HIPL

Merge lp:~stefan.goetz-deactivatedaccount/hipl/style-check-hook-review into lp:hipl

  1. style-check-hook-review
  2. Merge into trunk
Proposed by Stefan Götz
Status: Merged
Merged at revision: 5450
Proposed branch: lp:~stefan.goetz-deactivatedaccount/hipl/style-check-hook-review
Merge into: lp:hipl
Diff against target: 20273 lines (+5450/-3693)
135 files modified
.uncrustify-0.57.cfg (+1376/-0)
.uncrustify.cfg (+15/-15)
firewall/cache.c (+20/-20)
firewall/conntrack.c (+91/-93)
firewall/dlist.c (+1/-0)
firewall/esp_prot_api.c (+123/-126)
firewall/esp_prot_api.h (+10/-10)
firewall/esp_prot_config.c (+19/-23)
firewall/esp_prot_conntrack.c (+74/-76)
firewall/esp_prot_fw_msg.c (+58/-58)
firewall/esp_prot_fw_msg.h (+3/-3)
firewall/file_buffer.c (+6/-6)
firewall/firewall.c (+97/-100)
firewall/firewall_control.c (+8/-8)
firewall/firewall_defines.h (+30/-30)
firewall/helpers.c (+1/-1)
firewall/line_parser.c (+2/-2)
firewall/lsi.c (+21/-21)
firewall/midauth.c (+26/-26)
firewall/pisa.c (+28/-27)
firewall/pisa_cert.c (+5/-5)
firewall/port_bindings.c (+23/-28)
firewall/reinject.c (+47/-47)
firewall/rule_management.c (+42/-42)
firewall/rule_management.h (+12/-12)
firewall/sysopp.c (+6/-6)
firewall/user_ipsec_api.c (+22/-22)
firewall/user_ipsec_api.h (+1/-1)
firewall/user_ipsec_esp.c (+44/-44)
firewall/user_ipsec_fw_msg.c (+51/-51)
firewall/user_ipsec_sadb.c (+28/-29)
firewall/user_ipsec_sadb.h (+23/-23)
hipd/accessor.c (+1/-1)
hipd/accessor.h (+0/-1)
hipd/cert.c (+103/-103)
hipd/close.c (+36/-36)
hipd/configfilereader.c (+3/-3)
hipd/configfilereader.h (+1/-1)
hipd/cookie.c (+20/-22)
hipd/dh.c (+2/-2)
hipd/esp_prot_anchordb.c (+14/-14)
hipd/esp_prot_hipd_msg.c (+115/-116)
hipd/esp_prot_light_update.c (+13/-13)
hipd/esp_prot_light_update.h (+1/-1)
hipd/hadb.c (+54/-54)
hipd/hadb.h (+1/-1)
hipd/hadb_legacy.c (+4/-4)
hipd/hidb.c (+59/-61)
hipd/hidb.h (+4/-4)
hipd/hip_socket.c (+13/-13)
hipd/hipd.c (+39/-41)
hipd/hipd.h (+6/-6)
hipd/hiprelay.c (+49/-48)
hipd/hiprelay.h (+7/-7)
hipd/hit_to_ip.c (+8/-8)
hipd/init.c (+45/-48)
hipd/input.c (+137/-137)
hipd/keymat.c (+22/-23)
hipd/maintenance.c (+23/-22)
hipd/nat.c (+1/-1)
hipd/netdev.c (+80/-83)
hipd/nsupdate.c (+17/-17)
hipd/oppdb.c (+29/-28)
hipd/oppdb.h (+6/-6)
hipd/oppipdb.c (+3/-3)
hipd/output.c (+81/-81)
hipd/pkt_handling.c (+9/-10)
hipd/registration.c (+42/-42)
hipd/registration.h (+3/-3)
hipd/user.c (+39/-42)
hipd/user_ipsec_hipd_msg.c (+4/-4)
hipd/user_ipsec_sadb_api.c (+4/-4)
lib/core/builder.c (+182/-182)
lib/core/builder.h (+2/-2)
lib/core/capability.c (+6/-6)
lib/core/certtools.c (+80/-80)
lib/core/certtools.h (+4/-4)
lib/core/common.h (+10/-10)
lib/core/conf.c (+84/-86)
lib/core/conf.h (+1/-1)
lib/core/crypto.c (+39/-39)
lib/core/crypto.h (+4/-4)
lib/core/debug.c (+55/-55)
lib/core/debug.h (+15/-15)
lib/core/filemanip.c (+8/-8)
lib/core/hashchain.c (+5/-7)
lib/core/hashchain.h (+7/-7)
lib/core/hashchain_store.c (+63/-63)
lib/core/hashchain_store.h (+9/-9)
lib/core/hashtree.c (+26/-26)
lib/core/hashtree.h (+19/-19)
lib/core/hostid.c (+67/-69)
lib/core/hostsfiles.c (+16/-16)
lib/core/icomm.h (+1/-1)
lib/core/keylen.c (+0/-2)
lib/core/linkedlist.c (+9/-9)
lib/core/linkedlist.h (+3/-3)
lib/core/message.c (+41/-41)
lib/core/modularization.c (+18/-20)
lib/core/modularization.h (+6/-6)
lib/core/performance.c (+4/-4)
lib/core/performance.h (+8/-8)
lib/core/prefix.c (+13/-14)
lib/core/prefix.h (+10/-10)
lib/core/protodefs.h (+79/-79)
lib/core/solve.c (+8/-8)
lib/core/state.h (+94/-94)
lib/core/statistics.c (+2/-3)
lib/core/transform.c (+5/-5)
lib/tool/checksum.c (+39/-40)
lib/tool/lutil.c (+6/-6)
lib/tool/nlink.c (+85/-86)
lib/tool/nlink.h (+3/-3)
lib/tool/pk.c (+18/-18)
lib/tool/xfrmapi.c (+29/-29)
lib/tool/xfrmapi.h (+1/-1)
modules/heartbeat/hipd/heartbeat.c (+63/-64)
modules/heartbeat_update/hipd/hb_update.c (+4/-5)
modules/update/hipd/update.c (+101/-106)
modules/update/hipd/update_builder.c (+6/-6)
modules/update/hipd/update_legacy.c (+4/-4)
test/auth_performance.c (+17/-17)
test/certteststub.c (+9/-9)
test/check_firewall.c (+1/-1)
test/check_lib_core.c (+3/-4)
test/dh_performance.c (+86/-86)
test/firewall/file_buffer.c (+8/-8)
test/firewall/line_parser.c (+4/-4)
test/firewall/port_bindings.c (+1/-1)
test/fw_port_bindings_performance.c (+36/-36)
test/hc_performance.c (+55/-55)
test/lib/core/hit.c (+8/-9)
test/lib/core/straddr.c (+3/-3)
tools/bazaar/plugins/stylecheck.py (+438/-0)
tools/pisacert.c (+8/-8)
To merge this branch: bzr merge lp:~stefan.goetz-deactivatedaccount/hipl/style-check-hook-review
Reviewer Review Type Date Requested Status
Stefan Götz (community) Approve
Review via email: mp+45857@code.launchpad.net

Description of the change

1) a pre-commit hook for bazaar that aborts a commit if the code to be committed does not adhere to the HIPL style guide lines.

2) all HIPL code has been automatically beautified so that the pre-commit hook only complains about newly introduced style violations.

To post a comment you must log in.
Revision history for this message
Stefan Götz (stefan.goetz-deactivatedaccount) wrote :

As promised last week, this branch will be merged very soon now. Any last minute comments are welcome, of course.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== added file '.uncrustify-0.57.cfg'
2--- .uncrustify-0.57.cfg 1970-01-01 00:00:00 +0000
3+++ .uncrustify-0.57.cfg 2011-01-11 14:04:40 +0000
4@@ -0,0 +1,1376 @@
5+# Uncrustify 0.57
6+
7+#
8+# General options
9+#
10+
11+# The type of line endings
12+newlines = lf # auto/lf/crlf/cr
13+
14+# The original size of tabs in the input
15+input_tab_size = 8 # number
16+
17+# The size of tabs in the output (only used if align_with_tabs=true)
18+output_tab_size = 4 # number
19+
20+# The ASCII value of the string escape char, usually 92 (\) or 94 (^). (Pawn)
21+string_escape_char = 92 # number
22+
23+# Alternate string escape char for Pawn. Only works right before the quote char.
24+string_escape_char2 = 0 # number
25+
26+#
27+# Indenting
28+#
29+
30+# The number of columns to indent per level.
31+# Usually 2, 3, 4, or 8.
32+indent_columns = 4 # number
33+
34+# The continuation indent. If non-zero, this overrides the indent of '(' and '=' continuation indents.
35+# For FreeBSD, this is set to 4.
36+indent_continue = 0 # number
37+
38+# How to use tabs when indenting code
39+# 0=spaces only
40+# 1=indent with tabs to brace level, align with spaces
41+# 2=indent and align with tabs, using spaces when not on a tabstop
42+indent_with_tabs = 0 # number
43+
44+# Comments that are not a brace level are indented with tabs on a tabstop.
45+# Requires indent_with_tabs=2. If false, will use spaces.
46+indent_cmt_with_tabs = false # false/true
47+
48+# Whether to indent strings broken by '\' so that they line up
49+indent_align_string = true # false/true
50+
51+# The number of spaces to indent multi-line XML strings.
52+# Requires indent_align_string=True
53+indent_xml_string = 0 # number
54+
55+# Spaces to indent '{' from level
56+indent_brace = 0 # number
57+
58+# Whether braces are indented to the body level
59+indent_braces = false # false/true
60+
61+# Disabled indenting function braces if indent_braces is true
62+indent_braces_no_func = false # false/true
63+
64+# Disabled indenting class braces if indent_braces is true
65+indent_braces_no_class = false # false/true
66+
67+# Disabled indenting struct braces if indent_braces is true
68+indent_braces_no_struct = false # false/true
69+
70+# Indent based on the size of the brace parent, i.e. 'if' => 3 spaces, 'for' => 4 spaces, etc.
71+indent_brace_parent = false # false/true
72+
73+# Whether the 'namespace' body is indented
74+indent_namespace = false # false/true
75+
76+# The number of spaces to indent a namespace block
77+indent_namespace_level = 0 # number
78+
79+# If the body of the namespace is longer than this number, it won't be indented.
80+# Requires indent_namespace=true. Default=0 (no limit)
81+indent_namespace_limit = 0 # number
82+
83+# Whether the 'extern "C"' body is indented
84+indent_extern = false # false/true
85+
86+# Whether the 'class' body is indented
87+indent_class = false # false/true
88+
89+# Whether to indent the stuff after a leading class colon
90+indent_class_colon = false # false/true
91+
92+# False=treat 'else\nif' as 'else if' for indenting purposes
93+# True=indent the 'if' one level
94+indent_else_if = false # false/true
95+
96+# Amount to indent variable declarations after a open brace. neg=relative, pos=absolute
97+indent_var_def_blk = 0 # number
98+
99+# Indent continued variable declarations instead of aligning.
100+indent_var_def_cont = false # false/true
101+
102+# True: indent continued function call parameters one indent level
103+# False: align parameters under the open paren
104+indent_func_call_param = false # false/true
105+
106+# Same as indent_func_call_param, but for function defs
107+indent_func_def_param = false # false/true
108+
109+# Same as indent_func_call_param, but for function protos
110+indent_func_proto_param = false # false/true
111+
112+# Same as indent_func_call_param, but for class declarations
113+indent_func_class_param = false # false/true
114+
115+# Same as indent_func_call_param, but for class variable constructors
116+indent_func_ctor_var_param = false # false/true
117+
118+# Same as indent_func_call_param, but for templates
119+indent_template_param = false # false/true
120+
121+# Double the indent for indent_func_xxx_param options
122+indent_func_param_double = false # false/true
123+
124+# Indentation column for standalone 'const' function decl/proto qualifier
125+indent_func_const = 0 # number
126+
127+# Indentation column for standalone 'throw' function decl/proto qualifier
128+indent_func_throw = 0 # number
129+
130+# The number of spaces to indent a continued '->' or '.'
131+# Usually set to 0, 1, or indent_columns.
132+indent_member = 0 # number
133+
134+# Spaces to indent single line ('//') comments on lines before code
135+indent_sing_line_comments = 0 # number
136+
137+# If set, will indent trailing single line ('//') comments relative
138+# to the code instead of trying to keep the same absolute column
139+indent_relative_single_line_comments = false # false/true
140+
141+# Spaces to indent 'case' from 'switch'
142+# Usually 0 or indent_columns.
143+indent_switch_case = 0 # number
144+
145+# Spaces to shift the 'case' line, without affecting any other lines
146+# Usually 0.
147+indent_case_shift = 0 # number
148+
149+# Spaces to indent '{' from 'case'.
150+# By default, the brace will appear under the 'c' in case.
151+# Usually set to 0 or indent_columns.
152+indent_case_brace = 0 # number
153+
154+# Whether to indent comments found in first column
155+indent_col1_comment = false # false/true
156+
157+# How to indent goto labels
158+# >0 : absolute column where 1 is the leftmost column
159+# <=0 : subtract from brace indent
160+indent_label = 1 # number
161+
162+# Same as indent_label, but for access specifiers that are followed by a colon
163+indent_access_spec = 1 # number
164+
165+# Indent the code after an access specifier by one level.
166+# If set, this option forces 'indent_access_spec=0'
167+indent_access_spec_body = false # false/true
168+
169+# If an open paren is followed by a newline, indent the next line so that it lines up after the open paren (not recommended)
170+indent_paren_nl = false # false/true
171+
172+# Controls the indent of a close paren after a newline.
173+# 0: Indent to body level
174+# 1: Align under the open paren
175+# 2: Indent to the brace level
176+indent_paren_close = 0 # number
177+
178+# Controls the indent of a comma when inside a paren.If TRUE, aligns under the open paren
179+indent_comma_paren = false # false/true
180+
181+# Controls the indent of a BOOL operator when inside a paren.If TRUE, aligns under the open paren
182+indent_bool_paren = false # false/true
183+
184+# If 'indent_bool_paren' is true, controls the indent of the first expression. If TRUE, aligns the first expression to the following ones
185+indent_first_bool_expr = false # false/true
186+
187+# If an open square is followed by a newline, indent the next line so that it lines up after the open square (not recommended)
188+indent_square_nl = false # false/true
189+
190+# Don't change the relative indent of ESQL/C 'EXEC SQL' bodies
191+indent_preserve_sql = false # false/true
192+
193+# Align continued statements at the '='. Default=True
194+# If FALSE or the '=' is followed by a newline, the next line is indent one tab.
195+indent_align_assign = true # false/true
196+
197+#
198+# Spacing options
199+#
200+
201+# Add or remove space around arithmetic operator '+', '-', '/', '*', etc
202+sp_arith = add # ignore/add/remove/force
203+
204+# Add or remove space around assignment operator '=', '+=', etc
205+sp_assign = add # ignore/add/remove/force
206+
207+# Add or remove space around assignment operator '=' in a prototype
208+sp_assign_default = add # ignore/add/remove/force
209+
210+# Add or remove space before assignment operator '=', '+=', etc. Overrides sp_assign.
211+sp_before_assign = ignore # ignore/add/remove/force
212+
213+# Add or remove space after assignment operator '=', '+=', etc. Overrides sp_assign.
214+sp_after_assign = ignore # ignore/add/remove/force
215+
216+# Add or remove space around assignment '=' in enum
217+sp_enum_assign = add # ignore/add/remove/force
218+
219+# Add or remove space before assignment '=' in enum. Overrides sp_enum_assign.
220+sp_enum_before_assign = ignore # ignore/add/remove/force
221+
222+# Add or remove space after assignment '=' in enum. Overrides sp_enum_assign.
223+sp_enum_after_assign = ignore # ignore/add/remove/force
224+
225+# Add or remove space around preprocessor '##' concatenation operator. Default=Add
226+sp_pp_concat = add # ignore/add/remove/force
227+
228+# Add or remove space after preprocessor '#' stringify operator. Also affects the '#@' charizing operator. Default=Add
229+sp_pp_stringify = add # ignore/add/remove/force
230+
231+# Add or remove space around boolean operators '&&' and '||'
232+sp_bool = add # ignore/add/remove/force
233+
234+# Add or remove space around compare operator '<', '>', '==', etc
235+sp_compare = add # ignore/add/remove/force
236+
237+# Add or remove space inside '(' and ')'
238+sp_inside_paren = remove # ignore/add/remove/force
239+
240+# Add or remove space between nested parens
241+sp_paren_paren = remove # ignore/add/remove/force
242+
243+# Whether to balance spaces inside nested parens
244+sp_balance_nested_parens = false # false/true
245+
246+# Add or remove space between ')' and '{'
247+sp_paren_brace = force # ignore/add/remove/force
248+
249+# Add or remove space before pointer star '*'
250+sp_before_ptr_star = add # ignore/add/remove/force
251+
252+# Add or remove space before pointer star '*' that isn't followed by a variable name
253+# If set to 'ignore', sp_before_ptr_star is used instead.
254+sp_before_unnamed_ptr_star = ignore # ignore/add/remove/force
255+
256+# Add or remove space between pointer stars '*'
257+sp_between_ptr_star = remove # ignore/add/remove/force
258+
259+# Add or remove space after pointer star '*', if followed by a word.
260+sp_after_ptr_star = remove # ignore/add/remove/force
261+
262+# Add or remove space after a pointer star '*', if followed by a func proto/def.
263+sp_after_ptr_star_func = remove # ignore/add/remove/force
264+
265+# Add or remove space before a pointer star '*', if followed by a func proto/def.
266+sp_before_ptr_star_func = ignore # ignore/add/remove/force
267+
268+# Add or remove space before a reference sign '&'
269+sp_before_byref = force # ignore/add/remove/force
270+
271+# Add or remove space before a reference sign '&' that isn't followed by a variable name
272+# If set to 'ignore', sp_before_byref is used instead.
273+sp_before_unnamed_byref = add # ignore/add/remove/force
274+
275+# Add or remove space after reference sign '&', if followed by a word.
276+sp_after_byref = ignore # ignore/add/remove/force
277+
278+# Add or remove space after a reference sign '&', if followed by a func proto/def.
279+sp_after_byref_func = ignore # ignore/add/remove/force
280+
281+# Add or remove space before a reference sign '&', if followed by a func proto/def.
282+sp_before_byref_func = ignore # ignore/add/remove/force
283+
284+# Add or remove space between type and word. Default=Force
285+sp_after_type = ignore # ignore/add/remove/force
286+
287+# Add or remove space in 'template <' vs 'template<'.
288+# If set to ignore, sp_before_angle is used.
289+sp_template_angle = ignore # ignore/add/remove/force
290+
291+# Add or remove space before '<>'
292+sp_before_angle = ignore # ignore/add/remove/force
293+
294+# Add or remove space inside '<' and '>'
295+sp_inside_angle = ignore # ignore/add/remove/force
296+
297+# Add or remove space after '<>'
298+sp_after_angle = ignore # ignore/add/remove/force
299+
300+# Add or remove space between '<>' and '(' as found in 'new List<byte>();'
301+sp_angle_paren = ignore # ignore/add/remove/force
302+
303+# Add or remove space between '<>' and a word as in 'List<byte> m;'
304+sp_angle_word = ignore # ignore/add/remove/force
305+
306+# Add or remove space between '>' and '>' in '>>' (template stuff C++/C# only). Default=Add
307+sp_angle_shift = add # ignore/add/remove/force
308+
309+# Add or remove space before '(' of 'if', 'for', 'switch', and 'while'
310+sp_before_sparen = add # ignore/add/remove/force
311+
312+# Add or remove space inside if-condition '(' and ')'
313+sp_inside_sparen = remove # ignore/add/remove/force
314+
315+# Add or remove space before if-condition ')'. Overrides sp_inside_sparen.
316+sp_inside_sparen_close = ignore # ignore/add/remove/force
317+
318+# Add or remove space after ')' of 'if', 'for', 'switch', and 'while'
319+sp_after_sparen = ignore # ignore/add/remove/force
320+
321+# Add or remove space between ')' and '{' of 'if', 'for', 'switch', and 'while'
322+sp_sparen_brace = add # ignore/add/remove/force
323+
324+# Add or remove space between 'invariant' and '(' in the D language.
325+sp_invariant_paren = ignore # ignore/add/remove/force
326+
327+# Add or remove space after the ')' in 'invariant (C) c' in the D language.
328+sp_after_invariant_paren = ignore # ignore/add/remove/force
329+
330+# Add or remove space before empty statement ';' on 'if', 'for' and 'while'
331+sp_special_semi = add # ignore/add/remove/force
332+
333+# Add or remove space before ';'. Default=Remove
334+sp_before_semi = remove # ignore/add/remove/force
335+
336+# Add or remove space before ';' in non-empty 'for' statements
337+sp_before_semi_for = ignore # ignore/add/remove/force
338+
339+# Add or remove space before a semicolon of an empty part of a for statement.
340+sp_before_semi_for_empty = ignore # ignore/add/remove/force
341+
342+# Add or remove space after ';', except when followed by a comment. Default=Add
343+sp_after_semi = add # ignore/add/remove/force
344+
345+# Add or remove space after ';' in non-empty 'for' statements. Default=Force
346+sp_after_semi_for = force # ignore/add/remove/force
347+
348+# Add or remove space after the final semicolon of an empty part of a for statement: for ( ; ; <here> ).
349+sp_after_semi_for_empty = ignore # ignore/add/remove/force
350+
351+# Add or remove space before '[' (except '[]')
352+sp_before_square = remove # ignore/add/remove/force
353+
354+# Add or remove space before '[]'
355+sp_before_squares = ignore # ignore/add/remove/force
356+
357+# Add or remove space inside '[' and ']'
358+sp_inside_square = ignore # ignore/add/remove/force
359+
360+# Add or remove space after ','
361+sp_after_comma = add # ignore/add/remove/force
362+
363+# Add or remove space before ','
364+sp_before_comma = remove # ignore/add/remove/force
365+
366+# Add or remove space between an open paren and comma: '(,' vs '( ,'
367+sp_paren_comma = force # ignore/add/remove/force
368+
369+# Add or remove space before the variadic '...' when preceded by a non-punctuator
370+sp_before_ellipsis = ignore # ignore/add/remove/force
371+
372+# Add or remove space after class ':'
373+sp_after_class_colon = ignore # ignore/add/remove/force
374+
375+# Add or remove space before class ':'
376+sp_before_class_colon = ignore # ignore/add/remove/force
377+
378+# Add or remove space before case ':'. Default=Remove
379+sp_before_case_colon = remove # ignore/add/remove/force
380+
381+# Add or remove space between 'operator' and operator sign
382+sp_after_operator = ignore # ignore/add/remove/force
383+
384+# Add or remove space between the operator symbol and the open paren, as in 'operator ++('
385+sp_after_operator_sym = ignore # ignore/add/remove/force
386+
387+# Add or remove space after C/D cast, i.e. 'cast(int)a' vs 'cast(int) a' or '(int)a' vs '(int) a'
388+sp_after_cast = add # ignore/add/remove/force
389+
390+# Add or remove spaces inside cast parens
391+sp_inside_paren_cast = ignore # ignore/add/remove/force
392+
393+# Add or remove space between the type and open paren in a C++ cast, i.e. 'int(exp)' vs 'int (exp)'
394+sp_cpp_cast_paren = ignore # ignore/add/remove/force
395+
396+# Add or remove space between 'sizeof' and '('
397+sp_sizeof_paren = remove # ignore/add/remove/force
398+
399+# Add or remove space after the tag keyword (Pawn)
400+sp_after_tag = ignore # ignore/add/remove/force
401+
402+# Add or remove space inside enum '{' and '}'
403+sp_inside_braces_enum = add # ignore/add/remove/force
404+
405+# Add or remove space inside struct/union '{' and '}'
406+sp_inside_braces_struct = add # ignore/add/remove/force
407+
408+# Add or remove space inside '{' and '}'
409+sp_inside_braces = add # ignore/add/remove/force
410+
411+# Add or remove space inside '{}'
412+sp_inside_braces_empty = remove # ignore/add/remove/force
413+
414+# Add or remove space between return type and function name
415+# A minimum of 1 is forced except for pointer return types.
416+sp_type_func = ignore # ignore/add/remove/force
417+
418+# Add or remove space between function name and '(' on function declaration
419+sp_func_proto_paren = remove # ignore/add/remove/force
420+
421+# Add or remove space between function name and '(' on function definition
422+sp_func_def_paren = remove # ignore/add/remove/force
423+
424+# Add or remove space inside empty function '()'
425+sp_inside_fparens = remove # ignore/add/remove/force
426+
427+# Add or remove space inside function '(' and ')'
428+sp_inside_fparen = remove # ignore/add/remove/force
429+
430+# Add or remove space between ']' and '(' when part of a function call.
431+sp_square_fparen = ignore # ignore/add/remove/force
432+
433+# Add or remove space between ')' and '{' of function
434+sp_fparen_brace = add # ignore/add/remove/force
435+
436+# Add or remove space between function name and '(' on function calls
437+sp_func_call_paren = remove # ignore/add/remove/force
438+
439+# Add or remove space between function name and '()' on function calls without parameters.
440+# If set to 'ignore' (the default), sp_func_call_paren is used.
441+sp_func_call_paren_empty = ignore # ignore/add/remove/force
442+
443+# Add or remove space between the user function name and '(' on function calls
444+# You need to set a keyword to be a user function, like this: 'set func_call_user _' in the config file.
445+sp_func_call_user_paren = ignore # ignore/add/remove/force
446+
447+# Add or remove space between a constructor/destructor and the open paren
448+sp_func_class_paren = ignore # ignore/add/remove/force
449+
450+# Add or remove space between 'return' and '('
451+sp_return_paren = ignore # ignore/add/remove/force
452+
453+# Add or remove space between '__attribute__' and '('
454+sp_attribute_paren = ignore # ignore/add/remove/force
455+
456+# Add or remove space between 'defined' and '(' in '#if defined (FOO)'
457+sp_defined_paren = ignore # ignore/add/remove/force
458+
459+# Add or remove space between 'throw' and '(' in 'throw (something)'
460+sp_throw_paren = ignore # ignore/add/remove/force
461+
462+# Add or remove space between macro and value
463+sp_macro = ignore # ignore/add/remove/force
464+
465+# Add or remove space between macro function ')' and value
466+sp_macro_func = ignore # ignore/add/remove/force
467+
468+# Add or remove space between 'else' and '{' if on the same line
469+sp_else_brace = force # ignore/add/remove/force
470+
471+# Add or remove space between '}' and 'else' if on the same line
472+sp_brace_else = add # ignore/add/remove/force
473+
474+# Add or remove space between '}' and the name of a typedef on the same line
475+sp_brace_typedef = add # ignore/add/remove/force
476+
477+# Add or remove space between 'catch' and '{' if on the same line
478+sp_catch_brace = ignore # ignore/add/remove/force
479+
480+# Add or remove space between '}' and 'catch' if on the same line
481+sp_brace_catch = ignore # ignore/add/remove/force
482+
483+# Add or remove space between 'finally' and '{' if on the same line
484+sp_finally_brace = ignore # ignore/add/remove/force
485+
486+# Add or remove space between '}' and 'finally' if on the same line
487+sp_brace_finally = ignore # ignore/add/remove/force
488+
489+# Add or remove space between 'try' and '{' if on the same line
490+sp_try_brace = ignore # ignore/add/remove/force
491+
492+# Add or remove space between get/set and '{' if on the same line
493+sp_getset_brace = ignore # ignore/add/remove/force
494+
495+# Add or remove space before the '::' operator
496+sp_before_dc = ignore # ignore/add/remove/force
497+
498+# Add or remove space after the '::' operator
499+sp_after_dc = ignore # ignore/add/remove/force
500+
501+# Add or remove around the D named array initializer ':' operator
502+sp_d_array_colon = ignore # ignore/add/remove/force
503+
504+# Add or remove space after the '!' (not) operator. Default=Remove
505+sp_not = remove # ignore/add/remove/force
506+
507+# Add or remove space after the '~' (invert) operator. Default=Remove
508+sp_inv = remove # ignore/add/remove/force
509+
510+# Add or remove space after the '&' (address-of) operator. Default=Remove
511+# This does not affect the spacing after a '&' that is part of a type.
512+sp_addr = remove # ignore/add/remove/force
513+
514+# Add or remove space around the '.' or '->' operators. Default=Remove
515+sp_member = remove # ignore/add/remove/force
516+
517+# Add or remove space after the '*' (dereference) operator. Default=Remove
518+# This does not affect the spacing after a '*' that is part of a type.
519+sp_deref = remove # ignore/add/remove/force
520+
521+# Add or remove space after '+' or '-', as in 'x = -5' or 'y = +7'. Default=Remove
522+sp_sign = remove # ignore/add/remove/force
523+
524+# Add or remove space before or after '++' and '--', as in '(--x)' or 'y++;'. Default=Remove
525+sp_incdec = remove # ignore/add/remove/force
526+
527+# Add or remove space before a backslash-newline at the end of a line. Default=Add
528+sp_before_nl_cont = add # ignore/add/remove/force
529+
530+# Add or remove space after the scope '+' or '-', as in '-(void) foo;' or '+(int) bar;'
531+sp_after_oc_scope = ignore # ignore/add/remove/force
532+
533+# Add or remove space after the colon in message specs
534+# '-(int) f:(int) x;' vs '-(int) f: (int) x;'
535+sp_after_oc_colon = ignore # ignore/add/remove/force
536+
537+# Add or remove space before the colon in message specs
538+# '-(int) f: (int) x;' vs '-(int) f : (int) x;'
539+sp_before_oc_colon = ignore # ignore/add/remove/force
540+
541+# Add or remove space after the colon in message specs
542+# '[object setValue:1];' vs '[object setValue: 1];'
543+sp_after_send_oc_colon = ignore # ignore/add/remove/force
544+
545+# Add or remove space before the colon in message specs
546+# '[object setValue:1];' vs '[object setValue :1];'
547+sp_before_send_oc_colon = ignore # ignore/add/remove/force
548+
549+# Add or remove space after the (type) in message specs
550+# '-(int)f: (int) x;' vs '-(int)f: (int)x;'
551+sp_after_oc_type = ignore # ignore/add/remove/force
552+
553+# Add or remove space after the first (type) in message specs
554+# '-(int) f:(int)x;' vs '-(int)f:(int)x;'
555+sp_after_oc_return_type = ignore # ignore/add/remove/force
556+
557+# Add or remove space between '@selector' and '('
558+# '@selector(msgName)' vs '@selector (msgName)'
559+# Also applies to @protocol() constructs
560+sp_after_oc_at_sel = ignore # ignore/add/remove/force
561+
562+# Add or remove space between '@selector(x)' and the following word
563+# '@selector(foo) a:' vs '@selector(foo)a:'
564+sp_after_oc_at_sel_parens = ignore # ignore/add/remove/force
565+
566+# Add or remove space inside '@selector' parens
567+# '@selector(foo)' vs '@selector( foo )'
568+# Also applies to @protocol() constructs
569+sp_inside_oc_at_sel_parens = ignore # ignore/add/remove/force
570+
571+# Add or remove space before a block pointer caret
572+# '^int (int arg){...}' vs. ' ^int (int arg){...}'
573+sp_before_oc_block_caret = ignore # ignore/add/remove/force
574+
575+# Add or remove space after a block pointer caret
576+# '^int (int arg){...}' vs. '^ int (int arg){...}'
577+sp_after_oc_block_caret = ignore # ignore/add/remove/force
578+
579+# Add or remove space around the ':' in 'b ? t : f'
580+sp_cond_colon = add # ignore/add/remove/force
581+
582+# Add or remove space around the '?' in 'b ? t : f'
583+sp_cond_question = add # ignore/add/remove/force
584+
585+# Fix the spacing between 'case' and the label. Only 'ignore' and 'force' make sense here.
586+sp_case_label = ignore # ignore/add/remove/force
587+
588+# Control the space around the D '..' operator.
589+sp_range = ignore # ignore/add/remove/force
590+
591+# Control the space after the opening of a C++ comment '// A' vs '//A'
592+sp_cmt_cpp_start = ignore # ignore/add/remove/force
593+
594+# Controls the spaces between #else or #endif and a trailing comment
595+sp_endif_cmt = force # ignore/add/remove/force
596+
597+#
598+# Code alignment (not left column spaces/tabs)
599+#
600+
601+# Whether to keep non-indenting tabs
602+align_keep_tabs = false # false/true
603+
604+# Whether to use tabs for aligning
605+align_with_tabs = false # false/true
606+
607+# Whether to bump out to the next tab when aligning
608+align_on_tabstop = false # false/true
609+
610+# Whether to left-align numbers
611+align_number_left = false # false/true
612+
613+# Align variable definitions in prototypes and functions
614+align_func_params = false # false/true
615+
616+# Align parameters in single-line functions that have the same name.
617+# The function names must already be aligned with each other.
618+align_same_func_call_params = false # false/true
619+
620+# The span for aligning variable definitions (0=don't align)
621+align_var_def_span = 1 # number
622+
623+# How to align the star in variable definitions.
624+# 0=Part of the type 'void * foo;'
625+# 1=Part of the variable 'void *foo;'
626+# 2=Dangling 'void *foo;'
627+align_var_def_star_style = 2 # number
628+
629+# How to align the '&' in variable definitions.
630+# 0=Part of the type
631+# 1=Part of the variable
632+# 2=Dangling
633+align_var_def_amp_style = 0 # number
634+
635+# The threshold for aligning variable definitions (0=no limit)
636+align_var_def_thresh = 0 # number
637+
638+# The gap for aligning variable definitions
639+align_var_def_gap = 0 # number
640+
641+# Whether to align the colon in struct bit fields
642+align_var_def_colon = false # false/true
643+
644+# Whether to align any attribute after the variable name
645+align_var_def_attribute = false # false/true
646+
647+# Whether to align inline struct/enum/union variable definitions
648+align_var_def_inline = false # false/true
649+
650+# The span for aligning on '=' in assignments (0=don't align)
651+align_assign_span = 1 # number
652+
653+# The threshold for aligning on '=' in assignments (0=no limit)
654+align_assign_thresh = 0 # number
655+
656+# The span for aligning on '=' in enums (0=don't align)
657+align_enum_equ_span = 1 # number
658+
659+# The threshold for aligning on '=' in enums (0=no limit)
660+align_enum_equ_thresh = 0 # number
661+
662+# The span for aligning struct/union (0=don't align)
663+align_var_struct_span = 1 # number
664+
665+# The threshold for aligning struct/union member definitions (0=no limit)
666+align_var_struct_thresh = 0 # number
667+
668+# The gap for aligning struct/union member definitions
669+align_var_struct_gap = 0 # number
670+
671+# The span for aligning struct initializer values (0=don't align)
672+align_struct_init_span = 1 # number
673+
674+# The minimum space between the type and the synonym of a typedef
675+align_typedef_gap = 0 # number
676+
677+# The span for aligning single-line typedefs (0=don't align)
678+align_typedef_span = 0 # number
679+
680+# How to align typedef'd functions with other typedefs
681+# 0: Don't mix them at all
682+# 1: align the open paren with the types
683+# 2: align the function type name with the other type names
684+align_typedef_func = 0 # number
685+
686+# Controls the positioning of the '*' in typedefs. Just try it.
687+# 0: Align on typedef type, ignore '*'
688+# 1: The '*' is part of type name: typedef int *pint;
689+# 2: The '*' is part of the type, but dangling: typedef int *pint;
690+align_typedef_star_style = 0 # number
691+
692+# Controls the positioning of the '&' in typedefs. Just try it.
693+# 0: Align on typedef type, ignore '&'
694+# 1: The '&' is part of type name: typedef int &pint;
695+# 2: The '&' is part of the type, but dangling: typedef int &pint;
696+align_typedef_amp_style = 0 # number
697+
698+# The span for aligning comments that end lines (0=don't align)
699+align_right_cmt_span = 0 # number
700+
701+# If aligning comments, mix with comments after '}' and #endif with less than 3 spaces before the comment
702+align_right_cmt_mix = false # false/true
703+
704+# If a trailing comment is more than this number of columns away from the text it follows,
705+# it will qualify for being aligned. This has to be > 0 to do anything.
706+align_right_cmt_gap = 0 # number
707+
708+# Align trailing comment at or beyond column N; 'pulls in' comments as a bonus side effect (0=ignore)
709+align_right_cmt_at_col = 0 # number
710+
711+# The span for aligning function prototypes (0=don't align)
712+align_func_proto_span = 0 # number
713+
714+# Minimum gap between the return type and the function name.
715+align_func_proto_gap = 0 # number
716+
717+# Align function protos on the 'operator' keyword instead of what follows
718+align_on_operator = false # false/true
719+
720+# Whether to mix aligning prototype and variable declarations.
721+# If true, align_var_def_XXX options are used instead of align_func_proto_XXX options.
722+align_mix_var_proto = false # false/true
723+
724+# Align single-line functions with function prototypes, uses align_func_proto_span
725+align_single_line_func = false # false/true
726+
727+# Aligning the open brace of single-line functions.
728+# Requires align_single_line_func=true, uses align_func_proto_span
729+align_single_line_brace = false # false/true
730+
731+# Gap for align_single_line_brace.
732+align_single_line_brace_gap = 0 # number
733+
734+# The span for aligning ObjC msg spec (0=don't align)
735+align_oc_msg_spec_span = 0 # number
736+
737+# Whether to align macros wrapped with a backslash and a newline.
738+# This will not work right if the macro contains a multi-line comment.
739+align_nl_cont = false # false/true
740+
741+# The minimum space between label and value of a preprocessor define
742+align_pp_define_gap = 0 # number
743+
744+# The span for aligning on '#define' bodies (0=don't align)
745+align_pp_define_span = 0 # number
746+
747+# Align lines that start with '<<' with previous '<<'. Default=true
748+align_left_shift = true # false/true
749+
750+# Span for aligning parameters in an Obj-C message call on the ':' (0=don't align)
751+align_oc_msg_colon_span = 0 # number
752+
753+# Aligning parameters in an Obj-C '+' or '-' declaration on the ':'
754+align_oc_decl_colon = false # false/true
755+
756+#
757+# Newline adding and removing options
758+#
759+
760+# Whether to collapse empty blocks between '{' and '}'
761+nl_collapse_empty_body = false # false/true
762+
763+# Don't split one-line braced assignments - 'foo_t f = { 1, 2 };'
764+nl_assign_leave_one_liners = false # false/true
765+
766+# Don't split one-line braced statements inside a class xx { } body
767+nl_class_leave_one_liners = false # false/true
768+
769+# Don't split one-line enums: 'enum foo { BAR = 15 };'
770+nl_enum_leave_one_liners = false # false/true
771+
772+# Don't split one-line get or set functions
773+nl_getset_leave_one_liners = false # false/true
774+
775+# Don't split one-line function definitions - 'int foo() { return 0; }'
776+nl_func_leave_one_liners = false # false/true
777+
778+# Don't split one-line if/else statements - 'if(a) b++;'
779+nl_if_leave_one_liners = false # false/true
780+
781+# Add or remove newlines at the start of the file
782+nl_start_of_file = remove # ignore/add/remove/force
783+
784+# The number of newlines at the start of the file (only used if nl_start_of_file is 'add' or 'force'
785+nl_start_of_file_min = 0 # number
786+
787+# Add or remove newline at the end of the file
788+nl_end_of_file = force # ignore/add/remove/force
789+
790+# The number of newlines at the end of the file (only used if nl_end_of_file is 'add' or 'force')
791+nl_end_of_file_min = 1 # number
792+
793+# Add or remove newline between '=' and '{'
794+nl_assign_brace = ignore # ignore/add/remove/force
795+
796+# Add or remove newline between '=' and '[' (D only)
797+nl_assign_square = ignore # ignore/add/remove/force
798+
799+# Add or remove newline after '= [' (D only). Will also affect the newline before the ']'
800+nl_after_square_assign = ignore # ignore/add/remove/force
801+
802+# The number of blank lines after a block of variable definitions
803+nl_func_var_def_blk = 0 # number
804+
805+# Add or remove newline between a function call's ')' and '{', as in:
806+# list_for_each(item, &list) { }
807+nl_fcall_brace = ignore # ignore/add/remove/force
808+
809+# Add or remove newline between 'enum' and '{'
810+nl_enum_brace = remove # ignore/add/remove/force
811+
812+# Add or remove newline between 'struct and '{'
813+nl_struct_brace = remove # ignore/add/remove/force
814+
815+# Add or remove newline between 'union' and '{'
816+nl_union_brace = remove # ignore/add/remove/force
817+
818+# Add or remove newline between 'if' and '{'
819+nl_if_brace = remove # ignore/add/remove/force
820+
821+# Add or remove newline between '}' and 'else'
822+nl_brace_else = remove # ignore/add/remove/force
823+
824+# Add or remove newline between 'else if' and '{'
825+# If set to ignore, nl_if_brace is used instead
826+nl_elseif_brace = ignore # ignore/add/remove/force
827+
828+# Add or remove newline between 'else' and '{'
829+nl_else_brace = remove # ignore/add/remove/force
830+
831+# Add or remove newline between 'else' and 'if'
832+nl_else_if = remove # ignore/add/remove/force
833+
834+# Add or remove newline between '}' and 'finally'
835+nl_brace_finally = ignore # ignore/add/remove/force
836+
837+# Add or remove newline between 'finally' and '{'
838+nl_finally_brace = ignore # ignore/add/remove/force
839+
840+# Add or remove newline between 'try' and '{'
841+nl_try_brace = ignore # ignore/add/remove/force
842+
843+# Add or remove newline between get/set and '{'
844+nl_getset_brace = ignore # ignore/add/remove/force
845+
846+# Add or remove newline between 'for' and '{'
847+nl_for_brace = remove # ignore/add/remove/force
848+
849+# Add or remove newline between 'catch' and '{'
850+nl_catch_brace = ignore # ignore/add/remove/force
851+
852+# Add or remove newline between '}' and 'catch'
853+nl_brace_catch = ignore # ignore/add/remove/force
854+
855+# Add or remove newline between 'while' and '{'
856+nl_while_brace = remove # ignore/add/remove/force
857+
858+# Add or remove newline between 'using' and '{'
859+nl_using_brace = ignore # ignore/add/remove/force
860+
861+# Add or remove newline between two open or close braces.
862+# Due to general newline/brace handling, REMOVE may not work.
863+nl_brace_brace = ignore # ignore/add/remove/force
864+
865+# Add or remove newline between 'do' and '{'
866+nl_do_brace = remove # ignore/add/remove/force
867+
868+# Add or remove newline between '}' and 'while' of 'do' statement
869+nl_brace_while = remove # ignore/add/remove/force
870+
871+# Add or remove newline between 'switch' and '{'
872+nl_switch_brace = remove # ignore/add/remove/force
873+
874+# Add a newline between ')' and '{' if the ')' is on a different line than the if/for/etc.
875+# Overrides nl_for_brace, nl_if_brace, nl_switch_brace, nl_while_switch, and nl_catch_brace.
876+nl_multi_line_cond = false # false/true
877+
878+# Force a newline in a define after the macro name for multi-line defines.
879+nl_multi_line_define = false # false/true
880+
881+# Whether to put a newline before 'case' statement
882+nl_before_case = false # false/true
883+
884+# Add or remove newline between ')' and 'throw'
885+nl_before_throw = ignore # ignore/add/remove/force
886+
887+# Whether to put a newline after 'case' statement
888+nl_after_case = false # false/true
889+
890+# Newline between namespace and {
891+nl_namespace_brace = ignore # ignore/add/remove/force
892+
893+# Add or remove newline between 'template<>' and whatever follows.
894+nl_template_class = ignore # ignore/add/remove/force
895+
896+# Add or remove newline between 'class' and '{'
897+nl_class_brace = ignore # ignore/add/remove/force
898+
899+# Add or remove newline after each ',' in the constructor member initialization
900+nl_class_init_args = ignore # ignore/add/remove/force
901+
902+# Add or remove newline between return type and function name in a function definition
903+nl_func_type_name = remove # ignore/add/remove/force
904+
905+# Add or remove newline between return type and function name inside a class {}
906+# Uses nl_func_type_name or nl_func_proto_type_name if set to ignore.
907+nl_func_type_name_class = ignore # ignore/add/remove/force
908+
909+# Add or remove newline between function scope and name in a definition
910+# Controls the newline after '::' in 'void A::f() { }'
911+nl_func_scope_name = ignore # ignore/add/remove/force
912+
913+# Add or remove newline between return type and function name in a prototype
914+nl_func_proto_type_name = remove # ignore/add/remove/force
915+
916+# Add or remove newline between a function name and the opening '('
917+nl_func_paren = remove # ignore/add/remove/force
918+
919+# Add or remove newline between a function name and the opening '(' in the definition
920+nl_func_def_paren = remove # ignore/add/remove/force
921+
922+# Add or remove newline after '(' in a function declaration
923+nl_func_decl_start = remove # ignore/add/remove/force
924+
925+# Add or remove newline after '(' in a function definition
926+nl_func_def_start = ignore # ignore/add/remove/force
927+
928+# Overrides nl_func_decl_start when there is only one parameter.
929+nl_func_decl_start_single = ignore # ignore/add/remove/force
930+
931+# Overrides nl_func_def_start when there is only one parameter.
932+nl_func_def_start_single = ignore # ignore/add/remove/force
933+
934+# Add or remove newline after each ',' in a function declaration
935+nl_func_decl_args = ignore # ignore/add/remove/force
936+
937+# Add or remove newline after each ',' in a function definition
938+nl_func_def_args = ignore # ignore/add/remove/force
939+
940+# Add or remove newline before the ')' in a function declaration
941+nl_func_decl_end = remove # ignore/add/remove/force
942+
943+# Add or remove newline before the ')' in a function definition
944+nl_func_def_end = remove # ignore/add/remove/force
945+
946+# Overrides nl_func_decl_end when there is only one parameter.
947+nl_func_decl_end_single = ignore # ignore/add/remove/force
948+
949+# Overrides nl_func_def_end when there is only one parameter.
950+nl_func_def_end_single = ignore # ignore/add/remove/force
951+
952+# Add or remove newline between '()' in a function declaration.
953+nl_func_decl_empty = ignore # ignore/add/remove/force
954+
955+# Add or remove newline between '()' in a function definition.
956+nl_func_def_empty = ignore # ignore/add/remove/force
957+
958+# Add or remove newline between function signature and '{'
959+nl_fdef_brace = add # ignore/add/remove/force
960+
961+# Whether to put a newline after 'return' statement
962+nl_after_return = false # false/true
963+
964+# Add or remove a newline between the return keyword and return expression.
965+nl_return_expr = ignore # ignore/add/remove/force
966+
967+# Whether to put a newline after semicolons, except in 'for' statements
968+nl_after_semicolon = true # false/true
969+
970+# Whether to put a newline after brace open.
971+# This also adds a newline before the matching brace close.
972+nl_after_brace_open = false # false/true
973+
974+# If nl_after_brace_open and nl_after_brace_open_cmt are true, a newline is
975+# placed between the open brace and a trailing single-line comment.
976+nl_after_brace_open_cmt = false # false/true
977+
978+# Whether to put a newline after a virtual brace open with a non-empty body.
979+# These occur in un-braced if/while/do/for statement bodies.
980+nl_after_vbrace_open = true # false/true
981+
982+# Whether to put a newline after a virtual brace open with an empty body.
983+# These occur in un-braced if/while/do/for statement bodies.
984+nl_after_vbrace_open_empty = true # false/true
985+
986+# Whether to put a newline after a brace close.
987+# Does not apply if followed by a necessary ';'.
988+nl_after_brace_close = false # false/true
989+
990+# Whether to put a newline after a virtual brace close.
991+# Would add a newline before return in: 'if (foo) a++; return;'
992+nl_after_vbrace_close = false # false/true
993+
994+# Whether to alter newlines in '#define' macros
995+nl_define_macro = false # false/true
996+
997+# Whether to not put blanks after '#ifxx', '#elxx', or before '#endif'
998+nl_squeeze_ifdef = false # false/true
999+
1000+# Add or remove blank line before 'if'
1001+nl_before_if = ignore # ignore/add/remove/force
1002+
1003+# Add or remove blank line after 'if' statement
1004+nl_after_if = ignore # ignore/add/remove/force
1005+
1006+# Add or remove blank line before 'for'
1007+nl_before_for = ignore # ignore/add/remove/force
1008+
1009+# Add or remove blank line after 'for' statement
1010+nl_after_for = ignore # ignore/add/remove/force
1011+
1012+# Add or remove blank line before 'while'
1013+nl_before_while = ignore # ignore/add/remove/force
1014+
1015+# Add or remove blank line after 'while' statement
1016+nl_after_while = ignore # ignore/add/remove/force
1017+
1018+# Add or remove blank line before 'switch'
1019+nl_before_switch = ignore # ignore/add/remove/force
1020+
1021+# Add or remove blank line after 'switch' statement
1022+nl_after_switch = ignore # ignore/add/remove/force
1023+
1024+# Add or remove blank line before 'do'
1025+nl_before_do = ignore # ignore/add/remove/force
1026+
1027+# Add or remove blank line after 'do/while' statement
1028+nl_after_do = ignore # ignore/add/remove/force
1029+
1030+# Whether to double-space commented-entries in struct/enum
1031+nl_ds_struct_enum_cmt = false # false/true
1032+
1033+# Whether to double-space before the close brace of a struct/union/enum
1034+# (lower priority than 'eat_blanks_before_close_brace')
1035+nl_ds_struct_enum_close_brace = false # false/true
1036+
1037+# Add or remove a newline around a class colon.
1038+# Related to pos_class_colon, nl_class_init_args, and pos_comma.
1039+nl_class_colon = ignore # ignore/add/remove/force
1040+
1041+# Change simple unbraced if statements into a one-liner
1042+# 'if(b)\n i++;' => 'if(b) i++;'
1043+nl_create_if_one_liner = false # false/true
1044+
1045+# Change simple unbraced for statements into a one-liner
1046+# 'for (i=0;i<5;i++)\n foo(i);' => 'for (i=0;i<5;i++) foo(i);'
1047+nl_create_for_one_liner = false # false/true
1048+
1049+# Change simple unbraced while statements into a one-liner
1050+# 'while (i<5)\n foo(i++);' => 'while (i<5) foo(i++);'
1051+nl_create_while_one_liner = false # false/true
1052+
1053+#
1054+# Positioning options
1055+#
1056+
1057+# The position of arithmetic operators in wrapped expressions
1058+pos_arith = ignore # ignore/lead/lead_break/lead_force/trail/trail_break/trail_force
1059+
1060+# The position of assignment in wrapped expressions.
1061+# Do not affect '=' followed by '{'
1062+pos_assign = ignore # ignore/lead/lead_break/lead_force/trail/trail_break/trail_force
1063+
1064+# The position of boolean operators in wrapped expressions
1065+pos_bool = ignore # ignore/lead/lead_break/lead_force/trail/trail_break/trail_force
1066+
1067+# The position of comparison operators in wrapped expressions
1068+pos_compare = ignore # ignore/lead/lead_break/lead_force/trail/trail_break/trail_force
1069+
1070+# The position of conditional (b ? t : f) operators in wrapped expressions
1071+pos_conditional = ignore # ignore/lead/lead_break/lead_force/trail/trail_break/trail_force
1072+
1073+# The position of the comma in wrapped expressions
1074+pos_comma = ignore # ignore/lead/lead_break/lead_force/trail/trail_break/trail_force
1075+
1076+# The position of the comma in the constructor initialization list
1077+pos_class_comma = ignore # ignore/lead/lead_break/lead_force/trail/trail_break/trail_force
1078+
1079+# The position of colons between constructor and member initialization
1080+pos_class_colon = ignore # ignore/lead/lead_break/lead_force/trail/trail_break/trail_force
1081+
1082+#
1083+# Line Splitting options
1084+#
1085+
1086+# Try to limit code width to N number of columns
1087+code_width = 0 # number
1088+
1089+# Whether to fully split long 'for' statements at semi-colons
1090+ls_for_split_full = false # false/true
1091+
1092+# Whether to fully split long function protos/calls at commas
1093+ls_func_split_full = false # false/true
1094+
1095+#
1096+# Blank line options
1097+#
1098+
1099+# The maximum consecutive newlines
1100+nl_max = 0 # number
1101+
1102+# The number of newlines after a function prototype, if followed by another function prototype
1103+nl_after_func_proto = 0 # number
1104+
1105+# The number of newlines after a function prototype, if not followed by another function prototype
1106+nl_after_func_proto_group = 0 # number
1107+
1108+# The number of newlines after '}' of a multi-line function body
1109+nl_after_func_body = 2 # number
1110+
1111+# The number of newlines after '}' of a single line function body
1112+nl_after_func_body_one_liner = 2 # number
1113+
1114+# The minimum number of newlines before a multi-line comment.
1115+# Doesn't apply if after a brace open or another multi-line comment.
1116+nl_before_block_comment = 0 # number
1117+
1118+# The minimum number of newlines before a single-line C comment.
1119+# Doesn't apply if after a brace open or other single-line C comments.
1120+nl_before_c_comment = 0 # number
1121+
1122+# The minimum number of newlines before a CPP comment.
1123+# Doesn't apply if after a brace open or other CPP comments.
1124+nl_before_cpp_comment = 0 # number
1125+
1126+# Whether to force a newline after a multi-line comment.
1127+nl_after_multiline_comment = false # false/true
1128+
1129+# The number of newlines before a 'private:', 'public:', 'protected:', 'signals:', or 'slots:' label.
1130+# Will not change the newline count if after a brace open.
1131+# 0 = No change.
1132+nl_before_access_spec = 0 # number
1133+
1134+# The number of newlines after a 'private:', 'public:', 'protected:', 'signals:', or 'slots:' label.
1135+# 0 = No change.
1136+nl_after_access_spec = 0 # number
1137+
1138+# The number of newlines between a function def and the function comment.
1139+# 0 = No change.
1140+nl_comment_func_def = 0 # number
1141+
1142+# The number of newlines after a try-catch-finally block that isn't followed by a brace close.
1143+# 0 = No change.
1144+nl_after_try_catch_finally = 0 # number
1145+
1146+# The number of newlines before and after a property, indexer or event decl.
1147+# 0 = No change.
1148+nl_around_cs_property = 0 # number
1149+
1150+# The number of newlines between the get/set/add/remove handlers in C#.
1151+# 0 = No change.
1152+nl_between_get_set = 0 # number
1153+
1154+# Whether to remove blank lines after '{'
1155+eat_blanks_after_open_brace = true # false/true
1156+
1157+# Whether to remove blank lines before '}'
1158+eat_blanks_before_close_brace = true # false/true
1159+
1160+#
1161+# Code modifying options (non-whitespace)
1162+#
1163+
1164+# Add or remove braces on single-line 'do' statement
1165+mod_full_brace_do = add # ignore/add/remove/force
1166+
1167+# Add or remove braces on single-line 'for' statement
1168+mod_full_brace_for = add # ignore/add/remove/force
1169+
1170+# Add or remove braces on single-line function definitions. (Pawn)
1171+mod_full_brace_function = ignore # ignore/add/remove/force
1172+
1173+# Add or remove braces on single-line 'if' statement. Will not remove the braces if they contain an 'else'.
1174+mod_full_brace_if = add # ignore/add/remove/force
1175+
1176+# Make all if/elseif/else statements in a chain be braced or not. Overrides mod_full_brace_if.
1177+# If any must be braced, they are all braced. If all can be unbraced, then the braces are removed.
1178+mod_full_brace_if_chain = false # false/true
1179+
1180+# Don't remove braces around statements that span N newlines
1181+mod_full_brace_nl = 0 # number
1182+
1183+# Add or remove braces on single-line 'while' statement
1184+mod_full_brace_while = add # ignore/add/remove/force
1185+
1186+# Add or remove braces on single-line 'using ()' statement
1187+mod_full_brace_using = add # ignore/add/remove/force
1188+
1189+# Add or remove unnecessary paren on 'return' statement
1190+mod_paren_on_return = remove # ignore/add/remove/force
1191+
1192+# Whether to change optional semicolons to real semicolons
1193+mod_pawn_semicolon = false # false/true
1194+
1195+# Add parens on 'while' and 'if' statement around bools
1196+mod_full_paren_if_bool = false # false/true
1197+
1198+# Whether to remove superfluous semicolons
1199+mod_remove_extra_semicolon = false # false/true
1200+
1201+# If a function body exceeds the specified number of newlines and doesn't have a comment after
1202+# the close brace, a comment will be added.
1203+mod_add_long_function_closebrace_comment = 0 # number
1204+
1205+# If a switch body exceeds the specified number of newlines and doesn't have a comment after
1206+# the close brace, a comment will be added.
1207+mod_add_long_switch_closebrace_comment = 0 # number
1208+
1209+# If an #ifdef body exceeds the specified number of newlines and doesn't have a comment after
1210+# the #else, a comment will be added.
1211+mod_add_long_ifdef_endif_comment = 0 # number
1212+
1213+# If an #ifdef or #else body exceeds the specified number of newlines and doesn't have a comment after
1214+# the #endif, a comment will be added.
1215+mod_add_long_ifdef_else_comment = 0 # number
1216+
1217+# If TRUE, will sort consecutive single-line 'import' statements [Java, D]
1218+mod_sort_import = false # false/true
1219+
1220+# If TRUE, will sort consecutive single-line 'using' statements [C#]
1221+mod_sort_using = false # false/true
1222+
1223+# If TRUE, will sort consecutive single-line '#include' statements [C/C++] and '#import' statements [Obj-C]
1224+# This is generally a bad idea, as it may break your code.
1225+mod_sort_include = false # false/true
1226+
1227+# If TRUE, it will move a 'break' that appears after a fully braced 'case' before the close brace.
1228+mod_move_case_break = false # false/true
1229+
1230+# Will add or remove the braces around a fully braced case statement.
1231+# Will only remove the braces if there are no variable declarations in the block.
1232+mod_case_brace = ignore # ignore/add/remove/force
1233+
1234+# If TRUE, it will remove a void 'return;' that appears as the last statement in a function.
1235+mod_remove_empty_return = false # false/true
1236+
1237+#
1238+# Comment modifications
1239+#
1240+
1241+# Try to wrap comments at cmt_width columns
1242+cmt_width = 0 # number
1243+
1244+# Set the comment reflow mode (default: 0)
1245+# 0: no reflowing (apart from the line wrapping due to cmt_width)
1246+# 1: no touching at all
1247+# 2: full reflow
1248+cmt_reflow_mode = 0 # number
1249+
1250+# If false, disable all multi-line comment changes, including cmt_width. keyword substitution, and leading chars.
1251+# Default is true.
1252+cmt_indent_multi = true # false/true
1253+
1254+# Whether to group c-comments that look like they are in a block
1255+cmt_c_group = false # false/true
1256+
1257+# Whether to put an empty '/*' on the first line of the combined c-comment
1258+cmt_c_nl_start = false # false/true
1259+
1260+# Whether to put a newline before the closing '*/' of the combined c-comment
1261+cmt_c_nl_end = false # false/true
1262+
1263+# Whether to group cpp-comments that look like they are in a block
1264+cmt_cpp_group = false # false/true
1265+
1266+# Whether to put an empty '/*' on the first line of the combined cpp-comment
1267+cmt_cpp_nl_start = false # false/true
1268+
1269+# Whether to put a newline before the closing '*/' of the combined cpp-comment
1270+cmt_cpp_nl_end = false # false/true
1271+
1272+# Whether to change cpp-comments into c-comments
1273+cmt_cpp_to_c = false # false/true
1274+
1275+# Whether to put a star on subsequent comment lines
1276+cmt_star_cont = true # false/true
1277+
1278+# The number of spaces to insert at the start of subsequent comment lines
1279+cmt_sp_before_star_cont = 0 # number
1280+
1281+# The number of spaces to insert after the star on subsequent comment lines
1282+cmt_sp_after_star_cont = 0 # number
1283+
1284+# For multi-line comments with a '*' lead, remove leading spaces if the first and last lines of
1285+# the comment are the same length. Default=True
1286+cmt_multi_check_last = false # false/true
1287+
1288+# The filename that contains text to insert at the head of a file if the file doesn't start with a C/C++ comment.
1289+# Will substitute $(filename) with the current file's name.
1290+cmt_insert_file_header = "" # string
1291+
1292+# The filename that contains text to insert at the end of a file if the file doesn't end with a C/C++ comment.
1293+# Will substitute $(filename) with the current file's name.
1294+cmt_insert_file_footer = "" # string
1295+
1296+# The filename that contains text to insert before a function implementation if the function isn't preceded with a C/C++ comment.
1297+# Will substitute $(function) with the function name and $(javaparam) with the javadoc @param and @return stuff.
1298+# Will also substitute $(fclass) with the class name: void CFoo::Bar() { ... }
1299+cmt_insert_func_header = "" # string
1300+
1301+# The filename that contains text to insert before a class if the class isn't preceded with a C/C++ comment.
1302+# Will substitute $(class) with the class name.
1303+cmt_insert_class_header = "" # string
1304+
1305+# If a preprocessor is encountered when stepping backwards from a function name, then
1306+# this option decides whether the comment should be inserted.
1307+# Affects cmt_insert_func_header and cmt_insert_class_header.
1308+cmt_insert_before_preproc = false # false/true
1309+
1310+#
1311+# Preprocessor options
1312+#
1313+
1314+# Control indent of preprocessors inside #if blocks at brace level 0
1315+pp_indent = remove # ignore/add/remove/force
1316+
1317+# Whether to indent #if/#else/#endif at the brace level (true) or from column 1 (false)
1318+pp_indent_at_level = false # false/true
1319+
1320+# If pp_indent_at_level=false, specifies the number of columns to indent per level. Default=1.
1321+pp_indent_count = 1 # number
1322+
1323+# Add or remove space after # based on pp_level of #if blocks
1324+pp_space = remove # ignore/add/remove/force
1325+
1326+# Sets the number of spaces added with pp_space
1327+pp_space_count = 0 # number
1328+
1329+# The indent for #region and #endregion in C# and '#pragma region' in C/C++
1330+pp_indent_region = 0 # number
1331+
1332+# Whether to indent the code between #region and #endregion
1333+pp_region_indent_code = false # false/true
1334+
1335+# If pp_indent_at_level=true, sets the indent for #if, #else, and #endif when not at file-level
1336+pp_indent_if = 0 # number
1337+
1338+# Control whether to indent the code between #if, #else and #endif when not at file-level
1339+pp_if_indent_code = false # false/true
1340+
1341+# Whether to indent '#define' at the brace level (true) or from column 1 (false)
1342+pp_define_at_level = false # false/true
1343+
1344+# You can force a token to be a type with the 'type' option.
1345+# Example:
1346+# type myfoo1 myfoo2
1347+#
1348+# You can create custom macro-based indentation using macro-open,
1349+# macro-else and macro-close.
1350+# Example:
1351+# macro-open BEGIN_TEMPLATE_MESSAGE_MAP
1352+# macro-open BEGIN_MESSAGE_MAP
1353+# macro-close END_MESSAGE_MAP
1354+#
1355+# You can assign any keyword to any type with the set option.
1356+# set func_call_user _ N_
1357+#
1358+# The full syntax description of all custom definition config entries
1359+# is shown below:
1360+#
1361+# define custom tokens as:
1362+# - embed whitespace in token using '' escape character, or
1363+# put token in quotes
1364+# - these: ' " and ` are recognized as quote delimiters
1365+#
1366+# type token1 token2 token3 ...
1367+# ^ optionally specify multiple tokens on a single line
1368+# define def_token output_token
1369+# ^ output_token is optional, then NULL is assumed
1370+# macro-open token
1371+# macro-close token
1372+# macro-else token
1373+# set id token1 token2 ...
1374+# ^ optionally specify multiple tokens on a single line
1375+# ^ id is one of the names in token_enum.h sans the CT_ prefix,
1376+# e.g. PP_PRAGMA
1377+#
1378+# all tokens are separated by any mix of ',' commas, '=' equal signs
1379+# and whitespace (space, tab)
1380+#
1381
1382=== renamed file 'tools/dot_uncrustify.cfg' => '.uncrustify.cfg'
1383--- tools/dot_uncrustify.cfg 2010-12-31 12:30:21 +0000
1384+++ .uncrustify.cfg 2011-01-11 14:04:40 +0000
1385@@ -255,7 +255,7 @@
1386 sp_before_byref_func = ignore # ignore/add/remove/force
1387
1388 # Add or remove space between type and word. Default=Force
1389-sp_after_type = force # ignore/add/remove/force
1390+sp_after_type = ignore # ignore/add/remove/force
1391
1392 # Add or remove space in 'template <' vs 'template<'.
1393 # If set to ignore, sp_before_angle is used.
1394@@ -367,16 +367,16 @@
1395 sp_after_tag = ignore # ignore/add/remove/force
1396
1397 # Add or remove space inside enum '{' and '}'
1398-sp_inside_braces_enum = force # ignore/add/remove/force
1399+sp_inside_braces_enum = add # ignore/add/remove/force
1400
1401 # Add or remove space inside struct/union '{' and '}'
1402-sp_inside_braces_struct = force # ignore/add/remove/force
1403+sp_inside_braces_struct = add # ignore/add/remove/force
1404
1405 # Add or remove space inside '{' and '}'
1406-sp_inside_braces = ignore # ignore/add/remove/force
1407+sp_inside_braces = add # ignore/add/remove/force
1408
1409 # Add or remove space inside '{}'
1410-sp_inside_braces_empty = ignore # ignore/add/remove/force
1411+sp_inside_braces_empty = remove # ignore/add/remove/force
1412
1413 # Add or remove space between return type and function name
1414 # A minimum of 1 is forced except for pointer return types.
1415@@ -560,13 +560,13 @@
1416 align_same_func_call_params = false # false/true
1417
1418 # The span for aligning variable definitions (0=don't align)
1419-align_var_def_span = 0 # number
1420+align_var_def_span = 1 # number
1421
1422 # How to align the star in variable definitions.
1423 # 0=Part of the type 'void * foo;'
1424 # 1=Part of the variable 'void *foo;'
1425 # 2=Dangling 'void *foo;'
1426-align_var_def_star_style = 0 # number
1427+align_var_def_star_style = 2 # number
1428
1429 # How to align the '&' in variable definitions.
1430 # 0=Part of the type
1431@@ -590,19 +590,19 @@
1432 align_var_def_inline = false # false/true
1433
1434 # The span for aligning on '=' in assignments (0=don't align)
1435-align_assign_span = 4 # number
1436+align_assign_span = 1 # number
1437
1438 # The threshold for aligning on '=' in assignments (0=no limit)
1439 align_assign_thresh = 0 # number
1440
1441 # The span for aligning on '=' in enums (0=don't align)
1442-align_enum_equ_span = 4 # number
1443+align_enum_equ_span = 1 # number
1444
1445 # The threshold for aligning on '=' in enums (0=no limit)
1446 align_enum_equ_thresh = 0 # number
1447
1448 # The span for aligning struct/union (0=don't align)
1449-align_var_struct_span = 4 # number
1450+align_var_struct_span = 1 # number
1451
1452 # The threshold for aligning struct/union member definitions (0=no limit)
1453 align_var_struct_thresh = 0 # number
1454@@ -611,7 +611,7 @@
1455 align_var_struct_gap = 0 # number
1456
1457 # The span for aligning struct initializer values (0=don't align)
1458-align_struct_init_span = 4 # number
1459+align_struct_init_span = 1 # number
1460
1461 # The minimum space between the type and the synonym of a typedef
1462 align_typedef_gap = 0 # number
1463@@ -1175,8 +1175,8 @@
1464 cmt_sp_after_star_cont = 0 # number
1465
1466 # For multi-line comments with a '*' lead, remove leading spaces if the first and last lines of
1467-# the comment are the same length. Default=true
1468-cmt_multi_check_last = true # false/true
1469+# the comment are the same length. Default=True
1470+cmt_multi_check_last = false # false/true
1471
1472 # The filename that contains text to insert at the head of a file if the file doesn't start with a C/C++ comment.
1473 # Will substitute $(filename) with the current file's name.
1474@@ -1205,7 +1205,7 @@
1475 #
1476
1477 # Control indent of preprocessors inside #if blocks at brace level 0
1478-pp_indent = ignore # ignore/add/remove/force
1479+pp_indent = remove # ignore/add/remove/force
1480
1481 # Whether to indent #if/#else/#endif at the brace level (true) or from column 1 (false)
1482 pp_indent_at_level = false # false/true
1483@@ -1214,7 +1214,7 @@
1484 pp_indent_count = 1 # number
1485
1486 # Add or remove space after # based on pp_level of #if blocks
1487-pp_space = ignore # ignore/add/remove/force
1488+pp_space = remove # ignore/add/remove/force
1489
1490 # Sets the number of spaces added with pp_space
1491 pp_space_count = 0 # number
1492
1493=== modified file 'firewall/cache.c'
1494--- firewall/cache.c 2011-01-09 22:18:11 +0000
1495+++ firewall/cache.c 2011-01-11 14:04:40 +0000
1496@@ -66,7 +66,7 @@
1497 struct hip_hadb_user_info_state *hip_cache_create_hl_entry(void)
1498 {
1499 struct hip_hadb_user_info_state *entry = NULL;
1500- int err = 0;
1501+ int err = 0;
1502
1503 HIP_IFEL(!(entry = calloc(1, sizeof(struct hip_hadb_user_info_state))),
1504 -ENOMEM, "No memory available for firewall database entry\n");
1505@@ -120,7 +120,7 @@
1506 const void *peer,
1507 enum fw_cache_query_type type)
1508 {
1509- int err = 0;
1510+ int err = 0;
1511 struct hip_hadb_user_info_state *ha_ret = NULL;
1512 const struct hip_hadb_user_info_state *ha_match = NULL;
1513 const struct hip_hadb_user_info_state *ha_curr = NULL;
1514@@ -143,13 +143,13 @@
1515 ha_match = ha_curr;
1516 break;
1517 } else if (type == FW_CACHE_LSI &&
1518- !ipv4_addr_cmp(peer, &ha_curr->lsi_peer) &&
1519- (!local || !ipv4_addr_cmp(local, &ha_curr->lsi_our))) {
1520+ !ipv4_addr_cmp(peer, &ha_curr->lsi_peer) &&
1521+ (!local || !ipv4_addr_cmp(local, &ha_curr->lsi_our))) {
1522 ha_match = ha_curr;
1523 break;
1524 } else if (type == FW_CACHE_IP &&
1525- !ipv6_addr_cmp(peer, &ha_curr->ip_peer) &&
1526- (!local || !ipv6_addr_cmp(local, &ha_curr->ip_our))) {
1527+ !ipv6_addr_cmp(peer, &ha_curr->ip_peer) &&
1528+ (!local || !ipv6_addr_cmp(local, &ha_curr->ip_our))) {
1529 ha_match = ha_curr;
1530 break;
1531 }
1532@@ -179,9 +179,9 @@
1533 enum fw_cache_query_type type,
1534 int query_daemon)
1535 {
1536- int i;
1537+ int i;
1538 struct hip_hadb_user_info_state *this = NULL, *ha_match = NULL;
1539- LHASH_NODE *item = NULL, *tmp = NULL;
1540+ LHASH_NODE *item = NULL, *tmp = NULL;
1541
1542 if (type == FW_CACHE_HIT) {
1543 ha_match = hip_ht_find(firewall_cache_db, peer);
1544@@ -204,17 +204,16 @@
1545 ha_match = this;
1546 break;
1547 } else if (type == FW_CACHE_LSI &&
1548- !ipv4_addr_cmp(peer, &this->lsi_peer) &&
1549- (!local || !ipv4_addr_cmp(local, &this->lsi_our))) {
1550+ !ipv4_addr_cmp(peer, &this->lsi_peer) &&
1551+ (!local || !ipv4_addr_cmp(local, &this->lsi_our))) {
1552 ha_match = this;
1553 break;
1554 } else if (type == FW_CACHE_IP &&
1555- !ipv6_addr_cmp(peer, &this->ip_peer) &&
1556- (!local || !ipv6_addr_cmp(local, &this->ip_our))) {
1557+ !ipv6_addr_cmp(peer, &this->ip_peer) &&
1558+ (!local || !ipv6_addr_cmp(local, &this->ip_our))) {
1559 ha_match = this;
1560 break;
1561 }
1562-
1563 }
1564 HIP_UNLOCK_HT(&firewall_cache_db);
1565
1566@@ -260,7 +259,7 @@
1567 static unsigned long hip_firewall_hash_hit_peer(const void *ptr)
1568 {
1569 const struct in6_addr *hit_peer = &((const struct hip_hadb_user_info_state *) ptr)->hit_peer;
1570- uint8_t hash[HIP_AH_SHA_LEN];
1571+ uint8_t hash[HIP_AH_SHA_LEN];
1572
1573 hip_build_digest(HIP_DIGEST_SHA1, hit_peer, sizeof(*hit_peer), hash);
1574 return *((unsigned long *) hash);
1575@@ -305,9 +304,9 @@
1576 */
1577 void hip_firewall_cache_delete_hldb(int exiting)
1578 {
1579- int i;
1580+ int i;
1581 struct hip_hadb_user_info_state *this = NULL;
1582- LHASH_NODE *item = NULL, *tmp = NULL;
1583+ LHASH_NODE *item = NULL, *tmp = NULL;
1584
1585 HIP_DEBUG("Start hldb delete\n");
1586 HIP_LOCK_HT(&firewall_cache_db);
1587@@ -324,8 +323,9 @@
1588 * we handle it in firewall_exit(). */
1589
1590 HIP_UNLOCK_HT(&firewall_cache_db);
1591- if (exiting)
1592+ if (exiting) {
1593 hip_ht_uninit(firewall_cache_db);
1594+ }
1595 HIP_DEBUG("End hldbdb delete\n");
1596 }
1597
1598@@ -335,12 +335,12 @@
1599 * @param hit_peer Peer HIT
1600 * @param state New state
1601 * @return 0 on success, negative on error
1602-*/
1603+ */
1604 int hip_firewall_cache_set_bex_state(const struct in6_addr *hit_our,
1605 const struct in6_addr *hit_peer,
1606 int state)
1607 {
1608- int err = 0;
1609+ int err = 0;
1610 struct hip_hadb_user_info_state *entry;
1611
1612 HIP_IFEL(!hit_peer, -1, "Need peer HIT to search\n");
1613@@ -372,7 +372,7 @@
1614 const struct in6_addr *hit_peer,
1615 int state)
1616 {
1617- int err = 0;
1618+ int err = 0;
1619 struct hip_hadb_user_info_state *entry;
1620
1621 HIP_IFEL(!ip_peer, -1, "Need peer IP to search\n");
1622
1623=== modified file 'firewall/conntrack.c'
1624--- firewall/conntrack.c 2011-01-09 22:18:11 +0000
1625+++ firewall/conntrack.c 2011-01-11 14:04:40 +0000
1626@@ -84,8 +84,8 @@
1627 STATE_CLOSING
1628 };
1629
1630-int timeoutChecking = 0;
1631-unsigned long timeoutValue = 0;
1632+int timeoutChecking = 0;
1633+unsigned long timeoutValue = 0;
1634
1635 /*------------print functions-------------*/
1636 /**
1637@@ -223,7 +223,7 @@
1638 const struct in6_addr *ip6_from)
1639 {
1640 struct dlist *list = (struct dlist *) hip_list;
1641- hip_hit_t phit;
1642+ hip_hit_t phit;
1643
1644 HIP_DEBUG("updating opportunistic entries\n");
1645 /* the pseudo hit is compared with the hit in the entries */
1646@@ -259,7 +259,7 @@
1647 OPP const struct in6_addr *ip6_from)
1648 {
1649 struct hip_tuple *tuple = NULL;
1650- struct dlist *list = hip_list;
1651+ struct dlist *list = hip_list;
1652
1653 while (list) {
1654 tuple = list->data;
1655@@ -295,7 +295,7 @@
1656 static struct esp_address *get_esp_address(const struct slist *addr_list,
1657 const struct in6_addr *addr)
1658 {
1659- const struct slist *list = addr_list;
1660+ const struct slist *list = addr_list;
1661 struct esp_address *esp_addr = NULL;
1662
1663 HIP_DEBUG("get_esp_address\n");
1664@@ -403,8 +403,8 @@
1665 struct esp_tuple *find_esp_tuple(const struct slist *search_list,
1666 const uint32_t spi)
1667 {
1668- const struct slist *list = search_list;
1669- struct esp_tuple *esp_tuple = NULL;
1670+ const struct slist *list = search_list;
1671+ struct esp_tuple *esp_tuple = NULL;
1672
1673 if (!list) {
1674 HIP_DEBUG("Esp tuple slist is empty\n");
1675@@ -438,7 +438,7 @@
1676 //set time stamp
1677 gettimeofday(&connection->time_stamp, NULL);
1678 #ifdef HIP_CONFIG_MIDAUTH
1679- connection->pisa_state = PISA_STATE_DISALLOW;
1680+ connection->pisa_state = PISA_STATE_DISALLOW;
1681 #endif
1682
1683 //original direction tuple
1684@@ -491,7 +491,6 @@
1685 {
1686 if (hip_tuple) {
1687 if (hip_tuple->data) {
1688-
1689 // free keys depending on cipher
1690 if (hip_tuple->data->src_pub_key && hip_tuple->data->src_hi) {
1691 if (hip_get_host_id_algo(hip_tuple->data->src_hi) == HIP_HI_RSA) {
1692@@ -520,7 +519,7 @@
1693 static void free_esp_tuple(struct esp_tuple *esp_tuple)
1694 {
1695 if (esp_tuple) {
1696- struct slist *list = esp_tuple->dst_addr_list;
1697+ struct slist *list = esp_tuple->dst_addr_list;
1698 struct esp_address *addr = NULL;
1699
1700 // remove eventual cached anchor elements for this esp tuple
1701@@ -565,9 +564,9 @@
1702
1703 tuple->esp_tuples = remove_link_slist(tuple->esp_tuples, list);
1704 free_esp_tuple(list->data);
1705- list->data = NULL;
1706+ list->data = NULL;
1707 free(list);
1708- list = tuple->esp_tuples;
1709+ list = tuple->esp_tuples;
1710 }
1711 tuple->esp_tuples = NULL;
1712 tuple->connection = NULL;
1713@@ -623,9 +622,9 @@
1714 const struct hip_seq *seq,
1715 struct tuple *tuple)
1716 {
1717- struct esp_tuple *new_esp = NULL;
1718+ struct esp_tuple *new_esp = NULL;
1719 const struct hip_locator_info_addr_item *locator_addr = NULL;
1720- int n = 0;
1721+ int n = 0;
1722
1723 if (esp_info && locator && esp_info->new_spi == esp_info->old_spi) {
1724 HIP_DEBUG("esp_tuple_from_esp_info_locator: new spi 0x%lx\n", esp_info->new_spi);
1725@@ -634,8 +633,8 @@
1726 new_esp->spi = ntohl(esp_info->new_spi);
1727 new_esp->tuple = tuple;
1728
1729- n = (hip_get_param_total_len(locator) - sizeof(struct hip_locator)) /
1730- sizeof(struct hip_locator_info_addr_item);
1731+ n = (hip_get_param_total_len(locator) - sizeof(struct hip_locator)) /
1732+ sizeof(struct hip_locator_info_addr_item);
1733 HIP_DEBUG("esp_tuple_from_esp_info_locator: %d addresses in locator\n", n);
1734 if (n > 0) {
1735 locator_addr = (const struct hip_locator_info_addr_item *)
1736@@ -707,7 +706,7 @@
1737 const struct hip_seq *seq)
1738 {
1739 struct connection *connection = malloc(sizeof(struct connection));
1740- struct esp_tuple *esp_tuple = NULL;
1741+ struct esp_tuple *esp_tuple = NULL;
1742
1743 esp_tuple = esp_tuple_from_esp_info_locator(esp_info, locator, seq,
1744 &connection->reply);
1745@@ -716,9 +715,9 @@
1746 HIP_DEBUG("insert_connection_from_update: can't create connection\n");
1747 return 0;
1748 }
1749- connection->state = STATE_ESTABLISHING_FROM_UPDATE;
1750+ connection->state = STATE_ESTABLISHING_FROM_UPDATE;
1751 #ifdef HIP_CONFIG_MIDAUTH
1752- connection->pisa_state = PISA_STATE_DISALLOW;
1753+ connection->pisa_state = PISA_STATE_DISALLOW;
1754 #endif
1755
1756 //original direction tuple
1757@@ -736,12 +735,12 @@
1758
1759
1760 //reply direction tuple
1761- connection->reply.state = HIP_STATE_UNASSOCIATED;
1762- connection->reply.direction = REPLY_DIR;
1763+ connection->reply.state = HIP_STATE_UNASSOCIATED;
1764+ connection->reply.direction = REPLY_DIR;
1765
1766- connection->reply.esp_tuples = NULL;
1767- connection->reply.esp_tuples = append_to_slist(connection->reply.esp_tuples,
1768- esp_tuple);
1769+ connection->reply.esp_tuples = NULL;
1770+ connection->reply.esp_tuples = append_to_slist(connection->reply.esp_tuples,
1771+ esp_tuple);
1772 insert_esp_tuple(esp_tuple);
1773
1774 connection->reply.connection = connection;
1775@@ -788,11 +787,11 @@
1776 static int hipfw_handle_relay_to_r2(const struct hip_common *common,
1777 const struct hip_fw_context *ctx)
1778 {
1779- struct iphdr *iph = (struct iphdr *) ctx->ipq_packet->payload;
1780+ struct iphdr *iph = (struct iphdr *) ctx->ipq_packet->payload;
1781 const struct hip_relay_to *relay_to = NULL; /* same format as relay_from */
1782- struct tuple *tuple, *reverse_tuple;
1783- int err = 0;
1784- uint32_t spi;
1785+ struct tuple *tuple, *reverse_tuple;
1786+ int err = 0;
1787+ uint32_t spi;
1788 const struct hip_esp_info *esp_info;
1789
1790 HIP_DEBUG_IN6ADDR("ctx->src", &ctx->src);
1791@@ -801,7 +800,7 @@
1792 HIP_ASSERT((hip_get_msg_type(common) == HIP_R2));
1793
1794 HIP_IFEL(!(relay_to = hip_get_param(common, HIP_PARAM_RELAY_TO)), -1,
1795- "No relay_to, skip\n");
1796+ "No relay_to, skip\n");
1797
1798 HIP_DEBUG_IN6ADDR("relay_to_addr", &relay_to->address);
1799
1800@@ -874,10 +873,10 @@
1801 DBG int verify_responder,
1802 UNUSED const struct hip_fw_context *ctx)
1803 {
1804- struct in6_addr hit;
1805+ struct in6_addr hit;
1806 const struct hip_host_id *host_id = NULL;
1807 // assume correct packet
1808- int err = 1;
1809+ int err = 1;
1810 hip_tlv_len len = 0;
1811
1812 HIP_DEBUG("verify_responder: %i\n", verify_responder);
1813@@ -951,15 +950,15 @@
1814 static int handle_i2(struct hip_common *common, struct tuple *tuple,
1815 const struct hip_fw_context *ctx)
1816 {
1817- const struct hip_esp_info *spi = NULL;
1818- const struct slist *other_dir_esps = NULL;
1819- const struct hip_host_id *host_id = NULL;
1820- struct tuple *other_dir = NULL;
1821- struct esp_tuple *esp_tuple = NULL;
1822- struct in6_addr hit;
1823+ const struct hip_esp_info *spi = NULL;
1824+ const struct slist *other_dir_esps = NULL;
1825+ const struct hip_host_id *host_id = NULL;
1826+ struct tuple *other_dir = NULL;
1827+ struct esp_tuple *esp_tuple = NULL;
1828+ struct in6_addr hit;
1829 // assume correct packet
1830- int err = 1;
1831- hip_tlv_len len = 0;
1832+ int err = 1;
1833+ hip_tlv_len len = 0;
1834 const struct in6_addr *ip6_src = &ctx->src;
1835
1836 HIP_DEBUG("\n");
1837@@ -1032,9 +1031,9 @@
1838 esp_tuple->dst_addr_list = NULL;
1839 esp_tuple->dst_addr_list = update_esp_address(esp_tuple->dst_addr_list,
1840 ip6_src, NULL);
1841- esp_tuple->tuple = other_dir;
1842+ esp_tuple->tuple = other_dir;
1843
1844- other_dir->esp_tuples = append_to_slist(other_dir->esp_tuples, esp_tuple);
1845+ other_dir->esp_tuples = append_to_slist(other_dir->esp_tuples, esp_tuple);
1846
1847 insert_esp_tuple(esp_tuple);
1848 }
1849@@ -1065,12 +1064,12 @@
1850 static int handle_r2(const struct hip_common *common, struct tuple *tuple,
1851 const struct hip_fw_context *ctx)
1852 {
1853- const struct hip_esp_info *spi = NULL;
1854- struct tuple *other_dir = NULL;
1855- struct slist *other_dir_esps = NULL;
1856- struct esp_tuple *esp_tuple = NULL;
1857- const struct in6_addr *ip6_src = &ctx->src;
1858- int err = 1;
1859+ const struct hip_esp_info *spi = NULL;
1860+ struct tuple *other_dir = NULL;
1861+ struct slist *other_dir_esps = NULL;
1862+ struct esp_tuple *esp_tuple = NULL;
1863+ const struct in6_addr *ip6_src = &ctx->src;
1864+ int err = 1;
1865
1866 HIP_IFEL(!(spi = hip_get_param(common, HIP_PARAM_ESP_INFO)),
1867 0, "no spi found\n");
1868@@ -1103,7 +1102,7 @@
1869 esp_tuple->dst_addr_list = NULL;
1870 esp_tuple->dst_addr_list = update_esp_address(esp_tuple->dst_addr_list,
1871 ip6_src, NULL);
1872- esp_tuple->tuple = other_dir;
1873+ esp_tuple->tuple = other_dir;
1874
1875 insert_esp_tuple(esp_tuple);
1876
1877@@ -1144,8 +1143,8 @@
1878 struct esp_tuple *esp_tuple)
1879 {
1880 const struct hip_locator_info_addr_item *locator_addr = NULL;
1881- int err = 1;
1882- int n = 0;
1883+ int err = 1;
1884+ int n = 0;
1885
1886 HIP_DEBUG("\n");
1887
1888@@ -1164,8 +1163,8 @@
1889 esp_tuple->new_spi = ntohl(esp_info->new_spi);
1890 esp_tuple->spi_update_id = seq->update_id;
1891
1892- n = (hip_get_param_total_len(locator) - sizeof(struct hip_locator))
1893- / sizeof(struct hip_locator_info_addr_item);
1894+ n = (hip_get_param_total_len(locator) - sizeof(struct hip_locator))
1895+ / sizeof(struct hip_locator_info_addr_item);
1896
1897 if (n < 1) {
1898 HIP_DEBUG("no locator param found\n");
1899@@ -1212,7 +1211,7 @@
1900 }
1901
1902 n = (hip_get_param_total_len(locator) - sizeof(struct hip_locator))
1903- / sizeof(struct hip_locator_info_addr_item);
1904+ / sizeof(struct hip_locator_info_addr_item);
1905 HIP_DEBUG(" %d locator addresses\n", n);
1906
1907 locator_addr = (const struct hip_locator_info_addr_item *)
1908@@ -1256,14 +1255,14 @@
1909 struct tuple *tuple,
1910 const struct hip_fw_context *ctx)
1911 {
1912- const struct hip_seq *seq = NULL;
1913- const struct hip_esp_info *esp_info = NULL;
1914- const struct hip_ack *ack = NULL;
1915- const struct hip_locator *locator = NULL;
1916- const struct hip_spi *spi = NULL;
1917- struct tuple *other_dir_tuple = NULL;
1918- const struct in6_addr *ip6_src = &ctx->src;
1919- int err = 1;
1920+ const struct hip_seq *seq = NULL;
1921+ const struct hip_esp_info *esp_info = NULL;
1922+ const struct hip_ack *ack = NULL;
1923+ const struct hip_locator *locator = NULL;
1924+ const struct hip_spi *spi = NULL;
1925+ struct tuple *other_dir_tuple = NULL;
1926+ const struct in6_addr *ip6_src = &ctx->src;
1927+ int err = 1;
1928
1929 /* get params from UPDATE message */
1930 seq = hip_get_param(common, HIP_PARAM_SEQ);
1931@@ -1316,7 +1315,7 @@
1932 }
1933
1934 /* we have to consider the src ip address in case of cascading NATs (see above FIXME) */
1935- esp_tuple = esp_tuple_from_esp_info(esp_info, ip6_src, other_dir_tuple);
1936+ esp_tuple = esp_tuple_from_esp_info(esp_info, ip6_src, other_dir_tuple);
1937
1938 other_dir_tuple->esp_tuples = append_to_slist(other_dir_esps,
1939 esp_tuple);
1940@@ -1334,8 +1333,8 @@
1941 }
1942 } else {
1943 /* we already know this connection */
1944- struct slist *other_dir_esps = NULL;
1945- struct esp_tuple *esp_tuple = NULL;
1946+ struct slist *other_dir_esps = NULL;
1947+ struct esp_tuple *esp_tuple = NULL;
1948
1949 if (tuple->direction == ORIGINAL_DIR) {
1950 other_dir_tuple = &tuple->connection->reply;
1951@@ -1523,11 +1522,11 @@
1952 struct hip_fw_context *ctx)
1953 {
1954 #ifdef CONFIG_HIP_OPPORTUNISTIC
1955- hip_hit_t phit;
1956+ hip_hit_t phit;
1957 struct in6_addr all_zero_addr;
1958 #endif
1959 struct in6_addr hit;
1960- int err = 1;
1961+ int err = 1;
1962
1963 HIP_DEBUG("check packet: type %d \n", common->type_hdr);
1964
1965@@ -1567,7 +1566,6 @@
1966 HIP_DEBUG("verifying signature...\n");
1967 if (tuple->hip_tuple->data->verify(tuple->hip_tuple->data->src_pub_key,
1968 common)) {
1969-
1970 HIP_INFO("Signature verification failed\n");
1971
1972 err = 0;
1973@@ -1684,14 +1682,14 @@
1974 */
1975 int hipfw_relay_esp(const struct hip_fw_context *ctx)
1976 {
1977- struct iphdr *iph = (struct iphdr *) ctx->ipq_packet->payload;
1978- struct udphdr *udph = (struct udphdr *) ((uint8_t *) iph + iph->ihl * 4);
1979- int len = ctx->ipq_packet->data_len - iph->ihl * 4;
1980- struct slist *list = (struct slist *) esp_list;
1981- struct tuple *tuple = NULL;
1982- struct hip_esp *esp = ctx->transport_hdr.esp;
1983- int err = 0;
1984- uint32_t spi;
1985+ struct iphdr *iph = (struct iphdr *) ctx->ipq_packet->payload;
1986+ struct udphdr *udph = (struct udphdr *) ((uint8_t *) iph + iph->ihl * 4);
1987+ int len = ctx->ipq_packet->data_len - iph->ihl * 4;
1988+ struct slist *list = (struct slist *) esp_list;
1989+ struct tuple *tuple = NULL;
1990+ struct hip_esp *esp = ctx->transport_hdr.esp;
1991+ int err = 0;
1992+ uint32_t spi;
1993
1994 HIP_IFEL(!list, -1, "List is empty\n");
1995 HIP_IFEL((iph->protocol != IPPROTO_UDP), -1,
1996@@ -1734,7 +1732,7 @@
1997 HIP_DEBUG_IN6ADDR("esp_relay_addr", &tuple->esp_relay_daddr);
1998
1999 udph->source = htons(HIP_NAT_UDP_PORT);
2000- udph->dest = htons(tuple->esp_relay_dport);
2001+ udph->dest = htons(tuple->esp_relay_dport);
2002 udph->check = 0;
2003
2004 HIP_DEBUG("Relaying packet\n");
2005@@ -1759,13 +1757,13 @@
2006 */
2007 int filter_esp_state(const struct hip_fw_context *ctx)
2008 {
2009- const struct in6_addr *dst_addr = NULL;
2010- const struct in6_addr *src_addr = NULL;
2011- struct hip_esp *esp = NULL;
2012- struct tuple *tuple = NULL;
2013- struct esp_tuple *esp_tuple = NULL;
2014+ const struct in6_addr *dst_addr = NULL;
2015+ const struct in6_addr *src_addr = NULL;
2016+ struct hip_esp *esp = NULL;
2017+ struct tuple *tuple = NULL;
2018+ struct esp_tuple *esp_tuple = NULL;
2019 // don't accept packet with this rule by default
2020- int err = 0;
2021+ int err = 0;
2022 uint32_t spi;
2023
2024 dst_addr = &ctx->dst;
2025@@ -1773,7 +1771,7 @@
2026 esp = ctx->transport_hdr.esp;
2027
2028 // needed to de-multiplex ESP traffic
2029- spi = ntohl(esp->esp_spi);
2030+ spi = ntohl(esp->esp_spi);
2031
2032 // match packet against known connections
2033 HIP_DEBUG("filtering ESP packet against known connections...\n");
2034@@ -1839,13 +1837,13 @@
2035 struct hip_common *buf, const struct state_option *option,
2036 const int must_accept, struct hip_fw_context *ctx)
2037 {
2038- struct hip_data *data = NULL;
2039- struct tuple *tuple = NULL;
2040+ struct hip_data *data = NULL;
2041+ struct tuple *tuple = NULL;
2042 // FIXME results in unsafe use in filter_hip()
2043- int return_value = -1; //invalid value
2044+ int return_value = -1; //invalid value
2045
2046 // get data form the buffer and put it in a new data structure
2047- data = get_hip_data(buf);
2048+ data = get_hip_data(buf);
2049 // look up the tuple in the database
2050 tuple = get_tuple_by_hip(data, buf->type_hdr, ip6_src);
2051 free(data);
2052@@ -1882,11 +1880,11 @@
2053 } else {
2054 if ((option->int_opt.value == CONN_ESTABLISHED && option->int_opt.boolean
2055 && !must_accept) || (option->int_opt.value == CONN_NEW &&
2056- !option->int_opt.boolean && !must_accept)) {
2057+ !option->int_opt.boolean && !must_accept)) {
2058 remove_connection(tuple->connection);
2059 tuple->connection = NULL;
2060
2061- return_value = 1;
2062+ return_value = 1;
2063 goto out_err;
2064 }
2065 }
2066@@ -1913,12 +1911,12 @@
2067 struct hip_common *buf,
2068 struct hip_fw_context *ctx)
2069 {
2070- struct hip_data *data = NULL;
2071- struct tuple *tuple = NULL;
2072- int verdict = 0;
2073+ struct hip_data *data = NULL;
2074+ struct tuple *tuple = NULL;
2075+ int verdict = 0;
2076
2077 // convert to new data type
2078- data = get_hip_data(buf);
2079+ data = get_hip_data(buf);
2080 // look up tuple in the db
2081 tuple = get_tuple_by_hip(data, buf->type_hdr, ip6_src);
2082
2083
2084=== modified file 'firewall/dlist.c'
2085--- firewall/dlist.c 2011-01-06 17:03:31 +0000
2086+++ firewall/dlist.c 2011-01-11 14:04:40 +0000
2087@@ -108,6 +108,7 @@
2088 }
2089 return length;
2090 }
2091+
2092 #endif /* CONFIG_HIP_DEBUG */
2093
2094 /**
2095
2096=== modified file 'firewall/esp_prot_api.c'
2097--- firewall/esp_prot_api.c 2011-01-04 14:23:17 +0000
2098+++ firewall/esp_prot_api.c 2011-01-11 14:04:40 +0000
2099@@ -100,7 +100,7 @@
2100 // used hash lengths
2101 int hash_lengths[NUM_HASH_FUNCTIONS][NUM_HASH_LENGTHS];
2102 /* is used for hash chains and trees simultaneously used hash functions */
2103-hash_function hash_functions[NUM_HASH_FUNCTIONS] = {(hash_function) SHA1};
2104+hash_function hash_functions[NUM_HASH_FUNCTIONS] = { (hash_function) SHA1 };
2105
2106 /********* internal settings (derived from config-file) *********/
2107 // lengths of the hash structures in the stores
2108@@ -127,12 +127,12 @@
2109 int *out_length,
2110 const struct hip_sa_entry *entry)
2111 {
2112- int err = 0, i, j;
2113- int repeat = 1;
2114- int hash_length = 0;
2115+ int err = 0, i, j;
2116+ int repeat = 1;
2117+ int hash_length = 0;
2118 uint32_t chosen_el[num_linear_elements + num_random_elements];
2119- uint32_t rand_el = 0;
2120- int item_length = 0;
2121+ uint32_t rand_el = 0;
2122+ int item_length = 0;
2123
2124 HIP_ASSERT(ring_buffer_size >= num_linear_elements + num_random_elements);
2125
2126@@ -159,7 +159,7 @@
2127 // then add randomly
2128 for (i = 0; i < num_random_elements; i++) {
2129 while (repeat) {
2130- repeat = 0;
2131+ repeat = 0;
2132
2133 // draw random element
2134 RAND_bytes((unsigned char *) &rand_el, sizeof(uint32_t));
2135@@ -199,8 +199,8 @@
2136 const uint8_t transform)
2137 {
2138 struct esp_prot_tfm *prot_transform = NULL;
2139- void *return_item = NULL;
2140- int use_hash_trees = 0, err = 0;
2141+ void *return_item = NULL;
2142+ int use_hash_trees = 0, err = 0;
2143
2144 HIP_ASSERT(item_anchor != NULL);
2145
2146@@ -212,13 +212,13 @@
2147 }
2148
2149 HIP_IFEL(!(return_item =
2150- hcstore_get_item_by_anchor(&bex_store,
2151- prot_transform->hash_func_id,
2152- prot_transform->hash_length_id,
2153- NUM_BEX_HIERARCHIES - 1,
2154- item_anchor, use_hash_trees)),
2155- -1,
2156- "unable to retrieve hchain from bex store\n");
2157+ hcstore_get_item_by_anchor(&bex_store,
2158+ prot_transform->hash_func_id,
2159+ prot_transform->hash_length_id,
2160+ NUM_BEX_HIERARCHIES - 1,
2161+ item_anchor, use_hash_trees)),
2162+ -1,
2163+ "unable to retrieve hchain from bex store\n");
2164
2165 // refill bex-store if necessary
2166 HIP_IFEL((err = hcstore_refill(&bex_store, use_hash_trees)) < 0, -1,
2167@@ -247,12 +247,12 @@
2168 */
2169 int esp_prot_init(void)
2170 {
2171- int bex_function_id = 0, update_function_id = 0;
2172- int bex_hash_length_id = 0, update_hash_length_id = 0;
2173- int use_hash_trees = 0;
2174- int err = 0, i, j, g;
2175- int activate = 1;
2176- config_t *config = NULL;
2177+ int bex_function_id = 0, update_function_id = 0;
2178+ int bex_hash_length_id = 0, update_hash_length_id = 0;
2179+ int use_hash_trees = 0;
2180+ int err = 0, i, j, g;
2181+ int activate = 1;
2182+ config_t *config = NULL;
2183
2184 HIP_DEBUG("Initializing the esp protection extension...\n");
2185
2186@@ -266,8 +266,8 @@
2187 * NOTE internal structure partially more flexible than interface provided by
2188 * config-file */
2189 hash_lengths[NUM_HASH_FUNCTIONS - 1][NUM_HASH_LENGTHS - 1] = hash_length_g;
2190- bex_hchain_length = hash_structure_length;
2191- update_hchain_lengths[NUM_UPDATE_HCHAIN_LENGTHS - 1] = hash_structure_length;
2192+ bex_hchain_length = hash_structure_length;
2193+ update_hchain_lengths[NUM_UPDATE_HCHAIN_LENGTHS - 1] = hash_structure_length;
2194
2195 /* activate the extension in hipd
2196 *
2197@@ -280,10 +280,10 @@
2198 /* init the hash-chain stores */
2199 HIP_IFEL(hcstore_init(&bex_store, num_hchains_per_item,
2200 refill_threshold), -1,
2201- "failed to initialize the bex-store\n");
2202+ "failed to initialize the bex-store\n");
2203 HIP_IFEL(hcstore_init(&update_store, num_hchains_per_item,
2204 refill_threshold), -1,
2205- "failed to initialize the update-store\n");
2206+ "failed to initialize the update-store\n");
2207
2208 HIP_DEBUG("setting up esp_prot_transforms...\n");
2209
2210@@ -303,15 +303,15 @@
2211 for (i = 0; i < NUM_HASH_FUNCTIONS; i++) {
2212 // first we have to register the function
2213 HIP_IFEL((bex_function_id =
2214- hcstore_register_function(&bex_store,
2215- hash_functions[i])) < 0,
2216- -1,
2217- "failed to register hash-function in bex-store\n");
2218+ hcstore_register_function(&bex_store,
2219+ hash_functions[i])) < 0,
2220+ -1,
2221+ "failed to register hash-function in bex-store\n");
2222 HIP_IFEL((update_function_id =
2223- hcstore_register_function(&update_store,
2224- hash_functions[i])) < 0,
2225- -1,
2226- "failed to register hash-function in update-store\n");
2227+ hcstore_register_function(&update_store,
2228+ hash_functions[i])) < 0,
2229+ -1,
2230+ "failed to register hash-function in update-store\n");
2231
2232 // ensure the 2 stores are in sync
2233 HIP_ASSERT(bex_function_id == update_function_id);
2234@@ -320,15 +320,15 @@
2235 if (hash_lengths[i][j] > 0) {
2236 // now we can register the hash lengths for this function
2237 HIP_IFEL((bex_hash_length_id =
2238- hcstore_register_hash_length(&bex_store,
2239- bex_function_id,
2240- hash_lengths[i][j])) < 0,
2241- -1,
2242- "failed to register hash-length in bex-store\n");
2243+ hcstore_register_hash_length(&bex_store,
2244+ bex_function_id,
2245+ hash_lengths[i][j])) < 0,
2246+ -1,
2247+ "failed to register hash-length in bex-store\n");
2248 HIP_IFEL((update_hash_length_id = hcstore_register_hash_length(
2249 &update_store, update_function_id,
2250 hash_lengths[i][j])) < 0, -1,
2251- "failed to register hash-length in update-store\n");
2252+ "failed to register hash-length in update-store\n");
2253
2254 // ensure the 2 stores are in sync
2255 HIP_ASSERT(bex_hash_length_id == update_hash_length_id);
2256@@ -336,36 +336,36 @@
2257 // store these IDs in the transforms array
2258 if (esp_prot_transforms[token_transform].is_used) {
2259 esp_prot_transforms[token_transform].hash_func_id =
2260- bex_function_id;
2261+ bex_function_id;
2262 esp_prot_transforms[token_transform].hash_length_id =
2263- bex_hash_length_id;
2264+ bex_hash_length_id;
2265 }
2266
2267 /* also register the the hchain lengths for this function and this
2268 * hash length */
2269 HIP_IFEL(hcstore_register_hash_item_length(
2270- &bex_store, bex_function_id, bex_hash_length_id,
2271- bex_hchain_length) < 0, -1,
2272- "failed to register hchain-length in bex-store\n");
2273+ &bex_store, bex_function_id, bex_hash_length_id,
2274+ bex_hchain_length) < 0, -1,
2275+ "failed to register hchain-length in bex-store\n");
2276
2277 /* register number of hierarchies in BEX-store */
2278 HIP_IFEL(hcstore_register_hash_item_hierarchy(
2279- &bex_store, bex_function_id, bex_hash_length_id,
2280- bex_hchain_length, NUM_BEX_HIERARCHIES) < 0, -1,
2281- "failed to register hchain-hierarchy in bex-store\n");
2282+ &bex_store, bex_function_id, bex_hash_length_id,
2283+ bex_hchain_length, NUM_BEX_HIERARCHIES) < 0, -1,
2284+ "failed to register hchain-hierarchy in bex-store\n");
2285
2286 for (g = 0; g < NUM_UPDATE_HCHAIN_LENGTHS; g++) {
2287 HIP_IFEL(hcstore_register_hash_item_length(
2288- &update_store, update_function_id,
2289- update_hash_length_id,
2290- update_hchain_lengths[g]) < 0, -1,
2291- "failed to register hchain-length in update-store\n");
2292+ &update_store, update_function_id,
2293+ update_hash_length_id,
2294+ update_hchain_lengths[g]) < 0, -1,
2295+ "failed to register hchain-length in update-store\n");
2296
2297 HIP_IFEL(hcstore_register_hash_item_hierarchy(
2298- &update_store, update_function_id,
2299- update_hash_length_id, update_hchain_lengths[g],
2300- num_hierarchies) < 0, -1,
2301- "failed to register hchain-hierarchy in update-store\n");
2302+ &update_store, update_function_id,
2303+ update_hash_length_id, update_hchain_lengths[g],
2304+ num_hierarchies) < 0, -1,
2305+ "failed to register hchain-hierarchy in update-store\n");
2306 }
2307 } else {
2308 // for this hash-function we have already processed all hash-lengths
2309@@ -441,11 +441,11 @@
2310 unsigned char (*esp_prot_anchors)[MAX_HASH_LENGTH],
2311 const int update)
2312 {
2313- int hash_length = 0, err = 0;
2314- int use_hash_trees = 0;
2315- struct hash_chain *hchain = NULL;
2316- struct hash_tree *htree = NULL;
2317- uint16_t i;
2318+ int hash_length = 0, err = 0;
2319+ int use_hash_trees = 0;
2320+ struct hash_chain *hchain = NULL;
2321+ struct hash_tree *htree = NULL;
2322+ uint16_t i;
2323
2324 HIP_ASSERT(entry != 0);
2325 HIP_ASSERT(entry->direction == 1 || entry->direction == 2);
2326@@ -470,7 +470,7 @@
2327 HIP_DEBUG("found matching esp prot transforms\n");
2328
2329 // we have to get the hash_length
2330- hash_length = esp_prot_get_hash_length(esp_prot_transform);
2331+ hash_length = esp_prot_get_hash_length(esp_prot_transform);
2332
2333 entry->update_item_length = hash_item_length;
2334
2335@@ -486,14 +486,14 @@
2336
2337 HIP_IFEL(memcmp(&esp_prot_anchors[i][0],
2338 htree->root, hash_length), -1,
2339- "received a non-matching root from hipd for next_hchain\n");
2340+ "received a non-matching root from hipd for next_hchain\n");
2341 } else {
2342 hchain = entry->next_hash_items[i];
2343
2344 HIP_IFEL(memcmp(&esp_prot_anchors[i][0],
2345 hchain_get_anchor(hchain),
2346 hash_length), -1,
2347- "received a non-matching anchor from hipd for next_hchain\n");
2348+ "received a non-matching anchor from hipd for next_hchain\n");
2349 }
2350
2351 entry->update_item_acked[i] = 1;
2352@@ -519,9 +519,9 @@
2353 if (i < esp_num_anchors) {
2354 HIP_IFEL(!(entry->active_hash_items[i] =
2355 esp_prot_get_bex_item_by_anchor(
2356- &esp_prot_anchors[i][0],
2357- esp_prot_transform)),
2358- -1, "corresponding hchain not found\n");
2359+ &esp_prot_anchors[i][0],
2360+ esp_prot_transform)),
2361+ -1, "corresponding hchain not found\n");
2362 } else {
2363 entry->active_hash_items[i] = NULL;
2364 }
2365@@ -579,7 +579,7 @@
2366 {
2367 struct esp_prot_tfm *prot_transform = NULL;
2368 hash_function hash_func = NULL;
2369- int err = 0;
2370+ int err = 0;
2371
2372 HIP_IFEL(!(prot_transform = esp_prot_resolve_transform(transform)), 1,
2373 "tried to resolve UNUSED or UNKNOWN transform\n");
2374@@ -604,7 +604,7 @@
2375 int esp_prot_get_hash_length(const uint8_t transform)
2376 {
2377 struct esp_prot_tfm *prot_transform = NULL;
2378- int err = 0;
2379+ int err = 0;
2380
2381 // return length 0 for UNUSED transform
2382 HIP_IFEL(!(prot_transform = esp_prot_resolve_transform(transform)), 0,
2383@@ -628,13 +628,13 @@
2384 const uint16_t esp_length,
2385 struct hip_sa_entry *entry)
2386 {
2387- int err = 0;
2388- hash_function hash_func = NULL;
2389- int hash_length = 0;
2390+ int err = 0;
2391+ hash_function hash_func = NULL;
2392+ int hash_length = 0;
2393
2394 // check whether cumulative authentication is active
2395 if (entry->esp_prot_transform == ESP_PROT_TFM_CUMULATIVE ||
2396- entry->esp_prot_transform == ESP_PROT_TFM_PARA_CUMUL) {
2397+ entry->esp_prot_transform == ESP_PROT_TFM_PARA_CUMUL) {
2398 hash_length = esp_prot_get_hash_length(entry->esp_prot_transform);
2399 hash_func = esp_prot_get_hash_function(entry->esp_prot_transform);
2400
2401@@ -665,13 +665,13 @@
2402 int esp_prot_add_hash(unsigned char *esp_packet, int *out_length,
2403 struct hip_sa_entry *entry)
2404 {
2405- const unsigned char *tmp_hash = NULL;
2406- int err = 0;
2407- uint32_t htree_index = 0;
2408- uint32_t htree_index_net = 0;
2409- struct hash_chain *hchain = NULL;
2410- struct hash_tree *htree = NULL;
2411- int branch_length = 0;
2412+ const unsigned char *tmp_hash = NULL;
2413+ int err = 0;
2414+ uint32_t htree_index = 0;
2415+ uint32_t htree_index_net = 0;
2416+ struct hash_chain *hchain = NULL;
2417+ struct hash_tree *htree = NULL;
2418+ int branch_length = 0;
2419
2420 HIP_ASSERT(esp_packet != NULL);
2421 HIP_ASSERT(*out_length == 0);
2422@@ -693,39 +693,36 @@
2423 memcpy(esp_packet, &htree_index_net, sizeof(uint32_t));
2424
2425 // get hash token and add it - only returns a reference into the array
2426- tmp_hash = htree_get_data(htree, htree_index,
2427- out_length);
2428+ tmp_hash = htree_get_data(htree, htree_index,
2429+ out_length);
2430 memcpy(esp_packet + sizeof(uint32_t), tmp_hash, *out_length);
2431
2432- *out_length += sizeof(uint32_t);
2433+ *out_length += sizeof(uint32_t);
2434
2435 // add the verification branch - directly memcpy elements into packet
2436 HIP_IFEL(!htree_get_branch(htree, htree_index,
2437 esp_packet + *out_length,
2438 &branch_length), -1,
2439- "failed to get verification branch\n");
2440+ "failed to get verification branch\n");
2441
2442 *out_length += branch_length;
2443
2444 HIP_DEBUG("htree_index: %u\n", htree_index);
2445 HIP_DEBUG("htree_index (packet): %u\n",
2446 *(uint32_t *) esp_packet);
2447-
2448 } else {
2449 HIP_DEBUG("htree depleted, dropping packet\n");
2450
2451 err = 1;
2452 }
2453-
2454 } else {
2455-
2456 if (token_transform == ESP_PROT_TFM_PARALLEL) {
2457 hchain = entry->active_hash_items[entry->last_used_chain];
2458
2459 HIP_DEBUG("entry->last_used_chain: %i\n", entry->last_used_chain);
2460
2461 entry->last_used_chain =
2462- (entry->last_used_chain + 1) % num_parallel_hchains;
2463+ (entry->last_used_chain + 1) % num_parallel_hchains;
2464 } else {
2465 hchain = entry->active_hash_items[0];
2466 }
2467@@ -797,7 +794,7 @@
2468 const int next_root_length)
2469 {
2470 uint32_t tmp_distance = 0;
2471- int err = 0;
2472+ int err = 0;
2473
2474 HIP_ASSERT(hash_func != NULL);
2475 HIP_ASSERT(hash_length > 0);
2476@@ -891,7 +888,7 @@
2477 const int next_uroot_length,
2478 const unsigned char *hash_value)
2479 {
2480- int err = 0;
2481+ int err = 0;
2482 uint32_t data_index = 0;
2483
2484 HIP_ASSERT(hash_func != NULL);
2485@@ -968,7 +965,7 @@
2486 HIP_DEBUG("resolving transform: %u\n", transform);
2487
2488 if (transform > ESP_PROT_TFM_UNUSED &&
2489- esp_prot_transforms[transform].is_used) {
2490+ esp_prot_transforms[transform].is_used) {
2491 return &esp_prot_transforms[transform];
2492 } else {
2493 return NULL;
2494@@ -995,7 +992,7 @@
2495 offset += esp_prot_get_hash_length(entry->esp_prot_transform);
2496
2497 if (entry->esp_prot_transform == ESP_PROT_TFM_CUMULATIVE
2498- || entry->esp_prot_transform == ESP_PROT_TFM_PARA_CUMUL) {
2499+ || entry->esp_prot_transform == ESP_PROT_TFM_PARA_CUMUL) {
2500 offset += ((esp_prot_get_hash_length(entry->esp_prot_transform) + sizeof(uint32_t))
2501 * (num_linear_elements + num_random_elements));
2502 }
2503@@ -1015,20 +1012,20 @@
2504 */
2505 int esp_prot_sadb_maintenance(struct hip_sa_entry *entry)
2506 {
2507- int has_linked_anchor = 0, soft_update = 1;
2508- int err = 0;
2509- int anchor_length = 0;
2510- int anchor_offset[MAX_NUM_PARALLEL_HCHAINS];
2511+ int has_linked_anchor = 0, soft_update = 1;
2512+ int err = 0;
2513+ int anchor_length = 0;
2514+ int anchor_offset[MAX_NUM_PARALLEL_HCHAINS];
2515 const unsigned char *anchors[MAX_NUM_PARALLEL_HCHAINS];
2516 struct esp_prot_tfm *prot_transform = NULL;
2517 struct hash_tree *htree = NULL;
2518 struct hash_chain *hchain = NULL;
2519- struct hash_tree *link_trees[MAX_NUM_PARALLEL_HCHAINS];
2520- int hash_item_length = 0;
2521- int remaining = 0, i, j;
2522- int threshold = 0;
2523- int use_hash_trees = 0;
2524- int hierarchy_level = 0;
2525+ struct hash_tree *link_trees[MAX_NUM_PARALLEL_HCHAINS];
2526+ int hash_item_length = 0;
2527+ int remaining = 0, i, j;
2528+ int threshold = 0;
2529+ int use_hash_trees = 0;
2530+ int hierarchy_level = 0;
2531
2532 HIP_ASSERT(entry != NULL);
2533
2534@@ -1041,14 +1038,14 @@
2535 htree = entry->active_hash_items[0];
2536 hash_item_length = htree->num_data_blocks;
2537
2538- remaining = htree_get_num_remaining(htree);
2539- threshold = htree->num_data_blocks * update_threshold;
2540+ remaining = htree_get_num_remaining(htree);
2541+ threshold = htree->num_data_blocks * update_threshold;
2542 } else {
2543 hchain = entry->active_hash_items[0];
2544 hash_item_length = hchain->hchain_length;
2545
2546- remaining = hchain_get_num_remaining(hchain);
2547- threshold = hchain->hchain_length * update_threshold;
2548+ remaining = hchain_get_num_remaining(hchain);
2549+ threshold = hchain->hchain_length * update_threshold;
2550 }
2551
2552 /* ensure that the next hash-items are set up before the active ones
2553@@ -1074,8 +1071,8 @@
2554 }
2555
2556 HIP_IFEL(!(prot_transform =
2557- esp_prot_resolve_transform(entry->esp_prot_transform)),
2558- 1, "tried to resolve UNUSED transform\n");
2559+ esp_prot_resolve_transform(entry->esp_prot_transform)),
2560+ 1, "tried to resolve UNUSED transform\n");
2561
2562 /* soft-update vs. PK-update
2563 * -> do a soft-update */
2564@@ -1087,19 +1084,19 @@
2565 while (htree_has_more_data(link_trees[i])) {
2566 // get the next hchain from the link_tree
2567 anchor_offset[i] =
2568- htree_get_next_data_offset(link_trees[i]);
2569- anchors[i] =
2570- htree_get_data(link_trees[i], anchor_offset[i],
2571- &anchor_length);
2572+ htree_get_next_data_offset(link_trees[i]);
2573+ anchors[i] =
2574+ htree_get_data(link_trees[i], anchor_offset[i],
2575+ &anchor_length);
2576
2577 // set next_hash_item, if linked one is available
2578- if ((entry->next_hash_items[i]=
2579- hcstore_get_item_by_anchor(&update_store,
2580- prot_transform->hash_func_id,
2581- prot_transform->hash_length_id,
2582- hierarchy_level - 1,
2583- anchors[i],
2584- use_hash_trees))) {
2585+ if ((entry->next_hash_items[i] =
2586+ hcstore_get_item_by_anchor(&update_store,
2587+ prot_transform->hash_func_id,
2588+ prot_transform->hash_length_id,
2589+ hierarchy_level - 1,
2590+ anchors[i],
2591+ use_hash_trees))) {
2592 HIP_DEBUG("linked hchain found in store, soft-update\n");
2593
2594 has_linked_anchor = 1;
2595@@ -1130,7 +1127,7 @@
2596
2597 /* and restart the loop
2598 * NOTE continues results in i++ */
2599- i = -1;
2600+ i = -1;
2601
2602 continue;
2603 }
2604@@ -1145,10 +1142,10 @@
2605 * hchain lengths
2606 */
2607 HIP_IFEL(!(entry->next_hash_items[i] =
2608- hcstore_get_hash_item(&update_store,
2609- prot_transform->hash_func_id,
2610- prot_transform->hash_length_id,
2611- update_hchain_lengths[DEFAULT_HCHAIN_LENGTH_ID])),
2612+ hcstore_get_hash_item(&update_store,
2613+ prot_transform->hash_func_id,
2614+ prot_transform->hash_length_id,
2615+ update_hchain_lengths[DEFAULT_HCHAIN_LENGTH_ID])),
2616 -1, "unable to retrieve hchain from store\n");
2617
2618 if (use_hash_trees) {
2619@@ -1168,7 +1165,7 @@
2620 HIP_IFEL(send_trigger_update_to_hipd(entry, anchors,
2621 hash_item_length, soft_update,
2622 anchor_offset, link_trees), -1,
2623- "unable to trigger update at hipd\n");
2624+ "unable to trigger update at hipd\n");
2625
2626 // refill update-store
2627 HIP_IFEL((err = hcstore_refill(&update_store, use_hash_trees)) < 0, -1,
2628@@ -1177,7 +1174,7 @@
2629
2630 /* activate next hchains if current ones are depleted and update has been acked
2631 * -> assume first hchain represents all parallel ones */
2632- if (entry->next_hash_items[0] && entry->update_item_acked[0]&& remaining == 0) {
2633+ if (entry->next_hash_items[0] && entry->update_item_acked[0] && remaining == 0) {
2634 for (i = 0; i < num_parallel_hchains; i++) {
2635 // this will free all linked elements in the hchain
2636 if (use_hash_trees) {
2637
2638=== modified file 'firewall/esp_prot_api.h'
2639--- firewall/esp_prot_api.h 2011-01-04 14:23:17 +0000
2640+++ firewall/esp_prot_api.h 2011-01-11 14:04:40 +0000
2641@@ -55,19 +55,19 @@
2642 };
2643
2644
2645-extern int token_transform;
2646-extern int num_parallel_hchains;
2647-extern int ring_buffer_size;
2648-extern int num_linear_elements;
2649-extern int num_random_elements;
2650-extern int hash_length_g;
2651-extern int hash_structure_length;
2652-extern int num_hchains_per_item;
2653-extern int num_hierarchies;
2654+extern int token_transform;
2655+extern int num_parallel_hchains;
2656+extern int ring_buffer_size;
2657+extern int num_linear_elements;
2658+extern int num_random_elements;
2659+extern int hash_length_g;
2660+extern int hash_structure_length;
2661+extern int num_hchains_per_item;
2662+extern int num_hierarchies;
2663 extern double refill_threshold;
2664 extern double update_threshold;
2665
2666-extern int hash_lengths[NUM_HASH_FUNCTIONS][NUM_HASH_LENGTHS];
2667+extern int hash_lengths[NUM_HASH_FUNCTIONS][NUM_HASH_LENGTHS];
2668 extern hash_function hash_functions[NUM_HASH_FUNCTIONS];
2669
2670 int esp_prot_init(void);
2671
2672=== modified file 'firewall/esp_prot_config.c'
2673--- firewall/esp_prot_config.c 2010-10-15 15:29:14 +0000
2674+++ firewall/esp_prot_config.c 2011-01-11 14:04:40 +0000
2675@@ -46,23 +46,23 @@
2676 #include "config.h"
2677
2678
2679-const char *config_file = HIPL_SYSCONFDIR "/esp_prot_config.cfg";
2680+const char *config_file = HIPL_SYSCONFDIR "/esp_prot_config.cfg";
2681
2682 const char *path_hash_length = "token_config.hash_length";
2683 const char *path_hash_structure_length = "token_config.hash_structure_length";
2684 const char *path_token_transform = "token_config.token_transform";
2685
2686-const char *path_num_parallel_hchains = "token_config.token_modes.num_parallel_hchains";
2687-const char *path_ring_buffer_size = "token_config.token_modes.ring_buffer_size";
2688-const char *path_num_linear_elements = "token_config.token_modes.num_linear_elements";
2689-const char *path_num_random_elements = "token_config.token_modes.num_random_elements";
2690-
2691-const char *path_num_hchains_per_item = "sender.hcstore.num_hchains_per_item";
2692-const char *path_num_hierarchies = "sender.hcstore.num_hierarchies";
2693-const char *path_refill_threshold = "sender.hcstore.refill_threshold";
2694-const char *path_update_threshold = "sender.update_threshold";
2695-
2696-const char *path_window_size = "verifier.window_size";
2697+const char *path_num_parallel_hchains = "token_config.token_modes.num_parallel_hchains";
2698+const char *path_ring_buffer_size = "token_config.token_modes.ring_buffer_size";
2699+const char *path_num_linear_elements = "token_config.token_modes.num_linear_elements";
2700+const char *path_num_random_elements = "token_config.token_modes.num_random_elements";
2701+
2702+const char *path_num_hchains_per_item = "sender.hcstore.num_hchains_per_item";
2703+const char *path_num_hierarchies = "sender.hcstore.num_hierarchies";
2704+const char *path_refill_threshold = "sender.hcstore.refill_threshold";
2705+const char *path_update_threshold = "sender.update_threshold";
2706+
2707+const char *path_window_size = "verifier.window_size";
2708
2709 #ifdef HAVE_LIBCONFIG
2710 /**
2711@@ -84,10 +84,10 @@
2712 * libconfig 1.4, remove the ugly workaround below accordingly. See #134. */
2713 #if defined LIBCONFIG_VER_MAJOR && defined LIBCONFIG_VER_MINOR && (((LIBCONFIG_VER_MAJOR == 1) && (LIBCONFIG_VER_MINOR >= 4)) || (LIBCONFIG_VER_MAJOR > 1))
2714 /* libconfig version 1.4 and later */
2715- int value = 0;
2716+ int value = 0;
2717 #else
2718 /* libconfig version before 1.4 */
2719- long value = 0;
2720+ long value = 0;
2721 #endif
2722
2723 int success = config_lookup_int(cfg, name, &value);
2724@@ -97,6 +97,7 @@
2725 }
2726 return success;
2727 }
2728+
2729 #endif /* HAVE_LIBCONFIG */
2730
2731 /**
2732@@ -112,7 +113,7 @@
2733 *
2734 * FIXME this should be removed once we go tiny */
2735 #ifdef HAVE_LIBCONFIG
2736- int err = 0;
2737+ int err = 0;
2738
2739 HIP_IFEL(!(cfg = malloc(sizeof(config_t))), -1,
2740 "Unable to allocate memory!\n");
2741@@ -164,7 +165,6 @@
2742 int err = 0;
2743
2744 if (cfg) {
2745-
2746 #ifdef HAVE_LIBCONFIG
2747 // process parallel hchains-related settings
2748 if (!esp_prot_wrap_config_lookup_int(cfg, path_token_transform,
2749@@ -198,9 +198,9 @@
2750 num_parallel_hchains = 2;
2751 }
2752
2753- ring_buffer_size = 0;
2754- num_linear_elements = 0;
2755- num_random_elements = 0;
2756+ ring_buffer_size = 0;
2757+ num_linear_elements = 0;
2758+ num_random_elements = 0;
2759
2760 break;
2761 case ESP_PROT_TFM_CUMULATIVE:
2762@@ -263,7 +263,6 @@
2763 err = -1;
2764 goto out_err;
2765 #endif /* HAVE_LIBCONFIG */
2766-
2767 } else {
2768 HIP_ERROR("no configuration file available\n");
2769
2770@@ -306,7 +305,6 @@
2771 int err = 0;
2772
2773 if (cfg) {
2774-
2775 #ifdef HAVE_LIBCONFIG
2776 // process hcstore-related settings
2777 if (!esp_prot_wrap_config_lookup_int(cfg, path_num_hchains_per_item,
2778@@ -335,7 +333,6 @@
2779 err = -1;
2780 goto out_err;
2781 #endif /* HAVE_LIBCONFIG */
2782-
2783 } else {
2784 HIP_ERROR("no configuration file available\n");
2785
2786@@ -389,7 +386,6 @@
2787 err = -1;
2788 goto out_err;
2789 #endif /* HAVE_LIBCONFIG */
2790-
2791 } else {
2792 HIP_ERROR("no configuration file available\n");
2793
2794
2795=== modified file 'firewall/esp_prot_conntrack.c'
2796--- firewall/esp_prot_conntrack.c 2011-01-09 22:18:11 +0000
2797+++ firewall/esp_prot_conntrack.c 2011-01-11 14:04:40 +0000
2798@@ -59,9 +59,9 @@
2799
2800
2801 struct esp_prot_conntrack_tfm {
2802- hash_function hash_function; /* pointer to the hash function */
2803- int hash_length; /* hash length for this transform */
2804- int is_used; /* needed as complete transform array is initialized */
2805+ hash_function hash_function; /* pointer to the hash function */
2806+ int hash_length; /* hash length for this transform */
2807+ int is_used; /* needed as complete transform array is initialized */
2808 };
2809
2810 /* cached anchor element updates */
2811@@ -108,7 +108,7 @@
2812 static void esp_prot_conntrack_free_cached_item(void *cache_item)
2813 {
2814 struct esp_anchor_item *anchor_item = NULL;
2815- long i;
2816+ long i;
2817
2818 if (cache_item) {
2819 anchor_item = cache_item;
2820@@ -137,7 +137,7 @@
2821 {
2822 struct esp_tuple *esp_tuple = NULL;
2823 struct slist *list = NULL;
2824- int err = 0;
2825+ int err = 0;
2826
2827 HIP_DEBUG("\n");
2828
2829@@ -194,8 +194,8 @@
2830 struct esp_tuple *esp_tuple = NULL;
2831 struct esp_prot_conntrack_tfm *conntrack_tfm = NULL;
2832 unsigned char *cmp_value = NULL;
2833- int hash_length = 0, err = 0;
2834- long i;
2835+ int hash_length = 0, err = 0;
2836+ long i;
2837
2838 HIP_DEBUG("\n");
2839
2840@@ -208,10 +208,10 @@
2841 // needed for allocating and copying the anchors
2842 conntrack_tfm = esp_prot_conntrack_resolve_transform(
2843 esp_anchors[0]->transform);
2844- hash_length = conntrack_tfm->hash_length;
2845+ hash_length = conntrack_tfm->hash_length;
2846
2847 HIP_IFEL(!(esp_tuple = esp_prot_conntrack_find_esp_tuple(
2848- tuple, &esp_anchors[0]->anchors[0], hash_length)), -1,
2849+ tuple, &esp_anchors[0]->anchors[0], hash_length)), -1,
2850 "failed to look up matching esp_tuple\n");
2851
2852 HIP_IFEL(!(anchor_item = calloc(1, sizeof(struct esp_anchor_item))), -1,
2853@@ -297,12 +297,12 @@
2854 struct tuple *other_dir_tuple = NULL;
2855 struct esp_tuple *esp_tuple = NULL;
2856 struct esp_prot_conntrack_tfm *conntrack_tfm = NULL;
2857- int hash_length = 0;
2858+ int hash_length = 0;
2859 // assume not found
2860- int err = 0;
2861- unsigned element_index = 0;
2862- int found = 0;
2863- long i;
2864+ int err = 0;
2865+ unsigned element_index = 0;
2866+ int found = 0;
2867+ long i;
2868
2869 HIP_DEBUG("\n");
2870
2871@@ -327,9 +327,8 @@
2872 HIP_DEBUG("received ack: %u\n", ntohl(ack->peer_update_id));
2873
2874 for (element_index = 0;
2875- element_index < hip_ll_get_size(&esp_tuple->anchor_cache);
2876- element_index++) {
2877-
2878+ element_index < hip_ll_get_size(&esp_tuple->anchor_cache);
2879+ element_index++) {
2880 HIP_IFEL(!(anchor_item = hip_ll_get(&esp_tuple->anchor_cache,
2881 element_index)),
2882 -1, "failed to look up anchor_item\n");
2883@@ -348,7 +347,7 @@
2884 // needed for allocating and copying the anchors
2885 conntrack_tfm = esp_prot_conntrack_resolve_transform(
2886 esp_tuple->esp_prot_tfm);
2887- hash_length = conntrack_tfm->hash_length;
2888+ hash_length = conntrack_tfm->hash_length;
2889 esp_tuple->hash_item_length = anchor_item->hash_item_length;
2890
2891 for (i = 0; i < esp_tuple->num_hchains; i++) {
2892@@ -416,11 +415,11 @@
2893 {
2894 struct esp_prot_conntrack_tfm *conntrack_tfm = NULL;
2895 struct esp_tuple *esp_tuple = NULL;
2896- int hash_length = 0;
2897- int err = 0;
2898- int i = 0;
2899- uint32_t branch_length = 0;
2900- uint32_t anchor_offset = 0;
2901+ int hash_length = 0;
2902+ int err = 0;
2903+ int i = 0;
2904+ uint32_t branch_length = 0;
2905+ uint32_t anchor_offset = 0;
2906
2907 HIP_DEBUG("\n");
2908
2909@@ -431,13 +430,13 @@
2910
2911 // needed for allocating and copying the anchors
2912 conntrack_tfm = esp_prot_conntrack_resolve_transform(
2913- esp_anchors[0]->transform);
2914+ esp_anchors[0]->transform);
2915 hash_length = conntrack_tfm->hash_length;
2916
2917 HIP_IFEL(!(esp_tuple = esp_prot_conntrack_find_esp_tuple(
2918- tuple, &esp_anchors[0]->anchors[0],
2919- hash_length)),
2920- -1, "failed to look up matching esp_tuple\n");
2921+ tuple, &esp_anchors[0]->anchors[0],
2922+ hash_length)),
2923+ -1, "failed to look up matching esp_tuple\n");
2924
2925 for (i = 0; i < esp_tuple->num_hchains; i++) {
2926 branch_length = ntohl(esp_branches[i]->branch_length);
2927@@ -457,7 +456,6 @@
2928 htree_node_generator,
2929 NULL)) {
2930 HIP_DEBUG("anchor verified\n");
2931-
2932 } else {
2933 HIP_DEBUG("failed to verify branch!\n");
2934
2935@@ -477,7 +475,7 @@
2936 int esp_prot_conntrack_init(void)
2937 {
2938 config_t *config = NULL;
2939- int err = 0, i, j;
2940+ int err = 0, i, j;
2941
2942 HIP_DEBUG("Initializing conntracking of esp protection extension...\n");
2943
2944@@ -511,9 +509,9 @@
2945
2946 if (esp_prot_conntrack_tfms[token_transform].is_used) {
2947 esp_prot_conntrack_tfms[token_transform].hash_function =
2948- hash_functions[i];
2949+ hash_functions[i];
2950 esp_prot_conntrack_tfms[token_transform].hash_length =
2951- hash_lengths[i][j];
2952+ hash_lengths[i][j];
2953 }
2954 }
2955 }
2956@@ -550,7 +548,7 @@
2957 const struct tuple *tuple)
2958 {
2959 const struct esp_prot_preferred_tfms *prot_transforms = NULL;
2960- int err = 0, i;
2961+ int err = 0, i;
2962
2963 if (hip_esp_protection) {
2964 // initialize the ESP protection params in the connection
2965@@ -610,9 +608,9 @@
2966 const struct esp_prot_anchor *prot_anchor = NULL;
2967 struct esp_tuple *esp_tuple = NULL;
2968 struct esp_prot_conntrack_tfm *conntrack_tfm = NULL;
2969- long i = 0;
2970- int hash_length = 0;
2971- int err = 0;
2972+ long i = 0;
2973+ int hash_length = 0;
2974+ int err = 0;
2975
2976 if (hip_esp_protection) {
2977 HIP_ASSERT(common != NULL);
2978@@ -646,7 +644,7 @@
2979 HIP_DEBUG("using esp prot transform: %u\n", esp_tuple->esp_prot_tfm);
2980
2981 if (esp_tuple->esp_prot_tfm > ESP_PROT_TFM_UNUSED) {
2982- conntrack_tfm = esp_prot_conntrack_resolve_transform(
2983+ conntrack_tfm = esp_prot_conntrack_resolve_transform(
2984 esp_tuple->esp_prot_tfm);
2985 hash_length = conntrack_tfm->hash_length;
2986 esp_tuple->hash_item_length = ntohl(prot_anchor->hash_item_length);
2987@@ -726,7 +724,7 @@
2988 struct esp_tuple *esp_prot_conntrack_R2_esp_tuple(const struct slist *other_dir_esps)
2989 {
2990 struct esp_tuple *esp_tuple = NULL;
2991- int err = 0;
2992+ int err = 0;
2993
2994 if (hip_esp_protection) {
2995 /* normally there should NOT be any esp_tuple for the other direction yet,
2996@@ -767,9 +765,9 @@
2997 const struct esp_prot_anchor *prot_anchor = NULL;
2998 struct esp_tuple *esp_tuple = NULL;
2999 struct esp_prot_conntrack_tfm *conntrack_tfm = NULL;
3000- long i = 0;
3001- int hash_length = 0;
3002- int err = 0;
3003+ long i = 0;
3004+ int hash_length = 0;
3005+ int err = 0;
3006
3007 if (hip_esp_protection) {
3008 HIP_ASSERT(common != NULL);
3009@@ -794,9 +792,9 @@
3010 HIP_DEBUG("using esp prot transform: %u\n", esp_tuple->esp_prot_tfm);
3011
3012 if (esp_tuple->esp_prot_tfm > ESP_PROT_TFM_UNUSED) {
3013- conntrack_tfm = esp_prot_conntrack_resolve_transform(
3014+ conntrack_tfm = esp_prot_conntrack_resolve_transform(
3015 esp_tuple->esp_prot_tfm);
3016- hash_length = conntrack_tfm->hash_length;
3017+ hash_length = conntrack_tfm->hash_length;
3018
3019 esp_tuple->hash_item_length = ntohl(prot_anchor->hash_item_length);
3020
3021@@ -867,14 +865,14 @@
3022 int esp_prot_conntrack_update(const struct hip_common *update,
3023 const struct tuple *tuple)
3024 {
3025- const struct hip_tlv_common *param = NULL;
3026- const struct hip_seq *seq = NULL;
3027- const struct hip_ack *ack = NULL;
3028- const struct hip_esp_info *esp_info = NULL;
3029+ const struct hip_tlv_common *param = NULL;
3030+ const struct hip_seq *seq = NULL;
3031+ const struct hip_ack *ack = NULL;
3032+ const struct hip_esp_info *esp_info = NULL;
3033 const struct esp_prot_anchor *esp_anchors[MAX_NUM_PARALLEL_HCHAINS];
3034- const struct esp_prot_root *esp_roots[MAX_NUM_PARALLEL_HCHAINS];
3035- int err = 0;
3036- long i = 0;
3037+ const struct esp_prot_root *esp_roots[MAX_NUM_PARALLEL_HCHAINS];
3038+ int err = 0;
3039+ long i = 0;
3040
3041 if (hip_esp_protection) {
3042 HIP_ASSERT(update != NULL);
3043@@ -887,7 +885,7 @@
3044 esp_info = hip_get_param(update, HIP_PARAM_ESP_INFO);
3045 ack = hip_get_param(update, HIP_PARAM_ACK);
3046 // there might be several anchor elements
3047- param = hip_get_param(update, HIP_PARAM_ESP_PROT_ANCHOR);
3048+ param = hip_get_param(update, HIP_PARAM_ESP_PROT_ANCHOR);
3049
3050 // distinguish packet types and process accordingly
3051 if (seq && !ack && !esp_info && param) {
3052@@ -897,7 +895,7 @@
3053 for (i = 0; i < num_parallel_hchains; i++) {
3054 esp_anchors[i] = (const struct esp_prot_anchor *) param;
3055
3056- param = hip_get_next_param(update, param);
3057+ param = hip_get_next_param(update, param);
3058 }
3059
3060 param = hip_get_param(update, HIP_PARAM_ESP_PROT_ROOT);
3061@@ -906,7 +904,7 @@
3062 for (i = 0; i < num_parallel_hchains; i++) {
3063 esp_roots[i] = (const struct esp_prot_root *) param;
3064
3065- param = hip_get_next_param(update, param);
3066+ param = hip_get_next_param(update, param);
3067 }
3068 }
3069
3070@@ -974,18 +972,18 @@
3071 struct tuple *tuple,
3072 const struct hip_fw_context *ctx)
3073 {
3074- const struct hip_seq *seq = NULL;
3075- const struct hip_tlv_common *param = NULL;
3076+ const struct hip_seq *seq = NULL;
3077+ const struct hip_tlv_common *param = NULL;
3078 const struct esp_prot_anchor *esp_anchors[MAX_NUM_PARALLEL_HCHAINS];
3079 const struct esp_prot_branch *esp_branches[MAX_NUM_PARALLEL_HCHAINS];
3080 const struct esp_prot_secret *esp_secrets[MAX_NUM_PARALLEL_HCHAINS];
3081- const struct esp_prot_root *esp_roots[MAX_NUM_PARALLEL_HCHAINS];
3082- const struct hip_ack *ack = NULL;
3083- const struct hip_esp_info *esp_info = NULL;
3084- const struct in6_addr *ip6_src = &ctx->src;
3085- const struct in6_addr *ip6_dst = &ctx->dst;
3086- int err = 0;
3087- long i;
3088+ const struct esp_prot_root *esp_roots[MAX_NUM_PARALLEL_HCHAINS];
3089+ const struct hip_ack *ack = NULL;
3090+ const struct hip_esp_info *esp_info = NULL;
3091+ const struct in6_addr *ip6_src = &ctx->src;
3092+ const struct in6_addr *ip6_dst = &ctx->dst;
3093+ int err = 0;
3094+ long i;
3095
3096 if (hip_esp_protection) {
3097 HIP_ASSERT(ip6_src != NULL);
3098@@ -1006,21 +1004,21 @@
3099 for (i = 0; i < num_parallel_hchains; i++) {
3100 esp_anchors[i] = (const struct esp_prot_anchor *) param;
3101
3102- param = hip_get_next_param(common, param);
3103+ param = hip_get_next_param(common, param);
3104 }
3105
3106 param = hip_get_param(common, HIP_PARAM_ESP_PROT_BRANCH);
3107 for (i = 0; i < num_parallel_hchains; i++) {
3108 esp_branches[i] = (const struct esp_prot_branch *) param;
3109
3110- param = hip_get_next_param(common, param);
3111+ param = hip_get_next_param(common, param);
3112 }
3113
3114 param = hip_get_param(common, HIP_PARAM_ESP_PROT_SECRET);
3115 for (i = 0; i < num_parallel_hchains; i++) {
3116 esp_secrets[i] = (const struct esp_prot_secret *) param;
3117
3118- param = hip_get_next_param(common, param);
3119+ param = hip_get_next_param(common, param);
3120 }
3121
3122 param = hip_get_param(common, HIP_PARAM_ESP_PROT_ROOT);
3123@@ -1028,7 +1026,7 @@
3124 for (i = 0; i < num_parallel_hchains; i++) {
3125 esp_roots[i] = (const struct esp_prot_root *) param;
3126
3127- param = hip_get_next_param(common, param);
3128+ param = hip_get_next_param(common, param);
3129 }
3130 } else {
3131 memset(esp_roots, 0, MAX_NUM_PARALLEL_HCHAINS * sizeof(struct esp_prot_root *));
3132@@ -1052,7 +1050,7 @@
3133 // verify tree
3134 HIP_IFEL(esp_prot_conntrack_verify_branch(tuple, esp_anchors, esp_branches,
3135 esp_secrets), -1,
3136- "failed to verify branch\n");
3137+ "failed to verify branch\n");
3138
3139 // cache update_anchor and root
3140 HIP_IFEL(esp_prot_conntrack_cache_anchor(tuple, seq, esp_anchors, esp_roots), -1,
3141@@ -1090,17 +1088,17 @@
3142 struct hip_esp *esp = NULL;
3143 struct esp_cumulative_item *cached_element = NULL;
3144 struct esp_cumulative_item *cumulative_ptr = NULL;
3145- unsigned char packet_hash[MAX_HASH_LENGTH];
3146- int esp_len = 0, use_hash_trees = 0, active_hchain = 0, err = 0, i;
3147- uint32_t num_verify = 0, current_seq = 0;
3148+ unsigned char packet_hash[MAX_HASH_LENGTH];
3149+ int esp_len = 0, use_hash_trees = 0, active_hchain = 0, err = 0, i;
3150+ uint32_t num_verify = 0, current_seq = 0;
3151
3152 if (hip_esp_protection) {
3153 if (esp_tuple->esp_prot_tfm > ESP_PROT_TFM_UNUSED) {
3154 conntrack_tfm = esp_prot_conntrack_resolve_transform(
3155 esp_tuple->esp_prot_tfm);
3156
3157- esp = ctx->transport_hdr.esp;
3158- esp_len = ctx->ipq_packet->data_len - ctx->ip_hdr_len;
3159+ esp = ctx->transport_hdr.esp;
3160+ esp_len = ctx->ipq_packet->data_len - ctx->ip_hdr_len;
3161 if (ctx->udp_encap_hdr) {
3162 esp_len -= sizeof(struct udphdr);
3163 }
3164@@ -1136,7 +1134,7 @@
3165 /* calculate difference of SEQ no in order to determine how many hashes
3166 * we have to calculate */
3167 if (ntohl(esp->esp_seq) - esp_tuple->seq_no > 0 &&
3168- ntohl(esp->esp_seq) - esp_tuple->seq_no <= (unsigned)window_size) {
3169+ ntohl(esp->esp_seq) - esp_tuple->seq_no <= (unsigned) window_size) {
3170 HIP_DEBUG("seq number within verification window\n");
3171
3172 num_verify = ntohl(esp->esp_seq) - esp_tuple->seq_no;
3173@@ -1224,10 +1222,10 @@
3174 conntrack_tfm->hash_length);
3175 } else {
3176 // don't copy the next anchor, but the already verified hash
3177- memcpy( &esp_tuple->active_anchors[active_hchain][0], ((unsigned char *) esp) + sizeof(struct hip_esp),
3178- conntrack_tfm->hash_length);
3179- memcpy( &esp_tuple->first_active_anchors[active_hchain][0], &esp_tuple->next_anchors[active_hchain][0],
3180- conntrack_tfm->hash_length);
3181+ memcpy(&esp_tuple->active_anchors[active_hchain][0], ((unsigned char *) esp) + sizeof(struct hip_esp),
3182+ conntrack_tfm->hash_length);
3183+ memcpy(&esp_tuple->first_active_anchors[active_hchain][0], &esp_tuple->next_anchors[active_hchain][0],
3184+ conntrack_tfm->hash_length);
3185 }
3186
3187 // change roots
3188
3189=== modified file 'firewall/esp_prot_fw_msg.c'
3190--- firewall/esp_prot_fw_msg.c 2011-01-06 17:05:42 +0000
3191+++ firewall/esp_prot_fw_msg.c 2011-01-11 14:04:40 +0000
3192@@ -68,14 +68,14 @@
3193 static struct hip_common *create_bex_store_update_msg(struct hchain_store *hcstore,
3194 const int use_hash_trees)
3195 {
3196- struct hip_common *msg = NULL;
3197- struct esp_prot_tfm *transform = NULL;
3198- struct hash_chain *hchain = NULL;
3199- struct hash_tree *htree = NULL;
3200- unsigned char *anchor = NULL;
3201- unsigned j = 0;
3202- uint8_t i = 0;
3203- int hash_length = 0, num_hchains = 0, err = 0, hash_item_length = 0;
3204+ struct hip_common *msg = NULL;
3205+ struct esp_prot_tfm *transform = NULL;
3206+ struct hash_chain *hchain = NULL;
3207+ struct hash_tree *htree = NULL;
3208+ unsigned char *anchor = NULL;
3209+ unsigned j = 0;
3210+ uint8_t i = 0;
3211+ int hash_length = 0, num_hchains = 0, err = 0, hash_item_length = 0;
3212
3213 HIP_ASSERT(hcstore != NULL);
3214
3215@@ -185,10 +185,10 @@
3216 */
3217 int send_esp_prot_to_hipd(const int activate)
3218 {
3219- struct hip_common *msg = NULL;
3220- int num_transforms = 0;
3221- int err = 0, i;
3222- uint8_t transform = 0;
3223+ struct hip_common *msg = NULL;
3224+ int num_transforms = 0;
3225+ int err = 0, i;
3226+ uint8_t transform = 0;
3227
3228 HIP_ASSERT(activate >= 0);
3229
3230@@ -285,7 +285,7 @@
3231 const int use_hash_trees)
3232 {
3233 struct hip_common *msg = NULL;
3234- int err = 0;
3235+ int err = 0;
3236
3237 HIP_ASSERT(hcstore != NULL);
3238
3239@@ -328,19 +328,19 @@
3240 const int *anchor_offset,
3241 struct hash_tree *link_trees[MAX_NUM_PARALLEL_HCHAINS])
3242 {
3243- int err = 0;
3244- int i = 0;
3245- struct hip_common *msg = NULL;
3246- int hash_length = 0;
3247- struct hash_chain *hchain = NULL;
3248- struct hash_tree *htree = NULL;
3249- struct hash_tree *link_tree = NULL;
3250- int secret_length = 0;
3251- int branch_length = 0;
3252- int root_length = 0;
3253- const unsigned char *secret = NULL;
3254- unsigned char *branch_nodes = NULL;
3255- const unsigned char *root = NULL;
3256+ int err = 0;
3257+ int i = 0;
3258+ struct hip_common *msg = NULL;
3259+ int hash_length = 0;
3260+ struct hash_chain *hchain = NULL;
3261+ struct hash_tree *htree = NULL;
3262+ struct hash_tree *link_tree = NULL;
3263+ int secret_length = 0;
3264+ int branch_length = 0;
3265+ int root_length = 0;
3266+ const unsigned char *secret = NULL;
3267+ unsigned char *branch_nodes = NULL;
3268+ const unsigned char *root = NULL;
3269
3270 HIP_ASSERT(entry != NULL);
3271
3272@@ -358,17 +358,17 @@
3273 HIP_DEBUG_HIT("src_hit", &entry->inner_src_addr);
3274 HIP_IFEL(hip_build_param_contents(msg, &entry->inner_src_addr,
3275 HIP_PARAM_HIT, sizeof(struct in6_addr)),
3276- -1, "build param contents failed\n");
3277+ -1, "build param contents failed\n");
3278
3279 HIP_DEBUG_HIT("dst_hit", &entry->inner_dst_addr);
3280 HIP_IFEL(hip_build_param_contents(msg, &entry->inner_dst_addr,
3281 HIP_PARAM_HIT, sizeof(struct in6_addr)),
3282- -1, "build param contents failed\n");
3283+ -1, "build param contents failed\n");
3284
3285 HIP_DEBUG("esp_prot_transform: %u\n", entry->esp_prot_transform);
3286 HIP_IFEL(hip_build_param_contents(msg, &entry->esp_prot_transform,
3287 HIP_PARAM_ESP_PROT_TFM, sizeof(uint8_t)),
3288- -1, "build param contents failed\n");
3289+ -1, "build param contents failed\n");
3290
3291 // also send the hchain/htree length for all update items
3292 HIP_IFEL(hip_build_param_contents(msg, &hash_item_length, HIP_PARAM_INT,
3293@@ -386,7 +386,7 @@
3294 HIP_IFEL(hip_build_param_contents(msg, anchors[i],
3295 HIP_PARAM_HCHAIN_ANCHOR,
3296 hash_length), -1,
3297- "build param contents failed\n");
3298+ "build param contents failed\n");
3299 }
3300
3301 // now transmit root for each next hash item for tree-based updates, if available
3302@@ -411,7 +411,7 @@
3303 HIP_IFEL(hip_build_param_contents(msg, &root_length,
3304 HIP_PARAM_INT,
3305 sizeof(int)), -1,
3306- "build param contents failed\n");
3307+ "build param contents failed\n");
3308 }
3309
3310 if (root) {
3311@@ -425,7 +425,7 @@
3312 HIP_DEBUG("soft_update: %i\n", soft_update);
3313 HIP_IFEL(hip_build_param_contents(msg, &soft_update, HIP_PARAM_INT,
3314 sizeof(int)), -1,
3315- "build param contents failed\n");
3316+ "build param contents failed\n");
3317
3318 if (soft_update) {
3319 for (i = 0; i < num_parallel_hchains; i++) {
3320@@ -434,37 +434,37 @@
3321 HIP_IFEL(!(branch_nodes = htree_get_branch(link_trees[i],
3322 anchor_offset[i], NULL,
3323 &branch_length)), -1,
3324- "failed to get branch nodes\n");
3325+ "failed to get branch nodes\n");
3326
3327 HIP_DEBUG("anchor_offset: %i\n", anchor_offset[i]);
3328 HIP_IFEL(hip_build_param_contents(msg, &anchor_offset[i],
3329 HIP_PARAM_INT,
3330 sizeof(int)), -1,
3331- "build param contents failed\n");
3332+ "build param contents failed\n");
3333
3334 HIP_DEBUG("secret_length: %i\n", secret_length);
3335 HIP_IFEL(hip_build_param_contents(msg, &secret_length,
3336 HIP_PARAM_INT,
3337 sizeof(int)), -1,
3338- "build param contents failed\n");
3339+ "build param contents failed\n");
3340
3341 HIP_DEBUG("branch_length: %i\n", branch_length);
3342 HIP_IFEL(hip_build_param_contents(msg, &branch_length,
3343 HIP_PARAM_INT,
3344 sizeof(int)), -1,
3345- "build param contents failed\n");
3346+ "build param contents failed\n");
3347
3348 HIP_HEXDUMP("secret: ", secret, secret_length);
3349 HIP_IFEL(hip_build_param_contents(msg, secret,
3350 HIP_PARAM_SECRET,
3351 secret_length), -1,
3352- "build param contents failed\n");
3353+ "build param contents failed\n");
3354
3355 HIP_HEXDUMP("branch_nodes: ", branch_nodes, branch_length);
3356 HIP_IFEL(hip_build_param_contents(msg, branch_nodes,
3357 HIP_PARAM_BRANCH_NODES,
3358 branch_length), -1,
3359- "build param contents failed\n");
3360+ "build param contents failed\n");
3361 }
3362 }
3363
3364@@ -493,13 +493,13 @@
3365 */
3366 int send_anchor_change_to_hipd(const struct hip_sa_entry *entry)
3367 {
3368- int err = 0;
3369- int hash_length = 0;
3370- long i = 0;
3371- unsigned char *anchor = NULL;
3372- struct hip_common *msg = NULL;
3373- struct hash_chain *hchain = NULL;
3374- struct hash_tree *htree = NULL;
3375+ int err = 0;
3376+ int hash_length = 0;
3377+ long i = 0;
3378+ unsigned char *anchor = NULL;
3379+ struct hip_common *msg = NULL;
3380+ struct hash_chain *hchain = NULL;
3381+ struct hash_tree *htree = NULL;
3382
3383 HIP_ASSERT(entry != NULL);
3384 HIP_ASSERT(entry->direction == HIP_SPI_DIRECTION_OUT);
3385@@ -518,22 +518,22 @@
3386 HIP_DEBUG_HIT("src_hit", &entry->inner_src_addr);
3387 HIP_IFEL(hip_build_param_contents(msg, &entry->inner_src_addr,
3388 HIP_PARAM_HIT, sizeof(struct in6_addr)),
3389- -1, "build param contents failed\n");
3390+ -1, "build param contents failed\n");
3391
3392 HIP_DEBUG_HIT("dst_hit", &entry->inner_dst_addr);
3393 HIP_IFEL(hip_build_param_contents(msg, &entry->inner_dst_addr,
3394 HIP_PARAM_HIT, sizeof(struct in6_addr)),
3395- -1, "build param contents failed\n");
3396+ -1, "build param contents failed\n");
3397
3398 HIP_DEBUG("direction: %i\n", entry->direction);
3399 HIP_IFEL(hip_build_param_contents(msg, &entry->direction,
3400 HIP_PARAM_INT, sizeof(int)), -1,
3401- "build param contents failed\n");
3402+ "build param contents failed\n");
3403
3404 HIP_DEBUG("esp_prot_transform: %u\n", entry->esp_prot_transform);
3405 HIP_IFEL(hip_build_param_contents(msg, &entry->esp_prot_transform,
3406 HIP_PARAM_ESP_PROT_TFM, sizeof(uint8_t)),
3407- -1, "build param contents failed\n");
3408+ -1, "build param contents failed\n");
3409
3410 HIP_DEBUG("esp_prot_num_parallel_hchains: %i\n", num_parallel_hchains);
3411 HIP_IFEL(hip_build_param_contents(msg, &num_parallel_hchains,
3412@@ -553,7 +553,7 @@
3413 HIP_HEXDUMP("anchor: ", anchor, hash_length);
3414 HIP_IFEL(hip_build_param_contents(msg, anchor,
3415 HIP_PARAM_HCHAIN_ANCHOR, hash_length),
3416- -1, "build param contents failed\n");
3417+ -1, "build param contents failed\n");
3418 }
3419
3420 HIP_DUMP_MSG(msg);
3421@@ -582,15 +582,15 @@
3422 * @return 0 on success, -1 on error
3423 */
3424 int esp_prot_handle_sa_add_request(const struct hip_common *msg,
3425- uint8_t *esp_prot_transform,
3426- uint16_t *num_anchors,
3427- unsigned char (*esp_prot_anchors)[MAX_HASH_LENGTH],
3428- uint32_t *hash_item_length)
3429+ uint8_t *esp_prot_transform,
3430+ uint16_t *num_anchors,
3431+ unsigned char (*esp_prot_anchors)[MAX_HASH_LENGTH],
3432+ uint32_t *hash_item_length)
3433 {
3434- const struct hip_tlv_common *param = NULL;
3435- int hash_length = 0, err = 0;
3436- const unsigned char *anchor = NULL;
3437- uint16_t i;
3438+ const struct hip_tlv_common *param = NULL;
3439+ int hash_length = 0, err = 0;
3440+ const unsigned char *anchor = NULL;
3441+ uint16_t i;
3442 *num_anchors = 0;
3443 *esp_prot_transform = 0;
3444
3445
3446=== modified file 'firewall/esp_prot_fw_msg.h'
3447--- firewall/esp_prot_fw_msg.h 2011-01-04 14:23:17 +0000
3448+++ firewall/esp_prot_fw_msg.h 2011-01-11 14:04:40 +0000
3449@@ -53,9 +53,9 @@
3450 struct hash_tree *link_trees[MAX_NUM_PARALLEL_HCHAINS]);
3451 int send_anchor_change_to_hipd(const struct hip_sa_entry *entry);
3452 int esp_prot_handle_sa_add_request(const struct hip_common *msg,
3453- uint8_t *esp_prot_transform,
3454- uint16_t *num_anchors,
3455+ uint8_t * esp_prot_transform,
3456+ uint16_t * num_anchors,
3457 unsigned char (*esp_prot_anchors)[MAX_HASH_LENGTH],
3458- uint32_t *hash_item_length);
3459+ uint32_t * hash_item_length);
3460
3461 #endif /* HIP_FIREWALL_ESP_PROT_FW_MSG_H */
3462
3463=== modified file 'firewall/file_buffer.c'
3464--- firewall/file_buffer.c 2010-11-12 17:49:42 +0000
3465+++ firewall/file_buffer.c 2011-01-11 14:04:40 +0000
3466@@ -80,8 +80,8 @@
3467 /* First, we try to determine the current file size for the new buffer size.
3468 * If that fails (it does, e.g., for proc files), we just increase the
3469 * current buffer size. */
3470- errno = 0;
3471- file_size = lseek(fb->fd, 0, SEEK_END);
3472+ errno = 0;
3473+ file_size = lseek(fb->fd, 0, SEEK_END);
3474 if (file_size != -1 || EINVAL == errno) {
3475 if (file_size != -1) {
3476 fb->buffer_size = file_size + HIP_FB_HEADROOM; // add a little head room
3477@@ -191,8 +191,8 @@
3478 fb->fd = -1;
3479 }
3480 free(fb->ma.start);
3481- fb->ma.start = NULL;
3482- fb->ma.end = NULL;
3483+ fb->ma.start = NULL;
3484+ fb->ma.end = NULL;
3485 }
3486 }
3487
3488@@ -217,7 +217,7 @@
3489
3490 while (1) {
3491 ssize_t bytes;
3492- off_t seek_offset;
3493+ off_t seek_offset;
3494
3495 // can we re-read the whole file into the memory buffer?
3496 seek_offset = lseek(fb->fd, 0, SEEK_SET);
3497@@ -232,7 +232,7 @@
3498 HIP_ERROR("Reading the contents of the file descriptor %d via read() into a memory buffer of size %d failed with the error %s\n",
3499 fb->fd, fb->buffer_size, strerror(errno));
3500 break;
3501- } else if ((size_t)bytes == fb->buffer_size) {
3502+ } else if ((size_t) bytes == fb->buffer_size) {
3503 // we can't fit the file into the memory buffer -> resize it
3504 if (hip_fb_resize(fb) == 0) {
3505 // successful resize -> retry reading
3506
3507=== modified file 'firewall/firewall.c'
3508--- firewall/firewall.c 2011-01-10 10:14:22 +0000
3509+++ firewall/firewall.c 2011-01-11 14:04:40 +0000
3510@@ -142,14 +142,14 @@
3511
3512 /* externally used state */
3513 // TODO try to decrease number of globally used variables
3514-int filter_traffic = HIP_FW_FILTER_TRAFFIC_BY_DEFAULT;
3515-int hip_kernel_ipsec_fallback = 0;
3516-int hip_lsi_support = 0;
3517-int system_based_opp_mode = 0;
3518-int esp_relay = 0;
3519-int hip_esp_protection = 0;
3520+int filter_traffic = HIP_FW_FILTER_TRAFFIC_BY_DEFAULT;
3521+int hip_kernel_ipsec_fallback = 0;
3522+int hip_lsi_support = 0;
3523+int system_based_opp_mode = 0;
3524+int esp_relay = 0;
3525+int hip_esp_protection = 0;
3526 #ifdef CONFIG_HIP_MIDAUTH
3527-int use_midauth = 0;
3528+int use_midauth = 0;
3529 #endif
3530
3531 /** Use this to send and receive responses to hipd. Notice that
3532@@ -162,12 +162,12 @@
3533 *
3534 * @todo make accessible through send function, no-one should read on that
3535 */
3536-int hip_fw_sock = 0;
3537+int hip_fw_sock = 0;
3538 /**
3539 * Use this socket *only* for receiving async messages from hipd
3540 * @todo make static, no-one should read on that
3541 */
3542-int hip_fw_async_sock = 0;
3543+int hip_fw_async_sock = 0;
3544
3545 /**
3546 * display usage of firewall to stdout
3547@@ -213,8 +213,8 @@
3548 */
3549 static int hip_fw_init_userspace_ipsec(void)
3550 {
3551- int err = 0;
3552- int ver_c;
3553+ int err = 0;
3554+ int ver_c;
3555 struct utsname name;
3556
3557 HIP_IFEL(uname(&name), -1, "Failed to retrieve kernel information: %s\n",
3558@@ -301,7 +301,7 @@
3559
3560 // userspace ipsec is a prerequisite for esp protection
3561 if (hip_esp_protection && hip_userspace_ipsec) {
3562- HIP_IFEL(esp_prot_init(), -1, "failed to init esp protection\n");
3563+ HIP_IFEL(esp_prot_init(), -1, "failed to init esp protection\n");
3564 } else {
3565 HIP_ERROR("userspace ipsec needs to be turned on for this to work\n");
3566
3567@@ -435,7 +435,6 @@
3568 return err;
3569 }
3570
3571-
3572 /*
3573 * Initialize rules for filtering traffic
3574 *
3575@@ -551,7 +550,7 @@
3576 /* Still accept HIP traffic as if the -A flag had been given
3577 * instead of -F */
3578 accept_hip_esp_traffic_by_default = 1;
3579- restore_accept_hip_esp_traffic = 1;
3580+ restore_accept_hip_esp_traffic = 1;
3581
3582 firewall_init_filter_traffic();
3583 }
3584@@ -604,11 +603,11 @@
3585 */
3586 static int hip_query_default_local_hit_from_hipd(void)
3587 {
3588- int err = 0;
3589- struct hip_common *msg = NULL;
3590+ int err = 0;
3591+ struct hip_common *msg = NULL;
3592 const struct hip_tlv_common *param = NULL;
3593- const hip_hit_t *hit = NULL;
3594- const hip_lsi_t *lsi = NULL;
3595+ const hip_hit_t *hit = NULL;
3596+ const hip_lsi_t *lsi = NULL;
3597
3598 HIP_IFE(!(msg = hip_msg_alloc()), -1);
3599 HIP_IFEL(hip_build_user_hdr(msg, HIP_MSG_DEFAULT_HIT, 0), -1,
3600@@ -742,9 +741,9 @@
3601 */
3602 static void firewall_probe_kernel_modules(void)
3603 {
3604- int count, err, status;
3605- char cmd[40];
3606- int mod_total;
3607+ int count, err, status;
3608+ char cmd[40];
3609+ int mod_total;
3610 const char *mod_name[] =
3611 { "ip_queue", "ip6_queue", "iptable_filter", "ip6table_filter" };
3612
3613@@ -855,9 +854,9 @@
3614
3615 if (esp_relay && ctx->udp_encap_hdr &&
3616 ((ret = hipfw_relay_esp(ctx)) <= 0)) {
3617- /* 0: drop original and reinject new packet
3618- -1: accept reinject packet and avoid filter_esp_state
3619- 1: just let it pass => proceed to filter */
3620+ /* 0: drop original and reinject new packet
3621+ * -1: accept reinject packet and avoid filter_esp_state
3622+ * 1: just let it pass => proceed to filter */
3623 if (ret == 0) {
3624 HIP_DEBUG("Drop original and reinject relayed ESP packet\n");
3625 verdict = 0;
3626@@ -865,7 +864,7 @@
3627 HIP_DEBUG("Accept reinjected packet\n");
3628 verdict = 1;
3629 } else {
3630- HIP_ASSERT(0);
3631+ HIP_ASSERT(0);
3632 }
3633 } else if (filter_esp_state(ctx) > 0) {
3634 verdict = 1;
3635@@ -900,14 +899,14 @@
3636 struct hip_fw_context *ctx)
3637 {
3638 // complete rule list for hook (== IN / OUT / FORWARD)
3639- struct dlist *list = get_rule_list(hook);
3640- struct rule *rule = NULL;
3641+ struct dlist *list = get_rule_list(hook);
3642+ struct rule *rule = NULL;
3643 // assume match for current rule
3644- int match = 1, print_addr = 0;
3645+ int match = 1, print_addr = 0;
3646 // assume packet has not yet passed connection tracking
3647- int conntracked = 0;
3648+ int conntracked = 0;
3649 // block traffic by default
3650- int verdict = 0;
3651+ int verdict = 0;
3652
3653 HIP_DEBUG("\n");
3654
3655@@ -922,25 +921,25 @@
3656 if (buf->type_hdr == HIP_I1) {
3657 HIP_INFO("received packet type: I1\n");
3658 print_addr = 1;
3659- } else if (buf->type_hdr == HIP_R1) {
3660+ } else if (buf->type_hdr == HIP_R1) {
3661 HIP_INFO("received packet type: R1\n");
3662 print_addr = 1;
3663- } else if (buf->type_hdr == HIP_I2) {
3664+ } else if (buf->type_hdr == HIP_I2) {
3665 HIP_INFO("received packet type: I2\n");
3666 print_addr = 1;
3667- } else if (buf->type_hdr == HIP_R2) {
3668+ } else if (buf->type_hdr == HIP_R2) {
3669 HIP_INFO("received packet type: R2\n");
3670 print_addr = 1;
3671- } else if (buf->type_hdr == HIP_UPDATE) {
3672+ } else if (buf->type_hdr == HIP_UPDATE) {
3673 HIP_INFO("received packet type: UPDATE\n");
3674 print_addr = 1;
3675- } else if (buf->type_hdr == HIP_CLOSE) {
3676+ } else if (buf->type_hdr == HIP_CLOSE) {
3677 HIP_INFO("received packet type: CLOSE\n");
3678 print_addr = 1;
3679- } else if (buf->type_hdr == HIP_CLOSE_ACK) {
3680+ } else if (buf->type_hdr == HIP_CLOSE_ACK) {
3681 HIP_INFO("received packet type: CLOSE_ACK\n");
3682 print_addr = 1;
3683- } else if (buf->type_hdr == HIP_NOTIFY) {
3684+ } else if (buf->type_hdr == HIP_NOTIFY) {
3685 HIP_DEBUG("received packet type: NOTIFY\n");
3686 } else if (buf->type_hdr == HIP_LUPDATE) {
3687 HIP_DEBUG("received packet type: LIGHT UPDATE\n");
3688@@ -1039,7 +1038,6 @@
3689 if (!filter_state(ip6_src, ip6_dst, buf, rule->state, rule->accept,
3690 ctx)) {
3691 match = 0;
3692-
3693 } else {
3694 // if it is a valid packet, this also tracked the packet
3695 conntracked = 1;
3696@@ -1140,7 +1138,8 @@
3697 *
3698 * @return the verdict (1 for pass and 0 for drop)
3699 */
3700-static int hip_fw_handle_hip_output(struct hip_fw_context *ctx){
3701+static int hip_fw_handle_hip_output(struct hip_fw_context *ctx)
3702+{
3703 int verdict = accept_hip_esp_traffic_by_default;
3704
3705 HIP_DEBUG("hip_fw_handle_hip_output \n");
3706@@ -1198,7 +1197,6 @@
3707 accept_normal_traffic_by_default);
3708
3709 if (ctx->ip_version == 6 && hip_userspace_ipsec) {
3710-
3711 hip_hit_t *def_hit = hip_fw_get_default_hit();
3712 HIP_DEBUG_HIT("destination hit: ", &ctx->dst);
3713
3714@@ -1229,7 +1227,7 @@
3715 }
3716 } else if (system_based_opp_mode) {
3717 verdict = hip_fw_handle_outgoing_system_based_opp(ctx,
3718- accept_normal_traffic_by_default);
3719+ accept_normal_traffic_by_default);
3720 }
3721 }
3722
3723@@ -1428,10 +1426,10 @@
3724 NF_IP_FORWARD);
3725
3726 // funtion pointers for the respective packet handlers
3727- fw_handlers[NF_IP_LOCAL_IN][OTHER_PACKET] = hip_fw_handle_other_input;
3728- fw_handlers[NF_IP_LOCAL_IN][HIP_PACKET] = hip_fw_handle_hip_input;
3729- fw_handlers[NF_IP_LOCAL_IN][ESP_PACKET] = hip_fw_handle_esp_input;
3730- fw_handlers[NF_IP_LOCAL_IN][TCP_PACKET] = hip_fw_handle_tcp_input;
3731+ fw_handlers[NF_IP_LOCAL_IN][OTHER_PACKET] = hip_fw_handle_other_input;
3732+ fw_handlers[NF_IP_LOCAL_IN][HIP_PACKET] = hip_fw_handle_hip_input;
3733+ fw_handlers[NF_IP_LOCAL_IN][ESP_PACKET] = hip_fw_handle_esp_input;
3734+ fw_handlers[NF_IP_LOCAL_IN][TCP_PACKET] = hip_fw_handle_tcp_input;
3735
3736 fw_handlers[NF_IP_LOCAL_OUT][OTHER_PACKET] = hip_fw_handle_other_output;
3737 fw_handlers[NF_IP_LOCAL_OUT][HIP_PACKET] = hip_fw_handle_hip_output;
3738@@ -1439,10 +1437,10 @@
3739 fw_handlers[NF_IP_LOCAL_OUT][TCP_PACKET] = hip_fw_handle_tcp_output;
3740
3741 //apply rules for forwarded hip and esp traffic
3742- fw_handlers[NF_IP_FORWARD][HIP_PACKET] = hip_fw_handle_hip_forward;
3743- fw_handlers[NF_IP_FORWARD][ESP_PACKET] = hip_fw_handle_esp_forward;
3744+ fw_handlers[NF_IP_FORWARD][HIP_PACKET] = hip_fw_handle_hip_forward;
3745+ fw_handlers[NF_IP_FORWARD][ESP_PACKET] = hip_fw_handle_esp_forward;
3746 //do not drop those files by default
3747- fw_handlers[NF_IP_FORWARD][TCP_PACKET] = hip_fw_handle_tcp_forward;
3748+ fw_handlers[NF_IP_FORWARD][TCP_PACKET] = hip_fw_handle_tcp_forward;
3749
3750 HIP_DEBUG("Enabling forwarding for IPv4 and IPv6\n");
3751 system_print("echo 1 >/proc/sys/net/ipv4/conf/all/forwarding");
3752@@ -1498,9 +1496,9 @@
3753 {
3754 int ip_hdr_len, err = 0;
3755 // length of packet starting at udp header
3756- uint16_t udp_len = 0;
3757- struct udphdr *udphdr = NULL;
3758- int udp_encap_zero_bytes = 0;
3759+ uint16_t udp_len = 0;
3760+ struct udphdr *udphdr = NULL;
3761+ int udp_encap_zero_bytes = 0;
3762
3763 // default assumption
3764 ctx->packet_type = OTHER_PACKET;
3765@@ -1529,9 +1527,9 @@
3766 /* ip_hl is given in multiple of 4 bytes
3767 *
3768 * NOTE: not sizeof(struct ip) as we might have options */
3769- ip_hdr_len = (iphdr->ip_hl * 4);
3770+ ip_hdr_len = (iphdr->ip_hl * 4);
3771 // needed for opportunistic TCP
3772- ctx->ip_hdr_len = ip_hdr_len;
3773+ ctx->ip_hdr_len = ip_hdr_len;
3774 HIP_DEBUG("ip_hdr_len is: %d\n", ip_hdr_len);
3775 HIP_DEBUG("total length: %u\n", ntohs(iphdr->ip_len));
3776 HIP_DEBUG("ttl: %u\n", iphdr->ip_ttl);
3777@@ -1553,7 +1551,7 @@
3778
3779 ctx->packet_type = HIP_PACKET;
3780 ctx->transport_hdr.hip = (struct hip_common *)
3781- (((char *) iphdr) + ip_hdr_len);
3782+ (((char *) iphdr) + ip_hdr_len);
3783
3784 goto end_init;
3785 } else if (iphdr->ip_p == IPPROTO_ESP) {
3786@@ -1562,7 +1560,7 @@
3787
3788 ctx->packet_type = ESP_PACKET;
3789 ctx->transport_hdr.esp = (struct hip_esp *)
3790- (((char *) iphdr) + ip_hdr_len);
3791+ (((char *) iphdr) + ip_hdr_len);
3792
3793 goto end_init;
3794 } else if (iphdr->ip_p == IPPROTO_TCP) {
3795@@ -1570,7 +1568,7 @@
3796 HIP_DEBUG("plain TCP packet\n");
3797
3798 ctx->packet_type = TCP_PACKET;
3799- ctx->transport_hdr.tcp = (struct tcphdr*)
3800+ ctx->transport_hdr.tcp = (struct tcphdr *)
3801 (((char *) iphdr) + ip_hdr_len);
3802
3803 HIP_DEBUG("src port: %u\n", ntohs(ctx->transport_hdr.tcp->source));
3804@@ -1585,9 +1583,9 @@
3805 }
3806
3807 // need UDP header to look for encapsulated ESP
3808- udp_len = ntohs(iphdr->ip_len);
3809- udphdr = ((struct udphdr *)
3810- (((char *) iphdr) + ip_hdr_len));
3811+ udp_len = ntohs(iphdr->ip_len);
3812+ udphdr = ((struct udphdr *)
3813+ (((char *) iphdr) + ip_hdr_len));
3814
3815 // add UDP header to context
3816 ctx->udp_encap_hdr = udphdr;
3817@@ -1597,9 +1595,9 @@
3818 ctx->ip_hdr.ipv6 = ip6_hdr;
3819
3820 // Ipv6 has fixed header length
3821- ip_hdr_len = sizeof(struct ip6_hdr);
3822+ ip_hdr_len = sizeof(struct ip6_hdr);
3823 // needed for opportunistic TCP
3824- ctx->ip_hdr_len = ip_hdr_len;
3825+ ctx->ip_hdr_len = ip_hdr_len;
3826 HIP_DEBUG("ip_hdr_len is: %d\n", ip_hdr_len);
3827 HIP_DEBUG("payload length: %u\n", ntohs(ip6_hdr->ip6_plen));
3828 HIP_DEBUG("ttl: %u\n", ip6_hdr->ip6_hlim);
3829@@ -1622,7 +1620,7 @@
3830
3831 ctx->packet_type = HIP_PACKET;
3832 ctx->transport_hdr.hip = (struct hip_common *)
3833- (((char *) ip6_hdr) + sizeof(struct ip6_hdr));
3834+ (((char *) ip6_hdr) + sizeof(struct ip6_hdr));
3835
3836 goto end_init;
3837 } else if (ip6_hdr->ip6_nxt == IPPROTO_ESP) {
3838@@ -1631,7 +1629,7 @@
3839
3840 ctx->packet_type = ESP_PACKET;
3841 ctx->transport_hdr.esp = (struct hip_esp *)
3842- (((char *) ip6_hdr) + sizeof(struct ip6_hdr));
3843+ (((char *) ip6_hdr) + sizeof(struct ip6_hdr));
3844
3845 goto end_init;
3846 } else if (ip6_hdr->ip6_nxt == IPPROTO_TCP) {
3847@@ -1639,7 +1637,7 @@
3848 HIP_DEBUG("plain TCP packet\n");
3849
3850 ctx->packet_type = TCP_PACKET;
3851- ctx->transport_hdr.tcp = (struct tcphdr*)
3852+ ctx->transport_hdr.tcp = (struct tcphdr *)
3853 (((char *) ip6_hdr) + sizeof(struct ip6_hdr));
3854
3855 HIP_DEBUG("src port: %u\n", ntohs(ctx->transport_hdr.tcp->source));
3856@@ -1661,9 +1659,9 @@
3857 *
3858 * NOTE: the length will include optional extension headers
3859 * -> handle this */
3860- udp_len = ntohs(ip6_hdr->ip6_plen);
3861- udphdr = ((struct udphdr *)
3862- (((char *) ip6_hdr) + ip_hdr_len));
3863+ udp_len = ntohs(ip6_hdr->ip6_plen);
3864+ udphdr = ((struct udphdr *)
3865+ (((char *) ip6_hdr) + ip_hdr_len));
3866
3867 // add udp header to context
3868 ctx->udp_encap_hdr = udphdr;
3869@@ -1682,7 +1680,6 @@
3870 if (ctx->ip_version == 4) {
3871 // we might have only received a UDP packet with headers only
3872 if (udp_len >= sizeof(struct ip) + sizeof(struct udphdr) + HIP_UDP_ZERO_BYTES_LEN) {
3873-
3874 uint32_t *zero_bytes = NULL;
3875
3876 // we can distinguish UDP encapsulated control and data traffic with 32 zero bits
3877@@ -1715,16 +1712,16 @@
3878 /* check if zero byte hint is correct and we are processing a
3879 * HIP control message */
3880 if (!hip_check_network_msg((struct hip_common *) (((char *) udphdr)
3881- + sizeof(struct udphdr)
3882- + HIP_UDP_ZERO_BYTES_LEN))) {
3883+ + sizeof(struct udphdr)
3884+ + HIP_UDP_ZERO_BYTES_LEN))) {
3885 // we found an UDP encapsulated HIP control packet
3886 HIP_DEBUG("UDP encapsulated HIP control packet\n");
3887
3888 // add to context
3889 ctx->packet_type = HIP_PACKET;
3890 ctx->transport_hdr.hip = (struct hip_common *) (((char *) udphdr)
3891- + sizeof(struct udphdr)
3892- + HIP_UDP_ZERO_BYTES_LEN);
3893+ + sizeof(struct udphdr)
3894+ + HIP_UDP_ZERO_BYTES_LEN);
3895
3896 goto end_init;
3897 }
3898@@ -1932,21 +1929,21 @@
3899 */
3900 int main(int argc, char **argv)
3901 {
3902- int err = 0, highest_descriptor, i;
3903- int n, len;
3904- struct ipq_handle *h4 = NULL, *h6 = NULL;
3905- int ch;
3906- char *rule_file = NULL;
3907- int errflg = 0, killold = 0;
3908- struct hip_common *msg = NULL;
3909- struct sockaddr_in6 sock_addr;
3910- socklen_t alen;
3911- fd_set read_fdset;
3912- struct timeval timeout;
3913- unsigned char buf[HIP_MAX_PACKET];
3914+ int err = 0, highest_descriptor, i;
3915+ int n, len;
3916+ struct ipq_handle *h4 = NULL, *h6 = NULL;
3917+ int ch;
3918+ char *rule_file = NULL;
3919+ int errflg = 0, killold = 0;
3920+ struct hip_common *msg = NULL;
3921+ struct sockaddr_in6 sock_addr;
3922+ socklen_t alen;
3923+ fd_set read_fdset;
3924+ struct timeval timeout;
3925+ unsigned char buf[HIP_MAX_PACKET];
3926 struct hip_fw_context ctx;
3927- int limit_capabilities = 0;
3928- int is_root = 0, access_ok = 0, msg_type = 0; //variables for accepting user messages only from hipd
3929+ int limit_capabilities = 0;
3930+ int is_root = 0, access_ok = 0, msg_type = 0; //variables for accepting user messages only from hipd
3931
3932 /* Make sure that root path is set up correcly (e.g. on Fedora 9).
3933 * Otherwise may get warnings from system_print() commands.
3934@@ -2007,7 +2004,7 @@
3935 rule_file = optarg;
3936 break;
3937 case 'F':
3938- filter_traffic = 0;
3939+ filter_traffic = 0;
3940 restore_filter_traffic = filter_traffic;
3941 break;
3942 case 'h':
3943@@ -2018,11 +2015,11 @@
3944 accept_normal_traffic_by_default = 0;
3945 break;
3946 case 'i':
3947- hip_userspace_ipsec = 1;
3948+ hip_userspace_ipsec = 1;
3949 hip_kernel_ipsec_fallback = 0;
3950 break;
3951 case 'I':
3952- hip_userspace_ipsec = 1;
3953+ hip_userspace_ipsec = 1;
3954 hip_kernel_ipsec_fallback = 1;
3955 break;
3956 case 'k':
3957@@ -2034,7 +2031,7 @@
3958 case 'm':
3959 #ifdef CONFIG_HIP_MIDAUTH
3960 filter_traffic = 1;
3961- use_midauth = 1;
3962+ use_midauth = 1;
3963 break;
3964 #endif
3965 case 'o':
3966@@ -2082,11 +2079,11 @@
3967 HIP_IFEL((hip_fw_sock < 0), 1, "Could not create socket for firewall.\n");
3968 memset(&sock_addr, 0, sizeof(sock_addr));
3969 sock_addr.sin6_family = AF_INET6;
3970- sock_addr.sin6_port = htons(HIP_FIREWALL_SYNC_PORT);
3971- sock_addr.sin6_addr = in6addr_loopback;
3972+ sock_addr.sin6_port = htons(HIP_FIREWALL_SYNC_PORT);
3973+ sock_addr.sin6_addr = in6addr_loopback;
3974
3975- for (i=0; i<2; i++) {
3976- err = bind(hip_fw_sock, (struct sockaddr *)& sock_addr,
3977+ for (i = 0; i < 2; i++) {
3978+ err = bind(hip_fw_sock, (struct sockaddr *) &sock_addr,
3979 sizeof(sock_addr));
3980 if (err == 0) {
3981 break;
3982@@ -2103,9 +2100,9 @@
3983 HIP_IFEL((hip_fw_async_sock < 0), 1, "Could not create socket for firewall.\n");
3984 memset(&sock_addr, 0, sizeof(sock_addr));
3985 sock_addr.sin6_family = AF_INET6;
3986- sock_addr.sin6_port = htons(HIP_FIREWALL_PORT);
3987- sock_addr.sin6_addr = in6addr_loopback;
3988- HIP_IFEL(bind(hip_fw_async_sock, (struct sockaddr *)& sock_addr, sizeof(sock_addr)), -1,
3989+ sock_addr.sin6_port = htons(HIP_FIREWALL_PORT);
3990+ sock_addr.sin6_addr = in6addr_loopback;
3991+ HIP_IFEL(bind(hip_fw_async_sock, (struct sockaddr *) &sock_addr, sizeof(sock_addr)), -1,
3992 "Bind on firewall socket addr failed. Give -k option to kill old hipfw\n");
3993 HIP_IFEL(hip_daemon_connect(hip_fw_async_sock), -1,
3994 "connecting socket failed\n");
3995@@ -2175,7 +2172,7 @@
3996 FD_SET(h4->fd, &read_fdset);
3997 FD_SET(h6->fd, &read_fdset);
3998
3999- timeout.tv_sec = HIP_SELECT_TIMEOUT;
4000+ timeout.tv_sec = HIP_SELECT_TIMEOUT;
4001 timeout.tv_usec = 0;
4002
4003 // get handle with queued packet and process
4004@@ -2238,8 +2235,8 @@
4005
4006 HIP_DEBUG("Receiving message type %d (%d bytes)\n",
4007 hip_get_msg_type(msg), len);
4008- n = recvfrom(hip_fw_async_sock, msg, len, 0,
4009- (struct sockaddr *) &sock_addr, &alen);
4010+ n = recvfrom(hip_fw_async_sock, msg, len, 0,
4011+ (struct sockaddr *) &sock_addr, &alen);
4012
4013 if (n < 0) {
4014 HIP_ERROR("Error receiving message parameters from daemon.\n");
4015
4016=== modified file 'firewall/firewall_control.c'
4017--- firewall/firewall_control.c 2010-11-30 14:50:30 +0000
4018+++ firewall/firewall_control.c 2011-01-11 14:04:40 +0000
4019@@ -60,20 +60,20 @@
4020 */
4021 static int hip_handle_bex_state_update(struct hip_common *msg)
4022 {
4023- const struct in6_addr *src_hit = NULL, *dst_hit = NULL;
4024- const struct hip_tlv_common *param = NULL;
4025- int err = 0, msg_type = 0;
4026+ const struct in6_addr *src_hit = NULL, *dst_hit = NULL;
4027+ const struct hip_tlv_common *param = NULL;
4028+ int err = 0, msg_type = 0;
4029
4030 msg_type = hip_get_msg_type(msg);
4031
4032 /* src_hit */
4033- param = hip_get_param(msg, HIP_PARAM_HIT);
4034- src_hit = hip_get_param_contents_direct(param);
4035+ param = hip_get_param(msg, HIP_PARAM_HIT);
4036+ src_hit = hip_get_param_contents_direct(param);
4037 HIP_DEBUG_HIT("Source HIT: ", src_hit);
4038
4039 /* dst_hit */
4040- param = hip_get_next_param(msg, param);
4041- dst_hit = hip_get_param_contents_direct(param);
4042+ param = hip_get_next_param(msg, param);
4043+ dst_hit = hip_get_param_contents_direct(param);
4044 HIP_DEBUG_HIT("Destination HIT: ", dst_hit);
4045
4046 /* update bex_state in firewalldb */
4047@@ -100,7 +100,7 @@
4048 */
4049 int hip_handle_msg(struct hip_common *msg)
4050 {
4051- int type, err = 0;
4052+ int type, err = 0;
4053 struct hip_common *msg_out = NULL;
4054
4055 HIP_DEBUG("Handling message from hipd\n");
4056
4057=== modified file 'firewall/firewall_defines.h'
4058--- firewall/firewall_defines.h 2011-01-04 14:32:37 +0000
4059+++ firewall/firewall_defines.h 2011-01-11 14:04:40 +0000
4060@@ -48,9 +48,9 @@
4061 ipq_packet_msg_t *ipq_packet;
4062
4063 // IP layer information
4064- int ip_version; /* 4, 6 */
4065- int ip_hdr_len;
4066- struct in6_addr src, dst;
4067+ int ip_version; /* 4, 6 */
4068+ int ip_hdr_len;
4069+ struct in6_addr src, dst;
4070 union {
4071 struct ip6_hdr *ipv6;
4072 struct ip *ipv4;
4073@@ -65,43 +65,43 @@
4074 } transport_hdr;
4075 struct udphdr *udp_encap_hdr;
4076
4077- int modified;
4078+ int modified;
4079 };
4080
4081 /********** State table structures **************/
4082
4083 struct esp_address {
4084- struct in6_addr dst_addr;
4085- uint32_t *update_id; // null or pointer to the update id from the packet
4086+ struct in6_addr dst_addr;
4087+ uint32_t *update_id; // null or pointer to the update id from the packet
4088 // that announced this address.
4089 // when ack with the update id is seen all esp_addresses with
4090 // null update_id can be removed.
4091 };
4092
4093 struct esp_tuple {
4094- uint32_t spi;
4095- uint32_t new_spi;
4096- uint32_t spi_update_id;
4097- struct slist *dst_addr_list;
4098- struct tuple *tuple;
4099+ uint32_t spi;
4100+ uint32_t new_spi;
4101+ uint32_t spi_update_id;
4102+ struct slist *dst_addr_list;
4103+ struct tuple *tuple;
4104 /* tracking of the ESP SEQ number */
4105- uint32_t seq_no;
4106+ uint32_t seq_no;
4107 /* members needed for ESP protection extension */
4108- uint8_t esp_prot_tfm;
4109- uint32_t hash_item_length;
4110- uint32_t hash_tree_depth;
4111- long num_hchains;
4112- unsigned char active_anchors[MAX_NUM_PARALLEL_HCHAINS][MAX_HASH_LENGTH];
4113+ uint8_t esp_prot_tfm;
4114+ uint32_t hash_item_length;
4115+ uint32_t hash_tree_depth;
4116+ long num_hchains;
4117+ unsigned char active_anchors[MAX_NUM_PARALLEL_HCHAINS][MAX_HASH_LENGTH];
4118 // need for verification of anchor updates
4119- unsigned char first_active_anchors[MAX_NUM_PARALLEL_HCHAINS][MAX_HASH_LENGTH];
4120- unsigned char next_anchors[MAX_NUM_PARALLEL_HCHAINS][MAX_HASH_LENGTH];
4121- int active_root_length;
4122- unsigned char *active_roots[MAX_NUM_PARALLEL_HCHAINS];
4123- int next_root_length[MAX_NUM_PARALLEL_HCHAINS];
4124- unsigned char *next_roots[MAX_NUM_PARALLEL_HCHAINS];
4125+ unsigned char first_active_anchors[MAX_NUM_PARALLEL_HCHAINS][MAX_HASH_LENGTH];
4126+ unsigned char next_anchors[MAX_NUM_PARALLEL_HCHAINS][MAX_HASH_LENGTH];
4127+ int active_root_length;
4128+ unsigned char *active_roots[MAX_NUM_PARALLEL_HCHAINS];
4129+ int next_root_length[MAX_NUM_PARALLEL_HCHAINS];
4130+ unsigned char *next_roots[MAX_NUM_PARALLEL_HCHAINS];
4131 /** List temporarily storing anchor elements until the consecutive update
4132 * msg reveals that all on-path devices know the new anchor. */
4133- struct hip_ll anchor_cache;
4134+ struct hip_ll anchor_cache;
4135 /** buffer storing hashes of previous packets for cumulative authentication */
4136 struct esp_cumulative_item hash_buffer[MAX_RING_BUFFER_SIZE];
4137 };
4138@@ -130,9 +130,9 @@
4139 struct connection *connection;
4140 int state;
4141 uint32_t lupdate_seq;
4142- int esp_relay;
4143- struct in6_addr esp_relay_daddr;
4144- in_port_t esp_relay_dport;
4145+ int esp_relay;
4146+ struct in6_addr esp_relay_daddr;
4147+ in_port_t esp_relay_dport;
4148 };
4149
4150 struct connection {
4151@@ -142,10 +142,10 @@
4152 int state;
4153 struct timeval time_stamp;
4154 /* members needed for ESP protection extension */
4155- int num_esp_prot_tfms;
4156- uint8_t esp_prot_tfms[MAX_NUM_TRANSFORMS];
4157+ int num_esp_prot_tfms;
4158+ uint8_t esp_prot_tfms[MAX_NUM_TRANSFORMS];
4159 #ifdef CONFIG_HIP_MIDAUTH
4160- int pisa_state;
4161+ int pisa_state;
4162 #endif
4163 };
4164
4165
4166=== modified file 'firewall/helpers.c'
4167--- firewall/helpers.c 2010-12-13 21:15:07 +0000
4168+++ firewall/helpers.c 2011-01-11 14:04:40 +0000
4169@@ -71,7 +71,7 @@
4170 struct in6_addr *numeric_to_addr(const char *num)
4171 {
4172 static struct in6_addr ap;
4173- int err;
4174+ int err;
4175 if ((err = inet_pton(AF_INET6, num, &ap)) == 1) {
4176 return &ap;
4177 }
4178
4179=== modified file 'firewall/line_parser.c'
4180--- firewall/line_parser.c 2010-11-30 14:40:39 +0000
4181+++ firewall/line_parser.c 2011-01-11 14:04:40 +0000
4182@@ -110,8 +110,8 @@
4183 return NULL;
4184 }
4185
4186- remaining = lp->ma->end - lp->cur;
4187- lp->cur = memchr(lp->cur, '\n', remaining);
4188+ remaining = lp->ma->end - lp->cur;
4189+ lp->cur = memchr(lp->cur, '\n', remaining);
4190
4191 // given the rest of the parsing code, we should always find a \n, but
4192 // let's check to be sure
4193
4194=== modified file 'firewall/lsi.c'
4195--- firewall/lsi.c 2011-01-04 13:57:31 +0000
4196+++ firewall/lsi.c 2011-01-11 14:04:40 +0000
4197@@ -84,7 +84,7 @@
4198 * @param src_ip an optional source IP address for the I1
4199 * @param dst_ip a destination IP for the I1
4200 * @return zero on success or negative on error
4201-
4202+ *
4203 * @note Many of the parameters are optional, but at least a
4204 * destination LSI, HIT or IP (for opportunistic BEX) must to be
4205 * provided
4206@@ -97,7 +97,7 @@
4207 const struct in6_addr *dst_ip)
4208 {
4209 struct hip_common *msg = NULL;
4210- int err = 0;
4211+ int err = 0;
4212 HIP_IFE(!(msg = hip_msg_alloc()), -1);
4213 HIP_IFEL(!dst_hit && !dst_ip && !dst_lsi,
4214 -1, "no destination hit, ip or lsi provided\n");
4215@@ -181,7 +181,7 @@
4216 int hip_is_packet_lsi_reinjection(hip_lsi_t *lsi)
4217 {
4218 hip_lsi_t *local_lsi;
4219- int err = 0;
4220+ int err = 0;
4221 HIP_IFEL(!(local_lsi = hip_fw_get_default_lsi()), -1,
4222 "Failed to get default LSI");
4223 if (local_lsi->s_addr == lsi->s_addr) {
4224@@ -212,13 +212,13 @@
4225 const int ipOrigTraffic,
4226 const int incoming)
4227 {
4228- int err = 0;
4229- int ip_hdr_size = 0;
4230- int packet_length = 0;
4231- int protocol = 0;
4232- int ttl = 0;
4233- uint8_t *msg = NULL;
4234- struct icmphdr *icmp = NULL;
4235+ int err = 0;
4236+ int ip_hdr_size = 0;
4237+ int packet_length = 0;
4238+ int protocol = 0;
4239+ int ttl = 0;
4240+ uint8_t *msg = NULL;
4241+ struct icmphdr *icmp = NULL;
4242
4243 if (ipOrigTraffic == 4) {
4244 const struct ip *iphdr = (const struct ip *) m->payload;
4245@@ -238,7 +238,7 @@
4246 HIP_DEBUG_IN6ADDR("New packet dst address: ", dst_hit);
4247 }
4248
4249- if ((int)m->data_len <= (BUFSIZE - ip_hdr_size)) {
4250+ if ((int) m->data_len <= (BUFSIZE - ip_hdr_size)) {
4251 packet_length = m->data_len - ip_hdr_size;
4252 HIP_DEBUG("packet size smaller than buffer size\n");
4253 } else {
4254@@ -308,16 +308,16 @@
4255 const struct in6_addr *ip_dst,
4256 const int lsi_support)
4257 {
4258- int err = 0;
4259- int verdict = 1;
4260- int ip_hdr_size = 0;
4261- int portDest = 0;
4262- struct hip_hadb_user_info_state *entry = NULL;
4263- enum hip_port_binding port_binding = HIP_PORT_INFO_UNKNOWN;
4264- const struct ip6_hdr *ip6_hdr = NULL;
4265- struct in6_addr src_addr, dst_addr;
4266+ int err = 0;
4267+ int verdict = 1;
4268+ int ip_hdr_size = 0;
4269+ int portDest = 0;
4270+ struct hip_hadb_user_info_state *entry = NULL;
4271+ enum hip_port_binding port_binding = HIP_PORT_INFO_UNKNOWN;
4272+ const struct ip6_hdr *ip6_hdr = NULL;
4273+ struct in6_addr src_addr, dst_addr;
4274
4275- ip6_hdr = (const struct ip6_hdr *) m->payload;
4276+ ip6_hdr = (const struct ip6_hdr *) m->payload;
4277 ip_hdr_size = sizeof(struct ip6_hdr);
4278
4279 switch (ip6_hdr->ip6_nxt) {
4280@@ -398,7 +398,7 @@
4281 int hip_fw_handle_outgoing_lsi(ipq_packet_msg_t *m, struct in_addr *lsi_src,
4282 struct in_addr *lsi_dst)
4283 {
4284- int err = 0;
4285+ int err = 0;
4286 struct hip_hadb_user_info_state *entry_peer = NULL;
4287
4288 if (lsi_dst) {
4289
4290=== modified file 'firewall/midauth.c'
4291--- firewall/midauth.c 2011-01-07 16:09:23 +0000
4292+++ firewall/midauth.c 2011-01-11 14:04:40 +0000
4293@@ -71,7 +71,7 @@
4294 static void update_ipv4_header(struct iphdr *ip, int len)
4295 {
4296 unsigned short *w = (unsigned short *) ip;
4297- int hdrlen, checksum = 0;
4298+ int hdrlen, checksum = 0;
4299
4300 ip->tot_len = htons(len);
4301 ip->check = 0;
4302@@ -113,16 +113,16 @@
4303 */
4304 static void update_udp_header(struct iphdr *ip, int len)
4305 {
4306- unsigned long sum;
4307- uint16_t *w = (uint16_t *) ((unsigned char *) ip + (ip->ihl * 4));
4308- uint16_t protocol = ntohs(IPPROTO_UDP);
4309- int i;
4310+ unsigned long sum;
4311+ uint16_t *w = (uint16_t *) ((unsigned char *) ip + (ip->ihl * 4));
4312+ uint16_t protocol = ntohs(IPPROTO_UDP);
4313+ int i;
4314 struct udphdr *udp = (struct udphdr *) w;
4315
4316 len -= ip->ihl * 4;
4317
4318 udp->check = 0;
4319- udp->len = htons(len);
4320+ udp->len = htons(len);
4321
4322 /* UDP header and data */
4323 sum = 0;
4324@@ -133,11 +133,11 @@
4325 if (len == 1) {
4326 unsigned short padding = 0;
4327 *(unsigned char *) (&padding) = *(unsigned char *) w;
4328- sum += padding;
4329+ sum += padding;
4330 }
4331
4332 /* add UDP pseudoheader */
4333- w = (uint16_t *) &ip->saddr;
4334+ w = (uint16_t *) &ip->saddr;
4335 for (i = 0; i < 4; w++, i++) {
4336 sum += *w;
4337 }
4338@@ -171,9 +171,9 @@
4339 memcpy(&dst.sin_addr, &ip->daddr, sizeof(uint32_t));
4340
4341 hip_zero_msg_checksum(msg);
4342- msg->checksum = hip_checksum_packet((char *) msg,
4343- (struct sockaddr *) &src,
4344- (struct sockaddr *) &dst);
4345+ msg->checksum = hip_checksum_packet((char *) msg,
4346+ (struct sockaddr *) &src,
4347+ (struct sockaddr *) &dst);
4348 }
4349
4350 /**
4351@@ -184,8 +184,8 @@
4352 static void update_hip_checksum_ipv6(struct ip6_hdr *ip)
4353 {
4354 struct sockaddr_in6 src, dst;
4355- struct hip_common *msg = (struct hip_common *) ((char *) ip +
4356- sizeof(struct ip6_hdr));
4357+ struct hip_common *msg = (struct hip_common *) ((char *) ip +
4358+ sizeof(struct ip6_hdr));
4359
4360 memset(&src, 0, sizeof(src));
4361 memset(&dst, 0, sizeof(dst));
4362@@ -197,9 +197,9 @@
4363 memcpy(&dst.sin6_addr, &ip->ip6_dst, sizeof(struct in6_addr));
4364
4365 hip_zero_msg_checksum(msg);
4366- msg->checksum = hip_checksum_packet((char *) msg,
4367- (struct sockaddr *) &src,
4368- (struct sockaddr *) &dst);
4369+ msg->checksum = hip_checksum_packet((char *) msg,
4370+ (struct sockaddr *) &src,
4371+ (struct sockaddr *) &dst);
4372 }
4373
4374 /**
4375@@ -210,9 +210,9 @@
4376 */
4377 static void midauth_update_all_headers(struct hip_fw_context *ctx)
4378 {
4379- struct iphdr *ipv4 = NULL;
4380+ struct iphdr *ipv4 = NULL;
4381 struct ip6_hdr *ipv6 = NULL;
4382- size_t len = 0;
4383+ size_t len = 0;
4384
4385 len = hip_get_msg_total_len(ctx->transport_hdr.hip);
4386
4387@@ -253,9 +253,9 @@
4388 int midauth_verify_challenge_response(struct hip_common *hip,
4389 struct hip_challenge_response *s)
4390 {
4391- int err = 0;
4392+ int err = 0;
4393 struct hip_solution solution;
4394- uint8_t digist[HIP_AH_SHA_LEN];
4395+ uint8_t digist[HIP_AH_SHA_LEN];
4396
4397 HIP_IFEL(hip_build_digest(HIP_DIGEST_SHA1, s->opaque, 24, digist) < 0,
4398 -1, "Building of SHA1 Random seed I failed\n");
4399@@ -282,10 +282,10 @@
4400 */
4401 static int midauth_relocate_last_hip_parameter(struct hip_common *hip)
4402 {
4403- int err = 0, len, total_len, offset;
4404- char buffer[HIP_MAX_PACKET], *ptr = (char *) hip;
4405+ int err = 0, len, total_len, offset;
4406+ char buffer[HIP_MAX_PACKET], *ptr = (char *) hip;
4407 struct hip_tlv_common *i = NULL, *last = NULL;
4408- hip_tlv type;
4409+ hip_tlv type;
4410
4411 while ((i = hip_get_next_param_readwrite(hip, i))) {
4412 last = i;
4413@@ -297,7 +297,7 @@
4414 len = hip_get_param_total_len(last);
4415 type = hip_get_param_type(last);
4416
4417- HIP_IFEL(len > (int)sizeof(buffer), -1,
4418+ HIP_IFEL(len > (int) sizeof(buffer), -1,
4419 "Last parameter's length exceeds HIP_MAX_PACKET\n");
4420
4421 /* @todo check for signature parameter to avoid broken packets */
4422@@ -337,7 +337,7 @@
4423 uint8_t opaque_len)
4424 {
4425 struct hip_common *hip = ctx->transport_hdr.hip;
4426- int err = 0;
4427+ int err = 0;
4428
4429 ctx->modified = 1;
4430
4431@@ -398,7 +398,7 @@
4432 */
4433 int midauth_filter_hip(struct hip_fw_context *ctx)
4434 {
4435- int verdict = NF_ACCEPT;
4436+ int verdict = NF_ACCEPT;
4437 midauth_handler h = NULL;
4438 midauth_handler h_default = midauth_handler_accept;
4439 /* @todo change this default value to midauth_handler_drop to
4440
4441=== modified file 'firewall/pisa.c'
4442--- firewall/pisa.c 2011-01-09 22:18:11 +0000
4443+++ firewall/pisa.c 2011-01-11 14:04:40 +0000
4444@@ -71,7 +71,7 @@
4445 * call */
4446 #define PISA_RANDOM_TTL 2.0
4447
4448-static char pisa_random_data[2][PISA_RANDOM_LEN];
4449+static char pisa_random_data[2][PISA_RANDOM_LEN];
4450 static struct in6_addr community_operator_hit;
4451
4452 /* @todo make this configurable, issuer HIT */
4453@@ -127,7 +127,7 @@
4454 void pisa_check_for_random_update(void)
4455 {
4456 static time_t lastupdate = 0;
4457- time_t now;
4458+ time_t now;
4459
4460 time(&now);
4461 if (difftime(now, lastupdate) > PISA_RANDOM_TTL) {
4462@@ -149,8 +149,8 @@
4463 static int pisa_append_hmac(struct in6_addr *hit1, struct in6_addr *hit2,
4464 int rnd, void *data, int data_len)
4465 {
4466- uint8_t key[32 + PISA_RANDOM_LEN];
4467- int err = 0;
4468+ uint8_t key[32 + PISA_RANDOM_LEN];
4469+ int err = 0;
4470 unsigned int len = HIP_AH_SHA_LEN;
4471
4472 /* sanity checks for arguments */
4473@@ -187,8 +187,8 @@
4474 {
4475 uint8_t opaque[PISA_PUZZLE_OPAQUE_LEN];
4476
4477- struct hip_common *hip = ctx->transport_hdr.hip;
4478- int seed = PISA_PUZZLE_SEED;
4479+ struct hip_common *hip = ctx->transport_hdr.hip;
4480+ int seed = PISA_PUZZLE_SEED;
4481
4482 memcpy(&opaque, &seed, 4);
4483
4484@@ -206,12 +206,12 @@
4485 * @return pointer to the puzzle we accepted or NULL at failure
4486 */
4487 static struct hip_challenge_response *pisa_check_challenge_response(
4488- struct hip_fw_context *ctx)
4489+ struct hip_fw_context *ctx)
4490 {
4491 struct hip_challenge_response *response;
4492- struct hip_common *hip = ctx->transport_hdr.hip;
4493- uint8_t hash[2][PISA_PUZZLE_OPAQUE_LEN];
4494- int seed = PISA_PUZZLE_SEED;
4495+ struct hip_common *hip = ctx->transport_hdr.hip;
4496+ uint8_t hash[2][PISA_PUZZLE_OPAQUE_LEN];
4497+ int seed = PISA_PUZZLE_SEED;
4498
4499 memcpy(&hash[0][0], &seed, 4);
4500 memcpy(&hash[1][0], &seed, 4);
4501@@ -235,7 +235,7 @@
4502
4503 response = (struct hip_challenge_response *)
4504 hip_get_next_param_readwrite(hip,
4505- (struct hip_tlv_common *) response);
4506+ (struct hip_tlv_common *) response);
4507 }
4508
4509 return NULL;
4510@@ -249,19 +249,19 @@
4511 */
4512 static int pisa_check_certificate(struct hip_fw_context *ctx)
4513 {
4514- struct hip_common *hip = ctx->transport_hdr.hip;
4515- const struct hip_cert *cert;
4516+ struct hip_common *hip = ctx->transport_hdr.hip;
4517+ const struct hip_cert *cert;
4518 struct hip_cert_spki_info ci;
4519- struct pisa_cert pc;
4520- char *buf = NULL;
4521- int err = 0, len;
4522- time_t now = time(NULL);
4523+ struct pisa_cert pc;
4524+ char *buf = NULL;
4525+ int err = 0, len;
4526+ time_t now = time(NULL);
4527
4528 cert = hip_get_param(hip, HIP_PARAM_CERT);
4529 HIP_IFEL(cert == NULL, -1, "No certificate found.\n");
4530
4531- len = ntohs(cert->length);
4532- buf = calloc(1, len);
4533+ len = ntohs(cert->length);
4534+ buf = calloc(1, len);
4535 memcpy(buf, cert + 1, len);
4536
4537 HIP_IFEL(hip_cert_spki_char2certinfo(buf, &ci), -1,
4538@@ -307,7 +307,7 @@
4539 static void pisa_accept_connection(const struct hip_fw_context *ctx)
4540 {
4541 struct hip_common *hip = ctx->transport_hdr.hip;
4542- struct tuple *t = get_tuple_by_hits(&hip->hits, &hip->hitr);
4543+ struct tuple *t = get_tuple_by_hits(&hip->hits, &hip->hitr);
4544
4545 if (t) {
4546 t->connection->pisa_state = PISA_STATE_ALLOW;
4547@@ -326,7 +326,7 @@
4548 static void pisa_remove_connection(const struct hip_fw_context *ctx)
4549 {
4550 struct hip_common *hip = ctx->transport_hdr.hip;
4551- struct tuple *t = get_tuple_by_hits(&hip->hits, &hip->hitr);
4552+ struct tuple *t = get_tuple_by_hits(&hip->hits, &hip->hitr);
4553
4554 if (t) {
4555 t->connection->pisa_state = PISA_STATE_DISALLOW;
4556@@ -422,7 +422,7 @@
4557 */
4558 static int pisa_handler_r2(struct hip_fw_context *ctx)
4559 {
4560- int verdict = NF_DROP, sig = 0, cert = 0;
4561+ int verdict = NF_DROP, sig = 0, cert = 0;
4562 struct hip_challenge_response *solution = NULL;
4563
4564 #ifdef CONFIG_HIP_PERFORMANCE
4565@@ -477,9 +477,9 @@
4566 */
4567 static int pisa_handler_u2(struct hip_fw_context *ctx)
4568 {
4569- int verdict = NF_DROP;
4570- int sig = 0;
4571- int cert = 0;
4572+ int verdict = NF_DROP;
4573+ int sig = 0;
4574+ int cert = 0;
4575 struct hip_challenge_response *solution = NULL;
4576
4577 solution = pisa_check_challenge_response(ctx);
4578@@ -507,8 +507,8 @@
4579 */
4580 static int pisa_handler_u3(struct hip_fw_context *ctx)
4581 {
4582- int verdict = NF_DROP;
4583- int sig = 0;
4584+ int verdict = NF_DROP;
4585+ int sig = 0;
4586 struct hip_challenge_response *solution = NULL;
4587
4588 solution = pisa_check_challenge_response(ctx);
4589@@ -538,6 +538,7 @@
4590 pisa_remove_connection(ctx);
4591 return NF_ACCEPT;
4592 }
4593+
4594 /**
4595 * Initialize basic PISA functionality
4596 *
4597
4598=== modified file 'firewall/pisa_cert.c'
4599--- firewall/pisa_cert.c 2010-10-15 15:29:14 +0000
4600+++ firewall/pisa_cert.c 2011-01-11 14:04:40 +0000
4601@@ -54,8 +54,8 @@
4602 */
4603 static char *pisa_cert_get_part(char *cert, const char *name, char *r)
4604 {
4605- int level = 0, len = 0;
4606- char *p = cert, *start = NULL;
4607+ int level = 0, len = 0;
4608+ char *p = cert, *start = NULL;
4609
4610 if (!r) {
4611 return NULL;
4612@@ -137,7 +137,7 @@
4613 static void pisa_cert_get_content(char *cert, const char *name, char *r)
4614 {
4615 char *start = cert;
4616- int len = 0;
4617+ int len = 0;
4618
4619 if (!r) {
4620 return;
4621@@ -180,8 +180,8 @@
4622 */
4623 void pisa_split_cert(char *cert, struct pisa_cert *pc)
4624 {
4625- struct tm t;
4626- char buffer1[224], buffer2[224];
4627+ struct tm t;
4628+ char buffer1[224], buffer2[224];
4629 struct in6_addr addr;
4630
4631 pisa_cert_get_part(cert, "not-before", buffer1);
4632
4633=== modified file 'firewall/port_bindings.c'
4634--- firewall/port_bindings.c 2010-11-29 08:58:13 +0000
4635+++ firewall/port_bindings.c 2011-01-11 14:04:40 +0000
4636@@ -75,10 +75,10 @@
4637 */
4638 static uint8_t *cache = NULL;
4639
4640-static const unsigned int CACHE_SIZE_PROTOS = 2;
4641-static const unsigned int CACHE_SIZE_PORTS = 1 << (sizeof(in_port_t) * 8);
4642-static unsigned int cache_size_entries = 0;
4643-static unsigned int cache_size_bytes = 0;
4644+static const unsigned int CACHE_SIZE_PROTOS = 2;
4645+static const unsigned int CACHE_SIZE_PORTS = 1 << (sizeof(in_port_t) * 8);
4646+static unsigned int cache_size_entries = 0;
4647+static unsigned int cache_size_bytes = 0;
4648
4649 /**
4650 * Allocate and initializes the cache resources.
4651@@ -93,17 +93,17 @@
4652 {
4653 HIP_ASSERT(!cache);
4654
4655- cache_size_entries = CACHE_SIZE_PROTOS * CACHE_SIZE_PORTS;
4656- cache_size_bytes = cache_size_entries * sizeof(*cache);
4657+ cache_size_entries = CACHE_SIZE_PROTOS * CACHE_SIZE_PORTS;
4658+ cache_size_bytes = cache_size_entries * sizeof(*cache);
4659
4660 // check that the conversion used in the cache from enum hip_port_binding
4661 // to uint8_t is consistent
4662- HIP_ASSERT(HIP_PORT_INFO_IPV6UNBOUND == (enum hip_port_binding)(uint8_t)HIP_PORT_INFO_IPV6UNBOUND);
4663- HIP_ASSERT(HIP_PORT_INFO_IPV6BOUND == (enum hip_port_binding)(uint8_t)HIP_PORT_INFO_IPV6BOUND);
4664+ HIP_ASSERT(HIP_PORT_INFO_IPV6UNBOUND == (enum hip_port_binding) (uint8_t) HIP_PORT_INFO_IPV6UNBOUND);
4665+ HIP_ASSERT(HIP_PORT_INFO_IPV6BOUND == (enum hip_port_binding) (uint8_t) HIP_PORT_INFO_IPV6BOUND);
4666
4667 /* We zero the cache on allocation assuming that HIP_PORT_INFO_UNKNOWN
4668- is 0 and thus the whole cache initially has that value. */
4669- HIP_ASSERT((uint8_t)HIP_PORT_INFO_UNKNOWN == 0);
4670+ * is 0 and thus the whole cache initially has that value. */
4671+ HIP_ASSERT((uint8_t) HIP_PORT_INFO_UNKNOWN == 0);
4672 cache = calloc(1, cache_size_bytes);
4673 if (cache) {
4674 return 0;
4675@@ -146,8 +146,8 @@
4676 static inline unsigned int get_cache_index(const uint8_t protocol,
4677 const uint16_t port)
4678 {
4679- unsigned int index = 0;
4680- unsigned int protocol_offset = 0;
4681+ unsigned int index = 0;
4682+ unsigned int protocol_offset = 0;
4683
4684 // determine the offset into the first (protocol) dimension
4685 if (IPPROTO_TCP == protocol) {
4686@@ -190,7 +190,7 @@
4687 const unsigned int index = get_cache_index(protocol, port);
4688
4689 // convert the port binding to the cache storage type
4690- const uint8_t value = (uint8_t)binding;
4691+ const uint8_t value = (uint8_t) binding;
4692
4693 cache[index] = value;
4694 }
4695@@ -225,7 +225,7 @@
4696 if (cache) {
4697 const unsigned int index = get_cache_index(protocol, port);
4698
4699- binding = (enum hip_port_binding)cache[index];
4700+ binding = (enum hip_port_binding) cache[index];
4701 }
4702
4703 return binding;
4704@@ -244,11 +244,6 @@
4705 }
4706 }
4707
4708-
4709-
4710-
4711-
4712-
4713 static struct hip_file_buffer tcp6_file;
4714 static struct hip_file_buffer udp6_file;
4715
4716@@ -321,11 +316,11 @@
4717 static enum hip_port_binding hip_port_bindings_get_from_proc(const uint8_t protocol,
4718 const uint16_t port)
4719 {
4720- const unsigned int PORT_STR_OFFSET = 39;
4721- const unsigned int PORT_STR_LEN = 4;
4722- enum hip_port_binding result = HIP_PORT_INFO_IPV6UNBOUND;
4723- const struct hip_mem_area *ma = NULL;
4724- char *line;
4725+ const unsigned int PORT_STR_OFFSET = 39;
4726+ const unsigned int PORT_STR_LEN = 4;
4727+ enum hip_port_binding result = HIP_PORT_INFO_IPV6UNBOUND;
4728+ const struct hip_mem_area *ma = NULL;
4729+ char *line;
4730 // the files /proc/net/{udp,tcp}6 are line-based and the line number of the
4731 // port to look up is not known in advance
4732 // -> use a parser that lets us iterate over the lines in the files
4733@@ -353,11 +348,11 @@
4734
4735 // is the current line valid and is it long enough to hold a port binding?
4736 while (line && ma->end > (line + PORT_STR_OFFSET + PORT_STR_LEN)) {
4737- const unsigned int PORT_BASE_HEX = 16;
4738- unsigned long proc_port = 0;
4739+ const unsigned int PORT_BASE_HEX = 16;
4740+ unsigned long proc_port = 0;
4741 // note that strtoul() is about 10 times faster than sscanf().
4742- errno = 0;
4743- proc_port = strtoul(line + PORT_STR_OFFSET, NULL, PORT_BASE_HEX);
4744+ errno = 0;
4745+ proc_port = strtoul(line + PORT_STR_OFFSET, NULL, PORT_BASE_HEX);
4746 if (0 == errno) {
4747 if (proc_port == port) {
4748 result = HIP_PORT_INFO_IPV6BOUND;
4749
4750=== modified file 'firewall/reinject.c'
4751--- firewall/reinject.c 2011-01-09 14:59:33 +0000
4752+++ firewall/reinject.c 2011-01-11 14:04:40 +0000
4753@@ -77,8 +77,8 @@
4754 err = setsockopt(*firewall_raw_sock_v6, IPPROTO_IPV6,
4755 IPV6_RECVERR, &off, sizeof(on));
4756 HIP_IFEL(err, -1, "setsockopt recverr failed\n");
4757- err = setsockopt(*firewall_raw_sock_v6, IPPROTO_IPV6,
4758- IPV6_2292PKTINFO, &on, sizeof(on));
4759+ err = setsockopt(*firewall_raw_sock_v6, IPPROTO_IPV6,
4760+ IPV6_2292PKTINFO, &on, sizeof(on));
4761 HIP_IFEL(err, -1, "setsockopt pktinfo failiped\n");
4762 err = setsockopt(*firewall_raw_sock_v6, SOL_SOCKET,
4763 SO_REUSEADDR, &on, sizeof(on));
4764@@ -365,16 +365,16 @@
4765 int proto,
4766 int ttl)
4767 {
4768- int err = 0, sent, sa_size;
4769- int firewall_raw_sock = 0, is_ipv6 = 0, on = 1;
4770- struct ip *iphdr = NULL;
4771- struct udphdr *udp = NULL;
4772- struct tcphdr *tcp = NULL;
4773- struct icmphdr *icmp = NULL;
4774+ int err = 0, sent, sa_size;
4775+ int firewall_raw_sock = 0, is_ipv6 = 0, on = 1;
4776+ struct ip *iphdr = NULL;
4777+ struct udphdr *udp = NULL;
4778+ struct tcphdr *tcp = NULL;
4779+ struct icmphdr *icmp = NULL;
4780 struct sockaddr_storage src, dst;
4781- struct sockaddr_in6 *sock_src6 = NULL, *sock_dst6 = NULL;
4782- struct sockaddr_in *sock_src4 = NULL, *sock_dst4 = NULL;
4783- struct in6_addr any = IN6ADDR_ANY_INIT;
4784+ struct sockaddr_in6 *sock_src6 = NULL, *sock_dst6 = NULL;
4785+ struct sockaddr_in *sock_src4 = NULL, *sock_dst4 = NULL;
4786+ struct in6_addr any = IN6ADDR_ANY_INIT;
4787
4788 HIP_ASSERT(src_hit != NULL && dst_hit != NULL);
4789
4790@@ -391,7 +391,7 @@
4791 sock_dst4->sin_family = AF_INET;
4792 IPV6_TO_IPV4_MAP(src_hit, &(sock_src4->sin_addr));
4793 IPV6_TO_IPV4_MAP(dst_hit, &(sock_dst4->sin_addr));
4794- sa_size = sizeof(struct sockaddr_in);
4795+ sa_size = sizeof(struct sockaddr_in);
4796 HIP_DEBUG_LSI("src4 addr ", &(sock_src4->sin_addr));
4797 HIP_DEBUG_LSI("dst4 addr ", &(sock_dst4->sin_addr));
4798 } else {
4799@@ -399,8 +399,8 @@
4800 ipv6_addr_copy(&sock_src6->sin6_addr, src_hit);
4801 sock_dst6->sin6_family = AF_INET6;
4802 ipv6_addr_copy(&sock_dst6->sin6_addr, dst_hit);
4803- sa_size = sizeof(struct sockaddr_in6);
4804- is_ipv6 = 1;
4805+ sa_size = sizeof(struct sockaddr_in6);
4806+ is_ipv6 = 1;
4807 }
4808
4809 switch (proto) {
4810@@ -409,21 +409,21 @@
4811 HIP_DEBUG(" IPPROTO_UDP v6\n");
4812 firewall_raw_sock = firewall_raw_sock_udp_v6;
4813 ((struct udphdr *) msg)->check = ipv6_checksum(IPPROTO_UDP,
4814- &sock_src6->sin6_addr,
4815- &sock_dst6->sin6_addr, msg, len);
4816+ &sock_src6->sin6_addr,
4817+ &sock_dst6->sin6_addr, msg, len);
4818 } else {
4819 HIP_DEBUG(" IPPROTO_UDP v4\n");
4820 firewall_raw_sock = firewall_raw_sock_udp_v4;
4821
4822- udp = (struct udphdr *) msg;
4823-
4824- sa_size = sizeof(struct sockaddr_in);
4825-
4826- udp->check = htons(0);
4827- udp->check = ipv4_checksum(IPPROTO_UDP,
4828- (uint8_t *) &(sock_src4->sin_addr),
4829- (uint8_t *) &(sock_dst4->sin_addr),
4830- (uint8_t *) udp, len);
4831+ udp = (struct udphdr *) msg;
4832+
4833+ sa_size = sizeof(struct sockaddr_in);
4834+
4835+ udp->check = htons(0);
4836+ udp->check = ipv4_checksum(IPPROTO_UDP,
4837+ (uint8_t *) &(sock_src4->sin_addr),
4838+ (uint8_t *) &(sock_dst4->sin_addr),
4839+ (uint8_t *) udp, len);
4840 memmove(msg + sizeof(struct ip), udp, len);
4841 }
4842 break;
4843@@ -440,10 +440,10 @@
4844 HIP_DEBUG(" IPPROTO_TCP v4\n");
4845 firewall_raw_sock = firewall_raw_sock_tcp_v4;
4846
4847- tcp->check = ipv4_checksum(IPPROTO_TCP,
4848- (uint8_t *) &(sock_src4->sin_addr),
4849- (uint8_t *) &(sock_dst4->sin_addr),
4850- (uint8_t *) tcp, len);
4851+ tcp->check = ipv4_checksum(IPPROTO_TCP,
4852+ (uint8_t *) &(sock_src4->sin_addr),
4853+ (uint8_t *) &(sock_dst4->sin_addr),
4854+ (uint8_t *) tcp, len);
4855
4856 memmove(msg + sizeof(struct ip), tcp, len);
4857 }
4858@@ -486,7 +486,7 @@
4859 sent = sendto(firewall_raw_sock, iphdr,
4860 iphdr->ip_len, 0,
4861 (struct sockaddr *) &dst, sa_size);
4862- if (sent != (int)(len + sizeof(struct ip))) {
4863+ if (sent != (int) (len + sizeof(struct ip))) {
4864 HIP_ERROR("Could not send the all requested" \
4865 " data (%d/%d)\n", sent,
4866 iphdr->ip_len);
4867@@ -535,9 +535,9 @@
4868 int firewall_raw_sock = 0, is_ipv6 = 0;
4869
4870 struct sockaddr_storage src, dst;
4871- struct sockaddr_in6 *sock_src6, *sock_dst6;
4872- struct sockaddr_in *sock_src4, *sock_dst4;
4873- struct in6_addr any = IN6ADDR_ANY_INIT;
4874+ struct sockaddr_in6 *sock_src6, *sock_dst6;
4875+ struct sockaddr_in *sock_src4, *sock_dst4;
4876+ struct in6_addr any = IN6ADDR_ANY_INIT;
4877
4878 HIP_ASSERT(src_hit != NULL && dst_hit != NULL);
4879
4880@@ -554,7 +554,7 @@
4881 IPV6_TO_IPV4_MAP(src_hit, &sock_src4->sin_addr);
4882 sock_dst4->sin_family = AF_INET;
4883 IPV6_TO_IPV4_MAP(dst_hit, &sock_dst4->sin_addr);
4884- sa_size = sizeof(struct sockaddr_in);
4885+ sa_size = sizeof(struct sockaddr_in);
4886 HIP_DEBUG_LSI("src4 addr ", &(sock_src4->sin_addr));
4887 HIP_DEBUG_LSI("dst4 addr ", &(sock_dst4->sin_addr));
4888 } else {
4889@@ -562,8 +562,8 @@
4890 ipv6_addr_copy(&sock_src6->sin6_addr, src_hit);
4891 sock_dst6->sin6_family = AF_INET6;
4892 ipv6_addr_copy(&sock_dst6->sin6_addr, dst_hit);
4893- sa_size = sizeof(struct sockaddr_in6);
4894- is_ipv6 = 1;
4895+ sa_size = sizeof(struct sockaddr_in6);
4896+ is_ipv6 = 1;
4897 HIP_DEBUG_HIT("src6 addr ", &(sock_src6->sin6_addr));
4898 HIP_DEBUG_HIT("dst6 addr ", &(sock_dst6->sin6_addr));
4899 }
4900@@ -574,13 +574,13 @@
4901 if (is_ipv6) {
4902 firewall_raw_sock = firewall_raw_sock_tcp_v6;
4903 ((struct tcphdr *) msg)->check
4904- = ipv6_checksum(IPPROTO_TCP, &sock_src6->sin6_addr,
4905- &sock_dst6->sin6_addr, msg, len);
4906+ = ipv6_checksum(IPPROTO_TCP, &sock_src6->sin6_addr,
4907+ &sock_dst6->sin6_addr, msg, len);
4908 } else {
4909 firewall_raw_sock = firewall_raw_sock_tcp_v4;
4910 ((struct tcphdr *) msg)->check
4911- = ipv4_checksum(IPPROTO_TCP, (uint8_t *) &(sock_src4->sin_addr),
4912- (uint8_t *) &(sock_dst4->sin_addr), msg, len);
4913+ = ipv4_checksum(IPPROTO_TCP, (uint8_t *) &(sock_src4->sin_addr),
4914+ (uint8_t *) &(sock_dst4->sin_addr), msg, len);
4915 }
4916 break;
4917 case IPPROTO_UDP:
4918@@ -592,13 +592,13 @@
4919 if (is_ipv6) {
4920 firewall_raw_sock = firewall_raw_sock_udp_v6;
4921 ((struct udphdr *) msg)->check
4922- = ipv6_checksum(IPPROTO_UDP, &sock_src6->sin6_addr,
4923- &sock_dst6->sin6_addr, msg, len);
4924+ = ipv6_checksum(IPPROTO_UDP, &sock_src6->sin6_addr,
4925+ &sock_dst6->sin6_addr, msg, len);
4926 } else {
4927 firewall_raw_sock = firewall_raw_sock_udp_v4;
4928 ((struct udphdr *) msg)->check
4929- = ipv4_checksum(IPPROTO_UDP, (uint8_t *) &(sock_src4->sin_addr),
4930- (uint8_t *) &(sock_dst4->sin_addr), msg, len);
4931+ = ipv4_checksum(IPPROTO_UDP, (uint8_t *) &(sock_src4->sin_addr),
4932+ (uint8_t *) &(sock_dst4->sin_addr), msg, len);
4933 }
4934 break;
4935 case IPPROTO_ICMP:
4936@@ -613,11 +613,11 @@
4937
4938 break;
4939 case IPPROTO_ICMPV6:
4940- firewall_raw_sock = firewall_raw_sock_icmp_v6;
4941+ firewall_raw_sock = firewall_raw_sock_icmp_v6;
4942 ((struct icmp6_hdr *) msg)->icmp6_cksum = htons(0);
4943 ((struct icmp6_hdr *) msg)->icmp6_cksum
4944- = ipv6_checksum(IPPROTO_ICMPV6, &sock_src6->sin6_addr,
4945- &sock_dst6->sin6_addr, msg, len);
4946+ = ipv6_checksum(IPPROTO_ICMPV6, &sock_src6->sin6_addr,
4947+ &sock_dst6->sin6_addr, msg, len);
4948 break;
4949
4950 case IPPROTO_ESP:
4951
4952=== modified file 'firewall/rule_management.c'
4953--- firewall/rule_management.c 2011-01-10 15:23:36 +0000
4954+++ firewall/rule_management.c 2011-01-11 14:04:40 +0000
4955@@ -127,9 +127,9 @@
4956 static void check_and_write_default_config(const char *file)
4957 {
4958 struct stat status;
4959- FILE *fp = NULL;
4960- ssize_t items;
4961- int i = 0;
4962+ FILE *fp = NULL;
4963+ ssize_t items;
4964+ int i = 0;
4965
4966 /* Firewall depends on hipd to create HIPL_SYSCONFDIR */
4967 for (i = 0; i < 5; i++) {
4968@@ -269,8 +269,8 @@
4969 */
4970 void print_rule_tables(void)
4971 {
4972- struct dlist *list = input_rules;
4973- struct rule *rule = NULL;
4974+ struct dlist *list = input_rules;
4975+ struct rule *rule = NULL;
4976 while (list != NULL) {
4977 rule = list->data;
4978 print_rule(rule);
4979@@ -359,7 +359,7 @@
4980 static struct hit_option *parse_hit(char *token)
4981 {
4982 struct hit_option *option = malloc(sizeof(struct hit_option));
4983- struct in6_addr *hit = NULL;
4984+ struct in6_addr *hit = NULL;
4985
4986 if (!strcmp(token, NEGATE_STR)) {
4987 option->boolean = 0;
4988@@ -388,10 +388,10 @@
4989 */
4990 static int load_rsa_file(FILE *fp, struct hip_host_id *hi)
4991 {
4992- int err = 0;
4993- RSA *rsa = NULL;
4994- unsigned char *rsa_key_rr = NULL;
4995- int rsa_key_rr_len;
4996+ int err = 0;
4997+ RSA *rsa = NULL;
4998+ unsigned char *rsa_key_rr = NULL;
4999+ int rsa_key_rr_len;
5000
The diff has been truncated for viewing.

Subscribers

People subscribed via source and target branches

to all changes: