[hipl-commit] [trunk] Rev 3582: Doxygen for firewall/firewalldb.c. Added hip_ prefix for a function.
- From: Miika Komu <miika@xxxxxx>
- To: hipl-commit@xxxxxxxxxxxxx
- Date: Wed, 10 Feb 2010 16:42:05 +0200
Committer: Miika Komu <miika@xxxxxx>
Date: Wed Feb 10 16:42:23 2010 +0200
Revision: 3582
Revision-id: miika@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Branch nick: trunk
Log:
Doxygen for firewall/firewalldb.c. Added hip_ prefix for a function.
Modified:
M firewall/firewalldb.c
M firewall/lsi.c
M firewall/lsi.h
M firewall/sysopp.c
=== modified file 'firewall/firewalldb.c'
--- firewall/firewalldb.c 2010-02-09 22:03:31 +0000
+++ firewall/firewalldb.c 2010-02-10 14:42:23 +0000
@@ -4,6 +4,7 @@
* Distributed under <a href="http://www.gnu.org/licenses/gpl2.txt";>GNU/GPL</a>
*
* @todo THIS DATABASE IS REDUDANT WITH CACHE.C AND CONTAINS ONLY A SUBSET OF
IT. REWRITE AND TEST!!!
+ * @todo move the raw socket initialization to somewhere else
*
* @brief Write a short summary
*
@@ -43,7 +44,7 @@
#ifndef DISABLE_hip_firewall_hldb_dump
/**
* display the contents of the database
- */
+ **/
static void hip_firewall_hldb_dump(void){
int i;
firewall_hl_t *this;
@@ -68,7 +69,7 @@
*
* @param ip_peer: entrance that we are searching in the db
* @return NULL if not found and otherwise the firewall_hl_t structure
- */
+ **/
firewall_hl_t *hip_firewall_ip_db_match(const struct in6_addr *ip_peer){
#ifndef DISABLE_hip_firewall_hldb_dump
hip_firewall_hldb_dump();
@@ -95,7 +96,7 @@
/**
- * Adds a default entry in the firewall db.
+ * Add a default entry in the firewall db.
*
* @param ip the only supplied field, the ip of the peer
*
@@ -145,7 +146,7 @@
/**
- * Updates an existing entry. The entry is found based on the peer ip.
+ * Update an existing entry. The entry is found based on the peer ip.
* If any one of the first three params is null,
* the corresponding field in the db entry is not updated.
* The ip field is required so as to find the entry.
@@ -194,7 +195,7 @@
/**
- * Generates the hash information that is used to index the table
+ * Generate the hash information that is used to index the table
*
* @param ptr: pointer to the lsi used to make the hash
*
@@ -210,7 +211,7 @@
/**
- * Compares two IPs
+ * Compare two IPs
*
* @param ptr1: pointer to ip
* @param ptr2: pointer to ip
@@ -221,6 +222,13 @@
return (hip_firewall_hash_ip_peer(ptr1) !=
hip_firewall_hash_ip_peer(ptr2));
}
+/**
+ * Initialize an ICMP raw socket
+ *
+ * @param the raw socket is written into this pointer
+ *
+ * @return zero on success, non-zero on error
+ **/
static int hip_firewall_init_raw_sock_icmp_outbound(int *firewall_raw_sock_v6){
int on = 1, off = 0, err = 0;
@@ -239,7 +247,13 @@
return err;
}
-/*Init functions raw_sockets ipv4*/
+/**
+ * Initialize raw IPv4 sockets for TCP
+ *
+ * @param firewall_raw_sock_v4 the result will be written here
+ *
+ * @return zero on success, non-zero on error
+ **/
static int hip_firewall_init_raw_sock_tcp_v4(int *firewall_raw_sock_v4){
int on = 1, err = 0;
int off = 0;
@@ -261,7 +275,13 @@
return err;
}
-
+/**
+ * Initialize UDP-based raw socket
+ *
+ * @param firewall_raw_sock_v4 the created raw socket will be written here
+ *
+ * @return zero on success, non-zero on error
+ */
static int hip_firewall_init_raw_sock_udp_v4(int *firewall_raw_sock_v4){
int on = 1, err = 0;
int off = 0;
@@ -283,6 +303,13 @@
return err;
}
+/**
+ * Initialize ICMP-based raw socket
+ *
+ * @param firewall_raw_sock_v4 the result is written here
+ *
+ * @return zero on success, non-zero on error
+ */
static int hip_firewall_init_raw_sock_icmp_v4(int *firewall_raw_sock_v4){
int on = 1, err = 0;
int off = 0;
@@ -305,7 +332,13 @@
}
-/*Init functions for raw sockets ipv6*/
+/**
+ * Initialize TCPv6 raw socket
+ *
+ * @param firewall_raw_sock_v6 the created raw socket will be written here
+ *
+ * @return zero on success, non-zero on error
+ */
static int hip_firewall_init_raw_sock_tcp_v6(int *firewall_raw_sock_v6){
int on = 1, off = 0, err = 0;
@@ -324,7 +357,13 @@
return err;
}
-
+/**
+ * Initialize UDPv6-based raw socket
+ *
+ * @param firewall_raw_sock_v6 the created raw socket will be written here
+ *
+ * @return zero on success, non-zero on error
+ */
static int hip_firewall_init_raw_sock_udp_v6(int *firewall_raw_sock_v6){
int on = 1, off = 0, err = 0;
@@ -343,7 +382,13 @@
return err;
}
-
+/**
+ * Initialize ICMPv6-based raw socket
+ *
+ * @param hip_firewall_init_raw_sock_icmp_v6 the created raw socket will be
written here
+ *
+ * @return zero on success, non-zero on error
+ */
static int hip_firewall_init_raw_sock_icmp_v6(int *firewall_raw_sock_v6){
int on = 1, off = 0, err = 0;
@@ -362,6 +407,13 @@
return err;
}
+/**
+ * Initialize ESPv4-based raw socket
+ *
+ * @param sock the created raw socket will be written here
+ *
+ * @return zero on success, non-zero on error
+ **/
static int hip_firewall_init_raw_sock_esp_v4(int *sock)
{
int on = 1, off = 0, err = 0;
@@ -379,6 +431,13 @@
}
#ifndef DISABLE_firewall_init_raw_sock_esp_v6
+/**
+ * Initialize ESPv6-based raw socket
+ *
+ * @param sock the created raw socket will be written here
+ *
+ * @return zero on success, non-zero on error
+ **/
static int hip_firewall_init_raw_sock_esp_v6(int *sock)
{
int on = 1, off = 0, err = 0;
@@ -396,8 +455,11 @@
}
#endif
+/**
+ * Initialize all raw sockets
+ *
+ **/
static void hip_firewall_init_raw_sockets(void){
- //HIP_IFEL(initialise_firewall_socket(),-1,"Firewall socket creation
failed\n");
hip_firewall_init_raw_sock_tcp_v4(&firewall_raw_sock_tcp_v4);
hip_firewall_init_raw_sock_udp_v4(&firewall_raw_sock_udp_v4);
hip_firewall_init_raw_sock_icmp_v4(&firewall_raw_sock_icmp_v4);
@@ -411,15 +473,27 @@
#endif
}
+/**
+ * Initialize the database
+ **/
void hip_firewall_init_hldb(void){
firewall_hit_lsi_ip_db = hip_ht_init(hip_firewall_hash_ip_peer,
hip_firewall_match_ip_peer);
hip_firewall_init_raw_sockets();
}
+/**
+ * Update the state of a cached HADB entry denoted by the given HITs
+ *
+ * @param hit_s the source HIT of the HADB cache
+ * @param hit_r the destination HIT of the HADB cache
+ * @param state the new state of the HADB entry
+ *
+ * @return zero on success and non-zero on error
+ **/
int hip_firewall_set_bex_state(struct in6_addr *hit_s,
- struct in6_addr *hit_r,
- int state){
+ struct in6_addr *hit_r,
+ int state) {
struct in6_addr ip_src, ip_dst;
hip_lsi_t lsi_our, lsi_peer;
int err = 0;
@@ -434,7 +508,11 @@
return err;
}
-void hip_firewall_delete_hldb(void){
+/**
+ * remove and deallocate the hadb cache
+ *
+ **/
+void hip_firewall_delete_hldb(void) {
int i;
firewall_hl_t *this = NULL;
hip_list_t *item, *tmp;
@@ -445,20 +523,36 @@
list_for_each_safe(item, tmp, firewall_hit_lsi_ip_db, i)
{
this = (firewall_hl_t *)list_entry(item);
- // delete this
hip_ht_delete(firewall_hit_lsi_ip_db, this);
- // free this
free(this);
}
HIP_UNLOCK_HT(&firewall_lsi_hit_db);
HIP_DEBUG("End hldbdb delete\n");
}
+/**
+ * Translate and reinject an incoming packet back to the networking stack.
+ * Supports TCP, UDP and ICMP. LSI code uses this to translate
+ * the HITs from an incoming packet to the corresponding LSIs. Also,
+ * the system-based opportunistic mode uses this to translate the HITs of
+ * an incoming packet to an IPv4 or IPv6 address.
+ *
+ * @param src_hit source HIT of the packet
+ * @param dst_hit destination HIT of the packet
+ * @param msg a pointer to the transport layer header of the packet
+ * @param len the length of the packet in bytes
+ * @param proto the transport layer protocol of the packet
+ * @param new ttl value for the transformed packet
+ *
+ * @todo this function could also be used by the proxy?
+ *
+ * @return zero on success and non-zero on error
+ **/
int hip_firewall_send_incoming_pkt(const struct in6_addr *src_hit,
- const struct in6_addr *dst_hit,
- u8 *msg, u16 len,
- int proto,
- int ttl){
+ const struct in6_addr *dst_hit,
+ u8 *msg, u16 len,
+ int proto,
+ int ttl){
int err = 0, sent, sa_size;
int firewall_raw_sock = 0, is_ipv6 = 0, on = 1;
struct ip *iphdr = NULL;
@@ -609,11 +703,23 @@
}
-
+/**
+ * translate and reinject an incoming packet
+ *
+ * @param src_hit source HIT of the packet
+ * @param dst_hit destination HIT of the packet
+ * @param msg a pointer to the transport header of the packet
+ * @param len length of the packet
+ * @param proto transport layer protocol
+ *
+ * @return zero on success and non-zero on error
+ *
+ * @todo unify common code with hip_firewall_send_outgoing_pkt()
+ **/
int hip_firewall_send_outgoing_pkt(const struct in6_addr *src_hit,
- const struct in6_addr *dst_hit,
- u8 *msg, u16 len,
- int proto){
+ const struct in6_addr *dst_hit,
+ u8 *msg, u16 len,
+ int proto){
int err = 0, sent, sa_size;
int firewall_raw_sock = 0, is_ipv6 = 0;
=== modified file 'firewall/lsi.c'
--- firewall/lsi.c 2010-02-09 22:03:31 +0000
+++ firewall/lsi.c 2010-02-10 14:42:23 +0000
@@ -114,7 +114,7 @@
HIP_DEBUG_LSI("lsi_peer: ", &lsi_peer);
IPV4_TO_IPV6_MAP(&lsi_our, &src_addr);
IPV4_TO_IPV6_MAP(&lsi_peer, &dst_addr);
- HIP_IFEL(reinject_packet(&dst_addr, &src_addr, m, 6, 1), -1,
+ HIP_IFEL(hip_reinject_packet(&dst_addr, &src_addr, m, 6, 1), -1,
"Failed to reinject with LSIs\n");
HIP_DEBUG("Successful LSI transformation.\n");
@@ -128,7 +128,7 @@
IPV6_TO_IPV4_MAP(&dst_addr, &dst_v4);
HIP_DEBUG_IN6ADDR("ip_src: ", &src_addr);
HIP_DEBUG_IN6ADDR("ip_dst: ", &dst_addr);
- HIP_IFEL(reinject_packet(&src_addr, &dst_addr, m, 6, 1), -1,
+ HIP_IFEL(hip_reinject_packet(&src_addr, &dst_addr, m, 6, 1), -1,
"Failed to reinject with IP addrs\n");
HIP_DEBUG("Successfull sysopp transformation. Drop orig\n");
verdict = 0;
@@ -205,9 +205,9 @@
/* decide whether to reinject the packet */
if (entry_peer->bex_state == FIREWALL_STATE_BEX_ESTABLISHED)
- HIP_IFEL(reinject_packet(&entry_peer->hit_our,
- &entry_peer->hit_peer,
- m, 4, 0),
+ HIP_IFEL(hip_reinject_packet(&entry_peer->hit_our,
+ &entry_peer->hit_peer,
+ m, 4, 0),
-1, "Failed to reinject\n");
} else {
HIP_DEBUG("no ip db match\n");
@@ -243,7 +243,7 @@
FIREWALL_STATE_BEX_ESTABLISHED),
-1, "Failed to update fw entry\n");
- HIP_IFEL(reinject_packet(&src_hit, &dst_hit, m, 4, 0),
+ HIP_IFEL(hip_reinject_packet(&src_hit, &dst_hit, m, 4,
0),
-1, "Reinject failed\n");
}
}
@@ -323,8 +323,8 @@
* @param incoming packet direction
* @return err during the reinjection
*/
-int reinject_packet(const struct in6_addr *src_hit, const struct in6_addr
*dst_hit,
- const ipq_packet_msg_t *m, const int ipOrigTraffic, const
int incoming)
+int hip_reinject_packet(const struct in6_addr *src_hit, const struct in6_addr
*dst_hit,
+ const ipq_packet_msg_t *m, const int ipOrigTraffic,
const int incoming)
{
int err = 0, ip_hdr_size, packet_length = 0, protocol, ttl;
u8 *msg;
=== modified file 'firewall/lsi.h'
--- firewall/lsi.h 2010-01-19 09:28:42 +0000
+++ firewall/lsi.h 2010-02-10 14:42:23 +0000
@@ -18,11 +18,11 @@
int hip_is_packet_lsi_reinjection(hip_lsi_t *lsi);
-int reinject_packet(const struct in6_addr *src_hit,
- const struct in6_addr *dst_hit,
- const ipq_packet_msg_t *m,
- const int ipOrigTraffic,
- const int incoming);
+int hip_reinject_packet(const struct in6_addr *src_hit,
+ const struct in6_addr *dst_hit,
+ const ipq_packet_msg_t *m,
+ const int ipOrigTraffic,
+ const int incoming);
int hip_request_peer_hit_from_hipd_at_firewall(
const struct in6_addr *peer_ip,
=== modified file 'firewall/sysopp.c'
--- firewall/sysopp.c 2010-02-09 22:03:31 +0000
+++ firewall/sysopp.c 2010-02-10 14:42:23 +0000
@@ -152,9 +152,9 @@
if( &entry_peer->hit_our &&
(ipv6_addr_cmp(hip_fw_get_default_hit(),
&entry_peer->hit_our) == 0) ){
- reinject_packet(&entry_peer->hit_our,
- &entry_peer->hit_peer,
- ctx->ipq_packet, 4, 0);
+ hip_reinject_packet(&entry_peer->hit_our,
+ &entry_peer->hit_peer,
+ ctx->ipq_packet, 4, 0);
verdict = 0;
} else {
verdict = default_verdict;
@@ -187,8 +187,8 @@
hip_firewall_update_entry(&src_hit, &dst_hit,
&dst_lsi, &ctx->dst,
FIREWALL_STATE_BEX_ESTABLISHED);
- reinject_packet(&src_hit, &dst_hit,
- ctx->ipq_packet, 4, 0);
+ hip_reinject_packet(&src_hit, &dst_hit,
+ ctx->ipq_packet, 4, 0);
verdict = 0;
} else {
verdict = default_verdict;
Other related posts:
- » [hipl-commit] [trunk] Rev 3582: Doxygen for firewall/firewalldb.c. Added hip_ prefix for a function. - Miika Komu
