Change no_hmac_verify to hmac-verify.

It wasn't consistent with the naming of other option. The option is
phrased positively to match the Information Model (babel-mac-verify).

Thanks to Julien Muchembled for finding a bug in a previous version of
this commit.

babeld.man

@@ -469,10 +469,10 @@ otherwise.
 Enable HMAC security on this interface, and use the key
 .IR id .
 .TP
-.BR no_hmac_verify " {" true | false }
-Do not check packet signatures, accept unsigned or incorrectly signed packets
-even if one or more keys are configured on the interface.  The default is
-.BR false .
+.BR hmac-verify " {" true | false }
+Check packet signatures, reject unsigned or incorrectly signed
+packets.  The default is
+.BR true .
 .TP
 .SS Filtering rules
 A filtering rule is defined by a single line with the following format:

configuration.c

@@ -610,12 +610,6 @@ parse_anonymous_ifconf(int c, gnc_t gnc, void *closure,
             if(c < -1)
                 goto error;
             if_conf->unicast = v;
-        } else if(strcmp(token, "no_hmac_verify") == 0) { 
-            int v;
-            c = getbool(c, &v, gnc, closure);
-            if(c < -1)
-                goto error;
-            if_conf->no_hmac_verify = v;
         } else if(strcmp(token, "link-quality") == 0) {
             int v;
             c = getbool(c, &v, gnc, closure);
@@ -700,6 +694,12 @@ parse_anonymous_ifconf(int c, gnc_t gnc, void *closure,
             }
             if_conf->key = key;
             free(key_id);
+        } else if(strcmp(token, "hmac-verify") == 0) {
+            int v;
+            c = getbool(c, &v, gnc, closure);
+            if(c < -1)
+                goto error;
+            if_conf->hmac_verify = v;
         } else {
             goto error;
         }
@@ -892,7 +892,7 @@ merge_ifconf(struct interface_conf *dest,
     MERGE(lq);
     MERGE(faraway);
     MERGE(unicast);
-    MERGE(no_hmac_verify);
+    MERGE(hmac_verify);
     MERGE(channel);
     MERGE(enable_timestamps);
     MERGE(rfc6126);

interface.c

@@ -398,8 +398,11 @@ interface_updown(struct interface *ifp, int up)
 
         if(IF_CONF(ifp, unicast) == CONFIG_YES)
             ifp->flags |= IF_UNICAST;
-        if(IF_CONF(ifp, no_hmac_verify) == CONFIG_YES)
-            ifp->flags |= IF_NO_HMAC_VERIFY;
+        if(IF_CONF(ifp, hmac_verify) == CONFIG_YES ||
+           IF_CONF(ifp, hmac_verify) == CONFIG_DEFAULT)
+            ifp->flags |= IF_HMAC_VERIFY;
+        else if(IF_CONF(ifp, hmac_verify) == CONFIG_NO)
+            ifp->flags &= ~IF_HMAC_VERIFY;
         if(IF_CONF(ifp, hello_interval) > 0)
             ifp->hello_interval = IF_CONF(ifp, hello_interval);
         else if(type == IF_TYPE_WIRELESS)

interface.h

@@ -55,7 +55,7 @@ struct interface_conf {
     char unicast;
     char enable_timestamps;
     char rfc6126;
-    char no_hmac_verify;
+    char hmac_verify;
     int channel;
     unsigned int rtt_decay;
     unsigned int rtt_min;
@@ -85,8 +85,8 @@ struct interface_conf {
 #define IF_TIMESTAMPS (1 << 6)
 /* Remain compatible with RFC 6126. */
 #define IF_RFC6126 (1 << 7)
-/* Packets with a wrong or empty packet trailer are accepted */
-#define IF_NO_HMAC_VERIFY (1 << 8)
+/* Incoming packets are required to have a valid MAC hash. */
+#define IF_HMAC_VERIFY (1 << 8)
 /* Use Babel over DTLS on this interface. */
 #define IF_DTLS (1 << 9)
 

message.c

@@ -611,7 +611,7 @@ parse_packet(const unsigned char *from, struct interface *ifp,
     if(ifp->key != NULL) {
         switch(check_hmac(packet, packetlen, bodylen, from, to, ifp)) {
         case -1: /* no mac trailer */
-            if(ifp->flags & IF_NO_HMAC_VERIFY)
+            if(!(ifp->flags & IF_HMAC_VERIFY))
                 break;
             /* fallthrough */
         case 0: