HIPL

Merge lp:~martin-lp/hipl/hipfwconf into lp:hipl

  1. hipfwconf
  2. Merge into trunk
Proposed by David Martin
Status: Superseded
Proposed branch: lp:~martin-lp/hipl/hipfwconf
Merge into: lp:hipl
Diff against target: 887 lines (+345/-124)
11 files modified
firewall/conntrack.c (+53/-0)
firewall/conntrack.h (+2/-0)
firewall/firewall.c (+32/-17)
firewall/firewall.h (+3/-1)
firewall/firewall_control.c (+30/-3)
firewall/firewall_control.h (+2/-2)
hipd/init.c (+1/-1)
lib/core/conf.c (+150/-71)
lib/core/conf.h (+5/-0)
lib/core/message.c (+66/-29)
lib/core/message.h (+1/-0)
To merge this branch: bzr merge lp:~martin-lp/hipl/hipfwconf
Reviewer Review Type Date Requested Status
Diego Biurrun Needs Fixing
Miika Komu Approve
Review via email: mp+80830@code.launchpad.net

This proposal supersedes a proposal from 2011-10-24.

This proposal has been superseded by a proposal from 2011-11-07.

Description of the change

This branch introduces changes to get the currently active connection from the firewall.

This is a resubmitted merge proposal:
instead of using a separate binary option 1 of the previous discussion is implemented:
> 1) add an extra keyword to the hipconf command line: hipconf (daemon | firewall) COMMAND

Summed up changes since the last proposal (revision 6116ff.):
Keywords to address hipd / hipfw are daemon and firewall and defined in lib/core/conf.h.
The hipconf help print has been updated.
Config file syntax does not have to be changed as only hipd parses configs via hipconf and the daemon
keyword is hardcoded.

From what I've tested everything works as before. I do not know all hipconf options or how to apply them
so I did not test them all. Please have a look if everything seems right.

To post a comment you must log in.
Revision history for this message
Miika Komu (miika-iki) wrote : Posted in a previous version of this proposal

Why separate binary just for configuring hipfw? Why this can't be embedded into hipconf?

review: Needs Information
Revision history for this message
Diego Biurrun (diego-biurrun) wrote : Posted in a previous version of this proposal

On Mon, Oct 24, 2011 at 03:49:25PM +0000, Miika Komu wrote:
> Review: Needs Information
>
> Why separate binary just for configuring hipfw? Why this can't be embedded into hipconf?

Seconded. I'm terribly suspicious of this whole hipconf thing and
whether or not it is a good idea. IIUC authentication is nonexistent
and it's not clear to me what the advantage to rereading a config
file is.

Diego

Revision history for this message
Miika Komu (miika-iki) wrote : Posted in a previous version of this proposal

Another benefit of merged functionality is to allow reading of static information from /etc/hip/hipd_config

Revision history for this message
René Hummen (rene-hummen) wrote : Posted in a previous version of this proposal

On 24.10.2011, at 17:49, Miika Komu wrote:
> Why separate binary just for configuring hipfw? Why this can't be embedded into hipconf?

There are three ways to implement this functionality:
1) add an extra keyword to the hipconf command line: hipconf (daemon | firewall) COMMAND
2) add firewall queries as command parameter: hipconf get firewall-ha
3) implement as separate binary using libcore.

(1) would require some changes to hipconf command line parsing and would render the old user API broken. Furthermore, it would require an even longer parameter list for getting specific information. For these reasons, I would not want to implement this option.
(2) is somewhat inconsistent with the current syntax, but I would be fine with that. Only minor changes to the current proposal would be required.
(3) doesn't break the user API and clearly separates hipd configuration from hipfw status querying. This is my preferred option.

Opinions and other proposals are welcome.

Ciao,
René

--
Dipl.-Inform. Rene Hummen, Ph.D. Student
Chair of Communication and Distributed Systems
RWTH Aachen University, Germany
tel: +49 241 80 20772
web: http://www.comsys.rwth-aachen.de/team/rene-hummen/

Revision history for this message
René Hummen (rene-hummen) wrote : Posted in a previous version of this proposal

Forgot to include launchpad.

Begin forwarded message:
> From: René Hummen <email address hidden>
> Date: 27. Oktober 2011 15:41:06 MESZ
> To: <email address hidden>
> Subject: Re: [hipl-dev] Re: [Merge] lp:~martin-lp/hipl/hipfwconf into lp:hipl
>
> On 24.10.2011, at 19:27, Diego Biurrun wrote:
>> On Mon, Oct 24, 2011 at 03:49:25PM +0000, Miika Komu wrote:
>>> Review: Needs Information
>>>
>>> Why separate binary just for configuring hipfw? Why this can't be embedded into hipconf?
>>
>> Seconded. I'm terribly suspicious of this whole hipconf thing and
>> whether or not it is a good idea. IIUC authentication is nonexistent
>> and it's not clear to me what the advantage to rereading a config
>> file is.
>
> The issue of having one or multiple binaries aside, I think hipconf should rather be a hipstatus tool. I.e., hipd and hipfw should be configured via config files (with reload functionality) and the the current run-time status should be requestable via hipstatus. However, this is not as it's done in HIPL at the moment. Instead, reading the config file mimics calls to hipconf in order to set up the hipd. hipfwconf, on the other hand, only provides status information.
>
> Do I see volunteers who are willing to fix this hipconf-based configuration issue? :)
>
> Ciao,
> René

--
Dipl.-Inform. Rene Hummen, Ph.D. Student
Chair of Communication and Distributed Systems
RWTH Aachen University, Germany
tel: +49 241 80 20772
web: http://www.comsys.rwth-aachen.de/team/rene-hummen/

Revision history for this message
René Hummen (rene-hummen) wrote : Posted in a previous version of this proposal

On 25.10.2011, at 09:42, Miika Komu wrote:
> Another benefit of merged functionality is to allow reading of static information from /etc/hip/hipd_config

I don't see your point here. Can you please explain. By the way, hipfwconf wraps around libcore the same way hipconf does.

--
Dipl.-Inform. Rene Hummen, Ph.D. Student
Chair of Communication and Distributed Systems
RWTH Aachen University, Germany
tel: +49 241 80 20772
web: http://www.comsys.rwth-aachen.de/team/rene-hummen/

Revision history for this message
Miika Komu (miika-iki) wrote : Posted in a previous version of this proposal

> IIUC authentication is nonexistent

This a fallacy, it does have authentication. Critical functions are allowed only for root.

> and it's not clear to me what the advantage to rereading a config
> file is.

Obviously, changing of parameters during run time.

Revision history for this message
Miika Komu (miika-iki) wrote : Posted in a previous version of this proposal

> On 25.10.2011, at 09:42, Miika Komu wrote:
> > Another benefit of merged functionality is to allow reading of static
> information from /etc/hip/hipd_config
>
> I don't see your point here. Can you please explain. By the way, hipfwconf
> wraps around libcore the same way hipconf does.

You mean that you can set hipfwconf parameters from /etc/hip/hipd_config ? Did you test this?

Revision history for this message
Miika Komu (miika-iki) wrote : Posted in a previous version of this proposal

> On 24.10.2011, at 17:49, Miika Komu wrote:
> > Why separate binary just for configuring hipfw? Why this can't be embedded
> into hipconf?
>
> There are three ways to implement this functionality:
> 1) add an extra keyword to the hipconf command line: hipconf (daemon |
> firewall) COMMAND
> 2) add firewall queries as command parameter: hipconf get firewall-ha

Either of these would work for me. Probably 1 is a bit cleaner.

> 3) implement as separate binary using libcore.

I'll counterargument against this below.

> (1) would require some changes to hipconf command line parsing and would
> render the old user API broken. Furthermore, it would require an even longer
> parameter list for getting specific information. For these reasons, I would
> not want to implement this option.

Who cares if the API is changes, really? By breaking, you mean /etc/hip/hipd_config? The file could be prefixed with a "daemon" with a simple regexp when you start hipd (if we would choose #1).

> (2) is somewhat inconsistent with the current syntax, but I would be fine with
> that. Only minor changes to the current proposal would be required.

I would be fine with this.

> (3) doesn't break the user API and clearly separates hipd configuration from
> hipfw status querying. This is my preferred option.

