ipsec_sa_bundle.c

ipsec PNE 3.3 source code, running at more than vxworks6.x version.

/* ipsec_sa_bundle.c - IPsec SA bundle code */

/* 
 * Copyright (c) 2000-2006 Wind River Systems, Inc. 
 * 
 * The right to copy, distribute, modify or otherwise make use 
 * of this software may be licensed only pursuant to the terms 
 * of an applicable Wind River license agreement. 
 */

/*
modification history
--------------------
03e,13jan06,djp  removed rwos dependencies
03d,12dec05,djp  removed compiler warnings
03c,08nov05,rma  Replace RWOS container(s) with wrSecHash/List(s).
03c,08nov05,rlm  Removed references to rw_packet routines.
03b,13apr05,djp  Fixed include paths
03a,17Dec02,mhb(teamf1) Fixed compilation warnings
02a,19mar02,rpt   changed func declaration to use IP_VI_MESSAGE instead of 
                  IP_MESSAGE. 
01a,19mar02,rpt   extracted from WindNet IPSec 1.1, added modification history
*/
/******************************************************************************/

#include <vxWorks.h>
#include <string.h>
#include <stdlib.h>
#include <netinet/in.h>
#include <wrn/ipsec/ipsecStats.h>
#include <wrn/ipsec/ipsecLogger.h>

#include "../common/wrSecList.h"
#include "../sadb/sadb_if.h"

#include "packetBuf.h"
#include "ipsec_if.h"
#include "ipsec_logger_util.h"
#include "ipsec_stats.h"

#include "../common/wrSecTrace.h"
                  
/******************************************************************************/

BOOL ipsec_bundle_processing
    (
    TRAFFIC_DIRECTION direction,
    SA_BUNDLE *p_bundle,
    IP_VI_MESSAGE *p_ip_message,
    BOOL *p_tunnel_packet
    )
    {
    SA_SPEC *p_spec;
    BOOL return_value;
	void *iterator = (void *)NULL;

#ifdef INCLUDE_COUNTERS_PROTECTION_SUITES
    UINT totalPreLength = 0;
    UINT totalPostLength = 0;
#endif

    p_spec = NULL;
    return_value = TRUE;

#ifdef INCLUDE_COUNTERS_PROTECTION_SUITES
    totalPreLength = packetBufDataSizeGet(p_ip_message->pPayload);
#endif /* INCLUDE_COUNTERS_PROTECTION_SUITES */

	wrSecListScanLock( p_bundle->sa_specs );
	while ((p_spec = wrSecListScan( p_bundle->sa_specs, &iterator )) != NULL)
        {
        wrSecTrace( WRS_TRACE_IPSEC_DIR(direction), L1,  "Processing SA_SPEC %s...\n", wrSecTraceSASpecType(p_spec->type) );
		return_value = p_spec->fp_sa_spec_process (p_spec, p_ip_message, p_bundle);
		if (return_value != SA_SPEC_SUCCESS)
			{
            wrSecTrace( WRS_TRACE_IPSEC_DIR(direction), L1,  "SA_SPEC %s returned ERROR '%u'!!\n", wrSecTraceSASpecType(p_spec->type), return_value );

#ifdef INCLUDE_COUNTERS_PROTECTION_SUITES

			/*  increment failure case counts */
			updateProtectionSuiteCounters (p_bundle->protection_suite_id, direction, return_value,
										   totalPreLength,                    totalPostLength);
#endif /* INCLUDE_COUNTERS_PROTECTION_SUITES */

#ifdef INCLUDE_LOGGING_IPSEC_PACKET_DISCARD
			if (ipsecLoggerIsLogEventEnabled (IPSEC_PACKET_DISCARD))
				{
				ipsecEventLogFromSABundle (p_bundle, NULL, IPSEC_PACKET_DISCARD, return_value);
				}
#endif /* INCLUDE_LOGGING_IPSEC_PACKET_DISCARD */
			/* failed spec processing; break and return FALSE*/

			return_value = FALSE;
			break;
			}

		if (p_spec->type == TUNNEL_SPEC)
			{
			*p_tunnel_packet = TRUE;
			}
        }
	wrSecListScanUnlock( p_bundle->sa_specs );


#ifdef INCLUDE_COUNTERS_PROTECTION_SUITES
    if (return_value == SA_SPEC_SUCCESS)
        {
        /* update the total_length with decrypted data for inbound packets */
        totalPostLength = packetBufDataSizeGet(p_ip_message->pPayload);

        updateProtectionSuiteCounters (p_bundle->protection_suite_id, direction, return_value, totalPreLength, totalPostLength);
        }
#endif /* INCLUDE_COUNTERS_PROTECTION_SUITES */

    return (return_value);
    }
/******************************************************************************/