/** sends a list of all available anchor elements in the BEX store
* to the hipd
*
* @param hcstore the BEX store
* @param use_hash_trees indicates whether hash chains or hash trees are stored
* @return 0 on success, -1 on error
*/
int send_bex_store_update_to_hipd(struct hchain_store *hcstore,
const int use_hash_trees)
{
struct hip_common *msg = NULL;
int err = 0;
HIP_ASSERT(hcstore != NULL);
HIP_DEBUG("sending bex-store update to hipd...\n");
HIP_IFEL(!(msg = create_bex_store_update_msg(hcstore, use_hash_trees)),
-1, "failed to create bex store anchors update message\n");
HIP_DUMP_MSG(msg);
/* send msg to hipd and receive corresponding reply */
HIP_IFEL(hip_send_recv_daemon_info(msg, 1, hip_fw_sock), -1, "send_recv msg failed\n");
/* check error value */
HIP_IFEL(hip_get_msg_err(msg), -1, "hipd returned error message!\n");
HIP_DEBUG("send_recv msg succeeded\n");
out_err:
free(msg);
return err;
}
int hip_setup_hit_sp_pair(hip_hit_t *src_hit, hip_hit_t *dst_hit,
struct in6_addr *src_addr,
struct in6_addr *dst_addr, u8 proto,
int use_full_prefix, int update)
{
int so, len, err = 0;
u_int prefs, prefd;
u8 prefix = (use_full_prefix) ? 128 : HIP_HIT_PREFIX_LEN;
int cmd = update ? SADB_X_SPDUPDATE : SADB_X_SPDADD;
HIP_DEBUG("\n");
HIP_IFEL(((so = pfkey_open()) < 0), -1, "ERROR in opening pfkey socket: %s\n", ipsec_strerror());
HIP_DEBUG("Adding a pair of SP\n");
HIP_IFEBL((hip_pfkey_policy_modify(so, dst_hit, prefix, src_hit,
prefix, src_addr, dst_addr,
proto, cmd, IPSEC_DIR_INBOUND)<0),
-1, pfkey_close(so), "ERROR in %s the inbound policy\n", update ? "updating" : "adding");
HIP_IFEL(((so = pfkey_open()) < 0), -1, "ERROR in opening pfkey socket: %s\n", ipsec_strerror());
HIP_IFEBL((hip_pfkey_policy_modify(so, src_hit, prefix, dst_hit,
prefix, dst_addr, src_addr,
proto, cmd, IPSEC_DIR_OUTBOUND)<0),
-1, pfkey_close(so), "ERROR in %s the outbound policy\n", update ? "updating" : "adding");
return 0;
out_err:
return err;
}
/**
* Handle ECHO_REQUEST_UNSIGNED parameter.
*
* @param packet_type The packet type of the control message (RFC 5201, 5.3.)
* @param ha_state The host association state (RFC 5201, 4.4.1.)
* @param ctx Pointer to the packet context, containing all information for
* the packet handling (received message, source and destination
* address, the ports and the corresponding entry from the host
* association database).
*
* @return zero on success, or negative error value on error.
*/
int hip_handle_echo_request_param(UNUSED const uint8_t packet_type,
UNUSED const uint32_t ha_state,
struct hip_packet_context *ctx)
{
const struct hip_echo_request *echo_request = NULL;
int err = 0;
if (!(echo_request = hip_get_param(ctx->input_msg,
HIP_PARAM_ECHO_REQUEST))) {
HIP_DEBUG("no ECHO_REQUEST parameter in UPDATE packet, skipping\n");
/* This condition is no error! There simply was no request by the peer
* to add a ECHO_RESPONSE parameter to the outbound message. */
return 0;
}
HIP_DEBUG("echo opaque data len=%d\n",
hip_get_param_contents_len(echo_request));
HIP_HEXDUMP("ECHO_REQUEST ",
(const uint8_t *) echo_request + sizeof(struct hip_tlv_common),
hip_get_param_contents_len(echo_request));
HIP_IFEL(hip_build_param_echo(ctx->output_msg,
(const uint8_t *) echo_request + sizeof(struct hip_tlv_common),
hip_get_param_contents_len(echo_request), 0, 0),
-1, "Building of ECHO_RESPONSE failed\n");
out_err:
return err;
}
/**
* opendht_rm - Builds XML RPC packet and sends it through given socket and reads the response
* @param sockfd Socket to be used with the send
* @param key Key for the openDHT
* @param value Value to be removed to the openDHT
* @param secret Value to be used as a secret in remove
* @param host Host address
* @param response Buffer where the possible error message is saved
*
* @return Returns integer -1 on error, on success 0
*/
int opendht_rm(int sockfd,
unsigned char * key,
unsigned char * value,
unsigned char * secret,
unsigned char * host,
int opendht_port,
int opendht_ttl)
{
int key_len = 0;
char put_packet[HIP_MAX_PACKET];
char tmp_key[21];
key_len = opendht_handle_key(key, tmp_key);
/* Rm operation */
memset(put_packet, '\0', sizeof(put_packet));
if (build_packet_rm((unsigned char *)tmp_key,
key_len,
(unsigned char *)value,
strlen((char *)value),
(unsigned char *)secret,
strlen((char *)secret),
opendht_port,
(unsigned char *)host,
put_packet, opendht_ttl) != 0)
{
HIP_DEBUG("Rm packet creation failed.\n");
return(-1);
}
_HIP_DEBUG("Host address in OpenDHT rm : %s\n", host);
HIP_DEBUG("Actual OpenDHT send starts here\n");
send(sockfd, put_packet, strlen(put_packet), 0);
return(0);
}
/**
* hip_regen_dh_keys - Regenerate Diffie-Hellman keys for HIP
* @param bitmask Mask of groups to generate.
*
* Use only this function to generate DH keys.
*/
void hip_regen_dh_keys(u32 bitmask)
{
DH *tmp,*okey;
int maxmask,i;
int cnt = 0;
/* if MAX_DH_GROUP_ID = 4 --> maxmask = 0...01111 */
maxmask = (1 << (HIP_MAX_DH_GROUP_ID+1)) - 1;
bitmask &= maxmask;
for(i=1; i<=HIP_MAX_DH_GROUP_ID; i++) {
if (bitmask & (1 << i)) {
tmp = hip_generate_dh_key(i);
if (!tmp) {
HIP_INFO("Error while generating group: %d\n",i);
continue;
}
okey = dh_table[i];
dh_table[i] = tmp;
hip_free_dh(okey);
cnt++;
HIP_DEBUG("DH key for group %d generated\n",i);
}
}
HIP_DEBUG("%d keys generated\n",cnt);
}
int main(int argc, char *argv[]) {
int err = 0, i = 0;
sqlite3 * db = NULL;
char dbpath[] = "/tmp/hip_sqltest.db";
char table_sql[] = "CREATE TABLE test (num INTEGER, value VARCHAR(128));";
char insert_sql[256];
char delete_sql[] = "DELETE FROM test WHERE num = 3;";
char select_sql[] = "SELECT * FROM test;";
db = hip_sqlite_open_db(dbpath, table_sql);
HIP_IFEL((db == NULL), -1, "Failed to open/create the database\n");
for(i = 1; i < 10; i++) {
memset(insert_sql, '\0', sizeof(insert_sql));
sprintf(insert_sql, "INSERT INTO test VALUES(%d, "
"'Hi to you. #%d times said');", i,i);
HIP_IFEL(hip_sqlite_insert_into_table(db, insert_sql),
-1, "Failed to execute insert into query\n");
}
HIP_IFEL(hip_sqlite_select(db, select_sql, hip_sqlite_callback), -1,
"Failed to execute select query on the db\n");
HIP_DEBUG("Removing row where num is 3\n");
HIP_IFEL(hip_sqlite_delete_from_table(db, delete_sql),
-1, "Failed to execute delete query\n");
HIP_IFEL(hip_sqlite_select(db, select_sql, hip_sqlite_callback), -1,
"Failed to execute select query on the db\n");
HIP_DEBUG("Did the num 3 disappear?\n");
HIP_IFEL(hip_sqlite_close_db(db), -1, "Failed to close the db\n");
out_err:
return(err);
}
int hip_daemon_bind_socket(int socket, struct sockaddr *sa) {
int err = 0, port = 0, on = 1;
struct sockaddr_in6 *addr = (struct sockaddr_in6 *) sa;
HIP_ASSERT(addr->sin6_family == AF_INET6);
errno = 0;
if (setsockopt(socket, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) == -1) {
HIP_DEBUG ("Failed to set socket option SO_REUSEADDR %s \n", strerror(errno));
}
if (addr->sin6_port) {
HIP_DEBUG("Bind to fixed port %d\n", addr->sin6_port);
err = bind(socket,(struct sockaddr *)addr,
sizeof(struct sockaddr_in6));
err = -errno;
goto out_err;
}
/* try to bind first to a priviledged port and then to ephemeral */
port = 1000;
while (port++ < 61000) {
_HIP_DEBUG("trying bind() to port %d\n", port);
addr->sin6_port = htons(port);
err = bind(socket,(struct sockaddr *)addr,
hip_sockaddr_len(addr));
if (err == -1) {
if (errno == EACCES) {
/* Ephemeral ports:
/proc/sys/net/ipv4/ip_local_port_range */
_HIP_DEBUG("Skipping to ephemeral range\n");
port = 32768;
errno = 0;
err = 0;
} else if (errno == EADDRINUSE) {
_HIP_DEBUG("Port %d in use, skip\n", port);
errno = 0;
err = 0;
} else {
HIP_ERROR("Error %d bind() wasn't succesful\n",
errno);
err = -1;
goto out_err;
}
}
else {
_HIP_DEBUG("Bind() to port %d successful\n", port);
goto out_err;
}
}
if (port == 61000) {
HIP_ERROR("All privileged ports were occupied\n");
err = -1;
}
out_err:
return err;
}
/**
* tell firewall to turn on or off the ESP relay mode
*
* @param action HIP_MSG_OFFER_FULLRELAY or HIP_MSG_CANCEL_FULLRELAY
*
* @return zero on success or negative on failure
*/
int hip_firewall_set_esp_relay(int action)
{
struct hip_common *msg = NULL;
int err = 0;
int sent;
HIP_DEBUG("Setting ESP relay to %d\n", action);
if (!(msg = hip_msg_alloc())) {
return -ENOMEM;
}
HIP_IFEL(hip_build_user_hdr(msg,
action ? HIP_MSG_OFFER_FULLRELAY : HIP_MSG_CANCEL_FULLRELAY, 0),
-1, "Build header failed\n");
sent = hip_sendto_firewall(msg);
if (sent < 0) {
HIP_PERROR("Send to firewall failed: ");
err = -1;
goto out_err;
}
HIP_DEBUG("Sent %d bytes to firewall.\n", sent);
out_err:
free(msg);
return err;
}
/*
* Execute nsupdate.pl with IP and HIT given as environment variables
*/
int run_nsupdate(char *ips, char *hit, int start)
{
struct sigaction act;
pid_t child_pid;
HIP_DEBUG("Updating dns records...\n");
act.sa_handler = sig_chld;
/* We don't want to block any other signals */
sigemptyset(&act.sa_mask);
/*
* We're only interested in children that have terminated, not ones
* which have been stopped (eg user pressing control-Z at terminal)
*/
act.sa_flags = SA_NOCLDSTOP | SA_RESTART;
/* Make the handler effective */
if (sigaction(SIGCHLD, &act, NULL) < 0) {
HIP_PERROR("sigaction");
return ERR;
}
/* Let us fork to execute nsupdate as a separate process */
child_pid=fork();
if (child_pid<0) {
HIP_PERROR("fork");
return ERR;
}
else if (child_pid == 0) {// CHILD
char start_str[2];
#if 0
/* Close open sockets since FD_CLOEXEC was not used */
close_all_fds_except_stdout_and_stderr();
#endif
snprintf(start_str, sizeof(start_str), "%i", start);
char *env_ips = make_env(VAR_IPS, ips);
char *env_hit = make_env(VAR_HIT, hit);
char *env_start = make_env(VAR_START, start_str);
char *cmd[] = { NSUPDATE_ARG0, NULL };
char *env[] = { env_ips, env_hit, env_start, NULL };
HIP_DEBUG("Executing %s with %s; %s; %s\n", NSUPDATE_PL, env_hit, env_ips, env_start);
execve (NSUPDATE_PL, cmd, env);
/* Executed only if error */
HIP_PERROR("execve");
exit(1); // just in case
}
else {// PARENT
/* We execute waitpid in SIGCHLD handler */
return OK;
}
}
/**
* Handle LOCATOR parameter in first update packet.
*
* @param packet_type The packet type of the control message (RFC 5201, 5.3.)
* @param ha_state The host association state (RFC 5201, 4.4.1.)
* @param ctx Pointer to the packet context, containing all information for
* the packet handling (received message, source and destination
* address, the ports and the corresponding entry from the host
* association database).
*
* @return zero on success, or negative error value on error.
*/
int hip_handle_locator_parameter(UNUSED const uint8_t packet_type,
UNUSED const uint32_t ha_state,
struct hip_packet_context *ctx)
{
int locator_addr_count = 0;
union hip_locator_info_addr *locator_info_addr = NULL;
struct hip_locator_info_addr_item *locator_address_item = NULL;
struct update_state *localstate = NULL;
struct hip_locator *locator = NULL;
if (hip_classify_update_type(ctx->input_msg) == FIRST_UPDATE_PACKET) {
if (!(locator = hip_get_param_readwrite(ctx->input_msg,
HIP_PARAM_LOCATOR))) {
HIP_ERROR("no LOCATOR parameter found\n");
return -1;
}
locator_addr_count = hip_get_locator_addr_item_count(locator);
HIP_DEBUG("LOCATOR has %d address(es), loc param len=%d\n",
locator_addr_count, hip_get_param_total_len(locator));
// Empty the addresses_to_send_echo_request list before adding the
// new addresses
localstate = lmod_get_state_item(ctx->hadb_entry->hip_modular_state,
"update");
HIP_DEBUG("hip_get_state_item returned localstate: %p\n", localstate);
hip_remove_addresses_to_send_echo_request(localstate);
locator_address_item = (struct hip_locator_info_addr_item *) (locator + 1);
HIP_DEBUG_IN6ADDR("Adding IP source address to locator set",
&ctx->src_addr);
if (!hip_add_address_to_send_echo_request(localstate, ctx->src_addr)) {
HIP_ERROR("Adding source address to the container for update locators failed!\n");
return -1;
}
for (int i = 0; i < locator_addr_count; i++) {
locator_info_addr = hip_get_locator_item(locator_address_item, i);
const struct in6_addr *const peer_addr = hip_get_locator_item_address(locator_info_addr);
if (ipv6_addr_cmp(&ctx->src_addr, peer_addr) != 0) {
HIP_DEBUG_IN6ADDR("adding locator", peer_addr);
if (!hip_add_address_to_send_echo_request(localstate, *peer_addr)) {
HIP_ERROR("Adding an address to the container for update locators failed!\n");
return -1;
}
}
}
hip_print_addresses_to_send_update_request(ctx->hadb_entry);
}
return 0;
}
/**
* an iterator to handle packet retransmission for a given host association
*
* @param entry the host association which to handle
* @param current_time current time
* @return zero on success or negative on failure
*/
static int hip_handle_retransmission(struct hip_hadb_state *entry,
void *current_time)
{
int err = 0;
time_t *now = (time_t *) current_time;
if (entry->hip_msg_retrans.buf == NULL ||
entry->hip_msg_retrans.count == 0) {
goto out_err;
}
/* check if the last transmision was at least RETRANSMIT_WAIT seconds ago */
if (*now - HIP_RETRANSMIT_WAIT > entry->hip_msg_retrans.last_transmit) {
if ((entry->hip_msg_retrans.count > 0) && entry->hip_msg_retrans.buf &&
((entry->state != HIP_STATE_ESTABLISHED && entry->retrans_state != entry->state) ||
(entry->update_state != 0 && entry->retrans_state != entry->update_state) ||
entry->light_update_retrans == 1)) {
HIP_DEBUG("state=%d, retrans_state=%d, update_state=%d\n",
entry->state, entry->retrans_state, entry->update_state, entry->retrans_state);
/* @todo: verify that this works over slow ADSL line */
err = hip_send_pkt(&entry->hip_msg_retrans.saddr,
&entry->hip_msg_retrans.daddr,
(entry->nat_mode ? hip_get_local_nat_udp_port() : 0),
entry->peer_udp_port,
entry->hip_msg_retrans.buf,
entry, 0);
/* Set entry state, if previous state was unassosiated
* and type is I1. */
if (!err && hip_get_msg_type(entry->hip_msg_retrans.buf)
== HIP_I1 && entry->state == HIP_STATE_UNASSOCIATED) {
HIP_DEBUG("Resent I1 succcesfully\n");
entry->state = HIP_STATE_I1_SENT;
}
entry->hip_msg_retrans.count--;
/* set the last transmission time to the current time value */
time(&entry->hip_msg_retrans.last_transmit);
} else {
if (entry->hip_msg_retrans.buf) {
entry->hip_msg_retrans.count = 0;
memset(entry->hip_msg_retrans.buf, 0, HIP_MAX_NETWORK_PACKET);
}
if (entry->state == HIP_STATE_ESTABLISHED) {
entry->retrans_state = entry->update_state;
} else {
entry->retrans_state = entry->state;
}
}
}
out_err:
return err;
}
/*
* checks for ip address for hit
*/
int hip_hit_to_ip(hip_hit_t *hit, struct in6_addr *retval) {
struct addrinfo *rp = NULL; // no C99 :(
char hit_to_ip_hostname[64+HIT_TO_IP_ZONE_MAX_LEN+1];
int found_addr = 0;
struct addrinfo hints;
struct addrinfo *result = NULL;
int res;
if ((hit == NULL)||(retval == NULL))
return ERR;
if (hip_get_hit_to_ip_hostname(hit, hit_to_ip_hostname, sizeof(hit_to_ip_hostname))!=OK)
return ERR;
memset(&hints, 0, sizeof(hints));
hints.ai_family = AF_UNSPEC; /* Allow IPv4 or IPv6 */
hints.ai_socktype = SOCK_DGRAM; /* Datagram socket. Right? */
hints.ai_flags = AI_PASSIVE; /* For wildcard IP address */
hints.ai_protocol = 0; /* Any protocol */
hints.ai_canonname = NULL;
hints.ai_addr = NULL;
hints.ai_next = NULL;
/* getaddrinfo is too complex for DNS lookup, but let us use it now */
res = getaddrinfo( hit_to_ip_hostname, NULL, &hints, &result );
HIP_DEBUG("getaddrinfo(%s) returned %d\n", hit_to_ip_hostname, res);
if (res!=0) {
HIP_DEBUG("getaddrinfo error %s\n", gai_strerror(res));
return ERR;
}
/* Look at the list and return only one address, let us prefer AF_INET */
for (rp = result; rp != NULL; rp = rp->ai_next) {
HIP_DEBUG_SOCKADDR("getaddrinfo result", rp->ai_addr);
if (rp->ai_family == AF_INET) {
struct sockaddr_in *tmp_sockaddr_in_ptr = (struct sockaddr_in *) (rp->ai_addr);
IPV4_TO_IPV6_MAP(&(tmp_sockaddr_in_ptr->sin_addr), retval)
found_addr = 1;
break;
} else if (rp->ai_family == AF_INET6) {
struct sockaddr_in6 *tmp_sockaddr_in6_ptr = (struct sockaddr_in6 *) (rp->ai_addr);
ipv6_addr_copy(retval, &(tmp_sockaddr_in6_ptr->sin6_addr));
found_addr = 1;
}
}
if (result)
freeaddrinfo(result);
if (found_addr)
return OK;
else
return ERR;
}
void hip_delete_sa(u32 spi, struct in6_addr *peer_addr, struct in6_addr *dst_addr,
int direction, hip_ha_t *entry)
{
int so, len, err = 0;
struct sockaddr_storage ss_addr, dd_addr;
struct sockaddr *saddr;
struct sockaddr *daddr;
in_port_t sport, dport;
/* @todo: sport and dport should be used! */
if (direction == HIP_SPI_DIRECTION_OUT)
{
sport = entry->local_udp_port;
dport = entry->peer_udp_port;
entry->outbound_sa_count--;
if (entry->outbound_sa_count < 0) {
HIP_ERROR("Warning: out sa count negative\n");
entry->outbound_sa_count = 0;
}
}
else
{
sport = entry->peer_udp_port;
dport = entry->local_udp_port;
entry->inbound_sa_count--;
if (entry->inbound_sa_count < 0) {
HIP_ERROR("Warning: in sa count negative\n");
entry->inbound_sa_count = 0;
}
}
saddr = (struct sockaddr*) &ss_addr;
daddr = (struct sockaddr*) &dd_addr;
HIP_DEBUG("\n");
HIP_DEBUG("spi=0x%x\n", spi);
HIP_DEBUG_IN6ADDR("peer_addr", peer_addr);
HIP_DEBUG_IN6ADDR("dst_addr", dst_addr);
// Sanity check
HIP_IFEL((!peer_addr || !dst_addr), -1, "Addresses not valid when deleting SA's\n");
HIP_IFEL(((so = pfkey_open()) < 0), -1, "ERROR in opening pfkey socket: %s\n", ipsec_strerror());
get_sock_addr_from_in6(saddr, peer_addr);
get_sock_addr_from_in6(daddr, dst_addr);
HIP_IFEBL(((len = pfkey_send_delete(so, SADB_SATYPE_ESP, HIP_IPSEC_DEFAULT_MODE, saddr, daddr, spi))<0), -1,
pfkey_close(so), "ERROR in deleting sa %s", ipsec_strerror());
out_err:
return;
}
int hip_flush_all_sa()
{
int so, len, err = 0;
HIP_DEBUG("\n");
HIP_IFEL(((so = pfkey_open()) < 0), -1, "ERROR in opening pfkey socket: %s\n", ipsec_strerror());
HIP_DEBUG("Flushing all SA's\n");
HIP_IFEBL(((len = pfkey_send_flush(so, SADB_SATYPE_ESP))<0), -1,
pfkey_close(so), "ERROR in flushing policies %s\n", ipsec_strerror());
return len;
out_err:
return err;
}
/**
*
* get the current running status of firewall
*
* @return one if firewall is running or zero otherwise
*/
int hip_firewall_is_alive(void)
{
#ifdef CONFIG_HIP_FIREWALL
if (hip_firewall_status) {
HIP_DEBUG("Firewall is alive.\n");
} else {
HIP_DEBUG("Firewall is not alive.\n");
}
return hip_firewall_status;
#else
HIP_DEBUG("Firewall is disabled.\n");
return 0;
#endif // CONFIG_HIP_FIREWALL
}
int hip_flush_all_policy()
{
int so, len, err = 0;
HIP_DEBUG("\n");
HIP_IFEL(((so = pfkey_open()) < 0), -1, "ERROR in opening pfkey socket: %s\n", ipsec_strerror());
HIP_DEBUG("FLushing all SP's\n");
HIP_IFEBL(((len = pfkey_send_spdflush(so))<0), -1,
pfkey_close(so), "ERROR in flushing policies %s\n", ipsec_strerror());
HIP_DEBUG("FLushing all SP's was successful\n");
return len;
out_err:
HIP_ERROR("FLushing all SP's\n");
return err;
}
/**
* This function stores the LOCATOR parameter into the hadb entry
* of a connection in question. The whole LOCATOR is stored and
* handled later as the LOCATOR is received before the connection
* state has reached ESTABLISHED (UPDATEs are not allowed before
* the state is ESTABLISHED) and the address verification is
* handled later during the BEX (after receiving the R2).
*
* @param packet_type The packet type of the control message (RFC 5201, 5.3.)
* @param ha_state The host association state (RFC 5201, 4.4.1.)
* @param ctx Pointer to the packet context, containing all information for
* the packet handling (received message, source and destination
* address, the ports and the corresponding entry from the host
* association database).
*
* @return zero on success, or negative error value on error.
*/
int hip_handle_locator(UNUSED const uint8_t packet_type,
UNUSED const uint32_t ha_state,
struct hip_packet_context *ctx)
{
const struct hip_locator *locator = NULL;
int n_addrs = 0, loc_size = 0, err = 0;
locator = hip_get_param(ctx->input_msg, HIP_PARAM_LOCATOR);
if (locator) {
n_addrs = hip_get_locator_addr_item_count(locator);
loc_size = sizeof(struct hip_locator) +
(n_addrs * sizeof(struct hip_locator_info_addr_item));
/* this handle function is called during BEX, there should be no
* locators yet. */
HIP_ASSERT(!ctx->hadb_entry->locator);
HIP_IFEL(!(ctx->hadb_entry->locator = malloc(loc_size)),
-1, "Malloc for entry->locators failed\n");
memcpy(ctx->hadb_entry->locator, locator, loc_size);
} else {
HIP_DEBUG("R1 did not have locator\n");
}
out_err:
return err;
}
static int hip_sqlite_callback(void *NotUsed, int argc, char **argv, char **azColName) {
int i;
for(i=0; i<argc; i++){
HIP_DEBUG("%s = %s\n", azColName[i], argv[i] ? argv[i] : "NULL");
}
return 0;
}
/*
* Called from hip_for_each_hi
*/
int run_nsupdate_for_hit (struct hip_host_id_entry *entry, void *opaq)
{
int start = 0;
char ip_str[40]; // buffer for one IP address
char ips_str[1024] = ""; // list of IP addresses
hip_list_t *item, *tmp_hip_list_t;
int i;
char hit[INET6_ADDRSTRLEN + 2];
if (opaq != NULL)
start = * (int *) opaq;
HIP_DEBUG("run_nsupdate_for_hit (start=%d)\n", start);
hip_convert_hit_to_str(&entry->lhi.hit,NULL, hit);
/* make space-separated list of IP addresses in ips_str */
list_for_each_safe(item, tmp_hip_list_t, addresses, i) {
struct netdev_address *n = list_entry(item);
if (netdev_address_to_str(n, ip_str, sizeof(ip_str))==NULL)
HIP_PERROR("netdev_address_to_str");
else {
if (ips_str[0]!=0) // not empty
strncat(ips_str, " ", sizeof(ips_str)-strlen(ips_str));
strncat(ips_str, ip_str, sizeof(ips_str)-strlen(ips_str));
}
}
run_nsupdate(ips_str, hit, start);
return 0;
}
/**
Quits connection thread. Function agent_exit() should be called before
calling this.
