[hipl-commit] [tiny] Rev 3616: Refined i2 packet handling.
- From: Tim Just <tim.just@xxxxxxxxxxxxxx>
- To: hipl-commit@xxxxxxxxxxxxx
- Date: Fri, 5 Mar 2010 11:57:09 +0200
Committer: Tim Just <tim.just@xxxxxxxxxxxxxx>
Date: Fri Mar 05 10:51:49 2010 +0100
Revision: 3616
Revision-id: tim.just@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Branch nick: tiny
Log:
Refined i2 packet handling.
Moved hip_send_r2 to output.c and changed function parameters.
Renamed members of struct hip_packet_context and added pointer to the
outgoing message.
Modified:
M hipd/bos.c
M hipd/close.c
M hipd/esp_prot_hipd_msg.c
M hipd/esp_prot_hipd_msg.h
M hipd/esp_prot_light_update.c
M hipd/init.c
M hipd/input.c
M hipd/input.h
M hipd/output.c
M hipd/output.h
M lib/core/protodefs.h
M lib/tool/pk.c
M modules/update/hipd/update.c
=== modified file 'hipd/bos.c'
--- hipd/bos.c 2010-02-24 09:10:23 +0000
+++ hipd/bos.c 2010-03-05 09:51:49 +0000
@@ -212,9 +212,9 @@
char *str;
char src[INET6_ADDRSTRLEN];
- HIP_IFEL(ipv6_addr_any(&(ctx->msg)->hits), 0,
+ HIP_IFEL(ipv6_addr_any(&(ctx->input_msg)->hits), 0,
"Received NULL sender HIT in BOS.\n");
- HIP_IFEL(!ipv6_addr_any(&(ctx->msg)->hitr), 0,
+ HIP_IFEL(!ipv6_addr_any(&(ctx->input_msg)->hitr), 0,
"Received non-NULL receiver HIT in BOS.\n");
/* @todo Is this needed? */
@@ -241,18 +241,18 @@
/* according to the section 8.6 of the base draft,
* we must first check signature
*/
- HIP_IFEL(!(peer_host_id = hip_get_param(ctx->msg, HIP_PARAM_HOST_ID)),
-ENOENT,
+ HIP_IFEL(!(peer_host_id = hip_get_param(ctx->input_msg,
HIP_PARAM_HOST_ID)), -ENOENT,
"No HOST_ID found in BOS\n");
- HIP_IFEL(hip_verify_packet_signature((ctx->msg), peer_host_id), -EINVAL,
+ HIP_IFEL(hip_verify_packet_signature((ctx->input_msg), peer_host_id),
-EINVAL,
"Verification of BOS signature failed\n");
/* Validate HIT against received host id */
hip_host_id_to_hit(peer_host_id, &peer_hit, HIP_HIT_TYPE_HASH100);
- HIP_IFEL(ipv6_addr_cmp(&peer_hit, &(ctx->msg)->hits) != 0, -EINVAL,
+ HIP_IFEL(ipv6_addr_cmp(&peer_hit, &(ctx->input_msg)->hits) != 0, -EINVAL,
"Sender HIT does not match the advertised host_id\n");
- HIP_HEXDUMP("Advertised HIT:", &(ctx->msg)->hits, 16);
+ HIP_HEXDUMP("Advertised HIT:", &(ctx->input_msg)->hits, 16);
/* Everything ok, first save host id to db */
HIP_IFE(hip_get_param_host_id_di_type_len(peer_host_id, &str, &len) < 0,
-1);
@@ -292,7 +292,7 @@
/* we have no previous information on the peer, create
* a new HIP HA */
- HIP_IFEL((hip_hadb_add_peer_info(&(ctx->msg)->hits, dstip, &lsi, NULL)
< 0),
+ HIP_IFEL((hip_hadb_add_peer_info(&(ctx->input_msg)->hits, dstip, &lsi,
NULL) < 0),
-1,
"Failed to insert new peer info");
HIP_DEBUG("HA entry created.\n");
=== modified file 'hipd/close.c'
--- hipd/close.c 2010-02-26 11:24:27 +0000
+++ hipd/close.c 2010-03-05 09:51:49 +0000
@@ -186,12 +186,12 @@
hip_perf_start_benchmark( perf_set, PERF_HANDLE_CLOSE );
#endif
- HIP_IFEL(ipv6_addr_any(&(ctx->msg)->hitr), -1,
+ HIP_IFEL(ipv6_addr_any(&(ctx->input_msg)->hitr), -1,
"Received NULL receiver HIT in CLOSE. Dropping\n");
- HIP_IFEL(!hip_controls_sane(ntohs(ctx->msg->control), 0), -1,
+ HIP_IFEL(!hip_controls_sane(ntohs(ctx->input_msg->control), 0), -1,
"Received illegal controls in CLOSE: 0x%x. Dropping\n",
- ntohs(ctx->msg->control));
+ ntohs(ctx->input_msg->control));
HIP_IFEL(!ctx->hadb_entry, -1,
"No entry in host association database when receiving R2." \
@@ -209,21 +209,21 @@
/* verify HMAC */
if (ctx->hadb_entry->is_loopback) {
- HIP_IFEL(hip_verify_packet_hmac(ctx->msg,
&(ctx->hadb_entry)->hip_hmac_out),
+ HIP_IFEL(hip_verify_packet_hmac(ctx->input_msg,
&(ctx->hadb_entry)->hip_hmac_out),
-ENOENT, "HMAC validation on close failed.\n");
} else {
- HIP_IFEL(hip_verify_packet_hmac(ctx->msg,
&(ctx->hadb_entry)->hip_hmac_in),
+ HIP_IFEL(hip_verify_packet_hmac(ctx->input_msg,
&(ctx->hadb_entry)->hip_hmac_in),
-ENOENT, "HMAC validation on close failed.\n");
}
/* verify signature */
- HIP_IFEL(ctx->hadb_entry->verify(ctx->hadb_entry->peer_pub_key, ctx->msg),
-EINVAL,
+ HIP_IFEL(ctx->hadb_entry->verify(ctx->hadb_entry->peer_pub_key,
ctx->input_msg), -EINVAL,
"Verification of close signature failed.\n");
HIP_IFE(!(close_ack = hip_msg_alloc()), -ENOMEM);
HIP_IFEL(!(request =
- hip_get_param(ctx->msg, HIP_PARAM_ECHO_REQUEST_SIGN)),
+ hip_get_param(ctx->input_msg, HIP_PARAM_ECHO_REQUEST_SIGN)),
-1, "No echo request under signature.\n");
echo_len = hip_get_param_contents_len(request);
@@ -260,13 +260,13 @@
#ifdef CONFIG_HIP_RVS
if (hip_relay_get_status()) {
hip_relrec_t dummy;
- memcpy(&(dummy.hit_r), &(ctx->msg->hits),
- sizeof(ctx->msg->hits));
+ memcpy(&(dummy.hit_r), &(ctx->input_msg->hits),
+ sizeof(ctx->input_msg->hits));
hip_relht_rec_free_doall(&dummy);
/* Check that the element really got deleted. */
if (hip_relht_get(&dummy) == NULL) {
HIP_DEBUG_HIT("Deleted relay record for HIT",
- &(ctx->msg->hits));
+ &(ctx->input_msg->hits));
}
}
#endif
@@ -299,15 +299,15 @@
hip_perf_start_benchmark( perf_set, PERF_HANDLE_CLOSE_ACK );
#endif
- HIP_IFEL(ipv6_addr_any(&(ctx->msg)->hitr), -1,
+ HIP_IFEL(ipv6_addr_any(&(ctx->input_msg)->hitr), -1,
"Received NULL receiver HIT in CLOSE ACK. Dropping\n");
- if (!hip_controls_sane(ntohs(ctx->msg->control), mask
+ if (!hip_controls_sane(ntohs(ctx->input_msg->control), mask
//HIP_CONTROL_CERTIFICATES | HIP_PACKET_CTRL_ANON |
// | HIP_CONTROL_SHT_MASK | HIP_CONTROL_DHT_MASK)) {
)) {
HIP_ERROR("Received illegal controls in CLOSE ACK: 0x%x. Dropping\n",
- ntohs(ctx->msg->control));
+ ntohs(ctx->input_msg->control));
goto out_err;
}
@@ -327,7 +327,7 @@
/* verify ECHO */
HIP_IFEL(!(echo_resp =
- hip_get_param(ctx->msg, HIP_PARAM_ECHO_RESPONSE_SIGN)),
+ hip_get_param(ctx->input_msg,
HIP_PARAM_ECHO_RESPONSE_SIGN)),
-1, "Echo response not found\n");
HIP_IFEL(memcmp(echo_resp + 1, ctx->hadb_entry->echo_data,
sizeof(ctx->hadb_entry->echo_data)), -1,
@@ -335,16 +335,16 @@
/* verify HMAC */
if (ctx->hadb_entry->is_loopback) {
- HIP_IFEL(hip_verify_packet_hmac(ctx->msg,
+ HIP_IFEL(hip_verify_packet_hmac(ctx->input_msg,
&(ctx->hadb_entry)->hip_hmac_out),
-ENOENT, "HMAC validation on close ack failed\n");
} else {
- HIP_IFEL(hip_verify_packet_hmac(ctx->msg,
+ HIP_IFEL(hip_verify_packet_hmac(ctx->input_msg,
&(ctx->hadb_entry)->hip_hmac_in),
-ENOENT, "HMAC validation on close ack failed\n");
}
/* verify signature */
- HIP_IFEL(ctx->hadb_entry->verify(ctx->hadb_entry->peer_pub_key, ctx->msg),
+ HIP_IFEL(ctx->hadb_entry->verify(ctx->hadb_entry->peer_pub_key,
ctx->input_msg),
-EINVAL, "Verification of close ack signature failed\n");
ctx->hadb_entry->state = HIP_STATE_CLOSED;
=== modified file 'hipd/esp_prot_hipd_msg.c'
--- hipd/esp_prot_hipd_msg.c 2010-02-22 18:30:02 +0000
+++ hipd/esp_prot_hipd_msg.c 2010-03-05 09:51:49 +0000
@@ -812,7 +812,8 @@
* @param ctx packet context for the R2 message
* @return 0 on success, -1 in case of an error
*/
-int esp_prot_r2_handle_anchor(hip_ha_t *entry, const struct hip_context *ctx)
+int esp_prot_r2_handle_anchor(hip_ha_t *entry,
+ const struct hip_common *input_msg)
{
struct hip_tlv_common *param = NULL;
struct esp_prot_anchor *prot_anchor = NULL;
@@ -821,7 +822,7 @@
// only process anchor, if we agreed on using it before
if (entry->esp_prot_transform > ESP_PROT_TFM_UNUSED) {
- if ((param = hip_get_param(ctx->input, HIP_PARAM_ESP_PROT_ANCHOR))) {
+ if ((param = hip_get_param(input_msg, HIP_PARAM_ESP_PROT_ANCHOR))) {
prot_anchor = (struct esp_prot_anchor *) param;
// check if the anchor has got the negotiated transform
@@ -848,7 +849,7 @@
}
// get next anchor
- param = hip_get_next_param(ctx->input, param);
+ param = hip_get_next_param(input_msg, param);
prot_anchor = (struct esp_prot_anchor *) param;
}
} else if (prot_anchor->transform == ESP_PROT_TFM_UNUSED) {
=== modified file 'hipd/esp_prot_hipd_msg.h'
--- hipd/esp_prot_hipd_msg.h 2010-02-17 13:08:39 +0000
+++ hipd/esp_prot_hipd_msg.h 2010-03-05 09:51:49 +0000
@@ -30,7 +30,8 @@
const struct hip_context *ctx);
int esp_prot_i2_handle_anchor(hip_ha_t *entry, const struct hip_context *ctx);
int esp_prot_r2_add_anchor(hip_common_t *r2, hip_ha_t *entry);
-int esp_prot_r2_handle_anchor(hip_ha_t *entry, const struct hip_context *ctx);
+int esp_prot_r2_handle_anchor(hip_ha_t *entry,
+ const struct hip_common *input_msg);
int esp_prot_handle_update(const hip_common_t *recv_update, hip_ha_t *entry,
const in6_addr_t *src_ip, const in6_addr_t *dst_ip);
int esp_prot_update_add_anchor(hip_common_t *update, hip_ha_t *entry);
=== modified file 'hipd/esp_prot_light_update.c'
--- hipd/esp_prot_light_update.c 2010-02-24 09:22:28 +0000
+++ hipd/esp_prot_light_update.c 2010-03-05 09:51:49 +0000
@@ -194,12 +194,12 @@
uint32_t spi = 0;
int err = 0;
- HIP_IFEL(hip_verify_packet_hmac(ctx->msg, &(ctx->hadb_entry)->hip_hmac_in),
+ HIP_IFEL(hip_verify_packet_hmac(ctx->input_msg,
&(ctx->hadb_entry)->hip_hmac_in),
-1,
"HMAC validation on UPDATE failed.\n");
- ack = hip_get_param(ctx->msg, HIP_PARAM_ACK);
- seq = hip_get_param(ctx->msg, HIP_PARAM_SEQ);
+ ack = hip_get_param(ctx->input_msg, HIP_PARAM_ACK);
+ seq = hip_get_param(ctx->input_msg, HIP_PARAM_SEQ);
if (seq != NULL) {
/********** SEQ ***********/
@@ -221,7 +221,7 @@
}
/********** ANCHOR ***********/
- HIP_IFEL(esp_prot_update_handle_anchor(ctx->msg,
+ HIP_IFEL(esp_prot_update_handle_anchor(ctx->input_msg,
ctx->hadb_entry,
ctx->src_addr,
ctx->dst_addr,
=== modified file 'hipd/init.c'
--- hipd/init.c 2010-03-04 14:14:22 +0000
+++ hipd/init.c 2010-03-05 09:51:49 +0000
@@ -444,13 +444,21 @@
hip_register_handle_function(HIP_DATA, HIP_STATE_NONE,
&hip_send_r1, 1100);
hip_register_handle_function(HIP_I2, HIP_STATE_UNASSOCIATED,
&hip_handle_i2, 1000);
+ hip_register_handle_function(HIP_I2, HIP_STATE_UNASSOCIATED, &hip_send_r2,
1100);
hip_register_handle_function(HIP_I2, HIP_STATE_I1_SENT,
&hip_handle_i2, 1000);
+ hip_register_handle_function(HIP_I2, HIP_STATE_I1_SENT, &hip_send_r2,
1100);
hip_register_handle_function(HIP_I2, HIP_STATE_I2_SENT,
&hip_handle_i2, 1000);
+ hip_register_handle_function(HIP_I2, HIP_STATE_I2_SENT, &hip_send_r2,
1100);
hip_register_handle_function(HIP_I2, HIP_STATE_R2_SENT,
&hip_handle_i2, 1000);
+ hip_register_handle_function(HIP_I2, HIP_STATE_R2_SENT, &hip_send_r2,
1100);
hip_register_handle_function(HIP_I2, HIP_STATE_ESTABLISHED,
&hip_handle_i2, 1000);
+ hip_register_handle_function(HIP_I2, HIP_STATE_ESTABLISHED, &hip_send_r2,
1100);
hip_register_handle_function(HIP_I2, HIP_STATE_CLOSING,
&hip_handle_i2, 1000);
+ hip_register_handle_function(HIP_I2, HIP_STATE_CLOSING, &hip_send_r2,
1100);
hip_register_handle_function(HIP_I2, HIP_STATE_CLOSED,
&hip_handle_i2, 1000);
+ hip_register_handle_function(HIP_I2, HIP_STATE_CLOSED, &hip_send_r2,
1100);
hip_register_handle_function(HIP_I2, HIP_STATE_NONE,
&hip_handle_i2, 1000);
+ hip_register_handle_function(HIP_I2, HIP_STATE_NONE, &hip_send_r2,
1100);
hip_register_handle_function(HIP_R1, HIP_STATE_UNASSOCIATED,
&hip_drop_packet, 1000);
hip_register_handle_function(HIP_R1, HIP_STATE_I1_SENT,
&hip_handle_r1, 1000);
=== modified file 'hipd/input.c'
--- hipd/input.c 2010-03-04 15:12:47 +0000
+++ hipd/input.c 2010-03-05 09:51:49 +0000
@@ -550,10 +550,10 @@
goto out_err;
}
- ctx.msg = msg;
+ ctx.input_msg = msg;
ctx.src_addr = src_addr;
ctx.dst_addr = dst_addr;
- ctx.msg_info = msg_info;
+ ctx.msg_ports = msg_info;
if (ctx.hadb_entry) {
state = ctx.hadb_entry->state;
@@ -1107,13 +1107,13 @@
hip_oppipdb_delentry(&(packet_ctx->hadb_entry->peer_addr));
#endif
- if (ipv6_addr_any(&(packet_ctx->msg)->hitr)) {
+ if (ipv6_addr_any(&(packet_ctx->input_msg)->hitr)) {
HIP_DEBUG("Received NULL receiver HIT in R1. Not dropping\n");
}
- HIP_IFEL(!hip_controls_sane(ntohs(packet_ctx->msg->control), mask), 0,
+ HIP_IFEL(!hip_controls_sane(ntohs(packet_ctx->input_msg->control), mask), 0,
"Received illegal controls in R1: 0x%x Dropping\n",
- ntohs(packet_ctx->msg->control));
+ ntohs(packet_ctx->input_msg->control));
HIP_IFEL(!packet_ctx->hadb_entry, -EFAULT,
"Received R1 with no local state. Dropping\n");
@@ -1133,7 +1133,7 @@
0,
0,
PEER_ADDR_STATE_ACTIVE,
- packet_ctx->msg_info->src_port);
+ packet_ctx->msg_ports->src_port);
}
HIP_DEBUG("Received R1 in state %s\n", hip_state_str(ha_state));
@@ -1148,9 +1148,9 @@
HIP_IFEL(!(ctx = HIP_MALLOC(sizeof(struct hip_context), GFP_KERNEL)),
-ENOMEM, "Could not allocate memory for context\n");
memset(ctx, 0, sizeof(struct hip_context));
- ctx->input = packet_ctx->msg;
+ ctx->input = packet_ctx->input_msg;
- hip_relay_add_rvs_to_ha(packet_ctx->msg, packet_ctx->hadb_entry);
+ hip_relay_add_rvs_to_ha(packet_ctx->input_msg, packet_ctx->hadb_entry);
/* According to the section 8.6 of the base draft, we must first check
* signature. */
@@ -1159,7 +1159,7 @@
* verification must be delayed to the R2 */
/* Store the peer's public key to HA and validate it */
/** @todo Do not store the key if the verification fails. */
- HIP_IFEL(!(peer_host_id = hip_get_param(packet_ctx->msg,
HIP_PARAM_HOST_ID)),
+ HIP_IFEL(!(peer_host_id = hip_get_param(packet_ctx->input_msg,
HIP_PARAM_HOST_ID)),
-ENOENT, "No HOST_ID found in R1\n");
//copy hostname to hadb entry if local copy is empty
if (strlen((char *) (packet_ctx->hadb_entry->peer_hostname)) == 0) {
@@ -1167,14 +1167,14 @@
hip_get_param_host_id_hostname(peer_host_id),
HIP_HOST_ID_HOSTNAME_LEN_MAX - 1);
}
- HIP_IFE(hip_init_peer(packet_ctx->hadb_entry, packet_ctx->msg,
peer_host_id), -EINVAL);
+ HIP_IFE(hip_init_peer(packet_ctx->hadb_entry, packet_ctx->input_msg,
peer_host_id), -EINVAL);
#ifdef CONFIG_HIP_PERFORMANCE
HIP_DEBUG("Start PERF_VERIFY\n");
hip_perf_start_benchmark(perf_set, PERF_VERIFY);
#endif
HIP_IFEL(packet_ctx->hadb_entry->verify(packet_ctx->hadb_entry->peer_pub_key,
- packet_ctx->msg),
+ packet_ctx->input_msg),
-EINVAL,
"Verification of R1 signature failed\n");
#ifdef CONFIG_HIP_PERFORMANCE
@@ -1186,7 +1186,7 @@
* the peer is behind NAT. We set NAT mode "on" and set the send function
to
* "hip_send_udp". The client UDP port is not stored until the handling
* of R2 packet. Don't know if the entry is already locked... */
- if (packet_ctx->msg_info->dst_port != 0) {
+ if (packet_ctx->msg_ports->dst_port != 0) {
HIP_LOCK_HA(packet_ctx->hadb_entry);
if (packet_ctx->hadb_entry->nat_mode == HIP_NAT_MODE_NONE) {
packet_ctx->hadb_entry->nat_mode = HIP_NAT_MODE_PLAIN_UDP;
@@ -1197,13 +1197,13 @@
}
/***** LOCATOR PARAMETER ******/
- locator = (struct hip_locator *) hip_get_param(packet_ctx->msg,
HIP_PARAM_LOCATOR);
+ locator = (struct hip_locator *) hip_get_param(packet_ctx->input_msg,
HIP_PARAM_LOCATOR);
if (locator) {
err = handle_locator(locator,
packet_ctx->src_addr,
packet_ctx->dst_addr,
packet_ctx->hadb_entry,
- packet_ctx->msg_info);
+ packet_ctx->msg_ports);
} else {
HIP_DEBUG("R1 did not have locator\n");
}
@@ -1212,7 +1212,7 @@
/* We have problems with creating precreated R1s in reasonable
* fashion... so we don't mind about generations. */
- r1cntr = hip_get_param(packet_ctx->msg, HIP_PARAM_R1_COUNTER);
+ r1cntr = hip_get_param(packet_ctx->input_msg, HIP_PARAM_R1_COUNTER);
/* Do control bit stuff here... */
@@ -1229,9 +1229,9 @@
if (!retransmission) {
struct hip_puzzle *pz = NULL;
- HIP_IFEL(!(pz = hip_get_param(packet_ctx->msg, HIP_PARAM_PUZZLE)),
-EINVAL,
+ HIP_IFEL(!(pz = hip_get_param(packet_ctx->input_msg,
HIP_PARAM_PUZZLE)), -EINVAL,
"Malformed R1 packet. PUZZLE parameter missing\n");
- HIP_IFEL((solved_puzzle = hip_solve_puzzle(pz, packet_ctx->msg,
HIP_SOLVE_PUZZLE)) == 0,
+ HIP_IFEL((solved_puzzle = hip_solve_puzzle(pz, packet_ctx->input_msg,
HIP_SOLVE_PUZZLE)) == 0,
-EINVAL, "Solving of puzzle failed\n");
I = pz->I;
packet_ctx->hadb_entry->puzzle_solution = solved_puzzle;
@@ -1245,7 +1245,7 @@
ctx->dh_shared_key = NULL;
/* note: we could skip keying material generation in the case
* of a retransmission but then we'd had to fill ctx->hmac etc */
- HIP_IFEL(hip_produce_keying_material(packet_ctx->msg,
+ HIP_IFEL(hip_produce_keying_material(packet_ctx->input_msg,
ctx,
I,
solved_puzzle,
@@ -1275,7 +1275,7 @@
packet_ctx->src_addr,
packet_ctx->dst_addr,
packet_ctx->hadb_entry,
- packet_ctx->msg_info,
+ packet_ctx->msg_ports,
dhpv);
HIP_IFEL(err < 0, -1, "Creation of I2 failed\n");
@@ -1300,6 +1300,27 @@
}
/**
+ *
+ */
+int hip_handle_i2_in_i2_sent(const uint32_t packet_type,
+ const uint32_t ha_state,
+ struct hip_packet_context *ctx)
+{
+ int err = 0;
+
+ HIP_IFEL(ctx->drop_packet,
+ -1,
+ "Abort packet processing.\n")
+
+ if (hip_hit_is_bigger(&ctx->hadb_entry->hit_peer,
+ &ctx->hadb_entry->hit_our)) {
+ ctx->drop_packet = 1;
+ }
+out_err:
+ return err;
+}
+
+/**
* Handles an incoming I2 packet.
*
* This function is the actual point from where the processing of I2 is started
@@ -1354,33 +1375,18 @@
hip_perf_start_benchmark(perf_set, PERF_I2);
#endif
- HIP_IFEL(ipv6_addr_any(&(ctx->msg)->hitr),
+ HIP_IFEL(ipv6_addr_any(&(ctx->input_msg)->hitr),
0,
"Received NULL receiver HIT in I2. Dropping\n");
- HIP_IFEL(!hip_controls_sane(ntohs(ctx->msg->control), mask),
+ HIP_IFEL(!hip_controls_sane(ntohs(ctx->input_msg->control), mask),
0,
"Received illegal controls in I2: 0x%x. Dropping\n",
- ntohs(ctx->msg->control));
+ ntohs(ctx->input_msg->control));
HIP_DEBUG("Received I2 in state %s\n", hip_state_str(ha_state));
-
- /*
- case HIP_STATE_I2_SENT:
- if (ctx->hadb_entry->is_loopback) {
- err = hip_handle_i2(ctx);
- } else if (hip_hit_is_bigger(&(ctx->hadb_entry)->hit_our,
- &(ctx->hadb_entry)->hit_peer)) {
- HIP_IFEL(hip_receive_i2(ctx),
- -ENOSYS,
- "Dropping HIP packet.\n");
- }
- break;
- */
-
-
HIP_INFO("Received I2 from:\n");
- HIP_INFO_HIT("Source HIT:", &(ctx->msg)->hits);
+ HIP_INFO_HIT("Source HIT:", &(ctx->input_msg)->hits);
HIP_INFO_IN6ADDR("Source IP: ", ctx->src_addr);
/* The context structure is used to gather the context created from
@@ -1394,12 +1400,12 @@
/* Store a pointer to the incoming i2 message in the context just
* allocted. From the context struct we can then access the I2 in
* hip_send_r2() later. */
- i2_context.input = ctx->msg;
+ i2_context.input = ctx->input_msg;
/* Check that the Responder's HIT is one of ours. According to RFC5201,
* this MUST be done. This check was added by Lauri on 01.08.2008.
* Note that this condition is not satisfied at the HIP relay server */
- if (!hip_hidb_hit_is_our(&(ctx->msg)->hitr)) {
+ if (!hip_hidb_hit_is_our(&(ctx->input_msg)->hitr)) {
err = -EPROTO;
HIP_ERROR("Responder's HIT in the received I2 packet does not" \
" correspond to one of our own HITs. Dropping I2" \
@@ -1408,7 +1414,7 @@
}
/* Fetch the R1_COUNTER parameter. */
- r1cntr = hip_get_param(ctx->msg, HIP_PARAM_R1_COUNTER);
+ r1cntr = hip_get_param(ctx->input_msg, HIP_PARAM_R1_COUNTER);
/* Here we should check the 'system boot counter' using the R1_COUNTER
* parameter. However, our precreated R1 packets do not support system
@@ -1426,7 +1432,7 @@
HIP_DEBUG_HIT("i2_saddr", ctx->src_addr);
HIP_DEBUG_HIT("i2_daddr", ctx->dst_addr);
- HIP_IFEL(hip_verify_cookie(ctx->src_addr, ctx->dst_addr, ctx->msg,
solution),
+ HIP_IFEL(hip_verify_cookie(ctx->src_addr, ctx->dst_addr, ctx->input_msg,
solution),
-EPROTO,
"Cookie solution rejected. Dropping the I2 packet.\n");
@@ -1456,20 +1462,20 @@
/* Verify HMAC. */
- if (hip_hidb_hit_is_our(&(ctx->msg)->hits) &&
- hip_hidb_hit_is_our(&(ctx->msg)->hitr))
+ if (hip_hidb_hit_is_our(&(ctx->input_msg)->hits) &&
+ hip_hidb_hit_is_our(&(ctx->input_msg)->hitr))
{
is_loopback = 1;
- HIP_IFEL(hip_verify_packet_hmac(ctx->msg, &i2_context.hip_hmac_out),
+ HIP_IFEL(hip_verify_packet_hmac(ctx->input_msg,
&i2_context.hip_hmac_out),
-EPROTO, "HMAC loopback validation on I2 failed. " \
"Dropping the I2 packet.\n");
} else {
- HIP_IFEL(hip_verify_packet_hmac(ctx->msg, &i2_context.hip_hmac_in),
+ HIP_IFEL(hip_verify_packet_hmac(ctx->input_msg,
&i2_context.hip_hmac_in),
-EPROTO, "HMAC validation on I2 failed. Dropping the" \
" I2 packet.\n");
}
- hip_transform = hip_get_param(ctx->msg, HIP_PARAM_HIP_TRANSFORM);
+ hip_transform = hip_get_param(ctx->input_msg, HIP_PARAM_HIP_TRANSFORM);
if (hip_transform == NULL) {
err = -ENODATA;
HIP_ERROR("HIP_TRANSFORM parameter missing from I2 packet. " \
@@ -1486,10 +1492,10 @@
/* Decrypt the HOST_ID and verify it against the sender HIT. */
/* @todo: the HOST_ID can be in the packet in plain text */
- enc = hip_get_param(ctx->msg, HIP_PARAM_ENCRYPTED);
+ enc = hip_get_param(ctx->input_msg, HIP_PARAM_ENCRYPTED);
if (enc == NULL) {
HIP_DEBUG("ENCRYPTED parameter missing from I2 packet\n");
- host_id_in_enc = hip_get_param(ctx->msg, HIP_PARAM_HOST_ID);
+ host_id_in_enc = hip_get_param(ctx->input_msg, HIP_PARAM_HOST_ID);
HIP_IFEL(!host_id_in_enc, -1, "No host id in i2");
host_id_found = 1;
} else {
@@ -1650,9 +1656,9 @@
* association will not, however, have the I2 destination HIT as
* source, but one that is calculated using the Host Identity
* that we have dug out. */
- ipv6_addr_copy(&(ctx->hadb_entry)->hit_peer, &(ctx->msg)->hits);
+ ipv6_addr_copy(&(ctx->hadb_entry)->hit_peer, &(ctx->input_msg)->hits);
HIP_DEBUG("Initializing the HIP association.\n");
- hip_init_us(ctx->hadb_entry, &ctx->msg->hitr);
+ hip_init_us(ctx->hadb_entry, &ctx->input_msg->hitr);
HIP_DEBUG("Inserting the new HIP association in the HIP " \
"association database.\n");
/* Should we handle the case where the insertion fails? */
@@ -1686,19 +1692,19 @@
/* If there was already state, these may be uninitialized */
ctx->hadb_entry->hip_transform = hip_tfm;
if (!ctx->hadb_entry->our_pub) {
- hip_init_us(ctx->hadb_entry, &ctx->msg->hitr);
+ hip_init_us(ctx->hadb_entry, &ctx->input_msg->hitr);
}
/* If the incoming I2 packet has hip_get_nat_udp_port() as destination
port, NAT
* mode is set on for the host association, I2 source port is
* stored as the peer UDP port and send function is set to
* "hip_send_pkt()". Note that we must store the port not until
* here, since the source port can be different for I1 and I2. */
- if (ctx->msg_info->dst_port != 0) {
+ if (ctx->msg_ports->dst_port != 0) {
if (ctx->hadb_entry->nat_mode == 0) {
ctx->hadb_entry->nat_mode = HIP_NAT_MODE_PLAIN_UDP;
}
- ctx->hadb_entry->local_udp_port = ctx->msg_info->dst_port;
- ctx->hadb_entry->peer_udp_port = ctx->msg_info->src_port;
+ ctx->hadb_entry->local_udp_port = ctx->msg_ports->dst_port;
+ ctx->hadb_entry->peer_udp_port = ctx->msg_ports->src_port;
HIP_DEBUG("Setting send func to UDP for entry %p from I2 info.\n",
ctx->hadb_entry);
/* @todo Is this function set needed ? */
@@ -1711,7 +1717,7 @@
* or it should be cancelled. */
/* Store peer's public key and HIT to HA */
- HIP_IFE(hip_init_peer(ctx->hadb_entry, ctx->msg, host_id_in_enc), -EINVAL);
+ HIP_IFE(hip_init_peer(ctx->hadb_entry, ctx->input_msg, host_id_in_enc),
-EINVAL);
/* Validate signature */
#ifdef CONFIG_HIP_PERFORMANCE
@@ -1742,7 +1748,7 @@
if (r1cntr) {
ctx->hadb_entry->birthday = r1cntr->generation;
}
- ctx->hadb_entry->peer_controls |= ntohs(ctx->msg->control);
+ ctx->hadb_entry->peer_controls |= ntohs(ctx->input_msg->control);
/* move this below setup_sa */
memset(&spi_out_data, 0, sizeof(struct hip_spi_out_item));
@@ -1761,14 +1767,14 @@
0,
0,
PEER_ADDR_STATE_ACTIVE,
- ctx->msg_info->src_port),
+ ctx->msg_ports->src_port),
-1,
"Error while adding the preferred peer address\n");
HIP_DEBUG("retransmission: %s\n", (retransmission ? "yes" : "no"));
HIP_DEBUG("src %d, dst %d\n",
- ctx->msg_info->src_port,
- ctx->msg_info->dst_port);
+ ctx->msg_ports->src_port,
+ ctx->msg_ports->dst_port);
/********** ESP-PROT anchor [OPTIONAL] **********/
@@ -1847,7 +1853,7 @@
#ifdef CONFIG_HIP_RVS
ipv6_addr_copy(&dest, &in6addr_any);
if (hip_relay_get_status() == HIP_RELAY_OFF) {
- ctx->hadb_entry->state = hip_relay_handle_relay_from(ctx->msg,
+ ctx->hadb_entry->state = hip_relay_handle_relay_from(ctx->input_msg,
ctx->src_addr,
&dest,
&dest_port);
@@ -1858,27 +1864,8 @@
}
#endif
- /* Note that we haven't handled the REG_REQUEST yet. This is because we
- * must create an REG_RESPONSE parameter into the R2 packet based on the
- * REG_REQUEST parameter. We handle the REG_REQUEST parameter in
- * hip_send_r2() - although that is somewhat illogical.
- * -Lauri 06.05.2008 */
-
- /* Create an R2 packet in response. */
- HIP_IFEL(hip_send_r2(&i2_context,
- ctx->src_addr,
- ctx->dst_addr,
- ctx->hadb_entry,
- ctx->msg_info,
- &dest,
- dest_port),
- -1,
- "Creation of R2 failed\n");
-
-
/** @todo Should wait for ESP here or wait for implementation specific
* time. */
-
/* As for the above todo item:
*
* Where is it said that we should wait for ESP or implementation
@@ -1899,12 +1886,11 @@
*/
/***** LOCATOR PARAMETER *****/
- locator = (struct hip_locator *) hip_get_param(ctx->msg,
HIP_PARAM_LOCATOR);
+ locator = (struct hip_locator *) hip_get_param(ctx->input_msg,
HIP_PARAM_LOCATOR);
if (locator) {
HIP_DEBUG("Locator parameter support in BEX is not implemented!\n");
}
-//end add
#ifdef CONFIG_HIP_PERFORMANCE
HIP_DEBUG("Stop and write PERF_BASE\n");
hip_perf_stop_benchmark(perf_set, PERF_BASE);
@@ -1917,26 +1903,12 @@
memset(ctx->hadb_entry->hip_msg_retrans.buf, 0,
HIP_MAX_NETWORK_PACKET);
}
out_err:
- /* 'ha' is not NULL if hip_receive_i2() fetched the HA for us. In that
- * case we must not release our reference to it. Otherwise, if 'ha' is
- * NULL, then we created the HIP HA in this function and we should free
- * the reference. */
- /* 'ctx->hadb_entry' cannot be NULL here anymore since it has been used in
this
- * function directly without NULL check. -Lauri. */
-
- /* hip_put_ha(ctx->hadb_entry); */
-
if (tmp_enc != NULL) {
free(tmp_enc);
}
if (i2_context.dh_shared_key != NULL) {
free(i2_context.dh_shared_key);
}
-#ifdef CONFIG_HIP_PERFORMANCE
- HIP_DEBUG("Stop and write PERF_I2\n");
- hip_perf_stop_benchmark(perf_set, PERF_I2);
- hip_perf_write_benchmark(perf_set, PERF_I2);
-#endif
return err;
}
@@ -1958,7 +1930,6 @@
int err = 0, tfm = 0, retransmission = 0, idx = 0;
uint16_t mask = 0;
uint32_t spi_recvd = 0, spi_in = 0;
- struct hip_context *ctx = NULL;
struct hip_esp_info *esp_info = NULL;
struct hip_locator *locator = NULL;
struct hip_spi_out_item spi_out_data;
@@ -1967,22 +1938,22 @@
hip_perf_start_benchmark(perf_set, PERF_R2);
#endif
- HIP_IFEL(ipv6_addr_any(&(packet_ctx->msg)->hitr), -1,
+ HIP_IFEL(ipv6_addr_any(&(packet_ctx->input_msg)->hitr), -1,
"Received NULL receiver HIT in R2. Dropping\n");
- HIP_IFEL(!hip_controls_sane(ntohs(packet_ctx->msg->control), mask),
+ HIP_IFEL(!hip_controls_sane(ntohs(packet_ctx->input_msg->control), mask),
-1,
"Received illegal controls in R2: 0x%x. Dropping\n",
- ntohs(packet_ctx->msg->control));
+ ntohs(packet_ctx->input_msg->control));
HIP_IFEL(!packet_ctx->hadb_entry, -1,
"No entry in host association database when receiving R2." \
"Dropping.\n");
/* if the NAT mode is used, update the port numbers of the host
association */
- if (packet_ctx->msg_info->dst_port == hip_get_local_nat_udp_port()) {
- packet_ctx->hadb_entry->local_udp_port =
packet_ctx->msg_info->dst_port;
- packet_ctx->hadb_entry->peer_udp_port =
packet_ctx->msg_info->src_port;
+ if (packet_ctx->msg_ports->dst_port == hip_get_local_nat_udp_port()) {
+ packet_ctx->hadb_entry->local_udp_port =
packet_ctx->msg_ports->dst_port;
+ packet_ctx->hadb_entry->peer_udp_port =
packet_ctx->msg_ports->src_port;
}
HIP_DEBUG("Received R2 in state %s\n", hip_state_str(ha_state));
@@ -2000,21 +1971,16 @@
HIP_DEBUG("Not a retransmission\n");
}
- /* assume already locked entry */
- HIP_IFE(!(ctx = HIP_MALLOC(sizeof(struct hip_context), GFP_ATOMIC)),
-ENOMEM);
- memset(ctx, 0, sizeof(struct hip_context));
- ctx->input = packet_ctx->msg;
-
/* Verify HMAC */
if (packet_ctx->hadb_entry->is_loopback) {
- HIP_IFEL(hip_verify_packet_hmac2(packet_ctx->msg,
-
&(packet_ctx->hadb_entry)->hip_hmac_out,
+ HIP_IFEL(hip_verify_packet_hmac2(packet_ctx->input_msg,
+ &packet_ctx->hadb_entry->hip_hmac_out,
packet_ctx->hadb_entry->peer_pub),
-1,
"HMAC validation on R2 failed.\n");
} else {
- HIP_IFEL(hip_verify_packet_hmac2(packet_ctx->msg,
-
&(packet_ctx->hadb_entry)->hip_hmac_in,
+ HIP_IFEL(hip_verify_packet_hmac2(packet_ctx->input_msg,
+ &packet_ctx->hadb_entry->hip_hmac_in,
packet_ctx->hadb_entry->peer_pub),
-1,
"HMAC validation on R2 failed.\n");
@@ -2026,7 +1992,7 @@
hip_perf_start_benchmark(perf_set, PERF_VERIFY);
#endif
HIP_IFEL(packet_ctx->hadb_entry->verify(packet_ctx->hadb_entry->peer_pub_key,
- packet_ctx->msg),
+ packet_ctx->input_msg),
-EINVAL,
"R2 signature verification failed.\n");
#ifdef CONFIG_HIP_PERFORMANCE
@@ -2035,7 +2001,7 @@
#endif
/* The rest */
- HIP_IFEL(!(esp_info = hip_get_param(packet_ctx->msg, HIP_PARAM_ESP_INFO)),
+ HIP_IFEL(!(esp_info = hip_get_param(packet_ctx->input_msg,
HIP_PARAM_ESP_INFO)),
-EINVAL,
"Parameter SPI not found.\n");
@@ -2050,8 +2016,6 @@
packet_ctx->hadb_entry->spi_outbound_new = spi_recvd;
HIP_DEBUG("Set default SPI out = 0x%x\n", spi_recvd);
- memcpy(&ctx->esp_out, &(packet_ctx->hadb_entry)->esp_out,
sizeof(ctx->esp_out));
- memcpy(&ctx->auth_out, &(packet_ctx->hadb_entry)->auth_out,
sizeof(ctx->auth_out));
HIP_DEBUG("entry should have only one spi_in now, test\n");
spi_in = packet_ctx->hadb_entry->spi_inbound_current;
@@ -2061,14 +2025,16 @@
HIP_DEBUG("esp_transform: %i\n", tfm);
HIP_DEBUG("R2 packet source port: %d, destination port %d.\n",
- packet_ctx->msg_info->src_port, packet_ctx->msg_info->dst_port);
+ packet_ctx->msg_ports->src_port,
packet_ctx->msg_ports->dst_port);
/********** ESP-PROT anchor [OPTIONAL] **********/
- HIP_IFEL(esp_prot_r2_handle_anchor(packet_ctx->hadb_entry, ctx), -1,
+ HIP_IFEL(esp_prot_r2_handle_anchor(packet_ctx->hadb_entry,
+ packet_ctx->input_msg),
+ -1,
"failed to handle esp prot anchor\n");
/***** LOCATOR PARAMETER *****/
- locator = (struct hip_locator *) hip_get_param(packet_ctx->msg,
HIP_PARAM_LOCATOR);
+ locator = (struct hip_locator *) hip_get_param(packet_ctx->input_msg,
HIP_PARAM_LOCATOR);
if (locator) {
HIP_DEBUG("Locator parameter support in BEX is not implemented!\n");
}
@@ -2079,8 +2045,8 @@
HIP_DEBUG_HIT("hit peer", &(packet_ctx->hadb_entry)->hit_peer);
HIP_IFEL(hip_add_sa(packet_ctx->src_addr,
packet_ctx->dst_addr,
- &ctx->input->hits,
- &ctx->input->hitr,
+ &packet_ctx->input_msg->hits,
+ &packet_ctx->input_msg->hitr,
spi_in,
tfm,
&(packet_ctx->hadb_entry)->esp_in,
@@ -2094,12 +2060,12 @@
HIP_IFEL(hip_add_sa(packet_ctx->dst_addr,
packet_ctx->src_addr,
- &ctx->input->hitr,
- &ctx->input->hits,
+ &packet_ctx->input_msg->hitr,
+ &packet_ctx->input_msg->hits,
spi_recvd,
tfm,
- &ctx->esp_out,
- &ctx->auth_out,
+ &packet_ctx->hadb_entry->esp_out,
+ &packet_ctx->hadb_entry->auth_out,
0,
HIP_SPI_DIRECTION_OUT,
0,
@@ -2127,10 +2093,10 @@
hip_copy_peer_addrlist_changed(packet_ctx->hadb_entry);
/* Handle REG_RESPONSE and REG_FAILED parameters. */
- hip_handle_param_reg_response(packet_ctx->hadb_entry, packet_ctx->msg);
- hip_handle_param_reg_failed(packet_ctx->hadb_entry, packet_ctx->msg);
+ hip_handle_param_reg_response(packet_ctx->hadb_entry,
packet_ctx->input_msg);
+ hip_handle_param_reg_failed(packet_ctx->hadb_entry, packet_ctx->input_msg);
- hip_handle_reg_from(packet_ctx->hadb_entry, packet_ctx->msg);
+ hip_handle_reg_from(packet_ctx->hadb_entry, packet_ctx->input_msg);
/* These will change SAs' state from ACQUIRE to VALID, and wake up any
* transport sockets waiting for a SA. */
@@ -2179,9 +2145,6 @@
NULL);
}
- if (ctx) {
- HIP_FREE(ctx);
- }
#ifdef CONFIG_HIP_PERFORMANCE
HIP_DEBUG("Stop and write PERF_R2\n");
hip_perf_stop_benchmark(perf_set, PERF_R2);
@@ -2241,13 +2204,13 @@
#endif
int err = 0, mask = 0, src_hit_is_our;
- HIP_ASSERT(!ipv6_addr_any(&(ctx->msg)->hitr));
+ HIP_ASSERT(!ipv6_addr_any(&(ctx->input_msg)->hitr));
/* In some environments, a copy of broadcast our own I1 packets
* arrive at the local host too. The following variable handles
* that special case. Since we are using source HIT (and not
* destination) it should handle also opportunistic I1 broadcast */
- src_hit_is_our = hip_hidb_hit_is_our(&(ctx->msg)->hits);
+ src_hit_is_our = hip_hidb_hit_is_our(&(ctx->input_msg)->hits);
/* check i1 for broadcast/multicast addresses */
if (IN6_IS_ADDR_V4MAPPED(ctx->dst_addr)) {
@@ -2278,13 +2241,13 @@
"Could not find source address\n");
}
- HIP_IFEBL2(!hip_controls_sane(ntohs(ctx->msg->control), mask),
+ HIP_IFEBL2(!hip_controls_sane(ntohs(ctx->input_msg->control), mask),
-1,
ctx->drop_packet = 1,
"Received illegal controls in I1: 0x%x. Dropping\n",
- ntohs(ctx->msg->control));
+ ntohs(ctx->input_msg->control));
- HIP_INFO_HIT("I1 Source HIT:", &(ctx->msg)->hits);
+ HIP_INFO_HIT("I1 Source HIT:", &(ctx->input_msg)->hits);
HIP_INFO_IN6ADDR("I1 Source IP :", ctx->src_addr);
/**
@@ -2336,7 +2299,7 @@
"Received a NOTIFY packet from an unknown sender, ignoring " \
"the packet.\n");
- notify_controls = ntohs(ctx->msg->control);
+ notify_controls = ntohs(ctx->input_msg->control);
HIP_IFEL(!hip_controls_sane(notify_controls, mask), -EPROTO,
"Received a NOTIFY packet with illegal controls: 0x%x, ignoring " \
@@ -2344,7 +2307,7 @@
/* Loop through all the parameters in the received packet. */
while ((current_param =
- hip_get_next_param(ctx->msg, current_param)) != NULL) {
+ hip_get_next_param(ctx->input_msg, current_param)) != NULL) {
param_type = hip_get_param_type(current_param);
if (param_type == HIP_PARAM_NOTIFICATION) {
=== modified file 'hipd/input.h'
--- hipd/input.h 2010-03-04 14:23:17 +0000
+++ hipd/input.h 2010-03-05 09:51:49 +0000
@@ -97,6 +97,14 @@
const uint32_t ha_state,
struct hip_packet_context *ctx);
+int hip_handle_i2_in_i2_sent(const uint32_t packet_type,
+ const uint32_t ha_state,
+ struct hip_packet_context *ctx);
+
+int hip_handle_i2(const uint32_t packet_type,
+ const uint32_t ha_state,
+ struct hip_packet_context *ctx);
+
int hip_handle_notify(const uint32_t packet_type,
const uint32_t ha_state,
struct hip_packet_context *ctx);
@@ -105,10 +113,6 @@
const uint32_t ha_state,
struct hip_packet_context *ctx);
-int hip_handle_i2(const uint32_t packet_type,
- const uint32_t ha_state,
- struct hip_packet_context *ctx);
-
int hip_handle_r2(const uint32_t packet_type,
const uint32_t ha_state,
struct hip_packet_context *packet_ctx);
=== modified file 'hipd/output.c'
--- hipd/output.c 2010-03-04 15:12:47 +0000
+++ hipd/output.c 2010-03-05 09:51:49 +0000
@@ -769,7 +769,7 @@
HIP_DEBUG("Param relay from\n");
//from relay
r1_dst_addr = ctx->src_addr;
- r1_dst_port = ctx->msg_info->src_port;
+ r1_dst_port = ctx->msg_ports->src_port;
// I---> NAT--> RVS-->R is not supported yet
/*
* r1_dst_addr = dst_ip;
@@ -779,7 +779,7 @@
HIP_DEBUG("Param from\n");
//from RVS, answer to I
r1_dst_addr = &dst_ip;
- if (ctx->msg_info->src_port) {
+ if (ctx->msg_ports->src_port) {
// R and RVS is in the UDP mode or I send UDP to RVS with
incoming port hip_get_peer_nat_udp_port()
r1_dst_port = hip_get_peer_nat_udp_port();
} else {
@@ -791,7 +791,7 @@
HIP_DEBUG("No RVS or relay\n");
/* no RVS or RELAY found; direct connection */
r1_dst_addr = ctx->src_addr;
- r1_dst_port = ctx->msg_info->src_port;
+ r1_dst_port = ctx->msg_ports->src_port;
}
/* removed by santtu because relay supported
@@ -801,7 +801,7 @@
#ifdef CONFIG_HIP_OPPORTUNISTIC
/* It should not be null hit, null hit has been replaced by real local
* hit. */
- HIP_ASSERT(!hit_is_opportunistic_hit(&ctx->msg->hitr));
+ HIP_ASSERT(!hit_is_opportunistic_hit(&ctx->input_msg->hitr));
#endif
/* Case: I ----->IPv4---> RVS ---IPv6---> R */
@@ -819,11 +819,11 @@
}
HIP_IFEL(!(r1pkt = hip_get_r1(r1_dst_addr, ctx->dst_addr,
- &ctx->msg->hitr, &ctx->msg->hits)),
+ &ctx->input_msg->hitr,
&ctx->input_msg->hits)),
-ENOENT, "No precreated R1\n");
- if (&ctx->msg->hits) {
- ipv6_addr_copy(&r1pkt->hitr, &ctx->msg->hits);
+ if (&ctx->input_msg->hits) {
+ ipv6_addr_copy(&r1pkt->hitr, &ctx->input_msg->hits);
} else {
memset(&r1pkt->hitr, 0, sizeof(struct in6_addr));
}
@@ -887,6 +887,12 @@
/**
* Creates and transmits an R2 packet.
*
+ * @note We haven't handled the REG_REQUEST in hip_handle_i2() yet. This is
+ * because we must create an REG_RESPONSE parameter into the R2 packet based
+ * on the REG_REQUEST parameter. We handle the REG_REQUEST parameter in
+ * hip_send_r2() - although that is somewhat illogical.
+ * -Lauri 06.05.2008
+ *
* @param ctx a pointer to the context of processed I2 packet.
* @param i2_saddr a pointer to I2 packet source IP address.
* @param i2_daddr a pointer to I2 packet destination IP address.
@@ -895,60 +901,66 @@
* in use).
* @return zero on success, negative otherwise.
*/
-int hip_send_r2(struct hip_context *ctx, in6_addr_t *i2_saddr,
- in6_addr_t *i2_daddr, hip_ha_t *entry,
- hip_portpair_t *i2_info,
- in6_addr_t *dest,
- const in_port_t dest_port)
+int hip_send_r2(const uint32_t packet_type,
+ const uint32_t ha_state,
+ struct hip_packet_context *packet_ctx)
{
- hip_common_t *r2 = NULL, *i2 = NULL;
struct hip_crypto_key hmac;
int err = 0;
uint16_t mask = 0;
uint32_t spi_in = 0;
- _HIP_DEBUG("hip_create_r2() invoked.\n");
- /* Assume already locked entry */
- i2 = ctx->input;
+ HIP_IFEL(packet_ctx->drop_packet,
+ -1,
+ "Abort packet processing and don't send R1 packet.\n")
/* Build and send R2: IP ( HIP ( SPI, HMAC, HIP_SIGNATURE ) ) */
- HIP_IFEL(!(r2 = hip_msg_alloc()), -ENOMEM, "No memory for R2\n");
+ HIP_IFEL(!(packet_ctx->output_msg = hip_msg_alloc()), -ENOMEM, "No memory
for R2\n");
/* Just swap the addresses to use the I2's destination HIT as the R2's
* source HIT. */
- hip_build_network_hdr(r2, HIP_R2, mask, &entry->hit_our, &entry->hit_peer);
+ hip_build_network_hdr(packet_ctx->output_msg,
+ HIP_R2,
+ mask,
+ &packet_ctx->hadb_entry->hit_our,
+ &packet_ctx->hadb_entry->hit_peer);
- HIP_DUMP_MSG(r2);
+ HIP_DUMP_MSG(packet_ctx->output_msg);
/* ESP_INFO */
- spi_in = entry->spi_inbound_current;
- HIP_IFEL(hip_build_param_esp_info(r2, ctx->esp_keymat_index, 0, spi_in),
- -1, "building of ESP_INFO failed.\n");
+ spi_in = packet_ctx->hadb_entry->spi_inbound_current;
+ HIP_IFEL(hip_build_param_esp_info(packet_ctx->output_msg,
+ packet_ctx->hadb_entry->esp_keymat_index,
+ 0,
+ spi_in),
+ -1,
+ "building of ESP_INFO failed.\n");
/********** CHALLENGE_RESPONSE **********/
#ifdef CONFIG_HIP_MIDAUTH
- /* TODO: no caching is done for PUZZLE_M parameters. This may be
- * a DOS attack vector.
+ /** @todo no caching is done for PUZZLE_M parameters. This may be
+ * a DOS attack vector.
*/
- HIP_IFEL(hip_solve_puzzle_m(r2, ctx->input, entry), -1,
+ HIP_IFEL(hip_solve_puzzle_m(packet_ctx->output_msg,
+ packet_ctx->input_msg,
+ packet_ctx->hadb_entry),
+ -1,
"Building of Challenge_Response failed\n");
char *midauth_cert = hip_pisa_get_certificate();
- HIP_IFEL(hip_build_param(r2, entry->our_pub), -1,
+ HIP_IFEL(hip_build_param(packet_ctx->output_msg,
packet_ctx->hadb_entry->our_pub), -1,
"Building of host id failed\n");
/* For now we just add some random data to see if it works */
- HIP_IFEL(hip_build_param_cert(r2, 1, 1, 1, 1, midauth_cert,
strlen(midauth_cert)),
- -1,
- "Building of cert failed\n");
+ HIP_IFEL(hip_build_param_cert(packet_ctx->output_msg, 1, 1, 1, 1,
midauth_cert, strlen(midauth_cert)),
+ -1,
+ "Building of cert failed\n");
#endif
/********** ESP-PROT anchor [OPTIONAL] **********/
-
- HIP_IFEL(esp_prot_r2_add_anchor(r2, entry), -1,
+ HIP_IFEL(esp_prot_r2_add_anchor(packet_ctx->output_msg,
packet_ctx->hadb_entry), -1,
"failed to add esp protection anchor\n");
-
/************************************************/
#if defined(CONFIG_HIP_RVS)
@@ -958,28 +970,31 @@
*/
/* Handle REG_REQUEST parameter. */
- hip_handle_param_reg_request(entry, i2, r2);
+ hip_handle_param_reg_request(packet_ctx->hadb_entry,
packet_ctx->input_msg, packet_ctx->output_msg);
#endif
#if defined(CONFIG_HIP_RVS)
if (hip_relay_get_status() != HIP_RELAY_OFF) {
- hip_build_param_reg_from(r2, i2_saddr, i2_info->src_port);
+ hip_build_param_reg_from(packet_ctx->output_msg, packet_ctx->src_addr,
packet_ctx->msg_ports->src_port);
}
#endif
/* Create HMAC2 parameter. */
- if (entry->our_pub == NULL) {
- HIP_DEBUG("entry->our_pub is NULL.\n");
+ if (packet_ctx->hadb_entry->our_pub == NULL) {
+ HIP_DEBUG("packet_ctx->hadb_entry->our_pub is NULL.\n");
} else {
- _HIP_HEXDUMP("Host ID for HMAC2", entry->our_pub,
- hip_get_param_total_len(entry->our_pub));
+ _HIP_HEXDUMP("Host ID for HMAC2", packet_ctx->hadb_entry->our_pub,
+ hip_get_param_total_len(packet_ctx->hadb_entry->our_pub));
}
- memcpy(&hmac, &entry->hip_hmac_out, sizeof(hmac));
- HIP_IFEL(hip_build_param_hmac2_contents(r2, &hmac, entry->our_pub), -1,
+ memcpy(&hmac, &packet_ctx->hadb_entry->hip_hmac_out, sizeof(hmac));
+ HIP_IFEL(hip_build_param_hmac2_contents(packet_ctx->output_msg,
+ &hmac,
+ packet_ctx->hadb_entry->our_pub),
+ -1,
"Failed to build parameter HMAC2 contents.\n");
/* Why is err reset to zero? -Lauri 11.06.2008 */
@@ -987,46 +1002,42 @@
err = 0;
}
- HIP_IFEL(entry->sign(entry->our_priv_key, r2), -EINVAL, "Could not sign
R2. Failing\n");
-
-#ifdef CONFIG_HIP_RVS
- if (!ipv6_addr_any(dest)) {
- //if(hip_relay_get_status() == HIP_RELAY_ON) {
-
- HIP_INFO("create replay_to parameter in R2\n");
- hip_build_param_relay_to(
- r2, dest, dest_port);
- //}
- }
-
-#endif
-
- err = hip_add_sa(i2_daddr, i2_saddr,
- &ctx->input->hitr, &ctx->input->hits,
- entry->spi_outbound_current,
- entry->esp_transform,
- &ctx->esp_out, &ctx->auth_out,
- 1, HIP_SPI_DIRECTION_OUT, 0, entry);
+ HIP_IFEL(packet_ctx->hadb_entry->sign(packet_ctx->hadb_entry->our_priv_key,
+ packet_ctx->output_msg),
+ -EINVAL,
+ "Could not sign R2. Failing\n");
+
+ err = hip_add_sa(packet_ctx->dst_addr,
+ packet_ctx->src_addr,
+ &packet_ctx->input_msg->hitr,
+ &packet_ctx->input_msg->hits,
+ packet_ctx->hadb_entry->spi_outbound_current,
+ packet_ctx->hadb_entry->esp_transform,
+ &packet_ctx->hadb_entry->esp_out,
+ &packet_ctx->hadb_entry->auth_out,
+ 1,
+ HIP_SPI_DIRECTION_OUT,
+ 0,
+ packet_ctx->hadb_entry);
if (err) {
HIP_ERROR("Failed to setup outbound SA with SPI = %d.\n",
- entry->spi_outbound_current);
+ packet_ctx->hadb_entry->spi_outbound_current);
- /* delete all IPsec related SPD/SA for this entry*/
- hip_delete_security_associations_and_sp(entry);
+ /* delete all IPsec related SPD/SA for this packet_ctx->hadb_entry*/
+ hip_delete_security_associations_and_sp(packet_ctx->hadb_entry);
goto out_err;
}
- //end modify
/* @todo Check if err = -EAGAIN... */
- HIP_DEBUG("Set up outbound IPsec SA, SPI=0x%x\n", entry->spi_outbound_new);
-// end move
+ HIP_DEBUG("Set up outbound IPsec SA, SPI=0x%x\n",
+ packet_ctx->hadb_entry->spi_outbound_new);
- err = hip_send_pkt(i2_daddr,
- i2_saddr,
- (entry->nat_mode ? hip_get_local_nat_udp_port() : 0),
- entry->peer_udp_port,
- r2,
- entry,
+ err = hip_send_pkt(packet_ctx->dst_addr,
+ packet_ctx->src_addr,
+ (packet_ctx->hadb_entry->nat_mode ?
hip_get_local_nat_udp_port() : 0),
+ packet_ctx->hadb_entry->peer_udp_port,
+ packet_ctx->output_msg,
+ packet_ctx->hadb_entry,
1);
if (err == 1) {
@@ -1036,17 +1047,22 @@
HIP_IFEL(err, -ECOMM, "Sending R2 packet failed.\n");
/* Send the first heartbeat. Notice that error value is ignored
- * because we want to to complete the base exchange successfully */
- /* for ICE , we do not need it*/
+ * because we want to to complete the base exchange successfully
+ */
if (hip_icmp_interval > 0) {
_HIP_DEBUG("icmp sock %d\n", hip_icmp_sock);
- hip_send_icmp(hip_icmp_sock, entry);
+ hip_send_icmp(hip_icmp_sock, packet_ctx->hadb_entry);
}
out_err:
- if (r2 != NULL) {
- free(r2);
+ if (packet_ctx->output_msg) {
+ free(packet_ctx->output_msg);
}
+#ifdef CONFIG_HIP_PERFORMANCE
+ HIP_DEBUG("Stop and write PERF_I2\n");
+ hip_perf_stop_benchmark(perf_set, PERF_I2);
+ hip_perf_write_benchmark(perf_set, PERF_I2);
+#endif
return err;
}
=== modified file 'hipd/output.h'
--- hipd/output.h 2010-03-04 14:23:17 +0000
+++ hipd/output.h 2010-03-05 09:51:49 +0000
@@ -55,13 +55,9 @@
const uint32_t ha_state,
struct hip_packet_context *ctx);
-int hip_send_r2(struct hip_context *ctx,
- in6_addr_t *i2_saddr,
- in6_addr_t *i2_daddr,
- hip_ha_t *entry,
- hip_portpair_t *i2_info,
- in6_addr_t *dest,
- const in_port_t dest_port);
+int hip_send_r2(const uint32_t packet_type,
+ const uint32_t ha_state,
+ struct hip_packet_context *packet_ctx);
int hip_send_r2_response(struct hip_common *r2,
struct in6_addr *r2_saddr,
=== modified file 'lib/core/protodefs.h'
--- lib/core/protodefs.h 2010-03-04 15:01:46 +0000
+++ lib/core/protodefs.h 2010-03-05 09:51:49 +0000
@@ -1051,10 +1051,11 @@
* database entry and a flag indicating the packet handling should be aborted.
*/
struct hip_packet_context {
- struct hip_common *msg;
+ struct hip_common *input_msg;
+ struct hip_common *output_msg;
struct in6_addr *src_addr;
struct in6_addr *dst_addr;
- struct hip_stateless_info *msg_info;
+ struct hip_stateless_info *msg_ports;
struct hip_hadb_state *hadb_entry;
uint8_t drop_packet;
};
=== modified file 'lib/tool/pk.c'
--- lib/tool/pk.c 2010-02-16 21:54:14 +0000
+++ lib/tool/pk.c 2010-03-05 09:51:49 +0000
@@ -54,6 +54,7 @@
HIP_IFEL(!RSA_sign(NID_sha1, sha1_digest, SHA_DIGEST_LENGTH, signature,
&sig_len, rsa), -1, "Signing error\n");
+
if (hip_get_msg_type(msg) == HIP_R1) {
HIP_IFEL(hip_build_param_signature2_contents(msg, signature,
len, HIP_SIG_RSA),
=== modified file 'modules/update/hipd/update.c'
--- modules/update/hipd/update.c 2010-03-04 14:52:32 +0000
+++ modules/update/hipd/update.c 2010-03-05 09:51:49 +0000
@@ -730,7 +730,7 @@
* both an ACK and SEQ in the UPDATE, the ACK is first processed as
* described in Section 6.12.2, and then the rest of the UPDATE is
* processed as described in Section 6.12.1 */
- ack = hip_get_param(ctx->msg, HIP_PARAM_ACK);
+ ack = hip_get_param(ctx->input_msg, HIP_PARAM_ACK);
if (ack != NULL) {
ack_peer_update_id = ntohl(ack->peer_update_id);
HIP_DEBUG("ACK parameter found with peer Update ID %u.\n",
@@ -756,7 +756,7 @@
* 2nd case: If the association is in the ESTABLISHED state and the SEQ
* (but not ACK) parameter is present, the UPDATE is processed and replied
* to as described in Section 6.12.1. */
- seq = hip_get_param(ctx->msg, HIP_PARAM_SEQ);
+ seq = hip_get_param(ctx->input_msg, HIP_PARAM_SEQ);
if (seq != NULL) {
seq_update_id = ntohl(seq->update_id);
HIP_DEBUG("SEQ parameter found with Update ID %u.\n",
@@ -795,9 +795,9 @@
/* RFC 5201 Section 6.12.1 3th and 4th steps or
* Section 6.12.2 2nd and 3th steps */
- HIP_IFE(hip_check_hmac_and_signature(ctx->msg, ctx->hadb_entry), -1);
+ HIP_IFE(hip_check_hmac_and_signature(ctx->input_msg, ctx->hadb_entry), -1);
- esp_info = hip_get_param(ctx->msg, HIP_PARAM_ESP_INFO);
+ esp_info = hip_get_param(ctx->input_msg, HIP_PARAM_ESP_INFO);
if (esp_info != NULL) {
HIP_DEBUG("ESP INFO parameter found with new SPI %u.\n",
ntohl(esp_info->new_spi));
@@ -812,16 +812,16 @@
}
/* @todo: a workaround for bug id 944 */
- ctx->hadb_entry->peer_udp_port = ctx->msg_info->src_port;
+ ctx->hadb_entry->peer_udp_port = ctx->msg_ports->src_port;
/* RFC 5206: End-Host Mobility and Multihoming. */
// 3.2.1. Mobility with a Single SA Pair (No Rekeying)
- locator = hip_get_param(ctx->msg, HIP_PARAM_LOCATOR);
- echo_request = hip_get_param(ctx->msg, HIP_PARAM_ECHO_REQUEST_SIGN);
- echo_response = hip_get_param(ctx->msg, HIP_PARAM_ECHO_RESPONSE_SIGN);
+ locator = hip_get_param(ctx->input_msg, HIP_PARAM_LOCATOR);
+ echo_request = hip_get_param(ctx->input_msg,
HIP_PARAM_ECHO_REQUEST_SIGN);
+ echo_response = hip_get_param(ctx->input_msg,
HIP_PARAM_ECHO_RESPONSE_SIGN);
if (locator != NULL) {
- hip_handle_first_update_packet(ctx->msg,
+ hip_handle_first_update_packet(ctx->input_msg,
ctx->hadb_entry,
ctx->src_addr);
@@ -835,14 +835,14 @@
// We handle ECHO_REQUEST by sending an update packet
// with reversed source and destination address.
- hip_handle_second_update_packet(ctx->msg,
+ hip_handle_second_update_packet(ctx->input_msg,
ctx->hadb_entry,
ctx->dst_addr,
ctx->src_addr);
goto out_err;
} else if (echo_response != NULL) {
- hip_handle_third_update_packet(ctx->msg,
+ hip_handle_third_update_packet(ctx->input_msg,
ctx->hadb_entry,
ctx->dst_addr,
ctx->src_addr);
Other related posts:
- » [hipl-commit] [tiny] Rev 3616: Refined i2 packet handling. - Tim Just
