Merge authors: Artturi Karila (artturi-karila) Diego Biurrun (diego-biurrun) Miika Komu (miika-iki) René Hummen (rene-hummen) Stefan Götz (stefan.goetz) ------------------------------------------------------------ revno: 5012 [merge] committer: Andrius Bentkus <andrius.bentkus@xxxxxxxxxxxxxx> branch nick: hipfw-modules timestamp: Tue 2010-11-09 15:18:47 +0100 message: Merge trunk. removed: test/README.UNITTESTS tools/mailer.sh renamed: doc/HOWTO.xml => doc/HOWTO.xml.in tools/hipdnsproxy/hipdnsproxy => tools/hipdnsproxy/hipdnsproxy.in tools/nsupdate.pl => tools/nsupdate.pl.in modified: .bzrignore INSTALL Makefile.am configure.ac doc/HACKING firewall/conntrack.c firewall/user_ipsec_api.c hipd/cert.c hipd/close.c hipd/dh.c hipd/hadb.c hipd/hidb.c hipd/input.c hipd/nat.c hipd/netdev.c hipd/nsupdate.c hipd/registration.c lib/core/conf.c lib/core/hashchain.c lib/core/hit.c lib/core/hit.h lib/core/lmod.c lib/core/straddr.c lib/core/straddr.h packaging/create-package.sh packaging/debbuild packaging/hipl-deb.spec packaging/hipl-rpm.spec packaging/openwrt/package/Makefile test/check_lib_core.c test/lib/core/hit.c test/lib/core/straddr.c tools/hipconf.c tools/hipdnsproxy/hosts.py tools/hipl_autobuild.sh tools/maintainer/sync-all tools/maintainer/update-html-code doc/HOWTO.xml.in tools/hipdnsproxy/hipdnsproxy.in tools/nsupdate.pl.in -- lp:~toxedvirus/hipl/hipfw-modules https://code.launchpad.net/~toxedvirus/hipl/hipfw-modules Your team HIPL core team is subscribed to branch lp:~toxedvirus/hipl/hipfw-modules. To unsubscribe from this branch go to https://code.launchpad.net/~toxedvirus/hipl/hipfw-modules/+edit-subscription
=== modified file '.bzrignore' --- .bzrignore 2010-10-15 20:22:03 +0000 +++ .bzrignore 2010-11-09 14:18:47 +0000 @@ -31,6 +31,7 @@ doc/Doxyfile doc/HOWTO.html doc/HOWTO.txt +doc/HOWTO.xml doc/doxy/ firewall/hipfw hipd/hipd @@ -41,6 +42,7 @@ m4/*.m4 missing py-compile +rpmbuild/ stamp-h1 tags test/auth_performance @@ -49,7 +51,8 @@ test/hc_performance tools/hipconf tools/hipdnskeyparse -tools/hipdnsproxy +tools/hipdnsproxy/hipdnsproxy +tools/nsupdate.pl tools/pisacert modules/hipd_modules.h modules/firewall_modules.h === modified file 'INSTALL' --- INSTALL 2010-10-19 11:52:34 +0000 +++ INSTALL 2010-10-29 11:30:05 +0000 @@ -28,7 +28,9 @@ with development headers. For Perl, Socket6, IO::Socket::INET6, Net::IP and Net::DNS modules are required. You can optionally install xmlto to build the HOWTO and doxygen to build the code documentation. Installing the -optional check library (http://check.sourceforge.net/) enables unit tests. +optional check library (http://check.sourceforge.net/) enables unit tests. +Some additional libraries are needed for building binary packages (fakeroot +and dpkg-dev on ubuntu). On Ubuntu, the following command(s) should solve the dependencies: @@ -36,7 +38,8 @@ iptables-dev libcap-dev libnet-ip-perl libnet-dns-perl \ libsocket6-perl libio-socket-inet6-perl - Optionally: aptitude install pax miredo bzr xmlto doxygen check + Optionally: aptitude install pax miredo bzr xmlto doxygen check fakeroot + dpkg-dev On Fedora, the following command(s) should solve the dependencies: === modified file 'Makefile.am' --- Makefile.am 2010-10-20 16:11:23 +0000 +++ Makefile.am 2010-11-09 14:18:47 +0000 @@ -232,10 +232,10 @@ CLEANFILES = doc/HOWTO.html doc/HOWTO.txt clean-local: - rm -rf doc/doxy + rm -rf doc/doxy debbuild rpmbuild -bin deb increl rpm syncrepo: - env PYEXECDIR=$(pyexecdir) @srcdir@/packaging/create-package.sh $@ +bin deb rpm syncrepo syncrepo_deb syncrepo_rpm: $(srcdir)/version.h + @srcdir@/packaging/create-package.sh $@ autotools-clean: maintainer-clean rm -f aclocal.m4 compile config.* configure depcomp install-sh @@ -253,7 +253,7 @@ # Ensure that version.h is created before everything else. This does not work # when creating specific objects that may depend on version.h directly. BUILT_SOURCES = version.h -$(srcdir)/version.h: $(wildcard $(srcdir)/.bzr/branch/last-revision) +$(srcdir)/version.h: $(wildcard $(srcdir)/.bzr/checkout/dirstate) bzr version-info $(srcdir) --custom --template='#define BZR_REVISION "{revno}"\n#define BZR_DATE "{date}"\n#define BZR_BRANCH "{branch_nick}"\n' > $@ @@ -262,4 +262,4 @@ dist-hook: rm -f $(distdir)/doc/Doxyfile -.PHONY: bin checkheaders deb doxygen increl rpm syncrepo +.PHONY: bin checkheaders deb doxygen rpm syncrepo* === modified file 'configure.ac' --- configure.ac 2010-10-20 16:11:23 +0000 +++ configure.ac 2010-11-09 14:18:47 +0000 @@ -41,7 +41,7 @@ AC_CHECK_LIB(m, pow,, AC_MSG_ERROR(Math lib not found)) # The unit tests depend on 'check' (http://check.sourceforge.net/) AC_CHECK_LIB(check, suite_create,, - AC_MSG_WARN(libcheck (http://check.sourceforge.net/) not found: HIPL unit tests are not available),) + AC_MSG_WARN(libcheck (http://check.sourceforge.net/) not found: HIPL unit tests are not available),) AM_CONDITIONAL(HIP_UNITTESTS, test x"$ac_cv_lib_check_suite_create" = xyes) # If no --prefix option is passed to configure, $prefix is empty. But we want @@ -54,7 +54,9 @@ AH_TEMPLATE(HIPL_DEFAULT_PREFIX, [default prefix]) # Our configuration files should be located in a subdirectory of their own. -AC_SUBST(sysconfdir, ${sysconfdir}/hip) +# The variable is evaluated and echoed to produce a string that can be +# substituted for references to configuration files throughout the codebase. +AC_SUBST(sysconfdir, $(eval echo ${sysconfdir}/hip)) # Default sysconf and lockfile directory AC_DEFINE_UNQUOTED(HIPL_SYSCONFDIR, "$(eval echo $sysconfdir)") @@ -219,6 +221,6 @@ echo "+-----------------------------------------------" echo "" -AC_CONFIG_FILES([ Makefile doc/Doxyfile ]) +AC_CONFIG_FILES([ Makefile doc/Doxyfile doc/HOWTO.xml tools/nsupdate.pl tools/hipdnsproxy/hipdnsproxy ]) AC_OUTPUT === modified file 'doc/HACKING' --- doc/HACKING 2010-10-20 14:04:59 +0000 +++ doc/HACKING 2010-11-09 09:07:47 +0000 @@ -712,7 +712,7 @@ handle valid and invalid input as documented. Ideally, they also test corner cases and unusual input and state. Obviously, unit tests are limited in testing whether a function fully behaves as documented because that can be -very complex, slow, or impossible on a local system. +very complex, slow, or impossible on a local system. Unit Tests Organizition ----------------------- @@ -720,7 +720,7 @@ - all test code resides in the test directory. The directories below test mirror those in the main hipl directory to organize the tests in the same - layout. + layout. - test programs: There is one test program per hipl component. At the time of this writing, the only test program is check_lib_core for all tests that @@ -733,7 +733,7 @@ implementation file to test. By convention, the tests of the test suite for lib/core/hit.c are contained in test/lib/core/hit.c, which exports them as a suite to the check_lib_core test program. - + - tests: Each test suite consists of one or more tests that test a specific aspect of a function from the implementation. For example, the test function test_hip_convert_hit_to_str_valid() in test/lib/core/hit.c tests whether the @@ -751,21 +751,21 @@ test/check_hipd.c - remove the existing "extern Suite" and "srunner_add_suite()" statements - in Makefile.am: - * add the check_hipd test program to TESTS - * add the check_hipd test program to check_PROGRAMS - * add the file test/check_hipd.c to check_hipd_SOURCES - * add the check library from the check framework and all libraries your - test program depends on (usually the same as the original component hipd) - to check_hipd_LDADD + * add the check_hipd test program to TESTS + * add the check_hipd test program to check_PROGRAMS + * add the file test/check_hipd.c to check_hipd_SOURCES + * add the check library from the check framework and all libraries your + test program depends on (usually the same as the original component + hipd) to check_hipd_LDADD - create the directory test/hipd for your test suites - re-run the automake tool chain * If it does not exist, create the test suite for the file hipd/bar.c: - copy an existing test suite (test/hipd/*.c) to test/hipd/bar.c. - in test/hipd/bar.c, make sure you include the test target's header file - (#include "hipd/bar.h" in this example) + (#include "hipd/bar.h" in this example) - in test/hipd/bar.c, remove all tests and tcase_add_test() statements - in test/hipd/bar.c, adapt the name of the test suite in the invocation of - suite_create() to "hipd/bar" + suite_create() to "hipd/bar" - add test/hipd/bar.c to check_hipd_SOURCES in Makefile.am - re-run the automake tool chain * Create the test case: @@ -803,11 +803,13 @@ DEBUGGING ========= -Debugging the kernel with gdb is not possible unless you're running -User Mode Linux and in such cases you may prefer manual debugging -statements in the code. It may be also your personal favourite to -prefer debugging statements over gdb in the userspace. HIPL provides a -set of wrappers for adding debugging statements in a concise way: +You can debug HIPL code using gdb. The recommended way to configure a +debug build is as follows: + +./configure <options> CFLAGS='-g -O0' + +Alternatively, HIPL provides a set of wrappers for printing or logging +debugging statements in a unified way: - HIP_DIE(arguments as for printk) - HIP_ERROR(arguments as for printk) @@ -1131,10 +1133,6 @@ Install repository tool at the host where you are building packages: * yum -y install createrepo -Remember update version number in hipl.spec before -uploading any binaries!!! -* make increl - Create binaries and synchronise to repository: * make bin syncrepo @@ -1159,10 +1157,6 @@ Install the following tool to the host where building packages: * apt-get install dpkg-scanpackages -Note: if you are doing a version upgrade, remember to update the -version number in hipl-deb.spec!!! -* make increl - Build the binaries and synchronize to repository: * make bin syncrepo === renamed file 'doc/HOWTO.xml' => 'doc/HOWTO.xml.in' --- doc/HOWTO.xml 2010-08-31 09:27:03 +0000 +++ doc/HOWTO.xml.in 2010-10-29 12:51:08 +0000 @@ -684,7 +684,7 @@ </para> <para> <programlisting> - $ make package/hipl-install V=99 + $ make package/hipl/install V=99 </programlisting> </para> </listitem> @@ -831,7 +831,7 @@ </para> <para> <programlisting> -$ make package/hipl-install V=99 +$ make package/hipl/install V=99 </programlisting> </para> </listitem> @@ -1130,7 +1130,7 @@ </para> <para> <programlisting> - $ make package/hipl-install V=99 + $ make package/hipl/install V=99 </programlisting> </para> </listitem> @@ -1540,17 +1540,17 @@ </para> <itemizedlist> - <listitem><programlisting>Version of HIPL software. Ubuntu: dpkg -l 'hipl*'. Redhat-based distros: rpm -qa|grep hipl</programlisting></listitem> + <listitem><programlisting>Version of HIPL software. Ubuntu: dpkg -l 'hipl*'. Redhat-based distros: rpm -qa | grep hipl</programlisting></listitem> <listitem><programlisting>hipconf get ha all</programlisting></listitem> <listitem><programlisting>ip xfrm state</programlisting></listitem> <listitem><programlisting>uname -a</programlisting></listitem> <listitem><programlisting>lsb_release -a</programlisting></listitem> - <listitem><programlisting>cat /etc/hip/hipd_config</programlisting></listitem> + <listitem><programlisting>cat @sysconfdir@/hipd_config</programlisting></listitem> <listitem><programlisting>cat /etc/selinux/config</programlisting></listitem> <listitem><programlisting>iptables -L -n</programlisting></listitem> <listitem><programlisting>ip6tables -L -n</programlisting></listitem> - <listitem><programlisting>ps axu|grep hip</programlisting></listitem> - <listitem><programlisting>ps axu|grep dns</programlisting></listitem> + <listitem><programlisting>ps axu | grep hip</programlisting></listitem> + <listitem><programlisting>ps axu | grep dns</programlisting></listitem> </itemizedlist> <!-- @@ -1706,7 +1706,7 @@ This will setup a HIP connection between the two hosts (it may take a while if you are using virtual machines). You should replace HIT_OF_XXX with the HIT of the host XXX. The hip daemon loads (and - creates if necessary) the host identities from /etc/hip automatically. + creates if necessary) the host identities from @sysconfdir@ automatically. If you want to know the default HIT of the localhost, run "hipconf get hi default". You can list all HITs of the machine with "hipconf get hi all". By @@ -1723,7 +1723,7 @@ hipconf add map PEER_HIT PEER_IP </para> <para> - You can also add the mapping to "/etc/hip/hipd_config" and restart hipd. + You can also add the mapping to "@sysconfdir@/hipd_config" and restart hipd. It is also possible to use DNS for the mappings. </para> <para> @@ -1788,7 +1788,7 @@ HIP_DEBUG> </para> <para> - These options can be also set in "/etc/hip/hipd_config" to configure + These options can be also set in "@sysconfdir@/hipd_config" to configure hipd and other libraries at startup. </para> <para> @@ -1849,7 +1849,7 @@ </para></listitem> </itemizedlist> <para> - Beforehand the following rules must be added in the file /etc/hip/firewall.conf + Beforehand the following rules must be added in the file @sysconfdir@/firewall.conf </para> <para>crash:</para> <itemizedlist> @@ -1994,14 +1994,14 @@ <para> 3a. If you want to maintain separate files for HIP identifiers, write the HIT-hostname (or LSI-hostname) - pair to /etc/hip/hosts and the IP-hostname pair to /etc/hosts. + pair to @sysconfdir@/hosts and the IP-hostname pair to /etc/hosts. See also the method (2) for overloading all addresses in /etc/hosts. </para> <para> 3b. Execute "hipconf add map PEER_HIT PEER_IP" and use the HIT directly in the application. You can insert the - hipconf command also to /etc/hip/hipd_config and restart hipd. + hipconf command also to @sysconfdir@/hipd_config and restart hipd. </para> </section> <section id="sec_advanced_methods"> @@ -2338,7 +2338,7 @@ <para>As NFSv3 supports only IPv4, you need use LSIs. So, make sure that you are running also hipfw with the LSI support (-l) on both sides. For example, you can start it with "hipfw -lAbk" flags. Also, - it is recommended to fix HITs and LSIs to /etc/hip/hosts + it is recommended to fix HITs and LSIs to @sysconfdir@/hosts and IP addresses to /etc/hosts at both sides. In this example, the NFS server has been configured to use LSI 1.0.0.1 and the client 1.0.0.2. Notice that the LSIs are valid only within the local @@ -2482,7 +2482,7 @@ <para> The DNS proxy tries to find host identities from two places: - "hosts" files (/etc/hosts and /etc/hip/hosts), HI records in DNS. + "hosts" files (/etc/hosts and @sysconfdir@/hosts), HI records in DNS. It returns the host identities as HITs or LSIs to the requesting application. </para> @@ -2537,7 +2537,7 @@ key file contents to different DNS zone file formats. To convert to unpatched BIND9 format, run the following: <programlisting> -hipdnskeyparse < /etc/hip/hip_host_rsa_key_pub.pub hostname.domain.org | sed -n -e '/^9BIND */s///p' +hipdnskeyparse < @sysconfdir@/hip_host_rsa_key_pub.pub hostname.domain.org | sed -n -e '/^9BIND */s///p' </programlisting> This outputs a line which can be inserted to a zone file. Similarly, with sed command: @@ -2563,7 +2563,7 @@ <para> Currently HIP daemon performs HIP name resolution in the following order: <itemizedlist> - <listitem><para>in /etc/hip/hosts</para></listitem> + <listitem><para>in @sysconfdir@/hosts</para></listitem> <listitem><para>in /etc/hosts</para></listitem> <listitem><para>in hit-to-ip.infrahip.net zone</para></listitem> </itemizedlist> @@ -2575,7 +2575,7 @@ to contact peer host with HIT 2001:1e:574e:2505:264a:b360:d8cc:1d75 </para> <para>Default hit-to-ip.infrahip.net. suffix can be changed with - "hipconf hit-to-ip-set <new.hit-to-ip.zone.>. Please note it is independent from HIT_TO_IP_ZONE in /etc/hip/nsupdate.conf" + "hipconf hit-to-ip-set <new.hit-to-ip.zone.>. Please note it is independent from HIT_TO_IP_ZONE in @sysconfdir@/nsupdate.conf" </para> <para> With "hipconf nsupdate on", the HIP daemon also maintains @@ -2660,10 +2660,10 @@ NAT boxes to establish direct end-to-end connectivity with each other. The second mode, "full-relay" is supported completely and it relays both HIP and ESP traffic. You should - use it carefully and whitelist your /etc/hip/relay_config + use it carefully and whitelist your @sysconfdir@/relay_config file. Otherwise you risk your host becoming an open HIP and ESP relay. For additional security measure, you can also use - also /etc/hip/firewall_conf to further restrict the allowed + also @sysconfdir@/firewall_conf to further restrict the allowed clients and servers by their HITs. </para> <para> @@ -2709,14 +2709,14 @@ <abstract> <para> In this section, we show how to edit the configuration file: - "<emphasis>/etc/hip/relay_config</emphasis>". + "<emphasis>@sysconfdir@/relay_config</emphasis>". </para> </abstract> <section id="sec_relay_conf_about"> <title>About the RVS and HIP Relay Configuration File</title> <para> The rendezvous server and the HIP relay server are configured using a - configuration file: "<emphasis>/etc/hip/relay_config</emphasis>". + configuration file: "<emphasis>@sysconfdir@/relay_config</emphasis>". Note, that this file is server side configuration file i.e. you only need to configure the file at the relay or rendezvous server, not at the client. This file is shared between the RVS and the HIP relay @@ -2854,7 +2854,7 @@ <para> Before you test the rendezvous mechanisms, you should have run the base exchange once without the rendezvous server to get familiar how the - "<emphasis>/etc/hosts</emphasis>" and "<emphasis>/etc/hip/hosts</emphasis>" files are configured. Please see + "<emphasis>/etc/hosts</emphasis>" and "<emphasis>@sysconfdir@/hosts</emphasis>" files are configured. Please see <xref linkend="ch_basictest" /> for information on how to run a base exchange without the rendezvous server. Also, before you can test the rendezvous mechanism, the configuration file must be edited @@ -2884,7 +2884,7 @@ </mediaobject> <para> First, the "<emphasis>/etc/hosts</emphasis>" and - "<emphasis>/etc/hip/hosts</emphasis>" files are configured. Please + "<emphasis>@sysconfdir@/hosts</emphasis>" files are configured. Please notice that you can leave all non-HIP-related values in "<emphasis>/etc/hosts</emphasis>" intact. </para> @@ -2904,7 +2904,7 @@ </listitem> <listitem> <para> - In the "<emphasis>/etc/hip/hosts</emphasis>" file you should have: + In the "<emphasis>@sysconfdir@/hosts</emphasis>" file you should have: <RESPONDER HIT> <RESPONDER NAME>. This is the line that you would have in a normal base exchange execution not involving an RVS. Please make sure that you use the same HIT @@ -2921,7 +2921,7 @@ <listitem> <para> Both files, "<emphasis>/etc/hosts</emphasis>" and - "<emphasis>/etc/hip/hosts</emphasis>", are left blank. The files are left blank + "<emphasis>@sysconfdir@/hosts</emphasis>", are left blank. The files are left blank because the rendezvous server is assumed to have no information of its clients beforehand. The RVS can have some white listed HITs as beforehand information, however, but it is not required @@ -2938,7 +2938,7 @@ <listitem> <para> At the responder, both files,"<emphasis>/etc/hosts</emphasis>" - and "<emphasis>/etc/hip/hosts</emphasis>", are left blank + and "<emphasis>@sysconfdir@/hosts</emphasis>", are left blank also. The responder is assumed to know the IP address and the HIT of the rendezvous server, but this information is given as command line parameters of the "<emphasis>hipconf</emphasis>" tool. @@ -3116,7 +3116,7 @@ Before you test the relay mechanisms, you should have run the base exchange once without the relay server to get familiar how the "<emphasis>/etc/hosts</emphasis>" and - "<emphasis>/etc/hip/hosts</emphasis>" files are configured. Please see + "<emphasis>@sysconfdir@/hosts</emphasis>" files are configured. Please see <xref linkend="ch_basictest" /> for information on how to run a base exchange without the relay server. Also, before you can test the relay mechanism, the configuration file must be edited @@ -3156,7 +3156,7 @@ </mediaobject> <para> First, the "<emphasis>/etc/hosts</emphasis>" and - "<emphasis>/etc/hip/hosts</emphasis>" files are configured. Please + "<emphasis>@sysconfdir@/hosts</emphasis>" files are configured. Please notice that you can leave all non-HIP-related values in "<emphasis>/etc/hosts</emphasis>" intact. The configuration of these files is identical with the RVS test case, thus if you have already @@ -3387,7 +3387,7 @@ <para> The server, on the other hand, uses the first given lifetime boundaries for every offered service in REG_INFO parameters - (If "<emphasis>/etc/hip/relay_config</emphasis>" would provide + (If "<emphasis>@sysconfdir@/relay_config</emphasis>" would provide a way to define individual lifetime boundaries for each service, the boundaries listed first would be used for every service). </para> @@ -3484,7 +3484,7 @@ <para>If firewall is killed, it leaves rules dangling which may drop some traffic. Check with "iptables -L -n" if there are some HIPFW - rules there and no hipfw running ("ps axu|grep hipfw"). You can + rules there and no hipfw running ("ps axu | grep hipfw"). You can flush the rules with "hipfw -k" and then pressing CTRL + C. Alternatively, you can just run "/etc/init.d/hipfw stop". </para> @@ -3494,7 +3494,7 @@ it drops all HIP traffic and allows all other traffic. You can change the defaults with hipfw command line flags. To get a list of command line flags, give the -h option to hipfw. When you start the firewall - the first time, it creates /etc/hip/firewall.conf file which contains + the first time, it creates @sysconfdir@/firewall.conf file which contains an example usage template. </para> @@ -3783,7 +3783,7 @@ enable/disable opportunistic mode. By default it is on. </para></listitem> <listitem><para> - Now the opportunistic mode is enabled. To test Opportunistic mode, you need to remove crash's HITs and name from /etc/hip/hosts, and then following the steps in <xref linkend="ch_basictest" />. + Now the opportunistic mode is enabled. To test Opportunistic mode, you need to remove crash's HITs and name from @sysconfdir@/hosts, and then following the steps in <xref linkend="ch_basictest" />. </para></listitem> </itemizedlist> @@ -3911,7 +3911,7 @@ getendpointinfo name resolution interface.</para> </listitem> <listitem> - <para>By default, the interface first checks the /etc/hip/hosts file for + <para>By default, the interface first checks the @sysconfdir@/hosts file for a matching host. If one is not found, the kernel is queried for its list of known HIP peers and the list is examined for matches.</para> </listitem> @@ -3952,7 +3952,7 @@ </programlisting> <para> - Notice that the last command can be also configured to /etc/hip/hipd_config + Notice that the last command can be also configured to @sysconfdir@/hipd_config </para> <para> @@ -3970,53 +3970,6 @@ </section> </section> - <section id="hipproxy"> - <title>HIP Proxy</title> - - <para> - It might not be possible to run HIP at all with old legacy - client hosts even with the userspace IPsec. In such a case, HIP - can be migrated to an on-path middlebox (e.g. router) by using the so - called HIP Proxy. The HIP proxy translates connections from - the client host to HIP-based connections to servers. The - extension is experimental. To try the proxy, you'll need three machines - as follows. - </para> - - <para> - Start hipd at the server: - </para> - - <programlisting> - hipd -bk - </programlisting> - - <para> - Start hipd and hipfw on the on-path proxy in the proxy mode: - </para> - - <programlisting> - hipd -bk - hipfw -Adbk - hipconf proxy on - <make sure that openssh is running> - </programlisting> - - <para> - Connect with ssh from the client to the server: - </para> - - <programlisting> - ssh <ipv4-address-of-the-server> - </programlisting> - - <para> - The ssh connection should be tunneled over ESP. Note that this example - requires the proxy to be located on the path between the client and server. - </para> - - </section> - <section id="ch_shotgun"> <title>"Shotgun" Extension</title> @@ -4056,7 +4009,7 @@ </programlisting> </para> - <para>The same line can be also included in /etc/hip/hipd_config + <para>The same line can be also included in @sysconfdir@/hipd_config without the "hipconf" prefix. </para> === modified file 'firewall/conntrack.c' --- firewall/conntrack.c 2010-10-15 15:29:14 +0000 +++ firewall/conntrack.c 2010-10-27 11:27:48 +0000 @@ -39,6 +39,7 @@ #define _BSD_SOURCE +#include <errno.h> #include <stdint.h> #include <stdlib.h> #include <string.h> === modified file 'firewall/user_ipsec_api.c' --- firewall/user_ipsec_api.c 2010-10-15 15:29:14 +0000 +++ firewall/user_ipsec_api.c 2010-10-27 11:27:48 +0000 @@ -40,6 +40,7 @@ #include <stdint.h> #include <stdlib.h> #include <string.h> +#include <unistd.h> #include <arpa/inet.h> #include <netinet/in.h> #include <netinet/ip.h> === modified file 'hipd/cert.c' --- hipd/cert.c 2010-10-15 15:29:14 +0000 +++ hipd/cert.c 2010-10-19 12:08:54 +0000 @@ -194,11 +194,11 @@ /* clearing signature field just to be sure */ memset(cert->signature, '\0', sizeof(cert->signature)); - HIP_IFEL(!(digest_b64 = base64_encode((unsigned char *) sha_digest, - (unsigned int) sizeof(sha_digest))), + HIP_IFEL(EVP_EncodeBlock(digest_b64, (unsigned char *) sha_digest, + (unsigned int) sizeof(sha_digest)) > 0, -1, "Failed to encode digest_b64\n"); - HIP_IFEL(!(signature_b64 = base64_encode((unsigned char *) signature, - (unsigned int) sig_len)), + HIP_IFEL(EVP_EncodeBlock(signature_b64, (unsigned char *) signature, + (unsigned int) sig_len) > 0, -1, "Failed to encode signature_b64\n"); /* create (signature (hash sha1 |digest|)|signature|) */ sprintf(cert->signature, "(signature (hash sha1 |%s|)|%s|)", @@ -218,7 +218,7 @@ -1, "Error in converting public exponent from BN to bin\n"); - HIP_IFEL(!(n_b64 = base64_encode((unsigned char *) n_bin, RSA_size(rsa))), + HIP_IFEL(EVP_EncodeBlock(n_b64, (unsigned char *) n_bin, RSA_size(rsa)) > 0, -1, "Failed to encode n_b64\n"); @@ -244,26 +244,22 @@ */ HIP_IFEL(!(BN_bn2bin(dsa->p, p_bin)), -1, "Error in converting public exponent from BN to bin\n"); - HIP_IFEL(!(p_b64 = base64_encode((unsigned char *) p_bin, - BN_num_bytes(dsa->p))), + HIP_IFEL(EVP_EncodeBlock(p_b64, (unsigned char *) p_bin, BN_num_bytes(dsa->p)) > 0, -1, "Failed to encode p_b64\n"); HIP_IFEL(!(BN_bn2bin(dsa->q, q_bin)), -1, "Error in converting public exponent from BN to bin\n"); - HIP_IFEL(!(q_b64 = base64_encode((unsigned char *) q_bin, - BN_num_bytes(dsa->q))), + HIP_IFEL(EVP_EncodeBlock(q_b64, (unsigned char *) q_bin, BN_num_bytes(dsa->q)) > 0, -1, "Failed to encode q_64"); HIP_IFEL(!(BN_bn2bin(dsa->g, g_bin)), -1, "Error in converting public exponent from BN to bin\n"); - HIP_IFEL(!(g_b64 = base64_encode((unsigned char *) g_bin, - BN_num_bytes(dsa->g))), + HIP_IFEL(EVP_EncodeBlock(g_b64, (unsigned char *) g_bin, BN_num_bytes(dsa->g)) > 0, -1, "Failed to encode g_b64\n"); HIP_IFEL(!(BN_bn2bin(dsa->pub_key, y_bin)), -1, "Error in converting public exponent from BN to bin\n"); - HIP_IFEL(!(y_b64 = base64_encode((unsigned char *) y_bin, - BN_num_bytes(dsa->pub_key))), + HIP_IFEL(EVP_EncodeBlock(y_b64, (unsigned char *) y_bin, BN_num_bytes(dsa->pub_key)) > 0, -1, "Failed to encode y_b64\n"); sprintf(cert->public_key, "(public_key (dsa-pkcs1-sha1 (p |%s|)(q |%s|)" === modified file 'hipd/close.c' --- hipd/close.c 2010-10-15 15:29:14 +0000 +++ hipd/close.c 2010-10-22 10:38:11 +0000 @@ -71,7 +71,7 @@ { int err = 0, mask = 0; int delete_ha_info = *(int *) ((uint8_t *)opaque + sizeof(hip_hit_t)); - hip_hit_t *peer = (hip_hit_t *) opaque; + hip_hit_t *peer = opaque; struct hip_common *msg_close = NULL; #ifdef CONFIG_HIP_PERFORMANCE === modified file 'hipd/dh.c' --- hipd/dh.c 2010-10-15 15:29:14 +0000 +++ hipd/dh.c 2010-11-01 13:13:35 +0000 @@ -40,6 +40,15 @@ #include "lib/core/debug.h" #include "dh.h" +/** + * This table holds Diffie-Hellman values used during HIP BEXs. + * These values are generated when the HIP daemon starts and valid for its + * lifetime. + * Each array element corresponds to a DH value of a specific DH group. + * The valid groups are defined in RFC 5201, section 5.2.6. + * This array is indexed by the Group ID value defined in the RFC. + * Note that this means that the array element at index 0 is thus unused. + */ DH *dh_table[HIP_MAX_DH_GROUP_ID] = {0}; /** @@ -53,6 +62,12 @@ int res; DH *tmp; + if (group_id <= 0 || group_id >= HIP_MAX_DH_GROUP_ID) { + HIP_ERROR("The Group ID %d is invalid\n", group_id); + res = -1; + goto err_free; + } + /* * First check that we have the key available. * Then encode it into the buffer @@ -105,6 +120,11 @@ int err = 0; DH *tmp; + if (group_id <= 0 || group_id >= HIP_MAX_DH_GROUP_ID) { + HIP_ERROR("The Group ID %d is invalid\n", group_id); + return -1; + } + /* * First check that we have the key available. * Then encode it into the buffer @@ -146,7 +166,7 @@ maxmask = (1 << (HIP_MAX_DH_GROUP_ID + 1)) - 1; bitmask &= maxmask; - for (i = 1; i <= HIP_MAX_DH_GROUP_ID; i++) { + for (i = 1; i < HIP_MAX_DH_GROUP_ID; i++) { if (bitmask & (1 << i)) { tmp = hip_generate_dh_key(i); if (!tmp) { === modified file 'hipd/hadb.c' --- hipd/hadb.c 2010-10-19 03:01:28 +0000 +++ hipd/hadb.c 2010-10-27 11:11:20 +0000 @@ -1441,10 +1441,10 @@ { struct in_addr lsi_prefix; uint8_t hostname[HOST_NAME_MAX]; - int index = 1; + int idx = 1; do { - lsi_prefix.s_addr = htonl(HIP_LSI_PREFIX | index++); + lsi_prefix.s_addr = htonl(HIP_LSI_PREFIX | idx++); } while (lsi_assigned(lsi_prefix) || !hip_map_lsi_to_hostname_from_hosts(lsi, (char *) hostname)); === modified file 'hipd/hidb.c' --- hipd/hidb.c 2010-10-15 15:29:14 +0000 +++ hipd/hidb.c 2010-10-19 12:08:54 +0000 @@ -355,7 +355,7 @@ list_for_each(item, hip_local_hostid_db, c) { id_entry = (struct hip_host_id_entry *) list_entry(item); - if (hip_hit_are_equal(&id_entry->lhi.hit, our)) { + if (memcmp(&id_entry->lhi.hit, our, sizeof(*our)) == 0) { memcpy(our_lsi, &id_entry->lsi, sizeof(hip_lsi_t)); return 0; } === modified file 'hipd/input.c' --- hipd/input.c 2010-10-15 15:29:14 +0000 +++ hipd/input.c 2010-10-22 10:41:25 +0000 @@ -854,8 +854,6 @@ if (ctx->hadb_entry->nat_mode == HIP_NAT_MODE_NONE) { ctx->hadb_entry->nat_mode = HIP_NAT_MODE_PLAIN_UDP; } - /* @todo Is this alternative xmit function necessary? */ - /* hip_hadb_set_xmit_function_set(entry, &nat_xmit_func_set); */ HIP_UNLOCK_HA(ctx->hadb_entry); } @@ -1187,7 +1185,6 @@ if (idx != 0) { HIP_DEBUG("ifindex = %d\n", idx); - // hip_hadb_set_spi_ifindex_deprecated(ctx->hadb_entry, spi_in, idx); } else { HIP_ERROR("Couldn't get device ifindex of address\n"); } @@ -1770,8 +1767,6 @@ ctx->hadb_entry->peer_udp_port = ctx->msg_ports.src_port; HIP_DEBUG("Setting send func to UDP for entry %p from I2 info.\n", ctx->hadb_entry); - /** @todo Is this function set needed ? */ - /*hip_hadb_set_xmit_function_set(ctx->hadb_entry, &nat_xmit_func_set);*/ } /* If we have old SAs with these HITs delete them */ === modified file 'hipd/nat.c' --- hipd/nat.c 2010-10-15 15:29:14 +0000 +++ hipd/nat.c 2010-10-22 10:41:25 +0000 @@ -198,7 +198,6 @@ { int err = 0; if (entry && mode != HIP_NAT_MODE_NONE) { - //hip_hadb_set_xmit_function_set(entry, &nat_xmit_func_set); entry->nat_mode = *((hip_transform_suite_t *) mode); HIP_DEBUG("NAT status of host association %p: %d\n", entry, entry->nat_mode); === modified file 'hipd/netdev.c' --- hipd/netdev.c 2010-10-15 15:29:14 +0000 +++ hipd/netdev.c 2010-10-27 11:27:48 +0000 @@ -46,6 +46,7 @@ #include <ifaddrs.h> #include <stdlib.h> #include <string.h> +#include <strings.h> #include <unistd.h> #include <arpa/inet.h> #include <net/if.h> === modified file 'hipd/nsupdate.c' --- hipd/nsupdate.c 2010-10-15 15:29:14 +0000 +++ hipd/nsupdate.c 2010-10-27 11:27:48 +0000 @@ -37,6 +37,7 @@ #define _BSD_SOURCE +#include <signal.h> #include <stdio.h> #include <stdlib.h> #include <string.h> === modified file 'hipd/registration.c' --- hipd/registration.c 2010-10-20 03:38:26 +0000 +++ hipd/registration.c 2010-10-27 11:11:20 +0000 @@ -101,7 +101,7 @@ */ static int hip_del_pending_request_by_expiration(void) { - int index = 0; + int idx = 0; hip_ll_node_t *iter = NULL; hip_pending_request_t *request = NULL; time_t now = time(NULL); @@ -112,11 +112,11 @@ if (now - request->created > HIP_PENDING_REQUEST_LIFETIME) { HIP_DEBUG("Deleting and freeing a pending request by " \ "expiration (%u seconds) at index %u.\n", - now - request->created, index); - hip_ll_del(&pending_requests, index, free); + now - request->created, idx); + hip_ll_del(&pending_requests, idx, free); return 0; } - index++; + idx++; } return -1; @@ -242,7 +242,7 @@ */ int hip_del_pending_request(hip_ha_t *entry) { - int index = 0; + int idx = 0; hip_ll_node_t *iter = NULL; /* Iterate through the linked list. The iterator itself can't be used @@ -252,11 +252,11 @@ while ((iter = hip_ll_iterate(&pending_requests, iter)) != NULL) { if (((hip_pending_request_t *) (iter->ptr))->entry == entry) { HIP_DEBUG("Deleting and freeing a pending request at " \ - "index %u.\n", index); - hip_ll_del(&pending_requests, index, free); + "index %u.\n", idx); + hip_ll_del(&pending_requests, idx, free); return 0; } - index++; + idx++; } return -1; @@ -275,7 +275,7 @@ */ int hip_del_pending_request_by_type(hip_ha_t *entry, uint8_t reg_type) { - int index = 0; + int idx = 0; hip_ll_node_t *iter = NULL; hip_pending_request_t *request = NULL; @@ -284,11 +284,11 @@ request = iter->ptr; if (request->entry == entry && request->reg_type == reg_type) { HIP_DEBUG("Deleting and freeing a pending request by " \ - "type at index %u.\n", index); - hip_ll_del(&pending_requests, index, free); + "type at index %u.\n", idx); + hip_ll_del(&pending_requests, idx, free); return 0; } - index++; + idx++; } return -1; === modified file 'lib/core/conf.c' --- lib/core/conf.c 2010-10-20 03:38:26 +0000 +++ lib/core/conf.c 2010-11-06 15:23:19 +0000 @@ -197,7 +197,7 @@ * for the action. */ const char *hipconf_usage = - "add|del map <hit> <ipv6> [lsi]\n" + "add|del map <hit> <ip> [lsi]\n" "del hi <hit>|all\n" "get hi default|all\n" "new|add hi anon|pub rsa|dsa filebasename\n" @@ -872,7 +872,6 @@ int index_of_hit = 0, index_of_ip = 0, opp_mode = 0;; uint8_t lifetime = 0, *reg_types = NULL; time_t seconds_from_lifetime = 0; - char lowercase[30]; memset(&hit, 0, sizeof(hit)); memset(&ipv6, 0, sizeof(ipv6)); @@ -883,6 +882,8 @@ err = -1; goto out_err; } else if (action == ACTION_ADD) { + char *tail_ptr = NULL; + if (optc < 4) { if (optc < 3) { HIP_ERROR("Missing arguments.\n"); @@ -903,20 +904,12 @@ index_of_ip = optc - 2; } - HIP_IFEL(hip_string_is_digit(opt[optc - 1]), -1, + seconds = strtoul(opt[optc - 1], &tail_ptr, 10); + HIP_IFEL(*tail_ptr == '\0' && seconds > 0 && seconds <= 15384774, -1, "Invalid lifetime value \"%s\" given.\n" \ "Please give a lifetime value between 1 and " \ "15384774 seconds.\n", opt[optc - 1]); - seconds = atoi(opt[optc - 1]); - - if (seconds <= 0 || seconds > 15384774) { - HIP_ERROR("Invalid lifetime value \"%s\" given.\n" \ - "Please give a lifetime value between 1 and " \ - "15384774 seconds.\n", opt[optc - 1]); - goto out_err; - } - HIP_IFEL(hip_get_lifetime_value(seconds, &lifetime), -1, "Unable to convert seconds to a lifetime value.\n"); @@ -994,19 +987,18 @@ goto out_err; } - hip_string_to_lowercase(lowercase, opt[i], strlen(opt[i]) + 1); - if (strcmp("rvs", lowercase) == 0) { + if (strcasecmp("rvs", opt[i]) == 0) { reg_types[i] = HIP_SERVICE_RENDEZVOUS; - } else if (strcmp("relay", lowercase) == 0) { + } else if (strcasecmp("relay", opt[i]) == 0) { reg_types[i] = HIP_SERVICE_RELAY; - } else if (strcmp("full-relay", lowercase) == 0) { + } else if (strcasecmp("full-relay", opt[i]) == 0) { reg_types[i] = HIP_SERVICE_FULLRELAY; } /* To cope with the atoi() error value we handle the 'zero' * case here. */ - else if (strcmp("0", lowercase) == 0) { + else if (strcasecmp("0", opt[i]) == 0) { reg_types[i] = 0; } else { - reg_type = atoi(lowercase); + reg_type = atoi(opt[i]); if (reg_type <= 0 || reg_type > 255) { HIP_ERROR("'%s' is not a valid service name " \ "or service number.\n", opt[i]); @@ -1207,13 +1199,13 @@ HIP_IFEL((optc != 2 && optc != 3), -1, "Missing arguments\n"); - HIP_IFEL(convert_string_to_address(opt[0], &hit), -1, - "string to address conversion failed\n"); - - HIP_IFEL((err = convert_string_to_address(opt[1], &ip6)), -1, - "string to address conversion failed\n"); - - if ((err && !convert_string_to_address_v4(opt[1], &aux))) { + HIP_IFEL(hip_convert_string_to_address(opt[0], &hit), -1, + "string to address conversion failed\n"); + + HIP_IFEL((err = hip_convert_string_to_address(opt[1], &ip6)), -1, + "string to address conversion failed\n"); + + if ((err && inet_pton(AF_INET, opt[1], &aux) != 1)) { HIP_IFEL(IS_LSI32(aux.s_addr), -1, "Missing ip address before lsi\n"); } @@ -1243,7 +1235,7 @@ "build param hit failed\n"); if (optc == 3) { - HIP_IFEL(convert_string_to_address_v4(opt[2], &lsi), -1, + HIP_IFEL(inet_pton(AF_INET, opt[2], &lsi) != 1, -1, "string to address conversion failed\n"); HIP_IFEL(!IS_LSI32(lsi.s_addr), -1, "Wrong LSI value\n"); HIP_IFEL(hip_build_param_contents(msg, &lsi, @@ -2011,7 +2003,7 @@ if (!strcmp("all", opt[0])) { hip_conf_print_info_ha(ha); } else { - HIP_IFE(convert_string_to_address(opt[0], &hit1), -1); + HIP_IFE(hip_convert_string_to_address(opt[0], &hit1), -1); if ((ipv6_addr_cmp(&hit1, &ha->hit_our) == 0) || (ipv6_addr_cmp(&hit1, &ha->hit_peer) == 0)) === modified file 'lib/core/hashchain.c' --- lib/core/hashchain.c 2010-10-18 17:44:31 +0000 +++ lib/core/hashchain.c 2010-10-27 11:11:20 +0000 @@ -200,19 +200,19 @@ /* getter function for a specific element of the given hash chain * * @param hash_chain hash chain from which the element should be returned - * @param index index to the hash chain element + * @param idx index to the hash chain element * @return element of the given hash chain */ static unsigned char *hchain_element_by_index(const hash_chain_t *hash_chain, - const int index) + const int idx) { unsigned char *element = NULL; int err = 0; HIP_ASSERT(hash_chain); - if (index >= 0 && index < hash_chain->hchain_length) { - element = &hash_chain->elements[index * hash_chain->hash_length]; + if (idx >= 0 && idx < hash_chain->hchain_length) { + element = &hash_chain->elements[idx * hash_chain->hash_length]; } else { HIP_ERROR("Element from uninited hash chain or out-of-bound element requested!"); === modified file 'lib/core/hit.c' --- lib/core/hit.c 2010-10-18 17:44:31 +0000 +++ lib/core/hit.c 2010-10-19 23:21:39 +0000 @@ -30,83 +30,56 @@ * @author Miika Komu <miika@xxxxxx> */ -#include <stdint.h> -#include <string.h> +#include <string.h> // strcpy() -#include "config.h" -#include "builder.h" -#include "debug.h" -#include "prefix.h" -#include "protodefs.h" -#include "straddr.h" +#include "debug.h" // HIP_ASSERT() +#include "prefix.h" // ipv6_addr_cmp() +#include "straddr.h" // hip_in6_ntop() #include "hit.h" /** - * convert a binary HIT into a string + * Convert a binary HIT to a hexadecimal string representation of the form + * 0011:2233:4455:6677:8899:AABB:CCDD:EEFF terminated by a null character. * - * @param hit a binary HIT - * @param prefix an optional HIT prefix as a string - * @param hit_str the HIT as a string with the given prefix - * @return zero on success and negative on error + * @param hit a pointer to a binary HIT. + * @param suffix an optional null-terminated string suffix to be appended to + * the HIT. If suffix is NULL or the empty string, no suffix is appended. If + * suffix is not null-terminated, the result is undefined. + * @param hit_str a pointer to a buffer to write the HIT and the suffix to. The + * result of passing a buffer that is too short to hold the string + * representation plus the suffix is undefined. + * @return 0 if the HIT was successfully converted. Returns a negative value if + * hit is NULL or hit_str is NULL. */ -int hip_convert_hit_to_str(const hip_hit_t *hit, - const char *prefix, - char *hit_str) +int hip_convert_hit_to_str(const hip_hit_t *const hit, + const char *const suffix, + char *const hit_str) { - int err = 0; - - HIP_ASSERT(hit); - - memset(hit_str, 0, INET6_ADDRSTRLEN); - err = !hip_in6_ntop(hit, hit_str); - - if (prefix) { - memcpy(hit_str + strlen(hit_str), prefix, strlen(prefix)); + if (hit && hit_str) { + if (hip_in6_ntop(hit, hit_str)) { + if (suffix && *suffix != '\0') { + strcpy(hit_str + strlen(hit_str), suffix); + } + return 0; + } } - return err; -} -/** - * compare two HITs to check which HIT is "bigger" - * - * @param hit1 the first HIT to be compared - * @param hit2 the second HIT to be compared - * - * @return 1 if hit1 was bigger than hit2, or else 0 - */ -int hip_hit_is_bigger(const struct in6_addr *hit1, - const struct in6_addr *hit2) -{ - return ipv6_addr_cmp(hit1, hit2) > 0; -} - -/** - * compare two HITs to check which if they are equal - * - * @param hit1 the first HIT to be compared - * @param hit2 the second HIT to be compared - * - * @return 1 if the HITs were equal and zero otherwise - */ -int hip_hit_are_equal(const struct in6_addr *hit1, - const struct in6_addr *hit2) -{ - return ipv6_addr_cmp(hit1, hit2) == 0; -} - -/** - * calculate a hash from a HIT - * - * @param ptr pointer to a HIT - * - * Returns value in range: 0 <= x < range - */ -unsigned long hip_hash_hit(const void *ptr) -{ - uint8_t hash[HIP_AH_SHA_LEN]; - - hip_build_digest(HIP_DIGEST_SHA1, (const uint8_t *)ptr + sizeof(uint16_t), - 7 * sizeof(uint16_t), hash); - - return *((unsigned long *) hash); + return -1; +} + +/** + * Determine whether a HIT is numerically greater than another. + * + * @param hit_gt a pointer to a HIT. When passing a NULL pointer, the result + * of this function is undefined. + * @param hit_le a pointer to a HIT. When passing a NULL pointer, the result + * of this function is undefined. + * @return 1 if hit_gt is greater than hit_le, otherwise 0. + */ +int hip_hit_is_bigger(const struct in6_addr *const hit_gt, + const struct in6_addr *const hit_le) +{ + HIP_ASSERT(hit_gt); + HIP_ASSERT(hit_le); + return ipv6_addr_cmp(hit_gt, hit_le) > 0; } === modified file 'lib/core/hit.h' --- lib/core/hit.h 2010-10-15 15:29:14 +0000 +++ lib/core/hit.h 2010-10-19 12:08:54 +0000 @@ -30,11 +30,8 @@ #include "protodefs.h" -int hip_convert_hit_to_str(const hip_hit_t *hit, const char *prefix, char *str); -int hip_hit_is_bigger(const struct in6_addr *hit1, - const struct in6_addr *hit2); -int hip_hit_are_equal(const struct in6_addr *hit1, - const struct in6_addr *hit2); -unsigned long hip_hash_hit(const void *hit); +int hip_convert_hit_to_str(const hip_hit_t *const hit, const char *const suffix, char *const str); +int hip_hit_is_bigger(const struct in6_addr *const hit_gt, + const struct in6_addr *const hit_le); #endif /* HIP_LIB_CORE_HIT_H */ === modified file 'lib/core/lmod.c' --- lib/core/lmod.c 2010-10-20 16:11:23 +0000 +++ lib/core/lmod.c 2010-11-09 14:18:47 +0000 @@ -279,7 +279,7 @@ void *entry, const uint16_t priority) { - int index = 0; + int idx = 0; hip_ll_t *new_list = NULL; hip_ll_node_t *iter = NULL; @@ -301,11 +301,11 @@ } else if (priority < ((struct function *) iter->ptr)->priority) { break; } else { - index++; + idx++; } } - hip_ll_add(list, index, entry); + hip_ll_add(list, idx, entry); return list; } @@ -321,8 +321,8 @@ */ int lmod_unregister_function(hip_ll_t *list, const void *function) { - int index = 0; - hip_ll_node_t *iter = NULL; + int idx = 0; + hip_ll_node_t *iter = NULL; if (!list) { return -1; @@ -330,10 +330,10 @@ while ((iter = hip_ll_iterate(list, iter))) { if (function == ((struct function *) iter->ptr)->func_ptr) { - hip_ll_del(list, index, free); + hip_ll_del(list, idx, free); break; } - index++; + idx++; } return 0; @@ -421,14 +421,14 @@ */ static int lmod_packet_type_exists(const uint16_t packet_type) { - int index = 0; - hip_ll_node_t *iter = NULL; + int idx = 0; + hip_ll_node_t *iter = NULL; while ((iter = hip_ll_iterate(&packet_types, iter))) { if (packet_type == ((struct packet_type *) iter->ptr)->num) { - return index; + return idx; } else { - index++; + idx++; } } @@ -450,10 +450,10 @@ int lmod_register_packet_type(const uint16_t packet_type, const char *identifier) { - int index = 0; - size_t identifier_len = 0; - hip_ll_node_t *iter = NULL; - struct packet_type *new_entry = NULL; + int idx = 0; + size_t identifier_len = 0; + hip_ll_node_t *iter = NULL; + struct packet_type *new_entry = NULL; if (!identifier || (lmod_packet_type_exists(packet_type) != -1)) { return -1; @@ -477,11 +477,11 @@ } else if (packet_type < ((struct packet_type *) iter->ptr)->num) { break; } else { - index++; + idx++; } } - hip_ll_add(&packet_types, index, new_entry); + hip_ll_add(&packet_types, idx, new_entry); return 0; } === modified file 'lib/core/straddr.c' --- lib/core/straddr.c 2010-10-18 17:44:31 +0000 +++ lib/core/straddr.c 2010-10-19 23:18:00 +0000 @@ -32,30 +32,28 @@ #define _BSD_SOURCE -#include <ctype.h> -#include <errno.h> -#include <stdio.h> -#include <stdlib.h> -#include <arpa/inet.h> -#include <netinet/in.h> -#include <openssl/evp.h> +#include <stdio.h> // sprintf() +#include <arpa/inet.h> // inet_pton() -#include "config.h" -#include "debug.h" -#include "ife.h" -#include "prefix.h" +#include "debug.h" // HIP_DEBUG() +#include "prefix.h" // IPV4_TO_IPV6_MAP() #include "straddr.h" /** - * convert a binary IPv6 address to a string + * Convert a binary IPv6 address to a hexadecimal string representation of the + * form 0011:2233:4455:6677:8899:AABB:CCDD:EEFF terminated by a null character. * - * @param in6 the IPv6 address to convert - * @param buf a preallocated buffer where the string will be stored - * @return a pointer to the buf + * @param in6 a pointer to a binary IPv6 address. + * @param buf a pointer to a buffer to write the string representation to. The + * result of passing a buffer that is too short to hold the string + * representation is undefined. + * @return The function returns a pointer to the output buffer buf if the + * address is successfully converted. It returns a negative value if in6 is + * NULL or buf is NULL. */ -char *hip_in6_ntop(const struct in6_addr *in6, char *buf) +char *hip_in6_ntop(const struct in6_addr *const in6, char *const buf) { - if (!buf) { + if (!in6 || !buf) { return NULL; } sprintf(buf, @@ -68,137 +66,37 @@ } /** - * convert a string into a binary IPv4 address (a wrapper for inet_pton()) - * - * @param str the string to convert - * @param ip an output argument that will contain a binary IPv4 calculated - * from the @c str - * @return zero on success and negative on error - */ -int convert_string_to_address_v4(const char *str, struct in_addr *ip) -{ - int ret = 0, err = 0; - - ret = inet_pton(AF_INET, str, ip); - HIP_IFEL((ret < 0 && errno == EAFNOSUPPORT), -1, - "inet_pton: not a valid address family\n"); - HIP_IFEL((ret == 0), -1, - "inet_pton: %s: not a valid network address\n", str); -out_err: - return err; -} - -/** - * Convert a string to an IPv6 address. This function can handle - * also IPv6 mapped addresses. - * - * @param str the string to convert - * @param ip6 An output argument that will contain a binary IPv4 calculated - * from the @c str. Possibly in IPv6 mapped format. - * @return zero on success or negative on error - */ -int convert_string_to_address(const char *str, - struct in6_addr *ip6) -{ - int ret = 0, err = 0; - struct in_addr ip4; - - ret = inet_pton(AF_INET6, str, ip6); - HIP_IFEL((ret < 0 && errno == EAFNOSUPPORT), -1, - "\"%s\" is not of valid address family.\n", str); - if (ret > 0) { - /* IPv6 address conversion was ok */ - goto out_err; - } - - /* Might be an ipv4 address (ret == 0). Lets catch it here. */ - err = convert_string_to_address_v4(str, &ip4); - if (err) { - goto out_err; - } - - IPV4_TO_IPV6_MAP(&ip4, ip6); - HIP_DEBUG("Mapped v4 to v6.\n"); - HIP_DEBUG_IN6ADDR("mapped v6", ip6); - -out_err: - return err; -} - -/** - * convert a string containing upper case characters to lower case - * - * @param to the result of the conversion (minimum length @c count) - * @param from a string possibly containing upper case characters - * @param count count - * @return zero on success or negative on failure - */ -int hip_string_to_lowercase(char *to, const char *from, const size_t count) -{ - unsigned i; - - if (to == NULL || from == NULL || count == 0) { - return -1; - } - - for (i = 0; i < count; i++) { - if (isalpha(from[i])) { - to[i] = tolower(from[i]); + * Convert a string representation of an IPv6 or IPv4 address to a struct + * in6_addr. + * If the string contains an IPv4 address, it is converted to its + * IPv6-compatible mapping. + * + * @param str points to the string to convert. + * @param ip6 points to a buffer where the function stores the binary address + * if it could be converted. + * @return The return value is 0 if the conversion succeeds. It is a + * negative value if str or ip6 are NULL or if str contains neither a + * parseable IPv6 or IPv4 address. + */ +int hip_convert_string_to_address(const char *const str, + struct in6_addr *const ip6) +{ + if (str && ip6) { + if (inet_pton(AF_INET6, str, ip6) == 1) { + /* IPv6 address conversion was ok */ + return 0; } else { - to[i] = from[i]; - } - } - return 0; -} - -/** - * test if a given string contains a positive integer - * - * @param string the string to test - * @return zero if the string is digit or negative otherwise - */ -int hip_string_is_digit(const char *string) -{ - if (string == NULL) { - return -1; - } - - int i = 0; - - while (string[i] != '\0') { - if (!isdigit(string[i])) { - return -1; - } - i++; - } - return 0; -} - - -/** - * encode the given content to Base64 - * - * @param buf Pointer to contents to be encoded - * @param len How long is the first parameter in bytes - * - * @return Returns a pointer to encoded content or NULL on error - */ -unsigned char *base64_encode(unsigned char *buf, unsigned int len) -{ - unsigned char *ret; - unsigned int b64_len; - - b64_len = (((len + 2) / 3) * 4) + 1; - ret = malloc(b64_len); - if (ret == NULL) { - goto out_err; - } - EVP_EncodeBlock(ret, buf, len); - return ret; -out_err: - if (ret) { - free(ret); - } - return NULL; -} - + struct in_addr ip4; + + /* Might be an ipv4 address (ret == 0). Lets catch it here. */ + if (inet_pton(AF_INET, str, &ip4) == 1) { + IPV4_TO_IPV6_MAP(&ip4, ip6); + HIP_DEBUG("Mapped v4 to v6.\n"); + HIP_DEBUG_IN6ADDR("mapped v6", ip6); + return 0; + } + } + } + + return -1; +} === modified file 'lib/core/straddr.h' --- lib/core/straddr.h 2010-10-15 15:29:14 +0000 +++ lib/core/straddr.h 2010-10-19 12:08:54 +0000 @@ -29,11 +29,8 @@ #include <sys/types.h> #include <netinet/in.h> -int convert_string_to_address_v4(const char *str, struct in_addr *ip); -int convert_string_to_address(const char *str, struct in6_addr *ip6); -char *hip_in6_ntop(const struct in6_addr *in6, char *buf); -int hip_string_to_lowercase(char *to, const char *from, const size_t count); -int hip_string_is_digit(const char *string); -unsigned char *base64_encode(unsigned char *, unsigned int); +char *hip_in6_ntop(const struct in6_addr *const in6, char *const buf); +int hip_convert_string_to_address(const char *const str, + struct in6_addr *const ip6); #endif /* HIP_LIB_CORE_STRADDR_H */ === modified file 'packaging/create-package.sh' --- packaging/create-package.sh 2010-06-30 11:24:04 +0000 +++ packaging/create-package.sh 2010-10-29 10:52:36 +0000 @@ -1,33 +1,6 @@ #!/bin/sh -VERSION=$(grep '^AC_INIT' configure.ac|cut -d'[' -f 3|cut -d']' -f1) -RELEASE= -NAME=hipl -PKGROOT=$PWD -PKGEXE=$PKGROOT/packaging -PKG_WEB_DIR= -PKG_SERVER_DIR= -DEBDIR=$PWD/debbuild -RPMDIR=$PWD/rpmbuild -RPMBUILD=/tmp/rpmbuild -SUBDEBDIRS="BUILD DEBS SOURCES SPECS SDEBS" -SUBRPMDIRS="BUILD RPMS SOURCES SPECS SRPMS" -SUDO= # no sudo -ARCH= -DISTRO_RELEASE= -DISTRO= -DISTROBASE= -DISTRO_PKG_SUFFIX= -REPO_SERVER=hipl.hiit.fi -REPO_BASE=/var/www/packages/html -BIN_FORMAT= -TARBALL= -RSYNC_OPTS=-uvr -REPO_USER=hipl -REPO_GROUP=hipl -SPECFILE_DIR=$(mktemp -d) -SPECFILE=$SPECFILE_DIR/hipl.spec -OPT_CHANGELOG='doc/ChangeLog' +############### helper functions ##################### die() { @@ -35,182 +8,128 @@ exit 1 } -set_release_version() -{ - if test -r $OPT_CHANGELOG; then - RELEASE=$(head -2 $OPT_CHANGELOG | tail -1 | cut -d" " -f2) - else - RELEASE=$(bzr log --line -l 1 | cut -d: -f1) - fi -} - -build_rpm() -{ - echo "Deleting old .rpmmacros" - echo "%_topdir $RPMBUILD" > $HOME/.rpmmacros - - for SUBDIR in $SUBRPMDIRS; do - if test ! -d $RPMBUILD/$SUBDIR; then - $SUDO mkdir -p $RPMBUILD/$SUBDIR - fi - done - - # fix this hack -miika - test -d $RPMBUILD/RPMS/i586 && - cp -a $RPMBUILD/RPMS/i586 $RPMBUILD/RPMS/i386 - - $SUDO mv -f $TARBALL $RPMBUILD/SOURCES - $SUDO rpmbuild -ba $SPECFILE - - # rpmbuild does not want to build to $RPMDIR, so let's just move it - # to there from $RPMBUILD - test -d $RPMDIR && rm -rf $RPMDIR - mv $RPMBUILD $RPMDIR - find $RPMDIR -name '*rpm' -} - mkindex_rpm() { - test ! -d $PKG_INDEX && mkdir $PKG_INDEX - # fix this hack -miika - test -d /tmp/hipl-${VERSION}/buildenv/RPMS/i586 && - cp -a /tmp/hipl-${VERSION}/buildenv/RPMS/i586 /tmp/hipl-${VERSION}/buildenv/RPMS/i386 - #$SUDO createrepo --update --outputdir=$PKG_INDEX_DIR $PKG_DIR - $SUDO createrepo --outputdir=$PKG_INDEX_DIR $PKG_DIR + mkdir -p $PKG_DIR + createrepo $PKG_DIR } mkindex_deb() { - ORIG=$PWD - cd $PKG_DIR - WD=$(echo $PKG_WEB_DIR | sed 's/ubuntu\///' | sed 's/\//\\\//g') - #dpkg-scanpackages --multiversion . | - dpkg-scanpackages . | \ - sed "s/Filename: \./Filename: $WD/" | \ + PKG_WEB_DIR=dists/$DISTRO_RELEASE/main/binary-${ARCH} + + dpkg-scanpackages $PKG_DIR | + sed "s,Filename: $PKG_DIR,Filename: $PKG_WEB_DIR," | gzip -9c > $PKG_INDEX - cd $ORIG } syncrepo() { + $INDEXING_CMD + + NAME=hipl + REPO_SERVER=hipl.hiit.fi + REPO_USER=hipl + # create repo dir if it does not exist ssh ${REPO_USER}@${REPO_SERVER} mkdir -p $PKG_SERVER_DIR - # build index of all packages - if test x"$DISTROBASE" = x"debian"; then - mkindex_deb - elif test x"$DISTROBASE" = x"redhat"; then - mkindex_rpm - else - die "Unhandled distro $DISTROBASE" - fi - # Delete old packages from the repo ssh ${REPO_USER}@${REPO_SERVER} "rm -f ${PKG_SERVER_DIR}/*.${DISTRO_PKG_SUFFIX}" # Copy all packages and repo index to the repository - rsync $RSYNC_OPTS $PKG_DIR/${NAME}-*${VERSION}*.${DISTRO_PKG_SUFFIX} ${PKG_INDEX} ${REPO_USER}@${REPO_SERVER}:${PKG_SERVER_DIR}/ - + rsync -uvr $PKG_DIR/${NAME}-*${VERSION}*.${DISTRO_PKG_SUFFIX} ${PKG_INDEX} ${REPO_USER}@${REPO_SERVER}:${PKG_SERVER_DIR}/ +} + +build_package() +{ + rm -rf $BUILDDIR + for SUBDIR in $SUBBUILDDIRS; do + mkdir -p $BUILDDIR/$SUBDIR + done + + RELEASE=$(grep BZR_REVISION $SRCDIR/version.h | cut -d\" -f2) + + echo "Version: $VERSION" > $SPECFILE + echo "Release: $RELEASE" >> $SPECFILE + echo "%define _topdir $BUILDDIR" >> $SPECFILE + cat $SPECFILE_TEMPLATE >> $SPECFILE + + make dist > /dev/null + mv -f hipl-${VERSION}.tar.gz $BUILDDIR/SOURCES + + $PACKAGING_CMD +} + +build_rpm() +{ + rpmbuild --target $ARCH -ba $SPECFILE } build_deb() { - test -e ~/.debmacros && echo "Warning: ~/.debmacros found, could be a problem" - if test -e ~/debbuild; then - echo "Warning: ~/debbuild found, could be a problem" - echo "It should be a link to /usr/src/debian" - fi - - if test ! -x /usr/bin/pax; then - die "apt-get install pax" - fi - - for SUBDIR in $SUBDEBDIRS; do - if test ! -d $DEBDIR/$SUBDIR; then - mkdir -p $DEBDIR/$SUBDIR - fi - done - - cp $SPECFILE $DEBDIR/SPECS - - mv -f $TARBALL $DEBDIR/SOURCES # http://www.deepnet.cx/debbuild/ - $PKGEXE/debbuild --buildroot $DEBDIR -ba $SPECFILE + $SRCDIR_PACKAGING/debbuild --buildroot $BUILDDIR -ba $SPECFILE } ############### Main program ##################### set -e -set_release_version -echo "Version: $VERSION" > $SPECFILE -echo "Release: $RELEASE" >> $SPECFILE +SRCDIR=$(echo $0 | sed s:/packaging/create-package.sh::) +VERSION=$(grep '^AC_INIT' $SRCDIR/configure.ac | cut -d'[' -f 3 | cut -d']' -f1) +SRCDIR_PACKAGING=$SRCDIR/packaging +REPO_BASE=/var/www/packages/html # Set architecture, distro and repo details if test -r /etc/debian_version; then - DISTROBASE=debian + which pax > /dev/null || die "aptitude install pax" + DISTRO=debian + DISTRO_RELEASE=$(lsb_release -c | cut -f2) ARCH=$(dpkg --print-architecture) - PKG_DIR=$DEBDIR/DEBS/$ARCH - DISTRO_RELEASE=$(lsb_release -c | cut -f2) - PKG_WEB_DIR=ubuntu/dists/$DISTRO_RELEASE/main/binary-${ARCH} - PKG_SERVER_DIR=$REPO_BASE/$DISTRO/$PKG_WEB_DIR - cat $PKGEXE/hipl-deb.spec >> $SPECFILE + BUILDDIR=$PWD/debbuild + SUBBUILDDIRS="BUILD SOURCES SPECS DEBS SDEBS" + PKG_DIR=$BUILDDIR/DEBS/$ARCH + PKG_SERVER_DIR=$REPO_BASE/ubuntu/dists/$DISTRO_RELEASE/main/binary-${ARCH} + SPECFILE_TEMPLATE=$SRCDIR_PACKAGING/hipl-deb.spec DISTRO_PKG_SUFFIX=deb PKG_INDEX_NAME=Packages.gz + INDEXING_CMD=mkindex_deb + PACKAGING_CMD=build_deb elif test -r /etc/redhat-release; then - DISTROBASE=redhat + DISTRO=redhat + DISTRO_RELEASE=$(lsb_release -r | cut -f2) ARCH=$(uname -i) - PKG_DIR=$RPMDIR/RPMS/$ARCH - DISTRO_RELEASE=$(lsb_release -r | cut -f2) - PKG_WEB_DIR=fedora/base/$DISTRO_RELEASE/$ARCH - PKG_SERVER_DIR=$REPO_BASE/$PKG_WEB_DIR - cat $PKGEXE/hipl-rpm.spec >> $SPECFILE + BUILDDIR=$PWD/rpmbuild + SUBBUILDDIRS="BUILD SOURCES SPECS RPMS SRPMS" + PKG_DIR=$BUILDDIR/RPMS/$ARCH + PKG_SERVER_DIR=$REPO_BASE/fedora/base/$DISTRO_RELEASE/$ARCH + SPECFILE_TEMPLATE=$SRCDIR_PACKAGING/hipl-rpm.spec DISTRO_PKG_SUFFIX=rpm PKG_INDEX_NAME=repodata + INDEXING_CMD=mkindex_rpm + PACKAGING_CMD=build_rpm else - die "Unknown architecture" + die "unknown distribution" fi -DISTRO=$(lsb_release -d | cut -f2 | tr '[:upper:]' '[:lower:]' | cut -d" " -f1) -PKG_INDEX_DIR=$PKGEXE -PKG_INDEX=$PKG_INDEX_DIR/$PKG_INDEX_NAME - -TARBALL=$PKGROOT/hipl-${VERSION}.tar.gz +PKG_INDEX=$PKG_DIR/$PKG_INDEX_NAME +SPECFILE=$BUILDDIR/SPECS/hipl.spec # Determine action -if test x"$1" = x"syncrepo"; then - syncrepo - exit -elif test x"$1" = x"bin"; then - if test x"$DISTROBASE" = x"redhat"; then - BIN_FORMAT=rpm - elif test x"$DISTROBASE" = x"debian"; then - BIN_FORMAT=deb - else - die "Unknown distro" - fi -fi -echo "Architecture: $ARCH" - -echo <<EOF -** Creating the directory structure and files for building the -** source package needed for RPM package containing HIPL -** user space software -** -** Version $VERSION -** -EOF - -make dist -ls -ld $TARBALL - -echo "*** Cleaning up ${DEBDIR} ***" -rm -rf ${DEBDIR} - -if test x"$1" = x"rpm" || test x"$BIN_FORMAT" = x"rpm"; then - build_rpm -elif test x"$1" = x"deb" || test x"$BIN_FORMAT" = x"deb"; then - build_deb -else - die "*** Unknown platform, aborting ***" -fi +case $1 in + syncrepo_deb) + INDEXING_CMD=mkindex_deb syncrepo ;; + syncrepo_rpm) + INDEXING_CMD=mkindex_rpm syncrepo ;; + syncrepo) + syncrepo ;; + deb) + PACKAGING_CMD=build_deb build_package ;; + rpm) + PACKAGING_CMD=build_rpm build_package ;; + bin) + build_package ;; + *) + die "usage: $0 <syncrepo|syncrepo_deb|syncrepo_rpm|deb|rpm|bin>" +esac === modified file 'packaging/debbuild' --- packaging/debbuild 2010-02-24 13:01:02 +0000 +++ packaging/debbuild 2010-10-22 16:33:12 +0000 @@ -69,9 +69,9 @@ # Initialized globals my $verbosity = 0; my $NoAutoReq = 0; -my %cmdopts = (type => '', - stage => 'a', - short => 'n' +my %cmdopts = (type => '', + stage => 'a', + short => 'n' ); my $topdir = "/usr/src/debian"; #my $specglobals{buildroot} = "%{_tmppath}/%{name}-%{version}-%{release}.root".int(rand(99998)+1); @@ -79,12 +79,12 @@ # "Constants" my %targets = ('p' => 'Prep', - 'c' => 'Compile', - 'i' => 'Install', - 'l' => 'Verify %files', - 'a' => 'Build binary and source', - 'b' => 'Build binary', - 's' => 'Build source' + 'c' => 'Compile', + 'i' => 'Install', + 'l' => 'Verify %files', + 'a' => 'Build binary and source', + 'b' => 'Build binary', + 's' => 'Build source' ); # Ah, the joys of multiple architectures. :( Feh. # As copied from rpm @@ -98,8 +98,8 @@ # than one Debian version at the same time. Whee. # /etc/debian-version my %distmap = ( - "3.1.9ubuntu7.1" => "dapper", - "4ubuntu2" => "feisty", + "3.1.9ubuntu7.1" => "dapper", + "4ubuntu2" => "feisty", "3.0" => "woody", "3.1" => "sarge", "4" => "etch", @@ -180,7 +180,6 @@ } $scriptletbase .= q( - set -x umask 022 cd %{_topdir}/BUILD ); @@ -704,7 +703,7 @@ $prepscript .= "tar -". ( $pkgdata{main}{source} =~ /\.tar\.gz$/ ? "z" : "" ). ( $pkgdata{main}{source} =~ /\.tar\.bz2$/ ? "j" : "" ). - ( /\s+-q\s+/ ? '' : 'vv' )."xf ". + "xf ". "$topdir/SOURCES/$pkgdata{main}{source}\n". qq(STATUS=\$?\nif [ \$STATUS -ne 0 ]; then\n exit \$STATUS\nfi\n). "cd $topdir/BUILD/$tarballdir\n". === modified file 'packaging/hipl-deb.spec' --- packaging/hipl-deb.spec 2010-10-19 07:32:16 +0000 +++ packaging/hipl-deb.spec 2010-11-05 14:17:19 +0000 @@ -4,7 +4,7 @@ # by packaging/create-package.sh # Note: To check that this file is in correct format, type # ./debbuild --showpkgs hipl-deb.spec -URL: http://infrahip.hiit.fi +URL: http://infrahip.hiit.fi/ Source: http://infrahip.hiit.fi/hipl/release/sources/%{version}/hipl-%{version}.tar.gz Packager: miika@xxxxxx Vendor: InfraHIP @@ -14,6 +14,7 @@ ExclusiveOS: linux BuildRoot: %{_tmppath}/%{name}-%{version}-root Prefix: /usr + %description Host Identity Protocol (HIP) provides cryptographic authentication to @@ -30,7 +31,7 @@ %build autoreconf --install %configure --prefix=/usr --sysconfdir=/etc -make -j 4 all +make -j # Note: # This debbuild script is fragile and does not tolerate comments well. @@ -69,7 +70,7 @@ %package all -Summary: HIPL software bundle: HIP for Linux libraries, daemons and documentation +Summary: Full HIPL software bundle. This virtual package is suitable e.g. for client machines. Group: System Environment/Kernel Requires: hipl-lib, hipl-firewall, hipl-daemon, hipl-tools, hipl-doc, hipl-dnsproxy %description all @@ -118,18 +119,11 @@ %install rm -rf %{buildroot} -install -d %{buildroot}/usr/share/pixmaps -install -d %{buildroot}/usr/bin -install -d %{buildroot}/usr/sbin -install -d %{buildroot}/usr/lib +make install-strip DESTDIR=%{buildroot} install -d %{buildroot}/etc/init.d -install -d %{buildroot}/doc -make DESTDIR=%{buildroot} install install -m 755 packaging/debian-init.d/hipfw %{buildroot}/etc/init.d/hipfw install -m 755 packaging/debian-init.d/hipd %{buildroot}/etc/init.d/hipd install -m 755 packaging/debian-init.d/dnsproxy %{buildroot}/etc/init.d/hipdnsproxy -install -m 644 doc/HOWTO.txt %{buildroot}/doc -install -m 644 doc/HOWTO.html %{buildroot}/doc install -d %{buildroot}/usr/lib/python2.6/dist-packages/DNS install -t %{buildroot}/usr/lib/python2.6/dist-packages/DNS tools/hipdnsproxy/DNS/*py* install -t %{buildroot}/usr/lib/python2.6/dist-packages tools/hipdnsproxy/pyip6.py* @@ -137,8 +131,6 @@ install -t %{buildroot}/usr/lib/python2.6/dist-packages tools/hipdnsproxy/util.py* install -t %{buildroot}/usr/lib/python2.6/dist-packages tools/hipdnskeyparse/myasn.py* install -t %{buildroot}/usr/lib/python2.6/dist-packages/hipdnsproxy tools/hipdnsproxy/hipdnsproxy -install -m 755 tools/hipdnskeyparse/hipdnskeyparse %{buildroot}/usr/sbin/hipdnskeyparse -install -m 755 tools/hipdnsproxy/hipdnsproxy %{buildroot}/usr/sbin/hipdnsproxy %post lib /sbin/ldconfig @@ -199,6 +191,8 @@ %files doc %doc doc/HOWTO.txt doc/HOWTO.html +%doc doc/base-exchange-relay.png doc/base-exchange-rvs.png +%doc doc/docshot-agent-main-window.png doc/docshot-agent-tray-icon.png %files all %doc COPYING === modified file 'packaging/hipl-rpm.spec' --- packaging/hipl-rpm.spec 2010-10-19 07:32:16 +0000 +++ packaging/hipl-rpm.spec 2010-11-05 14:17:19 +0000 @@ -34,7 +34,7 @@ %else CPPFLAGS=-U__STRICT_ANSI__ ./configure --prefix=/usr --sysconfdir=/etc %endif -make -j 4 all +make -j # Currently we are not going to install all includes and test software. # As a consequence, we need to tell rpmbuild that we don't want to package @@ -111,17 +111,11 @@ # XX FIXME: add more python stuff from tools directory -install -d %{buildroot}%{prefix}/bin -install -d %{buildroot}%{prefix}/sbin -install -d %{buildroot}%{prefix}/lib +make install-strip DESTDIR=%{buildroot} install -d %{buildroot}/etc/rc.d/init.d -install -d %{buildroot}/doc -make DESTDIR=%{buildroot} install install -m 755 packaging/fedora-init.d/hipfw %{buildroot}/etc/rc.d/init.d/hipfw install -m 755 packaging/fedora-init.d/hipd %{buildroot}/etc/rc.d/init.d/hipd install -m 755 packaging/fedora-init.d/dnsproxy %{buildroot}/etc/rc.d/init.d/hipdnsproxy -install -m 644 doc/HOWTO.txt %{buildroot}/doc -install -m 644 doc/HOWTO.html %{buildroot}/doc install -d %{buildroot}%{python_sitelib}/DNS install -t %{buildroot}%{python_sitelib}/DNS tools/hipdnsproxy/DNS/*py* install -d %{buildroot}%{python_sitelib}/hipdnskeyparse @@ -130,9 +124,6 @@ install -t %{buildroot}%{python_sitelib} tools/hipdnsproxy/hosts.py* install -t %{buildroot}%{python_sitelib} tools/hipdnsproxy/util.py* install -t %{buildroot}%{python_sitelib} tools/hipdnskeyparse/myasn.py* # XX FIXME -# required in CentOS release 5.2 -install -m 755 tools/hipdnskeyparse/hipdnskeyparse %{buildroot}%{prefix}/sbin/hipdnskeyparse -install -m 755 tools/hipdnsproxy/hipdnsproxy %{buildroot}%{prefix}/sbin/hipdnsproxy %post lib /sbin/ldconfig @@ -229,6 +220,8 @@ %files doc %doc doc/HOWTO.txt doc/HOWTO.html +%doc doc/base-exchange-relay.png doc/base-exchange-rvs.png +%doc doc/docshot-agent-main-window.png doc/docshot-agent-tray-icon.png %files all === modified file 'packaging/openwrt/package/Makefile' --- packaging/openwrt/package/Makefile 2010-10-18 17:02:43 +0000 +++ packaging/openwrt/package/Makefile 2010-10-29 11:31:40 +0000 @@ -61,6 +61,7 @@ define Build/Configure $(call Build/Configure/Default, \ + --sysconfdir=/etc \ --enable-shared \ --disable-debug \ ); === removed file 'test/README.UNITTESTS' --- test/README.UNITTESTS 2010-10-19 05:54:00 +0000 +++ test/README.UNITTESTS 1970-01-01 00:00:00 +0000 @@ -1,5 +0,0 @@ -Run the unit tests via - -#> make check - -For more information, see doc/HACKING === modified file 'test/check_lib_core.c' --- test/check_lib_core.c 2010-10-19 05:58:34 +0000 +++ test/check_lib_core.c 2010-10-29 11:30:05 +0000 @@ -46,7 +46,7 @@ int number_failed; SRunner *sr = srunner_create(lib_core_hit()); srunner_add_suite(sr, lib_core_straddr()); - + srunner_run_all(sr, CK_NORMAL); number_failed = srunner_ntests_failed(sr); srunner_free(sr); === modified file 'test/lib/core/hit.c' --- test/lib/core/hit.c 2010-10-19 06:09:01 +0000 +++ test/lib/core/hit.c 2010-10-24 21:00:00 +0000 @@ -44,18 +44,18 @@ START_TEST(test_hip_convert_hit_to_str_null_hit) { char buf[64]; - hip_convert_hit_to_str(NULL, "", buf); + fail_unless(hip_convert_hit_to_str(NULL, "", buf) < 0, NULL); } END_TEST START_TEST(test_hip_convert_hit_to_str_null_buf) { hip_hit_t hit; - fail_unless(hip_convert_hit_to_str(&hit, "", NULL) == 1, NULL); + fail_unless(hip_convert_hit_to_str(&hit, "", NULL) < 0, NULL); } END_TEST -START_TEST(test_hip_convert_hit_to_str_null_prefix) +START_TEST(test_hip_convert_hit_to_str_null_suffix) { char buf[64]; hip_hit_t hit; @@ -70,23 +70,31 @@ const unsigned int HIT_LEN = 39; // 16 bytes -> 32 hex chars + 7 ':'s const unsigned int SUFFIX_LEN = sizeof(suffix); // includes null char const unsigned int AFTER_LEN = 30; - char buf[BEFORE_LEN + HIT_LEN + SUFFIX_LEN + AFTER_LEN] = { 1 }; - char ones[BEFORE_LEN + HIT_LEN + SUFFIX_LEN + AFTER_LEN] = { 1 }; + struct { + char before[BEFORE_LEN]; + char hit[HIT_LEN]; + char suffix[SUFFIX_LEN]; + char after[AFTER_LEN]; + } buf; + char ones[sizeof(buf)]; hip_hit_t hit; + + memset(&buf, 1, sizeof(buf)); + memset(ones, 1, sizeof(ones)); memset(&hit.s6_addr, 0x22, sizeof(hit.s6_addr)); // write the HIT string into the middle of the buffer - fail_unless(hip_convert_hit_to_str(&hit, suffix, buf + BEFORE_LEN) == 0, NULL); + fail_unless(hip_convert_hit_to_str(&hit, suffix, buf.hit) == 0, NULL); // is the buffer before the HIT untouched? - fail_unless(memcmp(buf, ones, BEFORE_LEN) == 0, NULL); + fail_unless(memcmp(&buf.before, ones, BEFORE_LEN) == 0, NULL); // is the first part of the HIT correct? - fail_unless(*(buf + BEFORE_LEN) == '2', NULL); + fail_unless(buf.hit[0] == '2', NULL); // is the last part of the HIT correct? - fail_unless(*(buf + BEFORE_LEN + HIT_LEN - 1) == '2', NULL); + fail_unless(buf.hit[HIT_LEN - 1] == '2', NULL); // is the suffix correct including the terminating null character? - fail_unless(memcmp(buf + BEFORE_LEN + HIT_LEN, suffix, SUFFIX_LEN) == 0, NULL); + fail_unless(memcmp(&buf.suffix, suffix, SUFFIX_LEN) == 0, NULL); // is the buffer after the suffix untouched? - fail_unless(memcmp(buf + BEFORE_LEN + HIT_LEN + SUFFIX_LEN, ones, AFTER_LEN) == 0, NULL); + fail_unless(memcmp(&buf.after, ones, AFTER_LEN) == 0, NULL); } END_TEST @@ -107,6 +115,20 @@ } END_TEST +START_TEST(test_hip_hit_is_bigger_null_first) +{ + const hip_hit_t hit = IN6ADDR_LOOPBACK_INIT; + hip_hit_is_bigger(NULL, &hit); +} +END_TEST + +START_TEST(test_hip_hit_is_bigger_null_second) +{ + const hip_hit_t hit = IN6ADDR_LOOPBACK_INIT; + hip_hit_is_bigger(&hit, NULL); +} +END_TEST + START_TEST(test_hip_hit_is_bigger_first_null) { hip_hit_t hit; @@ -121,49 +143,6 @@ } END_TEST -START_TEST(test_hip_hit_are_equal_equality) -{ - const hip_hit_t hit1 = IN6ADDR_LOOPBACK_INIT; - const hip_hit_t hit2 = IN6ADDR_LOOPBACK_INIT; - fail_unless(hip_hit_are_equal(&hit1, &hit2) == 1, NULL); -} -END_TEST - -START_TEST(test_hip_hit_are_equal_inequality) -{ - const hip_hit_t bigger = IN6ADDR_LOOPBACK_INIT; - const hip_hit_t smaller = IN6ADDR_ANY_INIT; - fail_unless(hip_hit_are_equal(&bigger, &smaller) == 1, NULL); -} -END_TEST - -START_TEST(test_hip_hit_are_equal_first_null) -{ - hip_hit_t hit; - hip_hit_are_equal(NULL, &hit); -} -END_TEST - -START_TEST(test_hip_hit_are_equal_second_null) -{ - hip_hit_t hit; - hip_hit_are_equal(&hit, NULL); -} -END_TEST - -START_TEST(test_hip_hash_hit_valid) -{ - const hip_hit_t hit = IN6ADDR_ANY_INIT; - hip_hash_hit(&hit); -} -END_TEST - -START_TEST(test_hip_hash_hit_null) -{ - hip_hash_hit(NULL); -} -END_TEST - // For unknown reasons, this file does not compile with the following, // seemingly useless forward declaration Suite *lib_core_hit(void); @@ -174,20 +153,16 @@ TCase *tc_core = tcase_create("Core"); tcase_add_test(tc_core, test_hip_convert_hit_to_str_valid); - tcase_add_exit_test(tc_core, test_hip_convert_hit_to_str_null_hit, 1); + tcase_add_test(tc_core, test_hip_convert_hit_to_str_null_hit); tcase_add_test(tc_core, test_hip_convert_hit_to_str_null_buf); - tcase_add_test(tc_core, test_hip_convert_hit_to_str_null_prefix); + tcase_add_test(tc_core, test_hip_convert_hit_to_str_null_suffix); tcase_add_test(tc_core, test_hip_convert_hit_to_str_bounds); tcase_add_test(tc_core, test_hip_hit_is_bigger_bigger); tcase_add_test(tc_core, test_hip_hit_is_bigger_equal_smaller); + tcase_add_exit_test(tc_core, test_hip_hit_is_bigger_null_first, 1); + tcase_add_exit_test(tc_core, test_hip_hit_is_bigger_null_second, 1); tcase_add_exit_test(tc_core, test_hip_hit_is_bigger_first_null, 1); tcase_add_exit_test(tc_core, test_hip_hit_is_bigger_second_null, 1); - tcase_add_test(tc_core, test_hip_hit_are_equal_equality); - tcase_add_test(tc_core, test_hip_hit_are_equal_inequality); - tcase_add_exit_test(tc_core, test_hip_hit_are_equal_first_null, 1); - tcase_add_exit_test(tc_core, test_hip_hit_are_equal_second_null, 1); - tcase_add_test(tc_core, test_hip_hash_hit_valid); - tcase_add_exit_test(tc_core, test_hip_hash_hit_null, 1); suite_add_tcase(s, tc_core); return s; === modified file 'test/lib/core/straddr.c' --- test/lib/core/straddr.c 2010-10-19 06:09:01 +0000 +++ test/lib/core/straddr.c 2010-10-19 12:01:36 +0000 @@ -31,137 +31,83 @@ #include <stdlib.h> // free() #include "lib/core/straddr.h" -START_TEST(test_convert_string_to_address_v4_valid) -{ - const char *str = "127.0.0.1"; - struct in_addr ip; - - fail_unless(convert_string_to_address_v4(str, &ip) == 0, NULL); -} -END_TEST - -START_TEST(test_convert_string_to_address_v4_null_str) -{ - struct in_addr ip; - - fail_unless(convert_string_to_address_v4(NULL, &ip) < 0, NULL); -} -END_TEST - -START_TEST(test_convert_string_to_address_v4_null_addr) -{ - const char *str = "127.0.0.1"; - - fail_unless(convert_string_to_address_v4(str, NULL) < 0, NULL); -} -END_TEST - -START_TEST(test_convert_string_to_address_v4_invalid) -{ - const char *str = " 127.0.0.1"; - struct in_addr ip; - - fail_unless(convert_string_to_address_v4(str, &ip) < 0, NULL); -} -END_TEST - -START_TEST(test_convert_string_to_address_valid) -{ - const char *str = "fe80::215:58ff:fe29:9c36"; - struct in6_addr ip; - - fail_unless(convert_string_to_address(str, &ip) == 0, NULL); -} -END_TEST - -START_TEST(test_convert_string_to_address_null_str) -{ - struct in6_addr ip; - - fail_unless(convert_string_to_address(NULL, &ip) < 0, NULL); -} -END_TEST - -START_TEST(test_convert_string_to_address_null_addr) -{ - const char *str = "fe80::215:58ff:fe29:9c36"; - - fail_unless(convert_string_to_address(str, NULL) < 0, NULL); -} -END_TEST - -START_TEST(test_convert_string_to_address_invalid) +START_TEST(test_hip_in6_ntop_valid) +{ + const int GUARD_SIZE = 32; // arbitrary + struct buf_test { + char before[GUARD_SIZE]; + char addr[39]; // 16 IPv6 bytes -> 32 hex chars + 7 ':'s + char null[1]; // terminating null character + char after[GUARD_SIZE]; + } buf; + char ones[GUARD_SIZE]; + struct in6_addr in6; + + memset(&buf, '1', sizeof(buf)); + memset(ones, '1', sizeof(ones)); + memset(&in6.s6_addr, 0x22, sizeof(in6.s6_addr)); + + fail_unless(hip_in6_ntop(&in6, buf.addr) == buf.addr, NULL); + // is the buffer before the address untouched? + fail_unless(memcmp(buf.before, ones, GUARD_SIZE) == 0, NULL); + // is the first part of the address correct? + fail_unless(buf.addr[0] == '2', NULL); + // is the last part of the address correct? + fail_unless(buf.addr[sizeof(buf.addr) - 1] == '2', NULL); + // is there a terminating null character? + fail_unless(buf.null[0] == '\0', NULL); + // is the buffer after the address untouched? + fail_unless(memcmp(buf.after, ones, GUARD_SIZE) == 0, NULL); +} +END_TEST + +START_TEST(test_hip_in6_ntop_null_addr) +{ + char buf[64]; + + fail_unless(hip_in6_ntop(NULL, buf) == NULL, NULL); +} +END_TEST + +START_TEST(test_hip_in6_ntop_null_buf) +{ + struct in6_addr in6 = IN6ADDR_LOOPBACK_INIT; + + fail_unless(hip_in6_ntop(&in6, NULL) == NULL, NULL); +} +END_TEST + +START_TEST(test_hip_convert_string_to_address_valid) +{ + const char *str = "fe80::215:58ff:fe29:9c36"; + struct in6_addr ip; + + fail_unless(hip_convert_string_to_address(str, &ip) == 0, NULL); +} +END_TEST + +START_TEST(test_hip_convert_string_to_address_null_str) +{ + struct in6_addr ip; + + fail_unless(hip_convert_string_to_address(NULL, &ip) < 0, NULL); +} +END_TEST + +START_TEST(test_hip_convert_string_to_address_null_addr) +{ + const char *str = "fe80::215:58ff:fe29:9c36"; + + fail_unless(hip_convert_string_to_address(str, NULL) < 0, NULL); +} +END_TEST + +START_TEST(test_hip_convert_string_to_address_invalid) { const char *str = " fe80::215:58ff:fe29:9c36"; struct in6_addr ip; - fail_unless(convert_string_to_address(str, &ip) < 0, NULL); -} -END_TEST - -START_TEST(test_hip_string_to_lowercase_valid) -{ - char to[128] = { 1 }; - char ones[128] = { 1 }; - const char from[] = "TesT"; - const size_t count = sizeof(from) - 1; - const unsigned int offset = 32; - - fail_unless(hip_string_to_lowercase(to + offset, from, count) == 0, NULL); - // was from correctly converted to lower case? - fail_unless(memcmp(to + offset, "test", count) == 0, NULL); - // is the beginning of to still intact? - fail_unless(memcmp(to, ones, offset) == 0, NULL); - // is the rest of to still intact? - fail_unless(memcmp(to + offset + count, ones, offset) == 0, NULL); -} -END_TEST - -START_TEST(test_hip_string_is_digit_valid) -{ - fail_unless(hip_string_is_digit("123456789") == 0, NULL); - fail_unless(hip_string_is_digit("abc") < 0, NULL); -} -END_TEST - -START_TEST(test_hip_string_is_digit_null) -{ - fail_unless(hip_string_is_digit(NULL) < 0, NULL); -} -END_TEST - -START_TEST(test_hip_string_is_digit_empty) -{ - fail_unless(hip_string_is_digit("") < 0, NULL); -} -END_TEST - -START_TEST(test_base64_encode_valid) -{ - const char b64[] = "VGVzdA=="; - unsigned char buf[] = "Test"; - unsigned int len = sizeof(buf) - 1; // do not include null character as per doc - unsigned char *result = NULL; - - fail_unless((result = base64_encode(buf, len)) != NULL, NULL); - fail_unless(strcmp((char*)result, b64) == 0, NULL); - free(result); // note it's not documented that we need to free the returned memory -} -END_TEST - -START_TEST(test_base64_encode_null_buf) -{ - fail_unless(base64_encode(NULL, 42) == NULL, NULL); -} -END_TEST - -START_TEST(test_base64_encode_empty_buf) -{ - unsigned char buf[] = ""; - unsigned char *result = NULL; - - fail_unless((result = base64_encode(buf, 0)) != NULL, NULL); - fail_unless(strlen((char *)result) == 0, NULL); + fail_unless(hip_convert_string_to_address(str, &ip) < 0, NULL); } END_TEST @@ -174,21 +120,13 @@ Suite *s = suite_create("lib/core/straddr"); TCase *tc_core = tcase_create("Core"); - tcase_add_test(tc_core, test_convert_string_to_address_v4_valid); - tcase_add_test(tc_core, test_convert_string_to_address_v4_null_str); - tcase_add_test(tc_core, test_convert_string_to_address_v4_null_addr); - tcase_add_test(tc_core, test_convert_string_to_address_v4_invalid); - tcase_add_test(tc_core, test_convert_string_to_address_valid); - tcase_add_test(tc_core, test_convert_string_to_address_null_str); - tcase_add_test(tc_core, test_convert_string_to_address_null_addr); - tcase_add_test(tc_core, test_convert_string_to_address_invalid); - tcase_add_test(tc_core, test_hip_string_to_lowercase_valid); - tcase_add_test(tc_core, test_hip_string_is_digit_valid); - tcase_add_test(tc_core, test_hip_string_is_digit_null); - tcase_add_test(tc_core, test_hip_string_is_digit_empty); - tcase_add_test(tc_core, test_base64_encode_valid); - tcase_add_test(tc_core, test_base64_encode_null_buf); - tcase_add_test(tc_core, test_base64_encode_empty_buf); + tcase_add_test(tc_core, test_hip_in6_ntop_valid); + tcase_add_test(tc_core, test_hip_in6_ntop_null_addr); + tcase_add_test(tc_core, test_hip_in6_ntop_null_buf); + tcase_add_test(tc_core, test_hip_convert_string_to_address_valid); + tcase_add_test(tc_core, test_hip_convert_string_to_address_null_str); + tcase_add_test(tc_core, test_hip_convert_string_to_address_null_addr); + tcase_add_test(tc_core, test_hip_convert_string_to_address_invalid); suite_add_tcase(s, tc_core); return s; === modified file 'tools/hipconf.c' --- tools/hipconf.c 2010-10-15 15:29:14 +0000 +++ tools/hipconf.c 2010-10-29 12:05:42 +0000 @@ -52,9 +52,8 @@ hip_set_logtype(LOGTYPE_STDERR); hip_set_logfmt(LOGFMT_SHORT); - /* Hipconf displays nothing if debug level is set to none in - * /etc/hip/hipd_config because also hipconf reads the config - * file. This re-enables the the logging for hipconf. */ + /* Reenable logging for hipconf. Since hipconf reads the hipd configuration + * file, hipconf will be silent if debug level is set to none there. */ hip_set_logdebug(LOGDEBUG_ALL); HIP_IFEL(hip_do_hipconf(argc, argv, 0), -2, === renamed file 'tools/hipdnsproxy/hipdnsproxy' => 'tools/hipdnsproxy/hipdnsproxy.in' --- tools/hipdnsproxy/hipdnsproxy 2010-05-16 17:58:14 +0000 +++ tools/hipdnsproxy/hipdnsproxy.in 2010-10-29 12:51:08 +0000 @@ -1,6 +1,6 @@ #! /usr/bin/env python -# HIP name look-up daemon for /etc/hip/hosts and DNS and Bamboo servers +# HIP name look-up daemon for HIPL hosts file and DNS servers # # Usage: Basic usage without any command line options. # See getopt() for the options. @@ -17,11 +17,10 @@ # - Test name resolution with following methods: # - Non-HIP records # - Hostname to HIT resolution -# - HITs and LSIs from /etc/hip/hosts +# - HITs and LSIs from @sysconfdir@/hosts # - On-the-fly generated LSI; HIT either from from DNS or hosts # - HI records from DNS -# - HITs from Bamboo via hipd -# - PTR records: maps HITs to hostnames from /etc/hip/hosts +# - PTR records: maps HITs to hostnames from @sysconfdir@/hosts # # Actions to resolv.conf files and dnsproxy hooking: # - Dnsmasq=on, revolvconf=on: only hooks dnsmasq @@ -287,7 +286,7 @@ os.system('killall --quiet hipconf 2>/dev/null') class Global: - default_hiphosts = "/etc/hip/hosts" + default_hiphosts = "@sysconfdir@/hosts" default_hosts = "/etc/hosts" re_nameserver = re.compile(r'nameserver\s+(\S+)$') def __init__(gp): === modified file 'tools/hipdnsproxy/hosts.py' --- tools/hipdnsproxy/hosts.py 2010-04-28 15:47:49 +0000 +++ tools/hipdnsproxy/hosts.py 2010-11-08 14:06:09 +0000 @@ -164,7 +164,7 @@ aaaa_hit[n] = (addr, 0) elif self.str_is_ipv6(addr): aaaa[n] = (addr, 0) - else: + elif not self.str_is_lsi(addr): a[n] = (addr, 0) self.a = a self.aaaa = aaaa === modified file 'tools/hipl_autobuild.sh' --- tools/hipl_autobuild.sh 2010-09-29 13:12:01 +0000 +++ tools/hipl_autobuild.sh 2010-11-05 08:46:43 +0000 @@ -111,8 +111,8 @@ # Run compile and install tests for a certain configuration, in-tree. CONFIGURATION="--prefix=$(pwd)/local_install $@" run_program "./configure" $CONFIGURATION && - run_program "make -j17" && - run_program "make -j17 checkheaders" && + run_program "make -j" && + run_program "make -j checkheaders" && run_program "make install" } @@ -137,13 +137,23 @@ compile # internal autoconf tests, bootstrap the dist tarball, build out-of-tree, etc -run_program "make -j17 distcheck" +run_program "make -j distcheck" + +# run unit tests (this check needs to run after HIPL has been compiled) +run_program "make -j check" # PISA configuration compile --enable-firewall --disable-rvs --disable-opportunistic --disable-profiling --enable-debug --enable-midauth --disable-performance --disable-demo # Max compile coverage configuration -compile --enable-firewall --enable-rvs --enable-opportunistic --enable-profiling --disable-debug --enable-midauth --enable-performance --enable-demo +FEATURES_ALL="--enable-firewall --enable-rvs --enable-opportunistic --enable-profiling --disable-debug --enable-midauth --enable-performance --enable-demo" +compile $FEATURES_ALL + +# Max compile coverage configuration without optimization +compile $FEATURES_ALL CFLAGS="-O0" + +# Max compile coverage configuration with full optimization +compile $FEATURES_ALL CFLAGS="-O3" # Without modules compile --with-nomodules=heartbeat,update,heartbeat_update @@ -154,8 +164,8 @@ cd $OPENWRT_DIR || cleanup 1 run_program "rm -rf package/hipl" run_program "cp -r $CHECKOUT_DIR/packaging/openwrt/package package/hipl" -run_program "make -j17 package/hipl-clean V=99" -run_program "make -j17 package/hipl-install V=99" +run_program "make -j package/hipl/clean V=99" +run_program "make -j package/hipl/install V=99" # Crosscompile HIPL in a scratchbox environment. @@ -163,12 +173,12 @@ # scratchbox complains if USER is missing from the environment export USER=$LOGNAME -CONFIGURATION="Scratchbox ARM crosscompile" -cd $SCRATCHBOX_HOME || cleanup 1 +#CONFIGURATION="Scratchbox ARM crosscompile" +#cd $SCRATCHBOX_HOME || cleanup 1 # clean-up previous run and get fresh sources for compilation (in host env) -run_program "rm -rf hipl-[0-9.]* hipl_*.changes hipl_*.deb" -run_program "tar -xzf $CHECKOUT_DIR/hipl-[0-9.]*.tar.gz" +#run_program "rm -rf hipl-[0-9.]* hipl_*.changes hipl_*.deb" +#run_program "tar -xzf $CHECKOUT_DIR/hipl-[0-9.]*.tar.gz" # perform debian packaging (in maemo sdk env) -run_program "$SCRATCHBOX_DIR/login -d hipl-[0-9.]* dpkg-buildpackage -rfakeroot -b" +#run_program "$SCRATCHBOX_DIR/login -d hipl-[0-9.]* dpkg-buildpackage -rfakeroot -b" cleanup 0 === removed file 'tools/mailer.sh' --- tools/mailer.sh 2010-10-01 15:30:25 +0000 +++ tools/mailer.sh 1970-01-01 00:00:00 +0000 @@ -1,64 +0,0 @@ -#!/bin/sh -# -# Mailer script that notifies about commits to a BZR repo -# -# Copyright (c) 2010 Mircea Gherzan <mgherzan@xxxxxxxxx> -# -# This script has multiple issues that need to be fixed before it is put in -# production use: -# - temporary files are created in an insecure predictable fashion, -# - storing the last revision in /tmp will fail if the machine gets -# rebooted and /tmp is deleted, as is often the case. - -# path to the BZR repository -REPO=/home/$USER/src/hipl -# path to the file containing the last processed revision -LASTREV=/tmp/mailer_lastrev.txt -# buffer used to build the body of the e-mail -MAILBUF=/tmp/mailer_buffer.txt - -# mailing coordinates -SENDTO=hipl-core@xxxxxxxxxxxxxxxxxxx -REPLYTO=hipl-core@xxxxxxxxxxxxxxxxxxx - -##################################################################### - -if [ ! -e $LASTREV ]; then - echo File with the last revno does not exist! - echo Please create $LASTREV - exit 1 -fi - -read lastrev < $LASTREV - -# from now on, working in the BZR repo -cd $REPO || exit 1 - -# update the repo to get the last revision -bzr up - -# get the HEAD revision (the last one) -head=$(bzr revno) - -# lastrev was already processed, so incrementing it -lastrev=$(($lastrev + 1)) - -for rev in $(seq $lastrev $head); do - committer=$(bzr log -r $rev | head -3 | tail -1 | sed -e "s/committer: //g") - branch=$(bzr log -r $rev | head -4 | tail -1 | sed -e "s/branch nick: //g") - firstline=$(bzr log -r $rev | head -7 | tail -1 | sed -e "s/^ *//") - - subject="[$branch] $rev: $firstline" - - # create the body of the e-mail - bzr log -r $rev | tail -n +7 > $MAILBUF - echo "" >> $MAILBUF - bzr diff -c $rev >> $MAILBUF - - # send the e-mail - mailx -s "$subject" -Sfrom="$committer" -Sreplyto=$REPLYTO $SENDTO < $MAILBUF -done - -echo $head > $LASTREV - -exit 0 === modified file 'tools/maintainer/sync-all' --- tools/maintainer/sync-all 2010-05-26 21:37:57 +0000 +++ tools/maintainer/sync-all 2010-10-24 19:32:18 +0000 @@ -1,7 +1,7 @@ #!/bin/sh -xv HOSTS=" -halko.pc.infrahip.net +garadar.infrahip.net netherstorm.infrahip.net terokkar.infrahip.net shadowmoon.infrahip.net @@ -27,11 +27,10 @@ # unconfigured: # ubuntu lucid 32-bit allerian # ubuntu lucid 64-bit cenarion 64-bit -# ubuntu lucid 64-bit garadar # # configured: # Ubuntu lucid 32-bit terokkar.infrahip.net -# Ubuntu lucid 64-bit halko.pc.infrahip.net (real host) +# ubuntu lucid 64-bit garadar # f12-i386 netherstorm.infrahip.net # F12-x86_64 shadowmoon.infrahip.net # CentOS-5.4 i386 hellfire.infrahip.net @@ -42,6 +41,7 @@ # disabled: # F10-x86_64 nagrand.infrahip.net # FC11-i386 hipserver (real host) +# Ubuntu lucid 64-bit halko.pc.infrahip.net (real host) if test $# != 0 then === modified file 'tools/maintainer/update-html-code' --- tools/maintainer/update-html-code 2010-04-01 17:10:37 +0000 +++ tools/maintainer/update-html-code 2010-10-29 11:37:09 +0000 @@ -1,6 +1,5 @@ #!/bin/sh -REVISION=main TMP_DIR=~/.hipl.doxygen.tmp.dir WWW_DIR=/var/www/infrahip/html/hipl OUTPUT_DIR=$WWW_DIR/doxygen === renamed file 'tools/nsupdate.pl' => 'tools/nsupdate.pl.in' --- tools/nsupdate.pl 2010-03-05 02:21:54 +0000 +++ tools/nsupdate.pl.in 2010-10-29 12:51:08 +0000 @@ -17,10 +17,10 @@ ########################################################### use strict; -my $CONFIG_PATH = "/etc/hip/nsupdate.conf"; +my $CONFIG_PATH = "@sysconfdir@/nsupdate.conf"; ########################################################## -# default values, please change in /etc/hip/nsupdate.conf +# default values, please change in above configuration file our $DEBUG = 0; our $LOG_FACILITY = 'local6'; our $HIT_TO_IP_ZONE = 'hit-to-ip.infrahip.net.';