[hipl-commit] [esp] Rev 2331: first step towards functional esp token updates

  • From: Rene Hummen <rene.hummen@xxxxxxxxxxxxxxxxx>
  • To: hipl-commit@xxxxxxxxxxxxx
  • Date: Wed, 03 Feb 2010 16:36:52 +0200

Committer: Rene Hummen <rene.hummen@xxxxxxxxxxxxxxxxx>
Date: Wed Feb 03 15:34:41 2010 +0100
Revision: 2331
Revision-id: rene.hummen@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Branch nick: esp

Log:
  first step towards functional esp token updates
  
  Re-added almost all hooks from update code to esp_prot extension. I also
  renamed a central function in update to reflect, that it is not only used
  to send locator updates any further.

Modified:
  M  hipd/esp_prot_hipd_msg.c
  M  hipd/esp_prot_hipd_msg.h
  M  hipd/heartbeat.c
  M  hipd/update.c
  M  hipd/update.h
  M  lib/core/state.h

=== modified file 'hipd/esp_prot_hipd_msg.c'
--- hipd/esp_prot_hipd_msg.c    2010-01-19 09:28:42 +0000
+++ hipd/esp_prot_hipd_msg.c    2010-02-03 14:34:41 +0000
@@ -309,18 +309,10 @@
                /* this should send an update only containing the mandatory 
params
                 * HMAC and HIP_SIGNATURE as well as the ESP_PROT_ANCHOR and the
                 * SEQ param (to garanty freshness of the ANCHOR) in the signed 
part
-                * of the message
-                *
-                * params used for this call:
-                * - hadb entry matching the HITs passed in the trigger msg
-                * - not sending locators -> list = NULL and count = 0
-                * - no interface triggers this event -> -1
-                * - bitwise telling about which params to add to UPDATE -> set 
3rd bit to 1
-                * - UPDATE not due to adding of a new addresses
-                * - not setting any address, as none is updated */
-               // TODO 10.11.2009: This send_update call should be modified
-                /*HIP_IFEL(hip_send_update_old(entry, NULL, 0, -1, 
SEND_UPDATE_ESP_ANCHOR, 0, NULL),
-                               -1, "failed to send anchor update\n");*/
+                * of the message */
+         HIP_IFEL(hip_send_update_to_one_peer(NULL, entry, &entry->our_addr,
+                        &entry->peer_addr, NULL, HIP_UPDATE_ESP_ANCHOR),
+                               -1, "failed to send anchor update\n");
        }
 
   out_err:
@@ -929,25 +921,18 @@
 
 /******************** UPDATE parameters *******************/
 
-/**
- * Processes pure ANCHOR-UPDATEs
+/** Classifies update packets belonging to the esp protection extension
  *
  * @param recv_update  the received hip update
- * @param entry                        hip association for the connection
- * @param src_ip               src ip address
- * @param dst_ip               dst ip address
- * @return 0 on success, -1 in case of an error
- **/
-int esp_prot_handle_update(const hip_common_t *recv_update, hip_ha_t *entry,
-                          const in6_addr_t *src_ip, const in6_addr_t *dst_ip)
+ * @return packet type qualifiers
+ */
+int esp_prot_update_type(const hip_common_t *recv_update)
 {
        struct hip_seq * seq = NULL;
        struct hip_ack * ack = NULL;
        struct hip_esp_info * esp_info = NULL;
-       uint32_t spi = 0;
-       int err = 0;
 
-       HIP_ASSERT(entry != NULL);
+       HIP_ASSERT(recv_update != NULL);
 
        seq = (struct hip_seq *) hip_get_param(recv_update, HIP_PARAM_SEQ);
        ack = (struct hip_ack *) hip_get_param(recv_update, HIP_PARAM_ACK);
@@ -955,40 +940,83 @@
 
        if (seq && !ack && !esp_info)
        {
-               /* this is the first ANCHOR-UPDATE msg
-                *
-                * @note contains anchors -> update inbound SA
-                * @note response has to contain corresponding ACK and ESP_INFO 
*/
-               HIP_IFEL(esp_prot_update_handle_anchor(recv_update, entry,
-                               src_ip, dst_ip, &spi), -1,
-                               "failed to handle anchor in UPDATE msg\n");
-               HIP_DEBUG("successfully processed anchors in ANCHOR-UPDATE\n");
-
-               // send ANCHOR_UPDATE response, when the anchor was verified 
above
-               HIP_IFEL(esp_prot_send_update_response(recv_update, entry, 
dst_ip,
-                               src_ip, spi), -1, "failed to send UPDATE 
replay");
+               return ESP_PROT_FIRST_UPDATE_PACKET;
 
        } else if (!seq && ack && esp_info)
        {
-               /* this is the second ANCHOR-UPDATE msg
-                *
-                * @note contains ACK for previously sent anchors -> update 
outbound SA */
-               HIP_DEBUG("received ACK for previously sent ANCHOR-UPDATE\n");
-
-               // the update was successful, stop retransmission
-               entry->update_state = 0;
-
-               // notify sadb about next anchor
-               HIP_IFEL(entry->hadb_ipsec_func->hip_add_sa(dst_ip, src_ip,
-                               &entry->hit_our, &entry->hit_peer, 
entry->spi_outbound_new,
-                               entry->esp_transform, &entry->esp_out, 
&entry->auth_out, 0,
-                               HIP_SPI_DIRECTION_OUT, 1, entry), -1,
-                               "failed to notify sadb about next anchor\n");
+               return ESP_PROT_SECOND_UPDATE_PACKET;
 
        } else
        {
                HIP_DEBUG("NOT a pure ANCHOR-UPDATE, unhandled\n");
+
+               return ESP_PROT_UNKNOWN_UPDATE_PACKET;
        }
+}
+
+/**
+ * Processes the first packet of a pure ANCHOR-UPDATE
+ *
+ * @param recv_update  the received hip update
+ * @param entry                        hip association for the connection
+ * @param src_ip               src ip address
+ * @param dst_ip               dst ip address
+ * @return 0 on success, -1 in case of an error
+ **/
+int esp_prot_handle_first_update_packet(const hip_common_t *recv_update,
+               hip_ha_t *entry, const in6_addr_t *src_ip, const in6_addr_t 
*dst_ip)
+{
+       uint32_t spi = 0;
+       int err = 0;
+
+       HIP_ASSERT(entry != NULL);
+
+       /* this is the first ANCHOR-UPDATE msg
+        *
+        * @note contains anchors -> update inbound SA
+        * @note response has to contain corresponding ACK and ESP_INFO */
+       HIP_IFEL(esp_prot_update_handle_anchor(recv_update, entry,
+                       src_ip, dst_ip, &spi), -1,
+                       "failed to handle anchor in UPDATE msg\n");
+       HIP_DEBUG("successfully processed anchors in ANCHOR-UPDATE\n");
+
+       // send ANCHOR_UPDATE response, when the anchor was verified above
+       HIP_IFEL(esp_prot_send_update_response(recv_update, entry, dst_ip,
+                       src_ip, spi), -1, "failed to send UPDATE replay");
+
+  out_err:
+       return err;
+}
+
+/**
+ * Processes the second packet of a pure ANCHOR-UPDATE
+ *
+ * @param entry                        hip association for the connection
+ * @param src_ip               src ip address
+ * @param dst_ip               dst ip address
+ * @return 0 on success, -1 in case of an error
+ **/
+int esp_prot_handle_second_update_packet(hip_ha_t *entry,
+               const in6_addr_t *src_ip, const in6_addr_t *dst_ip)
+{
+       int err = 0;
+
+       HIP_ASSERT(entry != NULL);
+
+       /* this is the second ANCHOR-UPDATE msg
+        *
+        * @note contains ACK for previously sent anchors -> update outbound SA 
*/
+       HIP_DEBUG("received ACK for previously sent ANCHOR-UPDATE\n");
+
+       // the update was successful, stop retransmission
+       entry->update_state = 0;
+
+       // notify sadb about next anchor
+       HIP_IFEL(entry->hadb_ipsec_func->hip_add_sa(dst_ip, src_ip,
+                       &entry->hit_our, &entry->hit_peer, 
entry->spi_outbound_new,
+                       entry->esp_transform, &entry->esp_out, 
&entry->auth_out, 0,
+                       HIP_SPI_DIRECTION_OUT, 1, entry), -1,
+                       "failed to notify sadb about next anchor\n");
 
   out_err:
        return err;

=== modified file 'hipd/esp_prot_hipd_msg.h'
--- hipd/esp_prot_hipd_msg.h    2010-01-19 09:28:42 +0000
+++ hipd/esp_prot_hipd_msg.h    2010-02-03 14:34:41 +0000
@@ -18,6 +18,10 @@
 #include "lib/core/protodefs.h"
 #include "lib/core/state.h"
 
+#define ESP_PROT_UNKNOWN_UPDATE_PACKET     0
+#define ESP_PROT_FIRST_UPDATE_PACKET     1
+#define ESP_PROT_SECOND_UPDATE_PACKET    2
+
 int esp_prot_set_preferred_transforms(const struct hip_common *msg);
 int esp_prot_handle_trigger_update_msg(const struct hip_common *msg);
 int esp_prot_handle_anchor_change_msg(const struct hip_common *msg);
@@ -29,8 +33,11 @@
 int esp_prot_i2_handle_anchor(hip_ha_t *entry, const struct hip_context *ctx);
 int esp_prot_r2_add_anchor(hip_common_t *r2, hip_ha_t *entry);
 int esp_prot_r2_handle_anchor(hip_ha_t *entry, const struct hip_context *ctx);
-int esp_prot_handle_update(const hip_common_t *recv_update, hip_ha_t *entry,
-                          const in6_addr_t *src_ip, const in6_addr_t *dst_ip);
+int esp_prot_update_type(const hip_common_t *recv_update);
+int esp_prot_handle_first_update_packet(const hip_common_t *recv_update,
+               hip_ha_t *entry, const in6_addr_t *src_ip, const in6_addr_t 
*dst_ip);
+int esp_prot_handle_second_update_packet(hip_ha_t *entry,
+               const in6_addr_t *src_ip, const in6_addr_t *dst_ip);
 int esp_prot_update_add_anchor(hip_common_t *update, hip_ha_t *entry);
 int esp_prot_update_handle_anchor(const hip_common_t *recv_update, hip_ha_t 
*entry,
                const in6_addr_t *src_ip, const in6_addr_t *dst_ip, uint32_t 
*spi);

=== modified file 'hipd/heartbeat.c'
--- hipd/heartbeat.c    2010-01-31 19:44:07 +0000
+++ hipd/heartbeat.c    2010-02-03 14:34:41 +0000
@@ -31,7 +31,7 @@
             "Out of memory while allocation memory for the packet\n");
         HIP_IFE(hip_create_locators(locator_msg, &locators), -1);
 
-       HIP_IFEL(hip_send_locators_to_one_peer(NULL, ha, &ha->our_addr,
+       HIP_IFEL(hip_send_update_to_one_peer(NULL, ha, &ha->our_addr,
                                             &ha->peer_addr, locators, 
HIP_UPDATE_LOCATOR),
                 -1, "Failed to trigger update\n");
                 

=== modified file 'hipd/update.c'
--- hipd/update.c       2010-01-19 13:06:23 +0000
+++ hipd/update.c       2010-02-03 14:34:41 +0000
@@ -20,6 +20,7 @@
 #include "netdev.h"
 #include "lib/core/builder.h"
 #include "update_legacy.h"
+#include "esp_prot_hipd_msg.h"
 
 #ifdef CONFIG_HIP_PERFORMANCE
 #include "lib/performance/performance.h"
@@ -77,7 +78,9 @@
                                                          &ha->hit_peer);
 
         // Add ESP_INFO
-        if (type == HIP_UPDATE_LOCATOR || type == HIP_UPDATE_ECHO_REQUEST) {
+        if (type == HIP_UPDATE_LOCATOR ||
+                       type == HIP_UPDATE_ECHO_REQUEST ||
+                       type == HIP_UPDATE_ESP_ANCHOR_ACK) {
                 // Handle SPI numbers
                 esp_info_old_spi  = ha->spi_inbound_current;
                 esp_info_new_spi = ha->spi_inbound_current;
@@ -118,7 +121,9 @@
 #endif
 
         // Add SEQ
-        if (type == HIP_UPDATE_LOCATOR || type == HIP_UPDATE_ECHO_REQUEST) {
+        if (type == HIP_UPDATE_LOCATOR ||
+                       type == HIP_UPDATE_ECHO_REQUEST ||
+                       type == HIP_UPDATE_ESP_ANCHOR) {
                 // TODO check the following function!
                 /* hip_update_set_new_spi_in_old(ha, esp_info_old_spi,
                     esp_info_new_spi, 0);*/
@@ -139,7 +144,9 @@
         }
 
         // Add ACK
-        if (type == HIP_UPDATE_ECHO_REQUEST || type == 
HIP_UPDATE_ECHO_RESPONSE) {
+        if (type == HIP_UPDATE_ECHO_REQUEST ||
+                       type == HIP_UPDATE_ECHO_RESPONSE ||
+                       type == HIP_UPDATE_ESP_ANCHOR_ACK) {
                 HIP_IFEL(!(seq = hip_get_param(received_update_packet,
                     HIP_PARAM_SEQ)), -1, "SEQ not found\n");
 
@@ -286,7 +293,7 @@
 }
 
 // Locators should be sent to the whole verified addresses!!!
-int hip_send_locators_to_one_peer(hip_common_t* received_update_packet,
+int hip_send_update_to_one_peer(hip_common_t* received_update_packet,
         struct hip_hadb_state *ha, struct in6_addr *src_addr,
         struct in6_addr *dst_addr, struct hip_locator_info_addr_item *locators,
         int type)
@@ -342,7 +349,8 @@
                         }
 
                         break;
-                case SEND_UPDATE_ESP_ANCHOR:
+                case HIP_UPDATE_ESP_ANCHOR:
+                case HIP_UPDATE_ESP_ANCHOR_ACK:
                                        // TODO re-implement sending of esp 
prot anchors
 
                        hip_send_update_pkt(update_packet_to_send, ha, 
src_addr, dst_addr);
@@ -393,7 +401,7 @@
                 if (ha->hastate == HIP_HASTATE_HITOK &&
                     ha->state == HIP_STATE_ESTABLISHED)
                 {
-                        err = hip_send_locators_to_one_peer(NULL, ha, 
&ha->our_addr,
+                        err = hip_send_update_to_one_peer(NULL, ha, 
&ha->our_addr,
                                 &ha->peer_addr, locators, HIP_UPDATE_LOCATOR);
                         if (err)
                             goto out_err;
@@ -524,7 +532,7 @@
         // UPDATE packets sent between different address combinations.
         get_random_bytes(ha->echo_data, sizeof(ha->echo_data));
 
-        err = hip_send_locators_to_one_peer(received_update_packet, ha, 
&ha->our_addr,
+        err = hip_send_update_to_one_peer(received_update_packet, ha, 
&ha->our_addr,
                 &ha->peer_addr, NULL, HIP_UPDATE_ECHO_REQUEST);
         if (err)
             goto out_err;
@@ -538,7 +546,7 @@
 {
         struct hip_esp_info *esp_info;
 
-        hip_send_locators_to_one_peer(received_update_packet, ha, src_addr,
+        hip_send_update_to_one_peer(received_update_packet, ha, src_addr,
                 dst_addr, NULL, HIP_UPDATE_ECHO_RESPONSE);
 
         esp_info = hip_get_param(received_update_packet, HIP_PARAM_ESP_INFO);
@@ -732,6 +740,21 @@
 
                  goto out_err;
         }
+        else if (esp_prot_update_type(received_update_packet) ==
+                       ESP_PROT_FIRST_UPDATE_PACKET)
+        {
+               esp_prot_handle_first_update_packet(received_update_packet,
+                    ha, src_addr, dst_addr);
+
+               goto out_err;
+        }
+        else if (esp_prot_update_type(received_update_packet) ==
+                       ESP_PROT_SECOND_UPDATE_PACKET)
+               {
+               esp_prot_handle_second_update_packet(ha, src_addr, dst_addr);
+
+               goto out_err;
+               }
        
 out_err:
         if (err != 0)

=== modified file 'hipd/update.h'
--- hipd/update.h       2010-01-19 09:28:42 +0000
+++ hipd/update.h       2010-02-03 14:34:41 +0000
@@ -41,7 +41,7 @@
 int hip_create_locators(hip_common_t* locator_msg,
                        struct hip_locator_info_addr_item **locators);
 
-int hip_send_locators_to_one_peer(hip_common_t* received_update_packet,
+int hip_send_update_to_one_peer(hip_common_t* received_update_packet,
                                  struct hip_hadb_state *ha, struct in6_addr 
*src_addr,
                                  struct in6_addr *dst_addr, struct 
hip_locator_info_addr_item *locators,
                                  int type);

=== modified file 'lib/core/state.h'
--- lib/core/state.h    2010-01-19 09:28:42 +0000
+++ lib/core/state.h    2010-02-03 14:34:41 +0000
@@ -70,7 +70,8 @@
 #define HIP_UPDATE_LOCATOR              0
 #define HIP_UPDATE_ECHO_REQUEST         1
 #define HIP_UPDATE_ECHO_RESPONSE        2
-#define SEND_UPDATE_ESP_ANCHOR          3
+#define HIP_UPDATE_ESP_ANCHOR          3
+#define HIP_UPDATE_ESP_ANCHOR_ACK      4
 
 #define HIP_SPI_DIRECTION_OUT            1
 #define HIP_SPI_DIRECTION_IN             2

Other related posts:

  • » [hipl-commit] [esp] Rev 2331: first step towards functional esp token updates - Rene Hummen