index 7d69af13ca9a70bef1f0cf0f43f71c9498712de2..09ffe7e8795cd14b7d40be42ea1aa1a4e42a98c3 100755 (executable)
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*****************************************************************************/
-#include "netapi_sec.h"
-
+#include "netapi.h"
/********************************************************************
* FUNCTION PURPOSE: API to add an IPSEC SA
int have_to_wait=1;
nwalTxDmPSCmdInfo_t dmPSCmdInfo;
nwalSaIpSecId_t nwalSaIpSecId;
- uint32_t swInfo0;
- uint32_t swInfo1;
+ uint32_t swInfo0 = 0;
+ uint32_t swInfo1 = 0;
+
+ nwalCreateSAParams_t createParam =
+ {
+ /* mac handle */
+ NULL, //to be filled in
+ 4,
+ /*nwalSaIpSecParam_t */
+ {
+ 0,/* validParams */
+ nwal_SA_MODE_TUNNEL, //update from input
+ 64,/* replayWindow */\
+ NWAL_SA_DIR_INBOUND,
+ 0,
+ 0,
+ NWAL_SA_AALG_HMAC_SHA1,/* update from input */
+ NWAL_SA_EALG_AES_CTR, /* update from input */
+ { 0x00}, /* remMacAddr: NA */
+ 12, /* update from input, mac size */
+ NWAL_MATCH_ACTION_CONTINUE_NEXT_ROUTE,/* Continue parsing to next route for match */
+ NWAL_NEXT_ROUTE_FAIL_ACTION_HOST,/* For next route fail action by default is route to host */
+ CPPI_PARAM_NOT_SPECIFIED, /* Use default flow configured to NWAL if packet is routed to host */
+ QMSS_PARAM_NOT_SPECIFIED, /* Use default queue configured to NWAL if packet is routed to host */
+ 0 /* route type */
+ },
+ /* nwalSaIpSecKeyParams_t */
+ {0}
+ };
- nwalCreateSAParams_t createParam;
void * mac_handle = netapip_netcpCfgGetMacHandle(&netapi_get_global()->nwal_context,iface_no);
- *perr =0;
+ *perr =NETAPI_ERR_OK;
if ((!n) || (!sa_info) || (!p_data_mode_handle))
{
*perr = NETAPI_ERR_BAD_INPUT;
}
/* reserve a slot */
- tunnelId = netapip_netcpCfgFindSaSlot(&netapi_get_global()->nwal_context,
- iface_no);
+ tunnelId = netapip_netcpCfgFindSaSlot(n,
+ &netapi_get_global()->nwal_context,
+ iface_no);
if (tunnelId <0)
{
*p_data_mode_handle= NULL;
*p_inflow_mode_handle= NULL;
- /* Initialize defaults, can be updated from inputs to API */
- memset(&createParam, 0, sizeof(nwalCreateSAParams_t));
- createParam.saIpSecParam.appRxPktFlowId = CPPI_PARAM_NOT_SPECIFIED;
- createParam.saIpSecParam.appRxPktQueue = QMSS_PARAM_NOT_SPECIFIED;
+
if (inflow_mode & NETAPI_SEC_SA_INFLOW)
{
- pTransInfo = netapip_getFreeTransInfo((NETAPI_GLOBAL_T *) n->global, &trans_id);
+ pTransInfo = netapip_getFreeTransInfo(n,
+ (NETAPI_PROC_GLOBAL_T *) n->proc_global,
+ &trans_id);
if (!pTransInfo)
{
*perr = NETAPI_ERR_BUSY;
createParam.saIpSecParam.esnHi = sa_info->esnHi;
if ((sa_info->cipherMode == NWAL_SA_EALG_AES_GCM) ||
(sa_info->cipherMode == NWAL_SA_EALG_AES_CCM) ||
- (sa_info->authMode == NWAL_SA_AALG_GMAC))
+ (sa_info->authMode == NWAL_SA_AALG_GMAC) ||
+ (sa_info->authMode == NWAL_SA_AALG_HMAC_SHA2_256) ||
+ (sa_info->authMode == NWAL_SA_AALG_HMAC_SHA2_256_RFC4868))
{
createParam.saIpSecParam.macSize = 16;
}
if (route != NULL)
{
- netapip_netcpCfgBuildRoute(route,&createParam.saIpSecParam.appRxPktFlowId,
- &createParam.saIpSecParam.appRxPktQueue);
+ if((route->valid_params & NETCP_CFG_VALID_PARAM_ROUTE_TYPE) ==
+ NETCP_CFG_VALID_PARAM_ROUTE_TYPE)
+ {
+ createParam.saIpSecParam.validParams |=
+ NWAL_SA_INFO_VALID_PARAM_ROUTE_TYPE;
+ }
+ netapip_netcpCfgBuildRoute(route,
+ &createParam.saIpSecParam.appRxPktFlowId,
+ &createParam.saIpSecParam.appRxPktQueue,
+ &createParam.saIpSecParam.routeType);
}
/* fire off config message */
&swInfo0,
&swInfo1) == nwal_TRUE)
{
- netapi_Log("netapisecAddSA swInfo0: 0x%x, swInfo1: 0x%x\n", swInfo0, swInfo1);
+ //netapi_Log("netapisecAddSA swInfo0: 0x%x, swInfo1: 0x%x\n", swInfo0, swInfo1);
}
else
netapi_Log("netapisecAddSA: call to nwal_getSecAssoc() returned error\n");
return -1;
}
- netapi_Log("netapi_secAddSA: Creating sideband mode SA for %d ( mac %d)\n", tunnelId, iface_no);
+ //netapi_Log("netapi_secAddSA: Creating sideband mode SA for %d ( mac %d)\n", tunnelId, iface_no);
*p_data_mode_handle = dm_handle;
memset(&dmPSCmdInfo, 0, sizeof(nwalTxDmPSCmdInfo_t));
retValue = nwal_initDMPSCmdInfo(netapip_returnNwalInstanceHandle(h),
netapip_netcpCfgInsertSa(&netapi_get_global()->nwal_context,
tunnelId,
- (sa_info->dir == NWAL_SA_DIR_INBOUND) ? TRUE: FALSE,
+ (sa_info->dir == NWAL_SA_DIR_INBOUND) ? NETAPI_TRUE: NETAPI_FALSE,
inflow_mode,
- &saInfo, &createParam,
+ &saInfo,
+ &createParam,
*p_inflow_mode_handle,
*p_data_mode_handle,
&dmPSCmdInfo,
if(handle_inflow)
{
/* get a transaction id */
- pTransInfo = netapip_getFreeTransInfo((NETAPI_GLOBAL_T *) n->global, &trans_id);
+ pTransInfo = netapip_getFreeTransInfo(n,
+ (NETAPI_PROC_GLOBAL_T *) n->proc_global,
+ &trans_id);
if (!pTransInfo)
{
*perr = NETAPI_ERR_BUSY;
/********************************************************************
- * FUNCTION PURPOSE: API to add a recieve security policy
+ * FUNCTION PURPOSE: API to add a receive security policy
********************************************************************
- * DESCRIPTION: API to add a recieve security policy
+ * DESCRIPTION: API to add a receive security policy
********************************************************************/
NETCP_CFG_IPSEC_POLICY_T netapi_secAddRxPolicy(NETAPI_T h,
NETCP_CFG_SA_T sa,
nwal_RetValue retValue;
NetapiNwalTransInfo_t *pTransInfo;
nwal_TransID_t trans_id;
- unsigned int appId = NETAPI_NETCP_MATCH_IPSEC_POLICY | (sa& NETAPI_NETCP_MATCH_ID_MASK);
+ unsigned int appId = NETAPI_NETCP_MATCH_IPSEC_POLICY;
int policyId;
int tunnelId= netapi_cfgGetMatchId(sa);
void * blah;
nwalSecPolParams_t createParam =
{
0, /* handle */
+ 0, /* valid params */
NWAL_SA_DIR_INBOUND,
4, /* IP Type */
{0}, /* dst */
NWAL_MATCH_ACTION_CONTINUE_NEXT_ROUTE, /* Continue parsing to next route for match */
NWAL_NEXT_ROUTE_FAIL_ACTION_HOST, /* For next route fail action by default is route to host */
CPPI_PARAM_NOT_SPECIFIED, /* Use default flow configured to NWAL if packet is routed to host */
- QMSS_PARAM_NOT_SPECIFIED /* Use default queue configured to NWAL if packet is routed to host */
+ QMSS_PARAM_NOT_SPECIFIED, /* Use default queue configured to NWAL if packet is routed to host */
+ 0 /* Optional: route type */
};
void * sa_handle = NULL;
}
/* get a transaction id */
- pTransInfo = netapip_getFreeTransInfo((NETAPI_GLOBAL_T *) n->global, &trans_id);
+ pTransInfo = netapip_getFreeTransInfo(n,
+ (NETAPI_PROC_GLOBAL_T *) n->proc_global,
+ &trans_id);
if (!pTransInfo)
{
*perr = NETAPI_ERR_BUSY;
if (ip_qualifiers) memcpy(&createParam.ipOpt,ip_qualifiers ,sizeof(nwalIpOpt_t));
if (route != NULL)
{
- netapip_netcpCfgBuildRoute(route,&createParam.appRxPktFlowId,
- &createParam.appRxPktQueue);
+ if((route->valid_params & NETCP_CFG_VALID_PARAM_ROUTE_TYPE) ==
+ NETCP_CFG_VALID_PARAM_ROUTE_TYPE)
+ {
+ createParam.validParams |=
+ NWAL_SET_SEC_POLICY_VALID_PARAM_ROUTE_TYPE;
+ }
+ netapip_netcpCfgBuildRoute(route,
+ &createParam.appRxPktFlowId,
+ &createParam.appRxPktQueue,
+ &createParam.routeType);
}
/* reserve a slot */
- policyId = netapip_netcpCfgFindPolicySlot(&netapi_get_global()->nwal_context,
- tunnelId);
+ policyId = netapip_netcpCfgFindPolicySlot(n,
+ &netapi_get_global()->nwal_context,
+ tunnelId);
if (policyId <0)
{
*perr= NETAPI_ERR_NOMEM;
netapip_freeTransInfo(pTransInfo);
return -1;
}
- appId |= (policyId<<8);
+ appId |= (policyId <<8);
/* fire off config message */
retValue = nwal_setSecPolicy (((NETAPI_GLOBAL_T*) (n->global))->nwal_context.nwalInstHandle,
if(retValue != nwal_OK)
{
*perr = NETAPI_ERR_NWAL_ERR0;
+ printf("netapi_secAddPolicy: error returned: %d\n", retValue);
netapi_Log ("netapi sec - ERROR: nwal_setPolicy returned Error Code %d\n",
retValue);
netapip_freeTransInfo(pTransInfo);
}
/********************************************************************
- * FUNCTION PURPOSE: Internal function to delete a recieve security policy
+ * FUNCTION PURPOSE: Internal function to delete a receive security policy
********************************************************************
- * DESCRIPTION: Internal function to delete a recieve security policy
+ * DESCRIPTION: Internal function to delete a receive security policy
********************************************************************/
static void netapi_secDelRxPolicy_internal(NETAPI_T h,
NETCP_CFG_IPSEC_POLICY_T policy_app_id,
*perr =0;
/* get a transaction id */
- pTransInfo = netapip_getFreeTransInfo((NETAPI_GLOBAL_T *) n->global, &trans_id);
+ pTransInfo = netapip_getFreeTransInfo(n,
+ (NETAPI_PROC_GLOBAL_T *) n->proc_global,
+ &trans_id);
if (!pTransInfo)
{
*perr = NETAPI_ERR_BUSY;
}
/********************************************************************
- * FUNCTION PURPOSE: API to delete a recieve security policy
+ * FUNCTION PURPOSE: API to delete a receive security policy
********************************************************************
- * DESCRIPTION: API to delete a recieve security policy
+ * DESCRIPTION: API to delete a receive security policy
********************************************************************/
void netapi_secDelRxPolicy(NETAPI_T h,
NETCP_CFG_IPSEC_POLICY_T policy_app_id,
NETAPI_HANDLE_T * n = (NETAPI_HANDLE_T *) h;
void * handle_inflow;
void * handle_sideband;
- int tunnelId = (handle >>8) &0xffff;
+ int tunnelId = (handle >> NETAPI_NETCP_MATCH_ID_SHIFT) &0xffff;
int have_to_wait = 1;
handle_inflow = netapip_netcpCfgGetSaHandles(&netapi_get_global()->nwal_context,
tunnelId, &handle_sideband);
pSaStats->validParams |= NETAPI_SIDEBAND_DATA_MODE_STAT_VALID;
}
}
+
+
+/**********************************************************************************
+ * FUNCTION PURPOSE: API to API to retrieve local channel context information
+ **********************************************************************************
+ * DESCRIPTION: API to retrieve API to retrieve local channel context information
+ *********************************************************************************/
+void netapi_secGetChanCtxInfo(NETAPI_T h,
+ NETCP_CFG_APP_ID_T appId,
+ nwalChanCxtInfo_t* pInfo)
+{
+
+ NETAPI_HANDLE_T * n = (NETAPI_HANDLE_T *) h;
+ void * handle_inflow;
+ void * handle_sideband = NULL;
+ void * handle_policy=NULL;
+ nwalChanCxtInfo_t info;
+ uint32_t stage = 0;
+ int policyId;
+ int tunnelId;
+
+ if(!pInfo)
+ return;
+ memset(pInfo, 0, sizeof(nwalChanCxtInfo_t));
+
+ stage = netapi_cfgGetMatchStage(appId);
+ netapi_Log("netapi_secGetChanCtxInfo: app id: 0x%x, stage: 0x%x\n", appId, stage);
+
+
+ switch (stage)
+ {
+ case 1:
+ /* this is for SA, need SA and OUTER IP handle */
+ tunnelId = netapi_cfgGetMatchId(appId);
+ handle_inflow = netapip_netcpCfgGetSaHandles(&netapi_get_global()->nwal_context,
+ tunnelId, &handle_sideband);
+ if(handle_inflow)
+ {
+ nwal_getChanCxtInfo(&netapi_get_global()->nwal_context,
+ handle_inflow,
+ pInfo);
+ netapi_Log("netapi_secGetChanCtxInfo: outerIP: 0x%x, SA chan handle: 0x%x, bitmap: 0x%x\n",
+ pInfo->paOuterIpHandle, pInfo->saChanHandle, pInfo->validBitMap);
+ }
+ break;
+ case 2:
+ /* this is for policy, need SA inner IP */
+ policyId = netapi_cfgGetMatchId(appId);
+ handle_policy = netapip_netcpCfgGetPolicy(&netapi_get_global()->nwal_context,
+ policyId);
+ if (handle_policy)
+ {
+ nwal_getChanCxtInfo(&netapi_get_global()->nwal_context,
+ handle_policy,
+ pInfo);
+ netapi_Log("netapi_secGetChanCtxInfo: innerIP: 0x%x, bitmap: 0x%x\n",
+ pInfo->paInnerIpHandle, pInfo->validBitMap);
+ }
+ break;
+ default:
+ netapi_Log("netapi_secGetChanCtxInfo:Invalid APPID provided\n");
+ break;
+ }
+ return;
+}