void
show_status(void)
{
show_kernel_interface();
show_ifaces_status();
show_myid_status();
show_debug_status();
whack_log(RC_COMMENT, BLANK_FORMAT); /* spacer */
show_virtual_private();
whack_log(RC_COMMENT, BLANK_FORMAT); /* spacer */
#ifdef KERNEL_ALG
kernel_alg_show_status();
whack_log(RC_COMMENT, BLANK_FORMAT); /* spacer */
#endif
#ifdef IKE_ALG
ike_alg_show_status();
whack_log(RC_COMMENT, BLANK_FORMAT); /* spacer */
#endif
#ifndef NO_DB_OPS_STATS
db_ops_show_status();
whack_log(RC_COMMENT, BLANK_FORMAT); /* spacer */
#endif
show_connections_status(whack_log);
whack_log(RC_COMMENT, BLANK_FORMAT); /* spacer */
show_states_status();
#ifdef KLIPS
whack_log(RC_COMMENT, BLANK_FORMAT); /* spacer */
show_shunt_status();
#endif
}
void rekeyit()
{
struct state *st = NULL;
struct pcr_kenonce *kn = &crypto_req->pcr_d.kn;
fprintf(stderr, "now pretend that the keylife timer is up, and rekey the connection\n");
show_states_status();
timer_list();
st = state_with_serialno(2);
/* capture the rekey message */
send_packet_setup_pcap("OUTPUT/rekeyikev2-I1.pcap");
if(st) {
DBG(DBG_LIFECYCLE
, openswan_log("replacing stale %s SA"
, (IS_PHASE1(st->st_state)|| IS_PHASE15(st->st_state ))? "ISAKMP" : "IPsec"));
ipsecdoi_replace(st, LEMPTY, LEMPTY, 1);
} else {
fprintf(stderr, "no state #2 found\n");
}
passert(kn->oakley_group == tc14_oakleygroup);
/* now fill in the KE values from a constant.. not calculated */
clonetowirechunk(&kn->thespace, kn->space, &kn->secret, tc14_secret,tc14_secret_len);
clonetowirechunk(&kn->thespace, kn->space, &kn->n, tc14_ni, tc14_ni_len); /* maybe change nonce for rekey? */
clonetowirechunk(&kn->thespace, kn->space, &kn->gi, tc14_gi, tc14_gi_len);
run_continuation(crypto_req);
send_packet_close();
}
void
show_status(bool all, const char *name)
{
if (all)
{
show_ifaces_status();
show_myid_status();
show_debug_status();
whack_log(RC_COMMENT, BLANK_FORMAT); /* spacer */
}
show_connections_status(all, name);
show_states_status(name);
#ifdef KLIPS
show_shunt_status();
#endif
}
/*
* this routine accepts the I3 packet, and dumps the resulting SAs
*/
void recv_pcap_I3_process(u_char *user
, const struct pcap_pkthdr *h
, const u_char *bytes)
{
struct state *st = NULL;
struct pcr_kenonce *kn = &crypto_req->pcr_d.kn;
/* create a socket for a possible whack process that is doing --up */
int fake_whack_fd = open("/dev/null", O_RDWR);
passert(fake_whack_fd != -1);
recv_pcap_packet(user, h, bytes);
fprintf(stderr, "now look at the resulting SAs produced.\n");
show_states_status();
}
/*
* this routine accepts the I3 packet, and the causes a rekey to be queued */
void recv_pcap_I3_rekey(u_char *user
, const struct pcap_pkthdr *h
, const u_char *bytes)
{
struct state *st = NULL;
struct pcr_kenonce *kn = &crypto_req->pcr_d.kn;
/* create a socket for a possible whack process that is doing --up */
int fake_whack_fd = open("/dev/null", O_RDWR);
passert(fake_whack_fd != -1);
recv_pcap_packet(user, h, bytes);
fprintf(stderr, "now pretend that the keylife timer is up, and rekey the connection\n");
show_states_status();
timer_list();
st = state_with_serialno(2);
st->st_whack_sock = fake_whack_fd;
if(st) {
DBG(DBG_LIFECYCLE
, openswan_log("replacing stale %s SA"
, (IS_PHASE1(st->st_state)|| IS_PHASE15(st->st_state ))? "ISAKMP" : "IPsec"));
ipsecdoi_replace(st, LEMPTY, LEMPTY, 1);
} else {
fprintf(stderr, "no state #2 found\n");
}
/* find new state! */
st = state_with_serialno(3);
passert(st->st_whack_sock != -1);
passert(kn->oakley_group == SS(oakleygroup));
/* now fill in the KE values from a constant.. not calculated */
clonetowirechunk(&kn->thespace, kn->space, &kn->secret, SS(secret.ptr),SS(secret.len));
clonetowirechunk(&kn->thespace, kn->space, &kn->n, SS(ni.ptr), SS(ni.len)); /* maybe change nonce for rekey? */
clonetowirechunk(&kn->thespace, kn->space, &kn->gi, SS(gi.ptr), SS(gi.len));
run_continuation(crypto_req);
}
void show_status(void)
{
show_kernel_interface();
show_ifaces_status();
show_system_security();
show_setup_plutomain();
show_myid_status();
show_debug_status();
show_setup_natt();
show_virtual_private();
kernel_alg_show_status();
ike_alg_show_status();
#ifndef NO_DB_OPS_STATS
db_ops_show_status();
#endif
show_connections_status();
show_states_status();
#ifdef KLIPS
show_shunt_status();
#endif
}
main(int argc, char *argv[]){
int len;
char *infile;
char *conn_name;
int lineno = 0;
struct connection *c1;
pcap_t *pt;
char eb1[256];
EF_PROTECT_BELOW = 1;
EF_PROTECT_FREE = 1;
EF_FREE_WIPES = 1;
progname = argv[0];
leak_detective = 1;
init_crypto();
if (argc != 4) {
fprintf(stderr,
"Usage: %s <whackrecord> <conn-name> <pcapin>\n",
progname);
exit(10);
}
/* argv[1] == "-r" */
tool_init_log();
init_fake_vendorid();
infile = argv[1];
conn_name = argv[2];
readwhackmsg(infile);
send_packet_setup_pcap("parentR1.pcap");
c1 = con_by_name(conn_name, TRUE);
show_one_connection(c1);
cur_debugging = DBG_EMITTING | DBG_CONTROL | DBG_CONTROLMORE;
pt = pcap_open_offline(argv[3], eb1);
if (!pt) {
perror(argv[3]);
exit(50);
}
pcap_dispatch(pt, 1, recv_pcap_packet, NULL);
pcap_close(pt);
/* read same packet from network again, to see what we will do */
pt = pcap_open_offline(argv[3], eb1);
if (!pt) {
perror(argv[3]);
exit(50);
}
pcap_dispatch(pt, 1, recv_pcap_packet, NULL);
pcap_close(pt);
show_states_status();
{
struct state *st;
/* find st involved */
st = state_with_serialno(1);
delete_state(st);
}
report_leaks();
tool_close_log();
exit(0);
}
