ips_glue.c

wm PNE 3.3 source code, running at more than vxworks6.x version.

/* $Header: /usr/cvsroot/target/src/wrn/wm/demo/socktest/ips_glue.c,v 1.2 2001/11/09 22:10:14 josh Exp $ */

/*
 * Copyright (C) 1999-2005 Wind River Systems, Inc.
 * All rights reserved.  Provided under license only.
 * Distribution or other use of this software is only
 * permitted pursuant to the terms of a license agreement
 * from Wind River Systems (and is otherwise prohibited).
 * Refer to that license agreement for terms of use.
 */


/****************************************************************************
 *  Copyright 1998 Integrated Systems, Inc.
 *  All rights reserved.
 ****************************************************************************/


/*
 * $Log: ips_glue.c,v $
 * Revision 1.2  2001/11/09 22:10:14  josh
 * socktest path modifications, first pass
 *
 * Revision 1.1.1.1  2001/11/05 17:49:13  tneale
 * Tornado shuffle
 *
 * Revision 1.7  2001/01/19 22:24:52  paul
 * Update copyright.
 *
 * Revision 1.6  2000/10/26 17:06:47  paul
 * Added $Header
 *
 * Revision 1.4  2000/10/16 19:22:07  paul
 * Restore sockets and mempool code.
 *
 * Revision 1.2  2000/03/17 00:14:45  meister
 * Update copyright message
 *
 * Revision 1.1  1999/03/31 23:30:44  wes
 * Duplicate copy of ips_glue.c so we can build with ipsec enabled..
 *
 * Revision 1.4  1998/03/12 19:15:47  meister
 * added GLUE_IPSEC_RCV_SA_NOTUNNEL()
 *
 * Revision 1.3  1998/03/10 00:29:11  meister
 * corrected some inconsistencies in the glue functions.
 *
 * Revision 1.2  1998/03/03 15:25:16  mrf
 * Don't call PRINTF if it isn't defined.
 *
 * Revision 1.1  1998/02/27 22:16:34  meister
 * Initial checkin; snark ipsec glue routines
 *
 */

/* [clearcase]
modification history
-------------------
01a,19apr05,job  update copyright notices
*/




/*
 * This file defines some basic IPsec glue functions.
 */

#include <wrn/wm/attache/config.h>
#include <wrn/wm/attache/ipaddr.h>
#include <wrn/wm/attache/ip.h>
#include <wrn/wm/attache/packet.h>
#include <wrn/wm/attache/ipsec.h>
#include <wrn/wm/attache/glue.h>

/* 
 * if GLUE_IPSEC_SA_EXPIRED is defined, set, this function gets called
 * when an SA expires. The SA direction, host addr, SPI, and type of SA
 * is passed up.
 */


/* keep it simple; when an SA expires, we just delete it. */
void glue_ipsec_sa_expired (ipsec_sa_dir_t dir, ipaddr_t *dst, 
			    bits32_t spi, bits8_t satype)
{
#ifdef PRINTF
     PRINTF("SA expire notice: %s, %s, spi %lu, %s\n", 
            ipaddr_to_string (dst, 0, 0), 
            (dir == IPSEC_SA_SEND ? "send" : "rcv"), 
            (unsigned long) spi, 
            (satype == IPSEC_SATYPE_ESP ? "esp" : "ah"));
#endif

     ipsec_secassoc_destroy_sa (dst, spi, satype, dir);
}
    
/*
 * if GLUE_IPSEC_SND_PKT_DENIED is defined, and we deny sending a packet 
 * by policy, this gets called with the packet and the deny code.
 */

void glue_ipsec_snd_pkt_denied(packet *p, ipaddr_t *src, ipaddr_t *dst, 
                               int code)
{
#ifdef PRINTF
     PRINTF("IPSEC: Packet from %s ", ipaddr_to_string (src, 0, 0));
     PRINTF("to %s denied, %s\n", 
            ipaddr_to_string (dst, 0, 0), 
            (code == IPSEC_DENIED_NO_SA ? 
            "no sa available" : "policy explicit drop"));
#endif
}



void glue_ipsec_rcv_pkt_badspi(packet *p, ipaddr_t *src, ipaddr_t *dst, 
                               bits32_t spi, bits8_t type)
{
#ifdef PRINTF
     PRINTF("IPSEC: Packet from %s ", ipaddr_to_string (src, 0, 0));
     PRINTF("to %s UNKNOWN %s SPI %lu\n", 
            ipaddr_to_string (dst, 0, 0),
            (type == IPSEC_SATYPE_ESP ? "esp" : "ah"), 
            (unsigned long) spi);
#endif
}

void glue_ipsec_rcv_pkt_notparty(packet *p, ipaddr_t *src, ipaddr_t *dst, 
                                  bits32_t spi, bits8_t type)
{
#ifdef PRINTF
     PRINTF("IPSEC: Packet from %s ", ipaddr_to_string (src, 0, 0));
     PRINTF("to %s NOT PARTY TO %s SPI %lu\n", 
            ipaddr_to_string (dst, 0, 0),
            (type == IPSEC_SATYPE_ESP ? "esp" : "ah"), 
            (unsigned long) spi);
#endif
}


void glue_ipsec_rcv_sa_notunnel(packet *p, ipaddr_t *src, ipaddr_t *dst, 
                                  bits32_t spi, bits8_t type)
{
#ifdef PRINTF
     PRINTF("IPSEC: Packet from %s ", ipaddr_to_string (src, 0, 0));
     PRINTF("to %s USE of TRANSPORT ONLY %s SPI %lu AS TUNNEL\n", 
            ipaddr_to_string (dst, 0, 0),
            (type == IPSEC_SATYPE_ESP ? "esp" : "ah"), 
            (unsigned long) spi);
#endif
}


void glue_ipsec_rcv_tunpkt_notip(packet *tun, packet *p, 
                                 ipaddr_t *src, ipaddr_t *dst, 
                                 bits32_t spi, bits8_t type)
{
#ifdef PRINTF
     PRINTF("IPSEC: tunnel from %s ", ipaddr_to_string (src, 0, 0));
     PRINTF("to %s ", ipaddr_to_string (dst, 0, 0));
     PRINTF("handed us a NOT IP packet. %s SPI %lu\n", 
            (type == IPSEC_SATYPE_ESP ? "esp" : "ah"), 
            (unsigned long) spi);
#endif
}

void glue_ipsec_rcv_tunpkt_notparty(packet *tun, ipaddr_t *tsrc, 
                                    ipaddr_t *tdst, 
                                    packet *outer, ipaddr_t *osrc, 
                                    ipaddr_t *odst, 
                                    bits32_t spi, bits8_t type)
{
#ifdef PRINTF
     PRINTF("IPSEC: tunneled packet from %s ", ipaddr_to_string (tsrc, 0, 0));
     PRINTF("to %s ", ipaddr_to_string (tdst, 0, 0));
     PRINTF("NOT PARTY TO %s SPI %lu\n", 
            (type == IPSEC_SATYPE_ESP ? "esp" : "ah"), 
            (unsigned long) spi);
     PRINTF("\t encapsulating packet was from %s ", 
            ipaddr_to_string (osrc, 0, 0));
     PRINTF("to %s ", ipaddr_to_string (odst, 0, 0));
#endif
}


void glue_ipsec_rcv_pkt_badah(packet *p, ipaddr_t *src, 
                              ipaddr_t *dst, bits32_t spi)
{
#ifdef PRINTF
     PRINTF("IPSEC: Packet from %s ", ipaddr_to_string (src, 0, 0));
     PRINTF("to %s FAILS AH VERIFICATION SPI %lu\n", 
            ipaddr_to_string (dst, 0, 0),
            (unsigned long) spi);
#endif
}
    

void glue_ipsec_rcv_pkt_denied(packet *p, ipaddr_t *src, ipaddr_t *dst,
                               ipsec_policy_flags_t polflags, 
                               bits16_t pktflags)
{
#ifdef PRINTF
     PRINTF("IPSEC: Packet from %s ", ipaddr_to_string (src, 0, 0));
     PRINTF("to %s Fails Recieve Policy. \n", 
            ipaddr_to_string (dst, 0, 0));
#endif
}