Committer: Tim Just <tim.just@xxxxxxxxxxxxxx> Date: Fri Mar 05 10:51:49 2010 +0100 Revision: 3616 Revision-id: tim.just@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Branch nick: tiny Log: Refined i2 packet handling. Moved hip_send_r2 to output.c and changed function parameters. Renamed members of struct hip_packet_context and added pointer to the outgoing message. Modified: M hipd/bos.c M hipd/close.c M hipd/esp_prot_hipd_msg.c M hipd/esp_prot_hipd_msg.h M hipd/esp_prot_light_update.c M hipd/init.c M hipd/input.c M hipd/input.h M hipd/output.c M hipd/output.h M lib/core/protodefs.h M lib/tool/pk.c M modules/update/hipd/update.c === modified file 'hipd/bos.c' --- hipd/bos.c 2010-02-24 09:10:23 +0000 +++ hipd/bos.c 2010-03-05 09:51:49 +0000 @@ -212,9 +212,9 @@ char *str; char src[INET6_ADDRSTRLEN]; - HIP_IFEL(ipv6_addr_any(&(ctx->msg)->hits), 0, + HIP_IFEL(ipv6_addr_any(&(ctx->input_msg)->hits), 0, "Received NULL sender HIT in BOS.\n"); - HIP_IFEL(!ipv6_addr_any(&(ctx->msg)->hitr), 0, + HIP_IFEL(!ipv6_addr_any(&(ctx->input_msg)->hitr), 0, "Received non-NULL receiver HIT in BOS.\n"); /* @todo Is this needed? */ @@ -241,18 +241,18 @@ /* according to the section 8.6 of the base draft, * we must first check signature */ - HIP_IFEL(!(peer_host_id = hip_get_param(ctx->msg, HIP_PARAM_HOST_ID)), -ENOENT, + HIP_IFEL(!(peer_host_id = hip_get_param(ctx->input_msg, HIP_PARAM_HOST_ID)), -ENOENT, "No HOST_ID found in BOS\n"); - HIP_IFEL(hip_verify_packet_signature((ctx->msg), peer_host_id), -EINVAL, + HIP_IFEL(hip_verify_packet_signature((ctx->input_msg), peer_host_id), -EINVAL, "Verification of BOS signature failed\n"); /* Validate HIT against received host id */ hip_host_id_to_hit(peer_host_id, &peer_hit, HIP_HIT_TYPE_HASH100); - HIP_IFEL(ipv6_addr_cmp(&peer_hit, &(ctx->msg)->hits) != 0, -EINVAL, + HIP_IFEL(ipv6_addr_cmp(&peer_hit, &(ctx->input_msg)->hits) != 0, -EINVAL, "Sender HIT does not match the advertised host_id\n"); - HIP_HEXDUMP("Advertised HIT:", &(ctx->msg)->hits, 16); + HIP_HEXDUMP("Advertised HIT:", &(ctx->input_msg)->hits, 16); /* Everything ok, first save host id to db */ HIP_IFE(hip_get_param_host_id_di_type_len(peer_host_id, &str, &len) < 0, -1); @@ -292,7 +292,7 @@ /* we have no previous information on the peer, create * a new HIP HA */ - HIP_IFEL((hip_hadb_add_peer_info(&(ctx->msg)->hits, dstip, &lsi, NULL) < 0), + HIP_IFEL((hip_hadb_add_peer_info(&(ctx->input_msg)->hits, dstip, &lsi, NULL) < 0), -1, "Failed to insert new peer info"); HIP_DEBUG("HA entry created.\n"); === modified file 'hipd/close.c' --- hipd/close.c 2010-02-26 11:24:27 +0000 +++ hipd/close.c 2010-03-05 09:51:49 +0000 @@ -186,12 +186,12 @@ hip_perf_start_benchmark( perf_set, PERF_HANDLE_CLOSE ); #endif - HIP_IFEL(ipv6_addr_any(&(ctx->msg)->hitr), -1, + HIP_IFEL(ipv6_addr_any(&(ctx->input_msg)->hitr), -1, "Received NULL receiver HIT in CLOSE. Dropping\n"); - HIP_IFEL(!hip_controls_sane(ntohs(ctx->msg->control), 0), -1, + HIP_IFEL(!hip_controls_sane(ntohs(ctx->input_msg->control), 0), -1, "Received illegal controls in CLOSE: 0x%x. Dropping\n", - ntohs(ctx->msg->control)); + ntohs(ctx->input_msg->control)); HIP_IFEL(!ctx->hadb_entry, -1, "No entry in host association database when receiving R2." \ @@ -209,21 +209,21 @@ /* verify HMAC */ if (ctx->hadb_entry->is_loopback) { - HIP_IFEL(hip_verify_packet_hmac(ctx->msg, &(ctx->hadb_entry)->hip_hmac_out), + HIP_IFEL(hip_verify_packet_hmac(ctx->input_msg, &(ctx->hadb_entry)->hip_hmac_out), -ENOENT, "HMAC validation on close failed.\n"); } else { - HIP_IFEL(hip_verify_packet_hmac(ctx->msg, &(ctx->hadb_entry)->hip_hmac_in), + HIP_IFEL(hip_verify_packet_hmac(ctx->input_msg, &(ctx->hadb_entry)->hip_hmac_in), -ENOENT, "HMAC validation on close failed.\n"); } /* verify signature */ - HIP_IFEL(ctx->hadb_entry->verify(ctx->hadb_entry->peer_pub_key, ctx->msg), -EINVAL, + HIP_IFEL(ctx->hadb_entry->verify(ctx->hadb_entry->peer_pub_key, ctx->input_msg), -EINVAL, "Verification of close signature failed.\n"); HIP_IFE(!(close_ack = hip_msg_alloc()), -ENOMEM); HIP_IFEL(!(request = - hip_get_param(ctx->msg, HIP_PARAM_ECHO_REQUEST_SIGN)), + hip_get_param(ctx->input_msg, HIP_PARAM_ECHO_REQUEST_SIGN)), -1, "No echo request under signature.\n"); echo_len = hip_get_param_contents_len(request); @@ -260,13 +260,13 @@ #ifdef CONFIG_HIP_RVS if (hip_relay_get_status()) { hip_relrec_t dummy; - memcpy(&(dummy.hit_r), &(ctx->msg->hits), - sizeof(ctx->msg->hits)); + memcpy(&(dummy.hit_r), &(ctx->input_msg->hits), + sizeof(ctx->input_msg->hits)); hip_relht_rec_free_doall(&dummy); /* Check that the element really got deleted. */ if (hip_relht_get(&dummy) == NULL) { HIP_DEBUG_HIT("Deleted relay record for HIT", - &(ctx->msg->hits)); + &(ctx->input_msg->hits)); } } #endif @@ -299,15 +299,15 @@ hip_perf_start_benchmark( perf_set, PERF_HANDLE_CLOSE_ACK ); #endif - HIP_IFEL(ipv6_addr_any(&(ctx->msg)->hitr), -1, + HIP_IFEL(ipv6_addr_any(&(ctx->input_msg)->hitr), -1, "Received NULL receiver HIT in CLOSE ACK. Dropping\n"); - if (!hip_controls_sane(ntohs(ctx->msg->control), mask + if (!hip_controls_sane(ntohs(ctx->input_msg->control), mask //HIP_CONTROL_CERTIFICATES | HIP_PACKET_CTRL_ANON | // | HIP_CONTROL_SHT_MASK | HIP_CONTROL_DHT_MASK)) { )) { HIP_ERROR("Received illegal controls in CLOSE ACK: 0x%x. Dropping\n", - ntohs(ctx->msg->control)); + ntohs(ctx->input_msg->control)); goto out_err; } @@ -327,7 +327,7 @@ /* verify ECHO */ HIP_IFEL(!(echo_resp = - hip_get_param(ctx->msg, HIP_PARAM_ECHO_RESPONSE_SIGN)), + hip_get_param(ctx->input_msg, HIP_PARAM_ECHO_RESPONSE_SIGN)), -1, "Echo response not found\n"); HIP_IFEL(memcmp(echo_resp + 1, ctx->hadb_entry->echo_data, sizeof(ctx->hadb_entry->echo_data)), -1, @@ -335,16 +335,16 @@ /* verify HMAC */ if (ctx->hadb_entry->is_loopback) { - HIP_IFEL(hip_verify_packet_hmac(ctx->msg, + HIP_IFEL(hip_verify_packet_hmac(ctx->input_msg, &(ctx->hadb_entry)->hip_hmac_out), -ENOENT, "HMAC validation on close ack failed\n"); } else { - HIP_IFEL(hip_verify_packet_hmac(ctx->msg, + HIP_IFEL(hip_verify_packet_hmac(ctx->input_msg, &(ctx->hadb_entry)->hip_hmac_in), -ENOENT, "HMAC validation on close ack failed\n"); } /* verify signature */ - HIP_IFEL(ctx->hadb_entry->verify(ctx->hadb_entry->peer_pub_key, ctx->msg), + HIP_IFEL(ctx->hadb_entry->verify(ctx->hadb_entry->peer_pub_key, ctx->input_msg), -EINVAL, "Verification of close ack signature failed\n"); ctx->hadb_entry->state = HIP_STATE_CLOSED; === modified file 'hipd/esp_prot_hipd_msg.c' --- hipd/esp_prot_hipd_msg.c 2010-02-22 18:30:02 +0000 +++ hipd/esp_prot_hipd_msg.c 2010-03-05 09:51:49 +0000 @@ -812,7 +812,8 @@ * @param ctx packet context for the R2 message * @return 0 on success, -1 in case of an error */ -int esp_prot_r2_handle_anchor(hip_ha_t *entry, const struct hip_context *ctx) +int esp_prot_r2_handle_anchor(hip_ha_t *entry, + const struct hip_common *input_msg) { struct hip_tlv_common *param = NULL; struct esp_prot_anchor *prot_anchor = NULL; @@ -821,7 +822,7 @@ // only process anchor, if we agreed on using it before if (entry->esp_prot_transform > ESP_PROT_TFM_UNUSED) { - if ((param = hip_get_param(ctx->input, HIP_PARAM_ESP_PROT_ANCHOR))) { + if ((param = hip_get_param(input_msg, HIP_PARAM_ESP_PROT_ANCHOR))) { prot_anchor = (struct esp_prot_anchor *) param; // check if the anchor has got the negotiated transform @@ -848,7 +849,7 @@ } // get next anchor - param = hip_get_next_param(ctx->input, param); + param = hip_get_next_param(input_msg, param); prot_anchor = (struct esp_prot_anchor *) param; } } else if (prot_anchor->transform == ESP_PROT_TFM_UNUSED) { === modified file 'hipd/esp_prot_hipd_msg.h' --- hipd/esp_prot_hipd_msg.h 2010-02-17 13:08:39 +0000 +++ hipd/esp_prot_hipd_msg.h 2010-03-05 09:51:49 +0000 @@ -30,7 +30,8 @@ const struct hip_context *ctx); int esp_prot_i2_handle_anchor(hip_ha_t *entry, const struct hip_context *ctx); int esp_prot_r2_add_anchor(hip_common_t *r2, hip_ha_t *entry); -int esp_prot_r2_handle_anchor(hip_ha_t *entry, const struct hip_context *ctx); +int esp_prot_r2_handle_anchor(hip_ha_t *entry, + const struct hip_common *input_msg); int esp_prot_handle_update(const hip_common_t *recv_update, hip_ha_t *entry, const in6_addr_t *src_ip, const in6_addr_t *dst_ip); int esp_prot_update_add_anchor(hip_common_t *update, hip_ha_t *entry); === modified file 'hipd/esp_prot_light_update.c' --- hipd/esp_prot_light_update.c 2010-02-24 09:22:28 +0000 +++ hipd/esp_prot_light_update.c 2010-03-05 09:51:49 +0000 @@ -194,12 +194,12 @@ uint32_t spi = 0; int err = 0; - HIP_IFEL(hip_verify_packet_hmac(ctx->msg, &(ctx->hadb_entry)->hip_hmac_in), + HIP_IFEL(hip_verify_packet_hmac(ctx->input_msg, &(ctx->hadb_entry)->hip_hmac_in), -1, "HMAC validation on UPDATE failed.\n"); - ack = hip_get_param(ctx->msg, HIP_PARAM_ACK); - seq = hip_get_param(ctx->msg, HIP_PARAM_SEQ); + ack = hip_get_param(ctx->input_msg, HIP_PARAM_ACK); + seq = hip_get_param(ctx->input_msg, HIP_PARAM_SEQ); if (seq != NULL) { /********** SEQ ***********/ @@ -221,7 +221,7 @@ } /********** ANCHOR ***********/ - HIP_IFEL(esp_prot_update_handle_anchor(ctx->msg, + HIP_IFEL(esp_prot_update_handle_anchor(ctx->input_msg, ctx->hadb_entry, ctx->src_addr, ctx->dst_addr, === modified file 'hipd/init.c' --- hipd/init.c 2010-03-04 14:14:22 +0000 +++ hipd/init.c 2010-03-05 09:51:49 +0000 @@ -444,13 +444,21 @@ hip_register_handle_function(HIP_DATA, HIP_STATE_NONE, &hip_send_r1, 1100); hip_register_handle_function(HIP_I2, HIP_STATE_UNASSOCIATED, &hip_handle_i2, 1000); + hip_register_handle_function(HIP_I2, HIP_STATE_UNASSOCIATED, &hip_send_r2, 1100); hip_register_handle_function(HIP_I2, HIP_STATE_I1_SENT, &hip_handle_i2, 1000); + hip_register_handle_function(HIP_I2, HIP_STATE_I1_SENT, &hip_send_r2, 1100); hip_register_handle_function(HIP_I2, HIP_STATE_I2_SENT, &hip_handle_i2, 1000); + hip_register_handle_function(HIP_I2, HIP_STATE_I2_SENT, &hip_send_r2, 1100); hip_register_handle_function(HIP_I2, HIP_STATE_R2_SENT, &hip_handle_i2, 1000); + hip_register_handle_function(HIP_I2, HIP_STATE_R2_SENT, &hip_send_r2, 1100); hip_register_handle_function(HIP_I2, HIP_STATE_ESTABLISHED, &hip_handle_i2, 1000); + hip_register_handle_function(HIP_I2, HIP_STATE_ESTABLISHED, &hip_send_r2, 1100); hip_register_handle_function(HIP_I2, HIP_STATE_CLOSING, &hip_handle_i2, 1000); + hip_register_handle_function(HIP_I2, HIP_STATE_CLOSING, &hip_send_r2, 1100); hip_register_handle_function(HIP_I2, HIP_STATE_CLOSED, &hip_handle_i2, 1000); + hip_register_handle_function(HIP_I2, HIP_STATE_CLOSED, &hip_send_r2, 1100); hip_register_handle_function(HIP_I2, HIP_STATE_NONE, &hip_handle_i2, 1000); + hip_register_handle_function(HIP_I2, HIP_STATE_NONE, &hip_send_r2, 1100); hip_register_handle_function(HIP_R1, HIP_STATE_UNASSOCIATED, &hip_drop_packet, 1000); hip_register_handle_function(HIP_R1, HIP_STATE_I1_SENT, &hip_handle_r1, 1000); === modified file 'hipd/input.c' --- hipd/input.c 2010-03-04 15:12:47 +0000 +++ hipd/input.c 2010-03-05 09:51:49 +0000 @@ -550,10 +550,10 @@ goto out_err; } - ctx.msg = msg; + ctx.input_msg = msg; ctx.src_addr = src_addr; ctx.dst_addr = dst_addr; - ctx.msg_info = msg_info; + ctx.msg_ports = msg_info; if (ctx.hadb_entry) { state = ctx.hadb_entry->state; @@ -1107,13 +1107,13 @@ hip_oppipdb_delentry(&(packet_ctx->hadb_entry->peer_addr)); #endif - if (ipv6_addr_any(&(packet_ctx->msg)->hitr)) { + if (ipv6_addr_any(&(packet_ctx->input_msg)->hitr)) { HIP_DEBUG("Received NULL receiver HIT in R1. Not dropping\n"); } - HIP_IFEL(!hip_controls_sane(ntohs(packet_ctx->msg->control), mask), 0, + HIP_IFEL(!hip_controls_sane(ntohs(packet_ctx->input_msg->control), mask), 0, "Received illegal controls in R1: 0x%x Dropping\n", - ntohs(packet_ctx->msg->control)); + ntohs(packet_ctx->input_msg->control)); HIP_IFEL(!packet_ctx->hadb_entry, -EFAULT, "Received R1 with no local state. Dropping\n"); @@ -1133,7 +1133,7 @@ 0, 0, PEER_ADDR_STATE_ACTIVE, - packet_ctx->msg_info->src_port); + packet_ctx->msg_ports->src_port); } HIP_DEBUG("Received R1 in state %s\n", hip_state_str(ha_state)); @@ -1148,9 +1148,9 @@ HIP_IFEL(!(ctx = HIP_MALLOC(sizeof(struct hip_context), GFP_KERNEL)), -ENOMEM, "Could not allocate memory for context\n"); memset(ctx, 0, sizeof(struct hip_context)); - ctx->input = packet_ctx->msg; + ctx->input = packet_ctx->input_msg; - hip_relay_add_rvs_to_ha(packet_ctx->msg, packet_ctx->hadb_entry); + hip_relay_add_rvs_to_ha(packet_ctx->input_msg, packet_ctx->hadb_entry); /* According to the section 8.6 of the base draft, we must first check * signature. */ @@ -1159,7 +1159,7 @@ * verification must be delayed to the R2 */ /* Store the peer's public key to HA and validate it */ /** @todo Do not store the key if the verification fails. */ - HIP_IFEL(!(peer_host_id = hip_get_param(packet_ctx->msg, HIP_PARAM_HOST_ID)), + HIP_IFEL(!(peer_host_id = hip_get_param(packet_ctx->input_msg, HIP_PARAM_HOST_ID)), -ENOENT, "No HOST_ID found in R1\n"); //copy hostname to hadb entry if local copy is empty if (strlen((char *) (packet_ctx->hadb_entry->peer_hostname)) == 0) { @@ -1167,14 +1167,14 @@ hip_get_param_host_id_hostname(peer_host_id), HIP_HOST_ID_HOSTNAME_LEN_MAX - 1); } - HIP_IFE(hip_init_peer(packet_ctx->hadb_entry, packet_ctx->msg, peer_host_id), -EINVAL); + HIP_IFE(hip_init_peer(packet_ctx->hadb_entry, packet_ctx->input_msg, peer_host_id), -EINVAL); #ifdef CONFIG_HIP_PERFORMANCE HIP_DEBUG("Start PERF_VERIFY\n"); hip_perf_start_benchmark(perf_set, PERF_VERIFY); #endif HIP_IFEL(packet_ctx->hadb_entry->verify(packet_ctx->hadb_entry->peer_pub_key, - packet_ctx->msg), + packet_ctx->input_msg), -EINVAL, "Verification of R1 signature failed\n"); #ifdef CONFIG_HIP_PERFORMANCE @@ -1186,7 +1186,7 @@ * the peer is behind NAT. We set NAT mode "on" and set the send function to * "hip_send_udp". The client UDP port is not stored until the handling * of R2 packet. Don't know if the entry is already locked... */ - if (packet_ctx->msg_info->dst_port != 0) { + if (packet_ctx->msg_ports->dst_port != 0) { HIP_LOCK_HA(packet_ctx->hadb_entry); if (packet_ctx->hadb_entry->nat_mode == HIP_NAT_MODE_NONE) { packet_ctx->hadb_entry->nat_mode = HIP_NAT_MODE_PLAIN_UDP; @@ -1197,13 +1197,13 @@ } /***** LOCATOR PARAMETER ******/ - locator = (struct hip_locator *) hip_get_param(packet_ctx->msg, HIP_PARAM_LOCATOR); + locator = (struct hip_locator *) hip_get_param(packet_ctx->input_msg, HIP_PARAM_LOCATOR); if (locator) { err = handle_locator(locator, packet_ctx->src_addr, packet_ctx->dst_addr, packet_ctx->hadb_entry, - packet_ctx->msg_info); + packet_ctx->msg_ports); } else { HIP_DEBUG("R1 did not have locator\n"); } @@ -1212,7 +1212,7 @@ /* We have problems with creating precreated R1s in reasonable * fashion... so we don't mind about generations. */ - r1cntr = hip_get_param(packet_ctx->msg, HIP_PARAM_R1_COUNTER); + r1cntr = hip_get_param(packet_ctx->input_msg, HIP_PARAM_R1_COUNTER); /* Do control bit stuff here... */ @@ -1229,9 +1229,9 @@ if (!retransmission) { struct hip_puzzle *pz = NULL; - HIP_IFEL(!(pz = hip_get_param(packet_ctx->msg, HIP_PARAM_PUZZLE)), -EINVAL, + HIP_IFEL(!(pz = hip_get_param(packet_ctx->input_msg, HIP_PARAM_PUZZLE)), -EINVAL, "Malformed R1 packet. PUZZLE parameter missing\n"); - HIP_IFEL((solved_puzzle = hip_solve_puzzle(pz, packet_ctx->msg, HIP_SOLVE_PUZZLE)) == 0, + HIP_IFEL((solved_puzzle = hip_solve_puzzle(pz, packet_ctx->input_msg, HIP_SOLVE_PUZZLE)) == 0, -EINVAL, "Solving of puzzle failed\n"); I = pz->I; packet_ctx->hadb_entry->puzzle_solution = solved_puzzle; @@ -1245,7 +1245,7 @@ ctx->dh_shared_key = NULL; /* note: we could skip keying material generation in the case * of a retransmission but then we'd had to fill ctx->hmac etc */ - HIP_IFEL(hip_produce_keying_material(packet_ctx->msg, + HIP_IFEL(hip_produce_keying_material(packet_ctx->input_msg, ctx, I, solved_puzzle, @@ -1275,7 +1275,7 @@ packet_ctx->src_addr, packet_ctx->dst_addr, packet_ctx->hadb_entry, - packet_ctx->msg_info, + packet_ctx->msg_ports, dhpv); HIP_IFEL(err < 0, -1, "Creation of I2 failed\n"); @@ -1300,6 +1300,27 @@ } /** + * + */ +int hip_handle_i2_in_i2_sent(const uint32_t packet_type, + const uint32_t ha_state, + struct hip_packet_context *ctx) +{ + int err = 0; + + HIP_IFEL(ctx->drop_packet, + -1, + "Abort packet processing.\n") + + if (hip_hit_is_bigger(&ctx->hadb_entry->hit_peer, + &ctx->hadb_entry->hit_our)) { + ctx->drop_packet = 1; + } +out_err: + return err; +} + +/** * Handles an incoming I2 packet. * * This function is the actual point from where the processing of I2 is started @@ -1354,33 +1375,18 @@ hip_perf_start_benchmark(perf_set, PERF_I2); #endif - HIP_IFEL(ipv6_addr_any(&(ctx->msg)->hitr), + HIP_IFEL(ipv6_addr_any(&(ctx->input_msg)->hitr), 0, "Received NULL receiver HIT in I2. Dropping\n"); - HIP_IFEL(!hip_controls_sane(ntohs(ctx->msg->control), mask), + HIP_IFEL(!hip_controls_sane(ntohs(ctx->input_msg->control), mask), 0, "Received illegal controls in I2: 0x%x. Dropping\n", - ntohs(ctx->msg->control)); + ntohs(ctx->input_msg->control)); HIP_DEBUG("Received I2 in state %s\n", hip_state_str(ha_state)); - - /* - case HIP_STATE_I2_SENT: - if (ctx->hadb_entry->is_loopback) { - err = hip_handle_i2(ctx); - } else if (hip_hit_is_bigger(&(ctx->hadb_entry)->hit_our, - &(ctx->hadb_entry)->hit_peer)) { - HIP_IFEL(hip_receive_i2(ctx), - -ENOSYS, - "Dropping HIP packet.\n"); - } - break; - */ - - HIP_INFO("Received I2 from:\n"); - HIP_INFO_HIT("Source HIT:", &(ctx->msg)->hits); + HIP_INFO_HIT("Source HIT:", &(ctx->input_msg)->hits); HIP_INFO_IN6ADDR("Source IP: ", ctx->src_addr); /* The context structure is used to gather the context created from @@ -1394,12 +1400,12 @@ /* Store a pointer to the incoming i2 message in the context just * allocted. From the context struct we can then access the I2 in * hip_send_r2() later. */ - i2_context.input = ctx->msg; + i2_context.input = ctx->input_msg; /* Check that the Responder's HIT is one of ours. According to RFC5201, * this MUST be done. This check was added by Lauri on 01.08.2008. * Note that this condition is not satisfied at the HIP relay server */ - if (!hip_hidb_hit_is_our(&(ctx->msg)->hitr)) { + if (!hip_hidb_hit_is_our(&(ctx->input_msg)->hitr)) { err = -EPROTO; HIP_ERROR("Responder's HIT in the received I2 packet does not" \ " correspond to one of our own HITs. Dropping I2" \ @@ -1408,7 +1414,7 @@ } /* Fetch the R1_COUNTER parameter. */ - r1cntr = hip_get_param(ctx->msg, HIP_PARAM_R1_COUNTER); + r1cntr = hip_get_param(ctx->input_msg, HIP_PARAM_R1_COUNTER); /* Here we should check the 'system boot counter' using the R1_COUNTER * parameter. However, our precreated R1 packets do not support system @@ -1426,7 +1432,7 @@ HIP_DEBUG_HIT("i2_saddr", ctx->src_addr); HIP_DEBUG_HIT("i2_daddr", ctx->dst_addr); - HIP_IFEL(hip_verify_cookie(ctx->src_addr, ctx->dst_addr, ctx->msg, solution), + HIP_IFEL(hip_verify_cookie(ctx->src_addr, ctx->dst_addr, ctx->input_msg, solution), -EPROTO, "Cookie solution rejected. Dropping the I2 packet.\n"); @@ -1456,20 +1462,20 @@ /* Verify HMAC. */ - if (hip_hidb_hit_is_our(&(ctx->msg)->hits) && - hip_hidb_hit_is_our(&(ctx->msg)->hitr)) + if (hip_hidb_hit_is_our(&(ctx->input_msg)->hits) && + hip_hidb_hit_is_our(&(ctx->input_msg)->hitr)) { is_loopback = 1; - HIP_IFEL(hip_verify_packet_hmac(ctx->msg, &i2_context.hip_hmac_out), + HIP_IFEL(hip_verify_packet_hmac(ctx->input_msg, &i2_context.hip_hmac_out), -EPROTO, "HMAC loopback validation on I2 failed. " \ "Dropping the I2 packet.\n"); } else { - HIP_IFEL(hip_verify_packet_hmac(ctx->msg, &i2_context.hip_hmac_in), + HIP_IFEL(hip_verify_packet_hmac(ctx->input_msg, &i2_context.hip_hmac_in), -EPROTO, "HMAC validation on I2 failed. Dropping the" \ " I2 packet.\n"); } - hip_transform = hip_get_param(ctx->msg, HIP_PARAM_HIP_TRANSFORM); + hip_transform = hip_get_param(ctx->input_msg, HIP_PARAM_HIP_TRANSFORM); if (hip_transform == NULL) { err = -ENODATA; HIP_ERROR("HIP_TRANSFORM parameter missing from I2 packet. " \ @@ -1486,10 +1492,10 @@ /* Decrypt the HOST_ID and verify it against the sender HIT. */ /* @todo: the HOST_ID can be in the packet in plain text */ - enc = hip_get_param(ctx->msg, HIP_PARAM_ENCRYPTED); + enc = hip_get_param(ctx->input_msg, HIP_PARAM_ENCRYPTED); if (enc == NULL) { HIP_DEBUG("ENCRYPTED parameter missing from I2 packet\n"); - host_id_in_enc = hip_get_param(ctx->msg, HIP_PARAM_HOST_ID); + host_id_in_enc = hip_get_param(ctx->input_msg, HIP_PARAM_HOST_ID); HIP_IFEL(!host_id_in_enc, -1, "No host id in i2"); host_id_found = 1; } else { @@ -1650,9 +1656,9 @@ * association will not, however, have the I2 destination HIT as * source, but one that is calculated using the Host Identity * that we have dug out. */ - ipv6_addr_copy(&(ctx->hadb_entry)->hit_peer, &(ctx->msg)->hits); + ipv6_addr_copy(&(ctx->hadb_entry)->hit_peer, &(ctx->input_msg)->hits); HIP_DEBUG("Initializing the HIP association.\n"); - hip_init_us(ctx->hadb_entry, &ctx->msg->hitr); + hip_init_us(ctx->hadb_entry, &ctx->input_msg->hitr); HIP_DEBUG("Inserting the new HIP association in the HIP " \ "association database.\n"); /* Should we handle the case where the insertion fails? */ @@ -1686,19 +1692,19 @@ /* If there was already state, these may be uninitialized */ ctx->hadb_entry->hip_transform = hip_tfm; if (!ctx->hadb_entry->our_pub) { - hip_init_us(ctx->hadb_entry, &ctx->msg->hitr); + hip_init_us(ctx->hadb_entry, &ctx->input_msg->hitr); } /* If the incoming I2 packet has hip_get_nat_udp_port() as destination port, NAT * mode is set on for the host association, I2 source port is * stored as the peer UDP port and send function is set to * "hip_send_pkt()". Note that we must store the port not until * here, since the source port can be different for I1 and I2. */ - if (ctx->msg_info->dst_port != 0) { + if (ctx->msg_ports->dst_port != 0) { if (ctx->hadb_entry->nat_mode == 0) { ctx->hadb_entry->nat_mode = HIP_NAT_MODE_PLAIN_UDP; } - ctx->hadb_entry->local_udp_port = ctx->msg_info->dst_port; - ctx->hadb_entry->peer_udp_port = ctx->msg_info->src_port; + ctx->hadb_entry->local_udp_port = ctx->msg_ports->dst_port; + ctx->hadb_entry->peer_udp_port = ctx->msg_ports->src_port; HIP_DEBUG("Setting send func to UDP for entry %p from I2 info.\n", ctx->hadb_entry); /* @todo Is this function set needed ? */ @@ -1711,7 +1717,7 @@ * or it should be cancelled. */ /* Store peer's public key and HIT to HA */ - HIP_IFE(hip_init_peer(ctx->hadb_entry, ctx->msg, host_id_in_enc), -EINVAL); + HIP_IFE(hip_init_peer(ctx->hadb_entry, ctx->input_msg, host_id_in_enc), -EINVAL); /* Validate signature */ #ifdef CONFIG_HIP_PERFORMANCE @@ -1742,7 +1748,7 @@ if (r1cntr) { ctx->hadb_entry->birthday = r1cntr->generation; } - ctx->hadb_entry->peer_controls |= ntohs(ctx->msg->control); + ctx->hadb_entry->peer_controls |= ntohs(ctx->input_msg->control); /* move this below setup_sa */ memset(&spi_out_data, 0, sizeof(struct hip_spi_out_item)); @@ -1761,14 +1767,14 @@ 0, 0, PEER_ADDR_STATE_ACTIVE, - ctx->msg_info->src_port), + ctx->msg_ports->src_port), -1, "Error while adding the preferred peer address\n"); HIP_DEBUG("retransmission: %s\n", (retransmission ? "yes" : "no")); HIP_DEBUG("src %d, dst %d\n", - ctx->msg_info->src_port, - ctx->msg_info->dst_port); + ctx->msg_ports->src_port, + ctx->msg_ports->dst_port); /********** ESP-PROT anchor [OPTIONAL] **********/ @@ -1847,7 +1853,7 @@ #ifdef CONFIG_HIP_RVS ipv6_addr_copy(&dest, &in6addr_any); if (hip_relay_get_status() == HIP_RELAY_OFF) { - ctx->hadb_entry->state = hip_relay_handle_relay_from(ctx->msg, + ctx->hadb_entry->state = hip_relay_handle_relay_from(ctx->input_msg, ctx->src_addr, &dest, &dest_port); @@ -1858,27 +1864,8 @@ } #endif - /* Note that we haven't handled the REG_REQUEST yet. This is because we - * must create an REG_RESPONSE parameter into the R2 packet based on the - * REG_REQUEST parameter. We handle the REG_REQUEST parameter in - * hip_send_r2() - although that is somewhat illogical. - * -Lauri 06.05.2008 */ - - /* Create an R2 packet in response. */ - HIP_IFEL(hip_send_r2(&i2_context, - ctx->src_addr, - ctx->dst_addr, - ctx->hadb_entry, - ctx->msg_info, - &dest, - dest_port), - -1, - "Creation of R2 failed\n"); - - /** @todo Should wait for ESP here or wait for implementation specific * time. */ - /* As for the above todo item: * * Where is it said that we should wait for ESP or implementation @@ -1899,12 +1886,11 @@ */ /***** LOCATOR PARAMETER *****/ - locator = (struct hip_locator *) hip_get_param(ctx->msg, HIP_PARAM_LOCATOR); + locator = (struct hip_locator *) hip_get_param(ctx->input_msg, HIP_PARAM_LOCATOR); if (locator) { HIP_DEBUG("Locator parameter support in BEX is not implemented!\n"); } -//end add #ifdef CONFIG_HIP_PERFORMANCE HIP_DEBUG("Stop and write PERF_BASE\n"); hip_perf_stop_benchmark(perf_set, PERF_BASE); @@ -1917,26 +1903,12 @@ memset(ctx->hadb_entry->hip_msg_retrans.buf, 0, HIP_MAX_NETWORK_PACKET); } out_err: - /* 'ha' is not NULL if hip_receive_i2() fetched the HA for us. In that - * case we must not release our reference to it. Otherwise, if 'ha' is - * NULL, then we created the HIP HA in this function and we should free - * the reference. */ - /* 'ctx->hadb_entry' cannot be NULL here anymore since it has been used in this - * function directly without NULL check. -Lauri. */ - - /* hip_put_ha(ctx->hadb_entry); */ - if (tmp_enc != NULL) { free(tmp_enc); } if (i2_context.dh_shared_key != NULL) { free(i2_context.dh_shared_key); } -#ifdef CONFIG_HIP_PERFORMANCE - HIP_DEBUG("Stop and write PERF_I2\n"); - hip_perf_stop_benchmark(perf_set, PERF_I2); - hip_perf_write_benchmark(perf_set, PERF_I2); -#endif return err; } @@ -1958,7 +1930,6 @@ int err = 0, tfm = 0, retransmission = 0, idx = 0; uint16_t mask = 0; uint32_t spi_recvd = 0, spi_in = 0; - struct hip_context *ctx = NULL; struct hip_esp_info *esp_info = NULL; struct hip_locator *locator = NULL; struct hip_spi_out_item spi_out_data; @@ -1967,22 +1938,22 @@ hip_perf_start_benchmark(perf_set, PERF_R2); #endif - HIP_IFEL(ipv6_addr_any(&(packet_ctx->msg)->hitr), -1, + HIP_IFEL(ipv6_addr_any(&(packet_ctx->input_msg)->hitr), -1, "Received NULL receiver HIT in R2. Dropping\n"); - HIP_IFEL(!hip_controls_sane(ntohs(packet_ctx->msg->control), mask), + HIP_IFEL(!hip_controls_sane(ntohs(packet_ctx->input_msg->control), mask), -1, "Received illegal controls in R2: 0x%x. Dropping\n", - ntohs(packet_ctx->msg->control)); + ntohs(packet_ctx->input_msg->control)); HIP_IFEL(!packet_ctx->hadb_entry, -1, "No entry in host association database when receiving R2." \ "Dropping.\n"); /* if the NAT mode is used, update the port numbers of the host association */ - if (packet_ctx->msg_info->dst_port == hip_get_local_nat_udp_port()) { - packet_ctx->hadb_entry->local_udp_port = packet_ctx->msg_info->dst_port; - packet_ctx->hadb_entry->peer_udp_port = packet_ctx->msg_info->src_port; + if (packet_ctx->msg_ports->dst_port == hip_get_local_nat_udp_port()) { + packet_ctx->hadb_entry->local_udp_port = packet_ctx->msg_ports->dst_port; + packet_ctx->hadb_entry->peer_udp_port = packet_ctx->msg_ports->src_port; } HIP_DEBUG("Received R2 in state %s\n", hip_state_str(ha_state)); @@ -2000,21 +1971,16 @@ HIP_DEBUG("Not a retransmission\n"); } - /* assume already locked entry */ - HIP_IFE(!(ctx = HIP_MALLOC(sizeof(struct hip_context), GFP_ATOMIC)), -ENOMEM); - memset(ctx, 0, sizeof(struct hip_context)); - ctx->input = packet_ctx->msg; - /* Verify HMAC */ if (packet_ctx->hadb_entry->is_loopback) { - HIP_IFEL(hip_verify_packet_hmac2(packet_ctx->msg, - &(packet_ctx->hadb_entry)->hip_hmac_out, + HIP_IFEL(hip_verify_packet_hmac2(packet_ctx->input_msg, + &packet_ctx->hadb_entry->hip_hmac_out, packet_ctx->hadb_entry->peer_pub), -1, "HMAC validation on R2 failed.\n"); } else { - HIP_IFEL(hip_verify_packet_hmac2(packet_ctx->msg, - &(packet_ctx->hadb_entry)->hip_hmac_in, + HIP_IFEL(hip_verify_packet_hmac2(packet_ctx->input_msg, + &packet_ctx->hadb_entry->hip_hmac_in, packet_ctx->hadb_entry->peer_pub), -1, "HMAC validation on R2 failed.\n"); @@ -2026,7 +1992,7 @@ hip_perf_start_benchmark(perf_set, PERF_VERIFY); #endif HIP_IFEL(packet_ctx->hadb_entry->verify(packet_ctx->hadb_entry->peer_pub_key, - packet_ctx->msg), + packet_ctx->input_msg), -EINVAL, "R2 signature verification failed.\n"); #ifdef CONFIG_HIP_PERFORMANCE @@ -2035,7 +2001,7 @@ #endif /* The rest */ - HIP_IFEL(!(esp_info = hip_get_param(packet_ctx->msg, HIP_PARAM_ESP_INFO)), + HIP_IFEL(!(esp_info = hip_get_param(packet_ctx->input_msg, HIP_PARAM_ESP_INFO)), -EINVAL, "Parameter SPI not found.\n"); @@ -2050,8 +2016,6 @@ packet_ctx->hadb_entry->spi_outbound_new = spi_recvd; HIP_DEBUG("Set default SPI out = 0x%x\n", spi_recvd); - memcpy(&ctx->esp_out, &(packet_ctx->hadb_entry)->esp_out, sizeof(ctx->esp_out)); - memcpy(&ctx->auth_out, &(packet_ctx->hadb_entry)->auth_out, sizeof(ctx->auth_out)); HIP_DEBUG("entry should have only one spi_in now, test\n"); spi_in = packet_ctx->hadb_entry->spi_inbound_current; @@ -2061,14 +2025,16 @@ HIP_DEBUG("esp_transform: %i\n", tfm); HIP_DEBUG("R2 packet source port: %d, destination port %d.\n", - packet_ctx->msg_info->src_port, packet_ctx->msg_info->dst_port); + packet_ctx->msg_ports->src_port, packet_ctx->msg_ports->dst_port); /********** ESP-PROT anchor [OPTIONAL] **********/ - HIP_IFEL(esp_prot_r2_handle_anchor(packet_ctx->hadb_entry, ctx), -1, + HIP_IFEL(esp_prot_r2_handle_anchor(packet_ctx->hadb_entry, + packet_ctx->input_msg), + -1, "failed to handle esp prot anchor\n"); /***** LOCATOR PARAMETER *****/ - locator = (struct hip_locator *) hip_get_param(packet_ctx->msg, HIP_PARAM_LOCATOR); + locator = (struct hip_locator *) hip_get_param(packet_ctx->input_msg, HIP_PARAM_LOCATOR); if (locator) { HIP_DEBUG("Locator parameter support in BEX is not implemented!\n"); } @@ -2079,8 +2045,8 @@ HIP_DEBUG_HIT("hit peer", &(packet_ctx->hadb_entry)->hit_peer); HIP_IFEL(hip_add_sa(packet_ctx->src_addr, packet_ctx->dst_addr, - &ctx->input->hits, - &ctx->input->hitr, + &packet_ctx->input_msg->hits, + &packet_ctx->input_msg->hitr, spi_in, tfm, &(packet_ctx->hadb_entry)->esp_in, @@ -2094,12 +2060,12 @@ HIP_IFEL(hip_add_sa(packet_ctx->dst_addr, packet_ctx->src_addr, - &ctx->input->hitr, - &ctx->input->hits, + &packet_ctx->input_msg->hitr, + &packet_ctx->input_msg->hits, spi_recvd, tfm, - &ctx->esp_out, - &ctx->auth_out, + &packet_ctx->hadb_entry->esp_out, + &packet_ctx->hadb_entry->auth_out, 0, HIP_SPI_DIRECTION_OUT, 0, @@ -2127,10 +2093,10 @@ hip_copy_peer_addrlist_changed(packet_ctx->hadb_entry); /* Handle REG_RESPONSE and REG_FAILED parameters. */ - hip_handle_param_reg_response(packet_ctx->hadb_entry, packet_ctx->msg); - hip_handle_param_reg_failed(packet_ctx->hadb_entry, packet_ctx->msg); + hip_handle_param_reg_response(packet_ctx->hadb_entry, packet_ctx->input_msg); + hip_handle_param_reg_failed(packet_ctx->hadb_entry, packet_ctx->input_msg); - hip_handle_reg_from(packet_ctx->hadb_entry, packet_ctx->msg); + hip_handle_reg_from(packet_ctx->hadb_entry, packet_ctx->input_msg); /* These will change SAs' state from ACQUIRE to VALID, and wake up any * transport sockets waiting for a SA. */ @@ -2179,9 +2145,6 @@ NULL); } - if (ctx) { - HIP_FREE(ctx); - } #ifdef CONFIG_HIP_PERFORMANCE HIP_DEBUG("Stop and write PERF_R2\n"); hip_perf_stop_benchmark(perf_set, PERF_R2); @@ -2241,13 +2204,13 @@ #endif int err = 0, mask = 0, src_hit_is_our; - HIP_ASSERT(!ipv6_addr_any(&(ctx->msg)->hitr)); + HIP_ASSERT(!ipv6_addr_any(&(ctx->input_msg)->hitr)); /* In some environments, a copy of broadcast our own I1 packets * arrive at the local host too. The following variable handles * that special case. Since we are using source HIT (and not * destination) it should handle also opportunistic I1 broadcast */ - src_hit_is_our = hip_hidb_hit_is_our(&(ctx->msg)->hits); + src_hit_is_our = hip_hidb_hit_is_our(&(ctx->input_msg)->hits); /* check i1 for broadcast/multicast addresses */ if (IN6_IS_ADDR_V4MAPPED(ctx->dst_addr)) { @@ -2278,13 +2241,13 @@ "Could not find source address\n"); } - HIP_IFEBL2(!hip_controls_sane(ntohs(ctx->msg->control), mask), + HIP_IFEBL2(!hip_controls_sane(ntohs(ctx->input_msg->control), mask), -1, ctx->drop_packet = 1, "Received illegal controls in I1: 0x%x. Dropping\n", - ntohs(ctx->msg->control)); + ntohs(ctx->input_msg->control)); - HIP_INFO_HIT("I1 Source HIT:", &(ctx->msg)->hits); + HIP_INFO_HIT("I1 Source HIT:", &(ctx->input_msg)->hits); HIP_INFO_IN6ADDR("I1 Source IP :", ctx->src_addr); /** @@ -2336,7 +2299,7 @@ "Received a NOTIFY packet from an unknown sender, ignoring " \ "the packet.\n"); - notify_controls = ntohs(ctx->msg->control); + notify_controls = ntohs(ctx->input_msg->control); HIP_IFEL(!hip_controls_sane(notify_controls, mask), -EPROTO, "Received a NOTIFY packet with illegal controls: 0x%x, ignoring " \ @@ -2344,7 +2307,7 @@ /* Loop through all the parameters in the received packet. */ while ((current_param = - hip_get_next_param(ctx->msg, current_param)) != NULL) { + hip_get_next_param(ctx->input_msg, current_param)) != NULL) { param_type = hip_get_param_type(current_param); if (param_type == HIP_PARAM_NOTIFICATION) { === modified file 'hipd/input.h' --- hipd/input.h 2010-03-04 14:23:17 +0000 +++ hipd/input.h 2010-03-05 09:51:49 +0000 @@ -97,6 +97,14 @@ const uint32_t ha_state, struct hip_packet_context *ctx); +int hip_handle_i2_in_i2_sent(const uint32_t packet_type, + const uint32_t ha_state, + struct hip_packet_context *ctx); + +int hip_handle_i2(const uint32_t packet_type, + const uint32_t ha_state, + struct hip_packet_context *ctx); + int hip_handle_notify(const uint32_t packet_type, const uint32_t ha_state, struct hip_packet_context *ctx); @@ -105,10 +113,6 @@ const uint32_t ha_state, struct hip_packet_context *ctx); -int hip_handle_i2(const uint32_t packet_type, - const uint32_t ha_state, - struct hip_packet_context *ctx); - int hip_handle_r2(const uint32_t packet_type, const uint32_t ha_state, struct hip_packet_context *packet_ctx); === modified file 'hipd/output.c' --- hipd/output.c 2010-03-04 15:12:47 +0000 +++ hipd/output.c 2010-03-05 09:51:49 +0000 @@ -769,7 +769,7 @@ HIP_DEBUG("Param relay from\n"); //from relay r1_dst_addr = ctx->src_addr; - r1_dst_port = ctx->msg_info->src_port; + r1_dst_port = ctx->msg_ports->src_port; // I---> NAT--> RVS-->R is not supported yet /* * r1_dst_addr = dst_ip; @@ -779,7 +779,7 @@ HIP_DEBUG("Param from\n"); //from RVS, answer to I r1_dst_addr = &dst_ip; - if (ctx->msg_info->src_port) { + if (ctx->msg_ports->src_port) { // R and RVS is in the UDP mode or I send UDP to RVS with incoming port hip_get_peer_nat_udp_port() r1_dst_port = hip_get_peer_nat_udp_port(); } else { @@ -791,7 +791,7 @@ HIP_DEBUG("No RVS or relay\n"); /* no RVS or RELAY found; direct connection */ r1_dst_addr = ctx->src_addr; - r1_dst_port = ctx->msg_info->src_port; + r1_dst_port = ctx->msg_ports->src_port; } /* removed by santtu because relay supported @@ -801,7 +801,7 @@ #ifdef CONFIG_HIP_OPPORTUNISTIC /* It should not be null hit, null hit has been replaced by real local * hit. */ - HIP_ASSERT(!hit_is_opportunistic_hit(&ctx->msg->hitr)); + HIP_ASSERT(!hit_is_opportunistic_hit(&ctx->input_msg->hitr)); #endif /* Case: I ----->IPv4---> RVS ---IPv6---> R */ @@ -819,11 +819,11 @@ } HIP_IFEL(!(r1pkt = hip_get_r1(r1_dst_addr, ctx->dst_addr, - &ctx->msg->hitr, &ctx->msg->hits)), + &ctx->input_msg->hitr, &ctx->input_msg->hits)), -ENOENT, "No precreated R1\n"); - if (&ctx->msg->hits) { - ipv6_addr_copy(&r1pkt->hitr, &ctx->msg->hits); + if (&ctx->input_msg->hits) { + ipv6_addr_copy(&r1pkt->hitr, &ctx->input_msg->hits); } else { memset(&r1pkt->hitr, 0, sizeof(struct in6_addr)); } @@ -887,6 +887,12 @@ /** * Creates and transmits an R2 packet. * + * @note We haven't handled the REG_REQUEST in hip_handle_i2() yet. This is + * because we must create an REG_RESPONSE parameter into the R2 packet based + * on the REG_REQUEST parameter. We handle the REG_REQUEST parameter in + * hip_send_r2() - although that is somewhat illogical. + * -Lauri 06.05.2008 + * * @param ctx a pointer to the context of processed I2 packet. * @param i2_saddr a pointer to I2 packet source IP address. * @param i2_daddr a pointer to I2 packet destination IP address. @@ -895,60 +901,66 @@ * in use). * @return zero on success, negative otherwise. */ -int hip_send_r2(struct hip_context *ctx, in6_addr_t *i2_saddr, - in6_addr_t *i2_daddr, hip_ha_t *entry, - hip_portpair_t *i2_info, - in6_addr_t *dest, - const in_port_t dest_port) +int hip_send_r2(const uint32_t packet_type, + const uint32_t ha_state, + struct hip_packet_context *packet_ctx) { - hip_common_t *r2 = NULL, *i2 = NULL; struct hip_crypto_key hmac; int err = 0; uint16_t mask = 0; uint32_t spi_in = 0; - _HIP_DEBUG("hip_create_r2() invoked.\n"); - /* Assume already locked entry */ - i2 = ctx->input; + HIP_IFEL(packet_ctx->drop_packet, + -1, + "Abort packet processing and don't send R1 packet.\n") /* Build and send R2: IP ( HIP ( SPI, HMAC, HIP_SIGNATURE ) ) */ - HIP_IFEL(!(r2 = hip_msg_alloc()), -ENOMEM, "No memory for R2\n"); + HIP_IFEL(!(packet_ctx->output_msg = hip_msg_alloc()), -ENOMEM, "No memory for R2\n"); /* Just swap the addresses to use the I2's destination HIT as the R2's * source HIT. */ - hip_build_network_hdr(r2, HIP_R2, mask, &entry->hit_our, &entry->hit_peer); + hip_build_network_hdr(packet_ctx->output_msg, + HIP_R2, + mask, + &packet_ctx->hadb_entry->hit_our, + &packet_ctx->hadb_entry->hit_peer); - HIP_DUMP_MSG(r2); + HIP_DUMP_MSG(packet_ctx->output_msg); /* ESP_INFO */ - spi_in = entry->spi_inbound_current; - HIP_IFEL(hip_build_param_esp_info(r2, ctx->esp_keymat_index, 0, spi_in), - -1, "building of ESP_INFO failed.\n"); + spi_in = packet_ctx->hadb_entry->spi_inbound_current; + HIP_IFEL(hip_build_param_esp_info(packet_ctx->output_msg, + packet_ctx->hadb_entry->esp_keymat_index, + 0, + spi_in), + -1, + "building of ESP_INFO failed.\n"); /********** CHALLENGE_RESPONSE **********/ #ifdef CONFIG_HIP_MIDAUTH - /* TODO: no caching is done for PUZZLE_M parameters. This may be - * a DOS attack vector. + /** @todo no caching is done for PUZZLE_M parameters. This may be + * a DOS attack vector. */ - HIP_IFEL(hip_solve_puzzle_m(r2, ctx->input, entry), -1, + HIP_IFEL(hip_solve_puzzle_m(packet_ctx->output_msg, + packet_ctx->input_msg, + packet_ctx->hadb_entry), + -1, "Building of Challenge_Response failed\n"); char *midauth_cert = hip_pisa_get_certificate(); - HIP_IFEL(hip_build_param(r2, entry->our_pub), -1, + HIP_IFEL(hip_build_param(packet_ctx->output_msg, packet_ctx->hadb_entry->our_pub), -1, "Building of host id failed\n"); /* For now we just add some random data to see if it works */ - HIP_IFEL(hip_build_param_cert(r2, 1, 1, 1, 1, midauth_cert, strlen(midauth_cert)), - -1, - "Building of cert failed\n"); + HIP_IFEL(hip_build_param_cert(packet_ctx->output_msg, 1, 1, 1, 1, midauth_cert, strlen(midauth_cert)), + -1, + "Building of cert failed\n"); #endif /********** ESP-PROT anchor [OPTIONAL] **********/ - - HIP_IFEL(esp_prot_r2_add_anchor(r2, entry), -1, + HIP_IFEL(esp_prot_r2_add_anchor(packet_ctx->output_msg, packet_ctx->hadb_entry), -1, "failed to add esp protection anchor\n"); - /************************************************/ #if defined(CONFIG_HIP_RVS) @@ -958,28 +970,31 @@ */ /* Handle REG_REQUEST parameter. */ - hip_handle_param_reg_request(entry, i2, r2); + hip_handle_param_reg_request(packet_ctx->hadb_entry, packet_ctx->input_msg, packet_ctx->output_msg); #endif #if defined(CONFIG_HIP_RVS) if (hip_relay_get_status() != HIP_RELAY_OFF) { - hip_build_param_reg_from(r2, i2_saddr, i2_info->src_port); + hip_build_param_reg_from(packet_ctx->output_msg, packet_ctx->src_addr, packet_ctx->msg_ports->src_port); } #endif /* Create HMAC2 parameter. */ - if (entry->our_pub == NULL) { - HIP_DEBUG("entry->our_pub is NULL.\n"); + if (packet_ctx->hadb_entry->our_pub == NULL) { + HIP_DEBUG("packet_ctx->hadb_entry->our_pub is NULL.\n"); } else { - _HIP_HEXDUMP("Host ID for HMAC2", entry->our_pub, - hip_get_param_total_len(entry->our_pub)); + _HIP_HEXDUMP("Host ID for HMAC2", packet_ctx->hadb_entry->our_pub, + hip_get_param_total_len(packet_ctx->hadb_entry->our_pub)); } - memcpy(&hmac, &entry->hip_hmac_out, sizeof(hmac)); - HIP_IFEL(hip_build_param_hmac2_contents(r2, &hmac, entry->our_pub), -1, + memcpy(&hmac, &packet_ctx->hadb_entry->hip_hmac_out, sizeof(hmac)); + HIP_IFEL(hip_build_param_hmac2_contents(packet_ctx->output_msg, + &hmac, + packet_ctx->hadb_entry->our_pub), + -1, "Failed to build parameter HMAC2 contents.\n"); /* Why is err reset to zero? -Lauri 11.06.2008 */ @@ -987,46 +1002,42 @@ err = 0; } - HIP_IFEL(entry->sign(entry->our_priv_key, r2), -EINVAL, "Could not sign R2. Failing\n"); - -#ifdef CONFIG_HIP_RVS - if (!ipv6_addr_any(dest)) { - //if(hip_relay_get_status() == HIP_RELAY_ON) { - - HIP_INFO("create replay_to parameter in R2\n"); - hip_build_param_relay_to( - r2, dest, dest_port); - //} - } - -#endif - - err = hip_add_sa(i2_daddr, i2_saddr, - &ctx->input->hitr, &ctx->input->hits, - entry->spi_outbound_current, - entry->esp_transform, - &ctx->esp_out, &ctx->auth_out, - 1, HIP_SPI_DIRECTION_OUT, 0, entry); + HIP_IFEL(packet_ctx->hadb_entry->sign(packet_ctx->hadb_entry->our_priv_key, + packet_ctx->output_msg), + -EINVAL, + "Could not sign R2. Failing\n"); + + err = hip_add_sa(packet_ctx->dst_addr, + packet_ctx->src_addr, + &packet_ctx->input_msg->hitr, + &packet_ctx->input_msg->hits, + packet_ctx->hadb_entry->spi_outbound_current, + packet_ctx->hadb_entry->esp_transform, + &packet_ctx->hadb_entry->esp_out, + &packet_ctx->hadb_entry->auth_out, + 1, + HIP_SPI_DIRECTION_OUT, + 0, + packet_ctx->hadb_entry); if (err) { HIP_ERROR("Failed to setup outbound SA with SPI = %d.\n", - entry->spi_outbound_current); + packet_ctx->hadb_entry->spi_outbound_current); - /* delete all IPsec related SPD/SA for this entry*/ - hip_delete_security_associations_and_sp(entry); + /* delete all IPsec related SPD/SA for this packet_ctx->hadb_entry*/ + hip_delete_security_associations_and_sp(packet_ctx->hadb_entry); goto out_err; } - //end modify /* @todo Check if err = -EAGAIN... */ - HIP_DEBUG("Set up outbound IPsec SA, SPI=0x%x\n", entry->spi_outbound_new); -// end move + HIP_DEBUG("Set up outbound IPsec SA, SPI=0x%x\n", + packet_ctx->hadb_entry->spi_outbound_new); - err = hip_send_pkt(i2_daddr, - i2_saddr, - (entry->nat_mode ? hip_get_local_nat_udp_port() : 0), - entry->peer_udp_port, - r2, - entry, + err = hip_send_pkt(packet_ctx->dst_addr, + packet_ctx->src_addr, + (packet_ctx->hadb_entry->nat_mode ? hip_get_local_nat_udp_port() : 0), + packet_ctx->hadb_entry->peer_udp_port, + packet_ctx->output_msg, + packet_ctx->hadb_entry, 1); if (err == 1) { @@ -1036,17 +1047,22 @@ HIP_IFEL(err, -ECOMM, "Sending R2 packet failed.\n"); /* Send the first heartbeat. Notice that error value is ignored - * because we want to to complete the base exchange successfully */ - /* for ICE , we do not need it*/ + * because we want to to complete the base exchange successfully + */ if (hip_icmp_interval > 0) { _HIP_DEBUG("icmp sock %d\n", hip_icmp_sock); - hip_send_icmp(hip_icmp_sock, entry); + hip_send_icmp(hip_icmp_sock, packet_ctx->hadb_entry); } out_err: - if (r2 != NULL) { - free(r2); + if (packet_ctx->output_msg) { + free(packet_ctx->output_msg); } +#ifdef CONFIG_HIP_PERFORMANCE + HIP_DEBUG("Stop and write PERF_I2\n"); + hip_perf_stop_benchmark(perf_set, PERF_I2); + hip_perf_write_benchmark(perf_set, PERF_I2); +#endif return err; } === modified file 'hipd/output.h' --- hipd/output.h 2010-03-04 14:23:17 +0000 +++ hipd/output.h 2010-03-05 09:51:49 +0000 @@ -55,13 +55,9 @@ const uint32_t ha_state, struct hip_packet_context *ctx); -int hip_send_r2(struct hip_context *ctx, - in6_addr_t *i2_saddr, - in6_addr_t *i2_daddr, - hip_ha_t *entry, - hip_portpair_t *i2_info, - in6_addr_t *dest, - const in_port_t dest_port); +int hip_send_r2(const uint32_t packet_type, + const uint32_t ha_state, + struct hip_packet_context *packet_ctx); int hip_send_r2_response(struct hip_common *r2, struct in6_addr *r2_saddr, === modified file 'lib/core/protodefs.h' --- lib/core/protodefs.h 2010-03-04 15:01:46 +0000 +++ lib/core/protodefs.h 2010-03-05 09:51:49 +0000 @@ -1051,10 +1051,11 @@ * database entry and a flag indicating the packet handling should be aborted. */ struct hip_packet_context { - struct hip_common *msg; + struct hip_common *input_msg; + struct hip_common *output_msg; struct in6_addr *src_addr; struct in6_addr *dst_addr; - struct hip_stateless_info *msg_info; + struct hip_stateless_info *msg_ports; struct hip_hadb_state *hadb_entry; uint8_t drop_packet; }; === modified file 'lib/tool/pk.c' --- lib/tool/pk.c 2010-02-16 21:54:14 +0000 +++ lib/tool/pk.c 2010-03-05 09:51:49 +0000 @@ -54,6 +54,7 @@ HIP_IFEL(!RSA_sign(NID_sha1, sha1_digest, SHA_DIGEST_LENGTH, signature, &sig_len, rsa), -1, "Signing error\n"); + if (hip_get_msg_type(msg) == HIP_R1) { HIP_IFEL(hip_build_param_signature2_contents(msg, signature, len, HIP_SIG_RSA), === modified file 'modules/update/hipd/update.c' --- modules/update/hipd/update.c 2010-03-04 14:52:32 +0000 +++ modules/update/hipd/update.c 2010-03-05 09:51:49 +0000 @@ -730,7 +730,7 @@ * both an ACK and SEQ in the UPDATE, the ACK is first processed as * described in Section 6.12.2, and then the rest of the UPDATE is * processed as described in Section 6.12.1 */ - ack = hip_get_param(ctx->msg, HIP_PARAM_ACK); + ack = hip_get_param(ctx->input_msg, HIP_PARAM_ACK); if (ack != NULL) { ack_peer_update_id = ntohl(ack->peer_update_id); HIP_DEBUG("ACK parameter found with peer Update ID %u.\n", @@ -756,7 +756,7 @@ * 2nd case: If the association is in the ESTABLISHED state and the SEQ * (but not ACK) parameter is present, the UPDATE is processed and replied * to as described in Section 6.12.1. */ - seq = hip_get_param(ctx->msg, HIP_PARAM_SEQ); + seq = hip_get_param(ctx->input_msg, HIP_PARAM_SEQ); if (seq != NULL) { seq_update_id = ntohl(seq->update_id); HIP_DEBUG("SEQ parameter found with Update ID %u.\n", @@ -795,9 +795,9 @@ /* RFC 5201 Section 6.12.1 3th and 4th steps or * Section 6.12.2 2nd and 3th steps */ - HIP_IFE(hip_check_hmac_and_signature(ctx->msg, ctx->hadb_entry), -1); + HIP_IFE(hip_check_hmac_and_signature(ctx->input_msg, ctx->hadb_entry), -1); - esp_info = hip_get_param(ctx->msg, HIP_PARAM_ESP_INFO); + esp_info = hip_get_param(ctx->input_msg, HIP_PARAM_ESP_INFO); if (esp_info != NULL) { HIP_DEBUG("ESP INFO parameter found with new SPI %u.\n", ntohl(esp_info->new_spi)); @@ -812,16 +812,16 @@ } /* @todo: a workaround for bug id 944 */ - ctx->hadb_entry->peer_udp_port = ctx->msg_info->src_port; + ctx->hadb_entry->peer_udp_port = ctx->msg_ports->src_port; /* RFC 5206: End-Host Mobility and Multihoming. */ // 3.2.1. Mobility with a Single SA Pair (No Rekeying) - locator = hip_get_param(ctx->msg, HIP_PARAM_LOCATOR); - echo_request = hip_get_param(ctx->msg, HIP_PARAM_ECHO_REQUEST_SIGN); - echo_response = hip_get_param(ctx->msg, HIP_PARAM_ECHO_RESPONSE_SIGN); + locator = hip_get_param(ctx->input_msg, HIP_PARAM_LOCATOR); + echo_request = hip_get_param(ctx->input_msg, HIP_PARAM_ECHO_REQUEST_SIGN); + echo_response = hip_get_param(ctx->input_msg, HIP_PARAM_ECHO_RESPONSE_SIGN); if (locator != NULL) { - hip_handle_first_update_packet(ctx->msg, + hip_handle_first_update_packet(ctx->input_msg, ctx->hadb_entry, ctx->src_addr); @@ -835,14 +835,14 @@ // We handle ECHO_REQUEST by sending an update packet // with reversed source and destination address. - hip_handle_second_update_packet(ctx->msg, + hip_handle_second_update_packet(ctx->input_msg, ctx->hadb_entry, ctx->dst_addr, ctx->src_addr); goto out_err; } else if (echo_response != NULL) { - hip_handle_third_update_packet(ctx->msg, + hip_handle_third_update_packet(ctx->input_msg, ctx->hadb_entry, ctx->dst_addr, ctx->src_addr);