Merge lp:~hipl-core/hipl/libhip into lp:hipl

> === modified file 'lib/core/hostid.c'
> --- lib/core/hostid.c 2011-11-10 10:35:47 +0000
> +++ lib/core/hostid.c 2012-02-20 08:33:22 +0000
> @@ -743,11 +744,17 @@
> goto out_err;
> }
> } else if (!use_default) {
> + char hi_file_dup[strlen(hi_file) + 1];
> + strcpy(hi_file_dup, hi_file);
> + if ((err = check_and_create_dir(dirname(hi_file_dup), HIP_DIR_MODE))) {
> + HIP_ERROR("Could not create direcory for path: %s\n", hi_file);
> + goto out_err;
> + }

I investigated a bit and seems like PATH_MAX is 4096 chars on linux, which is probably OK even for stacks on embedded devices, but strdup() would be safer nevertheless.
My apologies for advising you to use the stack for that in the last mail (see also further below).

Probably unrelated: should this handle recursive mkdir()? check_and_create_dir() currently does not, as far as I see.

> === modified file 'lib/core/linkedlist.c'
> --- lib/core/linkedlist.c 2011-08-15 14:11:56 +0000
> +++ lib/core/linkedlist.c 2012-02-20 08:33:22 +0000
> @@ -298,6 +298,51 @@
> /**
> + * Deletes the first node from list which has the same ptr given.
> + * If there is no match, does nothing.
> + *
> + * @param linkedlist list to remoe an element from
> + * @param ptr pointer by which to identify the node
> + * @param free_element a function pointer to a function for freeing the memory
> + * allocated for an element at a node or NULL if the element
> + * itself is not to be freed.
> + */
> +void hip_ll_del_by_ptr(struct hip_ll *linkedlist, void *ptr,
> + free_elem_fn free_element)
> +{
> + struct hip_ll_node *curr;
> + struct hip_ll_node *tmp;
> +
> + /* match first list node */
> + if (linkedlist != NULL && linkedlist->element_count > 0
> + && linkedlist->head->ptr == ptr) {
> + tmp = linkedlist->head;
> + linkedlist->head = tmp->next;
> + linkedlist->element_count--;
> + if (free_element != NULL) {
> + free_element(tmp->ptr);
> + }
> + free(tmp);
> + return;
> + }
> +
> + /* match the rest list */
> + tmp = linkedlist->head;
> + for (curr = tmp->next; curr != NULL; curr = curr->next) {
> + if (curr->ptr == ptr) {
> + tmp->next = curr->next;
> + linkedlist->element_count--;
> + if (free_element != NULL) {
> + free_element(curr->ptr);
> + }
> + free(curr);
> + return;
> + }
> + tmp = tmp->next;
> + }
> +}

Looks like both loops can be merged, at first glance (untested):

if(!linkedlist || linkedlist->element_count == 0) {
 return;
}

struct hip_ll_node **storage = &linkedlist->head;
struct hip_ll_node *node = linkedlist->head;

while(node) {
 if(node->ptr == ptr) {
  *storage = node->next;
  free(node);
  node = *storage;

  linkedlist->elementcount -= 1;
  // could return here for micro optimization
 } else {
  storage = &node->next;
  node = node->next;
 }
}

> === renamed file 'hipd/init.c' => 'lib/hipdaemon/init....

On 20.02.2012 21:03, Christof Mroz wrote:
> struct hip_ll_node **storage = &linkedlist->head;
> struct hip_ll_node *node = linkedlist->head;
>
> while(node) {
> if(node->ptr == ptr) {
> *storage = node->next;
> free(node);
> node = *storage;
>
> linkedlist->elementcount -= 1;
> // could return here for micro optimization
> } else {
> storage = &node->next;
> node = node->next;
> }
> }

Just realized this can be compacted some more:

struct hip_ll_node **storage = &linkedlist->head;

while(*storage) {
     struct hip_ll_node *const node = *storage;

     if(node->ptr == ptr) {
         linkedlist->elementcount -= 1;
         *storage = node->next;

         free(node);
         // could return here for micro optimization
     } else {
         storage = &node->next;
     }
}

Hi,

On 20/02/12 22:03, Christof Mroz wrote:
> Review: Needs Fixing
>
>> === modified file 'lib/core/hostid.c'
>> --- lib/core/hostid.c 2011-11-10 10:35:47 +0000
>> +++ lib/core/hostid.c 2012-02-20 08:33:22 +0000
>> @@ -743,11 +744,17 @@
>> goto out_err;
>> }
>> } else if (!use_default) {
>> + char hi_file_dup[strlen(hi_file) + 1];
>> + strcpy(hi_file_dup, hi_file);
>> + if ((err = check_and_create_dir(dirname(hi_file_dup), HIP_DIR_MODE))) {
>> + HIP_ERROR("Could not create direcory for path: %s\n", hi_file);
>> + goto out_err;
>> + }
> I investigated a bit and seems like PATH_MAX is 4096 chars on linux, which is probably OK even for stacks on embedded devices, but strdup() would be safer nevertheless.
> My apologies for advising you to use the stack for that in the last mail (see also further below).
>
> Probably unrelated: should this handle recursive mkdir()? check_and_create_dir() currently does not, as far as I see.

Related stack memory usages have been reverted to malloc.

Regarding to check_and_create_dir(), in libhipl, using it is save,
because the parent directory (user's home folder) should exist.

Nice hints for linkedlist, it greatly shorten the lines of code :)

Xin

On Tue, Feb 21, 2012 at 05:36:57PM +0200, Xin Gu wrote:
> On 20/02/12 22:03, Christof Mroz wrote:
> >Review: Needs Fixing
> >
> >>=== modified file 'lib/core/hostid.c'
> >>--- lib/core/hostid.c 2011-11-10 10:35:47 +0000
> >>+++ lib/core/hostid.c 2012-02-20 08:33:22 +0000
> >>@@ -743,11 +744,17 @@
> >
> >Probably unrelated: should this handle recursive mkdir()? check_and_create_dir() currently does not, as far as I see.
>
> Regarding to check_and_create_dir(), in libhipl, using it is save,
> because the parent directory (user's home folder) should exist.

What happens if it does not exist?

Diego

On 21/02/12 21:21, Diego Biurrun wrote:
> On Tue, Feb 21, 2012 at 05:36:57PM +0200, Xin Gu wrote:
>> On 20/02/12 22:03, Christof Mroz wrote:
>>> Review: Needs Fixing
>>>
>>>> === modified file 'lib/core/hostid.c'
>>>> --- lib/core/hostid.c 2011-11-10 10:35:47 +0000
>>>> +++ lib/core/hostid.c 2012-02-20 08:33:22 +0000
>>>> @@ -743,11 +744,17 @@
>>> Probably unrelated: should this handle recursive mkdir()? check_and_create_dir() currently does not, as far as I see.
>> Regarding to check_and_create_dir(), in libhipl, using it is save,
>> because the parent directory (user's home folder) should exist.
> What happens if it does not exist?
>
>

Then the initialization process (loading the keys) will fail, program
exits with error.

Xin

Unless there's more to come (as you didn't request another review yet), I'm fine with the proposal.

Note that the early return in the linked list deletion routine is wrong if an item could be present multiple times.
In this case, in DEBUG configuration it could still be useful to trigger a HIP_ASSERT if an item is present multiple times but wasn't expected to (of course, you must always search the complete list then). This not directly related to this branch though.

If you commit the current version, remember to add bug tracker items concerning
- the non-recursive mkdir(): either always create the directory or never, but the current solution is something inbetween,
- the forking unit test: Even though forking is the simplest solution, tests should ideally not rely on their execution environment. Using mock functions you could also simulate dropped or corrupted packets for hipnetcat, etc.

Diego, I believe Xin has addressed the main issues, can we proceed to merge? We will continue to polish the library but we'd like to a get a more stable base for further work.

 review needs-fixing

Sorry, Stefan the bean counter is back...
> /**
> + * Deletes the first node from list which has the same ptr given.

well, maybe "which contains the payload pointer ptr"?

