fwwebdevice.c

firewall PNE 3.3 source code, running at more than vxworks6.x version.

/* fwWebDevice.c - Firewall webscreen sample implementation */

/* Copyright 2004 - 2005 Wind River Systems, Inc. */
#include "copyright_wrs.h"

/*
modification history
--------------------
01y,18oct05,zhu  Added missing parameters for rate limit set
01x,18oct05,zhu  SPR#114025: Endianess bug for LE targets
01w,18may05,zhu  not allow blank IPv6 address in setting
01v,12may05,zhu  cleaned up compiler warnings
01u,12apr05,zhu  added rate limit support
01t,03mar05,zhu  added IPv6 support
01s,13aug04,zhu  fixed the WMark disorder processing in WM4.3
01r,12aug04,zhu  porting to WM4.3
01q,12aug04,zhu  added target clock check
01p,11may04,zhu  changed to require only one interface for firewall
01o,10may04,zhu  fixed any time of day problem
01n,10mar04,zhu  fixed byte order problem
01m,01mar04,zhu  bug fixes and updates
01l,26feb04,zhu  bug fixes
01k,25feb04,zhu  updated with fwRuleFilterIsInstalled and fwRuleFilterDftActionGet
01j,24feb04,zhu  added fwWebRuleFieldGet to simplify the code
01i,24feb04,zhu  move customized function from postreply to RPM
01h,19feb04,zhu  updated API, error display and fixed bugs
01g,17feb04,zhu  updated API
01f,11feb04,zhu  added backplane error display
01e,09feb04,zhu  changed for updated firewall API
01d,05feb04,zhu  bug fixes
01c,03feb04,zhu  code cleaned up
01b,02feb04,zhu  updated
01a,30jan04,zhu  created
*/

/*
DESCRIPTION

The functions in this module are called by the wmb_fwWebSample.c and
wmwUsrFuncs.c.

This module implements all the GET/SET routines and other supported
functions required by wmb_fwWebSample.c and wmwUsrFuncs.c.
*/


#include "vxWorks.h"
#include "fwWebDevice.h"



/*#ifndef VIRTUAL_STACK*/
IMPORT struct ifnethead ifnet_head;
/*#endif*/


/*#define FW_WEB_DEBUG*/
#ifdef FW_WEB_DEBUG

int fwWebDebug = 0;
#define DBG_PRINT(X) \
    do { \
    if (fwWebDebug) \
        printf X; \
    }while(0)
#else

#define DBG_PRINT(X)

#endif

/* local defines */

#define GROUP_NAME_BUF_LEN 	80

#define FWWEB_ACTION_NONE     	0
#define FWWEB_ACTION_EDIT     	1
#define FWWEB_ACTION_MOVEUP   	2
#define FWWEB_ACTION_MOVEDOWN 	3
#define FWWEB_ACTION_DELETE   	4

#define FWWEB_MOVE_INDEX	1
#define FWWEB_DISPLAY_INDEX 	2

#define FWWEB_EMPTY 		3


/* typedefs */

/* This sturcture groups together all interested fields for easy reference.
 * fwWebRule is only a temporary container. For GET operations we get the values
 * from the Firewall engine, and for SET operations we get the values from the 
 * WindMarks. 
 */ 
typedef struct {
    FW_RULE_IF srcIf; /* source IF rule, only for pre-input,input and forward*/
    FW_RULE_IF dstIf; /* dest IF rule, only for forward, pre-output and output*/
#ifdef INET6
    FW_RULE_V6ADDR srcAddrV6; /* source v6 IP address range */
    FW_RULE_V6ADDR dstAddrV6; /* dest v6 IP address range */
#endif
    FW_RULE_ADDR srcAddr; /* source IP address range */
    FW_RULE_ADDR dstAddr; /* dest IP address range */
    UINT32 proto;  /* protocol type, only support TCP, UDP and ICMP types */
    FW_RULE_TCP tcp;      /* TCP header rule */
    FW_RULE_UDP udp;      /* UDP header rule */
    FW_RULE_ICMP icmp;    /* ICMP header rule */
    FW_RULE_TIMEOFDAY timeOfDay;   /* time of day rule */
    FW_RULE_RATE_LIMIT rateLimit; /* rate limit */
    UINT32 actions;  /* action to take when rule matches, such as FW_ACCEPT */
    } FWWEB_RULE_ENTRY;


/* global variables */

FW_LOC_TYPE fwWebDirection = FW_PREIN_LOC;	/* display direction */
FW_LOC_TYPE fwWebEditdirection = FW_PREIN_LOC; 	/* direction when editing */

int fwWebCheckV6;

sbyte fwWebSunday[10];
sbyte fwWebMonday[10];
sbyte fwWebTuesday[10];
sbyte fwWebWednesday[10];
sbyte fwWebThursday[10];
sbyte fwWebFriday[10];
sbyte fwWebSaturday[10];

sbyte fwWebEnable[20] = "no";
sbyte junk[20]= "yes";

sbyte fwWebInterfaceName[20]="Unknown";

sbyte4 fwWebNotAnytime = 1; /* 1: not anytime; 0: anytime */
sbyte4 fwWebNotAnyday = 1;  /* 1: not any day; 0: any day */

UINT32 fwWebDefaultIn = FW_ACCEPT; /* default action for incoming packets */
UINT32 fwWebDefaultOut = FW_ACCEPT; /* default action for outgoing packets */
sbyte fwWebDefaultLogIn[10] = "OFF"; /* default no log for incoming packets */
sbyte fwWebDefaultLogOut[10] = "OFF"; /* default no log for outgoing packets */

/* have to define for WindMarks*/
UINT32 fwWebDefaultInV6 = FW_ACCEPT; /* default action for incoming V6 packets */
UINT32 fwWebDefaultOutV6 = FW_ACCEPT; /* default action for outgoing V6 packets */
sbyte fwWebDefaultLogInV6[10] = "OFF"; /* default no log for incoming V6 packets */
sbyte fwWebDefaultLogOutV6[10] = "OFF"; /* default no log for outgoing V6 packets */


sbyte4 fwWebCurrentIndex = 1; /* for displaying the current rule entry */
sbyte4 fwWebMoveIndex = 1; /* for getting the next rule entry */
sbyte4 fwWebEntrySelection = -1; /* the selected entry for some action */
sbyte4 fwWebAction = FWWEB_ACTION_NONE; /* five actions as defined above */
sbyte4 fwWebTotalEntry = 0; /* total entry in one filter location */
sbyte4 fwWebTotalInterface = 0; /* total interfaces attached to IP stack */

sbyte4 fwWebIntHolder = 0; /* for transmitting integer between backplane and webscreen*/
sbyte fwWebStringHolder[80] = "0.0.0.0"; /* for transmitting string between backplane and webscreen*/
sbyte fwWebActionDisplay[10];
sbyte fwWebLogDisplay[10];
sbyte fwWebError[200] = "no"; /* contains error messages to display on webscreen*/
sbyte4 fwWebEnableSetCalled = 0;  /* the flag to determine whether the SET operation from the Add/Edit table has been called*/

/* local global variables */
LOCAL BOOL fwWebV6AddrError = FALSE;
LOCAL BOOL fwWebV4AddrError = FALSE;

LOCAL struct ifnet * fwWebIfp; /* temp container for getting the interface information */
LOCAL struct ifnet * fwWebIfSetp; /* to hold the interfaces selection at SET operation */
LOCAL sbyte4 fwWebSetGetCalled = 0; /* the flag for editing or adding rules */
LOCAL sbyte fwWebTmpString1[40]; /* temp string holder */
LOCAL sbyte fwWebTmpString2[40]; /* temp string holder */
LOCAL sbyte fwWebTempError[200]; /* contains temp error message to add to fwWebError*/

LOCAL sbyte fwWebGroupName[GROUP_NAME_BUF_LEN] = "Unknown"; /* for getting or setting rule names */
LOCAL FW_STR_GET_BUF grpNameHolder ={fwWebGroupName,GROUP_NAME_BUF_LEN};
LOCAL FW_STR_GET_BUF * pGrpNameHolder = &grpNameHolder;

LOCAL FWWEB_RULE_ENTRY fwWebRuleEntry; /* temporary container for getting or setting rules */
LOCAL FWWEB_RULE_ENTRY * pfwWebRule = &fwWebRuleEntry;

LOCAL char * emptyAddrRange = "0.0.0.0 - 0.0.0.0"; 
LOCAL char * emptyAddrRangeV6 = "0::0:0:0:0 - 0::0:0:0:0";

LOCAL SEM_ID    fwWebErrorLock;

/******************************************************************************
* 
* fwWebErrorPrint - Print firewall webscreen error messages to web browser
*
* This routine implements printing firewall webscreen error messages to web 
* browser. The total messages length can not exceed 200 bytes.
*
* RETURNS: void
*/

void fwWebErrorPrint
    (
    sbyte * error /* an error message in string format */
    )
    {
    sbyte tmpString[200];
    
    semTake (fwWebErrorLock, WAIT_FOREVER);

    DBG_PRINT(("Firewall Webscreen Error: %s", error));
    
    if (strcmp(fwWebError, "no") )
        {
        /* Already Error*/
        sprintf(tmpString, "%s%s", fwWebError, error);
        if (strlen(tmpString) <=200 )
            strcpy(fwWebError, tmpString);
        }
    else
        if (strlen(error) <=200 )
            strcpy(fwWebError, error);

    semGive (fwWebErrorLock);
   
    return;
    }


/******************************************************************************
* 
* fwWebRuleFieldGet - Get firewall rule field
*
*
* RETURNS: OK if found, or ERROR if not found, or FWWEB_EMPTY if new rule entry
*/

int fwWebRuleFieldGet
    ( 
    UINT32 fieldId, /* identify which field to be set */
    int indexType, /* FWWEB_MOVE_INDEX or FWWEB_DISPLAY_INDEX */
    void * arg, /* value depends on the previous parameter fieldId */
    sbyte * funcName /* the name of the function which calls fwWebRuleFieldGet */
    )
    {
    void * groupId;
    int index = -2;

    if (indexType == FWWEB_MOVE_INDEX)
        index = fwWebMoveIndex;
    else if (indexType == FWWEB_DISPLAY_INDEX)
        index = fwWebEntrySelection;
    else index = -2;

    DBG_PRINT(("fwWebRuleFieldGet for %s: index = %d\n", funcName, index));

    if (index >=1 && index <= fwWebTotalEntry)
        {
        groupId = fwRuleGroupIdGet(fwWebDirection, index);

        if (groupId == NULL)
            {
            sprintf(fwWebTempError, "fwRuleGroupIdGet Failed for entry %d, direction %d in %s!\n", index , fwWebDirection, funcName);
            fwWebErrorPrint(fwWebTempError);
            return ERROR;
            }

        if( fwRuleFieldGet(groupId, fieldId, arg ) == ERROR)
            {
            sprintf(fwWebTempError, "fwRuleFieldGet Failed in %s", funcName);
            fwWebErrorPrint(fwWebTempError);
            return ERROR;
            }
        }
    else
        {
        if (indexType == FWWEB_DISPLAY_INDEX && index ==-1)
            return FWWEB_EMPTY;
        else
            {
            sprintf(fwWebTempError, "Index %d not in the correct range 1 to %d in %s", index, fwWebTotalEntry, funcName);
            fwWebErrorPrint(fwWebTempError);
            return ERROR;
            } 
        }

    return OK;
    }

/******************************************************************************
* 
* fwWebTakeAction - Take action which is selected from web browser
*
*
* RETURNS: OK if success, or ERROR if not 
*/

STATUS fwWebTakeAction(void)
    {
    void * groupId;

    DBG_PRINT(("action set to %d with fwWebEntrySelection %d\n", fwWebAction, fwWebEntrySelection));
    switch (fwWebAction)
        {
        case FWWEB_ACTION_EDIT:
            /* Edit*/
            /* Edit will clear the entry selection */
            DBG_PRINT(("fwWebAction is Edit, so keep fwWebEntrySelection to %d!\n", fwWebEntrySelection));
            fwWebAction = FWWEB_ACTION_NONE;
            fwWebDirection = fwWebEditdirection;
            break;
        case FWWEB_ACTION_MOVEUP:
            /* Moveup*/
            groupId = fwRuleGroupIdGet(fwWebEditdirection,fwWebEntrySelection);
            if (groupId)
                {
                void * preGrpId;

                if ((fwWebEntrySelection - 2) >= 1)
                    {
                    preGrpId = fwRuleGroupIdGet(fwWebEditdirection,
                                                fwWebEntrySelection - 2);
                    if (preGrpId)
                        {
                        if (fwRuleGroupMove(groupId,preGrpId,FW_MOVE_AFTER) == ERROR )
                              fwWebErrorPrint("Moveup Failed: Can not move up your entry!\n");
                        }
                    else
                        {
                        fwWebErrorPrint("Moveup Failed: Can not move up your entry!\n");
                        }
                    }
                else if ((fwWebEntrySelection - 2) == 0)
                         {
                         if (fwRuleGroupMove(groupId,NULL,FW_MOVE_TO_HEAD) == ERROR)
                             fwWebErrorPrint("Moveup Failed: Can not move up your entry!\n"); 
                         }
                else fwWebErrorPrint("Moveup Failed: You can not move up this entry!\n");
                }
            else
                {
                fwWebErrorPrint("Moveup Failed: Your entry selection does not exist!\n");
                }

            if(fwNvInstalled())
                {
                if (fwNvRuleListSave(fwWebEditdirection) == ERROR)
                     fwWebErrorPrint("Save Failed: Your configuration can not be saved!\n");
                }

            fwWebEntrySelection = -1;
            fwWebAction = FWWEB_ACTION_NONE;
            DBG_PRINT(("fwWebAction moveup is done, set fwWebEntrySelection to -1! reset fwWebAction to 0!\n"));
            break;
        case FWWEB_ACTION_MOVEDOWN:
            /* Movedown*/
            groupId = fwRuleGroupIdGet(fwWebEditdirection,fwWebEntrySelection);
            if (groupId) 
                {
                void * preGrpId;

                preGrpId = fwRuleGroupIdGet(fwWebEditdirection,
                                                fwWebEntrySelection + 1);
                if (preGrpId)
                    {
                    if (fwRuleGroupMove(groupId,preGrpId,FW_MOVE_AFTER) == ERROR)
                        fwWebErrorPrint("Movedown Failed: Can not move down your entry!\n");
                    }
                else
                    {
                    fwWebErrorPrint("Movedown Failed: Can not move down your entry!\n");
                    }
                } 
            else
                {
                fwWebErrorPrint("Movedown Failed: Your entry selection does not exist!\n");
                }


            if(fwNvInstalled())
                {
                if (fwNvRuleListSave(fwWebEditdirection) == ERROR)
                     fwWebErrorPrint("Save Failed: Your configuration can not be saved!\n");
                }

            fwWebEntrySelection = -1;
            fwWebAction = FWWEB_ACTION_NONE;
            DBG_PRINT(("fwWebAction movedown is done, set fwWebEntrySelection to -1! reset fwWebAction to 0!\n"));
            break;
        case FWWEB_ACTION_DELETE:
            /* Delete*/
            groupId = fwRuleGroupIdGet(fwWebEditdirection,fwWebEntrySelection);
            if (groupId)
                {
                if (fwRuleGroupDelete(fwWebEditdirection,groupId) == ERROR)
                    fwWebErrorPrint("Delete Failed: Your entry can not be deleted!\n");
                }
            else
                {
                fwWebErrorPrint("Delete Failed: Your entry selection does not exist!\n");
                }

            if(fwNvInstalled())
                {
                if (fwNvRuleListSave(fwWebEditdirection) == ERROR)
                     fwWebErrorPrint("Save Failed: Your configuration can not be saved!\n");
                }

            fwWebEntrySelection = -1;
            fwWebAction = FWWEB_ACTION_NONE;
            fwWebTotalEntry = fwWebTotalEntry -1;
            DBG_PRINT(("fwWebAction delete is done, set fwWebEntrySelection to -1! reset fwWebAction to 0!\n"));
            break;
        default:
            /* No fwWebAction */
            fwWebEntrySelection = -1;
            fwWebAction = FWWEB_ACTION_NONE;
            DBG_PRINT(("No fwWebAction, set fwWebEntrySelection to -1! reset fwWebAction to 0!\n"));
        }

    bzero((char *)&fwWebRuleEntry, sizeof(fwWebRuleEntry));
    bzero((char *)&fwWebGroupName, sizeof(fwWebGroupName));
    pfwWebRule->proto= IPPROTO_MAX + 1;
    fwWebCurrentIndex = 1;
    fwWebMoveIndex = 1;
    fwWebNotAnyday =1;
    fwWebNotAnytime =1;
    fwWebSetGetCalled = 0;
    fwWebEnableSetCalled = 0;
    fwWebIfSetp= NULL;

    return OK;
    }

/******************************************************************************
* 
* fwWebDstAddrGet - Get the destination address range of a rule entry to display
* on the webscreen incoming or outgoing table
*
*