main(int argc, char *argv[])
{
int len;
char *infile;
EF_PROTECT_FREE=1;
EF_FREE_WIPES =1;
progname = argv[0];
leak_detective = 1;
if(argc > 2 ) {
fprintf(stderr, "Usage: %s <whackrecord>\n", progname);
exit(10);
}
/* argv[1] == "-r" */
tool_init_log();
infile = argv[1];
readwhackmsg(infile);
report_leaks();
tool_close_log();
exit(0);
}
main(int argc, char *argv[]){
int i;
struct db_sa *sa1 = NULL;
progname = argv[0];
leak_detective = 1;
tool_init_log();
for (i = 0; i < elemsof(oakley_sadb); i++) {
/* make sure that leak reports and EFence reports get
* placed in the right order.
*/
fflush(stdout);
fflush(stderr);
printf("\nmain mode oakley: %u\n", i);
sa_print(&oakley_sadb[i]);
sa1 = sa_copy_sa_first(&oakley_sadb[i]);
sa_print(sa1);
free_sa(sa1);
fflush(stdout);
report_leaks();
}
tool_close_log();
exit(0);
}
main(int argc, char *argv[]){
int i;
struct db_sa *gsp = NULL;
struct db_sa *sa1 = NULL;
struct db_sa *sa2 = NULL;
struct alg_info_ike *aii;
char err_buf[256]; /* ??? big enough? */
EF_PROTECT_FREE = 1;
EF_FREE_WIPES = 1;
progname = argv[0];
leak_detective = 1;
tool_init_log();
init_crypto();
aii = alg_info_ike_create_from_str("3des", err_buf, sizeof(err_buf));
gsp = oakley_alg_makedb(aii,
&oakley_sadb[POLICY_RSASIG >>
POLICY_ISAKMP_SHIFT],
FALSE);
sa_print(gsp);
sa_v2_convert(&gsp);
sa_v2_print(gsp);
tool_close_log();
free_sa(&gsp);
exit(0);
}
main(int argc, char *argv[])
{
int i;
struct db_sa *gsp = NULL;
struct db_sa *sa1 = NULL;
struct db_sa *sa2 = NULL;
struct alg_info_ike *aii;
err_t ugh;
progname = argv[0];
leak_detective=1;
tool_init_log();
init_crypto();
aii = alg_info_ike_create_from_str("3des", &ugh);
gsp = oakley_alg_makedb(aii
, &oakley_sadb[POLICY_RSASIG >> POLICY_ISAKMP_SHIFT]
, -1);
sa_print(gsp);
tool_close_log();
exit(0);
}
main(int argc, char *argv[]) {
progname = argv[0];
tool_init_log();
/* our enum names */
do_test(&connection_kind_names, 256);
do_test(&certpolicy_type_names, 256);
/* IETF registry based enum names */
do_test(&version_names, 256);
do_test(&doi_names, 256);
do_test(&ikev1_payload_names, 256);
do_test(&ikev2_payload_names, 256);
do_test(&payload_names_ikev1orv2, 256);
do_test(&ikev1_exchange_names, 256);
do_test(&ikev2_exchange_names, 256);
do_test(&exchange_names_ikev1orv2, 256);
do_test(&protocol_names, 256); /* why not ikev1_protocol_names ? */
do_test(&ikev2_protocol_names, 256);
do_test(&isakmp_transformid_names, 256);
do_test(&ah_transformid_names, 256);
do_test(&esp_transformid_names, 256);
do_test(&ipcomp_transformid_names, 256);
do_test(&oakley_attr_names, 256);
do_test(&ipsec_attr_names, 256);
do_test(&sa_lifetime_names, 256);
do_test(&oakley_lifetime_names, 256);
do_test(&oakley_auth_names, 256);
do_test(&oakley_enc_names, 256);
do_test(&oakley_hash_names, 256);
do_test(&oakley_group_names, 256);
do_test(&ikev1_notify_names, 16384);
do_test(&ikev2_notify_names, 16384);
do_test(&ikev2_ts_type_names, 256);
do_test(&enc_mode_names, 256);
do_test(&auth_alg_names, 256);
do_test(&xauth_type_names, 256);
do_test(&xauth_attr_names, 256);
do_test(&attr_msg_type_names, 256);
do_test(&ikev2_sec_proto_id_names, 256);
do_test(&ikev2_auth_names, 256);
do_test(&ikev2_trans_type_encr_names, 256);
do_test(&ikev2_trans_type_prf_names, 256);
do_test(&ikev2_trans_type_integ_names, 256);
do_test(&ikev2_trans_type_esn_names, 256);
do_test(&ikev2_trans_type_names, 256);
do_test(&ike_cert_type_names, 256);
do_test(&ikev2_cert_type_names, 256);
do_test(&modecfg_attr_names, 256);
do_test(&ike_idtype_names, 256);
do_test(&ikev2_idtype_names, 256);
report_leaks();
tool_close_log();
exit(0);
}
int main(int argc, char *argv[])
{
bool recalculate = FALSE;
int len;
err_t err = NULL;
char *infile;
char *conn_name;
int lineno=0;
struct connection *c1 = NULL;
#ifdef HAVE_EFENCE
EF_PROTECT_FREE=1;
#endif
progname = argv[0];
leak_detective = 1;
if(argc != 3 && argc!=4) {
fprintf(stderr, "Usage: %s [-r] <whackrecord> <conn-name>\n", progname);
exit(10);
}
/* skip argv0 */
argc--; argv++;
if(strcmp(argv[0], "-r")==0) {
recalculate = 1; /* do all crypto */
argc--; argv++;
}
tool_init_log();
load_oswcrypto();
init_fake_vendorid();
init_fake_secrets();
init_local_interface();
infile = argv[0];
conn_name = argv[1];
cur_debugging = DBG_CONTROL|DBG_CONTROLMORE;
if(readwhackmsg(infile) == 0) exit(11);
send_packet_setup_pcap("OUTPUT/" TESTNAME ".pcap");
c1 = con_by_name(conn_name, TRUE);
assert(c1 != NULL);
//list_public_keys(FALSE, FALSE);
assert(orient(c1, 500));
show_one_connection(c1, whack_log);
kick_adns_connection_lookup(c1, &c1->spd.that, TRUE);
report_leaks();
tool_close_log();
exit(0);
}
main(int argc, char *argv[])
{
int len;
err_t err = NULL;
char *infile;
char *conn_name;
int lineno=0;
struct starter_config *cfg = NULL;
struct starter_conn *conn = NULL;
//EF_PROTECT_FREE=1;
progname = argv[0];
leak_detective = 1;
if(argc < 4) {
fprintf(stderr, "Usage: %s <cfgrootdir> <cfgfile> <conn-name>.. \n", progname);
exit(10);
}
/* argv[1] == "-r" */
tool_init_log();
//init_fake_vendorid();
rootdir[0]='\0';
strlcat(rootdir, argv[1], sizeof(rootdir));
starter_use_log(1, 1, 1);
cfg = confread_load(argv[2], &err, FALSE, NULL,FALSE);
argv+=3;
argc-=3;
/* load all conns marked as auto=add or better */
for(conn = cfg->conns.tqh_first;
conn != NULL;
conn = conn->link.tqe_next)
{
for(; argc>0; argc--, argv++) {
conn_name = *argv;
printf("processing conn: %s\n", conn_name);
if(strcasecmp(conn->name, conn_name)==0) {
struct whack_message msg1;
if(starter_whack_build_basic_conn(cfg, &msg1, conn)==0) {
add_connection(&msg1);
}
}
}
}
confread_free(cfg);
report_leaks();
tool_close_log();
exit(0);
}
main(int argc, char *argv[])
{
int len;
char *infile;
char *conn_name;
int lineno=0;
struct connection *c1;
struct state *st;
EF_PROTECT_FREE=1;
EF_FREE_WIPES =1;
progname = argv[0];
leak_detective = 1;
if(argc != 3) {
fprintf(stderr, "Usage: %s <whackrecord> <conn-name>\n", progname);
exit(10);
}
/* argv[1] == "-r" */
tool_init_log();
init_fake_vendorid();
infile = argv[1];
conn_name = argv[2];
readwhackmsg(infile);
send_packet_setup_pcap("parentI1.pcap");
c1 = con_by_name(conn_name, TRUE);
show_one_connection(c1);
st = sendI1(c1,DBG_EMITTING|DBG_CONTROL|DBG_CONTROLMORE);
run_continuation(r);
/* now invoke the timer event to cause a re-transmission */
handle_next_timer_event();
/* clean up so that we can see any leaks */
delete_state(st);
report_leaks();
tool_close_log();
exit(0);
}
int main(int argc, char *argv[])
{
int opt = 0;
struct starter_config *cfg = NULL;
err_t err = NULL;
char *confdir = NULL;
char *configfile = NULL;
struct starter_conn *conn = NULL;
progname = argv[0];
tool_init_log();
starter_use_log(verbose, 1, verbose ? 0 : 1);
cfg = (struct starter_config *)malloc(sizeof(struct starter_config));
if (!cfg) {
fprintf(stderr, "can't allocate mem in %s\n", progname);
exit(10);
}
memset(cfg, 0, sizeof(*cfg));
/**
* Set default values
*/
ipsecconf_default_values(cfg);
conn = alloc_add_conn(cfg, "mytestconn", &err);
conn->connalias = xstrdup("anotheralias");
conn->options[KBF_DPDDELAY] = 60;
conn->options_set[KBF_DPDDELAY] = 1;
conn->policy = POLICY_ENCRYPT | POLICY_PFS | POLICY_COMPRESS;
conn->left.rsakey1 = "0sabcdabcdabcd";
conn->left.rsakey2 = "0s23489234ba28934243";
conn->left.cert = "/my/cert/file";
ttoaddr("192.168.2.102", 0, AF_INET, &conn->left.sourceip);
ttoaddr("192.168.1.101", 0, AF_INET, &conn->left.addr);
conn->left.addr_family = AF_INET;
conn->left.addrtype = KH_IPADDR;
conn->right.addrtype = KH_DEFAULTROUTE;
confwrite(cfg, stdout);
exit(0);
}
int main(int argc, char *argv[])
{
int i;
struct db_sa *sa1 = NULL;
struct db_sa *sa2 = NULL;
progname = argv[0];
leak_detective=1;
tool_init_log();
for(i=0; i < elemsof(oakley_sadb); i++) {
printf("\nmain mode oakley: %u\n", i);
sa_print(&oakley_sadb[i]);
sa1 = sa_copy_sa(&oakley_sadb[i], 0);
if(sa2 != NULL) {
free_sa(sa2);
}
sa2 = sa_copy_sa(sa1, 0);
free_sa(sa1);
printf("copy 2\n");
sa_print(sa2);
}
for(i=0; i < elemsof(oakley_am_sadb); i++) {
printf("\naggr mode oakley: %u\n", i);
sa_print(&oakley_am_sadb[i]);
sa1 = sa_copy_sa(&oakley_am_sadb[i], 0);
if(sa2 != NULL) {
free_sa(sa2);
}
sa2 = sa_copy_sa(sa1, 0);
free_sa(sa1);
printf("copy 2\n");
sa_print(sa2);
}
if(sa2 != NULL) free_sa(sa2);
report_leaks();
tool_close_log();
exit(0);
}
main(int argc, char *argv[]) {
int i;
struct db_sa *gsp = NULL;
struct db_sa *sa1 = NULL;
struct db_sa *sa2 = NULL;
struct alg_info_esp *aii;
char err_buf[100];
EF_PROTECT_FREE = 1;
EF_FREE_WIPES = 1;
EF_PROTECT_BELOW = 1;
progname = argv[0];
leak_detective = 1;
tool_init_log();
init_crypto();
{
int algo;
for (algo = 1; algo <= K_SADB_EALG_MAX; algo++)
esp_ealg[(algo)].sadb_alg_id = (algo);
}
{
int algo;
for (algo = 1; algo <= K_SADB_AALG_MAX; algo++)
esp_aalg[(algo)].sadb_alg_id = (algo);
}
esp_ealg_num = 10;
esp_aalg_num = 10;
aii = alg_info_esp_create_from_str("aes128-sha1", &err_buf, sizeof(err_buf));
gsp = kernel_alg_makedb(POLICY_ENCRYPT | POLICY_AUTHENTICATE,
aii,
TRUE);
sa_print(gsp);
gsp = sa_v2_convert(gsp);
sa_v2_print(gsp);
tool_close_log();
free_sa(gsp);
exit(0);
}
int main(int argc, char *argv[])
{
int len;
char *infile;
char *conn_name;
int lineno=0;
int regression = 0;
struct connection *c1;
struct state *st;
#ifdef HAVE_EFENCE
EF_PROTECT_FREE=1;
#endif
progname = argv[0];
leak_detective = 1;
if(argc != 3 && argc!=4) {
fprintf(stderr, "Usage: %s [-r] <whackrecord>\n", progname);
exit(10);
}
/* skip argv0 */
argc--; argv++;
if(strcmp(argv[0], "-r")==0) {
regression = 1;
argc--; argv++;
}
tool_init_log();
load_oswcrypto();
init_fake_vendorid();
init_fake_secrets();
init_local_interface();
infile = argv[0];
cur_debugging = DBG_CONTROL|DBG_CONTROLMORE;
if(readwhackmsg(infile) == 0) exit(11);
hostpair_list();
report_leaks();
tool_close_log();
exit(0);
}
int main(int argc, char *argv[])
{
int i;
struct id one;
progname = argv[0];
tool_init_log();
t1();
t2();
t3();
t4();
t5(); t6();
report_leaks();
tool_close_log();
exit(0);
}
main(int argc, char *argv[]){
int i;
struct db_sa *gsp = NULL;
struct db_sa *sa1 = NULL;
struct db_sa *sa2 = NULL;
progname = argv[0];
leak_detective = 1;
tool_init_log();
for (i = 0; i < elemsof(oakley_sadb); i++) {
gsp = sa_copy_sa(&oakley_empty, 0);
printf("\nmain mode oakley: %u\n", i);
//sa_print(&oakley_sadb[i]);
sa1 = sa_copy_sa(&oakley_sadb[i], 0);
sa2 = sa_merge_proposals(gsp, sa1);
printf("sa1:\n");
sa_print(sa1);
printf("gsp:\n");
sa_print(gsp);
printf("sa2:\n");
sa_print(sa2);
free_sa(sa1);
free_sa(sa2);
free_sa(gsp);
report_leaks();
}
tool_close_log();
exit(0);
}
int
main(int argc, char *argv[])
{
int opt = 0;
int all = 0;
int search = 0;
int typeexport = 0;
int checkconfig = 0;
int listroute=0, liststart=0;
struct starter_config *cfg = NULL;
err_t err = NULL;
char *confdir = NULL;
char *configfile = NULL;
char *varprefix = "";
int exit_status = 0;
struct starter_conn *conn = NULL;
char *defaultroute = NULL;
char *defaultnexthop = NULL;
char *ctlbase = NULL;
bool resolvip = FALSE;
#if 0
/* efence settings */
extern int EF_PROTECT_BELOW;
extern int EF_PROTECT_FREE;
EF_PROTECT_BELOW=1;
EF_PROTECT_FREE=1;
#endif
progname = argv[0];
rootdir[0]='\0';
tool_init_log();
while((opt = getopt_long(argc, argv, "", longopts, 0)) != EOF) {
switch(opt) {
case 'h':
/* usage: */
usage();
break;
case 'a':
all=1;
break;
case 'D':
verbose++;
break;
case 'W':
warningsarefatal++;
break;
case 'S':
search++;
break;
case 'T':
typeexport++;
break;
case 'K':
checkconfig++;
break;
case 'C':
configfile = clone_str(optarg, "config file name");
break;
case 'c':
ctlbase = clone_str(optarg, "control base");
break;
case 'A':
all=1;
break;
case 'r':
listroute=1;
break;
case 's':
liststart=1;
break;
case 'P':
varprefix=optarg;
break;
case 'R':
printf("setting rootdir=%s\n", optarg);
strncat(rootdir, optarg, sizeof(rootdir)-1);
break;
case 'd':
defaultroute=optarg;
break;
case 'n':
defaultnexthop=optarg;
break;
default:
usage();
}
}
/* if nothing to add, then complain */
if(optind == argc && !all && !listroute && !liststart && !search && !typeexport && !checkconfig) {
usage();
}
if(verbose > 3) {
extern int yydebug;
yydebug=1;
}
/* find config file */
confdir = getenv(IPSEC_CONFDIR_VAR);
if(confdir == NULL)
{
confdir = IPSEC_CONFDIR;
}
if(!configfile) {
configfile = alloc_bytes(strlen(confdir)+sizeof("/ipsec.conf")+2,"conf file");
/* calculate default value for configfile */
configfile[0]='\0';
strcpy(configfile, confdir);
if(configfile[strlen(configfile)-1]!='/')
{
strcat(configfile, "/");
}
strcat(configfile, "ipsec.conf");
}
if(verbose) {
printf("opening file: %s\n", configfile);
}
starter_use_log (verbose, 1, verbose ? 0 : 1);
err = NULL; /* reset to no error */
resolvip=TRUE; /* default to looking up names */
if(typeexport || checkconfig || listroute || liststart || search) {
/* but not if we have no use for them... might cause delays too! */
resolvip=FALSE;
}
cfg = confread_load(configfile, &err, resolvip, ctlbase,typeexport);
if(cfg == NULL) {
fprintf(stderr, "can not load config '%s': %s\n",
configfile, err);
exit(3);
}
else if(checkconfig) {
confread_free(cfg);
exit(0);
}
if(defaultroute) {
err_t e;
char b[ADDRTOT_BUF];
e = ttoaddr(defaultroute, strlen(defaultroute), AF_INET, &cfg->dr);
if(e) {
printf("ignoring invalid defaultroute: %s\n", e);
defaultroute = NULL;
/* exit(4); */
} else
if(verbose) {
addrtot(&cfg->dr, 0, b, sizeof(b));
printf("default route is: %s\n", b);
}
}
if(defaultnexthop) {
err_t e;
char b[ADDRTOT_BUF];
e = ttoaddr(defaultnexthop, strlen(defaultnexthop), AF_INET, &cfg->dnh);
if(e) {
printf("ignoring invalid defaultnexthop: %s\n", e);
defaultnexthop = NULL;
/* exit(4); */
} else
if(verbose) {
addrtot(&cfg->dnh, 0, b, sizeof(b));
printf("default nexthop is: %s\n", b);
}
}
if(all)
{
if(verbose) {
printf("loading all conns:");
}
/* load all conns marked as auto=add or better */
for(conn = cfg->conns.tqh_first;
conn != NULL;
conn = conn->link.tqe_next)
{
if (conn->desired_state == STARTUP_ADD
|| conn->desired_state == STARTUP_START
|| conn->desired_state == STARTUP_ROUTE) {
if(verbose) printf(" %s", conn->name);
starter_whack_add_conn(cfg, conn);
}
}
if(verbose) printf("\n");
} else if(listroute) {
if(verbose) {
printf("listing all conns marked as auto=start\n");
}
/* list all conns marked as auto=route or start or better */
for(conn = cfg->conns.tqh_first;
conn != NULL;
conn = conn->link.tqe_next)
{
if (conn->desired_state == STARTUP_START
|| conn->desired_state == STARTUP_ROUTE) {
printf("%s ", conn->name);
}
}
printf("\n");
} else if(liststart) {
/* list all conns marked as auto=start */
for(conn = cfg->conns.tqh_first;
conn != NULL;
conn = conn->link.tqe_next)
{
if (conn->desired_state == STARTUP_START) {
printf("%s ", conn->name);
}
}
printf("\n");
} else if(search) {
char *sep="";
if((argc-optind) < 2 ) {
printf("%s_confreadstatus=failed\n", varprefix);
confread_free(cfg);
exit(3);
}
printf("%s_confreadstatus=\n", varprefix);
printf("%s_confreadnames=\"",varprefix);
/* find conn names that have value set */
for(conn = cfg->conns.tqh_first;
conn != NULL;
conn = conn->link.tqe_next)
{
/* we recognize a limited set of values */
if(strcasecmp(argv[optind],"auto")==0 &&
strcasecmp(argv[optind+1],"manual")==0) {
if(conn->manualkey) {
printf("%s%s", sep, conn->name);
sep=" ";
}
}
}
printf("\"\n");
confread_free(cfg);
exit(0);
} else if(typeexport) {
struct keyword_def *kd;
printf("export %sconfreadstatus=''\n", varprefix);
for(kd=ipsec_conf_keywords_v2; kd->keyname != NULL; kd++) {
if((kd->validity & kv_config)==0) continue;
switch(kd->type) {
case kt_string:
case kt_filename:
case kt_dirname:
case kt_loose_enum:
if(cfg->setup.strings[kd->field]) {
printf("export %s%s='%s'\n",
varprefix, kd->keyname,
cfg->setup.strings[kd->field]);
}
break;
case kt_bool:
printf("export %s%s='%s'\n",
varprefix, kd->keyname,
cfg->setup.options[kd->field] ? "yes" : "no");
break;
case kt_list:
printf("export %s%s='",
varprefix, kd->keyname);
confwrite_list(stdout, "", cfg->setup.options[kd->field], kd);
printf("'\n");
break;
case kt_obsolete:
printf("# obsolete option '%s%s' ignored\n", varprefix, kd->keyname);
break;
default:
if(cfg->setup.options[kd->field] || cfg->setup.options_set[kd->field]) {
printf("export %s%s='%d'\n",
varprefix, kd->keyname,
cfg->setup.options[kd->field]);
}
break;
}
}
confread_free(cfg);
exit(0);
} else {
/* load named conns, regardless of their state */
int connum;
if(verbose) {
printf("loading named conns:");
}
for(connum = optind; connum<argc; connum++) {
char *connname = argv[connum];
if(verbose) {
printf(" %s", connname);
}
for(conn = cfg->conns.tqh_first;
conn != NULL;
conn = conn->link.tqe_next)
{
/* yes, let's make it case-insensitive */
if(strcasecmp(conn->name, connname)==0) {
if(conn->state == STATE_ADDED) {
printf("\nconn %s already added\n", conn->name);
} else if(conn->state == STATE_FAILED) {
printf("\nconn %s did not load properly\n", conn->name);
} else {
exit_status = starter_whack_add_conn(cfg, conn);
conn->state = STATE_ADDED;
}
break;
}
}
if(conn == NULL) {
/* only if we don't find it, do we now look for aliases */
for(conn = cfg->conns.tqh_first;
conn != NULL;
conn = conn->link.tqe_next)
{
if(conn->strings_set[KSF_CONNALIAS]
&& osw_alias_cmp(connname
, conn->strings[KSF_CONNALIAS])) {
if(conn->state == STATE_ADDED) {
printf("\nalias: %s conn %s already added\n", connname, conn->name);
} else if(conn->state == STATE_FAILED) {
printf("\nalias: %s conn %s did not load properly\n", connname, conn->name);
} else {
exit_status = starter_whack_add_conn(cfg, conn);
conn->state = STATE_ADDED;
}
break;
}
}
}
if(conn == NULL) {
exit_status++;
if(!verbose) {
printf("conn '%s': not found (tried aliases)\n", connname);
} else {
printf("(notfound)");
}
}
}
if(verbose) printf("\n");
}
confread_free(cfg);
exit(exit_status);
}
int main(int argc, char *argv[])
{
int opt = 0;
struct starter_config *cfg = NULL;
err_t err = NULL;
char *confdir = NULL;
char *configfile = NULL;
struct starter_conn *conn = NULL;
progname = argv[0];
rootdir[0] = '\0';
rootdir2[0] = '\0';
tool_init_log();
while ((opt = getopt_long(argc, argv, "", longopts, 0)) != EOF) {
switch (opt) {
case 'h':
/* usage: */
usage();
break;
case 'D':
verbose++;
lex_verbosity++;
break;
case 'C':
configfile = clone_str(optarg, "config file name");
break;
case 'R':
printf("#setting rootdir=%s\n", optarg);
jam_str(rootdir, sizeof(rootdir), optarg);
break;
case 'S':
printf("#setting rootdir2=%s\n", optarg);
jam_str(rootdir2, sizeof(rootdir2), optarg);
break;
case '?':
exit(5);
default:
fprintf(stderr, "%s: getopt returned %d\n", progname, opt);
exit(6);
}
}
if (optind != argc) {
fprintf(stderr,"%s: unexpected arguments\n",
progname);
exit(4);
}
/* find config file */
if (confdir == NULL)
confdir = IPSEC_CONFDIR;
if (configfile == NULL) {
/* ??? see code clone in programs/addconn/addconn.c */
configfile = alloc_bytes(strlen(confdir) +
sizeof("/ipsec.conf"),
"conf file");
/* calculate default value for configfile */
strcpy(configfile, confdir); /* safe: see allocation above */
if (configfile[0] != '\0' && configfile[strlen(configfile) - 1] != '/')
strcat(configfile, "/"); /* safe: see allocation above */
strcat(configfile, "ipsec.conf"); /* safe: see allocation above */
}
if (verbose > 3) {
yydebug = 1;
}
if (verbose)
printf("opening file: %s\n", configfile);
starter_use_log(verbose != 0, TRUE, verbose == 0);
cfg = confread_load(configfile, &err, FALSE, NULL, FALSE);
if (cfg == NULL) {
fprintf(stderr, "%s: config file \"%s\" cannot be loaded: %s\n",
progname, configfile, err);
exit(3);
}
/* load all conns marked as auto=add or better */
for (conn = cfg->conns.tqh_first;
conn != NULL;
conn = conn->link.tqe_next)
printf("#conn %s loaded\n", conn->name);
confwrite(cfg, stdout);
confread_free(cfg);
exit(0);
}
int main(int argc, char *argv[])
{
int opt = 0;
struct starter_config *cfg = NULL;
err_t err = NULL;
char *confdir = NULL;
char *configfile = NULL;
struct starter_conn *conn = NULL;
progname = argv[0];
rootdir[0] = '\0';
tool_init_log();
while ((opt = getopt_long(argc, argv, "", longopts, 0)) != EOF) {
switch (opt) {
case 'h':
//usage:
usage();
break;
case 'D':
verbose++;
break;
case 'W':
warningsarefatal++;
break;
case 'C':
configfile = clone_str(optarg, "config file name");
break;
case 'R':
printf("#setting rootdir=%s\n", optarg);
strncat(rootdir, optarg, sizeof(rootdir));
break;
case 'S':
printf("#setting rootdir2=%s\n", optarg);
strncat(rootdir2, optarg, sizeof(rootdir2));
break;
}
}
/* find config file */
if (confdir == NULL)
confdir = IPSEC_CONFDIR;
if (!configfile) {
configfile = alloc_bytes(strlen(
confdir) +
sizeof("/ipsec.conf") + 2,
"conf file");
/* calculate default value for configfile */
configfile[0] = '\0';
strcpy(configfile, confdir);
if (configfile[strlen(configfile) - 1] != '/')
strcat(configfile, "/");
strcat(configfile, "ipsec.conf");
}
if (verbose)
printf("opening file: %s\n", configfile);
starter_use_log(verbose, 1, verbose ? 0 : 1);
cfg = confread_load(configfile, &err, NULL);
if (!cfg) {
printf("config file: %s can not be loaded: %s\n", configfile,
err);
exit(3);
}
/* load all conns marked as auto=add or better */
for (conn = cfg->conns.tqh_first;
conn != NULL;
conn = conn->link.tqe_next) {
/* basic case, nothing special to synthize! */
if (!conn->left.strings_set[KSCF_SUBNETS] &&
!conn->right.strings_set[KSCF_SUBNETS])
continue;
starter_permutate_conns(starter_print_connname,
cfg, conn);
}
exit(0);
}
int main(int argc UNUSED, char *argv[])
{
tool_init_log(argv[0]);
/*
* Need to ensure that NSS is initialized before calling
* ike_alg_init(). Some sanity checks require a working NSS.
