[hipl-commit] [trunk] Rev 3833: Removed SAVA code.
- From: Miika Komu <miika@xxxxxx>
- To: hipl-commit@xxxxxxxxxxxxx
- Date: Sun, 7 Mar 2010 13:20:13 +0200
Committer: Miika Komu <miika@xxxxxx>
Date: Sun Mar 07 13:20:52 2010 +0200
Revision: 3833
Revision-id: miika@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Branch nick: trunk
Log:
Removed SAVA code.
It can be added back when it's documented properly and the code quality
is improved.
Modified:
D firewall/sava_api.c
D firewall/sava_api.h
D firewall/savah_gateway.c
D firewall/savah_gateway.h
M Android.mk
M Makefile.am
M configure.ac
M debian/rules
M doc/HOWTO.xml
M doc/doxygen.h
M doc/verbose-header-files.txt
M doc/verbose-headers.txt
M firewall/firewall.c
M firewall/firewall.h
M firewall/firewall_control.c
M firewall/firewall_control.h
M hipd/accessor.c
M hipd/accessor.h
M hipd/hadb.c
M hipd/hipd.c
M hipd/hipd.h
M hipd/input.c
M hipd/maintenance.c
M hipd/maintenance.c.doxyme
M hipd/maintenance.h
M hipd/registration.c
M hipd/user.c
M lib/conf/hipconf.c
M lib/core/builder.c
M lib/core/icomm.h
M lib/core/protodefs.h
M tools/hipl_autobuild
M verbose-headers.txt
=== modified file 'Android.mk'
--- Android.mk 2010-03-04 13:39:06 +0000
+++ Android.mk 2010-03-07 11:20:52 +0000
@@ -67,7 +67,6 @@
-DCONFIG_HIP_RVS \
-DCONFIG_HIP_HIPPROXY \
-DCONFIG_HIP_OPPORTUNISTIC \
- -DCONFIG_SAVAH_IP_OPTION \
-DCONFIG_HIP_DEBUG \
-DHIP_LOGFMT_LONG \
-g
@@ -149,7 +148,6 @@
opptcp.c \
firewalldb.c \
lsi.c \
- sava_api.c \
cache.c \
cache_port.c \
esp_prot_config.c
=== modified file 'Makefile.am'
--- Makefile.am 2010-03-06 11:49:13 +0000
+++ Makefile.am 2010-03-07 11:20:52 +0000
@@ -208,8 +208,6 @@
firewall/firewalldb.c \
firewall/lsi.c \
firewall/sysopp.c \
- firewall/sava_api.c \
- firewall/savah_gateway.c \
firewall/cache.c \
firewall/cache_port.c \
firewall/datapkt.c
=== modified file 'configure.ac'
--- configure.ac 2010-03-07 08:12:08 +0000
+++ configure.ac 2010-03-07 11:20:52 +0000
@@ -284,18 +284,6 @@
fi
AM_CONDITIONAL(HIP_OPPORTUNISTIC, test x"$ac_cv_use_opportunistic" = x"yes")
-AC_ARG_ENABLE(savaipopt,
- AC_HELP_STRING([--enable-savaipopt],
- [HIP SAVA IP option extensions, if no encrypt IP
address (default is YES)]),
- [ac_cv_use_savaipopt=$enableval], [ac_cv_use_savaipopt=yes])
-AC_CACHE_CHECK([whether to use sava ip option],
- [ac_cv_use_savaipopt], [ac_cv_use_savaipopt=yes])
-if test x"$ac_cv_use_savaipopt" = x"yes"; then
- AC_DEFINE(CONFIG_SAVAH_IP_OPTION)
- AH_TEMPLATE(CONFIG_SAVAH_IP_OPTION, [Defined to 1 if SAVAH is
enabled.])
-fi
-AM_CONDITIONAL(SAVAH_IP_OPTION, test x"$ac_cv_use_savaipopt" = x"yes")
-
AC_ARG_ENABLE(dht,
AC_HELP_STRING([--enable-dht],
[DHT support (default is YES)]),
=== modified file 'debian/rules'
--- debian/rules 2010-03-01 17:34:58 +0000
+++ debian/rules 2010-03-07 11:20:52 +0000
@@ -31,7 +31,7 @@
ifneq "$(wildcard /usr/share/misc/config.guess)" ""
cp -f /usr/share/misc/config.guess config.guess
endif
- ./configure $(CROSS) --prefix=/usr --mandir=\$${prefix}/share/man
--infodir=\$${prefix}/share/info CFLAGS="$(CFLAGS)" --enable-maemo
--disable-firewall --disable-privsep --enable-midauth --disable-agent
--disable-opportunistic --disable-savaipopt --disable-dht
+ ./configure $(CROSS) --prefix=/usr --mandir=\$${prefix}/share/man
--infodir=\$${prefix}/share/info CFLAGS="$(CFLAGS)" --enable-maemo
--disable-firewall --disable-privsep --enable-midauth --disable-agent
--disable-opportunistic --disable-dht
build: build-stamp
=== modified file 'doc/HOWTO.xml'
--- doc/HOWTO.xml 2010-03-05 08:24:06 +0000
+++ doc/HOWTO.xml 2010-03-07 11:20:52 +0000
@@ -4922,64 +4922,6 @@
</section>
</section>
- <section id="ch_sava_mode">
- <title>Source address validation architecture with HIP</title>
-
- <para>
- SAVAH (Source address validation architecture with HIP) can be utilized,
e.g.,
- in access control and AAA systems to validate the source IP addresses of
the clients
- connecting to a network. The architecture is implemented on a first-hop
router and
- allows: (i) validating the source IP address of the registered client
(IP bound to HIT);
- (ii) rejecting connection if the IP spoofing was detected; (iii) client
registration via web
- interface in order to get access (this currently not implemented
completely, but the captive web page
- for unauthorized clients is there). In addition, the architecture allows
to use ESP
- encapsulation (which is not implemented yet but will require a minimum
effort to do so) to
- provide also a data confidentiality property. In that case SAVAH can be
also used
- as a VPN solution. The reader is refered to <ulink
url="http://tools.ietf.org/html/draft-kuptsov-sava-hip-01"; />
- for more details about the architecture.
- </para>
-
- <para>
- To start the system the following steps should be considered.
- </para>
-
- <para>
- At the router side add to HIP configuration file (/etc/hip/hipd_conf)
the following line:
- <programlisting>
- # nano /etc/hip/hipd_conf
- add service savah
- </programlisting>
- In addition edit the ACL for HIP firewall and add the HITs of allowed
clients
- <programlisting>
- # nano /etc/hip/firewall_conf
- INPUT -dst_hit <CLIENTS-HIT>
- </programlisting>
- And start the service with the followign commands:
- <programlisting>
- # hipfw -A
- # hipd
- </programlisting>
- </para>
-
- <para>
- At the client side add to HIP configuration file (/etc/hip/hipd_conf)
the following line:
- <programlisting>
- # nano /etc/hip/hipd_conf
- add server savah <HIT-OF-SAVAH-ROUTER>
<IP-OF-SAVAH-ROUTER> <LIFETIME-IN-MSEC>
- </programlisting>
- And start the service with the following commands:
- <programlisting>
- # hipfw -F
- # hipd
- </programlisting>
- </para>
-
- <para>
- The service should be now up and running and all IP services should be
allowed for the client (if of course it is
- authenitcated by HIT on the router side)
- </para>
-
- </section>
<section id="hipproxy">
<title>HIP Proxy</title>
=== modified file 'doc/doxygen.h'
--- doc/doxygen.h 2010-03-05 08:24:06 +0000
+++ doc/doxygen.h 2010-03-07 11:20:52 +0000
@@ -679,7 +679,7 @@
* |||| |||| |||| ||+-- 0x0002 - free -
* |||| |||| |||| |+--- 0x0004 - free -
* |||| |||| |||| +---- 0x0008 - free -
- * |||| |||| |||+------ 0x0010 We have requested SAVAH service.
+ * |||| |||| |||+------ 0x0010 - free -
* |||| |||| ||+------- 0x0020 - free -
* |||| |||| |+-------- 0x0040 - free -
* |||| |||| +--------- 0x0080 - free -
@@ -699,12 +699,12 @@
* |||| |||| |||| ||+-- 0x0002 Peer offers an unsupported service.
* |||| |||| |||| |+--- 0x0004 Peer refused to grant us an unsupported service.
* |||| |||| |||| +---- 0x0008 - free -
- * |||| |||| |||+------ 0x0010 Peer offers SAVAH service.
+ * |||| |||| |||+------ 0x0010 - free -
* |||| |||| ||+------- 0x0020 Peer has refused to grant us full relay service
* |||| |||| |+-------- 0x0040 Peer refused to grant us HIP relay service.
* |||| |||| +--------- 0x0080 Peer refused to grant us RVS service.
- * |||| |||+----------- 0x0100 Peer refused to grant us SAVAH service.
- * |||| ||+------------ 0x0200 Peer granted SAVAH service to us.
+ * |||| |||+----------- 0x0100 - free -
+ * |||| ||+------------ 0x0200 - free -
* |||| |+------------- 0x0400 Peer has granted us full relay service
* |||| +-------------- 0x0800 Peer granted HIP relay service to us.
* |||+---------------- 0x1000 Peer granted RVS service to us.
=== modified file 'doc/verbose-header-files.txt'
--- doc/verbose-header-files.txt 2010-03-05 08:24:06 +0000
+++ doc/verbose-header-files.txt 2010-03-07 11:20:52 +0000
@@ -246,7 +246,6 @@
libhipconf/hipconf.h : hip_conf_handle_restart
libhipconf/hipconf.h : hip_conf_handle_rst
libhipconf/hipconf.h : hip_conf_handle_run_normal
-libhipconf/hipconf.h : hip_conf_handle_sava
libhipconf/hipconf.h : hip_conf_handle_server
libhipconf/hipconf.h : hip_conf_handle_service
libhipconf/hipconf.h : hip_conf_handle_set
@@ -449,7 +448,6 @@
firewall/opptcp.h : HIP_OPPTCP
libhipcore/protodefs.h : HIP_PARAM_MAX
libhipcore/protodefs.h : HIP_PARAM_MIN
-libhipcore/protodefs.h : HIP_PARAM_SAVA_CRYPTO_INFO
libhipcore/protodefs.h : HIP_PARAM_TURN_INFO
firewall/user_ipsec_esp.h : hip_payload_decrypt
firewall/user_ipsec_esp.h : hip_payload_encrypt
@@ -514,9 +512,7 @@
test/unit.h : hip_run_unit_test_space
libhipcore/protodefs.h : hip_rvs_hmac
firewall/user_ipsec_sadb.h : hip_sadb_print
-firewall/user_ipsec_sadb.h : hip_sa_entry
-firewall/sava_api.h : HIP_SAVA_API
-hipd/maintenance.h : hip_scan_retransmissions
+
test/escrow.h : hip_send_escrow_update
libhipcore/builder.h : hip_set_param_spi_value
libhipcore/builder.h : hip_set_param_type
@@ -764,10 +760,10 @@
libhipgui/widgets.h : ID_TWG_LW
libhipgui/widgets.h : ID_USERMODEL
libhipgui/widgets.h : ID_USERVIEW
-firewall/conndb firewall/proxydb firewall/sava_api firewall/user_ipsec_sadb
hipd/hadb hipd/hipqueue hipd/hiprelay libhipcore/hashtable libopphip/wrap_db
/usr/include/openssl/lhash.h : IMPLEMENT_LHASH_COMP_FN
+firewall/conndb firewall/proxydb firewall/user_ipsec_sadb hipd/hadb
hipd/hipqueue hipd/hiprelay libhipcore/hashtable libopphip/wrap_db
/usr/include/openssl/lhash.h : IMPLEMENT_LHASH_COMP_FN
hipd/hiprelay libhipcore/hashtable /usr/include/openssl/lhash.h :
IMPLEMENT_LHASH_DOALL_ARG_FN
hipd/hiprelay libhipcore/hashtable /usr/include/openssl/lhash.h :
IMPLEMENT_LHASH_DOALL_FN
-firewall/conndb firewall/proxydb firewall/sava_api firewall/user_ipsec_sadb
hipd/hadb hipd/hipqueue hipd/hiprelay libhipcore/hashtable libopphip/wrap_db
/usr/include/openssl/lhash.h : IMPLEMENT_LHASH_HASH_FN
+firewall/conndb firewall/proxydb firewall/user_ipsec_sadb hipd/hadb
hipd/hipqueue hipd/hiprelay libhipcore/hashtable libopphip/wrap_db
/usr/include/openssl/lhash.h : IMPLEMENT_LHASH_HASH_FN
libhiptool/nlink.h : inet_prefix
firewall/rule_management.h : IN_IF_OPTION
firewall/rule_management.h : IN_IF_STR
@@ -1248,7 +1244,6 @@
libhipconf/hipconf.h : TYPE_PUZZLE
libhipconf/hipconf.h : TYPE_RST
libhipconf/hipconf.h : TYPE_RUN
-libhipconf/hipconf.h : TYPE_SAVAHR
libhipconf/hipconf.h : TYPE_SERVER
libhipconf/hipconf.h : TYPE_SERVICE
libhipconf/hipconf.h : TYPE_SET
=== modified file 'doc/verbose-headers.txt'
--- doc/verbose-headers.txt 2010-03-05 08:24:06 +0000
+++ doc/verbose-headers.txt 2010-03-07 11:20:52 +0000
@@ -6,7 +6,7 @@
firewall/rule_management.h : ACCEPT
firewall/rule_management.h : accept_mobile
firewall/rule_management.h : ACCEPT_MOBILE_STR
-firewall/sava_api libhiptool/xfrm.h : action
+libhiptool/xfrm.h : action
libipsec/policy_parse libipsec/policy_parse.h : ACTION
libhipconf/hipconf.h : ACTION_ADD
libhipconf/hipconf.h : ACTION_BOS
@@ -219,7 +219,7 @@
libhipcore/hashchain.h : current_index
libhiptool/xfrm /usr/include/linux/ipv6 /usr/include/netinet/ip.h : daddr
libhiptool/nlink.h : d_addr
-agent/str_var firewall/common_types firewall/firewall_defines
firewall/sava_api hipd/configfilereader hipd/hipqueue i3/i3_client/i3_client
i3/i3_client/ping libhipcore/hashtree libhipcore/protodefs libhiptool/lutil
libhiptool/nlink tools/daemontools/admin/daemontools-0 tools/djbdns/djbdns-1
tools/djbdns/djbdns-1 tools/djbdns/djbdns-1 tools/djbdns/djbdns-1
tools/djbdns/djbdns-1 tools/djbdns/djbdns-1 tools/djbdns/djbdns-1
/usr/include/arpa/nameser /usr/include/linux/capability /usr/include/linux/icmp
/usr/include/linux/icmpv6 /usr/include/netinet/ip.h : data
+agent/str_var firewall/common_types firewall/firewall_defines
hipd/configfilereader hipd/hipqueue i3/i3_client/i3_client i3/i3_client/ping
libhipcore/hashtree libhipcore/protodefs libhiptool/lutil libhiptool/nlink
tools/daemontools/admin/daemontools-0 tools/djbdns/djbdns-1
tools/djbdns/djbdns-1 tools/djbdns/djbdns-1 tools/djbdns/djbdns-1
tools/djbdns/djbdns-1 tools/djbdns/djbdns-1 tools/djbdns/djbdns-1
/usr/include/arpa/nameser /usr/include/linux/capability /usr/include/linux/icmp
/usr/include/linux/icmpv6 /usr/include/netinet/ip.h : data
hipd/hipqueue i3/i3_client/i3_client
/usr/include/linux/netfilter_ipv4/ip_queue.h : data_len
libhipcore/debug.h : DEBUG_H
libhipcore/debug.h : debug_level
@@ -281,7 +281,7 @@
libhiptool/crypto.h : DSA_PRIV
libhipcore/misc.h : dsa_to_dns_key_rr
libhipcore/builder.h : dsa_to_hip_endpoint
-firewall/firewall_defines firewall/sava_api i3/i3_client/ping
libipsec/libpfkey.h : dst
+firewall/firewall_defines i3/i3_client/ping libipsec/libpfkey.h : dst
firewall/firewall_defines firewall/user_ipsec_esp firewall/user_ipsec_sadb
hipd/input.h : dst_addr
firewall/firewall_defines.h : dst_addr_list
firewall/rule_management.h : DST_HI_OPTION
@@ -292,7 +292,7 @@
firewall/user_ipsec_sadb firewall/user_ipsec_sadb.h : dst_port
libhiptool/nlink.h : dump
libhipcore/misc.h : e
-firewall/sava_api firewall/user_ipsec_sadb firewall/user_ipsec_sadb.h : ealg
+ firewall/user_ipsec_sadb firewall/user_ipsec_sadb.h : ealg
libhiptool/xfrm.h : ealgos
libhipgui/events.h : e_button
libhipgui/events.h : e_button_press
=== modified file 'firewall/firewall.c'
--- firewall/firewall.c 2010-03-03 13:16:18 +0000
+++ firewall/firewall.c 2010-03-07 11:20:52 +0000
@@ -46,8 +46,6 @@
#include "user_ipsec_api.h" /* Userspace IPsec */
#include "esp_prot_conntrack.h" /* ESP Tokens */
#include "esp_prot_api.h" /* ESP Tokens */
-#include "sava_api.h" /* Sava */
-#include "savah_gateway.h"
#include "sysopp.h" /* System-based Opportunistic HIP */
#include "datapkt.h"
#include "firewalldb.h"
@@ -97,8 +95,6 @@
/* extension-specific state */
static int hip_userspace_ipsec = 0;
static int hip_esp_protection = 0;
-static int hip_sava_router = 0;
-static int hip_sava_client = 0;
static int restore_filter_traffic = HIP_FW_FILTER_TRAFFIC_BY_DEFAULT;
static int restore_accept_hip_esp_traffic =
HIP_FW_ACCEPT_HIP_ESP_TRAFFIC_BY_DEFAULT;
@@ -195,152 +191,6 @@
}
/**
- * Initialize sava client packet capture rules
- *
- * @return zero on success, non-zero on error
- */
-int hip_fw_init_sava_client()
-{
- int err = 0;
- if (!hip_sava_client && !hip_sava_router) {
- hip_sava_client = 1;
- HIP_DEBUG(" hip_fw_init_sava_client() \n");
- HIP_IFEL(hip_sava_client_init_all(), -1,
- "Error initializing SAVA client \n");
- /* IPv4 packets */
- system_print("iptables -I HIPFW-OUTPUT -p tcp ! -d 127.0.0.1 -j QUEUE
2>/dev/null");
- system_print("iptables -I HIPFW-OUTPUT -p udp ! -d 127.0.0.1 -j QUEUE
2>/dev/null");
- /* IPv6 packets */
- system_print("ip6tables -I HIPFW-OUTPUT -p tcp ! -d ::1 -j QUEUE
2>/dev/null");
- system_print("ip6tables -I HIPFW-OUTPUT -p udp ! -d ::1 -j QUEUE
2>/dev/null");
- }
-out_err:
- return err;
-}
-
-/**
- * Initialize packet capture rules for sava router
- *
- * @return zero on success, non-zero on error
- */
-int hip_fw_init_sava_router()
-{
- int err = 0;
- /*
- * We need to capture each and every packet
- * that passes trough the firewall to verify the packet's
- * source address
- */
- if (!hip_sava_client && !hip_sava_router) {
- hip_sava_router = 1;
- accept_hip_esp_traffic_by_default = 0;
- if (hip_sava_router) {
- HIP_DEBUG("Initializing SAVA client mode \n");
- HIP_IFEL(hip_sava_init_all(), -1,
- "Error initializing SAVA IP DB \n");
-
- system_print("echo 1 >/proc/sys/net/ipv4/conf/all/forwarding");
- system_print("echo 1 >/proc/sys/net/ipv6/conf/all/forwarding");
-
- system_print("iptables -I HIPFW-FORWARD -p tcp -j QUEUE
2>/dev/null");
- system_print("iptables -I HIPFW-FORWARD -p udp -j QUEUE
2>/dev/null");
-
- /* IPv6 packets */
-
- system_print("ip6tables -I HIPFW-FORWARD -p tcp -j QUEUE
2>/dev/null");
- system_print("ip6tables -I HIPFW-FORWARD -p udp -j QUEUE
2>/dev/null");
-
- /* Queue HIP packets as well */
- system_print("iptables -I HIPFW-INPUT -p 139 -j QUEUE
2>/dev/null");
- system_print("ip6tables -I HIPFW-INPUT -p 139 -j QUEUE
2>/dev/null");
-
- iptables_do_command("iptables -t nat -N %s 2>/dev/null",
SAVAH_PREROUTING);
- iptables_do_command("ip6tables -N %s 2>/dev/null",
SAVAH_PREROUTING);
-
- iptables_do_command("iptables -t nat -I PREROUTING 1 -m mark
--mark %d -j %s", FW_MARK_LOCKED, SAVAH_PREROUTING);
- iptables_do_command("ip6tables -I PREROUTING 1 -m mark --mark %d
-j %s", FW_MARK_LOCKED, SAVAH_PREROUTING);
- //jump to SAVAH_PREROUTING chain if the packet was marked for
FW_MARK_LOCKED
-
- iptables_do_command("iptables -t nat -I %s 1 -p tcp --dport 80 -j
REDIRECT --to-ports 80",
- SAVAH_PREROUTING); //this static IPs need to
get mode dinamic nature
- iptables_do_command("ip6tables -I %s 1 -p tcp --dport 80 -j
REDIRECT --to-ports 80",
- SAVAH_PREROUTING); //the same goes here
- }
- }
-out_err:
- return err;
-}
-
-/**
- * Ununitialize packet capture rules for sava client
- *
- */
-void hip_fw_uninit_sava_client(void)
-{
- if (hip_sava_client) {
- hip_sava_client = 0;
- /* IPv4 packets */
- system_print("iptables -D HIPFW-OUTPUT -p tcp ! -d 127.0.0.1 -j QUEUE
2>/dev/null");
- system_print("iptables -D HIPFW-OUTPUT -p udp ! -d 127.0.0.1 -j QUEUE
2>/dev/null");
- /* IPv6 packets */
- system_print("ip6tables -D HIPFW-OUTPUT -p tcp ! -d ::1 -j QUEUE
2>/dev/null");
- system_print("ip6tables -D HIPFW-OUTPUT -p udp ! -d ::1 -j QUEUE
2>/dev/null");
- }
-}
-
-/**
- * Uninitialize packet capture rules for sava router
- *
- */
-void hip_fw_uninit_sava_router(void)
-{
- if (!hip_sava_client && !hip_sava_router) {
- hip_sava_router = 0;
- if (hip_sava_router) {
- HIP_DEBUG("Uninitializing SAVA server mode \n");
- /* IPv4 packets */
- system_print("iptables -D HIPFW-FORWARD -p tcp -j QUEUE
2>/dev/null");
- system_print("iptables -D HIPFW-FORWARD -p udp -j QUEUE
2>/dev/null");
- /* IPv6 packets */
- system_print("ip6tables -D HIPFW-FORWARD -p tcp -j QUEUE
2>/dev/null");
- system_print("ip6tables -D HIPFW-FORWARD -p udp -j QUEUE
2>/dev/null");
-
- /* Stop queueing HIP packets */
- system_print("iptables -D HIPFW-INPUT -p 139 -j ACCEPT
2>/dev/null");
- system_print("ip6tables -D HIPFW-INPUT -p 139 -j ACCEPT
2>/dev/null");
-
- iptables_do_command("iptables -t nat -D PREROUTING -j %s
2>/dev/null",
- SAVAH_PREROUTING);
- iptables_do_command("ip6tables -D PREROUTING -j %s 2>/dev/null",
- SAVAH_PREROUTING);
-
- iptables_do_command("iptables -t nat -F %s 2>/dev/null",
- SAVAH_PREROUTING);
- iptables_do_command("ip6tables -F %s 2>/dev/null",
- SAVAH_PREROUTING);
-
- iptables_do_command("iptables -t nat -X %s 2>/dev/null",
- SAVAH_PREROUTING);
- iptables_do_command("ip6tables -X %s 2>/dev/null",
- SAVAH_PREROUTING);
- }
- }
- return;
-}
-
-/**
- * update sava state
- *
- * @param msg message containing the sava state
- */
-void hip_fw_update_sava(struct hip_common *msg)
-{
- if (hip_sava_router || hip_sava_client) {
- handle_sava_i2_state_update(msg);
- }
-}
-
-/**
* Initialize packet capture rules for opportunistic TCP extension
*
* @return zero on success or non-zero on error
@@ -946,7 +796,6 @@
hip_fw_uninit_esp_prot();
hip_fw_uninit_esp_prot_conntrack();
hip_fw_uninit_lsi_support();
- hip_fw_uninit_sava_router();
hip_fw_uninit_datapacket_mode();
#ifdef CONFIG_HIP_PERFORMANCE
@@ -1436,15 +1285,6 @@
HIP_DEBUG("hip_fw_handle_hip_output \n");
if (filter_traffic) {
- if (hip_sava_router) {
- hip_common_t *buf = ctx->transport_hdr.hip;
- if (buf->type_hdr == HIP_I2) {
- if (sava_check_state(&ctx->src, &buf->hits) == 0) {
- goto out_err;
- }
- }
- }
-
verdict = filter_hip(&ctx->src,
&ctx->dst,
ctx->transport_hdr.hip,
@@ -1458,7 +1298,6 @@
HIP_INFO("\n");
-out_err:
/* zero return value means that the packet should be dropped */
return verdict;
}
@@ -1507,12 +1346,8 @@
tcphdr = ((struct tcphdr *) (((char *) iphdr) + ctx->ip_hdr_len));
hdrBytes = ((char *) iphdr) + ctx->ip_hdr_len;
}
- if (hip_sava_client &&
- !hip_lsi_support &&
- !hip_userspace_ipsec) {
- HIP_DEBUG("Handling normal traffic in SAVA mode \n ");
- verdict = hip_sava_handle_output(ctx);
- } else if (ctx->ip_version == 6
+
+ if (ctx->ip_version == 6
&& (hip_userspace_ipsec || hip_datapacket_mode)) {
hip_hit_t *def_hit = hip_fw_get_default_hit();
@@ -1637,9 +1472,6 @@
&ctx->dst,
ctx->ip_hdr_len,
ctx->ip_version);
- } else if (hip_sava_router) {
- HIP_DEBUG("hip_sava_router \n");
- verdict = hip_sava_handle_router_forward(ctx);
}
/* No need to check default rules as it is handled by the iptables rules */
@@ -2492,7 +2324,6 @@
/* Starting hipfw does not always work when hipfw starts first -miika */
if (hip_userspace_ipsec
- || hip_sava_router
|| hip_lsi_support
|| hip_proxy_status
|| system_based_opp_mode) {
@@ -2573,14 +2404,6 @@
request_hipproxy_status();
#endif /* CONFIG_HIP_HIPPROXY */
-#if 0
- if (!hip_sava_client) {
- request_savah_status(SO_HIP_SAVAH_SERVER_STATUS_REQUEST);
- }
- if (!hip_sava_router) {
- request_savah_status(SO_HIP_SAVAH_CLIENT_STATUS_REQUEST);
- }
-#endif
highest_descriptor = maxof(3, hip_fw_async_sock, h4->fd, h6->fd);
hip_msg_init(msg);
=== modified file 'firewall/firewall.h'
--- firewall/firewall.h 2010-02-17 17:38:08 +0000
+++ firewall/firewall.h 2010-03-07 11:20:52 +0000
@@ -29,11 +29,6 @@
int hip_fw_uninit_opptcp(void);
int hip_fw_init_proxy(void);
int hip_fw_uninit_proxy(void);
-void hip_fw_uninit_sava_client(void);
-void hip_fw_uninit_sava_router(void);
-int hip_fw_init_sava_router(void);
-int hip_fw_init_sava_client(void);
-void hip_fw_update_sava(struct hip_common *msg);
void set_stateful_filtering(const int active);
hip_hit_t *hip_fw_get_default_hit(void);
hip_lsi_t *hip_fw_get_default_lsi(void);
=== modified file 'firewall/firewall_control.c'
--- firewall/firewall_control.c 2010-03-03 13:16:18 +0000
+++ firewall/firewall_control.c 2010-03-07 11:20:52 +0000
@@ -26,7 +26,6 @@
#include "user_ipsec_fw_msg.h"
#include "firewalldb.h"
#include "sysopp.h"
-#include "sava_api.h"
/**
* Change the state of hadb state cache in the firewall
@@ -87,9 +86,6 @@
HIP_DEBUG("of type %d\n", type);
switch (type) {
- case SO_HIP_FW_I2_DONE:
- hip_fw_update_sava(msg);
- break;
case SO_HIP_FW_BEX_DONE:
case SO_HIP_FW_UPDATE_DB:
if (hip_lsi_support) {
@@ -127,22 +123,6 @@
}
hip_proxy_status = 0;
break;
- case SO_HIP_SET_SAVAH_CLIENT_ON:
- HIP_DEBUG("Received HIP_SAVAH_CLIENT_STATUS: ON message from hipd \n");
- hip_fw_init_sava_client();
- break;
- case SO_HIP_SET_SAVAH_CLIENT_OFF:
- _HIP_DEBUG("Received HIP_SAVAH_CLIENT_STATUS: OFF message from hipd
\n");
- hip_fw_uninit_sava_client();
- break;
- case SO_HIP_SET_SAVAH_SERVER_OFF:
- _HIP_DEBUG("Received HIP_SAVAH_SERVER_STATUS: OFF message from hipd
\n");
- hip_fw_uninit_sava_router();
- break;
- case SO_HIP_SET_SAVAH_SERVER_ON:
- HIP_DEBUG("Received HIP_SAVAH_SERVER_STATUS: ON message from hipd \n");
- hip_fw_init_sava_router();
- break;
case SO_HIP_SET_OPPTCP_ON:
HIP_DEBUG("Opptcp on\n");
if (!hip_opptcp) {
=== modified file 'firewall/firewall_control.h'
--- firewall/firewall_control.h 2010-02-17 17:38:08 +0000
+++ firewall/firewall_control.h 2010-03-07 11:20:52 +0000
@@ -10,9 +10,4 @@
int hip_handle_msg(struct hip_common *msg);
-#if 0
-int request_savah_status(int mode);
-int handle_sava_i2_state_update(struct hip_common *msg, int hip_lsi_support);
-#endif
-
#endif /*HIP_FIREWALL_FIREWALL_CONTROL_H*/
=== modified file 'hipd/accessor.c'
--- hipd/accessor.c 2010-03-04 20:22:43 +0000
+++ hipd/accessor.c 2010-03-07 11:20:52 +0000
@@ -223,63 +223,3 @@
HIP_DEBUG("hip_set_hip_proxy_off() invoked.\n");
return err;
}
-
-/**
- * Query status of sava client mode
- *
- * @return one if the sava client mode is on or zero otherwise
- */
-int hip_get_sava_client_status(void)
-{
- return hipsava_client;
-}
-
-/**
- * Query status of sava server mode
- *
- * @return one if the sava server mode is on or zero otherwise
- */
-int hip_get_sava_server_status(void)
-{
- return hipsava_server;
-}
-
-/**
- * Set the client-side sava mode on
- *
- * @return zero on success or negative on error
- */
-void hip_set_sava_client_on(void)
-{
- hipsava_client = 1;
-}
-
-/**
- * Set the server-side sava mode on
- *
- * @return zero on success or negative on error
- */
-void hip_set_sava_server_on(void)
-{
- hipsava_server = 1;
-}
-
-/**
- * Set the client-side sava mode off
- *
- * @return zero on success or negative on error
- */
-void hip_set_sava_client_off(void)
-{
- hipsava_client = 0;
-}
-
-/**
- * Set the server-side sava mode off
- *
- * @return zero on success or negative on error
- */
-void hip_set_sava_server_off(void)
-{
- hipsava_server = 0;
-}
=== modified file 'hipd/accessor.h'
--- hipd/accessor.h 2010-02-17 17:38:08 +0000
+++ hipd/accessor.h 2010-03-07 11:20:52 +0000
@@ -46,21 +46,11 @@
int hip_get_hip_proxy_status(void);
int hip_set_hip_proxy_on(void);
int hip_set_hip_proxy_off(void);
-int hip_get_sava_client_status(void);
-int hip_get_sava_server_status(void);
-void hip_set_sava_client_on(void);
-void hip_set_sava_server_on(void);
-void hip_set_sava_client_off(void);
-void hip_set_sava_server_off(void);
/** Specifies the NAT status of the daemon. This value indicates if the current
* machine is behind a NAT. Defined in hipd.c */
extern int hipproxy;
-/*SAVAH modes*/
-extern int hipsava_client;
-extern int hipsava_server;
-
extern unsigned int opportunistic_mode;
#endif /* HIP_HIPD_ACCESSOR_H */
=== modified file 'hipd/hadb.c'
--- hipd/hadb.c 2010-03-05 09:10:50 +0000
+++ hipd/hadb.c 2010-03-07 11:20:52 +0000
@@ -1350,7 +1350,6 @@
case HIP_HA_CTRL_LOCAL_REQ_RELAY:
case HIP_HA_CTRL_LOCAL_REQ_FULLRELAY:
case HIP_HA_CTRL_LOCAL_REQ_RVS:
- case HIP_HA_CTRL_LOCAL_REQ_SAVAH:
case HIP_HA_CTRL_LOCAL_GRANTED_FULLRELAY:
#if 0
if (mask == HIP_HA_CTRL_LOCAL_REQ_RELAY) {
@@ -1385,9 +1384,7 @@
case HIP_HA_CTRL_PEER_UNSUP_CAPABLE:
case HIP_HA_CTRL_PEER_RVS_CAPABLE:
case HIP_HA_CTRL_PEER_RELAY_CAPABLE:
- case HIP_HA_CTRL_PEER_SAVAH_CAPABLE:
case HIP_HA_CTRL_PEER_FULLRELAY_CAPABLE:
- case HIP_HA_CTRL_PEER_GRANTED_SAVAH:
case HIP_HA_CTRL_PEER_GRANTED_UNSUP:
case HIP_HA_CTRL_PEER_GRANTED_RVS:
case HIP_HA_CTRL_PEER_GRANTED_RELAY:
@@ -1395,7 +1392,6 @@
case HIP_HA_CTRL_PEER_REFUSED_UNSUP:
case HIP_HA_CTRL_PEER_REFUSED_RELAY:
case HIP_HA_CTRL_PEER_REFUSED_RVS:
- case HIP_HA_CTRL_PEER_REFUSED_SAVAH:
case HIP_HA_CTRL_PEER_REFUSED_FULLRELAY:
#if 0
if (mask == HIP_HA_CTRL_PEER_GRANTED_RELAY) {
=== modified file 'hipd/hipd.c'
--- hipd/hipd.c 2010-03-03 13:16:18 +0000
+++ hipd/hipd.c 2010-03-07 11:20:52 +0000
@@ -69,10 +69,6 @@
* This value indicates if the HIP PROXY is running. */
int hipproxy = 0;
-/*SAVAH modes*/
-int hipsava_client = 0;
-int hipsava_server = 0;
-
/* Encrypt host id in I2 */
int hip_encrypt_i2_hi = 0;
@@ -111,8 +107,6 @@
int opendht_serving_gateway_port = OPENDHT_PORT;
int opendht_serving_gateway_ttl = OPENDHT_TTL;
-struct in6_addr *sava_serving_gateway = NULL;
-
char opendht_name_mapping[HIP_HOST_ID_HOSTNAME_LEN_MAX]; /* what name should
be used as key */
char opendht_host_name[256];
unsigned char opendht_hdrr_secret[40];
=== modified file 'hipd/hipd.h'
--- hipd/hipd.h 2010-02-17 17:38:08 +0000
+++ hipd/hipd.h 2010-03-07 11:20:52 +0000
@@ -149,8 +149,6 @@
extern hip_transform_suite_t hip_nat_status;
-extern struct in6_addr *sava_serving_gateway;
-
extern int hip_use_userspace_data_packet_mode;
extern int hip_buddies_inuse;
=== modified file 'hipd/input.c'
--- hipd/input.c 2010-03-05 08:47:53 +0000
+++ hipd/input.c 2010-03-07 11:20:52 +0000
@@ -2507,10 +2507,6 @@
entry->update_id_out = -1;
entry->state = HIP_STATE_ESTABLISHED;
- /*For SAVA this lets to register the client on firewall once the keys are
established*/
- hip_firewall_set_i2_data(SO_HIP_FW_I2_DONE, entry, &entry->hit_our,
- &entry->hit_peer, i2_saddr, i2_daddr);
-
/***** LOCATOR PARAMETER ******/
/* Why do we process the LOCATOR parameter only after R2 has been sent?
* -Lauri 29.04.2008.
@@ -2920,13 +2916,6 @@
if (entry->state == HIP_STATE_ESTABLISHED) {
HIP_DEBUG("Send response to firewall \n");
hip_firewall_set_bex_data(SO_HIP_FW_BEX_DONE, entry, &entry->hit_our,
&entry->hit_peer);
- if (entry->peer_controls & HIP_HA_CTRL_PEER_GRANTED_SAVAH) {
- //Enable savah client mode on the firewall
- hip_set_sava_client_on();
- hip_firewall_set_savah_status(SO_HIP_SET_SAVAH_CLIENT_ON);
- } else {
- HIP_DEBUG("Entry control flag is not
HIP_HA_CTRL_PEER_GRANTED_SAVAH. Value is %d \n", entry->local_controls);
- }
} else {
hip_firewall_set_bex_data(SO_HIP_FW_BEX_DONE, entry, NULL, NULL);
}
=== modified file 'hipd/maintenance.c'
--- hipd/maintenance.c 2010-03-03 13:16:18 +0000
+++ hipd/maintenance.c 2010-03-07 11:20:52 +0000
@@ -513,32 +513,6 @@
return err;
}
-int hip_firewall_set_savah_status(int status)
-{
- int n, err = 0;
- struct sockaddr_in6 sock_addr;
- struct hip_common *msg = NULL;
- bzero(&sock_addr, sizeof(sock_addr));
- sock_addr.sin6_family = AF_INET6;
- sock_addr.sin6_port = htons(HIP_FIREWALL_PORT);
- sock_addr.sin6_addr = in6addr_loopback;
-
- HIP_IFEL(!(msg = HIP_MALLOC(HIP_MAX_PACKET, 0)), -1, "alloc\n");
- hip_msg_init(msg);
-
- hip_build_user_hdr(msg, status, 0);
-
- n = hip_sendto_user(msg, (struct sockaddr *) &sock_addr);
-
- HIP_IFEL(n < 0, 0, "sendto() failed\n");
-
- if (err == 0) {
- HIP_DEBUG("SEND SAVAH SERVER STATUS OK.\n");
- }
-out_err:
- return err;
-}
-
int hip_firewall_set_bex_data(int action, hip_ha_t *entry, struct in6_addr
*hit_s, struct in6_addr *hit_r)
{
struct hip_common *msg = NULL;
=== modified file 'hipd/maintenance.c.doxyme'
--- hipd/maintenance.c.doxyme 2010-02-17 17:38:08 +0000
+++ hipd/maintenance.c.doxyme 2010-03-07 11:20:52 +0000
@@ -150,15 +150,6 @@
/**
- * hip_firewall_set_savah_status
- *
- *
- * @param status
- * @return
- */
-
-
-/**
* hip_handle_retransmission
*
*
=== modified file 'hipd/maintenance.h'
--- hipd/maintenance.h 2010-03-03 13:16:18 +0000
+++ hipd/maintenance.h 2010-03-07 11:20:52 +0000
@@ -29,7 +29,6 @@
struct timeval *stval, struct timeval *rtval);
/*Communication with firewall daemon*/
-int hip_firewall_set_savah_status(int status);
int hip_firewall_set_bex_data(int action, hip_ha_t *entry, struct in6_addr
*hit_s,
struct in6_addr *hit_r);
int hip_firewall_set_esp_relay(int action);
=== modified file 'hipd/registration.c'
--- hipd/registration.c 2010-02-17 17:38:08 +0000
+++ hipd/registration.c 2010-03-07 11:20:52 +0000
@@ -65,14 +65,10 @@
hip_services[1].status = HIP_SERVICE_OFF;
hip_services[1].min_lifetime = HIP_RELREC_MIN_LIFETIME;
hip_services[1].max_lifetime = HIP_RELREC_MAX_LIFETIME;
- hip_services[2].reg_type = HIP_SERVICE_SAVAH;
+ hip_services[2].reg_type = HIP_FULLRELAY;
hip_services[2].status = HIP_SERVICE_OFF;
hip_services[2].min_lifetime = HIP_RELREC_MIN_LIFETIME;
hip_services[2].max_lifetime = HIP_RELREC_MAX_LIFETIME;
- hip_services[3].reg_type = HIP_FULLRELAY;
- hip_services[3].status = HIP_SERVICE_OFF;
- hip_services[3].min_lifetime = HIP_RELREC_MIN_LIFETIME;
- hip_services[3].max_lifetime = HIP_RELREC_MAX_LIFETIME;
hip_ll_init(&pending_requests);
}
@@ -248,8 +244,6 @@
cursor += sprintf(cursor, "rendezvous\n");
} else if (srv->reg_type == HIP_SERVICE_RELAY) {
cursor += sprintf(cursor, "relay\n");
- } else if (srv->reg_type == HIP_SERVICE_SAVAH) {
- cursor += sprintf(cursor, "savah\n");
} else if (srv->reg_type == HIP_SERVICE_FULLRELAY) {
cursor += sprintf(cursor, "fullrelay\n");
} else {
@@ -551,12 +545,6 @@
entry, HIP_HA_CTRL_PEER_FULLRELAY_CAPABLE);
break;
- case HIP_SERVICE_SAVAH:
- HIP_INFO("Responder offers savah service.\n");
- memcpy(sava_serving_gateway, &entry->hit_peer, sizeof(struct
in6_addr));
- hip_hadb_set_peer_controls(
- entry, HIP_HA_CTRL_PEER_SAVAH_CAPABLE);
- break;
default:
HIP_INFO("Responder offers unsupported service.\n");
hip_hadb_set_peer_controls(
@@ -922,18 +910,6 @@
entry, HIP_HA_CTRL_PEER_REFUSED_FULLRELAY);
break;
}
- case HIP_SERVICE_SAVAH:
- {
- HIP_DEBUG("The server has refused to grant us " \
- "savah service.\n%s\n", reason);
- hip_hadb_cancel_local_controls(
- entry, HIP_HA_CTRL_LOCAL_REQ_SAVAH);
- hip_del_pending_request_by_type(
- entry, HIP_SERVICE_SAVAH);
- hip_hadb_set_peer_controls(
- entry, HIP_HA_CTRL_PEER_REFUSED_SAVAH);
- break;
- }
default:
HIP_DEBUG("The server has refused to grant us " \
"an unknown service (%u).\n%s\n",
@@ -1129,16 +1105,6 @@
}
break;
- case HIP_SERVICE_SAVAH:
- HIP_DEBUG("Client is registering to savah service.\n");
- accepted_requests[*accepted_count] =
- reg_types[i];
- accepted_lifetimes[*accepted_count] =
- lifetime;
- (*accepted_count)++;
-
- HIP_DEBUG("Registration accepted.\n");
- break;
default:
HIP_DEBUG("Client is trying to register to an "
"unsupported service.\nRegistration " \
@@ -1363,27 +1329,6 @@
hip_delete_security_associations_and_sp(entry);
break;
}
- case HIP_SERVICE_SAVAH:
- {
- struct hip_common *msg = NULL;
- int err = 0;
- HIP_DEBUG("The server has granted us savah " \
- "service for %u seconds (lifetime 0x%x.)\n",
- seconds, lifetime);
- hip_hadb_cancel_local_controls(
- entry, HIP_HA_CTRL_LOCAL_REQ_SAVAH);
- hip_hadb_set_peer_controls(
- entry, HIP_HA_CTRL_PEER_GRANTED_SAVAH);
- hip_del_pending_request_by_type(
- entry, HIP_SERVICE_SAVAH);
- HIP_IFEL(!(msg = HIP_MALLOC(HIP_MAX_PACKET, 0)), -1, "alloc\n");
- hip_msg_init(msg);
- hip_build_user_hdr(msg, SO_HIP_SET_SAVAH_CLIENT_ON, 0);
- hip_set_msg_response(msg, 0);
- hip_sendto_firewall(msg);
-out_err:
- break;
- }
default:
{
HIP_DEBUG("The server has granted us an unknown " \
@@ -1457,17 +1402,6 @@
break;
}
- case HIP_SERVICE_SAVAH:
- {
- HIP_DEBUG("The server has cancelled our savah " \
- "service.\n");
- hip_hadb_cancel_local_controls(
- entry, HIP_HA_CTRL_LOCAL_REQ_SAVAH);
- hip_del_pending_request_by_type(
- entry, HIP_SERVICE_SAVAH);
-
- break;
- }
default:
{
HIP_DEBUG("The server has cancelled our registration " \
=== modified file 'hipd/user.c'
--- hipd/user.c 2010-03-05 08:47:53 +0000
+++ hipd/user.c 2010-03-07 11:20:52 +0000
@@ -557,140 +557,6 @@
}
}
break;
- case SO_HIP_SAVAH_CLIENT_STATUS_REQUEST:
- {
- //firewall socket address
- struct sockaddr_in6 sock_addr;
- memset(&sock_addr, 0, sizeof(sock_addr));
- sock_addr.sin6_family = AF_INET6;
- sock_addr.sin6_port = htons(HIP_FIREWALL_PORT);
- sock_addr.sin6_addr = in6addr_loopback;
-
- HIP_DEBUG("Received SAVAH CLIENT Status Request from firewall\n");
- HIP_DEBUG("SAVAH CLIENT status %d \n", hip_get_sava_client_status());
- memset(msg, 0, sizeof(struct hip_common));
-
- if (hip_get_sava_client_status() == 0) {
- hip_build_user_hdr(msg, SO_HIP_SET_SAVAH_CLIENT_OFF, 0);
- }
-
- if (hip_get_sava_client_status() == 1) {
- hip_build_user_hdr(msg, SO_HIP_SET_SAVAH_CLIENT_ON, 0);
- }
- }
- break;
- case SO_HIP_SAVAH_SERVER_STATUS_REQUEST:
- {
- struct sockaddr_in6 sock_addr;
- memset(&sock_addr, 0, sizeof(sock_addr));
- sock_addr.sin6_family = AF_INET6;
- sock_addr.sin6_port = htons(HIP_FIREWALL_PORT);
- sock_addr.sin6_addr = in6addr_loopback;
-
- HIP_DEBUG("Received SAVAH SERVER Status Request from firewall\n");
- HIP_DEBUG("SAVAH SERVER status %d \n", hip_get_sava_server_status());
- memset(msg, 0, sizeof(struct hip_common));
- if (hip_get_sava_server_status() == 0) {
- hip_build_user_hdr(msg, SO_HIP_SET_SAVAH_SERVER_OFF, 0);
- }
-
- if (hip_get_sava_server_status() == 1) {
- hip_build_user_hdr(msg, SO_HIP_SET_SAVAH_SERVER_ON, 0);
- }
- }
- break;
- case SO_HIP_REGISTER_SAVAHR:
- {
- dst_hit = hip_get_param_contents(msg, HIP_PARAM_HIT);
- dst_ip = hip_get_param_contents(msg, HIP_PARAM_IPV6_ADDR);
- if (dst_hit == NULL && dst_ip == NULL) { //HIT and IP are missing
worst case opportunistic mode to register with the SAVAH router
- } else if (dst_hit == NULL && dst_ip != NULL) { //we have at least
SAVAH router IP
- } else { // Both HIT and IP are present that is the simplest case we
can register with the router directly
- /* Add HIT to IP address mapping of the server to haDB. */
- HIP_IFEL(hip_add_peer_map(msg), -1, "Error on registering sava
router " \
- "HIT to IP address mapping to
the haDB.\n");
- /* Fetch the haDB entry just created. */
- entry = hip_hadb_try_to_find_by_peer_hit(dst_hit);
-
- if (entry == NULL) {
- HIP_ERROR("Error on fetching routers HIT to IP address " \
- "mapping from the haDB.\n");
- err = -1;
- goto out_err;
- }
-
- if (!sava_serving_gateway) {
- sava_serving_gateway =
- (struct in6_addr *) malloc(sizeof(struct in6_addr));
- memset(sava_serving_gateway, 0, sizeof(struct in6_addr));
- }
-
- memcpy(sava_serving_gateway, dst_hit, sizeof(struct in6_addr));
-
- HIP_IFEL(hip_send_i1(&entry->hit_our, dst_hit, entry), -1,
- "Error on sending I1 packet to the server.\n");
- }
- }
- break;
- case SO_HIP_GET_SAVAHR_IN_KEYS:
- {
- dst_hit = hip_get_param_contents(msg, HIP_PARAM_HIT);
- entry = hip_hadb_try_to_find_by_peer_hit(dst_hit);
-
- if (entry == NULL) {
- } else {
- _HIP_DEBUG_HIT("Destination HIT: ", dst_hit);
- HIP_IFEL(hip_build_param_contents(msg, (void *) dst_hit,
HIP_PARAM_HIT,
- sizeof(struct in6_addr)), -1,
- "build param contents failed\n");
- _HIP_HEXDUMP("crypto key :", &entry->auth_in, sizeof(struct
hip_crypto_key));
- HIP_IFEL(hip_build_param_contents(msg,
- (struct hip_crypto_key *)
&entry->auth_in, //HMAC key for incomming direction
- HIP_PARAM_KEYS,
- sizeof(struct hip_crypto_key)),
-1,
- "build param contents failed\n");
- _HIP_DEBUG("ealg value is %d \n", entry->esp_transform);
- HIP_IFEL(hip_build_param_contents(msg, (void *)
&entry->esp_transform, HIP_PARAM_INT,
- sizeof(int)), -1,
- "build param contents failed\n");
- }
- }
- break;
- case SO_HIP_GET_SAVAHR_OUT_KEYS:
- {
- dst_hit = hip_get_param_contents(msg, HIP_PARAM_HIT);
- entry = hip_hadb_try_to_find_by_peer_hit(dst_hit);
-
- if (entry == NULL) {
- } else {
- _HIP_DEBUG_HIT("Destination HIT: ", dst_hit);
- HIP_IFEL(hip_build_param_contents(msg, (void *) dst_hit,
HIP_PARAM_HIT,
- sizeof(struct in6_addr)), -1,
- "build param contents failed\n");
- _HIP_HEXDUMP("crypto key :", &entry->auth_out, sizeof(struct
hip_crypto_key));
- HIP_IFEL(hip_build_param_contents(msg,
- (struct hip_crypto_key *)
&entry->auth_out, //HMAC key for incomming direction
- HIP_PARAM_KEYS,
- sizeof(struct hip_crypto_key)),
-1,
- "build param contents failed\n");
- _HIP_DEBUG("ealg value is %d \n", entry->esp_transform);
- HIP_IFEL(hip_build_param_contents(msg, (void *)
&entry->esp_transform, HIP_PARAM_INT,
- sizeof(int)), -1,
- "build param contents failed\n");
- }
- }
- break;
- case SO_HIP_GET_SAVAHR_HIT:
- {
- if (sava_serving_gateway) {
- _HIP_DEBUG_HIT("SAVAH HIT: ", sava_serving_gateway);
- HIP_IFEL(hip_build_param_contents(msg, (void *)
sava_serving_gateway,
- HIP_PARAM_HIT,
- sizeof(struct in6_addr)), -1,
- "build param contents failed\n");
- }
- }
- break;
#ifdef CONFIG_HIP_RVS
case SO_HIP_ADD_DEL_SERVER:
{
@@ -837,22 +703,6 @@
entry->nat_mode = 1;
add_to_global = 1;
break;
- case HIP_SERVICE_SAVAH:
- HIP_DEBUG("HIP_SERVICE_SAVAH \n");
- if (!sava_serving_gateway) {
- sava_serving_gateway =
- (struct in6_addr *) malloc(sizeof(struct in6_addr));
- memset(sava_serving_gateway, 0, sizeof(struct in6_addr));
- }
- if (!opp_mode) {
- memcpy(sava_serving_gateway, dst_hit, sizeof(struct
in6_addr));
- }
-
- hip_set_sava_client_off();
-
- hip_hadb_set_local_controls(
- entry, HIP_HA_CTRL_LOCAL_REQ_SAVAH);
- break;
default:
HIP_INFO("Undefined service type (%u) " \
"requested in the service " \
@@ -942,15 +792,6 @@
err = hip_recreate_all_precreated_r1_packets();
break;
- case SO_HIP_OFFER_SAVAH:
- hip_set_srv_status(HIP_SERVICE_SAVAH, HIP_SERVICE_ON);
- hip_set_sava_server_on();
- err = hip_recreate_all_precreated_r1_packets();
- hip_build_user_hdr(msg, SO_HIP_SET_SAVAH_SERVER_ON, 0);
- hip_set_msg_response(msg, 0);
- hip_sendto_firewall(msg);
- HIP_DEBUG("Handling SO_HIP_OFFER_SAVAH: STATUS ON\n");
- break;
case SO_HIP_OFFER_FULLRELAY:
HIP_IFEL(hip_firewall_set_esp_relay(1), -1,
"Failed to enable ESP relay in firewall\n");
@@ -980,12 +821,6 @@
"the HIP relay / RVS service.\n");
break;
-
- case SO_HIP_CANCEL_SAVAH:
- hip_set_srv_status(HIP_SERVICE_SAVAH, HIP_SERVICE_OFF);
- hip_set_sava_server_off();
- HIP_DEBUG("Handling CANCEL SAVAH user message.\n");
- break;
case SO_HIP_CANCEL_RVS:
HIP_DEBUG("Handling CANCEL RVS user message.\n");
=== modified file 'lib/conf/hipconf.c'
--- lib/conf/hipconf.c 2010-03-05 08:57:28 +0000
+++ lib/conf/hipconf.c 2010-03-07 11:20:52 +0000
@@ -86,7 +86,7 @@
#define TYPE_HI3 28
/* free slot (was for TYPE_GET_PEER_LSI 29) */
#define TYPE_BUDDIES 30
-#define TYPE_SAVAHR 31 /* SAVA router HIT IP pair */
+/* free slot */
#define TYPE_NSUPDATE 32
#define TYPE_HIT_TO_IP 33
#define TYPE_HIT_TO_IP_SET 34
@@ -435,9 +435,6 @@
if (ha->peer_controls & HIP_HA_CTRL_PEER_GRANTED_RVS) {
HIP_INFO(" Peer has granted us rendezvous service\n");
}
- if (ha->peer_controls & HIP_HA_CTRL_PEER_GRANTED_SAVAH) {
- HIP_INFO(" Peer has granted us SAVAH service\n");
- }
if (ha->peer_controls & HIP_HA_CTRL_PEER_GRANTED_UNSUP) {
HIP_DEBUG(" Peer has granted us an unknown service\n");
}
@@ -450,9 +447,6 @@
if (ha->peer_controls & HIP_HA_CTRL_PEER_REFUSED_RVS) {
HIP_INFO(" Peer has refused to grant us RVS service\n");
}
- if (ha->peer_controls & HIP_HA_CTRL_PEER_REFUSED_SAVAH) {
- HIP_INFO(" Peer has refused to grant us SAVAH service\n");
- }
if (ha->peer_controls & HIP_HA_CTRL_PEER_REFUSED_UNSUP) {
HIP_DEBUG(" Peer has refused to grant us an unknown service\n");
}
@@ -1037,8 +1031,6 @@
reg_types[i] = HIP_SERVICE_RENDEZVOUS;
} else if (strcmp("relay", lowercase) == 0) {
reg_types[i] = HIP_SERVICE_RELAY;
- } else if (strcmp("savah", lowercase) == 0) {
- reg_types[i] = HIP_SERVICE_SAVAH;
} else if (strcmp("full-relay", lowercase) == 0) {
reg_types[i] = HIP_SERVICE_FULLRELAY;
} /* To cope with the atoi() error value we handle the 'zero'
@@ -2383,10 +2375,6 @@
HIP_INFO("Adding HIP UDP relay service.\n");
HIP_IFEL(hip_build_user_hdr(msg, SO_HIP_OFFER_HIPRELAY, 0), -1,
"Failed to build user message header.\n");
- } else if (strcmp(opt[0], "savah") == 0) {
- HIP_INFO("Adding HIP SAVA service.\n");
- HIP_IFEL(hip_build_user_hdr(msg, SO_HIP_OFFER_SAVAH, 0), -1,
- "Failed to build user message header.\n");
} else if (strcmp(opt[0], "full-relay") == 0) {
HIP_INFO("Adding HIP_FULLRELAY service.\n");
HIP_IFEL(hip_build_user_hdr(msg, SO_HIP_OFFER_FULLRELAY, 0), -1,
@@ -2417,11 +2405,6 @@
HIP_IFEL(hip_build_user_hdr(
msg, SO_HIP_CANCEL_HIPRELAY, 0), -1,
"Failed to build user message header.\n");
- } else if (strcmp(opt[0], "sava") == 0) {
- HIP_INFO("Deleting SAVAH service.\n");
- HIP_IFEL(hip_build_user_hdr(
- msg, SO_HIP_CANCEL_SAVAH, 0), -1,
- "Failed to build user message header.\n");
} else if (strcmp(opt[0], "full-relay") == 0) {
HIP_INFO("Deleting HIP full relay service.\n");
HIP_IFEL(hip_build_user_hdr(
@@ -3098,56 +3081,6 @@
}
/**
- * handle sava extension
- *
- * @param msg input/output message for the query/response for hipd
- * @param action unused
- * @param opt options arguments as strings
- * @param optc number of arguments
- * @param send_only 1 if no response from hipd should be requrested, or 0 if
- * should block for a response from hipd
- * @return zero for success and negative on error
- */
-int hip_conf_handle_sava(struct hip_common *msg, int action,
- const char *opt[], int optc)
-{
- int err = 0;
- in6_addr_t hit, ip6;
-
- HIP_DEBUG("action=%d optc=%d\n", action, optc);
- if (action == ACTION_ADD) {
- //HIP_IFEL((optc != 0 || optc != 2), -1, "Missing arguments\n");
-
- if (optc == 2) {
- HIP_IFEL(hip_build_user_hdr(msg, SO_HIP_REGISTER_SAVAHR,
- 0), -1, "add peer map failed\n");
- HIP_IFEL(convert_string_to_address(opt[0], &hit), -1,
- "string to address conversion failed\n");
-
- HIP_IFEL((err = convert_string_to_address(opt[1], &ip6)), -1,
- "string to address conversion failed\n");
-
- HIP_IFEL(hip_build_param_contents(msg, (void *) &hit,
HIP_PARAM_HIT,
- sizeof(in6_addr_t)), -1,
- "build param hit failed\n");
-
- HIP_IFEL(hip_build_param_contents(msg, (void *) &ip6,
- HIP_PARAM_IPV6_ADDR,
- sizeof(in6_addr_t)), -1,
- "build param hit failed\n");
- }
- } else if (action == ACTION_GET) {
- HIP_IFEL(hip_build_user_hdr(msg, SO_HIP_GET_SAVAHR_HIT,
- 0), -1, "add peer map failed\n");
- } else {
- HIP_IFEL(1, -1, "bad args\n");
- }
-out_err:
- return err;
-}
-
-
-/**
* Handles the hipconf commands where the type is @c load.
*
* @param msg a pointer to the buffer where the message for hipd will
@@ -3299,7 +3232,7 @@
hip_conf_handle_hi3, /* 28: TYPE_HI3 */
NULL, /* 29: unused */
hip_conf_handle_buddies_toggle, /* 30: TYPE_BUDDIES */
- NULL, /* 31: TYPE_SAVAHR, reserved for sava */
+ NULL, /* 31: unused */
hip_conf_handle_nsupdate, /* 32: TYPE_NSUPDATE */
hip_conf_handle_hit_to_ip, /* 33: TYPE_HIT_TO_IP */
hip_conf_handle_hit_to_ip_set, /* 34: TYPE_HIT_TO_IP_SET */
=== modified file 'lib/core/builder.c'
--- lib/core/builder.c 2010-03-05 09:10:50 +0000
+++ lib/core/builder.c 2010-03-07 11:20:52 +0000
@@ -1261,9 +1261,6 @@
case SO_HIP_TRIGGER_BEX: return "SO_HIP_TRIGGER_BEX";
//case SO_HIP_IS_OUR_LSI: return "SO_HIP_IS_OUR_LSI";
case SO_HIP_GET_PEER_HIT: return "SO_HIP_GET_PEER_HIT";
- case SO_HIP_REGISTER_SAVAHR: return "SO_HIP_REGISTER_SAVAHR";
- case SO_HIP_GET_SAVAHR_IN_KEYS: return "SO_HIP_GET_SAVAHR_IN_KEYS";
- case SO_HIP_GET_SAVAHR_OUT_KEYS: return "SO_HIP_GET_SAVAHR_OUT_KEYS";
//case SO_HIP_GET_PEER_HIT_BY_LSIS: return "SO_HIP_GET_PEER_HIT_BY_LSIS";
case SO_HIP_NSUPDATE_ON: return "SO_HIP_NSUPDATE_ON";
case SO_HIP_NSUPDATE_OFF: return "SO_HIP_NSUPDATE_OFF";
=== modified file 'lib/core/icomm.h'
--- lib/core/icomm.h 2010-03-05 09:10:50 +0000
+++ lib/core/icomm.h 2010-03-07 11:20:52 +0000
@@ -175,19 +175,7 @@
#define SO_HIP_BUDDIES_ON 162
#define SO_HIP_BUDDIES_OFF 163
#define SO_HIP_TURN_INFO 164
-#define SO_HIP_REGISTER_SAVAHR 165
-#define SO_HIP_GET_SAVAHR_HIT 166
-#define SO_HIP_GET_SAVAHR_IN_KEYS 167
-#define SO_HIP_GET_SAVAHR_OUT_KEYS 168
-#define SO_HIP_OFFER_SAVAH 169
-#define SO_HIP_CANCEL_SAVAH 170
-#define SO_HIP_FW_I2_DONE 171
-#define SO_HIP_SAVAH_CLIENT_STATUS_REQUEST 172
-#define SO_HIP_SAVAH_SERVER_STATUS_REQUEST 173
-#define SO_HIP_SET_SAVAH_CLIENT_OFF 174
-#define SO_HIP_SET_SAVAH_CLIENT_ON 175
-#define SO_HIP_SET_SAVAH_SERVER_OFF 176
-#define SO_HIP_SET_SAVAH_SERVER_ON 178
+/* free slots */
#define SO_HIP_NSUPDATE_OFF 179
#define SO_HIP_NSUPDATE_ON 180
#define SO_HIP_HIT_TO_IP_OFF 181
=== modified file 'lib/core/protodefs.h'
--- lib/core/protodefs.h 2010-03-05 09:10:50 +0000
+++ lib/core/protodefs.h 2010-03-07 11:20:52 +0000
@@ -160,7 +160,7 @@
#define HIP_PARAM_TRANSFORM_ORDER 32813
#define HIP_PARAM_HDRR_INFO 32814
#define HIP_PARAM_UADB_INFO 32815
-#define HIP_PARAM_SAVA_CRYPTO_INFO 32816
+/* free slot */
#define HIP_PARAM_SECRET 32817
#define HIP_PARAM_BRANCH_NODES 32818
#define HIP_PARAM_ROOT 32819
@@ -286,14 +286,12 @@
#define HIP_HA_CTRL_LOCAL_REQ_UNSUP 0x0001
#define HIP_HA_CTRL_LOCAL_REQ_RELAY 0x4000
#define HIP_HA_CTRL_LOCAL_REQ_RVS 0x8000
-#define HIP_HA_CTRL_LOCAL_REQ_SAVAH 0x0010
#define HIP_HA_CTRL_LOCAL_REQ_FULLRELAY 0x1000
/* Keep inside parentheses. */
#define HIP_HA_CTRL_LOCAL_REQ_ANY ( \
HIP_HA_CTRL_LOCAL_REQ_UNSUP | \
HIP_HA_CTRL_LOCAL_REQ_RELAY | \
HIP_HA_CTRL_LOCAL_REQ_RVS | \
- HIP_HA_CTRL_LOCAL_REQ_SAVAH | \
HIP_HA_CTRL_LOCAL_REQ_FULLRELAY \
)
#define HIP_HA_CTRL_LOCAL_GRANTED_FULLRELAY 0x0800
@@ -301,19 +299,16 @@
#define HIP_HA_CTRL_PEER_GRANTED_UNSUP 0x0001
#define HIP_HA_CTRL_PEER_GRANTED_RELAY 0x0800
#define HIP_HA_CTRL_PEER_GRANTED_RVS 0x1000
-#define HIP_HA_CTRL_PEER_GRANTED_SAVAH 0x0200
#define HIP_HA_CTRL_PEER_GRANTED_FULLRELAY 0x400
#define HIP_HA_CTRL_PEER_UNSUP_CAPABLE 0x0002
#define HIP_HA_CTRL_PEER_RELAY_CAPABLE 0x4000
#define HIP_HA_CTRL_PEER_RVS_CAPABLE 0x8000
-#define HIP_HA_CTRL_PEER_SAVAH_CAPABLE 0x0010
#define HIP_HA_CTRL_PEER_FULLRELAY_CAPABLE 0x2000
#define HIP_HA_CTRL_PEER_REFUSED_UNSUP 0x0004
#define HIP_HA_CTRL_PEER_REFUSED_RELAY 0x0040
#define HIP_HA_CTRL_PEER_REFUSED_RVS 0x0080
-#define HIP_HA_CTRL_PEER_REFUSED_SAVAH 0x0100
#define HIP_HA_CTRL_PEER_REFUSED_FULLRELAY 0x0020
/* @} */
@@ -330,10 +325,9 @@
*/
#define HIP_SERVICE_RENDEZVOUS 1
#define HIP_SERVICE_RELAY 2
-#define HIP_SERVICE_SAVAH 203
#define HIP_SERVICE_FULLRELAY 204
/* IMPORTANT! This must be the sum of above services. */
-#define HIP_TOTAL_EXISTING_SERVICES 4
+#define HIP_TOTAL_EXISTING_SERVICES 3
/* @} */
/** @addtogroup hip_proxy
=== modified file 'tools/hipl_autobuild'
--- tools/hipl_autobuild 2010-03-05 08:24:06 +0000
+++ tools/hipl_autobuild 2010-03-07 11:20:52 +0000
@@ -56,8 +56,8 @@
# Compile HIPL in different configurations
compile
# The following configuration is commented out until HIPL is fixed
-#compile --disable-rvs --disable-ice --disable-hipproxy
--disable-opportunistic --disable-savaipopt
-#compile --enable-agent --enable-cookie --enable-pfkey --enable-cert
--disable-rvs --disable-ice --disable-hipproxy --enable-openwrt --enable-altsep
--enable-i3 --disable-privsep --disable-opportunistic --disable-savaipopt
--disable-dht --enable-blind --enable-profiling --enable-ecdsa --disable-debug
--enable-midauth --enable-performance --enable-demo
+#compile --disable-rvs --disable-ice --disable-hipproxy --disable-opportunistic
+#compile --enable-agent --enable-cookie --enable-pfkey --enable-cert
--disable-rvs --disable-ice --disable-hipproxy --enable-openwrt --enable-altsep
--enable-i3 --disable-privsep --disable-opportunistic --disable-dht
--enable-blind --enable-profiling --enable-ecdsa --disable-debug
--enable-midauth --enable-performance --enable-demo
cleanup 0
=== modified file 'verbose-headers.txt'
--- verbose-headers.txt 2010-02-01 13:24:34 +0000
+++ verbose-headers.txt 2010-03-07 11:20:52 +0000
@@ -22,8 +22,8 @@
firewall/common_types.h : TimeVal
firewall/common_types.h : _TimeVal
firewall/common_types.h : TYPES_H_
-firewall/conndb firewall/proxydb firewall/sava_api firewall/user_ipsec_sadb
hipd/hadb hipd/hipqueue hipd/hiprelay libhipcore/hashtable libopphip/wrap_db
/usr/include/openssl/lhash.h : IMPLEMENT_LHASH_COMP_FN
-firewall/conndb firewall/proxydb firewall/sava_api firewall/user_ipsec_sadb
hipd/hadb hipd/hipqueue hipd/hiprelay libhipcore/hashtable libopphip/wrap_db
/usr/include/openssl/lhash.h : IMPLEMENT_LHASH_HASH_FN
+firewall/conndb firewall/proxydb firewall/user_ipsec_sadb hipd/hadb
hipd/hipqueue hipd/hiprelay libhipcore/hashtable libopphip/wrap_db
/usr/include/openssl/lhash.h : IMPLEMENT_LHASH_COMP_FN
+firewall/conndb firewall/proxydb firewall/user_ipsec_sadb hipd/hadb
hipd/hipqueue hipd/hiprelay libhipcore/hashtable libopphip/wrap_db
/usr/include/openssl/lhash.h : IMPLEMENT_LHASH_HASH_FN
firewall/conndb.h : hip_conn
firewall/conndb.h : hip_conn_key
firewall/conntrack.h : print_data
@@ -126,8 +126,6 @@
firewall/rule_management.h : test_rule_management
firewall/rule_management.h : TYPE_OPTION
firewall/rule_management.h : TYPE_STR
-firewall/rule_management.h : VERIFY_RESPONDER_STR
-firewall/sava_api.h : HIP_SAVA_API
firewall/user_ipsec_api.h : USER_IPSEC_API_H_
firewall/user_ipsec_api libhipcore/common_defines.h : MAX_ESP_PADDING
firewall/user_ipsec_esp.h : add_udp_header
@@ -513,7 +511,6 @@
libhipcore/protodefs.h : hip_nat_transform
libhipcore/protodefs.h : HIP_PARAM_MAX
libhipcore/protodefs.h : HIP_PARAM_MIN
-libhipcore/protodefs.h : HIP_PARAM_SAVA_CRYPTO_INFO
libhipcore/protodefs.h : HIP_PARAM_TURN_INFO
libhipcore/protodefs.h : _HIP_PROTODEFS
libhipcore/protodefs.h : hip_relay_to_old
Other related posts:
- » [hipl-commit] [trunk] Rev 3833: Removed SAVA code. - Miika Komu
