HIPL

Merge lp:~hipl-core/hipl/opp-removal into lp:hipl

  1. opp-removal
  2. Merge into trunk
Proposed by René Hummen
Status: Superseded
Proposed branch: lp:~hipl-core/hipl/opp-removal
Merge into: lp:hipl
Diff against target: 3193 lines (+215/-2202)
26 files modified
Makefile.am (+0/-6)
doc/HOWTO.xml.in (+1/-266)
firewall/cache.c (+1/-61)
firewall/cache.h (+0/-11)
firewall/firewall.c (+56/-284)
firewall/firewall_control.c (+0/-6)
firewall/sysopp.c (+0/-226)
firewall/sysopp.h (+0/-39)
hipd/close.c (+0/-11)
hipd/hadb.c (+0/-16)
hipd/hipd.h (+0/-4)
hipd/init.c (+0/-16)
hipd/input.c (+114/-13)
hipd/maintenance.c (+1/-34)
hipd/oppdb.c (+0/-739)
hipd/oppdb.h (+0/-77)
hipd/oppipdb.c (+0/-231)
hipd/oppipdb.h (+0/-48)
hipd/output.c (+0/-5)
hipd/user.c (+35/-13)
lib/core/builder.c (+0/-4)
lib/core/conf.c (+5/-77)
lib/core/conf.h (+0/-7)
lib/core/hashtable.c (+0/-2)
lib/core/icomm.h (+2/-5)
modules/update/hipd/update_legacy.c (+0/-1)
To merge this branch: bzr merge lp:~hipl-core/hipl/opp-removal
Reviewer Review Type Date Requested Status
HIPL core team Pending
Review via email: mp+45696@code.launchpad.net

This proposal has been superseded by a proposal from 2011-01-10.

Description of the change

This branch aims at decreasing the code size of the project by removing (mostly) unused opportunistic BEX functionality (handshake, where IPs are known, but HITs are unkown). Specifically, it removes the oppdb and oppipdb from hipd. Both databases were designed to minimize the delay introduced by implementations of the opportunistic BEX mode of HIP. Furthermore, this branch removes the opportunistic mode implementation in the firewall. As a result, HIPL no longer supports triggering opportunistic HIP connections by applications.

After applying this branch to trunk, HIPL should still support responding to an opportunistic I1 (this has not been touched) as well as opportunistic registration with a HIP server.

NOTE: Needs testing.

To post a comment you must log in.
Revision history for this message
Stefan Götz (stefan.goetz-deactivatedaccount) wrote :

> NOTE: Needs testing

Merging untested changes to trunk doesn't sound right to me quality-wise... Along that line, I'm not sure I want to review code that isn't even known to work :-)

lp:~hipl-core/hipl/opp-removal updated
5291. By René Hummen

merge trunk revision 5424

5292. By René Hummen

re-add handling of opportunistic mode for I1 (registration only) and R1

This has been deleted by mistake. The new code has been copy-pasted
from oppdb.

5293. By René Hummen

merge trunk revision 5447

5294. By René Hummen

remove reference to opportunistic mode in manual

5295. By René Hummen

remove unused message type HIP_MSG_GET_PEER_HIT

5296. By René Hummen

merge trunk revision 5528

Unmerged revisions

5296. By René Hummen

merge trunk revision 5528

5295. By René Hummen

remove unused message type HIP_MSG_GET_PEER_HIT

5294. By René Hummen

remove reference to opportunistic mode in manual

5293. By René Hummen

merge trunk revision 5447

5292. By René Hummen

re-add handling of opportunistic mode for I1 (registration only) and R1

This has been deleted by mistake. The new code has been copy-pasted
from oppdb.

5291. By René Hummen

merge trunk revision 5424

5290. By René Hummen

re-add handling of opportunistic HIP server registration

Part of this functionality relied on oppdb and was removed earlier. Now,
opportunistic HIP server registration only relies on hadb.

5289. By René Hummen

remove comment referencing oppdb

5288. By René Hummen

remove todo related to opportunistic TCP

5287. By René Hummen

remove redundant ;

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'Makefile.am'
2--- Makefile.am 2010-12-28 18:47:10 +0000
3+++ Makefile.am 2011-01-10 18:30:13 +0000
4@@ -124,11 +124,6 @@
5 hipd_hipd_SOURCES += hipd/pisa.c
6 endif
7
8-if HIP_OPPORTUNISTIC
9-hipd_hipd_SOURCES += hipd/oppdb.c \
10- hipd/oppipdb.c
11-endif
12-
13 firewall_hipfw_SOURCES = firewall/cache.c \
14 firewall/conntrack.c \
15 firewall/dlist.c \
16@@ -146,7 +141,6 @@
17 firewall/port_bindings.c \
18 firewall/reinject.c \
19 firewall/rule_management.c \
20- firewall/sysopp.c \
21 firewall/user_ipsec_api.c \
22 firewall/user_ipsec_esp.c \
23 firewall/user_ipsec_fw_msg.c \
24
25=== modified file 'doc/HOWTO.xml.in'
26--- doc/HOWTO.xml.in 2011-01-06 19:50:27 +0000
27+++ doc/HOWTO.xml.in 2011-01-10 18:30:13 +0000
28@@ -1056,29 +1056,7 @@
29 hipconf command also to @sysconfdir@/hipd_config and restart hipd.
30 </para>
31 </section>
32- <section id="sec_advanced_methods">
33- <title>Experimental Methods</title>
34- <para>
35- These methods are experimental. Use with care and only if you know what you are doing!
36- </para>
37- <para>
38- 1. Use the opportunistic mode as described in
39- <xref linkend="opportunistic" />. This method works with both IPv4 and
40- IPv6 applications. It does not require any HIP name configuration at all.
41- </para>
42- <para>
43- 1a. Running a single IPv6-enabled application using HIP: <emphasis>hipconf run opp &lt;EXECUTABLE&gt;</emphasis>
44- </para>
45- <para>
46- 1b. Enabling HIP for all applications in bash shell (add to bashrc if you want to set this permanently): <emphasis>export LD_PRELOAD=libopphip.so:libhiptool.so</emphasis>
47- </para>
48- <para>
49- 2. Use the system-based opportunistic mode as instructed in
50- <xref linkend="sys_based_opp_mode" />. Does not require either
51- any kind of HIP name configuration at all.
52- </para>
53- </section>
54-
55+
56 <section id="ch_tips_for_hip">
57 <title>Tips for Using HIP with Some Applications</title>
58 <section id="sec_using_hip_proxy">
59@@ -2796,249 +2774,6 @@
60 <chapter id="ch_exp_extensions">
61 <title>Other Experimental HIP Extensions</title>
62
63- <section id="opportunistic">
64- <title>Using Opportunistic mode</title>
65- <itemizedlist>
66- <listitem><para>
67- Opportunistic mode has two benefits. First, you don't have to know
68- the HIT of the peer. This is makes HIP more suitable to "ad-hoc"
69- environments where preconfiguration of HITs is difficult. Second, the
70- opp. mode implementation allows the use of IPv4 addresses at the
71- application. This way, even IPv4-only legacy applications can benefit
72- from the security and mobility features of HIP.
73- </para></listitem>
74- <listitem><para>
75- Opportunistic mode is compiled on by default. In order to use Opportunistic mode enabled HIP, the following steps are needed:
76- </para></listitem>
77- <listitem><para>
78- Move to top level of HIPL
79- </para></listitem>
80- <listitem><para>
81- e.g. cd hipl
82- </para></listitem>
83- <listitem><para>
84- Run autoreconf
85- </para></listitem>
86- <listitem><para>
87- autoreconf --install
88- </para></listitem>
89- <listitem><para>
90- Run configure
91- </para></listitem>
92- <listitem><para>
93- ./configure
94- </para></listitem>
95- <listitem><para>
96- Run make
97- </para></listitem>
98- <listitem><para>
99- make
100- </para></listitem>
101- <listitem><para>
102- Run make install
103- </para></listitem>
104- <listitem><para>
105- make install
106- </para></listitem>
107- <listitem><para>
108- Run hip daemon on both "crash" and "oops"
109- </para></listitem>
110- <listitem><para>
111- hipd
112- </para></listitem>
113- <listitem><para>
114- Use the hipconf tool to set up HIP Opportunistic mode on both
115- hosts manually. "hipconf set opp on|off" is used to
116- enable/disable opportunistic mode. By default it is on.
117- </para></listitem>
118- <listitem><para>
119- Now the opportunistic mode is enabled. To test Opportunistic mode, you need to remove crash's HITs and name from @sysconfdir@/hosts, and then following the steps in <xref linkend="ch_basictest" />.
120- </para></listitem>
121- </itemizedlist>
122-
123- <para>
124- HIPL supports also opportunistic mode that is uses TCP options to
125- detect whether peer supports HIP or not. This is particularly
126- useful in networking environments without HIP look up
127- infrastructure (DNS/etc) and where the number of HIP hosts
128- is small. This "advanced" version of the opportunistic mode
129- enables fast and backwards compatible fallback to non-HIP
130- communications for TCP connections when the peer does not support
131- HIP. To use the opportunistic mode, start both the hipd and hipfw (e.g. with option -A).
132- Then instruct "hipconf set opp advanced" and use the opportunistic mode as instructed
133- earlier in this section.
134-</para>
135-
136- <section id="efficient_HIP_detection">
137- <title>Opportunistic mode with efficient detection of peer HIP capability</title>
138- <para>
139- The normal HIP opportunistic mode experiences a delay when
140- a HIP peer tries to communicate with a non-HIP peer. This happens
141- because the initiator waits for a HIP response before falling
142- back on normal TCP communication. The efficient detection of
143- peer HIP capability enables us to detect peer HIP capability or
144- the lack thereof. If we detect that the peer supports HIP, we
145- continue the HIP opportunistic communication. Otherwise,
146- communication falls back on plain TCP. Efficient detection of
147- peer HIP capability is enabled with the second of the following
148- commands.
149- </para>
150- <para>
151- As an example, we run the HIP daemon first.
152- </para>
153- <para>
154- 1. hipd
155- </para>
156- <para>
157- Afterwards, we run the firewall as shown in the following command. The
158- firewall is needed in case the peer does not support HIP, because it
159- captures the incoming TCP SYN_ACK packet and notifies the HIPD of the
160- lack of HIP support at the peer:
161- </para>
162- <para>
163- 2. hipfw -dA
164- </para>
165- <para>
166- Then, we enable efficient, undelayed detection of peer HIP
167- capability with the following command:
168- </para>
169- <para>
170- 3. hipconf set opp advanced
171- </para>
172- <para>
173- To try the feature, we initiate a TCP connection using the HIP
174- opportunistic library:
175- </para>
176- <para>
177- 4. hipconf run opp wget IP-number
178- </para>
179- <para>
180- One thing to stress here is that the receiver should also run the
181- firewall and enable the efficient HIP opportunistic mode in order
182- to be ensure being detected correctly. If this feature is not enabled
183- at the receiver, correct detection depends on the relative latency of a
184- TCP and a HIP packet.
185- </para>
186- <para>
187- The enabling at the receiver is done by executing step 2 after
188- the HIP daemon has started.
189- </para>
190- </section>
191-
192- <section id="sys_based_opp_mode">
193- <title>System-based opportunistic mode (experimental)</title>
194- <para>
195- The system-based opportunistic mode enables HIP communication
196- without the use of the opportunistic library. If the peer does
197- not support HIP, communication falls back on normal TCP
198- communication.
199- </para>
200- <para>
201- The system-based opportunistic mode is implemented at the HIP
202- firewall. It is enabled with the -o option as shown below:
203- </para>
204- <para>
205- hipfw -dAo
206- </para>
207- <para>
208- Following is an example of all the steps to be followed at two peers
209- for using the system-based opportunistic mode between them.
210- </para>
211- <para>
212- At the responder, one can execute these steps:
213- </para>
214- <para>
215- 1. hipd
216- </para>
217- <para>
218- 2. hipfw -Aod
219- </para>
220- <para>
221- 3. nc -l 1111
222- </para>
223- <para>
224- At the initiator, one can execute these steps:
225- </para>
226- <para>
227- 1. hipd
228- </para>
229- <para>
230- 2. hipfw -dAo
231- </para>
232- <para>
233- 3. nc &lt;responder-ip&gt; 1111
234- </para>
235- </section>
236-
237-<!--
238- <section>
239-
240- <title>Accessing the kernel peer list</title>
241- <itemizedlist>
242- <listitem>
243- <para>You can access the kernel's list of known HIP peers using the native
244- getendpointinfo name resolution interface.</para>
245- </listitem>
246- <listitem>
247- <para>By default, the interface first checks the @sysconfdir@/hosts file for
248- a matching host. If one is not found, the kernel is queried for its
249- list of known HIP peers and the list is examined for matches.</para>
250- </listitem>
251- <listitem>
252- <para>To only check the kernel list, set the hints.ei_flags to
253- AI_HIP | AI_KERNEL_LIST. This will use only the kernel list and will
254- not check the hosts file.</para>
255- </listitem>
256- <listitem>
257- <para>To retrieve the list of known peers from the kernel, set the
258- hints.ei_flags to AI_HIP | AI_KERNEL_LIST and the nodename to NULL.
259- This will query the kernel for the list and return the entire
260- list.</para>
261- </listitem>
262- </itemizedlist>
263- </section>
264--->
265-
266-
267- <section id="ch_datapacket_mode">
268- <title>Data packet mode (experimental)</title>
269-
270- <para>
271- HIPL supports the extensions defined in
272- <ulink url="http://tools.ietf.org/html/draft-nikander-hip-hiccups" />. Support for the extensions
273- is very experimental and may not interoperate with other extensions in HIPL. The data packet mode does not
274- support sequence numbers, UDP encapsulation nor switching to ESP yet. Next, we'll give an example how to try out the extension:
275- </para>
276-
277- <para>
278- Start HIP software as follows both at the client and server host:
279- </para>
280-
281-<programlisting>
282-# hipd -k
283-# hipfw -Aid
284-# hipconf datapacket on
285-</programlisting>
286-
287- <para>
288- Notice that the last command can be also configured to @sysconfdir@/hipd_config
289- </para>
290-
291- <para>
292- Then execute at the client:
293- </para>
294-
295-<programlisting>
296-ping6 &lt;HIT_OF_THE_SERVER&gt;
297-</programlisting>
298-
299- <para>
300- Please do not take &lt;HIT_OF_THE_SERVER&gt; literally. You should replace it with the
301- actual HIT of the server.
302- </para>
303- </section>
304- </section>
305-
306 <section id="ch_shotgun">
307 <title>"Shotgun" Extension</title>
308
309
310=== modified file 'firewall/cache.c'
311--- firewall/cache.c 2011-01-09 22:18:11 +0000
312+++ firewall/cache.c 2011-01-10 18:30:13 +0000
313@@ -63,7 +63,7 @@
314 *
315 * @return the allocated cache entry
316 */
317-struct hip_hadb_user_info_state *hip_cache_create_hl_entry(void)
318+static struct hip_hadb_user_info_state *hip_cache_create_hl_entry(void)
319 {
320 struct hip_hadb_user_info_state *entry = NULL;
321 int err = 0;
322@@ -232,25 +232,6 @@
323 }
324
325 /**
326- * Delete a database entry identified by HITs, LSIs or IPs
327- *
328- * @param local local identifier or locator (optional)
329- * @param peer peer identifier or locator
330- * @param type whether the parameters are HITs, LSIs or IPs
331- */
332-void hip_firewall_cache_db_del_entry(const void *local, const void *peer,
333- enum fw_cache_query_type type)
334-{
335- struct hip_hadb_user_info_state *entry;
336-
337- entry = hip_firewall_cache_db_match(local, peer, type, 0);
338- if (entry) {
339- hip_ht_delete(firewall_cache_db, entry);
340- free(entry);
341- }
342-}
343-
344-/**
345 * Generate the hash information that is used to index the cache table
346 *
347 * @param ptr pointer to the hit used to make the hash
348@@ -353,44 +334,3 @@
349 out_err:
350 return err;
351 }
352-
353-/**
354- * Update the HIT and state information of an entry identified by a pair
355- * of IP addresses. Used for opportunistic base exchange.
356- *
357- * @param ip_our local IP to search for (optional)
358- * @param ip_peer peer IP to search for
359- * @param hit_our new local hit (optional)
360- * @param hit_peer new peer hit (optional)
361- * @param state new state
362- * @return 0 on success, negative on error
363- */
364-
365-int hip_firewall_cache_update_entry(const struct in6_addr *ip_our,
366- const struct in6_addr *ip_peer,
367- const struct in6_addr *hit_our,
368- const struct in6_addr *hit_peer,
369- int state)
370-{
371- int err = 0;
372- struct hip_hadb_user_info_state *entry;
373-
374- HIP_IFEL(!ip_peer, -1, "Need peer IP to search\n");
375-
376- entry = hip_firewall_cache_db_match(ip_our, ip_peer, FW_CACHE_IP, 0);
377- HIP_IFEL(!entry, -1, "No cache entry found\n");
378-
379- if (hit_our) {
380- ipv6_addr_copy(&entry->hit_our, hit_our);
381- }
382- if (hit_peer) {
383- /* A hash of the peer HIT is used as the key. Re-add to update. */
384- hip_ht_delete(firewall_cache_db, entry);
385- ipv6_addr_copy(&entry->hit_peer, hit_peer);
386- hip_ht_add(firewall_cache_db, entry);
387- }
388- entry->state = state;
389-
390-out_err:
391- return err;
392-}
393
394=== modified file 'firewall/cache.h'
395--- firewall/cache.h 2011-01-04 13:57:31 +0000
396+++ firewall/cache.h 2011-01-10 18:30:13 +0000
397@@ -38,23 +38,12 @@
398 enum fw_cache_query_type type,
399 int query_daemon);
400
401-void hip_firewall_cache_db_del_entry(const void *local, const void *peer,
402- enum fw_cache_query_type type);
403-
404 void hip_firewall_cache_init_hldb(void);
405
406-struct hip_hadb_user_info_state *hip_cache_create_hl_entry(void);
407-
408 void hip_firewall_cache_delete_hldb(int);
409
410 int hip_firewall_cache_set_bex_state(const struct in6_addr *hit_s,
411 const struct in6_addr *hit_r,
412 int state);
413
414-int hip_firewall_cache_update_entry(const struct in6_addr *ip_our,
415- const struct in6_addr *ip_peer,
416- const struct in6_addr *hit_our,
417- const struct in6_addr *hit_peer,
418- int state);
419-
420 #endif /* HIP_FIREWALL_CACHE_H */
421
422=== modified file 'firewall/firewall.c'
423--- firewall/firewall.c 2011-01-10 10:14:22 +0000
424+++ firewall/firewall.c 2011-01-10 18:30:13 +0000
425@@ -98,15 +98,13 @@
426 #include "rule_management.h"
427 #include "user_ipsec_api.h"
428 #include "firewall.h"
429-#include "sysopp.h"
430
431
432 /* packet types handled by the firewall */
433 #define OTHER_PACKET 0
434 #define HIP_PACKET 1
435 #define ESP_PACKET 2
436-#define TCP_PACKET 3
437-#define FW_PROTO_NUM 4 /* number of packet types */
438+#define FW_PROTO_NUM 3 /* number of packet types */
439
440 /* location of the lock file */
441 #define HIP_FIREWALL_LOCK_FILE HIPL_LOCKDIR "/hip_firewall.lock"
442@@ -145,7 +143,6 @@
443 int filter_traffic = HIP_FW_FILTER_TRAFFIC_BY_DEFAULT;
444 int hip_kernel_ipsec_fallback = 0;
445 int hip_lsi_support = 0;
446-int system_based_opp_mode = 0;
447 int esp_relay = 0;
448 int hip_esp_protection = 0;
449 #ifdef CONFIG_HIP_MIDAUTH
450@@ -194,7 +191,6 @@
451 printf(" -I = as -i, also allow fallback to kernel ipsec when exiting hipfw\n");
452 printf(" -e = use esp protection extension (also sets -i)\n");
453 printf(" -l = activate lsi support\n");