*/
void connhipd_quit(void)
{
if (!hip_agent_thread_started) return;
HIP_DEBUG("Stopping connection thread...\n");
hip_agent_thread_started = 0;
pthread_join(connhipd_pthread, NULL);
}
/**
* verify_hddr_lib - It sends the dht response to hipdaemon
* first appending one more user param for holding a structure hdrr_info
* hdrr_info is used by daemon to mark signature and host id verification results to flags
* Then adding user header for recognizing the message at daemon side
*
* @param *hipcommonmsg packet returned from the lookup service
* @param *addrkey key used for the lookup
* @return OR of the signature and host id verification, 0 in case of success
*/
int verify_hddr_lib (struct hip_common *hipcommonmsg,struct in6_addr *addrkey)
{
struct hip_hdrr_info hdrr_info;
struct hip_hdrr_info *hdrr_info_response;
int err = 0 ;
memcpy(&hdrr_info.dht_key, addrkey, sizeof(struct in6_addr));
hdrr_info.sig_verified = -1;
hdrr_info.hit_verified = -1;
hip_build_param_hip_hdrr_info(hipcommonmsg, &hdrr_info);
_HIP_DUMP_MSG (hipcommonmsg);
HIP_INFO("Asking signature verification info from daemon...\n");
HIP_IFEL(hip_build_user_hdr(hipcommonmsg, SO_HIP_VERIFY_DHT_HDRR_RESP,0),-1,
"Building daemon header failed\n");
HIP_IFEL(hip_send_recv_daemon_info(hipcommonmsg, 0, 0),
-1, "Send recv daemon info failed\n");
hdrr_info_response = hip_get_param (hipcommonmsg, HIP_PARAM_HDRR_INFO);
_HIP_DUMP_MSG (hipcommonmsg);
HIP_DEBUG ("Sig verified (0=true): %d\nHit Verified (0=true): %d \n"
,hdrr_info_response->sig_verified, hdrr_info_response->hit_verified);
return (hdrr_info_response->sig_verified | hdrr_info_response->hit_verified);
out_err:
return err;
}
/**
* opendht_get - Builds XML RPC packet and sends it through given socket and reads the response
* @param sockfd Socket to be used with the send
* @param key Key for the openDHT
* @param value Value to be stored to the openDHT
* @param host Host address
* @param response Buffer where the possible error message is saved
*
* @return Returns integer -1 on error, on success 0
*/
int opendht_get(int sockfd,
unsigned char * key,
unsigned char * host,
int port)
{
int key_len = 0;
char get_packet[HIP_MAX_PACKET];
char tmp_key[21];
key_len = opendht_handle_key(key, tmp_key);
/* Get operation */
memset(get_packet, '\0', sizeof(get_packet));
if (build_packet_get((unsigned char *)tmp_key,
key_len,
port,
(unsigned char *)host,
get_packet) !=0)
{
HIP_DEBUG("Get packet creation failed.\n");
return(-1);
}
send(sockfd, get_packet, strlen(get_packet), 0);
return(0);
}
/**
* Send the ip of a peer to hipd, so that it can:
* - unblock the packets that are sent to a particular peer.
* - add it to the blacklist database.
*
* @param peer_ip peer ip.
* @return nothing
*/
int hip_fw_unblock_and_blacklist(const struct in6_addr *peer_ip){
struct hip_common *msg = NULL;
int err = 0;
HIP_DEBUG("\n");
HIP_IFE(!(msg = hip_msg_alloc()), -1);
HIP_IFEL(hip_build_param_contents(msg, (void *)(peer_ip),
HIP_PARAM_IPV6_ADDR,
sizeof(struct in6_addr)),
-1, "build param HIP_PARAM_IPV6_ADDR failed\n");
/* build the message header */
HIP_IFEL(hip_build_user_hdr(msg, SO_HIP_OPPTCP_UNBLOCK_AND_BLACKLIST, 0),
-1, "build hdr failed\n");
HIP_DUMP_MSG(msg);
/* send and receive msg to/from hipd */
HIP_IFEL(hip_send_recv_daemon_info(msg, 1, hip_fw_async_sock), -1, "send_recv msg failed\n");
_HIP_DEBUG("send_recv msg succeed\n");
/* check error value */
HIP_IFEL(hip_get_msg_err(msg), -1, "Got erroneous message!\n");
out_err:
return err;
}
int hip_set_hip_proxy_off(void){
int err = 0;
hipproxy = 0;
HIP_DEBUG("hip_set_hip_proxy_off() invoked.\n");
out_err:
return err;
}
/**
* No description.
*/
int hip_set_opportunistic_mode(const struct hip_common *msg){
int err = 0;
unsigned int *mode = NULL;
mode = hip_get_param_contents(msg, HIP_PARAM_UINT);
if (!mode) {
err = -EINVAL;
goto out_err;
}
HIP_DEBUG("mode=%d\n", *mode);
if(*mode == 0 || *mode == 1 || *mode == 2){
opportunistic_mode = *mode;
} else {
HIP_ERROR("Invalid value for opportunistic mode\n");
err = -EINVAL;
goto out_err;
}
memset(msg, 0, HIP_MAX_PACKET);
HIP_IFE(hip_build_user_hdr(msg, (opportunistic_mode == 2 ? SO_HIP_SET_OPPTCP_ON : SO_HIP_SET_OPPTCP_OFF),
0), -1);
hip_set_opportunistic_tcp_status(msg);
out_err:
return err;
}
int hip_read_user_control_msg(int socket, struct hip_common *hip_msg,
struct sockaddr_in6 *saddr)
{
int err = 0, bytes, hdr_size = sizeof(struct hip_common), total;
socklen_t len;
memset(saddr, 0, sizeof(*saddr));
len = sizeof(*saddr);
HIP_IFEL(((total = hip_peek_recv_total_len(socket, 0, HIP_DEFAULT_MSG_TIMEOUT)) <= 0), -1,
"recv peek failed\n");
_HIP_DEBUG("msg total length = %d\n", total);
/** @todo Compiler warning;
warning: pointer targets in passing argument 6 of 'recvfrom'
differ in signedness. */
HIP_IFEL(((bytes = recvfrom(socket, hip_msg, total, 0,
(struct sockaddr *) saddr,
&len)) != total), -1, "recv\n");
HIP_DEBUG("received user message from local port %d\n",
ntohs(saddr->sin6_port));
_HIP_DEBUG("read_user_control_msg recv len=%d\n", len);
_HIP_HEXDUMP("recv saddr ", saddr, sizeof(struct sockaddr_un));
_HIP_DEBUG("read %d bytes succesfully\n", bytes);
out_err:
if (bytes < 0 || err)
HIP_PERROR("perror: ");
return err;
}
/**
* Uninitialize the middlebox firewall application.
* So far, there's nothing to be done.
*
* @return 0 on success, negative on error
*/
int signaling_hipfw_feedback_uninit(void)
{
HIP_DEBUG("Uninit signaling firewall feedback module \n");
EC_KEY_free(ecdsa_key);
RSA_free(rsa_key);
X509_free(mb_cert);
return 0;
}
/** checks if a hash is verifiable by a hash chain
*
* @param current_hash the hash value to be verified
* @param last_hash the last known hash value
* @param hash_func the hash function to be used
* @param hash_length length of the hash values
* @param tolerance the maximum number of hash calculations
* @param secret the potentially incorporated secret
* @param secret_length length og the secret
* @return hash distance if the hash authentication was successful, 0 otherwise
*/
int hchain_verify(const unsigned char *current_hash,
const unsigned char *last_hash,
const hash_function hash_func,
const int hash_length,
const int tolerance,
const unsigned char *secret,
const int secret_length)
{
/* stores intermediate hash results and allow to concat
* with a secret at each step */
unsigned char buffer[MAX_HASH_LENGTH + secret_length];
int err = 0, i;
HIP_ASSERT(current_hash != NULL && last_hash != NULL);
HIP_ASSERT(hash_func != NULL);
HIP_ASSERT(hash_length > 0 && tolerance >= 0);
// init buffer with the hash we want to verify
memcpy(buffer, current_hash, hash_length);
if (secret && secret_length > 0) {
HIP_HEXDUMP("secret: ", secret, secret_length);
}
for (i = 1; i <= tolerance; i++) {
// add the secret
if (secret != NULL && secret_length > 0) {
memcpy(&buffer[hash_length], secret, secret_length);
}
hash_func(buffer, hash_length + secret_length, buffer);
// compare the elements
if (!(memcmp(buffer, last_hash, hash_length))) {
HIP_DEBUG("hash verfied\n");
err = i;
goto out_err;
}
}
HIP_DEBUG("no matches found within tolerance: %i!\n", tolerance);
out_err:
return err;
}
/**
* Print all IP addresses where an update packet should be sent to.
*
* @param ha pointer to a host association
*/
static void hip_print_addresses_to_send_update_request(const struct hip_hadb_state *const ha)
{
const struct update_state *const localstate = lmod_get_state_item(ha->hip_modular_state, "update");
HIP_DEBUG("Addresses to send update:\n");
for (unsigned i = 0; i < localstate->valid_locators; i++) {
HIP_DEBUG_IN6ADDR("", &localstate->addresses_to_send_echo_request[i]);
}
}
/**
* connhipd_send_hitdata_to_daemon - builds a param containing hits to be
* sent to the daemon
* @param *msg packet to be sent to daemon
* @param *hitr remote hit accepted
* @param *hitl local hit used
* @return 0 on success, -1 on error
*/
int connhipd_send_hitdata_to_daemon(struct hip_common * msg , struct in6_addr * hitr, struct in6_addr * hitl)
{
int err = 0;
struct hip_uadb_info uadb_info ;
char hittest[40];
HIP_DEBUG("Building User Agent DB info message to be sent to daemon.\n");
memcpy(&uadb_info.hitr,hitr, sizeof(struct in6_addr)) ;
memcpy(&uadb_info.hitl,hitl, sizeof(struct in6_addr)) ;
hip_in6_ntop(&uadb_info.hitr, hittest);
HIP_DEBUG("Value: %s\n", hittest);
memcpy(uadb_info.cert,"certificate\0",sizeof("certificate\0"));
hip_build_param_hip_uadb_info(msg, &uadb_info);
HIP_DUMP_MSG (msg);
out_err:
return (err);
}