/* usrFwStartup.c - Initialize and startup Firewall *//* Copyright 2004-2005 Wind River Systems, Inc. */#include "copyright_wrs.h"/*modification history--------------------01d,29mar05,svk  Replace usage of Tornado with Workbench01c,13sep04,svk  Fix compilation warnings01b,06apr04,zhu  fixed a comment error01a,05apr04,zhu  written*//*DESCRIPTIONThis file supplies sample code to configure and initialize the Firewall.NOMANUAL*/#include "vxWorks.h"#include "wrn/firewall/fwLib.h"#include "wrn/firewall/syslogcLib.h"#include <stdio.h>#include "ifLib.h"#include "ipProto.h"#include "routeLib.h"extern int fwNvIfRamParamsGet(char *, char *, int, int);extern int fwNvIfRamParamsSet(char *, char *, int, int);extern int fwNvIfRamParamsClose(char *);extern int fwNvIfRamParamsInit(char *);extern STATUS fwClockBaseInit(UINT32,UINT32,UINT32,UINT32,UINT32,UINT32);/********************************************************************************* usrFwStartup - Initialize the firewall ** RETURNS: N/A** NOMANUAL*/void usrFwStartup()    {    FW_MAC_IF_ID macIf[2];    /*      * This assumes:     * (a) There are two interfaces lnPci0, lnPci1 on the target.     * (b) lnPci0 is the public interface, it is already attached and     *     its address is already set.     * (c) lnPci1 is the local interface, and is not yet attached.     *     * Attach the private interface and set its private address to     * 10.11.7.5. Also, add a route to a public gateway 192.0.2.1     * to reach other public networks.     */         ipAttach(1, "lnPci");    ifMaskSet("lnPci1", 0xffffff00);    ifAddrSet("lnPci1", "10.11.7.5");    mRouteAdd("0.0.0.0", "192.0.2.1", 0xffffff00, 0, 0);    /*      * If not already done, set the target clock. You can also use      * fwClockTimeSet() in fwUtilLib.c to set the clock with time retrieved      * from NTP time server.     *     * This assumes: Year 2004, April 5th, 11:40:30 AM     */         if(fwClockBaseInit(2004, 4, 5, 11, 40, 30) != OK)        {        printf("Firewall Clock init ERROR: fwClockBaseInit failed\n ");        return;        }    /*      * Initialize the firewall. The initialization order is:     *     * 1. MAC Filter     * 2. Logging Facility     * 3. NV Storage Interface     * 4. IP Filter     * 5. (Optional) Sample Web Screens     */    /*      * 1. MAC Filter     *     * Initialize the Firewall MAC Filter     *     * This assumes:     * (a) There are two interfaces lnPci0, lnPci1 on the target     * (b) lnPci0 is the public interface     * (c) lnPci1 is the private interface     * (d) Install RX MAC Filter on the private interface     * (e) Default Action is ACCEPT     * (f) Logging is enabled     *     * NOTE: If you are initializing the MAC Filter manually, the     * initialization order is your responsibility. For example, if     * the Learning Bridge is included in the image along with the      * Firewall MAC Filter, the MAC Filter _must_ be initialized before      * the Learning Bridge.     */    strcpy (macIf[0].name, "lnPci");  /* private interface name */    macIf[0].unit = 1;                /* private interface unit number */    macIf[1].name[0] = 0;             /* null terminate */    macIf[1].unit = 0;                /* null terminate */    if(fwMacFilterInstall(FW_MAC_FILTER_RX, macIf, FW_ACCEPT,                           NULL, NULL) != OK)        {        printf("Firewall Mac RX Filter init ERROR: fwMacFilterInstall"               " failed!\n");        return;        }    fwMacLogInstall(fwLog);    /*      * 2. Logging Facility     *     * Initialize the logging Facility     *     * This assumes: Logs are sent to the console.     *     * NOTE: To send logs to Syslog Server at address 10.11.7.50,      * first install the Syslog client:     * fwLogSyslogcInstall((FUNCPTR)syslogcLibInit,(FUNCPTR)syslogcBinDataSend,     *                     (FUNCPTR)syslogcShutdown);     * Then initialize the Logging Facility, for example:     * if (fwLogLibInit(FW_LOG_TO_SYSLOG, "10.11.7.50", NULL, 0) != OK)     *      {     *      printf("Firewall Log init ERROR: fwLogLibInit failed!\n");     *      return;     *      }     */    if (fwLogLibInit(FW_LOG_TO_CONSOLE, NULL, NULL, 0) != OK)        {        printf("Firewall Log init ERROR: fwLogLibInit failed!\n");        return;        }    /*      * 3. NV Storage Interface     *     * This assumes: RAM-based Non-Volatile (NV) Storage is used     *     * To enable the Non-Volatile storage Firewall interface, you must first     * write a set of platform specific routines according to the      * specification in fwNvIfLib.c and then call fwNvFuncsInstall() to      * install to NV Storage interface.     *     * Initialize the user-specified Non-Volatile Storage interface     */    if (fwNvIfRamParamsInit(NULL) != OK)        {        printf("Firewall NV Storage init ERROR: Init function failed!\n");        return;        }    /* Install the user-specified Non-Volatile Storage interface */        fwNvFuncsInstall(fwNvIfRamParamsGet, fwNvIfRamParamsSet,                     fwNvIfRamParamsClose);    /*      * 4. IP Filter     *     * This assumes:     * (a) NV Storage is used for IP Filter     * (b) Logging is enabled     * (c) IP Filter is installed at pre-input and output locations with     *     default action reject     */    /* Initialize Non-Volatile Storage for IP Filter */    if (fwNvRuleLibInit() != OK)        {        printf("Firewall IP Filter init ERROR: fwNvRuleLibInit failed!\n");        return;        }    /* Install logging for IP Filter */    fwRuleLogInstall(fwLog);            /* Initialize the Stateful inspection module */        fwStateInit();         /*     * Install the IP filter at one or more user-specified packet intercept     * locations. The IP packet filtering starts working only after this     * is done.      *     * NOTE: Since the default action is set to reject below, all traffic      * will be dropped unless you add filter rules later to allow      * specific traffic.     */         if(fwRuleFilterInstall(FW_PREIN_LOC,FW_REJECT,NULL,NULL,NULL,0) != OK)        {        printf("Firewall IP Filter init ERROR: fwRuleFilterInstall "               "at PREIN failed!\n");        return;        }    if(fwRuleFilterInstall(FW_OUT_LOC,FW_REJECT,NULL,NULL,NULL,0) != OK)        {        printf("Firewall IP Filter init ERROR: fwRuleFilterInstall "               "at OUT failed!\n");        return;        }    /*      * 5. (Optional) Web Interface     *     * This assumes: Web Interface is used for firewall configuration.     *      * Initialize Firewall Web Interface.     *     * NOTE: You must use Workbench Kernel Editor to build the      * Web interface. Please refer to Firewall User's Guide for      * more details.     *     * if (fwWebInit() != OK)     *     {     *     printf("Firewall Web init ERROR: fwWebInit failed!\n");     *     return;     *     }     *     * if (WMB_COMPONENT_Start() != OK)     *     printf("Firewall Web init ERROR: WMB_COMPONENT_START failed!\n");     */    printf("Firewall initialization and startup complete!\n");    }