int hip_read_user_control_msg(int socket, struct hip_common *hip_msg,
struct sockaddr_in6 *saddr)
{
int err = 0, bytes, hdr_size = sizeof(struct hip_common), total;
socklen_t len;
memset(saddr, 0, sizeof(*saddr));
len = sizeof(*saddr);
HIP_IFEL(((total = hip_peek_recv_total_len(socket, 0, HIP_DEFAULT_MSG_TIMEOUT)) <= 0), -1,
"recv peek failed\n");
_HIP_DEBUG("msg total length = %d\n", total);
/** @todo Compiler warning;
warning: pointer targets in passing argument 6 of 'recvfrom'
differ in signedness. */
HIP_IFEL(((bytes = recvfrom(socket, hip_msg, total, 0,
(struct sockaddr *) saddr,
&len)) != total), -1, "recv\n");
HIP_DEBUG("received user message from local port %d\n",
ntohs(saddr->sin6_port));
_HIP_DEBUG("read_user_control_msg recv len=%d\n", len);
_HIP_HEXDUMP("recv saddr ", saddr, sizeof(struct sockaddr_un));
_HIP_DEBUG("read %d bytes succesfully\n", bytes);
out_err:
if (bytes < 0 || err)
HIP_PERROR("perror: ");
return err;
}
/** sends a list of all available anchor elements in the BEX store
* to the hipd
*
* @param hcstore the BEX store
* @param use_hash_trees indicates whether hash chains or hash trees are stored
* @return 0 on success, -1 on error
*/
int send_bex_store_update_to_hipd(struct hchain_store *hcstore,
const int use_hash_trees)
{
struct hip_common *msg = NULL;
int err = 0;
HIP_ASSERT(hcstore != NULL);
HIP_DEBUG("sending bex-store update to hipd...\n");
HIP_IFEL(!(msg = create_bex_store_update_msg(hcstore, use_hash_trees)),
-1, "failed to create bex store anchors update message\n");
HIP_DUMP_MSG(msg);
/* send msg to hipd and receive corresponding reply */
HIP_IFEL(hip_send_recv_daemon_info(msg, 1, hip_fw_sock), -1, "send_recv msg failed\n");
/* check error value */
HIP_IFEL(hip_get_msg_err(msg), -1, "hipd returned error message!\n");
HIP_DEBUG("send_recv msg succeeded\n");
out_err:
free(msg);
return err;
}
int hip_setup_hit_sp_pair(hip_hit_t *src_hit, hip_hit_t *dst_hit,
struct in6_addr *src_addr,
struct in6_addr *dst_addr, u8 proto,
int use_full_prefix, int update)
{
int so, len, err = 0;
u_int prefs, prefd;
u8 prefix = (use_full_prefix) ? 128 : HIP_HIT_PREFIX_LEN;
int cmd = update ? SADB_X_SPDUPDATE : SADB_X_SPDADD;
HIP_DEBUG("\n");
HIP_IFEL(((so = pfkey_open()) < 0), -1, "ERROR in opening pfkey socket: %s\n", ipsec_strerror());
HIP_DEBUG("Adding a pair of SP\n");
HIP_IFEBL((hip_pfkey_policy_modify(so, dst_hit, prefix, src_hit,
prefix, src_addr, dst_addr,
proto, cmd, IPSEC_DIR_INBOUND)<0),
-1, pfkey_close(so), "ERROR in %s the inbound policy\n", update ? "updating" : "adding");
HIP_IFEL(((so = pfkey_open()) < 0), -1, "ERROR in opening pfkey socket: %s\n", ipsec_strerror());
HIP_IFEBL((hip_pfkey_policy_modify(so, src_hit, prefix, dst_hit,
prefix, dst_addr, src_addr,
proto, cmd, IPSEC_DIR_OUTBOUND)<0),
-1, pfkey_close(so), "ERROR in %s the outbound policy\n", update ? "updating" : "adding");
return 0;
out_err:
return err;
}
/**
* verify_hddr_lib - It sends the dht response to hipdaemon
* first appending one more user param for holding a structure hdrr_info
* hdrr_info is used by daemon to mark signature and host id verification results to flags
* Then adding user header for recognizing the message at daemon side
*
* @param *hipcommonmsg packet returned from the lookup service
* @param *addrkey key used for the lookup
* @return OR of the signature and host id verification, 0 in case of success
*/
int verify_hddr_lib (struct hip_common *hipcommonmsg,struct in6_addr *addrkey)
{
struct hip_hdrr_info hdrr_info;
struct hip_hdrr_info *hdrr_info_response;
int err = 0 ;
memcpy(&hdrr_info.dht_key, addrkey, sizeof(struct in6_addr));
hdrr_info.sig_verified = -1;
hdrr_info.hit_verified = -1;
hip_build_param_hip_hdrr_info(hipcommonmsg, &hdrr_info);
_HIP_DUMP_MSG (hipcommonmsg);
HIP_INFO("Asking signature verification info from daemon...\n");
HIP_IFEL(hip_build_user_hdr(hipcommonmsg, SO_HIP_VERIFY_DHT_HDRR_RESP,0),-1,
"Building daemon header failed\n");
HIP_IFEL(hip_send_recv_daemon_info(hipcommonmsg, 0, 0),
-1, "Send recv daemon info failed\n");
hdrr_info_response = hip_get_param (hipcommonmsg, HIP_PARAM_HDRR_INFO);
_HIP_DUMP_MSG (hipcommonmsg);
HIP_DEBUG ("Sig verified (0=true): %d\nHit Verified (0=true): %d \n"
,hdrr_info_response->sig_verified, hdrr_info_response->hit_verified);
return (hdrr_info_response->sig_verified | hdrr_info_response->hit_verified);
out_err:
return err;
}
/**
* No description.
*/
int hip_query_ip_hit_mapping(struct hip_common *msg){
int err = 0;
unsigned int mapping = 0;
struct in6_addr *hit = NULL;
hip_ha_t *entry = NULL;
hit = (struct in6_addr *) hip_get_param_contents(msg, HIP_PARAM_PSEUDO_HIT);
HIP_ASSERT(hit_is_opportunistic_hashed_hit(hit));
entry = hip_hadb_try_to_find_by_peer_hit(hit);
if(entry)
mapping = 1;
else
mapping = 0;
hip_msg_init(msg);
HIP_IFEL(hip_build_param_contents(msg, (void *) &mapping,
HIP_PARAM_UINT,
sizeof(unsigned int)), -1,
"build param mapping failed\n");
HIP_IFEL(hip_build_user_hdr(msg,
SO_HIP_ANSWER_IP_HIT_MAPPING_QUERY, 0),
-1, "build user header failed\n");
out_err:
return err;
}
/**
* Initialize raw IPv4 sockets for TCP
*
* @param firewall_raw_sock_v4 the result will be written here
*
* @return zero on success, non-zero on error
*/
static int hip_firewall_init_raw_sock_tcp_v4(int *firewall_raw_sock_v4)
{
int on = 1, err = 0;
int off = 0;
*firewall_raw_sock_v4 = socket(AF_INET, SOCK_RAW, IPPROTO_TCP);
HIP_IFEL(*firewall_raw_sock_v4 <= 0, 1, "Raw socket v4 creation failed. Not root?\n");
/* RECV_ERR is off because it is not handled properly by hipd
* (message length is -1 and this causes msg reading problems) */
err = setsockopt(*firewall_raw_sock_v4, IPPROTO_IP,
IP_RECVERR, &off, sizeof(on));
HIP_IFEL(err, -1, "setsockopt v4 recverr failed\n");
err = setsockopt(*firewall_raw_sock_v4, SOL_SOCKET,
SO_BROADCAST, &on, sizeof(on));
HIP_IFEL(err, -1, "setsockopt v4 failed to set broadcast \n");
err = setsockopt(*firewall_raw_sock_v4, IPPROTO_IP,
IP_PKTINFO, &on, sizeof(on));
HIP_IFEL(err, -1, "setsockopt v4 pktinfo failed\n");
err = setsockopt(*firewall_raw_sock_v4, SOL_SOCKET,
SO_REUSEADDR, &on, sizeof(on));
HIP_IFEL(err, -1, "setsockopt v4 reuseaddr failed\n");
out_err:
return err;
}
/**
* Handle SEQ parameter in first and second update packet.
*
* @param packet_type The packet type of the control message (RFC 5201, 5.3.)
* @param ha_state The host association state (RFC 5201, 4.4.1.)
* @param ctx Pointer to the packet context, containing all information for
* the packet handling (received message, source and destination
* address, the ports and the corresponding entry from the host
* association database).
*
* @return zero on success, or negative error value on error.
*/
int hip_handle_seq_param(UNUSED const uint8_t packet_type,
UNUSED const uint32_t ha_state,
struct hip_packet_context *ctx)
{
const struct hip_seq *seq = NULL;
const enum update_types update_type = hip_classify_update_type(ctx->input_msg);
struct update_state *localstate = NULL;
int err = 0;
if (update_type == FIRST_UPDATE_PACKET ||
update_type == SECOND_UPDATE_PACKET) {
HIP_IFEL(!(seq = hip_get_param(ctx->input_msg, HIP_PARAM_SEQ)),
-1, "SEQ parameter not found\n");
HIP_IFEL(!(localstate = lmod_get_state_item(ctx->hadb_entry->hip_modular_state,
"update")),
-1, "failed to look up update state\n");
// progress update sequence to currently processed update
if (localstate->update_id_in < ntohl(seq->update_id)) {
localstate->update_id_in = ntohl(seq->update_id);
}
HIP_IFEL(hip_build_param_ack(ctx->output_msg, ntohl(seq->update_id)),
-1, "Building of ACK parameter failed\n");
}
out_err:
return err;
}
static int init_raw_sock_v4(int proto)
{
int on = 1, off = 0, err = 0;
int sock;
sock = socket(AF_INET, SOCK_RAW, proto);
set_cloexec_flag(sock, 1);
HIP_IFEL(sock <= 0, 1, "Raw socket v4 creation failed. Not root?\n");
/* RECV_ERR is off because it is not handled properly by hipd
* (message length is -1 and this causes msg reading problems) */
err = setsockopt(sock, IPPROTO_IP, IP_RECVERR, &off, sizeof(on));
HIP_IFEL(err, -1, "setsockopt v4 recverr failed\n");
err = setsockopt(sock, SOL_SOCKET, SO_BROADCAST, &on, sizeof(on));
HIP_IFEL(err, -1, "setsockopt v4 failed to set broadcast \n");
err = setsockopt(sock, IPPROTO_IP, IP_PKTINFO, &on, sizeof(on));
HIP_IFEL(err, -1, "setsockopt v4 pktinfo failed\n");
err = setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));
HIP_IFEL(err, -1, "setsockopt v4 reuseaddr failed\n");
return sock;
out_err:
return -1;
}
/**
* Send the ip of a peer to hipd, so that it can:
* - unblock the packets that are sent to a particular peer.
