📄 ipsec_tsi.c
字号:
wrSecFree (p_wrn_inet_address); return (return_value); } if (p_wrn_inet_address != NULL) { return_value = ipsecDFBitMapi (p_wrn_inet_address, dfBitConfig); } if (return_value == ERROR) wrSecFree (p_wrn_inet_address); return (return_value); }/********************************************************************************* ipsecSetPMTUAgeHandler - set the PMTU timeout value for the specified interface* * This routine sets the timeout value of the PMTU information for the* specified interface. When the value (age) is reached, the PMTU is* set to zero. The interface must be attached.** Parameters:* \is* \i <cptrPMTUAgeConfig> * A string formatted as follows:** <ipAddress>,<pmtuAgeConfig>** <ipAddress> is the IP address of an IPsec-enabled network interface.* <pmtuAgeConfig> is the PMTU age in minutes. Default value is 10 minutes.* \ie* EXAMPLES:** \cs* For IPv4:** 'ipsecSetPMTUAgeHandler("10.10.10.10,6")'** For IPv6:** 'ipsecSetPMTUAgeHandler("3ffe::4,6")'* \ce* * RETURNS: OK on success, otherwise ERROR.** ERRNO: N/A ** NOMANUAL*/STATUS ipsecSetPMTUAgeHandler ( char *cptrPMTUAgeConfig /* parameter string */ ) { STATUS return_value = ERROR; char *cptr_address = NULL; char *cptr_delimiter = NULL; char *cptr_pmtu_age = NULL; UINT value; WRSEC_INET_ADDR *p_wrn_inet_address = NULL; int cfgStrLen; /* length of passed in config string */ char *pLocalPMTUAgeConfig; /* local copy of config string for re-entrancy */ char *pStrtokContextHandle; /* also for re-entrancy issues */ if (cptrPMTUAgeConfig == NULL) { return (ERROR); } /* make a local copy of the cptrPMTUAgeConfig due to the use of strtok_r */ cfgStrLen = strlen (cptrPMTUAgeConfig); pLocalPMTUAgeConfig = alloca (cfgStrLen + 1); if (pLocalPMTUAgeConfig == NULL) { return (ERROR); } strncpy (pLocalPMTUAgeConfig, cptrPMTUAgeConfig, cfgStrLen + 1); pLocalPMTUAgeConfig [cfgStrLen] = '\0'; /*get the IPv4 address */ cptr_address = strtok_r (pLocalPMTUAgeConfig, ",", &pStrtokContextHandle); if (cptr_address == NULL) { return (return_value); } cptr_delimiter = strpbrk (cptr_address, ".:"); if (cptr_delimiter == NULL) { ipsec_printf (IPSEC_WARNING_PRINTF, "IPSec: Configuration Error, address format not valid\n"); return (return_value); } else if (*cptr_delimiter == '.') { p_wrn_inet_address = wrSecInetAddrCreate(WRSEC_AF_INET4); if (p_wrn_inet_address == NULL) { ipsec_printf (IPSEC_ERROR_PRINTF, "IPSec: Failed address structure allocation\n"); return (return_value); } wrSecInetAddrStringToAddr (cptr_address, p_wrn_inet_address); if (WRSEC_INET4_IS_ADDR_UNSPECIFIED (((WRSEC_INET4_ADDR *)p_wrn_inet_address))) { ipsec_printf (IPSEC_ERROR_PRINTF, "IPSec: Invalid IPv4 Address\n"); wrSecFree (p_wrn_inet_address); return (return_value); } } else if (*cptr_delimiter == ':') { p_wrn_inet_address = wrSecInetAddrCreate(WRSEC_AF_INET6); if (p_wrn_inet_address == NULL) { ipsec_printf (IPSEC_ERROR_PRINTF, "IPSec: Failed address structure allocation\n"); return (return_value); } wrSecInetAddrStringToAddr (cptr_address, p_wrn_inet_address); if (WRSEC_INET6_IS_ADDR_UNSPECIFIED (((WRSEC_INET6_ADDR *)p_wrn_inet_address))) { ipsec_printf (IPSEC_ERROR_PRINTF, "IPSec: Invalid IPv6 Address\n"); wrSecFree (p_wrn_inet_address); return (return_value); } } cptr_pmtu_age = strtok_r (NULL, ",\r\n", &pStrtokContextHandle); sscanf (cptr_pmtu_age, "%05u", (int *)&value); if (p_wrn_inet_address != NULL) { return_value = ipsecSetPMTUAgeMapi (p_wrn_inet_address, value); } if (return_value == ERROR) wrSecFree (p_wrn_inet_address); return (return_value); }/********************************************************************************* ipsecShowHandler - display the state of the IPsec module** This routine displays the state of the IPsec module:** Names of the IPsec I/O routines* Number of times each routine has been called* Number of packets dropped by each routine** EXAMPLES:* \cs* ipsecShowHandler()* \ce** RETURNS: ERROR if IPsec is disabled, otherwise OK.** ERRNO: N/A** NOMANUAL*/STATUS ipsecShowHandler ( void ) { printf ("IPsec:\n"); printf (" Initialized = %s\n", ((ipsec_global_class.ipsec_enabled == TRUE) ? "TRUE" : "FALSE")); if (ipsec_global_class.ipsec_enabled == TRUE) { printf ("========================================%s\n", "========================================"); printf ("%-27s%-24s%-27s\n", "Function Pointers", "# times called", "# packets dropped"); printf ("%-27s%-24s%-27s\n", "-----------------", "--------------", "-----------------"); printf ("%-27s%-24lu%-27lu\n", "ipsecOutput", ipsec_global_class.ipsecOutputCount, ipsec_global_class.ipsecOutputCountDropped); printf ("%-27s%-24lu%-27lu\n", "ipsecInput", ipsec_global_class.ipsecInputCount, ipsec_global_class.ipsecInputCountDropped); printf ("========================================%s\n", "========================================"); return (OK); } return (ERROR); }/********************************************************************************* ipsecShowIfHandler - display status of each network interface for which IPsec is enabled** This routine displays the following items for each enabled interface:** Interface name* IP address* DF bit status* Index* PMTU age* Number of packets received and transmitted since interface was enabled** The Index identifies the internal network stack index assigned to the network interface. * This is provided for information purposes only and should not be used by any Ipsec * related application.** EXAMPLES:* \cs* ipsecShowIfHandler() * \ce** RETURNS: ERROR if IPsec is disabled, otherwise OK.** ERRNO: N/A** NOMANUAL*/STATUS ipsecShowIfHandler ( void ) { if (ipsec_global_class.ipsec_enabled == FALSE) { return (ERROR); } { IPSEC_NETWORK_INTERFACE *p_ipsec_network_interface; void *iterator = (void *)NULL; char ip_address_string[40]; printf ("========================================%s\n", "========================================"); printf ("%s%-8s%-16s%8s%9s%9s%9s%9s\n", "IPsec", " Netif", "IP Address", "DF Bit", "Index", "PMTU Age", "#Rx pkts", "#Tx pkts"); printf ("%s%-8s%-14s%10s%9s%9s%9s%9s\n", "-----", "------", "------", "-----", "-----", "-------", "------", "------"); wrSecListScanLock( ipsec_global_class.ipsec_network_interface_list ); while ((p_ipsec_network_interface = wrSecListScan(ipsec_global_class.ipsec_network_interface_list, &iterator)) != NULL) { printf ("%s%-8u%-16s%9s%9u%7u s%9lu%9lu\n", p_ipsec_network_interface->cptr_netif_name, p_ipsec_network_interface->port_sub_unit, wrSecInetAddrToString(ip_address_string, 40, p_ipsec_network_interface->p_address), df_bit_config_string[p_ipsec_network_interface->df_bit], p_ipsec_network_interface->port_number, p_ipsec_network_interface->pmtu_age, p_ipsec_network_interface->packets_rx_on_ipsec_port, p_ipsec_network_interface->packets_tx_on_ipsec_port); } wrSecListScanUnlock( ipsec_global_class.ipsec_network_interface_list ); printf ("========================================%s\n", "========================================"); } return (OK); }/********************************************************************************* ipsecMonHandler - enable, disable, or query status of IPsec monitoring** This routine enables, disables, or queries the status of monitoring in the IPSec* component. If disabled, it turns off all printing, except for Tornado* Shell Interface routines.** This routine overrides the action of ipsecDebugHandler().** Parameters:* \is* \i <cptr_action> * Valid values are 'disable', 'enable' and 'status'.* \ie* EXAMPLES:* \cs* ipsecMonHandler("enable")* \ce* * RETURNS: status of IPsec monitoring (1 if enabled, or 0 if disabled)** ERRNO: N/A** NOMANUAL*/int ipsecMonHandler ( char *cptr_action /* parameter string */ ) { int action; action = wrSecGetAction(cptr_action); if (action == 1) { sadbMonHandler (cptr_action); ipsec_global_class.ipsec_printing_enabled = TRUE; } else if (action == 0) { sadbMonHandler (cptr_action); ipsec_global_class.ipsec_printing_enabled = FALSE; } printf ("IPsec monitoring : %s \n", ((ipsec_global_class.ipsec_printing_enabled == TRUE) ? "enabled" : "disabled")); return (ipsec_global_class.ipsec_printing_enabled); }/********************************************************************************* ipsecDebugHandler - enable, disable, or query status of IPsec debugging** This routine enables, disables, or queries the status of debugging in the IPSec* component. If disabled, it turns off all debug printing, except for Tornado* Shell Interface routines.*** Parameters:* \is* \i <cptr_action> * Valid values are 'disable', 'enable' and 'status'.* \ie* EXAMPLES:* \cs* ipsecDebugHandler("enable")* \ce* * RETURNS: status of IPsec debugging (1 if enabled, or 0 if disabled)** ERRNO: N/A** NOMANUAL*/int ipsecDebugHandler ( char *cptr_action /* parameter string */ ) { int action; action = wrSecGetAction(cptr_action); /* If action is enable or disable, set appropriately; otherwise assume * action is status request. */ if (action == ACTION_ENABLE) { ipsec_global_class.ipsec_debug_printing_enabled = TRUE; } else if (action == ACTION_DISABLE) { ipsec_global_class.ipsec_debug_printing_enabled = FALSE; } printf ("IPsec debugging : %s\n", ((ipsec_global_class.ipsec_debug_printing_enabled == TRUE) ? "enabled" : "disabled")); return (ipsec_global_class.ipsec_debug_printing_enabled); }⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -