[hipl-commit] [trunk] Rev 4307: Remove all disabled code from firewall/conntrack.c.
- From: Diego Biurrun <diego@xxxxxxxxxx>
- To: hipl-commit@xxxxxxxxxxxxx
- Date: Fri, 16 Apr 2010 02:25:52 +0300
Committer: Diego Biurrun <diego@xxxxxxxxxx>
Date: 16/04/2010 at 02:25:52
Revision: 4307
Revision-id: diego@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Branch nick: trunk
Log:
Remove all disabled code from firewall/conntrack.c.
Modified:
M firewall/conntrack.c
=== modified file 'firewall/conntrack.c'
--- firewall/conntrack.c 2010-04-15 20:47:19 +0000
+++ firewall/conntrack.c 2010-04-15 23:25:38 +0000
@@ -55,22 +55,6 @@
unsigned long timeoutValue = 0;
/*------------print functions-------------*/
-#if 0
-static void print_data(struct hip_data *data)
-{
- char src[INET6_ADDRSTRLEN];
- char dst[INET6_ADDRSTRLEN];
- hip_in6_ntop(&data->src_hit, src);
- hip_in6_ntop(&data->dst_hit, dst);
- HIP_DEBUG("hip data: src %s dst %s\n", src, dst);
- if (data->src_hi == NULL) {
- HIP_DEBUG("no hi\n");
- } else {
- HIP_DEBUG("hi\n");
- }
-}
-#endif
-
/**
* prints out the list of addresses of esp_addr_list
*
@@ -187,11 +171,6 @@
static struct hip_data *get_hip_data(const struct hip_common *common)
{
struct hip_data *data = NULL;
-#if 0
- struct in6_addr hit;
- struct hip_host_id * host_id = NULL;
- int err = 0, len = 0;
-#endif
// init hip_data for this tuple
data = malloc(sizeof(struct hip_data));
@@ -200,41 +179,6 @@
memcpy(&data->src_hit, &common->hits, sizeof(struct in6_addr));
memcpy(&data->dst_hit, &common->hitr, sizeof(struct in6_addr));
- // needed for correct mobility update handling - added by Rene
-#if 0
- /* Store the public key and validate it */
- /** @todo Do not store the key if the verification fails. */
- if (!(host_id = ( hip_host_id *) hip_get_param(common,
HIP_PARAM_HOST_ID))) {
- HIP_DEBUG("No HOST_ID found in control message\n");
-
- data->src_hi = NULL;
- data->verify = NULL;
-
- goto out_err;
- }
-
- len = hip_get_param_total_len(host_id);
-
- // verify HI->HIT mapping
- HIP_IFEL(hip_host_id_to_hit(host_id, &hit, HIP_HIT_TYPE_HASH100) ||
- ipv6_addr_cmp(&hit, &data->src_hit),
- -1, "Unable to verify HOST_ID mapping to src HIT\n");
-
- // init hi parameter and copy
- HIP_IFEL(!(data->src_hi = malloc(len)),
- -ENOMEM, "Out of memory\n");
- memcpy(data->src_hi, host_id, len);
-
- // store function pointer for verification
- data->verify = ip_get_host_id_algo(data->src_hi) == HIP_HI_RSA ?
- hip_rsa_verify : hip_dsa_verify;
-
- HIP_IFEL(data->verify(data->src_hi, common), -EINVAL,
- "Verification of signature failed\n");
-
- HIP_DEBUG("verified BEX signature\n");
-#endif
-
_HIP_DEBUG("get_hip_data:\n");
return data;
@@ -297,7 +241,6 @@
if (IN6_ARE_ADDR_EQUAL(&data->src_hit, &tuple->data->src_hit) &&
IN6_ARE_ADDR_EQUAL(&data->dst_hit, &tuple->data->dst_hit)) {
HIP_DEBUG("connection found, \n");
- //print_data(data);
return tuple->tuple;
}
list = list->next;
@@ -516,7 +459,6 @@
hipList = (DList *) append_to_list((DList *) hipList,
(void *) connection->reply.hip_tuple);
HIP_DEBUG("inserting connection \n");
- //print_data(data);
}
/**
@@ -552,7 +494,6 @@
}
}
- //print_data(hip_tuple->data);
if (hip_tuple->data->src_hi) {
free(hip_tuple->data->src_hi);
}
@@ -712,8 +653,6 @@
new_esp->dst_addr_list = (SList *)
append_to_slist((SList *)
new_esp->dst_addr_list,
(void *)
esp_address);
- HIP_DEBUG("esp_tuple_from_esp_info_locator: \n");
- //print_esp_tuple(new_esp);
n--;
if (n > 0) {
locator_addr++;
@@ -753,8 +692,6 @@
esp_address->update_id = NULL;
new_esp->dst_addr_list = (SList *) append_to_slist((SList *)
new_esp->dst_addr_list,
(void *)
esp_address);
- HIP_DEBUG("esp_tuple_from_esp_info: \n");
- //print_esp_tuple(new_esp);
}
return new_esp;
}
@@ -847,7 +784,6 @@
hipList = (DList *) append_to_list((DList *) hipList,
(void *) connection->reply.hip_tuple);
HIP_DEBUG("insert_connection_from_update \n");
- //print_data(data);
return 1;
}
@@ -1128,16 +1064,6 @@
HIP_IFEL(esp_prot_conntrack_I2_anchor(common, tuple), -1,
"failed to track esp protection extension state\n");
- // store in tuple of other direction that will be using
- // this spi and dst address
-#if 0
- if (tuple->direction == ORIGINAL_DIR) {
- other_dir = &tuple->connection->reply;
- } else {
- other_dir = &tuple->connection->original;
- }
-#endif
-
out_err:
return err;
}
@@ -1215,14 +1141,6 @@
// TEST_END
-#if 0
- if (tuple->direction == ORIGINAL_DIR) {
- other_dir = &tuple->connection->reply;
- } else {
- other_dir = &tuple->connection->original;
- }
-#endif
-
if (esp_relay && ctx->udp_encap_hdr) {
HIP_IFEL(hipfw_handle_relay_to_r2(common, ctx),
-1, "handling of relay_to failed\n");
@@ -1253,7 +1171,6 @@
int n = 0;
HIP_DEBUG("\n");
- //print_esp_tuple(esp_tuple);
if (esp_info && locator && seq) {
HIP_DEBUG("esp_info, locator and seq, \n");
@@ -1283,9 +1200,6 @@
locator_addr = (void *) locator + sizeof(struct hip_locator);
- HIP_DEBUG("\n");
- //print_esp_tuple(esp_tuple);
-
while (n > 0) {
esp_tuple->dst_addr_list =
update_esp_address(esp_tuple->dst_addr_list,
&locator_addr->address,
@@ -1296,9 +1210,6 @@
locator_addr++;
}
}
-
- HIP_DEBUG("new tuple:\n");
- //print_esp_tuple(esp_tuple);
} else if (esp_info && seq) {
HIP_DEBUG("esp_info and seq, ");
@@ -1347,7 +1258,6 @@
}
_HIP_DEBUG("done, ");
- //print_esp_tuple(esp_tuple);
out_err:
return err;
@@ -1561,91 +1471,6 @@
}
}
}
-
-// this feature was/?is? not supported by hipl and thus was never tested
-#if 0
- //multiple update_id values in same ack not tested
- //couldn't get that out of HIPL
- if (ack != NULL) {
- SList *esp_tuples = (SList *) tuple->esp_tuples,
- *temp_tuple_list;
-
- uint32_t *upd_id = &ack->peer_update_id;
- int n = (hip_get_param_total_len(ack) - sizeof(struct
hip_ack)) /
- sizeof(uint32_t);
-
- //Get all update id:s from ack parameter
- //for each update id
- n++; //first one included in hip_ack structure
- while (n > 0) {
- //find esp tuple of the connection where
- //addresses have the update id
- temp_tuple_list = esp_tuples;
- struct esp_tuple *esp_tuple;
- SList *addr_list,
- *delete_addr_list = NULL, *delete_original_list = NULL;
- int found = 0;
-
- while (temp_tuple_list) {
- esp_tuple = (struct esp_tuple *) temp_tuple_list->data;
-
- //is ack for changing spi?
- if (esp_tuple->spi_update_id == *upd_id) {
- esp_tuple->spi = ntohl(esp_tuple->new_spi);
- _HIP_DEBUG("handle_update: ack update id %d, updated
spi: 0x%lx\n",
- *upd_id, ntohl(esp_tuple->spi));
- }
-
- addr_list = (SList *) esp_tuple->dst_addr_list;
- struct esp_address *esp_addr;
-
- while (addr_list) {
- esp_addr = (struct esp_address *) addr_list->data;
-
- //if address has no update id, remove the address
- if (esp_addr->update_id == NULL) {
- delete_addr_list =
append_to_slist(delete_addr_list,
- (void *)
esp_addr);
- } else if (*esp_addr->update_id == *upd_id) {
- //if address has the update id, set the update id
to null
- free(esp_addr->update_id);
- esp_addr->update_id = NULL;
- found = 1;
- }
-
- addr_list = addr_list->next;
- }
-
- //if this was the right tuple,
- //actually remove the deleted addresses
- if (found) {
- delete_original_list = delete_addr_list;
-
- while (delete_addr_list) {
- esp_tuple->dst_addr_list = (SList *)
-
remove_from_slist((SList *) esp_tuple->dst_addr_list,
-
delete_addr_list->data);
- delete_addr_list = delete_addr_list->next;
- }
-
- free_slist(delete_original_list);
- }
-
- if (found) {
- _HIP_DEBUG("handle_update: ack update id %d,
updated: \n",
- ack->peer_update_id);
- //print_esp_tuple(esp_tuple);
- }
-
- temp_tuple_list = temp_tuple_list->next;
- }
-
- n--;
- upd_id++;
- }
- }
-#endif
-
}
/* everything should be set now in order to process eventual anchor params
*/
@@ -2082,16 +1907,7 @@
// track ESP SEQ number, if hash token passed verification
if (ntohl(esp->esp_seq) > esp_tuple->seq_no) {
-// convenient for SPI seq no. testing
-#if 0
- if (ntohl(esp->esp_seq) - esp_tuple->seq_no > 100) {
- HIP_DEBUG("seq no. diff = %i\n", ntohl(esp->esp_seq) -
esp_tuple->seq_no);
- exit(1);
- }
-#endif
-
esp_tuple->seq_no = ntohl(esp->esp_seq);
- //HIP_DEBUG("updated esp seq no to: %u\n", esp_tuple->seq_no);
}
out_err:
@@ -2129,9 +1945,6 @@
data = get_hip_data(buf);
// look up the tuple in the database
tuple = get_tuple_by_hip(data, buf->type_hdr, ip6_src);
-
- _HIP_DEBUG("hip_data:\n");
- //print_data(data);
free(data);
// cases where packet does not match
Other related posts:
- » [hipl-commit] [trunk] Rev 4307: Remove all disabled code from firewall/conntrack.c. - Diego Biurrun
