[hipl-commit] [trunk] Rev 4570: Remove all disabled debug statements.

  • From: Diego Biurrun <diego@xxxxxxxxxx>
  • To: hipl-commit@xxxxxxxxxxxxx
  • Date: Sat, 22 May 2010 15:38:59 +0300

Committer: Diego Biurrun <diego@xxxxxxxxxx>
Date: 22/05/2010 at 15:38:59
Revision: 4570
Revision-id: diego@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Branch nick: trunk

Log:
  Remove all disabled debug statements.
  
  The reasons for removing the _HIP debug statements are twofold:
  - it shrinks the codebase considerably,
  - identifiers starting with _ and uppercase letters are reserved.

Modified:
  M  doc/HACKING
  M  firewall/conntrack.c
  M  firewall/datapkt.c
  M  firewall/firewall.c
  M  firewall/firewalldb.c
  M  firewall/lsi.c
  M  firewall/opptcp.c
  M  firewall/proxy.c
  M  firewall/rule_management.c
  M  firewall/user_ipsec_api.c
  M  firewall/user_ipsec_esp.c
  M  firewall/user_ipsec_sadb.c
  M  hipd/accessor.c
  M  hipd/blind.c
  M  hipd/cert.c
  M  hipd/cookie.c
  M  hipd/dh.c
  M  hipd/esp_prot_hipd_msg.c
  M  hipd/hadb.c
  M  hipd/hadb_legacy.c
  M  hipd/heartbeat.c
  M  hipd/hidb.c
  M  hipd/hipd.c
  M  hipd/hiprelay.c
  M  hipd/init.c
  M  hipd/input.c
  M  hipd/input.h
  M  hipd/keymat.c
  M  hipd/maintenance.c
  M  hipd/nat.c
  M  hipd/netdev.c
  M  hipd/nsupdate.c
  M  hipd/oppdb.c
  M  hipd/oppipdb.c
  M  hipd/output.c
  M  hipd/registration.c
  M  hipd/update.c
  M  hipd/user.c
  M  lib/core/builder.c
  M  lib/core/capability.c
  M  lib/core/certtools.c
  M  lib/core/conf.c
  M  lib/core/crypto.c
  M  lib/core/debug.c
  M  lib/core/debug.h
  M  lib/core/hashchain.c
  M  lib/core/hashtree.c
  M  lib/core/hostid.c
  M  lib/core/hostsfiles.c
  M  lib/core/message.c
  M  lib/core/prefix.c
  M  lib/core/solve.c
  M  lib/core/straddr.c
  M  lib/opphip/wrap.c
  M  lib/opphip/wrap_db.c
  M  lib/tool/nlink.c
  M  lib/tool/xfrmapi.c
  M  test/certteststub.c

=== modified file 'doc/HACKING'
--- doc/HACKING 2010-05-17 14:56:20 +0000
+++ doc/HACKING 2010-05-22 12:37:40 +0000
@@ -740,17 +740,6 @@
 the developer wants to run the daemon interactively. The wrappers make
 it possible to please both of the groups easily.
 
-Debug statements should not be removed from code because someone may
-have use for the debug statement later on. The preferred way is to put a
-"_" in front of the debug function name to prevent the debug statement
-to ever to be shown (indepently of whether the build is a development
-or production build):
-
-- _HIP_DIE(..)
-- _HIP_ERROR(..)
-- _HIP_INFO(..)
-- _HIP_DEBUG(..)
-
 COMMENTING AND DOCUMENTING THE CODE
 ===================================
 

=== modified file 'firewall/conntrack.c'
--- firewall/conntrack.c        2010-05-18 13:00:13 +0000
+++ firewall/conntrack.c        2010-05-22 12:37:40 +0000
@@ -176,8 +176,6 @@
     memcpy(&data->src_hit, &common->hits, sizeof(struct in6_addr));
     memcpy(&data->dst_hit, &common->hitr, sizeof(struct in6_addr));
 
-    _HIP_DEBUG("get_hip_data:\n");
-
     return data;
 }
 
@@ -712,17 +710,6 @@
     struct connection *connection = malloc(sizeof(struct connection));
     struct esp_tuple *esp_tuple   = NULL;
 
-
-    _HIP_DEBUG("insert_connection_from_update\n");
-    if (esp_info) {
-        _HIP_DEBUG(" esp_info ");
-    }
-    if (locator) {
-        _HIP_DEBUG(" locator ");
-    }
-    if (esp_info) {
-        _HIP_DEBUG(" esp_info ");
-    }
     esp_tuple = esp_tuple_from_esp_info_locator(esp_info, locator, seq,
                                                 &connection->reply);
     if (esp_tuple == NULL) {
@@ -1052,8 +1039,6 @@
                                    append_to_slist((SList *) 
other_dir->esp_tuples, esp_tuple);
 
         insert_esp_tuple(esp_tuple);
-    } else {
-        _HIP_DEBUG("ESP tuple already exists!\n");
     }
 
     // TEST_END
@@ -1187,7 +1172,6 @@
 
         n                        = (hip_get_param_total_len(locator) - 
sizeof(struct hip_locator))
                                    / sizeof(struct hip_locator_info_addr_item);
-        _HIP_DEBUG(" %d locator addresses\n", n);
 
         if (n < 1) {
             HIP_DEBUG("no locator param found\n");
@@ -1239,7 +1223,6 @@
 
         locator_addr = (struct hip_locator_info_addr_item *)
                        ((uint8_t *) locator + sizeof(struct hip_locator));
-        _HIP_DEBUG("locator addr: old tuple");
         print_esp_tuple(esp_tuple);
 
         while (n > 0) {
@@ -1257,8 +1240,6 @@
         print_esp_tuple(esp_tuple);
     }
 
-    _HIP_DEBUG("done, ");
-
 out_err:
     return err;
 }
@@ -1290,8 +1271,6 @@
     const struct in6_addr *ip6_src     = &ctx->src;
     int err                            = 1;
 
-    _HIP_DEBUG("handle_update\n");
-
     /* get params from UPDATE message */
     seq      = (struct hip_seq *) hip_get_param(common, HIP_PARAM_SEQ);
     esp_info = (struct hip_esp_info *) hip_get_param(common, 
HIP_PARAM_ESP_INFO);
@@ -1299,14 +1278,8 @@
     locator  = (struct hip_locator *) hip_get_param(common, HIP_PARAM_LOCATOR);
     spi      = (struct hip_spi *) hip_get_param(common, HIP_PARAM_ESP_INFO);
 
-    if (spi) {
-        _HIP_DEBUG("handle_update: spi param, spi: 0x%lx \n", ntohl(spi->spi));
-    }
-
     /* connection changed to a path going through this firewall */
     if (tuple == NULL) {
-        _HIP_DEBUG("unknown connection\n");
-
         // @todo this should only be the case, if (old_spi == 0) != new_spi -> 
check
 
         /* attempt to create state for new connection */
@@ -1379,12 +1352,6 @@
             other_dir_esps  = tuple->connection->original.esp_tuples;
         }
 
-        if (seq != NULL) {
-            /* announces something new */
-
-            _HIP_DEBUG("handle_update: seq found, update id %d\n", 
seq->update_id);
-        }
-
         /* distinguishing different UPDATE types and type combinations
          *
          * TODO check processing of parameter combinations
@@ -1392,33 +1359,22 @@
         if (esp_info && locator && seq) {
             /* Handling single esp_info and locator parameters
              * Readdress with mobile-initiated rekey */
-
-            _HIP_DEBUG("handle_update: esp_info and locator found\n");
-
             esp_tuple = find_esp_tuple(other_dir_esps, 
ntohl(esp_info->old_spi));
 
             if (!esp_tuple) {
-                _HIP_DEBUG("No suitable esp_tuple found for updating\n");
-
                 err = 0;
                 goto out_err;
             }
 
             if (!update_esp_tuple(esp_info, locator, seq, esp_tuple)) {
-                _HIP_DEBUG("failed to update the esp_tuple\n");
-
                 err = 0;
                 goto out_err;
             }
         } else if (locator && seq) {
             /* Readdress without rekeying */
-
-            _HIP_DEBUG("handle_update: locator found\n");
             esp_tuple = find_esp_tuple(other_dir_esps, 
ntohl(esp_info->new_spi));
 
             if (esp_tuple == NULL) {
-                _HIP_DEBUG("No suitable esp_tuple found for updating\n");
-
                 err = 0;
                 goto out_err;
                 /* if mobile host spi not intercepted, but valid */
@@ -1430,17 +1386,11 @@
             }
         } else if (esp_info && seq) {
             /* replying to Readdress with mobile-initiated rekey */
-
-            _HIP_DEBUG("handle_update: esp_info found old:0x%lx new:0x%lx\n",
-                       ntohl(esp_info->old_spi), ntohl(esp_info->new_spi));
-
             if (ntohl(esp_info->old_spi) != ntohl(esp_info->new_spi)) {
                 esp_tuple = find_esp_tuple(other_dir_esps, 
ntohl(esp_info->old_spi));
 
                 if (esp_tuple == NULL) {
                     if (tuple->connection->state != 
STATE_ESTABLISHING_FROM_UPDATE) {
-                        _HIP_DEBUG("No suitable esp_tuple found for 
updating\n");
-
                         err = 0;
                         goto out_err;
                     } else {                   /* connection state is being 
established from update */
@@ -1990,8 +1940,6 @@
                                 option->accept_mobile, ctx);
 
 out_err:
-    _HIP_DEBUG("filter state: returning %d \n", return_value);
-
     return return_value;
 }
 
@@ -2019,8 +1967,6 @@
     // look up tuple in the db
     tuple = get_tuple_by_hip(data, buf->type_hdr, ip6_src);
 
-    _HIP_DEBUG("checking packet...\n");
-
     // the accept_mobile parameter is true as packets
     // are not filtered here
     verdict = check_packet(ip6_src, ip6_dst, buf, tuple, 0, 1, ctx);

=== modified file 'firewall/datapkt.c'
--- firewall/datapkt.c  2010-05-18 13:26:36 +0000
+++ firewall/datapkt.c  2010-05-22 12:37:40 +0000
@@ -109,7 +109,6 @@
     /* @todo: this will assert  */
     HIP_IFEL(hip_build_user_hdr(msg, 
HIP_MSG_BUILD_HOST_ID_SIGNATURE_DATAPACKET, 0),
              -1, "build hdr failed\n");
-    _HIP_DUMP_MSG(msg);
 
     /* send msg to hipd and receive corresponding reply */
     HIP_IFEL(hip_send_recv_daemon_info(msg, 0, 0), -1, "send_recv msg 
failed\n");

=== modified file 'firewall/firewall.c'
--- firewall/firewall.c 2010-05-18 13:46:12 +0000
+++ firewall/firewall.c 2010-05-22 12:37:40 +0000
@@ -1689,8 +1689,6 @@
     ctx->ip_version = ip_version;
 
     if (ctx->ip_version == 4) {
-        _HIP_DEBUG("IPv4 packet\n");
-
         struct ip *iphdr = (struct ip *) ctx->ipq_packet->payload;
         // add pointer to IPv4 header to context
         ctx->ip_hdr.ipv4 = iphdr;
@@ -1758,8 +1756,6 @@
         // add UDP header to context
         ctx->udp_encap_hdr = udphdr;
     } else if (ctx->ip_version == 6) {
-        _HIP_DEBUG("IPv6 packet\n");
-
         struct ip6_hdr *ip6_hdr = (struct ip6_hdr *) ctx->ipq_packet->payload;
         // add pointer to IPv4 header to context
         ctx->ip_hdr.ipv6 = ip6_hdr;
@@ -1866,9 +1862,6 @@
         }
     }
 
-    _HIP_DEBUG("udp hdr len %d\n", ntohs(udphdr->len));
-    _HIP_HEXDUMP("hexdump ", udphdr, 20);
-
     // HIP packets have zero bytes (IPv4 only right now)
     if (ctx->ip_version == 4 && udphdr
         && ((udphdr->source == ntohs(hip_get_local_nat_udp_port())) ||
@@ -2318,8 +2311,6 @@
     // FIXME memleak - not free'd on exit
     h6 = ipq_create_handle(0, PF_INET6);
 
-    _HIP_DEBUG("IPQ error: %s \n", ipq_errstr());
-
     if (!h6) {
         die(h6);
     }
@@ -2378,8 +2369,6 @@
         timeout.tv_sec  = HIP_SELECT_TIMEOUT;
         timeout.tv_usec = 0;
 
-        _HIP_DEBUG("HIP fw select\n");
-
         // get handle with queued packet and process
         /* @todo: using HIPD_SELECT blocks hipfw with R1 */
         if ((err = select((highest_descriptor + 1), &read_fdset,
@@ -2435,8 +2424,6 @@
                 continue;
             }
 
-
-            _HIP_DEBUG("Header received successfully\n");
             alen = sizeof(sock_addr);
             len  = hip_get_msg_total_len(msg);
 
@@ -2513,7 +2500,6 @@
 {
     // only query for default hit if global variable is not set
     if (ipv6_addr_is_null(&default_hit)) {
-        _HIP_DEBUG("Querying hipd for default hit\n");
         if (hip_query_default_local_hit_from_hipd()) {
             return NULL;
         }
@@ -2533,7 +2519,6 @@
 {
     // only query for default lsi if global variable is not set
     if (default_lsi.s_addr == 0) {
-        _HIP_DEBUG("Querying hipd for default lsi\n");
         if (hip_query_default_local_hit_from_hipd()) {
             return NULL;
         }

=== modified file 'firewall/firewalldb.c'
--- firewall/firewalldb.c       2010-04-15 23:36:41 +0000
+++ firewall/firewalldb.c       2010-05-22 12:37:40 +0000
@@ -645,7 +645,6 @@
 
     switch (proto) {
     case IPPROTO_UDP:
-        _HIP_DEBUG("IPPROTO_UDP\n");
         if (is_ipv6) {
             HIP_DEBUG(" IPPROTO_UDP v6\n");
             firewall_raw_sock              = firewall_raw_sock_udp_v6;
@@ -669,7 +668,6 @@
         }
         break;
     case IPPROTO_TCP:
-        _HIP_DEBUG("IPPROTO_TCP\n");
         tcp        = (struct tcphdr *) msg;
         tcp->check = htons(0);
 
@@ -686,9 +684,6 @@
                                               (uint8_t *) 
&(sock_src4->sin_addr),
                                               (uint8_t *) 
&(sock_dst4->sin_addr),
                                               (uint8_t *) tcp, len);
-            _HIP_DEBUG("checksum %x, len=%d\n", htons(tcp->check), len);
-            _HIP_DEBUG_LSI("src", &(sock_src4->sin_addr));
-            _HIP_DEBUG_LSI("dst", &(sock_dst4->sin_addr));
 
             memmove((char *) (msg + sizeof(struct ip)), (uint8_t *) tcp, len);
         }
@@ -699,8 +694,6 @@
         icmp->checksum    = htons(0);
         icmp->checksum    = inchksum(icmp, len);
         memmove((char *) (msg + sizeof(struct ip)), (uint8_t *) icmp, len);
-        _HIP_DEBUG("icmp->type = %d\n", icmp->type);
-        _HIP_DEBUG("icmp->code = %d\n", icmp->code);
         break;
     case IPPROTO_ICMPV6:
         goto not_sending;
@@ -730,8 +723,6 @@
             HIP_IFEL(err, -1, "setsockopt IP_HDRINCL ERROR\n");
         }
 
-
-        _HIP_HEXDUMP("hex", iphdr, (len + sizeof(struct ip)));
         sent = sendto(firewall_raw_sock, iphdr,
                       iphdr->ip_len, 0,
                       (struct sockaddr *) &dst, sa_size);
@@ -819,7 +810,6 @@
 
     switch (proto) {
     case IPPROTO_TCP:
-        _HIP_DEBUG("IPPROTO_TCP\n");
         ((struct tcphdr *) msg)->check = htons(0);
         if (is_ipv6) {
             firewall_raw_sock = firewall_raw_sock_tcp_v6;

=== modified file 'firewall/lsi.c'
--- firewall/lsi.c      2010-05-17 18:24:10 +0000
+++ firewall/lsi.c      2010-05-22 12:37:40 +0000
@@ -520,8 +520,6 @@
     HIP_IFEL(hip_send_recv_daemon_info(msg, 1, hip_fw_async_sock),
              -1, "send msg failed\n");
 
-    _HIP_DEBUG("send_recv msg succeed\n");
-
 out_err:
     if (msg) {
         free(msg);
@@ -580,10 +578,6 @@
         HIP_DEBUG("HIP packet size greater than buffer size\n");
     }
 
-    _HIP_DEBUG("Reinject packet packet length (%d)\n", packet_length);
-    _HIP_DEBUG("      Protocol %d\n", protocol);
-    _HIP_DEBUG("      ipOrigTraffic %d \n", ipOrigTraffic);
-
     /* Note: using calloc to zero memory region here because I think
      * firewall_send_incoming_pkt() calculates checksum
      * from too long region sometimes. See bug id 874 */

=== modified file 'firewall/opptcp.c'
--- firewall/opptcp.c   2010-05-21 10:36:58 +0000
+++ firewall/opptcp.c   2010-05-22 12:37:40 +0000
@@ -75,7 +75,6 @@
     /* send and receive msg to/from hipd */
     HIP_IFEL(hip_send_recv_daemon_info(msg, 1, hip_fw_async_sock), -1,
              "send_recv msg failed\n");
-    _HIP_DEBUG("send_recv msg succeed\n");
     /* check error value */
     HIP_IFEL(hip_get_msg_err(msg), -1, "Got erroneous message!\n");
 

=== modified file 'firewall/proxy.c'
--- firewall/proxy.c    2010-05-18 12:21:25 +0000
+++ firewall/proxy.c    2010-05-22 12:37:40 +0000
@@ -95,7 +95,6 @@
      * prevent receiving of R1 message. This message has to be delivered
      * with the async socket because opportunistic mode responds 
asynchronously */
     HIP_IFEL(hip_send_recv_daemon_info(msg, 1, hip_fw_async_sock), -1, 
"sending msg failed\n");
-    _HIP_DEBUG("send_recv msg succeed\n");
 
 out_err:
 
@@ -247,9 +246,6 @@
     /* Points either to v4 or v6 raw sock */
     int hip_raw_sock = 0;
 
-
-    _HIP_DEBUG("hip_send_raw() invoked.\n");
-
     /* Verify the existence of obligatory parameters. */
     HIP_ASSERT(peer_addr != NULL && msg != NULL);
 
@@ -470,8 +466,6 @@
     /* Points either to v4 or v6 raw sock */
     int hip_raw_sock            = 0;
 
-
-    _HIP_DEBUG("hip_send_raw() invoked.\n");
     HIP_HEXDUMP("ip msg dump: ", buff, len);
 
     /* Verify the existence of obligatory parameters. */

=== modified file 'firewall/rule_management.c'
--- firewall/rule_management.c  2010-04-15 23:26:21 +0000
+++ firewall/rule_management.c  2010-05-22 12:37:40 +0000
@@ -101,11 +101,8 @@
     struct stat status;
     FILE *fp = NULL;
     ssize_t items;
-
     int i    = 0;
 
-    _HIP_DEBUG("\n");
-
     /* Firewall depends on hipd to create /etc/hip */
     for (i = 0; i < 5; i++) {
         if (stat(DEFAULT_CONFIG_DIR, &status) &&
@@ -191,9 +188,6 @@
         }
         if (rule->src_hi != NULL) {
             HIP_DEBUG("src_hi exists ");
-            _HIP_HEXDUMP("hi ",
-                         rule->src_hi,
-                         hip_get_param_total_len(rule->src_hi));
         }
         if (rule->type != NULL) {
             HIP_DEBUG(" %s ", TYPE_STR);
@@ -266,7 +260,6 @@
         print_rule(rule);
         list = list->next;
     }
-    _HIP_DEBUG("stateful filtering %d\n", get_stateful_filtering());
 }
 
 /*------------- ALLOCATING & FREEING -----------------*/
@@ -355,7 +348,6 @@
     struct in6_addr *hit      = NULL;
 
     if (!strcmp(token, NEGATE_STR)) {
-        _HIP_DEBUG("found ! \n");
         option->boolean = 0;
         token           = (char *) strtok(NULL, " ");
     } else {
@@ -386,7 +378,6 @@
     unsigned char *rsa_key_rr = NULL;
     int rsa_key_rr_len;
 
-    _HIP_DEBUG("load_rsa_file: \n");
     rsa = RSA_new();
     rsa = PEM_read_RSA_PUBKEY(fp, &rsa, NULL, NULL);
     if (!rsa) {
@@ -394,19 +385,11 @@
         RSA_free(rsa);
         return NULL;
     }
-    _HIP_HEXDUMP("load_rsa_file: rsa : ", rsa,
-                 RSA_size(rsa));
-    _HIP_DEBUG("load_rsa_file: \n");
     rsa_key_rr     = malloc(sizeof(struct hip_host_id));
-    _HIP_DEBUG("load_rsa_file: size allocated\n");
     rsa_key_rr_len = rsa_to_dns_key_rr(rsa, &rsa_key_rr);
     hi             = malloc(sizeof(struct hip_host_id));
-    _HIP_DEBUG("load_rsa_file: rsa_key_len %d\n", rsa_key_rr_len);
     hip_build_param_host_id_hdr(hi, NULL, rsa_key_rr_len, HIP_HI_RSA);
-    _HIP_DEBUG("load_rsa_file: build param hi hdr \n");
     hip_build_param_host_id_only(hi, rsa_key_rr, NULL);
-    _HIP_HEXDUMP("load_rsa_file: host identity : ", hi,
-                 hip_get_param_total_len(hi));
 
     return hi;
 }
@@ -425,28 +408,18 @@
     unsigned char *dsa_key_rr = NULL;
     int dsa_key_rr_len;
 
-    _HIP_DEBUG("load_dsa_file: \n");
     dsa = DSA_new();
-    _HIP_DEBUG("load_dsa_file: new\n");
     dsa = PEM_read_DSA_PUBKEY(fp, &dsa, NULL, NULL);
     if (!dsa) {
         HIP_DEBUG("reading RSA file failed \n");
         DSA_free(dsa);
         return NULL;
     }
-    _HIP_HEXDUMP("load_dsa_file: dsa : ", dsa,
-                 DSA_size(dsa));
-    _HIP_DEBUG("load_dsa_file: \n");
     dsa_key_rr     = malloc(sizeof(struct hip_host_id));
-    _HIP_DEBUG("load_dsa_file: size allocated\n");
     dsa_key_rr_len = dsa_to_dns_key_rr(dsa, &dsa_key_rr);
     hi             = malloc(sizeof(struct hip_host_id));
-    _HIP_DEBUG("load_dsa_file: dsa_key_len %d\n", dsa_key_rr_len);
     hip_build_param_host_id_hdr(hi, NULL, dsa_key_rr_len, HIP_HI_DSA);
-    _HIP_DEBUG("load_dsa_file: build param hi hdr \n");
     hip_build_param_host_id_only(hi, dsa_key_rr, NULL);
-    _HIP_HEXDUMP("load_dsa_file: host identity : ", hi,
-                 hip_get_param_total_len(hi));
     return hi;
 }
 
@@ -480,7 +453,6 @@
         HIP_DEBUG("Invalid filename for HI: missing _rsa_ or _dsa_ \n");
         return NULL;
     }
-    _HIP_DEBUG("parse_hi: algo found %d\n", algo);
     if (algo == HIP_HI_RSA) {
         hi = load_rsa_file(fp);
     } else {
@@ -493,9 +465,7 @@
 
     /* verify hi => hit */
     hip_host_id_to_hit(hi, &temp_hit, HIP_HIT_TYPE_HASH100);
-    if (!ipv6_addr_cmp(&temp_hit, hit)) {
-        _HIP_DEBUG("parse hi: hi-hit match\n");
-    } else {
+    if (ipv6_addr_cmp(&temp_hit, hit)) {
         HIP_DEBUG("HI in file %s does not match hit %s \n",
                   token, addr_to_numeric(hit));
         free(hi);
@@ -627,7 +597,6 @@
     char *token;
     int option_found  = NO_OPTION;
 
-    _HIP_DEBUG("parse rule string: %s\n", string);
     token = (char *) strtok(string, " ");
     if (token == NULL) {
         return NULL;
@@ -636,13 +605,10 @@
     /* rule needs to start with a hook */
     if (!strcmp(token, INPUT_STR)) {
         rule->hook = NF_IP6_LOCAL_IN;
-        _HIP_DEBUG("INPUT found \n");
     } else if (!strcmp(token, OUTPUT_STR)) {
         rule->hook = NF_IP6_LOCAL_OUT;
-        _HIP_DEBUG("OUTPUT found \n");
     } else if (!strcmp(token, FORWARD_STR)) {
         rule->hook = NF_IP6_FORWARD;
-        _HIP_DEBUG("FORWARD found \n");
     } else {
         HIP_DEBUG("rule is missing netfilter hook\n");
         free_rule(rule);
@@ -664,7 +630,6 @@
                     return NULL;
                 }
                 option_found = SRC_HIT_OPTION;
-                _HIP_DEBUG("src_hit found\n");
             } else if (!strcmp(token, DST_HIT_STR))      {
                 /* option already defined */
                 if (rule->dst_hit != NULL) {
@@ -673,7 +638,6 @@
                     return NULL;
                 }
                 option_found = DST_HIT_OPTION;
-                _HIP_DEBUG("dst_hit found\n");
             } else if (!strcmp(token, SRC_HI_STR))      {
                 /* option already defined */
                 if (rule->src_hit == NULL || /* no hit for hi */
@@ -684,7 +648,6 @@
                     return NULL;
                 }
                 option_found = SRC_HI_OPTION;
-                _HIP_DEBUG("src_hi found\n");
             } else if (!strcmp(token, TYPE_STR))      {
                 /* option already defined */
                 if (rule->type != NULL) {
@@ -693,7 +656,6 @@
                     return NULL;
                 }
                 option_found = TYPE_OPTION;
-                _HIP_DEBUG("type found\n");
             } else if (!strcmp(token, STATE_STR))      {
                 /* option already defined */
                 if (rule->state != NULL) {
@@ -702,7 +664,6 @@
                     return NULL;
                 }
                 option_found = STATE_OPTION;
-                _HIP_DEBUG("state found\n");
             } else if (!strcmp(token, VERIFY_RESPONDER_STR))      {
                 /* related state option must be defined */
                 if (rule->state == NULL) {
@@ -712,7 +673,6 @@
                     return NULL;
                 }
                 rule->state->verify_responder = 1;
-                _HIP_DEBUG("%s found\n", VERIFY_RESPONDER_STR);
             } else if (!strcmp(token, ACCEPT_MOBILE_STR))      {
                 /* related state option must be defined */
                 if (rule->state == NULL) {
@@ -722,7 +682,6 @@
                     return NULL;
                 }
                 rule->state->accept_mobile = 1;
-                _HIP_DEBUG("%s found\n", ACCEPT_MOBILE_STR);
             } else if (!strcmp(token, DECRYPT_CONTENTS_STR))      {
                 /* related state option must be defined */
                 if (rule->state == NULL) {
@@ -732,7 +691,6 @@
                     return NULL;
                 }
                 rule->state->decrypt_contents = 1;
-                _HIP_DEBUG("%s found\n", DECRYPT_CONTENTS_STR);
             } else if (!strcmp(token, IN_IF_STR))      {
                 /* option already defined */
                 /* rule in output hook can't have incoming if */
@@ -742,7 +700,6 @@
                     return NULL;
                 }
                 option_found = IN_IF_OPTION;
-                _HIP_DEBUG("-i found\n");
             } else if (!strcmp(token, OUT_IF_STR))      {
                 /* option already defined */
                 /* rule in input hook can't have outcoming if */
@@ -752,7 +709,6 @@
                     return NULL;
                 }
                 option_found = OUT_IF_OPTION;
-                _HIP_DEBUG("-o found\n");
             } else if (!strcmp(token, "ACCEPT"))      {
                 /* target already defined */
                 if (rule->accept > -1) {
@@ -761,7 +717,6 @@
                     return NULL;
                 }
                 rule->accept = 1;
-                _HIP_DEBUG("accept found \n");
                 break;
             } else if (!strcmp(token, "DROP"))      {
                 /* target already defined */
@@ -771,7 +726,6 @@
                     return NULL;
                 }
                 rule->accept = 0;
-                _HIP_DEBUG("drop found \n");
                 break;
             } else {
                 /* invalid option */
@@ -783,8 +737,6 @@
             /* matching value for previous option */
             if (option_found == SRC_HIT_OPTION) {
                 rule->src_hit = parse_hit(token);
-                _HIP_DEBUG("parse_rule : src hit %d %s \n", rule->src_hit,
-                           addr_to_numeric(&rule->src_hit->value));
                 if (rule->src_hit == NULL) {
                     HIP_DEBUG("error parsing rule: src_hit value \n");
                     free_rule(rule);
@@ -801,7 +753,6 @@
                 option_found = NO_OPTION;
             }
             if (option_found == SRC_HI_OPTION) {
-                _HIP_DEBUG("parse_rule: src hi \n");
                 rule->src_hi = parse_hi(token, &rule->src_hit->value);
                 if (rule->src_hi == NULL) {
                     HIP_DEBUG("error parsing rule: src_hi value \n");
@@ -857,7 +808,6 @@
         return NULL;
     }
 
-    _HIP_DEBUG("done with parsing rule ");
     //print_rule(rule);
     return rule;
 }
@@ -873,7 +823,6 @@
  */
 DList *read_rules(const int hook)
 {
-    _HIP_DEBUG("read_rules\n");
     return (DList *) get_rule_list(hook);
 }
 
@@ -883,7 +832,6 @@
  */
 void read_rules_exit(const int hook)
 {
-    _HIP_DEBUG("read_rules_exit\n");
 }
 
 /*----------- RULE MANAGEMENT -----------*/

=== modified file 'firewall/user_ipsec_api.c'
--- firewall/user_ipsec_api.c   2010-04-15 16:57:50 +0000
+++ firewall/user_ipsec_api.c   2010-05-22 12:37:40 +0000
@@ -200,8 +200,6 @@
     HIP_ASSERT(ipv6_addr_is_hit(&ctx->src) && ipv6_addr_is_hit(&ctx->dst));
 
     HIP_DEBUG("original packet length: %u \n", ctx->ipq_packet->data_len);
-    _HIP_HEXDUMP("original packet :", ctx->ipq_packet->payload,
-                 ctx->ipq_packet->data_len);
 
     ip6_hdr = (struct ip6_hdr *) ctx->ipq_packet->payload;
 
@@ -340,11 +338,6 @@
     HIP_DEBUG_HIT("src hit: ", &entry->inner_src_addr);
     HIP_DEBUG_HIT("dst hit: ", &entry->inner_dst_addr);
 
-    // XX TODO implement check with seq window
-    // check for correct SEQ no.
-    _HIP_DEBUG("SEQ no. of entry: %u \n", entry->sequence);
-    _HIP_DEBUG("SEQ no. of incoming packet: %u \n", seq_no);
-
     // decrypt the packet and create a new HIT-based one
     HIP_IFEL(hip_beet_mode_input(ctx, entry, decrypted_packet,
                                  &decrypted_packet_len), 1,

=== modified file 'firewall/user_ipsec_esp.c'
--- firewall/user_ipsec_esp.c   2010-04-15 23:36:41 +0000
+++ firewall/user_ipsec_esp.c   2010-05-22 12:37:40 +0000
@@ -96,8 +96,6 @@
     int esp_prot_hash_length        = 0;
     int err                         = 0;
 
-    _HIP_DEBUG("original packet length: %i \n", ctx->ipq_packet->data_len);
-
     // distinguish IPv4 and IPv6 output
     if (IN6_IS_ADDR_V4MAPPED(preferred_peer_addr)) {
         // calculate offset at which esp data should be located
@@ -426,8 +424,6 @@
     /* padding and esp_tail are encrypted too */
     elen += pad_len + sizeof(struct hip_esp_tail);
 
-    _HIP_HEXDUMP("data to be encrypted: ", in, elen);
-
     /* Apply the encryption cipher directly into out buffer
      * to avoid extra copying */
     switch (entry->ealg) {

=== modified file 'firewall/user_ipsec_sadb.c'
--- firewall/user_ipsec_sadb.c  2010-04-15 23:31:51 +0000
+++ firewall/user_ipsec_sadb.c  2010-05-22 12:37:40 +0000
@@ -77,9 +77,6 @@
         memset(&hash, 0, INDEX_HASH_LENGTH);
     }
 
-    _HIP_HEXDUMP("sa entry hash: ", hash, INDEX_HASH_LENGTH);
-    _HIP_DEBUG("hash (converted): %lu\n", *((unsigned long *) hash));
-
     // just consider sub-string of 4 bytes here
     return *((unsigned long *) hash);
 }
@@ -101,10 +98,8 @@
     // values have to be present
     HIP_ASSERT(sa_entry1 && sa_entry2);
 
-    _HIP_DEBUG("calculating hash1:\n");
     HIP_IFEL(!(hash1 = hip_sa_entry_hash(sa_entry1)), -1,
              "failed to hash sa entry\n");
-    _HIP_DEBUG("calculating hash2:\n");
     HIP_IFEL(!(hash2 = hip_sa_entry_hash(sa_entry2)), -1,
              "failed to hash sa entry\n");
 
@@ -146,9 +141,6 @@
         memset(&hash, 0, INDEX_HASH_LENGTH);
     }
 
-    _HIP_HEXDUMP("sa entry hash: ", hash, INDEX_HASH_LENGTH);
-    _HIP_DEBUG("hash (converted): %lu\n", *((unsigned long *) hash));
-
     // just consider sub-string of 4 bytes here
     return *((unsigned long *) hash);
 }
@@ -171,10 +163,8 @@
     HIP_ASSERT(link_entry1 != NULL && link_entry1->spi != 0);
     HIP_ASSERT(link_entry2 != NULL && link_entry2->spi != 0);
 
-    _HIP_DEBUG("calculating hash1:\n");
     HIP_IFEL(!(hash1 = hip_link_entry_hash(link_entry1)), -1,
              "failed to hash link entry\n");
-    _HIP_DEBUG("calculating hash2:\n");
     HIP_IFEL(!(hash2 = hip_link_entry_hash(link_entry2)), -1,
              "failed to hash link entry\n");
 

=== modified file 'hipd/accessor.c'
--- hipd/accessor.c     2010-05-12 16:09:38 +0000
+++ hipd/accessor.c     2010-05-22 12:37:40 +0000
@@ -71,8 +71,6 @@
 
     type = hip_get_msg_type(msg);
 
-    _HIP_DEBUG("type=%d\n", type);
-
     memset(&sock_addr, 0, sizeof(sock_addr));
     sock_addr.sin6_family = AF_INET6;
     sock_addr.sin6_port   = htons(HIP_FIREWALL_PORT);

=== modified file 'hipd/blind.c'
--- hipd/blind.c        2010-05-17 22:11:11 +0000
+++ hipd/blind.c        2010-05-22 12:37:40 +0000
@@ -240,7 +240,6 @@
 
     HIP_IFEL(hip_blind_find_local_hi(nonce, blind_hit, plain_hit),
              -1, "hip_blind_find_local_hit failed\n");
-    _HIP_DEBUG_HIT("local hit_found", plain_hit);
 
 out_err:
     return err;
@@ -633,8 +632,6 @@
              -1, "Failed to alloc memory for dh_data1\n");
     memset(dh_data1, 0, dh_size1);
 
-    _HIP_DEBUG("dh_size=%d\n", dh_size1);
-
     /* Allocate memory for writing the second Diffie-Hellman shared secret */
     HIP_IFEL((dh_size2 = hip_get_dh_size(HIP_SECOND_DH_GROUP_ID)) == 0,
              -1, "Could not get dh_size2\n");
@@ -642,8 +639,6 @@
              -1, "Failed to alloc memory for dh_data2\n");
     memset(dh_data2, 0, dh_size2);
 
-    _HIP_DEBUG("dh_size=%d\n", dh_size2);
-
     /* Ready to begin building of the R1 packet */
     mask |= HIP_PACKET_CTRL_BLIND;
 
@@ -701,7 +696,6 @@
 
     /********** Signature 2 **********/
     HIP_IFEL(sign(private_key, msg), -1, "Signing of R1 failed.\n");
-    _HIP_HEXDUMP("R1", msg, hip_get_msg_total_len(msg));
 
     /********** ECHO_REQUEST (OPTIONAL) *********/
 

=== modified file 'hipd/cert.c'
--- hipd/cert.c 2010-05-17 18:24:10 +0000
+++ hipd/cert.c 2010-05-22 12:37:40 +0000
@@ -58,12 +58,6 @@
              -1, "No cert_info struct found\n");
     memcpy(cert, p_cert, sizeof(struct hip_cert_spki_info));
 
-    _HIP_DEBUG("\n\n** CONTENTS of public key sequence **\n"
-               "%s\n\n", cert->public_key);
-    _HIP_DEBUG("\n\n** CONTENTS of cert sequence to be signed **\n"
-               "%s\n\n", cert->cert);
-    _HIP_DEBUG("\n\n** CONTENTS of public key sequence **\n"
-               "%s\n\n", cert->signature);
     HIP_DEBUG_HIT("Getting keys for HIT", &cert->issuer_hit);
 
     HIP_IFEL(hip_get_host_id_and_priv_key(hip_local_hostid_db, 
&cert->issuer_hit,
@@ -83,7 +77,6 @@
     /* build sha1 digest that will be signed */
     HIP_IFEL(!(sha_retval = SHA1((unsigned char *) cert->cert, strlen((char *) 
cert->cert), sha_digest)),
              -1, "SHA1 error when creating digest.\n");
-    _HIP_HEXDUMP("SHA1 digest of cert sequence ", sha_digest, 
sizeof(sha_digest));
 
     if (algo == HIP_HI_RSA) {
         signature_b64 = malloc(RSA_size(rsa));
@@ -110,9 +103,6 @@
         err       = RSA_sign(NID_sha1, sha_digest, SHA_DIGEST_LENGTH, 
signature,
                              (unsigned int *) &sig_len, rsa);
         HIP_IFEL((err = err == 0 ? -1 : 0), -1, "RSA_sign error\n");
-
-        _HIP_HEXDUMP("Signature created for the certificate ", signature, 
sig_len);
-        _HIP_DEBUG("Siglen %d, err :%d\n", sig_len, err);
     } else if (algo == HIP_HI_DSA) {
         p_bin        = malloc(BN_num_bytes(dsa->p) + 1);
         HIP_IFEL((!p_bin), -1, "Malloc for p_bin failed\n");
@@ -167,8 +157,6 @@
     sprintf(cert->signature, "(signature (hash sha1 |%s|)|%s|)",
             (char *) digest_b64, (char *) signature_b64);
 
-    _HIP_DEBUG("Sig sequence \n%s\n", cert->signature);
-
     /* Create the public key sequence */
     if (algo == HIP_HI_RSA) {
         /*
@@ -237,18 +225,7 @@
     } else {HIP_IFEL(1 == 0, -1, "Unknown algorithm for public-key element\n");
     }
 
-    _HIP_DEBUG("\n\nPublic-key sequence:\n%s\n\n", cert->public_key);
-    _HIP_DEBUG("\n\nCert sequence:\n%s\n\n", cert->cert);
-    _HIP_DEBUG("\n\nSignature sequence:\n%s\n\n", cert->signature);
-
     /* Put the results into the msg back */
-
-    _HIP_DEBUG("Len public-key (%d) + cert (%d) + signature (%d) = %d\n"
-               "Sizeof hip_cert_spki_info %d\n",
-               strlen(cert->public_key), strlen((char *) cert->cert), 
strlen((char *) cert->signature),
-               (strlen(cert->public_key) + strlen((char *) cert->cert) + 
strlen((char *) cert->signature)),
-               sizeof(struct hip_cert_spki_info));
-
     hip_msg_init(msg);
 
     HIP_IFEL(hip_build_user_hdr(msg, HIP_MSG_CERT_SPKI_SIGN, 0), -1,
@@ -256,8 +233,6 @@
     HIP_IFEL(hip_build_param_cert_spki_info(msg, cert), -1,
              "Failed to build cert_info\n");
 
-    _HIP_DUMP_MSG(msg);
-
 out_err:
 
     /* free malloced memory */
@@ -434,8 +409,6 @@
     HIP_IFEL(!(p_cert = hip_get_param(msg, HIP_PARAM_CERT_SPKI_INFO)),
              -1, "No cert_info struct found\n");
     memcpy(cert, p_cert, sizeof(struct hip_cert_spki_info));
-    _HIP_DEBUG("\n\n** CONTENTS of public key sequence **\n"
-               "%s\n\n", cert->public_key);
 
     /* check the algo DSA or RSA  */
     HIP_DEBUG("Verifying\nRunning regexps to identify algo\n");
@@ -467,17 +440,14 @@
         start = stop = 0;
         HIP_IFEL(hip_cert_regex(e_rule, cert->public_key, &start, &stop), -1,
                  "Failed to run hip_cert_regex (exponent)\n");
-        _HIP_DEBUG("REGEX results from %d to %d\n", start, stop);
         e_hex = malloc(stop - start);
         HIP_IFEL((!e_hex), -1, "Malloc for e_hex failed\n");
         snprintf(e_hex, (stop - start - 1), "%s", (char *) 
&cert->public_key[start + 1]);
-        _HIP_DEBUG("E_HEX %s\n", e_hex);
 
         /* public modulus */
         start       = stop = 0;
         HIP_IFEL(hip_cert_regex(n_rule, cert->public_key, &start, &stop), -1,
                  "Failed to run hip_cert_regex (modulus)\n");
-        _HIP_DEBUG("REGEX results from %d to %d\n", start, stop);
         modulus_b64 = malloc(stop - start + 1);
         HIP_IFEL((!modulus_b64), -1, "Malloc for modulus_b64 failed\n");
         memset(modulus_b64, 0, (stop - start + 1));
@@ -485,7 +455,6 @@
         HIP_IFEL((!modulus), -1, "Malloc for modulus failed\n");
         memset(modulus, 0, (stop - start + 1));
         snprintf((char *) modulus_b64, (stop - start - 1), "%s", (char *) 
&cert->public_key[start + 1]);
-        _HIP_DEBUG("modulus_b64 %s\n", modulus_b64);
 
         /* put the stuff into the RSA struct */
         BN_hex2bn(&rsa->e, e_hex);
@@ -498,13 +467,9 @@
             --keylen;
             keylen = keylen - keylen % 2;
         }
-        _HIP_DEBUG("keylen = %d (%d bits)\n", keylen, keylen * 8);
         signature = malloc(keylen);
         HIP_IFEL((!signature), -1, "Malloc for signature failed.\n");
         rsa->n    = BN_bin2bn(modulus, keylen, 0);
-
-        _HIP_DEBUG("In verification RSA e=%s\n", BN_bn2hex(rsa->e));
-        _HIP_DEBUG("In verification RSA n=%s\n", BN_bn2hex(rsa->n));
     } else if (algo == HIP_HI_DSA) {
         /* malloc space for new dsa */
         dsa = DSA_new();
@@ -516,7 +481,6 @@
         start = stop = 0;
         HIP_IFEL(hip_cert_regex(p_rule, cert->public_key, &start, &stop), -1,
                  "Failed to run hip_cert_regex dsa->p\n");
-        _HIP_DEBUG("REGEX results from %d to %d\n", start, stop);
         p_b64 = malloc(stop - start + 1);
         HIP_IFEL((!p_b64), -1, "Malloc for p_b64 failed\n");
         memset(p_b64, 0, (stop - start + 1));
@@ -524,14 +488,12 @@
         HIP_IFEL((!p_bin), -1, "Malloc for p_bin failed\n");
         memset(p_bin, 0, (stop - start + 1));
         snprintf((char *) p_b64, (stop - start - 1), "%s", (char *) 
&cert->public_key[start + 1]);
-        _HIP_DEBUG("p_b64 %s\n", p_b64);
         evpret = EVP_DecodeBlock(p_bin, p_b64, strlen((char *) p_b64));
 
         /* dsa->q */
         start  = stop = 0;
         HIP_IFEL(hip_cert_regex(q_rule, cert->public_key, &start, &stop), -1,
                  "Failed to run hip_cert_regex dsa->q\n");
-        _HIP_DEBUG("REGEX results from %d to %d\n", start, stop);
         q_b64  = malloc(stop - start + 1);
         HIP_IFEL((!q_b64), -1, "Malloc for q_b64 failed\n");
         memset(q_b64, 0, (stop - start + 1));
@@ -539,14 +501,12 @@
         HIP_IFEL((!q_bin), -1, "Malloc for q_bin failed\n");
         memset(q_bin, 0, (stop - start + 1));
         snprintf((char *) q_b64, (stop - start - 1), "%s", (char *) 
&cert->public_key[start + 1]);
-        _HIP_DEBUG("q_b64 %s\n", q_b64);
         evpret = EVP_DecodeBlock(q_bin, q_b64, strlen((char *) q_b64));
 
         /* dsa->g */
         start  = stop = 0;
         HIP_IFEL(hip_cert_regex(g_rule, cert->public_key, &start, &stop), -1,
                  "Failed to run hip_cert_regex dsa->g\n");
-        _HIP_DEBUG("REGEX results from %d to %d\n", start, stop);
         g_b64  = malloc(stop - start + 1);
         HIP_IFEL((!g_b64), -1, "Malloc for g_b64 failed\n");
         memset(g_b64, 0, (stop - start + 1));
@@ -554,14 +514,12 @@
         HIP_IFEL((!g_bin), -1, "Malloc for g_bin failed\n");
         memset(g_bin, 0, (stop - start + 1));
         snprintf((char *) g_b64, (stop - start - 1), "%s", (char *) 
&cert->public_key[start + 1]);
-        _HIP_DEBUG("g_b64 %s\n", g_b64);
         evpret = EVP_DecodeBlock(g_bin, g_b64, strlen((char *) g_b64));
 
         /* dsa->y */
         start  = stop = 0;
         HIP_IFEL(hip_cert_regex(y_rule, cert->public_key, &start, &stop), -1,
                  "Failed to run hip_cert_regex dsa->y\n");
-        _HIP_DEBUG("REGEX results from %d to %d\n", start, stop);
         y_b64  = malloc(stop - start + 1);
         HIP_IFEL((!y_b64), -1, "Malloc for y_b64 failed\n");
         memset(y_b64, 0, (stop - start + 1));
@@ -569,7 +527,6 @@
         HIP_IFEL((!y_bin), -1, "Malloc for y_bin failed\n");
         memset(y_bin, 0, (stop - start + 1));
         snprintf((char *) y_b64, (stop - start - 1), "%s", (char *) 
&cert->public_key[start + 1]);
-        _HIP_DEBUG("y_b64 %s\n", y_b64);
         evpret = EVP_DecodeBlock(y_bin, y_b64, strlen((char *) y_b64));
     } else {
         HIP_IFEL((1 == 0), -1, "Unknown algorithm\n");
@@ -580,13 +537,11 @@
     HIP_IFEL(!(sha_retval = SHA1((unsigned char *) cert->cert,
                                  strlen((char *) cert->cert), sha_digest)),
              -1, "SHA1 error when creating digest.\n");
-    _HIP_HEXDUMP("SHA1 digest of cert sequence ", sha_digest, 20);
 
     /* Get the signature hash and compare it to the sha_digest we just made */
     start              = stop = 0;
     HIP_IFEL(hip_cert_regex(h_rule, cert->signature, &start, &stop), -1,
              "Failed to run hip_cert_regex (signature hash)\n");
-    _HIP_DEBUG("REGEX results from %d to %d\n", start, stop);
     signature_hash_b64 = malloc(stop - start + 1);
     HIP_IFEL((!signature_hash_b64), -1, "Failed to malloc 
signature_hash_b64\n");
     memset(signature_hash_b64, '\0', (stop - start + 1));
@@ -594,7 +549,6 @@
     HIP_IFEL((!signature_hash), -1, "Failed to malloc signature_hash\n");
     snprintf((char *) signature_hash_b64, (stop - start - 1), "%s",
              (char *) &cert->signature[start + 1]);
-    _HIP_DEBUG("SIG HASH B64 %s\n", signature_hash_b64);
     evpret = EVP_DecodeBlock(signature_hash, signature_hash_b64,
                              strlen((char *) signature_hash_b64));
     HIP_IFEL(memcmp(sha_digest, signature_hash, 20), -1,
@@ -605,19 +559,16 @@
     start         = stop = 0;
     HIP_IFEL(hip_cert_regex(s_rule, cert->signature, &start, &stop), -1,
              "Failed to run hip_cert_regex (signature)\n");
-    _HIP_DEBUG("REGEX results from %d to %d\n", start, stop);
     signature_b64 = malloc(stop - start + 1);
     HIP_IFEL((!signature_b64), -1, "Failed to malloc signature_b64\n");
     memset(signature_b64, '\0', keylen);
     snprintf((char *) signature_b64, (stop - start - 2), "%s", (char *) 
&cert->signature[start + 2]);
-    _HIP_DEBUG("SIG_B64 %s\n", signature_b64);
     if (algo == HIP_HI_DSA) {
         signature = malloc(stop - start + 1);
         HIP_IFEL(!signature, -1, "Failed to malloc signature (dsa)\n");
     }
     evpret = EVP_DecodeBlock(signature, signature_b64,
                              strlen((char *) signature_b64));
-    _HIP_HEXDUMP("SIG\n", signature, keylen);
 
     if (algo == HIP_HI_RSA) {
         /* do the verification */
@@ -627,15 +578,6 @@
         ERR_load_crypto_strings();
         ERR_error_string(e_code, buf);
 
-        _HIP_DEBUG("***********RSA ERROR*************\n");
-        _HIP_DEBUG("RSA_size(rsa) = %d\n", RSA_size(rsa));
-        _HIP_DEBUG("Signature length :%d\n", strlen((char *) signature));
-        _HIP_DEBUG("Error string :%s\n", buf);
-        _HIP_DEBUG("LIB error :%s\n", ERR_lib_error_string(e_code));
-        _HIP_DEBUG("func error :%s\n", ERR_func_error_string(e_code));
-        _HIP_DEBUG("Reason error :%s\n", ERR_reason_error_string(e_code));
-        _HIP_DEBUG("***********RSA ERROR*************\n");
-
         /* RSA_verify returns 1 if success. */
         cert->success = err == 1 ? 0 : -1;
         HIP_IFEL((err = err == 1 ? 0 : -1), -1, "RSA_verify error\n");
@@ -664,8 +606,6 @@
     HIP_IFEL(hip_build_param_cert_spki_info(msg, cert), -1,
              "Failed to build cert_info\n");
 
-    _HIP_DUMP_MSG(msg);
-
 out_err:
     if (signature_hash_b64) {
         free(signature_hash_b64);
@@ -794,8 +734,6 @@
         extlist = sk_X509_EXTENSION_new_null();
         for (i = 0; i < sk_CONF_VALUE_num(sec_general); i++) {
             item = (void *) sk_CONF_VALUE_value(sec_general, i);
-            _HIP_DEBUG("Sec: %s, Key; %s, Val %s\n",
-                       item->section, item->name, item->value);
             if (!strcmp(item->name, "issuerhit")) {
                 strcpy(issuer_hit, item->value);
                 ret = inet_pton(AF_INET6, item->value, issuer_hit_n);
@@ -827,10 +765,8 @@
     /* Get the subject hit from msg */
     HIP_IFEL(!(subject = hip_get_param(msg, HIP_PARAM_CERT_X509_REQ)),
              -1, "No cert_info struct found\n");
-    _HIP_DEBUG_HIT("Subject", &subject->addr);
     HIP_IFEL((!inet_ntop(AF_INET6, &subject->addr, subject_hit, 
sizeof(subject_hit))),
              -1, "Failed to convert subject hit to presentation format\n");
-    _HIP_DEBUG("Subject HIT is %s (id for commonName = %d)\n", subject_hit, 
nid);
     HIP_IFEL(!(subj = X509_NAME_new()), -1, "Failed to set create subject 
name");
     nid = OBJ_txt2nid("commonName");
     HIP_IFEL((nid == NID_undef), -1, "NID text not defined\n");
@@ -849,8 +785,6 @@
         extlist = sk_X509_EXTENSION_new_null();
         for (i = 0; i < sk_CONF_VALUE_num(sec_ext); i++) {
             item = (void *) sk_CONF_VALUE_value(sec_ext, i);
-            _HIP_DEBUG("Sec: %s, Key; %s, Val %s\n",
-                       item->section, item->name, item->value);
             HIP_IFEL(!(ext = X509V3_EXT_conf(NULL, &ctx,
                                              item->name, item->value )), -1,
                      "Failed to create extension\n");
@@ -905,13 +839,9 @@
         HIP_IFEL(1 == 0, -1, "Unknown algorithm\n");
     }
 
-    X509V3_set_ctx(&ctx, cert, cert, NULL, NULL, 0);
-
     if (sec_ext != NULL) {
         for (i = 0; i < sk_CONF_VALUE_num(sec_ext); i++) {
             item = (void *) sk_CONF_VALUE_value(sec_ext, i);
-            _HIP_DEBUG("Sec: %s, Key; %s, Val %s\n",
-                       item->section, item->name, item->value);
             /*
              * Skip issuerAltName and subjectAltName because
              * HITs use them already. Skip also basicConstraint =
@@ -994,8 +924,6 @@
     /** DER */
     HIP_IFEL(((der_cert_len = i2d_X509(cert, &der_cert)) < 0), -1,
              "Failed to convert cert to DER\n");
-    _HIP_HEXDUMP("DER:\n", der_cert, der_cert_len);
-    _HIP_DEBUG("DER length %d\n", der_cert_len);
     /** end DER */
 
     hip_msg_init(msg);
@@ -1004,7 +932,6 @@
              "Failed to build user header\n");
     HIP_IFEL(hip_build_param_cert_x509_resp(msg, (char *) der_cert, 
der_cert_len), -1,
              "Failed to create x509 response parameter\n");
-    _HIP_DUMP_MSG(msg);
 
 out_err:
     if (host_id) {
@@ -1050,7 +977,6 @@
     OpenSSL_add_all_algorithms();
     ERR_load_crypto_strings();
 
-    _HIP_DUMP_MSG(msg);
     memset(&verify, 0, sizeof(struct hip_cert_x509_resp));
     HIP_IFEL(!(p = hip_get_param(msg, HIP_PARAM_CERT_X509_REQ)), -1,
              "Failed to get cert info from the msg\n");
@@ -1058,9 +984,6 @@
 
     der_cert = (unsigned char *) &p->der;
 
-    _HIP_HEXDUMP("DER:\n", verify.der, verify.der_len);
-    _HIP_DEBUG("DER length %d\n", verify.der_len);
-
     vessel = &der_cert;
     HIP_IFEL(((cert = d2i_X509(NULL, (const unsigned char **) vessel, 
verify.der_len)) == NULL), -1,
              "Failed to convert cert from DER to internal format\n");
@@ -1098,7 +1021,6 @@
     HIP_IFEL(hip_build_param_cert_x509_resp(msg, (char *) &der_cert, 
p->der_len), -1,
              "Failed to create x509 response parameter\n");
 
-    _HIP_DUMP_MSG(msg);
 out_err:
     X509_STORE_CTX_cleanup(verify_ctx);
     if (store) {

=== modified file 'hipd/cookie.c'
--- hipd/cookie.c       2010-04-16 18:42:51 +0000
+++ hipd/cookie.c       2010-05-22 12:37:40 +0000
@@ -43,7 +43,6 @@
 
     diff = hip_get_cookie_difficulty(NULL);
 
-    _HIP_DEBUG("Puzzle difficulty is %d\n", diff);
     hip_build_param_contents(msg, &diff, HIP_PARAM_INT, sizeof(diff));
 
     return err;
@@ -345,14 +344,6 @@
 
     puzzle = hip_get_param(result->r1, HIP_PARAM_PUZZLE);
     HIP_IFEL(!puzzle, -1, "Internal error: could not find the cookie\n");
-
-    _HIP_HEXDUMP("opaque in solution", solution->opaque,
-                 HIP_PUZZLE_OPAQUE_LEN);
-    _HIP_HEXDUMP("Copaque in result", result->Copaque,
-                 HIP_PUZZLE_OPAQUE_LEN);
-    _HIP_HEXDUMP("opaque in puzzle", puzzle->opaque,
-                 HIP_PUZZLE_OPAQUE_LEN);
-
     HIP_IFEL(memcmp(solution->opaque, puzzle->opaque,
                     HIP_PUZZLE_OPAQUE_LEN), -1,
              "Received cookie opaque does not match the sent opaque\n");
@@ -360,13 +351,6 @@
     HIP_DEBUG("Solution's I (0x%llx), sent I (0x%llx)\n",
               solution->I, puzzle->I);
 
-    _HIP_HEXDUMP("opaque in solution", solution->opaque,
-                 HIP_PUZZLE_OPAQUE_LEN);
-    _HIP_HEXDUMP("opaque in result", result->Copaque,
-                 HIP_PUZZLE_OPAQUE_LEN);
-    _HIP_HEXDUMP("opaque in puzzle", puzzle->opaque,
-                 HIP_PUZZLE_OPAQUE_LEN);
-
     if (solution->K != puzzle->K) {
         HIP_INFO("Solution's K (%d) does not match sent K (%d)\n",
                  solution->K, puzzle->K);

=== modified file 'hipd/dh.c'
--- hipd/dh.c   2010-04-09 16:24:44 +0000
+++ hipd/dh.c   2010-05-22 12:37:40 +0000
@@ -53,8 +53,6 @@
         goto err_free;
     }
 
-    _HIP_HEXDUMP("DH public key: ", buffer, res);
-
 err_free:
     return res;
 }
@@ -88,7 +86,6 @@
 
     if (dh_table[group_id] == NULL) {
         tmp                = hip_generate_dh_key(group_id);
-        _HIP_DEBUG("Generating key\n");
         dh_table[group_id] = tmp;
 
         if (dh_table[group_id] == NULL) {
@@ -104,9 +101,6 @@
         return -1;
     }
 
-    _HIP_HEXDUMP("Peer DH pubkey", public_value, len);
-    _HIP_HEXDUMP("Shared key", buffer, bufsize);
-
     return err;
 }
 

=== modified file 'hipd/esp_prot_hipd_msg.c'
--- hipd/esp_prot_hipd_msg.c    2010-04-16 18:50:27 +0000
+++ hipd/esp_prot_hipd_msg.c    2010-05-22 12:37:40 +0000
@@ -516,8 +516,6 @@
         HIP_DEBUG("userspace IPsec hint: esp protection extension UNUSED, 
skip\n");
     }
 
-    _HIP_DUMP_MSG(msg);
-
 out_err:
     return err;
 }

=== modified file 'hipd/hadb.c'
--- hipd/hadb.c 2010-05-16 21:02:09 +0000
+++ hipd/hadb.c 2010-05-22 12:37:40 +0000
@@ -171,7 +171,6 @@
 {
     hip_lsi_t aux;
     //Assign value to lsi_our searching in hidb by the correspondent hit
-    _HIP_DEBUG("hip_hadb_set_lsi_pair\n");
     if (entry) {
         hip_hidb_get_lsi_by_hit(&entry->hit_our, &entry->lsi_our);
         //Assign lsi_peer
@@ -179,7 +178,6 @@
             hip_generate_peer_lsi(&aux);
         }
         memcpy(&entry->lsi_peer, &aux, sizeof(hip_lsi_t));
-        _HIP_DEBUG_LSI("entry->lsi_peer is ", &entry->lsi_peer);
     }
 }
 
@@ -244,7 +242,6 @@
     hip_get_default_hit(&our_hit);
 
     if ((entry = hip_hadb_find_byhits(hit, &our_hit))) {
-        _HIP_DEBUG_HIT("Returning default HIT", our_hit);
         return entry;
     }
 
@@ -253,8 +250,6 @@
     {
         e     = (struct hip_host_id_entry *) list_entry(item);
         ipv6_addr_copy(&our_hit, &e->lhi.hit);
-        _HIP_DEBUG_HIT("try_to_find_by_peer_hit:", &our_hit);
-        _HIP_DEBUG_HIT("hit:", hit);
         entry = hip_hadb_find_byhits(hit, &our_hit);
         if (!entry) {
             continue;
@@ -435,7 +430,6 @@
         HIP_DEBUG("hip_hadb_create_state\n");
         entry                             = hip_hadb_create_state(0);
         HIP_IFEL(!entry, -1, "Unable to create a new entry");
-        _HIP_DEBUG("created a new sdb entry\n");
 
         entry->peer_addr_list_to_be_added =
             hip_ht_init(hip_hash_peer_addr, hip_match_peer_addr);
@@ -622,7 +616,6 @@
     hip_lsi_t *lsi       = NULL;
     char *peer_hostname  = NULL;
     int err              = 0;
-    _HIP_HEXDUMP("packet", input,  hip_get_msg_total_len(input));
 
     hit           = (struct in6_addr *)
                     hip_get_param_contents(input, HIP_PARAM_HIT);
@@ -652,9 +645,6 @@
 
     err = hip_hadb_add_peer_info(hit, ip, lsi, peer_hostname);
 
-    _HIP_DEBUG_HIT("hip_add_map_info peer's real hit=", hit);
-    _HIP_ASSERT(hit_is_opportunistic_hit(hit));
-
     if (err) {
         HIP_ERROR("Failed to insert peer map (%d)\n", err);
         goto out_err;
@@ -992,8 +982,6 @@
 
     entry->dh_shared_key_len = ctx->dh_shared_key_len;
     memcpy(entry->dh_shared_key, ctx->dh_shared_key, entry->dh_shared_key_len);
-    _HIP_HEXDUMP("Entry DH SHARED", entry->dh_shared_key, 
entry->dh_shared_key_len);
-    _HIP_HEXDUMP("Entry Kn", entry->current_keymat_K, HIP_AH_SHA_LEN);
     return err;
 
 out_err:
@@ -1491,7 +1479,6 @@
     list_for_each_safe(item, tmp, hadb_hit, i)
     {
         this = (hip_ha_t *) list_entry(item);
-        _HIP_DEBUG("list_for_each_safe\n");
         /* @todo: lock ha when we have threads */
         fail = func(this, opaque);
         /* @todo: unlock ha when we have threads */
@@ -1565,8 +1552,6 @@
                     &hid.heartbeats_mean, &hid.heartbeats_variance, 
STATS_IN_MSECS);
     hid.heartbeats_sent     = entry->heartbeats_sent;
 
-    _HIP_HEXDUMP("HEXHID ", &hid, sizeof(struct hip_hadb_user_info_state));
-
     hid.nat_udp_port_peer  = entry->peer_udp_port;
     hid.nat_udp_port_local = entry->local_udp_port;
 
@@ -1586,8 +1571,6 @@
         HIP_ERROR("Building ha info failed\n");
     }
 
-    _HIP_HEXDUMP("HEXHID ", &hid, sizeof(struct hip_hadb_user_info_state));
-
     return err;
 }
 
@@ -1648,7 +1631,6 @@
     list_for_each_safe(item, tmp, hadb_hit, i)
     {
         this = (hip_ha_t *) list_entry(item);
-        _HIP_DEBUG("List_for_each_entry_safe\n");
         /* @todo: lock ha when we have threads */
         if ((ipv6_addr_cmp(local_hit, &this->hit_our) == 0) &&
             (ipv6_addr_cmp(rvs_ip, &this->peer_addr) == 0)) {
@@ -1766,8 +1748,6 @@
     } while (lsi_assigned(lsi_prefix) ||
              !hip_map_lsi_to_hostname_from_hosts(lsi, (char *) hostname));
 
-    _HIP_DEBUG_LSI("lsi free final value is ", &lsi_prefix);
-
     *lsi = lsi_prefix;
     return 0;
 }

=== modified file 'hipd/hadb_legacy.c'
--- hipd/hadb_legacy.c  2010-05-16 17:58:14 +0000
+++ hipd/hadb_legacy.c  2010-05-22 12:37:40 +0000
@@ -44,7 +44,6 @@
         peer_addr_list_item = (struct hip_peer_addr_list_item *) 
list_entry(item);
 
         if (!ipv6_addr_cmp(&peer_addr_list_item->address, addr)) {
-            _HIP_DEBUG("found\n");
             if (lifetime) {
                 *lifetime = peer_addr_list_item->lifetime;
             }
@@ -60,7 +59,6 @@
         i++;
     }
 
-    _HIP_DEBUG("not found\n");
     return 0;
 }
 
@@ -82,7 +80,6 @@
     {
         peer_addr_list_item = (struct hip_peer_addr_list_item *) 
list_entry(item);
         if (!ipv6_addr_cmp(&peer_addr_list_item->address, addr)) {
-            _HIP_DEBUG("deleting address\n");
             list_del(item, ha->peer_addresses_old);
             free(item);
             /* if address is on more than one spi list then do not goto out */

=== modified file 'hipd/heartbeat.c'
--- hipd/heartbeat.c    2010-05-21 10:34:45 +0000
+++ hipd/heartbeat.c    2010-05-22 12:37:40 +0000
@@ -53,8 +53,6 @@
     }
 
     ha->update_trigger_on_heartbeat_counter++;
-    _HIP_DEBUG("Trigger count %d/%d\n", 
ha->update_trigger_on_heartbeat_counter,
-               HIP_ADDRESS_CHANGE_HB_COUNT_TRIGGER * hip_icmp_interval);
 
     if (ha->update_trigger_on_heartbeat_counter <
         HIP_ADDRESS_CHANGE_HB_COUNT_TRIGGER * hip_icmp_interval) {
@@ -101,7 +99,6 @@
 
     if (entry->state == HIP_STATE_ESTABLISHED) {
         if (entry->outbound_sa_count > 0) {
-            _HIP_DEBUG("list_for_each_safe\n");
             HIP_IFEL(hip_send_icmp(*sockfd, entry), 0,
                      "Error sending heartbeat, ignore\n");
         } else {
@@ -181,10 +178,8 @@
     mhdr.msg_controllen = sizeof(cmsgbuf);
 
     ret                 = recvmsg(sockfd, &mhdr, MSG_DONTWAIT);
-    _HIP_PERROR("RECVMSG ");
     if (errno == EAGAIN) {
         err = 0;
-        _HIP_DEBUG("Asynchronous, maybe next time\n");
         goto out_err;
     }
     if (ret < 0) {

=== modified file 'hipd/hidb.c'
--- hipd/hidb.c 2010-05-17 22:11:11 +0000
+++ hipd/hidb.c 2010-05-22 12:37:40 +0000
@@ -195,9 +195,6 @@
     int c;
     list_for_each(item, db, c) {
         id_entry = (struct hip_host_id_entry *) list_entry(item);
-        _HIP_DEBUG("ALGO VALUE :%d, algo value of id entry :%d\n",
-                   algo, hip_get_host_id_algo(id_entry->host_id));
-        _HIP_DEBUG_HIT("Comparing HIT", &id_entry->lhi.hit);
 
         if ((hit == NULL || !ipv6_addr_cmp(&id_entry->lhi.hit, hit)) &&
             (algo == HIP_ANY_ALGO ||
@@ -297,10 +294,7 @@
 
     HIP_WRITE_LOCK_DB(db);
 
-    _HIP_HEXDUMP("adding host id", &lhi->hit, sizeof(struct in6_addr));
-
     HIP_ASSERT(&lhi->hit != NULL);
-    _HIP_DEBUG("host id algo:%d \n", hip_get_host_id_algo(host_id));
     HIP_IFEL(!(id_entry = malloc(sizeof(struct hip_host_id_entry))),
              -ENOMEM, "No memory available for host id\n");
     memset(id_entry, 0, sizeof(struct hip_host_id_entry));
@@ -411,9 +405,6 @@
 
         host_identity = &eid_endpoint->endpoint.id.host_id;
 
-        _HIP_HEXDUMP("host id\n", host_identity,
-                     hip_get_param_total_len(host_identity));
-
         HIP_IFEL(hip_private_host_id_to_hit(host_identity, &lhi.hit,
                                             HIP_HIT_TYPE_HASH100),
                  -EFAULT, "Host id to hit conversion failed\n");
@@ -574,8 +565,6 @@
 
     /** @todo check some value in the RSA key? */
 
-    _HIP_HEXDUMP("HOSTID...", tmp, hip_get_param_total_len(tmp));
-
     hip_get_rsa_keylen(tmp, &keylen, 1);
     rsa_pub_len    = keylen.e_len + keylen.e + keylen.n;
 
@@ -640,7 +629,6 @@
 
         if (!used_lsi) {
             memcpy(&id_entry->lsi, &lsi_aux, sizeof(hip_lsi_t));
-            _HIP_DEBUG("LSI assigned:%s\n", inet_ntoa(id_entry->lsi));
             break;
         }
     }
@@ -831,7 +819,6 @@
     }
 
     HIP_IFE(hip_build_param(msg, hi_public), -1);
-    _HIP_DUMP_MSG(msg);
 
     alg = hip_get_host_id_algo(hi_public);
     switch (alg) {
@@ -846,8 +833,6 @@
         break;
     }
 
-    _HIP_DUMP_MSG(msg);
-
 out_err:
     if (hi_public) {
         free(hi_public);

=== modified file 'hipd/hipd.c'
--- hipd/hipd.c 2010-05-18 11:19:26 +0000
+++ hipd/hipd.c 2010-05-22 12:37:40 +0000
@@ -384,7 +384,6 @@
             goto to_maintenance;
         } else if (err == 0) {
             /* idle cycle - select() timeout */
-            _HIP_DEBUG("Idle.\n");
             goto to_maintenance;
         }
 

=== modified file 'hipd/hiprelay.c'
--- hipd/hiprelay.c     2010-04-16 18:43:56 +0000
+++ hipd/hiprelay.c     2010-05-22 12:37:40 +0000
@@ -957,7 +957,6 @@
         lineerr  = hip_cf_get_line_data(fp, parameter, &values, &parseerr);
 
         if (parseerr == 0) {
-            _HIP_DEBUG("param: '%s'\n", parameter);
             hip_configfilevalue_t *current = NULL;
             if (strcmp(parameter, "whitelist_enabled") == 0) {
                 current = hip_cvl_get_next(&values, current);
@@ -1217,7 +1216,6 @@
               hip_get_param(source_msg, HIP_PARAM_VIA_RVS);
 
     if (!via_rvs) {
-        _HIP_DEBUG("No VIA_RVS parameter.");
         return -1;
     }
 

=== modified file 'hipd/init.c'
--- hipd/init.c 2010-05-21 10:36:58 +0000
+++ hipd/init.c 2010-05-22 12:37:40 +0000
@@ -80,7 +80,6 @@
     /* Get child process status, so it wont be left as zombie for long time. */
     while ((pid = wait3(&status, WNOHANG, 0)) > 0) {
         /* Maybe do something.. */
-        _HIP_DEBUG("Child quit with pid %d\n", pid);
     }
 }
 

=== modified file 'hipd/input.c'
--- hipd/input.c        2010-05-17 22:11:11 +0000
+++ hipd/input.c        2010-05-22 12:37:40 +0000
@@ -117,10 +117,6 @@
     len           = (uint8_t *) hmac - (uint8_t *) msg;
     hip_set_msg_total_len(msg, len);
 
-    _HIP_HEXDUMP("HMAC key", crypto_key->key,
-                 hip_hmac_key_length(HIP_ESP_AES_SHA1));
-    _HIP_HEXDUMP("HMACced data:", msg, len);
-
     memcpy(&tmpkey, crypto_key, sizeof(tmpkey));
     HIP_IFEL(hip_verify_hmac(msg, hip_get_msg_total_len(msg),
                              hmac->hmac_data, tmpkey.key,
@@ -182,7 +178,6 @@
     struct hip_common *msg_copy = NULL;
     int err                     = 0;
 
-    _HIP_DEBUG("hip_verify_packet_hmac2() invoked.\n");
     HIP_IFE(!(msg_copy = hip_msg_alloc()), -ENOMEM);
 
     HIP_IFEL(hip_create_msg_pseudo_hmac2(msg, msg_copy, host_id), -1,
@@ -235,7 +230,6 @@
     struct hip_diffie_hellman *dhf;
     struct in6_addr *plain_local_hit = NULL;
 
-    _HIP_DEBUG("hip_produce_keying_material() invoked.\n");
     /* Perform light operations first before allocating memory or
      * using lots of CPU time */
     HIP_IFEL(!(param = hip_get_param(msg, HIP_PARAM_HIP_TRANSFORM)),
@@ -317,9 +311,6 @@
     /* If the message has two DH keys, select (the stronger, usually) one. */
     *dhpv = hip_dh_select_key(dhf);
 
-    _HIP_DEBUG("dhpv->group_id= %d\n", (*dhpv)->group_id);
-    _HIP_DEBUG("dhpv->pub_len= %d\n", ntohs((*dhpv)->pub_len));
-
 #ifdef CONFIG_HIP_PERFORMANCE
     HIP_DEBUG("Start PERF_DH_CREATE\n");
     hip_perf_start_benchmark(perf_set, PERF_DH_CREATE);
@@ -331,11 +322,6 @@
                   dh_shared_len)) < 0,
              -EINVAL, "Calculation of shared secret failed.\n");
 
-    _HIP_HEXDUMP("Diffie-Hellman shared parameter:\n", param,
-                 hip_get_param_total_len(param));
-    _HIP_HEXDUMP("Diffie-Hellman shared key:\n", dh_shared_key,
-                 dh_shared_len);
-
 #ifdef CONFIG_HIP_BLIND
     {
         hip_ha_t *blind_entry;
@@ -435,8 +421,6 @@
                 hip_transf_length);
     HIP_HEXDUMP("HIP-gl integrity (HMAC) key:", &ctx->hip_hmac_out.key,
                 hmac_transf_length);
-    _HIP_DEBUG("skipping HIP-lg encryption key, %u bytes\n",
-               hip_transf_length);
     HIP_HEXDUMP("HIP-lg encryption:", &ctx->hip_enc_in.key,
                 hip_transf_length);
     HIP_HEXDUMP("HIP-lg integrity (HMAC) key:", &ctx->hip_hmac_in.key,
@@ -458,11 +442,6 @@
     memcpy(ctx->current_keymat_K,
            keymat + (ctx->keymat_calc_index - 1) * HIP_AH_SHA_LEN, 
HIP_AH_SHA_LEN);
 
-    _HIP_DEBUG("ctx: keymat_calc_index=%u current_keymat_index=%u\n",
-               ctx->keymat_calc_index, ctx->current_keymat_index);
-    _HIP_HEXDUMP("CTX CURRENT KEYMAT", ctx->current_keymat_K,
-                 HIP_AH_SHA_LEN);
-
     /* store DH shared key */
     ctx->dh_shared_key     = dh_shared_key;
     ctx->dh_shared_key_len = dh_shared_len;
@@ -558,7 +537,6 @@
      * printing packet data here works for all packets. To avoid excessive
      * debug printing do not print this information inside the individual
      * receive or handle functions. */
-    _HIP_DEBUG("hip_receive_control_packet() invoked.\n");
     HIP_DEBUG_IN6ADDR("Source IP", src_addr);
     HIP_DEBUG_IN6ADDR("Destination IP", dst_addr);
     HIP_DEBUG_HIT("HIT Sender", &msg->hits);
@@ -858,8 +836,6 @@
     int err                       = 0, type;
     struct in6_addr *saddr_public = saddr;
 
-    _HIP_DEBUG("hip_nat_receive_udp_control_packet() invoked.\n");
-
     type  = hip_get_msg_type(msg);
     entry = hip_hadb_find_byhits(&msg->hits, &msg->hitr);
 
@@ -916,8 +892,6 @@
     uint16_t mask = 0;
     uint32_t spi_in = 0;
 
-    _HIP_DEBUG("hip_create_i2() invoked.\n");
-
     HIP_DEBUG("R1 source port %u, destination port %d\n",
               r1_info->src_port, r1_info->dst_port);
 
@@ -1060,9 +1034,6 @@
                    -1,
                    "Unknown HIT\n");
 
-        _HIP_DEBUG("This HOST ID belongs to: %s\n",
-                   hip_get_param_host_id_hostname(host_id_entry->host_id));
-
         HIP_IFEL(hip_build_param(i2, host_id_entry->host_id),
                  -1,
                  "Building of host id failed\n");
@@ -1109,16 +1080,9 @@
             }
         }
 
-        _HIP_HEXDUMP("hostidinmsg", host_id_in_enc,
-                     hip_get_param_total_len(host_id_in_enc));
-        _HIP_HEXDUMP("encinmsg", enc_in_msg,
-                     hip_get_param_total_len(enc_in_msg));
         HIP_HEXDUMP("enc key", &ctx->hip_enc_out.key, HIP_MAX_KEY_LEN);
-        _HIP_HEXDUMP("IV", iv, 16);         // or 8
         HIP_DEBUG("host id type: %d\n",
                   hip_get_host_id_algo((struct hip_host_id *) host_id_in_enc));
-        _HIP_HEXDUMP("hostidinmsg 2", host_id_in_enc, x);
-
 
         HIP_IFEL(hip_crypto_encrypted(host_id_in_enc, iv,
                                       transform_hip_suite,
@@ -1126,10 +1090,6 @@
                                       ctx->hip_enc_out.key,
                                       HIP_DIRECTION_ENCRYPT), -1,
                  "Building of param encrypted failed\n");
-
-        _HIP_HEXDUMP("encinmsg 2", enc_in_msg,
-                     hip_get_param_total_len(enc_in_msg));
-        _HIP_HEXDUMP("hostidinmsg 2", host_id_in_enc, x);
     }
 
     /* Now that almost everything is set up except the signature, we can
@@ -1310,8 +1270,6 @@
     struct hip_locator *locator      = NULL;
     /** A function set for NAT travelsal. */
 
-    _HIP_DEBUG("hip_handle_r1() invoked.\n");
-
     if (entry->state == HIP_STATE_I2_SENT) {
         HIP_DEBUG("Retransmission\n");
         retransmission = 1;
@@ -1595,7 +1553,6 @@
     uint16_t mask    = 0;
     uint32_t spi_in  = 0;
 
-    _HIP_DEBUG("hip_create_r2() invoked.\n");
     /* Assume already locked entry */
     i2 = ctx->input;
 
@@ -1687,9 +1644,6 @@
     /* Create HMAC2 parameter. */
     if (entry->our_pub == NULL) {
         HIP_DEBUG("entry->our_pub is NULL.\n");
-    } else {
-        _HIP_HEXDUMP("Host ID for HMAC2", entry->our_pub,
-                     hip_get_param_total_len(entry->our_pub));
     }
 
     memcpy(&hmac, &entry->hip_hmac_out, sizeof(hmac));
@@ -1758,7 +1712,6 @@
      * because we want to to complete the base exchange successfully */
     /* for ICE , we do not need it*/
     if (hip_icmp_interval > 0) {
-        _HIP_DEBUG("icmp sock %d\n", hip_icmp_sock);
         hip_send_icmp(hip_icmp_sock, entry);
     }
 
@@ -1843,8 +1796,6 @@
     HIP_INFO_HIT("Source HIT:", &i2->hits);
     HIP_INFO_IN6ADDR("Source IP :", i2_saddr);
 
-    _HIP_DEBUG("hip_handle_i2() invoked.\n");
-
     /* The context structure is used to gather the context created from
      * processing the I2 packet, as well as storing the original packet.
      * From the context struct we can then access the I2 in hip_create_r2()
@@ -2448,7 +2399,6 @@
 {
     int state     = 0, err = 0;
     uint16_t mask = HIP_PACKET_CTRL_ANON;
-    _HIP_DEBUG("hip_receive_i2() invoked.\n");
 
     HIP_IFEL(ipv6_addr_any(&i2->hitr), 0,
              "Received NULL receiver HIT in I2. Dropping\n");
@@ -2936,8 +2886,6 @@
 {
     int err = 0, state, mask = 0, src_hit_is_our;
 
-    _HIP_DEBUG("hip_receive_i1() invoked.\n");
-
 #ifdef CONFIG_HIP_BLIND
     if (hip_blind_get_status()) {
         mask |= HIP_PACKET_CTRL_BLIND;
@@ -3059,8 +3007,6 @@
     int err       = 0, state;
     uint16_t mask = 0;
 
-    _HIP_DEBUG("hip_receive_r2() invoked.\n");
-
     HIP_IFEL(ipv6_addr_any(&hip_common->hitr), -1,
              "Received NULL receiver HIT in R2. Dropping\n");
 
@@ -3146,8 +3092,6 @@
      * OPTIONAL. If processed, any errors in a received NOTIFICATION parameter
      * SHOULD be logged. */
 
-    _HIP_DEBUG("hip_receive_notify() invoked.\n");
-
     /* Loop through all the parameters in the received I1 packet. */
     while ((current_param =
                 hip_get_next_param(notify, current_param)) != NULL) {
@@ -3309,8 +3253,6 @@
     int err       = 0;
     uint16_t mask = HIP_PACKET_CTRL_ANON, notify_controls = 0;
 
-    _HIP_DEBUG("hip_receive_notify() invoked.\n");
-
     HIP_IFEL(entry == NULL, -EFAULT,
              "Received a NOTIFY packet from an unknown sender, ignoring " \
              "the packet.\n");

=== modified file 'hipd/input.h'
--- hipd/input.h        2010-05-16 21:02:09 +0000
+++ hipd/input.h        2010-05-22 12:37:40 +0000
@@ -43,7 +43,6 @@
  */
 static inline int hip_controls_sane(uint16_t controls, uint16_t legal)
 {
-    _HIP_DEBUG("hip_controls_sane() invoked.\n");
     return ((controls & HIP_PACKET_CTRL_ANON) | legal) == legal;
 }
 

=== modified file 'hipd/keymat.c'
--- hipd/keymat.c       2010-05-17 22:11:11 +0000
+++ hipd/keymat.c       2010-05-22 12:37:40 +0000
@@ -65,8 +65,6 @@
     *(cur) = 1;
     cur   += sizeof(uint8_t);
 
-    _HIP_HEXDUMP("beginning of keymat", buffer, cur - buffer);
-
     return buffer;
 }
 
@@ -122,7 +120,6 @@
         return;
     }
 
-    _HIP_ASSERT(dstbuflen % 32 == 0);
     HIP_ASSERT(sizeof(index_nbr) == HIP_KEYMAT_INDEX_NBR_SIZE);
 
     hit1_is_bigger = hip_hit_is_bigger(hit1, hit2);
@@ -130,13 +127,6 @@
     bigger_hit     =  hit1_is_bigger ? hit1 : hit2;
     smaller_hit    = hit1_is_bigger ? hit2 : hit1;
 
-    _HIP_HEXDUMP("kij", kij, kij_len);
-    _HIP_DEBUG("I=0x%llx J=0x%llx\n", I, J);
-    _HIP_HEXDUMP("bigger hit", bigger_hit, 16);
-    _HIP_HEXDUMP("smaller hit", smaller_hit, 16);
-    _HIP_HEXDUMP("index_nbr", (char *) &index_nbr,
-                 HIP_KEYMAT_INDEX_NBR_SIZE);
-
     shabuffer = hip_create_keymat_buffer(kij, kij_len, HIP_AH_SHA_LEN,
                                          smaller_hit, bigger_hit, I, J);
     if (!shabuffer) {
@@ -150,8 +140,6 @@
     // XX FIXME: is this correct
     hip_build_digest(HIP_DIGEST_SHA1, shabuffer, bufsize, dstbuf);
 
-    _HIP_HEXDUMP("keymat digest", dstbuf, HIP_AH_SHA_LEN);
-
     dstoffset = HIP_AH_SHA_LEN;
     index_nbr++;
 
@@ -185,8 +173,6 @@
         HIP_ERROR("NULL calc_index\n");
     }
 
-    _HIP_DEBUG("keymat index_nbr=%u\n", index_nbr);
-    _HIP_HEXDUMP("GENERATED KEYMAT: ", dstbuf, dstbuflen);
     if (shabuffer) {
         free(shabuffer);
     }
@@ -257,10 +243,7 @@
     entry->current_keymat_index = new_keymat_index;
     entry->keymat_calc_index    = new_calc_index;
     entry->esp_keymat_index     = esp_keymat_index;
-    _HIP_DEBUG("New Entry keymat data: current_keymat_index=%u 
keymat_calc_index=%u\n",
-               entry->current_keymat_index, entry->keymat_calc_index);
     if (new_current_keymat) {
         memcpy(entry->current_keymat_K, new_current_keymat, HIP_AH_SHA_LEN);
-        _HIP_HEXDUMP("new_current_keymat", new_current_keymat, HIP_AH_SHA_LEN);
     }
 }

=== modified file 'hipd/maintenance.c'
--- hipd/maintenance.c  2010-05-17 22:11:11 +0000
+++ hipd/maintenance.c  2010-05-22 12:37:40 +0000
@@ -63,17 +63,8 @@
         goto out_err;
     }
 
-    _HIP_DEBUG("Time to retrans: %d Retrans count: %d State: %s\n",
-               entry->hip_msg_retrans.last_transmit + HIP_RETRANSMIT_WAIT - 
*now,
-               entry->hip_msg_retrans.count, hip_state_str(entry->state));
-
-    _HIP_DEBUG_HIT("hit_peer", &entry->hit_peer);
-    _HIP_DEBUG_HIT("hit_our", &entry->hit_our);
-
     /* check if the last transmision was at least RETRANSMIT_WAIT seconds ago 
*/
     if (*now - HIP_RETRANSMIT_WAIT > entry->hip_msg_retrans.last_transmit) {
-        _HIP_DEBUG("%d %d %d\n", entry->hip_msg_retrans.count,
-                   entry->state, entry->retrans_state);
         if ((entry->hip_msg_retrans.count > 0) && entry->hip_msg_retrans.buf &&
             ((entry->state != HIP_STATE_ESTABLISHED && entry->retrans_state != 
entry->state) ||
              (entry->update_state != 0 && entry->retrans_state != 
entry->update_state) ||
@@ -395,7 +386,6 @@
     calc_statistics(&entry->heartbeats_statistics, &rcvd_heartbeats, NULL, 
NULL, &avg,
                     &std_dev, STATS_IN_MSECS);
 
-    _HIP_DEBUG("Reset heartbeat timer to trigger UPDATE\n");
     entry->update_trigger_on_heartbeat_counter = 0;
 
     HIP_DEBUG("\nHeartbeat from %s, RTT %.6f ms,\n%.6f ms mean, "

=== modified file 'hipd/nat.c'
--- hipd/nat.c  2010-04-09 16:24:44 +0000
+++ hipd/nat.c  2010-05-22 12:37:40 +0000
@@ -127,11 +127,6 @@
 
     HIP_IFEL(!(msg = hip_msg_alloc()), -1, "Alloc\n");
 
-    _HIP_DEBUG("hip_nat_send_keep_alive() invoked.\n");
-    _HIP_DEBUG("entry @ %p, entry->nat_mode %d.\n",
-               entry, entry->nat_mode);
-    _HIP_DEBUG_HIT("&entry->hit_our", &entry->hit_our);
-
     /* Check that the host association is in correct state and that there is
      * a NAT between this host and the peer. Note, that there is no error
      * (err is set to zero) if the condition does not hold. We just don't

=== modified file 'hipd/netdev.c'
--- hipd/netdev.c       2010-05-21 10:36:58 +0000
+++ hipd/netdev.c       2010-05-22 12:37:40 +0000
@@ -201,9 +201,6 @@
 
         HIP_DEBUG("IPv6 address to filter is %s.\n", s);
 
-        _HIP_DEBUG("Address is%san Teredo address\n",
-                   ipv6_addr_is_teredo(a_in6) == 1 ? " " : " not ");
-
         if (suppress_af_family == AF_INET) {
             HIP_DEBUG("Address ignored: address family " \
                       "suppression set to IPv4 addresses.\n");
@@ -471,8 +468,6 @@
             }
         } else {
             /* remove from list if address matches */
-            _HIP_DEBUG_IN6ADDR("Address to compare",
-                               hip_cast_sa_addr((struct sockaddr *) &n->addr));
             if (ipv6_addr_cmp(hip_cast_sa_addr((struct sockaddr *) &n->addr),
                               hip_cast_sa_addr((struct sockaddr *) 
&addr_sin6)) == 0) {
                 HIP_DEBUG_IN6ADDR("Deleting address",
@@ -561,14 +556,6 @@
     list_for_each_safe(item, tmp, addresses, i)
     {
         n = (struct netdev_address *) list_entry(item);
-
-        _HIP_DEBUG("Search item address family %s, interface " \
-                   "index %d.\n", (n->addr.ss_family == AF_INET)
-                   ? "AF_INET" : "AF_INET6", n->if_index);
-        _HIP_DEBUG_IN6ADDR("Search item IP address",
-                           &(((struct sockaddr_in6 *)
-                              &(n->addr))->sin6_addr));
-
         if (((n->addr.ss_family == addr->sa_family) &&
              ((memcmp(hip_cast_sa_addr((struct sockaddr *) &n->addr),
                       hip_cast_sa_addr(addr),
@@ -1378,7 +1365,6 @@
     struct idxmap *idxmap[16] = { 0 };
     struct in6_addr lpback    = IN6ADDR_LOOPBACK_INIT;
 
-    _HIP_DEBUG_IN6ADDR("Source", src);
     HIP_DEBUG_IN6ADDR("dst", dst);
 
     /* Required for loopback connections */

=== modified file 'hipd/nsupdate.c'
--- hipd/nsupdate.c     2010-05-17 18:24:10 +0000
+++ hipd/nsupdate.c     2010-05-22 12:37:40 +0000
@@ -113,7 +113,6 @@
     pid_t child_pid;
     int child_status;     // child exit code
     child_pid = waitpid(0, &child_status, WNOHANG);
-    _HIP_DEBUG("child pid: %d, status: %d\n", child_pid, child_status);
 }
 
 /**

=== modified file 'hipd/oppdb.c'
--- hipd/oppdb.c        2010-05-12 16:09:38 +0000
+++ hipd/oppdb.c        2010-05-22 12:37:40 +0000
@@ -150,7 +150,6 @@
     list_for_each_safe(item, tmp, oppdb, i)
     {
         this = (hip_opp_block_t *) list_entry(item);
-        _HIP_DEBUG("List_for_each_entry_safe\n");
         fail = func(this, opaque);
         if (fail) {
             goto out_err;
@@ -169,7 +168,6 @@
 static void hip_oppdb_del_entry_by_entry(hip_opp_block_t *entry)
 {
     hip_opp_block_t *deleted;
-    _HIP_HEXDUMP("caller", &entry->caller, sizeof(struct sockaddr_un));
 
     HIP_LOCK_OPP(entry);
     deleted = hip_ht_delete(oppdb, entry);

=== modified file 'hipd/oppipdb.c'
--- hipd/oppipdb.c      2010-04-20 11:12:06 +0000
+++ hipd/oppipdb.c      2010-05-22 12:37:40 +0000
@@ -80,7 +80,6 @@
     list_for_each_safe(item, tmp, oppipdb, i)
     {
         this = (hip_oppip_t *) list_entry(item);
-        _HIP_DEBUG("List_for_each_entry_safe\n");
         func(this, opaque);
     }
 
@@ -193,7 +192,6 @@
 {
     hip_oppip_t *ret = NULL;
 
-    _HIP_DEBUG_IN6ADDR("Searching in oppipdb for ip:", ip_peer);
     ret = hip_ht_find(oppipdb, (void *) ip_peer);
     if (!ret) {
         HIP_DEBUG("The ip was not present in oppipdb. Peer HIP capable.\n");
@@ -215,7 +213,6 @@
 void hip_oppipdb_delentry(const struct in6_addr *ip_peer)
 {
     hip_oppip_t *ret;
-    _HIP_DEBUG("beginning of hip_oppipdb_delentry\n");
 
     if ((ret = hip_oppipdb_find_byip(ip_peer))) {
         HIP_DEBUG_IN6ADDR("HIP capable host found in oppipbd (non-HIP hosts 
database). Deleting it from oppipdb.", ip_peer);

=== modified file 'hipd/output.c'
--- hipd/output.c       2010-05-21 10:34:45 +0000
+++ hipd/output.c       2010-05-22 12:37:40 +0000
@@ -578,7 +578,6 @@
         }
     }
 
-    _HIP_DEBUG("hip_create_r1() invoked.\n");
     HIP_IFEL(!(msg = hip_msg_alloc()), -ENOMEM, "Out of memory\n");
 
     /* Allocate memory for writing the first Diffie-Hellman shared secret */
@@ -588,8 +587,6 @@
              -1, "Failed to alloc memory for dh_data1\n");
     memset(dh_data1, 0, dh_size1);
 
-    _HIP_DEBUG("dh_size=%d\n", dh_size1);
-
     /* Allocate memory for writing the second Diffie-Hellman shared secret */
     HIP_IFEL((dh_size2 = hip_get_dh_size(HIP_SECOND_DH_GROUP_ID)) == 0,
              -1, "Could not get dh_size2\n");
@@ -640,8 +637,6 @@
              "Building of HIP transform failed\n");
 
     /* Parameter HOST_ID */
-    _HIP_DEBUG("This HOST ID belongs to: %s\n",
-               hip_get_param_host_id_hostname(host_id_pub));
     HIP_IFEL(hip_build_param(msg, host_id_pub), -1,
              "Building of host id failed\n");
 
@@ -670,8 +665,6 @@
 
     HIP_IFEL(sign(private_key, msg), -1, "Signing of R1 failed.\n");
 
-    _HIP_HEXDUMP("R1", msg, hip_get_msg_total_len(msg));
-
     /* Parameter ECHO_REQUEST (OPTIONAL) */
 
     /* Fill puzzle parameters */
@@ -753,8 +746,6 @@
     in_port_t r1_dst_port   = 0;
     int err                 = 0;
 
-    _HIP_DEBUG("hip_xmit_r1() invoked.\n");
-
     HIP_DEBUG_IN6ADDR("i1_saddr", i1_saddr);
     HIP_DEBUG_IN6ADDR("i1_daddr", i1_daddr);
     HIP_DEBUG_IN6ADDR("dst_ip", dst_ip);
@@ -948,7 +939,6 @@
     int err = 0;
     int len = hip_get_msg_total_len(msg);
 
-    _HIP_DEBUG("hip_queue_packet() invoked.\n");
     /* Not reusing the old entry as the new packet may have
      * different length */
     if (!entry) {
@@ -1015,8 +1005,6 @@
     /* Points either to v4 or v6 raw sock */
     int hip_raw_sock_output   = 0;
 
-    _HIP_DEBUG("hip_send_raw() invoked.\n");
-
     /* Verify the existence of obligatory parameters. */
     HIP_ASSERT(peer_addr != NULL && msg != NULL);
 
@@ -1140,7 +1128,6 @@
      * do not seem to work properly. Thus, we use just sendto() */
 
     len = hip_get_msg_total_len(msg);
-    _HIP_HEXDUMP("Dumping packet ", msg, len);
 
     if (udp) {
         struct udphdr *uh = (struct udphdr *) (void *) msg;
@@ -1157,8 +1144,6 @@
         memmoved   = 1;
     }
 
-    _HIP_HEXDUMP("Dumping packet ", msg, len);
-
     for (dupl = 0; dupl < HIP_PACKET_DUPLICATES; dupl++) {
         for (try_again = 0; try_again < 2; try_again++) {
             sent = sendto(hip_raw_sock_output, msg, len, 0,
@@ -1297,8 +1282,6 @@
     hip_list_t *item                       = NULL, *tmp = NULL;
     int i                                  = 0;
 
-    _HIP_DEBUG_IN6ADDR("Destination address:", peer_addr);
-
     /* Notice that the shotgun logic requires us to check always the address 
family.
      *  Depending on the address family, we send the packet using UDP 
encapsulation or
      *  without it. Here's the current logic for UDP encapsulation (note that 
we
@@ -1378,8 +1361,6 @@
     HIP_IFEL((entry->outbound_sa_count == 0), 0,
              "No outbound sa, ignoring keepalive\n")
 
-    _HIP_DEBUG("Starting to send ICMPv6 heartbeat\n");
-
     /* memset and malloc everything you need */
     memset(&mhdr, 0, sizeof(struct msghdr));
     memset(&tval, 0, sizeof(struct timeval));
@@ -1441,10 +1422,6 @@
         err = (0 > i) ? i : -1;
     }
 
-    /* Debug information*/
-    _HIP_DEBUG_HIT("src hit", &entry->hit_our);
-    _HIP_DEBUG_HIT("dst hit", &entry->hit_peer);
-    _HIP_DEBUG("i == %d socket = %d\n", i, sockfd);
     HIP_PERROR("SENDMSG ");
 
     HIP_IFEL((i < 0), -1, "Failed to send ICMP into ESP tunnel\n");

=== modified file 'hipd/registration.c'
--- hipd/registration.c 2010-05-17 16:55:10 +0000
+++ hipd/registration.c 2010-05-22 12:37:40 +0000
@@ -1510,8 +1510,6 @@
         if (!ipv6_addr_cmp(&rfrom->address, &entry->our_addr)) {
             HIP_DEBUG("the host is not behind nat \n");
         } else {
-            _HIP_DEBUG("found a nat @port %d \n ",
-                       ntohs(rfrom->port));
             memcpy(&entry->local_reflexive_address,
                    &rfrom->address, sizeof(struct in6_addr));
             entry->local_reflexive_udp_port = ntohs(rfrom->port);
@@ -1519,7 +1517,6 @@
                           &entry->local_reflexive_address);
             HIP_DEBUG("set reflexive port: %d \n",
                       entry->local_reflexive_udp_port);
-            _HIP_DEBUG("the entry address is %d \n", entry);
         }
     } else {
         err = 1;

=== modified file 'hipd/update.c'
--- hipd/update.c       2010-05-17 16:55:10 +0000
+++ hipd/update.c       2010-05-22 12:37:40 +0000
@@ -138,7 +138,6 @@
 
         ha->update_id_out++;
         update_id_out = ha->update_id_out;
-        _HIP_DEBUG("outgoing UPDATE ID=%u\n", update_id_out);
         /** @todo Handle this case. */
         HIP_IFEL(hip_build_param_seq(update_packet_to_send, update_id_out), -1,
                  "Building of SEQ param failed\n");
@@ -386,9 +385,6 @@
             list_for_each_safe(item, tmp, ha->addresses_to_send_echo_request, 
i) {
                 dst_addr = (struct in6_addr *) list_entry(item);
 
-                _HIP_DEBUG_IN6ADDR("Sending echo requests from", src_addr);
-                _HIP_DEBUG_IN6ADDR("to", dst_addr);
-
                 if (!are_addresses_compatible(src_addr, dst_addr)) {
                     continue;
                 }
@@ -788,7 +784,6 @@
         }
 
         ha->update_id_in = seq_update_id;
-        _HIP_DEBUG("Stored peer's incoming UPDATE ID %u\n", ha->update_id_in);
     }
 
     /* RFC 5201 Section 6.12.1 3th and 4th steps or

=== modified file 'hipd/user.c'
--- hipd/user.c 2010-05-18 12:40:52 +0000
+++ hipd/user.c 2010-05-22 12:37:40 +0000
@@ -171,7 +171,6 @@
         break;
     case HIP_MSG_SET_DEBUG_ALL:
         /* Displays all debugging messages. */
-        _HIP_DEBUG("Handling DEBUG ALL user message.\n");
         HIP_IFEL(hip_set_logdebug(LOGDEBUG_ALL), -1,
                  "Error when setting daemon DEBUG status to ALL\n");
         break;
@@ -211,7 +210,6 @@
     case HIP_MSG_GET_PEER_HIT:
         err = hip_opp_get_peer_hit(msg, src);
         if (err) {
-            _HIP_ERROR("get pseudo hit failed.\n");
             if (err == -11) {           /* immediate fallback, do not pass */
                 err = 0;
             }
@@ -382,8 +380,6 @@
         struct in6_addr *hit_local;
 #endif
 
-        _HIP_DEBUG("Handling ADD DEL SERVER user message.\n");
-
         /* Get RVS IP address, HIT and requested lifetime given as
          * commandline parameters to hipconf. */
 

=== modified file 'lib/core/builder.c'
--- lib/core/builder.c  2010-05-17 22:11:11 +0000
+++ lib/core/builder.c  2010-05-22 12:37:40 +0000
@@ -112,11 +112,6 @@
     endpoint_hdr->length = sizeof(struct endpoint_hip);
     endpoint_hdr->flags  = endpoint_flags;
     endpoint_hdr->algo   = host_id_algo;
-    _HIP_DEBUG("%d %d %d\n",
-               sizeof(struct endpoint_hip),
-               hip_get_param_total_len(&endpoint_hdr->id.host_id),
-               sizeof(struct hip_host_id));
-    _HIP_DEBUG("endpoint hdr length: %d\n", endpoint_hdr->length);
 }
 
 /**
@@ -136,13 +131,9 @@
                           sizeof(struct hip_host_id_key_rdata);
     uint16_t fqdn_len;
 
-    _HIP_DEBUG("hi len: %d\n", ntohs(host_id->hi_length));
-    _HIP_DEBUG("Copying %d bytes\n", rr_len);
-
     memcpy(host_id->key, rr_data, rr_len);
 
     fqdn_len = ntohs(host_id->di_type_length) & 0x0FFF;
-    _HIP_DEBUG("fqdn len: %d\n", fqdn_len);
     if (fqdn_len) {
         memcpy(host_id->hostname, fqdn, fqdn_len);
     }
@@ -167,11 +158,6 @@
                                const unsigned char *key_rr,
                                unsigned int key_rr_len)
 {
-    _HIP_DEBUG("len=%d ep=%d rr=%d hostid=%d\n",
-               endpoint_hdr->length,
-               sizeof(struct endpoint_hip),
-               key_rr_len,
-               sizeof(struct hip_host_id));
     HIP_ASSERT(endpoint_hdr->length == sizeof(struct endpoint_hip) +
                hip_get_param_total_len(&endpoint_hdr->id.host_id) -
                sizeof(struct hip_host_id_priv));
@@ -467,15 +453,6 @@
 
         HIP_DEBUG("Multiple DHF public values received\n");
 
-        _HIP_DEBUG("dhpv1->group_id= %d   dhpv2->group_id= %d\n",
-                   dhpv1->group_id, dhpv2->group_id);
-        _HIP_DEBUG("dhpv1->pub_len= %d   dhpv2->pub_len= %d\n",
-                   dhpv1->pub_len, dhpv2->pub_len);
-        _HIP_DEBUG("ntohs(dhpv1->pub_len)= %d   ntohs(dhpv2->pub_len)= %d\n",
-                   ntohs(dhpv1->pub_len), ntohs(dhpv2->pub_len));
-
-
-
         /* Selection of a DH key depending on select_dh_key */
         if ((select_dh_key == STRONGER_KEY &&
              dhpv1->group_id >= dhpv2->group_id) ||
@@ -744,7 +721,6 @@
 
     for (i = 0; i < ARRAY_SIZE(valid); i++) {
         if (!(type & 0x0001)) {
-            _HIP_DEBUG("Optional param, skip\n");
             ok = 1;
             break;
         } else if (type == valid[i]) {
@@ -786,8 +762,6 @@
         HIP_DEBUG("param too long (%d) msg_len %d\n", param_len,
                   hip_get_msg_total_len(msg));
     } else {
-        _HIP_DEBUG("param length ok (%d) msg_len %d\n", param_len,
-                   hip_get_msg_total_len(msg));
         ok = 1;
     }
     return ok;
@@ -833,13 +807,7 @@
         hip_get_msg_total_len(msg) ||     /* a */
         !hip_check_param_contents_len(msg, next_param) ||     /* b */
         hip_get_param_contents_len(next_param) == 0) {        /* c */
-        _HIP_DEBUG("no more parameters found\n");
         next_param = NULL;
-    } else {
-        /* next parameter successfully found  */
-        _HIP_DEBUG("next param: type=%d, len=%d\n",
-                   hip_get_param_type(next_param),
-                   hip_get_param_contents_len(next_param));
     }
 
 out:
@@ -863,15 +831,11 @@
     void *matched                        = NULL;
     struct hip_tlv_common *current_param = NULL;
 
-    _HIP_DEBUG("searching for type %d\n", param_type);
-
     /** @todo Optimize: stop when next parameter's type is greater than the
      *  searched one. */
 
     while ((current_param = hip_get_next_param(msg, current_param))
            != NULL) {
-        _HIP_DEBUG("current param %d\n",
-                   hip_get_param_type(current_param));
         if (hip_get_param_type(current_param) == param_type) {
             matched = current_param;
             break;
@@ -945,7 +909,6 @@
      * used for checking the existance. */
     if (hip_get_param_contents_len((struct hip_tlv_common *) first_pos)
         == 0) {
-        _HIP_DEBUG("no parameters\n");
         free_pos = first_pos;
         goto out;
     }
@@ -953,9 +916,6 @@
     while ((current_param = hip_get_next_param(msg, current_param))
            != NULL) {
         last_used_pos = current_param;
-        _HIP_DEBUG("not free: type=%d, contents_len=%d\n",
-                   hip_get_param_type(current_param),
-                   hip_get_param_contents_len(current_param));
     }
 
     if (last_used_pos == NULL) {
@@ -992,12 +952,10 @@
          * 1) calling build_param() for the first time
          * 2) calling just the build_hdr() without building
          *    any parameters, e.g. in plain error messages */
-        _HIP_DEBUG("case 1,2\n");
         hip_set_msg_total_len(msg, sizeof(struct hip_common));
     } else {
         /* 3) do nothing, build_param()+ */
         /* 4) do nothing, build_param()+ and build_hdr() */
-        _HIP_DEBUG("case 3,4\n");
     }
 
     pos  += hip_get_msg_total_len(msg);
@@ -1005,7 +963,6 @@
     if (hip_get_param_contents_len(param) != 0) {
         /* Case 1 and 3: a new parameter (with a valid length) has
         *  been added and the message length has not been updated. */
-        _HIP_DEBUG("case 1,3\n");
         hip_set_msg_total_len(msg, hip_get_msg_total_len(msg) +
                               hip_get_param_total_len(param));
         /* XX assert: new pos must be of type 0 (assume only one
@@ -1013,10 +970,7 @@
     } else {
         /* case 2 and 4: the message length does not need to be
          * updated */
-        _HIP_DEBUG("case 2,4\n");
     }
-
-    _HIP_DEBUG("msg len %d\n", hip_get_msg_total_len(msg));
 }
 
 /**
@@ -1087,9 +1041,6 @@
     HIP_DEBUG("Msg err:        %d\n", hip_get_msg_err(msg));
     HIP_DEBUG("Msg controls:   0x%04x\n", msg->control);
 
-    _HIP_DEBUG_HIT("Msg hits:       ", &msg->hits );
-    _HIP_DEBUG_HIT("Msg hitr:       ", &msg->hitr );
-
     while ((current_param = hip_get_next_param(msg, current_param)) != NULL) {
         len       = hip_get_param_contents_len(current_param);
         /* Formula from base draft section 5.2.1. */
@@ -1363,8 +1314,6 @@
     hip_tlv_type_t type = hip_get_param_type(param);
     int err             = 0;
 
-    _HIP_DEBUG("type=%u\n", type);
-
     switch (type) {
     case HIP_PARAM_HIP_TRANSFORM:
     case HIP_PARAM_ESP_TRANSFORM:
@@ -1372,8 +1321,6 @@
         /* Search for one supported transform */
         hip_transform_suite_t suite;
 
-        _HIP_DEBUG("Checking %s transform\n",
-                   type == HIP_PARAM_HIP_TRANSFORM ? "HIP" : "ESP");
         suite = hip_get_param_transform_suite_id(param, 0);
         if (suite == 0) {
             HIP_ERROR("Could not find suitable %s transform\n",
@@ -1393,7 +1340,6 @@
         break;
     }
     }
-    _HIP_DEBUG("err=%d\n", err);
     return err;
 }
 
@@ -1495,8 +1441,6 @@
     int err                            = 0, size = 0;
     uint8_t *max_dst                   = ((uint8_t *) msg) + HIP_MAX_PACKET;
 
-    _HIP_DEBUG("\n");
-
     if (msg == NULL) {
         HIP_ERROR("Message is NULL.\n");
         err = -EFAULT;
@@ -1522,11 +1466,8 @@
         goto out;
     }
 
-    _HIP_DEBUG("found free: %d\n", dst - ((void *) msg));
-
     if (dst + hip_get_param_total_len(param) > max_dst) {
         err = -EMSGSIZE;
-        _HIP_DEBUG("dst == %d\n", dst);
         HIP_ERROR("The parameter to build does not fit in the message " \
                   "because if the parameter would be appended to " \
                   "the message, maximum HIP packet length would be " \
@@ -1552,8 +1493,6 @@
            (param_hdr_size - sizeof(struct hip_tlv_common));
     memcpy(dst, src, size);
 
-    _HIP_DEBUG("contents copied %d bytes\n", size);
-
     /* we have to update header length or otherwise hip_find_free_param
      * will fail when it checks the header length */
     hip_calc_hdr_len(msg);
@@ -1562,9 +1501,6 @@
         err = -EFAULT;
     }
 
-    _HIP_DEBUG("dumping msg, len = %d\n", hip_get_msg_total_len(msg));
-    _HIP_HEXDUMP("build msg: ", (void *) msg,
-                 hip_get_msg_total_len(msg));
 out:
 
     return err;
@@ -1639,7 +1575,6 @@
     err = hip_build_param_contents(msg, contents,
                                    hip_get_param_type(tlv_common),
                                    hip_get_param_contents_len(tlv_common));
-    _HIP_DEBUG("tlv_common len %d\n", ((struct hip_tlv_common *) 
tlv_common)->length);
     if (err) {
         HIP_ERROR("could not build contents (%d)\n", err);
     }
@@ -1701,7 +1636,6 @@
 {
     int err = 0;
 
-    _HIP_DEBUG("\n");
     HIP_IFEL(!msg, -EINVAL, "null msg\n");
 
     /* build header first and then parameters */
@@ -1893,9 +1827,6 @@
 
     HIP_IFEL(!(msg_copy = hip_msg_alloc()), -ENOMEM, "Message alloc\n");
 
-    _HIP_HEXDUMP("HMAC data", msg_copy, hip_get_msg_total_len(msg_copy));
-    _HIP_HEXDUMP("HMAC key\n", key->key, 20);
-
     HIP_IFEL(hip_create_msg_pseudo_hmac2(msg, msg_copy, host_id), -1,
              "pseudo hmac pkt failed\n");
 
@@ -2361,8 +2292,6 @@
         reg_type[i] = service_list[i].reg_type;
     }
 
-    _HIP_HEXDUMP("reg_type", reg_type, service_count);
-
     hip_set_param_type((struct hip_tlv_common *) &reg_info, 
HIP_PARAM_REG_INFO);
     /* All services should have the same lifetime... */
     reg_info.min_lifetime = service_list[0].min_lifetime;
@@ -2373,9 +2302,6 @@
     err                   = hip_build_generic_param(
         msg, &reg_info, sizeof(struct hip_reg_info), (void *) reg_type);
 
-    _HIP_DEBUG("Added REG_INFO parameter with %u service%s.\n", service_count,
-               (service_count > 1) ? "s" : "");
-
     return err;
 }
 
@@ -2659,8 +2585,6 @@
 
     HIP_ASSERT(pubkey_len >= sizeof(struct hip_tlv_common));
 
-    _HIP_ASSERT(sizeof(struct hip_diffie_hellman) == 5);
-
     hip_set_param_type((struct hip_tlv_common *) &diffie_hellman, 
HIP_PARAM_DIFFIE_HELLMAN);
 
     if (group_id2 != HIP_MAX_DH_GROUP_ID) {
@@ -2700,8 +2624,6 @@
                                   sizeof(struct hip_diffie_hellman),
                                   value);
 
-    _HIP_HEXDUMP("Own DH pubkey: ", pubkey, pubkey_len);
-
 out_err:
 
     if (value) {
@@ -2859,8 +2781,6 @@
     uint16_t *tfm;
     int table_n                 = 0, pkt_tfms = 0, i;
 
-    _HIP_DEBUG("tfm len = %d\n", hip_get_param_contents_len(transform_tlv));
-
     type = hip_get_param_type(transform_tlv);
     if (type == HIP_PARAM_HIP_TRANSFORM) {
         table    = supported_hip_tf;
@@ -2880,11 +2800,8 @@
 
     for (i = 0; i < pkt_tfms; i++, tfm++) {
         int j;
-        _HIP_DEBUG("testing pkt tfm=%u\n", ntohs(*tfm));
         for (j = 0; j < table_n; j++) {
             if (ntohs(*tfm) == table[j]) {
-                _HIP_DEBUG("found supported tfm %u, pkt tlv index of tfm=%d\n",
-                           table[j], i);
                 return table[j];
             }
         }
@@ -2918,16 +2835,9 @@
                                sizeof(struct hip_locator),
                                addrs_len);
 
-    _HIP_DEBUG("params size=%d\n", sizeof(struct hip_locator) -
-               sizeof(struct hip_tlv_common) +
-               addrs_len);
-
     memcpy(locator_info + 1, addrs, addrs_len);
     HIP_IFE(hip_build_param(msg, locator_info), -1);
 
-    _HIP_DEBUG("msgtotlen=%d addrs_len=%d\n", hip_get_msg_total_len(msg),
-               addrs_len);
-
 out_err:
     if (locator_info) {
         free(locator_info);
@@ -3258,8 +3168,7 @@
 {
     int err = 0;
     struct hip_esp_info esp_info;
-    _HIP_DEBUG("Add SPI old: 0x%x (nwbo: 0x%x), new: 0x%x (nwbo: 0x%x)\n",
-            old_spi, htonl(old_spi), new_spi, htonl(new_spi));
+
     hip_set_param_type((struct hip_tlv_common *) &esp_info, 
HIP_PARAM_ESP_INFO);
 
     hip_calc_generic_param_len((struct hip_tlv_common *) &esp_info,
@@ -3271,11 +3180,6 @@
     esp_info.old_spi = htonl(old_spi);
     esp_info.new_spi = htonl(new_spi);
 
-    _HIP_DEBUG("esp param old: 0x%x , new: 0x%x \n",
-            esp_info.old_spi, esp_info.new_spi);
-    _HIP_DEBUG("keymat index = %d\n", keymat_index);
-    _HIP_HEXDUMP("esp_info:", &esp_info, sizeof(struct hip_esp_info));
-
     err = hip_build_param(msg, &esp_info);
     return err;
 }
@@ -3383,11 +3287,6 @@
     host_id_hdr->rdata.protocol  = 0xFF;    /* RFC 2535 */
     /* algo is 8 bits, no htons */
     host_id_hdr->rdata.algorithm = algorithm;
-
-    _HIP_DEBUG("hilen=%d totlen=%d contlen=%d\n",
-               ntohs(host_id_hdr->hi_length),
-               hip_get_param_contents_len(host_id_hdr),
-               hip_get_param_total_len(host_id_hdr));
 }
 
 /**
@@ -3408,13 +3307,9 @@
                           sizeof(struct hip_host_id_key_rdata);
     uint16_t fqdn_len;
 
-    _HIP_DEBUG("hi len: %d\n", ntohs(host_id->hi_length));
-    _HIP_DEBUG("Copying %d bytes\n", rr_len);
-
     memcpy(host_id->key, rr_data, rr_len);
 
     fqdn_len = ntohs(host_id->di_type_length) & 0x0FFF;
-    _HIP_DEBUG("fqdn len: %d\n", fqdn_len);
     if (fqdn_len) {
         memcpy(host_id->hostname, fqdn, fqdn_len);
     }
@@ -3463,11 +3358,6 @@
     host_id_hdr->rdata.protocol  = 0xFF;    /* RFC 2535 */
     /* algo is 8 bits, no htons */
     host_id_hdr->rdata.algorithm = algorithm;
-
-    _HIP_DEBUG("hilen=%d totlen=%d contlen=%d\n",
-               ntohs(host_id_hdr->hi_length),
-               hip_get_param_contents_len(host_id_hdr),
-               hip_get_param_total_len(host_id_hdr));
 }
 
 /**
@@ -3649,8 +3539,7 @@
                                  size_t sockaddr_len)
 {
     int err = 0;
-    _HIP_DEBUG("build family=%d, len=%d\n", sockaddr->sa_family,
-               sockaddr_len);
+
     err = hip_build_param_contents(msg, sockaddr, HIP_PARAM_EID_SOCKADDR,
                                    sockaddr_len);
     return err;
@@ -3782,7 +3671,6 @@
     hip_calc_param_len((struct hip_tlv_common *) &local,
                        sizeof(struct hip_cert_spki_info)
                                - sizeof(struct hip_tlv_common));
-    _HIP_DEBUG("Param len spki_info %d\n", htons(local.length));
     err = hip_build_param(msg, &local);
     return err;
 }
@@ -3910,8 +3798,6 @@
     int dsa_key_rr_len;
     struct endpoint_hip endpoint_hdr;
 
-    _HIP_DEBUG("dsa_to_hip_endpoint called\n");
-
     dsa_key_rr_len = dsa_to_dns_key_rr(dsa, &dsa_key_rr);
     if (dsa_key_rr_len <= 0) {
         HIP_ERROR("dsa_key_rr_len <= 0\n");
@@ -3932,13 +3818,11 @@
     }
     memset(*endpoint, 0, endpoint_hdr.length);
 
-    _HIP_DEBUG("Allocated %d bytes for endpoint\n", endpoint_hdr.length);
     hip_build_endpoint(*endpoint,
                        &endpoint_hdr,
                        hostname,
                        dsa_key_rr,
                        dsa_key_rr_len);
-    _HIP_HEXDUMP("endpoint contains: ", *endpoint, endpoint_hdr.length);
 
     out_err:
 
@@ -3992,16 +3876,12 @@
     }
     memset(*endpoint, 0, endpoint_hdr.length);
 
-    _HIP_DEBUG("Allocated %d bytes for endpoint\n", endpoint_hdr.length);
-
     hip_build_endpoint(*endpoint,
                        &endpoint_hdr,
                        hostname,
                        rsa_key_rr,
                        rsa_key_rr_len);
 
-    _HIP_HEXDUMP("endpoint contains: ", *endpoint, endpoint_hdr.length);
-
     out_err:
 
     if (rsa_key_rr) {
@@ -4244,8 +4124,6 @@
             result += sizeof(struct hip_locator_info_addr_item2);
         }
     }
-    _HIP_DEBUG("*****locator %d has offset :%d \n",
-               idx, (char *) result - (char *) item_list);
     return (union hip_locator_info_addr *) result;
 }
 

=== modified file 'lib/core/capability.c'
--- lib/core/capability.c       2010-05-17 18:24:10 +0000
+++ lib/core/capability.c       2010-05-22 12:37:40 +0000
@@ -52,8 +52,6 @@
         if (i) {
             break;
         }
-        _HIP_DEBUG("%s (%d)\tHOME %s\tSHELL %s\n", pwp->pw_name,
-                   pwp->pw_uid, pwp->pw_dir, pwp->pw_shell);
         if (!strcmp(pwp->pw_name, name)) {
             uid = pwp->pw_uid;
             break;

=== modified file 'lib/core/certtools.c'
--- lib/core/certtools.c        2010-05-17 22:11:11 +0000
+++ lib/core/certtools.c        2010-05-22 12:37:40 +0000
@@ -119,9 +119,6 @@
      */
     char s_rule[]   = "[)][|][A-Za-z0-9+/()#=-]*[|]";
 
-    _HIP_DEBUG("\n\n** CONTENTS of public key sequence **\n"
-               "%s\n\n", cert->public_key);
-
     /* check the algo DSA or RSA  */
     HIP_DEBUG("Verifying\nRunning regexps to identify algo\n");
     start = stop = 0;
@@ -152,17 +149,14 @@
         start = stop = 0;
         HIP_IFEL(hip_cert_regex(e_rule, cert->public_key, &start, &stop), -1,
                  "Failed to run hip_cert_regex (exponent)\n");
-        _HIP_DEBUG("REGEX results from %d to %d\n", start, stop);
         e_hex = malloc(stop - start);
         HIP_IFEL((!e_hex), -1, "Malloc for e_hex failed\n");
         snprintf((char *) e_hex, (stop - start - 1), "%s", 
&cert->public_key[start + 1]);
-        _HIP_DEBUG("E_HEX %s\n", e_hex);
 
         /* public modulus */
         start       = stop = 0;
         HIP_IFEL(hip_cert_regex(n_rule, cert->public_key, &start, &stop), -1,
                  "Failed to run hip_cert_regex (modulus)\n");
-        _HIP_DEBUG("REGEX results from %d to %d\n", start, stop);
         modulus_b64 = malloc(stop - start + 1);
         HIP_IFEL((!modulus_b64), -1, "Malloc for modulus_b64 failed\n");
         memset(modulus_b64, 0, (stop - start + 1));
@@ -170,7 +164,6 @@
         HIP_IFEL((!modulus), -1, "Malloc for modulus failed\n");
         memset(modulus, 0, (stop - start + 1));
         snprintf((char *) modulus_b64, (stop - start - 1), "%s", 
&cert->public_key[start + 1]);
-        _HIP_DEBUG("modulus_b64 %s\n", modulus_b64);
 
         /* put the stuff into the RSA struct */
         BN_hex2bn(&rsa->e, e_hex);
@@ -183,13 +176,9 @@
             --keylen;
             keylen = keylen - keylen % 2;
         }
-        _HIP_DEBUG("keylen = %d (%d bits)\n", keylen, keylen * 8);
         signature = malloc(keylen);
         HIP_IFEL((!signature), -1, "Malloc for signature failed.\n");
         rsa->n    = BN_bin2bn(modulus, keylen, 0);
-
-        _HIP_DEBUG("In verification RSA e=%s\n", BN_bn2hex(rsa->e));
-        _HIP_DEBUG("In verification RSA n=%s\n", BN_bn2hex(rsa->n));
     } else if (algo == HIP_HI_DSA) {
         /* malloc space for new dsa */
         dsa = DSA_new();
@@ -201,7 +190,6 @@
         start = stop = 0;
         HIP_IFEL(hip_cert_regex(p_rule, cert->public_key, &start, &stop), -1,
                  "Failed to run hip_cert_regex dsa->p\n");
-        _HIP_DEBUG("REGEX results from %d to %d\n", start, stop);
         p_b64 = malloc(stop - start + 1);
         HIP_IFEL((!p_b64), -1, "Malloc for p_b64 failed\n");
         memset(p_b64, 0, (stop - start + 1));
@@ -209,14 +197,12 @@
         HIP_IFEL((!p_bin), -1, "Malloc for p_bin failed\n");
         memset(p_bin, 0, (stop - start + 1));
         snprintf((char *) p_b64, (stop - start - 1), "%s", 
&cert->public_key[start + 1]);
-        _HIP_DEBUG("p_b64 %s\n", p_b64);
         evpret = EVP_DecodeBlock(p_bin, p_b64, strlen((char *) p_b64));
 
         /* dsa->q */
         start  = stop = 0;
         HIP_IFEL(hip_cert_regex(q_rule, cert->public_key, &start, &stop), -1,
                  "Failed to run hip_cert_regex dsa->q\n");
-        _HIP_DEBUG("REGEX results from %d to %d\n", start, stop);
         q_b64  = malloc(stop - start + 1);
         HIP_IFEL((!q_b64), -1, "Malloc for q_b64 failed\n");
         memset(q_b64, 0, (stop - start + 1));
@@ -224,14 +210,12 @@
         HIP_IFEL((!q_bin), -1, "Malloc for q_bin failed\n");
         memset(q_bin, 0, (stop - start + 1));
         snprintf((char *) q_b64, (stop - start - 1), "%s", 
&cert->public_key[start + 1]);
-        _HIP_DEBUG("q_b64 %s\n", q_b64);
         evpret = EVP_DecodeBlock(q_bin, q_b64, strlen((char *) q_b64));
 
         /* dsa->g */
         start  = stop = 0;
         HIP_IFEL(hip_cert_regex(g_rule, cert->public_key, &start, &stop), -1,
                  "Failed to run hip_cert_regex dsa->g\n");
-        _HIP_DEBUG("REGEX results from %d to %d\n", start, stop);
         g_b64  = malloc(stop - start + 1);
         HIP_IFEL((!g_b64), -1, "Malloc for g_b64 failed\n");
         memset(g_b64, 0, (stop - start + 1));
@@ -239,14 +223,12 @@
         HIP_IFEL((!g_bin), -1, "Malloc for g_bin failed\n");
         memset(g_bin, 0, (stop - start + 1));
         snprintf((char *) g_b64, (stop - start - 1), "%s", 
&cert->public_key[start + 1]);
-        _HIP_DEBUG("g_b64 %s\n", g_b64);
         evpret = EVP_DecodeBlock(g_bin, g_b64, strlen((char *) g_b64));
 
         /* dsa->y */
         start  = stop = 0;
         HIP_IFEL(hip_cert_regex(y_rule, cert->public_key, &start, &stop), -1,
                  "Failed to run hip_cert_regex dsa->y\n");
-        _HIP_DEBUG("REGEX results from %d to %d\n", start, stop);
         y_b64  = malloc(stop - start + 1);
         HIP_IFEL((!y_b64), -1, "Malloc for y_b64 failed\n");
         memset(y_b64, 0, (stop - start + 1));
@@ -254,7 +236,6 @@
         HIP_IFEL((!y_bin), -1, "Malloc for y_bin failed\n");
         memset(y_bin, 0, (stop - start + 1));
         snprintf((char *) y_b64, (stop - start - 1), "%s", 
&cert->public_key[start + 1]);
-        _HIP_DEBUG("y_b64 %s\n", y_b64);
         evpret = EVP_DecodeBlock(y_bin, y_b64, strlen((char *) y_b64));
     } else {HIP_IFEL((1 == 0), -1, "Unknown algorithm\n");
     }
@@ -264,13 +245,11 @@
     HIP_IFEL(!(sha_retval = SHA1((unsigned char *) cert->cert,
                                  strlen((char *) cert->cert), sha_digest)),
              -1, "SHA1 error when creating digest.\n");
-    _HIP_HEXDUMP("SHA1 digest of cert sequence ", sha_digest, 20);
 
     /* Get the signature hash and compare it to the sha_digest we just made */
     start              = stop = 0;
     HIP_IFEL(hip_cert_regex(h_rule, cert->signature, &start, &stop), -1,
              "Failed to run hip_cert_regex (signature hash)\n");
-    _HIP_DEBUG("REGEX results from %d to %d\n", start, stop);
     signature_hash_b64 = malloc(stop - start + 1);
     HIP_IFEL((!signature_hash_b64), -1, "Failed to malloc 
signature_hash_b64\n");
     memset(signature_hash_b64, '\0', (stop - start + 1));
@@ -278,7 +257,6 @@
     HIP_IFEL((!signature_hash), -1, "Failed to malloc signature_hash\n");
     snprintf((char *) signature_hash_b64, (stop - start - 1), "%s",
              &cert->signature[start + 1]);
-    _HIP_DEBUG("SIG HASH B64 %s\n", signature_hash_b64);
     evpret = EVP_DecodeBlock(signature_hash, signature_hash_b64,
                              strlen((char *) signature_hash_b64));
     HIP_IFEL(memcmp(sha_digest, signature_hash, 20), -1,
@@ -289,19 +267,16 @@
     start         = stop = 0;
     HIP_IFEL(hip_cert_regex(s_rule, cert->signature, &start, &stop), -1,
              "Failed to run hip_cert_regex (signature)\n");
-    _HIP_DEBUG("REGEX results from %d to %d\n", start, stop);
     signature_b64 = malloc(stop - start + 1);
     HIP_IFEL((!signature_b64), -1, "Failed to malloc signature_b64\n");
     memset(signature_b64, '\0', keylen);
     snprintf((char *) signature_b64, (stop - start - 2), "%s", 
&cert->signature[start + 2]);
-    _HIP_DEBUG("SIG_B64 %s\n", signature_b64);
     if (algo == HIP_HI_DSA) {
         signature = malloc(stop - start + 1);
         HIP_IFEL(!signature, -1, "Failed to malloc signature (dsa)\n");
     }
     evpret = EVP_DecodeBlock(signature, signature_b64,
                              strlen((char *) signature_b64));
-    _HIP_HEXDUMP("SIG\n", signature, keylen);
 
     if (algo == HIP_HI_RSA) {
         /* do the verification */
@@ -311,15 +286,6 @@
         ERR_load_crypto_strings();
         ERR_error_string(e_code, buf);
 
-        _HIP_DEBUG("***********RSA ERROR*************\n");
-        _HIP_DEBUG("RSA_size(rsa) = %d\n", RSA_size(rsa));
-        _HIP_DEBUG("Signature length :%d\n", strlen((char *) signature));
-        _HIP_DEBUG("Error string :%s\n", buf);
-        _HIP_DEBUG("LIB error :%s\n", ERR_lib_error_string(e_code));
-        _HIP_DEBUG("func error :%s\n", ERR_func_error_string(e_code));
-        _HIP_DEBUG("Reason error :%s\n", ERR_reason_error_string(e_code));
-        _HIP_DEBUG("***********RSA ERROR*************\n");
-
         /* RSA_verify returns 1 if success. */
         cert->success = err == 1 ? 0 : -1;
         HIP_IFEL((err = err == 1 ? 0 : -1), -1, "RSA_verify error\n");
@@ -438,15 +404,12 @@
              "Failed to memset memory for tmp variables\n");
 
     /* Make needed transforms to the date */
-    _HIP_DEBUG("not_before %d not_after %d\n", *not_before, *not_after);
     /*  Format and print the time, "yyyy-mm-dd hh:mm:ss"
      * (not-after "1998-04-15_00:00:00") */
     ts = localtime(not_before);
     strftime(buf_before, sizeof(buf_before), "%Y-%m-%d_%H:%M:%S", ts);
     ts = localtime(not_after);
     strftime(buf_after, sizeof(buf_after), "%Y-%m-%d_%H:%M:%S", ts);
-    _HIP_DEBUG("Not before %s\n", buf_before);
-    _HIP_DEBUG("Not after %s\n", buf_after);
 
     sprintf(tmp_before, "(not-before \"%s\")", buf_before);
     sprintf(tmp_after, "(not-after \"%s\")", buf_after);
@@ -494,12 +457,9 @@
     hip_send_recv_daemon_info(msg, 0, 0);
 
     /* get the struct from the message sent back by the daemon */
-    _HIP_DUMP_MSG(msg);
     HIP_IFEL(!(returned = hip_get_param(msg, HIP_PARAM_CERT_SPKI_INFO)),
              -1, "No hip_cert_spki_info struct found from daemons msg\n");
 
-    _HIP_DEBUG("PUBLIC-KEY\n%s\nCERT\n%s\nSIGNATURE\n%s\n", 
returned->public_key,
-               returned->cert, returned->signature);
     memcpy(content, returned, sizeof(struct hip_cert_spki_info));
 
 out_err:
@@ -563,8 +523,6 @@
     regmatch_t pm[1];
     char *tmp_cert;
 
-    _HIP_DEBUG("Before inject:\n%s\n", to->cert);
-    _HIP_DEBUG("Inserting \"%s\" after \"%s\"\n", what, after);
     tmp_cert = malloc(strlen(to->cert) + strlen(what) + 1);
     if (!tmp_cert) {
         return -1;
@@ -577,8 +535,6 @@
     /* Running the regular expression */
     HIP_IFEL((status = regexec(&re, to->cert, 1, pm, 0)), -1,
              "Handling of regular expression failed\n");
-    _HIP_DEBUG("Found \"%s\" at %d and it ends at %d\n",
-               after, pm[0].rm_so, pm[0].rm_eo);
     /* Using tmp char table to do the inject (remember the terminators)
      * first the beginning */
     snprintf(tmp_cert, pm[0].rm_eo + 2, "%s", to->cert);
@@ -589,7 +545,6 @@
              (strlen(to->cert) - pm[0].rm_eo), "%s", &to->cert[pm[0].rm_eo + 
1]);
     /* move tmp to the result */
     sprintf(to->cert, "%s", tmp_cert);
-    _HIP_DEBUG("After inject:\n%s\n", to->cert);
 out_err:
     free(tmp_cert);
     regfree(&re);
@@ -627,31 +582,23 @@
      */
     char s_rule[] = "[(]signature [ A-Za-z0-9+/|()=]*[|][)][)]";
 
-    _HIP_DEBUG("FROM %s\n", from);
-
     /* Look for the public key */
     HIP_IFEL(hip_cert_regex(p_rule, from, &start, &stop), -1,
              "Failed to run hip_cert_regex (public-key)\n");
-    _HIP_DEBUG("REGEX results from %d to %d\n", start, stop);
     snprintf(to->public_key, (stop - start) + 1, "%s", &from[start]);
 
     /* Look for the cert sequence */
     start = stop = 0;
     HIP_IFEL(hip_cert_regex(c_rule, from, &start, &stop), -1,
              "Failed to run hip_cert_regex (cert)\n");
-    _HIP_DEBUG("REGEX results from %d to %d\n", start, stop);
     snprintf(to->cert, (stop - start) + 1, "%s", &from[start]);
 
     /* look for the signature sequence */
     start = stop = 0;
     HIP_IFEL(hip_cert_regex(s_rule, from, &start, &stop), -1,
              "Failed to run hip_cert_regex (signature)\n");
-    _HIP_DEBUG("REGEX results from %d to %d\n", start, stop);
     snprintf(to->signature, (stop - start) + 1, "%s", &from[start]);
 
-    _HIP_DEBUG("PK %s\nCert %s\nSign %s\n",
-               to->public_key, to->cert, to->signature);
-
 out_err:
     return err;
 }
@@ -689,7 +636,6 @@
     HIP_IFEL(!(returned = hip_get_param(msg, HIP_PARAM_CERT_SPKI_INFO)),
              -1, "No hip_cert_spki_info struct found from daemons msg\n");
 
-    _HIP_DEBUG("Success = %d (should be 0 if OK\n", returned->success);
     memcpy(to_verification, returned, sizeof(struct hip_cert_spki_info));
 
 out_err:
@@ -738,11 +684,8 @@
     /* get the struct from the message sent back by the daemon */
     HIP_IFEL(!(p = hip_get_param(msg, HIP_PARAM_CERT_X509_RESP)), -1,
              "No name x509 struct found\n");
-    _HIP_HEXDUMP("DER:\n", p->der, p->der_len);
-    _HIP_DEBUG("DER length %d\n", p->der_len);
     memcpy(certificate, p->der, p->der_len);
     err = p->der_len;
-    _HIP_DUMP_MSG(msg);
 
 out_err:
     if (msg) {
@@ -772,9 +715,6 @@
              "Malloc for msg failed\n");
     hip_msg_init(msg);
 
-    _HIP_HEXDUMP("DER DUMP:\n", certificate, len);
-    _HIP_DEBUG("DER LEN %d\n", len);
-
     /* build the msg to be sent to the daemon */
     HIP_IFEL(hip_build_user_hdr(msg, HIP_MSG_CERT_X509V3_VERIFY, 0), -1,
              "Failed to build user header\n");
@@ -784,7 +724,6 @@
     /* send and wait */
     HIP_DEBUG("Sending request to verify x509  cert to "
               "daemon and waiting for answer\n");
-    _HIP_DUMP_MSG(msg);
     hip_send_recv_daemon_info(msg, 0, 0);
 
     /* get the struct from the message sent back by the daemon */
@@ -795,7 +734,6 @@
         HIP_DEBUG("Verified successfully\n");
     } else {      HIP_DEBUG("Verification failed\n");
     }
-    _HIP_DUMP_MSG(msg);
 
 out_err:
     if (msg) {
@@ -822,9 +760,6 @@
     int err    = 0;
     X509 *cert = NULL;
 
-    _HIP_HEXDUMP("DER:\n", der, len);
-    _HIP_DEBUG("DER length %d\n", len);
-
     HIP_IFEL(((cert = d2i_X509(NULL, (const unsigned char **) &der, len)) == 
NULL), -1,
              "Failed to convert cert from DER to internal format\n");
 out_err:
@@ -847,7 +782,6 @@
     BIO *out   = NULL;
     X509 *cert = NULL;
 
-    _HIP_DEBUG("PEM:\n%s\nLength of PEM %d\n", pem, strlen(pem));
     out = BIO_new_mem_buf(pem, -1);
     HIP_IFEL((NULL == (cert = PEM_read_bio_X509(out, NULL, 0, NULL))), -1,
              "Cert variable is NULL\n");
@@ -884,8 +818,6 @@
     STACK_OF(CONF_VALUE) * sec = NULL;
     CONF_VALUE *item;
 
-    _HIP_DEBUG("Started to read cert configuration file\n");
-
     /* XXTODO conf is opened and reopened here why -Samu */
     conf = NCONF_new(NCONF_default());
     HIP_IFEL(!NCONF_load(conf, HIP_CERT_CONF_PATH, &err),
@@ -897,8 +829,6 @@
 
     for (i = 0; i < sk_CONF_VALUE_num(sec); i++) {
         item = (void *) sk_CONF_VALUE_value(sec, i);
-        _HIP_DEBUG("Sec: %s, Key; %s, Val %s\n",
-                   item->section, item->name, item->value);
     }
 out_err:
     if (err == -1) {
@@ -919,8 +849,6 @@
     long err   = 0;
     CONF *conf = NULL;
 
-    _HIP_DEBUG("Started to read cert configuration file\n");
-
     conf = NCONF_new(NCONF_default());
     HIP_IFEL(!NCONF_load(conf, HIP_CERT_CONF_PATH, &err),
              -1, "Error opening the configuration file");
@@ -972,14 +900,10 @@
     // TODO this might need to be an error!?
     // this needs to be separated to found, not found, and error -Samu
     if ((status = regexec(&re, from, 1, answer, 0))) {
-        _HIP_DEBUG("No match for regexp or failed to run it\n");
         err = -1;
         goto out_err;
     }
 
-    _HIP_DEBUG("Found \"%s\" at %d and it ends at %d\n",
-               what, answer[0].rm_so, answer[0].rm_eo);
-
     *start = answer[0].rm_so;
     *stop  = answer[0].rm_eo;
 

=== modified file 'lib/core/conf.c'
--- lib/core/conf.c     2010-05-21 10:36:58 +0000
+++ lib/core/conf.c     2010-05-22 12:37:40 +0000
@@ -399,8 +399,6 @@
  */
 static int hip_conf_print_info_ha(struct hip_hadb_user_info_state *ha)
 {
-    _HIP_HEXDUMP("HEXHID ", ha, sizeof(struct hip_hadb_user_info_state));
-
     HIP_INFO("HA is %s\n", hip_state_str(ha->state));
     if (ha->shotgun_status == HIP_MSG_SHOTGUN_ON) {
         HIP_INFO(" Shotgun mode is on.\n");
@@ -795,30 +793,17 @@
     for (rp = res; rp != NULL; rp = rp->ai_next) {
         in4 = &((struct sockaddr_in *) rp->ai_addr)->sin_addr;
         in6 = &((struct sockaddr_in6 *) rp->ai_addr)->sin6_addr;
-        if (rp->ai_family == AF_INET6) {
-            _HIP_DEBUG_IN6ADDR("addr", in6);
-            _HIP_DEBUG("hit=%s\n",
-                       (ipv6_addr_is_hit(in6) ? "yes" : "no"));
-        }
-
-        if (rp->ai_family == AF_INET) {
-            _HIP_DEBUG_INADDR("addr", in4);
-            _HIP_DEBUG("lsi=%s\n",
-                       (IS_LSI32(in4->s_addr) ? "yes" : "no"));
-        }
 
         if (rp->ai_family == AF_INET6 &&
             (ipv6_addr_is_hit(in6) ? match_hip : !match_hip)) {
             ipv6_addr_copy(id, in6);
             err = 0;
-            _HIP_DEBUG("Match\n");
             break;
         } else if (rp->ai_family == AF_INET &&
                    (IS_LSI32(in4->s_addr) ? match_hip : !match_hip)) {
             IPV4_TO_IPV6_MAP(in4, id);
             err = 0;
             break;
-            _HIP_DEBUG("Match\n");
         }
     }
 
@@ -873,8 +858,6 @@
     time_t seconds_from_lifetime = 0;
     char lowercase[30];
 
-    _HIP_DEBUG("hip_conf_handle_server() invoked.\n");
-
     memset(&hit, 0, sizeof(hit));
     memset(&ipv6, 0, sizeof(ipv6));
 
@@ -2715,7 +2698,6 @@
              "Error: can't open config file %s.\n", fname);
 
     while (err == 0 && fgets(line, sizeof(line), hip_config) != NULL) {
-        _HIP_DEBUG("line %s\n", line);
         /* Remove whitespace */
         c = line;
         while (*c == ' ' || *c == '\t') {
@@ -2883,7 +2865,6 @@
     HIP_IFEL(((type_arg = hip_conf_get_type_arg(action)) < 0), -1,
              "Could not parse type\n");
 
-    _HIP_DEBUG("ARGV[TYPE_ARG] = %s ", argv[type_arg]);
     type = hip_conf_get_type(argv[type_arg], argv);
     HIP_IFEL((type <= 0 || type > TYPE_MAX), -1,
              "Invalid type argument '%s' %d\n", argv[type_arg], type);

=== modified file 'lib/core/crypto.c'
--- lib/core/crypto.c   2010-05-17 16:55:10 +0000
+++ lib/core/crypto.c   2010-05-22 12:37:40 +0000
@@ -367,26 +367,18 @@
     /* OpenSSL modifies the IV it is passed during the encryption/decryption */
     uint8_t iv[20];
     HIP_IFEL(!(result = malloc(len)), -1, "Out of memory\n");
-    _HIP_HEXDUMP("hip_crypto_encrypted encrypt data", data, len);
-
-    _HIP_DEBUG("algo: %d\n", alg);
 
     switch (alg) {
     case HIP_HIP_AES_SHA1:
         /* AES key must be 128, 192, or 256 bits in length */
         memcpy(iv, iv_orig, 16);
         if (direction == HIP_DIRECTION_ENCRYPT) {
-            _HIP_DEBUG("d3\n");
             HIP_IFEL((err = AES_set_encrypt_key(key, 8 * 
hip_transform_key_length(alg), &aes_key)) != 0, err,
                      "Unable to use calculated DH secret for AES key (%d)\n", 
err);
-            _HIP_HEXDUMP("AES key for OpenSSL: ", &aes_key, sizeof(unsigned 
long) * 4 * (AES_MAXNR + 1));
-            _HIP_HEXDUMP("AES IV: ", iv, 16);
             AES_cbc_encrypt(data, result, len, &aes_key, (unsigned char *) iv, 
AES_ENCRYPT);
         } else {
             HIP_IFEL((err = AES_set_decrypt_key(key, 8 * 
hip_transform_key_length(alg), &aes_key)) != 0, err,
                      "Unable to use calculated DH secret for AES key (%d)\n", 
err);
-            _HIP_HEXDUMP("AES key for OpenSSL: ", &aes_key, sizeof(unsigned 
long) * 4 * (AES_MAXNR + 1));
-            _HIP_HEXDUMP("AES IV: ", iv, 16);
             AES_cbc_encrypt(data, result, len, &aes_key, (unsigned char *) iv, 
AES_DECRYPT);
         }
         memcpy(data, result, len);
@@ -421,7 +413,6 @@
         HIP_IFEL(1, -EINVAL, "Attempted to use unknown CI (alg = %d)\n", alg);
     }
 
-    _HIP_HEXDUMP("hip_crypto_encrypted decrypt data: ", result, len);
     err = 0;
 
 out_err:
@@ -625,7 +616,6 @@
 {
     uint16_t ret = -1;
 
-    _HIP_DEBUG("dh_group_type=%u\n", hip_dh_group_type);
     if (hip_dh_group_type == 0) {
         HIP_ERROR("Trying to use reserved DH group type 0\n");
     } else if (hip_dh_group_type > ARRAY_SIZE(dhprime_len)) {
@@ -947,16 +937,8 @@
         goto out_err;
     }
 
-    _HIP_DEBUG("Loaded host DSA q=%s\n", BN_bn2hex((*dsa)->q));
-    _HIP_DEBUG("Loaded host DSA p=%s\n", BN_bn2hex((*dsa)->p));
-    _HIP_DEBUG("Loaded host DSA g=%s\n", BN_bn2hex((*dsa)->g));
-
     HIP_IFEL(!*dsa, -EINVAL, "Read failed for %s\n", filename);
 
-    _HIP_DEBUG("Loaded host DSA pubkey=%s\n", BN_bn2hex((*dsa)->pub_key));
-    _HIP_DEBUG("Loaded host DSA privkey=%s\n", BN_bn2hex((*dsa)->priv_key));
-
-
 out_err:
 
     return err;
@@ -995,12 +977,6 @@
     }
     HIP_IFEL(!*rsa, -EINVAL, "Read failed for %s\n", filename);
 
-    _HIP_DEBUG("Loaded host RSA n=%s\n", BN_bn2hex((*rsa)->n));
-    _HIP_DEBUG("Loaded host RSA e=%s\n", BN_bn2hex((*rsa)->e));
-    _HIP_DEBUG("Loaded host RSA d=%s\n", BN_bn2hex((*rsa)->d));
-    _HIP_DEBUG("Loaded host RSA p=%s\n", BN_bn2hex((*rsa)->p));
-    _HIP_DEBUG("Loaded host RSA q=%s\n", BN_bn2hex((*rsa)->q));
-
 out_err:
 
     return err;
@@ -1022,8 +998,6 @@
     FILE *fp = NULL;
     int err  = 0;
 
-    _HIP_DEBUG("load_dsa_public_key called\n");
-
     *dsa = NULL;
 
     HIP_IFEL(!filename, -ENOENT, "NULL filename %s\n", filename);
@@ -1040,11 +1014,6 @@
     /** @todo use errno */
     HIP_IFEL(!*dsa, -EINVAL, "Read failed for %s\n", filename);
 
-    _HIP_DEBUG("Loaded host DSA pubkey=%s\n", BN_bn2hex((*dsa)->pub_key));
-    _HIP_DEBUG("Loaded host DSA p=%s\n", BN_bn2hex((*dsa)->p));
-    _HIP_DEBUG("Loaded host DSA q=%s\n", BN_bn2hex((*dsa)->q));
-    _HIP_DEBUG("Loaded host DSA g=%s\n", BN_bn2hex((*dsa)->g));
-
 out_err:
     return err;
 }
@@ -1067,8 +1036,6 @@
 
     *rsa = NULL;
 
-    _HIP_DEBUG("load_rsa_public_key called\n");
-
     HIP_IFEL(!filename, -ENOENT, "NULL filename\n");
 
     fp   = fopen(filename, "rb");
@@ -1083,9 +1050,6 @@
     /** @todo use errno */
     HIP_IFEL(!*rsa, -EINVAL, "Read failed for %s\n", filename);
 
-    _HIP_DEBUG("Loaded host RSA n=%s\n", BN_bn2hex((*rsa)->n));
-    _HIP_DEBUG("Loaded host RSA e=%s\n", BN_bn2hex((*rsa)->e));
-
 out_err:
     return err;
 }

=== modified file 'lib/core/debug.c'
--- lib/core/debug.c    2010-05-21 10:36:58 +0000
+++ lib/core/debug.c    2010-05-22 12:37:40 +0000
@@ -11,7 +11,6 @@
  *<pre>
  * HIP_INFO("test foobar");
  * HIP_INFO("%s\n", "debug test");
- * _HIP_INFO("%s\n", "this is not printed, but may be important in future");
  * HIP_ERROR("%s%d\n", "serious error!", 123);
  * HIP_DIE("%s\n", "really bad error, exiting!");
  * HIP_PERROR("socket");
@@ -547,8 +546,6 @@
     hexdump            = calloc(hexdump_total_size, sizeof(char));
     asciidump          = calloc((bytes_per_line + 2), sizeof(char));
 
-    _HIP_DEBUG("hexdump_total_size: %d, pad_start_position: %d, pad_length: 
%d\n",
-               hexdump_total_size, pad_start_position, pad_length);
     if (hexdump == NULL || asciidump == NULL) {
         HIP_DIE("memory allocation failed\n");
     }
@@ -589,12 +586,9 @@
             /* If line is full or input is all read, copy data to hexdump */
             if (line_index >= 16 || (char_index + 1) == len) {
                 /* Add padding */
-                _HIP_DEBUG("Line ready\n");
                 if ((char_index + 1) == len && pad_length > 0
                     && ((hexdump_index + line_index + pad_length) < 
hexdump_total_size)) {
                     char *padding = calloc(pad_length + 1, sizeof(char));
-                    _HIP_DEBUG("Creating padding for the last line... \n");
-                    _HIP_DEBUG("hexdump_index: %d, line_index: %d\n", 
hexdump_index, line_index);
                     memset(padding, ' ', pad_length);
                     memset(padding + pad_length, '\0', 1);
                     hexdump_written = snprintf((char *) (hexdump + 
hexdump_index),
@@ -753,8 +747,6 @@
     struct hip_locator_info_addr_item2 *item2 = NULL;
     char *address_pointer;
 
-    _HIP_DUMP_MSG(in_msg);
-
     locator = hip_get_param((struct hip_common *) in_msg,
                             HIP_PARAM_LOCATOR);
     if (locator) {

=== modified file 'lib/core/debug.h'
--- lib/core/debug.h    2010-04-22 10:12:54 +0000
+++ lib/core/debug.h    2010-05-22 12:37:40 +0000
@@ -301,21 +301,6 @@
 #define HIP_DEBUG_LSI(str, lsi)  hip_print_lsi(DEBUG_LEVEL_DEBUG, __FILE__, 
__LINE__, __FUNCTION__, str, lsi)
 #define HIP_DEBUG_INADDR(str, in)  hip_print_lsi(DEBUG_LEVEL_DEBUG, __FILE__, 
__LINE__, __FUNCTION__, str, in)
 
-/* these are used for disabling a debugging command temporarily */
-#define _HIP_DEBUG(...) do {} while (0)
-#define _HIP_INFO(...) do {} while (0)
-#define _HIP_ERROR(...) do {} while (0)
-#define _HIP_DIE(...) do {} while (0)
-#define _HIP_HEXDUMP(prefix, str, len) do {} while (0)
-#define _HIP_DUMP_MSG(msg) do {} while (0)
-#define _HIP_PERROR(s) do {} while (0)
-#define _HIP_ASSERT(s) do {} while (0)
-#define _HIP_DEBUG_HIT(str, hit) do {} while (0)
-#define _HIP_DEBUG_IN6ADDR(str, hit) do {} while (0)
-#define _HIP_DEBUG_LSI(str, lsi) do {} while (0)
-#define _HIP_DEBUG_INADDR(str, in) do {} while (0)
-#define _HIP_DEBUG_SOCKADDR(a, b ) do {} while (0)
-
 enum logtype_t { LOGTYPE_NOLOG, LOGTYPE_SYSLOG, LOGTYPE_STDERR };
 enum logfmt_t { LOGFMT_SHORT, LOGFMT_LONG };
 enum logdebug_t { LOGDEBUG_ALL, LOGDEBUG_MEDIUM, LOGDEBUG_NONE };

=== modified file 'lib/core/hashchain.c'
--- lib/core/hashchain.c        2010-04-15 16:57:50 +0000
+++ lib/core/hashchain.c        2010-05-22 12:37:40 +0000
@@ -97,13 +97,7 @@
         HIP_HEXDUMP("secret: ", secret, secret_length);
     }
 
-    _HIP_HEXDUMP("comparing given hash: ", buffer, hash_length);
-    _HIP_DEBUG("\t<->\n");
-    _HIP_HEXDUMP("last known hash: ", last_hash, hash_length);
-
     for (i = 1; i <= tolerance; i++) {
-        _HIP_DEBUG("Calculating round %i:\n", i);
-
         // add the secret
         if (secret != NULL && secret_length > 0) {
             memcpy(&buffer[hash_length], secret, secret_length);
@@ -111,10 +105,6 @@
 
         hash_function(buffer, hash_length + secret_length, buffer);
 
-        _HIP_HEXDUMP("comparing buffer: ", buffer, hash_length);
-        _HIP_DEBUG("\t<->\n");
-        _HIP_HEXDUMP("last known hash: ", last_hash, hash_length);
-
         // compare the elements
         if (!(memcmp(buffer, last_hash, hash_length))) {
             HIP_DEBUG("hash verfied\n");
@@ -198,8 +188,6 @@
         if (link_tree) {
             memcpy(&hash_value[hash_length], link_tree->root, 
link_tree->node_length);
         }
-
-        _HIP_HEXDUMP("element created: ", &hchain->elements[i], hash_length);
     }
 
     hchain->hash_function    = hash_function;

=== modified file 'lib/core/hashtree.c'
--- lib/core/hashtree.c 2010-05-17 22:11:11 +0000
+++ lib/core/hashtree.c 2010-05-22 12:37:40 +0000
@@ -269,7 +269,6 @@
     HIP_ASSERT(tree->is_open > 0);
 
     memcpy(&tree->secrets[secret_index * secret_length], secret, 
secret_length);
-    _HIP_DEBUG("added secret block\n");
 
     return 0;
 }
@@ -324,8 +323,6 @@
     HIP_DEBUG("computing leaf nodes: %i\n", tree->leaf_set_size);
 
     for (i = 0; i < tree->leaf_set_size; i++) {
-        _HIP_DEBUG("calling leaf generator function...\n");
-
         // only use secrets if they are defined
         if (tree->secret_length > 0) {
             secret = &tree->secrets[i * tree->secret_length];
@@ -354,8 +351,6 @@
 
         /* we always handle two elements at once */
         for (i = 0; i < level_width; i += 2) {
-            _HIP_DEBUG("calling node generator function...\n");
-
             HIP_IFEL(node_gen(&tree->nodes[source_index + (i * 
tree->node_length)],
                               &tree->nodes[source_index + ((i + 1) * 
tree->node_length)],
                               tree->node_length,
@@ -480,8 +475,6 @@
         tree_level++;
     }
 
-    _HIP_HEXDUMP("verification branch: ", branch_nodes, tree->depth * 
tree->node_length);
-
     if (err) {
         free(branch_nodes);
         branch_nodes = NULL;
@@ -606,13 +599,6 @@
 
     num_nodes = branch_length / root_length;
 
-    _HIP_DEBUG("num_nodes: %i\n", num_nodes);
-    _HIP_DEBUG("data_index: %i\n", data_index);
-    _HIP_DEBUG("data_length: %i\n", data_length);
-    _HIP_HEXDUMP("verify_data: ", verify_data, data_length);
-    _HIP_DEBUG("branch_length: %i\n", branch_length);
-    _HIP_HEXDUMP("verify_data: ", branch_nodes, branch_length);
-
     // +1 as we have to calculate the leaf too
     for (i = 0; i < num_nodes + 1; i++) {
         HIP_DEBUG("round %i\n", i);

=== modified file 'lib/core/hostid.c'
--- lib/core/hostid.c   2010-05-17 22:11:11 +0000
+++ lib/core/hostid.c   2010-05-22 12:37:40 +0000
@@ -49,8 +49,6 @@
     HIP_IFEL((bn2bin_safe(bn, encoded, len) != len), -1,
              "BN_bn2bin_safe\n");
 
-    _HIP_HEXDUMP("encoded: ", encoded, len);
-
 out_err:
     if (bn) {
         BN_free(bn);
@@ -82,9 +80,7 @@
     int khi_data_len        = key_rr_len + sizeof(khi_context_id);
     int khi_index           = 0;
 
-    _HIP_DEBUG("key_rr_len=%u\n", key_rr_len);
     HIP_IFE(hit_type != HIP_HIT_TYPE_HASH100, -ENOSYS);
-    _HIP_HEXDUMP("key_rr", key_rr, key_rr_len);
 
     /* Hash Input :=  Context ID | Input */
     khi_data   = malloc(khi_data_len);
@@ -96,24 +92,18 @@
 
     HIP_ASSERT(khi_index == khi_data_len);
 
-    _HIP_HEXDUMP("khi data", khi_data, khi_data_len);
-
     /* Hash :=  SHA1( Expand( Hash Input ) ) */
     HIP_IFEL((err = hip_build_digest(HIP_DIGEST_SHA1, khi_data,
                                      khi_data_len, digest)), err,
              "Building of digest failed\n");
 
-    _HIP_HEXDUMP("digest", digest, sizeof(digest));
-
     memset(hit, 0, sizeof(hip_hit_t));
     HIP_IFEL(khi_encode(digest, sizeof(digest) * 8,
                         ((uint8_t *) hit) + 3,
                         sizeof(hip_hit_t) * 8 - HIP_HIT_PREFIX_LEN),
              -1, "encoding failed\n");
 
-    _HIP_DEBUG_HIT("HIT before prefix: ", hit);
     set_hit_prefix(hit);
-    _HIP_DEBUG_HIT("HIT after prefix: ", hit);
 
 out_err:
     if (khi_data) {
@@ -187,9 +177,6 @@
     hip_set_param_contents_len((struct hip_tlv_common *) host_id_pub,
                                contents_len - DSA_PRIV);
 
-    _HIP_HEXDUMP("extracted pubkey", host_id_pub,
-                 hip_get_param_total_len(host_id_pub));
-
     if ((err = hip_dsa_host_id_to_hit(host_id_pub, hit, hit_type))) {
         HIP_ERROR("Failed to convert HI to HIT.\n");
         goto out_err;
@@ -238,9 +225,6 @@
     host_id_pub.hi_length = htons(temp);
     memcpy(host_id_pub.key, host_id->key, rsa_pub_len);
 
-    _HIP_HEXDUMP("extracted pubkey", &host_id_pub,
-                 hip_get_param_total_len(host_id_pub));
-
     if ((err = hip_rsa_host_id_to_hit(&host_id_pub, hit, hit_type))) {
         HIP_ERROR("Failed to convert HI to HIT.\n");
         goto out_err;
@@ -1009,24 +993,10 @@
 
     *dsa_key_rr = NULL;
 
-    _HIP_DEBUG("numbytes p=%d\n", BN_num_bytes(dsa->p));
-    _HIP_DEBUG("numbytes q=%d\n", BN_num_bytes(dsa->q));
-    _HIP_DEBUG("numbytes g=%d\n", BN_num_bytes(dsa->g));
-    // shouldn't this be NULL also?
-    _HIP_DEBUG("numbytes pubkey=%d\n", BN_num_bytes(dsa->pub_key));
-
-
-    /* notice that these functions allocate memory */
-    _HIP_DEBUG("p=%s\n", BN_bn2hex(dsa->p));
-    _HIP_DEBUG("q=%s\n", BN_bn2hex(dsa->q));
-    _HIP_DEBUG("g=%s\n", BN_bn2hex(dsa->g));
-    _HIP_DEBUG("pubkey=%s\n", BN_bn2hex(dsa->pub_key));
-
     /* ***** is use of BN_num_bytes ok ? ***** */
     t = (BN_num_bytes(dsa->p) - 64) / 8;
     HIP_IFEL((t < 0 || t > 8), -EINVAL,
              "Invalid RSA key length %d bits\n", (64 + t * 8) * 8);
-    _HIP_DEBUG("t=%d\n", t);
 
     /* RFC 2536 section 2 */
     /*
@@ -1045,12 +1015,8 @@
 
     if (dsa->priv_key) {
         dsa_key_rr_len += DSA_PRIV; /* private key hack */
-        _HIP_DEBUG("Private key included\n");
-    } else {
-        _HIP_DEBUG("No private key\n");
     }
 
-    _HIP_DEBUG("dsa key rr len = %d\n", dsa_key_rr_len);
     *dsa_key_rr = malloc(dsa_key_rr_len);
     HIP_IFEL(!*dsa_key_rr, -ENOMEM, "Malloc for *dsa_key_rr failed\n");
     memset(*dsa_key_rr, 0, dsa_key_rr_len);
@@ -1060,29 +1026,23 @@
     /* set T */
     memset(p, t, 1); // XX FIX: WTF MEMSET?
     p++;
-    _HIP_HEXDUMP("DSA KEY RR after T:", *dsa_key_rr, p - *dsa_key_rr);
 
     /* add given dsa_param to the *dsa_key_rr */
 
     bn2bin_safe(dsa->q, p, DSA_PRIV);
     p += DSA_PRIV;
-    _HIP_HEXDUMP("DSA KEY RR after Q:", *dsa_key_rr, p - *dsa_key_rr);
 
     bn2bin_safe(dsa->p, p, key_len);
     p += key_len;
-    _HIP_HEXDUMP("DSA KEY RR after P:", *dsa_key_rr, p - *dsa_key_rr);
 
     bn2bin_safe(dsa->g, p, key_len);
     p += key_len;
-    _HIP_HEXDUMP("DSA KEY RR after G:", *dsa_key_rr, p - *dsa_key_rr);
 
     bn2bin_safe(dsa->pub_key, p, key_len);
     p += key_len;
-    _HIP_HEXDUMP("DSA KEY RR after Y:", *dsa_key_rr, p - *dsa_key_rr);
 
     if (dsa->priv_key) {
         bn2bin_safe(dsa->priv_key, p, DSA_PRIV);
-        _HIP_HEXDUMP("DSA KEY RR after X:", *dsa_key_rr, p - *dsa_key_rr);
     }
 
 out_err:

=== modified file 'lib/core/hostsfiles.c'
--- lib/core/hostsfiles.c       2010-05-16 22:16:39 +0000
+++ lib/core/hostsfiles.c       2010-05-22 12:37:40 +0000
@@ -48,7 +48,6 @@
     int err = 1;
 
     if (!ipv6_addr_cmp((struct in6_addr *) arg, &entry->id)) {
-        _HIP_DEBUG("Match on line %d\n", entry->lineno);
         memcpy(result, entry->hostname, strlen(entry->hostname));
         err = 0; /* Stop at the first match */
     }
@@ -74,7 +73,6 @@
     int is_lsi = hip_id_type_match(&entry->id, 2);
 
     if (!ipv6_addr_cmp((struct in6_addr *) arg, &entry->id) && is_lsi) {
-        _HIP_DEBUG("Match on line %d\n", entry->lineno);
         memcpy(result, entry->hostname, strlen(entry->hostname));
         err = 0; /* Stop at the first match */
     }
@@ -127,7 +125,6 @@
 
         HIP_IFE(!is_hit, 1);
 
-        _HIP_DEBUG("Match on line %d\n", entry->lineno);
         ipv6_addr_copy(result, &entry->id);
         err = 0; /* Stop at the first match */
     }
@@ -163,7 +160,6 @@
 
         HIP_IFE(!is_lsi, 1);
 
-        _HIP_DEBUG("Match on line %d\n", entry->lineno);
         ipv6_addr_copy(result, &entry->id);
         err = 0; /* Stop at the first match */
     }
@@ -200,7 +196,6 @@
 
         HIP_IFE((is_hit || is_lsi), 1);
 
-        _HIP_DEBUG("Match on line %d\n", entry->lineno);
         ipv6_addr_copy(result, &entry->id);
         err = 0; /* Stop at the first match */
     }
@@ -282,8 +277,6 @@
             continue;
         }
 
-        _HIP_DEBUG("lineno=%d, str=%s\n", lineno, c);
-
         /* Split line into list */
         extractsubstrings(c, &mylist);
 
@@ -340,7 +333,6 @@
         /* Finally, call the handler function to handle the line */
 
         if (func(&entry, arg, result) == 0) {
-            _HIP_DEBUG("Match on line %d in %s\n", lineno, hosts_file);
             err = 0;
             break;
         }

=== modified file 'lib/core/message.c'
--- lib/core/message.c  2010-05-21 10:36:58 +0000
+++ lib/core/message.c  2010-05-22 12:37:40 +0000
@@ -119,8 +119,6 @@
         nanosleep(&ts, NULL);
         bytes         = recv(sockfd, msg, hdr_size, flags);
         timeout_left -= ts.tv_nsec;
-        _HIP_DEBUG("tol=%ld, ts=%ld, bytes=%d errno=%d\n",
-                   timeout_left, ts.tv_nsec, bytes, errno);
     } while (timeout_left > 0 && errno == EAGAIN && bytes < 0);
 
     if (bytes < 0) {
@@ -234,7 +232,6 @@
     /* try to bind first to a priviledged port and then to ephemeral */
     port = 1000;
     while (port++ < 61000) {
-        _HIP_DEBUG("trying bind() to port %d\n", port);
         addr->sin6_port = htons(port);
         err             = bind(sockfd, (struct sockaddr *) addr,
                                hip_sockaddr_len(addr));
@@ -242,12 +239,10 @@
             if (errno == EACCES) {
                 /* Ephemeral ports:
                  * /proc/sys/net/ipv4/ip_local_port_range */
-                _HIP_DEBUG("Skipping to ephemeral range\n");
                 port  = 32768;
                 errno = 0;
                 err   = 0;
             } else if (errno == EADDRINUSE) {
-                _HIP_DEBUG("Port %d in use, skip\n", port);
                 errno = 0;
                 err   = 0;
             } else {
@@ -257,7 +252,6 @@
                 goto out_err;
             }
         } else {
-            _HIP_DEBUG("Bind() to port %d successful\n", port);
             goto out_err;
         }
     }
@@ -392,8 +386,6 @@
         err = -EHIP;
     }
 
-    _HIP_DEBUG("Message received successfully\n");
-
 out_err:
 
     if (!opt_socket && hip_user_sock) {
@@ -503,8 +495,6 @@
              -1,
              "recv peek failed\n");
 
-    _HIP_DEBUG("msg total length = %d\n", total);
-
     /** @todo Compiler warning;
      *  warning: pointer targets in passing argument 6 of 'recvfrom'
      *  differ in signedness. */
@@ -514,9 +504,6 @@
 
     HIP_DEBUG("received user message from local port %d\n",
               ntohs(saddr->sin6_port));
-    _HIP_DEBUG("read_user_control_msg recv len=%d\n", len);
-    _HIP_HEXDUMP("recv saddr ", saddr, sizeof(struct sockaddr_un));
-    _HIP_DEBUG("read %d bytes succesfully\n", bytes);
 out_err:
     if (bytes < 0 || err) {
         HIP_PERROR("perror: ");

=== modified file 'lib/core/prefix.c'
--- lib/core/prefix.c   2010-04-09 15:20:38 +0000
+++ lib/core/prefix.c   2010-05-22 12:37:40 +0000
@@ -189,7 +189,6 @@
     unsigned int key_len = sizeof(struct in6_addr);
 
     HIP_IFE(hit_type != HIP_HIT_TYPE_HASH100, -ENOSYS);
-    _HIP_HEXDUMP("key", key, key_len);
     HIP_IFEL((err = hip_build_digest(HIP_DIGEST_SHA1, key, key_len, digest)),
              err,
              "Building of digest failed\n");

=== modified file 'lib/core/solve.c'
--- lib/core/solve.c    2010-04-21 16:08:58 +0000
+++ lib/core/solve.c    2010-05-22 12:37:40 +0000
@@ -42,11 +42,9 @@
                 (mode == HIP_VERIFY_PUZZLE ? sizeof(struct hip_solution) :
                                              sizeof(struct hip_puzzle)));
 
-    _HIP_DEBUG("\n");
     /* pre-create cookie */
     u = puzzle_or_solution;
 
-    _HIP_DEBUG("current hip_cookie_max_k_r1=%d\n", max_k);
     HIP_IFEL(u->pz.K > HIP_PUZZLE_MAX_K, 0,
              "Cookie K %u is higher than we are willing to calculate"
              " (current max K=%d)\n", u->pz.K, HIP_PUZZLE_MAX_K);
@@ -60,7 +58,6 @@
         ipv6_addr_copy((hip_hit_t *) (cookie + 8), &hdr->hits);
         ipv6_addr_copy((hip_hit_t *) (cookie + 24), &hdr->hitr);
         randval  = u->sl.J;
-        _HIP_DEBUG("u->sl.J: 0x%llx\n", randval);
         maxtries = 1;
     } else if (mode == HIP_SOLVE_PUZZLE) {
         ipv6_addr_copy((hip_hit_t *) (cookie + 8), &hdr->hitr);
@@ -102,9 +99,6 @@
          * order (above).
          */
         if ((digest & mask) == 0) {
-            _HIP_DEBUG("*** Puzzle solved ***: 0x%llx\n", randval);
-            _HIP_HEXDUMP("digest", sha_digest, HIP_AH_SHA_LEN);
-            _HIP_HEXDUMP("cookie", cookie, sizeof(cookie));
             return randval;
         }
 

=== modified file 'lib/core/straddr.c'
--- lib/core/straddr.c  2010-04-15 16:57:50 +0000
+++ lib/core/straddr.c  2010-05-22 12:37:40 +0000
@@ -80,7 +80,6 @@
              "\"%s\" is not of valid address family.\n", str);
     if (ret > 0) {
         /* IPv6 address conversion was ok */
-        _HIP_DEBUG_IN6ADDR("Converted IPv6", ip6);
         goto out_err;
     }
 

=== modified file 'lib/opphip/wrap.c'
--- lib/opphip/wrap.c   2010-05-18 07:55:52 +0000
+++ lib/opphip/wrap.c   2010-05-22 12:37:40 +0000
@@ -190,7 +190,6 @@
     HIP_IFEL(!(param = hip_get_param(msg, HIP_PARAM_HIT)), -1,
              "No HIT received\n");
     ipv6_addr_copy(hit, hip_get_param_contents_direct(param));
-    _HIP_DEBUG_HIT("hit", hit);
 
 out_err:
     if (msg) {
@@ -380,7 +379,6 @@
 
     /* send and receive msg to/from hipd */
     HIP_IFEL(hip_send_recv_daemon_info(msg, 0, 0), -1, "send_recv msg 
failed\n");
-    _HIP_DEBUG("send_recv msg succeed\n");
 
     /* check error value */
     HIP_IFEL(hip_get_msg_err(msg), -1, "Got erroneous message!\n");
@@ -411,7 +409,6 @@
 static void hip_translate_to_original(hip_opp_socket_t *entry, int is_peer)
 {
     /* translated entries correspond to originals   */
-    _HIP_DEBUG("Translating to original %d\n", entry->orig_socket);
 
     entry->translated_socket = entry->orig_socket;
     if (is_peer) {
@@ -462,10 +459,6 @@
             goto out_err;
         }
         entry->translated_socket = new_socket;
-        _HIP_DEBUG("Inserted translated socket in: pid=%d orig_socket=%d 
new_socket=%d domain=%d\n",
-                   entry->pid, entry->orig_socket,
-                   entry->translated_socket,
-                   entry->domain);
     }
 
     if (is_peer) {
@@ -494,16 +487,12 @@
 {
     int err = 0;
 
-    _HIP_DEBUG("autobind called\n");
-
     /* Client software does not care about the port number;
      * assign a random one */
     do {     /* XX FIXME: CHECK UPPER BOUNDARY */
         hit->sin6_port = htons(rand());
     } while (ntohs(hit->sin6_port) < 1024);
 
-    _HIP_DEBUG("autobind selected port %d\n", ntohs(hit->sin6_port));
-
     HIP_IFE(hip_set_translation(entry, hit, 0), -1);
 
     err = dl_function_ptr.bind_dlsym(entry->translated_socket,
@@ -566,21 +555,15 @@
          * connect() + send() */
         HIP_IFEL(hip_autobind_port(entry, &src_hit), -1,
                  "autobind failed\n");
-    } else {
-        _HIP_DEBUG("autobind was not necessary\n");
     }
 
-    _HIP_DEBUG_IN6ADDR("translate new: src addr", &src_hit.sin6_addr);
-
     /* hipd requires IPv4 addresses in IPv6 mapped format */
     if (orig_id->sa_family == AF_INET) {
         IPV4_TO_IPV6_MAP(&((struct sockaddr_in *) orig_id)->sin_addr,
                          &mapped_addr.sin6_addr);
-        _HIP_DEBUG_SOCKADDR("ipv4 addr", orig_id);
         dst_opptcp_port = ((struct sockaddr_in *) orig_id)->sin_port;
     } else if (orig_id->sa_family == AF_INET6) {
         memcpy(&mapped_addr, orig_id, orig_id_len);
-        _HIP_DEBUG_SOCKADDR("ipv6 addr\n", orig_id);
         dst_opptcp_port = ((struct sockaddr_in6 *) orig_id)->sin6_port;
     } else {
         HIP_ASSERT("Not an IPv4/IPv6 socket: wrapping_is_applicable 
failed?\n");
@@ -590,10 +573,6 @@
 
     hit->sin6_port          = dst_opptcp_port;
 
-    _HIP_DEBUG("sin_port=%d\n", ntohs(dst_opptcp_port));
-    _HIP_DEBUG_IN6ADDR("sin6_addr ip = ", ip);
-
-
     /* Find the local TCP port where the application initiated the connection,
      * We need it for sending the TCP SYN_I1 */
     sa = (struct sockaddr *) &(entry->translated_local_id);
@@ -646,9 +625,6 @@
      * correctly */
     HIP_IFE(hip_set_translation(entry, hit, is_peer), -1);
 
-    _HIP_DEBUG("translation: pid %p, orig socket %p, translated sock %p\n",
-               entry->pid, entry->orig_socket, entry->translated_socket);
-
     return err;
 
 out_err:
@@ -698,10 +674,8 @@
         (!is_dgram ||                                       /* 2 */
          !orig_id  ||                                       /* 3 */
          !memcmp(translated_id, orig_id, orig_id_len))) {   /* 4 */
-        _HIP_DEBUG("Old translation ok %d\n", entry->orig_socket);
         return 1;
     } else {
-        _HIP_DEBUG("New translation required\n");
         return 0;
     }
 }
@@ -720,8 +694,6 @@
     hip_opp_socket_t *entry = NULL;
     int err                 = 0;
 
-    _HIP_DEBUG("\n");
-
     hip_initialize_db_when_not_exist();
 
     if (!hip_exists_translation(pid, fd, tid)) {
@@ -736,8 +708,6 @@
     HIP_ASSERT(entry);
 
 out_err:
-    _HIP_DEBUG("Called socket_dlsym fd=%d\n", fd);
-
     return entry;
 }
 
@@ -757,8 +727,6 @@
     int pid                 = 0, err = 0;
     pthread_t tid           = pthread_self();
 
-    _HIP_DEBUG("socket fd %d\n", socket_fd);
-
     if (socket_fd == -1) {
         HIP_ERROR("Socket error\n");
         goto out_err;
@@ -824,14 +792,12 @@
     entry = hip_socketdb_find_entry(pid, *orig_socket, tid);
 
     if (!entry) {
-        _HIP_DEBUG("entry was not foundin db\n");
         /* Can happen in the case of read() or write() on a fd;
          * we are not wrapping open() or creat() calls which means
          * that we don't have an entry for them. */
         entry         = hip_create_new_opp_entry(pid, *orig_socket, tid);
         /* PF_LOCAL guarantees that the socket won't be translated */
         entry->domain = PF_LOCAL;
-        _HIP_DEBUG("created untranslated entry\n");
     }
     HIP_ASSERT(entry);
 
@@ -842,20 +808,6 @@
          entry->local_id_is_translated);
     wrap_applicable   = hip_wrapping_is_applicable(orig_id, entry);
 
-    _HIP_DEBUG("orig_id=%p is_dgram=%d wrap_applicable=%d already=%d 
is_peer=%d force=%d\n",
-               orig_id, is_dgram, wrap_applicable, is_translated, is_peer,
-               force_orig);
-
-    if (orig_id) {
-        if (orig_id->sa_family == AF_INET) {
-            _HIP_DEBUG_SOCKADDR("orig_id", orig_id);
-        } else if (orig_id->sa_family == AF_INET6) {
-            _HIP_DEBUG_SOCKADDR("orig_id", orig_id);
-        } else {
-            _HIP_DEBUG("orig_id family %d\n", orig_id->sa_family);
-        }
-    }
-
     if (!is_translated && orig_id) {
         hip_store_orig_socket_info(entry, is_peer, *orig_socket,
                                    orig_id, *orig_id_len);
@@ -866,7 +818,6 @@
     } else if (hip_old_translation_is_ok(entry, *orig_socket, orig_id,
                                          *orig_id_len, is_peer, is_dgram,
                                          is_translated, wrap_applicable)) {
-        _HIP_DEBUG("Keeping the existing translation\n");
     } else {
         err = hip_translate_new(entry, *orig_socket, orig_id,
                                 *orig_id_len, is_peer, is_dgram,
@@ -878,7 +829,6 @@
     }
 
     if (entry->orig_socket == entry->translated_socket) {
-        _HIP_DEBUG("No translation occured, returning original socket and 
id\n");
         *translated_socket = (int *) orig_socket;
         *translated_id     = (struct sockaddr *) orig_id;
         *translated_id_len = (socklen_t *) orig_id_len;
@@ -892,19 +842,6 @@
             (is_peer ? &entry->translated_peer_id_len :
              &entry->translated_local_id_len);
     }
-
-    _HIP_DEBUG("translation: pid %p, orig socket %p, translated sock %p\n",
-               pid, orig_socket, *translated_socket);
-    _HIP_DEBUG_HIT("orig_local_id", hip_cast_sa_addr(&entry->orig_local_id));
-    _HIP_DEBUG_HIT("orig_dst_id", hip_cast_sa_addr(&entry->orig_peer_id));
-    _HIP_DEBUG_HIT("trans_local_id",
-                   hip_cast_sa_addr(&entry->translated_local_id));
-    _HIP_DEBUG_HIT("trans_dst_id",
-                   hip_cast_sa_addr(&entry->translated_peer_id));
-    _HIP_DEBUG("orig_id %p, translated_id %p\n", orig_id, *translated_id);
-    _HIP_DEBUG("orig fd %d, translated fd %d\n", entry->orig_socket,
-               entry->translated_socket);
-
     return err;
 }
 
@@ -922,9 +859,6 @@
 
     hip_initialize_db_when_not_exist();
 
-    _HIP_DEBUG("creating socket domain=%d type=%d protocol=%d\n",
-               domain, type, protocol);
-
     socket_fd = dl_function_ptr.socket_dlsym(domain, type,
                                              ((protocol == -1) ? 0 : 
protocol));
 
@@ -937,7 +871,6 @@
     }
 
 out_err:
-    _HIP_DEBUG("Called socket_dlsym socket_fd=%d\n", socket_fd);
     return socket_fd;
 }
 
@@ -960,8 +893,6 @@
      * check hip_db_exist value everywhere. */
     hip_initialize_db_when_not_exist();
 
-    _HIP_DEBUG("close() orig fd %d\n", orig_fd);
-
     /* close original socket */
     err   = dl_function_ptr.close_dlsym(orig_fd);
 
@@ -977,21 +908,13 @@
         entry->orig_socket != entry->translated_socket) {
         err = dl_function_ptr.close_dlsym(entry->translated_socket);
         hip_socketdb_del_entry_by_entry(entry);
-        _HIP_DEBUG("old_socket %d new_socket %d  deleted!\n",
-                   entry->orig_socket,
-                   entry->translated_socket);
     } else {
         hip_socketdb_del_entry_by_entry(entry);
-        _HIP_DEBUG("old_socket %d new_socket %d  DELETED2!\n",
-                   entry->orig_socket,
-                   entry->translated_socket);
     }
     if (err) {
         HIP_ERROR("Err %d close trans socket\n", err);
     }
 out_err:
-    _HIP_DEBUG("close_dlsym called with err %d\n", err);
-
     return err;
 }
 
@@ -1010,8 +933,6 @@
     socklen_t *translated_id_len;
     struct sockaddr *translated_id;
 
-    _HIP_DEBUG("bind: orig sock = %d\n", orig_socket);
-
     /* the address will be translated to in6addr_any */
 
     err = hip_translate_socket(&orig_socket, orig_id, &orig_id_len,
@@ -1047,8 +968,6 @@
     struct sockaddr *translated_id;
     unsigned int zero = 0;
 
-    _HIP_DEBUG("listen: orig sock = %d\n", orig_socket);
-
     err = hip_translate_socket(&orig_socket, NULL, &zero,
                                &translated_socket, &translated_id,
                                &translated_id_len, 0, 0, 0);
@@ -1085,9 +1004,6 @@
     socklen_t peer_id_len   = 0;
     pthread_t tid           = pthread_self();
 
-    _HIP_DEBUG("accept: orig_socket %d orig_id %p\n",
-               orig_socket, orig_id);
-
     entry = hip_socketdb_find_entry(getpid(), orig_socket, tid);
     if (!entry) {
         HIP_DEBUG("Did not find entry, should not happen? Fallbacking..\n");
@@ -1162,13 +1078,10 @@
     socklen_t *translated_id_len;
     struct sockaddr *translated_id;
 
-    _HIP_DEBUG("connect: orig_socket=%d\n", orig_socket);
-
     err = hip_translate_socket(&orig_socket, orig_id, &orig_id_len,
                                &translated_socket, &translated_id,
                                &translated_id_len, 1, 0, 0);
 
-    _HIP_DEBUG("connect: translated_socket=%d\n", translated_socket);
     if (err) {
         HIP_ERROR("Translation failure\n");
         goto out_err;
@@ -1200,8 +1113,6 @@
     struct sockaddr *translated_id;
     ssize_t chars = -1;
 
-    _HIP_DEBUG("send: %d\n", orig_socket);
-
     err = hip_translate_socket(&orig_socket, NULL, &zero,
                                &translated_socket, &translated_id,
                                &translated_id_len, 1, 0, 0);
@@ -1213,11 +1124,7 @@
 
     chars = dl_function_ptr.send_dlsym(*translated_socket, b, c, flags);
 
-    _HIP_DEBUG("Called send_dlsym with number of returned char=%d, err=%d\n",
-               chars, err);
-
 out_err:
-
     return chars;
 }
 
@@ -1238,8 +1145,6 @@
 
     /* This functions is almost identical with send() */
 
-    _HIP_DEBUG("write: orig_socket %d\n", orig_socket);
-
     err = hip_translate_socket(&orig_socket,
                                NULL,
                                &zero,
@@ -1255,11 +1160,7 @@
 
     chars = dl_function_ptr.write_dlsym(*translated_socket, b, c);
 
-    _HIP_DEBUG("Called write_dlsym with number of returned char=%d\n",
-               chars);
-
 out_err:
-
     return chars;
 }
 
@@ -1280,8 +1181,6 @@
 
     /* This functions is almost identical with send() */
 
-    _HIP_DEBUG("writev: orig_socket %d\n", orig_socket);
-
     err = hip_translate_socket(&orig_socket,
                                NULL,
                                &zero,
@@ -1297,11 +1196,7 @@
 
     chars = dl_function_ptr.writev_dlsym(*translated_socket, vector, count);
 
-    _HIP_DEBUG("Called writev_dlsym with number of returned char=%d\n",
-               chars);
-
 out_err:
-
     return chars;
 }
 
@@ -1324,8 +1219,6 @@
     struct sockaddr *translated_id;
     ssize_t chars = -1;
 
-    _HIP_DEBUG("sendto: orig sock = %d\n", orig_socket);
-
     err = hip_translate_socket(&orig_socket,
                                orig_id,
                                &orig_id_len,
@@ -1362,10 +1255,6 @@
     int charnum;
     /** @todo See hip_get_pktinfo_addr(). */
     charnum = dl_function_ptr.sendmsg_dlsym(a, msg, flags);
-
-    _HIP_DEBUG("Called sendmsg_dlsym with number of returned chars=%d\n",
-               charnum);
-
     return charnum;
 }
 
@@ -1385,8 +1274,6 @@
     struct sockaddr *translated_id;
     ssize_t chars = -1;
 
-    _HIP_DEBUG("recv: orig sock = %d\n", orig_socket);
-
     err = hip_translate_socket(&orig_socket,
                                NULL,
                                &zero,
@@ -1402,11 +1289,7 @@
 
     chars = dl_function_ptr.recv_dlsym(*translated_socket, b, c, flags);
 
-    _HIP_DEBUG("Called recv_dlsym with number of returned char=%d, err=%d\n",
-               chars, err);
-
 out_err:
-
     return chars;
 }
 
@@ -1427,8 +1310,6 @@
 
     /* This functions is almost identical with recv() */
 
-    _HIP_DEBUG("read: orig_socket %d\n", orig_socket);
-
     err = hip_translate_socket(&orig_socket,
                                NULL,
                                &zero,
@@ -1449,8 +1330,6 @@
         HIP_DEBUG("read: no translated_socket found!\n");
     }
 
-    _HIP_DEBUG("Called read_dlsym with number of returned char=%d\n", chars);
-
 out_err:
     return chars;
 }
@@ -1472,8 +1351,6 @@
 
     /* This functions is almost identical with recv() */
 
-    _HIP_DEBUG("readv: orig_socket %d\n", orig_socket);
-
     err = hip_translate_socket(&orig_socket,
                                NULL,
                                &zero,
@@ -1489,11 +1366,7 @@
 
     chars = dl_function_ptr.readv_dlsym(*translated_socket, vector, count);
 
-    _HIP_DEBUG("Called readv_dlsym with number of returned char=%d\n",
-               chars);
-
 out_err:
-
     return chars;
 }
 
@@ -1516,8 +1389,6 @@
     struct sockaddr *translated_id = NULL;
     ssize_t chars                  = -1;
 
-    _HIP_DEBUG("recvfrom: orig sock = %d\n", orig_socket);
-
     /** @todo In the case of UDP server, this creates additional
      *  HIP traffic even though the connection is not necessarily
      *  secured. */
@@ -1535,8 +1406,6 @@
         *translated_socket, buf, len, flags, translated_id,
         translated_id_len);
 
-    _HIP_DEBUG("recvfrom: chars = %d\n", chars);
-
 out_err:
     return chars;
 }
@@ -1556,8 +1425,5 @@
     // XX TODO: see hip_get_pktinfo_addr
     charnum = dl_function_ptr.recvmsg_dlsym(s, msg, flags);
 
-    _HIP_DEBUG("Called recvmsg_dlsym with number of returned chars=%d\n",
-               charnum);
-
     return charnum;
 }

=== modified file 'lib/opphip/wrap_db.c'
--- lib/opphip/wrap_db.c        2010-05-18 07:55:52 +0000
+++ lib/opphip/wrap_db.c        2010-05-22 12:37:40 +0000
@@ -86,7 +86,6 @@
 
     key1 = hip_pid_socket_hash(ptr1);
     key2 = hip_pid_socket_hash(ptr2);
-    _HIP_DEBUG("key1=0x%x key2=0x%x\n", key1, key2);
     return key1 != key2;
 }
 
@@ -114,8 +113,6 @@
  */
 void hip_socketdb_del_entry_by_entry(hip_opp_socket_t *entry)
 {
-    _HIP_DEBUG("entry=0x%p pid=%d, orig_socket=%d\n", entry,
-               entry->pid, entry->orig_socket);
     if (!hip_ht_delete(socketdb, entry)) {
         HIP_DEBUG("No entry was found to delete.\n");
     }
@@ -131,9 +128,6 @@
     hip_list_t *item, *tmp;
     hip_opp_socket_t *entry;
 
-    _HIP_DEBUG("DEBUG: DUMP SOCKETDB LISTS\n");
-
-    _HIP_DEBUG("DELETING\n");
     list_for_each_safe(item, tmp, socketdb, i)
     {
         entry = (hip_opp_socket_t *) list_entry(item);
@@ -157,7 +151,6 @@
     opp.pid         = pid;
     opp.orig_socket = sockfd;
     opp.tid         = tid;
-    _HIP_DEBUG("pid %d socket %d computed key\n", pid, sockfd);
 
     ret             = (hip_opp_socket_t *) hip_ht_find(socketdb, (void *) 
&opp);
 
@@ -215,8 +208,6 @@
     new_item->orig_socket = sockfd;
     new_item->tid         = tid;
     err                   = hip_ht_add(socketdb, new_item);
-    _HIP_DEBUG("pid %d, orig_sock %d, tid %d are added to HT socketdb, 
entry=%p\n",
-               new_item->pid, new_item->orig_socket, new_item->tid, new_item);
 
     return err;
 }

=== modified file 'lib/tool/nlink.c'
--- lib/tool/nlink.c    2010-05-21 10:36:58 +0000
+++ lib/tool/nlink.c    2010-05-22 12:37:40 +0000
@@ -175,8 +175,6 @@
             int len = h->nlmsg_len;
             int l   = len - sizeof(*h);
 
-            _HIP_DEBUG("l=%d, len=%d status=%d\n", l, len, status);
-
             if (l < 0 || len > status) {
                 if (msg.msg_flags & MSG_TRUNC) {
                     HIP_ERROR("Truncated netlink message\n");
@@ -406,13 +404,11 @@
         HIP_PERROR("Cannot open a netlink socket");
         return -1;
     }
-    _HIP_DEBUG("setsockopt SO_SNDBUF\n");
     if (setsockopt(rth->fd, SOL_SOCKET, SO_SNDBUF,
                    &sndbuf, sizeof(sndbuf)) < 0) {
         HIP_PERROR("SO_SNDBUF");
         return -1;
     }
-    _HIP_DEBUG("setsockopt SO_RCVBUF\n");
     if (setsockopt(rth->fd, SOL_SOCKET, SO_RCVBUF,
                    &rcvbuf, sizeof(rcvbuf)) < 0) {
         HIP_PERROR("SO_RCVBUF");
@@ -938,13 +934,6 @@
 
     /* see print_route() in ip/iproute.c */
     parse_rtattr(tb, RTA_MAX, RTM_RTA(r), n->nlmsg_len);
-    _HIP_DEBUG("sizeof(struct nlmsghdr) =%d\n", sizeof(struct nlmsghdr));
-    _HIP_DEBUG("sizeof(struct rtmsg) =%d\n", sizeof(struct rtmsg));
-    _HIP_DEBUG("sizeof  n->nlmsg_len =%d\n",  n->nlmsg_len );
-    _HIP_HEXDUMP("nlmsghdr : ", n, sizeof(struct nlmsghdr));
-    _HIP_HEXDUMP("rtmsg : ", r, sizeof(struct rtmsg));
-    _HIP_HEXDUMP("nlmsg : ", n, n->nlmsg_len);
-    _HIP_HEXDUMP("tb[RTA_SRC] : ", &tb[RTA_SRC], sizeof(struct rtattr));
     addr.in6 = (struct in6_addr *) RTA_DATA(tb[2]);
     entry    = 7;
     addr.in6 = (struct in6_addr *) RTA_DATA(tb[entry]);
@@ -1027,7 +1016,6 @@
     }
 
     status = sendmsg(rtnl->fd, &msg, 0);
-    _HIP_HEXDUMP("Msg sent : ", &msg, sizeof(struct nlmsghdr));
     if (status < 0) {
         HIP_PERROR("Cannot talk to rtnetlink");
         return -1;
@@ -1104,7 +1092,6 @@
             }
             if (answer) {
                 memcpy(answer, h, h->nlmsg_len);
-                _HIP_HEXDUMP("Answer : ", h, h->nlmsg_len);
                 return 0;
             }
 
@@ -1232,7 +1219,6 @@
 
     if ((err = IN6_IS_ADDR_V4MAPPED(&ip6_aux))) {
         IPV6_TO_IPV4_MAP(&ip6_aux, ip4);
-        _HIP_DEBUG("ip4 value is %s\n", inet_ntoa(*ip4));
     }
     *slash = *aux_slash;
 
@@ -1295,7 +1281,6 @@
         memset(res, '\0', size_dev + 1);
         strcat(res, dev);
         strcat(res, label);
-        _HIP_DEBUG("Name device inserted %s\n", res);
         addattr_l(&req.n, sizeof(req), IFA_LABEL, res,
                   strlen(dev) + strlen(label) + 1);
     }

=== modified file 'lib/tool/xfrmapi.c'
--- lib/tool/xfrmapi.c  2010-05-21 10:36:58 +0000
+++ lib/tool/xfrmapi.c  2010-05-22 12:37:40 +0000
@@ -540,9 +540,6 @@
     in_port_t sport, dport;
 
     // Ignore the dst_addr, because xfrm accepts only one address.
-    _HIP_DEBUG("spi=0x%x\n", spi);
-    _HIP_DEBUG_IN6ADDR("SA daddr", peer_addr);
-
     if (direction == HIP_SPI_DIRECTION_OUT) {
         sport = entry->local_udp_port;
         dport = entry->peer_udp_port;
@@ -647,8 +644,6 @@
     HIP_DEBUG_IN6ADDR("saddr", saddr);
     HIP_DEBUG_IN6ADDR("daddr", daddr);
 
-    _HIP_DEBUG("sport %d\n", sport);
-    _HIP_DEBUG("dport %d\n", dport);
     HIP_DEBUG("direction %d\n", direction);
     HIP_DEBUG("SPI=0x%x\n", spi);
     HIP_DEBUG("************************************\n");

=== modified file 'test/certteststub.c'
--- test/certteststub.c 2010-05-21 10:36:58 +0000
+++ test/certteststub.c 2010-05-22 12:37:40 +0000
@@ -84,8 +84,6 @@
 
     for (i = 0; i < sk_CONF_VALUE_num(sec); i++) {
         item = (void *) sk_CONF_VALUE_value(sec, i);
-        _HIP_DEBUG("Sec: %s, Key; %s, Val %s\n",
-                   item->section, item->name, item->value);
         if (!strcmp(item->name, "issuerhit")) {
             err = inet_pton(AF_INET6, item->value, defhit);
             if (err < 1) {
@@ -94,7 +92,6 @@
             }
         }
         if (!strcmp(item->name, "days")) {
-            _HIP_DEBUG("Days in sec = %d\n", HIP_CERT_DAY * atoi(item->value));
             not_after += HIP_CERT_DAY * atoi(item->value);
         }
     }
@@ -106,14 +103,6 @@
                               &not_before,
                               &not_after);
 
-    _HIP_DEBUG("\n\nPublic-key sequence contents after all is done:\n\n"
-               "%s\n\n", cert->public_key);
-
-    _HIP_DEBUG("Cert sequence contents after all is done:\n\n"
-               "%s\n\n", cert->cert);
-
-    _HIP_DEBUG("Signature sequence contents after all is done:\n\n"
-               "%s\n\n", cert->signature);
     /*
      * Concatenate everything together as if we would have gotten
      * it from someone else and we would be starting to verify.
@@ -166,8 +155,6 @@
 
     for (i = 0; i < sk_CONF_VALUE_num(sec_name); i++) {
         item = (void *) sk_CONF_VALUE_value(sec_name, i);
-        _HIP_DEBUG("Sec: %s, Key; %s, Val %s\n",
-                   item->section, item->name, item->value);
         if (!strcmp(item->name, "issuerhit")) {
             err = inet_pton(AF_INET6, item->value, defhit);
             if (err < 1) {

Other related posts:

  • » [hipl-commit] [trunk] Rev 4570: Remove all disabled debug statements. - Diego Biurrun