Proposal 3 also fragments the HIP administrative interface into two. You suggest that we'll have one read-only interface and another writeable. I believe in a more unified interface and I fail see why we should disperse. It doesn't sound very responsible to say something is bad, but leave it as it is and switch to new tool?

What do you mean by "hipconf-based configuration issue"?

review: Disapprove
Revision history for this message
Diego Biurrun (diego-biurrun) wrote : Posted in a previous version of this proposal

On Thu, Oct 27, 2011 at 01:31:29PM +0000, René Hummen wrote:
> On 24.10.2011, at 17:49, Miika Komu wrote:
> > Why separate binary just for configuring hipfw? Why this can't be embedded into hipconf?
>
> There are three ways to implement this functionality:
> 1) add an extra keyword to the hipconf command line: hipconf (daemon | firewall) COMMAND
> 2) add firewall queries as command parameter: hipconf get firewall-ha
> 3) implement as separate binary using libcore.
>
> (1) would require some changes to hipconf command line parsing and
> would render the old user API broken. Furthermore, it would require an
> even longer parameter list for getting specific information. For these
> reasons, I would not want to implement this option.

alias hipdconf="hipconf daemon"
alias hipfwconf="hipconf firewall"

Diego

Revision history for this message
Diego Biurrun (diego-biurrun) wrote :

 review needs-fixing

On Mon, Oct 31, 2011 at 06:22:27PM +0000, David Martin wrote:
>
> --- Makefile.am 2011-10-17 18:14:10 +0000
> +++ Makefile.am 2011-10-31 18:21:26 +0000
> @@ -90,8 +90,8 @@
>
> -tools_hipconf_SOURCES = tools/hipconf.c
> -tools_pisacert_SOURCES = tools/pisacert.c
> +tools_hipconf_SOURCES = tools/hipconf.c
> +tools_pisacert_SOURCES = tools/pisacert.c

unrelated

Diego

review: Needs Fixing
Revision history for this message
Miika Komu (miika-iki) wrote :

hip_send_recv_firewall_info() has been copy-pasted from hip_send_recv_daemon_info(). The same goes for
hip_send_recv_firewall_info() and hip_handle_user_msg(). Code reuse?

lib/core/conf.c:hipconf_usage is not updated accordingly. Same goes for hipd/init.c:HIPL_CONFIG_FILE_EX. Otherwise, nobody will know about your extensions.

Also, I would like to hear a test report with some existing hipconf options to understand that legacy support still works. For example, try the following:

* hipconf add map HIT IP
* hipconf get ha all
* hipconf rst all

<wait few secs>

* hipconf nat none
* hipconf add map HIT IP
* hipconf get ha all
* hipconf rst all

<wait few secs>

* hipconf nat plain-udp
* hipconf add map HIT IP
* hipconf get ha all
* hipconf rst all

<wait few secs>

* hipconf nat port 1111
* hipconf add map HIT IP
* hipconf get ha all
* hipconf rst all

Does it do what expected?

Other than this, I am satisfied with this commit.

review: Needs Fixing
Revision history for this message
David Martin (martin-lp) wrote :

Hi,

On Mon, Oct 31, 2011 at 9:58 PM, Diego Biurrun <email address hidden> wrote:
> On Mon, Oct 31, 2011 at 06:22:27PM +0000, David Martin wrote:
>> --- Makefile.am 2011-10-17 18:14:10 +0000
>> +++ Makefile.am 2011-10-31 18:21:26 +0000
>> @@ -90,8 +90,8 @@
>>
>> -tools_hipconf_SOURCES = tools/hipconf.c
>> -tools_pisacert_SOURCES = tools/pisacert.c
>> +tools_hipconf_SOURCES = tools/hipconf.c
>> +tools_pisacert_SOURCES = tools/pisacert.c
>
> unrelated

That's not really unrelated but unintended. Forgot to reindent after removing the hipfwconf line. Fixed now.

lp:~martin-lp/hipl/hipfwconf updated
6108. By Diego Biurrun

packaging: port package building script to openSUSE

6109. By Diego Biurrun

INSTALL: Add list of required packages for OpenSUSE.

Revision history for this message
David Martin (martin-lp) wrote :

Hi,

On Wed, Nov 2, 2011 at 8:32 AM, Miika Komu <email address hidden> wrote:
> Review: Needs Fixing
>
> hip_send_recv_firewall_info() has been copy-pasted from hip_send_recv_daemon_info().

You are right, that has been some pretty evil piece of copy-paste. Fixed this in revision 6121.

> The same goes for hip_send_recv_firewall_info() and hip_handle_user_msg(). Code reuse?

What exactly do you mean?

> lib/core/conf.c:hipconf_usage is not updated accordingly. Same goes for hipd/init.c:HIPL_CONFIG_FILE_EX. Otherwise, nobody will know about your extensions.

I changed it where hipconf_usage was used but this may have not been clear enough.
I've fixed it in revision 6122. Should be better now.

> Also, I would like to hear a test report with some existing hipconf options to understand that legacy support still works. For example, try the following:
>
> * hipconf add map HIT IP
> * hipconf get ha all
> * hipconf rst all
>
> <wait few secs>
>
> * hipconf nat none
> * hipconf add map HIT IP
> * hipconf get ha all
> * hipconf rst all
>
> <wait few secs>
>
> * hipconf nat plain-udp
> * hipconf add map HIT IP
> * hipconf get ha all
> * hipconf rst all
>
> <wait few secs>
>
> * hipconf nat port 1111
> * hipconf add map HIT IP
> * hipconf get ha all
> * hipconf rst all
>
> Does it do what expected?

Did not test that yet but I'll have a look into it and report back.

Revision history for this message
Miika Komu (miika-iki) wrote :

Hi,

On 11/02/2011 01:04 PM, David Martin wrote:
>> The same goes for hip_send_recv_firewall_info() and hip_handle_user_msg(). Code reuse?
> What exactly do you mean?

the functions offer very similar functionality (copy paste).

Revision history for this message
David Martin (martin-lp) wrote :

Hi again,

On Wed, Nov 2, 2011 at 12:25 PM, Miika Komu <email address hidden> wrote:
> On 11/02/2011 01:04 PM, David Martin wrote:
>>>
>>> The same goes for hip_send_recv_firewall_info() and
>>> hip_handle_user_msg(). Code reuse?
>>
>> What exactly do you mean?
>
> the functions offer very similar functionality (copy paste).

Sorry for being a bit dense but I'm still not sure what you mean.
hip_handle_user_msg() is an enormous beast of a function dealing with all incoming
hipconf messages. hip_send_recv_firewall_info() sends messages to hipfw and
since the last commit is nothing more than a wrapper for send_recv_info_internal().

Maybe you mean hip_handle_msg() in firewall_control.c which basically does the same
as hip_handle_user_msg() only for the firewall. It has not really been touched in this
branch and I see no reason to merge them together. It would result in an even bigger
and even more unwieldy function. The firewall does receive user messages of the same
message type, but it acts differently on them than hipd. I think it's reasonable to keep them
apart. We should think about renaming them to make their purpose more obvious but this
is out of scope of this branch.

Revision history for this message
Miika Komu (miika-iki) wrote :

Sorry, I mean fw_handle_hipd_message() and hip_handle_user_msg(). It seems that the beginning of the functions is copy paste. You could extract the beginning into another function and call it in the other two.

Revision history for this message
David Martin (martin-lp) wrote :
Download full text (3.7 KiB)

Hi,

On Wed, Nov 2, 2011 at 3:26 PM, Miika Komu <email address hidden> wrote:
> Sorry, I mean fw_handle_hipd_message() and hip_handle_user_msg(). It seems that the beginning of the functions is copy paste. You could extract the beginning into another function and call it in the other two.

You are right. But if I see it correctly those two weren't really touched by this branch so I would
say it's not related. Feel free to change it in trunk. :)))

PS: Fixed non-compiling make doxygen and added error-handling for wrong process keywords in the last two revisions.

PPS: Had a look at your proposed commands as well. They seem to work alright as far as I can judge. Here's a log:

martin@pisa1:~/src/hipl/hipl_hipfwconf$ sudo tools/hipconf daemon add map 2001:17:e5ab:56b2:3b45:419f:f784:af6a 10.0.3.1
Mapped v4 to v6.
mapped v6: 10.0.3.1
Sending user message 2 to HIPD on socket 3
Sent 88 bytes
Waiting to receive daemon info.
88 bytes received from HIP daemon.
User message was sent successfully to the HIP daemon.

martin@pisa1:~/src/hipl/hipl_hipfwconf$ sudo tools/hipconf daemon get ha all
Sending user message 22 to HIPD on socket 3
Sent 40 bytes
Waiting to receive daemon info.
248 bytes received from HIP daemon.
HA is UNASSOCIATED
 Shotgun mode is off.
 Broadcast mode is off.
 Local HIT: 2001:0017:e5ab:56b2:3b45:419f:f784:af6a
 Peer HIT: 2001:0017:e5ab:56b2:3b45:419f:f784:af6a
 Local LSI: 1.0.0.1
 Peer LSI: 1.0.0.1
 Local IP: 10.0.3.1
 Local NAT traversal UDP port: 10500
 Peer IP: 10.0.3.1
 Peer NAT traversal UDP port: 10500
 Peer hostname:

martin@pisa1:~/src/hipl/hipl_hipfwconf$ sudo tools/hipconf daemon rst all
Sending user message 68 to HIPD on socket 3
Sent 64 bytes
Waiting to receive daemon info.
64 bytes received from HIP daemon.
User message was sent successfully to the HIP daemon.

martin@pisa1:~/src/hipl/hipl_hipfwconf$ sudo tools/hipconf daemon get ha all
Sending user message 22 to HIPD on socket 3
Sent 40 bytes
Waiting to receive daemon info.
40 bytes received from HIP daemon.

martin@pisa1:~/src/hipl/hipl_hipfwconf$ sudo tools/hipconf daemon nat none
<snip>

martin@pisa1:~/src/hipl/hipl_hipfwconf$ sudo tools/hipconf daemon add map 2001:17:e5ab:56b2:3b45:419f:f784:af6a 10.0.3.1
<snip>

martin@pisa1:~/src/hipl/hipl_hipfwconf$ sudo tools/hipconf daemon get ha all
<snip>
HA is UNASSOCIATED
 Shotgun mode is off.
 Broadcast mode is off.
 Local HIT: 2001:0017:e5ab:56b2:3b45:419f:f784:af6a
 Peer HIT: 2001:0017:e5ab:56b2:3b45:419f:f784:af6a
 Local LSI: 1.0.0.1
 Peer LSI: 1.0.0.1
 Local IP: 10.0.3.1
 Local NAT traversal UDP port: 0
 Peer IP: 10.0.3.1
 Peer NAT traversal UDP port: 0
 Peer hostname:

martin@pisa1:~/src/hipl/hipl_hipfwconf$ sudo tools/hipconf daemon nat plain-udp
<snip>

martin@pisa1:~/src/hipl/hipl_hipfwconf$ sudo tools/hipconf daemon get ha all
<snip>
HA is UNASSOCIATED
 Shotgun mode is off.
 Broadcast mode is off.
 Local HIT: 2001:0017:e5ab:56b2:3b45:419f:f784:af6a
 Peer HIT: 2001:0017:e5ab:56b2:3b45:419f:f784:af6a
 Local LSI: 1.0.0.1
 Peer LSI: 1.0.0.1
 Local IP: 10.0.3.1
 Local NAT traversal UDP port: 10500
 Peer IP: 10.0.3.1
 Peer NAT traversal UDP port: 10500
 Peer hostname:

martin@pisa1:~/src/hipl/hipl_hi...

Read more...

Revision history for this message
René Hummen (rene-hummen) wrote : Posted in a previous version of this proposal

On 27.10.2011, at 16:37, Miika Komu wrote:
>> On 25.10.2011, at 09:42, Miika Komu wrote:
>>> Another benefit of merged functionality is to allow reading of static
>> information from /etc/hip/hipd_config
>>
>> I don't see your point here. Can you please explain. By the way, hipfwconf
>> wraps around libcore the same way hipconf does.
>
> You mean that you can set hipfwconf parameters from /etc/hip/hipd_config ? Did you test this?

Hmmm, I'm not sure what this discussion was about exactly. Maybe some clarification as to what kind of functionality this branch is supposed to introduce: it allows to request status information from hipfw at run-time. However, it does not allow for run-time configuration right now. Of course, it would be easy to extend hipfw with this functionality, but I don't see that this desirable.

--
Dipl.-Inform. Rene Hummen, Ph.D. Student
Chair of Communication and Distributed Systems
RWTH Aachen University, Germany
tel: +49 241 80 20772
web: http://www.comsys.rwth-aachen.de/team/rene-hummen/

lp:~martin-lp/hipl/hipfwconf updated
6110. By René Hummen

merge lp:~rene-hummen/hipl/logging

This merge updates the logging facilities of HIPL and adds a new log
level "LOW".

Macros are now mapped to the debug levels as follows:
=========================================
| NONE | DIE, ASSERT
------------------------------------------
| LOW | DIE, ASSERT, ERROR
------------------------------------------
| MEDIUM | DIE, ASSERT, ERROR, INFO
------------------------------------------
| ALL | DIE, ASSERT, ERROR, INFO, DEBUG
==========================================

Also see merge proposal:
https://code.launchpad.net/~rene-hummen/hipl/logging/+merge/81065

Revision history for this message
Miika Komu (miika-iki) wrote :

> Hmmm, I'm not sure what this discussion was about exactly. Maybe some clarification as to what kind of functionality
> this branch is supposed to introduce: it allows to request status information from hipfw at run-time. However, it
> does not allow for run-time configuration right now. Of course, it would be easy to extend hipfw with this
> functionality, but I don't see that this desirable.

Never mind (now hipd_config can be used to trigger hipfw actions as well).

review: Approve
Revision history for this message
David Martin (martin-lp) wrote :

Diego, your opinion? :)

Revision history for this message
Diego Biurrun (diego-biurrun) wrote :

 review needs-fixing

On Mon, Oct 31, 2011 at 06:22:27PM +0000, David Martin wrote:
>
> --- lib/core/conf.h 2011-08-15 14:11:56 +0000
> +++ lib/core/conf.h 2011-10-31 18:21:26 +0000
> @@ -54,6 +54,11 @@
>
> +enum daemon_name { HIP_DAEMON, HIP_FIREWALL };
> +/* keywords used to identify hipd / hipfw as target of hipconf command */
> +#define HIPCONF_HIPD_KEYWORD "daemon"
> +#define HIPCONF_HIPFW_KEYWORD "firewall"

These appear unused outside of conf.c.

Diego

review: Needs Fixing
Revision history for this message
Diego Biurrun (diego-biurrun) wrote :

On Fri, Nov 04, 2011 at 12:07:34PM +0000, David Martin wrote:
> Diego, your opinion? :)

I said enough to reject it already, just added some more ;)

Diego

Revision history for this message
David Martin (martin-lp) wrote :

Hi,

On Fri, Nov 4, 2011 at 1:25 PM, Diego Biurrun <email address hidden> wrote:
> On Mon, Oct 31, 2011 at 06:22:27PM +0000, David Martin wrote:
>>
>> --- lib/core/conf.h 2011-08-15 14:11:56 +0000
>> +++ lib/core/conf.h 2011-10-31 18:21:26 +0000
>> @@ -54,6 +54,11 @@
>>
>> +enum daemon_name { HIP_DAEMON, HIP_FIREWALL };
>> +/* keywords used to identify hipd / hipfw as target of hipconf command */
>> +#define HIPCONF_HIPD_KEYWORD "daemon"
>> +#define HIPCONF_HIPFW_KEYWORD "firewall"
>
> These appear unused outside of conf.c.

Nope, using them in lib/core/message.c as well. Did you pull the latest revisions?

On Fri, Nov 4, 2011 at 1:29 PM, Diego Biurrun <email address hidden> wrote:
> I said enough to reject it already, just added some more ;)

Well, other than you being terribly suspicious of hipconf in general you did not say
aynthing. And that's not very constructive. :p

Revision history for this message
Diego Biurrun (diego-biurrun) wrote :

On Fri, Nov 04, 2011 at 12:53:25PM +0000, David Martin wrote:
> On Fri, Nov 4, 2011 at 1:25 PM, Diego Biurrun <email address hidden> wrote:
> > On Mon, Oct 31, 2011 at 06:22:27PM +0000, David Martin wrote:
> >>
> >> --- lib/core/conf.h 2011-08-15 14:11:56 +0000
> >> +++ lib/core/conf.h 2011-10-31 18:21:26 +0000
> >> @@ -54,6 +54,11 @@
> >>
> >> +enum daemon_name { HIP_DAEMON, HIP_FIREWALL };
> >> +/* keywords used to identify hipd / hipfw as target of hipconf command */
> >> +#define HIPCONF_HIPD_KEYWORD "daemon"
> >> +#define HIPCONF_HIPFW_KEYWORD "firewall"
> >
> > These appear unused outside of conf.c.
>
> Nope, using them in lib/core/message.c as well. Did you pull the latest revisions?

Of course not! I don't pull anything to review your work, why would I?
I just sit here and read emails. I should not have to care about you
committing new revisions somewhere I'm not looking.

> On Fri, Nov 4, 2011 at 1:29 PM, Diego Biurrun <email address hidden> wrote:
> > I said enough to reject it already, just added some more ;)
>
> Well, other than you being terribly suspicious of hipconf in general you did not say
> aynthing. And that's not very constructive. :p

I said there were unrelated stray changes - that's ground enough not to
commit it so I did not bother to look in detail at a version that will
not be pushed anyway ;)

Diego

lp:~martin-lp/hipl/hipfwconf updated
6111. By Miika Komu

Fixed an annoyance in a maintainer script

From bug #795846: The "make syncrepo" target seems to unnecessarily copy also
old packages to the repository. Fixed by including the revision number also.

6112. By David Martin

Cosmetics: Move comment in queue_packet() to where it belongs.

6113. By David Martin

Make hipconf_usage string static as it is local to lib/core/conf.c.

6126. By David Martin

Cosmetics: fix leftover indentation in Makefile.am.

6127. By David Martin

Refactor hip_send_recv_daemon_info_internal() to avoid code duplication.

send_recv_daemon_info_internal() is now called send_recv_info_internal()
and gets the destination port as an additional parameter. This way it will
be used to communicate with both hipd and hipfw. As a consequence
hip_send_recv_firewall_info() has been reduced to a simple wrapper call.

6128. By David Martin

Make hipconf and config file usage more clear.

6129. By David Martin

Add error handling for process keyword in lib/core/conf.{c, h}.

Comparing an enum to a -1 return value is not good. Add UNKNOWN_KEYWORD
as error return value for conf_get_process().

Exit hipconf when an invalid target process keyword is specified and
print an error notice as well.

6130. By David Martin

Fix missing / leftover doxygen documentation.

6131. By David Martin

Apply new hipconf syntax to doc/HOWTO.xml.in.

6132. By David Martin

Add daemon keyword to commands in hipdnsproxy.in.

6133. By David Martin

Apply changed hipconf usage to documentation in sourcefiles.

6134. By David Martin

Fix some stray error messages referring incorrectly only to the HIP daemon.

Make them more generic by adding the firewall as well.

6135. By David Martin

Correct header #include ordering in firewall_control.c.

6136. By David Martin

Make hipfwconf_usage static as it's local to conf.c.

6137. By David Martin

Cosmetics: Fix typo in conf_get_process() documentation.

6138. By David Martin

Make daemon_name enum static, it is local to lib/core/conf.c.

6139. By David Martin

Refer to daemon in error messages instead of mentioning both hipd and hipfw.

6140. By David Martin

Use 'the' when referring to the daemon in conf.c/message.c error messages.

Sounds a lot better this way.

6141. By David Martin

Move daemon_name enum to lib/core/conf.c as it is only used there.

6142. By David Martin

Return enum daemon_name instead of int in conf_get_process().

If we have got a named enum for that purpose we may as well use it.

6143. By David Martin

Make conf_get_process() const-correct.

Unmerged revisions

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'firewall/conntrack.c'
2--- firewall/conntrack.c 2011-10-25 21:14:16 +0000
3+++ firewall/conntrack.c 2011-11-02 14:51:25 +0000
4@@ -2244,3 +2244,56 @@
5 remove_connection(conn_list->data);
6 }
7 }
8+
9+/**
10+ * Prepare given message with host association info from the tracked connections.
11+ *
12+ * @param msg The message where the info is written.
13+ * @return 0 on success
14+ * -1 on error
15+ */
16+int hip_fw_handle_get_ha_info(struct hip_common *msg)
17+{
18+ struct hip_hadb_user_info_state hid = { { { { 0 } } } };
19+ struct slist *iter_conn;
20+ struct connection *conn;
21+ struct hip_data *data;
22+
23+ if (!msg) {
24+ HIP_ERROR("Missing message parameter.\n");
25+ return -1;
26+ }
27+
28+ if (conn_list == NULL) {
29+ HIP_DEBUG("No tracked connections to return.\n");
30+ return 0;
31+ }
32+
33+ hip_msg_init(msg);
34+ if (hip_build_user_hdr(msg, HIP_MSG_GET_HA_INFO, 0) < 0) {
35+ HIP_ERROR("Failed to build GET_HA_INFO message header.\n");
36+ return -1;
37+ }
38+
39+ iter_conn = conn_list;
40+ while (iter_conn) {
41+ conn = iter_conn->data;
42+ data = conn->original.hip_tuple->data;
43+
44+ // build HA_INFO with info from connection initiator
45+ hid.state = conn->state;
46+ ipv6_addr_copy(&hid.hit_our, &data->src_hit);
47+ ipv6_addr_copy(&hid.hit_peer, &data->dst_hit);
48+ hid.nat_udp_port_local = conn->original.src_port;
49+ hid.nat_udp_port_peer = conn->original.dst_port;
50+
51+ if (hip_build_param_contents(msg, &hid, HIP_PARAM_HA_INFO, sizeof(hid)) < 0) {
52+ HIP_ERROR("Failed to build initiator HA_INFO parameter.\n");
53+ return -1;
54+ }
55+
56+ iter_conn = iter_conn->next;
57+ }
58+
59+ return 0;
60+}
61
62=== modified file 'firewall/conntrack.h'
63--- firewall/conntrack.h 2011-07-18 16:31:37 +0000
64+++ firewall/conntrack.h 2011-11-02 14:51:25 +0000
65@@ -63,4 +63,6 @@
66 void hip_fw_conntrack_periodic_cleanup(void);
67 void hip_fw_uninit_conntrack(void);
68
69+int hip_fw_handle_get_ha_info(struct hip_common *msg);
70+
71 #endif /* HIP_FIREWALL_CONNTRACK_H */
72
73=== modified file 'firewall/firewall.c'
74--- firewall/firewall.c 2011-10-30 11:41:51 +0000
75+++ firewall/firewall.c 2011-11-02 14:51:25 +0000
76@@ -1672,7 +1672,7 @@
77 n = recvfrom(hip_fw_async_sock, msg, sizeof(struct hip_common),
78 MSG_PEEK, (struct sockaddr *) &sock_addr, &alen);
79 if (n < 0) {
80- HIP_ERROR("Error receiving message header from daemon.\n");
81+ HIP_ERROR("Error receiving message header.\n");
82 return -1;
83 }
84
85@@ -1701,24 +1701,13 @@
86 (struct sockaddr *) &sock_addr, &alen);
87
88 if (n < 0) {
89- HIP_ERROR("Error receiving message parameters from daemon.\n");
90+ HIP_ERROR("Error receiving message parameters.\n");
91 return -1;
92 }
93
94 HIP_ASSERT(n == len);
95
96- if (ntohs(sock_addr.sin6_port) != HIP_DAEMON_LOCAL_PORT) {
97- int type = hip_get_msg_type(msg);
98- if (type == HIP_MSG_FW_BEX_DONE) {
99- HIP_DEBUG("HIP_MSG_FW_BEX_DONE\n");
100- HIP_DEBUG("%d == %d\n", ntohs(sock_addr.sin6_port),
101- HIP_DAEMON_LOCAL_PORT);
102- }
103- HIP_DEBUG("Drop, message not from hipd\n");
104- return -1;
105- }
106-
107- if (hip_handle_msg(msg) < 0) {
108+ if (hip_handle_msg(msg, (struct sockaddr *) &sock_addr) < 0) {
109 HIP_ERROR("Error handling message\n");
110 return -1;
111 }
112@@ -1847,8 +1836,6 @@
113 sock_addr.sin6_addr = in6addr_loopback;
114 HIP_IFEL(bind(hip_fw_async_sock, (struct sockaddr *) &sock_addr, sizeof(sock_addr)), -1,
115 "Bind on firewall socket addr failed. Give -k option to kill old hipfw\n");
116- HIP_IFEL(hip_daemon_connect(hip_fw_async_sock), -1,
117- "connecting socket failed\n");
118
119 /* Starting hipfw does not always work when hipfw starts first -miika */
120 if (hip_userspace_ipsec || hip_lsi_support) {
121@@ -1944,7 +1931,7 @@
122 }
123
124 if (FD_ISSET(hip_fw_async_sock, &read_fdset)) {
125- HIP_DEBUG("****** Received HIPD message ******\n");
126+ HIP_DEBUG("****** Received user message ******\n");
127 err = fw_handle_hipd_message(msg);
128 }
129
130@@ -2009,3 +1996,31 @@
131
132 return &default_lsi;
133 }
134+
135+/**
136+ * Send a message via the firewall socket for asynchronous messages.
137+ * Caller is responsible for setting up the message.
138+ *
139+ * @param msg The message to be sent.
140+ * @param addr The destination address.
141+ *
142+ * @return 0 on success
143+ * -1 on error
144+ */
145+int hip_fw_send_message(const struct hip_common *const msg,
146+ const struct sockaddr *const addr)
147+{
148+ uint16_t len;
149+
150+ if (msg == NULL || addr == NULL) {
151+ HIP_ERROR("Empty message or address.\n");
152+ return -1;
153+ }
154+
155+ len = hip_get_msg_total_len(msg);
156+ if (sendto(hip_fw_async_sock, msg, len, 0, addr, hip_sockaddr_len(addr)) != len) {
157+ return -1;
158+ }
159+
160+ return 0;
161+}
162
163=== modified file 'firewall/firewall.h'
164--- firewall/firewall.h 2011-04-05 16:44:22 +0000
165+++ firewall/firewall.h 2011-11-02 14:51:25 +0000
166@@ -1,5 +1,5 @@
167 /*
168- * Copyright (c) 2010 Aalto University and RWTH Aachen University.
169+ * Copyright (c) 2010-2011 Aalto University and RWTH Aachen University.
170 *
171 * Permission is hereby granted, free of charge, to any person
172 * obtaining a copy of this software and associated documentation
173@@ -55,5 +55,7 @@
174 void hip_fw_uninit_esp_relay(void);
175 hip_hit_t *hip_fw_get_default_hit(void);
176 hip_lsi_t *hip_fw_get_default_lsi(void);
177+int hip_fw_send_message(const struct hip_common *const msg,
178+ const struct sockaddr *const addr);
179
180 #endif /* HIP_FIREWALL_FIREWALL_H */
181
182=== modified file 'firewall/firewall_control.c'
183--- firewall/firewall_control.c 2011-10-25 21:14:16 +0000
184+++ firewall/firewall_control.c 2011-11-02 14:51:25 +0000
185@@ -38,10 +38,12 @@
186 #include <string.h>
187 #include <netinet/in.h>
188
189+#include "conntrack.h"
190 #include "lib/core/builder.h"
191 #include "lib/core/debug.h"
192 #include "lib/core/ife.h"
193 #include "lib/core/message.h"
194+#include "lib/core/prefix.h"
195 #include "lib/core/protodefs.h"
196 #include "cache.h"
197 #include "firewall.h"
198@@ -91,12 +93,13 @@
199 }
200
201 /**
202- * distribute a message from hipd to the respective extension handler
203+ * distribute a user message to the respective extension handler
204 *
205- * @param msg pointer to the received user message
206+ * @param msg pointer to the received user message
207+ * @param addr destination address for a reply
208 * @return 0 on success, else -1
209 */
210-int hip_handle_msg(struct hip_common *msg)
211+int hip_handle_msg(struct hip_common *msg, struct sockaddr *addr)
212 {
213 int type, err = 0;
214 struct hip_common *msg_out = NULL;
215@@ -150,12 +153,36 @@
216 HIP_IFEL(hip_send_recv_daemon_info(msg_out, 1, hip_fw_sock), -1,
217 "Couldn't notify daemon of firewall presence\n");
218 break;
219+ case HIP_MSG_GET_HA_INFO:
220+ HIP_IFEL(hip_fw_handle_get_ha_info(msg), -1,
221+ "Could not handle GET_HA message.\n");
222+ HIP_IFEL(hip_fw_send_message(msg, addr), -1,
223+ "Could not send HA reply.\n");
224+ break;
225 default:
226 HIP_ERROR("Unhandled message type %d\n", type);
227 err = -1;
228 break;
229 }
230+
231 out_err:
232+ if (hip_get_msg_response(msg)) {
233+ HIP_DEBUG("Send response\n");
234+ if (err) {
235+ hip_hdr msg_type = hip_get_msg_type(msg);
236+ hip_msg_init(msg);
237+ hip_build_user_hdr(msg, msg_type, 0);
238+ hip_set_msg_err(msg, 1);
239+ }
240+ HIP_DEBUG("Sending message (type=%d) response\n",
241+ hip_get_msg_type(msg));
242+ if (hip_fw_send_message(msg, addr) == -1) {
243+ err = -1;
244+ } else {
245+ HIP_DEBUG("Response sent ok\n");
246+ }
247+ }
248+
249 free(msg_out);
250 return err;
251 }
252
253=== modified file 'firewall/firewall_control.h'
254--- firewall/firewall_control.h 2010-10-15 15:29:14 +0000
255+++ firewall/firewall_control.h 2011-11-02 14:51:25 +0000
256@@ -1,5 +1,5 @@
257 /*
258- * Copyright (c) 2010 Aalto University and RWTH Aachen University.
259+ * Copyright (c) 2010-2011 Aalto University and RWTH Aachen University.
260 *
261 * Permission is hereby granted, free of charge, to any person
262 * obtaining a copy of this software and associated documentation
263@@ -28,6 +28,6 @@
264
265 #include "lib/core/protodefs.h"
266
267-int hip_handle_msg(struct hip_common *msg);
268+int hip_handle_msg(struct hip_common *msg, struct sockaddr *addr);
269
270 #endif /* HIP_FIREWALL_FIREWALL_CONTROL_H */
271
272=== modified file 'hipd/init.c'
273--- hipd/init.c 2011-10-30 11:54:44 +0000
274+++ hipd/init.c 2011-11-02 14:51:25 +0000
275@@ -164,7 +164,7 @@
276 }
277
278 #define HIPL_CONFIG_FILE_EX \
279- "# Format of this file is as with hipconf, but without hipconf prefix\n\
280+ "# Format of this file is as with hipconf, but without \"hipconf daemon\" prefix\n\
281 # add hi default # add all four HITs (see bug id 592127)\n\
282 # add map HIT IP # preload some HIT-to-IP mappings to hipd\n\
283 # add service rvs # the host acts as HIP rendezvous (see also HIPL_SYSCONFDIR/relay_config)\n\
284
285=== modified file 'lib/core/conf.c'
286--- lib/core/conf.c 2011-10-31 17:38:04 +0000
287+++ lib/core/conf.c 2011-11-02 14:51:25 +0000
288@@ -181,6 +181,11 @@
289 /* #define TYPE_RELAY 22 */
290
291 /**
292+ * The daemon process to be configured by the conf command.
293+ */
294+enum daemon_name daemon_name;
295+
296+/**
297 * A help string containing the usage of @c hipconf and also
298 * @c HIPL_SYSCONFDIR/hipd_config.
299 *
300@@ -188,6 +193,9 @@
301 * for the action.
302 */
303 const char *hipconf_usage =
304+ HIPCONF_HIPD_KEYWORD
305+ " <command>\n\n"
306+ "HIP daemon commands:\n"
307 "add map <hit> <ip> [lsi]\n"
308 "get map <hit | lsi>\n"
309 "del hi <hit> | all\n"
310@@ -226,6 +234,51 @@
311 ;
312
313 /**
314+ * A help string containing the usage of @c hipfwconf.
315+ *
316+ * @note If you added a new action, do not forget to add a brief usage below
317+ * for the action.
318+ */
319+const char *hipfwconf_usage =
320+ HIPCONF_HIPFW_KEYWORD
321+ " <command>\n\n"
322+ "HIP firewall commands:\n"
323+ "get ha <hit> | all\n";
324+
325+/**
326+ * Send a message to hipd or hipfw and optionally receive an answer.
327+ *
328+ * @param msg The message to be sent. The respective answer will be stored
329+ * here as well.
330+ * @param send_only 1 if no response from hipd should be requested.
331+ * 0 if it should block until a response from hipd is received.
332+ * This option has no effect when sending messages to hipfw.
333+ *
334+ * @return 0 on success
335+ * -1 on error
336+ */
337+static int send_receive_message(struct hip_common *msg,
338+ const int send_only)
339+{
340+ if (daemon_name == HIP_DAEMON) {
341+ if (hip_send_recv_daemon_info(msg, send_only, 0)) {
342+ HIP_ERROR("Failed to send user message to the HIP daemon.\n");
343+ return -1;
344+ }
345+ } else if (daemon_name == HIP_FIREWALL) {
346+ if (hip_send_recv_firewall_info(msg)) {
347+ HIP_ERROR("Failed to send user message to the HIP firewall.\n");
348+ return -1;
349+ }
350+ } else {
351+ HIP_ERROR("Destination daemon process unknown.\n");
352+ return -1;
353+ }
354+
355+ return 0;
356+}
357+
358+/**
359 * Query hipd for the HITs of the local host
360 *
361 * @param msg input/output message for the query/response for hipd
362@@ -510,6 +563,25 @@
363 /* Non-static functions -> global scope */
364
365 /**
366+ * Map daemon / firewall keyboard to its respective enum.
367+ *
368+ * @param argv an array of strings (command line args to hipconf)
369+ * @return HIP_DAEMON in case of hipd keyword
370+ * HIP_FIREWALL in case of hipfw keyword
371+ * UNKNOWN_KEYWORD else
372+ */
373+static int conf_get_process(const char *argv[])
374+{
375+ if (!strcmp(HIPCONF_HIPD_KEYWORD, argv[1])) {
376+ return HIP_DAEMON;
377+ } else if (!strcmp(HIPCONF_HIPFW_KEYWORD, argv[1])) {
378+ return HIP_FIREWALL;
379+ }
380+
381+ return UNKNOWN_KEYWORD;
382+}
383+
384+/**
385 * Map a symbolic hipconf action (=add/del) into a number
386 *
387 * @param argv an array of strings (command line args to hipconf)
388@@ -526,61 +598,61 @@
389 {
390 int ret = -1;
391
392- if (!strcmp("add", argv[1])) {
393+ if (!strcmp("add", argv[2])) {
394 ret = ACTION_ADD;
395- } else if (!strcmp("del", argv[1])) {
396+ } else if (!strcmp("del", argv[2])) {
397 ret = ACTION_DEL;
398- } else if (!strcmp("new", argv[1])) {
399+ } else if (!strcmp("new", argv[2])) {
400 ret = ACTION_NEW;
401- } else if (!strcmp("get", argv[1])) {
402+ } else if (!strcmp("get", argv[2])) {
403 ret = ACTION_GET;
404- } else if (!strcmp("set", argv[1])) {
405+ } else if (!strcmp("set", argv[2])) {
406 ret = ACTION_SET;
407- } else if (!strcmp("inc", argv[1])) {
408+ } else if (!strcmp("inc", argv[2])) {
409 ret = ACTION_INC;
410- } else if (!strcmp("dec", argv[1])) {
411+ } else if (!strcmp("dec", argv[2])) {
412 ret = ACTION_DEC;
413- } else if (!strcmp("rst", argv[1])) {
414+ } else if (!strcmp("rst", argv[2])) {
415 ret = ACTION_RST;
416- } else if (!strcmp("run", argv[1])) {
417+ } else if (!strcmp("run", argv[2])) {
418 ret = ACTION_RUN;
419- } else if (!strcmp("load", argv[1])) {
420+ } else if (!strcmp("load", argv[2])) {
421 ret = ACTION_LOAD;
422- } else if (!strcmp("heartbeat", argv[1])) {
423+ } else if (!strcmp("heartbeat", argv[2])) {
424 ret = ACTION_HEARTBEAT;
425- } else if (!strcmp("locator", argv[1])) {
426+ } else if (!strcmp("locator", argv[2])) {
427 ret = ACTION_LOCATOR;
428- } else if (!strcmp("debug", argv[1])) {
429+ } else if (!strcmp("debug", argv[2])) {
430 ret = ACTION_DEBUG;
431- } else if (!strcmp("transform", argv[1])) {
432+ } else if (!strcmp("transform", argv[2])) {
433 ret = ACTION_TRANSORDER;
434- } else if (!strcmp("reinit", argv[1])) {
435+ } else if (!strcmp("reinit", argv[2])) {
436 ret = ACTION_REINIT;
437- } else if (!strcmp("manual-update", argv[1])) {
438+ } else if (!strcmp("manual-update", argv[2])) {
439 ret = ACTION_MANUAL_UPDATE;
440- } else if (!strcmp("hit-to-lsi", argv[1])) {
441+ } else if (!strcmp("hit-to-lsi", argv[2])) {
442 ret = ACTION_HIT_TO_LSI;
443- } else if (!strcmp("nsupdate", argv[1])) {
444+ } else if (!strcmp("nsupdate", argv[2])) {
445 ret = ACTION_NSUPDATE;
446- } else if (!strcmp("hit-to-ip-set", argv[1])) {
447+ } else if (!strcmp("hit-to-ip-set", argv[2])) {
448 ret = ACTION_HIT_TO_IP_SET;
449- } else if (!strcmp("hit-to-ip", argv[1])) {
450+ } else if (!strcmp("hit-to-ip", argv[2])) {
451 ret = ACTION_HIT_TO_IP;
452- } else if (!strcmp("shotgun", argv[1])) {
453+ } else if (!strcmp("shotgun", argv[2])) {
454 ret = ACTION_SHOTGUN;
455- } else if (!strcmp("lsi-to-hit", argv[1])) {
456+ } else if (!strcmp("lsi-to-hit", argv[2])) {
457 ret = ACTION_LSI_TO_HIT;
458- } else if (!strcmp("nat", argv[1])) {
459- if (!strcmp("port", argv[2])) {
460- if (!strcmp("local", argv[3])) {
461+ } else if (!strcmp("nat", argv[2])) {
462+ if (!strcmp("port", argv[3])) {
463+ if (!strcmp("local", argv[4])) {
464 ret = ACTION_NAT_LOCAL_PORT;
465- } else if (!strcmp("peer", argv[3])) {
466+ } else if (!strcmp("peer", argv[4])) {
467 ret = ACTION_NAT_PEER_PORT;
468 }
469 } else {
470 ret = ACTION_NAT;
471 }
472- } else if (!strcmp("broadcast", argv[1])) {
473+ } else if (!strcmp("broadcast", argv[2])) {
474 ret = ACTION_BROADCAST;
475 }
476
477@@ -670,45 +742,45 @@
478 ret = TYPE_HA;
479 } else if (!strcmp("shotgun", text)) {
480 ret = TYPE_SHOTGUN;
481- } else if ((!strcmp("all", text)) && (strcmp("rst", argv[1]) == 0)) {
482- ret = TYPE_RST;
483- } else if ((!strcmp("peer_hit", text)) && (strcmp("rst", argv[1]) == 0)) {
484- ret = TYPE_RST;
485- } else if (strcmp("nat", argv[1]) == 0) {
486- if (argv[2] && strcmp("port", argv[2]) == 0) {
487- if (argv[3] && strcmp("local", argv[3]) == 0) {
488+ } else if ((!strcmp("all", text)) && (strcmp("rst", argv[2]) == 0)) {
489+ ret = TYPE_RST;
490+ } else if ((!strcmp("peer_hit", text)) && (strcmp("rst", argv[2]) == 0)) {
491+ ret = TYPE_RST;
492+ } else if (strcmp("nat", argv[2]) == 0) {
493+ if (argv[3] && strcmp("port", argv[3]) == 0) {
494+ if (argv[4] && strcmp("local", argv[4]) == 0) {
495 ret = TYPE_NAT_LOCAL_PORT;
496- } else if (argv[3] && strcmp("peer", argv[3]) == 0) {
497+ } else if (argv[4] && strcmp("peer", argv[4]) == 0) {
498 ret = TYPE_NAT_PEER_PORT;
499 }
500 } else {
501 ret = TYPE_NAT;
502 }
503- } else if (strcmp("locator", argv[1]) == 0) {
504+ } else if (strcmp("locator", argv[2]) == 0) {
505 ret = TYPE_LOCATOR;
506 } else if (!strcmp("debug", text)) {
507 ret = TYPE_DEBUG;
508 } else if (!strcmp("order", text)) {
509 ret = TYPE_ORDER;
510- } else if (strcmp("heartbeat", argv[1]) == 0) {
511+ } else if (strcmp("heartbeat", argv[2]) == 0) {
512 ret = TYPE_HEARTBEAT;
513 } else if (!strcmp("ttl", text)) {
514 ret = TYPE_TTL;
515 } else if (!strcmp("config", text)) {
516 ret = TYPE_CONFIG;
517- } else if (strcmp("manual-update", argv[1]) == 0) {
518+ } else if (strcmp("manual-update", argv[2]) == 0) {
519 ret = TYPE_MANUAL_UPDATE;
520- } else if (strcmp("hit-to-lsi", argv[1]) == 0) {
521+ } else if (strcmp("hit-to-lsi", argv[2]) == 0) {
522 ret = TYPE_HIT_TO_LSI;
523- } else if (strcmp("nsupdate", argv[1]) == 0) {
524+ } else if (strcmp("nsupdate", argv[2]) == 0) {
525 ret = TYPE_NSUPDATE;
526- } else if (strcmp("hit-to-ip-set", argv[1]) == 0) {
527+ } else if (strcmp("hit-to-ip-set", argv[2]) == 0) {
528 ret = TYPE_HIT_TO_IP_SET;
529- } else if (strcmp("hit-to-ip", argv[1]) == 0) {
530+ } else if (strcmp("hit-to-ip", argv[2]) == 0) {
531 ret = TYPE_HIT_TO_IP;
532- } else if (strcmp("lsi-to-hit", argv[1]) == 0) {
533+ } else if (strcmp("lsi-to-hit", argv[2]) == 0) {
534 ret = TYPE_LSI_TO_HIT;
535- } else if (strcmp("broadcast", argv[1]) == 0) {
536+ } else if (strcmp("broadcast", argv[2]) == 0) {
537 ret = TYPE_BROADCAST;
538 } else {
539 HIP_DEBUG("ERROR: NO MATCHES FOUND \n");
540@@ -725,7 +797,7 @@
541 * here in the switch(action) block.
542 * @param action integer value for an action
543 * @return an index for argv[], which indicates the type argument.
544- * Usually either 1 or 2.
545+ * Usually either 2 or 3.
546 */
547 static int conf_get_type_arg(int action)
548 {
549@@ -753,15 +825,15 @@
550 case ACTION_HIT_TO_IP:
551 case ACTION_HIT_TO_IP_SET:
552 case ACTION_BROADCAST:
553+ type_arg = 3;
554+ break;
555+ case ACTION_MANUAL_UPDATE:
556+ case ACTION_HIT_TO_LSI:
557+ case ACTION_LSI_TO_HIT:
558+ case ACTION_DEBUG:
559+ case ACTION_SHOTGUN:
560 type_arg = 2;
561 break;
562- case ACTION_MANUAL_UPDATE:
563- case ACTION_HIT_TO_LSI:
564- case ACTION_LSI_TO_HIT:
565- case ACTION_DEBUG:
566- case ACTION_SHOTGUN:
567- type_arg = 1;
568- break;
569 default:
570 break;
571 }
572@@ -2042,10 +2114,10 @@
573 HIP_IFEL(optc > 1, -1, "Too many arguments\n");
574
575 HIP_IFEL(hip_build_user_hdr(msg, HIP_MSG_GET_HA_INFO, 0), -1,
576- "Building of daemon header failed\n");
577+ "Building of user msg header failed\n");
578
579- HIP_IFEL(hip_send_recv_daemon_info(msg, send_only, 0), -1,
580- "send recv daemon info\n");
581+ HIP_IFEL(send_receive_message(msg, send_only), -1,
582+ "send recv info\n");
583
584 while ((current_param = hip_get_next_param(msg, current_param))) {
585 ha = hip_get_param_contents_direct(current_param);
586@@ -2313,8 +2385,9 @@
587 *comment = '\0';
588 }
589
590- /* prefix the contents of the line with" hipconf" */
591- res_len = sprintf(str, "hipconf %s", c);
592+ /* prefix the contents of the line with" hipconf HIPCONF_HIPD_KEYWORD"
593+ * Only hipd parses config files as hipconf commands, hardcode it as target */
594+ res_len = sprintf(str, "hipconf %s %s", HIPCONF_HIPD_KEYWORD, c);
595 if (str[res_len] == '\n') {
596 str[res_len] = '\0';
597 }
598@@ -2327,7 +2400,6 @@
599 args[i++] = token;
600 token = strtok(NULL, " \t");
601 }
602-
603 err = hip_do_hipconf(i, args, 1);
604 if (err) {
605 HIP_ERROR("Error on the following line: %s\n", line);
606@@ -2451,9 +2523,18 @@
607 struct hip_common *msg = NULL;
608
609 /* Check that we have at least one command line argument. */
610- if (argc < 2) {
611- HIP_ERROR("Invalid arguments.\n\n%s usage:\n%s\n",
612- argv[0], hipconf_usage);
613+ if (argc < 3) {
614+ HIP_ERROR("Invalid arguments.\nUsage to communicate with HIP daemon:\n %s %s\n"
615+ "\nUsage to communicate with HIP firewall:\n %s %s\n",
616+ argv[0], hipconf_usage, argv[0], hipfwconf_usage);
617+ return -1;
618+ }
619+
620+ /* set context for this conf command */
621+ daemon_name = conf_get_process(argv);
622+ if (daemon_name == UNKNOWN_KEYWORD) {
623+ HIP_ERROR("Invalid target process argument '%s'. Expected '%s' or '%s'.\n",
624+ argv[1], HIPCONF_HIPD_KEYWORD, HIPCONF_HIPFW_KEYWORD);
625 return -1;
626 }
627
628@@ -2461,14 +2542,14 @@
629 action = conf_get_action(argv);
630
631 if (action == -1) {
632- HIP_ERROR("Invalid action argument '%s'\n", argv[1]);
633+ HIP_ERROR("Invalid action argument '%s'\n", argv[2]);
634 return -1;
635 }
636
637 /* Check that we have at least the minimum number of arguments
638 * for the given action. */
639- if (argc < conf_check_action_argc(action) + 2) {
640- HIP_ERROR("Not enough arguments given for the action '%s'\n", argv[1]);
641+ if (argc < conf_check_action_argc(action) + 3) {
642+ HIP_ERROR("Not enough arguments given for the action '%s'\n", argv[2]);
643 return -1;
644 }
645
646@@ -2496,14 +2577,14 @@
647 /* Call handler function from the handler function pointer
648 * array at index "type" with given commandline arguments.
649 * The functions build a hip_common message. */
650- if (argc == 3) {
651- err = (*action_handler[type])(msg, action, &argv[2], argc - 3, send_only);
652+ if (argc == 4) {
653+ err = (*action_handler[type])(msg, action, &argv[3], argc - 4, send_only);
654 } else {
655- err = (*action_handler[type])(msg, action, &argv[3], argc - 3, send_only);
656+ err = (*action_handler[type])(msg, action, &argv[4], argc - 4, send_only);
657 }
658
659 if (err != 0) {
660- HIP_ERROR("Failed to send a message to the HIP daemon.\n");
661+ HIP_ERROR("Failed to send user message.\n");
662 goto out_err;
663 }
664
665@@ -2512,9 +2593,7 @@
666 goto out_err;
667 }
668
669- /* Send message to hipd */
670- HIP_IFEL(hip_send_recv_daemon_info(msg, send_only, 0), -1,
671- "Failed to send user message to the HIP daemon.\n");
672+ send_receive_message(msg, send_only);
673
674 HIP_INFO("User message was sent successfully to the HIP daemon.\n");
675
676
677=== modified file 'lib/core/conf.h'
678--- lib/core/conf.h 2011-08-15 14:11:56 +0000
679+++ lib/core/conf.h 2011-11-02 14:51:25 +0000
680@@ -54,6 +54,11 @@
681 #define ACTION_ADD 1
682 #define ACTION_NEW 3
683
684+enum daemon_name { HIP_DAEMON, HIP_FIREWALL, UNKNOWN_KEYWORD };
685+/* keywords used to identify hipd / hipfw as target of hipconf command */
686+#define HIPCONF_HIPD_KEYWORD "daemon"
687+#define HIPCONF_HIPFW_KEYWORD "firewall"
688+
689 int hip_handle_exec_app(int fork, int type, int argc,
690 const char *const argv[]);
691 int hip_do_hipconf(int argc, const char *argv[], int send_only);
692
693=== modified file 'lib/core/message.c'
694--- lib/core/message.c 2011-10-25 21:44:47 +0000
695+++ lib/core/message.c 2011-11-02 14:51:25 +0000
696@@ -86,6 +86,7 @@
697 #include <sys/time.h>
698 #include <sys/types.h>
699
700+#include "lib/core/conf.h"
701 #include "lib/tool/nlink.h"
702 #include "builder.h"
703 #include "common.h"
704@@ -178,6 +179,30 @@
705 }
706
707 /**
708+ * Connect a socket to the loopback address of hipd or hipfw.
709+ *
710+ * @param hip_user_sock The socket to connect.
711+ * @param port The port to connect.
712+ * @return zero on success and negative on failure
713+ * @note currently only SOCK_DGRAM and AF_INET6 are supported
714+ */
715+static int hip_connect(int hip_user_sock, int port)
716+{
717+ struct sockaddr_in6 addr = { 0 };
718+
719+ addr.sin6_family = AF_INET6;
720+ addr.sin6_port = htons(port);
721+ addr.sin6_addr = in6addr_loopback;
722+
723+ if (connect(hip_user_sock, (struct sockaddr *) &addr, sizeof(addr))) {
724+ HIP_ERROR("connection failed: %s\n", strerror(errno));
725+ return -1;
726+ }
727+
728+ return 0;
729+}
730+
731+/**
732 * Connect a socket to the loop back address of hipd
733 *
734 * @param hip_user_sock The socket to connect. Currently only SOCK_DGRAM
735@@ -187,21 +212,7 @@
736 */
737 int hip_daemon_connect(int hip_user_sock)
738 {
739- int err = 0;
740- struct sockaddr_in6 daemon_addr = { 0 };
741- // We're using system call here add thus resetting errno.
742- errno = 0;
743-
744- daemon_addr.sin6_family = AF_INET6;
745- daemon_addr.sin6_port = htons(HIP_DAEMON_LOCAL_PORT);
746- daemon_addr.sin6_addr = in6addr_loopback;
747-
748- HIP_IFEL(connect(hip_user_sock, (struct sockaddr *) &daemon_addr,
749- sizeof(daemon_addr)), -1, "connection to daemon failed\n");
750-
751-out_err:
752-
753- return err;
754+ return hip_connect(hip_user_sock, HIP_DAEMON_LOCAL_PORT);
755 }
756
757 /**
758@@ -319,23 +330,30 @@
759 #define EHIP 500
760
761 /**
762- * Send and receive data with hipd. Do not call this function directly, use
763- * hip_send_recv_daemon_info instead!
764+ * Send and receive data with hipd or hipfw. Do not call this function directly,
765+ * use hip_send_recv_daemon_info or hip_send_recv_firewall_info instead!
766 *
767- * @param msg the message to send to hipd
768+ * @param msg The message to send to hipd or hipfw
769 * @param opt_socket Optional socket to use for the message exchange. When
770 * set to zero, the function creates a temporary socket
771 * and closes it after the transaction is completed.
772+ * @param port The port to send the message to.
773 * @return zero on success and negative on failure
774 * @note currently only SOCK_DGRAM and AF_INET6 are supported
775 */
776-static int send_recv_daemon_info_internal(struct hip_common *msg,
777- int opt_socket)
778+static int send_recv_info_internal(struct hip_common *msg, int opt_socket, int port)
779 {
780 int hip_user_sock = 0, err = 0, n = 0, len = 0;
781 struct sockaddr_in6 addr = { 0 };
782 uint8_t msg_type_old, msg_type_new;
783+ const char *receiver;
784
785+ /* determine receiver to print correct debug / error messages */
786+ if (port == HIP_FIREWALL_PORT) {
787+ receiver = HIPCONF_HIPFW_KEYWORD;
788+ } else {
789+ receiver = HIPCONF_HIPD_KEYWORD;
790+ }
791 msg_type_old = hip_get_msg_type(msg);
792
793 // We're using system call here and thus resetting errno.
794@@ -354,9 +372,9 @@
795 HIP_IFEL(daemon_bind_socket(hip_user_sock,
796 (struct sockaddr *) &addr), -1,
797 "bind failed\n");
798- /* Connect to hipd. Otherwise e.g. "hipconf get ha all"
799+ /* Connect to hipd or hipfw. Otherwise e.g. "hipconf daemon get ha all"
800 * blocks when hipd is not running. */
801- HIP_IFEL(hip_daemon_connect(hip_user_sock), -1,
802+ HIP_IFEL(hip_connect(hip_user_sock, port), -1,
803 "connect failed\n");
804 }
805
806@@ -368,14 +386,18 @@
807 /* Require a response from hipd */
808 hip_set_msg_response(msg, 1);
809
810- n = sendto_hipd(hip_user_sock, msg, len);
811+ if (port == HIP_FIREWALL_PORT) {
812+ n = send(hip_user_sock, msg, len, 0);
813+ } else {
814+ n = sendto_hipd(hip_user_sock, msg, len);
815+ }
816 if (n < len) {
817- HIP_ERROR("Could not send message to daemon.\n");
818+ HIP_ERROR("Could not send message to %s.\n", receiver);
819 err = -ECOMM;
820 goto out_err;
821 }
822
823- HIP_DEBUG("Waiting to receive daemon info.\n");
824+ HIP_DEBUG("Waiting to receive %s info.\n", receiver);
825
826 if ((len = peek_recv_total_len(hip_user_sock, 0, HIP_DEFAULT_MSG_TIMEOUT)) < 0) {
827 err = len;
828@@ -390,14 +412,14 @@
829 "Message sync problem. Expected %d, got %d\n",
830 msg_type_old, msg_type_new);
831
832- HIP_DEBUG("%d bytes received from HIP daemon\n", n);
833+ HIP_DEBUG("%d bytes received from HIP %s.\n", n, receiver);
834
835 if (n == 0) {
836- HIP_INFO("The HIP daemon has performed an orderly shutdown.\n");
837+ HIP_INFO("The HIP %s has performed an orderly shutdown.\n", receiver);
838 // Note. This is not an error condition, thus we return zero.
839 goto out_err;
840 } else if (n < (int) sizeof(struct hip_common)) {
841- HIP_ERROR("Could not receive message from daemon.\n");
842+ HIP_ERROR("Could not receive message from %s.\n", receiver);
843 goto out_err;
844 }
845
846@@ -442,7 +464,7 @@
847 struct sockaddr_in6 addr = { 0 };
848
849 if (!send_only) {
850- return send_recv_daemon_info_internal(msg, opt_socket);
851+ return send_recv_info_internal(msg, opt_socket, HIP_DAEMON_LOCAL_PORT);
852 }
853
854 if (opt_socket) {
855@@ -479,6 +501,21 @@
856 }
857
858 /**
859+ * A generic function to send messages to hipfw with subsequent reply. This will
860+ * block the process until the hipfw sends the response or a predefined timeout
861+ * is exceeded.
862+ *
863+ * @param msg An input/output parameter. As input, contains the
864+ * message to be sent to hipfw. As output, hipfw response
865+ * will be written here.
866+ * @return zero on success and negative on failure.
867+ */
868+int hip_send_recv_firewall_info(struct hip_common *const msg)
869+{
870+ return send_recv_info_internal(msg, 0, HIP_FIREWALL_PORT);
871+}
872+
873+/**
874 * Read an interprocess (user) message
875 *
876 * @param sockfd a socket from where to read
877
878=== modified file 'lib/core/message.h'
879--- lib/core/message.h 2011-08-15 14:11:56 +0000
880+++ lib/core/message.h 2011-11-02 14:51:25 +0000
881@@ -46,5 +46,6 @@
882 int hip_send_recv_daemon_info(struct hip_common *msg,
883 int send_only,
884 int opt_socket);
885+int hip_send_recv_firewall_info(struct hip_common *const msg);
886
887 #endif /* HIP_LIB_CORE_MESSAGE_H */

Subscribers

People subscribed via source and target branches

to all changes: