/****************************************************************************** Copyright (c) 2004 by Hifn, Inc, Los Gatos, CA, U.S.A. All Rights Reserved. This  software is furnished to licensee under a software license  agreement and may be used and copied only in accordance with the terms and conditions of such license and with the inclusion of the above Copyright Notice.  This software  or  any  other  copies  thereof may not be provided or  otherwise made  available  to any  other person.  No title to and  ownership  of  the software   is   hereby   transferred   and   licensee  is  subject  to  all confidentiality  provisions set forth in the  software  license  agreement. The information in this software is  subject to change without notice.*******************************************************************************/static char const tc_id[] = "$Id: @(#) defpolicy_ike.c 1.3@(#) $";/****************************************************************************** @file defpolicy_ike.c @brief SM policy tool. Simple tool for setting a simple policy. This creates a bypass policy (one of the simplest policies) as an example. The code here follows the example in Section 8.3 "Establishing Policies - A Primer" in "HIPP III Security Management API - Programmers Guide"  See section 8.3 and code in the program setpolicy for examples of more complex policies.*******************************************************************************//*------------------------------------ *//* Header Include                      *//*------------------------------------ *//* Standard includes */#include <stdio.h>#include <stdlib.h>#include <string.h>#include <ctype.h>#include <strings.h>/* API specific includes */#include "hftc_pub_common.h"#include "hftc_pub_errors.h"#include "hftc_pub_sm.h"#include "hftc_pub_types.h"#include "hftc_pub_translate_enums.h"/*------------------------------------ *//* Constants and Types                 *//*------------------------------------ *//*------------------------------------ *//* External Variables                  *//*------------------------------------ *//*------------------------------------ *//* File-Scope Variables                *//*------------------------------------ *//*******************************//* Unit Number table variables *//*******************************/HFTC_Unit_t  unitNumber = 1;    /* unit number used in SM-API calls *//**************************************//* Policy Object Variables & Defaults *//**************************************//*   This is used to set the policy to by a bypass policy with priority 0.   Priority 0 is in the first location, and thus has the highest priority.   A value of HFTC_IPACTION_BYPASS makes this a bypass policy.*/uint32_t policyPriority   = 0;uint32_t policyAction     = HFTC_IPACTION_BYPASS;/*   These values represent the enpoints of the policy.  The src endpoint is   the local endpoint, and the dst endpoint is th destination IP address.   These endpoints are being set up with values of any, so the matching is   on the widest range of addresses, protocols and ports.  Note that if kind   is ANY the values are ignored.  So, if srcAddrKind is HFTC_IPADDRKIND_ANY   then the start and end mask are ignored, if dstProtocolKind is   HFTC_PROTOKIND_ANY then dstProtocol is ignored, etc.*/uint32_t srcAddrKind      = HFTC_IPADDRKIND_ANY;uint32_t srcAddrStart     = 0x00000000;uint32_t srcAddrEndMask   = 0xFFFFFFFF;uint32_t srcProtocolKind  = HFTC_PROTOKIND_ANY;uint32_t srcProtocol      = 0x00;uint32_t srcPortKind      = HFTC_PORTKIND_ANY;uint32_t srcPort          = 0x0000;uint32_t dstAddrKind      = HFTC_IPADDRKIND_ANY;uint32_t dstAddrStart     = 0x00000000;uint32_t dstAddrEndMask   = 0xFFFFFFFF;uint32_t dstProtocolKind  = HFTC_PROTOKIND_ANY;uint32_t dstProtocol      = 0x00;uint32_t dstPortKind      = HFTC_PORTKIND_ANY;uint32_t dstPort          = 0x0000;/*------------------------------------ *//* Local Function Prototypes           *//*------------------------------------ *//*------------------------------------ *//* Implementation                      *//*------------------------------------ *//*********************************************************************** *  defpolicy *********************************************************************** * @brief Simple SM policy object interfaces. * * @par Externals: *    See defaults at top of this file. * * @return *    HFTC_STATUS_OK * * @par Errors: *    None. * * @par Assumptions: *   None. * ***********************************************************************/HFTC_Status_t defpolicy(){   HFTC_Status_t        status      = HFTC_STATUS_OK;   HFTC_Reqid_t         reqid      = 0;   HFTC_Cbp_t           cbp        = NULL;   HFTC_Policy_t        policy;   do {      /********************/      /* Create a Policy */      /*******************/      /*         This creates a simple bypass policy.  The code here is modeled         after the code in setpolicy.c and section 8.3 Establishing Policies         - A Primer of "HIPP III Security Management API".  For more complex         policies, please refer to either of those places.         The steps to create a bypass policy are as follows:         1. Define or allocate a HFTC_Policy_t structure to hold the policy            attributes.  The policy here is called policy.         2. Set the fields as below.  The memset to zero is not nessesary,            but is still good practice, currently the fields that are not            set are ignored.         3. Call HFTC_SM_AddPolicyToSPD to add the policy.      */      memset(&policy, 0, sizeof(policy));      policy.action = policyAction;      /* Set up valid endpoints */      policy.sourceEP.IPaddr.IPaddrKind    = srcAddrKind;      policy.sourceEP.IPaddr.IPaddrStart   = srcAddrStart;      policy.sourceEP.IPaddr.IPaddrEndMask = srcAddrEndMask;      policy.sourceEP.protocolKind         = srcProtocolKind;      policy.sourceEP.protocol             = srcProtocol;      policy.sourceEP.portKind             = srcPortKind;      policy.sourceEP.port                 = srcPort;      policy.destEP.IPaddr.IPaddrKind    = dstAddrKind;      policy.destEP.IPaddr.IPaddrStart   = dstAddrStart;      policy.destEP.IPaddr.IPaddrEndMask = dstAddrEndMask;      policy.destEP.protocolKind         = dstProtocolKind;      policy.destEP.protocol             = dstProtocol;      policy.destEP.portKind             = dstPortKind;      policy.destEP.port                 = dstPort;      /*         The policy is being added here with polciyPriority.  A         policy priority value of 0, is in the first position, and thus has         the highest priority of all policies.  Since t his policy is a         bypass policy, no proposal set value is needed, the value is         ignored.  Writing this policy at location policyPriority will         overwrite any other policy that may be in that position.      */      status = HFTC_SM_AddPolicyToSPD(unitNumber, cbp, reqid,                                      policyPriority,                                      &policy, 0);      if (status != HFTC_STATUS_OK)      {         printf("ERROR: HFTC_SM_AddPolicyToSPD failed; "                "error status = %s (%d)\n",                 HFTC_Status_t_text(status), status);         break;      }   }   while (0);   return status;}  /* End defpolicy *//* ----------------------------------------------------------------------------   REV #    DATE     BY    REVISION DESCRIPTION   -----  --------  -----  ----------------------------------------------------   0001   06/23/05   msz   Created from setpolicy.c, and Section 8.3                           "Establishing Policies - A Primer" in HIPP III                           Security Management API - Programmers Guide.   0002   08/03/05   msz   Code review changes.   0003   08/22/06   msz   Print out status with text expansion.*-----------------------------------------------------------------------------*/