Merge lp:~stefan.goetz-deactivatedaccount/hipl/swacch_narayani into lp:hipl
- swacch_narayani
- Merge into trunk
Proposed by
Stefan Götz
Status: | Superseded |
---|---|
Proposed branch: | lp:~stefan.goetz-deactivatedaccount/hipl/swacch_narayani |
Merge into: | lp:hipl |
Diff against target: |
363 lines (+136/-145) 3 files modified
lib/tool/nlink.c (+0/-111) lib/tool/nlink.h (+0/-14) lib/tool/xfrmapi.c (+136/-20) |
To merge this branch: | bzr merge lp:~stefan.goetz-deactivatedaccount/hipl/swacch_narayani |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Stefan Götz (community) | Disapprove | ||
HIPL core team | Pending | ||
Review via email: mp+36017@code.launchpad.net |
This proposal has been superseded by a proposal from 2010-09-20.
Commit message
Description of the change
- moved xfrm code into xfrmapi.c where it belongs
To post a comment you must log in.
Revision history for this message
Stefan Götz (stefan.goetz-deactivatedaccount) wrote : | # |
review:
Approve
Revision history for this message
Stefan Götz (stefan.goetz-deactivatedaccount) wrote : | # |
Ok, that's fairly arbitrary that I can approve my own requests for review, so to even this out, I'll disapprove of it.
review:
Disapprove
Unmerged revisions
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | === modified file 'lib/tool/nlink.c' |
2 | --- lib/tool/nlink.c 2010-08-29 16:24:14 +0000 |
3 | +++ lib/tool/nlink.c 2010-09-20 14:22:41 +0000 |
4 | @@ -1417,114 +1417,3 @@ |
5 | return err; |
6 | } |
7 | |
8 | -/** |
9 | - * fill the port numbers for the UDP tunnel for IPsec |
10 | - * |
11 | - * @param encap xfrm_encap_tmpl structure |
12 | - * @param sport source port |
13 | - * @param dport destination port |
14 | - * @param oa the destination address of the tunnel in IPv6-mapped format |
15 | - * @return 0 |
16 | - */ |
17 | -int xfrm_fill_encap(struct xfrm_encap_tmpl *encap, |
18 | - int sport, |
19 | - int dport, |
20 | - const struct in6_addr *oa) |
21 | -{ |
22 | - encap->encap_type = HIP_UDP_ENCAP_ESPINUDP; |
23 | - encap->encap_sport = htons(sport); |
24 | - encap->encap_dport = htons(dport); |
25 | - encap->encap_oa.a4 = oa->s6_addr32[3]; |
26 | - return 0; |
27 | -} |
28 | - |
29 | -/** |
30 | - * Fill in the selector. Selector is bound to HITs. |
31 | - * |
32 | - * @param sel pointer to xfrm_selector to be filled in |
33 | - * @param id_our Source HIT or LSI, if the last is defined |
34 | - * @param id_peer Peer HIT or LSI, if the last is defined |
35 | - * @param proto inclusive protocol filter (zero for any protocol) |
36 | - * @param id_prefix Length of the identifier's prefix |
37 | - * @param preferred_family address family filter (AF_INET6 for HITs) |
38 | - * @return 0 |
39 | - */ |
40 | -int xfrm_fill_selector(struct xfrm_selector *sel, |
41 | - const struct in6_addr *id_our, |
42 | - const struct in6_addr *id_peer, |
43 | - uint8_t proto, uint8_t id_prefix, |
