Google Git
Sign in
nest-open-source / manifest_repos / sdk / ae44557b77d81b2a95af25a2d793d1bcec1c8cc3 / . / qca-nss-drv / nss_ipsec_log.c
blob: 2f1570efb929ce52b9fcca2fbaf1f3bb8b4b3fdc [file] [log] [blame]
/*
**************************************************************************
* Copyright (c) 2018, 2020, The Linux Foundation. All rights reserved.
* Permission to use, copy, modify, and/or distribute this software for
* any purpose with or without fee is hereby granted, provided that the
* above copyright notice and this permission notice appear in all copies.
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
* OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
**************************************************************************
*/
/*
* nss_ipsec_log.c
* NSS IPSEC logger file.
*/
#include "nss_core.h"
#define NSS_IPSEC_LOG_IPV4 4
#define NSS_IPSEC_LOG_IPV6 6
/*
* nss_ipsec_log_message_types_str
* IPSEC message strings
*/
static int8_t *nss_ipsec_log_message_types_str[NSS_IPSEC_MSG_TYPE_MAX] __maybe_unused = {
"IPSEC Msg None",
"IPSEC ADD Rule",
"IPSEC DEL Rule",
"IPSEC Flush Tunnel",
"IPSEC SA Stats",
"IPSEC Flow Stats",
"IPSEC Node Stats",
"IPSEC Configure Node",
};
/*
* nss_ipsec_log_error_response_types_str
* Strings for error types for IPSEC messages
*/
static int8_t *nss_ipsec_log_error_response_types_str[NSS_IPSEC_ERROR_TYPE_MAX] __maybe_unused = {
"IPSEC No Error",
"IPSEC Hash Duplicate",
"IPSEC Hash Collision",
"IPSEC Unhandled Message",
"IPSEC Invalid Rule",
"IPSEC MAX SA",
"IPSEC MAX Flow",
"IPSEC Invalid CINDEX",
"IPSEC Invalid IP Version",
};
/*
* nss_ipsec_log_rule_msg()
* Log NSS IPSEC rule message.
*/
static void nss_ipsec_log_rule_msg(struct nss_ipsec_msg *nim)
{
struct nss_ipsec_rule *nir __maybe_unused = &nim->msg.rule;
nss_trace("%px: NSS IPSEC Rule Message:\n"
"IPSEC ESP SPI Index: %dn"
"IPSEC TTL Hop Limit: %dn"
"IPSEC IP Version: %x\n"
"IPSEC Crypto Index: %d\n"
"IPSEC Window Size: %d\n"
"IPSEC Cipher Block Len: %d\n"
"IPSEC Initialization Vector Length: %d\n"
"IPSEC NAT-T Required: %d\n"
"IPSEC ICV Length: %d\n"
"IPSEC Skip Seq Number: %d\n"
"IPSEC Skip ESP Trailer: %d\n"
"IPSEC Use Pattern: %d\n"
"IPSEC Enable Extended Sequence Number: %d\n"
"IPSEC DSCP Value: %d\n"
"IPSEC Don't Fragment Flag: %d\n"
"IPSEC DSCP Copy %d\n"
"IPSEC DF Copy: %d\n"
"IPSEC NSS Index: %d\n"
"IPSEC SA Index: %d\n",
nir, nir->oip.esp_spi,
nir->oip.ttl_hop_limit, nir->oip.ip_ver,
nir->data.crypto_index, nir->data.window_size,
nir->data.cipher_blk_len, nir->data.iv_len,
nir->data.nat_t_req, nir->data.esp_icv_len,
nir->data.esp_seq_skip, nir->data.esp_tail_skip,
nir->data.use_pattern, nir->data.enable_esn,
nir->data.dscp, nir->data.df,
nir->data.copy_dscp, nir->data.copy_df,
nir->index, nir->sa_idx);
/*
* Continuation of previous log. Different identifiers based on ip_ver
*/
if (nir->oip.ip_ver == NSS_IPSEC_LOG_IPV6) {
nss_trace("IPSEC Destination Address: %pI6\n"
"IPSEC Source Address: %pI6\n",
nir->oip.dst_addr, nir->oip.src_addr);
} else if (nir->oip.ip_ver == NSS_IPSEC_LOG_IPV4) {
nss_trace("IPSEC Destination Address: %pI4\n"
"IPSEC Source Address: %pI4\n",
nir->oip.dst_addr, nir->oip.src_addr);
}
}
/*
* nss_ipsec_log_configure_node_msg()
* Log NSS IPSEC configure node message.
*/
static void nss_ipsec_log_configure_node_msg(struct nss_ipsec_msg *nim)
{
struct nss_ipsec_configure_node *nicn __maybe_unused = &nim->msg.node;
nss_trace("%px: NSS IPSEC Configure Node\n"
"IPSEC DMA Redirect: %d\n"
"IPSEC DMA Lookaside: %d\n",
nicn, nicn->dma_redirect,
nicn->dma_lookaside);
}
/*
* nss_ipsec_log_verbose()
* Log message contents.
*/
static void nss_ipsec_log_verbose(struct nss_ipsec_msg *nim)
{
switch (nim->cm.type) {
case NSS_IPSEC_MSG_TYPE_ADD_RULE:
case NSS_IPSEC_MSG_TYPE_DEL_RULE:
nss_ipsec_log_rule_msg(nim);
break;
case NSS_IPSEC_MSG_TYPE_CONFIGURE_NODE:
nss_ipsec_log_configure_node_msg(nim);
break;
case NSS_IPSEC_MSG_TYPE_NONE:
case NSS_IPSEC_MSG_TYPE_FLUSH_TUN:
case NSS_IPSEC_MSG_TYPE_SYNC_SA_STATS:
case NSS_IPSEC_MSG_TYPE_SYNC_FLOW_STATS:
case NSS_IPSEC_MSG_TYPE_SYNC_NODE_STATS:
/*
* No log for these valid messages.
*/
break;
default:
nss_warning("%px: Invalid message type\n", nim);
break;
}
}
/*
* nss_ipsec_log_tx_msg()
* Log messages transmitted to FW.
*/
void nss_ipsec_log_tx_msg(struct nss_ipsec_msg *nim)
{
if (nim->cm.type >= NSS_IPSEC_MSG_TYPE_MAX) {
nss_warning("%px: Invalid message type\n", nim);
return;
}
nss_info("%px: type[%d]:%s\n", nim, nim->cm.type, nss_ipsec_log_message_types_str[nim->cm.type]);
nss_ipsec_log_verbose(nim);
}
/*
* nss_ipsec_log_rx_msg()
* Log messages received from FW.
*/
void nss_ipsec_log_rx_msg(struct nss_ipsec_msg *nim)
{
if (nim->cm.response >= NSS_CMN_RESPONSE_LAST) {
nss_warning("%px: Invalid response\n", nim);
return;
}
if (nim->cm.response == NSS_CMN_RESPONSE_NOTIFY || (nim->cm.response == NSS_CMN_RESPONSE_ACK)) {
nss_info("%px: type[%d]:%s, response[%d]:%s\n", nim, nim->cm.type,
nss_ipsec_log_message_types_str[nim->cm.type],
nim->cm.response, nss_cmn_response_str[nim->cm.response]);
goto verbose;
}
if (nim->cm.error >= NSS_IPSEC_ERROR_TYPE_MAX) {
nss_warning("%px: msg failure - type[%d]:%s, response[%d]:%s, error[%d]:Invalid error\n",
nim, nim->cm.type, nss_ipsec_log_message_types_str[nim->cm.type],
nim->cm.response, nss_cmn_response_str[nim->cm.response],
nim->cm.error);
goto verbose;
}
nss_info("%px: msg nack - type[%d]:%s, response[%d]:%s, error[%d]:%s\n",
nim, nim->cm.type, nss_ipsec_log_message_types_str[nim->cm.type],
nim->cm.response, nss_cmn_response_str[nim->cm.response],
nim->cm.error, nss_ipsec_log_error_response_types_str[nim->cm.error]);
verbose:
nss_ipsec_log_verbose(nim);
}