Status: | Merged |
---|---|
Merged at revision: | 6121 |
Proposed branch: | lp:~martin-lp/hipl/hipfwconf |
Merge into: | lp:hipl |
Diff against target: |
1465 lines (+419/-198) 19 files modified
doc/HOWTO.xml.in (+50/-50) firewall/cache.c (+1/-1) firewall/conntrack.c (+54/-1) firewall/conntrack.h (+2/-0) firewall/firewall.c (+32/-17) firewall/firewall.h (+3/-1) firewall/firewall_control.c (+30/-3) firewall/firewall_control.h (+2/-2) hipd/init.c (+2/-2) hipd/nat.c (+1/-1) hipd/registration.c (+1/-1) lib/core/conf.c (+161/-81) lib/core/conf.h (+4/-0) lib/core/hostid.c (+1/-1) lib/core/message.c (+69/-32) lib/core/message.h (+1/-0) lib/tool/nlink.c (+1/-1) tools/hipconf.c (+1/-1) tools/hipdnsproxy/hipdnsproxy.in (+3/-3) |
To merge this branch: | bzr merge lp:~martin-lp/hipl/hipfwconf |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Diego Biurrun | Approve | ||
Miika Komu | Pending | ||
René Hummen | Pending | ||
Review via email: mp+81612@code.launchpad.net |
This proposal supersedes a proposal from 2011-11-08.
Commit message
Description of the change
This branch introduces changes to get the currently active connection from the firewall.
This is a resubmitted merge proposal:
instead of using a separate binary option 1 of the previous discussion is implemented:
> 1) add an extra keyword to the hipconf command line: hipconf (daemon | firewall) COMMAND
Changes since last proposal:
Addressed Diegos 'needs fixing' comments.
-> move enum daemon_name into conf.c and make conf_get_process() const-correct.
Summed up changes since the last proposal (revision 6116ff.):
Keywords to address hipd / hipfw are daemon and firewall and defined in lib/core/conf.h.
The hipconf help print has been updated.
Config file syntax does not have to be changed as only hipd parses configs via hipconf and the daemon
keyword is hardcoded.
From what I've tested everything works as before.
Miika Komu (miika-iki) wrote : Posted in a previous version of this proposal | # |
Diego Biurrun (diego-biurrun) wrote : Posted in a previous version of this proposal | # |
On Mon, Oct 24, 2011 at 03:49:25PM +0000, Miika Komu wrote:
> Review: Needs Information
>
> Why separate binary just for configuring hipfw? Why this can't be embedded into hipconf?
Seconded. I'm terribly suspicious of this whole hipconf thing and
whether or not it is a good idea. IIUC authentication is nonexistent
and it's not clear to me what the advantage to rereading a config
file is.
Diego
Miika Komu (miika-iki) wrote : Posted in a previous version of this proposal | # |
Another benefit of merged functionality is to allow reading of static information from /etc/hip/
René Hummen (rene-hummen) wrote : Posted in a previous version of this proposal | # |
On 24.10.2011, at 17:49, Miika Komu wrote:
> Why separate binary just for configuring hipfw? Why this can't be embedded into hipconf?
There are three ways to implement this functionality:
1) add an extra keyword to the hipconf command line: hipconf (daemon | firewall) COMMAND
2) add firewall queries as command parameter: hipconf get firewall-ha
3) implement as separate binary using libcore.
(1) would require some changes to hipconf command line parsing and would render the old user API broken. Furthermore, it would require an even longer parameter list for getting specific information. For these reasons, I would not want to implement this option.
(2) is somewhat inconsistent with the current syntax, but I would be fine with that. Only minor changes to the current proposal would be required.
(3) doesn't break the user API and clearly separates hipd configuration from hipfw status querying. This is my preferred option.
Opinions and other proposals are welcome.
Ciao,
René
--
Dipl.-Inform. Rene Hummen, Ph.D. Student
Chair of Communication and Distributed Systems
RWTH Aachen University, Germany
tel: +49 241 80 20772
web: http://
René Hummen (rene-hummen) wrote : Posted in a previous version of this proposal | # |
Forgot to include launchpad.
Begin forwarded message:
> From: René Hummen <email address hidden>
> Date: 27. Oktober 2011 15:41:06 MESZ
> To: <email address hidden>
> Subject: Re: [hipl-dev] Re: [Merge] lp:~martin-lp/hipl/hipfwconf into lp:hipl
>
> On 24.10.2011, at 19:27, Diego Biurrun wrote:
>> On Mon, Oct 24, 2011 at 03:49:25PM +0000, Miika Komu wrote:
>>> Review: Needs Information
>>>
>>> Why separate binary just for configuring hipfw? Why this can't be embedded into hipconf?
>>
>> Seconded. I'm terribly suspicious of this whole hipconf thing and
>> whether or not it is a good idea. IIUC authentication is nonexistent
>> and it's not clear to me what the advantage to rereading a config
>> file is.
>
> The issue of having one or multiple binaries aside, I think hipconf should rather be a hipstatus tool. I.e., hipd and hipfw should be configured via config files (with reload functionality) and the the current run-time status should be requestable via hipstatus. However, this is not as it's done in HIPL at the moment. Instead, reading the config file mimics calls to hipconf in order to set up the hipd. hipfwconf, on the other hand, only provides status information.
>
> Do I see volunteers who are willing to fix this hipconf-based configuration issue? :)
>
> Ciao,
> René
--
Dipl.-Inform. Rene Hummen, Ph.D. Student
Chair of Communication and Distributed Systems
RWTH Aachen University, Germany
tel: +49 241 80 20772
web: http://
René Hummen (rene-hummen) wrote : Posted in a previous version of this proposal | # |
On 25.10.2011, at 09:42, Miika Komu wrote:
> Another benefit of merged functionality is to allow reading of static information from /etc/hip/
I don't see your point here. Can you please explain. By the way, hipfwconf wraps around libcore the same way hipconf does.
--
Dipl.-Inform. Rene Hummen, Ph.D. Student
Chair of Communication and Distributed Systems
RWTH Aachen University, Germany
tel: +49 241 80 20772
web: http://
Miika Komu (miika-iki) wrote : Posted in a previous version of this proposal | # |
> IIUC authentication is nonexistent
This a fallacy, it does have authentication. Critical functions are allowed only for root.
> and it's not clear to me what the advantage to rereading a config
> file is.
Obviously, changing of parameters during run time.
Miika Komu (miika-iki) wrote : Posted in a previous version of this proposal | # |
> On 25.10.2011, at 09:42, Miika Komu wrote:
> > Another benefit of merged functionality is to allow reading of static
> information from /etc/hip/
>
> I don't see your point here. Can you please explain. By the way, hipfwconf
> wraps around libcore the same way hipconf does.
You mean that you can set hipfwconf parameters from /etc/hip/
Miika Komu (miika-iki) wrote : Posted in a previous version of this proposal | # |
> On 24.10.2011, at 17:49, Miika Komu wrote:
> > Why separate binary just for configuring hipfw? Why this can't be embedded
> into hipconf?
>
> There are three ways to implement this functionality:
> 1) add an extra keyword to the hipconf command line: hipconf (daemon |
> firewall) COMMAND
> 2) add firewall queries as command parameter: hipconf get firewall-ha
Either of these would work for me. Probably 1 is a bit cleaner.
> 3) implement as separate binary using libcore.
I'll counterargument against this below.
> (1) would require some changes to hipconf command line parsing and would
> render the old user API broken. Furthermore, it would require an even longer
> parameter list for getting specific information. For these reasons, I would
> not want to implement this option.
Who cares if the API is changes, really? By breaking, you mean /etc/hip/
> (2) is somewhat inconsistent with the current syntax, but I would be fine with
> that. Only minor changes to the current proposal would be required.
I would be fine with this.
> (3) doesn't break the user API and clearly separates hipd configuration from
> hipfw status querying. This is my preferred option.
Proposal 3 also fragments the HIP administrative interface into two. You suggest that we'll have one read-only interface and another writeable. I believe in a more unified interface and I fail see why we should disperse. It doesn't sound very responsible to say something is bad, but leave it as it is and switch to new tool?
What do you mean by "hipconf-based configuration issue"?
Diego Biurrun (diego-biurrun) wrote : Posted in a previous version of this proposal | # |
On Thu, Oct 27, 2011 at 01:31:29PM +0000, René Hummen wrote:
> On 24.10.2011, at 17:49, Miika Komu wrote:
> > Why separate binary just for configuring hipfw? Why this can't be embedded into hipconf?
>
> There are three ways to implement this functionality:
> 1) add an extra keyword to the hipconf command line: hipconf (daemon | firewall) COMMAND
> 2) add firewall queries as command parameter: hipconf get firewall-ha
> 3) implement as separate binary using libcore.
>
> (1) would require some changes to hipconf command line parsing and
> would render the old user API broken. Furthermore, it would require an
> even longer parameter list for getting specific information. For these
> reasons, I would not want to implement this option.
alias hipdconf="hipconf daemon"
alias hipfwconf="hipconf firewall"
Diego
Diego Biurrun (diego-biurrun) wrote : Posted in a previous version of this proposal | # |
review needs-fixing
On Mon, Oct 31, 2011 at 06:22:27PM +0000, David Martin wrote:
>
> --- Makefile.am 2011-10-17 18:14:10 +0000
> +++ Makefile.am 2011-10-31 18:21:26 +0000
> @@ -90,8 +90,8 @@
>
> -tools_
> -tools_
> +tools_
> +tools_
unrelated
Diego
Miika Komu (miika-iki) wrote : Posted in a previous version of this proposal | # |
hip_send_
hip_send_
lib/core/
Also, I would like to hear a test report with some existing hipconf options to understand that legacy support still works. For example, try the following:
* hipconf add map HIT IP
* hipconf get ha all
* hipconf rst all
<wait few secs>
* hipconf nat none
* hipconf add map HIT IP
* hipconf get ha all
* hipconf rst all
<wait few secs>
* hipconf nat plain-udp
* hipconf add map HIT IP
* hipconf get ha all
* hipconf rst all
<wait few secs>
* hipconf nat port 1111
* hipconf add map HIT IP
* hipconf get ha all
* hipconf rst all
Does it do what expected?
Other than this, I am satisfied with this commit.
David Martin (martin-lp) wrote : Posted in a previous version of this proposal | # |
Hi,
On Mon, Oct 31, 2011 at 9:58 PM, Diego Biurrun <email address hidden> wrote:
> On Mon, Oct 31, 2011 at 06:22:27PM +0000, David Martin wrote:
>> --- Makefile.am 2011-10-17 18:14:10 +0000
>> +++ Makefile.am 2011-10-31 18:21:26 +0000
>> @@ -90,8 +90,8 @@
>>
>> -tools_
>> -tools_
>> +tools_
>> +tools_
>
> unrelated
That's not really unrelated but unintended. Forgot to reindent after removing the hipfwconf line. Fixed now.
David Martin (martin-lp) wrote : Posted in a previous version of this proposal | # |
Hi,
On Wed, Nov 2, 2011 at 8:32 AM, Miika Komu <email address hidden> wrote:
> Review: Needs Fixing
>
> hip_send_
You are right, that has been some pretty evil piece of copy-paste. Fixed this in revision 6121.
> The same goes for hip_send_
What exactly do you mean?
> lib/core/
I changed it where hipconf_usage was used but this may have not been clear enough.
I've fixed it in revision 6122. Should be better now.
> Also, I would like to hear a test report with some existing hipconf options to understand that legacy support still works. For example, try the following:
>
> * hipconf add map HIT IP
> * hipconf get ha all
> * hipconf rst all
>
> <wait few secs>
>
> * hipconf nat none
> * hipconf add map HIT IP
> * hipconf get ha all
> * hipconf rst all
>
> <wait few secs>
>
> * hipconf nat plain-udp
> * hipconf add map HIT IP
> * hipconf get ha all
> * hipconf rst all
>
> <wait few secs>
>
> * hipconf nat port 1111
> * hipconf add map HIT IP
> * hipconf get ha all
> * hipconf rst all
>
> Does it do what expected?
Did not test that yet but I'll have a look into it and report back.
Miika Komu (miika-iki) wrote : Posted in a previous version of this proposal | # |
Hi,
On 11/02/2011 01:04 PM, David Martin wrote:
>> The same goes for hip_send_
> What exactly do you mean?
the functions offer very similar functionality (copy paste).
David Martin (martin-lp) wrote : Posted in a previous version of this proposal | # |
Hi again,
On Wed, Nov 2, 2011 at 12:25 PM, Miika Komu <email address hidden> wrote:
> On 11/02/2011 01:04 PM, David Martin wrote:
>>>
>>> The same goes for hip_send_
>>> hip_handle_
>>
>> What exactly do you mean?
>
> the functions offer very similar functionality (copy paste).
Sorry for being a bit dense but I'm still not sure what you mean.
hip_handle_
hipconf messages. hip_send_
since the last commit is nothing more than a wrapper for send_recv_
Maybe you mean hip_handle_msg() in firewall_control.c which basically does the same
as hip_handle_
branch and I see no reason to merge them together. It would result in an even bigger
and even more unwieldy function. The firewall does receive user messages of the same
message type, but it acts differently on them than hipd. I think it's reasonable to keep them
apart. We should think about renaming them to make their purpose more obvious but this
is out of scope of this branch.
Miika Komu (miika-iki) wrote : Posted in a previous version of this proposal | # |
Sorry, I mean fw_handle_
David Martin (martin-lp) wrote : Posted in a previous version of this proposal | # |
Hi,
On Wed, Nov 2, 2011 at 3:26 PM, Miika Komu <email address hidden> wrote:
> Sorry, I mean fw_handle_
You are right. But if I see it correctly those two weren't really touched by this branch so I would
say it's not related. Feel free to change it in trunk. :)))
PS: Fixed non-compiling make doxygen and added error-handling for wrong process keywords in the last two revisions.
PPS: Had a look at your proposed commands as well. They seem to work alright as far as I can judge. Here's a log:
martin@
Mapped v4 to v6.
mapped v6: 10.0.3.1
Sending user message 2 to HIPD on socket 3
Sent 88 bytes
Waiting to receive daemon info.
88 bytes received from HIP daemon.
User message was sent successfully to the HIP daemon.
martin@
Sending user message 22 to HIPD on socket 3
Sent 40 bytes
Waiting to receive daemon info.
248 bytes received from HIP daemon.
HA is UNASSOCIATED
Shotgun mode is off.
Broadcast mode is off.
Local HIT: 2001:0017:
Peer HIT: 2001:0017:
Local LSI: 1.0.0.1
Peer LSI: 1.0.0.1
Local IP: 10.0.3.1
Local NAT traversal UDP port: 10500
Peer IP: 10.0.3.1
Peer NAT traversal UDP port: 10500
Peer hostname:
martin@
Sending user message 68 to HIPD on socket 3
Sent 64 bytes
Waiting to receive daemon info.
64 bytes received from HIP daemon.
User message was sent successfully to the HIP daemon.
martin@
Sending user message 22 to HIPD on socket 3
Sent 40 bytes
Waiting to receive daemon info.
40 bytes received from HIP daemon.
martin@
<snip>
martin@
<snip>
martin@
<snip>
HA is UNASSOCIATED
Shotgun mode is off.
Broadcast mode is off.
Local HIT: 2001:0017:
Peer HIT: 2001:0017:
Local LSI: 1.0.0.1
Peer LSI: 1.0.0.1
Local IP: 10.0.3.1
Local NAT traversal UDP port: 0
Peer IP: 10.0.3.1
Peer NAT traversal UDP port: 0
Peer hostname:
martin@
<snip>
martin@
<snip>
HA is UNASSOCIATED
Shotgun mode is off.
Broadcast mode is off.
Local HIT: 2001:0017:
Peer HIT: 2001:0017:
Local LSI: 1.0.0.1
Peer LSI: 1.0.0.1
Local IP: 10.0.3.1
Local NAT traversal UDP port: 10500
Peer IP: 10.0.3.1
Peer NAT traversal UDP port: 10500
Peer hostname:
martin@
René Hummen (rene-hummen) wrote : Posted in a previous version of this proposal | # |
On 27.10.2011, at 16:37, Miika Komu wrote:
>> On 25.10.2011, at 09:42, Miika Komu wrote:
>>> Another benefit of merged functionality is to allow reading of static
>> information from /etc/hip/
>>
>> I don't see your point here. Can you please explain. By the way, hipfwconf
>> wraps around libcore the same way hipconf does.
>
> You mean that you can set hipfwconf parameters from /etc/hip/
Hmmm, I'm not sure what this discussion was about exactly. Maybe some clarification as to what kind of functionality this branch is supposed to introduce: it allows to request status information from hipfw at run-time. However, it does not allow for run-time configuration right now. Of course, it would be easy to extend hipfw with this functionality, but I don't see that this desirable.
--
Dipl.-Inform. Rene Hummen, Ph.D. Student
Chair of Communication and Distributed Systems
RWTH Aachen University, Germany
tel: +49 241 80 20772
web: http://
Miika Komu (miika-iki) wrote : Posted in a previous version of this proposal | # |
> Hmmm, I'm not sure what this discussion was about exactly. Maybe some clarification as to what kind of functionality
> this branch is supposed to introduce: it allows to request status information from hipfw at run-time. However, it
> does not allow for run-time configuration right now. Of course, it would be easy to extend hipfw with this
> functionality, but I don't see that this desirable.
Never mind (now hipd_config can be used to trigger hipfw actions as well).
David Martin (martin-lp) wrote : Posted in a previous version of this proposal | # |
Diego, your opinion? :)
Diego Biurrun (diego-biurrun) wrote : Posted in a previous version of this proposal | # |
review needs-fixing
On Mon, Oct 31, 2011 at 06:22:27PM +0000, David Martin wrote:
>
> --- lib/core/conf.h 2011-08-15 14:11:56 +0000
> +++ lib/core/conf.h 2011-10-31 18:21:26 +0000
> @@ -54,6 +54,11 @@
>
> +enum daemon_name { HIP_DAEMON, HIP_FIREWALL };
> +/* keywords used to identify hipd / hipfw as target of hipconf command */
> +#define HIPCONF_
> +#define HIPCONF_
These appear unused outside of conf.c.
Diego
Diego Biurrun (diego-biurrun) wrote : Posted in a previous version of this proposal | # |
On Fri, Nov 04, 2011 at 12:07:34PM +0000, David Martin wrote:
> Diego, your opinion? :)
I said enough to reject it already, just added some more ;)
Diego
David Martin (martin-lp) wrote : Posted in a previous version of this proposal | # |
Hi,
On Fri, Nov 4, 2011 at 1:25 PM, Diego Biurrun <email address hidden> wrote:
> On Mon, Oct 31, 2011 at 06:22:27PM +0000, David Martin wrote:
>>
>> --- lib/core/conf.h 2011-08-15 14:11:56 +0000
>> +++ lib/core/conf.h 2011-10-31 18:21:26 +0000
>> @@ -54,6 +54,11 @@
>>
>> +enum daemon_name { HIP_DAEMON, HIP_FIREWALL };
>> +/* keywords used to identify hipd / hipfw as target of hipconf command */
>> +#define HIPCONF_
>> +#define HIPCONF_
>
> These appear unused outside of conf.c.
Nope, using them in lib/core/message.c as well. Did you pull the latest revisions?
On Fri, Nov 4, 2011 at 1:29 PM, Diego Biurrun <email address hidden> wrote:
> I said enough to reject it already, just added some more ;)
Well, other than you being terribly suspicious of hipconf in general you did not say
aynthing. And that's not very constructive. :p
Diego Biurrun (diego-biurrun) wrote : Posted in a previous version of this proposal | # |
On Fri, Nov 04, 2011 at 12:53:25PM +0000, David Martin wrote:
> On Fri, Nov 4, 2011 at 1:25 PM, Diego Biurrun <email address hidden> wrote:
> > On Mon, Oct 31, 2011 at 06:22:27PM +0000, David Martin wrote:
> >>
> >> --- lib/core/conf.h 2011-08-15 14:11:56 +0000
> >> +++ lib/core/conf.h 2011-10-31 18:21:26 +0000
> >> @@ -54,6 +54,11 @@
> >>
> >> +enum daemon_name { HIP_DAEMON, HIP_FIREWALL };
> >> +/* keywords used to identify hipd / hipfw as target of hipconf command */
> >> +#define HIPCONF_
> >> +#define HIPCONF_
> >
> > These appear unused outside of conf.c.
>
> Nope, using them in lib/core/message.c as well. Did you pull the latest revisions?
Of course not! I don't pull anything to review your work, why would I?
I just sit here and read emails. I should not have to care about you
committing new revisions somewhere I'm not looking.
> On Fri, Nov 4, 2011 at 1:29 PM, Diego Biurrun <email address hidden> wrote:
> > I said enough to reject it already, just added some more ;)
>
> Well, other than you being terribly suspicious of hipconf in general you did not say
> aynthing. And that's not very constructive. :p
I said there were unrelated stray changes - that's ground enough not to
commit it so I did not bother to look in detail at a version that will
not be pushed anyway ;)
Diego
Miika Komu (miika-iki) wrote : Posted in a previous version of this proposal | # |
Good work!
Miika Komu (miika-iki) wrote : Posted in a previous version of this proposal | # |
Sorry, I stumbled on a problem after hitting the Approve button. "hipconf daemon" is needed now for all existing commands, right? If yes, then this need to be properly adjusted in:
* doc/HOWTO.xml.in
* lib/core/conf.c
* lib/core/hostid.c
* lib/core/message.c
* lib/tool/nlink.c
* hipd/nat.c
* tools/hipdnspro
* firewall/
* firewall/cache.c
Scan for "hipconf" in the files and adjust where appropiate.
David Martin (martin-lp) wrote : Posted in a previous version of this proposal | # |
Hi,
On Mon, Nov 7, 2011 at 3:33 PM, Miika Komu <email address hidden> wrote:
> Review: Needs Fixing
>
> Sorry, I stumbled on a problem after hitting the Approve button. "hipconf daemon" is needed now for all existing commands, right? If yes, then this need to be properly adjusted in:
>
> * doc/HOWTO.xml.in
> * lib/core/conf.c
> * lib/core/hostid.c
> * lib/core/message.c
> * lib/tool/nlink.c
> * hipd/nat.c
> * tools/hipdnspro
> * firewall/
> * firewall/cache.c
>
> Scan for "hipconf" in the files and adjust where appropiate.
Good catch! Should've thought about grepping through the other files to find hipconf occurances. I would have missed the *.in for sure though.
Fixed this and will resubmit the proposal.
David Martin (martin-lp) wrote : Posted in a previous version of this proposal | # |
Sorry, seems like I oversaw a merge conflict. Will fix this and retransmit.
Miika Komu (miika-iki) wrote : Posted in a previous version of this proposal | # |
Let's make it final this time :)
David Martin (martin-lp) wrote : Posted in a previous version of this proposal | # |
Hey,
On Mon, Nov 7, 2011 at 6:08 PM, Miika Komu <email address hidden> wrote:
> Let's make it final this time :)
sorry, one more time at least. Maybe wait with your approval for Diego. I fear this is not yet over. ;)
Diego Biurrun (diego-biurrun) wrote : Posted in a previous version of this proposal | # |
review needs-fixing
On Mon, Nov 07, 2011 at 05:15:33PM +0000, David Martin wrote:
> David Martin has proposed merging lp:~martin-lp/hipl/hipfwconf into lp:hipl.
>
> --- firewall/
> +++ firewall/
> @@ -38,10 +38,12 @@
>
> +#include "conntrack.h"
> #include "lib/core/
> #include "lib/core/debug.h"
> #include "lib/core/ife.h"
> #include "lib/core/
> +#include "lib/core/prefix.h"
> #include "lib/core/
> #include "cache.h"
> #include "firewall.h"
conntrack.h should come after cache.h.
> --- lib/core/conf.c 2011-11-03 09:21:12 +0000
> +++ lib/core/conf.c 2011-11-07 17:14:40 +0000
> @@ -226,6 +234,51 @@
>
> +const char *hipfwconf_usage =
> + HIPCONF_
> + " <command>\n\n"
> + "HIP firewall commands:\n"
> + "get ha <hit> | all\n";
I think this can be static.
> @@ -510,6 +563,25 @@
>
> /**
> + * Map daemon / firewall keyboard to its respective enum.
You are mapping a keyBOARD? Is that maybe a typo? :)
> @@ -2525,7 +2604,8 @@
>
> if (err) {
> - HIP_ERROR("(Check syntax for hipconf. Is hipd running or root privilege needed?)\n");
> + HIP_ERROR("(Check syntax for hipconf. Is hipd or hipfw running or root"
> + " privilege needed?)\n");
Maybe just say "daemon" instead of enumerating the 12345 programs that
will become part of HIPL over the next decade.
> --- lib/core/conf.h 2011-08-15 14:11:56 +0000
> +++ lib/core/conf.h 2011-11-07 17:14:40 +0000
> @@ -54,6 +54,11 @@
> #define ACTION_ADD 1
> #define ACTION_NEW 3
>
> +enum daemon_name { HIP_DAEMON, HIP_FIREWALL, UNKNOWN_KEYWORD };
This is still unused outside of conf.c.
Diego
David Martin (martin-lp) wrote : Posted in a previous version of this proposal | # |
Hi,
On Tue, Nov 8, 2011 at 9:47 AM, Diego Biurrun <email address hidden> wrote:
> review needs-fixing
>
> On Mon, Nov 07, 2011 at 05:15:33PM +0000, David Martin wrote:
>> David Martin has proposed merging lp:~martin-lp/hipl/hipfwconf into lp:hipl.
>>
>> --- firewall/
>> +++ firewall/
>> @@ -38,10 +38,12 @@
>>
>> +#include "conntrack.h"
>> #include "lib/core/
>> #include "lib/core/debug.h"
>> #include "lib/core/ife.h"
>> #include "lib/core/
>> +#include "lib/core/prefix.h"
>> #include "lib/core/
>> #include "cache.h"
>> #include "firewall.h"
>
> conntrack.h should come after cache.h.
fixed.
>> --- lib/core/conf.c 2011-11-03 09:21:12 +0000
>> +++ lib/core/conf.c 2011-11-07 17:14:40 +0000
>> @@ -226,6 +234,51 @@
>>
>> +const char *hipfwconf_usage =
>> + HIPCONF_
>> + " <command>\n\n"
>> + "HIP firewall commands:\n"
>> + "get ha <hit> | all\n";
>
> I think this can be static.
yup, fixed.
>> @@ -510,6 +563,25 @@
>>
>> /**
>> + * Map daemon / firewall keyboard to its respective enum.
>
> You are mapping a keyBOARD? Is that maybe a typo? :)
Heaven forbid! That does indeed seem to be a typo. ^^ Fixed.
>> @@ -2525,7 +2604,8 @@
>>
>> if (err) {
>> - HIP_ERROR("(Check syntax for hipconf. Is hipd running or root privilege needed?)\n");
>> + HIP_ERROR("(Check syntax for hipconf. Is hipd or hipfw running or root"
>> + " privilege needed?)\n");
>
> Maybe just say "daemon" instead of enumerating the 12345 programs that
> will become part of HIPL over the next decade.
You are right. Personally I find it a bit strange to call hipd the HIP daemon when they are all daemons. Whatever, fixed this as well.
>
>> --- lib/core/conf.h 2011-08-15 14:11:56 +0000
>> +++ lib/core/conf.h 2011-11-07 17:14:40 +0000
>> @@ -54,6 +54,11 @@
>> #define ACTION_ADD 1
>> #define ACTION_NEW 3
>>
>> +enum daemon_name { HIP_DAEMON, HIP_FIREWALL, UNKNOWN_KEYWORD };
>
> This is still unused outside of conf.c.
You are right. I made it static.
René Hummen (rene-hummen) wrote : Posted in a previous version of this proposal | # |
LGTM. You also obviously fixed Diego's comments and Miika was satisfied already with the last request. So go ahead and merge it.
Diego Biurrun (diego-biurrun) wrote : Posted in a previous version of this proposal | # |
review needs-fixing
On Tue, Nov 08, 2011 at 03:41:03PM +0000, David Martin wrote:
>
> --- lib/core/conf.h 2011-08-15 14:11:56 +0000
> +++ lib/core/conf.h 2011-11-08 15:39:04 +0000
> @@ -54,6 +54,11 @@
>
> +enum daemon_name { HIP_DAEMON, HIP_FIREWALL, UNKNOWN_KEYWORD };
This is only used in conf.c, so it has no business in a header file.
Header files are for interface definitions *only*.
Should be in HACKING, if not we need to update it.
Diego
Diego Biurrun (diego-biurrun) wrote : | # |
review approve
On Tue, Nov 08, 2011 at 05:12:08PM +0000, David Martin wrote:
> David Martin has proposed merging lp:~martin-lp/hipl/hipfwconf into lp:hipl.
>
> --- lib/core/message.c 2011-10-25 21:44:47 +0000
> +++ lib/core/message.c 2011-11-08 17:09:18 +0000
> @@ -319,23 +330,30 @@
>
> -static int send_recv_
> - int opt_socket)
> +static int send_recv_
nit: This is now a long line.
Anyway, this looks good to me now, so go ahead and push :)
Diego
David Martin (martin-lp) wrote : | # |
Hi,
On Tue, Nov 8, 2011 at 8:55 PM, Diego Biurrun <email address hidden> wrote:
> Review: Approve
> On Tue, Nov 08, 2011 at 05:12:08PM +0000, David Martin wrote:
>> David Martin has proposed merging lp:~martin-lp/hipl/hipfwconf into lp:hipl.
>>
>> --- lib/core/message.c 2011-10-25 21:44:47 +0000
>> +++ lib/core/message.c 2011-11-08 17:09:18 +0000
>> @@ -319,23 +330,30 @@
>>
>> -static int send_recv_
>> - int opt_socket)
>> +g
>
> nit: This is now a long line.
I wonder whether if I had broken that line and it would have shown in the diff
you may have said it would have been ok to keep it in a single line.
Come on, it's 85 characters. That is not yet a long line. :p
> Anyway, this looks good to me now, so go ahead and push :)
Kk, merge is pushed in trunk revision 6121.
Diego Biurrun (diego-biurrun) wrote : | # |
On Wed, Nov 09, 2011 at 04:01:33PM +0000, David Martin wrote:
> On Tue, Nov 8, 2011 at 8:55 PM, Diego Biurrun <email address hidden> wrote:
> > On Tue, Nov 08, 2011 at 05:12:08PM +0000, David Martin wrote:
> >> David Martin has proposed merging lp:~martin-lp/hipl/hipfwconf into lp:hipl.
> >>
> >> --- lib/core/message.c 2011-10-25 21:44:47 +0000
> >> +++ lib/core/message.c 2011-11-08 17:09:18 +0000
> >> @@ -319,23 +330,30 @@
> >>
> >> -static int send_recv_
> >> - int opt_socket)
> >> +g
> >
> > nit: This is now a long line.
>
> I wonder whether if I had broken that line and it would have shown in the diff
> you may have said it would have been ok to keep it in a single line.
> Come on, it's 85 characters. That is not yet a long line. :p
Long lines are those that go over the 80 character mark.
Diego
Preview Diff
1 | === modified file 'doc/HOWTO.xml.in' |
2 | --- doc/HOWTO.xml.in 2011-11-03 09:21:12 +0000 |
3 | +++ doc/HOWTO.xml.in 2011-11-08 17:09:18 +0000 |
4 | @@ -594,7 +594,7 @@ |
5 | |
6 | <itemizedlist> |
7 | <listitem><programlisting>Version of HIPL software. Ubuntu: dpkg -l 'hipl*'. Red Hat-based distros: rpm -qa | grep hipl</programlisting></listitem> |
8 | - <listitem><programlisting>hipconf get ha all</programlisting></listitem> |
9 | + <listitem><programlisting>hipconf daemon get ha all</programlisting></listitem> |
10 | <listitem><programlisting>ip xfrm state</programlisting></listitem> |
11 | <listitem><programlisting>uname -a</programlisting></listitem> |
12 | <listitem><programlisting>lsb_release -a</programlisting></listitem> |
13 | @@ -658,7 +658,7 @@ |
14 | |
15 | <para>To use access the servers using HIP behind a NAT box, you |
16 | have two alternatives. Firstly, you enable the UDP |
17 | - encapsulation using "hipconf nat plain-udp". See <xref |
18 | + encapsulation using "hipconf daemon nat plain-udp". See <xref |
19 | linkend="ch_hip_nat" /> for more information. Secondly, |
20 | you can install miredo on your machine and make sure that HIP |
21 | uses the IPv6 address of the server.</para> |
22 | @@ -674,7 +674,7 @@ |
23 | <title>Closing HIP Security Associations Manually</title> |
24 | <para> |
25 | You can use the hipconf tool to reset HIP SAs manually. Type |
26 | - "hipconf rst all" to close all SAs. |
27 | + "hipconf daemon rst all" to close all SAs. |
28 | </para> |
29 | </section> |
30 | |
31 | @@ -761,10 +761,10 @@ |
32 | HIT_OF_XXX with the HIT of the host XXX. The hip daemon loads (and |
33 | creates if necessary) the host identities from @sysconfdir@ automatically. |
34 | If you want to know the default HIT of the localhost, run |
35 | - "hipconf get hi default". |
36 | - You can list all HITs of the machine with "hipconf get hi all". By |
37 | + "hipconf daemon get hi default". |
38 | + You can list all HITs of the machine with "hipconf daemon get hi all". By |
39 | default, you'll see only one. If you want to use all four HITs of the |
40 | - host, you have to invoke "hipconf add hi default". The use of multiple |
41 | + host, you have to invoke "hipconf daemon add hi default". The use of multiple |
42 | local HITs is not currently recommended! |
43 | </para> |
44 | <para> |
45 | @@ -773,7 +773,7 @@ |
46 | possible but not necessary: |
47 | </para> |
48 | <para> |
49 | - hipconf add map PEER_HIT PEER_IP |
50 | + hipconf daemon add map PEER_HIT PEER_IP |
51 | </para> |
52 | <para> |
53 | You can also add the mapping to "@sysconfdir@/hipd_config" and restart hipd. |
54 | @@ -830,18 +830,18 @@ |
55 | more information messages with the daemons or capturing the network packets.</para> |
56 | <para>The log messages displayed by the hip daemon can be changed dynamically:</para> |
57 | <para> |
58 | - hipconf debug none # <only HIP_DIE and HIP_ASSERT messages are shown> |
59 | + hipconf daemon debug none # <only HIP_DIE and HIP_ASSERT messages are shown> |
60 | </para> |
61 | <para> |
62 | - hipconf debug low # <shows HIP_DIE, HIP_ASSERT and HIP_ERROR |
63 | + hipconf daemon debug low # <shows HIP_DIE, HIP_ASSERT and HIP_ERROR |
64 | messages> |
65 | </para> |
66 | <para> |
67 | - hipconf debug medium # <shows HIP_DIE, HIP_ASSERT, HIP_ERROR and |
68 | + hipconf daemon debug medium # <shows HIP_DIE, HIP_ASSERT, HIP_ERROR and |
69 | HIP_INFO messages> |
70 | </para> |
71 | <para> |
72 | - hipconf debug all # <shows all messages, including |
73 | + hipconf daemon debug all # <shows all messages, including |
74 | HIP_DEBUG> |
75 | </para> |
76 | <para> |
77 | @@ -882,14 +882,14 @@ |
78 | </para> |
79 | </listitem> |
80 | <listitem> |
81 | - <para>Add the information with hipconf add map |
82 | + <para>Add the information with hipconf daemon add map |
83 | <itemizedlist> |
84 | - <listitem><para>hipconf add map OOPS_HIT OOPS_IP [OOPS_LSI] </para></listitem> |
85 | + <listitem><para>hipconf daemon add map OOPS_HIT OOPS_IP [OOPS_LSI] </para></listitem> |
86 | </itemizedlist> |
87 | </para> |
88 | </listitem> |
89 | </itemizedlist> |
90 | - <para>If the command hipconf add map is not executed, we must add the peer IP in |
91 | + <para>If the command hipconf daemon add map is not executed, we must add the peer IP in |
92 | the file /etc/hosts</para> |
93 | <itemizedlist> |
94 | <listitem><para>OOPS_IP oops</para></listitem> |
95 | @@ -929,7 +929,7 @@ |
96 | <formalpara><title>Running the application</title><para></para></formalpara> |
97 | <para>Once we have finished the step before and started running hipd and hipfw, we can |
98 | run the application. If the LSI has been generated automatically, we can check its |
99 | - value with hipconf get ha OOPS_HIT or hipconf get ha all. |
100 | + value with hipconf daemon get ha OOPS_HIT or hipconf daemon get ha all. |
101 | Afterwards, we start running the application, e.g.: |
102 | </para> |
103 | <itemizedlist> |
104 | @@ -989,7 +989,7 @@ |
105 | </itemizedlist> |
106 | <para> |
107 | You can also trigger the handover message exchange without |
108 | - changing IP addresses by running "hipconf manual-update". Note that this |
109 | + changing IP addresses by running "hipconf daemon manual-update". Note that this |
110 | only simulates the message exchange that would normally occur on IP |
111 | address changes and does not test handover detection. |
112 | </para> |
113 | @@ -1056,9 +1056,9 @@ |
114 | /etc/hosts. |
115 | </para> |
116 | <para> |
117 | - 3b. Execute "hipconf add map PEER_HIT PEER_IP" and use the HIT directly |
118 | + 3b. Execute "hipconf daemon add map PEER_HIT PEER_IP" and use the HIT directly |
119 | in the application. You can insert the |
120 | - hipconf command also to @sysconfdir@/hipd_config and restart hipd. |
121 | + hipconf command without daemon keyword also to @sysconfdir@/hipd_config and restart hipd. |
122 | </para> |
123 | </section> |
124 | |
125 | @@ -1107,7 +1107,7 @@ |
126 | run at that time): |
127 | </para> |
128 | <para> |
129 | - hipconf run normal|opp firefox |
130 | + hipconf daemon run normal|opp firefox |
131 | </para> |
132 | </section> |
133 | <section id="sec_sendmail"> |
134 | @@ -1167,7 +1167,7 @@ |
135 | </programlisting> |
136 | <para> |
137 | The "HIT_OF_THE_CLIENT" should not be taken as literal. Replace it with the |
138 | - actual HIT of the client (run "hipconf get ha default" at the client host). |
139 | + actual HIT of the client (run "hipconf daemon get ha default" at the client host). |
140 | </para> |
141 | <para> |
142 | It should be noticed that you can also specify the HIT_OF_CLIENT at the |
143 | @@ -1412,7 +1412,7 @@ |
144 | </programlisting> |
145 | <para> |
146 | Notice that <hit-of-the-server> should not be taken literally. Replace |
147 | - it with the HIT of the server (run "hipconf get hi default" at the server). |
148 | + it with the HIT of the server (run "hipconf daemon get hi default" at the server). |
149 | If you want to use LSIs instead of HITs, you shouldn't use the -V option |
150 | and use LSIs as instructed in <xref linkend="interop_ip_v4_v6" />. |
