コード例 #1
0
ファイル: whackmsgtest.c プロジェクト: JasonCC/Openswan
main(int argc, char *argv[])
{
    int   len;
    char *infile;

    EF_PROTECT_FREE=1;
    EF_FREE_WIPES  =1;

    progname = argv[0];
    leak_detective = 1;

    if(argc > 2 ) {
	fprintf(stderr, "Usage: %s <whackrecord>\n", progname);
	    exit(10);
    }
    /* argv[1] == "-r" */

    tool_init_log();
    
    infile = argv[1];

    readwhackmsg(infile);

    report_leaks();

    tool_close_log();
    exit(0);
}
コード例 #2
0
ファイル: spdbv2.c プロジェクト: aveshagarwal/libreswan
main(int argc, char *argv[]){
	int i;
	struct db_sa *gsp = NULL;
	struct db_sa *sa1 = NULL;
	struct db_sa *sa2 = NULL;
	struct alg_info_ike *aii;
	char err_buf[256];	/* ??? big enough? */

	EF_PROTECT_FREE = 1;
	EF_FREE_WIPES  = 1;

	progname = argv[0];
	leak_detective = 1;

	tool_init_log();
	init_crypto();

	aii = alg_info_ike_create_from_str("3des", err_buf, sizeof(err_buf));

	gsp = oakley_alg_makedb(aii,
				&oakley_sadb[POLICY_RSASIG >>
					     POLICY_ISAKMP_SHIFT],
				FALSE);
	sa_print(gsp);

	sa_v2_convert(&gsp);

	sa_v2_print(gsp);

	tool_close_log();

	free_sa(&gsp);
	exit(0);
}
コード例 #3
0
ファイル: spdbph1.c プロジェクト: mcr/bluerose
main(int argc, char *argv[])
{
    int i;
    struct db_sa *gsp = NULL;
    struct db_sa *sa1 = NULL;
    struct db_sa *sa2 = NULL;
    struct alg_info_ike *aii;
    err_t ugh;

    progname = argv[0];
    leak_detective=1;

    tool_init_log();
    init_crypto();
    
    aii = alg_info_ike_create_from_str("3des", &ugh);

    gsp = oakley_alg_makedb(aii
			    , &oakley_sadb[POLICY_RSASIG >> POLICY_ISAKMP_SHIFT]
			    , -1);

    sa_print(gsp);

    tool_close_log();
    exit(0);
}
コード例 #4
0
ファイル: spdbfirst.c プロジェクト: dotmark/libreswan
main(int argc, char *argv[]){
	int i;
	struct db_sa *sa1 = NULL;

	progname = argv[0];
	leak_detective = 1;

	tool_init_log();

	for (i = 0; i < elemsof(oakley_sadb); i++) {
		/* make sure that leak reports and EFence reports get
		 * placed in the right order.
		 */
		fflush(stdout);
		fflush(stderr);
		printf("\nmain mode oakley: %u\n", i);
		sa_print(&oakley_sadb[i]);
		sa1 = sa_copy_sa_first(&oakley_sadb[i]);

		sa_print(sa1);

		free_sa(sa1);

		fflush(stdout);
		report_leaks();
	}

	tool_close_log();
	exit(0);
}
コード例 #5
0
ファイル: enumcheck.c プロジェクト: lkundrak/libreswan
main(int argc, char *argv[]) {

	progname = argv[0];

	tool_init_log();

	/* our enum names */
	do_test(&connection_kind_names, 256);
	do_test(&certpolicy_type_names, 256);

	/* IETF registry based enum names */
	do_test(&version_names, 256);
	do_test(&doi_names, 256);
	do_test(&ikev1_payload_names, 256);
	do_test(&ikev2_payload_names, 256);
	do_test(&payload_names_ikev1orv2, 256);
	do_test(&ikev1_exchange_names, 256);
	do_test(&ikev2_exchange_names, 256);
	do_test(&exchange_names_ikev1orv2, 256);
	do_test(&protocol_names, 256); /* why not ikev1_protocol_names ? */
	do_test(&ikev2_protocol_names, 256);
	do_test(&isakmp_transformid_names, 256);
	do_test(&ah_transformid_names, 256);
	do_test(&esp_transformid_names, 256);
	do_test(&ipcomp_transformid_names, 256);
	do_test(&oakley_attr_names, 256);
	do_test(&ipsec_attr_names, 256);
	do_test(&sa_lifetime_names, 256);
	do_test(&oakley_lifetime_names, 256);
	do_test(&oakley_auth_names, 256);
	do_test(&oakley_enc_names, 256);
	do_test(&oakley_hash_names, 256);
	do_test(&oakley_group_names, 256);
	do_test(&ikev1_notify_names, 16384);
	do_test(&ikev2_notify_names, 16384);
	do_test(&ikev2_ts_type_names, 256);
	do_test(&enc_mode_names, 256);
	do_test(&auth_alg_names, 256);
	do_test(&xauth_type_names, 256);
	do_test(&xauth_attr_names, 256);
	do_test(&attr_msg_type_names, 256);
	do_test(&ikev2_sec_proto_id_names, 256);
	do_test(&ikev2_auth_names, 256);
	do_test(&ikev2_trans_type_encr_names, 256);
	do_test(&ikev2_trans_type_prf_names, 256);
	do_test(&ikev2_trans_type_integ_names, 256);
	do_test(&ikev2_trans_type_esn_names, 256);
	do_test(&ikev2_trans_type_names, 256);
	do_test(&ike_cert_type_names, 256);
	do_test(&ikev2_cert_type_names, 256);
	do_test(&modecfg_attr_names, 256);
	do_test(&ike_idtype_names, 256);
	do_test(&ikev2_idtype_names, 256);

	report_leaks();
	tool_close_log();
	exit(0);
}
コード例 #6
0
ファイル: kickdns.c プロジェクト: 1309578252/Openswan
int main(int argc, char *argv[])
{
    bool  recalculate = FALSE;
    int   len;
    err_t err = NULL;
    char *infile;
    char *conn_name;
    int  lineno=0;
    struct connection *c1 = NULL;

#ifdef HAVE_EFENCE
    EF_PROTECT_FREE=1;
#endif

    progname = argv[0];
    leak_detective = 1;

    if(argc != 3 && argc!=4) {
	fprintf(stderr, "Usage: %s [-r] <whackrecord> <conn-name>\n", progname);
	exit(10);
    }
    /* skip argv0 */
    argc--; argv++;

    if(strcmp(argv[0], "-r")==0) {
        recalculate = 1;    /* do all crypto */
        argc--; argv++;
    }

    tool_init_log();
    load_oswcrypto();
    init_fake_vendorid();
    init_fake_secrets();
    init_local_interface();

    infile = argv[0];
    conn_name = argv[1];

    cur_debugging = DBG_CONTROL|DBG_CONTROLMORE;
    if(readwhackmsg(infile) == 0) exit(11);

    send_packet_setup_pcap("OUTPUT/" TESTNAME ".pcap");

    c1 = con_by_name(conn_name, TRUE);
    assert(c1 != NULL);

    //list_public_keys(FALSE, FALSE);
    assert(orient(c1, 500));
    show_one_connection(c1, whack_log);

    kick_adns_connection_lookup(c1, &c1->spd.that, TRUE);

    report_leaks();

    tool_close_log();
    exit(0);
}
コード例 #7
0
ファイル: whacksemantics.c プロジェクト: newappfirst/Openswan
main(int argc, char *argv[])
{
    int   len;
    err_t err = NULL;
    char *infile;
    char *conn_name;
    int  lineno=0;
    struct starter_config *cfg = NULL;
    struct starter_conn *conn = NULL;

    //EF_PROTECT_FREE=1;

    progname = argv[0];
    leak_detective = 1;

    if(argc < 4) {
	fprintf(stderr, "Usage: %s <cfgrootdir> <cfgfile> <conn-name>.. \n", progname);
	exit(10);
    }
    /* argv[1] == "-r" */

    tool_init_log();
    //init_fake_vendorid();

    rootdir[0]='\0';
    strlcat(rootdir, argv[1], sizeof(rootdir));

    starter_use_log(1, 1, 1);
    cfg = confread_load(argv[2], &err, FALSE, NULL,FALSE);
    argv+=3;
    argc-=3;

    /* load all conns marked as auto=add or better */
    for(conn = cfg->conns.tqh_first;
	conn != NULL;
	conn = conn->link.tqe_next)
    {
        for(; argc>0; argc--, argv++) {
            conn_name = *argv;
            printf("processing conn: %s\n", conn_name);
            if(strcasecmp(conn->name, conn_name)==0) {
                struct whack_message msg1;
                if(starter_whack_build_basic_conn(cfg, &msg1, conn)==0) {
                    add_connection(&msg1);
                }
            }
        }
    }

    confread_free(cfg);

    report_leaks();

    tool_close_log();
    exit(0);
}
コード例 #8
0
ファイル: parentI1retrans.c プロジェクト: st3fan/libreswan
main(int argc, char *argv[])
{
    int   len;
    char *infile;
    char *conn_name;
    int  lineno=0;
    struct connection *c1;
    struct state *st;

    EF_PROTECT_FREE=1;
    EF_FREE_WIPES  =1;

    progname = argv[0];
    leak_detective = 1;

    if(argc != 3) {
	fprintf(stderr, "Usage: %s <whackrecord> <conn-name>\n", progname);
	exit(10);
    }
    /* argv[1] == "-r" */

    tool_init_log();
    init_fake_vendorid();
    
    infile = argv[1];
    conn_name = argv[2];

    readwhackmsg(infile);

    send_packet_setup_pcap("parentI1.pcap");
 
    c1 = con_by_name(conn_name, TRUE);

    show_one_connection(c1);

    st = sendI1(c1,DBG_EMITTING|DBG_CONTROL|DBG_CONTROLMORE);
    
    run_continuation(r);

    /* now invoke the timer event to cause a re-transmission */
    handle_next_timer_event();

    /* clean up so that we can see any leaks */
    delete_state(st);

    report_leaks();

    tool_close_log();
    exit(0);
}
コード例 #9
0
ファイル: spdbv2c.c プロジェクト: mkj/libreswan
main(int argc, char *argv[]) {
	int i;
	struct db_sa *gsp = NULL;
	struct db_sa *sa1 = NULL;
	struct db_sa *sa2 = NULL;
	struct alg_info_esp *aii;
	char err_buf[100];

	EF_PROTECT_FREE = 1;
	EF_FREE_WIPES  = 1;
	EF_PROTECT_BELOW = 1;

	progname = argv[0];
	leak_detective = 1;

	tool_init_log();
	init_crypto();

	{
		int algo;
		for (algo = 1; algo <= K_SADB_EALG_MAX; algo++)
			esp_ealg[(algo)].sadb_alg_id = (algo);
	}
	{
		int algo;
		for (algo = 1; algo <= K_SADB_AALG_MAX; algo++)
			esp_aalg[(algo)].sadb_alg_id = (algo);
	}
	esp_ealg_num = 10;
	esp_aalg_num = 10;

	aii = alg_info_esp_create_from_str("aes128-sha1", &err_buf, sizeof(err_buf));

	gsp = kernel_alg_makedb(POLICY_ENCRYPT | POLICY_AUTHENTICATE,
				aii,
				TRUE);
	sa_print(gsp);

	gsp = sa_v2_convert(gsp);

	sa_v2_print(gsp);

	tool_close_log();

	free_sa(gsp);
	exit(0);
}
コード例 #10
0
ファイル: spdbtest.c プロジェクト: lparis/Openswan
int main(int argc, char *argv[])
{
    int i;
    struct db_sa *sa1 = NULL;
    struct db_sa *sa2 = NULL;

    progname = argv[0];
    leak_detective=1;

    tool_init_log();

    for(i=0; i < elemsof(oakley_sadb); i++) {
	printf("\nmain mode oakley: %u\n", i);
	sa_print(&oakley_sadb[i]);
	sa1 = sa_copy_sa(&oakley_sadb[i], 0);

	if(sa2 != NULL) {
	    free_sa(sa2);
	}
	sa2 = sa_copy_sa(sa1, 0);
	free_sa(sa1);

	printf("copy 2\n");
	sa_print(sa2);
    }

    for(i=0; i < elemsof(oakley_am_sadb); i++) {
	printf("\naggr mode oakley: %u\n", i);
	sa_print(&oakley_am_sadb[i]);
	sa1 = sa_copy_sa(&oakley_am_sadb[i], 0);

	if(sa2 != NULL) {
	    free_sa(sa2);
	}
	sa2 = sa_copy_sa(sa1, 0);
	free_sa(sa1);

	printf("copy 2\n");
	sa_print(sa2);
    }

    if(sa2 != NULL) free_sa(sa2);

    report_leaks();
    tool_close_log();
    exit(0);
}
コード例 #11
0
ファイル: IDhostpair.c プロジェクト: 1309578252/Openswan
int main(int argc, char *argv[])
{
    int   len;
    char *infile;
    char *conn_name;
    int  lineno=0;
    int  regression = 0;
    struct connection *c1;
    struct state *st;

#ifdef HAVE_EFENCE
    EF_PROTECT_FREE=1;
#endif

    progname = argv[0];
    leak_detective = 1;

    if(argc != 3 && argc!=4) {
	fprintf(stderr, "Usage: %s [-r] <whackrecord>\n", progname);
	exit(10);
    }
    /* skip argv0 */
    argc--; argv++;

    if(strcmp(argv[0], "-r")==0) {
        regression = 1;
        argc--; argv++;
    }

    tool_init_log();
    load_oswcrypto();
    init_fake_vendorid();
    init_fake_secrets();
    init_local_interface();

    infile = argv[0];

    cur_debugging = DBG_CONTROL|DBG_CONTROLMORE;
    if(readwhackmsg(infile) == 0) exit(11);

    hostpair_list();
    report_leaks();

    tool_close_log();
    exit(0);
}
コード例 #12
0
ファイル: sameid.c プロジェクト: 1309578252/Openswan
int main(int argc, char *argv[])
{
    int i;
    struct id one;

    progname = argv[0];

    tool_init_log();

    t1();
    t2();
    t3();
    t4();
    t5(); t6();

    report_leaks();
    tool_close_log();
    exit(0);
}
コード例 #13
0
ファイル: spdbmerge.c プロジェクト: hydromet/libreswan
main(int argc, char *argv[]){
	int i;
	struct db_sa *gsp = NULL;
	struct db_sa *sa1 = NULL;
	struct db_sa *sa2 = NULL;

	progname = argv[0];
	leak_detective = 1;

	tool_init_log();

	for (i = 0; i < elemsof(oakley_sadb); i++) {
		gsp = sa_copy_sa(&oakley_empty, 0);

		printf("\nmain mode oakley: %u\n", i);
		//sa_print(&oakley_sadb[i]);
		sa1 = sa_copy_sa(&oakley_sadb[i], 0);

		sa2 = sa_merge_proposals(gsp, sa1);

		printf("sa1:\n");
		sa_print(sa1);

		printf("gsp:\n");
		sa_print(gsp);

		printf("sa2:\n");
		sa_print(sa2);

		free_sa(sa1);
		free_sa(sa2);
		free_sa(gsp);
		report_leaks();
	}

	tool_close_log();
	exit(0);
}
コード例 #14
0
ファイル: spi.c プロジェクト: intliang/libreswan
int main(int argc, char *argv[])
{
	__u32 spi = 0;
	int c;
	ip_said said;
	const char *error_s;
	char ipsaid_txt[SATOT_BUF];

	int outif = 0;
	int error = 0;
	ssize_t io_error;
	int argcount = argc;
	pid_t mypid;
	int listenreply = 0;

	unsigned char authalg, encryptalg;
	struct sadb_ext *extensions[K_SADB_EXT_MAX + 1];
	struct sadb_msg *pfkey_msg;
	char *edst_opt, *spi_opt, *proto_opt, *af_opt, *said_opt, *dst_opt,
	*src_opt;
	u_int32_t natt;
	u_int16_t sport, dport;
	uint32_t life[life_maxsever][life_maxtype];
	char *life_opt[life_maxsever][life_maxtype];
	struct stat sts;
	struct sadb_builds sab;

	progname = argv[0];
	mypid = getpid();
	natt = 0;
	sport = 0;
	dport = 0;

	tool_init_log();

	zero(&said);	/* OK: no pointer fields */
	edst_opt = spi_opt = proto_opt = af_opt = said_opt = dst_opt =
		src_opt = NULL;
	{
		int i, j;

		for (i = 0; i < life_maxsever; i++) {
			for (j = 0; j < life_maxtype; j++) {
				life_opt[i][j] = NULL;
				life[i][j] = 0;
			}
		}
	}

	while ((c = getopt_long(argc, argv,
				"" /*"H:P:Z:46dcA:E:e:s:a:w:i:D:S:hvgl:+:f:"*/,
				longopts, 0)) != EOF) {
		unsigned long u;
		err_t ugh;

		switch (c) {
		case 'g':
			debug = TRUE;
			pfkey_lib_debug = PF_KEY_DEBUG_PARSE_MAX;
			/* paul: this is a plutoism? cur_debugging = 0xffffffff; */
			argcount--;
			break;

		case 'R':
			listenreply = 1;
			argcount--;
			break;

		case 'r':
			dumpsaref = 1;
			argcount--;
			break;

		case 'b':  /* set the SAref to use */
			ugh = ttoulb(optarg, 0, 0, INT_MAX, &u);
			if (ugh != NULL) {
				fprintf(stderr,
					"%s: Invalid SAREFi parameter \"%s\": %s\n",
					progname, optarg, ugh);
				exit(1);
			}
			saref_me = u;
			argcount--;
			break;

		case 'B':  /* set the SAref to use for outgoing packets */
			ugh = ttoulb(optarg, 0, 0, INT_MAX, &u);
			if (ugh != NULL) {
				fprintf(stderr,
					"%s: Invalid SAREFo parameter \"%s\": %s\n",
					progname, optarg, ugh);
				exit(1);
			}
			saref_him = u;
			argcount--;
			break;

		case 'O':  /* set interface from which packet should arrive */
			ugh = ttoulb(optarg, 0, 0, INT_MAX, &u);
			if (ugh != NULL) {
				fprintf(stderr,
					"%s: Invalid outif parameter \"%s\": %s\n",
					progname, optarg, ugh);
				exit(1);
			}
			outif = u;
			argcount--;
			break;

		case 'l':
		{
			static const char combine_fmt[] = "%s --label %s";
			size_t room = strlen(argv[0]) +
					  sizeof(combine_fmt) +
					  strlen(optarg);

			progname = malloc(room);
			snprintf(progname, room, combine_fmt,
				argv[0],
				optarg);
			tool_close_log();
			tool_init_log();

			argcount -= 2;
			break;
		}
		case 'H':
			if (alg) {
				fprintf(stderr,
					"%s: Only one of '--ah', '--esp', '--comp', '--ip4', '--ip6', '--del' or '--clear'  options permitted.\n",
					progname);
				exit(1);
			}
			if (streq(optarg, "hmac-md5-96")) {
				alg = XF_AHHMACMD5;
			} else if (streq(optarg, "hmac-sha1-96")) {
				alg = XF_AHHMACSHA1;
			} else {
				fprintf(stderr,
					"%s: Unknown authentication algorithm '%s' follows '--ah' option.\n",
					progname, optarg);
				exit(1);
			}
			if (debug) {
				fprintf(stdout, "%s: Algorithm %d selected.\n",
					progname,
					alg);
			}
			break;

		case 'P':
			if (alg) {
				fprintf(stderr,
					"%s: Only one of '--ah', '--esp', '--comp', '--ip4', '--ip6', '--del' or '--clear'  options permitted.\n",
					progname);
				exit(1);
			}

			alg = decode_esp(optarg);

			if (debug) {
				fprintf(stdout, "%s: Algorithm %d selected.\n",
					progname,
					alg);
			}
			break;

		case 'Z':
			if (alg) {
				fprintf(stderr,
					"%s: Only one of '--ah', '--esp', '--comp', '--ip4', '--ip6', '--del' or '--clear'  options permitted.\n",
					progname);
				exit(1);
			}
			if (streq(optarg, "deflate")) {
				alg = XF_COMPDEFLATE;
			} else if (streq(optarg, "lzs")) {
				alg = XF_COMPLZS;
			} else {
				fprintf(stderr,
					"%s: Unknown compression algorithm '%s' follows '--comp' option.\n",
					progname, optarg);
				exit(1);
			}
			if (debug) {
				fprintf(stdout, "%s: Algorithm %d selected.\n",
					progname,
					alg);
			}
			break;

		case '4':
			if (alg) {
				fprintf(stderr,
					"%s: Only one of '--ah', '--esp', '--comp', '--ip4', '--ip6', '--del' or '--clear' options permitted.\n",
					progname);
				exit(1);
			}
			alg = XF_IP4;
			address_family = AF_INET;
			if (debug) {
				fprintf(stdout, "%s: Algorithm %d selected.\n",
					progname,
					alg);
			}
			break;

		case '6':
			if (alg) {
				fprintf(stderr,
					"%s: Only one of '--ah', '--esp', '--comp', '--ip4', '--ip6', '--del' or '--clear' options permitted.\n",
					progname);
				exit(1);
			}
			alg = XF_IP6;
			address_family = AF_INET6;
			if (debug) {
				fprintf(stdout, "%s: Algorithm %d selected.\n",
					progname,
					alg);
			}
			break;

		case 'd':
			if (alg) {
				fprintf(stderr,
					"%s: Only one of '--ah', '--esp', '--comp', '--ip4', '--ip6', '--del' or '--clear'  options permitted.\n",
					progname);
				exit(1);
			}
			alg = XF_DEL;
			if (debug) {
				fprintf(stdout, "%s: Algorithm %d selected.\n",
					progname,
					alg);
			}
			break;

		case 'c':
			if (alg) {
				fprintf(stderr,
					"%s: Only one of '--ah', '--esp', '--comp', '--ip4', '--ip6', '--del' or '--clear'  options permitted.\n",
					progname);
				exit(1);
			}
			alg = XF_CLR;
			if (debug) {
				fprintf(stdout, "%s: Algorithm %d selected.\n",
					progname,
					alg);
			}
			break;

		case 'e':
			if (said_opt) {
				fprintf(stderr,
					"%s: Error, EDST parameter redefined:%s, already defined in SA:%s\n",
					progname, optarg, said_opt);
				exit(1);
			}
			if (edst_opt) {
				fprintf(stderr,
					"%s: Error, EDST parameter redefined:%s, already defined as:%s\n",
					progname, optarg, edst_opt);
				exit(1);
			}
			error_s = ttoaddr(optarg, 0, address_family, &edst);
			if (error_s != NULL) {
				if (error_s) {
					fprintf(stderr,
						"%s: Error, %s converting --edst argument:%s\n",
						progname, error_s, optarg);
					exit(1);
				}
			}
			edst_opt = optarg;
			if (debug) {
				ipstr_buf b;

				fprintf(stdout, "%s: edst=%s.\n",
					progname,
					ipstr(&edst, &b));
			}
			break;

		case 's':
			if (said_opt != NULL) {
				fprintf(stderr,
					"%s: Error, SPI parameter redefined:%s, already defined in SA:%s\n",
					progname, optarg, said_opt);
				exit(1);
			}
			if (spi_opt != NULL) {
				fprintf(stderr,
					"%s: Error, SPI parameter redefined:%s, already defined as:%s\n",
					progname, optarg, spi_opt);
				exit(1);
			}
			ugh = ttoulb(optarg, 0, 0, 0xFFFFFFFFul, &u);
			if (ugh == NULL && u < 0x100)
				ugh = "0 - 0xFF are reserved";
			if (ugh != NULL) {
				fprintf(stderr,
					"%s: Invalid SPI parameter \"%s\": %s\n",
					progname, optarg, ugh);
				exit(1);
			}
			spi = u;
			spi_opt = optarg;
			break;

		case 'p':
			if (said_opt != NULL) {
				fprintf(stderr,
					"%s: Error, PROTO parameter redefined:%s, already defined in SA:%s\n",
					progname, optarg, said_opt);
				exit(1);
			}
			if (proto_opt != NULL) {
				fprintf(stderr,
					"%s: Error, PROTO parameter redefined:%s, already defined as:%s\n",
					progname, optarg, proto_opt);
				exit(1);
			}
			if (streq(optarg, "ah")) {
				proto = SA_AH;
			} else if (streq(optarg, "esp")) {
				proto = SA_ESP;
			} else if (streq(optarg, "tun")) {
				proto = SA_IPIP;
			} else if (streq(optarg, "comp")) {
				proto = SA_COMP;
			} else {
				fprintf(stderr,
					"%s: Invalid PROTO parameter: %s\n",
					progname, optarg);
				exit(1);
			}
			proto_opt = optarg;
			break;

		case 'a':
			if (said_opt) {
				fprintf(stderr,
					"%s: Error, ADDRESS FAMILY parameter redefined:%s, already defined in SA:%s\n",
					progname, optarg, said_opt);
				exit(1);
			}
			if (af_opt) {
				fprintf(stderr,
					"%s: Error, ADDRESS FAMILY parameter redefined:%s, already defined as:%s\n",
					progname, optarg, af_opt);
				exit(1);
			}
			if (streq(optarg, "inet")) {
				address_family = AF_INET;
				/* currently we ensure that all addresses belong to the same address family */
				anyaddr(address_family, &dst);
				anyaddr(address_family, &edst);
				anyaddr(address_family, &src);
			} else if (streq(optarg, "inet6")) {
				address_family = AF_INET6;
				/* currently we ensure that all addresses belong to the same address family */
				anyaddr(address_family, &dst);
				anyaddr(address_family, &edst);
				anyaddr(address_family, &src);
			} else {
				fprintf(stderr,
					"%s: Invalid ADDRESS FAMILY parameter: %s.\n",
					progname, optarg);
				exit(1);
			}
			af_opt = optarg;
			break;

		case 'I':
			if (said_opt) {
				fprintf(stderr,
					"%s: Error, SAID parameter redefined:%s, already defined in SA:%s\n",
					progname, optarg, said_opt);
				exit(1);
			}
			if (proto_opt) {
				fprintf(stderr,
					"%s: Error, PROTO parameter redefined in SA:%s, already defined as:%s\n",
					progname, optarg, proto_opt);
				exit(1);
			}
			if (edst_opt) {
				fprintf(stderr,
					"%s: Error, EDST parameter redefined in SA:%s, already defined as:%s\n",
					progname, optarg, edst_opt);
				exit(1);
			}
			if (spi_opt) {
				fprintf(stderr,
					"%s: Error, SPI parameter redefined in SA:%s, already defined as:%s\n",
					progname, optarg, spi_opt);
				exit(1);
			}
			error_s = ttosa(optarg, 0, &said);
			if (error_s != NULL) {
				fprintf(stderr,
					"%s: Error, %s converting --sa argument:%s\n",
					progname, error_s, optarg);
				exit(1);
			}
			if (debug) {
				satot(&said, 0, ipsaid_txt,
				      sizeof(ipsaid_txt));
				fprintf(stdout, "%s: said=%s.\n",
					progname,
					ipsaid_txt);
			}
			/* init the src and dst with the same address family */
			if (address_family == 0) {
				address_family = addrtypeof(&said.dst);
			} else if (address_family != addrtypeof(&said.dst)) {
				fprintf(stderr,
					"%s: Error, specified address family (%d) is different that of SAID: %s\n",
					progname, address_family, optarg);
				exit(1);
			}
			anyaddr(address_family, &dst);
			anyaddr(address_family, &edst);
			anyaddr(address_family, &src);
			said_opt = optarg;
			break;

		case 'A':
			decode_blob(optarg, "Authentication Key", &authkey, &authkeylen);
			break;

		case 'E':
			decode_blob(optarg, "Encryption Key", &enckey, &enckeylen);
			break;

		case 'w':
		{
			err_t ugh = ttoul(optarg, 0, 0, &replay_window);

			if (ugh != NULL) {
				fprintf(stderr,
					"%s: Invalid replay_window parameter: %s\n",
					progname, ugh);
				exit(1);
			}
			if (!(1 <= replay_window && replay_window <= 64)) {
				fprintf(stderr,
					"%s: Failed -- Illegal window size: arg=%s, replay_window=%lu, must be 1 <= size <= 64.\n",
					progname, optarg, replay_window);
				exit(1);
			}
		}
			break;

		case 'i':
			decode_blob(optarg, "IV", &iv, &ivlen);
			break;

		case 'D':
			if (dst_opt) {
				fprintf(stderr,
					"%s: Error, DST parameter redefined:%s, already defined as:%s\n",
					progname, optarg, dst_opt);
				exit(1);
			}
			error_s = ttoaddr(optarg, 0, address_family, &dst);
			if (error_s != NULL) {
				fprintf(stderr,
					"%s: Error, %s converting --dst argument:%s\n",
					progname, error_s, optarg);
				exit(1);
			}
			dst_opt = optarg;
			if (debug) {
				ipstr_buf b;

				fprintf(stdout, "%s: dst=%s.\n",
					progname,
					ipstr(&dst, &b));
			}
			break;

		case 'F':  /* src port */
			{
				unsigned long u;
				err_t ugh = ttoulb(optarg, 0, 0, 0xFFFF, &u);

				if (ugh != NULL) {
					fprintf(stderr,
						"%s: Invalid source port parameter \"%s\": %s\n",
						progname, optarg, ugh);
					exit(1);
				}
				sport = u;
			}
			break;

		case 'G':  /* dst port */
			{
				unsigned long u;
				err_t ugh = ttoulb(optarg, 0, 0, 0xFFFF, &u);

				if (ugh != NULL) {
					fprintf(stderr,
						"%s: Invalid destination port parameter \"%s\": %s\n",
						progname, optarg, ugh);
					exit(1);
				}
				dport = u;
			}
			break;

		case 'N':  /* nat-type */
			if (strcaseeq(optarg, "nonesp")) {
				natt = ESPINUDP_WITH_NON_ESP;
			} else if (strcaseeq(optarg, "none")) {
				natt = 0;
			} else {
				/* ??? what does this do?  Where is it documented? */
				unsigned long u;
				err_t ugh = ttoulb(optarg, 0, 0, 0xFFFFFFFFul, &u);

				if (ugh != NULL) {
					fprintf(stderr,
						"%s: Invalid character in natt parameter \"%s\": %s\n",
						progname, optarg, ugh);
					exit(1);
				}
				natt = u;
			}
			break;

		case 'S':
			if (src_opt) {
				fprintf(stderr,
					"%s: Error, SRC parameter redefined:%s, already defined as:%s\n",
					progname, optarg, src_opt);
				exit(1);
			}
			error_s = ttoaddr(optarg, 0, address_family, &src);
			if (error_s != NULL) {
				fprintf(stderr,
					"%s: Error, %s converting --src argument:%s\n",
					progname, error_s, optarg);
				exit(1);
			}
			src_opt = optarg;
			if (debug) {
				ipstr_buf b;

				fprintf(stdout, "%s: src=%s.\n",
					progname,
					ipstr(&src, &b));
			}
			break;

		case 'h':
			usage(progname, stdout);
			exit(0);

		case '?':
			usage(progname, stderr);
			exit(1);

		case 'v':
			fprintf(stdout, "%s, %s\n", progname,
				ipsec_version_code());
			exit(1);

		case 'f':
			if (parse_life_options(life,
					       life_opt,
					       optarg) != 0)
				exit(1);
			break;

		default:
			fprintf(stderr,
				"%s: unrecognized option '%c', update option processing.\n",
				progname, c);
			exit(1);
		}
	}
	if (debug) {
		fprintf(stdout, "%s: All options processed.\n",
			progname);
	}

	if (stat("/proc/net/pfkey", &sts) == 0) {
		fprintf(stderr,
			"%s: NETKEY does not use the ipsec spi command. Use 'ip xfrm' instead.\n",
			progname);
		exit(1);
	}

	if (argcount == 1) {
		int ret = 1;

		if ((stat("/proc/net/ipsec_spi", &sts)) != 0) {
			fprintf(stderr,
				"%s: No spi - no IPsec support in kernel (are the modules loaded?)\n",
				progname);
		} else {
			ret = system("cat /proc/net/ipsec_spi");
			ret = ret != -1 &&
			      WIFEXITED(ret) ? WEXITSTATUS(ret) : 1;
		}
		exit(ret);
	}

	switch (alg) {
	case XF_OTHER_ALG:
		/* validate keysizes */
		if (proc_read_ok) {
			const struct sadb_alg *alg_p;
			size_t keylen, minbits, maxbits;
			alg_p = kernel_alg_sadb_alg_get(SADB_SATYPE_ESP,
							SADB_EXT_SUPPORTED_ENCRYPT,
							esp_info->encryptalg);
			assert(alg_p != NULL);
			keylen = enckeylen * 8;

			minbits = alg_p->sadb_alg_minbits;
			maxbits = alg_p->sadb_alg_maxbits;
			/*
			 * if explicit keylen told in encrypt algo, eg "aes128"
			 * check actual keylen "equality"
			 */
			if (esp_info->enckeylen &&
			    esp_info->enckeylen != keylen) {
				fprintf(stderr, "%s: invalid encryption keylen=%d, "
					"required %d by encrypt algo string=\"%s\"\n",
					progname,
					(int)keylen,
					(int)esp_info->enckeylen,
					alg_string);
				exit(1);

			}
			/* thanks DES for this sh*t */

			if (minbits > keylen || maxbits < keylen) {
				fprintf(stderr, "%s: invalid encryption keylen=%d, "
					"must be between %d and %d bits\n",
					progname,
					(int)keylen,
					(int)minbits,
					(int)maxbits);
				exit(1);
			}
			alg_p = kernel_alg_sadb_alg_get(SADB_SATYPE_ESP,
							SADB_EXT_SUPPORTED_AUTH,
							esp_info->authalg);
			assert(alg_p);
			keylen = authkeylen * 8;
			minbits = alg_p->sadb_alg_minbits;
			maxbits = alg_p->sadb_alg_maxbits;
			if (minbits > keylen || maxbits < keylen) {
				fprintf(stderr, "%s: invalid auth keylen=%d, "
					"must be between %d and %d bits\n",
					progname,
					(int)keylen,
					(int)minbits,
					(int)maxbits);
				exit(1);
			}
		}
		/*
		 * ??? this break was added in a2791fda77a5cfcc6bc992fbc5019f4448112f88
		 * It is likely correct, but we're not sure.
		 * Luckily this code is probably never used.
		 */
		break;
	case XF_IP4:
	case XF_IP6:
	case XF_DEL:
	case XF_COMPDEFLATE:
	case XF_COMPLZS:
		if (!said_opt) {
			if (isanyaddr(&edst)) {
				fprintf(stderr,
					"%s: SA destination not specified.\n",
					progname);
				exit(1);
			}
			if (!spi) {
				fprintf(stderr, "%s: SA SPI not specified.\n",
					progname);
				exit(1);
			}
			if (!proto) {
				fprintf(stderr,
					"%s: SA PROTO not specified.\n",
					progname);
				exit(1);
			}
			initsaid(&edst, htonl(spi), proto, &said);
		} else {
			proto = said.proto;
			spi = ntohl(said.spi);
			edst = said.dst;
		}
		if ((address_family != 0) &&
		    (address_family != addrtypeof(&said.dst))) {
			fprintf(stderr,
				"%s: Defined address family and address family of SA missmatch.\n",
				progname);
			exit(1);
		}

		if (debug) {
			fprintf(stdout, "%s: SA valid.\n",
				progname);
		}
		break;
	case XF_CLR:
		break;
	default:
		fprintf(stderr,
			"%s: No action chosen.  See '%s --help' for usage.\n",
			progname, progname);
		exit(1);
	}

	switch (alg) {
	case XF_CLR:
	case XF_DEL:
	case XF_IP4:
	case XF_IP6:
	case XF_COMPDEFLATE:
	case XF_COMPLZS:
	case XF_OTHER_ALG:
		break;
	default:
		fprintf(stderr,
			"%s: No action chosen.  See '%s --help' for usage.\n",
			progname, progname);
		exit(1);
	}
	if (debug) {
		fprintf(stdout, "%s: Algorithm ok.\n",
			progname);
	}

	pfkey_sock = pfkey_open_sock_with_error();
	if (pfkey_sock < 0)
		exit(1);

	/* Build an SADB_ADD message to send down. */
	/* It needs <base, SA, address(SD), key(AE)> minimum. */
	/*   Lifetime(HS) could be added before addresses. */
	pfkey_extensions_init(extensions);

	error = pfkey_msg_hdr_build(&extensions[0],
				    alg == XF_DEL ? SADB_DELETE :
					alg == XF_CLR ? SADB_FLUSH :
					SADB_ADD,
				    proto2satype(proto),
				    0,
				    ++pfkey_seq,
				    mypid);
	if (error != 0) {
		fprintf(stderr,
			"%s: Trouble building message header, error=%d.\n",
			progname, error);
		pfkey_extensions_free(extensions);
		exit(1);
	}

	switch (alg) {
	case XF_OTHER_ALG:
		authalg = esp_info->authalg;
		if (debug) {
			fprintf(stdout, "%s: debug: authalg=%d\n",
				progname, authalg);
		}
		break;
	default:
		authalg = SADB_AALG_NONE;
	}
	switch (alg) {
	case XF_COMPDEFLATE:
		encryptalg = SADB_X_CALG_DEFLATE;
		break;
	case XF_COMPLZS:
		encryptalg = SADB_X_CALG_LZS;
		break;
	case XF_OTHER_ALG:
		encryptalg = esp_info->encryptalg;
		if (debug) {
			fprintf(stdout, "%s: debug: encryptalg=%d\n",
				progname, encryptalg);
		}
		break;
	default:
		encryptalg = SADB_EALG_NONE;
	}
	/* IE: pfkey_msg->sadb_msg_type == SADB_FLUSH */
	if (!(alg == XF_CLR)) {
		sab.sa_base.sadb_sa_len        = 0;
		sab.sa_base.sadb_sa_exttype    = SADB_EXT_SA;
		sab.sa_base.sadb_sa_spi        = htonl(spi);
		sab.sa_base.sadb_sa_replay     = replay_window;
		sab.sa_base.sadb_sa_state      = K_SADB_SASTATE_MATURE;
		sab.sa_base.sadb_sa_auth       = authalg;
		sab.sa_base.sadb_sa_encrypt    = encryptalg;
		sab.sa_base.sadb_sa_flags      = 0;
		sab.sa_base.sadb_x_sa_ref      = IPSEC_SAREF_NULL;
		sab.sa_base.sadb_x_reserved[0] = 0;
		sab.sa_base.sadb_x_reserved[1] = 0;
		sab.sa_base.sadb_x_reserved[2] = 0;
		sab.sa_base.sadb_x_reserved[3] = 0;

		error = pfkey_sa_builds(&extensions[SADB_EXT_SA], sab);
		if (error != 0) {
			fprintf(stderr,
				"%s: Trouble building sa extension, error=%d.\n",
				progname, error);
			pfkey_extensions_free(extensions);
			exit(1);
		}

		if (saref_me || saref_him) {
			error = pfkey_saref_build(&extensions[
							  K_SADB_X_EXT_SAREF],
						  saref_me, saref_him);
			if (error) {
				fprintf(stderr,
					"%s: Trouble building saref extension, error=%d.\n",
					progname, error);
				pfkey_extensions_free(extensions);
				exit(1);
			}
		}

		if (outif != 0) {
			error = pfkey_outif_build(&extensions[
							   SADB_X_EXT_PLUMBIF],
						  outif);
			if (error != 0) {
				fprintf(stderr,
					"%s: Trouble building outif extension, error=%d.\n",
					progname, error);
				pfkey_extensions_free(extensions);
				exit(1);
			}
		}

		if (debug) {
			fprintf(stdout,
				"%s: extensions[0]=0p%p previously set with msg_hdr.\n",
				progname,
				extensions[0]);
		}
		if (debug) {
			fprintf(stdout,
				"%s: assembled SA extension, pfkey msg authalg=%d encalg=%d.\n",
				progname,
				authalg,
				encryptalg);
		}

		if (debug) {
			int i, j;

			for (i = 0; i < life_maxsever; i++) {
				for (j = 0; j < life_maxtype; j++) {
					fprintf(stdout,
						"%s: i=%d, j=%d, life_opt[%d][%d]=0p%p, life[%d][%d]=%d\n",
						progname,
						i, j, i, j, life_opt[i][j], i, j,
						life[i][j]);
				}
			}
		}

		emit_lifetime("lifetime_s", SADB_EXT_LIFETIME_SOFT, extensions, life_opt[life_soft], life[life_soft]);
		emit_lifetime("lifetime_h", SADB_EXT_LIFETIME_HARD, extensions, life_opt[life_hard], life[life_hard]);

		if (debug) {
			ipstr_buf b;

			fprintf(stdout,
				"%s: assembling address_s extension (%s).\n",
				progname, ipstr(&src, &b));
		}

		error = pfkey_address_build(&extensions[SADB_EXT_ADDRESS_SRC],
					    SADB_EXT_ADDRESS_SRC,
					    0,
					    0,
					    sockaddrof(&src));
		if (error != 0) {
			ipstr_buf b;

			fprintf(stderr,
				"%s: Trouble building address_s extension (%s), error=%d.\n",
				progname, ipstr(&src, &b), error);
			pfkey_extensions_free(extensions);
			exit(1);
		}

		error = pfkey_address_build(&extensions[SADB_EXT_ADDRESS_DST],
					    SADB_EXT_ADDRESS_DST,
					    0,
					    0,
					    sockaddrof(&edst));
		if (error != 0) {
			ipstr_buf b;

			fprintf(stderr,
				"%s: Trouble building address_d extension (%s), error=%d.\n",
				progname, ipstr(&edst, &b), error);
			pfkey_extensions_free(extensions);
			exit(1);
		}

		switch (alg) {
		/*	Allow no auth ... after all is local root decision 8)  */
		case XF_OTHER_ALG:
			if (!authalg)
				break;
			error = pfkey_key_build(&extensions[SADB_EXT_KEY_AUTH],
						SADB_EXT_KEY_AUTH,
						authkeylen * 8,
						authkey);
			if (error != 0) {
				fprintf(stderr,
					"%s: Trouble building key_a extension, error=%d.\n",
					progname, error);
				pfkey_extensions_free(extensions);
				exit(1);
			}
			if (debug) {
				fprintf(stdout,
					"%s: key_a extension assembled.\n",
					progname);
			}
			break;
		default:
			break;
		}

		switch (alg) {
		case XF_OTHER_ALG:
			if (enckeylen == 0) {
				if (debug)
					fprintf(stdout, "%s: key not provided (NULL alg?).\n",
						progname);
				break;

			}
			error = pfkey_key_build(&extensions[SADB_EXT_KEY_ENCRYPT],
						SADB_EXT_KEY_ENCRYPT,
						enckeylen * 8,
						enckey);
			if (error != 0) {
				fprintf(stderr,
					"%s: Trouble building key_e extension, error=%d.\n",
					progname, error);
				pfkey_extensions_free(extensions);
				exit(1);
			}
			if (debug) {
				fprintf(stdout,
					"%s: key_e extension assembled.\n",
					progname);
			}
			break;
		default:
			break;
		}

	}

	if (natt != 0) {
		bool success;

		int err;

		err = pfkey_x_nat_t_type_build(&extensions[
							 K_SADB_X_EXT_NAT_T_TYPE],
					       natt);
		success = pfkey_build(err,
				      "pfkey_nat_t_type Add ESP SA",
				      ipsaid_txt, extensions);
		if (!success)
			return FALSE;

		if (debug)
			fprintf(stderr, "setting natt_type to %d\n", natt);

		if (sport != 0) {
			err = pfkey_x_nat_t_port_build(
					&extensions[K_SADB_X_EXT_NAT_T_SPORT],
					K_SADB_X_EXT_NAT_T_SPORT,
					sport);
			success = pfkey_build(err,
					      "pfkey_nat_t_sport Add ESP SA",
					      ipsaid_txt, extensions);
			if (debug)
				fprintf(stderr, "setting natt_sport to %d\n",
					sport);
			if (!success)
				return FALSE;
		}

		if (dport != 0) {
			err = pfkey_x_nat_t_port_build(
					&extensions[K_SADB_X_EXT_NAT_T_DPORT],
					K_SADB_X_EXT_NAT_T_DPORT,
					dport);
			success = pfkey_build(err,
					      "pfkey_nat_t_dport Add ESP SA",
					      ipsaid_txt, extensions);
			if (debug)
				fprintf(stderr, "setting natt_dport to %d\n",
					dport);
			if (!success)
				return FALSE;
		}

#if 0
		/* not yet implemented */
		if (natt != 0 && !isanyaddr(&natt_oa)) {
			ip_str_buf b;

			success = pfkeyext_address(SADB_X_EXT_NAT_T_OA,
						   &natt_oa,
						   "pfkey_nat_t_oa Add ESP SA",
						   ipsaid_txt, extensions);
			if (debug)
				fprintf(stderr, "setting nat_oa to %s\n",
					ipstr(&natt_oa, &b));
			if (!success)
				return FALSE;
		}
#endif
	}

	if (debug) {
		fprintf(stdout, "%s: assembling pfkey msg....\n",
			progname);
	}
	error = pfkey_msg_build(&pfkey_msg, extensions, EXT_BITS_IN);
	if (error != 0) {
		fprintf(stderr,
			"%s: Trouble building pfkey message, error=%d.\n",
			progname, error);
		pfkey_extensions_free(extensions);
		pfkey_msg_free(&pfkey_msg);
		exit(1);
	}
	if (debug) {
		fprintf(stdout, "%s: assembled.\n",
			progname);
	}
	if (debug) {
		fprintf(stdout, "%s: writing pfkey msg.\n",
			progname);
	}
	io_error = write(pfkey_sock,
			 pfkey_msg,
			 pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN);
	if (io_error < 0) {
		fprintf(stderr, "%s: pfkey write failed (errno=%d): ",
			progname, errno);
		pfkey_extensions_free(extensions);
		pfkey_msg_free(&pfkey_msg);
		switch (errno) {
		case EACCES:
			fprintf(stderr, "access denied.  ");
			if (getuid() == 0)
				fprintf(stderr,
					"Check permissions.  Should be 600.\n");


			else
				fprintf(stderr,
					"You must be root to open this file.\n");


			break;
		case EUNATCH:
			fprintf(stderr,
				"Netlink not enabled OR KLIPS not loaded.\n");
			break;
		case EBUSY:
			fprintf(stderr,
				"KLIPS is busy.  Most likely a serious internal error occured in a previous command.  Please report as much detail as possible to development team.\n");
			break;
		case EINVAL:
			fprintf(stderr,
				"Invalid argument, check kernel log messages for specifics.\n");
			break;
		case ENODEV:
			fprintf(stderr, "KLIPS not loaded or enabled.\n");
			fprintf(stderr, "No device?!?\n");
			break;
		case ENOBUFS:
			fprintf(stderr, "No kernel memory to allocate SA.\n");
			break;
		case ESOCKTNOSUPPORT:
			fprintf(stderr,
				"Algorithm support not available in the kernel.  Please compile in support.\n");
			break;
		case EEXIST:
			fprintf(stderr,
				"SA already in use.  Delete old one first.\n");
			break;
		case ENOENT:
			fprintf(stderr,
				"device does not exist.  See Libreswan installation procedure.\n");
			break;
		case ENXIO:
		case ESRCH:
			fprintf(stderr,
				"SA does not exist.  Cannot delete.\n");
			break;
		case ENOSPC:
			fprintf(stderr,
				"no room in kernel SAref table.  Cannot process request.\n");
			break;
		case ESPIPE:
			fprintf(stderr,
				"kernel SAref table internal error.  Cannot process request.\n");
			break;
		default:
			fprintf(stderr,
				"Unknown socket write error %d (%s).  Please report as much detail as possible to development team.\n",
				errno, strerror(errno));
		}
		exit(1);
	} else if (io_error !=
		   (ssize_t)(pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN)) {
		fprintf(stderr, "%s: pfkey write truncated to %d bytes\n",
			progname, (int)io_error);
		pfkey_extensions_free(extensions);
		pfkey_msg_free(&pfkey_msg);
		exit(1);
	}

	if (debug) {
		fprintf(stdout, "%s: pfkey command written to socket.\n",
			progname);
	}

	if (pfkey_msg != NULL) {
		pfkey_extensions_free(extensions);
		pfkey_msg_free(&pfkey_msg);
	}
	if (debug) {
		fprintf(stdout, "%s: pfkey message buffer freed.\n",
			progname);
	}
	if (authkey != NULL) {
		memset(authkey, 0, authkeylen);
		free(authkey);
	}
	if (enckey != NULL) {
		memset(enckey, 0, enckeylen);
		free(enckey);
	}
	if (iv != NULL) {
		memset(iv, 0, ivlen);
		free(iv);
	}

	if (listenreply || saref_me || dumpsaref) {
		ssize_t readlen;
		unsigned char pfkey_buf[PFKEYv2_MAX_MSGSIZE];

		while ((readlen = read(pfkey_sock, pfkey_buf,
				     sizeof(pfkey_buf))) > 0) {
			struct sadb_ext *extensions[K_SADB_EXT_MAX + 1];
			pfkey_extensions_init(extensions);
			pfkey_msg = (struct sadb_msg *)pfkey_buf;

			/* first, see if we got enough for an sadb_msg */
			if ((size_t)readlen < sizeof(struct sadb_msg)) {
				if (debug) {
					printf("%s: runt packet of size: %ld (<%lu)\n",
						progname, (long)readlen,
						(unsigned long)sizeof(struct
								      sadb_msg));
				}
				continue;
			}

			/* okay, we got enough for a message, print it out */
			if (debug) {
				printf("%s: pfkey v%d msg received. type=%d(%s) seq=%d len=%d pid=%d errno=%d satype=%d(%s)\n",
					progname,
					pfkey_msg->sadb_msg_version,
					pfkey_msg->sadb_msg_type,
					pfkey_v2_sadb_type_string(pfkey_msg->
								  sadb_msg_type),
					pfkey_msg->sadb_msg_seq,
					pfkey_msg->sadb_msg_len,
					pfkey_msg->sadb_msg_pid,
					pfkey_msg->sadb_msg_errno,
					pfkey_msg->sadb_msg_satype,
					satype2name(pfkey_msg->sadb_msg_satype));
			}

			if (readlen !=
			    (ssize_t)(pfkey_msg->sadb_msg_len *
				      IPSEC_PFKEYv2_ALIGN)) {
				if (debug) {
					printf("%s: packet size read from socket=%d doesn't equal sadb_msg_len %u * %u; message not decoded\n",
						progname,
						(int)readlen,
						(unsigned)pfkey_msg->sadb_msg_len,
						(unsigned)IPSEC_PFKEYv2_ALIGN);
				}
				continue;
			}

			if (pfkey_msg_parse(pfkey_msg, NULL, extensions,
					    EXT_BITS_OUT)) {
				if (debug) {
					printf("%s: unparseable PF_KEY message.\n",
						progname);
				}
				continue;
			}

			if (debug) {
				printf("%s: parseable PF_KEY message.\n",
					progname);
			}
			if ((pid_t)pfkey_msg->sadb_msg_pid == mypid) {
				if (saref_me || dumpsaref) {
					struct sadb_x_saref *s =
						(struct sadb_x_saref *)
						extensions[
							K_SADB_X_EXT_SAREF];

					if (s != NULL) {
						printf("%s: saref=%d/%d\n",
						       progname,
						       s->sadb_x_saref_me,
						       s->sadb_x_saref_him);
					}
				}
				break;
			}
		}
	}
	(void) close(pfkey_sock);  /* close the socket */
	if (debug || listenreply)
		printf("%s: exited normally\n", progname);
	exit(0);
}
コード例 #15
0
main(int argc, char *argv[]){
	int len;
	char *infile;
	FILE *idfile;
	char idbuf[256];
	int lineno = 0;

	EF_PROTECT_FREE = 1;
	EF_FREE_WIPES  = 1;

	lsw_init_rootdir("../../../baseconfigs/all");

	progname = argv[0];
	leak_detective = 1;

	if (argc != 3 ) {
		fprintf(stderr, "Usage: %s <whackrecord> <idfile>\n",
			progname);
		exit(10);
	}
	/* argv[1] == "-r" */

	tool_init_log();

	infile = argv[1];

	readwhackmsg(infile);

	idfile = fopen(argv[2], "r");
	if (!idfile) {
		perror(argv[2]);
		exit(11);
	}

	cur_debugging = DBG_CONTROL | DBG_CONTROLMORE;

	while (fgets(idbuf, sizeof(idbuf), idfile) != NULL) {
		struct state *st1;
		struct connection *nc;
		struct id peer_id;
		int aggrmode, initiate;
		char id1[256];

		/* ignore comments */
		if (idbuf[0] == '#')
			continue;

		st1 = new_state();

		sscanf(idbuf, "%s %u %u", id1, &initiate, &aggrmode);

		/* set it to the first connection, there may be only one?? */
		st1->st_connection = connections;	/* safe: from new_state */
		st1->st_oakley.auth = OAKLEY_RSA_SIG;

		passert(connections != NULL);

		atoid(id1, &peer_id, TRUE);

		nc = refine_host_connection(st1, &peer_id, initiate, aggrmode);

		printf("%u: %s -> conn: %s\n", ++lineno, id1,
		       nc ? nc->name : "<none>");
	}

	report_leaks();

	tool_close_log();
	exit(0);
}
コード例 #16
0
ファイル: adnstest.c プロジェクト: SpivEgin/Openswan
int main(int argc, char *argv[])
{
    bool  recalculate = FALSE;
    int   len;
    err_t e;
    err_t err = NULL;
    char *infile;
    char *conn_name;
    int  lineno=0;
    struct connection *c1 = NULL;
    struct id moon, cassidy;
    struct adns_continuation *cr1 = NULL;

#ifdef HAVE_EFENCE
    EF_PROTECT_FREE=1;
#endif

    initproctitle(argc, argv);
    progname = argv[0];
    leak_detective = 1;

    if(argc != 3 && argc!=4) {
	fprintf(stderr, "Usage: %s [-r] <whackrecord> <conn-name>\n", progname);
	exit(10);
    }
    /* skip argv0 */
    argc--; argv++;

    if(strcmp(argv[0], "-r")==0) {
        recalculate = 1;    /* do all crypto */
        argc--; argv++;
    }

    tool_init_log();
    cur_debugging |= DBG_DNS;
    init_adns();

    {
    	int r;
	struct sigaction act;

	act.sa_handler = &childhandler;
	act.sa_flags   = SA_RESTART;
	r = sigaction(SIGCHLD, &act, NULL);
	passert(r == 0);
    }

    reset_globals();

    /* setup a query */
    cr1 = alloc_thing(struct adns_continuation, "moon lookup");
    moon.kind = ID_FQDN;
    strtochunk(moon.name, "moon.testing.openswan.org", "dns name");
    e = start_adns_query(&moon, NULL, ns_t_key,
                         moon_continue, cr1);
    freeanychunk(moon.name);
    process_dns_results();

#if 0
    cr1 = alloc_thing(struct adns_continuation, "cassidy lookup");
    cassidy.kind = ID_FQDN;
    strtochunk(cassidy.name, "cassidy.sandelman.ca", "dns name 2");
    e = start_adns_query(&cassidy, NULL, ns_t_key,
                         cassidy_continue, cr1);
    freeanychunk(cassidy.name);
    process_dns_results();
#endif

    /* re-use cassidy */
    cr1 = alloc_thing(struct adns_continuation, "cassidy A lookup");
    e = start_adns_hostname(AF_UNSPEC, "cassidy.sandelman.ca", cassidy_host_continue, cr1);
    process_dns_results();

    stop_adns();
    report_leaks();

    tool_close_log();
    exit(0);
}
コード例 #17
0
ファイル: parentR2.c プロジェクト: newappfirst/Openswan
main(int argc, char *argv[])
{
    int   len;
    char *infile;
    char *conn_name;
    char *pcap1in;
    char *pcap2in;
    char *pcap_out;
    int  lineno=0;
    int regression;
    struct connection *c1;
    struct state *st;

    EF_PROTECT_FREE=1;

    progname = argv[0];
    leak_detective = 1;

    /* skip argv0 */
    argc--; argv++;

    if(strcmp(argv[0], "-r")==0) {
        regression = 1;
        argc--; argv++;
    }

    if(argc != 5) {
	fprintf(stderr, "Usage: %s <whackrecord> <conn-name> <pcapin1> <pcapin2> <pcapout>\n", progname);
	exit(10);
    }

    tool_init_log();
    init_crypto();
    load_oswcrypto();
    init_fake_vendorid();
    init_jamesjohnson_interface();
    init_seam_kernelalgs();

    infile = argv[0];
    conn_name = argv[1];
    pcap1in   = argv[2];
    pcap2in   = argv[3];
    pcap_out  = argv[4];

    cur_debugging = DBG_CONTROL|DBG_CONTROLMORE;
    if(readwhackmsg(infile) == 0) exit(10);
    c1 = con_by_name(conn_name, TRUE);
    assert(c1 != NULL);

    assert(orient(c1, 500));
    show_one_connection(c1);

    /* omit the R1 reply */
    send_packet_setup_pcap("/dev/null");

    /* setup to process the I1 packet */
    recv_pcap_setup(pcap1in);

    /* process first I1 packet */
    cur_debugging = DBG_EMITTING|DBG_CONTROL|DBG_CONTROLMORE;
    pcap_dispatch(pt, 1, recv_pcap_packet, NULL);

    /* set up output file */
    send_packet_setup_pcap(pcap_out);
    pcap_close(pt);

    /* now process the I2 packet */
    recv_pcap_setup(pcap2in);

    cur_debugging = DBG_EMITTING|DBG_CONTROL|DBG_CONTROLMORE;
    pcap_dispatch(pt, 1, recv_pcap_packet2, NULL);

    /* clean up so that we can see any leaks */
    st = state_with_serialno(1);
    if(st!=NULL) {
        free_state(st);
    }

    report_leaks();

    tool_close_log();
    exit(0);
}
コード例 #18
0
ファイル: parentI1fallback.c プロジェクト: dotmark/libreswan
main(int argc, char *argv[]){
	int len;
	char *infile;
	char *conn_name;
	int lineno = 0;
	struct connection *c1;
	struct state *st;

	EF_PROTECT_FREE = 1;
	EF_FREE_WIPES  = 1;

	progname = argv[0];
	leak_detective = 1;

	if (argc != 3) {
		fprintf(stderr, "Usage: %s <whackrecord> <conn-name>\n",
			progname);
		exit(10);
	}
	/* argv[1] == "-r" */

	tool_init_log();
	init_fake_vendorid();

	infile = argv[1];
	conn_name = argv[2];

	readwhackmsg(infile);

	send_packet_setup_pcap("parentI1.pcap");

	c1 = con_by_name(conn_name, TRUE);
	c1->sa_keying_tries = 0; /* for this test case, make retries infinite */
	maximum_retransmissions_initial = 2;

	show_one_connection(c1);

	st = sendI1(c1,
		    DBG_EMITTING | DBG_CONTROL | DBG_CONTROLMORE |
		    DBG_WHACKWATCH);

	run_continuation(r);

	/* after three-retransmits, we fallback to trying IKEv1, if necessary */
	handle_next_timer_event();
	run_continuation(r);
	handle_next_timer_event();
	run_continuation(r);
	handle_next_timer_event();
	run_continuation(r);
	handle_next_timer_event();
	run_continuation(r);
	handle_next_timer_event();
	run_continuation(r);
	handle_next_timer_event();
	run_continuation(r);
	handle_next_timer_event();
	run_continuation(r);
	handle_next_timer_event();
	run_continuation(r);
	handle_next_timer_event();
	run_continuation(r);

	/* after three more retransmits, we go back to IKEv2 */
	handle_next_timer_event();
	run_continuation(r);
	handle_next_timer_event();
	run_continuation(r);
	handle_next_timer_event();
	run_continuation(r);

	/* as the state will have been renewed, it's hard to clean up */
	report_leaks();

	tool_close_log();
	exit(0);
}
コード例 #19
0
ファイル: parentR1_main.c プロジェクト: SpivEgin/Openswan
int main(int argc, char *argv[])
{
    int   len;
    char *infile, *pcapin, *pcapout;
    char *conn_name;
    int  lineno=0;
    struct connection *c1;
    struct state *st;
    char   eb1[256];  /* error buffer for pcap open */

#ifdef HAVE_EFENCE
    EF_PROTECT_FREE=1;
#endif

    progname = argv[0];
    leak_detective = 1;

    if(argc <= 4) {
    usage:
	fprintf(stderr, "Usage: %s <whackrecord> <conn-name> <pcapin> <pcapout>\n", progname);
	exit(10);
    }
    /* argv[1] == "-r" ?? */

    tool_init_log();
    init_crypto();
    init_fake_vendorid();
    init_fake_secrets();
    init_jamesjohnson_interface();

    infile = NULL;
    conn_name = NULL;
    pcapin  = NULL;
    pcapout = NULL;
    argc--; argv++;
    if(argc > 0) {
        infile = argv[0];
        argc--; argv++;
    }
    if(argc > 0) {
        conn_name = argv[0];
        argc--; argv++;
    }
    if(argc > 0) {
        pcapin = argv[0];
        argc--; argv++;
    }
    if(argc > 0) {
        pcapout = argv[0];
        argc--; argv++;
    }
    if(conn_name == NULL ||
       infile    == NULL ||
       pcapin    == NULL ||
       pcapout   == NULL) {
        goto usage;
    }

    cur_debugging = DBG_CONTROL|DBG_CONTROLMORE;
    if(readwhackmsg(infile) == 0) exit(10);
    c1 = con_by_name(conn_name, TRUE);
    assert(c1 != NULL);

    assert(orient(c1, 500));
    show_one_connection(c1, whack_log);

    send_packet_setup_pcap(pcapout);

    /* setup to process the I1 packet */
    recv_pcap_setup(pcapin);

    cur_debugging = DBG_EMITTING|DBG_CONTROL|DBG_CONTROLMORE;
    pcap_dispatch(pt, 1, recv_pcap_packet, NULL);

    /* clean up so that we can see any leaks */
    st = state_with_serialno(1);
    if(st!=NULL) {
        delete_state(st);
        free_state(st);
    }

    delete_connection(c1, TRUE);

    report_leaks();

    tool_close_log();
    exit(0);
}
コード例 #20
0
main(int argc, char *argv[])
{
    int   len;
    char *infile;
    char *conn_name;
    int  lineno=0;
    int  regression = 0;
    struct connection *c1;
    struct state *st;

#ifdef HAVE_EFENCE
    EF_PROTECT_FREE=1;
#endif

    progname = argv[0];
    leak_detective = 1;

    /* skip argv0 */
    argc--; argv++;

    if(strcmp(argv[0], "-r")==0) {
        regression = 1;
        argc--; argv++;
    }
    if(argc != 4) {
	fprintf(stderr, "Usage: %s [-r] <whackrecord> <conn-name> <pcapfile> <pcapout>\n", progname);
	exit(10);
    }

    tool_init_log();
    init_crypto();
    load_oswcrypto();
    init_fake_vendorid();
    init_parker_interface();

    infile = argv[0];
    conn_name = argv[1];

    cur_debugging = DBG_CONTROL|DBG_CONTROLMORE;
    if(readwhackmsg(infile) == 0) exit(10);

    /* input packets */
    recv_pcap_setup(argv[2]);

    /* output first packets to /dev/null */
    send_packet_setup_pcap("/dev/null");

    c1 = con_by_name(conn_name, TRUE);
    assert(c1 != NULL);

    assert(orient(c1, 500));
    show_one_connection(c1);

    st = sendI1(c1, DBG_CONTROL, regression == 0);

    /* now accept the reply packet */
    cur_debugging = DBG_CONTROL|DBG_PARSING;

    /* now output interesting packet to capture file */
    send_packet_setup_pcap(argv[3]);

    pcap_dispatch(pt, 1, recv_pcap_packet, NULL);
    pcap_close(pt);
    recv_pcap_setup(argv[2]);
    pcap_dispatch(pt, 1, recv_pcap_packet, NULL);

    /* dump the delete message that comes out */
    send_packet_setup_pcap("/dev/null");
    delete_connection(c1, TRUE);

    st = state_with_serialno(1);
    if(st!=NULL) {
        free_state(st);
    }

    report_leaks();

    tool_close_log();
    exit(0);
}
コード例 #21
0
ファイル: showhostkey.c プロジェクト: JasonCC/Openswan
void exit_tool(int code)
{
    tool_close_log();
    exit(code);
}
コード例 #22
0
ファイル: nsscert.c プロジェクト: fengwu0086/Openswan
main(int argc, char *argv[])
{
    int i;
    chunk_t blob, crl_uri;
    err_t e;
    cert_t cacert,t1;
    time_t until;

    /* sadly, this is actually too late */
    EF_DISABLE_BANNER = 1;
    progname = argv[0];
    leak_detective=1;

    tool_init_log();
    load_oswcrypto();

    set_debugging(DBG_X509|DBG_PARSING|DBG_CONTROL);
    until =1421896274;
    set_fake_x509_time(until);  /* Wed Jan 21 22:11:14 2015 */

#ifdef HAVE_LIBNSS
    {
	SECStatus nss_init_status= NSS_InitReadWrite("nss.d");
	if (nss_init_status != SECSuccess) {
	    fprintf(stderr, "NSS initialization failed (err %d)\n", PR_GetError());
            exit(10);
	} else {
	    printf("NSS Initialized\n");
	    PK11_SetPasswordFunc(getNSSPassword);
        }
    }
#endif

    if(argc < 3) {
        fprintf(stderr, "Usage: nsscert CAcertfile.pem cert1.pem cert2.pem...\n");
        exit(5);
    }

    /* skip argv0 */
    argc--;
    argv++;

    /* load CAcert */
    if(!load_cert(CERT_NONE, argv[0], TRUE, "cacert", &cacert)) {
        printf("could not load CA cert file: %s\n", argv[0]);
        exit(1);
    }
    add_authcert(cacert.u.x509, AUTH_CA);

    argc--;
    argv++;

    while(argc-- > 0) {
        char *file = *argv++;
        /* load target cert */
        if(!load_cert(CERT_NONE, file, TRUE, "test1", &t1)) {
            printf("could not load cert file: %s\n", file);
            exit(1);
        }


        until += 86400;
        if(verify_x509cert(t1.u.x509, FALSE, &until) == FALSE) {
            printf("verify x509 failed\n");
            exit(3);
        }
        printf("cert: %s is valid\n", file);
        free_x509cert(t1.u.x509);
    }
    free_x509cert(cacert.u.x509);

    report_leaks();
    tool_close_log();
    exit(0);
}
コード例 #23
0
main(int argc, char *argv[]){
	int len;
	char *infile;
	char *conn_name;
	int lineno = 0;
	struct connection *c1;
	pcap_t *pt;
	char eb1[256];
	struct state *st;

	EF_PROTECT_FREE = 1;
	EF_FREE_WIPES  = 1;

	progname = argv[0];
	printf("Started %s\n", progname);

	leak_detective = 1;

	pluto_shared_secrets_file =
		"../../../baseconfigs/west/etc/ipsec.secrets";

	lsw_init_ipsecdir("../../../baseconfigs/west/etc/ipsec.d");
	lsw_init_rootdir("../../../baseconfigs/west");

	init_crypto();
	init_seam_kernelalgs();

	load_authcerts("CA cert",
		       "../../../baseconfigs/west/etc/ipsec.d/cacerts",
		       AUTH_CA);
	if (argc != 4) {
		fprintf(stderr,
			"Usage: %s <whackrecord> <conn-name> <pcapin>\n",
			progname);
		exit(10);
	}
	/* argv[1] == "-r" */

	tool_init_log();
	init_fake_vendorid();

	infile = argv[1];
	conn_name = argv[2];
	load_preshared_secrets(NULL_FD);
	readwhackmsg(infile);

	send_packet_setup_pcap("parentI2x509.pcap");
	pt = pcap_open_offline(argv[3], eb1);
	if (!pt) {
		perror(argv[3]);
		exit(50);
	}

	c1 = con_by_name(conn_name, TRUE);
	show_one_connection(c1);

	/* now, send the I1 packet, really just so that we are in the right
	 * state to receive the R1 packet and process it.
	 */
	st = sendI1(c1, 0);

	cur_debugging = DBG_EMITTING | DBG_CONTROL | DBG_CONTROLMORE |
			DBG_PARSING | DBG_PRIVATE | DBG_CRYPT;
	pcap_dispatch(pt, 1, recv_pcap_packet1, NULL);

	{
		struct state *st;

		/* find st involved */
		st = state_with_serialno(1);
		delete_state(st);

		/* find st involved */
		st = state_with_serialno(2);
		if (st)
			delete_state(st);
	}

	report_leaks();

	tool_close_log();
	exit(0);
}
コード例 #24
0
ファイル: serialaddrinfo.c プロジェクト: SpivEgin/Openswan
int main(int argc, char *argv[])
{
    err_t err = NULL;
    struct addrinfo hints, *result1, *result2;
    unsigned char buffer1[1024];
    unsigned int  buffer1_len = sizeof(buffer1);
    unsigned int  serial_size;
    int i,s;

#ifdef HAVE_EFENCE
    EF_PROTECT_FREE=1;
#endif

    initproctitle(argc, argv);
    progname = argv[0];
    leak_detective = 1;

    tool_init_log();
    cur_debugging |= DBG_DNS;

    zero(&hints);
    hints.ai_family = AF_UNSPEC;    /* Allow IPv4 or IPv6 */
    hints.ai_socktype = SOCK_DGRAM; /* Datagram socket */
    hints.ai_flags = AI_PASSIVE;    /* For wildcard IP address */
    hints.ai_protocol = 0;          /* Any protocol */
    hints.ai_canonname = NULL;
    hints.ai_addr = NULL;
    hints.ai_next = NULL;

    if(argc==1) {
        printf("usage: %s [name]...\n", progname);
        exit(10);
    }

    for(i=1; i < argc; i++) {
        DBG_log("looking up: %s\n", argv[i]);
        s = getaddrinfo(argv[i], NULL, &hints, &result1);
        if(s!=0) {
            printf("lookup: %s a/aaaa lookup error: %s\n"
                             , argv[i], gai_strerror(s));
            continue;
        }
        /* sort things so they come out consistently */
        result1 = sort_addr_info(result1);
        dump_addr_info(result1);

        /* now serialize it into the buffer */
        serial_size = serialize_addr_info(result1, buffer1, buffer1_len);
        freeaddrinfo(result1);

        DBG_log("serialized size=%u\n", serial_size);
        result2 = deserialize_addr_info(buffer1, serial_size);
        dump_addr_info(result2);

        osw_freeaddrinfo(result2);
    }

    report_leaks();

    tool_close_log();
    exit(0);
}
コード例 #25
0
ファイル: algparse.c プロジェクト: rgbriggs/libreswan
int main(int argc UNUSED, char *argv[])
{
	tool_init_log(argv[0]);

	/*
	 * Need to ensure that NSS is initialized before calling
	 * ike_alg_init().  Some sanity checks require a working NSS.
	 */
	lsw_nss_buf_t err;
	if (!lsw_nss_setup(NULL, 0, NULL, err)) {
		fprintf(stderr, "unexpected %s\n", err);
		exit(1);
	}

	ike_alg_init();

	/* esp= */
	fprintf(stdout, "\n---- ESP tests that should succeed ----\n");

	do_test("aes_gcm_a-128-null", PROTO_IPSEC_ESP);
	do_test("3des-sha1;modp1024", PROTO_IPSEC_ESP);
	do_test("3des-sha1;modp1536", PROTO_IPSEC_ESP);
	do_test("3des-sha1;modp2048", PROTO_IPSEC_ESP);
	do_test("3des-sha1;dh22", PROTO_IPSEC_ESP);
	do_test("3des-sha1;dh23", PROTO_IPSEC_ESP);
	do_test("3des-sha1;dh24", PROTO_IPSEC_ESP);
	do_test("3des-sha1", PROTO_IPSEC_ESP);
	do_test("null-sha1", PROTO_IPSEC_ESP);
	do_test("aes", PROTO_IPSEC_ESP);
	do_test("aes_cbc", PROTO_IPSEC_ESP);
	do_test("aes-sha", PROTO_IPSEC_ESP);
	do_test("aes-sha1", PROTO_IPSEC_ESP);
	do_test("aes-sha2", PROTO_IPSEC_ESP);
	do_test("aes-sha256", PROTO_IPSEC_ESP);
	do_test("aes-sha384", PROTO_IPSEC_ESP);
	do_test("aes-sha512", PROTO_IPSEC_ESP);
	do_test("aes128-sha1", PROTO_IPSEC_ESP);
	do_test("aes128-aes_xcbc", PROTO_IPSEC_ESP);
	do_test("aes192-sha1", PROTO_IPSEC_ESP);
	do_test("aes256-sha1", PROTO_IPSEC_ESP);
	do_test("aes256-sha", PROTO_IPSEC_ESP);
	do_test("aes256-sha2", PROTO_IPSEC_ESP);
	do_test("aes256-sha2_256", PROTO_IPSEC_ESP);
	do_test("aes256-sha2_384", PROTO_IPSEC_ESP);
	do_test("aes256-sha2_512", PROTO_IPSEC_ESP);
	do_test("camellia", PROTO_IPSEC_ESP);
	do_test("camellia128", PROTO_IPSEC_ESP);
	do_test("camellia192", PROTO_IPSEC_ESP);
	do_test("camellia256", PROTO_IPSEC_ESP);
	do_test("aes_ccm_a-128-null", PROTO_IPSEC_ESP);
	do_test("aes_ccm_a-192-null", PROTO_IPSEC_ESP);
	do_test("aes_ccm_a-256-null", PROTO_IPSEC_ESP);
	do_test("aes_ccm_b-128-null", PROTO_IPSEC_ESP);
	do_test("aes_ccm_b-192-null", PROTO_IPSEC_ESP);
	do_test("aes_ccm_b-256-null", PROTO_IPSEC_ESP);
	do_test("aes_ccm_c-128-null", PROTO_IPSEC_ESP);
	do_test("aes_ccm_c-192-null", PROTO_IPSEC_ESP);
	do_test("aes_ccm_c-256-null", PROTO_IPSEC_ESP);
	do_test("aes_gcm_a-128-null", PROTO_IPSEC_ESP);
	do_test("aes_gcm_a-192-null", PROTO_IPSEC_ESP);
	do_test("aes_gcm_a-256-null", PROTO_IPSEC_ESP);
	do_test("aes_gcm_b-128-null", PROTO_IPSEC_ESP);
	do_test("aes_gcm_b-192-null", PROTO_IPSEC_ESP);
	do_test("aes_gcm_b-256-null", PROTO_IPSEC_ESP);
	do_test("aes_gcm_c-128-null", PROTO_IPSEC_ESP);
	do_test("aes_gcm_c-192-null", PROTO_IPSEC_ESP);
	do_test("aes_gcm_c-256-null", PROTO_IPSEC_ESP);
	do_test("aes_ccm-null", PROTO_IPSEC_ESP);
	do_test("aes_gcm-null", PROTO_IPSEC_ESP);
	do_test("aes_ccm-256-null", PROTO_IPSEC_ESP);
	do_test("aes_gcm-192-null", PROTO_IPSEC_ESP);
#if 0
	/* these are caught using "aliasing" and rewritten to the above syntax */
	do_test("aes_ccm_8-128-null", PROTO_IPSEC_ESP);
	do_test("aes_ccm_8-192-null", PROTO_IPSEC_ESP);
	do_test("aes_ccm_8-256-null", PROTO_IPSEC_ESP);
	do_test("aes_ccm_12-128-null", PROTO_IPSEC_ESP);
	do_test("aes_ccm_12-192-null", PROTO_IPSEC_ESP);
	do_test("aes_ccm_12-256-null", PROTO_IPSEC_ESP);
	do_test("aes_ccm_16-128-null", PROTO_IPSEC_ESP);
	do_test("aes_ccm_16-192-null", PROTO_IPSEC_ESP);
	do_test("aes_ccm_16-256-null", PROTO_IPSEC_ESP);
	do_test("aes_gcm_8-128-null", PROTO_IPSEC_ESP);
	do_test("aes_gcm_8-192-null", PROTO_IPSEC_ESP);
	do_test("aes_gcm_8-256-null", PROTO_IPSEC_ESP);
	do_test("aes_gcm_12-128-null", PROTO_IPSEC_ESP);
	do_test("aes_gcm_12-192-null", PROTO_IPSEC_ESP);
	do_test("aes_gcm_12-256-null", PROTO_IPSEC_ESP);
	do_test("aes_gcm_16-128-null", PROTO_IPSEC_ESP);
	do_test("aes_gcm_16-192-null", PROTO_IPSEC_ESP);
	do_test("aes_gcm_16-256-null", PROTO_IPSEC_ESP);
#endif
	/* other */
	do_test("aes_ctr", PROTO_IPSEC_ESP);
	do_test("aesctr", PROTO_IPSEC_ESP);
	do_test("aes_ctr128", PROTO_IPSEC_ESP);
	do_test("aes_ctr192", PROTO_IPSEC_ESP);
	do_test("aes_ctr256", PROTO_IPSEC_ESP);
	do_test("serpent", PROTO_IPSEC_ESP);
	do_test("twofish", PROTO_IPSEC_ESP);
	do_test("mars", PROTO_IPSEC_ESP);
	/*
	 * should this be supported - for now man page says not
	 * do_test("modp1536", PROTO_IPSEC_ESP);
	 */

	fprintf(stdout, "\n---- ESP tests that should fail----\n");

	do_test("3des168-sha1", PROTO_IPSEC_ESP); /* should get rejected */
	do_test("3des-null", PROTO_IPSEC_ESP); /* should get rejected */
	do_test("aes128-null", PROTO_IPSEC_ESP); /* should get rejected */
	do_test("aes224-sha1", PROTO_IPSEC_ESP); /* should get rejected */
	do_test("aes512-sha1", PROTO_IPSEC_ESP); /* should get rejected */
	do_test("aes-sha1555", PROTO_IPSEC_ESP); /* should get rejected */
	do_test("camellia666-sha1", PROTO_IPSEC_ESP); /* should get rejected */
	do_test("blowfish", PROTO_IPSEC_ESP); /* obsoleted */
	do_test("des-sha1", PROTO_IPSEC_ESP); /* obsoleted */
	do_test("aes_ctr666", PROTO_IPSEC_ESP); /* bad key size */
	do_test("aes128-sha2_128", PROTO_IPSEC_ESP); /* _128 does not exist */
	do_test("aes256-sha2_256-4096", PROTO_IPSEC_ESP); /* double keysize */
	do_test("aes256-sha2_256-128", PROTO_IPSEC_ESP); /* now what?? */
	do_test("vanitycipher", PROTO_IPSEC_ESP);
	do_test("ase-sah", PROTO_IPSEC_ESP); /* should get rejected */
	do_test("aes-sah1", PROTO_IPSEC_ESP); /* should get rejected */
	do_test("id3", PROTO_IPSEC_ESP); /* should be rejected; idXXX removed */
	do_test("aes-id3", PROTO_IPSEC_ESP); /* should be rejected; idXXX removed */
	do_test("aes_gcm-md5", PROTO_IPSEC_ESP); /* AEAD must have auth null */

	/* ah= */

	fprintf(stdout, "\n---- AH tests that should succeed ----\n");
	do_test("md5", PROTO_IPSEC_AH);
	do_test("sha", PROTO_IPSEC_AH);
	do_test("sha1", PROTO_IPSEC_AH);
	do_test("sha2", PROTO_IPSEC_AH);
	do_test("sha256", PROTO_IPSEC_AH);
	do_test("sha384", PROTO_IPSEC_AH);
	do_test("sha512", PROTO_IPSEC_AH);
	do_test("sha2_256", PROTO_IPSEC_AH);
	do_test("sha2_384", PROTO_IPSEC_AH);
	do_test("sha2_512", PROTO_IPSEC_AH);
	do_test("aes_xcbc", PROTO_IPSEC_AH);
	do_test("ripemd", PROTO_IPSEC_AH);

	fprintf(stdout, "\n---- AH tests that should fail ----\n");
	do_test("aes-sha1", PROTO_IPSEC_AH);
	do_test("vanityhash1", PROTO_IPSEC_AH);
	do_test("aes_gcm_c-256", PROTO_IPSEC_AH);
	do_test("id3", PROTO_IPSEC_AH); /* should be rejected; idXXX removed */
	do_test("3des", PROTO_IPSEC_AH);
	do_test("null", PROTO_IPSEC_AH);
	do_test("aes_gcm", PROTO_IPSEC_AH);
	do_test("aes_ccm", PROTO_IPSEC_AH);

	/* ike= */

	fprintf(stdout, "\n---- IKE tests that should succeed ----\n");
	do_test("3des-sha1", PROTO_ISAKMP);

	fprintf(stdout, "\n---- IKE tests that should fail ----\n");
	do_test("id2", PROTO_ISAKMP); /* should be rejected; idXXX removed */
	do_test("3des-id2", PROTO_ISAKMP); /* should be rejected; idXXX removed */

	fflush(NULL);
	report_leaks();

	lsw_nss_shutdown();
	tool_close_log();
	exit(0);
}
コード例 #26
0
ファイル: parentI1_main.c プロジェクト: ZhangJZ808/Openswan
main(int argc, char *argv[])
{
    int   len;
    char *infile;
    char *conn_name;
    int  lineno=0;
    int  regression = 0;
    struct connection *c1;
    struct state *st;

#ifdef HAVE_EFENCE
    EF_PROTECT_FREE=1;
#endif

    progname = argv[0];
    leak_detective = 1;

    if(argc != 3 && argc!=4) {
	fprintf(stderr, "Usage: %s [-r] <whackrecord> <conn-name>\n", progname);
	exit(10);
    }
    /* skip argv0 */
    argc--; argv++;

    if(strcmp(argv[0], "-r")==0) {
        regression = 1;
        argc--; argv++;
    }

    tool_init_log();
    load_oswcrypto();
    init_fake_vendorid();
    init_fake_secrets();
    init_local_interface();

    infile = argv[0];
    conn_name = argv[1];

    cur_debugging = DBG_CONTROL|DBG_CONTROLMORE;
    if(readwhackmsg(infile) == 0) exit(11);

    send_packet_setup_pcap("OUTPUT/" TESTNAME ".pcap");

    c1 = con_by_name(conn_name, TRUE);
    assert(c1 != NULL);

    //list_public_keys(FALSE, FALSE);
#ifndef SKIP_ORIENT_ASSERT
    assert(orient(c1, 500));
#endif
    show_one_connection(c1);

#ifndef SKIP_INITIATE
    /* do calculation if not -r for regression */
    st = sendI1(c1, DBG_EMITTING|DBG_CONTROL|DBG_CONTROLMORE, regression == 0);

    st = state_with_serialno(1);
    if(st!=NULL) {
        delete_state(st);
        free_state(st);
    }
#endif

    delete_connection(c1, TRUE);

    report_leaks();

    tool_close_log();
    exit(0);
}
コード例 #27
0
ファイル: parentR1.c プロジェクト: nawien-sharma/libreswan
main(int argc, char *argv[]) {
    int len;
    char *infile;
    char *conn_name;
    int lineno = 0;
    struct connection *c1;
    pcap_t *pt;
    char eb1[256];

    EF_PROTECT_BELOW = 1;
    EF_PROTECT_FREE = 1;
    EF_FREE_WIPES  = 1;

    progname = argv[0];
    leak_detective = 1;

    init_crypto();

    if (argc != 4) {
        fprintf(stderr,
                "Usage: %s <whackrecord> <conn-name> <pcapin>\n",
                progname);
        exit(10);
    }
    /* argv[1] == "-r" */

    tool_init_log();
    init_fake_vendorid();

    infile = argv[1];
    conn_name = argv[2];

    readwhackmsg(infile);

    send_packet_setup_pcap("parentR1.pcap");

    c1 = con_by_name(conn_name, TRUE);

    show_one_connection(c1);

    pt = pcap_open_offline(argv[3], eb1);
    if (!pt) {
        perror(argv[3]);
        exit(50);
    }

    cur_debugging = DBG_EMITTING | DBG_CONTROL | DBG_CONTROLMORE;
    pcap_dispatch(pt, 1, recv_pcap_packet, NULL);

    {
        struct state *st;

        /* find st involved */
        st = state_with_serialno(1);
        delete_state(st);
    }

    report_leaks();

    tool_close_log();
    exit(0);
}
コード例 #28
0
ファイル: parentI1R1.c プロジェクト: ZhangJZ808/Openswan
main(int argc, char *argv[])
{
    int   len;
    char *infile;
    char *conn_name;
    int  lineno=0;
    int  regression = 0;
    struct connection *c1;
    struct state *st;

    EF_PROTECT_FREE=1;

    progname = argv[0];
    leak_detective = 1;

    if(argc != 4 && argc != 5) {
	fprintf(stderr, "Usage: %s [-r] <whackrecord> <conn-name> <pcapfile>\n", progname);
	exit(10);
    }
    /* skip argv0 */
    argc--; argv++;

    if(strcmp(argv[0], "-r")==0) {
        regression = 1;
        argc--; argv++;
    }

    tool_init_log();
    load_oswcrypto();
    init_fake_vendorid();
    init_parker_interface();

    infile = argv[0];
    conn_name = argv[1];

    cur_debugging = DBG_CONTROL|DBG_CONTROLMORE;
    if(readwhackmsg(infile) == 0) exit(10);

    /* input packets */
    recv_pcap_setup(argv[2]);

    /* output packets */
    send_packet_setup_pcap("OUTPUT/parentI2.pcap");

    c1 = con_by_name(conn_name, TRUE);
    assert(c1 != NULL);

    assert(orient(c1, 500));
    show_one_connection(c1);

    st = sendI1(c1, DBG_CONTROL, regression == 0);

    /* now accept the reply packet */
    cur_debugging = DBG_CONTROL|DBG_PARSING;
    pcap_dispatch(pt, 1, recv_pcap_packet, NULL);

    st = state_with_serialno(1);
    if(st!=NULL) {
        delete_state(st);
        free_state(st);
    }

    report_leaks();

    tool_close_log();
    exit(0);
}