[hipl-commit] [trunk] Rev 3576: Doxygen for firewall/firewall.c
- From: Miika Komu <miika@xxxxxx>
- To: hipl-commit@xxxxxxxxxxxxx
- Date: Tue, 9 Feb 2010 22:52:09 +0200
Committer: Miika Komu <miika@xxxxxx>
Date: Tue Feb 09 22:52:23 2010 +0200
Revision: 3576
Revision-id: miika@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Branch nick: trunk
Log:
Doxygen for firewall/firewall.c
Modified:
D firewall/firewall.c.doxyme
M firewall/firewall.c
=== modified file 'firewall/firewall.c'
--- firewall/firewall.c 2010-02-09 09:34:07 +0000
+++ firewall/firewall.c 2010-02-09 20:52:23 +0000
@@ -1,7 +1,25 @@
-/** @file
- * HIP Firewall
- *
- * @note: This code is GNU/GPL.
+/** @file firewall/firewall.c
+ *
+ * Distributed under <a href="http://www.gnu.org/licenses/gpl2.txt";>GNU/GPL</a>
+ *
+ * All functionality that requires packet capture using libipq are contained
in the
+ * hipfw. The basic function of the hipfw is to track HIP packets and track
associate
+ * them with the related ESP connections with SPIs. This way, the hipfw can
support access control
+ * for mobile devices based on their public keys (or HITs). Please see the
following documentation
+ * on the basic funtionality of the hipfw:
+ * * - <a href="http://hipl.hiit.fi/papers/essi_dippa.pdf";>E. Vehmersalo,
Host Identity Protocol Enabled Firewall: A Prototype Implementation and
Analysis, Master's thesis, September 2005</a>
+ * - <a href="http://www.usenix.org/events/usenix07/poster.html";>Lindqvist,
Janne; Vehmersalo, Essi; Komu, Miika; Manner, Jukka, Enterprise Network Packet
Filtering for Mobile Cryptographic Identities,
+ * Usenix 2007 Annual Technical Conference, Santa Clara, CA, June 20, 2007</a>
+ * - Rene Hummen. Secure Identity-based Middlebox Functions using the Host
Identity Protocol. Master's thesis, RWTH Aachen, 2009.
+ *
+ * The hipfw supports additional extensions, such as LSIs, userspace IPsec and
hiccups. See
+ * the hyperlinks in the files that implement the extensions for more
information.
+ *
+ * @brief HIP multipurpose firewall toolkit
+ *
+ * @author Rene Hummen <rene.hummen@xxxxxxxxxxxxxx>
+ * @author Miika Komu <miika@xxxxxx>
+ *
* @note: HIPU: requires libipq, might need pcap libraries
*/
@@ -95,19 +113,27 @@
int use_midauth = 0;
#endif
-/* Use this to send and receive responses to hipd. Notice that
+/** Use this to send and receive responses to hipd. Notice that
* firewall_control.c has a separate socket for receiving asynchronous
* messages from hipd (i.e. messages that were not requests from hipfw).
* The two sockets need to be kept separate because the hipfw might
* mistake an asynchronous message from hipd to an response. The alternative
* to two sockets are sequence numbers but it would have required reworking
- * too much of the firewall. -miika */
-// TODO make accessible through send function, no-one should read on that
+ * too much of the firewall.
+ *
+ * @todo make accessible through send function, no-one should read on that
+ **/
int hip_fw_sock = 0;
-/* Use this socket *only* for receiving async messages from hipd */
-// TODO make static, no-one should read on that
+/**
+ * Use this socket *only* for receiving async messages from hipd
+ * @todo make static, no-one should read on that
+ **/
int hip_fw_async_sock = 0;
+/**
+ * display usage of firewall to stdout
+ *
+ **/
static void print_usage(void){
printf("HIP Firewall\n");
printf("Usage: hipfw [-f file_name] [-d|-v] [-A] [-F] [-H] [-b] [-a]
[-c] [-k] [-i|-I|-e] [-l] [-o] [-p] [-h]");
@@ -140,6 +166,11 @@
/*----------------INIT FUNCTIONS------------------*/
+/**
+ * Initialize sava client packet capture rules
+ *
+ * @return zero on success, non-zero on error
+ **/
int hip_fw_init_sava_client() {
int err = 0;
if (!hip_sava_client && !hip_sava_router) {
@@ -158,6 +189,11 @@
return err;
}
+/**
+ * Initialize packet capture rules for sava router
+ *
+ * @return zero on success, non-zero on error
+ **/
int hip_fw_init_sava_router() {
int err = 0;
/*
@@ -205,6 +241,10 @@
return err;
}
+/**
+ * Ununitialize packet capture rules for sava client
+ *
+ **/
void hip_fw_uninit_sava_client(void) {
if (hip_sava_client) {
hip_sava_client = 0;
@@ -217,6 +257,10 @@
}
}
+/**
+ * Uninitialize packet capture rules for sava router
+ *
+ **/
void hip_fw_uninit_sava_router(void) {
if (!hip_sava_client && !hip_sava_router) {
hip_sava_router = 0;
@@ -252,12 +296,22 @@
return;
}
+/**
+ * update sava state
+ *
+ * @param msg message containing the sava state
+ **/
void hip_fw_update_sava(struct hip_common * msg) {
if (hip_sava_router || hip_sava_client)
handle_sava_i2_state_update(msg);
}
-
-// TODO this should be allowed to be static
+/**
+ * Initialize packet capture rules for opportunistic TCP extension
+ *
+ * @return zero on success or non-zero on error
+ *
+ * @todo this should be allowed to be static
+ **/
int hip_fw_init_opptcp(void){
int err = 0;
@@ -274,7 +328,13 @@
return err;
}
-// TODO this should be allowed to be static
+/**
+ * Uninitialize packet capture rules for opportunistic TCP extension
+ *
+ * @return zero on success or non-zero on error
+ *
+ * @todo this should be allowed to be static
+ **/
int hip_fw_uninit_opptcp(void){
int err = 0;
@@ -290,7 +350,13 @@
return err;
}
-// TODO this should be allowed to be static
+/**
+ * Initialize packet capture rules for client-side HIP proxy
+ *
+ * @return zero on success and non-zero on failure
+ *
+ * @todo this should be allowed to be static
+ **/
int hip_fw_init_proxy(void)
{
int err = 0;
@@ -312,7 +378,13 @@
return err;
}
-// TODO this should be allowed to be static
+/**
+ * Uninitialize packet capture rules for the client-side HIP proxy
+ *
+ * @return zero on success and non-zero on failure
+ *
+ * @todo this should be allowed to be static
+ **/
int hip_fw_uninit_proxy(void){
int err = 0;
@@ -340,6 +412,11 @@
return err;
}
+/**
+ * Initialize packet capture rules for userspace IPsec
+ *
+ * @return zero on success and non-zero on failure
+ **/
static int hip_fw_init_userspace_ipsec(void){
int err = 0;
int ver_c;
@@ -385,7 +462,11 @@
return err;
}
-
+/**
+ * Uninitialize packet capture rules for userspace IPsec
+ *
+ * @return zero on success and non-zero on failure
+ **/
static int hip_fw_uninit_userspace_ipsec(void){
int err = 0;
@@ -412,7 +493,12 @@
return err;
}
-
+/**
+ * Initialize packet capture rules for ESP protection extensions
+ *
+ * @return zero on success and non-zero on failure
+ *
+ **/
static int hip_fw_init_esp_prot(void){
int err = 0;
@@ -436,6 +522,11 @@
return err;
}
+/**
+ * Uninitialize packet capture rules for ESP protection extensions
+ *
+ * @return zero on success and non-zero on failure
+ */
static int hip_fw_uninit_esp_prot(void){
int err = 0;
@@ -451,6 +542,11 @@
return err;
}
+/**
+ * Unitialize packet capture rules for ESP connection tracking
+ *
+ * @return zero on success and non-zero on failure
+ **/
static int hip_fw_init_esp_prot_conntrack(void){
int err = 0;
@@ -464,6 +560,11 @@
return err;
}
+/**
+ * Uninitialize rules for connection tracking for ESP-protection extensions
+ *
+ * @return zero on success and non-zero on failure
+ **/
static int hip_fw_uninit_esp_prot_conntrack(void){
int err = 0;
@@ -477,6 +578,11 @@
return err;
}
+/**
+ * Initialize packet capture rules for LSI support
+ *
+ * @return zero on success and non-zero on failure
+ **/
static int hip_fw_init_lsi_support(void){
int err = 0;
@@ -493,6 +599,11 @@
return err;
}
+/**
+ * Uninitialize packet capture rules for LSI support
+ *
+ * @return zero on success and non-zero on failure
+ **/
static int hip_fw_uninit_lsi_support(void) {
int err = 0;
@@ -514,6 +625,11 @@
return err;
}
+/**
+ * Initialize packet capture rules for system-based opportunistic mode
+ *
+ * @return zero on success and non-zero on failure
+ */
static int hip_fw_init_system_based_opp_mode(void) {
int err = 0;
@@ -532,6 +648,11 @@
return err;
}
+/**
+ * Initialize packet capture rules for hiccups data-packet extensions
+ *
+ * @return zero on success and non-zero on failure
+ */
static int hip_fw_init_datapacket_mode(void) {
int err = 0;
@@ -543,6 +664,12 @@
return err;
}
+/**
+ * Uninitialize packet capture rules for hiccups data-packet extensions
+ *
+ * @return zero on success and non-zero on failure
+ *
+ **/
static int hip_fw_uninit_datapacket_mode(void) {
int err = 0;
@@ -554,6 +681,12 @@
return err;
}
+/**
+ * Initialize all basic and extended packet capture rules
+ *
+ * @return zero on success and non-zero on failure
+ *
+ **/
static int firewall_init_extensions(void)
{
int err = 0;
@@ -652,6 +785,11 @@
return err;
}
+/**
+ * Uninitialize packet capture rules for system-based opportunistic mode
+ *
+ * @return zero on success and non-zero on failure
+ */
static int hip_fw_uninit_system_based_opp_mode(void) {
int err = 0;
@@ -677,7 +815,11 @@
/*-------------------HELPER FUNCTIONS---------------------*/
-/* Get default HIT and LSI */
+/**
+ * Ask default HIT and LSI from hipd
+ *
+ * @return zero on success and non-zero on failure
+ **/
static int hip_query_default_local_hit_from_hipd(void)
{
int err = 0;
@@ -708,6 +850,10 @@
return err;
}
+/**
+ * Uninitialize all basic and extended packet capture rules
+ *
+ **/
static void hip_fw_flush_iptables(void)
{
HIP_DEBUG("Firewall flush; may cause warnings on hipfw init\n");
@@ -741,6 +887,11 @@
system_print("ip6tables -X HIPFW-FORWARD 2>/dev/null");
}
+/**
+ * Firewall signal handler (SIGINT, SIGTERM). Exit firewall gracefully
+ * and clean up all packet capture rules.
+ *
+ **/
static void firewall_exit(void){
struct hip_common *msg = NULL;
@@ -772,6 +923,11 @@
hip_remove_lock_file(HIP_FIREWALL_LOCK_FILE);
}
+/**
+ * Firewall signal handler wrapper (SIGINT, SIGTERM). Exit firewall gracefully
+ * and clean up all packet capture rules.
+ *
+ **/
static void firewall_close(const int signal){
#ifdef CONFIG_HIP_PERFORMANCE
HIP_DEBUG("Stop and write PERF_ALL\n");
@@ -854,6 +1010,16 @@
/*-------------PACKET FILTERING FUNCTIONS------------------*/
+/**
+ * Test if two HITs match
+ *
+ * @param match_hit the first HIT
+ * @param packet_hit the second HIT
+ * @param boolean boolean flag (0 or 1)
+ *
+ * @return 1 if HITs match and 0 otherwise when boolean is 1. The return value
is reversed when the boolean
+ * value is 0.
+ **/
static int match_hit(const struct in6_addr match_hit, const struct in6_addr
packet_hit, const int boolean){
int i = IN6_ARE_ADDR_EQUAL(&match_hit, &packet_hit);
@@ -865,6 +1031,16 @@
return !i;
}
+/**
+ * Test if two integers match
+ *
+ * @param match the first integer
+ * @param packet the second integer
+ * @param boolean boolean flag (0 or 1)
+ *
+ * @return 1 if integers match and 0 otherwise when the boolean is 1. The
return value is reversed when the boolean
+ * value is 0.
+ **/
static int match_int(const int match, const int packet, const int boolean){
if (boolean)
return match == packet;
@@ -872,7 +1048,16 @@
return !(match == packet);
}
-
+/**
+ * Test if two strings match
+ *
+ * @param match the first string
+ * @param packet the second string
+ * @param boolean boolean flag (0 or 1)
+ *
+ * @return 1 if strings match and 0 otherwise when the boolean is 1. The
return value is reversed when the boolean
+ * value is 0.
+ **/
static int match_string(const char * match, const char * packet, const int
boolean){
if (boolean)
return !strcmp(match, packet);
@@ -880,10 +1065,15 @@
return strcmp(match, packet);
}
-/* We only match the esp packet with the state in the connection
- * tracking. There is no need to match the rule-set again as we
- * already filtered the HIP control packets. If we wanted to
- * disallow a connection, we should do it there! */
+/**
+ * A wrapper for filter_esp_state. Match the esp packet with the state
+ * in the connection tracking. There is no need to match the rule-set
+ * again as we already filtered the HIP control packets. If we wanted
+ * to disallow a connection, we should do it in filter_hip.
+ *
+ * @param ctx packet context
+ * @return the verdict (1 for pass and 0 for drop)
+ */
static int filter_esp(const hip_fw_context_t * ctx)
{
// drop packet by default
@@ -905,16 +1095,26 @@
return verdict;
}
-/* filter hip packet according to rules.
- * return verdict
- */
+/**
+ * filter the hip packet according to the connection tracking rules
+ *
+ * @param ip6_src source address of the HIP control packet
+ * @param ip6_dst destination address of the HIP control packet
+ * @param buf the HIP control packet
+ * @param hook ipqueue hook
+ * @param in_if ipqueue input interface
+ * @param out_if ipqueue output interface
+ * @param ctx packet context
+ *
+ * @return the verdict (1 for pass and 0 for drop)
+ **/
static int filter_hip(const struct in6_addr * ip6_src,
- const struct in6_addr * ip6_dst,
- struct hip_common *buf,
- const unsigned int hook,
- const char * in_if,
- const char * out_if,
- hip_fw_context_t *ctx)
+ const struct in6_addr * ip6_dst,
+ struct hip_common *buf,
+ const unsigned int hook,
+ const char * in_if,
+ const char * out_if,
+ hip_fw_context_t *ctx)
{
// complete rule list for hook (== IN / OUT / FORWARD)
struct _DList * list = (struct _DList *) read_rules(hook);
@@ -1140,7 +1340,7 @@
}
/*
- * Rules:
+ * Handle packet capture for outbound HIP packets. The rules are as follows:
*
* Output:
*
@@ -1197,6 +1397,9 @@
* - Other:
* 2. Proxy input
*
+ * @param ctx packet context
+ *
+ * @return the verdict (1 for pass and 0 for drop)
*/
static int hip_fw_handle_hip_output(hip_fw_context_t *ctx){
int verdict = accept_hip_esp_traffic_by_default;
@@ -1232,6 +1435,13 @@
return verdict;
}
+/**
+ * Process an ESP packet from the outbound packet queue
+ *
+ * @param ctx the packet context
+ *
+ * @return the verdict (1 for pass and 0 for drop)
+ **/
static int hip_fw_handle_esp_output(hip_fw_context_t *ctx){
int verdict = accept_hip_esp_traffic_by_default;
@@ -1248,6 +1458,13 @@
return verdict;
}
+/**
+ * Process an ESP packet from the outbound packet capture queue
+ *
+ * @param ctx the packet context
+ *
+ * @return the verdict (1 for pass and 0 for drop)
+ **/
static int hip_fw_handle_other_output(hip_fw_context_t *ctx){
struct ip *iphdr = NULL;
struct tcphdr *tcphdr = NULL;
@@ -1313,6 +1530,13 @@
return verdict;
}
+/**
+ * Process a TCP packet from the outbound packet capture queue
+ *
+ * @param ctx the packet context
+ *
+ * @return the verdict (1 for pass and 0 for drop)
+ **/
static int hip_fw_handle_tcp_output(hip_fw_context_t *ctx){
HIP_DEBUG("\n");
@@ -1320,6 +1544,13 @@
return hip_fw_handle_other_output(ctx);
}
+/**
+ * Process a HIP packet from the forward packet capture queue
+ *
+ * @param ctx the packet context
+ *
+ * @return the verdict (1 for pass and 0 for drop)
+ **/
static int hip_fw_handle_hip_forward(hip_fw_context_t *ctx){
HIP_DEBUG("\n");
@@ -1333,6 +1564,13 @@
return hip_fw_handle_hip_output(ctx);
}
+/**
+ * Process an ESP packet from the forward packet capture queue
+ *
+ * @param ctx the packet context
+ *
+ * @return the verdict (1 for pass and 0 for drop)
+ **/
static int hip_fw_handle_esp_forward(hip_fw_context_t *ctx){
int verdict = accept_hip_esp_traffic_by_default;
@@ -1349,6 +1587,13 @@
return verdict;
}
+/**
+ * Process an other (not HIP, ESP, TCP) packet from the forward packet capture
queue
+ *
+ * @param ctx the packet context
+ *
+ * @return the verdict (1 for pass and 0 for drop)
+ **/
static int hip_fw_handle_other_forward(hip_fw_context_t *ctx){
int verdict = accept_normal_traffic_by_default;
@@ -1372,12 +1617,26 @@
return verdict;
}
+/**
+ * Process a TCP packet from the forward packet capture queue
+ *
+ * @param ctx the packet context
+ *
+ * @return the verdict (1 for pass and 0 for drop)
+ **/
static int hip_fw_handle_tcp_forward(hip_fw_context_t *ctx){
HIP_DEBUG("\n");
return hip_fw_handle_other_forward(ctx);
}
+/**
+ * Process an other (not HIP, ESP, TCP) packet from the inbound packet capture
queue
+ *
+ * @param ctx the packet context
+ *
+ * @return the verdict (1 for pass and 0 for drop)
+ **/
static int hip_fw_handle_other_input(hip_fw_context_t *ctx){
int verdict = accept_normal_traffic_by_default;
int ip_hits = ipv6_addr_is_hit(&ctx->src) &&
@@ -1403,6 +1662,13 @@
return verdict;
}
+/**
+ * Process a HIP packet from the input packet capture queue
+ *
+ * @param ctx the packet context
+ *
+ * @return the verdict (1 for pass and 0 for drop)
+ **/
static int hip_fw_handle_hip_input(hip_fw_context_t *ctx){
int verdict = accept_hip_esp_traffic_by_default;
@@ -1417,6 +1683,13 @@
return verdict;
}
+/**
+ * Process an ESP packet from the inbound packet capture queue
+ *
+ * @param ctx the packet context
+ *
+ * @return the verdict (1 for pass and 0 for drop)
+ **/
static int hip_fw_handle_esp_input(hip_fw_context_t *ctx){
int verdict = accept_hip_esp_traffic_by_default;
@@ -1440,6 +1713,13 @@
return verdict;
}
+/**
+ * Process a TCP packet from the inbound packet capture queue
+ *
+ * @param ctx the packet context
+ *
+ * @return the verdict (1 for pass and 0 for drop)
+ **/
static int hip_fw_handle_tcp_input(hip_fw_context_t *ctx){
int verdict = accept_normal_traffic_by_default;
@@ -1466,6 +1746,11 @@
/*----------------MAIN FUNCTIONS----------------------*/
+/**
+ * Initialize the firewall datastructures and ipqueue rules
+ *
+ * @return zero on success or non-zero on failure
+ **/
static int firewall_init(void)
{
int err = 0;
@@ -1526,7 +1811,10 @@
}
/**
- * Returns the packet type of an IP packet.
+ *
+ * Initialize context for a packet. The context stores e.g. the packet type and
+ * possibly encapsulating packet type. It also stores useful pointers IP and
+ * transport layer headers where applicable to avoid redundant casting.
*
* Currently supported types: type
* - plain HIP control packet 1
@@ -1816,8 +2104,14 @@
/**
-*
-*/
+ * Set an accept verdict for a modified packet
+ *
+ * @param handle ipqueue file handle
+ * @param packetId ipqueue packet id
+ * @param len length of buf
+ * @param buf the packet to be accepted
+ *
+ **/
static void allow_modified_packet(struct ipq_handle *handle, unsigned long
packetId,
size_t len, unsigned char *buf){
ipq_set_verdict(handle, packetId, NF_ACCEPT, len, buf);
@@ -1840,7 +2134,7 @@
/**
- * Not allow a packet to pass
+ * Drop a packet
*
* @param handle the handle for the packets.
* @param packetId the packet ID.
@@ -1853,17 +2147,20 @@
}
/**
- * Analyzes packets.
-
- * @param *ptr pointer to an integer that indicates
- * the type of traffic: 4 - ipv4; 6 - ipv6.
+ * Analyze a packet.
+ *
+ * @param buf the packet to be analyzed
+ * @param hndl a file handle to the ipqueue
+ * @param ip_version the type of traffic: 4 - ipv4; 6 - ipv6.
+ * @param ctx packet context
+ *
* @return nothing, this function loops forever,
* until the firewall is stopped.
*/
static int hip_fw_handle_packet(unsigned char *buf,
- struct ipq_handle *hndl,
- const int ip_version,
- hip_fw_context_t *ctx){
+ struct ipq_handle *hndl,
+ const int ip_version,
+ hip_fw_context_t *ctx){
// assume DROP
int verdict = 0;
@@ -1926,16 +2223,18 @@
return 0;
}
+/**
+ * Hipfw should be started before hipd to make sure
+ * that nobody can bypass ACLs. However, some hipfw
+ * extensions (e.g. userspace ipsec) work consistently
+ * only when hipd is started first. To solve this
+ * chicken-and-egg problem, we are blocking all hipd
+ * messages until hipd is running and firewall is set up.
+ **/
static void hip_fw_wait_for_hipd(void) {
hip_fw_flush_iptables();
- /* Hipfw should be started before hipd to make sure
- that nobody can bypass ACLs. However, some hipfw
- extensions (e.g. userspace ipsec) work consistently
- only when hipd is started first. To solve this
- chicken-and-egg problem, we are blocking all hipd
- messages until hipd is running and firewall is set up */
system_print("iptables -N HIPFW-INPUT");
system_print("iptables -N HIPFW-OUTPUT");
system_print("iptables -N HIPFW-FORWARD");
@@ -1968,6 +2267,15 @@
/* Notice that firewall flushed the dropping rules later */
}
+/**
+ * main function that starts the single-threaded hipfw process
+ *
+ * @param argc number of arguments
+ * @param argv an array of pointers to the arguments
+ *
+ * @return zero on success and non-zero on failure
+ *
+ **/
int main(int argc, char **argv){
int err = 0, highest_descriptor, i;
int status, n, len;
@@ -2381,14 +2689,23 @@
/*----------------EXTERNALLY USED FUNCTIONS-------------------*/
-/* currently done in rule_management
- * delete rule needs checking for state options
+/**
+ * Turn on stateful filtering. Currently done in rule_management.
+ *
+ * @todo delete rule needs checking for state options
+ * @todo This doesn't make sense. However, setting 0 prevents connection
tracking.
*/
-// FIXME this doesn't make sense. However, setting 0 prevents connection
tracking.
void set_stateful_filtering(const int active){
statefulFiltering = 1;
}
+/**
+ * Query the default HIT from the hipd. The HIT will be cached
+ * for further calls for improved performance. Caller must NOT
+ * do any deallocation for the HIT.
+ *
+ * @return a global pointer to the default HIT
+ **/
hip_hit_t *hip_fw_get_default_hit(void)
{
// only query for default hit if global variable is not set
@@ -2402,6 +2719,13 @@
return &default_hit;
}
+/**
+ * Query the default LSI from the hipd. The LSI will be cached
+ * for further calls for improved performance. Caller must NOT
+ * do any deallocation for the LSI.
+ *
+ * @return a global pointer to the default LSI
+ **/
hip_lsi_t *hip_fw_get_default_lsi(void)
{
// only query for default lsi if global variable is not set
=== removed file 'firewall/firewall.c.doxyme'
--- firewall/firewall.c.doxyme 2009-12-12 10:44:54 +0000
+++ firewall/firewall.c.doxyme 1970-01-01 00:00:00 +0000
@@ -1,104 +0,0 @@
-/**
- * @file firewall/firewall.c
- *
- * <LICENSE TEMLPATE LINE - LEAVE THIS LINE INTACT>
- *
- * Write description of source file here for dOxygen. Be as precise as
possible.
- * Please also note how and by which parts of the code this file should be
used.
- *
- * @brief Write a short summary
- *
- * @author <Put all existing author information here>
- * @author another Author another@xxxxxxxxxx
- **/
-
-
-
- /// Single line comment for dOxygen.
-
-/**
- * my_great_function
- *
- * Write description of function here.
- * The function should follow these comments.
- *
- * Document the use of each function variable and indicate if this
- * argument is used to return information to the calling context. Use
- * [out] for outut parameters (This is very important). Align the
- * descriptions to improve readability.
- *
- * @note: put important usage informations to notes.
- *
- * @param firstArg Description of first function argument.
- * @param[out] secondArg Description of second function argument.
- * @param thirdArg Description of third function argument.
- * @return Description of returned value.
- **/
-
-int my_great_function(int firstArg, char** secondArg, int thirdArg){
- .....
-
-/// Now it's your turn.
-
-
-
-
-/**
- * hip_fw_get_default_hit
- *
- *
- * @param void
- * @return
- **/
-
-
-/**
- * hip_fw_hit_is_our
- *
- *
- * @param hit
- * @return
- **/
-
-
-/**
- * hip_fw_sys_opp_set_peer_hit
- *
- *
- * @param msg
- * @return
- **/
-
-
-/**
- * hip_get_bex_state_from_IPs
- *
- *
- * @param src_ip
- * @param dst_ip
- * @param src_hit
- * @param dst_hit
- * @param src_lsi
- * @param dst_lsi
- * @return
- **/
-
-
-/**
- * main
- *
- *
- * @param argc
- * @param argv
- * @return
- **/
-
-
-/**
- * set_stateful_filtering
- *
- *
- * @param active
- * @return
- **/
-
Other related posts:
- » [hipl-commit] [trunk] Rev 3576: Doxygen for firewall/firewall.c - Miika Komu
