err_t ipsec_policy_sendrecv(unsigned char *buf,
size_t buflen)
{
err_t ret;
ipsec_policy_init();
if(write(policy_query_socket, buf, buflen)
!= buflen) {
return "write failed";
}
ret = ipsec_policy_readmsg(policy_query_socket,
buf, buflen);
ipsec_policy_final();
return ret;
}
int main(int argc, char *argv[])
{
struct ipsec_policy_cmd_query q;
err_t ret;
int c, fd = -1;
unsigned short port;
char *foo;
/* set the defaults */
char lookup_style = 'i';
char output_style = 's';
char *plaintext = "clear";
char *vpntext = "vpn";
char *privacytext = "private";
char *dnssectext = "secure";
while((c = getopt_long(argc, argv, "hVighc:v:p:s:", long_opts, 0))!=EOF) {
switch (c) {
default:
case 'h': /* --help */
help();
return 0; /* GNU coding standards say to stop here */
case 'V': /* --version */
fprintf(stderr, "Openswan %s\n", ipsec_version_code());
return 0; /* GNU coding standards say to stop here */
case 'i':
fd = 0;
if(isatty(0)) {
printf("please run this connected to a socket\n");
exit(1);
}
lookup_style = 'i';
break;
case 'U':
port = strtol(optarg, &foo, 0);
if(*foo != '\0') {
fprintf(stderr, "invalid port number: %s\n", optarg);
help();
}
fd = open_udp_sock(port);
break;
case 'T':
port = strtol(optarg, &foo, 0);
if(*foo != '\0') {
fprintf(stderr, "invalid port number: %s\n", optarg);
help();
}
fd = open_tcp_sock(port);
break;
case 'N':
maxpacketcount = strtol(optarg, &foo, 0);
if(*foo != '\0') {
fprintf(stderr, "invalid packetcount number: %s\n", optarg);
help();
}
break;
case 'P':
lookup_style = 'P';
break;
case 'g':
lookup_style = 'g';
break;
case 't':
output_style = 't';
break;
case 'c':
plaintext = optarg;
break;
case 'v':
vpntext = optarg;
break;
case 'p':
privacytext = optarg;
break;
case 's':
dnssectext = optarg;
break;
}
}
if(lookup_style != 'P') {
if((ret = ipsec_policy_init()) != NULL) {
perror(ret);
exit(2);
}
}
switch(lookup_style) {
case 'i':
if((ret = ipsec_policy_lookup(fd, &q)) != NULL) {
perror(ret);
exit(3);
}
break;
case 'g':
if((ret = ipsec_policy_cgilookup(&q)) != NULL) {
perror(ret);
exit(3);
}
break;
case 'P':
udp_recv_loop(fd);
break;
default:
abort();
break;
}
if(output_style == 't') {
dump_policyreply(&q);
} else {
/* start by seeing if there was any crypto */
if(q.strength < IPSEC_PRIVACY_PRIVATE) {
/* no, so say clear */
puts(plaintext);
exit(0);
}
/* we now it is crypto, but authentic is it? */
if(q.credential_count == 0) {
puts(vpntext);
exit(0);
}
switch(q.credentials[0].ii_format) {
case CERT_DNS_SIGNED_KEY:
puts(dnssectext);
exit(0);
case CERT_RAW_RSA:
puts(vpntext);
exit(0);
default:
puts(privacytext);
exit(0);
}
}
exit(0);
}
