[hipl-dev] [Merge] lp:~stefan.goetz/hipl/style-check-hook-review into lp:hipl
- From: Stefan Götz <stefan.goetz@xxxxxxxxxxxxxxxxx>
- To: mp+45051@xxxxxxxxxxxxxxxxxx
- Date: Mon, 03 Jan 2011 16:06:45 -0000
Stefan Götz has proposed merging lp:~stefan.goetz/hipl/style-check-hook-review
into lp:hipl.
Requested reviews:
HIPL core team (hipl-core)
For more details, see:
https://code.launchpad.net/~stefan.goetz/hipl/style-check-hook-review/+merge/45051
This branch contains:
1) a pre-commit hook for bazaar that aborts a commit if the code to be
committed does adhere to the HIPL style guide lines.
2) all HIPL code has been automatically beautified so that the pre-commit hook
only complains about newly introduced style violations.
--
The attached diff has been truncated due to its size.
https://code.launchpad.net/~stefan.goetz/hipl/style-check-hook-review/+merge/45051
Your team HIPL core team is requested to review the proposed merge of
lp:~stefan.goetz/hipl/style-check-hook-review into lp:hipl.
=== added file '.uncrustify-0.57.cfg'
--- .uncrustify-0.57.cfg 1970-01-01 00:00:00 +0000
+++ .uncrustify-0.57.cfg 2011-01-03 16:06:13 +0000
@@ -0,0 +1,1376 @@
+# Uncrustify 0.57
+
+#
+# General options
+#
+
+# The type of line endings
+newlines = lf # auto/lf/crlf/cr
+
+# The original size of tabs in the input
+input_tab_size = 8 # number
+
+# The size of tabs in the output (only used if align_with_tabs=true)
+output_tab_size = 4 # number
+
+# The ASCII value of the string escape char, usually 92 (\) or 94 (^). (Pawn)
+string_escape_char = 92 # number
+
+# Alternate string escape char for Pawn. Only works right before the quote
char.
+string_escape_char2 = 0 # number
+
+#
+# Indenting
+#
+
+# The number of columns to indent per level.
+# Usually 2, 3, 4, or 8.
+indent_columns = 4 # number
+
+# The continuation indent. If non-zero, this overrides the indent of '(' and
'=' continuation indents.
+# For FreeBSD, this is set to 4.
+indent_continue = 0 # number
+
+# How to use tabs when indenting code
+# 0=spaces only
+# 1=indent with tabs to brace level, align with spaces
+# 2=indent and align with tabs, using spaces when not on a tabstop
+indent_with_tabs = 0 # number
+
+# Comments that are not a brace level are indented with tabs on a tabstop.
+# Requires indent_with_tabs=2. If false, will use spaces.
+indent_cmt_with_tabs = false # false/true
+
+# Whether to indent strings broken by '\' so that they line up
+indent_align_string = true # false/true
+
+# The number of spaces to indent multi-line XML strings.
+# Requires indent_align_string=True
+indent_xml_string = 0 # number
+
+# Spaces to indent '{' from level
+indent_brace = 0 # number
+
+# Whether braces are indented to the body level
+indent_braces = false # false/true
+
+# Disabled indenting function braces if indent_braces is true
+indent_braces_no_func = false # false/true
+
+# Disabled indenting class braces if indent_braces is true
+indent_braces_no_class = false # false/true
+
+# Disabled indenting struct braces if indent_braces is true
+indent_braces_no_struct = false # false/true
+
+# Indent based on the size of the brace parent, i.e. 'if' => 3 spaces, 'for'
=> 4 spaces, etc.
+indent_brace_parent = false # false/true
+
+# Whether the 'namespace' body is indented
+indent_namespace = false # false/true
+
+# The number of spaces to indent a namespace block
+indent_namespace_level = 0 # number
+
+# If the body of the namespace is longer than this number, it won't be
indented.
+# Requires indent_namespace=true. Default=0 (no limit)
+indent_namespace_limit = 0 # number
+
+# Whether the 'extern "C"' body is indented
+indent_extern = false # false/true
+
+# Whether the 'class' body is indented
+indent_class = false # false/true
+
+# Whether to indent the stuff after a leading class colon
+indent_class_colon = false # false/true
+
+# False=treat 'else\nif' as 'else if' for indenting purposes
+# True=indent the 'if' one level
+indent_else_if = false # false/true
+
+# Amount to indent variable declarations after a open brace. neg=relative,
pos=absolute
+indent_var_def_blk = 0 # number
+
+# Indent continued variable declarations instead of aligning.
+indent_var_def_cont = false # false/true
+
+# True: indent continued function call parameters one indent level
+# False: align parameters under the open paren
+indent_func_call_param = false # false/true
+
+# Same as indent_func_call_param, but for function defs
+indent_func_def_param = false # false/true
+
+# Same as indent_func_call_param, but for function protos
+indent_func_proto_param = false # false/true
+
+# Same as indent_func_call_param, but for class declarations
+indent_func_class_param = false # false/true
+
+# Same as indent_func_call_param, but for class variable constructors
+indent_func_ctor_var_param = false # false/true
+
+# Same as indent_func_call_param, but for templates
+indent_template_param = false # false/true
+
+# Double the indent for indent_func_xxx_param options
+indent_func_param_double = false # false/true
+
+# Indentation column for standalone 'const' function decl/proto qualifier
+indent_func_const = 0 # number
+
+# Indentation column for standalone 'throw' function decl/proto qualifier
+indent_func_throw = 0 # number
+
+# The number of spaces to indent a continued '->' or '.'
+# Usually set to 0, 1, or indent_columns.
+indent_member = 0 # number
+
+# Spaces to indent single line ('//') comments on lines before code
+indent_sing_line_comments = 0 # number
+
+# If set, will indent trailing single line ('//') comments relative
+# to the code instead of trying to keep the same absolute column
+indent_relative_single_line_comments = false # false/true
+
+# Spaces to indent 'case' from 'switch'
+# Usually 0 or indent_columns.
+indent_switch_case = 0 # number
+
+# Spaces to shift the 'case' line, without affecting any other lines
+# Usually 0.
+indent_case_shift = 0 # number
+
+# Spaces to indent '{' from 'case'.
+# By default, the brace will appear under the 'c' in case.
+# Usually set to 0 or indent_columns.
+indent_case_brace = 0 # number
+
+# Whether to indent comments found in first column
+indent_col1_comment = false # false/true
+
+# How to indent goto labels
+# >0 : absolute column where 1 is the leftmost column
+# <=0 : subtract from brace indent
+indent_label = 1 # number
+
+# Same as indent_label, but for access specifiers that are followed by a colon
+indent_access_spec = 1 # number
+
+# Indent the code after an access specifier by one level.
+# If set, this option forces 'indent_access_spec=0'
+indent_access_spec_body = false # false/true
+
+# If an open paren is followed by a newline, indent the next line so that it
lines up after the open paren (not recommended)
+indent_paren_nl = false # false/true
+
+# Controls the indent of a close paren after a newline.
+# 0: Indent to body level
+# 1: Align under the open paren
+# 2: Indent to the brace level
+indent_paren_close = 0 # number
+
+# Controls the indent of a comma when inside a paren.If TRUE, aligns under the
open paren
+indent_comma_paren = false # false/true
+
+# Controls the indent of a BOOL operator when inside a paren.If TRUE, aligns
under the open paren
+indent_bool_paren = false # false/true
+
+# If 'indent_bool_paren' is true, controls the indent of the first expression.
If TRUE, aligns the first expression to the following ones
+indent_first_bool_expr = false # false/true
+
+# If an open square is followed by a newline, indent the next line so that it
lines up after the open square (not recommended)
+indent_square_nl = false # false/true
+
+# Don't change the relative indent of ESQL/C 'EXEC SQL' bodies
+indent_preserve_sql = false # false/true
+
+# Align continued statements at the '='. Default=True
+# If FALSE or the '=' is followed by a newline, the next line is indent one
tab.
+indent_align_assign = true # false/true
+
+#
+# Spacing options
+#
+
+# Add or remove space around arithmetic operator '+', '-', '/', '*', etc
+sp_arith = add # ignore/add/remove/force
+
+# Add or remove space around assignment operator '=', '+=', etc
+sp_assign = add # ignore/add/remove/force
+
+# Add or remove space around assignment operator '=' in a prototype
+sp_assign_default = add # ignore/add/remove/force
+
+# Add or remove space before assignment operator '=', '+=', etc. Overrides
sp_assign.
+sp_before_assign = ignore # ignore/add/remove/force
+
+# Add or remove space after assignment operator '=', '+=', etc. Overrides
sp_assign.
+sp_after_assign = ignore # ignore/add/remove/force
+
+# Add or remove space around assignment '=' in enum
+sp_enum_assign = add # ignore/add/remove/force
+
+# Add or remove space before assignment '=' in enum. Overrides sp_enum_assign.
+sp_enum_before_assign = ignore # ignore/add/remove/force
+
+# Add or remove space after assignment '=' in enum. Overrides sp_enum_assign.
+sp_enum_after_assign = ignore # ignore/add/remove/force
+
+# Add or remove space around preprocessor '##' concatenation operator.
Default=Add
+sp_pp_concat = add # ignore/add/remove/force
+
+# Add or remove space after preprocessor '#' stringify operator. Also affects
the '#@' charizing operator. Default=Add
+sp_pp_stringify = add # ignore/add/remove/force
+
+# Add or remove space around boolean operators '&&' and '||'
+sp_bool = add # ignore/add/remove/force
+
+# Add or remove space around compare operator '<', '>', '==', etc
+sp_compare = add # ignore/add/remove/force
+
+# Add or remove space inside '(' and ')'
+sp_inside_paren = remove # ignore/add/remove/force
+
+# Add or remove space between nested parens
+sp_paren_paren = remove # ignore/add/remove/force
+
+# Whether to balance spaces inside nested parens
+sp_balance_nested_parens = false # false/true
+
+# Add or remove space between ')' and '{'
+sp_paren_brace = force # ignore/add/remove/force
+
+# Add or remove space before pointer star '*'
+sp_before_ptr_star = add # ignore/add/remove/force
+
+# Add or remove space before pointer star '*' that isn't followed by a
variable name
+# If set to 'ignore', sp_before_ptr_star is used instead.
+sp_before_unnamed_ptr_star = ignore # ignore/add/remove/force
+
+# Add or remove space between pointer stars '*'
+sp_between_ptr_star = remove # ignore/add/remove/force
+
+# Add or remove space after pointer star '*', if followed by a word.
+sp_after_ptr_star = remove # ignore/add/remove/force
+
+# Add or remove space after a pointer star '*', if followed by a func
proto/def.
+sp_after_ptr_star_func = remove # ignore/add/remove/force
+
+# Add or remove space before a pointer star '*', if followed by a func
proto/def.
+sp_before_ptr_star_func = ignore # ignore/add/remove/force
+
+# Add or remove space before a reference sign '&'
+sp_before_byref = force # ignore/add/remove/force
+
+# Add or remove space before a reference sign '&' that isn't followed by a
variable name
+# If set to 'ignore', sp_before_byref is used instead.
+sp_before_unnamed_byref = add # ignore/add/remove/force
+
+# Add or remove space after reference sign '&', if followed by a word.
+sp_after_byref = ignore # ignore/add/remove/force
+
+# Add or remove space after a reference sign '&', if followed by a func
proto/def.
+sp_after_byref_func = ignore # ignore/add/remove/force
+
+# Add or remove space before a reference sign '&', if followed by a func
proto/def.
+sp_before_byref_func = ignore # ignore/add/remove/force
+
+# Add or remove space between type and word. Default=Force
+sp_after_type = ignore # ignore/add/remove/force
+
+# Add or remove space in 'template <' vs 'template<'.
+# If set to ignore, sp_before_angle is used.
+sp_template_angle = ignore # ignore/add/remove/force
+
+# Add or remove space before '<>'
+sp_before_angle = ignore # ignore/add/remove/force
+
+# Add or remove space inside '<' and '>'
+sp_inside_angle = ignore # ignore/add/remove/force
+
+# Add or remove space after '<>'
+sp_after_angle = ignore # ignore/add/remove/force
+
+# Add or remove space between '<>' and '(' as found in 'new List<byte>();'
+sp_angle_paren = ignore # ignore/add/remove/force
+
+# Add or remove space between '<>' and a word as in 'List<byte> m;'
+sp_angle_word = ignore # ignore/add/remove/force
+
+# Add or remove space between '>' and '>' in '>>' (template stuff C++/C#
only). Default=Add
+sp_angle_shift = add # ignore/add/remove/force
+
+# Add or remove space before '(' of 'if', 'for', 'switch', and 'while'
+sp_before_sparen = add # ignore/add/remove/force
+
+# Add or remove space inside if-condition '(' and ')'
+sp_inside_sparen = remove # ignore/add/remove/force
+
+# Add or remove space before if-condition ')'. Overrides sp_inside_sparen.
+sp_inside_sparen_close = ignore # ignore/add/remove/force
+
+# Add or remove space after ')' of 'if', 'for', 'switch', and 'while'
+sp_after_sparen = ignore # ignore/add/remove/force
+
+# Add or remove space between ')' and '{' of 'if', 'for', 'switch', and 'while'
+sp_sparen_brace = add # ignore/add/remove/force
+
+# Add or remove space between 'invariant' and '(' in the D language.
+sp_invariant_paren = ignore # ignore/add/remove/force
+
+# Add or remove space after the ')' in 'invariant (C) c' in the D language.
+sp_after_invariant_paren = ignore # ignore/add/remove/force
+
+# Add or remove space before empty statement ';' on 'if', 'for' and 'while'
+sp_special_semi = add # ignore/add/remove/force
+
+# Add or remove space before ';'. Default=Remove
+sp_before_semi = remove # ignore/add/remove/force
+
+# Add or remove space before ';' in non-empty 'for' statements
+sp_before_semi_for = ignore # ignore/add/remove/force
+
+# Add or remove space before a semicolon of an empty part of a for statement.
+sp_before_semi_for_empty = ignore # ignore/add/remove/force
+
+# Add or remove space after ';', except when followed by a comment. Default=Add
+sp_after_semi = add # ignore/add/remove/force
+
+# Add or remove space after ';' in non-empty 'for' statements. Default=Force
+sp_after_semi_for = force # ignore/add/remove/force
+
+# Add or remove space after the final semicolon of an empty part of a for
statement: for ( ; ; <here> ).
+sp_after_semi_for_empty = ignore # ignore/add/remove/force
+
+# Add or remove space before '[' (except '[]')
+sp_before_square = remove # ignore/add/remove/force
+
+# Add or remove space before '[]'
+sp_before_squares = ignore # ignore/add/remove/force
+
+# Add or remove space inside '[' and ']'
+sp_inside_square = ignore # ignore/add/remove/force
+
+# Add or remove space after ','
+sp_after_comma = add # ignore/add/remove/force
+
+# Add or remove space before ','
+sp_before_comma = remove # ignore/add/remove/force
+
+# Add or remove space between an open paren and comma: '(,' vs '( ,'
+sp_paren_comma = force # ignore/add/remove/force
+
+# Add or remove space before the variadic '...' when preceded by a
non-punctuator
+sp_before_ellipsis = ignore # ignore/add/remove/force
+
+# Add or remove space after class ':'
+sp_after_class_colon = ignore # ignore/add/remove/force
+
+# Add or remove space before class ':'
+sp_before_class_colon = ignore # ignore/add/remove/force
+
+# Add or remove space before case ':'. Default=Remove
+sp_before_case_colon = remove # ignore/add/remove/force
+
+# Add or remove space between 'operator' and operator sign
+sp_after_operator = ignore # ignore/add/remove/force
+
+# Add or remove space between the operator symbol and the open paren, as in
'operator ++('
+sp_after_operator_sym = ignore # ignore/add/remove/force
+
+# Add or remove space after C/D cast, i.e. 'cast(int)a' vs 'cast(int) a' or
'(int)a' vs '(int) a'
+sp_after_cast = add # ignore/add/remove/force
+
+# Add or remove spaces inside cast parens
+sp_inside_paren_cast = ignore # ignore/add/remove/force
+
+# Add or remove space between the type and open paren in a C++ cast, i.e.
'int(exp)' vs 'int (exp)'
+sp_cpp_cast_paren = ignore # ignore/add/remove/force
+
+# Add or remove space between 'sizeof' and '('
+sp_sizeof_paren = remove # ignore/add/remove/force
+
+# Add or remove space after the tag keyword (Pawn)
+sp_after_tag = ignore # ignore/add/remove/force
+
+# Add or remove space inside enum '{' and '}'
+sp_inside_braces_enum = add # ignore/add/remove/force
+
+# Add or remove space inside struct/union '{' and '}'
+sp_inside_braces_struct = add # ignore/add/remove/force
+
+# Add or remove space inside '{' and '}'
+sp_inside_braces = add # ignore/add/remove/force
+
+# Add or remove space inside '{}'
+sp_inside_braces_empty = remove # ignore/add/remove/force
+
+# Add or remove space between return type and function name
+# A minimum of 1 is forced except for pointer return types.
+sp_type_func = ignore # ignore/add/remove/force
+
+# Add or remove space between function name and '(' on function declaration
+sp_func_proto_paren = remove # ignore/add/remove/force
+
+# Add or remove space between function name and '(' on function definition
+sp_func_def_paren = remove # ignore/add/remove/force
+
+# Add or remove space inside empty function '()'
+sp_inside_fparens = remove # ignore/add/remove/force
+
+# Add or remove space inside function '(' and ')'
+sp_inside_fparen = remove # ignore/add/remove/force
+
+# Add or remove space between ']' and '(' when part of a function call.
+sp_square_fparen = ignore # ignore/add/remove/force
+
+# Add or remove space between ')' and '{' of function
+sp_fparen_brace = add # ignore/add/remove/force
+
+# Add or remove space between function name and '(' on function calls
+sp_func_call_paren = remove # ignore/add/remove/force
+
+# Add or remove space between function name and '()' on function calls without
parameters.
+# If set to 'ignore' (the default), sp_func_call_paren is used.
+sp_func_call_paren_empty = ignore # ignore/add/remove/force
+
+# Add or remove space between the user function name and '(' on function calls
+# You need to set a keyword to be a user function, like this: 'set
func_call_user _' in the config file.
+sp_func_call_user_paren = ignore # ignore/add/remove/force
+
+# Add or remove space between a constructor/destructor and the open paren
+sp_func_class_paren = ignore # ignore/add/remove/force
+
+# Add or remove space between 'return' and '('
+sp_return_paren = ignore # ignore/add/remove/force
+
+# Add or remove space between '__attribute__' and '('
+sp_attribute_paren = ignore # ignore/add/remove/force
+
+# Add or remove space between 'defined' and '(' in '#if defined (FOO)'
+sp_defined_paren = ignore # ignore/add/remove/force
+
+# Add or remove space between 'throw' and '(' in 'throw (something)'
+sp_throw_paren = ignore # ignore/add/remove/force
+
+# Add or remove space between macro and value
+sp_macro = ignore # ignore/add/remove/force
+
+# Add or remove space between macro function ')' and value
+sp_macro_func = ignore # ignore/add/remove/force
+
+# Add or remove space between 'else' and '{' if on the same line
+sp_else_brace = force # ignore/add/remove/force
+
+# Add or remove space between '}' and 'else' if on the same line
+sp_brace_else = add # ignore/add/remove/force
+
+# Add or remove space between '}' and the name of a typedef on the same line
+sp_brace_typedef = add # ignore/add/remove/force
+
+# Add or remove space between 'catch' and '{' if on the same line
+sp_catch_brace = ignore # ignore/add/remove/force
+
+# Add or remove space between '}' and 'catch' if on the same line
+sp_brace_catch = ignore # ignore/add/remove/force
+
+# Add or remove space between 'finally' and '{' if on the same line
+sp_finally_brace = ignore # ignore/add/remove/force
+
+# Add or remove space between '}' and 'finally' if on the same line
+sp_brace_finally = ignore # ignore/add/remove/force
+
+# Add or remove space between 'try' and '{' if on the same line
+sp_try_brace = ignore # ignore/add/remove/force
+
+# Add or remove space between get/set and '{' if on the same line
+sp_getset_brace = ignore # ignore/add/remove/force
+
+# Add or remove space before the '::' operator
+sp_before_dc = ignore # ignore/add/remove/force
+
+# Add or remove space after the '::' operator
+sp_after_dc = ignore # ignore/add/remove/force
+
+# Add or remove around the D named array initializer ':' operator
+sp_d_array_colon = ignore # ignore/add/remove/force
+
+# Add or remove space after the '!' (not) operator. Default=Remove
+sp_not = remove # ignore/add/remove/force
+
+# Add or remove space after the '~' (invert) operator. Default=Remove
+sp_inv = remove # ignore/add/remove/force
+
+# Add or remove space after the '&' (address-of) operator. Default=Remove
+# This does not affect the spacing after a '&' that is part of a type.
+sp_addr = remove # ignore/add/remove/force
+
+# Add or remove space around the '.' or '->' operators. Default=Remove
+sp_member = remove # ignore/add/remove/force
+
+# Add or remove space after the '*' (dereference) operator. Default=Remove
+# This does not affect the spacing after a '*' that is part of a type.
+sp_deref = remove # ignore/add/remove/force
+
+# Add or remove space after '+' or '-', as in 'x = -5' or 'y = +7'.
Default=Remove
+sp_sign = remove # ignore/add/remove/force
+
+# Add or remove space before or after '++' and '--', as in '(--x)' or 'y++;'.
Default=Remove
+sp_incdec = remove # ignore/add/remove/force
+
+# Add or remove space before a backslash-newline at the end of a line.
Default=Add
+sp_before_nl_cont = add # ignore/add/remove/force
+
+# Add or remove space after the scope '+' or '-', as in '-(void) foo;' or
'+(int) bar;'
+sp_after_oc_scope = ignore # ignore/add/remove/force
+
+# Add or remove space after the colon in message specs
+# '-(int) f:(int) x;' vs '-(int) f: (int) x;'
+sp_after_oc_colon = ignore # ignore/add/remove/force
+
+# Add or remove space before the colon in message specs
+# '-(int) f: (int) x;' vs '-(int) f : (int) x;'
+sp_before_oc_colon = ignore # ignore/add/remove/force
+
+# Add or remove space after the colon in message specs
+# '[object setValue:1];' vs '[object setValue: 1];'
+sp_after_send_oc_colon = ignore # ignore/add/remove/force
+
+# Add or remove space before the colon in message specs
+# '[object setValue:1];' vs '[object setValue :1];'
+sp_before_send_oc_colon = ignore # ignore/add/remove/force
+
+# Add or remove space after the (type) in message specs
+# '-(int)f: (int) x;' vs '-(int)f: (int)x;'
+sp_after_oc_type = ignore # ignore/add/remove/force
+
+# Add or remove space after the first (type) in message specs
+# '-(int) f:(int)x;' vs '-(int)f:(int)x;'
+sp_after_oc_return_type = ignore # ignore/add/remove/force
+
+# Add or remove space between '@selector' and '('
+# '@selector(msgName)' vs '@selector (msgName)'
+# Also applies to @protocol() constructs
+sp_after_oc_at_sel = ignore # ignore/add/remove/force
+
+# Add or remove space between '@selector(x)' and the following word
+# '@selector(foo) a:' vs '@selector(foo)a:'
+sp_after_oc_at_sel_parens = ignore # ignore/add/remove/force
+
+# Add or remove space inside '@selector' parens
+# '@selector(foo)' vs '@selector( foo )'
+# Also applies to @protocol() constructs
+sp_inside_oc_at_sel_parens = ignore # ignore/add/remove/force
+
+# Add or remove space before a block pointer caret
+# '^int (int arg){...}' vs. ' ^int (int arg){...}'
+sp_before_oc_block_caret = ignore # ignore/add/remove/force
+
+# Add or remove space after a block pointer caret
+# '^int (int arg){...}' vs. '^ int (int arg){...}'
+sp_after_oc_block_caret = ignore # ignore/add/remove/force
+
+# Add or remove space around the ':' in 'b ? t : f'
+sp_cond_colon = add # ignore/add/remove/force
+
+# Add or remove space around the '?' in 'b ? t : f'
+sp_cond_question = add # ignore/add/remove/force
+
+# Fix the spacing between 'case' and the label. Only 'ignore' and 'force' make
sense here.
+sp_case_label = ignore # ignore/add/remove/force
+
+# Control the space around the D '..' operator.
+sp_range = ignore # ignore/add/remove/force
+
+# Control the space after the opening of a C++ comment '// A' vs '//A'
+sp_cmt_cpp_start = ignore # ignore/add/remove/force
+
+# Controls the spaces between #else or #endif and a trailing comment
+sp_endif_cmt = force # ignore/add/remove/force
+
+#
+# Code alignment (not left column spaces/tabs)
+#
+
+# Whether to keep non-indenting tabs
+align_keep_tabs = false # false/true
+
+# Whether to use tabs for aligning
+align_with_tabs = false # false/true
+
+# Whether to bump out to the next tab when aligning
+align_on_tabstop = false # false/true
+
+# Whether to left-align numbers
+align_number_left = false # false/true
+
+# Align variable definitions in prototypes and functions
+align_func_params = false # false/true
+
+# Align parameters in single-line functions that have the same name.
+# The function names must already be aligned with each other.
+align_same_func_call_params = false # false/true
+
+# The span for aligning variable definitions (0=don't align)
+align_var_def_span = 1 # number
+
+# How to align the star in variable definitions.
+# 0=Part of the type 'void * foo;'
+# 1=Part of the variable 'void *foo;'
+# 2=Dangling 'void *foo;'
+align_var_def_star_style = 2 # number
+
+# How to align the '&' in variable definitions.
+# 0=Part of the type
+# 1=Part of the variable
+# 2=Dangling
+align_var_def_amp_style = 0 # number
+
+# The threshold for aligning variable definitions (0=no limit)
+align_var_def_thresh = 0 # number
+
+# The gap for aligning variable definitions
+align_var_def_gap = 0 # number
+
+# Whether to align the colon in struct bit fields
+align_var_def_colon = false # false/true
+
+# Whether to align any attribute after the variable name
+align_var_def_attribute = false # false/true
+
+# Whether to align inline struct/enum/union variable definitions
+align_var_def_inline = false # false/true
+
+# The span for aligning on '=' in assignments (0=don't align)
+align_assign_span = 1 # number
+
+# The threshold for aligning on '=' in assignments (0=no limit)
+align_assign_thresh = 0 # number
+
+# The span for aligning on '=' in enums (0=don't align)
+align_enum_equ_span = 1 # number
+
+# The threshold for aligning on '=' in enums (0=no limit)
+align_enum_equ_thresh = 0 # number
+
+# The span for aligning struct/union (0=don't align)
+align_var_struct_span = 1 # number
+
+# The threshold for aligning struct/union member definitions (0=no limit)
+align_var_struct_thresh = 0 # number
+
+# The gap for aligning struct/union member definitions
+align_var_struct_gap = 0 # number
+
+# The span for aligning struct initializer values (0=don't align)
+align_struct_init_span = 1 # number
+
+# The minimum space between the type and the synonym of a typedef
+align_typedef_gap = 0 # number
+
+# The span for aligning single-line typedefs (0=don't align)
+align_typedef_span = 0 # number
+
+# How to align typedef'd functions with other typedefs
+# 0: Don't mix them at all
+# 1: align the open paren with the types
+# 2: align the function type name with the other type names
+align_typedef_func = 0 # number
+
+# Controls the positioning of the '*' in typedefs. Just try it.
+# 0: Align on typedef type, ignore '*'
+# 1: The '*' is part of type name: typedef int *pint;
+# 2: The '*' is part of the type, but dangling: typedef int *pint;
+align_typedef_star_style = 0 # number
+
+# Controls the positioning of the '&' in typedefs. Just try it.
+# 0: Align on typedef type, ignore '&'
+# 1: The '&' is part of type name: typedef int &pint;
+# 2: The '&' is part of the type, but dangling: typedef int &pint;
+align_typedef_amp_style = 0 # number
+
+# The span for aligning comments that end lines (0=don't align)
+align_right_cmt_span = 0 # number
+
+# If aligning comments, mix with comments after '}' and #endif with less than
3 spaces before the comment
+align_right_cmt_mix = false # false/true
+
+# If a trailing comment is more than this number of columns away from the text
it follows,
+# it will qualify for being aligned. This has to be > 0 to do anything.
+align_right_cmt_gap = 0 # number
+
+# Align trailing comment at or beyond column N; 'pulls in' comments as a bonus
side effect (0=ignore)
+align_right_cmt_at_col = 0 # number
+
+# The span for aligning function prototypes (0=don't align)
+align_func_proto_span = 0 # number
+
+# Minimum gap between the return type and the function name.
+align_func_proto_gap = 0 # number
+
+# Align function protos on the 'operator' keyword instead of what follows
+align_on_operator = false # false/true
+
+# Whether to mix aligning prototype and variable declarations.
+# If true, align_var_def_XXX options are used instead of align_func_proto_XXX
options.
+align_mix_var_proto = false # false/true
+
+# Align single-line functions with function prototypes, uses
align_func_proto_span
+align_single_line_func = false # false/true
+
+# Aligning the open brace of single-line functions.
+# Requires align_single_line_func=true, uses align_func_proto_span
+align_single_line_brace = false # false/true
+
+# Gap for align_single_line_brace.
+align_single_line_brace_gap = 0 # number
+
+# The span for aligning ObjC msg spec (0=don't align)
+align_oc_msg_spec_span = 0 # number
+
+# Whether to align macros wrapped with a backslash and a newline.
+# This will not work right if the macro contains a multi-line comment.
+align_nl_cont = false # false/true
+
+# The minimum space between label and value of a preprocessor define
+align_pp_define_gap = 0 # number
+
+# The span for aligning on '#define' bodies (0=don't align)
+align_pp_define_span = 0 # number
+
+# Align lines that start with '<<' with previous '<<'. Default=true
+align_left_shift = true # false/true
+
+# Span for aligning parameters in an Obj-C message call on the ':' (0=don't
align)
+align_oc_msg_colon_span = 0 # number
+
+# Aligning parameters in an Obj-C '+' or '-' declaration on the ':'
+align_oc_decl_colon = false # false/true
+
+#
+# Newline adding and removing options
+#
+
+# Whether to collapse empty blocks between '{' and '}'
+nl_collapse_empty_body = false # false/true
+
+# Don't split one-line braced assignments - 'foo_t f = { 1, 2 };'
+nl_assign_leave_one_liners = false # false/true
+
+# Don't split one-line braced statements inside a class xx { } body
+nl_class_leave_one_liners = false # false/true
+
+# Don't split one-line enums: 'enum foo { BAR = 15 };'
+nl_enum_leave_one_liners = false # false/true
+
+# Don't split one-line get or set functions
+nl_getset_leave_one_liners = false # false/true
+
+# Don't split one-line function definitions - 'int foo() { return 0; }'
+nl_func_leave_one_liners = false # false/true
+
+# Don't split one-line if/else statements - 'if(a) b++;'
+nl_if_leave_one_liners = false # false/true
+
+# Add or remove newlines at the start of the file
+nl_start_of_file = remove # ignore/add/remove/force
+
+# The number of newlines at the start of the file (only used if
nl_start_of_file is 'add' or 'force'
+nl_start_of_file_min = 0 # number
+
+# Add or remove newline at the end of the file
+nl_end_of_file = force # ignore/add/remove/force
+
+# The number of newlines at the end of the file (only used if nl_end_of_file
is 'add' or 'force')
+nl_end_of_file_min = 1 # number
+
+# Add or remove newline between '=' and '{'
+nl_assign_brace = ignore # ignore/add/remove/force
+
+# Add or remove newline between '=' and '[' (D only)
+nl_assign_square = ignore # ignore/add/remove/force
+
+# Add or remove newline after '= [' (D only). Will also affect the newline
before the ']'
+nl_after_square_assign = ignore # ignore/add/remove/force
+
+# The number of blank lines after a block of variable definitions
+nl_func_var_def_blk = 0 # number
+
+# Add or remove newline between a function call's ')' and '{', as in:
+# list_for_each(item, &list) { }
+nl_fcall_brace = ignore # ignore/add/remove/force
+
+# Add or remove newline between 'enum' and '{'
+nl_enum_brace = remove # ignore/add/remove/force
+
+# Add or remove newline between 'struct and '{'
+nl_struct_brace = remove # ignore/add/remove/force
+
+# Add or remove newline between 'union' and '{'
+nl_union_brace = remove # ignore/add/remove/force
+
+# Add or remove newline between 'if' and '{'
+nl_if_brace = remove # ignore/add/remove/force
+
+# Add or remove newline between '}' and 'else'
+nl_brace_else = remove # ignore/add/remove/force
+
+# Add or remove newline between 'else if' and '{'
+# If set to ignore, nl_if_brace is used instead
+nl_elseif_brace = ignore # ignore/add/remove/force
+
+# Add or remove newline between 'else' and '{'
+nl_else_brace = remove # ignore/add/remove/force
+
+# Add or remove newline between 'else' and 'if'
+nl_else_if = remove # ignore/add/remove/force
+
+# Add or remove newline between '}' and 'finally'
+nl_brace_finally = ignore # ignore/add/remove/force
+
+# Add or remove newline between 'finally' and '{'
+nl_finally_brace = ignore # ignore/add/remove/force
+
+# Add or remove newline between 'try' and '{'
+nl_try_brace = ignore # ignore/add/remove/force
+
+# Add or remove newline between get/set and '{'
+nl_getset_brace = ignore # ignore/add/remove/force
+
+# Add or remove newline between 'for' and '{'
+nl_for_brace = remove # ignore/add/remove/force
+
+# Add or remove newline between 'catch' and '{'
+nl_catch_brace = ignore # ignore/add/remove/force
+
+# Add or remove newline between '}' and 'catch'
+nl_brace_catch = ignore # ignore/add/remove/force
+
+# Add or remove newline between 'while' and '{'
+nl_while_brace = remove # ignore/add/remove/force
+
+# Add or remove newline between 'using' and '{'
+nl_using_brace = ignore # ignore/add/remove/force
+
+# Add or remove newline between two open or close braces.
+# Due to general newline/brace handling, REMOVE may not work.
+nl_brace_brace = ignore # ignore/add/remove/force
+
+# Add or remove newline between 'do' and '{'
+nl_do_brace = remove # ignore/add/remove/force
+
+# Add or remove newline between '}' and 'while' of 'do' statement
+nl_brace_while = remove # ignore/add/remove/force
+
+# Add or remove newline between 'switch' and '{'
+nl_switch_brace = remove # ignore/add/remove/force
+
+# Add a newline between ')' and '{' if the ')' is on a different line than the
if/for/etc.
+# Overrides nl_for_brace, nl_if_brace, nl_switch_brace, nl_while_switch, and
nl_catch_brace.
+nl_multi_line_cond = false # false/true
+
+# Force a newline in a define after the macro name for multi-line defines.
+nl_multi_line_define = false # false/true
+
+# Whether to put a newline before 'case' statement
+nl_before_case = false # false/true
+
+# Add or remove newline between ')' and 'throw'
+nl_before_throw = ignore # ignore/add/remove/force
+
+# Whether to put a newline after 'case' statement
+nl_after_case = false # false/true
+
+# Newline between namespace and {
+nl_namespace_brace = ignore # ignore/add/remove/force
+
+# Add or remove newline between 'template<>' and whatever follows.
+nl_template_class = ignore # ignore/add/remove/force
+
+# Add or remove newline between 'class' and '{'
+nl_class_brace = ignore # ignore/add/remove/force
+
+# Add or remove newline after each ',' in the constructor member initialization
+nl_class_init_args = ignore # ignore/add/remove/force
+
+# Add or remove newline between return type and function name in a function
definition
+nl_func_type_name = remove # ignore/add/remove/force
+
+# Add or remove newline between return type and function name inside a class {}
+# Uses nl_func_type_name or nl_func_proto_type_name if set to ignore.
+nl_func_type_name_class = ignore # ignore/add/remove/force
+
+# Add or remove newline between function scope and name in a definition
+# Controls the newline after '::' in 'void A::f() { }'
+nl_func_scope_name = ignore # ignore/add/remove/force
+
+# Add or remove newline between return type and function name in a prototype
+nl_func_proto_type_name = remove # ignore/add/remove/force
+
+# Add or remove newline between a function name and the opening '('
+nl_func_paren = remove # ignore/add/remove/force
+
+# Add or remove newline between a function name and the opening '(' in the
definition
+nl_func_def_paren = remove # ignore/add/remove/force
+
+# Add or remove newline after '(' in a function declaration
+nl_func_decl_start = remove # ignore/add/remove/force
+
+# Add or remove newline after '(' in a function definition
+nl_func_def_start = ignore # ignore/add/remove/force
+
+# Overrides nl_func_decl_start when there is only one parameter.
+nl_func_decl_start_single = ignore # ignore/add/remove/force
+
+# Overrides nl_func_def_start when there is only one parameter.
+nl_func_def_start_single = ignore # ignore/add/remove/force
+
+# Add or remove newline after each ',' in a function declaration
+nl_func_decl_args = ignore # ignore/add/remove/force
+
+# Add or remove newline after each ',' in a function definition
+nl_func_def_args = ignore # ignore/add/remove/force
+
+# Add or remove newline before the ')' in a function declaration
+nl_func_decl_end = remove # ignore/add/remove/force
+
+# Add or remove newline before the ')' in a function definition
+nl_func_def_end = remove # ignore/add/remove/force
+
+# Overrides nl_func_decl_end when there is only one parameter.
+nl_func_decl_end_single = ignore # ignore/add/remove/force
+
+# Overrides nl_func_def_end when there is only one parameter.
+nl_func_def_end_single = ignore # ignore/add/remove/force
+
+# Add or remove newline between '()' in a function declaration.
+nl_func_decl_empty = ignore # ignore/add/remove/force
+
+# Add or remove newline between '()' in a function definition.
+nl_func_def_empty = ignore # ignore/add/remove/force
+
+# Add or remove newline between function signature and '{'
+nl_fdef_brace = add # ignore/add/remove/force
+
+# Whether to put a newline after 'return' statement
+nl_after_return = false # false/true
+
+# Add or remove a newline between the return keyword and return expression.
+nl_return_expr = ignore # ignore/add/remove/force
+
+# Whether to put a newline after semicolons, except in 'for' statements
+nl_after_semicolon = true # false/true
+
+# Whether to put a newline after brace open.
+# This also adds a newline before the matching brace close.
+nl_after_brace_open = false # false/true
+
+# If nl_after_brace_open and nl_after_brace_open_cmt are true, a newline is
+# placed between the open brace and a trailing single-line comment.
+nl_after_brace_open_cmt = false # false/true
+
+# Whether to put a newline after a virtual brace open with a non-empty body.
+# These occur in un-braced if/while/do/for statement bodies.
+nl_after_vbrace_open = true # false/true
+
+# Whether to put a newline after a virtual brace open with an empty body.
+# These occur in un-braced if/while/do/for statement bodies.
+nl_after_vbrace_open_empty = true # false/true
+
+# Whether to put a newline after a brace close.
+# Does not apply if followed by a necessary ';'.
+nl_after_brace_close = false # false/true
+
+# Whether to put a newline after a virtual brace close.
+# Would add a newline before return in: 'if (foo) a++; return;'
+nl_after_vbrace_close = false # false/true
+
+# Whether to alter newlines in '#define' macros
+nl_define_macro = false # false/true
+
+# Whether to not put blanks after '#ifxx', '#elxx', or before '#endif'
+nl_squeeze_ifdef = false # false/true
+
+# Add or remove blank line before 'if'
+nl_before_if = ignore # ignore/add/remove/force
+
+# Add or remove blank line after 'if' statement
+nl_after_if = ignore # ignore/add/remove/force
+
+# Add or remove blank line before 'for'
+nl_before_for = ignore # ignore/add/remove/force
+
+# Add or remove blank line after 'for' statement
+nl_after_for = ignore # ignore/add/remove/force
+
+# Add or remove blank line before 'while'
+nl_before_while = ignore # ignore/add/remove/force
+
+# Add or remove blank line after 'while' statement
+nl_after_while = ignore # ignore/add/remove/force
+
+# Add or remove blank line before 'switch'
+nl_before_switch = ignore # ignore/add/remove/force
+
+# Add or remove blank line after 'switch' statement
+nl_after_switch = ignore # ignore/add/remove/force
+
+# Add or remove blank line before 'do'
+nl_before_do = ignore # ignore/add/remove/force
+
+# Add or remove blank line after 'do/while' statement
+nl_after_do = ignore # ignore/add/remove/force
+
+# Whether to double-space commented-entries in struct/enum
+nl_ds_struct_enum_cmt = false # false/true
+
+# Whether to double-space before the close brace of a struct/union/enum
+# (lower priority than 'eat_blanks_before_close_brace')
+nl_ds_struct_enum_close_brace = false # false/true
+
+# Add or remove a newline around a class colon.
+# Related to pos_class_colon, nl_class_init_args, and pos_comma.
+nl_class_colon = ignore # ignore/add/remove/force
+
+# Change simple unbraced if statements into a one-liner
+# 'if(b)\n i++;' => 'if(b) i++;'
+nl_create_if_one_liner = false # false/true
+
+# Change simple unbraced for statements into a one-liner
+# 'for (i=0;i<5;i++)\n foo(i);' => 'for (i=0;i<5;i++) foo(i);'
+nl_create_for_one_liner = false # false/true
+
+# Change simple unbraced while statements into a one-liner
+# 'while (i<5)\n foo(i++);' => 'while (i<5) foo(i++);'
+nl_create_while_one_liner = false # false/true
+
+#
+# Positioning options
+#
+
+# The position of arithmetic operators in wrapped expressions
+pos_arith = ignore #
ignore/lead/lead_break/lead_force/trail/trail_break/trail_force
+
+# The position of assignment in wrapped expressions.
+# Do not affect '=' followed by '{'
+pos_assign = ignore #
ignore/lead/lead_break/lead_force/trail/trail_break/trail_force
+
+# The position of boolean operators in wrapped expressions
+pos_bool = ignore #
ignore/lead/lead_break/lead_force/trail/trail_break/trail_force
+
+# The position of comparison operators in wrapped expressions
+pos_compare = ignore #
ignore/lead/lead_break/lead_force/trail/trail_break/trail_force
+
+# The position of conditional (b ? t : f) operators in wrapped expressions
+pos_conditional = ignore #
ignore/lead/lead_break/lead_force/trail/trail_break/trail_force
+
+# The position of the comma in wrapped expressions
+pos_comma = ignore #
ignore/lead/lead_break/lead_force/trail/trail_break/trail_force
+
+# The position of the comma in the constructor initialization list
+pos_class_comma = ignore #
ignore/lead/lead_break/lead_force/trail/trail_break/trail_force
+
+# The position of colons between constructor and member initialization
+pos_class_colon = ignore #
ignore/lead/lead_break/lead_force/trail/trail_break/trail_force
+
+#
+# Line Splitting options
+#
+
+# Try to limit code width to N number of columns
+code_width = 0 # number
+
+# Whether to fully split long 'for' statements at semi-colons
+ls_for_split_full = false # false/true
+
+# Whether to fully split long function protos/calls at commas
+ls_func_split_full = false # false/true
+
+#
+# Blank line options
+#
+
+# The maximum consecutive newlines
+nl_max = 0 # number
+
+# The number of newlines after a function prototype, if followed by another
function prototype
+nl_after_func_proto = 0 # number
+
+# The number of newlines after a function prototype, if not followed by
another function prototype
+nl_after_func_proto_group = 0 # number
+
+# The number of newlines after '}' of a multi-line function body
+nl_after_func_body = 2 # number
+
+# The number of newlines after '}' of a single line function body
+nl_after_func_body_one_liner = 2 # number
+
+# The minimum number of newlines before a multi-line comment.
+# Doesn't apply if after a brace open or another multi-line comment.
+nl_before_block_comment = 0 # number
+
+# The minimum number of newlines before a single-line C comment.
+# Doesn't apply if after a brace open or other single-line C comments.
+nl_before_c_comment = 0 # number
+
+# The minimum number of newlines before a CPP comment.
+# Doesn't apply if after a brace open or other CPP comments.
+nl_before_cpp_comment = 0 # number
+
+# Whether to force a newline after a multi-line comment.
+nl_after_multiline_comment = false # false/true
+
+# The number of newlines before a 'private:', 'public:', 'protected:',
'signals:', or 'slots:' label.
+# Will not change the newline count if after a brace open.
+# 0 = No change.
+nl_before_access_spec = 0 # number
+
+# The number of newlines after a 'private:', 'public:', 'protected:',
'signals:', or 'slots:' label.
+# 0 = No change.
+nl_after_access_spec = 0 # number
+
+# The number of newlines between a function def and the function comment.
+# 0 = No change.
+nl_comment_func_def = 0 # number
+
+# The number of newlines after a try-catch-finally block that isn't followed
by a brace close.
+# 0 = No change.
+nl_after_try_catch_finally = 0 # number
+
+# The number of newlines before and after a property, indexer or event decl.
+# 0 = No change.
+nl_around_cs_property = 0 # number
+
+# The number of newlines between the get/set/add/remove handlers in C#.
+# 0 = No change.
+nl_between_get_set = 0 # number
+
+# Whether to remove blank lines after '{'
+eat_blanks_after_open_brace = true # false/true
+
+# Whether to remove blank lines before '}'
+eat_blanks_before_close_brace = true # false/true
+
+#
+# Code modifying options (non-whitespace)
+#
+
+# Add or remove braces on single-line 'do' statement
+mod_full_brace_do = add # ignore/add/remove/force
+
+# Add or remove braces on single-line 'for' statement
+mod_full_brace_for = add # ignore/add/remove/force
+
+# Add or remove braces on single-line function definitions. (Pawn)
+mod_full_brace_function = ignore # ignore/add/remove/force
+
+# Add or remove braces on single-line 'if' statement. Will not remove the
braces if they contain an 'else'.
+mod_full_brace_if = add # ignore/add/remove/force
+
+# Make all if/elseif/else statements in a chain be braced or not. Overrides
mod_full_brace_if.
+# If any must be braced, they are all braced. If all can be unbraced, then
the braces are removed.
+mod_full_brace_if_chain = false # false/true
+
+# Don't remove braces around statements that span N newlines
+mod_full_brace_nl = 0 # number
+
+# Add or remove braces on single-line 'while' statement
+mod_full_brace_while = add # ignore/add/remove/force
+
+# Add or remove braces on single-line 'using ()' statement
+mod_full_brace_using = add # ignore/add/remove/force
+
+# Add or remove unnecessary paren on 'return' statement
+mod_paren_on_return = remove # ignore/add/remove/force
+
+# Whether to change optional semicolons to real semicolons
+mod_pawn_semicolon = false # false/true
+
+# Add parens on 'while' and 'if' statement around bools
+mod_full_paren_if_bool = false # false/true
+
+# Whether to remove superfluous semicolons
+mod_remove_extra_semicolon = false # false/true
+
+# If a function body exceeds the specified number of newlines and doesn't have
a comment after
+# the close brace, a comment will be added.
+mod_add_long_function_closebrace_comment = 0 # number
+
+# If a switch body exceeds the specified number of newlines and doesn't have a
comment after
+# the close brace, a comment will be added.
+mod_add_long_switch_closebrace_comment = 0 # number
+
+# If an #ifdef body exceeds the specified number of newlines and doesn't have
a comment after
+# the #else, a comment will be added.
+mod_add_long_ifdef_endif_comment = 0 # number
+
+# If an #ifdef or #else body exceeds the specified number of newlines and
doesn't have a comment after
+# the #endif, a comment will be added.
+mod_add_long_ifdef_else_comment = 0 # number
+
+# If TRUE, will sort consecutive single-line 'import' statements [Java, D]
+mod_sort_import = false # false/true
+
+# If TRUE, will sort consecutive single-line 'using' statements [C#]
+mod_sort_using = false # false/true
+
+# If TRUE, will sort consecutive single-line '#include' statements [C/C++] and
'#import' statements [Obj-C]
+# This is generally a bad idea, as it may break your code.
+mod_sort_include = false # false/true
+
+# If TRUE, it will move a 'break' that appears after a fully braced 'case'
before the close brace.
+mod_move_case_break = false # false/true
+
+# Will add or remove the braces around a fully braced case statement.
+# Will only remove the braces if there are no variable declarations in the
block.
+mod_case_brace = ignore # ignore/add/remove/force
+
+# If TRUE, it will remove a void 'return;' that appears as the last statement
in a function.
+mod_remove_empty_return = false # false/true
+
+#
+# Comment modifications
+#
+
+# Try to wrap comments at cmt_width columns
+cmt_width = 0 # number
+
+# Set the comment reflow mode (default: 0)
+# 0: no reflowing (apart from the line wrapping due to cmt_width)
+# 1: no touching at all
+# 2: full reflow
+cmt_reflow_mode = 0 # number
+
+# If false, disable all multi-line comment changes, including cmt_width.
keyword substitution, and leading chars.
+# Default is true.
+cmt_indent_multi = true # false/true
+
+# Whether to group c-comments that look like they are in a block
+cmt_c_group = false # false/true
+
+# Whether to put an empty '/*' on the first line of the combined c-comment
+cmt_c_nl_start = false # false/true
+
+# Whether to put a newline before the closing '*/' of the combined c-comment
+cmt_c_nl_end = false # false/true
+
+# Whether to group cpp-comments that look like they are in a block
+cmt_cpp_group = false # false/true
+
+# Whether to put an empty '/*' on the first line of the combined cpp-comment
+cmt_cpp_nl_start = false # false/true
+
+# Whether to put a newline before the closing '*/' of the combined cpp-comment
+cmt_cpp_nl_end = false # false/true
+
+# Whether to change cpp-comments into c-comments
+cmt_cpp_to_c = false # false/true
+
+# Whether to put a star on subsequent comment lines
+cmt_star_cont = true # false/true
+
+# The number of spaces to insert at the start of subsequent comment lines
+cmt_sp_before_star_cont = 0 # number
+
+# The number of spaces to insert after the star on subsequent comment lines
+cmt_sp_after_star_cont = 0 # number
+
+# For multi-line comments with a '*' lead, remove leading spaces if the first
and last lines of
+# the comment are the same length. Default=True
+cmt_multi_check_last = false # false/true
+
+# The filename that contains text to insert at the head of a file if the file
doesn't start with a C/C++ comment.
+# Will substitute $(filename) with the current file's name.
+cmt_insert_file_header = "" # string
+
+# The filename that contains text to insert at the end of a file if the file
doesn't end with a C/C++ comment.
+# Will substitute $(filename) with the current file's name.
+cmt_insert_file_footer = "" # string
+
+# The filename that contains text to insert before a function implementation
if the function isn't preceded with a C/C++ comment.
+# Will substitute $(function) with the function name and $(javaparam) with the
javadoc @param and @return stuff.
+# Will also substitute $(fclass) with the class name: void CFoo::Bar() { ... }
+cmt_insert_func_header = "" # string
+
+# The filename that contains text to insert before a class if the class isn't
preceded with a C/C++ comment.
+# Will substitute $(class) with the class name.
+cmt_insert_class_header = "" # string
+
+# If a preprocessor is encountered when stepping backwards from a function
name, then
+# this option decides whether the comment should be inserted.
+# Affects cmt_insert_func_header and cmt_insert_class_header.
+cmt_insert_before_preproc = false # false/true
+
+#
+# Preprocessor options
+#
+
+# Control indent of preprocessors inside #if blocks at brace level 0
+pp_indent = remove # ignore/add/remove/force
+
+# Whether to indent #if/#else/#endif at the brace level (true) or from column
1 (false)
+pp_indent_at_level = false # false/true
+
+# If pp_indent_at_level=false, specifies the number of columns to indent per
level. Default=1.
+pp_indent_count = 1 # number
+
+# Add or remove space after # based on pp_level of #if blocks
+pp_space = remove # ignore/add/remove/force
+
+# Sets the number of spaces added with pp_space
+pp_space_count = 0 # number
+
+# The indent for #region and #endregion in C# and '#pragma region' in C/C++
+pp_indent_region = 0 # number
+
+# Whether to indent the code between #region and #endregion
+pp_region_indent_code = false # false/true
+
+# If pp_indent_at_level=true, sets the indent for #if, #else, and #endif when
not at file-level
+pp_indent_if = 0 # number
+
+# Control whether to indent the code between #if, #else and #endif when not at
file-level
+pp_if_indent_code = false # false/true
+
+# Whether to indent '#define' at the brace level (true) or from column 1
(false)
+pp_define_at_level = false # false/true
+
+# You can force a token to be a type with the 'type' option.
+# Example:
+# type myfoo1 myfoo2
+#
+# You can create custom macro-based indentation using macro-open,
+# macro-else and macro-close.
+# Example:
+# macro-open BEGIN_TEMPLATE_MESSAGE_MAP
+# macro-open BEGIN_MESSAGE_MAP
+# macro-close END_MESSAGE_MAP
+#
+# You can assign any keyword to any type with the set option.
+# set func_call_user _ N_
+#
+# The full syntax description of all custom definition config entries
+# is shown below:
+#
+# define custom tokens as:
+# - embed whitespace in token using '' escape character, or
+# put token in quotes
+# - these: ' " and ` are recognized as quote delimiters
+#
+# type token1 token2 token3 ...
+# ^ optionally specify multiple tokens on a single line
+# define def_token output_token
+# ^ output_token is optional, then NULL is assumed
+# macro-open token
+# macro-close token
+# macro-else token
+# set id token1 token2 ...
+# ^ optionally specify multiple tokens on a single line
+# ^ id is one of the names in token_enum.h sans the CT_ prefix,
+# e.g. PP_PRAGMA
+#
+# all tokens are separated by any mix of ',' commas, '=' equal signs
+# and whitespace (space, tab)
+#
=== renamed file 'tools/dot_uncrustify.cfg' => '.uncrustify.cfg'
=== modified file 'firewall/cache.c'
--- firewall/cache.c 2010-11-30 14:50:30 +0000
+++ firewall/cache.c 2011-01-03 16:06:13 +0000
@@ -65,7 +65,7 @@
fw_cache_hl_t *hip_cache_create_hl_entry(void)
{
fw_cache_hl_t *entry = NULL;
- int err = 0;
+ int err = 0;
HIP_IFEL(!(entry = malloc(sizeof(fw_cache_hl_t))),
-ENOMEM, "No memory available for firewall database entry\n");
@@ -81,7 +81,7 @@
*
* @return the new firewall db entry
*/
-static fw_cache_hl_t * firewall_add_new_entry(const fw_cache_hl_t *ha_entry)
+static fw_cache_hl_t *firewall_add_new_entry(const fw_cache_hl_t *ha_entry)
{
fw_cache_hl_t *new_entry = NULL;
@@ -120,11 +120,11 @@
const void *peer,
fw_cache_query_type_t type)
{
- int err = 0;
- fw_cache_hl_t *ha_ret = NULL;
- const fw_cache_hl_t *ha_match = NULL;
- const fw_cache_hl_t *ha_curr = NULL;
- struct hip_common *msg = NULL;
+ int err = 0;
+ fw_cache_hl_t *ha_ret = NULL;
+ const fw_cache_hl_t *ha_match = NULL;
+ const fw_cache_hl_t *ha_curr = NULL;
+ struct hip_common *msg = NULL;
const struct hip_tlv_common *current_param = NULL;
HIP_IFEL(!(msg = malloc(HIP_MAX_PACKET)), -1, "malloc failed\n");
@@ -143,13 +143,13 @@
ha_match = ha_curr;
break;
} else if (type == FW_CACHE_LSI &&
- !ipv4_addr_cmp(peer, &ha_curr->lsi_peer) &&
- (!local || !ipv4_addr_cmp(local, &ha_curr->lsi_our))) {
+ !ipv4_addr_cmp(peer, &ha_curr->lsi_peer) &&
+ (!local || !ipv4_addr_cmp(local, &ha_curr->lsi_our))) {
ha_match = ha_curr;
break;
} else if (type == FW_CACHE_IP &&
- !ipv6_addr_cmp(peer, &ha_curr->ip_peer) &&
- (!local || !ipv6_addr_cmp(local, &ha_curr->ip_our))) {
+ !ipv6_addr_cmp(peer, &ha_curr->ip_peer) &&
+ (!local || !ipv6_addr_cmp(local, &ha_curr->ip_our))) {
ha_match = ha_curr;
break;
}
@@ -179,11 +179,11 @@
fw_cache_query_type_t type,
int query_daemon)
{
- int i;
- fw_cache_hl_t *this = NULL;
- hip_list_t *item = NULL;
- hip_list_t *tmp = NULL;
- fw_cache_hl_t *ha_match = NULL;
+ int i;
+ fw_cache_hl_t *this = NULL;
+ hip_list_t *item = NULL;
+ hip_list_t *tmp = NULL;
+ fw_cache_hl_t *ha_match = NULL;
if (type == FW_CACHE_HIT) {
ha_match = hip_ht_find(firewall_cache_db, peer);
@@ -206,17 +206,16 @@
ha_match = this;
break;
} else if (type == FW_CACHE_LSI &&
- !ipv4_addr_cmp(peer, &this->lsi_peer) &&
- (!local || !ipv4_addr_cmp(local, &this->lsi_our))) {
+ !ipv4_addr_cmp(peer, &this->lsi_peer) &&
+ (!local || !ipv4_addr_cmp(local, &this->lsi_our))) {
ha_match = this;
break;
} else if (type == FW_CACHE_IP &&
- !ipv6_addr_cmp(peer, &this->ip_peer) &&
- (!local || !ipv6_addr_cmp(local, &this->ip_our))) {
+ !ipv6_addr_cmp(peer, &this->ip_peer) &&
+ (!local || !ipv6_addr_cmp(local, &this->ip_our))) {
ha_match = this;
break;
}
-
}
HIP_UNLOCK_HT(&firewall_cache_db);
@@ -262,7 +261,7 @@
static unsigned long hip_firewall_hash_hit_peer(const void *ptr)
{
const struct in6_addr *hit_peer = &((const fw_cache_hl_t *) ptr)->hit_peer;
- uint8_t hash[HIP_AH_SHA_LEN];
+ uint8_t hash[HIP_AH_SHA_LEN];
hip_build_digest(HIP_DIGEST_SHA1, hit_peer, sizeof(*hit_peer), hash);
return *((unsigned long *) hash);
@@ -307,10 +306,10 @@
*/
void hip_firewall_cache_delete_hldb(int exiting)
{
- int i;
- fw_cache_hl_t *this = NULL;
- hip_list_t *item = NULL;
- hip_list_t *tmp = NULL;
+ int i;
+ fw_cache_hl_t *this = NULL;
+ hip_list_t *item = NULL;
+ hip_list_t *tmp = NULL;
HIP_DEBUG("Start hldb delete\n");
HIP_LOCK_HT(&firewall_cache_db);
@@ -327,8 +326,9 @@
* we handle it in firewall_exit(). */
HIP_UNLOCK_HT(&firewall_cache_db);
- if (exiting)
+ if (exiting) {
hip_ht_uninit(firewall_cache_db);
+ }
HIP_DEBUG("End hldbdb delete\n");
}
@@ -338,12 +338,12 @@
* @param hit_peer Peer HIT
* @param state New state
* @return 0 on success, negative on error
-*/
+ */
int hip_firewall_cache_set_bex_state(const struct in6_addr *hit_our,
const struct in6_addr *hit_peer,
int state)
{
- int err = 0;
+ int err = 0;
fw_cache_hl_t *entry;
HIP_IFEL(!hit_peer, -1, "Need peer HIT to search\n");
@@ -375,7 +375,7 @@
const struct in6_addr *hit_peer,
int state)
{
- int err = 0;
+ int err = 0;
fw_cache_hl_t *entry;
HIP_IFEL(!ip_peer, -1, "Need peer IP to search\n");
=== modified file 'firewall/conntrack.c'
--- firewall/conntrack.c 2010-12-28 16:19:46 +0000
+++ firewall/conntrack.c 2011-01-03 16:06:13 +0000
@@ -84,8 +84,8 @@
STATE_CLOSING
};
-int timeoutChecking = 0;
-unsigned long timeoutValue = 0;
+int timeoutChecking = 0;
+unsigned long timeoutValue = 0;
/*------------print functions-------------*/
/**
@@ -224,7 +224,7 @@
const struct in6_addr *ip6_from)
{
struct dlist *list = (struct dlist *) hip_list;
- hip_hit_t phit;
+ hip_hit_t phit;
HIP_DEBUG("updating opportunistic entries\n");
/* the pseudo hit is compared with the hit in the entries */
@@ -260,7 +260,7 @@
OPP const struct in6_addr *ip6_from)
{
struct hip_tuple *tuple = NULL;
- struct dlist *list = hip_list;
+ struct dlist *list = hip_list;
while (list) {
tuple = list->data;
@@ -296,7 +296,7 @@
static struct esp_address *get_esp_address(const struct slist *addr_list,
const struct in6_addr *addr)
{
- const struct slist *list = addr_list;
+ const struct slist *list = addr_list;
struct esp_address *esp_addr = NULL;
HIP_DEBUG("get_esp_address\n");
@@ -404,8 +404,8 @@
struct esp_tuple *find_esp_tuple(const struct slist *search_list,
const uint32_t spi)
{
- const struct slist *list = search_list;
- struct esp_tuple *esp_tuple = NULL;
+ const struct slist *list = search_list;
+ struct esp_tuple *esp_tuple = NULL;
if (!list) {
HIP_DEBUG("Esp tuple slist is empty\n");
@@ -440,18 +440,18 @@
//set time stamp
gettimeofday(&connection->time_stamp, NULL);
#ifdef HIP_CONFIG_MIDAUTH
- connection->pisa_state = PISA_STATE_DISALLOW;
+ connection->pisa_state = PISA_STATE_DISALLOW;
#endif
//original direction tuple
- connection->original.state = HIP_STATE_UNASSOCIATED;
- connection->original.direction = ORIGINAL_DIR;
- connection->original.esp_tuples = NULL;
- connection->original.connection = connection;
- connection->original.hip_tuple = malloc(sizeof(struct
hip_tuple));
+ connection->original.state = HIP_STATE_UNASSOCIATED;
+ connection->original.direction = ORIGINAL_DIR;
+ connection->original.esp_tuples = NULL;
+ connection->original.connection = connection;
+ connection->original.hip_tuple = malloc(sizeof(struct hip_tuple));
memset(connection->original.hip_tuple, 0, sizeof(struct hip_tuple));
- connection->original.hip_tuple->tuple = &connection->original;
- connection->original.hip_tuple->data = malloc(sizeof(struct
hip_data));
+ connection->original.hip_tuple->tuple = &connection->original;
+ connection->original.hip_tuple->data = malloc(sizeof(struct hip_data));
memset(connection->original.hip_tuple->data, 0, sizeof(struct hip_data));
memcpy(&connection->original.hip_tuple->data->src_hit, &data->src_hit,
sizeof(struct in6_addr));
memcpy(&connection->original.hip_tuple->data->dst_hit, &data->dst_hit,
sizeof(struct in6_addr));
@@ -459,19 +459,19 @@
connection->original.hip_tuple->data->verify = NULL;
//reply direction tuple
- connection->reply.state = HIP_STATE_UNASSOCIATED;
- connection->reply.direction = REPLY_DIR;
- connection->reply.esp_tuples = NULL;
- connection->reply.connection = connection;
- connection->reply.hip_tuple = malloc(sizeof(struct
hip_tuple));
+ connection->reply.state = HIP_STATE_UNASSOCIATED;
+ connection->reply.direction = REPLY_DIR;
+ connection->reply.esp_tuples = NULL;
+ connection->reply.connection = connection;
+ connection->reply.hip_tuple = malloc(sizeof(struct hip_tuple));
memset(connection->reply.hip_tuple, 0, sizeof(struct hip_tuple));
- connection->reply.hip_tuple->tuple = &connection->reply;
- connection->reply.hip_tuple->data = malloc(sizeof(struct
hip_data));
+ connection->reply.hip_tuple->tuple = &connection->reply;
+ connection->reply.hip_tuple->data = malloc(sizeof(struct hip_data));
memset(connection->reply.hip_tuple->data, 0, sizeof(struct hip_data));
memcpy(&connection->reply.hip_tuple->data->src_hit, &data->dst_hit,
sizeof(struct in6_addr));
memcpy(&connection->reply.hip_tuple->data->dst_hit, &data->src_hit,
sizeof(struct in6_addr));
- connection->reply.hip_tuple->data->src_hi = NULL;
- connection->reply.hip_tuple->data->verify = NULL;
+ connection->reply.hip_tuple->data->src_hi = NULL;
+ connection->reply.hip_tuple->data->verify = NULL;
//add tuples to list
hip_list = append_to_list(hip_list, connection->original.hip_tuple);
@@ -501,7 +501,6 @@
{
if (hip_tuple) {
if (hip_tuple->data) {
-
// free keys depending on cipher
if (hip_tuple->data->src_pub_key && hip_tuple->data->src_hi) {
if (hip_get_host_id_algo(hip_tuple->data->src_hi) ==
HIP_HI_RSA) {
@@ -530,7 +529,7 @@
static void free_esp_tuple(struct esp_tuple *esp_tuple)
{
if (esp_tuple) {
- struct slist *list = esp_tuple->dst_addr_list;
+ struct slist *list = esp_tuple->dst_addr_list;
struct esp_address *addr = NULL;
// remove eventual cached anchor elements for this esp tuple
@@ -575,9 +574,9 @@
tuple->esp_tuples = remove_link_slist(tuple->esp_tuples, list);
free_esp_tuple(list->data);
- list->data = NULL;
+ list->data = NULL;
free(list);
- list = tuple->esp_tuples;
+ list = tuple->esp_tuples;
}
tuple->esp_tuples = NULL;
tuple->connection = NULL;
@@ -633,20 +632,20 @@
const struct hip_seq
*seq,
struct tuple *tuple)
{
- struct esp_tuple *new_esp = NULL;
+ struct esp_tuple *new_esp = NULL;
const struct hip_locator_info_addr_item *locator_addr = NULL;
- int n = 0;
+ int n = 0;
if (esp_info && locator && esp_info->new_spi == esp_info->old_spi) {
HIP_DEBUG("esp_tuple_from_esp_info_locator: new spi 0x%lx\n",
esp_info->new_spi);
/* check that old spi is found */
- new_esp = malloc(sizeof(struct esp_tuple));
+ new_esp = malloc(sizeof(struct esp_tuple));
memset(new_esp, 0, sizeof(struct esp_tuple));
new_esp->spi = ntohl(esp_info->new_spi);
new_esp->tuple = tuple;
- n = (hip_get_param_total_len(locator) - sizeof(struct
hip_locator)) /
- sizeof(struct hip_locator_info_addr_item);
+ n = (hip_get_param_total_len(locator) - sizeof(struct hip_locator)) /
+ sizeof(struct hip_locator_info_addr_item);
HIP_DEBUG("esp_tuple_from_esp_info_locator: %d addresses in
locator\n", n);
if (n > 0) {
locator_addr = (const struct hip_locator_info_addr_item *)
@@ -687,7 +686,7 @@
{
struct esp_tuple *new_esp = NULL;
if (esp_info) {
- new_esp = malloc(sizeof(struct esp_tuple));
+ new_esp = malloc(sizeof(struct esp_tuple));
memset(new_esp, 0, sizeof(struct esp_tuple));
new_esp->spi = ntohl(esp_info->new_spi);
new_esp->tuple = tuple;
@@ -719,7 +718,7 @@
const struct hip_seq *seq)
{
struct connection *connection = malloc(sizeof(struct connection));
- struct esp_tuple *esp_tuple = NULL;
+ struct esp_tuple *esp_tuple = NULL;
esp_tuple = esp_tuple_from_esp_info_locator(esp_info, locator, seq,
&connection->reply);
@@ -728,9 +727,9 @@
HIP_DEBUG("insert_connection_from_update: can't create connection\n");
return 0;
}
- connection->state =
STATE_ESTABLISHING_FROM_UPDATE;
+ connection->state = STATE_ESTABLISHING_FROM_UPDATE;
#ifdef HIP_CONFIG_MIDAUTH
- connection->pisa_state = PISA_STATE_DISALLOW;
+ connection->pisa_state = PISA_STATE_DISALLOW;
#endif
//original direction tuple
@@ -748,12 +747,12 @@
//reply direction tuple
- connection->reply.state = HIP_STATE_UNASSOCIATED;
- connection->reply.direction = REPLY_DIR;
+ connection->reply.state = HIP_STATE_UNASSOCIATED;
+ connection->reply.direction = REPLY_DIR;
- connection->reply.esp_tuples = NULL;
- connection->reply.esp_tuples =
append_to_slist(connection->reply.esp_tuples,
- esp_tuple);
+ connection->reply.esp_tuples = NULL;
+ connection->reply.esp_tuples =
append_to_slist(connection->reply.esp_tuples,
+ esp_tuple);
insert_esp_tuple(esp_tuple);
connection->reply.connection = connection;
@@ -800,11 +799,11 @@
static int hipfw_handle_relay_to_r2(const struct hip_common *common,
const hip_fw_context_t *ctx)
{
- struct iphdr *iph = (struct iphdr *) ctx->ipq_packet->payload;
+ struct iphdr *iph = (struct iphdr *)
ctx->ipq_packet->payload;
const struct hip_relay_to *relay_to = NULL; /* same format as relay_from */
- struct tuple *tuple, *reverse_tuple;
- int err = 0;
- uint32_t spi;
+ struct tuple *tuple, *reverse_tuple;
+ int err = 0;
+ uint32_t spi;
const struct hip_esp_info *esp_info;
HIP_DEBUG_IN6ADDR("ctx->src", &ctx->src);
@@ -813,7 +812,7 @@
HIP_ASSERT((hip_get_msg_type(common) == HIP_R2));
HIP_IFEL(!(relay_to = hip_get_param(common, HIP_PARAM_RELAY_TO)), -1,
- "No relay_to, skip\n");
+ "No relay_to, skip\n");
HIP_DEBUG_IN6ADDR("relay_to_addr", &relay_to->address);
@@ -886,11 +885,11 @@
DBG int verify_responder,
UNUSED const hip_fw_context_t *ctx)
{
- struct in6_addr hit;
+ struct in6_addr hit;
const struct hip_host_id *host_id = NULL;
// assume correct packet
- int err = 1;
- hip_tlv_len_t len = 0;
+ int err = 1;
+ hip_tlv_len_t len = 0;
HIP_DEBUG("verify_responder: %i\n", verify_responder);
@@ -956,15 +955,15 @@
static int handle_i2(struct hip_common *common, struct tuple *tuple,
const hip_fw_context_t *ctx)
{
- const struct hip_esp_info *spi = NULL;
- const struct slist *other_dir_esps = NULL;
- const struct hip_host_id *host_id = NULL;
- struct tuple *other_dir = NULL;
- struct esp_tuple *esp_tuple = NULL;
- struct in6_addr hit;
+ const struct hip_esp_info *spi = NULL;
+ const struct slist *other_dir_esps = NULL;
+ const struct hip_host_id *host_id = NULL;
+ struct tuple *other_dir = NULL;
+ struct esp_tuple *esp_tuple = NULL;
+ struct in6_addr hit;
// assume correct packet
- int err = 1;
- hip_tlv_len_t len = 0;
+ int err = 1;
+ hip_tlv_len_t len = 0;
const struct in6_addr *ip6_src = &ctx->src;
HIP_DEBUG("\n");
@@ -1031,9 +1030,9 @@
esp_tuple->dst_addr_list = NULL;
esp_tuple->dst_addr_list = update_esp_address(esp_tuple->dst_addr_list,
ip6_src, NULL);
- esp_tuple->tuple = other_dir;
+ esp_tuple->tuple = other_dir;
- other_dir->esp_tuples = append_to_slist(other_dir->esp_tuples,
esp_tuple);
+ other_dir->esp_tuples = append_to_slist(other_dir->esp_tuples,
esp_tuple);
insert_esp_tuple(esp_tuple);
}
@@ -1064,12 +1063,12 @@
static int handle_r2(const struct hip_common *common, struct tuple *tuple,
const hip_fw_context_t *ctx)
{
- const struct hip_esp_info *spi = NULL;
- struct tuple *other_dir = NULL;
- struct slist *other_dir_esps = NULL;
- struct esp_tuple *esp_tuple = NULL;
- const struct in6_addr *ip6_src = &ctx->src;
- int err = 1;
+ const struct hip_esp_info *spi = NULL;
+ struct tuple *other_dir = NULL;
+ struct slist *other_dir_esps = NULL;
+ struct esp_tuple *esp_tuple = NULL;
+ const struct in6_addr *ip6_src = &ctx->src;
+ int err = 1;
HIP_IFEL(!(spi = hip_get_param(common, HIP_PARAM_ESP_INFO)),
0, "no spi found\n");
@@ -1103,7 +1102,7 @@
esp_tuple->dst_addr_list = NULL;
esp_tuple->dst_addr_list = update_esp_address(esp_tuple->dst_addr_list,
ip6_src, NULL);
- esp_tuple->tuple = other_dir;
+ esp_tuple->tuple = other_dir;
insert_esp_tuple(esp_tuple);
@@ -1144,8 +1143,8 @@
struct esp_tuple *esp_tuple)
{
const struct hip_locator_info_addr_item *locator_addr = NULL;
- int err = 1;
- int n = 0;
+ int err = 1;
+ int n = 0;
HIP_DEBUG("\n");
@@ -1164,8 +1163,8 @@
esp_tuple->new_spi = ntohl(esp_info->new_spi);
esp_tuple->spi_update_id = seq->update_id;
- n = (hip_get_param_total_len(locator) -
sizeof(struct hip_locator))
- / sizeof(struct hip_locator_info_addr_item);
+ n = (hip_get_param_total_len(locator) - sizeof(struct hip_locator))
+ / sizeof(struct hip_locator_info_addr_item);
if (n < 1) {
HIP_DEBUG("no locator param found\n");
@@ -1212,7 +1211,7 @@
}
n = (hip_get_param_total_len(locator) - sizeof(struct hip_locator))
- / sizeof(struct hip_locator_info_addr_item);
+ / sizeof(struct hip_locator_info_addr_item);
HIP_DEBUG(" %d locator addresses\n", n);
locator_addr = (const struct hip_locator_info_addr_item *)
@@ -1256,14 +1255,14 @@
struct tuple *tuple,
const hip_fw_context_t *ctx)
{
- const struct hip_seq *seq = NULL;
- const struct hip_esp_info *esp_info = NULL;
- const struct hip_ack *ack = NULL;
- const struct hip_locator *locator = NULL;
- const struct hip_spi *spi = NULL;
- struct tuple *other_dir_tuple = NULL;
- const struct in6_addr *ip6_src = &ctx->src;
- int err = 1;
+ const struct hip_seq *seq = NULL;
+ const struct hip_esp_info *esp_info = NULL;
+ const struct hip_ack *ack = NULL;
+ const struct hip_locator *locator = NULL;
+ const struct hip_spi *spi = NULL;
+ struct tuple *other_dir_tuple = NULL;
+ const struct in6_addr *ip6_src = &ctx->src;
+ int err = 1;
/* get params from UPDATE message */
seq = hip_get_param(common, HIP_PARAM_SEQ);
@@ -1316,7 +1315,7 @@
}
/* we have to consider the src ip address in case of cascading
NATs (see above FIXME) */
- esp_tuple = esp_tuple_from_esp_info(esp_info,
ip6_src, other_dir_tuple);
+ esp_tuple = esp_tuple_from_esp_info(esp_info, ip6_src,
other_dir_tuple);
other_dir_tuple->esp_tuples = append_to_slist(other_dir_esps,
esp_tuple);
@@ -1334,8 +1333,8 @@
}
} else {
/* we already know this connection */
- struct slist *other_dir_esps = NULL;
- struct esp_tuple *esp_tuple = NULL;
+ struct slist *other_dir_esps = NULL;
+ struct esp_tuple *esp_tuple = NULL;
if (tuple->direction == ORIGINAL_DIR) {
other_dir_tuple = &tuple->connection->reply;
@@ -1523,11 +1522,11 @@
hip_fw_context_t *ctx)
{
#ifdef CONFIG_HIP_OPPORTUNISTIC
- hip_hit_t phit;
+ hip_hit_t phit;
struct in6_addr all_zero_addr;
#endif
struct in6_addr hit;
- int err = 1;
+ int err = 1;
HIP_DEBUG("check packet: type %d \n", common->type_hdr);
@@ -1567,7 +1566,6 @@
HIP_DEBUG("verifying signature...\n");
if (tuple->hip_tuple->data->verify(tuple->hip_tuple->data->src_pub_key,
common)) {
-
HIP_INFO("Signature verification failed\n");
err = 0;
@@ -1684,14 +1682,14 @@
*/
int hipfw_relay_esp(const hip_fw_context_t *ctx)
{
- struct iphdr *iph = (struct iphdr *) ctx->ipq_packet->payload;
- struct udphdr *udph = (struct udphdr *) ((uint8_t *) iph + iph->ihl * 4);
- int len = ctx->ipq_packet->data_len - iph->ihl * 4;
- struct slist *list = (struct slist *) esp_list;
- struct tuple *tuple = NULL;
- struct hip_esp *esp = ctx->transport_hdr.esp;
- int err = 0;
- uint32_t spi;
+ struct iphdr *iph = (struct iphdr *) ctx->ipq_packet->payload;
+ struct udphdr *udph = (struct udphdr *) ((uint8_t *) iph + iph->ihl * 4);
+ int len = ctx->ipq_packet->data_len - iph->ihl * 4;
+ struct slist *list = (struct slist *) esp_list;
+ struct tuple *tuple = NULL;
+ struct hip_esp *esp = ctx->transport_hdr.esp;
+ int err = 0;
+ uint32_t spi;
HIP_IFEL(!list, -1, "List is empty\n");
HIP_IFEL((iph->protocol != IPPROTO_UDP), -1,
@@ -1734,7 +1732,7 @@
HIP_DEBUG_IN6ADDR("esp_relay_addr", &tuple->esp_relay_daddr);
udph->source = htons(HIP_NAT_UDP_PORT);
- udph->dest = htons(tuple->esp_relay_dport);
+ udph->dest = htons(tuple->esp_relay_dport);
udph->check = 0;
HIP_DEBUG("Relaying packet\n");
@@ -1759,13 +1757,13 @@
*/
int filter_esp_state(const hip_fw_context_t *ctx)
{
- const struct in6_addr *dst_addr = NULL;
- const struct in6_addr *src_addr = NULL;
- struct hip_esp *esp = NULL;
- struct tuple *tuple = NULL;
- struct esp_tuple *esp_tuple = NULL;
+ const struct in6_addr *dst_addr = NULL;
+ const struct in6_addr *src_addr = NULL;
+ struct hip_esp *esp = NULL;
+ struct tuple *tuple = NULL;
+ struct esp_tuple *esp_tuple = NULL;
// don't accept packet with this rule by default
- int err = 0;
+ int err = 0;
uint32_t spi;
dst_addr = &ctx->dst;
@@ -1773,7 +1771,7 @@
esp = ctx->transport_hdr.esp;
// needed to de-multiplex ESP traffic
- spi = ntohl(esp->esp_spi);
+ spi = ntohl(esp->esp_spi);
// match packet against known connections
HIP_DEBUG("filtering ESP packet against known connections...\n");
@@ -1839,13 +1837,13 @@
struct hip_common *buf, const struct state_option *option,
const int must_accept, hip_fw_context_t *ctx)
{
- struct hip_data *data = NULL;
- struct tuple *tuple = NULL;
+ struct hip_data *data = NULL;
+ struct tuple *tuple = NULL;
// FIXME results in unsafe use in filter_hip()
- int return_value = -1; //invalid value
+ int return_value = -1; //invalid value
// get data form the buffer and put it in a new data structure
- data = get_hip_data(buf);
+ data = get_hip_data(buf);
// look up the tuple in the database
tuple = get_tuple_by_hip(data, buf->type_hdr, ip6_src);
free(data);
@@ -1882,11 +1880,11 @@
} else {
if ((option->int_opt.value == CONN_ESTABLISHED &&
option->int_opt.boolean
&& !must_accept) || (option->int_opt.value == CONN_NEW &&
- !option->int_opt.boolean && !must_accept)) {
+ !option->int_opt.boolean && !must_accept)) {
remove_connection(tuple->connection);
tuple->connection = NULL;
- return_value = 1;
+ return_value = 1;
goto out_err;
}
}
@@ -1913,12 +1911,12 @@
struct hip_common *buf,
hip_fw_context_t *ctx)
{
- struct hip_data *data = NULL;
- struct tuple *tuple = NULL;
- int verdict = 0;
+ struct hip_data *data = NULL;
+ struct tuple *tuple = NULL;
+ int verdict = 0;
// convert to new data type
- data = get_hip_data(buf);
+ data = get_hip_data(buf);
// look up tuple in the db
tuple = get_tuple_by_hip(data, buf->type_hdr, ip6_src);
=== modified file 'firewall/dlist.c'
--- firewall/dlist.c 2010-12-13 19:20:12 +0000
+++ firewall/dlist.c 2011-01-03 16:06:13 +0000
@@ -106,6 +106,7 @@
}
return length;
}
+
#endif /* CONFIG_HIP_DEBUG */
/**
=== modified file 'firewall/esp_prot_api.c'
--- firewall/esp_prot_api.c 2010-12-06 20:00:14 +0000
+++ firewall/esp_prot_api.c 2011-01-03 16:06:13 +0000
@@ -102,7 +102,7 @@
int hash_lengths[NUM_HASH_FUNCTIONS][NUM_HASH_LENGTHS];
/* is used for hash chains and trees simultaneously used hash functions */
hash_function_t hash_functions[NUM_HASH_FUNCTIONS]
- = {(hash_function_t) SHA1};
+ = { (hash_function_t) SHA1 };
/********* internal settings (derived from config-file) *********/
// lengths of the hash structures in the stores
@@ -129,12 +129,12 @@
int *out_length,
const hip_sa_entry_t *entry)
{
- int err = 0, i, j;
- int repeat = 1;
- int hash_length = 0;
+ int err = 0, i, j;
+ int repeat = 1;
+ int hash_length = 0;
uint32_t chosen_el[num_linear_elements + num_random_elements];
- uint32_t rand_el = 0;
- int item_length = 0;
+ uint32_t rand_el = 0;
+ int item_length = 0;
HIP_ASSERT(ring_buffer_size >= num_linear_elements + num_random_elements);
@@ -161,7 +161,7 @@
// then add randomly
for (i = 0; i < num_random_elements; i++) {
while (repeat) {
- repeat = 0;
+ repeat = 0;
// draw random element
RAND_bytes((unsigned char *) &rand_el, sizeof(uint32_t));
@@ -201,9 +201,9 @@
const uint8_t transform)
{
esp_prot_tfm_t *prot_transform = NULL;
- void *return_item = NULL;
- int use_hash_trees = 0;
- int err = 0;
+ void *return_item = NULL;
+ int use_hash_trees = 0;
+ int err = 0;
HIP_ASSERT(item_anchor != NULL);
@@ -215,13 +215,13 @@
}
HIP_IFEL(!(return_item =
- hcstore_get_item_by_anchor(&bex_store,
- prot_transform->hash_func_id,
- prot_transform->hash_length_id,
- NUM_BEX_HIERARCHIES - 1,
- item_anchor, use_hash_trees)),
- -1,
- "unable to retrieve hchain from bex
store\n");
+ hcstore_get_item_by_anchor(&bex_store,
+ prot_transform->hash_func_id,
+ prot_transform->hash_length_id,
+ NUM_BEX_HIERARCHIES - 1,
+ item_anchor, use_hash_trees)),
+ -1,
+ "unable to retrieve hchain from bex store\n");
// refill bex-store if necessary
HIP_IFEL((err = hcstore_refill(&bex_store, use_hash_trees)) < 0, -1,
@@ -250,12 +250,12 @@
*/
int esp_prot_init(void)
{
- int bex_function_id = 0, update_function_id = 0;
- int bex_hash_length_id = 0, update_hash_length_id = 0;
- int use_hash_trees = 0;
- int err = 0, i, j, g;
- int activate = 1;
- config_t *config = NULL;
+ int bex_function_id = 0, update_function_id = 0;
+ int bex_hash_length_id = 0, update_hash_length_id = 0;
+ int use_hash_trees = 0;
+ int err = 0, i, j, g;
+ int activate = 1;
+ config_t *config = NULL;
HIP_DEBUG("Initializing the esp protection extension...\n");
@@ -269,8 +269,8 @@
* NOTE internal structure partially more flexible than interface provided
by
* config-file */
hash_lengths[NUM_HASH_FUNCTIONS - 1][NUM_HASH_LENGTHS - 1] = hash_length_g;
- bex_hchain_length =
hash_structure_length;
- update_hchain_lengths[NUM_UPDATE_HCHAIN_LENGTHS - 1] =
hash_structure_length;
+ bex_hchain_length =
hash_structure_length;
+ update_hchain_lengths[NUM_UPDATE_HCHAIN_LENGTHS - 1] =
hash_structure_length;
/* activate the extension in hipd
*
@@ -283,10 +283,10 @@
/* init the hash-chain stores */
HIP_IFEL(hcstore_init(&bex_store, num_hchains_per_item,
refill_threshold), -1,
- "failed to initialize the bex-store\n");
+ "failed to initialize the bex-store\n");
HIP_IFEL(hcstore_init(&update_store, num_hchains_per_item,
refill_threshold), -1,
- "failed to initialize the update-store\n");
+ "failed to initialize the update-store\n");
HIP_DEBUG("setting up esp_prot_transforms...\n");
@@ -306,15 +306,15 @@
for (i = 0; i < NUM_HASH_FUNCTIONS; i++) {
// first we have to register the function
HIP_IFEL((bex_function_id =
- hcstore_register_function(&bex_store,
- hash_functions[i])) < 0,
- -1,
- "failed to register hash-function in
bex-store\n");
+ hcstore_register_function(&bex_store,
+ hash_functions[i])) < 0,
+ -1,
+ "failed to register hash-function in bex-store\n");
HIP_IFEL((update_function_id =
- hcstore_register_function(&update_store,
- hash_functions[i])) < 0,
- -1,
- "failed to register hash-function in
update-store\n");
+ hcstore_register_function(&update_store,
+ hash_functions[i])) < 0,
+ -1,
+ "failed to register hash-function in update-store\n");
// ensure the 2 stores are in sync
HIP_ASSERT(bex_function_id == update_function_id);
@@ -323,15 +323,15 @@
if (hash_lengths[i][j] > 0) {
// now we can register the hash lengths for this function
HIP_IFEL((bex_hash_length_id =
- hcstore_register_hash_length(&bex_store,
- bex_function_id,
- hash_lengths[i][j])) < 0,
- -1,
- "failed to register
hash-length in bex-store\n");
+ hcstore_register_hash_length(&bex_store,
+ bex_function_id,
+
hash_lengths[i][j])) < 0,
+ -1,
+ "failed to register hash-length in bex-store\n");
HIP_IFEL((update_hash_length_id = hcstore_register_hash_length(
&update_store, update_function_id,
hash_lengths[i][j])) < 0, -1,
- "failed to register hash-length in
update-store\n");
+ "failed to register hash-length in update-store\n");
// ensure the 2 stores are in sync
HIP_ASSERT(bex_hash_length_id == update_hash_length_id);
@@ -339,36 +339,36 @@
// store these IDs in the transforms array
if (esp_prot_transforms[token_transform].is_used) {
esp_prot_transforms[token_transform].hash_func_id =
- bex_function_id;
+ bex_function_id;
esp_prot_transforms[token_transform].hash_length_id =
- bex_hash_length_id;
+ bex_hash_length_id;
}
/* also register the the hchain lengths for this function and
this
* hash length */
HIP_IFEL(hcstore_register_hash_item_length(
- &bex_store, bex_function_id, bex_hash_length_id,
- bex_hchain_length) < 0, -1,
- "failed to register hchain-length in bex-store\n");
+ &bex_store, bex_function_id, bex_hash_length_id,
+ bex_hchain_length) < 0, -1,
+ "failed to register hchain-length in bex-store\n");
/* register number of hierarchies in BEX-store */
HIP_IFEL(hcstore_register_hash_item_hierarchy(
- &bex_store, bex_function_id, bex_hash_length_id,
- bex_hchain_length, NUM_BEX_HIERARCHIES) < 0, -1,
- "failed to register hchain-hierarchy in bex-store\n");
+ &bex_store, bex_function_id, bex_hash_length_id,
+ bex_hchain_length, NUM_BEX_HIERARCHIES) < 0, -1,
+ "failed to register hchain-hierarchy in bex-store\n");
for (g = 0; g < NUM_UPDATE_HCHAIN_LENGTHS; g++) {
HIP_IFEL(hcstore_register_hash_item_length(
- &update_store, update_function_id,
- update_hash_length_id,
- update_hchain_lengths[g]) < 0, -1,
- "failed to register hchain-length in
update-store\n");
+ &update_store, update_function_id,
+ update_hash_length_id,
+ update_hchain_lengths[g]) < 0, -1,
+ "failed to register hchain-length in
update-store\n");
HIP_IFEL(hcstore_register_hash_item_hierarchy(
- &update_store, update_function_id,
- update_hash_length_id, update_hchain_lengths[g],
- num_hierarchies) < 0, -1,
- "failed to register hchain-hierarchy in
update-store\n");
+ &update_store, update_function_id,
+ update_hash_length_id,
update_hchain_lengths[g],
+ num_hierarchies) < 0, -1,
+ "failed to register hchain-hierarchy in
update-store\n");
}
} else {
// for this hash-function we have already processed all
hash-lengths
@@ -444,11 +444,11 @@
unsigned char (*esp_prot_anchors)[MAX_HASH_LENGTH],
const int update)
{
- int hash_length = 0, err = 0;
- int use_hash_trees = 0;
- hash_chain_t *hchain = NULL;
- hash_tree_t *htree = NULL;
- uint16_t i;
+ int hash_length = 0, err = 0;
+ int use_hash_trees = 0;
+ hash_chain_t *hchain = NULL;
+ hash_tree_t *htree = NULL;
+ uint16_t i;
HIP_ASSERT(entry != 0);
HIP_ASSERT(entry->direction == 1 || entry->direction == 2);
@@ -473,7 +473,7 @@
HIP_DEBUG("found matching esp prot transforms\n");
// we have to get the hash_length
- hash_length =
esp_prot_get_hash_length(esp_prot_transform);
+ hash_length = esp_prot_get_hash_length(esp_prot_transform);
entry->update_item_length = hash_item_length;
@@ -489,14 +489,14 @@
HIP_IFEL(memcmp(&esp_prot_anchors[i][0],
htree->root, hash_length), -1,
- "received a non-matching root from
hipd for next_hchain\n");
+ "received a non-matching root from hipd
for next_hchain\n");
} else {
hchain = entry->next_hash_items[i];
HIP_IFEL(memcmp(&esp_prot_anchors[i][0],
hchain_get_anchor(hchain),
hash_length), -1,
- "received a non-matching anchor
from hipd for next_hchain\n");
+ "received a non-matching anchor from hipd
for next_hchain\n");
}
entry->update_item_acked[i] = 1;
@@ -522,9 +522,9 @@
if (i < esp_num_anchors) {
HIP_IFEL(!(entry->active_hash_items[i] =
esp_prot_get_bex_item_by_anchor(
- &esp_prot_anchors[i][0],
- esp_prot_transform)),
- -1, "corresponding hchain not found\n");
+ &esp_prot_anchors[i][0],
+ esp_prot_transform)),
+ -1, "corresponding hchain not found\n");
} else {
entry->active_hash_items[i] = NULL;
}
@@ -582,7 +582,7 @@
{
esp_prot_tfm_t *prot_transform = NULL;
hash_function_t hash_function = NULL;
- int err = 0;
+ int err = 0;
HIP_IFEL(!(prot_transform = esp_prot_resolve_transform(transform)), 1,
"tried to resolve UNUSED or UNKNOWN transform\n");
@@ -607,7 +607,7 @@
int esp_prot_get_hash_length(const uint8_t transform)
{
esp_prot_tfm_t *prot_transform = NULL;
- int err = 0;
+ int err = 0;
// return length 0 for UNUSED transform
HIP_IFEL(!(prot_transform = esp_prot_resolve_transform(transform)), 0,
@@ -631,13 +631,13 @@
const uint16_t esp_length,
hip_sa_entry_t *entry)
{
- int err = 0;
+ int err = 0;
hash_function_t hash_function = NULL;
- int hash_length = 0;
+ int hash_length = 0;
// check whether cumulative authentication is active
if (entry->esp_prot_transform == ESP_PROT_TFM_CUMULATIVE ||
- entry->esp_prot_transform == ESP_PROT_TFM_PARA_CUMUL) {
+ entry->esp_prot_transform == ESP_PROT_TFM_PARA_CUMUL) {
hash_length = esp_prot_get_hash_length(entry->esp_prot_transform);
hash_function = esp_prot_get_hash_function(entry->esp_prot_transform);
@@ -668,13 +668,13 @@
int esp_prot_add_hash(unsigned char *esp_packet, int *out_length,
hip_sa_entry_t *entry)
{
- const unsigned char *tmp_hash = NULL;
- int err = 0;
- uint32_t htree_index = 0;
- uint32_t htree_index_net = 0;
- hash_chain_t *hchain = NULL;
- hash_tree_t *htree = NULL;
- int branch_length = 0;
+ const unsigned char *tmp_hash = NULL;
+ int err = 0;
+ uint32_t htree_index = 0;
+ uint32_t htree_index_net = 0;
+ hash_chain_t *hchain = NULL;
+ hash_tree_t *htree = NULL;
+ int branch_length = 0;
HIP_ASSERT(esp_packet != NULL);
HIP_ASSERT(*out_length == 0);
@@ -696,39 +696,36 @@
memcpy(esp_packet, &htree_index_net, sizeof(uint32_t));
// get hash token and add it - only returns a reference into
the array
- tmp_hash = htree_get_data(htree, htree_index,
- out_length);
+ tmp_hash = htree_get_data(htree, htree_index,
+ out_length);
memcpy(esp_packet + sizeof(uint32_t), tmp_hash, *out_length);
- *out_length += sizeof(uint32_t);
+ *out_length += sizeof(uint32_t);
// add the verification branch - directly memcpy elements into
packet
HIP_IFEL(!htree_get_branch(htree, htree_index,
esp_packet + *out_length,
&branch_length), -1,
- "failed to get verification
branch\n");
+ "failed to get verification branch\n");
*out_length += branch_length;
HIP_DEBUG("htree_index: %u\n", htree_index);
HIP_DEBUG("htree_index (packet): %u\n",
*(uint32_t *) esp_packet);
-
} else {
HIP_DEBUG("htree depleted, dropping packet\n");
err = 1;
}
-
} else {
-
if (token_transform == ESP_PROT_TFM_PARALLEL) {
hchain = entry->active_hash_items[entry->last_used_chain];
HIP_DEBUG("entry->last_used_chain: %i\n",
entry->last_used_chain);
entry->last_used_chain =
- (entry->last_used_chain + 1) % num_parallel_hchains;
+ (entry->last_used_chain + 1) % num_parallel_hchains;
} else {
hchain = entry->active_hash_items[0];
}
@@ -800,7 +797,7 @@
const int next_root_length)
{
uint32_t tmp_distance = 0;
- int err = 0;
+ int err = 0;
HIP_ASSERT(hash_function != NULL);
HIP_ASSERT(hash_length > 0);
@@ -894,7 +891,7 @@
const int next_uroot_length,
const unsigned char *hash_value)
{
- int err = 0;
+ int err = 0;
uint32_t data_index = 0;
HIP_ASSERT(hash_function != NULL);
@@ -971,7 +968,7 @@
HIP_DEBUG("resolving transform: %u\n", transform);
if (transform > ESP_PROT_TFM_UNUSED &&
- esp_prot_transforms[transform].is_used) {
+ esp_prot_transforms[transform].is_used) {
return &esp_prot_transforms[transform];
} else {
return NULL;
@@ -998,7 +995,7 @@
offset += esp_prot_get_hash_length(entry->esp_prot_transform);
if (entry->esp_prot_transform == ESP_PROT_TFM_CUMULATIVE
- || entry->esp_prot_transform == ESP_PROT_TFM_PARA_CUMUL) {
+ || entry->esp_prot_transform == ESP_PROT_TFM_PARA_CUMUL) {
offset += ((esp_prot_get_hash_length(entry->esp_prot_transform) +
sizeof(uint32_t))
* (num_linear_elements + num_random_elements));
}
@@ -1018,20 +1015,20 @@
*/
int esp_prot_sadb_maintenance(hip_sa_entry_t *entry)
{
- esp_prot_tfm_t *prot_transform = NULL;
- int has_linked_anchor = 0, soft_update = 1;
- int err = 0;
- int anchor_length = 0;
- int anchor_offset[MAX_NUM_PARALLEL_HCHAINS];
+ esp_prot_tfm_t *prot_transform = NULL;
+ int has_linked_anchor = 0, soft_update = 1;
+ int err = 0;
+ int anchor_length = 0;
+ int anchor_offset[MAX_NUM_PARALLEL_HCHAINS];
const unsigned char *anchors[MAX_NUM_PARALLEL_HCHAINS];
- hash_tree_t *htree = NULL;
- hash_chain_t *hchain = NULL;
- hash_tree_t *link_trees[MAX_NUM_PARALLEL_HCHAINS];
- int hash_item_length = 0;
- int remaining = 0, i, j;
- int threshold = 0;
- int use_hash_trees = 0;
- int hierarchy_level = 0;
+ hash_tree_t *htree = NULL;
+ hash_chain_t *hchain = NULL;
+ hash_tree_t *link_trees[MAX_NUM_PARALLEL_HCHAINS];
+ int hash_item_length = 0;
+ int remaining = 0, i, j;
+ int threshold = 0;
+ int use_hash_trees = 0;
+ int hierarchy_level = 0;
HIP_ASSERT(entry != NULL);
@@ -1044,14 +1041,14 @@
htree = entry->active_hash_items[0];
hash_item_length = htree->num_data_blocks;
- remaining = htree_get_num_remaining(htree);
- threshold = htree->num_data_blocks * update_threshold;
+ remaining = htree_get_num_remaining(htree);
+ threshold = htree->num_data_blocks * update_threshold;
} else {
hchain = entry->active_hash_items[0];
hash_item_length = hchain->hchain_length;
- remaining = hchain_get_num_remaining(hchain);
- threshold = hchain->hchain_length * update_threshold;
+ remaining = hchain_get_num_remaining(hchain);
+ threshold = hchain->hchain_length * update_threshold;
}
/* ensure that the next hash-items are set up before the active ones
@@ -1077,8 +1074,8 @@
}
HIP_IFEL(!(prot_transform =
- esp_prot_resolve_transform(entry->esp_prot_transform)),
- 1, "tried to resolve UNUSED transform\n");
+
esp_prot_resolve_transform(entry->esp_prot_transform)),
+ 1, "tried to resolve UNUSED transform\n");
/* soft-update vs. PK-update
* -> do a soft-update */
@@ -1090,19 +1087,19 @@
while (htree_has_more_data(link_trees[i])) {
// get the next hchain from the link_tree
anchor_offset[i] =
- htree_get_next_data_offset(link_trees[i]);
- anchors[i] =
- htree_get_data(link_trees[i], anchor_offset[i],
- &anchor_length);
+ htree_get_next_data_offset(link_trees[i]);
+ anchors[i] =
+ htree_get_data(link_trees[i], anchor_offset[i],
+ &anchor_length);
// set next_hash_item, if linked one is available
- if ((entry->next_hash_items[i]=
- hcstore_get_item_by_anchor(&update_store,
-
prot_transform->hash_func_id,
-
prot_transform->hash_length_id,
- hierarchy_level - 1,
- anchors[i],
- use_hash_trees))) {
+ if ((entry->next_hash_items[i] =
+ hcstore_get_item_by_anchor(&update_store,
+
prot_transform->hash_func_id,
+
prot_transform->hash_length_id,
+ hierarchy_level -
1,
+ anchors[i],
+ use_hash_trees))) {
HIP_DEBUG("linked hchain found in store,
soft-update\n");
has_linked_anchor = 1;
@@ -1133,7 +1130,7 @@
/* and restart the loop
* NOTE continues results in i++ */
- i = -1;
+ i = -1;
continue;
}
@@ -1148,10 +1145,10 @@
* hchain lengths
*/
HIP_IFEL(!(entry->next_hash_items[i] =
- hcstore_get_hash_item(&update_store,
- prot_transform->hash_func_id,
-
prot_transform->hash_length_id,
-
update_hchain_lengths[DEFAULT_HCHAIN_LENGTH_ID])),
+ hcstore_get_hash_item(&update_store,
+
prot_transform->hash_func_id,
+
prot_transform->hash_length_id,
+
update_hchain_lengths[DEFAULT_HCHAIN_LENGTH_ID])),
-1, "unable to retrieve hchain from store\n");
if (use_hash_trees) {
@@ -1171,7 +1168,7 @@
HIP_IFEL(send_trigger_update_to_hipd(entry, anchors,
hash_item_length, soft_update,
anchor_offset, link_trees),
-1,
- "unable to trigger update at
hipd\n");
+ "unable to trigger update at hipd\n");
// refill update-store
HIP_IFEL((err = hcstore_refill(&update_store, use_hash_trees)) <
0, -1,
@@ -1180,7 +1177,7 @@
/* activate next hchains if current ones are depleted and update has
been acked
* -> assume first hchain represents all parallel ones */
- if (entry->next_hash_items[0] && entry->update_item_acked[0]&&
remaining == 0) {
+ if (entry->next_hash_items[0] && entry->update_item_acked[0] &&
remaining == 0) {
for (i = 0; i < num_parallel_hchains; i++) {
// this will free all linked elements in the hchain
if (use_hash_trees) {
=== modified file 'firewall/esp_prot_api.h'
--- firewall/esp_prot_api.h 2010-12-13 18:47:14 +0000
+++ firewall/esp_prot_api.h 2011-01-03 16:06:13 +0000
@@ -55,24 +55,24 @@
} esp_prot_tfm_t;
-extern int token_transform;
-extern int num_parallel_hchains;
-extern int ring_buffer_size;
-extern int num_linear_elements;
-extern int num_random_elements;
-extern int hash_length_g;
-extern int hash_structure_length;
-extern int num_hchains_per_item;
-extern int num_hierarchies;
+extern int token_transform;
+extern int num_parallel_hchains;
+extern int ring_buffer_size;
+extern int num_linear_elements;
+extern int num_random_elements;
+extern int hash_length_g;
+extern int hash_structure_length;
+extern int num_hchains_per_item;
+extern int num_hierarchies;
extern double refill_threshold;
extern double update_threshold;
-extern int hash_lengths[NUM_HASH_FUNCTIONS][NUM_HASH_LENGTHS];
+extern int hash_lengths[NUM_HASH_FUNCTIONS][NUM_HASH_LENGTHS];
extern hash_function_t hash_functions[NUM_HASH_FUNCTIONS];
int esp_prot_init(void);
int esp_prot_uninit(void);
-int esp_prot_sa_entry_set(hip_sa_entry_t *entry,
+int esp_prot_sa_entry_set(hip_sa_entry_t * entry,
const uint8_t esp_prot_transform,
const uint32_t hash_item_length,
const uint16_t esp_num_anchors,
=== modified file 'firewall/esp_prot_config.c'
--- firewall/esp_prot_config.c 2010-10-15 15:29:14 +0000
+++ firewall/esp_prot_config.c 2011-01-03 16:06:13 +0000
@@ -46,23 +46,23 @@
#include "config.h"
-const char *config_file = HIPL_SYSCONFDIR
"/esp_prot_config.cfg";
+const char *config_file = HIPL_SYSCONFDIR "/esp_prot_config.cfg";
const char *path_hash_length = "token_config.hash_length";
const char *path_hash_structure_length = "token_config.hash_structure_length";
const char *path_token_transform = "token_config.token_transform";
-const char *path_num_parallel_hchains =
"token_config.token_modes.num_parallel_hchains";
-const char *path_ring_buffer_size =
"token_config.token_modes.ring_buffer_size";
-const char *path_num_linear_elements =
"token_config.token_modes.num_linear_elements";
-const char *path_num_random_elements =
"token_config.token_modes.num_random_elements";
-
-const char *path_num_hchains_per_item = "sender.hcstore.num_hchains_per_item";
-const char *path_num_hierarchies = "sender.hcstore.num_hierarchies";
-const char *path_refill_threshold = "sender.hcstore.refill_threshold";
-const char *path_update_threshold = "sender.update_threshold";
-
-const char *path_window_size = "verifier.window_size";
+const char *path_num_parallel_hchains =
"token_config.token_modes.num_parallel_hchains";
+const char *path_ring_buffer_size =
"token_config.token_modes.ring_buffer_size";
+const char *path_num_linear_elements =
"token_config.token_modes.num_linear_elements";
+const char *path_num_random_elements =
"token_config.token_modes.num_random_elements";
+
+const char *path_num_hchains_per_item = "sender.hcstore.num_hchains_per_item";
+const char *path_num_hierarchies = "sender.hcstore.num_hierarchies";
+const char *path_refill_threshold = "sender.hcstore.refill_threshold";
+const char *path_update_threshold = "sender.update_threshold";
+
+const char *path_window_size = "verifier.window_size";
#ifdef HAVE_LIBCONFIG
/**
@@ -84,10 +84,10 @@
* libconfig 1.4, remove the ugly workaround below accordingly. See #134. */
#if defined LIBCONFIG_VER_MAJOR && defined LIBCONFIG_VER_MINOR &&
(((LIBCONFIG_VER_MAJOR == 1) && (LIBCONFIG_VER_MINOR >= 4)) ||
(LIBCONFIG_VER_MAJOR > 1))
/* libconfig version 1.4 and later */
- int value = 0;
+ int value = 0;
#else
/* libconfig version before 1.4 */
- long value = 0;
+ long value = 0;
#endif
int success = config_lookup_int(cfg, name, &value);
@@ -97,6 +97,7 @@
}
return success;
}
+
#endif /* HAVE_LIBCONFIG */
/**
@@ -112,7 +113,7 @@
*
* FIXME this should be removed once we go tiny */
#ifdef HAVE_LIBCONFIG
- int err = 0;
+ int err = 0;
HIP_IFEL(!(cfg = malloc(sizeof(config_t))), -1,
"Unable to allocate memory!\n");
@@ -164,7 +165,6 @@
int err = 0;
if (cfg) {
-
#ifdef HAVE_LIBCONFIG
// process parallel hchains-related settings
if (!esp_prot_wrap_config_lookup_int(cfg, path_token_transform,
@@ -198,9 +198,9 @@
num_parallel_hchains = 2;
}
- ring_buffer_size = 0;
- num_linear_elements = 0;
- num_random_elements = 0;
+ ring_buffer_size = 0;
+ num_linear_elements = 0;
+ num_random_elements = 0;
break;
case ESP_PROT_TFM_CUMULATIVE:
@@ -263,7 +263,6 @@
err = -1;
goto out_err;
#endif /* HAVE_LIBCONFIG */
-
} else {
HIP_ERROR("no configuration file available\n");
@@ -306,7 +305,6 @@
int err = 0;
if (cfg) {
-
#ifdef HAVE_LIBCONFIG
// process hcstore-related settings
if (!esp_prot_wrap_config_lookup_int(cfg, path_num_hchains_per_item,
@@ -335,7 +333,6 @@
err = -1;
goto out_err;
#endif /* HAVE_LIBCONFIG */
-
} else {
HIP_ERROR("no configuration file available\n");
@@ -389,7 +386,6 @@
err = -1;
goto out_err;
#endif /* HAVE_LIBCONFIG */
-
} else {
HIP_ERROR("no configuration file available\n");
=== modified file 'firewall/esp_prot_conntrack.c'
--- firewall/esp_prot_conntrack.c 2010-12-13 19:09:27 +0000
+++ firewall/esp_prot_conntrack.c 2011-01-03 16:06:13 +0000
@@ -107,7 +107,7 @@
static void esp_prot_conntrack_free_cached_item(void *cache_item)
{
struct esp_anchor_item *anchor_item = NULL;
- long i;
+ long i;
if (cache_item) {
anchor_item = cache_item;
@@ -136,7 +136,7 @@
{
struct esp_tuple *esp_tuple = NULL;
struct slist *list = NULL;
- int err = 0;
+ int err = 0;
HIP_DEBUG("\n");
@@ -189,13 +189,13 @@
const struct esp_prot_anchor
**esp_anchors,
const struct esp_prot_root
**esp_roots)
{
- struct esp_anchor_item *anchor_item = NULL;
- unsigned char *cmp_value = NULL;
- struct esp_tuple *esp_tuple = NULL;
+ struct esp_anchor_item *anchor_item = NULL;
+ unsigned char *cmp_value = NULL;
+ struct esp_tuple *esp_tuple = NULL;
esp_prot_conntrack_tfm_t *conntrack_tfm = NULL;
- int hash_length = 0;
- int err = 0;
- long i;
+ int hash_length = 0;
+ int err = 0;
+ long i;
HIP_DEBUG("\n");
@@ -208,10 +208,10 @@
// needed for allocating and copying the anchors
conntrack_tfm = esp_prot_conntrack_resolve_transform(
esp_anchors[0]->transform);
- hash_length = conntrack_tfm->hash_length;
+ hash_length = conntrack_tfm->hash_length;
HIP_IFEL(!(esp_tuple = esp_prot_conntrack_find_esp_tuple(
- tuple, &esp_anchors[0]->anchors[0], hash_length)), -1,
+ tuple, &esp_anchors[0]->anchors[0], hash_length)), -1,
"failed to look up matching esp_tuple\n");
HIP_IFEL(!(anchor_item = malloc(sizeof(struct esp_anchor_item))), -1,
@@ -296,16 +296,16 @@
const struct hip_ack *ack,
const struct hip_esp_info
*esp_info)
{
- struct esp_anchor_item *anchor_item = NULL;
- struct tuple *other_dir_tuple = NULL;
- struct esp_tuple *esp_tuple = NULL;
- esp_prot_conntrack_tfm_t *conntrack_tfm = NULL;
- int hash_length = 0;
+ struct esp_anchor_item *anchor_item = NULL;
+ struct tuple *other_dir_tuple = NULL;
+ struct esp_tuple *esp_tuple = NULL;
+ esp_prot_conntrack_tfm_t *conntrack_tfm = NULL;
+ int hash_length = 0;
// assume not found
- int err = 0;
- unsigned element_index = 0;
- int found = 0;
- long i;
+ int err = 0;
+ unsigned element_index = 0;
+ int found = 0;
+ long i;
HIP_DEBUG("\n");
@@ -330,9 +330,8 @@
HIP_DEBUG("received ack: %u\n", ntohl(ack->peer_update_id));
for (element_index = 0;
- element_index < hip_ll_get_size(&esp_tuple->anchor_cache);
- element_index++) {
-
+ element_index < hip_ll_get_size(&esp_tuple->anchor_cache);
+ element_index++) {
HIP_IFEL(!(anchor_item = (struct esp_anchor_item *)
hip_ll_get(&esp_tuple->anchor_cache,
element_index)),
@@ -352,7 +351,7 @@
// needed for allocating and copying the anchors
conntrack_tfm = esp_prot_conntrack_resolve_transform(
esp_tuple->esp_prot_tfm);
- hash_length = conntrack_tfm->hash_length;
+ hash_length = conntrack_tfm->hash_length;
esp_tuple->hash_item_length = anchor_item->hash_item_length;
for (i = 0; i < esp_tuple->num_hchains; i++) {
@@ -419,12 +418,12 @@
const struct esp_prot_secret
*esp_secrets[MAX_NUM_PARALLEL_HCHAINS])
{
esp_prot_conntrack_tfm_t *conntrack_tfm = NULL;
- int hash_length = 0;
- struct esp_tuple *esp_tuple = NULL;
- int err = 0;
- int i = 0;
- uint32_t branch_length = 0;
- uint32_t anchor_offset = 0;
+ int hash_length = 0;
+ struct esp_tuple *esp_tuple = NULL;
+ int err = 0;
+ int i = 0;
+ uint32_t branch_length = 0;
+ uint32_t anchor_offset = 0;
HIP_DEBUG("\n");
@@ -435,13 +434,13 @@
// needed for allocating and copying the anchors
conntrack_tfm = esp_prot_conntrack_resolve_transform(
- esp_anchors[0]->transform);
+ esp_anchors[0]->transform);
hash_length = conntrack_tfm->hash_length;
HIP_IFEL(!(esp_tuple = esp_prot_conntrack_find_esp_tuple(
- tuple, &esp_anchors[0]->anchors[0],
- hash_length)),
- -1, "failed to look up matching esp_tuple\n");
+ tuple, &esp_anchors[0]->anchors[0],
+ hash_length)),
+ -1, "failed to look up matching esp_tuple\n");
for (i = 0; i < esp_tuple->num_hchains; i++) {
branch_length = ntohl(esp_branches[i]->branch_length);
@@ -461,7 +460,6 @@
htree_node_generator,
NULL)) {
HIP_DEBUG("anchor verified\n");
-
} else {
HIP_DEBUG("failed to verify branch!\n");
@@ -481,7 +479,7 @@
int esp_prot_conntrack_init(void)
{
config_t *config = NULL;
- int err = 0, i, j;
+ int err = 0, i, j;
HIP_DEBUG("Initializing conntracking of esp protection extension...\n");
@@ -515,9 +513,9 @@
if (esp_prot_conntrack_tfms[token_transform].is_used) {
esp_prot_conntrack_tfms[token_transform].hash_function =
- hash_functions[i];
+ hash_functions[i];
esp_prot_conntrack_tfms[token_transform].hash_length =
- hash_lengths[i][j];
+ hash_lengths[i][j];
}
}
}
@@ -554,7 +552,7 @@
const struct tuple *tuple)
{
const struct esp_prot_preferred_tfms *prot_transforms = NULL;
- int err = 0, i;
+ int err = 0, i;
HIP_DEBUG("\n");
@@ -610,13 +608,13 @@
int esp_prot_conntrack_I2_anchor(const struct hip_common *common,
struct tuple *tuple)
{
- const struct hip_tlv_common *param = NULL;
- const struct esp_prot_anchor *prot_anchor = NULL;
- struct esp_tuple *esp_tuple = NULL;
- esp_prot_conntrack_tfm_t *conntrack_tfm = NULL;
- long i = 0;
- int hash_length = 0;
- int err = 0;
+ const struct hip_tlv_common *param = NULL;
+ const struct esp_prot_anchor *prot_anchor = NULL;
+ struct esp_tuple *esp_tuple = NULL;
+ esp_prot_conntrack_tfm_t *conntrack_tfm = NULL;
+ long i = 0;
+ int hash_length = 0;
+ int err = 0;
HIP_DEBUG("\n");
@@ -652,7 +650,7 @@
HIP_DEBUG("using esp prot transform: %u\n",
esp_tuple->esp_prot_tfm);
if (esp_tuple->esp_prot_tfm > ESP_PROT_TFM_UNUSED) {
- conntrack_tfm =
esp_prot_conntrack_resolve_transform(
+ conntrack_tfm = esp_prot_conntrack_resolve_transform(
esp_tuple->esp_prot_tfm);
hash_length = conntrack_tfm->hash_length;
esp_tuple->hash_item_length =
ntohl(prot_anchor->hash_item_length);
@@ -731,7 +729,7 @@
struct esp_tuple *esp_prot_conntrack_R2_esp_tuple(const struct slist
*other_dir_esps)
{
struct esp_tuple *esp_tuple = NULL;
- int err = 0;
+ int err = 0;
HIP_DEBUG("\n");
@@ -768,13 +766,13 @@
int esp_prot_conntrack_R2_anchor(const struct hip_common *common,
const struct tuple *tuple)
{
- const struct hip_tlv_common *param = NULL;
- const struct esp_prot_anchor *prot_anchor = NULL;
- struct esp_tuple *esp_tuple = NULL;
- esp_prot_conntrack_tfm_t *conntrack_tfm = NULL;
- long i = 0;
- int hash_length = 0;
- int err = 0;
+ const struct hip_tlv_common *param = NULL;
+ const struct esp_prot_anchor *prot_anchor = NULL;
+ struct esp_tuple *esp_tuple = NULL;
+ esp_prot_conntrack_tfm_t *conntrack_tfm = NULL;
+ long i = 0;
+ int hash_length = 0;
+ int err = 0;
HIP_DEBUG("\n");
@@ -800,9 +798,9 @@
HIP_DEBUG("using esp prot transform: %u\n",
esp_tuple->esp_prot_tfm);
if (esp_tuple->esp_prot_tfm > ESP_PROT_TFM_UNUSED) {
- conntrack_tfm =
esp_prot_conntrack_resolve_transform(
+ conntrack_tfm = esp_prot_conntrack_resolve_transform(
esp_tuple->esp_prot_tfm);
- hash_length = conntrack_tfm->hash_length;
+ hash_length = conntrack_tfm->hash_length;
esp_tuple->hash_item_length =
ntohl(prot_anchor->hash_item_length);
@@ -872,14 +870,14 @@
int esp_prot_conntrack_update(const hip_common_t *update,
const struct tuple *tuple)
{
- const struct hip_tlv_common *param = NULL;
- const struct hip_seq *seq = NULL;
- const struct hip_ack *ack = NULL;
- const struct hip_esp_info *esp_info = NULL;
+ const struct hip_tlv_common *param = NULL;
+ const struct hip_seq *seq = NULL;
+ const struct hip_ack *ack = NULL;
+ const struct hip_esp_info *esp_info = NULL;
const struct esp_prot_anchor *esp_anchors[MAX_NUM_PARALLEL_HCHAINS];
- const struct esp_prot_root *esp_roots[MAX_NUM_PARALLEL_HCHAINS];
- int err = 0;
- long i = 0;
+ const struct esp_prot_root *esp_roots[MAX_NUM_PARALLEL_HCHAINS];
+ int err = 0;
+ long i = 0;
HIP_DEBUG("\n");
@@ -893,7 +891,7 @@
esp_info = hip_get_param(update, HIP_PARAM_ESP_INFO);
ack = hip_get_param(update, HIP_PARAM_ACK);
// there might be several anchor elements
- param = hip_get_param(update, HIP_PARAM_ESP_PROT_ANCHOR);
+ param = hip_get_param(update, HIP_PARAM_ESP_PROT_ANCHOR);
// distinguish packet types and process accordingly
if (seq && !ack && !esp_info && param) {
@@ -903,7 +901,7 @@
for (i = 0; i < num_parallel_hchains; i++) {
esp_anchors[i] = (const struct esp_prot_anchor *) param;
- param = hip_get_next_param(update, param);
+ param = hip_get_next_param(update, param);
}
param = hip_get_param(update, HIP_PARAM_ESP_PROT_ROOT);
@@ -912,7 +910,7 @@
for (i = 0; i < num_parallel_hchains; i++) {
esp_roots[i] = (const struct esp_prot_root *) param;
- param = hip_get_next_param(update, param);
+ param = hip_get_next_param(update, param);
}
}
@@ -977,18 +975,18 @@
struct tuple *tuple,
const hip_fw_context_t *ctx)
{
- const struct hip_seq *seq = NULL;
- const struct hip_tlv_common *param = NULL;
+ const struct hip_seq *seq = NULL;
+ const struct hip_tlv_common *param = NULL;
const struct esp_prot_anchor *esp_anchors[MAX_NUM_PARALLEL_HCHAINS];
const struct esp_prot_branch *esp_branches[MAX_NUM_PARALLEL_HCHAINS];
const struct esp_prot_secret *esp_secrets[MAX_NUM_PARALLEL_HCHAINS];
- const struct esp_prot_root *esp_roots[MAX_NUM_PARALLEL_HCHAINS];
- const struct hip_ack *ack = NULL;
- const struct hip_esp_info *esp_info = NULL;
- const struct in6_addr *ip6_src = &ctx->src;
- const struct in6_addr *ip6_dst = &ctx->dst;
- int err = 0;
- long i;
+ const struct esp_prot_root *esp_roots[MAX_NUM_PARALLEL_HCHAINS];
+ const struct hip_ack *ack = NULL;
+ const struct hip_esp_info *esp_info = NULL;
+ const struct in6_addr *ip6_src = &ctx->src;
+ const struct in6_addr *ip6_dst = &ctx->dst;
+ int err = 0;
+ long i;
HIP_DEBUG("\n");
@@ -1010,21 +1008,21 @@
for (i = 0; i < num_parallel_hchains; i++) {
esp_anchors[i] = (const struct esp_prot_anchor *) param;
- param = hip_get_next_param(common, param);
+ param = hip_get_next_param(common, param);
}
param = hip_get_param(common, HIP_PARAM_ESP_PROT_BRANCH);
for (i = 0; i < num_parallel_hchains; i++) {
esp_branches[i] = (const struct esp_prot_branch *) param;
- param = hip_get_next_param(common, param);
+ param = hip_get_next_param(common, param);
}
param = hip_get_param(common, HIP_PARAM_ESP_PROT_SECRET);
for (i = 0; i < num_parallel_hchains; i++) {
esp_secrets[i] = (const struct esp_prot_secret *) param;
- param = hip_get_next_param(common, param);
+ param = hip_get_next_param(common, param);
}
param = hip_get_param(common, HIP_PARAM_ESP_PROT_ROOT);
@@ -1032,7 +1030,7 @@
for (i = 0; i < num_parallel_hchains; i++) {
esp_roots[i] = (const struct esp_prot_root *) param;
- param = hip_get_next_param(common, param);
+ param = hip_get_next_param(common, param);
}
} else {
memset(esp_roots, 0, MAX_NUM_PARALLEL_HCHAINS * sizeof(struct
esp_prot_root *));
@@ -1056,7 +1054,7 @@
// verify tree
HIP_IFEL(esp_prot_conntrack_verify_branch(tuple, esp_anchors,
esp_branches,
esp_secrets), -1,
- "failed to verify branch\n");
+ "failed to verify branch\n");
// cache update_anchor and root
HIP_IFEL(esp_prot_conntrack_cache_anchor(tuple, seq, esp_anchors,
esp_roots), -1,
@@ -1089,16 +1087,16 @@
int esp_prot_conntrack_verify(const hip_fw_context_t *ctx,
struct esp_tuple *esp_tuple)
{
- esp_prot_conntrack_tfm_t *conntrack_tfm = NULL;
- struct hip_esp *esp = NULL;
- int esp_len = 0;
- uint32_t num_verify = 0;
- int use_hash_trees = 0;
- esp_cumulative_item_t *cached_element = NULL;
- unsigned char packet_hash[MAX_HASH_LENGTH];
- esp_cumulative_item_t *cumulative_ptr = NULL;
- int active_hchain = 0, err = 0, i;
- uint32_t current_seq = 0;
+ esp_prot_conntrack_tfm_t *conntrack_tfm = NULL;
+ struct hip_esp *esp = NULL;
+ int esp_len = 0;
+ uint32_t num_verify = 0;
+ int use_hash_trees = 0;
+ esp_cumulative_item_t *cached_element = NULL;
+ unsigned char packet_hash[MAX_HASH_LENGTH];
+ esp_cumulative_item_t *cumulative_ptr = NULL;
+ int active_hchain = 0, err = 0, i;
+ uint32_t current_seq = 0;
HIP_DEBUG("\n");
@@ -1106,8 +1104,8 @@
conntrack_tfm = esp_prot_conntrack_resolve_transform(
esp_tuple->esp_prot_tfm);
- esp = ctx->transport_hdr.esp;
- esp_len = ctx->ipq_packet->data_len - ctx->ip_hdr_len;
+ esp = ctx->transport_hdr.esp;
+ esp_len = ctx->ipq_packet->data_len - ctx->ip_hdr_len;
if (ctx->udp_encap_hdr) {
esp_len -= sizeof(struct udphdr);
}
@@ -1143,7 +1141,7 @@
/* calculate difference of SEQ no in order to determine how many
hashes
* we have to calculate */
if (ntohl(esp->esp_seq) - esp_tuple->seq_no > 0 &&
- ntohl(esp->esp_seq) - esp_tuple->seq_no <=
(unsigned)window_size) {
+ ntohl(esp->esp_seq) - esp_tuple->seq_no <= (unsigned)
window_size) {
HIP_DEBUG("seq number within verification window\n");
num_verify = ntohl(esp->esp_seq) - esp_tuple->seq_no;
@@ -1231,10 +1229,10 @@
conntrack_tfm->hash_length);
} else {
// don't copy the next anchor, but the already verified hash
- memcpy( &esp_tuple->active_anchors[active_hchain][0],
((unsigned char *) esp) + sizeof(struct hip_esp),
- conntrack_tfm->hash_length);
- memcpy( &esp_tuple->first_active_anchors[active_hchain][0],
&esp_tuple->next_anchors[active_hchain][0],
- conntrack_tfm->hash_length);
+ memcpy(&esp_tuple->active_anchors[active_hchain][0],
((unsigned char *) esp) + sizeof(struct hip_esp),
+ conntrack_tfm->hash_length);
+ memcpy(&esp_tuple->first_active_anchors[active_hchain][0],
&esp_tuple->next_anchors[active_hchain][0],
+ conntrack_tfm->hash_length);
}
// change roots
=== modified file 'firewall/esp_prot_fw_msg.c'
--- firewall/esp_prot_fw_msg.c 2010-12-06 19:41:51 +0000
+++ firewall/esp_prot_fw_msg.c 2011-01-03 16:06:13 +0000
@@ -68,16 +68,16 @@
static hip_common_t *create_bex_store_update_msg(hchain_store_t *hcstore,
const int use_hash_trees)
{
- struct hip_common *msg = NULL;
- int hash_length = 0, num_hchains = 0;
- esp_prot_tfm_t *transform = NULL;
- hash_chain_t *hchain = NULL;
- hash_tree_t *htree = NULL;
- unsigned char *anchor = NULL;
- int err = 0;
- unsigned j = 0;
- uint8_t i = 0;
- int hash_item_length = 0;
+ struct hip_common *msg = NULL;
+ int hash_length = 0, num_hchains = 0;
+ esp_prot_tfm_t *transform = NULL;
+ hash_chain_t *hchain = NULL;
+ hash_tree_t *htree = NULL;
+ unsigned char *anchor = NULL;
+ int err = 0;
+ unsigned j = 0;
+ uint8_t i = 0;
+ int hash_item_length = 0;
HIP_ASSERT(hcstore != NULL);
@@ -188,10 +188,10 @@
*/
int send_esp_prot_to_hipd(const int activate)
{
- struct hip_common *msg = NULL;
- int num_transforms = 0;
- int err = 0, i;
- uint8_t transform = 0;
+ struct hip_common *msg = NULL;
+ int num_transforms = 0;
+ int err = 0, i;
+ uint8_t transform = 0;
HIP_ASSERT(activate >= 0);
@@ -288,7 +288,7 @@
const int use_hash_trees)
{
struct hip_common *msg = NULL;
- int err = 0;
+ int err = 0;
HIP_ASSERT(hcstore != NULL);
@@ -326,24 +326,24 @@
* @return 0 on success, -1 on error
*/
int send_trigger_update_to_hipd(const hip_sa_entry_t *entry,
- const unsigned char *anchors[MAX_NUM_PARALLEL_HCHAINS],
- const int hash_item_length, const int soft_update,
- const int *anchor_offset,
- hash_tree_t *link_trees[MAX_NUM_PARALLEL_HCHAINS])
+ const unsigned char
*anchors[MAX_NUM_PARALLEL_HCHAINS],
+ const int hash_item_length, const int
soft_update,
+ const int *anchor_offset,
+ hash_tree_t
*link_trees[MAX_NUM_PARALLEL_HCHAINS])
{
- int err = 0;
- int i = 0;
- struct hip_common *msg = NULL;
- int hash_length = 0;
- hash_chain_t *hchain = NULL;
- hash_tree_t *htree = NULL;
- hash_tree_t *link_tree = NULL;
- int secret_length = 0;
- int branch_length = 0;
- int root_length = 0;
- const unsigned char *secret = NULL;
- unsigned char *branch_nodes = NULL;
- const unsigned char *root = NULL;
+ int err = 0;
+ int i = 0;
+ struct hip_common *msg = NULL;
+ int hash_length = 0;
+ hash_chain_t *hchain = NULL;
+ hash_tree_t *htree = NULL;
+ hash_tree_t *link_tree = NULL;
+ int secret_length = 0;
+ int branch_length = 0;
+ int root_length = 0;
+ const unsigned char *secret = NULL;
+ unsigned char *branch_nodes = NULL;
+ const unsigned char *root = NULL;
HIP_ASSERT(entry != NULL);
@@ -361,17 +361,17 @@
HIP_DEBUG_HIT("src_hit", &entry->inner_src_addr);
HIP_IFEL(hip_build_param_contents(msg, &entry->inner_src_addr,
HIP_PARAM_HIT, sizeof(struct in6_addr)),
- -1, "build param contents failed\n");
+ -1, "build param contents failed\n");
HIP_DEBUG_HIT("dst_hit", &entry->inner_dst_addr);
HIP_IFEL(hip_build_param_contents(msg, &entry->inner_dst_addr,
HIP_PARAM_HIT, sizeof(struct in6_addr)),
- -1, "build param contents failed\n");
+ -1, "build param contents failed\n");
HIP_DEBUG("esp_prot_transform: %u\n", entry->esp_prot_transform);
HIP_IFEL(hip_build_param_contents(msg, &entry->esp_prot_transform,
HIP_PARAM_ESP_PROT_TFM, sizeof(uint8_t)),
- -1, "build param contents failed\n");
+ -1, "build param contents failed\n");
// also send the hchain/htree length for all update items
HIP_IFEL(hip_build_param_contents(msg, &hash_item_length, HIP_PARAM_INT,
@@ -389,7 +389,7 @@
HIP_IFEL(hip_build_param_contents(msg, anchors[i],
HIP_PARAM_HCHAIN_ANCHOR,
hash_length), -1,
- "build param contents failed\n");
+ "build param contents failed\n");
}
// now transmit root for each next hash item for tree-based updates, if
available
@@ -414,7 +414,7 @@
HIP_IFEL(hip_build_param_contents(msg, &root_length,
HIP_PARAM_INT,
sizeof(int)), -1,
- "build param contents failed\n");
+ "build param contents failed\n");
}
if (root) {
@@ -428,7 +428,7 @@
HIP_DEBUG("soft_update: %i\n", soft_update);
HIP_IFEL(hip_build_param_contents(msg, &soft_update, HIP_PARAM_INT,
sizeof(int)), -1,
- "build param contents failed\n");
+ "build param contents failed\n");
if (soft_update) {
for (i = 0; i < num_parallel_hchains; i++) {
@@ -437,37 +437,37 @@
HIP_IFEL(!(branch_nodes = htree_get_branch(link_trees[i],
anchor_offset[i], NULL,
&branch_length)), -1,
- "failed to get branch
nodes\n");
+ "failed to get branch nodes\n");
HIP_DEBUG("anchor_offset: %i\n", anchor_offset[i]);
HIP_IFEL(hip_build_param_contents(msg, &anchor_offset[i],
HIP_PARAM_INT,
sizeof(int)), -1,
- "build param contents failed\n");
+ "build param contents failed\n");
HIP_DEBUG("secret_length: %i\n", secret_length);
HIP_IFEL(hip_build_param_contents(msg, &secret_length,
HIP_PARAM_INT,
sizeof(int)), -1,
- "build param contents failed\n");
+ "build param contents failed\n");
HIP_DEBUG("branch_length: %i\n", branch_length);
HIP_IFEL(hip_build_param_contents(msg, &branch_length,
HIP_PARAM_INT,
sizeof(int)), -1,
- "build param contents failed\n");
+ "build param contents failed\n");
HIP_HEXDUMP("secret: ", secret, secret_length);
HIP_IFEL(hip_build_param_contents(msg, secret,
HIP_PARAM_SECRET,
secret_length), -1,
- "build param contents failed\n");
+ "build param contents failed\n");
HIP_HEXDUMP("branch_nodes: ", branch_nodes, branch_length);
HIP_IFEL(hip_build_param_contents(msg, branch_nodes,
HIP_PARAM_BRANCH_NODES,
branch_length), -1,
- "build param contents failed\n");
+ "build param contents failed\n");
}
}
@@ -496,13 +496,13 @@
*/
int send_anchor_change_to_hipd(const hip_sa_entry_t *entry)
{
- int err = 0;
- struct hip_common *msg = NULL;
- int hash_length = 0;
- long i = 0;
- unsigned char *anchor = NULL;
- hash_chain_t *hchain = NULL;
- hash_tree_t *htree = NULL;
+ int err = 0;
+ struct hip_common *msg = NULL;
+ int hash_length = 0;
+ long i = 0;
+ unsigned char *anchor = NULL;
+ hash_chain_t *hchain = NULL;
+ hash_tree_t *htree = NULL;
HIP_ASSERT(entry != NULL);
HIP_ASSERT(entry->direction == HIP_SPI_DIRECTION_OUT);
@@ -521,22 +521,22 @@
HIP_DEBUG_HIT("src_hit", &entry->inner_src_addr);
HIP_IFEL(hip_build_param_contents(msg, &entry->inner_src_addr,
HIP_PARAM_HIT, sizeof(struct in6_addr)),
- -1, "build param contents failed\n");
+ -1, "build param contents failed\n");
HIP_DEBUG_HIT("dst_hit", &entry->inner_dst_addr);
HIP_IFEL(hip_build_param_contents(msg, &entry->inner_dst_addr,
HIP_PARAM_HIT, sizeof(struct in6_addr)),
- -1, "build param contents failed\n");
+ -1, "build param contents failed\n");
HIP_DEBUG("direction: %i\n", entry->direction);
HIP_IFEL(hip_build_param_contents(msg, &entry->direction,
HIP_PARAM_INT, sizeof(int)), -1,
- "build param contents failed\n");
+ "build param contents failed\n");
HIP_DEBUG("esp_prot_transform: %u\n", entry->esp_prot_transform);
HIP_IFEL(hip_build_param_contents(msg, &entry->esp_prot_transform,
HIP_PARAM_ESP_PROT_TFM, sizeof(uint8_t)),
- -1, "build param contents failed\n");
+ -1, "build param contents failed\n");
HIP_DEBUG("esp_prot_num_parallel_hchains: %u\n", num_parallel_hchains);
HIP_IFEL(hip_build_param_contents(msg, &num_parallel_hchains,
@@ -556,7 +556,7 @@
HIP_HEXDUMP("anchor: ", anchor, hash_length);
HIP_IFEL(hip_build_param_contents(msg, anchor,
HIP_PARAM_HCHAIN_ANCHOR,
hash_length),
- -1, "build param contents failed\n");
+ -1, "build param contents failed\n");
}
HIP_DUMP_MSG(msg);
@@ -585,15 +585,15 @@
* @return 0 on success, -1 on error
*/
int esp_prot_handle_sa_add_request(const struct hip_common *msg,
- uint8_t *esp_prot_transform,
- uint16_t *num_anchors,
- unsigned char (*esp_prot_anchors)[MAX_HASH_LENGTH],
- uint32_t *hash_item_length)
+ uint8_t *esp_prot_transform,
+ uint16_t *num_anchors,
+ unsigned char
(*esp_prot_anchors)[MAX_HASH_LENGTH],
+ uint32_t *hash_item_length)
{
- const struct hip_tlv_common *param = NULL;
- int hash_length = 0, err = 0;
- const unsigned char *anchor = NULL;
- uint16_t i;
+ const struct hip_tlv_common *param = NULL;
+ int hash_length = 0, err = 0;
+ const unsigned char *anchor = NULL;
+ uint16_t i;
*num_anchors = 0;
*esp_prot_transform = 0;
=== modified file 'firewall/esp_prot_fw_msg.h'
--- firewall/esp_prot_fw_msg.h 2010-10-15 15:29:14 +0000
+++ firewall/esp_prot_fw_msg.h 2011-01-03 16:06:13 +0000
@@ -45,17 +45,17 @@
int send_esp_prot_to_hipd(const int active);
int send_bex_store_update_to_hipd(hchain_store_t *hcstore,
const int use_hash_trees);
-int send_trigger_update_to_hipd(const hip_sa_entry_t *entry,
+int send_trigger_update_to_hipd(const hip_sa_entry_t * entry,
const unsigned char
*anchors[MAX_NUM_PARALLEL_HCHAINS],
const int hash_item_length,
const int soft_update,
const int *anchor_offset,
- hash_tree_t
*link_trees[MAX_NUM_PARALLEL_HCHAINS]);
+ hash_tree_t *
link_trees[MAX_NUM_PARALLEL_HCHAINS]);
int send_anchor_change_to_hipd(const hip_sa_entry_t *entry);
int esp_prot_handle_sa_add_request(const struct hip_common *msg,
- uint8_t *esp_prot_transform,
- uint16_t *num_anchors,
+ uint8_t * esp_prot_transform,
+ uint16_t * num_anchors,
unsigned char
(*esp_prot_anchors)[MAX_HASH_LENGTH],
- uint32_t *hash_item_length);
+ uint32_t * hash_item_length);
#endif /* HIP_FIREWALL_ESP_PROT_FW_MSG_H */
=== modified file 'firewall/file_buffer.c'
--- firewall/file_buffer.c 2010-11-12 17:49:42 +0000
+++ firewall/file_buffer.c 2011-01-03 16:06:13 +0000
@@ -80,8 +80,8 @@
/* First, we try to determine the current file size for the new buffer
size.
* If that fails (it does, e.g., for proc files), we just increase the
* current buffer size. */
- errno = 0;
- file_size = lseek(fb->fd, 0, SEEK_END);
+ errno = 0;
+ file_size = lseek(fb->fd, 0, SEEK_END);
if (file_size != -1 || EINVAL == errno) {
if (file_size != -1) {
fb->buffer_size = file_size + HIP_FB_HEADROOM; // add a little
head room
@@ -191,8 +191,8 @@
fb->fd = -1;
}
free(fb->ma.start);
- fb->ma.start = NULL;
- fb->ma.end = NULL;
+ fb->ma.start = NULL;
+ fb->ma.end = NULL;
}
}
@@ -217,7 +217,7 @@
while (1) {
ssize_t bytes;
- off_t seek_offset;
+ off_t seek_offset;
// can we re-read the whole file into the memory buffer?
seek_offset = lseek(fb->fd, 0, SEEK_SET);
@@ -232,7 +232,7 @@
HIP_ERROR("Reading the contents of the file descriptor %d via
read() into a memory buffer of size %d failed with the error %s\n",
fb->fd, fb->buffer_size, strerror(errno));
break;
- } else if ((size_t)bytes == fb->buffer_size) {
+ } else if ((size_t) bytes == fb->buffer_size) {
// we can't fit the file into the memory buffer -> resize it
if (hip_fb_resize(fb) == 0) {
// successful resize -> retry reading
=== modified file 'firewall/firewall.c'
--- firewall/firewall.c 2010-12-27 14:44:02 +0000
+++ firewall/firewall.c 2011-01-03 16:06:13 +0000
@@ -143,13 +143,13 @@
/* externally used state */
// TODO try to decrease number of globally used variables
-int filter_traffic = HIP_FW_FILTER_TRAFFIC_BY_DEFAULT;
-int hip_kernel_ipsec_fallback = 0;
-int hip_lsi_support = 0;
-int system_based_opp_mode = 0;
-int esp_relay = 0;
+int filter_traffic = HIP_FW_FILTER_TRAFFIC_BY_DEFAULT;
+int hip_kernel_ipsec_fallback = 0;
+int hip_lsi_support = 0;
+int system_based_opp_mode = 0;
+int esp_relay = 0;
#ifdef CONFIG_HIP_MIDAUTH
-int use_midauth = 0;
+int use_midauth = 0;
#endif
/** Use this to send and receive responses to hipd. Notice that
@@ -162,12 +162,12 @@
*
* @todo make accessible through send function, no-one should read on that
*/
-int hip_fw_sock = 0;
+int hip_fw_sock = 0;
/**
* Use this socket *only* for receiving async messages from hipd
* @todo make static, no-one should read on that
*/
-int hip_fw_async_sock = 0;
+int hip_fw_async_sock = 0;
/**
* display usage of firewall to stdout
@@ -213,8 +213,8 @@
*/
static int hip_fw_init_userspace_ipsec(void)
{
- int err = 0;
- int ver_c;
+ int err = 0;
+ int ver_c;
struct utsname name;
HIP_IFEL(uname(&name), -1, "Failed to retrieve kernel information: %s\n",
@@ -437,7 +437,6 @@
return err;
}
-
/*
* Initialize rules for filtering traffic
*
@@ -553,7 +552,7 @@
/* Still accept HIP traffic as if the -A flag had been given
* instead of -F */
accept_hip_esp_traffic_by_default = 1;
- restore_accept_hip_esp_traffic = 1;
+ restore_accept_hip_esp_traffic = 1;
firewall_init_filter_traffic();
hip_fw_init_esp_prot_conntrack();
@@ -607,11 +606,11 @@
*/
static int hip_query_default_local_hit_from_hipd(void)
{
- int err = 0;
- struct hip_common *msg = NULL;
+ int err = 0;
+ struct hip_common *msg = NULL;
const struct hip_tlv_common *param = NULL;
- const hip_hit_t *hit = NULL;
- const hip_lsi_t *lsi = NULL;
+ const hip_hit_t *hit = NULL;
+ const hip_lsi_t *lsi = NULL;
HIP_IFE(!(msg = hip_msg_alloc()), -1);
HIP_IFEL(hip_build_user_hdr(msg, HIP_MSG_DEFAULT_HIT, 0), -1,
@@ -745,9 +744,9 @@
*/
static void firewall_probe_kernel_modules(void)
{
- int count, err, status;
- char cmd[40];
- int mod_total;
+ int count, err, status;
+ char cmd[40];
+ int mod_total;
const char *mod_name[] =
{ "ip_queue", "ip6_queue", "iptable_filter", "ip6table_filter" };
@@ -858,9 +857,9 @@
if (esp_relay && ctx->udp_encap_hdr &&
((ret = hipfw_relay_esp(ctx)) <= 0)) {
- /* 0: drop original and reinject new packet
- -1: accept reinject packet and avoid filter_esp_state
- 1: just let it pass => proceed to filter */
+ /* 0: drop original and reinject new packet
+ * -1: accept reinject packet and avoid filter_esp_state
+ * 1: just let it pass => proceed to filter */
if (ret == 0) {
HIP_DEBUG("Drop original and reinject relayed ESP packet\n");
verdict = 0;
@@ -868,7 +867,7 @@
HIP_DEBUG("Accept reinjected packet\n");
verdict = 1;
} else {
- HIP_ASSERT(0);
+ HIP_ASSERT(0);
}
} else if (filter_esp_state(ctx) > 0) {
verdict = 1;
@@ -903,14 +902,14 @@
hip_fw_context_t *ctx)
{
// complete rule list for hook (== IN / OUT / FORWARD)
- struct dlist *list = read_rules(hook);
- struct rule *rule = NULL;
+ struct dlist *list = read_rules(hook);
+ struct rule *rule = NULL;
// assume match for current rule
- int match = 1, print_addr = 0;
+ int match = 1, print_addr = 0;
// assume packet has not yet passed connection tracking
- int conntracked = 0;
+ int conntracked = 0;
// block traffic by default
- int verdict = 0;
+ int verdict = 0;
HIP_DEBUG("\n");
@@ -925,25 +924,25 @@
if (buf->type_hdr == HIP_I1) {
HIP_INFO("received packet type: I1\n");
print_addr = 1;
- } else if (buf->type_hdr == HIP_R1) {
+ } else if (buf->type_hdr == HIP_R1) {
HIP_INFO("received packet type: R1\n");
print_addr = 1;
- } else if (buf->type_hdr == HIP_I2) {
+ } else if (buf->type_hdr == HIP_I2) {
HIP_INFO("received packet type: I2\n");
print_addr = 1;
- } else if (buf->type_hdr == HIP_R2) {
+ } else if (buf->type_hdr == HIP_R2) {
HIP_INFO("received packet type: R2\n");
print_addr = 1;
- } else if (buf->type_hdr == HIP_UPDATE) {
+ } else if (buf->type_hdr == HIP_UPDATE) {
HIP_INFO("received packet type: UPDATE\n");
print_addr = 1;
- } else if (buf->type_hdr == HIP_CLOSE) {
+ } else if (buf->type_hdr == HIP_CLOSE) {
HIP_INFO("received packet type: CLOSE\n");
print_addr = 1;
- } else if (buf->type_hdr == HIP_CLOSE_ACK) {
+ } else if (buf->type_hdr == HIP_CLOSE_ACK) {
HIP_INFO("received packet type: CLOSE_ACK\n");
print_addr = 1;
- } else if (buf->type_hdr == HIP_NOTIFY) {
+ } else if (buf->type_hdr == HIP_NOTIFY) {
HIP_DEBUG("received packet type: NOTIFY\n");
} else if (buf->type_hdr == HIP_LUPDATE) {
HIP_DEBUG("received packet type: LIGHT UPDATE\n");
@@ -1042,7 +1041,6 @@
if (!filter_state(ip6_src, ip6_dst, buf, rule->state, rule->accept,
ctx)) {
match = 0;
-
} else {
// if it is a valid packet, this also tracked the packet
conntracked = 1;
@@ -1143,7 +1141,8 @@
*
* @return the verdict (1 for pass and 0 for drop)
*/
-static int hip_fw_handle_hip_output(hip_fw_context_t *ctx){
+static int hip_fw_handle_hip_output(hip_fw_context_t *ctx)
+{
int verdict = accept_hip_esp_traffic_by_default;
HIP_DEBUG("hip_fw_handle_hip_output \n");
@@ -1201,7 +1200,6 @@
accept_normal_traffic_by_default);
if (ctx->ip_version == 6 && hip_userspace_ipsec) {
-
hip_hit_t *def_hit = hip_fw_get_default_hit();
HIP_DEBUG_HIT("destination hit: ", &ctx->dst);
@@ -1232,7 +1230,7 @@
}
} else if (system_based_opp_mode) {
verdict = hip_fw_handle_outgoing_system_based_opp(ctx,
- accept_normal_traffic_by_default);
+
accept_normal_traffic_by_default);
}
}
@@ -1431,10 +1429,10 @@
NF_IP_FORWARD);
// funtion pointers for the respective packet handlers
- hip_fw_handler[NF_IP_LOCAL_IN][OTHER_PACKET] = hip_fw_handle_other_input;
- hip_fw_handler[NF_IP_LOCAL_IN][HIP_PACKET] = hip_fw_handle_hip_input;
- hip_fw_handler[NF_IP_LOCAL_IN][ESP_PACKET] = hip_fw_handle_esp_input;
- hip_fw_handler[NF_IP_LOCAL_IN][TCP_PACKET] = hip_fw_handle_tcp_input;
+ hip_fw_handler[NF_IP_LOCAL_IN][OTHER_PACKET] = hip_fw_handle_other_input;
+ hip_fw_handler[NF_IP_LOCAL_IN][HIP_PACKET] = hip_fw_handle_hip_input;
+ hip_fw_handler[NF_IP_LOCAL_IN][ESP_PACKET] = hip_fw_handle_esp_input;
+ hip_fw_handler[NF_IP_LOCAL_IN][TCP_PACKET] = hip_fw_handle_tcp_input;
hip_fw_handler[NF_IP_LOCAL_OUT][OTHER_PACKET] = hip_fw_handle_other_output;
hip_fw_handler[NF_IP_LOCAL_OUT][HIP_PACKET] = hip_fw_handle_hip_output;
@@ -1442,10 +1440,10 @@
hip_fw_handler[NF_IP_LOCAL_OUT][TCP_PACKET] = hip_fw_handle_tcp_output;
//apply rules for forwarded hip and esp traffic
- hip_fw_handler[NF_IP_FORWARD][HIP_PACKET] = hip_fw_handle_hip_forward;
- hip_fw_handler[NF_IP_FORWARD][ESP_PACKET] = hip_fw_handle_esp_forward;
+ hip_fw_handler[NF_IP_FORWARD][HIP_PACKET] = hip_fw_handle_hip_forward;
+ hip_fw_handler[NF_IP_FORWARD][ESP_PACKET] = hip_fw_handle_esp_forward;
//do not drop those files by default
- hip_fw_handler[NF_IP_FORWARD][TCP_PACKET] = hip_fw_handle_tcp_forward;
+ hip_fw_handler[NF_IP_FORWARD][TCP_PACKET] = hip_fw_handle_tcp_forward;
HIP_DEBUG("Enabling forwarding for IPv4 and IPv6\n");
system_print("echo 1 >/proc/sys/net/ipv4/conf/all/forwarding");
@@ -1501,9 +1499,9 @@
{
int ip_hdr_len, err = 0;
// length of packet starting at udp header
- uint16_t udp_len = 0;
- struct udphdr *udphdr = NULL;
- int udp_encap_zero_bytes = 0;
+ uint16_t udp_len = 0;
+ struct udphdr *udphdr = NULL;
+ int udp_encap_zero_bytes = 0;
// default assumption
ctx->packet_type = OTHER_PACKET;
@@ -1532,9 +1530,9 @@
/* ip_hl is given in multiple of 4 bytes
*
* NOTE: not sizeof(struct ip) as we might have options */
- ip_hdr_len = (iphdr->ip_hl * 4);
+ ip_hdr_len = (iphdr->ip_hl * 4);
// needed for opportunistic TCP
- ctx->ip_hdr_len = ip_hdr_len;
+ ctx->ip_hdr_len = ip_hdr_len;
HIP_DEBUG("ip_hdr_len is: %d\n", ip_hdr_len);
HIP_DEBUG("total length: %u\n", ntohs(iphdr->ip_len));
HIP_DEBUG("ttl: %u\n", iphdr->ip_ttl);
@@ -1556,7 +1554,7 @@
ctx->packet_type = HIP_PACKET;
ctx->transport_hdr.hip = (struct hip_common *)
- (((char *) iphdr) + ip_hdr_len);
+ (((char *) iphdr) + ip_hdr_len);
goto end_init;
} else if (iphdr->ip_p == IPPROTO_ESP) {
@@ -1565,7 +1563,7 @@
ctx->packet_type = ESP_PACKET;
ctx->transport_hdr.esp = (struct hip_esp *)
- (((char *) iphdr) + ip_hdr_len);
+ (((char *) iphdr) + ip_hdr_len);
goto end_init;
} else if (iphdr->ip_p == IPPROTO_TCP) {
@@ -1573,7 +1571,7 @@
HIP_DEBUG("plain TCP packet\n");
ctx->packet_type = TCP_PACKET;
- ctx->transport_hdr.tcp = (struct tcphdr*)
+ ctx->transport_hdr.tcp = (struct tcphdr *)
(((char *) iphdr) + ip_hdr_len);
HIP_DEBUG("src port: %u\n", ntohs(ctx->transport_hdr.tcp->source));
@@ -1588,9 +1586,9 @@
}
// need UDP header to look for encapsulated ESP
- udp_len = ntohs(iphdr->ip_len);
- udphdr = ((struct udphdr *)
- (((char *) iphdr) + ip_hdr_len));
+ udp_len = ntohs(iphdr->ip_len);
+ udphdr = ((struct udphdr *)
+ (((char *) iphdr) + ip_hdr_len));
// add UDP header to context
ctx->udp_encap_hdr = udphdr;
@@ -1600,9 +1598,9 @@
ctx->ip_hdr.ipv6 = ip6_hdr;
// Ipv6 has fixed header length
- ip_hdr_len = sizeof(struct ip6_hdr);
+ ip_hdr_len = sizeof(struct ip6_hdr);
// needed for opportunistic TCP
- ctx->ip_hdr_len = ip_hdr_len;
+ ctx->ip_hdr_len = ip_hdr_len;
HIP_DEBUG("ip_hdr_len is: %d\n", ip_hdr_len);
HIP_DEBUG("payload length: %u\n", ntohs(ip6_hdr->ip6_plen));
HIP_DEBUG("ttl: %u\n", ip6_hdr->ip6_hlim);
@@ -1625,7 +1623,7 @@
ctx->packet_type = HIP_PACKET;
ctx->transport_hdr.hip = (struct hip_common *)
- (((char *) ip6_hdr) + sizeof(struct ip6_hdr));
+ (((char *) ip6_hdr) + sizeof(struct
ip6_hdr));
goto end_init;
} else if (ip6_hdr->ip6_nxt == IPPROTO_ESP) {
@@ -1634,7 +1632,7 @@
ctx->packet_type = ESP_PACKET;
ctx->transport_hdr.esp = (struct hip_esp *)
- (((char *) ip6_hdr) + sizeof(struct ip6_hdr));
+ (((char *) ip6_hdr) + sizeof(struct
ip6_hdr));
goto end_init;
} else if (ip6_hdr->ip6_nxt == IPPROTO_TCP) {
@@ -1642,7 +1640,7 @@
HIP_DEBUG("plain TCP packet\n");
ctx->packet_type = TCP_PACKET;
- ctx->transport_hdr.tcp = (struct tcphdr*)
+ ctx->transport_hdr.tcp = (struct tcphdr *)
(((char *) ip6_hdr) + sizeof(struct
ip6_hdr));
HIP_DEBUG("src port: %u\n", ntohs(ctx->transport_hdr.tcp->source));
@@ -1664,9 +1662,9 @@
*
* NOTE: the length will include optional extension headers
* -> handle this */
- udp_len = ntohs(ip6_hdr->ip6_plen);
- udphdr = ((struct udphdr *)
- (((char *) ip6_hdr) + ip_hdr_len));
+ udp_len = ntohs(ip6_hdr->ip6_plen);
+ udphdr = ((struct udphdr *)
+ (((char *) ip6_hdr) + ip_hdr_len));
// add udp header to context
ctx->udp_encap_hdr = udphdr;
@@ -1685,7 +1683,6 @@
if (ctx->ip_version == 4) {
// we might have only received a UDP packet with headers only
if (udp_len >= sizeof(struct ip) + sizeof(struct udphdr) +
HIP_UDP_ZERO_BYTES_LEN) {
-
uint32_t *zero_bytes = NULL;
// we can distinguish UDP encapsulated control and data traffic
with 32 zero bits
@@ -1718,16 +1715,16 @@
/* check if zero byte hint is correct and we are processing a
* HIP control message */
if (!hip_check_network_msg((struct hip_common *) (((char *) udphdr)
- + sizeof(struct udphdr)
- + HIP_UDP_ZERO_BYTES_LEN))) {
+ + sizeof(struct
udphdr)
+ +
HIP_UDP_ZERO_BYTES_LEN))) {
// we found an UDP encapsulated HIP control packet
HIP_DEBUG("UDP encapsulated HIP control packet\n");
// add to context
ctx->packet_type = HIP_PACKET;
ctx->transport_hdr.hip = (struct hip_common *) (((char *) udphdr)
- + sizeof(struct udphdr)
- + HIP_UDP_ZERO_BYTES_LEN);
+ + sizeof(struct
udphdr)
+ +
HIP_UDP_ZERO_BYTES_LEN);
goto end_init;
}
@@ -1935,21 +1932,21 @@
*/
int main(int argc, char **argv)
{
- int err = 0, highest_descriptor, i;
- int n, len;
- struct ipq_handle *h4 = NULL, *h6 = NULL;
- int ch;
- char *rule_file = NULL;
- int errflg = 0, killold = 0;
- struct hip_common *msg = NULL;
+ int err = 0, highest_descriptor, i;
+ int n, len;
+ struct ipq_handle *h4 = NULL, *h6 = NULL;
+ int ch;
+ char *rule_file = NULL;
+ int errflg = 0, killold = 0;
+ struct hip_common *msg = NULL;
struct sockaddr_in6 sock_addr;
- socklen_t alen;
- fd_set read_fdset;
- struct timeval timeout;
- unsigned char buf[HIP_MAX_PACKET];
- hip_fw_context_t ctx;
- int limit_capabilities = 0;
- int is_root = 0, access_ok = 0, msg_type = 0; //variables for
accepting user messages only from hipd
+ socklen_t alen;
+ fd_set read_fdset;
+ struct timeval timeout;
+ unsigned char buf[HIP_MAX_PACKET];
+ hip_fw_context_t ctx;
+ int limit_capabilities = 0;
+ int is_root = 0, access_ok = 0, msg_type = 0;
//variables for accepting user messages only from hipd
/* Make sure that root path is set up correcly (e.g. on Fedora 9).
* Otherwise may get warnings from system_print() commands.
@@ -2005,13 +2002,13 @@
break;
case 'e':
hip_userspace_ipsec = 1;
- hip_esp_protection = 1;
+ hip_esp_protection = 1;
break;
case 'f':
rule_file = optarg;
break;
case 'F':
- filter_traffic = 0;
+ filter_traffic = 0;
restore_filter_traffic = filter_traffic;
break;
case 'h':
@@ -2022,11 +2019,11 @@
accept_normal_traffic_by_default = 0;
break;
case 'i':
- hip_userspace_ipsec = 1;
+ hip_userspace_ipsec = 1;
hip_kernel_ipsec_fallback = 0;
break;
case 'I':
- hip_userspace_ipsec = 1;
+ hip_userspace_ipsec = 1;
hip_kernel_ipsec_fallback = 1;
break;
case 'k':
@@ -2038,7 +2035,7 @@
case 'm':
#ifdef CONFIG_HIP_MIDAUTH
filter_traffic = 1;
- use_midauth = 1;
+ use_midauth = 1;
break;
#endif
case 'o':
@@ -2086,11 +2083,11 @@
HIP_IFEL((hip_fw_sock < 0), 1, "Could not create socket for firewall.\n");
memset(&sock_addr, 0, sizeof(sock_addr));
sock_addr.sin6_family = AF_INET6;
- sock_addr.sin6_port = htons(HIP_FIREWALL_SYNC_PORT);
- sock_addr.sin6_addr = in6addr_loopback;
+ sock_addr.sin6_port = htons(HIP_FIREWALL_SYNC_PORT);
+ sock_addr.sin6_addr = in6addr_loopback;
- for (i=0; i<2; i++) {
- err = bind(hip_fw_sock, (struct sockaddr *)& sock_addr,
+ for (i = 0; i < 2; i++) {
+ err = bind(hip_fw_sock, (struct sockaddr *) &sock_addr,
sizeof(sock_addr));
if (err == 0) {
break;
@@ -2107,9 +2104,9 @@
HIP_IFEL((hip_fw_async_sock < 0), 1, "Could not create socket for
firewall.\n");
memset(&sock_addr, 0, sizeof(sock_addr));
sock_addr.sin6_family = AF_INET6;
- sock_addr.sin6_port = htons(HIP_FIREWALL_PORT);
- sock_addr.sin6_addr = in6addr_loopback;
- HIP_IFEL(bind(hip_fw_async_sock, (struct sockaddr *)& sock_addr,
sizeof(sock_addr)), -1,
+ sock_addr.sin6_port = htons(HIP_FIREWALL_PORT);
+ sock_addr.sin6_addr = in6addr_loopback;
+ HIP_IFEL(bind(hip_fw_async_sock, (struct sockaddr *) &sock_addr,
sizeof(sock_addr)), -1,
"Bind on firewall socket addr failed. Give -k option to kill old
hipfw\n");
HIP_IFEL(hip_daemon_connect(hip_fw_async_sock), -1,
"connecting socket failed\n");
@@ -2179,7 +2176,7 @@
FD_SET(h4->fd, &read_fdset);
FD_SET(h6->fd, &read_fdset);
- timeout.tv_sec = HIP_SELECT_TIMEOUT;
+ timeout.tv_sec = HIP_SELECT_TIMEOUT;
timeout.tv_usec = 0;
// get handle with queued packet and process
@@ -2242,8 +2239,8 @@
HIP_DEBUG("Receiving message type %d (%d bytes)\n",
hip_get_msg_type(msg), len);
- n = recvfrom(hip_fw_async_sock, msg, len, 0,
- (struct sockaddr *) &sock_addr, &alen);
+ n = recvfrom(hip_fw_async_sock, msg, len, 0,
+ (struct sockaddr *) &sock_addr, &alen);
if (n < 0) {
HIP_ERROR("Error receiving message parameters from daemon.\n");
=== modified file 'firewall/firewall_control.c'
--- firewall/firewall_control.c 2010-11-30 14:50:30 +0000
+++ firewall/firewall_control.c 2011-01-03 16:06:13 +0000
@@ -60,20 +60,20 @@
*/
static int hip_handle_bex_state_update(struct hip_common *msg)
{
- const struct in6_addr *src_hit = NULL, *dst_hit = NULL;
- const struct hip_tlv_common *param = NULL;
- int err = 0, msg_type = 0;
+ const struct in6_addr *src_hit = NULL, *dst_hit = NULL;
+ const struct hip_tlv_common *param = NULL;
+ int err = 0, msg_type = 0;
msg_type = hip_get_msg_type(msg);
/* src_hit */
- param = hip_get_param(msg, HIP_PARAM_HIT);
- src_hit = hip_get_param_contents_direct(param);
+ param = hip_get_param(msg, HIP_PARAM_HIT);
+ src_hit = hip_get_param_contents_direct(param);
HIP_DEBUG_HIT("Source HIT: ", src_hit);
/* dst_hit */
- param = hip_get_next_param(msg, param);
- dst_hit = hip_get_param_contents_direct(param);
+ param = hip_get_next_param(msg, param);
+ dst_hit = hip_get_param_contents_direct(param);
HIP_DEBUG_HIT("Destination HIT: ", dst_hit);
/* update bex_state in firewalldb */
@@ -100,7 +100,7 @@
*/
int hip_handle_msg(struct hip_common *msg)
{
- int type, err = 0;
+ int type, err = 0;
struct hip_common *msg_out = NULL;
HIP_DEBUG("Handling message from hipd\n");
=== modified file 'firewall/firewall_defines.h'
--- firewall/firewall_defines.h 2010-12-13 19:09:27 +0000
+++ firewall/firewall_defines.h 2011-01-03 16:06:13 +0000
@@ -48,9 +48,9 @@
ipq_packet_msg_t *ipq_packet;
// IP layer information
- int ip_version; /* 4, 6 */
- int ip_hdr_len;
- struct in6_addr src, dst;
+ int ip_version; /* 4, 6 */
+ int ip_hdr_len;
+ struct in6_addr src, dst;
union {
struct ip6_hdr *ipv6;
struct ip *ipv4;
@@ -65,45 +65,45 @@
} transport_hdr;
struct udphdr *udp_encap_hdr;
- int modified;
+ int modified;
} hip_fw_context_t;
/********** State table structures **************/
struct esp_address {
- struct in6_addr dst_addr;
- uint32_t *update_id; // null or pointer to the update id from the
packet
+ struct in6_addr dst_addr;
+ uint32_t *update_id; // null or pointer to the update id from the
packet
// that announced this address.
// when ack with the update id is seen all esp_addresses with
// null update_id can be removed.
};
struct esp_tuple {
- uint32_t spi;
- uint32_t new_spi;
- uint32_t spi_update_id;
- struct slist *dst_addr_list;
- struct tuple *tuple;
+ uint32_t spi;
+ uint32_t new_spi;
+ uint32_t spi_update_id;
+ struct slist *dst_addr_list;
+ struct tuple *tuple;
/* tracking of the ESP SEQ number */
- uint32_t seq_no;
+ uint32_t seq_no;
/* members needed for ESP protection extension */
- uint8_t esp_prot_tfm;
- uint32_t hash_item_length;
- uint32_t hash_tree_depth;
- long num_hchains;
- unsigned char
active_anchors[MAX_NUM_PARALLEL_HCHAINS][MAX_HASH_LENGTH];
+ uint8_t esp_prot_tfm;
+ uint32_t hash_item_length;
+ uint32_t hash_tree_depth;
+ long num_hchains;
+ unsigned char active_anchors[MAX_NUM_PARALLEL_HCHAINS][MAX_HASH_LENGTH];
// need for verification of anchor updates
- unsigned char
first_active_anchors[MAX_NUM_PARALLEL_HCHAINS][MAX_HASH_LENGTH];
- unsigned char
next_anchors[MAX_NUM_PARALLEL_HCHAINS][MAX_HASH_LENGTH];
- int active_root_length;
- unsigned char *active_roots[MAX_NUM_PARALLEL_HCHAINS];
- int next_root_length[MAX_NUM_PARALLEL_HCHAINS];
- unsigned char *next_roots[MAX_NUM_PARALLEL_HCHAINS];
+ unsigned char
first_active_anchors[MAX_NUM_PARALLEL_HCHAINS][MAX_HASH_LENGTH];
+ unsigned char next_anchors[MAX_NUM_PARALLEL_HCHAINS][MAX_HASH_LENGTH];
+ int active_root_length;
+ unsigned char *active_roots[MAX_NUM_PARALLEL_HCHAINS];
+ int next_root_length[MAX_NUM_PARALLEL_HCHAINS];
+ unsigned char *next_roots[MAX_NUM_PARALLEL_HCHAINS];
/** List temporarily storing anchor elements until the consecutive update
* msg reveals that all on-path devices know the new anchor. */
- hip_ll_t anchor_cache;
+ hip_ll_t anchor_cache;
/** buffer storing hashes of previous packets for cumulative
authentication */
- esp_cumulative_item_t hash_buffer[MAX_RING_BUFFER_SIZE];
+ esp_cumulative_item_t hash_buffer[MAX_RING_BUFFER_SIZE];
};
struct hip_data {
@@ -130,9 +130,9 @@
struct connection *connection;
int state;
uint32_t lupdate_seq;
- int esp_relay;
- struct in6_addr esp_relay_daddr;
- in_port_t esp_relay_dport;
+ int esp_relay;
+ struct in6_addr esp_relay_daddr;
+ in_port_t esp_relay_dport;
};
struct connection {
@@ -142,10 +142,10 @@
int state;
struct timeval time_stamp;
/* members needed for ESP protection extension */
- int num_esp_prot_tfms;
- uint8_t esp_prot_tfms[MAX_NUM_TRANSFORMS];
+ int num_esp_prot_tfms;
+ uint8_t esp_prot_tfms[MAX_NUM_TRANSFORMS];
#ifdef CONFIG_HIP_MIDAUTH
- int pisa_state;
+ int pisa_state;
#endif
};
=== modified file 'firewall/helpers.c'
--- firewall/helpers.c 2010-12-13 21:15:07 +0000
+++ firewall/helpers.c 2011-01-03 16:06:13 +0000
@@ -71,7 +71,7 @@
struct in6_addr *numeric_to_addr(const char *num)
{
static struct in6_addr ap;
- int err;
+ int err;
if ((err = inet_pton(AF_INET6, num, &ap)) == 1) {
return ≈
}
=== modified file 'firewall/line_parser.c'
--- firewall/line_parser.c 2010-11-30 14:40:39 +0000
+++ firewall/line_parser.c 2011-01-03 16:06:13 +0000
@@ -110,8 +110,8 @@
return NULL;
}
- remaining = lp->ma->end - lp->cur;
- lp->cur = memchr(lp->cur, '\n', remaining);
+ remaining = lp->ma->end - lp->cur;
+ lp->cur = memchr(lp->cur, '\n', remaining);
// given the rest of the parsing code, we should always find a \n, but
// let's check to be sure
=== modified file 'firewall/lsi.c'
--- firewall/lsi.c 2010-11-30 14:50:30 +0000
+++ firewall/lsi.c 2011-01-03 16:06:13 +0000
@@ -84,7 +84,7 @@
* @param src_ip an optional source IP address for the I1
* @param dst_ip a destination IP for the I1
* @return zero on success or negative on error
-
+ *
* @note Many of the parameters are optional, but at least a
* destination LSI, HIT or IP (for opportunistic BEX) must to be
* provided
@@ -97,7 +97,7 @@
const struct in6_addr *dst_ip)
{
struct hip_common *msg = NULL;
- int err = 0;
+ int err = 0;
HIP_IFE(!(msg = hip_msg_alloc()), -1);
HIP_IFEL(!dst_hit && !dst_ip && !dst_lsi,
-1, "no destination hit, ip or lsi provided\n");
@@ -181,7 +181,7 @@
int hip_is_packet_lsi_reinjection(hip_lsi_t *lsi)
{
hip_lsi_t *local_lsi;
- int err = 0;
+ int err = 0;
HIP_IFEL(!(local_lsi = hip_fw_get_default_lsi()), -1,
"Failed to get default LSI");
if (local_lsi->s_addr == lsi->s_addr) {
@@ -212,13 +212,13 @@
const int ipOrigTraffic,
const int incoming)
{
- int err = 0;
- int ip_hdr_size = 0;
- int packet_length = 0;
- int protocol = 0;
- int ttl = 0;
- uint8_t *msg = NULL;
- struct icmphdr *icmp = NULL;
+ int err = 0;
+ int ip_hdr_size = 0;
+ int packet_length = 0;
+ int protocol = 0;
+ int ttl = 0;
+ uint8_t *msg = NULL;
+ struct icmphdr *icmp = NULL;
if (ipOrigTraffic == 4) {
const struct ip *iphdr = (const struct ip *) m->payload;
@@ -238,7 +238,7 @@
HIP_DEBUG_IN6ADDR("New packet dst address: ", dst_hit);
}
- if ((int)m->data_len <= (BUFSIZE - ip_hdr_size)) {
+ if ((int) m->data_len <= (BUFSIZE - ip_hdr_size)) {
packet_length = m->data_len - ip_hdr_size;
HIP_DEBUG("packet size smaller than buffer size\n");
} else {
@@ -308,16 +308,16 @@
const struct in6_addr *ip_dst,
const int lsi_support)
{
- int err = 0;
- int verdict = 1;
- int ip_hdr_size = 0;
- int portDest = 0;
- fw_cache_hl_t *entry = NULL;
- enum hip_port_binding port_binding =
HIP_PORT_INFO_UNKNOWN;
- const struct ip6_hdr *ip6_hdr = NULL;
- struct in6_addr src_addr, dst_addr;
+ int err = 0;
+ int verdict = 1;
+ int ip_hdr_size = 0;
+ int portDest = 0;
+ fw_cache_hl_t *entry = NULL;
+ enum hip_port_binding port_binding = HIP_PORT_INFO_UNKNOWN;
+ const struct ip6_hdr *ip6_hdr = NULL;
+ struct in6_addr src_addr, dst_addr;
- ip6_hdr = (const struct ip6_hdr *) m->payload;
+ ip6_hdr = (const struct ip6_hdr *) m->payload;
ip_hdr_size = sizeof(struct ip6_hdr);
switch (ip6_hdr->ip6_nxt) {
@@ -398,7 +398,7 @@
int hip_fw_handle_outgoing_lsi(ipq_packet_msg_t *m, struct in_addr *lsi_src,
struct in_addr *lsi_dst)
{
- int err = 0;
+ int err = 0;
fw_cache_hl_t *entry_peer = NULL;
if (lsi_dst) {
=== modified file 'firewall/midauth.c'
--- firewall/midauth.c 2010-10-15 15:29:14 +0000
+++ firewall/midauth.c 2011-01-03 16:06:13 +0000
@@ -71,7 +71,7 @@
static void update_ipv4_header(struct iphdr *ip, int len)
{
unsigned short *w = (unsigned short *) ip;
- int hdrlen, checksum = 0;
+ int hdrlen, checksum = 0;
ip->tot_len = htons(len);
ip->check = 0;
@@ -113,16 +113,16 @@
*/
static void update_udp_header(struct iphdr *ip, int len)
{
- unsigned long sum;
- uint16_t *w = (uint16_t *) ((unsigned char *) ip + (ip->ihl * 4));
- uint16_t protocol = ntohs(IPPROTO_UDP);
- int i;
+ unsigned long sum;
+ uint16_t *w = (uint16_t *) ((unsigned char *) ip + (ip->ihl *
4));
+ uint16_t protocol = ntohs(IPPROTO_UDP);
+ int i;
struct udphdr *udp = (struct udphdr *) w;
len -= ip->ihl * 4;
udp->check = 0;
- udp->len = htons(len);
+ udp->len = htons(len);
/* UDP header and data */
sum = 0;
@@ -133,11 +133,11 @@
if (len == 1) {
unsigned short padding = 0;
*(unsigned char *) (&padding) = *(unsigned char *) w;
- sum += padding;
+ sum += padding;
}
/* add UDP pseudoheader */
- w = (uint16_t *) &ip->saddr;
+ w = (uint16_t *) &ip->saddr;
for (i = 0; i < 4; w++, i++) {
sum += *w;
}
@@ -171,9 +171,9 @@
memcpy(&dst.sin_addr, &ip->daddr, sizeof(uint32_t));
hip_zero_msg_checksum(msg);
- msg->checksum = hip_checksum_packet((char *) msg,
- (struct sockaddr *) &src,
- (struct sockaddr *) &dst);
+ msg->checksum = hip_checksum_packet((char *) msg,
+ (struct sockaddr *) &src,
+ (struct sockaddr *) &dst);
}
/**
@@ -184,8 +184,8 @@
static void update_hip_checksum_ipv6(struct ip6_hdr *ip)
{
struct sockaddr_in6 src, dst;
- struct hip_common *msg = (struct hip_common *) ((char *) ip +
- sizeof(struct ip6_hdr));
+ struct hip_common *msg = (struct hip_common *) ((char *) ip +
+ sizeof(struct ip6_hdr));
memset(&src, 0, sizeof(src));
memset(&dst, 0, sizeof(dst));
@@ -197,9 +197,9 @@
memcpy(&dst.sin6_addr, &ip->ip6_dst, sizeof(struct in6_addr));
hip_zero_msg_checksum(msg);
- msg->checksum = hip_checksum_packet((char *) msg,
- (struct sockaddr *) &src,
- (struct sockaddr *) &dst);
+ msg->checksum = hip_checksum_packet((char *) msg,
+ (struct sockaddr *) &src,
+ (struct sockaddr *) &dst);
}
/**
@@ -210,9 +210,9 @@
*/
static void midauth_update_all_headers(hip_fw_context_t *ctx)
{
- struct iphdr *ipv4 = NULL;
+ struct iphdr *ipv4 = NULL;
struct ip6_hdr *ipv6 = NULL;
- size_t len = 0;
+ size_t len = 0;
len = hip_get_msg_total_len(ctx->transport_hdr.hip);
@@ -253,9 +253,9 @@
int midauth_verify_challenge_response(struct hip_common *hip,
struct hip_challenge_response *s)
{
- int err = 0;
+ int err = 0;
struct hip_solution solution;
- uint8_t digist[HIP_AH_SHA_LEN];
+ uint8_t digist[HIP_AH_SHA_LEN];
HIP_IFEL(hip_build_digest(HIP_DIGEST_SHA1, s->opaque, 24, digist) < 0,
-1, "Building of SHA1 Random seed I failed\n");
@@ -282,10 +282,10 @@
*/
static int midauth_relocate_last_hip_parameter(struct hip_common *hip)
{
- int err = 0, len, total_len, offset;
- char buffer[HIP_MAX_PACKET], *ptr = (char *) hip;
+ int err = 0, len, total_len, offset;
+ char buffer[HIP_MAX_PACKET], *ptr = (char *) hip;
struct hip_tlv_common *i = NULL, *last = NULL;
- hip_tlv_type_t type;
+ hip_tlv_type_t type;
while ((i = hip_get_next_param_readwrite(hip, i))) {
last = i;
@@ -297,7 +297,7 @@
len = hip_get_param_total_len(last);
type = hip_get_param_type(last);
- HIP_IFEL(len > (int)sizeof(buffer), -1,
+ HIP_IFEL(len > (int) sizeof(buffer), -1,
"Last parameter's length exceeds HIP_MAX_PACKET\n");
/* @todo check for signature parameter to avoid broken packets */
@@ -337,7 +337,7 @@
uint8_t opaque_len)
{
struct hip_common *hip = ctx->transport_hdr.hip;
- int err = 0;
+ int err = 0;
ctx->modified = 1;
@@ -398,7 +398,7 @@
*/
int midauth_filter_hip(hip_fw_context_t *ctx)
{
- int verdict = NF_ACCEPT;
+ int verdict = NF_ACCEPT;
midauth_handler h = NULL;
midauth_handler h_default = midauth_handler_accept;
/* @todo change this default value to midauth_handler_drop to
=== modified file 'firewall/pisa.c'
--- firewall/pisa.c 2010-12-13 21:24:26 +0000
+++ firewall/pisa.c 2011-01-03 16:06:13 +0000
@@ -71,7 +71,7 @@
* call */
#define PISA_RANDOM_TTL 2.0
-static char pisa_random_data[2][PISA_RANDOM_LEN];
+static char pisa_random_data[2][PISA_RANDOM_LEN];
static struct in6_addr community_operator_hit;
/* @todo make this configurable, issuer HIT */
@@ -127,7 +127,7 @@
void pisa_check_for_random_update(void)
{
static time_t lastupdate = 0;
- time_t now;
+ time_t now;
time(&now);
if (difftime(now, lastupdate) > PISA_RANDOM_TTL) {
@@ -149,8 +149,8 @@
static int pisa_append_hmac(struct in6_addr *hit1, struct in6_addr *hit2,
int rnd, void *data, int data_len)
{
- uint8_t key[32 + PISA_RANDOM_LEN];
- int err = 0;
+ uint8_t key[32 + PISA_RANDOM_LEN];
+ int err = 0;
unsigned int len = HIP_AH_SHA_LEN;
/* sanity checks for arguments */
@@ -187,8 +187,8 @@
{
uint8_t opaque[PISA_PUZZLE_OPAQUE_LEN];
- struct hip_common *hip = ctx->transport_hdr.hip;
- int seed = PISA_PUZZLE_SEED;
+ struct hip_common *hip = ctx->transport_hdr.hip;
+ int seed = PISA_PUZZLE_SEED;
memcpy(&opaque, &seed, 4);
@@ -206,12 +206,12 @@
* @return pointer to the puzzle we accepted or NULL at failure
*/
static struct hip_challenge_response *pisa_check_challenge_response(
- hip_fw_context_t *ctx)
+ hip_fw_context_t *ctx)
{
struct hip_challenge_response *response;
- struct hip_common *hip = ctx->transport_hdr.hip;
- uint8_t hash[2][PISA_PUZZLE_OPAQUE_LEN];
- int seed = PISA_PUZZLE_SEED;
+ struct hip_common *hip = ctx->transport_hdr.hip;
+ uint8_t hash[2][PISA_PUZZLE_OPAQUE_LEN];
+ int seed = PISA_PUZZLE_SEED;
memcpy(&hash[0][0], &seed, 4);
memcpy(&hash[1][0], &seed, 4);
@@ -235,7 +235,7 @@
response = (struct hip_challenge_response *)
hip_get_next_param_readwrite(hip,
- (struct hip_tlv_common *) response);
+ (struct hip_tlv_common *)
response);
}
return NULL;
@@ -249,19 +249,19 @@
*/
static int pisa_check_certificate(hip_fw_context_t *ctx)
{
- struct hip_common *hip = ctx->transport_hdr.hip;
- const struct hip_cert *cert;
+ struct hip_common *hip = ctx->transport_hdr.hip;
+ const struct hip_cert *cert;
struct hip_cert_spki_info ci;
- struct pisa_cert pc;
- char *buf = NULL;
- int err = 0, len;
- time_t now = time(NULL);
+ struct pisa_cert pc;
+ char *buf = NULL;
+ int err = 0, len;
+ time_t now = time(NULL);
cert = hip_get_param(hip, HIP_PARAM_CERT);
HIP_IFEL(cert == NULL, -1, "No certificate found.\n");
- len = ntohs(cert->length);
- buf = malloc(len);
+ len = ntohs(cert->length);
+ buf = malloc(len);
memset(buf, 0, len + 1);
memcpy(buf, cert + 1, len);
@@ -308,7 +308,7 @@
static void pisa_accept_connection(const hip_fw_context_t *ctx)
{
struct hip_common *hip = ctx->transport_hdr.hip;
- struct tuple *t = get_tuple_by_hits(&hip->hits, &hip->hitr);
+ struct tuple *t = get_tuple_by_hits(&hip->hits, &hip->hitr);
if (t) {
t->connection->pisa_state = PISA_STATE_ALLOW;
@@ -327,7 +327,7 @@
static void pisa_remove_connection(const hip_fw_context_t *ctx)
{
struct hip_common *hip = ctx->transport_hdr.hip;
- struct tuple *t = get_tuple_by_hits(&hip->hits, &hip->hitr);
+ struct tuple *t = get_tuple_by_hits(&hip->hits, &hip->hitr);
if (t) {
t->connection->pisa_state = PISA_STATE_DISALLOW;
@@ -423,7 +423,7 @@
*/
static int pisa_handler_r2(hip_fw_context_t *ctx)
{
- int verdict = NF_DROP, sig = 0, cert = 0;
+ int verdict = NF_DROP, sig = 0, cert = 0;
struct hip_challenge_response *solution = NULL;
#ifdef CONFIG_HIP_PERFORMANCE
@@ -478,9 +478,9 @@
*/
static int pisa_handler_u2(hip_fw_context_t *ctx)
{
- int verdict = NF_DROP;
- int sig = 0;
- int cert = 0;
+ int verdict = NF_DROP;
+ int sig = 0;
+ int cert = 0;
struct hip_challenge_response *solution = NULL;
solution = pisa_check_challenge_response(ctx);
@@ -508,8 +508,8 @@
*/
static int pisa_handler_u3(hip_fw_context_t *ctx)
{
- int verdict = NF_DROP;
- int sig = 0;
+ int verdict = NF_DROP;
+ int sig = 0;
struct hip_challenge_response *solution = NULL;
solution = pisa_check_challenge_response(ctx);
@@ -539,6 +539,7 @@
pisa_remove_connection(ctx);
return NF_ACCEPT;
}
+
/**
* Initialize basic PISA functionality
*
=== modified file 'firewall/pisa_cert.c'
--- firewall/pisa_cert.c 2010-10-15 15:29:14 +0000
+++ firewall/pisa_cert.c 2011-01-03 16:06:13 +0000
@@ -54,8 +54,8 @@
*/
static char *pisa_cert_get_part(char *cert, const char *name, char *r)
{
- int level = 0, len = 0;
- char *p = cert, *start = NULL;
+ int level = 0, len = 0;
+ char *p = cert, *start = NULL;
if (!r) {
return NULL;
@@ -137,7 +137,7 @@
static void pisa_cert_get_content(char *cert, const char *name, char *r)
{
char *start = cert;
- int len = 0;
+ int len = 0;
if (!r) {
return;
@@ -180,8 +180,8 @@
*/
void pisa_split_cert(char *cert, struct pisa_cert *pc)
{
- struct tm t;
- char buffer1[224], buffer2[224];
+ struct tm t;
+ char buffer1[224], buffer2[224];
struct in6_addr addr;
pisa_cert_get_part(cert, "not-before", buffer1);
=== modified file 'firewall/port_bindings.c'
--- firewall/port_bindings.c 2010-11-29 08:58:13 +0000
+++ firewall/port_bindings.c 2011-01-03 16:06:13 +0000
@@ -75,10 +75,10 @@
*/
static uint8_t *cache = NULL;
-static const unsigned int CACHE_SIZE_PROTOS = 2;
-static const unsigned int CACHE_SIZE_PORTS = 1 << (sizeof(in_port_t) * 8);
-static unsigned int cache_size_entries = 0;
-static unsigned int cache_size_bytes = 0;
+static const unsigned int CACHE_SIZE_PROTOS = 2;
+static const unsigned int CACHE_SIZE_PORTS = 1 << (sizeof(in_port_t) * 8);
+static unsigned int cache_size_entries = 0;
+static unsigned int cache_size_bytes = 0;
/**
* Allocate and initializes the cache resources.
@@ -93,17 +93,17 @@
{
HIP_ASSERT(!cache);
- cache_size_entries = CACHE_SIZE_PROTOS * CACHE_SIZE_PORTS;
- cache_size_bytes = cache_size_entries * sizeof(*cache);
+ cache_size_entries = CACHE_SIZE_PROTOS * CACHE_SIZE_PORTS;
+ cache_size_bytes = cache_size_entries * sizeof(*cache);
// check that the conversion used in the cache from enum hip_port_binding
// to uint8_t is consistent
- HIP_ASSERT(HIP_PORT_INFO_IPV6UNBOUND == (enum
hip_port_binding)(uint8_t)HIP_PORT_INFO_IPV6UNBOUND);
- HIP_ASSERT(HIP_PORT_INFO_IPV6BOUND == (enum
hip_port_binding)(uint8_t)HIP_PORT_INFO_IPV6BOUND);
+ HIP_ASSERT(HIP_PORT_INFO_IPV6UNBOUND == (enum hip_port_binding) (uint8_t)
HIP_PORT_INFO_IPV6UNBOUND);
+ HIP_ASSERT(HIP_PORT_INFO_IPV6BOUND == (enum hip_port_binding) (uint8_t)
HIP_PORT_INFO_IPV6BOUND);
/* We zero the cache on allocation assuming that HIP_PORT_INFO_UNKNOWN
- is 0 and thus the whole cache initially has that value. */
- HIP_ASSERT((uint8_t)HIP_PORT_INFO_UNKNOWN == 0);
+ * is 0 and thus the whole cache initially has that value. */
+ HIP_ASSERT((uint8_t) HIP_PORT_INFO_UNKNOWN == 0);
cache = calloc(1, cache_size_bytes);
if (cache) {
return 0;
@@ -146,8 +146,8 @@
static inline unsigned int get_cache_index(const uint8_t protocol,
const uint16_t port)
{
- unsigned int index = 0;
- unsigned int protocol_offset = 0;
+ unsigned int index = 0;
+ unsigned int protocol_offset = 0;
// determine the offset into the first (protocol) dimension
if (IPPROTO_TCP == protocol) {
@@ -190,7 +190,7 @@
const unsigned int index = get_cache_index(protocol, port);
// convert the port binding to the cache storage type
- const uint8_t value = (uint8_t)binding;
+ const uint8_t value = (uint8_t) binding;
cache[index] = value;
}
@@ -225,7 +225,7 @@
if (cache) {
const unsigned int index = get_cache_index(protocol, port);
- binding = (enum hip_port_binding)cache[index];
+ binding = (enum hip_port_binding) cache[index];
}
return binding;
@@ -244,11 +244,6 @@
}
}
-
-
-
-
-
static struct hip_file_buffer tcp6_file;
static struct hip_file_buffer udp6_file;
@@ -321,11 +316,11 @@
static enum hip_port_binding hip_port_bindings_get_from_proc(const uint8_t
protocol,
const uint16_t
port)
{
- const unsigned int PORT_STR_OFFSET = 39;
- const unsigned int PORT_STR_LEN = 4;
- enum hip_port_binding result = HIP_PORT_INFO_IPV6UNBOUND;
- const struct hip_mem_area *ma = NULL;
- char *line;
+ const unsigned int PORT_STR_OFFSET = 39;
+ const unsigned int PORT_STR_LEN = 4;
+ enum hip_port_binding result = HIP_PORT_INFO_IPV6UNBOUND;
+ const struct hip_mem_area *ma = NULL;
+ char *line;
// the files /proc/net/{udp,tcp}6 are line-based and the line number of the
// port to look up is not known in advance
// -> use a parser that lets us iterate over the lines in the files
@@ -353,11 +348,11 @@
// is the current line valid and is it long enough to hold a port binding?
while (line && ma->end > (line + PORT_STR_OFFSET + PORT_STR_LEN)) {
- const unsigned int PORT_BASE_HEX = 16;
- unsigned long proc_port = 0;
+ const unsigned int PORT_BASE_HEX = 16;
+ unsigned long proc_port = 0;
// note that strtoul() is about 10 times faster than sscanf().
- errno = 0;
- proc_port = strtoul(line + PORT_STR_OFFSET, NULL, PORT_BASE_HEX);
+ errno = 0;
+ proc_port = strtoul(line + PORT_STR_OFFSET, NULL, PORT_BASE_HEX);
if (0 == errno) {
if (proc_port == port) {
result = HIP_PORT_INFO_IPV6BOUND;
=== modified file 'firewall/reinject.c'
--- firewall/reinject.c 2010-10-15 15:29:14 +0000
+++ firewall/reinject.c 2011-01-03 16:06:13 +0000
@@ -77,8 +77,8 @@
err = setsockopt(*firewall_raw_sock_v6, IPPROTO_IPV6,
IPV6_RECVERR, &off, sizeof(on));
HIP_IFEL(err, -1, "setsockopt recverr failed\n");
- err = setsockopt(*firewall_raw_sock_v6, IPPROTO_IPV6,
- IPV6_2292PKTINFO, &on, sizeof(on));
+ err = setsockopt(*firewall_raw_sock_v6, IPPROTO_IPV6,
+ IPV6_2292PKTINFO, &on, sizeof(on));
HIP_IFEL(err, -1, "setsockopt pktinfo failiped\n");
err = setsockopt(*firewall_raw_sock_v6, SOL_SOCKET,
SO_REUSEADDR, &on, sizeof(on));
@@ -365,16 +365,16 @@
int proto,
int ttl)
{
- int err = 0, sent, sa_size;
- int firewall_raw_sock = 0, is_ipv6 = 0, on = 1;
- struct ip *iphdr = NULL;
- struct udphdr *udp = NULL;
- struct tcphdr *tcp = NULL;
- struct icmphdr *icmp = NULL;
+ int err = 0, sent, sa_size;
+ int firewall_raw_sock = 0, is_ipv6 = 0, on = 1;
+ struct ip *iphdr = NULL;
+ struct udphdr *udp = NULL;
+ struct tcphdr *tcp = NULL;
+ struct icmphdr *icmp = NULL;
struct sockaddr_storage src, dst;
- struct sockaddr_in6 *sock_src6 = NULL, *sock_dst6 = NULL;
- struct sockaddr_in *sock_src4 = NULL, *sock_dst4 = NULL;
- struct in6_addr any = IN6ADDR_ANY_INIT;
+ struct sockaddr_in6 *sock_src6 = NULL, *sock_dst6 = NULL;
+ struct sockaddr_in *sock_src4 = NULL, *sock_dst4 = NULL;
+ struct in6_addr any = IN6ADDR_ANY_INIT;
HIP_ASSERT(src_hit != NULL && dst_hit != NULL);
@@ -391,7 +391,7 @@
sock_dst4->sin_family = AF_INET;
IPV6_TO_IPV4_MAP(src_hit, &(sock_src4->sin_addr));
IPV6_TO_IPV4_MAP(dst_hit, &(sock_dst4->sin_addr));
- sa_size = sizeof(struct sockaddr_in);
+ sa_size = sizeof(struct sockaddr_in);
HIP_DEBUG_LSI("src4 addr ", &(sock_src4->sin_addr));
HIP_DEBUG_LSI("dst4 addr ", &(sock_dst4->sin_addr));
} else {
@@ -399,8 +399,8 @@
ipv6_addr_copy(&sock_src6->sin6_addr, src_hit);
sock_dst6->sin6_family = AF_INET6;
ipv6_addr_copy(&sock_dst6->sin6_addr, dst_hit);
- sa_size = sizeof(struct sockaddr_in6);
- is_ipv6 = 1;
+ sa_size = sizeof(struct sockaddr_in6);
+ is_ipv6 = 1;
}
switch (proto) {
@@ -409,21 +409,21 @@
HIP_DEBUG(" IPPROTO_UDP v6\n");
firewall_raw_sock = firewall_raw_sock_udp_v6;
((struct udphdr *) msg)->check = ipv6_checksum(IPPROTO_UDP,
- &sock_src6->sin6_addr,
- &sock_dst6->sin6_addr, msg,
len);
+
&sock_src6->sin6_addr,
+
&sock_dst6->sin6_addr, msg, len);
} else {
HIP_DEBUG(" IPPROTO_UDP v4\n");
firewall_raw_sock = firewall_raw_sock_udp_v4;
- udp = (struct udphdr *) msg;
-
- sa_size = sizeof(struct sockaddr_in);
-
- udp->check = htons(0);
- udp->check = ipv4_checksum(IPPROTO_UDP,
- (uint8_t *)
&(sock_src4->sin_addr),
- (uint8_t *)
&(sock_dst4->sin_addr),
- (uint8_t *) udp, len);
+ udp = (struct udphdr *) msg;
+
+ sa_size = sizeof(struct sockaddr_in);
+
+ udp->check = htons(0);
+ udp->check = ipv4_checksum(IPPROTO_UDP,
+ (uint8_t *) &(sock_src4->sin_addr),
+ (uint8_t *) &(sock_dst4->sin_addr),
+ (uint8_t *) udp, len);
memmove((msg + sizeof(struct ip)), (uint8_t *) udp, len);
}
break;
@@ -440,10 +440,10 @@
HIP_DEBUG(" IPPROTO_TCP v4\n");
firewall_raw_sock = firewall_raw_sock_tcp_v4;
- tcp->check = ipv4_checksum(IPPROTO_TCP,
- (uint8_t *)
&(sock_src4->sin_addr),
- (uint8_t *)
&(sock_dst4->sin_addr),
- (uint8_t *) tcp, len);
+ tcp->check = ipv4_checksum(IPPROTO_TCP,
+ (uint8_t *) &(sock_src4->sin_addr),
+ (uint8_t *) &(sock_dst4->sin_addr),
+ (uint8_t *) tcp, len);
memmove((char *) (msg + sizeof(struct ip)), (uint8_t *) tcp, len);
}
@@ -486,7 +486,7 @@
sent = sendto(firewall_raw_sock, iphdr,
iphdr->ip_len, 0,
(struct sockaddr *) &dst, sa_size);
- if (sent != (int)(len + sizeof(struct ip))) {
+ if (sent != (int) (len + sizeof(struct ip))) {
HIP_ERROR("Could not send the all requested" \
" data (%d/%d)\n", sent,
iphdr->ip_len);
@@ -535,9 +535,9 @@
int firewall_raw_sock = 0, is_ipv6 = 0;
struct sockaddr_storage src, dst;
- struct sockaddr_in6 *sock_src6, *sock_dst6;
- struct sockaddr_in *sock_src4, *sock_dst4;
- struct in6_addr any = IN6ADDR_ANY_INIT;
+ struct sockaddr_in6 *sock_src6, *sock_dst6;
+ struct sockaddr_in *sock_src4, *sock_dst4;
+ struct in6_addr any = IN6ADDR_ANY_INIT;
HIP_ASSERT(src_hit != NULL && dst_hit != NULL);
@@ -554,7 +554,7 @@
IPV6_TO_IPV4_MAP(src_hit, &sock_src4->sin_addr);
sock_dst4->sin_family = AF_INET;
IPV6_TO_IPV4_MAP(dst_hit, &sock_dst4->sin_addr);
- sa_size = sizeof(struct sockaddr_in);
+ sa_size = sizeof(struct sockaddr_in);
HIP_DEBUG_LSI("src4 addr ", &(sock_src4->sin_addr));
HIP_DEBUG_LSI("dst4 addr ", &(sock_dst4->sin_addr));
} else {
@@ -562,8 +562,8 @@
ipv6_addr_copy(&sock_src6->sin6_addr, src_hit);
sock_dst6->sin6_family = AF_INET6;
ipv6_addr_copy(&sock_dst6->sin6_addr, dst_hit);
- sa_size = sizeof(struct sockaddr_in6);
- is_ipv6 = 1;
+ sa_size = sizeof(struct sockaddr_in6);
+ is_ipv6 = 1;
HIP_DEBUG_HIT("src6 addr ", &(sock_src6->sin6_addr));
HIP_DEBUG_HIT("dst6 addr ", &(sock_dst6->sin6_addr));
}
@@ -574,13 +574,13 @@
if (is_ipv6) {
firewall_raw_sock = firewall_raw_sock_tcp_v6;
((struct tcphdr *) msg)->check
- = ipv6_checksum(IPPROTO_TCP, &sock_src6->sin6_addr,
- &sock_dst6->sin6_addr, msg, len);
+ = ipv6_checksum(IPPROTO_TCP, &sock_src6->sin6_addr,
+ &sock_dst6->sin6_addr, msg, len);
} else {
firewall_raw_sock = firewall_raw_sock_tcp_v4;
((struct tcphdr *) msg)->check
- = ipv4_checksum(IPPROTO_TCP, (uint8_t *)
&(sock_src4->sin_addr),
- (uint8_t *) &(sock_dst4->sin_addr),
msg, len);
+ = ipv4_checksum(IPPROTO_TCP, (uint8_t *)
&(sock_src4->sin_addr),
+ (uint8_t *) &(sock_dst4->sin_addr), msg, len);
}
break;
case IPPROTO_UDP:
@@ -592,13 +592,13 @@
if (is_ipv6) {
firewall_raw_sock = firewall_raw_sock_udp_v6;
((struct udphdr *) msg)->check
- = ipv6_checksum(IPPROTO_UDP, &sock_src6->sin6_addr,
- &sock_dst6->sin6_addr, msg, len);
+ = ipv6_checksum(IPPROTO_UDP, &sock_src6->sin6_addr,
+ &sock_dst6->sin6_addr, msg, len);
} else {
firewall_raw_sock = firewall_raw_sock_udp_v4;
((struct udphdr *) msg)->check
- = ipv4_checksum(IPPROTO_UDP, (uint8_t *)
&(sock_src4->sin_addr),
- (uint8_t *) &(sock_dst4->sin_addr),
msg, len);
+ = ipv4_checksum(IPPROTO_UDP, (uint8_t *)
&(sock_src4->sin_addr),
+ (uint8_t *) &(sock_dst4->sin_addr), msg, len);
}
break;
case IPPROTO_ICMP:
@@ -613,11 +613,11 @@
break;
case IPPROTO_ICMPV6:
- firewall_raw_sock = firewall_raw_sock_icmp_v6;
+ firewall_raw_sock = firewall_raw_sock_icmp_v6;
((struct icmp6_hdr *) msg)->icmp6_cksum = htons(0);
((struct icmp6_hdr *) msg)->icmp6_cksum
- = ipv6_checksum(IPPROTO_ICMPV6, &sock_src6->sin6_addr,
- &sock_dst6->sin6_addr, msg, len);
+ = ipv6_checksum(IPPROTO_ICMPV6, &sock_src6->sin6_addr,
+ &sock_dst6->sin6_addr, msg, len);
break;
case IPPROTO_ESP:
=== modified file 'firewall/rule_management.c'
--- firewall/rule_management.c 2010-12-27 14:44:02 +0000
+++ firewall/rule_management.c 2011-01-03 16:06:13 +0000
@@ -126,9 +126,9 @@
static void check_and_write_default_config(const char *file)
{
struct stat status;
- FILE *fp = NULL;
- ssize_t items;
- int i = 0;
+ FILE *fp = NULL;
+ ssize_t items;
+ int i = 0;
/* Firewall depends on hipd to create HIPL_SYSCONFDIR */
for (i = 0; i < 5; i++) {
@@ -268,8 +268,8 @@
*/
void print_rule_tables(void)
{
- struct dlist *list = input_rules;
- struct rule *rule = NULL;
+ struct dlist *list = input_rules;
+ struct rule *rule = NULL;
while (list != NULL) {
rule = list->data;
print_rule(rule);
@@ -358,7 +358,7 @@
static struct hit_option *parse_hit(char *token)
{
struct hit_option *option = malloc(sizeof(struct hit_option));
- struct in6_addr *hit = NULL;
+ struct in6_addr *hit = NULL;
if (!strcmp(token, NEGATE_STR)) {
option->boolean = 0;
@@ -386,10 +386,10 @@
*/
static struct hip_host_id *load_rsa_file(FILE *fp)
{
- struct hip_host_id *hi = NULL;
- RSA *rsa = NULL;
- unsigned char *rsa_key_rr = NULL;
- int rsa_key_rr_len;
+ struct hip_host_id *hi = NULL;
+ RSA *rsa = NULL;
+ unsigned char *rsa_key_rr = NULL;
+ int rsa_key_rr_len;
rsa = RSA_new();
rsa = PEM_read_RSA_PUBKEY(fp, &rsa, NULL, NULL);
@@ -416,10 +416,10 @@
*/
static struct hip_host_id *load_dsa_file(FILE *fp)
{
- struct hip_host_id *hi = NULL;
- DSA *dsa = NULL;
- unsigned char *dsa_key_rr = NULL;
- int dsa_key_rr_len;
+ struct hip_host_id *hi = NULL;
+ DSA *dsa = NULL;
+ unsigned char *dsa_key_rr = NULL;
+ int dsa_key_rr_len;
dsa = DSA_new();
dsa = PEM_read_DSA_PUBKEY(fp, &dsa, NULL, NULL);
@@ -447,10 +447,10 @@
*/
static struct hip_host_id *parse_hi(char *token, const struct in6_addr *hit)
{
- FILE *fp = NULL;
- int algo;
+ FILE *fp = NULL;
+ int algo;
struct hip_host_id *hi = NULL;
- struct in6_addr temp_hit;
+ struct in6_addr temp_hit;
HIP_DEBUG("parse_hi: hi file: %s\n", token);
fp = fopen(token, "rb");
@@ -607,14 +607,14 @@
static struct rule *parse_rule(char *string)
{
struct rule *rule = NULL;
- char *token;
- int option_found = NO_OPTION;
+ char *token;
+ int option_found = NO_OPTION;
token = strtok(string, " ");
if (token == NULL) {
return NULL;
}
- rule = alloc_empty_rule();
+ rule = alloc_empty_rule();
/* rule needs to start with a hook */
if (!strcmp(token, INPUT_STR)) {
rule->hook = NF_IP6_LOCAL_IN;
@@ -643,7 +643,7 @@
return NULL;
}
option_found = SRC_HIT_OPTION;
- } else if (!strcmp(token, DST_HIT_STR)) {
+ } else if (!strcmp(token, DST_HIT_STR)) {
/* option already defined */
if (rule->dst_hit != NULL) {
HIP_DEBUG("error parsing rule: dst_hit option \n");
@@ -651,7 +651,7 @@
return NULL;
}
option_found = DST_HIT_OPTION;
- } else if (!strcmp(token, SRC_HI_STR)) {
+ } else if (!strcmp(token, SRC_HI_STR)) {
/* option already defined */
if (rule->src_hit == NULL || /* no hit for hi */
!rule->src_hit->boolean || /* negated hit */
@@ -661,7 +661,7 @@
return NULL;
}
option_found = SRC_HI_OPTION;
- } else if (!strcmp(token, TYPE_STR)) {
+ } else if (!strcmp(token, TYPE_STR)) {
/* option already defined */
if (rule->type != NULL) {
HIP_DEBUG("error parsing rule: type option \n");
@@ -669,7 +669,7 @@
return NULL;
}
option_found = TYPE_OPTION;
- } else if (!strcmp(token, STATE_STR)) {
+ } else if (!strcmp(token, STATE_STR)) {
/* option already defined */
if (rule->state != NULL) {
HIP_DEBUG("error parsing rule: state option \n");
@@ -677,7 +677,7 @@
return NULL;
}
option_found = STATE_OPTION;
- } else if (!strcmp(token, VERIFY_RESPONDER_STR)) {
+ } else if (!strcmp(token, VERIFY_RESPONDER_STR)) {
/* related state option must be defined */
if (rule->state == NULL) {
HIP_DEBUG("error parsing rule: %s without %s\n",
@@ -686,7 +686,7 @@
return NULL;
}
rule->state->verify_responder = 1;
- } else if (!strcmp(token, ACCEPT_MOBILE_STR)) {
+ } else if (!strcmp(token, ACCEPT_MOBILE_STR)) {
/* related state option must be defined */
if (rule->state == NULL) {
HIP_DEBUG("error parsing rule: %s without %s\n",
@@ -695,7 +695,7 @@
return NULL;
}
rule->state->accept_mobile = 1;
- } else if (!strcmp(token, DECRYPT_CONTENTS_STR)) {
+ } else if (!strcmp(token, DECRYPT_CONTENTS_STR)) {
/* related state option must be defined */
if (rule->state == NULL) {
HIP_DEBUG("error parsing rule: %s without %s\n",
@@ -704,7 +704,7 @@
return NULL;
}
rule->state->decrypt_contents = 1;
- } else if (!strcmp(token, IN_IF_STR)) {
+ } else if (!strcmp(token, IN_IF_STR)) {
/* option already defined */
/* rule in output hook can't have incoming if */
if (rule->in_if != NULL || rule->hook == NF_IP6_LOCAL_OUT) {
@@ -713,7 +713,7 @@
return NULL;
}
option_found = IN_IF_OPTION;
- } else if (!strcmp(token, OUT_IF_STR)) {
+ } else if (!strcmp(token, OUT_IF_STR)) {
/* option already defined */
/* rule in input hook can't have outcoming if */
if (rule->in_if != NULL || rule->hook == NF_IP6_LOCAL_IN) {
@@ -722,7 +722,7 @@
return NULL;
}
option_found = OUT_IF_OPTION;
- } else if (!strcmp(token, "ACCEPT")) {
+ } else if (!strcmp(token, "ACCEPT")) {
/* target already defined */
if (rule->accept > -1) {
HIP_DEBUG("error parsing rule: target \n");
@@ -731,7 +731,7 @@
}
rule->accept = 1;
break;
- } else if (!strcmp(token, "DROP")) {
+ } else if (!strcmp(token, "DROP")) {
/* target already defined */
if (rule->accept > -1) {
HIP_DEBUG("error parsing rule: target \n");
@@ -756,7 +756,7 @@
return NULL;
}
option_found = NO_OPTION;
- } else if (option_found == DST_HIT_OPTION) {
+ } else if (option_found == DST_HIT_OPTION) {
rule->dst_hit = parse_hit(token);
if (rule->dst_hit == NULL) {
HIP_DEBUG("error parsing rule: dst_hit value \n");
@@ -773,7 +773,7 @@
return NULL;
}
option_found = NO_OPTION;
- } else if (option_found == TYPE_OPTION) {
+ } else if (option_found == TYPE_OPTION) {
rule->type = parse_type(token);
if (rule->type == NULL) {
HIP_DEBUG("error parsing rule: type value \n");
@@ -781,7 +781,7 @@
return NULL;
}
option_found = NO_OPTION;
- } else if (option_found == STATE_OPTION) {
+ } else if (option_found == STATE_OPTION) {
rule->state = parse_state(token);
if (rule->state == NULL) {
HIP_DEBUG("error parsing rule: state value \n");
@@ -789,7 +789,7 @@
return NULL;
}
option_found = NO_OPTION;
- } else if (option_found == IN_IF_OPTION) {
+ } else if (option_found == IN_IF_OPTION) {
rule->in_if = parse_if(token);
if (rule->in_if == NULL) {
HIP_DEBUG("error parsing rule: i value \n");
@@ -797,7 +797,7 @@
return NULL;
}
option_found = NO_OPTION;
- } else if (option_found == OUT_IF_OPTION) {
+ } else if (option_found == OUT_IF_OPTION) {
rule->out_if = parse_if(token);
if (rule->out_if == NULL) {
HIP_DEBUG("error parsing rule: o value \n");
@@ -868,9 +868,9 @@
char line[MAX_LINE_LENGTH];
while (fgets(line, sizeof(line), file)) {
- char *p = NULL;
- char *original_line = NULL;
- struct rule *rule = NULL;
+ char *p = NULL;
+ char *original_line = NULL;
+ struct rule *rule = NULL;
HIP_DEBUG("line read: %s\n", line);
@@ -897,10 +897,10 @@
if (rule->hook == NF_IP6_LOCAL_IN) {
input = append_to_list(input, rule);
print_rule(input->data);
- } else if (rule->hook == NF_IP6_LOCAL_OUT) {
+ } else if (rule->hook == NF_IP6_LOCAL_OUT) {
output = append_to_list(output, rule);
print_rule(output->data);
- } else if (rule->hook == NF_IP6_FORWARD) {
+ } else if (rule->hook == NF_IP6_FORWARD) {
forward = append_to_list(forward, rule);
print_rule(forward->data);
}
=== modified file 'firewall/rule_management.h'
--- firewall/rule_management.h 2010-12-13 19:09:27 +0000
+++ firewall/rule_management.h 2011-01-03 16:06:13 +0000
@@ -44,7 +44,7 @@
struct hit_option {
struct in6_addr value; //hit value
- int boolean; //0 if negation, else 1
+ int boolean; //0 if negation, else 1
};
struct int_option {
@@ -54,16 +54,16 @@
struct state_option {
struct int_option int_opt;
- int verify_responder; /**< 1 if responder signatures are verified */
- int accept_mobile; /**< 1 if state can be established from updates
signalling */
- int decrypt_contents;
+ int verify_responder; /**< 1 if responder signatures are
verified */
+ int accept_mobile; /**< 1 if state can be established from
updates signalling */
+ int decrypt_contents;
};
// can be turned to more generic string option if necessary
//
struct string_option {
char *value;
- int boolean;
+ int boolean;
};
// Pointer values must be NULL if option is not specified.
@@ -71,15 +71,15 @@
// when updating rule structure, update also (at least) free_rule(),
// print_rule(), rules_equal(), copy_rule (), alloc_empty_rule() functions
struct rule {
- struct hit_option *src_hit;
- struct hit_option *dst_hit;
- struct hip_host_id *src_hi;
- struct int_option *type;
- struct state_option *state;
+ struct hit_option *src_hit;
+ struct hit_option *dst_hit;
+ struct hip_host_id *src_hi;
+ struct int_option *type;
+ struct state_option *state;
struct string_option *in_if;
struct string_option *out_if;
- unsigned int hook;
- int accept;
+ unsigned int hook;
+ int accept;
};
/*-------------- RULES ------------*/
=== modified file 'firewall/sysopp.c'
--- firewall/sysopp.c 2010-11-30 14:50:30 +0000
+++ firewall/sysopp.c 2011-01-03 16:06:13 +0000
@@ -79,7 +79,7 @@
const struct in6_addr *local_hit)
{
struct hip_common *msg = NULL;
- int err = 0;
+ int err = 0;
HIP_IFE(!(msg = hip_msg_alloc()), -1);
@@ -117,8 +117,8 @@
static void hip_fw_add_non_hip_peer(const hip_fw_context_t *ctx,
const int verdict)
{
- char command[64];
- char addr_str[INET_ADDRSTRLEN];
+ char command[64];
+ char addr_str[INET_ADDRSTRLEN];
struct in_addr addr_v4;
IPV6_TO_IPV4_MAP(&ctx->dst, &addr_v4);
@@ -160,7 +160,7 @@
const int default_verdict)
{
fw_cache_hl_t *entry_peer = NULL;
- int verdict;
+ int verdict;
HIP_DEBUG("\n");
@@ -203,8 +203,8 @@
*/
int hip_fw_sys_opp_set_peer_hit(const struct hip_common *msg)
{
- int err = 0, state;
- const hip_hit_t *local_hit, *peer_hit;
+ int err = 0, state;
+ const hip_hit_t *local_hit, *peer_hit;
const struct in6_addr *peer_addr;
const struct in6_addr *local_addr;
=== modified file 'firewall/user_ipsec_api.c'
--- firewall/user_ipsec_api.c 2010-11-30 14:50:30 +0000
+++ firewall/user_ipsec_api.c 2011-01-03 16:06:13 +0000
@@ -64,17 +64,17 @@
/* this is the ESP packet we are about to build */
-static unsigned char *esp_packet = NULL;
+static unsigned char *esp_packet = NULL;
/* the original packet before ESP decryption */
static unsigned char *decrypted_packet = NULL;
/* sockets needed in order to reinject the ESP packet into the network stack */
-static int raw_sock_v4 = 0;
-static int raw_sock_v6 = 0;
+static int raw_sock_v4 = 0;
+static int raw_sock_v6 = 0;
/* allows us to make sure that we only init ones */
-static int is_init = 0;
+static int is_init = 0;
/* 0 = hipd does not know that userspace ipsec on */
-static int init_hipd = 0;
+static int init_hipd = 0;
/**
* triggers user ipsec init message for hipd
@@ -115,7 +115,7 @@
// this option allows us to add the IP header ourselves
HIP_IFEL(setsockopt(raw_sock_v4, IPPROTO_IP, IP_HDRINCL, (char *) &on,
sizeof(on)) < 0, -1,
- "setsockopt() error for IPv4 raw socket\n");
+ "setsockopt() error for IPv4 raw socket\n");
// open IPv6 raw socket, no options needed here
raw_sock_v6 = socket(AF_INET6, SOCK_RAW, IPPROTO_RAW);
@@ -218,14 +218,14 @@
// entry matching the peer HIT
hip_sa_entry_t *entry = NULL;
// the routable addresses as used in HIPL
- struct in6_addr preferred_local_addr;
- struct in6_addr preferred_peer_addr;
+ struct in6_addr preferred_local_addr;
+ struct in6_addr preferred_peer_addr;
struct sockaddr_storage preferred_peer_sockaddr;
- struct timeval now;
- uint16_t esp_packet_len = 0;
- int out_ip_version = 0;
- int err = 0;
- const struct ip6_hdr *ip6_hdr = NULL;
+ struct timeval now;
+ uint16_t esp_packet_len = 0;
+ int out_ip_version = 0;
+ int err = 0;
+ const struct ip6_hdr *ip6_hdr = NULL;
/* we should only get HIT addresses here
* LSI have been handled by LSI module before and converted to HITs */
@@ -325,7 +325,7 @@
entry->usetime_ka.tv_usec = now.tv_usec;
// the original packet has to be dropped
- err = 1;
+ err = 1;
}
// now do some esp token maintenance operations
@@ -344,15 +344,15 @@
*/
int hip_fw_userspace_ipsec_input(const hip_fw_context_t *ctx)
{
- struct hip_esp *esp_hdr = NULL;
+ struct hip_esp *esp_hdr = NULL;
struct sockaddr_storage local_sockaddr;
// entry matching the SPI
- hip_sa_entry_t *entry = NULL;
- struct timeval now;
- uint16_t decrypted_packet_len = 0;
- uint32_t spi = 0;
- uint32_t seq_no = 0;
- int err = 0;
+ hip_sa_entry_t *entry = NULL;
+ struct timeval now;
+ uint16_t decrypted_packet_len = 0;
+ uint32_t spi = 0;
+ uint32_t seq_no = 0;
+ int err = 0;
gettimeofday(&now, NULL);
@@ -396,7 +396,7 @@
entry->usetime_ka.tv_usec = now.tv_usec;
// the original packet has to be dropped
- err = 1;
+ err = 1;
}
out_err:
=== modified file 'firewall/user_ipsec_esp.c'
--- firewall/user_ipsec_esp.c 2010-10-15 15:29:14 +0000
+++ firewall/user_ipsec_esp.c 2011-01-03 16:06:13 +0000
@@ -88,11 +88,11 @@
IPV6_TO_IPV4_MAP(dst_addr, &dst_in_addr);
// set changed values
- ip_hdr->ip_v = 4;
+ ip_hdr->ip_v = 4;
/* assume no options */
- ip_hdr->ip_hl = 5;
- ip_hdr->ip_tos = 0;
- ip_hdr->ip_len = packet_len;
+ ip_hdr->ip_hl = 5;
+ ip_hdr->ip_tos = 0;
+ ip_hdr->ip_len = packet_len;
/* assume that we have no fragmentation */
ip_hdr->ip_id = 0;
ip_hdr->ip_off = 0;
@@ -103,7 +103,7 @@
ip_hdr->ip_dst.s_addr = dst_in_addr.s_addr;
/* recalculate the header checksum, does not include payload */
- ip_hdr->ip_sum = checksum_ip(ip_hdr, ip_hdr->ip_hl);
+ ip_hdr->ip_sum = checksum_ip(ip_hdr, ip_hdr->ip_hl);
}
/** adds an IPv6-header to the packet
@@ -149,19 +149,19 @@
hip_sa_entry_t *entry)
{
/* elen is length of data to encrypt */
- uint16_t elen = in_len;
+ uint16_t elen = in_len;
/* length of auth output */
- unsigned int alen = 0;
+ unsigned int alen = 0;
/* initialization vector */
- uint16_t iv_len = 0;
+ uint16_t iv_len = 0;
unsigned char cbc_iv[16];
/* ESP tail information */
- uint16_t pad_len = 0;
+ uint16_t pad_len = 0;
struct hip_esp_tail *esp_tail = NULL;
// offset of the payload counting from the beginning of the esp header
- uint16_t esp_data_offset = 0;
- int i = 0;
- int err = 0;
+ uint16_t esp_data_offset = 0;
+ int i = 0;
+ int err = 0;
esp_data_offset = esp_prot_get_data_offset(entry);
@@ -354,20 +354,20 @@
hip_sa_entry_t *entry)
{
/* elen is length of data to encrypt */
- uint16_t elen = 0;
+ uint16_t elen = 0;
// length of authentication protection field
- uint16_t alen = 0;
+ uint16_t alen = 0;
// authentication data
- unsigned int hmac_md_len;
+ unsigned int hmac_md_len;
unsigned char hmac_md[EVP_MAX_MD_SIZE];
/* initialization vector */
- uint16_t iv_len = 0;
+ uint16_t iv_len = 0;
unsigned char cbc_iv[16];
/* ESP tail information */
struct hip_esp_tail *esp_tail = NULL;
// offset of the payload counting from the beginning of the esp header
- uint16_t esp_data_offset = 0;
- int err = 0;
+ uint16_t esp_data_offset = 0;
+ int err = 0;
// different offset if esp extension used or not
esp_data_offset = esp_prot_get_data_offset(entry);
@@ -552,20 +552,20 @@
unsigned char *esp_packet, uint16_t *esp_packet_len)
{
// some pointers to packet headers
- struct ip *out_ip_hdr = NULL;
- struct ip6_hdr *out_ip6_hdr = NULL;
- struct udphdr *out_udp_hdr = NULL;
- struct hip_esp *out_esp_hdr = NULL;
- unsigned char *in_transport_hdr = NULL;
- uint8_t in_transport_type = 0;
- int next_hdr_offset = 0;
+ struct ip *out_ip_hdr = NULL;
+ struct ip6_hdr *out_ip6_hdr = NULL;
+ struct udphdr *out_udp_hdr = NULL;
+ struct hip_esp *out_esp_hdr = NULL;
+ unsigned char *in_transport_hdr = NULL;
+ uint8_t in_transport_type = 0;
+ int next_hdr_offset = 0;
// length of the data to be encrypted
- uint16_t elen = 0;
+ uint16_t elen = 0;
// length of the esp payload
- uint16_t encryption_len = 0;
+ uint16_t encryption_len = 0;
// length of the hash value used by the esp protection extension
- int esp_prot_hash_length = 0;
- int err = 0;
+ int esp_prot_hash_length = 0;
+ int err = 0;
// distinguish IPv4 and IPv6 output
if (IN6_IS_ADDR_V4MAPPED(preferred_peer_addr)) {
@@ -581,14 +581,14 @@
}
// set up esp header
- out_esp_hdr =
- (struct hip_esp *) (esp_packet + next_hdr_offset);
+ out_esp_hdr =
+ (struct hip_esp *) (esp_packet + next_hdr_offset);
out_esp_hdr->esp_spi = htonl(entry->spi);
out_esp_hdr->esp_seq = htonl(entry->sequence++);
// packet to be re-inserted into network stack has at least
// length of all defined headers
- *esp_packet_len += next_hdr_offset + sizeof(struct hip_esp);
+ *esp_packet_len += next_hdr_offset + sizeof(struct hip_esp);
/* put the esp protection extension hash right behind the header
* (virtual header extension)
@@ -598,7 +598,7 @@
HIP_IFEL(esp_prot_add_hash(esp_packet + *esp_packet_len,
&esp_prot_hash_length,
entry), -1,
- "failed to add the esp protection extension
hash\n");
+ "failed to add the esp protection extension hash\n");
HIP_DEBUG("esp prot hash_length: %i\n", esp_prot_hash_length);
HIP_HEXDUMP("esp prot hash: ", esp_packet + *esp_packet_len,
esp_prot_hash_length);
@@ -611,14 +611,14 @@
/* get pointer to data, right behind IPv6 header
*
* NOTE: we are only dealing with HIT-based (-> IPv6) data traffic */
- in_transport_hdr = ((unsigned char *) ctx->ipq_packet->payload)
- + sizeof(struct ip6_hdr);
+ in_transport_hdr = ((unsigned char *) ctx->ipq_packet->payload)
+ + sizeof(struct ip6_hdr);
in_transport_type = ((struct ip6_hdr *)
ctx->ipq_packet->payload)->ip6_nxt;
/* length of data to be encrypted is length of the original packet
* starting at the transport layer header */
- elen = ctx->ipq_packet->data_len - sizeof(struct ip6_hdr);
+ elen = ctx->ipq_packet->data_len - sizeof(struct ip6_hdr);
/* encrypt data now */
HIP_DEBUG("encrypting data...\n");
@@ -668,7 +668,7 @@
// packet to be re-inserted into network stack has at least
// length of defined headers
- *esp_packet_len += next_hdr_offset + sizeof(struct hip_esp);
+ *esp_packet_len += next_hdr_offset + sizeof(struct hip_esp);
/* put the esp protection extension hash right behind the header
* (virtual header extension)
@@ -677,7 +677,7 @@
* in order to be more flexible about the hash length */
HIP_IFEL(esp_prot_add_hash(esp_packet + *esp_packet_len,
&esp_prot_hash_length, entry), -1,
- "failed to add the esp protection extension
hash\n");
+ "failed to add the esp protection extension hash\n");
HIP_DEBUG("esp prot hash_length: %i\n", esp_prot_hash_length);
HIP_HEXDUMP("esp prot hash: ", esp_packet + *esp_packet_len,
esp_prot_hash_length);
@@ -691,14 +691,14 @@
/* get pointer to data, right behind IPv6 header
*
* NOTE: we are only dealing with HIT-based (-> IPv6) data traffic */
- in_transport_hdr = ((unsigned char *) ctx->ipq_packet->payload)
- + sizeof(struct ip6_hdr);
+ in_transport_hdr = ((unsigned char *) ctx->ipq_packet->payload)
+ + sizeof(struct ip6_hdr);
in_transport_type = ((struct ip6_hdr *)
ctx->ipq_packet->payload)->ip6_nxt;
/* length of data to be encrypted is length of the original packet
* starting at the transport layer header */
- elen = ctx->ipq_packet->data_len - sizeof(struct ip6_hdr);
+ elen = ctx->ipq_packet->data_len - sizeof(struct ip6_hdr);
HIP_DEBUG("encrypting data...\n");
@@ -742,11 +742,11 @@
unsigned char *decrypted_packet,
uint16_t *decrypted_packet_len)
{
- int next_hdr_offset = 0;
+ int next_hdr_offset = 0;
uint16_t esp_len = 0;
uint16_t decrypted_data_len = 0;
- uint8_t next_hdr = 0;
- int err = 0;
+ uint8_t next_hdr = 0;
+ int err = 0;
// the decrypted data will be placed behind the HIT-based IPv6 header
next_hdr_offset = sizeof(struct ip6_hdr);
=== modified file 'firewall/user_ipsec_fw_msg.c'
--- firewall/user_ipsec_fw_msg.c 2010-11-30 14:50:30 +0000
+++ firewall/user_ipsec_fw_msg.c 2011-01-03 16:06:13 +0000
@@ -59,7 +59,7 @@
*/
int send_userspace_ipsec_to_hipd(const int activate)
{
- int err = 0;
+ int err = 0;
struct hip_common *msg = NULL;
HIP_IFEL(!(msg = malloc(HIP_MAX_PACKET)), -1,
@@ -110,39 +110,39 @@
*/
int handle_sa_add_request(const struct hip_common *msg)
{
- const struct hip_tlv_common *param = NULL;
- const struct in6_addr *src_addr = NULL, *dst_addr = NULL;
- const struct in6_addr *src_hit = NULL, *dst_hit = NULL;
- uint32_t spi = 0;
- int ealg = 0, err = 0;
- const struct hip_crypto_key *enc_key = NULL, *auth_key = NULL;
- int retransmission = 0, direction = 0, update = 0;
- uint16_t local_port = 0, peer_port = 0;
- uint8_t encap_mode = 0, esp_prot_transform = 0;
- uint32_t hash_item_length = 0;
- uint16_t esp_num_anchors;
- unsigned char esp_prot_anchors[MAX_NUM_PARALLEL_HCHAINS][MAX_HASH_LENGTH];
+ const struct hip_tlv_common *param = NULL;
+ const struct in6_addr *src_addr = NULL, *dst_addr = NULL;
+ const struct in6_addr *src_hit = NULL, *dst_hit = NULL;
+ uint32_t spi = 0;
+ int ealg = 0, err = 0;
+ const struct hip_crypto_key *enc_key = NULL, *auth_key = NULL;
+ int retransmission = 0, direction = 0, update =
0;
+ uint16_t local_port = 0, peer_port = 0;
+ uint8_t encap_mode = 0, esp_prot_transform = 0;
+ uint32_t hash_item_length = 0;
+ uint16_t esp_num_anchors;
+ unsigned char
esp_prot_anchors[MAX_NUM_PARALLEL_HCHAINS][MAX_HASH_LENGTH];
/* get all attributes from the message */
- param = hip_get_param(msg, HIP_PARAM_IPV6_ADDR);
- src_addr = hip_get_param_contents_direct(param);
+ param = hip_get_param(msg, HIP_PARAM_IPV6_ADDR);
+ src_addr = hip_get_param_contents_direct(param);
HIP_DEBUG_IN6ADDR("Source IP address: ", src_addr);
- param = hip_get_next_param(msg, param);
- dst_addr = hip_get_param_contents_direct(param);
+ param = hip_get_next_param(msg, param);
+ dst_addr = hip_get_param_contents_direct(param);
HIP_DEBUG_IN6ADDR("Destination IP address : ", dst_addr);
- param = hip_get_param(msg, HIP_PARAM_HIT);
- src_hit = hip_get_param_contents_direct(param);
+ param = hip_get_param(msg, HIP_PARAM_HIT);
+ src_hit = hip_get_param_contents_direct(param);
HIP_DEBUG_HIT("Source Hit: ", src_hit);
- param = hip_get_next_param(msg, param);
- dst_hit = hip_get_param_contents_direct(param);
+ param = hip_get_next_param(msg, param);
+ dst_hit = hip_get_param_contents_direct(param);
HIP_DEBUG_HIT("Destination HIT: ", dst_hit);
- param = hip_get_param(msg, HIP_PARAM_UINT);
- spi = *((const uint32_t *) hip_get_param_contents_direct(param));
+ param = hip_get_param(msg, HIP_PARAM_UINT);
+ spi = *((const uint32_t *) hip_get_param_contents_direct(param));
HIP_DEBUG("the spi value is : 0x%lx \n", spi);
param = hip_get_next_param(msg, param);
@@ -153,8 +153,8 @@
local_port = *((const uint16_t *) hip_get_param_contents_direct(param));
HIP_DEBUG("the local_port value is %u \n", local_port);
- param = hip_get_next_param(msg, param);
- peer_port = *((const uint16_t *) hip_get_param_contents_direct(param));
+ param = hip_get_next_param(msg, param);
+ peer_port = *((const uint16_t *) hip_get_param_contents_direct(param));
HIP_DEBUG("the peer_port value is %u \n", peer_port);
/* parse the esp protection extension parameters */
@@ -162,28 +162,28 @@
&esp_num_anchors,
esp_prot_anchors, &hash_item_length),
-1, "failed to retrieve esp prot anchor\n");
- param = hip_get_param(msg, HIP_PARAM_KEYS);
- enc_key = hip_get_param_contents_direct(param);
+ param = hip_get_param(msg, HIP_PARAM_KEYS);
+ enc_key = hip_get_param_contents_direct(param);
HIP_HEXDUMP("crypto key:", enc_key, sizeof(struct hip_crypto_key));
- param = hip_get_next_param(msg, param);
- auth_key = hip_get_param_contents_direct(param);
+ param = hip_get_next_param(msg, param);
+ auth_key = hip_get_param_contents_direct(param);
HIP_HEXDUMP("auth key:", auth_key, sizeof(struct hip_crypto_key));
- param = hip_get_param(msg, HIP_PARAM_INT);
- ealg = *((const int *) hip_get_param_contents_direct(param));
+ param = hip_get_param(msg, HIP_PARAM_INT);
+ ealg = *((const int *) hip_get_param_contents_direct(param));
HIP_DEBUG("ealg value is %d \n", ealg);
param = hip_get_next_param(msg, param);
retransmission = *((const int *) hip_get_param_contents_direct(param));
HIP_DEBUG("already_acquired value is %d \n", retransmission);
- param = hip_get_next_param(msg, param);
- direction = *((const int *) hip_get_param_contents_direct(param));
+ param = hip_get_next_param(msg, param);
+ direction = *((const int *) hip_get_param_contents_direct(param));
HIP_DEBUG("the direction value is %d \n", direction);
- param = hip_get_next_param(msg, param);
- update = *((const int *) hip_get_param_contents_direct(param));
+ param = hip_get_next_param(msg, param);
+ update = *((const int *) hip_get_param_contents_direct(param));
HIP_DEBUG("the update value is %d \n", update);
HIP_IFEL(hip_sadb_add(direction, spi, BEET_MODE, src_addr, dst_addr,
@@ -205,37 +205,37 @@
*/
int handle_sa_delete_request(const struct hip_common *msg)
{
- const struct hip_tlv_common *param = NULL;
- uint32_t spi = 0;
- const struct in6_addr *peer_addr = NULL;
- const struct in6_addr *dst_addr = NULL;
- int family = 0, src_port = 0, dst_port = 0;
- int err = 0;
+ const struct hip_tlv_common *param = NULL;
+ uint32_t spi = 0;
+ const struct in6_addr *peer_addr = NULL;
+ const struct in6_addr *dst_addr = NULL;
+ int family = 0, src_port = 0, dst_port = 0;
+ int err = 0;
/* get all attributes from the message */
- param = hip_get_param(msg, HIP_PARAM_UINT);
- spi = *((const uint32_t *) hip_get_param_contents_direct(param));
+ param = hip_get_param(msg, HIP_PARAM_UINT);
+ spi = *((const uint32_t *) hip_get_param_contents_direct(param));
HIP_DEBUG("spi value: 0x%lx \n", spi);
param = hip_get_param(msg, HIP_PARAM_IPV6_ADDR);
peer_addr = hip_get_param_contents_direct(param);
HIP_DEBUG_IN6ADDR("peer address: ", peer_addr);
- param = hip_get_next_param(msg, param);
- dst_addr = hip_get_param_contents_direct(param);
+ param = hip_get_next_param(msg, param);
+ dst_addr = hip_get_param_contents_direct(param);
HIP_DEBUG_IN6ADDR("dst address: ", dst_addr);
- param = hip_get_param(msg, HIP_PARAM_INT);
- family = *((const int *) hip_get_param_contents_direct(param));
+ param = hip_get_param(msg, HIP_PARAM_INT);
+ family = *((const int *) hip_get_param_contents_direct(param));
HIP_DEBUG("family: %i\n", family);
- param = hip_get_next_param(msg, param);
- src_port = *((const int *) hip_get_param_contents_direct(param));
+ param = hip_get_next_param(msg, param);
+ src_port = *((const int *) hip_get_param_contents_direct(param));
HIP_DEBUG("src_port: %i\n", src_port);
- param = hip_get_next_param(msg, param);
- dst_port = *((const int *) hip_get_param_contents_direct(param));
+ param = hip_get_next_param(msg, param);
+ dst_port = *((const int *) hip_get_param_contents_direct(param));
HIP_DEBUG("dst_port: %i\n", dst_port);
/* work-around due to broken sa_delete in hipd */
=== modified file 'firewall/user_ipsec_sadb.c'
--- firewall/user_ipsec_sadb.c 2010-11-30 14:50:30 +0000
+++ firewall/user_ipsec_sadb.c 2011-01-03 16:06:13 +0000
@@ -70,13 +70,13 @@
/* Structure for demultiplexing inbound ipsec packets, indexed by dst_addr and
spi */
typedef struct hip_link_entry {
- struct in6_addr dst_addr; /* destination address of outer IP
header */
- uint32_t spi; /* ipsec spi, needed for demultiplexing
incoming packets */
- hip_sa_entry_t * linked_sa_entry; /* direct link to sa entry */
+ struct in6_addr dst_addr; /* destination address of outer IP
header */
+ uint32_t spi; /* ipsec spi, needed for demultiplexing
incoming packets */
+ hip_sa_entry_t *linked_sa_entry; /* direct link to sa entry */
} hip_link_entry_t;
/* database storing the sa entries, indexed by src _and_ dst hits */
-HIP_HASHTABLE *sadb = NULL;
+HIP_HASHTABLE *sadb = NULL;
/* database storing shortcuts to sa entries for incoming packets */
HIP_HASHTABLE *linkdb = NULL;
@@ -90,8 +90,8 @@
static unsigned long hip_sa_entry_hash(const hip_sa_entry_t *sa_entry)
{
struct in6_addr addr_pair[2]; /* in BEET-mode these are HITs
*/
- unsigned char hash[INDEX_HASH_LENGTH];
- int err = 0;
+ unsigned char hash[INDEX_HASH_LENGTH];
+ int err = 0;
memset(&hash, 0, INDEX_HASH_LENGTH);
@@ -113,7 +113,7 @@
HIP_IFEL(hip_build_digest(INDEX_HASH_FN, addr_pair,
2 * sizeof(struct in6_addr), hash), -1,
- "failed to hash addresses\n");
+ "failed to hash addresses\n");
out_err:
if (err) {
@@ -160,10 +160,10 @@
*/
static unsigned long hip_link_entry_hash(const hip_link_entry_t *link_entry)
{
- int input_length = sizeof(struct in6_addr) + sizeof(uint32_t);
+ int input_length = sizeof(struct in6_addr) + sizeof(uint32_t);
unsigned char hash_input[input_length];
unsigned char hash[INDEX_HASH_LENGTH];
- int err = 0;
+ int err = 0;
// values have to be present
HIP_ASSERT(link_entry != NULL && link_entry->spi != 0);
@@ -236,9 +236,9 @@
static hip_link_entry_t * hip_link_entry_find(const struct in6_addr *dst_addr,
uint32_t spi)
{
- hip_link_entry_t search_link;
+ hip_link_entry_t search_link;
hip_link_entry_t *stored_link = NULL;
- int err = 0;
+ int err = 0;
// search the linkdb for the link to the corresponding entry
memcpy(&search_link.dst_addr, dst_addr, sizeof(struct in6_addr));
@@ -269,7 +269,7 @@
static int hip_link_entry_add(struct in6_addr *dst_addr, hip_sa_entry_t *entry)
{
hip_link_entry_t *link = NULL;
- int err = 0;
+ int err = 0;
HIP_IFEL(!(link = malloc(sizeof(hip_link_entry_t))),
-1, "failed to allocate memory\n");
@@ -295,7 +295,7 @@
static int hip_link_entry_delete(struct in6_addr *dst_addr, uint32_t spi)
{
hip_link_entry_t *stored_link = NULL;
- int err = 0;
+ int err = 0;
// find link entry and free members
HIP_IFEL(!(stored_link = hip_link_entry_find(dst_addr, spi)), -1,
@@ -360,10 +360,10 @@
unsigned char (*esp_prot_anchors)[MAX_HASH_LENGTH],
int update)
{
- int key_len = 0; /* for 3-DES */
+ int key_len = 0; /* for 3-DES */
unsigned char key1[8], key2[8], key3[8]; /* for 3-DES */
- int enc_key_changed = 0;
- int err = 0;
+ int enc_key_changed = 0;
+ int err = 0;
// TODO handle update case with credit-based authentication
// -> introduce backup of spi and keying material
@@ -382,7 +382,7 @@
entry->src_port = src_port;
entry->dst_port = dst_port;
- entry->ealg = ealg;
+ entry->ealg = ealg;
// copy raw keys, if they changed
if (memcmp(entry->auth_key, auth_key, hip_auth_key_length_esp(ealg))) {
@@ -391,7 +391,6 @@
if (hip_enc_key_length(ealg) > 0 && memcmp(entry->enc_key, enc_key,
hip_enc_key_length(ealg))) {
-
memcpy(entry->enc_key, enc_key, hip_enc_key_length(ealg));
enc_key_changed = 1;
}
@@ -465,7 +464,7 @@
HIP_IFEL(esp_prot_sa_entry_set(entry, esp_prot_transform, hash_item_length,
esp_num_anchors, esp_prot_anchors, update),
- -1, "failed to set esp protection members\n");
+ -1, "failed to set esp protection members\n");
out_err:
return err;
@@ -516,12 +515,12 @@
int update)
{
hip_sa_entry_t *stored_entry = NULL;
- int err = 0;
+ int err = 0;
// we need the sadb entry to go through entries in the linkdb
HIP_IFEL(!(stored_entry = hip_sa_entry_find_outbound(inner_src_addr,
inner_dst_addr)), -1,
- "failed to retrieve
sa entry\n");
+ "failed to retrieve sa entry\n");
/* delete all links
*
@@ -537,7 +536,7 @@
enc_key, lifetime, esp_prot_transform,
hash_item_length, esp_num_anchors,
esp_prot_anchors, update),
- -1, "failed to update the entry members\n");
+ -1, "failed to update the entry members\n");
HIP_IFEL(hip_link_entry_add(&stored_entry->dst_addr, stored_entry), -1,
"failed to add links\n");
@@ -604,7 +603,7 @@
int update)
{
hip_sa_entry_t *entry = NULL;
- int err = 0;
+ int err = 0;
/* initialize members to 0/NULL */
HIP_IFEL(!(entry = malloc(sizeof(hip_sa_entry_t))), -1,
@@ -661,7 +660,7 @@
static int hip_sa_entry_delete(struct in6_addr *src_addr, struct in6_addr
*dst_addr)
{
hip_sa_entry_t *stored_entry = NULL;
- int err = 0;
+ int err = 0;
/* find entry in sadb and delete entries in linkdb for all (addr,
spi)-matches */
HIP_IFEL(!(stored_entry = hip_sa_entry_find_outbound(src_addr, dst_addr)),
-1,
@@ -763,10 +762,10 @@
unsigned char (*esp_prot_anchors)[MAX_HASH_LENGTH],
UNUSED int retransmission, int update)
{
- int err = 0;
+ int err = 0;
const struct in6_addr *check_local_hit = NULL;
- struct in6_addr *default_hit = NULL;
- in_port_t src_port, dst_port;
+ struct in6_addr *default_hit = NULL;
+ in_port_t src_port, dst_port;
/* TODO handle retransmission correctly */
@@ -819,7 +818,7 @@
int hip_sadb_delete(const struct in6_addr *dst_addr, uint32_t spi)
{
hip_sa_entry_t *entry = NULL;
- int err = 0;
+ int err = 0;
HIP_IFEL(!(entry = hip_sa_entry_find_inbound(dst_addr, spi)), -1,
"failed to retrieve sa entry\n");
@@ -838,8 +837,8 @@
*/
int hip_sadb_flush(void)
{
- int err = 0, i = 0;
- hip_list_t *item = NULL, *tmp = NULL;
+ int err = 0, i = 0;
+ hip_list_t *item = NULL, *tmp = NULL;
hip_sa_entry_t *entry = NULL;
// iterating over all elements
@@ -865,9 +864,9 @@
*/
hip_sa_entry_t *hip_sa_entry_find_inbound(const struct in6_addr *dst_addr,
uint32_t spi)
{
- hip_link_entry_t *stored_link = NULL;
- hip_sa_entry_t *stored_entry = NULL;
- int err = 0;
+ hip_link_entry_t *stored_link = NULL;
+ hip_sa_entry_t *stored_entry = NULL;
+ int err = 0;
HIP_IFEL(!(stored_link = hip_link_entry_find(dst_addr, spi)), -1,
"failed to find link entry\n");
@@ -892,9 +891,9 @@
hip_sa_entry_t *hip_sa_entry_find_outbound(const struct in6_addr *src_hit,
const struct in6_addr *dst_hit)
{
- hip_sa_entry_t search_entry;
+ hip_sa_entry_t search_entry;
hip_sa_entry_t *stored_entry = NULL;
- int err = 0;
+ int err = 0;
// fill search entry with information needed by the hash function
memcpy(&search_entry.inner_src_addr, src_hit, sizeof(struct in6_addr));
=== modified file 'firewall/user_ipsec_sadb.h'
--- firewall/user_ipsec_sadb.h 2010-10-15 15:29:14 +0000
+++ firewall/user_ipsec_sadb.h 2011-01-03 16:06:13 +0000
@@ -52,16 +52,16 @@
/* IPsec Security Association entry */
typedef struct hip_sa_entry {
- int direction; /* direction of the SA:
inbound/outbound */
- uint32_t spi; /* IPsec SPI number */
- uint32_t mode; /* ESP mode : 1-transport,
2-tunnel, 3-beet */
- struct in6_addr src_addr; /* source address of outer IP
header */
- struct in6_addr dst_addr; /* destination address of outer IP
header */
- struct in6_addr inner_src_addr; /* inner source addresses for
tunnel and BEET SAs */
- struct in6_addr inner_dst_addr; /* inner destination addresses for
tunnel and BEET SAs */
- uint8_t encap_mode; /* encapsulation mode: 0 - none, 1
- udp */
- uint16_t src_port; /* src port for UDP encaps. ESP */
- uint16_t dst_port; /* dst port for UDP encaps. ESP */
+ int direction; /* direction of the SA:
inbound/outbound */
+ uint32_t spi; /* IPsec SPI number */
+ uint32_t mode; /* ESP mode : 1-transport,
2-tunnel, 3-beet */
+ struct in6_addr src_addr; /* source address of outer IP
header */
+ struct in6_addr dst_addr; /* destination address of outer IP
header */
+ struct in6_addr inner_src_addr; /* inner source addresses for
tunnel and BEET SAs */
+ struct in6_addr inner_dst_addr; /* inner destination addresses for
tunnel and BEET SAs */
+ uint8_t encap_mode; /* encapsulation mode: 0 - none, 1
- udp */
+ uint16_t src_port; /* src port for UDP encaps. ESP */
+ uint16_t dst_port; /* dst port for UDP encaps. ESP */
/****************** crypto parameters *******************/
int ealg; /* crypto transform in use */
struct hip_crypto_key *auth_key; /* raw authentication key */
@@ -70,23 +70,23 @@
AES_KEY aes_key; /* AES key */
BF_KEY bf_key; /* BLOWFISH key */
/******************** statistics *************************/
- uint64_t lifetime; /* seconds until expiration */
- uint64_t bytes; /* bytes transmitted */
- struct timeval usetime; /* last used timestamp */
- struct timeval usetime_ka; /* last used timestamp, including
keep-alives */
- uint32_t sequence; /* ESP sequence number counter */
+ uint64_t lifetime; /* seconds until expiration */
+ uint64_t bytes; /* bytes transmitted */
+ struct timeval usetime; /* last used timestamp */
+ struct timeval usetime_ka; /* last used timestamp, including
keep-alives */
+ uint32_t sequence; /* ESP sequence number counter */
/*********** esp protection extension params *************/
/* for both directions */
- uint8_t esp_prot_transform; /* mode used for securing ipsec
traffic */
+ uint8_t esp_prot_transform; /* mode used for securing ipsec
traffic */
/* for outbound direction */
- void * active_hash_items[MAX_NUM_PARALLEL_HCHAINS]; /*
active item can be a hchain or a htree */
- void * next_hash_items[MAX_NUM_PARALLEL_HCHAINS]; /*
update item can be a hchain or a htree */
- int active_item_length; /* length of the active hash
item */
- int update_item_length; /* length of the update hash
item */
- uint8_t update_item_acked[MAX_NUM_PARALLEL_HCHAINS]; /* ack
from peer that update succeeded */
- int last_used_chain; /* in case of parallel hchains,
stores last used for round robin */
- esp_cumulative_item_t hash_buffer[MAX_RING_BUFFER_SIZE]; /* packet
hash buffer for the cumulative packet auth */
- uint32_t next_free; /* next buffer entry to be
used for cumulative packet auth */
+ void *active_hash_items[MAX_NUM_PARALLEL_HCHAINS]; /*
active item can be a hchain or a htree */
+ void *next_hash_items[MAX_NUM_PARALLEL_HCHAINS]; /*
update item can be a hchain or a htree */
+ int active_item_length; /* length of the active hash
item */
+ int update_item_length; /* length of the update hash
item */
+ uint8_t update_item_acked[MAX_NUM_PARALLEL_HCHAINS]; /* ack
from peer that update succeeded */
+ int last_used_chain; /* in case of parallel hchains,
stores last used for round robin */
+ esp_cumulative_item_t hash_buffer[MAX_RING_BUFFER_SIZE]; /* packet
hash buffer for the cumulative packet auth */
+ uint32_t next_free; /* next buffer entry to be
used for cumulative packet auth */
} hip_sa_entry_t;
int hip_sadb_init(void);
=== modified file 'hipd/accessor.c'
--- hipd/accessor.c 2010-10-15 15:29:14 +0000
+++ hipd/accessor.c 2011-01-03 16:06:13 +0000
@@ -38,7 +38,7 @@
#include "accessor.h"
#include "hipd.h"
-unsigned int hipd_state = HIPD_STATE_CLOSED;
+unsigned int hipd_state = HIPD_STATE_CLOSED;
/**
* Set global daemon state.
=== modified file 'hipd/accessor.h'
--- hipd/accessor.h 2010-10-15 15:29:14 +0000
+++ hipd/accessor.h 2011-01-03 16:06:13 +0000
@@ -54,4 +54,3 @@
void hipd_set_flag(unsigned int);
#endif /* HIP_HIPD_ACCESSOR_H */
-
=== modified file 'hipd/cert.c'
--- hipd/cert.c 2010-12-30 21:49:52 +0000
+++ hipd/cert.c 2011-01-03 16:06:13 +0000
@@ -77,25 +77,25 @@
*/
int hip_cert_spki_sign(struct hip_common *msg)
{
- int err = 0, sig_len = 0, algo = 0, t = 0;
+ int err = 0, sig_len = 0, algo = 0, t = 0;
const struct hip_cert_spki_info *p_cert;
- struct hip_cert_spki_info *cert;
- struct hip_host_id *host_id = NULL;
- unsigned char sha_digest[21];
- unsigned char *signature_b64 = NULL;
- unsigned char *digest_b64 = NULL;
- unsigned char *sha_retval;
- uint8_t *signature = NULL;
- DSA_SIG *dsa_sig = NULL;
+ struct hip_cert_spki_info *cert;
+ struct hip_host_id *host_id = NULL;
+ unsigned char sha_digest[21];
+ unsigned char *signature_b64 = NULL;
+ unsigned char *digest_b64 = NULL;
+ unsigned char *sha_retval;
+ uint8_t *signature = NULL;
+ DSA_SIG *dsa_sig = NULL;
/* RSA needed variables */
- RSA *rsa = NULL;
- unsigned char *e_bin = NULL, *n_bin = NULL;
- unsigned char *e_hex = NULL, *n_b64 = NULL;
+ RSA *rsa = NULL;
+ unsigned char *e_bin = NULL, *n_bin = NULL;
+ unsigned char *e_hex = NULL, *n_b64 = NULL;
/* DSA needed variables */
- DSA *dsa = NULL;
- unsigned char *p_bin = NULL, *q_bin = NULL, *g_bin = NULL, *y_bin
= NULL;
- unsigned char *p_b64 = NULL, *q_b64 = NULL, *g_b64 = NULL, *y_b64
= NULL;
+ DSA *dsa = NULL;
+ unsigned char *p_bin = NULL, *q_bin = NULL, *g_bin = NULL, *y_bin = NULL;
+ unsigned char *p_b64 = NULL, *q_b64 = NULL, *g_b64 = NULL, *y_b64 = NULL;
cert = malloc(sizeof(struct hip_cert_spki_info));
HIP_IFEL((!cert), -1, "Malloc for cert failed\n");
@@ -130,14 +130,14 @@
HIP_IFEL((!signature_b64), -1, "Malloc for signature_b64 failed\n");
memset(signature_b64, 0, RSA_size(rsa));
- n_bin = malloc(RSA_size(rsa) + 1);
+ n_bin = malloc(RSA_size(rsa) + 1);
HIP_IFEL((!n_bin), -1, "Malloc for n_bin failed\n");
- n_b64 = malloc(RSA_size(rsa) + 20);
+ n_b64 = malloc(RSA_size(rsa) + 20);
HIP_IFEL((!n_b64), -1, "Malloc for n_b64 failed\n");
memset(n_b64, 0, (RSA_size(rsa) + 20));
- e_bin = malloc(BN_num_bytes(rsa->e) + 1);
+ e_bin = malloc(BN_num_bytes(rsa->e) + 1);
HIP_IFEL((!e_bin), -1, "Malloc for e_bin failed\n");
memset(e_bin, 0, (BN_num_bytes(rsa->e) + 1));
@@ -151,31 +151,31 @@
(unsigned int *) &sig_len, rsa);
HIP_IFEL((err = err == 0 ? -1 : 0), -1, "RSA_sign error\n");
} else if (algo == HIP_HI_DSA) {
- p_bin = malloc(BN_num_bytes(dsa->p) + 1);
+ p_bin = malloc(BN_num_bytes(dsa->p) + 1);
HIP_IFEL((!p_bin), -1, "Malloc for p_bin failed\n");
- q_bin = malloc(BN_num_bytes(dsa->q) + 1);
+ q_bin = malloc(BN_num_bytes(dsa->q) + 1);
HIP_IFEL((!q_bin), -1, "Malloc for q_bin failed\n");
- g_bin = malloc(BN_num_bytes(dsa->g) + 1);
+ g_bin = malloc(BN_num_bytes(dsa->g) + 1);
HIP_IFEL((!g_bin), -1, "Malloc for g_bin failed\n");
- y_bin = malloc(BN_num_bytes(dsa->pub_key) + 1);
+ y_bin = malloc(BN_num_bytes(dsa->pub_key) + 1);
HIP_IFEL((!y_bin), -1, "Malloc for y_bin failed\n");
- p_b64 = malloc(BN_num_bytes(dsa->p) + 20);
+ p_b64 = malloc(BN_num_bytes(dsa->p) + 20);
HIP_IFEL((!p_b64), -1, "Malloc for p_b64 failed\n");
- q_b64 = malloc(BN_num_bytes(dsa->q) + 20);
+ q_b64 = malloc(BN_num_bytes(dsa->q) + 20);
HIP_IFEL((!q_b64), -1, "Malloc for q_b64 failed\n");
- g_b64 = malloc(BN_num_bytes(dsa->g) + 20);
+ g_b64 = malloc(BN_num_bytes(dsa->g) + 20);
HIP_IFEL((!g_b64), -1, "Malloc for g_b64 failed\n");
- y_b64 = malloc(BN_num_bytes(dsa->pub_key) + 20);
+ y_b64 = malloc(BN_num_bytes(dsa->pub_key) + 20);
HIP_IFEL((!y_b64), -1, "Malloc for y_b64 failed\n");
- signature = malloc(HIP_DSA_SIG_SIZE);
+ signature = malloc(HIP_DSA_SIG_SIZE);
memset(signature, 0, HIP_DSA_SIG_SIZE);
t = BN_num_bytes(dsa->p);
@@ -186,7 +186,7 @@
dsa_sig = DSA_do_sign(sha_digest, SHA_DIGEST_LENGTH, dsa);
bn2bin_safe(dsa_sig->r, &signature[1], DSA_PRIV);
bn2bin_safe(dsa_sig->s, &signature[1 + DSA_PRIV], DSA_PRIV);
- sig_len = SHA_DIGEST_LENGTH + DSA_PRIV * 2;
+ sig_len = SHA_DIGEST_LENGTH + DSA_PRIV * 2;
} else {
HIP_IFEL(1 == 0, -1, "Unknown algorithm for signing\n");
}
@@ -319,31 +319,31 @@
*/
int hip_cert_spki_verify(struct hip_common *msg)
{
- int err = 0, start = 0, stop = 0, evpret = 0, keylen = 0, algo = 0;
+ int err = 0, start = 0, stop = 0, evpret = 0, keylen = 0, algo = 0;
char buf[200];
- unsigned char sha_digest[21];
+ unsigned char sha_digest[21];
unsigned char *sha_retval;
unsigned char *signature_hash = NULL;
unsigned char *signature_hash_b64 = NULL;
unsigned char *signature_b64 = NULL;
const struct hip_cert_spki_info *p_cert;
- struct hip_cert_spki_info *cert = NULL;
- unsigned char *signature = NULL;
+ struct hip_cert_spki_info *cert = NULL;
+ unsigned char *signature = NULL;
/** RSA */
- RSA *rsa = NULL;
- unsigned long e_code;
- char *e_hex = NULL;
- unsigned char *modulus_b64 = NULL;
- unsigned char *modulus = NULL;
+ RSA *rsa = NULL;
+ unsigned long e_code;
+ char *e_hex = NULL;
+ unsigned char *modulus_b64 = NULL;
+ unsigned char *modulus = NULL;
/** DSA */
- DSA *dsa = NULL;
- unsigned char *p_bin = NULL, *q_bin = NULL, *g_bin = NULL,
*y_bin = NULL;
- unsigned char *p_b64 = NULL, *q_b64 = NULL, *g_b64 = NULL,
*y_b64 = NULL;
- DSA_SIG *dsa_sig = NULL;
+ DSA *dsa = NULL;
+ unsigned char *p_bin = NULL, *q_bin = NULL, *g_bin = NULL, *y_bin = NULL;
+ unsigned char *p_b64 = NULL, *q_b64 = NULL, *g_b64 = NULL, *y_b64 = NULL;
+ DSA_SIG *dsa_sig = NULL;
/* rules for regular expressions */
@@ -362,47 +362,47 @@
* Look for pattern "(p |" and stop when first "|"
* anything in base 64 is accepted inbetween
*/
- char p_rule[] = "[(][p][ ][|][[A-Za-z0-9+/()#=-]*[|]";
+ char p_rule[] = "[(][p][ ][|][[A-Za-z0-9+/()#=-]*[|]";
/*
* Rule to get DSA q
* Look for pattern "(q |" and stop when first "|"
* anything in base 64 is accepted inbetween
*/
- char q_rule[] = "[(][q][ ][|][[A-Za-z0-9+/()#=-]*[|]";
+ char q_rule[] = "[(][q][ ][|][[A-Za-z0-9+/()#=-]*[|]";
/*
* Rule to get DSA g
* Look for pattern "(g |" and stop when first "|"
* anything in base 64 is accepted inbetween
*/
- char g_rule[] = "[(][g][ ][|][[A-Za-z0-9+/()#=-]*[|]";
+ char g_rule[] = "[(][g][ ][|][[A-Za-z0-9+/()#=-]*[|]";
/*
* Rule to get DSA y / pub_key
* Look for pattern "(y |" and stop when first "|"
* anything in base 64 is accepted inbetween
*/
- char y_rule[] = "[(][y][ ][|][[A-Za-z0-9+/()#=-]*[|]";
+ char y_rule[] = "[(][y][ ][|][[A-Za-z0-9+/()#=-]*[|]";
/*
* rule to get the public exponent RSA
* Look for the part that says # and after that some hex blob and #
*/
- char e_rule[] = "[#][0-9A-Fa-f]*[#]";
+ char e_rule[] = "[#][0-9A-Fa-f]*[#]";
/*
* rule to get the public modulus RSA
* Look for the part that starts with '|' and after that anything
* that is in base 64 char set and then '|' again
*/
- char n_rule[] = "[|][A-Za-z0-9+/()#=-]*[|]";
+ char n_rule[] = "[|][A-Za-z0-9+/()#=-]*[|]";
/*
* rule to get the signature hash
* Look for the similar than the n_rule
*/
- char h_rule[] = "[|][A-Za-z0-9+/()#=-]*[|]";
+ char h_rule[] = "[|][A-Za-z0-9+/()#=-]*[|]";
/*
* rule to get the signature
@@ -410,7 +410,7 @@
* and stops to '|' char remember to add and subtract 2 from
* the indexes below
*/
- char s_rule[] = "[)][|][A-Za-z0-9+/()#=-]*[|]";
+ char s_rule[] = "[)][|][A-Za-z0-9+/()#=-]*[|]";
cert = malloc(sizeof(struct hip_cert_spki_info));
HIP_IFEL((!cert), -1, "Malloc for cert failed\n");
@@ -456,13 +456,13 @@
(char *) &cert->public_key[start + 1]);
/* public modulus */
- start = stop = 0;
+ start = stop = 0;
HIP_IFEL(hip_cert_regex(n_rule, cert->public_key, &start, &stop), -1,
"Failed to run hip_cert_regex (modulus)\n");
modulus_b64 = malloc(stop - start + 1);
HIP_IFEL((!modulus_b64), -1, "Malloc for modulus_b64 failed\n");
memset(modulus_b64, 0, (stop - start + 1));
- modulus = malloc(stop - start + 1);
+ modulus = malloc(stop - start + 1);
HIP_IFEL((!modulus), -1, "Malloc for modulus failed\n");
memset(modulus, 0, (stop - start + 1));
snprintf((char *) modulus_b64, (stop - start - 1), "%s",
@@ -481,7 +481,7 @@
}
signature = malloc(keylen);
HIP_IFEL((!signature), -1, "Malloc for signature failed.\n");
- rsa->n = BN_bin2bn(modulus, keylen, 0);
+ rsa->n = BN_bin2bn(modulus, keylen, 0);
} else if (algo == HIP_HI_DSA) {
/* malloc space for new dsa */
dsa = DSA_new();
@@ -504,13 +504,13 @@
evpret = EVP_DecodeBlock(p_bin, p_b64, strlen((char *) p_b64));
/* dsa->q */
- start = stop = 0;
+ start = stop = 0;
HIP_IFEL(hip_cert_regex(q_rule, cert->public_key, &start, &stop), -1,
"Failed to run hip_cert_regex dsa->q\n");
- q_b64 = malloc(stop - start + 1);
+ q_b64 = malloc(stop - start + 1);
HIP_IFEL((!q_b64), -1, "Malloc for q_b64 failed\n");
memset(q_b64, 0, (stop - start + 1));
- q_bin = malloc(stop - start + 1);
+ q_bin = malloc(stop - start + 1);
HIP_IFEL((!q_bin), -1, "Malloc for q_bin failed\n");
memset(q_bin, 0, (stop - start + 1));
snprintf((char *) q_b64, (stop - start - 1), "%s",
@@ -518,13 +518,13 @@
evpret = EVP_DecodeBlock(q_bin, q_b64, strlen((char *) q_b64));
/* dsa->g */
- start = stop = 0;
+ start = stop = 0;
HIP_IFEL(hip_cert_regex(g_rule, cert->public_key, &start, &stop), -1,
"Failed to run hip_cert_regex dsa->g\n");
- g_b64 = malloc(stop - start + 1);
+ g_b64 = malloc(stop - start + 1);
HIP_IFEL((!g_b64), -1, "Malloc for g_b64 failed\n");
memset(g_b64, 0, (stop - start + 1));
- g_bin = malloc(stop - start + 1);
+ g_bin = malloc(stop - start + 1);
HIP_IFEL((!g_bin), -1, "Malloc for g_bin failed\n");
memset(g_bin, 0, (stop - start + 1));
snprintf((char *) g_b64, (stop - start - 1), "%s",
@@ -532,13 +532,13 @@
evpret = EVP_DecodeBlock(g_bin, g_b64, strlen((char *) g_b64));
/* dsa->y */
- start = stop = 0;
+ start = stop = 0;
HIP_IFEL(hip_cert_regex(y_rule, cert->public_key, &start, &stop), -1,
"Failed to run hip_cert_regex dsa->y\n");
- y_b64 = malloc(stop - start + 1);
+ y_b64 = malloc(stop - start + 1);
HIP_IFEL((!y_b64), -1, "Malloc for y_b64 failed\n");
memset(y_b64, 0, (stop - start + 1));
- y_bin = malloc(stop - start + 1);
+ y_bin = malloc(stop - start + 1);
HIP_IFEL((!y_bin), -1, "Malloc for y_bin failed\n");
memset(y_bin, 0, (stop - start + 1));
snprintf((char *) y_b64, (stop - start - 1), "%s",
@@ -555,13 +555,13 @@
-1, "SHA1 error when creating digest.\n");
/* Get the signature hash and compare it to the sha_digest we just made */
- start = stop = 0;
+ start = stop = 0;
HIP_IFEL(hip_cert_regex(h_rule, cert->signature, &start, &stop), -1,
"Failed to run hip_cert_regex (signature hash)\n");
signature_hash_b64 = malloc(stop - start + 1);
HIP_IFEL((!signature_hash_b64), -1, "Failed to malloc
signature_hash_b64\n");
memset(signature_hash_b64, '\0', (stop - start + 1));
- signature_hash = malloc(stop - start + 1);
+ signature_hash = malloc(stop - start + 1);
HIP_IFEL((!signature_hash), -1, "Failed to malloc signature_hash\n");
snprintf((char *) signature_hash_b64, (stop - start - 1), "%s",
(char *) &cert->signature[start + 1]);
@@ -572,7 +572,7 @@
"cert sequence in the certificate\n");
/* memset signature and put it into its place */
- start = stop = 0;
+ start = stop = 0;
HIP_IFEL(hip_cert_regex(s_rule, cert->signature, &start, &stop), -1,
"Failed to run hip_cert_regex (signature)\n");
signature_b64 = malloc(stop - start + 1);
@@ -589,8 +589,8 @@
if (algo == HIP_HI_RSA) {
/* do the verification */
- err = RSA_verify(NID_sha1, sha_digest, SHA_DIGEST_LENGTH,
- signature, RSA_size(rsa), rsa);
+ err = RSA_verify(NID_sha1, sha_digest, SHA_DIGEST_LENGTH,
+ signature, RSA_size(rsa), rsa);
e_code = ERR_get_error();
ERR_load_crypto_strings();
ERR_error_string(e_code, buf);
@@ -600,14 +600,14 @@
HIP_IFEL((err = err == 1 ? 0 : -1), -1, "RSA_verify error\n");
} else if (algo == HIP_HI_DSA) {
/* build the signature structure */
- dsa_sig = DSA_SIG_new();
+ dsa_sig = DSA_SIG_new();
HIP_IFEL(!dsa_sig, 1, "Failed to allocate DSA_SIG\n");
- dsa_sig->r = BN_bin2bn(&signature[1], DSA_PRIV, NULL);
- dsa_sig->s = BN_bin2bn(&signature[1 + DSA_PRIV], DSA_PRIV, NULL);
+ dsa_sig->r = BN_bin2bn(&signature[1], DSA_PRIV, NULL);
+ dsa_sig->s = BN_bin2bn(&signature[1 + DSA_PRIV], DSA_PRIV, NULL);
/* verify the DSA signature */
- err = DSA_do_verify(sha_digest, SHA_DIGEST_LENGTH,
- dsa_sig, dsa) == 0 ? 1 : 0;
+ err = DSA_do_verify(sha_digest, SHA_DIGEST_LENGTH,
+ dsa_sig, dsa) == 0 ? 1 : 0;
/* DSA_do_verify returns 1 if success. */
cert->success = err == 1 ? 0 : -1;
@@ -653,40 +653,40 @@
*/
int hip_cert_x509v3_handle_request_to_sign(struct hip_common *msg)
{
- int err = 0, i = 0, nid = 0, ret = 0, secs = 0, algo = 0;
- CONF *conf;
+ int err = 0, i = 0, nid = 0, ret = 0, secs = 0, algo = 0;
+ CONF *conf;
CONF_VALUE *item;
STACK_OF(CONF_VALUE) * sec_general = NULL;
STACK_OF(CONF_VALUE) * sec_name = NULL;
STACK_OF(CONF_VALUE) * sec_ext = NULL;
- X509_REQ *req = NULL;
- X509_NAME *issuer = NULL;
- X509_NAME *subj = NULL;
- X509_EXTENSION *ext = NULL;
+ X509_REQ *req = NULL;
+ X509_NAME *issuer = NULL;
+ X509_NAME *subj = NULL;
+ X509_EXTENSION *ext = NULL;
STACK_OF(X509_EXTENSION) * extlist = NULL;
X509_NAME_ENTRY *ent;
- EVP_PKEY *pkey;
+ EVP_PKEY *pkey;
/** XX TODO THIS should come from a configuration file
* monotonically increasing counter */
- long serial = 0;
- const EVP_MD *digest = NULL;
- X509 *cert;
- X509V3_CTX ctx;
+ long serial = 0;
+ const EVP_MD *digest = NULL;
+ X509 *cert;
+ X509V3_CTX ctx;
const struct hip_cert_x509_req *subject;
- char subject_hit[41];
- char issuer_hit[41];
- char ialtname[45];
- char saltname[45];
- struct in6_addr *issuer_hit_n;
- struct hip_host_id *host_id;
- RSA *rsa = NULL;
- DSA *dsa = NULL;
- char cert_str_pem[1024];
- unsigned char *der_cert = NULL;
- int der_cert_len = 0;
- char arg1[21];
- char arg2[21];
+ char subject_hit[41];
+ char issuer_hit[41];
+ char ialtname[45];
+ char saltname[45];
+ struct in6_addr *issuer_hit_n;
+ struct hip_host_id *host_id;
+ RSA *rsa = NULL;
+ DSA *dsa = NULL;
+ char cert_str_pem[1024];
+ unsigned char *der_cert = NULL;
+ int der_cert_len = 0;
+ char arg1[21];
+ char arg2[21];
HIP_IFEL(!(issuer_hit_n = malloc(sizeof(struct in6_addr))), -1,
"Malloc for subject failed\n");
@@ -781,7 +781,7 @@
for (i = 0; i < sk_CONF_VALUE_num(sec_ext); i++) {
item = sk_CONF_VALUE_value(sec_ext, i);
HIP_IFEL(!(ext = X509V3_EXT_conf(NULL, &ctx,
- item->name, item->value )), -1,
+ item->name, item->value)), -1,
"Failed to create extension\n");
sk_X509_EXTENSION_push(extlist, ext);
}
@@ -859,7 +859,7 @@
}
}
HIP_IFEL(!(ext = X509V3_EXT_conf(NULL, &ctx,
- item->name, item->value )), -1,
+ item->name, item->value)), -1,
"Failed to create extension\n");
HIP_IFEL((!X509_add_ext(cert, ext, -1)), -1,
"Failed to add extensions to the cert\n");
@@ -957,13 +957,13 @@
*/
int hip_cert_x509v3_handle_request_to_verify(struct hip_common *msg)
{
- int err = 0;
- struct hip_cert_x509_resp verify;
+ int err = 0;
+ struct hip_cert_x509_resp verify;
const struct hip_cert_x509_resp *p;
- X509 *cert = NULL;
- X509_STORE *store = NULL;
- X509_STORE_CTX *verify_ctx = NULL;
- unsigned char *der_cert = NULL;
+ X509 *cert = NULL;
+ X509_STORE *store = NULL;
+ X509_STORE_CTX *verify_ctx = NULL;
+ unsigned char *der_cert = NULL;
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
=== modified file 'hipd/close.c'
--- hipd/close.c 2010-11-30 14:50:30 +0000
+++ hipd/close.c 2011-01-03 16:06:13 +0000
@@ -69,15 +69,15 @@
*/
static int hip_xmit_close(hip_ha_t *entry, void *opaque)
{
- int err = 0, mask = 0;
- int delete_ha_info = *(int *) ((uint8_t *)opaque +
sizeof(hip_hit_t));
- hip_hit_t *peer = opaque;
- struct hip_common *msg_close = NULL;
+ int err = 0, mask = 0;
+ int delete_ha_info = *(int *) ((uint8_t *) opaque +
sizeof(hip_hit_t));
+ hip_hit_t *peer = opaque;
+ struct hip_common *msg_close = NULL;
#ifdef CONFIG_HIP_PERFORMANCE
HIP_DEBUG("Start PERF_CLOSE_SEND, PERF_CLOSE_COMPLETE\n");
- hip_perf_start_benchmark( perf_set, PERF_CLOSE_SEND );
- hip_perf_start_benchmark( perf_set, PERF_CLOSE_COMPLETE );
+ hip_perf_start_benchmark(perf_set, PERF_CLOSE_SEND);
+ hip_perf_start_benchmark(perf_set, PERF_CLOSE_COMPLETE);
#endif
if (peer) {
@@ -148,8 +148,8 @@
entry->state = HIP_STATE_CLOSING;
#ifdef CONFIG_HIP_PERFORMANCE
HIP_DEBUG("Stop and write PERF_CLOSE_SEND\n");
- hip_perf_stop_benchmark( perf_set, PERF_CLOSE_SEND );
- hip_perf_write_benchmark( perf_set, PERF_CLOSE_SEND );
+ hip_perf_stop_benchmark(perf_set, PERF_CLOSE_SEND);
+ hip_perf_write_benchmark(perf_set, PERF_CLOSE_SEND);
#endif
out_err:
@@ -167,11 +167,11 @@
int hip_send_close(struct hip_common *msg,
int delete_ha_info)
{
- int err = 0, retry, n;
- char *opaque = NULL;
- const hip_hit_t *hit = NULL;
+ int err = 0, retry, n;
+ char *opaque = NULL;
+ const hip_hit_t *hit = NULL;
struct sockaddr_in6 sock_addr;
- struct hip_common *msg_to_firewall = NULL;
+ struct hip_common *msg_to_firewall = NULL;
HIP_DEBUG("msg=%p\n", msg);
@@ -245,7 +245,7 @@
int err = 0;
#ifdef CONFIG_HIP_PERFORMANCE
HIP_DEBUG("Start PERF_HANDLE_CLOSE\n");
- hip_perf_start_benchmark( perf_set, PERF_HANDLE_CLOSE );
+ hip_perf_start_benchmark(perf_set, PERF_HANDLE_CLOSE);
#endif
HIP_IFEL(ipv6_addr_any(&(ctx->input_msg)->hitr), -1,
@@ -296,36 +296,36 @@
UNUSED const uint32_t ha_state,
struct hip_packet_context *ctx)
{
- int err = 0, echo_len;
+ int err = 0, echo_len;
const struct hip_echo_request *request;
HIP_IFEL(!(request =
- hip_get_param(ctx->input_msg, HIP_PARAM_ECHO_REQUEST_SIGN)),
+ hip_get_param(ctx->input_msg, HIP_PARAM_ECHO_REQUEST_SIGN)),
-1, "No echo request under signature.\n");
echo_len = hip_get_param_contents_len(request);
hip_msg_init(ctx->output_msg);
hip_build_network_hdr(ctx->output_msg,
- HIP_CLOSE_ACK,
- HIP_PACKET_CTRL_NON,
- &(ctx->hadb_entry)->hit_our,
- &(ctx->hadb_entry)->hit_peer);
+ HIP_CLOSE_ACK,
+ HIP_PACKET_CTRL_NON,
+ &(ctx->hadb_entry)->hit_our,
+ &(ctx->hadb_entry)->hit_peer);
HIP_IFEL(hip_build_param_echo(ctx->output_msg, request + 1,
- echo_len, 1, 0), -1,
- "Failed to build echo param.\n");
+ echo_len, 1, 0), -1,
+ "Failed to build echo param.\n");
/************* HMAC ************/
HIP_IFEL(hip_build_param_hmac_contents(ctx->output_msg,
- &(ctx->hadb_entry)->hip_hmac_out),
- -1, "Building of HMAC failed.\n");
+ &(ctx->hadb_entry)->hip_hmac_out),
+ -1, "Building of HMAC failed.\n");
/********** Signature **********/
HIP_IFEL(ctx->hadb_entry->sign(ctx->hadb_entry->our_priv_key,
- ctx->output_msg),
- -EINVAL,
- "Could not create signature.\n");
+ ctx->output_msg),
+ -EINVAL,
+ "Could not create signature.\n");
out_err:
if (err) {
@@ -388,8 +388,8 @@
out_err:
#ifdef CONFIG_HIP_PERFORMANCE
HIP_DEBUG("Stop and write PERF_HANDLE_CLOSE\n");
- hip_perf_stop_benchmark( perf_set, PERF_HANDLE_CLOSE );
- hip_perf_write_benchmark( perf_set, PERF_HANDLE_CLOSE );
+ hip_perf_stop_benchmark(perf_set, PERF_HANDLE_CLOSE);
+ hip_perf_write_benchmark(perf_set, PERF_HANDLE_CLOSE);
#endif
return err;
@@ -412,20 +412,20 @@
UNUSED const uint32_t ha_state,
struct hip_packet_context *ctx)
{
- int err = 0;
+ int err = 0;
const struct hip_echo_request *echo_resp = NULL;
#ifdef CONFIG_HIP_PERFORMANCE
HIP_DEBUG("Start PERF_HANDLE_CLOSE_ACK\n");
- hip_perf_start_benchmark( perf_set, PERF_HANDLE_CLOSE_ACK );
+ hip_perf_start_benchmark(perf_set, PERF_HANDLE_CLOSE_ACK);
#endif
HIP_IFEL(ipv6_addr_any(&ctx->input_msg->hitr), -1,
- "Received NULL receiver HIT in CLOSE ACK. Dropping\n");
+ "Received NULL receiver HIT in CLOSE ACK. Dropping\n");
if (!hip_controls_sane(ntohs(ctx->input_msg->control),
HIP_PACKET_CTRL_NON)) {
HIP_ERROR("Received illegal controls in CLOSE ACK: 0x%x. Dropping\n",
- ntohs(ctx->input_msg->control));
+ ntohs(ctx->input_msg->control));
goto out_err;
}
@@ -502,10 +502,10 @@
out_err:
#ifdef CONFIG_HIP_PERFORMANCE
HIP_DEBUG("Stop and write PERF_HANDLE_CLOSE_ACK, PERF_CLOSE_COMPLETE\n");
- hip_perf_stop_benchmark( perf_set, PERF_HANDLE_CLOSE_ACK );
- hip_perf_write_benchmark( perf_set, PERF_HANDLE_CLOSE_ACK );
- hip_perf_stop_benchmark( perf_set, PERF_CLOSE_COMPLETE );
- hip_perf_write_benchmark( perf_set, PERF_CLOSE_COMPLETE );
+ hip_perf_stop_benchmark(perf_set, PERF_HANDLE_CLOSE_ACK);
+ hip_perf_write_benchmark(perf_set, PERF_HANDLE_CLOSE_ACK);
+ hip_perf_stop_benchmark(perf_set, PERF_CLOSE_COMPLETE);
+ hip_perf_write_benchmark(perf_set, PERF_CLOSE_COMPLETE);
#endif
return err;
=== modified file 'hipd/configfilereader.c'
--- hipd/configfilereader.c 2010-10-15 15:29:14 +0000
+++ hipd/configfilereader.c 2011-01-03 16:06:13 +0000
@@ -143,7 +143,7 @@
*/
static int hip_cf_parse_val(char *line, hip_configvaluelist_t *values)
{
- int i = 0, j = 0, k = 0, l = 0, end = 0;
+ int i = 0, j = 0, k = 0, l = 0, end = 0;
char value[HIP_RELAY_MAX_VAL_LEN + 1];
/* Search for the line end. */
@@ -421,7 +421,7 @@
return EOF;
}
- int lineerr = 0;
+ int lineerr = 0;
char line[HIP_RELAY_MAX_LINE_LEN + 1];
memset(line, '\0', sizeof(line));
@@ -475,7 +475,7 @@
/* Free the item currently at list head and move the next item to list
* head. Continue this until the item at list head is NULL. */
while (linkedlist->head != NULL) {
- pointer = linkedlist->head->next;
+ pointer = linkedlist->head->next;
free(linkedlist->head);
linkedlist->head = pointer;
}
=== modified file 'hipd/configfilereader.h'
--- hipd/configfilereader.h 2010-10-15 15:29:14 +0000
+++ hipd/configfilereader.h 2011-01-03 16:06:13 +0000
@@ -84,7 +84,7 @@
#include <stdio.h>
- /* For debuging macros. */
+/* For debuging macros. */
/** Maximum number of characters per line in HIP relay config file. */
#define HIP_RELAY_MAX_LINE_LEN 2048
=== modified file 'hipd/cookie.c'
--- hipd/cookie.c 2010-11-30 14:50:30 +0000
+++ hipd/cookie.c 2011-01-03 16:06:13 +0000
@@ -97,9 +97,9 @@
*/
int hip_get_puzzle_difficulty_msg(struct hip_common *msg)
{
- int err = 0, diff = 0;
+ int err = 0, diff = 0;
const hip_hit_t *dst_hit = NULL;
- hip_hit_t all_zero_hit;
+ hip_hit_t all_zero_hit;
bzero(&all_zero_hit, sizeof(all_zero_hit));
/* obtain the hit */
@@ -112,7 +112,6 @@
return err;
}
-
/**
* set the puzzle difficulty according to the msg sent by hipconf
*
@@ -122,10 +121,10 @@
*/
int hip_set_puzzle_difficulty_msg(struct hip_common *msg)
{
- int err = 0;
- const int *newVal = NULL;
+ int err = 0;
+ const int *newVal = NULL;
const hip_hit_t *dst_hit = NULL;
- hip_hit_t all_zero_hit;
+ hip_hit_t all_zero_hit;
bzero(&all_zero_hit, sizeof(all_zero_hit));
HIP_IFEL(!(dst_hit = hip_get_param_contents(msg, HIP_PARAM_HIT)),
@@ -139,7 +138,6 @@
return err;
}
-
/**
* increase cookie difficulty by one
*
@@ -173,7 +171,7 @@
static int hip_calc_cookie_idx(struct in6_addr *ip_i, struct in6_addr *ip_r)
{
register uint32_t base = 0;
- int i;
+ int i;
for (i = 0; i < 4; i++) {
base ^= ip_i->s6_addr32[i];
@@ -203,10 +201,10 @@
struct hip_common *hip_get_r1(struct in6_addr *ip_i, struct in6_addr *ip_r,
struct in6_addr *our_hit)
{
- struct hip_common *err = NULL, *r1 = NULL;
- struct hip_r1entry *hip_r1table = NULL;
- struct hip_host_id_entry *hid = NULL;
- int idx, len;
+ struct hip_common *err = NULL, *r1 = NULL;
+ struct hip_r1entry *hip_r1table = NULL;
+ struct hip_host_id_entry *hid = NULL;
+ int idx, len;
/* Find the proper R1 table and copy the R1 message from the table */
HIP_READ_LOCK_DB(HIP_DB_LOCAL_HID);
@@ -214,7 +212,7 @@
NULL, "Unknown HIT\n");
hip_r1table = hid->r1;
- idx = hip_calc_cookie_idx(ip_i, ip_r);
+ idx = hip_calc_cookie_idx(ip_i, ip_r);
HIP_DEBUG("Calculated index: %d\n", idx);
/* Create a copy of the found entry */
@@ -267,7 +265,7 @@
for (i = 0; i < HIP_R1TABLESIZE; i++) {
int cookie_k;
- cookie_k = hip_get_cookie_difficulty();
+ cookie_k = hip_get_cookie_difficulty();
r1table[i].r1 = hip_create_r1(hit, sign, privkey, pubkey,
cookie_k);
@@ -328,10 +326,10 @@
* of this function was inverted. I.e. This function now returns
* negative for error conditions, zero otherwise. It used to be the
* other way around. -Lauri 23.07.2008. */
- const struct hip_puzzle *puzzle = NULL;
- struct hip_r1entry *result = NULL;
- struct hip_host_id_entry *hid = NULL;
- int err = 0;
+ const struct hip_puzzle *puzzle = NULL;
+ struct hip_r1entry *result = NULL;
+ struct hip_host_id_entry *hid = NULL;
+ int err = 0;
/* Find the proper R1 table */
HIP_IFEL(!(hid = hip_get_hostid_entry_by_lhi_and_algo(
@@ -411,10 +409,10 @@
*/
int hip_recreate_all_precreated_r1_packets(void)
{
- HIP_HASHTABLE *ht = hip_ht_init(hip_hidb_hash, hip_hidb_match);
- hip_list_t *curr, *iter;
+ HIP_HASHTABLE *ht = hip_ht_init(hip_hidb_hash, hip_hidb_match);
+ hip_list_t *curr, *iter;
struct hip_host_id *tmp;
- int c;
+ int c;
hip_for_each_hi(hip_recreate_r1s_for_entry_move, ht);
=== modified file 'hipd/dh.c'
--- hipd/dh.c 2010-11-01 13:13:35 +0000
+++ hipd/dh.c 2011-01-03 16:06:13 +0000
@@ -49,7 +49,7 @@
* This array is indexed by the Group ID value defined in the RFC.
* Note that this means that the array element at index 0 is thus unused.
*/
-DH *dh_table[HIP_MAX_DH_GROUP_ID] = {0};
+DH *dh_table[HIP_MAX_DH_GROUP_ID] = { 0 };
/**
* insert the current DH-key into the buffer
@@ -74,7 +74,7 @@
*/
if (dh_table[group_id] == NULL) {
- tmp = hip_generate_dh_key(group_id);
+ tmp = hip_generate_dh_key(group_id);
dh_table[group_id] = tmp;
=== modified file 'hipd/esp_prot_anchordb.c'
--- hipd/esp_prot_anchordb.c 2010-11-30 14:50:30 +0000
+++ hipd/esp_prot_anchordb.c 2011-01-03 16:06:13 +0000
@@ -52,11 +52,11 @@
/* defines the structure storing the anchors */
typedef struct anchor_db {
/* amount of anchors for each transform */
- int num_anchors[MAX_NUM_TRANSFORMS];
+ int num_anchors[MAX_NUM_TRANSFORMS];
/* length of the anchors for each transform */
- int anchor_lengths[MAX_NUM_TRANSFORMS];
+ int anchor_lengths[MAX_NUM_TRANSFORMS];
/* length of the corresponding hchain/htree */
- int hash_item_length[MAX_NUM_TRANSFORMS];
+ int hash_item_length[MAX_NUM_TRANSFORMS];
/* set to support max amount of anchors possible */
unsigned char *anchors[MAX_NUM_TRANSFORMS][HCSTORE_MAX_HCHAINS_PER_ITEM];
} anchor_db_t;
@@ -103,10 +103,10 @@
*/
int anchor_db_update(const struct hip_common *msg)
{
- const struct hip_tlv_common *param = NULL;
- const unsigned char *anchor = NULL;
- int err = 0, i, j;
- uint8_t esp_transforms[MAX_NUM_TRANSFORMS];
+ const struct hip_tlv_common *param = NULL;
+ const unsigned char *anchor = NULL;
+ int err = 0, i, j;
+ uint8_t esp_transforms[MAX_NUM_TRANSFORMS];
HIP_ASSERT(msg != NULL);
@@ -135,13 +135,13 @@
HIP_IFEL(!(param = hip_get_next_param(msg, param)),
-1, "parameter missing in user-message from fw\n");
anchor_db.num_anchors[esp_transforms[i]] = *(const int *)
- hip_get_param_contents_direct(param);
+
hip_get_param_contents_direct(param);
HIP_DEBUG("num_anchors is %i\n",
anchor_db.num_anchors[esp_transforms[i]]);
HIP_IFEL(!(param = hip_get_next_param(msg, param)),
-1, "parameter missing in user-message from fw\n");
anchor_db.anchor_lengths[esp_transforms[i]] = *(const int *)
- hip_get_param_contents_direct(param);
+
hip_get_param_contents_direct(param);
HIP_DEBUG("anchor_length is %i\n",
anchor_db.anchor_lengths[esp_transforms[i]]);
HIP_IFEL(!(param = hip_get_next_param(msg, param)),
@@ -153,7 +153,7 @@
for (j = 0; j < anchor_db.num_anchors[esp_transforms[i]]; j++) {
HIP_IFEL(!(anchor_db.anchors[esp_transforms[i]][j] =
-
malloc(anchor_db.anchor_lengths[esp_transforms[i]])),
+
malloc(anchor_db.anchor_lengths[esp_transforms[i]])),
-1, "failed to allocate memory\n");
anchor = hip_get_param_contents_direct(param);
@@ -165,7 +165,7 @@
HIP_IFEL(!(param = hip_get_next_param(msg, param)),
-1, "parameter missing in user-message from fw\n");
anchor_db.hash_item_length[esp_transforms[i]] = *(const int *)
- hip_get_param_contents_direct(param);
+
hip_get_param_contents_direct(param);
HIP_DEBUG("adding hash_item_length: %i\n",
anchor_db.hash_item_length[esp_transforms[i]]);
@@ -213,8 +213,8 @@
unsigned char *anchor_db_get_anchor(const uint8_t transform)
{
unsigned char *stored_anchor = NULL;
- int anchor_offset = 0;
- int err = 0;
+ int anchor_offset = 0;
+ int err = 0;
// ensure correct boundaries
HIP_ASSERT(transform > 0);
@@ -230,7 +230,7 @@
// remove anchor from db
anchor_db.anchors[transform][anchor_offset] = NULL;
- anchor_offset = anchor_db.num_anchors[transform]--;
+ anchor_offset =
anchor_db.num_anchors[transform]--;
out_err:
if (err) {
=== modified file 'hipd/esp_prot_hipd_msg.c'
--- hipd/esp_prot_hipd_msg.c 2010-11-30 14:50:30 +0000
+++ hipd/esp_prot_hipd_msg.c 2011-01-03 16:06:13 +0000
@@ -73,10 +73,10 @@
const struct in6_addr *dst_ip,
const uint32_t spi)
{
- hip_common_t *resp_update = NULL;
- const struct hip_seq *seq = NULL;
- uint16_t mask = 0;
- int err = 0;
+ hip_common_t *resp_update = NULL;
+ const struct hip_seq *seq = NULL;
+ uint16_t mask = 0;
+ int err = 0;
HIP_IFEL(!(seq = hip_get_param(recv_update, HIP_PARAM_SEQ)),
-1,
@@ -138,7 +138,7 @@
const uint8_t transforms[])
{
uint8_t transform = ESP_PROT_TFM_UNUSED;
- int err = 0, i, j;
+ int err = 0, i, j;
for (i = 0; i < esp_prot_num_transforms; i++) {
for (j = 0; j < num_transforms; j++) {
@@ -174,29 +174,29 @@
int esp_prot_set_preferred_transforms(const struct hip_common *msg)
{
const struct hip_tlv_common *param = NULL;
- int err = 0, i;
+ int err = 0, i;
- param = hip_get_param(msg, HIP_PARAM_INT);
+ param = hip_get_param(msg, HIP_PARAM_INT);
esp_prot_active = *((const int *)
- hip_get_param_contents_direct(param));
+ hip_get_param_contents_direct(param));
HIP_DEBUG("esp_prot_active: %i\n", esp_prot_active);
// process message and store the preferred transforms
- param = hip_get_next_param(msg, param);
+ param = hip_get_next_param(msg, param);
esp_prot_num_transforms = *((const int *)
- hip_get_param_contents_direct(param));
+ hip_get_param_contents_direct(param));
HIP_DEBUG("esp protection num_transforms: %i\n", esp_prot_num_transforms);
- param = hip_get_next_param(msg, param);
+ param = hip_get_next_param(msg, param);
esp_prot_num_parallel_hchains = *((const long *)
- hip_get_param_contents_direct(param));
+ hip_get_param_contents_direct(param));
HIP_DEBUG("esp_prot_num_parallel_hchains: %i\n",
esp_prot_num_parallel_hchains);
for (i = 0; i < MAX_NUM_TRANSFORMS; i++) {
if (i < esp_prot_num_transforms) {
- param = hip_get_next_param(msg, param);
+ param = hip_get_next_param(msg, param);
esp_prot_transforms[i] = *((const uint8_t *)
- hip_get_param_contents_direct(param));
+ hip_get_param_contents_direct(param));
HIP_DEBUG("esp protection transform %i: %u\n", i + 1,
esp_prot_transforms[i]);
} else {
esp_prot_transforms[i] = 0;
@@ -229,24 +229,24 @@
*/
int esp_prot_handle_trigger_update_msg(const struct hip_common *msg)
{
- const struct hip_tlv_common *param = NULL;
- const hip_hit_t *local_hit = NULL, *peer_hit = NULL;
- uint8_t esp_prot_tfm = 0;
- int hash_length = 0;
- const unsigned char *esp_prot_anchor = NULL;
- int soft_update = 0;
- int anchor_offset[MAX_NUM_PARALLEL_HCHAINS];
- int secret_length[MAX_NUM_PARALLEL_HCHAINS];
- int branch_length[MAX_NUM_PARALLEL_HCHAINS];
- int root_length = 0;
- const unsigned char *secret[MAX_NUM_PARALLEL_HCHAINS];
- const unsigned char *branch_nodes[MAX_NUM_PARALLEL_HCHAINS];
- const unsigned char *root[MAX_NUM_PARALLEL_HCHAINS];
- hip_ha_t *entry = NULL;
- int hash_item_length = 0;
- unsigned char cmp_val[MAX_HASH_LENGTH];
- int err = 0;
- long num_parallel_hchains = 0, i;
+ const struct hip_tlv_common *param = NULL;
+ const hip_hit_t *local_hit = NULL, *peer_hit = NULL;
+ uint8_t esp_prot_tfm = 0;
+ int hash_length = 0;
+ const unsigned char *esp_prot_anchor = NULL;
+ int soft_update = 0;
+ int anchor_offset[MAX_NUM_PARALLEL_HCHAINS];
+ int secret_length[MAX_NUM_PARALLEL_HCHAINS];
+ int branch_length[MAX_NUM_PARALLEL_HCHAINS];
+ int root_length = 0;
+ const unsigned char *secret[MAX_NUM_PARALLEL_HCHAINS];
+ const unsigned char *branch_nodes[MAX_NUM_PARALLEL_HCHAINS];
+ const unsigned char *root[MAX_NUM_PARALLEL_HCHAINS];
+ hip_ha_t *entry = NULL;
+ int hash_item_length = 0;
+ unsigned char cmp_val[MAX_HASH_LENGTH];
+ int err = 0;
+ long num_parallel_hchains = 0, i;
memset(cmp_val, 0, MAX_HASH_LENGTH);
@@ -254,8 +254,8 @@
local_hit = hip_get_param_contents_direct(param);
HIP_DEBUG_HIT("src_hit", local_hit);
- param = hip_get_next_param(msg, param);
- peer_hit = hip_get_param_contents_direct(param);
+ param = hip_get_next_param(msg, param);
+ peer_hit = hip_get_param_contents_direct(param);
HIP_DEBUG_HIT("dst_hit", peer_hit);
// get matching entry from hadb for HITs provided above
@@ -264,7 +264,7 @@
param = hip_get_param(msg, HIP_PARAM_ESP_PROT_TFM);
esp_prot_tfm = *((const uint8_t *)
- hip_get_param_contents_direct(param));
+ hip_get_param_contents_direct(param));
HIP_DEBUG("esp_prot_transform: %u\n", esp_prot_tfm);
// check if transforms are matching and add anchor as new local_anchor
@@ -272,24 +272,24 @@
"esp prot transform changed without new BEX\n");
HIP_DEBUG("esp prot transforms match\n");
- param = hip_get_param(msg, HIP_PARAM_INT);
- hash_item_length = *((const int *)
- hip_get_param_contents_direct(param));
+ param = hip_get_param(msg, HIP_PARAM_INT);
+ hash_item_length = *((const int *)
+ hip_get_param_contents_direct(param));
HIP_DEBUG("hash_item_length: %i\n", hash_item_length);
// set the hash_item_length of the item used for this update
entry->hash_item_length = hash_item_length;
// we need to know the hash_length for this transform
- hash_length =
anchor_db_get_anchor_length(entry->esp_prot_transform);
+ hash_length = anchor_db_get_anchor_length(entry->esp_prot_transform);
- param = hip_get_next_param(msg, param);
- num_parallel_hchains = *((const long *)
- hip_get_param_contents_direct(param));
+ param = hip_get_next_param(msg, param);
+ num_parallel_hchains = *((const long *)
+ hip_get_param_contents_direct(param));
HIP_DEBUG("num_parallel_hchains: %i\n", num_parallel_hchains);
// process all update anchors now
- param = hip_get_param(msg, HIP_PARAM_HCHAIN_ANCHOR);
+ param = hip_get_param(msg, HIP_PARAM_HCHAIN_ANCHOR);
for (i = 0; i < num_parallel_hchains; i++) {
esp_prot_anchor = hip_get_param_contents_direct(param);
HIP_HEXDUMP("anchor: ", esp_prot_anchor, hash_length);
@@ -306,8 +306,8 @@
param = hip_get_next_param(msg, param);
}
- root_length = *((const int *)
- hip_get_param_contents_direct(param));
+ root_length = *((const int *)
+ hip_get_param_contents_direct(param));
HIP_DEBUG("root_length: %i\n", root_length);
entry->esp_root_length = root_length;
@@ -331,25 +331,25 @@
for (i = 0; i < num_parallel_hchains; i++) {
param = hip_get_next_param(msg, param);
anchor_offset[i] = *((const int *)
- hip_get_param_contents_direct(param));
+ hip_get_param_contents_direct(param));
HIP_DEBUG("anchor_offset: %i\n", anchor_offset[i]);
param = hip_get_next_param(msg, param);
secret_length[i] = *((const int *)
- hip_get_param_contents_direct(param));
+ hip_get_param_contents_direct(param));
HIP_DEBUG("secret_length: %i\n", secret_length[i]);
param = hip_get_next_param(msg, param);
branch_length[i] = *((const int *)
- hip_get_param_contents_direct(param));
+ hip_get_param_contents_direct(param));
HIP_DEBUG("branch_length: %i\n", branch_length[i]);
- param = hip_get_next_param(msg, param);
- secret[i] = hip_get_param_contents_direct(param);
+ param = hip_get_next_param(msg, param);
+ secret[i] = hip_get_param_contents_direct(param);
HIP_HEXDUMP("secret: ", secret[i], secret_length[i]);
- param = hip_get_next_param(msg, param);
- branch_nodes[i] = hip_get_param_contents_direct(param);
+ param = hip_get_next_param(msg, param);
+ branch_nodes[i] = hip_get_param_contents_direct(param);
HIP_HEXDUMP("branch_nodes: ", branch_nodes[i], branch_length[i]);
}
}
@@ -363,12 +363,12 @@
* HMAC and HIP_SIGNATURE as well as the ESP_PROT_ANCHOR and the
* SEQ param (to guaranty freshness of the ANCHOR) in the signed part
* of the message */
- HIP_IFEL(hip_send_update_to_one_peer(NULL, entry,
- &entry->our_addr,
- &entry->peer_addr,
- NULL,
- HIP_UPDATE_ESP_ANCHOR),
- -1, "failed to send anchor update\n");
+ HIP_IFEL(hip_send_update_to_one_peer(NULL, entry,
+ &entry->our_addr,
+ &entry->peer_addr,
+ NULL,
+ HIP_UPDATE_ESP_ANCHOR),
+ -1, "failed to send anchor update\n");
}
out_err:
@@ -383,40 +383,40 @@
*/
int esp_prot_handle_anchor_change_msg(const struct hip_common *msg)
{
- const struct hip_tlv_common *param = NULL;
- const hip_hit_t *local_hit = NULL, *peer_hit = NULL;
- uint8_t esp_prot_tfm = 0;
- int hash_length = 0;
- const unsigned char *esp_prot_anchor = NULL;
- hip_ha_t *entry = NULL;
- int direction = 0;
- long num_parallel_hchains = 0, i;
- int err = 0;
+ const struct hip_tlv_common *param = NULL;
+ const hip_hit_t *local_hit = NULL, *peer_hit = NULL;
+ uint8_t esp_prot_tfm = 0;
+ int hash_length = 0;
+ const unsigned char *esp_prot_anchor = NULL;
+ hip_ha_t *entry = NULL;
+ int direction = 0;
+ long num_parallel_hchains = 0, i;
+ int err = 0;
- param = hip_get_param(msg, HIP_PARAM_HIT);
- local_hit = hip_get_param_contents_direct(param);
+ param = hip_get_param(msg, HIP_PARAM_HIT);
+ local_hit = hip_get_param_contents_direct(param);
HIP_DEBUG_HIT("src_hit", local_hit);
- param = hip_get_next_param(msg, param);
- peer_hit = hip_get_param_contents_direct(param);
+ param = hip_get_next_param(msg, param);
+ peer_hit = hip_get_param_contents_direct(param);
HIP_DEBUG_HIT("dst_hit", peer_hit);
- param = hip_get_param(msg, HIP_PARAM_INT);
- direction = *((const int *)
- hip_get_param_contents_direct(param));
+ param = hip_get_param(msg, HIP_PARAM_INT);
+ direction = *((const int *)
+ hip_get_param_contents_direct(param));
HIP_DEBUG("direction: %i\n", direction);
- param = hip_get_param(msg, HIP_PARAM_ESP_PROT_TFM);
- esp_prot_tfm = *((const uint8_t *)
- hip_get_param_contents_direct(param));
+ param = hip_get_param(msg, HIP_PARAM_ESP_PROT_TFM);
+ esp_prot_tfm = *((const uint8_t *)
+ hip_get_param_contents_direct(param));
HIP_DEBUG("esp_prot_transform: %u\n", esp_prot_tfm);
param = hip_get_param(msg, HIP_PARAM_INT);
num_parallel_hchains = *((const long *)
- hip_get_param_contents_direct(param));
+ hip_get_param_contents_direct(param));
HIP_DEBUG("num_parallel_hchains: %u\n", num_parallel_hchains);
- param = hip_get_param(msg, HIP_PARAM_HCHAIN_ANCHOR);
+ param = hip_get_param(msg, HIP_PARAM_HCHAIN_ANCHOR);
// get matching entry from hadb for HITs provided above
@@ -473,9 +473,9 @@
const int update)
{
unsigned char (*hchain_anchors)[MAX_HASH_LENGTH] = NULL;
- int hash_length = 0;
+ int hash_length = 0;
uint32_t hash_item_length = 0;
- int err = 0, i;
+ int err = 0, i;
HIP_DEBUG("direction: %i\n", direction);
@@ -582,7 +582,7 @@
int esp_prot_r1_handle_transforms(struct hip_packet_context *ctx)
{
const struct esp_prot_preferred_tfms *prot_transforms = NULL;
- int err = 0;
+ int err = 0;
/* this is only handled if we are using userspace ipsec,
* otherwise we just ignore it */
@@ -597,17 +597,17 @@
HIP_DEBUG("received preferred transforms from peer\n");
// store that we received the param for further processing
- ctx->hadb_entry->esp_prot_param = 1;
+ ctx->hadb_entry->esp_prot_param = 1;
// select transform and store it for this connection
ctx->hadb_entry->esp_prot_transform =
esp_prot_select_transform(prot_transforms->num_transforms,
-
prot_transforms->transforms);
+
prot_transforms->transforms);
} else {
HIP_DEBUG("R1 does not contain preferred ESP protection " \
"transforms, locally setting UNUSED\n");
// store that we didn't received the param
- ctx->hadb_entry->esp_prot_param = 0;
+ ctx->hadb_entry->esp_prot_param = 0;
// if the other end-host does not want to use the extension, we
don't either
ctx->hadb_entry->esp_prot_transform = ESP_PROT_TFM_UNUSED;
@@ -630,10 +630,10 @@
*/
int esp_prot_i2_add_anchor(struct hip_packet_context *ctx)
{
- unsigned char *anchor = NULL;
- int hash_length = 0;
- int hash_item_length = 0;
- int err = 0, i;
+ unsigned char *anchor = NULL;
+ int hash_length = 0;
+ int hash_item_length = 0;
+ int err = 0, i;
/* only add, if extension in use and we agreed on a transform
*
@@ -641,8 +641,8 @@
if (ctx->hadb_entry->esp_prot_transform > ESP_PROT_TFM_UNUSED) {
// check for sufficient elements
if (anchor_db_get_num_anchors(ctx->hadb_entry->esp_prot_transform) >=
- esp_prot_num_parallel_hchains) {
- hash_length =
anchor_db_get_anchor_length(ctx->hadb_entry->esp_prot_transform);
+ esp_prot_num_parallel_hchains) {
+ hash_length =
anchor_db_get_anchor_length(ctx->hadb_entry->esp_prot_transform);
HIP_DEBUG("hash_length: %i\n", hash_length);
hash_item_length =
anchor_db_get_hash_item_length(ctx->hadb_entry->esp_prot_transform);
@@ -703,10 +703,10 @@
*/
int esp_prot_i2_handle_anchor(struct hip_packet_context *ctx)
{
- const struct hip_tlv_common *param = NULL;
+ const struct hip_tlv_common *param = NULL;
const struct esp_prot_anchor *prot_anchor = NULL;
- int hash_length = 0;
- int err = 0, i;
+ int hash_length = 0;
+ int err = 0, i;
/* only supported in user-mode ipsec and optional there */
if (hip_use_userspace_ipsec && esp_prot_num_transforms > 1) {
@@ -720,7 +720,7 @@
prot_anchor->transform) >= 0) {
// we know this transform
ctx->hadb_entry->esp_prot_transform = prot_anchor->transform;
- hash_length =
anchor_db_get_anchor_length(ctx->hadb_entry->esp_prot_transform);
+ hash_length =
anchor_db_get_anchor_length(ctx->hadb_entry->esp_prot_transform);
if (ctx->hadb_entry->esp_prot_transform ==
ESP_PROT_TFM_UNUSED) {
HIP_DEBUG("agreed NOT to use esp protection extension\n");
@@ -781,10 +781,10 @@
*/
int esp_prot_r2_add_anchor(hip_common_t *r2, hip_ha_t *entry)
{
- unsigned char *anchor = NULL;
- int hash_length = 0;
- int hash_item_length = 0;
- int err = 0, i;
+ unsigned char *anchor = NULL;
+ int hash_length = 0;
+ int hash_item_length = 0;
+ int err = 0, i;
// only add, if extension in use, we agreed on a transform and no error
until now
if (entry->esp_prot_transform > ESP_PROT_TFM_UNUSED) {
@@ -843,10 +843,10 @@
int esp_prot_r2_handle_anchor(hip_ha_t *entry,
const struct hip_common *input_msg)
{
- const struct hip_tlv_common *param = NULL;
+ const struct hip_tlv_common *param = NULL;
const struct esp_prot_anchor *prot_anchor = NULL;
- int hash_length = 0;
- int err = 0, i;
+ int hash_length = 0;
+ int err = 0, i;
// only process anchor, if we agreed on using it before
if (entry->esp_prot_transform > ESP_PROT_TFM_UNUSED) {
@@ -855,7 +855,7 @@
// check if the anchor has got the negotiated transform
if (prot_anchor->transform == entry->esp_prot_transform) {
- hash_length =
anchor_db_get_anchor_length(entry->esp_prot_transform);
+ hash_length =
anchor_db_get_anchor_length(entry->esp_prot_transform);
// store number of elements per hash structure
entry->esp_peer_active_length =
ntohl(prot_anchor->hash_item_length);
@@ -916,9 +916,9 @@
*/
int esp_prot_update_type(const hip_common_t *recv_update)
{
- const struct hip_seq * seq = NULL;
- const struct hip_ack * ack = NULL;
- const struct hip_esp_info * esp_info = NULL;
+ const struct hip_seq *seq = NULL;
+ const struct hip_ack *ack = NULL;
+ const struct hip_esp_info *esp_info = NULL;
HIP_ASSERT(recv_update != NULL);
@@ -928,7 +928,6 @@
if (seq && !ack && !esp_info) {
return ESP_PROT_FIRST_UPDATE_PACKET;
-
} else if (!seq && ack && esp_info) {
return ESP_PROT_SECOND_UPDATE_PACKET;
} else {
@@ -953,7 +952,7 @@
const struct in6_addr *dst_ip)
{
uint32_t spi = 0;
- int err = 0;
+ int err = 0;
HIP_ASSERT(entry != NULL);
@@ -1024,9 +1023,9 @@
*/
int esp_prot_update_add_anchor(hip_common_t *update, hip_ha_t *entry)
{
- const struct hip_seq *seq = NULL;
- int hash_length = 0;
- int err = 0, i;
+ const struct hip_seq *seq = NULL;
+ int hash_length = 0;
+ int err = 0, i;
// only do further processing when extension is in use
if (entry->esp_prot_transform > ESP_PROT_TFM_UNUSED) {
@@ -1093,14 +1092,14 @@
uint32_t *spi)
{
const struct esp_prot_anchor *prot_anchor = NULL;
- const struct hip_tlv_common *param = NULL;
- int hash_length = 0;
- unsigned char cmp_value[MAX_HASH_LENGTH];
- int err = 0, i;
+ const struct hip_tlv_common *param = NULL;
+ int hash_length = 0;
+ unsigned char cmp_value[MAX_HASH_LENGTH];
+ int err = 0, i;
HIP_ASSERT(spi != NULL);
- *spi = 0;
+ *spi = 0;
param = hip_get_param(recv_update, HIP_PARAM_ESP_PROT_ANCHOR);
prot_anchor = (const struct esp_prot_anchor *) param;
@@ -1138,7 +1137,7 @@
HIP_DEBUG("entry->esp_peer_update_length: %u\n",
entry->esp_peer_update_length);
- param = hip_get_next_param(recv_update, param);
+ param = hip_get_next_param(recv_update, param);
prot_anchor = (const struct esp_prot_anchor *) param;
}
} else if (!memcmp(&entry->esp_peer_update_anchors[0][0],
&prot_anchor->anchors[0],
@@ -1163,7 +1162,7 @@
HIP_DEBUG("entry->esp_peer_update_length: %u\n",
entry->esp_peer_update_length);
- param = hip_get_next_param(recv_update, param);
+ param = hip_get_next_param(recv_update, param);
prot_anchor = (const struct esp_prot_anchor *) param;
}
} else {
=== modified file 'hipd/esp_prot_light_update.c'
--- hipd/esp_prot_light_update.c 2010-11-30 14:50:30 +0000
+++ hipd/esp_prot_light_update.c 2011-01-03 16:06:13 +0000
@@ -66,8 +66,8 @@
const struct in6_addr *dst_addr, const
uint32_t spi)
{
hip_common_t *light_ack = NULL;
- uint16_t mask = 0;
- int err = 0;
+ uint16_t mask = 0;
+ int err = 0;
HIP_IFEL(!(light_ack = hip_msg_alloc()), -ENOMEM,
"failed to allocate memory\n");
@@ -123,9 +123,9 @@
const int branch_length[])
{
hip_common_t *light_update = NULL;
- int hash_length = 0;
- uint16_t mask = 0;
- int err = 0, i;
+ int hash_length = 0;
+ uint16_t mask = 0;
+ int err = 0, i;
HIP_IFEL(!(light_update = hip_msg_alloc()), -ENOMEM,
"failed to allocate memory\n");
@@ -216,16 +216,16 @@
UNUSED const uint32_t ha_state,
struct hip_packet_context *ctx)
{
- const struct hip_seq *seq = NULL;
- const struct hip_ack *ack = NULL;
- uint32_t seq_no = 0;
- uint32_t ack_no = 0;
- uint32_t spi = 0;
- int err = 0;
+ const struct hip_seq *seq = NULL;
+ const struct hip_ack *ack = NULL;
+ uint32_t seq_no = 0;
+ uint32_t ack_no = 0;
+ uint32_t spi = 0;
+ int err = 0;
HIP_IFEL(!ctx->hadb_entry, -1,
- "No entry in host association database when receiving " \
- " HIP_LUPDATE. Dropping.\n");
+ "No entry in host association database when receiving " \
+ " HIP_LUPDATE. Dropping.\n");
HIP_IFEL(hip_verify_packet_hmac(ctx->input_msg,
&(ctx->hadb_entry)->hip_hmac_in),
=== modified file 'hipd/esp_prot_light_update.h'
--- hipd/esp_prot_light_update.h 2010-11-12 16:42:54 +0000
+++ hipd/esp_prot_light_update.h 2011-01-03 16:06:13 +0000
@@ -24,7 +24,7 @@
*/
/**
- *@file
+ * *@file
* Provides messaging functionality required for HHL-based anchor
* element updates.
*
=== modified file 'hipd/hadb.c'
--- hipd/hadb.c 2010-12-06 19:57:47 +0000
+++ hipd/hadb.c 2011-01-03 16:06:13 +0000
@@ -123,7 +123,7 @@
static unsigned long hip_ha_hash(const hip_ha_t *ha)
{
hip_hit_t hitpair[2];
- uint8_t hash[HIP_AH_SHA_LEN];
+ uint8_t hash[HIP_AH_SHA_LEN];
if (ha == NULL || &(ha->hit_our) == NULL || &(ha->hit_peer) == NULL) {
return 0;
@@ -185,7 +185,7 @@
static unsigned long hip_hash_peer_addr(const void *ptr)
{
const struct in6_addr *addr;
- uint8_t hash[HIP_AH_SHA_LEN];
+ uint8_t hash[HIP_AH_SHA_LEN];
addr = &((const struct hip_peer_addr_list_item *) ptr)->address;
hip_build_digest(HIP_DIGEST_SHA1, addr, sizeof(*addr), hash);
@@ -284,11 +284,11 @@
*/
hip_ha_t *hip_hadb_try_to_find_by_peer_hit(const hip_hit_t *hit)
{
- hip_list_t *item, *tmp;
+ hip_list_t *item, *tmp;
struct hip_host_id_entry *e;
- hip_ha_t *entry = NULL;
- hip_hit_t our_hit;
- int i;
+ hip_ha_t *entry = NULL;
+ hip_hit_t our_hit;
+ int i;
memset(&our_hit, 0, sizeof(our_hit));
@@ -302,7 +302,7 @@
/* and then with rest (actually default HIT is here redundantly) */
list_for_each_safe(item, tmp, hip_local_hostid_db, i)
{
- e = (struct hip_host_id_entry *) list_entry(item);
+ e = (struct hip_host_id_entry *) list_entry(item);
ipv6_addr_copy(&our_hit, &e->lhi.hit);
entry = hip_hadb_find_byhits(hit, &our_hit);
if (!entry) {
@@ -329,8 +329,8 @@
*/
int hip_hadb_insert_state(hip_ha_t *ha)
{
- hip_hastate_t st = 0;
- hip_ha_t *tmp = NULL;
+ hip_hastate_t st = 0;
+ hip_ha_t *tmp = NULL;
HIP_DEBUG("hip_hadb_insert_state() invoked.\n");
@@ -458,8 +458,8 @@
const struct in6_addr *peer_addr,
const char *peer_hostname)
{
- int err = 0;
- hip_ha_t *entry = NULL, *aux = NULL;
+ int err = 0;
+ hip_ha_t *entry = NULL, *aux = NULL;
hip_lsi_t lsi_aux;
in_port_t nat_udp_port_local = hip_get_local_nat_udp_port();
in_port_t nat_udp_port_peer = hip_get_peer_nat_udp_port();
@@ -555,7 +555,7 @@
void *peer_map_void)
{
struct hip_peer_map_info *peer_map = peer_map_void;
- int err = 0;
+ int err = 0;
HIP_DEBUG("hip_hadb_add_peer_info_wrapper() invoked.\n");
HIP_IFEL(hip_hadb_add_peer_info_complete(&entry->lhi.hit,
@@ -585,7 +585,7 @@
const hip_lsi_t *peer_lsi,
const char *peer_hostname)
{
- int err = 0;
+ int err = 0;
struct hip_peer_map_info peer_map;
HIP_DEBUG("hip_hadb_add_peer_info() invoked.\n");
@@ -640,16 +640,16 @@
*/
int hip_add_peer_map(const struct hip_common *input)
{
- const struct in6_addr *hit = NULL, *ip = NULL;
- const hip_lsi_t *lsi = NULL;
- const char *peer_hostname = NULL;
- int err = 0;
-
- hit = hip_get_param_contents(input, HIP_PARAM_HIT);
-
- lsi = hip_get_param_contents(input, HIP_PARAM_LSI);
-
- ip = hip_get_param_contents(input, HIP_PARAM_IPV6_ADDR);
+ const struct in6_addr *hit = NULL, *ip = NULL;
+ const hip_lsi_t *lsi = NULL;
+ const char *peer_hostname = NULL;
+ int err = 0;
+
+ hit = hip_get_param_contents(input, HIP_PARAM_HIT);
+
+ lsi = hip_get_param_contents(input, HIP_PARAM_LSI);
+
+ ip = hip_get_param_contents(input, HIP_PARAM_IPV6_ADDR);
peer_hostname = hip_get_param_contents(input, HIP_PARAM_HOSTNAME);
@@ -686,7 +686,7 @@
*/
static int hip_hadb_init_entry(hip_ha_t *entry)
{
- int err = 0;
+ int err = 0;
HIP_IFEL(!entry, -1, "HA is NULL\n");
@@ -781,9 +781,9 @@
uint32_t spi, uint32_t lifetime, int state,
in_port_t port)
{
- int err = 0;
+ int err = 0;
struct hip_peer_addr_list_item *a_item;
- char addrstr[INET6_ADDRSTRLEN];
+ char addrstr[INET6_ADDRSTRLEN];
/* assumes already locked entry */
@@ -809,7 +809,7 @@
err = -ENOMEM;
goto out_err;
}
- a_item->lifetime = lifetime;
+ a_item->lifetime = lifetime;
ipv6_addr_copy(&a_item->address, new_addr);
a_item->address_state = state;
do_gettimeofday(&a_item->modified_time);
@@ -819,7 +819,7 @@
goto out_err;
}
- err = hip_hadb_get_peer_addr_info_old(entry, new_addr, NULL, NULL);
+ err = hip_hadb_get_peer_addr_info_old(entry, new_addr, NULL, NULL);
if (err) {
goto out_err;
}
@@ -831,8 +831,8 @@
goto out_err;
}
- a_item->lifetime = lifetime;
- a_item->port = port;
+ a_item->lifetime = lifetime;
+ a_item->port = port;
ipv6_addr_copy(&a_item->address, new_addr);
a_item->address_state = state;
do_gettimeofday(&a_item->modified_time);
@@ -854,9 +854,9 @@
*/
static void hip_hadb_delete_state(hip_ha_t *ha)
{
- hip_list_t *item = NULL, *tmp = NULL;
+ hip_list_t *item = NULL, *tmp = NULL;
struct hip_peer_addr_list_item *addr_li = NULL;
- int i;
+ int i;
HIP_DEBUG("ha=0x%p\n", ha);
@@ -972,8 +972,8 @@
int hip_init_peer(hip_ha_t *entry,
const struct hip_host_id *peer)
{
- int err = 0;
- int len = hip_get_param_total_len(peer);
+ int err = 0;
+ int len = hip_get_param_total_len(peer);
struct in6_addr hit;
/* public key and verify function might be initialized already in the
@@ -1038,18 +1038,18 @@
/* RFC 4034 obsoletes RFC 2535 and flags field differ */
/* Get RFC2535 3.1 KEY RDATA format algorithm (Integer value). */
- alg = hip_get_host_id_algo(entry->our_pub);
+ alg = hip_get_host_id_algo(entry->our_pub);
/* Using this integer we get a function pointer to a function that
* signs our host identity. */
entry->sign = (alg == HIP_HI_RSA ? hip_rsa_sign : hip_dsa_sign);
/* Calculate our HIT from our public Host Identifier (HI).
* Note, that currently (06.08.2008) both of these functions use DSA */
- err = ((alg == HIP_HI_DSA) ?
- hip_dsa_host_id_to_hit(entry->our_pub, &entry->hit_our,
- HIP_HIT_TYPE_HASH100) :
- hip_rsa_host_id_to_hit(entry->our_pub, &entry->hit_our,
- HIP_HIT_TYPE_HASH100));
+ err = ((alg == HIP_HI_DSA) ?
+ hip_dsa_host_id_to_hit(entry->our_pub, &entry->hit_our,
+ HIP_HIT_TYPE_HASH100) :
+ hip_rsa_host_id_to_hit(entry->our_pub, &entry->hit_our,
+ HIP_HIT_TYPE_HASH100));
HIP_IFEL(err, err, "Unable to digest the HIT out of public key.");
if (err != 0) {
HIP_ERROR("Unable to digest the HIT out of public key.");
@@ -1202,8 +1202,8 @@
*/
int hip_for_each_ha(int (*func)(hip_ha_t *entry, void *opaq), void *opaque)
{
- int i = 0, fail = 0;
- hip_ha_t *this;
+ int i = 0, fail = 0;
+ hip_ha_t *this;
hip_list_t *item, *tmp;
if (!func) {
@@ -1268,9 +1268,9 @@
*/
int hip_handle_get_ha_info(hip_ha_t *entry, void *opaq)
{
- int err = 0;
+ int err = 0;
struct hip_hadb_user_info_state hid;
- struct hip_common *msg = (struct hip_common *) opaq;
+ struct hip_common *msg = (struct hip_common *) opaq;
memset(&hid, 0, sizeof(hid));
hid.state = entry->state;
@@ -1284,7 +1284,7 @@
/** @todo Modularize heartbeat */
#if 0
- hid.heartbeats_on = hip_icmp_interval;
+ hid.heartbeats_on = hip_icmp_interval;
calc_statistics(&entry->heartbeats_statistics, (uint32_t *)
&hid.heartbeats_received, NULL, NULL,
&hid.heartbeats_mean, &hid.heartbeats_variance,
STATS_IN_MSECS);
hid.heartbeats_mean = entry->heartbeats_mean;
@@ -1296,7 +1296,7 @@
hid.nat_udp_port_peer = entry->peer_udp_port;
hid.nat_udp_port_local = entry->local_udp_port;
- hid.peer_controls = entry->peer_controls;
+ hid.peer_controls = entry->peer_controls;
/* does not print heartbeat info, but I do not think it even should -Samu*/
hip_print_debug_info(&hid.ip_our, &hid.ip_peer,
@@ -1304,8 +1304,8 @@
&hid.lsi_peer, (char *) &hid.peer_hostname,
&hid.nat_udp_port_local, &hid.nat_udp_port_peer);
- err = hip_build_param_contents(msg, &hid, HIP_PARAM_HA_INFO,
- sizeof(hid));
+ err = hip_build_param_contents(msg, &hid, HIP_PARAM_HA_INFO,
+ sizeof(hid));
if (err) {
HIP_ERROR("Building ha info failed\n");
}
@@ -1333,8 +1333,8 @@
hip_ha_t *hip_hadb_find_rvs_candidate_entry(const hip_hit_t *local_hit,
const hip_hit_t *rvs_ip)
{
- int i = 0;
- hip_ha_t *this = NULL, *result = NULL;
+ int i = 0;
+ hip_ha_t *this = NULL, *result = NULL;
hip_list_t *item = NULL, *tmp = NULL; //
HIP_LOCK_HT(&hadb_hit);
@@ -1382,7 +1382,7 @@
*/
static int hip_hadb_exists_lsi(hip_lsi_t *lsi)
{
- int res = 0;
+ int res = 0;
hip_lsi_t lsi_aux;
memcpy(&lsi_aux, lsi, sizeof(hip_lsi_t));
@@ -1424,8 +1424,8 @@
int hip_generate_peer_lsi(hip_lsi_t *lsi)
{
struct in_addr lsi_prefix;
- uint8_t hostname[HOST_NAME_MAX];
- int idx = 1;
+ uint8_t hostname[HOST_NAME_MAX];
+ int idx = 1;
do {
lsi_prefix.s_addr = htonl(HIP_LSI_PREFIX | idx++);
@@ -1451,8 +1451,8 @@
hip_ha_t *hip_hadb_try_to_find_by_pair_lsi(hip_lsi_t *lsi_src, hip_lsi_t
*lsi_dst)
{
hip_list_t *item, *aux;
- hip_ha_t *tmp;
- int i;
+ hip_ha_t *tmp;
+ int i;
list_for_each_safe(item, aux, hadb_hit, i)
{
@@ -1477,8 +1477,8 @@
hip_ha_t *hip_hadb_try_to_find_by_peer_lsi(const hip_lsi_t *lsi_dst)
{
hip_list_t *item, *aux;
- hip_ha_t *tmp;
- int i;
+ hip_ha_t *tmp;
+ int i;
list_for_each_safe(item, aux, hadb_hit, i)
{
@@ -1534,7 +1534,7 @@
int hip_recreate_security_associations_and_sp(struct hip_hadb_state *ha,
struct in6_addr *src_addr,
struct in6_addr *dst_addr)
{
- int err = 0;
+ int err = 0;
int new_spi_out = ha->spi_outbound_new;
int new_spi_in = ha->spi_inbound_current;
@@ -1549,7 +1549,7 @@
IPPROTO_ESP,
1,
0),
- -1, "Setting up SP pair failed\n");
+ -1, "Setting up SP pair failed\n");
// Create a new inbound SA
HIP_DEBUG("Creating a new inbound SA, SPI=0x%x\n", new_spi_in);
=== modified file 'hipd/hadb_legacy.c'
--- hipd/hadb_legacy.c 2010-10-15 15:29:14 +0000
+++ hipd/hadb_legacy.c 2011-01-03 16:06:13 +0000
@@ -66,8 +66,8 @@
struct timeval *modified_time)
{
struct hip_peer_addr_list_item *peer_addr_list_item;
- int i = 1, ii;
- hip_list_t *item, *tmp;
+ int i = 1, ii;
+ hip_list_t *item, *tmp;
list_for_each_safe(item, tmp, entry->peer_addresses_old, ii)
{
@@ -101,8 +101,8 @@
void hip_hadb_delete_peer_addrlist_one_old(hip_ha_t *ha, struct in6_addr *addr)
{
struct hip_peer_addr_list_item *peer_addr_list_item;
- int i;
- hip_list_t *item, *tmp;
+ int i;
+ hip_list_t *item, *tmp;
/* possibly deprecated function .. */
=== modified file 'hipd/hidb.c'
--- hipd/hidb.c 2010-12-30 15:10:34 +0000
+++ hipd/hidb.c 2011-01-03 16:06:13 +0000
@@ -66,7 +66,7 @@
HIP_HASHTABLE *hip_local_hostid_db = NULL;
#define HIP_MAX_HOST_ID_LEN 1600
-static const char *lsi_addresses[] = {"1.0.0.1", "1.0.0.2", "1.0.0.3",
"1.0.0.4"};
+static const char *lsi_addresses[] = { "1.0.0.1", "1.0.0.2", "1.0.0.3",
"1.0.0.4" };
/**
* Strips a public key out of DSA a host id with private key component
@@ -79,8 +79,8 @@
int key_len;
/* T could easily have been an int, since the compiler will
* probably add 3 alignment bytes here anyway. */
- uint8_t T;
- uint16_t temp;
+ uint8_t T;
+ uint16_t temp;
struct hip_host_id *ret;
/* check T, Miika won't like this */
@@ -92,17 +92,17 @@
if (T != 8) {
HIP_DEBUG("T-value in DSA-key not 8 (0x%x)!\n", T);
}
- key_len = 64 + (T * 8);
+ key_len = 64 + (T * 8);
- ret = malloc(sizeof(struct hip_host_id));
+ ret = malloc(sizeof(struct hip_host_id));
memcpy(ret, hi, sizeof(struct hip_host_id));
/* the secret component of the DSA key is always 20 bytes */
- temp = ntohs(hi->hi_length) - DSA_PRIV;
+ temp = ntohs(hi->hi_length) - DSA_PRIV;
ret->hi_length = htons(temp);
memset((char *) (&ret->key) + ntohs(ret->hi_length) - sizeof(hi->rdata),
0, sizeof(ret->key) - ntohs(ret->hi_length));
- ret->length = htons(sizeof(struct hip_host_id));
+ ret->length = htons(sizeof(struct hip_host_id));
return ret;
}
@@ -116,22 +116,22 @@
*/
static struct hip_host_id *hip_get_rsa_public_key(const struct
hip_host_id_priv *tmp)
{
- int rsa_pub_len;
+ int rsa_pub_len;
struct hip_rsa_keylen keylen;
- struct hip_host_id *ret;
+ struct hip_host_id *ret;
/** @todo check some value in the RSA key? */
hip_get_rsa_keylen(tmp, &keylen, 1);
- rsa_pub_len = keylen.e_len + keylen.e + keylen.n;
+ rsa_pub_len = keylen.e_len + keylen.e + keylen.n;
- ret = malloc(sizeof(struct hip_host_id));
+ ret = malloc(sizeof(struct hip_host_id));
memcpy(ret, tmp, sizeof(struct hip_host_id) -
sizeof(ret->key) - sizeof(ret->hostname));
ret->hi_length = htons(rsa_pub_len + sizeof(struct hip_host_id_key_rdata));
memcpy(ret->key, tmp->key, rsa_pub_len);
memcpy(ret->hostname, tmp->hostname, sizeof(ret->hostname));
- ret->length = htons(sizeof(struct hip_host_id));
+ ret->length = htons(sizeof(struct hip_host_id));
return ret;
}
@@ -178,7 +178,7 @@
unsigned long hip_hidb_hash(const void *ptr)
{
const hip_hit_t *hit = &((const struct hip_host_id_entry *) ptr)->lhi.hit;
- uint8_t hash[HIP_AH_SHA_LEN];
+ uint8_t hash[HIP_AH_SHA_LEN];
hip_build_digest(HIP_DIGEST_SHA1, hit, sizeof(hip_hit_t), hash);
@@ -223,8 +223,8 @@
*/
static int hip_del_host_id(HIP_HASHTABLE *db, struct hip_lhi *lhi)
{
- int err = -ENOENT;
- struct hip_host_id_entry *id = NULL;
+ int err = -ENOENT;
+ struct hip_host_id_entry *id = NULL;
HIP_ASSERT(lhi != NULL);
@@ -257,7 +257,7 @@
free(id->host_id);
list_del(id, db);
free(id);
- id = NULL;
+ id = NULL;
err = 0;
return err;
@@ -272,9 +272,9 @@
*/
static void hip_uninit_hostid_db(HIP_HASHTABLE *db)
{
- hip_list_t *curr, *iter;
+ hip_list_t *curr, *iter;
struct hip_host_id_entry *tmp;
- int count, err;
+ int count, err;
HIP_WRITE_LOCK_DB(db);
@@ -311,8 +311,8 @@
int anon)
{
struct hip_host_id_entry *id_entry;
- hip_list_t *item;
- int c;
+ hip_list_t *item;
+ int c;
list_for_each(item, db, c) {
id_entry = (struct hip_host_id_entry *) list_entry(item);
@@ -327,7 +327,6 @@
return NULL;
}
-
/**
* test if a given HIT belongs to the local host
*
@@ -350,8 +349,8 @@
int hip_hidb_get_lsi_by_hit(const hip_hit_t *our, hip_lsi_t *our_lsi)
{
struct hip_host_id_entry *id_entry;
- hip_list_t *item;
- int c, err = 1;
+ hip_list_t *item;
+ int c, err = 1;
list_for_each(item, hip_local_hostid_db, c) {
id_entry = (struct hip_host_id_entry *) list_entry(item);
@@ -373,10 +372,10 @@
static int hip_hidb_add_lsi(HIP_HASHTABLE *db, struct hip_host_id_entry
*id_entry)
{
struct hip_host_id_entry *id_entry_aux;
- hip_list_t *item;
- hip_lsi_t lsi_aux;
- int err = 0, used_lsi, c, i;
- int len = sizeof(lsi_addresses) / sizeof(*lsi_addresses);
+ hip_list_t *item;
+ hip_lsi_t lsi_aux;
+ int err = 0, used_lsi, c, i;
+ int len = sizeof(lsi_addresses) /
sizeof(*lsi_addresses);
for (i = 0; i < len; i++) {
inet_aton(lsi_addresses[i], &lsi_aux);
@@ -444,7 +443,7 @@
int (*del)(struct hip_host_id_entry *, void **arg),
void *arg)
{
- int err = 0;
+ int err = 0;
struct hip_host_id_entry *id_entry = NULL;
struct hip_host_id_entry *old_entry;
@@ -459,8 +458,8 @@
id_entry->lhi.anonymous = lhi->anonymous;
/* check for duplicates */
- old_entry = hip_get_hostid_entry_by_lhi_and_algo(db,
&lhi->hit,
-
HIP_ANY_ALGO, -1);
+ old_entry = hip_get_hostid_entry_by_lhi_and_algo(db, &lhi->hit,
+ HIP_ANY_ALGO, -1);
if (old_entry != NULL) {
HIP_WRITE_UNLOCK_DB(db);
HIP_ERROR("Trying to add duplicate lhi\n");
@@ -526,13 +525,13 @@
*/
int hip_handle_add_local_hi(const struct hip_common *input)
{
- int err = 0;
+ int err = 0;
const struct hip_host_id_priv *host_identity = NULL;
- struct hip_lhi lhi;
- const struct hip_tlv_common *param = NULL;
- const struct hip_eid_endpoint *eid_endpoint = NULL;
- struct in6_addr in6_lsi;
- hip_lsi_t lsi = {0};
+ struct hip_lhi lhi;
+ const struct hip_tlv_common *param = NULL;
+ const struct hip_eid_endpoint *eid_endpoint = NULL;
+ struct in6_addr in6_lsi;
+ hip_lsi_t lsi = { 0 };
HIP_DEBUG("/* --------- */ \n");
HIP_DEBUG_IN6ADDR("input->hits = ", &input->hits);
@@ -545,7 +544,7 @@
/* Iterate through all host identities in the input */
while ((param = hip_get_next_param(input, param)) != NULL) {
/* NOTE: changed to use hip_eid_endpoint structs instead of
- * hip_host_id:s when passing IDs from user space to kernel */
+ * hip_host_id:s when passing IDs from user space to kernel */
if (hip_get_param_type(param) != HIP_PARAM_EID_ENDPOINT) {
continue;
}
@@ -608,9 +607,9 @@
int hip_handle_del_local_hi(const struct hip_common *input)
{
const struct in6_addr *hit;
- struct hip_lhi lhi;
- char buf[46];
- int err = 0;
+ struct hip_lhi lhi;
+ char buf[46];
+ int err = 0;
hit = hip_get_param_contents(input, HIP_PARAM_HIT);
HIP_IFEL(!hit, -ENODATA, "no hit\n");
@@ -643,7 +642,7 @@
int hip_get_any_localhost_hit(struct in6_addr *target, int algo, int anon)
{
struct hip_host_id_entry *entry;
- int err = 0;
+ int err = 0;
HIP_READ_LOCK_DB(hip_local_hostid_db);
@@ -671,8 +670,8 @@
int hip_hidb_exists_lsi(hip_lsi_t *lsi)
{
struct hip_host_id_entry *id_entry;
- hip_list_t *item;
- int c, res = 0;
+ hip_list_t *item;
+ int c, res = 0;
list_for_each(item, hip_local_hostid_db, c) {
id_entry = (struct hip_host_id_entry *) list_entry(item);
@@ -694,9 +693,9 @@
*/
int hip_for_each_hi(int (*func)(struct hip_host_id_entry *entry, void *opaq),
void *opaque)
{
- hip_list_t *curr, *iter;
+ hip_list_t *curr, *iter;
struct hip_host_id_entry *tmp;
- int err = 0, c;
+ int err = 0, c;
HIP_READ_LOCK_DB(hip_local_hostid_db);
@@ -728,8 +727,8 @@
const struct
in_addr *lsi)
{
struct hip_host_id_entry *id_entry;
- hip_list_t *item;
- int c;
+ hip_list_t *item;
+ int c;
list_for_each(item, db, c) {
id_entry = (struct hip_host_id_entry *) list_entry(item);
@@ -749,8 +748,8 @@
*/
int hip_hidb_associate_default_hit_lsi(hip_hit_t *default_hit, hip_lsi_t
*default_lsi)
{
- int err = 0;
- hip_lsi_t aux_lsi;
+ int err = 0;
+ hip_lsi_t aux_lsi;
struct hip_host_id_entry *tmp1;
struct hip_host_id_entry *tmp2;
@@ -789,22 +788,22 @@
int hip_get_host_id_and_priv_key(HIP_HASHTABLE *db, struct in6_addr *hit,
int algo, struct hip_host_id **host_id, void
**key)
{
- int err = 0, host_id_len;
+ int err = 0, host_id_len;
struct hip_host_id_entry *entry = NULL;
HIP_READ_LOCK_DB(db);
- entry = hip_get_hostid_entry_by_lhi_and_algo(db, hit, algo, -1);
+ entry = hip_get_hostid_entry_by_lhi_and_algo(db, hit, algo, -1);
HIP_IFE(!entry, -1);
host_id_len = hip_get_param_total_len(entry->host_id);
HIP_IFE(host_id_len > HIP_MAX_HOST_ID_LEN, -1);
- *host_id = malloc(host_id_len);
+ *host_id = malloc(host_id_len);
HIP_IFE(!*host_id, -ENOMEM);
memcpy(*host_id, entry->host_id, host_id_len);
- *key = entry->private_key;
+ *key = entry->private_key;
HIP_IFE(!*key, -1);
out_err:
@@ -822,9 +821,9 @@
int hip_build_host_id_and_signature(struct hip_common *msg, hip_hit_t *hit)
{
struct hip_host_id *hi_public = NULL;
- int err = 0;
- int alg = -1;
- void *private_key;
+ int err = 0;
+ int alg = -1;
+ void *private_key;
HIP_IFEL((hit == NULL), -1, "Null HIT\n");
@@ -839,8 +838,7 @@
hit,
HIP_ANY_ALGO,
&hi_public,
- &private_key)))
- {
+ &private_key))) {
HIP_ERROR("Unable to locate HI from HID with HIT as key");
goto out_err;
}
@@ -885,7 +883,7 @@
*/
int hip_get_default_hit_msg(struct hip_common *msg)
{
- int err = 0;
+ int err = 0;
hip_hit_t hit;
hip_lsi_t lsi;
@@ -911,11 +909,11 @@
*/
int hip_get_default_lsi(struct in_addr *lsi)
{
- int err = 0, family = AF_INET;
- struct idxmap *idxmap[16] = { 0 };
+ int err = 0, family = AF_INET;
+ struct idxmap *idxmap[16] = { 0 };
struct in6_addr lsi_addr;
struct in6_addr lsi_aux6;
- hip_lsi_t lsi_tmpl;
+ hip_lsi_t lsi_tmpl;
memset(&lsi_tmpl, 0, sizeof(lsi_tmpl));
set_lsi_prefix(&lsi_tmpl);
=== modified file 'hipd/hip_socket.c'
--- hipd/hip_socket.c 2010-12-28 17:18:29 +0000
+++ hipd/hip_socket.c 2011-01-03 16:06:13 +0000
@@ -54,7 +54,7 @@
struct socketfd {
uint16_t priority;
int fd;
- int (*func_ptr)(struct hip_packet_context *ctx);
+ int (*func_ptr)(struct hip_packet_context *ctx);
};
/**
@@ -122,8 +122,8 @@
static int hip_handle_user_sock(struct hip_packet_context *ctx)
{
- int err = 0, send_response = 0, n = 0, len = 0;
- uint8_t msg_type = 0;
+ int err = 0, send_response = 0, n = 0, len = 0;
+ uint8_t msg_type = 0;
struct sockaddr_in6 app_src;
HIP_DEBUG("received on: hip_user_sock\n");
@@ -150,7 +150,7 @@
HIP_DEBUG("Sending message (type=%d) response to port %d \n",
hip_get_msg_type(ctx->input_msg), ntohs(app_src.sin6_port));
HIP_DEBUG_HIT("To address", &app_src.sin6_addr);
- n = hip_sendto_user(ctx->input_msg, (struct sockaddr *) &app_src);
+ n = hip_sendto_user(ctx->input_msg, (struct sockaddr *) &app_src);
if (n != len) {
err = -1;
} else {
@@ -203,7 +203,7 @@
int (*func_ptr)(struct hip_packet_context *ctx),
const uint16_t priority)
{
- int err = 0;
+ int err = 0;
struct socketfd *new_socket = NULL;
HIP_IFEL(!(new_socket = malloc(sizeof(struct socketfd))),
@@ -228,13 +228,13 @@
int hip_get_highest_descriptor(void)
{
- int highest_descriptor = 0;
- hip_ll_node_t *iter = NULL;
+ int highest_descriptor = 0;
+ hip_ll_node_t *iter = NULL;
if (hip_sockets) {
while ((iter = hip_ll_iterate(hip_sockets, iter))) {
- if (((struct socketfd*) iter->ptr)->fd >= highest_descriptor) {
- highest_descriptor = ((struct socketfd*) iter->ptr)->fd;
+ if (((struct socketfd *) iter->ptr)->fd >= highest_descriptor) {
+ highest_descriptor = ((struct socketfd *) iter->ptr)->fd;
}
}
} else {
@@ -252,7 +252,7 @@
if (hip_sockets) {
while ((iter = hip_ll_iterate(hip_sockets, iter))) {
- FD_SET(((struct socketfd*) iter->ptr)->fd, read_fdset);
+ FD_SET(((struct socketfd *) iter->ptr)->fd, read_fdset);
}
} else {
HIP_DEBUG("No sockets registered.\n");
@@ -274,14 +274,14 @@
void hip_run_socket_handles(fd_set *read_fdset, struct hip_packet_context *ctx)
{
hip_ll_node_t *iter = NULL;
- int socketfd;
+ int socketfd;
if (hip_sockets) {
while ((iter = hip_ll_iterate(hip_sockets, iter))) {
- socketfd = ((struct socketfd*) iter->ptr)->fd;
+ socketfd = ((struct socketfd *) iter->ptr)->fd;
if (FD_ISSET(socketfd, read_fdset)) {
- ((struct socketfd*) iter->ptr)->func_ptr(ctx);
+ ((struct socketfd *) iter->ptr)->func_ptr(ctx);
HIP_DEBUG("result: %d\n", ctx->error);
/* Reset for next iteration.
=== modified file 'hipd/hipd.c'
--- hipd/hipd.c 2010-12-30 18:47:03 +0000
+++ hipd/hipd.c 2011-01-03 16:06:13 +0000
@@ -71,46 +71,46 @@
/* Defined as a global just to allow freeing in exit(). Do not use outside
* of this file! */
-struct hip_common *hipd_msg = NULL;
-struct hip_common *hipd_msg_v4 = NULL;
+struct hip_common *hipd_msg = NULL;
+struct hip_common *hipd_msg_v4 = NULL;
-int is_active_mhaddr = 1; /**< Which mhaddr to use active or
lazy? (default: active) */
-int is_hard_handover = 0; /**< if hard handover is forced to
be used (default: no) */
+int is_active_mhaddr = 1; /**< Which mhaddr to use active or
lazy? (default: active) */
+int is_hard_handover = 0; /**< if hard handover is forced to
be used (default: no) */
/** Suppress advertising of none, AF_INET or AF_INET6 address in UPDATEs.
* 0 = none = default, AF_INET, AF_INET6 */
-int suppress_af_family = 0;
+int suppress_af_family = 0;
/* For sending HIP control messages */
-int hip_raw_sock_output_v6 = 0;
-int hip_raw_sock_output_v4 = 0;
+int hip_raw_sock_output_v6 = 0;
+int hip_raw_sock_output_v4 = 0;
/* For receiving HIP control messages */
-int hip_raw_sock_input_v6 = 0;
-int hip_raw_sock_input_v4 = 0;
+int hip_raw_sock_input_v6 = 0;
+int hip_raw_sock_input_v4 = 0;
/** File descriptor of the socket used for sending HIP control packet
* NAT traversal on UDP/IPv4
*/
-int hip_nat_sock_output_udp = 0;
+int hip_nat_sock_output_udp = 0;
/** File descriptor of the socket used for receiving HIP control packet
* NAT traversal on UDP/IPv4
*/
-int hip_nat_sock_input_udp = 0;
+int hip_nat_sock_input_udp = 0;
-int hip_nat_sock_output_udp_v6 = 0;
-int hip_nat_sock_input_udp_v6 = 0;
+int hip_nat_sock_output_udp_v6 = 0;
+int hip_nat_sock_input_udp_v6 = 0;
/** Specifies the NAT status of the daemon. This value indicates if the current
* machine is behind a NAT. */
hip_transform_suite_t hip_nat_status = 0;
/* Encrypt host id in I2 */
-int hip_encrypt_i2_hi = 0;
+int hip_encrypt_i2_hi = 0;
/* Communication interface to userspace apps (hipconf etc) */
-int hip_user_sock = 0;
+int hip_user_sock = 0;
struct sockaddr_un hip_user_addr;
/** For receiving netlink IPsec events (acquire, expire, etc) */
@@ -121,16 +121,16 @@
struct rtnl_handle hip_nl_route;
struct sockaddr_in6 hip_firewall_addr;
-int hip_firewall_sock = 0;
+int hip_firewall_sock = 0;
/* used to change the transform order see hipconf usage to see the usage
* This is set to AES, 3DES, NULL by default see hipconf trasform order for
* more information.
*/
-int hip_transform_order = 123;
+int hip_transform_order = 123;
/* Tells to the daemon should it build LOCATOR parameters to R1 and I2 */
-int hip_locator_status = HIP_MSG_SET_LOCATOR_OFF;
+int hip_locator_status = HIP_MSG_SET_LOCATOR_OFF;
/* We are caching the IP addresses of the host here. The reason is that during
* in hip_handle_acquire it is not possible to call getifaddrs (it creates
@@ -140,9 +140,9 @@
* variable and most of the functions referencing them unnecessary -miika
*/
-int address_count;
+int address_count;
HIP_HASHTABLE *addresses;
-time_t load_time;
+time_t load_time;
int address_change_time_counter = -1;
@@ -150,16 +150,16 @@
* userspace ipsec or not. If it is 1, hip uses the user space ipsec.
* It will not use if hip_use_userspace_ipsec = 0. Added By Tao Wan
*/
-int hip_use_userspace_ipsec = 0;
+int hip_use_userspace_ipsec = 0;
-int esp_prot_active = 0;
-int esp_prot_num_transforms = 0;
+int esp_prot_active = 0;
+int esp_prot_num_transforms = 0;
uint8_t esp_prot_transforms[MAX_NUM_TRANSFORMS];
-long esp_prot_num_parallel_hchains = 0;
-
-int hip_shotgun_status = HIP_MSG_SHOTGUN_OFF;
-
-int hip_wait_addr_changes_to_stabilize = 1;
+long esp_prot_num_parallel_hchains = 0;
+
+int hip_shotgun_status = HIP_MSG_SHOTGUN_OFF;
+
+int hip_wait_addr_changes_to_stabilize = 1;
/**
* print hipd usage instructions on stderr
@@ -170,14 +170,14 @@
fprintf(stderr, " -V print version information and exit\n");
fprintf(stderr, " -b run in background\n");
fprintf(stderr, " -i <device name> add interface to the white list. " \
- "Use additional -i for additional devices.\n");
+ "Use additional -i for additional devices.\n");
fprintf(stderr, " -k kill existing hipd\n");
fprintf(stderr, " -N do not flush ipsec rules on exit\n");
fprintf(stderr, " -a fix alignment issues automatically(ARM)\n");
fprintf(stderr, " -f set debug type format to short\n");
fprintf(stderr, " -d set the initial (pre-config) debug level to ALL
(default is MEDIUM)\n");
fprintf(stderr, " -D <module name> disable this module. " \
- "Use additional -D for additional modules.\n");
+ "Use additional -D for additional modules.\n");
fprintf(stderr, " -p disable privilege separation\n");
fprintf(stderr, " -m disable the loading/unloading of kernel modules\n");
fprintf(stderr, "\n");
@@ -192,7 +192,7 @@
int hip_sendto_firewall(HIPFW const struct hip_common *msg)
{
#ifdef CONFIG_HIP_FIREWALL
- int n = 0;
+ int n = 0;
HIP_DEBUG("CONFIG_HIP_FIREWALL DEFINED AND STATUS IS %d\n",
hip_get_firewall_status());
n = sendto(hip_firewall_sock,
@@ -254,9 +254,9 @@
break;
case 'D':
if (!lmod_disable_module(optarg)) {
- HIP_DEBUG("Module '%s' disabled.\n", optarg);
+ HIP_DEBUG("Module '%s' disabled.\n", optarg);
} else {
- HIP_ERROR("Error while disabling module '%s'.\n", optarg);
+ HIP_ERROR("Error while disabling module '%s'.\n", optarg);
}
break;
case 'p':
@@ -288,9 +288,9 @@
*/
static int hipd_main(uint64_t flags)
{
- int highest_descriptor = 0, err = 0;
- struct timeval timeout;
- fd_set read_fdset;
+ int highest_descriptor = 0, err = 0;
+ struct timeval timeout;
+ fd_set read_fdset;
struct hip_packet_context ctx;
#ifdef CONFIG_HIP_PERFORMANCE
@@ -374,7 +374,6 @@
hip_perf_write_benchmark(perf_set, PERF_STARTUP);
#endif
while (hipd_get_state() != HIPD_STATE_CLOSED) {
-
hip_prepare_fd_set(&read_fdset);
hip_firewall_sock = hip_user_sock;
@@ -384,7 +383,6 @@
#ifdef CONFIG_HIP_FIREWALL
if (hip_firewall_status < 0) {
-
memset(&hip_firewall_addr, 0, sizeof(hip_firewall_addr));
hip_firewall_addr.sin6_family = AF_INET6;
hip_firewall_addr.sin6_port = htons(HIP_FIREWALL_PORT);
@@ -452,12 +450,12 @@
* people are doing some very experimental features on some branches
* that may crash the daemon and leave the SAs floating around to
* disturb further base exchanges. Use -N flag to disable this. */
- sflags |= HIPD_START_FLUSH_IPSEC;
+ sflags |= HIPD_START_FLUSH_IPSEC;
/* The default behaviour is to allow hipd to load the required modules
* and unload them when exiting.
*/
- sflags |= HIPD_START_LOAD_KMOD;
+ sflags |= HIPD_START_LOAD_KMOD;
/* set the initial verbosity level */
hip_set_logdebug(LOGDEBUG_MEDIUM);
@@ -481,7 +479,7 @@
if (hipd_get_flag(HIPD_FLAG_RESTART)) {
HIP_INFO(" !!!!! HIP DAEMON RESTARTING !!!!! \n");
- hip_handle_exec_app(0, EXEC_LOADLIB_NONE, argc, (const char * const *)
argv);
+ hip_handle_exec_app(0, EXEC_LOADLIB_NONE, argc, (const char *const *)
argv);
}
return EXIT_SUCCESS;
=== modified file 'hipd/hipd.h'
--- hipd/hipd.h 2010-11-19 14:55:20 +0000
+++ hipd/hipd.h 2011-01-03 16:06:13 +0000
@@ -76,7 +76,7 @@
extern struct rtnl_handle hip_nl_route;
extern struct rtnl_handle hip_nl_ipsec;
extern struct rtnl_handle hip_nl_generic;
-extern time_t load_time;
+extern time_t load_time;
extern int hip_raw_sock_input_v6;
extern int hip_raw_sock_input_v4;
@@ -95,7 +95,7 @@
extern int hip_user_sock;
-extern int hip_firewall_sock, hip_firewall_status;
+extern int hip_firewall_sock, hip_firewall_status;
extern struct sockaddr_in6 hip_firewall_addr;
extern int hit_db_lock;
@@ -108,15 +108,15 @@
extern hip_transform_suite_t hip_nat_status;
-extern int esp_prot_active;
-extern int esp_prot_num_transforms;
+extern int esp_prot_active;
+extern int esp_prot_num_transforms;
extern long esp_prot_num_parallel_hchains;
extern int hip_locator_status;
extern int hip_transform_order;
-extern int suppress_af_family;
-extern int address_count;
+extern int suppress_af_family;
+extern int address_count;
extern HIP_HASHTABLE *addresses;
extern uint8_t esp_prot_transforms[MAX_NUM_TRANSFORMS];
=== modified file 'hipd/hiprelay.c'
--- hipd/hiprelay.c 2010-11-30 14:50:30 +0000
+++ hipd/hiprelay.c 2011-01-03 16:06:13 +0000
@@ -188,20 +188,20 @@
#define HIP_RELAY_CONFIG_FILE HIPL_SYSCONFDIR "/relay_config"
/** A hashtable for storing the relay records. */
-static HIP_HASHTABLE *hiprelay_ht = NULL;
+static HIP_HASHTABLE *hiprelay_ht = NULL;
/** A hashtable for storing the the HITs of the clients that are allowed to use
* the relay / RVS service. */
-static HIP_HASHTABLE *hiprelay_wl = NULL;
+static HIP_HASHTABLE *hiprelay_wl = NULL;
/** Minimum relay record life time as a 8-bit integer. */
-uint8_t hiprelay_min_lifetime = HIP_RELREC_MIN_LIFETIME;
+uint8_t hiprelay_min_lifetime = HIP_RELREC_MIN_LIFETIME;
/** Maximum relay record life time as a 8-bit integer. */
-uint8_t hiprelay_max_lifetime = HIP_RELREC_MAX_LIFETIME;
+uint8_t hiprelay_max_lifetime = HIP_RELREC_MAX_LIFETIME;
/**
* A boolean to indicating if the RVS / relay is enabled. User sets this value
* using the hipconf tool.
*/
-hip_relay_status_t relay_enabled = HIP_RELAY_OFF;
+hip_relay_status_t relay_enabled = HIP_RELAY_OFF;
/**
* A boolean to indicating if the RVS / relay whitelist is enabled. User sets
* this value from the relay configuration file.
@@ -216,8 +216,8 @@
*/
static inline unsigned long hip_hash_func(const hip_hit_t *hit)
{
- uint32_t bits_1st = 0;
- unsigned long hash = 0;
+ uint32_t bits_1st = 0;
+ unsigned long hash = 0;
/* HITs are of the form: 2001:001x:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
* We have four groups of 32 bit sequences here, but the first 28 bits
@@ -233,14 +233,14 @@
/* We calculate the hash by avalanching the bits. The avalanching
* ensures that we make use of all bits when dealing with 64 bits
* architectures. */
- hash = (bits_1st ^ hit->s6_addr32[1]);
- hash ^= hash << 3;
- hash ^= (hit->s6_addr32[2] ^ hit->s6_addr32[3]);
- hash += hash >> 5;
- hash ^= hash << 4;
- hash += hash >> 17;
- hash ^= hash << 25;
- hash += hash >> 6;
+ hash = (bits_1st ^ hit->s6_addr32[1]);
+ hash ^= hash << 3;
+ hash ^= (hit->s6_addr32[2] ^ hit->s6_addr32[3]);
+ hash += hash >> 5;
+ hash ^= hash << 4;
+ hash += hash >> 17;
+ hash ^= hash << 25;
+ hash += hash >> 6;
return hash;
}
@@ -561,13 +561,13 @@
HIP_ERROR("Error allocating memory for HIP relay record.\n");
return NULL;
}
- rec->type = type;
+ rec->type = type;
memcpy(&(rec->hit_r), hit_r, sizeof(*hit_r));
memcpy(&(rec->ip_r), ip_r, sizeof(*ip_r));
rec->udp_port_r = port;
memcpy(&(rec->hmac_relay), hmac, sizeof(*hmac));
hip_relrec_set_lifetime(rec, lifetime);
- rec->created = time(NULL);
+ rec->created = time(NULL);
return rec;
}
@@ -747,7 +747,7 @@
if (requested_lifetime < hiprelay_min_lifetime) {
*granted_lifetime = hiprelay_min_lifetime;
return -1;
- } else if (requested_lifetime > hiprelay_max_lifetime) {
+ } else if (requested_lifetime > hiprelay_max_lifetime) {
*granted_lifetime = hiprelay_max_lifetime;
return -1;
} else {
@@ -766,12 +766,12 @@
*/
static int hip_relay_read_config(void)
{
- FILE *fp = NULL;
- int lineerr = 0, parseerr = 0, err = 0;
- char parameter[HIP_RELAY_MAX_PAR_LEN + 1];
+ FILE *fp = NULL;
+ int lineerr = 0, parseerr = 0, err = 0;
+ char parameter[HIP_RELAY_MAX_PAR_LEN + 1];
hip_configvaluelist_t values;
- hip_hit_t hit, *wl_hit = NULL;
- uint8_t max = 255; /* Theoretical maximum lifetime value. */
+ hip_hit_t hit, *wl_hit = NULL;
+ uint8_t max = 255; /* Theoretical maximum lifetime value. */
HIP_IFEL(((fp = fopen(HIP_RELAY_CONFIG_FILE, "r")) == NULL), -ENOENT,
"Cannot open file %s for reading.\n", HIP_RELAY_CONFIG_FILE);
@@ -780,7 +780,7 @@
parseerr = 0;
memset(parameter, '\0', sizeof(parameter));
hip_cvl_init(&values);
- lineerr = hip_cf_get_line_data(fp, parameter, &values, &parseerr);
+ lineerr = hip_cf_get_line_data(fp, parameter, &values, &parseerr);
if (parseerr == 0) {
hip_configfilevalue_t *current = NULL;
@@ -813,7 +813,7 @@
}
}
} else if (strcmp(parameter, "minimum_lifetime") == 0) {
- time_t tmp = 0;
+ time_t tmp = 0;
uint8_t val = 0;
current = hip_cvl_get_next(&values, current);
tmp = atol(current->data);
@@ -828,7 +828,7 @@
hiprelay_min_lifetime = val;
}
} else if (strcmp(parameter, "maximum_lifetime") == 0) {
- time_t tmp = 0;
+ time_t tmp = 0;
uint8_t val = 0;
current = hip_cvl_get_next(&values, current);
tmp = atol(current->data);
@@ -874,8 +874,8 @@
*/
static int hip_relay_write_config(void)
{
- int err = 0;
- FILE *fp = NULL;
+ int err = 0;
+ FILE *fp = NULL;
HIP_IFEL(((fp = fopen(HIP_RELAY_CONFIG_FILE, "w")) == NULL), -ENOENT,
"Cannot open file %s for writing.\n", HIP_RELAY_CONFIG_FILE);
@@ -903,10 +903,10 @@
hip_relrec_t *rec,
const uint8_t type_hdr)
{
- hip_common_t *msg_to_be_relayed = NULL;
- const struct hip_tlv_common *current_param = NULL;
- int err = 0, from_added = 0;
- hip_tlv_type_t param_type = 0;
+ hip_common_t *msg_to_be_relayed = NULL;
+ const struct hip_tlv_common *current_param = NULL;
+ int err = 0, from_added = 0;
+ hip_tlv_type_t param_type = 0;
HIP_DEBUG("Msg type : %s (%d)\n",
hip_message_type_name(hip_get_msg_type(ctx->input_msg)),
@@ -945,9 +945,9 @@
"to be relayed.\n");
hip_build_param(msg_to_be_relayed, current_param);
} else {
- /* Parameter under inspection has greater type than FROM
- * (RELAY_FROM) parameter: insert a new FROM (RELAY_FROM) parameter
- * between the previous parameter and "current_param". */
+ /* Parameter under inspection has greater type than FROM
+ * (RELAY_FROM) parameter: insert a new FROM (RELAY_FROM) parameter
+ * between the previous parameter and "current_param". */
HIP_DEBUG("Created new param %d and copied " \
"current parameter to relayed packet.\n",
param_type);
@@ -1028,9 +1028,9 @@
const struct in6_addr *relay_to_addr,
const in_port_t relay_to_port)
{
- struct hip_common *r_to_be_relayed = NULL;
- const struct hip_tlv_common *current_param = NULL;
- int err = 0;
+ struct hip_common *r_to_be_relayed = NULL;
+ const struct hip_tlv_common *current_param = NULL;
+ int err = 0;
HIP_DEBUG_IN6ADDR("hip_relay_forward_response: source address", r_saddr);
HIP_DEBUG_IN6ADDR("hip_relay_forward_response: destination address",
r_daddr);
@@ -1078,8 +1078,8 @@
UNUSED const uint32_t ha_state,
struct hip_packet_context *ctx)
{
- int err = 0;
- hip_relrec_t *rec = NULL, dummy;
+ int err = 0;
+ hip_relrec_t *rec = NULL, dummy;
const struct hip_relay_to *relay_to;
//check if full relay service is active
@@ -1149,7 +1149,7 @@
int hip_relay_add_rvs_to_ha(const hip_common_t *source_msg, hip_ha_t *entry)
{
const struct hip_via_rvs *via_rvs = NULL;
- int err = 0;
+ int err = 0;
// Get rendezvous server's IP addresses
via_rvs = hip_get_param(source_msg, HIP_PARAM_VIA_RVS);
@@ -1189,11 +1189,11 @@
RVS struct in6_addr *relay_ip,
struct in6_addr *dest_ip, in_port_t *dest_port)
{
- int param_type;
+ int param_type;
const struct hip_relay_from *relay_from = NULL;
- const struct hip_from *from = NULL;
+ const struct hip_from *from = NULL;
#ifdef CONFIG_HIP_RVS
- hip_ha_t *relay_ha_entry = NULL;
+ hip_ha_t *relay_ha_entry = NULL;
#endif
/* Check if the incoming I1 packet has RELAY_FROM parameters. */
@@ -1255,7 +1255,7 @@
if (relay_from != NULL &&
hip_verify_packet_hmac_general(source_msg,
&relay_ha_entry->hip_hmac_out,
- HIP_PARAM_RELAY_HMAC ) != 0) {
+ HIP_PARAM_RELAY_HMAC) != 0) {
/* Notice that the HMAC is currently ignored to allow rvs/relay e.g.
* in the following use case: I <----IPv4 ----> RVS <----IPv6---> R
* Otherwise we have to loop through all host associations and try
@@ -1265,13 +1265,13 @@
} else if (from != NULL &&
hip_verify_packet_hmac_general(source_msg,
&relay_ha_entry->hip_hmac_out,
- HIP_PARAM_RVS_HMAC ) != 0) {
+ HIP_PARAM_RVS_HMAC) != 0) {
HIP_DEBUG("RVS_HMAC verification failed.\n");
HIP_DEBUG("Ignoring HMAC verification\n");
}
HIP_DEBUG("RVS_HMAC or Full_Relay verified.\n");
-#endif /* CONFIG_HIP_RVS */
+#endif /* CONFIG_HIP_RVS */
return param_type;
}
@@ -1285,7 +1285,7 @@
UNUSED const uint32_t ha_state,
struct hip_packet_context *ctx)
{
- int err = 0;
+ int err = 0;
const struct hip_relay_to *relay_to;
//check if full relay service is active
@@ -1366,6 +1366,7 @@
hip_ht_uninit(hiprelay_ht);
hiprelay_ht = NULL;
}
+
/**
* Initializes the global HIP relay whitelist. Allocates memory for
* @c hiprelay_wl.
=== modified file 'hipd/hiprelay.h'
--- hipd/hiprelay.h 2010-10-15 15:29:14 +0000
+++ hipd/hiprelay.h 2011-01-03 16:06:13 +0000
@@ -62,19 +62,19 @@
/** HIP Relay record. These records are stored in the HIP Relay hashtable. */
typedef struct {
/** The type of this relay record (full relay or rvs) */
- uint8_t type;
+ uint8_t type;
/** The lifetime of this record, seconds. */
- time_t lifetime;
+ time_t lifetime;
/** Time when this record was created, seconds since epoch. */
- time_t created;
+ time_t created;
/** Time when this record was last used, seconds since epoch. */
- time_t last_contact;
+ time_t last_contact;
/** HIT of Responder (Relay Client) */
- hip_hit_t hit_r;
+ hip_hit_t hit_r;
/** IP address of Responder (Relay Client) */
- struct in6_addr ip_r;
+ struct in6_addr ip_r;
/** Client UDP port received in I2 packet of registration. */
- in_port_t udp_port_r;
+ in_port_t udp_port_r;
/** Integrity key established while registration occurred. */
hip_crypto_key_t hmac_relay;
} hip_relrec_t;
=== modified file 'hipd/hit_to_ip.c'
--- hipd/hit_to_ip.c 2010-11-30 14:50:30 +0000
+++ hipd/hit_to_ip.c 2011-01-03 16:06:13 +0000
@@ -110,8 +110,8 @@
}
const uint8_t *bytes = (const uint8_t *) hit->s6_addr;
- char *cp = hostname;
- int i; // no C99 :(
+ char *cp = hostname;
+ int i; // no C99 :(
for (i = 15; i >= 0; i--) {
*cp++ = hex_digits[bytes[i] & 0x0f];
*cp++ = '.';
@@ -138,12 +138,12 @@
int hip_hit_to_ip(const hip_hit_t *hit, struct in6_addr *retval)
{
- struct addrinfo *rp = NULL; // no C99 :(
- char hit_to_ip_hostname[64 + HIT_TO_IP_ZONE_MAX_LEN + 1];
- int found_addr = 0;
- struct addrinfo hints;
+ struct addrinfo *rp = NULL; // no C99 :(
+ char hit_to_ip_hostname[64 + HIT_TO_IP_ZONE_MAX_LEN + 1];
+ int found_addr = 0;
+ struct addrinfo hints;
struct addrinfo *result = NULL;
- int res;
+ int res;
if ((hit == NULL) || (retval == NULL)) {
return -1;
@@ -163,7 +163,7 @@
hints.ai_next = NULL;
/* getaddrinfo is too complex for DNS lookup, but let us use it now */
- res = getaddrinfo( hit_to_ip_hostname, NULL, &hints,
&result );
+ res = getaddrinfo(hit_to_ip_hostname, NULL, &hints, &result);
HIP_DEBUG("getaddrinfo(%s) returned %d\n", hit_to_ip_hostname, res);
if (res != 0) {
=== modified file 'hipd/init.c'
--- hipd/init.c 2010-12-13 18:21:47 +0000
+++ hipd/init.c 2011-01-03 16:06:13 +0000
@@ -128,7 +128,7 @@
static void hip_sig_chld(int signum)
{
union wait status;
- int pid;
+ int pid;
signal(signum, hip_sig_chld);
@@ -151,7 +151,7 @@
return;
}
- FILE *fp = fopen(path, "w");
+ FILE *fp = fopen(path, "w");
HIP_ASSERT(fp);
size_t items = fwrite(contents, strlen(contents), 1, fp);
HIP_ASSERT(items > 0);
@@ -251,7 +251,7 @@
static void hip_set_os_dep_variables(void)
{
struct utsname un;
- int rel[4] = {0};
+ int rel[4] = { 0 };
uname(&un);
@@ -283,7 +283,7 @@
*/
static int hip_init_raw_sock_v4(int proto)
{
- int on = 1, off = 0, err = 0;
+ int on = 1, off = 0, err = 0;
int sock;
sock = socket(AF_INET, SOCK_RAW, proto);
@@ -331,8 +331,8 @@
*/
static int hip_check_kernel_modules(void)
{
- int net_total, crypto_total, count;
- char str[MODPROBE_MAX_LINE];
+ int net_total, crypto_total, count;
+ char str[MODPROBE_MAX_LINE];
struct stat sbuf;
net_total = sizeof(kernel_net_mod) / sizeof(kernel_net_mod[0]);
@@ -352,7 +352,7 @@
snprintf(str, sizeof(str), "/sys/module/%s", kernel_net_mod[count]);
if (stat(str, &sbuf)) {
HIP_INFO("The %s kernel module is not loaded\n",
- kernel_net_mod[count]);
+ kernel_net_mod[count]);
}
}
@@ -365,9 +365,9 @@
*/
static int hip_probe_kernel_modules(void)
{
- int count;
- char cmd[MODPROBE_MAX_LINE];
- int net_total, crypto_total;
+ int count;
+ char cmd[MODPROBE_MAX_LINE];
+ int net_total, crypto_total;
struct stat sbuf;
net_total = sizeof(kernel_net_mod) / sizeof(kernel_net_mod[0]);
@@ -432,9 +432,9 @@
static void hip_remove_kernel_modules(void)
{
/* some net modules depend on crypto, so keep net modules first */
- const char **mods[] = {kernel_net_mod, kernel_crypto_mod};
- int count[2], type, i, ret;
- char cmd[MODPROBE_MAX_LINE];
+ const char **mods[] = { kernel_net_mod, kernel_crypto_mod };
+ int count[2], type, i, ret;
+ char cmd[MODPROBE_MAX_LINE];
count[0] = sizeof(kernel_net_mod) / sizeof(kernel_net_mod[0]);
count[1] = sizeof(kernel_crypto_mod) / sizeof(kernel_crypto_mod[0]);
@@ -473,7 +473,7 @@
*/
static int init_random_seed(void)
{
- struct timeval tv;
+ struct timeval tv;
struct timezone tz;
struct {
struct timeval tv;
@@ -482,7 +482,7 @@
} rand_data;
int err = 0;
- err = gettimeofday(&tv, &tz);
+ err = gettimeofday(&tv, &tz);
srandom(tv.tv_usec);
memcpy(&rand_data.tv, &tv, sizeof(tv));
@@ -530,15 +530,15 @@
*/
static struct hip_host_id_entry *hip_return_first_rsa(void)
{
- hip_list_t *curr, *iter;
+ hip_list_t *curr, *iter;
struct hip_host_id_entry *tmp = NULL;
- int c;
- uint16_t algo = 0;
+ int c;
+ uint16_t algo = 0;
HIP_READ_LOCK_DB(hip_local_hostid_db);
list_for_each_safe(curr, iter, hip_local_hostid_db, c) {
- tmp = (struct hip_host_id_entry *) list_entry(curr);
+ tmp = (struct hip_host_id_entry *) list_entry(curr);
HIP_DEBUG_HIT("Found HIT", &tmp->lhi.hit);
algo = hip_get_host_id_algo(tmp->host_id);
HIP_DEBUG("hits algo %d HIP_HI_RSA = %d\n",
@@ -563,11 +563,11 @@
*/
static int hip_init_host_ids(void)
{
- int err = 0;
- struct stat status;
+ int err = 0;
+ struct stat status;
struct hip_common *user_msg = NULL;
- hip_hit_t default_hit;
- hip_lsi_t default_lsi;
+ hip_hit_t default_hit;
+ hip_lsi_t default_lsi;
/* We are first serializing a message with HIs and then
* deserializing it. This building and parsing causes
@@ -626,11 +626,11 @@
*/
static int hip_init_certs(void)
{
- int err = 0;
- char hit[41];
- FILE *conf_file;
+ int err = 0;
+ char hit[41];
+ FILE *conf_file;
struct hip_host_id_entry *entry;
- char hostname[HIP_HOST_ID_HOSTNAME_LEN_MAX];
+ char hostname[HIP_HOST_ID_HOSTNAME_LEN_MAX];
memset(hostname, 0, HIP_HOST_ID_HOSTNAME_LEN_MAX);
HIP_IFEL(gethostname(hostname, HIP_HOST_ID_HOSTNAME_LEN_MAX - 1), -1,
@@ -816,7 +816,7 @@
hip_register_handle_function(HIP_NOTIFY, HIP_STATE_R2_SENT,
&hip_check_notify, 20000);
hip_register_handle_function(HIP_NOTIFY, HIP_STATE_R2_SENT,
&hip_handle_notify, 30000);
hip_register_handle_function(HIP_NOTIFY, HIP_STATE_ESTABLISHED,
&hip_check_notify, 20000);
- hip_register_handle_function(HIP_NOTIFY, HIP_STATE_ESTABLISHED,
&hip_handle_notify,30000);
+ hip_register_handle_function(HIP_NOTIFY, HIP_STATE_ESTABLISHED,
&hip_handle_notify, 30000);
hip_register_handle_function(HIP_NOTIFY, HIP_STATE_CLOSING,
&hip_check_notify, 20000);
hip_register_handle_function(HIP_NOTIFY, HIP_STATE_CLOSING,
&hip_handle_notify, 30000);
hip_register_handle_function(HIP_NOTIFY, HIP_STATE_CLOSED,
&hip_check_notify, 20000);
@@ -1008,11 +1008,11 @@
*/
int hipd_init(const uint64_t flags)
{
- int err = 0, certerr = 0, hitdberr = 0, i, j;
- int killold = ((flags & HIPD_START_KILL_OLD) > 0);
- unsigned int mtu_val = HIP_HIT_DEV_MTU;
- char str[64];
- char mtu[16];
+ int err = 0, certerr = 0, hitdberr = 0, i, j;
+ int killold = ((flags & HIPD_START_KILL_OLD) > 0);
+ unsigned int mtu_val = HIP_HIT_DEV_MTU;
+ char str[64];
+ char mtu[16];
struct sockaddr_in6 daemon_addr;
/* Keep the flags around: they will be used at kernel module removal */
@@ -1097,25 +1097,25 @@
hip_xfrm_set_nl_ipsec(&hip_nl_ipsec);
- hip_raw_sock_output_v6 = hip_init_raw_sock_v6(IPPROTO_HIP);
+ hip_raw_sock_output_v6 = hip_init_raw_sock_v6(IPPROTO_HIP);
HIP_IFEL(hip_raw_sock_output_v6 < 0, -1, "raw sock output v6\n");
- hip_raw_sock_output_v4 = hip_init_raw_sock_v4(IPPROTO_HIP);
+ hip_raw_sock_output_v4 = hip_init_raw_sock_v4(IPPROTO_HIP);
HIP_IFEL(hip_raw_sock_output_v4 < 0, -1, "raw sock output v4\n");
/* hip_nat_sock_input should be initialized after hip_nat_sock_output
- because for the sockets bound to the same address/port, only the last
socket seems
- to receive the packets. NAT input socket is a normal UDP socket where as
- NAT output socket is a raw socket. A raw output socket support better
the "shotgun"
- extension (sending packets from multiple source addresses). */
+ * because for the sockets bound to the same address/port, only the last
socket seems
+ * to receive the packets. NAT input socket is a normal UDP socket where as
+ * NAT output socket is a raw socket. A raw output socket support better
the "shotgun"
+ * extension (sending packets from multiple source addresses). */
hip_nat_sock_output_udp = hip_init_raw_sock_v4(IPPROTO_UDP);
HIP_IFEL(hip_nat_sock_output_udp < 0, -1, "raw sock output udp\n");
- hip_raw_sock_input_v6 = hip_init_raw_sock_v6(IPPROTO_HIP);
+ hip_raw_sock_input_v6 = hip_init_raw_sock_v6(IPPROTO_HIP);
HIP_IFEL(hip_raw_sock_input_v6 < 0, -1, "raw sock input v6\n");
- hip_raw_sock_input_v4 = hip_init_raw_sock_v4(IPPROTO_HIP);
+ hip_raw_sock_input_v4 = hip_init_raw_sock_v4(IPPROTO_HIP);
HIP_IFEL(hip_raw_sock_input_v4 < 0, -1, "raw sock input v4\n");
HIP_IFEL(hip_create_nat_sock_udp(&hip_nat_sock_input_udp, 0, 0), -1, "raw
sock input udp\n");
@@ -1152,7 +1152,7 @@
HIP_IFE(hip_init_host_ids(), 1);
- hip_user_sock = socket(AF_INET6, SOCK_DGRAM, 0);
+ hip_user_sock = socket(AF_INET6, SOCK_DGRAM, 0);
HIP_IFEL((hip_user_sock < 0), 1,
"Could not create socket for user communication.\n");
bzero(&daemon_addr, sizeof(daemon_addr));
@@ -1222,7 +1222,6 @@
return err;
}
-
/**
* create a socket to handle UDP encapsulation of HIP control
* packets
@@ -1237,9 +1236,9 @@
struct sockaddr_in *addr,
int is_output)
{
- int on = 1, off = 0, err = 0;
+ int on = 1, off = 0, err = 0;
struct sockaddr_in myaddr;
- int type, protocol;
+ int type, protocol;
if (is_output) {
type = SOCK_RAW;
@@ -1280,7 +1279,7 @@
if (addr) {
memcpy(&myaddr, addr, sizeof(struct sockaddr_in));
} else {
- myaddr.sin_family = AF_INET;
+ myaddr.sin_family = AF_INET;
/** @todo Change this inaddr_any -- Abi */
myaddr.sin_addr.s_addr = INADDR_ANY;
myaddr.sin_port = htons(hip_get_local_nat_udp_port());
@@ -1298,5 +1297,3 @@
out_err:
return err;
}
-
-
=== modified file 'hipd/input.c'
--- hipd/input.c 2010-12-08 18:40:04 +0000
+++ hipd/input.c 2011-01-03 16:06:13 +0000
@@ -106,7 +106,7 @@
static int hip_verify_hmac(struct hip_common *buffer, uint16_t buf_len,
const uint8_t *hmac, void *hmac_key, int hmac_type)
{
- int err = 0;
+ int err = 0;
uint8_t hmac_res[HIP_AH_SHA_LEN];
HIP_HEXDUMP("HMAC data", buffer, buf_len);
@@ -137,10 +137,10 @@
const struct hip_crypto_key *crypto_key,
const hip_tlv_type_t parameter_type)
{
- int err = 0, len = 0, orig_len = 0;
- struct hip_crypto_key tmpkey;
- const struct hip_hmac *hmac = NULL;
- uint8_t orig_checksum = 0;
+ int err = 0, len = 0, orig_len = 0;
+ struct hip_crypto_key tmpkey;
+ const struct hip_hmac *hmac = NULL;
+ uint8_t orig_checksum = 0;
HIP_DEBUG("hip_verify_packet_hmac() invoked.\n");
@@ -149,7 +149,7 @@
/* hmac verification modifies the msg length temporarily, so we have
* to restore the length */
- orig_len = hip_get_msg_total_len(msg);
+ orig_len = hip_get_msg_total_len(msg);
/* hmac verification assumes that checksum is zero */
orig_checksum = hip_get_msg_checksum(msg);
@@ -200,10 +200,10 @@
struct hip_crypto_key *key,
struct hip_host_id *host_id)
{
- struct hip_crypto_key tmpkey;
+ struct hip_crypto_key tmpkey;
const struct hip_hmac *hmac;
- struct hip_common *msg_copy = NULL;
- int err = 0;
+ struct hip_common *msg_copy = NULL;
+ int err = 0;
HIP_IFE(!(msg_copy = hip_msg_alloc()), -ENOMEM);
@@ -214,7 +214,7 @@
"Packet contained no HMAC parameter\n");
HIP_HEXDUMP("HMAC data", msg_copy, hip_get_msg_total_len(msg_copy));
- memcpy( &tmpkey, key, sizeof(tmpkey));
+ memcpy(&tmpkey, key, sizeof(tmpkey));
HIP_IFEL(hip_verify_hmac(msg_copy, hip_get_msg_total_len(msg_copy),
hmac->hmac_data, tmpkey.key,
@@ -241,19 +241,19 @@
uint64_t J,
struct hip_dh_public_value **dhpv)
{
- char *dh_shared_key = NULL;
- int hip_transf_length, hmac_transf_length;
- int auth_transf_length, esp_transf_length, we_are_HITg = 0;
- int hip_tfm, esp_tfm, err = 0, dh_shared_len = 1024;
- struct hip_keymat_keymat km;
- const struct hip_esp_info *esp_info;
- char *keymat = NULL;
- size_t keymat_len_min; /* how many bytes we need at least for the KEYMAT */
- size_t keymat_len; /* note SHA boundary */
+ char *dh_shared_key = NULL;
+ int hip_transf_length, hmac_transf_length;
+ int auth_transf_length, esp_transf_length,
we_are_HITg = 0;
+ int hip_tfm, esp_tfm, err = 0, dh_shared_len =
1024;
+ struct hip_keymat_keymat km;
+ const struct hip_esp_info *esp_info;
+ char *keymat = NULL;
+ size_t keymat_len_min; /* how many bytes we need at
least for the KEYMAT */
+ size_t keymat_len; /* note SHA boundary */
const struct hip_tlv_common *param = NULL;
- uint16_t esp_keymat_index, esp_default_keymat_index;
- struct hip_diffie_hellman *dhf;
- struct in6_addr *plain_local_hit = NULL;
+ uint16_t esp_keymat_index, esp_default_keymat_index;
+ struct hip_diffie_hellman *dhf;
+ struct in6_addr *plain_local_hit = NULL;
/* Perform light operations first before allocating memory or
* using lots of CPU time */
@@ -261,13 +261,13 @@
-EINVAL,
"Could not find HIP transform\n");
HIP_IFEL((hip_tfm = hip_select_hip_transform(
- (const struct hip_hip_transform *) param)) == 0,
+ (const struct hip_hip_transform *) param)) == 0,
-EINVAL, "Could not select HIP transform\n");
HIP_IFEL(!(param = hip_get_param(ctx->input_msg, HIP_PARAM_ESP_TRANSFORM)),
-EINVAL,
"Could not find ESP transform\n");
HIP_IFEL((esp_tfm = hip_select_esp_transform(
- (const struct hip_esp_transform *) param)) == 0,
+ (const struct hip_esp_transform *) param)) == 0,
-EINVAL, "Could not select proper ESP transform\n");
hip_transf_length = hip_transform_key_length(hip_tfm);
@@ -508,9 +508,9 @@
*/
int hip_receive_control_packet(struct hip_packet_context *ctx)
{
- int err = 0;
+ int err = 0;
struct in6_addr ipv6_any_addr = IN6ADDR_ANY_INIT;
- uint32_t type, state;
+ uint32_t type, state;
/* Debug printing of received packet information. All received HIP
* control packets are first passed to this function. Therefore
@@ -541,12 +541,12 @@
-1,
"Checking control message failed.\n");
- type = hip_get_msg_type(ctx->input_msg);
+ type = hip_get_msg_type(ctx->input_msg);
/** @todo Check packet csum.*/
ctx->hadb_entry = hip_hadb_find_byhits(&ctx->input_msg->hits,
- &ctx->input_msg->hitr);
+ &ctx->input_msg->hitr);
// Check if we need to drop the packet
if (ctx->hadb_entry &&
@@ -562,8 +562,8 @@
if (!ctx->hadb_entry &&
(type == HIP_I1 || type == HIP_R1)) {
ctx->hadb_entry =
- hip_oppdb_get_hadb_entry_i1_r1(ctx->input_msg,
- &ctx->src_addr);
+ hip_oppdb_get_hadb_entry_i1_r1(ctx->input_msg,
+ &ctx->src_addr);
}
#endif
@@ -629,7 +629,7 @@
*/
int hip_receive_udp_control_packet(struct hip_packet_context *ctx)
{
- int err = 0, type;
+ int err = 0, type;
hip_ha_t *entry = NULL;
type = hip_get_msg_type(ctx->input_msg);
@@ -685,7 +685,7 @@
* @param *ctx Pointer to the packet context, containing all information for
* the packet handling (received message, source and destination
* address, the ports and the corresponding entry from the host
- association database).
+ * association database).
*
* @return zero on success, or negative error value on error.
*/
@@ -693,11 +693,11 @@
RVS const uint32_t ha_state,
struct hip_packet_context *ctx)
{
- int err = 0, mask = HIP_PACKET_CTRL_ANON, len;
- struct in6_addr daddr;
- struct hip_host_id peer_host_id;
- const struct hip_tlv_common *param = NULL;
- const char *str = NULL;
+ int err = 0, mask = HIP_PACKET_CTRL_ANON, len;
+ struct in6_addr daddr;
+ struct hip_host_id peer_host_id;
+ const struct hip_tlv_common *param = NULL;
+ const char *str = NULL;
#ifdef CONFIG_HIP_PERFORMANCE
HIP_DEBUG("Start PERF_R1\n");
@@ -786,8 +786,8 @@
#endif
HIP_IFEL(ctx->hadb_entry->verify(ctx->hadb_entry->peer_pub_key,
ctx->input_msg),
- -EINVAL,
- "Verification of R1 signature failed\n");
+ -EINVAL,
+ "Verification of R1 signature failed\n");
#ifdef CONFIG_HIP_PERFORMANCE
HIP_DEBUG("Stop PERF_VERIFY\n");
hip_perf_stop_benchmark(perf_set, PERF_VERIFY);
@@ -810,7 +810,7 @@
* @param *ctx Pointer to the packet context, containing all information for
* the packet handling (received message, source and destination
* address, the ports and the corresponding entry from the host
- association database).
+ * association database).
*
* @return zero on success, or negative error value on error.
*
@@ -826,14 +826,14 @@
const uint32_t ha_state,
struct hip_packet_context *ctx)
{
- int err = 0, retransmission = 0, written = 0;
- uint64_t solved_puzzle = 0, I = 0;
- const struct hip_puzzle *pz = NULL;
- const struct hip_diffie_hellman *dh_req = NULL;
- const struct hip_r1_counter *r1cntr = NULL;
- struct hip_dh_public_value *dhpv = NULL;
- const struct hip_locator *locator = NULL;
- uint16_t i2_mask = 0;
+ int err = 0, retransmission = 0,
written = 0;
+ uint64_t solved_puzzle = 0, I = 0;
+ const struct hip_puzzle *pz = NULL;
+ const struct hip_diffie_hellman *dh_req = NULL;
+ const struct hip_r1_counter *r1cntr = NULL;
+ struct hip_dh_public_value *dhpv = NULL;
+ const struct hip_locator *locator = NULL;
+ uint16_t i2_mask = 0;
if (ha_state == HIP_STATE_I2_SENT) {
HIP_DEBUG("Retransmission\n");
@@ -889,8 +889,8 @@
HIP_IFEL((solved_puzzle = hip_solve_puzzle(pz2,
ctx->input_msg,
HIP_SOLVE_PUZZLE)) == 0,
- -EINVAL, "Solving of puzzle
failed\n");
- I = pz2->I;
+ -EINVAL, "Solving of puzzle failed\n");
+ I = pz2->I;
ctx->hadb_entry->puzzle_solution = solved_puzzle;
ctx->hadb_entry->puzzle_i = pz2->I;
} else {
@@ -943,8 +943,8 @@
HIP_IFEL((written = hip_insert_dh(dhpv->public_value,
ntohs(dhpv->pub_len),
dhpv->group_id)) < 0,
- -1,
- "Could not extract the DH public key\n");
+ -1,
+ "Could not extract the DH public key\n");
HIP_IFEL(hip_build_param_diffie_hellman_contents(ctx->output_msg,
dhpv->group_id,
@@ -967,6 +967,7 @@
free(ctx->hadb_entry->dh_shared_key);
return err;
}
+
/**
* Checks wether the received I2 packet in state I2-SENT should be droppped, or
* not. If the packet should be dropped, the error flag is set to 1.
@@ -1011,7 +1012,7 @@
DBG const uint32_t ha_state,
struct hip_packet_context *ctx)
{
- int err = 0;
+ int err = 0;
uint16_t mask = 0;
#ifdef CONFIG_HIP_PERFORMANCE
HIP_DEBUG("Start PERF_R2\n");
@@ -1052,7 +1053,7 @@
hip_perf_start_benchmark(perf_set, PERF_VERIFY);
#endif
HIP_IFEL(ctx->hadb_entry->verify(ctx->hadb_entry->peer_pub_key,
- ctx->input_msg),
+ ctx->input_msg),
-EINVAL,
"R2 signature verification failed.\n");
#ifdef CONFIG_HIP_PERFORMANCE
@@ -1083,11 +1084,11 @@
const uint32_t ha_state,
struct hip_packet_context *ctx)
{
- int err = 0, tfm = 0, retransmission = 0, idx = 0;
- uint32_t spi_recvd = 0, spi_in = 0;
- const struct hip_esp_info *esp_info = NULL;
- const struct hip_locator *locator = NULL;
- struct hip_spi_out_item spi_out_data;
+ int err = 0, tfm = 0, retransmission = 0, idx
= 0;
+ uint32_t spi_recvd = 0, spi_in = 0;
+ const struct hip_esp_info *esp_info = NULL;
+ const struct hip_locator *locator = NULL;
+ struct hip_spi_out_item spi_out_data;
if (ha_state == HIP_STATE_ESTABLISHED) {
retransmission = 1;
@@ -1122,7 +1123,7 @@
spi_in = ctx->hadb_entry->spi_inbound_current;
HIP_DEBUG("spi_in: 0x%x\n", spi_in);
- tfm = ctx->hadb_entry->esp_transform;
+ tfm = ctx->hadb_entry->esp_transform;
HIP_DEBUG("esp_transform: %i\n", tfm);
HIP_DEBUG("R2 packet source port: %d, destination port %d.\n",
@@ -1153,8 +1154,8 @@
HIP_SPI_DIRECTION_IN,
0,
ctx->hadb_entry),
- -1,
- "Failed to setup IPsec SPD/SA entries, peer:src\n");
+ -1,
+ "Failed to setup IPsec SPD/SA entries, peer:src\n");
HIP_IFEL(hip_add_sa(&ctx->dst_addr,
&ctx->src_addr,
@@ -1185,7 +1186,7 @@
}
#ifdef CONFIG_HIP_RVS
- hip_relay_handle_relay_to_in_client(packet_type, ha_state, ctx);
+ hip_relay_handle_relay_to_in_client(packet_type, ha_state, ctx);
#endif /* CONFIG_HIP_RVS */
/* Copying address list from temp location in entry
@@ -1249,7 +1250,7 @@
* @param *ctx Pointer to the packet context, containing all information for
* the packet handling (received message, source and destination
* address, the ports and the corresponding entry from the host
- association database).
+ * association database).
*
* @return zero on success, or negative error value on error.
*/
@@ -1395,7 +1396,7 @@
* @param *ctx Pointer to the packet context, containing all information for
* the packet handling (received message, source and destination
* address, the ports and the corresponding entry from the host
- association database).
+ * association database).
*
* @return zero on success, or negative error value on error.
*/
@@ -1403,17 +1404,17 @@
DBG const uint32_t ha_state,
struct hip_packet_context *ctx)
{
- int err = 0, is_loopback = 0;
- uint16_t mask = HIP_PACKET_CTRL_ANON, crypto_len = 0;
- char *tmp_enc = NULL;
- const char *enc = NULL;
- unsigned char *iv = NULL;
- const struct hip_solution *solution = NULL;
- struct hip_dh_public_value *dhpv = NULL;
- const struct hip_r1_counter *r1cntr = NULL;
- const struct hip_hip_transform *hip_transform = NULL;
- struct hip_host_id *host_id_in_enc = NULL;
- struct hip_host_id host_id;
+ int err = 0, is_loopback = 0;
+ uint16_t mask = HIP_PACKET_CTRL_ANON,
crypto_len = 0;
+ char *tmp_enc = NULL;
+ const char *enc = NULL;
+ unsigned char *iv = NULL;
+ const struct hip_solution *solution = NULL;
+ struct hip_dh_public_value *dhpv = NULL;
+ const struct hip_r1_counter *r1cntr = NULL;
+ const struct hip_hip_transform *hip_transform = NULL;
+ struct hip_host_id *host_id_in_enc = NULL;
+ struct hip_host_id host_id;
#ifdef CONFIG_HIP_PERFORMANCE
HIP_DEBUG("Start PERF_I2\n");
hip_perf_start_benchmark(perf_set, PERF_I2);
@@ -1442,8 +1443,8 @@
hip_relay_forward(ctx, rec, HIP_I2);
err = -ECANCELED;
goto out_err;
- }
}
+ }
#endif
HIP_IFEL(!hip_hidb_hit_is_our(&ctx->input_msg->hitr),
@@ -1462,29 +1463,29 @@
HIP_INFO_IN6ADDR("Source IP: ", &ctx->src_addr);
/* Next, we initialize the new HIP association. Peer HIT is the
- * source HIT of the received I2 packet. We can have many Host
- * Identities and using any of those Host Identities we can
- * calculate diverse HITs depending on the used algorithm. When
- * we sent one of our pre-created R1 packets, we have used one
- * of our Host Identities and thus of our HITs as source. We
- * must dig out the original Host Identity using the destination
- * HIT of the I2 packet as a key. The initialized HIP
- * association will not, however, have the I2 destination HIT as
- * source, but one that is calculated using the Host Identity
- * that we have dug out. */
- if (!ctx->hadb_entry) {
- HIP_DEBUG("No HIP association found. Creating a new one.\n");
+ * source HIT of the received I2 packet. We can have many Host
+ * Identities and using any of those Host Identities we can
+ * calculate diverse HITs depending on the used algorithm. When
+ * we sent one of our pre-created R1 packets, we have used one
+ * of our Host Identities and thus of our HITs as source. We
+ * must dig out the original Host Identity using the destination
+ * HIT of the I2 packet as a key. The initialized HIP
+ * association will not, however, have the I2 destination HIT as
+ * source, but one that is calculated using the Host Identity
+ * that we have dug out. */
+ if (!ctx->hadb_entry) {
+ HIP_DEBUG("No HIP association found. Creating a new one.\n");
- HIP_IFEL(!(ctx->hadb_entry = hip_hadb_create_state()),
- -ENOMEM,
- "Out of memory when allocating memory for a new HIP " \
- "association. Dropping the I2 packet.\n");
- }
- ipv6_addr_copy(&ctx->hadb_entry->hit_peer, &ctx->input_msg->hits);
- ipv6_addr_copy(&ctx->hadb_entry->our_addr, &ctx->dst_addr);
- HIP_DEBUG("Initializing the HIP association.\n");
- hip_init_us(ctx->hadb_entry, &ctx->input_msg->hitr);
- hip_hadb_insert_state(ctx->hadb_entry);
+ HIP_IFEL(!(ctx->hadb_entry = hip_hadb_create_state()),
+ -ENOMEM,
+ "Out of memory when allocating memory for a new HIP " \
+ "association. Dropping the I2 packet.\n");
+ }
+ ipv6_addr_copy(&ctx->hadb_entry->hit_peer, &ctx->input_msg->hits);
+ ipv6_addr_copy(&ctx->hadb_entry->our_addr, &ctx->dst_addr);
+ HIP_DEBUG("Initializing the HIP association.\n");
+ hip_init_us(ctx->hadb_entry, &ctx->input_msg->hitr);
+ hip_hadb_insert_state(ctx->hadb_entry);
/* Here we should check the 'system boot counter' using the R1_COUNTER
* parameter. However, our precreated R1 packets do not support system
@@ -1512,7 +1513,6 @@
/* Verify HMAC. */
if (hip_hidb_hit_is_our(&ctx->input_msg->hits) &&
hip_hidb_hit_is_our(&ctx->input_msg->hitr)) {
-
is_loopback = 1;
HIP_IFEL(hip_verify_packet_hmac(ctx->input_msg,
&ctx->hadb_entry->hip_hmac_out),
@@ -1531,7 +1531,7 @@
"HIP_TRANSFORM parameter missing from I2 packet. Dropping\n");
HIP_IFEL(!(ctx->hadb_entry->hip_transform =
- hip_get_param_transform_suite_id(hip_transform)),
+ hip_get_param_transform_suite_id(hip_transform)),
-EPROTO,
"Bad HIP transform. Dropping the I2 packet.\n");
@@ -1571,15 +1571,15 @@
case HIP_HIP_RESERVED:
HIP_ERROR("Found HIP suite ID 'RESERVED'. Dropping " \
"the I2 packet.\n");
- err = -EOPNOTSUPP;
+ err = -EOPNOTSUPP;
goto out_err;
case HIP_HIP_AES_SHA1:
host_id_in_enc = (struct hip_host_id *)
(tmp_enc +
sizeof(struct hip_encrypted_aes_sha1));
- iv = ((struct hip_encrypted_aes_sha1 *) tmp_enc)->iv;
+ iv = ((struct hip_encrypted_aes_sha1 *) tmp_enc)->iv;
/* 4 = reserved, 16 = IV */
- crypto_len = hip_get_param_contents_len(enc) - 4 - 16;
+ crypto_len = hip_get_param_contents_len(enc) - 4 - 16;
HIP_DEBUG("Found HIP suite ID " \
"'AES-CBC with HMAC-SHA1'.\n");
break;
@@ -1587,9 +1587,9 @@
host_id_in_enc = (struct hip_host_id *)
(tmp_enc +
sizeof(struct hip_encrypted_3des_sha1));
- iv = ((struct hip_encrypted_3des_sha1 *) tmp_enc)->iv;
+ iv = ((struct hip_encrypted_3des_sha1 *) tmp_enc)->iv;
/* 4 = reserved, 8 = IV */
- crypto_len = hip_get_param_contents_len(enc) - 4 - 8;
+ crypto_len = hip_get_param_contents_len(enc) - 4 - 8;
HIP_DEBUG("Found HIP suite ID " \
"'3DES-CBC with HMAC-SHA1'.\n");
break;
@@ -1603,15 +1603,15 @@
HIP_ERROR("Found HIP suite ID 'BLOWFISH-CBC with " \
"HMAC-SHA1'. Support for this suite ID is " \
"not implemented. Dropping the I2 packet.\n");
- err = -ENOSYS;
+ err = -ENOSYS;
goto out_err;
case HIP_HIP_NULL_SHA1:
host_id_in_enc = (struct hip_host_id *)
(tmp_enc +
sizeof(struct hip_encrypted_null_sha1));
- iv = NULL;
+ iv = NULL;
/* 4 = reserved */
- crypto_len = hip_get_param_contents_len(enc) - 4;
+ crypto_len = hip_get_param_contents_len(enc) - 4;
HIP_DEBUG("Found HIP suite ID " \
"'NULL-ENCRYPT with HMAC-SHA1'.\n");
break;
@@ -1639,8 +1639,8 @@
* Note, that the original packet has the data still encrypted. */
HIP_IFEL(hip_crypto_encrypted(host_id_in_enc, iv,
ctx->hadb_entry->hip_transform, crypto_len,
(is_loopback ?
- ctx->hadb_entry->hip_enc_out.key :
- ctx->hadb_entry->hip_enc_in.key),
+ ctx->hadb_entry->hip_enc_out.key :
+ ctx->hadb_entry->hip_enc_in.key),
HIP_DIRECTION_DECRYPT),
-1,
"Failed to decrypt the HOST_ID parameter. Dropping\n");
@@ -1663,19 +1663,19 @@
hip_get_param_total_len(&host_id));
/* Store peer's public key and HIT to HA */
- HIP_IFE(hip_init_peer(ctx->hadb_entry, &host_id), -EINVAL);
- /* Validate signature */
+ HIP_IFE(hip_init_peer(ctx->hadb_entry, &host_id), -EINVAL);
+ /* Validate signature */
#ifdef CONFIG_HIP_PERFORMANCE
- HIP_DEBUG("Start PERF_VERIFY(2)\n");
- hip_perf_start_benchmark(perf_set, PERF_VERIFY);
+ HIP_DEBUG("Start PERF_VERIFY(2)\n");
+ hip_perf_start_benchmark(perf_set, PERF_VERIFY);
#endif
- HIP_IFEL(ctx->hadb_entry->verify(ctx->hadb_entry->peer_pub_key,
- ctx->input_msg),
- -EINVAL,
- "Verification of I2 signature failed\n");
+ HIP_IFEL(ctx->hadb_entry->verify(ctx->hadb_entry->peer_pub_key,
+ ctx->input_msg),
+ -EINVAL,
+ "Verification of I2 signature failed\n");
#ifdef CONFIG_HIP_PERFORMANCE
- HIP_DEBUG("Stop PERF_VERIFY(2)\n");
- hip_perf_stop_benchmark(perf_set, PERF_VERIFY);
+ HIP_DEBUG("Stop PERF_VERIFY(2)\n");
+ hip_perf_stop_benchmark(perf_set, PERF_VERIFY);
#endif
if ((r1cntr = hip_get_param(ctx->input_msg, HIP_PARAM_R1_COUNTER))) {
@@ -1717,17 +1717,17 @@
UNUSED const uint32_t ha_state,
struct hip_packet_context *ctx)
{
- int err = 0, retransmission = 0;
- uint32_t spi_out = 0;
- const struct hip_esp_info *esp_info = NULL;
- hip_transform_suite_t esp_tfm;
- struct hip_spi_in_item spi_in_data;
- const struct hip_locator *locator = NULL;
- int if_index = 0;
- struct sockaddr_storage ss_addr;
- struct sockaddr *addr = NULL;
- const struct hip_esp_transform *esp_tf = NULL;
- struct hip_spi_out_item spi_out_data;
+ int err = 0, retransmission = 0;
+ uint32_t spi_out = 0;
+ const struct hip_esp_info *esp_info = NULL;
+ hip_transform_suite_t esp_tfm;
+ struct hip_spi_in_item spi_in_data;
+ const struct hip_locator *locator = NULL;
+ int if_index = 0;
+ struct sockaddr_storage ss_addr;
+ struct sockaddr *addr = NULL;
+ const struct hip_esp_transform *esp_tf = NULL;
+ struct hip_spi_out_item spi_out_data;
/* Get the interface index of the network device which has our
* local IP address. */
@@ -1784,13 +1784,13 @@
/* move this below setup_sa */
memset(&spi_out_data, 0, sizeof(struct hip_spi_out_item));
- spi_out_data.spi = ntohl(esp_info->new_spi);
+ spi_out_data.spi = ntohl(esp_info->new_spi);
ctx->hadb_entry->spi_outbound_current = spi_out_data.spi;
/* 99999
* HIP_DEBUG("Adding spi 0x%x\n", spi_out_data.spi);
* HIP_IFE(hip_hadb_add_spi_old(ctx->hadb_entry, HIP_SPI_DIRECTION_OUT,
* &spi_out_data), -1);*/
- ctx->hadb_entry->esp_transform = hip_select_esp_transform(esp_tf);
+ ctx->hadb_entry->esp_transform = hip_select_esp_transform(esp_tf);
HIP_IFEL(!(esp_tfm = ctx->hadb_entry->esp_transform),
-1,
"Could not select proper ESP transform\n");
@@ -1906,7 +1906,7 @@
UNUSED const uint32_t ha_state,
struct hip_packet_context *ctx)
{
- int err = 0;
+ int err = 0;
uint16_t mask = HIP_PACKET_CTRL_ANON, notify_controls = 0;
HIP_IFEL(!ctx->hadb_entry,
@@ -1917,8 +1917,8 @@
HIP_IFEL(!hip_controls_sane(notify_controls, mask),
-EPROTO,
- "Received a NOTIFY packet with illegal controls: 0x%x. Dropping\n",
- notify_controls);
+ "Received a NOTIFY packet with illegal controls: 0x%x.
Dropping\n",
+ notify_controls);
out_err:
if (err) {
@@ -1951,14 +1951,14 @@
UNUSED const uint32_t ha_state,
struct hip_packet_context *ctx)
{
- int err = 0;
- const struct hip_tlv_common *current_param = NULL;
- const struct hip_notification *notification = NULL;
- struct in6_addr responder_ip, responder_hit;
- hip_tlv_type_t param_type = 0, response;
- hip_tlv_len_t param_len = 0;
- uint16_t msgtype = 0;
- in_port_t port = 0;
+ int err = 0;
+ const struct hip_tlv_common *current_param = NULL;
+ const struct hip_notification *notification = NULL;
+ struct in6_addr responder_ip, responder_hit;
+ hip_tlv_type_t param_type = 0, response;
+ hip_tlv_len_t param_len = 0;
+ uint16_t msgtype = 0;
+ in_port_t port = 0;
/* Loop through all the parameters in the received packet. */
while ((current_param =
@@ -1970,8 +1970,8 @@
"packet.\n");
notification = (const struct hip_notification *) current_param;
- param_len = hip_get_param_contents_len(current_param);
- msgtype = ntohs(notification->msgtype);
+ param_len = hip_get_param_contents_len(current_param);
+ msgtype = ntohs(notification->msgtype);
switch (msgtype) {
case HIP_NTF_UNSUPPORTED_CRITICAL_PARAMETER_TYPE:
=== modified file 'hipd/keymat.c'
--- hipd/keymat.c 2010-11-30 14:50:30 +0000
+++ hipd/keymat.c 2011-01-03 16:06:13 +0000
@@ -56,13 +56,13 @@
* @return the allocated buffer (caller deallocates) or NULL on failure
*/
static uint8_t *hip_create_keymat_buffer(char *kij, size_t kij_len, size_t
hash_len,
- struct in6_addr *smaller_hit,
- struct in6_addr *bigger_hit,
- uint64_t I, uint64_t J)
+ struct in6_addr *smaller_hit,
+ struct in6_addr *bigger_hit,
+ uint64_t I, uint64_t J)
{
uint8_t *buffer = NULL, *cur = NULL;
- size_t requiredmem;
+ size_t requiredmem;
HIP_DEBUG("\n");
/* 2*sizeof(uint64_t) added to take care of I and J. */
@@ -78,15 +78,15 @@
return buffer;
}
- cur = buffer;
+ cur = buffer;
memcpy(cur, kij, kij_len);
- cur += kij_len;
+ cur += kij_len;
memcpy(cur, (uint8_t *) smaller_hit, sizeof(struct in6_addr));
- cur += sizeof(struct in6_addr);
+ cur += sizeof(struct in6_addr);
memcpy(cur, (uint8_t *) bigger_hit, sizeof(struct in6_addr));
- cur += sizeof(struct in6_addr);
+ cur += sizeof(struct in6_addr);
memcpy(cur, &I, sizeof(uint64_t)); // XX CHECK: network byte order?
- cur += sizeof(uint64_t);
+ cur += sizeof(uint64_t);
memcpy(cur, &J, sizeof(uint64_t)); // XX CHECK: network byte order?
cur += sizeof(uint64_t);
*(cur) = 1;
@@ -141,13 +141,13 @@
uint64_t I,
uint64_t J)
{
- int bufsize;
- uint8_t index_nbr = 1;
- size_t dstoffset = 0;
- void *seedkey;
+ int bufsize;
+ uint8_t index_nbr = 1;
+ size_t dstoffset = 0;
+ void *seedkey;
struct in6_addr *smaller_hit, *bigger_hit;
- int hit1_is_bigger;
- uint8_t *shabuffer = NULL;
+ int hit1_is_bigger;
+ uint8_t *shabuffer = NULL;
HIP_DEBUG("\n");
if (dstbuflen < HIP_AH_SHA_LEN) {
@@ -159,8 +159,8 @@
hit1_is_bigger = hip_hit_is_bigger(hit1, hit2);
- bigger_hit = hit1_is_bigger ? hit1 : hit2;
- smaller_hit = hit1_is_bigger ? hit2 : hit1;
+ bigger_hit = hit1_is_bigger ? hit1 : hit2;
+ smaller_hit = hit1_is_bigger ? hit2 : hit1;
shabuffer = hip_create_keymat_buffer(kij, kij_len, HIP_AH_SHA_LEN,
smaller_hit, bigger_hit, I, J);
@@ -183,7 +183,7 @@
* K3 = SHA1(Kij | K2 | 3)
* ...
*/
- seedkey = dstbuf;
+ seedkey = dstbuf;
hip_update_keymat_buffer(shabuffer, seedkey, HIP_AH_SHA_LEN,
kij_len, index_nbr);
@@ -226,12 +226,12 @@
/* todo: remove this function */
void *ret = NULL;
- if (len > (int)(keymat->keymatlen - keymat->offset)) {
+ if (len > (int) (keymat->keymatlen - keymat->offset)) {
HIP_DEBUG("Tried to draw more keys than are available\n");
goto out_err;
}
- ret = (uint8_t *) keymat->keymatdst + keymat->offset;
+ ret = (uint8_t *) keymat->keymatdst + keymat->offset;
keymat->offset += len;
@@ -252,11 +252,10 @@
struct hip_keymat_keymat *keymat,
int len)
{
- int err = 0;
- void *p = hip_keymat_draw(keymat, len);
+ int err = 0;
+ void *p = hip_keymat_draw(keymat, len);
HIP_IFEL(!p, -EINVAL, "Could not draw from keymat\n");
memcpy(dst, p, len);
out_err:
return err;
}
-
=== modified file 'hipd/maintenance.c'
--- hipd/maintenance.c 2010-11-30 14:50:30 +0000
+++ hipd/maintenance.c 2011-01-03 16:06:13 +0000
@@ -68,19 +68,19 @@
struct maint_function {
uint16_t priority;
- int (*func_ptr)(void);
+ int (*func_ptr)(void);
};
int hip_firewall_sock_lsi_fd = -1;
-float retrans_counter = HIP_RETRANSMIT_INIT;
-float opp_fallback_counter = HIP_OPP_FALLBACK_INIT;
-float precreate_counter = HIP_R1_PRECREATE_INIT;
-float queue_counter = QUEUE_CHECK_INIT;
-int force_exit_counter = FORCE_EXIT_COUNTER_START;
-int cert_publish_counter = CERTIFICATE_PUBLISH_INTERVAL;
-int hip_firewall_status = -1;
-int fall, retr;
+float retrans_counter = HIP_RETRANSMIT_INIT;
+float opp_fallback_counter = HIP_OPP_FALLBACK_INIT;
+float precreate_counter = HIP_R1_PRECREATE_INIT;
+float queue_counter = QUEUE_CHECK_INIT;
+int force_exit_counter = FORCE_EXIT_COUNTER_START;
+int cert_publish_counter = CERTIFICATE_PUBLISH_INTERVAL;
+int hip_firewall_status = -1;
+int fall, retr;
/**
* List containing all maintenance functions.
@@ -96,7 +96,7 @@
*/
static int hip_handle_retransmission(hip_ha_t *entry, void *current_time)
{
- int err = 0;
+ int err = 0;
time_t *now = (time_t *) current_time;
if (entry->hip_msg_retrans.buf == NULL ||
@@ -160,7 +160,7 @@
*/
static int hip_scan_opp_fallback(void)
{
- int err = 0;
+ int err = 0;
time_t current_time;
time(¤t_time);
@@ -169,6 +169,7 @@
out_err:
return err;
}
+
#endif
/**
@@ -178,7 +179,7 @@
*/
static int hip_scan_retransmissions(void)
{
- int err = 0;
+ int err = 0;
time_t current_time;
time(¤t_time);
HIP_IFEL(hip_for_each_ha(hip_handle_retransmission, ¤t_time), 0,
@@ -201,15 +202,15 @@
int hip_register_maint_function(int (*maint_function)(void),
const uint16_t priority)
{
- int err = 0;
+ int err = 0;
struct maint_function *new_entry = NULL;
HIP_IFEL(!(new_entry = malloc(sizeof(struct maint_function))),
-1,
"Error on allocating memory for a maintenance function entry.\n");
- new_entry->priority = priority;
- new_entry->func_ptr = maint_function;
+ new_entry->priority = priority;
+ new_entry->func_ptr = maint_function;
hip_maintenance_functions =
lmod_register_function(hip_maintenance_functions,
new_entry,
@@ -250,7 +251,7 @@
if (hip_maintenance_functions) {
while ((iter = hip_ll_iterate(hip_maintenance_functions, iter))) {
- ((struct maint_function*) iter->ptr)->func_ptr();
+ ((struct maint_function *) iter->ptr)->func_ptr();
}
} else {
HIP_DEBUG("No maintenance function registered.\n");
@@ -375,10 +376,10 @@
*/
int hip_firewall_set_bex_data(int action, struct in6_addr *hit_s, struct
in6_addr *hit_r)
{
- struct hip_common *msg = NULL;
+ struct hip_common *msg = NULL;
struct sockaddr_in6 hip_fw_addr;
- int err = 0, n = 0, r_is_our;
- socklen_t alen = sizeof(hip_fw_addr);
+ int err = 0, n = 0, r_is_our;
+ socklen_t alen = sizeof(hip_fw_addr);
if (!hip_get_firewall_status()) {
goto out_err;
@@ -411,7 +412,7 @@
(struct sockaddr *) &hip_firewall_addr,
alen);
- HIP_IFEL( n < 0, -1, "Send to firewall failed. str errno %s\n",
strerror(errno));
+ HIP_IFEL(n < 0, -1, "Send to firewall failed. str errno %s\n",
strerror(errno));
HIP_DEBUG("BEX DATA Send to firewall OK.\n");
@@ -430,8 +431,8 @@
int hip_firewall_set_esp_relay(int action)
{
struct hip_common *msg = NULL;
- int err = 0;
- int sent;
+ int err = 0;
+ int sent;
HIP_DEBUG("Setting ESP relay to %d\n", action);
HIP_IFE(!(msg = hip_msg_alloc()), -ENOMEM);
=== modified file 'hipd/nat.c'
--- hipd/nat.c 2010-11-30 14:50:30 +0000
+++ hipd/nat.c 2011-01-03 16:06:13 +0000
@@ -93,7 +93,7 @@
*/
static int hip_nat_send_keep_alive(hip_ha_t *entry, UNUSED void *opaque)
{
- int err = 0;
+ int err = 0;
struct hip_common *msg = NULL;
HIP_IFEL(!(msg = hip_msg_alloc()), -1, "Alloc\n");
=== modified file 'hipd/netdev.c'
--- hipd/netdev.c 2010-12-10 16:35:07 +0000
+++ hipd/netdev.c 2011-01-03 16:06:13 +0000
@@ -151,7 +151,7 @@
ifr.ifr_ifindex = -1;
strncpy(ifr.ifr_name, device_name, (size_t) IF_NAMESIZE);
- sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
+ sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
if (ioctl(sock, SIOCGIFINDEX, &ifr) == 0) {
ret = 1;
@@ -178,7 +178,7 @@
static unsigned long hip_netdev_hash(const void *ptr)
{
const struct netdev_address *na = (const struct netdev_address *) ptr;
- uint8_t hash[HIP_AH_SHA_LEN];
+ uint8_t hash[HIP_AH_SHA_LEN];
/* stg: TODO A cryptographically secure hash is unnecessarily expensive
for a hash table. Something cheaper, like an XOR, would do just fine. */
hip_build_digest(HIP_DIGEST_SHA1, &na->addr,
@@ -217,8 +217,8 @@
static int hip_count_if_addresses(int ifindex)
{
struct netdev_address *na;
- hip_list_t *n, *t;
- int i = 0, c;
+ hip_list_t *n, *t;
+ int i = 0, c;
list_for_each_safe(n, t, addresses, c) {
na = (struct netdev_address *) list_entry(n);
@@ -238,9 +238,9 @@
*/
static int hip_filter_address(struct sockaddr *addr)
{
- char s[INET6_ADDRSTRLEN];
+ char s[INET6_ADDRSTRLEN];
struct in6_addr *a_in6 = NULL;
- in_addr_t a_in;
+ in_addr_t a_in;
HIP_DEBUG("Filtering the address family %d \n", addr->sa_family);
switch (addr->sa_family) {
case AF_INET6:
@@ -331,9 +331,9 @@
static int hip_exists_address_family_in_list(const struct in6_addr *addr)
{
struct netdev_address *n;
- hip_list_t *tmp, *t;
- int c;
- int mapped = IN6_IS_ADDR_V4MAPPED(addr);
+ hip_list_t *tmp, *t;
+ int c;
+ int mapped = IN6_IS_ADDR_V4MAPPED(addr);
list_for_each_safe(tmp, t, addresses, c) {
n = (struct netdev_address *) list_entry(tmp);
@@ -357,17 +357,17 @@
int hip_exists_address_in_list(struct sockaddr *addr, int ifindex)
{
struct netdev_address *n;
- hip_list_t *tmp, *t;
- int c;
- int err = 0;
+ hip_list_t *tmp, *t;
+ int c;
+ int err = 0;
const struct in6_addr *in6;
- const struct in_addr *in;
+ const struct in_addr *in;
list_for_each_safe(tmp, t, addresses, c) {
int mapped = 0;
int addr_match = 0;
int family_match = 0;
- n = (struct netdev_address *) list_entry(tmp);
+ n = (struct netdev_address *) list_entry(tmp);
mapped = hip_sockaddr_is_v6_mapped((struct sockaddr * ) (&n->addr));
HIP_DEBUG("mapped=%d\n", mapped);
@@ -380,11 +380,10 @@
addr_match = IPV6_EQ_IPV4(in6, in);
family_match = 1;
-
} else if (!mapped && addr->sa_family == AF_INET6) {
- addr_match = !memcmp(hip_cast_sa_addr((struct sockaddr *)
&n->addr),
- hip_cast_sa_addr(addr),
- hip_sa_addr_len(&n->addr));
+ addr_match = !memcmp(hip_cast_sa_addr((struct sockaddr *)
&n->addr),
+ hip_cast_sa_addr(addr),
+ hip_sa_addr_len(&n->addr));
family_match = (n->addr.ss_family == addr->sa_family);
} else { /* addr->sa_family == AF_INET */
HIP_DEBUG("Addr given was not IPv6 nor IPv4.\n");
@@ -427,8 +426,8 @@
void hip_add_address_to_list(struct sockaddr *addr, int ifindex, int flags)
{
struct netdev_address *n;
- unsigned char tmp_secret[40];
- int err_rand = 0;
+ unsigned char tmp_secret[40];
+ int err_rand = 0;
if (hip_exists_address_in_list(addr, ifindex)) {
return;
@@ -473,7 +472,7 @@
n->if_index = ifindex;
list_add(n, addresses);
address_count++;
- n->flags = flags;
+ n->flags = flags;
HIP_DEBUG("Added a new IPv6 address to ifindex2spi map. The map has " \
"%d addresses.\n", address_count);
@@ -489,9 +488,9 @@
static void hip_delete_address_from_list(struct sockaddr *addr, int ifindex)
{
struct netdev_address *n;
- hip_list_t *item, *tmp;
- int i, deleted = 0;
- struct sockaddr_in6 addr_sin6;
+ hip_list_t *item, *tmp;
+ int i, deleted = 0;
+ struct sockaddr_in6 addr_sin6;
if (addr && addr->sa_family == AF_INET) {
memset(&addr_sin6, 0, sizeof(addr_sin6));
@@ -541,8 +540,8 @@
void hip_delete_all_addresses(void)
{
struct netdev_address *n;
- hip_list_t *item, *tmp;
- int i;
+ hip_list_t *item, *tmp;
+ int i;
if (address_count) {
list_for_each_safe(item, tmp, addresses, i)
@@ -570,9 +569,9 @@
*/
static int hip_netdev_find_if(struct sockaddr *addr)
{
- struct netdev_address *n = NULL;
- hip_list_t *item = NULL, *tmp = NULL;
- int i = 0;
+ struct netdev_address *n = NULL;
+ hip_list_t *item = NULL, *tmp = NULL;
+ int i = 0;
#ifdef CONFIG_HIP_DEBUG /* Debug block. */
{
@@ -656,7 +655,7 @@
int hip_netdev_init_addresses(void)
{
struct ifaddrs *g_ifaces = NULL, *g_iface = NULL;
- int err = 0, if_index = 0;
+ int err = 0, if_index = 0;
/* Initialize address list */
HIP_DEBUG("Initializing addresses...\n");
@@ -703,7 +702,7 @@
int hip_map_id_to_addr(const hip_hit_t *hit, const hip_lsi_t *lsi,
struct in6_addr *addr)
{
- int err = -1, skip_namelookup = 0; /* Assume that resolving fails */
+ int err = -1, skip_namelookup = 0; /* Assume that resolving fails */
hip_hit_t hit2;
hip_ha_t *ha = NULL;
@@ -792,32 +791,32 @@
const struct in6_addr *src_addr_in,
const struct in6_addr *dst_addr_in)
{
- int err = 0, if_index = 0, is_ipv4_locator;
- int reuse_hadb_local_address = 0, ha_nat_mode = hip_nat_status;
- int old_global_nat_mode = hip_nat_status;
- in_port_t ha_local_port;
- in_port_t ha_peer_port;
- hip_ha_t *entry = NULL;
- int is_loopback = 0;
- hip_lsi_t dlsi, slsi;
- struct in6_addr dhit, shit, saddr, dst6_lsi;
- struct in6_addr *src_hit, *dst_hit, *src_addr, *dst_addr;
- struct in_addr *src_lsi, *dst_lsi;
- struct in6_addr daddr;
+ int err = 0, if_index = 0,
is_ipv4_locator;
+ int reuse_hadb_local_address = 0, ha_nat_mode =
hip_nat_status;
+ int old_global_nat_mode = hip_nat_status;
+ in_port_t ha_local_port;
+ in_port_t ha_peer_port;
+ hip_ha_t *entry = NULL;
+ int is_loopback = 0;
+ hip_lsi_t dlsi, slsi;
+ struct in6_addr dhit, shit, saddr, dst6_lsi;
+ struct in6_addr *src_hit, *dst_hit, *src_addr, *dst_addr;
+ struct in_addr *src_lsi, *dst_lsi;
+ struct in6_addr daddr;
struct sockaddr_storage ss_addr;
- struct sockaddr *addr;
- int broadcast = 0, shotgun_status_orig = 0;
+ struct sockaddr *addr;
+ int broadcast = 0, shotgun_status_orig = 0;
ha_local_port =
(hip_nat_status ? hip_get_local_nat_udp_port() : 0);
- ha_peer_port =
+ ha_peer_port =
(hip_nat_status ? hip_get_peer_nat_udp_port() : 0);
- addr = (struct sockaddr *) &ss_addr;
+ addr = (struct sockaddr *) &ss_addr;
/* Make sure that dst_hit is not a NULL pointer */
hip_copy_in6addr_null_check(&dhit, dst_hit_in);
- dst_hit = &dhit;
+ dst_hit = &dhit;
HIP_DEBUG_HIT("dst hit", dst_hit);
/* Make sure that src_hit is not a NULL pointer */
@@ -943,7 +942,7 @@
shotgun_status_orig = hip_shotgun_status;
hip_shotgun_status = HIP_MSG_SHOTGUN_ON;
IPV4_TO_IPV6_MAP(&bcast, dst_addr);
- err = 0;
+ err = 0;
}
/* Next, create state into HADB. Make sure that we choose the right
@@ -970,9 +969,9 @@
}
/* Preserve NAT status with peer */
- entry->local_udp_port = ha_local_port;
- entry->peer_udp_port = ha_peer_port;
- entry->nat_mode = ha_nat_mode;
+ entry->local_udp_port = ha_local_port;
+ entry->peer_udp_port = ha_peer_port;
+ entry->nat_mode = ha_nat_mode;
reuse_hadb_local_address = 1;
@@ -1030,12 +1029,12 @@
*/
static int hip_netdev_handle_acquire(struct nlmsghdr *msg)
{
- hip_hit_t *src_hit = NULL, *dst_hit = NULL;
- hip_lsi_t *src_lsi = NULL, *dst_lsi = NULL;
- struct in6_addr *src_addr = NULL, *dst_addr = NULL;
+ hip_hit_t *src_hit = NULL, *dst_hit = NULL;
+ hip_lsi_t *src_lsi = NULL, *dst_lsi = NULL;
+ struct in6_addr *src_addr = NULL, *dst_addr = NULL;
struct xfrm_user_acquire *acq;
- hip_ha_t *entry;
- int err = 0;
+ hip_ha_t *entry;
+ int err = 0;
HIP_DEBUG("Acquire (pid: %d) \n", msg->nlmsg_pid);
@@ -1076,11 +1075,11 @@
*/
int hip_netdev_trigger_bex_msg(const struct hip_common *msg)
{
- const hip_hit_t *our_hit = NULL, *peer_hit = NULL;
- const hip_lsi_t *our_lsi = NULL, *peer_lsi = NULL;
- const struct in6_addr *our_addr = NULL, *peer_addr = NULL;
+ const hip_hit_t *our_hit = NULL, *peer_hit = NULL;
+ const hip_lsi_t *our_lsi = NULL, *peer_lsi = NULL;
+ const struct in6_addr *our_addr = NULL, *peer_addr = NULL;
const struct hip_tlv_common *param;
- int err = 0;
+ int err = 0;
HIP_DUMP_MSG(msg);
@@ -1193,12 +1192,12 @@
*/
int hip_netdev_event(struct nlmsghdr *msg, int len, UNUSED void *arg)
{
- int err = 0, l = 0, is_add = 0, exists;
+ int err = 0, l = 0, is_add = 0, exists;
struct sockaddr_storage ss_addr;
- struct ifinfomsg *ifinfo = NULL; /* link layer specific message */
- struct ifaddrmsg *ifa = NULL; /* interface address message */
- struct rtattr *rta = NULL, *tb[IFA_MAX + 1];
- struct sockaddr *addr = NULL;
+ struct ifinfomsg *ifinfo = NULL; /* link layer specific message */
+ struct ifaddrmsg *ifa = NULL; /* interface address message */
+ struct rtattr *rta = NULL, *tb[IFA_MAX + 1];
+ struct sockaddr *addr = NULL;
addr = (struct sockaddr *) &ss_addr;
@@ -1229,14 +1228,12 @@
/* Check if our interface is in the whitelist */
if ((hip_netdev_white_list_count > 0) &&
- (!hip_netdev_is_in_white_list(ifindex)))
- {
+ (!hip_netdev_is_in_white_list(ifindex))) {
continue;
}
if ((ifa->ifa_family != AF_INET) &&
- (ifa->ifa_family != AF_INET6))
- {
+ (ifa->ifa_family != AF_INET6)) {
continue;
}
@@ -1349,9 +1346,9 @@
*/
int hip_add_iface_local_hit(const hip_hit_t *local_hit)
{
- int err = 0;
- char hit_str[INET6_ADDRSTRLEN + 2];
- struct idxmap *idxmap[16] = {0};
+ int err = 0;
+ char hit_str[INET6_ADDRSTRLEN + 2];
+ struct idxmap *idxmap[16] = { 0 };
hip_convert_hit_to_str(local_hit, HIP_HIT_PREFIX_STR, hit_str);
HIP_DEBUG("Adding HIT: %s\n", hit_str);
@@ -1372,7 +1369,7 @@
*/
int hip_add_iface_local_route(const hip_hit_t *local_hit)
{
- int err = 0;
+ int err = 0;
char hit_str[INET6_ADDRSTRLEN + 2];
hip_convert_hit_to_str(local_hit, HIP_HIT_FULL_PREFIX_STR, hit_str);
@@ -1399,10 +1396,10 @@
*/
int hip_select_source_address(struct in6_addr *src, const struct in6_addr *dst)
{
- int err = 0;
- int family = AF_INET6;
- struct idxmap *idxmap[16] = { 0 };
- struct in6_addr lpback = IN6ADDR_LOOPBACK_INIT;
+ int err = 0;
+ int family = AF_INET6;
+ struct idxmap *idxmap[16] = { 0 };
+ struct in6_addr lpback = IN6ADDR_LOOPBACK_INIT;
HIP_DEBUG_IN6ADDR("dst", dst);
@@ -1417,8 +1414,8 @@
if (ipv6_addr_is_teredo(dst)) {
struct netdev_address *na;
const struct in6_addr *in6;
- hip_list_t *n, *t;
- int c, match = 0;
+ hip_list_t *n, *t;
+ int c, match = 0;
list_for_each_safe(n, t, addresses, c) {
na = list_entry(n);
@@ -1447,9 +1444,9 @@
*/
void hip_copy_peer_addrlist_changed(hip_ha_t *ha)
{
- hip_list_t *item = NULL, *tmp = NULL;
+ hip_list_t *item = NULL, *tmp = NULL;
struct hip_peer_addr_list_item *addr_li;
- int i = 0;
+ int i = 0;
if (!ha->peer_addr_list_to_be_added) {
return;
=== modified file 'hipd/nsupdate.c'
--- hipd/nsupdate.c 2010-11-30 14:50:30 +0000
+++ hipd/nsupdate.c 2011-01-03 16:06:13 +0000
@@ -111,7 +111,7 @@
static char *make_env(const char *name, char *value)
{
char *result = NULL;
- int err = 0;
+ int err = 0;
if ((name == NULL) || (value == NULL)) {
return NULL;
@@ -140,7 +140,7 @@
static void sig_chld(UNUSED int signo)
{
pid_t child_pid;
- int child_status; // child exit code
+ int child_status; // child exit code
child_pid = waitpid(0, &child_status, WNOHANG);
}
@@ -160,19 +160,19 @@
static const char *netdev_address_to_str(struct netdev_address *src, char
*dst, socklen_t cnt)
{
- struct sockaddr *tmp_sockaddr_ptr = (struct sockaddr *)
&(src->addr);
+ struct sockaddr *tmp_sockaddr_ptr = (struct sockaddr *)
&(src->addr);
struct sockaddr_in *tmp_sockaddr_in_ptr = (struct sockaddr_in *)
tmp_sockaddr_ptr;
struct sockaddr_in6 *tmp_sockaddr_in6_ptr = (struct sockaddr_in6 *)
tmp_sockaddr_ptr;
- struct in_addr tmp_in_addr;
- struct in6_addr *tmp_in6_addr_ptr = NULL;
+ struct in_addr tmp_in_addr;
+ struct in6_addr *tmp_in6_addr_ptr = NULL;
- void *inet_ntop_src = NULL;
- int af = tmp_sockaddr_ptr->sa_family;
// might be changed because of ip4->ip6 mapping
+ void *inet_ntop_src = NULL;
+ int af = tmp_sockaddr_ptr->sa_family;
// might be changed because of ip4->ip6 mapping
switch (af) {
case AF_INET:
- inet_ntop_src = &(tmp_sockaddr_in_ptr->sin_addr);
+ inet_ntop_src = &(tmp_sockaddr_in_ptr->sin_addr);
break;
case AF_INET6:
@@ -204,7 +204,7 @@
static int run_nsupdate(char *ips, char *hit, int start)
{
struct sigaction act;
- pid_t child_pid;
+ pid_t child_pid;
HIP_DEBUG("Updating dns records...\n");
@@ -231,7 +231,7 @@
if (child_pid < 0) {
HIP_PERROR("fork");
return ERR;
- } else if (child_pid == 0) { // CHILD
+ } else if (child_pid == 0) { // CHILD
char nsupdate_arg0[] = NSUPDATE_ARG0;
char start_str[2];
@@ -241,8 +241,8 @@
char *env_hit = make_env(VAR_HIT, hit);
char *env_start = make_env(VAR_START, start_str);
- char *cmd[] = { nsupdate_arg0, NULL };
- char *const env[] = { env_ips, env_hit, env_start, NULL };
+ char *cmd[] = { nsupdate_arg0, NULL };
+ char *const env[] = { env_ips, env_hit, env_start, NULL };
HIP_DEBUG("Executing %s with %s; %s; %s\n", NSUPDATE_PL, env_hit,
env_ips, env_start);
execve(NSUPDATE_PL, cmd, env);
@@ -273,12 +273,12 @@
static int run_nsupdate_for_hit(struct hip_host_id_entry *entry, void *opaq)
{
- int start = 0;
- char ip_str[40]; // buffer for one IP address
- char ips_str[1024] = ""; // list of IP addresses
+ int start = 0;
+ char ip_str[40]; // buffer for one IP address
+ char ips_str[1024] = ""; // list of IP addresses
hip_list_t *item, *tmp_hip_list_t;
- int i;
- char hit[INET6_ADDRSTRLEN + 2];
+ int i;
+ char hit[INET6_ADDRSTRLEN + 2];
if (opaq != NULL) {
start = *(int *) opaq;
=== modified file 'hipd/oppdb.c'
--- hipd/oppdb.c 2010-11-30 14:50:30 +0000
+++ hipd/oppdb.c 2011-01-03 16:06:13 +0000
@@ -110,7 +110,7 @@
static unsigned long hip_oppdb_hash_hit(const void *ptr)
{
const hip_opp_block_t *entry = (const hip_opp_block_t *) ptr;
- uint8_t hash[HIP_AH_SHA_LEN];
+ uint8_t hash[HIP_AH_SHA_LEN];
hip_build_digest(HIP_DIGEST_SHA1, &entry->peer_phit,
sizeof(hip_hit_t) + sizeof(struct sockaddr_in6),
@@ -165,7 +165,7 @@
int err = 0;
/** @todo this does not support multiple multiple opp
- connections: a better solution might be trash collection */
+ * connections: a better solution might be trash collection */
HIP_ASSERT(opp_entry);
hip_del_peer_info(&opp_entry->peer_phit,
@@ -183,9 +183,9 @@
*/
int hip_for_each_opp(int (*func)(hip_opp_block_t *entry, void *opaq), void
*opaque)
{
- int i = 0, fail = 0;
+ int i = 0, fail = 0;
hip_opp_block_t *this;
- hip_list_t *item, *tmp;
+ hip_list_t *item, *tmp;
if (!func) {
return -EINVAL;
@@ -239,7 +239,7 @@
hip_opp_info_t *opp_info)
{
struct hip_common *message = NULL;
- int err = 0, n;
+ int err = 0, n;
HIP_IFEL((app_id->sin6_port == 0), 0, "Zero port, ignore\n");
@@ -304,7 +304,7 @@
static int hip_oppdb_unblock_group(hip_opp_block_t *entry, void *ptr)
{
hip_opp_info_t *opp_info = ptr;
- int err = 0;
+ int err = 0;
if (ipv6_addr_cmp(&entry->peer_phit, &opp_info->pseudo_peer_hit) != 0) {
goto out_err;
@@ -348,9 +348,9 @@
*/
static void hip_oppdb_dump(void)
{
- int i;
+ int i;
hip_opp_block_t *this;
- hip_list_t *item, *tmp;
+ hip_list_t *item, *tmp;
HIP_DEBUG("start oppdb dump\n");
HIP_LOCK_HT(&oppdb);
@@ -385,7 +385,7 @@
const struct in6_addr *ip_our,
const struct sockaddr_in6 *caller)
{
- int err = 0;
+ int err = 0;
hip_opp_block_t *new_item = NULL;
new_item = hip_create_opp_block_entry();
@@ -434,7 +434,7 @@
{
hip_ha_t *entry_tmp = NULL;
hip_hit_t phit;
- int err = 0;
+ int err = 0;
HIP_DEBUG_HIT("resp_addr=", resp_addr);
HIP_IFEL(hip_opportunistic_ipv6_to_hit(resp_addr, &phit,
@@ -459,8 +459,8 @@
hip_ha_t *hip_oppdb_get_hadb_entry_i1_r1(struct hip_common *msg,
struct in6_addr *src_addr)
{
- hip_hdr_type_t type = hip_get_msg_type(msg);
- hip_ha_t *entry = NULL;
+ hip_hdr_type_t type = hip_get_msg_type(msg);
+ hip_ha_t *entry = NULL;
if (type == HIP_I1) {
if (!ipv6_addr_is_null(&msg->hitr)) {
@@ -486,9 +486,9 @@
int hip_handle_opp_r1(struct hip_packet_context *ctx)
{
hip_opp_info_t opp_info;
- hip_ha_t *opp_entry;
- hip_hit_t phit;
- int err = 0;
+ hip_ha_t *opp_entry;
+ hip_hit_t phit;
+ int err = 0;
opp_entry = ctx->hadb_entry;
@@ -510,7 +510,7 @@
HIP_IFEL(hip_init_us(ctx->hadb_entry, &ctx->input_msg->hitr),
-1, "hip_init_us failed\n");
/* old HA has state 2, new HA has state 1, so copy it */
- ctx->hadb_entry->state = opp_entry->state;
+ ctx->hadb_entry->state = opp_entry->state;
/* For service registration routines */
ctx->hadb_entry->local_controls = opp_entry->local_controls;
ctx->hadb_entry->peer_controls = opp_entry->peer_controls;
@@ -553,10 +553,10 @@
const struct in6_addr *hit_our,
const struct sockaddr_in6 *caller)
{
- int err = 0;
+ int err = 0;
struct in6_addr opp_hit, src_ip;
- hip_ha_t *ha = NULL;
- hip_oppip_t *oppip_entry = NULL;
+ hip_ha_t *ha = NULL;
+ hip_oppip_t *oppip_entry = NULL;
HIP_DEBUG_IN6ADDR("Peer's IP ", dst_ip);
@@ -612,8 +612,8 @@
int hip_handle_opp_fallback(hip_opp_block_t *entry,
void *current_time)
{
- int err = 0, disable_fallback = 0;
- time_t *now = (time_t *) current_time;
+ int err = 0, disable_fallback = 0;
+ time_t *now = (time_t *) current_time;
struct in6_addr *addr;
if (!disable_fallback && (*now - HIP_OPP_WAIT > entry->creation_time)) {
@@ -625,9 +625,9 @@
addr = (struct in6_addr *) &entry->peer_ip;
hip_oppipdb_add_entry(addr);
HIP_DEBUG("Timeout for opp entry, falling back to\n");
- err = hip_opp_unblock_app(&entry->caller, &info);
+ err = hip_opp_unblock_app(&entry->caller, &info);
HIP_DEBUG("Fallback returned %d\n", err);
- err = hip_oppdb_entry_clean_up(entry);
+ err = hip_oppdb_entry_clean_up(entry);
memset(&now, 0, sizeof(now));
}
@@ -644,12 +644,13 @@
*/
hip_opp_block_t *hip_oppdb_find_by_ip(const struct in6_addr *ip_peer)
{
- int i = 0;
+ int i = 0;
hip_opp_block_t *this, *ret = NULL;
- hip_list_t *item, *tmp;
+ hip_list_t *item, *tmp;
- if (oppdb == NULL)
+ if (oppdb == NULL) {
return NULL;
+ }
HIP_LOCK_HT(&opp_db);
list_for_each_safe(item, tmp, oppdb, i)
@@ -677,10 +678,10 @@
int hip_opp_get_peer_hit(struct hip_common *msg,
const struct sockaddr_in6 *src)
{
- int err = 0;
- struct in6_addr phit, dst_ip, our_hit, our_addr;
+ int err = 0;
+ struct in6_addr phit, dst_ip, our_hit, our_addr;
const struct in6_addr *ptr;
- hip_ha_t *ha;
+ hip_ha_t *ha;
ptr = hip_get_param_contents(msg, HIP_PARAM_HIT_LOCAL);
HIP_IFEL(!ptr, -1, "No local hit in msg\n");
=== modified file 'hipd/oppdb.h'
--- hipd/oppdb.h 2010-10-15 15:29:14 +0000
+++ hipd/oppdb.h 2011-01-03 16:06:13 +0000
@@ -43,10 +43,10 @@
struct sockaddr_in6 caller;
hip_hit_t our_real_hit;
- time_t creation_time;
- struct in6_addr peer_ip;
- struct in6_addr our_ip;
- uint8_t proxy_flag; //0: normal connection, 1: connection
through proxy
+ time_t creation_time;
+ struct in6_addr peer_ip;
+ struct in6_addr our_ip;
+ uint8_t proxy_flag; //0: normal connection, 1: connection
through proxy
};
typedef struct hip_opp_blocking_request_entry hip_opp_block_t;
=== modified file 'hipd/oppipdb.c'
--- hipd/oppipdb.c 2010-10-15 15:29:14 +0000
+++ hipd/oppipdb.c 2011-01-03 16:06:13 +0000
@@ -100,9 +100,9 @@
*/
int hip_for_each_oppip(void (*func)(hip_oppip_t *entry, void *opaq), void
*opaque)
{
- int i = 0;
+ int i = 0;
hip_oppip_t *this;
- hip_list_t *item, *tmp;
+ hip_list_t *item, *tmp;
if (!func) {
return -EINVAL;
@@ -164,7 +164,7 @@
*/
int hip_oppipdb_add_entry(const struct in6_addr *ip_peer)
{
- int err = 0;
+ int err = 0;
hip_oppip_t *new_item = NULL;
new_item = hip_create_oppip_entry();
=== modified file 'hipd/output.c'
--- hipd/output.c 2010-12-08 18:40:04 +0000
+++ hipd/output.c 2011-01-03 16:06:13 +0000
@@ -128,7 +128,7 @@
HIP_LOCK_HA(entry);
entry->state = HIP_STATE_I1_SENT;
HIP_UNLOCK_HA(entry);
- } else if (err == 1) {
+ } else if (err == 1) {
err = 0;
}
@@ -147,14 +147,14 @@
int hip_send_i1(hip_hit_t *src_hit, const hip_hit_t *dst_hit,
hip_ha_t *entry)
{
- struct hip_common *i1 = 0;
- uint16_t mask = 0;
- int err = 0;
- hip_list_t *item = NULL, *tmp = NULL;
+ struct hip_common *i1 = 0;
+ uint16_t mask = 0;
+ int err = 0;
+ hip_list_t *item = NULL, *tmp = NULL;
struct hip_peer_addr_list_item *addr;
- int i = 0;
- struct in6_addr *local_addr = NULL;
- struct in6_addr peer_addr;
+ int i = 0;
+ struct in6_addr *local_addr = NULL;
+ struct in6_addr peer_addr;
#ifdef CONFIG_HIP_PERFORMANCE
HIP_DEBUG("Start PERF_I1_SEND, PERF_BASE\n");
@@ -217,13 +217,13 @@
addr = (struct hip_peer_addr_list_item *) list_entry(item);
ipv6_addr_copy(&peer_addr, &addr->address);
- err = hip_send_i1_pkt(i1,
- dst_hit,
- NULL,
- &peer_addr,
- entry->local_udp_port,
- entry->peer_udp_port,
- entry);
+ err = hip_send_i1_pkt(i1,
+ dst_hit,
+ NULL,
+ &peer_addr,
+ entry->local_udp_port,
+ entry->peer_udp_port,
+ entry);
/* Do not bail out on error with shotgun. Some
* address pairs just might fail. */
@@ -257,16 +257,16 @@
UNUSED const uint32_t ha_state,
struct hip_packet_context *ctx)
{
- hip_transform_suite_t transform_hip_suite, transform_esp_suite;
- struct hip_spi_in_item spi_in_data;
- struct in6_addr daddr;
- const struct hip_param *param = NULL;
- struct hip_esp_info *esp_info = NULL;
+ hip_transform_suite_t transform_hip_suite, transform_esp_suite;
+ struct hip_spi_in_item spi_in_data;
+ struct in6_addr daddr;
+ const struct hip_param *param = NULL;
+ struct hip_esp_info *esp_info = NULL;
struct hip_host_id_entry *host_id_entry = NULL;
- char *enc_in_msg = NULL, *host_id_in_enc = NULL;
- unsigned char *iv = NULL;
- int err = 0, host_id_in_enc_len = 0;
- uint32_t spi_in = 0;
+ char *enc_in_msg = NULL, *host_id_in_enc = NULL;
+ unsigned char *iv = NULL;
+ int err = 0, host_id_in_enc_len = 0;
+ uint32_t spi_in = 0;
HIP_IFEL(ctx->error,
-1,
@@ -328,10 +328,10 @@
(struct hip_tlv_common
*) ctx->hadb_entry->our_pub),
-1,
"Building of param encrypted failed.\n");
- enc_in_msg = hip_get_param_readwrite(ctx->output_msg,
- HIP_PARAM_ENCRYPTED);
+ enc_in_msg = hip_get_param_readwrite(ctx->output_msg,
+ HIP_PARAM_ENCRYPTED);
HIP_ASSERT(enc_in_msg); /* Builder internal error. */
- iv = ((struct hip_encrypted_aes_sha1 *)
enc_in_msg)->iv;
+ iv = ((struct hip_encrypted_aes_sha1 *) enc_in_msg)->iv;
get_random_bytes(iv, 16);
host_id_in_enc = enc_in_msg + sizeof(struct
hip_encrypted_aes_sha1);
break;
@@ -340,10 +340,10 @@
(struct
hip_tlv_common *) ctx->hadb_entry->our_pub),
-1,
"Building of param encrypted failed.\n");
- enc_in_msg = hip_get_param_readwrite(ctx->output_msg,
- HIP_PARAM_ENCRYPTED);
+ enc_in_msg = hip_get_param_readwrite(ctx->output_msg,
+ HIP_PARAM_ENCRYPTED);
HIP_ASSERT(enc_in_msg); /* Builder internal error. */
- iv = ((struct hip_encrypted_3des_sha1 *)
enc_in_msg)->iv;
+ iv = ((struct hip_encrypted_3des_sha1 *) enc_in_msg)->iv;
get_random_bytes(iv, 8);
host_id_in_enc = enc_in_msg +
sizeof(struct hip_encrypted_3des_sha1);
@@ -353,8 +353,8 @@
(struct
hip_tlv_common *) ctx->hadb_entry->our_pub),
-1,
"Building of param encrypted failed.\n");
- enc_in_msg = hip_get_param_readwrite(ctx->output_msg,
- HIP_PARAM_ENCRYPTED);
+ enc_in_msg = hip_get_param_readwrite(ctx->output_msg,
+ HIP_PARAM_ENCRYPTED);
HIP_ASSERT(enc_in_msg); /* Builder internal error. */
iv = NULL;
host_id_in_enc = enc_in_msg +
@@ -372,8 +372,8 @@
&ctx->input_msg->hitr,
HIP_ANY_ALGO,
-1)),
- -1,
- "Unknown HIT\n");
+ -1,
+ "Unknown HIT\n");
HIP_IFEL(hip_build_param_host_id(ctx->output_msg,
host_id_entry->host_id),
-1,
@@ -448,7 +448,7 @@
ctx->hadb_entry->local_udp_port = ctx->msg_ports.src_port;
ctx->hadb_entry->peer_udp_port = ctx->msg_ports.dst_port;
- ctx->hadb_entry->hip_transform = transform_hip_suite;
+ ctx->hadb_entry->hip_transform = transform_hip_suite;
/* XXX: -EAGAIN */
HIP_DEBUG("set up inbound IPsec SA, SPI=0x%x (host)\n", spi_in);
@@ -494,7 +494,7 @@
hip_perf_start_benchmark(perf_set, PERF_SIGN);
#endif
HIP_IFEL(ctx->hadb_entry->sign(ctx->hadb_entry->our_priv_key,
- ctx->output_msg),
+ ctx->output_msg),
-EINVAL,
"Could not create signature\n");
#ifdef CONFIG_HIP_PERFORMANCE
@@ -522,10 +522,10 @@
HIP_LOCK_HA(ctx->hadb_entry);
/* 99999 HIP_IFEB(hip_hadb_add_spi_old(ctx->hadb_entry,
- HIP_SPI_DIRECTION_IN, &spi_in_data),
- -1,
- HIP_UNLOCK_HA(ctx->hadb_entry));
- */
+ * HIP_SPI_DIRECTION_IN, &spi_in_data),
+ * -1,
+ * HIP_UNLOCK_HA(ctx->hadb_entry));
+ */
ctx->hadb_entry->esp_transform = transform_esp_suite;
HIP_DEBUG("Saving base exchange encryption data to hadb_entry \n");
@@ -574,12 +574,12 @@
int cookie_k)
{
hip_common_t *msg = NULL;
- hip_srv_t service_list[HIP_TOTAL_EXISTING_SERVICES];
- uint8_t *dh_data1 = NULL, *dh_data2 = NULL;
- char order[] = "000";
- int err = 0, dh_size1 = 0, dh_size2 = 0, written1 = 0, written2 = 0;
- int mask = 0, i = 0;
- unsigned int service_count = 0;
+ hip_srv_t service_list[HIP_TOTAL_EXISTING_SERVICES];
+ uint8_t *dh_data1 = NULL, *dh_data2 = NULL;
+ char order[] = "000";
+ int err = 0, dh_size1 = 0, dh_size2 = 0, written1 = 0,
written2 = 0;
+ int mask = 0, i = 0;
+ unsigned int service_count = 0;
/* Supported HIP and ESP transforms. */
hip_transform_suite_t transform_hip_suite[] = {
@@ -708,7 +708,7 @@
/* Fill puzzle parameters */
{
struct hip_puzzle *pz;
- uint64_t random_i;
+ uint64_t random_i;
HIP_IFEL(!(pz = hip_get_param_readwrite(msg, HIP_PARAM_PUZZLE)), -1,
"Internal error\n");
@@ -719,7 +719,7 @@
//pz->opaque[2] = 'P';
/** @todo Remove random_i variable. */
get_random_bytes(&random_i, sizeof(random_i));
- pz->I = random_i;
+ pz->I = random_i;
}
/* Packet ready */
@@ -760,14 +760,14 @@
UNUSED const uint32_t ha_state,
struct hip_packet_context *ctx)
{
- int err = 0;
- hip_common_t *r1pkt = NULL;
- struct in6_addr dst_ip = IN6ADDR_ANY_INIT,
- *r1_dst_addr = NULL,
- *local_plain_hit = NULL,
- *r1_src_addr = &ctx->dst_addr;
- in_port_t r1_dst_port = 0;
- int relay_para_type = 0;
+ int err = 0;
+ hip_common_t *r1pkt = NULL;
+ struct in6_addr dst_ip = IN6ADDR_ANY_INIT,
+ *r1_dst_addr = NULL,
+ *local_plain_hit = NULL,
+ *r1_src_addr = &ctx->dst_addr;
+ in_port_t r1_dst_port = 0;
+ int relay_para_type = 0;
HIP_IFEL(ctx->error,
-1,
@@ -791,7 +791,7 @@
//from relay
r1_dst_addr = &ctx->src_addr;
r1_dst_port = ctx->msg_ports.src_port;
- } else if (relay_para_type == HIP_PARAM_FROM) {
+ } else if (relay_para_type == HIP_PARAM_FROM) {
HIP_DEBUG("Param from\n");
//from RVS, answer to I
r1_dst_addr = &dst_ip;
@@ -852,7 +852,7 @@
if (relay_para_type == HIP_PARAM_RELAY_FROM) {
HIP_DEBUG("Build param relay_to\n");
hip_build_param_relay_to(r1pkt, &dst_ip, r1_dst_port);
- } else if (relay_para_type == HIP_PARAM_FROM) {
+ } else if (relay_para_type == HIP_PARAM_FROM) {
HIP_DEBUG("Build param via_rvs\n");
hip_build_param_via_rvs(r1pkt, &ctx->src_addr);
}
@@ -904,8 +904,8 @@
struct hip_packet_context *ctx)
{
struct hip_crypto_key hmac;
- int err = 0;
- uint16_t mask = 0;
+ int err = 0;
+ uint16_t mask = 0;
HIP_IFEL(ctx->error,
-1,
@@ -947,8 +947,8 @@
/* For now we just add some random data to see if it works */
HIP_IFEL(hip_build_param_cert(ctx->output_msg, 1, 1, 1, 1, midauth_cert,
strlen(midauth_cert)),
- -1,
- "Building of cert failed\n");
+ -1,
+ "Building of cert failed\n");
#endif
@@ -997,7 +997,7 @@
#ifdef CONFIG_HIP_RVS
{
struct in6_addr dst;
- in_port_t dst_port = 0;
+ in_port_t dst_port = 0;
memset(&dst, 0, sizeof(dst));
if ((hip_relay_handle_relay_from(ctx->input_msg, &ctx->src_addr,
@@ -1164,14 +1164,14 @@
hip_ha_t *entry,
const int retransmit)
{
- int err = 0, sa_size, sent, len = 0, dupl, try_again,
udp = 0;
+ int err = 0, sa_size, sent, len = 0, dupl, try_again,
udp = 0;
struct sockaddr_storage src, dst;
- int src_is_ipv4 = 0, dst_is_ipv4 = 0, memmoved = 0;
- struct sockaddr_in6 *src6 = NULL, *dst6 = NULL;
- struct sockaddr_in *src4 = NULL, *dst4 = NULL;
- struct in6_addr my_addr;
+ int src_is_ipv4 = 0, dst_is_ipv4 = 0, memmoved = 0;
+ struct sockaddr_in6 *src6 = NULL, *dst6 = NULL;
+ struct sockaddr_in *src4 = NULL, *dst4 = NULL;
+ struct in6_addr my_addr;
/* Points either to v4 or v6 raw sock */
- int hip_raw_sock_output = 0;
+ int hip_raw_sock_output = 0;
/* Verify the existence of obligatory parameters. */
HIP_ASSERT(peer_addr != NULL && msg != NULL);
@@ -1195,10 +1195,10 @@
/* Some convinient short-hands to avoid too much casting (could be
* an union as well) */
- src6 = (struct sockaddr_in6 *) &src;
- dst6 = (struct sockaddr_in6 *) &dst;
- src4 = (struct sockaddr_in *) &src;
- dst4 = (struct sockaddr_in *) &dst;
+ src6 = (struct sockaddr_in6 *) &src;
+ dst6 = (struct sockaddr_in6 *) &dst;
+ src4 = (struct sockaddr_in *) &src;
+ dst4 = (struct sockaddr_in *) &dst;
memset(&src, 0, sizeof(src));
memset(&dst, 0, sizeof(dst));
@@ -1305,7 +1305,7 @@
/* Insert 32 bits of zero bytes between UDP and HIP */
memmove(((char *) msg) + HIP_UDP_ZERO_BYTES_LEN + sizeof(struct
udphdr), msg, len);
memset(((char *) msg), 0, HIP_UDP_ZERO_BYTES_LEN + sizeof(struct
udphdr));
- len += HIP_UDP_ZERO_BYTES_LEN + sizeof(struct udphdr);
+ len += HIP_UDP_ZERO_BYTES_LEN + sizeof(struct udphdr);
uh->source = htons(src_port);
uh->dest = htons(dst_port);
@@ -1346,7 +1346,7 @@
struct in6_addr any = IN6ADDR_ANY_INIT;
src6->sin6_family = AF_INET6;
ipv6_addr_copy(&src6->sin6_addr, &any);
- sa_size = sizeof(struct sockaddr_in6);
+ sa_size = sizeof(struct sockaddr_in6);
}
bind(hip_raw_sock_output, (struct sockaddr *) &src, sa_size);
@@ -1452,11 +1452,11 @@
hip_ha_t *entry,
const int retransmit)
{
- int err = 0;
+ int err = 0;
struct netdev_address *netdev_src_addr = NULL;
- struct in6_addr *src_addr = NULL;
- hip_list_t *item = NULL, *tmp = NULL;
- int i = 0;
+ struct in6_addr *src_addr = NULL;
+ hip_list_t *item = NULL, *tmp = NULL;
+ int i = 0;
/* Notice that the shotgun logic requires us to check always the address
family.
* Depending on the address family, we send the packet using UDP
encapsulation or
@@ -1486,7 +1486,7 @@
list_for_each_safe(item, tmp, addresses, i)
{
netdev_src_addr = (struct netdev_address *) list_entry(item);
- src_addr = hip_cast_sa_addr((struct sockaddr *)
&netdev_src_addr->addr);
+ src_addr = hip_cast_sa_addr((struct sockaddr *)
&netdev_src_addr->addr);
if (!are_addresses_compatible(src_addr, peer_addr)) {
continue;
=== modified file 'hipd/pkt_handling.c'
--- hipd/pkt_handling.c 2010-11-12 16:42:54 +0000
+++ hipd/pkt_handling.c 2011-01-03 16:06:13 +0000
@@ -42,9 +42,9 @@
struct handle_function {
uint16_t priority;
- int (*func_ptr)(const uint8_t packet_type,
- const uint32_t ha_state,
- struct hip_packet_context *ctx);
+ int (*func_ptr)(const uint8_t packet_type,
+ const uint32_t ha_state,
+ struct hip_packet_context *ctx);
};
/**
@@ -73,7 +73,7 @@
struct
hip_packet_context *ctx),
const uint16_t priority)
{
- int err = 0;
+ int err = 0;
struct handle_function *new_entry = NULL;
HIP_IFEL(packet_type > HIP_MAX_PACKET_TYPE,
@@ -87,13 +87,13 @@
-1,
"Error on allocating memory for a handle function entry.\n");
- new_entry->priority = priority;
- new_entry->func_ptr = handle_function;
+ new_entry->priority = priority;
+ new_entry->func_ptr = handle_function;
hip_handle_functions[packet_type][ha_state] =
- lmod_register_function(hip_handle_functions[packet_type][ha_state],
- new_entry,
- priority);
+ lmod_register_function(hip_handle_functions[packet_type][ha_state],
+ new_entry,
+ priority);
if (!hip_handle_functions[packet_type][ha_state]) {
HIP_ERROR("Error on registering a handle function.\n");
err = -1;
@@ -138,7 +138,6 @@
while ((iter = hip_ll_iterate(hip_handle_functions[packet_type][ha_state],
iter))
&& !ctx->error) {
-
((struct handle_function *) iter->ptr)->func_ptr(packet_type,
ha_state,
ctx);
=== modified file 'hipd/registration.c'
--- hipd/registration.c 2010-11-30 14:50:30 +0000
+++ hipd/registration.c 2011-01-03 16:06:13 +0000
@@ -102,10 +102,10 @@
*/
static int hip_del_pending_request_by_expiration(void)
{
- int idx = 0;
- hip_ll_node_t *iter = NULL;
+ int idx = 0;
+ hip_ll_node_t *iter = NULL;
hip_pending_request_t *request = NULL;
- time_t now = time(NULL);
+ time_t now = time(NULL);
/* See hip_del_pending_request() for a comment. */
while ((iter = hip_ll_iterate(&pending_requests, iter)) != NULL) {
@@ -243,7 +243,7 @@
*/
int hip_del_pending_request(hip_ha_t *entry)
{
- int idx = 0;
+ int idx = 0;
hip_ll_node_t *iter = NULL;
/* Iterate through the linked list. The iterator itself can't be used
@@ -276,8 +276,8 @@
*/
int hip_del_pending_request_by_type(hip_ha_t *entry, uint8_t reg_type)
{
- int idx = 0;
- hip_ll_node_t *iter = NULL;
+ int idx = 0;
+ hip_ll_node_t *iter = NULL;
hip_pending_request_t *request = NULL;
/* See hip_del_pending_request() for a comment. */
@@ -342,8 +342,8 @@
return -1;
}
- hip_ll_node_t *iter = 0;
- int request_count = 0;
+ hip_ll_node_t *iter = 0;
+ int request_count = 0;
while ((iter = hip_ll_iterate(&pending_requests, iter)) != NULL) {
if (((hip_pending_request_t *) (iter->ptr))->entry == entry) {
@@ -368,8 +368,8 @@
*/
static int hip_get_pending_request_count(hip_ha_t *entry)
{
- hip_ll_node_t *iter = 0;
- int request_count = 0;
+ hip_ll_node_t *iter = 0;
+ int request_count = 0;
while ((iter = hip_ll_iterate(&pending_requests, iter)) != NULL) {
if (((hip_pending_request_t *) (iter->ptr))->entry == entry) {
@@ -425,9 +425,9 @@
int *accepted_count, uint8_t
refused_requests[],
uint8_t failure_types[], int
*refused_count)
{
- int err = 0, i = 0;
+ int err = 0, i = 0;
hip_relrec_t dummy, *fetch_record = NULL, *new_record = NULL;
- uint8_t granted_lifetime = 0;
+ uint8_t granted_lifetime = 0;
memcpy(&(dummy.hit_r), &(entry->hit_peer), sizeof(entry->hit_peer));
@@ -498,7 +498,7 @@
/* Check that the put was succesful. */
if (hip_relht_get(new_record) != NULL) {
- accepted_requests[*accepted_count] =
+ accepted_requests[*accepted_count] =
reg_types[i];
accepted_lifetimes[*accepted_count] =
granted_lifetime;
@@ -583,7 +583,7 @@
uint8_t failure_types[],
int *refused_count)
{
- int err = 0, i = 0;
+ int err = 0, i = 0;
hip_relrec_t dummy, *fetch_record = NULL;
memcpy(&(dummy.hit_r), &(entry->hit_peer), sizeof(entry->hit_peer));
@@ -661,7 +661,7 @@
} else {
refused_requests[*refused_count] =
reg_types[i];
- failure_types[*refused_count] =
+ failure_types[*refused_count] =
HIP_REG_TRANSIENT_CONDITIONS;
(*refused_count)++;
HIP_ERROR("Cancellation refused.\n");
@@ -704,7 +704,7 @@
const uint8_t *reg_types,
int type_count)
{
- int i = 0;
+ int i = 0;
time_t seconds = 0;
/* 'seconds' is just just for debug prints. */
@@ -868,11 +868,11 @@
int hip_handle_param_reg_info(hip_ha_t *entry, hip_common_t *source_msg,
hip_common_t *target_msg)
{
- const struct hip_reg_info *reg_info = NULL;
- const uint8_t *reg_types = NULL;
- unsigned int type_count = 0;
- unsigned int i;
- int err = 0;
+ const struct hip_reg_info *reg_info = NULL;
+ const uint8_t *reg_types = NULL;
+ unsigned int type_count = 0;
+ unsigned int i;
+ int err = 0;
reg_info = hip_get_param(source_msg, HIP_PARAM_REG_INFO);
@@ -943,10 +943,10 @@
if (entry->local_controls & HIP_HA_CTRL_LOCAL_REQ_ANY) {
int request_count = hip_get_pending_request_count(entry);
if (request_count > 0) {
- unsigned int j = 0;
- int types_to_request = 0;
- uint8_t valid_lifetime = 0;
- uint8_t type_array[request_count];
+ unsigned int j = 0;
+ int types_to_request = 0;
+ uint8_t valid_lifetime = 0;
+ uint8_t type_array[request_count];
hip_pending_request_t *requests[request_count];
i = 0;
@@ -969,7 +969,7 @@
/* Copy the Reg Types to an array. Outer loop for the
* services we have requested, inner loop for the
* services the server offers. */
- for (i = 0; i < (unsigned)request_count; i++) {
+ for (i = 0; i < (unsigned) request_count; i++) {
for (j = 0; j < type_count; j++) {
if (requests[i]->reg_type == reg_types[j]) {
type_array[types_to_request] = requests[i]->reg_type;
@@ -1065,13 +1065,13 @@
int hip_handle_param_reg_request(hip_ha_t *entry, hip_common_t *source_msg,
hip_common_t *target_msg)
{
- int err = 0, type_count = 0, accepted_count =
0, refused_count = 0;
+ int err = 0, type_count = 0,
accepted_count = 0, refused_count = 0;
const struct hip_reg_request *reg_request = NULL;
- const uint8_t *reg_types = NULL;
+ const uint8_t *reg_types = NULL;
/* Arrays for storing the type reg_types of the accepted and refused
* request types. */
- uint8_t *accepted_requests = NULL, *accepted_lifetimes = NULL;
- uint8_t *refused_requests = NULL, *failure_types = NULL;
+ uint8_t *accepted_requests = NULL, *accepted_lifetimes = NULL;
+ uint8_t *refused_requests = NULL, *failure_types = NULL;
reg_request = hip_get_param(source_msg, HIP_PARAM_REG_REQUEST);
@@ -1085,8 +1085,8 @@
}
/* Get the number of registration types. */
- type_count = hip_get_param_contents_len(reg_request) -
- sizeof(reg_request->lifetime);
+ type_count = hip_get_param_contents_len(reg_request) -
+ sizeof(reg_request->lifetime);
accepted_requests = malloc(sizeof(uint8_t) * type_count);
accepted_lifetimes = malloc(sizeof(uint8_t) * type_count);
refused_requests = malloc(sizeof(uint8_t) * type_count);
@@ -1153,7 +1153,7 @@
if (refused_count > 0) {
/* We must add as many REG_FAILED parameters as there are
* different failure types. */
- int i, j, to_be_build_count;
+ int i, j, to_be_build_count;
uint8_t reg_types_to_build[refused_count];
uint8_t type_to_check[HIP_TOTAL_EXISTING_FAILURE_TYPES] =
HIP_ARRAY_INIT_REG_FAILURES;
@@ -1215,9 +1215,9 @@
*/
int hip_handle_param_reg_response(hip_ha_t *entry, hip_common_t *msg)
{
- int err = 0, type_count = 0;
+ int err = 0, type_count = 0;
const struct hip_reg_response *reg_response = NULL;
- const uint8_t *reg_types = NULL;
+ const uint8_t *reg_types = NULL;
reg_response = hip_get_param(msg, HIP_PARAM_REG_RESPONSE);
@@ -1231,8 +1231,8 @@
type_count = hip_get_param_contents_len(reg_response) -
sizeof(reg_response->lifetime);
- reg_types = (const uint8_t *) hip_get_param_contents_direct(reg_response)
+
- sizeof(reg_response->lifetime);
+ reg_types = (const uint8_t *) hip_get_param_contents_direct(reg_response) +
+ sizeof(reg_response->lifetime);
if (reg_response->lifetime == 0) {
hip_del_registration_client(entry, reg_types, type_count);
@@ -1307,10 +1307,10 @@
*/
int hip_handle_param_reg_failed(hip_ha_t *entry, hip_common_t *msg)
{
- int err = 0, type_count = 0, i = 0;
+ int err = 0, type_count = 0, i = 0;
const struct hip_reg_failed *reg_failed = NULL;
- const uint8_t *reg_types = NULL;
- char reason[256];
+ const uint8_t *reg_types = NULL;
+ char reason[256];
reg_failed = hip_get_param(msg, HIP_PARAM_REG_FAILED);
@@ -1326,8 +1326,8 @@
while (hip_get_param_type(reg_failed) == HIP_PARAM_REG_FAILED) {
type_count = hip_get_param_contents_len(reg_failed) -
sizeof(reg_failed->failure_type);
- reg_types = (const uint8_t *)
hip_get_param_contents_direct(reg_failed) +
- sizeof(reg_failed->failure_type);
+ reg_types = (const uint8_t *)
hip_get_param_contents_direct(reg_failed) +
+ sizeof(reg_failed->failure_type);
hip_get_registration_failure_string(reg_failed->failure_type,
reason);
@@ -1385,7 +1385,7 @@
* no more parameters left. */
i = 0;
reg_failed = (const struct hip_reg_failed *) hip_get_next_param(msg,
- (const struct hip_tlv_common
*)reg_failed);
+ (const
struct hip_tlv_common *) reg_failed);
if (reg_failed == NULL) {
break;
@@ -1408,7 +1408,7 @@
*/
int hip_handle_reg_from(hip_ha_t *entry, struct hip_common *msg)
{
- int err = 0;
+ int err = 0;
const struct hip_reg_from *rfrom = NULL;
HIP_DEBUG("Checking msg for REG_FROM parameter.\n");
=== modified file 'hipd/registration.h'
--- hipd/registration.h 2010-10-15 15:29:14 +0000
+++ hipd/registration.h 2011-01-03 16:06:13 +0000
@@ -51,7 +51,7 @@
uint8_t reg_type;
uint8_t lifetime;
/** Time when this record was created, seconds since epoch. */
- time_t created;
+ time_t created;
} hip_pending_request_t;
/**
=== modified file 'hipd/user.c'
--- hipd/user.c 2010-11-30 15:18:04 +0000
+++ hipd/user.c 2011-01-03 16:06:13 +0000
@@ -95,7 +95,7 @@
struct usr_msg_handle {
uint16_t priority;
- int (*func_ptr)(hip_common_t *msg, struct sockaddr_in6 *src);
+ int (*func_ptr)(hip_common_t *msg, struct sockaddr_in6 *src);
};
static hip_ll_t *hip_user_msg_handles[HIP_MSG_ROOT_MAX];
@@ -118,7 +118,7 @@
struct sockaddr_in6 *src),
const uint16_t priority)
{
- int err = 0;
+ int err = 0;
struct usr_msg_handle *new_entry = NULL;
HIP_IFEL(!(new_entry = malloc(sizeof(struct usr_msg_handle))),
@@ -129,9 +129,9 @@
new_entry->func_ptr = handle_func;
hip_user_msg_handles[msg_type] =
- lmod_register_function(hip_user_msg_handles[msg_type],
- new_entry,
- priority);
+ lmod_register_function(hip_user_msg_handles[msg_type],
+ new_entry,
+ priority);
if (!hip_user_msg_handles[msg_type]) {
HIP_ERROR("Error on registering a handle function.\n");
err = -1;
@@ -166,7 +166,6 @@
while ((iter = hip_ll_iterate(hip_user_msg_handles[msg_type],
iter))) {
-
((struct usr_msg_handle *) iter->ptr)->func_ptr(msg, src);
}
@@ -189,7 +188,6 @@
}
}
-
/**
* send a response message back to the origin
*
@@ -217,11 +215,11 @@
int hip_handle_user_msg(hip_common_t *msg,
struct sockaddr_in6 *src)
{
- const hip_hit_t *src_hit = NULL, *dst_hit = NULL;
- hip_ha_t *entry = NULL;
- int err = 0, msg_type = 0, reti = 0;
- int access_ok = 0, is_root = 0;
- const struct hip_tlv_common *param = NULL;
+ const hip_hit_t *src_hit = NULL, *dst_hit = NULL;
+ hip_ha_t *entry = NULL;
+ int err = 0, msg_type = 0, reti = 0;
+ int access_ok = 0, is_root = 0;
+ const struct hip_tlv_common *param = NULL;
HIP_ASSERT(src->sin6_family == AF_INET6);
HIP_DEBUG("User message from port %d\n", htons(src->sin6_port));
@@ -235,7 +233,7 @@
msg_type = hip_get_msg_type(msg);
- is_root = ntohs(src->sin6_port) < 1024;
+ is_root = ntohs(src->sin6_port) < 1024;
if (is_root) {
access_ok = 1;
} else if (!is_root &&
@@ -319,13 +317,13 @@
"Error when setting daemon DEBUG status to NONE\n");
break;
case HIP_MSG_CONF_PUZZLE_NEW:
- err = hip_recreate_all_precreated_r1_packets();
+ err = hip_recreate_all_precreated_r1_packets();
break;
case HIP_MSG_CONF_PUZZLE_GET:
- err = hip_get_puzzle_difficulty_msg(msg);
+ err = hip_get_puzzle_difficulty_msg(msg);
break;
case HIP_MSG_CONF_PUZZLE_SET:
- err = hip_set_puzzle_difficulty_msg(msg);
+ err = hip_set_puzzle_difficulty_msg(msg);
break;
case HIP_MSG_CONF_PUZZLE_INC:
dst_hit = hip_get_param_contents(msg, HIP_PARAM_HIT);
@@ -337,7 +335,7 @@
break;
#ifdef CONFIG_HIP_OPPORTUNISTIC
case HIP_MSG_GET_PEER_HIT:
- err = hip_opp_get_peer_hit(msg, src);
+ err = hip_opp_get_peer_hit(msg, src);
break;
#endif
case HIP_MSG_CERT_SPKI_VERIFY:
@@ -393,16 +391,16 @@
* the hip daemon wants either to register to a server for
* additional services or it wants to cancel a registration.
* Cancellation is identified with a zero lifetime. */
- const struct hip_reg_request *reg_req = NULL;
- hip_pending_request_t *pending_req = NULL;
- const uint8_t *reg_types = NULL;
- const struct in6_addr *dst_ip = NULL;
- int i = 0, type_count = 0;
- int opp_mode = 0;
- int add_to_global = 0;
- struct sockaddr_in6 sock_addr6;
- struct sockaddr_in sock_addr;
- struct in6_addr server_addr, hitr;
+ const struct hip_reg_request *reg_req = NULL;
+ hip_pending_request_t *pending_req = NULL;
+ const uint8_t *reg_types = NULL;
+ const struct in6_addr *dst_ip = NULL;
+ int i = 0, type_count = 0;
+ int opp_mode = 0;
+ int add_to_global = 0;
+ struct sockaddr_in6 sock_addr6;
+ struct sockaddr_in sock_addr;
+ struct in6_addr server_addr, hitr;
#ifdef CONFIG_HIP_OPPORTUNISTIC
struct in6_addr *hit_local;
#endif
@@ -443,12 +441,12 @@
HIP_DEBUG("No HIT parameter found from the user " \
"message. Trying opportunistic mode \n");
opp_mode = 1;
- } else if (dst_ip == NULL) {
+ } else if (dst_ip == NULL) {
HIP_ERROR("No IPV6 parameter found from the user " \
"message.\n");
err = -1;
goto out_err;
- } else if (reg_req == NULL) {
+ } else if (reg_req == NULL) {
HIP_ERROR("No REG_REQUEST parameter found from the " \
"user message.\n");
err = -1;
@@ -476,7 +474,7 @@
hit_local = malloc(sizeof(struct in6_addr));
HIP_IFEL(hip_get_default_hit(hit_local), -1,
"Error retrieving default HIT \n");
- entry = hip_opp_add_map(dst_ip, hit_local, src);
+ entry = hip_opp_add_map(dst_ip, hit_local, src);
}
#endif
reg_types = reg_req->reg_type;
@@ -538,7 +536,6 @@
hip_add_address_to_list((struct sockaddr *) &sock_addr,
0,
HIP_FLAG_CONTROL_TRAFFIC_ONLY);
-
} else {
memset(&sock_addr6, 0, sizeof(sock_addr6));
sock_addr6.sin6_family = AF_INET6;
@@ -749,7 +746,7 @@
HIP_PARAM_LSI,
sizeof(hip_lsi_t)), -1);
} else if (dst_hit) { /* Assign a new LSI */
struct hip_common msg_tmp;
- hip_lsi_t lsi;
+ hip_lsi_t lsi;
memset(&msg_tmp, 0, sizeof(msg_tmp));
hip_generate_peer_lsi(&lsi);
@@ -771,9 +768,9 @@
HIP_DEBUG("Setting local NAT port\n");
hip_set_local_nat_udp_port(nat_port->port);
/* We need to recreate only the input socket to bind to the new
- port. Output port must be left intact as it is a raw socket */
+ * port. Output port must be left intact as it is a raw socket */
close(hip_nat_sock_input_udp);
- hip_nat_sock_input_udp = 0;
+ hip_nat_sock_input_udp = 0;
hip_create_nat_sock_udp(&hip_nat_sock_input_udp, 0, 0);
} else {
HIP_DEBUG("Setting peer NAT port\n");
@@ -834,10 +831,10 @@
break;
case HIP_MSG_MAP_ID_TO_ADDR:
{
- const struct in6_addr *id = NULL;
- const hip_hit_t *hit = NULL;
- hip_lsi_t lsi;
- struct in6_addr addr;
+ const struct in6_addr *id = NULL;
+ const hip_hit_t *hit = NULL;
+ hip_lsi_t lsi;
+ struct in6_addr addr;
HIP_IFE(!(param = hip_get_param(msg, HIP_PARAM_IPV6_ADDR)), -1);
HIP_IFE(!(id = hip_get_param_contents_direct(param)), -1);
@@ -874,7 +871,7 @@
case HIP_MSG_LSI_TO_HIT:
{
const hip_lsi_t *lsi;
- hip_ha_t *ha;
+ hip_ha_t *ha;
HIP_IFE(!(param = hip_get_param(msg, HIP_PARAM_LSI)), -1);
HIP_IFE(!(lsi = hip_get_param_contents_direct(param)), -1);
=== modified file 'hipd/user_ipsec_hipd_msg.c'
--- hipd/user_ipsec_hipd_msg.c 2010-11-30 14:50:30 +0000
+++ hipd/user_ipsec_hipd_msg.c 2011-01-03 16:06:13 +0000
@@ -58,7 +58,7 @@
int hip_userspace_ipsec_activate(const struct hip_common *msg)
{
const struct hip_tlv_common *param = NULL;
- int err = 0, activate = 0;
+ int err = 0, activate = 0;
// process message and store anchor elements in the db
param = hip_get_param(msg, HIP_PARAM_INT);
@@ -112,7 +112,7 @@
hip_ha_t *entry)
{
struct hip_common *msg = NULL;
- int err = 0;
+ int err = 0;
HIP_IFEL(!(msg = malloc(HIP_MAX_PACKET)), -1,
"alloc memory for adding sa entry\n");
@@ -228,7 +228,7 @@
const int dst_port)
{
struct hip_common *msg = NULL;
- int err = 0;
+ int err = 0;
HIP_IFEL(!(msg = malloc(HIP_MAX_PACKET)), -1,
"alloc memory for adding sa entry\n");
@@ -279,7 +279,7 @@
struct hip_common *create_flush_all_sa_msg(void)
{
struct hip_common *msg = NULL;
- int err = 0;
+ int err = 0;
HIP_IFEL(!(msg = malloc(HIP_MAX_PACKET)), -1,
"alloc memory for adding sa entry\n");
=== modified file 'hipd/user_ipsec_sadb_api.c'
--- hipd/user_ipsec_sadb_api.c 2010-11-29 08:58:13 +0000
+++ hipd/user_ipsec_sadb_api.c 2011-01-03 16:06:13 +0000
@@ -56,8 +56,8 @@
static int hip_userspace_ipsec_send_to_fw(const struct hip_common *msg)
{
struct sockaddr_in6 hip_fw_addr;
- struct in6_addr loopback = in6addr_loopback;
- int err = 0;
+ struct in6_addr loopback = in6addr_loopback;
+ int err = 0;
HIP_ASSERT(msg != NULL);
@@ -112,8 +112,8 @@
hip_ha_t *entry)
{
struct hip_common *msg = NULL;
- in_port_t sport, dport;
- int err = 0;
+ in_port_t sport, dport;
+ int err = 0;
HIP_ASSERT(spi != 0);
=== modified file 'lib/core/builder.c'
--- lib/core/builder.c 2010-12-13 21:12:34 +0000
+++ lib/core/builder.c 2011-01-03 16:06:13 +0000
@@ -492,7 +492,7 @@
if (seconds == 0) {
*lifetime = 0;
return -1;
- } else if (seconds > 15384774) {
+ } else if (seconds > 15384774) {
*lifetime = 255;
return -1;
} else {
@@ -578,7 +578,7 @@
*/
static int hip_check_network_msg_type(const struct hip_common *msg)
{
- int ok = 0;
+ int ok = 0;
hip_hdr_type_t supported[] =
{
HIP_I1,
@@ -633,7 +633,7 @@
*/
static int hip_check_network_param_type(const struct hip_tlv_common *param)
{
- int ok = 0;
+ int ok = 0;
hip_tlv_type_t i;
hip_tlv_type_t valid[] =
{
@@ -725,13 +725,13 @@
static int hip_check_param_contents_len(const struct hip_common *msg,
const struct hip_tlv_common *param)
{
- int ok = 0;
+ int ok = 0;
/* length in bytes */
int param_len = hip_get_param_total_len(param);
/* cast pointers to a compatible type for comparison below */
- const uint8_t *msg_pos = (const uint8_t *) msg;
- const uint8_t *param_pos = (const uint8_t *) param;
+ const uint8_t *msg_pos = (const uint8_t *) msg;
+ const uint8_t *param_pos = (const uint8_t *) param;
/* Note: the lower limit is not checked, because there really is no
* lower limit. */
@@ -762,7 +762,7 @@
const struct hip_tlv_common
*current_param)
{
const struct hip_tlv_common *next_param = NULL;
- const uint8_t *pos = (const uint8_t *) current_param;
+ const uint8_t *pos = (const uint8_t *) current_param;
if (!msg) {
HIP_ERROR("msg null\n");
@@ -809,7 +809,7 @@
struct hip_tlv_common
*current_param)
{
struct hip_tlv_common *next_param = NULL;
- uint8_t *pos = (uint8_t *) current_param;
+ uint8_t *pos = (uint8_t *) current_param;
if (!msg) {
HIP_ERROR("msg null\n");
@@ -858,7 +858,7 @@
const void *hip_get_param(const struct hip_common *msg,
hip_tlv_type_t param_type)
{
- const void *matched = NULL;
+ const void *matched = NULL;
const struct hip_tlv_common *current_param = NULL;
/** @todo Optimize: stop when next parameter's type is greater than the
@@ -889,7 +889,7 @@
void *hip_get_param_readwrite(struct hip_common *msg,
hip_tlv_type_t param_type)
{
- void *matched = NULL;
+ void *matched = NULL;
struct hip_tlv_common *current_param = NULL;
/** @todo Optimize: stop when next parameter's type is greater than the
@@ -970,8 +970,8 @@
{
struct hip_tlv_common *current_param = NULL;
struct hip_tlv_common *last_used_pos = NULL;
- void *free_pos = NULL;
- uint8_t *first_pos = ((uint8_t *) msg) + sizeof(struct
hip_common);
+ void *free_pos = NULL;
+ uint8_t *first_pos = ((uint8_t *) msg) + sizeof(struct
hip_common);
/* Check for no parameters: this has to be checked separately because
* we cannot tell from the return value of get_next_param() whether
@@ -1012,7 +1012,7 @@
void hip_calc_hdr_len(struct hip_common *msg)
{
struct hip_tlv_common *param = NULL;
- uint8_t *pos = (uint8_t *) msg;
+ uint8_t *pos = (uint8_t *) msg;
/* We cannot call get_next() or get_free() because they need a valid
* header length which is to be (possibly) calculated now. So, the
@@ -1033,7 +1033,7 @@
param = (struct hip_tlv_common *) pos;
if (hip_get_param_contents_len(param) != 0) {
/* Case 1 and 3: a new parameter (with a valid length) has
- * been added and the message length has not been updated. */
+ * been added and the message length has not been updated. */
hip_set_msg_total_len(msg, hip_get_msg_total_len(msg) +
hip_get_param_total_len(param));
/* XX assert: new pos must be of type 0 (assume only one
@@ -1276,6 +1276,7 @@
}
return "UNDEFINED";
}
+
#endif /* CONFIG_HIP_DEBUG */
/**
@@ -1288,12 +1289,12 @@
void hip_dump_msg(const struct hip_common *msg)
{
const struct hip_tlv_common *current_param = NULL;
- const uint8_t *contents = NULL;
+ const uint8_t *contents = NULL;
/* The value of the "Length"-field in current parameter. */
- hip_tlv_len_t len = 0;
+ hip_tlv_len_t len = 0;
/* Total length of the parameter (type+length+value+padding), and the
* length of padding. */
- size_t total_len = 0, pad_len = 0;
+ size_t total_len = 0, pad_len = 0;
HIP_DEBUG("--------------- MSG START ------------------\n");
HIP_DEBUG("Msg type : %s (%d)\n",
@@ -1304,12 +1305,12 @@
HIP_DEBUG("Msg controls: 0x%04x\n", msg->control);
while ((current_param = hip_get_next_param(msg, current_param))) {
- len = hip_get_param_contents_len(current_param);
+ len = hip_get_param_contents_len(current_param);
/* Formula from base draft section 5.2.1. */
total_len = 11 + len - (len + 3) % 8;
pad_len = total_len - len - sizeof(hip_tlv_type_t)
- sizeof(hip_tlv_len_t);
- contents = hip_get_param_contents_direct(current_param);
+ contents = hip_get_param_contents_direct(current_param);
HIP_DEBUG("Parameter type:%s (%d). Total length: %d (4 type+" \
"length, %d content, %d padding).\n",
hip_param_type_name(hip_get_param_type(current_param)),
@@ -1332,7 +1333,7 @@
int hip_check_userspace_msg(const struct hip_common *msg)
{
const struct hip_tlv_common *current_param = NULL;
- int err = 0;
+ int err = 0;
if (!hip_check_user_msg_len(msg)) {
err = -EMSGSIZE;
@@ -1372,7 +1373,7 @@
static int hip_check_network_param_attributes(const struct hip_tlv_common
*param)
{
hip_tlv_type_t type = hip_get_param_type(param);
- int err = 0;
+ int err = 0;
switch (type) {
case HIP_PARAM_HIP_TRANSFORM:
@@ -1411,9 +1412,9 @@
*/
int hip_check_network_msg(const struct hip_common *msg)
{
- const struct hip_tlv_common *current_param = NULL;
- hip_tlv_type_t current_param_type = 0, prev_param_type = 0;
- int err = 0;
+ const struct hip_tlv_common *current_param = NULL;
+ hip_tlv_type_t current_param_type = 0, prev_param_type = 0;
+ int err = 0;
/* Checksum of the message header is verified in input.c */
@@ -1446,7 +1447,7 @@
((current_param_type < HIP_LOWER_TRANSFORM_TYPE ||
current_param_type > HIP_UPPER_TRANSFORM_TYPE) &&
(prev_param_type < HIP_LOWER_TRANSFORM_TYPE ||
- prev_param_type > HIP_UPPER_TRANSFORM_TYPE))) {
+ prev_param_type > HIP_UPPER_TRANSFORM_TYPE))) {
/* According to draft-ietf-hip-base-03 parameter type order
* strictly enforced, except for
* HIP_LOWER_TRANSFORM_TYPE - HIP_UPPER_TRANSFORM_TYPE
@@ -1494,11 +1495,11 @@
hip_tlv_len_t param_hdr_size,
const void *contents)
{
- const struct hip_tlv_common *param = (const struct hip_tlv_common *)
parameter_hdr;
- const void *src = NULL;
- uint8_t *dst = NULL;
- int err = 0, size = 0;
- uint8_t *max_dst = ((uint8_t *) msg) + HIP_MAX_PACKET;
+ const struct hip_tlv_common *param = (const struct hip_tlv_common *)
parameter_hdr;
+ const void *src = NULL;
+ uint8_t *dst = NULL;
+ int err = 0, size = 0;
+ uint8_t *max_dst = ((uint8_t *) msg) + HIP_MAX_PACKET;
if (msg == NULL) {
HIP_ERROR("Message is NULL.\n");
@@ -1622,7 +1623,7 @@
*/
int hip_build_param(struct hip_common *msg, const void *tlv_common)
{
- int err = 0;
+ int err = 0;
const uint8_t *contents = ((const uint8_t *) tlv_common) + sizeof(struct
hip_tlv_common);
if (tlv_common == NULL) {
@@ -1757,12 +1758,12 @@
msg->payload_proto = IPPROTO_NONE; /* 1 byte, no htons() */
/* Do not touch the length; it is written by param builders */
- msg->type_hdr = type_hdr; /* 1 byte, no htons() */
+ msg->type_hdr = type_hdr; /* 1 byte, no htons() */
/* version includes the SHIM6 bit */
- msg->ver_res = (HIP_VER_RES << 4) | 1; /* 1 byte, no htons() */
+ msg->ver_res = (HIP_VER_RES << 4) | 1; /* 1 byte, no htons() */
- msg->control = htons(control);
- msg->checksum = htons(0); /* this will be written by xmit */
+ msg->control = htons(control);
+ msg->checksum = htons(0); /* this will be written by xmit */
ipv6_addr_copy(&msg->hits, hit_sender ? hit_sender : &in6addr_any);
ipv6_addr_copy(&msg->hitr, hit_receiver ? hit_receiver : &in6addr_any);
@@ -1784,7 +1785,7 @@
const struct hip_crypto_key *key,
hip_tlv_type_t param_type)
{
- int err = 0;
+ int err = 0;
struct hip_hmac hmac;
hip_set_param_type((struct hip_tlv_common *) &hmac, param_type);
@@ -1833,7 +1834,7 @@
struct hip_host_id *host_id)
{
const struct hip_tlv_common *param = NULL;
- int err = 0;
+ int err = 0;
HIP_HEXDUMP("host id", host_id,
hip_get_param_total_len(host_id));
@@ -1845,8 +1846,7 @@
/* copy parameters to a temporary buffer to calculate
* pseudo-hmac (includes the host id) */
while ((param = hip_get_next_param(msg, param)) &&
- hip_get_param_type(param) < HIP_PARAM_HMAC2)
- {
+ hip_get_param_type(param) < HIP_PARAM_HMAC2) {
HIP_IFEL(hip_build_param(msg_copy, param),
-1,
"Failed to build param\n");
@@ -1879,9 +1879,9 @@
struct hip_crypto_key *key,
struct hip_host_id *host_id)
{
- struct hip_hmac hmac2;
+ struct hip_hmac hmac2;
struct hip_common *msg_copy = NULL;
- int err = 0;
+ int err = 0;
HIP_IFEL(!(msg_copy = hip_msg_alloc()), -ENOMEM, "Message alloc\n");
@@ -1896,7 +1896,7 @@
HIP_IFEL(hip_write_hmac(HIP_DIGEST_SHA1_HMAC, key->key, msg_copy,
hip_get_msg_total_len(msg_copy),
hmac2.hmac_data),
- -EFAULT,
+ -EFAULT,
"Error while building HMAC\n");
err = hip_build_param(msg, &hmac2);
@@ -1985,11 +1985,11 @@
int hip_build_param_encrypted_aes_sha1(struct hip_common *msg,
struct hip_tlv_common *param)
{
- int rem, err = 0;
+ int rem, err = 0;
struct hip_encrypted_aes_sha1 enc;
- int param_len = hip_get_param_total_len(param);
- struct hip_tlv_common *common = param;
- char *param_padded = NULL;
+ int param_len =
hip_get_param_total_len(param);
+ struct hip_tlv_common *common = param;
+ char *param_padded = NULL;
hip_set_param_type((struct hip_tlv_common *) &enc, HIP_PARAM_ENCRYPTED);
enc.reserved = htonl(0);
@@ -2056,7 +2056,7 @@
/* note: if you make changes in this function, make them also in
* build_param_signature_contents(), because it is almost the same */
- int err = 0;
+ int err = 0;
struct hip_sig2 sig2;
HIP_ASSERT(sizeof(struct hip_sig2) >= sizeof(struct hip_tlv_common));
@@ -2066,8 +2066,8 @@
contents_size);
sig2.algorithm = algorithm; /* algo is 8 bits, no htons */
- err = hip_build_generic_param(msg, &sig2,
- sizeof(struct hip_sig2),
contents);
+ err = hip_build_generic_param(msg, &sig2,
+ sizeof(struct hip_sig2), contents);
return err;
}
@@ -2093,7 +2093,7 @@
/* note: if you make changes in this function, make them also in
* build_param_signature_contents2(), because it is almost the same */
- int err = 0;
+ int err = 0;
struct hip_sig sig;
HIP_ASSERT(sizeof(struct hip_sig) >= sizeof(struct hip_tlv_common));
@@ -2103,8 +2103,8 @@
contents_size);
sig.algorithm = algorithm; /* algo is 8 bits, no htons */
- err = hip_build_generic_param(msg, &sig,
- sizeof(struct hip_sig), contents);
+ err = hip_build_generic_param(msg, &sig,
+ sizeof(struct hip_sig), contents);
return err;
}
@@ -2123,7 +2123,7 @@
int sign, int request)
{
struct hip_echo_request ping;
- int err;
+ int err;
if (request) {
hip_set_param_type((struct hip_tlv_common *) &ping, sign ?
HIP_PARAM_ECHO_REQUEST_SIGN : HIP_PARAM_ECHO_REQUEST);
@@ -2147,7 +2147,7 @@
int hip_build_param_r1_counter(struct hip_common *msg, uint64_t generation)
{
struct hip_r1_counter r1gen;
- int err = 0;
+ int err = 0;
/* note: the length cannot be calculated with calc_param_len() */
hip_set_param_contents_len((struct hip_tlv_common *) &r1gen,
@@ -2156,11 +2156,11 @@
/* Type 2 (in R1) or 3 (in I2) */
hip_set_param_type((struct hip_tlv_common *) &r1gen, HIP_PARAM_R1_COUNTER);
- r1gen.reserved = 0;
+ r1gen.reserved = 0;
r1gen.generation = hton64(generation);
- err = hip_build_param(msg, &r1gen);
+ err = hip_build_param(msg, &r1gen);
return err;
}
@@ -2177,7 +2177,7 @@
int hip_build_param_via_rvs(struct hip_common *msg,
const struct in6_addr rvs_addresses[])
{
- int err = 0;
+ int err = 0;
struct hip_via_rvs viarvs;
hip_set_param_type((struct hip_tlv_common *) &viarvs, HIP_PARAM_VIA_RVS);
@@ -2203,7 +2203,7 @@
const in_port_t port)
{
struct hip_relay_to relay_to;
- int err = 0;
+ int err = 0;
hip_set_param_type((struct hip_tlv_common *) &relay_to,
HIP_PARAM_RELAY_TO);
ipv6_addr_copy((struct in6_addr *) &relay_to.address, addr);
@@ -2212,7 +2212,7 @@
relay_to.protocol = HIP_NAT_PROTO_UDP;
hip_calc_generic_param_len((struct hip_tlv_common *) &relay_to,
sizeof(relay_to), 0);
- err = hip_build_param(msg, &relay_to);
+ err = hip_build_param(msg, &relay_to);
return err;
}
@@ -2266,11 +2266,11 @@
const void *srv_list,
const unsigned int service_count)
{
- int err = 0;
- unsigned i = 0;
- const hip_srv_t *service_list = (const hip_srv_t *) srv_list;
+ int err = 0;
+ unsigned i = 0;
+ const hip_srv_t *service_list = (const hip_srv_t *) srv_list;
struct hip_reg_info reg_info;
- uint8_t reg_type[service_count];
+ uint8_t reg_type[service_count];
if (service_count == 0) {
return 0;
@@ -2321,7 +2321,7 @@
int hip_build_param_reg_request(hip_common_t *msg, const uint8_t lifetime,
const uint8_t *type_list, const int type_count)
{
- int err = 0;
+ int err = 0;
struct hip_reg_request rreq;
hip_set_param_type((struct hip_tlv_common *) &rreq, HIP_PARAM_REG_REQUEST);
@@ -2343,7 +2343,7 @@
int hip_build_param_reg_response(hip_common_t *msg, const uint8_t lifetime,
const uint8_t *type_list, const int
type_count)
{
- int err = 0;
+ int err = 0;
struct hip_reg_response rres;
hip_set_param_type((struct hip_tlv_common *) &rres,
HIP_PARAM_REG_RESPONSE);
@@ -2365,7 +2365,7 @@
int hip_build_param_reg_failed(struct hip_common *msg, uint8_t failure_type,
uint8_t *type_list, int type_count)
{
- int err = 0;
+ int err = 0;
struct hip_reg_failed reg_failed;
if (type_count == 0) {
@@ -2407,7 +2407,7 @@
uint8_t lifetime, uint32_t opaque, uint64_t
random_i)
{
struct hip_puzzle puzzle;
- int err = 0;
+ int err = 0;
/* note: the length cannot be calculated with calc_param_len() */
hip_set_param_contents_len((struct hip_tlv_common *) &puzzle,
@@ -2453,7 +2453,7 @@
uint8_t opaque_len)
{
struct hip_challenge_request puzzle;
- int err = 0;
+ int err = 0;
/* note: the length cannot be calculated with calc_param_len() */
hip_set_param_contents_len((struct hip_tlv_common *) &puzzle,
@@ -2475,7 +2475,6 @@
return err;
}
-
/**
* Build and append a HIP solution into the message.
*
@@ -2495,7 +2494,7 @@
uint64_t val_J)
{
struct hip_challenge_response cookie;
- int err = 0, opaque_len = 0;
+ int err = 0, opaque_len = 0;
/* note: the length cannot be calculated with calc_param_len() */
hip_set_param_contents_len((struct hip_tlv_common *) &cookie,
@@ -2516,6 +2515,7 @@
hip_get_param_contents_direct(&cookie));
return err;
}
+
#endif /* CONFIG_HIP_MIDAUTH */
/**
@@ -2537,7 +2537,7 @@
uint64_t val_J)
{
struct hip_solution cookie;
- int err = 0;
+ int err = 0;
/* note: the length cannot be calculated with calc_param_len() */
hip_set_param_contents_len((struct hip_tlv_common *) &cookie,
@@ -2546,14 +2546,14 @@
/* Type 2 (in R1) or 3 (in I2) */
hip_set_param_type((struct hip_tlv_common *) &cookie, HIP_PARAM_SOLUTION);
- cookie.J = hton64(val_J);
+ cookie.J = hton64(val_J);
memcpy(&cookie.K, &pz->K, 12); /* copy: K (1), reserved (1),
* opaque (2) and I (8 bytes). */
cookie.reserved = 0;
- err = hip_build_generic_param(msg,
- &cookie,
- sizeof(struct hip_tlv_common),
- hip_get_param_contents_direct(&cookie));
+ err = hip_build_generic_param(msg,
+ &cookie,
+ sizeof(struct hip_tlv_common),
+
hip_get_param_contents_direct(&cookie));
return err;
}
@@ -2580,11 +2580,11 @@
void *pubkey2,
hip_tlv_len_t pubkey_len2)
{
- int err = 0;
+ int err = 0;
struct hip_diffie_hellman diffie_hellman;
- uint8_t *value = NULL, *value_tmp = NULL;
- hip_tlv_len_t pubkey_len = pubkey_len1 + sizeof(uint8_t) +
- sizeof(uint16_t) + pubkey_len2;
+ uint8_t *value = NULL, *value_tmp = NULL;
+ hip_tlv_len_t pubkey_len = pubkey_len1 + sizeof(uint8_t) +
+ sizeof(uint16_t) + pubkey_len2;
uint16_t tmp_pubkey_len2 = 0;
@@ -2619,7 +2619,7 @@
*value_tmp++ = group_id2;
tmp_pubkey_len2 = htons(pubkey_len2);
memcpy(value_tmp, &tmp_pubkey_len2, sizeof(uint16_t));
- value_tmp += sizeof(uint16_t);
+ value_tmp += sizeof(uint16_t);
memcpy(value_tmp, pubkey2, pubkey_len2);
} else {
memcpy(value_tmp, pubkey1, pubkey_len1);
@@ -2672,9 +2672,9 @@
const hip_transform_suite_t
transform_suite[],
const uint16_t transform_count)
{
- int err = 0;
- uint16_t i;
- uint16_t transform_max;
+ int err = 0;
+ uint16_t i;
+ uint16_t transform_max;
struct hip_esp_transform transform_param;
transform_max = hip_get_transform_max(HIP_PARAM_ESP_TRANSFORM);
@@ -2717,9 +2717,9 @@
const hip_transform_suite_t
transform_suite[],
const uint16_t transform_count)
{
- int err = 0;
- uint16_t i;
- uint16_t transform_max;
+ int err = 0;
+ uint16_t i;
+ uint16_t transform_max;
struct hip_hip_transform transform_param;
transform_max = hip_get_transform_max(HIP_PARAM_HIP_TRANSFORM);
@@ -2765,28 +2765,28 @@
* which MUST match one of the values offered to the Initiator in
* the R1 packet. Does this function check this?
* -Lauri 01.08.2008. */
- hip_tlv_type_t type;
- uint16_t supported_hip_tf[] = { HIP_HIP_NULL_SHA1,
- HIP_HIP_3DES_SHA1,
- HIP_HIP_AES_SHA1};
- uint16_t supported_esp_tf[] = { HIP_ESP_NULL_SHA1,
- HIP_ESP_3DES_SHA1,
- HIP_ESP_AES_SHA1 };
- const uint16_t *table = NULL;
+ hip_tlv_type_t type;
+ uint16_t supported_hip_tf[] = { HIP_HIP_NULL_SHA1,
+ HIP_HIP_3DES_SHA1,
+ HIP_HIP_AES_SHA1 };
+ uint16_t supported_esp_tf[] = { HIP_ESP_NULL_SHA1,
+ HIP_ESP_3DES_SHA1,
+ HIP_ESP_AES_SHA1 };
+ const uint16_t *table = NULL;
const uint16_t *tfm;
- int table_n = 0, pkt_tfms = 0, i;
+ int table_n = 0, pkt_tfms = 0, i;
type = hip_get_param_type(transform_tlv);
if (type == HIP_PARAM_HIP_TRANSFORM) {
table = supported_hip_tf;
table_n = sizeof(supported_hip_tf) / sizeof(uint16_t);
- tfm = (const uint16_t*) ((const uint8_t *) transform_tlv +
sizeof(struct hip_tlv_common));
+ tfm = (const uint16_t *) ((const uint8_t *) transform_tlv +
sizeof(struct hip_tlv_common));
pkt_tfms = hip_get_param_contents_len(transform_tlv) /
sizeof(uint16_t);
} else if (type == HIP_PARAM_ESP_TRANSFORM) {
- table = supported_esp_tf;
- table_n = sizeof(supported_esp_tf) / sizeof(uint16_t);
- tfm = (const uint16_t*) ((const uint8_t *) transform_tlv +
- sizeof(struct hip_tlv_common) + sizeof(uint16_t));
+ table = supported_esp_tf;
+ table_n = sizeof(supported_esp_tf) / sizeof(uint16_t);
+ tfm = (const uint16_t *) ((const uint8_t *) transform_tlv +
+ sizeof(struct hip_tlv_common) +
sizeof(uint16_t));
pkt_tfms = (hip_get_param_contents_len(transform_tlv) -
sizeof(uint16_t)) / sizeof(uint16_t);
} else {
HIP_ERROR("Invalid type %u\n", type);
@@ -2819,7 +2819,7 @@
uint8_t *transforms)
{
struct esp_prot_preferred_tfms prot_transforms;
- int err = 0, i;
+ int err = 0, i;
hip_set_param_type((struct hip_tlv_common *) &prot_transforms,
HIP_PARAM_ESP_PROT_TRANSFORMS);
@@ -2863,7 +2863,7 @@
int hash_length,
int hash_item_length)
{
- int err = 0;
+ int err = 0;
struct esp_prot_anchor esp_anchor;
HIP_ASSERT(msg != NULL);
@@ -2898,7 +2898,7 @@
hip_set_param_contents_len((struct hip_tlv_common *) &esp_anchor,
sizeof(uint8_t) + sizeof(uint32_t) + 2
- * hash_length);
+ * hash_length);
err = hip_build_generic_param(msg,
&esp_anchor,
@@ -2931,7 +2931,7 @@
int branch_length,
const unsigned char *branch_nodes)
{
- int err = 0;
+ int err = 0;
struct esp_prot_branch branch;
HIP_ASSERT(msg != NULL);
@@ -2948,7 +2948,7 @@
memcpy(&branch.branch_nodes[0], branch_nodes, branch_length);
hip_set_param_contents_len((struct hip_tlv_common *) &branch, 2
- * sizeof(uint32_t) + branch_length);
+ * sizeof(uint32_t) + branch_length);
err = hip_build_generic_param(msg,
&branch,
@@ -2974,7 +2974,7 @@
int secret_length,
const unsigned char *secret)
{
- int err = 0;
+ int err = 0;
struct esp_prot_secret esp_secret;
HIP_ASSERT(msg != NULL);
@@ -3013,7 +3013,7 @@
uint8_t root_length,
unsigned char *root)
{
- int err = 0;
+ int err = 0;
struct esp_prot_root esp_root;
HIP_ASSERT(msg != NULL);
@@ -3058,7 +3058,7 @@
uint32_t old_spi,
uint32_t new_spi)
{
- int err = 0;
+ int err = 0;
struct hip_esp_info esp_info;
hip_set_param_type((struct hip_tlv_common *) &esp_info,
HIP_PARAM_ESP_INFO);
@@ -3067,10 +3067,10 @@
sizeof(struct hip_esp_info),
0);
- esp_info.reserved = htonl(0);
+ esp_info.reserved = htonl(0);
esp_info.keymat_index = htons(keymat_index);
- esp_info.old_spi = htonl(old_spi);
- esp_info.new_spi = htonl(new_spi);
+ esp_info.old_spi = htonl(old_spi);
+ esp_info.new_spi = htonl(new_spi);
err = hip_build_param(msg, &esp_info);
return err;
@@ -3091,7 +3091,7 @@
int hip_build_param_encrypted_3des_sha1(struct hip_common *msg,
struct hip_tlv_common *param)
{
- int err = 0;
+ int err = 0;
struct hip_encrypted_3des_sha1 enc;
hip_set_param_type((struct hip_tlv_common *) &enc, HIP_PARAM_ENCRYPTED);
@@ -3122,7 +3122,7 @@
int hip_build_param_encrypted_null_sha1(struct hip_common *msg,
struct hip_tlv_common *param)
{
- int err = 0;
+ int err = 0;
struct hip_encrypted_null_sha1 enc;
hip_set_param_type((struct hip_tlv_common *) &enc, HIP_PARAM_ENCRYPTED);
@@ -3133,7 +3133,7 @@
/* copy the IV *IF* needed, and then the encrypted data */
- err = hip_build_generic_param(msg, &enc, sizeof(enc), param);
+ err = hip_build_generic_param(msg, &enc, sizeof(enc), param);
return err;
}
@@ -3150,7 +3150,7 @@
int hip_build_host_id_from_param(const struct hip_host_id *wire_host_id,
struct hip_host_id *peer_host_id)
{
- int err = 0;
+ int err = 0;
uint16_t header_len;
uint16_t key_len;
uint16_t fqdn_len;
@@ -3158,12 +3158,12 @@
-1, "Param has wrong type (not HIP_PARAM_HOST_ID)");
// copy the header, key and fqdn
- header_len = sizeof(struct hip_host_id) -
- sizeof(peer_host_id->key) -
- sizeof(peer_host_id->hostname);
- fqdn_len = ntohs(wire_host_id->di_type_length) & 0x0FFF;
- key_len = ntohs(wire_host_id->hi_length) -
- sizeof(struct hip_host_id_key_rdata);
+ header_len = sizeof(struct hip_host_id) -
+ sizeof(peer_host_id->key) -
+ sizeof(peer_host_id->hostname);
+ fqdn_len = ntohs(wire_host_id->di_type_length) & 0x0FFF;
+ key_len = ntohs(wire_host_id->hi_length) -
+ sizeof(struct hip_host_id_key_rdata);
memcpy(peer_host_id, wire_host_id, header_len);
memcpy(peer_host_id->key, wire_host_id->key, key_len);
memcpy(peer_host_id->hostname, &wire_host_id->key[key_len], fqdn_len);
@@ -3190,18 +3190,18 @@
const struct hip_host_id *host_id)
{
struct hip_host_id new_host_id;
- uint16_t header_len;
- uint16_t fqdn_len;
- uint16_t key_len;
- uint16_t par_len;
+ uint16_t header_len;
+ uint16_t fqdn_len;
+ uint16_t key_len;
+ uint16_t par_len;
// eliminate unused space by copying fqdn directly behind the keyrr
- header_len = sizeof(struct hip_host_id) -
- sizeof(host_id->key) -
- sizeof(host_id->hostname);
- fqdn_len = ntohs(host_id->di_type_length) & 0x0FFF;
- key_len = ntohs(host_id->hi_length) -
- sizeof(struct hip_host_id_key_rdata);
+ header_len = sizeof(struct hip_host_id) -
+ sizeof(host_id->key) -
+ sizeof(host_id->hostname);
+ fqdn_len = ntohs(host_id->di_type_length) & 0x0FFF;
+ key_len = ntohs(host_id->hi_length) -
+ sizeof(struct hip_host_id_key_rdata);
memcpy(&new_host_id, host_id, header_len);
memcpy(&new_host_id.key[0], host_id->key, key_len);
memcpy(&new_host_id.key[key_len], host_id->hostname, fqdn_len);
@@ -3238,7 +3238,7 @@
fqdn_len = 0;
}
- host_id_hdr->hi_length = htons(hi_len);
+ host_id_hdr->hi_length = htons(hi_len);
/* length = 12 bits, di_type = 4 bits */
host_id_hdr->di_type_length = htons(fqdn_len | 0x1000);
/* if the length is 0, then the type should also be zero */
@@ -3251,10 +3251,10 @@
sizeof(struct hip_host_id),
0);
- host_id_hdr->rdata.flags = htons(0x0202); /* key is for a host */
+ host_id_hdr->rdata.flags = htons(0x0202); /* key is for a host */
/* RFC 4034 obsoletes RFC 2535 and flags field differ */
- host_id_hdr->rdata.protocol = 0xFF; /* RFC 2535 */
+ host_id_hdr->rdata.protocol = 0xFF; /* RFC 2535 */
/* algo is 8 bits, no htons */
host_id_hdr->rdata.algorithm = algorithm;
}
@@ -3308,7 +3308,7 @@
fqdn_len = 0;
}
- host_id_hdr->hi_length = htons(hi_len);
+ host_id_hdr->hi_length = htons(hi_len);
/* length = 12 bits, di_type = 4 bits */
host_id_hdr->di_type_length = htons(fqdn_len | 0x1000);
/* if the length is 0, then the type should also be zero */
@@ -3321,10 +3321,10 @@
sizeof(struct hip_host_id_priv),
0);
- host_id_hdr->rdata.flags = htons(0x0202); /* key is for a host */
+ host_id_hdr->rdata.flags = htons(0x0202); /* key is for a host */
/* RFC 4034 obsoletes RFC 2535 and flags field differ */
- host_id_hdr->rdata.protocol = 0xFF; /* RFC 2535 */
+ host_id_hdr->rdata.protocol = 0xFF; /* RFC 2535 */
/* algo is 8 bits, no htons */
host_id_hdr->rdata.algorithm = algorithm;
}
@@ -3342,8 +3342,8 @@
const char **id,
int *len)
{
- int type;
- static const char *debuglist[3] = {"none", "FQDN", "NAI"};
+ int type;
+ static const char *debuglist[3] = { "none", "FQDN", "NAI" };
type = ntohs(host->di_type_length);
*len = type & 0x0FFF;
@@ -3430,7 +3430,7 @@
const struct endpoint_hip
*endpoint)
{
struct hip_eid_endpoint eid_endpoint;
- int err = 0;
+ int err = 0;
HIP_ASSERT(endpoint->flags & HIP_ENDPOINT_FLAG_HIT);
@@ -3495,7 +3495,7 @@
uint8_t id, uint8_t type, void *data, size_t size)
{
struct hip_cert cert;
- int err;
+ int err;
hip_set_param_type((struct hip_tlv_common *) &cert, HIP_PARAM_CERT);
hip_calc_param_len((struct hip_tlv_common *) &cert, sizeof(struct
hip_cert) -
@@ -3521,13 +3521,13 @@
*/
int hip_build_param_heartbeat(struct hip_common *msg, int seconds)
{
- int err = 0;
+ int err = 0;
struct hip_heartbeat heartbeat;
hip_set_param_type((struct hip_tlv_common *) &heartbeat,
HIP_PARAM_HEARTBEAT);
hip_calc_param_len((struct hip_tlv_common *) &heartbeat,
sizeof(struct hip_heartbeat)
- - sizeof(struct hip_tlv_common));
+ - sizeof(struct hip_tlv_common));
memcpy(&heartbeat.heartbeat, &seconds, sizeof(seconds));
err = hip_build_param(msg, &heartbeat);
@@ -3547,15 +3547,15 @@
*/
int hip_build_param_transform_order(struct hip_common *msg, int order)
{
- int err = 0;
+ int err = 0;
struct hip_transformation_order transorder;
hip_set_param_type((struct hip_tlv_common *) &transorder,
HIP_PARAM_TRANSFORM_ORDER);
hip_calc_param_len((struct hip_tlv_common *) &transorder,
sizeof(struct hip_transformation_order)
- - sizeof(struct hip_tlv_common));
+ - sizeof(struct hip_tlv_common));
transorder.transorder = order;
- err = hip_build_param(msg, &transorder);
+ err = hip_build_param(msg, &transorder);
return err;
}
@@ -3572,7 +3572,7 @@
int hip_build_param_cert_spki_info(struct hip_common *msg,
struct hip_cert_spki_info *cert_info)
{
- int err = 0;
+ int err = 0;
struct hip_cert_spki_info local;
memset(&local, '\0', sizeof(struct hip_cert_spki_info));
memcpy(&local, cert_info, sizeof(struct hip_cert_spki_info));
@@ -3580,7 +3580,7 @@
HIP_PARAM_CERT_SPKI_INFO);
hip_calc_param_len((struct hip_tlv_common *) &local,
sizeof(struct hip_cert_spki_info)
- - sizeof(struct hip_tlv_common));
+ - sizeof(struct hip_tlv_common));
err = hip_build_param(msg, &local);
return err;
}
@@ -3598,13 +3598,13 @@
*/
int hip_build_param_cert_x509_req(struct hip_common *msg, struct in6_addr
*addr)
{
- int err = 0;
+ int err = 0;
struct hip_cert_x509_req subj;
hip_set_param_type((struct hip_tlv_common *) &subj,
HIP_PARAM_CERT_X509_REQ);
hip_calc_param_len((struct hip_tlv_common *) &subj,
sizeof(struct hip_cert_x509_req)
- - sizeof(struct hip_tlv_common));
+ - sizeof(struct hip_tlv_common));
ipv6_addr_copy(&subj.addr, addr);
err = hip_build_param(msg, &subj);
return err;
@@ -3624,16 +3624,16 @@
*/
int hip_build_param_cert_x509_ver(struct hip_common *msg, char *der, int len)
{
- int err = 0;
+ int err = 0;
struct hip_cert_x509_resp subj;
hip_set_param_type((struct hip_tlv_common *) &subj,
HIP_PARAM_CERT_X509_REQ);
hip_calc_param_len((struct hip_tlv_common *) &subj,
sizeof(struct hip_cert_x509_resp)
- - sizeof(struct hip_tlv_common));
+ - sizeof(struct hip_tlv_common));
memcpy(&subj.der, der, len);
subj.der_len = len;
- err = hip_build_param(msg, &subj);
+ err = hip_build_param(msg, &subj);
return err;
}
@@ -3651,13 +3651,13 @@
*/
int hip_build_param_cert_x509_resp(struct hip_common *msg, char *der, int len)
{
- int err = 0;
+ int err = 0;
struct hip_cert_x509_resp local;
hip_set_param_type((struct hip_tlv_common *) &local,
HIP_PARAM_CERT_X509_RESP);
hip_calc_param_len((struct hip_tlv_common *) &local,
sizeof(struct hip_cert_x509_resp)
- - sizeof(struct hip_tlv_common));
+ - sizeof(struct hip_tlv_common));
memcpy(&local.der, der, len);
local.der_len = len;
err = hip_build_param(msg, &local);
@@ -3674,13 +3674,13 @@
*/
int hip_build_param_hit_to_ip_set(struct hip_common *msg, const char *name)
{
- int err = 0;
+ int err = 0;
struct hip_hit_to_ip_set name_info;
hip_set_param_type((struct hip_tlv_common *) &name_info,
HIP_PARAM_HIT_TO_IP_SET);
hip_calc_param_len((struct hip_tlv_common *) &name_info,
sizeof(struct hip_hit_to_ip_set)
- - sizeof(struct hip_tlv_common));
+ - sizeof(struct hip_tlv_common));
strcpy(name_info.name, name);
err = hip_build_param(msg, &name_info);
@@ -3704,9 +3704,9 @@
se_hip_flags_t endpoint_flags,
const char *hostname)
{
- int err = 0;
- unsigned char *dsa_key_rr = NULL;
- int dsa_key_rr_len;
+ int err = 0;
+ unsigned char *dsa_key_rr = NULL;
+ int dsa_key_rr_len;
struct endpoint_hip endpoint_hdr;
dsa_key_rr_len = dsa_to_dns_key_rr(dsa, &dsa_key_rr);
@@ -3756,9 +3756,9 @@
se_hip_flags_t endpoint_flags,
const char *hostname)
{
- int err = 0;
- unsigned char *rsa_key_rr = NULL;
- int rsa_key_rr_len;
+ int err = 0;
+ unsigned char *rsa_key_rr = NULL;
+ int rsa_key_rr_len;
struct endpoint_hip endpoint_hdr;
HIP_DEBUG("rsa_to_hip_endpoint called\n");
@@ -3808,36 +3808,36 @@
int is_public,
int is_dsa)
{
- int err = 0, key_rr_len;
- unsigned char *key_rr = NULL;
- char hostname[HIP_HOST_ID_HOSTNAME_LEN_MAX];
- struct hip_host_id_priv *host_id = NULL;
- struct hip_host_id *host_id_pub = NULL;
- RSA *rsa_key = (RSA *) any_key;
- DSA *dsa_key = (DSA *) any_key;
+ int err = 0, key_rr_len;
+ unsigned char *key_rr = NULL;
+ char hostname[HIP_HOST_ID_HOSTNAME_LEN_MAX];
+ struct hip_host_id_priv *host_id = NULL;
+ struct hip_host_id *host_id_pub = NULL;
+ RSA *rsa_key = (RSA *) any_key;
+ DSA *dsa_key = (DSA *) any_key;
memset(hostname, 0, HIP_HOST_ID_HOSTNAME_LEN_MAX);
HIP_IFEL(gethostname(hostname, HIP_HOST_ID_HOSTNAME_LEN_MAX - 1), -1,
- "gethostname failed\n");
+ "gethostname failed\n");
if (is_dsa) {
HIP_IFEL(((key_rr_len = dsa_to_dns_key_rr(dsa_key, &key_rr)) <= 0), -1,
- "key_rr_len\n");
+ "key_rr_len\n");
if (is_public) {
HIP_IFEL(!(host_id_pub = malloc(sizeof(struct hip_host_id))),
- -ENOMEM, "malloc\n");
+ -ENOMEM, "malloc\n");
host_id_pub->hi_length = htons(key_rr_len
- + sizeof(struct hip_host_id_key_rdata));
+ + sizeof(struct
hip_host_id_key_rdata));
memcpy(&host_id_pub->key, key_rr, key_rr_len);
HIP_IFEL(hip_dsa_host_id_to_hit(host_id_pub, hit,
HIP_HIT_TYPE_HASH100),
- -1, "conversion from host id to hit failed\n");
+ -1, "conversion from host id to hit failed\n");
} else {
HIP_IFEL(!(host_id = malloc(sizeof(struct hip_host_id_priv))),
- -ENOMEM,
- "malloc\n");
+ -ENOMEM,
+ "malloc\n");
host_id->hi_length = htons(key_rr_len
- + sizeof(struct hip_host_id_key_rdata));
+ + sizeof(struct hip_host_id_key_rdata));
memcpy(&host_id->key, key_rr, key_rr_len);
HIP_IFEL(hip_private_dsa_host_id_to_hit(host_id, hit,
HIP_HIT_TYPE_HASH100),
@@ -3929,7 +3929,7 @@
const in_port_t port)
{
struct hip_reg_from reg_from;
- int err = 0;
+ int err = 0;
hip_set_param_type((struct hip_tlv_common *) ®_from,
HIP_PARAM_REG_FROM);
ipv6_addr_copy((struct in6_addr *) ®_from.address, addr);
@@ -3939,7 +3939,7 @@
reg_from.reserved = 0;
reg_from.protocol = HIP_NAT_PROTO_UDP;
hip_calc_generic_param_len((struct hip_tlv_common *) ®_from,
sizeof(reg_from), 0);
- err = hip_build_param(msg, ®_from);
+ err = hip_build_param(msg, ®_from);
return err;
}
@@ -3958,13 +3958,13 @@
const in_port_t port,
hip_tlv_type_t hipparam)
{
- int err = 0;
+ int err = 0;
struct hip_port_info nat_port;
hip_set_param_type((struct hip_tlv_common *) &nat_port, hipparam);
nat_port.port = port;
hip_calc_generic_param_len((struct hip_tlv_common *) &nat_port,
sizeof(nat_port), 0);
- err = hip_build_param(msg, &nat_port);
+ err = hip_build_param(msg, &nat_port);
return err;
}
@@ -4020,12 +4020,12 @@
const in_port_t port)
{
struct hip_relay_from relay_from;
- int err = 0;
+ int err = 0;
hip_set_param_type((struct hip_tlv_common *) &relay_from,
HIP_PARAM_RELAY_FROM);
ipv6_addr_copy((struct in6_addr *) &relay_from.address, addr);
- relay_from.port = htons(port);
+ relay_from.port = htons(port);
relay_from.reserved = 0;
relay_from.protocol = HIP_NAT_PROTO_UDP;
hip_calc_generic_param_len((struct hip_tlv_common *) &relay_from,
@@ -4047,7 +4047,7 @@
const struct in6_addr *addr)
{
struct hip_from from;
- int err = 0;
+ int err = 0;
hip_set_param_type((struct hip_tlv_common *) &from, HIP_PARAM_FROM);
ipv6_addr_copy((struct in6_addr *) &from.address, addr);
=== modified file 'lib/core/builder.h'
--- lib/core/builder.h 2010-12-08 18:30:17 +0000
+++ lib/core/builder.h 2011-01-03 16:06:13 +0000
@@ -187,7 +187,7 @@
int hip_check_userspace_msg_type(const struct hip_common *);
void hip_dump_msg(const struct hip_common *);
struct hip_dh_public_value
- *hip_dh_select_key(struct hip_diffie_hellman *);
+*hip_dh_select_key(struct hip_diffie_hellman *);
uint8_t hip_get_host_id_algo(const struct hip_host_id *);
int hip_get_lifetime_value(time_t seconds, uint8_t *lifetime);
int hip_get_lifetime_seconds(uint8_t lifetime, time_t *seconds);
@@ -200,7 +200,7 @@
struct hip_tlv_common *hip_get_next_param_readwrite(struct hip_common *,
struct hip_tlv_common *);
const void *hip_get_param(const struct hip_common *, hip_tlv_type_t);
-void *hip_get_param_readwrite(struct hip_common *, hip_tlv_type_t);
+void *hip_get_param_readwrite(struct hip_common *, hip_tlv_type_t);
const void *hip_get_param_contents(const struct hip_common *, hip_tlv_type_t);
const void *hip_get_param_contents_direct(const void *);
void *hip_get_param_contents_direct_readwrite(void *);
=== modified file 'lib/core/capability.c'
--- lib/core/capability.c 2010-10-18 17:44:31 +0000
+++ lib/core/capability.c 2011-01-03 16:06:13 +0000
@@ -64,10 +64,10 @@
*/
static int hip_user_to_uid(const char *name)
{
- int uid = -1;
- int i;
+ int uid = -1;
+ int i;
struct passwd *pwp = NULL, pw;
- char buf[4096];
+ char buf[4096];
setpwent();
while (1) {
@@ -117,9 +117,9 @@
int uid = -1;
struct __user_cap_header_struct header;
- struct __user_cap_data_struct data;
+ struct __user_cap_data_struct data;
- header.pid = 0;
+ header.pid = 0;
/* note: CentOS 5.5 lacks _LINUX_CAPABILITY_VERSION_1 constant */
header.version = _LINUX_CAPABILITY_VERSION;
data.effective = data.permitted = data.inheritable = 0;
@@ -152,7 +152,7 @@
HIP_DEBUG("effective=%u, permitted = %u, inheritable=%u\n",
data.effective, data.permitted, data.inheritable);
HIP_DEBUG("Going to clear all capabilities except the ones needed\n");
- data.effective = data.permitted = data.inheritable = 0;
+ data.effective = data.permitted = data.inheritable = 0;
/* for CAP_NET_RAW capability */
data.effective |= (1 << CAP_NET_RAW);
data.permitted |= (1 << CAP_NET_RAW);
=== modified file 'lib/core/certtools.c'
--- lib/core/certtools.c 2010-12-06 19:57:47 +0000
+++ lib/core/certtools.c 2011-01-03 16:06:13 +0000
@@ -51,8 +51,8 @@
#include "certtools.h"
/*******************************************************************************
-* FUNCTIONS FOR SPKI *
-*******************************************************************************/
+ * FUNCTIONS FOR SPKI
*
+
*******************************************************************************/
/**
* Function that verifies the signature in
@@ -66,29 +66,29 @@
*/
int hip_cert_spki_lib_verify(struct hip_cert_spki_info *cert)
{
- int err = 0, start = 0, stop = 0, evpret = 0, keylen = 0, algo = 0;
+ int err = 0, start = 0, stop = 0, evpret = 0, keylen = 0, algo = 0;
char buf[200];
- unsigned char sha_digest[21];
+ unsigned char sha_digest[21];
unsigned char *sha_retval;
unsigned char *signature_hash = NULL;
unsigned char *signature_hash_b64 = NULL;
unsigned char *signature_b64 = NULL;
- unsigned char *signature = NULL;
+ unsigned char *signature = NULL;
/** RSA */
- RSA *rsa = NULL;
- unsigned
Other related posts:
