HIPL

Merge lp:~stefan.goetz-deactivatedaccount/hipl/swacch_narayani into lp:hipl

  1. swacch_narayani
  2. Merge into trunk
Proposed by Stefan Götz
Status: Superseded
Proposed branch: lp:~stefan.goetz-deactivatedaccount/hipl/swacch_narayani
Merge into: lp:hipl
Diff against target: 363 lines (+136/-145)
3 files modified
lib/tool/nlink.c (+0/-111)
lib/tool/nlink.h (+0/-14)
lib/tool/xfrmapi.c (+136/-20)
To merge this branch: bzr merge lp:~stefan.goetz-deactivatedaccount/hipl/swacch_narayani
Reviewer Review Type Date Requested Status
Stefan Götz (community) Disapprove
HIPL core team Pending
Review via email: mp+36017@code.launchpad.net

This proposal has been superseded by a proposal from 2010-09-20.

Description of the change

- moved xfrm code into xfrmapi.c where it belongs

To post a comment you must log in.
Revision history for this message
Stefan Götz (stefan.goetz-deactivatedaccount) wrote :

I am testing whether I can approve of this diff even though I am not a member of hip-core

review: Approve
Revision history for this message
Stefan Götz (stefan.goetz-deactivatedaccount) wrote :

Ok, that's fairly arbitrary that I can approve my own requests for review, so to even this out, I'll disapprove of it.

review: Disapprove

Unmerged revisions

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'lib/tool/nlink.c'
2--- lib/tool/nlink.c 2010-08-29 16:24:14 +0000
3+++ lib/tool/nlink.c 2010-09-20 14:22:41 +0000
4@@ -1417,114 +1417,3 @@
5 return err;
6 }
7
8-/**
9- * fill the port numbers for the UDP tunnel for IPsec
10- *
11- * @param encap xfrm_encap_tmpl structure
12- * @param sport source port
13- * @param dport destination port
14- * @param oa the destination address of the tunnel in IPv6-mapped format
15- * @return 0
16- */
17-int xfrm_fill_encap(struct xfrm_encap_tmpl *encap,
18- int sport,
19- int dport,
20- const struct in6_addr *oa)
21-{
22- encap->encap_type = HIP_UDP_ENCAP_ESPINUDP;
23- encap->encap_sport = htons(sport);
24- encap->encap_dport = htons(dport);
25- encap->encap_oa.a4 = oa->s6_addr32[3];
26- return 0;
27-}
28-
29-/**
30- * Fill in the selector. Selector is bound to HITs.
31- *
32- * @param sel pointer to xfrm_selector to be filled in
33- * @param id_our Source HIT or LSI, if the last is defined
34- * @param id_peer Peer HIT or LSI, if the last is defined
35- * @param proto inclusive protocol filter (zero for any protocol)
36- * @param id_prefix Length of the identifier's prefix
37- * @param preferred_family address family filter (AF_INET6 for HITs)
38- * @return 0
39- */
40-int xfrm_fill_selector(struct xfrm_selector *sel,
41- const struct in6_addr *id_our,
42- const struct in6_addr *id_peer,
43- uint8_t proto, uint8_t id_prefix,
44- int preferred_family)
45-{
46- struct in_addr in_id_our, in_id_peer;
47-
48- if (IN6_IS_ADDR_V4MAPPED(id_our)) {
49- sel->family = AF_INET;
50- IPV6_TO_IPV4_MAP(id_our, &in_id_our);
51- IPV6_TO_IPV4_MAP(id_peer, &in_id_peer);
52- memcpy(&sel->daddr, &in_id_our, sizeof(sel->daddr));
53- memcpy(&sel->saddr, &in_id_peer, sizeof(sel->saddr));
54- } else {
55- sel->family = preferred_family;
56- memcpy(&sel->daddr, id_peer, sizeof(sel->daddr));
57- memcpy(&sel->saddr, id_our, sizeof(sel->saddr));
58- }
59-
60- if (proto) {
61- HIP_DEBUG("proto = %d\n", proto);
62- sel->proto = proto;
63- }
64-
65- sel->prefixlen_d = id_prefix;
66- sel->prefixlen_s = id_prefix;
67-
68- return 0;
69-}
70-
71-/**
72- * initialize the lft
73- *
74- * @param lft pointer to the lft struct to be initialized
75- *
76- * @return 0
77- */
78-int xfrm_init_lft(struct xfrm_lifetime_cfg *lft)
79-{
80- lft->soft_byte_limit = XFRM_INF;
81- lft->hard_byte_limit = XFRM_INF;
82- lft->soft_packet_limit = XFRM_INF;
83- lft->hard_packet_limit = XFRM_INF;
84-
85- return 0;
86-}
87-
88-/**
89- * parse a crypto algorithm name and its key into an xfrm_algo structure
90- *
91- * @param alg the resulting xfrm_algo structure (caller allocates)
92- * @param name the name of the crypto algorithm
93- * @param key the key for the given algorithm
94- * @param key_len the length of the key in bits
95- * @param max maximum size for a key in the xfrm_algo structure
96- * @return zero
97- */
98-int xfrm_algo_parse(struct xfrm_algo *alg, const char *name,
99- const unsigned char *key, int key_len, int max)
100-{
101- int len = 0;
102- int slen = key_len;
103-
104- strncpy(alg->alg_name, name, sizeof(alg->alg_name));
105-
106- len = slen;
107- if (len > 0) {
108- if (len > max) {
109- HIP_ERROR("\"ALGOKEY\" makes buffer overflow\n", key);
110- return -1;
111- }
112- memcpy(alg->alg_key, key, key_len * 8);
113- }
114-
115- alg->alg_key_len = len * 8;
116-
117- return 0;
118-}
119
120=== modified file 'lib/tool/nlink.h'
121--- lib/tool/nlink.h 2010-06-08 14:48:16 +0000
122+++ lib/tool/nlink.h 2010-09-20 14:22:41 +0000
123@@ -92,18 +92,4 @@
124 const struct in6_addr *dst_addr, char *idev, char *odev,
125 int family, struct idxmap **idxmap);
126
127-int xfrm_init_lft(struct xfrm_lifetime_cfg *lft);
128-int xfrm_fill_selector(struct xfrm_selector *sel,
129- const struct in6_addr *id_our,
130- const struct in6_addr *id_peer,
131- uint8_t proto, uint8_t id_prefix,
132- int preferred_family);
133-int xfrm_fill_encap(struct xfrm_encap_tmpl *encap,
134- int sport,
135- int dport,
136- const struct in6_addr *oa);
137-
138-int xfrm_algo_parse(struct xfrm_algo *alg, const char *name,
139- const unsigned char *key, int key_len, int max);
140-
141 #endif /* HIP_LIB_TOOL_NLINK_H */
142
143=== modified file 'lib/tool/xfrmapi.c'
144--- lib/tool/xfrmapi.c 2010-07-16 18:56:20 +0000
145+++ lib/tool/xfrmapi.c 2010-09-20 14:22:41 +0000
146@@ -71,6 +71,119 @@
147
148
149 /**
150+ * fill the port numbers for the UDP tunnel for IPsec
151+ *
152+ * @param encap xfrm_encap_tmpl structure
153+ * @param sport source port
154+ * @param dport destination port
155+ * @param oa the destination address of the tunnel in IPv6-mapped format
156+ * @return 0
157+ */
158+static int hip_xfrm_fill_encap(struct xfrm_encap_tmpl *encap,
159+ const int sport,
160+ const int dport,
161+ const struct in6_addr *oa)
162+{
163+ encap->encap_type = HIP_UDP_ENCAP_ESPINUDP;
164+ encap->encap_sport = htons(sport);
165+ encap->encap_dport = htons(dport);
166+ encap->encap_oa.a4 = oa->s6_addr32[3];
167+ return 0;
168+}
169+
170+/**
171+ * Fill in the selector. Selector is bound to HITs.
172+ *
173+ * @param sel pointer to xfrm_selector to be filled in
174+ * @param id_our Source HIT or LSI, if the last is defined
175+ * @param id_peer Peer HIT or LSI, if the last is defined
176+ * @param proto inclusive protocol filter (zero for any protocol)
177+ * @param id_prefix Length of the identifier's prefix
178+ * @param preferred_family address family filter (AF_INET6 for HITs)
179+ * @return 0
180+ */
181+static int hip_xfrm_fill_selector(struct xfrm_selector *sel,
182+ const struct in6_addr *id_our,
183+ const struct in6_addr *id_peer,
184+ const uint8_t proto, const uint8_t id_prefix,
185+ const int preferred_family)
186+{
187+ struct in_addr in_id_our, in_id_peer;
188+
189+ if (IN6_IS_ADDR_V4MAPPED(id_our)) {
190+ sel->family = AF_INET;
191+ IPV6_TO_IPV4_MAP(id_our, &in_id_our);
192+ IPV6_TO_IPV4_MAP(id_peer, &in_id_peer);
193+ memcpy(&sel->daddr, &in_id_our, sizeof(sel->daddr));
194+ memcpy(&sel->saddr, &in_id_peer, sizeof(sel->saddr));
195+ } else {
196+ sel->family = preferred_family;
197+ memcpy(&sel->daddr, id_peer, sizeof(sel->daddr));
198+ memcpy(&sel->saddr, id_our, sizeof(sel->saddr));
199+ }
200+
201+ if (proto) {
202+ HIP_DEBUG("proto = %d\n", proto);
203+ sel->proto = proto;
204+ }
205+
206+ sel->prefixlen_d = id_prefix;
207+ sel->prefixlen_s = id_prefix;
208+
209+ return 0;
210+}
211+
212+/**
213+ * initialize the lft
214+ *
215+ * @param lft pointer to the lft struct to be initialized
216+ *
217+ * @return 0
218+ */
219+static int hip_xfrm_init_lft(struct xfrm_lifetime_cfg *lft)
220+{
221+ lft->soft_byte_limit = XFRM_INF;
222+ lft->hard_byte_limit = XFRM_INF;
223+ lft->soft_packet_limit = XFRM_INF;
224+ lft->hard_packet_limit = XFRM_INF;
225+
226+ return 0;
227+}
228+
229+/**
230+ * parse a crypto algorithm name and its key into an xfrm_algo structure
231+ *
232+ * @param alg the resulting xfrm_algo structure (caller allocates)
233+ * @param name the name of the crypto algorithm
234+ * @param key the key for the given algorithm
235+ * @param key_len the length of the key in bits
236+ * @param max maximum size for a key in the xfrm_algo structure
237+ * @return zero
238+ */
239+static int hip_xfrm_algo_parse(struct xfrm_algo *alg, const char *name,
240+ const unsigned char *key, const int key_len,
241+ const int max)
242+{
243+ int len = 0;
244+ int slen = key_len;
245+
246+ strncpy(alg->alg_name, name, sizeof(alg->alg_name));
247+
248+ len = slen;
249+ if (len > 0) {
250+ if (len > max) {
251+ HIP_ERROR("\"ALGOKEY\" makes buffer overflow\n", key);
252+ return -1;