454- printf(" -o = system-based opportunistic mode\n\n");
455 printf(" -p = run with lowered priviledges. iptables rules will not be flushed on exit\n");
456 printf(" -h = print this help\n");
457 #ifdef CONFIG_HIP_MIDAUTH
458@@ -413,31 +409,9 @@
459 }
460
461 /**
462- * Initialize packet capture rules for system-based opportunistic mode
463+ * Initialize all basic and extended packet capture rules
464 *
465 * @return zero on success and non-zero on failure
466- */
467-static int hip_fw_init_system_based_opp_mode(void)
468-{
469- int err = 0;
470-
471- if (system_based_opp_mode) {
472- system_print("iptables -N HIPFWOPP-INPUT");
473- system_print("iptables -N HIPFWOPP-OUTPUT");
474-
475- system_print("iptables -I HIPFW-OUTPUT ! -d 127.0.0.1 -j QUEUE");
476- system_print("ip6tables -I HIPFW-INPUT -d 2001:0010::/28 -j QUEUE");
477-
478- system_print("iptables -I HIPFW-INPUT -j HIPFWOPP-INPUT");
479- system_print("iptables -I HIPFW-OUTPUT -j HIPFWOPP-OUTPUT");
480- }
481-
482- return err;
483-}
484-
485-
486-/*
487- * Initialize rules for filtering traffic
488 *
489 */
490 static void firewall_init_filter_traffic(void)
491@@ -512,7 +486,6 @@
492
493
494 firewall_init_filter_traffic();
495- HIP_IFEL(hip_fw_init_system_based_opp_mode(), -1, "failed to load extension\n");
496 HIP_IFEL(hip_fw_init_lsi_support(), -1, "failed to load extension\n");
497 HIP_IFEL(hip_fw_init_userspace_ipsec(), -1, "failed to load extension\n");
498 HIP_IFEL(hip_fw_init_esp_prot(), -1, "failed to load extension\n");
499@@ -568,33 +541,6 @@
500 esp_relay = 0;
501 }
502
503-/**
504- * Uninitialize packet capture rules for system-based opportunistic mode
505- *
506- * @return zero on success and non-zero on failure
507- */
508-static int hip_fw_uninit_system_based_opp_mode(void)
509-{
510- int err = 0;
511-
512- if (system_based_opp_mode) {
513- system_based_opp_mode = 0;
514-
515- system_print("iptables -D HIPFW-INPUT -j HIPFWOPP-INPUT");
516- system_print("iptables -D HIPFW-OUTPUT -j HIPFWOPP-OUTPUT");
517-
518- system_print("iptables -D HIPFW-OUTPUT ! -d 127.0.0.1 -j QUEUE");
519- system_print("ip6tables -D HIPFW-INPUT -d 2001:0010::/28 -j QUEUE");
520-
521- system_print("iptables -F HIPFWOPP-INPUT");
522- system_print("iptables -F HIPFWOPP-OUTPUT");
523- system_print("iptables -X HIPFWOPP-INPUT");
524- system_print("iptables -X HIPFWOPP-OUTPUT");
525- }
526-
527- return err;
528-}
529-
530 /*-------------------HELPER FUNCTIONS---------------------*/
531
532 /**
533@@ -686,7 +632,6 @@
534
535 hip_firewall_cache_delete_hldb(1);
536 hip_port_bindings_uninit();
537- hip_fw_uninit_system_based_opp_mode();
538 hip_fw_flush_iptables();
539 /* rules have to be removed first, otherwise HIP packets won't pass through
540 * at this time any more */
541@@ -1080,61 +1025,9 @@
542 }
543
544 /*
545- * Handle packet capture for outbound HIP packets. The rules are as follows:
546- *
547- * Output:
548- *
549- * - HIP:
550- * 1. default rule checks for hip
551- * 1. filter_hip
552- *
553- * - ESP:
554- * 1. default rule checks for esp
555- * 2. filter_esp
556- *
557- * - TCP:
558- * 1. default rule checks for non-hip
559- * 2.
560- * - destination is hit (userspace ipsec output)
561- * - destination is lsi (lsi output)
562- * - destination not hit or lsi
563- * 1. opp tcp filtering (TBD)
564- *
565- * - Other
566- * - Same as with TCP except no opp tcp filtering
567- *
568- * Input:
569- *
570- * - HIP:
571- * 1. default rule checks for hip
572- * 2. filter_hip
573- *
574- * - ESP:
575- * 1. default rule checks for hip
576- * 2. filter_esp
577- * 3. userspace_ipsec input
578- * 4. lsi input
579- *
580- * - Other:
581- * - Same as with TCP except no opp tcp input
582- *
583- * - TCP:
584- * 1. default rule checks for non-hip
585- * 2. opp tcp input
586- *
587- * Forward:
588- *
589- * - HIP:
590- * 1. None
591- *
592- * - ESP:
593- * 1. None
594- *
595- * - TCP:
596- * 1. Proxy input
597- *
598- * - Other:
599- * 2. Proxy input
600+ * Handle packet capture for outbound HIP packets.
601+ *
602+ * @note hooks HIP message filtering.
603 *
604 * @param ctx packet context
605 *
606@@ -1143,7 +1036,7 @@
607 static int hip_fw_handle_hip_output(struct hip_fw_context *ctx){
608 int verdict = accept_hip_esp_traffic_by_default;
609
610- HIP_DEBUG("hip_fw_handle_hip_output \n");
611+ HIP_DEBUG("\n");
612
613 if (filter_traffic) {
614 verdict = filter_hip(&ctx->src,
615@@ -1162,7 +1055,9 @@
616 }
617
618 /**
619- * Process an ESP packet from the outbound packet queue
620+ * Process an ESP packet from the outbound packet queue.
621+ *
622+ * @note hooks ESP filtering
623 *
624 * @param ctx the packet context
625 *
626@@ -1184,7 +1079,9 @@
627 }
628
629 /**
630- * Process an ESP packet from the outbound packet capture queue
631+ * Process any other packet from the outbound packet capture queue
632+ *
633+ * @note hooks userspace IPsec and LSI
634 *
635 * @param ctx the packet context
636 *
637@@ -1205,14 +1102,11 @@
638 // check if this is a reinjected packet
639 if (def_hit && IN6_ARE_ADDR_EQUAL(&ctx->dst, def_hit)) {
640 // let the packet pass through directly
641- verdict = 1;
642+ verdict = ACCEPT;
643 } else {
644- // distinguish ipsec and data mode here
645- if (hip_userspace_ipsec) {
646- verdict = !hip_fw_userspace_ipsec_output(ctx);
647- }
648+ verdict = !hip_fw_userspace_ipsec_output(ctx);
649 }
650- } else if (ctx->ip_version == 4) {
651+ } else if (ctx->ip_version == 4 && hip_lsi_support) {
652 hip_lsi_t src_lsi, dst_lsi;
653
654 IPV6_TO_IPV4_MAP(&(ctx->src), &src_lsi);
655@@ -1221,15 +1115,12 @@
656 /* LSI HOOKS */
657 if (IS_LSI32(dst_lsi.s_addr) && hip_lsi_support) {
658 if (hip_is_packet_lsi_reinjection(&dst_lsi)) {
659- verdict = 1;
660+ verdict = ACCEPT;
661 } else {
662 hip_fw_handle_outgoing_lsi(ctx->ipq_packet,
663 &src_lsi, &dst_lsi);
664- verdict = 0; /* Reject the packet */
665+ verdict = DROP; /* Reject the packet */
666 }
667- } else if (system_based_opp_mode) {
668- verdict = hip_fw_handle_outgoing_system_based_opp(ctx,
669- accept_normal_traffic_by_default);
670 }
671 }
672
673@@ -1239,22 +1130,10 @@
674 }
675
676 /**
677- * Process a TCP packet from the outbound packet capture queue
678- *
679- * @param ctx the packet context
680- *
681- * @return the verdict (1 for pass and 0 for drop)
682- */
683-static int hip_fw_handle_tcp_output(struct hip_fw_context *ctx)
684-{
685- HIP_DEBUG("\n");
686-
687- return hip_fw_handle_other_output(ctx);
688-}
689-
690-/**
691 * Process a HIP packet from the forward packet capture queue
692 *
693+ * @note hooks middlebox authentication
694+ *
695 * @param ctx the packet context
696 *
697 * @return the verdict (1 for pass and 0 for drop)
698@@ -1274,93 +1153,17 @@
699 return hip_fw_handle_hip_output(ctx);
700 }
701
702-/**
703- * Process an ESP packet from the forward packet capture queue
704- *
705- * @param ctx the packet context
706- *
707- * @return the verdict (1 for pass and 0 for drop)
708- */
709-static int hip_fw_handle_esp_forward(struct hip_fw_context *ctx)
710-{
711- int verdict = accept_hip_esp_traffic_by_default;
712-
713- HIP_DEBUG("\n");
714- if (filter_traffic) {
715- // check if this belongs to one of the connections pass through
716- verdict = filter_esp(ctx);
717- } else {
718- verdict = ACCEPT;
719- }
720-
721- return verdict;
722-}
723-
724-/**
725- * Process a TCP packet from the forward packet capture queue
726- *
727- * @param ctx the packet context, required because of the handler format
728- *
729- * @return the verdict (1 for pass and 0 for drop)
730- */
731-static int hip_fw_handle_tcp_forward(UNUSED struct hip_fw_context *ctx)
732-{
733- HIP_DEBUG("\n");
734-
735- return 0;
736-}
737-
738-/**
739- * Process another (not HIP, ESP, TCP) packet from the inbound packet
740- * capture queue. May result in LSI or SysOPP Transformation.
741- *
742- * @param ctx the packet context
743- *
744- * @return the verdict (1 for pass and 0 for drop)
745- */
746-static int hip_fw_handle_other_input(struct hip_fw_context *ctx)
747-{
748- int verdict = accept_normal_traffic_by_default;
749- int ip_hits = ipv6_addr_is_hit(&ctx->src) &&
750- ipv6_addr_is_hit(&ctx->dst);
751-
752- HIP_DEBUG("\n");
753-
754- if (ip_hits) {
755- if (hip_lsi_support || system_based_opp_mode) {
756- verdict = hip_fw_handle_incoming_hit(ctx->ipq_packet,
757- &ctx->src,
758- &ctx->dst,
759- hip_lsi_support);
760- }
761- }
762-
763- /* No need to check default rules as it is handled by the
764- * iptables rules */
765- return verdict;
766-}
767-
768-/**
769- * Process a HIP packet from the input packet capture queue
770- *
771- * @param ctx the packet context
772- *
773- * @return the verdict (1 for pass and 0 for drop)
774- */
775-static int hip_fw_handle_hip_input(struct hip_fw_context *ctx)
776-{
777- int verdict = accept_hip_esp_traffic_by_default;
778-
779- HIP_DEBUG("hip_fw_handle_hip_input()\n");
780-
781- verdict = hip_fw_handle_hip_output(ctx);
782-
783- return verdict;
784-}
785+/* hip_fw_handle_esp_forward is the same as hip_fw_handle_esp_output */
786+
787+/* no need for hip_fw_handle_other_forward */
788+
789+/* hip_fw_handle_hip_input is the same as hip_fw_handle_hip_output */
790
791 /**
792 * Process an ESP packet from the inbound packet capture queue
793 *
794+ * @note hooks ESP filtering and userspace IPsec
795+ *
796 * @param ctx the packet context
797 *
798 * @return the verdict (1 for pass and 0 for drop)
799@@ -1379,8 +1182,6 @@
800 }
801
802 if (verdict && hip_userspace_ipsec) {
803- HIP_DEBUG("userspace ipsec input\n");
804- // added by Tao Wan
805 verdict = !hip_fw_userspace_ipsec_input(ctx);
806 }
807
808@@ -1388,26 +1189,32 @@
809 }
810
811 /**
812- * Process a TCP packet from the inbound packet capture queue
813+ * Process any other packet from the inbound packet capture queue.
814+ *
815+ * @note hooks LSI
816 *
817 * @param ctx the packet context
818 *
819 * @return the verdict (1 for pass and 0 for drop)
820 */
821-static int hip_fw_handle_tcp_input(struct hip_fw_context *ctx)
822+static int hip_fw_handle_other_input(struct hip_fw_context *ctx)
823 {
824 int verdict = accept_normal_traffic_by_default;
825
826 HIP_DEBUG("\n");
827
828- // any incoming plain TCP packet might be an opportunistic I1
829- HIP_DEBUG_HIT("hit src", &ctx->src);
830- HIP_DEBUG_HIT("hit dst", &ctx->dst);
831-
832- // as we should never receive TCP with HITs, this will only apply
833- // to IPv4 TCP
834- verdict = hip_fw_handle_other_input(ctx);
835-
836+ if (ipv6_addr_is_hit(&ctx->src) &&
837+ ipv6_addr_is_hit(&ctx->dst) &&
838+ hip_lsi_support) {
839+
840+ verdict = hip_fw_handle_incoming_hit(ctx->ipq_packet,
841+ &ctx->src,
842+ &ctx->dst,
843+ hip_lsi_support);
844+ }
845+
846+ /* No need to check default rules as it is handled by the
847+ * iptables rules */
848 return verdict;
849 }
850
851@@ -1429,20 +1236,16 @@
852
853 // funtion pointers for the respective packet handlers
854 fw_handlers[NF_IP_LOCAL_IN][OTHER_PACKET] = hip_fw_handle_other_input;
855- fw_handlers[NF_IP_LOCAL_IN][HIP_PACKET] = hip_fw_handle_hip_input;
856+ fw_handlers[NF_IP_LOCAL_IN][HIP_PACKET] = hip_fw_handle_hip_output;
857 fw_handlers[NF_IP_LOCAL_IN][ESP_PACKET] = hip_fw_handle_esp_input;
858- fw_handlers[NF_IP_LOCAL_IN][TCP_PACKET] = hip_fw_handle_tcp_input;
859
860 fw_handlers[NF_IP_LOCAL_OUT][OTHER_PACKET] = hip_fw_handle_other_output;
861 fw_handlers[NF_IP_LOCAL_OUT][HIP_PACKET] = hip_fw_handle_hip_output;
862 fw_handlers[NF_IP_LOCAL_OUT][ESP_PACKET] = hip_fw_handle_esp_output;
863- fw_handlers[NF_IP_LOCAL_OUT][TCP_PACKET] = hip_fw_handle_tcp_output;
864
865 //apply rules for forwarded hip and esp traffic
866 fw_handlers[NF_IP_FORWARD][HIP_PACKET] = hip_fw_handle_hip_forward;
867- fw_handlers[NF_IP_FORWARD][ESP_PACKET] = hip_fw_handle_esp_forward;
868- //do not drop those files by default
869- fw_handlers[NF_IP_FORWARD][TCP_PACKET] = hip_fw_handle_tcp_forward;
870+ fw_handlers[NF_IP_FORWARD][ESP_PACKET] = hip_fw_handle_esp_output;
871
872 HIP_DEBUG("Enabling forwarding for IPv4 and IPv6\n");
873 system_print("echo 1 >/proc/sys/net/ipv4/conf/all/forwarding");
874@@ -1483,7 +1286,6 @@
875 * Currently supported types: type
876 * - plain HIP control packet 1
877 * - ESP packet 2
878- * - TCP packet 3 (for opportunistic TCP handshake)
879 *
880 * Unsupported types -> type 0
881 *
882@@ -1496,7 +1298,7 @@
883 const unsigned char *buf,
884 const int ip_version)
885 {
886- int ip_hdr_len, err = 0;
887+ int err = 0;
888 // length of packet starting at udp header
889 uint16_t udp_len = 0;
890 struct udphdr *udphdr = NULL;
891@@ -1529,10 +1331,9 @@
892 /* ip_hl is given in multiple of 4 bytes
893 *
894 * NOTE: not sizeof(struct ip) as we might have options */
895- ip_hdr_len = (iphdr->ip_hl * 4);
896- // needed for opportunistic TCP
897- ctx->ip_hdr_len = ip_hdr_len;
898- HIP_DEBUG("ip_hdr_len is: %d\n", ip_hdr_len);
899+ ctx->ip_hdr_len = (iphdr->ip_hl * 4);
900+
901+ HIP_DEBUG("ip_hdr_len is: %d\n", ctx->ip_hdr_len);
902 HIP_DEBUG("total length: %u\n", ntohs(iphdr->ip_len));
903 HIP_DEBUG("ttl: %u\n", iphdr->ip_ttl);
904 HIP_DEBUG("packet length (ipq): %u\n", ctx->ipq_packet->data_len);
905@@ -1553,7 +1354,7 @@
906
907 ctx->packet_type = HIP_PACKET;
908 ctx->transport_hdr.hip = (struct hip_common *)
909- (((char *) iphdr) + ip_hdr_len);
910+ (((char *) iphdr) + ctx->ip_hdr_len);
911
912 goto end_init;
913 } else if (iphdr->ip_p == IPPROTO_ESP) {
914@@ -1562,19 +1363,7 @@
915
916 ctx->packet_type = ESP_PACKET;
917 ctx->transport_hdr.esp = (struct hip_esp *)
918- (((char *) iphdr) + ip_hdr_len);
919-
920- goto end_init;
921- } else if (iphdr->ip_p == IPPROTO_TCP) {
922- // this might be a TCP packet for opportunistic mode
923- HIP_DEBUG("plain TCP packet\n");
924-
925- ctx->packet_type = TCP_PACKET;
926- ctx->transport_hdr.tcp = (struct tcphdr*)
927- (((char *) iphdr) + ip_hdr_len);
928-
929- HIP_DEBUG("src port: %u\n", ntohs(ctx->transport_hdr.tcp->source));
930- HIP_DEBUG("dst port: %u\n", ntohs(ctx->transport_hdr.tcp->dest));
931+ (((char *) iphdr) + ctx->ip_hdr_len);
932
933 goto end_init;
934 } else if (iphdr->ip_p != IPPROTO_UDP) {
935@@ -1587,7 +1376,7 @@
936 // need UDP header to look for encapsulated ESP
937 udp_len = ntohs(iphdr->ip_len);
938 udphdr = ((struct udphdr *)
939- (((char *) iphdr) + ip_hdr_len));
940+ (((char *) iphdr) + ctx->ip_hdr_len));
941
942 // add UDP header to context
943 ctx->udp_encap_hdr = udphdr;
944@@ -1597,10 +1386,8 @@
945 ctx->ip_hdr.ipv6 = ip6_hdr;
946
947 // Ipv6 has fixed header length
948- ip_hdr_len = sizeof(struct ip6_hdr);
949- // needed for opportunistic TCP
950- ctx->ip_hdr_len = ip_hdr_len;
951- HIP_DEBUG("ip_hdr_len is: %d\n", ip_hdr_len);
952+ ctx->ip_hdr_len = sizeof(struct ip6_hdr);
953+ HIP_DEBUG("ip_hdr_len is: %d\n", ctx->ip_hdr_len);
954 HIP_DEBUG("payload length: %u\n", ntohs(ip6_hdr->ip6_plen));
955 HIP_DEBUG("ttl: %u\n", ip6_hdr->ip6_hlim);
956 HIP_DEBUG("packet length (ipq): %u\n", ctx->ipq_packet->data_len);
957@@ -1634,18 +1421,6 @@
958 (((char *) ip6_hdr) + sizeof(struct ip6_hdr));
959
960 goto end_init;
961- } else if (ip6_hdr->ip6_nxt == IPPROTO_TCP) {
962- // this might be a TCP packet for opportunistic mode
963- HIP_DEBUG("plain TCP packet\n");
964-
965- ctx->packet_type = TCP_PACKET;
966- ctx->transport_hdr.tcp = (struct tcphdr*)
967- (((char *) ip6_hdr) + sizeof(struct ip6_hdr));
968-
969- HIP_DEBUG("src port: %u\n", ntohs(ctx->transport_hdr.tcp->source));
970- HIP_DEBUG("dst port: %u\n", ntohs(ctx->transport_hdr.tcp->dest));
971-
972- goto end_init;
973 } else if (ip6_hdr->ip6_nxt != IPPROTO_UDP) {
974 // if it's not UDP either, it's unsupported
975 HIP_DEBUG("some other packet\n");
976@@ -1663,7 +1438,7 @@
977 * -> handle this */
978 udp_len = ntohs(ip6_hdr->ip6_plen);
979 udphdr = ((struct udphdr *)
980- (((char *) ip6_hdr) + ip_hdr_len));
981+ (((char *) ip6_hdr) + ctx->ip_hdr_len));
982
983 // add udp header to context
984 ctx->udp_encap_hdr = udphdr;
985@@ -1988,7 +1763,7 @@
986
987 hip_set_logdebug(LOGDEBUG_ALL);
988
989- while ((ch = getopt(argc, argv, "aAbcdef:FhHiIklmopvV")) != -1) {
990+ while ((ch = getopt(argc, argv, "aAbcdef:FhHiIklmpvV")) != -1) {
991 switch (ch) {
992 case 'A':
993 accept_hip_esp_traffic_by_default = 1;
994@@ -2037,9 +1812,6 @@
995 use_midauth = 1;
996 break;
997 #endif
998- case 'o':
999- system_based_opp_mode = 1;
1000- break;
1001 case 'p':
1002 limit_capabilities = 1;
1003 break;
1004@@ -2111,7 +1883,7 @@
1005 "connecting socket failed\n");
1006
1007 /* Starting hipfw does not always work when hipfw starts first -miika */
1008- if (hip_userspace_ipsec || hip_lsi_support || system_based_opp_mode) {
1009+ if (hip_userspace_ipsec || hip_lsi_support) {
1010 hip_fw_wait_for_hipd();
1011 }
1012
1013
1014=== modified file 'firewall/firewall_control.c'
1015--- firewall/firewall_control.c 2010-11-30 14:50:30 +0000
1016+++ firewall/firewall_control.c 2011-01-10 18:30:13 +0000
1017@@ -49,7 +49,6 @@
1018 #include "firewall.h"
1019 #include "user_ipsec_fw_msg.h"
1020 #include "firewall_control.h"
1021-#include "sysopp.h"
1022
1023 /**
1024 * Change the state of hadb state cache in the firewall
1025@@ -131,11 +130,6 @@
1026 HIP_IFEL(handle_sa_flush_all_request(), -1,
1027 "hip userspace sadb flush all did NOT succeed\n");
1028 break;
1029- case HIP_MSG_GET_PEER_HIT:
1030- if (system_based_opp_mode) {
1031- err = hip_fw_sys_opp_set_peer_hit(msg);
1032- }
1033- break;
1034 case HIP_MSG_TURN_INFO:
1035 break;
1036 case HIP_MSG_RESET_FIREWALL_DB:
1037
1038=== removed file 'firewall/sysopp.c'
1039--- firewall/sysopp.c 2011-01-04 14:10:46 +0000
1040+++ firewall/sysopp.c 1970-01-01 00:00:00 +0000
1041@@ -1,226 +0,0 @@
1042-/*
1043- * Copyright (c) 2010 Aalto University and RWTH Aachen University.
1044- *
1045- * Permission is hereby granted, free of charge, to any person
1046- * obtaining a copy of this software and associated documentation
1047- * files (the "Software"), to deal in the Software without
1048- * restriction, including without limitation the rights to use,
1049- * copy, modify, merge, publish, distribute, sublicense, and/or sell
1050- * copies of the Software, and to permit persons to whom the
1051- * Software is furnished to do so, subject to the following
1052- * conditions:
1053- *
1054- * The above copyright notice and this permission notice shall be
1055- * included in all copies or substantial portions of the Software.
1056- *
1057- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
1058- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
1059- * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
1060- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
1061- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
1062- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
1063- * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
1064- * OTHER DEALINGS IN THE SOFTWARE.
1065- */
1066-
1067-/**
1068- * @file
1069- * System-based opportunistic mode for HIP. In contrast to the library-based
1070- * opportunistic mode, this code hooks by iptables instead of LD_PRELOAD.
1071- * See the following papers for more information:
1072- *
1073- * - <a href="http://hipl.hiit.fi/hipl/thesis_teresa_finez.pdf">T. Finez,
1074- * Backwards Compatibility Experimentation with Host Identity Protocol
1075- * and Legacy Software and Networks , final project, December 2008</a>
1076- * - <a href="http://www.iki.fi/miika/docs/ccnc09.pdf">
1077- * Miika Komu and Janne Lindqvist, Leap-of-Faith Security is Enough
1078- * for IP Mobility, 6th Annual IEEE Consumer
1079- * Communications & Networking Conference IEEE CCNC 2009, Las Vegas,
1080- * Nevada, January 2009</a>
1081- *
1082- * @brief System-based opportunistic mode for HIP
1083- * @author Teresa Finez
1084- * @author Miika Komu <miika@iki.fi>
1085- */
1086-
1087-#define _BSD_SOURCE
1088-
1089-#include <arpa/inet.h>
1090-#include <sys/socket.h>
1091-
1092-#include "lib/core/builder.h"
1093-#include "lib/core/hostid.h"
1094-#include "lib/core/ife.h"
1095-#include "lib/core/message.h"
1096-#include "lib/core/prefix.h"
1097-#include "cache.h"
1098-#include "firewall.h"
1099-#include "helpers.h"
1100-#include "lsi.h"
1101-#include "sysopp.h"
1102-
1103-/**
1104- * flush iptables rules for system-based opportunistic mode
1105- */
1106-void hip_fw_flush_system_based_opp_chains(void)
1107-{
1108- system_print("iptables -F HIPFWOPP-INPUT");
1109- system_print("iptables -F HIPFWOPP-OUTPUT");
1110-}
1111-
1112-/**
1113- * Ask hipd to contact a peer in opportunistic mode
1114- *
1115- * @param peer_ip IP address of the peer
1116- * @param local_hit local HIT to use
1117- *
1118- */
1119-static int hip_fw_trigger_opportunistic_bex(const struct in6_addr *peer_ip,
1120- const struct in6_addr *local_hit)
1121-{
1122- struct hip_common *msg = NULL;
1123- int err = 0;
1124-
1125- HIP_IFE(!(msg = hip_msg_alloc()), -1);
1126-
1127- /* build the message header */
1128- HIP_IFEL(hip_build_user_hdr(msg, HIP_MSG_GET_PEER_HIT, 0),
1129- -1, "build hdr failed\n");
1130-
1131- HIP_IFEL(hip_build_param_contents(msg, local_hit,
1132- HIP_PARAM_HIT_LOCAL,
1133- sizeof(struct in6_addr)),
1134- -1, "build param HIP_PARAM_HIT failed\n");
1135-
1136- HIP_IFEL(hip_build_param_contents(msg, peer_ip,
1137- HIP_PARAM_IPV6_ADDR_PEER,
1138- sizeof(struct in6_addr)),
1139- -1, "build param HIP_PARAM_IPV6_ADDR failed\n");
1140-
1141- /* this message has to be delivered with the async socket because
1142- * opportunistic mode responds asynchronously */
1143- HIP_IFEL(hip_send_recv_daemon_info(msg, 1, hip_fw_async_sock),
1144- -1, "send msg failed\n");
1145-
1146-out_err:
1147- free(msg);
1148- return err;
1149-}
1150-
1151-/**
1152- * Add a by-pass rule to skip opportunistic processing for a peer
1153- * that was found non-HIP capable. Offers a significant speed up.
1154- *
1155- * @param ctx the packet context
1156- * @param verdict the verdict to assign for the packet
1157- */
1158-static void hip_fw_add_non_hip_peer(const struct hip_fw_context *ctx,
1159- const int verdict)
1160-{
1161- char command[64];
1162- char addr_str[INET_ADDRSTRLEN];
1163- struct in_addr addr_v4;
1164-
1165- IPV6_TO_IPV4_MAP(&ctx->dst, &addr_v4);
1166-
1167- if (!inet_ntop(AF_INET, &addr_v4, addr_str,
1168- sizeof(struct sockaddr_in))) {
1169- HIP_ERROR("inet_ntop() failed\n");
1170- return;
1171- }
1172-
1173- HIP_DEBUG("Adding rule for non-hip-capable peer: %s\n", addr_str);
1174-
1175- snprintf(command, sizeof(command),
1176- "iptables -I HIPFWOPP-INPUT -s %s -j %s",
1177- addr_str, verdict ? "ACCEPT" : "DROP");
1178- system_print(command);
1179-
1180- snprintf(command, sizeof(command),
1181- "iptables -I HIPFWOPP-OUTPUT -d %s -j %s",
1182- addr_str, verdict ? "ACCEPT" : "DROP");
1183- system_print(command);
1184-
1185- /* The cache entry is no longer necessary. Let's free it. */
1186- hip_firewall_cache_db_del_entry(&ctx->src, &ctx->dst, FW_CACHE_IP);
1187-}
1188-
1189-/**
1190- * Checks if the outgoing packet has already ESTABLISHED
1191- * the Base Exchange with the peer host. In case the BEX
1192- * is not done, it triggers it. Otherwise, it looks up
1193- * in the local database the necessary information for
1194- * doing the packet reinjection with HITs.
1195- *
1196- * @param *ctx the contect of the packet
1197- * @param default_verdict default verdict for the packet
1198- * @return the verdict for the packet
1199- */
1200-int hip_fw_handle_outgoing_system_based_opp(const struct hip_fw_context *ctx,
1201- const int default_verdict)
1202-{
1203- struct hip_hadb_user_info_state *entry_peer = NULL;
1204- int verdict;
1205-
1206- HIP_DEBUG("\n");
1207-
1208- if (hip_firewall_cache_db_match(&ctx->dst, &ctx->src, FW_CACHE_IP, 0)) {
1209- /* Peer is src and we are dst on an outgoing packet. */
1210- HIP_DEBUG("Packet is reinjection.\n");
1211- return 1;
1212- }
1213-
1214- entry_peer = hip_firewall_cache_db_match(&ctx->src, &ctx->dst,
1215- FW_CACHE_IP, 1);
1216-
1217- if (entry_peer) {
1218- if (entry_peer->state == HIP_STATE_ESTABLISHED &&
1219- !ipv6_addr_cmp(hip_fw_get_default_hit(), &entry_peer->hit_our)) {
1220- hip_reinject_packet(&entry_peer->hit_our, &entry_peer->hit_peer,
1221- ctx->ipq_packet, 4, 0);
1222- verdict = 0;
1223- } else if (entry_peer->state == HIP_STATE_FAILED) {
1224- hip_fw_add_non_hip_peer(ctx, default_verdict);
1225- verdict = default_verdict;
1226- } else {
1227- verdict = 0;
1228- }
1229- } else {
1230- HIP_DEBUG("Initiate bex at firewall\n");
1231- hip_fw_trigger_opportunistic_bex(&ctx->dst, hip_fw_get_default_hit());
1232- verdict = 0;
1233- }
1234-
1235- return verdict;
1236-}
1237-
1238-/**
1239- * based on the parameters in a message, assign the HITs and IP addresses
1240- * to a given firewall entry
1241- *
1242- * @param msg the message containing HITs and IP addresses
1243- * @return zero on success or negative on error
1244- */
1245-int hip_fw_sys_opp_set_peer_hit(const struct hip_common *msg)
1246-{
1247- int err = 0, state;
1248- const hip_hit_t *local_hit, *peer_hit;
1249- const struct in6_addr *peer_addr;
1250- const struct in6_addr *local_addr;
1251-
1252- local_hit = hip_get_param_contents(msg, HIP_PARAM_HIT_LOCAL);
1253- peer_hit = hip_get_param_contents(msg, HIP_PARAM_HIT_PEER);
1254- local_addr = hip_get_param_contents(msg, HIP_PARAM_IPV6_ADDR_LOCAL);
1255- peer_addr = hip_get_param_contents(msg, HIP_PARAM_IPV6_ADDR_PEER);
1256-
1257- if (peer_hit) {
1258- state = HIP_STATE_ESTABLISHED;
1259- } else {
1260- state = HIP_STATE_FAILED;
1261- }
1262-
1263- hip_firewall_cache_update_entry(local_addr, peer_addr,
1264- local_hit, peer_hit, state);
1265-
1266- return err;
1267-}
1268
1269=== removed file 'firewall/sysopp.h'
1270--- firewall/sysopp.h 2011-01-04 14:10:46 +0000
1271+++ firewall/sysopp.h 1970-01-01 00:00:00 +0000
1272@@ -1,39 +0,0 @@
1273-/*
1274- * Copyright (c) 2010 Aalto University and RWTH Aachen University.
1275- *
1276- * Permission is hereby granted, free of charge, to any person
1277- * obtaining a copy of this software and associated documentation
1278- * files (the "Software"), to deal in the Software without
1279- * restriction, including without limitation the rights to use,
1280- * copy, modify, merge, publish, distribute, sublicense, and/or sell
1281- * copies of the Software, and to permit persons to whom the
1282- * Software is furnished to do so, subject to the following
1283- * conditions:
1284- *
1285- * The above copyright notice and this permission notice shall be
1286- * included in all copies or substantial portions of the Software.
1287- *
1288- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
1289- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
1290- * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
1291- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
1292- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
1293- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
1294- * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
1295- * OTHER DEALINGS IN THE SOFTWARE.
1296- */
1297-
1298-#ifndef HIP_FIREWALL_SYSOPP_H
1299-#define HIP_FIREWALL_SYSOPP_H
1300-
1301-#define _BSD_SOURCE
1302-
1303-#include "lib/core/protodefs.h"
1304-#include "firewall_defines.h"
1305-
1306-int hip_fw_handle_outgoing_system_based_opp(const struct hip_fw_context *ctx,
1307- const int default_verdict);
1308-int hip_fw_sys_opp_set_peer_hit(const struct hip_common *msg);
1309-void hip_fw_flush_system_based_opp_chains(void);
1310-
1311-#endif /* HIP_FIREWALL_SYSOPP_H */
1312
1313=== modified file 'hipd/close.c'
1314--- hipd/close.c 2011-01-09 22:18:11 +0000
1315+++ hipd/close.c 2011-01-10 18:30:13 +0000
1316@@ -54,7 +54,6 @@
1317 #include "hiprelay.h"
1318 #include "input.h"
1319 #include "maintenance.h"
1320-#include "oppipdb.h"
1321 #include "output.h"
1322 #include "user.h"
1323 #include "close.h"
1324@@ -90,11 +89,6 @@
1325 goto out_err;
1326 }
1327
1328-#ifdef CONFIG_HIP_OPPORTUNISTIC
1329- /* Check and remove the IP of the peer from the opp non-HIP database */
1330- hip_oppipdb_delentry(&(entry->peer_addr));
1331-#endif
1332-
1333 if (!(entry->state == HIP_STATE_ESTABLISHED) && delete_ha_info) {
1334 HIP_DEBUG("Not sending CLOSE message, invalid hip state " \
1335 "in current host association. State is %s.\n",
1336@@ -489,11 +483,6 @@
1337
1338 HIP_DEBUG("CLOSED\n");
1339
1340-#ifdef CONFIG_HIP_OPPORTUNISTIC
1341- /* Check and remove the IP of the peer from the opp non-HIP database */
1342- hip_oppipdb_delentry(&ctx->hadb_entry->peer_addr);
1343-#endif
1344-
1345 HIP_IFEL(hip_del_peer_info(&ctx->hadb_entry->hit_our,
1346 &ctx->hadb_entry->hit_peer),
1347 -1, "Deleting peer info failed\n");
1348
1349=== modified file 'hipd/hadb.c'
1350--- hipd/hadb.c 2011-01-10 17:51:29 +0000
1351+++ hipd/hadb.c 2011-01-10 18:30:13 +0000
1352@@ -94,7 +94,6 @@
1353 #include "input.h"
1354 #include "keymat.h"
1355 #include "netdev.h"
1356-#include "oppdb.h"
1357 #include "output.h"
1358 #include "hadb.h"
1359
1360@@ -912,10 +911,6 @@
1361 */
1362 int hip_del_peer_info_entry(struct hip_hadb_state *ha)
1363 {
1364-#ifdef CONFIG_HIP_OPPORTUNISTIC
1365- struct hip_opp_blocking_request *opp_entry = NULL;
1366-#endif
1367-
1368 HIP_LOCK_HA(ha);
1369
1370 /* by now, if everything is according to plans, the refcnt
1371@@ -924,19 +919,8 @@
1372 HIP_DEBUG_HIT("peer HIT", &ha->hit_peer);
1373 hip_delete_hit_sp_pair(&ha->hit_peer, &ha->hit_our, 1);
1374
1375-#ifdef CONFIG_HIP_OPPORTUNISTIC
1376- opp_entry = hip_oppdb_find_by_ip(&ha->peer_addr);
1377-#endif
1378-
1379- /* Delete hadb entry before oppdb entry to avoid a loop */
1380 hip_hadb_delete_state(ha);
1381
1382-#ifdef CONFIG_HIP_OPPORTUNISTIC
1383- if (opp_entry) {
1384- hip_oppdb_entry_clean_up(opp_entry);
1385- }
1386-#endif
1387-
1388 HIP_UNLOCK_HA(ha);
1389
1390 return 0;
1391
1392=== modified file 'hipd/hipd.h'
1393--- hipd/hipd.h 2011-01-07 16:15:14 +0000
1394+++ hipd/hipd.h 2011-01-10 18:30:13 +0000
1395@@ -41,10 +41,6 @@
1396 #define HIP_SELECT_TIMEOUT 1
1397 #define HIP_RETRANSMIT_MAX 5
1398 #define HIP_RETRANSMIT_INTERVAL 1 /* seconds */
1399-#define HIP_OPP_WAIT 5 /* seconds */
1400-#define HIP_OPP_FALLBACK_INTERVAL 1 /* seconds */
1401-#define HIP_OPP_FALLBACK_INIT \
1402- (HIP_OPP_FALLBACK_INTERVAL / HIP_SELECT_TIMEOUT)
1403 /* the interval with which the hadb entries are checked for retransmissions */
1404 #define HIP_RETRANSMIT_INIT \
1405 (HIP_RETRANSMIT_INTERVAL / HIP_SELECT_TIMEOUT)
1406
1407=== modified file 'hipd/init.c'
1408--- hipd/init.c 2011-01-10 17:51:29 +0000
1409+++ hipd/init.c 2011-01-10 18:30:13 +0000
1410@@ -83,8 +83,6 @@
1411 #include "nat.h"
1412 #include "netdev.h"
1413 #include "nsupdate.h"
1414-#include "oppdb.h"
1415-#include "oppipdb.h"
1416 #include "output.h"
1417 #include "pkt_handling.h"
1418 #include "registration.h"
1419@@ -952,10 +950,6 @@
1420
1421 lmod_uninit_packet_types();
1422
1423-#ifdef CONFIG_HIP_OPPORTUNISTIC
1424- hip_oppdb_uninit();
1425-#endif
1426-
1427 #ifdef CONFIG_HIP_RVS
1428 HIP_INFO("Uninitializing RVS / HIP relay database and whitelist.\n");
1429 hip_relay_uninit();
1430@@ -1113,22 +1107,12 @@
1431 signal(SIGTERM, hip_close);
1432 signal(SIGCHLD, hip_sig_chld);
1433
1434-#ifdef CONFIG_HIP_OPPORTUNISTIC
1435- HIP_IFEL(hip_init_oppip_db(), -1,
1436- "Cannot initialize opportunistic mode IP database for " \
1437- "non HIP capable hosts!\n");
1438-#endif
1439 HIP_IFEL((hip_init_cipher() < 0), 1, "Unable to init ciphers.\n");
1440
1441 HIP_IFE(init_random_seed(), -1);
1442
1443 hip_init_hadb();
1444
1445-#ifdef CONFIG_HIP_OPPORTUNISTIC
1446- hip_init_opp_db();
1447-#endif
1448-
1449-
1450 /* Resolve our current addresses, afterwards the events from kernel
1451 * will maintain the list This needs to be done before opening
1452 * NETLINK_ROUTE! See the comment about address_count global var. */
1453
1454=== modified file 'hipd/input.c'
1455--- hipd/input.c 2011-01-10 17:51:29 +0000
1456+++ hipd/input.c 2011-01-10 18:30:13 +0000
1457@@ -83,8 +83,6 @@
1458 #include "keymat.h"
1459 #include "maintenance.h"
1460 #include "netdev.h"
1461-#include "oppdb.h"
1462-#include "oppipdb.h"
1463 #include "output.h"
1464 #include "pisa.h"
1465 #include "pkt_handling.h"
1466@@ -495,6 +493,62 @@
1467 }
1468
1469 /**
1470+ * fetch an hadb entry corresponding to a pseudo HIT
1471+ *
1472+ * @param init_hit the local HIT of the Initiator
1473+ * @param resp_addr the remote IP address of the Responder from
1474+ * which to calculate the pseudo HIT
1475+ * @return a host association or NULL if not found
1476+ */
1477+static struct hip_hadb_state *hip_opp_get_hadb_entry(const hip_hit_t * const init_hit,
1478+ const struct in6_addr * const resp_addr)
1479+{
1480+ struct hip_hadb_state *entry_tmp = NULL;
1481+ hip_hit_t phit;
1482+ int err = 0;
1483+
1484+ HIP_DEBUG_HIT("resp_addr=", resp_addr);
1485+ HIP_IFEL(hip_opportunistic_ipv6_to_hit(resp_addr, &phit,
1486+ HIP_HIT_TYPE_HASH100), -1,
1487+ "hip_opportunistic_ipv6_to_hit failed\n");
1488+
1489+ HIP_ASSERT(hit_is_opportunistic_hit(&phit));
1490+
1491+ entry_tmp = hip_hadb_find_byhits(init_hit, &phit);
1492+
1493+out_err:
1494+ return entry_tmp;
1495+}
1496+
1497+/**
1498+ * find a host association based on I1 or R1 message
1499+ *
1500+ * @param msg the I1 or R2 message
1501+ * @param src_addr the source address of the message
1502+ * @return the host association or NULL if not found
1503+ */
1504+static struct hip_hadb_state *hip_opp_get_hadb_entry_i1_r1(struct hip_common *msg,
1505+ const struct in6_addr * const src_addr)
1506+{
1507+ hip_hdr type = hip_get_msg_type(msg);
1508+ struct hip_hadb_state *entry = NULL;
1509+
1510+ if (type == HIP_I1) {
1511+ if (!ipv6_addr_is_null(&msg->hitr)) {
1512+ goto out_err;
1513+ }
1514+ hip_get_default_hit(&msg->hitr);
1515+ } else if (type == HIP_R1) {
1516+ entry = hip_opp_get_hadb_entry(&msg->hitr, src_addr);
1517+ } else {
1518+ HIP_ASSERT(0);
1519+ }
1520+
1521+out_err:
1522+ return entry;
1523+}
1524+
1525+/**
1526 * Decides what action to take for an incoming HIP control packet.
1527 *
1528 * @param *ctx Pointer to the packet context, containing all
1529@@ -557,11 +611,9 @@
1530 }
1531
1532 #ifdef CONFIG_HIP_OPPORTUNISTIC
1533- if (!ctx->hadb_entry &&
1534- (type == HIP_I1 || type == HIP_R1)) {
1535- ctx->hadb_entry =
1536- hip_oppdb_get_hadb_entry_i1_r1(ctx->input_msg,
1537- &ctx->src_addr);
1538+ if (!ctx->hadb_entry && (type == HIP_I1 || type == HIP_R1)) {
1539+ ctx->hadb_entry = hip_opp_get_hadb_entry_i1_r1(ctx->input_msg,
1540+ &ctx->src_addr);
1541 }
1542 #endif
1543
1544@@ -676,6 +728,61 @@
1545 }
1546
1547 /**
1548+ * Process an incoming R1 packet for an opportunistic connection
1549+ *
1550+ * @param ctx the packet context
1551+ * @return zero on success or negative on failure
1552+ */
1553+static int hip_handle_opp_r1(struct hip_packet_context *ctx)
1554+{
1555+ struct hip_hadb_state *opp_entry = NULL;
1556+ hip_hit_t phit;
1557+ int err = 0;
1558+
1559+ opp_entry = ctx->hadb_entry;
1560+
1561+ HIP_DEBUG_HIT("peer hit", &ctx->input_msg->hits);
1562+ HIP_DEBUG_HIT("local hit", &ctx->input_msg->hitr);
1563+
1564+ HIP_IFEL(hip_hadb_add_peer_info_complete(&ctx->input_msg->hitr,
1565+ &ctx->input_msg->hits,
1566+ NULL,
1567+ &ctx->dst_addr,
1568+ &ctx->src_addr,
1569+ NULL),
1570+ -1, "Failed to insert peer map\n");
1571+
1572+ HIP_IFEL(!(ctx->hadb_entry = hip_hadb_find_byhits(&ctx->input_msg->hits,
1573+ &ctx->input_msg->hitr)),
1574+ -1, "Did not find opp entry\n");
1575+
1576+ HIP_IFEL(hip_init_us(ctx->hadb_entry, &ctx->input_msg->hitr),
1577+ -1, "hip_init_us failed\n");
1578+ /* old HA has state 2, new HA has state 1, so copy it */
1579+ ctx->hadb_entry->state = opp_entry->state;
1580+ /* For service registration routines */
1581+ ctx->hadb_entry->local_controls = opp_entry->local_controls;
1582+ ctx->hadb_entry->peer_controls = opp_entry->peer_controls;
1583+
1584+ if (hip_replace_pending_requests(opp_entry, ctx->hadb_entry) == -1) {
1585+ HIP_DEBUG("RVS: Error moving the pending requests to a new HA");
1586+ }
1587+
1588+ HIP_DEBUG_HIT("peer hit", &ctx->input_msg->hits);
1589+ HIP_DEBUG_HIT("local hit", &ctx->input_msg->hitr);
1590+
1591+ HIP_IFEL(hip_opportunistic_ipv6_to_hit(&ctx->src_addr, &phit,
1592+ HIP_HIT_TYPE_HASH100),
1593+ -1, "pseudo hit conversion failed\n");
1594+
1595+ hip_del_peer_info_entry(opp_entry);
1596+
1597+out_err:
1598+
1599+ return err;
1600+}
1601+
1602+/**
1603 * Check a received R1 control packet.
1604 *
1605 * @param packet_type The packet type of the control message (RFC 5201, 5.3.)
1606@@ -709,8 +816,6 @@
1607 "Dropping.\n");
1608
1609 #ifdef CONFIG_HIP_OPPORTUNISTIC
1610- /* Check and remove the IP of the peer from the opp non-HIP database */
1611- hip_oppipdb_delentry(&ctx->hadb_entry->peer_addr);
1612 /* Replace the opportunistic entry with one using the peer HIT
1613 * before further operations */
1614 if (hit_is_opportunistic_hit(&ctx->hadb_entry->hit_peer)) {
1615@@ -1134,10 +1239,6 @@
1616 ctx->hadb_entry->state = HIP_STATE_ESTABLISHED;
1617 hip_hadb_insert_state(ctx->hadb_entry);
1618
1619-#ifdef CONFIG_HIP_OPPORTUNISTIC
1620- /* Check and remove the IP of the peer from the opp non-HIP database */
1621- hip_oppipdb_delentry(&(ctx->hadb_entry->peer_addr));
1622-#endif
1623 HIP_INFO("Reached ESTABLISHED state\n");
1624 HIP_INFO("Handshake completed\n");
1625
1626
1627=== modified file 'hipd/maintenance.c'
1628--- hipd/maintenance.c 2011-01-03 19:36:44 +0000
1629+++ hipd/maintenance.c 2011-01-10 18:30:13 +0000
1630@@ -60,7 +60,6 @@
1631 #include "hidb.h"
1632 #include "hipd.h"
1633 #include "init.h"
1634-#include "oppdb.h"
1635 #include "output.h"
1636 #include "maintenance.h"
1637
1638@@ -74,7 +73,6 @@
1639 int hip_firewall_sock_lsi_fd = -1;
1640
1641 float retrans_counter = HIP_RETRANSMIT_INIT;
1642-float opp_fallback_counter = HIP_OPP_FALLBACK_INIT;
1643 float precreate_counter = HIP_R1_PRECREATE_INIT;
1644 float queue_counter = QUEUE_CHECK_INIT;
1645 int force_exit_counter = FORCE_EXIT_COUNTER_START;
1646@@ -152,26 +150,6 @@
1647 return err;
1648 }
1649
1650-#ifdef CONFIG_HIP_OPPORTUNISTIC
1651-/**
1652- * scan for opportunistic connections that should time out
1653- * and give up (fall back to normal TCP/IP)
1654- *
1655- * @return zero on success or negative on failure
1656- */
1657-static int hip_scan_opp_fallback(void)
1658-{
1659- int err = 0;
1660- time_t current_time;
1661- time(&current_time);
1662-
1663- HIP_IFEL(hip_for_each_opp(hip_handle_opp_fallback, &current_time), 0,
1664- "for_each_ha err.\n");
1665-out_err:
1666- return err;
1667-}
1668-#endif
1669-
1670 /**
1671 * deliver pending retransmissions for all host associations
1672 *
1673@@ -306,17 +284,6 @@
1674 retrans_counter--;
1675 }
1676
1677-#ifdef CONFIG_HIP_OPPORTUNISTIC
1678-
1679- if (opp_fallback_counter < 0) {
1680- HIP_IFEL(hip_scan_opp_fallback(), -1,
1681- "retransmission scan failed\n");
1682- opp_fallback_counter = HIP_OPP_FALLBACK_INIT;
1683- } else {
1684- opp_fallback_counter--;
1685- }
1686-#endif
1687-
1688 if (precreate_counter < 0) {
1689 HIP_IFEL(hip_recreate_all_precreated_r1_packets(), -1,
1690 "Failed to recreate puzzles\n");
1691@@ -366,7 +333,7 @@
1692
1693 /**
1694 * Update firewall on host association state. Currently used by the
1695- * LSI and system-based opportunistic mode in the firewall.
1696+ * LSI mode in the firewall.
1697 *
1698 * @param action HIP_MSG_FW_UPDATE_DB or HIP_MSG_FW_BEX_DONE
1699 * @param hit_s optional source HIT
1700
1701=== removed file 'hipd/oppdb.c'
1702--- hipd/oppdb.c 2011-01-09 22:18:11 +0000
1703+++ hipd/oppdb.c 1970-01-01 00:00:00 +0000
1704@@ -1,739 +0,0 @@
1705-/*
1706- * Copyright (c) 2010 Aalto University and RWTH Aachen University.
1707- *
1708- * Permission is hereby granted, free of charge, to any person
1709- * obtaining a copy of this software and associated documentation
1710- * files (the "Software"), to deal in the Software without
1711- * restriction, including without limitation the rights to use,
1712- * copy, modify, merge, publish, distribute, sublicense, and/or sell
1713- * copies of the Software, and to permit persons to whom the
1714- * Software is furnished to do so, subject to the following
1715- * conditions:
1716- *
1717- * The above copyright notice and this permission notice shall be
1718- * included in all copies or substantial portions of the Software.
1719- *
1720- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
1721- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
1722- * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
1723- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
1724- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
1725- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
1726- * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
1727- * OTHER DEALINGS IN THE SOFTWARE.
1728- */
1729-
1730-/**
1731- * @file
1732- * Opportunistic mode databases for lib/opphip and HIP registration. The system-based
1733- * opportunistic mode in the firewall uses also this functionality to trigger an
1734- * opportunistic base base exchange. See the following publication on the details:
1735- *
1736- * <a href="http://www.iki.fi/miika/docs/ccnc09.pdf">
1737- * Miika Komu and Janne Lindqvist, Leap-of-Faith Security is Enough
1738- * for IP Mobility, 6th Annual IEEE Consumer
1739- * Communications & Networking Conference IEEE CCNC 2009, Las Vegas,
1740- * Nevada, January 2009</a>
1741- *
1742- * The pseudo HIT is mentioned on multiple places in this file. When hipd sends
1743- * the opportunistic I1, the destination HIT is NULL. For this reason, we don't
1744- * know the Responder HIT until receiving the R2. During this unawareness period,
1745- * we use a "pseudo HIT" to denote the Responder. It is calculated by extracting
1746- * part of the IP address of the Responder and prefixing it with HIT prefix and some
1747- * additional zeroes. Once the R1 received, the opportunistic database entry can
1748- * be removed and the pseudo HIT becomes unnecessary. Consequtive opportunistic
1749- * mode connections with the same Responder are cached and the pseudo HIT is not needed.
1750- *
1751- * The opportunistic mode supports also "fallback" which occurs with
1752- * peers that do not support HIP. When the peer does not support HIP,
1753- * hipd notices it after a certain time out in maintenance.c loop
1754- * because there was no R1 response. The handlers in this function
1755- * then send a "reject" message to the blocked opportunistic library
1756- * process which means that it should proceed without HIP. Consequtive
1757- * rejects are faster because they are cached.
1758- *
1759- * @author Bing Zhou <bingzhou@cc.hut.fi>
1760- */
1761-
1762-#include <errno.h>
1763-#include <stdlib.h>
1764-#include <string.h>
1765-#include <time.h>
1766-#include <arpa/inet.h>
1767-#include <netinet/in.h>
1768-#include <openssl/lhash.h>
1769-
1770-#include "lib/core/builder.h"
1771-#include "lib/core/common.h"
1772-#include "lib/core/debug.h"
1773-#include "lib/core/hit.h"
1774-#include "lib/core/ife.h"
1775-#include "lib/core/list.h"
1776-#include "lib/core/prefix.h"
1777-#include "lib/core/protodefs.h"
1778-#include "config.h"
1779-#include "accessor.h"
1780-#include "hadb.h"
1781-#include "hidb.h"
1782-#include "hipd.h"
1783-#include "netdev.h"
1784-#include "oppipdb.h"
1785-#include "output.h"
1786-#include "registration.h"
1787-#include "user.h"
1788-#include "oppdb.h"
1789-
1790-
1791-#define HIP_LOCK_OPP_INIT(entry)
1792-#define HIP_UNLOCK_OPP_INIT(entry)
1793-#define HIP_LOCK_OPP(entry)
1794-#define HIP_UNLOCK_OPP(entry)
1795-#define HIP_OPPDB_SIZE 533
1796-
1797-struct hip_opp_info {
1798- hip_hit_t local_hit;
1799- hip_hit_t real_peer_hit;
1800- hip_hit_t pseudo_peer_hit;
1801- struct in6_addr local_addr;
1802- struct in6_addr peer_addr;
1803-};
1804-
1805-HIP_HASHTABLE *oppdb;
1806-
1807-/**
1808- * hashing function for the hashtable implementation
1809- *
1810- * @param ptr a pointer to a hip_opp_blocking_request structure
1811- * @return the calculated hash
1812- */
1813-static unsigned long hip_oppdb_hash_hit(const void *ptr)
1814-{
1815- const struct hip_opp_blocking_request *entry = ptr;
1816- uint8_t hash[HIP_AH_SHA_LEN];
1817-
1818- hip_build_digest(HIP_DIGEST_SHA1, &entry->peer_phit,
1819- sizeof(hip_hit_t) + sizeof(struct sockaddr_in6),
1820- hash);
1821-
1822- return *((unsigned long *) hash);
1823-}
1824-
1825-/**
1826- * matching function for the hashtable implementation
1827- *
1828- * Note that when this function is called, the hashes of the two hash table
1829- * entries provided as arguments are known to be equal.
1830- * The point of this function is to allow the hash table to determine whether
1831- * the entries (or rather the part used to calculate the hash) themselves are
1832- * equal or whether they are different and this is just a hash collision.
1833- *
1834- * @param ptr1 a pointer to a hip_opp_block structure
1835- * @param ptr2 a pointer to a hip_opp_block structure
1836- * @return zero on match or non-zero otherwise
1837- */
1838-static int hip_oppdb_match_hit(const void *ptr1, const void *ptr2)
1839-{
1840- const struct hip_opp_blocking_request *b1 = ptr1;
1841- const struct hip_opp_blocking_request *b2 = ptr2;
1842- return memcmp(&b1->peer_phit, &b2->peer_phit, sizeof(hip_hit_t) + sizeof(struct sockaddr_in6));
1843-}
1844-
1845-/**
1846- * delete an opportunistic database entry
1847- *
1848- * @param entry the entry to be deleted
1849- */
1850-static void hip_oppdb_del_entry_by_entry(struct hip_opp_blocking_request *entry)
1851-{
1852- struct hip_opp_blocking_request *deleted;
1853-
1854- HIP_LOCK_OPP(entry);
1855- deleted = hip_ht_delete(oppdb, entry);
1856- HIP_UNLOCK_OPP(entry);
1857- free(deleted);
1858-}
1859-
1860-/**
1861- * expire an opportunistic connection
1862- *
1863- * @param opp_entry the entry to be expired
1864- * @return zero on success or negative on error
1865- */
1866-int hip_oppdb_entry_clean_up(struct hip_opp_blocking_request *opp_entry)
1867-{
1868- int err = 0;
1869-
1870- /** @todo this does not support multiple multiple opp
1871- connections: a better solution might be trash collection */
1872-
1873- HIP_ASSERT(opp_entry);
1874- hip_del_peer_info(&opp_entry->peer_phit,
1875- &opp_entry->our_real_hit);
1876- hip_oppdb_del_entry_by_entry(opp_entry);
1877- return err;
1878-}
1879-
1880-/**
1881- * a for-each iterator function for the opportunistic database
1882- *
1883- * @param func a callback iterator function
1884- * @param opaque an extra parameter to be passed to the callback
1885- * @return zero on success and non-zero on error
1886- */
1887-int hip_for_each_opp(int (*func)(struct hip_opp_blocking_request *entry,
1888- void *opaq),
1889- void *opaque)
1890-{
1891- int i = 0, fail = 0;
1892- struct hip_opp_blocking_request *this;
1893- LHASH_NODE *item, *tmp;
1894-
1895- if (!func) {
1896- return -EINVAL;
1897- }
1898-
1899- HIP_LOCK_HT(&opp_db);
1900- list_for_each_safe(item, tmp, oppdb, i)
1901- {
1902- this = list_entry(item);
1903- fail = func(this, opaque);
1904- if (fail) {
1905- goto out_err;
1906- }
1907- }
1908-out_err:
1909- HIP_UNLOCK_HT(&opp_db);
1910- return fail;
1911-}
1912-
1913-/**
1914- * an iterator function for uninitializing the opportunistic database
1915- *
1916- * @param entry the entry to be uninitialized
1917- * @param arg needed because of the iterator signature
1918- * @return zero
1919- */
1920-static int hip_oppdb_uninit_wrap(struct hip_opp_blocking_request *entry,
1921- UNUSED void *arg)
1922-{
1923- hip_oppdb_del_entry_by_entry(entry);
1924- return 0;
1925-}
1926-
1927-/**
1928- * uninitialize the whole opportunistic database
1929- */
1930-void hip_oppdb_uninit(void)
1931-{
1932- hip_for_each_opp(hip_oppdb_uninit_wrap, NULL);
1933- hip_ht_uninit(oppdb);
1934- oppdb = NULL;
1935-}
1936-
1937-/**
1938- * Unblock a caller from the opportunistic library
1939- *
1940- * @param app_id the UDP port of the local library process
1941- * @param opp_info information related to the opportunistic connection
1942- * @return zero on success or negative on failure
1943- */
1944-static int hip_opp_unblock_app(const struct sockaddr_in6 *app_id,
1945- struct hip_opp_info *opp_info)
1946-{
1947- struct hip_common *message = NULL;
1948- int err = 0, n;
1949-
1950- HIP_IFEL((app_id->sin6_port == 0), 0, "Zero port, ignore\n");
1951-
1952- HIP_IFE(!(message = hip_msg_alloc()), -1);
1953- HIP_IFEL(hip_build_user_hdr(message, HIP_MSG_GET_PEER_HIT, 0), -1,
1954- "build user header failed\n");
1955-
1956- if (!opp_info) {
1957- goto skip_hit_addr;
1958- }
1959-
1960- if (!ipv6_addr_any(&opp_info->real_peer_hit)) {
1961- HIP_IFEL(hip_build_param_contents(message, &opp_info->real_peer_hit,
1962- HIP_PARAM_HIT_PEER,
1963- sizeof(hip_hit_t)), -1,
1964- "building peer real hit failed\n");
1965- }
1966-
1967- if (!ipv6_addr_any(&opp_info->local_hit)) {
1968- HIP_IFEL(hip_build_param_contents(message, &opp_info->local_hit,
1969- HIP_PARAM_HIT_LOCAL,
1970- sizeof(hip_hit_t)), -1,
1971- "building local hit failed\n");
1972- }
1973-
1974- if (!ipv6_addr_any(&opp_info->peer_addr)) {
1975- HIP_IFEL(hip_build_param_contents(message, &opp_info->peer_addr,
1976- HIP_PARAM_IPV6_ADDR_PEER,
1977- sizeof(struct in6_addr)), -1,
1978- "building peer addr failed\n");
1979- }
1980-
1981- if (!ipv6_addr_any(&opp_info->local_addr)) {
1982- HIP_IFEL(hip_build_param_contents(message, &opp_info->local_addr,
1983- HIP_PARAM_IPV6_ADDR_LOCAL,
1984- sizeof(struct in6_addr)), -1,
1985- "building local addr failed\n");
1986- }
1987-
1988-skip_hit_addr:
1989-
1990- HIP_DEBUG("Unblocking caller at port %d\n", ntohs(app_id->sin6_port));
1991- n = hip_sendto_user(message, (const struct sockaddr *) app_id);
1992-
1993- if (n < 0) {
1994- HIP_ERROR("hip_sendto_user() failed.\n");
1995- err = -1;
1996- goto out_err;
1997- }
1998-out_err:
1999- free(message);
2000- return err;
2001-}
2002-
2003-/**
2004- * unblock all opportunistic connections with a certain remote host
2005- *
2006- * @param entry the opportunistic mode connection
2007- * @param ptr the pseudo HIT denoting the remote host
2008- * @return zero on success or negative on error
2009- */
2010-static int hip_oppdb_unblock_group(struct hip_opp_blocking_request *entry,
2011- void *ptr)
2012-{
2013- struct hip_opp_info *opp_info = ptr;
2014- int err = 0;
2015-
2016- if (ipv6_addr_cmp(&entry->peer_phit, &opp_info->pseudo_peer_hit) != 0) {
2017- goto out_err;
2018- }
2019-
2020- HIP_IFEL(hip_opp_unblock_app(&entry->caller, opp_info),
2021- 1, "unblock failed\n");
2022-
2023- hip_oppdb_del_entry_by_entry(entry);
2024-
2025-out_err:
2026- return err;
2027-}
2028-
2029-/**
2030- * create a opportunistic mode database entry
2031- *
2032- * @return the created databased entry (caller deallocates)
2033- */
2034-static struct hip_opp_blocking_request *hip_create_opp_block_entry(void)
2035-{
2036- struct hip_opp_blocking_request *entry = NULL;
2037-
2038- entry = calloc(1, sizeof(struct hip_opp_blocking_request));
2039- if (!entry) {
2040- HIP_ERROR("struct hip_opp_blocking_request memory allocation failed.\n");
2041- return NULL;
2042- }
2043-
2044- HIP_LOCK_OPP_INIT(entry);
2045- time(&entry->creation_time);
2046- HIP_UNLOCK_OPP_INIT(entry);
2047-
2048- return entry;
2049-}
2050-
2051-/**
2052- * dump the contents of the database
2053- */
2054-static void hip_oppdb_dump(void)
2055-{
2056- int i;
2057- struct hip_opp_blocking_request *this;
2058- LHASH_NODE *item, *tmp;
2059-
2060- HIP_DEBUG("start oppdb dump\n");
2061- HIP_LOCK_HT(&oppdb);
2062-
2063- list_for_each_safe(item, tmp, oppdb, i)
2064- {
2065- this = list_entry(item);
2066-
2067- HIP_DEBUG_HIT("this->peer_phit",
2068- &this->peer_phit);
2069- HIP_DEBUG_HIT("this->our_real_hit",
2070- &this->our_real_hit);
2071- }
2072-
2073- HIP_UNLOCK_HT(&oppdb);
2074- HIP_DEBUG("end oppdb dump\n");
2075-}
2076-
2077-/**
2078- * add an opportunistic mode connection entry to the database
2079- *
2080- * @param phit_peer the pseudo HIT of peer
2081- * @param hit_our local HIT
2082- * @param ip_peer remote IP address
2083- * @param ip_our local IP address
2084- * @param caller the UDP port of the local library process
2085- * @return zero on success or negative on failure
2086- */
2087-static int hip_oppdb_add_entry(const hip_hit_t *phit_peer,
2088- const hip_hit_t *hit_our,
2089- const struct in6_addr *ip_peer,
2090- const struct in6_addr *ip_our,
2091- const struct sockaddr_in6 *caller)
2092-{
2093- int err = 0;
2094- struct hip_opp_blocking_request *new_item = NULL;
2095-
2096- new_item = hip_create_opp_block_entry();
2097- if (!new_item) {
2098- HIP_ERROR("new_item malloc failed\n");
2099- err = -ENOMEM;
2100- return err;
2101- }
2102-
2103- if (phit_peer) {
2104- ipv6_addr_copy(&new_item->peer_phit, phit_peer);
2105- }
2106- ipv6_addr_copy(&new_item->our_real_hit, hit_our);
2107- if (ip_peer) {
2108- ipv6_addr_copy(&new_item->peer_ip, ip_peer);
2109- }
2110- if (ip_our) {
2111- ipv6_addr_copy(&new_item->our_ip, ip_our);
2112- }
2113- memcpy(&new_item->caller, caller, sizeof(struct sockaddr_in6));
2114-
2115- err = hip_ht_add(oppdb, new_item);
2116- hip_oppdb_dump();
2117-
2118- return err;
2119-}
2120-
2121-/**
2122- * initialize the opportunistic database
2123- */
2124-void hip_init_opp_db(void)
2125-{
2126- oppdb = hip_ht_init(hip_oppdb_hash_hit, hip_oppdb_match_hit);
2127-}
2128-
2129-/**
2130- * fetch an hadb entry corresponding to a pseudo HIT
2131- *
2132- * @param init_hit the local HIT of the Initiator
2133- * @param resp_addr the remote IP address of the Responder from
2134- * which to calculate the pseudo HIT
2135- * @return a host assocition or NULL if not found
2136- */
2137-static struct hip_hadb_state *hip_oppdb_get_hadb_entry(hip_hit_t *init_hit,
2138- struct in6_addr *resp_addr)
2139-{
2140- struct hip_hadb_state *entry_tmp = NULL;
2141- hip_hit_t phit;
2142- int err = 0;
2143-
2144- HIP_DEBUG_HIT("resp_addr=", resp_addr);
2145- HIP_IFEL(hip_opportunistic_ipv6_to_hit(resp_addr, &phit,
2146- HIP_HIT_TYPE_HASH100), -1,
2147- "hip_opportunistic_ipv6_to_hit failed\n");
2148-
2149- HIP_ASSERT(hit_is_opportunistic_hit(&phit));
2150-
2151- entry_tmp = hip_hadb_find_byhits(init_hit, &phit);
2152-
2153-out_err:
2154- return entry_tmp;
2155-}
2156-
2157-/**
2158- * find a host association based on I1 or R1 message
2159- *
2160- * @param msg the I1 or R2 message
2161- * @param src_addr the source address of the message
2162- * @return the host association or NULL if not found
2163- */
2164-struct hip_hadb_state *hip_oppdb_get_hadb_entry_i1_r1(struct hip_common *msg,
2165- struct in6_addr *src_addr)
2166-{
2167- hip_hdr type = hip_get_msg_type(msg);
2168- struct hip_hadb_state *entry = NULL;
2169-
2170- if (type == HIP_I1) {
2171- if (!ipv6_addr_is_null(&msg->hitr)) {
2172- goto out_err;
2173- }
2174- hip_get_default_hit(&msg->hitr);
2175- } else if (type == HIP_R1) {
2176- entry = hip_oppdb_get_hadb_entry(&msg->hitr, src_addr);
2177- } else {
2178- HIP_ASSERT(0);
2179- }
2180-
2181-out_err:
2182- return entry;
2183-}
2184-
2185-/**
2186- * process an incoming R1 packet for an opportunistic connection
2187- *
2188- * @param ctx the packet context
2189- * @return zero on success or negative on failure
2190- */
2191-int hip_handle_opp_r1(struct hip_packet_context *ctx)
2192-{
2193- struct hip_opp_info opp_info;
2194- struct hip_hadb_state *opp_entry;
2195- hip_hit_t phit;
2196- int err = 0;
2197-
2198- opp_entry = ctx->hadb_entry;
2199-
2200- HIP_DEBUG_HIT("peer hit", &ctx->input_msg->hits);
2201- HIP_DEBUG_HIT("local hit", &ctx->input_msg->hitr);
2202-
2203- HIP_IFEL(hip_hadb_add_peer_info_complete(&ctx->input_msg->hitr,
2204- &ctx->input_msg->hits,
2205- NULL,
2206- &ctx->dst_addr,
2207- &ctx->src_addr,
2208- NULL),
2209- -1, "Failed to insert peer map\n");
2210-
2211- HIP_IFEL(!(ctx->hadb_entry = hip_hadb_find_byhits(&ctx->input_msg->hits,
2212- &ctx->input_msg->hitr)),
2213- -1, "Did not find opp entry\n");
2214-
2215- HIP_IFEL(hip_init_us(ctx->hadb_entry, &ctx->input_msg->hitr),
2216- -1, "hip_init_us failed\n");
2217- /* old HA has state 2, new HA has state 1, so copy it */
2218- ctx->hadb_entry->state = opp_entry->state;
2219- /* For service registration routines */
2220- ctx->hadb_entry->local_controls = opp_entry->local_controls;
2221- ctx->hadb_entry->peer_controls = opp_entry->peer_controls;
2222-
2223- if (hip_replace_pending_requests(opp_entry, ctx->hadb_entry) == -1) {
2224- HIP_DEBUG("RVS: Error moving the pending requests to a new HA");
2225- }
2226-
2227- HIP_DEBUG_HIT("peer hit", &ctx->input_msg->hits);
2228- HIP_DEBUG_HIT("local hit", &ctx->input_msg->hitr);
2229-
2230- HIP_IFEL(hip_opportunistic_ipv6_to_hit(&ctx->src_addr, &phit,
2231- HIP_HIT_TYPE_HASH100),
2232- -1, "pseudo hit conversion failed\n");
2233-
2234- ipv6_addr_copy(&opp_info.real_peer_hit, &ctx->input_msg->hits);
2235- ipv6_addr_copy(&opp_info.pseudo_peer_hit, &phit);
2236- ipv6_addr_copy(&opp_info.local_hit, &ctx->input_msg->hitr);
2237- ipv6_addr_copy(&opp_info.local_addr, &ctx->dst_addr);
2238- ipv6_addr_copy(&opp_info.peer_addr, &ctx->src_addr);
2239-
2240- hip_for_each_opp(hip_oppdb_unblock_group, &opp_info);
2241- hip_del_peer_info_entry(opp_entry);
2242-
2243-out_err:
2244-
2245- return err;
2246-}
2247-
2248-/**
2249- * add an entry to the opportunistic mode dabase and host association
2250- * database (with pseudo HIT)
2251- *
2252- * @param dst_ip the remote IP address of the Responder
2253- * @param hit_our the local HIT of the Initiator
2254- * @param caller the UDP port of the local library process
2255- * @return the created host association
2256- */
2257-struct hip_hadb_state *hip_opp_add_map(const struct in6_addr *dst_ip,
2258- const struct in6_addr *hit_our,
2259- const struct sockaddr_in6 *caller)
2260-{
2261- int err = 0;
2262- struct in6_addr opp_hit, src_ip;
2263- struct hip_hadb_state *ha = NULL;
2264- hip_oppip_t *oppip_entry = NULL;
2265-
2266- HIP_DEBUG_IN6ADDR("Peer's IP ", dst_ip);
2267-
2268- HIP_IFEL(hip_select_source_address(&src_ip,
2269- dst_ip), -1,
2270- "Cannot find source address\n");
2271-
2272- HIP_IFEL(hip_opportunistic_ipv6_to_hit(dst_ip, &opp_hit,
2273- HIP_HIT_TYPE_HASH100),
2274- -1, "Opp HIT conversion failed\n");
2275-
2276- HIP_ASSERT(hit_is_opportunistic_hit(&opp_hit));
2277-
2278- HIP_DEBUG_HIT("opportunistic hashed hit", &opp_hit);
2279-
2280- if ((oppip_entry = hip_oppipdb_find_byip(dst_ip))) {
2281- HIP_DEBUG("Old mapping exist \n");
2282-
2283- if ((ha = hip_hadb_find_byhits(hit_our, &opp_hit))) {
2284- goto out_err;
2285- }
2286-
2287- HIP_DEBUG("No entry found. Adding new map.\n");
2288- hip_oppipdb_del_entry_by_entry(oppip_entry, NULL);
2289- }
2290-
2291- /* No previous contact, new host. Let's do the opportunistic magic */
2292-
2293- err = hip_hadb_add_peer_info_complete(hit_our, &opp_hit, NULL, &src_ip, dst_ip, NULL);
2294-
2295- HIP_IFEL(!(ha = hip_hadb_find_byhits(hit_our, &opp_hit)), -1,
2296- "Did not find entry\n");
2297-
2298- /* Override the receiving function */
2299- /* @todo is this function set needed? */
2300- //ha->hadb_rcv_func->hip_receive_r1 = hip_receive_opp_r1;
2301-
2302- HIP_IFEL(hip_oppdb_add_entry(&opp_hit, hit_our, dst_ip, &src_ip,
2303- caller), -1, "Add db failed\n");
2304-
2305-out_err:
2306- return ha;
2307-}
2308-
2309-/**
2310- * check if it is time for an opportunistic connection to
2311- * time out and make it happen when needed
2312- *
2313- * @param entry the database entry for the opportunistic connection
2314- * @param current_time the current time
2315- * @return zero on success or negative on failure
2316- */
2317-int hip_handle_opp_fallback(struct hip_opp_blocking_request *entry,
2318- void *current_time)
2319-{
2320- int err = 0, disable_fallback = 0;
2321- time_t *now = current_time;
2322- struct in6_addr *addr;
2323-
2324- if (!disable_fallback && (*now - HIP_OPP_WAIT > entry->creation_time)) {
2325- struct hip_opp_info info;
2326-
2327- memset(&info, 0, sizeof(info));
2328- ipv6_addr_copy(&info.peer_addr, &entry->peer_ip);
2329-
2330- addr = &entry->peer_ip;
2331- hip_oppipdb_add_entry(addr);
2332- HIP_DEBUG("Timeout for opp entry, falling back to\n");
2333- err = hip_opp_unblock_app(&entry->caller, &info);
2334- HIP_DEBUG("Fallback returned %d\n", err);
2335- err = hip_oppdb_entry_clean_up(entry);
2336- memset(&now, 0, sizeof(now));
2337- }
2338-
2339- return err;
2340-}
2341-
2342-/**
2343- * check if a remote host is not capable of HIP
2344- *
2345- * @param ip_peer: pointer to the ip of the host to check whether
2346- * it is HIP capable or not
2347- * @return pointer to the entry if the remote host does not definitely support HIP or
2348- * NULL if it is potentially HIP capable
2349- */
2350-struct hip_opp_blocking_request *hip_oppdb_find_by_ip(const struct in6_addr *ip_peer)
2351-{
2352- int i = 0;
2353- struct hip_opp_blocking_request *this, *ret = NULL;
2354- LHASH_NODE *item, *tmp;
2355-
2356- if (oppdb == NULL)
2357- return NULL;
2358-
2359- HIP_LOCK_HT(&opp_db);
2360- list_for_each_safe(item, tmp, oppdb, i)
2361- {
2362- this = list_entry(item);
2363- if (ipv6_addr_cmp(&this->peer_ip, ip_peer) == 0) {
2364- HIP_DEBUG("The ip was found in oppdb. Peer non-HIP capable.\n");
2365- ret = this;
2366- break;
2367- }
2368- }
2369-
2370- HIP_UNLOCK_HT(&opp_db);
2371- return ret;
2372-}
2373-
2374-/**
2375- * Trigger opportunistic I1 to obtain the HIT of the Responder.
2376- *
2377- * @param msg contains information on the Responder's IP address
2378- * and the local HIT to use for the connection
2379- * @param src the UDP port number of the calling library process
2380- * @return zero on success or negative on failure
2381- */
2382-int hip_opp_get_peer_hit(struct hip_common *msg,
2383- const struct sockaddr_in6 *src)
2384-{
2385- int err = 0;
2386- struct in6_addr phit, dst_ip, our_hit, our_addr;
2387- const struct in6_addr *ptr;
2388- struct hip_hadb_state *ha;
2389-
2390- ptr = hip_get_param_contents(msg, HIP_PARAM_HIT_LOCAL);
2391- HIP_IFEL(!ptr, -1, "No local hit in msg\n");
2392- memcpy(&our_hit, ptr, sizeof(our_hit));
2393- HIP_DEBUG_HIT("our_hit", &our_hit);
2394-
2395- ptr = hip_get_param_contents(msg, HIP_PARAM_IPV6_ADDR_PEER);
2396- HIP_IFEL(!ptr, -1, "No peer ip in msg\n");
2397- memcpy(&dst_ip, ptr, sizeof(dst_ip));
2398- HIP_DEBUG_HIT("dst_ip", &dst_ip);
2399-
2400- HIP_IFEL(hip_select_source_address(&our_addr, &dst_ip),
2401- -1, "Cannot find source address\n");
2402-
2403- /* Check if we've previously contacted the host and found it
2404- * non-HIP capable*/
2405- if (hip_oppipdb_find_byip(&dst_ip)) {
2406- hip_msg_init(msg);
2407- /* A message without peer HIT indicates a non-HIP capable peer */
2408- HIP_IFEL(hip_build_user_hdr(msg, HIP_MSG_GET_PEER_HIT, 0), -1,
2409- "Building of user header failed\n");
2410- HIP_IFEL(hip_build_param_contents(msg,
2411- &dst_ip,
2412- HIP_PARAM_IPV6_ADDR_PEER,
2413- sizeof(struct in6_addr)),
2414- -1, "build param HIP_PARAM_HIT failed: %s\n");
2415- HIP_IFEL((hip_sendto_user(msg, (const struct sockaddr *) src) < 0),
2416- -1, "send to user failed\n");
2417- goto out_err;
2418- }
2419-
2420- /* No previous contact, new host. Let's do the opportunistic magic */
2421-
2422- HIP_IFEL(hip_opportunistic_ipv6_to_hit(&dst_ip, &phit,
2423- HIP_HIT_TYPE_HASH100),
2424- -1, "Opp HIT conversion failed\n");
2425-
2426- HIP_ASSERT(hit_is_opportunistic_hit(&phit));
2427-
2428- HIP_DEBUG_HIT("phit", &phit);
2429-
2430- hip_hadb_add_peer_info_complete(&our_hit, &phit, NULL,
2431- &our_addr, &dst_ip, NULL);
2432-
2433- HIP_IFEL(!(ha = hip_hadb_find_byhits(&our_hit, &phit)),
2434- -1, "Did not find hadb entry\n");
2435-
2436- HIP_IFEL(hip_oppdb_add_entry(&phit, &our_hit, &dst_ip, NULL, src),
2437- -1, "Add to oppdb failed\n");
2438-
2439- HIP_IFEL(hip_send_i1(&our_hit, &phit, ha), -1, "sending of I1 failed\n");
2440-
2441-out_err:
2442- return err;
2443-}
2444
2445=== removed file 'hipd/oppdb.h'
2446--- hipd/oppdb.h 2011-01-04 17:21:26 +0000
2447+++ hipd/oppdb.h 1970-01-01 00:00:00 +0000
2448@@ -1,77 +0,0 @@
2449-/*
2450- * Copyright (c) 2010 Aalto University and RWTH Aachen University.
2451- *
2452- * Permission is hereby granted, free of charge, to any person
2453- * obtaining a copy of this software and associated documentation
2454- * files (the "Software"), to deal in the Software without
2455- * restriction, including without limitation the rights to use,
2456- * copy, modify, merge, publish, distribute, sublicense, and/or sell
2457- * copies of the Software, and to permit persons to whom the
2458- * Software is furnished to do so, subject to the following
2459- * conditions:
2460- *
2461- * The above copyright notice and this permission notice shall be
2462- * included in all copies or substantial portions of the Software.
2463- *
2464- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
2465- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
2466- * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
2467- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
2468- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
2469- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
2470- * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
2471- * OTHER DEALINGS IN THE SOFTWARE.
2472- */
2473-
2474-/**
2475- * @file
2476- * @author Bing Zhou <bingzhou@cc.hut.fi>
2477- */
2478-
2479-#ifndef HIP_HIPD_OPPDB_H
2480-#define HIP_HIPD_OPPDB_H
2481-
2482-#include <stdint.h>
2483-#include <netinet/in.h>
2484-
2485-#include "lib/core/protodefs.h"
2486-#include "lib/core/state.h"
2487-
2488-
2489-struct hip_opp_blocking_request {
2490- hip_hit_t peer_phit;
2491- struct sockaddr_in6 caller;
2492- hip_hit_t our_real_hit;
2493-
2494- time_t creation_time;
2495- struct in6_addr peer_ip;
2496- struct in6_addr our_ip;
2497- uint8_t proxy_flag; //0: normal connection, 1: connection through proxy
2498-};
2499-
2500-void hip_init_opp_db(void);
2501-int hip_handle_opp_fallback(struct hip_opp_blocking_request *entry,
2502- void *current_time);
2503-struct hip_opp_blocking_request *hip_oppdb_find_byhits(const hip_hit_t *phit,
2504- struct sockaddr_in6 *src);
2505-struct hip_opp_blocking_request *hip_oppdb_find_by_ip(const struct in6_addr *ip_peer);
2506-struct hip_hadb_state *hip_get_opp_hadb_entry(hip_hit_t *resp_hit,
2507- struct in6_addr *resp_addr);
2508-int hip_oppdb_del_entry(const hip_hit_t *phit, const struct sockaddr_in6 *src);
2509-void hip_oppdb_uninit(void);
2510-int hip_oppdb_entry_clean_up(struct hip_opp_blocking_request *opp_entry);
2511-
2512-struct hip_hadb_state *hip_opp_add_map(const struct in6_addr *dst_ip,
2513- const struct in6_addr *hit_our,
2514- const struct sockaddr_in6 *caller);
2515-
2516-struct hip_hadb_state *hip_oppdb_get_hadb_entry_i1_r1(struct hip_common *msg,
2517- struct in6_addr *src_addr);
2518-int hip_handle_opp_r1(struct hip_packet_context *ctx);
2519-int hip_for_each_opp(int (*func)(struct hip_opp_blocking_request *entry,
2520- void *opaq),
2521- void *opaque);
2522-int hip_opp_get_peer_hit(struct hip_common *msg,
2523- const struct sockaddr_in6 *src);
2524-
2525-#endif /* HIP_HIPD_OPPDB_H */
2526
2527=== removed file 'hipd/oppipdb.c'
2528--- hipd/oppipdb.c 2011-01-09 22:18:11 +0000
2529+++ hipd/oppipdb.c 1970-01-01 00:00:00 +0000
2530@@ -1,231 +0,0 @@
2531-/*
2532- * Copyright (c) 2010 Aalto University and RWTH Aachen University.
2533- *
2534- * Permission is hereby granted, free of charge, to any person
2535- * obtaining a copy of this software and associated documentation
2536- * files (the "Software"), to deal in the Software without
2537- * restriction, including without limitation the rights to use,
2538- * copy, modify, merge, publish, distribute, sublicense, and/or sell
2539- * copies of the Software, and to permit persons to whom the
2540- * Software is furnished to do so, subject to the following
2541- * conditions:
2542- *
2543- * The above copyright notice and this permission notice shall be
2544- * included in all copies or substantial portions of the Software.
2545- *
2546- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
2547- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
2548- * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
2549- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
2550- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
2551- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
2552- * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
2553- * OTHER DEALINGS IN THE SOFTWARE.
2554- */
2555-
2556-/**
2557- * @file
2558- * This file defines handling functions for opportunistic mode to remember
2559- * IP's which are not HIP capable. This means faster communication in second
2560- * connection attempts to these hosts. Otherwise it would always take the same
2561- * fallback timeout (about 5 secs) to make new connection to hosts which don't
2562- * support HIP.
2563- *
2564- * @author Antti Partanen
2565- * @author Alberto Garcia
2566- */
2567-
2568-#include <errno.h>
2569-#include <stdint.h>
2570-#include <stdlib.h>
2571-#include <string.h>
2572-
2573-#include "lib/core/builder.h"
2574-#include "lib/core/common.h"
2575-#include "lib/core/debug.h"
2576-#include "lib/core/list.h"
2577-#include "lib/core/prefix.h"
2578-#include "oppipdb.h"
2579-
2580-#define HIP_LOCK_OPPIP(entry)
2581-#define HIP_UNLOCK_OPPIP(entry)
2582-
2583-HIP_HASHTABLE *oppipdb;
2584-
2585-/**
2586- * Generates the hash information that is used to index the table
2587- *
2588- * @param ptr: pointer to the ip address used to make the hash
2589- *
2590- * @return hash information
2591- */
2592-static unsigned long hip_oppipdb_hash_ip(const void *ptr)
2593-{
2594- uint8_t hash[HIP_AH_SHA_LEN];
2595-
2596- hip_build_digest(HIP_DIGEST_SHA1, ptr, sizeof(hip_oppip_t), hash);
2597-
2598- return *((unsigned long *) hash);
2599-}
2600-
2601-/**
2602- * Compares two ip addresses.
2603- *
2604- * Note that when this function is called, the hashes of the two hash table
2605- * entries provided as arguments are known to be equal.
2606- * The point of this function is to allow the hash table to determine whether
2607- * the entries (or rather the part used to calculate the hash) themselves are
2608- * equal or whether they are different and this is just a hash collision.
2609- *
2610- * @param ptr1: pointer to the first ip address to compare
2611- * @param ptr2: pointer to the second ip address to compare
2612- *
2613- * @return 0 if the ips are identical, 1 if they are different
2614- */
2615-static int hip_oppipdb_match_ip(const void *ptr1, const void *ptr2)
2616-{
2617- return memcmp(ptr1, ptr2, sizeof(hip_oppip_t));
2618-}
2619-
2620-/**
2621- * Map a function to every entry in the oppipdb hash table
2622- *
2623- * @param func mapper function to apply to all entries
2624- * @param opaque opaque data for the mapper function
2625- *
2626- * @return negative value if an error occurs. If an error occurs during traversal of
2627- * the oppipdb hash table, then the traversal is stopped and function returns.
2628- * Returns the last return value of applying the mapper function to the last
2629- * element in the hash table.
2630- */
2631-int hip_for_each_oppip(void (*func)(hip_oppip_t *entry, void *opaq), void *opaque)
2632-{
2633- int i = 0;
2634- hip_oppip_t *this;
2635- LHASH_NODE *item, *tmp;
2636-
2637- if (!func) {
2638- return -EINVAL;
2639- }
2640-
2641- HIP_LOCK_HT(&oppipdb);
2642- list_for_each_safe(item, tmp, oppipdb, i)
2643- {
2644- this = list_entry(item);
2645- func(this, opaque);
2646- }
2647-
2648- HIP_UNLOCK_HT(&oppipdb);
2649- return 0;
2650-}
2651-
2652-/**
2653- * Deletes an entry that is present in oppipdb hash table
2654- *
2655- * @param entry pointer to the entry to delete
2656- * @param arg needed because of the the iterator signature
2657- */
2658-void hip_oppipdb_del_entry_by_entry(hip_oppip_t *entry, UNUSED void *arg)
2659-{
2660- HIP_LOCK_OPPIP(entry);
2661- hip_ht_delete(oppipdb, entry);
2662- HIP_UNLOCK_OPPIP(entry);
2663- free(entry);
2664-}
2665-
2666-/**
2667- * Allocates and initilizes the node to store the information
2668- * in the oppipdb hash table
2669- *
2670- * @return pointer to the allocated structure
2671- */
2672-static hip_oppip_t *hip_create_oppip_entry(void)
2673-{
2674- hip_oppip_t *entry = NULL;
2675-
2676- entry = calloc(1, sizeof(hip_oppip_t));
2677- if (!entry) {
2678- HIP_ERROR("hip_oppip_t memory allocation failed.\n");
2679- return NULL;
2680- }
2681-
2682- return entry;
2683-}
2684-
2685-/**
2686- * Adds a new entry to the oppipdb hash table.
2687- * This table stores the ip addresses of the hosts that are not HIP capable.
2688- *
2689- * @param ip_peer: pointer to the ip of the non-HIP capable host
2690- * to be added to the table
2691- * @return 0 or the value being added on success; -ENOMEM on malloc failure
2692- */
2693-int hip_oppipdb_add_entry(const struct in6_addr *ip_peer)
2694-{
2695- int err = 0;
2696- hip_oppip_t *new_item = NULL;
2697-
2698- new_item = hip_create_oppip_entry();
2699- if (!new_item) {
2700- HIP_ERROR("new_item malloc failed\n");
2701- err = -ENOMEM;
2702- return err;
2703- }
2704-
2705- ipv6_addr_copy(new_item, ip_peer);
2706-
2707- err = hip_ht_add(oppipdb, new_item);
2708-
2709- return err;
2710-}
2711-
2712-/**
2713- * Creates and initializes the oppipdb hash table
2714- *
2715- * @return 0 on success
2716- */
2717-int hip_init_oppip_db(void)
2718-{
2719- oppipdb = hip_ht_init(hip_oppipdb_hash_ip, hip_oppipdb_match_ip);
2720- return 0;
2721-}
2722-
2723-/**
2724- * Seeks an ip within the oppipdb hash table.
2725- * If the ip is found in the table, that host is not HIP capable.
2726- *
2727- * @param ip_peer: pointer to the ip of the host to check whether
2728- * it is HIP capable
2729- * @return pointer to the entry if the ip is found in the table; NULL otherwise
2730- */
2731-hip_oppip_t *hip_oppipdb_find_byip(const struct in6_addr *ip_peer)
2732-{
2733- hip_oppip_t *ret = NULL;
2734-
2735- ret = hip_ht_find(oppipdb, ip_peer);
2736- if (!ret) {
2737- HIP_DEBUG("The ip was not present in oppipdb. Peer HIP capable.\n");
2738- } else {
2739- HIP_DEBUG("The ip was found in oppipdb. Peer non-HIP capable.\n");
2740- }
2741-
2742- return ret;
2743-}
2744-
2745-/**
2746- * This function should be called after receiving an R1 from the peer and after
2747- * a successful base exchange in the opportunistic mode. It checks whether an
2748- * address of a HIP capable host is found from database. If the address is
2749- * found, it is deleted from the database; since the host is actually HIP capable.
2750- *
2751- * @param ip_peer: pointer to the ip of the HIP-capable host
2752- */
2753-void hip_oppipdb_delentry(const struct in6_addr *ip_peer)
2754-{
2755- hip_oppip_t *ret;
2756-
2757- if ((ret = hip_oppipdb_find_byip(ip_peer))) {
2758- HIP_DEBUG_IN6ADDR("HIP capable host found in oppipbd (non-HIP hosts database). Deleting it from oppipdb.", ip_peer);
2759- hip_oppipdb_del_entry_by_entry(ret, NULL);
2760- }
2761-}
2762
2763=== removed file 'hipd/oppipdb.h'
2764--- hipd/oppipdb.h 2010-10-15 15:29:14 +0000
2765+++ hipd/oppipdb.h 1970-01-01 00:00:00 +0000
2766@@ -1,48 +0,0 @@
2767-/*
2768- * Copyright (c) 2010 Aalto University and RWTH Aachen University.
2769- *
2770- * Permission is hereby granted, free of charge, to any person
2771- * obtaining a copy of this software and associated documentation
2772- * files (the "Software"), to deal in the Software without
2773- * restriction, including without limitation the rights to use,
2774- * copy, modify, merge, publish, distribute, sublicense, and/or sell
2775- * copies of the Software, and to permit persons to whom the
2776- * Software is furnished to do so, subject to the following
2777- * conditions:
2778- *
2779- * The above copyright notice and this permission notice shall be
2780- * included in all copies or substantial portions of the Software.
2781- *
2782- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
2783- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
2784- * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
2785- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
2786- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
2787- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
2788- * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
2789- * OTHER DEALINGS IN THE SOFTWARE.
2790- */
2791-
2792-/**
2793- * @file
2794- * @author Antti Partanen
2795- * @author Alberto Garcia
2796- */
2797-
2798-#ifndef HIP_HIPD_OPPIPDB_H
2799-#define HIP_HIPD_OPPIPDB_H
2800-
2801-#include <netinet/in.h>
2802-
2803-
2804-typedef struct in6_addr hip_oppip_t;
2805-
2806-int hip_for_each_oppip(void (*func)(hip_oppip_t *entry, void *opaq), void *opaque);
2807-void hip_oppipdb_del_entry_by_entry(hip_oppip_t *entry, void *arg);
2808-int hip_oppipdb_add_entry(const struct in6_addr *ip_peer);
2809-int hip_init_oppip_db(void);
2810-hip_oppip_t *hip_oppipdb_find_byip(const struct in6_addr *ip_peer);
2811-void hip_oppipdb_delentry(const struct in6_addr *ip_peer);
2812-void hip_oppipdb_uninit(void);
2813-
2814-#endif /* HIP_HIPD_OPPIPDB_H */
2815
2816=== modified file 'hipd/output.c'
2817--- hipd/output.c 2011-01-10 17:51:29 +0000
2818+++ hipd/output.c 2011-01-10 18:30:13 +0000
2819@@ -85,7 +85,6 @@
2820 *
2821 * @param i1 a pointer to a i1 packet common header with source and
2822 * destination HITs.
2823- * @param dst_hit destination HIT (used only for the opportunistic TCP extension)
2824 * @param local_addr a pointer to our IPv6 or IPv4-in-IPv6 format IPv4 address.
2825 * If local_addr is NULL, the packet is sent from all addresses.
2826 * @param peer_addr a pointer to peer IPv6 or IPv4-in-IPv6 format IPv4 address.
2827@@ -93,10 +92,8 @@
2828 * @param dst_port not used.
2829 * @param entry a pointer to the current host association database state.
2830 * @return zero on success, or negative error value on error.
2831- * @todo remove the dst_hit parameter? test with the opportunistic TCP extension
2832 */
2833 static int hip_send_i1_pkt(struct hip_common *i1,
2834- UNUSED const hip_hit_t *dst_hit,
2835 struct in6_addr *local_addr,
2836 struct in6_addr *peer_addr,
2837 in_port_t src_port,
2838@@ -204,7 +201,6 @@
2839
2840 local_addr = &entry->our_addr;
2841 err = hip_send_i1_pkt(i1,
2842- dst_hit,
2843 local_addr,
2844 &peer_addr,
2845 entry->local_udp_port,
2846@@ -219,7 +215,6 @@
2847 ipv6_addr_copy(&peer_addr, &addr->address);
2848
2849 err = hip_send_i1_pkt(i1,
2850- dst_hit,
2851 NULL,
2852 &peer_addr,
2853 entry->local_udp_port,
2854
2855=== modified file 'hipd/user.c'
2856--- hipd/user.c 2011-01-04 19:22:24 +0000
2857+++ hipd/user.c 2011-01-10 18:30:13 +0000
2858@@ -86,7 +86,6 @@
2859 #include "nat.h"
2860 #include "netdev.h"
2861 #include "nsupdate.h"
2862-#include "oppdb.h"
2863 #include "output.h"
2864 #include "registration.h"
2865 #include "user.h"
2866@@ -253,6 +252,10 @@
2867 int err = 0, msg_type = 0, reti = 0;
2868 int access_ok = 0, is_root = 0;
2869 const struct hip_tlv_common *param = NULL;
2870+#ifdef CONFIG_HIP_OPPORTUNISTIC
2871+ struct in6_addr opp_hit, src_ip;
2872+ struct in6_addr hit_local;
2873+#endif
2874
2875 HIP_ASSERT(src->sin6_family == AF_INET6);
2876 HIP_DEBUG("User message from port %d\n", htons(src->sin6_port));
2877@@ -366,11 +369,6 @@
2878 dst_hit = hip_get_param_contents(msg, HIP_PARAM_HIT);
2879 hip_dec_cookie_difficulty();
2880 break;
2881-#ifdef CONFIG_HIP_OPPORTUNISTIC
2882- case HIP_MSG_GET_PEER_HIT:
2883- err = hip_opp_get_peer_hit(msg, src);
2884- break;
2885-#endif
2886 case HIP_MSG_CERT_SPKI_VERIFY:
2887 {
2888 HIP_DEBUG("Got an request to verify SPKI cert\n");
2889@@ -434,9 +432,6 @@
2890 struct sockaddr_in6 sock_addr6;
2891 struct sockaddr_in sock_addr;
2892 struct in6_addr server_addr, hitr;
2893-#ifdef CONFIG_HIP_OPPORTUNISTIC
2894- struct in6_addr *hit_local;
2895-#endif
2896
2897 /* Get RVS IP address, HIT and requested lifetime given as
2898 * commandline parameters to hipconf. */
2899@@ -490,7 +485,7 @@
2900 HIP_IFEL(hip_hadb_add_peer_info(dst_hit, dst_ip,
2901 NULL, NULL),
2902 -1, "Error on adding server " \
2903- "HIT to IP address mapping to the hadb.\n");
2904+ "HIT to IP address mapping to the hadb.\n");
2905
2906 /* Fetch the hadb entry just created. */
2907 entry = hip_hadb_try_to_find_by_peer_hit(dst_hit);
2908@@ -504,12 +499,39 @@
2909 }
2910 #ifdef CONFIG_HIP_OPPORTUNISTIC
2911 else {
2912- hit_local = malloc(sizeof(struct in6_addr));
2913- HIP_IFEL(hip_get_default_hit(hit_local), -1,
2914+ HIP_IFEL(hip_get_default_hit(&hit_local), -1,
2915 "Error retrieving default HIT \n");
2916- entry = hip_opp_add_map(dst_ip, hit_local, src);
2917+
2918+ HIP_IFEL(hip_opportunistic_ipv6_to_hit(dst_ip,
2919+ &opp_hit,
2920+ HIP_HIT_TYPE_HASH100),
2921+ -1,
2922+ "Opportunistic HIT conversion failed\n");
2923+
2924+ HIP_ASSERT(hit_is_opportunistic_hit(&opp_hit));
2925+
2926+ HIP_DEBUG_HIT("Opportunistic HIT", &opp_hit);
2927+
2928+ HIP_IFEL(hip_select_source_address(&src_ip,
2929+ dst_ip),
2930+ -1,
2931+ "Cannot find source address\n");
2932+
2933+ HIP_IFEL(hip_hadb_add_peer_info_complete(&hit_local,
2934+ &opp_hit,
2935+ NULL,
2936+ &src_ip,
2937+ dst_ip,
2938+ NULL),
2939+ -1,
2940+ "failed to add peer information to hadb\n");
2941+
2942+ HIP_IFEL(!(entry = hip_hadb_find_byhits(&hit_local, &opp_hit)),
2943+ -1,
2944+ "Did not find entry\n");
2945 }
2946 #endif
2947+
2948 reg_types = reg_req->reg_type;
2949 type_count = hip_get_param_contents_len(reg_req) -
2950 sizeof(reg_req->lifetime);
2951
2952=== modified file 'lib/core/builder.c'
2953--- lib/core/builder.c 2011-01-10 18:06:59 +0000
2954+++ lib/core/builder.c 2011-01-10 18:30:13 +0000
2955@@ -1120,7 +1120,6 @@
2956 case HIP_MSG_CONF_PUZZLE_SET: return "HIP_MSG_CONF_PUZZLE_SET";
2957 case HIP_MSG_CONF_PUZZLE_INC: return "HIP_MSG_CONF_PUZZLE_INC";
2958 case HIP_MSG_CONF_PUZZLE_DEC: return "HIP_MSG_CONF_PUZZLE_DEC";
2959- case HIP_MSG_SET_OPPORTUNISTIC_MODE: return "HIP_MSG_SET_OPPORTUNISTIC_MODE";
2960 case HIP_MSG_SET_DEBUG_ALL: return "HIP_MSG_SET_DEBUG_ALL";
2961 case HIP_MSG_SET_DEBUG_MEDIUM: return "HIP_MSG_SET_DEBUG_MEDIUM";
2962 case HIP_MSG_SET_DEBUG_NONE: return "HIP_MSG_SET_DEBUG_NONE";
2963@@ -1132,9 +1131,6 @@
2964 case HIP_MSG_HIT_TO_IP_ON: return "HIP_MSG_HIT_TO_IP_ON";
2965 case HIP_MSG_HIT_TO_IP_OFF: return "HIP_MSG_HIT_TO_IP_OFF";
2966 case HIP_MSG_HIT_TO_IP_SET: return "HIP_MSG_HIT_TO_IP_SET";
2967- case HIP_MSG_SET_OPPTCP_ON: return "HIP_MSG_SET_OPPTCP_ON";
2968- case HIP_MSG_SET_OPPTCP_OFF: return "HIP_MSG_SET_OPPTCP_OFF";
2969- case HIP_MSG_OPPTCP_SEND_TCP_PACKET: return "HIP_MSG_OPPTCP_SEND_TCP_PACKET";
2970 case HIP_MSG_TRANSFORM_ORDER: return "HIP_MSG_TRANSFORM_ORDER";
2971 case HIP_MSG_OFFER_RVS: return "HIP_MSG_OFFER_RVS";
2972 case HIP_MSG_CANCEL_RVS: return "HIP_MSG_CANCEL_RVS";
2973
2974=== modified file 'lib/core/conf.c'
2975--- lib/core/conf.c 2011-01-09 22:18:11 +0000
2976+++ lib/core/conf.c 2011-01-10 18:30:13 +0000
2977@@ -155,7 +155,7 @@
2978 /* free slot */
2979 #define TYPE_PUZZLE 6
2980 #define TYPE_NAT 7
2981-#define TYPE_OPP EXEC_LOADLIB_OPP /* Should be 8 */
2982+/* unused, was TYPE_OPP 8 */
2983 /* unused, was TYPE_BLIND 9 */
2984 #define TYPE_SERVICE 10
2985 #define TYPE_CONFIG 11
2986@@ -168,7 +168,7 @@
2987 #define TYPE_DAEMON 19
2988 #define TYPE_LOCATOR 20
2989 /* free slots */
2990-#define TYPE_OPPTCP 23
2991+/* unused, was TYPE_OPPTCP 23 */
2992 #define TYPE_ORDER 24
2993 /* free slots */
2994 #define TYPE_HEARTBEAT 27
2995@@ -219,9 +219,6 @@
2996 "Client side:\n"
2997 "\tadd server rvs|relay|full-relay [HIT] <IP|hostname> <lifetime in seconds>\n"
2998 "\tdel server rvs|relay|full-relay [HIT] <IP|hostname>\n"
2999-#ifdef CONFIG_HIP_OPPORTUNISTIC
3000- "set opp normal|advanced|none\n"
3001-#endif
3002 "heartbeat <seconds> (0 seconds means off)\n"
3003 "get ha all|HIT\n"
3004 "locator on|off|get\n"
3005@@ -700,11 +697,6 @@
3006 } else if ((!strcmp("mode", text)) && (strcmp("handover", argv[1]) == 0)) {
3007 ret = TYPE_HANDOVER;
3008 }
3009-#ifdef CONFIG_HIP_OPPORTUNISTIC
3010- else if (!strcmp("opp", text)) {
3011- ret = TYPE_OPP;
3012- }
3013-#endif
3014 else if (!strcmp("order", text)) {
3015 ret = TYPE_ORDER;
3016 } else if (strcmp("heartbeat", argv[1]) == 0) {
3017@@ -867,7 +859,7 @@
3018 hip_hit_t hit;
3019 struct in6_addr ipv6;
3020 int err = 0, seconds = 0, i = 0, number_of_regtypes = 0, reg_type = 0;
3021- int index_of_hit = 0, index_of_ip = 0, opp_mode = 0;;
3022+ int index_of_hit = 0, index_of_ip = 0, opp_mode = 0;
3023 uint8_t lifetime = 0, *reg_types = NULL;
3024 time_t seconds_from_lifetime = 0;
3025
3026@@ -1747,66 +1739,6 @@
3027 }
3028
3029 /**
3030- * Handles the hipconf commands where the type is @c opp.
3031- *
3032- * @param msg a pointer to the buffer where the message for kernel will
3033- * be written.
3034- * @param action the numeric action identifier for the action to be performed.
3035- * @param opt an array of pointers to the command line arguments after
3036- * the action and type.
3037- * @param optc the number of elements in the array.
3038- * @param send_only currently unused
3039- * @return zero on success, or negative error value on error.
3040- */
3041-static int hip_conf_handle_opp(struct hip_common *msg,
3042- int action,
3043- const char *opt[],
3044- int optc,
3045- UNUSED int send_only)
3046-{
3047- unsigned int oppmode = 0;
3048- int err = 0;
3049-
3050- if (action == ACTION_RUN) {
3051- return hip_handle_exec_app(0, EXEC_LOADLIB_OPP, optc, &opt[0]);
3052- }
3053- if (optc != 1) {
3054- HIP_ERROR("Incorrect number of arguments\n");
3055- err = -EINVAL;
3056- goto out;
3057- }
3058-
3059- if (!strcmp("normal", opt[0])) {
3060- oppmode = 1;
3061- } else if (!strcmp("advanced", opt[0])) {
3062- oppmode = 2;
3063- } else if (!strcmp("none", opt[0])) {
3064- oppmode = 0;
3065- } else {
3066- HIP_ERROR("Invalid argument\n");
3067- err = -EINVAL;
3068- goto out;
3069- }
3070-
3071- /* Build the message header */
3072- err = hip_build_user_hdr(msg, HIP_MSG_SET_OPPORTUNISTIC_MODE, 0);
3073- if (err) {
3074- HIP_ERROR("Failed to build user message header.: %s\n", strerror(err));
3075- goto out;
3076- }
3077-
3078- err = hip_build_param_contents(msg, &oppmode, HIP_PARAM_UINT,
3079- sizeof(unsigned int));
3080- if (err) {
3081- HIP_ERROR("build param oppmode failed: %s\n", strerror(err));
3082- goto out;
3083- }
3084-
3085-out:
3086- return err;
3087-}
3088-
3089-/**
3090 * Translate a HIT to an LSI
3091 *
3092 * @param msg input/output message for the query/response for hipd
3093@@ -2166,8 +2098,7 @@
3094 * @note In order to this function to work properly, "make install"
3095 * must be executed to install libraries to right paths. Also library
3096 * paths must be set right.
3097- * @see exec_app_types EXEC_LOADLIB_OPP, EXEC_LOADLIB_HIP and
3098- * EXEC_LOADLIB_NONE
3099+ * @see exec_app_types EXEC_LOADLIB_HIP and EXEC_LOADLIB_NONE
3100 *
3101 */
3102 int hip_handle_exec_app(int do_fork, int type, int argc,
3103@@ -2203,9 +2134,6 @@
3104 HIP_DEBUG("Executing %s.\n", argv[0]);
3105 if (type == EXEC_LOADLIB_HIP) {
3106 libs[0] = strdup("libhiptool.so");
3107- } else if (type == EXEC_LOADLIB_OPP) {
3108- libs[0] = strdup("libopphip.so");
3109- libs[1] = strdup("libhiptool.so");
3110 }
3111
3112 hip_append_pathtolib(libs, lib_all, LIB_LENGTH);
3113@@ -2587,7 +2515,7 @@
3114 NULL, /* 5: unused, was TYPE_BOS */
3115 hip_conf_handle_puzzle, /* 6: TYPE_PUZZLE */
3116 hip_conf_handle_nat, /* 7: TYPE_NAT */
3117- hip_conf_handle_opp, /* 8: TYPE_OPP */
3118+ NULL, /* 8: unused, was TYPE_OPP */
3119 NULL, /* 9: unused, was TYPE_BLIND */
3120 hip_conf_handle_service, /* 10: TYPE_SERVICE */
3121 /* Any server side registration action. */
3122
3123=== modified file 'lib/core/conf.h'
3124--- lib/core/conf.h 2011-01-03 19:36:44 +0000
3125+++ lib/core/conf.h 2011-01-10 18:30:13 +0000
3126@@ -49,13 +49,6 @@
3127 * These values are used for TYPE_xxx macros.
3128 */
3129
3130-/** @defgroup exec_app_types Execute application types
3131- * @{
3132- * Execute application with opportunistic library preloaded.
3133- * @see handle_exec_application()
3134- */
3135-#define EXEC_LOADLIB_OPP 8
3136-
3137 /**
3138 * Execute application with hip-libraries preloaded.
3139 * Overides example getaddrinfo().
3140
3141=== modified file 'lib/core/hashtable.c'
3142--- lib/core/hashtable.c 2010-10-19 02:38:50 +0000
3143+++ lib/core/hashtable.c 2011-01-10 18:30:13 +0000
3144@@ -41,8 +41,6 @@
3145 * @brief Hashtable wrappers for OpenSSL lhash implementation
3146 *
3147 * @author Miika Komu <miika@iki.fi>
3148- * @see lib/opphip/wrap_db.c for a minimal hash table implementation
3149- * example
3150 */
3151
3152 #include <limits.h>
3153
3154=== modified file 'lib/core/icomm.h'
3155--- lib/core/icomm.h 2010-12-28 18:21:49 +0000
3156+++ lib/core/icomm.h 2011-01-10 18:30:13 +0000
3157@@ -93,8 +93,6 @@
3158 #define HIP_MSG_CONF_PUZZLE_SET 74
3159 #define HIP_MSG_CONF_PUZZLE_INC 75
3160 #define HIP_MSG_CONF_PUZZLE_DEC 76
3161-/* free slot */
3162-#define HIP_MSG_SET_OPPORTUNISTIC_MODE 78
3163 /* Free slots here */
3164 #define HIP_MSG_SET_DEBUG_ALL 82
3165 #define HIP_MSG_SET_DEBUG_MEDIUM 83
3166@@ -107,13 +105,12 @@
3167 #define HIP_MSG_SET_LOCATOR_ON 89
3168 #define HIP_MSG_SET_LOCATOR_OFF 90
3169 /* Free slots here */
3170-#define HIP_MSG_SET_OPPTCP_ON 94
3171-#define HIP_MSG_SET_OPPTCP_OFF 95
3172
3173
3174 #define HIP_MSG_RESET_FIREWALL_DB 98
3175
3176-#define HIP_MSG_OPPTCP_SEND_TCP_PACKET 99
3177+/* Free slots here */
3178+
3179 #define HIP_MSG_TRANSFORM_ORDER 100
3180
3181 /** Socket option for the server to offer the RVS service. (server side) */
3182
3183=== modified file 'modules/update/hipd/update_legacy.c'
3184--- modules/update/hipd/update_legacy.c 2011-01-09 22:18:11 +0000
3185+++ modules/update/hipd/update_legacy.c 2011-01-10 18:30:13 +0000
3186@@ -39,7 +39,6 @@
3187 #include "config.h"
3188 #include "hipd/hipd.h"
3189 #include "hipd/maintenance.h"
3190-#include "hipd/oppipdb.h"
3191 #include "lib/core/builder.h"
3192 #include "lib/core/debug.h"
3193 #include "lib/core/ife.h"

Subscribers

People subscribed via source and target branches

to all changes: