📄 ipsec_stats.c
字号:
* * NOMANUAL * */STATUS protectionSuiteStatsGetBySPIHandler ( int spi, /* SPI number */ PROTECTION_SUITE_COUNTS *stats /* pointer to stats structure */ ) { PROTECTION_SUITE *protectionSuite; if (stats == NULL) { return ERROR; } protectionSuite = protection_suite_manager_find_ps_by_spi(spi); if (protectionSuite != NULL) { if (protectionSuiteStatsRefresh(protectionSuite) == OK) { /* Copy stats into user-supplied buffer */ memcpy (stats, &protectionSuite->counts, sizeof (PROTECTION_SUITE_COUNTS)); return (OK); } } return (ERROR); }#endif /* INCLUDE_COUNTERS_PROTECTION_SUITES */#ifdef INCLUDE_COUNTERS_POLICIES/***************************************************************************** spdPolicyCountUpdate - update a policy with protection suite statistics** This function updates the policy associated to a protection suite when * the protection suite is deleted or renewed.** NOMANUAL*/void spdPolicyCountUpdate ( SECURITY_POLICY *pPolicy, /* security policy */ PROTECTION_SUITE_COUNTS *pPsCounts /* pointer to the protection suite counts */ ) { IPSEC_COUNTS *pCounts; int x; if (pPolicy != NULL) { if (pPolicy->directionality == INBOUND) { pCounts = &pPsCounts->inbound; } else { pCounts = &pPsCounts->outbound; } /* loop twice since the RFC for protection suites states there must be a mirror policy */ for (x = 0; x < 2; x++) { pPolicy->counts.preProcessedByteCount += pCounts->preProcessedByteCount; pPolicy->counts.postProcessedByteCount += pCounts->postProcessedByteCount; pPolicy->counts.failedProcessingByteCount += pCounts->failedProcessingByteCount; pPolicy->counts.packetCount += pCounts->packetCount; pPolicy->counts.espDecryptionErrors += pCounts->espDecryptionErrors; pPolicy->counts.ahAuthenticationErrors += pCounts->ahAuthenticationErrors; pPolicy->counts.espAuthenticationErrors += pCounts->espAuthenticationErrors; pPolicy->counts.ahSequenceErrors += pCounts->ahSequenceErrors; pPolicy->counts.espSequenceErrors += pCounts->espSequenceErrors; pPolicy->counts.otherErrors += pCounts->otherErrors; /* check to make sure that there is a mirror policy in the protection suite. */ if (pPolicy->mirror_policy != 0) { /* get a reference to the mirror policy */ pPolicy = pPolicy->mirror_policy; /* get the directionality from the mirror policy. It is hoped/assumed that it have * the opposite directionality */ if (pPolicy->directionality == INBOUND) { pCounts = &pPsCounts->inbound; } else { pCounts = &pPsCounts->outbound; } } else { break; } } } }#endif /* INCLUDE_COUNTERS_POLICIES */#ifdef INCLUDE_COUNTERS_PROTECTION_SUITES/***************************************************************************** transformGet - *** NOMANUAL*/LOCAL STATUS transformGet ( SECURITY_POLICY *pPolicy, UINT proposal_number, char *transform, UINT maxTransformLength ) { IPSEC_SECURITY_POLICY *sptr_ipsec_security_policy; P2_SA *p2_sa; void *saIterator = (void *)NULL; STATUS return_value = ERROR; if (pPolicy == NULL) { spd_printf (SPD_ERROR_PRINTF, SPD_INVALID_POLICY_HANDLE); return (ERROR); } sptr_ipsec_security_policy = spdGetIpsecSecurityPolicy( pPolicy ); if (sptr_ipsec_security_policy == NULL) { spd_printf (SPD_WARNING_PRINTF, SPD_NO_MATCHING_POLICY_HANDLE); return (ERROR); } bzero (transform, maxTransformLength); wrSecListScanLock( spd_global_class.config_db.p2_sas ); while ((p2_sa = wrSecListScan(spd_global_class.config_db.p2_sas, &saIterator)) != NULL) { int proposal_index = 0; /* from the container of p2 proposals find the one that matches the name within the current policy */ if (strcmp (sptr_ipsec_security_policy->p_sa_prop_name, p2_sa->pSaName) == 0) { P2_PROPOSAL_NAME *p2_proposal_name; void *proposalNameIterator = (void *)NULL; wrSecListScanLock( p2_sa->proposal_names ); while ((p2_proposal_name = wrSecListScan(p2_sa->proposal_names, &proposalNameIterator)) != NULL) { void *proposalIterator = (void *)NULL; P2_PROPOSAL *p2_proposal; wrSecListScanLock( spd_global_class.config_db.p2_proposals ); while ((p2_proposal = wrSecListScan(spd_global_class.config_db.p2_proposals, &proposalIterator)) != NULL) { if ((strcmp (p2_proposal_name->name, p2_proposal->proposal_name) == 0) && (p2_proposal_name->number == proposal_number)) { P2_TRANSFORM_NAME *p2_transform_name; void *xformNameIterator = (void *)NULL; wrSecListScanLock( p2_proposal->transform_names ); while ((p2_transform_name = wrSecListScan(p2_proposal->transform_names, &xformNameIterator)) != NULL) { void *xformIterator = (void *)NULL; P2_TRANSFORM *p2_transform; wrSecListScanLock( spd_global_class.config_db.p2_transforms ); while ((p2_transform = wrSecListScan(spd_global_class.config_db.p2_transforms, &xformIterator)) != NULL) { if (strcmp (p2_transform_name->name, p2_transform->transform_name) == 0) { /* found a transform */ int spaceRemaining = 0; int charsToCat = 0; int lengthOfSrcString; /* calculate maximum number of characters to concatenate */ /* The "2" (below) is for the trailing ' ' and '\0' */ spaceRemaining = maxTransformLength - strlen (transform) - 2; lengthOfSrcString = strlen (p2_transform->transform_name); if (spaceRemaining < lengthOfSrcString) { charsToCat = spaceRemaining; } else { charsToCat = lengthOfSrcString; } strncat (transform, p2_transform->transform_name, charsToCat); strcat (transform, " "); /* delimiter between multiple transform names */ return_value = OK; } } wrSecListScanUnlock( spd_global_class.config_db.p2_transforms ); } wrSecListScanUnlock( p2_proposal->transform_names ); proposal_index++; } } wrSecListScanUnlock( spd_global_class.config_db.p2_proposals ); } wrSecListScanUnlock( p2_sa->proposal_names ); } } wrSecListScanUnlock( spd_global_class.config_db.p2_sas ); return (return_value); }/***************************************************************************** SABundleTimeGet - *** NOMANUAL*/LOCAL STATUS SABundleTimeGet ( SA_BUNDLE *p_sa_bundle, UINT32 *upTime, UINT32 *remainingTimeHard, UINT32 *remainingTimeSoft ) { SA_SPEC *sptr_sa_spec; STATUS return_value = ERROR; UINT32 current_time; UINT32 up_time; UINT32 remaining_timeSoft; UINT32 remaining_timeHard; void *iterator = (void *)NULL; *upTime = 0; *remainingTimeHard = 0XFFFFFFFF; /* UINT_MAX */ /*TRACKSPR #99474: including limits.h causes doulbe decl'n of UINT_MAX in target/h/wrn\cci\gmp-impl.h*/ *remainingTimeSoft = 0XFFFFFFFF; /* UINT_MAX */ /*TRACKSPR #99474: including limits.h causes doulbe decl'n of UINT_MAX in target/h/wrn\cci\gmp-impl.h*/ wrSecListScanLock( p_sa_bundle->sa_specs ); while ((sptr_sa_spec = wrSecListScan( p_sa_bundle->sa_specs, &iterator )) != NULL) { if (sptr_sa_spec->type == LIFETIME_SPEC) { LIFE_TIME_SPEC *sptr_life_time_spec; sptr_life_time_spec = (LIFE_TIME_SPEC *)sptr_sa_spec; current_time = wrSecGetSystemElapsedTimeInSeconds(); up_time = (current_time - sptr_life_time_spec->soft_life_timestamp.last_imprint); remaining_timeSoft = wrSecTimeStampGetRemainingTimeInSeconds(sptr_life_time_spec->soft_life_timestamp); remaining_timeHard = wrSecTimeStampGetRemainingTimeInSeconds(sptr_life_time_spec->hard_life_timestamp); if (remaining_timeHard < *remainingTimeHard) { *remainingTimeHard = remaining_timeHard; } if (remaining_timeSoft < *remainingTimeSoft) { *remainingTimeSoft = remaining_timeSoft; } if (up_time > *upTime) { *upTime = up_time; } return_value = OK; } } wrSecListScanUnlock( p_sa_bundle->sa_specs ); return (return_value); }/***************************************************************************** updateProtectionSuiteCounters - increment Protection Suite Statistics** This function is used to increment the statistics associated with a * protection suite. The type of accumulations supported are:** SA_SPEC_FAIL* SA_SPEC_SUCCESS* AH_AUTHENTICATION_ERROR* ESP_AUTHENTICATION_ERROR* ESP_DECRYPTION_ERROR* AH_SEQUENCE_ERROR* ESP_SEQUENCE_ERROR** NOMANUAL*/void updateProtectionSuiteCounters ( UINT suite_handle, /* Handle to Protection Suite */ TRAFFIC_DIRECTION direction, /* direction of traffic (inbound/outbound) */ SA_SPEC_RET_TYPES type, /* type of accumulation */ UINT preSize, /* size of data prior to sa_spec processing */ UINT postSize /* size of data post sa_spec processing */ ) { PROTECTION_SUITE *sptr_protection_suite; IPSEC_COUNTS *pCounts; sptr_protection_suite = protection_suite_manager_find_ps_by_suite_handle(suite_handle); if (sptr_protection_suite == NULL) { return; } if (direction == INBOUND) { pCounts = &sptr_protection_suite->counts.inbound; } else if (direction == OUTBOUND) { pCounts = &sptr_protection_suite->counts.outbound; } else { return; } switch (type) { case SA_SPEC_FAIL: pCounts->otherErrors++; pCounts->failedProcessingByteCount += preSize; break; case SA_SPEC_SUCCESS: pCounts->packetCount++; pCounts->preProcessedByteCount += preSize; pCounts->postProcessedByteCount += postSize; break; case AH_AUTHENTICATION_ERROR: pCounts->ahAuthenticationErrors++; pCounts->failedProcessingByteCount += preSize; break; case ESP_AUTHENTICATION_ERROR: pCounts->espAuthenticationErrors++; pCounts->failedProcessingByteCount += preSize; break; case ESP_DECRYPTION_ERROR: pCounts->espDecryptionErrors++; pCounts->failedProcessingByteCount += preSize; break; case AH_SEQUENCE_ERROR: pCounts->ahSequenceErrors++; pCounts->failedProcessingByteCount += preSize; break; case ESP_SEQUENCE_ERROR: pCounts->espSequenceErrors++; pCounts->failedProcessingByteCount += preSize; break; default: break; } return; }#endif /* INCLUDE_COUNTERS_PROTECTION_SUITES */#ifdef INCLUDE_COUNTERS_NETWORK_INTERFACE/***************************************************************************** updateNetworkInterfaceCounters - increment Network Interface statistics** This function is used to accumulate statistics associated to a specific* network interface based on the packet being processed. The types of * accumulations supported are:** BYTE_COUNT* PACKET_COUNT* NO_PS_DISCARD_COUNT* NO_POLICY_DISCARD_COUNT* EXPLICIT_DISCARD_COUNT* EXPLICIT_BYPASS_COUNT* POLICY_ERROR_COUNT** NOMANUAL*/void updateNetworkInterfaceCounters ( TRAFFIC_DIRECTION direction, /* direction of traffic */ struct mbuf ** pp_memory_buffer, /* pointer to packet memory buffer */ struct ip ** pp_ip_header, /* pointer to packets IP header */ int counterType, /* type of accumulation */ int size /* size of packet being accumulated */ ) { int s; IPSEC_NETWORK_INTERFACE *p_network_interface; INTERFACE_COUNTS *pCounts; s = splimp (); if (ipsec_get_attached_network_interface (direction, *pp_memory_buffer, *pp_ip_header, &p_network_interface) == TRUE) { if (direction == INBOUND) { pCounts = &p_network_interface->counts.inbound; } else { pCounts = &p_network_interface->counts.outbound; } switch (counterType) { case BYTE_COUNT: case PACKET_COUNT: pCounts->packetCount++; pCounts->byteCount += size; break; case NO_PS_DISCARD_COUNT: pCounts->noPSDiscardCount++; break; case NO_POLICY_DISCARD_COUNT: pCounts->noPolicyDiscardCount++; break; case EXPLICIT_DISCARD_COUNT: pCounts->explicitDiscardCount++; break; case EXPLICIT_BYPASS_COUNT: pCounts->explicitBypassCount++; break; case POLICY_ERROR_COUNT: pCounts->policyErrorCount++; break; default: break; } } splx (s); }#endif /* INCLUDE_COUNTERS_NETWORK_INTERFACE */#endif /* INCLUDE_COUNTERS_IPSEC */⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -