Committer: Diego Biurrun <diego@xxxxxxxxxx> Date: 12/05/2010 at 19:09:54 Revision: 4501 Revision-id: diego@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Branch nick: trunk Log: Remove agent code. Modified: D agent/ D agent/agent.c D agent/agent.h D agent/connhipd.c D agent/connhipd.h D agent/english-example.lang D agent/gui_interface.c D agent/gui_interface.h D agent/hitdb.c D agent/hitdb.h D agent/lang_english.h D agent/lang_finnish.h D agent/language.c D agent/language.h D agent/str_var.c D agent/str_var.h D agent/tools.c D agent/tools.h D lib/core/sqlitedbapi.c D lib/core/sqlitedbapi.h D lib/gui/ D lib/gui/create.c D lib/gui/create.h D lib/gui/dragndrop.c D lib/gui/dragndrop.h D lib/gui/events.c D lib/gui/events.h D lib/gui/hipgui.c D lib/gui/hipgui.h D lib/gui/hipmanager.png D lib/gui/tools.c D lib/gui/tools.h D lib/gui/widgets.c D lib/gui/widgets.h M COPYING M INSTALL M Makefile.am M configure.ac M debian/rules M doc/HACKING M doc/HOWTO.xml M firewall/firewall_control.c M hipd/accessor.c M hipd/accessor.h M hipd/dht.c M hipd/hadb.c M hipd/hipd.c M hipd/hipd.h M hipd/init.c M hipd/input.c M hipd/input.h M hipd/maintenance.c M hipd/maintenance.h M hipd/oppdb.c M hipd/oppdb.h M hipd/user.c M lib/core/builder.c M lib/core/builder.h M lib/core/capability.c M lib/core/icomm.h M lib/core/protodefs.h M lib/core/state.h M lib/opphip/wrap.c M packaging/hipl-deb.spec M packaging/hipl-rpm.spec M packaging/openwrt/package/Makefile M tools/hipl_autobuild.sh === modified file 'COPYING' --- COPYING 2010-05-12 13:57:56 +0000 +++ COPYING 2010-05-12 16:09:38 +0000 @@ -22,10 +22,8 @@ * lib/performance * lib/opphip * lib/conf - * lib/gui * lib/core * test - * agent * hipd * doc === modified file 'INSTALL' --- INSTALL 2010-05-02 12:14:43 +0000 +++ INSTALL 2010-05-12 16:09:38 +0000 @@ -24,27 +24,25 @@ anyway. In order to compile HIPL you need autotools (autoconf, automake, -libtool), GNU Make and gcc. libgtk2.0, openssl, libxml2, iptables, -libcap, libsqlite3 and libconfig are required complete with +libtool), GNU Make and gcc. openssl, libxml2, iptables, +libcap and libconfig are required complete with development headers. For Perl, Socket6, IO::Socket::INET6, Net::IP and Net::DNS modules are required. You can optionally install xmlto to build the HOWTO and doxygen to build the code documentation. On Ubuntu, the following command(s) should solve the dependencies: - aptitude install automake autoconf libtool gcc libgtk2.0-dev libssl-dev \ - libxml2-dev iptables-dev libcap-dev libsqlite3-dev \ - aptitudelibnet-ip-perl libnet-dns-perl libsocket6-perl \ - libio-socket-inet6-perl + aptitude install automake autoconf libtool gcc libssl-dev libxml2-dev \ + iptables-dev libcap-dev aptitudelibnet-ip-perl libnet-dns-perl \ + libsocket6-perl libio-socket-inet6-perl Optionally: aptitude install pax miredo bzr xmlto doxygen On Fedora, the following command(s) should solve the dependencies: yum install gcc openssl-devel libxml2-devel autoconf automake libtool \ - gtk2-devel iptables-devel libcap-devel sqlite-devel \ - rpm-build perl-Net-IP perl-Net-DNS perl-Socket6 \ - perl-IO-Socket-INET6" + iptables-devel libcap-devel rpm-build perl-Net-IP perl-Net-DNS \ + perl-Socket6 perl-IO-Socket-INET6" Optionally: yum install miredo bzr xmlto doxygen === modified file 'Makefile.am' --- Makefile.am 2010-05-12 13:57:56 +0000 +++ Makefile.am 2010-05-12 16:09:38 +0000 @@ -1,22 +1,16 @@ ACLOCAL_AMFLAGS = -I m4 -HIPL_HEADER_LIST = $(wildcard $(addprefix $(srcdir)/,agent/*.h firewall/*.h hipd/*.h lib/*/*.h)) +HIPL_HEADER_LIST = $(wildcard $(addprefix $(srcdir)/,firewall/*.h hipd/*.h lib/*/*.h)) # For "make dist" EXTRA_DIST = .vimrc debian doc patches release.version version.h EXTRA_DIST += packaging tools/maintainer -EXTRA_DIST += $(wildcard $(addprefix $(srcdir)/agent/,*.lang)) EXTRA_DIST += $(wildcard $(addprefix $(srcdir)/lib/dht/,*.txt)) EXTRA_DIST += $(wildcard $(addprefix $(srcdir)/test/,*.pl *.sh)) EXTRA_DIST += $(wildcard $(addprefix $(srcdir)/tools/,*.cfg *.pl *.sh)) EXTRA_DIST += $(wildcard $(addprefix $(srcdir)/firewall/,*.cfg)) EXTRA_DIST += $(HIPL_HEADER_LIST) -# Default pkgdatadir is /usr/[local]/share/hipl/pixmaps/hipmanager.png. -# Gtk requires the images without the hipl prefix hence we use ".." below -imagesdir = $(pkgdatadir)/../pixmaps -dist_images_DATA = lib/gui/hipmanager.png - ### user programs ### bin_PROGRAMS = test/auth_performance \ @@ -41,10 +35,6 @@ sbin_PROGRAMS += firewall/hipfw endif -if HIP_AGENT -sbin_PROGRAMS += agent/hipagent -endif - ### libraries ### lib_LTLIBRARIES = lib/core/libhipcore.la @@ -53,10 +43,6 @@ lib_LTLIBRARIES += lib/opphip/libopphip.la endif -if HIP_AGENT -lib_LTLIBRARIES += lib/gui/libhipgui.la -endif - ### source declarations ### @@ -149,21 +135,6 @@ firewall/pisa_cert.c endif -agent_hipagent_SOURCES = agent/agent.c \ - agent/connhipd.c \ - agent/hitdb.c \ - agent/gui_interface.c \ - agent/language.c \ - agent/str_var.c \ - agent/tools.c - -lib_gui_libhipgui_la_SOURCES = lib/gui/create.c \ - lib/gui/dragndrop.c \ - lib/gui/events.c \ - lib/gui/hipgui.c \ - lib/gui/tools.c \ - lib/gui/widgets.c - # TODO: libhipcore, libhipconf, libhipdht and libhiptool have circular # dependencies. This needs to be addressed at some point. @@ -197,10 +168,6 @@ lib/tool/pk.c \ lib/tool/xfrmapi.c -if HIP_AGENT -lib_core_libhipcore_la_SOURCES += lib/core/sqlitedbapi.c -endif - if HIP_DHT lib_core_libhipcore_la_SOURCES += lib/dht/libhipdht.c \ lib/dht/libhipdhtxml.c @@ -226,11 +193,6 @@ tools_hipconf_LDADD = lib/core/libhipcore.la tools_pisacert_LDADD = lib/core/libhipcore.la -agent_hipagent_LDADD = lib/gui/libhipgui.la \ - lib/core/libhipcore.la - -agent_hipagent_LDFLAGS = `pkg-config --libs gtk+-2.0 gthread-2.0` - if HAVE_PYTHON dist_sbin_SCRIPTS = tools/hipdnskeyparse/hipdnskeyparse \ @@ -286,10 +248,7 @@ rm -f aclocal.m4 compile config.* configure depcomp install-sh rm -f ltmain.sh m4/*.m4 Makefile.in missing py-compile -# Do not check headers that have issues we cannot fix. -NOCHECK_HEADER_LIST = $(wildcard $(srcdir)/lib/gui/*.h) -HIPL_HEADER_FILTERED = $(filter-out $(NOCHECK_HEADER_LIST),$(HIPL_HEADER_LIST)) -HIPL_HEADER_OBJS = $(subst $(srcdir),$(builddir),$(HIPL_HEADER_FILTERED:.h=.ho)) +HIPL_HEADER_OBJS = $(subst $(srcdir),$(builddir),$(HIPL_HEADER_LIST:.h=.ho)) CLEANFILES += $(HIPL_HEADER_OBJS) checkheaders: $(HIPL_HEADER_OBJS) @@ -298,7 +257,6 @@ $(CC) -I$(srcdir) -I$(builddir) $(AM_CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -o $@ $< lib/dht/libhipdhtxml.lo: CFLAGS += `xml2-config --cflags` -lib/gui/%: CFLAGS += @GTK_CFLAGS@ -Wno-strict-prototypes # Ensure that version.h is created before everything else. This does not work # when creating specific objects that may depend on version.h directly. === removed directory 'agent' === modified file 'configure.ac' --- configure.ac 2010-05-12 13:57:56 +0000 +++ configure.ac 2010-05-12 16:09:38 +0000 @@ -89,41 +89,6 @@ fi AM_CONDITIONAL(HIP_FIREWALL, test x"$ac_cv_use_firewall" = x"yes") -AC_ARG_ENABLE(agent, - AS_HELP_STRING([--enable-agent], - [HIP enable user agent (default is YES)]), - [ac_cv_use_agent=$enableval], - [ac_cv_use_agent=yes]) -AC_CACHE_CHECK([whether to use agent], - [ac_cv_use_agent], - [ac_cv_use_agent=yes]) -if test x"$ac_cv_use_agent" = x"yes"; then - # Try to automatically detect GTK - PKG_CHECK_MODULES(GTK, - [gtk+-2.0 >= 2.10.0], - [ac_cv_use_agent=yes], - [ac_cv_use_agent=no]) - if test x"$ac_cv_use_agent" = x"no"; then - PKG_CHECK_MODULES(GTK, - [gtk+-2.0 >= 2.8.0], - [ac_cv_use_agent=yes], - [ac_cv_use_agent=no]) - if test x"$ac_cv_use_agent" = x"yes"; then - AC_MSG_WARN([You are missing >= GTK 2.10, it is VERY recommended]) - fi - fi - - if test x"$ac_cv_use_agent" = x"yes"; then - AC_CHECK_LIB(sqlite3, sqlite3_open,, - [AC_MSG_ERROR(libsqlite3-dev not found)]) - AC_DEFINE(CONFIG_HIP_AGENT) - AH_TEMPLATE(CONFIG_HIP_AGENT, [Defined to 1 if agent is enabled.]) - else - AC_MSG_WARN([Disabled HIP agent due to unsatisfied dependencies.]) - fi -fi -AM_CONDITIONAL(HIP_AGENT, test x"$ac_cv_use_agent" = x"yes") - AC_ARG_ENABLE(rvs, AS_HELP_STRING([--enable-rvs], [HIP Rendezvous Extensions (default is YES)]), === modified file 'debian/rules' --- debian/rules 2010-05-12 13:57:56 +0000 +++ debian/rules 2010-05-12 16:09:38 +0000 @@ -34,7 +34,6 @@ ./configure $(CROSS) --prefix=/usr --sysconfdir=/etc \ --enable-shared \ --disable-dht \ - --disable-agent \ --disable-debug === modified file 'doc/HACKING' --- doc/HACKING 2010-05-11 07:02:11 +0000 +++ doc/HACKING 2010-05-12 16:09:38 +0000 @@ -1409,20 +1409,11 @@ 7. Firewall ----------- -8. Agent --------- - -* prompting -* reject - * normal mode - * opp mode -* test configuration gui - -9. Blind support +8. Blind support ---------------- -10. Closing of connections ----------------------- +9. Closing of connections +------------------------- * tools/hipconf rst all === modified file 'doc/HOWTO.xml' --- doc/HOWTO.xml 2010-05-12 13:57:56 +0000 +++ doc/HOWTO.xml 2010-05-12 16:09:38 +0000 @@ -1537,7 +1537,7 @@ <para> The maemo/diablo version of HIPL supports most features of HIPL, except - the firewall extensions and the GUI control application. + the firewall extensions. </para> @@ -3876,313 +3876,6 @@ </chapter> - -<chapter id="ch_hip_configuration_gui"> - <title>HIP configuration GUI</title> - <section id="sec_hip_conf_gui_general"> - <title>General</title> - <formalpara><title>About</title><para></para></formalpara> - <para>Manage HITs with graphical user interface.</para> - <para> - When new HIT is received, it and local HIT is filtered - trough configuration GUI, which asks user for accepting the HIT pair. - Then HIT is saved into database and accept/reject is - returned to daemon. User can also manage HITs trough graphical - user interface. The interface is under development, - and is quite in alpha state yet. - </para> - - <screenshot> - <screeninfo>HIP configuration GUI main window</screeninfo> - <mediaobject> - <imageobject> - <imagedata fileref="docshot-agent-main-window.png" scale="100" align="center" format="PNG"/> - </imageobject> - <caption> - <para>HIP configuration GUI main window</para> - </caption> - </mediaobject> - </screenshot> - - <formalpara><title>Usage</title><para></para></formalpara> - <para> - Configuration GUI uses '$HOMEDIR/.hipagent/' -directory to store - per user configuration files. There should be atleast 'database' - file which contains information about configured local and remote hits - and remote groups. Optionally user can create file called 'config'. - This file can contain different options to change GUI behaviour. - Following paragraphs tell more. - </para> - - <itemizedlist> - <listitem><para> - 'lang=...' can be used to select one of compiled-in languages. These are - currently 'en' and 'fi'. 'en' means english and is default. - 'fi' means finnish. If you want to change GUI language to finnish, - type line 'lang=fi' into your config-file in .hipagent-dir. - </para></listitem> - - <listitem><para> - 'lang-file=...' can be used to define external language file, which - can override some or all compiled-in language strings. - This language file should contain lines which are somewhat like this: - 'value-name=value'. Example line 'title-main=HIPL Graphical Config' would - change GUI main window title to 'HIPL Graphical Config'. - </para></listitem> - </itemizedlist> - <para> - The configuration GUI executable is called "hipagent". You should run it using sudo. - </para> - - <screenshot> - <screeninfo>HIP configuration GUI tray icon</screeninfo> - <mediaobject> - <imageobject> - <imagedata fileref="docshot-agent-tray-icon.png" scale="100" align="center" format="PNG"/> - </imageobject> - <caption> - <para>HIP configuration GUI tray icon</para> - </caption> - </mediaobject> - </screenshot> - - <formalpara><title>Compilation</title><para></para></formalpara> - <para>To compile HIP configuration GUI atleast following packages are needed (asuming you have debian): - <itemizedlist> - <listitem><para> - gcc compiler, should be at least version 4.0 - </para></listitem> - <listitem><para> - Package: xbase-clients - miscellaneous X clients - </para></listitem> - <listitem><para> - GTK 2.x and development files for it (Package called libgtk2.0-dev). - </para></listitem> - <listitem><para> - Automake 1.9 - </para></listitem> - </itemizedlist> - <note><title>Notes</title> - <para> - If you want to use 'system tray' icon, you need atleast 2.10.0 version of GTK. - </para> - <para> - In order to the configuration GUI start properly with right window and system tray icon, - you must first do 'make install' to install the data files in right directory. - System tray icon will not be shown at all, if you don't do this. - </para> - </note> - </para> -</section> -<section id="sec_agent_database"> - <title>Agent database</title> - <para> - Agent uses Sqlite3 database. You can view and alter data - with sqlite3 command line tool. On most distros 'aptitude - install sqlite3' will install it. Usage of the slqite3 - comandline is simple. '$ sqlite3 - ~/.hipagent/database.db' will start - the command line tool with the correct database. You can - check the contents with simple select querys and so on. You can - get more information on the program from its man page (man - sqlitebrowser). - </para> - <para> - Alternatively you can use the graphical user interface called - sqlitebrowser. On most Linux distros 'aptitude install sqlitebrowser' will - install it. To start it write to the terminal '$ sqlitebrowser - ~/.hipagent/database.db' and you - should see the tables and their content from the UI. You can - get more information on the program from its man page (man sqlitebrowser). - </para> - <para> - The database contains three tables: local, remote and - groups. Local table contains local HITs and their - names. Remote contains remote HITs and their names. It also - contains some extra information like the group name. Group - table contains groups name and information on the group like - are these HITs to be accepted or not. - </para> - -</section> - - -<section id="sec_hip_conf_gui_language"><title>Language files</title> - <para> - As described in previous section, - 'lang-file=...' can be used to define external language file, which can override some or all compiled-in language strings. - This language file should contain lines which are somewhat like this: 'value-name=value'. Example line 'title-main=HIPL - Graphical Config' would change GUI main window title to 'HIPL Graphical Config'. - </para> - <para> - As said, language files contains lines, which define different variables in GUI. - Format of those lines is following: - <itemizedlist> - <listitem><para>Commented line starts with '#'-character</para></listitem> - <listitem><para>To create/reset value, use 'value-name=value'</para></listitem> - <listitem><para> - To add new line to value (also creates new value, if not yet defined), use 'value-name+value' - </para></listitem> - </itemizedlist> - </para> -<example id="ex_hip_conf_gui"><title>Here is a complete english version of a example language file:</title> -<programlisting> - -# Example language file for HIP configuration GUI. -# Language: English - -# Different window titles. -title-main=HIP configuration -title-newhit=New HIT -title-newgroup=Create new group -title-runapp=Execute application -title-locals=Local HIT -title-msgdlg=Question - -# System tray menu. -systray-show=Configuration -systray-exec=Execute -systray-exit=Exit -systray-about=About - -# Main window menu. -menu-file=File -menu-file-exit=Exit -menu-file-runapp=Execute - -menu-edit=Edit -menu-edit-locals=Local HITs -menu-edit-newgroup=Create new group -menu-edit-addhit=Add new HIT - -menu-help=Help -menu-help-about=About - -# Toolbar items. -tb-newgroup=New group -tb-newgroup-tooltip=Create new group -tb-newgroup-tooltip+Groups help in ordering and managing HIT's. -tb-runapp=Execute -tb-runapp-tooltip=Execute new application using HIP libraries -tb-newhit=New HIT -tb-newhit-tooltip=Add new HIT - -# Tabs. -tabs-hits=HITs -tabs-options=Options -tabs-connections=Connections - -# New HIT dialog. -nhdlg-button-accept=Accept -nhdlg-button-drop=Drop -nhdlg-err-invalid=Invalid HIT name given! -nhdlg-err-exists=HIT with given name already exists! -nhdlg-err-reserved=Given HIT name is reserved! -nhdlg-err-reserved+Choose another one. -nhdlg-err-invchar=HIT name contains invalid characters! -nhdlg-err-invchar+Rename. -nhdlg-err-hit=HIT is invalid! -nhdlg-newinfo=New HIT information -nhdlg-newhit=New HIT: -nhdlg-name=Name: -nhdlg-group=Group: -nhdlg-advanced=Advanced -nhdlg-url=URL: -nhdlg-port=Port: -nhdlg-g-info=Group info -nhdlg-g-localhit=Local HIT: -nhdlg-g-type=Type: -nhdlg-g-lightweight=Lightweight: -nhdlg-tt-hit=The fingerprint (HIT, Host Identity Tag) of the remote host. -nhdlg-tt-hit-priv=HIT (Host Identity Tag) identifies hosts from each other. - -# New group dialog. -ngdlg-name=Name: -ngdlg-localhit=Local HIT: -ngdlg-type=Type: -ngdlg-type2=Encryption: -ngdlg-button-create=Create -ngdlg-button-cancel=Cancel -ngdlg-err-invalid=Invalid group name! -ngdlg-err-exists=Group already exists! -ngdlg-err-reserved=Given group name is reserved! -ngdlg-err-reserved+Choose another one. -ngdlg-err-invchar=Group name contains invalid characters! -ngdlg-err-invchar+Rename. - -# Tool window (HIT handling). -tw-button-apply=Apply -tw-button-cancel=Cancel -tw-button-delete=Delete -tw-button-edit=Edit -tw-hit-info=HIT information -tw-hit-name=Name: -tw-hit-group=Group: -tw-hit-advanced=Advanced -tw-hit-hit=HIT: -tw-hit-port=Port: -tw-hit-url=URL: -tw-hit-groupinfo=Group info: -tw-hit-local=Local HIT: -tw-group-info=Group information -tw-group-name=Name: -tw-group-advanced=Advanced -tw-group-local=Local HIT: - -tw-hitgroup-type=Type: -tw-hitgroup-lightweight=Encryption: - -# Local HIT handling. -lhdlg-button-apply=Apply -lhdlg-button-cancel=Cancel -lh-info=Local HIT information: -lh-hit= HIT: -lh-name=Name: -lhdlg-err-invalid=Invalid name for local HIT! -lhdlg-err-exists=Local HIT name is already in use! -lhdlg-err-invchar=Name of local HIT contains invalid characters! - -# General message dialog. -msgdlg-button-ok=OK -msgdlg-button-cancel=Cancel - -# GUI info (status bar) strings. -gui-info-000=HIP service available on this computer. -gui-info-001=HIP service unavailable. -gui-info-002=HIP GUI started. - -# Other strings. -newgroup-error-nolocals=Can't create new group, -newgroup-error-nolocals+no local HITs defined. -newgroup-error-nolocals+Check HIP daemon. -newhit-error-nolocals=Can't add new remote HIT, -newhit-error-nolocals+no local HITs defined. -newhit-error-nolocals+Check HIP daemon. -# NOTE! Empty group must have spaces in both sides of the item name! -hits-group-emptyitem= <empty> -ask-delete-hit=Are you sure you want to delete selected HIT? -ask-delete-group=Are you sure you want to delete selected group? -ask-apply-hit=Are you sure you want to apply the changes? -ask-apply-hit-move=Are you sure you want move the hit? -ask-apply-group=Are you sure you want to apply the changes? - -group-type-accept=accept -group-type-deny=deny -group-type2-lightweight=lightweight -group-type2-normal=normal - -hits-number-of-used=Number of HITs in use -default-group-name=ungrouped -combo-newgroup=<create new...> -</programlisting> -</example> - -</section> - - - -</chapter> - <chapter id="ch_exp_extensions"> <title>Other Experimental HIP Extensions</title> === modified file 'firewall/firewall_control.c' --- firewall/firewall_control.c 2010-04-15 23:36:41 +0000 +++ firewall/firewall_control.c 2010-05-12 16:09:38 +0000 @@ -72,7 +72,7 @@ */ static int hip_fw_proxy_set_peer_hit(hip_common_t *msg) { - int fallback = 1, reject = 0, addr_found = 0, err = 0; + int fallback = 1, addr_found = 0, err = 0; hip_hit_t local_hit, peer_hit; struct in6_addr local_addr, peer_addr; hip_hit_t *ptr = NULL; @@ -113,18 +113,6 @@ err = -1; } - ptr = hip_get_param(msg, HIP_PARAM_AGENT_REJECT); - if (ptr) { - HIP_DEBUG("Connection is to be rejected\n"); - reject = 1; - } - - if (reject) { - HIP_DEBUG("Connection should be rejected\n"); - err = -1; - goto out_err; - } - if (fallback) { HIP_DEBUG("Peer does not support HIP, fallback\n"); //update the state of the ip pair === modified file 'hipd/accessor.c' --- hipd/accessor.c 2010-05-12 13:57:56 +0000 +++ hipd/accessor.c 2010-05-12 16:09:38 +0000 @@ -54,20 +54,6 @@ return hipd_state & HIPD_STATE_MASK; } -/** - * Determines whether agent is alive, or not. - * - * @return non-zero, if agent is alive. - */ -int hip_agent_is_alive(void) -{ -#ifdef CONFIG_HIP_AGENT - return hip_agent_status; -#else - return 0; -#endif /* CONFIG_HIP_AGENT */ -} - #ifdef CONFIG_HIP_OPPORTUNISTIC unsigned int opportunistic_mode = 1; === modified file 'hipd/accessor.h' --- hipd/accessor.h 2010-05-12 13:57:56 +0000 +++ hipd/accessor.h 2010-05-12 16:09:38 +0000 @@ -45,7 +45,6 @@ void hipd_set_state(unsigned int); int hipd_get_flag(unsigned int); void hipd_set_flag(unsigned int); -int hip_agent_is_alive(void); int hip_get_opportunistic_tcp_status(void); int hip_set_opportunistic_mode(struct hip_common *msg); === modified file 'hipd/dht.c' --- hipd/dht.c 2010-04-20 11:05:50 +0000 +++ hipd/dht.c 2010-05-12 16:09:38 +0000 @@ -317,102 +317,6 @@ return err; } -#ifdef CONFIG_HIP_AGENT -/** - * hip_prepare_send_cert_put - builds xml rpc packet and then sends it to - * the queue for sending to the opendht - * - * @param *key key for cert publish - * @param *value certificate - * @param key_len length of the key (20 in case of SHA1) - * @param valuelen length of the value content to be sent to the opendht - * - * @return 0 on success, negative value on error - */ -static int hip_prepare_send_cert_put(unsigned char *key, - unsigned char *value, - int key_len, - int valuelen) -{ - int value_len = valuelen; /*length of certificate*/ - char put_packet[2048]; - if (build_packet_put((unsigned char *) key, - key_len, - (unsigned char *) value, - value_len, - opendht_serving_gateway_port, - (unsigned char *) opendht_host_name, - (char *) put_packet, opendht_serving_gateway_ttl) - != 0) { - HIP_DEBUG("Put packet creation failed.\n"); - return -1; - } - opendht_error = hip_write_to_dht_queue(put_packet, strlen(put_packet) + 1); - if (opendht_error < 0) { - HIP_DEBUG("Failed to insert CERT PUT data in queue \n"); - } - return 0; -} - -/** - * hip_sqlite_callback - callback function called by sqliteselect - * The function processes the data returned by select - * to be sent to key_handler and then for sending to lookup - * - * @param *NotUsed Not used, set this to NULL - * @param argc Number of arguments - * @param **argv Arguments - * @param **azColName Column name - * - * @return 0 on success, -1 on errors - */ -static int hip_sqlite_callback(void *NotUsed, - int argc, - char **argv, - char **azColName) -{ - int i; - struct in6_addr lhit, rhit; - unsigned char conc_hits_key[21]; - int err = 0; - char cert[512]; /*Should be size of certificate*/ - - memset(conc_hits_key, '\0', 21); - for (i = 0; i < argc; i++) { - _HIP_DEBUG("%s = %s\n", azColName[i], argv[i] ? argv[i] : "NULL"); - if (!strcmp(azColName[i], "lhit")) { - /*convret hit to inet6_addr*/ - err = inet_pton(AF_INET6, (char *) argv[i], &lhit.s6_addr); - } else if (!strcmp(azColName[i], "rhit")) { - err = inet_pton(AF_INET6, (char *) argv[i], &rhit.s6_addr); - /*convret hit to inet6_addr*/ - } else if (!strcmp(azColName[i], "cert")) { - if (!(char *) argv) { - err = -1; - } else { - memcpy(cert, (char *) argv[i], 512 /*should be size of certificate*/); - } - } - } - if (err) { - int keylen = 0; - keylen = handle_cert_key(&lhit, &rhit, conc_hits_key); - /*send key-value pair to dht*/ - if (keylen) { - err = hip_prepare_send_cert_put(conc_hits_key, - (unsigned char *) cert, - keylen, - sizeof(cert)); - } else { - HIP_DEBUG("Unable to handle publish cert key\n"); - err = -1; - } - } - return err; -} - -#endif /* CONFIG_HIP_AGENT */ - /** * hip_publish_certificates - Reads the daemon database and then publishes certificate * after regular interval defined in hipd.h @@ -421,11 +325,6 @@ */ int hip_publish_certificates(void) { -#ifdef CONFIG_HIP_AGENT - return hip_sqlite_select(daemon_db, - HIP_CERT_DB_SELECT_HITS, - hip_sqlite_callback); -#endif return 0; } === modified file 'hipd/hadb.c' --- hipd/hadb.c 2010-05-12 13:57:56 +0000 +++ hipd/hadb.c 2010-05-12 16:09:38 +0000 @@ -77,8 +77,6 @@ hip_ipsec_func_set_t default_ipsec_func_set; static hip_misc_func_set_t default_misc_func_set; -static hip_input_filter_func_set_t default_input_filter_func_set; -static hip_output_filter_func_set_t default_output_filter_func_set; static hip_rcv_func_set_t default_rcv_func_set; static hip_handle_func_set_t default_handle_func_set; @@ -705,42 +703,6 @@ } /** - * change the input filter function pointer set of a host association - * - * @param entry the host association - * @param new_func_set the new function pointer set - * @return zero on success and negative on error - * - */ -static int hip_hadb_set_input_filter_function_set(hip_ha_t *entry, - hip_input_filter_func_set_t *new_func_set) -{ - if (entry) { - entry->hadb_input_filter_func = new_func_set; - return 0; - } - return -1; -} - -/** - * change the output handler function pointer set of a host association - * - * @param entry the host association - * @param new_func_set the new function pointer set - * @return zero on success and negative on error - * - */ -static int hip_hadb_set_output_filter_function_set(hip_ha_t *entry, - hip_output_filter_func_set_t *new_func_set) -{ - if (entry) { - entry->hadb_output_filter_func = new_func_set; - return 0; - } - return -1; -} - -/** * Inits a Host Association after memory allocation. * * @param entry pointer to a host association @@ -772,13 +734,6 @@ HIP_IFEL(hip_hadb_set_xmit_function_set(entry, &default_xmit_func_set), -1, "Can't set new function pointer set.\n"); - HIP_IFEL(hip_hadb_set_input_filter_function_set( - entry, &default_input_filter_func_set), -1, - "Can't set new input filter function pointer set.\n"); - HIP_IFEL(hip_hadb_set_output_filter_function_set( - entry, &default_output_filter_func_set), -1, - "Can't set new output filter function pointer set.\n"); - /* added by Tao Wan, on 24, Jan, 2008 */ entry->hadb_ipsec_func = &default_ipsec_func_set; @@ -1215,15 +1170,6 @@ default_xmit_func_set.hip_send_pkt = hip_send_pkt; nat_xmit_func_set.hip_send_pkt = hip_send_pkt; - /* filter function sets */ - /* Compiler warning: assignment from incompatible pointer type. - * Please fix this, if you know what is the correct value. - * -Lauri 25.09.2007 15:11. */ - /* Wirtz 27/11/09 pointers are completely incomp. ( 1param to 4 params ) - * uncommented, please fix or remove completely */ - // default_input_filter_func_set.hip_input_filter = hip_agent_filter; - // default_output_filter_func_set.hip_output_filter = hip_agent_filter; - /* Tao Wan and Miika komu added, 24 Jan, 2008 for IPsec (userspace / kernel part) * * copy in user_ipsec_hipd_msg.c */ === modified file 'hipd/hipd.c' --- hipd/hipd.c 2010-05-12 13:57:56 +0000 +++ hipd/hipd.c 2010-05-12 16:09:38 +0000 @@ -81,8 +81,6 @@ * nf_ipsec for this purpose). */ struct rtnl_handle hip_nl_route = { 0 }; -int hip_agent_status = 0; - struct sockaddr_in6 hip_firewall_addr; int hip_firewall_sock = 0; @@ -179,135 +177,6 @@ } /** - * a function for passing a message to the HIP graphical user agent - * - * @param msg the message to send - * @return zero on success or negative on error - */ -int hip_send_agent(struct hip_common *msg) -{ - struct sockaddr_in6 hip_agent_addr; - int alen; - - memset(&hip_agent_addr, 0, sizeof(hip_agent_addr)); - hip_agent_addr.sin6_family = AF_INET6; - hip_agent_addr.sin6_addr = in6addr_loopback; - hip_agent_addr.sin6_port = htons(HIP_AGENT_PORT); - - alen = sizeof(hip_agent_addr); - - return sendto(hip_user_sock, msg, hip_get_msg_total_len(msg), 0, - (struct sockaddr *) &hip_agent_addr, alen); -} - -#ifdef CONFIG_HIP_AGENT - -sqlite3 *daemon_db; - -/** - * add_cert_and_hits_to_db - Adds information recieved from the agent to - * the daemon database - * @param *uadb_info structure containing data sent by the agent - * @return 0 on success, -1 on failure - */ -static int add_cert_and_hits_to_db(struct hip_uadb_info *uadb_info) -{ - int err = 0; - char insert_into[512]; - char hit[40]; - char hit2[40]; - - HIP_IFE(!daemon_db, -1); - hip_in6_ntop(&uadb_info->hitr, hit); - hip_in6_ntop(&uadb_info->hitl, hit2); - _HIP_DEBUG("Value: %s\n", hit); - sprintf(insert_into, "INSERT INTO hits VALUES(" - "'%s', '%s', '%s');", - hit2, hit, uadb_info->cert); - err = hip_sqlite_insert_into_table(daemon_db, insert_into); - -out_err: - return err; -} - -#endif /* CONFIG_HIP_AGENT */ - -/** - * Receive message from agent socket. - * - * @param msg the received message will be stored here - * @return zero on success or negative on error - */ -int hip_recv_agent(struct hip_common *msg) -{ - int n, err = 0; - hip_hdr_type_t msg_type; -#ifdef CONFIG_HIP_AGENT - char hit[40]; - struct hip_uadb_info *uadb_info; -#endif /* CONFIG_HIP_AGENT */ - - HIP_DEBUG("Received a message from agent\n"); - - msg_type = hip_get_msg_type(msg); - - if (msg_type == HIP_MSG_AGENT_PING) { - hip_msg_init(msg); - hip_build_user_hdr(msg, HIP_MSG_AGENT_PING_REPLY, 0); - n = hip_send_agent(msg); - HIP_IFEL(n < 0, 0, "sendto() failed on agent socket\n"); - - if (err == 0) { - HIP_DEBUG("HIP agent ok.\n"); - if (hip_agent_status == 0) { - hip_agent_status = 1; - hip_agent_update(); - } - hip_agent_status = 1; - } - } else if (msg_type == HIP_MSG_AGENT_QUIT) { - HIP_DEBUG("Agent quit.\n"); - hip_agent_status = 0; - } else if (msg_type == HIP_R1 || msg_type == HIP_I1) { - struct hip_common *emsg; - struct in6_addr *src_addr, *dst_addr; - hip_portpair_t *msg_info; - void *reject; - - emsg = hip_get_param_contents(msg, HIP_PARAM_ENCAPS_MSG); - src_addr = hip_get_param_contents(msg, HIP_PARAM_SRC_ADDR); - dst_addr = hip_get_param_contents(msg, HIP_PARAM_DST_ADDR); - msg_info = hip_get_param_contents(msg, HIP_PARAM_PORTPAIR); - reject = hip_get_param(msg, HIP_PARAM_AGENT_REJECT); - - if (emsg && src_addr && dst_addr && msg_info && !reject) { - HIP_DEBUG("Received accepted I1/R1 packet from agent.\n"); - hip_receive_control_packet(emsg, src_addr, dst_addr, msg_info, 0); - } else if (emsg && src_addr && dst_addr && msg_info) { -#ifdef CONFIG_HIP_OPPORTUNISTIC - - HIP_DEBUG("Received rejected R1 packet from agent.\n"); - err = hip_for_each_opp(hip_handle_opp_reject, src_addr); - HIP_IFEL(err, 0, "for_each_ha err.\n"); -#endif - } -#ifdef CONFIG_HIP_AGENT - /*Store the accepted HIT info from agent*/ - uadb_info = hip_get_param(msg, HIP_PARAM_UADB_INFO); - if (uadb_info) { - HIP_DEBUG("Received User Agent accepted HIT info from agent.\n"); - hip_in6_ntop(&uadb_info->hitl, hit); - _HIP_DEBUG("Value: %s\n", hit); - add_cert_and_hits_to_db(uadb_info); - } -#endif /* CONFIG_HIP_AGENT */ - } - -out_err: - return err; -} - -/** * send a message to the HIP firewall * * @param msg the message to send @@ -583,23 +452,23 @@ type = hip_get_msg_type(hipd_msg_v4); if (type == HIP_R2) { err = hip_receive_control_packet(hipd_msg_v4, &saddr_v4, - &daddr_v4, &pkt_info, 1); + &daddr_v4, &pkt_info); if (err) { HIP_ERROR("hip_receive_control_packet()!\n"); } err = hip_receive_control_packet(hipd_msg, &saddr, &daddr, - &pkt_info, 1); + &pkt_info); if (err) { HIP_ERROR("hip_receive_control_packet()!\n"); } } else { err = hip_receive_control_packet(hipd_msg, &saddr, &daddr, - &pkt_info, 1); + &pkt_info); if (err) { HIP_ERROR("hip_receive_control_packet()!\n"); } err = hip_receive_control_packet(hipd_msg_v4, &saddr_v4, - &daddr_v4, &pkt_info, 1); + &daddr_v4, &pkt_info); if (err) { HIP_ERROR("hip_receive_control_packet()!\n"); } @@ -618,7 +487,8 @@ &saddr, &daddr, &pkt_info, 0)) { HIP_ERROR("Reading network msg failed\n"); } else { - err = hip_receive_control_packet(hipd_msg, &saddr, &daddr, &pkt_info, 1); + err = hip_receive_control_packet(hipd_msg, &saddr, + &daddr, &pkt_info); if (err) { HIP_ERROR("hip_receive_control_packet()!\n"); } @@ -641,7 +511,8 @@ &saddr, &daddr, &pkt_info, IPV4_HDR_SIZE)) { HIP_ERROR("Reading network msg failed\n"); } else { - err = hip_receive_control_packet(hipd_msg, &saddr, &daddr, &pkt_info, 1); + err = hip_receive_control_packet(hipd_msg, &saddr, + &daddr, &pkt_info); if (err) { HIP_ERROR("hip_receive_control_packet()!\n"); } === modified file 'hipd/hipd.h' --- hipd/hipd.h 2010-05-12 13:57:56 +0000 +++ hipd/hipd.h 2010-05-12 16:09:38 +0000 @@ -33,9 +33,6 @@ #include "accessor.h" /* @todo: header recursion: accessor.h calls hipd.h */ #include "lib/core/message.h" #include "lib/core/esp_prot_common.h" -#ifdef CONFIG_HIP_AGENT - #include "lib/core/sqlitedbapi.h" -#endif #include "dhtqueue.h" #include "blind.h" @@ -81,9 +78,6 @@ #define HIPD_NL_GROUP 32 extern int hip_use_opptcp; -#ifdef CONFIG_HIP_AGENT -extern sqlite3 *daemon_db; -#endif extern struct rtnl_handle hip_nl_route; extern struct rtnl_handle hip_nl_ipsec; @@ -106,8 +100,6 @@ extern int hip_wait_addr_changes_to_stabilize; extern int hip_user_sock; -extern int hip_agent_sock, hip_agent_status; -extern struct sockaddr_un hip_agent_addr; extern int hip_firewall_sock, hip_firewall_status; extern struct sockaddr_in6 hip_firewall_addr; @@ -172,12 +164,8 @@ int hip_firewall_is_alive(void); /* Functions for handling incoming packets. */ -int hip_sock_recv_agent(void); int hip_sock_recv_firewall(void); -int hip_send_agent(struct hip_common *msg); -int hip_recv_agent(struct hip_common *msg); - /* Functions for handling outgoing packets. */ int hip_sendto_firewall(const struct hip_common *msg); === modified file 'hipd/init.c' --- hipd/init.c 2010-05-12 13:57:56 +0000 +++ hipd/init.c 2010-05-12 16:09:38 +0000 @@ -190,26 +190,6 @@ hip_xfrm_set_default_sa_prefix_len(128); } -#ifdef CONFIG_HIP_AGENT -/** - * initialize the graphical agent database - * - * @return zero on success or negative on failure - */ -static int hip_init_daemon_hitdb(void) -{ - char *file = HIP_CERT_DB_PATH_AND_NAME; - int err = 0; - - _HIP_DEBUG("Loading HIT database from %s.\n", file); - daemon_db = hip_sqlite_open_db(file, HIP_CERT_DB_CREATE_TBLS); - HIP_IFE(!daemon_db, -1); - -out_err: - return err; -} -#endif /* CONFIG_HIP_AGENT */ - /** * initialize a raw ipv4 socket * @@ -798,7 +778,6 @@ msg = hip_msg_alloc(); if (msg) { hip_build_user_hdr(msg, HIP_MSG_DAEMON_QUIT, 0); - hip_send_agent(msg); free(msg); } @@ -817,12 +796,6 @@ hip_perf_destroy(perf_set); #endif -#ifdef CONFIG_HIP_AGENT - if (sqlite3_close(daemon_db)) { - HIP_ERROR("Error closing database: %s\n", sqlite3_errmsg(daemon_db)); - } -#endif - hip_dh_uninit(); hip_dht_queue_uninit(); @@ -1132,12 +1105,6 @@ } hitdberr = 0; -#ifdef CONFIG_HIP_AGENT - hitdberr = hip_init_daemon_hitdb(); - if (hitdberr < 0) { - HIP_DEBUG("Initializing daemon hit database returned error\n"); - } -#endif /* CONFIG_HIP_AGENT */ /* Service initialization. */ hip_init_services(); === modified file 'hipd/input.c' --- hipd/input.c 2010-05-12 13:57:56 +0000 +++ hipd/input.c 2010-05-12 16:09:38 +0000 @@ -542,14 +542,12 @@ * @param daddr a pointer to the destination address where to the packet was * sent to (own address). * @param info a pointer to the source and destination ports. - * @param filter Whether to filter trough agent or not. * @return zero on success, or negative error value on error. */ int hip_receive_control_packet(struct hip_common *msg, struct in6_addr *src_addr, struct in6_addr *dst_addr, - hip_portpair_t *msg_info, - int filter) + hip_portpair_t *msg_info) { hip_ha_t tmp, *entry = NULL; int err = 0, type, skip_sync = 0; @@ -603,11 +601,6 @@ entry = hip_oppdb_get_hadb_entry_i1_r1(msg, src_addr, dst_addr, msg_info); - /* If agent is prompting user, let's make sure that - * the death counter in maintenance does not expire */ - if (hip_agent_is_alive() && entry) { - entry->hip_opp_fallback_disable = filter; - } } else { /* Ugly bug fix for "nc6 hostname tcp 12345" * where hostname maps to HIT and IP in hosts files. @@ -622,19 +615,6 @@ } #endif -#ifdef CONFIG_HIP_AGENT - /** Filter packet trough agent here. */ - if ((type == HIP_I1 || type == HIP_R1) && filter) { - HIP_DEBUG("Filtering packet trough agent now (packet is %s).\n", - type == HIP_I1 ? "I1" : "R1"); - err = hip_agent_filter(msg, src_addr, dst_addr, msg_info); - /* If packet filtering OK, return and wait for agent reply. */ - if (err == 0) { - goto out_err; - } - } -#endif - #ifdef CONFIG_HIP_BLIND HIP_DEBUG("Blind block\n"); // Packet that was received is blinded @@ -914,7 +894,7 @@ saddr_public = &entry->peer_addr; } #endif - HIP_IFEL(hip_receive_control_packet(msg, saddr_public, daddr, info, 1), -1, + HIP_IFEL(hip_receive_control_packet(msg, saddr_public, daddr, info), -1, "receiving of control packet failed\n"); out_err: return err; === modified file 'hipd/input.h' --- hipd/input.h 2010-05-12 13:57:56 +0000 +++ hipd/input.h 2010-05-12 16:09:38 +0000 @@ -60,8 +60,7 @@ int hip_receive_control_packet(struct hip_common *msg, struct in6_addr *src_addr, struct in6_addr *dst_addr, - hip_portpair_t *msg_info, - int filter); + hip_portpair_t *msg_info); int hip_receive_udp_control_packet(struct hip_common *msg, struct in6_addr *saddr, === modified file 'hipd/maintenance.c' --- hipd/maintenance.c 2010-04-16 18:50:27 +0000 +++ hipd/maintenance.c 2010-05-12 16:09:38 +0000 @@ -47,7 +47,6 @@ static int hip_handle_retransmission(hip_ha_t *entry, void *current_time); static int hip_scan_retransmissions(void); -static int hip_agent_add_lhits(void); /** * an iterator to handle packet retransmission for a given host association @@ -159,185 +158,6 @@ return err; } -#ifdef CONFIG_HIP_AGENT -/** - * An enumerator to inform agent on a new local HIT - * - * @return zero on success or negative on failure - */ -static int hip_agent_add_lhit(struct hip_host_id_entry *entry, void *msg) -{ - int err = 0; - - err = hip_build_param_contents(msg, (void *) &entry->lhi.hit, - HIP_PARAM_HIT, - sizeof(struct in6_addr)); - if (err) { - HIP_ERROR("build param hit failed: %s\n", strerror(err)); - goto out_err; - } - -out_err: - return err; -} -#endif /* CONFIG_HIP_AGENT */ - - -/** - * Send all local HITs to the GUI agent - * - * @return zero on success or negative on failure - */ -static int hip_agent_add_lhits(void) -{ - int err = 0; -#ifdef CONFIG_HIP_AGENT - struct hip_common *msg = NULL; - int n; - - msg = malloc(HIP_MAX_PACKET); - if (!msg) { - HIP_ERROR("malloc failed\n"); - goto out_err; - } - hip_msg_init(msg); - - err = hip_build_user_hdr(msg, HIP_MSG_ADD_DB_HI, 0); - if (err) { - HIP_ERROR("build hdr failed: %s\n", strerror(err)); - goto out_err; - } - - HIP_IFEL(hip_for_each_hi(hip_agent_add_lhit, msg), 0, - "for_each_hi err.\n"); - - n = hip_send_agent(msg); - if (n < 0) { - HIP_ERROR("Sendto() failed.\n"); - err = -1; - goto out_err; - } else { - HIP_DEBUG("Sendto() OK.\n"); - } - - -out_err: - if (msg) { - free(msg); - } -#endif - return err; -} - -/** - * Filter packet trough agent - * - * @param msg the control packet to filter - * @param src_addr the source address of the packet - * @param dst_addr the destination ddress of the packet - * @param msg_info transport port information on the packet - * - * @return zero on success or negative on failure - */ -int hip_agent_filter(struct hip_common *msg, - struct in6_addr *src_addr, - struct in6_addr *dst_addr, - hip_portpair_t *msg_info) -{ - struct hip_common *user_msg = NULL; - int err = 0; - int n; - - if (!hip_agent_is_alive()) { - return -ENOENT; - } - - HIP_DEBUG("Filtering hip control message trough agent," - " message body size is %d bytes.\n", - hip_get_msg_total_len(msg) - sizeof(struct hip_common)); - - /* Create packet for agent. */ - HIP_IFE(!(user_msg = hip_msg_alloc()), -1); - HIP_IFE(hip_build_user_hdr(user_msg, hip_get_msg_type(msg), 0), -1); - HIP_IFE(hip_build_param_contents(user_msg, msg, HIP_PARAM_ENCAPS_MSG, - hip_get_msg_total_len(msg)), -1); - HIP_IFE(hip_build_param_contents(user_msg, src_addr, HIP_PARAM_SRC_ADDR, - sizeof(*src_addr)), -1); - HIP_IFE(hip_build_param_contents(user_msg, dst_addr, HIP_PARAM_DST_ADDR, - sizeof(*dst_addr)), -1); - HIP_IFE(hip_build_param_contents(user_msg, msg_info, HIP_PARAM_PORTPAIR, - sizeof(*msg_info)), -1); - - n = hip_send_agent(user_msg); - if (n < 0) { - HIP_ERROR("Sendto() failed.\n"); - err = -1; - goto out_err; - } - - HIP_DEBUG("Sent %d bytes to agent for handling.\n", n); - -out_err: - if (user_msg) { - free(user_msg); - } - return err; -} - -/** - * inform agent on changes of in HADB state - * - * @param msg_type the type of the message - * @param data any kind of data to encapsulate inside - * a HIP parameter - * @param size the length of the @c data in bytes - * - * @return zero on success or negative on failure - */ -int hip_agent_update_status(int msg_type, void *data, size_t size) -{ - struct hip_common *user_msg = NULL; - int err = 0; - int n; - - if (!hip_agent_is_alive()) { - return -ENOENT; - } - - /* Create packet for agent. */ - HIP_IFE(!(user_msg = hip_msg_alloc()), -1); - HIP_IFE(hip_build_user_hdr(user_msg, msg_type, 0), -1); - if (size > 0 && data != NULL) { - HIP_IFE(hip_build_param_contents(user_msg, data, HIP_PARAM_ENCAPS_MSG, - size), -1); - } - - n = hip_send_agent(user_msg); - if (n < 0) { - HIP_ERROR("Sendto() failed.\n"); - err = -1; - goto out_err; - } - -out_err: - if (user_msg) { - free(user_msg); - } - return err; -} - -/** - * Update agent on local HIT status - * - * @return zero on success or negative on failure - */ -int hip_agent_update(void) -{ - hip_agent_add_lhits(); - - return 0; -} - /** * Periodic maintenance. * === modified file 'hipd/maintenance.h' --- hipd/maintenance.h 2010-05-12 10:04:40 +0000 +++ hipd/maintenance.h 2010-05-12 16:09:38 +0000 @@ -21,14 +21,8 @@ extern int heartbeat_counter; -int hip_agent_filter(struct hip_common *msg, - struct in6_addr *src_addr, - struct in6_addr *dst_addr, - hip_portpair_t *msg_info); int hip_periodic_maintenance(void); void hip_set_firewall_status(void); -int hip_agent_update_status(int msg_type, void *data, size_t size); -int hip_agent_update(void); int hip_get_firewall_status(void); int hip_icmp_statistics(struct in6_addr *src, struct in6_addr *dst, === modified file 'hipd/oppdb.c' --- hipd/oppdb.c 2010-04-16 18:48:31 +0000 +++ hipd/oppdb.c 2010-05-12 16:09:38 +0000 @@ -205,12 +205,10 @@ * * @param app_id the UDP port of the local library process * @param opp_info information related to the opportunistic connection - * @param reject Zero if Responder supports HIP or one if Responder - * did not respond within a certain timeout (should fallback to TCP/IP). * @return zero on success or negative on failure */ -static int hip_opp_unblock_app(const struct sockaddr_in6 *app_id, hip_opp_info_t *opp_info, - int reject) +static int hip_opp_unblock_app(const struct sockaddr_in6 *app_id, + hip_opp_info_t *opp_info) { struct hip_common *message = NULL; int err = 0, n; @@ -255,15 +253,6 @@ skip_hit_addr: - if (reject) { - n = 1; - HIP_DEBUG("message len: %d\n", hip_get_msg_total_len(message)); - HIP_IFEL(hip_build_param_contents(message, &n, - HIP_PARAM_AGENT_REJECT, - sizeof(n)), -1, - "build param HIP_PARAM_HIT failed\n"); - HIP_DEBUG("message len: %d\n", hip_get_msg_total_len(message)); - } HIP_DEBUG("Unblocking caller at port %d\n", ntohs(app_id->sin6_port)); n = hip_sendto_user(message, (struct sockaddr *) app_id); @@ -295,7 +284,7 @@ goto out_err; } - HIP_IFEL(hip_opp_unblock_app(&entry->caller, opp_info, 0), -1, + HIP_IFEL(hip_opp_unblock_app(&entry->caller, opp_info), -1, "unblock failed\n"); hip_oppdb_del_entry_by_entry(entry); @@ -875,7 +864,7 @@ HIP_DEBUG_HIT("entry initiator hit:", &entry->our_real_hit); HIP_DEBUG_HIT("entry responder ip:", &entry->peer_ip); HIP_DEBUG("Rejecting blocked opp entry\n"); - err = hip_opp_unblock_app(&entry->caller, &info, 0); + err = hip_opp_unblock_app(&entry->caller, &info); HIP_DEBUG("Reject returned %d\n", err); err = hip_oppdb_entry_clean_up(entry); @@ -898,18 +887,6 @@ time_t *now = (time_t *) current_time; struct in6_addr *addr; -#ifdef CONFIG_HIP_AGENT - /* If agent is prompting user, let's make sure that - * the death counter in maintenance does not expire */ - if (hip_agent_is_alive()) { - hip_ha_t *ha = NULL; - ha = hip_oppdb_get_hadb_entry(&entry->our_real_hit, - &entry->peer_ip); - if (ha) { - disable_fallback = ha->hip_opp_fallback_disable; - } - } -#endif if (!disable_fallback && (*now - HIP_OPP_WAIT > entry->creation_time)) { hip_opp_info_t info; @@ -919,7 +896,7 @@ addr = (struct in6_addr *) &entry->peer_ip; hip_oppipdb_add_entry(addr); HIP_DEBUG("Timeout for opp entry, falling back to\n"); - err = hip_opp_unblock_app(&entry->caller, &info, 0); + err = hip_opp_unblock_app(&entry->caller, &info); HIP_DEBUG("Fallback returned %d\n", err); err = hip_oppdb_entry_clean_up(entry); memset(&now, 0, sizeof(now)); @@ -929,33 +906,6 @@ } /** - * reject an opportunistic mode connection - * - * @param entry the connection to reject - * @param data the remote IP address of the Responder - * @return zero on success or negative on failure - */ -int hip_handle_opp_reject(hip_opp_block_t *entry, void *data) -{ - int err = 0; - struct in6_addr *resp_ip = data; - - if (ipv6_addr_cmp(&entry->peer_ip, resp_ip)) { - goto out_err; - } - - HIP_DEBUG_HIT("entry initiator hit:", &entry->our_real_hit); - HIP_DEBUG_HIT("entry responder ip:", &entry->peer_ip); - HIP_DEBUG("Rejecting blocked opp entry\n"); - err = hip_opp_unblock_app(&entry->caller, NULL, 1); - HIP_DEBUG("Reject returned %d\n", err); - err = hip_oppdb_entry_clean_up(entry); - -out_err: - return err; -} - -/** * check if a remote host is not capable of HIP * * @param ip_peer: pointer to the ip of the host to check whether === modified file 'hipd/oppdb.h' --- hipd/oppdb.h 2010-04-13 11:10:38 +0000 +++ hipd/oppdb.h 2010-05-12 16:09:38 +0000 @@ -65,6 +65,4 @@ int hip_for_each_opp(int (*func)(hip_opp_block_t *entry, void *opaq), void *opaque); -int hip_handle_opp_reject(hip_opp_block_t *entry, void *ips); - #endif /* HIP_HIPD_OPPDB_H */ === modified file 'hipd/user.c' --- hipd/user.c 2010-05-12 13:57:56 +0000 +++ hipd/user.c 2010-05-12 16:09:38 +0000 @@ -97,10 +97,6 @@ goto out_err; } - if (ntohs(src->sin6_port) == HIP_AGENT_PORT) { - return hip_recv_agent(msg); - } - /* This prints numerical addresses until we have separate * print function for icomm.h and protodefs.h -miika */ HIP_DEBUG("HIP user message type is: %d\n", msg_type); @@ -142,7 +138,6 @@ HIP_IFEL(hip_user_nat_mode(msg_type), -1, "Error when setting daemon NAT status to \"on\"\n"); - hip_agent_update_status(msg_type, NULL, 0); HIP_DEBUG("Recreate all R1s\n"); hip_recreate_all_precreated_r1_packets(); === modified file 'lib/core/builder.c' --- lib/core/builder.c 2010-05-12 13:57:56 +0000 +++ lib/core/builder.c 2010-05-12 16:09:38 +0000 @@ -1181,9 +1181,6 @@ case HIP_MSG_FIREWALL_PING: return "HIP_MSG_FIREWALL_PING"; case HIP_MSG_FIREWALL_PING_REPLY: return "HIP_MSG_FIREWALL_PING_REPLY"; case HIP_MSG_FIREWALL_QUIT: return "HIP_MSG_FIREWALL_QUIT"; - case HIP_MSG_AGENT_PING: return "HIP_MSG_AGENT_PING"; - case HIP_MSG_AGENT_PING_REPLY: return "HIP_MSG_AGENT_PING_REPLY"; - case HIP_MSG_AGENT_QUIT: return "HIP_MSG_AGENT_QUIT"; case HIP_MSG_DAEMON_QUIT: return "HIP_MSG_DAEMON_QUIT"; case HIP_MSG_I1_REJECT: return "HIP_MSG_I1_REJECT"; case HIP_MSG_SET_NAT_PLAIN_UDP: return "HIP_MSG_SET_NAT_PLAIN_UDP"; @@ -1235,7 +1232,6 @@ { switch (param_type) { case HIP_PARAM_ACK: return "HIP_PARAM_ACK"; - case HIP_PARAM_AGENT_REJECT: return "HIP_PARAM_AGENT_REJECT"; case HIP_PARAM_BLIND_NONCE: return "HIP_PARAM_BLIND_NONCE"; case HIP_PARAM_CERT: return "HIP_PARAM_CERT"; case HIP_PARAM_DH_SHARED_KEY: return "HIP_PARAM_DH_SHARED_KEY"; @@ -3964,27 +3960,6 @@ } /** - * Build and append a UADB info parameter into a message. Used by the HIP - * user agent to inform hipd on HIP connections accepted by hipd. - * - * @param msg a pointer to the message where the parameter will be - * appended - * @param uadb_info uadb_info structure - * @return zero on success, or negative on failure - */ -int hip_build_param_hip_uadb_info(struct hip_common *msg, - struct hip_uadb_info *uadb_info) -{ - int err = 0; - hip_set_param_type((struct hip_tlv_common *) uadb_info, HIP_PARAM_UADB_INFO); - hip_calc_param_len((struct hip_tlv_common *) uadb_info, - sizeof(struct hip_uadb_info) - - sizeof(struct hip_tlv_common)); - err = hip_build_param(msg, uadb_info); - return err; -} - -/** * Build an append a zone parameter for hit-to-ip extension. * * @param msg a pointer to the message where the parameter will be === modified file 'lib/core/builder.h' --- lib/core/builder.h 2010-04-22 10:12:54 +0000 +++ lib/core/builder.h 2010-05-12 16:09:38 +0000 @@ -228,8 +228,6 @@ const char *hostname); int hip_build_param_hip_hdrr_info(struct hip_common *msg, struct hip_hdrr_info *hdrr_info); -int hip_build_param_hip_uadb_info(struct hip_common *msg, - struct hip_uadb_info *uadb_info); int hip_build_param_reg_info(hip_common_t *msg, const void *service_list, const unsigned int service_count); === modified file 'lib/core/capability.c' --- lib/core/capability.c 2010-05-12 10:09:10 +0000 +++ lib/core/capability.c 2010-05-12 16:09:38 +0000 @@ -4,7 +4,7 @@ * Distributed under <a href="http://www.gnu.org/licenses/gpl2.txt";>GNU/GPL</a> * * This file contains functionality to lower the privileges (or - * capabilities) of agent, hipd and hipfw. It is important to restrict + * capabilities) of hipd and hipfw. It is important to restrict * the damage of a exploit to the software. The code is Linux * specific. * === modified file 'lib/core/icomm.h' --- lib/core/icomm.h 2010-05-12 13:57:56 +0000 +++ lib/core/icomm.h 2010-05-12 16:09:38 +0000 @@ -18,8 +18,6 @@ /* Use this port to send asynchronous/unidirectional messages * from hipd to hipfw */ #define HIP_FIREWALL_PORT 971 -/* Use this port to send messages from hipd to agent */ -#define HIP_AGENT_PORT 972 /* Use this port to send synchronous/bidirectional (request-response) * messages from hipd to firewall*/ #define HIP_DAEMON_LOCAL_PORT 973 @@ -136,9 +134,7 @@ #define HIP_MSG_FIREWALL_PING 120 #define HIP_MSG_FIREWALL_PING_REPLY 121 #define HIP_MSG_FIREWALL_QUIT 122 -#define HIP_MSG_AGENT_PING 123 -#define HIP_MSG_AGENT_PING_REPLY 124 -#define HIP_MSG_AGENT_QUIT 125 +/* free slots */ #define HIP_MSG_DAEMON_QUIT 126 #define HIP_MSG_I1_REJECT 127 // free slot === modified file 'lib/core/protodefs.h' --- lib/core/protodefs.h 2010-04-22 10:12:54 +0000 +++ lib/core/protodefs.h 2010-05-12 16:09:38 +0000 @@ -181,7 +181,7 @@ #define HIP_PARAM_PORTPAIR 32788 #define HIP_PARAM_SRC_ADDR 32789 #define HIP_PARAM_DST_ADDR 32790 -#define HIP_PARAM_AGENT_REJECT 32791 +/* free slot */ #define HIP_PARAM_HA_INFO 32792 #define HIP_PARAM_OPENDHT_SET 32793 #define HIP_PARAM_CERT_SPKI_INFO 32794 @@ -205,8 +205,7 @@ #define HIP_PARAM_ESP_PROT_TFM 32812 #define HIP_PARAM_TRANSFORM_ORDER 32813 #define HIP_PARAM_HDRR_INFO 32814 -#define HIP_PARAM_UADB_INFO 32815 -/* free slot */ +/* free slots */ #define HIP_PARAM_SECRET 32817 #define HIP_PARAM_BRANCH_NODES 32818 #define HIP_PARAM_ROOT 32819 @@ -569,8 +568,6 @@ typedef struct hip_hadb_misc_func_set hip_misc_func_set_t; typedef struct hip_hadb_xmit_func_set hip_xmit_func_set_t; typedef struct hip_ipsec_func_set hip_ipsec_func_set_t; -typedef struct hip_hadb_input_filter_func_set hip_input_filter_func_set_t; -typedef struct hip_hadb_output_filter_func_set hip_output_filter_func_set_t; typedef struct hip_common hip_common_t; typedef struct hip_tlv_common hip_tlv_common_t; @@ -1176,14 +1173,6 @@ int hit_verified; } __attribute__ ((packed)); -struct hip_uadb_info { - hip_tlv_type_t type; - hip_tlv_len_t length; - struct in6_addr hitr; - struct in6_addr hitl; - char cert[512]; -} __attribute__ ((packed)); - struct hip_heartbeat { hip_tlv_type_t type; hip_tlv_len_t length; === modified file 'lib/core/state.h' --- lib/core/state.h 2010-05-12 13:57:56 +0000 +++ lib/core/state.h 2010-05-12 16:09:38 +0000 @@ -429,18 +429,8 @@ * @note Do not modify this value directly. Use * hip_ipsec_set_handle_function_set() instead. */ hip_ipsec_func_set_t * hadb_ipsec_func; - /** Input filter function set. Input filter used in the GUI agent. - * @note Do not modify this value directly. Use - * hip_hadb_set_input_filter_function_set() instead. */ - hip_input_filter_func_set_t * hadb_input_filter_func; - /** Output filter function set. Output filter used in the GUI agent. - * @note Do not modify this value directly. Use - * hip_hadb_set_output_filter_function_set() instead. */ - hip_output_filter_func_set_t * hadb_output_filter_func; /** peer hostname */ uint8_t peer_hostname[HIP_HOST_ID_HOSTNAME_LEN_MAX]; - /** True when agent is prompting user and fall back is disabled. */ - int hip_opp_fallback_disable; /** Non-zero if opportunistic TCP mode is on. */ int hip_is_opptcp_on; /** The local port from where the TCP SYN I1 packet will be sent */ @@ -714,14 +704,6 @@ int (*hip_setup_default_sp_prefix_pair)(void); }; -struct hip_hadb_input_filter_func_set { - int (*hip_input_filter)(struct hip_common *msg); -}; - -struct hip_hadb_output_filter_func_set { - int (*hip_output_filter)(struct hip_common *msg); -}; - /* @} */ #endif /* HIP_LIB_CORE_STATE_H */ === removed directory 'lib/gui' === modified file 'lib/opphip/wrap.c' --- lib/opphip/wrap.c 2010-04-21 09:25:35 +0000 +++ lib/opphip/wrap.c 2010-05-12 16:09:38 +0000 @@ -321,8 +321,6 @@ * @param dst_tcp_port the TCP port at the peer needed for the TCP i1 option negotiation * @param fallback set to one by the function if the connection should * fall back to non-HIP communications, or zero otherwise - * @param reject set to one by the function if HIP GUI agent decided to reject the connection - * or zero otherwise * * @return zero on success, non-zero on failure */ @@ -331,15 +329,13 @@ const struct in6_addr *local_hit, in_port_t *src_tcp_port, in_port_t *dst_tcp_port, - int *fallback, - int *reject) + int *fallback) { struct hip_common *msg = NULL; hip_hit_t *ptr = NULL; int err = 0; *fallback = 1; - *reject = 0; HIP_IFE(!(msg = hip_msg_alloc()), -1); @@ -384,12 +380,6 @@ *fallback = 0; } - ptr = hip_get_param(msg, HIP_PARAM_AGENT_REJECT); - if (ptr) { - HIP_DEBUG("Connection is to be rejected\n"); - *reject = 1; - } - out_err: if (msg) { @@ -603,7 +593,7 @@ /* Try opportunistic base exchange to retrieve peer's HIT */ if (is_peer) { - int fallback, reject; + int fallback; /* Request a HIT of the peer from hipd. This will possibly * launch an I1 with NULL HIT that will block until R1 is * received. Called e.g. in connect() or sendto(). If @@ -616,15 +606,8 @@ &src_hit.sin6_addr, (in_port_t *) &src_opptcp_port, (in_port_t *) &dst_opptcp_port, - &fallback, - &reject), + &fallback), -1, "Request from hipd failed\n"); - if (reject) { - HIP_DEBUG("Connection should be rejected\n"); - err = -1; - goto out_err; - } - if (fallback) { HIP_DEBUG("Peer does not support HIP, fallback\n"); goto out_err; === modified file 'packaging/hipl-deb.spec' --- packaging/hipl-deb.spec 2010-05-11 07:02:11 +0000 +++ packaging/hipl-deb.spec 2010-05-12 16:09:38 +0000 @@ -9,7 +9,7 @@ Vendor: InfraHIP License: GPLv2 Group: System Environment/Kernel -BuildRequires: automake, autoconf, libtool, gcc, libgtk2.0-dev, libssl-dev, libxml2-dev, xmlto, doxygen, iptables-dev, libcap-dev, libsqlite3-dev +BuildRequires: automake, autoconf, libtool, gcc, libssl-dev, libxml2-dev, xmlto, doxygen, iptables-dev, libcap-dev ExclusiveOS: linux BuildRoot: %{_tmppath}/%{name}-%{version}-root Prefix: /usr @@ -70,7 +70,7 @@ %package all Summary: HIPL software bundle: HIP for Linux libraries, daemons and documentation Group: System Environment/Kernel -Requires: hipl-lib, hipl-firewall, hipl-daemon, hipl-agent, hipl-tools, hipl-doc, hipl-dnsproxy +Requires: hipl-lib, hipl-firewall, hipl-daemon, hipl-tools, hipl-doc, hipl-dnsproxy %description all %package minimal @@ -82,7 +82,7 @@ %package lib Summary: HIP for Linux libraries Group: System Environment/Kernel -Requires: openssl, libxml2, libgtk2.0-0, iptables, libcap2, libsqlite3-0 +Requires: openssl, libxml2, iptables, libcap2 %description lib %package daemon @@ -114,17 +114,10 @@ Group: System Environment/Kernel %description dnsproxy -%package agent -Requires: hipl-lib, hipl-daemon -Summary: Graphical user interface for HIP for Linux. Provides user-friendly access control "buddy" lists for HIP. -Group: System Environment/Kernel -%description agent - %install rm -rf %{buildroot} install -d %{buildroot}/usr/share/pixmaps -install -m 644 lib/gui/hipmanager.png %{buildroot}/usr/share/pixmaps install -d %{buildroot}/usr/bin install -d %{buildroot}/usr/sbin install -d %{buildroot}/usr/lib @@ -144,7 +137,6 @@ install -t %{buildroot}/usr/lib/python2.6/dist-packages/hipdnsproxy tools/hipdnsproxy/hipdnsproxy install -m 755 tools/hipdnskeyparse/hipdnskeyparse %{buildroot}/usr/sbin/hipdnskeyparse install -m 755 tools/hipdnsproxy/hipdnsproxy %{buildroot}/usr/sbin/hipdnsproxy -install -m 755 agent/hipagent %{buildroot}/usr/sbin/hipagent %post lib /sbin/ldconfig @@ -186,10 +178,6 @@ /usr/sbin/hipd %config /etc/init.d/hipd -%files agent -/usr/share/pixmaps/hipmanager.png -/usr/sbin/hipagent - %files dnsproxy /usr/sbin/hipdnsproxy /usr/sbin/hipdnskeyparse === modified file 'packaging/hipl-rpm.spec' --- packaging/hipl-rpm.spec 2010-05-11 07:02:11 +0000 +++ packaging/hipl-rpm.spec 2010-05-12 16:09:38 +0000 @@ -8,8 +8,7 @@ Vendor: InfraHIP License: GPLv2 Group: System Environment/Kernel -#Requires: openssl gtk2 libxml2 glib2 iptables-devel -BuildRequires: gcc gcc-c++ openssl-devel gtk2-devel libxml2-devel glib2-devel iptables-devel xmlto libtool libcap-devel sqlite-devel autoconf automake xmlto rpm-build +BuildRequires: gcc gcc-c++ openssl-devel libxml2-devel iptables-devel xmlto libtool libcap-devel autoconf automake xmlto rpm-build ExclusiveOS: linux BuildRoot: %{_tmppath}/%{name}-%{version}-root Prefix: /usr @@ -54,7 +53,7 @@ %package all Summary: Full HIPL software bundle. This virtual package is suitable e.g. for client machines. Group: System Environment/Kernel -Requires: hipl-lib hipl-firewall hipl-daemon hipl-agent hipl-tools hipl-doc hipl-dnsproxy +Requires: hipl-lib hipl-firewall hipl-daemon hipl-tools hipl-doc hipl-dnsproxy %description all %package minimal @@ -66,7 +65,7 @@ %package lib Summary: HIP for Linux libraries Group: System Environment/Kernel -Requires: openssl libxml2 gtk2 iptables libcap sqlite +Requires: openssl libxml2 iptables libcap %description lib %package daemon @@ -98,12 +97,6 @@ Group: System Environment/Kernel %description dnsproxy -%package agent -Requires: hipl-lib hipl-daemon -Summary: Graphical user interface for HIP for Linux. Provides user-friendly access control "buddy" lists for HIP. -Group: System Environment/Kernel -%description agent - %install rm -rf %{buildroot} @@ -208,9 +201,6 @@ %{prefix}/sbin/hipd %config /etc/rc.d/init.d/hipd -%files agent -%{prefix}/sbin/hipagent - %files dnsproxy %{prefix}/sbin/hipdnsproxy %{prefix}/sbin/hipdnskeyparse === modified file 'packaging/openwrt/package/Makefile' --- packaging/openwrt/package/Makefile 2010-05-12 13:57:56 +0000 +++ packaging/openwrt/package/Makefile 2010-05-12 16:09:38 +0000 @@ -88,7 +88,6 @@ $(call Build/Configure/Default, \ --enable-shared \ --disable-dht \ - --disable-agent \ --disable-debug \ ); endef === modified file 'tools/hipl_autobuild.sh' --- tools/hipl_autobuild.sh 2010-05-12 13:57:56 +0000 +++ tools/hipl_autobuild.sh 2010-05-12 16:09:38 +0000 @@ -109,10 +109,10 @@ run_program "make -j17 distcheck" # PISA configuration -compile --enable-firewall --disable-agent --disable-rvs --disable-hipproxy --disable-opportunistic --disable-dht --disable-blind --disable-profiling --enable-debug --enable-midauth --disable-performance --disable-demo +compile --enable-firewall --disable-rvs --disable-hipproxy --disable-opportunistic --disable-dht --disable-blind --disable-profiling --enable-debug --enable-midauth --disable-performance --disable-demo # Alternative path to vanilla -compile --enable-firewall --enable-agent --disable-rvs --disable-hipproxy --disable-opportunistic --disable-dht --enable-blind --enable-profiling --disable-debug --enable-midauth --enable-performance --enable-demo +compile --enable-firewall --disable-rvs --disable-hipproxy --disable-opportunistic --disable-dht --enable-blind --enable-profiling --disable-debug --enable-midauth --enable-performance --enable-demo # Compile HIPL within an OpenWrt checkout CONFIGURATION="OpenWrt ARM crosscompile"