static inline void instance_run(fcs_dbm_solver_instance_t *const instance)
{
while (instance->count_num_processed < instance->max_count_num_processed &&
(instance->should_terminate == DONT_TERMINATE))
{
const int depth = (instance->stack_depth);
if (depth < 0)
{
instance->should_terminate = QUEUE_TERMINATE;
}
else
{
pseduo_dfs_stack_item_t *const stack_item = instance->stack + depth;
const int idx = (stack_item->next_state_idx)++;
if (idx == stack_item->count_next_states)
{
/* Demote from the current depth. */
for (int i = 0; i < stack_item->count_next_states; i++)
{
delete_state(&(instance->store), &(instance->cache),
&(stack_item->next_states[i]));
}
stack_item->count_next_states = 0;
stack_item->next_state_idx = 0;
(instance->stack_depth)--;
}
else
{
instance->stack_depth++;
instance__inspect_new_state(
instance, &(stack_item->next_states[idx]));
}
}
}
}
void destroy_state_and_poll_thread(State * state, pthread_t thread) {
pthread_mutex_lock(&state->mState);
state->ready = -1;
pthread_mutex_unlock(&state->mState);
if (thread) pthread_join(thread, NULL);
delete_state(state);
}
/*****************************************************************************************
函数名称: dpd_timeout
功能描述: dpd超时处理,删除连接
输入参数: st
输出参数: 无
返 回 值: 无
-------------------------------------------------------------------------------------------
最近一次修改记录 :
修改作者: 王之云
修改目的: 超时处理
修改日期: 2012年3月20日
********************************************************************************************/
void dpd_timeout(struct state *st)
{
int action;
struct ike_conn *c = st->st_connection;
action = st->st_connection->dpd_action;
so_serial_t newest = c->newest_isakmp_sa ;
char buf_remoteip[20] = {0};
st->st_dpd_timeout_flag = 1;
addrtot(&st->st_remoteaddr, 0, buf_remoteip, sizeof(buf_remoteip));
passert(IS_ISAKMP_SA_ESTABLISHED(st->st_state));
passert(action == DPD_ACTION_HOLD
|| action == DPD_ACTION_CLEAR
|| action == DPD_ACTION_RESTART
|| action == DPD_ACTION_RESTART_BY_PEER);
if (newest != st->st_serialno && newest != SOS_NOBODY)
{
IPSEC_log(IPSEC_LOGLEVEL_WARNING,
"Connection < %s > < %s > old state DPD TIMEOUT, "
"We will delete state depend on it.!",
st->st_connection->name, buf_remoteip);
ipsec_release_state_by_parent(st);
delete_state(st);
return;
}
{
IPSEC_log(IPSEC_LOGLEVEL_WARNING,
"Connection < %s > < %s > DPD TIMEOUT, we will %s connection!",
st->st_connection->name, buf_remoteip, action == DPD_ACTION_CLEAR ? "clear":"restart");
}
switch(action)
{
case DPD_ACTION_CLEAR:
release_connection(&c);
break;
case DPD_ACTION_RESTART:
release_connection(&c);
if(NULL != c)
{
start_initiate_connnection(c);
}
break;
case DPD_ACTION_HOLD:
case DPD_ACTION_RESTART_BY_PEER:
/*未用到此两种情况*/
break;
default :
break;
}
}
void Automata::optimize_dfa(){
if(!dfa)return;
DistinguashbleStatesCollection dependentStates;//больший указатель первый
//находим список зависимых состояний
get_depended_states(dependentStates, all_states);
//склеиваем состояния
set<State*> mergedStates=glue_states(dependentStates);
//удалить все смёрдженые состояния
for(set<State*>::iterator it=mergedStates.begin();it!=mergedStates.end();++it){
delete_state(*it);
}
min=true;
}
main(int argc, char *argv[])
{
int len;
char *infile;
char *conn_name;
int lineno=0;
struct connection *c1;
struct state *st;
EF_PROTECT_FREE=1;
EF_FREE_WIPES =1;
progname = argv[0];
leak_detective = 1;
if(argc != 3) {
fprintf(stderr, "Usage: %s <whackrecord> <conn-name>\n", progname);
exit(10);
}
/* argv[1] == "-r" */
tool_init_log();
init_fake_vendorid();
infile = argv[1];
conn_name = argv[2];
readwhackmsg(infile);
send_packet_setup_pcap("parentI1.pcap");
c1 = con_by_name(conn_name, TRUE);
show_one_connection(c1);
st = sendI1(c1,DBG_EMITTING|DBG_CONTROL|DBG_CONTROLMORE);
run_continuation(r);
/* now invoke the timer event to cause a re-transmission */
handle_next_timer_event();
/* clean up so that we can see any leaks */
delete_state(st);
report_leaks();
tool_close_log();
exit(0);
}
int main(int argc, char *argv[])
{
/* Declarations */
int c, option_index = 0;
struct option long_options[] =
{
{"coordinator-profile-path", required_argument, 0, 'P'},
{"profile", required_argument, 0, 'p'},
{"help", no_argument, 0, 'h'},
{"version", no_argument, 0, 'v'},
{0, 0, 0, 0}
};
char *manifest_file;
char *profile = NULL;
char *coordinator_profile_path = NULL;
/* Parse command-line options */
while((c = getopt_long(argc, argv, "p:hv", long_options, &option_index)) != -1)
{
switch(c)
{
case 'p':
profile = optarg;
break;
case 'P':
coordinator_profile_path = optarg;
break;
case 'h':
case '?':
print_usage(argv[0]);
return 0;
case 'v':
print_version(argv[0]);
return 0;
}
}
/* Validate options */
profile = check_profile_option(profile);
if(optind >= argc)
manifest_file = NULL;
else
manifest_file = argv[optind];
return delete_state(manifest_file, coordinator_profile_path, profile); /* Execute snapshot operation */
}
static av_cold int dvbsub_close_decoder(AVCodecContext *avctx)
{
DVBSubContext *ctx = avctx->priv_data;
DVBSubRegionDisplay *display;
delete_state(ctx);
while (ctx->display_list) {
display = ctx->display_list;
ctx->display_list = display->next;
av_free(display);
}
return 0;
}
State* Automata::suffix_minimize_merge_states(vector<State*>& mergebal_states){
if(mergebal_states.size()<2)return mergebal_states[0];
State* fstate=mergebal_states.at(0);
for(size_t i=1;i!=mergebal_states.size();++i){
if(!fstate->is_final()&&mergebal_states[i]->is_final()){
fstate->set_final(true);
finals.push_back(fstate);
finals.remove(mergebal_states[i]);
}else if(mergebal_states[i]->is_final()){
finals.remove(mergebal_states[i]);
}
if(start==mergebal_states[i])
start=fstate;
merge_states_input_signals(fstate,mergebal_states[i]);
mergebal_states[i]->get_transitions().clear_transitions(&all_states);
delete_state(mergebal_states[i]);
}
return fstate;
}
main(int argc, char *argv[]) {
int len;
char *infile;
char *conn_name;
int lineno = 0;
struct connection *c1;
pcap_t *pt;
char eb1[256];
EF_PROTECT_BELOW = 1;
EF_PROTECT_FREE = 1;
EF_FREE_WIPES = 1;
progname = argv[0];
leak_detective = 1;
init_crypto();
if (argc != 4) {
fprintf(stderr,
"Usage: %s <whackrecord> <conn-name> <pcapin>\n",
progname);
exit(10);
}
/* argv[1] == "-r" */
tool_init_log();
init_fake_vendorid();
infile = argv[1];
conn_name = argv[2];
readwhackmsg(infile);
send_packet_setup_pcap("parentR1.pcap");
c1 = con_by_name(conn_name, TRUE);
show_one_connection(c1);
pt = pcap_open_offline(argv[3], eb1);
if (!pt) {
perror(argv[3]);
exit(50);
}
cur_debugging = DBG_EMITTING | DBG_CONTROL | DBG_CONTROLMORE;
pcap_dispatch(pt, 1, recv_pcap_packet, NULL);
{
struct state *st;
/* find st involved */
st = state_with_serialno(1);
delete_state(st);
}
report_leaks();
tool_close_log();
exit(0);
}
main(int argc, char *argv[]){
int len;
char *infile;
char *conn_name;
int lineno = 0;
struct connection *c1;
pcap_t *pt;
char eb1[256];
struct state *st;
EF_PROTECT_FREE = 1;
EF_FREE_WIPES = 1;
progname = argv[0];
printf("Started %s\n", progname);
leak_detective = 1;
pluto_shared_secrets_file =
"../../../baseconfigs/west/etc/ipsec.secrets";
lsw_init_ipsecdir("../../../baseconfigs/west/etc/ipsec.d");
lsw_init_rootdir("../../../baseconfigs/west");
init_crypto();
init_seam_kernelalgs();
load_authcerts("CA cert",
"../../../baseconfigs/west/etc/ipsec.d/cacerts",
AUTH_CA);
if (argc != 4) {
fprintf(stderr,
"Usage: %s <whackrecord> <conn-name> <pcapin>\n",
progname);
exit(10);
}
/* argv[1] == "-r" */
tool_init_log();
init_fake_vendorid();
infile = argv[1];
conn_name = argv[2];
load_preshared_secrets(NULL_FD);
readwhackmsg(infile);
send_packet_setup_pcap("parentI2x509.pcap");
pt = pcap_open_offline(argv[3], eb1);
if (!pt) {
perror(argv[3]);
exit(50);
}
c1 = con_by_name(conn_name, TRUE);
show_one_connection(c1);
/* now, send the I1 packet, really just so that we are in the right
* state to receive the R1 packet and process it.
*/
st = sendI1(c1, 0);
cur_debugging = DBG_EMITTING | DBG_CONTROL | DBG_CONTROLMORE |
DBG_PARSING | DBG_PRIVATE | DBG_CRYPT;
pcap_dispatch(pt, 1, recv_pcap_packet1, NULL);
{
struct state *st;
/* find st involved */
st = state_with_serialno(1);
delete_state(st);
/* find st involved */
st = state_with_serialno(2);
if (st)
delete_state(st);
}
report_leaks();
tool_close_log();
exit(0);
}
main(int argc, char *argv[])
{
int len;
char *infile;
char *conn_name;
int lineno=0;
int regression = 0;
struct connection *c1;
struct state *st;
#ifdef HAVE_EFENCE
EF_PROTECT_FREE=1;
#endif
progname = argv[0];
leak_detective = 1;
if(argc != 3 && argc!=4) {
fprintf(stderr, "Usage: %s [-r] <whackrecord> <conn-name>\n", progname);
exit(10);
}
/* skip argv0 */
argc--; argv++;
if(strcmp(argv[0], "-r")==0) {
regression = 1;
argc--; argv++;
}
tool_init_log();
load_oswcrypto();
init_fake_vendorid();
init_fake_secrets();
init_local_interface();
infile = argv[0];
conn_name = argv[1];
cur_debugging = DBG_CONTROL|DBG_CONTROLMORE;
if(readwhackmsg(infile) == 0) exit(11);
send_packet_setup_pcap("OUTPUT/" TESTNAME ".pcap");
c1 = con_by_name(conn_name, TRUE);
assert(c1 != NULL);
//list_public_keys(FALSE, FALSE);
#ifndef SKIP_ORIENT_ASSERT
assert(orient(c1, 500));
#endif
show_one_connection(c1);
#ifndef SKIP_INITIATE
/* do calculation if not -r for regression */
st = sendI1(c1, DBG_EMITTING|DBG_CONTROL|DBG_CONTROLMORE, regression == 0);
st = state_with_serialno(1);
if(st!=NULL) {
delete_state(st);
free_state(st);
}
#endif
delete_connection(c1, TRUE);
report_leaks();
tool_close_log();
exit(0);
}
int main(int argc, char *argv[])
{
int len;
char *infile, *pcapin, *pcapout;
char *conn_name;
int lineno=0;
struct connection *c1;
struct state *st;
char eb1[256]; /* error buffer for pcap open */
#ifdef HAVE_EFENCE
EF_PROTECT_FREE=1;
#endif
progname = argv[0];
leak_detective = 1;
if(argc <= 4) {
usage:
fprintf(stderr, "Usage: %s <whackrecord> <conn-name> <pcapin> <pcapout>\n", progname);
exit(10);
}
/* argv[1] == "-r" ?? */
tool_init_log();
init_crypto();
init_fake_vendorid();
init_fake_secrets();
init_jamesjohnson_interface();
infile = NULL;
conn_name = NULL;
pcapin = NULL;
pcapout = NULL;
argc--; argv++;
if(argc > 0) {
infile = argv[0];
argc--; argv++;
}
if(argc > 0) {
conn_name = argv[0];
argc--; argv++;
}
if(argc > 0) {
pcapin = argv[0];
argc--; argv++;
}
if(argc > 0) {
pcapout = argv[0];
argc--; argv++;
}
if(conn_name == NULL ||
infile == NULL ||
pcapin == NULL ||
pcapout == NULL) {
goto usage;
}
cur_debugging = DBG_CONTROL|DBG_CONTROLMORE;
if(readwhackmsg(infile) == 0) exit(10);
c1 = con_by_name(conn_name, TRUE);
assert(c1 != NULL);
assert(orient(c1, 500));
show_one_connection(c1, whack_log);
send_packet_setup_pcap(pcapout);
/* setup to process the I1 packet */
recv_pcap_setup(pcapin);
cur_debugging = DBG_EMITTING|DBG_CONTROL|DBG_CONTROLMORE;
pcap_dispatch(pt, 1, recv_pcap_packet, NULL);
/* clean up so that we can see any leaks */
st = state_with_serialno(1);
if(st!=NULL) {
delete_state(st);
free_state(st);
}
delete_connection(c1, TRUE);
report_leaks();
tool_close_log();
exit(0);
}
/* Handle a kernel request. Supposedly, there's a message in
* the kernelsock socket.
*/
void
whack_handle(int whackctlfd)
{
struct whack_message msg;
struct sockaddr_un whackaddr;
int whackaddrlen = sizeof(whackaddr);
int whackfd = accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen);
ssize_t n;
if (whackfd < 0)
{
log_errno((e, "accept() failed in whack_handle()"));
return;
}
n = read(whackfd, &msg, sizeof(msg));
if (n == -1)
{
log_errno((e, "read() failed in whack_handle()"));
close(whackfd);
return;
}
whack_log_fd = whackfd;
/* sanity check message */
{
err_t ugh = NULL;
next_str = msg.string;
str_roof = (char *)&msg + n;
if (next_str > str_roof)
{
ugh = builddiag("truncated message from whack: got %d bytes; expected %d. Message ignored."
, n, (int) sizeof(msg));
}
else if (msg.magic != WHACK_MAGIC)
{
ugh = builddiag("message from whack has bad magic %d; should be %d; probably wrong version. Message ignored"
, msg.magic, WHACK_MAGIC);
}
else if (!unpack_str(&msg.name) /* string 1 */
|| !unpack_str(&msg.left.id) /* string 2 */
|| !unpack_str(&msg.left.cert) /* string 3 */
|| !unpack_str(&msg.left.updown) /* string 4 */
#ifdef VIRTUAL_IP
|| !unpack_str(&msg.left.virt)
#endif
|| !unpack_str(&msg.right.id) /* string 5 */
|| !unpack_str(&msg.right.cert) /* string 6 */
|| !unpack_str(&msg.right.updown) /* string 7 */
#ifdef VIRTUAL_IP
|| !unpack_str(&msg.right.virt)
#endif
|| !unpack_str(&msg.keyid) /* string 8 */
|| !unpack_str(&msg.ike) /* string 9 */
|| !unpack_str(&msg.esp) /* string 10 */
|| !unpack_str(&msg.dnshostname) /* string 11 */
|| str_roof - next_str != (ptrdiff_t)msg.keyval.len) /* check chunk */
{
ugh = "message from whack contains bad string";
}
else
{
msg.keyval.ptr = next_str; /* grab chunk */
}
if (ugh != NULL)
{
loglog(RC_BADWHACKMESSAGE, "%s", ugh);
whack_log_fd = NULL_FD;
close(whackfd);
return;
}
}
if (msg.whack_options)
{
#ifdef DEBUG
if (msg.name == NULL)
{
/* we do a two-step so that if either old or new would
* cause the message to print, it will be printed.
*/
cur_debugging |= msg.debugging;
DBG(DBG_CONTROL
, DBG_log("base debugging = %s"
, bitnamesof(debug_bit_names, msg.debugging)));
cur_debugging = base_debugging = msg.debugging;
}
else if (!msg.whack_connection)
{
struct connection *c = con_by_name(msg.name, TRUE);
if (c != NULL)
{
c->extra_debugging = msg.debugging;
DBG(DBG_CONTROL
, DBG_log("\"%s\" extra_debugging = %s"
, c->name
, bitnamesof(debug_bit_names, c->extra_debugging)));
}
}
#endif
}
/* Deleting combined with adding a connection works as replace.
* To make this more useful, in only this combination,
* delete will silently ignore the lack of the connection.
*/
if (msg.whack_delete)
{
struct connection *c = con_by_name(msg.name, !msg.whack_connection);
/* note: this is a "while" because road warrior
* leads to multiple connections with the same name.
*/
for (; c != NULL; c = con_by_name(msg.name, FALSE))
delete_connection(c);
}
if (msg.whack_deletestate)
{
struct state *st = state_with_serialno(msg.whack_deletestateno);
if (st == NULL)
{
loglog(RC_UNKNOWN_NAME, "no state #%lu to delete"
, msg.whack_deletestateno);
}
else
{
delete_state(st);
}
}
if (msg.whack_connection)
add_connection(&msg);
/* process "listen" before any operation that could require it */
if (msg.whack_listen)
{
log("listening for IKE messages");
listening = TRUE;
find_ifaces();
load_preshared_secrets();
}
if (msg.whack_unlisten)
{
log("no longer listening for IKE messages");
listening = FALSE;
}
if (msg.whack_reread & REREAD_SECRETS)
{
load_preshared_secrets();
}
if (msg.whack_reread & REREAD_MYCERT)
{
load_mycert();
}
if (msg.whack_reread & REREAD_CACERTS)
{
load_cacerts();
}
if (msg.whack_reread & REREAD_CRLS)
{
load_crls();
}
if (msg.whack_list & LIST_PUBKEYS)
{
list_public_keys(msg.whack_utc);
}
if (msg.whack_list & LIST_CERTS)
{
list_certs(msg.whack_utc);
}
if (msg.whack_list & LIST_CACERTS)
{
list_cacerts(msg.whack_utc);
}
if (msg.whack_list & LIST_CRLS)
{
list_crls(msg.whack_utc);
}
if (msg.whack_key)
{
/* add a public key */
struct id keyid;
err_t ugh = atoid(msg.keyid, &keyid);
if (ugh != NULL)
{
loglog(RC_BADID, "bad --keyid \"%s\": %s", msg.keyid, ugh);
}
else
{
if (!msg.whack_addkey)
delete_public_keys(&keyid, msg.pubkey_alg);
if (msg.keyval.len == 0)
{
struct key_add_continuation *kc
= alloc_thing(struct key_add_continuation
, "key add continuation");
int wfd = dup_any(whackfd);
kc->whack_fd = wfd;
ugh = start_adns_query(&keyid
, NULL
, T_KEY
, key_add_continue
, &kc->ac);
if (ugh != NULL)
{
key_add_ugh(&keyid, ugh);
close_any(wfd);
}
}
else
{
ugh = add_public_key(&keyid, DAL_LOCAL, msg.pubkey_alg
, &msg.keyval, &pubkeys);
if (ugh != NULL)
loglog(RC_LOG_SERIOUS, "%s", ugh);
}
}
}
main(int argc, char *argv[])
{
int len;
char *infile;
char *conn_name;
int lineno=0;
int regression = 0;
struct connection *c1;
struct state *st;
EF_PROTECT_FREE=1;
progname = argv[0];
leak_detective = 1;
if(argc != 4 && argc != 5) {
fprintf(stderr, "Usage: %s [-r] <whackrecord> <conn-name> <pcapfile>\n", progname);
exit(10);
}
/* skip argv0 */
argc--; argv++;
if(strcmp(argv[0], "-r")==0) {
regression = 1;
argc--; argv++;
}
tool_init_log();
load_oswcrypto();
init_fake_vendorid();
init_parker_interface();
infile = argv[0];
conn_name = argv[1];
cur_debugging = DBG_CONTROL|DBG_CONTROLMORE;
if(readwhackmsg(infile) == 0) exit(10);
/* input packets */
recv_pcap_setup(argv[2]);
/* output packets */
send_packet_setup_pcap("OUTPUT/parentI2.pcap");
c1 = con_by_name(conn_name, TRUE);
assert(c1 != NULL);
assert(orient(c1, 500));
show_one_connection(c1);
st = sendI1(c1, DBG_CONTROL, regression == 0);
/* now accept the reply packet */
cur_debugging = DBG_CONTROL|DBG_PARSING;
pcap_dispatch(pt, 1, recv_pcap_packet, NULL);
st = state_with_serialno(1);
if(st!=NULL) {
delete_state(st);
free_state(st);
}
report_leaks();
tool_close_log();
exit(0);
}