253+ }
254+ memcpy(alg->alg_key, key, key_len * 8);
255+ }
256+
257+ alg->alg_key_len = len * 8;
258+
259+ return 0;
260+}
261+
262+/**
263 * modify a Security Policy
264 * @param cmd command. %XFRM_MSG_NEWPOLICY | %XFRM_MSG_UPDPOLICY
265 * @param id_our Source ID or LSI
266@@ -110,14 +223,14 @@
267 req.n.nlmsg_flags = NLM_F_REQUEST | flags;
268 req.n.nlmsg_type = cmd;
269
270- xfrm_init_lft(&req.xpinfo.lft);
271+ hip_xfrm_init_lft(&req.xpinfo.lft);
272
273 /* Direction */
274 req.xpinfo.dir = dir;
275
276 /* SELECTOR <--> HITs SELECTOR <--> LSIs*/
277- HIP_IFE(xfrm_fill_selector(&req.xpinfo.sel, id_peer, id_our, 0,
278- id_prefix, preferred_family), -1);
279+ HIP_IFE(hip_xfrm_fill_selector(&req.xpinfo.sel, id_peer, id_our, 0,
280+ id_prefix, preferred_family), -1);
281
282 /* TEMPLATE */
283 tmpl = (struct xfrm_user_tmpl *) ((char *) tmpls_buf);
284@@ -257,8 +370,8 @@
285 req.xpid.dir = dir;
286
287 /* SELECTOR <--> HITs */
288- HIP_IFE(xfrm_fill_selector(&req.xpid.sel, hit_peer, hit_our, 0,
289- hit_prefix, preferred_family), -1);
290+ HIP_IFE(hip_xfrm_fill_selector(&req.xpid.sel, hit_peer, hit_our, 0,
291+ hit_prefix, preferred_family), -1);
292 HIP_IFEL((netlink_talk(rth, &req.n, 0, 0, NULL, NULL, NULL) < 0), -1,
293 "No associated policies to be deleted\n");
294
295@@ -332,7 +445,7 @@
296 req.n.nlmsg_flags = NLM_F_REQUEST;
297 req.n.nlmsg_type = cmd;
298
299- xfrm_init_lft(&req.xsinfo.lft);
300+ hip_xfrm_init_lft(&req.xsinfo.lft);
301
302 req.xsinfo.mode = XFRM_MODE_BEET;
303 req.xsinfo.id.proto = IPPROTO_ESP;
304@@ -340,12 +453,14 @@
305 req.xsinfo.id.spi = htonl(spi);
306
307 /* Selector */
308- HIP_IFE(xfrm_fill_selector(&req.xsinfo.sel, src_id, dst_id,
309- 0, hip_xfrmapi_sa_default_prefix,
310- AF_INET6), -1);
311+ HIP_IFE(hip_xfrm_fill_selector(&req.xsinfo.sel, src_id, dst_id,
312+ 0, hip_xfrmapi_sa_default_prefix,
313+ AF_INET6), -1);
314 if (req.xsinfo.family == AF_INET && (sport || dport)) {
315- xfrm_fill_encap(&encap, (sport ? sport : hip_get_local_nat_udp_port()),
316- (dport ? dport : hip_get_peer_nat_udp_port()), saddr);
317+ hip_xfrm_fill_encap(&encap,
318+ (sport ? sport : hip_get_local_nat_udp_port()),
319+ (dport ? dport : hip_get_peer_nat_udp_port()),
320+ saddr);
321 HIP_IFE(addattr_l(&req.n, sizeof(req.buf), XFRMA_ENCAP,
322 &encap, sizeof(encap)), -1);
323 }
324@@ -366,9 +481,9 @@
325
326 /* XFRMA_ALG_AUTH */
327 memset(&alg, 0, sizeof(alg));
328- HIP_IFE(xfrm_algo_parse((void *) &alg, a_name,
329- authkey->key, authkey_len,
330- sizeof(alg.buf)), -1);
331+ HIP_IFE(hip_xfrm_algo_parse((void *) &alg, a_name,
332+ authkey->key, authkey_len,
333+ sizeof(alg.buf)), -1);
334 len = sizeof(struct xfrm_algo) + alg.algo.alg_key_len;
335
336 HIP_IFE((addattr_l(&req.n, sizeof(req.buf), XFRMA_ALG_AUTH,
337@@ -376,9 +491,9 @@
338
339 /* XFRMA_ALG_CRYPT */
340 memset(&alg, 0, sizeof(alg));
341- HIP_IFE(xfrm_algo_parse((void *) &alg, e_name,
342- enckey->key, enckey_len,
343- sizeof(alg.buf)), -1);
344+ HIP_IFE(hip_xfrm_algo_parse((void *) &alg, e_name,
345+ enckey->key, enckey_len,
346+ sizeof(alg.buf)), -1);
347
348 len = sizeof(struct xfrm_algo) + alg.algo.alg_key_len;
349
350@@ -439,9 +554,10 @@
351 /** @todo Fill in information for UDP-NAT SAs. */
352 if (req.xsid.family == AF_INET && (sport || dport)) {
353 HIP_DEBUG("FILLING UDP Port info while deleting\n");
354- xfrm_fill_encap(&encap, (sport ? sport : hip_get_local_nat_udp_port()),
355- (dport ? dport : hip_get_peer_nat_udp_port()),
356- peer_addr);
357+ hip_xfrm_fill_encap(&encap,
358+ (sport ? sport : hip_get_local_nat_udp_port()),
359+ (dport ? dport : hip_get_peer_nat_udp_port()),
360+ peer_addr);
361 HIP_IFE(addattr_l(&req.n, sizeof(req.buf), XFRMA_ENCAP,
362 &encap, sizeof(encap)), -1);
363 }

Subscribers

People subscribed via source and target branches

to all changes: