Stefan Götz has proposed merging lp:~stefan.goetz/hipl/style-check-hook-review into lp:hipl. Requested reviews: HIPL core team (hipl-core) For more details, see: https://code.launchpad.net/~stefan.goetz/hipl/style-check-hook-review/+merge/45051 This branch contains: 1) a pre-commit hook for bazaar that aborts a commit if the code to be committed does adhere to the HIPL style guide lines. 2) all HIPL code has been automatically beautified so that the pre-commit hook only complains about newly introduced style violations. -- The attached diff has been truncated due to its size. https://code.launchpad.net/~stefan.goetz/hipl/style-check-hook-review/+merge/45051 Your team HIPL core team is requested to review the proposed merge of lp:~stefan.goetz/hipl/style-check-hook-review into lp:hipl.
=== added file '.uncrustify-0.57.cfg' --- .uncrustify-0.57.cfg 1970-01-01 00:00:00 +0000 +++ .uncrustify-0.57.cfg 2011-01-03 16:06:13 +0000 @@ -0,0 +1,1376 @@ +# Uncrustify 0.57 + +# +# General options +# + +# The type of line endings +newlines = lf # auto/lf/crlf/cr + +# The original size of tabs in the input +input_tab_size = 8 # number + +# The size of tabs in the output (only used if align_with_tabs=true) +output_tab_size = 4 # number + +# The ASCII value of the string escape char, usually 92 (\) or 94 (^). (Pawn) +string_escape_char = 92 # number + +# Alternate string escape char for Pawn. Only works right before the quote char. +string_escape_char2 = 0 # number + +# +# Indenting +# + +# The number of columns to indent per level. +# Usually 2, 3, 4, or 8. +indent_columns = 4 # number + +# The continuation indent. If non-zero, this overrides the indent of '(' and '=' continuation indents. +# For FreeBSD, this is set to 4. +indent_continue = 0 # number + +# How to use tabs when indenting code +# 0=spaces only +# 1=indent with tabs to brace level, align with spaces +# 2=indent and align with tabs, using spaces when not on a tabstop +indent_with_tabs = 0 # number + +# Comments that are not a brace level are indented with tabs on a tabstop. +# Requires indent_with_tabs=2. If false, will use spaces. +indent_cmt_with_tabs = false # false/true + +# Whether to indent strings broken by '\' so that they line up +indent_align_string = true # false/true + +# The number of spaces to indent multi-line XML strings. +# Requires indent_align_string=True +indent_xml_string = 0 # number + +# Spaces to indent '{' from level +indent_brace = 0 # number + +# Whether braces are indented to the body level +indent_braces = false # false/true + +# Disabled indenting function braces if indent_braces is true +indent_braces_no_func = false # false/true + +# Disabled indenting class braces if indent_braces is true +indent_braces_no_class = false # false/true + +# Disabled indenting struct braces if indent_braces is true +indent_braces_no_struct = false # false/true + +# Indent based on the size of the brace parent, i.e. 'if' => 3 spaces, 'for' => 4 spaces, etc. +indent_brace_parent = false # false/true + +# Whether the 'namespace' body is indented +indent_namespace = false # false/true + +# The number of spaces to indent a namespace block +indent_namespace_level = 0 # number + +# If the body of the namespace is longer than this number, it won't be indented. +# Requires indent_namespace=true. Default=0 (no limit) +indent_namespace_limit = 0 # number + +# Whether the 'extern "C"' body is indented +indent_extern = false # false/true + +# Whether the 'class' body is indented +indent_class = false # false/true + +# Whether to indent the stuff after a leading class colon +indent_class_colon = false # false/true + +# False=treat 'else\nif' as 'else if' for indenting purposes +# True=indent the 'if' one level +indent_else_if = false # false/true + +# Amount to indent variable declarations after a open brace. neg=relative, pos=absolute +indent_var_def_blk = 0 # number + +# Indent continued variable declarations instead of aligning. +indent_var_def_cont = false # false/true + +# True: indent continued function call parameters one indent level +# False: align parameters under the open paren +indent_func_call_param = false # false/true + +# Same as indent_func_call_param, but for function defs +indent_func_def_param = false # false/true + +# Same as indent_func_call_param, but for function protos +indent_func_proto_param = false # false/true + +# Same as indent_func_call_param, but for class declarations +indent_func_class_param = false # false/true + +# Same as indent_func_call_param, but for class variable constructors +indent_func_ctor_var_param = false # false/true + +# Same as indent_func_call_param, but for templates +indent_template_param = false # false/true + +# Double the indent for indent_func_xxx_param options +indent_func_param_double = false # false/true + +# Indentation column for standalone 'const' function decl/proto qualifier +indent_func_const = 0 # number + +# Indentation column for standalone 'throw' function decl/proto qualifier +indent_func_throw = 0 # number + +# The number of spaces to indent a continued '->' or '.' +# Usually set to 0, 1, or indent_columns. +indent_member = 0 # number + +# Spaces to indent single line ('//') comments on lines before code +indent_sing_line_comments = 0 # number + +# If set, will indent trailing single line ('//') comments relative +# to the code instead of trying to keep the same absolute column +indent_relative_single_line_comments = false # false/true + +# Spaces to indent 'case' from 'switch' +# Usually 0 or indent_columns. +indent_switch_case = 0 # number + +# Spaces to shift the 'case' line, without affecting any other lines +# Usually 0. +indent_case_shift = 0 # number + +# Spaces to indent '{' from 'case'. +# By default, the brace will appear under the 'c' in case. +# Usually set to 0 or indent_columns. +indent_case_brace = 0 # number + +# Whether to indent comments found in first column +indent_col1_comment = false # false/true + +# How to indent goto labels +# >0 : absolute column where 1 is the leftmost column +# <=0 : subtract from brace indent +indent_label = 1 # number + +# Same as indent_label, but for access specifiers that are followed by a colon +indent_access_spec = 1 # number + +# Indent the code after an access specifier by one level. +# If set, this option forces 'indent_access_spec=0' +indent_access_spec_body = false # false/true + +# If an open paren is followed by a newline, indent the next line so that it lines up after the open paren (not recommended) +indent_paren_nl = false # false/true + +# Controls the indent of a close paren after a newline. +# 0: Indent to body level +# 1: Align under the open paren +# 2: Indent to the brace level +indent_paren_close = 0 # number + +# Controls the indent of a comma when inside a paren.If TRUE, aligns under the open paren +indent_comma_paren = false # false/true + +# Controls the indent of a BOOL operator when inside a paren.If TRUE, aligns under the open paren +indent_bool_paren = false # false/true + +# If 'indent_bool_paren' is true, controls the indent of the first expression. If TRUE, aligns the first expression to the following ones +indent_first_bool_expr = false # false/true + +# If an open square is followed by a newline, indent the next line so that it lines up after the open square (not recommended) +indent_square_nl = false # false/true + +# Don't change the relative indent of ESQL/C 'EXEC SQL' bodies +indent_preserve_sql = false # false/true + +# Align continued statements at the '='. Default=True +# If FALSE or the '=' is followed by a newline, the next line is indent one tab. +indent_align_assign = true # false/true + +# +# Spacing options +# + +# Add or remove space around arithmetic operator '+', '-', '/', '*', etc +sp_arith = add # ignore/add/remove/force + +# Add or remove space around assignment operator '=', '+=', etc +sp_assign = add # ignore/add/remove/force + +# Add or remove space around assignment operator '=' in a prototype +sp_assign_default = add # ignore/add/remove/force + +# Add or remove space before assignment operator '=', '+=', etc. Overrides sp_assign. +sp_before_assign = ignore # ignore/add/remove/force + +# Add or remove space after assignment operator '=', '+=', etc. Overrides sp_assign. +sp_after_assign = ignore # ignore/add/remove/force + +# Add or remove space around assignment '=' in enum +sp_enum_assign = add # ignore/add/remove/force + +# Add or remove space before assignment '=' in enum. Overrides sp_enum_assign. +sp_enum_before_assign = ignore # ignore/add/remove/force + +# Add or remove space after assignment '=' in enum. Overrides sp_enum_assign. +sp_enum_after_assign = ignore # ignore/add/remove/force + +# Add or remove space around preprocessor '##' concatenation operator. Default=Add +sp_pp_concat = add # ignore/add/remove/force + +# Add or remove space after preprocessor '#' stringify operator. Also affects the '#@' charizing operator. Default=Add +sp_pp_stringify = add # ignore/add/remove/force + +# Add or remove space around boolean operators '&&' and '||' +sp_bool = add # ignore/add/remove/force + +# Add or remove space around compare operator '<', '>', '==', etc +sp_compare = add # ignore/add/remove/force + +# Add or remove space inside '(' and ')' +sp_inside_paren = remove # ignore/add/remove/force + +# Add or remove space between nested parens +sp_paren_paren = remove # ignore/add/remove/force + +# Whether to balance spaces inside nested parens +sp_balance_nested_parens = false # false/true + +# Add or remove space between ')' and '{' +sp_paren_brace = force # ignore/add/remove/force + +# Add or remove space before pointer star '*' +sp_before_ptr_star = add # ignore/add/remove/force + +# Add or remove space before pointer star '*' that isn't followed by a variable name +# If set to 'ignore', sp_before_ptr_star is used instead. +sp_before_unnamed_ptr_star = ignore # ignore/add/remove/force + +# Add or remove space between pointer stars '*' +sp_between_ptr_star = remove # ignore/add/remove/force + +# Add or remove space after pointer star '*', if followed by a word. +sp_after_ptr_star = remove # ignore/add/remove/force + +# Add or remove space after a pointer star '*', if followed by a func proto/def. +sp_after_ptr_star_func = remove # ignore/add/remove/force + +# Add or remove space before a pointer star '*', if followed by a func proto/def. +sp_before_ptr_star_func = ignore # ignore/add/remove/force + +# Add or remove space before a reference sign '&' +sp_before_byref = force # ignore/add/remove/force + +# Add or remove space before a reference sign '&' that isn't followed by a variable name +# If set to 'ignore', sp_before_byref is used instead. +sp_before_unnamed_byref = add # ignore/add/remove/force + +# Add or remove space after reference sign '&', if followed by a word. +sp_after_byref = ignore # ignore/add/remove/force + +# Add or remove space after a reference sign '&', if followed by a func proto/def. +sp_after_byref_func = ignore # ignore/add/remove/force + +# Add or remove space before a reference sign '&', if followed by a func proto/def. +sp_before_byref_func = ignore # ignore/add/remove/force + +# Add or remove space between type and word. Default=Force +sp_after_type = ignore # ignore/add/remove/force + +# Add or remove space in 'template <' vs 'template<'. +# If set to ignore, sp_before_angle is used. +sp_template_angle = ignore # ignore/add/remove/force + +# Add or remove space before '<>' +sp_before_angle = ignore # ignore/add/remove/force + +# Add or remove space inside '<' and '>' +sp_inside_angle = ignore # ignore/add/remove/force + +# Add or remove space after '<>' +sp_after_angle = ignore # ignore/add/remove/force + +# Add or remove space between '<>' and '(' as found in 'new List<byte>();' +sp_angle_paren = ignore # ignore/add/remove/force + +# Add or remove space between '<>' and a word as in 'List<byte> m;' +sp_angle_word = ignore # ignore/add/remove/force + +# Add or remove space between '>' and '>' in '>>' (template stuff C++/C# only). Default=Add +sp_angle_shift = add # ignore/add/remove/force + +# Add or remove space before '(' of 'if', 'for', 'switch', and 'while' +sp_before_sparen = add # ignore/add/remove/force + +# Add or remove space inside if-condition '(' and ')' +sp_inside_sparen = remove # ignore/add/remove/force + +# Add or remove space before if-condition ')'. Overrides sp_inside_sparen. +sp_inside_sparen_close = ignore # ignore/add/remove/force + +# Add or remove space after ')' of 'if', 'for', 'switch', and 'while' +sp_after_sparen = ignore # ignore/add/remove/force + +# Add or remove space between ')' and '{' of 'if', 'for', 'switch', and 'while' +sp_sparen_brace = add # ignore/add/remove/force + +# Add or remove space between 'invariant' and '(' in the D language. +sp_invariant_paren = ignore # ignore/add/remove/force + +# Add or remove space after the ')' in 'invariant (C) c' in the D language. +sp_after_invariant_paren = ignore # ignore/add/remove/force + +# Add or remove space before empty statement ';' on 'if', 'for' and 'while' +sp_special_semi = add # ignore/add/remove/force + +# Add or remove space before ';'. Default=Remove +sp_before_semi = remove # ignore/add/remove/force + +# Add or remove space before ';' in non-empty 'for' statements +sp_before_semi_for = ignore # ignore/add/remove/force + +# Add or remove space before a semicolon of an empty part of a for statement. +sp_before_semi_for_empty = ignore # ignore/add/remove/force + +# Add or remove space after ';', except when followed by a comment. Default=Add +sp_after_semi = add # ignore/add/remove/force + +# Add or remove space after ';' in non-empty 'for' statements. Default=Force +sp_after_semi_for = force # ignore/add/remove/force + +# Add or remove space after the final semicolon of an empty part of a for statement: for ( ; ; <here> ). +sp_after_semi_for_empty = ignore # ignore/add/remove/force + +# Add or remove space before '[' (except '[]') +sp_before_square = remove # ignore/add/remove/force + +# Add or remove space before '[]' +sp_before_squares = ignore # ignore/add/remove/force + +# Add or remove space inside '[' and ']' +sp_inside_square = ignore # ignore/add/remove/force + +# Add or remove space after ',' +sp_after_comma = add # ignore/add/remove/force + +# Add or remove space before ',' +sp_before_comma = remove # ignore/add/remove/force + +# Add or remove space between an open paren and comma: '(,' vs '( ,' +sp_paren_comma = force # ignore/add/remove/force + +# Add or remove space before the variadic '...' when preceded by a non-punctuator +sp_before_ellipsis = ignore # ignore/add/remove/force + +# Add or remove space after class ':' +sp_after_class_colon = ignore # ignore/add/remove/force + +# Add or remove space before class ':' +sp_before_class_colon = ignore # ignore/add/remove/force + +# Add or remove space before case ':'. Default=Remove +sp_before_case_colon = remove # ignore/add/remove/force + +# Add or remove space between 'operator' and operator sign +sp_after_operator = ignore # ignore/add/remove/force + +# Add or remove space between the operator symbol and the open paren, as in 'operator ++(' +sp_after_operator_sym = ignore # ignore/add/remove/force + +# Add or remove space after C/D cast, i.e. 'cast(int)a' vs 'cast(int) a' or '(int)a' vs '(int) a' +sp_after_cast = add # ignore/add/remove/force + +# Add or remove spaces inside cast parens +sp_inside_paren_cast = ignore # ignore/add/remove/force + +# Add or remove space between the type and open paren in a C++ cast, i.e. 'int(exp)' vs 'int (exp)' +sp_cpp_cast_paren = ignore # ignore/add/remove/force + +# Add or remove space between 'sizeof' and '(' +sp_sizeof_paren = remove # ignore/add/remove/force + +# Add or remove space after the tag keyword (Pawn) +sp_after_tag = ignore # ignore/add/remove/force + +# Add or remove space inside enum '{' and '}' +sp_inside_braces_enum = add # ignore/add/remove/force + +# Add or remove space inside struct/union '{' and '}' +sp_inside_braces_struct = add # ignore/add/remove/force + +# Add or remove space inside '{' and '}' +sp_inside_braces = add # ignore/add/remove/force + +# Add or remove space inside '{}' +sp_inside_braces_empty = remove # ignore/add/remove/force + +# Add or remove space between return type and function name +# A minimum of 1 is forced except for pointer return types. +sp_type_func = ignore # ignore/add/remove/force + +# Add or remove space between function name and '(' on function declaration +sp_func_proto_paren = remove # ignore/add/remove/force + +# Add or remove space between function name and '(' on function definition +sp_func_def_paren = remove # ignore/add/remove/force + +# Add or remove space inside empty function '()' +sp_inside_fparens = remove # ignore/add/remove/force + +# Add or remove space inside function '(' and ')' +sp_inside_fparen = remove # ignore/add/remove/force + +# Add or remove space between ']' and '(' when part of a function call. +sp_square_fparen = ignore # ignore/add/remove/force + +# Add or remove space between ')' and '{' of function +sp_fparen_brace = add # ignore/add/remove/force + +# Add or remove space between function name and '(' on function calls +sp_func_call_paren = remove # ignore/add/remove/force + +# Add or remove space between function name and '()' on function calls without parameters. +# If set to 'ignore' (the default), sp_func_call_paren is used. +sp_func_call_paren_empty = ignore # ignore/add/remove/force + +# Add or remove space between the user function name and '(' on function calls +# You need to set a keyword to be a user function, like this: 'set func_call_user _' in the config file. +sp_func_call_user_paren = ignore # ignore/add/remove/force + +# Add or remove space between a constructor/destructor and the open paren +sp_func_class_paren = ignore # ignore/add/remove/force + +# Add or remove space between 'return' and '(' +sp_return_paren = ignore # ignore/add/remove/force + +# Add or remove space between '__attribute__' and '(' +sp_attribute_paren = ignore # ignore/add/remove/force + +# Add or remove space between 'defined' and '(' in '#if defined (FOO)' +sp_defined_paren = ignore # ignore/add/remove/force + +# Add or remove space between 'throw' and '(' in 'throw (something)' +sp_throw_paren = ignore # ignore/add/remove/force + +# Add or remove space between macro and value +sp_macro = ignore # ignore/add/remove/force + +# Add or remove space between macro function ')' and value +sp_macro_func = ignore # ignore/add/remove/force + +# Add or remove space between 'else' and '{' if on the same line +sp_else_brace = force # ignore/add/remove/force + +# Add or remove space between '}' and 'else' if on the same line +sp_brace_else = add # ignore/add/remove/force + +# Add or remove space between '}' and the name of a typedef on the same line +sp_brace_typedef = add # ignore/add/remove/force + +# Add or remove space between 'catch' and '{' if on the same line +sp_catch_brace = ignore # ignore/add/remove/force + +# Add or remove space between '}' and 'catch' if on the same line +sp_brace_catch = ignore # ignore/add/remove/force + +# Add or remove space between 'finally' and '{' if on the same line +sp_finally_brace = ignore # ignore/add/remove/force + +# Add or remove space between '}' and 'finally' if on the same line +sp_brace_finally = ignore # ignore/add/remove/force + +# Add or remove space between 'try' and '{' if on the same line +sp_try_brace = ignore # ignore/add/remove/force + +# Add or remove space between get/set and '{' if on the same line +sp_getset_brace = ignore # ignore/add/remove/force + +# Add or remove space before the '::' operator +sp_before_dc = ignore # ignore/add/remove/force + +# Add or remove space after the '::' operator +sp_after_dc = ignore # ignore/add/remove/force + +# Add or remove around the D named array initializer ':' operator +sp_d_array_colon = ignore # ignore/add/remove/force + +# Add or remove space after the '!' (not) operator. Default=Remove +sp_not = remove # ignore/add/remove/force + +# Add or remove space after the '~' (invert) operator. Default=Remove +sp_inv = remove # ignore/add/remove/force + +# Add or remove space after the '&' (address-of) operator. Default=Remove +# This does not affect the spacing after a '&' that is part of a type. +sp_addr = remove # ignore/add/remove/force + +# Add or remove space around the '.' or '->' operators. Default=Remove +sp_member = remove # ignore/add/remove/force + +# Add or remove space after the '*' (dereference) operator. Default=Remove +# This does not affect the spacing after a '*' that is part of a type. +sp_deref = remove # ignore/add/remove/force + +# Add or remove space after '+' or '-', as in 'x = -5' or 'y = +7'. Default=Remove +sp_sign = remove # ignore/add/remove/force + +# Add or remove space before or after '++' and '--', as in '(--x)' or 'y++;'. Default=Remove +sp_incdec = remove # ignore/add/remove/force + +# Add or remove space before a backslash-newline at the end of a line. Default=Add +sp_before_nl_cont = add # ignore/add/remove/force + +# Add or remove space after the scope '+' or '-', as in '-(void) foo;' or '+(int) bar;' +sp_after_oc_scope = ignore # ignore/add/remove/force + +# Add or remove space after the colon in message specs +# '-(int) f:(int) x;' vs '-(int) f: (int) x;' +sp_after_oc_colon = ignore # ignore/add/remove/force + +# Add or remove space before the colon in message specs +# '-(int) f: (int) x;' vs '-(int) f : (int) x;' +sp_before_oc_colon = ignore # ignore/add/remove/force + +# Add or remove space after the colon in message specs +# '[object setValue:1];' vs '[object setValue: 1];' +sp_after_send_oc_colon = ignore # ignore/add/remove/force + +# Add or remove space before the colon in message specs +# '[object setValue:1];' vs '[object setValue :1];' +sp_before_send_oc_colon = ignore # ignore/add/remove/force + +# Add or remove space after the (type) in message specs +# '-(int)f: (int) x;' vs '-(int)f: (int)x;' +sp_after_oc_type = ignore # ignore/add/remove/force + +# Add or remove space after the first (type) in message specs +# '-(int) f:(int)x;' vs '-(int)f:(int)x;' +sp_after_oc_return_type = ignore # ignore/add/remove/force + +# Add or remove space between '@selector' and '(' +# '@selector(msgName)' vs '@selector (msgName)' +# Also applies to @protocol() constructs +sp_after_oc_at_sel = ignore # ignore/add/remove/force + +# Add or remove space between '@selector(x)' and the following word +# '@selector(foo) a:' vs '@selector(foo)a:' +sp_after_oc_at_sel_parens = ignore # ignore/add/remove/force + +# Add or remove space inside '@selector' parens +# '@selector(foo)' vs '@selector( foo )' +# Also applies to @protocol() constructs +sp_inside_oc_at_sel_parens = ignore # ignore/add/remove/force + +# Add or remove space before a block pointer caret +# '^int (int arg){...}' vs. ' ^int (int arg){...}' +sp_before_oc_block_caret = ignore # ignore/add/remove/force + +# Add or remove space after a block pointer caret +# '^int (int arg){...}' vs. '^ int (int arg){...}' +sp_after_oc_block_caret = ignore # ignore/add/remove/force + +# Add or remove space around the ':' in 'b ? t : f' +sp_cond_colon = add # ignore/add/remove/force + +# Add or remove space around the '?' in 'b ? t : f' +sp_cond_question = add # ignore/add/remove/force + +# Fix the spacing between 'case' and the label. Only 'ignore' and 'force' make sense here. +sp_case_label = ignore # ignore/add/remove/force + +# Control the space around the D '..' operator. +sp_range = ignore # ignore/add/remove/force + +# Control the space after the opening of a C++ comment '// A' vs '//A' +sp_cmt_cpp_start = ignore # ignore/add/remove/force + +# Controls the spaces between #else or #endif and a trailing comment +sp_endif_cmt = force # ignore/add/remove/force + +# +# Code alignment (not left column spaces/tabs) +# + +# Whether to keep non-indenting tabs +align_keep_tabs = false # false/true + +# Whether to use tabs for aligning +align_with_tabs = false # false/true + +# Whether to bump out to the next tab when aligning +align_on_tabstop = false # false/true + +# Whether to left-align numbers +align_number_left = false # false/true + +# Align variable definitions in prototypes and functions +align_func_params = false # false/true + +# Align parameters in single-line functions that have the same name. +# The function names must already be aligned with each other. +align_same_func_call_params = false # false/true + +# The span for aligning variable definitions (0=don't align) +align_var_def_span = 1 # number + +# How to align the star in variable definitions. +# 0=Part of the type 'void * foo;' +# 1=Part of the variable 'void *foo;' +# 2=Dangling 'void *foo;' +align_var_def_star_style = 2 # number + +# How to align the '&' in variable definitions. +# 0=Part of the type +# 1=Part of the variable +# 2=Dangling +align_var_def_amp_style = 0 # number + +# The threshold for aligning variable definitions (0=no limit) +align_var_def_thresh = 0 # number + +# The gap for aligning variable definitions +align_var_def_gap = 0 # number + +# Whether to align the colon in struct bit fields +align_var_def_colon = false # false/true + +# Whether to align any attribute after the variable name +align_var_def_attribute = false # false/true + +# Whether to align inline struct/enum/union variable definitions +align_var_def_inline = false # false/true + +# The span for aligning on '=' in assignments (0=don't align) +align_assign_span = 1 # number + +# The threshold for aligning on '=' in assignments (0=no limit) +align_assign_thresh = 0 # number + +# The span for aligning on '=' in enums (0=don't align) +align_enum_equ_span = 1 # number + +# The threshold for aligning on '=' in enums (0=no limit) +align_enum_equ_thresh = 0 # number + +# The span for aligning struct/union (0=don't align) +align_var_struct_span = 1 # number + +# The threshold for aligning struct/union member definitions (0=no limit) +align_var_struct_thresh = 0 # number + +# The gap for aligning struct/union member definitions +align_var_struct_gap = 0 # number + +# The span for aligning struct initializer values (0=don't align) +align_struct_init_span = 1 # number + +# The minimum space between the type and the synonym of a typedef +align_typedef_gap = 0 # number + +# The span for aligning single-line typedefs (0=don't align) +align_typedef_span = 0 # number + +# How to align typedef'd functions with other typedefs +# 0: Don't mix them at all +# 1: align the open paren with the types +# 2: align the function type name with the other type names +align_typedef_func = 0 # number + +# Controls the positioning of the '*' in typedefs. Just try it. +# 0: Align on typedef type, ignore '*' +# 1: The '*' is part of type name: typedef int *pint; +# 2: The '*' is part of the type, but dangling: typedef int *pint; +align_typedef_star_style = 0 # number + +# Controls the positioning of the '&' in typedefs. Just try it. +# 0: Align on typedef type, ignore '&' +# 1: The '&' is part of type name: typedef int &pint; +# 2: The '&' is part of the type, but dangling: typedef int &pint; +align_typedef_amp_style = 0 # number + +# The span for aligning comments that end lines (0=don't align) +align_right_cmt_span = 0 # number + +# If aligning comments, mix with comments after '}' and #endif with less than 3 spaces before the comment +align_right_cmt_mix = false # false/true + +# If a trailing comment is more than this number of columns away from the text it follows, +# it will qualify for being aligned. This has to be > 0 to do anything. +align_right_cmt_gap = 0 # number + +# Align trailing comment at or beyond column N; 'pulls in' comments as a bonus side effect (0=ignore) +align_right_cmt_at_col = 0 # number + +# The span for aligning function prototypes (0=don't align) +align_func_proto_span = 0 # number + +# Minimum gap between the return type and the function name. +align_func_proto_gap = 0 # number + +# Align function protos on the 'operator' keyword instead of what follows +align_on_operator = false # false/true + +# Whether to mix aligning prototype and variable declarations. +# If true, align_var_def_XXX options are used instead of align_func_proto_XXX options. +align_mix_var_proto = false # false/true + +# Align single-line functions with function prototypes, uses align_func_proto_span +align_single_line_func = false # false/true + +# Aligning the open brace of single-line functions. +# Requires align_single_line_func=true, uses align_func_proto_span +align_single_line_brace = false # false/true + +# Gap for align_single_line_brace. +align_single_line_brace_gap = 0 # number + +# The span for aligning ObjC msg spec (0=don't align) +align_oc_msg_spec_span = 0 # number + +# Whether to align macros wrapped with a backslash and a newline. +# This will not work right if the macro contains a multi-line comment. +align_nl_cont = false # false/true + +# The minimum space between label and value of a preprocessor define +align_pp_define_gap = 0 # number + +# The span for aligning on '#define' bodies (0=don't align) +align_pp_define_span = 0 # number + +# Align lines that start with '<<' with previous '<<'. Default=true +align_left_shift = true # false/true + +# Span for aligning parameters in an Obj-C message call on the ':' (0=don't align) +align_oc_msg_colon_span = 0 # number + +# Aligning parameters in an Obj-C '+' or '-' declaration on the ':' +align_oc_decl_colon = false # false/true + +# +# Newline adding and removing options +# + +# Whether to collapse empty blocks between '{' and '}' +nl_collapse_empty_body = false # false/true + +# Don't split one-line braced assignments - 'foo_t f = { 1, 2 };' +nl_assign_leave_one_liners = false # false/true + +# Don't split one-line braced statements inside a class xx { } body +nl_class_leave_one_liners = false # false/true + +# Don't split one-line enums: 'enum foo { BAR = 15 };' +nl_enum_leave_one_liners = false # false/true + +# Don't split one-line get or set functions +nl_getset_leave_one_liners = false # false/true + +# Don't split one-line function definitions - 'int foo() { return 0; }' +nl_func_leave_one_liners = false # false/true + +# Don't split one-line if/else statements - 'if(a) b++;' +nl_if_leave_one_liners = false # false/true + +# Add or remove newlines at the start of the file +nl_start_of_file = remove # ignore/add/remove/force + +# The number of newlines at the start of the file (only used if nl_start_of_file is 'add' or 'force' +nl_start_of_file_min = 0 # number + +# Add or remove newline at the end of the file +nl_end_of_file = force # ignore/add/remove/force + +# The number of newlines at the end of the file (only used if nl_end_of_file is 'add' or 'force') +nl_end_of_file_min = 1 # number + +# Add or remove newline between '=' and '{' +nl_assign_brace = ignore # ignore/add/remove/force + +# Add or remove newline between '=' and '[' (D only) +nl_assign_square = ignore # ignore/add/remove/force + +# Add or remove newline after '= [' (D only). Will also affect the newline before the ']' +nl_after_square_assign = ignore # ignore/add/remove/force + +# The number of blank lines after a block of variable definitions +nl_func_var_def_blk = 0 # number + +# Add or remove newline between a function call's ')' and '{', as in: +# list_for_each(item, &list) { } +nl_fcall_brace = ignore # ignore/add/remove/force + +# Add or remove newline between 'enum' and '{' +nl_enum_brace = remove # ignore/add/remove/force + +# Add or remove newline between 'struct and '{' +nl_struct_brace = remove # ignore/add/remove/force + +# Add or remove newline between 'union' and '{' +nl_union_brace = remove # ignore/add/remove/force + +# Add or remove newline between 'if' and '{' +nl_if_brace = remove # ignore/add/remove/force + +# Add or remove newline between '}' and 'else' +nl_brace_else = remove # ignore/add/remove/force + +# Add or remove newline between 'else if' and '{' +# If set to ignore, nl_if_brace is used instead +nl_elseif_brace = ignore # ignore/add/remove/force + +# Add or remove newline between 'else' and '{' +nl_else_brace = remove # ignore/add/remove/force + +# Add or remove newline between 'else' and 'if' +nl_else_if = remove # ignore/add/remove/force + +# Add or remove newline between '}' and 'finally' +nl_brace_finally = ignore # ignore/add/remove/force + +# Add or remove newline between 'finally' and '{' +nl_finally_brace = ignore # ignore/add/remove/force + +# Add or remove newline between 'try' and '{' +nl_try_brace = ignore # ignore/add/remove/force + +# Add or remove newline between get/set and '{' +nl_getset_brace = ignore # ignore/add/remove/force + +# Add or remove newline between 'for' and '{' +nl_for_brace = remove # ignore/add/remove/force + +# Add or remove newline between 'catch' and '{' +nl_catch_brace = ignore # ignore/add/remove/force + +# Add or remove newline between '}' and 'catch' +nl_brace_catch = ignore # ignore/add/remove/force + +# Add or remove newline between 'while' and '{' +nl_while_brace = remove # ignore/add/remove/force + +# Add or remove newline between 'using' and '{' +nl_using_brace = ignore # ignore/add/remove/force + +# Add or remove newline between two open or close braces. +# Due to general newline/brace handling, REMOVE may not work. +nl_brace_brace = ignore # ignore/add/remove/force + +# Add or remove newline between 'do' and '{' +nl_do_brace = remove # ignore/add/remove/force + +# Add or remove newline between '}' and 'while' of 'do' statement +nl_brace_while = remove # ignore/add/remove/force + +# Add or remove newline between 'switch' and '{' +nl_switch_brace = remove # ignore/add/remove/force + +# Add a newline between ')' and '{' if the ')' is on a different line than the if/for/etc. +# Overrides nl_for_brace, nl_if_brace, nl_switch_brace, nl_while_switch, and nl_catch_brace. +nl_multi_line_cond = false # false/true + +# Force a newline in a define after the macro name for multi-line defines. +nl_multi_line_define = false # false/true + +# Whether to put a newline before 'case' statement +nl_before_case = false # false/true + +# Add or remove newline between ')' and 'throw' +nl_before_throw = ignore # ignore/add/remove/force + +# Whether to put a newline after 'case' statement +nl_after_case = false # false/true + +# Newline between namespace and { +nl_namespace_brace = ignore # ignore/add/remove/force + +# Add or remove newline between 'template<>' and whatever follows. +nl_template_class = ignore # ignore/add/remove/force + +# Add or remove newline between 'class' and '{' +nl_class_brace = ignore # ignore/add/remove/force + +# Add or remove newline after each ',' in the constructor member initialization +nl_class_init_args = ignore # ignore/add/remove/force + +# Add or remove newline between return type and function name in a function definition +nl_func_type_name = remove # ignore/add/remove/force + +# Add or remove newline between return type and function name inside a class {} +# Uses nl_func_type_name or nl_func_proto_type_name if set to ignore. +nl_func_type_name_class = ignore # ignore/add/remove/force + +# Add or remove newline between function scope and name in a definition +# Controls the newline after '::' in 'void A::f() { }' +nl_func_scope_name = ignore # ignore/add/remove/force + +# Add or remove newline between return type and function name in a prototype +nl_func_proto_type_name = remove # ignore/add/remove/force + +# Add or remove newline between a function name and the opening '(' +nl_func_paren = remove # ignore/add/remove/force + +# Add or remove newline between a function name and the opening '(' in the definition +nl_func_def_paren = remove # ignore/add/remove/force + +# Add or remove newline after '(' in a function declaration +nl_func_decl_start = remove # ignore/add/remove/force + +# Add or remove newline after '(' in a function definition +nl_func_def_start = ignore # ignore/add/remove/force + +# Overrides nl_func_decl_start when there is only one parameter. +nl_func_decl_start_single = ignore # ignore/add/remove/force + +# Overrides nl_func_def_start when there is only one parameter. +nl_func_def_start_single = ignore # ignore/add/remove/force + +# Add or remove newline after each ',' in a function declaration +nl_func_decl_args = ignore # ignore/add/remove/force + +# Add or remove newline after each ',' in a function definition +nl_func_def_args = ignore # ignore/add/remove/force + +# Add or remove newline before the ')' in a function declaration +nl_func_decl_end = remove # ignore/add/remove/force + +# Add or remove newline before the ')' in a function definition +nl_func_def_end = remove # ignore/add/remove/force + +# Overrides nl_func_decl_end when there is only one parameter. +nl_func_decl_end_single = ignore # ignore/add/remove/force + +# Overrides nl_func_def_end when there is only one parameter. +nl_func_def_end_single = ignore # ignore/add/remove/force + +# Add or remove newline between '()' in a function declaration. +nl_func_decl_empty = ignore # ignore/add/remove/force + +# Add or remove newline between '()' in a function definition. +nl_func_def_empty = ignore # ignore/add/remove/force + +# Add or remove newline between function signature and '{' +nl_fdef_brace = add # ignore/add/remove/force + +# Whether to put a newline after 'return' statement +nl_after_return = false # false/true + +# Add or remove a newline between the return keyword and return expression. +nl_return_expr = ignore # ignore/add/remove/force + +# Whether to put a newline after semicolons, except in 'for' statements +nl_after_semicolon = true # false/true + +# Whether to put a newline after brace open. +# This also adds a newline before the matching brace close. +nl_after_brace_open = false # false/true + +# If nl_after_brace_open and nl_after_brace_open_cmt are true, a newline is +# placed between the open brace and a trailing single-line comment. +nl_after_brace_open_cmt = false # false/true + +# Whether to put a newline after a virtual brace open with a non-empty body. +# These occur in un-braced if/while/do/for statement bodies. +nl_after_vbrace_open = true # false/true + +# Whether to put a newline after a virtual brace open with an empty body. +# These occur in un-braced if/while/do/for statement bodies. +nl_after_vbrace_open_empty = true # false/true + +# Whether to put a newline after a brace close. +# Does not apply if followed by a necessary ';'. +nl_after_brace_close = false # false/true + +# Whether to put a newline after a virtual brace close. +# Would add a newline before return in: 'if (foo) a++; return;' +nl_after_vbrace_close = false # false/true + +# Whether to alter newlines in '#define' macros +nl_define_macro = false # false/true + +# Whether to not put blanks after '#ifxx', '#elxx', or before '#endif' +nl_squeeze_ifdef = false # false/true + +# Add or remove blank line before 'if' +nl_before_if = ignore # ignore/add/remove/force + +# Add or remove blank line after 'if' statement +nl_after_if = ignore # ignore/add/remove/force + +# Add or remove blank line before 'for' +nl_before_for = ignore # ignore/add/remove/force + +# Add or remove blank line after 'for' statement +nl_after_for = ignore # ignore/add/remove/force + +# Add or remove blank line before 'while' +nl_before_while = ignore # ignore/add/remove/force + +# Add or remove blank line after 'while' statement +nl_after_while = ignore # ignore/add/remove/force + +# Add or remove blank line before 'switch' +nl_before_switch = ignore # ignore/add/remove/force + +# Add or remove blank line after 'switch' statement +nl_after_switch = ignore # ignore/add/remove/force + +# Add or remove blank line before 'do' +nl_before_do = ignore # ignore/add/remove/force + +# Add or remove blank line after 'do/while' statement +nl_after_do = ignore # ignore/add/remove/force + +# Whether to double-space commented-entries in struct/enum +nl_ds_struct_enum_cmt = false # false/true + +# Whether to double-space before the close brace of a struct/union/enum +# (lower priority than 'eat_blanks_before_close_brace') +nl_ds_struct_enum_close_brace = false # false/true + +# Add or remove a newline around a class colon. +# Related to pos_class_colon, nl_class_init_args, and pos_comma. +nl_class_colon = ignore # ignore/add/remove/force + +# Change simple unbraced if statements into a one-liner +# 'if(b)\n i++;' => 'if(b) i++;' +nl_create_if_one_liner = false # false/true + +# Change simple unbraced for statements into a one-liner +# 'for (i=0;i<5;i++)\n foo(i);' => 'for (i=0;i<5;i++) foo(i);' +nl_create_for_one_liner = false # false/true + +# Change simple unbraced while statements into a one-liner +# 'while (i<5)\n foo(i++);' => 'while (i<5) foo(i++);' +nl_create_while_one_liner = false # false/true + +# +# Positioning options +# + +# The position of arithmetic operators in wrapped expressions +pos_arith = ignore # ignore/lead/lead_break/lead_force/trail/trail_break/trail_force + +# The position of assignment in wrapped expressions. +# Do not affect '=' followed by '{' +pos_assign = ignore # ignore/lead/lead_break/lead_force/trail/trail_break/trail_force + +# The position of boolean operators in wrapped expressions +pos_bool = ignore # ignore/lead/lead_break/lead_force/trail/trail_break/trail_force + +# The position of comparison operators in wrapped expressions +pos_compare = ignore # ignore/lead/lead_break/lead_force/trail/trail_break/trail_force + +# The position of conditional (b ? t : f) operators in wrapped expressions +pos_conditional = ignore # ignore/lead/lead_break/lead_force/trail/trail_break/trail_force + +# The position of the comma in wrapped expressions +pos_comma = ignore # ignore/lead/lead_break/lead_force/trail/trail_break/trail_force + +# The position of the comma in the constructor initialization list +pos_class_comma = ignore # ignore/lead/lead_break/lead_force/trail/trail_break/trail_force + +# The position of colons between constructor and member initialization +pos_class_colon = ignore # ignore/lead/lead_break/lead_force/trail/trail_break/trail_force + +# +# Line Splitting options +# + +# Try to limit code width to N number of columns +code_width = 0 # number + +# Whether to fully split long 'for' statements at semi-colons +ls_for_split_full = false # false/true + +# Whether to fully split long function protos/calls at commas +ls_func_split_full = false # false/true + +# +# Blank line options +# + +# The maximum consecutive newlines +nl_max = 0 # number + +# The number of newlines after a function prototype, if followed by another function prototype +nl_after_func_proto = 0 # number + +# The number of newlines after a function prototype, if not followed by another function prototype +nl_after_func_proto_group = 0 # number + +# The number of newlines after '}' of a multi-line function body +nl_after_func_body = 2 # number + +# The number of newlines after '}' of a single line function body +nl_after_func_body_one_liner = 2 # number + +# The minimum number of newlines before a multi-line comment. +# Doesn't apply if after a brace open or another multi-line comment. +nl_before_block_comment = 0 # number + +# The minimum number of newlines before a single-line C comment. +# Doesn't apply if after a brace open or other single-line C comments. +nl_before_c_comment = 0 # number + +# The minimum number of newlines before a CPP comment. +# Doesn't apply if after a brace open or other CPP comments. +nl_before_cpp_comment = 0 # number + +# Whether to force a newline after a multi-line comment. +nl_after_multiline_comment = false # false/true + +# The number of newlines before a 'private:', 'public:', 'protected:', 'signals:', or 'slots:' label. +# Will not change the newline count if after a brace open. +# 0 = No change. +nl_before_access_spec = 0 # number + +# The number of newlines after a 'private:', 'public:', 'protected:', 'signals:', or 'slots:' label. +# 0 = No change. +nl_after_access_spec = 0 # number + +# The number of newlines between a function def and the function comment. +# 0 = No change. +nl_comment_func_def = 0 # number + +# The number of newlines after a try-catch-finally block that isn't followed by a brace close. +# 0 = No change. +nl_after_try_catch_finally = 0 # number + +# The number of newlines before and after a property, indexer or event decl. +# 0 = No change. +nl_around_cs_property = 0 # number + +# The number of newlines between the get/set/add/remove handlers in C#. +# 0 = No change. +nl_between_get_set = 0 # number + +# Whether to remove blank lines after '{' +eat_blanks_after_open_brace = true # false/true + +# Whether to remove blank lines before '}' +eat_blanks_before_close_brace = true # false/true + +# +# Code modifying options (non-whitespace) +# + +# Add or remove braces on single-line 'do' statement +mod_full_brace_do = add # ignore/add/remove/force + +# Add or remove braces on single-line 'for' statement +mod_full_brace_for = add # ignore/add/remove/force + +# Add or remove braces on single-line function definitions. (Pawn) +mod_full_brace_function = ignore # ignore/add/remove/force + +# Add or remove braces on single-line 'if' statement. Will not remove the braces if they contain an 'else'. +mod_full_brace_if = add # ignore/add/remove/force + +# Make all if/elseif/else statements in a chain be braced or not. Overrides mod_full_brace_if. +# If any must be braced, they are all braced. If all can be unbraced, then the braces are removed. +mod_full_brace_if_chain = false # false/true + +# Don't remove braces around statements that span N newlines +mod_full_brace_nl = 0 # number + +# Add or remove braces on single-line 'while' statement +mod_full_brace_while = add # ignore/add/remove/force + +# Add or remove braces on single-line 'using ()' statement +mod_full_brace_using = add # ignore/add/remove/force + +# Add or remove unnecessary paren on 'return' statement +mod_paren_on_return = remove # ignore/add/remove/force + +# Whether to change optional semicolons to real semicolons +mod_pawn_semicolon = false # false/true + +# Add parens on 'while' and 'if' statement around bools +mod_full_paren_if_bool = false # false/true + +# Whether to remove superfluous semicolons +mod_remove_extra_semicolon = false # false/true + +# If a function body exceeds the specified number of newlines and doesn't have a comment after +# the close brace, a comment will be added. +mod_add_long_function_closebrace_comment = 0 # number + +# If a switch body exceeds the specified number of newlines and doesn't have a comment after +# the close brace, a comment will be added. +mod_add_long_switch_closebrace_comment = 0 # number + +# If an #ifdef body exceeds the specified number of newlines and doesn't have a comment after +# the #else, a comment will be added. +mod_add_long_ifdef_endif_comment = 0 # number + +# If an #ifdef or #else body exceeds the specified number of newlines and doesn't have a comment after +# the #endif, a comment will be added. +mod_add_long_ifdef_else_comment = 0 # number + +# If TRUE, will sort consecutive single-line 'import' statements [Java, D] +mod_sort_import = false # false/true + +# If TRUE, will sort consecutive single-line 'using' statements [C#] +mod_sort_using = false # false/true + +# If TRUE, will sort consecutive single-line '#include' statements [C/C++] and '#import' statements [Obj-C] +# This is generally a bad idea, as it may break your code. +mod_sort_include = false # false/true + +# If TRUE, it will move a 'break' that appears after a fully braced 'case' before the close brace. +mod_move_case_break = false # false/true + +# Will add or remove the braces around a fully braced case statement. +# Will only remove the braces if there are no variable declarations in the block. +mod_case_brace = ignore # ignore/add/remove/force + +# If TRUE, it will remove a void 'return;' that appears as the last statement in a function. +mod_remove_empty_return = false # false/true + +# +# Comment modifications +# + +# Try to wrap comments at cmt_width columns +cmt_width = 0 # number + +# Set the comment reflow mode (default: 0) +# 0: no reflowing (apart from the line wrapping due to cmt_width) +# 1: no touching at all +# 2: full reflow +cmt_reflow_mode = 0 # number + +# If false, disable all multi-line comment changes, including cmt_width. keyword substitution, and leading chars. +# Default is true. +cmt_indent_multi = true # false/true + +# Whether to group c-comments that look like they are in a block +cmt_c_group = false # false/true + +# Whether to put an empty '/*' on the first line of the combined c-comment +cmt_c_nl_start = false # false/true + +# Whether to put a newline before the closing '*/' of the combined c-comment +cmt_c_nl_end = false # false/true + +# Whether to group cpp-comments that look like they are in a block +cmt_cpp_group = false # false/true + +# Whether to put an empty '/*' on the first line of the combined cpp-comment +cmt_cpp_nl_start = false # false/true + +# Whether to put a newline before the closing '*/' of the combined cpp-comment +cmt_cpp_nl_end = false # false/true + +# Whether to change cpp-comments into c-comments +cmt_cpp_to_c = false # false/true + +# Whether to put a star on subsequent comment lines +cmt_star_cont = true # false/true + +# The number of spaces to insert at the start of subsequent comment lines +cmt_sp_before_star_cont = 0 # number + +# The number of spaces to insert after the star on subsequent comment lines +cmt_sp_after_star_cont = 0 # number + +# For multi-line comments with a '*' lead, remove leading spaces if the first and last lines of +# the comment are the same length. Default=True +cmt_multi_check_last = false # false/true + +# The filename that contains text to insert at the head of a file if the file doesn't start with a C/C++ comment. +# Will substitute $(filename) with the current file's name. +cmt_insert_file_header = "" # string + +# The filename that contains text to insert at the end of a file if the file doesn't end with a C/C++ comment. +# Will substitute $(filename) with the current file's name. +cmt_insert_file_footer = "" # string + +# The filename that contains text to insert before a function implementation if the function isn't preceded with a C/C++ comment. +# Will substitute $(function) with the function name and $(javaparam) with the javadoc @param and @return stuff. +# Will also substitute $(fclass) with the class name: void CFoo::Bar() { ... } +cmt_insert_func_header = "" # string + +# The filename that contains text to insert before a class if the class isn't preceded with a C/C++ comment. +# Will substitute $(class) with the class name. +cmt_insert_class_header = "" # string + +# If a preprocessor is encountered when stepping backwards from a function name, then +# this option decides whether the comment should be inserted. +# Affects cmt_insert_func_header and cmt_insert_class_header. +cmt_insert_before_preproc = false # false/true + +# +# Preprocessor options +# + +# Control indent of preprocessors inside #if blocks at brace level 0 +pp_indent = remove # ignore/add/remove/force + +# Whether to indent #if/#else/#endif at the brace level (true) or from column 1 (false) +pp_indent_at_level = false # false/true + +# If pp_indent_at_level=false, specifies the number of columns to indent per level. Default=1. +pp_indent_count = 1 # number + +# Add or remove space after # based on pp_level of #if blocks +pp_space = remove # ignore/add/remove/force + +# Sets the number of spaces added with pp_space +pp_space_count = 0 # number + +# The indent for #region and #endregion in C# and '#pragma region' in C/C++ +pp_indent_region = 0 # number + +# Whether to indent the code between #region and #endregion +pp_region_indent_code = false # false/true + +# If pp_indent_at_level=true, sets the indent for #if, #else, and #endif when not at file-level +pp_indent_if = 0 # number + +# Control whether to indent the code between #if, #else and #endif when not at file-level +pp_if_indent_code = false # false/true + +# Whether to indent '#define' at the brace level (true) or from column 1 (false) +pp_define_at_level = false # false/true + +# You can force a token to be a type with the 'type' option. +# Example: +# type myfoo1 myfoo2 +# +# You can create custom macro-based indentation using macro-open, +# macro-else and macro-close. +# Example: +# macro-open BEGIN_TEMPLATE_MESSAGE_MAP +# macro-open BEGIN_MESSAGE_MAP +# macro-close END_MESSAGE_MAP +# +# You can assign any keyword to any type with the set option. +# set func_call_user _ N_ +# +# The full syntax description of all custom definition config entries +# is shown below: +# +# define custom tokens as: +# - embed whitespace in token using '' escape character, or +# put token in quotes +# - these: ' " and ` are recognized as quote delimiters +# +# type token1 token2 token3 ... +# ^ optionally specify multiple tokens on a single line +# define def_token output_token +# ^ output_token is optional, then NULL is assumed +# macro-open token +# macro-close token +# macro-else token +# set id token1 token2 ... +# ^ optionally specify multiple tokens on a single line +# ^ id is one of the names in token_enum.h sans the CT_ prefix, +# e.g. PP_PRAGMA +# +# all tokens are separated by any mix of ',' commas, '=' equal signs +# and whitespace (space, tab) +# === renamed file 'tools/dot_uncrustify.cfg' => '.uncrustify.cfg' === modified file 'firewall/cache.c' --- firewall/cache.c 2010-11-30 14:50:30 +0000 +++ firewall/cache.c 2011-01-03 16:06:13 +0000 @@ -65,7 +65,7 @@ fw_cache_hl_t *hip_cache_create_hl_entry(void) { fw_cache_hl_t *entry = NULL; - int err = 0; + int err = 0; HIP_IFEL(!(entry = malloc(sizeof(fw_cache_hl_t))), -ENOMEM, "No memory available for firewall database entry\n"); @@ -81,7 +81,7 @@ * * @return the new firewall db entry */ -static fw_cache_hl_t * firewall_add_new_entry(const fw_cache_hl_t *ha_entry) +static fw_cache_hl_t *firewall_add_new_entry(const fw_cache_hl_t *ha_entry) { fw_cache_hl_t *new_entry = NULL; @@ -120,11 +120,11 @@ const void *peer, fw_cache_query_type_t type) { - int err = 0; - fw_cache_hl_t *ha_ret = NULL; - const fw_cache_hl_t *ha_match = NULL; - const fw_cache_hl_t *ha_curr = NULL; - struct hip_common *msg = NULL; + int err = 0; + fw_cache_hl_t *ha_ret = NULL; + const fw_cache_hl_t *ha_match = NULL; + const fw_cache_hl_t *ha_curr = NULL; + struct hip_common *msg = NULL; const struct hip_tlv_common *current_param = NULL; HIP_IFEL(!(msg = malloc(HIP_MAX_PACKET)), -1, "malloc failed\n"); @@ -143,13 +143,13 @@ ha_match = ha_curr; break; } else if (type == FW_CACHE_LSI && - !ipv4_addr_cmp(peer, &ha_curr->lsi_peer) && - (!local || !ipv4_addr_cmp(local, &ha_curr->lsi_our))) { + !ipv4_addr_cmp(peer, &ha_curr->lsi_peer) && + (!local || !ipv4_addr_cmp(local, &ha_curr->lsi_our))) { ha_match = ha_curr; break; } else if (type == FW_CACHE_IP && - !ipv6_addr_cmp(peer, &ha_curr->ip_peer) && - (!local || !ipv6_addr_cmp(local, &ha_curr->ip_our))) { + !ipv6_addr_cmp(peer, &ha_curr->ip_peer) && + (!local || !ipv6_addr_cmp(local, &ha_curr->ip_our))) { ha_match = ha_curr; break; } @@ -179,11 +179,11 @@ fw_cache_query_type_t type, int query_daemon) { - int i; - fw_cache_hl_t *this = NULL; - hip_list_t *item = NULL; - hip_list_t *tmp = NULL; - fw_cache_hl_t *ha_match = NULL; + int i; + fw_cache_hl_t *this = NULL; + hip_list_t *item = NULL; + hip_list_t *tmp = NULL; + fw_cache_hl_t *ha_match = NULL; if (type == FW_CACHE_HIT) { ha_match = hip_ht_find(firewall_cache_db, peer); @@ -206,17 +206,16 @@ ha_match = this; break; } else if (type == FW_CACHE_LSI && - !ipv4_addr_cmp(peer, &this->lsi_peer) && - (!local || !ipv4_addr_cmp(local, &this->lsi_our))) { + !ipv4_addr_cmp(peer, &this->lsi_peer) && + (!local || !ipv4_addr_cmp(local, &this->lsi_our))) { ha_match = this; break; } else if (type == FW_CACHE_IP && - !ipv6_addr_cmp(peer, &this->ip_peer) && - (!local || !ipv6_addr_cmp(local, &this->ip_our))) { + !ipv6_addr_cmp(peer, &this->ip_peer) && + (!local || !ipv6_addr_cmp(local, &this->ip_our))) { ha_match = this; break; } - } HIP_UNLOCK_HT(&firewall_cache_db); @@ -262,7 +261,7 @@ static unsigned long hip_firewall_hash_hit_peer(const void *ptr) { const struct in6_addr *hit_peer = &((const fw_cache_hl_t *) ptr)->hit_peer; - uint8_t hash[HIP_AH_SHA_LEN]; + uint8_t hash[HIP_AH_SHA_LEN]; hip_build_digest(HIP_DIGEST_SHA1, hit_peer, sizeof(*hit_peer), hash); return *((unsigned long *) hash); @@ -307,10 +306,10 @@ */ void hip_firewall_cache_delete_hldb(int exiting) { - int i; - fw_cache_hl_t *this = NULL; - hip_list_t *item = NULL; - hip_list_t *tmp = NULL; + int i; + fw_cache_hl_t *this = NULL; + hip_list_t *item = NULL; + hip_list_t *tmp = NULL; HIP_DEBUG("Start hldb delete\n"); HIP_LOCK_HT(&firewall_cache_db); @@ -327,8 +326,9 @@ * we handle it in firewall_exit(). */ HIP_UNLOCK_HT(&firewall_cache_db); - if (exiting) + if (exiting) { hip_ht_uninit(firewall_cache_db); + } HIP_DEBUG("End hldbdb delete\n"); } @@ -338,12 +338,12 @@ * @param hit_peer Peer HIT * @param state New state * @return 0 on success, negative on error -*/ + */ int hip_firewall_cache_set_bex_state(const struct in6_addr *hit_our, const struct in6_addr *hit_peer, int state) { - int err = 0; + int err = 0; fw_cache_hl_t *entry; HIP_IFEL(!hit_peer, -1, "Need peer HIT to search\n"); @@ -375,7 +375,7 @@ const struct in6_addr *hit_peer, int state) { - int err = 0; + int err = 0; fw_cache_hl_t *entry; HIP_IFEL(!ip_peer, -1, "Need peer IP to search\n"); === modified file 'firewall/conntrack.c' --- firewall/conntrack.c 2010-12-28 16:19:46 +0000 +++ firewall/conntrack.c 2011-01-03 16:06:13 +0000 @@ -84,8 +84,8 @@ STATE_CLOSING }; -int timeoutChecking = 0; -unsigned long timeoutValue = 0; +int timeoutChecking = 0; +unsigned long timeoutValue = 0; /*------------print functions-------------*/ /** @@ -224,7 +224,7 @@ const struct in6_addr *ip6_from) { struct dlist *list = (struct dlist *) hip_list; - hip_hit_t phit; + hip_hit_t phit; HIP_DEBUG("updating opportunistic entries\n"); /* the pseudo hit is compared with the hit in the entries */ @@ -260,7 +260,7 @@ OPP const struct in6_addr *ip6_from) { struct hip_tuple *tuple = NULL; - struct dlist *list = hip_list; + struct dlist *list = hip_list; while (list) { tuple = list->data; @@ -296,7 +296,7 @@ static struct esp_address *get_esp_address(const struct slist *addr_list, const struct in6_addr *addr) { - const struct slist *list = addr_list; + const struct slist *list = addr_list; struct esp_address *esp_addr = NULL; HIP_DEBUG("get_esp_address\n"); @@ -404,8 +404,8 @@ struct esp_tuple *find_esp_tuple(const struct slist *search_list, const uint32_t spi) { - const struct slist *list = search_list; - struct esp_tuple *esp_tuple = NULL; + const struct slist *list = search_list; + struct esp_tuple *esp_tuple = NULL; if (!list) { HIP_DEBUG("Esp tuple slist is empty\n"); @@ -440,18 +440,18 @@ //set time stamp gettimeofday(&connection->time_stamp, NULL); #ifdef HIP_CONFIG_MIDAUTH - connection->pisa_state = PISA_STATE_DISALLOW; + connection->pisa_state = PISA_STATE_DISALLOW; #endif //original direction tuple - connection->original.state = HIP_STATE_UNASSOCIATED; - connection->original.direction = ORIGINAL_DIR; - connection->original.esp_tuples = NULL; - connection->original.connection = connection; - connection->original.hip_tuple = malloc(sizeof(struct hip_tuple)); + connection->original.state = HIP_STATE_UNASSOCIATED; + connection->original.direction = ORIGINAL_DIR; + connection->original.esp_tuples = NULL; + connection->original.connection = connection; + connection->original.hip_tuple = malloc(sizeof(struct hip_tuple)); memset(connection->original.hip_tuple, 0, sizeof(struct hip_tuple)); - connection->original.hip_tuple->tuple = &connection->original; - connection->original.hip_tuple->data = malloc(sizeof(struct hip_data)); + connection->original.hip_tuple->tuple = &connection->original; + connection->original.hip_tuple->data = malloc(sizeof(struct hip_data)); memset(connection->original.hip_tuple->data, 0, sizeof(struct hip_data)); memcpy(&connection->original.hip_tuple->data->src_hit, &data->src_hit, sizeof(struct in6_addr)); memcpy(&connection->original.hip_tuple->data->dst_hit, &data->dst_hit, sizeof(struct in6_addr)); @@ -459,19 +459,19 @@ connection->original.hip_tuple->data->verify = NULL; //reply direction tuple - connection->reply.state = HIP_STATE_UNASSOCIATED; - connection->reply.direction = REPLY_DIR; - connection->reply.esp_tuples = NULL; - connection->reply.connection = connection; - connection->reply.hip_tuple = malloc(sizeof(struct hip_tuple)); + connection->reply.state = HIP_STATE_UNASSOCIATED; + connection->reply.direction = REPLY_DIR; + connection->reply.esp_tuples = NULL; + connection->reply.connection = connection; + connection->reply.hip_tuple = malloc(sizeof(struct hip_tuple)); memset(connection->reply.hip_tuple, 0, sizeof(struct hip_tuple)); - connection->reply.hip_tuple->tuple = &connection->reply; - connection->reply.hip_tuple->data = malloc(sizeof(struct hip_data)); + connection->reply.hip_tuple->tuple = &connection->reply; + connection->reply.hip_tuple->data = malloc(sizeof(struct hip_data)); memset(connection->reply.hip_tuple->data, 0, sizeof(struct hip_data)); memcpy(&connection->reply.hip_tuple->data->src_hit, &data->dst_hit, sizeof(struct in6_addr)); memcpy(&connection->reply.hip_tuple->data->dst_hit, &data->src_hit, sizeof(struct in6_addr)); - connection->reply.hip_tuple->data->src_hi = NULL; - connection->reply.hip_tuple->data->verify = NULL; + connection->reply.hip_tuple->data->src_hi = NULL; + connection->reply.hip_tuple->data->verify = NULL; //add tuples to list hip_list = append_to_list(hip_list, connection->original.hip_tuple); @@ -501,7 +501,6 @@ { if (hip_tuple) { if (hip_tuple->data) { - // free keys depending on cipher if (hip_tuple->data->src_pub_key && hip_tuple->data->src_hi) { if (hip_get_host_id_algo(hip_tuple->data->src_hi) == HIP_HI_RSA) { @@ -530,7 +529,7 @@ static void free_esp_tuple(struct esp_tuple *esp_tuple) { if (esp_tuple) { - struct slist *list = esp_tuple->dst_addr_list; + struct slist *list = esp_tuple->dst_addr_list; struct esp_address *addr = NULL; // remove eventual cached anchor elements for this esp tuple @@ -575,9 +574,9 @@ tuple->esp_tuples = remove_link_slist(tuple->esp_tuples, list); free_esp_tuple(list->data); - list->data = NULL; + list->data = NULL; free(list); - list = tuple->esp_tuples; + list = tuple->esp_tuples; } tuple->esp_tuples = NULL; tuple->connection = NULL; @@ -633,20 +632,20 @@ const struct hip_seq *seq, struct tuple *tuple) { - struct esp_tuple *new_esp = NULL; + struct esp_tuple *new_esp = NULL; const struct hip_locator_info_addr_item *locator_addr = NULL; - int n = 0; + int n = 0; if (esp_info && locator && esp_info->new_spi == esp_info->old_spi) { HIP_DEBUG("esp_tuple_from_esp_info_locator: new spi 0x%lx\n", esp_info->new_spi); /* check that old spi is found */ - new_esp = malloc(sizeof(struct esp_tuple)); + new_esp = malloc(sizeof(struct esp_tuple)); memset(new_esp, 0, sizeof(struct esp_tuple)); new_esp->spi = ntohl(esp_info->new_spi); new_esp->tuple = tuple; - n = (hip_get_param_total_len(locator) - sizeof(struct hip_locator)) / - sizeof(struct hip_locator_info_addr_item); + n = (hip_get_param_total_len(locator) - sizeof(struct hip_locator)) / + sizeof(struct hip_locator_info_addr_item); HIP_DEBUG("esp_tuple_from_esp_info_locator: %d addresses in locator\n", n); if (n > 0) { locator_addr = (const struct hip_locator_info_addr_item *) @@ -687,7 +686,7 @@ { struct esp_tuple *new_esp = NULL; if (esp_info) { - new_esp = malloc(sizeof(struct esp_tuple)); + new_esp = malloc(sizeof(struct esp_tuple)); memset(new_esp, 0, sizeof(struct esp_tuple)); new_esp->spi = ntohl(esp_info->new_spi); new_esp->tuple = tuple; @@ -719,7 +718,7 @@ const struct hip_seq *seq) { struct connection *connection = malloc(sizeof(struct connection)); - struct esp_tuple *esp_tuple = NULL; + struct esp_tuple *esp_tuple = NULL; esp_tuple = esp_tuple_from_esp_info_locator(esp_info, locator, seq, &connection->reply); @@ -728,9 +727,9 @@ HIP_DEBUG("insert_connection_from_update: can't create connection\n"); return 0; } - connection->state = STATE_ESTABLISHING_FROM_UPDATE; + connection->state = STATE_ESTABLISHING_FROM_UPDATE; #ifdef HIP_CONFIG_MIDAUTH - connection->pisa_state = PISA_STATE_DISALLOW; + connection->pisa_state = PISA_STATE_DISALLOW; #endif //original direction tuple @@ -748,12 +747,12 @@ //reply direction tuple - connection->reply.state = HIP_STATE_UNASSOCIATED; - connection->reply.direction = REPLY_DIR; + connection->reply.state = HIP_STATE_UNASSOCIATED; + connection->reply.direction = REPLY_DIR; - connection->reply.esp_tuples = NULL; - connection->reply.esp_tuples = append_to_slist(connection->reply.esp_tuples, - esp_tuple); + connection->reply.esp_tuples = NULL; + connection->reply.esp_tuples = append_to_slist(connection->reply.esp_tuples, + esp_tuple); insert_esp_tuple(esp_tuple); connection->reply.connection = connection; @@ -800,11 +799,11 @@ static int hipfw_handle_relay_to_r2(const struct hip_common *common, const hip_fw_context_t *ctx) { - struct iphdr *iph = (struct iphdr *) ctx->ipq_packet->payload; + struct iphdr *iph = (struct iphdr *) ctx->ipq_packet->payload; const struct hip_relay_to *relay_to = NULL; /* same format as relay_from */ - struct tuple *tuple, *reverse_tuple; - int err = 0; - uint32_t spi; + struct tuple *tuple, *reverse_tuple; + int err = 0; + uint32_t spi; const struct hip_esp_info *esp_info; HIP_DEBUG_IN6ADDR("ctx->src", &ctx->src); @@ -813,7 +812,7 @@ HIP_ASSERT((hip_get_msg_type(common) == HIP_R2)); HIP_IFEL(!(relay_to = hip_get_param(common, HIP_PARAM_RELAY_TO)), -1, - "No relay_to, skip\n"); + "No relay_to, skip\n"); HIP_DEBUG_IN6ADDR("relay_to_addr", &relay_to->address); @@ -886,11 +885,11 @@ DBG int verify_responder, UNUSED const hip_fw_context_t *ctx) { - struct in6_addr hit; + struct in6_addr hit; const struct hip_host_id *host_id = NULL; // assume correct packet - int err = 1; - hip_tlv_len_t len = 0; + int err = 1; + hip_tlv_len_t len = 0; HIP_DEBUG("verify_responder: %i\n", verify_responder); @@ -956,15 +955,15 @@ static int handle_i2(struct hip_common *common, struct tuple *tuple, const hip_fw_context_t *ctx) { - const struct hip_esp_info *spi = NULL; - const struct slist *other_dir_esps = NULL; - const struct hip_host_id *host_id = NULL; - struct tuple *other_dir = NULL; - struct esp_tuple *esp_tuple = NULL; - struct in6_addr hit; + const struct hip_esp_info *spi = NULL; + const struct slist *other_dir_esps = NULL; + const struct hip_host_id *host_id = NULL; + struct tuple *other_dir = NULL; + struct esp_tuple *esp_tuple = NULL; + struct in6_addr hit; // assume correct packet - int err = 1; - hip_tlv_len_t len = 0; + int err = 1; + hip_tlv_len_t len = 0; const struct in6_addr *ip6_src = &ctx->src; HIP_DEBUG("\n"); @@ -1031,9 +1030,9 @@ esp_tuple->dst_addr_list = NULL; esp_tuple->dst_addr_list = update_esp_address(esp_tuple->dst_addr_list, ip6_src, NULL); - esp_tuple->tuple = other_dir; + esp_tuple->tuple = other_dir; - other_dir->esp_tuples = append_to_slist(other_dir->esp_tuples, esp_tuple); + other_dir->esp_tuples = append_to_slist(other_dir->esp_tuples, esp_tuple); insert_esp_tuple(esp_tuple); } @@ -1064,12 +1063,12 @@ static int handle_r2(const struct hip_common *common, struct tuple *tuple, const hip_fw_context_t *ctx) { - const struct hip_esp_info *spi = NULL; - struct tuple *other_dir = NULL; - struct slist *other_dir_esps = NULL; - struct esp_tuple *esp_tuple = NULL; - const struct in6_addr *ip6_src = &ctx->src; - int err = 1; + const struct hip_esp_info *spi = NULL; + struct tuple *other_dir = NULL; + struct slist *other_dir_esps = NULL; + struct esp_tuple *esp_tuple = NULL; + const struct in6_addr *ip6_src = &ctx->src; + int err = 1; HIP_IFEL(!(spi = hip_get_param(common, HIP_PARAM_ESP_INFO)), 0, "no spi found\n"); @@ -1103,7 +1102,7 @@ esp_tuple->dst_addr_list = NULL; esp_tuple->dst_addr_list = update_esp_address(esp_tuple->dst_addr_list, ip6_src, NULL); - esp_tuple->tuple = other_dir; + esp_tuple->tuple = other_dir; insert_esp_tuple(esp_tuple); @@ -1144,8 +1143,8 @@ struct esp_tuple *esp_tuple) { const struct hip_locator_info_addr_item *locator_addr = NULL; - int err = 1; - int n = 0; + int err = 1; + int n = 0; HIP_DEBUG("\n"); @@ -1164,8 +1163,8 @@ esp_tuple->new_spi = ntohl(esp_info->new_spi); esp_tuple->spi_update_id = seq->update_id; - n = (hip_get_param_total_len(locator) - sizeof(struct hip_locator)) - / sizeof(struct hip_locator_info_addr_item); + n = (hip_get_param_total_len(locator) - sizeof(struct hip_locator)) + / sizeof(struct hip_locator_info_addr_item); if (n < 1) { HIP_DEBUG("no locator param found\n"); @@ -1212,7 +1211,7 @@ } n = (hip_get_param_total_len(locator) - sizeof(struct hip_locator)) - / sizeof(struct hip_locator_info_addr_item); + / sizeof(struct hip_locator_info_addr_item); HIP_DEBUG(" %d locator addresses\n", n); locator_addr = (const struct hip_locator_info_addr_item *) @@ -1256,14 +1255,14 @@ struct tuple *tuple, const hip_fw_context_t *ctx) { - const struct hip_seq *seq = NULL; - const struct hip_esp_info *esp_info = NULL; - const struct hip_ack *ack = NULL; - const struct hip_locator *locator = NULL; - const struct hip_spi *spi = NULL; - struct tuple *other_dir_tuple = NULL; - const struct in6_addr *ip6_src = &ctx->src; - int err = 1; + const struct hip_seq *seq = NULL; + const struct hip_esp_info *esp_info = NULL; + const struct hip_ack *ack = NULL; + const struct hip_locator *locator = NULL; + const struct hip_spi *spi = NULL; + struct tuple *other_dir_tuple = NULL; + const struct in6_addr *ip6_src = &ctx->src; + int err = 1; /* get params from UPDATE message */ seq = hip_get_param(common, HIP_PARAM_SEQ); @@ -1316,7 +1315,7 @@ } /* we have to consider the src ip address in case of cascading NATs (see above FIXME) */ - esp_tuple = esp_tuple_from_esp_info(esp_info, ip6_src, other_dir_tuple); + esp_tuple = esp_tuple_from_esp_info(esp_info, ip6_src, other_dir_tuple); other_dir_tuple->esp_tuples = append_to_slist(other_dir_esps, esp_tuple); @@ -1334,8 +1333,8 @@ } } else { /* we already know this connection */ - struct slist *other_dir_esps = NULL; - struct esp_tuple *esp_tuple = NULL; + struct slist *other_dir_esps = NULL; + struct esp_tuple *esp_tuple = NULL; if (tuple->direction == ORIGINAL_DIR) { other_dir_tuple = &tuple->connection->reply; @@ -1523,11 +1522,11 @@ hip_fw_context_t *ctx) { #ifdef CONFIG_HIP_OPPORTUNISTIC - hip_hit_t phit; + hip_hit_t phit; struct in6_addr all_zero_addr; #endif struct in6_addr hit; - int err = 1; + int err = 1; HIP_DEBUG("check packet: type %d \n", common->type_hdr); @@ -1567,7 +1566,6 @@ HIP_DEBUG("verifying signature...\n"); if (tuple->hip_tuple->data->verify(tuple->hip_tuple->data->src_pub_key, common)) { - HIP_INFO("Signature verification failed\n"); err = 0; @@ -1684,14 +1682,14 @@ */ int hipfw_relay_esp(const hip_fw_context_t *ctx) { - struct iphdr *iph = (struct iphdr *) ctx->ipq_packet->payload; - struct udphdr *udph = (struct udphdr *) ((uint8_t *) iph + iph->ihl * 4); - int len = ctx->ipq_packet->data_len - iph->ihl * 4; - struct slist *list = (struct slist *) esp_list; - struct tuple *tuple = NULL; - struct hip_esp *esp = ctx->transport_hdr.esp; - int err = 0; - uint32_t spi; + struct iphdr *iph = (struct iphdr *) ctx->ipq_packet->payload; + struct udphdr *udph = (struct udphdr *) ((uint8_t *) iph + iph->ihl * 4); + int len = ctx->ipq_packet->data_len - iph->ihl * 4; + struct slist *list = (struct slist *) esp_list; + struct tuple *tuple = NULL; + struct hip_esp *esp = ctx->transport_hdr.esp; + int err = 0; + uint32_t spi; HIP_IFEL(!list, -1, "List is empty\n"); HIP_IFEL((iph->protocol != IPPROTO_UDP), -1, @@ -1734,7 +1732,7 @@ HIP_DEBUG_IN6ADDR("esp_relay_addr", &tuple->esp_relay_daddr); udph->source = htons(HIP_NAT_UDP_PORT); - udph->dest = htons(tuple->esp_relay_dport); + udph->dest = htons(tuple->esp_relay_dport); udph->check = 0; HIP_DEBUG("Relaying packet\n"); @@ -1759,13 +1757,13 @@ */ int filter_esp_state(const hip_fw_context_t *ctx) { - const struct in6_addr *dst_addr = NULL; - const struct in6_addr *src_addr = NULL; - struct hip_esp *esp = NULL; - struct tuple *tuple = NULL; - struct esp_tuple *esp_tuple = NULL; + const struct in6_addr *dst_addr = NULL; + const struct in6_addr *src_addr = NULL; + struct hip_esp *esp = NULL; + struct tuple *tuple = NULL; + struct esp_tuple *esp_tuple = NULL; // don't accept packet with this rule by default - int err = 0; + int err = 0; uint32_t spi; dst_addr = &ctx->dst; @@ -1773,7 +1771,7 @@ esp = ctx->transport_hdr.esp; // needed to de-multiplex ESP traffic - spi = ntohl(esp->esp_spi); + spi = ntohl(esp->esp_spi); // match packet against known connections HIP_DEBUG("filtering ESP packet against known connections...\n"); @@ -1839,13 +1837,13 @@ struct hip_common *buf, const struct state_option *option, const int must_accept, hip_fw_context_t *ctx) { - struct hip_data *data = NULL; - struct tuple *tuple = NULL; + struct hip_data *data = NULL; + struct tuple *tuple = NULL; // FIXME results in unsafe use in filter_hip() - int return_value = -1; //invalid value + int return_value = -1; //invalid value // get data form the buffer and put it in a new data structure - data = get_hip_data(buf); + data = get_hip_data(buf); // look up the tuple in the database tuple = get_tuple_by_hip(data, buf->type_hdr, ip6_src); free(data); @@ -1882,11 +1880,11 @@ } else { if ((option->int_opt.value == CONN_ESTABLISHED && option->int_opt.boolean && !must_accept) || (option->int_opt.value == CONN_NEW && - !option->int_opt.boolean && !must_accept)) { + !option->int_opt.boolean && !must_accept)) { remove_connection(tuple->connection); tuple->connection = NULL; - return_value = 1; + return_value = 1; goto out_err; } } @@ -1913,12 +1911,12 @@ struct hip_common *buf, hip_fw_context_t *ctx) { - struct hip_data *data = NULL; - struct tuple *tuple = NULL; - int verdict = 0; + struct hip_data *data = NULL; + struct tuple *tuple = NULL; + int verdict = 0; // convert to new data type - data = get_hip_data(buf); + data = get_hip_data(buf); // look up tuple in the db tuple = get_tuple_by_hip(data, buf->type_hdr, ip6_src); === modified file 'firewall/dlist.c' --- firewall/dlist.c 2010-12-13 19:20:12 +0000 +++ firewall/dlist.c 2011-01-03 16:06:13 +0000 @@ -106,6 +106,7 @@ } return length; } + #endif /* CONFIG_HIP_DEBUG */ /** === modified file 'firewall/esp_prot_api.c' --- firewall/esp_prot_api.c 2010-12-06 20:00:14 +0000 +++ firewall/esp_prot_api.c 2011-01-03 16:06:13 +0000 @@ -102,7 +102,7 @@ int hash_lengths[NUM_HASH_FUNCTIONS][NUM_HASH_LENGTHS]; /* is used for hash chains and trees simultaneously used hash functions */ hash_function_t hash_functions[NUM_HASH_FUNCTIONS] - = {(hash_function_t) SHA1}; + = { (hash_function_t) SHA1 }; /********* internal settings (derived from config-file) *********/ // lengths of the hash structures in the stores @@ -129,12 +129,12 @@ int *out_length, const hip_sa_entry_t *entry) { - int err = 0, i, j; - int repeat = 1; - int hash_length = 0; + int err = 0, i, j; + int repeat = 1; + int hash_length = 0; uint32_t chosen_el[num_linear_elements + num_random_elements]; - uint32_t rand_el = 0; - int item_length = 0; + uint32_t rand_el = 0; + int item_length = 0; HIP_ASSERT(ring_buffer_size >= num_linear_elements + num_random_elements); @@ -161,7 +161,7 @@ // then add randomly for (i = 0; i < num_random_elements; i++) { while (repeat) { - repeat = 0; + repeat = 0; // draw random element RAND_bytes((unsigned char *) &rand_el, sizeof(uint32_t)); @@ -201,9 +201,9 @@ const uint8_t transform) { esp_prot_tfm_t *prot_transform = NULL; - void *return_item = NULL; - int use_hash_trees = 0; - int err = 0; + void *return_item = NULL; + int use_hash_trees = 0; + int err = 0; HIP_ASSERT(item_anchor != NULL); @@ -215,13 +215,13 @@ } HIP_IFEL(!(return_item = - hcstore_get_item_by_anchor(&bex_store, - prot_transform->hash_func_id, - prot_transform->hash_length_id, - NUM_BEX_HIERARCHIES - 1, - item_anchor, use_hash_trees)), - -1, - "unable to retrieve hchain from bex store\n"); + hcstore_get_item_by_anchor(&bex_store, + prot_transform->hash_func_id, + prot_transform->hash_length_id, + NUM_BEX_HIERARCHIES - 1, + item_anchor, use_hash_trees)), + -1, + "unable to retrieve hchain from bex store\n"); // refill bex-store if necessary HIP_IFEL((err = hcstore_refill(&bex_store, use_hash_trees)) < 0, -1, @@ -250,12 +250,12 @@ */ int esp_prot_init(void) { - int bex_function_id = 0, update_function_id = 0; - int bex_hash_length_id = 0, update_hash_length_id = 0; - int use_hash_trees = 0; - int err = 0, i, j, g; - int activate = 1; - config_t *config = NULL; + int bex_function_id = 0, update_function_id = 0; + int bex_hash_length_id = 0, update_hash_length_id = 0; + int use_hash_trees = 0; + int err = 0, i, j, g; + int activate = 1; + config_t *config = NULL; HIP_DEBUG("Initializing the esp protection extension...\n"); @@ -269,8 +269,8 @@ * NOTE internal structure partially more flexible than interface provided by * config-file */ hash_lengths[NUM_HASH_FUNCTIONS - 1][NUM_HASH_LENGTHS - 1] = hash_length_g; - bex_hchain_length = hash_structure_length; - update_hchain_lengths[NUM_UPDATE_HCHAIN_LENGTHS - 1] = hash_structure_length; + bex_hchain_length = hash_structure_length; + update_hchain_lengths[NUM_UPDATE_HCHAIN_LENGTHS - 1] = hash_structure_length; /* activate the extension in hipd * @@ -283,10 +283,10 @@ /* init the hash-chain stores */ HIP_IFEL(hcstore_init(&bex_store, num_hchains_per_item, refill_threshold), -1, - "failed to initialize the bex-store\n"); + "failed to initialize the bex-store\n"); HIP_IFEL(hcstore_init(&update_store, num_hchains_per_item, refill_threshold), -1, - "failed to initialize the update-store\n"); + "failed to initialize the update-store\n"); HIP_DEBUG("setting up esp_prot_transforms...\n"); @@ -306,15 +306,15 @@ for (i = 0; i < NUM_HASH_FUNCTIONS; i++) { // first we have to register the function HIP_IFEL((bex_function_id = - hcstore_register_function(&bex_store, - hash_functions[i])) < 0, - -1, - "failed to register hash-function in bex-store\n"); + hcstore_register_function(&bex_store, + hash_functions[i])) < 0, + -1, + "failed to register hash-function in bex-store\n"); HIP_IFEL((update_function_id = - hcstore_register_function(&update_store, - hash_functions[i])) < 0, - -1, - "failed to register hash-function in update-store\n"); + hcstore_register_function(&update_store, + hash_functions[i])) < 0, + -1, + "failed to register hash-function in update-store\n"); // ensure the 2 stores are in sync HIP_ASSERT(bex_function_id == update_function_id); @@ -323,15 +323,15 @@ if (hash_lengths[i][j] > 0) { // now we can register the hash lengths for this function HIP_IFEL((bex_hash_length_id = - hcstore_register_hash_length(&bex_store, - bex_function_id, - hash_lengths[i][j])) < 0, - -1, - "failed to register hash-length in bex-store\n"); + hcstore_register_hash_length(&bex_store, + bex_function_id, + hash_lengths[i][j])) < 0, + -1, + "failed to register hash-length in bex-store\n"); HIP_IFEL((update_hash_length_id = hcstore_register_hash_length( &update_store, update_function_id, hash_lengths[i][j])) < 0, -1, - "failed to register hash-length in update-store\n"); + "failed to register hash-length in update-store\n"); // ensure the 2 stores are in sync HIP_ASSERT(bex_hash_length_id == update_hash_length_id); @@ -339,36 +339,36 @@ // store these IDs in the transforms array if (esp_prot_transforms[token_transform].is_used) { esp_prot_transforms[token_transform].hash_func_id = - bex_function_id; + bex_function_id; esp_prot_transforms[token_transform].hash_length_id = - bex_hash_length_id; + bex_hash_length_id; } /* also register the the hchain lengths for this function and this * hash length */ HIP_IFEL(hcstore_register_hash_item_length( - &bex_store, bex_function_id, bex_hash_length_id, - bex_hchain_length) < 0, -1, - "failed to register hchain-length in bex-store\n"); + &bex_store, bex_function_id, bex_hash_length_id, + bex_hchain_length) < 0, -1, + "failed to register hchain-length in bex-store\n"); /* register number of hierarchies in BEX-store */ HIP_IFEL(hcstore_register_hash_item_hierarchy( - &bex_store, bex_function_id, bex_hash_length_id, - bex_hchain_length, NUM_BEX_HIERARCHIES) < 0, -1, - "failed to register hchain-hierarchy in bex-store\n"); + &bex_store, bex_function_id, bex_hash_length_id, + bex_hchain_length, NUM_BEX_HIERARCHIES) < 0, -1, + "failed to register hchain-hierarchy in bex-store\n"); for (g = 0; g < NUM_UPDATE_HCHAIN_LENGTHS; g++) { HIP_IFEL(hcstore_register_hash_item_length( - &update_store, update_function_id, - update_hash_length_id, - update_hchain_lengths[g]) < 0, -1, - "failed to register hchain-length in update-store\n"); + &update_store, update_function_id, + update_hash_length_id, + update_hchain_lengths[g]) < 0, -1, + "failed to register hchain-length in update-store\n"); HIP_IFEL(hcstore_register_hash_item_hierarchy( - &update_store, update_function_id, - update_hash_length_id, update_hchain_lengths[g], - num_hierarchies) < 0, -1, - "failed to register hchain-hierarchy in update-store\n"); + &update_store, update_function_id, + update_hash_length_id, update_hchain_lengths[g], + num_hierarchies) < 0, -1, + "failed to register hchain-hierarchy in update-store\n"); } } else { // for this hash-function we have already processed all hash-lengths @@ -444,11 +444,11 @@ unsigned char (*esp_prot_anchors)[MAX_HASH_LENGTH], const int update) { - int hash_length = 0, err = 0; - int use_hash_trees = 0; - hash_chain_t *hchain = NULL; - hash_tree_t *htree = NULL; - uint16_t i; + int hash_length = 0, err = 0; + int use_hash_trees = 0; + hash_chain_t *hchain = NULL; + hash_tree_t *htree = NULL; + uint16_t i; HIP_ASSERT(entry != 0); HIP_ASSERT(entry->direction == 1 || entry->direction == 2); @@ -473,7 +473,7 @@ HIP_DEBUG("found matching esp prot transforms\n"); // we have to get the hash_length - hash_length = esp_prot_get_hash_length(esp_prot_transform); + hash_length = esp_prot_get_hash_length(esp_prot_transform); entry->update_item_length = hash_item_length; @@ -489,14 +489,14 @@ HIP_IFEL(memcmp(&esp_prot_anchors[i][0], htree->root, hash_length), -1, - "received a non-matching root from hipd for next_hchain\n"); + "received a non-matching root from hipd for next_hchain\n"); } else { hchain = entry->next_hash_items[i]; HIP_IFEL(memcmp(&esp_prot_anchors[i][0], hchain_get_anchor(hchain), hash_length), -1, - "received a non-matching anchor from hipd for next_hchain\n"); + "received a non-matching anchor from hipd for next_hchain\n"); } entry->update_item_acked[i] = 1; @@ -522,9 +522,9 @@ if (i < esp_num_anchors) { HIP_IFEL(!(entry->active_hash_items[i] = esp_prot_get_bex_item_by_anchor( - &esp_prot_anchors[i][0], - esp_prot_transform)), - -1, "corresponding hchain not found\n"); + &esp_prot_anchors[i][0], + esp_prot_transform)), + -1, "corresponding hchain not found\n"); } else { entry->active_hash_items[i] = NULL; } @@ -582,7 +582,7 @@ { esp_prot_tfm_t *prot_transform = NULL; hash_function_t hash_function = NULL; - int err = 0; + int err = 0; HIP_IFEL(!(prot_transform = esp_prot_resolve_transform(transform)), 1, "tried to resolve UNUSED or UNKNOWN transform\n"); @@ -607,7 +607,7 @@ int esp_prot_get_hash_length(const uint8_t transform) { esp_prot_tfm_t *prot_transform = NULL; - int err = 0; + int err = 0; // return length 0 for UNUSED transform HIP_IFEL(!(prot_transform = esp_prot_resolve_transform(transform)), 0, @@ -631,13 +631,13 @@ const uint16_t esp_length, hip_sa_entry_t *entry) { - int err = 0; + int err = 0; hash_function_t hash_function = NULL; - int hash_length = 0; + int hash_length = 0; // check whether cumulative authentication is active if (entry->esp_prot_transform == ESP_PROT_TFM_CUMULATIVE || - entry->esp_prot_transform == ESP_PROT_TFM_PARA_CUMUL) { + entry->esp_prot_transform == ESP_PROT_TFM_PARA_CUMUL) { hash_length = esp_prot_get_hash_length(entry->esp_prot_transform); hash_function = esp_prot_get_hash_function(entry->esp_prot_transform); @@ -668,13 +668,13 @@ int esp_prot_add_hash(unsigned char *esp_packet, int *out_length, hip_sa_entry_t *entry) { - const unsigned char *tmp_hash = NULL; - int err = 0; - uint32_t htree_index = 0; - uint32_t htree_index_net = 0; - hash_chain_t *hchain = NULL; - hash_tree_t *htree = NULL; - int branch_length = 0; + const unsigned char *tmp_hash = NULL; + int err = 0; + uint32_t htree_index = 0; + uint32_t htree_index_net = 0; + hash_chain_t *hchain = NULL; + hash_tree_t *htree = NULL; + int branch_length = 0; HIP_ASSERT(esp_packet != NULL); HIP_ASSERT(*out_length == 0); @@ -696,39 +696,36 @@ memcpy(esp_packet, &htree_index_net, sizeof(uint32_t)); // get hash token and add it - only returns a reference into the array - tmp_hash = htree_get_data(htree, htree_index, - out_length); + tmp_hash = htree_get_data(htree, htree_index, + out_length); memcpy(esp_packet + sizeof(uint32_t), tmp_hash, *out_length); - *out_length += sizeof(uint32_t); + *out_length += sizeof(uint32_t); // add the verification branch - directly memcpy elements into packet HIP_IFEL(!htree_get_branch(htree, htree_index, esp_packet + *out_length, &branch_length), -1, - "failed to get verification branch\n"); + "failed to get verification branch\n"); *out_length += branch_length; HIP_DEBUG("htree_index: %u\n", htree_index); HIP_DEBUG("htree_index (packet): %u\n", *(uint32_t *) esp_packet); - } else { HIP_DEBUG("htree depleted, dropping packet\n"); err = 1; } - } else { - if (token_transform == ESP_PROT_TFM_PARALLEL) { hchain = entry->active_hash_items[entry->last_used_chain]; HIP_DEBUG("entry->last_used_chain: %i\n", entry->last_used_chain); entry->last_used_chain = - (entry->last_used_chain + 1) % num_parallel_hchains; + (entry->last_used_chain + 1) % num_parallel_hchains; } else { hchain = entry->active_hash_items[0]; } @@ -800,7 +797,7 @@ const int next_root_length) { uint32_t tmp_distance = 0; - int err = 0; + int err = 0; HIP_ASSERT(hash_function != NULL); HIP_ASSERT(hash_length > 0); @@ -894,7 +891,7 @@ const int next_uroot_length, const unsigned char *hash_value) { - int err = 0; + int err = 0; uint32_t data_index = 0; HIP_ASSERT(hash_function != NULL); @@ -971,7 +968,7 @@ HIP_DEBUG("resolving transform: %u\n", transform); if (transform > ESP_PROT_TFM_UNUSED && - esp_prot_transforms[transform].is_used) { + esp_prot_transforms[transform].is_used) { return &esp_prot_transforms[transform]; } else { return NULL; @@ -998,7 +995,7 @@ offset += esp_prot_get_hash_length(entry->esp_prot_transform); if (entry->esp_prot_transform == ESP_PROT_TFM_CUMULATIVE - || entry->esp_prot_transform == ESP_PROT_TFM_PARA_CUMUL) { + || entry->esp_prot_transform == ESP_PROT_TFM_PARA_CUMUL) { offset += ((esp_prot_get_hash_length(entry->esp_prot_transform) + sizeof(uint32_t)) * (num_linear_elements + num_random_elements)); } @@ -1018,20 +1015,20 @@ */ int esp_prot_sadb_maintenance(hip_sa_entry_t *entry) { - esp_prot_tfm_t *prot_transform = NULL; - int has_linked_anchor = 0, soft_update = 1; - int err = 0; - int anchor_length = 0; - int anchor_offset[MAX_NUM_PARALLEL_HCHAINS]; + esp_prot_tfm_t *prot_transform = NULL; + int has_linked_anchor = 0, soft_update = 1; + int err = 0; + int anchor_length = 0; + int anchor_offset[MAX_NUM_PARALLEL_HCHAINS]; const unsigned char *anchors[MAX_NUM_PARALLEL_HCHAINS]; - hash_tree_t *htree = NULL; - hash_chain_t *hchain = NULL; - hash_tree_t *link_trees[MAX_NUM_PARALLEL_HCHAINS]; - int hash_item_length = 0; - int remaining = 0, i, j; - int threshold = 0; - int use_hash_trees = 0; - int hierarchy_level = 0; + hash_tree_t *htree = NULL; + hash_chain_t *hchain = NULL; + hash_tree_t *link_trees[MAX_NUM_PARALLEL_HCHAINS]; + int hash_item_length = 0; + int remaining = 0, i, j; + int threshold = 0; + int use_hash_trees = 0; + int hierarchy_level = 0; HIP_ASSERT(entry != NULL); @@ -1044,14 +1041,14 @@ htree = entry->active_hash_items[0]; hash_item_length = htree->num_data_blocks; - remaining = htree_get_num_remaining(htree); - threshold = htree->num_data_blocks * update_threshold; + remaining = htree_get_num_remaining(htree); + threshold = htree->num_data_blocks * update_threshold; } else { hchain = entry->active_hash_items[0]; hash_item_length = hchain->hchain_length; - remaining = hchain_get_num_remaining(hchain); - threshold = hchain->hchain_length * update_threshold; + remaining = hchain_get_num_remaining(hchain); + threshold = hchain->hchain_length * update_threshold; } /* ensure that the next hash-items are set up before the active ones @@ -1077,8 +1074,8 @@ } HIP_IFEL(!(prot_transform = - esp_prot_resolve_transform(entry->esp_prot_transform)), - 1, "tried to resolve UNUSED transform\n"); + esp_prot_resolve_transform(entry->esp_prot_transform)), + 1, "tried to resolve UNUSED transform\n"); /* soft-update vs. PK-update * -> do a soft-update */ @@ -1090,19 +1087,19 @@ while (htree_has_more_data(link_trees[i])) { // get the next hchain from the link_tree anchor_offset[i] = - htree_get_next_data_offset(link_trees[i]); - anchors[i] = - htree_get_data(link_trees[i], anchor_offset[i], - &anchor_length); + htree_get_next_data_offset(link_trees[i]); + anchors[i] = + htree_get_data(link_trees[i], anchor_offset[i], + &anchor_length); // set next_hash_item, if linked one is available - if ((entry->next_hash_items[i]= - hcstore_get_item_by_anchor(&update_store, - prot_transform->hash_func_id, - prot_transform->hash_length_id, - hierarchy_level - 1, - anchors[i], - use_hash_trees))) { + if ((entry->next_hash_items[i] = + hcstore_get_item_by_anchor(&update_store, + prot_transform->hash_func_id, + prot_transform->hash_length_id, + hierarchy_level - 1, + anchors[i], + use_hash_trees))) { HIP_DEBUG("linked hchain found in store, soft-update\n"); has_linked_anchor = 1; @@ -1133,7 +1130,7 @@ /* and restart the loop * NOTE continues results in i++ */ - i = -1; + i = -1; continue; } @@ -1148,10 +1145,10 @@ * hchain lengths */ HIP_IFEL(!(entry->next_hash_items[i] = - hcstore_get_hash_item(&update_store, - prot_transform->hash_func_id, - prot_transform->hash_length_id, - update_hchain_lengths[DEFAULT_HCHAIN_LENGTH_ID])), + hcstore_get_hash_item(&update_store, + prot_transform->hash_func_id, + prot_transform->hash_length_id, + update_hchain_lengths[DEFAULT_HCHAIN_LENGTH_ID])), -1, "unable to retrieve hchain from store\n"); if (use_hash_trees) { @@ -1171,7 +1168,7 @@ HIP_IFEL(send_trigger_update_to_hipd(entry, anchors, hash_item_length, soft_update, anchor_offset, link_trees), -1, - "unable to trigger update at hipd\n"); + "unable to trigger update at hipd\n"); // refill update-store HIP_IFEL((err = hcstore_refill(&update_store, use_hash_trees)) < 0, -1, @@ -1180,7 +1177,7 @@ /* activate next hchains if current ones are depleted and update has been acked * -> assume first hchain represents all parallel ones */ - if (entry->next_hash_items[0] && entry->update_item_acked[0]&& remaining == 0) { + if (entry->next_hash_items[0] && entry->update_item_acked[0] && remaining == 0) { for (i = 0; i < num_parallel_hchains; i++) { // this will free all linked elements in the hchain if (use_hash_trees) { === modified file 'firewall/esp_prot_api.h' --- firewall/esp_prot_api.h 2010-12-13 18:47:14 +0000 +++ firewall/esp_prot_api.h 2011-01-03 16:06:13 +0000 @@ -55,24 +55,24 @@ } esp_prot_tfm_t; -extern int token_transform; -extern int num_parallel_hchains; -extern int ring_buffer_size; -extern int num_linear_elements; -extern int num_random_elements; -extern int hash_length_g; -extern int hash_structure_length; -extern int num_hchains_per_item; -extern int num_hierarchies; +extern int token_transform; +extern int num_parallel_hchains; +extern int ring_buffer_size; +extern int num_linear_elements; +extern int num_random_elements; +extern int hash_length_g; +extern int hash_structure_length; +extern int num_hchains_per_item; +extern int num_hierarchies; extern double refill_threshold; extern double update_threshold; -extern int hash_lengths[NUM_HASH_FUNCTIONS][NUM_HASH_LENGTHS]; +extern int hash_lengths[NUM_HASH_FUNCTIONS][NUM_HASH_LENGTHS]; extern hash_function_t hash_functions[NUM_HASH_FUNCTIONS]; int esp_prot_init(void); int esp_prot_uninit(void); -int esp_prot_sa_entry_set(hip_sa_entry_t *entry, +int esp_prot_sa_entry_set(hip_sa_entry_t * entry, const uint8_t esp_prot_transform, const uint32_t hash_item_length, const uint16_t esp_num_anchors, === modified file 'firewall/esp_prot_config.c' --- firewall/esp_prot_config.c 2010-10-15 15:29:14 +0000 +++ firewall/esp_prot_config.c 2011-01-03 16:06:13 +0000 @@ -46,23 +46,23 @@ #include "config.h" -const char *config_file = HIPL_SYSCONFDIR "/esp_prot_config.cfg"; +const char *config_file = HIPL_SYSCONFDIR "/esp_prot_config.cfg"; const char *path_hash_length = "token_config.hash_length"; const char *path_hash_structure_length = "token_config.hash_structure_length"; const char *path_token_transform = "token_config.token_transform"; -const char *path_num_parallel_hchains = "token_config.token_modes.num_parallel_hchains"; -const char *path_ring_buffer_size = "token_config.token_modes.ring_buffer_size"; -const char *path_num_linear_elements = "token_config.token_modes.num_linear_elements"; -const char *path_num_random_elements = "token_config.token_modes.num_random_elements"; - -const char *path_num_hchains_per_item = "sender.hcstore.num_hchains_per_item"; -const char *path_num_hierarchies = "sender.hcstore.num_hierarchies"; -const char *path_refill_threshold = "sender.hcstore.refill_threshold"; -const char *path_update_threshold = "sender.update_threshold"; - -const char *path_window_size = "verifier.window_size"; +const char *path_num_parallel_hchains = "token_config.token_modes.num_parallel_hchains"; +const char *path_ring_buffer_size = "token_config.token_modes.ring_buffer_size"; +const char *path_num_linear_elements = "token_config.token_modes.num_linear_elements"; +const char *path_num_random_elements = "token_config.token_modes.num_random_elements"; + +const char *path_num_hchains_per_item = "sender.hcstore.num_hchains_per_item"; +const char *path_num_hierarchies = "sender.hcstore.num_hierarchies"; +const char *path_refill_threshold = "sender.hcstore.refill_threshold"; +const char *path_update_threshold = "sender.update_threshold"; + +const char *path_window_size = "verifier.window_size"; #ifdef HAVE_LIBCONFIG /** @@ -84,10 +84,10 @@ * libconfig 1.4, remove the ugly workaround below accordingly. See #134. */ #if defined LIBCONFIG_VER_MAJOR && defined LIBCONFIG_VER_MINOR && (((LIBCONFIG_VER_MAJOR == 1) && (LIBCONFIG_VER_MINOR >= 4)) || (LIBCONFIG_VER_MAJOR > 1)) /* libconfig version 1.4 and later */ - int value = 0; + int value = 0; #else /* libconfig version before 1.4 */ - long value = 0; + long value = 0; #endif int success = config_lookup_int(cfg, name, &value); @@ -97,6 +97,7 @@ } return success; } + #endif /* HAVE_LIBCONFIG */ /** @@ -112,7 +113,7 @@ * * FIXME this should be removed once we go tiny */ #ifdef HAVE_LIBCONFIG - int err = 0; + int err = 0; HIP_IFEL(!(cfg = malloc(sizeof(config_t))), -1, "Unable to allocate memory!\n"); @@ -164,7 +165,6 @@ int err = 0; if (cfg) { - #ifdef HAVE_LIBCONFIG // process parallel hchains-related settings if (!esp_prot_wrap_config_lookup_int(cfg, path_token_transform, @@ -198,9 +198,9 @@ num_parallel_hchains = 2; } - ring_buffer_size = 0; - num_linear_elements = 0; - num_random_elements = 0; + ring_buffer_size = 0; + num_linear_elements = 0; + num_random_elements = 0; break; case ESP_PROT_TFM_CUMULATIVE: @@ -263,7 +263,6 @@ err = -1; goto out_err; #endif /* HAVE_LIBCONFIG */ - } else { HIP_ERROR("no configuration file available\n"); @@ -306,7 +305,6 @@ int err = 0; if (cfg) { - #ifdef HAVE_LIBCONFIG // process hcstore-related settings if (!esp_prot_wrap_config_lookup_int(cfg, path_num_hchains_per_item, @@ -335,7 +333,6 @@ err = -1; goto out_err; #endif /* HAVE_LIBCONFIG */ - } else { HIP_ERROR("no configuration file available\n"); @@ -389,7 +386,6 @@ err = -1; goto out_err; #endif /* HAVE_LIBCONFIG */ - } else { HIP_ERROR("no configuration file available\n"); === modified file 'firewall/esp_prot_conntrack.c' --- firewall/esp_prot_conntrack.c 2010-12-13 19:09:27 +0000 +++ firewall/esp_prot_conntrack.c 2011-01-03 16:06:13 +0000 @@ -107,7 +107,7 @@ static void esp_prot_conntrack_free_cached_item(void *cache_item) { struct esp_anchor_item *anchor_item = NULL; - long i; + long i; if (cache_item) { anchor_item = cache_item; @@ -136,7 +136,7 @@ { struct esp_tuple *esp_tuple = NULL; struct slist *list = NULL; - int err = 0; + int err = 0; HIP_DEBUG("\n"); @@ -189,13 +189,13 @@ const struct esp_prot_anchor **esp_anchors, const struct esp_prot_root **esp_roots) { - struct esp_anchor_item *anchor_item = NULL; - unsigned char *cmp_value = NULL; - struct esp_tuple *esp_tuple = NULL; + struct esp_anchor_item *anchor_item = NULL; + unsigned char *cmp_value = NULL; + struct esp_tuple *esp_tuple = NULL; esp_prot_conntrack_tfm_t *conntrack_tfm = NULL; - int hash_length = 0; - int err = 0; - long i; + int hash_length = 0; + int err = 0; + long i; HIP_DEBUG("\n"); @@ -208,10 +208,10 @@ // needed for allocating and copying the anchors conntrack_tfm = esp_prot_conntrack_resolve_transform( esp_anchors[0]->transform); - hash_length = conntrack_tfm->hash_length; + hash_length = conntrack_tfm->hash_length; HIP_IFEL(!(esp_tuple = esp_prot_conntrack_find_esp_tuple( - tuple, &esp_anchors[0]->anchors[0], hash_length)), -1, + tuple, &esp_anchors[0]->anchors[0], hash_length)), -1, "failed to look up matching esp_tuple\n"); HIP_IFEL(!(anchor_item = malloc(sizeof(struct esp_anchor_item))), -1, @@ -296,16 +296,16 @@ const struct hip_ack *ack, const struct hip_esp_info *esp_info) { - struct esp_anchor_item *anchor_item = NULL; - struct tuple *other_dir_tuple = NULL; - struct esp_tuple *esp_tuple = NULL; - esp_prot_conntrack_tfm_t *conntrack_tfm = NULL; - int hash_length = 0; + struct esp_anchor_item *anchor_item = NULL; + struct tuple *other_dir_tuple = NULL; + struct esp_tuple *esp_tuple = NULL; + esp_prot_conntrack_tfm_t *conntrack_tfm = NULL; + int hash_length = 0; // assume not found - int err = 0; - unsigned element_index = 0; - int found = 0; - long i; + int err = 0; + unsigned element_index = 0; + int found = 0; + long i; HIP_DEBUG("\n"); @@ -330,9 +330,8 @@ HIP_DEBUG("received ack: %u\n", ntohl(ack->peer_update_id)); for (element_index = 0; - element_index < hip_ll_get_size(&esp_tuple->anchor_cache); - element_index++) { - + element_index < hip_ll_get_size(&esp_tuple->anchor_cache); + element_index++) { HIP_IFEL(!(anchor_item = (struct esp_anchor_item *) hip_ll_get(&esp_tuple->anchor_cache, element_index)), @@ -352,7 +351,7 @@ // needed for allocating and copying the anchors conntrack_tfm = esp_prot_conntrack_resolve_transform( esp_tuple->esp_prot_tfm); - hash_length = conntrack_tfm->hash_length; + hash_length = conntrack_tfm->hash_length; esp_tuple->hash_item_length = anchor_item->hash_item_length; for (i = 0; i < esp_tuple->num_hchains; i++) { @@ -419,12 +418,12 @@ const struct esp_prot_secret *esp_secrets[MAX_NUM_PARALLEL_HCHAINS]) { esp_prot_conntrack_tfm_t *conntrack_tfm = NULL; - int hash_length = 0; - struct esp_tuple *esp_tuple = NULL; - int err = 0; - int i = 0; - uint32_t branch_length = 0; - uint32_t anchor_offset = 0; + int hash_length = 0; + struct esp_tuple *esp_tuple = NULL; + int err = 0; + int i = 0; + uint32_t branch_length = 0; + uint32_t anchor_offset = 0; HIP_DEBUG("\n"); @@ -435,13 +434,13 @@ // needed for allocating and copying the anchors conntrack_tfm = esp_prot_conntrack_resolve_transform( - esp_anchors[0]->transform); + esp_anchors[0]->transform); hash_length = conntrack_tfm->hash_length; HIP_IFEL(!(esp_tuple = esp_prot_conntrack_find_esp_tuple( - tuple, &esp_anchors[0]->anchors[0], - hash_length)), - -1, "failed to look up matching esp_tuple\n"); + tuple, &esp_anchors[0]->anchors[0], + hash_length)), + -1, "failed to look up matching esp_tuple\n"); for (i = 0; i < esp_tuple->num_hchains; i++) { branch_length = ntohl(esp_branches[i]->branch_length); @@ -461,7 +460,6 @@ htree_node_generator, NULL)) { HIP_DEBUG("anchor verified\n"); - } else { HIP_DEBUG("failed to verify branch!\n"); @@ -481,7 +479,7 @@ int esp_prot_conntrack_init(void) { config_t *config = NULL; - int err = 0, i, j; + int err = 0, i, j; HIP_DEBUG("Initializing conntracking of esp protection extension...\n"); @@ -515,9 +513,9 @@ if (esp_prot_conntrack_tfms[token_transform].is_used) { esp_prot_conntrack_tfms[token_transform].hash_function = - hash_functions[i]; + hash_functions[i]; esp_prot_conntrack_tfms[token_transform].hash_length = - hash_lengths[i][j]; + hash_lengths[i][j]; } } } @@ -554,7 +552,7 @@ const struct tuple *tuple) { const struct esp_prot_preferred_tfms *prot_transforms = NULL; - int err = 0, i; + int err = 0, i; HIP_DEBUG("\n"); @@ -610,13 +608,13 @@ int esp_prot_conntrack_I2_anchor(const struct hip_common *common, struct tuple *tuple) { - const struct hip_tlv_common *param = NULL; - const struct esp_prot_anchor *prot_anchor = NULL; - struct esp_tuple *esp_tuple = NULL; - esp_prot_conntrack_tfm_t *conntrack_tfm = NULL; - long i = 0; - int hash_length = 0; - int err = 0; + const struct hip_tlv_common *param = NULL; + const struct esp_prot_anchor *prot_anchor = NULL; + struct esp_tuple *esp_tuple = NULL; + esp_prot_conntrack_tfm_t *conntrack_tfm = NULL; + long i = 0; + int hash_length = 0; + int err = 0; HIP_DEBUG("\n"); @@ -652,7 +650,7 @@ HIP_DEBUG("using esp prot transform: %u\n", esp_tuple->esp_prot_tfm); if (esp_tuple->esp_prot_tfm > ESP_PROT_TFM_UNUSED) { - conntrack_tfm = esp_prot_conntrack_resolve_transform( + conntrack_tfm = esp_prot_conntrack_resolve_transform( esp_tuple->esp_prot_tfm); hash_length = conntrack_tfm->hash_length; esp_tuple->hash_item_length = ntohl(prot_anchor->hash_item_length); @@ -731,7 +729,7 @@ struct esp_tuple *esp_prot_conntrack_R2_esp_tuple(const struct slist *other_dir_esps) { struct esp_tuple *esp_tuple = NULL; - int err = 0; + int err = 0; HIP_DEBUG("\n"); @@ -768,13 +766,13 @@ int esp_prot_conntrack_R2_anchor(const struct hip_common *common, const struct tuple *tuple) { - const struct hip_tlv_common *param = NULL; - const struct esp_prot_anchor *prot_anchor = NULL; - struct esp_tuple *esp_tuple = NULL; - esp_prot_conntrack_tfm_t *conntrack_tfm = NULL; - long i = 0; - int hash_length = 0; - int err = 0; + const struct hip_tlv_common *param = NULL; + const struct esp_prot_anchor *prot_anchor = NULL; + struct esp_tuple *esp_tuple = NULL; + esp_prot_conntrack_tfm_t *conntrack_tfm = NULL; + long i = 0; + int hash_length = 0; + int err = 0; HIP_DEBUG("\n"); @@ -800,9 +798,9 @@ HIP_DEBUG("using esp prot transform: %u\n", esp_tuple->esp_prot_tfm); if (esp_tuple->esp_prot_tfm > ESP_PROT_TFM_UNUSED) { - conntrack_tfm = esp_prot_conntrack_resolve_transform( + conntrack_tfm = esp_prot_conntrack_resolve_transform( esp_tuple->esp_prot_tfm); - hash_length = conntrack_tfm->hash_length; + hash_length = conntrack_tfm->hash_length; esp_tuple->hash_item_length = ntohl(prot_anchor->hash_item_length); @@ -872,14 +870,14 @@ int esp_prot_conntrack_update(const hip_common_t *update, const struct tuple *tuple) { - const struct hip_tlv_common *param = NULL; - const struct hip_seq *seq = NULL; - const struct hip_ack *ack = NULL; - const struct hip_esp_info *esp_info = NULL; + const struct hip_tlv_common *param = NULL; + const struct hip_seq *seq = NULL; + const struct hip_ack *ack = NULL; + const struct hip_esp_info *esp_info = NULL; const struct esp_prot_anchor *esp_anchors[MAX_NUM_PARALLEL_HCHAINS]; - const struct esp_prot_root *esp_roots[MAX_NUM_PARALLEL_HCHAINS]; - int err = 0; - long i = 0; + const struct esp_prot_root *esp_roots[MAX_NUM_PARALLEL_HCHAINS]; + int err = 0; + long i = 0; HIP_DEBUG("\n"); @@ -893,7 +891,7 @@ esp_info = hip_get_param(update, HIP_PARAM_ESP_INFO); ack = hip_get_param(update, HIP_PARAM_ACK); // there might be several anchor elements - param = hip_get_param(update, HIP_PARAM_ESP_PROT_ANCHOR); + param = hip_get_param(update, HIP_PARAM_ESP_PROT_ANCHOR); // distinguish packet types and process accordingly if (seq && !ack && !esp_info && param) { @@ -903,7 +901,7 @@ for (i = 0; i < num_parallel_hchains; i++) { esp_anchors[i] = (const struct esp_prot_anchor *) param; - param = hip_get_next_param(update, param); + param = hip_get_next_param(update, param); } param = hip_get_param(update, HIP_PARAM_ESP_PROT_ROOT); @@ -912,7 +910,7 @@ for (i = 0; i < num_parallel_hchains; i++) { esp_roots[i] = (const struct esp_prot_root *) param; - param = hip_get_next_param(update, param); + param = hip_get_next_param(update, param); } } @@ -977,18 +975,18 @@ struct tuple *tuple, const hip_fw_context_t *ctx) { - const struct hip_seq *seq = NULL; - const struct hip_tlv_common *param = NULL; + const struct hip_seq *seq = NULL; + const struct hip_tlv_common *param = NULL; const struct esp_prot_anchor *esp_anchors[MAX_NUM_PARALLEL_HCHAINS]; const struct esp_prot_branch *esp_branches[MAX_NUM_PARALLEL_HCHAINS]; const struct esp_prot_secret *esp_secrets[MAX_NUM_PARALLEL_HCHAINS]; - const struct esp_prot_root *esp_roots[MAX_NUM_PARALLEL_HCHAINS]; - const struct hip_ack *ack = NULL; - const struct hip_esp_info *esp_info = NULL; - const struct in6_addr *ip6_src = &ctx->src; - const struct in6_addr *ip6_dst = &ctx->dst; - int err = 0; - long i; + const struct esp_prot_root *esp_roots[MAX_NUM_PARALLEL_HCHAINS]; + const struct hip_ack *ack = NULL; + const struct hip_esp_info *esp_info = NULL; + const struct in6_addr *ip6_src = &ctx->src; + const struct in6_addr *ip6_dst = &ctx->dst; + int err = 0; + long i; HIP_DEBUG("\n"); @@ -1010,21 +1008,21 @@ for (i = 0; i < num_parallel_hchains; i++) { esp_anchors[i] = (const struct esp_prot_anchor *) param; - param = hip_get_next_param(common, param); + param = hip_get_next_param(common, param); } param = hip_get_param(common, HIP_PARAM_ESP_PROT_BRANCH); for (i = 0; i < num_parallel_hchains; i++) { esp_branches[i] = (const struct esp_prot_branch *) param; - param = hip_get_next_param(common, param); + param = hip_get_next_param(common, param); } param = hip_get_param(common, HIP_PARAM_ESP_PROT_SECRET); for (i = 0; i < num_parallel_hchains; i++) { esp_secrets[i] = (const struct esp_prot_secret *) param; - param = hip_get_next_param(common, param); + param = hip_get_next_param(common, param); } param = hip_get_param(common, HIP_PARAM_ESP_PROT_ROOT); @@ -1032,7 +1030,7 @@ for (i = 0; i < num_parallel_hchains; i++) { esp_roots[i] = (const struct esp_prot_root *) param; - param = hip_get_next_param(common, param); + param = hip_get_next_param(common, param); } } else { memset(esp_roots, 0, MAX_NUM_PARALLEL_HCHAINS * sizeof(struct esp_prot_root *)); @@ -1056,7 +1054,7 @@ // verify tree HIP_IFEL(esp_prot_conntrack_verify_branch(tuple, esp_anchors, esp_branches, esp_secrets), -1, - "failed to verify branch\n"); + "failed to verify branch\n"); // cache update_anchor and root HIP_IFEL(esp_prot_conntrack_cache_anchor(tuple, seq, esp_anchors, esp_roots), -1, @@ -1089,16 +1087,16 @@ int esp_prot_conntrack_verify(const hip_fw_context_t *ctx, struct esp_tuple *esp_tuple) { - esp_prot_conntrack_tfm_t *conntrack_tfm = NULL; - struct hip_esp *esp = NULL; - int esp_len = 0; - uint32_t num_verify = 0; - int use_hash_trees = 0; - esp_cumulative_item_t *cached_element = NULL; - unsigned char packet_hash[MAX_HASH_LENGTH]; - esp_cumulative_item_t *cumulative_ptr = NULL; - int active_hchain = 0, err = 0, i; - uint32_t current_seq = 0; + esp_prot_conntrack_tfm_t *conntrack_tfm = NULL; + struct hip_esp *esp = NULL; + int esp_len = 0; + uint32_t num_verify = 0; + int use_hash_trees = 0; + esp_cumulative_item_t *cached_element = NULL; + unsigned char packet_hash[MAX_HASH_LENGTH]; + esp_cumulative_item_t *cumulative_ptr = NULL; + int active_hchain = 0, err = 0, i; + uint32_t current_seq = 0; HIP_DEBUG("\n"); @@ -1106,8 +1104,8 @@ conntrack_tfm = esp_prot_conntrack_resolve_transform( esp_tuple->esp_prot_tfm); - esp = ctx->transport_hdr.esp; - esp_len = ctx->ipq_packet->data_len - ctx->ip_hdr_len; + esp = ctx->transport_hdr.esp; + esp_len = ctx->ipq_packet->data_len - ctx->ip_hdr_len; if (ctx->udp_encap_hdr) { esp_len -= sizeof(struct udphdr); } @@ -1143,7 +1141,7 @@ /* calculate difference of SEQ no in order to determine how many hashes * we have to calculate */ if (ntohl(esp->esp_seq) - esp_tuple->seq_no > 0 && - ntohl(esp->esp_seq) - esp_tuple->seq_no <= (unsigned)window_size) { + ntohl(esp->esp_seq) - esp_tuple->seq_no <= (unsigned) window_size) { HIP_DEBUG("seq number within verification window\n"); num_verify = ntohl(esp->esp_seq) - esp_tuple->seq_no; @@ -1231,10 +1229,10 @@ conntrack_tfm->hash_length); } else { // don't copy the next anchor, but the already verified hash - memcpy( &esp_tuple->active_anchors[active_hchain][0], ((unsigned char *) esp) + sizeof(struct hip_esp), - conntrack_tfm->hash_length); - memcpy( &esp_tuple->first_active_anchors[active_hchain][0], &esp_tuple->next_anchors[active_hchain][0], - conntrack_tfm->hash_length); + memcpy(&esp_tuple->active_anchors[active_hchain][0], ((unsigned char *) esp) + sizeof(struct hip_esp), + conntrack_tfm->hash_length); + memcpy(&esp_tuple->first_active_anchors[active_hchain][0], &esp_tuple->next_anchors[active_hchain][0], + conntrack_tfm->hash_length); } // change roots === modified file 'firewall/esp_prot_fw_msg.c' --- firewall/esp_prot_fw_msg.c 2010-12-06 19:41:51 +0000 +++ firewall/esp_prot_fw_msg.c 2011-01-03 16:06:13 +0000 @@ -68,16 +68,16 @@ static hip_common_t *create_bex_store_update_msg(hchain_store_t *hcstore, const int use_hash_trees) { - struct hip_common *msg = NULL; - int hash_length = 0, num_hchains = 0; - esp_prot_tfm_t *transform = NULL; - hash_chain_t *hchain = NULL; - hash_tree_t *htree = NULL; - unsigned char *anchor = NULL; - int err = 0; - unsigned j = 0; - uint8_t i = 0; - int hash_item_length = 0; + struct hip_common *msg = NULL; + int hash_length = 0, num_hchains = 0; + esp_prot_tfm_t *transform = NULL; + hash_chain_t *hchain = NULL; + hash_tree_t *htree = NULL; + unsigned char *anchor = NULL; + int err = 0; + unsigned j = 0; + uint8_t i = 0; + int hash_item_length = 0; HIP_ASSERT(hcstore != NULL); @@ -188,10 +188,10 @@ */ int send_esp_prot_to_hipd(const int activate) { - struct hip_common *msg = NULL; - int num_transforms = 0; - int err = 0, i; - uint8_t transform = 0; + struct hip_common *msg = NULL; + int num_transforms = 0; + int err = 0, i; + uint8_t transform = 0; HIP_ASSERT(activate >= 0); @@ -288,7 +288,7 @@ const int use_hash_trees) { struct hip_common *msg = NULL; - int err = 0; + int err = 0; HIP_ASSERT(hcstore != NULL); @@ -326,24 +326,24 @@ * @return 0 on success, -1 on error */ int send_trigger_update_to_hipd(const hip_sa_entry_t *entry, - const unsigned char *anchors[MAX_NUM_PARALLEL_HCHAINS], - const int hash_item_length, const int soft_update, - const int *anchor_offset, - hash_tree_t *link_trees[MAX_NUM_PARALLEL_HCHAINS]) + const unsigned char *anchors[MAX_NUM_PARALLEL_HCHAINS], + const int hash_item_length, const int soft_update, + const int *anchor_offset, + hash_tree_t *link_trees[MAX_NUM_PARALLEL_HCHAINS]) { - int err = 0; - int i = 0; - struct hip_common *msg = NULL; - int hash_length = 0; - hash_chain_t *hchain = NULL; - hash_tree_t *htree = NULL; - hash_tree_t *link_tree = NULL; - int secret_length = 0; - int branch_length = 0; - int root_length = 0; - const unsigned char *secret = NULL; - unsigned char *branch_nodes = NULL; - const unsigned char *root = NULL; + int err = 0; + int i = 0; + struct hip_common *msg = NULL; + int hash_length = 0; + hash_chain_t *hchain = NULL; + hash_tree_t *htree = NULL; + hash_tree_t *link_tree = NULL; + int secret_length = 0; + int branch_length = 0; + int root_length = 0; + const unsigned char *secret = NULL; + unsigned char *branch_nodes = NULL; + const unsigned char *root = NULL; HIP_ASSERT(entry != NULL); @@ -361,17 +361,17 @@ HIP_DEBUG_HIT("src_hit", &entry->inner_src_addr); HIP_IFEL(hip_build_param_contents(msg, &entry->inner_src_addr, HIP_PARAM_HIT, sizeof(struct in6_addr)), - -1, "build param contents failed\n"); + -1, "build param contents failed\n"); HIP_DEBUG_HIT("dst_hit", &entry->inner_dst_addr); HIP_IFEL(hip_build_param_contents(msg, &entry->inner_dst_addr, HIP_PARAM_HIT, sizeof(struct in6_addr)), - -1, "build param contents failed\n"); + -1, "build param contents failed\n"); HIP_DEBUG("esp_prot_transform: %u\n", entry->esp_prot_transform); HIP_IFEL(hip_build_param_contents(msg, &entry->esp_prot_transform, HIP_PARAM_ESP_PROT_TFM, sizeof(uint8_t)), - -1, "build param contents failed\n"); + -1, "build param contents failed\n"); // also send the hchain/htree length for all update items HIP_IFEL(hip_build_param_contents(msg, &hash_item_length, HIP_PARAM_INT, @@ -389,7 +389,7 @@ HIP_IFEL(hip_build_param_contents(msg, anchors[i], HIP_PARAM_HCHAIN_ANCHOR, hash_length), -1, - "build param contents failed\n"); + "build param contents failed\n"); } // now transmit root for each next hash item for tree-based updates, if available @@ -414,7 +414,7 @@ HIP_IFEL(hip_build_param_contents(msg, &root_length, HIP_PARAM_INT, sizeof(int)), -1, - "build param contents failed\n"); + "build param contents failed\n"); } if (root) { @@ -428,7 +428,7 @@ HIP_DEBUG("soft_update: %i\n", soft_update); HIP_IFEL(hip_build_param_contents(msg, &soft_update, HIP_PARAM_INT, sizeof(int)), -1, - "build param contents failed\n"); + "build param contents failed\n"); if (soft_update) { for (i = 0; i < num_parallel_hchains; i++) { @@ -437,37 +437,37 @@ HIP_IFEL(!(branch_nodes = htree_get_branch(link_trees[i], anchor_offset[i], NULL, &branch_length)), -1, - "failed to get branch nodes\n"); + "failed to get branch nodes\n"); HIP_DEBUG("anchor_offset: %i\n", anchor_offset[i]); HIP_IFEL(hip_build_param_contents(msg, &anchor_offset[i], HIP_PARAM_INT, sizeof(int)), -1, - "build param contents failed\n"); + "build param contents failed\n"); HIP_DEBUG("secret_length: %i\n", secret_length); HIP_IFEL(hip_build_param_contents(msg, &secret_length, HIP_PARAM_INT, sizeof(int)), -1, - "build param contents failed\n"); + "build param contents failed\n"); HIP_DEBUG("branch_length: %i\n", branch_length); HIP_IFEL(hip_build_param_contents(msg, &branch_length, HIP_PARAM_INT, sizeof(int)), -1, - "build param contents failed\n"); + "build param contents failed\n"); HIP_HEXDUMP("secret: ", secret, secret_length); HIP_IFEL(hip_build_param_contents(msg, secret, HIP_PARAM_SECRET, secret_length), -1, - "build param contents failed\n"); + "build param contents failed\n"); HIP_HEXDUMP("branch_nodes: ", branch_nodes, branch_length); HIP_IFEL(hip_build_param_contents(msg, branch_nodes, HIP_PARAM_BRANCH_NODES, branch_length), -1, - "build param contents failed\n"); + "build param contents failed\n"); } } @@ -496,13 +496,13 @@ */ int send_anchor_change_to_hipd(const hip_sa_entry_t *entry) { - int err = 0; - struct hip_common *msg = NULL; - int hash_length = 0; - long i = 0; - unsigned char *anchor = NULL; - hash_chain_t *hchain = NULL; - hash_tree_t *htree = NULL; + int err = 0; + struct hip_common *msg = NULL; + int hash_length = 0; + long i = 0; + unsigned char *anchor = NULL; + hash_chain_t *hchain = NULL; + hash_tree_t *htree = NULL; HIP_ASSERT(entry != NULL); HIP_ASSERT(entry->direction == HIP_SPI_DIRECTION_OUT); @@ -521,22 +521,22 @@ HIP_DEBUG_HIT("src_hit", &entry->inner_src_addr); HIP_IFEL(hip_build_param_contents(msg, &entry->inner_src_addr, HIP_PARAM_HIT, sizeof(struct in6_addr)), - -1, "build param contents failed\n"); + -1, "build param contents failed\n"); HIP_DEBUG_HIT("dst_hit", &entry->inner_dst_addr); HIP_IFEL(hip_build_param_contents(msg, &entry->inner_dst_addr, HIP_PARAM_HIT, sizeof(struct in6_addr)), - -1, "build param contents failed\n"); + -1, "build param contents failed\n"); HIP_DEBUG("direction: %i\n", entry->direction); HIP_IFEL(hip_build_param_contents(msg, &entry->direction, HIP_PARAM_INT, sizeof(int)), -1, - "build param contents failed\n"); + "build param contents failed\n"); HIP_DEBUG("esp_prot_transform: %u\n", entry->esp_prot_transform); HIP_IFEL(hip_build_param_contents(msg, &entry->esp_prot_transform, HIP_PARAM_ESP_PROT_TFM, sizeof(uint8_t)), - -1, "build param contents failed\n"); + -1, "build param contents failed\n"); HIP_DEBUG("esp_prot_num_parallel_hchains: %u\n", num_parallel_hchains); HIP_IFEL(hip_build_param_contents(msg, &num_parallel_hchains, @@ -556,7 +556,7 @@ HIP_HEXDUMP("anchor: ", anchor, hash_length); HIP_IFEL(hip_build_param_contents(msg, anchor, HIP_PARAM_HCHAIN_ANCHOR, hash_length), - -1, "build param contents failed\n"); + -1, "build param contents failed\n"); } HIP_DUMP_MSG(msg); @@ -585,15 +585,15 @@ * @return 0 on success, -1 on error */ int esp_prot_handle_sa_add_request(const struct hip_common *msg, - uint8_t *esp_prot_transform, - uint16_t *num_anchors, - unsigned char (*esp_prot_anchors)[MAX_HASH_LENGTH], - uint32_t *hash_item_length) + uint8_t *esp_prot_transform, + uint16_t *num_anchors, + unsigned char (*esp_prot_anchors)[MAX_HASH_LENGTH], + uint32_t *hash_item_length) { - const struct hip_tlv_common *param = NULL; - int hash_length = 0, err = 0; - const unsigned char *anchor = NULL; - uint16_t i; + const struct hip_tlv_common *param = NULL; + int hash_length = 0, err = 0; + const unsigned char *anchor = NULL; + uint16_t i; *num_anchors = 0; *esp_prot_transform = 0; === modified file 'firewall/esp_prot_fw_msg.h' --- firewall/esp_prot_fw_msg.h 2010-10-15 15:29:14 +0000 +++ firewall/esp_prot_fw_msg.h 2011-01-03 16:06:13 +0000 @@ -45,17 +45,17 @@ int send_esp_prot_to_hipd(const int active); int send_bex_store_update_to_hipd(hchain_store_t *hcstore, const int use_hash_trees); -int send_trigger_update_to_hipd(const hip_sa_entry_t *entry, +int send_trigger_update_to_hipd(const hip_sa_entry_t * entry, const unsigned char *anchors[MAX_NUM_PARALLEL_HCHAINS], const int hash_item_length, const int soft_update, const int *anchor_offset, - hash_tree_t *link_trees[MAX_NUM_PARALLEL_HCHAINS]); + hash_tree_t * link_trees[MAX_NUM_PARALLEL_HCHAINS]); int send_anchor_change_to_hipd(const hip_sa_entry_t *entry); int esp_prot_handle_sa_add_request(const struct hip_common *msg, - uint8_t *esp_prot_transform, - uint16_t *num_anchors, + uint8_t * esp_prot_transform, + uint16_t * num_anchors, unsigned char (*esp_prot_anchors)[MAX_HASH_LENGTH], - uint32_t *hash_item_length); + uint32_t * hash_item_length); #endif /* HIP_FIREWALL_ESP_PROT_FW_MSG_H */ === modified file 'firewall/file_buffer.c' --- firewall/file_buffer.c 2010-11-12 17:49:42 +0000 +++ firewall/file_buffer.c 2011-01-03 16:06:13 +0000 @@ -80,8 +80,8 @@ /* First, we try to determine the current file size for the new buffer size. * If that fails (it does, e.g., for proc files), we just increase the * current buffer size. */ - errno = 0; - file_size = lseek(fb->fd, 0, SEEK_END); + errno = 0; + file_size = lseek(fb->fd, 0, SEEK_END); if (file_size != -1 || EINVAL == errno) { if (file_size != -1) { fb->buffer_size = file_size + HIP_FB_HEADROOM; // add a little head room @@ -191,8 +191,8 @@ fb->fd = -1; } free(fb->ma.start); - fb->ma.start = NULL; - fb->ma.end = NULL; + fb->ma.start = NULL; + fb->ma.end = NULL; } } @@ -217,7 +217,7 @@ while (1) { ssize_t bytes; - off_t seek_offset; + off_t seek_offset; // can we re-read the whole file into the memory buffer? seek_offset = lseek(fb->fd, 0, SEEK_SET); @@ -232,7 +232,7 @@ HIP_ERROR("Reading the contents of the file descriptor %d via read() into a memory buffer of size %d failed with the error %s\n", fb->fd, fb->buffer_size, strerror(errno)); break; - } else if ((size_t)bytes == fb->buffer_size) { + } else if ((size_t) bytes == fb->buffer_size) { // we can't fit the file into the memory buffer -> resize it if (hip_fb_resize(fb) == 0) { // successful resize -> retry reading === modified file 'firewall/firewall.c' --- firewall/firewall.c 2010-12-27 14:44:02 +0000 +++ firewall/firewall.c 2011-01-03 16:06:13 +0000 @@ -143,13 +143,13 @@ /* externally used state */ // TODO try to decrease number of globally used variables -int filter_traffic = HIP_FW_FILTER_TRAFFIC_BY_DEFAULT; -int hip_kernel_ipsec_fallback = 0; -int hip_lsi_support = 0; -int system_based_opp_mode = 0; -int esp_relay = 0; +int filter_traffic = HIP_FW_FILTER_TRAFFIC_BY_DEFAULT; +int hip_kernel_ipsec_fallback = 0; +int hip_lsi_support = 0; +int system_based_opp_mode = 0; +int esp_relay = 0; #ifdef CONFIG_HIP_MIDAUTH -int use_midauth = 0; +int use_midauth = 0; #endif /** Use this to send and receive responses to hipd. Notice that @@ -162,12 +162,12 @@ * * @todo make accessible through send function, no-one should read on that */ -int hip_fw_sock = 0; +int hip_fw_sock = 0; /** * Use this socket *only* for receiving async messages from hipd * @todo make static, no-one should read on that */ -int hip_fw_async_sock = 0; +int hip_fw_async_sock = 0; /** * display usage of firewall to stdout @@ -213,8 +213,8 @@ */ static int hip_fw_init_userspace_ipsec(void) { - int err = 0; - int ver_c; + int err = 0; + int ver_c; struct utsname name; HIP_IFEL(uname(&name), -1, "Failed to retrieve kernel information: %s\n", @@ -437,7 +437,6 @@ return err; } - /* * Initialize rules for filtering traffic * @@ -553,7 +552,7 @@ /* Still accept HIP traffic as if the -A flag had been given * instead of -F */ accept_hip_esp_traffic_by_default = 1; - restore_accept_hip_esp_traffic = 1; + restore_accept_hip_esp_traffic = 1; firewall_init_filter_traffic(); hip_fw_init_esp_prot_conntrack(); @@ -607,11 +606,11 @@ */ static int hip_query_default_local_hit_from_hipd(void) { - int err = 0; - struct hip_common *msg = NULL; + int err = 0; + struct hip_common *msg = NULL; const struct hip_tlv_common *param = NULL; - const hip_hit_t *hit = NULL; - const hip_lsi_t *lsi = NULL; + const hip_hit_t *hit = NULL; + const hip_lsi_t *lsi = NULL; HIP_IFE(!(msg = hip_msg_alloc()), -1); HIP_IFEL(hip_build_user_hdr(msg, HIP_MSG_DEFAULT_HIT, 0), -1, @@ -745,9 +744,9 @@ */ static void firewall_probe_kernel_modules(void) { - int count, err, status; - char cmd[40]; - int mod_total; + int count, err, status; + char cmd[40]; + int mod_total; const char *mod_name[] = { "ip_queue", "ip6_queue", "iptable_filter", "ip6table_filter" }; @@ -858,9 +857,9 @@ if (esp_relay && ctx->udp_encap_hdr && ((ret = hipfw_relay_esp(ctx)) <= 0)) { - /* 0: drop original and reinject new packet - -1: accept reinject packet and avoid filter_esp_state - 1: just let it pass => proceed to filter */ + /* 0: drop original and reinject new packet + * -1: accept reinject packet and avoid filter_esp_state + * 1: just let it pass => proceed to filter */ if (ret == 0) { HIP_DEBUG("Drop original and reinject relayed ESP packet\n"); verdict = 0; @@ -868,7 +867,7 @@ HIP_DEBUG("Accept reinjected packet\n"); verdict = 1; } else { - HIP_ASSERT(0); + HIP_ASSERT(0); } } else if (filter_esp_state(ctx) > 0) { verdict = 1; @@ -903,14 +902,14 @@ hip_fw_context_t *ctx) { // complete rule list for hook (== IN / OUT / FORWARD) - struct dlist *list = read_rules(hook); - struct rule *rule = NULL; + struct dlist *list = read_rules(hook); + struct rule *rule = NULL; // assume match for current rule - int match = 1, print_addr = 0; + int match = 1, print_addr = 0; // assume packet has not yet passed connection tracking - int conntracked = 0; + int conntracked = 0; // block traffic by default - int verdict = 0; + int verdict = 0; HIP_DEBUG("\n"); @@ -925,25 +924,25 @@ if (buf->type_hdr == HIP_I1) { HIP_INFO("received packet type: I1\n"); print_addr = 1; - } else if (buf->type_hdr == HIP_R1) { + } else if (buf->type_hdr == HIP_R1) { HIP_INFO("received packet type: R1\n"); print_addr = 1; - } else if (buf->type_hdr == HIP_I2) { + } else if (buf->type_hdr == HIP_I2) { HIP_INFO("received packet type: I2\n"); print_addr = 1; - } else if (buf->type_hdr == HIP_R2) { + } else if (buf->type_hdr == HIP_R2) { HIP_INFO("received packet type: R2\n"); print_addr = 1; - } else if (buf->type_hdr == HIP_UPDATE) { + } else if (buf->type_hdr == HIP_UPDATE) { HIP_INFO("received packet type: UPDATE\n"); print_addr = 1; - } else if (buf->type_hdr == HIP_CLOSE) { + } else if (buf->type_hdr == HIP_CLOSE) { HIP_INFO("received packet type: CLOSE\n"); print_addr = 1; - } else if (buf->type_hdr == HIP_CLOSE_ACK) { + } else if (buf->type_hdr == HIP_CLOSE_ACK) { HIP_INFO("received packet type: CLOSE_ACK\n"); print_addr = 1; - } else if (buf->type_hdr == HIP_NOTIFY) { + } else if (buf->type_hdr == HIP_NOTIFY) { HIP_DEBUG("received packet type: NOTIFY\n"); } else if (buf->type_hdr == HIP_LUPDATE) { HIP_DEBUG("received packet type: LIGHT UPDATE\n"); @@ -1042,7 +1041,6 @@ if (!filter_state(ip6_src, ip6_dst, buf, rule->state, rule->accept, ctx)) { match = 0; - } else { // if it is a valid packet, this also tracked the packet conntracked = 1; @@ -1143,7 +1141,8 @@ * * @return the verdict (1 for pass and 0 for drop) */ -static int hip_fw_handle_hip_output(hip_fw_context_t *ctx){ +static int hip_fw_handle_hip_output(hip_fw_context_t *ctx) +{ int verdict = accept_hip_esp_traffic_by_default; HIP_DEBUG("hip_fw_handle_hip_output \n"); @@ -1201,7 +1200,6 @@ accept_normal_traffic_by_default); if (ctx->ip_version == 6 && hip_userspace_ipsec) { - hip_hit_t *def_hit = hip_fw_get_default_hit(); HIP_DEBUG_HIT("destination hit: ", &ctx->dst); @@ -1232,7 +1230,7 @@ } } else if (system_based_opp_mode) { verdict = hip_fw_handle_outgoing_system_based_opp(ctx, - accept_normal_traffic_by_default); + accept_normal_traffic_by_default); } } @@ -1431,10 +1429,10 @@ NF_IP_FORWARD); // funtion pointers for the respective packet handlers - hip_fw_handler[NF_IP_LOCAL_IN][OTHER_PACKET] = hip_fw_handle_other_input; - hip_fw_handler[NF_IP_LOCAL_IN][HIP_PACKET] = hip_fw_handle_hip_input; - hip_fw_handler[NF_IP_LOCAL_IN][ESP_PACKET] = hip_fw_handle_esp_input; - hip_fw_handler[NF_IP_LOCAL_IN][TCP_PACKET] = hip_fw_handle_tcp_input; + hip_fw_handler[NF_IP_LOCAL_IN][OTHER_PACKET] = hip_fw_handle_other_input; + hip_fw_handler[NF_IP_LOCAL_IN][HIP_PACKET] = hip_fw_handle_hip_input; + hip_fw_handler[NF_IP_LOCAL_IN][ESP_PACKET] = hip_fw_handle_esp_input; + hip_fw_handler[NF_IP_LOCAL_IN][TCP_PACKET] = hip_fw_handle_tcp_input; hip_fw_handler[NF_IP_LOCAL_OUT][OTHER_PACKET] = hip_fw_handle_other_output; hip_fw_handler[NF_IP_LOCAL_OUT][HIP_PACKET] = hip_fw_handle_hip_output; @@ -1442,10 +1440,10 @@ hip_fw_handler[NF_IP_LOCAL_OUT][TCP_PACKET] = hip_fw_handle_tcp_output; //apply rules for forwarded hip and esp traffic - hip_fw_handler[NF_IP_FORWARD][HIP_PACKET] = hip_fw_handle_hip_forward; - hip_fw_handler[NF_IP_FORWARD][ESP_PACKET] = hip_fw_handle_esp_forward; + hip_fw_handler[NF_IP_FORWARD][HIP_PACKET] = hip_fw_handle_hip_forward; + hip_fw_handler[NF_IP_FORWARD][ESP_PACKET] = hip_fw_handle_esp_forward; //do not drop those files by default - hip_fw_handler[NF_IP_FORWARD][TCP_PACKET] = hip_fw_handle_tcp_forward; + hip_fw_handler[NF_IP_FORWARD][TCP_PACKET] = hip_fw_handle_tcp_forward; HIP_DEBUG("Enabling forwarding for IPv4 and IPv6\n"); system_print("echo 1 >/proc/sys/net/ipv4/conf/all/forwarding"); @@ -1501,9 +1499,9 @@ { int ip_hdr_len, err = 0; // length of packet starting at udp header - uint16_t udp_len = 0; - struct udphdr *udphdr = NULL; - int udp_encap_zero_bytes = 0; + uint16_t udp_len = 0; + struct udphdr *udphdr = NULL; + int udp_encap_zero_bytes = 0; // default assumption ctx->packet_type = OTHER_PACKET; @@ -1532,9 +1530,9 @@ /* ip_hl is given in multiple of 4 bytes * * NOTE: not sizeof(struct ip) as we might have options */ - ip_hdr_len = (iphdr->ip_hl * 4); + ip_hdr_len = (iphdr->ip_hl * 4); // needed for opportunistic TCP - ctx->ip_hdr_len = ip_hdr_len; + ctx->ip_hdr_len = ip_hdr_len; HIP_DEBUG("ip_hdr_len is: %d\n", ip_hdr_len); HIP_DEBUG("total length: %u\n", ntohs(iphdr->ip_len)); HIP_DEBUG("ttl: %u\n", iphdr->ip_ttl); @@ -1556,7 +1554,7 @@ ctx->packet_type = HIP_PACKET; ctx->transport_hdr.hip = (struct hip_common *) - (((char *) iphdr) + ip_hdr_len); + (((char *) iphdr) + ip_hdr_len); goto end_init; } else if (iphdr->ip_p == IPPROTO_ESP) { @@ -1565,7 +1563,7 @@ ctx->packet_type = ESP_PACKET; ctx->transport_hdr.esp = (struct hip_esp *) - (((char *) iphdr) + ip_hdr_len); + (((char *) iphdr) + ip_hdr_len); goto end_init; } else if (iphdr->ip_p == IPPROTO_TCP) { @@ -1573,7 +1571,7 @@ HIP_DEBUG("plain TCP packet\n"); ctx->packet_type = TCP_PACKET; - ctx->transport_hdr.tcp = (struct tcphdr*) + ctx->transport_hdr.tcp = (struct tcphdr *) (((char *) iphdr) + ip_hdr_len); HIP_DEBUG("src port: %u\n", ntohs(ctx->transport_hdr.tcp->source)); @@ -1588,9 +1586,9 @@ } // need UDP header to look for encapsulated ESP - udp_len = ntohs(iphdr->ip_len); - udphdr = ((struct udphdr *) - (((char *) iphdr) + ip_hdr_len)); + udp_len = ntohs(iphdr->ip_len); + udphdr = ((struct udphdr *) + (((char *) iphdr) + ip_hdr_len)); // add UDP header to context ctx->udp_encap_hdr = udphdr; @@ -1600,9 +1598,9 @@ ctx->ip_hdr.ipv6 = ip6_hdr; // Ipv6 has fixed header length - ip_hdr_len = sizeof(struct ip6_hdr); + ip_hdr_len = sizeof(struct ip6_hdr); // needed for opportunistic TCP - ctx->ip_hdr_len = ip_hdr_len; + ctx->ip_hdr_len = ip_hdr_len; HIP_DEBUG("ip_hdr_len is: %d\n", ip_hdr_len); HIP_DEBUG("payload length: %u\n", ntohs(ip6_hdr->ip6_plen)); HIP_DEBUG("ttl: %u\n", ip6_hdr->ip6_hlim); @@ -1625,7 +1623,7 @@ ctx->packet_type = HIP_PACKET; ctx->transport_hdr.hip = (struct hip_common *) - (((char *) ip6_hdr) + sizeof(struct ip6_hdr)); + (((char *) ip6_hdr) + sizeof(struct ip6_hdr)); goto end_init; } else if (ip6_hdr->ip6_nxt == IPPROTO_ESP) { @@ -1634,7 +1632,7 @@ ctx->packet_type = ESP_PACKET; ctx->transport_hdr.esp = (struct hip_esp *) - (((char *) ip6_hdr) + sizeof(struct ip6_hdr)); + (((char *) ip6_hdr) + sizeof(struct ip6_hdr)); goto end_init; } else if (ip6_hdr->ip6_nxt == IPPROTO_TCP) { @@ -1642,7 +1640,7 @@ HIP_DEBUG("plain TCP packet\n"); ctx->packet_type = TCP_PACKET; - ctx->transport_hdr.tcp = (struct tcphdr*) + ctx->transport_hdr.tcp = (struct tcphdr *) (((char *) ip6_hdr) + sizeof(struct ip6_hdr)); HIP_DEBUG("src port: %u\n", ntohs(ctx->transport_hdr.tcp->source)); @@ -1664,9 +1662,9 @@ * * NOTE: the length will include optional extension headers * -> handle this */ - udp_len = ntohs(ip6_hdr->ip6_plen); - udphdr = ((struct udphdr *) - (((char *) ip6_hdr) + ip_hdr_len)); + udp_len = ntohs(ip6_hdr->ip6_plen); + udphdr = ((struct udphdr *) + (((char *) ip6_hdr) + ip_hdr_len)); // add udp header to context ctx->udp_encap_hdr = udphdr; @@ -1685,7 +1683,6 @@ if (ctx->ip_version == 4) { // we might have only received a UDP packet with headers only if (udp_len >= sizeof(struct ip) + sizeof(struct udphdr) + HIP_UDP_ZERO_BYTES_LEN) { - uint32_t *zero_bytes = NULL; // we can distinguish UDP encapsulated control and data traffic with 32 zero bits @@ -1718,16 +1715,16 @@ /* check if zero byte hint is correct and we are processing a * HIP control message */ if (!hip_check_network_msg((struct hip_common *) (((char *) udphdr) - + sizeof(struct udphdr) - + HIP_UDP_ZERO_BYTES_LEN))) { + + sizeof(struct udphdr) + + HIP_UDP_ZERO_BYTES_LEN))) { // we found an UDP encapsulated HIP control packet HIP_DEBUG("UDP encapsulated HIP control packet\n"); // add to context ctx->packet_type = HIP_PACKET; ctx->transport_hdr.hip = (struct hip_common *) (((char *) udphdr) - + sizeof(struct udphdr) - + HIP_UDP_ZERO_BYTES_LEN); + + sizeof(struct udphdr) + + HIP_UDP_ZERO_BYTES_LEN); goto end_init; } @@ -1935,21 +1932,21 @@ */ int main(int argc, char **argv) { - int err = 0, highest_descriptor, i; - int n, len; - struct ipq_handle *h4 = NULL, *h6 = NULL; - int ch; - char *rule_file = NULL; - int errflg = 0, killold = 0; - struct hip_common *msg = NULL; + int err = 0, highest_descriptor, i; + int n, len; + struct ipq_handle *h4 = NULL, *h6 = NULL; + int ch; + char *rule_file = NULL; + int errflg = 0, killold = 0; + struct hip_common *msg = NULL; struct sockaddr_in6 sock_addr; - socklen_t alen; - fd_set read_fdset; - struct timeval timeout; - unsigned char buf[HIP_MAX_PACKET]; - hip_fw_context_t ctx; - int limit_capabilities = 0; - int is_root = 0, access_ok = 0, msg_type = 0; //variables for accepting user messages only from hipd + socklen_t alen; + fd_set read_fdset; + struct timeval timeout; + unsigned char buf[HIP_MAX_PACKET]; + hip_fw_context_t ctx; + int limit_capabilities = 0; + int is_root = 0, access_ok = 0, msg_type = 0; //variables for accepting user messages only from hipd /* Make sure that root path is set up correcly (e.g. on Fedora 9). * Otherwise may get warnings from system_print() commands. @@ -2005,13 +2002,13 @@ break; case 'e': hip_userspace_ipsec = 1; - hip_esp_protection = 1; + hip_esp_protection = 1; break; case 'f': rule_file = optarg; break; case 'F': - filter_traffic = 0; + filter_traffic = 0; restore_filter_traffic = filter_traffic; break; case 'h': @@ -2022,11 +2019,11 @@ accept_normal_traffic_by_default = 0; break; case 'i': - hip_userspace_ipsec = 1; + hip_userspace_ipsec = 1; hip_kernel_ipsec_fallback = 0; break; case 'I': - hip_userspace_ipsec = 1; + hip_userspace_ipsec = 1; hip_kernel_ipsec_fallback = 1; break; case 'k': @@ -2038,7 +2035,7 @@ case 'm': #ifdef CONFIG_HIP_MIDAUTH filter_traffic = 1; - use_midauth = 1; + use_midauth = 1; break; #endif case 'o': @@ -2086,11 +2083,11 @@ HIP_IFEL((hip_fw_sock < 0), 1, "Could not create socket for firewall.\n"); memset(&sock_addr, 0, sizeof(sock_addr)); sock_addr.sin6_family = AF_INET6; - sock_addr.sin6_port = htons(HIP_FIREWALL_SYNC_PORT); - sock_addr.sin6_addr = in6addr_loopback; + sock_addr.sin6_port = htons(HIP_FIREWALL_SYNC_PORT); + sock_addr.sin6_addr = in6addr_loopback; - for (i=0; i<2; i++) { - err = bind(hip_fw_sock, (struct sockaddr *)& sock_addr, + for (i = 0; i < 2; i++) { + err = bind(hip_fw_sock, (struct sockaddr *) &sock_addr, sizeof(sock_addr)); if (err == 0) { break; @@ -2107,9 +2104,9 @@ HIP_IFEL((hip_fw_async_sock < 0), 1, "Could not create socket for firewall.\n"); memset(&sock_addr, 0, sizeof(sock_addr)); sock_addr.sin6_family = AF_INET6; - sock_addr.sin6_port = htons(HIP_FIREWALL_PORT); - sock_addr.sin6_addr = in6addr_loopback; - HIP_IFEL(bind(hip_fw_async_sock, (struct sockaddr *)& sock_addr, sizeof(sock_addr)), -1, + sock_addr.sin6_port = htons(HIP_FIREWALL_PORT); + sock_addr.sin6_addr = in6addr_loopback; + HIP_IFEL(bind(hip_fw_async_sock, (struct sockaddr *) &sock_addr, sizeof(sock_addr)), -1, "Bind on firewall socket addr failed. Give -k option to kill old hipfw\n"); HIP_IFEL(hip_daemon_connect(hip_fw_async_sock), -1, "connecting socket failed\n"); @@ -2179,7 +2176,7 @@ FD_SET(h4->fd, &read_fdset); FD_SET(h6->fd, &read_fdset); - timeout.tv_sec = HIP_SELECT_TIMEOUT; + timeout.tv_sec = HIP_SELECT_TIMEOUT; timeout.tv_usec = 0; // get handle with queued packet and process @@ -2242,8 +2239,8 @@ HIP_DEBUG("Receiving message type %d (%d bytes)\n", hip_get_msg_type(msg), len); - n = recvfrom(hip_fw_async_sock, msg, len, 0, - (struct sockaddr *) &sock_addr, &alen); + n = recvfrom(hip_fw_async_sock, msg, len, 0, + (struct sockaddr *) &sock_addr, &alen); if (n < 0) { HIP_ERROR("Error receiving message parameters from daemon.\n"); === modified file 'firewall/firewall_control.c' --- firewall/firewall_control.c 2010-11-30 14:50:30 +0000 +++ firewall/firewall_control.c 2011-01-03 16:06:13 +0000 @@ -60,20 +60,20 @@ */ static int hip_handle_bex_state_update(struct hip_common *msg) { - const struct in6_addr *src_hit = NULL, *dst_hit = NULL; - const struct hip_tlv_common *param = NULL; - int err = 0, msg_type = 0; + const struct in6_addr *src_hit = NULL, *dst_hit = NULL; + const struct hip_tlv_common *param = NULL; + int err = 0, msg_type = 0; msg_type = hip_get_msg_type(msg); /* src_hit */ - param = hip_get_param(msg, HIP_PARAM_HIT); - src_hit = hip_get_param_contents_direct(param); + param = hip_get_param(msg, HIP_PARAM_HIT); + src_hit = hip_get_param_contents_direct(param); HIP_DEBUG_HIT("Source HIT: ", src_hit); /* dst_hit */ - param = hip_get_next_param(msg, param); - dst_hit = hip_get_param_contents_direct(param); + param = hip_get_next_param(msg, param); + dst_hit = hip_get_param_contents_direct(param); HIP_DEBUG_HIT("Destination HIT: ", dst_hit); /* update bex_state in firewalldb */ @@ -100,7 +100,7 @@ */ int hip_handle_msg(struct hip_common *msg) { - int type, err = 0; + int type, err = 0; struct hip_common *msg_out = NULL; HIP_DEBUG("Handling message from hipd\n"); === modified file 'firewall/firewall_defines.h' --- firewall/firewall_defines.h 2010-12-13 19:09:27 +0000 +++ firewall/firewall_defines.h 2011-01-03 16:06:13 +0000 @@ -48,9 +48,9 @@ ipq_packet_msg_t *ipq_packet; // IP layer information - int ip_version; /* 4, 6 */ - int ip_hdr_len; - struct in6_addr src, dst; + int ip_version; /* 4, 6 */ + int ip_hdr_len; + struct in6_addr src, dst; union { struct ip6_hdr *ipv6; struct ip *ipv4; @@ -65,45 +65,45 @@ } transport_hdr; struct udphdr *udp_encap_hdr; - int modified; + int modified; } hip_fw_context_t; /********** State table structures **************/ struct esp_address { - struct in6_addr dst_addr; - uint32_t *update_id; // null or pointer to the update id from the packet + struct in6_addr dst_addr; + uint32_t *update_id; // null or pointer to the update id from the packet // that announced this address. // when ack with the update id is seen all esp_addresses with // null update_id can be removed. }; struct esp_tuple { - uint32_t spi; - uint32_t new_spi; - uint32_t spi_update_id; - struct slist *dst_addr_list; - struct tuple *tuple; + uint32_t spi; + uint32_t new_spi; + uint32_t spi_update_id; + struct slist *dst_addr_list; + struct tuple *tuple; /* tracking of the ESP SEQ number */ - uint32_t seq_no; + uint32_t seq_no; /* members needed for ESP protection extension */ - uint8_t esp_prot_tfm; - uint32_t hash_item_length; - uint32_t hash_tree_depth; - long num_hchains; - unsigned char active_anchors[MAX_NUM_PARALLEL_HCHAINS][MAX_HASH_LENGTH]; + uint8_t esp_prot_tfm; + uint32_t hash_item_length; + uint32_t hash_tree_depth; + long num_hchains; + unsigned char active_anchors[MAX_NUM_PARALLEL_HCHAINS][MAX_HASH_LENGTH]; // need for verification of anchor updates - unsigned char first_active_anchors[MAX_NUM_PARALLEL_HCHAINS][MAX_HASH_LENGTH]; - unsigned char next_anchors[MAX_NUM_PARALLEL_HCHAINS][MAX_HASH_LENGTH]; - int active_root_length; - unsigned char *active_roots[MAX_NUM_PARALLEL_HCHAINS]; - int next_root_length[MAX_NUM_PARALLEL_HCHAINS]; - unsigned char *next_roots[MAX_NUM_PARALLEL_HCHAINS]; + unsigned char first_active_anchors[MAX_NUM_PARALLEL_HCHAINS][MAX_HASH_LENGTH]; + unsigned char next_anchors[MAX_NUM_PARALLEL_HCHAINS][MAX_HASH_LENGTH]; + int active_root_length; + unsigned char *active_roots[MAX_NUM_PARALLEL_HCHAINS]; + int next_root_length[MAX_NUM_PARALLEL_HCHAINS]; + unsigned char *next_roots[MAX_NUM_PARALLEL_HCHAINS]; /** List temporarily storing anchor elements until the consecutive update * msg reveals that all on-path devices know the new anchor. */ - hip_ll_t anchor_cache; + hip_ll_t anchor_cache; /** buffer storing hashes of previous packets for cumulative authentication */ - esp_cumulative_item_t hash_buffer[MAX_RING_BUFFER_SIZE]; + esp_cumulative_item_t hash_buffer[MAX_RING_BUFFER_SIZE]; }; struct hip_data { @@ -130,9 +130,9 @@ struct connection *connection; int state; uint32_t lupdate_seq; - int esp_relay; - struct in6_addr esp_relay_daddr; - in_port_t esp_relay_dport; + int esp_relay; + struct in6_addr esp_relay_daddr; + in_port_t esp_relay_dport; }; struct connection { @@ -142,10 +142,10 @@ int state; struct timeval time_stamp; /* members needed for ESP protection extension */ - int num_esp_prot_tfms; - uint8_t esp_prot_tfms[MAX_NUM_TRANSFORMS]; + int num_esp_prot_tfms; + uint8_t esp_prot_tfms[MAX_NUM_TRANSFORMS]; #ifdef CONFIG_HIP_MIDAUTH - int pisa_state; + int pisa_state; #endif }; === modified file 'firewall/helpers.c' --- firewall/helpers.c 2010-12-13 21:15:07 +0000 +++ firewall/helpers.c 2011-01-03 16:06:13 +0000 @@ -71,7 +71,7 @@ struct in6_addr *numeric_to_addr(const char *num) { static struct in6_addr ap; - int err; + int err; if ((err = inet_pton(AF_INET6, num, &ap)) == 1) { return ≈ } === modified file 'firewall/line_parser.c' --- firewall/line_parser.c 2010-11-30 14:40:39 +0000 +++ firewall/line_parser.c 2011-01-03 16:06:13 +0000 @@ -110,8 +110,8 @@ return NULL; } - remaining = lp->ma->end - lp->cur; - lp->cur = memchr(lp->cur, '\n', remaining); + remaining = lp->ma->end - lp->cur; + lp->cur = memchr(lp->cur, '\n', remaining); // given the rest of the parsing code, we should always find a \n, but // let's check to be sure === modified file 'firewall/lsi.c' --- firewall/lsi.c 2010-11-30 14:50:30 +0000 +++ firewall/lsi.c 2011-01-03 16:06:13 +0000 @@ -84,7 +84,7 @@ * @param src_ip an optional source IP address for the I1 * @param dst_ip a destination IP for the I1 * @return zero on success or negative on error - + * * @note Many of the parameters are optional, but at least a * destination LSI, HIT or IP (for opportunistic BEX) must to be * provided @@ -97,7 +97,7 @@ const struct in6_addr *dst_ip) { struct hip_common *msg = NULL; - int err = 0; + int err = 0; HIP_IFE(!(msg = hip_msg_alloc()), -1); HIP_IFEL(!dst_hit && !dst_ip && !dst_lsi, -1, "no destination hit, ip or lsi provided\n"); @@ -181,7 +181,7 @@ int hip_is_packet_lsi_reinjection(hip_lsi_t *lsi) { hip_lsi_t *local_lsi; - int err = 0; + int err = 0; HIP_IFEL(!(local_lsi = hip_fw_get_default_lsi()), -1, "Failed to get default LSI"); if (local_lsi->s_addr == lsi->s_addr) { @@ -212,13 +212,13 @@ const int ipOrigTraffic, const int incoming) { - int err = 0; - int ip_hdr_size = 0; - int packet_length = 0; - int protocol = 0; - int ttl = 0; - uint8_t *msg = NULL; - struct icmphdr *icmp = NULL; + int err = 0; + int ip_hdr_size = 0; + int packet_length = 0; + int protocol = 0; + int ttl = 0; + uint8_t *msg = NULL; + struct icmphdr *icmp = NULL; if (ipOrigTraffic == 4) { const struct ip *iphdr = (const struct ip *) m->payload; @@ -238,7 +238,7 @@ HIP_DEBUG_IN6ADDR("New packet dst address: ", dst_hit); } - if ((int)m->data_len <= (BUFSIZE - ip_hdr_size)) { + if ((int) m->data_len <= (BUFSIZE - ip_hdr_size)) { packet_length = m->data_len - ip_hdr_size; HIP_DEBUG("packet size smaller than buffer size\n"); } else { @@ -308,16 +308,16 @@ const struct in6_addr *ip_dst, const int lsi_support) { - int err = 0; - int verdict = 1; - int ip_hdr_size = 0; - int portDest = 0; - fw_cache_hl_t *entry = NULL; - enum hip_port_binding port_binding = HIP_PORT_INFO_UNKNOWN; - const struct ip6_hdr *ip6_hdr = NULL; - struct in6_addr src_addr, dst_addr; + int err = 0; + int verdict = 1; + int ip_hdr_size = 0; + int portDest = 0; + fw_cache_hl_t *entry = NULL; + enum hip_port_binding port_binding = HIP_PORT_INFO_UNKNOWN; + const struct ip6_hdr *ip6_hdr = NULL; + struct in6_addr src_addr, dst_addr; - ip6_hdr = (const struct ip6_hdr *) m->payload; + ip6_hdr = (const struct ip6_hdr *) m->payload; ip_hdr_size = sizeof(struct ip6_hdr); switch (ip6_hdr->ip6_nxt) { @@ -398,7 +398,7 @@ int hip_fw_handle_outgoing_lsi(ipq_packet_msg_t *m, struct in_addr *lsi_src, struct in_addr *lsi_dst) { - int err = 0; + int err = 0; fw_cache_hl_t *entry_peer = NULL; if (lsi_dst) { === modified file 'firewall/midauth.c' --- firewall/midauth.c 2010-10-15 15:29:14 +0000 +++ firewall/midauth.c 2011-01-03 16:06:13 +0000 @@ -71,7 +71,7 @@ static void update_ipv4_header(struct iphdr *ip, int len) { unsigned short *w = (unsigned short *) ip; - int hdrlen, checksum = 0; + int hdrlen, checksum = 0; ip->tot_len = htons(len); ip->check = 0; @@ -113,16 +113,16 @@ */ static void update_udp_header(struct iphdr *ip, int len) { - unsigned long sum; - uint16_t *w = (uint16_t *) ((unsigned char *) ip + (ip->ihl * 4)); - uint16_t protocol = ntohs(IPPROTO_UDP); - int i; + unsigned long sum; + uint16_t *w = (uint16_t *) ((unsigned char *) ip + (ip->ihl * 4)); + uint16_t protocol = ntohs(IPPROTO_UDP); + int i; struct udphdr *udp = (struct udphdr *) w; len -= ip->ihl * 4; udp->check = 0; - udp->len = htons(len); + udp->len = htons(len); /* UDP header and data */ sum = 0; @@ -133,11 +133,11 @@ if (len == 1) { unsigned short padding = 0; *(unsigned char *) (&padding) = *(unsigned char *) w; - sum += padding; + sum += padding; } /* add UDP pseudoheader */ - w = (uint16_t *) &ip->saddr; + w = (uint16_t *) &ip->saddr; for (i = 0; i < 4; w++, i++) { sum += *w; } @@ -171,9 +171,9 @@ memcpy(&dst.sin_addr, &ip->daddr, sizeof(uint32_t)); hip_zero_msg_checksum(msg); - msg->checksum = hip_checksum_packet((char *) msg, - (struct sockaddr *) &src, - (struct sockaddr *) &dst); + msg->checksum = hip_checksum_packet((char *) msg, + (struct sockaddr *) &src, + (struct sockaddr *) &dst); } /** @@ -184,8 +184,8 @@ static void update_hip_checksum_ipv6(struct ip6_hdr *ip) { struct sockaddr_in6 src, dst; - struct hip_common *msg = (struct hip_common *) ((char *) ip + - sizeof(struct ip6_hdr)); + struct hip_common *msg = (struct hip_common *) ((char *) ip + + sizeof(struct ip6_hdr)); memset(&src, 0, sizeof(src)); memset(&dst, 0, sizeof(dst)); @@ -197,9 +197,9 @@ memcpy(&dst.sin6_addr, &ip->ip6_dst, sizeof(struct in6_addr)); hip_zero_msg_checksum(msg); - msg->checksum = hip_checksum_packet((char *) msg, - (struct sockaddr *) &src, - (struct sockaddr *) &dst); + msg->checksum = hip_checksum_packet((char *) msg, + (struct sockaddr *) &src, + (struct sockaddr *) &dst); } /** @@ -210,9 +210,9 @@ */ static void midauth_update_all_headers(hip_fw_context_t *ctx) { - struct iphdr *ipv4 = NULL; + struct iphdr *ipv4 = NULL; struct ip6_hdr *ipv6 = NULL; - size_t len = 0; + size_t len = 0; len = hip_get_msg_total_len(ctx->transport_hdr.hip); @@ -253,9 +253,9 @@ int midauth_verify_challenge_response(struct hip_common *hip, struct hip_challenge_response *s) { - int err = 0; + int err = 0; struct hip_solution solution; - uint8_t digist[HIP_AH_SHA_LEN]; + uint8_t digist[HIP_AH_SHA_LEN]; HIP_IFEL(hip_build_digest(HIP_DIGEST_SHA1, s->opaque, 24, digist) < 0, -1, "Building of SHA1 Random seed I failed\n"); @@ -282,10 +282,10 @@ */ static int midauth_relocate_last_hip_parameter(struct hip_common *hip) { - int err = 0, len, total_len, offset; - char buffer[HIP_MAX_PACKET], *ptr = (char *) hip; + int err = 0, len, total_len, offset; + char buffer[HIP_MAX_PACKET], *ptr = (char *) hip; struct hip_tlv_common *i = NULL, *last = NULL; - hip_tlv_type_t type; + hip_tlv_type_t type; while ((i = hip_get_next_param_readwrite(hip, i))) { last = i; @@ -297,7 +297,7 @@ len = hip_get_param_total_len(last); type = hip_get_param_type(last); - HIP_IFEL(len > (int)sizeof(buffer), -1, + HIP_IFEL(len > (int) sizeof(buffer), -1, "Last parameter's length exceeds HIP_MAX_PACKET\n"); /* @todo check for signature parameter to avoid broken packets */ @@ -337,7 +337,7 @@ uint8_t opaque_len) { struct hip_common *hip = ctx->transport_hdr.hip; - int err = 0; + int err = 0; ctx->modified = 1; @@ -398,7 +398,7 @@ */ int midauth_filter_hip(hip_fw_context_t *ctx) { - int verdict = NF_ACCEPT; + int verdict = NF_ACCEPT; midauth_handler h = NULL; midauth_handler h_default = midauth_handler_accept; /* @todo change this default value to midauth_handler_drop to === modified file 'firewall/pisa.c' --- firewall/pisa.c 2010-12-13 21:24:26 +0000 +++ firewall/pisa.c 2011-01-03 16:06:13 +0000 @@ -71,7 +71,7 @@ * call */ #define PISA_RANDOM_TTL 2.0 -static char pisa_random_data[2][PISA_RANDOM_LEN]; +static char pisa_random_data[2][PISA_RANDOM_LEN]; static struct in6_addr community_operator_hit; /* @todo make this configurable, issuer HIT */ @@ -127,7 +127,7 @@ void pisa_check_for_random_update(void) { static time_t lastupdate = 0; - time_t now; + time_t now; time(&now); if (difftime(now, lastupdate) > PISA_RANDOM_TTL) { @@ -149,8 +149,8 @@ static int pisa_append_hmac(struct in6_addr *hit1, struct in6_addr *hit2, int rnd, void *data, int data_len) { - uint8_t key[32 + PISA_RANDOM_LEN]; - int err = 0; + uint8_t key[32 + PISA_RANDOM_LEN]; + int err = 0; unsigned int len = HIP_AH_SHA_LEN; /* sanity checks for arguments */ @@ -187,8 +187,8 @@ { uint8_t opaque[PISA_PUZZLE_OPAQUE_LEN]; - struct hip_common *hip = ctx->transport_hdr.hip; - int seed = PISA_PUZZLE_SEED; + struct hip_common *hip = ctx->transport_hdr.hip; + int seed = PISA_PUZZLE_SEED; memcpy(&opaque, &seed, 4); @@ -206,12 +206,12 @@ * @return pointer to the puzzle we accepted or NULL at failure */ static struct hip_challenge_response *pisa_check_challenge_response( - hip_fw_context_t *ctx) + hip_fw_context_t *ctx) { struct hip_challenge_response *response; - struct hip_common *hip = ctx->transport_hdr.hip; - uint8_t hash[2][PISA_PUZZLE_OPAQUE_LEN]; - int seed = PISA_PUZZLE_SEED; + struct hip_common *hip = ctx->transport_hdr.hip; + uint8_t hash[2][PISA_PUZZLE_OPAQUE_LEN]; + int seed = PISA_PUZZLE_SEED; memcpy(&hash[0][0], &seed, 4); memcpy(&hash[1][0], &seed, 4); @@ -235,7 +235,7 @@ response = (struct hip_challenge_response *) hip_get_next_param_readwrite(hip, - (struct hip_tlv_common *) response); + (struct hip_tlv_common *) response); } return NULL; @@ -249,19 +249,19 @@ */ static int pisa_check_certificate(hip_fw_context_t *ctx) { - struct hip_common *hip = ctx->transport_hdr.hip; - const struct hip_cert *cert; + struct hip_common *hip = ctx->transport_hdr.hip; + const struct hip_cert *cert; struct hip_cert_spki_info ci; - struct pisa_cert pc; - char *buf = NULL; - int err = 0, len; - time_t now = time(NULL); + struct pisa_cert pc; + char *buf = NULL; + int err = 0, len; + time_t now = time(NULL); cert = hip_get_param(hip, HIP_PARAM_CERT); HIP_IFEL(cert == NULL, -1, "No certificate found.\n"); - len = ntohs(cert->length); - buf = malloc(len); + len = ntohs(cert->length); + buf = malloc(len); memset(buf, 0, len + 1); memcpy(buf, cert + 1, len); @@ -308,7 +308,7 @@ static void pisa_accept_connection(const hip_fw_context_t *ctx) { struct hip_common *hip = ctx->transport_hdr.hip; - struct tuple *t = get_tuple_by_hits(&hip->hits, &hip->hitr); + struct tuple *t = get_tuple_by_hits(&hip->hits, &hip->hitr); if (t) { t->connection->pisa_state = PISA_STATE_ALLOW; @@ -327,7 +327,7 @@ static void pisa_remove_connection(const hip_fw_context_t *ctx) { struct hip_common *hip = ctx->transport_hdr.hip; - struct tuple *t = get_tuple_by_hits(&hip->hits, &hip->hitr); + struct tuple *t = get_tuple_by_hits(&hip->hits, &hip->hitr); if (t) { t->connection->pisa_state = PISA_STATE_DISALLOW; @@ -423,7 +423,7 @@ */ static int pisa_handler_r2(hip_fw_context_t *ctx) { - int verdict = NF_DROP, sig = 0, cert = 0; + int verdict = NF_DROP, sig = 0, cert = 0; struct hip_challenge_response *solution = NULL; #ifdef CONFIG_HIP_PERFORMANCE @@ -478,9 +478,9 @@ */ static int pisa_handler_u2(hip_fw_context_t *ctx) { - int verdict = NF_DROP; - int sig = 0; - int cert = 0; + int verdict = NF_DROP; + int sig = 0; + int cert = 0; struct hip_challenge_response *solution = NULL; solution = pisa_check_challenge_response(ctx); @@ -508,8 +508,8 @@ */ static int pisa_handler_u3(hip_fw_context_t *ctx) { - int verdict = NF_DROP; - int sig = 0; + int verdict = NF_DROP; + int sig = 0; struct hip_challenge_response *solution = NULL; solution = pisa_check_challenge_response(ctx); @@ -539,6 +539,7 @@ pisa_remove_connection(ctx); return NF_ACCEPT; } + /** * Initialize basic PISA functionality * === modified file 'firewall/pisa_cert.c' --- firewall/pisa_cert.c 2010-10-15 15:29:14 +0000 +++ firewall/pisa_cert.c 2011-01-03 16:06:13 +0000 @@ -54,8 +54,8 @@ */ static char *pisa_cert_get_part(char *cert, const char *name, char *r) { - int level = 0, len = 0; - char *p = cert, *start = NULL; + int level = 0, len = 0; + char *p = cert, *start = NULL; if (!r) { return NULL; @@ -137,7 +137,7 @@ static void pisa_cert_get_content(char *cert, const char *name, char *r) { char *start = cert; - int len = 0; + int len = 0; if (!r) { return; @@ -180,8 +180,8 @@ */ void pisa_split_cert(char *cert, struct pisa_cert *pc) { - struct tm t; - char buffer1[224], buffer2[224]; + struct tm t; + char buffer1[224], buffer2[224]; struct in6_addr addr; pisa_cert_get_part(cert, "not-before", buffer1); === modified file 'firewall/port_bindings.c' --- firewall/port_bindings.c 2010-11-29 08:58:13 +0000 +++ firewall/port_bindings.c 2011-01-03 16:06:13 +0000 @@ -75,10 +75,10 @@ */ static uint8_t *cache = NULL; -static const unsigned int CACHE_SIZE_PROTOS = 2; -static const unsigned int CACHE_SIZE_PORTS = 1 << (sizeof(in_port_t) * 8); -static unsigned int cache_size_entries = 0; -static unsigned int cache_size_bytes = 0; +static const unsigned int CACHE_SIZE_PROTOS = 2; +static const unsigned int CACHE_SIZE_PORTS = 1 << (sizeof(in_port_t) * 8); +static unsigned int cache_size_entries = 0; +static unsigned int cache_size_bytes = 0; /** * Allocate and initializes the cache resources. @@ -93,17 +93,17 @@ { HIP_ASSERT(!cache); - cache_size_entries = CACHE_SIZE_PROTOS * CACHE_SIZE_PORTS; - cache_size_bytes = cache_size_entries * sizeof(*cache); + cache_size_entries = CACHE_SIZE_PROTOS * CACHE_SIZE_PORTS; + cache_size_bytes = cache_size_entries * sizeof(*cache); // check that the conversion used in the cache from enum hip_port_binding // to uint8_t is consistent - HIP_ASSERT(HIP_PORT_INFO_IPV6UNBOUND == (enum hip_port_binding)(uint8_t)HIP_PORT_INFO_IPV6UNBOUND); - HIP_ASSERT(HIP_PORT_INFO_IPV6BOUND == (enum hip_port_binding)(uint8_t)HIP_PORT_INFO_IPV6BOUND); + HIP_ASSERT(HIP_PORT_INFO_IPV6UNBOUND == (enum hip_port_binding) (uint8_t) HIP_PORT_INFO_IPV6UNBOUND); + HIP_ASSERT(HIP_PORT_INFO_IPV6BOUND == (enum hip_port_binding) (uint8_t) HIP_PORT_INFO_IPV6BOUND); /* We zero the cache on allocation assuming that HIP_PORT_INFO_UNKNOWN - is 0 and thus the whole cache initially has that value. */ - HIP_ASSERT((uint8_t)HIP_PORT_INFO_UNKNOWN == 0); + * is 0 and thus the whole cache initially has that value. */ + HIP_ASSERT((uint8_t) HIP_PORT_INFO_UNKNOWN == 0); cache = calloc(1, cache_size_bytes); if (cache) { return 0; @@ -146,8 +146,8 @@ static inline unsigned int get_cache_index(const uint8_t protocol, const uint16_t port) { - unsigned int index = 0; - unsigned int protocol_offset = 0; + unsigned int index = 0; + unsigned int protocol_offset = 0; // determine the offset into the first (protocol) dimension if (IPPROTO_TCP == protocol) { @@ -190,7 +190,7 @@ const unsigned int index = get_cache_index(protocol, port); // convert the port binding to the cache storage type - const uint8_t value = (uint8_t)binding; + const uint8_t value = (uint8_t) binding; cache[index] = value; } @@ -225,7 +225,7 @@ if (cache) { const unsigned int index = get_cache_index(protocol, port); - binding = (enum hip_port_binding)cache[index]; + binding = (enum hip_port_binding) cache[index]; } return binding; @@ -244,11 +244,6 @@ } } - - - - - static struct hip_file_buffer tcp6_file; static struct hip_file_buffer udp6_file; @@ -321,11 +316,11 @@ static enum hip_port_binding hip_port_bindings_get_from_proc(const uint8_t protocol, const uint16_t port) { - const unsigned int PORT_STR_OFFSET = 39; - const unsigned int PORT_STR_LEN = 4; - enum hip_port_binding result = HIP_PORT_INFO_IPV6UNBOUND; - const struct hip_mem_area *ma = NULL; - char *line; + const unsigned int PORT_STR_OFFSET = 39; + const unsigned int PORT_STR_LEN = 4; + enum hip_port_binding result = HIP_PORT_INFO_IPV6UNBOUND; + const struct hip_mem_area *ma = NULL; + char *line; // the files /proc/net/{udp,tcp}6 are line-based and the line number of the // port to look up is not known in advance // -> use a parser that lets us iterate over the lines in the files @@ -353,11 +348,11 @@ // is the current line valid and is it long enough to hold a port binding? while (line && ma->end > (line + PORT_STR_OFFSET + PORT_STR_LEN)) { - const unsigned int PORT_BASE_HEX = 16; - unsigned long proc_port = 0; + const unsigned int PORT_BASE_HEX = 16; + unsigned long proc_port = 0; // note that strtoul() is about 10 times faster than sscanf(). - errno = 0; - proc_port = strtoul(line + PORT_STR_OFFSET, NULL, PORT_BASE_HEX); + errno = 0; + proc_port = strtoul(line + PORT_STR_OFFSET, NULL, PORT_BASE_HEX); if (0 == errno) { if (proc_port == port) { result = HIP_PORT_INFO_IPV6BOUND; === modified file 'firewall/reinject.c' --- firewall/reinject.c 2010-10-15 15:29:14 +0000 +++ firewall/reinject.c 2011-01-03 16:06:13 +0000 @@ -77,8 +77,8 @@ err = setsockopt(*firewall_raw_sock_v6, IPPROTO_IPV6, IPV6_RECVERR, &off, sizeof(on)); HIP_IFEL(err, -1, "setsockopt recverr failed\n"); - err = setsockopt(*firewall_raw_sock_v6, IPPROTO_IPV6, - IPV6_2292PKTINFO, &on, sizeof(on)); + err = setsockopt(*firewall_raw_sock_v6, IPPROTO_IPV6, + IPV6_2292PKTINFO, &on, sizeof(on)); HIP_IFEL(err, -1, "setsockopt pktinfo failiped\n"); err = setsockopt(*firewall_raw_sock_v6, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)); @@ -365,16 +365,16 @@ int proto, int ttl) { - int err = 0, sent, sa_size; - int firewall_raw_sock = 0, is_ipv6 = 0, on = 1; - struct ip *iphdr = NULL; - struct udphdr *udp = NULL; - struct tcphdr *tcp = NULL; - struct icmphdr *icmp = NULL; + int err = 0, sent, sa_size; + int firewall_raw_sock = 0, is_ipv6 = 0, on = 1; + struct ip *iphdr = NULL; + struct udphdr *udp = NULL; + struct tcphdr *tcp = NULL; + struct icmphdr *icmp = NULL; struct sockaddr_storage src, dst; - struct sockaddr_in6 *sock_src6 = NULL, *sock_dst6 = NULL; - struct sockaddr_in *sock_src4 = NULL, *sock_dst4 = NULL; - struct in6_addr any = IN6ADDR_ANY_INIT; + struct sockaddr_in6 *sock_src6 = NULL, *sock_dst6 = NULL; + struct sockaddr_in *sock_src4 = NULL, *sock_dst4 = NULL; + struct in6_addr any = IN6ADDR_ANY_INIT; HIP_ASSERT(src_hit != NULL && dst_hit != NULL); @@ -391,7 +391,7 @@ sock_dst4->sin_family = AF_INET; IPV6_TO_IPV4_MAP(src_hit, &(sock_src4->sin_addr)); IPV6_TO_IPV4_MAP(dst_hit, &(sock_dst4->sin_addr)); - sa_size = sizeof(struct sockaddr_in); + sa_size = sizeof(struct sockaddr_in); HIP_DEBUG_LSI("src4 addr ", &(sock_src4->sin_addr)); HIP_DEBUG_LSI("dst4 addr ", &(sock_dst4->sin_addr)); } else { @@ -399,8 +399,8 @@ ipv6_addr_copy(&sock_src6->sin6_addr, src_hit); sock_dst6->sin6_family = AF_INET6; ipv6_addr_copy(&sock_dst6->sin6_addr, dst_hit); - sa_size = sizeof(struct sockaddr_in6); - is_ipv6 = 1; + sa_size = sizeof(struct sockaddr_in6); + is_ipv6 = 1; } switch (proto) { @@ -409,21 +409,21 @@ HIP_DEBUG(" IPPROTO_UDP v6\n"); firewall_raw_sock = firewall_raw_sock_udp_v6; ((struct udphdr *) msg)->check = ipv6_checksum(IPPROTO_UDP, - &sock_src6->sin6_addr, - &sock_dst6->sin6_addr, msg, len); + &sock_src6->sin6_addr, + &sock_dst6->sin6_addr, msg, len); } else { HIP_DEBUG(" IPPROTO_UDP v4\n"); firewall_raw_sock = firewall_raw_sock_udp_v4; - udp = (struct udphdr *) msg; - - sa_size = sizeof(struct sockaddr_in); - - udp->check = htons(0); - udp->check = ipv4_checksum(IPPROTO_UDP, - (uint8_t *) &(sock_src4->sin_addr), - (uint8_t *) &(sock_dst4->sin_addr), - (uint8_t *) udp, len); + udp = (struct udphdr *) msg; + + sa_size = sizeof(struct sockaddr_in); + + udp->check = htons(0); + udp->check = ipv4_checksum(IPPROTO_UDP, + (uint8_t *) &(sock_src4->sin_addr), + (uint8_t *) &(sock_dst4->sin_addr), + (uint8_t *) udp, len); memmove((msg + sizeof(struct ip)), (uint8_t *) udp, len); } break; @@ -440,10 +440,10 @@ HIP_DEBUG(" IPPROTO_TCP v4\n"); firewall_raw_sock = firewall_raw_sock_tcp_v4; - tcp->check = ipv4_checksum(IPPROTO_TCP, - (uint8_t *) &(sock_src4->sin_addr), - (uint8_t *) &(sock_dst4->sin_addr), - (uint8_t *) tcp, len); + tcp->check = ipv4_checksum(IPPROTO_TCP, + (uint8_t *) &(sock_src4->sin_addr), + (uint8_t *) &(sock_dst4->sin_addr), + (uint8_t *) tcp, len); memmove((char *) (msg + sizeof(struct ip)), (uint8_t *) tcp, len); } @@ -486,7 +486,7 @@ sent = sendto(firewall_raw_sock, iphdr, iphdr->ip_len, 0, (struct sockaddr *) &dst, sa_size); - if (sent != (int)(len + sizeof(struct ip))) { + if (sent != (int) (len + sizeof(struct ip))) { HIP_ERROR("Could not send the all requested" \ " data (%d/%d)\n", sent, iphdr->ip_len); @@ -535,9 +535,9 @@ int firewall_raw_sock = 0, is_ipv6 = 0; struct sockaddr_storage src, dst; - struct sockaddr_in6 *sock_src6, *sock_dst6; - struct sockaddr_in *sock_src4, *sock_dst4; - struct in6_addr any = IN6ADDR_ANY_INIT; + struct sockaddr_in6 *sock_src6, *sock_dst6; + struct sockaddr_in *sock_src4, *sock_dst4; + struct in6_addr any = IN6ADDR_ANY_INIT; HIP_ASSERT(src_hit != NULL && dst_hit != NULL); @@ -554,7 +554,7 @@ IPV6_TO_IPV4_MAP(src_hit, &sock_src4->sin_addr); sock_dst4->sin_family = AF_INET; IPV6_TO_IPV4_MAP(dst_hit, &sock_dst4->sin_addr); - sa_size = sizeof(struct sockaddr_in); + sa_size = sizeof(struct sockaddr_in); HIP_DEBUG_LSI("src4 addr ", &(sock_src4->sin_addr)); HIP_DEBUG_LSI("dst4 addr ", &(sock_dst4->sin_addr)); } else { @@ -562,8 +562,8 @@ ipv6_addr_copy(&sock_src6->sin6_addr, src_hit); sock_dst6->sin6_family = AF_INET6; ipv6_addr_copy(&sock_dst6->sin6_addr, dst_hit); - sa_size = sizeof(struct sockaddr_in6); - is_ipv6 = 1; + sa_size = sizeof(struct sockaddr_in6); + is_ipv6 = 1; HIP_DEBUG_HIT("src6 addr ", &(sock_src6->sin6_addr)); HIP_DEBUG_HIT("dst6 addr ", &(sock_dst6->sin6_addr)); } @@ -574,13 +574,13 @@ if (is_ipv6) { firewall_raw_sock = firewall_raw_sock_tcp_v6; ((struct tcphdr *) msg)->check - = ipv6_checksum(IPPROTO_TCP, &sock_src6->sin6_addr, - &sock_dst6->sin6_addr, msg, len); + = ipv6_checksum(IPPROTO_TCP, &sock_src6->sin6_addr, + &sock_dst6->sin6_addr, msg, len); } else { firewall_raw_sock = firewall_raw_sock_tcp_v4; ((struct tcphdr *) msg)->check - = ipv4_checksum(IPPROTO_TCP, (uint8_t *) &(sock_src4->sin_addr), - (uint8_t *) &(sock_dst4->sin_addr), msg, len); + = ipv4_checksum(IPPROTO_TCP, (uint8_t *) &(sock_src4->sin_addr), + (uint8_t *) &(sock_dst4->sin_addr), msg, len); } break; case IPPROTO_UDP: @@ -592,13 +592,13 @@ if (is_ipv6) { firewall_raw_sock = firewall_raw_sock_udp_v6; ((struct udphdr *) msg)->check - = ipv6_checksum(IPPROTO_UDP, &sock_src6->sin6_addr, - &sock_dst6->sin6_addr, msg, len); + = ipv6_checksum(IPPROTO_UDP, &sock_src6->sin6_addr, + &sock_dst6->sin6_addr, msg, len); } else { firewall_raw_sock = firewall_raw_sock_udp_v4; ((struct udphdr *) msg)->check - = ipv4_checksum(IPPROTO_UDP, (uint8_t *) &(sock_src4->sin_addr), - (uint8_t *) &(sock_dst4->sin_addr), msg, len); + = ipv4_checksum(IPPROTO_UDP, (uint8_t *) &(sock_src4->sin_addr), + (uint8_t *) &(sock_dst4->sin_addr), msg, len); } break; case IPPROTO_ICMP: @@ -613,11 +613,11 @@ break; case IPPROTO_ICMPV6: - firewall_raw_sock = firewall_raw_sock_icmp_v6; + firewall_raw_sock = firewall_raw_sock_icmp_v6; ((struct icmp6_hdr *) msg)->icmp6_cksum = htons(0); ((struct icmp6_hdr *) msg)->icmp6_cksum - = ipv6_checksum(IPPROTO_ICMPV6, &sock_src6->sin6_addr, - &sock_dst6->sin6_addr, msg, len); + = ipv6_checksum(IPPROTO_ICMPV6, &sock_src6->sin6_addr, + &sock_dst6->sin6_addr, msg, len); break; case IPPROTO_ESP: === modified file 'firewall/rule_management.c' --- firewall/rule_management.c 2010-12-27 14:44:02 +0000 +++ firewall/rule_management.c 2011-01-03 16:06:13 +0000 @@ -126,9 +126,9 @@ static void check_and_write_default_config(const char *file) { struct stat status; - FILE *fp = NULL; - ssize_t items; - int i = 0; + FILE *fp = NULL; + ssize_t items; + int i = 0; /* Firewall depends on hipd to create HIPL_SYSCONFDIR */ for (i = 0; i < 5; i++) { @@ -268,8 +268,8 @@ */ void print_rule_tables(void) { - struct dlist *list = input_rules; - struct rule *rule = NULL; + struct dlist *list = input_rules; + struct rule *rule = NULL; while (list != NULL) { rule = list->data; print_rule(rule); @@ -358,7 +358,7 @@ static struct hit_option *parse_hit(char *token) { struct hit_option *option = malloc(sizeof(struct hit_option)); - struct in6_addr *hit = NULL; + struct in6_addr *hit = NULL; if (!strcmp(token, NEGATE_STR)) { option->boolean = 0; @@ -386,10 +386,10 @@ */ static struct hip_host_id *load_rsa_file(FILE *fp) { - struct hip_host_id *hi = NULL; - RSA *rsa = NULL; - unsigned char *rsa_key_rr = NULL; - int rsa_key_rr_len; + struct hip_host_id *hi = NULL; + RSA *rsa = NULL; + unsigned char *rsa_key_rr = NULL; + int rsa_key_rr_len; rsa = RSA_new(); rsa = PEM_read_RSA_PUBKEY(fp, &rsa, NULL, NULL); @@ -416,10 +416,10 @@ */ static struct hip_host_id *load_dsa_file(FILE *fp) { - struct hip_host_id *hi = NULL; - DSA *dsa = NULL; - unsigned char *dsa_key_rr = NULL; - int dsa_key_rr_len; + struct hip_host_id *hi = NULL; + DSA *dsa = NULL; + unsigned char *dsa_key_rr = NULL; + int dsa_key_rr_len; dsa = DSA_new(); dsa = PEM_read_DSA_PUBKEY(fp, &dsa, NULL, NULL); @@ -447,10 +447,10 @@ */ static struct hip_host_id *parse_hi(char *token, const struct in6_addr *hit) { - FILE *fp = NULL; - int algo; + FILE *fp = NULL; + int algo; struct hip_host_id *hi = NULL; - struct in6_addr temp_hit; + struct in6_addr temp_hit; HIP_DEBUG("parse_hi: hi file: %s\n", token); fp = fopen(token, "rb"); @@ -607,14 +607,14 @@ static struct rule *parse_rule(char *string) { struct rule *rule = NULL; - char *token; - int option_found = NO_OPTION; + char *token; + int option_found = NO_OPTION; token = strtok(string, " "); if (token == NULL) { return NULL; } - rule = alloc_empty_rule(); + rule = alloc_empty_rule(); /* rule needs to start with a hook */ if (!strcmp(token, INPUT_STR)) { rule->hook = NF_IP6_LOCAL_IN; @@ -643,7 +643,7 @@ return NULL; } option_found = SRC_HIT_OPTION; - } else if (!strcmp(token, DST_HIT_STR)) { + } else if (!strcmp(token, DST_HIT_STR)) { /* option already defined */ if (rule->dst_hit != NULL) { HIP_DEBUG("error parsing rule: dst_hit option \n"); @@ -651,7 +651,7 @@ return NULL; } option_found = DST_HIT_OPTION; - } else if (!strcmp(token, SRC_HI_STR)) { + } else if (!strcmp(token, SRC_HI_STR)) { /* option already defined */ if (rule->src_hit == NULL || /* no hit for hi */ !rule->src_hit->boolean || /* negated hit */ @@ -661,7 +661,7 @@ return NULL; } option_found = SRC_HI_OPTION; - } else if (!strcmp(token, TYPE_STR)) { + } else if (!strcmp(token, TYPE_STR)) { /* option already defined */ if (rule->type != NULL) { HIP_DEBUG("error parsing rule: type option \n"); @@ -669,7 +669,7 @@ return NULL; } option_found = TYPE_OPTION; - } else if (!strcmp(token, STATE_STR)) { + } else if (!strcmp(token, STATE_STR)) { /* option already defined */ if (rule->state != NULL) { HIP_DEBUG("error parsing rule: state option \n"); @@ -677,7 +677,7 @@ return NULL; } option_found = STATE_OPTION; - } else if (!strcmp(token, VERIFY_RESPONDER_STR)) { + } else if (!strcmp(token, VERIFY_RESPONDER_STR)) { /* related state option must be defined */ if (rule->state == NULL) { HIP_DEBUG("error parsing rule: %s without %s\n", @@ -686,7 +686,7 @@ return NULL; } rule->state->verify_responder = 1; - } else if (!strcmp(token, ACCEPT_MOBILE_STR)) { + } else if (!strcmp(token, ACCEPT_MOBILE_STR)) { /* related state option must be defined */ if (rule->state == NULL) { HIP_DEBUG("error parsing rule: %s without %s\n", @@ -695,7 +695,7 @@ return NULL; } rule->state->accept_mobile = 1; - } else if (!strcmp(token, DECRYPT_CONTENTS_STR)) { + } else if (!strcmp(token, DECRYPT_CONTENTS_STR)) { /* related state option must be defined */ if (rule->state == NULL) { HIP_DEBUG("error parsing rule: %s without %s\n", @@ -704,7 +704,7 @@ return NULL; } rule->state->decrypt_contents = 1; - } else if (!strcmp(token, IN_IF_STR)) { + } else if (!strcmp(token, IN_IF_STR)) { /* option already defined */ /* rule in output hook can't have incoming if */ if (rule->in_if != NULL || rule->hook == NF_IP6_LOCAL_OUT) { @@ -713,7 +713,7 @@ return NULL; } option_found = IN_IF_OPTION; - } else if (!strcmp(token, OUT_IF_STR)) { + } else if (!strcmp(token, OUT_IF_STR)) { /* option already defined */ /* rule in input hook can't have outcoming if */ if (rule->in_if != NULL || rule->hook == NF_IP6_LOCAL_IN) { @@ -722,7 +722,7 @@ return NULL; } option_found = OUT_IF_OPTION; - } else if (!strcmp(token, "ACCEPT")) { + } else if (!strcmp(token, "ACCEPT")) { /* target already defined */ if (rule->accept > -1) { HIP_DEBUG("error parsing rule: target \n"); @@ -731,7 +731,7 @@ } rule->accept = 1; break; - } else if (!strcmp(token, "DROP")) { + } else if (!strcmp(token, "DROP")) { /* target already defined */ if (rule->accept > -1) { HIP_DEBUG("error parsing rule: target \n"); @@ -756,7 +756,7 @@ return NULL; } option_found = NO_OPTION; - } else if (option_found == DST_HIT_OPTION) { + } else if (option_found == DST_HIT_OPTION) { rule->dst_hit = parse_hit(token); if (rule->dst_hit == NULL) { HIP_DEBUG("error parsing rule: dst_hit value \n"); @@ -773,7 +773,7 @@ return NULL; } option_found = NO_OPTION; - } else if (option_found == TYPE_OPTION) { + } else if (option_found == TYPE_OPTION) { rule->type = parse_type(token); if (rule->type == NULL) { HIP_DEBUG("error parsing rule: type value \n"); @@ -781,7 +781,7 @@ return NULL; } option_found = NO_OPTION; - } else if (option_found == STATE_OPTION) { + } else if (option_found == STATE_OPTION) { rule->state = parse_state(token); if (rule->state == NULL) { HIP_DEBUG("error parsing rule: state value \n"); @@ -789,7 +789,7 @@ return NULL; } option_found = NO_OPTION; - } else if (option_found == IN_IF_OPTION) { + } else if (option_found == IN_IF_OPTION) { rule->in_if = parse_if(token); if (rule->in_if == NULL) { HIP_DEBUG("error parsing rule: i value \n"); @@ -797,7 +797,7 @@ return NULL; } option_found = NO_OPTION; - } else if (option_found == OUT_IF_OPTION) { + } else if (option_found == OUT_IF_OPTION) { rule->out_if = parse_if(token); if (rule->out_if == NULL) { HIP_DEBUG("error parsing rule: o value \n"); @@ -868,9 +868,9 @@ char line[MAX_LINE_LENGTH]; while (fgets(line, sizeof(line), file)) { - char *p = NULL; - char *original_line = NULL; - struct rule *rule = NULL; + char *p = NULL; + char *original_line = NULL; + struct rule *rule = NULL; HIP_DEBUG("line read: %s\n", line); @@ -897,10 +897,10 @@ if (rule->hook == NF_IP6_LOCAL_IN) { input = append_to_list(input, rule); print_rule(input->data); - } else if (rule->hook == NF_IP6_LOCAL_OUT) { + } else if (rule->hook == NF_IP6_LOCAL_OUT) { output = append_to_list(output, rule); print_rule(output->data); - } else if (rule->hook == NF_IP6_FORWARD) { + } else if (rule->hook == NF_IP6_FORWARD) { forward = append_to_list(forward, rule); print_rule(forward->data); } === modified file 'firewall/rule_management.h' --- firewall/rule_management.h 2010-12-13 19:09:27 +0000 +++ firewall/rule_management.h 2011-01-03 16:06:13 +0000 @@ -44,7 +44,7 @@ struct hit_option { struct in6_addr value; //hit value - int boolean; //0 if negation, else 1 + int boolean; //0 if negation, else 1 }; struct int_option { @@ -54,16 +54,16 @@ struct state_option { struct int_option int_opt; - int verify_responder; /**< 1 if responder signatures are verified */ - int accept_mobile; /**< 1 if state can be established from updates signalling */ - int decrypt_contents; + int verify_responder; /**< 1 if responder signatures are verified */ + int accept_mobile; /**< 1 if state can be established from updates signalling */ + int decrypt_contents; }; // can be turned to more generic string option if necessary // struct string_option { char *value; - int boolean; + int boolean; }; // Pointer values must be NULL if option is not specified. @@ -71,15 +71,15 @@ // when updating rule structure, update also (at least) free_rule(), // print_rule(), rules_equal(), copy_rule (), alloc_empty_rule() functions struct rule { - struct hit_option *src_hit; - struct hit_option *dst_hit; - struct hip_host_id *src_hi; - struct int_option *type; - struct state_option *state; + struct hit_option *src_hit; + struct hit_option *dst_hit; + struct hip_host_id *src_hi; + struct int_option *type; + struct state_option *state; struct string_option *in_if; struct string_option *out_if; - unsigned int hook; - int accept; + unsigned int hook; + int accept; }; /*-------------- RULES ------------*/ === modified file 'firewall/sysopp.c' --- firewall/sysopp.c 2010-11-30 14:50:30 +0000 +++ firewall/sysopp.c 2011-01-03 16:06:13 +0000 @@ -79,7 +79,7 @@ const struct in6_addr *local_hit) { struct hip_common *msg = NULL; - int err = 0; + int err = 0; HIP_IFE(!(msg = hip_msg_alloc()), -1); @@ -117,8 +117,8 @@ static void hip_fw_add_non_hip_peer(const hip_fw_context_t *ctx, const int verdict) { - char command[64]; - char addr_str[INET_ADDRSTRLEN]; + char command[64]; + char addr_str[INET_ADDRSTRLEN]; struct in_addr addr_v4; IPV6_TO_IPV4_MAP(&ctx->dst, &addr_v4); @@ -160,7 +160,7 @@ const int default_verdict) { fw_cache_hl_t *entry_peer = NULL; - int verdict; + int verdict; HIP_DEBUG("\n"); @@ -203,8 +203,8 @@ */ int hip_fw_sys_opp_set_peer_hit(const struct hip_common *msg) { - int err = 0, state; - const hip_hit_t *local_hit, *peer_hit; + int err = 0, state; + const hip_hit_t *local_hit, *peer_hit; const struct in6_addr *peer_addr; const struct in6_addr *local_addr; === modified file 'firewall/user_ipsec_api.c' --- firewall/user_ipsec_api.c 2010-11-30 14:50:30 +0000 +++ firewall/user_ipsec_api.c 2011-01-03 16:06:13 +0000 @@ -64,17 +64,17 @@ /* this is the ESP packet we are about to build */ -static unsigned char *esp_packet = NULL; +static unsigned char *esp_packet = NULL; /* the original packet before ESP decryption */ static unsigned char *decrypted_packet = NULL; /* sockets needed in order to reinject the ESP packet into the network stack */ -static int raw_sock_v4 = 0; -static int raw_sock_v6 = 0; +static int raw_sock_v4 = 0; +static int raw_sock_v6 = 0; /* allows us to make sure that we only init ones */ -static int is_init = 0; +static int is_init = 0; /* 0 = hipd does not know that userspace ipsec on */ -static int init_hipd = 0; +static int init_hipd = 0; /** * triggers user ipsec init message for hipd @@ -115,7 +115,7 @@ // this option allows us to add the IP header ourselves HIP_IFEL(setsockopt(raw_sock_v4, IPPROTO_IP, IP_HDRINCL, (char *) &on, sizeof(on)) < 0, -1, - "setsockopt() error for IPv4 raw socket\n"); + "setsockopt() error for IPv4 raw socket\n"); // open IPv6 raw socket, no options needed here raw_sock_v6 = socket(AF_INET6, SOCK_RAW, IPPROTO_RAW); @@ -218,14 +218,14 @@ // entry matching the peer HIT hip_sa_entry_t *entry = NULL; // the routable addresses as used in HIPL - struct in6_addr preferred_local_addr; - struct in6_addr preferred_peer_addr; + struct in6_addr preferred_local_addr; + struct in6_addr preferred_peer_addr; struct sockaddr_storage preferred_peer_sockaddr; - struct timeval now; - uint16_t esp_packet_len = 0; - int out_ip_version = 0; - int err = 0; - const struct ip6_hdr *ip6_hdr = NULL; + struct timeval now; + uint16_t esp_packet_len = 0; + int out_ip_version = 0; + int err = 0; + const struct ip6_hdr *ip6_hdr = NULL; /* we should only get HIT addresses here * LSI have been handled by LSI module before and converted to HITs */ @@ -325,7 +325,7 @@ entry->usetime_ka.tv_usec = now.tv_usec; // the original packet has to be dropped - err = 1; + err = 1; } // now do some esp token maintenance operations @@ -344,15 +344,15 @@ */ int hip_fw_userspace_ipsec_input(const hip_fw_context_t *ctx) { - struct hip_esp *esp_hdr = NULL; + struct hip_esp *esp_hdr = NULL; struct sockaddr_storage local_sockaddr; // entry matching the SPI - hip_sa_entry_t *entry = NULL; - struct timeval now; - uint16_t decrypted_packet_len = 0; - uint32_t spi = 0; - uint32_t seq_no = 0; - int err = 0; + hip_sa_entry_t *entry = NULL; + struct timeval now; + uint16_t decrypted_packet_len = 0; + uint32_t spi = 0; + uint32_t seq_no = 0; + int err = 0; gettimeofday(&now, NULL); @@ -396,7 +396,7 @@ entry->usetime_ka.tv_usec = now.tv_usec; // the original packet has to be dropped - err = 1; + err = 1; } out_err: === modified file 'firewall/user_ipsec_esp.c' --- firewall/user_ipsec_esp.c 2010-10-15 15:29:14 +0000 +++ firewall/user_ipsec_esp.c 2011-01-03 16:06:13 +0000 @@ -88,11 +88,11 @@ IPV6_TO_IPV4_MAP(dst_addr, &dst_in_addr); // set changed values - ip_hdr->ip_v = 4; + ip_hdr->ip_v = 4; /* assume no options */ - ip_hdr->ip_hl = 5; - ip_hdr->ip_tos = 0; - ip_hdr->ip_len = packet_len; + ip_hdr->ip_hl = 5; + ip_hdr->ip_tos = 0; + ip_hdr->ip_len = packet_len; /* assume that we have no fragmentation */ ip_hdr->ip_id = 0; ip_hdr->ip_off = 0; @@ -103,7 +103,7 @@ ip_hdr->ip_dst.s_addr = dst_in_addr.s_addr; /* recalculate the header checksum, does not include payload */ - ip_hdr->ip_sum = checksum_ip(ip_hdr, ip_hdr->ip_hl); + ip_hdr->ip_sum = checksum_ip(ip_hdr, ip_hdr->ip_hl); } /** adds an IPv6-header to the packet @@ -149,19 +149,19 @@ hip_sa_entry_t *entry) { /* elen is length of data to encrypt */ - uint16_t elen = in_len; + uint16_t elen = in_len; /* length of auth output */ - unsigned int alen = 0; + unsigned int alen = 0; /* initialization vector */ - uint16_t iv_len = 0; + uint16_t iv_len = 0; unsigned char cbc_iv[16]; /* ESP tail information */ - uint16_t pad_len = 0; + uint16_t pad_len = 0; struct hip_esp_tail *esp_tail = NULL; // offset of the payload counting from the beginning of the esp header - uint16_t esp_data_offset = 0; - int i = 0; - int err = 0; + uint16_t esp_data_offset = 0; + int i = 0; + int err = 0; esp_data_offset = esp_prot_get_data_offset(entry); @@ -354,20 +354,20 @@ hip_sa_entry_t *entry) { /* elen is length of data to encrypt */ - uint16_t elen = 0; + uint16_t elen = 0; // length of authentication protection field - uint16_t alen = 0; + uint16_t alen = 0; // authentication data - unsigned int hmac_md_len; + unsigned int hmac_md_len; unsigned char hmac_md[EVP_MAX_MD_SIZE]; /* initialization vector */ - uint16_t iv_len = 0; + uint16_t iv_len = 0; unsigned char cbc_iv[16]; /* ESP tail information */ struct hip_esp_tail *esp_tail = NULL; // offset of the payload counting from the beginning of the esp header - uint16_t esp_data_offset = 0; - int err = 0; + uint16_t esp_data_offset = 0; + int err = 0; // different offset if esp extension used or not esp_data_offset = esp_prot_get_data_offset(entry); @@ -552,20 +552,20 @@ unsigned char *esp_packet, uint16_t *esp_packet_len) { // some pointers to packet headers - struct ip *out_ip_hdr = NULL; - struct ip6_hdr *out_ip6_hdr = NULL; - struct udphdr *out_udp_hdr = NULL; - struct hip_esp *out_esp_hdr = NULL; - unsigned char *in_transport_hdr = NULL; - uint8_t in_transport_type = 0; - int next_hdr_offset = 0; + struct ip *out_ip_hdr = NULL; + struct ip6_hdr *out_ip6_hdr = NULL; + struct udphdr *out_udp_hdr = NULL; + struct hip_esp *out_esp_hdr = NULL; + unsigned char *in_transport_hdr = NULL; + uint8_t in_transport_type = 0; + int next_hdr_offset = 0; // length of the data to be encrypted - uint16_t elen = 0; + uint16_t elen = 0; // length of the esp payload - uint16_t encryption_len = 0; + uint16_t encryption_len = 0; // length of the hash value used by the esp protection extension - int esp_prot_hash_length = 0; - int err = 0; + int esp_prot_hash_length = 0; + int err = 0; // distinguish IPv4 and IPv6 output if (IN6_IS_ADDR_V4MAPPED(preferred_peer_addr)) { @@ -581,14 +581,14 @@ } // set up esp header - out_esp_hdr = - (struct hip_esp *) (esp_packet + next_hdr_offset); + out_esp_hdr = + (struct hip_esp *) (esp_packet + next_hdr_offset); out_esp_hdr->esp_spi = htonl(entry->spi); out_esp_hdr->esp_seq = htonl(entry->sequence++); // packet to be re-inserted into network stack has at least // length of all defined headers - *esp_packet_len += next_hdr_offset + sizeof(struct hip_esp); + *esp_packet_len += next_hdr_offset + sizeof(struct hip_esp); /* put the esp protection extension hash right behind the header * (virtual header extension) @@ -598,7 +598,7 @@ HIP_IFEL(esp_prot_add_hash(esp_packet + *esp_packet_len, &esp_prot_hash_length, entry), -1, - "failed to add the esp protection extension hash\n"); + "failed to add the esp protection extension hash\n"); HIP_DEBUG("esp prot hash_length: %i\n", esp_prot_hash_length); HIP_HEXDUMP("esp prot hash: ", esp_packet + *esp_packet_len, esp_prot_hash_length); @@ -611,14 +611,14 @@ /* get pointer to data, right behind IPv6 header * * NOTE: we are only dealing with HIT-based (-> IPv6) data traffic */ - in_transport_hdr = ((unsigned char *) ctx->ipq_packet->payload) - + sizeof(struct ip6_hdr); + in_transport_hdr = ((unsigned char *) ctx->ipq_packet->payload) + + sizeof(struct ip6_hdr); in_transport_type = ((struct ip6_hdr *) ctx->ipq_packet->payload)->ip6_nxt; /* length of data to be encrypted is length of the original packet * starting at the transport layer header */ - elen = ctx->ipq_packet->data_len - sizeof(struct ip6_hdr); + elen = ctx->ipq_packet->data_len - sizeof(struct ip6_hdr); /* encrypt data now */ HIP_DEBUG("encrypting data...\n"); @@ -668,7 +668,7 @@ // packet to be re-inserted into network stack has at least // length of defined headers - *esp_packet_len += next_hdr_offset + sizeof(struct hip_esp); + *esp_packet_len += next_hdr_offset + sizeof(struct hip_esp); /* put the esp protection extension hash right behind the header * (virtual header extension) @@ -677,7 +677,7 @@ * in order to be more flexible about the hash length */ HIP_IFEL(esp_prot_add_hash(esp_packet + *esp_packet_len, &esp_prot_hash_length, entry), -1, - "failed to add the esp protection extension hash\n"); + "failed to add the esp protection extension hash\n"); HIP_DEBUG("esp prot hash_length: %i\n", esp_prot_hash_length); HIP_HEXDUMP("esp prot hash: ", esp_packet + *esp_packet_len, esp_prot_hash_length); @@ -691,14 +691,14 @@ /* get pointer to data, right behind IPv6 header * * NOTE: we are only dealing with HIT-based (-> IPv6) data traffic */ - in_transport_hdr = ((unsigned char *) ctx->ipq_packet->payload) - + sizeof(struct ip6_hdr); + in_transport_hdr = ((unsigned char *) ctx->ipq_packet->payload) + + sizeof(struct ip6_hdr); in_transport_type = ((struct ip6_hdr *) ctx->ipq_packet->payload)->ip6_nxt; /* length of data to be encrypted is length of the original packet * starting at the transport layer header */ - elen = ctx->ipq_packet->data_len - sizeof(struct ip6_hdr); + elen = ctx->ipq_packet->data_len - sizeof(struct ip6_hdr); HIP_DEBUG("encrypting data...\n"); @@ -742,11 +742,11 @@ unsigned char *decrypted_packet, uint16_t *decrypted_packet_len) { - int next_hdr_offset = 0; + int next_hdr_offset = 0; uint16_t esp_len = 0; uint16_t decrypted_data_len = 0; - uint8_t next_hdr = 0; - int err = 0; + uint8_t next_hdr = 0; + int err = 0; // the decrypted data will be placed behind the HIT-based IPv6 header next_hdr_offset = sizeof(struct ip6_hdr); === modified file 'firewall/user_ipsec_fw_msg.c' --- firewall/user_ipsec_fw_msg.c 2010-11-30 14:50:30 +0000 +++ firewall/user_ipsec_fw_msg.c 2011-01-03 16:06:13 +0000 @@ -59,7 +59,7 @@ */ int send_userspace_ipsec_to_hipd(const int activate) { - int err = 0; + int err = 0; struct hip_common *msg = NULL; HIP_IFEL(!(msg = malloc(HIP_MAX_PACKET)), -1, @@ -110,39 +110,39 @@ */ int handle_sa_add_request(const struct hip_common *msg) { - const struct hip_tlv_common *param = NULL; - const struct in6_addr *src_addr = NULL, *dst_addr = NULL; - const struct in6_addr *src_hit = NULL, *dst_hit = NULL; - uint32_t spi = 0; - int ealg = 0, err = 0; - const struct hip_crypto_key *enc_key = NULL, *auth_key = NULL; - int retransmission = 0, direction = 0, update = 0; - uint16_t local_port = 0, peer_port = 0; - uint8_t encap_mode = 0, esp_prot_transform = 0; - uint32_t hash_item_length = 0; - uint16_t esp_num_anchors; - unsigned char esp_prot_anchors[MAX_NUM_PARALLEL_HCHAINS][MAX_HASH_LENGTH]; + const struct hip_tlv_common *param = NULL; + const struct in6_addr *src_addr = NULL, *dst_addr = NULL; + const struct in6_addr *src_hit = NULL, *dst_hit = NULL; + uint32_t spi = 0; + int ealg = 0, err = 0; + const struct hip_crypto_key *enc_key = NULL, *auth_key = NULL; + int retransmission = 0, direction = 0, update = 0; + uint16_t local_port = 0, peer_port = 0; + uint8_t encap_mode = 0, esp_prot_transform = 0; + uint32_t hash_item_length = 0; + uint16_t esp_num_anchors; + unsigned char esp_prot_anchors[MAX_NUM_PARALLEL_HCHAINS][MAX_HASH_LENGTH]; /* get all attributes from the message */ - param = hip_get_param(msg, HIP_PARAM_IPV6_ADDR); - src_addr = hip_get_param_contents_direct(param); + param = hip_get_param(msg, HIP_PARAM_IPV6_ADDR); + src_addr = hip_get_param_contents_direct(param); HIP_DEBUG_IN6ADDR("Source IP address: ", src_addr); - param = hip_get_next_param(msg, param); - dst_addr = hip_get_param_contents_direct(param); + param = hip_get_next_param(msg, param); + dst_addr = hip_get_param_contents_direct(param); HIP_DEBUG_IN6ADDR("Destination IP address : ", dst_addr); - param = hip_get_param(msg, HIP_PARAM_HIT); - src_hit = hip_get_param_contents_direct(param); + param = hip_get_param(msg, HIP_PARAM_HIT); + src_hit = hip_get_param_contents_direct(param); HIP_DEBUG_HIT("Source Hit: ", src_hit); - param = hip_get_next_param(msg, param); - dst_hit = hip_get_param_contents_direct(param); + param = hip_get_next_param(msg, param); + dst_hit = hip_get_param_contents_direct(param); HIP_DEBUG_HIT("Destination HIT: ", dst_hit); - param = hip_get_param(msg, HIP_PARAM_UINT); - spi = *((const uint32_t *) hip_get_param_contents_direct(param)); + param = hip_get_param(msg, HIP_PARAM_UINT); + spi = *((const uint32_t *) hip_get_param_contents_direct(param)); HIP_DEBUG("the spi value is : 0x%lx \n", spi); param = hip_get_next_param(msg, param); @@ -153,8 +153,8 @@ local_port = *((const uint16_t *) hip_get_param_contents_direct(param)); HIP_DEBUG("the local_port value is %u \n", local_port); - param = hip_get_next_param(msg, param); - peer_port = *((const uint16_t *) hip_get_param_contents_direct(param)); + param = hip_get_next_param(msg, param); + peer_port = *((const uint16_t *) hip_get_param_contents_direct(param)); HIP_DEBUG("the peer_port value is %u \n", peer_port); /* parse the esp protection extension parameters */ @@ -162,28 +162,28 @@ &esp_num_anchors, esp_prot_anchors, &hash_item_length), -1, "failed to retrieve esp prot anchor\n"); - param = hip_get_param(msg, HIP_PARAM_KEYS); - enc_key = hip_get_param_contents_direct(param); + param = hip_get_param(msg, HIP_PARAM_KEYS); + enc_key = hip_get_param_contents_direct(param); HIP_HEXDUMP("crypto key:", enc_key, sizeof(struct hip_crypto_key)); - param = hip_get_next_param(msg, param); - auth_key = hip_get_param_contents_direct(param); + param = hip_get_next_param(msg, param); + auth_key = hip_get_param_contents_direct(param); HIP_HEXDUMP("auth key:", auth_key, sizeof(struct hip_crypto_key)); - param = hip_get_param(msg, HIP_PARAM_INT); - ealg = *((const int *) hip_get_param_contents_direct(param)); + param = hip_get_param(msg, HIP_PARAM_INT); + ealg = *((const int *) hip_get_param_contents_direct(param)); HIP_DEBUG("ealg value is %d \n", ealg); param = hip_get_next_param(msg, param); retransmission = *((const int *) hip_get_param_contents_direct(param)); HIP_DEBUG("already_acquired value is %d \n", retransmission); - param = hip_get_next_param(msg, param); - direction = *((const int *) hip_get_param_contents_direct(param)); + param = hip_get_next_param(msg, param); + direction = *((const int *) hip_get_param_contents_direct(param)); HIP_DEBUG("the direction value is %d \n", direction); - param = hip_get_next_param(msg, param); - update = *((const int *) hip_get_param_contents_direct(param)); + param = hip_get_next_param(msg, param); + update = *((const int *) hip_get_param_contents_direct(param)); HIP_DEBUG("the update value is %d \n", update); HIP_IFEL(hip_sadb_add(direction, spi, BEET_MODE, src_addr, dst_addr, @@ -205,37 +205,37 @@ */ int handle_sa_delete_request(const struct hip_common *msg) { - const struct hip_tlv_common *param = NULL; - uint32_t spi = 0; - const struct in6_addr *peer_addr = NULL; - const struct in6_addr *dst_addr = NULL; - int family = 0, src_port = 0, dst_port = 0; - int err = 0; + const struct hip_tlv_common *param = NULL; + uint32_t spi = 0; + const struct in6_addr *peer_addr = NULL; + const struct in6_addr *dst_addr = NULL; + int family = 0, src_port = 0, dst_port = 0; + int err = 0; /* get all attributes from the message */ - param = hip_get_param(msg, HIP_PARAM_UINT); - spi = *((const uint32_t *) hip_get_param_contents_direct(param)); + param = hip_get_param(msg, HIP_PARAM_UINT); + spi = *((const uint32_t *) hip_get_param_contents_direct(param)); HIP_DEBUG("spi value: 0x%lx \n", spi); param = hip_get_param(msg, HIP_PARAM_IPV6_ADDR); peer_addr = hip_get_param_contents_direct(param); HIP_DEBUG_IN6ADDR("peer address: ", peer_addr); - param = hip_get_next_param(msg, param); - dst_addr = hip_get_param_contents_direct(param); + param = hip_get_next_param(msg, param); + dst_addr = hip_get_param_contents_direct(param); HIP_DEBUG_IN6ADDR("dst address: ", dst_addr); - param = hip_get_param(msg, HIP_PARAM_INT); - family = *((const int *) hip_get_param_contents_direct(param)); + param = hip_get_param(msg, HIP_PARAM_INT); + family = *((const int *) hip_get_param_contents_direct(param)); HIP_DEBUG("family: %i\n", family); - param = hip_get_next_param(msg, param); - src_port = *((const int *) hip_get_param_contents_direct(param)); + param = hip_get_next_param(msg, param); + src_port = *((const int *) hip_get_param_contents_direct(param)); HIP_DEBUG("src_port: %i\n", src_port); - param = hip_get_next_param(msg, param); - dst_port = *((const int *) hip_get_param_contents_direct(param)); + param = hip_get_next_param(msg, param); + dst_port = *((const int *) hip_get_param_contents_direct(param)); HIP_DEBUG("dst_port: %i\n", dst_port); /* work-around due to broken sa_delete in hipd */ === modified file 'firewall/user_ipsec_sadb.c' --- firewall/user_ipsec_sadb.c 2010-11-30 14:50:30 +0000 +++ firewall/user_ipsec_sadb.c 2011-01-03 16:06:13 +0000 @@ -70,13 +70,13 @@ /* Structure for demultiplexing inbound ipsec packets, indexed by dst_addr and spi */ typedef struct hip_link_entry { - struct in6_addr dst_addr; /* destination address of outer IP header */ - uint32_t spi; /* ipsec spi, needed for demultiplexing incoming packets */ - hip_sa_entry_t * linked_sa_entry; /* direct link to sa entry */ + struct in6_addr dst_addr; /* destination address of outer IP header */ + uint32_t spi; /* ipsec spi, needed for demultiplexing incoming packets */ + hip_sa_entry_t *linked_sa_entry; /* direct link to sa entry */ } hip_link_entry_t; /* database storing the sa entries, indexed by src _and_ dst hits */ -HIP_HASHTABLE *sadb = NULL; +HIP_HASHTABLE *sadb = NULL; /* database storing shortcuts to sa entries for incoming packets */ HIP_HASHTABLE *linkdb = NULL; @@ -90,8 +90,8 @@ static unsigned long hip_sa_entry_hash(const hip_sa_entry_t *sa_entry) { struct in6_addr addr_pair[2]; /* in BEET-mode these are HITs */ - unsigned char hash[INDEX_HASH_LENGTH]; - int err = 0; + unsigned char hash[INDEX_HASH_LENGTH]; + int err = 0; memset(&hash, 0, INDEX_HASH_LENGTH); @@ -113,7 +113,7 @@ HIP_IFEL(hip_build_digest(INDEX_HASH_FN, addr_pair, 2 * sizeof(struct in6_addr), hash), -1, - "failed to hash addresses\n"); + "failed to hash addresses\n"); out_err: if (err) { @@ -160,10 +160,10 @@ */ static unsigned long hip_link_entry_hash(const hip_link_entry_t *link_entry) { - int input_length = sizeof(struct in6_addr) + sizeof(uint32_t); + int input_length = sizeof(struct in6_addr) + sizeof(uint32_t); unsigned char hash_input[input_length]; unsigned char hash[INDEX_HASH_LENGTH]; - int err = 0; + int err = 0; // values have to be present HIP_ASSERT(link_entry != NULL && link_entry->spi != 0); @@ -236,9 +236,9 @@ static hip_link_entry_t * hip_link_entry_find(const struct in6_addr *dst_addr, uint32_t spi) { - hip_link_entry_t search_link; + hip_link_entry_t search_link; hip_link_entry_t *stored_link = NULL; - int err = 0; + int err = 0; // search the linkdb for the link to the corresponding entry memcpy(&search_link.dst_addr, dst_addr, sizeof(struct in6_addr)); @@ -269,7 +269,7 @@ static int hip_link_entry_add(struct in6_addr *dst_addr, hip_sa_entry_t *entry) { hip_link_entry_t *link = NULL; - int err = 0; + int err = 0; HIP_IFEL(!(link = malloc(sizeof(hip_link_entry_t))), -1, "failed to allocate memory\n"); @@ -295,7 +295,7 @@ static int hip_link_entry_delete(struct in6_addr *dst_addr, uint32_t spi) { hip_link_entry_t *stored_link = NULL; - int err = 0; + int err = 0; // find link entry and free members HIP_IFEL(!(stored_link = hip_link_entry_find(dst_addr, spi)), -1, @@ -360,10 +360,10 @@ unsigned char (*esp_prot_anchors)[MAX_HASH_LENGTH], int update) { - int key_len = 0; /* for 3-DES */ + int key_len = 0; /* for 3-DES */ unsigned char key1[8], key2[8], key3[8]; /* for 3-DES */ - int enc_key_changed = 0; - int err = 0; + int enc_key_changed = 0; + int err = 0; // TODO handle update case with credit-based authentication // -> introduce backup of spi and keying material @@ -382,7 +382,7 @@ entry->src_port = src_port; entry->dst_port = dst_port; - entry->ealg = ealg; + entry->ealg = ealg; // copy raw keys, if they changed if (memcmp(entry->auth_key, auth_key, hip_auth_key_length_esp(ealg))) { @@ -391,7 +391,6 @@ if (hip_enc_key_length(ealg) > 0 && memcmp(entry->enc_key, enc_key, hip_enc_key_length(ealg))) { - memcpy(entry->enc_key, enc_key, hip_enc_key_length(ealg)); enc_key_changed = 1; } @@ -465,7 +464,7 @@ HIP_IFEL(esp_prot_sa_entry_set(entry, esp_prot_transform, hash_item_length, esp_num_anchors, esp_prot_anchors, update), - -1, "failed to set esp protection members\n"); + -1, "failed to set esp protection members\n"); out_err: return err; @@ -516,12 +515,12 @@ int update) { hip_sa_entry_t *stored_entry = NULL; - int err = 0; + int err = 0; // we need the sadb entry to go through entries in the linkdb HIP_IFEL(!(stored_entry = hip_sa_entry_find_outbound(inner_src_addr, inner_dst_addr)), -1, - "failed to retrieve sa entry\n"); + "failed to retrieve sa entry\n"); /* delete all links * @@ -537,7 +536,7 @@ enc_key, lifetime, esp_prot_transform, hash_item_length, esp_num_anchors, esp_prot_anchors, update), - -1, "failed to update the entry members\n"); + -1, "failed to update the entry members\n"); HIP_IFEL(hip_link_entry_add(&stored_entry->dst_addr, stored_entry), -1, "failed to add links\n"); @@ -604,7 +603,7 @@ int update) { hip_sa_entry_t *entry = NULL; - int err = 0; + int err = 0; /* initialize members to 0/NULL */ HIP_IFEL(!(entry = malloc(sizeof(hip_sa_entry_t))), -1, @@ -661,7 +660,7 @@ static int hip_sa_entry_delete(struct in6_addr *src_addr, struct in6_addr *dst_addr) { hip_sa_entry_t *stored_entry = NULL; - int err = 0; + int err = 0; /* find entry in sadb and delete entries in linkdb for all (addr, spi)-matches */ HIP_IFEL(!(stored_entry = hip_sa_entry_find_outbound(src_addr, dst_addr)), -1, @@ -763,10 +762,10 @@ unsigned char (*esp_prot_anchors)[MAX_HASH_LENGTH], UNUSED int retransmission, int update) { - int err = 0; + int err = 0; const struct in6_addr *check_local_hit = NULL; - struct in6_addr *default_hit = NULL; - in_port_t src_port, dst_port; + struct in6_addr *default_hit = NULL; + in_port_t src_port, dst_port; /* TODO handle retransmission correctly */ @@ -819,7 +818,7 @@ int hip_sadb_delete(const struct in6_addr *dst_addr, uint32_t spi) { hip_sa_entry_t *entry = NULL; - int err = 0; + int err = 0; HIP_IFEL(!(entry = hip_sa_entry_find_inbound(dst_addr, spi)), -1, "failed to retrieve sa entry\n"); @@ -838,8 +837,8 @@ */ int hip_sadb_flush(void) { - int err = 0, i = 0; - hip_list_t *item = NULL, *tmp = NULL; + int err = 0, i = 0; + hip_list_t *item = NULL, *tmp = NULL; hip_sa_entry_t *entry = NULL; // iterating over all elements @@ -865,9 +864,9 @@ */ hip_sa_entry_t *hip_sa_entry_find_inbound(const struct in6_addr *dst_addr, uint32_t spi) { - hip_link_entry_t *stored_link = NULL; - hip_sa_entry_t *stored_entry = NULL; - int err = 0; + hip_link_entry_t *stored_link = NULL; + hip_sa_entry_t *stored_entry = NULL; + int err = 0; HIP_IFEL(!(stored_link = hip_link_entry_find(dst_addr, spi)), -1, "failed to find link entry\n"); @@ -892,9 +891,9 @@ hip_sa_entry_t *hip_sa_entry_find_outbound(const struct in6_addr *src_hit, const struct in6_addr *dst_hit) { - hip_sa_entry_t search_entry; + hip_sa_entry_t search_entry; hip_sa_entry_t *stored_entry = NULL; - int err = 0; + int err = 0; // fill search entry with information needed by the hash function memcpy(&search_entry.inner_src_addr, src_hit, sizeof(struct in6_addr)); === modified file 'firewall/user_ipsec_sadb.h' --- firewall/user_ipsec_sadb.h 2010-10-15 15:29:14 +0000 +++ firewall/user_ipsec_sadb.h 2011-01-03 16:06:13 +0000 @@ -52,16 +52,16 @@ /* IPsec Security Association entry */ typedef struct hip_sa_entry { - int direction; /* direction of the SA: inbound/outbound */ - uint32_t spi; /* IPsec SPI number */ - uint32_t mode; /* ESP mode : 1-transport, 2-tunnel, 3-beet */ - struct in6_addr src_addr; /* source address of outer IP header */ - struct in6_addr dst_addr; /* destination address of outer IP header */ - struct in6_addr inner_src_addr; /* inner source addresses for tunnel and BEET SAs */ - struct in6_addr inner_dst_addr; /* inner destination addresses for tunnel and BEET SAs */ - uint8_t encap_mode; /* encapsulation mode: 0 - none, 1 - udp */ - uint16_t src_port; /* src port for UDP encaps. ESP */ - uint16_t dst_port; /* dst port for UDP encaps. ESP */ + int direction; /* direction of the SA: inbound/outbound */ + uint32_t spi; /* IPsec SPI number */ + uint32_t mode; /* ESP mode : 1-transport, 2-tunnel, 3-beet */ + struct in6_addr src_addr; /* source address of outer IP header */ + struct in6_addr dst_addr; /* destination address of outer IP header */ + struct in6_addr inner_src_addr; /* inner source addresses for tunnel and BEET SAs */ + struct in6_addr inner_dst_addr; /* inner destination addresses for tunnel and BEET SAs */ + uint8_t encap_mode; /* encapsulation mode: 0 - none, 1 - udp */ + uint16_t src_port; /* src port for UDP encaps. ESP */ + uint16_t dst_port; /* dst port for UDP encaps. ESP */ /****************** crypto parameters *******************/ int ealg; /* crypto transform in use */ struct hip_crypto_key *auth_key; /* raw authentication key */ @@ -70,23 +70,23 @@ AES_KEY aes_key; /* AES key */ BF_KEY bf_key; /* BLOWFISH key */ /******************** statistics *************************/ - uint64_t lifetime; /* seconds until expiration */ - uint64_t bytes; /* bytes transmitted */ - struct timeval usetime; /* last used timestamp */ - struct timeval usetime_ka; /* last used timestamp, including keep-alives */ - uint32_t sequence; /* ESP sequence number counter */ + uint64_t lifetime; /* seconds until expiration */ + uint64_t bytes; /* bytes transmitted */ + struct timeval usetime; /* last used timestamp */ + struct timeval usetime_ka; /* last used timestamp, including keep-alives */ + uint32_t sequence; /* ESP sequence number counter */ /*********** esp protection extension params *************/ /* for both directions */ - uint8_t esp_prot_transform; /* mode used for securing ipsec traffic */ + uint8_t esp_prot_transform; /* mode used for securing ipsec traffic */ /* for outbound direction */ - void * active_hash_items[MAX_NUM_PARALLEL_HCHAINS]; /* active item can be a hchain or a htree */ - void * next_hash_items[MAX_NUM_PARALLEL_HCHAINS]; /* update item can be a hchain or a htree */ - int active_item_length; /* length of the active hash item */ - int update_item_length; /* length of the update hash item */ - uint8_t update_item_acked[MAX_NUM_PARALLEL_HCHAINS]; /* ack from peer that update succeeded */ - int last_used_chain; /* in case of parallel hchains, stores last used for round robin */ - esp_cumulative_item_t hash_buffer[MAX_RING_BUFFER_SIZE]; /* packet hash buffer for the cumulative packet auth */ - uint32_t next_free; /* next buffer entry to be used for cumulative packet auth */ + void *active_hash_items[MAX_NUM_PARALLEL_HCHAINS]; /* active item can be a hchain or a htree */ + void *next_hash_items[MAX_NUM_PARALLEL_HCHAINS]; /* update item can be a hchain or a htree */ + int active_item_length; /* length of the active hash item */ + int update_item_length; /* length of the update hash item */ + uint8_t update_item_acked[MAX_NUM_PARALLEL_HCHAINS]; /* ack from peer that update succeeded */ + int last_used_chain; /* in case of parallel hchains, stores last used for round robin */ + esp_cumulative_item_t hash_buffer[MAX_RING_BUFFER_SIZE]; /* packet hash buffer for the cumulative packet auth */ + uint32_t next_free; /* next buffer entry to be used for cumulative packet auth */ } hip_sa_entry_t; int hip_sadb_init(void); === modified file 'hipd/accessor.c' --- hipd/accessor.c 2010-10-15 15:29:14 +0000 +++ hipd/accessor.c 2011-01-03 16:06:13 +0000 @@ -38,7 +38,7 @@ #include "accessor.h" #include "hipd.h" -unsigned int hipd_state = HIPD_STATE_CLOSED; +unsigned int hipd_state = HIPD_STATE_CLOSED; /** * Set global daemon state. === modified file 'hipd/accessor.h' --- hipd/accessor.h 2010-10-15 15:29:14 +0000 +++ hipd/accessor.h 2011-01-03 16:06:13 +0000 @@ -54,4 +54,3 @@ void hipd_set_flag(unsigned int); #endif /* HIP_HIPD_ACCESSOR_H */ - === modified file 'hipd/cert.c' --- hipd/cert.c 2010-12-30 21:49:52 +0000 +++ hipd/cert.c 2011-01-03 16:06:13 +0000 @@ -77,25 +77,25 @@ */ int hip_cert_spki_sign(struct hip_common *msg) { - int err = 0, sig_len = 0, algo = 0, t = 0; + int err = 0, sig_len = 0, algo = 0, t = 0; const struct hip_cert_spki_info *p_cert; - struct hip_cert_spki_info *cert; - struct hip_host_id *host_id = NULL; - unsigned char sha_digest[21]; - unsigned char *signature_b64 = NULL; - unsigned char *digest_b64 = NULL; - unsigned char *sha_retval; - uint8_t *signature = NULL; - DSA_SIG *dsa_sig = NULL; + struct hip_cert_spki_info *cert; + struct hip_host_id *host_id = NULL; + unsigned char sha_digest[21]; + unsigned char *signature_b64 = NULL; + unsigned char *digest_b64 = NULL; + unsigned char *sha_retval; + uint8_t *signature = NULL; + DSA_SIG *dsa_sig = NULL; /* RSA needed variables */ - RSA *rsa = NULL; - unsigned char *e_bin = NULL, *n_bin = NULL; - unsigned char *e_hex = NULL, *n_b64 = NULL; + RSA *rsa = NULL; + unsigned char *e_bin = NULL, *n_bin = NULL; + unsigned char *e_hex = NULL, *n_b64 = NULL; /* DSA needed variables */ - DSA *dsa = NULL; - unsigned char *p_bin = NULL, *q_bin = NULL, *g_bin = NULL, *y_bin = NULL; - unsigned char *p_b64 = NULL, *q_b64 = NULL, *g_b64 = NULL, *y_b64 = NULL; + DSA *dsa = NULL; + unsigned char *p_bin = NULL, *q_bin = NULL, *g_bin = NULL, *y_bin = NULL; + unsigned char *p_b64 = NULL, *q_b64 = NULL, *g_b64 = NULL, *y_b64 = NULL; cert = malloc(sizeof(struct hip_cert_spki_info)); HIP_IFEL((!cert), -1, "Malloc for cert failed\n"); @@ -130,14 +130,14 @@ HIP_IFEL((!signature_b64), -1, "Malloc for signature_b64 failed\n"); memset(signature_b64, 0, RSA_size(rsa)); - n_bin = malloc(RSA_size(rsa) + 1); + n_bin = malloc(RSA_size(rsa) + 1); HIP_IFEL((!n_bin), -1, "Malloc for n_bin failed\n"); - n_b64 = malloc(RSA_size(rsa) + 20); + n_b64 = malloc(RSA_size(rsa) + 20); HIP_IFEL((!n_b64), -1, "Malloc for n_b64 failed\n"); memset(n_b64, 0, (RSA_size(rsa) + 20)); - e_bin = malloc(BN_num_bytes(rsa->e) + 1); + e_bin = malloc(BN_num_bytes(rsa->e) + 1); HIP_IFEL((!e_bin), -1, "Malloc for e_bin failed\n"); memset(e_bin, 0, (BN_num_bytes(rsa->e) + 1)); @@ -151,31 +151,31 @@ (unsigned int *) &sig_len, rsa); HIP_IFEL((err = err == 0 ? -1 : 0), -1, "RSA_sign error\n"); } else if (algo == HIP_HI_DSA) { - p_bin = malloc(BN_num_bytes(dsa->p) + 1); + p_bin = malloc(BN_num_bytes(dsa->p) + 1); HIP_IFEL((!p_bin), -1, "Malloc for p_bin failed\n"); - q_bin = malloc(BN_num_bytes(dsa->q) + 1); + q_bin = malloc(BN_num_bytes(dsa->q) + 1); HIP_IFEL((!q_bin), -1, "Malloc for q_bin failed\n"); - g_bin = malloc(BN_num_bytes(dsa->g) + 1); + g_bin = malloc(BN_num_bytes(dsa->g) + 1); HIP_IFEL((!g_bin), -1, "Malloc for g_bin failed\n"); - y_bin = malloc(BN_num_bytes(dsa->pub_key) + 1); + y_bin = malloc(BN_num_bytes(dsa->pub_key) + 1); HIP_IFEL((!y_bin), -1, "Malloc for y_bin failed\n"); - p_b64 = malloc(BN_num_bytes(dsa->p) + 20); + p_b64 = malloc(BN_num_bytes(dsa->p) + 20); HIP_IFEL((!p_b64), -1, "Malloc for p_b64 failed\n"); - q_b64 = malloc(BN_num_bytes(dsa->q) + 20); + q_b64 = malloc(BN_num_bytes(dsa->q) + 20); HIP_IFEL((!q_b64), -1, "Malloc for q_b64 failed\n"); - g_b64 = malloc(BN_num_bytes(dsa->g) + 20); + g_b64 = malloc(BN_num_bytes(dsa->g) + 20); HIP_IFEL((!g_b64), -1, "Malloc for g_b64 failed\n"); - y_b64 = malloc(BN_num_bytes(dsa->pub_key) + 20); + y_b64 = malloc(BN_num_bytes(dsa->pub_key) + 20); HIP_IFEL((!y_b64), -1, "Malloc for y_b64 failed\n"); - signature = malloc(HIP_DSA_SIG_SIZE); + signature = malloc(HIP_DSA_SIG_SIZE); memset(signature, 0, HIP_DSA_SIG_SIZE); t = BN_num_bytes(dsa->p); @@ -186,7 +186,7 @@ dsa_sig = DSA_do_sign(sha_digest, SHA_DIGEST_LENGTH, dsa); bn2bin_safe(dsa_sig->r, &signature[1], DSA_PRIV); bn2bin_safe(dsa_sig->s, &signature[1 + DSA_PRIV], DSA_PRIV); - sig_len = SHA_DIGEST_LENGTH + DSA_PRIV * 2; + sig_len = SHA_DIGEST_LENGTH + DSA_PRIV * 2; } else { HIP_IFEL(1 == 0, -1, "Unknown algorithm for signing\n"); } @@ -319,31 +319,31 @@ */ int hip_cert_spki_verify(struct hip_common *msg) { - int err = 0, start = 0, stop = 0, evpret = 0, keylen = 0, algo = 0; + int err = 0, start = 0, stop = 0, evpret = 0, keylen = 0, algo = 0; char buf[200]; - unsigned char sha_digest[21]; + unsigned char sha_digest[21]; unsigned char *sha_retval; unsigned char *signature_hash = NULL; unsigned char *signature_hash_b64 = NULL; unsigned char *signature_b64 = NULL; const struct hip_cert_spki_info *p_cert; - struct hip_cert_spki_info *cert = NULL; - unsigned char *signature = NULL; + struct hip_cert_spki_info *cert = NULL; + unsigned char *signature = NULL; /** RSA */ - RSA *rsa = NULL; - unsigned long e_code; - char *e_hex = NULL; - unsigned char *modulus_b64 = NULL; - unsigned char *modulus = NULL; + RSA *rsa = NULL; + unsigned long e_code; + char *e_hex = NULL; + unsigned char *modulus_b64 = NULL; + unsigned char *modulus = NULL; /** DSA */ - DSA *dsa = NULL; - unsigned char *p_bin = NULL, *q_bin = NULL, *g_bin = NULL, *y_bin = NULL; - unsigned char *p_b64 = NULL, *q_b64 = NULL, *g_b64 = NULL, *y_b64 = NULL; - DSA_SIG *dsa_sig = NULL; + DSA *dsa = NULL; + unsigned char *p_bin = NULL, *q_bin = NULL, *g_bin = NULL, *y_bin = NULL; + unsigned char *p_b64 = NULL, *q_b64 = NULL, *g_b64 = NULL, *y_b64 = NULL; + DSA_SIG *dsa_sig = NULL; /* rules for regular expressions */ @@ -362,47 +362,47 @@ * Look for pattern "(p |" and stop when first "|" * anything in base 64 is accepted inbetween */ - char p_rule[] = "[(][p][ ][|][[A-Za-z0-9+/()#=-]*[|]"; + char p_rule[] = "[(][p][ ][|][[A-Za-z0-9+/()#=-]*[|]"; /* * Rule to get DSA q * Look for pattern "(q |" and stop when first "|" * anything in base 64 is accepted inbetween */ - char q_rule[] = "[(][q][ ][|][[A-Za-z0-9+/()#=-]*[|]"; + char q_rule[] = "[(][q][ ][|][[A-Za-z0-9+/()#=-]*[|]"; /* * Rule to get DSA g * Look for pattern "(g |" and stop when first "|" * anything in base 64 is accepted inbetween */ - char g_rule[] = "[(][g][ ][|][[A-Za-z0-9+/()#=-]*[|]"; + char g_rule[] = "[(][g][ ][|][[A-Za-z0-9+/()#=-]*[|]"; /* * Rule to get DSA y / pub_key * Look for pattern "(y |" and stop when first "|" * anything in base 64 is accepted inbetween */ - char y_rule[] = "[(][y][ ][|][[A-Za-z0-9+/()#=-]*[|]"; + char y_rule[] = "[(][y][ ][|][[A-Za-z0-9+/()#=-]*[|]"; /* * rule to get the public exponent RSA * Look for the part that says # and after that some hex blob and # */ - char e_rule[] = "[#][0-9A-Fa-f]*[#]"; + char e_rule[] = "[#][0-9A-Fa-f]*[#]"; /* * rule to get the public modulus RSA * Look for the part that starts with '|' and after that anything * that is in base 64 char set and then '|' again */ - char n_rule[] = "[|][A-Za-z0-9+/()#=-]*[|]"; + char n_rule[] = "[|][A-Za-z0-9+/()#=-]*[|]"; /* * rule to get the signature hash * Look for the similar than the n_rule */ - char h_rule[] = "[|][A-Za-z0-9+/()#=-]*[|]"; + char h_rule[] = "[|][A-Za-z0-9+/()#=-]*[|]"; /* * rule to get the signature @@ -410,7 +410,7 @@ * and stops to '|' char remember to add and subtract 2 from * the indexes below */ - char s_rule[] = "[)][|][A-Za-z0-9+/()#=-]*[|]"; + char s_rule[] = "[)][|][A-Za-z0-9+/()#=-]*[|]"; cert = malloc(sizeof(struct hip_cert_spki_info)); HIP_IFEL((!cert), -1, "Malloc for cert failed\n"); @@ -456,13 +456,13 @@ (char *) &cert->public_key[start + 1]); /* public modulus */ - start = stop = 0; + start = stop = 0; HIP_IFEL(hip_cert_regex(n_rule, cert->public_key, &start, &stop), -1, "Failed to run hip_cert_regex (modulus)\n"); modulus_b64 = malloc(stop - start + 1); HIP_IFEL((!modulus_b64), -1, "Malloc for modulus_b64 failed\n"); memset(modulus_b64, 0, (stop - start + 1)); - modulus = malloc(stop - start + 1); + modulus = malloc(stop - start + 1); HIP_IFEL((!modulus), -1, "Malloc for modulus failed\n"); memset(modulus, 0, (stop - start + 1)); snprintf((char *) modulus_b64, (stop - start - 1), "%s", @@ -481,7 +481,7 @@ } signature = malloc(keylen); HIP_IFEL((!signature), -1, "Malloc for signature failed.\n"); - rsa->n = BN_bin2bn(modulus, keylen, 0); + rsa->n = BN_bin2bn(modulus, keylen, 0); } else if (algo == HIP_HI_DSA) { /* malloc space for new dsa */ dsa = DSA_new(); @@ -504,13 +504,13 @@ evpret = EVP_DecodeBlock(p_bin, p_b64, strlen((char *) p_b64)); /* dsa->q */ - start = stop = 0; + start = stop = 0; HIP_IFEL(hip_cert_regex(q_rule, cert->public_key, &start, &stop), -1, "Failed to run hip_cert_regex dsa->q\n"); - q_b64 = malloc(stop - start + 1); + q_b64 = malloc(stop - start + 1); HIP_IFEL((!q_b64), -1, "Malloc for q_b64 failed\n"); memset(q_b64, 0, (stop - start + 1)); - q_bin = malloc(stop - start + 1); + q_bin = malloc(stop - start + 1); HIP_IFEL((!q_bin), -1, "Malloc for q_bin failed\n"); memset(q_bin, 0, (stop - start + 1)); snprintf((char *) q_b64, (stop - start - 1), "%s", @@ -518,13 +518,13 @@ evpret = EVP_DecodeBlock(q_bin, q_b64, strlen((char *) q_b64)); /* dsa->g */ - start = stop = 0; + start = stop = 0; HIP_IFEL(hip_cert_regex(g_rule, cert->public_key, &start, &stop), -1, "Failed to run hip_cert_regex dsa->g\n"); - g_b64 = malloc(stop - start + 1); + g_b64 = malloc(stop - start + 1); HIP_IFEL((!g_b64), -1, "Malloc for g_b64 failed\n"); memset(g_b64, 0, (stop - start + 1)); - g_bin = malloc(stop - start + 1); + g_bin = malloc(stop - start + 1); HIP_IFEL((!g_bin), -1, "Malloc for g_bin failed\n"); memset(g_bin, 0, (stop - start + 1)); snprintf((char *) g_b64, (stop - start - 1), "%s", @@ -532,13 +532,13 @@ evpret = EVP_DecodeBlock(g_bin, g_b64, strlen((char *) g_b64)); /* dsa->y */ - start = stop = 0; + start = stop = 0; HIP_IFEL(hip_cert_regex(y_rule, cert->public_key, &start, &stop), -1, "Failed to run hip_cert_regex dsa->y\n"); - y_b64 = malloc(stop - start + 1); + y_b64 = malloc(stop - start + 1); HIP_IFEL((!y_b64), -1, "Malloc for y_b64 failed\n"); memset(y_b64, 0, (stop - start + 1)); - y_bin = malloc(stop - start + 1); + y_bin = malloc(stop - start + 1); HIP_IFEL((!y_bin), -1, "Malloc for y_bin failed\n"); memset(y_bin, 0, (stop - start + 1)); snprintf((char *) y_b64, (stop - start - 1), "%s", @@ -555,13 +555,13 @@ -1, "SHA1 error when creating digest.\n"); /* Get the signature hash and compare it to the sha_digest we just made */ - start = stop = 0; + start = stop = 0; HIP_IFEL(hip_cert_regex(h_rule, cert->signature, &start, &stop), -1, "Failed to run hip_cert_regex (signature hash)\n"); signature_hash_b64 = malloc(stop - start + 1); HIP_IFEL((!signature_hash_b64), -1, "Failed to malloc signature_hash_b64\n"); memset(signature_hash_b64, '\0', (stop - start + 1)); - signature_hash = malloc(stop - start + 1); + signature_hash = malloc(stop - start + 1); HIP_IFEL((!signature_hash), -1, "Failed to malloc signature_hash\n"); snprintf((char *) signature_hash_b64, (stop - start - 1), "%s", (char *) &cert->signature[start + 1]); @@ -572,7 +572,7 @@ "cert sequence in the certificate\n"); /* memset signature and put it into its place */ - start = stop = 0; + start = stop = 0; HIP_IFEL(hip_cert_regex(s_rule, cert->signature, &start, &stop), -1, "Failed to run hip_cert_regex (signature)\n"); signature_b64 = malloc(stop - start + 1); @@ -589,8 +589,8 @@ if (algo == HIP_HI_RSA) { /* do the verification */ - err = RSA_verify(NID_sha1, sha_digest, SHA_DIGEST_LENGTH, - signature, RSA_size(rsa), rsa); + err = RSA_verify(NID_sha1, sha_digest, SHA_DIGEST_LENGTH, + signature, RSA_size(rsa), rsa); e_code = ERR_get_error(); ERR_load_crypto_strings(); ERR_error_string(e_code, buf); @@ -600,14 +600,14 @@ HIP_IFEL((err = err == 1 ? 0 : -1), -1, "RSA_verify error\n"); } else if (algo == HIP_HI_DSA) { /* build the signature structure */ - dsa_sig = DSA_SIG_new(); + dsa_sig = DSA_SIG_new(); HIP_IFEL(!dsa_sig, 1, "Failed to allocate DSA_SIG\n"); - dsa_sig->r = BN_bin2bn(&signature[1], DSA_PRIV, NULL); - dsa_sig->s = BN_bin2bn(&signature[1 + DSA_PRIV], DSA_PRIV, NULL); + dsa_sig->r = BN_bin2bn(&signature[1], DSA_PRIV, NULL); + dsa_sig->s = BN_bin2bn(&signature[1 + DSA_PRIV], DSA_PRIV, NULL); /* verify the DSA signature */ - err = DSA_do_verify(sha_digest, SHA_DIGEST_LENGTH, - dsa_sig, dsa) == 0 ? 1 : 0; + err = DSA_do_verify(sha_digest, SHA_DIGEST_LENGTH, + dsa_sig, dsa) == 0 ? 1 : 0; /* DSA_do_verify returns 1 if success. */ cert->success = err == 1 ? 0 : -1; @@ -653,40 +653,40 @@ */ int hip_cert_x509v3_handle_request_to_sign(struct hip_common *msg) { - int err = 0, i = 0, nid = 0, ret = 0, secs = 0, algo = 0; - CONF *conf; + int err = 0, i = 0, nid = 0, ret = 0, secs = 0, algo = 0; + CONF *conf; CONF_VALUE *item; STACK_OF(CONF_VALUE) * sec_general = NULL; STACK_OF(CONF_VALUE) * sec_name = NULL; STACK_OF(CONF_VALUE) * sec_ext = NULL; - X509_REQ *req = NULL; - X509_NAME *issuer = NULL; - X509_NAME *subj = NULL; - X509_EXTENSION *ext = NULL; + X509_REQ *req = NULL; + X509_NAME *issuer = NULL; + X509_NAME *subj = NULL; + X509_EXTENSION *ext = NULL; STACK_OF(X509_EXTENSION) * extlist = NULL; X509_NAME_ENTRY *ent; - EVP_PKEY *pkey; + EVP_PKEY *pkey; /** XX TODO THIS should come from a configuration file * monotonically increasing counter */ - long serial = 0; - const EVP_MD *digest = NULL; - X509 *cert; - X509V3_CTX ctx; + long serial = 0; + const EVP_MD *digest = NULL; + X509 *cert; + X509V3_CTX ctx; const struct hip_cert_x509_req *subject; - char subject_hit[41]; - char issuer_hit[41]; - char ialtname[45]; - char saltname[45]; - struct in6_addr *issuer_hit_n; - struct hip_host_id *host_id; - RSA *rsa = NULL; - DSA *dsa = NULL; - char cert_str_pem[1024]; - unsigned char *der_cert = NULL; - int der_cert_len = 0; - char arg1[21]; - char arg2[21]; + char subject_hit[41]; + char issuer_hit[41]; + char ialtname[45]; + char saltname[45]; + struct in6_addr *issuer_hit_n; + struct hip_host_id *host_id; + RSA *rsa = NULL; + DSA *dsa = NULL; + char cert_str_pem[1024]; + unsigned char *der_cert = NULL; + int der_cert_len = 0; + char arg1[21]; + char arg2[21]; HIP_IFEL(!(issuer_hit_n = malloc(sizeof(struct in6_addr))), -1, "Malloc for subject failed\n"); @@ -781,7 +781,7 @@ for (i = 0; i < sk_CONF_VALUE_num(sec_ext); i++) { item = sk_CONF_VALUE_value(sec_ext, i); HIP_IFEL(!(ext = X509V3_EXT_conf(NULL, &ctx, - item->name, item->value )), -1, + item->name, item->value)), -1, "Failed to create extension\n"); sk_X509_EXTENSION_push(extlist, ext); } @@ -859,7 +859,7 @@ } } HIP_IFEL(!(ext = X509V3_EXT_conf(NULL, &ctx, - item->name, item->value )), -1, + item->name, item->value)), -1, "Failed to create extension\n"); HIP_IFEL((!X509_add_ext(cert, ext, -1)), -1, "Failed to add extensions to the cert\n"); @@ -957,13 +957,13 @@ */ int hip_cert_x509v3_handle_request_to_verify(struct hip_common *msg) { - int err = 0; - struct hip_cert_x509_resp verify; + int err = 0; + struct hip_cert_x509_resp verify; const struct hip_cert_x509_resp *p; - X509 *cert = NULL; - X509_STORE *store = NULL; - X509_STORE_CTX *verify_ctx = NULL; - unsigned char *der_cert = NULL; + X509 *cert = NULL; + X509_STORE *store = NULL; + X509_STORE_CTX *verify_ctx = NULL; + unsigned char *der_cert = NULL; OpenSSL_add_all_algorithms(); ERR_load_crypto_strings(); === modified file 'hipd/close.c' --- hipd/close.c 2010-11-30 14:50:30 +0000 +++ hipd/close.c 2011-01-03 16:06:13 +0000 @@ -69,15 +69,15 @@ */ static int hip_xmit_close(hip_ha_t *entry, void *opaque) { - int err = 0, mask = 0; - int delete_ha_info = *(int *) ((uint8_t *)opaque + sizeof(hip_hit_t)); - hip_hit_t *peer = opaque; - struct hip_common *msg_close = NULL; + int err = 0, mask = 0; + int delete_ha_info = *(int *) ((uint8_t *) opaque + sizeof(hip_hit_t)); + hip_hit_t *peer = opaque; + struct hip_common *msg_close = NULL; #ifdef CONFIG_HIP_PERFORMANCE HIP_DEBUG("Start PERF_CLOSE_SEND, PERF_CLOSE_COMPLETE\n"); - hip_perf_start_benchmark( perf_set, PERF_CLOSE_SEND ); - hip_perf_start_benchmark( perf_set, PERF_CLOSE_COMPLETE ); + hip_perf_start_benchmark(perf_set, PERF_CLOSE_SEND); + hip_perf_start_benchmark(perf_set, PERF_CLOSE_COMPLETE); #endif if (peer) { @@ -148,8 +148,8 @@ entry->state = HIP_STATE_CLOSING; #ifdef CONFIG_HIP_PERFORMANCE HIP_DEBUG("Stop and write PERF_CLOSE_SEND\n"); - hip_perf_stop_benchmark( perf_set, PERF_CLOSE_SEND ); - hip_perf_write_benchmark( perf_set, PERF_CLOSE_SEND ); + hip_perf_stop_benchmark(perf_set, PERF_CLOSE_SEND); + hip_perf_write_benchmark(perf_set, PERF_CLOSE_SEND); #endif out_err: @@ -167,11 +167,11 @@ int hip_send_close(struct hip_common *msg, int delete_ha_info) { - int err = 0, retry, n; - char *opaque = NULL; - const hip_hit_t *hit = NULL; + int err = 0, retry, n; + char *opaque = NULL; + const hip_hit_t *hit = NULL; struct sockaddr_in6 sock_addr; - struct hip_common *msg_to_firewall = NULL; + struct hip_common *msg_to_firewall = NULL; HIP_DEBUG("msg=%p\n", msg); @@ -245,7 +245,7 @@ int err = 0; #ifdef CONFIG_HIP_PERFORMANCE HIP_DEBUG("Start PERF_HANDLE_CLOSE\n"); - hip_perf_start_benchmark( perf_set, PERF_HANDLE_CLOSE ); + hip_perf_start_benchmark(perf_set, PERF_HANDLE_CLOSE); #endif HIP_IFEL(ipv6_addr_any(&(ctx->input_msg)->hitr), -1, @@ -296,36 +296,36 @@ UNUSED const uint32_t ha_state, struct hip_packet_context *ctx) { - int err = 0, echo_len; + int err = 0, echo_len; const struct hip_echo_request *request; HIP_IFEL(!(request = - hip_get_param(ctx->input_msg, HIP_PARAM_ECHO_REQUEST_SIGN)), + hip_get_param(ctx->input_msg, HIP_PARAM_ECHO_REQUEST_SIGN)), -1, "No echo request under signature.\n"); echo_len = hip_get_param_contents_len(request); hip_msg_init(ctx->output_msg); hip_build_network_hdr(ctx->output_msg, - HIP_CLOSE_ACK, - HIP_PACKET_CTRL_NON, - &(ctx->hadb_entry)->hit_our, - &(ctx->hadb_entry)->hit_peer); + HIP_CLOSE_ACK, + HIP_PACKET_CTRL_NON, + &(ctx->hadb_entry)->hit_our, + &(ctx->hadb_entry)->hit_peer); HIP_IFEL(hip_build_param_echo(ctx->output_msg, request + 1, - echo_len, 1, 0), -1, - "Failed to build echo param.\n"); + echo_len, 1, 0), -1, + "Failed to build echo param.\n"); /************* HMAC ************/ HIP_IFEL(hip_build_param_hmac_contents(ctx->output_msg, - &(ctx->hadb_entry)->hip_hmac_out), - -1, "Building of HMAC failed.\n"); + &(ctx->hadb_entry)->hip_hmac_out), + -1, "Building of HMAC failed.\n"); /********** Signature **********/ HIP_IFEL(ctx->hadb_entry->sign(ctx->hadb_entry->our_priv_key, - ctx->output_msg), - -EINVAL, - "Could not create signature.\n"); + ctx->output_msg), + -EINVAL, + "Could not create signature.\n"); out_err: if (err) { @@ -388,8 +388,8 @@ out_err: #ifdef CONFIG_HIP_PERFORMANCE HIP_DEBUG("Stop and write PERF_HANDLE_CLOSE\n"); - hip_perf_stop_benchmark( perf_set, PERF_HANDLE_CLOSE ); - hip_perf_write_benchmark( perf_set, PERF_HANDLE_CLOSE ); + hip_perf_stop_benchmark(perf_set, PERF_HANDLE_CLOSE); + hip_perf_write_benchmark(perf_set, PERF_HANDLE_CLOSE); #endif return err; @@ -412,20 +412,20 @@ UNUSED const uint32_t ha_state, struct hip_packet_context *ctx) { - int err = 0; + int err = 0; const struct hip_echo_request *echo_resp = NULL; #ifdef CONFIG_HIP_PERFORMANCE HIP_DEBUG("Start PERF_HANDLE_CLOSE_ACK\n"); - hip_perf_start_benchmark( perf_set, PERF_HANDLE_CLOSE_ACK ); + hip_perf_start_benchmark(perf_set, PERF_HANDLE_CLOSE_ACK); #endif HIP_IFEL(ipv6_addr_any(&ctx->input_msg->hitr), -1, - "Received NULL receiver HIT in CLOSE ACK. Dropping\n"); + "Received NULL receiver HIT in CLOSE ACK. Dropping\n"); if (!hip_controls_sane(ntohs(ctx->input_msg->control), HIP_PACKET_CTRL_NON)) { HIP_ERROR("Received illegal controls in CLOSE ACK: 0x%x. Dropping\n", - ntohs(ctx->input_msg->control)); + ntohs(ctx->input_msg->control)); goto out_err; } @@ -502,10 +502,10 @@ out_err: #ifdef CONFIG_HIP_PERFORMANCE HIP_DEBUG("Stop and write PERF_HANDLE_CLOSE_ACK, PERF_CLOSE_COMPLETE\n"); - hip_perf_stop_benchmark( perf_set, PERF_HANDLE_CLOSE_ACK ); - hip_perf_write_benchmark( perf_set, PERF_HANDLE_CLOSE_ACK ); - hip_perf_stop_benchmark( perf_set, PERF_CLOSE_COMPLETE ); - hip_perf_write_benchmark( perf_set, PERF_CLOSE_COMPLETE ); + hip_perf_stop_benchmark(perf_set, PERF_HANDLE_CLOSE_ACK); + hip_perf_write_benchmark(perf_set, PERF_HANDLE_CLOSE_ACK); + hip_perf_stop_benchmark(perf_set, PERF_CLOSE_COMPLETE); + hip_perf_write_benchmark(perf_set, PERF_CLOSE_COMPLETE); #endif return err; === modified file 'hipd/configfilereader.c' --- hipd/configfilereader.c 2010-10-15 15:29:14 +0000 +++ hipd/configfilereader.c 2011-01-03 16:06:13 +0000 @@ -143,7 +143,7 @@ */ static int hip_cf_parse_val(char *line, hip_configvaluelist_t *values) { - int i = 0, j = 0, k = 0, l = 0, end = 0; + int i = 0, j = 0, k = 0, l = 0, end = 0; char value[HIP_RELAY_MAX_VAL_LEN + 1]; /* Search for the line end. */ @@ -421,7 +421,7 @@ return EOF; } - int lineerr = 0; + int lineerr = 0; char line[HIP_RELAY_MAX_LINE_LEN + 1]; memset(line, '\0', sizeof(line)); @@ -475,7 +475,7 @@ /* Free the item currently at list head and move the next item to list * head. Continue this until the item at list head is NULL. */ while (linkedlist->head != NULL) { - pointer = linkedlist->head->next; + pointer = linkedlist->head->next; free(linkedlist->head); linkedlist->head = pointer; } === modified file 'hipd/configfilereader.h' --- hipd/configfilereader.h 2010-10-15 15:29:14 +0000 +++ hipd/configfilereader.h 2011-01-03 16:06:13 +0000 @@ -84,7 +84,7 @@ #include <stdio.h> - /* For debuging macros. */ +/* For debuging macros. */ /** Maximum number of characters per line in HIP relay config file. */ #define HIP_RELAY_MAX_LINE_LEN 2048 === modified file 'hipd/cookie.c' --- hipd/cookie.c 2010-11-30 14:50:30 +0000 +++ hipd/cookie.c 2011-01-03 16:06:13 +0000 @@ -97,9 +97,9 @@ */ int hip_get_puzzle_difficulty_msg(struct hip_common *msg) { - int err = 0, diff = 0; + int err = 0, diff = 0; const hip_hit_t *dst_hit = NULL; - hip_hit_t all_zero_hit; + hip_hit_t all_zero_hit; bzero(&all_zero_hit, sizeof(all_zero_hit)); /* obtain the hit */ @@ -112,7 +112,6 @@ return err; } - /** * set the puzzle difficulty according to the msg sent by hipconf * @@ -122,10 +121,10 @@ */ int hip_set_puzzle_difficulty_msg(struct hip_common *msg) { - int err = 0; - const int *newVal = NULL; + int err = 0; + const int *newVal = NULL; const hip_hit_t *dst_hit = NULL; - hip_hit_t all_zero_hit; + hip_hit_t all_zero_hit; bzero(&all_zero_hit, sizeof(all_zero_hit)); HIP_IFEL(!(dst_hit = hip_get_param_contents(msg, HIP_PARAM_HIT)), @@ -139,7 +138,6 @@ return err; } - /** * increase cookie difficulty by one * @@ -173,7 +171,7 @@ static int hip_calc_cookie_idx(struct in6_addr *ip_i, struct in6_addr *ip_r) { register uint32_t base = 0; - int i; + int i; for (i = 0; i < 4; i++) { base ^= ip_i->s6_addr32[i]; @@ -203,10 +201,10 @@ struct hip_common *hip_get_r1(struct in6_addr *ip_i, struct in6_addr *ip_r, struct in6_addr *our_hit) { - struct hip_common *err = NULL, *r1 = NULL; - struct hip_r1entry *hip_r1table = NULL; - struct hip_host_id_entry *hid = NULL; - int idx, len; + struct hip_common *err = NULL, *r1 = NULL; + struct hip_r1entry *hip_r1table = NULL; + struct hip_host_id_entry *hid = NULL; + int idx, len; /* Find the proper R1 table and copy the R1 message from the table */ HIP_READ_LOCK_DB(HIP_DB_LOCAL_HID); @@ -214,7 +212,7 @@ NULL, "Unknown HIT\n"); hip_r1table = hid->r1; - idx = hip_calc_cookie_idx(ip_i, ip_r); + idx = hip_calc_cookie_idx(ip_i, ip_r); HIP_DEBUG("Calculated index: %d\n", idx); /* Create a copy of the found entry */ @@ -267,7 +265,7 @@ for (i = 0; i < HIP_R1TABLESIZE; i++) { int cookie_k; - cookie_k = hip_get_cookie_difficulty(); + cookie_k = hip_get_cookie_difficulty(); r1table[i].r1 = hip_create_r1(hit, sign, privkey, pubkey, cookie_k); @@ -328,10 +326,10 @@ * of this function was inverted. I.e. This function now returns * negative for error conditions, zero otherwise. It used to be the * other way around. -Lauri 23.07.2008. */ - const struct hip_puzzle *puzzle = NULL; - struct hip_r1entry *result = NULL; - struct hip_host_id_entry *hid = NULL; - int err = 0; + const struct hip_puzzle *puzzle = NULL; + struct hip_r1entry *result = NULL; + struct hip_host_id_entry *hid = NULL; + int err = 0; /* Find the proper R1 table */ HIP_IFEL(!(hid = hip_get_hostid_entry_by_lhi_and_algo( @@ -411,10 +409,10 @@ */ int hip_recreate_all_precreated_r1_packets(void) { - HIP_HASHTABLE *ht = hip_ht_init(hip_hidb_hash, hip_hidb_match); - hip_list_t *curr, *iter; + HIP_HASHTABLE *ht = hip_ht_init(hip_hidb_hash, hip_hidb_match); + hip_list_t *curr, *iter; struct hip_host_id *tmp; - int c; + int c; hip_for_each_hi(hip_recreate_r1s_for_entry_move, ht); === modified file 'hipd/dh.c' --- hipd/dh.c 2010-11-01 13:13:35 +0000 +++ hipd/dh.c 2011-01-03 16:06:13 +0000 @@ -49,7 +49,7 @@ * This array is indexed by the Group ID value defined in the RFC. * Note that this means that the array element at index 0 is thus unused. */ -DH *dh_table[HIP_MAX_DH_GROUP_ID] = {0}; +DH *dh_table[HIP_MAX_DH_GROUP_ID] = { 0 }; /** * insert the current DH-key into the buffer @@ -74,7 +74,7 @@ */ if (dh_table[group_id] == NULL) { - tmp = hip_generate_dh_key(group_id); + tmp = hip_generate_dh_key(group_id); dh_table[group_id] = tmp; === modified file 'hipd/esp_prot_anchordb.c' --- hipd/esp_prot_anchordb.c 2010-11-30 14:50:30 +0000 +++ hipd/esp_prot_anchordb.c 2011-01-03 16:06:13 +0000 @@ -52,11 +52,11 @@ /* defines the structure storing the anchors */ typedef struct anchor_db { /* amount of anchors for each transform */ - int num_anchors[MAX_NUM_TRANSFORMS]; + int num_anchors[MAX_NUM_TRANSFORMS]; /* length of the anchors for each transform */ - int anchor_lengths[MAX_NUM_TRANSFORMS]; + int anchor_lengths[MAX_NUM_TRANSFORMS]; /* length of the corresponding hchain/htree */ - int hash_item_length[MAX_NUM_TRANSFORMS]; + int hash_item_length[MAX_NUM_TRANSFORMS]; /* set to support max amount of anchors possible */ unsigned char *anchors[MAX_NUM_TRANSFORMS][HCSTORE_MAX_HCHAINS_PER_ITEM]; } anchor_db_t; @@ -103,10 +103,10 @@ */ int anchor_db_update(const struct hip_common *msg) { - const struct hip_tlv_common *param = NULL; - const unsigned char *anchor = NULL; - int err = 0, i, j; - uint8_t esp_transforms[MAX_NUM_TRANSFORMS]; + const struct hip_tlv_common *param = NULL; + const unsigned char *anchor = NULL; + int err = 0, i, j; + uint8_t esp_transforms[MAX_NUM_TRANSFORMS]; HIP_ASSERT(msg != NULL); @@ -135,13 +135,13 @@ HIP_IFEL(!(param = hip_get_next_param(msg, param)), -1, "parameter missing in user-message from fw\n"); anchor_db.num_anchors[esp_transforms[i]] = *(const int *) - hip_get_param_contents_direct(param); + hip_get_param_contents_direct(param); HIP_DEBUG("num_anchors is %i\n", anchor_db.num_anchors[esp_transforms[i]]); HIP_IFEL(!(param = hip_get_next_param(msg, param)), -1, "parameter missing in user-message from fw\n"); anchor_db.anchor_lengths[esp_transforms[i]] = *(const int *) - hip_get_param_contents_direct(param); + hip_get_param_contents_direct(param); HIP_DEBUG("anchor_length is %i\n", anchor_db.anchor_lengths[esp_transforms[i]]); HIP_IFEL(!(param = hip_get_next_param(msg, param)), @@ -153,7 +153,7 @@ for (j = 0; j < anchor_db.num_anchors[esp_transforms[i]]; j++) { HIP_IFEL(!(anchor_db.anchors[esp_transforms[i]][j] = - malloc(anchor_db.anchor_lengths[esp_transforms[i]])), + malloc(anchor_db.anchor_lengths[esp_transforms[i]])), -1, "failed to allocate memory\n"); anchor = hip_get_param_contents_direct(param); @@ -165,7 +165,7 @@ HIP_IFEL(!(param = hip_get_next_param(msg, param)), -1, "parameter missing in user-message from fw\n"); anchor_db.hash_item_length[esp_transforms[i]] = *(const int *) - hip_get_param_contents_direct(param); + hip_get_param_contents_direct(param); HIP_DEBUG("adding hash_item_length: %i\n", anchor_db.hash_item_length[esp_transforms[i]]); @@ -213,8 +213,8 @@ unsigned char *anchor_db_get_anchor(const uint8_t transform) { unsigned char *stored_anchor = NULL; - int anchor_offset = 0; - int err = 0; + int anchor_offset = 0; + int err = 0; // ensure correct boundaries HIP_ASSERT(transform > 0); @@ -230,7 +230,7 @@ // remove anchor from db anchor_db.anchors[transform][anchor_offset] = NULL; - anchor_offset = anchor_db.num_anchors[transform]--; + anchor_offset = anchor_db.num_anchors[transform]--; out_err: if (err) { === modified file 'hipd/esp_prot_hipd_msg.c' --- hipd/esp_prot_hipd_msg.c 2010-11-30 14:50:30 +0000 +++ hipd/esp_prot_hipd_msg.c 2011-01-03 16:06:13 +0000 @@ -73,10 +73,10 @@ const struct in6_addr *dst_ip, const uint32_t spi) { - hip_common_t *resp_update = NULL; - const struct hip_seq *seq = NULL; - uint16_t mask = 0; - int err = 0; + hip_common_t *resp_update = NULL; + const struct hip_seq *seq = NULL; + uint16_t mask = 0; + int err = 0; HIP_IFEL(!(seq = hip_get_param(recv_update, HIP_PARAM_SEQ)), -1, @@ -138,7 +138,7 @@ const uint8_t transforms[]) { uint8_t transform = ESP_PROT_TFM_UNUSED; - int err = 0, i, j; + int err = 0, i, j; for (i = 0; i < esp_prot_num_transforms; i++) { for (j = 0; j < num_transforms; j++) { @@ -174,29 +174,29 @@ int esp_prot_set_preferred_transforms(const struct hip_common *msg) { const struct hip_tlv_common *param = NULL; - int err = 0, i; + int err = 0, i; - param = hip_get_param(msg, HIP_PARAM_INT); + param = hip_get_param(msg, HIP_PARAM_INT); esp_prot_active = *((const int *) - hip_get_param_contents_direct(param)); + hip_get_param_contents_direct(param)); HIP_DEBUG("esp_prot_active: %i\n", esp_prot_active); // process message and store the preferred transforms - param = hip_get_next_param(msg, param); + param = hip_get_next_param(msg, param); esp_prot_num_transforms = *((const int *) - hip_get_param_contents_direct(param)); + hip_get_param_contents_direct(param)); HIP_DEBUG("esp protection num_transforms: %i\n", esp_prot_num_transforms); - param = hip_get_next_param(msg, param); + param = hip_get_next_param(msg, param); esp_prot_num_parallel_hchains = *((const long *) - hip_get_param_contents_direct(param)); + hip_get_param_contents_direct(param)); HIP_DEBUG("esp_prot_num_parallel_hchains: %i\n", esp_prot_num_parallel_hchains); for (i = 0; i < MAX_NUM_TRANSFORMS; i++) { if (i < esp_prot_num_transforms) { - param = hip_get_next_param(msg, param); + param = hip_get_next_param(msg, param); esp_prot_transforms[i] = *((const uint8_t *) - hip_get_param_contents_direct(param)); + hip_get_param_contents_direct(param)); HIP_DEBUG("esp protection transform %i: %u\n", i + 1, esp_prot_transforms[i]); } else { esp_prot_transforms[i] = 0; @@ -229,24 +229,24 @@ */ int esp_prot_handle_trigger_update_msg(const struct hip_common *msg) { - const struct hip_tlv_common *param = NULL; - const hip_hit_t *local_hit = NULL, *peer_hit = NULL; - uint8_t esp_prot_tfm = 0; - int hash_length = 0; - const unsigned char *esp_prot_anchor = NULL; - int soft_update = 0; - int anchor_offset[MAX_NUM_PARALLEL_HCHAINS]; - int secret_length[MAX_NUM_PARALLEL_HCHAINS]; - int branch_length[MAX_NUM_PARALLEL_HCHAINS]; - int root_length = 0; - const unsigned char *secret[MAX_NUM_PARALLEL_HCHAINS]; - const unsigned char *branch_nodes[MAX_NUM_PARALLEL_HCHAINS]; - const unsigned char *root[MAX_NUM_PARALLEL_HCHAINS]; - hip_ha_t *entry = NULL; - int hash_item_length = 0; - unsigned char cmp_val[MAX_HASH_LENGTH]; - int err = 0; - long num_parallel_hchains = 0, i; + const struct hip_tlv_common *param = NULL; + const hip_hit_t *local_hit = NULL, *peer_hit = NULL; + uint8_t esp_prot_tfm = 0; + int hash_length = 0; + const unsigned char *esp_prot_anchor = NULL; + int soft_update = 0; + int anchor_offset[MAX_NUM_PARALLEL_HCHAINS]; + int secret_length[MAX_NUM_PARALLEL_HCHAINS]; + int branch_length[MAX_NUM_PARALLEL_HCHAINS]; + int root_length = 0; + const unsigned char *secret[MAX_NUM_PARALLEL_HCHAINS]; + const unsigned char *branch_nodes[MAX_NUM_PARALLEL_HCHAINS]; + const unsigned char *root[MAX_NUM_PARALLEL_HCHAINS]; + hip_ha_t *entry = NULL; + int hash_item_length = 0; + unsigned char cmp_val[MAX_HASH_LENGTH]; + int err = 0; + long num_parallel_hchains = 0, i; memset(cmp_val, 0, MAX_HASH_LENGTH); @@ -254,8 +254,8 @@ local_hit = hip_get_param_contents_direct(param); HIP_DEBUG_HIT("src_hit", local_hit); - param = hip_get_next_param(msg, param); - peer_hit = hip_get_param_contents_direct(param); + param = hip_get_next_param(msg, param); + peer_hit = hip_get_param_contents_direct(param); HIP_DEBUG_HIT("dst_hit", peer_hit); // get matching entry from hadb for HITs provided above @@ -264,7 +264,7 @@ param = hip_get_param(msg, HIP_PARAM_ESP_PROT_TFM); esp_prot_tfm = *((const uint8_t *) - hip_get_param_contents_direct(param)); + hip_get_param_contents_direct(param)); HIP_DEBUG("esp_prot_transform: %u\n", esp_prot_tfm); // check if transforms are matching and add anchor as new local_anchor @@ -272,24 +272,24 @@ "esp prot transform changed without new BEX\n"); HIP_DEBUG("esp prot transforms match\n"); - param = hip_get_param(msg, HIP_PARAM_INT); - hash_item_length = *((const int *) - hip_get_param_contents_direct(param)); + param = hip_get_param(msg, HIP_PARAM_INT); + hash_item_length = *((const int *) + hip_get_param_contents_direct(param)); HIP_DEBUG("hash_item_length: %i\n", hash_item_length); // set the hash_item_length of the item used for this update entry->hash_item_length = hash_item_length; // we need to know the hash_length for this transform - hash_length = anchor_db_get_anchor_length(entry->esp_prot_transform); + hash_length = anchor_db_get_anchor_length(entry->esp_prot_transform); - param = hip_get_next_param(msg, param); - num_parallel_hchains = *((const long *) - hip_get_param_contents_direct(param)); + param = hip_get_next_param(msg, param); + num_parallel_hchains = *((const long *) + hip_get_param_contents_direct(param)); HIP_DEBUG("num_parallel_hchains: %i\n", num_parallel_hchains); // process all update anchors now - param = hip_get_param(msg, HIP_PARAM_HCHAIN_ANCHOR); + param = hip_get_param(msg, HIP_PARAM_HCHAIN_ANCHOR); for (i = 0; i < num_parallel_hchains; i++) { esp_prot_anchor = hip_get_param_contents_direct(param); HIP_HEXDUMP("anchor: ", esp_prot_anchor, hash_length); @@ -306,8 +306,8 @@ param = hip_get_next_param(msg, param); } - root_length = *((const int *) - hip_get_param_contents_direct(param)); + root_length = *((const int *) + hip_get_param_contents_direct(param)); HIP_DEBUG("root_length: %i\n", root_length); entry->esp_root_length = root_length; @@ -331,25 +331,25 @@ for (i = 0; i < num_parallel_hchains; i++) { param = hip_get_next_param(msg, param); anchor_offset[i] = *((const int *) - hip_get_param_contents_direct(param)); + hip_get_param_contents_direct(param)); HIP_DEBUG("anchor_offset: %i\n", anchor_offset[i]); param = hip_get_next_param(msg, param); secret_length[i] = *((const int *) - hip_get_param_contents_direct(param)); + hip_get_param_contents_direct(param)); HIP_DEBUG("secret_length: %i\n", secret_length[i]); param = hip_get_next_param(msg, param); branch_length[i] = *((const int *) - hip_get_param_contents_direct(param)); + hip_get_param_contents_direct(param)); HIP_DEBUG("branch_length: %i\n", branch_length[i]); - param = hip_get_next_param(msg, param); - secret[i] = hip_get_param_contents_direct(param); + param = hip_get_next_param(msg, param); + secret[i] = hip_get_param_contents_direct(param); HIP_HEXDUMP("secret: ", secret[i], secret_length[i]); - param = hip_get_next_param(msg, param); - branch_nodes[i] = hip_get_param_contents_direct(param); + param = hip_get_next_param(msg, param); + branch_nodes[i] = hip_get_param_contents_direct(param); HIP_HEXDUMP("branch_nodes: ", branch_nodes[i], branch_length[i]); } } @@ -363,12 +363,12 @@ * HMAC and HIP_SIGNATURE as well as the ESP_PROT_ANCHOR and the * SEQ param (to guaranty freshness of the ANCHOR) in the signed part * of the message */ - HIP_IFEL(hip_send_update_to_one_peer(NULL, entry, - &entry->our_addr, - &entry->peer_addr, - NULL, - HIP_UPDATE_ESP_ANCHOR), - -1, "failed to send anchor update\n"); + HIP_IFEL(hip_send_update_to_one_peer(NULL, entry, + &entry->our_addr, + &entry->peer_addr, + NULL, + HIP_UPDATE_ESP_ANCHOR), + -1, "failed to send anchor update\n"); } out_err: @@ -383,40 +383,40 @@ */ int esp_prot_handle_anchor_change_msg(const struct hip_common *msg) { - const struct hip_tlv_common *param = NULL; - const hip_hit_t *local_hit = NULL, *peer_hit = NULL; - uint8_t esp_prot_tfm = 0; - int hash_length = 0; - const unsigned char *esp_prot_anchor = NULL; - hip_ha_t *entry = NULL; - int direction = 0; - long num_parallel_hchains = 0, i; - int err = 0; + const struct hip_tlv_common *param = NULL; + const hip_hit_t *local_hit = NULL, *peer_hit = NULL; + uint8_t esp_prot_tfm = 0; + int hash_length = 0; + const unsigned char *esp_prot_anchor = NULL; + hip_ha_t *entry = NULL; + int direction = 0; + long num_parallel_hchains = 0, i; + int err = 0; - param = hip_get_param(msg, HIP_PARAM_HIT); - local_hit = hip_get_param_contents_direct(param); + param = hip_get_param(msg, HIP_PARAM_HIT); + local_hit = hip_get_param_contents_direct(param); HIP_DEBUG_HIT("src_hit", local_hit); - param = hip_get_next_param(msg, param); - peer_hit = hip_get_param_contents_direct(param); + param = hip_get_next_param(msg, param); + peer_hit = hip_get_param_contents_direct(param); HIP_DEBUG_HIT("dst_hit", peer_hit); - param = hip_get_param(msg, HIP_PARAM_INT); - direction = *((const int *) - hip_get_param_contents_direct(param)); + param = hip_get_param(msg, HIP_PARAM_INT); + direction = *((const int *) + hip_get_param_contents_direct(param)); HIP_DEBUG("direction: %i\n", direction); - param = hip_get_param(msg, HIP_PARAM_ESP_PROT_TFM); - esp_prot_tfm = *((const uint8_t *) - hip_get_param_contents_direct(param)); + param = hip_get_param(msg, HIP_PARAM_ESP_PROT_TFM); + esp_prot_tfm = *((const uint8_t *) + hip_get_param_contents_direct(param)); HIP_DEBUG("esp_prot_transform: %u\n", esp_prot_tfm); param = hip_get_param(msg, HIP_PARAM_INT); num_parallel_hchains = *((const long *) - hip_get_param_contents_direct(param)); + hip_get_param_contents_direct(param)); HIP_DEBUG("num_parallel_hchains: %u\n", num_parallel_hchains); - param = hip_get_param(msg, HIP_PARAM_HCHAIN_ANCHOR); + param = hip_get_param(msg, HIP_PARAM_HCHAIN_ANCHOR); // get matching entry from hadb for HITs provided above @@ -473,9 +473,9 @@ const int update) { unsigned char (*hchain_anchors)[MAX_HASH_LENGTH] = NULL; - int hash_length = 0; + int hash_length = 0; uint32_t hash_item_length = 0; - int err = 0, i; + int err = 0, i; HIP_DEBUG("direction: %i\n", direction); @@ -582,7 +582,7 @@ int esp_prot_r1_handle_transforms(struct hip_packet_context *ctx) { const struct esp_prot_preferred_tfms *prot_transforms = NULL; - int err = 0; + int err = 0; /* this is only handled if we are using userspace ipsec, * otherwise we just ignore it */ @@ -597,17 +597,17 @@ HIP_DEBUG("received preferred transforms from peer\n"); // store that we received the param for further processing - ctx->hadb_entry->esp_prot_param = 1; + ctx->hadb_entry->esp_prot_param = 1; // select transform and store it for this connection ctx->hadb_entry->esp_prot_transform = esp_prot_select_transform(prot_transforms->num_transforms, - prot_transforms->transforms); + prot_transforms->transforms); } else { HIP_DEBUG("R1 does not contain preferred ESP protection " \ "transforms, locally setting UNUSED\n"); // store that we didn't received the param - ctx->hadb_entry->esp_prot_param = 0; + ctx->hadb_entry->esp_prot_param = 0; // if the other end-host does not want to use the extension, we don't either ctx->hadb_entry->esp_prot_transform = ESP_PROT_TFM_UNUSED; @@ -630,10 +630,10 @@ */ int esp_prot_i2_add_anchor(struct hip_packet_context *ctx) { - unsigned char *anchor = NULL; - int hash_length = 0; - int hash_item_length = 0; - int err = 0, i; + unsigned char *anchor = NULL; + int hash_length = 0; + int hash_item_length = 0; + int err = 0, i; /* only add, if extension in use and we agreed on a transform * @@ -641,8 +641,8 @@ if (ctx->hadb_entry->esp_prot_transform > ESP_PROT_TFM_UNUSED) { // check for sufficient elements if (anchor_db_get_num_anchors(ctx->hadb_entry->esp_prot_transform) >= - esp_prot_num_parallel_hchains) { - hash_length = anchor_db_get_anchor_length(ctx->hadb_entry->esp_prot_transform); + esp_prot_num_parallel_hchains) { + hash_length = anchor_db_get_anchor_length(ctx->hadb_entry->esp_prot_transform); HIP_DEBUG("hash_length: %i\n", hash_length); hash_item_length = anchor_db_get_hash_item_length(ctx->hadb_entry->esp_prot_transform); @@ -703,10 +703,10 @@ */ int esp_prot_i2_handle_anchor(struct hip_packet_context *ctx) { - const struct hip_tlv_common *param = NULL; + const struct hip_tlv_common *param = NULL; const struct esp_prot_anchor *prot_anchor = NULL; - int hash_length = 0; - int err = 0, i; + int hash_length = 0; + int err = 0, i; /* only supported in user-mode ipsec and optional there */ if (hip_use_userspace_ipsec && esp_prot_num_transforms > 1) { @@ -720,7 +720,7 @@ prot_anchor->transform) >= 0) { // we know this transform ctx->hadb_entry->esp_prot_transform = prot_anchor->transform; - hash_length = anchor_db_get_anchor_length(ctx->hadb_entry->esp_prot_transform); + hash_length = anchor_db_get_anchor_length(ctx->hadb_entry->esp_prot_transform); if (ctx->hadb_entry->esp_prot_transform == ESP_PROT_TFM_UNUSED) { HIP_DEBUG("agreed NOT to use esp protection extension\n"); @@ -781,10 +781,10 @@ */ int esp_prot_r2_add_anchor(hip_common_t *r2, hip_ha_t *entry) { - unsigned char *anchor = NULL; - int hash_length = 0; - int hash_item_length = 0; - int err = 0, i; + unsigned char *anchor = NULL; + int hash_length = 0; + int hash_item_length = 0; + int err = 0, i; // only add, if extension in use, we agreed on a transform and no error until now if (entry->esp_prot_transform > ESP_PROT_TFM_UNUSED) { @@ -843,10 +843,10 @@ int esp_prot_r2_handle_anchor(hip_ha_t *entry, const struct hip_common *input_msg) { - const struct hip_tlv_common *param = NULL; + const struct hip_tlv_common *param = NULL; const struct esp_prot_anchor *prot_anchor = NULL; - int hash_length = 0; - int err = 0, i; + int hash_length = 0; + int err = 0, i; // only process anchor, if we agreed on using it before if (entry->esp_prot_transform > ESP_PROT_TFM_UNUSED) { @@ -855,7 +855,7 @@ // check if the anchor has got the negotiated transform if (prot_anchor->transform == entry->esp_prot_transform) { - hash_length = anchor_db_get_anchor_length(entry->esp_prot_transform); + hash_length = anchor_db_get_anchor_length(entry->esp_prot_transform); // store number of elements per hash structure entry->esp_peer_active_length = ntohl(prot_anchor->hash_item_length); @@ -916,9 +916,9 @@ */ int esp_prot_update_type(const hip_common_t *recv_update) { - const struct hip_seq * seq = NULL; - const struct hip_ack * ack = NULL; - const struct hip_esp_info * esp_info = NULL; + const struct hip_seq *seq = NULL; + const struct hip_ack *ack = NULL; + const struct hip_esp_info *esp_info = NULL; HIP_ASSERT(recv_update != NULL); @@ -928,7 +928,6 @@ if (seq && !ack && !esp_info) { return ESP_PROT_FIRST_UPDATE_PACKET; - } else if (!seq && ack && esp_info) { return ESP_PROT_SECOND_UPDATE_PACKET; } else { @@ -953,7 +952,7 @@ const struct in6_addr *dst_ip) { uint32_t spi = 0; - int err = 0; + int err = 0; HIP_ASSERT(entry != NULL); @@ -1024,9 +1023,9 @@ */ int esp_prot_update_add_anchor(hip_common_t *update, hip_ha_t *entry) { - const struct hip_seq *seq = NULL; - int hash_length = 0; - int err = 0, i; + const struct hip_seq *seq = NULL; + int hash_length = 0; + int err = 0, i; // only do further processing when extension is in use if (entry->esp_prot_transform > ESP_PROT_TFM_UNUSED) { @@ -1093,14 +1092,14 @@ uint32_t *spi) { const struct esp_prot_anchor *prot_anchor = NULL; - const struct hip_tlv_common *param = NULL; - int hash_length = 0; - unsigned char cmp_value[MAX_HASH_LENGTH]; - int err = 0, i; + const struct hip_tlv_common *param = NULL; + int hash_length = 0; + unsigned char cmp_value[MAX_HASH_LENGTH]; + int err = 0, i; HIP_ASSERT(spi != NULL); - *spi = 0; + *spi = 0; param = hip_get_param(recv_update, HIP_PARAM_ESP_PROT_ANCHOR); prot_anchor = (const struct esp_prot_anchor *) param; @@ -1138,7 +1137,7 @@ HIP_DEBUG("entry->esp_peer_update_length: %u\n", entry->esp_peer_update_length); - param = hip_get_next_param(recv_update, param); + param = hip_get_next_param(recv_update, param); prot_anchor = (const struct esp_prot_anchor *) param; } } else if (!memcmp(&entry->esp_peer_update_anchors[0][0], &prot_anchor->anchors[0], @@ -1163,7 +1162,7 @@ HIP_DEBUG("entry->esp_peer_update_length: %u\n", entry->esp_peer_update_length); - param = hip_get_next_param(recv_update, param); + param = hip_get_next_param(recv_update, param); prot_anchor = (const struct esp_prot_anchor *) param; } } else { === modified file 'hipd/esp_prot_light_update.c' --- hipd/esp_prot_light_update.c 2010-11-30 14:50:30 +0000 +++ hipd/esp_prot_light_update.c 2011-01-03 16:06:13 +0000 @@ -66,8 +66,8 @@ const struct in6_addr *dst_addr, const uint32_t spi) { hip_common_t *light_ack = NULL; - uint16_t mask = 0; - int err = 0; + uint16_t mask = 0; + int err = 0; HIP_IFEL(!(light_ack = hip_msg_alloc()), -ENOMEM, "failed to allocate memory\n"); @@ -123,9 +123,9 @@ const int branch_length[]) { hip_common_t *light_update = NULL; - int hash_length = 0; - uint16_t mask = 0; - int err = 0, i; + int hash_length = 0; + uint16_t mask = 0; + int err = 0, i; HIP_IFEL(!(light_update = hip_msg_alloc()), -ENOMEM, "failed to allocate memory\n"); @@ -216,16 +216,16 @@ UNUSED const uint32_t ha_state, struct hip_packet_context *ctx) { - const struct hip_seq *seq = NULL; - const struct hip_ack *ack = NULL; - uint32_t seq_no = 0; - uint32_t ack_no = 0; - uint32_t spi = 0; - int err = 0; + const struct hip_seq *seq = NULL; + const struct hip_ack *ack = NULL; + uint32_t seq_no = 0; + uint32_t ack_no = 0; + uint32_t spi = 0; + int err = 0; HIP_IFEL(!ctx->hadb_entry, -1, - "No entry in host association database when receiving " \ - " HIP_LUPDATE. Dropping.\n"); + "No entry in host association database when receiving " \ + " HIP_LUPDATE. Dropping.\n"); HIP_IFEL(hip_verify_packet_hmac(ctx->input_msg, &(ctx->hadb_entry)->hip_hmac_in), === modified file 'hipd/esp_prot_light_update.h' --- hipd/esp_prot_light_update.h 2010-11-12 16:42:54 +0000 +++ hipd/esp_prot_light_update.h 2011-01-03 16:06:13 +0000 @@ -24,7 +24,7 @@ */ /** - *@file + * *@file * Provides messaging functionality required for HHL-based anchor * element updates. * === modified file 'hipd/hadb.c' --- hipd/hadb.c 2010-12-06 19:57:47 +0000 +++ hipd/hadb.c 2011-01-03 16:06:13 +0000 @@ -123,7 +123,7 @@ static unsigned long hip_ha_hash(const hip_ha_t *ha) { hip_hit_t hitpair[2]; - uint8_t hash[HIP_AH_SHA_LEN]; + uint8_t hash[HIP_AH_SHA_LEN]; if (ha == NULL || &(ha->hit_our) == NULL || &(ha->hit_peer) == NULL) { return 0; @@ -185,7 +185,7 @@ static unsigned long hip_hash_peer_addr(const void *ptr) { const struct in6_addr *addr; - uint8_t hash[HIP_AH_SHA_LEN]; + uint8_t hash[HIP_AH_SHA_LEN]; addr = &((const struct hip_peer_addr_list_item *) ptr)->address; hip_build_digest(HIP_DIGEST_SHA1, addr, sizeof(*addr), hash); @@ -284,11 +284,11 @@ */ hip_ha_t *hip_hadb_try_to_find_by_peer_hit(const hip_hit_t *hit) { - hip_list_t *item, *tmp; + hip_list_t *item, *tmp; struct hip_host_id_entry *e; - hip_ha_t *entry = NULL; - hip_hit_t our_hit; - int i; + hip_ha_t *entry = NULL; + hip_hit_t our_hit; + int i; memset(&our_hit, 0, sizeof(our_hit)); @@ -302,7 +302,7 @@ /* and then with rest (actually default HIT is here redundantly) */ list_for_each_safe(item, tmp, hip_local_hostid_db, i) { - e = (struct hip_host_id_entry *) list_entry(item); + e = (struct hip_host_id_entry *) list_entry(item); ipv6_addr_copy(&our_hit, &e->lhi.hit); entry = hip_hadb_find_byhits(hit, &our_hit); if (!entry) { @@ -329,8 +329,8 @@ */ int hip_hadb_insert_state(hip_ha_t *ha) { - hip_hastate_t st = 0; - hip_ha_t *tmp = NULL; + hip_hastate_t st = 0; + hip_ha_t *tmp = NULL; HIP_DEBUG("hip_hadb_insert_state() invoked.\n"); @@ -458,8 +458,8 @@ const struct in6_addr *peer_addr, const char *peer_hostname) { - int err = 0; - hip_ha_t *entry = NULL, *aux = NULL; + int err = 0; + hip_ha_t *entry = NULL, *aux = NULL; hip_lsi_t lsi_aux; in_port_t nat_udp_port_local = hip_get_local_nat_udp_port(); in_port_t nat_udp_port_peer = hip_get_peer_nat_udp_port(); @@ -555,7 +555,7 @@ void *peer_map_void) { struct hip_peer_map_info *peer_map = peer_map_void; - int err = 0; + int err = 0; HIP_DEBUG("hip_hadb_add_peer_info_wrapper() invoked.\n"); HIP_IFEL(hip_hadb_add_peer_info_complete(&entry->lhi.hit, @@ -585,7 +585,7 @@ const hip_lsi_t *peer_lsi, const char *peer_hostname) { - int err = 0; + int err = 0; struct hip_peer_map_info peer_map; HIP_DEBUG("hip_hadb_add_peer_info() invoked.\n"); @@ -640,16 +640,16 @@ */ int hip_add_peer_map(const struct hip_common *input) { - const struct in6_addr *hit = NULL, *ip = NULL; - const hip_lsi_t *lsi = NULL; - const char *peer_hostname = NULL; - int err = 0; - - hit = hip_get_param_contents(input, HIP_PARAM_HIT); - - lsi = hip_get_param_contents(input, HIP_PARAM_LSI); - - ip = hip_get_param_contents(input, HIP_PARAM_IPV6_ADDR); + const struct in6_addr *hit = NULL, *ip = NULL; + const hip_lsi_t *lsi = NULL; + const char *peer_hostname = NULL; + int err = 0; + + hit = hip_get_param_contents(input, HIP_PARAM_HIT); + + lsi = hip_get_param_contents(input, HIP_PARAM_LSI); + + ip = hip_get_param_contents(input, HIP_PARAM_IPV6_ADDR); peer_hostname = hip_get_param_contents(input, HIP_PARAM_HOSTNAME); @@ -686,7 +686,7 @@ */ static int hip_hadb_init_entry(hip_ha_t *entry) { - int err = 0; + int err = 0; HIP_IFEL(!entry, -1, "HA is NULL\n"); @@ -781,9 +781,9 @@ uint32_t spi, uint32_t lifetime, int state, in_port_t port) { - int err = 0; + int err = 0; struct hip_peer_addr_list_item *a_item; - char addrstr[INET6_ADDRSTRLEN]; + char addrstr[INET6_ADDRSTRLEN]; /* assumes already locked entry */ @@ -809,7 +809,7 @@ err = -ENOMEM; goto out_err; } - a_item->lifetime = lifetime; + a_item->lifetime = lifetime; ipv6_addr_copy(&a_item->address, new_addr); a_item->address_state = state; do_gettimeofday(&a_item->modified_time); @@ -819,7 +819,7 @@ goto out_err; } - err = hip_hadb_get_peer_addr_info_old(entry, new_addr, NULL, NULL); + err = hip_hadb_get_peer_addr_info_old(entry, new_addr, NULL, NULL); if (err) { goto out_err; } @@ -831,8 +831,8 @@ goto out_err; } - a_item->lifetime = lifetime; - a_item->port = port; + a_item->lifetime = lifetime; + a_item->port = port; ipv6_addr_copy(&a_item->address, new_addr); a_item->address_state = state; do_gettimeofday(&a_item->modified_time); @@ -854,9 +854,9 @@ */ static void hip_hadb_delete_state(hip_ha_t *ha) { - hip_list_t *item = NULL, *tmp = NULL; + hip_list_t *item = NULL, *tmp = NULL; struct hip_peer_addr_list_item *addr_li = NULL; - int i; + int i; HIP_DEBUG("ha=0x%p\n", ha); @@ -972,8 +972,8 @@ int hip_init_peer(hip_ha_t *entry, const struct hip_host_id *peer) { - int err = 0; - int len = hip_get_param_total_len(peer); + int err = 0; + int len = hip_get_param_total_len(peer); struct in6_addr hit; /* public key and verify function might be initialized already in the @@ -1038,18 +1038,18 @@ /* RFC 4034 obsoletes RFC 2535 and flags field differ */ /* Get RFC2535 3.1 KEY RDATA format algorithm (Integer value). */ - alg = hip_get_host_id_algo(entry->our_pub); + alg = hip_get_host_id_algo(entry->our_pub); /* Using this integer we get a function pointer to a function that * signs our host identity. */ entry->sign = (alg == HIP_HI_RSA ? hip_rsa_sign : hip_dsa_sign); /* Calculate our HIT from our public Host Identifier (HI). * Note, that currently (06.08.2008) both of these functions use DSA */ - err = ((alg == HIP_HI_DSA) ? - hip_dsa_host_id_to_hit(entry->our_pub, &entry->hit_our, - HIP_HIT_TYPE_HASH100) : - hip_rsa_host_id_to_hit(entry->our_pub, &entry->hit_our, - HIP_HIT_TYPE_HASH100)); + err = ((alg == HIP_HI_DSA) ? + hip_dsa_host_id_to_hit(entry->our_pub, &entry->hit_our, + HIP_HIT_TYPE_HASH100) : + hip_rsa_host_id_to_hit(entry->our_pub, &entry->hit_our, + HIP_HIT_TYPE_HASH100)); HIP_IFEL(err, err, "Unable to digest the HIT out of public key."); if (err != 0) { HIP_ERROR("Unable to digest the HIT out of public key."); @@ -1202,8 +1202,8 @@ */ int hip_for_each_ha(int (*func)(hip_ha_t *entry, void *opaq), void *opaque) { - int i = 0, fail = 0; - hip_ha_t *this; + int i = 0, fail = 0; + hip_ha_t *this; hip_list_t *item, *tmp; if (!func) { @@ -1268,9 +1268,9 @@ */ int hip_handle_get_ha_info(hip_ha_t *entry, void *opaq) { - int err = 0; + int err = 0; struct hip_hadb_user_info_state hid; - struct hip_common *msg = (struct hip_common *) opaq; + struct hip_common *msg = (struct hip_common *) opaq; memset(&hid, 0, sizeof(hid)); hid.state = entry->state; @@ -1284,7 +1284,7 @@ /** @todo Modularize heartbeat */ #if 0 - hid.heartbeats_on = hip_icmp_interval; + hid.heartbeats_on = hip_icmp_interval; calc_statistics(&entry->heartbeats_statistics, (uint32_t *) &hid.heartbeats_received, NULL, NULL, &hid.heartbeats_mean, &hid.heartbeats_variance, STATS_IN_MSECS); hid.heartbeats_mean = entry->heartbeats_mean; @@ -1296,7 +1296,7 @@ hid.nat_udp_port_peer = entry->peer_udp_port; hid.nat_udp_port_local = entry->local_udp_port; - hid.peer_controls = entry->peer_controls; + hid.peer_controls = entry->peer_controls; /* does not print heartbeat info, but I do not think it even should -Samu*/ hip_print_debug_info(&hid.ip_our, &hid.ip_peer, @@ -1304,8 +1304,8 @@ &hid.lsi_peer, (char *) &hid.peer_hostname, &hid.nat_udp_port_local, &hid.nat_udp_port_peer); - err = hip_build_param_contents(msg, &hid, HIP_PARAM_HA_INFO, - sizeof(hid)); + err = hip_build_param_contents(msg, &hid, HIP_PARAM_HA_INFO, + sizeof(hid)); if (err) { HIP_ERROR("Building ha info failed\n"); } @@ -1333,8 +1333,8 @@ hip_ha_t *hip_hadb_find_rvs_candidate_entry(const hip_hit_t *local_hit, const hip_hit_t *rvs_ip) { - int i = 0; - hip_ha_t *this = NULL, *result = NULL; + int i = 0; + hip_ha_t *this = NULL, *result = NULL; hip_list_t *item = NULL, *tmp = NULL; // HIP_LOCK_HT(&hadb_hit); @@ -1382,7 +1382,7 @@ */ static int hip_hadb_exists_lsi(hip_lsi_t *lsi) { - int res = 0; + int res = 0; hip_lsi_t lsi_aux; memcpy(&lsi_aux, lsi, sizeof(hip_lsi_t)); @@ -1424,8 +1424,8 @@ int hip_generate_peer_lsi(hip_lsi_t *lsi) { struct in_addr lsi_prefix; - uint8_t hostname[HOST_NAME_MAX]; - int idx = 1; + uint8_t hostname[HOST_NAME_MAX]; + int idx = 1; do { lsi_prefix.s_addr = htonl(HIP_LSI_PREFIX | idx++); @@ -1451,8 +1451,8 @@ hip_ha_t *hip_hadb_try_to_find_by_pair_lsi(hip_lsi_t *lsi_src, hip_lsi_t *lsi_dst) { hip_list_t *item, *aux; - hip_ha_t *tmp; - int i; + hip_ha_t *tmp; + int i; list_for_each_safe(item, aux, hadb_hit, i) { @@ -1477,8 +1477,8 @@ hip_ha_t *hip_hadb_try_to_find_by_peer_lsi(const hip_lsi_t *lsi_dst) { hip_list_t *item, *aux; - hip_ha_t *tmp; - int i; + hip_ha_t *tmp; + int i; list_for_each_safe(item, aux, hadb_hit, i) { @@ -1534,7 +1534,7 @@ int hip_recreate_security_associations_and_sp(struct hip_hadb_state *ha, struct in6_addr *src_addr, struct in6_addr *dst_addr) { - int err = 0; + int err = 0; int new_spi_out = ha->spi_outbound_new; int new_spi_in = ha->spi_inbound_current; @@ -1549,7 +1549,7 @@ IPPROTO_ESP, 1, 0), - -1, "Setting up SP pair failed\n"); + -1, "Setting up SP pair failed\n"); // Create a new inbound SA HIP_DEBUG("Creating a new inbound SA, SPI=0x%x\n", new_spi_in); === modified file 'hipd/hadb_legacy.c' --- hipd/hadb_legacy.c 2010-10-15 15:29:14 +0000 +++ hipd/hadb_legacy.c 2011-01-03 16:06:13 +0000 @@ -66,8 +66,8 @@ struct timeval *modified_time) { struct hip_peer_addr_list_item *peer_addr_list_item; - int i = 1, ii; - hip_list_t *item, *tmp; + int i = 1, ii; + hip_list_t *item, *tmp; list_for_each_safe(item, tmp, entry->peer_addresses_old, ii) { @@ -101,8 +101,8 @@ void hip_hadb_delete_peer_addrlist_one_old(hip_ha_t *ha, struct in6_addr *addr) { struct hip_peer_addr_list_item *peer_addr_list_item; - int i; - hip_list_t *item, *tmp; + int i; + hip_list_t *item, *tmp; /* possibly deprecated function .. */ === modified file 'hipd/hidb.c' --- hipd/hidb.c 2010-12-30 15:10:34 +0000 +++ hipd/hidb.c 2011-01-03 16:06:13 +0000 @@ -66,7 +66,7 @@ HIP_HASHTABLE *hip_local_hostid_db = NULL; #define HIP_MAX_HOST_ID_LEN 1600 -static const char *lsi_addresses[] = {"1.0.0.1", "1.0.0.2", "1.0.0.3", "1.0.0.4"}; +static const char *lsi_addresses[] = { "1.0.0.1", "1.0.0.2", "1.0.0.3", "1.0.0.4" }; /** * Strips a public key out of DSA a host id with private key component @@ -79,8 +79,8 @@ int key_len; /* T could easily have been an int, since the compiler will * probably add 3 alignment bytes here anyway. */ - uint8_t T; - uint16_t temp; + uint8_t T; + uint16_t temp; struct hip_host_id *ret; /* check T, Miika won't like this */ @@ -92,17 +92,17 @@ if (T != 8) { HIP_DEBUG("T-value in DSA-key not 8 (0x%x)!\n", T); } - key_len = 64 + (T * 8); + key_len = 64 + (T * 8); - ret = malloc(sizeof(struct hip_host_id)); + ret = malloc(sizeof(struct hip_host_id)); memcpy(ret, hi, sizeof(struct hip_host_id)); /* the secret component of the DSA key is always 20 bytes */ - temp = ntohs(hi->hi_length) - DSA_PRIV; + temp = ntohs(hi->hi_length) - DSA_PRIV; ret->hi_length = htons(temp); memset((char *) (&ret->key) + ntohs(ret->hi_length) - sizeof(hi->rdata), 0, sizeof(ret->key) - ntohs(ret->hi_length)); - ret->length = htons(sizeof(struct hip_host_id)); + ret->length = htons(sizeof(struct hip_host_id)); return ret; } @@ -116,22 +116,22 @@ */ static struct hip_host_id *hip_get_rsa_public_key(const struct hip_host_id_priv *tmp) { - int rsa_pub_len; + int rsa_pub_len; struct hip_rsa_keylen keylen; - struct hip_host_id *ret; + struct hip_host_id *ret; /** @todo check some value in the RSA key? */ hip_get_rsa_keylen(tmp, &keylen, 1); - rsa_pub_len = keylen.e_len + keylen.e + keylen.n; + rsa_pub_len = keylen.e_len + keylen.e + keylen.n; - ret = malloc(sizeof(struct hip_host_id)); + ret = malloc(sizeof(struct hip_host_id)); memcpy(ret, tmp, sizeof(struct hip_host_id) - sizeof(ret->key) - sizeof(ret->hostname)); ret->hi_length = htons(rsa_pub_len + sizeof(struct hip_host_id_key_rdata)); memcpy(ret->key, tmp->key, rsa_pub_len); memcpy(ret->hostname, tmp->hostname, sizeof(ret->hostname)); - ret->length = htons(sizeof(struct hip_host_id)); + ret->length = htons(sizeof(struct hip_host_id)); return ret; } @@ -178,7 +178,7 @@ unsigned long hip_hidb_hash(const void *ptr) { const hip_hit_t *hit = &((const struct hip_host_id_entry *) ptr)->lhi.hit; - uint8_t hash[HIP_AH_SHA_LEN]; + uint8_t hash[HIP_AH_SHA_LEN]; hip_build_digest(HIP_DIGEST_SHA1, hit, sizeof(hip_hit_t), hash); @@ -223,8 +223,8 @@ */ static int hip_del_host_id(HIP_HASHTABLE *db, struct hip_lhi *lhi) { - int err = -ENOENT; - struct hip_host_id_entry *id = NULL; + int err = -ENOENT; + struct hip_host_id_entry *id = NULL; HIP_ASSERT(lhi != NULL); @@ -257,7 +257,7 @@ free(id->host_id); list_del(id, db); free(id); - id = NULL; + id = NULL; err = 0; return err; @@ -272,9 +272,9 @@ */ static void hip_uninit_hostid_db(HIP_HASHTABLE *db) { - hip_list_t *curr, *iter; + hip_list_t *curr, *iter; struct hip_host_id_entry *tmp; - int count, err; + int count, err; HIP_WRITE_LOCK_DB(db); @@ -311,8 +311,8 @@ int anon) { struct hip_host_id_entry *id_entry; - hip_list_t *item; - int c; + hip_list_t *item; + int c; list_for_each(item, db, c) { id_entry = (struct hip_host_id_entry *) list_entry(item); @@ -327,7 +327,6 @@ return NULL; } - /** * test if a given HIT belongs to the local host * @@ -350,8 +349,8 @@ int hip_hidb_get_lsi_by_hit(const hip_hit_t *our, hip_lsi_t *our_lsi) { struct hip_host_id_entry *id_entry; - hip_list_t *item; - int c, err = 1; + hip_list_t *item; + int c, err = 1; list_for_each(item, hip_local_hostid_db, c) { id_entry = (struct hip_host_id_entry *) list_entry(item); @@ -373,10 +372,10 @@ static int hip_hidb_add_lsi(HIP_HASHTABLE *db, struct hip_host_id_entry *id_entry) { struct hip_host_id_entry *id_entry_aux; - hip_list_t *item; - hip_lsi_t lsi_aux; - int err = 0, used_lsi, c, i; - int len = sizeof(lsi_addresses) / sizeof(*lsi_addresses); + hip_list_t *item; + hip_lsi_t lsi_aux; + int err = 0, used_lsi, c, i; + int len = sizeof(lsi_addresses) / sizeof(*lsi_addresses); for (i = 0; i < len; i++) { inet_aton(lsi_addresses[i], &lsi_aux); @@ -444,7 +443,7 @@ int (*del)(struct hip_host_id_entry *, void **arg), void *arg) { - int err = 0; + int err = 0; struct hip_host_id_entry *id_entry = NULL; struct hip_host_id_entry *old_entry; @@ -459,8 +458,8 @@ id_entry->lhi.anonymous = lhi->anonymous; /* check for duplicates */ - old_entry = hip_get_hostid_entry_by_lhi_and_algo(db, &lhi->hit, - HIP_ANY_ALGO, -1); + old_entry = hip_get_hostid_entry_by_lhi_and_algo(db, &lhi->hit, + HIP_ANY_ALGO, -1); if (old_entry != NULL) { HIP_WRITE_UNLOCK_DB(db); HIP_ERROR("Trying to add duplicate lhi\n"); @@ -526,13 +525,13 @@ */ int hip_handle_add_local_hi(const struct hip_common *input) { - int err = 0; + int err = 0; const struct hip_host_id_priv *host_identity = NULL; - struct hip_lhi lhi; - const struct hip_tlv_common *param = NULL; - const struct hip_eid_endpoint *eid_endpoint = NULL; - struct in6_addr in6_lsi; - hip_lsi_t lsi = {0}; + struct hip_lhi lhi; + const struct hip_tlv_common *param = NULL; + const struct hip_eid_endpoint *eid_endpoint = NULL; + struct in6_addr in6_lsi; + hip_lsi_t lsi = { 0 }; HIP_DEBUG("/* --------- */ \n"); HIP_DEBUG_IN6ADDR("input->hits = ", &input->hits); @@ -545,7 +544,7 @@ /* Iterate through all host identities in the input */ while ((param = hip_get_next_param(input, param)) != NULL) { /* NOTE: changed to use hip_eid_endpoint structs instead of - * hip_host_id:s when passing IDs from user space to kernel */ + * hip_host_id:s when passing IDs from user space to kernel */ if (hip_get_param_type(param) != HIP_PARAM_EID_ENDPOINT) { continue; } @@ -608,9 +607,9 @@ int hip_handle_del_local_hi(const struct hip_common *input) { const struct in6_addr *hit; - struct hip_lhi lhi; - char buf[46]; - int err = 0; + struct hip_lhi lhi; + char buf[46]; + int err = 0; hit = hip_get_param_contents(input, HIP_PARAM_HIT); HIP_IFEL(!hit, -ENODATA, "no hit\n"); @@ -643,7 +642,7 @@ int hip_get_any_localhost_hit(struct in6_addr *target, int algo, int anon) { struct hip_host_id_entry *entry; - int err = 0; + int err = 0; HIP_READ_LOCK_DB(hip_local_hostid_db); @@ -671,8 +670,8 @@ int hip_hidb_exists_lsi(hip_lsi_t *lsi) { struct hip_host_id_entry *id_entry; - hip_list_t *item; - int c, res = 0; + hip_list_t *item; + int c, res = 0; list_for_each(item, hip_local_hostid_db, c) { id_entry = (struct hip_host_id_entry *) list_entry(item); @@ -694,9 +693,9 @@ */ int hip_for_each_hi(int (*func)(struct hip_host_id_entry *entry, void *opaq), void *opaque) { - hip_list_t *curr, *iter; + hip_list_t *curr, *iter; struct hip_host_id_entry *tmp; - int err = 0, c; + int err = 0, c; HIP_READ_LOCK_DB(hip_local_hostid_db); @@ -728,8 +727,8 @@ const struct in_addr *lsi) { struct hip_host_id_entry *id_entry; - hip_list_t *item; - int c; + hip_list_t *item; + int c; list_for_each(item, db, c) { id_entry = (struct hip_host_id_entry *) list_entry(item); @@ -749,8 +748,8 @@ */ int hip_hidb_associate_default_hit_lsi(hip_hit_t *default_hit, hip_lsi_t *default_lsi) { - int err = 0; - hip_lsi_t aux_lsi; + int err = 0; + hip_lsi_t aux_lsi; struct hip_host_id_entry *tmp1; struct hip_host_id_entry *tmp2; @@ -789,22 +788,22 @@ int hip_get_host_id_and_priv_key(HIP_HASHTABLE *db, struct in6_addr *hit, int algo, struct hip_host_id **host_id, void **key) { - int err = 0, host_id_len; + int err = 0, host_id_len; struct hip_host_id_entry *entry = NULL; HIP_READ_LOCK_DB(db); - entry = hip_get_hostid_entry_by_lhi_and_algo(db, hit, algo, -1); + entry = hip_get_hostid_entry_by_lhi_and_algo(db, hit, algo, -1); HIP_IFE(!entry, -1); host_id_len = hip_get_param_total_len(entry->host_id); HIP_IFE(host_id_len > HIP_MAX_HOST_ID_LEN, -1); - *host_id = malloc(host_id_len); + *host_id = malloc(host_id_len); HIP_IFE(!*host_id, -ENOMEM); memcpy(*host_id, entry->host_id, host_id_len); - *key = entry->private_key; + *key = entry->private_key; HIP_IFE(!*key, -1); out_err: @@ -822,9 +821,9 @@ int hip_build_host_id_and_signature(struct hip_common *msg, hip_hit_t *hit) { struct hip_host_id *hi_public = NULL; - int err = 0; - int alg = -1; - void *private_key; + int err = 0; + int alg = -1; + void *private_key; HIP_IFEL((hit == NULL), -1, "Null HIT\n"); @@ -839,8 +838,7 @@ hit, HIP_ANY_ALGO, &hi_public, - &private_key))) - { + &private_key))) { HIP_ERROR("Unable to locate HI from HID with HIT as key"); goto out_err; } @@ -885,7 +883,7 @@ */ int hip_get_default_hit_msg(struct hip_common *msg) { - int err = 0; + int err = 0; hip_hit_t hit; hip_lsi_t lsi; @@ -911,11 +909,11 @@ */ int hip_get_default_lsi(struct in_addr *lsi) { - int err = 0, family = AF_INET; - struct idxmap *idxmap[16] = { 0 }; + int err = 0, family = AF_INET; + struct idxmap *idxmap[16] = { 0 }; struct in6_addr lsi_addr; struct in6_addr lsi_aux6; - hip_lsi_t lsi_tmpl; + hip_lsi_t lsi_tmpl; memset(&lsi_tmpl, 0, sizeof(lsi_tmpl)); set_lsi_prefix(&lsi_tmpl); === modified file 'hipd/hip_socket.c' --- hipd/hip_socket.c 2010-12-28 17:18:29 +0000 +++ hipd/hip_socket.c 2011-01-03 16:06:13 +0000 @@ -54,7 +54,7 @@ struct socketfd { uint16_t priority; int fd; - int (*func_ptr)(struct hip_packet_context *ctx); + int (*func_ptr)(struct hip_packet_context *ctx); }; /** @@ -122,8 +122,8 @@ static int hip_handle_user_sock(struct hip_packet_context *ctx) { - int err = 0, send_response = 0, n = 0, len = 0; - uint8_t msg_type = 0; + int err = 0, send_response = 0, n = 0, len = 0; + uint8_t msg_type = 0; struct sockaddr_in6 app_src; HIP_DEBUG("received on: hip_user_sock\n"); @@ -150,7 +150,7 @@ HIP_DEBUG("Sending message (type=%d) response to port %d \n", hip_get_msg_type(ctx->input_msg), ntohs(app_src.sin6_port)); HIP_DEBUG_HIT("To address", &app_src.sin6_addr); - n = hip_sendto_user(ctx->input_msg, (struct sockaddr *) &app_src); + n = hip_sendto_user(ctx->input_msg, (struct sockaddr *) &app_src); if (n != len) { err = -1; } else { @@ -203,7 +203,7 @@ int (*func_ptr)(struct hip_packet_context *ctx), const uint16_t priority) { - int err = 0; + int err = 0; struct socketfd *new_socket = NULL; HIP_IFEL(!(new_socket = malloc(sizeof(struct socketfd))), @@ -228,13 +228,13 @@ int hip_get_highest_descriptor(void) { - int highest_descriptor = 0; - hip_ll_node_t *iter = NULL; + int highest_descriptor = 0; + hip_ll_node_t *iter = NULL; if (hip_sockets) { while ((iter = hip_ll_iterate(hip_sockets, iter))) { - if (((struct socketfd*) iter->ptr)->fd >= highest_descriptor) { - highest_descriptor = ((struct socketfd*) iter->ptr)->fd; + if (((struct socketfd *) iter->ptr)->fd >= highest_descriptor) { + highest_descriptor = ((struct socketfd *) iter->ptr)->fd; } } } else { @@ -252,7 +252,7 @@ if (hip_sockets) { while ((iter = hip_ll_iterate(hip_sockets, iter))) { - FD_SET(((struct socketfd*) iter->ptr)->fd, read_fdset); + FD_SET(((struct socketfd *) iter->ptr)->fd, read_fdset); } } else { HIP_DEBUG("No sockets registered.\n"); @@ -274,14 +274,14 @@ void hip_run_socket_handles(fd_set *read_fdset, struct hip_packet_context *ctx) { hip_ll_node_t *iter = NULL; - int socketfd; + int socketfd; if (hip_sockets) { while ((iter = hip_ll_iterate(hip_sockets, iter))) { - socketfd = ((struct socketfd*) iter->ptr)->fd; + socketfd = ((struct socketfd *) iter->ptr)->fd; if (FD_ISSET(socketfd, read_fdset)) { - ((struct socketfd*) iter->ptr)->func_ptr(ctx); + ((struct socketfd *) iter->ptr)->func_ptr(ctx); HIP_DEBUG("result: %d\n", ctx->error); /* Reset for next iteration. === modified file 'hipd/hipd.c' --- hipd/hipd.c 2010-12-30 18:47:03 +0000 +++ hipd/hipd.c 2011-01-03 16:06:13 +0000 @@ -71,46 +71,46 @@ /* Defined as a global just to allow freeing in exit(). Do not use outside * of this file! */ -struct hip_common *hipd_msg = NULL; -struct hip_common *hipd_msg_v4 = NULL; +struct hip_common *hipd_msg = NULL; +struct hip_common *hipd_msg_v4 = NULL; -int is_active_mhaddr = 1; /**< Which mhaddr to use active or lazy? (default: active) */ -int is_hard_handover = 0; /**< if hard handover is forced to be used (default: no) */ +int is_active_mhaddr = 1; /**< Which mhaddr to use active or lazy? (default: active) */ +int is_hard_handover = 0; /**< if hard handover is forced to be used (default: no) */ /** Suppress advertising of none, AF_INET or AF_INET6 address in UPDATEs. * 0 = none = default, AF_INET, AF_INET6 */ -int suppress_af_family = 0; +int suppress_af_family = 0; /* For sending HIP control messages */ -int hip_raw_sock_output_v6 = 0; -int hip_raw_sock_output_v4 = 0; +int hip_raw_sock_output_v6 = 0; +int hip_raw_sock_output_v4 = 0; /* For receiving HIP control messages */ -int hip_raw_sock_input_v6 = 0; -int hip_raw_sock_input_v4 = 0; +int hip_raw_sock_input_v6 = 0; +int hip_raw_sock_input_v4 = 0; /** File descriptor of the socket used for sending HIP control packet * NAT traversal on UDP/IPv4 */ -int hip_nat_sock_output_udp = 0; +int hip_nat_sock_output_udp = 0; /** File descriptor of the socket used for receiving HIP control packet * NAT traversal on UDP/IPv4 */ -int hip_nat_sock_input_udp = 0; +int hip_nat_sock_input_udp = 0; -int hip_nat_sock_output_udp_v6 = 0; -int hip_nat_sock_input_udp_v6 = 0; +int hip_nat_sock_output_udp_v6 = 0; +int hip_nat_sock_input_udp_v6 = 0; /** Specifies the NAT status of the daemon. This value indicates if the current * machine is behind a NAT. */ hip_transform_suite_t hip_nat_status = 0; /* Encrypt host id in I2 */ -int hip_encrypt_i2_hi = 0; +int hip_encrypt_i2_hi = 0; /* Communication interface to userspace apps (hipconf etc) */ -int hip_user_sock = 0; +int hip_user_sock = 0; struct sockaddr_un hip_user_addr; /** For receiving netlink IPsec events (acquire, expire, etc) */ @@ -121,16 +121,16 @@ struct rtnl_handle hip_nl_route; struct sockaddr_in6 hip_firewall_addr; -int hip_firewall_sock = 0; +int hip_firewall_sock = 0; /* used to change the transform order see hipconf usage to see the usage * This is set to AES, 3DES, NULL by default see hipconf trasform order for * more information. */ -int hip_transform_order = 123; +int hip_transform_order = 123; /* Tells to the daemon should it build LOCATOR parameters to R1 and I2 */ -int hip_locator_status = HIP_MSG_SET_LOCATOR_OFF; +int hip_locator_status = HIP_MSG_SET_LOCATOR_OFF; /* We are caching the IP addresses of the host here. The reason is that during * in hip_handle_acquire it is not possible to call getifaddrs (it creates @@ -140,9 +140,9 @@ * variable and most of the functions referencing them unnecessary -miika */ -int address_count; +int address_count; HIP_HASHTABLE *addresses; -time_t load_time; +time_t load_time; int address_change_time_counter = -1; @@ -150,16 +150,16 @@ * userspace ipsec or not. If it is 1, hip uses the user space ipsec. * It will not use if hip_use_userspace_ipsec = 0. Added By Tao Wan */ -int hip_use_userspace_ipsec = 0; +int hip_use_userspace_ipsec = 0; -int esp_prot_active = 0; -int esp_prot_num_transforms = 0; +int esp_prot_active = 0; +int esp_prot_num_transforms = 0; uint8_t esp_prot_transforms[MAX_NUM_TRANSFORMS]; -long esp_prot_num_parallel_hchains = 0; - -int hip_shotgun_status = HIP_MSG_SHOTGUN_OFF; - -int hip_wait_addr_changes_to_stabilize = 1; +long esp_prot_num_parallel_hchains = 0; + +int hip_shotgun_status = HIP_MSG_SHOTGUN_OFF; + +int hip_wait_addr_changes_to_stabilize = 1; /** * print hipd usage instructions on stderr @@ -170,14 +170,14 @@ fprintf(stderr, " -V print version information and exit\n"); fprintf(stderr, " -b run in background\n"); fprintf(stderr, " -i <device name> add interface to the white list. " \ - "Use additional -i for additional devices.\n"); + "Use additional -i for additional devices.\n"); fprintf(stderr, " -k kill existing hipd\n"); fprintf(stderr, " -N do not flush ipsec rules on exit\n"); fprintf(stderr, " -a fix alignment issues automatically(ARM)\n"); fprintf(stderr, " -f set debug type format to short\n"); fprintf(stderr, " -d set the initial (pre-config) debug level to ALL (default is MEDIUM)\n"); fprintf(stderr, " -D <module name> disable this module. " \ - "Use additional -D for additional modules.\n"); + "Use additional -D for additional modules.\n"); fprintf(stderr, " -p disable privilege separation\n"); fprintf(stderr, " -m disable the loading/unloading of kernel modules\n"); fprintf(stderr, "\n"); @@ -192,7 +192,7 @@ int hip_sendto_firewall(HIPFW const struct hip_common *msg) { #ifdef CONFIG_HIP_FIREWALL - int n = 0; + int n = 0; HIP_DEBUG("CONFIG_HIP_FIREWALL DEFINED AND STATUS IS %d\n", hip_get_firewall_status()); n = sendto(hip_firewall_sock, @@ -254,9 +254,9 @@ break; case 'D': if (!lmod_disable_module(optarg)) { - HIP_DEBUG("Module '%s' disabled.\n", optarg); + HIP_DEBUG("Module '%s' disabled.\n", optarg); } else { - HIP_ERROR("Error while disabling module '%s'.\n", optarg); + HIP_ERROR("Error while disabling module '%s'.\n", optarg); } break; case 'p': @@ -288,9 +288,9 @@ */ static int hipd_main(uint64_t flags) { - int highest_descriptor = 0, err = 0; - struct timeval timeout; - fd_set read_fdset; + int highest_descriptor = 0, err = 0; + struct timeval timeout; + fd_set read_fdset; struct hip_packet_context ctx; #ifdef CONFIG_HIP_PERFORMANCE @@ -374,7 +374,6 @@ hip_perf_write_benchmark(perf_set, PERF_STARTUP); #endif while (hipd_get_state() != HIPD_STATE_CLOSED) { - hip_prepare_fd_set(&read_fdset); hip_firewall_sock = hip_user_sock; @@ -384,7 +383,6 @@ #ifdef CONFIG_HIP_FIREWALL if (hip_firewall_status < 0) { - memset(&hip_firewall_addr, 0, sizeof(hip_firewall_addr)); hip_firewall_addr.sin6_family = AF_INET6; hip_firewall_addr.sin6_port = htons(HIP_FIREWALL_PORT); @@ -452,12 +450,12 @@ * people are doing some very experimental features on some branches * that may crash the daemon and leave the SAs floating around to * disturb further base exchanges. Use -N flag to disable this. */ - sflags |= HIPD_START_FLUSH_IPSEC; + sflags |= HIPD_START_FLUSH_IPSEC; /* The default behaviour is to allow hipd to load the required modules * and unload them when exiting. */ - sflags |= HIPD_START_LOAD_KMOD; + sflags |= HIPD_START_LOAD_KMOD; /* set the initial verbosity level */ hip_set_logdebug(LOGDEBUG_MEDIUM); @@ -481,7 +479,7 @@ if (hipd_get_flag(HIPD_FLAG_RESTART)) { HIP_INFO(" !!!!! HIP DAEMON RESTARTING !!!!! \n"); - hip_handle_exec_app(0, EXEC_LOADLIB_NONE, argc, (const char * const *) argv); + hip_handle_exec_app(0, EXEC_LOADLIB_NONE, argc, (const char *const *) argv); } return EXIT_SUCCESS; === modified file 'hipd/hipd.h' --- hipd/hipd.h 2010-11-19 14:55:20 +0000 +++ hipd/hipd.h 2011-01-03 16:06:13 +0000 @@ -76,7 +76,7 @@ extern struct rtnl_handle hip_nl_route; extern struct rtnl_handle hip_nl_ipsec; extern struct rtnl_handle hip_nl_generic; -extern time_t load_time; +extern time_t load_time; extern int hip_raw_sock_input_v6; extern int hip_raw_sock_input_v4; @@ -95,7 +95,7 @@ extern int hip_user_sock; -extern int hip_firewall_sock, hip_firewall_status; +extern int hip_firewall_sock, hip_firewall_status; extern struct sockaddr_in6 hip_firewall_addr; extern int hit_db_lock; @@ -108,15 +108,15 @@ extern hip_transform_suite_t hip_nat_status; -extern int esp_prot_active; -extern int esp_prot_num_transforms; +extern int esp_prot_active; +extern int esp_prot_num_transforms; extern long esp_prot_num_parallel_hchains; extern int hip_locator_status; extern int hip_transform_order; -extern int suppress_af_family; -extern int address_count; +extern int suppress_af_family; +extern int address_count; extern HIP_HASHTABLE *addresses; extern uint8_t esp_prot_transforms[MAX_NUM_TRANSFORMS]; === modified file 'hipd/hiprelay.c' --- hipd/hiprelay.c 2010-11-30 14:50:30 +0000 +++ hipd/hiprelay.c 2011-01-03 16:06:13 +0000 @@ -188,20 +188,20 @@ #define HIP_RELAY_CONFIG_FILE HIPL_SYSCONFDIR "/relay_config" /** A hashtable for storing the relay records. */ -static HIP_HASHTABLE *hiprelay_ht = NULL; +static HIP_HASHTABLE *hiprelay_ht = NULL; /** A hashtable for storing the the HITs of the clients that are allowed to use * the relay / RVS service. */ -static HIP_HASHTABLE *hiprelay_wl = NULL; +static HIP_HASHTABLE *hiprelay_wl = NULL; /** Minimum relay record life time as a 8-bit integer. */ -uint8_t hiprelay_min_lifetime = HIP_RELREC_MIN_LIFETIME; +uint8_t hiprelay_min_lifetime = HIP_RELREC_MIN_LIFETIME; /** Maximum relay record life time as a 8-bit integer. */ -uint8_t hiprelay_max_lifetime = HIP_RELREC_MAX_LIFETIME; +uint8_t hiprelay_max_lifetime = HIP_RELREC_MAX_LIFETIME; /** * A boolean to indicating if the RVS / relay is enabled. User sets this value * using the hipconf tool. */ -hip_relay_status_t relay_enabled = HIP_RELAY_OFF; +hip_relay_status_t relay_enabled = HIP_RELAY_OFF; /** * A boolean to indicating if the RVS / relay whitelist is enabled. User sets * this value from the relay configuration file. @@ -216,8 +216,8 @@ */ static inline unsigned long hip_hash_func(const hip_hit_t *hit) { - uint32_t bits_1st = 0; - unsigned long hash = 0; + uint32_t bits_1st = 0; + unsigned long hash = 0; /* HITs are of the form: 2001:001x:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx * We have four groups of 32 bit sequences here, but the first 28 bits @@ -233,14 +233,14 @@ /* We calculate the hash by avalanching the bits. The avalanching * ensures that we make use of all bits when dealing with 64 bits * architectures. */ - hash = (bits_1st ^ hit->s6_addr32[1]); - hash ^= hash << 3; - hash ^= (hit->s6_addr32[2] ^ hit->s6_addr32[3]); - hash += hash >> 5; - hash ^= hash << 4; - hash += hash >> 17; - hash ^= hash << 25; - hash += hash >> 6; + hash = (bits_1st ^ hit->s6_addr32[1]); + hash ^= hash << 3; + hash ^= (hit->s6_addr32[2] ^ hit->s6_addr32[3]); + hash += hash >> 5; + hash ^= hash << 4; + hash += hash >> 17; + hash ^= hash << 25; + hash += hash >> 6; return hash; } @@ -561,13 +561,13 @@ HIP_ERROR("Error allocating memory for HIP relay record.\n"); return NULL; } - rec->type = type; + rec->type = type; memcpy(&(rec->hit_r), hit_r, sizeof(*hit_r)); memcpy(&(rec->ip_r), ip_r, sizeof(*ip_r)); rec->udp_port_r = port; memcpy(&(rec->hmac_relay), hmac, sizeof(*hmac)); hip_relrec_set_lifetime(rec, lifetime); - rec->created = time(NULL); + rec->created = time(NULL); return rec; } @@ -747,7 +747,7 @@ if (requested_lifetime < hiprelay_min_lifetime) { *granted_lifetime = hiprelay_min_lifetime; return -1; - } else if (requested_lifetime > hiprelay_max_lifetime) { + } else if (requested_lifetime > hiprelay_max_lifetime) { *granted_lifetime = hiprelay_max_lifetime; return -1; } else { @@ -766,12 +766,12 @@ */ static int hip_relay_read_config(void) { - FILE *fp = NULL; - int lineerr = 0, parseerr = 0, err = 0; - char parameter[HIP_RELAY_MAX_PAR_LEN + 1]; + FILE *fp = NULL; + int lineerr = 0, parseerr = 0, err = 0; + char parameter[HIP_RELAY_MAX_PAR_LEN + 1]; hip_configvaluelist_t values; - hip_hit_t hit, *wl_hit = NULL; - uint8_t max = 255; /* Theoretical maximum lifetime value. */ + hip_hit_t hit, *wl_hit = NULL; + uint8_t max = 255; /* Theoretical maximum lifetime value. */ HIP_IFEL(((fp = fopen(HIP_RELAY_CONFIG_FILE, "r")) == NULL), -ENOENT, "Cannot open file %s for reading.\n", HIP_RELAY_CONFIG_FILE); @@ -780,7 +780,7 @@ parseerr = 0; memset(parameter, '\0', sizeof(parameter)); hip_cvl_init(&values); - lineerr = hip_cf_get_line_data(fp, parameter, &values, &parseerr); + lineerr = hip_cf_get_line_data(fp, parameter, &values, &parseerr); if (parseerr == 0) { hip_configfilevalue_t *current = NULL; @@ -813,7 +813,7 @@ } } } else if (strcmp(parameter, "minimum_lifetime") == 0) { - time_t tmp = 0; + time_t tmp = 0; uint8_t val = 0; current = hip_cvl_get_next(&values, current); tmp = atol(current->data); @@ -828,7 +828,7 @@ hiprelay_min_lifetime = val; } } else if (strcmp(parameter, "maximum_lifetime") == 0) { - time_t tmp = 0; + time_t tmp = 0; uint8_t val = 0; current = hip_cvl_get_next(&values, current); tmp = atol(current->data); @@ -874,8 +874,8 @@ */ static int hip_relay_write_config(void) { - int err = 0; - FILE *fp = NULL; + int err = 0; + FILE *fp = NULL; HIP_IFEL(((fp = fopen(HIP_RELAY_CONFIG_FILE, "w")) == NULL), -ENOENT, "Cannot open file %s for writing.\n", HIP_RELAY_CONFIG_FILE); @@ -903,10 +903,10 @@ hip_relrec_t *rec, const uint8_t type_hdr) { - hip_common_t *msg_to_be_relayed = NULL; - const struct hip_tlv_common *current_param = NULL; - int err = 0, from_added = 0; - hip_tlv_type_t param_type = 0; + hip_common_t *msg_to_be_relayed = NULL; + const struct hip_tlv_common *current_param = NULL; + int err = 0, from_added = 0; + hip_tlv_type_t param_type = 0; HIP_DEBUG("Msg type : %s (%d)\n", hip_message_type_name(hip_get_msg_type(ctx->input_msg)), @@ -945,9 +945,9 @@ "to be relayed.\n"); hip_build_param(msg_to_be_relayed, current_param); } else { - /* Parameter under inspection has greater type than FROM - * (RELAY_FROM) parameter: insert a new FROM (RELAY_FROM) parameter - * between the previous parameter and "current_param". */ + /* Parameter under inspection has greater type than FROM + * (RELAY_FROM) parameter: insert a new FROM (RELAY_FROM) parameter + * between the previous parameter and "current_param". */ HIP_DEBUG("Created new param %d and copied " \ "current parameter to relayed packet.\n", param_type); @@ -1028,9 +1028,9 @@ const struct in6_addr *relay_to_addr, const in_port_t relay_to_port) { - struct hip_common *r_to_be_relayed = NULL; - const struct hip_tlv_common *current_param = NULL; - int err = 0; + struct hip_common *r_to_be_relayed = NULL; + const struct hip_tlv_common *current_param = NULL; + int err = 0; HIP_DEBUG_IN6ADDR("hip_relay_forward_response: source address", r_saddr); HIP_DEBUG_IN6ADDR("hip_relay_forward_response: destination address", r_daddr); @@ -1078,8 +1078,8 @@ UNUSED const uint32_t ha_state, struct hip_packet_context *ctx) { - int err = 0; - hip_relrec_t *rec = NULL, dummy; + int err = 0; + hip_relrec_t *rec = NULL, dummy; const struct hip_relay_to *relay_to; //check if full relay service is active @@ -1149,7 +1149,7 @@ int hip_relay_add_rvs_to_ha(const hip_common_t *source_msg, hip_ha_t *entry) { const struct hip_via_rvs *via_rvs = NULL; - int err = 0; + int err = 0; // Get rendezvous server's IP addresses via_rvs = hip_get_param(source_msg, HIP_PARAM_VIA_RVS); @@ -1189,11 +1189,11 @@ RVS struct in6_addr *relay_ip, struct in6_addr *dest_ip, in_port_t *dest_port) { - int param_type; + int param_type; const struct hip_relay_from *relay_from = NULL; - const struct hip_from *from = NULL; + const struct hip_from *from = NULL; #ifdef CONFIG_HIP_RVS - hip_ha_t *relay_ha_entry = NULL; + hip_ha_t *relay_ha_entry = NULL; #endif /* Check if the incoming I1 packet has RELAY_FROM parameters. */ @@ -1255,7 +1255,7 @@ if (relay_from != NULL && hip_verify_packet_hmac_general(source_msg, &relay_ha_entry->hip_hmac_out, - HIP_PARAM_RELAY_HMAC ) != 0) { + HIP_PARAM_RELAY_HMAC) != 0) { /* Notice that the HMAC is currently ignored to allow rvs/relay e.g. * in the following use case: I <----IPv4 ----> RVS <----IPv6---> R * Otherwise we have to loop through all host associations and try @@ -1265,13 +1265,13 @@ } else if (from != NULL && hip_verify_packet_hmac_general(source_msg, &relay_ha_entry->hip_hmac_out, - HIP_PARAM_RVS_HMAC ) != 0) { + HIP_PARAM_RVS_HMAC) != 0) { HIP_DEBUG("RVS_HMAC verification failed.\n"); HIP_DEBUG("Ignoring HMAC verification\n"); } HIP_DEBUG("RVS_HMAC or Full_Relay verified.\n"); -#endif /* CONFIG_HIP_RVS */ +#endif /* CONFIG_HIP_RVS */ return param_type; } @@ -1285,7 +1285,7 @@ UNUSED const uint32_t ha_state, struct hip_packet_context *ctx) { - int err = 0; + int err = 0; const struct hip_relay_to *relay_to; //check if full relay service is active @@ -1366,6 +1366,7 @@ hip_ht_uninit(hiprelay_ht); hiprelay_ht = NULL; } + /** * Initializes the global HIP relay whitelist. Allocates memory for * @c hiprelay_wl. === modified file 'hipd/hiprelay.h' --- hipd/hiprelay.h 2010-10-15 15:29:14 +0000 +++ hipd/hiprelay.h 2011-01-03 16:06:13 +0000 @@ -62,19 +62,19 @@ /** HIP Relay record. These records are stored in the HIP Relay hashtable. */ typedef struct { /** The type of this relay record (full relay or rvs) */ - uint8_t type; + uint8_t type; /** The lifetime of this record, seconds. */ - time_t lifetime; + time_t lifetime; /** Time when this record was created, seconds since epoch. */ - time_t created; + time_t created; /** Time when this record was last used, seconds since epoch. */ - time_t last_contact; + time_t last_contact; /** HIT of Responder (Relay Client) */ - hip_hit_t hit_r; + hip_hit_t hit_r; /** IP address of Responder (Relay Client) */ - struct in6_addr ip_r; + struct in6_addr ip_r; /** Client UDP port received in I2 packet of registration. */ - in_port_t udp_port_r; + in_port_t udp_port_r; /** Integrity key established while registration occurred. */ hip_crypto_key_t hmac_relay; } hip_relrec_t; === modified file 'hipd/hit_to_ip.c' --- hipd/hit_to_ip.c 2010-11-30 14:50:30 +0000 +++ hipd/hit_to_ip.c 2011-01-03 16:06:13 +0000 @@ -110,8 +110,8 @@ } const uint8_t *bytes = (const uint8_t *) hit->s6_addr; - char *cp = hostname; - int i; // no C99 :( + char *cp = hostname; + int i; // no C99 :( for (i = 15; i >= 0; i--) { *cp++ = hex_digits[bytes[i] & 0x0f]; *cp++ = '.'; @@ -138,12 +138,12 @@ int hip_hit_to_ip(const hip_hit_t *hit, struct in6_addr *retval) { - struct addrinfo *rp = NULL; // no C99 :( - char hit_to_ip_hostname[64 + HIT_TO_IP_ZONE_MAX_LEN + 1]; - int found_addr = 0; - struct addrinfo hints; + struct addrinfo *rp = NULL; // no C99 :( + char hit_to_ip_hostname[64 + HIT_TO_IP_ZONE_MAX_LEN + 1]; + int found_addr = 0; + struct addrinfo hints; struct addrinfo *result = NULL; - int res; + int res; if ((hit == NULL) || (retval == NULL)) { return -1; @@ -163,7 +163,7 @@ hints.ai_next = NULL; /* getaddrinfo is too complex for DNS lookup, but let us use it now */ - res = getaddrinfo( hit_to_ip_hostname, NULL, &hints, &result ); + res = getaddrinfo(hit_to_ip_hostname, NULL, &hints, &result); HIP_DEBUG("getaddrinfo(%s) returned %d\n", hit_to_ip_hostname, res); if (res != 0) { === modified file 'hipd/init.c' --- hipd/init.c 2010-12-13 18:21:47 +0000 +++ hipd/init.c 2011-01-03 16:06:13 +0000 @@ -128,7 +128,7 @@ static void hip_sig_chld(int signum) { union wait status; - int pid; + int pid; signal(signum, hip_sig_chld); @@ -151,7 +151,7 @@ return; } - FILE *fp = fopen(path, "w"); + FILE *fp = fopen(path, "w"); HIP_ASSERT(fp); size_t items = fwrite(contents, strlen(contents), 1, fp); HIP_ASSERT(items > 0); @@ -251,7 +251,7 @@ static void hip_set_os_dep_variables(void) { struct utsname un; - int rel[4] = {0}; + int rel[4] = { 0 }; uname(&un); @@ -283,7 +283,7 @@ */ static int hip_init_raw_sock_v4(int proto) { - int on = 1, off = 0, err = 0; + int on = 1, off = 0, err = 0; int sock; sock = socket(AF_INET, SOCK_RAW, proto); @@ -331,8 +331,8 @@ */ static int hip_check_kernel_modules(void) { - int net_total, crypto_total, count; - char str[MODPROBE_MAX_LINE]; + int net_total, crypto_total, count; + char str[MODPROBE_MAX_LINE]; struct stat sbuf; net_total = sizeof(kernel_net_mod) / sizeof(kernel_net_mod[0]); @@ -352,7 +352,7 @@ snprintf(str, sizeof(str), "/sys/module/%s", kernel_net_mod[count]); if (stat(str, &sbuf)) { HIP_INFO("The %s kernel module is not loaded\n", - kernel_net_mod[count]); + kernel_net_mod[count]); } } @@ -365,9 +365,9 @@ */ static int hip_probe_kernel_modules(void) { - int count; - char cmd[MODPROBE_MAX_LINE]; - int net_total, crypto_total; + int count; + char cmd[MODPROBE_MAX_LINE]; + int net_total, crypto_total; struct stat sbuf; net_total = sizeof(kernel_net_mod) / sizeof(kernel_net_mod[0]); @@ -432,9 +432,9 @@ static void hip_remove_kernel_modules(void) { /* some net modules depend on crypto, so keep net modules first */ - const char **mods[] = {kernel_net_mod, kernel_crypto_mod}; - int count[2], type, i, ret; - char cmd[MODPROBE_MAX_LINE]; + const char **mods[] = { kernel_net_mod, kernel_crypto_mod }; + int count[2], type, i, ret; + char cmd[MODPROBE_MAX_LINE]; count[0] = sizeof(kernel_net_mod) / sizeof(kernel_net_mod[0]); count[1] = sizeof(kernel_crypto_mod) / sizeof(kernel_crypto_mod[0]); @@ -473,7 +473,7 @@ */ static int init_random_seed(void) { - struct timeval tv; + struct timeval tv; struct timezone tz; struct { struct timeval tv; @@ -482,7 +482,7 @@ } rand_data; int err = 0; - err = gettimeofday(&tv, &tz); + err = gettimeofday(&tv, &tz); srandom(tv.tv_usec); memcpy(&rand_data.tv, &tv, sizeof(tv)); @@ -530,15 +530,15 @@ */ static struct hip_host_id_entry *hip_return_first_rsa(void) { - hip_list_t *curr, *iter; + hip_list_t *curr, *iter; struct hip_host_id_entry *tmp = NULL; - int c; - uint16_t algo = 0; + int c; + uint16_t algo = 0; HIP_READ_LOCK_DB(hip_local_hostid_db); list_for_each_safe(curr, iter, hip_local_hostid_db, c) { - tmp = (struct hip_host_id_entry *) list_entry(curr); + tmp = (struct hip_host_id_entry *) list_entry(curr); HIP_DEBUG_HIT("Found HIT", &tmp->lhi.hit); algo = hip_get_host_id_algo(tmp->host_id); HIP_DEBUG("hits algo %d HIP_HI_RSA = %d\n", @@ -563,11 +563,11 @@ */ static int hip_init_host_ids(void) { - int err = 0; - struct stat status; + int err = 0; + struct stat status; struct hip_common *user_msg = NULL; - hip_hit_t default_hit; - hip_lsi_t default_lsi; + hip_hit_t default_hit; + hip_lsi_t default_lsi; /* We are first serializing a message with HIs and then * deserializing it. This building and parsing causes @@ -626,11 +626,11 @@ */ static int hip_init_certs(void) { - int err = 0; - char hit[41]; - FILE *conf_file; + int err = 0; + char hit[41]; + FILE *conf_file; struct hip_host_id_entry *entry; - char hostname[HIP_HOST_ID_HOSTNAME_LEN_MAX]; + char hostname[HIP_HOST_ID_HOSTNAME_LEN_MAX]; memset(hostname, 0, HIP_HOST_ID_HOSTNAME_LEN_MAX); HIP_IFEL(gethostname(hostname, HIP_HOST_ID_HOSTNAME_LEN_MAX - 1), -1, @@ -816,7 +816,7 @@ hip_register_handle_function(HIP_NOTIFY, HIP_STATE_R2_SENT, &hip_check_notify, 20000); hip_register_handle_function(HIP_NOTIFY, HIP_STATE_R2_SENT, &hip_handle_notify, 30000); hip_register_handle_function(HIP_NOTIFY, HIP_STATE_ESTABLISHED, &hip_check_notify, 20000); - hip_register_handle_function(HIP_NOTIFY, HIP_STATE_ESTABLISHED, &hip_handle_notify,30000); + hip_register_handle_function(HIP_NOTIFY, HIP_STATE_ESTABLISHED, &hip_handle_notify, 30000); hip_register_handle_function(HIP_NOTIFY, HIP_STATE_CLOSING, &hip_check_notify, 20000); hip_register_handle_function(HIP_NOTIFY, HIP_STATE_CLOSING, &hip_handle_notify, 30000); hip_register_handle_function(HIP_NOTIFY, HIP_STATE_CLOSED, &hip_check_notify, 20000); @@ -1008,11 +1008,11 @@ */ int hipd_init(const uint64_t flags) { - int err = 0, certerr = 0, hitdberr = 0, i, j; - int killold = ((flags & HIPD_START_KILL_OLD) > 0); - unsigned int mtu_val = HIP_HIT_DEV_MTU; - char str[64]; - char mtu[16]; + int err = 0, certerr = 0, hitdberr = 0, i, j; + int killold = ((flags & HIPD_START_KILL_OLD) > 0); + unsigned int mtu_val = HIP_HIT_DEV_MTU; + char str[64]; + char mtu[16]; struct sockaddr_in6 daemon_addr; /* Keep the flags around: they will be used at kernel module removal */ @@ -1097,25 +1097,25 @@ hip_xfrm_set_nl_ipsec(&hip_nl_ipsec); - hip_raw_sock_output_v6 = hip_init_raw_sock_v6(IPPROTO_HIP); + hip_raw_sock_output_v6 = hip_init_raw_sock_v6(IPPROTO_HIP); HIP_IFEL(hip_raw_sock_output_v6 < 0, -1, "raw sock output v6\n"); - hip_raw_sock_output_v4 = hip_init_raw_sock_v4(IPPROTO_HIP); + hip_raw_sock_output_v4 = hip_init_raw_sock_v4(IPPROTO_HIP); HIP_IFEL(hip_raw_sock_output_v4 < 0, -1, "raw sock output v4\n"); /* hip_nat_sock_input should be initialized after hip_nat_sock_output - because for the sockets bound to the same address/port, only the last socket seems - to receive the packets. NAT input socket is a normal UDP socket where as - NAT output socket is a raw socket. A raw output socket support better the "shotgun" - extension (sending packets from multiple source addresses). */ + * because for the sockets bound to the same address/port, only the last socket seems + * to receive the packets. NAT input socket is a normal UDP socket where as + * NAT output socket is a raw socket. A raw output socket support better the "shotgun" + * extension (sending packets from multiple source addresses). */ hip_nat_sock_output_udp = hip_init_raw_sock_v4(IPPROTO_UDP); HIP_IFEL(hip_nat_sock_output_udp < 0, -1, "raw sock output udp\n"); - hip_raw_sock_input_v6 = hip_init_raw_sock_v6(IPPROTO_HIP); + hip_raw_sock_input_v6 = hip_init_raw_sock_v6(IPPROTO_HIP); HIP_IFEL(hip_raw_sock_input_v6 < 0, -1, "raw sock input v6\n"); - hip_raw_sock_input_v4 = hip_init_raw_sock_v4(IPPROTO_HIP); + hip_raw_sock_input_v4 = hip_init_raw_sock_v4(IPPROTO_HIP); HIP_IFEL(hip_raw_sock_input_v4 < 0, -1, "raw sock input v4\n"); HIP_IFEL(hip_create_nat_sock_udp(&hip_nat_sock_input_udp, 0, 0), -1, "raw sock input udp\n"); @@ -1152,7 +1152,7 @@ HIP_IFE(hip_init_host_ids(), 1); - hip_user_sock = socket(AF_INET6, SOCK_DGRAM, 0); + hip_user_sock = socket(AF_INET6, SOCK_DGRAM, 0); HIP_IFEL((hip_user_sock < 0), 1, "Could not create socket for user communication.\n"); bzero(&daemon_addr, sizeof(daemon_addr)); @@ -1222,7 +1222,6 @@ return err; } - /** * create a socket to handle UDP encapsulation of HIP control * packets @@ -1237,9 +1236,9 @@ struct sockaddr_in *addr, int is_output) { - int on = 1, off = 0, err = 0; + int on = 1, off = 0, err = 0; struct sockaddr_in myaddr; - int type, protocol; + int type, protocol; if (is_output) { type = SOCK_RAW; @@ -1280,7 +1279,7 @@ if (addr) { memcpy(&myaddr, addr, sizeof(struct sockaddr_in)); } else { - myaddr.sin_family = AF_INET; + myaddr.sin_family = AF_INET; /** @todo Change this inaddr_any -- Abi */ myaddr.sin_addr.s_addr = INADDR_ANY; myaddr.sin_port = htons(hip_get_local_nat_udp_port()); @@ -1298,5 +1297,3 @@ out_err: return err; } - - === modified file 'hipd/input.c' --- hipd/input.c 2010-12-08 18:40:04 +0000 +++ hipd/input.c 2011-01-03 16:06:13 +0000 @@ -106,7 +106,7 @@ static int hip_verify_hmac(struct hip_common *buffer, uint16_t buf_len, const uint8_t *hmac, void *hmac_key, int hmac_type) { - int err = 0; + int err = 0; uint8_t hmac_res[HIP_AH_SHA_LEN]; HIP_HEXDUMP("HMAC data", buffer, buf_len); @@ -137,10 +137,10 @@ const struct hip_crypto_key *crypto_key, const hip_tlv_type_t parameter_type) { - int err = 0, len = 0, orig_len = 0; - struct hip_crypto_key tmpkey; - const struct hip_hmac *hmac = NULL; - uint8_t orig_checksum = 0; + int err = 0, len = 0, orig_len = 0; + struct hip_crypto_key tmpkey; + const struct hip_hmac *hmac = NULL; + uint8_t orig_checksum = 0; HIP_DEBUG("hip_verify_packet_hmac() invoked.\n"); @@ -149,7 +149,7 @@ /* hmac verification modifies the msg length temporarily, so we have * to restore the length */ - orig_len = hip_get_msg_total_len(msg); + orig_len = hip_get_msg_total_len(msg); /* hmac verification assumes that checksum is zero */ orig_checksum = hip_get_msg_checksum(msg); @@ -200,10 +200,10 @@ struct hip_crypto_key *key, struct hip_host_id *host_id) { - struct hip_crypto_key tmpkey; + struct hip_crypto_key tmpkey; const struct hip_hmac *hmac; - struct hip_common *msg_copy = NULL; - int err = 0; + struct hip_common *msg_copy = NULL; + int err = 0; HIP_IFE(!(msg_copy = hip_msg_alloc()), -ENOMEM); @@ -214,7 +214,7 @@ "Packet contained no HMAC parameter\n"); HIP_HEXDUMP("HMAC data", msg_copy, hip_get_msg_total_len(msg_copy)); - memcpy( &tmpkey, key, sizeof(tmpkey)); + memcpy(&tmpkey, key, sizeof(tmpkey)); HIP_IFEL(hip_verify_hmac(msg_copy, hip_get_msg_total_len(msg_copy), hmac->hmac_data, tmpkey.key, @@ -241,19 +241,19 @@ uint64_t J, struct hip_dh_public_value **dhpv) { - char *dh_shared_key = NULL; - int hip_transf_length, hmac_transf_length; - int auth_transf_length, esp_transf_length, we_are_HITg = 0; - int hip_tfm, esp_tfm, err = 0, dh_shared_len = 1024; - struct hip_keymat_keymat km; - const struct hip_esp_info *esp_info; - char *keymat = NULL; - size_t keymat_len_min; /* how many bytes we need at least for the KEYMAT */ - size_t keymat_len; /* note SHA boundary */ + char *dh_shared_key = NULL; + int hip_transf_length, hmac_transf_length; + int auth_transf_length, esp_transf_length, we_are_HITg = 0; + int hip_tfm, esp_tfm, err = 0, dh_shared_len = 1024; + struct hip_keymat_keymat km; + const struct hip_esp_info *esp_info; + char *keymat = NULL; + size_t keymat_len_min; /* how many bytes we need at least for the KEYMAT */ + size_t keymat_len; /* note SHA boundary */ const struct hip_tlv_common *param = NULL; - uint16_t esp_keymat_index, esp_default_keymat_index; - struct hip_diffie_hellman *dhf; - struct in6_addr *plain_local_hit = NULL; + uint16_t esp_keymat_index, esp_default_keymat_index; + struct hip_diffie_hellman *dhf; + struct in6_addr *plain_local_hit = NULL; /* Perform light operations first before allocating memory or * using lots of CPU time */ @@ -261,13 +261,13 @@ -EINVAL, "Could not find HIP transform\n"); HIP_IFEL((hip_tfm = hip_select_hip_transform( - (const struct hip_hip_transform *) param)) == 0, + (const struct hip_hip_transform *) param)) == 0, -EINVAL, "Could not select HIP transform\n"); HIP_IFEL(!(param = hip_get_param(ctx->input_msg, HIP_PARAM_ESP_TRANSFORM)), -EINVAL, "Could not find ESP transform\n"); HIP_IFEL((esp_tfm = hip_select_esp_transform( - (const struct hip_esp_transform *) param)) == 0, + (const struct hip_esp_transform *) param)) == 0, -EINVAL, "Could not select proper ESP transform\n"); hip_transf_length = hip_transform_key_length(hip_tfm); @@ -508,9 +508,9 @@ */ int hip_receive_control_packet(struct hip_packet_context *ctx) { - int err = 0; + int err = 0; struct in6_addr ipv6_any_addr = IN6ADDR_ANY_INIT; - uint32_t type, state; + uint32_t type, state; /* Debug printing of received packet information. All received HIP * control packets are first passed to this function. Therefore @@ -541,12 +541,12 @@ -1, "Checking control message failed.\n"); - type = hip_get_msg_type(ctx->input_msg); + type = hip_get_msg_type(ctx->input_msg); /** @todo Check packet csum.*/ ctx->hadb_entry = hip_hadb_find_byhits(&ctx->input_msg->hits, - &ctx->input_msg->hitr); + &ctx->input_msg->hitr); // Check if we need to drop the packet if (ctx->hadb_entry && @@ -562,8 +562,8 @@ if (!ctx->hadb_entry && (type == HIP_I1 || type == HIP_R1)) { ctx->hadb_entry = - hip_oppdb_get_hadb_entry_i1_r1(ctx->input_msg, - &ctx->src_addr); + hip_oppdb_get_hadb_entry_i1_r1(ctx->input_msg, + &ctx->src_addr); } #endif @@ -629,7 +629,7 @@ */ int hip_receive_udp_control_packet(struct hip_packet_context *ctx) { - int err = 0, type; + int err = 0, type; hip_ha_t *entry = NULL; type = hip_get_msg_type(ctx->input_msg); @@ -685,7 +685,7 @@ * @param *ctx Pointer to the packet context, containing all information for * the packet handling (received message, source and destination * address, the ports and the corresponding entry from the host - association database). + * association database). * * @return zero on success, or negative error value on error. */ @@ -693,11 +693,11 @@ RVS const uint32_t ha_state, struct hip_packet_context *ctx) { - int err = 0, mask = HIP_PACKET_CTRL_ANON, len; - struct in6_addr daddr; - struct hip_host_id peer_host_id; - const struct hip_tlv_common *param = NULL; - const char *str = NULL; + int err = 0, mask = HIP_PACKET_CTRL_ANON, len; + struct in6_addr daddr; + struct hip_host_id peer_host_id; + const struct hip_tlv_common *param = NULL; + const char *str = NULL; #ifdef CONFIG_HIP_PERFORMANCE HIP_DEBUG("Start PERF_R1\n"); @@ -786,8 +786,8 @@ #endif HIP_IFEL(ctx->hadb_entry->verify(ctx->hadb_entry->peer_pub_key, ctx->input_msg), - -EINVAL, - "Verification of R1 signature failed\n"); + -EINVAL, + "Verification of R1 signature failed\n"); #ifdef CONFIG_HIP_PERFORMANCE HIP_DEBUG("Stop PERF_VERIFY\n"); hip_perf_stop_benchmark(perf_set, PERF_VERIFY); @@ -810,7 +810,7 @@ * @param *ctx Pointer to the packet context, containing all information for * the packet handling (received message, source and destination * address, the ports and the corresponding entry from the host - association database). + * association database). * * @return zero on success, or negative error value on error. * @@ -826,14 +826,14 @@ const uint32_t ha_state, struct hip_packet_context *ctx) { - int err = 0, retransmission = 0, written = 0; - uint64_t solved_puzzle = 0, I = 0; - const struct hip_puzzle *pz = NULL; - const struct hip_diffie_hellman *dh_req = NULL; - const struct hip_r1_counter *r1cntr = NULL; - struct hip_dh_public_value *dhpv = NULL; - const struct hip_locator *locator = NULL; - uint16_t i2_mask = 0; + int err = 0, retransmission = 0, written = 0; + uint64_t solved_puzzle = 0, I = 0; + const struct hip_puzzle *pz = NULL; + const struct hip_diffie_hellman *dh_req = NULL; + const struct hip_r1_counter *r1cntr = NULL; + struct hip_dh_public_value *dhpv = NULL; + const struct hip_locator *locator = NULL; + uint16_t i2_mask = 0; if (ha_state == HIP_STATE_I2_SENT) { HIP_DEBUG("Retransmission\n"); @@ -889,8 +889,8 @@ HIP_IFEL((solved_puzzle = hip_solve_puzzle(pz2, ctx->input_msg, HIP_SOLVE_PUZZLE)) == 0, - -EINVAL, "Solving of puzzle failed\n"); - I = pz2->I; + -EINVAL, "Solving of puzzle failed\n"); + I = pz2->I; ctx->hadb_entry->puzzle_solution = solved_puzzle; ctx->hadb_entry->puzzle_i = pz2->I; } else { @@ -943,8 +943,8 @@ HIP_IFEL((written = hip_insert_dh(dhpv->public_value, ntohs(dhpv->pub_len), dhpv->group_id)) < 0, - -1, - "Could not extract the DH public key\n"); + -1, + "Could not extract the DH public key\n"); HIP_IFEL(hip_build_param_diffie_hellman_contents(ctx->output_msg, dhpv->group_id, @@ -967,6 +967,7 @@ free(ctx->hadb_entry->dh_shared_key); return err; } + /** * Checks wether the received I2 packet in state I2-SENT should be droppped, or * not. If the packet should be dropped, the error flag is set to 1. @@ -1011,7 +1012,7 @@ DBG const uint32_t ha_state, struct hip_packet_context *ctx) { - int err = 0; + int err = 0; uint16_t mask = 0; #ifdef CONFIG_HIP_PERFORMANCE HIP_DEBUG("Start PERF_R2\n"); @@ -1052,7 +1053,7 @@ hip_perf_start_benchmark(perf_set, PERF_VERIFY); #endif HIP_IFEL(ctx->hadb_entry->verify(ctx->hadb_entry->peer_pub_key, - ctx->input_msg), + ctx->input_msg), -EINVAL, "R2 signature verification failed.\n"); #ifdef CONFIG_HIP_PERFORMANCE @@ -1083,11 +1084,11 @@ const uint32_t ha_state, struct hip_packet_context *ctx) { - int err = 0, tfm = 0, retransmission = 0, idx = 0; - uint32_t spi_recvd = 0, spi_in = 0; - const struct hip_esp_info *esp_info = NULL; - const struct hip_locator *locator = NULL; - struct hip_spi_out_item spi_out_data; + int err = 0, tfm = 0, retransmission = 0, idx = 0; + uint32_t spi_recvd = 0, spi_in = 0; + const struct hip_esp_info *esp_info = NULL; + const struct hip_locator *locator = NULL; + struct hip_spi_out_item spi_out_data; if (ha_state == HIP_STATE_ESTABLISHED) { retransmission = 1; @@ -1122,7 +1123,7 @@ spi_in = ctx->hadb_entry->spi_inbound_current; HIP_DEBUG("spi_in: 0x%x\n", spi_in); - tfm = ctx->hadb_entry->esp_transform; + tfm = ctx->hadb_entry->esp_transform; HIP_DEBUG("esp_transform: %i\n", tfm); HIP_DEBUG("R2 packet source port: %d, destination port %d.\n", @@ -1153,8 +1154,8 @@ HIP_SPI_DIRECTION_IN, 0, ctx->hadb_entry), - -1, - "Failed to setup IPsec SPD/SA entries, peer:src\n"); + -1, + "Failed to setup IPsec SPD/SA entries, peer:src\n"); HIP_IFEL(hip_add_sa(&ctx->dst_addr, &ctx->src_addr, @@ -1185,7 +1186,7 @@ } #ifdef CONFIG_HIP_RVS - hip_relay_handle_relay_to_in_client(packet_type, ha_state, ctx); + hip_relay_handle_relay_to_in_client(packet_type, ha_state, ctx); #endif /* CONFIG_HIP_RVS */ /* Copying address list from temp location in entry @@ -1249,7 +1250,7 @@ * @param *ctx Pointer to the packet context, containing all information for * the packet handling (received message, source and destination * address, the ports and the corresponding entry from the host - association database). + * association database). * * @return zero on success, or negative error value on error. */ @@ -1395,7 +1396,7 @@ * @param *ctx Pointer to the packet context, containing all information for * the packet handling (received message, source and destination * address, the ports and the corresponding entry from the host - association database). + * association database). * * @return zero on success, or negative error value on error. */ @@ -1403,17 +1404,17 @@ DBG const uint32_t ha_state, struct hip_packet_context *ctx) { - int err = 0, is_loopback = 0; - uint16_t mask = HIP_PACKET_CTRL_ANON, crypto_len = 0; - char *tmp_enc = NULL; - const char *enc = NULL; - unsigned char *iv = NULL; - const struct hip_solution *solution = NULL; - struct hip_dh_public_value *dhpv = NULL; - const struct hip_r1_counter *r1cntr = NULL; - const struct hip_hip_transform *hip_transform = NULL; - struct hip_host_id *host_id_in_enc = NULL; - struct hip_host_id host_id; + int err = 0, is_loopback = 0; + uint16_t mask = HIP_PACKET_CTRL_ANON, crypto_len = 0; + char *tmp_enc = NULL; + const char *enc = NULL; + unsigned char *iv = NULL; + const struct hip_solution *solution = NULL; + struct hip_dh_public_value *dhpv = NULL; + const struct hip_r1_counter *r1cntr = NULL; + const struct hip_hip_transform *hip_transform = NULL; + struct hip_host_id *host_id_in_enc = NULL; + struct hip_host_id host_id; #ifdef CONFIG_HIP_PERFORMANCE HIP_DEBUG("Start PERF_I2\n"); hip_perf_start_benchmark(perf_set, PERF_I2); @@ -1442,8 +1443,8 @@ hip_relay_forward(ctx, rec, HIP_I2); err = -ECANCELED; goto out_err; - } } + } #endif HIP_IFEL(!hip_hidb_hit_is_our(&ctx->input_msg->hitr), @@ -1462,29 +1463,29 @@ HIP_INFO_IN6ADDR("Source IP: ", &ctx->src_addr); /* Next, we initialize the new HIP association. Peer HIT is the - * source HIT of the received I2 packet. We can have many Host - * Identities and using any of those Host Identities we can - * calculate diverse HITs depending on the used algorithm. When - * we sent one of our pre-created R1 packets, we have used one - * of our Host Identities and thus of our HITs as source. We - * must dig out the original Host Identity using the destination - * HIT of the I2 packet as a key. The initialized HIP - * association will not, however, have the I2 destination HIT as - * source, but one that is calculated using the Host Identity - * that we have dug out. */ - if (!ctx->hadb_entry) { - HIP_DEBUG("No HIP association found. Creating a new one.\n"); + * source HIT of the received I2 packet. We can have many Host + * Identities and using any of those Host Identities we can + * calculate diverse HITs depending on the used algorithm. When + * we sent one of our pre-created R1 packets, we have used one + * of our Host Identities and thus of our HITs as source. We + * must dig out the original Host Identity using the destination + * HIT of the I2 packet as a key. The initialized HIP + * association will not, however, have the I2 destination HIT as + * source, but one that is calculated using the Host Identity + * that we have dug out. */ + if (!ctx->hadb_entry) { + HIP_DEBUG("No HIP association found. Creating a new one.\n"); - HIP_IFEL(!(ctx->hadb_entry = hip_hadb_create_state()), - -ENOMEM, - "Out of memory when allocating memory for a new HIP " \ - "association. Dropping the I2 packet.\n"); - } - ipv6_addr_copy(&ctx->hadb_entry->hit_peer, &ctx->input_msg->hits); - ipv6_addr_copy(&ctx->hadb_entry->our_addr, &ctx->dst_addr); - HIP_DEBUG("Initializing the HIP association.\n"); - hip_init_us(ctx->hadb_entry, &ctx->input_msg->hitr); - hip_hadb_insert_state(ctx->hadb_entry); + HIP_IFEL(!(ctx->hadb_entry = hip_hadb_create_state()), + -ENOMEM, + "Out of memory when allocating memory for a new HIP " \ + "association. Dropping the I2 packet.\n"); + } + ipv6_addr_copy(&ctx->hadb_entry->hit_peer, &ctx->input_msg->hits); + ipv6_addr_copy(&ctx->hadb_entry->our_addr, &ctx->dst_addr); + HIP_DEBUG("Initializing the HIP association.\n"); + hip_init_us(ctx->hadb_entry, &ctx->input_msg->hitr); + hip_hadb_insert_state(ctx->hadb_entry); /* Here we should check the 'system boot counter' using the R1_COUNTER * parameter. However, our precreated R1 packets do not support system @@ -1512,7 +1513,6 @@ /* Verify HMAC. */ if (hip_hidb_hit_is_our(&ctx->input_msg->hits) && hip_hidb_hit_is_our(&ctx->input_msg->hitr)) { - is_loopback = 1; HIP_IFEL(hip_verify_packet_hmac(ctx->input_msg, &ctx->hadb_entry->hip_hmac_out), @@ -1531,7 +1531,7 @@ "HIP_TRANSFORM parameter missing from I2 packet. Dropping\n"); HIP_IFEL(!(ctx->hadb_entry->hip_transform = - hip_get_param_transform_suite_id(hip_transform)), + hip_get_param_transform_suite_id(hip_transform)), -EPROTO, "Bad HIP transform. Dropping the I2 packet.\n"); @@ -1571,15 +1571,15 @@ case HIP_HIP_RESERVED: HIP_ERROR("Found HIP suite ID 'RESERVED'. Dropping " \ "the I2 packet.\n"); - err = -EOPNOTSUPP; + err = -EOPNOTSUPP; goto out_err; case HIP_HIP_AES_SHA1: host_id_in_enc = (struct hip_host_id *) (tmp_enc + sizeof(struct hip_encrypted_aes_sha1)); - iv = ((struct hip_encrypted_aes_sha1 *) tmp_enc)->iv; + iv = ((struct hip_encrypted_aes_sha1 *) tmp_enc)->iv; /* 4 = reserved, 16 = IV */ - crypto_len = hip_get_param_contents_len(enc) - 4 - 16; + crypto_len = hip_get_param_contents_len(enc) - 4 - 16; HIP_DEBUG("Found HIP suite ID " \ "'AES-CBC with HMAC-SHA1'.\n"); break; @@ -1587,9 +1587,9 @@ host_id_in_enc = (struct hip_host_id *) (tmp_enc + sizeof(struct hip_encrypted_3des_sha1)); - iv = ((struct hip_encrypted_3des_sha1 *) tmp_enc)->iv; + iv = ((struct hip_encrypted_3des_sha1 *) tmp_enc)->iv; /* 4 = reserved, 8 = IV */ - crypto_len = hip_get_param_contents_len(enc) - 4 - 8; + crypto_len = hip_get_param_contents_len(enc) - 4 - 8; HIP_DEBUG("Found HIP suite ID " \ "'3DES-CBC with HMAC-SHA1'.\n"); break; @@ -1603,15 +1603,15 @@ HIP_ERROR("Found HIP suite ID 'BLOWFISH-CBC with " \ "HMAC-SHA1'. Support for this suite ID is " \ "not implemented. Dropping the I2 packet.\n"); - err = -ENOSYS; + err = -ENOSYS; goto out_err; case HIP_HIP_NULL_SHA1: host_id_in_enc = (struct hip_host_id *) (tmp_enc + sizeof(struct hip_encrypted_null_sha1)); - iv = NULL; + iv = NULL; /* 4 = reserved */ - crypto_len = hip_get_param_contents_len(enc) - 4; + crypto_len = hip_get_param_contents_len(enc) - 4; HIP_DEBUG("Found HIP suite ID " \ "'NULL-ENCRYPT with HMAC-SHA1'.\n"); break; @@ -1639,8 +1639,8 @@ * Note, that the original packet has the data still encrypted. */ HIP_IFEL(hip_crypto_encrypted(host_id_in_enc, iv, ctx->hadb_entry->hip_transform, crypto_len, (is_loopback ? - ctx->hadb_entry->hip_enc_out.key : - ctx->hadb_entry->hip_enc_in.key), + ctx->hadb_entry->hip_enc_out.key : + ctx->hadb_entry->hip_enc_in.key), HIP_DIRECTION_DECRYPT), -1, "Failed to decrypt the HOST_ID parameter. Dropping\n"); @@ -1663,19 +1663,19 @@ hip_get_param_total_len(&host_id)); /* Store peer's public key and HIT to HA */ - HIP_IFE(hip_init_peer(ctx->hadb_entry, &host_id), -EINVAL); - /* Validate signature */ + HIP_IFE(hip_init_peer(ctx->hadb_entry, &host_id), -EINVAL); + /* Validate signature */ #ifdef CONFIG_HIP_PERFORMANCE - HIP_DEBUG("Start PERF_VERIFY(2)\n"); - hip_perf_start_benchmark(perf_set, PERF_VERIFY); + HIP_DEBUG("Start PERF_VERIFY(2)\n"); + hip_perf_start_benchmark(perf_set, PERF_VERIFY); #endif - HIP_IFEL(ctx->hadb_entry->verify(ctx->hadb_entry->peer_pub_key, - ctx->input_msg), - -EINVAL, - "Verification of I2 signature failed\n"); + HIP_IFEL(ctx->hadb_entry->verify(ctx->hadb_entry->peer_pub_key, + ctx->input_msg), + -EINVAL, + "Verification of I2 signature failed\n"); #ifdef CONFIG_HIP_PERFORMANCE - HIP_DEBUG("Stop PERF_VERIFY(2)\n"); - hip_perf_stop_benchmark(perf_set, PERF_VERIFY); + HIP_DEBUG("Stop PERF_VERIFY(2)\n"); + hip_perf_stop_benchmark(perf_set, PERF_VERIFY); #endif if ((r1cntr = hip_get_param(ctx->input_msg, HIP_PARAM_R1_COUNTER))) { @@ -1717,17 +1717,17 @@ UNUSED const uint32_t ha_state, struct hip_packet_context *ctx) { - int err = 0, retransmission = 0; - uint32_t spi_out = 0; - const struct hip_esp_info *esp_info = NULL; - hip_transform_suite_t esp_tfm; - struct hip_spi_in_item spi_in_data; - const struct hip_locator *locator = NULL; - int if_index = 0; - struct sockaddr_storage ss_addr; - struct sockaddr *addr = NULL; - const struct hip_esp_transform *esp_tf = NULL; - struct hip_spi_out_item spi_out_data; + int err = 0, retransmission = 0; + uint32_t spi_out = 0; + const struct hip_esp_info *esp_info = NULL; + hip_transform_suite_t esp_tfm; + struct hip_spi_in_item spi_in_data; + const struct hip_locator *locator = NULL; + int if_index = 0; + struct sockaddr_storage ss_addr; + struct sockaddr *addr = NULL; + const struct hip_esp_transform *esp_tf = NULL; + struct hip_spi_out_item spi_out_data; /* Get the interface index of the network device which has our * local IP address. */ @@ -1784,13 +1784,13 @@ /* move this below setup_sa */ memset(&spi_out_data, 0, sizeof(struct hip_spi_out_item)); - spi_out_data.spi = ntohl(esp_info->new_spi); + spi_out_data.spi = ntohl(esp_info->new_spi); ctx->hadb_entry->spi_outbound_current = spi_out_data.spi; /* 99999 * HIP_DEBUG("Adding spi 0x%x\n", spi_out_data.spi); * HIP_IFE(hip_hadb_add_spi_old(ctx->hadb_entry, HIP_SPI_DIRECTION_OUT, * &spi_out_data), -1);*/ - ctx->hadb_entry->esp_transform = hip_select_esp_transform(esp_tf); + ctx->hadb_entry->esp_transform = hip_select_esp_transform(esp_tf); HIP_IFEL(!(esp_tfm = ctx->hadb_entry->esp_transform), -1, "Could not select proper ESP transform\n"); @@ -1906,7 +1906,7 @@ UNUSED const uint32_t ha_state, struct hip_packet_context *ctx) { - int err = 0; + int err = 0; uint16_t mask = HIP_PACKET_CTRL_ANON, notify_controls = 0; HIP_IFEL(!ctx->hadb_entry, @@ -1917,8 +1917,8 @@ HIP_IFEL(!hip_controls_sane(notify_controls, mask), -EPROTO, - "Received a NOTIFY packet with illegal controls: 0x%x. Dropping\n", - notify_controls); + "Received a NOTIFY packet with illegal controls: 0x%x. Dropping\n", + notify_controls); out_err: if (err) { @@ -1951,14 +1951,14 @@ UNUSED const uint32_t ha_state, struct hip_packet_context *ctx) { - int err = 0; - const struct hip_tlv_common *current_param = NULL; - const struct hip_notification *notification = NULL; - struct in6_addr responder_ip, responder_hit; - hip_tlv_type_t param_type = 0, response; - hip_tlv_len_t param_len = 0; - uint16_t msgtype = 0; - in_port_t port = 0; + int err = 0; + const struct hip_tlv_common *current_param = NULL; + const struct hip_notification *notification = NULL; + struct in6_addr responder_ip, responder_hit; + hip_tlv_type_t param_type = 0, response; + hip_tlv_len_t param_len = 0; + uint16_t msgtype = 0; + in_port_t port = 0; /* Loop through all the parameters in the received packet. */ while ((current_param = @@ -1970,8 +1970,8 @@ "packet.\n"); notification = (const struct hip_notification *) current_param; - param_len = hip_get_param_contents_len(current_param); - msgtype = ntohs(notification->msgtype); + param_len = hip_get_param_contents_len(current_param); + msgtype = ntohs(notification->msgtype); switch (msgtype) { case HIP_NTF_UNSUPPORTED_CRITICAL_PARAMETER_TYPE: === modified file 'hipd/keymat.c' --- hipd/keymat.c 2010-11-30 14:50:30 +0000 +++ hipd/keymat.c 2011-01-03 16:06:13 +0000 @@ -56,13 +56,13 @@ * @return the allocated buffer (caller deallocates) or NULL on failure */ static uint8_t *hip_create_keymat_buffer(char *kij, size_t kij_len, size_t hash_len, - struct in6_addr *smaller_hit, - struct in6_addr *bigger_hit, - uint64_t I, uint64_t J) + struct in6_addr *smaller_hit, + struct in6_addr *bigger_hit, + uint64_t I, uint64_t J) { uint8_t *buffer = NULL, *cur = NULL; - size_t requiredmem; + size_t requiredmem; HIP_DEBUG("\n"); /* 2*sizeof(uint64_t) added to take care of I and J. */ @@ -78,15 +78,15 @@ return buffer; } - cur = buffer; + cur = buffer; memcpy(cur, kij, kij_len); - cur += kij_len; + cur += kij_len; memcpy(cur, (uint8_t *) smaller_hit, sizeof(struct in6_addr)); - cur += sizeof(struct in6_addr); + cur += sizeof(struct in6_addr); memcpy(cur, (uint8_t *) bigger_hit, sizeof(struct in6_addr)); - cur += sizeof(struct in6_addr); + cur += sizeof(struct in6_addr); memcpy(cur, &I, sizeof(uint64_t)); // XX CHECK: network byte order? - cur += sizeof(uint64_t); + cur += sizeof(uint64_t); memcpy(cur, &J, sizeof(uint64_t)); // XX CHECK: network byte order? cur += sizeof(uint64_t); *(cur) = 1; @@ -141,13 +141,13 @@ uint64_t I, uint64_t J) { - int bufsize; - uint8_t index_nbr = 1; - size_t dstoffset = 0; - void *seedkey; + int bufsize; + uint8_t index_nbr = 1; + size_t dstoffset = 0; + void *seedkey; struct in6_addr *smaller_hit, *bigger_hit; - int hit1_is_bigger; - uint8_t *shabuffer = NULL; + int hit1_is_bigger; + uint8_t *shabuffer = NULL; HIP_DEBUG("\n"); if (dstbuflen < HIP_AH_SHA_LEN) { @@ -159,8 +159,8 @@ hit1_is_bigger = hip_hit_is_bigger(hit1, hit2); - bigger_hit = hit1_is_bigger ? hit1 : hit2; - smaller_hit = hit1_is_bigger ? hit2 : hit1; + bigger_hit = hit1_is_bigger ? hit1 : hit2; + smaller_hit = hit1_is_bigger ? hit2 : hit1; shabuffer = hip_create_keymat_buffer(kij, kij_len, HIP_AH_SHA_LEN, smaller_hit, bigger_hit, I, J); @@ -183,7 +183,7 @@ * K3 = SHA1(Kij | K2 | 3) * ... */ - seedkey = dstbuf; + seedkey = dstbuf; hip_update_keymat_buffer(shabuffer, seedkey, HIP_AH_SHA_LEN, kij_len, index_nbr); @@ -226,12 +226,12 @@ /* todo: remove this function */ void *ret = NULL; - if (len > (int)(keymat->keymatlen - keymat->offset)) { + if (len > (int) (keymat->keymatlen - keymat->offset)) { HIP_DEBUG("Tried to draw more keys than are available\n"); goto out_err; } - ret = (uint8_t *) keymat->keymatdst + keymat->offset; + ret = (uint8_t *) keymat->keymatdst + keymat->offset; keymat->offset += len; @@ -252,11 +252,10 @@ struct hip_keymat_keymat *keymat, int len) { - int err = 0; - void *p = hip_keymat_draw(keymat, len); + int err = 0; + void *p = hip_keymat_draw(keymat, len); HIP_IFEL(!p, -EINVAL, "Could not draw from keymat\n"); memcpy(dst, p, len); out_err: return err; } - === modified file 'hipd/maintenance.c' --- hipd/maintenance.c 2010-11-30 14:50:30 +0000 +++ hipd/maintenance.c 2011-01-03 16:06:13 +0000 @@ -68,19 +68,19 @@ struct maint_function { uint16_t priority; - int (*func_ptr)(void); + int (*func_ptr)(void); }; int hip_firewall_sock_lsi_fd = -1; -float retrans_counter = HIP_RETRANSMIT_INIT; -float opp_fallback_counter = HIP_OPP_FALLBACK_INIT; -float precreate_counter = HIP_R1_PRECREATE_INIT; -float queue_counter = QUEUE_CHECK_INIT; -int force_exit_counter = FORCE_EXIT_COUNTER_START; -int cert_publish_counter = CERTIFICATE_PUBLISH_INTERVAL; -int hip_firewall_status = -1; -int fall, retr; +float retrans_counter = HIP_RETRANSMIT_INIT; +float opp_fallback_counter = HIP_OPP_FALLBACK_INIT; +float precreate_counter = HIP_R1_PRECREATE_INIT; +float queue_counter = QUEUE_CHECK_INIT; +int force_exit_counter = FORCE_EXIT_COUNTER_START; +int cert_publish_counter = CERTIFICATE_PUBLISH_INTERVAL; +int hip_firewall_status = -1; +int fall, retr; /** * List containing all maintenance functions. @@ -96,7 +96,7 @@ */ static int hip_handle_retransmission(hip_ha_t *entry, void *current_time) { - int err = 0; + int err = 0; time_t *now = (time_t *) current_time; if (entry->hip_msg_retrans.buf == NULL || @@ -160,7 +160,7 @@ */ static int hip_scan_opp_fallback(void) { - int err = 0; + int err = 0; time_t current_time; time(¤t_time); @@ -169,6 +169,7 @@ out_err: return err; } + #endif /** @@ -178,7 +179,7 @@ */ static int hip_scan_retransmissions(void) { - int err = 0; + int err = 0; time_t current_time; time(¤t_time); HIP_IFEL(hip_for_each_ha(hip_handle_retransmission, ¤t_time), 0, @@ -201,15 +202,15 @@ int hip_register_maint_function(int (*maint_function)(void), const uint16_t priority) { - int err = 0; + int err = 0; struct maint_function *new_entry = NULL; HIP_IFEL(!(new_entry = malloc(sizeof(struct maint_function))), -1, "Error on allocating memory for a maintenance function entry.\n"); - new_entry->priority = priority; - new_entry->func_ptr = maint_function; + new_entry->priority = priority; + new_entry->func_ptr = maint_function; hip_maintenance_functions = lmod_register_function(hip_maintenance_functions, new_entry, @@ -250,7 +251,7 @@ if (hip_maintenance_functions) { while ((iter = hip_ll_iterate(hip_maintenance_functions, iter))) { - ((struct maint_function*) iter->ptr)->func_ptr(); + ((struct maint_function *) iter->ptr)->func_ptr(); } } else { HIP_DEBUG("No maintenance function registered.\n"); @@ -375,10 +376,10 @@ */ int hip_firewall_set_bex_data(int action, struct in6_addr *hit_s, struct in6_addr *hit_r) { - struct hip_common *msg = NULL; + struct hip_common *msg = NULL; struct sockaddr_in6 hip_fw_addr; - int err = 0, n = 0, r_is_our; - socklen_t alen = sizeof(hip_fw_addr); + int err = 0, n = 0, r_is_our; + socklen_t alen = sizeof(hip_fw_addr); if (!hip_get_firewall_status()) { goto out_err; @@ -411,7 +412,7 @@ (struct sockaddr *) &hip_firewall_addr, alen); - HIP_IFEL( n < 0, -1, "Send to firewall failed. str errno %s\n", strerror(errno)); + HIP_IFEL(n < 0, -1, "Send to firewall failed. str errno %s\n", strerror(errno)); HIP_DEBUG("BEX DATA Send to firewall OK.\n"); @@ -430,8 +431,8 @@ int hip_firewall_set_esp_relay(int action) { struct hip_common *msg = NULL; - int err = 0; - int sent; + int err = 0; + int sent; HIP_DEBUG("Setting ESP relay to %d\n", action); HIP_IFE(!(msg = hip_msg_alloc()), -ENOMEM); === modified file 'hipd/nat.c' --- hipd/nat.c 2010-11-30 14:50:30 +0000 +++ hipd/nat.c 2011-01-03 16:06:13 +0000 @@ -93,7 +93,7 @@ */ static int hip_nat_send_keep_alive(hip_ha_t *entry, UNUSED void *opaque) { - int err = 0; + int err = 0; struct hip_common *msg = NULL; HIP_IFEL(!(msg = hip_msg_alloc()), -1, "Alloc\n"); === modified file 'hipd/netdev.c' --- hipd/netdev.c 2010-12-10 16:35:07 +0000 +++ hipd/netdev.c 2011-01-03 16:06:13 +0000 @@ -151,7 +151,7 @@ ifr.ifr_ifindex = -1; strncpy(ifr.ifr_name, device_name, (size_t) IF_NAMESIZE); - sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP); + sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP); if (ioctl(sock, SIOCGIFINDEX, &ifr) == 0) { ret = 1; @@ -178,7 +178,7 @@ static unsigned long hip_netdev_hash(const void *ptr) { const struct netdev_address *na = (const struct netdev_address *) ptr; - uint8_t hash[HIP_AH_SHA_LEN]; + uint8_t hash[HIP_AH_SHA_LEN]; /* stg: TODO A cryptographically secure hash is unnecessarily expensive for a hash table. Something cheaper, like an XOR, would do just fine. */ hip_build_digest(HIP_DIGEST_SHA1, &na->addr, @@ -217,8 +217,8 @@ static int hip_count_if_addresses(int ifindex) { struct netdev_address *na; - hip_list_t *n, *t; - int i = 0, c; + hip_list_t *n, *t; + int i = 0, c; list_for_each_safe(n, t, addresses, c) { na = (struct netdev_address *) list_entry(n); @@ -238,9 +238,9 @@ */ static int hip_filter_address(struct sockaddr *addr) { - char s[INET6_ADDRSTRLEN]; + char s[INET6_ADDRSTRLEN]; struct in6_addr *a_in6 = NULL; - in_addr_t a_in; + in_addr_t a_in; HIP_DEBUG("Filtering the address family %d \n", addr->sa_family); switch (addr->sa_family) { case AF_INET6: @@ -331,9 +331,9 @@ static int hip_exists_address_family_in_list(const struct in6_addr *addr) { struct netdev_address *n; - hip_list_t *tmp, *t; - int c; - int mapped = IN6_IS_ADDR_V4MAPPED(addr); + hip_list_t *tmp, *t; + int c; + int mapped = IN6_IS_ADDR_V4MAPPED(addr); list_for_each_safe(tmp, t, addresses, c) { n = (struct netdev_address *) list_entry(tmp); @@ -357,17 +357,17 @@ int hip_exists_address_in_list(struct sockaddr *addr, int ifindex) { struct netdev_address *n; - hip_list_t *tmp, *t; - int c; - int err = 0; + hip_list_t *tmp, *t; + int c; + int err = 0; const struct in6_addr *in6; - const struct in_addr *in; + const struct in_addr *in; list_for_each_safe(tmp, t, addresses, c) { int mapped = 0; int addr_match = 0; int family_match = 0; - n = (struct netdev_address *) list_entry(tmp); + n = (struct netdev_address *) list_entry(tmp); mapped = hip_sockaddr_is_v6_mapped((struct sockaddr * ) (&n->addr)); HIP_DEBUG("mapped=%d\n", mapped); @@ -380,11 +380,10 @@ addr_match = IPV6_EQ_IPV4(in6, in); family_match = 1; - } else if (!mapped && addr->sa_family == AF_INET6) { - addr_match = !memcmp(hip_cast_sa_addr((struct sockaddr *) &n->addr), - hip_cast_sa_addr(addr), - hip_sa_addr_len(&n->addr)); + addr_match = !memcmp(hip_cast_sa_addr((struct sockaddr *) &n->addr), + hip_cast_sa_addr(addr), + hip_sa_addr_len(&n->addr)); family_match = (n->addr.ss_family == addr->sa_family); } else { /* addr->sa_family == AF_INET */ HIP_DEBUG("Addr given was not IPv6 nor IPv4.\n"); @@ -427,8 +426,8 @@ void hip_add_address_to_list(struct sockaddr *addr, int ifindex, int flags) { struct netdev_address *n; - unsigned char tmp_secret[40]; - int err_rand = 0; + unsigned char tmp_secret[40]; + int err_rand = 0; if (hip_exists_address_in_list(addr, ifindex)) { return; @@ -473,7 +472,7 @@ n->if_index = ifindex; list_add(n, addresses); address_count++; - n->flags = flags; + n->flags = flags; HIP_DEBUG("Added a new IPv6 address to ifindex2spi map. The map has " \ "%d addresses.\n", address_count); @@ -489,9 +488,9 @@ static void hip_delete_address_from_list(struct sockaddr *addr, int ifindex) { struct netdev_address *n; - hip_list_t *item, *tmp; - int i, deleted = 0; - struct sockaddr_in6 addr_sin6; + hip_list_t *item, *tmp; + int i, deleted = 0; + struct sockaddr_in6 addr_sin6; if (addr && addr->sa_family == AF_INET) { memset(&addr_sin6, 0, sizeof(addr_sin6)); @@ -541,8 +540,8 @@ void hip_delete_all_addresses(void) { struct netdev_address *n; - hip_list_t *item, *tmp; - int i; + hip_list_t *item, *tmp; + int i; if (address_count) { list_for_each_safe(item, tmp, addresses, i) @@ -570,9 +569,9 @@ */ static int hip_netdev_find_if(struct sockaddr *addr) { - struct netdev_address *n = NULL; - hip_list_t *item = NULL, *tmp = NULL; - int i = 0; + struct netdev_address *n = NULL; + hip_list_t *item = NULL, *tmp = NULL; + int i = 0; #ifdef CONFIG_HIP_DEBUG /* Debug block. */ { @@ -656,7 +655,7 @@ int hip_netdev_init_addresses(void) { struct ifaddrs *g_ifaces = NULL, *g_iface = NULL; - int err = 0, if_index = 0; + int err = 0, if_index = 0; /* Initialize address list */ HIP_DEBUG("Initializing addresses...\n"); @@ -703,7 +702,7 @@ int hip_map_id_to_addr(const hip_hit_t *hit, const hip_lsi_t *lsi, struct in6_addr *addr) { - int err = -1, skip_namelookup = 0; /* Assume that resolving fails */ + int err = -1, skip_namelookup = 0; /* Assume that resolving fails */ hip_hit_t hit2; hip_ha_t *ha = NULL; @@ -792,32 +791,32 @@ const struct in6_addr *src_addr_in, const struct in6_addr *dst_addr_in) { - int err = 0, if_index = 0, is_ipv4_locator; - int reuse_hadb_local_address = 0, ha_nat_mode = hip_nat_status; - int old_global_nat_mode = hip_nat_status; - in_port_t ha_local_port; - in_port_t ha_peer_port; - hip_ha_t *entry = NULL; - int is_loopback = 0; - hip_lsi_t dlsi, slsi; - struct in6_addr dhit, shit, saddr, dst6_lsi; - struct in6_addr *src_hit, *dst_hit, *src_addr, *dst_addr; - struct in_addr *src_lsi, *dst_lsi; - struct in6_addr daddr; + int err = 0, if_index = 0, is_ipv4_locator; + int reuse_hadb_local_address = 0, ha_nat_mode = hip_nat_status; + int old_global_nat_mode = hip_nat_status; + in_port_t ha_local_port; + in_port_t ha_peer_port; + hip_ha_t *entry = NULL; + int is_loopback = 0; + hip_lsi_t dlsi, slsi; + struct in6_addr dhit, shit, saddr, dst6_lsi; + struct in6_addr *src_hit, *dst_hit, *src_addr, *dst_addr; + struct in_addr *src_lsi, *dst_lsi; + struct in6_addr daddr; struct sockaddr_storage ss_addr; - struct sockaddr *addr; - int broadcast = 0, shotgun_status_orig = 0; + struct sockaddr *addr; + int broadcast = 0, shotgun_status_orig = 0; ha_local_port = (hip_nat_status ? hip_get_local_nat_udp_port() : 0); - ha_peer_port = + ha_peer_port = (hip_nat_status ? hip_get_peer_nat_udp_port() : 0); - addr = (struct sockaddr *) &ss_addr; + addr = (struct sockaddr *) &ss_addr; /* Make sure that dst_hit is not a NULL pointer */ hip_copy_in6addr_null_check(&dhit, dst_hit_in); - dst_hit = &dhit; + dst_hit = &dhit; HIP_DEBUG_HIT("dst hit", dst_hit); /* Make sure that src_hit is not a NULL pointer */ @@ -943,7 +942,7 @@ shotgun_status_orig = hip_shotgun_status; hip_shotgun_status = HIP_MSG_SHOTGUN_ON; IPV4_TO_IPV6_MAP(&bcast, dst_addr); - err = 0; + err = 0; } /* Next, create state into HADB. Make sure that we choose the right @@ -970,9 +969,9 @@ } /* Preserve NAT status with peer */ - entry->local_udp_port = ha_local_port; - entry->peer_udp_port = ha_peer_port; - entry->nat_mode = ha_nat_mode; + entry->local_udp_port = ha_local_port; + entry->peer_udp_port = ha_peer_port; + entry->nat_mode = ha_nat_mode; reuse_hadb_local_address = 1; @@ -1030,12 +1029,12 @@ */ static int hip_netdev_handle_acquire(struct nlmsghdr *msg) { - hip_hit_t *src_hit = NULL, *dst_hit = NULL; - hip_lsi_t *src_lsi = NULL, *dst_lsi = NULL; - struct in6_addr *src_addr = NULL, *dst_addr = NULL; + hip_hit_t *src_hit = NULL, *dst_hit = NULL; + hip_lsi_t *src_lsi = NULL, *dst_lsi = NULL; + struct in6_addr *src_addr = NULL, *dst_addr = NULL; struct xfrm_user_acquire *acq; - hip_ha_t *entry; - int err = 0; + hip_ha_t *entry; + int err = 0; HIP_DEBUG("Acquire (pid: %d) \n", msg->nlmsg_pid); @@ -1076,11 +1075,11 @@ */ int hip_netdev_trigger_bex_msg(const struct hip_common *msg) { - const hip_hit_t *our_hit = NULL, *peer_hit = NULL; - const hip_lsi_t *our_lsi = NULL, *peer_lsi = NULL; - const struct in6_addr *our_addr = NULL, *peer_addr = NULL; + const hip_hit_t *our_hit = NULL, *peer_hit = NULL; + const hip_lsi_t *our_lsi = NULL, *peer_lsi = NULL; + const struct in6_addr *our_addr = NULL, *peer_addr = NULL; const struct hip_tlv_common *param; - int err = 0; + int err = 0; HIP_DUMP_MSG(msg); @@ -1193,12 +1192,12 @@ */ int hip_netdev_event(struct nlmsghdr *msg, int len, UNUSED void *arg) { - int err = 0, l = 0, is_add = 0, exists; + int err = 0, l = 0, is_add = 0, exists; struct sockaddr_storage ss_addr; - struct ifinfomsg *ifinfo = NULL; /* link layer specific message */ - struct ifaddrmsg *ifa = NULL; /* interface address message */ - struct rtattr *rta = NULL, *tb[IFA_MAX + 1]; - struct sockaddr *addr = NULL; + struct ifinfomsg *ifinfo = NULL; /* link layer specific message */ + struct ifaddrmsg *ifa = NULL; /* interface address message */ + struct rtattr *rta = NULL, *tb[IFA_MAX + 1]; + struct sockaddr *addr = NULL; addr = (struct sockaddr *) &ss_addr; @@ -1229,14 +1228,12 @@ /* Check if our interface is in the whitelist */ if ((hip_netdev_white_list_count > 0) && - (!hip_netdev_is_in_white_list(ifindex))) - { + (!hip_netdev_is_in_white_list(ifindex))) { continue; } if ((ifa->ifa_family != AF_INET) && - (ifa->ifa_family != AF_INET6)) - { + (ifa->ifa_family != AF_INET6)) { continue; } @@ -1349,9 +1346,9 @@ */ int hip_add_iface_local_hit(const hip_hit_t *local_hit) { - int err = 0; - char hit_str[INET6_ADDRSTRLEN + 2]; - struct idxmap *idxmap[16] = {0}; + int err = 0; + char hit_str[INET6_ADDRSTRLEN + 2]; + struct idxmap *idxmap[16] = { 0 }; hip_convert_hit_to_str(local_hit, HIP_HIT_PREFIX_STR, hit_str); HIP_DEBUG("Adding HIT: %s\n", hit_str); @@ -1372,7 +1369,7 @@ */ int hip_add_iface_local_route(const hip_hit_t *local_hit) { - int err = 0; + int err = 0; char hit_str[INET6_ADDRSTRLEN + 2]; hip_convert_hit_to_str(local_hit, HIP_HIT_FULL_PREFIX_STR, hit_str); @@ -1399,10 +1396,10 @@ */ int hip_select_source_address(struct in6_addr *src, const struct in6_addr *dst) { - int err = 0; - int family = AF_INET6; - struct idxmap *idxmap[16] = { 0 }; - struct in6_addr lpback = IN6ADDR_LOOPBACK_INIT; + int err = 0; + int family = AF_INET6; + struct idxmap *idxmap[16] = { 0 }; + struct in6_addr lpback = IN6ADDR_LOOPBACK_INIT; HIP_DEBUG_IN6ADDR("dst", dst); @@ -1417,8 +1414,8 @@ if (ipv6_addr_is_teredo(dst)) { struct netdev_address *na; const struct in6_addr *in6; - hip_list_t *n, *t; - int c, match = 0; + hip_list_t *n, *t; + int c, match = 0; list_for_each_safe(n, t, addresses, c) { na = list_entry(n); @@ -1447,9 +1444,9 @@ */ void hip_copy_peer_addrlist_changed(hip_ha_t *ha) { - hip_list_t *item = NULL, *tmp = NULL; + hip_list_t *item = NULL, *tmp = NULL; struct hip_peer_addr_list_item *addr_li; - int i = 0; + int i = 0; if (!ha->peer_addr_list_to_be_added) { return; === modified file 'hipd/nsupdate.c' --- hipd/nsupdate.c 2010-11-30 14:50:30 +0000 +++ hipd/nsupdate.c 2011-01-03 16:06:13 +0000 @@ -111,7 +111,7 @@ static char *make_env(const char *name, char *value) { char *result = NULL; - int err = 0; + int err = 0; if ((name == NULL) || (value == NULL)) { return NULL; @@ -140,7 +140,7 @@ static void sig_chld(UNUSED int signo) { pid_t child_pid; - int child_status; // child exit code + int child_status; // child exit code child_pid = waitpid(0, &child_status, WNOHANG); } @@ -160,19 +160,19 @@ static const char *netdev_address_to_str(struct netdev_address *src, char *dst, socklen_t cnt) { - struct sockaddr *tmp_sockaddr_ptr = (struct sockaddr *) &(src->addr); + struct sockaddr *tmp_sockaddr_ptr = (struct sockaddr *) &(src->addr); struct sockaddr_in *tmp_sockaddr_in_ptr = (struct sockaddr_in *) tmp_sockaddr_ptr; struct sockaddr_in6 *tmp_sockaddr_in6_ptr = (struct sockaddr_in6 *) tmp_sockaddr_ptr; - struct in_addr tmp_in_addr; - struct in6_addr *tmp_in6_addr_ptr = NULL; + struct in_addr tmp_in_addr; + struct in6_addr *tmp_in6_addr_ptr = NULL; - void *inet_ntop_src = NULL; - int af = tmp_sockaddr_ptr->sa_family; // might be changed because of ip4->ip6 mapping + void *inet_ntop_src = NULL; + int af = tmp_sockaddr_ptr->sa_family; // might be changed because of ip4->ip6 mapping switch (af) { case AF_INET: - inet_ntop_src = &(tmp_sockaddr_in_ptr->sin_addr); + inet_ntop_src = &(tmp_sockaddr_in_ptr->sin_addr); break; case AF_INET6: @@ -204,7 +204,7 @@ static int run_nsupdate(char *ips, char *hit, int start) { struct sigaction act; - pid_t child_pid; + pid_t child_pid; HIP_DEBUG("Updating dns records...\n"); @@ -231,7 +231,7 @@ if (child_pid < 0) { HIP_PERROR("fork"); return ERR; - } else if (child_pid == 0) { // CHILD + } else if (child_pid == 0) { // CHILD char nsupdate_arg0[] = NSUPDATE_ARG0; char start_str[2]; @@ -241,8 +241,8 @@ char *env_hit = make_env(VAR_HIT, hit); char *env_start = make_env(VAR_START, start_str); - char *cmd[] = { nsupdate_arg0, NULL }; - char *const env[] = { env_ips, env_hit, env_start, NULL }; + char *cmd[] = { nsupdate_arg0, NULL }; + char *const env[] = { env_ips, env_hit, env_start, NULL }; HIP_DEBUG("Executing %s with %s; %s; %s\n", NSUPDATE_PL, env_hit, env_ips, env_start); execve(NSUPDATE_PL, cmd, env); @@ -273,12 +273,12 @@ static int run_nsupdate_for_hit(struct hip_host_id_entry *entry, void *opaq) { - int start = 0; - char ip_str[40]; // buffer for one IP address - char ips_str[1024] = ""; // list of IP addresses + int start = 0; + char ip_str[40]; // buffer for one IP address + char ips_str[1024] = ""; // list of IP addresses hip_list_t *item, *tmp_hip_list_t; - int i; - char hit[INET6_ADDRSTRLEN + 2]; + int i; + char hit[INET6_ADDRSTRLEN + 2]; if (opaq != NULL) { start = *(int *) opaq; === modified file 'hipd/oppdb.c' --- hipd/oppdb.c 2010-11-30 14:50:30 +0000 +++ hipd/oppdb.c 2011-01-03 16:06:13 +0000 @@ -110,7 +110,7 @@ static unsigned long hip_oppdb_hash_hit(const void *ptr) { const hip_opp_block_t *entry = (const hip_opp_block_t *) ptr; - uint8_t hash[HIP_AH_SHA_LEN]; + uint8_t hash[HIP_AH_SHA_LEN]; hip_build_digest(HIP_DIGEST_SHA1, &entry->peer_phit, sizeof(hip_hit_t) + sizeof(struct sockaddr_in6), @@ -165,7 +165,7 @@ int err = 0; /** @todo this does not support multiple multiple opp - connections: a better solution might be trash collection */ + * connections: a better solution might be trash collection */ HIP_ASSERT(opp_entry); hip_del_peer_info(&opp_entry->peer_phit, @@ -183,9 +183,9 @@ */ int hip_for_each_opp(int (*func)(hip_opp_block_t *entry, void *opaq), void *opaque) { - int i = 0, fail = 0; + int i = 0, fail = 0; hip_opp_block_t *this; - hip_list_t *item, *tmp; + hip_list_t *item, *tmp; if (!func) { return -EINVAL; @@ -239,7 +239,7 @@ hip_opp_info_t *opp_info) { struct hip_common *message = NULL; - int err = 0, n; + int err = 0, n; HIP_IFEL((app_id->sin6_port == 0), 0, "Zero port, ignore\n"); @@ -304,7 +304,7 @@ static int hip_oppdb_unblock_group(hip_opp_block_t *entry, void *ptr) { hip_opp_info_t *opp_info = ptr; - int err = 0; + int err = 0; if (ipv6_addr_cmp(&entry->peer_phit, &opp_info->pseudo_peer_hit) != 0) { goto out_err; @@ -348,9 +348,9 @@ */ static void hip_oppdb_dump(void) { - int i; + int i; hip_opp_block_t *this; - hip_list_t *item, *tmp; + hip_list_t *item, *tmp; HIP_DEBUG("start oppdb dump\n"); HIP_LOCK_HT(&oppdb); @@ -385,7 +385,7 @@ const struct in6_addr *ip_our, const struct sockaddr_in6 *caller) { - int err = 0; + int err = 0; hip_opp_block_t *new_item = NULL; new_item = hip_create_opp_block_entry(); @@ -434,7 +434,7 @@ { hip_ha_t *entry_tmp = NULL; hip_hit_t phit; - int err = 0; + int err = 0; HIP_DEBUG_HIT("resp_addr=", resp_addr); HIP_IFEL(hip_opportunistic_ipv6_to_hit(resp_addr, &phit, @@ -459,8 +459,8 @@ hip_ha_t *hip_oppdb_get_hadb_entry_i1_r1(struct hip_common *msg, struct in6_addr *src_addr) { - hip_hdr_type_t type = hip_get_msg_type(msg); - hip_ha_t *entry = NULL; + hip_hdr_type_t type = hip_get_msg_type(msg); + hip_ha_t *entry = NULL; if (type == HIP_I1) { if (!ipv6_addr_is_null(&msg->hitr)) { @@ -486,9 +486,9 @@ int hip_handle_opp_r1(struct hip_packet_context *ctx) { hip_opp_info_t opp_info; - hip_ha_t *opp_entry; - hip_hit_t phit; - int err = 0; + hip_ha_t *opp_entry; + hip_hit_t phit; + int err = 0; opp_entry = ctx->hadb_entry; @@ -510,7 +510,7 @@ HIP_IFEL(hip_init_us(ctx->hadb_entry, &ctx->input_msg->hitr), -1, "hip_init_us failed\n"); /* old HA has state 2, new HA has state 1, so copy it */ - ctx->hadb_entry->state = opp_entry->state; + ctx->hadb_entry->state = opp_entry->state; /* For service registration routines */ ctx->hadb_entry->local_controls = opp_entry->local_controls; ctx->hadb_entry->peer_controls = opp_entry->peer_controls; @@ -553,10 +553,10 @@ const struct in6_addr *hit_our, const struct sockaddr_in6 *caller) { - int err = 0; + int err = 0; struct in6_addr opp_hit, src_ip; - hip_ha_t *ha = NULL; - hip_oppip_t *oppip_entry = NULL; + hip_ha_t *ha = NULL; + hip_oppip_t *oppip_entry = NULL; HIP_DEBUG_IN6ADDR("Peer's IP ", dst_ip); @@ -612,8 +612,8 @@ int hip_handle_opp_fallback(hip_opp_block_t *entry, void *current_time) { - int err = 0, disable_fallback = 0; - time_t *now = (time_t *) current_time; + int err = 0, disable_fallback = 0; + time_t *now = (time_t *) current_time; struct in6_addr *addr; if (!disable_fallback && (*now - HIP_OPP_WAIT > entry->creation_time)) { @@ -625,9 +625,9 @@ addr = (struct in6_addr *) &entry->peer_ip; hip_oppipdb_add_entry(addr); HIP_DEBUG("Timeout for opp entry, falling back to\n"); - err = hip_opp_unblock_app(&entry->caller, &info); + err = hip_opp_unblock_app(&entry->caller, &info); HIP_DEBUG("Fallback returned %d\n", err); - err = hip_oppdb_entry_clean_up(entry); + err = hip_oppdb_entry_clean_up(entry); memset(&now, 0, sizeof(now)); } @@ -644,12 +644,13 @@ */ hip_opp_block_t *hip_oppdb_find_by_ip(const struct in6_addr *ip_peer) { - int i = 0; + int i = 0; hip_opp_block_t *this, *ret = NULL; - hip_list_t *item, *tmp; + hip_list_t *item, *tmp; - if (oppdb == NULL) + if (oppdb == NULL) { return NULL; + } HIP_LOCK_HT(&opp_db); list_for_each_safe(item, tmp, oppdb, i) @@ -677,10 +678,10 @@ int hip_opp_get_peer_hit(struct hip_common *msg, const struct sockaddr_in6 *src) { - int err = 0; - struct in6_addr phit, dst_ip, our_hit, our_addr; + int err = 0; + struct in6_addr phit, dst_ip, our_hit, our_addr; const struct in6_addr *ptr; - hip_ha_t *ha; + hip_ha_t *ha; ptr = hip_get_param_contents(msg, HIP_PARAM_HIT_LOCAL); HIP_IFEL(!ptr, -1, "No local hit in msg\n"); === modified file 'hipd/oppdb.h' --- hipd/oppdb.h 2010-10-15 15:29:14 +0000 +++ hipd/oppdb.h 2011-01-03 16:06:13 +0000 @@ -43,10 +43,10 @@ struct sockaddr_in6 caller; hip_hit_t our_real_hit; - time_t creation_time; - struct in6_addr peer_ip; - struct in6_addr our_ip; - uint8_t proxy_flag; //0: normal connection, 1: connection through proxy + time_t creation_time; + struct in6_addr peer_ip; + struct in6_addr our_ip; + uint8_t proxy_flag; //0: normal connection, 1: connection through proxy }; typedef struct hip_opp_blocking_request_entry hip_opp_block_t; === modified file 'hipd/oppipdb.c' --- hipd/oppipdb.c 2010-10-15 15:29:14 +0000 +++ hipd/oppipdb.c 2011-01-03 16:06:13 +0000 @@ -100,9 +100,9 @@ */ int hip_for_each_oppip(void (*func)(hip_oppip_t *entry, void *opaq), void *opaque) { - int i = 0; + int i = 0; hip_oppip_t *this; - hip_list_t *item, *tmp; + hip_list_t *item, *tmp; if (!func) { return -EINVAL; @@ -164,7 +164,7 @@ */ int hip_oppipdb_add_entry(const struct in6_addr *ip_peer) { - int err = 0; + int err = 0; hip_oppip_t *new_item = NULL; new_item = hip_create_oppip_entry(); === modified file 'hipd/output.c' --- hipd/output.c 2010-12-08 18:40:04 +0000 +++ hipd/output.c 2011-01-03 16:06:13 +0000 @@ -128,7 +128,7 @@ HIP_LOCK_HA(entry); entry->state = HIP_STATE_I1_SENT; HIP_UNLOCK_HA(entry); - } else if (err == 1) { + } else if (err == 1) { err = 0; } @@ -147,14 +147,14 @@ int hip_send_i1(hip_hit_t *src_hit, const hip_hit_t *dst_hit, hip_ha_t *entry) { - struct hip_common *i1 = 0; - uint16_t mask = 0; - int err = 0; - hip_list_t *item = NULL, *tmp = NULL; + struct hip_common *i1 = 0; + uint16_t mask = 0; + int err = 0; + hip_list_t *item = NULL, *tmp = NULL; struct hip_peer_addr_list_item *addr; - int i = 0; - struct in6_addr *local_addr = NULL; - struct in6_addr peer_addr; + int i = 0; + struct in6_addr *local_addr = NULL; + struct in6_addr peer_addr; #ifdef CONFIG_HIP_PERFORMANCE HIP_DEBUG("Start PERF_I1_SEND, PERF_BASE\n"); @@ -217,13 +217,13 @@ addr = (struct hip_peer_addr_list_item *) list_entry(item); ipv6_addr_copy(&peer_addr, &addr->address); - err = hip_send_i1_pkt(i1, - dst_hit, - NULL, - &peer_addr, - entry->local_udp_port, - entry->peer_udp_port, - entry); + err = hip_send_i1_pkt(i1, + dst_hit, + NULL, + &peer_addr, + entry->local_udp_port, + entry->peer_udp_port, + entry); /* Do not bail out on error with shotgun. Some * address pairs just might fail. */ @@ -257,16 +257,16 @@ UNUSED const uint32_t ha_state, struct hip_packet_context *ctx) { - hip_transform_suite_t transform_hip_suite, transform_esp_suite; - struct hip_spi_in_item spi_in_data; - struct in6_addr daddr; - const struct hip_param *param = NULL; - struct hip_esp_info *esp_info = NULL; + hip_transform_suite_t transform_hip_suite, transform_esp_suite; + struct hip_spi_in_item spi_in_data; + struct in6_addr daddr; + const struct hip_param *param = NULL; + struct hip_esp_info *esp_info = NULL; struct hip_host_id_entry *host_id_entry = NULL; - char *enc_in_msg = NULL, *host_id_in_enc = NULL; - unsigned char *iv = NULL; - int err = 0, host_id_in_enc_len = 0; - uint32_t spi_in = 0; + char *enc_in_msg = NULL, *host_id_in_enc = NULL; + unsigned char *iv = NULL; + int err = 0, host_id_in_enc_len = 0; + uint32_t spi_in = 0; HIP_IFEL(ctx->error, -1, @@ -328,10 +328,10 @@ (struct hip_tlv_common *) ctx->hadb_entry->our_pub), -1, "Building of param encrypted failed.\n"); - enc_in_msg = hip_get_param_readwrite(ctx->output_msg, - HIP_PARAM_ENCRYPTED); + enc_in_msg = hip_get_param_readwrite(ctx->output_msg, + HIP_PARAM_ENCRYPTED); HIP_ASSERT(enc_in_msg); /* Builder internal error. */ - iv = ((struct hip_encrypted_aes_sha1 *) enc_in_msg)->iv; + iv = ((struct hip_encrypted_aes_sha1 *) enc_in_msg)->iv; get_random_bytes(iv, 16); host_id_in_enc = enc_in_msg + sizeof(struct hip_encrypted_aes_sha1); break; @@ -340,10 +340,10 @@ (struct hip_tlv_common *) ctx->hadb_entry->our_pub), -1, "Building of param encrypted failed.\n"); - enc_in_msg = hip_get_param_readwrite(ctx->output_msg, - HIP_PARAM_ENCRYPTED); + enc_in_msg = hip_get_param_readwrite(ctx->output_msg, + HIP_PARAM_ENCRYPTED); HIP_ASSERT(enc_in_msg); /* Builder internal error. */ - iv = ((struct hip_encrypted_3des_sha1 *) enc_in_msg)->iv; + iv = ((struct hip_encrypted_3des_sha1 *) enc_in_msg)->iv; get_random_bytes(iv, 8); host_id_in_enc = enc_in_msg + sizeof(struct hip_encrypted_3des_sha1); @@ -353,8 +353,8 @@ (struct hip_tlv_common *) ctx->hadb_entry->our_pub), -1, "Building of param encrypted failed.\n"); - enc_in_msg = hip_get_param_readwrite(ctx->output_msg, - HIP_PARAM_ENCRYPTED); + enc_in_msg = hip_get_param_readwrite(ctx->output_msg, + HIP_PARAM_ENCRYPTED); HIP_ASSERT(enc_in_msg); /* Builder internal error. */ iv = NULL; host_id_in_enc = enc_in_msg + @@ -372,8 +372,8 @@ &ctx->input_msg->hitr, HIP_ANY_ALGO, -1)), - -1, - "Unknown HIT\n"); + -1, + "Unknown HIT\n"); HIP_IFEL(hip_build_param_host_id(ctx->output_msg, host_id_entry->host_id), -1, @@ -448,7 +448,7 @@ ctx->hadb_entry->local_udp_port = ctx->msg_ports.src_port; ctx->hadb_entry->peer_udp_port = ctx->msg_ports.dst_port; - ctx->hadb_entry->hip_transform = transform_hip_suite; + ctx->hadb_entry->hip_transform = transform_hip_suite; /* XXX: -EAGAIN */ HIP_DEBUG("set up inbound IPsec SA, SPI=0x%x (host)\n", spi_in); @@ -494,7 +494,7 @@ hip_perf_start_benchmark(perf_set, PERF_SIGN); #endif HIP_IFEL(ctx->hadb_entry->sign(ctx->hadb_entry->our_priv_key, - ctx->output_msg), + ctx->output_msg), -EINVAL, "Could not create signature\n"); #ifdef CONFIG_HIP_PERFORMANCE @@ -522,10 +522,10 @@ HIP_LOCK_HA(ctx->hadb_entry); /* 99999 HIP_IFEB(hip_hadb_add_spi_old(ctx->hadb_entry, - HIP_SPI_DIRECTION_IN, &spi_in_data), - -1, - HIP_UNLOCK_HA(ctx->hadb_entry)); - */ + * HIP_SPI_DIRECTION_IN, &spi_in_data), + * -1, + * HIP_UNLOCK_HA(ctx->hadb_entry)); + */ ctx->hadb_entry->esp_transform = transform_esp_suite; HIP_DEBUG("Saving base exchange encryption data to hadb_entry \n"); @@ -574,12 +574,12 @@ int cookie_k) { hip_common_t *msg = NULL; - hip_srv_t service_list[HIP_TOTAL_EXISTING_SERVICES]; - uint8_t *dh_data1 = NULL, *dh_data2 = NULL; - char order[] = "000"; - int err = 0, dh_size1 = 0, dh_size2 = 0, written1 = 0, written2 = 0; - int mask = 0, i = 0; - unsigned int service_count = 0; + hip_srv_t service_list[HIP_TOTAL_EXISTING_SERVICES]; + uint8_t *dh_data1 = NULL, *dh_data2 = NULL; + char order[] = "000"; + int err = 0, dh_size1 = 0, dh_size2 = 0, written1 = 0, written2 = 0; + int mask = 0, i = 0; + unsigned int service_count = 0; /* Supported HIP and ESP transforms. */ hip_transform_suite_t transform_hip_suite[] = { @@ -708,7 +708,7 @@ /* Fill puzzle parameters */ { struct hip_puzzle *pz; - uint64_t random_i; + uint64_t random_i; HIP_IFEL(!(pz = hip_get_param_readwrite(msg, HIP_PARAM_PUZZLE)), -1, "Internal error\n"); @@ -719,7 +719,7 @@ //pz->opaque[2] = 'P'; /** @todo Remove random_i variable. */ get_random_bytes(&random_i, sizeof(random_i)); - pz->I = random_i; + pz->I = random_i; } /* Packet ready */ @@ -760,14 +760,14 @@ UNUSED const uint32_t ha_state, struct hip_packet_context *ctx) { - int err = 0; - hip_common_t *r1pkt = NULL; - struct in6_addr dst_ip = IN6ADDR_ANY_INIT, - *r1_dst_addr = NULL, - *local_plain_hit = NULL, - *r1_src_addr = &ctx->dst_addr; - in_port_t r1_dst_port = 0; - int relay_para_type = 0; + int err = 0; + hip_common_t *r1pkt = NULL; + struct in6_addr dst_ip = IN6ADDR_ANY_INIT, + *r1_dst_addr = NULL, + *local_plain_hit = NULL, + *r1_src_addr = &ctx->dst_addr; + in_port_t r1_dst_port = 0; + int relay_para_type = 0; HIP_IFEL(ctx->error, -1, @@ -791,7 +791,7 @@ //from relay r1_dst_addr = &ctx->src_addr; r1_dst_port = ctx->msg_ports.src_port; - } else if (relay_para_type == HIP_PARAM_FROM) { + } else if (relay_para_type == HIP_PARAM_FROM) { HIP_DEBUG("Param from\n"); //from RVS, answer to I r1_dst_addr = &dst_ip; @@ -852,7 +852,7 @@ if (relay_para_type == HIP_PARAM_RELAY_FROM) { HIP_DEBUG("Build param relay_to\n"); hip_build_param_relay_to(r1pkt, &dst_ip, r1_dst_port); - } else if (relay_para_type == HIP_PARAM_FROM) { + } else if (relay_para_type == HIP_PARAM_FROM) { HIP_DEBUG("Build param via_rvs\n"); hip_build_param_via_rvs(r1pkt, &ctx->src_addr); } @@ -904,8 +904,8 @@ struct hip_packet_context *ctx) { struct hip_crypto_key hmac; - int err = 0; - uint16_t mask = 0; + int err = 0; + uint16_t mask = 0; HIP_IFEL(ctx->error, -1, @@ -947,8 +947,8 @@ /* For now we just add some random data to see if it works */ HIP_IFEL(hip_build_param_cert(ctx->output_msg, 1, 1, 1, 1, midauth_cert, strlen(midauth_cert)), - -1, - "Building of cert failed\n"); + -1, + "Building of cert failed\n"); #endif @@ -997,7 +997,7 @@ #ifdef CONFIG_HIP_RVS { struct in6_addr dst; - in_port_t dst_port = 0; + in_port_t dst_port = 0; memset(&dst, 0, sizeof(dst)); if ((hip_relay_handle_relay_from(ctx->input_msg, &ctx->src_addr, @@ -1164,14 +1164,14 @@ hip_ha_t *entry, const int retransmit) { - int err = 0, sa_size, sent, len = 0, dupl, try_again, udp = 0; + int err = 0, sa_size, sent, len = 0, dupl, try_again, udp = 0; struct sockaddr_storage src, dst; - int src_is_ipv4 = 0, dst_is_ipv4 = 0, memmoved = 0; - struct sockaddr_in6 *src6 = NULL, *dst6 = NULL; - struct sockaddr_in *src4 = NULL, *dst4 = NULL; - struct in6_addr my_addr; + int src_is_ipv4 = 0, dst_is_ipv4 = 0, memmoved = 0; + struct sockaddr_in6 *src6 = NULL, *dst6 = NULL; + struct sockaddr_in *src4 = NULL, *dst4 = NULL; + struct in6_addr my_addr; /* Points either to v4 or v6 raw sock */ - int hip_raw_sock_output = 0; + int hip_raw_sock_output = 0; /* Verify the existence of obligatory parameters. */ HIP_ASSERT(peer_addr != NULL && msg != NULL); @@ -1195,10 +1195,10 @@ /* Some convinient short-hands to avoid too much casting (could be * an union as well) */ - src6 = (struct sockaddr_in6 *) &src; - dst6 = (struct sockaddr_in6 *) &dst; - src4 = (struct sockaddr_in *) &src; - dst4 = (struct sockaddr_in *) &dst; + src6 = (struct sockaddr_in6 *) &src; + dst6 = (struct sockaddr_in6 *) &dst; + src4 = (struct sockaddr_in *) &src; + dst4 = (struct sockaddr_in *) &dst; memset(&src, 0, sizeof(src)); memset(&dst, 0, sizeof(dst)); @@ -1305,7 +1305,7 @@ /* Insert 32 bits of zero bytes between UDP and HIP */ memmove(((char *) msg) + HIP_UDP_ZERO_BYTES_LEN + sizeof(struct udphdr), msg, len); memset(((char *) msg), 0, HIP_UDP_ZERO_BYTES_LEN + sizeof(struct udphdr)); - len += HIP_UDP_ZERO_BYTES_LEN + sizeof(struct udphdr); + len += HIP_UDP_ZERO_BYTES_LEN + sizeof(struct udphdr); uh->source = htons(src_port); uh->dest = htons(dst_port); @@ -1346,7 +1346,7 @@ struct in6_addr any = IN6ADDR_ANY_INIT; src6->sin6_family = AF_INET6; ipv6_addr_copy(&src6->sin6_addr, &any); - sa_size = sizeof(struct sockaddr_in6); + sa_size = sizeof(struct sockaddr_in6); } bind(hip_raw_sock_output, (struct sockaddr *) &src, sa_size); @@ -1452,11 +1452,11 @@ hip_ha_t *entry, const int retransmit) { - int err = 0; + int err = 0; struct netdev_address *netdev_src_addr = NULL; - struct in6_addr *src_addr = NULL; - hip_list_t *item = NULL, *tmp = NULL; - int i = 0; + struct in6_addr *src_addr = NULL; + hip_list_t *item = NULL, *tmp = NULL; + int i = 0; /* Notice that the shotgun logic requires us to check always the address family. * Depending on the address family, we send the packet using UDP encapsulation or @@ -1486,7 +1486,7 @@ list_for_each_safe(item, tmp, addresses, i) { netdev_src_addr = (struct netdev_address *) list_entry(item); - src_addr = hip_cast_sa_addr((struct sockaddr *) &netdev_src_addr->addr); + src_addr = hip_cast_sa_addr((struct sockaddr *) &netdev_src_addr->addr); if (!are_addresses_compatible(src_addr, peer_addr)) { continue; === modified file 'hipd/pkt_handling.c' --- hipd/pkt_handling.c 2010-11-12 16:42:54 +0000 +++ hipd/pkt_handling.c 2011-01-03 16:06:13 +0000 @@ -42,9 +42,9 @@ struct handle_function { uint16_t priority; - int (*func_ptr)(const uint8_t packet_type, - const uint32_t ha_state, - struct hip_packet_context *ctx); + int (*func_ptr)(const uint8_t packet_type, + const uint32_t ha_state, + struct hip_packet_context *ctx); }; /** @@ -73,7 +73,7 @@ struct hip_packet_context *ctx), const uint16_t priority) { - int err = 0; + int err = 0; struct handle_function *new_entry = NULL; HIP_IFEL(packet_type > HIP_MAX_PACKET_TYPE, @@ -87,13 +87,13 @@ -1, "Error on allocating memory for a handle function entry.\n"); - new_entry->priority = priority; - new_entry->func_ptr = handle_function; + new_entry->priority = priority; + new_entry->func_ptr = handle_function; hip_handle_functions[packet_type][ha_state] = - lmod_register_function(hip_handle_functions[packet_type][ha_state], - new_entry, - priority); + lmod_register_function(hip_handle_functions[packet_type][ha_state], + new_entry, + priority); if (!hip_handle_functions[packet_type][ha_state]) { HIP_ERROR("Error on registering a handle function.\n"); err = -1; @@ -138,7 +138,6 @@ while ((iter = hip_ll_iterate(hip_handle_functions[packet_type][ha_state], iter)) && !ctx->error) { - ((struct handle_function *) iter->ptr)->func_ptr(packet_type, ha_state, ctx); === modified file 'hipd/registration.c' --- hipd/registration.c 2010-11-30 14:50:30 +0000 +++ hipd/registration.c 2011-01-03 16:06:13 +0000 @@ -102,10 +102,10 @@ */ static int hip_del_pending_request_by_expiration(void) { - int idx = 0; - hip_ll_node_t *iter = NULL; + int idx = 0; + hip_ll_node_t *iter = NULL; hip_pending_request_t *request = NULL; - time_t now = time(NULL); + time_t now = time(NULL); /* See hip_del_pending_request() for a comment. */ while ((iter = hip_ll_iterate(&pending_requests, iter)) != NULL) { @@ -243,7 +243,7 @@ */ int hip_del_pending_request(hip_ha_t *entry) { - int idx = 0; + int idx = 0; hip_ll_node_t *iter = NULL; /* Iterate through the linked list. The iterator itself can't be used @@ -276,8 +276,8 @@ */ int hip_del_pending_request_by_type(hip_ha_t *entry, uint8_t reg_type) { - int idx = 0; - hip_ll_node_t *iter = NULL; + int idx = 0; + hip_ll_node_t *iter = NULL; hip_pending_request_t *request = NULL; /* See hip_del_pending_request() for a comment. */ @@ -342,8 +342,8 @@ return -1; } - hip_ll_node_t *iter = 0; - int request_count = 0; + hip_ll_node_t *iter = 0; + int request_count = 0; while ((iter = hip_ll_iterate(&pending_requests, iter)) != NULL) { if (((hip_pending_request_t *) (iter->ptr))->entry == entry) { @@ -368,8 +368,8 @@ */ static int hip_get_pending_request_count(hip_ha_t *entry) { - hip_ll_node_t *iter = 0; - int request_count = 0; + hip_ll_node_t *iter = 0; + int request_count = 0; while ((iter = hip_ll_iterate(&pending_requests, iter)) != NULL) { if (((hip_pending_request_t *) (iter->ptr))->entry == entry) { @@ -425,9 +425,9 @@ int *accepted_count, uint8_t refused_requests[], uint8_t failure_types[], int *refused_count) { - int err = 0, i = 0; + int err = 0, i = 0; hip_relrec_t dummy, *fetch_record = NULL, *new_record = NULL; - uint8_t granted_lifetime = 0; + uint8_t granted_lifetime = 0; memcpy(&(dummy.hit_r), &(entry->hit_peer), sizeof(entry->hit_peer)); @@ -498,7 +498,7 @@ /* Check that the put was succesful. */ if (hip_relht_get(new_record) != NULL) { - accepted_requests[*accepted_count] = + accepted_requests[*accepted_count] = reg_types[i]; accepted_lifetimes[*accepted_count] = granted_lifetime; @@ -583,7 +583,7 @@ uint8_t failure_types[], int *refused_count) { - int err = 0, i = 0; + int err = 0, i = 0; hip_relrec_t dummy, *fetch_record = NULL; memcpy(&(dummy.hit_r), &(entry->hit_peer), sizeof(entry->hit_peer)); @@ -661,7 +661,7 @@ } else { refused_requests[*refused_count] = reg_types[i]; - failure_types[*refused_count] = + failure_types[*refused_count] = HIP_REG_TRANSIENT_CONDITIONS; (*refused_count)++; HIP_ERROR("Cancellation refused.\n"); @@ -704,7 +704,7 @@ const uint8_t *reg_types, int type_count) { - int i = 0; + int i = 0; time_t seconds = 0; /* 'seconds' is just just for debug prints. */ @@ -868,11 +868,11 @@ int hip_handle_param_reg_info(hip_ha_t *entry, hip_common_t *source_msg, hip_common_t *target_msg) { - const struct hip_reg_info *reg_info = NULL; - const uint8_t *reg_types = NULL; - unsigned int type_count = 0; - unsigned int i; - int err = 0; + const struct hip_reg_info *reg_info = NULL; + const uint8_t *reg_types = NULL; + unsigned int type_count = 0; + unsigned int i; + int err = 0; reg_info = hip_get_param(source_msg, HIP_PARAM_REG_INFO); @@ -943,10 +943,10 @@ if (entry->local_controls & HIP_HA_CTRL_LOCAL_REQ_ANY) { int request_count = hip_get_pending_request_count(entry); if (request_count > 0) { - unsigned int j = 0; - int types_to_request = 0; - uint8_t valid_lifetime = 0; - uint8_t type_array[request_count]; + unsigned int j = 0; + int types_to_request = 0; + uint8_t valid_lifetime = 0; + uint8_t type_array[request_count]; hip_pending_request_t *requests[request_count]; i = 0; @@ -969,7 +969,7 @@ /* Copy the Reg Types to an array. Outer loop for the * services we have requested, inner loop for the * services the server offers. */ - for (i = 0; i < (unsigned)request_count; i++) { + for (i = 0; i < (unsigned) request_count; i++) { for (j = 0; j < type_count; j++) { if (requests[i]->reg_type == reg_types[j]) { type_array[types_to_request] = requests[i]->reg_type; @@ -1065,13 +1065,13 @@ int hip_handle_param_reg_request(hip_ha_t *entry, hip_common_t *source_msg, hip_common_t *target_msg) { - int err = 0, type_count = 0, accepted_count = 0, refused_count = 0; + int err = 0, type_count = 0, accepted_count = 0, refused_count = 0; const struct hip_reg_request *reg_request = NULL; - const uint8_t *reg_types = NULL; + const uint8_t *reg_types = NULL; /* Arrays for storing the type reg_types of the accepted and refused * request types. */ - uint8_t *accepted_requests = NULL, *accepted_lifetimes = NULL; - uint8_t *refused_requests = NULL, *failure_types = NULL; + uint8_t *accepted_requests = NULL, *accepted_lifetimes = NULL; + uint8_t *refused_requests = NULL, *failure_types = NULL; reg_request = hip_get_param(source_msg, HIP_PARAM_REG_REQUEST); @@ -1085,8 +1085,8 @@ } /* Get the number of registration types. */ - type_count = hip_get_param_contents_len(reg_request) - - sizeof(reg_request->lifetime); + type_count = hip_get_param_contents_len(reg_request) - + sizeof(reg_request->lifetime); accepted_requests = malloc(sizeof(uint8_t) * type_count); accepted_lifetimes = malloc(sizeof(uint8_t) * type_count); refused_requests = malloc(sizeof(uint8_t) * type_count); @@ -1153,7 +1153,7 @@ if (refused_count > 0) { /* We must add as many REG_FAILED parameters as there are * different failure types. */ - int i, j, to_be_build_count; + int i, j, to_be_build_count; uint8_t reg_types_to_build[refused_count]; uint8_t type_to_check[HIP_TOTAL_EXISTING_FAILURE_TYPES] = HIP_ARRAY_INIT_REG_FAILURES; @@ -1215,9 +1215,9 @@ */ int hip_handle_param_reg_response(hip_ha_t *entry, hip_common_t *msg) { - int err = 0, type_count = 0; + int err = 0, type_count = 0; const struct hip_reg_response *reg_response = NULL; - const uint8_t *reg_types = NULL; + const uint8_t *reg_types = NULL; reg_response = hip_get_param(msg, HIP_PARAM_REG_RESPONSE); @@ -1231,8 +1231,8 @@ type_count = hip_get_param_contents_len(reg_response) - sizeof(reg_response->lifetime); - reg_types = (const uint8_t *) hip_get_param_contents_direct(reg_response) + - sizeof(reg_response->lifetime); + reg_types = (const uint8_t *) hip_get_param_contents_direct(reg_response) + + sizeof(reg_response->lifetime); if (reg_response->lifetime == 0) { hip_del_registration_client(entry, reg_types, type_count); @@ -1307,10 +1307,10 @@ */ int hip_handle_param_reg_failed(hip_ha_t *entry, hip_common_t *msg) { - int err = 0, type_count = 0, i = 0; + int err = 0, type_count = 0, i = 0; const struct hip_reg_failed *reg_failed = NULL; - const uint8_t *reg_types = NULL; - char reason[256]; + const uint8_t *reg_types = NULL; + char reason[256]; reg_failed = hip_get_param(msg, HIP_PARAM_REG_FAILED); @@ -1326,8 +1326,8 @@ while (hip_get_param_type(reg_failed) == HIP_PARAM_REG_FAILED) { type_count = hip_get_param_contents_len(reg_failed) - sizeof(reg_failed->failure_type); - reg_types = (const uint8_t *) hip_get_param_contents_direct(reg_failed) + - sizeof(reg_failed->failure_type); + reg_types = (const uint8_t *) hip_get_param_contents_direct(reg_failed) + + sizeof(reg_failed->failure_type); hip_get_registration_failure_string(reg_failed->failure_type, reason); @@ -1385,7 +1385,7 @@ * no more parameters left. */ i = 0; reg_failed = (const struct hip_reg_failed *) hip_get_next_param(msg, - (const struct hip_tlv_common *)reg_failed); + (const struct hip_tlv_common *) reg_failed); if (reg_failed == NULL) { break; @@ -1408,7 +1408,7 @@ */ int hip_handle_reg_from(hip_ha_t *entry, struct hip_common *msg) { - int err = 0; + int err = 0; const struct hip_reg_from *rfrom = NULL; HIP_DEBUG("Checking msg for REG_FROM parameter.\n"); === modified file 'hipd/registration.h' --- hipd/registration.h 2010-10-15 15:29:14 +0000 +++ hipd/registration.h 2011-01-03 16:06:13 +0000 @@ -51,7 +51,7 @@ uint8_t reg_type; uint8_t lifetime; /** Time when this record was created, seconds since epoch. */ - time_t created; + time_t created; } hip_pending_request_t; /** === modified file 'hipd/user.c' --- hipd/user.c 2010-11-30 15:18:04 +0000 +++ hipd/user.c 2011-01-03 16:06:13 +0000 @@ -95,7 +95,7 @@ struct usr_msg_handle { uint16_t priority; - int (*func_ptr)(hip_common_t *msg, struct sockaddr_in6 *src); + int (*func_ptr)(hip_common_t *msg, struct sockaddr_in6 *src); }; static hip_ll_t *hip_user_msg_handles[HIP_MSG_ROOT_MAX]; @@ -118,7 +118,7 @@ struct sockaddr_in6 *src), const uint16_t priority) { - int err = 0; + int err = 0; struct usr_msg_handle *new_entry = NULL; HIP_IFEL(!(new_entry = malloc(sizeof(struct usr_msg_handle))), @@ -129,9 +129,9 @@ new_entry->func_ptr = handle_func; hip_user_msg_handles[msg_type] = - lmod_register_function(hip_user_msg_handles[msg_type], - new_entry, - priority); + lmod_register_function(hip_user_msg_handles[msg_type], + new_entry, + priority); if (!hip_user_msg_handles[msg_type]) { HIP_ERROR("Error on registering a handle function.\n"); err = -1; @@ -166,7 +166,6 @@ while ((iter = hip_ll_iterate(hip_user_msg_handles[msg_type], iter))) { - ((struct usr_msg_handle *) iter->ptr)->func_ptr(msg, src); } @@ -189,7 +188,6 @@ } } - /** * send a response message back to the origin * @@ -217,11 +215,11 @@ int hip_handle_user_msg(hip_common_t *msg, struct sockaddr_in6 *src) { - const hip_hit_t *src_hit = NULL, *dst_hit = NULL; - hip_ha_t *entry = NULL; - int err = 0, msg_type = 0, reti = 0; - int access_ok = 0, is_root = 0; - const struct hip_tlv_common *param = NULL; + const hip_hit_t *src_hit = NULL, *dst_hit = NULL; + hip_ha_t *entry = NULL; + int err = 0, msg_type = 0, reti = 0; + int access_ok = 0, is_root = 0; + const struct hip_tlv_common *param = NULL; HIP_ASSERT(src->sin6_family == AF_INET6); HIP_DEBUG("User message from port %d\n", htons(src->sin6_port)); @@ -235,7 +233,7 @@ msg_type = hip_get_msg_type(msg); - is_root = ntohs(src->sin6_port) < 1024; + is_root = ntohs(src->sin6_port) < 1024; if (is_root) { access_ok = 1; } else if (!is_root && @@ -319,13 +317,13 @@ "Error when setting daemon DEBUG status to NONE\n"); break; case HIP_MSG_CONF_PUZZLE_NEW: - err = hip_recreate_all_precreated_r1_packets(); + err = hip_recreate_all_precreated_r1_packets(); break; case HIP_MSG_CONF_PUZZLE_GET: - err = hip_get_puzzle_difficulty_msg(msg); + err = hip_get_puzzle_difficulty_msg(msg); break; case HIP_MSG_CONF_PUZZLE_SET: - err = hip_set_puzzle_difficulty_msg(msg); + err = hip_set_puzzle_difficulty_msg(msg); break; case HIP_MSG_CONF_PUZZLE_INC: dst_hit = hip_get_param_contents(msg, HIP_PARAM_HIT); @@ -337,7 +335,7 @@ break; #ifdef CONFIG_HIP_OPPORTUNISTIC case HIP_MSG_GET_PEER_HIT: - err = hip_opp_get_peer_hit(msg, src); + err = hip_opp_get_peer_hit(msg, src); break; #endif case HIP_MSG_CERT_SPKI_VERIFY: @@ -393,16 +391,16 @@ * the hip daemon wants either to register to a server for * additional services or it wants to cancel a registration. * Cancellation is identified with a zero lifetime. */ - const struct hip_reg_request *reg_req = NULL; - hip_pending_request_t *pending_req = NULL; - const uint8_t *reg_types = NULL; - const struct in6_addr *dst_ip = NULL; - int i = 0, type_count = 0; - int opp_mode = 0; - int add_to_global = 0; - struct sockaddr_in6 sock_addr6; - struct sockaddr_in sock_addr; - struct in6_addr server_addr, hitr; + const struct hip_reg_request *reg_req = NULL; + hip_pending_request_t *pending_req = NULL; + const uint8_t *reg_types = NULL; + const struct in6_addr *dst_ip = NULL; + int i = 0, type_count = 0; + int opp_mode = 0; + int add_to_global = 0; + struct sockaddr_in6 sock_addr6; + struct sockaddr_in sock_addr; + struct in6_addr server_addr, hitr; #ifdef CONFIG_HIP_OPPORTUNISTIC struct in6_addr *hit_local; #endif @@ -443,12 +441,12 @@ HIP_DEBUG("No HIT parameter found from the user " \ "message. Trying opportunistic mode \n"); opp_mode = 1; - } else if (dst_ip == NULL) { + } else if (dst_ip == NULL) { HIP_ERROR("No IPV6 parameter found from the user " \ "message.\n"); err = -1; goto out_err; - } else if (reg_req == NULL) { + } else if (reg_req == NULL) { HIP_ERROR("No REG_REQUEST parameter found from the " \ "user message.\n"); err = -1; @@ -476,7 +474,7 @@ hit_local = malloc(sizeof(struct in6_addr)); HIP_IFEL(hip_get_default_hit(hit_local), -1, "Error retrieving default HIT \n"); - entry = hip_opp_add_map(dst_ip, hit_local, src); + entry = hip_opp_add_map(dst_ip, hit_local, src); } #endif reg_types = reg_req->reg_type; @@ -538,7 +536,6 @@ hip_add_address_to_list((struct sockaddr *) &sock_addr, 0, HIP_FLAG_CONTROL_TRAFFIC_ONLY); - } else { memset(&sock_addr6, 0, sizeof(sock_addr6)); sock_addr6.sin6_family = AF_INET6; @@ -749,7 +746,7 @@ HIP_PARAM_LSI, sizeof(hip_lsi_t)), -1); } else if (dst_hit) { /* Assign a new LSI */ struct hip_common msg_tmp; - hip_lsi_t lsi; + hip_lsi_t lsi; memset(&msg_tmp, 0, sizeof(msg_tmp)); hip_generate_peer_lsi(&lsi); @@ -771,9 +768,9 @@ HIP_DEBUG("Setting local NAT port\n"); hip_set_local_nat_udp_port(nat_port->port); /* We need to recreate only the input socket to bind to the new - port. Output port must be left intact as it is a raw socket */ + * port. Output port must be left intact as it is a raw socket */ close(hip_nat_sock_input_udp); - hip_nat_sock_input_udp = 0; + hip_nat_sock_input_udp = 0; hip_create_nat_sock_udp(&hip_nat_sock_input_udp, 0, 0); } else { HIP_DEBUG("Setting peer NAT port\n"); @@ -834,10 +831,10 @@ break; case HIP_MSG_MAP_ID_TO_ADDR: { - const struct in6_addr *id = NULL; - const hip_hit_t *hit = NULL; - hip_lsi_t lsi; - struct in6_addr addr; + const struct in6_addr *id = NULL; + const hip_hit_t *hit = NULL; + hip_lsi_t lsi; + struct in6_addr addr; HIP_IFE(!(param = hip_get_param(msg, HIP_PARAM_IPV6_ADDR)), -1); HIP_IFE(!(id = hip_get_param_contents_direct(param)), -1); @@ -874,7 +871,7 @@ case HIP_MSG_LSI_TO_HIT: { const hip_lsi_t *lsi; - hip_ha_t *ha; + hip_ha_t *ha; HIP_IFE(!(param = hip_get_param(msg, HIP_PARAM_LSI)), -1); HIP_IFE(!(lsi = hip_get_param_contents_direct(param)), -1); === modified file 'hipd/user_ipsec_hipd_msg.c' --- hipd/user_ipsec_hipd_msg.c 2010-11-30 14:50:30 +0000 +++ hipd/user_ipsec_hipd_msg.c 2011-01-03 16:06:13 +0000 @@ -58,7 +58,7 @@ int hip_userspace_ipsec_activate(const struct hip_common *msg) { const struct hip_tlv_common *param = NULL; - int err = 0, activate = 0; + int err = 0, activate = 0; // process message and store anchor elements in the db param = hip_get_param(msg, HIP_PARAM_INT); @@ -112,7 +112,7 @@ hip_ha_t *entry) { struct hip_common *msg = NULL; - int err = 0; + int err = 0; HIP_IFEL(!(msg = malloc(HIP_MAX_PACKET)), -1, "alloc memory for adding sa entry\n"); @@ -228,7 +228,7 @@ const int dst_port) { struct hip_common *msg = NULL; - int err = 0; + int err = 0; HIP_IFEL(!(msg = malloc(HIP_MAX_PACKET)), -1, "alloc memory for adding sa entry\n"); @@ -279,7 +279,7 @@ struct hip_common *create_flush_all_sa_msg(void) { struct hip_common *msg = NULL; - int err = 0; + int err = 0; HIP_IFEL(!(msg = malloc(HIP_MAX_PACKET)), -1, "alloc memory for adding sa entry\n"); === modified file 'hipd/user_ipsec_sadb_api.c' --- hipd/user_ipsec_sadb_api.c 2010-11-29 08:58:13 +0000 +++ hipd/user_ipsec_sadb_api.c 2011-01-03 16:06:13 +0000 @@ -56,8 +56,8 @@ static int hip_userspace_ipsec_send_to_fw(const struct hip_common *msg) { struct sockaddr_in6 hip_fw_addr; - struct in6_addr loopback = in6addr_loopback; - int err = 0; + struct in6_addr loopback = in6addr_loopback; + int err = 0; HIP_ASSERT(msg != NULL); @@ -112,8 +112,8 @@ hip_ha_t *entry) { struct hip_common *msg = NULL; - in_port_t sport, dport; - int err = 0; + in_port_t sport, dport; + int err = 0; HIP_ASSERT(spi != 0); === modified file 'lib/core/builder.c' --- lib/core/builder.c 2010-12-13 21:12:34 +0000 +++ lib/core/builder.c 2011-01-03 16:06:13 +0000 @@ -492,7 +492,7 @@ if (seconds == 0) { *lifetime = 0; return -1; - } else if (seconds > 15384774) { + } else if (seconds > 15384774) { *lifetime = 255; return -1; } else { @@ -578,7 +578,7 @@ */ static int hip_check_network_msg_type(const struct hip_common *msg) { - int ok = 0; + int ok = 0; hip_hdr_type_t supported[] = { HIP_I1, @@ -633,7 +633,7 @@ */ static int hip_check_network_param_type(const struct hip_tlv_common *param) { - int ok = 0; + int ok = 0; hip_tlv_type_t i; hip_tlv_type_t valid[] = { @@ -725,13 +725,13 @@ static int hip_check_param_contents_len(const struct hip_common *msg, const struct hip_tlv_common *param) { - int ok = 0; + int ok = 0; /* length in bytes */ int param_len = hip_get_param_total_len(param); /* cast pointers to a compatible type for comparison below */ - const uint8_t *msg_pos = (const uint8_t *) msg; - const uint8_t *param_pos = (const uint8_t *) param; + const uint8_t *msg_pos = (const uint8_t *) msg; + const uint8_t *param_pos = (const uint8_t *) param; /* Note: the lower limit is not checked, because there really is no * lower limit. */ @@ -762,7 +762,7 @@ const struct hip_tlv_common *current_param) { const struct hip_tlv_common *next_param = NULL; - const uint8_t *pos = (const uint8_t *) current_param; + const uint8_t *pos = (const uint8_t *) current_param; if (!msg) { HIP_ERROR("msg null\n"); @@ -809,7 +809,7 @@ struct hip_tlv_common *current_param) { struct hip_tlv_common *next_param = NULL; - uint8_t *pos = (uint8_t *) current_param; + uint8_t *pos = (uint8_t *) current_param; if (!msg) { HIP_ERROR("msg null\n"); @@ -858,7 +858,7 @@ const void *hip_get_param(const struct hip_common *msg, hip_tlv_type_t param_type) { - const void *matched = NULL; + const void *matched = NULL; const struct hip_tlv_common *current_param = NULL; /** @todo Optimize: stop when next parameter's type is greater than the @@ -889,7 +889,7 @@ void *hip_get_param_readwrite(struct hip_common *msg, hip_tlv_type_t param_type) { - void *matched = NULL; + void *matched = NULL; struct hip_tlv_common *current_param = NULL; /** @todo Optimize: stop when next parameter's type is greater than the @@ -970,8 +970,8 @@ { struct hip_tlv_common *current_param = NULL; struct hip_tlv_common *last_used_pos = NULL; - void *free_pos = NULL; - uint8_t *first_pos = ((uint8_t *) msg) + sizeof(struct hip_common); + void *free_pos = NULL; + uint8_t *first_pos = ((uint8_t *) msg) + sizeof(struct hip_common); /* Check for no parameters: this has to be checked separately because * we cannot tell from the return value of get_next_param() whether @@ -1012,7 +1012,7 @@ void hip_calc_hdr_len(struct hip_common *msg) { struct hip_tlv_common *param = NULL; - uint8_t *pos = (uint8_t *) msg; + uint8_t *pos = (uint8_t *) msg; /* We cannot call get_next() or get_free() because they need a valid * header length which is to be (possibly) calculated now. So, the @@ -1033,7 +1033,7 @@ param = (struct hip_tlv_common *) pos; if (hip_get_param_contents_len(param) != 0) { /* Case 1 and 3: a new parameter (with a valid length) has - * been added and the message length has not been updated. */ + * been added and the message length has not been updated. */ hip_set_msg_total_len(msg, hip_get_msg_total_len(msg) + hip_get_param_total_len(param)); /* XX assert: new pos must be of type 0 (assume only one @@ -1276,6 +1276,7 @@ } return "UNDEFINED"; } + #endif /* CONFIG_HIP_DEBUG */ /** @@ -1288,12 +1289,12 @@ void hip_dump_msg(const struct hip_common *msg) { const struct hip_tlv_common *current_param = NULL; - const uint8_t *contents = NULL; + const uint8_t *contents = NULL; /* The value of the "Length"-field in current parameter. */ - hip_tlv_len_t len = 0; + hip_tlv_len_t len = 0; /* Total length of the parameter (type+length+value+padding), and the * length of padding. */ - size_t total_len = 0, pad_len = 0; + size_t total_len = 0, pad_len = 0; HIP_DEBUG("--------------- MSG START ------------------\n"); HIP_DEBUG("Msg type : %s (%d)\n", @@ -1304,12 +1305,12 @@ HIP_DEBUG("Msg controls: 0x%04x\n", msg->control); while ((current_param = hip_get_next_param(msg, current_param))) { - len = hip_get_param_contents_len(current_param); + len = hip_get_param_contents_len(current_param); /* Formula from base draft section 5.2.1. */ total_len = 11 + len - (len + 3) % 8; pad_len = total_len - len - sizeof(hip_tlv_type_t) - sizeof(hip_tlv_len_t); - contents = hip_get_param_contents_direct(current_param); + contents = hip_get_param_contents_direct(current_param); HIP_DEBUG("Parameter type:%s (%d). Total length: %d (4 type+" \ "length, %d content, %d padding).\n", hip_param_type_name(hip_get_param_type(current_param)), @@ -1332,7 +1333,7 @@ int hip_check_userspace_msg(const struct hip_common *msg) { const struct hip_tlv_common *current_param = NULL; - int err = 0; + int err = 0; if (!hip_check_user_msg_len(msg)) { err = -EMSGSIZE; @@ -1372,7 +1373,7 @@ static int hip_check_network_param_attributes(const struct hip_tlv_common *param) { hip_tlv_type_t type = hip_get_param_type(param); - int err = 0; + int err = 0; switch (type) { case HIP_PARAM_HIP_TRANSFORM: @@ -1411,9 +1412,9 @@ */ int hip_check_network_msg(const struct hip_common *msg) { - const struct hip_tlv_common *current_param = NULL; - hip_tlv_type_t current_param_type = 0, prev_param_type = 0; - int err = 0; + const struct hip_tlv_common *current_param = NULL; + hip_tlv_type_t current_param_type = 0, prev_param_type = 0; + int err = 0; /* Checksum of the message header is verified in input.c */ @@ -1446,7 +1447,7 @@ ((current_param_type < HIP_LOWER_TRANSFORM_TYPE || current_param_type > HIP_UPPER_TRANSFORM_TYPE) && (prev_param_type < HIP_LOWER_TRANSFORM_TYPE || - prev_param_type > HIP_UPPER_TRANSFORM_TYPE))) { + prev_param_type > HIP_UPPER_TRANSFORM_TYPE))) { /* According to draft-ietf-hip-base-03 parameter type order * strictly enforced, except for * HIP_LOWER_TRANSFORM_TYPE - HIP_UPPER_TRANSFORM_TYPE @@ -1494,11 +1495,11 @@ hip_tlv_len_t param_hdr_size, const void *contents) { - const struct hip_tlv_common *param = (const struct hip_tlv_common *) parameter_hdr; - const void *src = NULL; - uint8_t *dst = NULL; - int err = 0, size = 0; - uint8_t *max_dst = ((uint8_t *) msg) + HIP_MAX_PACKET; + const struct hip_tlv_common *param = (const struct hip_tlv_common *) parameter_hdr; + const void *src = NULL; + uint8_t *dst = NULL; + int err = 0, size = 0; + uint8_t *max_dst = ((uint8_t *) msg) + HIP_MAX_PACKET; if (msg == NULL) { HIP_ERROR("Message is NULL.\n"); @@ -1622,7 +1623,7 @@ */ int hip_build_param(struct hip_common *msg, const void *tlv_common) { - int err = 0; + int err = 0; const uint8_t *contents = ((const uint8_t *) tlv_common) + sizeof(struct hip_tlv_common); if (tlv_common == NULL) { @@ -1757,12 +1758,12 @@ msg->payload_proto = IPPROTO_NONE; /* 1 byte, no htons() */ /* Do not touch the length; it is written by param builders */ - msg->type_hdr = type_hdr; /* 1 byte, no htons() */ + msg->type_hdr = type_hdr; /* 1 byte, no htons() */ /* version includes the SHIM6 bit */ - msg->ver_res = (HIP_VER_RES << 4) | 1; /* 1 byte, no htons() */ + msg->ver_res = (HIP_VER_RES << 4) | 1; /* 1 byte, no htons() */ - msg->control = htons(control); - msg->checksum = htons(0); /* this will be written by xmit */ + msg->control = htons(control); + msg->checksum = htons(0); /* this will be written by xmit */ ipv6_addr_copy(&msg->hits, hit_sender ? hit_sender : &in6addr_any); ipv6_addr_copy(&msg->hitr, hit_receiver ? hit_receiver : &in6addr_any); @@ -1784,7 +1785,7 @@ const struct hip_crypto_key *key, hip_tlv_type_t param_type) { - int err = 0; + int err = 0; struct hip_hmac hmac; hip_set_param_type((struct hip_tlv_common *) &hmac, param_type); @@ -1833,7 +1834,7 @@ struct hip_host_id *host_id) { const struct hip_tlv_common *param = NULL; - int err = 0; + int err = 0; HIP_HEXDUMP("host id", host_id, hip_get_param_total_len(host_id)); @@ -1845,8 +1846,7 @@ /* copy parameters to a temporary buffer to calculate * pseudo-hmac (includes the host id) */ while ((param = hip_get_next_param(msg, param)) && - hip_get_param_type(param) < HIP_PARAM_HMAC2) - { + hip_get_param_type(param) < HIP_PARAM_HMAC2) { HIP_IFEL(hip_build_param(msg_copy, param), -1, "Failed to build param\n"); @@ -1879,9 +1879,9 @@ struct hip_crypto_key *key, struct hip_host_id *host_id) { - struct hip_hmac hmac2; + struct hip_hmac hmac2; struct hip_common *msg_copy = NULL; - int err = 0; + int err = 0; HIP_IFEL(!(msg_copy = hip_msg_alloc()), -ENOMEM, "Message alloc\n"); @@ -1896,7 +1896,7 @@ HIP_IFEL(hip_write_hmac(HIP_DIGEST_SHA1_HMAC, key->key, msg_copy, hip_get_msg_total_len(msg_copy), hmac2.hmac_data), - -EFAULT, + -EFAULT, "Error while building HMAC\n"); err = hip_build_param(msg, &hmac2); @@ -1985,11 +1985,11 @@ int hip_build_param_encrypted_aes_sha1(struct hip_common *msg, struct hip_tlv_common *param) { - int rem, err = 0; + int rem, err = 0; struct hip_encrypted_aes_sha1 enc; - int param_len = hip_get_param_total_len(param); - struct hip_tlv_common *common = param; - char *param_padded = NULL; + int param_len = hip_get_param_total_len(param); + struct hip_tlv_common *common = param; + char *param_padded = NULL; hip_set_param_type((struct hip_tlv_common *) &enc, HIP_PARAM_ENCRYPTED); enc.reserved = htonl(0); @@ -2056,7 +2056,7 @@ /* note: if you make changes in this function, make them also in * build_param_signature_contents(), because it is almost the same */ - int err = 0; + int err = 0; struct hip_sig2 sig2; HIP_ASSERT(sizeof(struct hip_sig2) >= sizeof(struct hip_tlv_common)); @@ -2066,8 +2066,8 @@ contents_size); sig2.algorithm = algorithm; /* algo is 8 bits, no htons */ - err = hip_build_generic_param(msg, &sig2, - sizeof(struct hip_sig2), contents); + err = hip_build_generic_param(msg, &sig2, + sizeof(struct hip_sig2), contents); return err; } @@ -2093,7 +2093,7 @@ /* note: if you make changes in this function, make them also in * build_param_signature_contents2(), because it is almost the same */ - int err = 0; + int err = 0; struct hip_sig sig; HIP_ASSERT(sizeof(struct hip_sig) >= sizeof(struct hip_tlv_common)); @@ -2103,8 +2103,8 @@ contents_size); sig.algorithm = algorithm; /* algo is 8 bits, no htons */ - err = hip_build_generic_param(msg, &sig, - sizeof(struct hip_sig), contents); + err = hip_build_generic_param(msg, &sig, + sizeof(struct hip_sig), contents); return err; } @@ -2123,7 +2123,7 @@ int sign, int request) { struct hip_echo_request ping; - int err; + int err; if (request) { hip_set_param_type((struct hip_tlv_common *) &ping, sign ? HIP_PARAM_ECHO_REQUEST_SIGN : HIP_PARAM_ECHO_REQUEST); @@ -2147,7 +2147,7 @@ int hip_build_param_r1_counter(struct hip_common *msg, uint64_t generation) { struct hip_r1_counter r1gen; - int err = 0; + int err = 0; /* note: the length cannot be calculated with calc_param_len() */ hip_set_param_contents_len((struct hip_tlv_common *) &r1gen, @@ -2156,11 +2156,11 @@ /* Type 2 (in R1) or 3 (in I2) */ hip_set_param_type((struct hip_tlv_common *) &r1gen, HIP_PARAM_R1_COUNTER); - r1gen.reserved = 0; + r1gen.reserved = 0; r1gen.generation = hton64(generation); - err = hip_build_param(msg, &r1gen); + err = hip_build_param(msg, &r1gen); return err; } @@ -2177,7 +2177,7 @@ int hip_build_param_via_rvs(struct hip_common *msg, const struct in6_addr rvs_addresses[]) { - int err = 0; + int err = 0; struct hip_via_rvs viarvs; hip_set_param_type((struct hip_tlv_common *) &viarvs, HIP_PARAM_VIA_RVS); @@ -2203,7 +2203,7 @@ const in_port_t port) { struct hip_relay_to relay_to; - int err = 0; + int err = 0; hip_set_param_type((struct hip_tlv_common *) &relay_to, HIP_PARAM_RELAY_TO); ipv6_addr_copy((struct in6_addr *) &relay_to.address, addr); @@ -2212,7 +2212,7 @@ relay_to.protocol = HIP_NAT_PROTO_UDP; hip_calc_generic_param_len((struct hip_tlv_common *) &relay_to, sizeof(relay_to), 0); - err = hip_build_param(msg, &relay_to); + err = hip_build_param(msg, &relay_to); return err; } @@ -2266,11 +2266,11 @@ const void *srv_list, const unsigned int service_count) { - int err = 0; - unsigned i = 0; - const hip_srv_t *service_list = (const hip_srv_t *) srv_list; + int err = 0; + unsigned i = 0; + const hip_srv_t *service_list = (const hip_srv_t *) srv_list; struct hip_reg_info reg_info; - uint8_t reg_type[service_count]; + uint8_t reg_type[service_count]; if (service_count == 0) { return 0; @@ -2321,7 +2321,7 @@ int hip_build_param_reg_request(hip_common_t *msg, const uint8_t lifetime, const uint8_t *type_list, const int type_count) { - int err = 0; + int err = 0; struct hip_reg_request rreq; hip_set_param_type((struct hip_tlv_common *) &rreq, HIP_PARAM_REG_REQUEST); @@ -2343,7 +2343,7 @@ int hip_build_param_reg_response(hip_common_t *msg, const uint8_t lifetime, const uint8_t *type_list, const int type_count) { - int err = 0; + int err = 0; struct hip_reg_response rres; hip_set_param_type((struct hip_tlv_common *) &rres, HIP_PARAM_REG_RESPONSE); @@ -2365,7 +2365,7 @@ int hip_build_param_reg_failed(struct hip_common *msg, uint8_t failure_type, uint8_t *type_list, int type_count) { - int err = 0; + int err = 0; struct hip_reg_failed reg_failed; if (type_count == 0) { @@ -2407,7 +2407,7 @@ uint8_t lifetime, uint32_t opaque, uint64_t random_i) { struct hip_puzzle puzzle; - int err = 0; + int err = 0; /* note: the length cannot be calculated with calc_param_len() */ hip_set_param_contents_len((struct hip_tlv_common *) &puzzle, @@ -2453,7 +2453,7 @@ uint8_t opaque_len) { struct hip_challenge_request puzzle; - int err = 0; + int err = 0; /* note: the length cannot be calculated with calc_param_len() */ hip_set_param_contents_len((struct hip_tlv_common *) &puzzle, @@ -2475,7 +2475,6 @@ return err; } - /** * Build and append a HIP solution into the message. * @@ -2495,7 +2494,7 @@ uint64_t val_J) { struct hip_challenge_response cookie; - int err = 0, opaque_len = 0; + int err = 0, opaque_len = 0; /* note: the length cannot be calculated with calc_param_len() */ hip_set_param_contents_len((struct hip_tlv_common *) &cookie, @@ -2516,6 +2515,7 @@ hip_get_param_contents_direct(&cookie)); return err; } + #endif /* CONFIG_HIP_MIDAUTH */ /** @@ -2537,7 +2537,7 @@ uint64_t val_J) { struct hip_solution cookie; - int err = 0; + int err = 0; /* note: the length cannot be calculated with calc_param_len() */ hip_set_param_contents_len((struct hip_tlv_common *) &cookie, @@ -2546,14 +2546,14 @@ /* Type 2 (in R1) or 3 (in I2) */ hip_set_param_type((struct hip_tlv_common *) &cookie, HIP_PARAM_SOLUTION); - cookie.J = hton64(val_J); + cookie.J = hton64(val_J); memcpy(&cookie.K, &pz->K, 12); /* copy: K (1), reserved (1), * opaque (2) and I (8 bytes). */ cookie.reserved = 0; - err = hip_build_generic_param(msg, - &cookie, - sizeof(struct hip_tlv_common), - hip_get_param_contents_direct(&cookie)); + err = hip_build_generic_param(msg, + &cookie, + sizeof(struct hip_tlv_common), + hip_get_param_contents_direct(&cookie)); return err; } @@ -2580,11 +2580,11 @@ void *pubkey2, hip_tlv_len_t pubkey_len2) { - int err = 0; + int err = 0; struct hip_diffie_hellman diffie_hellman; - uint8_t *value = NULL, *value_tmp = NULL; - hip_tlv_len_t pubkey_len = pubkey_len1 + sizeof(uint8_t) + - sizeof(uint16_t) + pubkey_len2; + uint8_t *value = NULL, *value_tmp = NULL; + hip_tlv_len_t pubkey_len = pubkey_len1 + sizeof(uint8_t) + + sizeof(uint16_t) + pubkey_len2; uint16_t tmp_pubkey_len2 = 0; @@ -2619,7 +2619,7 @@ *value_tmp++ = group_id2; tmp_pubkey_len2 = htons(pubkey_len2); memcpy(value_tmp, &tmp_pubkey_len2, sizeof(uint16_t)); - value_tmp += sizeof(uint16_t); + value_tmp += sizeof(uint16_t); memcpy(value_tmp, pubkey2, pubkey_len2); } else { memcpy(value_tmp, pubkey1, pubkey_len1); @@ -2672,9 +2672,9 @@ const hip_transform_suite_t transform_suite[], const uint16_t transform_count) { - int err = 0; - uint16_t i; - uint16_t transform_max; + int err = 0; + uint16_t i; + uint16_t transform_max; struct hip_esp_transform transform_param; transform_max = hip_get_transform_max(HIP_PARAM_ESP_TRANSFORM); @@ -2717,9 +2717,9 @@ const hip_transform_suite_t transform_suite[], const uint16_t transform_count) { - int err = 0; - uint16_t i; - uint16_t transform_max; + int err = 0; + uint16_t i; + uint16_t transform_max; struct hip_hip_transform transform_param; transform_max = hip_get_transform_max(HIP_PARAM_HIP_TRANSFORM); @@ -2765,28 +2765,28 @@ * which MUST match one of the values offered to the Initiator in * the R1 packet. Does this function check this? * -Lauri 01.08.2008. */ - hip_tlv_type_t type; - uint16_t supported_hip_tf[] = { HIP_HIP_NULL_SHA1, - HIP_HIP_3DES_SHA1, - HIP_HIP_AES_SHA1}; - uint16_t supported_esp_tf[] = { HIP_ESP_NULL_SHA1, - HIP_ESP_3DES_SHA1, - HIP_ESP_AES_SHA1 }; - const uint16_t *table = NULL; + hip_tlv_type_t type; + uint16_t supported_hip_tf[] = { HIP_HIP_NULL_SHA1, + HIP_HIP_3DES_SHA1, + HIP_HIP_AES_SHA1 }; + uint16_t supported_esp_tf[] = { HIP_ESP_NULL_SHA1, + HIP_ESP_3DES_SHA1, + HIP_ESP_AES_SHA1 }; + const uint16_t *table = NULL; const uint16_t *tfm; - int table_n = 0, pkt_tfms = 0, i; + int table_n = 0, pkt_tfms = 0, i; type = hip_get_param_type(transform_tlv); if (type == HIP_PARAM_HIP_TRANSFORM) { table = supported_hip_tf; table_n = sizeof(supported_hip_tf) / sizeof(uint16_t); - tfm = (const uint16_t*) ((const uint8_t *) transform_tlv + sizeof(struct hip_tlv_common)); + tfm = (const uint16_t *) ((const uint8_t *) transform_tlv + sizeof(struct hip_tlv_common)); pkt_tfms = hip_get_param_contents_len(transform_tlv) / sizeof(uint16_t); } else if (type == HIP_PARAM_ESP_TRANSFORM) { - table = supported_esp_tf; - table_n = sizeof(supported_esp_tf) / sizeof(uint16_t); - tfm = (const uint16_t*) ((const uint8_t *) transform_tlv + - sizeof(struct hip_tlv_common) + sizeof(uint16_t)); + table = supported_esp_tf; + table_n = sizeof(supported_esp_tf) / sizeof(uint16_t); + tfm = (const uint16_t *) ((const uint8_t *) transform_tlv + + sizeof(struct hip_tlv_common) + sizeof(uint16_t)); pkt_tfms = (hip_get_param_contents_len(transform_tlv) - sizeof(uint16_t)) / sizeof(uint16_t); } else { HIP_ERROR("Invalid type %u\n", type); @@ -2819,7 +2819,7 @@ uint8_t *transforms) { struct esp_prot_preferred_tfms prot_transforms; - int err = 0, i; + int err = 0, i; hip_set_param_type((struct hip_tlv_common *) &prot_transforms, HIP_PARAM_ESP_PROT_TRANSFORMS); @@ -2863,7 +2863,7 @@ int hash_length, int hash_item_length) { - int err = 0; + int err = 0; struct esp_prot_anchor esp_anchor; HIP_ASSERT(msg != NULL); @@ -2898,7 +2898,7 @@ hip_set_param_contents_len((struct hip_tlv_common *) &esp_anchor, sizeof(uint8_t) + sizeof(uint32_t) + 2 - * hash_length); + * hash_length); err = hip_build_generic_param(msg, &esp_anchor, @@ -2931,7 +2931,7 @@ int branch_length, const unsigned char *branch_nodes) { - int err = 0; + int err = 0; struct esp_prot_branch branch; HIP_ASSERT(msg != NULL); @@ -2948,7 +2948,7 @@ memcpy(&branch.branch_nodes[0], branch_nodes, branch_length); hip_set_param_contents_len((struct hip_tlv_common *) &branch, 2 - * sizeof(uint32_t) + branch_length); + * sizeof(uint32_t) + branch_length); err = hip_build_generic_param(msg, &branch, @@ -2974,7 +2974,7 @@ int secret_length, const unsigned char *secret) { - int err = 0; + int err = 0; struct esp_prot_secret esp_secret; HIP_ASSERT(msg != NULL); @@ -3013,7 +3013,7 @@ uint8_t root_length, unsigned char *root) { - int err = 0; + int err = 0; struct esp_prot_root esp_root; HIP_ASSERT(msg != NULL); @@ -3058,7 +3058,7 @@ uint32_t old_spi, uint32_t new_spi) { - int err = 0; + int err = 0; struct hip_esp_info esp_info; hip_set_param_type((struct hip_tlv_common *) &esp_info, HIP_PARAM_ESP_INFO); @@ -3067,10 +3067,10 @@ sizeof(struct hip_esp_info), 0); - esp_info.reserved = htonl(0); + esp_info.reserved = htonl(0); esp_info.keymat_index = htons(keymat_index); - esp_info.old_spi = htonl(old_spi); - esp_info.new_spi = htonl(new_spi); + esp_info.old_spi = htonl(old_spi); + esp_info.new_spi = htonl(new_spi); err = hip_build_param(msg, &esp_info); return err; @@ -3091,7 +3091,7 @@ int hip_build_param_encrypted_3des_sha1(struct hip_common *msg, struct hip_tlv_common *param) { - int err = 0; + int err = 0; struct hip_encrypted_3des_sha1 enc; hip_set_param_type((struct hip_tlv_common *) &enc, HIP_PARAM_ENCRYPTED); @@ -3122,7 +3122,7 @@ int hip_build_param_encrypted_null_sha1(struct hip_common *msg, struct hip_tlv_common *param) { - int err = 0; + int err = 0; struct hip_encrypted_null_sha1 enc; hip_set_param_type((struct hip_tlv_common *) &enc, HIP_PARAM_ENCRYPTED); @@ -3133,7 +3133,7 @@ /* copy the IV *IF* needed, and then the encrypted data */ - err = hip_build_generic_param(msg, &enc, sizeof(enc), param); + err = hip_build_generic_param(msg, &enc, sizeof(enc), param); return err; } @@ -3150,7 +3150,7 @@ int hip_build_host_id_from_param(const struct hip_host_id *wire_host_id, struct hip_host_id *peer_host_id) { - int err = 0; + int err = 0; uint16_t header_len; uint16_t key_len; uint16_t fqdn_len; @@ -3158,12 +3158,12 @@ -1, "Param has wrong type (not HIP_PARAM_HOST_ID)"); // copy the header, key and fqdn - header_len = sizeof(struct hip_host_id) - - sizeof(peer_host_id->key) - - sizeof(peer_host_id->hostname); - fqdn_len = ntohs(wire_host_id->di_type_length) & 0x0FFF; - key_len = ntohs(wire_host_id->hi_length) - - sizeof(struct hip_host_id_key_rdata); + header_len = sizeof(struct hip_host_id) - + sizeof(peer_host_id->key) - + sizeof(peer_host_id->hostname); + fqdn_len = ntohs(wire_host_id->di_type_length) & 0x0FFF; + key_len = ntohs(wire_host_id->hi_length) - + sizeof(struct hip_host_id_key_rdata); memcpy(peer_host_id, wire_host_id, header_len); memcpy(peer_host_id->key, wire_host_id->key, key_len); memcpy(peer_host_id->hostname, &wire_host_id->key[key_len], fqdn_len); @@ -3190,18 +3190,18 @@ const struct hip_host_id *host_id) { struct hip_host_id new_host_id; - uint16_t header_len; - uint16_t fqdn_len; - uint16_t key_len; - uint16_t par_len; + uint16_t header_len; + uint16_t fqdn_len; + uint16_t key_len; + uint16_t par_len; // eliminate unused space by copying fqdn directly behind the keyrr - header_len = sizeof(struct hip_host_id) - - sizeof(host_id->key) - - sizeof(host_id->hostname); - fqdn_len = ntohs(host_id->di_type_length) & 0x0FFF; - key_len = ntohs(host_id->hi_length) - - sizeof(struct hip_host_id_key_rdata); + header_len = sizeof(struct hip_host_id) - + sizeof(host_id->key) - + sizeof(host_id->hostname); + fqdn_len = ntohs(host_id->di_type_length) & 0x0FFF; + key_len = ntohs(host_id->hi_length) - + sizeof(struct hip_host_id_key_rdata); memcpy(&new_host_id, host_id, header_len); memcpy(&new_host_id.key[0], host_id->key, key_len); memcpy(&new_host_id.key[key_len], host_id->hostname, fqdn_len); @@ -3238,7 +3238,7 @@ fqdn_len = 0; } - host_id_hdr->hi_length = htons(hi_len); + host_id_hdr->hi_length = htons(hi_len); /* length = 12 bits, di_type = 4 bits */ host_id_hdr->di_type_length = htons(fqdn_len | 0x1000); /* if the length is 0, then the type should also be zero */ @@ -3251,10 +3251,10 @@ sizeof(struct hip_host_id), 0); - host_id_hdr->rdata.flags = htons(0x0202); /* key is for a host */ + host_id_hdr->rdata.flags = htons(0x0202); /* key is for a host */ /* RFC 4034 obsoletes RFC 2535 and flags field differ */ - host_id_hdr->rdata.protocol = 0xFF; /* RFC 2535 */ + host_id_hdr->rdata.protocol = 0xFF; /* RFC 2535 */ /* algo is 8 bits, no htons */ host_id_hdr->rdata.algorithm = algorithm; } @@ -3308,7 +3308,7 @@ fqdn_len = 0; } - host_id_hdr->hi_length = htons(hi_len); + host_id_hdr->hi_length = htons(hi_len); /* length = 12 bits, di_type = 4 bits */ host_id_hdr->di_type_length = htons(fqdn_len | 0x1000); /* if the length is 0, then the type should also be zero */ @@ -3321,10 +3321,10 @@ sizeof(struct hip_host_id_priv), 0); - host_id_hdr->rdata.flags = htons(0x0202); /* key is for a host */ + host_id_hdr->rdata.flags = htons(0x0202); /* key is for a host */ /* RFC 4034 obsoletes RFC 2535 and flags field differ */ - host_id_hdr->rdata.protocol = 0xFF; /* RFC 2535 */ + host_id_hdr->rdata.protocol = 0xFF; /* RFC 2535 */ /* algo is 8 bits, no htons */ host_id_hdr->rdata.algorithm = algorithm; } @@ -3342,8 +3342,8 @@ const char **id, int *len) { - int type; - static const char *debuglist[3] = {"none", "FQDN", "NAI"}; + int type; + static const char *debuglist[3] = { "none", "FQDN", "NAI" }; type = ntohs(host->di_type_length); *len = type & 0x0FFF; @@ -3430,7 +3430,7 @@ const struct endpoint_hip *endpoint) { struct hip_eid_endpoint eid_endpoint; - int err = 0; + int err = 0; HIP_ASSERT(endpoint->flags & HIP_ENDPOINT_FLAG_HIT); @@ -3495,7 +3495,7 @@ uint8_t id, uint8_t type, void *data, size_t size) { struct hip_cert cert; - int err; + int err; hip_set_param_type((struct hip_tlv_common *) &cert, HIP_PARAM_CERT); hip_calc_param_len((struct hip_tlv_common *) &cert, sizeof(struct hip_cert) - @@ -3521,13 +3521,13 @@ */ int hip_build_param_heartbeat(struct hip_common *msg, int seconds) { - int err = 0; + int err = 0; struct hip_heartbeat heartbeat; hip_set_param_type((struct hip_tlv_common *) &heartbeat, HIP_PARAM_HEARTBEAT); hip_calc_param_len((struct hip_tlv_common *) &heartbeat, sizeof(struct hip_heartbeat) - - sizeof(struct hip_tlv_common)); + - sizeof(struct hip_tlv_common)); memcpy(&heartbeat.heartbeat, &seconds, sizeof(seconds)); err = hip_build_param(msg, &heartbeat); @@ -3547,15 +3547,15 @@ */ int hip_build_param_transform_order(struct hip_common *msg, int order) { - int err = 0; + int err = 0; struct hip_transformation_order transorder; hip_set_param_type((struct hip_tlv_common *) &transorder, HIP_PARAM_TRANSFORM_ORDER); hip_calc_param_len((struct hip_tlv_common *) &transorder, sizeof(struct hip_transformation_order) - - sizeof(struct hip_tlv_common)); + - sizeof(struct hip_tlv_common)); transorder.transorder = order; - err = hip_build_param(msg, &transorder); + err = hip_build_param(msg, &transorder); return err; } @@ -3572,7 +3572,7 @@ int hip_build_param_cert_spki_info(struct hip_common *msg, struct hip_cert_spki_info *cert_info) { - int err = 0; + int err = 0; struct hip_cert_spki_info local; memset(&local, '\0', sizeof(struct hip_cert_spki_info)); memcpy(&local, cert_info, sizeof(struct hip_cert_spki_info)); @@ -3580,7 +3580,7 @@ HIP_PARAM_CERT_SPKI_INFO); hip_calc_param_len((struct hip_tlv_common *) &local, sizeof(struct hip_cert_spki_info) - - sizeof(struct hip_tlv_common)); + - sizeof(struct hip_tlv_common)); err = hip_build_param(msg, &local); return err; } @@ -3598,13 +3598,13 @@ */ int hip_build_param_cert_x509_req(struct hip_common *msg, struct in6_addr *addr) { - int err = 0; + int err = 0; struct hip_cert_x509_req subj; hip_set_param_type((struct hip_tlv_common *) &subj, HIP_PARAM_CERT_X509_REQ); hip_calc_param_len((struct hip_tlv_common *) &subj, sizeof(struct hip_cert_x509_req) - - sizeof(struct hip_tlv_common)); + - sizeof(struct hip_tlv_common)); ipv6_addr_copy(&subj.addr, addr); err = hip_build_param(msg, &subj); return err; @@ -3624,16 +3624,16 @@ */ int hip_build_param_cert_x509_ver(struct hip_common *msg, char *der, int len) { - int err = 0; + int err = 0; struct hip_cert_x509_resp subj; hip_set_param_type((struct hip_tlv_common *) &subj, HIP_PARAM_CERT_X509_REQ); hip_calc_param_len((struct hip_tlv_common *) &subj, sizeof(struct hip_cert_x509_resp) - - sizeof(struct hip_tlv_common)); + - sizeof(struct hip_tlv_common)); memcpy(&subj.der, der, len); subj.der_len = len; - err = hip_build_param(msg, &subj); + err = hip_build_param(msg, &subj); return err; } @@ -3651,13 +3651,13 @@ */ int hip_build_param_cert_x509_resp(struct hip_common *msg, char *der, int len) { - int err = 0; + int err = 0; struct hip_cert_x509_resp local; hip_set_param_type((struct hip_tlv_common *) &local, HIP_PARAM_CERT_X509_RESP); hip_calc_param_len((struct hip_tlv_common *) &local, sizeof(struct hip_cert_x509_resp) - - sizeof(struct hip_tlv_common)); + - sizeof(struct hip_tlv_common)); memcpy(&local.der, der, len); local.der_len = len; err = hip_build_param(msg, &local); @@ -3674,13 +3674,13 @@ */ int hip_build_param_hit_to_ip_set(struct hip_common *msg, const char *name) { - int err = 0; + int err = 0; struct hip_hit_to_ip_set name_info; hip_set_param_type((struct hip_tlv_common *) &name_info, HIP_PARAM_HIT_TO_IP_SET); hip_calc_param_len((struct hip_tlv_common *) &name_info, sizeof(struct hip_hit_to_ip_set) - - sizeof(struct hip_tlv_common)); + - sizeof(struct hip_tlv_common)); strcpy(name_info.name, name); err = hip_build_param(msg, &name_info); @@ -3704,9 +3704,9 @@ se_hip_flags_t endpoint_flags, const char *hostname) { - int err = 0; - unsigned char *dsa_key_rr = NULL; - int dsa_key_rr_len; + int err = 0; + unsigned char *dsa_key_rr = NULL; + int dsa_key_rr_len; struct endpoint_hip endpoint_hdr; dsa_key_rr_len = dsa_to_dns_key_rr(dsa, &dsa_key_rr); @@ -3756,9 +3756,9 @@ se_hip_flags_t endpoint_flags, const char *hostname) { - int err = 0; - unsigned char *rsa_key_rr = NULL; - int rsa_key_rr_len; + int err = 0; + unsigned char *rsa_key_rr = NULL; + int rsa_key_rr_len; struct endpoint_hip endpoint_hdr; HIP_DEBUG("rsa_to_hip_endpoint called\n"); @@ -3808,36 +3808,36 @@ int is_public, int is_dsa) { - int err = 0, key_rr_len; - unsigned char *key_rr = NULL; - char hostname[HIP_HOST_ID_HOSTNAME_LEN_MAX]; - struct hip_host_id_priv *host_id = NULL; - struct hip_host_id *host_id_pub = NULL; - RSA *rsa_key = (RSA *) any_key; - DSA *dsa_key = (DSA *) any_key; + int err = 0, key_rr_len; + unsigned char *key_rr = NULL; + char hostname[HIP_HOST_ID_HOSTNAME_LEN_MAX]; + struct hip_host_id_priv *host_id = NULL; + struct hip_host_id *host_id_pub = NULL; + RSA *rsa_key = (RSA *) any_key; + DSA *dsa_key = (DSA *) any_key; memset(hostname, 0, HIP_HOST_ID_HOSTNAME_LEN_MAX); HIP_IFEL(gethostname(hostname, HIP_HOST_ID_HOSTNAME_LEN_MAX - 1), -1, - "gethostname failed\n"); + "gethostname failed\n"); if (is_dsa) { HIP_IFEL(((key_rr_len = dsa_to_dns_key_rr(dsa_key, &key_rr)) <= 0), -1, - "key_rr_len\n"); + "key_rr_len\n"); if (is_public) { HIP_IFEL(!(host_id_pub = malloc(sizeof(struct hip_host_id))), - -ENOMEM, "malloc\n"); + -ENOMEM, "malloc\n"); host_id_pub->hi_length = htons(key_rr_len - + sizeof(struct hip_host_id_key_rdata)); + + sizeof(struct hip_host_id_key_rdata)); memcpy(&host_id_pub->key, key_rr, key_rr_len); HIP_IFEL(hip_dsa_host_id_to_hit(host_id_pub, hit, HIP_HIT_TYPE_HASH100), - -1, "conversion from host id to hit failed\n"); + -1, "conversion from host id to hit failed\n"); } else { HIP_IFEL(!(host_id = malloc(sizeof(struct hip_host_id_priv))), - -ENOMEM, - "malloc\n"); + -ENOMEM, + "malloc\n"); host_id->hi_length = htons(key_rr_len - + sizeof(struct hip_host_id_key_rdata)); + + sizeof(struct hip_host_id_key_rdata)); memcpy(&host_id->key, key_rr, key_rr_len); HIP_IFEL(hip_private_dsa_host_id_to_hit(host_id, hit, HIP_HIT_TYPE_HASH100), @@ -3929,7 +3929,7 @@ const in_port_t port) { struct hip_reg_from reg_from; - int err = 0; + int err = 0; hip_set_param_type((struct hip_tlv_common *) ®_from, HIP_PARAM_REG_FROM); ipv6_addr_copy((struct in6_addr *) ®_from.address, addr); @@ -3939,7 +3939,7 @@ reg_from.reserved = 0; reg_from.protocol = HIP_NAT_PROTO_UDP; hip_calc_generic_param_len((struct hip_tlv_common *) ®_from, sizeof(reg_from), 0); - err = hip_build_param(msg, ®_from); + err = hip_build_param(msg, ®_from); return err; } @@ -3958,13 +3958,13 @@ const in_port_t port, hip_tlv_type_t hipparam) { - int err = 0; + int err = 0; struct hip_port_info nat_port; hip_set_param_type((struct hip_tlv_common *) &nat_port, hipparam); nat_port.port = port; hip_calc_generic_param_len((struct hip_tlv_common *) &nat_port, sizeof(nat_port), 0); - err = hip_build_param(msg, &nat_port); + err = hip_build_param(msg, &nat_port); return err; } @@ -4020,12 +4020,12 @@ const in_port_t port) { struct hip_relay_from relay_from; - int err = 0; + int err = 0; hip_set_param_type((struct hip_tlv_common *) &relay_from, HIP_PARAM_RELAY_FROM); ipv6_addr_copy((struct in6_addr *) &relay_from.address, addr); - relay_from.port = htons(port); + relay_from.port = htons(port); relay_from.reserved = 0; relay_from.protocol = HIP_NAT_PROTO_UDP; hip_calc_generic_param_len((struct hip_tlv_common *) &relay_from, @@ -4047,7 +4047,7 @@ const struct in6_addr *addr) { struct hip_from from; - int err = 0; + int err = 0; hip_set_param_type((struct hip_tlv_common *) &from, HIP_PARAM_FROM); ipv6_addr_copy((struct in6_addr *) &from.address, addr); === modified file 'lib/core/builder.h' --- lib/core/builder.h 2010-12-08 18:30:17 +0000 +++ lib/core/builder.h 2011-01-03 16:06:13 +0000 @@ -187,7 +187,7 @@ int hip_check_userspace_msg_type(const struct hip_common *); void hip_dump_msg(const struct hip_common *); struct hip_dh_public_value - *hip_dh_select_key(struct hip_diffie_hellman *); +*hip_dh_select_key(struct hip_diffie_hellman *); uint8_t hip_get_host_id_algo(const struct hip_host_id *); int hip_get_lifetime_value(time_t seconds, uint8_t *lifetime); int hip_get_lifetime_seconds(uint8_t lifetime, time_t *seconds); @@ -200,7 +200,7 @@ struct hip_tlv_common *hip_get_next_param_readwrite(struct hip_common *, struct hip_tlv_common *); const void *hip_get_param(const struct hip_common *, hip_tlv_type_t); -void *hip_get_param_readwrite(struct hip_common *, hip_tlv_type_t); +void *hip_get_param_readwrite(struct hip_common *, hip_tlv_type_t); const void *hip_get_param_contents(const struct hip_common *, hip_tlv_type_t); const void *hip_get_param_contents_direct(const void *); void *hip_get_param_contents_direct_readwrite(void *); === modified file 'lib/core/capability.c' --- lib/core/capability.c 2010-10-18 17:44:31 +0000 +++ lib/core/capability.c 2011-01-03 16:06:13 +0000 @@ -64,10 +64,10 @@ */ static int hip_user_to_uid(const char *name) { - int uid = -1; - int i; + int uid = -1; + int i; struct passwd *pwp = NULL, pw; - char buf[4096]; + char buf[4096]; setpwent(); while (1) { @@ -117,9 +117,9 @@ int uid = -1; struct __user_cap_header_struct header; - struct __user_cap_data_struct data; + struct __user_cap_data_struct data; - header.pid = 0; + header.pid = 0; /* note: CentOS 5.5 lacks _LINUX_CAPABILITY_VERSION_1 constant */ header.version = _LINUX_CAPABILITY_VERSION; data.effective = data.permitted = data.inheritable = 0; @@ -152,7 +152,7 @@ HIP_DEBUG("effective=%u, permitted = %u, inheritable=%u\n", data.effective, data.permitted, data.inheritable); HIP_DEBUG("Going to clear all capabilities except the ones needed\n"); - data.effective = data.permitted = data.inheritable = 0; + data.effective = data.permitted = data.inheritable = 0; /* for CAP_NET_RAW capability */ data.effective |= (1 << CAP_NET_RAW); data.permitted |= (1 << CAP_NET_RAW); === modified file 'lib/core/certtools.c' --- lib/core/certtools.c 2010-12-06 19:57:47 +0000 +++ lib/core/certtools.c 2011-01-03 16:06:13 +0000 @@ -51,8 +51,8 @@ #include "certtools.h" /******************************************************************************* -* FUNCTIONS FOR SPKI * -*******************************************************************************/ + * FUNCTIONS FOR SPKI * + *******************************************************************************/ /** * Function that verifies the signature in @@ -66,29 +66,29 @@ */ int hip_cert_spki_lib_verify(struct hip_cert_spki_info *cert) { - int err = 0, start = 0, stop = 0, evpret = 0, keylen = 0, algo = 0; + int err = 0, start = 0, stop = 0, evpret = 0, keylen = 0, algo = 0; char buf[200]; - unsigned char sha_digest[21]; + unsigned char sha_digest[21]; unsigned char *sha_retval; unsigned char *signature_hash = NULL; unsigned char *signature_hash_b64 = NULL; unsigned char *signature_b64 = NULL; - unsigned char *signature = NULL; + unsigned char *signature = NULL; /** RSA */ - RSA *rsa = NULL; - unsigned