Committer: Miika Komu <miika@xxxxxx> Date: Sun Mar 07 13:20:52 2010 +0200 Revision: 3833 Revision-id: miika@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Branch nick: trunk Log: Removed SAVA code. It can be added back when it's documented properly and the code quality is improved. Modified: D firewall/sava_api.c D firewall/sava_api.h D firewall/savah_gateway.c D firewall/savah_gateway.h M Android.mk M Makefile.am M configure.ac M debian/rules M doc/HOWTO.xml M doc/doxygen.h M doc/verbose-header-files.txt M doc/verbose-headers.txt M firewall/firewall.c M firewall/firewall.h M firewall/firewall_control.c M firewall/firewall_control.h M hipd/accessor.c M hipd/accessor.h M hipd/hadb.c M hipd/hipd.c M hipd/hipd.h M hipd/input.c M hipd/maintenance.c M hipd/maintenance.c.doxyme M hipd/maintenance.h M hipd/registration.c M hipd/user.c M lib/conf/hipconf.c M lib/core/builder.c M lib/core/icomm.h M lib/core/protodefs.h M tools/hipl_autobuild M verbose-headers.txt === modified file 'Android.mk' --- Android.mk 2010-03-04 13:39:06 +0000 +++ Android.mk 2010-03-07 11:20:52 +0000 @@ -67,7 +67,6 @@ -DCONFIG_HIP_RVS \ -DCONFIG_HIP_HIPPROXY \ -DCONFIG_HIP_OPPORTUNISTIC \ - -DCONFIG_SAVAH_IP_OPTION \ -DCONFIG_HIP_DEBUG \ -DHIP_LOGFMT_LONG \ -g @@ -149,7 +148,6 @@ opptcp.c \ firewalldb.c \ lsi.c \ - sava_api.c \ cache.c \ cache_port.c \ esp_prot_config.c === modified file 'Makefile.am' --- Makefile.am 2010-03-06 11:49:13 +0000 +++ Makefile.am 2010-03-07 11:20:52 +0000 @@ -208,8 +208,6 @@ firewall/firewalldb.c \ firewall/lsi.c \ firewall/sysopp.c \ - firewall/sava_api.c \ - firewall/savah_gateway.c \ firewall/cache.c \ firewall/cache_port.c \ firewall/datapkt.c === modified file 'configure.ac' --- configure.ac 2010-03-07 08:12:08 +0000 +++ configure.ac 2010-03-07 11:20:52 +0000 @@ -284,18 +284,6 @@ fi AM_CONDITIONAL(HIP_OPPORTUNISTIC, test x"$ac_cv_use_opportunistic" = x"yes") -AC_ARG_ENABLE(savaipopt, - AC_HELP_STRING([--enable-savaipopt], - [HIP SAVA IP option extensions, if no encrypt IP address (default is YES)]), - [ac_cv_use_savaipopt=$enableval], [ac_cv_use_savaipopt=yes]) -AC_CACHE_CHECK([whether to use sava ip option], - [ac_cv_use_savaipopt], [ac_cv_use_savaipopt=yes]) -if test x"$ac_cv_use_savaipopt" = x"yes"; then - AC_DEFINE(CONFIG_SAVAH_IP_OPTION) - AH_TEMPLATE(CONFIG_SAVAH_IP_OPTION, [Defined to 1 if SAVAH is enabled.]) -fi -AM_CONDITIONAL(SAVAH_IP_OPTION, test x"$ac_cv_use_savaipopt" = x"yes") - AC_ARG_ENABLE(dht, AC_HELP_STRING([--enable-dht], [DHT support (default is YES)]), === modified file 'debian/rules' --- debian/rules 2010-03-01 17:34:58 +0000 +++ debian/rules 2010-03-07 11:20:52 +0000 @@ -31,7 +31,7 @@ ifneq "$(wildcard /usr/share/misc/config.guess)" "" cp -f /usr/share/misc/config.guess config.guess endif - ./configure $(CROSS) --prefix=/usr --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info CFLAGS="$(CFLAGS)" --enable-maemo --disable-firewall --disable-privsep --enable-midauth --disable-agent --disable-opportunistic --disable-savaipopt --disable-dht + ./configure $(CROSS) --prefix=/usr --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info CFLAGS="$(CFLAGS)" --enable-maemo --disable-firewall --disable-privsep --enable-midauth --disable-agent --disable-opportunistic --disable-dht build: build-stamp === modified file 'doc/HOWTO.xml' --- doc/HOWTO.xml 2010-03-05 08:24:06 +0000 +++ doc/HOWTO.xml 2010-03-07 11:20:52 +0000 @@ -4922,64 +4922,6 @@ </section> </section> - <section id="ch_sava_mode"> - <title>Source address validation architecture with HIP</title> - - <para> - SAVAH (Source address validation architecture with HIP) can be utilized, e.g., - in access control and AAA systems to validate the source IP addresses of the clients - connecting to a network. The architecture is implemented on a first-hop router and - allows: (i) validating the source IP address of the registered client (IP bound to HIT); - (ii) rejecting connection if the IP spoofing was detected; (iii) client registration via web - interface in order to get access (this currently not implemented completely, but the captive web page - for unauthorized clients is there). In addition, the architecture allows to use ESP - encapsulation (which is not implemented yet but will require a minimum effort to do so) to - provide also a data confidentiality property. In that case SAVAH can be also used - as a VPN solution. The reader is refered to <ulink url="http://tools.ietf.org/html/draft-kuptsov-sava-hip-01"; /> - for more details about the architecture. - </para> - - <para> - To start the system the following steps should be considered. - </para> - - <para> - At the router side add to HIP configuration file (/etc/hip/hipd_conf) the following line: - <programlisting> - # nano /etc/hip/hipd_conf - add service savah - </programlisting> - In addition edit the ACL for HIP firewall and add the HITs of allowed clients - <programlisting> - # nano /etc/hip/firewall_conf - INPUT -dst_hit <CLIENTS-HIT> - </programlisting> - And start the service with the followign commands: - <programlisting> - # hipfw -A - # hipd - </programlisting> - </para> - - <para> - At the client side add to HIP configuration file (/etc/hip/hipd_conf) the following line: - <programlisting> - # nano /etc/hip/hipd_conf - add server savah <HIT-OF-SAVAH-ROUTER> <IP-OF-SAVAH-ROUTER> <LIFETIME-IN-MSEC> - </programlisting> - And start the service with the following commands: - <programlisting> - # hipfw -F - # hipd - </programlisting> - </para> - - <para> - The service should be now up and running and all IP services should be allowed for the client (if of course it is - authenitcated by HIT on the router side) - </para> - - </section> <section id="hipproxy"> <title>HIP Proxy</title> === modified file 'doc/doxygen.h' --- doc/doxygen.h 2010-03-05 08:24:06 +0000 +++ doc/doxygen.h 2010-03-07 11:20:52 +0000 @@ -679,7 +679,7 @@ * |||| |||| |||| ||+-- 0x0002 - free - * |||| |||| |||| |+--- 0x0004 - free - * |||| |||| |||| +---- 0x0008 - free - - * |||| |||| |||+------ 0x0010 We have requested SAVAH service. + * |||| |||| |||+------ 0x0010 - free - * |||| |||| ||+------- 0x0020 - free - * |||| |||| |+-------- 0x0040 - free - * |||| |||| +--------- 0x0080 - free - @@ -699,12 +699,12 @@ * |||| |||| |||| ||+-- 0x0002 Peer offers an unsupported service. * |||| |||| |||| |+--- 0x0004 Peer refused to grant us an unsupported service. * |||| |||| |||| +---- 0x0008 - free - - * |||| |||| |||+------ 0x0010 Peer offers SAVAH service. + * |||| |||| |||+------ 0x0010 - free - * |||| |||| ||+------- 0x0020 Peer has refused to grant us full relay service * |||| |||| |+-------- 0x0040 Peer refused to grant us HIP relay service. * |||| |||| +--------- 0x0080 Peer refused to grant us RVS service. - * |||| |||+----------- 0x0100 Peer refused to grant us SAVAH service. - * |||| ||+------------ 0x0200 Peer granted SAVAH service to us. + * |||| |||+----------- 0x0100 - free - + * |||| ||+------------ 0x0200 - free - * |||| |+------------- 0x0400 Peer has granted us full relay service * |||| +-------------- 0x0800 Peer granted HIP relay service to us. * |||+---------------- 0x1000 Peer granted RVS service to us. === modified file 'doc/verbose-header-files.txt' --- doc/verbose-header-files.txt 2010-03-05 08:24:06 +0000 +++ doc/verbose-header-files.txt 2010-03-07 11:20:52 +0000 @@ -246,7 +246,6 @@ libhipconf/hipconf.h : hip_conf_handle_restart libhipconf/hipconf.h : hip_conf_handle_rst libhipconf/hipconf.h : hip_conf_handle_run_normal -libhipconf/hipconf.h : hip_conf_handle_sava libhipconf/hipconf.h : hip_conf_handle_server libhipconf/hipconf.h : hip_conf_handle_service libhipconf/hipconf.h : hip_conf_handle_set @@ -449,7 +448,6 @@ firewall/opptcp.h : HIP_OPPTCP libhipcore/protodefs.h : HIP_PARAM_MAX libhipcore/protodefs.h : HIP_PARAM_MIN -libhipcore/protodefs.h : HIP_PARAM_SAVA_CRYPTO_INFO libhipcore/protodefs.h : HIP_PARAM_TURN_INFO firewall/user_ipsec_esp.h : hip_payload_decrypt firewall/user_ipsec_esp.h : hip_payload_encrypt @@ -514,9 +512,7 @@ test/unit.h : hip_run_unit_test_space libhipcore/protodefs.h : hip_rvs_hmac firewall/user_ipsec_sadb.h : hip_sadb_print -firewall/user_ipsec_sadb.h : hip_sa_entry -firewall/sava_api.h : HIP_SAVA_API -hipd/maintenance.h : hip_scan_retransmissions + test/escrow.h : hip_send_escrow_update libhipcore/builder.h : hip_set_param_spi_value libhipcore/builder.h : hip_set_param_type @@ -764,10 +760,10 @@ libhipgui/widgets.h : ID_TWG_LW libhipgui/widgets.h : ID_USERMODEL libhipgui/widgets.h : ID_USERVIEW -firewall/conndb firewall/proxydb firewall/sava_api firewall/user_ipsec_sadb hipd/hadb hipd/hipqueue hipd/hiprelay libhipcore/hashtable libopphip/wrap_db /usr/include/openssl/lhash.h : IMPLEMENT_LHASH_COMP_FN +firewall/conndb firewall/proxydb firewall/user_ipsec_sadb hipd/hadb hipd/hipqueue hipd/hiprelay libhipcore/hashtable libopphip/wrap_db /usr/include/openssl/lhash.h : IMPLEMENT_LHASH_COMP_FN hipd/hiprelay libhipcore/hashtable /usr/include/openssl/lhash.h : IMPLEMENT_LHASH_DOALL_ARG_FN hipd/hiprelay libhipcore/hashtable /usr/include/openssl/lhash.h : IMPLEMENT_LHASH_DOALL_FN -firewall/conndb firewall/proxydb firewall/sava_api firewall/user_ipsec_sadb hipd/hadb hipd/hipqueue hipd/hiprelay libhipcore/hashtable libopphip/wrap_db /usr/include/openssl/lhash.h : IMPLEMENT_LHASH_HASH_FN +firewall/conndb firewall/proxydb firewall/user_ipsec_sadb hipd/hadb hipd/hipqueue hipd/hiprelay libhipcore/hashtable libopphip/wrap_db /usr/include/openssl/lhash.h : IMPLEMENT_LHASH_HASH_FN libhiptool/nlink.h : inet_prefix firewall/rule_management.h : IN_IF_OPTION firewall/rule_management.h : IN_IF_STR @@ -1248,7 +1244,6 @@ libhipconf/hipconf.h : TYPE_PUZZLE libhipconf/hipconf.h : TYPE_RST libhipconf/hipconf.h : TYPE_RUN -libhipconf/hipconf.h : TYPE_SAVAHR libhipconf/hipconf.h : TYPE_SERVER libhipconf/hipconf.h : TYPE_SERVICE libhipconf/hipconf.h : TYPE_SET === modified file 'doc/verbose-headers.txt' --- doc/verbose-headers.txt 2010-03-05 08:24:06 +0000 +++ doc/verbose-headers.txt 2010-03-07 11:20:52 +0000 @@ -6,7 +6,7 @@ firewall/rule_management.h : ACCEPT firewall/rule_management.h : accept_mobile firewall/rule_management.h : ACCEPT_MOBILE_STR -firewall/sava_api libhiptool/xfrm.h : action +libhiptool/xfrm.h : action libipsec/policy_parse libipsec/policy_parse.h : ACTION libhipconf/hipconf.h : ACTION_ADD libhipconf/hipconf.h : ACTION_BOS @@ -219,7 +219,7 @@ libhipcore/hashchain.h : current_index libhiptool/xfrm /usr/include/linux/ipv6 /usr/include/netinet/ip.h : daddr libhiptool/nlink.h : d_addr -agent/str_var firewall/common_types firewall/firewall_defines firewall/sava_api hipd/configfilereader hipd/hipqueue i3/i3_client/i3_client i3/i3_client/ping libhipcore/hashtree libhipcore/protodefs libhiptool/lutil libhiptool/nlink tools/daemontools/admin/daemontools-0 tools/djbdns/djbdns-1 tools/djbdns/djbdns-1 tools/djbdns/djbdns-1 tools/djbdns/djbdns-1 tools/djbdns/djbdns-1 tools/djbdns/djbdns-1 tools/djbdns/djbdns-1 /usr/include/arpa/nameser /usr/include/linux/capability /usr/include/linux/icmp /usr/include/linux/icmpv6 /usr/include/netinet/ip.h : data +agent/str_var firewall/common_types firewall/firewall_defines hipd/configfilereader hipd/hipqueue i3/i3_client/i3_client i3/i3_client/ping libhipcore/hashtree libhipcore/protodefs libhiptool/lutil libhiptool/nlink tools/daemontools/admin/daemontools-0 tools/djbdns/djbdns-1 tools/djbdns/djbdns-1 tools/djbdns/djbdns-1 tools/djbdns/djbdns-1 tools/djbdns/djbdns-1 tools/djbdns/djbdns-1 tools/djbdns/djbdns-1 /usr/include/arpa/nameser /usr/include/linux/capability /usr/include/linux/icmp /usr/include/linux/icmpv6 /usr/include/netinet/ip.h : data hipd/hipqueue i3/i3_client/i3_client /usr/include/linux/netfilter_ipv4/ip_queue.h : data_len libhipcore/debug.h : DEBUG_H libhipcore/debug.h : debug_level @@ -281,7 +281,7 @@ libhiptool/crypto.h : DSA_PRIV libhipcore/misc.h : dsa_to_dns_key_rr libhipcore/builder.h : dsa_to_hip_endpoint -firewall/firewall_defines firewall/sava_api i3/i3_client/ping libipsec/libpfkey.h : dst +firewall/firewall_defines i3/i3_client/ping libipsec/libpfkey.h : dst firewall/firewall_defines firewall/user_ipsec_esp firewall/user_ipsec_sadb hipd/input.h : dst_addr firewall/firewall_defines.h : dst_addr_list firewall/rule_management.h : DST_HI_OPTION @@ -292,7 +292,7 @@ firewall/user_ipsec_sadb firewall/user_ipsec_sadb.h : dst_port libhiptool/nlink.h : dump libhipcore/misc.h : e -firewall/sava_api firewall/user_ipsec_sadb firewall/user_ipsec_sadb.h : ealg + firewall/user_ipsec_sadb firewall/user_ipsec_sadb.h : ealg libhiptool/xfrm.h : ealgos libhipgui/events.h : e_button libhipgui/events.h : e_button_press === modified file 'firewall/firewall.c' --- firewall/firewall.c 2010-03-03 13:16:18 +0000 +++ firewall/firewall.c 2010-03-07 11:20:52 +0000 @@ -46,8 +46,6 @@ #include "user_ipsec_api.h" /* Userspace IPsec */ #include "esp_prot_conntrack.h" /* ESP Tokens */ #include "esp_prot_api.h" /* ESP Tokens */ -#include "sava_api.h" /* Sava */ -#include "savah_gateway.h" #include "sysopp.h" /* System-based Opportunistic HIP */ #include "datapkt.h" #include "firewalldb.h" @@ -97,8 +95,6 @@ /* extension-specific state */ static int hip_userspace_ipsec = 0; static int hip_esp_protection = 0; -static int hip_sava_router = 0; -static int hip_sava_client = 0; static int restore_filter_traffic = HIP_FW_FILTER_TRAFFIC_BY_DEFAULT; static int restore_accept_hip_esp_traffic = HIP_FW_ACCEPT_HIP_ESP_TRAFFIC_BY_DEFAULT; @@ -195,152 +191,6 @@ } /** - * Initialize sava client packet capture rules - * - * @return zero on success, non-zero on error - */ -int hip_fw_init_sava_client() -{ - int err = 0; - if (!hip_sava_client && !hip_sava_router) { - hip_sava_client = 1; - HIP_DEBUG(" hip_fw_init_sava_client() \n"); - HIP_IFEL(hip_sava_client_init_all(), -1, - "Error initializing SAVA client \n"); - /* IPv4 packets */ - system_print("iptables -I HIPFW-OUTPUT -p tcp ! -d 127.0.0.1 -j QUEUE 2>/dev/null"); - system_print("iptables -I HIPFW-OUTPUT -p udp ! -d 127.0.0.1 -j QUEUE 2>/dev/null"); - /* IPv6 packets */ - system_print("ip6tables -I HIPFW-OUTPUT -p tcp ! -d ::1 -j QUEUE 2>/dev/null"); - system_print("ip6tables -I HIPFW-OUTPUT -p udp ! -d ::1 -j QUEUE 2>/dev/null"); - } -out_err: - return err; -} - -/** - * Initialize packet capture rules for sava router - * - * @return zero on success, non-zero on error - */ -int hip_fw_init_sava_router() -{ - int err = 0; - /* - * We need to capture each and every packet - * that passes trough the firewall to verify the packet's - * source address - */ - if (!hip_sava_client && !hip_sava_router) { - hip_sava_router = 1; - accept_hip_esp_traffic_by_default = 0; - if (hip_sava_router) { - HIP_DEBUG("Initializing SAVA client mode \n"); - HIP_IFEL(hip_sava_init_all(), -1, - "Error initializing SAVA IP DB \n"); - - system_print("echo 1 >/proc/sys/net/ipv4/conf/all/forwarding"); - system_print("echo 1 >/proc/sys/net/ipv6/conf/all/forwarding"); - - system_print("iptables -I HIPFW-FORWARD -p tcp -j QUEUE 2>/dev/null"); - system_print("iptables -I HIPFW-FORWARD -p udp -j QUEUE 2>/dev/null"); - - /* IPv6 packets */ - - system_print("ip6tables -I HIPFW-FORWARD -p tcp -j QUEUE 2>/dev/null"); - system_print("ip6tables -I HIPFW-FORWARD -p udp -j QUEUE 2>/dev/null"); - - /* Queue HIP packets as well */ - system_print("iptables -I HIPFW-INPUT -p 139 -j QUEUE 2>/dev/null"); - system_print("ip6tables -I HIPFW-INPUT -p 139 -j QUEUE 2>/dev/null"); - - iptables_do_command("iptables -t nat -N %s 2>/dev/null", SAVAH_PREROUTING); - iptables_do_command("ip6tables -N %s 2>/dev/null", SAVAH_PREROUTING); - - iptables_do_command("iptables -t nat -I PREROUTING 1 -m mark --mark %d -j %s", FW_MARK_LOCKED, SAVAH_PREROUTING); - iptables_do_command("ip6tables -I PREROUTING 1 -m mark --mark %d -j %s", FW_MARK_LOCKED, SAVAH_PREROUTING); - //jump to SAVAH_PREROUTING chain if the packet was marked for FW_MARK_LOCKED - - iptables_do_command("iptables -t nat -I %s 1 -p tcp --dport 80 -j REDIRECT --to-ports 80", - SAVAH_PREROUTING); //this static IPs need to get mode dinamic nature - iptables_do_command("ip6tables -I %s 1 -p tcp --dport 80 -j REDIRECT --to-ports 80", - SAVAH_PREROUTING); //the same goes here - } - } -out_err: - return err; -} - -/** - * Ununitialize packet capture rules for sava client - * - */ -void hip_fw_uninit_sava_client(void) -{ - if (hip_sava_client) { - hip_sava_client = 0; - /* IPv4 packets */ - system_print("iptables -D HIPFW-OUTPUT -p tcp ! -d 127.0.0.1 -j QUEUE 2>/dev/null"); - system_print("iptables -D HIPFW-OUTPUT -p udp ! -d 127.0.0.1 -j QUEUE 2>/dev/null"); - /* IPv6 packets */ - system_print("ip6tables -D HIPFW-OUTPUT -p tcp ! -d ::1 -j QUEUE 2>/dev/null"); - system_print("ip6tables -D HIPFW-OUTPUT -p udp ! -d ::1 -j QUEUE 2>/dev/null"); - } -} - -/** - * Uninitialize packet capture rules for sava router - * - */ -void hip_fw_uninit_sava_router(void) -{ - if (!hip_sava_client && !hip_sava_router) { - hip_sava_router = 0; - if (hip_sava_router) { - HIP_DEBUG("Uninitializing SAVA server mode \n"); - /* IPv4 packets */ - system_print("iptables -D HIPFW-FORWARD -p tcp -j QUEUE 2>/dev/null"); - system_print("iptables -D HIPFW-FORWARD -p udp -j QUEUE 2>/dev/null"); - /* IPv6 packets */ - system_print("ip6tables -D HIPFW-FORWARD -p tcp -j QUEUE 2>/dev/null"); - system_print("ip6tables -D HIPFW-FORWARD -p udp -j QUEUE 2>/dev/null"); - - /* Stop queueing HIP packets */ - system_print("iptables -D HIPFW-INPUT -p 139 -j ACCEPT 2>/dev/null"); - system_print("ip6tables -D HIPFW-INPUT -p 139 -j ACCEPT 2>/dev/null"); - - iptables_do_command("iptables -t nat -D PREROUTING -j %s 2>/dev/null", - SAVAH_PREROUTING); - iptables_do_command("ip6tables -D PREROUTING -j %s 2>/dev/null", - SAVAH_PREROUTING); - - iptables_do_command("iptables -t nat -F %s 2>/dev/null", - SAVAH_PREROUTING); - iptables_do_command("ip6tables -F %s 2>/dev/null", - SAVAH_PREROUTING); - - iptables_do_command("iptables -t nat -X %s 2>/dev/null", - SAVAH_PREROUTING); - iptables_do_command("ip6tables -X %s 2>/dev/null", - SAVAH_PREROUTING); - } - } - return; -} - -/** - * update sava state - * - * @param msg message containing the sava state - */ -void hip_fw_update_sava(struct hip_common *msg) -{ - if (hip_sava_router || hip_sava_client) { - handle_sava_i2_state_update(msg); - } -} - -/** * Initialize packet capture rules for opportunistic TCP extension * * @return zero on success or non-zero on error @@ -946,7 +796,6 @@ hip_fw_uninit_esp_prot(); hip_fw_uninit_esp_prot_conntrack(); hip_fw_uninit_lsi_support(); - hip_fw_uninit_sava_router(); hip_fw_uninit_datapacket_mode(); #ifdef CONFIG_HIP_PERFORMANCE @@ -1436,15 +1285,6 @@ HIP_DEBUG("hip_fw_handle_hip_output \n"); if (filter_traffic) { - if (hip_sava_router) { - hip_common_t *buf = ctx->transport_hdr.hip; - if (buf->type_hdr == HIP_I2) { - if (sava_check_state(&ctx->src, &buf->hits) == 0) { - goto out_err; - } - } - } - verdict = filter_hip(&ctx->src, &ctx->dst, ctx->transport_hdr.hip, @@ -1458,7 +1298,6 @@ HIP_INFO("\n"); -out_err: /* zero return value means that the packet should be dropped */ return verdict; } @@ -1507,12 +1346,8 @@ tcphdr = ((struct tcphdr *) (((char *) iphdr) + ctx->ip_hdr_len)); hdrBytes = ((char *) iphdr) + ctx->ip_hdr_len; } - if (hip_sava_client && - !hip_lsi_support && - !hip_userspace_ipsec) { - HIP_DEBUG("Handling normal traffic in SAVA mode \n "); - verdict = hip_sava_handle_output(ctx); - } else if (ctx->ip_version == 6 + + if (ctx->ip_version == 6 && (hip_userspace_ipsec || hip_datapacket_mode)) { hip_hit_t *def_hit = hip_fw_get_default_hit(); @@ -1637,9 +1472,6 @@ &ctx->dst, ctx->ip_hdr_len, ctx->ip_version); - } else if (hip_sava_router) { - HIP_DEBUG("hip_sava_router \n"); - verdict = hip_sava_handle_router_forward(ctx); } /* No need to check default rules as it is handled by the iptables rules */ @@ -2492,7 +2324,6 @@ /* Starting hipfw does not always work when hipfw starts first -miika */ if (hip_userspace_ipsec - || hip_sava_router || hip_lsi_support || hip_proxy_status || system_based_opp_mode) { @@ -2573,14 +2404,6 @@ request_hipproxy_status(); #endif /* CONFIG_HIP_HIPPROXY */ -#if 0 - if (!hip_sava_client) { - request_savah_status(SO_HIP_SAVAH_SERVER_STATUS_REQUEST); - } - if (!hip_sava_router) { - request_savah_status(SO_HIP_SAVAH_CLIENT_STATUS_REQUEST); - } -#endif highest_descriptor = maxof(3, hip_fw_async_sock, h4->fd, h6->fd); hip_msg_init(msg); === modified file 'firewall/firewall.h' --- firewall/firewall.h 2010-02-17 17:38:08 +0000 +++ firewall/firewall.h 2010-03-07 11:20:52 +0000 @@ -29,11 +29,6 @@ int hip_fw_uninit_opptcp(void); int hip_fw_init_proxy(void); int hip_fw_uninit_proxy(void); -void hip_fw_uninit_sava_client(void); -void hip_fw_uninit_sava_router(void); -int hip_fw_init_sava_router(void); -int hip_fw_init_sava_client(void); -void hip_fw_update_sava(struct hip_common *msg); void set_stateful_filtering(const int active); hip_hit_t *hip_fw_get_default_hit(void); hip_lsi_t *hip_fw_get_default_lsi(void); === modified file 'firewall/firewall_control.c' --- firewall/firewall_control.c 2010-03-03 13:16:18 +0000 +++ firewall/firewall_control.c 2010-03-07 11:20:52 +0000 @@ -26,7 +26,6 @@ #include "user_ipsec_fw_msg.h" #include "firewalldb.h" #include "sysopp.h" -#include "sava_api.h" /** * Change the state of hadb state cache in the firewall @@ -87,9 +86,6 @@ HIP_DEBUG("of type %d\n", type); switch (type) { - case SO_HIP_FW_I2_DONE: - hip_fw_update_sava(msg); - break; case SO_HIP_FW_BEX_DONE: case SO_HIP_FW_UPDATE_DB: if (hip_lsi_support) { @@ -127,22 +123,6 @@ } hip_proxy_status = 0; break; - case SO_HIP_SET_SAVAH_CLIENT_ON: - HIP_DEBUG("Received HIP_SAVAH_CLIENT_STATUS: ON message from hipd \n"); - hip_fw_init_sava_client(); - break; - case SO_HIP_SET_SAVAH_CLIENT_OFF: - _HIP_DEBUG("Received HIP_SAVAH_CLIENT_STATUS: OFF message from hipd \n"); - hip_fw_uninit_sava_client(); - break; - case SO_HIP_SET_SAVAH_SERVER_OFF: - _HIP_DEBUG("Received HIP_SAVAH_SERVER_STATUS: OFF message from hipd \n"); - hip_fw_uninit_sava_router(); - break; - case SO_HIP_SET_SAVAH_SERVER_ON: - HIP_DEBUG("Received HIP_SAVAH_SERVER_STATUS: ON message from hipd \n"); - hip_fw_init_sava_router(); - break; case SO_HIP_SET_OPPTCP_ON: HIP_DEBUG("Opptcp on\n"); if (!hip_opptcp) { === modified file 'firewall/firewall_control.h' --- firewall/firewall_control.h 2010-02-17 17:38:08 +0000 +++ firewall/firewall_control.h 2010-03-07 11:20:52 +0000 @@ -10,9 +10,4 @@ int hip_handle_msg(struct hip_common *msg); -#if 0 -int request_savah_status(int mode); -int handle_sava_i2_state_update(struct hip_common *msg, int hip_lsi_support); -#endif - #endif /*HIP_FIREWALL_FIREWALL_CONTROL_H*/ === modified file 'hipd/accessor.c' --- hipd/accessor.c 2010-03-04 20:22:43 +0000 +++ hipd/accessor.c 2010-03-07 11:20:52 +0000 @@ -223,63 +223,3 @@ HIP_DEBUG("hip_set_hip_proxy_off() invoked.\n"); return err; } - -/** - * Query status of sava client mode - * - * @return one if the sava client mode is on or zero otherwise - */ -int hip_get_sava_client_status(void) -{ - return hipsava_client; -} - -/** - * Query status of sava server mode - * - * @return one if the sava server mode is on or zero otherwise - */ -int hip_get_sava_server_status(void) -{ - return hipsava_server; -} - -/** - * Set the client-side sava mode on - * - * @return zero on success or negative on error - */ -void hip_set_sava_client_on(void) -{ - hipsava_client = 1; -} - -/** - * Set the server-side sava mode on - * - * @return zero on success or negative on error - */ -void hip_set_sava_server_on(void) -{ - hipsava_server = 1; -} - -/** - * Set the client-side sava mode off - * - * @return zero on success or negative on error - */ -void hip_set_sava_client_off(void) -{ - hipsava_client = 0; -} - -/** - * Set the server-side sava mode off - * - * @return zero on success or negative on error - */ -void hip_set_sava_server_off(void) -{ - hipsava_server = 0; -} === modified file 'hipd/accessor.h' --- hipd/accessor.h 2010-02-17 17:38:08 +0000 +++ hipd/accessor.h 2010-03-07 11:20:52 +0000 @@ -46,21 +46,11 @@ int hip_get_hip_proxy_status(void); int hip_set_hip_proxy_on(void); int hip_set_hip_proxy_off(void); -int hip_get_sava_client_status(void); -int hip_get_sava_server_status(void); -void hip_set_sava_client_on(void); -void hip_set_sava_server_on(void); -void hip_set_sava_client_off(void); -void hip_set_sava_server_off(void); /** Specifies the NAT status of the daemon. This value indicates if the current * machine is behind a NAT. Defined in hipd.c */ extern int hipproxy; -/*SAVAH modes*/ -extern int hipsava_client; -extern int hipsava_server; - extern unsigned int opportunistic_mode; #endif /* HIP_HIPD_ACCESSOR_H */ === modified file 'hipd/hadb.c' --- hipd/hadb.c 2010-03-05 09:10:50 +0000 +++ hipd/hadb.c 2010-03-07 11:20:52 +0000 @@ -1350,7 +1350,6 @@ case HIP_HA_CTRL_LOCAL_REQ_RELAY: case HIP_HA_CTRL_LOCAL_REQ_FULLRELAY: case HIP_HA_CTRL_LOCAL_REQ_RVS: - case HIP_HA_CTRL_LOCAL_REQ_SAVAH: case HIP_HA_CTRL_LOCAL_GRANTED_FULLRELAY: #if 0 if (mask == HIP_HA_CTRL_LOCAL_REQ_RELAY) { @@ -1385,9 +1384,7 @@ case HIP_HA_CTRL_PEER_UNSUP_CAPABLE: case HIP_HA_CTRL_PEER_RVS_CAPABLE: case HIP_HA_CTRL_PEER_RELAY_CAPABLE: - case HIP_HA_CTRL_PEER_SAVAH_CAPABLE: case HIP_HA_CTRL_PEER_FULLRELAY_CAPABLE: - case HIP_HA_CTRL_PEER_GRANTED_SAVAH: case HIP_HA_CTRL_PEER_GRANTED_UNSUP: case HIP_HA_CTRL_PEER_GRANTED_RVS: case HIP_HA_CTRL_PEER_GRANTED_RELAY: @@ -1395,7 +1392,6 @@ case HIP_HA_CTRL_PEER_REFUSED_UNSUP: case HIP_HA_CTRL_PEER_REFUSED_RELAY: case HIP_HA_CTRL_PEER_REFUSED_RVS: - case HIP_HA_CTRL_PEER_REFUSED_SAVAH: case HIP_HA_CTRL_PEER_REFUSED_FULLRELAY: #if 0 if (mask == HIP_HA_CTRL_PEER_GRANTED_RELAY) { === modified file 'hipd/hipd.c' --- hipd/hipd.c 2010-03-03 13:16:18 +0000 +++ hipd/hipd.c 2010-03-07 11:20:52 +0000 @@ -69,10 +69,6 @@ * This value indicates if the HIP PROXY is running. */ int hipproxy = 0; -/*SAVAH modes*/ -int hipsava_client = 0; -int hipsava_server = 0; - /* Encrypt host id in I2 */ int hip_encrypt_i2_hi = 0; @@ -111,8 +107,6 @@ int opendht_serving_gateway_port = OPENDHT_PORT; int opendht_serving_gateway_ttl = OPENDHT_TTL; -struct in6_addr *sava_serving_gateway = NULL; - char opendht_name_mapping[HIP_HOST_ID_HOSTNAME_LEN_MAX]; /* what name should be used as key */ char opendht_host_name[256]; unsigned char opendht_hdrr_secret[40]; === modified file 'hipd/hipd.h' --- hipd/hipd.h 2010-02-17 17:38:08 +0000 +++ hipd/hipd.h 2010-03-07 11:20:52 +0000 @@ -149,8 +149,6 @@ extern hip_transform_suite_t hip_nat_status; -extern struct in6_addr *sava_serving_gateway; - extern int hip_use_userspace_data_packet_mode; extern int hip_buddies_inuse; === modified file 'hipd/input.c' --- hipd/input.c 2010-03-05 08:47:53 +0000 +++ hipd/input.c 2010-03-07 11:20:52 +0000 @@ -2507,10 +2507,6 @@ entry->update_id_out = -1; entry->state = HIP_STATE_ESTABLISHED; - /*For SAVA this lets to register the client on firewall once the keys are established*/ - hip_firewall_set_i2_data(SO_HIP_FW_I2_DONE, entry, &entry->hit_our, - &entry->hit_peer, i2_saddr, i2_daddr); - /***** LOCATOR PARAMETER ******/ /* Why do we process the LOCATOR parameter only after R2 has been sent? * -Lauri 29.04.2008. @@ -2920,13 +2916,6 @@ if (entry->state == HIP_STATE_ESTABLISHED) { HIP_DEBUG("Send response to firewall \n"); hip_firewall_set_bex_data(SO_HIP_FW_BEX_DONE, entry, &entry->hit_our, &entry->hit_peer); - if (entry->peer_controls & HIP_HA_CTRL_PEER_GRANTED_SAVAH) { - //Enable savah client mode on the firewall - hip_set_sava_client_on(); - hip_firewall_set_savah_status(SO_HIP_SET_SAVAH_CLIENT_ON); - } else { - HIP_DEBUG("Entry control flag is not HIP_HA_CTRL_PEER_GRANTED_SAVAH. Value is %d \n", entry->local_controls); - } } else { hip_firewall_set_bex_data(SO_HIP_FW_BEX_DONE, entry, NULL, NULL); } === modified file 'hipd/maintenance.c' --- hipd/maintenance.c 2010-03-03 13:16:18 +0000 +++ hipd/maintenance.c 2010-03-07 11:20:52 +0000 @@ -513,32 +513,6 @@ return err; } -int hip_firewall_set_savah_status(int status) -{ - int n, err = 0; - struct sockaddr_in6 sock_addr; - struct hip_common *msg = NULL; - bzero(&sock_addr, sizeof(sock_addr)); - sock_addr.sin6_family = AF_INET6; - sock_addr.sin6_port = htons(HIP_FIREWALL_PORT); - sock_addr.sin6_addr = in6addr_loopback; - - HIP_IFEL(!(msg = HIP_MALLOC(HIP_MAX_PACKET, 0)), -1, "alloc\n"); - hip_msg_init(msg); - - hip_build_user_hdr(msg, status, 0); - - n = hip_sendto_user(msg, (struct sockaddr *) &sock_addr); - - HIP_IFEL(n < 0, 0, "sendto() failed\n"); - - if (err == 0) { - HIP_DEBUG("SEND SAVAH SERVER STATUS OK.\n"); - } -out_err: - return err; -} - int hip_firewall_set_bex_data(int action, hip_ha_t *entry, struct in6_addr *hit_s, struct in6_addr *hit_r) { struct hip_common *msg = NULL; === modified file 'hipd/maintenance.c.doxyme' --- hipd/maintenance.c.doxyme 2010-02-17 17:38:08 +0000 +++ hipd/maintenance.c.doxyme 2010-03-07 11:20:52 +0000 @@ -150,15 +150,6 @@ /** - * hip_firewall_set_savah_status - * - * - * @param status - * @return - */ - - -/** * hip_handle_retransmission * * === modified file 'hipd/maintenance.h' --- hipd/maintenance.h 2010-03-03 13:16:18 +0000 +++ hipd/maintenance.h 2010-03-07 11:20:52 +0000 @@ -29,7 +29,6 @@ struct timeval *stval, struct timeval *rtval); /*Communication with firewall daemon*/ -int hip_firewall_set_savah_status(int status); int hip_firewall_set_bex_data(int action, hip_ha_t *entry, struct in6_addr *hit_s, struct in6_addr *hit_r); int hip_firewall_set_esp_relay(int action); === modified file 'hipd/registration.c' --- hipd/registration.c 2010-02-17 17:38:08 +0000 +++ hipd/registration.c 2010-03-07 11:20:52 +0000 @@ -65,14 +65,10 @@ hip_services[1].status = HIP_SERVICE_OFF; hip_services[1].min_lifetime = HIP_RELREC_MIN_LIFETIME; hip_services[1].max_lifetime = HIP_RELREC_MAX_LIFETIME; - hip_services[2].reg_type = HIP_SERVICE_SAVAH; + hip_services[2].reg_type = HIP_FULLRELAY; hip_services[2].status = HIP_SERVICE_OFF; hip_services[2].min_lifetime = HIP_RELREC_MIN_LIFETIME; hip_services[2].max_lifetime = HIP_RELREC_MAX_LIFETIME; - hip_services[3].reg_type = HIP_FULLRELAY; - hip_services[3].status = HIP_SERVICE_OFF; - hip_services[3].min_lifetime = HIP_RELREC_MIN_LIFETIME; - hip_services[3].max_lifetime = HIP_RELREC_MAX_LIFETIME; hip_ll_init(&pending_requests); } @@ -248,8 +244,6 @@ cursor += sprintf(cursor, "rendezvous\n"); } else if (srv->reg_type == HIP_SERVICE_RELAY) { cursor += sprintf(cursor, "relay\n"); - } else if (srv->reg_type == HIP_SERVICE_SAVAH) { - cursor += sprintf(cursor, "savah\n"); } else if (srv->reg_type == HIP_SERVICE_FULLRELAY) { cursor += sprintf(cursor, "fullrelay\n"); } else { @@ -551,12 +545,6 @@ entry, HIP_HA_CTRL_PEER_FULLRELAY_CAPABLE); break; - case HIP_SERVICE_SAVAH: - HIP_INFO("Responder offers savah service.\n"); - memcpy(sava_serving_gateway, &entry->hit_peer, sizeof(struct in6_addr)); - hip_hadb_set_peer_controls( - entry, HIP_HA_CTRL_PEER_SAVAH_CAPABLE); - break; default: HIP_INFO("Responder offers unsupported service.\n"); hip_hadb_set_peer_controls( @@ -922,18 +910,6 @@ entry, HIP_HA_CTRL_PEER_REFUSED_FULLRELAY); break; } - case HIP_SERVICE_SAVAH: - { - HIP_DEBUG("The server has refused to grant us " \ - "savah service.\n%s\n", reason); - hip_hadb_cancel_local_controls( - entry, HIP_HA_CTRL_LOCAL_REQ_SAVAH); - hip_del_pending_request_by_type( - entry, HIP_SERVICE_SAVAH); - hip_hadb_set_peer_controls( - entry, HIP_HA_CTRL_PEER_REFUSED_SAVAH); - break; - } default: HIP_DEBUG("The server has refused to grant us " \ "an unknown service (%u).\n%s\n", @@ -1129,16 +1105,6 @@ } break; - case HIP_SERVICE_SAVAH: - HIP_DEBUG("Client is registering to savah service.\n"); - accepted_requests[*accepted_count] = - reg_types[i]; - accepted_lifetimes[*accepted_count] = - lifetime; - (*accepted_count)++; - - HIP_DEBUG("Registration accepted.\n"); - break; default: HIP_DEBUG("Client is trying to register to an " "unsupported service.\nRegistration " \ @@ -1363,27 +1329,6 @@ hip_delete_security_associations_and_sp(entry); break; } - case HIP_SERVICE_SAVAH: - { - struct hip_common *msg = NULL; - int err = 0; - HIP_DEBUG("The server has granted us savah " \ - "service for %u seconds (lifetime 0x%x.)\n", - seconds, lifetime); - hip_hadb_cancel_local_controls( - entry, HIP_HA_CTRL_LOCAL_REQ_SAVAH); - hip_hadb_set_peer_controls( - entry, HIP_HA_CTRL_PEER_GRANTED_SAVAH); - hip_del_pending_request_by_type( - entry, HIP_SERVICE_SAVAH); - HIP_IFEL(!(msg = HIP_MALLOC(HIP_MAX_PACKET, 0)), -1, "alloc\n"); - hip_msg_init(msg); - hip_build_user_hdr(msg, SO_HIP_SET_SAVAH_CLIENT_ON, 0); - hip_set_msg_response(msg, 0); - hip_sendto_firewall(msg); -out_err: - break; - } default: { HIP_DEBUG("The server has granted us an unknown " \ @@ -1457,17 +1402,6 @@ break; } - case HIP_SERVICE_SAVAH: - { - HIP_DEBUG("The server has cancelled our savah " \ - "service.\n"); - hip_hadb_cancel_local_controls( - entry, HIP_HA_CTRL_LOCAL_REQ_SAVAH); - hip_del_pending_request_by_type( - entry, HIP_SERVICE_SAVAH); - - break; - } default: { HIP_DEBUG("The server has cancelled our registration " \ === modified file 'hipd/user.c' --- hipd/user.c 2010-03-05 08:47:53 +0000 +++ hipd/user.c 2010-03-07 11:20:52 +0000 @@ -557,140 +557,6 @@ } } break; - case SO_HIP_SAVAH_CLIENT_STATUS_REQUEST: - { - //firewall socket address - struct sockaddr_in6 sock_addr; - memset(&sock_addr, 0, sizeof(sock_addr)); - sock_addr.sin6_family = AF_INET6; - sock_addr.sin6_port = htons(HIP_FIREWALL_PORT); - sock_addr.sin6_addr = in6addr_loopback; - - HIP_DEBUG("Received SAVAH CLIENT Status Request from firewall\n"); - HIP_DEBUG("SAVAH CLIENT status %d \n", hip_get_sava_client_status()); - memset(msg, 0, sizeof(struct hip_common)); - - if (hip_get_sava_client_status() == 0) { - hip_build_user_hdr(msg, SO_HIP_SET_SAVAH_CLIENT_OFF, 0); - } - - if (hip_get_sava_client_status() == 1) { - hip_build_user_hdr(msg, SO_HIP_SET_SAVAH_CLIENT_ON, 0); - } - } - break; - case SO_HIP_SAVAH_SERVER_STATUS_REQUEST: - { - struct sockaddr_in6 sock_addr; - memset(&sock_addr, 0, sizeof(sock_addr)); - sock_addr.sin6_family = AF_INET6; - sock_addr.sin6_port = htons(HIP_FIREWALL_PORT); - sock_addr.sin6_addr = in6addr_loopback; - - HIP_DEBUG("Received SAVAH SERVER Status Request from firewall\n"); - HIP_DEBUG("SAVAH SERVER status %d \n", hip_get_sava_server_status()); - memset(msg, 0, sizeof(struct hip_common)); - if (hip_get_sava_server_status() == 0) { - hip_build_user_hdr(msg, SO_HIP_SET_SAVAH_SERVER_OFF, 0); - } - - if (hip_get_sava_server_status() == 1) { - hip_build_user_hdr(msg, SO_HIP_SET_SAVAH_SERVER_ON, 0); - } - } - break; - case SO_HIP_REGISTER_SAVAHR: - { - dst_hit = hip_get_param_contents(msg, HIP_PARAM_HIT); - dst_ip = hip_get_param_contents(msg, HIP_PARAM_IPV6_ADDR); - if (dst_hit == NULL && dst_ip == NULL) { //HIT and IP are missing worst case opportunistic mode to register with the SAVAH router - } else if (dst_hit == NULL && dst_ip != NULL) { //we have at least SAVAH router IP - } else { // Both HIT and IP are present that is the simplest case we can register with the router directly - /* Add HIT to IP address mapping of the server to haDB. */ - HIP_IFEL(hip_add_peer_map(msg), -1, "Error on registering sava router " \ - "HIT to IP address mapping to the haDB.\n"); - /* Fetch the haDB entry just created. */ - entry = hip_hadb_try_to_find_by_peer_hit(dst_hit); - - if (entry == NULL) { - HIP_ERROR("Error on fetching routers HIT to IP address " \ - "mapping from the haDB.\n"); - err = -1; - goto out_err; - } - - if (!sava_serving_gateway) { - sava_serving_gateway = - (struct in6_addr *) malloc(sizeof(struct in6_addr)); - memset(sava_serving_gateway, 0, sizeof(struct in6_addr)); - } - - memcpy(sava_serving_gateway, dst_hit, sizeof(struct in6_addr)); - - HIP_IFEL(hip_send_i1(&entry->hit_our, dst_hit, entry), -1, - "Error on sending I1 packet to the server.\n"); - } - } - break; - case SO_HIP_GET_SAVAHR_IN_KEYS: - { - dst_hit = hip_get_param_contents(msg, HIP_PARAM_HIT); - entry = hip_hadb_try_to_find_by_peer_hit(dst_hit); - - if (entry == NULL) { - } else { - _HIP_DEBUG_HIT("Destination HIT: ", dst_hit); - HIP_IFEL(hip_build_param_contents(msg, (void *) dst_hit, HIP_PARAM_HIT, - sizeof(struct in6_addr)), -1, - "build param contents failed\n"); - _HIP_HEXDUMP("crypto key :", &entry->auth_in, sizeof(struct hip_crypto_key)); - HIP_IFEL(hip_build_param_contents(msg, - (struct hip_crypto_key *) &entry->auth_in, //HMAC key for incomming direction - HIP_PARAM_KEYS, - sizeof(struct hip_crypto_key)), -1, - "build param contents failed\n"); - _HIP_DEBUG("ealg value is %d \n", entry->esp_transform); - HIP_IFEL(hip_build_param_contents(msg, (void *) &entry->esp_transform, HIP_PARAM_INT, - sizeof(int)), -1, - "build param contents failed\n"); - } - } - break; - case SO_HIP_GET_SAVAHR_OUT_KEYS: - { - dst_hit = hip_get_param_contents(msg, HIP_PARAM_HIT); - entry = hip_hadb_try_to_find_by_peer_hit(dst_hit); - - if (entry == NULL) { - } else { - _HIP_DEBUG_HIT("Destination HIT: ", dst_hit); - HIP_IFEL(hip_build_param_contents(msg, (void *) dst_hit, HIP_PARAM_HIT, - sizeof(struct in6_addr)), -1, - "build param contents failed\n"); - _HIP_HEXDUMP("crypto key :", &entry->auth_out, sizeof(struct hip_crypto_key)); - HIP_IFEL(hip_build_param_contents(msg, - (struct hip_crypto_key *) &entry->auth_out, //HMAC key for incomming direction - HIP_PARAM_KEYS, - sizeof(struct hip_crypto_key)), -1, - "build param contents failed\n"); - _HIP_DEBUG("ealg value is %d \n", entry->esp_transform); - HIP_IFEL(hip_build_param_contents(msg, (void *) &entry->esp_transform, HIP_PARAM_INT, - sizeof(int)), -1, - "build param contents failed\n"); - } - } - break; - case SO_HIP_GET_SAVAHR_HIT: - { - if (sava_serving_gateway) { - _HIP_DEBUG_HIT("SAVAH HIT: ", sava_serving_gateway); - HIP_IFEL(hip_build_param_contents(msg, (void *) sava_serving_gateway, - HIP_PARAM_HIT, - sizeof(struct in6_addr)), -1, - "build param contents failed\n"); - } - } - break; #ifdef CONFIG_HIP_RVS case SO_HIP_ADD_DEL_SERVER: { @@ -837,22 +703,6 @@ entry->nat_mode = 1; add_to_global = 1; break; - case HIP_SERVICE_SAVAH: - HIP_DEBUG("HIP_SERVICE_SAVAH \n"); - if (!sava_serving_gateway) { - sava_serving_gateway = - (struct in6_addr *) malloc(sizeof(struct in6_addr)); - memset(sava_serving_gateway, 0, sizeof(struct in6_addr)); - } - if (!opp_mode) { - memcpy(sava_serving_gateway, dst_hit, sizeof(struct in6_addr)); - } - - hip_set_sava_client_off(); - - hip_hadb_set_local_controls( - entry, HIP_HA_CTRL_LOCAL_REQ_SAVAH); - break; default: HIP_INFO("Undefined service type (%u) " \ "requested in the service " \ @@ -942,15 +792,6 @@ err = hip_recreate_all_precreated_r1_packets(); break; - case SO_HIP_OFFER_SAVAH: - hip_set_srv_status(HIP_SERVICE_SAVAH, HIP_SERVICE_ON); - hip_set_sava_server_on(); - err = hip_recreate_all_precreated_r1_packets(); - hip_build_user_hdr(msg, SO_HIP_SET_SAVAH_SERVER_ON, 0); - hip_set_msg_response(msg, 0); - hip_sendto_firewall(msg); - HIP_DEBUG("Handling SO_HIP_OFFER_SAVAH: STATUS ON\n"); - break; case SO_HIP_OFFER_FULLRELAY: HIP_IFEL(hip_firewall_set_esp_relay(1), -1, "Failed to enable ESP relay in firewall\n"); @@ -980,12 +821,6 @@ "the HIP relay / RVS service.\n"); break; - - case SO_HIP_CANCEL_SAVAH: - hip_set_srv_status(HIP_SERVICE_SAVAH, HIP_SERVICE_OFF); - hip_set_sava_server_off(); - HIP_DEBUG("Handling CANCEL SAVAH user message.\n"); - break; case SO_HIP_CANCEL_RVS: HIP_DEBUG("Handling CANCEL RVS user message.\n"); === modified file 'lib/conf/hipconf.c' --- lib/conf/hipconf.c 2010-03-05 08:57:28 +0000 +++ lib/conf/hipconf.c 2010-03-07 11:20:52 +0000 @@ -86,7 +86,7 @@ #define TYPE_HI3 28 /* free slot (was for TYPE_GET_PEER_LSI 29) */ #define TYPE_BUDDIES 30 -#define TYPE_SAVAHR 31 /* SAVA router HIT IP pair */ +/* free slot */ #define TYPE_NSUPDATE 32 #define TYPE_HIT_TO_IP 33 #define TYPE_HIT_TO_IP_SET 34 @@ -435,9 +435,6 @@ if (ha->peer_controls & HIP_HA_CTRL_PEER_GRANTED_RVS) { HIP_INFO(" Peer has granted us rendezvous service\n"); } - if (ha->peer_controls & HIP_HA_CTRL_PEER_GRANTED_SAVAH) { - HIP_INFO(" Peer has granted us SAVAH service\n"); - } if (ha->peer_controls & HIP_HA_CTRL_PEER_GRANTED_UNSUP) { HIP_DEBUG(" Peer has granted us an unknown service\n"); } @@ -450,9 +447,6 @@ if (ha->peer_controls & HIP_HA_CTRL_PEER_REFUSED_RVS) { HIP_INFO(" Peer has refused to grant us RVS service\n"); } - if (ha->peer_controls & HIP_HA_CTRL_PEER_REFUSED_SAVAH) { - HIP_INFO(" Peer has refused to grant us SAVAH service\n"); - } if (ha->peer_controls & HIP_HA_CTRL_PEER_REFUSED_UNSUP) { HIP_DEBUG(" Peer has refused to grant us an unknown service\n"); } @@ -1037,8 +1031,6 @@ reg_types[i] = HIP_SERVICE_RENDEZVOUS; } else if (strcmp("relay", lowercase) == 0) { reg_types[i] = HIP_SERVICE_RELAY; - } else if (strcmp("savah", lowercase) == 0) { - reg_types[i] = HIP_SERVICE_SAVAH; } else if (strcmp("full-relay", lowercase) == 0) { reg_types[i] = HIP_SERVICE_FULLRELAY; } /* To cope with the atoi() error value we handle the 'zero' @@ -2383,10 +2375,6 @@ HIP_INFO("Adding HIP UDP relay service.\n"); HIP_IFEL(hip_build_user_hdr(msg, SO_HIP_OFFER_HIPRELAY, 0), -1, "Failed to build user message header.\n"); - } else if (strcmp(opt[0], "savah") == 0) { - HIP_INFO("Adding HIP SAVA service.\n"); - HIP_IFEL(hip_build_user_hdr(msg, SO_HIP_OFFER_SAVAH, 0), -1, - "Failed to build user message header.\n"); } else if (strcmp(opt[0], "full-relay") == 0) { HIP_INFO("Adding HIP_FULLRELAY service.\n"); HIP_IFEL(hip_build_user_hdr(msg, SO_HIP_OFFER_FULLRELAY, 0), -1, @@ -2417,11 +2405,6 @@ HIP_IFEL(hip_build_user_hdr( msg, SO_HIP_CANCEL_HIPRELAY, 0), -1, "Failed to build user message header.\n"); - } else if (strcmp(opt[0], "sava") == 0) { - HIP_INFO("Deleting SAVAH service.\n"); - HIP_IFEL(hip_build_user_hdr( - msg, SO_HIP_CANCEL_SAVAH, 0), -1, - "Failed to build user message header.\n"); } else if (strcmp(opt[0], "full-relay") == 0) { HIP_INFO("Deleting HIP full relay service.\n"); HIP_IFEL(hip_build_user_hdr( @@ -3098,56 +3081,6 @@ } /** - * handle sava extension - * - * @param msg input/output message for the query/response for hipd - * @param action unused - * @param opt options arguments as strings - * @param optc number of arguments - * @param send_only 1 if no response from hipd should be requrested, or 0 if - * should block for a response from hipd - * @return zero for success and negative on error - */ -int hip_conf_handle_sava(struct hip_common *msg, int action, - const char *opt[], int optc) -{ - int err = 0; - in6_addr_t hit, ip6; - - HIP_DEBUG("action=%d optc=%d\n", action, optc); - if (action == ACTION_ADD) { - //HIP_IFEL((optc != 0 || optc != 2), -1, "Missing arguments\n"); - - if (optc == 2) { - HIP_IFEL(hip_build_user_hdr(msg, SO_HIP_REGISTER_SAVAHR, - 0), -1, "add peer map failed\n"); - HIP_IFEL(convert_string_to_address(opt[0], &hit), -1, - "string to address conversion failed\n"); - - HIP_IFEL((err = convert_string_to_address(opt[1], &ip6)), -1, - "string to address conversion failed\n"); - - HIP_IFEL(hip_build_param_contents(msg, (void *) &hit, HIP_PARAM_HIT, - sizeof(in6_addr_t)), -1, - "build param hit failed\n"); - - HIP_IFEL(hip_build_param_contents(msg, (void *) &ip6, - HIP_PARAM_IPV6_ADDR, - sizeof(in6_addr_t)), -1, - "build param hit failed\n"); - } - } else if (action == ACTION_GET) { - HIP_IFEL(hip_build_user_hdr(msg, SO_HIP_GET_SAVAHR_HIT, - 0), -1, "add peer map failed\n"); - } else { - HIP_IFEL(1, -1, "bad args\n"); - } -out_err: - return err; -} - - -/** * Handles the hipconf commands where the type is @c load. * * @param msg a pointer to the buffer where the message for hipd will @@ -3299,7 +3232,7 @@ hip_conf_handle_hi3, /* 28: TYPE_HI3 */ NULL, /* 29: unused */ hip_conf_handle_buddies_toggle, /* 30: TYPE_BUDDIES */ - NULL, /* 31: TYPE_SAVAHR, reserved for sava */ + NULL, /* 31: unused */ hip_conf_handle_nsupdate, /* 32: TYPE_NSUPDATE */ hip_conf_handle_hit_to_ip, /* 33: TYPE_HIT_TO_IP */ hip_conf_handle_hit_to_ip_set, /* 34: TYPE_HIT_TO_IP_SET */ === modified file 'lib/core/builder.c' --- lib/core/builder.c 2010-03-05 09:10:50 +0000 +++ lib/core/builder.c 2010-03-07 11:20:52 +0000 @@ -1261,9 +1261,6 @@ case SO_HIP_TRIGGER_BEX: return "SO_HIP_TRIGGER_BEX"; //case SO_HIP_IS_OUR_LSI: return "SO_HIP_IS_OUR_LSI"; case SO_HIP_GET_PEER_HIT: return "SO_HIP_GET_PEER_HIT"; - case SO_HIP_REGISTER_SAVAHR: return "SO_HIP_REGISTER_SAVAHR"; - case SO_HIP_GET_SAVAHR_IN_KEYS: return "SO_HIP_GET_SAVAHR_IN_KEYS"; - case SO_HIP_GET_SAVAHR_OUT_KEYS: return "SO_HIP_GET_SAVAHR_OUT_KEYS"; //case SO_HIP_GET_PEER_HIT_BY_LSIS: return "SO_HIP_GET_PEER_HIT_BY_LSIS"; case SO_HIP_NSUPDATE_ON: return "SO_HIP_NSUPDATE_ON"; case SO_HIP_NSUPDATE_OFF: return "SO_HIP_NSUPDATE_OFF"; === modified file 'lib/core/icomm.h' --- lib/core/icomm.h 2010-03-05 09:10:50 +0000 +++ lib/core/icomm.h 2010-03-07 11:20:52 +0000 @@ -175,19 +175,7 @@ #define SO_HIP_BUDDIES_ON 162 #define SO_HIP_BUDDIES_OFF 163 #define SO_HIP_TURN_INFO 164 -#define SO_HIP_REGISTER_SAVAHR 165 -#define SO_HIP_GET_SAVAHR_HIT 166 -#define SO_HIP_GET_SAVAHR_IN_KEYS 167 -#define SO_HIP_GET_SAVAHR_OUT_KEYS 168 -#define SO_HIP_OFFER_SAVAH 169 -#define SO_HIP_CANCEL_SAVAH 170 -#define SO_HIP_FW_I2_DONE 171 -#define SO_HIP_SAVAH_CLIENT_STATUS_REQUEST 172 -#define SO_HIP_SAVAH_SERVER_STATUS_REQUEST 173 -#define SO_HIP_SET_SAVAH_CLIENT_OFF 174 -#define SO_HIP_SET_SAVAH_CLIENT_ON 175 -#define SO_HIP_SET_SAVAH_SERVER_OFF 176 -#define SO_HIP_SET_SAVAH_SERVER_ON 178 +/* free slots */ #define SO_HIP_NSUPDATE_OFF 179 #define SO_HIP_NSUPDATE_ON 180 #define SO_HIP_HIT_TO_IP_OFF 181 === modified file 'lib/core/protodefs.h' --- lib/core/protodefs.h 2010-03-05 09:10:50 +0000 +++ lib/core/protodefs.h 2010-03-07 11:20:52 +0000 @@ -160,7 +160,7 @@ #define HIP_PARAM_TRANSFORM_ORDER 32813 #define HIP_PARAM_HDRR_INFO 32814 #define HIP_PARAM_UADB_INFO 32815 -#define HIP_PARAM_SAVA_CRYPTO_INFO 32816 +/* free slot */ #define HIP_PARAM_SECRET 32817 #define HIP_PARAM_BRANCH_NODES 32818 #define HIP_PARAM_ROOT 32819 @@ -286,14 +286,12 @@ #define HIP_HA_CTRL_LOCAL_REQ_UNSUP 0x0001 #define HIP_HA_CTRL_LOCAL_REQ_RELAY 0x4000 #define HIP_HA_CTRL_LOCAL_REQ_RVS 0x8000 -#define HIP_HA_CTRL_LOCAL_REQ_SAVAH 0x0010 #define HIP_HA_CTRL_LOCAL_REQ_FULLRELAY 0x1000 /* Keep inside parentheses. */ #define HIP_HA_CTRL_LOCAL_REQ_ANY ( \ HIP_HA_CTRL_LOCAL_REQ_UNSUP | \ HIP_HA_CTRL_LOCAL_REQ_RELAY | \ HIP_HA_CTRL_LOCAL_REQ_RVS | \ - HIP_HA_CTRL_LOCAL_REQ_SAVAH | \ HIP_HA_CTRL_LOCAL_REQ_FULLRELAY \ ) #define HIP_HA_CTRL_LOCAL_GRANTED_FULLRELAY 0x0800 @@ -301,19 +299,16 @@ #define HIP_HA_CTRL_PEER_GRANTED_UNSUP 0x0001 #define HIP_HA_CTRL_PEER_GRANTED_RELAY 0x0800 #define HIP_HA_CTRL_PEER_GRANTED_RVS 0x1000 -#define HIP_HA_CTRL_PEER_GRANTED_SAVAH 0x0200 #define HIP_HA_CTRL_PEER_GRANTED_FULLRELAY 0x400 #define HIP_HA_CTRL_PEER_UNSUP_CAPABLE 0x0002 #define HIP_HA_CTRL_PEER_RELAY_CAPABLE 0x4000 #define HIP_HA_CTRL_PEER_RVS_CAPABLE 0x8000 -#define HIP_HA_CTRL_PEER_SAVAH_CAPABLE 0x0010 #define HIP_HA_CTRL_PEER_FULLRELAY_CAPABLE 0x2000 #define HIP_HA_CTRL_PEER_REFUSED_UNSUP 0x0004 #define HIP_HA_CTRL_PEER_REFUSED_RELAY 0x0040 #define HIP_HA_CTRL_PEER_REFUSED_RVS 0x0080 -#define HIP_HA_CTRL_PEER_REFUSED_SAVAH 0x0100 #define HIP_HA_CTRL_PEER_REFUSED_FULLRELAY 0x0020 /* @} */ @@ -330,10 +325,9 @@ */ #define HIP_SERVICE_RENDEZVOUS 1 #define HIP_SERVICE_RELAY 2 -#define HIP_SERVICE_SAVAH 203 #define HIP_SERVICE_FULLRELAY 204 /* IMPORTANT! This must be the sum of above services. */ -#define HIP_TOTAL_EXISTING_SERVICES 4 +#define HIP_TOTAL_EXISTING_SERVICES 3 /* @} */ /** @addtogroup hip_proxy === modified file 'tools/hipl_autobuild' --- tools/hipl_autobuild 2010-03-05 08:24:06 +0000 +++ tools/hipl_autobuild 2010-03-07 11:20:52 +0000 @@ -56,8 +56,8 @@ # Compile HIPL in different configurations compile # The following configuration is commented out until HIPL is fixed -#compile --disable-rvs --disable-ice --disable-hipproxy --disable-opportunistic --disable-savaipopt -#compile --enable-agent --enable-cookie --enable-pfkey --enable-cert --disable-rvs --disable-ice --disable-hipproxy --enable-openwrt --enable-altsep --enable-i3 --disable-privsep --disable-opportunistic --disable-savaipopt --disable-dht --enable-blind --enable-profiling --enable-ecdsa --disable-debug --enable-midauth --enable-performance --enable-demo +#compile --disable-rvs --disable-ice --disable-hipproxy --disable-opportunistic +#compile --enable-agent --enable-cookie --enable-pfkey --enable-cert --disable-rvs --disable-ice --disable-hipproxy --enable-openwrt --enable-altsep --enable-i3 --disable-privsep --disable-opportunistic --disable-dht --enable-blind --enable-profiling --enable-ecdsa --disable-debug --enable-midauth --enable-performance --enable-demo cleanup 0 === modified file 'verbose-headers.txt' --- verbose-headers.txt 2010-02-01 13:24:34 +0000 +++ verbose-headers.txt 2010-03-07 11:20:52 +0000 @@ -22,8 +22,8 @@ firewall/common_types.h : TimeVal firewall/common_types.h : _TimeVal firewall/common_types.h : TYPES_H_ -firewall/conndb firewall/proxydb firewall/sava_api firewall/user_ipsec_sadb hipd/hadb hipd/hipqueue hipd/hiprelay libhipcore/hashtable libopphip/wrap_db /usr/include/openssl/lhash.h : IMPLEMENT_LHASH_COMP_FN -firewall/conndb firewall/proxydb firewall/sava_api firewall/user_ipsec_sadb hipd/hadb hipd/hipqueue hipd/hiprelay libhipcore/hashtable libopphip/wrap_db /usr/include/openssl/lhash.h : IMPLEMENT_LHASH_HASH_FN +firewall/conndb firewall/proxydb firewall/user_ipsec_sadb hipd/hadb hipd/hipqueue hipd/hiprelay libhipcore/hashtable libopphip/wrap_db /usr/include/openssl/lhash.h : IMPLEMENT_LHASH_COMP_FN +firewall/conndb firewall/proxydb firewall/user_ipsec_sadb hipd/hadb hipd/hipqueue hipd/hiprelay libhipcore/hashtable libopphip/wrap_db /usr/include/openssl/lhash.h : IMPLEMENT_LHASH_HASH_FN firewall/conndb.h : hip_conn firewall/conndb.h : hip_conn_key firewall/conntrack.h : print_data @@ -126,8 +126,6 @@ firewall/rule_management.h : test_rule_management firewall/rule_management.h : TYPE_OPTION firewall/rule_management.h : TYPE_STR -firewall/rule_management.h : VERIFY_RESPONDER_STR -firewall/sava_api.h : HIP_SAVA_API firewall/user_ipsec_api.h : USER_IPSEC_API_H_ firewall/user_ipsec_api libhipcore/common_defines.h : MAX_ESP_PADDING firewall/user_ipsec_esp.h : add_udp_header @@ -513,7 +511,6 @@ libhipcore/protodefs.h : hip_nat_transform libhipcore/protodefs.h : HIP_PARAM_MAX libhipcore/protodefs.h : HIP_PARAM_MIN -libhipcore/protodefs.h : HIP_PARAM_SAVA_CRYPTO_INFO libhipcore/protodefs.h : HIP_PARAM_TURN_INFO libhipcore/protodefs.h : _HIP_PROTODEFS libhipcore/protodefs.h : hip_relay_to_old