Committer: Rene Hummen <rene.hummen@xxxxxxxxxxxxxxxxx> Date: 29/03/2010 at 22:34:41 Revision: 4080 Revision-id: rene.hummen@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Branch nick: trunk Log: addresses are not pointers any further Modified: M firewall/esp_prot_fw_msg.c M firewall/user_ipsec_api.c M firewall/user_ipsec_esp.c M firewall/user_ipsec_sadb.c M firewall/user_ipsec_sadb.h === modified file 'firewall/esp_prot_fw_msg.c' --- firewall/esp_prot_fw_msg.c 2010-03-18 21:15:21 +0000 +++ firewall/esp_prot_fw_msg.c 2010-03-29 19:33:56 +0000 @@ -334,13 +334,13 @@ HIP_IFEL(hip_build_user_hdr(msg, HIP_MSG_TRIGGER_UPDATE, 0), -1, "build hdr failed\n"); - HIP_DEBUG_HIT("src_hit", entry->inner_src_addr); - HIP_IFEL(hip_build_param_contents(msg, (void *) entry->inner_src_addr, + HIP_DEBUG_HIT("src_hit", &entry->inner_src_addr); + HIP_IFEL(hip_build_param_contents(msg, (void *) &entry->inner_src_addr, HIP_PARAM_HIT, sizeof(struct in6_addr)), -1, "build param contents failed\n"); - HIP_DEBUG_HIT("dst_hit", entry->inner_dst_addr); - HIP_IFEL(hip_build_param_contents(msg, (void *) entry->inner_dst_addr, + HIP_DEBUG_HIT("dst_hit", &entry->inner_dst_addr); + HIP_IFEL(hip_build_param_contents(msg, (void *) &entry->inner_dst_addr, HIP_PARAM_HIT, sizeof(struct in6_addr)), -1, "build param contents failed\n"); @@ -499,13 +499,13 @@ HIP_IFEL(hip_build_user_hdr(msg, HIP_MSG_ANCHOR_CHANGE, 0), -1, "build hdr failed\n"); - HIP_DEBUG_HIT("src_hit", entry->inner_src_addr); - HIP_IFEL(hip_build_param_contents(msg, (void *) entry->inner_src_addr, + HIP_DEBUG_HIT("src_hit", &entry->inner_src_addr); + HIP_IFEL(hip_build_param_contents(msg, (void *) &entry->inner_src_addr, HIP_PARAM_HIT, sizeof(struct in6_addr)), -1, "build param contents failed\n"); - HIP_DEBUG_HIT("dst_hit", entry->inner_dst_addr); - HIP_IFEL(hip_build_param_contents(msg, (void *) entry->inner_dst_addr, + HIP_DEBUG_HIT("dst_hit", &entry->inner_dst_addr); + HIP_IFEL(hip_build_param_contents(msg, (void *) &entry->inner_dst_addr, HIP_PARAM_HIT, sizeof(struct in6_addr)), -1, "build param contents failed\n"); === modified file 'firewall/user_ipsec_api.c' --- firewall/user_ipsec_api.c 2010-03-29 13:57:13 +0000 +++ firewall/user_ipsec_api.c 2010-03-29 19:33:56 +0000 @@ -238,8 +238,8 @@ HIP_DEBUG("matching SA entry found\n"); /* get preferred routable addresses */ - memcpy(&preferred_local_addr, entry->src_addr, sizeof(struct in6_addr)); - memcpy(&preferred_peer_addr, entry->dst_addr, sizeof(struct in6_addr)); + memcpy(&preferred_local_addr, &entry->src_addr, sizeof(struct in6_addr)); + memcpy(&preferred_peer_addr, &entry->dst_addr, sizeof(struct in6_addr)); HIP_DEBUG_HIT("preferred_local_addr", &preferred_local_addr); HIP_DEBUG_HIT("preferred_peer_addr", &preferred_peer_addr); @@ -337,11 +337,8 @@ "no SA entry found for dst_addr and SPI\n"); HIP_DEBUG("matching SA entry found\n"); - // do a partial consistency check of the entry - HIP_ASSERT(entry->inner_src_addr && entry->inner_dst_addr); - - HIP_DEBUG_HIT("src hit: ", entry->inner_src_addr); - HIP_DEBUG_HIT("dst hit: ", entry->inner_dst_addr); + HIP_DEBUG_HIT("src hit: ", &entry->inner_src_addr); + HIP_DEBUG_HIT("dst hit: ", &entry->inner_dst_addr); // XX TODO implement check with seq window // check for correct SEQ no. @@ -354,7 +351,7 @@ "failed to recreate original packet\n"); // create sockaddr for sendto - hip_addr_to_sockaddr(entry->inner_dst_addr, &local_sockaddr); + hip_addr_to_sockaddr(&entry->inner_dst_addr, &local_sockaddr); // re-insert the original HIT-based (-> IPv6) packet into the network stack err = sendto(raw_sock_v6, decrypted_packet, decrypted_packet_len, 0, === modified file 'firewall/user_ipsec_esp.c' --- firewall/user_ipsec_esp.c 2010-03-29 13:57:13 +0000 +++ firewall/user_ipsec_esp.c 2010-03-29 19:33:56 +0000 @@ -306,8 +306,8 @@ *decrypted_packet_len += decrypted_data_len; // now we know the next_hdr and can set up the IPv6 header - add_ipv6_header((struct ip6_hdr *) decrypted_packet, entry->inner_src_addr, - entry->inner_dst_addr, *decrypted_packet_len, next_hdr); + add_ipv6_header((struct ip6_hdr *) decrypted_packet, &entry->inner_src_addr, + &entry->inner_dst_addr, *decrypted_packet_len, next_hdr); HIP_DEBUG("original packet length: %i \n", *decrypted_packet_len); === modified file 'firewall/user_ipsec_sadb.c' --- firewall/user_ipsec_sadb.c 2010-03-29 17:50:59 +0000 +++ firewall/user_ipsec_sadb.c 2010-03-29 19:33:56 +0000 @@ -53,10 +53,6 @@ unsigned char hash[INDEX_HASH_LENGTH]; int err = 0; - // values have to be present - HIP_ASSERT(sa_entry != NULL && sa_entry->inner_src_addr != NULL - && sa_entry->inner_dst_addr != NULL); - memset(&hash, 0, INDEX_HASH_LENGTH); if (sa_entry->mode == 3) { @@ -66,8 +62,8 @@ * NOTE: the HIT fields of an host association struct cannot be assumed to * be alligned consecutively. Therefore, we must copy them to a temporary * array. */ - memcpy(&addr_pair[0], sa_entry->inner_src_addr, sizeof(struct in6_addr)); - memcpy(&addr_pair[1], sa_entry->inner_dst_addr, sizeof(struct in6_addr)); + memcpy(&addr_pair[0], &sa_entry->inner_src_addr, sizeof(struct in6_addr)); + memcpy(&addr_pair[1], &sa_entry->inner_dst_addr, sizeof(struct in6_addr)); } else { HIP_ERROR("indexing for non-BEET-mode not implemented!\n"); @@ -106,10 +102,7 @@ unsigned long hash2 = 0; // values have to be present - HIP_ASSERT(sa_entry1 != NULL && sa_entry1->inner_src_addr != NULL - && sa_entry1->inner_dst_addr != NULL); - HIP_ASSERT(sa_entry2 != NULL && sa_entry2->inner_src_addr != NULL - && sa_entry2->inner_dst_addr != NULL); + HIP_ASSERT(sa_entry1 && sa_entry2); _HIP_DEBUG("calculating hash1:\n"); HIP_IFEL(!(hash1 = hip_sa_entry_hash(sa_entry1)), -1, @@ -437,11 +430,11 @@ entry->direction = direction; entry->spi = spi; entry->mode = mode; - memcpy(entry->src_addr, src_addr, sizeof(struct in6_addr)); - memcpy(entry->dst_addr, dst_addr, sizeof(struct in6_addr)); + memcpy(&entry->src_addr, src_addr, sizeof(struct in6_addr)); + memcpy(&entry->dst_addr, dst_addr, sizeof(struct in6_addr)); if (entry->mode == 3) { - memcpy(entry->inner_src_addr, inner_src_addr, sizeof(struct in6_addr)); - memcpy(entry->inner_dst_addr, inner_dst_addr, sizeof(struct in6_addr)); + memcpy(&entry->inner_src_addr, inner_src_addr, sizeof(struct in6_addr)); + memcpy(&entry->inner_dst_addr, inner_dst_addr, sizeof(struct in6_addr)); } entry->encap_mode = encap_mode; entry->src_port = src_port; @@ -595,7 +588,7 @@ * * XX TODO more efficient to delete entries in inbound db for all (addr, oldspi) * or just those with (oldaddr, spi) */ - HIP_IFEL(hip_link_entry_delete(stored_entry->dst_addr, stored_entry->spi), + HIP_IFEL(hip_link_entry_delete(&stored_entry->dst_addr, stored_entry->spi), -1, "failed to remove links\n"); /* change members of entry in sadb and add new links */ @@ -607,7 +600,7 @@ esp_prot_anchors, update), -1, "failed to update the entry members\n"); - HIP_IFEL(hip_link_entry_add(stored_entry->dst_addr, stored_entry), -1, + HIP_IFEL(hip_link_entry_add(&stored_entry->dst_addr, stored_entry), -1, "failed to add links\n"); HIP_DEBUG("sa entry updated\n"); @@ -624,18 +617,6 @@ static void hip_sa_entry_free(hip_sa_entry_t *entry) { if (entry) { - if (entry->src_addr) { - free(entry->src_addr); - } - if (entry->dst_addr) { - free(entry->dst_addr); - } - if (entry->inner_src_addr) { - free(entry->inner_src_addr); - } - if (entry->inner_dst_addr) { - free(entry->inner_dst_addr); - } if (entry->auth_key) { free(entry->auth_key); } @@ -690,19 +671,6 @@ "failed to allocate memory\n"); memset(entry, 0, sizeof(hip_sa_entry_t)); - HIP_IFEL(!