Beispiel #1
0
err_t ipsec_policy_sendrecv(unsigned char *buf,
			    size_t buflen)
{
  err_t ret;
  ipsec_policy_init();

  if(write(policy_query_socket, buf, buflen)
     != buflen) {
    return "write failed";
  }

  ret = ipsec_policy_readmsg(policy_query_socket,
			     buf, buflen);
  
  ipsec_policy_final();
  
  return ret;
}
Beispiel #2
0
int main(int argc, char *argv[])
{
  struct ipsec_policy_cmd_query q;
  err_t ret;
  int   c, fd = -1;
  unsigned short port;
  char  *foo;

  /* set the defaults */
  char lookup_style = 'i';
  char output_style = 's';
  
  char *plaintext   = "clear";
  char *vpntext     = "vpn";
  char *privacytext = "private";
  char *dnssectext  = "secure";

  while((c = getopt_long(argc, argv, "hVighc:v:p:s:", long_opts, 0))!=EOF) {
    switch (c) {
    default:
    case 'h':	        /* --help */
      help();
      return 0;	/* GNU coding standards say to stop here */
      
    case 'V':               /* --version */
      fprintf(stderr, "Openswan %s\n", ipsec_version_code());
      return 0;	/* GNU coding standards say to stop here */
      
    case 'i':
	    fd = 0;
	    if(isatty(0)) {
		    printf("please run this connected to a socket\n");
		    exit(1);
	    }
	    lookup_style = 'i';	    
	    break;

    case 'U':
	    port = strtol(optarg, &foo, 0);
	    if(*foo != '\0') {
		    fprintf(stderr, "invalid port number: %s\n", optarg);
		    help();
	    }
	    fd = open_udp_sock(port);
	    break;
      
    case 'T':
	    port = strtol(optarg, &foo, 0);
	    if(*foo != '\0') {
		    fprintf(stderr, "invalid port number: %s\n", optarg);
		    help();
	    }
	    fd = open_tcp_sock(port);
	    break;
      
    case 'N':
	    maxpacketcount = strtol(optarg, &foo, 0);
	    if(*foo != '\0') {
		    fprintf(stderr, "invalid packetcount number: %s\n", optarg);
		    help();
	    }
	    break;
      
    case 'P':
      lookup_style = 'P';
      break;
      
    case 'g':
      lookup_style = 'g';
      break;
      
    case 't':
      output_style = 't';
      break;

    case 'c':
      plaintext = optarg;
      break;

    case 'v':
      vpntext = optarg;
      break;

    case 'p':
      privacytext = optarg;
      break;
      
    case 's':
      dnssectext = optarg;
      break;
    }
  }
	
  if(lookup_style != 'P') {
	  if((ret = ipsec_policy_init()) != NULL) {
		  perror(ret);
		  exit(2);
	  }
  }

  switch(lookup_style) {
  case 'i':
	  if((ret = ipsec_policy_lookup(fd, &q)) != NULL) {
		  perror(ret);
		  exit(3);
	  }
	  break;
    
  case 'g':
	  if((ret = ipsec_policy_cgilookup(&q)) != NULL) {
		  perror(ret);
		  exit(3);
	  }
	  break;
	  
  case 'P':
	  udp_recv_loop(fd);
	  break;
    
  default:
	  abort();
	  break;
  }


  if(output_style == 't') {
    dump_policyreply(&q);
  } else {
    /* start by seeing if there was any crypto */
    if(q.strength < IPSEC_PRIVACY_PRIVATE) {
      /* no, so say clear */
      puts(plaintext);
      exit(0);
    }

    /* we now it is crypto, but authentic is it? */
    if(q.credential_count == 0) {
      puts(vpntext);
      exit(0);
    }

    switch(q.credentials[0].ii_format) {
    case CERT_DNS_SIGNED_KEY:
      puts(dnssectext);
      exit(0);

    case CERT_RAW_RSA:
      puts(vpntext);
      exit(0);
      
    default:
      puts(privacytext);
      exit(0);
    }
  }
  
  exit(0);
}