ipsec_logger_util.c

ipsec PNE 3.3 source code, running at more than vxworks6.x version.

/* ipsec_logger_util.c - ipsec logger utility routines. */

/* 
 * Copyright (c) 2004-2006 Wind River Systems, Inc. 
 * 
 * The right to copy, distribute, modify or otherwise make use 
 * of this software may be licensed only pursuant to the terms 
 * of an applicable Wind River license agreement. 
 */

/*
modification history
--------------------
01l,12jan06,djp  removed rwos dependencies
01k,28nov05,djp  replace WRN_INET with WRSEC_INET
01j,25oct05,djp  Added TRAFFIC_INFO_PROTOCOL_GET macro
01i,12may05,djp  Added NULL ptr checks where needed
01h,07apr05,djp  Incorporated VxWorks 6.x capabilities
01g,08Mar05,djp  Reworked SA bundle to deal with NULL addresses in SA_BUNDLEs
01f,08sep04,djp  Reworked SA Bundle log to ensure valid content
01e,19aug04,ps  dont blindly follow p_reflected_address pointer.
01d,19aug04,ps  merge from fbs; pointer checks
01c,15jun04,rlm  Added #include <limits.h> -- required with new CCI libs.
01b,27may04,jfb  Renamed IPSEC_LOGGER_ENABLE to INCLUDE_LOGGING_IPSEC
01a,26may04,jfb Initial version
*/

/*
DESCRIPTION
*/

#include <vxWorks.h>
#include <stdio.h>
#include <socket.h>
#include <limits.h>
#include <netinet/in.h>
#include <wrn/ipsec/ipsecLogger.h>

#include "../common/wrSecInetAddr.h"
#include "../sadb/sadbP.h"
#include "../sadb/sadb_if.h"

#include "ipsecP.h"
#include "ipsec_logger.h"
#include "ipsec_logger_util.h"
#include "ipsec_print_routines.h"

#ifdef INCLUDE_LOGGING_IPSEC

/*******************************************************************************
*
*
*
*/
void ipsecEventLogFromNetworkTrafficInfo
    (
    VI_NETWORK_TRAFFIC_INFO* pTrafficInfo,
    void* pEventData,
    IPSEC_LOG_EVENT_ID eventId,
    IPSEC_LOG_REASON reasonId
    )
    {
    u_char saFamily;      /* one of AF_INET or AF_INET6 (for IPv4 or IPv6 respectively) */

    UCHAR *pSrcIPAddr;     /* source IP address byte array */
    UCHAR *pDstIPAddr;     /* dest IP address byte array */

    unsigned int srcPort; /* source port number associated with the event */
    unsigned int dstPort; /* dest port number associated with the event */

    int protocol;         /* protocol associated with the event */
    int spi; /* security parameter index associated with the event.  This is included to comply with
                IPSec/IKE Internet Draft and RFC recommendations regarding auditable events */

    /* Ensure the provided traffic info is valid and return if not. */

    if (pTrafficInfo == NULL)
        {
        ipsec_printf(IPSEC_WARNING_PRINTF,
                     "IPSEC Warning: %s(): NULL trafficInfo attempting to log network traffic event\n",
                     __FUNCTION__);
        return;
        }
    protocol = TRAFFIC_INFO_PROTOCOL_GET(pTrafficInfo);
#if (STACK_NAME == STACK_NAME_V4_V6) && defined (INET6)
    if (pTrafficInfo->type == WRSEC_PF_INET6)
        {
        saFamily = AF_INET6;
        pSrcIPAddr = ((V6_NETWORK_TRAFFIC_INFO *)pTrafficInfo)->selector.source_address.data._ba16;
        pDstIPAddr = ((V6_NETWORK_TRAFFIC_INFO *)pTrafficInfo)->selector.destination_address.data._ba16;
        srcPort = ((V6_NETWORK_TRAFFIC_INFO *)pTrafficInfo)->selector.vi_data.proto_info.port.source;
        dstPort = ((V6_NETWORK_TRAFFIC_INFO *)pTrafficInfo)->selector.vi_data.proto_info.port.destination;
        spi = ((V6_NETWORK_TRAFFIC_INFO *)pTrafficInfo)->selector.vi_data.proto_info.spi;
        }
    else
    #endif
        {
        saFamily = AF_INET;
        pSrcIPAddr = ((V4_NETWORK_TRAFFIC_INFO *)pTrafficInfo)->selector.source_address.data._ba4;
        pDstIPAddr = ((V4_NETWORK_TRAFFIC_INFO *)pTrafficInfo)->selector.destination_address.data._ba4;
        srcPort = ((V4_NETWORK_TRAFFIC_INFO *)pTrafficInfo)->selector.vi_data.proto_info.port.source;
        dstPort = ((V4_NETWORK_TRAFFIC_INFO *)pTrafficInfo)->selector.vi_data.proto_info.port.destination;
        spi = ((V4_NETWORK_TRAFFIC_INFO *)pTrafficInfo)->selector.vi_data.proto_info.spi;
        }

    ipsecLoggerInvokeCallback(saFamily, pSrcIPAddr, pDstIPAddr, srcPort, 
                              dstPort, protocol, spi, pEventData, eventId, 
                              reasonId);
    }

/*******************************************************************************
*
*
*
*/
void ipsecEventLogFromSABundle
    (
    SA_BUNDLE *pBundle,
    void *pEventData,
    IPSEC_LOG_EVENT_ID eventId,
    SA_SPEC_RET_TYPES saSpecType
    )
    {
    u_char saFamily = AF_INET;        /* one of AF_INET or AF_INET6 (for IPv4 or IPv6 respectively) */

    UCHAR *pSrcIPAddr = NULL;          /* source IP address byte array */
    UCHAR *pDstIPAddr = NULL;          /* dest IP address byte array */

    unsigned int srcPort;   /* source port number associated with the event */
    unsigned int dstPort;   /* dest port number associated with the event */
    int protocol;           /* protocol associated with the event */
    int spi;                /* security parameter index associated with the event.  This is included to comply with
                               IPSec/IKE Internet Draft and RFC recommendations regarding auditable events */
    IPSEC_LOG_REASON reasonId;

    /* Ensure the provided bundle is valid and return if not. */

    if (pBundle == NULL)
        {
        ipsec_printf(IPSEC_WARNING_PRINTF,
                     "IPSEC Warning: %s(): NULL bundle attempting to log SA Bundle event\n",
                     __FUNCTION__);
        return;
        }

    if (pBundle->p_reflected_address != NULL)
        {
        /* SA Family */
#if (STACK_NAME == STACK_NAME_V4_V6) && defined (INET6)
        if (pBundle->p_reflected_address->type == WRSEC_AF_INET6)
            {
            saFamily = AF_INET6;
            }

        /* IP addresses */
        if (saFamily == AF_INET6)
            {
            pSrcIPAddr = ((WRSEC_INET6_ADDR *)pBundle->p_reflected_address)->data._ba16;
            
            if (pBundle->p_destination_address != NULL)
                {
                pDstIPAddr = ((WRSEC_INET6_ADDR *)pBundle->p_destination_address)->data._ba16;
                }
            }
        else
#endif
            {
            pSrcIPAddr = ((WRSEC_INET4_ADDR *)pBundle->p_reflected_address)->data._ba4;

            if (pBundle->p_destination_address != NULL)
                {
                pDstIPAddr = ((WRSEC_INET4_ADDR *)pBundle->p_destination_address)->data._ba4;
                }
            }
        }

    /* No ports available */
    srcPort = UNDEFINED_PORT;
    dstPort = UNDEFINED_PORT;

    /* Protocol */
    protocol = (int)pBundle->reflected_sa_protocol; /* enum of IP_TRANSPORT_PROTOCOL */
    /* SPI */
    spi = pBundle->reflected_sa_handle_spi;

    /* Reason  (Convert from SA_SPEC_RET_TYPES to IPSEC_LOG_REASON) */
    switch (saSpecType)
        {
        case ESP_DECRYPTION_ERROR:
            reasonId = DECRYPTION_ERROR;
            break;

        case AH_AUTHENTICATION_ERROR:
        case ESP_AUTHENTICATION_ERROR:
            reasonId = AUTHENTICATION_ERROR;
            break;

        case AH_SEQUENCE_ERROR:
        case ESP_SEQUENCE_ERROR:
            reasonId = REPLAY_ERROR;
            break;

        default:
            reasonId = UNDEFINED_REASON;
            break;
        }

    ipsecLoggerInvokeCallback(saFamily, pSrcIPAddr, pDstIPAddr, srcPort, 
                              dstPort, protocol, spi, pEventData, eventId,
                              reasonId);
    }

/*******************************************************************************
*
*
*
*/
void ipsecEventLogFromIPMessage
    (
    IP_VI_MESSAGE *pIPmessage,
    void *pEventData,
    IPSEC_LOG_EVENT_ID eventId,
    IPSEC_LOG_REASON reasonId
    )
    {
    u_char saFamily;      /* one of AF_INET or AF_INET6 (for IPv4 or IPv6 respectively) */

    UCHAR *pSrcIPAddr;     /* source IP address byte array */
    UCHAR *pDstIPAddr;     /* dest IP address byte array */

    unsigned int srcPort; /* source port number associated with the event */
    unsigned int dstPort; /* dest port number associated with the event */

    int protocol;         /* protocol associated with the event */
    int spi; /* security parameter index associated with the event.  This is included to comply with
                IPSec/IKE Internet Draft and RFC recommendations regarding auditable events */

    /* Ensure the provided msg is valid and return if not. */

    if (pIPmessage == NULL)
        {
        ipsec_printf(IPSEC_WARNING_PRINTF,
                     "IPSEC Warning: %s(): NULL IP message attempting to log IP message event\n",
                     __FUNCTION__);
        return;
        }
    #if (STACK_NAME == STACK_NAME_V4_V6) && defined (INET6)
    if (pIPmessage->version == IP_V6)
        {
        saFamily = AF_INET6;

        pSrcIPAddr = ((IP_V6_MESSAGE *)pIPmessage)->source_address.data._ba16;
        pDstIPAddr = ((IP_V6_MESSAGE *)pIPmessage)->destination_address.data._ba16;

        /* No ports available */
        srcPort = UNDEFINED_PORT;
        dstPort = UNDEFINED_PORT;

        protocol = ((IP_V6_MESSAGE *)pIPmessage)->transport_protocol; /* enum of IP_TRANSPORT_PROTOCOL */
        /* No SPI available */
        spi = UNDEFINED_SPI;
        }
    else
    #endif

        {
        saFamily = AF_INET;

        pSrcIPAddr = ((IP_V4_MESSAGE *)pIPmessage)->source_address.data._ba4;
        pDstIPAddr = ((IP_V4_MESSAGE *)pIPmessage)->destination_address.data._ba4;

        /* No ports available */
        srcPort = UNDEFINED_PORT;
        dstPort = UNDEFINED_PORT;

        protocol = ((IP_V4_MESSAGE *)pIPmessage)->transport_protocol; /* enum of IP_TRANSPORT_PROTOCOL */
        /* No SPI available */
        spi = UNDEFINED_SPI;
        }

    ipsecLoggerInvokeCallback(saFamily, pSrcIPAddr, pDstIPAddr, srcPort, 
                              dstPort, protocol, spi, pEventData, eventId,
                              reasonId);
    }
#endif /* INCLUDE_LOGGING_IPSEC */