(entry->src_addr = (struct in6_addr *) malloc(sizeof(struct in6_addr))), -1, - "failed to allocate memory\n"); - memset(entry->src_addr, 0, sizeof(struct in6_addr)); - HIP_IFEL(!(entry->dst_addr = (struct in6_addr *) malloc(sizeof(struct in6_addr))), -1, - "failed to allocate memory\n"); - memset(entry->dst_addr, 0, sizeof(struct in6_addr)); - HIP_IFEL(!(entry->inner_src_addr = (struct in6_addr *) malloc(sizeof(struct in6_addr))), - -1, "failed to allocate memory\n"); - memset(entry->inner_src_addr, 0, sizeof(struct in6_addr)); - HIP_IFEL(!(entry->inner_dst_addr = (struct in6_addr *) malloc(sizeof(struct in6_addr))), - -1, "failed to allocate memory\n"); - memset(entry->inner_dst_addr, 0, sizeof(struct in6_addr)); - HIP_IFEL(!(entry->auth_key = (struct hip_crypto_key *) malloc(hip_auth_key_length_esp(ealg))), -1, "failed to allocate memory\n"); memset(entry->auth_key, 0, hip_auth_key_length_esp(ealg)); @@ -718,8 +686,8 @@ esp_num_anchors, esp_prot_anchors, update), -1, "failed to set the entry members\n"); HIP_DEBUG("adding sa entry with following index attributes:\n"); - HIP_DEBUG_HIT("inner_src_addr", entry->inner_src_addr); - HIP_DEBUG_HIT("inner_dst_addr", entry->inner_dst_addr); + HIP_DEBUG_HIT("inner_src_addr", &entry->inner_src_addr); + HIP_DEBUG_HIT("inner_dst_addr", &entry->inner_dst_addr); HIP_DEBUG("mode: %i\n", entry->mode); /* returns the replaced item or NULL on normal operation and error. @@ -727,14 +695,14 @@ HIP_IFEL(hip_ht_add(sadb, entry), -1, "hash collision detected!\n"); // add links to this entry for incoming packets - HIP_IFEL(hip_link_entry_add(entry->dst_addr, entry), -1, "failed to add link entries\n"); + HIP_IFEL(hip_link_entry_add(&entry->dst_addr, entry), -1, "failed to add link entries\n"); HIP_DEBUG("sa entry added successfully\n"); out_err: if (err) { if (entry) { - hip_link_entry_delete(entry->dst_addr, entry->spi); + hip_link_entry_delete(&entry->dst_addr, entry->spi); hip_sa_entry_free(entry); free(entry); } @@ -758,7 +726,7 @@ HIP_IFEL(!(stored_entry = hip_sa_entry_find_outbound(src_addr, dst_addr)), -1, "failed to retrieve sa entry\n"); - HIP_IFEL(hip_link_entry_delete(stored_entry->dst_addr, stored_entry->spi), -1, "failed to delete links\n"); + HIP_IFEL(hip_link_entry_delete(&stored_entry->dst_addr, stored_entry->spi), -1, "failed to delete links\n"); // delete the entry from the sadb hip_ht_delete(sadb, stored_entry); @@ -784,10 +752,10 @@ HIP_DEBUG("direction: %i\n", entry->direction); HIP_DEBUG("spi: 0x%lx\n", entry->spi); HIP_DEBUG("mode: %u\n", entry->mode); - HIP_DEBUG_HIT("src_addr", entry->src_addr); - HIP_DEBUG_HIT("dst_addr", entry->dst_addr); - HIP_DEBUG_HIT("inner_src_addr", entry->inner_src_addr); - HIP_DEBUG_HIT("inner_dst_addr", entry->inner_dst_addr); + HIP_DEBUG_HIT("src_addr", &entry->src_addr); + HIP_DEBUG_HIT("dst_addr", &entry->dst_addr); + HIP_DEBUG_HIT("inner_src_addr", &entry->inner_src_addr); + HIP_DEBUG_HIT("inner_dst_addr", &entry->inner_dst_addr); HIP_DEBUG("encap_mode: %u\n", entry->encap_mode); HIP_DEBUG("src_port: %u\n", entry->src_port); HIP_DEBUG("dst_port: %u\n", entry->dst_port); @@ -969,7 +937,7 @@ HIP_IFEL(!(entry = hip_sa_entry_find_inbound(dst_addr, spi)), -1, "failed to retrieve sa entry\n"); - HIP_IFEL(hip_sa_entry_delete(entry->inner_src_addr, entry->inner_dst_addr), -1, + HIP_IFEL(hip_sa_entry_delete(&entry->inner_src_addr, &entry->inner_dst_addr), -1, "failed to delete entry\n"); out_err: @@ -991,7 +959,7 @@ list_for_each_safe(item, tmp, sadb, i) { HIP_IFEL(!(entry = (hip_sa_entry_t *) list_entry(item)), -1, "failed to get list entry\n"); - HIP_IFEL(hip_sa_entry_delete(entry->inner_src_addr, entry->inner_dst_addr), -1, + HIP_IFEL(hip_sa_entry_delete(&entry->inner_src_addr, &entry->inner_dst_addr), -1, "failed to delete sa entry\n"); } @@ -1037,26 +1005,24 @@ hip_sa_entry_t *hip_sa_entry_find_outbound(const struct in6_addr *src_hit, const struct in6_addr *dst_hit) { - hip_sa_entry_t *search_entry = NULL, *stored_entry = NULL; + hip_sa_entry_t search_entry; + hip_sa_entry_t *stored_entry = NULL; int err = 0; - HIP_IFEL(!(search_entry = (hip_sa_entry_t *) malloc(sizeof(hip_sa_entry_t))), -1, - "failed to allocate memory\n"); - // fill search entry with information needed by the hash function - memcpy(search_entry->inner_src_addr, src_hit, sizeof(struct in6_addr)); - memcpy(search_entry->inner_dst_addr, dst_hit, sizeof(struct in6_addr)); - search_entry->mode = BEET_MODE; + memcpy(&search_entry.inner_src_addr, src_hit, sizeof(struct in6_addr)); + memcpy(&search_entry.inner_dst_addr, dst_hit, sizeof(struct in6_addr)); + search_entry.mode = BEET_MODE; HIP_DEBUG("looking up sa entry with following index attributes:\n"); - HIP_DEBUG_HIT("inner_src_addr", search_entry->inner_src_addr); - HIP_DEBUG_HIT("inner_dst_addr", search_entry->inner_dst_addr); - HIP_DEBUG("mode: %i\n", search_entry->mode); + HIP_DEBUG_HIT("inner_src_addr", &search_entry.inner_src_addr); + HIP_DEBUG_HIT("inner_dst_addr", &search_entry.inner_dst_addr); + HIP_DEBUG("mode: %i\n", search_entry.mode); //hip_sadb_print(); // find entry in sadb db - HIP_IFEL(!(stored_entry = (hip_sa_entry_t *) hip_ht_find(sadb, search_entry)), -1, + HIP_IFEL(!(stored_entry = (hip_sa_entry_t *) hip_ht_find(sadb, &search_entry)), -1, "failed to retrieve sa entry\n"); out_err: @@ -1064,10 +1030,6 @@ stored_entry = NULL; } - if (search_entry) { - free(search_entry); - } - return stored_entry; } === modified file 'firewall/user_ipsec_sadb.h' --- firewall/user_ipsec_sadb.h 2010-03-29 16:56:02 +0000 +++ firewall/user_ipsec_sadb.h 2010-03-29 19:33:56 +0000 @@ -22,6 +22,7 @@ #endif #include <sys/time.h> #include <inttypes.h> +#include <netinet/in.h> #include "lib/core/hashchain.h" #include "esp_prot_defines.h" #include "lib/core/esp_prot_common.h" @@ -33,10 +34,10 @@ int direction; /* direction of the SA: inbound/outbound */ uint32_t spi; /* IPsec SPI number */ uint32_t mode; /* ESP mode : 1-transport, 2-tunnel, 3-beet */ - struct in6_addr * src_addr; /* source address of outer IP header */ - struct in6_addr * dst_addr; /* destination address of outer IP header */ - struct in6_addr * inner_src_addr; /* inner source addresses for tunnel and BEET SAs */ - struct in6_addr * inner_dst_addr; /* inner destination addresses for tunnel and BEET SAs */ + struct in6_addr src_addr; /* source address of outer IP header */ + struct in6_addr dst_addr; /* destination address of outer IP header */ + struct in6_addr inner_src_addr; /* inner source addresses for tunnel and BEET SAs */ + struct in6_addr inner_dst_addr; /* inner destination addresses for tunnel and BEET SAs */ uint8_t encap_mode; /* encapsulation mode: 0 - none, 1 - udp */ uint16_t src_port; /* src port for UDP encaps. ESP */ uint16_t dst_port; /* dst port for UDP encaps. ESP */