Committer: Diego Biurrun <diego@xxxxxxxxxx> Date: 16/04/2010 at 02:25:52 Revision: 4307 Revision-id: diego@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Branch nick: trunk Log: Remove all disabled code from firewall/conntrack.c. Modified: M firewall/conntrack.c === modified file 'firewall/conntrack.c' --- firewall/conntrack.c 2010-04-15 20:47:19 +0000 +++ firewall/conntrack.c 2010-04-15 23:25:38 +0000 @@ -55,22 +55,6 @@ unsigned long timeoutValue = 0; /*------------print functions-------------*/ -#if 0 -static void print_data(struct hip_data *data) -{ - char src[INET6_ADDRSTRLEN]; - char dst[INET6_ADDRSTRLEN]; - hip_in6_ntop(&data->src_hit, src); - hip_in6_ntop(&data->dst_hit, dst); - HIP_DEBUG("hip data: src %s dst %s\n", src, dst); - if (data->src_hi == NULL) { - HIP_DEBUG("no hi\n"); - } else { - HIP_DEBUG("hi\n"); - } -} -#endif - /** * prints out the list of addresses of esp_addr_list * @@ -187,11 +171,6 @@ static struct hip_data *get_hip_data(const struct hip_common *common) { struct hip_data *data = NULL; -#if 0 - struct in6_addr hit; - struct hip_host_id * host_id = NULL; - int err = 0, len = 0; -#endif // init hip_data for this tuple data = malloc(sizeof(struct hip_data)); @@ -200,41 +179,6 @@ memcpy(&data->src_hit, &common->hits, sizeof(struct in6_addr)); memcpy(&data->dst_hit, &common->hitr, sizeof(struct in6_addr)); - // needed for correct mobility update handling - added by Rene -#if 0 - /* Store the public key and validate it */ - /** @todo Do not store the key if the verification fails. */ - if (!(host_id = ( hip_host_id *) hip_get_param(common, HIP_PARAM_HOST_ID))) { - HIP_DEBUG("No HOST_ID found in control message\n"); - - data->src_hi = NULL; - data->verify = NULL; - - goto out_err; - } - - len = hip_get_param_total_len(host_id); - - // verify HI->HIT mapping - HIP_IFEL(hip_host_id_to_hit(host_id, &hit, HIP_HIT_TYPE_HASH100) || - ipv6_addr_cmp(&hit, &data->src_hit), - -1, "Unable to verify HOST_ID mapping to src HIT\n"); - - // init hi parameter and copy - HIP_IFEL(!(data->src_hi = malloc(len)), - -ENOMEM, "Out of memory\n"); - memcpy(data->src_hi, host_id, len); - - // store function pointer for verification - data->verify = ip_get_host_id_algo(data->src_hi) == HIP_HI_RSA ? - hip_rsa_verify : hip_dsa_verify; - - HIP_IFEL(data->verify(data->src_hi, common), -EINVAL, - "Verification of signature failed\n"); - - HIP_DEBUG("verified BEX signature\n"); -#endif - _HIP_DEBUG("get_hip_data:\n"); return data; @@ -297,7 +241,6 @@ if (IN6_ARE_ADDR_EQUAL(&data->src_hit, &tuple->data->src_hit) && IN6_ARE_ADDR_EQUAL(&data->dst_hit, &tuple->data->dst_hit)) { HIP_DEBUG("connection found, \n"); - //print_data(data); return tuple->tuple; } list = list->next; @@ -516,7 +459,6 @@ hipList = (DList *) append_to_list((DList *) hipList, (void *) connection->reply.hip_tuple); HIP_DEBUG("inserting connection \n"); - //print_data(data); } /** @@ -552,7 +494,6 @@ } } - //print_data(hip_tuple->data); if (hip_tuple->data->src_hi) { free(hip_tuple->data->src_hi); } @@ -712,8 +653,6 @@ new_esp->dst_addr_list = (SList *) append_to_slist((SList *) new_esp->dst_addr_list, (void *) esp_address); - HIP_DEBUG("esp_tuple_from_esp_info_locator: \n"); - //print_esp_tuple(new_esp); n--; if (n > 0) { locator_addr++; @@ -753,8 +692,6 @@ esp_address->update_id = NULL; new_esp->dst_addr_list = (SList *) append_to_slist((SList *) new_esp->dst_addr_list, (void *) esp_address); - HIP_DEBUG("esp_tuple_from_esp_info: \n"); - //print_esp_tuple(new_esp); } return new_esp; } @@ -847,7 +784,6 @@ hipList = (DList *) append_to_list((DList *) hipList, (void *) connection->reply.hip_tuple); HIP_DEBUG("insert_connection_from_update \n"); - //print_data(data); return 1; } @@ -1128,16 +1064,6 @@ HIP_IFEL(esp_prot_conntrack_I2_anchor(common, tuple), -1, "failed to track esp protection extension state\n"); - // store in tuple of other direction that will be using - // this spi and dst address -#if 0 - if (tuple->direction == ORIGINAL_DIR) { - other_dir = &tuple->connection->reply; - } else { - other_dir = &tuple->connection->original; - } -#endif - out_err: return err; } @@ -1215,14 +1141,6 @@ // TEST_END -#if 0 - if (tuple->direction == ORIGINAL_DIR) { - other_dir = &tuple->connection->reply; - } else { - other_dir = &tuple->connection->original; - } -#endif - if (esp_relay && ctx->udp_encap_hdr) { HIP_IFEL(hipfw_handle_relay_to_r2(common, ctx), -1, "handling of relay_to failed\n"); @@ -1253,7 +1171,6 @@ int n = 0; HIP_DEBUG("\n"); - //print_esp_tuple(esp_tuple); if (esp_info && locator && seq) { HIP_DEBUG("esp_info, locator and seq, \n"); @@ -1283,9 +1200,6 @@ locator_addr = (void *) locator + sizeof(struct hip_locator); - HIP_DEBUG("\n"); - //print_esp_tuple(esp_tuple); - while (n > 0) { esp_tuple->dst_addr_list = update_esp_address(esp_tuple->dst_addr_list, &locator_addr->address, @@ -1296,9 +1210,6 @@ locator_addr++; } } - - HIP_DEBUG("new tuple:\n"); - //print_esp_tuple(esp_tuple); } else if (esp_info && seq) { HIP_DEBUG("esp_info and seq, "); @@ -1347,7 +1258,6 @@ } _HIP_DEBUG("done, "); - //print_esp_tuple(esp_tuple); out_err: return err; @@ -1561,91 +1471,6 @@ } } } - -// this feature was/?is? not supported by hipl and thus was never tested -#if 0 - //multiple update_id values in same ack not tested - //couldn't get that out of HIPL - if (ack != NULL) { - SList *esp_tuples = (SList *) tuple->esp_tuples, - *temp_tuple_list; - - uint32_t *upd_id = &ack->peer_update_id; - int n = (hip_get_param_total_len(ack) - sizeof(struct hip_ack)) / - sizeof(uint32_t); - - //Get all update id:s from ack parameter - //for each update id - n++; //first one included in hip_ack structure - while (n > 0) { - //find esp tuple of the connection where - //addresses have the update id - temp_tuple_list = esp_tuples; - struct esp_tuple *esp_tuple; - SList *addr_list, - *delete_addr_list = NULL, *delete_original_list = NULL; - int found = 0; - - while (temp_tuple_list) { - esp_tuple = (struct esp_tuple *) temp_tuple_list->data; - - //is ack for changing spi? - if (esp_tuple->spi_update_id == *upd_id) { - esp_tuple->spi = ntohl(esp_tuple->new_spi); - _HIP_DEBUG("handle_update: ack update id %d, updated spi: 0x%lx\n", - *upd_id, ntohl(esp_tuple->spi)); - } - - addr_list = (SList *) esp_tuple->dst_addr_list; - struct esp_address *esp_addr; - - while (addr_list) { - esp_addr = (struct esp_address *) addr_list->data; - - //if address has no update id, remove the address - if (esp_addr->update_id == NULL) { - delete_addr_list = append_to_slist(delete_addr_list, - (void *) esp_addr); - } else if (*esp_addr->update_id == *upd_id) { - //if address has the update id, set the update id to null - free(esp_addr->update_id); - esp_addr->update_id = NULL; - found = 1; - } - - addr_list = addr_list->next; - } - - //if this was the right tuple, - //actually remove the deleted addresses - if (found) { - delete_original_list = delete_addr_list; - - while (delete_addr_list) { - esp_tuple->dst_addr_list = (SList *) - remove_from_slist((SList *) esp_tuple->dst_addr_list, - delete_addr_list->data); - delete_addr_list = delete_addr_list->next; - } - - free_slist(delete_original_list); - } - - if (found) { - _HIP_DEBUG("handle_update: ack update id %d, updated: \n", - ack->peer_update_id); - //print_esp_tuple(esp_tuple); - } - - temp_tuple_list = temp_tuple_list->next; - } - - n--; - upd_id++; - } - } -#endif - } /* everything should be set now in order to process eventual anchor params */ @@ -2082,16 +1907,7 @@ // track ESP SEQ number, if hash token passed verification if (ntohl(esp->esp_seq) > esp_tuple->seq_no) { -// convenient for SPI seq no. testing -#if 0 - if (ntohl(esp->esp_seq) - esp_tuple->seq_no > 100) { - HIP_DEBUG("seq no. diff = %i\n", ntohl(esp->esp_seq) - esp_tuple->seq_no); - exit(1); - } -#endif - esp_tuple->seq_no = ntohl(esp->esp_seq); - //HIP_DEBUG("updated esp seq no to: %u\n", esp_tuple->seq_no); } out_err: @@ -2129,9 +1945,6 @@ data = get_hip_data(buf); // look up the tuple in the database tuple = get_tuple_by_hip(data, buf->type_hdr, ip6_src); - - _HIP_DEBUG("hip_data:\n"); - //print_data(data); free(data); // cases where packet does not match