mn_reg.c

Go to the documentation of this file.

/* $Id: mn_reg.c,v 1.64 2001/09/29 14:56:23 jm Exp $
 * Mobile Node - registration
 *
 * Dynamic hierarchial IP tunnel
 *
 * Copyright (C) 1998-2001, Dynamics group, Tero Hätinen,
 * Joni Purojärvi and Antti Pyykkönen (Dynamo group)
 *
 * Modified by Tero Hätinen, Joni Purojärvi and Antti Pyykkönen
 * Used as a testing tool for home agent.
 * "Virtual foreign agent"
 * Generates registeration messages to the home agent
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation. See README and COPYING for
 * more details.
 */

#include "config.h"
#include <stdlib.h>
#include <stdio.h>
#include <assert.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <errno.h>
#ifdef DYN_TARGET_LINUX
#include <net/if_arp.h>
#endif
#include <string.h>
#include <time.h>

#include "agentapi.h"
#include "auth.h"
#include "debug.h"
#include "msgparser.h"
#include "proxyarp.h"
#include "util.h"
#include "mn.h"

#include "fileio.h"
#ifdef INCLUDE_IPAY
#include "mn_ipay.h"
#endif

extern struct mn_data mn;
extern struct mn_config config;
extern struct timeval timers[TIMER_COUNT];

/*Fileio stuff */
int intervals[5000];

//#define NUM_DEVICES 5000;
int rownumber=0;
typedef struct device DEVICE;
typedef struct rowdata ROWDATA;





struct rowdata { 
  char row[BUFSIZ];
};


struct device { 
  char ip_home[17]; 
  char ip_homeagent[17];
  char ip_careoff[17];
  char nai[32];
  char timestart[3];;
  char state[2];

};




DEVICE devices[5000];
ROWDATA rows[5000];

int sent_regs;
int sent_deregs;

struct tm *tmptr;
time_t tm;      
char timestr[60];


/* "Virtual mobile" */
struct mobile
{
        struct mn_data mn;
        struct mn_config config;
        int state;

};

struct mobile mobile_array[20];
int cur_mobile=0; //place of the virtual mobile in array
int mobiles=0; //how many mobiles are in array

static int fill_req_header(char *pos, int request_type, int use_reverse)
{
        struct reg_req *req;
        int new_reg_time;
        unsigned int new_reg_rand;
        static int last_reg_time = 0;
        static unsigned int last_reg_rand = 0;
        struct timeval tv;

        req = (struct reg_req *) pos;
        req->type = REG_REQ;
        req->opts = 0;
        /* Note: the agent adv should be checked for allowed tunneling modes
         * and req->opts should be adjusted with that information if needed
         * (i.e. do not request unsupported mode) */
        if (!mobile_array[cur_mobile].config.enable_fa_decapsulation)
                req->opts |= REGREQ_MN_DECAPS;
        if (use_reverse)
                req->opts |= REGREQ_REVERSE_TUNNEL;
        if (request_type != REG_DISC) {
                if (mobile_array[cur_mobile].mn.tunnel_mode == API_TUNNEL_FULL_HA)
                        req->lifetime =
                                htons(mobile_array[cur_mobile].config.mn_default_tunnel_lifetime);
                else
                        req->lifetime =
                                htons(MIN(mobile_array[cur_mobile].mn.req_lifetime,
                                          mobile_array[cur_mobile].config.mn_default_tunnel_lifetime));
                if (ntohs(req->lifetime) == 0) {
                        LOG2(LOG_INFO, "send_registration - trying to register"
                             ", but lifetime=0 - aborting\n");
                        return -1;
                }
        } else req->lifetime = 0;
        req->home_addr.s_addr = mobile_array[cur_mobile].config.mn_home_ip_addr.s_addr;
        if (mobile_array[cur_mobile].config.ha_ip_addr.s_addr == 0 && mobile_array[cur_mobile].config.use_aaa) {
                req->ha_addr.s_addr = mobile_array[cur_mobile].config.allow_home_addr_from_foreign_net ?
                        0 : -1;
        } else if (mobile_array[cur_mobile].config.ha_ip_addr.s_addr == 0 &&
                   mobile_array[cur_mobile].config.home_net_addr_plen > -1) {
                /* dynamic HA address resolution */
                req->ha_addr.s_addr = mobile_array[cur_mobile].config.home_net_subnet_bc.s_addr;
        } else
                req->ha_addr.s_addr = mobile_array[cur_mobile].config.ha_ip_addr.s_addr;
        req->co_addr.s_addr = mobile_array[cur_mobile].mn.co_addr.s_addr;

        switch (mobile_array[cur_mobile].config.replay_meth) {
        case REPLAY_PROTECTION_NONE:
                req->id[0] = 0;
                req->id[1] = get_rand32();
                break;

        case REPLAY_PROTECTION_TIMESTAMP:
                /* set the timestamp according to RFC 2002, 5.6.1 (NTP format):
                 * high-order 32 bits: time in seconds from year 1900,
                 * low-order 32 bits: fractional seconds (1/256 sec resolution,
                 * i.e., 8 bits, used) and the last bits random */
                gettimeofday(&tv, NULL);
                new_reg_time = tv.tv_sec + mobile_array[cur_mobile].mn.clock_correction;
                new_reg_rand = ((tv.tv_usec * 256 / 1000000) << 24) |
                        (get_rand32() & 0xffffff);
                if (new_reg_time == last_reg_time &&
                    new_reg_rand <= last_reg_rand) {
                        /* id must always increase - forcing a larger id */
                        new_reg_rand = last_reg_rand + 1;
                }
                req->id[0] = htonl(new_reg_time + UNIX_NTP_DIFF);
                req->id[1] = htonl(new_reg_rand);
                last_reg_time = new_reg_time;
                last_reg_rand = new_reg_rand;
                break;

        case REPLAY_PROTECTION_NONCE:
                req->id[0] = mobile_array[cur_mobile].mn.last_nonce;
                req->id[1] = get_rand32();
                break;
        }

        return sizeof(struct reg_req);
}


static int nai_equal(struct fa_nai_ext *nai1, struct fa_nai_ext *nai2)
{
        int len = GET_NAI_LEN(nai1);
        if (nai2 == NULL || GET_NAI_LEN(nai2) != len)
                return 0;
        if (memcmp(MSG_NAI_DATA(nai1), MSG_NAI_DATA(nai2), len) == 0)
                return 1;
        return 0;
}


static int add_localized_reg_extensions(char *pos, int left, char *start)
{
        static int last_req_seq_num = 0;
        struct registration_ext_dynamics *dyn_ext;
        int n, added = 0, add_auth = 1;

        if (mobile_array[cur_mobile].mn.current_adv == NULL || mobile_array[cur_mobile].mn.current_adv->adv.fa_nai == NULL ||
            mobile_array[cur_mobile].mn.last_req_FA_NAI->type == 0 ||
            (!mobile_array[cur_mobile].mn.prev_req_replied &&
             !nai_equal(mobile_array[cur_mobile].mn.last_req_FA_NAI, mobile_array[cur_mobile].mn.current_adv->adv.fa_nai))) {
                if (mobile_array[cur_mobile].mn.current_adv == NULL)
                        DEBUG(DEBUG_INFO, "\tmobile_array[cur_mobile].mn.current_adv == NULL\n");
                if (mobile_array[cur_mobile].mn.current_adv != NULL &&
                    mobile_array[cur_mobile].mn.current_adv->adv.fa_nai == NULL)
                        DEBUG(DEBUG_INFO,
                              "\tcurrent_adv->fa_nai == NULL\n");
                if (mobile_array[cur_mobile].mn.last_req_FA_NAI->type == 0)
                        DEBUG(DEBUG_INFO, "\tlast_req_FA_NAI->type == 0\n");
                if (!mobile_array[cur_mobile].mn.prev_req_replied)
                        DEBUG(DEBUG_INFO, "\t!mobile_array[cur_mobile].mn.prev_req_replied\n");
                if (mobile_array[cur_mobile].mn.current_adv != NULL &&
                    !nai_equal(mobile_array[cur_mobile].mn.last_req_FA_NAI, mobile_array[cur_mobile].mn.current_adv->adv.fa_nai))
                        DEBUG(DEBUG_INFO, "\t!nai_equal()\n");

                if (mobile_array[cur_mobile].mn.current_adv == NULL ||
                    mobile_array[cur_mobile].mn.current_adv->adv.fa_nai != NULL) {
                        DEBUG(DEBUG_INFO, "Not adding SK auth because "
                              "current_adv == NULL or FA NAI advertised and "
                              "forcing req. to HA\n");
                        add_auth = 0;
                }

                DEBUG(DEBUG_INFO, "Excluding previous FA NAI extension "
                      "(forcing request to HA)\n");
                mobile_array[cur_mobile].mn.last_req_FA_NAI->type = 0;
        }

        if (left < sizeof(struct registration_ext_dynamics))
                return -1;

        DEBUG(DEBUG_MESSAGES, " * ext_dynamics\n");
        dyn_ext = (struct registration_ext_dynamics *) pos;
        dyn_ext->type = VENDOR_EXT_TYPE2;
        dyn_ext->length = sizeof(struct registration_ext_dynamics) - 2;
        dyn_ext->reserved = 0;
        dyn_ext->vendor_id = htonl(VENDOR_ID_DYNAMICS);
        dyn_ext->sub_type = htons(VENDOR_EXT_DYNAMICS_OPTIONS);
        dyn_ext->version = VENDOR_EXT_VERSION;
        dyn_ext->opts = 0;
        dyn_ext->seq = htonl(++last_req_seq_num);
        added += sizeof(struct registration_ext_dynamics);
        left -= sizeof(struct registration_ext_dynamics);

        if (mobile_array[cur_mobile].mn.current_adv != NULL && mobile_array[cur_mobile].mn.current_adv->adv.fa_nai != NULL) {
                /* previous FA NAI ext. */
                if (mobile_array[cur_mobile].mn.prev_req_replied && mobile_array[cur_mobile].mn.last_req_FA_NAI->type != 0) {
                        n = GET_NAI_EXT_LEN(mobile_array[cur_mobile].mn.last_req_FA_NAI);
                        if (left < n)
                                return -1;
                        mobile_array[cur_mobile].mn.last_req_FA_NAI->sub_type =
                                htons(VENDOR_EXT_DYNAMICS_PREVIOUS_FA_NAI);
                        memcpy(pos + added, mobile_array[cur_mobile].mn.last_req_FA_NAI, n);
                        added += n;
                        left -= n;
                        DEBUG(DEBUG_MESSAGES, " * previous FA NAI (len=%i)\n",
                              n);
                }

                /* current FA NAI ext. */
                n = GET_NAI_EXT_LEN(mobile_array[cur_mobile].mn.current_adv->adv.fa_nai);
                memcpy(mobile_array[cur_mobile].mn.last_req_FA_NAI, mobile_array[cur_mobile].mn.current_adv->adv.fa_nai, n);
                if (left < n)
                        return -1;
                memcpy(pos + added, mobile_array[cur_mobile].mn.last_req_FA_NAI, n);
                added += n;
                left -= n;
                DEBUG(DEBUG_MESSAGES, " * current FA NAI (len=%i)\n", n);
        }

        if (add_auth) {
                if (left < sizeof(struct vendor_msg_auth) + MAX_SK_LEN)
                        return -1;
                DEBUG(DEBUG_MESSAGES, " * sk_auth\n");
                n = auth_add_vendor(
                        mobile_array[cur_mobile].config.auth_alg, mobile_array[cur_mobile].mn.session_key, mobile_array[cur_mobile].mn.session_key_len,
                        (unsigned char *) start,
                        (struct vendor_msg_auth *) (pos + added),
                        VENDOR_EXT_DYNAMICS_SK_AUTH, htonl(mobile_array[cur_mobile].config.spi));
                added += n;
                left -= n;
        }

        return added;
}


static int add_req_extensions(char *pos, int left, char *start,
                              int request_type, int use_reverse)
{
        int use_dynamics_ext, n;
        struct fa_spi_entry *fa_spi = NULL;
        struct msg_key *mn_keyreq;
        struct challenge_ext *challenge = NULL;
        char *orig = pos;
        int add_mn_aaa_auth_ext = 0;
        int send_to_ha = 0;

        if (request_type == REG_DISC &&
            mobile_array[cur_mobile].mn.fa_addr.s_addr == mobile_array[cur_mobile].config.ha_ip_addr.s_addr)
                send_to_ha = 1;

        if (mobile_array[cur_mobile].config.priv_ha > 0) {
                struct priv_ha_ext *priv = (struct priv_ha_ext *) pos;
                if (left < sizeof(struct priv_ha_ext))
                        return -1;
                memset(priv, 0, sizeof(struct priv_ha_ext));
                priv->type = VENDOR_EXT_TYPE2;
                priv->length = sizeof(struct priv_ha_ext) - 2;
                priv->vendor_id = htonl(VENDOR_ID_DYNAMICS);
                priv->sub_type = htons(VENDOR_EXT_DYNAMICS_PRIV_HA);
                priv->priv_ha = htonl(mobile_array[cur_mobile].config.priv_ha);
                pos += GET_PRIV_HA_EXT_LEN(priv);
                left -= GET_PRIV_HA_EXT_LEN(priv);
                DEBUG(DEBUG_MESSAGES, " * priv_ha\n");
        }

        if (mobile_array[cur_mobile].config.mn_nai_len > 0) {
                struct mn_nai_ext *nai;
                if (left < sizeof(struct mn_nai_ext) + mobile_array[cur_mobile].config.mn_nai_len)
                        return -1;
                nai = (struct mn_nai_ext *) pos;
                nai->type = MN_NAI_EXT;
                nai->length = mobile_array[cur_mobile].config.mn_nai_len;
                memcpy(nai + 1, mobile_array[cur_mobile].config.mn_nai, mobile_array[cur_mobile].config.mn_nai_len);
                pos += GET_MN_NAI_EXT_LEN(nai);
                left -= GET_MN_NAI_EXT_LEN(nai);
                DEBUG(DEBUG_MESSAGES, " * mn_nai\n");
        }

#ifdef INCLUDE_IPAY
        if (mobile_array[cur_mobile].config.mn_nai_len == 0 && mobile_array[cur_mobile].mn.nai.nai != NULL) {
                struct mn_nai_ext *nai;
                if (left < sizeof(struct mn_nai_ext) + mobile_array[cur_mobile].mn.nai.len)
                        return -1;
                nai = (struct mn_nai_ext *) pos;
                nai->type = MN_NAI_EXT;
                nai->length = mobile_array[cur_mobile].mn.nai.len;
                memcpy(nai + 1, mobile_array[cur_mobile].mn.nai.nai, mobile_array[cur_mobile].mn.nai.len);
                pos += GET_MN_NAI_EXT_LEN(nai);
                left -= GET_MN_NAI_EXT_LEN(nai);
                DEBUG(DEBUG_MESSAGES, " * mn_nai (Ipay)\n");
        }
#endif

        /* add Dynamics extensions if the Foreign Agent advertised support for
         * them or if the registration is made directly to the Home Agent */
        use_dynamics_ext = mobile_array[cur_mobile].mn.fa_dynamics_ext.type != 0 ||
                mobile_array[cur_mobile].mn.tunnel_mode == API_TUNNEL_FULL_HA;

        if (use_dynamics_ext) {
                /* add mn_keyreq extension */
                if (left < MIN_KEY_EXT_LEN)
                        return -1;
                DEBUG(DEBUG_MESSAGES, " * mn_keyreq\n");
                mn_keyreq = (struct msg_key *) pos;
                init_key_extension(mn_keyreq, VENDOR_EXT_DYNAMICS_MN_KEYREQ,
                                   htonl(mobile_array[cur_mobile].config.spi), 0);
                pos += GET_KEY_EXT_LEN(mn_keyreq);
                left -= GET_KEY_EXT_LEN(mn_keyreq);

                /* add HFA public key hash extension if the hash is available
                 * from the agent advertisement */
                if (mobile_array[cur_mobile].mn.current_adv != NULL) {
                        struct msg_key *hashext =
                                mobile_array[cur_mobile].mn.current_adv->adv.pubkey_hash;
                        if (hashext != NULL && hashext->type != 0) {
                                if (left < GET_KEY_EXT_LEN(hashext))
                                        return -1;
                                DEBUG(DEBUG_MESSAGES, " * pubkey_hash\n");
                                memcpy(pos, hashext, GET_KEY_EXT_LEN(hashext));
                                pos += GET_KEY_EXT_LEN(hashext);
                                left -= GET_KEY_EXT_LEN(hashext);
                        }
                }
        } else {
                DEBUG(DEBUG_INFO, "FA did not advertise support for Dynamics "
                      "extensions - not using them\n");
        }

        if (mobile_array[cur_mobile].config.use_aaa &&
            mobile_array[cur_mobile].config.mn_ha_key_timestamp != 0 &&
            mobile_array[cur_mobile].config.mn_ha_key_lifetime != 0 &&
            mobile_array[cur_mobile].config.mn_ha_key_timestamp + mobile_array[cur_mobile].config.mn_ha_key_lifetime <
            time(NULL)) {
                DEBUG(DEBUG_INFO, "Dynamic MN-HA security association (from "
                      "AAA) expired\n");
                mobile_array[cur_mobile].config.shared_secret_len = -1;
        }

        if (mobile_array[cur_mobile].config.shared_secret_len >= 0) {
                /* add MN->HA authentication extension */
                if (left < sizeof(struct msg_auth) + MAX_SK_LEN)
                        return -1;
                DEBUG(DEBUG_MESSAGES, " * mh_auth\n");
                n = auth_add(mobile_array[cur_mobile].mn.use_auth_alg, mobile_array[cur_mobile].config.shared_secret,
                             mobile_array[cur_mobile].config.shared_secret_len, (unsigned char *) start,
                             (struct msg_auth *) pos, MH_AUTH,
                             htonl(mobile_array[cur_mobile].config.spi));
                pos += n;
                left -= n;
        }

        /* Add encapsulating delivery extension if MN decaps and reverse
         * tunnel is in use [RFC 2344, Chap. 3.3] */
        if (!mobile_array[cur_mobile].config.enable_fa_decapsulation && use_reverse) {
                struct encaps_delivery_ext *edel =
                        (struct encaps_delivery_ext *) pos;
                if (left < sizeof(struct encaps_delivery_ext))
                        return -1;
                DEBUG(DEBUG_MESSAGES, " * encaps_delivery\n");
                edel->type = ENCAPS_DELIVERY_EXT;
                edel->length = 0;
                pos += sizeof(struct encaps_delivery_ext);
                left -= sizeof(struct encaps_delivery_ext);
        }

        /* add FA NAI extensions and session key based MN->FA authentication
         * if Dynamics extensions are used and the session key is available
         * and this is not a reregistration */
        if (use_dynamics_ext && mobile_array[cur_mobile].mn.session_key != NULL &&
            request_type != REG_REREG) {
                n = add_localized_reg_extensions(pos, left, start);
                if (n < 0)
                        return -1;
                pos += n;
                left -= n;
        } else if (mobile_array[cur_mobile].mn.current_adv != NULL &&
                   mobile_array[cur_mobile].mn.current_adv->adv.fa_nai != NULL) {
                /* current FA NAI ext. */
                memcpy(mobile_array[cur_mobile].mn.last_req_FA_NAI, mobile_array[cur_mobile].mn.current_adv->adv.fa_nai,
                       MAX_FA_NAI_LEN);
                n = GET_NAI_EXT_LEN(mobile_array[cur_mobile].mn.last_req_FA_NAI);
                if (left < n)
                        return -1;
                memcpy(pos, mobile_array[cur_mobile].mn.last_req_FA_NAI, n);
                pos += n;
                left -= n;
                DEBUG(DEBUG_MESSAGES, " * current FA NAI (len=%i)\n", n);
        }

        /* if the agent advertisement from the FA has a Challenge extension,
         * copy it to the registration request or if the previous registration
         * reply had a more recent Challenge ext, use it */
        /* FIX: MN must not use the same challenge again, so if no new
         * challenge is available, it is no use sending this registration
         * without first acquiring a new challenge fron an agent advertisement.
         * MN could send an agent soliciation in that case. Now the request
         * will be denied by FA and MN might get a new challenge from that
         * denial reply. */
        if (mobile_array[cur_mobile].mn.last_challenge_ext != NULL &&
            (mobile_array[cur_mobile].mn.current_adv == NULL ||
             cmp_timeval(&mobile_array[cur_mobile].mn.current_adv->last, &mobile_array[cur_mobile].mn.last_challenge_time) < 0))
        {
                DEBUG(DEBUG_INFO, "Using challenge from last reg. reply\n");
                challenge = mobile_array[cur_mobile].mn.last_challenge_ext;
        } else if (mobile_array[cur_mobile].mn.current_adv != NULL &&
                   mobile_array[cur_mobile].mn.current_adv->adv.challenge != NULL) {
                DEBUG(DEBUG_INFO, "Using challenge from last agentadv\n");
                challenge = mobile_array[cur_mobile].mn.current_adv->adv.challenge;
        } else
                challenge = NULL;

        if (!send_to_ha)
                fa_spi = get_fa_spi(0, mobile_array[cur_mobile].mn.fa_addr);

        if (challenge != NULL && (fa_spi != NULL || mobile_array[cur_mobile].config.use_aaa)) {
                n = GET_CHALLENGE_EXT_LEN(challenge);
                DEBUG(DEBUG_MESSAGES, " * challenge (len=%i)\n", n);
                if (left < n)
                        return -1;
                memcpy(pos, challenge, n);
                challenge = (struct challenge_ext *) pos;
                challenge->type = MN_FA_CHALLENGE_EXT;
                pos += n;
                left -= n;
                add_mn_aaa_auth_ext = 1;
        }

        /* add shared secret based MN->FA authentication if the security
         * association is configured */
        if (!send_to_ha && fa_spi != NULL && !mobile_array[cur_mobile].mn.aaa_rekey) {
                if (left < sizeof(struct msg_auth) + MAX_SK_LEN)
                        return -1;
                DEBUG(DEBUG_MESSAGES, " * mf_auth\n");
                n = auth_add(fa_spi->alg, fa_spi->shared_secret,
                             fa_spi->shared_secret_len,
                             (unsigned char *) start, (struct msg_auth *) pos,
                             MF_AUTH, htonl(fa_spi->spi));
                pos += n;
                left -= n;
                add_mn_aaa_auth_ext = 0;
        } else if (!send_to_ha && mobile_array[cur_mobile].config.use_aaa) {
                struct generalized_mn_fa_key_req_ext *keyreq;

                add_mn_aaa_auth_ext = 1;

                /* add MN-FA key req. from AAA */
                keyreq = (struct generalized_mn_fa_key_req_ext *) pos;
                if (left < sizeof(*keyreq))
                        return -1;
                DEBUG(DEBUG_MESSAGES, " * MN-FA Key Req from AAA\n");
                keyreq->type = GENERALIZED_MN_FA_KEY_REQ_EXT;
                keyreq->subtype = GEN_MN_FA_KEY_REQ_FROM_AAA;
                keyreq->length = htons(4);
                /* FIX: mn_spi is the SPI that MN will assign for the security
                 * association; this may need to be uniquely selected for some
                 * cases(?) */
                keyreq->mn_spi = htonl(1000);
                pos += GET_GEN_MN_FA_KEY_REQ_EXT_LEN(keyreq);
                left -= GET_GEN_MN_FA_KEY_REQ_EXT_LEN(keyreq);
        }

        if ((mobile_array[cur_mobile].config.shared_secret_len < 0 || mobile_array[cur_mobile].mn.aaa_rekey) &&
            mobile_array[cur_mobile].config.use_aaa) {
                struct generalized_mn_ha_key_req_ext *keyreq;

                add_mn_aaa_auth_ext = 1;

                /* add MN-HA key req. from AAA */
                keyreq = (struct generalized_mn_ha_key_req_ext *) pos;
                if (left < sizeof(*keyreq))
                        return -1;
                DEBUG(DEBUG_MESSAGES, " * MN-HA Key Req from AAA\n");
                keyreq->type = GENERALIZED_MN_HA_KEY_REQ_EXT;
                keyreq->subtype = GEN_MN_HA_KEY_REQ_FROM_AAA;
                keyreq->length = htons(4);
                /* FIX: mn_spi is the SPI that MN will assign for the security
                 * association; this may need to be uniquely selected for some
                 * cases(?) */
                keyreq->mn_spi = htonl(1000);
                pos += GET_GEN_MN_FA_KEY_REQ_EXT_LEN(keyreq);
                left -= GET_GEN_MN_FA_KEY_REQ_EXT_LEN(keyreq);
        }

        if (add_mn_aaa_auth_ext && mobile_array[cur_mobile].config.use_aaa) {
                /* add MN-AAA authentication extension */
                if (left < sizeof(struct generalized_auth_ext) + MAX_SK_LEN)
                        return -1;
                DEBUG(DEBUG_MESSAGES, " * gen_auth_ext(MN-AAA)\n");
                n = auth_add_gen(mobile_array[cur_mobile].config.mn_aaa_auth_alg,
                                 mobile_array[cur_mobile].config.mn_aaa_shared_secret,
                                 mobile_array[cur_mobile].config.mn_aaa_shared_secret_len,
                                 (unsigned char *) start,
                                 challenge != NULL ?
                                 MSG_CHALLENGE_EXT_DATA(challenge) : NULL,
                                 challenge != NULL ?
                                 GET_CHALLENGE_LEN(challenge) : 0,
                                 (struct generalized_auth_ext *) pos,
                                 GENERALIZED_AUTH_MN_AAA,
                                 htonl(mobile_array[cur_mobile].config.mn_aaa_spi));
                pos += n;
                left -= n;
        }


        mobile_array[cur_mobile].mn.prev_req_replied = 0;

        return (int) (pos - orig);
}

/* send_registration:
 * @request_type: 
 *    REG_DISC    - deregistration
 *    REG_CONNECT - normal connection request
 *    REG_REREG   - reregistration (do not send sk_auth extension
 *                  and ask full time)
 *
 * 
 *
 * Send registration message.
 * 
 * Returns: 0 on success, -1 on error.
 */
int send_registration(int request_type)
{
        char sendbuf[MAXMSG];
        char *pos; /* pointer to next byte to write in sendbuf */
        int n, len;
        struct sockaddr_in addr;
        int use_reverse;
        struct msg_extensions ext;

        if (MAXMSG < (sizeof(struct reg_req) +
                      2 * (sizeof(struct msg_auth) + 16))) {
                DEBUG(DEBUG_INFO, "MN: send_reg: too small send buffer!");

                return -1;
        }

        use_reverse = mobile_array[cur_mobile].config.tunneling_mode == TUNMODE_AUTO_REVERSE ||
                mobile_array[cur_mobile].config.tunneling_mode == TUNMODE_REVERSE;

        if (mobile_array[cur_mobile].mn.current_adv != NULL) {
                if (mobile_array[cur_mobile].mn.current_adv->addr.s_addr != mobile_array[cur_mobile].mn.fa_addr.s_addr) {
                        DEBUG(DEBUG_INFO, "fa_addr=%s != ",
                              inet_ntoa(mobile_array[cur_mobile].mn.fa_addr));
                        DEBUG(DEBUG_INFO, "current_adv->addr=%s\n",
                              inet_ntoa(mobile_array[cur_mobile].mn.current_adv->addr));
                }

                DEBUG(DEBUG_INFO, "Setting in_use=%i for FA %s (send reg)\n",
                      request_type == REG_DISC ? 0 : 1,
                      inet_ntoa(mobile_array[cur_mobile].mn.current_adv->addr));
                mobile_array[cur_mobile].mn.current_adv->in_use = request_type == REG_DISC ? 0 : 1;
                if (mobile_array[cur_mobile].config.tunneling_mode == TUNMODE_AUTO_REVERSE &&
                    (ntohs(mobile_array[cur_mobile].mn.current_adv->adv.ext->opts) &
                     AGENT_ADV_BIDIR_TUNNELING) == 0)
                        use_reverse = 0;
                if (mobile_array[cur_mobile].config.tunneling_mode == TUNMODE_AUTO_TRIANGLE &&
                    mobile_array[cur_mobile].mn.current_adv->adv.own_ext != NULL &&
                    (mobile_array[cur_mobile].mn.current_adv->adv.own_ext->opts &
                     AGENT_ADV_OWN_TRIANGLE_TUNNELING) == 0)
                        use_reverse = 1;
        } else {
                DEBUG(DEBUG_INFO,
                      "send_registration: current_adv == NULL!?\n");
        }

        if ((use_reverse && mobile_array[cur_mobile].config.tunneling_mode == TUNMODE_TRIANGLE) ||
            (!use_reverse && mobile_array[cur_mobile].config.tunneling_mode == TUNMODE_REVERSE)) {
                DEBUG(DEBUG_INFO, "FA does not support wanted tunneling mode -"
                      " aborting registration\n");
                if (mobile_array[cur_mobile].mn.current_adv != NULL)
                        mobile_array[cur_mobile].mn.current_adv->reg_failed = 1;
                return -1;
        }

        if (use_reverse)
                DEBUG(DEBUG_MESSAGES, "Requesting reverse tunneling\n");

        pos = sendbuf;

        DEBUG(DEBUG_MESSAGES, "Sending registration message:\n * header\n");
        n = fill_req_header(pos, request_type, use_reverse);
        if (n < 0) return -1;
        pos += n;

        n = add_req_extensions(pos, MAXMSG - n, sendbuf, request_type,
                               use_reverse);
        if (n < 0) {
                LOG2(LOG_ERR, "Registration request buffer overflow - unable"
                     " to send the request\n");
                return -1;
        }
        pos += n;

        len = (int) (pos - sendbuf);
        assert(len <= MAXMSG);

        /* call parse_msg() to parse the message in order to get the details
         * of the sent message into debug output; in addition, this validates
         * the format of the request */
        if (parse_msg(sendbuf, len, &ext) != 0) {
                DEBUG(DEBUG_INFO, "WARNING! Own registration request was not "
                      "valid!\n");
        }

        /* add ARP entry, if not already added */
        if (mobile_array[cur_mobile].mn.current_adv != NULL &&
            mobile_array[cur_mobile].mn.current_adv->adv_type == MN_ADV_TYPE_FA &&
            !mobile_array[cur_mobile].mn.current_adv->arpentry) {
                struct sockaddr hwaddr;
                DEBUG(DEBUG_INFO, "Adding ARP entry for FA\n");
                memset(&hwaddr, 0, sizeof(hwaddr));
                hwaddr.sa_family = ARPHRD_ETHER;
#ifdef DYN_TARGET_LINUX
                memcpy(hwaddr.sa_data, mobile_array[cur_mobile].mn.current_adv->adv.from.sll_addr,
                       mobile_array[cur_mobile].mn.current_adv->adv.from.sll_halen);
#else
                memcpy(hwaddr.sa_data, mobile_array[cur_mobile].mn.current_adv->adv.eth->h_source,
                       ETH_ALEN);
#endif
                if (arp_add_permanent_item(mobile_array[cur_mobile].mn.current_adv->addr,
                                           mobile_array[cur_mobile].mn.current_adv->ifname,
                                           &hwaddr) < 0) {
                        LOG2(LOG_WARNING, "arp_add_permanent_item(%s, %s, %s) "
                             "failed\n", inet_ntoa(mobile_array[cur_mobile].mn.current_adv->addr),
                             mobile_array[cur_mobile].mn.current_adv->ifname,
                             ether_hwtoa((unsigned char *)hwaddr.sa_data));
                }
                mobile_array[cur_mobile].mn.current_adv->arpentry = 1;
        }

        /* add host route to FA, if not already added */
        if (mobile_array[cur_mobile].config.enable_fa_decapsulation &&
            mobile_array[cur_mobile].mn.current_adv != NULL &&
            mobile_array[cur_mobile].mn.current_adv->adv_type == MN_ADV_TYPE_FA &&
            !mobile_array[cur_mobile].mn.current_adv->routeentry) {
                DEBUG(DEBUG_INFO, "Adding routing entry for FA\n");
                add_fa_host_route(mobile_array[cur_mobile].mn.current_adv->ifname, mobile_array[cur_mobile].mn.agentadv,
                                  mobile_array[cur_mobile].mn.current_adv->ifindex, mobile_array[cur_mobile].mn.fa_addr);
        }

        /* send the message */
        memset(&addr, 0, sizeof(addr));
        addr.sin_family = AF_INET;
       // addr.sin_addr.s_addr = mobile_array[cur_mobile].mn.fa_addr.s_addr;
         //addr.sin_addr.s_addr = inet_addr("172.16.0.2");
        addr.sin_addr.s_addr=mobile_array[cur_mobile].config.ha_ip_addr.s_addr;
        addr.sin_port = htons(mobile_array[cur_mobile].config.udp_port);
        DEBUG(DEBUG_MESSAGES, "sending registration request to %s:%i, "
              "type=%i\n", inet_ntoa(addr.sin_addr), ntohs(addr.sin_port),
              request_type);

        gettimeofday(&mobile_array[cur_mobile].mn.last_reg_send_time, NULL);
        DEBUG(DEBUG_TIMERS, "last_reg_send_time=%li.%06li (FA=%s)\n",
              mobile_array[cur_mobile].mn.last_reg_send_time.tv_sec,
              mobile_array[cur_mobile].mn.last_reg_send_time.tv_usec,
              inet_ntoa(addr.sin_addr));

        


        n = sendto(mobile_array[cur_mobile].mn.registration_socket, sendbuf, len, 0,
                   (struct sockaddr *) &addr, sizeof(addr));
        if (n == len) {
                /* store id for reply */
                mobile_array[cur_mobile].mn.registration_id[0] =
                        ntohl(((struct reg_req *)sendbuf)->id[0]);
                mobile_array[cur_mobile].mn.registration_id[1] =
                        ntohl(((struct reg_req *)sendbuf)->id[1]);
                /* set registration time */
                gettimeofday(&timers[TIMER_REQUEST], NULL);
                mobile_array[cur_mobile].mn.last_request_sent = timers[TIMER_REQUEST].tv_sec;
                return 0;
        } else {
                LOG2(LOG_ERR, "send_reg - sendto: %s\n", strerror(errno));
                return -1;
        }
}


static void show_key_dump(const char *title, const unsigned char *key,
                          int keylen)
{
        int i;

        DEBUG(DEBUG_INFO, "%s: ", title);
        for (i = 0; i < keylen; i++)
                DEBUG(DEBUG_INFO, "%02x", key[i]);
        DEBUG(DEBUG_INFO, "\n");
}

static int handle_reply_aaa(struct msg_extensions *ext, struct in_addr addr)
{
        unsigned char *nodeaddr;
        unsigned int nodeaddrlen;
        unsigned char fa_secret[MAXSHAREDSECRETLEN];
        int fa_secret_len;
        unsigned char ha_secret[MAXSHAREDSECRETLEN];
        int ha_secret_len;
        struct mn_fa_key_material_from_aaa *fa_key = NULL;
        struct mn_ha_key_material_from_aaa *ha_key = NULL;

        if (mobile_array[cur_mobile].config.mn_home_ip_addr.s_addr == 0 &&
            mobile_array[cur_mobile].config.mn_nai_len > 0) {
                nodeaddr = mobile_array[cur_mobile].config.mn_nai;
                nodeaddrlen = mobile_array[cur_mobile].config.mn_nai_len;
        } else {
                nodeaddr = (unsigned char *) &mobile_array[cur_mobile].config.mn_home_ip_addr;
                nodeaddrlen = 4;
        }

        if (!mobile_array[cur_mobile].config.use_aaa) {
                DEBUG(DEBUG_INFO, "Registration reply has key material from "
                      "AAA, but AAA is not configured; ignoring extension\n");
                ext->mn_fa_key_material_aaa = NULL;
                ext->mn_ha_key_material_aaa = NULL;
                return 1;
        }

        if (ext->mn_fa_key_material_aaa) {
                fa_key = (struct mn_fa_key_material_from_aaa *)
                        (ext->mn_fa_key_material_aaa + 1);

                if (ext->mf_auth == NULL ||
                    !auth_is_protected(ext->mn_fa_key_material_aaa,
                                       ext->mf_auth)) {
                        LOG2(LOG_ALERT, "MN-FA auth. ext. does not protect "
                             "MN-FA key material from AAA\n");
                        return 0;
                }

                /* generate MN-FA key from key material */
                fa_secret_len = MAXSHAREDSECRETLEN;
                if (auth_generate_key(
                            mobile_array[cur_mobile].config.mn_aaa_keygen_alg,
                            mobile_array[cur_mobile].config.mn_aaa_shared_secret,
                            mobile_array[cur_mobile].config.mn_aaa_shared_secret_len,
                            (unsigned char *) (fa_key + 1),
                            GET_GEN_MN_FA_KEY_REP_LEN(
                                    ext->mn_fa_key_material_aaa) -
                            sizeof(struct mn_fa_key_material_from_aaa),
                            nodeaddr, nodeaddrlen,
                            fa_secret, &fa_secret_len)) {
                        LOG2(LOG_ALERT, "MN-FA key generation with material "
                             "from AAA failed\n");
                        return 0;
                }
                show_key_dump("MN-FA key", fa_secret, fa_secret_len);

                /* check that MN-FA auth ext is valid before accepting the
                 * key */
                if (!auth_check(auth_aaa_key_alg_id_to_dynamics(ntohs(
                        fa_key->alg_id)),
                                fa_secret, fa_secret_len,
                                (unsigned char *) ext->rep, ext->mf_auth)) {
                        LOG2(LOG_ALERT, "MN-FA key from AAA does not match "
                             "with MN-FA auth. ext.\n");
                        return 0;
                }
        }

        if (ext->mn_ha_key_material_aaa) {
                ha_key = (struct mn_ha_key_material_from_aaa *)
                        (ext->mn_ha_key_material_aaa + 1);

                if (ext->mh_auth == NULL ||
                    !auth_is_protected(ext->mn_ha_key_material_aaa,
                                       ext->mh_auth)) {
                        LOG2(LOG_ALERT, "MN-HA auth. ext. does not protect "
                             "MN-HA key material from AAA\n");
                        return 0;
                }

                /* generate MN-HA key from key material */
                ha_secret_len = MAXSHAREDSECRETLEN;
                if (auth_generate_key(
                            mobile_array[cur_mobile].config.mn_aaa_keygen_alg,
                            mobile_array[cur_mobile].config.mn_aaa_shared_secret,
                            mobile_array[cur_mobile].config.mn_aaa_shared_secret_len,
                            (unsigned char *) (ha_key + 1),
                            GET_GEN_MN_HA_KEY_REP_LEN(
                                    ext->mn_ha_key_material_aaa) -
                            sizeof(struct mn_ha_key_material_from_aaa),
                            nodeaddr, nodeaddrlen,
                            ha_secret, &ha_secret_len)) {
                        LOG2(LOG_ALERT, "MN-HA key generation with material "
                             "from AAA failed\n");
                        return 0;
                }
                show_key_dump("MN-HA key", ha_secret, ha_secret_len);

                /* check that MN-HA auth ext is valid before accepting the
                 * key */
                if (!auth_check(auth_aaa_key_alg_id_to_dynamics(
                        ntohs(ha_key->alg_id)),
                                ha_secret, ha_secret_len,
                                (unsigned char *) ext->rep, ext->mh_auth)) {
                        LOG2(LOG_ALERT, "MN-HA key from AAA does not match "
                             "with MN-HA auth. ext.\n");
                        return 0;
                }
        }



        /* Generated keys matched with authentication extensions - add new
         * dynamic security associations */

        if (ext->mn_fa_key_material_aaa) {
                struct fa_spi_entry *spi;

                spi = malloc(sizeof(struct fa_spi_entry));
                if (spi == NULL) {
                        DEBUG(DEBUG_INFO, "Could not allocate memory for new "
                              "FA security association\n");
                        return 0;
                }
                memset(spi, 0, sizeof(struct fa_spi_entry));
                list_init_node(&spi->node);

                spi->spi = ntohl(fa_key->fa_spi);
                spi->addr.s_addr = addr.s_addr;
                spi->alg =
                        auth_aaa_key_alg_id_to_dynamics(ntohs(fa_key->alg_id));
                time(&spi->created);
                spi->lifetime = ntohl(fa_key->lifetime);
                memcpy(spi->shared_secret, fa_secret, sizeof(fa_secret));
                spi->shared_secret_len = fa_secret_len;
                add_fa_spi(spi, 1);
        }

        if (ext->mn_ha_key_material_aaa) {
                mobile_array[cur_mobile].config.spi = ntohl(ha_key->ha_spi);
                mobile_array[cur_mobile].mn.use_auth_alg = mobile_array[cur_mobile].config.auth_alg =
                        auth_aaa_key_alg_id_to_dynamics(ntohs(ha_key->alg_id));
                mobile_array[cur_mobile].config.replay_meth = auth_aaa_key_replay_to_dynamics(
                        ntohs(ha_key->replay_method));
                memcpy(mobile_array[cur_mobile].config.shared_secret, ha_secret, sizeof(ha_secret));
                mobile_array[cur_mobile].config.shared_secret_len = ha_secret_len;
                time(&mobile_array[cur_mobile].config.mn_ha_key_timestamp);
                mobile_array[cur_mobile].config.mn_ha_key_lifetime =
                        ntohl(ext->mn_ha_key_material_aaa->lifetime);
        }

        mobile_array[cur_mobile].mn.aaa_rekey = 0;

        return 1;
}


/*
 * Check if ext contains valid registration reply.
 * correct reply should have id[1] same as in request.
 * Return nonzero if it's valid, zero otherwise.
 */
static int is_valid_reply(struct msg_extensions *ext, struct sockaddr_in addr)
{
        int auth_alg;
        struct fa_spi_entry *fa_spi;

        ASSERT(ext != NULL);

        /* verify fields */
        if (ext->rep == NULL || ext->rep->type != REG_REP) {
                LOG2(LOG_WARNING, "Received message from %s:%i was not a "
                     "registration reply\n",
                     inet_ntoa(addr.sin_addr), ntohs(addr.sin_port));
                return 0;
        }

#ifndef MN_ENABLE_VALIDATION
        DEBUG(DEBUG_INFO, "MN - no message validation in use\n");
        return 1;
#else

        if ((ext->mn_fa_key_material_aaa != NULL ||
             ext->mn_ha_key_material_aaa != NULL) &&
            handle_reply_aaa(ext, addr.sin_addr) != 1) {
                LOG2(LOG_ALERT, "Registration reply validation failed for AAA "
                        "related data - dropping reply\n");
                return 0;
        }

        /* verify mac */
        if (ext->mh_auth != NULL) {
                if (mobile_array[cur_mobile].config.shared_secret_len < 0) {
                        LOG2(LOG_ALERT, "MN-HA in reply, but security "
                             "association does not exists yet\n");
                        return 0;
                }
                if (!auth_check(mobile_array[cur_mobile].mn.use_auth_alg, mobile_array[cur_mobile].config.shared_secret,
                                mobile_array[cur_mobile].config.shared_secret_len,
                                (unsigned char *) ext->rep, ext->mh_auth)) {
                        if (mobile_array[cur_mobile].mn.use_auth_alg == AUTH_ALG_MD5)
                                auth_alg = AUTH_ALG_MD5_RFC2002;
                        else if (mobile_array[cur_mobile].mn.use_auth_alg == AUTH_ALG_MD5_RFC2002)
                                auth_alg = AUTH_ALG_MD5;
                        else
                                auth_alg = 0;
                        if (auth_alg == 0 ||
                            !auth_check(auth_alg, mobile_array[cur_mobile].config.shared_secret,
                                        mobile_array[cur_mobile].config.shared_secret_len,
                                        (unsigned char *) ext->rep,
                                        ext->mh_auth)) {
                                LOG2(LOG_ALERT,
                                     "Incorrect HA->MN authentication "
                                     "extension received in the reply\n");
                                if (mobile_array[cur_mobile].config.use_aaa)
                                        mobile_array[cur_mobile].mn.aaa_rekey = 1;
                                return 0;
                        } else {
                                /* non-standard authentication method used */
                                DEBUG(DEBUG_MESSAGES,
                                      "Non-standard MAC calculation detected "
                                      "- trying to use the same method\n");
                                mobile_array[cur_mobile].mn.use_auth_alg = auth_alg;
                                return 0;
                        }
                }
        } else if (ext->sk_auth != NULL && mobile_array[cur_mobile].mn.session_key_len > 0) {
                if (!auth_check_vendor(mobile_array[cur_mobile].config.auth_alg, mobile_array[cur_mobile].mn.session_key,
                                       mobile_array[cur_mobile].mn.session_key_len,
                                       (unsigned char *) ext->rep,
                                       ext->sk_auth)) {
                        LOG2(LOG_ALERT, "Incorrect session key based "
                             "authentication extension in the reply.\n");
                        return 0;
                }
                /* FAs cannot send session_keys */
                if (ext->mn_keyrep != NULL) {
                        DEBUG(DEBUG_MESSAGES, "Registration reply from FA "
                              "contained mn_keyrep extension - dropped it\n");
                        /* Just clear the session key to prevent FAs from
                         * sending them us. */
                        ext->mn_keyrep = NULL;
                }
        } else if (ext->rep->code < 64 || ext->rep->code > 127) {
                /* codes 64 .. 127 are for Foreign Agent denial; only require
                 * authentication extension in messages that are from the
                 * Home Agent */
                LOG2(LOG_ALERT, "No authentication in the reply\n");
                if (mobile_array[cur_mobile].config.use_aaa)
                        mobile_array[cur_mobile].mn.aaa_rekey = 1;
                return 0;
        }

        /* check the possible mf_auth */
        fa_spi = get_fa_spi(0, addr.sin_addr);
        if (ext->rep->code == REGREP_MN_FAILED_AUTH_FA && mobile_array[cur_mobile].config.use_aaa &&
            fa_spi != NULL && fa_spi->created != 0) {
                DEBUG(DEBUG_INFO, "FA reported incorrect authentication - "
                      "trying to create a new security association\n");
                remove_fa_spi(fa_spi);
                free(fa_spi);
                fa_spi = NULL;
                mobile_array[cur_mobile].mn.try_to_fix_sec_assoc = 1;
        }

        if (fa_spi != NULL) {
                if (ext->mf_auth == NULL) {
                        LOG2(LOG_ALERT, "No mf_auth in the reply even though "
                             "there is a security association with the FA.\n");
                        return 0;
                } else if (!auth_check(fa_spi->alg, fa_spi->shared_secret,
                                       fa_spi->shared_secret_len,
                                       (unsigned char *) ext->rep,
                                       ext->mf_auth)) {
                        LOG2(LOG_ALERT, "Incorrect FA->MN authentication "
                             "extension received the reply\n");
                        return 0;
                }
        } else if (ext->mf_auth != NULL && !mobile_array[cur_mobile].mn.try_to_fix_sec_assoc) {
                LOG2(LOG_ALERT, "Reply has an MN-FA auth. ext., but there is "
                     "no security association with the FA.\n");
                return 0;
        }

        /* verify id */
        if (ntohl(ext->rep->id[1]) != mobile_array[cur_mobile].mn.registration_id[1]) {
                LOG2(LOG_ALERT,
                     "Wrong id field in the reply (was %08x, "
                     "expected %08x)\n",
                     ext->rep->id[1], (u32) htonl(mobile_array[cur_mobile].mn.registration_id[1]));
                return 0;
        }


        if (ntohs(ext->rep->lifetime) > 0 &&
            IS_REGREP_ACCEPTED(ext->rep->code) &&
            mobile_array[cur_mobile].config.ha_ip_addr.s_addr == 0) {
                DEBUG(DEBUG_INFO, "Discovered HA address from reply: %s\n",
                      inet_ntoa(ext->rep->ha_addr));
                mobile_array[cur_mobile].config.ha_ip_addr.s_addr = ext->rep->ha_addr.s_addr;
        }

        if (ntohs(ext->rep->lifetime) > 0 &&
            IS_REGREP_ACCEPTED(ext->rep->code) &&
            mobile_array[cur_mobile].config.mn_home_ip_addr.s_addr == 0) {
                DEBUG(DEBUG_INFO, "Discovered MN home address from "
                      "reply: %s\n", inet_ntoa(ext->rep->home_addr));
                mobile_array[cur_mobile].mn.local_addr.s_addr =
                        mobile_array[cur_mobile].config.mn_home_ip_addr.s_addr =
                        ext->rep->home_addr.s_addr;
                if (mobile_array[cur_mobile].mn.current_adv != NULL &&
                    dyn_ip_iface_address(mobile_array[cur_mobile].mn.current_adv->ifindex,
                                         &mobile_array[cur_mobile].config.mn_home_ip_addr) != 1) {
                        DEBUG(DEBUG_INFO, "Adding assigned home address to the"
                              " interface\n");
                        if (dyn_ip_addr_add(mobile_array[cur_mobile].mn.current_adv->ifname,
                                            mobile_array[cur_mobile].config.mn_home_ip_addr) == 0) {
                                mobile_array[cur_mobile].mn.dynamic_home_addr.s_addr =
                                        mobile_array[cur_mobile].config.mn_home_ip_addr.s_addr;
                                memcpy(mobile_array[cur_mobile].mn.dynamic_home_addr_dev,
                                       mobile_array[cur_mobile].mn.current_adv->ifname, IFNAMSIZ);
                        } else
                                DEBUG(DEBUG_INFO, "dyn_ip_addr_add failed\n");
                }
        }


        /* don't accept any further messages with same id */
        mobile_array[cur_mobile].mn.registration_id[1]++;

        return 1;
#endif
}


/* Handle session key extension. Decrypt and copy to session_key */
static void handle_key_ext(struct reg_rep *rep, struct msg_key *key)
{
        ASSERT(rep != NULL && key != NULL);
        DEBUG(DEBUG_MESSAGES, "mobile-home key extension received\n");
        /* If SPIs are different, something went wrong and we should
         * send another registration request to obtain session key. */

        if (ntohl(key->spi) != mobile_array[cur_mobile].config.spi) {
                LOG2(LOG_WARNING, "Wrong SPI in the key reply extension.\n");
                return;
        }

        /* Extract new session key */
        if (mobile_array[cur_mobile].mn.session_key) free(mobile_array[cur_mobile].mn.session_key);
        mobile_array[cur_mobile].mn.session_key = auth_decrypt(mobile_array[cur_mobile].config.auth_alg, mobile_array[cur_mobile].config.shared_secret,
                                   mobile_array[cur_mobile].config.shared_secret_len, key, rep,
                                   (int *) &mobile_array[cur_mobile].mn.session_key_len);
        if (mobile_array[cur_mobile].mn.session_key == NULL) {
                LOG2(LOG_ERR,
                       "handle_key_ext: session key decryption failed\n");
                mobile_array[cur_mobile].mn.session_key_len = 0;
                return;
        }

        show_key_dump("Session key", mobile_array[cur_mobile].mn.session_key, mobile_array[cur_mobile].mn.session_key_len);
}


/* Handle registration accepting registration reply */
static void handle_reg_accept(struct msg_extensions *ext)
{
#ifdef MN_LOCUPD_PROFILER
        char tmp[30];
#endif

        ASSERT(ext != NULL && ext->rep != NULL);

        /* Connection succeeded. It's ok to monitor agent adv. expiring */
        mobile_array[cur_mobile].mn.expire_check = 1;

        if (mobile_array[cur_mobile].mn.current_adv != NULL) {
                /* reset retry wait time for next registration */
                DEBUG(DEBUG_TIMERS, "FA[%s] reg_retry_time: "
                      "%i => %i (reg. reply ok)\n",
                      inet_ntoa(mobile_array[cur_mobile].mn.current_adv->addr),
                      mobile_array[cur_mobile].mn.current_adv->reg_retry_time,
                      MIN_REGISTRATION_TIME);
                mobile_array[cur_mobile].mn.current_adv->reg_retry_time = MIN_REGISTRATION_TIME;
        } else
                mobile_array[cur_mobile].mn.HA_reg_retry_time = MIN_REGISTRATION_TIME;

        if (ntohs(ext->rep->lifetime) > 0) {
                DEBUG(DEBUG_INFO, "Registration accepted\n");
#ifdef INCLUDE_IPAY
                if (mobile_array[cur_mobile].mn.current_adv != NULL)
                        ipay_new_fa(mobile_array[cur_mobile].mn.current_adv);
#endif
        } else DEBUG(DEBUG_INFO, "Deregistration accepted\n");

        switch (mobile_array[cur_mobile].mn.state) {
        case MN_CLOSE_FOR_HOME:
                mobile_array[cur_mobile].mn.ha_error_count = 0;
                if (ntohs(ext->rep->lifetime) == 0)
                        at_home();
                break;
        case MN_FIND_AGENT:
        case MN_PASSIVE_FIND:
                /* The answer is coming later than expected,
                 * so we just skip it. */
                DEBUG(DEBUG_MESSAGES, "handle_reg_accept - in find agent or "
                      "passive find state - skipping reg. reply\n");
                break;
        case MN_REQUEST_TUNNEL:
        case MN_CONNECTED:
                mobile_array[cur_mobile].mn.ha_error_count = 0;
                if (ext->mn_keyrep != NULL)
                        handle_key_ext(ext->rep, ext->mn_keyrep);
                if (ext->rep->lifetime == 0) {
                        LOG2(LOG_INFO, "Got registration accepted reply with "
                             "zero lifetime - aborting registration and going "
                             "to passive find state\n");
                        reply_waiting_api(API_FAILED, NULL, 0);
                        passive_find();
                        return;
                } else {
                        connected((ext->mh_auth) ? CON_HA : CON_FA,
                                  ntohs(ext->rep->lifetime));
#ifdef MN_LOCUPD_PROFILER
                        snprintf(tmp, sizeof(tmp), "CON %s",
                                 inet_ntoa(mobile_array[cur_mobile].mn.fa_addr));
                        write_profiler(tmp);
#endif
                        reply_waiting_api(API_SUCCESS, NULL, 0);
                }
                break;

        case MN_DISCONNECTED:
#ifdef MN_LOCUPD_PROFILER
                write_profiler("DIS");
#endif
                break;

        default:
                break;
        }
}


/* returns: 1 = try again, 0 = give up */
static int handle_id_mismatch_ha(struct msg_extensions *ext)
{
        /* If reply code is 133, id failed and we should resynchronize
         * clock/nonce and try again */
#ifdef MN_LOCUPD_PROFILER
        write_profiler("DENY_ID");
#endif
        switch (mobile_array[cur_mobile].config.replay_meth) {
        case REPLAY_PROTECTION_NONE:
                LOG2(LOG_INFO, "ID mismatch from HA even with "
                     "disabled replay protection\n");
                reply_waiting_api(API_FAILED, &ext->rep->code, 1);
                disconnect();
                break;

        case REPLAY_PROTECTION_TIMESTAMP:
                mobile_array[cur_mobile].mn.clock_correction = ntohl(ext->rep->id[0]) -
                        UNIX_NTP_DIFF - time(NULL);
                if (mobile_array[cur_mobile].mn.ha_error_count++ < MAX_HA_ERRORS) {
                        LOG2(LOG_INFO, "Clock synchronization %d seconds\n",
                             mobile_array[cur_mobile].mn.clock_correction);
                        return 1;
                } else {
                        LOG2(LOG_INFO,
                             "Clock resynchronization failed. "
                             "Disconnecting.\n");
                        reply_waiting_api(API_FAILED, &ext->rep->code, 1);
                        disconnect();
                }
                break;

        case REPLAY_PROTECTION_NONCE:
                if (mobile_array[cur_mobile].mn.ha_error_count++ < MAX_HA_ERRORS) {
                        LOG2(LOG_INFO, "Nonce mismatch - syncronizing\n");
                        return 1;
                } else {
                        LOG2(LOG_INFO, "Nonce mismatch - "
                             "syncronization failed\n");
                        reply_waiting_api(API_FAILED, &ext->rep->code, 1);
                        disconnect();
                }
                break;
        }

        return 0;
}


/* returns: 1 = try again, 0 = give up */
static int handle_long_lifetime(struct msg_extensions *ext)
{
#ifdef MN_LOCUPD_PROFILER
        write_profiler("LIFETIME_FA");
#endif
        if (mobile_array[cur_mobile].mn.req_lifetime > ntohs(ext->rep->lifetime) &&
                ntohs(ext->rep->lifetime) >= MIN_ALLOWED_LIFETIME) {
                LOG2(LOG_INFO, "FA (closest FA %s), "
                     "requests smaller lifetime (%d) - retrying\n",
                     inet_ntoa(mobile_array[cur_mobile].mn.fa_addr), ntohs(ext->rep->lifetime));
                mobile_array[cur_mobile].mn.req_lifetime = ntohs(ext->rep->lifetime);
                return 1;
        }

        /* this FA failed - try to find another one */
        LOG2(LOG_INFO, "FA %s denies requested lifetime %d s with bad "
             "suggestion %d s - changing FA\n",
             inet_ntoa(mobile_array[cur_mobile].mn.fa_addr), mobile_array[cur_mobile].mn.req_lifetime,
             ntohs(ext->rep->lifetime));
        if (mobile_array[cur_mobile].mn.current_adv != NULL)
                mobile_array[cur_mobile].mn.current_adv->reg_failed = 1;
        else
                LOG2(LOG_INFO, "handle_long_lifetime - current_adv == NULL\n");
        find_agent(STATE_INIT);
        return 0;
}


/* returns: 1 = try again, 0 = give up */
static int handle_unknown_ha(struct msg_extensions *ext)
{
        int retry_hadisc = 0;

        /* dynamic home agent address resolution */

        if (mobile_array[cur_mobile].config.ha_ip_addr.s_addr != 0 || mobile_array[cur_mobile].config.home_net_addr_plen < 0) {
                LOG2(LOG_INFO, "HA did not accept HA address %s\n",
                     inet_ntoa(mobile_array[cur_mobile].config.ha_ip_addr));
                retry_hadisc = 1;
        }

        if (ext->rep->ha_addr.s_addr ==
            mobile_array[cur_mobile].config.home_net_subnet_bc.s_addr) {
                LOG2(LOG_INFO, "HA returned same subnet-directed broadcast "
                     "address in dynamic address resolution\n");
                retry_hadisc = 1;
        }

        if (retry_hadisc) {
                if (mobile_array[cur_mobile].config.use_hadisc) {
                        DEBUG(DEBUG_MESSAGES, "Try to discover another HA\n");
                        mobile_array[cur_mobile].mn.info_str = "restarting HA discovery";
                        mobile_array[cur_mobile].config.ha_ip_addr.s_addr = 0;
                        return 1;
                }
                return 0;
        }

        LOG2(LOG_INFO, "Learned HA address (%s) with dynamic address "
             "resolution\n", inet_ntoa(ext->rep->ha_addr));
        mobile_array[cur_mobile].mn.info_str = "HA discovery completed successfully";
        mobile_array[cur_mobile].config.ha_ip_addr.s_addr = ext->rep->ha_addr.s_addr;
        return 1; /* try to register with the new HA address */
}


static int handle_reg_denied(struct msg_extensions *ext)
{
        ASSERT(ext != NULL && ext->rep != NULL);

        if (mobile_array[cur_mobile].mn.state != MN_REQUEST_TUNNEL &&
            mobile_array[cur_mobile].mn.state != MN_CLOSE_FOR_HOME &&
            mobile_array[cur_mobile].mn.state != MN_CONNECTED) {
                DEBUG(DEBUG_MESSAGES, "handle_reg_denied - received denial "
                      "reply while not trying to register\n");
                return 0;
        }

        DEBUG(DEBUG_MESSAGES, "Registration denied, code = %d (%s)\n",
                     ext->rep->code, reply_code_str(ext->rep->code));

        switch (ext->rep->code) {
        case REGREP_ID_MISMATCH_HA:
                return handle_id_mismatch_ha(ext);

        case REGREP_LONG_LIFETIME_FA:
                return handle_long_lifetime(ext);

        case REGREP_UNKNOWN_HA_HA:
                return handle_unknown_ha(ext);

        case REGREP_HA_HOST_UNCREACHABLE_FA:
        case REGREP_HA_PORT_UNCREACHABLE_FA:
        case REGREP_HA_UNREACHABLE_FA:
                if (mobile_array[cur_mobile].config.use_hadisc && mobile_array[cur_mobile].config.ha_ip_addr.s_addr != 0) {
                        DEBUG(DEBUG_MESSAGES, "HA unreachable => try to "
                              "discover another HA\n");
                        mobile_array[cur_mobile].mn.info_str = "restarting HA discovery";
                        mobile_array[cur_mobile].config.ha_ip_addr.s_addr = 0;
                        return 1;
                }
                return 0;

        case REGREP_UNKNOWN_CHALLENGE_FA:
        case REGREP_STALE_CHALLENGE_FA:
                return 1; /* try to reregister; FIX: should get a new challenge
                           * value, if no new agent advertisement has been
                           * received */

        case REGREP_MN_FAILED_AUTH_FA:
                if (mobile_array[cur_mobile].mn.try_to_fix_sec_assoc) {
                        /* dynamic security association was removed in
                         * is_valid_reply() so try to reregister and create a
                         * new security association with the FA */
                        return 1;
                }

                /* no method for fixing the security association, so just fall
                 * through to the default case */

        default:
#ifdef MN_LOCUPD_PROFILER
                write_profiler("DENY");
#endif
                LOG2(LOG_INFO, "Registration denied, code = %d (%s)\n",
                     ext->rep->code, reply_code_str(ext->rep->code));
                reply_waiting_api(API_FAILED, &ext->rep->code, 1);
                /* Try to change the FA by degrading the priority of the "
                   "current FA. */
                degrade_current_fa_priority();
        }

        return 0;
}


/* Handle registration message from socket s.
 * Returns 1 if registration should be re-tried */
int handle_registration(int s)
{
        char msg[MAXMSG];
        unsigned int len;
        struct sockaddr_in addr;
        int n, res;
        struct msg_extensions ext;

        len = sizeof(addr);

        n = recvfrom(s, msg, MAXMSG, 0, (struct sockaddr*) &addr, &len);
        if (n < 0) {
                LOG2(LOG_ERR, "registration recv: %s\n", strerror(errno));
                return 0;
        }
        DEBUG(DEBUG_MESSAGES, "Received %d bytes from %s:%d\n", n,
               inet_ntoa(addr.sin_addr), ntohs(addr.sin_port));

        res = parse_msg(msg, n, &ext);
        if (res != 0 || ext.double_auth_ext != 0) {
                char *reason = "N/A";
                DEBUG(DEBUG_MESSAGES, "Dropping invalid message\n");
                mobile_array[cur_mobile].mn.discarded_msgs++;
                if (res == -1)
                        reason = "unknown extension";
                else if (res == -2)
                        reason = "malformed message";
                else if (res == -3 || res == -4 || res == -5)
                        reason = "unknown vendor extension";
                else if (ext.double_auth_ext != 0)
                        reason = "double authentication extension";
                report_discarded_msg(msg, n, &addr, reason);
                return 0;
        }

        mobile_array[cur_mobile].mn.try_to_fix_sec_assoc = 0;
        if (is_valid_reply(&ext, addr)) {
                mobile_array[cur_mobile].mn.prev_req_replied = 1;
                time(&mobile_array[cur_mobile].mn.last_reply_rcvd);
                mobile_array[cur_mobile].mn.last_reply_code = ext.rep->code;
                mobile_array[cur_mobile].mn.last_nonce = ext.rep->id[0];
                if (ext.challenge != NULL) {
                        int len;
                        gettimeofday(&mobile_array[cur_mobile].mn.last_challenge_time, NULL);
                        len = GET_CHALLENGE_EXT_LEN(ext.challenge);
                        if (mobile_array[cur_mobile].mn.last_challenge_ext == NULL ||
                            GET_CHALLENGE_EXT_LEN(mobile_array[cur_mobile].mn.last_challenge_ext) !=
                            len) {
                                if (mobile_array[cur_mobile].mn.last_challenge_ext != NULL)
                                        free(mobile_array[cur_mobile].mn.last_challenge_ext);
                                mobile_array[cur_mobile].mn.last_challenge_ext =
                                        (struct challenge_ext *) malloc(len);
                        }

                        if (mobile_array[cur_mobile].mn.last_challenge_ext != NULL)
                                memcpy(mobile_array[cur_mobile].mn.last_challenge_ext, ext.challenge,
                                       len);
                        else
                                DEBUG(DEBUG_INFO, "Could not malloc() memory "
                                      "for challenge extension\n");
                }
                if (IS_REGREP_ACCEPTED(ext.rep->code))
                        handle_reg_accept(&ext);
                else
                        return handle_reg_denied(&ext);
        } else {
                report_discarded_msg(msg, n, &addr, "invalid reply");
                mobile_array[cur_mobile].mn.discarded_msgs++;
        }

        return 0;
}


int send_messages(int interval)
{
int i=0;
        for(i;i<mobiles-1;i++){
                tm=time(NULL);
                tmptr =localtime(&tm);
                strftime(timestr,100, " %X",tmptr); //get time 
                if((i+1)<mobiles) //check that we're not trying to go out of array 
                {
                if(interval=atoi(devices[i+1].timestart)-atoi(devices[i].timestart)<0) interval=3; //timeline fuxxored, no negative times->use default 3 seconds TODO: read from given interval
                else interval=atoi(devices[i+1].timestart)-atoi(devices[i].timestart); //given wait ok
                }
                else interval=3; //wait 3 seconds after quit TODO read from given interval

                
                if(mobile_array[cur_mobile].state==0) //joint
                {
                        mobile_array[cur_mobile].mn.req_lifetime = 600;
                        printf("%s REGISTERATION message with home address: %s , NAI: %s and interval: %i \n" , timestr, inet_ntoa(mobile_array[cur_mobile].config.mn_home_ip_addr),mobile_array[cur_mobile].config.mn_nai, interval);
                        send_registration(REG_CONNECT); //send reg
                        sent_regs++;
                }
                else //leave TODO if state==1 and if state==2 !!
         {
                        printf("%s DEREGISTERATION message with home address: %s and NAI: %s and interval %i \n", timestr, inet_ntoa(mobile_array[cur_mobile].config.mn_home_ip_addr), mobile_array[cur_mobile].config.mn_nai, interval);
                        mobile_array[cur_mobile].mn.req_lifetime = 0;
                        send_registration(REG_DISC); //send dereg
                        sent_deregs++;
                }
                cur_mobile=cur_mobile+1; //next mobile
                
                sleep(interval);
        }
        cur_mobile=0; //back to start, just in case

return 1;
}

int create_mobile()
{
int i =0;

        for(i=0;i<rownumber-1;i++)
        {
                if(devices[i].ip_home==NULL) return -1;//file read but it was empty, quit!
                mobile_array[i].mn=mn;
                mobile_array[i].config=config;
                mobile_array[i].config.mn_home_ip_addr.s_addr=inet_addr(devices[i].ip_home);
                mobile_array[i].config.mn_home_ip_addr_orig.s_addr=inet_addr(devices[i].ip_home);
                mobile_array[i].config.ha_ip_addr.s_addr=inet_addr(devices[i].ip_homeagent);
                mobile_array[i].config.ha_ip_addr_orig.s_addr=inet_addr(devices[i].ip_homeagent);
                mobile_array[i].config.mn_nai_len=sizeof(devices[i].nai);
                memcpy(mobile_array[i].config.mn_nai, devices[i].nai,sizeof(devices[i].nai));
                mobile_array[i].mn.co_addr.s_addr=inet_addr(devices[i].ip_careoff);
                mobile_array[i].state=atoi(devices[i].state);
                mobiles=mobiles+1;
        }

}


int readfile(char file[]){

 FILE *fileo;
 
 fileo = fopen(file,"r"); 

  if(file==NULL) {
    printf("Do not Open.\n");
    return 1;
  }

int i=0;

while (!feof(fileo))
{
        fgets(rows[i].row, sizeof(rows[i].row), fileo);    
  i=i+1;
  rownumber=rownumber+1;
}


return 1;
}

int parse_rows(int i) {

int j;

for (j=0; j<i; j++)
 {
        sscanf (rows[j].row,"%s %s %s %s %s %s ",devices[j].timestart,devices[j].state,devices[j].ip_home,devices[j].ip_homeagent,devices[j].ip_careoff,devices[j].nai,);

        }

return 1;
}



int main(int argc, char *argv[])

{
        printf("Virtual foreign agent v0.1. \n Sending registeration messages with interval: %i \n", 3);
        mn_init(); //read dynmnd.conf to make "meta mobile node"
        if(argc==2) readfile(argv[1]); 
        else
        {
                printf("No filename given - using default /home/dynamo/mobiles.txt \n");
                readfile("/home/dynamo/mobiles.txt"); //read cfg
        }

  parse_rows(rownumber); //parse lines
        create_mobile(); //creates virtual mobile nodes into array
        send_messages(3); //sends register messages with given interval
        printf("Sent %i REGISTER messages and %i DEREGISTER messages \n", sent_regs, sent_deregs);
        
  return EXIT_SUCCESS;
}

---