*/
lsw_nss_buf_t err;
if (!lsw_nss_setup(NULL, 0, NULL, err)) {
fprintf(stderr, "unexpected %s\n", err);
exit(1);
}
ike_alg_init();
/* esp= */
fprintf(stdout, "\n---- ESP tests that should succeed ----\n");
do_test("aes_gcm_a-128-null", PROTO_IPSEC_ESP);
do_test("3des-sha1;modp1024", PROTO_IPSEC_ESP);
do_test("3des-sha1;modp1536", PROTO_IPSEC_ESP);
do_test("3des-sha1;modp2048", PROTO_IPSEC_ESP);
do_test("3des-sha1;dh22", PROTO_IPSEC_ESP);
do_test("3des-sha1;dh23", PROTO_IPSEC_ESP);
do_test("3des-sha1;dh24", PROTO_IPSEC_ESP);
do_test("3des-sha1", PROTO_IPSEC_ESP);
do_test("null-sha1", PROTO_IPSEC_ESP);
do_test("aes", PROTO_IPSEC_ESP);
do_test("aes_cbc", PROTO_IPSEC_ESP);
do_test("aes-sha", PROTO_IPSEC_ESP);
do_test("aes-sha1", PROTO_IPSEC_ESP);
do_test("aes-sha2", PROTO_IPSEC_ESP);
do_test("aes-sha256", PROTO_IPSEC_ESP);
do_test("aes-sha384", PROTO_IPSEC_ESP);
do_test("aes-sha512", PROTO_IPSEC_ESP);
do_test("aes128-sha1", PROTO_IPSEC_ESP);
do_test("aes128-aes_xcbc", PROTO_IPSEC_ESP);
do_test("aes192-sha1", PROTO_IPSEC_ESP);
do_test("aes256-sha1", PROTO_IPSEC_ESP);
do_test("aes256-sha", PROTO_IPSEC_ESP);
do_test("aes256-sha2", PROTO_IPSEC_ESP);
do_test("aes256-sha2_256", PROTO_IPSEC_ESP);
do_test("aes256-sha2_384", PROTO_IPSEC_ESP);
do_test("aes256-sha2_512", PROTO_IPSEC_ESP);
do_test("camellia", PROTO_IPSEC_ESP);
do_test("camellia128", PROTO_IPSEC_ESP);
do_test("camellia192", PROTO_IPSEC_ESP);
do_test("camellia256", PROTO_IPSEC_ESP);
do_test("aes_ccm_a-128-null", PROTO_IPSEC_ESP);
do_test("aes_ccm_a-192-null", PROTO_IPSEC_ESP);
do_test("aes_ccm_a-256-null", PROTO_IPSEC_ESP);
do_test("aes_ccm_b-128-null", PROTO_IPSEC_ESP);
do_test("aes_ccm_b-192-null", PROTO_IPSEC_ESP);
do_test("aes_ccm_b-256-null", PROTO_IPSEC_ESP);
do_test("aes_ccm_c-128-null", PROTO_IPSEC_ESP);
do_test("aes_ccm_c-192-null", PROTO_IPSEC_ESP);
do_test("aes_ccm_c-256-null", PROTO_IPSEC_ESP);
do_test("aes_gcm_a-128-null", PROTO_IPSEC_ESP);
do_test("aes_gcm_a-192-null", PROTO_IPSEC_ESP);
do_test("aes_gcm_a-256-null", PROTO_IPSEC_ESP);
do_test("aes_gcm_b-128-null", PROTO_IPSEC_ESP);
do_test("aes_gcm_b-192-null", PROTO_IPSEC_ESP);
do_test("aes_gcm_b-256-null", PROTO_IPSEC_ESP);
do_test("aes_gcm_c-128-null", PROTO_IPSEC_ESP);
do_test("aes_gcm_c-192-null", PROTO_IPSEC_ESP);
do_test("aes_gcm_c-256-null", PROTO_IPSEC_ESP);
do_test("aes_ccm-null", PROTO_IPSEC_ESP);
do_test("aes_gcm-null", PROTO_IPSEC_ESP);
do_test("aes_ccm-256-null", PROTO_IPSEC_ESP);
do_test("aes_gcm-192-null", PROTO_IPSEC_ESP);
#if 0
/* these are caught using "aliasing" and rewritten to the above syntax */
do_test("aes_ccm_8-128-null", PROTO_IPSEC_ESP);
do_test("aes_ccm_8-192-null", PROTO_IPSEC_ESP);
do_test("aes_ccm_8-256-null", PROTO_IPSEC_ESP);
do_test("aes_ccm_12-128-null", PROTO_IPSEC_ESP);
do_test("aes_ccm_12-192-null", PROTO_IPSEC_ESP);
do_test("aes_ccm_12-256-null", PROTO_IPSEC_ESP);
do_test("aes_ccm_16-128-null", PROTO_IPSEC_ESP);
do_test("aes_ccm_16-192-null", PROTO_IPSEC_ESP);
do_test("aes_ccm_16-256-null", PROTO_IPSEC_ESP);
do_test("aes_gcm_8-128-null", PROTO_IPSEC_ESP);
do_test("aes_gcm_8-192-null", PROTO_IPSEC_ESP);
do_test("aes_gcm_8-256-null", PROTO_IPSEC_ESP);
do_test("aes_gcm_12-128-null", PROTO_IPSEC_ESP);
do_test("aes_gcm_12-192-null", PROTO_IPSEC_ESP);
do_test("aes_gcm_12-256-null", PROTO_IPSEC_ESP);
do_test("aes_gcm_16-128-null", PROTO_IPSEC_ESP);
do_test("aes_gcm_16-192-null", PROTO_IPSEC_ESP);
do_test("aes_gcm_16-256-null", PROTO_IPSEC_ESP);
#endif
/* other */
do_test("aes_ctr", PROTO_IPSEC_ESP);
do_test("aesctr", PROTO_IPSEC_ESP);
do_test("aes_ctr128", PROTO_IPSEC_ESP);
do_test("aes_ctr192", PROTO_IPSEC_ESP);
do_test("aes_ctr256", PROTO_IPSEC_ESP);
do_test("serpent", PROTO_IPSEC_ESP);
do_test("twofish", PROTO_IPSEC_ESP);
do_test("mars", PROTO_IPSEC_ESP);
/*
* should this be supported - for now man page says not
* do_test("modp1536", PROTO_IPSEC_ESP);
*/
fprintf(stdout, "\n---- ESP tests that should fail----\n");
do_test("3des168-sha1", PROTO_IPSEC_ESP); /* should get rejected */
do_test("3des-null", PROTO_IPSEC_ESP); /* should get rejected */
do_test("aes128-null", PROTO_IPSEC_ESP); /* should get rejected */
do_test("aes224-sha1", PROTO_IPSEC_ESP); /* should get rejected */
do_test("aes512-sha1", PROTO_IPSEC_ESP); /* should get rejected */
do_test("aes-sha1555", PROTO_IPSEC_ESP); /* should get rejected */
do_test("camellia666-sha1", PROTO_IPSEC_ESP); /* should get rejected */
do_test("blowfish", PROTO_IPSEC_ESP); /* obsoleted */
do_test("des-sha1", PROTO_IPSEC_ESP); /* obsoleted */
do_test("aes_ctr666", PROTO_IPSEC_ESP); /* bad key size */
do_test("aes128-sha2_128", PROTO_IPSEC_ESP); /* _128 does not exist */
do_test("aes256-sha2_256-4096", PROTO_IPSEC_ESP); /* double keysize */
do_test("aes256-sha2_256-128", PROTO_IPSEC_ESP); /* now what?? */
do_test("vanitycipher", PROTO_IPSEC_ESP);
do_test("ase-sah", PROTO_IPSEC_ESP); /* should get rejected */
do_test("aes-sah1", PROTO_IPSEC_ESP); /* should get rejected */
do_test("id3", PROTO_IPSEC_ESP); /* should be rejected; idXXX removed */
do_test("aes-id3", PROTO_IPSEC_ESP); /* should be rejected; idXXX removed */
do_test("aes_gcm-md5", PROTO_IPSEC_ESP); /* AEAD must have auth null */
/* ah= */
fprintf(stdout, "\n---- AH tests that should succeed ----\n");
do_test("md5", PROTO_IPSEC_AH);
do_test("sha", PROTO_IPSEC_AH);
do_test("sha1", PROTO_IPSEC_AH);
do_test("sha2", PROTO_IPSEC_AH);
do_test("sha256", PROTO_IPSEC_AH);
do_test("sha384", PROTO_IPSEC_AH);
do_test("sha512", PROTO_IPSEC_AH);
do_test("sha2_256", PROTO_IPSEC_AH);
do_test("sha2_384", PROTO_IPSEC_AH);
do_test("sha2_512", PROTO_IPSEC_AH);
do_test("aes_xcbc", PROTO_IPSEC_AH);
do_test("ripemd", PROTO_IPSEC_AH);
fprintf(stdout, "\n---- AH tests that should fail ----\n");
do_test("aes-sha1", PROTO_IPSEC_AH);
do_test("vanityhash1", PROTO_IPSEC_AH);
do_test("aes_gcm_c-256", PROTO_IPSEC_AH);
do_test("id3", PROTO_IPSEC_AH); /* should be rejected; idXXX removed */
do_test("3des", PROTO_IPSEC_AH);
do_test("null", PROTO_IPSEC_AH);
do_test("aes_gcm", PROTO_IPSEC_AH);
do_test("aes_ccm", PROTO_IPSEC_AH);
/* ike= */
fprintf(stdout, "\n---- IKE tests that should succeed ----\n");
do_test("3des-sha1", PROTO_ISAKMP);
fprintf(stdout, "\n---- IKE tests that should fail ----\n");
do_test("id2", PROTO_ISAKMP); /* should be rejected; idXXX removed */
do_test("3des-id2", PROTO_ISAKMP); /* should be rejected; idXXX removed */
fflush(NULL);
report_leaks();
lsw_nss_shutdown();
tool_close_log();
exit(0);
}
main(int argc, char *argv[]) {
int len;
char *infile;
char *conn_name;
int lineno = 0;
struct connection *c1;
pcap_t *pt;
char eb1[256];
EF_PROTECT_BELOW = 1;
EF_PROTECT_FREE = 1;
EF_FREE_WIPES = 1;
progname = argv[0];
leak_detective = 1;
init_crypto();
if (argc != 4) {
fprintf(stderr,
"Usage: %s <whackrecord> <conn-name> <pcapin>\n",
progname);
exit(10);
}
/* argv[1] == "-r" */
tool_init_log();
init_fake_vendorid();
infile = argv[1];
conn_name = argv[2];
readwhackmsg(infile);
send_packet_setup_pcap("parentR1.pcap");
c1 = con_by_name(conn_name, TRUE);
show_one_connection(c1);
pt = pcap_open_offline(argv[3], eb1);
if (!pt) {
perror(argv[3]);
exit(50);
}
cur_debugging = DBG_EMITTING | DBG_CONTROL | DBG_CONTROLMORE;
pcap_dispatch(pt, 1, recv_pcap_packet, NULL);
{
struct state *st;
/* find st involved */
st = state_with_serialno(1);
delete_state(st);
}
report_leaks();
tool_close_log();
exit(0);
}
main(int argc, char *argv[]){
int len;
char *infile;
char *conn_name;
int lineno = 0;
struct connection *c1;
pcap_t *pt;
char eb1[256];
struct state *st;
EF_PROTECT_FREE = 1;
EF_FREE_WIPES = 1;
progname = argv[0];
printf("Started %s\n", progname);
leak_detective = 1;
pluto_shared_secrets_file =
"../../../baseconfigs/west/etc/ipsec.secrets";
lsw_init_ipsecdir("../../../baseconfigs/west/etc/ipsec.d");
lsw_init_rootdir("../../../baseconfigs/west");
init_crypto();
init_seam_kernelalgs();
load_authcerts("CA cert",
"../../../baseconfigs/west/etc/ipsec.d/cacerts",
AUTH_CA);
if (argc != 4) {
fprintf(stderr,
"Usage: %s <whackrecord> <conn-name> <pcapin>\n",
progname);
exit(10);
}
/* argv[1] == "-r" */
tool_init_log();
init_fake_vendorid();
infile = argv[1];
conn_name = argv[2];
load_preshared_secrets(NULL_FD);
readwhackmsg(infile);
send_packet_setup_pcap("parentI2x509.pcap");
pt = pcap_open_offline(argv[3], eb1);
if (!pt) {
perror(argv[3]);
exit(50);
}
c1 = con_by_name(conn_name, TRUE);
show_one_connection(c1);
/* now, send the I1 packet, really just so that we are in the right
* state to receive the R1 packet and process it.
*/
st = sendI1(c1, 0);
cur_debugging = DBG_EMITTING | DBG_CONTROL | DBG_CONTROLMORE |
DBG_PARSING | DBG_PRIVATE | DBG_CRYPT;
pcap_dispatch(pt, 1, recv_pcap_packet1, NULL);
{
struct state *st;
/* find st involved */
st = state_with_serialno(1);
delete_state(st);
/* find st involved */
st = state_with_serialno(2);
if (st)
delete_state(st);
}
report_leaks();
tool_close_log();
exit(0);
}
int main(int argc, char *argv[])
{
err_t err = NULL;
struct addrinfo hints, *result1, *result2;
unsigned char buffer1[1024];
unsigned int buffer1_len = sizeof(buffer1);
unsigned int serial_size;
int i,s;
#ifdef HAVE_EFENCE
EF_PROTECT_FREE=1;
#endif
initproctitle(argc, argv);
progname = argv[0];
leak_detective = 1;
tool_init_log();
cur_debugging |= DBG_DNS;
zero(&hints);
hints.ai_family = AF_UNSPEC; /* Allow IPv4 or IPv6 */
hints.ai_socktype = SOCK_DGRAM; /* Datagram socket */
hints.ai_flags = AI_PASSIVE; /* For wildcard IP address */
hints.ai_protocol = 0; /* Any protocol */
hints.ai_canonname = NULL;
hints.ai_addr = NULL;
hints.ai_next = NULL;
if(argc==1) {
printf("usage: %s [name]...\n", progname);
exit(10);
}
for(i=1; i < argc; i++) {
DBG_log("looking up: %s\n", argv[i]);
s = getaddrinfo(argv[i], NULL, &hints, &result1);
if(s!=0) {
printf("lookup: %s a/aaaa lookup error: %s\n"
, argv[i], gai_strerror(s));
continue;
}
/* sort things so they come out consistently */
result1 = sort_addr_info(result1);
dump_addr_info(result1);
/* now serialize it into the buffer */
serial_size = serialize_addr_info(result1, buffer1, buffer1_len);
freeaddrinfo(result1);
DBG_log("serialized size=%u\n", serial_size);
result2 = deserialize_addr_info(buffer1, serial_size);
dump_addr_info(result2);
osw_freeaddrinfo(result2);
}
report_leaks();
tool_close_log();
exit(0);
}
int
main(int argc, char *argv[])
{
struct ifreq ifr;
struct ipsectunnelconf shc;
int s;
int c;
int argcount = argc;
int createdelete = 0;
char virtname[64];
struct stat sts;
memset(&ifr, 0, sizeof(ifr));
memset(&shc, 0, sizeof(shc));
virtname[0]='\0';
progname = argv[0];
tool_init_log();
while((c = getopt_long_only(argc, argv, ""/*"adchvV:P:l:+:"*/, longopts, 0)) != EOF) {
switch(c) {
case 'g':
debug = 1;
argcount--;
break;
case 'a':
check_conflict(shc.cf_cmd, createdelete);
shc.cf_cmd = IPSEC_SET_DEV;
break;
case 'd':
check_conflict(shc.cf_cmd, createdelete);
shc.cf_cmd = IPSEC_DEL_DEV;
break;
case 'c':
check_conflict(shc.cf_cmd, createdelete);
shc.cf_cmd = IPSEC_CLR_DEV;
break;
case 'h':
usage(progname);
break;
case 'v':
if(optarg) {
fprintf(stderr, "%s: warning; '-v' and '--version' options don't expect arguments, arg '%s' found, perhaps unintended.\n",
progname, optarg);
}
fprintf(stdout, "%s, use ipsec --version instead\n", progname);
exit(1);
break;
case 'C':
check_conflict(shc.cf_cmd, createdelete);
createdelete = SADB_X_PLUMBIF;
strncat(virtname, optarg, sizeof(virtname)-1);
break;
case 'D':
check_conflict(shc.cf_cmd, createdelete);
createdelete = SADB_X_UNPLUMBIF;
strncat(virtname, optarg, sizeof(virtname)-1);
break;
case 'V':
strncpy(ifr.ifr_name, optarg, sizeof(ifr.ifr_name));
break;
case 'P':
strncpy(shc.cf_name, optarg, sizeof(shc.cf_name));
break;
case 'l':
progname = malloc(strlen(argv[0])
+ 10 /* update this when changing the sprintf() */
+ strlen(optarg));
sprintf(progname, "%s --label %s",
argv[0],
optarg);
argcount -= 2;
break;
case '+': /* optionsfrom */
optionsfrom(optarg, &argc, &argv, optind, stderr);
/* no return on error */
break;
default:
usage(progname);
break;
}
}
if ( ((stat ("/proc/net/pfkey", &sts)) == 0) ) {
fprintf(stderr, "%s: NETKEY does not support virtual interfaces.\n",progname);
exit(1);
}
if(argcount == 1) {
int ret = 1;
if ((stat ("/proc/net/ipsec_tncfg", &sts)) != 0) {
fprintf(stderr, "%s: No tncfg - no IPsec support in kernel (are the modules loaded?)\n", progname);
} else {
ret = system("cat /proc/net/ipsec_tncfg");
ret = ret != -1 && WIFEXITED(ret) ? WEXITSTATUS(ret) : 1;
}
exit(ret);
}
/* overlay our struct ipsectunnel onto ifr.ifr_ifru union (hope it fits!) */
if (sizeof(ifr.ifr_ifru) < sizeof(shc)) {
fprintf(stderr, "%s: Internal error: struct ipsectunnelconf won't fit inside struct ifreq\n",
progname);
exit(1);
}
memcpy(&ifr.ifr_ifru.ifru_newname, &shc, sizeof(shc));
/* are we creating/deleting a virtual (mastXXX/ipsecXXX) interface? */
if(createdelete) {
exit(createdelete_virtual(createdelete, virtname));
}
switch(shc.cf_cmd) {
case IPSEC_SET_DEV:
if(!shc.cf_name[0]) {
fprintf(stderr, "%s: physical I/F parameter missing.\n",
progname);
exit(1);
}
case IPSEC_DEL_DEV:
if(!ifr.ifr_name[0]) {
fprintf(stderr, "%s: virtual I/F parameter missing.\n",
progname);
exit(1);
}
break;
case IPSEC_CLR_DEV:
strncpy(ifr.ifr_name, "ipsec0", sizeof(ifr.ifr_name));
break;
default:
fprintf(stderr, "%s: exactly one of '--attach', '--detach' or '--clear' options must be specified.\n"
"Try %s --help' for usage information.\n",
progname, progname);
exit(1);
}
s=safe_socket(AF_INET, SOCK_DGRAM,0);
if(s==-1)
{
fprintf(stderr, "%s: Socket creation failed -- ", progname);
switch(errno)
{
case EACCES:
if(getuid()==0)
fprintf(stderr, "Root denied permission!?!\n");
else
fprintf(stderr, "Run as root user.\n");
break;
case EPROTONOSUPPORT:
fprintf(stderr, "Internet Protocol not enabled");
break;
case EMFILE:
case ENFILE:
case ENOBUFS:
fprintf(stderr, "Insufficient system resources.\n");
break;
case ENODEV:
fprintf(stderr, "No such device. Is the virtual device valid? Is the ipsec module linked into the kernel or loaded as a module?\n");
break;
default:
fprintf(stderr, "Unknown socket error %d.\n", errno);
}
exit(1);
}
if(ioctl(s, shc.cf_cmd, &ifr)==-1)
{
switch (shc.cf_cmd)
{
case IPSEC_SET_DEV:
fprintf(stderr, "%s: Socket ioctl failed on attach -- ", progname);
switch(errno)
{
case EINVAL:
fprintf(stderr, "Invalid argument, check kernel log messages for specifics.\n");
break;
case ENODEV:
fprintf(stderr, "No such device. Is the virtual device valid? Is the ipsec module linked into the kernel or loaded as a module?\n");
break;
case ENXIO:
fprintf(stderr, "No such device. Is the physical device valid?\n");
break;
case EBUSY:
fprintf(stderr, "Device busy. Virtual device %s is already attached to a physical device -- Use detach first.\n",
ifr.ifr_name);
break;
default:
fprintf(stderr, "Unknown socket error %d.\n", errno);
}
exit(1);
case IPSEC_DEL_DEV:
fprintf(stderr, "%s: Socket ioctl failed on detach -- ", progname);
switch(errno)
{
case EINVAL:
fprintf(stderr, "Invalid argument, check kernel log messages for specifics.\n");
break;
case ENODEV:
fprintf(stderr, "No such device. Is the virtual device valid? The ipsec module may not be linked into the kernel or loaded as a module.\n");
break;
case ENXIO:
fprintf(stderr, "Device requested is not linked to any physical device.\n");
break;
default:
fprintf(stderr, "Unknown socket error %d.\n", errno);
}
exit(1);
case IPSEC_CLR_DEV:
fprintf(stderr, "%s: Socket ioctl failed on clear -- ", progname);
switch(errno)
{
case EINVAL:
fprintf(stderr, "Invalid argument, check kernel log messages for specifics.\n");
break;
case ENODEV:
fprintf(stderr, "Failed. Is the ipsec module linked into the kernel or loaded as a module?.\n");
break;
default:
fprintf(stderr, "Unknown socket error %d.\n", errno);
}
exit(1);
default:
fprintf(stderr, "%s: Socket ioctl failed on unknown operation %u -- %s", progname, (unsigned) shc.cf_cmd, strerror(errno));
exit(1);
}
}
exit(0);
}
int
main(int argc, char *argv[])
{
int opt = 0;
int textout = 1;
int whackout = 0; /* if true, write whack messages */
char *whackfile = NULL;
struct starter_config *cfg = NULL;
err_t err = NULL;
char *confdir = NULL;
char *configfile = NULL;
struct starter_conn *conn = NULL;
progname = argv[0];
rootdir[0]='\0';
tool_init_log();
while((opt = getopt_long(argc, argv, "", longopts, 0)) != EOF) {
switch(opt) {
case 'h':
/* usage: */
usage();
break;
case 'T':
textout = 1;
break;
case 'w':
whackfile = clone_str(optarg, "output file name");
whackout = 1;
textout = 0;
break;
case 'D':
verbose++;
break;
case 'W':
warningsarefatal++;
break;
case 'C':
configfile = clone_str(optarg, "config file name");
break;
case 'R':
if(verbose) printf("#setting rootdir=%s\n", optarg);
strlcat(rootdir, optarg, sizeof(rootdir));
break;
case 'S':
if(verbose) printf("#setting rootdir2=%s\n", optarg);
rootdir2[0]='\0';
strlcat(rootdir2, optarg, sizeof(rootdir2));
break;
}
}
/* find config file */
confdir = getenv(IPSEC_CONFDIR_VAR);
if(confdir == NULL)
{
confdir = IPSEC_CONFDIR;
}
if(!configfile) {
configfile = alloc_bytes(strlen(confdir)+sizeof("/ipsec.conf")+2,"conf file");
/* calculate default value for configfile */
configfile[0]='\0';
strcpy(configfile, confdir);
if(configfile[strlen(configfile)-1]!='/')
{
strcat(configfile, "/");
}
strcat(configfile, "ipsec.conf");
}
if(verbose > 3) {
extern int yydebug;
yydebug=1;
}
if(verbose) {
printf("opening file: %s\n", configfile);
}
starter_use_log (verbose, 1, verbose ? 0 : 1);
cfg = confread_load(configfile, &err, FALSE, NULL,FALSE);
if(!cfg) {
printf("config file: %s can not be loaded: %s\n", configfile, err);
exit(3);
}
if(textout) {
/* load all conns marked as auto=add or better */
for(conn = cfg->conns.tqh_first;
conn != NULL;
conn = conn->link.tqe_next)
{
printf("#conn %s loaded\n", conn->name);
}
confwrite(cfg, stdout);
}
if(whackout && whackfile!=NULL) {
if(!openwhackrecordfile(whackfile)) {
perror(whackfile);
exit(5);
}
/* use file writer above */
cfg->send_whack_msg = send_whack_msg_to_file;
/* load all conns marked as auto=add or better, and save them. */
argv+=optind;
argc-=optind;
for(; argc>0; argc--, argv++) {
char *conn_name = *argv;
for(conn = cfg->conns.tqh_first;
conn != NULL;
conn = conn->link.tqe_next)
{
if(verbose) {
printf("processing conn: %s vs %s\n", conn_name, conn->name);
}
if(strcasecmp(conn->name, conn_name)==0) {
if(starter_whack_add_conn(cfg, conn) != 0) {
fprintf(stderr, "failed to load conn: %s\n", conn_name);
}
}
}
}
}
confread_free(cfg);
exit(0);
}
main(int argc, char *argv[])
{
int len;
char *infile;
char *conn_name;
int lineno=0;
int regression = 0;
struct connection *c1;
struct state *st;
#ifdef HAVE_EFENCE
EF_PROTECT_FREE=1;
#endif
progname = argv[0];
leak_detective = 1;
/* skip argv0 */
argc--; argv++;
if(strcmp(argv[0], "-r")==0) {
regression = 1;
argc--; argv++;
}
if(argc != 4) {
fprintf(stderr, "Usage: %s [-r] <whackrecord> <conn-name> <pcapfile> <pcapout>\n", progname);
exit(10);
}
tool_init_log();
init_crypto();
load_oswcrypto();
init_fake_vendorid();
init_parker_interface();
infile = argv[0];
conn_name = argv[1];
cur_debugging = DBG_CONTROL|DBG_CONTROLMORE;
if(readwhackmsg(infile) == 0) exit(10);
/* input packets */
recv_pcap_setup(argv[2]);
/* output first packets to /dev/null */
send_packet_setup_pcap("/dev/null");
c1 = con_by_name(conn_name, TRUE);
assert(c1 != NULL);
assert(orient(c1, 500));
show_one_connection(c1);
st = sendI1(c1, DBG_CONTROL, regression == 0);
/* now accept the reply packet */
cur_debugging = DBG_CONTROL|DBG_PARSING;
/* now output interesting packet to capture file */
send_packet_setup_pcap(argv[3]);
pcap_dispatch(pt, 1, recv_pcap_packet, NULL);
pcap_close(pt);
recv_pcap_setup(argv[2]);
pcap_dispatch(pt, 1, recv_pcap_packet, NULL);
/* dump the delete message that comes out */
send_packet_setup_pcap("/dev/null");
delete_connection(c1, TRUE);
st = state_with_serialno(1);
if(st!=NULL) {
free_state(st);
}
report_leaks();
tool_close_log();
exit(0);
}
int main(int argc, char *argv[])
{
int opt = 0;
int autoall = 0;
int configsetup = 0;
int checkconfig = 0;
char *export = "export"; /* display export before the foo=bar or not */
int listroute = 0, liststart = 0, listignore = 0, listadd = 0,
listall = 0, dolist = 0, liststack = 0;
struct starter_config *cfg = NULL;
err_t err = NULL;
char *confdir = NULL;
char *configfile = NULL;
char *varprefix = "";
int exit_status = 0;
struct starter_conn *conn = NULL;
char *ctlbase = NULL;
bool resolvip = TRUE; /* default to looking up names */
#if 0
/* efence settings */
extern int EF_PROTECT_BELOW;
extern int EF_PROTECT_FREE;
EF_PROTECT_BELOW = 1;
EF_PROTECT_FREE = 1;
#endif
progname = argv[0];
rootdir[0] = '\0';
tool_init_log();
while ((opt = getopt_long(argc, argv, "", longopts, 0)) != EOF) {
switch (opt) {
case 'h':
/* usage: */
usage();
break;
case 'a':
autoall = 1;
break;
case 'D':
verbose++;
lex_verbosity++;
break;
case 'T':
configsetup++;
break;
case 'K':
checkconfig++;
break;
case 'N':
export = "";
break;
case 'C':
configfile = clone_str(optarg, "config file name");
break;
case 'c':
ctlbase = clone_str(optarg, "control base");
break;
case 'L':
listadd = 1;
dolist = 1;
break;
case 'r':
listroute = 1;
dolist = 1;
break;
case 's':
liststart = 1;
dolist = 1;
break;
case 'S':
liststack = 1;
dolist = 1;
break;
case 'i':
listignore = 1;
dolist = 1;
break;
case 'A':
listall = 1;
dolist = 1;
break;
case 'P':
varprefix = optarg;
break;
case 'R':
printf("setting rootdir=%s\n", optarg);
jam_str(rootdir, sizeof(rootdir), optarg);
break;
case 'd':
case 'n':
printf("Warning: options --defaultroute and --defaultroutenexthop are obsolete and were ignored\n");
break;
default:
usage();
}
}
/* if nothing to add, then complain */
if (optind == argc && !autoall && !dolist && !configsetup &&
!checkconfig)
usage();
if (verbose > 3) {
yydebug = 1;
}
/* find config file */
if (confdir == NULL)
confdir = IPSEC_CONFDIR;
if (configfile == NULL) {
/* ??? see code clone in programs/readwriteconf/readwriteconf.c */
configfile = alloc_bytes(strlen(confdir) +
sizeof("/ipsec.conf"),
"conf file");
/* calculate default value for configfile */
strcpy(configfile, confdir); /* safe: see allocation above */
if (configfile[0] != '\0' && configfile[strlen(configfile) - 1] != '/')
strcat(configfile, "/"); /* safe: see allocation above */
strcat(configfile, "ipsec.conf"); /* safe: see allocation above */
}
if (verbose)
printf("opening file: %s\n", configfile);
starter_use_log(verbose != 0, TRUE, verbose == 0);
err = NULL; /* reset to no error */
if (configsetup || checkconfig || dolist) {
/* skip if we have no use for them... causes delays */
resolvip = FALSE;
}
cfg = confread_load(configfile, &err, resolvip, ctlbase, configsetup);
if (cfg == NULL) {
fprintf(stderr, "cannot load config '%s': %s\n",
configfile, err);
exit(3);
} else if (checkconfig) {
confread_free(cfg);
exit(0);
}
if (autoall) {
if (verbose)
printf("loading all conns according to their auto= settings\n");
/*
* Load all conns marked as auto=add or better.
* First, do the auto=route and auto=add conns to quickly
* get routes in place, then do auto=start as these can be
* slower.
* This mimics behaviour of the old _plutoload
*/
if (verbose)
printf(" Pass #1: Loading auto=add, auto=route and auto=start connections\n");
for (conn = cfg->conns.tqh_first;
conn != NULL;
conn = conn->link.tqe_next) {
if (conn->desired_state == STARTUP_ADD ||
conn->desired_state == STARTUP_ONDEMAND ||
conn->desired_state == STARTUP_START) {
if (verbose)
printf(" %s", conn->name);
starter_whack_add_conn(cfg, conn);
}
}
/*
* We loaded all connections. Now tell pluto to listen,
* then route the conns and resolve default route.
*/
starter_whack_listen(cfg);
if (verbose)
printf(" Pass #2: Routing auto=route and auto=start connections\n");
for (conn = cfg->conns.tqh_first;
conn != NULL;
conn = conn->link.tqe_next) {
if (conn->desired_state == STARTUP_ADD ||
conn->desired_state == STARTUP_ONDEMAND ||
conn->desired_state == STARTUP_START) {
if (verbose)
printf(" %s", conn->name);
resolve_defaultroute(conn);
if (conn->desired_state == STARTUP_ONDEMAND ||
conn->desired_state == STARTUP_START) {
starter_whack_route_conn(cfg, conn);
}
}
}
if (verbose)
printf(" Pass #3: Initiating auto=start connections\n");
for (conn = cfg->conns.tqh_first;
conn != NULL;
conn = conn->link.tqe_next) {
if (conn->desired_state == STARTUP_START) {
if (verbose)
printf(" %s", conn->name);
starter_whack_initiate_conn(cfg, conn);
}
}
if (verbose)
printf("\n");
} else {
/* load named conns, regardless of their state */
int connum;
if (verbose)
printf("loading named conns:");
for (connum = optind; connum < argc; connum++) {
char *connname = argv[connum];
if (verbose)
printf(" %s", connname);
for (conn = cfg->conns.tqh_first;
conn != NULL;
conn = conn->link.tqe_next) {
if (streq(conn->name, connname)) {
if (conn->state == STATE_ADDED) {
printf("\nconn %s already added\n",
conn->name);
} else if (conn->state ==
STATE_FAILED) {
printf("\nconn %s did not load properly\n",
conn->name);
} else {
resolve_defaultroute(conn);
exit_status =
starter_whack_add_conn(
cfg,
conn);
conn->state = STATE_ADDED;
}
break;
}
}
if (conn == NULL) {
/*
* only if we don't find it, do we now look
* for aliases
*/
for (conn = cfg->conns.tqh_first;
conn != NULL;
conn = conn->link.tqe_next) {
if (conn->strings_set[KSF_CONNALIAS] &&
lsw_alias_cmp(connname,
conn->
strings[KSF_CONNALIAS]
)) {
if (conn->state ==
STATE_ADDED) {
printf("\nalias: %s conn %s already added\n",
connname,
conn->name);
} else if (conn->state ==
STATE_FAILED) {
printf("\nalias: %s conn %s did not load properly\n",
connname,
conn->name);
} else {
resolve_defaultroute(
conn);
exit_status =
starter_whack_add_conn(
cfg,
conn);
conn->state =
STATE_ADDED;
}
break;
}
}
}
if (conn == NULL) {
exit_status++;
if (!verbose) {
printf("conn '%s': not found (tried aliases)\n",
connname);
} else {
printf(" (notfound)\n");
}
}
}
}
if (listall) {
if (verbose)
printf("listing all conns\n");
for (conn = cfg->conns.tqh_first;
conn != NULL;
conn = conn->link.tqe_next)
printf("%s ", conn->name);
printf("\n");
} else {
if (listadd) {
if (verbose)
printf("listing all conns marked as auto=add\n");
/* list all conns marked as auto=add */
for (conn = cfg->conns.tqh_first;
conn != NULL;
conn = conn->link.tqe_next) {
if (conn->desired_state == STARTUP_ADD)
printf("%s ", conn->name);
}
}
if (listroute) {
if (verbose)
printf("listing all conns marked as auto=route and auto=start\n");
/*
* list all conns marked as auto=route or start or
* better
*/
for (conn = cfg->conns.tqh_first;
conn != NULL;
conn = conn->link.tqe_next) {
if (conn->desired_state == STARTUP_START ||
conn->desired_state == STARTUP_ONDEMAND)
printf("%s ", conn->name);
}
}
if (liststart && !listroute) {
if (verbose)
printf("listing all conns marked as auto=start\n");
/* list all conns marked as auto=start */
for (conn = cfg->conns.tqh_first;
conn != NULL;
conn = conn->link.tqe_next) {
if (conn->desired_state == STARTUP_START)
printf("%s ", conn->name);
}
}
if (listignore) {
if (verbose)
printf("listing all conns marked as auto=ignore\n");
/* list all conns marked as auto=start */
for (conn = cfg->conns.tqh_first;
conn != NULL;
conn = conn->link.tqe_next) {
if (conn->desired_state == STARTUP_IGNORE)
printf("%s ", conn->name);
}
printf("\n");
}
}
if (liststack) {
const struct keyword_def *kd;
for (kd = ipsec_conf_keywords_v2; kd->keyname != NULL; kd++) {
if (strstr(kd->keyname, "protostack")) {
if (cfg->setup.strings[kd->field])
printf("%s\n",
cfg->setup.strings[kd->field]);
else
/* implicit default */
printf("netkey\n");
}
}
confread_free(cfg);
exit(0);
}
if (configsetup) {
const struct keyword_def *kd;
printf("%s %sconfreadstatus=''\n", export, varprefix);
for (kd = ipsec_conf_keywords_v2; kd->keyname != NULL; kd++) {
if ((kd->validity & kv_config) == 0)
continue;
switch (kd->type) {
case kt_string:
case kt_filename:
case kt_dirname:
case kt_loose_enum:
if (cfg->setup.strings[kd->field]) {
printf("%s %s%s='%s'\n",
export, varprefix, kd->keyname,
cfg->setup.strings[kd->field]);
}
break;
case kt_bool:
printf("%s %s%s='%s'\n", export, varprefix,
kd->keyname,
cfg->setup.options[kd->field] ?
"yes" : "no");
break;
case kt_list:
printf("%s %s%s='",
export, varprefix, kd->keyname);
confwrite_list(stdout, "",
cfg->setup.options[kd->field],
kd);
printf("'\n");
break;
case kt_obsolete:
printf("# obsolete option '%s%s' ignored\n",
varprefix, kd->keyname);
break;
default:
if (cfg->setup.options[kd->field] ||
cfg->setup.options_set[kd->field]) {
printf("%s %s%s='%d'\n",
export, varprefix, kd->keyname,
cfg->setup.options[kd->field]);
}
break;
}
}
main(int argc, char *argv[])
{
int len;
char *infile;
char *conn_name;
int lineno=0;
int regression = 0;
struct connection *c1;
struct state *st;
#ifdef HAVE_EFENCE
EF_PROTECT_FREE=1;
#endif
progname = argv[0];
leak_detective = 1;
if(argc != 3 && argc!=4) {
fprintf(stderr, "Usage: %s [-r] <whackrecord> <conn-name>\n", progname);
exit(10);
}
/* skip argv0 */
argc--; argv++;
if(strcmp(argv[0], "-r")==0) {
regression = 1;
argc--; argv++;
}
tool_init_log();
load_oswcrypto();
init_fake_vendorid();
init_fake_secrets();
init_local_interface();
infile = argv[0];
conn_name = argv[1];
cur_debugging = DBG_CONTROL|DBG_CONTROLMORE;
if(readwhackmsg(infile) == 0) exit(11);
send_packet_setup_pcap("OUTPUT/" TESTNAME ".pcap");
c1 = con_by_name(conn_name, TRUE);
assert(c1 != NULL);
//list_public_keys(FALSE, FALSE);
#ifndef SKIP_ORIENT_ASSERT
assert(orient(c1, 500));
#endif
show_one_connection(c1);
#ifndef SKIP_INITIATE
/* do calculation if not -r for regression */
st = sendI1(c1, DBG_EMITTING|DBG_CONTROL|DBG_CONTROLMORE, regression == 0);
st = state_with_serialno(1);
if(st!=NULL) {
delete_state(st);
free_state(st);
}
#endif
delete_connection(c1, TRUE);
report_leaks();
tool_close_log();
exit(0);
}
main(int argc, char *argv[]){
int len;
char *infile;
char *conn_name;
int lineno = 0;
struct connection *c1;
struct state *st;
EF_PROTECT_FREE = 1;
EF_FREE_WIPES = 1;
progname = argv[0];
leak_detective = 1;
if (argc != 3) {
fprintf(stderr, "Usage: %s <whackrecord> <conn-name>\n",
progname);
exit(10);
}
/* argv[1] == "-r" */
tool_init_log();
init_fake_vendorid();
infile = argv[1];
conn_name = argv[2];
readwhackmsg(infile);
send_packet_setup_pcap("parentI1.pcap");
c1 = con_by_name(conn_name, TRUE);
c1->sa_keying_tries = 0; /* for this test case, make retries infinite */
maximum_retransmissions_initial = 2;
show_one_connection(c1);
st = sendI1(c1,
DBG_EMITTING | DBG_CONTROL | DBG_CONTROLMORE |
DBG_WHACKWATCH);
run_continuation(r);
/* after three-retransmits, we fallback to trying IKEv1, if necessary */
handle_next_timer_event();
run_continuation(r);
handle_next_timer_event();
run_continuation(r);
handle_next_timer_event();
run_continuation(r);
handle_next_timer_event();
run_continuation(r);
handle_next_timer_event();
run_continuation(r);
handle_next_timer_event();
run_continuation(r);
handle_next_timer_event();
run_continuation(r);
handle_next_timer_event();
run_continuation(r);
handle_next_timer_event();
run_continuation(r);
/* after three more retransmits, we go back to IKEv2 */
handle_next_timer_event();
run_continuation(r);
handle_next_timer_event();
run_continuation(r);
handle_next_timer_event();
run_continuation(r);
/* as the state will have been renewed, it's hard to clean up */
report_leaks();
tool_close_log();
exit(0);
}
int main(int argc, char *argv[])
{
bool recalculate = FALSE;
int len;
err_t e;
err_t err = NULL;
char *infile;
char *conn_name;
int lineno=0;
struct connection *c1 = NULL;
struct id moon, cassidy;
struct adns_continuation *cr1 = NULL;
#ifdef HAVE_EFENCE
EF_PROTECT_FREE=1;
#endif
initproctitle(argc, argv);
progname = argv[0];
leak_detective = 1;
if(argc != 3 && argc!=4) {
fprintf(stderr, "Usage: %s [-r] <whackrecord> <conn-name>\n", progname);
exit(10);
}
/* skip argv0 */
argc--; argv++;
if(strcmp(argv[0], "-r")==0) {
recalculate = 1; /* do all crypto */
argc--; argv++;
}
tool_init_log();
cur_debugging |= DBG_DNS;
init_adns();
{
int r;
struct sigaction act;
act.sa_handler = &childhandler;
act.sa_flags = SA_RESTART;
r = sigaction(SIGCHLD, &act, NULL);
passert(r == 0);
}
reset_globals();
/* setup a query */
cr1 = alloc_thing(struct adns_continuation, "moon lookup");
moon.kind = ID_FQDN;
strtochunk(moon.name, "moon.testing.openswan.org", "dns name");
e = start_adns_query(&moon, NULL, ns_t_key,
moon_continue, cr1);
freeanychunk(moon.name);
process_dns_results();
#if 0
cr1 = alloc_thing(struct adns_continuation, "cassidy lookup");
cassidy.kind = ID_FQDN;
strtochunk(cassidy.name, "cassidy.sandelman.ca", "dns name 2");
e = start_adns_query(&cassidy, NULL, ns_t_key,
cassidy_continue, cr1);
freeanychunk(cassidy.name);
process_dns_results();
#endif
/* re-use cassidy */
cr1 = alloc_thing(struct adns_continuation, "cassidy A lookup");
e = start_adns_hostname(AF_UNSPEC, "cassidy.sandelman.ca", cassidy_host_continue, cr1);
process_dns_results();
stop_adns();
report_leaks();
tool_close_log();
exit(0);
}
/*
- main - mostly argument parsing
*/
int main(int argc, char *argv[])
{
log_to_stderr = FALSE;
tool_init_log("ipsec rsasigkey");
int opt;
int nbits = 0;
int seedbits = DEFAULT_SEED_BITS;
while ((opt = getopt_long(argc, argv, "", opts, NULL)) != EOF)
switch (opt) {
case 'n':
case 'p':
fprintf(stderr, "%s: --noopt and --rounds options have been obsoleted - ignored\n",
progname);
break;
case 'v': /* verbose description */
log_to_stderr = TRUE;
break;
case 'r':
fprintf(stderr, "%s: Warning: --random is obsoleted for --seeddev. It no longer specifies the random device used for obtaining random key material",
progname);
/* FALLTHROUGH */
case 'S': /* nonstandard random device for seed */
device = optarg;
break;
case 'H': /* set hostname for output */
{
size_t full_len = strlen(optarg);
bool oflow = sizeof(outputhostname) - 1 < full_len;
size_t copy_len = oflow ? sizeof(outputhostname) - 1 : full_len;
memcpy(outputhostname, optarg, copy_len);
outputhostname[copy_len] = '\0';
}
break;
case 'h': /* help */
printf("Usage:\t%s\n", usage);
exit(0);
break;
case 'V': /* version */
printf("%s %s\n", progname, ipsec_version_code());
exit(0);
break;
case 'c': /* obsoleted by --nssdir|-d */
case 'd': /* -d is used for nssdirdir with nss tools */
lsw_conf_nssdir(optarg);
break;
case 'P': /* token authentication password */
lsw_conf_nsspassword(optarg);
break;
case 's': /* seed bits */
seedbits = atoi(optarg);
if (PK11_IsFIPS()) {
if (seedbits < DEFAULT_SEED_BITS) {
fprintf(stderr, "%s: FIPS mode does not allow < %d seed bits\n",
progname, DEFAULT_SEED_BITS);
exit(1);
}
}
break;
case '?':
default:
printf("Usage:\t%s\n", usage);
exit(2);
}
if (outputhostname[0] == '\0') {
if (gethostname(outputhostname, sizeof(outputhostname)) < 0) {
fprintf(stderr, "%s: gethostname failed (%s)\n",
progname,
strerror(errno));
exit(1);
}
}
/*
* RSA-PSS requires keysize to be a multiple of 8 bits
* (see PCS#1 v2.1).
* We require a multiple of 16. (??? why?)
*/
if (argv[optind] == NULL) {
/* default keysize: a multiple of 16 in [3072,4096) */
srand(time(NULL));
nbits = 3072 + 16 * (rand() % (1024 / 16));
} else {
unsigned long u;
err_t ugh = ttoulb(argv[optind], 0, 10, INT_MAX, &u);
if (ugh != NULL) {
fprintf(stderr,
"%s: keysize specification is malformed: %s\n",
progname, ugh);
exit(1);
}
nbits = u;
}
if (nbits < MIN_KEYBIT ) {
fprintf(stderr,
"%s: requested RSA key size (%d) is too small - use %d or more\n",
progname, nbits, MIN_KEYBIT);
exit(1);
} else if (nbits > MAXBITS) {
fprintf(stderr,
"%s: requested RSA key size (%d) is too large - (max %d)\n",
progname, nbits, MAXBITS);
exit(1);
} else if (nbits % (BITS_PER_BYTE * 2) != 0) {
fprintf(stderr,
"%s: requested RSA key size (%d) is not a multiple of %d\n",
progname, nbits, (int)BITS_PER_BYTE * 2);
exit(1);
}
/*
* Don't fetch the config options until after they have been
* processed, and really are "constant".
*/
const struct lsw_conf_options *oco = lsw_init_options();
rsasigkey(nbits, seedbits, oco);
exit(0);
}
main(int argc, char *argv[]){
int len;
char *infile;
FILE *idfile;
char idbuf[256];
int lineno = 0;
EF_PROTECT_FREE = 1;
EF_FREE_WIPES = 1;
lsw_init_rootdir("../../../baseconfigs/all");
progname = argv[0];
leak_detective = 1;
if (argc != 3 ) {
fprintf(stderr, "Usage: %s <whackrecord> <idfile>\n",
progname);
exit(10);
}
/* argv[1] == "-r" */
tool_init_log();
infile = argv[1];
readwhackmsg(infile);
idfile = fopen(argv[2], "r");
if (!idfile) {
perror(argv[2]);
exit(11);
}
cur_debugging = DBG_CONTROL | DBG_CONTROLMORE;
while (fgets(idbuf, sizeof(idbuf), idfile) != NULL) {
struct state *st1;
struct connection *nc;
struct id peer_id;
int aggrmode, initiate;
char id1[256];
/* ignore comments */
if (idbuf[0] == '#')
continue;
st1 = new_state();
sscanf(idbuf, "%s %u %u", id1, &initiate, &aggrmode);
/* set it to the first connection, there may be only one?? */
st1->st_connection = connections; /* safe: from new_state */
st1->st_oakley.auth = OAKLEY_RSA_SIG;
passert(connections != NULL);
atoid(id1, &peer_id, TRUE);
nc = refine_host_connection(st1, &peer_id, initiate, aggrmode);
printf("%u: %s -> conn: %s\n", ++lineno, id1,
nc ? nc->name : "<none>");
}
report_leaks();
tool_close_log();
exit(0);
}