44 | - int preferred_family) |
45 | -{ |
46 | - struct in_addr in_id_our, in_id_peer; |
47 | - |
48 | - if (IN6_IS_ADDR_V4MAPPED(id_our)) { |
49 | - sel->family = AF_INET; |
50 | - IPV6_TO_IPV4_MAP(id_our, &in_id_our); |
51 | - IPV6_TO_IPV4_MAP(id_peer, &in_id_peer); |
52 | - memcpy(&sel->daddr, &in_id_our, sizeof(sel->daddr)); |
53 | - memcpy(&sel->saddr, &in_id_peer, sizeof(sel->saddr)); |
54 | - } else { |
55 | - sel->family = preferred_family; |
56 | - memcpy(&sel->daddr, id_peer, sizeof(sel->daddr)); |
57 | - memcpy(&sel->saddr, id_our, sizeof(sel->saddr)); |
58 | - } |
59 | - |
60 | - if (proto) { |
61 | - HIP_DEBUG("proto = %d\n", proto); |
62 | - sel->proto = proto; |
63 | - } |
64 | - |
65 | - sel->prefixlen_d = id_prefix; |
66 | - sel->prefixlen_s = id_prefix; |
67 | - |
68 | - return 0; |
69 | -} |
70 | - |
71 | -/** |
72 | - * initialize the lft |
73 | - * |
74 | - * @param lft pointer to the lft struct to be initialized |
75 | - * |
76 | - * @return 0 |
77 | - */ |
78 | -int xfrm_init_lft(struct xfrm_lifetime_cfg *lft) |
79 | -{ |
80 | - lft->soft_byte_limit = XFRM_INF; |
81 | - lft->hard_byte_limit = XFRM_INF; |
82 | - lft->soft_packet_limit = XFRM_INF; |
83 | - lft->hard_packet_limit = XFRM_INF; |
84 | - |
85 | - return 0; |
86 | -} |
87 | - |
88 | -/** |
89 | - * parse a crypto algorithm name and its key into an xfrm_algo structure |
90 | - * |
91 | - * @param alg the resulting xfrm_algo structure (caller allocates) |
92 | - * @param name the name of the crypto algorithm |
93 | - * @param key the key for the given algorithm |
94 | - * @param key_len the length of the key in bits |
95 | - * @param max maximum size for a key in the xfrm_algo structure |
96 | - * @return zero |
97 | - */ |
98 | -int xfrm_algo_parse(struct xfrm_algo *alg, const char *name, |
99 | - const unsigned char *key, int key_len, int max) |
100 | -{ |
101 | - int len = 0; |
102 | - int slen = key_len; |
103 | - |
104 | - strncpy(alg->alg_name, name, sizeof(alg->alg_name)); |
105 | - |
106 | - len = slen; |
107 | - if (len > 0) { |
108 | - if (len > max) { |
109 | - HIP_ERROR("\"ALGOKEY\" makes buffer overflow\n", key); |
110 | - return -1; |
111 | - } |
112 | - memcpy(alg->alg_key, key, key_len * 8); |
113 | - } |
114 | - |
115 | - alg->alg_key_len = len * 8; |
116 | - |
117 | - return 0; |
118 | -} |
119 | |
120 | === modified file 'lib/tool/nlink.h' |
121 | --- lib/tool/nlink.h 2010-06-08 14:48:16 +0000 |
122 | +++ lib/tool/nlink.h 2010-09-20 14:22:41 +0000 |
123 | @@ -92,18 +92,4 @@ |
124 | const struct in6_addr *dst_addr, char *idev, char *odev, |
125 | int family, struct idxmap **idxmap); |
126 | |
127 | -int xfrm_init_lft(struct xfrm_lifetime_cfg *lft); |
128 | -int xfrm_fill_selector(struct xfrm_selector *sel, |
129 | - const struct in6_addr *id_our, |
130 | - const struct in6_addr *id_peer, |
131 | - uint8_t proto, uint8_t id_prefix, |
132 | - int preferred_family); |
133 | -int xfrm_fill_encap(struct xfrm_encap_tmpl *encap, |
134 | - int sport, |
135 | - int dport, |
136 | - const struct in6_addr *oa); |
137 | - |
138 | -int xfrm_algo_parse(struct xfrm_algo *alg, const char *name, |
139 | - const unsigned char *key, int key_len, int max); |
140 | - |
141 | #endif /* HIP_LIB_TOOL_NLINK_H */ |
142 | |
143 | === modified file 'lib/tool/xfrmapi.c' |
144 | --- lib/tool/xfrmapi.c 2010-07-16 18:56:20 +0000 |
145 | +++ lib/tool/xfrmapi.c 2010-09-20 14:22:41 +0000 |
146 | @@ -71,6 +71,119 @@ |
147 | |
148 | |
149 | /** |
150 | + * fill the port numbers for the UDP tunnel for IPsec |
151 | + * |
152 | + * @param encap xfrm_encap_tmpl structure |
153 | + * @param sport source port |
154 | + * @param dport destination port |
155 | + * @param oa the destination address of the tunnel in IPv6-mapped format |
156 | + * @return 0 |
157 | + */ |
158 | +static int hip_xfrm_fill_encap(struct xfrm_encap_tmpl *encap, |
159 | + const int sport, |
160 | + const int dport, |
161 | + const struct in6_addr *oa) |
162 | +{ |
163 | + encap->encap_type = HIP_UDP_ENCAP_ESPINUDP; |
164 | + encap->encap_sport = htons(sport); |
165 | + encap->encap_dport = htons(dport); |
166 | + encap->encap_oa.a4 = oa->s6_addr32[3]; |
167 | + return 0; |
168 | +} |
169 | + |
170 | +/** |
171 | + * Fill in the selector. Selector is bound to HITs. |
172 | + * |
173 | + * @param sel pointer to xfrm_selector to be filled in |
174 | + * @param id_our Source HIT or LSI, if the last is defined |
175 | + * @param id_peer Peer HIT or LSI, if the last is defined |
176 | + * @param proto inclusive protocol filter (zero for any protocol) |
177 | + * @param id_prefix Length of the identifier's prefix |
178 | + * @param preferred_family address family filter (AF_INET6 for HITs) |
179 | + * @return 0 |
180 | + */ |
181 | +static int hip_xfrm_fill_selector(struct xfrm_selector *sel, |
182 | + const struct in6_addr *id_our, |
183 | + const struct in6_addr *id_peer, |
184 | + const uint8_t proto, const uint8_t id_prefix, |
185 | + const int preferred_family) |
186 | +{ |
187 | + struct in_addr in_id_our, in_id_peer; |
188 | + |
189 | + if (IN6_IS_ADDR_V4MAPPED(id_our)) { |
190 | + sel->family = AF_INET; |
191 | + IPV6_TO_IPV4_MAP(id_our, &in_id_our); |
192 | + IPV6_TO_IPV4_MAP(id_peer, &in_id_peer); |
193 | + memcpy(&sel->daddr, &in_id_our, sizeof(sel->daddr)); |
194 | + memcpy(&sel->saddr, &in_id_peer, sizeof(sel->saddr)); |
195 | + } else { |
196 | + sel->family = preferred_family; |
197 | + memcpy(&sel->daddr, id_peer, sizeof(sel->daddr)); |
198 | + memcpy(&sel->saddr, id_our, sizeof(sel->saddr)); |
199 | + } |
200 | + |
201 | + if (proto) { |
202 | + HIP_DEBUG("proto = %d\n", proto); |
203 | + sel->proto = proto; |
204 | + } |
205 | + |
206 | + sel->prefixlen_d = id_prefix; |
207 | + sel->prefixlen_s = id_prefix; |
208 | + |
209 | + return 0; |
210 | +} |
211 | + |
212 | +/** |
213 | + * initialize the lft |
214 | + * |
215 | + * @param lft pointer to the lft struct to be initialized |
216 | + * |
217 | + * @return 0 |
218 | + */ |
219 | +static int hip_xfrm_init_lft(struct xfrm_lifetime_cfg *lft) |
220 | +{ |
221 | + lft->soft_byte_limit = XFRM_INF; |
222 | + lft->hard_byte_limit = XFRM_INF; |
223 | + lft->soft_packet_limit = XFRM_INF; |
224 | + lft->hard_packet_limit = XFRM_INF; |
225 | + |
226 | + return 0; |
227 | +} |
228 | + |
229 | +/** |
230 | + * parse a crypto algorithm name and its key into an xfrm_algo structure |
231 | + * |
232 | + * @param alg the resulting xfrm_algo structure (caller allocates) |
233 | + * @param name the name of the crypto algorithm |
234 | + * @param key the key for the given algorithm |
235 | + * @param key_len the length of the key in bits |
236 | + * @param max maximum size for a key in the xfrm_algo structure |
237 | + * @return zero |
238 | + */ |
239 | +static int hip_xfrm_algo_parse(struct xfrm_algo *alg, const char *name, |
240 | + const unsigned char *key, const int key_len, |
241 | + const int max) |
242 | +{ |
243 | + int len = 0; |
244 | + int slen = key_len; |
245 | + |
246 | + strncpy(alg->alg_name, name, sizeof(alg->alg_name)); |
247 | + |
248 | + len = slen; |
249 | + if (len > 0) { |
250 | + if (len > max) { |
251 | + HIP_ERROR("\"ALGOKEY\" makes buffer overflow\n", key); |
252 | + return -1; |
253 | + } |
254 | + memcpy(alg->alg_key, key, key_len * 8); |
255 | + } |
256 | + |
257 | + alg->alg_key_len = len * 8; |
258 | + |
259 | + return 0; |
260 | +} |
261 | + |
262 | +/** |
263 | * modify a Security Policy |
264 | * @param cmd command. %XFRM_MSG_NEWPOLICY | %XFRM_MSG_UPDPOLICY |
265 | * @param id_our Source ID or LSI |
266 | @@ -110,14 +223,14 @@ |
267 | req.n.nlmsg_flags = NLM_F_REQUEST | flags; |
268 | req.n.nlmsg_type = cmd; |
269 | |
270 | - xfrm_init_lft(&req.xpinfo.lft); |
271 | + hip_xfrm_init_lft(&req.xpinfo.lft); |
272 | |
273 | /* Direction */ |
274 | req.xpinfo.dir = dir; |
275 | |
276 | /* SELECTOR <--> HITs SELECTOR <--> LSIs*/ |
277 | - HIP_IFE(xfrm_fill_selector(&req.xpinfo.sel, id_peer, id_our, 0, |
278 | - id_prefix, preferred_family), -1); |
279 | + HIP_IFE(hip_xfrm_fill_selector(&req.xpinfo.sel, id_peer, id_our, 0, |
280 | + id_prefix, preferred_family), -1); |
281 | |
282 | /* TEMPLATE */ |
283 | tmpl = (struct xfrm_user_tmpl *) ((char *) tmpls_buf); |
284 | @@ -257,8 +370,8 @@ |
285 | req.xpid.dir = dir; |
286 | |
287 | /* SELECTOR <--> HITs */ |
288 | - HIP_IFE(xfrm_fill_selector(&req.xpid.sel, hit_peer, hit_our, 0, |
289 | - hit_prefix, preferred_family), -1); |
290 | + HIP_IFE(hip_xfrm_fill_selector(&req.xpid.sel, hit_peer, hit_our, 0, |
291 | + hit_prefix, preferred_family), -1); |
292 | HIP_IFEL((netlink_talk(rth, &req.n, 0, 0, NULL, NULL, NULL) < 0), -1, |
293 | "No associated policies to be deleted\n"); |
294 | |
295 | @@ -332,7 +445,7 @@ |
296 | req.n.nlmsg_flags = NLM_F_REQUEST; |
297 | req.n.nlmsg_type = cmd; |
298 | |
299 | - xfrm_init_lft(&req.xsinfo.lft); |
300 | + hip_xfrm_init_lft(&req.xsinfo.lft); |
301 | |
302 | req.xsinfo.mode = XFRM_MODE_BEET; |
303 | req.xsinfo.id.proto = IPPROTO_ESP; |
304 | @@ -340,12 +453,14 @@ |
305 | req.xsinfo.id.spi = htonl(spi); |
306 | |
307 | /* Selector */ |
308 | - HIP_IFE(xfrm_fill_selector(&req.xsinfo.sel, src_id, dst_id, |
309 | - 0, hip_xfrmapi_sa_default_prefix, |
310 | - AF_INET6), -1); |
311 | + HIP_IFE(hip_xfrm_fill_selector(&req.xsinfo.sel, src_id, dst_id, |
312 | + 0, hip_xfrmapi_sa_default_prefix, |
313 | + AF_INET6), -1); |
314 | if (req.xsinfo.family == AF_INET && (sport || dport)) { |
315 | - xfrm_fill_encap(&encap, (sport ? sport : hip_get_local_nat_udp_port()), |
316 | - (dport ? dport : hip_get_peer_nat_udp_port()), saddr); |
317 | + hip_xfrm_fill_encap(&encap, |
318 | + (sport ? sport : hip_get_local_nat_udp_port()), |
319 | + (dport ? dport : hip_get_peer_nat_udp_port()), |
320 | + saddr); |
321 | HIP_IFE(addattr_l(&req.n, sizeof(req.buf), XFRMA_ENCAP, |
322 | &encap, sizeof(encap)), -1); |
323 | } |
324 | @@ -366,9 +481,9 @@ |
325 | |
326 | /* XFRMA_ALG_AUTH */ |
327 | memset(&alg, 0, sizeof(alg)); |
328 | - HIP_IFE(xfrm_algo_parse((void *) &alg, a_name, |
329 | - authkey->key, authkey_len, |
330 | - sizeof(alg.buf)), -1); |
331 | + HIP_IFE(hip_xfrm_algo_parse((void *) &alg, a_name, |
332 | + authkey->key, authkey_len, |
333 | + sizeof(alg.buf)), -1); |
334 | len = sizeof(struct xfrm_algo) + alg.algo.alg_key_len; |
335 | |
336 | HIP_IFE((addattr_l(&req.n, sizeof(req.buf), XFRMA_ALG_AUTH, |
337 | @@ -376,9 +491,9 @@ |
338 | |
339 | /* XFRMA_ALG_CRYPT */ |
340 | memset(&alg, 0, sizeof(alg)); |
341 | - HIP_IFE(xfrm_algo_parse((void *) &alg, e_name, |
342 | - enckey->key, enckey_len, |
343 | - sizeof(alg.buf)), -1); |
344 | + HIP_IFE(hip_xfrm_algo_parse((void *) &alg, e_name, |
345 | + enckey->key, enckey_len, |
346 | + sizeof(alg.buf)), -1); |
347 | |
348 | len = sizeof(struct xfrm_algo) + alg.algo.alg_key_len; |
349 | |
350 | @@ -439,9 +554,10 @@ |
351 | /** @todo Fill in information for UDP-NAT SAs. */ |
352 | if (req.xsid.family == AF_INET && (sport || dport)) { |
353 | HIP_DEBUG("FILLING UDP Port info while deleting\n"); |
354 | - xfrm_fill_encap(&encap, (sport ? sport : hip_get_local_nat_udp_port()), |
355 | - (dport ? dport : hip_get_peer_nat_udp_port()), |
356 | - peer_addr); |
357 | + hip_xfrm_fill_encap(&encap, |
358 | + (sport ? sport : hip_get_local_nat_udp_port()), |
359 | + (dport ? dport : hip_get_peer_nat_udp_port()), |
360 | + peer_addr); |
361 | HIP_IFE(addattr_l(&req.n, sizeof(req.buf), XFRMA_ENCAP, |
362 | &encap, sizeof(encap)), -1); |
363 | } |
I am testing whether I can approve of this diff even though I am not a member of hip-core