151 | </para> |
152 | @@ -1624,15 +1624,15 @@ |
153 | </para> |
154 | |
155 | <para> |
156 | - With "hipconf hit-to-ip on", the HIP daemon uses IP addresses of |
157 | + With "hipconf daemon hit-to-ip on", the HIP daemon uses IP addresses of |
158 | 5.7.d.1.c.c.8.d.0.6.3.b.a.4.6.2.5.0.5.2.e.4.7.5.e.1.0.0.1.0.0.2.hit-to-ip.infrahip.net. |
159 | to contact peer host with HIT 2001:1e:574e:2505:264a:b360:d8cc:1d75 |
160 | </para> |
161 | <para>Default hit-to-ip.infrahip.net. suffix can be changed with |
162 | - "hipconf hit-to-ip-set <new.hit-to-ip.zone.>. Please note it is independent from HIT_TO_IP_ZONE in @sysconfdir@/nsupdate.conf" |
163 | + "hipconf daemon hit-to-ip-set <new.hit-to-ip.zone.>. Please note it is independent from HIT_TO_IP_ZONE in @sysconfdir@/nsupdate.conf" |
164 | </para> |
165 | <para> |
166 | - With "hipconf nsupdate on", the HIP daemon also maintains |
167 | + With "hipconf daemon nsupdate on", the HIP daemon also maintains |
168 | records in hit-to-ip.infrahip.net. Once you start hipd, it will |
169 | call nsupdate.pl with HIT and IP address for every HIT of your |
170 | host. It is executed upon mobility events (i.e. address changes) |
171 | @@ -1799,7 +1799,7 @@ |
172 | the HIP daemon at the responder and use the "<emphasis>hipconf</emphasis>" tool from another |
173 | shell at the responder to get the default hi: |
174 | <programlisting> |
175 | - hipconf get hi default |
176 | + hipconf daemon get hi default |
177 | </programlisting> |
178 | Now, add this HIT in between the white list quotation marks in the |
179 | configuration file of the RVS / HIP relay server: |
180 | @@ -1849,10 +1849,10 @@ |
181 | otherwise modify the configuration file, you can reinitialize the server |
182 | without restarting the daemon itself using the "<emphasis>hipconf</emphasis>" tool: |
183 | <programlisting> |
184 | - hipconf reinit service rvs</programlisting> |
185 | + hipconf daemon reinit service rvs</programlisting> |
186 | or |
187 | <programlisting> |
188 | - hipconf reinit service relay</programlisting> |
189 | + hipconf daemon reinit service relay</programlisting> |
190 | The reinitialization does not have any effect on the existing |
191 | RVS / HIP relay server clients, but only affects clients registering |
192 | after the reinitialization. |
193 | @@ -1963,7 +1963,7 @@ |
194 | that you would have in a normal base exchange execution not |
195 | involving an RVS. Please make sure that you use the same HIT |
196 | here as <RESPONDER HIT> as what the |
197 | - "<emphasis>hipconf get hi default</emphasis>" |
198 | + "<emphasis>hipconf daemon get hi default</emphasis>" |
199 | outputs at the responder. |
200 | </para> |
201 | </listitem> |
202 | @@ -2012,14 +2012,14 @@ |
203 | </para></listitem> |
204 | <listitem><para> |
205 | At the rendezvous server, we have to indicate that we are willing to offer |
206 | - rendezvous service:<programlisting>hipconf add service rvs</programlisting> |
207 | + rendezvous service:<programlisting>hipconf daemon add service rvs</programlisting> |
208 | </para></listitem> |
209 | <listitem id="listitem_rvs"><para> |
210 | At the responder, we have to register to the rendezvous server: |
211 | - <programlisting>hipconf add server rvs [RVS-HIT] <RVS-IP or hostname> <LIFETIME-IN-SECONDS></programlisting> |
212 | + <programlisting>hipconf daemon add server rvs [RVS-HIT] <RVS-IP or hostname> <LIFETIME-IN-SECONDS></programlisting> |
213 | This will launch a base exchange i.e. establish a HIP SA between the |
214 | rendezvous server and the responder. Please use the default HIT of |
215 | - the rendezvous server ("<emphasis>hipconf get hi default</emphasis>" at the RVS). |
216 | + the rendezvous server ("<emphasis>hipconf daemon get hi default</emphasis>" at the RVS). |
217 | The <LIFETIME-IN-SECONDS> value represents the number of seconds |
218 | we would like our service registration to last, but it is not |
219 | necessarily the number of seconds we are granted the service. |
220 | @@ -2053,7 +2053,7 @@ |
221 | To cancel the rendezvous service (without killing the HIP |
222 | daemon) type: |
223 | <programlisting> |
224 | - hipconf del service rvs |
225 | + hipconf daemon del service rvs |
226 | </programlisting> |
227 | This will delete all existing rendezvous server registrations |
228 | and remove the rendezvous service from the offered services. |
229 | @@ -2064,7 +2064,7 @@ |
230 | To reinitialize the rendezvous service after modifications to |
231 | the configuration file (without killing the HIP daemon) type: |
232 | <programlisting> |
233 | - hipconf reinit service rvs |
234 | + hipconf daemon reinit service rvs |
235 | </programlisting> |
236 | The changes that you have made to the configuration file affect the |
237 | clients registering after the reinitialization. |
238 | @@ -2082,7 +2082,7 @@ |
239 | <para> |
240 | To cancel the registration to the rendezvous service type: |
241 | <programlisting> |
242 | - hipconf del server rvs <RVS-HIT> <RVS-IP> |
243 | + hipconf daemon del server rvs <RVS-HIT> <RVS-IP> |
244 | </programlisting> |
245 | This will send a HIP message asking for rendezvous service |
246 | cancellation to the rendezvous server. |
247 | @@ -2237,17 +2237,17 @@ |
248 | At the relay server, we have to indicate that we are willing to offer |
249 | relay service: |
250 | <programlisting> |
251 | - hipconf add service relay |
252 | + hipconf daemon add service relay |
253 | </programlisting> |
254 | </para></listitem> |
255 | <listitem><para> |
256 | At the responder, we have to register to the relay server: |
257 | <programlisting> |
258 | - hipconf add server relay <RELAY-HIT> <RELAY-IP> <LIFETIME-IN-SECONDS> |
259 | + hipconf daemon add server relay <RELAY-HIT> <RELAY-IP> <LIFETIME-IN-SECONDS> |
260 | </programlisting> |
261 | This will launch a base exchange i.e. establish a HIP SA between the |
262 | relay server and the responder. Please use the default HIT of the |
263 | - relay server ("<emphasis>hipconf get hi default</emphasis>" at |
264 | + relay server ("<emphasis>hipconf daemon get hi default</emphasis>" at |
265 | the relay server). The <LIFETIME-IN-SECONDS> value represents |
266 | the number of seconds we would like our service registration to |
267 | last, but it is not necessarily the number of seconds we are granted |
268 | @@ -2285,7 +2285,7 @@ |
269 | To cancel the relay service (without killing the HIP daemon) |
270 | type: |
271 | <programlisting> |
272 | - hipconf del service relay |
273 | + hipconf daemon del service relay |
274 | </programlisting> |
275 | This will delete all existing relay server registrations |
276 | and remove the relay service from the offered services. |
277 | @@ -2296,7 +2296,7 @@ |
278 | To reinitialize the relay service after modifications to |
279 | the configuration file (without killing the HIP daemon) type: |
280 | <programlisting> |
281 | - hipconf reinit service relay |
282 | + hipconf daemon reinit service relay |
283 | </programlisting> |
284 | The changes that you have made to the configuration file affect the |
285 | clients registering after the reinitialization. |
286 | @@ -2314,7 +2314,7 @@ |
287 | <para> |
288 | To cancel the registration to the relay service type: |
289 | <programlisting> |
290 | - hipconf del server relay <RELAY-HIT> <RELAY-IP> |
291 | + hipconf daemon del server relay <RELAY-HIT> <RELAY-IP> |
292 | </programlisting> |
293 | This will send a HIP message asking for relay service |
294 | cancellation to the relay server. |
295 | @@ -2494,7 +2494,7 @@ |
296 | example, to request a service identified by number 1 (the |
297 | rendezvous service), you can type |
298 | <programlisting> |
299 | - hipconf add server 1 <SERVER-HIT> <SERVER-IP> <LIFETIME-IN-SECONDS> |
300 | + hipconf daemon add server 1 <SERVER-HIT> <SERVER-IP> <LIFETIME-IN-SECONDS> |
301 | </programlisting> |
302 | Notice, however, that if the server does not support the |
303 | service you have requested, a request is never sent. |
304 | @@ -2506,7 +2506,7 @@ |
305 | can chain the service types. For example, to request services |
306 | identified by registration types 3, 10 and 245 you can type: |
307 | <programlisting> |
308 | - hipconf add server 3 10 245 <SERVER-HIT> <SERVER-IP> <LIFETIME-IN-SECONDS> |
309 | + hipconf daemon add server 3 10 245 <SERVER-HIT> <SERVER-IP> <LIFETIME-IN-SECONDS> |
310 | </programlisting> |
311 | Using this chaining method one can request up to ten |
312 | services with one REG_REQUEST parameter. |
313 | @@ -2518,7 +2518,7 @@ |
314 | request you can chain the service types as with |
315 | registration. |
316 | <programlisting> |
317 | - hipconf del server 3 10 245 <SERVER-HIT> <SERVER-IP> |
318 | + hipconf daemon del server 3 10 245 <SERVER-HIT> <SERVER-IP> |
319 | </programlisting> |
320 | Using this chaining method one can request up to ten |
321 | service cancellations with one REG_REQUEST parameter. |
322 | @@ -2696,7 +2696,7 @@ |
323 | </para> |
324 | <para>The NAT traversal can be experimented in a similar way as depicted |
325 | in earlier sections. The only difference is that you have to tell the |
326 | - initiator manually that it is behind a NAT using "hipconf nat on". |
327 | + initiator manually that it is behind a NAT using "hipconf daemon nat on". |
328 | After this, you can initiate the base exchange |
329 | according to the previous instructions. The manual configuration is |
330 | currently required because support for automatic NAT detection (STUN) |
331 | @@ -2709,10 +2709,10 @@ |
332 | </para> |
333 | <itemizedlist> |
334 | <listitem><para> |
335 | - hipconf nat plain-udp |
336 | + hipconf daemon nat plain-udp |
337 | </para> </listitem> |
338 | <listitem><para> |
339 | - hipconf add map peer_hit peer_ipv4_addr |
340 | + hipconf daemon add map peer_hit peer_ipv4_addr |
341 | </para> </listitem> |
342 | <listitem><para> |
343 | ping6 -I source_hit dst_hit |
344 | @@ -2735,7 +2735,7 @@ |
345 | by installing the Miredo client software. Then, establish HIP connections |
346 | to Teredo addresses (check ifconfig teredo) at the client side as |
347 | instructed in <xref linkend="ch_basictest" />. As Teredo is a NAT traversal |
348 | - solution by itself, you don't have use UDP encapsulation for HIP (hipconf nat none). |
349 | + solution by itself, you don't have use UDP encapsulation for HIP (hipconf daemon nat none). |
350 | </para> |
351 | <para> |
352 | See |
353 | @@ -2770,7 +2770,7 @@ |
354 | relays HIP control and ESP data traffic. You can use one the InfraHIP servers |
355 | or set up your own as instructed in <xref linkend="ch_rvs_relay" |
356 | />. Both Initiator and Responder must be configured with |
357 | - "hipconf nat ice-udp". Then Initiator must run the base exchange through the |
358 | + "hipconf daemon nat ice-udp". Then Initiator must run the base exchange through the |
359 | relay server. |
360 | </para> |
361 | |
362 | @@ -2816,12 +2816,12 @@ |
363 | |
364 | <para> |
365 | <programlisting> |
366 | -hipconf shotgun on |
367 | +hipconf daemon shotgun on |
368 | </programlisting> |
369 | </para> |
370 | |
371 | <para>The same line can be also included in @sysconfdir@/hipd_config |
372 | - without the "hipconf" prefix. |
373 | + without the "hipconf daemon" prefix. |
374 | </para> |
375 | |
376 | <para>At the time of writing this, the shotgun extension did not yet |
377 | |
378 | === modified file 'firewall/cache.c' |
379 | --- firewall/cache.c 2011-10-25 21:14:16 +0000 |
380 | +++ firewall/cache.c 2011-11-08 17:09:18 +0000 |
381 | @@ -281,7 +281,7 @@ |
382 | } |
383 | } |
384 | |
385 | - /* Note: this function is also reached by "hipconf rst all" |
386 | + /* Note: this function is also reached by "hipconf daemon rst all" |
387 | * so we don't want to uninitialize hash table here. Instead, |
388 | * we handle it in firewall_exit(). */ |
389 | |
390 | |
391 | === modified file 'firewall/conntrack.c' |
392 | --- firewall/conntrack.c 2011-10-25 21:14:16 +0000 |
393 | +++ firewall/conntrack.c 2011-11-08 17:09:18 +0000 |
394 | @@ -910,7 +910,7 @@ |
395 | * Relay to pass e.g. p2p-unfriendly NAT boxes. The ESP relay mode |
396 | * assumes that the HIP relay (in hipd) and ESP relay (in hipfw) are |
397 | * running on the same middlehost in a public network. The responder |
398 | - * has to register to the relay with "hipconf add server full-relay" |
399 | + * has to register to the relay with "hipconf daemon add server full-relay" |
400 | * which operates as defined in <a |
401 | * href="http://tools.ietf.org/html/draft-ietf-hip-nat-traversal"> NAT |
402 | * traversal for HIP</a>. Then the initiator can contact the responder |
403 | @@ -2244,3 +2244,56 @@ |
404 | remove_connection(conn_list->data); |
405 | } |
406 | } |
407 | + |
408 | +/** |
409 | + * Prepare given message with host association info from the tracked connections. |
410 | + * |
411 | + * @param msg The message where the info is written. |
412 | + * @return 0 on success |
413 | + * -1 on error |
414 | + */ |
415 | +int hip_fw_handle_get_ha_info(struct hip_common *msg) |
416 | +{ |
417 | + struct hip_hadb_user_info_state hid = { { { { 0 } } } }; |
418 | + struct slist *iter_conn; |
419 | + struct connection *conn; |
420 | + struct hip_data *data; |
421 | + |
422 | + if (!msg) { |
423 | + HIP_ERROR("Missing message parameter.\n"); |
424 | + return -1; |
425 | + } |
426 | + |
427 | + if (conn_list == NULL) { |
428 | + HIP_DEBUG("No tracked connections to return.\n"); |
429 | + return 0; |
430 | + } |
431 | + |
432 | + hip_msg_init(msg); |
433 | + if (hip_build_user_hdr(msg, HIP_MSG_GET_HA_INFO, 0) < 0) { |
434 | + HIP_ERROR("Failed to build GET_HA_INFO message header.\n"); |
435 | + return -1; |
436 | + } |
437 | + |
438 | + iter_conn = conn_list; |
439 | + while (iter_conn) { |
440 | + conn = iter_conn->data; |
441 | + data = conn->original.hip_tuple->data; |
442 | + |
443 | + // build HA_INFO with info from connection initiator |
444 | + hid.state = conn->state; |
445 | + ipv6_addr_copy(&hid.hit_our, &data->src_hit); |
446 | + ipv6_addr_copy(&hid.hit_peer, &data->dst_hit); |
447 | + hid.nat_udp_port_local = conn->original.src_port; |
448 | + hid.nat_udp_port_peer = conn->original.dst_port; |
449 | + |
450 | + if (hip_build_param_contents(msg, &hid, HIP_PARAM_HA_INFO, sizeof(hid)) < 0) { |
451 | + HIP_ERROR("Failed to build initiator HA_INFO parameter.\n"); |
452 | + return -1; |
453 | + } |
454 | + |
455 | + iter_conn = iter_conn->next; |
456 | + } |
457 | + |
458 | + return 0; |
459 | +} |
460 | |
461 | === modified file 'firewall/conntrack.h' |
462 | --- firewall/conntrack.h 2011-07-18 16:31:37 +0000 |
463 | +++ firewall/conntrack.h 2011-11-08 17:09:18 +0000 |
464 | @@ -63,4 +63,6 @@ |
465 | void hip_fw_conntrack_periodic_cleanup(void); |
466 | void hip_fw_uninit_conntrack(void); |
467 | |
468 | +int hip_fw_handle_get_ha_info(struct hip_common *msg); |
469 | + |
470 | #endif /* HIP_FIREWALL_CONNTRACK_H */ |
471 | |
472 | === modified file 'firewall/firewall.c' |
473 | --- firewall/firewall.c 2011-10-30 11:41:51 +0000 |
474 | +++ firewall/firewall.c 2011-11-08 17:09:18 +0000 |
475 | @@ -1672,7 +1672,7 @@ |
476 | n = recvfrom(hip_fw_async_sock, msg, sizeof(struct hip_common), |
477 | MSG_PEEK, (struct sockaddr *) &sock_addr, &alen); |
478 | if (n < 0) { |
479 | - HIP_ERROR("Error receiving message header from daemon.\n"); |
480 | + HIP_ERROR("Error receiving message header.\n"); |
481 | return -1; |
482 | } |
483 | |
484 | @@ -1701,24 +1701,13 @@ |
485 | (struct sockaddr *) &sock_addr, &alen); |
486 | |
487 | if (n < 0) { |
488 | - HIP_ERROR("Error receiving message parameters from daemon.\n"); |
489 | + HIP_ERROR("Error receiving message parameters.\n"); |
490 | return -1; |
491 | } |
492 | |
493 | HIP_ASSERT(n == len); |
494 | |
495 | - if (ntohs(sock_addr.sin6_port) != HIP_DAEMON_LOCAL_PORT) { |
496 | - int type = hip_get_msg_type(msg); |
497 | - if (type == HIP_MSG_FW_BEX_DONE) { |
498 | - HIP_DEBUG("HIP_MSG_FW_BEX_DONE\n"); |
499 | - HIP_DEBUG("%d == %d\n", ntohs(sock_addr.sin6_port), |
500 | - HIP_DAEMON_LOCAL_PORT); |
501 | - } |
502 | - HIP_DEBUG("Drop, message not from hipd\n"); |
503 | - return -1; |
504 | - } |
505 | - |
506 | - if (hip_handle_msg(msg) < 0) { |
507 | + if (hip_handle_msg(msg, (struct sockaddr *) &sock_addr) < 0) { |
508 | HIP_ERROR("Error handling message\n"); |
509 | return -1; |
510 | } |
511 | @@ -1847,8 +1836,6 @@ |
512 | sock_addr.sin6_addr = in6addr_loopback; |
513 | HIP_IFEL(bind(hip_fw_async_sock, (struct sockaddr *) &sock_addr, sizeof(sock_addr)), -1, |
514 | "Bind on firewall socket addr failed. Give -k option to kill old hipfw\n"); |
515 | - HIP_IFEL(hip_daemon_connect(hip_fw_async_sock), -1, |
516 | - "connecting socket failed\n"); |
517 | |
518 | /* Starting hipfw does not always work when hipfw starts first -miika */ |
519 | if (hip_userspace_ipsec || hip_lsi_support) { |
520 | @@ -1944,7 +1931,7 @@ |
521 | } |
522 | |
523 | if (FD_ISSET(hip_fw_async_sock, &read_fdset)) { |
524 | - HIP_DEBUG("****** Received HIPD message ******\n"); |
525 | + HIP_DEBUG("****** Received user message ******\n"); |
526 | err = fw_handle_hipd_message(msg); |
527 | } |
528 | |
529 | @@ -2009,3 +1996,31 @@ |
530 | |
531 | return &default_lsi; |
532 | } |
533 | + |
534 | +/** |
535 | + * Send a message via the firewall socket for asynchronous messages. |
536 | + * Caller is responsible for setting up the message. |
537 | + * |
538 | + * @param msg The message to be sent. |
539 | + * @param addr The destination address. |
540 | + * |
541 | + * @return 0 on success |
542 | + * -1 on error |
543 | + */ |
544 | +int hip_fw_send_message(const struct hip_common *const msg, |
545 | + const struct sockaddr *const addr) |
546 | +{ |
547 | + uint16_t len; |
548 | + |
549 | + if (msg == NULL || addr == NULL) { |
550 | + HIP_ERROR("Empty message or address.\n"); |
551 | + return -1; |
552 | + } |
553 | + |
554 | + len = hip_get_msg_total_len(msg); |
555 | + if (sendto(hip_fw_async_sock, msg, len, 0, addr, hip_sockaddr_len(addr)) != len) { |
556 | + return -1; |
557 | + } |
558 | + |
559 | + return 0; |
560 | +} |
561 | |
562 | === modified file 'firewall/firewall.h' |
563 | --- firewall/firewall.h 2011-04-05 16:44:22 +0000 |
564 | +++ firewall/firewall.h 2011-11-08 17:09:18 +0000 |
565 | @@ -1,5 +1,5 @@ |
566 | /* |
567 | - * Copyright (c) 2010 Aalto University and RWTH Aachen University. |
568 | + * Copyright (c) 2010-2011 Aalto University and RWTH Aachen University. |
569 | * |
570 | * Permission is hereby granted, free of charge, to any person |
571 | * obtaining a copy of this software and associated documentation |
572 | @@ -55,5 +55,7 @@ |
573 | void hip_fw_uninit_esp_relay(void); |
574 | hip_hit_t *hip_fw_get_default_hit(void); |
575 | hip_lsi_t *hip_fw_get_default_lsi(void); |
576 | +int hip_fw_send_message(const struct hip_common *const msg, |
577 | + const struct sockaddr *const addr); |
578 | |
579 | #endif /* HIP_FIREWALL_FIREWALL_H */ |
580 | |
581 | === modified file 'firewall/firewall_control.c' |
582 | --- firewall/firewall_control.c 2011-10-25 21:14:16 +0000 |
583 | +++ firewall/firewall_control.c 2011-11-08 17:09:18 +0000 |
584 | @@ -42,8 +42,10 @@ |
585 | #include "lib/core/debug.h" |
586 | #include "lib/core/ife.h" |
587 | #include "lib/core/message.h" |
588 | +#include "lib/core/prefix.h" |
589 | #include "lib/core/protodefs.h" |
590 | #include "cache.h" |
591 | +#include "conntrack.h" |
592 | #include "firewall.h" |
593 | #include "user_ipsec_fw_msg.h" |
594 | #include "user_ipsec_sadb.h" |
595 | @@ -91,12 +93,13 @@ |
596 | } |
597 | |
598 | /** |
599 | - * distribute a message from hipd to the respective extension handler |
600 | + * distribute a user message to the respective extension handler |
601 | * |
602 | - * @param msg pointer to the received user message |
603 | + * @param msg pointer to the received user message |
604 | + * @param addr destination address for a reply |
605 | * @return 0 on success, else -1 |
606 | */ |
607 | -int hip_handle_msg(struct hip_common *msg) |
608 | +int hip_handle_msg(struct hip_common *msg, struct sockaddr *addr) |
609 | { |
610 | int type, err = 0; |
611 | struct hip_common *msg_out = NULL; |
612 | @@ -150,12 +153,36 @@ |
613 | HIP_IFEL(hip_send_recv_daemon_info(msg_out, 1, hip_fw_sock), -1, |
614 | "Couldn't notify daemon of firewall presence\n"); |
615 | break; |
616 | + case HIP_MSG_GET_HA_INFO: |
617 | + HIP_IFEL(hip_fw_handle_get_ha_info(msg), -1, |
618 | + "Could not handle GET_HA message.\n"); |
619 | + HIP_IFEL(hip_fw_send_message(msg, addr), -1, |
620 | + "Could not send HA reply.\n"); |
621 | + break; |
622 | default: |
623 | HIP_ERROR("Unhandled message type %d\n", type); |
624 | err = -1; |
625 | break; |
626 | } |
627 | + |
628 | out_err: |
629 | + if (hip_get_msg_response(msg)) { |
630 | + HIP_DEBUG("Send response\n"); |
631 | + if (err) { |
632 | + hip_hdr msg_type = hip_get_msg_type(msg); |
633 | + hip_msg_init(msg); |
634 | + hip_build_user_hdr(msg, msg_type, 0); |
635 | + hip_set_msg_err(msg, 1); |
636 | + } |
637 | + HIP_DEBUG("Sending message (type=%d) response\n", |
638 | + hip_get_msg_type(msg)); |
639 | + if (hip_fw_send_message(msg, addr) == -1) { |
640 | + err = -1; |
641 | + } else { |
642 | + HIP_DEBUG("Response sent ok\n"); |
643 | + } |
644 | + } |
645 | + |
646 | free(msg_out); |
647 | return err; |
648 | } |
649 | |
650 | === modified file 'firewall/firewall_control.h' |
651 | --- firewall/firewall_control.h 2010-10-15 15:29:14 +0000 |
652 | +++ firewall/firewall_control.h 2011-11-08 17:09:18 +0000 |
653 | @@ -1,5 +1,5 @@ |
654 | /* |
655 | - * Copyright (c) 2010 Aalto University and RWTH Aachen University. |
656 | + * Copyright (c) 2010-2011 Aalto University and RWTH Aachen University. |
657 | * |
658 | * Permission is hereby granted, free of charge, to any person |
659 | * obtaining a copy of this software and associated documentation |
660 | @@ -28,6 +28,6 @@ |
661 | |
662 | #include "lib/core/protodefs.h" |
663 | |
664 | -int hip_handle_msg(struct hip_common *msg); |
665 | +int hip_handle_msg(struct hip_common *msg, struct sockaddr *addr); |
666 | |
667 | #endif /* HIP_FIREWALL_FIREWALL_CONTROL_H */ |
668 | |
669 | === modified file 'hipd/init.c' |
670 | --- hipd/init.c 2011-11-03 09:21:12 +0000 |
671 | +++ hipd/init.c 2011-11-08 17:09:18 +0000 |
672 | @@ -164,7 +164,7 @@ |
673 | } |
674 | |
675 | #define HIPL_CONFIG_FILE_EX \ |
676 | - "# Format of this file is as with hipconf, but without hipconf prefix\n\ |
677 | + "# Format of this file is as with hipconf, but without \"hipconf daemon\" prefix\n\ |
678 | # add hi default # add all four HITs (see bug id 592127)\n\ |
679 | # add map HIT IP # preload some HIT-to-IP mappings to hipd\n\ |
680 | # add service rvs # the host acts as HIP rendezvous (see also HIPL_SYSCONFDIR/relay_config)\n\ |
681 | @@ -549,7 +549,7 @@ |
682 | /* Three steps because multiple large keys will not fit in the same message */ |
683 | |
684 | /* DSA keys and RSA anonymous are not loaded by default until bug id |
685 | - * 592127 is properly solved. Run hipconf add hi default if you want to |
686 | + * 592127 is properly solved. Run hipconf daemon add hi default if you want to |
687 | * enable non-default HITs. */ |
688 | |
689 | /* rsa pub */ |
690 | |
691 | === modified file 'hipd/nat.c' |
692 | --- hipd/nat.c 2011-10-25 21:14:16 +0000 |
693 | +++ hipd/nat.c 2011-11-08 17:09:18 +0000 |
694 | @@ -209,7 +209,7 @@ |
695 | * |
696 | * @return zero on success, or negative error value on error. |
697 | * @todo Extend this to handle peer_hit case for |
698 | - * <code>"hipconf hip nat peer_hit"</code> This would be helpful in |
699 | + * <code>"hipconf daemon hip nat peer_hit"</code> This would be helpful in |
700 | * multihoming case. |
701 | */ |
702 | int hip_user_nat_mode(int nat_mode) |
703 | |
704 | === modified file 'hipd/registration.c' |
705 | --- hipd/registration.c 2011-10-25 21:44:47 +0000 |
706 | +++ hipd/registration.c 2011-11-08 17:09:18 +0000 |
707 | @@ -1574,7 +1574,7 @@ |
708 | } |
709 | |
710 | /* Workaround for registration when a mapping already pre-exists |
711 | - * (inserted e.g. with "hipconf add map"). This can be removed |
712 | + * (inserted e.g. with "hipconf daemon add map"). This can be removed |
713 | * after bug id 592135 is resolved. */ |
714 | if (entry->state != HIP_STATE_NONE || HIP_STATE_UNASSOCIATED) { |
715 | struct hip_common *msg2 = calloc(HIP_MAX_PACKET, 1); |
716 | |
717 | === modified file 'lib/core/conf.c' |
718 | --- lib/core/conf.c 2011-11-08 14:19:35 +0000 |
719 | +++ lib/core/conf.c 2011-11-08 17:09:18 +0000 |
720 | @@ -77,9 +77,9 @@ |
721 | |
722 | /** |
723 | * hipconf tool actions. These are numerical values for the first commandline |
724 | - * argument. For example in "tools/hipconf get hi default" -command "get" |
725 | - * is the action. If you want a new action named as 'NEWACT', define a |
726 | - * constant variable which has value between 0 and ACTION_MAX. |
727 | + * argument. For example in "tools/hipconf daemon get hi default" |
728 | + * -command "get" is the action. If you want a new action named as 'NEWACT', |
729 | + * define a constant variable which has value between 0 and ACTION_MAX. |
730 | * Probably you also need to increase the value of ACTION_MAX. |
731 | * @see conf_get_action() |
732 | */ |
733 | @@ -181,6 +181,11 @@ |
734 | /* #define TYPE_RELAY 22 */ |
735 | |
736 | /** |
737 | + * The daemon process to be configured by the conf command. |
738 | + */ |
739 | +static enum daemon_name { HIP_DAEMON, HIP_FIREWALL, UNKNOWN_KEYWORD } daemon_name; |
740 | + |
741 | +/** |
742 | * A help string containing the usage of @c hipconf and also |
743 | * @c HIPL_SYSCONFDIR/hipd_config. |
744 | * |
745 | @@ -188,6 +193,9 @@ |
746 | * for the action. |
747 | */ |
748 | static const char *hipconf_usage = |
749 | + HIPCONF_HIPD_KEYWORD |
750 | + " <command>\n\n" |
751 | + "HIP daemon commands:\n" |
752 | "add map <hit> <ip> [lsi]\n" |
753 | "get map <hit | lsi>\n" |
754 | "del hi <hit> | all\n" |
755 | @@ -226,6 +234,51 @@ |
756 | ; |
757 | |
758 | /** |
759 | + * A help string containing the usage of @c hipfwconf. |
760 | + * |
761 | + * @note If you added a new action, do not forget to add a brief usage below |
762 | + * for the action. |
763 | + */ |
764 | +static const char *hipfwconf_usage = |
765 | + HIPCONF_HIPFW_KEYWORD |
766 | + " <command>\n\n" |
767 | + "HIP firewall commands:\n" |
768 | + "get ha <hit> | all\n"; |
769 | + |
770 | +/** |
771 | + * Send a message to hipd or hipfw and optionally receive an answer. |
772 | + * |
773 | + * @param msg The message to be sent. The respective answer will be stored |
774 | + * here as well. |
775 | + * @param send_only 1 if no response from hipd should be requested. |
776 | + * 0 if it should block until a response from hipd is received. |
777 | + * This option has no effect when sending messages to hipfw. |
778 | + * |
779 | + * @return 0 on success |
780 | + * -1 on error |
781 | + */ |
782 | +static int send_receive_message(struct hip_common *msg, |
783 | + const int send_only) |
784 | +{ |
785 | + if (daemon_name == HIP_DAEMON) { |
786 | + if (hip_send_recv_daemon_info(msg, send_only, 0)) { |
787 | + HIP_ERROR("Failed to send user message to the HIP daemon.\n"); |
788 | + return -1; |
789 | + } |
790 | + } else if (daemon_name == HIP_FIREWALL) { |
791 | + if (hip_send_recv_firewall_info(msg)) { |
792 | + HIP_ERROR("Failed to send user message to the HIP firewall.\n"); |
793 | + return -1; |
794 | + } |
795 | + } else { |
796 | + HIP_ERROR("Destination daemon process unknown.\n"); |
797 | + return -1; |
798 | + } |
799 | + |
800 | + return 0; |
801 | +} |
802 | + |
803 | +/** |
804 | * Query hipd for the HITs of the local host |
805 | * |
806 | * @param msg input/output message for the query/response for hipd |
807 | @@ -510,6 +563,25 @@ |
808 | /* Non-static functions -> global scope */ |
809 | |
810 | /** |
811 | + * Map daemon / firewall keyword to its respective enum. |
812 | + * |
813 | + * @param argv an array of strings (command line args to hipconf) |
814 | + * @return HIP_DAEMON in case of hipd keyword |
815 | + * HIP_FIREWALL in case of hipfw keyword |
816 | + * UNKNOWN_KEYWORD else |
817 | + */ |
818 | +static enum daemon_name conf_get_process(const char *const argv[]) |
819 | +{ |
820 | + if (!strcmp(HIPCONF_HIPD_KEYWORD, argv[1])) { |
821 | + return HIP_DAEMON; |
822 | + } else if (!strcmp(HIPCONF_HIPFW_KEYWORD, argv[1])) { |
823 | + return HIP_FIREWALL; |
824 | + } |
825 | + |
826 | + return UNKNOWN_KEYWORD; |
827 | +} |
828 | + |
829 | +/** |
830 | * Map a symbolic hipconf action (=add/del) into a number |
831 | * |
832 | * @param argv an array of strings (command line args to hipconf) |
833 | @@ -526,61 +598,61 @@ |
834 | { |
835 | int ret = -1; |
836 | |
837 | - if (!strcmp("add", argv[1])) { |
838 | + if (!strcmp("add", argv[2])) { |
839 | ret = ACTION_ADD; |
840 | - } else if (!strcmp("del", argv[1])) { |
841 | + } else if (!strcmp("del", argv[2])) { |
842 | ret = ACTION_DEL; |
843 | - } else if (!strcmp("new", argv[1])) { |
844 | + } else if (!strcmp("new", argv[2])) { |
845 | ret = ACTION_NEW; |
846 | - } else if (!strcmp("get", argv[1])) { |
847 | + } else if (!strcmp("get", argv[2])) { |
848 | ret = ACTION_GET; |
849 | - } else if (!strcmp("set", argv[1])) { |
850 | + } else if (!strcmp("set", argv[2])) { |
851 | ret = ACTION_SET; |
852 | - } else if (!strcmp("inc", argv[1])) { |
853 | + } else if (!strcmp("inc", argv[2])) { |
854 | ret = ACTION_INC; |
855 | - } else if (!strcmp("dec", argv[1])) { |
856 | + } else if (!strcmp("dec", argv[2])) { |
857 | ret = ACTION_DEC; |
858 | - } else if (!strcmp("rst", argv[1])) { |
859 | + } else if (!strcmp("rst", argv[2])) { |
860 | ret = ACTION_RST; |
861 | - } else if (!strcmp("run", argv[1])) { |
862 | + } else if (!strcmp("run", argv[2])) { |
863 | ret = ACTION_RUN; |
864 | - } else if (!strcmp("load", argv[1])) { |
865 | + } else if (!strcmp("load", argv[2])) { |
866 | ret = ACTION_LOAD; |
867 | - } else if (!strcmp("heartbeat", argv[1])) { |
868 | + } else if (!strcmp("heartbeat", argv[2])) { |
869 | ret = ACTION_HEARTBEAT; |
870 | - } else if (!strcmp("locator", argv[1])) { |
871 | + } else if (!strcmp("locator", argv[2])) { |
872 | ret = ACTION_LOCATOR; |
873 | - } else if (!strcmp("debug", argv[1])) { |
874 | + } else if (!strcmp("debug", argv[2])) { |
875 | ret = ACTION_DEBUG; |
876 | - } else if (!strcmp("transform", argv[1])) { |
877 | + } else if (!strcmp("transform", argv[2])) { |
878 | ret = ACTION_TRANSORDER; |
879 | - } else if (!strcmp("reinit", argv[1])) { |
880 | + } else if (!strcmp("reinit", argv[2])) { |
881 | ret = ACTION_REINIT; |
882 | - } else if (!strcmp("manual-update", argv[1])) { |
883 | + } else if (!strcmp("manual-update", argv[2])) { |
884 | ret = ACTION_MANUAL_UPDATE; |
885 | - } else if (!strcmp("hit-to-lsi", argv[1])) { |
886 | + } else if (!strcmp("hit-to-lsi", argv[2])) { |
887 | ret = ACTION_HIT_TO_LSI; |
888 | - } else if (!strcmp("nsupdate", argv[1])) { |
889 | + } else if (!strcmp("nsupdate", argv[2])) { |
890 | ret = ACTION_NSUPDATE; |
891 | - } else if (!strcmp("hit-to-ip-set", argv[1])) { |
892 | + } else if (!strcmp("hit-to-ip-set", argv[2])) { |
893 | ret = ACTION_HIT_TO_IP_SET; |
894 | - } else if (!strcmp("hit-to-ip", argv[1])) { |
895 | + } else if (!strcmp("hit-to-ip", argv[2])) { |
896 | ret = ACTION_HIT_TO_IP; |
897 | - } else if (!strcmp("shotgun", argv[1])) { |
898 | + } else if (!strcmp("shotgun", argv[2])) { |
899 | ret = ACTION_SHOTGUN; |
900 | - } else if (!strcmp("lsi-to-hit", argv[1])) { |
901 | + } else if (!strcmp("lsi-to-hit", argv[2])) { |
902 | ret = ACTION_LSI_TO_HIT; |
903 | - } else if (!strcmp("nat", argv[1])) { |
904 | - if (!strcmp("port", argv[2])) { |
905 | - if (!strcmp("local", argv[3])) { |
906 | + } else if (!strcmp("nat", argv[2])) { |
907 | + if (!strcmp("port", argv[3])) { |
908 | + if (!strcmp("local", argv[4])) { |
909 | ret = ACTION_NAT_LOCAL_PORT; |
910 | - } else if (!strcmp("peer", argv[3])) { |
911 | + } else if (!strcmp("peer", argv[4])) { |
912 | ret = ACTION_NAT_PEER_PORT; |
913 | } |
914 | } else { |
915 | ret = ACTION_NAT; |
916 | } |
917 | - } else if (!strcmp("broadcast", argv[1])) { |
918 | + } else if (!strcmp("broadcast", argv[2])) { |
919 | ret = ACTION_BROADCAST; |
920 | } |
921 | |
922 | @@ -670,45 +742,45 @@ |
923 | ret = TYPE_HA; |
924 | } else if (!strcmp("shotgun", text)) { |
925 | ret = TYPE_SHOTGUN; |
926 | - } else if ((!strcmp("all", text)) && (strcmp("rst", argv[1]) == 0)) { |
927 | - ret = TYPE_RST; |
928 | - } else if ((!strcmp("peer_hit", text)) && (strcmp("rst", argv[1]) == 0)) { |
929 | - ret = TYPE_RST; |
930 | - } else if (strcmp("nat", argv[1]) == 0) { |
931 | - if (argv[2] && strcmp("port", argv[2]) == 0) { |
932 | - if (argv[3] && strcmp("local", argv[3]) == 0) { |
933 | + } else if ((!strcmp("all", text)) && (strcmp("rst", argv[2]) == 0)) { |
934 | + ret = TYPE_RST; |
935 | + } else if ((!strcmp("peer_hit", text)) && (strcmp("rst", argv[2]) == 0)) { |
936 | + ret = TYPE_RST; |
937 | + } else if (strcmp("nat", argv[2]) == 0) { |
938 | + if (argv[3] && strcmp("port", argv[3]) == 0) { |
939 | + if (argv[4] && strcmp("local", argv[4]) == 0) { |
940 | ret = TYPE_NAT_LOCAL_PORT; |
941 | - } else if (argv[3] && strcmp("peer", argv[3]) == 0) { |
942 | + } else if (argv[4] && strcmp("peer", argv[4]) == 0) { |
943 | ret = TYPE_NAT_PEER_PORT; |
944 | } |
945 | } else { |
946 | ret = TYPE_NAT; |
947 | } |
948 | - } else if (strcmp("locator", argv[1]) == 0) { |
949 | + } else if (strcmp("locator", argv[2]) == 0) { |
950 | ret = TYPE_LOCATOR; |
951 | } else if (!strcmp("debug", text)) { |
952 | ret = TYPE_DEBUG; |
953 | } else if (!strcmp("order", text)) { |
954 | ret = TYPE_ORDER; |
955 | - } else if (strcmp("heartbeat", argv[1]) == 0) { |
956 | + } else if (strcmp("heartbeat", argv[2]) == 0) { |
957 | ret = TYPE_HEARTBEAT; |
958 | } else if (!strcmp("ttl", text)) { |
959 | ret = TYPE_TTL; |
960 | } else if (!strcmp("config", text)) { |
961 | ret = TYPE_CONFIG; |
962 | - } else if (strcmp("manual-update", argv[1]) == 0) { |
963 | + } else if (strcmp("manual-update", argv[2]) == 0) { |
964 | ret = TYPE_MANUAL_UPDATE; |
965 | - } else if (strcmp("hit-to-lsi", argv[1]) == 0) { |
966 | + } else if (strcmp("hit-to-lsi", argv[2]) == 0) { |
967 | ret = TYPE_HIT_TO_LSI; |
968 | - } else if (strcmp("nsupdate", argv[1]) == 0) { |
969 | + } else if (strcmp("nsupdate", argv[2]) == 0) { |
970 | ret = TYPE_NSUPDATE; |
971 | - } else if (strcmp("hit-to-ip-set", argv[1]) == 0) { |
972 | + } else if (strcmp("hit-to-ip-set", argv[2]) == 0) { |
973 | ret = TYPE_HIT_TO_IP_SET; |
974 | - } else if (strcmp("hit-to-ip", argv[1]) == 0) { |
975 | + } else if (strcmp("hit-to-ip", argv[2]) == 0) { |
976 | ret = TYPE_HIT_TO_IP; |
977 | - } else if (strcmp("lsi-to-hit", argv[1]) == 0) { |
978 | + } else if (strcmp("lsi-to-hit", argv[2]) == 0) { |
979 | ret = TYPE_LSI_TO_HIT; |
980 | - } else if (strcmp("broadcast", argv[1]) == 0) { |
981 | + } else if (strcmp("broadcast", argv[2]) == 0) { |
982 | ret = TYPE_BROADCAST; |
983 | } else { |
984 | HIP_DEBUG("ERROR: NO MATCHES FOUND \n"); |
985 | @@ -725,7 +797,7 @@ |
986 | * here in the switch(action) block. |
987 | * @param action integer value for an action |
988 | * @return an index for argv[], which indicates the type argument. |
989 | - * Usually either 1 or 2. |
990 | + * Usually either 2 or 3. |
991 | */ |
992 | static int conf_get_type_arg(int action) |
993 | { |
994 | @@ -753,15 +825,15 @@ |
995 | case ACTION_HIT_TO_IP: |
996 | case ACTION_HIT_TO_IP_SET: |
997 | case ACTION_BROADCAST: |
998 | + type_arg = 3; |
999 | + break; |
1000 | + case ACTION_MANUAL_UPDATE: |
1001 | + case ACTION_HIT_TO_LSI: |
1002 | + case ACTION_LSI_TO_HIT: |
1003 | + case ACTION_DEBUG: |
1004 | + case ACTION_SHOTGUN: |
1005 | type_arg = 2; |
1006 | break; |
1007 | - case ACTION_MANUAL_UPDATE: |
1008 | - case ACTION_HIT_TO_LSI: |
1009 | - case ACTION_LSI_TO_HIT: |
1010 | - case ACTION_DEBUG: |
1011 | - case ACTION_SHOTGUN: |
1012 | - type_arg = 1; |
1013 | - break; |
1014 | default: |
1015 | break; |
1016 | } |
1017 | @@ -816,9 +888,9 @@ |
1018 | * Handles the hipconf commands where the type is @c server. Creates a user |
1019 | * message from the function parameters @c msg, @c action and @c opt[]. The |
1020 | * command line that this function parses is of type: |
1021 | - * <code>tools/hipconf <b>add</b> server <SERVICES> <SERVER HIT> |
1022 | + * <code>tools/hipconf daemon <b>add</b> server <SERVICES> <SERVER HIT> |
1023 | * <SERVER IP ADDRESS> <LIFETIME></code> or |
1024 | - * <code>tools/hipconf <b>del</b> server <SERVICES> <SERVER HIT> |
1025 | + * <code>tools/hipconf daemon <b>del</b> server <SERVICES> <SERVER HIT> |
1026 | * <SERVER IP ADDRESS></code>, where <code><SERVICES></code> is a list of |
1027 | * the services to which we want to register or cancel or registration. The |
1028 | * list can consist of any number of the strings @c rvs, @c relay, |
1029 | @@ -1999,9 +2071,9 @@ |
1030 | } |
1031 | |
1032 | /** |
1033 | - * Handle e.g. "hipconf run normal firefox". Enables HIP support |
1034 | - * for the given application using LD_PRELOAD. This means that |
1035 | - * all getaddrinfo() calls go through the modified libinet6 library. |
1036 | + * Handle e.g. "hipconf daemon run normal firefox". |
1037 | + * Enables HIP support for the given application using LD_PRELOAD. This means |
1038 | + * that all getaddrinfo() calls go through the modified libinet6 library. |
1039 | * This function is depracated. |
1040 | * |
1041 | * @param msg input/output message for the query/response for hipd |
1042 | @@ -2045,10 +2117,10 @@ |
1043 | HIP_IFEL(optc > 1, -1, "Too many arguments\n"); |
1044 | |
1045 | HIP_IFEL(hip_build_user_hdr(msg, HIP_MSG_GET_HA_INFO, 0), -1, |
1046 | - "Building of daemon header failed\n"); |
1047 | + "Building of user msg header failed\n"); |
1048 | |
1049 | - HIP_IFEL(hip_send_recv_daemon_info(msg, send_only, 0), -1, |
1050 | - "send recv daemon info\n"); |
1051 | + HIP_IFEL(send_receive_message(msg, send_only), -1, |
1052 | + "send recv info\n"); |
1053 | |
1054 | while ((current_param = hip_get_next_param(msg, current_param))) { |
1055 | ha = hip_get_param_contents_direct(current_param); |
1056 | @@ -2316,8 +2388,9 @@ |
1057 | *comment = '\0'; |
1058 | } |
1059 | |
1060 | - /* prefix the contents of the line with" hipconf" */ |
1061 | - res_len = sprintf(str, "hipconf %s", c); |
1062 | + /* prefix the contents of the line with" hipconf HIPCONF_HIPD_KEYWORD" |
1063 | + * Only hipd parses config files as hipconf commands, hardcode it as target */ |
1064 | + res_len = sprintf(str, "hipconf %s %s", HIPCONF_HIPD_KEYWORD, c); |
1065 | if (str[res_len] == '\n') { |
1066 | str[res_len] = '\0'; |
1067 | } |
1068 | @@ -2330,7 +2403,6 @@ |
1069 | args[i++] = token; |
1070 | token = strtok(NULL, " \t"); |
1071 | } |
1072 | - |
1073 | err = hip_do_hipconf(i, args, 1); |
1074 | if (err) { |
1075 | HIP_ERROR("Error on the following line: %s\n", line); |
1076 | @@ -2454,9 +2526,18 @@ |
1077 | struct hip_common *msg = NULL; |
1078 | |
1079 | /* Check that we have at least one command line argument. */ |
1080 | - if (argc < 2) { |
1081 | - HIP_ERROR("Invalid arguments.\n\n%s usage:\n%s\n", |
1082 | - argv[0], hipconf_usage); |
1083 | + if (argc < 3) { |
1084 | + HIP_ERROR("Invalid arguments.\nUsage to communicate with HIP daemon:\n %s %s\n" |
1085 | + "\nUsage to communicate with HIP firewall:\n %s %s\n", |
1086 | + argv[0], hipconf_usage, argv[0], hipfwconf_usage); |
1087 | + return -1; |
1088 | + } |
1089 | + |
1090 | + /* set context for this conf command */ |
1091 | + daemon_name = conf_get_process(argv); |
1092 | + if (daemon_name == UNKNOWN_KEYWORD) { |
1093 | + HIP_ERROR("Invalid target process argument '%s'. Expected '%s' or '%s'.\n", |
1094 | + argv[1], HIPCONF_HIPD_KEYWORD, HIPCONF_HIPFW_KEYWORD); |
1095 | return -1; |
1096 | } |
1097 | |
1098 | @@ -2464,14 +2545,14 @@ |
1099 | action = conf_get_action(argv); |
1100 | |
1101 | if (action == -1) { |
1102 | - HIP_ERROR("Invalid action argument '%s'\n", argv[1]); |
1103 | + HIP_ERROR("Invalid action argument '%s'\n", argv[2]); |
1104 | return -1; |
1105 | } |
1106 | |
1107 | /* Check that we have at least the minimum number of arguments |
1108 | * for the given action. */ |
1109 | - if (argc < conf_check_action_argc(action) + 2) { |
1110 | - HIP_ERROR("Not enough arguments given for the action '%s'\n", argv[1]); |
1111 | + if (argc < conf_check_action_argc(action) + 3) { |
1112 | + HIP_ERROR("Not enough arguments given for the action '%s'\n", argv[2]); |
1113 | return -1; |
1114 | } |
1115 | |
1116 | @@ -2499,25 +2580,23 @@ |
1117 | /* Call handler function from the handler function pointer |
1118 | * array at index "type" with given commandline arguments. |
1119 | * The functions build a hip_common message. */ |
1120 | - if (argc == 3) { |
1121 | - err = (*action_handler[type])(msg, action, &argv[2], argc - 3, send_only); |
1122 | + if (argc == 4) { |
1123 | + err = (*action_handler[type])(msg, action, &argv[3], argc - 4, send_only); |
1124 | } else { |
1125 | - err = (*action_handler[type])(msg, action, &argv[3], argc - 3, send_only); |
1126 | + err = (*action_handler[type])(msg, action, &argv[4], argc - 4, send_only); |
1127 | } |
1128 | |
1129 | if (err != 0) { |
1130 | - HIP_ERROR("Failed to send a message to the HIP daemon.\n"); |
1131 | + HIP_ERROR("Failed to send user message.\n"); |
1132 | goto out_err; |
1133 | } |
1134 | |
1135 | - /* hipconf new hi does not involve any messages to hipd */ |
1136 | + /* hipconf daemon new hi does not involve any messages to hipd */ |
1137 | if (hip_get_msg_type(msg) == 0) { |
1138 | goto out_err; |
1139 | } |
1140 | |
1141 | - /* Send message to hipd */ |
1142 | - HIP_IFEL(hip_send_recv_daemon_info(msg, send_only, 0), -1, |
1143 | - "Failed to send user message to the HIP daemon.\n"); |
1144 | + send_receive_message(msg, send_only); |
1145 | |
1146 | HIP_INFO("User message was sent successfully to the HIP daemon.\n"); |
1147 | |
1148 | @@ -2525,7 +2604,8 @@ |
1149 | free(msg); |
1150 | |
1151 | if (err) { |
1152 | - HIP_ERROR("(Check syntax for hipconf. Is hipd running or root privilege needed?)\n"); |
1153 | + HIP_ERROR("(Check syntax for hipconf. Is the daemon running or root" |
1154 | + " privilege needed?)\n"); |
1155 | } |
1156 | |
1157 | return err; |
1158 | |
1159 | === modified file 'lib/core/conf.h' |
1160 | --- lib/core/conf.h 2011-08-15 14:11:56 +0000 |
1161 | +++ lib/core/conf.h 2011-11-08 17:09:18 +0000 |
1162 | @@ -54,6 +54,10 @@ |
1163 | #define ACTION_ADD 1 |
1164 | #define ACTION_NEW 3 |
1165 | |
1166 | +/* keywords used to identify hipd / hipfw as target of hipconf command */ |
1167 | +#define HIPCONF_HIPD_KEYWORD "daemon" |
1168 | +#define HIPCONF_HIPFW_KEYWORD "firewall" |
1169 | + |
1170 | int hip_handle_exec_app(int fork, int type, int argc, |
1171 | const char *const argv[]); |
1172 | int hip_do_hipconf(int argc, const char *argv[], int send_only); |
1173 | |
1174 | === modified file 'lib/core/hostid.c' |
1175 | --- lib/core/hostid.c 2011-10-25 21:14:16 +0000 |
1176 | +++ lib/core/hostid.c 2011-11-08 17:09:18 +0000 |
1177 | @@ -710,7 +710,7 @@ |
1178 | |
1179 | switch (action) { |
1180 | case ACTION_NEW: |
1181 | - /* Default directory is created only in "hipconf new default hi" */ |
1182 | + /* Default directory is created only in "hipconf daemon new default hi" */ |
1183 | if (use_default) { |
1184 | if ((err = check_and_create_dir(HIPL_SYSCONFDIR, |
1185 | HIP_DIR_MODE))) { |
1186 | |
1187 | === modified file 'lib/core/message.c' |
1188 | --- lib/core/message.c 2011-10-25 21:44:47 +0000 |
1189 | +++ lib/core/message.c 2011-11-08 17:09:18 +0000 |
1190 | @@ -40,7 +40,7 @@ |
1191 | * hence the message does not block. |
1192 | * |
1193 | * Use the synchronous message interface only when you expect the |
1194 | - * request message to be completed immediately. For example, "hipconf |
1195 | + * request message to be completed immediately. For example, "hipconf daemon |
1196 | * get ha all" was safe to be implemented with synchronous messaging |
1197 | * because hipd can process the request immediately. |
1198 | * |
1199 | @@ -86,6 +86,7 @@ |
1200 | #include <sys/time.h> |
1201 | #include <sys/types.h> |
1202 | |
1203 | +#include "lib/core/conf.h" |
1204 | #include "lib/tool/nlink.h" |
1205 | #include "builder.h" |
1206 | #include "common.h" |
1207 | @@ -144,7 +145,7 @@ |
1208 | } while (timeout_left > 0 && errno == EAGAIN && bytes < 0); |
1209 | |
1210 | if (bytes < 0) { |
1211 | - HIP_ERROR("recv() peek error (is hipd running?)\n"); |
1212 | + HIP_ERROR("recv() peek error (is the daemon running?)\n"); |
1213 | err = -EAGAIN; |
1214 | goto out_err; |
1215 | } else if (bytes < hdr_size) { |
1216 | @@ -178,6 +179,30 @@ |
1217 | } |
1218 | |
1219 | /** |
1220 | + * Connect a socket to the loopback address of hipd or hipfw. |
1221 | + * |
1222 | + * @param hip_user_sock The socket to connect. |
1223 | + * @param port The port to connect. |
1224 | + * @return zero on success and negative on failure |
1225 | + * @note currently only SOCK_DGRAM and AF_INET6 are supported |
1226 | + */ |
1227 | +static int hip_connect(int hip_user_sock, int port) |
1228 | +{ |
1229 | + struct sockaddr_in6 addr = { 0 }; |
1230 | + |
1231 | + addr.sin6_family = AF_INET6; |
1232 | + addr.sin6_port = htons(port); |
1233 | + addr.sin6_addr = in6addr_loopback; |
1234 | + |
1235 | + if (connect(hip_user_sock, (struct sockaddr *) &addr, sizeof(addr))) { |
1236 | + HIP_ERROR("connection failed: %s\n", strerror(errno)); |
1237 | + return -1; |
1238 | + } |
1239 | + |
1240 | + return 0; |
1241 | +} |
1242 | + |
1243 | +/** |
1244 | * Connect a socket to the loop back address of hipd |
1245 | * |
1246 | * @param hip_user_sock The socket to connect. Currently only SOCK_DGRAM |
1247 | @@ -187,21 +212,7 @@ |
1248 | */ |
1249 | int hip_daemon_connect(int hip_user_sock) |
1250 | { |
1251 | - int err = 0; |
1252 | - struct sockaddr_in6 daemon_addr = { 0 }; |
1253 | - // We're using system call here add thus resetting errno. |
1254 | - errno = 0; |
1255 | - |
1256 | - daemon_addr.sin6_family = AF_INET6; |
1257 | - daemon_addr.sin6_port = htons(HIP_DAEMON_LOCAL_PORT); |
1258 | - daemon_addr.sin6_addr = in6addr_loopback; |
1259 | - |
1260 | - HIP_IFEL(connect(hip_user_sock, (struct sockaddr *) &daemon_addr, |
1261 | - sizeof(daemon_addr)), -1, "connection to daemon failed\n"); |
1262 | - |
1263 | -out_err: |
1264 | - |
1265 | - return err; |
1266 | + return hip_connect(hip_user_sock, HIP_DAEMON_LOCAL_PORT); |
1267 | } |
1268 | |
1269 | /** |
1270 | @@ -211,7 +222,7 @@ |
1271 | * obtain a port number below 1024. In UNIX/Linux this means that the |
1272 | * process has superuser privileges. Hipd uses the port number to |
1273 | * verify if the caller has sufficient privileges to execute |
1274 | - * e.g. "hipconf rst all". The function falls back to non-privileged |
1275 | + * e.g. "hipconf daemon rst all". The function falls back to non-privileged |
1276 | * ports if it fails to obtain a privileged port and then hipd allows |
1277 | * only certain operations for the calling process. |
1278 | * |
1279 | @@ -319,23 +330,30 @@ |
1280 | #define EHIP 500 |
1281 | |
1282 | /** |
1283 | - * Send and receive data with hipd. Do not call this function directly, use |
1284 | - * hip_send_recv_daemon_info instead! |
1285 | + * Send and receive data with hipd or hipfw. Do not call this function directly, |
1286 | + * use hip_send_recv_daemon_info or hip_send_recv_firewall_info instead! |
1287 | * |
1288 | - * @param msg the message to send to hipd |
1289 | + * @param msg The message to send to hipd or hipfw |
1290 | * @param opt_socket Optional socket to use for the message exchange. When |
1291 | * set to zero, the function creates a temporary socket |
1292 | * and closes it after the transaction is completed. |
1293 | + * @param port The port to send the message to. |
1294 | * @return zero on success and negative on failure |
1295 | * @note currently only SOCK_DGRAM and AF_INET6 are supported |
1296 | */ |
1297 | -static int send_recv_daemon_info_internal(struct hip_common *msg, |
1298 | - int opt_socket) |
1299 | +static int send_recv_info_internal(struct hip_common *msg, int opt_socket, int port) |
1300 | { |
1301 | int hip_user_sock = 0, err = 0, n = 0, len = 0; |
1302 | struct sockaddr_in6 addr = { 0 }; |
1303 | uint8_t msg_type_old, msg_type_new; |
1304 | + const char *receiver; |
1305 | |
1306 | + /* determine receiver to print correct debug / error messages */ |
1307 | + if (port == HIP_FIREWALL_PORT) { |
1308 | + receiver = HIPCONF_HIPFW_KEYWORD; |
1309 | + } else { |
1310 | + receiver = HIPCONF_HIPD_KEYWORD; |
1311 | + } |
1312 | msg_type_old = hip_get_msg_type(msg); |
1313 | |
1314 | // We're using system call here and thus resetting errno. |
1315 | @@ -354,9 +372,9 @@ |
1316 | HIP_IFEL(daemon_bind_socket(hip_user_sock, |
1317 | (struct sockaddr *) &addr), -1, |
1318 | "bind failed\n"); |
1319 | - /* Connect to hipd. Otherwise e.g. "hipconf get ha all" |
1320 | + /* Connect to hipd or hipfw. Otherwise e.g. "hipconf daemon get ha all" |
1321 | * blocks when hipd is not running. */ |
1322 | - HIP_IFEL(hip_daemon_connect(hip_user_sock), -1, |
1323 | + HIP_IFEL(hip_connect(hip_user_sock, port), -1, |
1324 | "connect failed\n"); |
1325 | } |
1326 | |
1327 | @@ -368,14 +386,18 @@ |
1328 | /* Require a response from hipd */ |
1329 | hip_set_msg_response(msg, 1); |
1330 | |
1331 | - n = sendto_hipd(hip_user_sock, msg, len); |
1332 | + if (port == HIP_FIREWALL_PORT) { |
1333 | + n = send(hip_user_sock, msg, len, 0); |
1334 | + } else { |
1335 | + n = sendto_hipd(hip_user_sock, msg, len); |
1336 | + } |
1337 | if (n < len) { |
1338 | - HIP_ERROR("Could not send message to daemon.\n"); |
1339 | + HIP_ERROR("Could not send message to %s.\n", receiver); |
1340 | err = -ECOMM; |
1341 | goto out_err; |
1342 | } |
1343 | |
1344 | - HIP_DEBUG("Waiting to receive daemon info.\n"); |
1345 | + HIP_DEBUG("Waiting to receive %s info.\n", receiver); |
1346 | |
1347 | if ((len = peek_recv_total_len(hip_user_sock, 0, HIP_DEFAULT_MSG_TIMEOUT)) < 0) { |
1348 | err = len; |
1349 | @@ -390,14 +412,14 @@ |
1350 | "Message sync problem. Expected %d, got %d\n", |
1351 | msg_type_old, msg_type_new); |
1352 | |
1353 | - HIP_DEBUG("%d bytes received from HIP daemon\n", n); |
1354 | + HIP_DEBUG("%d bytes received from HIP %s.\n", n, receiver); |
1355 | |
1356 | if (n == 0) { |
1357 | - HIP_INFO("The HIP daemon has performed an orderly shutdown.\n"); |
1358 | + HIP_INFO("The HIP %s has performed an orderly shutdown.\n", receiver); |
1359 | // Note. This is not an error condition, thus we return zero. |
1360 | goto out_err; |
1361 | } else if (n < (int) sizeof(struct hip_common)) { |
1362 | - HIP_ERROR("Could not receive message from daemon.\n"); |
1363 | + HIP_ERROR("Could not receive message from %s.\n", receiver); |
1364 | goto out_err; |
1365 | } |
1366 | |
1367 | @@ -442,7 +464,7 @@ |
1368 | struct sockaddr_in6 addr = { 0 }; |
1369 | |
1370 | if (!send_only) { |
1371 | - return send_recv_daemon_info_internal(msg, opt_socket); |
1372 | + return send_recv_info_internal(msg, opt_socket, HIP_DAEMON_LOCAL_PORT); |
1373 | } |
1374 | |
1375 | if (opt_socket) { |
1376 | @@ -479,6 +501,21 @@ |
1377 | } |
1378 | |
1379 | /** |
1380 | + * A generic function to send messages to hipfw with subsequent reply. This will |
1381 | + * block the process until the hipfw sends the response or a predefined timeout |
1382 | + * is exceeded. |
1383 | + * |
1384 | + * @param msg An input/output parameter. As input, contains the |
1385 | + * message to be sent to hipfw. As output, hipfw response |
1386 | + * will be written here. |
1387 | + * @return zero on success and negative on failure. |
1388 | + */ |
1389 | +int hip_send_recv_firewall_info(struct hip_common *const msg) |
1390 | +{ |
1391 | + return send_recv_info_internal(msg, 0, HIP_FIREWALL_PORT); |
1392 | +} |
1393 | + |
1394 | +/** |
1395 | * Read an interprocess (user) message |
1396 | * |
1397 | * @param sockfd a socket from where to read |
1398 | |
1399 | === modified file 'lib/core/message.h' |
1400 | --- lib/core/message.h 2011-08-15 14:11:56 +0000 |
1401 | +++ lib/core/message.h 2011-11-08 17:09:18 +0000 |
1402 | @@ -46,5 +46,6 @@ |
1403 | int hip_send_recv_daemon_info(struct hip_common *msg, |
1404 | int send_only, |
1405 | int opt_socket); |
1406 | +int hip_send_recv_firewall_info(struct hip_common *const msg); |
1407 | |
1408 | #endif /* HIP_LIB_CORE_MESSAGE_H */ |
1409 | |
1410 | === modified file 'lib/tool/nlink.c' |
1411 | --- lib/tool/nlink.c 2011-10-25 21:14:16 +0000 |
1412 | +++ lib/tool/nlink.c 2011-11-08 17:09:18 +0000 |
1413 | @@ -146,7 +146,7 @@ |
1414 | |
1415 | /* Transitioned from recvmsg() to recvfrom() due to |
1416 | * "Netlink overrun" errors when executing |
1417 | - * "hipconf rst all" */ |
1418 | + * "hipconf daemon rst all" */ |
1419 | |
1420 | status = recvfrom(nl->fd, buf, sizeof(buf), |
1421 | 0, NULL, NULL); |
1422 | |
1423 | === modified file 'tools/hipconf.c' |
1424 | --- tools/hipconf.c 2011-08-15 14:11:56 +0000 |
1425 | +++ tools/hipconf.c 2011-11-08 17:09:18 +0000 |
1426 | @@ -53,7 +53,7 @@ |
1427 | hip_set_logdebug(LOGDEBUG_ALL); |
1428 | |
1429 | HIP_IFEL(hip_do_hipconf(argc, argv, 0), -2, |
1430 | - "Error: Cannot configure the HIP daemon.\n"); |
1431 | + "Error: Cannot configure the daemon.\n"); |
1432 | |
1433 | out_err: |
1434 | return err; |
1435 | |
1436 | === modified file 'tools/hipdnsproxy/hipdnsproxy.in' |
1437 | --- tools/hipdnsproxy/hipdnsproxy.in 2011-06-09 19:11:46 +0000 |
1438 | +++ tools/hipdnsproxy/hipdnsproxy.in 2011-11-08 17:09:18 +0000 |
1439 | @@ -545,7 +545,7 @@ |
1440 | f.close() |
1441 | |
1442 | def map_hit_to_lsi(gp, hit): |
1443 | - cmd = "hipconf hit-to-lsi " + hit + " 2>&1" |
1444 | + cmd = "hipconf daemon hit-to-lsi " + hit + " 2>&1" |
1445 | #gp.fout.write("cmd - %s\n" % (cmd,)) |
1446 | p = Popen(cmd, shell=True, stdout=subprocess.PIPE).stdout |
1447 | result = p.readline() |
1448 | @@ -558,7 +558,7 @@ |
1449 | return None |
1450 | |
1451 | def lsi_to_hit(gp, lsi): |
1452 | - cmd = "hipconf lsi-to-hit " + lsi + " 2>&1" |
1453 | + cmd = "hipconf daemon lsi-to-hit " + lsi + " 2>&1" |
1454 | p = Popen(cmd, shell=True, stdout=subprocess.PIPE).stdout |
1455 | result = p.readline() |
1456 | while result: |
1457 | @@ -570,7 +570,7 @@ |
1458 | return None |
1459 | |
1460 | def add_hit_ip_map(gp, hit, ip): |
1461 | - cmd = "hipconf add map " + hit + " " + ip + \ |
1462 | + cmd = "hipconf daemon add map " + hit + " " + ip + \ |
1463 | " > /dev/null 2>&1" |
1464 | gp.fout.write('Associating HIT %s with IP %s\n' % (hit, ip)) |
1465 | os.system(cmd) |
Why separate binary just for configuring hipfw? Why this can't be embedded into hipconf?