> + * If there is no match, does nothing.
> + *
> + * @param linkedlist list to remoe an element from

remo[v]e

> + * @param ptr pointer by which to identify the node
> + * @param free_element a function pointer to a function for freeing the memory
> + * allocated for an element at a node or NULL if the element
> + * itself is not to be freed.
> + */
> +void hip_ll_del_by_ptr(struct hip_ll *linkedlist, void *ptr,
> + free_elem_fn free_element)

const correctness: struct hip_ll *const linkedlist, const void *const ptr

To separate memory management from list management, I would find it a cleaner
API to not pass in a free function pointer but to return a void* pointer. If ptr
was found in the list and removed, the function should then return ptr itself.
If ptr was not found in the list, the function should return NULL. In any case,
the caller can free the memory for ptr (if they intend to do so) by calling
free(hip_ll_del_by_ptr(list, ptr)); This separates concerns and is still very
easy to use.

> +{
> + struct hip_ll_node *curr;
> + struct hip_ll_node *tmp;
> +
> + /* match first list node */
> + if (linkedlist != NULL && linkedlist->element_count > 0

the check for linkedlist != NULL should also cover the second part of this
function. I'd suggest adding an assertion for it.

> + && linkedlist->head->ptr == ptr) {
> + tmp = linkedlist->head;
> + linkedlist->head = tmp->next;
> + linkedlist->element_count--;
> + if (free_element != NULL) {
> + free_element(tmp->ptr);
> + }
> + free(tmp);
> + return;
> + }
> +
> + /* match the rest list */

rest [of ]the list?

> + tmp = linkedlist->head;
> + for (curr = tmp->next; curr != NULL; curr = curr->next) {
> + if (curr->ptr == ptr) {
> + tmp->next = curr->next;
> + linkedlist->element_count--;
> + if (free_element != NULL) {
> + free_element(curr->ptr);
> + }
> + free(curr);
> + return;
> + }
> + tmp = tmp->next;
> + }
> +}

Why not go with Christof's version? It looked much simpler to me.

> +void hip_ll_del_by_ptr(struct hip_ll *linkedlist, void *ptr,
> + free_elem_fn free_element);

const correctness

> /**
> + * Read a control message over TCP socket.

What exactly does this function do? What happens after the message is read? Is
it returned to the caller? Sent to another processing function? /dev/null? The
CIA? Paradise?

> + * @param sockfd a socket file descriptor
> + * @param ctx a pointer to the packet context
> + * @return -1 in case of an error, 0 otherwise.
> + */
> +int hip_read_control_msg_tcp(int sockfd, struct hip_packet_context *ctx)

const correctness

> +int hip_read_control_msg_tcp(int sockfd, struct hip_packet_context *ctx);

const correctness

> --- h...

On 26.02.2012 09:25, Stefan Götz wrote:
> To separate memory management from list management, I would find it a cleaner
> API to not pass in a free function pointer but to return a void* pointer. If ptr
> was found in the list and removed, the function should then return ptr itself.
> If ptr was not found in the list, the function should return NULL. In any case,
> the caller can free the memory for ptr (if they intend to do so) by calling
> free(hip_ll_del_by_ptr(list, ptr)); This separates concerns and is still very
> easy to use.

I'd rather vote for someone to pick up and finish your existing linked
list branch instead (one day), so we have a single implementation for
both hipd and hipfw.

I agree that passing the free function every time is stupid. Note though
that we could go the other extreme and store alloc/free function
pointers in the list head instead, to avoid this duplication altogether.
But ultimately your solution would wreak the least havoc, because there
is nothing unexpected going on behind the scenes (easier to comprehend
for new contributors) and we're unlikely to refactor this aspect.

>> +{
>> + struct hip_ll_node *curr;
>> + struct hip_ll_node *tmp;
>> +
>> + /* match first list node */
>> + if (linkedlist != NULL&& linkedlist->element_count> 0
>
> the check for linkedlist != NULL should also cover the second part of this
> function. I'd suggest adding an assertion for it.

Passing NULL to free()-like functions is usually a no-op (by
convention), so I disagree.

Hi,

On 02/26/2012 01:50 PM, Christof Mroz wrote:
>>> +{
>>> + struct hip_ll_node *curr;
>>> + struct hip_ll_node *tmp;
>>> +
>>> + /* match first list node */
>>> + if (linkedlist != NULL&& linkedlist->element_count> 0
>>
>> the check for linkedlist != NULL should also cover the second part of
>> this
>> function. I'd suggest adding an assertion for it.
>
> Passing NULL to free()-like functions is usually a no-op (by
> convention), so I disagree.

don't know if this applies here but, in general, we have agreed that
calling free(NULL) in the context of e.g. HIP_IFEL() is fine as
indicated by doc/HACKING:

   int f(void)
   {
       char *mem = NULL;
       HIP_IFEL(!(mem = HIP_ALLOC(256, 0)), -1, "alloc\n");

   out_err:
       free(mem);
       return err;
   }

This keeps the line count at minimum.

On Sat, Feb 25, 2012 at 09:52:17AM +0000, Miika Komu wrote:
> Diego, I believe Xin has addressed the main issues, can we proceed to
> merge? We will continue to polish the library but we'd like to a get a
> more stable base for further work.

No, the branch still has pending needs-fixing reviews and central issues
like the naming remain undecided.

Diego

Hi,

On 26/02/12 10:25, Stefan Götz wrote:
>> + * @param ptr pointer by which to identify the node
>> + * @param free_element a function pointer to a function for freeing the memory
>> + * allocated for an element at a node or NULL if the element
>> + * itself is not to be freed.
>> + */
>> +void hip_ll_del_by_ptr(struct hip_ll *linkedlist, void *ptr,
>> + free_elem_fn free_element)
> const correctness: struct hip_ll *const linkedlist, const void *const ptr

I was wondering if we can just use "const void *ptr"? I haven't figured
out why we need the second const.

If I understand correctly, you also suggest to change "struct
hip_packet_context *ctx" to "struct hip_packet_context *const ctx" for
the following function. Then I have the same question related to const
after asterisk.

int hip_read_control_msg_tcp(int sockfd, struct hip_packet_context *ctx)

> Why not go with Christof's version? It looked much simpler to me.

Current version is already based on Christof's advice. It seems that
somehow you receive an old version. I don't know why...

>> --- hipd/hadb.c 2012-02-17 10:45:47 +0000
>> +++ lib/hipdaemon/hadb.c 2012-02-20 08:33:22 +0000
>> @@ -616,7 +616,12 @@
>>
>> if (hip_select_source_address(&peer_map.our_addr,&peer_map.peer_addr)) {
>> HIP_ERROR("Cannot find source address\n");
>> - return -1;
>> + if (hipl_is_libhip_mode()) {
>> + memset(&peer_map.our_addr, 0, sizeof(peer_map.our_addr));
> How about 'peer_map.our_addr = INVALID_ADDR' with a suitable definition (and
> probably a better name for) INVALID_ADDR? It would reveal the intention of this
> code more clearly
>
>> + HIP_DEBUG("Using ANY for source address\n");
>> + } else {
>> + return -1;
>> + }

Hmm, what about add a comment? I add a comment and also rearrange this
part a bit, hope it is more clear.

> I couldn't finish reviewing, maybe later. In any case, const correctness for all
> further functions, please :)
>

I revised other code related to const correctness. Thanks for the review :)

https://code.launchpad.net/~hipl-core/hipl/libhip The diff in the
"Branch merges" section of this page is up-to-date.

Xin

Hi,

On 26/02/12 16:34, Diego Biurrun wrote:
> On Sat, Feb 25, 2012 at 09:52:17AM +0000, Miika Komu wrote:
>> Diego, I believe Xin has addressed the main issues, can we proceed to
>> merge? We will continue to polish the library but we'd like to a get a
>> more stable base for further work.
> No, the branch still has pending needs-fixing reviews and central issues
> like the naming remain undecided.
>
>

What is your opinion related to this naming issue? Previous we propose
to call it libhipl instead of libhipdaemon.
Since it will requires some efforts to change this, I hope we can agree
on a new name soon.

Xin

> I was wondering if we can just use "const void *ptr"? I haven't figured
> out why we need the second const.

http://www.parashift.com/c++-faq-lite/const-correctness.html

In short, 'const int *ptr' makes '*ptr = 7' illegal. 'int *const ptr' makes 'ptr
= NULL' illegal.

> If I understand correctly, you also suggest to change "struct
> hip_packet_context *ctx" to "struct hip_packet_context *const ctx" for
> the following function. Then I have the same question related to const
> after asterisk.
>
> int hip_read_control_msg_tcp(int sockfd, struct hip_packet_context *ctx)

Actually: const int sockfd, struct hip_packet_context *const ctx

Makes assignments to sockfd and ctx illegal because such assignments are not
necessary, anyway.

>> Why not go with Christof's version? It looked much simpler to me.
>
> Current version is already based on Christof's advice. It seems that
> somehow you receive an old version. I don't know why...

Ah, ok. No worries then.

>>> --- hipd/hadb.c 2012-02-17 10:45:47 +0000
>>> +++ lib/hipdaemon/hadb.c 2012-02-20 08:33:22 +0000
>>> @@ -616,7 +616,12 @@
>>>
>>> if (hip_select_source_address(&peer_map.our_addr,&peer_map.peer_addr)) {
>>> HIP_ERROR("Cannot find source address\n");
>>> - return -1;
>>> + if (hipl_is_libhip_mode()) {
>>> + memset(&peer_map.our_addr, 0, sizeof(peer_map.our_addr));
>> How about 'peer_map.our_addr = INVALID_ADDR' with a suitable definition (and
>> probably a better name for) INVALID_ADDR? It would reveal the intention of this
>> code more clearly
>>
>>> + HIP_DEBUG("Using ANY for source address\n");
>>> + } else {
>>> + return -1;
>>> + }
>
> Hmm, what about add a comment? I add a comment and also rearrange this
> part a bit, hope it is more clear.

Ok

Stefan

Hi,

> Hi,
>
> On 26/02/12 16:34, Diego Biurrun wrote:
> > On Sat, Feb 25, 2012 at 09:52:17AM +0000, Miika Komu wrote:
> >> Diego, I believe Xin has addressed the main issues, can we proceed to
> >> merge? We will continue to polish the library but we'd like to a get a
> >> more stable base for further work.
> > No, the branch still has pending needs-fixing reviews and central issues
> > like the naming remain undecided.
> >
> >
>
> What is your opinion related to this naming issue? Previous we propose
> to call it libhipl instead of libhipdaemon.
> Since it will requires some efforts to change this, I hope we can agree
> on a new name soon.

I suggested earlier:
* lib/hipl for the directory hierarchy
* libhipl.{so.a} for the resulting binary

Diego, what say ye?

> /**
> + * Read a control message over TCP socket and save it to @c hip_packet_context
> + * for future processing.

Ideally, this would also describe at least the most important checks that this code performs, how it handles socket errors, etc.

> +int hip_read_control_msg_tcp(int sockfd, struct hip_packet_context *const ctx)

const sockfd

> + is_ipv4 = (src_addr.sa_family == AF_INET);
> + if (is_ipv4) {
> + saddr4 = (struct sockaddr_in *) &src_addr;
> + IPV4_TO_IPV6_MAP(&saddr4->sin_addr, &ctx->src_addr);
> + ctx->msg_ports.src_port = ntohs(saddr4->sin_port);
> + } else {
> + saddr6 = (struct sockaddr_in6 *) &src_addr;
> + memcpy(&ctx->dst_addr, &saddr6->sin6_addr, sizeof(struct in6_addr));

a plain assignment instead of memcpy is easier to read in such cases, but that is a matter of taste.

> + ctx->msg_ports.src_port = ntohs(saddr6->sin6_port);
> + }

Some of the socket_wrapper functions fit in very well here.

> + HIP_DEBUG_IN6ADDR("src", &ctx->src_addr);
> + HIP_DEBUG_IN6ADDR("dst", &ctx->dst_addr);

Maybe more information than that? Such as 'received packet from TCP socket, src..., dst...'?

> +static int hipd_library_mode = 0;

Why not a boolean type?

> === added file 'lib/hipdaemon/socket_wrapper.c'
> --- lib/hipdaemon/socket_wrapper.c 1970-01-01 00:00:00 +0000
> +++ lib/hipdaemon/socket_wrapper.c 2012-02-26 19:08:21 +0000

It would be extremely good to have more documentation in this file. Why is the struct hipl_fd_info necessary, for example? I don't mean what information in contains - that is obvious - but what is its purpose? Why was it necessary?

All of the functions in this file need to be updated with stricter const correctness.

> +static struct hip_ll socket_list;

What kind of socket is stored in this list? It's struct hipl_fd_info objects, right?

Are there many such objects? If not it may be simpler to just use a fixed size array than a dynamic list that tends to be awkward to use (==read).

> +static struct in6_addr default_hit;

> +/**
> + * Get information on a HIP socket by its file descritor.

descri[p]tor

Please use an editor with a spell checker and respect its suggestions :)

> +/**
> + * Add peer's hit-to-addr mapping to hadb.
> + * @param peer_hit peer's hit
> + * @param peer_addr peer's addr, v4 addr should be mapped.
> + * @return 0 on success, -1 otherwise.
> + */
> +int hipl_add_peer_info(const hip_hit_t *peer_hit,
> + const struct in6_addr *peer_addr)
> +{
> + return hip_hadb_add_peer_info(peer_hit, peer_addr, NULL, NULL);
> +}

What's the point? Why not call hip_hadb_add_peer_info() in the first place?

More to come

Stefan

On Mon, Feb 27, 2012 at 07:25:23AM +0000, Miika Komu wrote:
> > On 26/02/12 16:34, Diego Biurrun wrote:
> > > On Sat, Feb 25, 2012 at 09:52:17AM +0000, Miika Komu wrote:
> > >> Diego, I believe Xin has addressed the main issues, can we proceed to
> > >> merge? We will continue to polish the library but we'd like to a get a
> > >> more stable base for further work.
> > > No, the branch still has pending needs-fixing reviews and central issues
> > > like the naming remain undecided.
> >
> > What is your opinion related to this naming issue? Previous we propose
> > to call it libhipl instead of libhipdaemon.
> > Since it will requires some efforts to change this, I hope we can agree
> > on a new name soon.
>
> I suggested earlier:
> * lib/hipl for the directory hierarchy

I don't think grouping all of that stuff together below lib/ is a bad
idea, just put it in its separate directory.

I previously said I wanted to move lib/core and lib/tool together, I
would still like to.

> * libhipl.{so.a} for the resulting binary

Fine with me.

Diego

Hi,

On Mon, Feb 27, 2012 at 9:04 AM, Stefan Götz <email address hidden> wrote:

>> +    is_ipv4 = (src_addr.sa_family == AF_INET);
>> +    if (is_ipv4) {
>> +        saddr4 = (struct sockaddr_in *) &src_addr;
>> +        IPV4_TO_IPV6_MAP(&saddr4->sin_addr, &ctx->src_addr);
>> +        ctx->msg_ports.src_port = ntohs(saddr4->sin_port);
>> +    } else {
>> +        saddr6 = (struct sockaddr_in6 *) &src_addr;
>> +        memcpy(&ctx->dst_addr, &saddr6->sin6_addr, sizeof(struct in6_addr));
>
> a plain assignment instead of memcpy is easier to read in such cases, but that is a matter of taste.

Either way there's a wrapper function for this purpose in
lib/core/prefix.c: ipv6_addr_copy(). Not sure if assignments are a
good idea but the wrapper should definitely be used instead of the
manual memcpy() with sizeof(). :)

On Mon, Feb 27, 2012 at 08:04:22AM +0000, Stefan Götz wrote:
> > + is_ipv4 = (src_addr.sa_family == AF_INET);
> > + if (is_ipv4) {
> > + saddr4 = (struct sockaddr_in *) &src_addr;
> > + IPV4_TO_IPV6_MAP(&saddr4->sin_addr, &ctx->src_addr);
> > + ctx->msg_ports.src_port = ntohs(saddr4->sin_port);
> > + } else {
> > + saddr6 = (struct sockaddr_in6 *) &src_addr;
> > + memcpy(&ctx->dst_addr, &saddr6->sin6_addr, sizeof(struct in6_addr));
>
> a plain assignment instead of memcpy is easier to read in such cases,
> but that is a matter of taste.

I'd disagree with the taste part - just use assignments.

Diego

Hi,

On 26/02/12 22:34, Stefan Götz wrote:
>> I was wondering if we can just use "const void *ptr"? I haven't figured
>> out why we need the second const.
> http://www.parashift.com/c++-faq-lite/const-correctness.html
>
> In short, 'const int *ptr' makes '*ptr = 7' illegal. 'int *const ptr' makes 'ptr
> = NULL' illegal.
>
>> If I understand correctly, you also suggest to change "struct
>> hip_packet_context *ctx" to "struct hip_packet_context *const ctx" for
>> the following function. Then I have the same question related to const
>> after asterisk.
>>
>> int hip_read_control_msg_tcp(int sockfd, struct hip_packet_context *ctx)
> Actually: const int sockfd, struct hip_packet_context *const ctx
>
> Makes assignments to sockfd and ctx illegal because such assignments are not
> necessary, anyway.
>
>

I understand the syntax of const, but from the caller's point of view,
it has no difference if the function parameters are "const int sockfd,
struct hip_packet_context *const ctx" or "int sockfd, struct
hip_packet_context *ctx". Because both integer and pointer are
pass-by-value, and callee changing those parameters or not won't affect
caller.

That's why I am wondering if it is really necessary to add const under
those situations, if we have a look at some other C libraries, it is
also rare to see them using const in this way. For example, socket(int,
int, int) not socket(const int, const int, const int).

Of course, a const pointer like "const char *ptr" is necessary, which
means the function will not alter the data this ptr points to. My commit
last night fixed the const missing for this case.

Xin

Hi,

On 02/27/2012 10:23 AM, Diego Biurrun wrote:
> On Mon, Feb 27, 2012 at 07:25:23AM +0000, Miika Komu wrote:
>>> On 26/02/12 16:34, Diego Biurrun wrote:
>>>> On Sat, Feb 25, 2012 at 09:52:17AM +0000, Miika Komu wrote:
>>>>> Diego, I believe Xin has addressed the main issues, can we proceed to
>>>>> merge? We will continue to polish the library but we'd like to a get a
>>>>> more stable base for further work.
>>>> No, the branch still has pending needs-fixing reviews and central issues
>>>> like the naming remain undecided.
>>>
>>> What is your opinion related to this naming issue? Previous we propose
>>> to call it libhipl instead of libhipdaemon.
>>> Since it will requires some efforts to change this, I hope we can agree
>>> on a new name soon.
>>
>> I suggested earlier:
>> * lib/hipl for the directory hierarchy
>
> I don't think grouping all of that stuff together below lib/ is a bad
> idea, just put it in its separate directory.
>
> I previously said I wanted to move lib/core and lib/tool together, I
> would still like to.

I believe this request is unrelated to the merge proposal?

Anyway, we have decided earlier that lib/core contains MIT-licensed code
and lib/tool GPL-licensed code. Now that I think about this separation,
I think the copyright already states clearly the difference. So, I don't
really object against merging the two directories.

Hi,

On 02/27/2012 11:27 AM, Xin Gu wrote:
> That's why I am wondering if it is really necessary to add const under
> those situations, if we have a look at some other C libraries, it is
> also rare to see them using const in this way. For example, socket(int,
> int, int) not socket(const int, const int, const int).

the Sockets API is a bit sloppy and we're trying to be more strict in HIPL.

Hi Xin,

your understanding is quite correct. It is simply project policy to make all data as 'const' as possible because it helps to detect bugs. For example:

void foo(list_t *list) {
  if (list = NULL) {
    return;
  } else {
    // do stuff with list
  }
}

cannot go unnoticed when foo is declared as 'void foo(list_t *const list)'

So you're right: such const qualifiers are not *necessary*. But the hipl team still considers them a very good idea.

Cheers,
 Stefan

On 27/02/12 11:46, Stefan Götz wrote:
> Hi Xin,
>
> your understanding is quite correct. It is simply project policy to make all data as 'const' as possible because it helps to detect bugs. For example:
>
> void foo(list_t *list) {
> if (list = NULL) {
> return;
> } else {
> // do stuff with list
> }
> }
>
> cannot go unnoticed when foo is declared as 'void foo(list_t *const list)'
>
> So you're right: such const qualifiers are not *necessary*. But the hipl team still considers them a very good idea.
>
> Cheers,
> Stefan
>
>

Hi Stefan,

Thanks for this explanation, so we are using const in this case for the
function author to avoid potential bugs and it is also helpful for
others to understand the code. It is a good practice, I will follow this
style.

I have one suggestion: for the function declaration in the header file,
I suggest that we can eliminate this kind of const because it makes no
sense for the API caller. For instance:

In linkedlist.h
void hip_ll_del_by_ptr(struct hip_ll *linkedlist, const void *ptr,
                        free_elem_fn free_element);

In linkedlist.c
void hip_ll_del_by_ptr(struct hip_ll *const linkedlist, const void
*const ptr,
                        free_elem_fn free_element) {
     ... ....
}

Compiler will treat them as the same function. I am also thinking if
there is any compiler option to enforce this const by default, then
perhaps we don't need to type it everywhere :)

Xin

On 27/02/12 10:04, Stefan Götz wrote:
>
>> + ctx->msg_ports.src_port = ntohs(saddr6->sin6_port);
>> + }
> Some of the socket_wrapper functions fit in very well here.

Didn't get your point, which function?

>
>> +static struct hip_ll socket_list;
> What kind of socket is stored in this list? It's struct hipl_fd_info objects, right?
>
> Are there many such objects? If not it may be simpler to just use a fixed size array than a dynamic list that tends to be awkward to use (==read).

Added comments about this field.

Yes, it is a list of hipl_fd_info. Since the number of open HIPL sockets
is determined by the user, I think it is difficult to make it as a fixed
size array.

>
>> +/**
>> + * Add peer's hit-to-addr mapping to hadb.
>> + * @param peer_hit peer's hit
>> + * @param peer_addr peer's addr, v4 addr should be mapped.
>> + * @return 0 on success, -1 otherwise.
>> + */
>> +int hipl_add_peer_info(const hip_hit_t *peer_hit,
>> + const struct in6_addr *peer_addr)
>> +{
>> + return hip_hadb_add_peer_info(peer_hit, peer_addr, NULL, NULL);
>> +}
> What's the point? Why not call hip_hadb_add_peer_info() in the first place?
>

This is an API for LIBHIPL user. We don't want user to directly handle hadb.

The const correctness is applied to all functions.

Xin

>>
>>> + ctx->msg_ports.src_port = ntohs(saddr6->sin6_port);
>>> + }
>> Some of the socket_wrapper functions fit in very well here.
>
> Didn't get your point, which function?

I meant get_port_from_saddr()

On 28/02/12 09:28, Stefan Götz wrote:
> I meant get_port_from_saddr()
>
>

This get_port_from_saddr() function is used when you don't know the
saddr is AF_INET or AF_INET6, and it is a static function, but in
currently condition we already know it is IPv4 or v6, because except
port number, we also extract the IP address from it.

Xin

On 27/02/12 14:35, Diego Biurrun wrote:
> On Mon, Feb 27, 2012 at 11:31:45AM +0200, Miika Komu wrote:
>> On 02/27/2012 10:23 AM, Diego Biurrun wrote:
>> I believe this request is unrelated to the merge proposal?
> What to do with lib/core and lib/tool is, yes, but what to do with
> libhipl is not.
>
>
In libhip branch, I have changed libhipdaemon to libhipl, and renamed
folder from lib/hipdaemon to lib/hipl

Xin

Sorry, no time for more reviews :-(

Unless somebody objects by Friday, I would suggest Xin to merge the code then.

 review needs-fixing

On Tue, Mar 13, 2012 at 09:51:23AM +0000, Miika Komu wrote:
> Unless somebody objects by Friday, I would suggest Xin to merge the code then.

I object. This merge request had many comments and questions that I did
not see addressed. I would expect a fresh merge request at least.

Diego

Hi,

On 13/03/12 17:58, Diego Biurrun wrote:
> I object. This merge request had many comments and questions that I did
> not see addressed. I would expect a fresh merge request at least.
>
Since all the reviewers approve this merge request, I don't know where
is the open comments and questions you said. If I miss something, could
you show them so I can fix accordingly?

Xin

On Wed, Mar 14, 2012 at 01:51:56PM +0200, Xin Gu wrote:
> On 13/03/12 17:58, Diego Biurrun wrote:
> >I object. This merge request had many comments and questions that I did
> >not see addressed. I would expect a fresh merge request at least.
> >
> Since all the reviewers approve this merge request,

I don't approve it and I set my review to needs-fixing.

> I don't know where is the open comments and questions you said. If I
> miss something, could you show them so I can fix accordingly?

As I said, I am expecting a fresh merge request; this one had far too
many comments.

Diego