📄 ipsec_stats.c
字号:
/* ipsec_stats.c - IPsec operational statistics *//* Copyright 2000-2006 Wind River Systems, Inc. *//* modification history--------------------01r,14feb06,rma IPVI_ADDRESS_SELECTOR optimizations.01q,08feb06,jfb Fixed GNU-only compile error.01p,12jan06,djp removed rwos dependencies01o,08dec05,djp Removed RWOS_TIME_STAMP01n,25nov05,djp Removed RW_CONTAINER code for PROTECTION_SUITE01m,08nov05,rma Replace RWOS container(s) with wrSecHash/List(s).01n,25oct05,djp Added TRAFFIC_INFO_PROTOCOL_GET macro01m,23sep05,jfb Fixed TSR 457668. Semaphores (ipsec_global_class.mutex and splimp/slpx) taken in inconsistent order.01l,27jul05,hms replaced MAX_XFORM_NAME_LEN with MAX_NAME_LENGTH. The first one is only defined if FEATURE_IPSEC_COUNTERS_IKE is set to true for compilation.01k,24feb05,djp Added message channel functionality. Moved APIs to ipsec_stats_api.c01j,13jan05,ps eliminate aliased function names.01i,30nov04,jfb Beautified again01h,29nov04,jfb Beautified01g,11oct04,rma Call sa_is_bundle_valid() before accessing SABundles.01f,07oct04,ps Fix for Coverity bug 345 (null ptr issues)01d,30aug04,cdw Use protection suite manager mutex apis01c,27jul04,cdw Fixed transformGet()01b,01jun04,swc moved prototypes, added Dump and Print functions01a,27may04,jfb ifdef'd around entire file based on INCLUDE_COUNTERS_IPSEC*//*DESCRIPTIONThis library contains the server side routines that maintain operational statistics for the IPsec component of Wind Net IPsec and IKE. You can retrieve and printstatistics for network interfaces, policies, and protection suites. To includethis library in the VxWorks image, define INCLUDE_COUNTERS_IPSEC at build time.Refer to ipsec_stats_api.c for details.INCLUDE FILES: ipsecStats.h*/#include <vxWorks.h>#include <string.h>#include <netinet/in.h>#include <wrn/ipsec/ipsecStats.h>#include "../common/wrSecInetAddr.h"#include "../common/wrSecTimeStamp.h"#include "../common/wrSecList.h"#include "../common/wrSecMem.h"#include "../ike/protection_suite.h"#include "../ike/protection_suite_manager.h"#include "../sadb/sadb_if.h"#include "../sadb/sadbP.h"#include "../spd/spdP.h"#include "../spd/spd_globals.h"#include "../spd/spd_print_routines.h"#include "ipsec_network_interface.h"#include "ipsec_stats.h"#ifdef INCLUDE_COUNTERS_IPSEC/* forward declarations */extern PROTECTION_SUITE_MANAGER protection_suite_manager;#ifdef INCLUDE_COUNTERS_PROTECTION_SUITESLOCAL STATUS SABundleTimeGet ( SA_BUNDLE *p_sa_bundle, UINT32 *upTime, UINT32 *remainingTimeHard, UINT32 *remainingTimeSoft );LOCAL STATUS transformGet ( SECURITY_POLICY *pPolicy, UINT proposal_number, char *transform, UINT maxTransformLength );#endif /* INCLUDE_COUNTERS_PROTECTION_SUITES */#ifdef INCLUDE_COUNTERS_NETWORK_INTERFACE/***************************************************************************** ipsecIfStatsGetHandler - fill network interface counts structure** This routine fills a specified NETWORK_INTERFACE_COUNTS structure* with the counts gathered for the specified interface.** EXAMPLES:* \cs* ipsecIfStatsGetHandler("192.168.2.3",stats);* \ce** RETURNS: OK, or ERROR for the following reasons:* \ml* \m -* NULL parameter: stats.* \m -* Invalid format of parameter: cptrAddrString.* \m -* Can't find network interface.* \me** ERRNO: N/A** NOMANUAL* */STATUS ipsecIfStatsGetHandler ( char *cptrAddrString, /* Configuration string */ NETWORK_INTERFACE_COUNTS *stats /* Pointer to Network Interface Stats structure */ ) { STATUS return_value; WRSEC_INET_ADDR *p_wrn_inet_address = NULL; IPSEC_NETWORK_INTERFACE *p_network_interface; if (stats == NULL) { return ERROR; } return_value = parseAddrString (cptrAddrString, &p_wrn_inet_address); if (return_value != OK) { return return_value; } if (p_wrn_inet_address) { p_network_interface = ipsec_find_network_interface_based_on_ip_address (p_wrn_inet_address); if (p_network_interface == NULL) { wrSecFree (p_wrn_inet_address); return (ERROR); } else { /* Copy into user-allocated buffer */ memcpy (stats, &p_network_interface->counts, sizeof (NETWORK_INTERFACE_COUNTS)); return (OK); } } return (ERROR); }#endif /* INCLUDE_COUNTERS_NETWORK_INTERFACE */#ifdef INCLUDE_COUNTERS_POLICIES/***************************************************************************** ipsecPolicyStatsGetHandler - fill security policy counts structures** This routine fills specified SECURITY_POLICY_COUNTS structures* with the inbound and outbound counts gathered for the specified configuration.** EXAMPLE:* \cs* ipsecPolicyStatsGetHandler("17/500/500,192.168.2.6,192.168.2.3,OUT,MIRRORED",* statsIn, statsOut);* \ce** RETURNS: OK, or ERROR if p_configuration_string is invalid.* ERRNO: N/A** NOMANUAL* */STATUS ipsecPolicyStatsGetHandler ( char *p_configuration_string, /* pointer to configuration string */ SECURITY_POLICY_COUNTS *inboundStats, /* pointer to inbound policy stats structure */ SECURITY_POLICY_COUNTS *outboundStats /* pointer to outbound policy stats structure */ ) { IPVI_ADDRESS_SELECTOR destination; IPVI_ADDRESS_SELECTOR source; UCHAR transport_protocol; USHORT source_port; USHORT destination_port; TRAFFIC_DIRECTION directionality; MIRRORING mirrored; TRAFFIC_TYPE traffic_type = UNSPECIFIED_TRAFFIC; IPSEC_SELECTOR selector; SECURITY_POLICY *sptr_policy = NULL; STATUS return_value = ERROR; SECURITY_POLICY_COUNTS *stats; return_value = configStringParser (p_configuration_string, &transport_protocol, &destination_port, &source_port, &destination, &source, &directionality, &mirrored, &traffic_type); if (return_value != OK) { return (ERROR); } selector.xpt_layer_protocol = transport_protocol; selector.destination_port = destination_port; selector.source_port = source_port; IPVI_COPY(&selector.dst_addr_selector, &destination); IPVI_COPY(&selector.src_addr_selector, &source); { if (spd_get_policy (&selector, directionality, &sptr_policy, TRUE, traffic_type) == TRUE) { return_value = OK; if (directionality == OUTBOUND) { stats = outboundStats; } else { stats = inboundStats; } if (stats == NULL) { return_value = ERROR; } if (return_value == OK) { /* Copy into user-allocated buffer */ memcpy (stats, &sptr_policy->counts, sizeof (SECURITY_POLICY_COUNTS)); } if ((return_value == OK) && (mirrored == YES_ITS_MIRRORED)) { selector.destination_port = source_port; selector.source_port = destination_port; IPVI_COPY(&selector.dst_addr_selector, &source); IPVI_COPY(&selector.src_addr_selector, &destination); if (directionality == OUTBOUND) { directionality = INBOUND; stats = inboundStats; } else { directionality = OUTBOUND; stats = outboundStats; } if (stats == NULL) { return_value = ERROR; } if ((return_value == OK) && (spd_get_policy (&selector, directionality, &sptr_policy, TRUE, traffic_type) == TRUE)) { /* Copy into user-allocated buffer */ memcpy (stats, &sptr_policy->counts, sizeof (SECURITY_POLICY_COUNTS)); } else { return_value = ERROR; } } } else { return_value = ERROR; } } return (return_value); }#endif /* INCLUDE_COUNTERS_POLICIES */#ifdef INCLUDE_COUNTERS_PROTECTION_SUITES/******************************************************************************* protectionSuiteStatsRefresh - Refresh counter data** Retrieves and refreshes counter data for a protection suite counter** RETURNS: OK if the SA Bundles associated with the counter are still valid.* ERROR otherwise.*/STATUS protectionSuiteStatsRefresh ( PROTECTION_SUITE* protectionSuite ) { IPSEC_SECURITY_POLICY *policy; /* fill in the SPI information into the count structure */ protectionSuite->counts.inbound.ahSpi = protectionSuite->inbound_ah_spi; protectionSuite->counts.inbound.espSpi = protectionSuite->inbound_esp_spi; protectionSuite->counts.outbound.ahSpi = protectionSuite->outbound_ah_spi; protectionSuite->counts.outbound.espSpi = protectionSuite->outbound_esp_spi; /* fill in the time remaining information */ if (sa_is_bundle_valid (INBOUND, protectionSuite->inbound_sa_bundle_handle)) { SABundleTimeGet(protectionSuite->inbound_sa_bundle_handle, &protectionSuite->counts.inbound.upTime, &protectionSuite->counts.inbound.remainingTimeHard, &protectionSuite->counts.inbound.remainingTimeSoft); } else { return (ERROR); } if (sa_is_bundle_valid(OUTBOUND, protectionSuite->outbound_sa_bundle_handle)) { SABundleTimeGet(protectionSuite->outbound_sa_bundle_handle, &protectionSuite->counts.outbound.upTime, &protectionSuite->counts.outbound.remainingTimeHard, &protectionSuite->counts.outbound.remainingTimeSoft); } else { return (ERROR); } /* winning proposal number */ protectionSuite->counts.proposalNumber = protectionSuite->selected_proposal_number; /* get the proposal name */ policy = spdGetIpsecSecurityPolicy((SECURITY_POLICY *)protectionSuite->phase_ii_parameters.sptr_security_policy); if (policy != NULL) { if (strlen(policy->p_sa_prop_name) < MAX_NAME_LENGTH) { strcpy(protectionSuite->counts.proposalName, policy->p_sa_prop_name); } else { strncpy(protectionSuite->counts.proposalName, policy->p_sa_prop_name, MAX_NAME_LENGTH - 1); protectionSuite->counts.proposalName[MAX_NAME_LENGTH - 1] = '\0'; } } transformGet((SECURITY_POLICY *)protectionSuite->phase_ii_parameters.sptr_security_policy, protectionSuite->selected_proposal_number, &protectionSuite->counts.transform[0], MAX_NAME_LENGTH); return OK; }/***************************************************************************** protectionSuiteStatsGetHandler - fill protection suite counts structure for a configuration** This routine fills a specified PROTECTION_SUITE_COUNTS structure* with the counts gathered for the specified configuration.** EXAMPLE:* \cs* -> protectionSuiteStatsGetHandler("1,192.168.2.6,192.168.2.3,OUT,MIRRORED",stats);* \ce** RETURNS: OK, or ERROR for the following reasons:* \ml* \m -* NULL parameter: stats* \m -* Invalid format of parameter: p_configuration_string* \m -* A protection suite was not found.* \me* ERRNO: N/A** NOMANUAL* */STATUS protectionSuiteStatsGetHandler ( char *p_configuration_string, /* configuration string */ PROTECTION_SUITE_COUNTS *stats /* pointer to stats structure */ ) { IPVI_ADDRESS_SELECTOR dest_selector; IPVI_ADDRESS_SELECTOR source_selector; UCHAR protocol; USHORT source_port; USHORT dest_port; TRAFFIC_DIRECTION traffic_direction; MIRRORING mirrored; TRAFFIC_TYPE traffic_type = UNSPECIFIED_TRAFFIC; PROTECTION_SUITE* protectionSuite; STATUS return_value = ERROR; if (stats == NULL) { return ERROR; } return_value = configStringParser (p_configuration_string, &protocol, &dest_port, &source_port, &dest_selector, &source_selector, &traffic_direction, &mirrored, &traffic_type); if (return_value != OK) { return (ERROR); } return_value = ERROR; protectionSuite = protection_suite_manager_find_ps_by_address_info(&source_selector, &dest_selector, source_port, dest_port, protocol); if (protectionSuite != NULL) { if ((traffic_direction == OUTBOUND) || (traffic_direction == INBOUND)) { return_value = protectionSuiteStatsRefresh(protectionSuite); if (return_value == OK) { /* Copy stats into user-supplied buffer */ memcpy (stats, &protectionSuite->counts, sizeof (PROTECTION_SUITE_COUNTS)); } } } return (return_value); }/*************************************************************************** * * protectionSuiteStatsGetBySPIHandler - fill protection suite counts structure for an SPI * * This routine fills a specified PROTECTION_SUITE_COUNTS structure * with the counts gathered for the specified security policy index (SPI). * * \cs * EXAMPLE: * * -> protectionSuiteStatsGetBySPIHandler(spi,stats); * \ce * * RETURNS: OK, or ERROR for the following reasons: * \ml * \m - * If stats is NULL. * \m - * If a protection suite could not be found. * \me * * ERRNO: N/A⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -