, Fahad Aizaz wrote:
> Fahad Aizaz has proposed merging lp:~fahad-aizaz/hipl/hipd-hipfw-conf into lp:hipl.

No more issues, please merge :)

Diego

review: Approve

Revision history for this message

Diego Biurrun (diego-biurrun) wrote on 2012-01-04:

On Thu, Dec 15, 2011 at 02:16:26PM +0000, Fahad Aizaz wrote:
>
> For more details, see:
> https://code.launchpad.net/~fahad-aizaz/hipl/hipd-hipfw-conf/+merge/85869
>
> Removing run-time generation of hipfw configuration file. The configuration file is now distributed as part of HIP source.

This arguably misses hipfw/esp_prot_config.cfg, which should also be
installed by "make install".

Diego

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Fahad Aizaz

HIPL core team

 === modified file 'Makefile.am'
 --- Makefile.am	2011-12-12 14:33:52 +0000
 +++ Makefile.am	2011-12-15 14:15:29 +0000
@@ -137,7 +137,8 @@
  dist_sysconf_DATA = hipd/hipd.conf        \
                      hipd/hosts            \
                      hipd/nsupdate.conf    \
--                    hipd/relay.conf
++                    hipd/relay.conf       \
++                    hipfw/hipfw.conf
  hipfw_hipfw_sources = hipfw/cache.c               \
                        hipfw/dlist.c               \
 === modified file 'debian/hipl-firewall.dirs'
 --- debian/hipl-firewall.dirs	2010-12-28 16:53:40 +0000
 +++ debian/hipl-firewall.dirs	2011-12-15 14:15:29 +0000
@@ -1,1 +1,2 @@
  usr/sbin
++etc/hip
 === modified file 'debian/hipl-firewall.install'
 --- debian/hipl-firewall.install	2010-12-28 16:53:40 +0000
 +++ debian/hipl-firewall.install	2011-12-15 14:15:29 +0000
@@ -1,1 +1,2 @@
  debian/tmp/usr/sbin/hipfw usr/sbin/
++debian/tmp/etc/hip/hipfw.conf etc/hip/
 === added file 'hipfw/hipfw.conf'
 --- hipfw/hipfw.conf	1970-01-01 00:00:00 +0000
 +++ hipfw/hipfw.conf	2011-12-15 14:15:29 +0000
@@ -0,0 +1,11 @@
++# format: HOOK [match] TARGET
++#   HOOK   = INPUT, OUTPUT or FORWARD
++#   TARGET = ACCEPT or DROP
++#   match  = -src_hit [!] <hit value> --hi <file name>
++#            -dst_hit [!] <hit>
++#            -type [!] <hip packet type>
++#            -i [!] <incoming interface>
++#            -o [!] <outgoing interface>
++#            -state [!] <state> --verify_responder --accept_mobile --decrypt_contents
++#
++
 === modified file 'hipfw/rule_management.c'
 --- hipfw/rule_management.c	2011-11-29 11:37:54 +0000
 +++ hipfw/rule_management.c	2011-12-15 14:15:29 +0000
@@ -86,19 +86,6 @@
  #define MAX_LINE_LENGTH 512
  #define HIP_FW_DEFAULT_RULE_FILE HIPL_SYSCONFDIR "/hipfw.conf"
--#define HIP_FW_CONFIG_FILE_EX \
--    "# format: HOOK [match] TARGET\n" \
--    "#   HOOK   = INPUT, OUTPUT or FORWARD\n" \
--    "#   TARGET = ACCEPT or DROP\n" \
--    "#   match  = -src_hit [!] <hit value> --hi <file name>\n" \
--    "#            -dst_hit [!] <hit>\n" \
--    "#            -type [!] <hip packet type>\n" \
--    "#            -i [!] <incoming interface>\n" \
--    "#            -o [!] <outgoing interface>\n" \
--    "#            -state [!] <state> --verify_responder --accept_mobile --decrypt_contents\n" \
--    "#\n" \
--    "\n"
--
  enum {
      NO_OPTION,
@@ -118,49 +105,6 @@
  static struct dlist *forward_rules;
  /**
-- * Writes the default firewall configuration file to the disk if it does
-- * not exist
-- */
--static void check_and_write_default_config(const char *file)
--{
--    struct stat status;
--    FILE       *fp = NULL;
--    ssize_t     items;
--    int         i = 0;
--
--    /* Firewall depends on hipd to create HIPL_SYSCONFDIR */
--    for (i = 0; i < 5; i++) {
--        if (stat(HIPL_SYSCONFDIR, &status) &&
--            errno == ENOENT) {
--            HIP_INFO("%s does not exist. Waiting for hipd to start...\n",
--                     HIPL_SYSCONFDIR);
--            sleep(2);
--        } else {
--            break;
--        }
--    }
--
--    if (i == 5) {
--        HIP_DIE("Please start hipd or execute 'hipd -c'\n");
--    }
--
--    rename(HIPL_SYSCONFDIR "/firewall.conf", HIP_FW_DEFAULT_RULE_FILE);
--
--    if (stat(file, &status) && errno == ENOENT) {
--        errno = 0;
--        fp    = fopen(file, "w" /* mode */);
--        if (!fp) {
--            HIP_PERROR("Failed to write config file\n");
--        }
--        HIP_ASSERT(fp);
--        items = fwrite(HIP_FW_CONFIG_FILE_EX,
--                       strlen(HIP_FW_CONFIG_FILE_EX), 1, fp);
--        HIP_ASSERT(items > 0);
--        fclose(fp);
--    }
--}
--
--/**
   * accessor function to get the rule list of the given iptables hook
+  *
   * @param hook NF_IP6_LOCAL_IN, NF_IP6_LOCAL_OUT or NF_IP6_LOCAL_FORWARD
@@ -906,8 +850,6 @@
          file_name = HIP_FW_DEFAULT_RULE_FILE;
+     }
--    check_and_write_default_config(file_name);
--
      HIP_DEBUG("read_file: file %s\n", file_name);
      file = fopen(file_name, "r");
 === modified file 'packaging/hipl.spec'
 --- packaging/hipl.spec	2011-12-12 14:32:10 +0000
 +++ packaging/hipl.spec	2011-12-15 14:15:29 +0000
@@ -170,6 +170,7 @@
  %files firewall
  %{_sbindir}/hipfw
  %{_initddir}/hipfw
++%config(noreplace) %{_sysconfdir}/hip/hipfw.conf
  %files doc
  %doc doc/HOWTO.txt doc/HOWTO.html
 === modified file 'packaging/openwrt/hipl/Makefile.in'
 --- packaging/openwrt/hipl/Makefile.in	2011-12-12 14:33:06 +0000
 +++ packaging/openwrt/hipl/Makefile.in	2011-12-15 14:15:29 +0000
@@ -85,6 +85,7 @@
  	$(INSTALL_BIN) ./files/hipfw.init $(1)/etc/init.d/hipfw
  	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/hipfw $(1)/usr/sbin/
++	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/etc/hip/hipfw.conf $(1)/etc/hip/
  endef
  define Package/hipl-common/install

HIPL

Merge lp:~fahad-aizaz/hipl/hipd-hipfw-conf into lp:hipl

Commit message

Description of the change

Preview Diff

Subscribers