* - add it to the blacklist database.
*
* @param peer_ip peer ip.
* @return nothing
*/
int hip_fw_unblock_and_blacklist(const struct in6_addr *peer_ip){
struct hip_common *msg = NULL;
int err = 0;
HIP_DEBUG("\n");
HIP_IFE(!(msg = hip_msg_alloc()), -1);
HIP_IFEL(hip_build_param_contents(msg, (void *)(peer_ip),
HIP_PARAM_IPV6_ADDR,
sizeof(struct in6_addr)),
-1, "build param HIP_PARAM_IPV6_ADDR failed\n");
/* build the message header */
HIP_IFEL(hip_build_user_hdr(msg, SO_HIP_OPPTCP_UNBLOCK_AND_BLACKLIST, 0),
-1, "build hdr failed\n");
HIP_DUMP_MSG(msg);
/* send and receive msg to/from hipd */
HIP_IFEL(hip_send_recv_daemon_info(msg, 1, hip_fw_async_sock), -1, "send_recv msg failed\n");
_HIP_DEBUG("send_recv msg succeed\n");
/* check error value */
HIP_IFEL(hip_get_msg_err(msg), -1, "Got erroneous message!\n");
out_err:
return err;
}
/* returns an unused anchor element for the given transform
*
* @param transform the ESP protection extension transform
* @return anchor, NULL if empty
*/
unsigned char *anchor_db_get_anchor(const uint8_t transform)
{
unsigned char *stored_anchor = NULL;
int anchor_offset = 0;
int err = 0;
// ensure correct boundaries
HIP_ASSERT(transform > 0);
// get index of last unused anchor for this transform
HIP_IFEL((anchor_offset = anchor_db.num_anchors[transform] - 1) < 0, -1,
"anchor_db is empty for this transform\n");
// ensure correct boundaries
HIP_ASSERT(anchor_offset >= 0 && anchor_offset < HCSTORE_MAX_HCHAINS_PER_ITEM);
HIP_IFEL(!(stored_anchor = anchor_db.anchors[transform][anchor_offset]), -1,
"anchor_offset points to empty slot\n");
// remove anchor from db
anchor_db.anchors[transform][anchor_offset] = NULL;
anchor_offset = anchor_db.num_anchors[transform]--;
out_err:
if (err) {
free(stored_anchor);
stored_anchor = NULL;
}
return stored_anchor;
}
int hip_pfkey_policy_modify(int so, hip_hit_t *src_hit, u_int prefs,
hip_hit_t *dst_hit, u_int prefd,
struct in6_addr *src_addr, struct in6_addr *dst_addr,
u8 proto, int cmd, int direction)
{
int err = 0;
struct sockaddr_storage ss_addr, dd_addr, ss_hit, dd_hit;
struct sockaddr *s_saddr, *s_shit;
struct sockaddr *d_saddr, *d_shit;
caddr_t policy = NULL;
int policylen = 0;
int len = 0;
u_int mode;
HIP_DEBUG("\n");
// Sanity check
HIP_IFEL((src_hit == NULL || dst_hit == NULL), -1, "Invalid hit's\n");
if (src_addr) { // could happen with the delete
s_saddr = (struct sockaddr*) &ss_addr;
get_sock_addr_from_in6(s_saddr, src_addr);
}
if (dst_addr) { // could happen with the delete
d_saddr = (struct sockaddr*) &dd_addr;
get_sock_addr_from_in6(d_saddr, dst_addr);
}
s_shit = (struct sockaddr*) &ss_hit;
get_sock_addr_from_in6(s_shit, src_hit);
d_shit = (struct sockaddr*) &dd_hit;
get_sock_addr_from_in6(d_shit, dst_hit);
if (proto)
mode = HIP_IPSEC_DEFAULT_MODE;
else
mode = IPSEC_MODE_TRANSPORT;
HIP_IFEL((getsadbpolicy(&policy, &policylen, direction, s_saddr, d_saddr, mode, cmd)<0),
-1, "Error in building the policy\n");
if (cmd == SADB_X_SPDUPDATE) {
HIP_IFEL((len = pfkey_send_spdupdate(so, s_shit, prefs, d_shit, prefd,
proto, policy, policylen, 0)<0), -1,
"libipsec failed send_x4 (%s)\n", ipsec_strerror());
} else if (cmd == SADB_X_SPDADD) {
HIP_IFEL((len = pfkey_send_spdadd(so, s_shit, prefs, d_shit, prefd,
proto, policy, policylen, 0)<0), -1,
"libipsec failed send_x4 (%s)\n", ipsec_strerror());
} else { // SADB_X_SPDDELETE
HIP_IFEL((len = pfkey_send_spddelete(so, s_shit, prefs, d_shit, prefd,
proto, policy, policylen, 0)<0), -1,
"libipsec failed send_x4 (%s)\n", ipsec_strerror());
}
return len;
out_err:
return err;
}
void hip_delete_sa(u32 spi, struct in6_addr *peer_addr, struct in6_addr *dst_addr,
int direction, hip_ha_t *entry)
{
int so, len, err = 0;
struct sockaddr_storage ss_addr, dd_addr;
struct sockaddr *saddr;
struct sockaddr *daddr;
in_port_t sport, dport;
/* @todo: sport and dport should be used! */
if (direction == HIP_SPI_DIRECTION_OUT)
{
sport = entry->local_udp_port;
dport = entry->peer_udp_port;
entry->outbound_sa_count--;
if (entry->outbound_sa_count < 0) {
HIP_ERROR("Warning: out sa count negative\n");
entry->outbound_sa_count = 0;
}
}
else
{
sport = entry->peer_udp_port;
dport = entry->local_udp_port;
entry->inbound_sa_count--;
if (entry->inbound_sa_count < 0) {
HIP_ERROR("Warning: in sa count negative\n");
entry->inbound_sa_count = 0;
}
}
saddr = (struct sockaddr*) &ss_addr;
daddr = (struct sockaddr*) &dd_addr;
HIP_DEBUG("\n");
HIP_DEBUG("spi=0x%x\n", spi);
HIP_DEBUG_IN6ADDR("peer_addr", peer_addr);
HIP_DEBUG_IN6ADDR("dst_addr", dst_addr);
// Sanity check
HIP_IFEL((!peer_addr || !dst_addr), -1, "Addresses not valid when deleting SA's\n");
HIP_IFEL(((so = pfkey_open()) < 0), -1, "ERROR in opening pfkey socket: %s\n", ipsec_strerror());
get_sock_addr_from_in6(saddr, peer_addr);
get_sock_addr_from_in6(daddr, dst_addr);
HIP_IFEBL(((len = pfkey_send_delete(so, SADB_SATYPE_ESP, HIP_IPSEC_DEFAULT_MODE, saddr, daddr, spi))<0), -1,
pfkey_close(so), "ERROR in deleting sa %s", ipsec_strerror());
out_err:
return;
}
/**
* Handle ECHO_REQUEST_UNSIGNED parameter.
*
* @param packet_type The packet type of the control message (RFC 5201, 5.3.)
* @param ha_state The host association state (RFC 5201, 4.4.1.)
* @param ctx Pointer to the packet context, containing all information for
* the packet handling (received message, source and destination
* address, the ports and the corresponding entry from the host
* association database).
*
* @return zero on success, or negative error value on error.
*/
int hip_handle_echo_request_param(UNUSED const uint8_t packet_type,
UNUSED const uint32_t ha_state,
struct hip_packet_context *ctx)
{
const struct hip_echo_request *echo_request = NULL;
int err = 0;
if (!(echo_request = hip_get_param(ctx->input_msg,
HIP_PARAM_ECHO_REQUEST))) {
HIP_DEBUG("no ECHO_REQUEST parameter in UPDATE packet, skipping\n");
/* This condition is no error! There simply was no request by the peer
* to add a ECHO_RESPONSE parameter to the outbound message. */
return 0;
}
HIP_DEBUG("echo opaque data len=%d\n",
hip_get_param_contents_len(echo_request));
HIP_HEXDUMP("ECHO_REQUEST ",
(const uint8_t *) echo_request + sizeof(struct hip_tlv_common),
hip_get_param_contents_len(echo_request));
HIP_IFEL(hip_build_param_echo(ctx->output_msg,
(const uint8_t *) echo_request + sizeof(struct hip_tlv_common),
hip_get_param_contents_len(echo_request), 0, 0),
-1, "Building of ECHO_RESPONSE failed\n");
out_err:
return err;
}
/**
* This function stores the LOCATOR parameter into the hadb entry
* of a connection in question. The whole LOCATOR is stored and
* handled later as the LOCATOR is received before the connection
* state has reached ESTABLISHED (UPDATEs are not allowed before
* the state is ESTABLISHED) and the address verification is
* handled later during the BEX (after receiving the R2).
*
* @param packet_type The packet type of the control message (RFC 5201, 5.3.)
* @param ha_state The host association state (RFC 5201, 4.4.1.)
* @param ctx Pointer to the packet context, containing all information for
* the packet handling (received message, source and destination
* address, the ports and the corresponding entry from the host
* association database).
*
* @return zero on success, or negative error value on error.
*/
int hip_handle_locator(UNUSED const uint8_t packet_type,
UNUSED const uint32_t ha_state,
struct hip_packet_context *ctx)
{
const struct hip_locator *locator = NULL;
int n_addrs = 0, loc_size = 0, err = 0;
locator = hip_get_param(ctx->input_msg, HIP_PARAM_LOCATOR);
if (locator) {
n_addrs = hip_get_locator_addr_item_count(locator);
loc_size = sizeof(struct hip_locator) +
(n_addrs * sizeof(struct hip_locator_info_addr_item));
/* this handle function is called during BEX, there should be no
* locators yet. */
HIP_ASSERT(!ctx->hadb_entry->locator);
HIP_IFEL(!(ctx->hadb_entry->locator = malloc(loc_size)),
-1, "Malloc for entry->locators failed\n");
memcpy(ctx->hadb_entry->locator, locator, loc_size);
} else {
HIP_DEBUG("R1 did not have locator\n");
}
out_err:
return err;
}
/**
* tell firewall to turn on or off the ESP relay mode
*
* @param action HIP_MSG_OFFER_FULLRELAY or HIP_MSG_CANCEL_FULLRELAY
*
* @return zero on success or negative on failure
*/
int hip_firewall_set_esp_relay(int action)
{
struct hip_common *msg = NULL;
int err = 0;
int sent;
HIP_DEBUG("Setting ESP relay to %d\n", action);
if (!(msg = hip_msg_alloc())) {
return -ENOMEM;
}
HIP_IFEL(hip_build_user_hdr(msg,
action ? HIP_MSG_OFFER_FULLRELAY : HIP_MSG_CANCEL_FULLRELAY, 0),
-1, "Build header failed\n");
sent = hip_sendto_firewall(msg);
if (sent < 0) {
HIP_PERROR("Send to firewall failed: ");
err = -1;
goto out_err;
}
HIP_DEBUG("Sent %d bytes to firewall.\n", sent);
out_err:
free(msg);
return err;
}
/**
* No description.
*/
int hip_query_opportunistic_mode(struct hip_common *msg){
int err = 0;
unsigned int opp_mode = opportunistic_mode;
hip_msg_init(msg);
HIP_IFEL(hip_build_param_contents(msg, (void *) &opp_mode,
HIP_PARAM_UINT,
sizeof(unsigned int)), -1,
"build param opp_mode failed\n");
HIP_IFEL(hip_build_user_hdr(msg,
SO_HIP_ANSWER_OPPORTUNISTIC_MODE_QUERY, 0),
-1, "build user header failed\n");
out_err:
return err;
}
/**
* hip_keymat_draw_and_copy - draw keying material and copy it to the given buffer
* @param dst destination buffer
* @param keymat pointer to the keymat structure which contains information
* about the actual
* @param length size of keymat structure
*
* @return pointer the next point where one can draw the next keymaterial
*/
int hip_keymat_draw_and_copy(char *dst,
struct hip_keymat_keymat *keymat,
int len){
int err = 0;
void *p = hip_keymat_draw(keymat, len);
HIP_IFEL(!p, -EINVAL, "Could not draw from keymat\n");
memcpy(dst, p, len);
out_err:
return err;
}
/**
* Periodic maintenance.
*
* @return zero on success or negative on failure
*/
int hip_periodic_maintenance(void)
{
int err = 0;
if (hipd_get_state() == HIPD_STATE_CLOSING) {
if (force_exit_counter > 0) {
err = hip_count_open_connections();
if (err < 1) {
hipd_set_state(HIPD_STATE_CLOSED);
}
} else {
hip_exit();
exit(EXIT_SUCCESS);
}
force_exit_counter--;
}
/* If some HAs are still remaining after certain grace period
* in closing or closed state, delete them */
hip_for_each_ha(hip_purge_closing_ha, NULL);
if (retrans_counter < 0) {
HIP_IFEL(hip_scan_retransmissions(), -1,
"retransmission scan failed\n");
retrans_counter = HIP_RETRANSMIT_INIT;
} else {
retrans_counter--;
}
if (precreate_counter < 0) {
HIP_IFEL(hip_recreate_all_precreated_r1_packets(), -1,
"Failed to recreate puzzles\n");
precreate_counter = HIP_R1_PRECREATE_INIT;
} else {
precreate_counter--;
}
hip_run_maint_functions();
out_err:
return err;
}
/**
Initialize connection to hip daemon.
@return 0 on success, -1 on errors.
*/
int connhipd_init_sock(void)
{
int err = 0;
struct sockaddr_in6 agent_addr;
hip_agent_sock = socket(AF_INET6, SOCK_DGRAM, 0);
HIP_IFEL(hip_agent_sock < 0, -1, "Failed to create socket.\n");
memset(&agent_addr, 0, sizeof(agent_addr));
agent_addr.sin6_family = AF_INET6;
agent_addr.sin6_addr = in6addr_loopback;
agent_addr.sin6_port = htons(HIP_AGENT_PORT);
HIP_IFEL(hip_daemon_bind_socket(hip_agent_sock, &agent_addr), -1,
"bind failed\n");
HIP_IFEL(hip_daemon_connect(hip_agent_sock), -1, "connect");
out_err:
return err;
}
int main(int argc, char *argv[]) {
int err = 0, i = 0;
sqlite3 * db = NULL;
char dbpath[] = "/tmp/hip_sqltest.db";
char table_sql[] = "CREATE TABLE test (num INTEGER, value VARCHAR(128));";
char insert_sql[256];
char delete_sql[] = "DELETE FROM test WHERE num = 3;";
char select_sql[] = "SELECT * FROM test;";
db = hip_sqlite_open_db(dbpath, table_sql);
HIP_IFEL((db == NULL), -1, "Failed to open/create the database\n");
for(i = 1; i < 10; i++) {
memset(insert_sql, '\0', sizeof(insert_sql));
sprintf(insert_sql, "INSERT INTO test VALUES(%d, "
"'Hi to you. #%d times said');", i,i);
HIP_IFEL(hip_sqlite_insert_into_table(db, insert_sql),
-1, "Failed to execute insert into query\n");
}
HIP_IFEL(hip_sqlite_select(db, select_sql, hip_sqlite_callback), -1,
"Failed to execute select query on the db\n");
HIP_DEBUG("Removing row where num is 3\n");
HIP_IFEL(hip_sqlite_delete_from_table(db, delete_sql),
-1, "Failed to execute delete query\n");
HIP_IFEL(hip_sqlite_select(db, select_sql, hip_sqlite_callback), -1,
"Failed to execute select query on the db\n");
HIP_DEBUG("Did the num 3 disappear?\n");
HIP_IFEL(hip_sqlite_close_db(db), -1, "Failed to close the db\n");
out_err:
return(err);
}
int hip_flush_all_sa()
{
int so, len, err = 0;
HIP_DEBUG("\n");
HIP_IFEL(((so = pfkey_open()) < 0), -1, "ERROR in opening pfkey socket: %s\n", ipsec_strerror());
HIP_DEBUG("Flushing all SA's\n");
HIP_IFEBL(((len = pfkey_send_flush(so, SADB_SATYPE_ESP))<0), -1,
pfkey_close(so), "ERROR in flushing policies %s\n", ipsec_strerror());
return len;
out_err:
return err;
}
/**
* Add SEQ parameter to second update packet.
*
* @param packet_type The packet type of the control message (RFC 5201, 5.3.)
* @param ha_state The host association state (RFC 5201, 4.4.1.)
* @param ctx Pointer to the packet context, containing all information for
* the packet handling (received message, source and destination
* address, the ports and the corresponding entry from the host
* association database).
*
* @return zero on success, or negative error value on error.
*/
int hip_add_seq_param(UNUSED const uint8_t packet_type,
UNUSED const uint32_t ha_state,
struct hip_packet_context *ctx)
{
struct update_state *localstate = NULL;
int err = 0;
if (hip_classify_update_type(ctx->input_msg) == FIRST_UPDATE_PACKET) {
HIP_IFEL(!(localstate = lmod_get_state_item(ctx->hadb_entry->hip_modular_state,
"update")),
-1, "failed to look up update state\n");
localstate->update_id_out++;
HIP_DEBUG("outgoing UPDATE ID=%u\n", hip_update_get_out_id(localstate));
HIP_IFEL(hip_build_param_seq(ctx->output_msg,
hip_update_get_out_id(localstate)),
-1,
"Building of SEQ parameter failed\n");
}
out_err:
return err;
}
hip_lsi_t *hip_fw_get_default_lsi() {
int err = 0;
struct hip_common *msg = NULL;
struct hip_tlv_common *param;
/* Use cached LSI if possible */
if (local_lsi.s_addr != 0) {
//memcpy(lsi, &local_lsi, sizeof(*lsi));
return &local_lsi;
goto out_err;
}
/* Query hipd for the LSI */
HIP_IFE(!(msg = hip_msg_alloc()), -1);
HIP_IFEL(hip_build_user_hdr(msg, SO_HIP_DEFAULT_HIT, 0),
-1, "build hdr failed\n");
/* send and receive msg to/from hipd */
HIP_IFEL(hip_send_recv_daemon_info(msg, 0, hip_fw_sock), -1, "send_recv msg failed\n");
HIP_DEBUG("send_recv msg succeed\n");
/* check error value */
HIP_IFEL(hip_get_msg_err(msg), -1, "Got erroneous message!\n");
HIP_IFEL(!(param = hip_get_param(msg, HIP_PARAM_LSI)), -1,
"Did not find LSI\n");
memcpy(&local_lsi, hip_get_param_contents_direct(param),
sizeof(local_lsi));
//memcpy(lsi, &local_lsi, sizeof(*lsi));
out_err:
if(msg)
HIP_FREE(msg);
if (err)
return NULL;
else
return &local_lsi;
}
/**
* Initialize an ICMP raw socket
*
* @param firewall_raw_sock_v6 the raw socket is written into this pointer
*
* @return zero on success, non-zero on error
*/
static int hip_firewall_init_raw_sock_icmp_outbound(int *firewall_raw_sock_v6)
{
int on = 1, off = 0, err = 0;
*firewall_raw_sock_v6 = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMP);
HIP_IFEL(*firewall_raw_sock_v6 <= 0, 1, "Raw socket creation failed. Not root?\n");
/* RECV_ERR is off because it is not handled properly by hipd
* (message length is -1 and this causes msg reading problems) */
err = setsockopt(*firewall_raw_sock_v6, IPPROTO_IPV6,
IPV6_RECVERR, &off, sizeof(on));
HIP_IFEL(err, -1, "setsockopt recverr failed\n");
err = setsockopt(*firewall_raw_sock_v6, IPPROTO_IPV6,
IPV6_2292PKTINFO, &on, sizeof(on));
HIP_IFEL(err, -1, "setsockopt pktinfo failiped\n");
err = setsockopt(*firewall_raw_sock_v6, SOL_SOCKET,
SO_REUSEADDR, &on, sizeof(on));
HIP_IFEL(err, -1, "setsockopt v6 reuseaddr failed\n");
out_err:
return err;
}
/**
* Update firewall on host association state. Currently used by the
* LSI mode in the firewall.
*
* @param action HIP_MSG_FW_UPDATE_DB or HIP_MSG_FW_BEX_DONE
* @param hit_s optional source HIT
* @param hit_r optional destination HIT
*
* @return zero on success or negative on failure
*/
int hip_firewall_set_bex_data(int action, struct in6_addr *hit_s, struct in6_addr *hit_r)
{
struct hip_common *msg = NULL;
int err = 0, n = 0, r_is_our;
if (!hip_get_firewall_status()) {
goto out_err;
}
/* Makes sure that the hits are sent always in the same order */
r_is_our = hip_hidb_hit_is_our(hit_r);
HIP_IFEL(!(msg = malloc(HIP_MAX_PACKET)), -1, "alloc\n");
hip_msg_init(msg);
HIP_IFEL(hip_build_user_hdr(msg, action, 0), -1,
"Build hdr failed\n");
HIP_IFEL(hip_build_param_contents(msg,
r_is_our ? hit_s : hit_r, HIP_PARAM_HIT,
sizeof(struct in6_addr)), -1, "build param contents failed\n");
HIP_IFEL(hip_build_param_contents(msg,
r_is_our ? hit_r : hit_s, HIP_PARAM_HIT,
sizeof(struct in6_addr)), -1, "build param contents failed\n");
n = sendto(hip_firewall_sock_lsi_fd,
(char *) msg,
hip_get_msg_total_len(msg),
0,
(struct sockaddr *) &hip_firewall_addr,
sizeof(struct sockaddr_in6));
HIP_IFEL(n < 0, -1, "Send to firewall failed. str errno %s\n", strerror(errno));
HIP_DEBUG("BEX DATA Send to firewall OK.\n");
out_err:
free(msg);
return err;
}
void hip_delete_hit_sp_pair(hip_hit_t *src_hit, hip_hit_t *dst_hit, u8 proto,
int use_full_prefix)
{
int so, len, err = 0;
u8 prefix = (use_full_prefix) ? 128 : HIP_HIT_PREFIX_LEN;
HIP_DEBUG("\n");
HIP_IFEL(((so = pfkey_open()) < 0), -1, "ERROR in opening pfkey socket: %s\n", ipsec_strerror());
HIP_IFEBL((hip_pfkey_policy_modify(so, dst_hit, prefix, src_hit,
prefix, NULL, NULL,
proto, SADB_X_SPDDELETE, IPSEC_DIR_INBOUND)<0),
-1, pfkey_close(so), "ERROR in deleting the inbound policy\n");
HIP_IFEL(((so = pfkey_open()) < 0), -1, "ERROR in opening pfkey socket: %s\n", ipsec_strerror());
HIP_IFEBL((hip_pfkey_policy_modify(so, src_hit, prefix, dst_hit,
prefix, NULL, NULL,
proto, SADB_X_SPDDELETE, IPSEC_DIR_OUTBOUND)<0),
-1, pfkey_close(so), "ERROR in deleting the outbound policy\n");
out_err:
return;
}
/*
* similar to the hip_request_peer_hit_from_hipd(...) function
*
*/
int hip_request_peer_hit_from_hipd_at_firewall(
const struct in6_addr *peer_ip,
struct in6_addr *peer_hit,
const struct in6_addr *local_hit,
in_port_t *src_tcp_port,
in_port_t *dst_tcp_port,
int *fallback,
int *reject){
struct hip_common *msg = NULL;
struct in6_addr *hit_recv = NULL;
hip_hit_t *ptr = NULL;
int err = 0;
int ret = 0;
*fallback = 1;
*reject = 0;
HIP_IFE(!(msg = hip_msg_alloc()), -1);
HIP_IFEL(hip_build_param_contents(msg, (void *)(local_hit),
HIP_PARAM_HIT_LOCAL,
sizeof(struct in6_addr)),
-1, "build param HIP_PARAM_HIT failed\n");
if (hip_opptcp) {
HIP_IFEL(hip_build_param_contents(msg, (void *)(src_tcp_port),
HIP_PARAM_SRC_TCP_PORT,
sizeof(in_port_t)),
-1, "build param HIP_PARAM_SRC_TCP_PORT failed\n");
HIP_IFEL(hip_build_param_contents(msg, (void *)(dst_tcp_port),
HIP_PARAM_DST_TCP_PORT,
sizeof(in_port_t)),
-1, "build param HIP_PARAM_DST_TCP_PORT failed\n");
}
HIP_IFEL(hip_build_param_contents(msg, (void *)(peer_ip),
HIP_PARAM_IPV6_ADDR_PEER,
sizeof(struct in6_addr)),
-1, "build param HIP_PARAM_IPV6_ADDR failed\n");
/* build the message header */
HIP_IFEL(hip_build_user_hdr(msg, SO_HIP_GET_PEER_HIT, 0),
-1, "build hdr failed\n");
/* this message has to be delivered with the async socket because
opportunistic mode responds asynchronously */
HIP_IFEL(hip_send_recv_daemon_info(msg, 1, hip_fw_async_sock),
-1, "send msg failed\n");
_HIP_DEBUG("send_recv msg succeed\n");
out_err:
if(msg)
free(msg);
return err;
}
int hip_send_recv_daemon_info(struct hip_common *msg, int send_only, int opt_socket) {
int hip_user_sock = 0, err = 0, n, len;
struct sockaddr_in6 addr;
if (!send_only)
return hip_send_recv_daemon_info_internal(msg, opt_socket);
if (opt_socket) {
hip_user_sock = opt_socket;
} else {
HIP_IFE(((hip_user_sock = socket(AF_INET6, SOCK_DGRAM, 0)) < 0), -1);
memset(&addr, 0, sizeof(addr));
addr.sin6_family = AF_INET6;
addr.sin6_addr = in6addr_loopback;
HIP_IFEL(hip_daemon_bind_socket(hip_user_sock,
(struct sockaddr *) &addr), -1,
"bind failed\n");
HIP_IFEL(hip_daemon_connect(hip_user_sock), -1,
"connect failed\n");
}
len = hip_get_msg_total_len(msg);
n = send(hip_user_sock, msg, len, 0);
if (n < len) {
HIP_ERROR("Could not send message to daemon.\n");
err = -1;
goto out_err;
}
out_err:
if (!opt_socket && hip_user_sock)
close(hip_user_sock);
return err;
}
int hip_flush_all_policy()
{
int so, len, err = 0;
HIP_DEBUG("\n");
HIP_IFEL(((so = pfkey_open()) < 0), -1, "ERROR in opening pfkey socket: %s\n", ipsec_strerror());
HIP_DEBUG("FLushing all SP's\n");
HIP_IFEBL(((len = pfkey_send_spdflush(so))<0), -1,
pfkey_close(so), "ERROR in flushing policies %s\n", ipsec_strerror());
HIP_DEBUG("FLushing all SP's was successful\n");
return len;
out_err:
HIP_ERROR("FLushing all SP's\n");
return err;
}
/**
* Send the necessary data to hipd, so that a tcp packet is sent from there. This was done because it was not possible to send a packet directly from here.
*
* @param *hdr pointer to the packet that is to be sent.
* @param packet_size the size of the packet.
* @param ip_version ipv4 or ipv6.
* @param addHit whether the local HIT is to be added at the tcp options
* @param addOption whether the i1 option is to be added at the tcp options
* @return nothing
*/
int hip_request_send_tcp_packet(void *hdr,
int packet_size,
int ip_version,
int addHit,
int addOption){
const struct hip_common *msg = NULL;
int err = 0;
HIP_DEBUG("\n");
HIP_IFE(!(msg = hip_msg_alloc()), -1);
HIP_IFEL(hip_build_param_contents(msg, (void *)hdr,
HIP_PARAM_IP_HEADER,
packet_size),
-1, "build param HIP_PARAM_IP_HEADER failed\n");
HIP_IFEL(hip_build_param_contents(msg, (int *)(&packet_size),
HIP_PARAM_PACKET_SIZE,
sizeof(int)),
-1, "build param HIP_PARAM_PACKET_SIZE failed\n");
HIP_IFEL(hip_build_param_contents(msg, (int *)(&ip_version),
HIP_PARAM_TRAFFIC_TYPE,
sizeof(int)),
-1, "build param HIP_PARAM_TRAFFIC_TYPE failed\n");
HIP_IFEL(hip_build_param_contents(msg, (int *)(&addHit),
HIP_PARAM_ADD_HIT,
sizeof(int)),
-1, "build param HIP_PARAM_ADD_HIT failed\n");
HIP_IFEL(hip_build_param_contents(msg, (int *)(&addOption),
HIP_PARAM_ADD_OPTION,
sizeof(int)),
-1, "build param HIP_PARAM_ADD_OPTION failed\n");
/* build the message header */
HIP_IFEL(hip_build_user_hdr(msg, SO_HIP_OPPTCP_SEND_TCP_PACKET, 0),
-1, "build hdr failed\n");
HIP_DUMP_MSG(msg);
/* send and receive msg to/from hipd */
HIP_IFEL(hip_send_recv_daemon_info(msg, 1, hip_fw_async_sock), -1, "send_recv msg failed\n");
_HIP_DEBUG("send_recv msg succeed\n");
/* check error value */
//HIP_IFEL(hip_get_msg_err(msg), -1, "Got erroneous message!\n");
out_err:
return err;
}