Merge lp:~stefan.goetz-deactivatedaccount/hipl/hidb-db into lp:hipl

Merge the delist branch.
Branch: https://code.launchpad.net/~stefan.goetz/hipl/delist
Merge proposal: https://code.launchpad.net/~stefan.goetz/hipl/delist/+merge/60724

Remove some uses of the various linked list implementations from HIPL.

Store commit message in file so it can be retrieved later instead of being
lost on a closed terminal. This feature was requested by Diego.

Allow hipd to exit gracefully in openwrt init-script.

When issuing a restart command and hipd is running, sleep for 5 seconds before
calling hipd again to allow it to exit gracefully. This simulates the behaviour
from the debian init scripts where start-stop-daemon does this automatically.
The latter is not available on the routers so we use this workaround.

Add restart action to hipfw openwrt init-script.

By default the openwrt call stops and starts hipfw when 'restart' is called.
As hipfw gets started with the -k option by default it is not exited gracefully.
Define the 'restart' call in the init script and sleep for 2 seconds after
calling killall on hipfw. This should be sufficient to clear the firewall rules
and free any states.

Eliminate some unnecessary HIP_IFEL instances from lib/core/conf.c.

Updated ubuntu-specific instructions on compilation.

Added debhelper as a dependency.

Do not print errors in killall call of hipd and hipfw init scripts.

When hipd or hipfw is not running and killall is called it usually prints
a notice that no process was killed. As the killall implementation on the
routers has no quiet option redirect stderr to /dev/null instead.

add script enabling building of HIPL on remote host

Detailed setup information can be found within the script itself.

Fix the file encoding comment so it correctly states that the file is in UTF-8

Applied a bug fix from Stefan Götz to fix "hipconf rst all" crash.

Stefan Götz in #789298: In revno 5938, a hash table disguised as a list
was replaced by an array. In one place, I forgot to replace the hash
table handling code which was then erroneously invoked on the array
which leads to the described crash and bug.

A bug fix from Joakim Koskela to "hipconf add map" failure (bug id 789306)

As bug id 789306 reports, "hipconf add map" is defunctional. This patch
(provided by Joakim) fixes the problem.

Feel free to polish the bug fix directly if there's need for that.

Add sanity check against netlink handle and header in netlink_talk().

netlink_talk() should check if it gets a valid netlink handle and message
header before it tries to access them as it is not guaranteed that they are
properly set up. For example when the initialization fails early and the
default policies are nevertheless attempted to be removed on exit.

This fixes bug 790679 (https://bugs.launchpad.net/hipl/+bug/790679).

Rephrase ambiguous error message in hip_xfrm_policy_delete().

If the call to netlink_talk() fails when a policy is to be deleted
it does not mean that there has been no associated policy. It can
fail for any number of reasons (no socket has been set up, a malformed
message was provided etc.). Thus only state that the policy deletion
failed.

Require network and local filesystem to be initialized in init scripts.

The HIPL daemons should only be started after the filesystems and the
network have been already set up. They should be exited before the
filesystems and network gets teared down as well.

Documentation on possible boot dependencies can be found here:
http://refspecs.freestandards.org/LSB_3.1.0/LSB-Core-generic/ \
 LSB-Core-generic/facilname.html

Print notices when starting / stopping hipd via init script.

When hipd is already running or already stopped when calling start
or stop in the init script it should print a notice about it and
not just report OK.

Do not depend on network and local filesystem in debian init script.

To avoid having network communication leaked without being handled by
hipd or hipfw we should not force it to be started after the network
has been established.
We are only working on our local filesystem and should not wait for
the setup of the remote filesystem either.

This commit is a follow up to the review of commit 5952 archived
here: http://www.freelists.org/post/hipl-dev/
      Branch-hiplcorehipltrunk-Rev-5952-Require-network-and-local
      -filesystem-to-be-initialized-in-init-scripts

Check whether daemon is running in openwrt init scripts.

Both hipd and hipfw create a PID file with their process id. Check against
it to determine whether we actually have to start or stop the daemon.
In case the daemon is already running or stopped print a notice respectively.

autobuild: Ensure that check_dist_tarball() runs quiet by default.

autobuild: Run diff against /dev/null instead of an empty file.

conf: Remove empty Doxygen block and docs for a nonexisting function parameter.

Add a note about the --author parameter of 'bzr commit' to the HACKING guide.

cosmetics: Add whitespace after shell output redirection operator.

debian packaging: Integrate Bazaar revision number in package version.

Updated binary dependency instructions

"make bin" had an extra dependency on a clean ubuntu/fedora installation.

Text alignment

Aligned the Ubuntu installation line with Fedora in INSTALL.

debian packaging: Make changelog a template file updated during package build.

This allows adding a Bazaar revision number to the changelog and thus to the
Debian package version without files under revision control getting modified.

Fix bug #789327:
Add missing initialization to 'peer_addr' variable. Revision 5938 erroneously
  removed code that was necessary to change the value of the peer_addr pointer
  to an actual peer address. This caused a NULL pointer access and segmentation
  fault when handling a locator parameter during an UPDATE message.
This merges the branch lp:~stefan.goetz/hipl/mobility-bug

doxygen: Warn if parameter documentation is missing for a function.

Remove needless stdout redirection from openwrt init scripts.

Kill does not print anything, there is no need to redirect its output
to /dev/null.

Use start-stop-daemon in dnsproxy and hipfw debian init scripts.

Both dnsproxy and hipfw init scripts now use the start-stop-daemon
in a similar fashion as the hipd. This means:
- it is not an error when the daemon is already running and start
  is called again, print a notice instead
- let start-stop-daemon take care of exiting the daemon, it will
  send a TERM and wait for three seconds before killing it,
  there is no additional shell script magic necessary to test if the
  daemon is running

This commit fixes the error return value of the dnsproxy in bug 795848.

Do not exit on iptable flush error in hipfw init script.

We are running the scripts with set -e, that means every unchecked
command returning an error exits the script. In this case the
function to flash the firewall rules prematurely exited the script
when the rules had already been flushed.
We now check the return value of the flush_iptables() function and
print a notice if an error occurs.

This commit fixes the error return value of the hipfw in bug 795848.

Updated a maintainer script.

Configuration for building binaries for Fedora and Ubuntu are now
up-to-date with the latest distributions.

Print warning for conflicting firewall options iff latter are set by user.

Instead of printing the misleading warning "Warning: timeouts (-t) have no
effect with connection tracking disabled (-F)" everytime the firewall is
started with -F, print it only when -t _and_ -F are specified by the user.

Cosmetics: do not break "cond ? foo : bar" at colon in hipfw main.c.

It looks neater with the full expression including ? on the next line.

fix regression in esp_tuple_from_esp_info()

The conditional depended on new_esp instead of esp_info and the
function always returned NULL to the caller signaling an error.

remove insertion of esp_tuple on 1st update

The same operations are already performed in
insert_connection_from_update().

add error handling for connection insertion by update

remove remove_connection from debug in remove_connection()

silence configure run by autobuilder for dist checks

Add .dir-locals.el file that enforces the HIPL coding style for Emacs users.

This works similar to the .vimrc file we already have for Vim users.

build: Add .dir-locals.el to distribution tarball.

Merged lp:hipl/peeraddr

The error value must be set to non-zero in order to drop invalid loopback packets.

Check packet destination hit when receiving a control packet.

Drop packets destined for a hit that does not belong to the receiver.

Check control packet size before sending.

Issue a warning if packet size exceeds MTU.

A bug fix to configuration file reading.

Configuration file reading failed to read any lines from configuration
file because newline wasn't removed. Fixed.

doc: Fix wrong instructions for building the HIPL HOWTO.

hipconf: Remove outdated reference to a hipconf-related build system bug.

Fix a bug in hip_opportunistic_ipv6_to_hit(), introduced in rev. 4843,
which caused hip_build_digest() to be erroneously called with "length of
pointer to IPv6 address" instead of "length of IPv6 address". This made
hip_build_digest() calculate, platform-dependently, a digest of only
the first quarter or the first half of the given IPv6 address.

(Considering that in our case, most of the time, the IPv6 address in
actual fact is an IPv4-mapped IPv6 address (cf. RFC 4291, 2.5.5.2.),
where (more than) the first half consists of null bytes, the bug caused
hip_build_digest() to always return the same digest no matter what
(transformed) IPv4 address had been passed in. Consequently, pseudo HITs
as generated for opportunistic base exchanges always were the same,
causing trouble e.g. in HADB lookups.)

common.h: Put parentheses around #defines that are expressions and not values.

Otherwise all hell can break loose if the #defines are evaluated in a place
where operator precedence may mess with the intended semantics.

output.c: eliminate an unneeded variable indirection

Replaced strlen with sizeof for string defined as macro in save_rsa/dsa_private_key.

strlen() equals sizeof() - 1 in these cases.

Minor improvements of const correctness in rule_management.c

Replace if statement for crypto algorithm differentiation with switch statement and add error case.

Simplified implementation of function hip_private_host_id_to_hit().

Replaced if/else by switch case statement.
Removed cumbersome error handling.

Remove useless comments.

Use hip_get_host_id_algo directly without indirection through variable declaration.

Inserted missing break in switch case statement.

Use switch case statement for differentiating cryptographic algorithms.

This simplifies adding new algorithms (e.g. ECDSA).

Completed doxygen of function dsa_to_hip_endpoint

Replaced if-err-goto code with HIP_IFEL in rsa/dsa_to_hip_endpoint

Remove unused function declarations.

Remove duplicate checks of fp in save_rsa/dsa_private_key.

Use HIP_IFEL for if-err-goto code.

Removed useless abstractions for hip_host_id_to_it calls.

Improved documentation of hip_host_id_to_hit and hip_private_dsa/rsa_host_id_to_hit.

Remove unused define.

Check input to verify function to avoid segmentation faults.

handle missing ECHO_REQUEST parameter gracefully

add handler for ECHO_REQUEST_UNSIGNED parameter in UPDATE packets

add missing doygen to hip_conf_add_id_to_ip_map()

update Copyright-Header to year of latest change

hostid: fix a small typo in doxygen documentation

cert: drop an unnecessary cast

A tentative fix to a compilation problem in tools/pisacert.c

As reported in bug id #788578, pisacert.c fails to compile on various
Redhat-based systems. I think this will finally sort out the problem.

A bug fix to "make bin" on CentOS.

As reported in bug id #811538, CentOS 5.6 fails to build due to a
missing directory. Fixed.

Documented a workaround for binary building

Documented the workaround of the previous revision for CentOS 5.6.

remove, rephrase and add conntrack debug output

Merged lp:~hipl-core/hipl/ecc revision 5442.

add IP src address to locator set first

This enables HIPL to first reply to locator that is known to work.

move internal peer address update before sending of UPDATE

This fixes a bug, where clients move behind a new NAT and get a new
src ip AND src port.

remove existing hip state when receiving I2

Note that this patch does not consider retransmissions of I2 packets yet
and might result state with the same content to be first removed and then
recreated. But at least, we clean-up possibly old state now and allow
new connection establishment in case of inconsitent state.

Fix moduels ---> modules typo.

build: clean up .bzrignore

Restore alphabetical order, remove duplicates, use wildcard for config.foo
entries, do not globally ignore .lo and .la files.

create_ecdsa_key(): bandaid compilation fix for gcc 4.6

The err variable was write-only since the function returns EC_KEY* and not int.
Change err variable to type EC_KEY* and return it instead of NULL.

cosmetics: remove some unnecessary parentheses from pointer expressions

The struct member selection operators '.' and '->' have higher precedence than
the address operator '&'. Remove parentheses made unnecessary by this order
in cases where they add no readability or even impair readability.

replace code with hip_ifel abuse

doxygen: exclude directory generated by 'make dist' from list of source files

build: ignore directory generated by 'make dist'

Merge vestigial locking macros removal branch.

uncrustify: force END_TEST to be treated as macro-close token

This allows uncrustify to deal with the unit test code without completely
messing up its formatting.

unit tests: reformat struct declaration in a way that survives uncrustify

stylecheck: fix description of this pre-commit hook's dependencies

There is nothing GNU in the way diff/patch are used; mention both diff and
patch as dependencies; remove some stray trailing whitespace.

cosmetics: drop some redundant ';' pointed out by uncrustify; merge two lines

stylecheck.py: fix some typos

cosmetics: fix some incorrect spacing found while playing with uncrustify

INSTALL: add a short sentence on contributing; mention HACKING

Drop unnecessary return statements at the end of void functions.

Added a note on an experimental bzr hook to the HACKING file

Stefan Götz has developed a pre-commit hook for the Copyright. While
the pre-commit has not been merged yet, it pops up on the mailing list
every now and then. Therefore, I decided to note it on the HACKING
instructions and advocate Stefan to merge it!

Merge uncrustify improvements branch.

Completely removes the files lib/tool/lutil.{c.h}. They primarily contain a list
implementation which is only used for string parsing. This string parsing is
actually implemented much better directly via strtok(). This also removes a
source of GPL infection.

Merge of branch https://code.launchpad.net/~stefan.goetz/hipl/delist
Merge proposal https://code.launchpad.net/~stefan.goetz/hipl/delist/+merge/62559

Merge demodularization branch that pulls together Makefile.am snippets.

Fix incorrect use of sizeof.

Fixed tests for ECC functionality, such that all tests are passed.

cosmetics: fix 'null' vs. 'NULL' typo

builder: clean up return handling

Return values directly instead of setting a variable, jumping
to a goto label and returning the variable there.

nlink: drop some pointless void* casts

merge re-implements the hipd-related part of draft-heer-hip-middle-auth-02

An extensive merge proposal and discussion can be found at:
https://code.launchpad.net/~rene-hummen/hipl/midauth-hipd/+merge/70736

move xml tag to top of file for correct parsing

user_ipsec_api: move #include to the correct place

openwrt: cosmetics: drop some unnecessary backslashes

sync-all: drop version number from temporary directory name

The version number keeps changing and this script is simple enough not to
need it. Having it generated by configure would thus be overkill.

openwrt: generate Makefile from a template by configure to substitute version

This saves the trouble of changing HIPL version numbers in multiple
places after each release.

hipd: eliminate some HIP_IFE(L) abuse; simplify return handling

Free allocated memory in case of error in hip_update_init_state().

Updated Debian and Redhat dependencies in INSTALL.

Added "check" to optional dependencies.

patches: remove outdated kernel patches, version < 2.6.18

autobuild: test existence of OpenWrt directory before copying

INSTALL: remove duplicate 'check' entries from required packages list

HACKING: update one Doxygen example to reflect current practice

doxygen: drop redundant @author, @version and @date tags

Bazaar is tracking this information in a more accurate and less error-prone
fashion already, no need to manually repeat its job (badly).

merge conntrack-cleanup branch revision 6083

The merge proposal has been discussed at:
https://code.launchpad.net/~rene-hummen/hipl/conntrack-cleanup/+merge/71550

Make lmod_get_state_item() more robust.

Perform sanity checks on passed parameters and do not pass a possibly
negative return value as an unsigned int.

Merge update_ack_handling branch revision 6053.

Merge proposal:
https://code.launchpad.net/~martin-lp/hipl/update_ack_handling/+merge/71328

Accept ACKs for all outstanding Update packets instead of most recent one.

Previously only ACKs for the most recent sent Update packet were accepted.
This merge introduces a boundary for yet to be acknowledged Update packets
which allows to correctly deal with ACKs for more than one outstanding
Update packet.

This fixes a bug where ACKs were falsely dropped when both hosts initiated
an update at the same time.

Include string.h in test/*/midauth_builder.c to fix N900 compile issue.

The N900 build script now successfully builds again.

Don't drop packets with non-local dst HIT if RVS is active

Packets with a non-local destination HIT were being dropped in
hip_receive_control_packet() before the check for whether they should be
relayed.

hip_check_i1() (which would only be called after hip_receive_control_packet())
had redundant code doing the same except with a provision for opportunistic I1
packets.

I removed the redundancy and changed the code to be executed only if we are not
offering RVS or relay service.

Remove some redundant, write-only variables.

conntrack: simplify handle_update()

Change a pointer to pointer function argument to a simple pointer. The
argument is always dereferenced before use, effectively turning it into
a simple pointer argument.

midauth: Fix compilation with --enable-midauth.

A #include and a variable initialization were missing from the midauth branch
merge, resulting in compilation failures with --enable-midauth.

fix autobuilder

if update is excluded from build, so should be its dependencies,
including midauth.

conntrack: change if/else cascade to switch statement

conntrack: replace some pointless gotos by direct return

conntrack: avoid code duplication in get_tuple_by_hip().

get_tuple_by_hits() performs the same iteration on the list of
connection tuples, call this instead of having it twice in the
code.

Added tests for serialization and deserialization of RSA keys.

Remove unused state attribute from firewall connection tuples.

The state exists for both initiator and responder but it's only changed
initially on creation and when the connection is closed. It's never read
or used in any way. Therefore scrap it.

Use /lib/core/ state definitions instead of local ones in conntrack.c.

The prior definitions weren't used except for the initial state making
the enum rather pointless. As of now the state in connections is still
unused but it will be used to track connection information in the
future.

debian: reflect dependency on (possibly remotely-mounted) /usr in init scripts

The HIPL init scripts depend on /usr to start the HIPL binaries. /usr may be
remotely-mounted, so depend on remote filesystems being mounted before running.
reference: http://wiki.debian.org/LSBInitScripts

Changed start-up priority of the DNS proxy in Ubuntu/Debian

As bug id #845677 states, I've had some problems during boot in my
Ubuntu Natty when both DNS proxy and dnsmasq are installed. The root of
the problem seems to be that DNS proxy starts too fast and there's a
race condition with dnsmasq. Diego suggested a fix the bug in init.d
scripts and it seems to work just fine.

Another stab to fix DNS proxy boot-up problems in Ubuntu Natty.

Revision 6076 did not do the trick to fix DNS problems when dnsmasq and
DNS proxy are running in the same system (#845677). The issue was subtle
and seems to reappear randomly. This commit has an additional safe guard
(higher priority for init.d) which I hope will fix the problem. I have
tested the bug fix both in LTS and Natty.

Re-enabled "shotgun" extension for hipconf

The shotgun extension sends multiple I1/UPDATE messages to find a
working address pair. Somebody disabled the extension in hipconf, but
just partially. This commit re-enables the shotgun functionality (which
seems to working as reported in bug report lp:592177).

Move debug RSA key creation announcement before the actual generation.

It doesn't make much sense to notify about an upcoming key generation
when it is already finished.

Bazaar is a build-time dependency of HIPL.

Restructure commands used to satisfy optional and required dependencies.

Split into lists of packages necessary for building HIPL, those for optional
functionality and those required for building binary distribution packages.

RPM: drop rpm-build package from BuildRequires list

The rpmbuild program is an implied dependency of RPM package building, so it
ought to be safe to leave it out of BuildRequires. This allows using the
specfile on other RPM-based distributions like openSUSE where rpmbuild is
part of the rpm package and no separate rpm-build package exists.

Cosmetics: Spaces in array definition in test/lib/core/hostid.c

Merge n900-build-fix branch revision rev 6083 into trunk.

Merge-proposal:
https://code.launchpad.net/~martin-lp/hipl/n900-build-fix/+merge/78551

Set hostid unit test timeouts to 120 seconds to fix broken package
building for the N900.

minor beautification of script output

add error output for conflicting handle function priorities

fix issue where update causes old ipsec sa not to be removed at responder

The altering IPsec SAs requires knowlege about the IP addresses of the
peer. During updates, we update the IPs to the new locators. Hence, we
need to remove IPsec SAs before resetting the IPs and set up new SAs
afterwards. This commit splits removal and setup into two parts.

fix long handover delays in case locators are unreachable for responder

In some situations, the network stack of the responder cannot deliver
HIP UPDATE messages to the signaled locators. In this case, sendto()
returns a length != packet_length. Until now, HIPL tried three times
to send undeliverable packets with a timeout of 2 seconds each. As the
hipd is single-threaded, this caused a delay of 4+ seconds per
undeliverable locator.
HIPL also implements a retransmission mechanisms (for UPDATEs).
Undeliverable packets are handled there as well. Hence, I removed the
intrusive special handling for the case where the network stack reports
an error. This fixes the problem of overly long handovers.

Rename hip_hastate to hip_ha_state.

Changed are both the enum and the variables using it. This way it is more
conform with the naming in the rest of the codebase.

Move hip_state #defines into enum, use enum instead of int in functions.

Basically lots and lots of function parameters that needed rewriting.
Noteworthy change in hip_state_str() which does not use that weird
array construction anymore but a proper switch case and
lib/core/state.h where the defines have been moved into the enum.

Include lib/core/state.h where it's required in header files.

make checkheaders now makes no trouble no more.

Remove stray duplicate license statement.

Fix compilation errors in gcc 4.5/4.6 due to failed inlining with -Os.

Newer gcc versions fail to inline a few functions when optimizing for size.
Drop the inline keyword from these functions. In the case of hip_state_str()
this also required moving the function from a header file to a normal .c file.

Track connection state in firewall connection tracking.

Before, the state variable was only initially set but never
actually changed or used. This commit uses it to track the state
of the connection. For this reason three new states (R1-SENT,
U1-SENT, U2-SENT) are added which are only used by the firewall.

State updates happen in the handle functions after successful
processing of the respective packets.

Cosmetics: remove superfluous parentheses in hip_purge_closing_ha().

Fix recurring typo in lib/core/message.c doxygen documentation.

Add missing semicolons after macro invocations.

Drop pointless hip_ prefixes from static functions.

There is no point in prefixing static functions as there is no risk of
namespace collisions. Dropping the prefix reduces clutter.

Drop unnecessary end-of-line backslashes.

In many places lines end in backslashes, probably due to the wrong assumption
that a newline acts as an argument separator, which it does not in C.

firewall: Drop inline keyword from get_cache_index().

gcc 4.5.1 fails to inline that function when optimizing for size. Since gcc can
generally be trusted about inlining decisions, dropping the inline keyword and
letting the compiler decide about inlining appears to be the sensible choice.

cosmetics: adjust some accidentally introduced indentation messups

firewall: K&R indentation cosmetics

Drop trailing semicolons from macro declarations.

This is more consistent, most macro declarations do not end in semicolons,
and avoids issues with some automatic tools like uncrustify.

vimrc: improve whitespace highlighting

Building and packaging for OpenSUSE

From Diego: I have a notebook that runs OpenSUSE, so I quickly ported
the packaging infrastructure. I'm not sure this is worth the future
maintenance burden, but I thought I might send it anyway.

Reverted revision 6105

I applied the patch incorrectly and the need for OpenSUSE build
instructions should be further discussed before applying.

Cosmetics: Fix some typos in documentation.

packaging: port package building script to openSUSE

INSTALL: Add list of required packages for OpenSUSE.

merge lp:~rene-hummen/hipl/logging

This merge updates the logging facilities of HIPL and adds a new log
level "LOW".

Macros are now mapped to the debug levels as follows:
=========================================
| NONE | DIE, ASSERT
------------------------------------------
| LOW | DIE, ASSERT, ERROR
------------------------------------------
| MEDIUM | DIE, ASSERT, ERROR, INFO
------------------------------------------
| ALL | DIE, ASSERT, ERROR, INFO, DEBUG
==========================================

Also see merge proposal:
https://code.launchpad.net/~rene-hummen/hipl/logging/+merge/81065

Fixed an annoyance in a maintainer script

From bug #795846: The "make syncrepo" target seems to unnecessarily copy also
old packages to the repository. Fixed by including the revision number also.

Cosmetics: Move comment in queue_packet() to where it belongs.

Make hipconf_usage string static as it is local to lib/core/conf.c.

Revert accidental hipl-daemon dependency change applied with rev. 6113.

Fixed specification of return value of function fw_verify_and_store_host_id.

The function returns 0 for valid packets, 1 if signature verification failed and -1 on other errors.

Added asserts in function fw_verify_and_store_host_id.

replace fw_verify_packet with fw_verify_and_store_host_id for U2 and U3.

Relaxed uncrustify rules to allow #endif after a function body

The uncrustify configuration now allows #endif after closing of the
function body as follows:

#ifdef SOMETHING
int foo(void) {
}
#endif /* SOMETHING */

As a side effect, I believe this now allows the following violation
(which should be prohibited via manual inspection):

int foo(void) {
}
int bar(void) {
}

Removed some empty lines between function bodies and #endif statements

The update to the crustify policy in revision 6118 removed the need to
have an empty line between the end of a function body (closing curly
bracket) and following #endif (if any present). I grepped the source
files for occurrences of this and adjusted according to the new policy.

Revert r6118: Relaxed uncrustify rules to allow #endif after a function body.

Setting the number of newlines after functions to 1 in uncrustify rules
enforces it for all functions. The effect: no more blank lines between
functions. This commit reverts the change.

Merge lp:~martin-lp/hipl/hipfwconf into trunk.

This merge updates the hipconf API and makes it possible to retrieve the
active connections from hipfw.

Changes in the hipconf API:
- hipconf commands have to include the keyword 'daemon' or 'hipfw' to
  address the respective process
    - eg. 'hipconf get ha all' is now 'hipconf daemon get ha all'
- other than the daemon process keyword there are no changes to the
  hipconf commands; config file syntax stays the same as well
- active connections from the firewall can be retrieved with
  'hipconf firewall get ha all'

Merge request:
https://code.launchpad.net/~martin-lp/hipl/hipfwconf/+merge/81612

Merged lp:~midauth-pisa-devs/hipl/midauth-firewall

lp:~hipl-core/hipl/ecdsa-redhat with trunk

remove compile-time conditional for midauth and related code

This should satisfy the auto-builder.

NOTE: Midauth and PISA certificate handling was intertwined in the code
      whereas it should really be separate. This separation is now
      enforced by merging the midauth branches. However, PISA
      functionality is still broken. This will be fixed by the upcoming
      merge of the PISA branch. Until then, I have removed the conditional
      code of PISA from the codebase.

remove midauth compilation flag from the auto-builder

Fixed most of "make check" compilation errors for Fedora.

A resolution for bug id #838116 was merged but "make check" and "make
"alltests" still failed to compile. This commit fixes most of them but
one is still left.

Fixed a problem with "make dist"

Three source files were missing from "make dist". I decided to move
them to EXTRA_DIST as a compromise because they were not compiled. I
assume that they are needed in the future.

Fixed a problem with ARM build

Autobuilder failed to build ARM binaries. I hope this commit fixes the
problem. I believe the problematic source file had also another
compilation issue with missing ifdefs, so I fixed it too.

The error from the autobuilder was as follows:

branch: trunk
revision: 6127
configuration: Scratchbox ARM crosscompile
command: /opt/scratchbox/login -d hipl-[0-9.]* make deb
compiler output:

./packaging/create-package.sh deb
.....
test/firewall/midauth.c:220: warning:
'test_hipfw_midauth_verify_challenge_NULL_ctx' defined but not used

Another fix to the ARM build

Arm build still failed:
..
test/firewall/midauth.c:289: error: 'test_hip_challenge_response_opaque_len' undeclared (first use in this function)

I hope this is fixed in this commit. I also reduced one ifdef by moving a function in the same file.

Bumped version number up

Release 1.0.6 was published, so bumped the version number up.

build: Trigger build errors on Doxygen warnings.

doxygen: exclude generated dir from list of source files in out-of-tree builds

Revert previous commit for out-of-tree Doxygen builds; it was wrong.

During out-of-tree builds only directories in the actual build directory
should be ignored, not ones that happen to be in the source directory by
some unlucky coincidence.

Cosmetics: Fix some typos in documentation.

Cosmetics: Complete documentation of hadb_init_entry().

Add error handling for lmod init error to hadb_init_entry().

Add error handling for HA initialization to hip_hadb_create_state().

Do not ignore hipl-VERSION directories.

These directories are remnants from failed build processes and can cause
trouble at least for Doxygen building, so ignoring them is counterproductive.

Replace memset(0) calls by direct zero initializations.

Remove unused sa_eid_t typedef.

drop all obsolete patches and related documentation

The new baseline we require is CentOS 6. Older systems will no longer
be supported by adding patches and workarounds to HIPL.

build: drop workarounds for CentOS 5.5; the new required baseline is CentOS 6.

Stop setting the PATH environment variable; also drop an outdated comment

This workaround was added for obsolete Fedora versions (9) and should no
longer be necessary. Besides, mucking with PATH is a bad idea.

A small improvement to maintainer script

tools/maintainer/sync-all was not obeying correct "make dist" directory
naming convention. This commit fixes this.

Fixed contradictory statements in the Makefile.am

According to Diego, tools/maintainer/sync-all was both included and
excluded in Makefile.am from "make dist". Removed the inclusion part.

sync-all: extract into current directory instead of subdir with version in name

This allows simplifying the script and the build system. Substituting the HIPL
version number into a script template is no longer necessary.

sync-all: drop bash-specific time measurement around execution loop

sync-all: properly clean up before and after execution

build: pass '-z muldefs' via -Wl option to the linker

This is the correct, or at least a more robust, way to pass options to the
linker when gcc is used as the linker frontend. This fixes a linking
failure on Maemo where the linker had trouble grokking that option otherwise.

Idea initially suggested by Christoph Mroz.

build: do not discard stdout during Doxygen documentation generation

Thanks to Samuel Richter for help with some shell trickery.

Remove unused hip_set_firewall_status() prototype.

Replace redundant hip_get_firewall_status() by hip_firewall_is_alive().

Consistently use "hipfw" in filenames for the HIPL firewall.

Replace "hip_firewall_" function/variable prefixes by "hipfw_".

Replace "HIP_" prefix in multiple inclusion guards by "HIPL_".

The name of the project is HIPL, HIP is just the protocol.

rule_management: Drop stray @file Doxygen directive.

Give consistent names to all configuration files used within HIPL:

firewall_conf ---> hipfw.conf
hip_cert.cnf ---> hip_cert.conf
hipd_config ---> hipd.conf
nsupdate.conf ---> nsupdate.conf
relay_config ---> relay.conf

Merged lp:~henrik-ziegeldorf/hipl/locator-type1-fix into trunk.

A bug fix to opportunistic RVS re-registration

As reported in bug #894029, opportunistic re-registration fails. This
revision fixes the problem in a different way than suggested in the bug
id. Namely, the problem fixed directly at the client-side registration
code to minimize the impact of the changes.

This bug fix complements bug id #592135 in the sense that now we have
workaround for both opportunistic and normal registrations. One design
criteria for this bug fix was to streamline with #592135, so that when
it is eventually solved, the code of this revision can also be removed.

I have tested the code successfully with multiple consequtive opp. and
normal registrations.

A compilation fix to revision 6159

Code failed to build with --disable-rvs in revision 6159, fixed.

Removed pointless parenthesis

As Diego noticed, revision 6159 introduces pointless parentheses around
one reference of a variable. Removed.

Fixed a suspicious condition in the registration code.

Christof Mroz noticed a no-op in revision 6159. This fixes the
condition to something more sensible.

Cosmetics: fix stray non-uncrustified lines in modules/update/hipd/update.c.

A bug fix to "del server rvs" handling in hipconf

As reported in lp:894030, deleting of rvs should work also without HIT
(i.e. with opportunistic mode). This patch fixes the problem.

Move hip_id_type_match() to the only file it is used and fix the implementation.

hostfiles: cleanup error and return value handling

Drop pointless variable indirections, eliminate HIP_IFELs and code duplication.

hostsfiles: fix return argument doxy of hip_map_id_to_ip_from_hosts_files()

HOWTO: Fix a bunch of spelling and wording errors; add more semantic markup.

openwrt: use the same package names as for RPM/DEB packages

doc: remove reference to non-existing prebuilt RPM packages

rpm: Mention GPLv2 as license, not GPLv2 and MIT.

The latter will only confuse people and the license for all of HIPL is GPLv2.

rpm: Add BASENAME to dnsproxy init.d file.

Without it, no name is printed when hipdnsproxy is started or stopped.

rpm: Replace '%config /etc/rc.d/init.d' by the more correct %{_initddir}.

rpm: Remove pointless "ExclusiveOS" and "Prefix" tags.

rpm: Drop "--prefix=/usr --sysconfdir=/etc" from %configure macro invocation.

These options are added automatically by the RPM build process anyway.

rpm: Do not strip binaries during Make run; rpm does this automatically.

rpm: remove apparently unnecessary %defattr directives

Permissions are set correctly without them, so drop them for now at least.

rpm: Do not start services by default to comply with Fedora packaging policy.

rpm: Drop Packager tag to conform with Fedora policy.

A suitable value can be inferred from the local rpmbuild configuration.

rpm: fix source URL at infrahip.hiit.fi

rpm: add version information to Obsoletes tag

This fixes rpmlint warnings about unversioned-explicit-obsoletes.

Fix logic errors of for_each_hosts_file_line() error handling in hostsfiles.c.

Revision 6166 introduced some logic errors where return values where falsely
handled. This fixes it.

Cosmetics: Fix typo in handle_retransmissions() code documentation.

Remove needless retransmission buffer sanity checks.

Memory for the retransmission buffer is always allocated when a
host association is set up in hip_hadb_init_entry(). If the
allocation fails the creation of the respective HA fails as well.
Deallocation only happens during teardown of the HA in
hadb_delete_state().

As a consequence the sanity checks on the retransmission buffer
during packet handling are not necessary. Therefore get rid of them.

HIP configuration files.

  The following configuration files are part of HIP package:
  1. hipd.conf
  2. hosts
  3. nsupdate.conf
  4. relay.conf

Stylecheck fix.

The stylecheck added a newline.

Neccessary changes to Debian package for HIP.

Creation of 'etc/hip/' path and placing the configuration files during
installation using the pre-build debian binaries.

Removal of code for run-time generation of configuration files.

The code for creation of the following configuration files needs to be
removed:

1. hipd.conf
2. hosts
3. nsupdate.conf
4. relay.conf

RPM spec file update.

The 'hipl.spec' file is updated to place the configuration files at
the necessary path location during installation via RPM packages.

Update to OpenWRT package.

Neccessary modification for handling the configuration files in
OpenWRT package.

Update to HIP Makefile.am

Modifications to handle configuration file in Makefile.am.

Merged branch lp:~henrik-ziegeldorf/hipl/locators-type0-fix

Alphabetical order of includes.

Act on error return values of registered packet handlers.

Merging branch lp:~fahad-aizaz/hipl/hipd-hipfw-conf

Removing runtime generation of hipfw configuration file. Thus the code
to generate hipfw.conf is removed from the HIP source. Instead a
default hipfw configuration file is included with HIP source.

To distribute and install hipfw configuration file Makefile.am is
also modified. Similar modifications for distribution and installation
of hipfw configuration file for other distributions (Debian, RPM and
OpenWRT) are also incorporated.

Cosmetics: uncrustify modules/update/hipd/update.h.

Remove unused / broken update_state variables.

The update_state variables defined in state.h and update.h are initially
set but never changed. As a consequence update retransmission are currently
broken. Get rid of these variables as a fix is being developed
on a different branch.

This commit does not change hipd behaviour.

Drop pointless (time_t *) cast from handle_retransmission().

Cosmetics: Remove pointless parentheses and comment in handle_retransmission().

autobuild: Properly clean up Scratchbox and host Debian packaging.

autobuild: Remove log.txt in case of error after mailing out its content.

autobuild: Remove HIPL tarballs in OpenWrt download directory before building.

This should ensure that no old tarball is used if several are available after
a version bump. Also adjust tarball wildcard name for consistency.

openwrt: Create system configuration directory before installing files there.

hipfw: remove some duplicate #defines

INDEX_HASH_FN and INDEX_HASH_LENGTH were being doubly defined in the same file.

hadb: do not dereference a void* argument to derive memory size to set to zero

In file included from /usr/include/string.h:643,
                 from hipd/hadb.c:64:
In function ‘memset’,
    inlined from ‘lsi_assigned’ at hipd/hadb.c:1320,
    inlined from ‘hip_generate_peer_lsi’ at hipd/hadb.c:1380:
/usr/include/bits/string3.h:86: error: call to __builtin___memset_chk will always overflow destination buffer

Merge lp:~martin-lp/hipl/hipl_retransmissions into trunk.

This merge fixes and improves the currently partially broken retransmissions
in HIPL.

In short:
- buffer up to three retransmissions in simple round-robin style
 -> this does not affect regular management packets during BEX but makes it
    possible to retransmit the locators of the second UPDATE packet

- we remove buffered retransmission based on incoming packets from the peer
 -> hip_update_retransmissions() in input.c takes care of that
 -> for example an incoming R1 invalidates or acknowledges our buffered I1
    retransmission
 -> it's the same for UPDATE packets. incoming U2 invalidates buffered U1,
    and U3 invalidates U2 respectively
 -> the rationale: if we do not get a response from the peer we can assume our
    or their packet was lost, so we retransmit. A received packet from the peer
    acts as acknowledgment and we remove the retransmissions. For this reason
    R2 and U3 packets do not get buffered for retransmission. Their
    retransmission is triggered by the peers retransmission of I2 or U2
    respectively.

Merge proposal:
https://code.launchpad.net/~martin-lp/hipl/hipl_retransmissions/+merge/87072

Remove HIP_IFEL in hip_periodic_maintenance(), always return 0 on success.

All the HIP_IFEL does is return an error value -> replace it with proper
return statements.
One semantic change is in case of more than zero open connections in
HIP_STATE_CLOSING. Previously the number of open connections was
returned even though the documentation states differently. Return
zero now in this case.

autobuild: Adjust doxygen check after recent changes to 'make doxygen'.

The check was discarding stdout, which is where doxygen warnings now appear.

nsupdate.conf: delete trailing whitespace

Update Doxygen of sa_entry_hash() / link_entry_hash() return value.

cosmetics: Adjust some comment lengths and drop a trailing whitespace character.

hipconf: Eliminate HIP_IFEL.

Simplify logic in sa_entry_hash() / link_entry_hash() to drop some HIP_IFELs.

Replace several instances of pointer type punning by proper union punning.

Fixes several warnings that appear without -fno-strict-aliasing in CFLAGS like
hipd/hadb.c:133: error: dereferencing type-punned pointer will break strict-aliasing rules

Drop received I1 in state I1_SENT when peer HIT is greater.

As demanded in RFC 5201 table 3. This fixes a bug where it was not possible
to initiate a successful BEX on two machines with each other at the same time.

build: Show gcc warnings for strict aliasing violations.

Previously those warnings were suppressed, resulting in more issues being
added without anybody noticing. Now the warnings are shown without being
made into errors. Development can thus continue normally while the issue
remains on the radar and will hopefully be fixed eventually.

autobuild: Discard first line of output from "make doxygen".

The first line just consists of the command that Make invokes and should
not be considered error output.

hipfw: Use consistent name for ESP protection extension configuration file.

All other configuration files in HIPL use a .conf suffix.

hipfw: Also install configuration file for ESP protection extension.

esp_prot_config: Clean up error handling; eliminate HIP_IFEL.

esp_prot_config: Drop pointless esp_prot_ prefix from static function.

esp_prot_config: Drop redundant "_config" part of esp_prot_config.conf name.

Remove leftover reference to removed HIPL_CONFIG_FILE_EX #define.

Remove unnecessary NULL checks before freeaddrinfo().

build: Move definition of config file names for hipd and hosts out of config.h.

This makes the handling of configuration file names consistent and simplifies
the build system.

nsupdate: Move nsupdate.pl and its config file to a separate directory.

Previously the nsupdate configuration file was in the hipd directory
where it did not belong.

conf: cosmetics - merge some lines, drop parentheses, whitespace

hiprelay: Clean up error handling; drop some HIP_IFELs; fix Doxygen comments.

Fix a bunch of typos.

configfilereader: Move some code and documentation from the .h to the .c file.

The moved #defines are only used in the .c file and thus belong there.
The large Doxygen documentation block is also more at home in the .c file
where the bulk of the rest of the Doxygen documentation is.

certtools: Clean up error handling; eliminate some HIP_IFELs; whitespace.

certtools: Refactor configuration file opening/reading.

Do not load a configuration file again when reading sections, hip_cert_open()
takes care of that already. Also amend Doxygen documentation to match.

Updated manual.

Added a note to the manual that AppArmor works well with HIPL (where as
SElinux is problematic).

certtools: Refactor configuration file reading functions.

Add a filename parameter to the open function to allow reading arbitrary
configuration files, drop the "cert" from the name as the functions are
general and not just useful for reading certificate configuration files.

Merge lp:~diego-biurrun/hipl/dead_code into lp:hipl

Eliminate some dead code from HIPL.

openwrt: No longer add -lz to LIBS in configure run.

This was a workaround for some weird issue that no longer occurs in the
OpenWrt version we now use. HIPL itself does not use zlib anywhere.

openwrt: Remove file with list of modules to load for hipd/hipfw at startup.

Adding such a file to /etc/modules.d is not the correct way to have kernel
modules loaded in OpenWrt, there should be package dependencies on the relevant
kernel modules instead.

openwrt: Run 'make install' instead of 'make install-strip'.

No other packages do this as part of the OpenWrt build process, so let us
rely on OpenWrt as well to strip binaries for us if deemed appropriate.

openwrt: Drop redundant --sysconfdir from configure command line.

OpenWrt already adds --sysconfdir, so no need to repeat it.

openwrt: Eliminate hipl-common package clutch.

The hipl-common package served no purpose apart from collecting dependencies
shared between the hipd and hipfw packages, but no longer contained any files.
Sharing settings is better achieved by declaring package defaults.

openwrt: Merge two make invocations during package compilation phase.

Uncrustifying code

bzr hooks caught a number of slipped files with coding policy
violations. Crustified only the files that were a problem on one
branch; there's probably more to solve.

Uncrustified code

Cleaned up the code base as tipped by Diego:

find . -name \*.[ch] | xargs uncrustify -c .uncrustify-0.57.cfg --no-backup --replace

Updated HACKING on uncrustifying

Added an example on how to uncrustify the code manually according to
the tip from Diego.

uncrustify: Explicitly mark OpenSSL STACK_OF type wrapper macro as such.

Otherwise uncrustify misinterprets pointer declarations involving STACK_OF
as multiplications and does not format the code in K&R style.

cosmetics: K&R formatting from the freshly improved uncrustify configuration

cosmetics: Drop some unnecessary end of line backslashes from shell commands.

Remove support for call-back functions to be invoked when adding or removing
a local host identity from the HIDB. This functionality was not used.

From hip_local_hostid_db(), remove the 'db' argument because the only
database this function was ever used on was the HIDB.

From hip_get_host_id_and_priv_key(), remove the 'db' parameter because the
function was only ever invoked on the HIDB.

Remove the function hip_return_first_rsa() because it can be trivially replaced
with a call to the existing hip_get_hostid_entry_by_lhi_and_algo() function.

Replace the macro HIP_DB_LOCAL_HID with its expansion hip_local_hostid_db

Remove the HIP_DB_LOCAL_HID macro because it is unused.
Remove the external declaration of hip_local_hostid_db because it is not
accessed and required outside the HIDB implementation.

Remove the public declarations of hip_hidb_hash() and hip_hidb_match() because
they are not used outside the HIDB implementation itself.

Remove unused #include statements from hipd/hidb.h
Add #include "lib/core/list.h" statements in files that were missing them.

Remove the hashtable/database parameters from all internal HIDB functions
  because all functions operate on the global HIDB anyway.
Adapt all callers accordingly.

Fix grammar in documentation (cf. https://code.launchpad.net/~stefan.goetz/hipl/hidb-db/+merge/61832/comments/137513/)

Fix const correctness in function arguments (cf. https://code.launchpad.net/~stefan.goetz/hipl/hidb-db/+merge/61832/comments/137513)

Remove authorship attribution