main(int argc, char *argv[])
{
int len;
char *infile;
EF_PROTECT_FREE=1;
EF_FREE_WIPES =1;
progname = argv[0];
leak_detective = 1;
if(argc > 2 ) {
fprintf(stderr, "Usage: %s <whackrecord>\n", progname);
exit(10);
}
/* argv[1] == "-r" */
tool_init_log();
infile = argv[1];
readwhackmsg(infile);
report_leaks();
tool_close_log();
exit(0);
}
main(int argc, char *argv[]){
int i;
struct db_sa *gsp = NULL;
struct db_sa *sa1 = NULL;
struct db_sa *sa2 = NULL;
struct alg_info_ike *aii;
char err_buf[256]; /* ??? big enough? */
EF_PROTECT_FREE = 1;
EF_FREE_WIPES = 1;
progname = argv[0];
leak_detective = 1;
tool_init_log();
init_crypto();
aii = alg_info_ike_create_from_str("3des", err_buf, sizeof(err_buf));
gsp = oakley_alg_makedb(aii,
&oakley_sadb[POLICY_RSASIG >>
POLICY_ISAKMP_SHIFT],
FALSE);
sa_print(gsp);
sa_v2_convert(&gsp);
sa_v2_print(gsp);
tool_close_log();
free_sa(&gsp);
exit(0);
}
main(int argc, char *argv[])
{
int i;
struct db_sa *gsp = NULL;
struct db_sa *sa1 = NULL;
struct db_sa *sa2 = NULL;
struct alg_info_ike *aii;
err_t ugh;
progname = argv[0];
leak_detective=1;
tool_init_log();
init_crypto();
aii = alg_info_ike_create_from_str("3des", &ugh);
gsp = oakley_alg_makedb(aii
, &oakley_sadb[POLICY_RSASIG >> POLICY_ISAKMP_SHIFT]
, -1);
sa_print(gsp);
tool_close_log();
exit(0);
}
main(int argc, char *argv[]){
int i;
struct db_sa *sa1 = NULL;
progname = argv[0];
leak_detective = 1;
tool_init_log();
for (i = 0; i < elemsof(oakley_sadb); i++) {
/* make sure that leak reports and EFence reports get
* placed in the right order.
*/
fflush(stdout);
fflush(stderr);
printf("\nmain mode oakley: %u\n", i);
sa_print(&oakley_sadb[i]);
sa1 = sa_copy_sa_first(&oakley_sadb[i]);
sa_print(sa1);
free_sa(sa1);
fflush(stdout);
report_leaks();
}
tool_close_log();
exit(0);
}
main(int argc, char *argv[]) {
progname = argv[0];
tool_init_log();
/* our enum names */
do_test(&connection_kind_names, 256);
do_test(&certpolicy_type_names, 256);
/* IETF registry based enum names */
do_test(&version_names, 256);
do_test(&doi_names, 256);
do_test(&ikev1_payload_names, 256);
do_test(&ikev2_payload_names, 256);
do_test(&payload_names_ikev1orv2, 256);
do_test(&ikev1_exchange_names, 256);
do_test(&ikev2_exchange_names, 256);
do_test(&exchange_names_ikev1orv2, 256);
do_test(&protocol_names, 256); /* why not ikev1_protocol_names ? */
do_test(&ikev2_protocol_names, 256);
do_test(&isakmp_transformid_names, 256);
do_test(&ah_transformid_names, 256);
do_test(&esp_transformid_names, 256);
do_test(&ipcomp_transformid_names, 256);
do_test(&oakley_attr_names, 256);
do_test(&ipsec_attr_names, 256);
do_test(&sa_lifetime_names, 256);
do_test(&oakley_lifetime_names, 256);
do_test(&oakley_auth_names, 256);
do_test(&oakley_enc_names, 256);
do_test(&oakley_hash_names, 256);
do_test(&oakley_group_names, 256);
do_test(&ikev1_notify_names, 16384);
do_test(&ikev2_notify_names, 16384);
do_test(&ikev2_ts_type_names, 256);
do_test(&enc_mode_names, 256);
do_test(&auth_alg_names, 256);
do_test(&xauth_type_names, 256);
do_test(&xauth_attr_names, 256);
do_test(&attr_msg_type_names, 256);
do_test(&ikev2_sec_proto_id_names, 256);
do_test(&ikev2_auth_names, 256);
do_test(&ikev2_trans_type_encr_names, 256);
do_test(&ikev2_trans_type_prf_names, 256);
do_test(&ikev2_trans_type_integ_names, 256);
do_test(&ikev2_trans_type_esn_names, 256);
do_test(&ikev2_trans_type_names, 256);
do_test(&ike_cert_type_names, 256);
do_test(&ikev2_cert_type_names, 256);
do_test(&modecfg_attr_names, 256);
do_test(&ike_idtype_names, 256);
do_test(&ikev2_idtype_names, 256);
report_leaks();
tool_close_log();
exit(0);
}
int main(int argc, char *argv[])
{
bool recalculate = FALSE;
int len;
err_t err = NULL;
char *infile;
char *conn_name;
int lineno=0;
struct connection *c1 = NULL;
#ifdef HAVE_EFENCE
EF_PROTECT_FREE=1;
#endif
progname = argv[0];
leak_detective = 1;
if(argc != 3 && argc!=4) {
fprintf(stderr, "Usage: %s [-r] <whackrecord> <conn-name>\n", progname);
exit(10);
}
/* skip argv0 */
argc--; argv++;
if(strcmp(argv[0], "-r")==0) {
recalculate = 1; /* do all crypto */
argc--; argv++;
}
tool_init_log();
load_oswcrypto();
init_fake_vendorid();
init_fake_secrets();
init_local_interface();
infile = argv[0];
conn_name = argv[1];
cur_debugging = DBG_CONTROL|DBG_CONTROLMORE;
if(readwhackmsg(infile) == 0) exit(11);
send_packet_setup_pcap("OUTPUT/" TESTNAME ".pcap");
c1 = con_by_name(conn_name, TRUE);
assert(c1 != NULL);
//list_public_keys(FALSE, FALSE);
assert(orient(c1, 500));
show_one_connection(c1, whack_log);
kick_adns_connection_lookup(c1, &c1->spd.that, TRUE);
report_leaks();
tool_close_log();
exit(0);
}
main(int argc, char *argv[])
{
int len;
err_t err = NULL;
char *infile;
char *conn_name;
int lineno=0;
struct starter_config *cfg = NULL;
struct starter_conn *conn = NULL;
//EF_PROTECT_FREE=1;
progname = argv[0];
leak_detective = 1;
if(argc < 4) {
fprintf(stderr, "Usage: %s <cfgrootdir> <cfgfile> <conn-name>.. \n", progname);
exit(10);
}
/* argv[1] == "-r" */
tool_init_log();
//init_fake_vendorid();
rootdir[0]='\0';
strlcat(rootdir, argv[1], sizeof(rootdir));
starter_use_log(1, 1, 1);
cfg = confread_load(argv[2], &err, FALSE, NULL,FALSE);
argv+=3;
argc-=3;
/* load all conns marked as auto=add or better */
for(conn = cfg->conns.tqh_first;
conn != NULL;
conn = conn->link.tqe_next)
{
for(; argc>0; argc--, argv++) {
conn_name = *argv;
printf("processing conn: %s\n", conn_name);
if(strcasecmp(conn->name, conn_name)==0) {
struct whack_message msg1;
if(starter_whack_build_basic_conn(cfg, &msg1, conn)==0) {
add_connection(&msg1);
}
}
}
}
confread_free(cfg);
report_leaks();
tool_close_log();
exit(0);
}
main(int argc, char *argv[])
{
int len;
char *infile;
char *conn_name;
int lineno=0;
struct connection *c1;
struct state *st;
EF_PROTECT_FREE=1;
EF_FREE_WIPES =1;
progname = argv[0];
leak_detective = 1;
if(argc != 3) {
fprintf(stderr, "Usage: %s <whackrecord> <conn-name>\n", progname);
exit(10);
}
/* argv[1] == "-r" */
tool_init_log();
init_fake_vendorid();
infile = argv[1];
conn_name = argv[2];
readwhackmsg(infile);
send_packet_setup_pcap("parentI1.pcap");
c1 = con_by_name(conn_name, TRUE);
show_one_connection(c1);
st = sendI1(c1,DBG_EMITTING|DBG_CONTROL|DBG_CONTROLMORE);
run_continuation(r);
/* now invoke the timer event to cause a re-transmission */
handle_next_timer_event();
/* clean up so that we can see any leaks */
delete_state(st);
report_leaks();
tool_close_log();
exit(0);
}
main(int argc, char *argv[]) {
int i;
struct db_sa *gsp = NULL;
struct db_sa *sa1 = NULL;
struct db_sa *sa2 = NULL;
struct alg_info_esp *aii;
char err_buf[100];
EF_PROTECT_FREE = 1;
EF_FREE_WIPES = 1;
EF_PROTECT_BELOW = 1;
progname = argv[0];
leak_detective = 1;
tool_init_log();
init_crypto();
{
int algo;
for (algo = 1; algo <= K_SADB_EALG_MAX; algo++)
esp_ealg[(algo)].sadb_alg_id = (algo);
}
{
int algo;
for (algo = 1; algo <= K_SADB_AALG_MAX; algo++)
esp_aalg[(algo)].sadb_alg_id = (algo);
}
esp_ealg_num = 10;
esp_aalg_num = 10;
aii = alg_info_esp_create_from_str("aes128-sha1", &err_buf, sizeof(err_buf));
gsp = kernel_alg_makedb(POLICY_ENCRYPT | POLICY_AUTHENTICATE,
aii,
TRUE);
sa_print(gsp);
gsp = sa_v2_convert(gsp);
sa_v2_print(gsp);
tool_close_log();
free_sa(gsp);
exit(0);
}
int main(int argc, char *argv[])
{
int i;
struct db_sa *sa1 = NULL;
struct db_sa *sa2 = NULL;
progname = argv[0];
leak_detective=1;
tool_init_log();
for(i=0; i < elemsof(oakley_sadb); i++) {
printf("\nmain mode oakley: %u\n", i);
sa_print(&oakley_sadb[i]);
sa1 = sa_copy_sa(&oakley_sadb[i], 0);
if(sa2 != NULL) {
free_sa(sa2);
}
sa2 = sa_copy_sa(sa1, 0);
free_sa(sa1);
printf("copy 2\n");
sa_print(sa2);
}
for(i=0; i < elemsof(oakley_am_sadb); i++) {
printf("\naggr mode oakley: %u\n", i);
sa_print(&oakley_am_sadb[i]);
sa1 = sa_copy_sa(&oakley_am_sadb[i], 0);
if(sa2 != NULL) {
free_sa(sa2);
}
sa2 = sa_copy_sa(sa1, 0);
free_sa(sa1);
printf("copy 2\n");
sa_print(sa2);
}
if(sa2 != NULL) free_sa(sa2);
report_leaks();
tool_close_log();
exit(0);
}
int main(int argc, char *argv[])
{
int len;
char *infile;
char *conn_name;
int lineno=0;
int regression = 0;
struct connection *c1;
struct state *st;
#ifdef HAVE_EFENCE
EF_PROTECT_FREE=1;
#endif
progname = argv[0];
leak_detective = 1;
if(argc != 3 && argc!=4) {
fprintf(stderr, "Usage: %s [-r] <whackrecord>\n", progname);
exit(10);
}
/* skip argv0 */
argc--; argv++;
if(strcmp(argv[0], "-r")==0) {
regression = 1;
argc--; argv++;
}
tool_init_log();
load_oswcrypto();
init_fake_vendorid();
init_fake_secrets();
init_local_interface();
infile = argv[0];
cur_debugging = DBG_CONTROL|DBG_CONTROLMORE;
if(readwhackmsg(infile) == 0) exit(11);
hostpair_list();
report_leaks();
tool_close_log();
exit(0);
}
int main(int argc, char *argv[])
{
int i;
struct id one;
progname = argv[0];
tool_init_log();
t1();
t2();
t3();
t4();
t5(); t6();
report_leaks();
tool_close_log();
exit(0);
}
main(int argc, char *argv[]){
int i;
struct db_sa *gsp = NULL;
struct db_sa *sa1 = NULL;
struct db_sa *sa2 = NULL;
progname = argv[0];
leak_detective = 1;
tool_init_log();
for (i = 0; i < elemsof(oakley_sadb); i++) {
gsp = sa_copy_sa(&oakley_empty, 0);
printf("\nmain mode oakley: %u\n", i);
//sa_print(&oakley_sadb[i]);
sa1 = sa_copy_sa(&oakley_sadb[i], 0);
sa2 = sa_merge_proposals(gsp, sa1);
printf("sa1:\n");
sa_print(sa1);
printf("gsp:\n");
sa_print(gsp);
printf("sa2:\n");
sa_print(sa2);
free_sa(sa1);
free_sa(sa2);
free_sa(gsp);
report_leaks();
}
tool_close_log();
exit(0);
}
int main(int argc, char *argv[])
{
__u32 spi = 0;
int c;
ip_said said;
const char *error_s;
char ipsaid_txt[SATOT_BUF];
int outif = 0;
int error = 0;
ssize_t io_error;
int argcount = argc;
pid_t mypid;
int listenreply = 0;
unsigned char authalg, encryptalg;
struct sadb_ext *extensions[K_SADB_EXT_MAX + 1];
struct sadb_msg *pfkey_msg;
char *edst_opt, *spi_opt, *proto_opt, *af_opt, *said_opt, *dst_opt,
*src_opt;
u_int32_t natt;
u_int16_t sport, dport;
uint32_t life[life_maxsever][life_maxtype];
char *life_opt[life_maxsever][life_maxtype];
struct stat sts;
struct sadb_builds sab;
progname = argv[0];
mypid = getpid();
natt = 0;
sport = 0;
dport = 0;
tool_init_log();
zero(&said); /* OK: no pointer fields */
edst_opt = spi_opt = proto_opt = af_opt = said_opt = dst_opt =
src_opt = NULL;
{
int i, j;
for (i = 0; i < life_maxsever; i++) {
for (j = 0; j < life_maxtype; j++) {
life_opt[i][j] = NULL;
life[i][j] = 0;
}
}
}
while ((c = getopt_long(argc, argv,
"" /*"H:P:Z:46dcA:E:e:s:a:w:i:D:S:hvgl:+:f:"*/,
longopts, 0)) != EOF) {
unsigned long u;
err_t ugh;
switch (c) {
case 'g':
debug = TRUE;
pfkey_lib_debug = PF_KEY_DEBUG_PARSE_MAX;
/* paul: this is a plutoism? cur_debugging = 0xffffffff; */
argcount--;
break;
case 'R':
listenreply = 1;
argcount--;
break;
case 'r':
dumpsaref = 1;
argcount--;
break;
case 'b': /* set the SAref to use */
ugh = ttoulb(optarg, 0, 0, INT_MAX, &u);
if (ugh != NULL) {
fprintf(stderr,
"%s: Invalid SAREFi parameter \"%s\": %s\n",
progname, optarg, ugh);
exit(1);
}
saref_me = u;
argcount--;
break;
case 'B': /* set the SAref to use for outgoing packets */
ugh = ttoulb(optarg, 0, 0, INT_MAX, &u);
if (ugh != NULL) {
fprintf(stderr,
"%s: Invalid SAREFo parameter \"%s\": %s\n",
progname, optarg, ugh);
exit(1);
}
saref_him = u;
argcount--;
break;
case 'O': /* set interface from which packet should arrive */
ugh = ttoulb(optarg, 0, 0, INT_MAX, &u);
if (ugh != NULL) {
fprintf(stderr,
"%s: Invalid outif parameter \"%s\": %s\n",
progname, optarg, ugh);
exit(1);
}
outif = u;
argcount--;
break;
case 'l':
{
static const char combine_fmt[] = "%s --label %s";
size_t room = strlen(argv[0]) +
sizeof(combine_fmt) +
strlen(optarg);
progname = malloc(room);
snprintf(progname, room, combine_fmt,
argv[0],
optarg);
tool_close_log();
tool_init_log();
argcount -= 2;
break;
}
case 'H':
if (alg) {
fprintf(stderr,
"%s: Only one of '--ah', '--esp', '--comp', '--ip4', '--ip6', '--del' or '--clear' options permitted.\n",
progname);
exit(1);
}
if (streq(optarg, "hmac-md5-96")) {
alg = XF_AHHMACMD5;
} else if (streq(optarg, "hmac-sha1-96")) {
alg = XF_AHHMACSHA1;
} else {
fprintf(stderr,
"%s: Unknown authentication algorithm '%s' follows '--ah' option.\n",
progname, optarg);
exit(1);
}
if (debug) {
fprintf(stdout, "%s: Algorithm %d selected.\n",
progname,
alg);
}
break;
case 'P':
if (alg) {
fprintf(stderr,
"%s: Only one of '--ah', '--esp', '--comp', '--ip4', '--ip6', '--del' or '--clear' options permitted.\n",
progname);
exit(1);
}
alg = decode_esp(optarg);
if (debug) {
fprintf(stdout, "%s: Algorithm %d selected.\n",
progname,
alg);
}
break;
case 'Z':
if (alg) {
fprintf(stderr,
"%s: Only one of '--ah', '--esp', '--comp', '--ip4', '--ip6', '--del' or '--clear' options permitted.\n",
progname);
exit(1);
}
if (streq(optarg, "deflate")) {
alg = XF_COMPDEFLATE;
} else if (streq(optarg, "lzs")) {
alg = XF_COMPLZS;
} else {
fprintf(stderr,
"%s: Unknown compression algorithm '%s' follows '--comp' option.\n",
progname, optarg);
exit(1);
}
if (debug) {
fprintf(stdout, "%s: Algorithm %d selected.\n",
progname,
alg);
}
break;
case '4':
if (alg) {
fprintf(stderr,
"%s: Only one of '--ah', '--esp', '--comp', '--ip4', '--ip6', '--del' or '--clear' options permitted.\n",
progname);
exit(1);
}
alg = XF_IP4;
address_family = AF_INET;
if (debug) {
fprintf(stdout, "%s: Algorithm %d selected.\n",
progname,
alg);
}
break;
case '6':
if (alg) {
fprintf(stderr,
"%s: Only one of '--ah', '--esp', '--comp', '--ip4', '--ip6', '--del' or '--clear' options permitted.\n",
progname);
exit(1);
}
alg = XF_IP6;
address_family = AF_INET6;
if (debug) {
fprintf(stdout, "%s: Algorithm %d selected.\n",
progname,
alg);
}
break;
case 'd':
if (alg) {
fprintf(stderr,
"%s: Only one of '--ah', '--esp', '--comp', '--ip4', '--ip6', '--del' or '--clear' options permitted.\n",
progname);
exit(1);
}
alg = XF_DEL;
if (debug) {
fprintf(stdout, "%s: Algorithm %d selected.\n",
progname,
alg);
}
break;
case 'c':
if (alg) {
fprintf(stderr,
"%s: Only one of '--ah', '--esp', '--comp', '--ip4', '--ip6', '--del' or '--clear' options permitted.\n",
progname);
exit(1);
}
alg = XF_CLR;
if (debug) {
fprintf(stdout, "%s: Algorithm %d selected.\n",
progname,
alg);
}
break;
case 'e':
if (said_opt) {
fprintf(stderr,
"%s: Error, EDST parameter redefined:%s, already defined in SA:%s\n",
progname, optarg, said_opt);
exit(1);
}
if (edst_opt) {
fprintf(stderr,
"%s: Error, EDST parameter redefined:%s, already defined as:%s\n",
progname, optarg, edst_opt);
exit(1);
}
error_s = ttoaddr(optarg, 0, address_family, &edst);
if (error_s != NULL) {
if (error_s) {
fprintf(stderr,
"%s: Error, %s converting --edst argument:%s\n",
progname, error_s, optarg);
exit(1);
}
}
edst_opt = optarg;
if (debug) {
ipstr_buf b;
fprintf(stdout, "%s: edst=%s.\n",
progname,
ipstr(&edst, &b));
}
break;
case 's':
if (said_opt != NULL) {
fprintf(stderr,
"%s: Error, SPI parameter redefined:%s, already defined in SA:%s\n",
progname, optarg, said_opt);
exit(1);
}
if (spi_opt != NULL) {
fprintf(stderr,
"%s: Error, SPI parameter redefined:%s, already defined as:%s\n",
progname, optarg, spi_opt);
exit(1);
}
ugh = ttoulb(optarg, 0, 0, 0xFFFFFFFFul, &u);
if (ugh == NULL && u < 0x100)
ugh = "0 - 0xFF are reserved";
if (ugh != NULL) {
fprintf(stderr,
"%s: Invalid SPI parameter \"%s\": %s\n",
progname, optarg, ugh);
exit(1);
}
spi = u;
spi_opt = optarg;
break;
case 'p':
if (said_opt != NULL) {
fprintf(stderr,
"%s: Error, PROTO parameter redefined:%s, already defined in SA:%s\n",
progname, optarg, said_opt);
exit(1);
}
if (proto_opt != NULL) {
fprintf(stderr,
"%s: Error, PROTO parameter redefined:%s, already defined as:%s\n",
progname, optarg, proto_opt);
exit(1);
}
if (streq(optarg, "ah")) {
proto = SA_AH;
} else if (streq(optarg, "esp")) {
proto = SA_ESP;
} else if (streq(optarg, "tun")) {
proto = SA_IPIP;
} else if (streq(optarg, "comp")) {
proto = SA_COMP;
} else {
fprintf(stderr,
"%s: Invalid PROTO parameter: %s\n",
progname, optarg);
exit(1);
}
proto_opt = optarg;
break;
case 'a':
if (said_opt) {
fprintf(stderr,
"%s: Error, ADDRESS FAMILY parameter redefined:%s, already defined in SA:%s\n",
progname, optarg, said_opt);
exit(1);
}
if (af_opt) {
fprintf(stderr,
"%s: Error, ADDRESS FAMILY parameter redefined:%s, already defined as:%s\n",
progname, optarg, af_opt);
exit(1);
}
if (streq(optarg, "inet")) {
address_family = AF_INET;
/* currently we ensure that all addresses belong to the same address family */
anyaddr(address_family, &dst);
anyaddr(address_family, &edst);
anyaddr(address_family, &src);
} else if (streq(optarg, "inet6")) {
address_family = AF_INET6;
/* currently we ensure that all addresses belong to the same address family */
anyaddr(address_family, &dst);
anyaddr(address_family, &edst);
anyaddr(address_family, &src);
} else {
fprintf(stderr,
"%s: Invalid ADDRESS FAMILY parameter: %s.\n",
progname, optarg);
exit(1);
}
af_opt = optarg;
break;
case 'I':
if (said_opt) {
fprintf(stderr,
"%s: Error, SAID parameter redefined:%s, already defined in SA:%s\n",
progname, optarg, said_opt);
exit(1);
}
if (proto_opt) {
fprintf(stderr,
"%s: Error, PROTO parameter redefined in SA:%s, already defined as:%s\n",
progname, optarg, proto_opt);
exit(1);
}
if (edst_opt) {
fprintf(stderr,
"%s: Error, EDST parameter redefined in SA:%s, already defined as:%s\n",
progname, optarg, edst_opt);
exit(1);
}
if (spi_opt) {
fprintf(stderr,
"%s: Error, SPI parameter redefined in SA:%s, already defined as:%s\n",
progname, optarg, spi_opt);
exit(1);
}
error_s = ttosa(optarg, 0, &said);
if (error_s != NULL) {
fprintf(stderr,
"%s: Error, %s converting --sa argument:%s\n",
progname, error_s, optarg);
exit(1);
}
if (debug) {
satot(&said, 0, ipsaid_txt,
sizeof(ipsaid_txt));
fprintf(stdout, "%s: said=%s.\n",
progname,
ipsaid_txt);
}
/* init the src and dst with the same address family */
if (address_family == 0) {
address_family = addrtypeof(&said.dst);
} else if (address_family != addrtypeof(&said.dst)) {
fprintf(stderr,
"%s: Error, specified address family (%d) is different that of SAID: %s\n",
progname, address_family, optarg);
exit(1);
}
anyaddr(address_family, &dst);
anyaddr(address_family, &edst);
anyaddr(address_family, &src);
said_opt = optarg;
break;
case 'A':
decode_blob(optarg, "Authentication Key", &authkey, &authkeylen);
break;
case 'E':
decode_blob(optarg, "Encryption Key", &enckey, &enckeylen);
break;
case 'w':
{
err_t ugh = ttoul(optarg, 0, 0, &replay_window);
if (ugh != NULL) {
fprintf(stderr,
"%s: Invalid replay_window parameter: %s\n",
progname, ugh);
exit(1);
}
if (!(1 <= replay_window && replay_window <= 64)) {
fprintf(stderr,
"%s: Failed -- Illegal window size: arg=%s, replay_window=%lu, must be 1 <= size <= 64.\n",
progname, optarg, replay_window);
exit(1);
}
}
break;
case 'i':
decode_blob(optarg, "IV", &iv, &ivlen);
break;
case 'D':
if (dst_opt) {
fprintf(stderr,
"%s: Error, DST parameter redefined:%s, already defined as:%s\n",
progname, optarg, dst_opt);
exit(1);
}
error_s = ttoaddr(optarg, 0, address_family, &dst);
if (error_s != NULL) {
fprintf(stderr,
"%s: Error, %s converting --dst argument:%s\n",
progname, error_s, optarg);
exit(1);
}
dst_opt = optarg;
if (debug) {
ipstr_buf b;
fprintf(stdout, "%s: dst=%s.\n",
progname,
ipstr(&dst, &b));
}
break;
case 'F': /* src port */
{
unsigned long u;
err_t ugh = ttoulb(optarg, 0, 0, 0xFFFF, &u);
if (ugh != NULL) {
fprintf(stderr,
"%s: Invalid source port parameter \"%s\": %s\n",
progname, optarg, ugh);
exit(1);
}
sport = u;
}
break;
case 'G': /* dst port */
{
unsigned long u;
err_t ugh = ttoulb(optarg, 0, 0, 0xFFFF, &u);
if (ugh != NULL) {
fprintf(stderr,
"%s: Invalid destination port parameter \"%s\": %s\n",
progname, optarg, ugh);
exit(1);
}
dport = u;
}
break;
case 'N': /* nat-type */
if (strcaseeq(optarg, "nonesp")) {
natt = ESPINUDP_WITH_NON_ESP;
} else if (strcaseeq(optarg, "none")) {
natt = 0;
} else {
/* ??? what does this do? Where is it documented? */
unsigned long u;
err_t ugh = ttoulb(optarg, 0, 0, 0xFFFFFFFFul, &u);
if (ugh != NULL) {
fprintf(stderr,
"%s: Invalid character in natt parameter \"%s\": %s\n",
progname, optarg, ugh);
exit(1);
}
natt = u;
}
break;
case 'S':
if (src_opt) {
fprintf(stderr,
"%s: Error, SRC parameter redefined:%s, already defined as:%s\n",
progname, optarg, src_opt);
exit(1);
}
error_s = ttoaddr(optarg, 0, address_family, &src);
if (error_s != NULL) {
fprintf(stderr,
"%s: Error, %s converting --src argument:%s\n",
progname, error_s, optarg);
exit(1);
}
src_opt = optarg;
if (debug) {
ipstr_buf b;
fprintf(stdout, "%s: src=%s.\n",
progname,
ipstr(&src, &b));
}
break;
case 'h':
usage(progname, stdout);
exit(0);
case '?':
usage(progname, stderr);
exit(1);
case 'v':
fprintf(stdout, "%s, %s\n", progname,
ipsec_version_code());
exit(1);
case 'f':
if (parse_life_options(life,
life_opt,
optarg) != 0)
exit(1);
break;
default:
fprintf(stderr,
"%s: unrecognized option '%c', update option processing.\n",
progname, c);
exit(1);
}
}
if (debug) {
fprintf(stdout, "%s: All options processed.\n",
progname);
}
if (stat("/proc/net/pfkey", &sts) == 0) {
fprintf(stderr,
"%s: NETKEY does not use the ipsec spi command. Use 'ip xfrm' instead.\n",
progname);
exit(1);
}
if (argcount == 1) {
int ret = 1;
if ((stat("/proc/net/ipsec_spi", &sts)) != 0) {
fprintf(stderr,
"%s: No spi - no IPsec support in kernel (are the modules loaded?)\n",
progname);
} else {
ret = system("cat /proc/net/ipsec_spi");
ret = ret != -1 &&
WIFEXITED(ret) ? WEXITSTATUS(ret) : 1;
}
exit(ret);
}
switch (alg) {
case XF_OTHER_ALG:
/* validate keysizes */
if (proc_read_ok) {
const struct sadb_alg *alg_p;
size_t keylen, minbits, maxbits;
alg_p = kernel_alg_sadb_alg_get(SADB_SATYPE_ESP,
SADB_EXT_SUPPORTED_ENCRYPT,
esp_info->encryptalg);
assert(alg_p != NULL);
keylen = enckeylen * 8;
minbits = alg_p->sadb_alg_minbits;
maxbits = alg_p->sadb_alg_maxbits;
/*
* if explicit keylen told in encrypt algo, eg "aes128"
* check actual keylen "equality"
*/
if (esp_info->enckeylen &&
esp_info->enckeylen != keylen) {
fprintf(stderr, "%s: invalid encryption keylen=%d, "
"required %d by encrypt algo string=\"%s\"\n",
progname,
(int)keylen,
(int)esp_info->enckeylen,
alg_string);
exit(1);
}
/* thanks DES for this sh*t */
if (minbits > keylen || maxbits < keylen) {
fprintf(stderr, "%s: invalid encryption keylen=%d, "
"must be between %d and %d bits\n",
progname,
(int)keylen,
(int)minbits,
(int)maxbits);
exit(1);
}
alg_p = kernel_alg_sadb_alg_get(SADB_SATYPE_ESP,
SADB_EXT_SUPPORTED_AUTH,
esp_info->authalg);
assert(alg_p);
keylen = authkeylen * 8;
minbits = alg_p->sadb_alg_minbits;
maxbits = alg_p->sadb_alg_maxbits;
if (minbits > keylen || maxbits < keylen) {
fprintf(stderr, "%s: invalid auth keylen=%d, "
"must be between %d and %d bits\n",
progname,
(int)keylen,
(int)minbits,
(int)maxbits);
exit(1);
}
}
/*
* ??? this break was added in a2791fda77a5cfcc6bc992fbc5019f4448112f88
* It is likely correct, but we're not sure.
* Luckily this code is probably never used.
*/
break;
case XF_IP4:
case XF_IP6:
case XF_DEL:
case XF_COMPDEFLATE:
case XF_COMPLZS:
if (!said_opt) {
if (isanyaddr(&edst)) {
fprintf(stderr,
"%s: SA destination not specified.\n",
progname);
exit(1);
}
if (!spi) {
fprintf(stderr, "%s: SA SPI not specified.\n",
progname);
exit(1);
}
if (!proto) {
fprintf(stderr,
"%s: SA PROTO not specified.\n",
progname);
exit(1);
}
initsaid(&edst, htonl(spi), proto, &said);
} else {
proto = said.proto;
spi = ntohl(said.spi);
edst = said.dst;
}
if ((address_family != 0) &&
(address_family != addrtypeof(&said.dst))) {
fprintf(stderr,
"%s: Defined address family and address family of SA missmatch.\n",
progname);
exit(1);
}
if (debug) {
fprintf(stdout, "%s: SA valid.\n",
progname);
}
break;
case XF_CLR:
break;
default:
fprintf(stderr,
"%s: No action chosen. See '%s --help' for usage.\n",
progname, progname);
exit(1);
}
switch (alg) {
case XF_CLR:
case XF_DEL:
case XF_IP4:
case XF_IP6:
case XF_COMPDEFLATE:
case XF_COMPLZS:
case XF_OTHER_ALG:
break;
default:
fprintf(stderr,
"%s: No action chosen. See '%s --help' for usage.\n",
progname, progname);
exit(1);
}
if (debug) {
fprintf(stdout, "%s: Algorithm ok.\n",
progname);
}
pfkey_sock = pfkey_open_sock_with_error();
if (pfkey_sock < 0)
exit(1);
/* Build an SADB_ADD message to send down. */
/* It needs <base, SA, address(SD), key(AE)> minimum. */
/* Lifetime(HS) could be added before addresses. */
pfkey_extensions_init(extensions);
error = pfkey_msg_hdr_build(&extensions[0],
alg == XF_DEL ? SADB_DELETE :
alg == XF_CLR ? SADB_FLUSH :
SADB_ADD,
proto2satype(proto),
0,
++pfkey_seq,
mypid);
if (error != 0) {
fprintf(stderr,
"%s: Trouble building message header, error=%d.\n",
progname, error);
pfkey_extensions_free(extensions);
exit(1);
}
switch (alg) {
case XF_OTHER_ALG:
authalg = esp_info->authalg;
if (debug) {
fprintf(stdout, "%s: debug: authalg=%d\n",
progname, authalg);
}
break;
default:
authalg = SADB_AALG_NONE;
}
switch (alg) {
case XF_COMPDEFLATE:
encryptalg = SADB_X_CALG_DEFLATE;
break;
case XF_COMPLZS:
encryptalg = SADB_X_CALG_LZS;
break;
case XF_OTHER_ALG:
encryptalg = esp_info->encryptalg;
if (debug) {
fprintf(stdout, "%s: debug: encryptalg=%d\n",
progname, encryptalg);
}
break;
default:
encryptalg = SADB_EALG_NONE;
}
/* IE: pfkey_msg->sadb_msg_type == SADB_FLUSH */
if (!(alg == XF_CLR)) {
sab.sa_base.sadb_sa_len = 0;
sab.sa_base.sadb_sa_exttype = SADB_EXT_SA;
sab.sa_base.sadb_sa_spi = htonl(spi);
sab.sa_base.sadb_sa_replay = replay_window;
sab.sa_base.sadb_sa_state = K_SADB_SASTATE_MATURE;
sab.sa_base.sadb_sa_auth = authalg;
sab.sa_base.sadb_sa_encrypt = encryptalg;
sab.sa_base.sadb_sa_flags = 0;
sab.sa_base.sadb_x_sa_ref = IPSEC_SAREF_NULL;
sab.sa_base.sadb_x_reserved[0] = 0;
sab.sa_base.sadb_x_reserved[1] = 0;
sab.sa_base.sadb_x_reserved[2] = 0;
sab.sa_base.sadb_x_reserved[3] = 0;
error = pfkey_sa_builds(&extensions[SADB_EXT_SA], sab);
if (error != 0) {
fprintf(stderr,
"%s: Trouble building sa extension, error=%d.\n",
progname, error);
pfkey_extensions_free(extensions);
exit(1);
}
if (saref_me || saref_him) {
error = pfkey_saref_build(&extensions[
K_SADB_X_EXT_SAREF],
saref_me, saref_him);
if (error) {
fprintf(stderr,
"%s: Trouble building saref extension, error=%d.\n",
progname, error);
pfkey_extensions_free(extensions);
exit(1);
}
}
if (outif != 0) {
error = pfkey_outif_build(&extensions[
SADB_X_EXT_PLUMBIF],
outif);
if (error != 0) {
fprintf(stderr,
"%s: Trouble building outif extension, error=%d.\n",
progname, error);
pfkey_extensions_free(extensions);
exit(1);
}
}
if (debug) {
fprintf(stdout,
"%s: extensions[0]=0p%p previously set with msg_hdr.\n",
progname,
extensions[0]);
}
if (debug) {
fprintf(stdout,
"%s: assembled SA extension, pfkey msg authalg=%d encalg=%d.\n",
progname,
authalg,
encryptalg);
}
if (debug) {
int i, j;
for (i = 0; i < life_maxsever; i++) {
for (j = 0; j < life_maxtype; j++) {
fprintf(stdout,
"%s: i=%d, j=%d, life_opt[%d][%d]=0p%p, life[%d][%d]=%d\n",
progname,
i, j, i, j, life_opt[i][j], i, j,
life[i][j]);
}
}
}
emit_lifetime("lifetime_s", SADB_EXT_LIFETIME_SOFT, extensions, life_opt[life_soft], life[life_soft]);
emit_lifetime("lifetime_h", SADB_EXT_LIFETIME_HARD, extensions, life_opt[life_hard], life[life_hard]);
if (debug) {
ipstr_buf b;
fprintf(stdout,
"%s: assembling address_s extension (%s).\n",
progname, ipstr(&src, &b));
}
error = pfkey_address_build(&extensions[SADB_EXT_ADDRESS_SRC],
SADB_EXT_ADDRESS_SRC,
0,
0,
sockaddrof(&src));
if (error != 0) {
ipstr_buf b;
fprintf(stderr,
"%s: Trouble building address_s extension (%s), error=%d.\n",
progname, ipstr(&src, &b), error);
pfkey_extensions_free(extensions);
exit(1);
}
error = pfkey_address_build(&extensions[SADB_EXT_ADDRESS_DST],
SADB_EXT_ADDRESS_DST,
0,
0,
sockaddrof(&edst));
if (error != 0) {
ipstr_buf b;
fprintf(stderr,
"%s: Trouble building address_d extension (%s), error=%d.\n",
progname, ipstr(&edst, &b), error);
pfkey_extensions_free(extensions);
exit(1);
}
switch (alg) {
/* Allow no auth ... after all is local root decision 8) */
case XF_OTHER_ALG:
if (!authalg)
break;
error = pfkey_key_build(&extensions[SADB_EXT_KEY_AUTH],
SADB_EXT_KEY_AUTH,
authkeylen * 8,
authkey);
if (error != 0) {
fprintf(stderr,
"%s: Trouble building key_a extension, error=%d.\n",
progname, error);
pfkey_extensions_free(extensions);
exit(1);
}
if (debug) {
fprintf(stdout,
"%s: key_a extension assembled.\n",
progname);
}
break;
default:
break;
}
switch (alg) {
case XF_OTHER_ALG:
if (enckeylen == 0) {
if (debug)
fprintf(stdout, "%s: key not provided (NULL alg?).\n",
progname);
break;
}
error = pfkey_key_build(&extensions[SADB_EXT_KEY_ENCRYPT],
SADB_EXT_KEY_ENCRYPT,
enckeylen * 8,
enckey);
if (error != 0) {
fprintf(stderr,
"%s: Trouble building key_e extension, error=%d.\n",
progname, error);
pfkey_extensions_free(extensions);
exit(1);
}
if (debug) {
fprintf(stdout,
"%s: key_e extension assembled.\n",
progname);
}
break;
default:
break;
}
}
if (natt != 0) {
bool success;
int err;
err = pfkey_x_nat_t_type_build(&extensions[
K_SADB_X_EXT_NAT_T_TYPE],
natt);
success = pfkey_build(err,
"pfkey_nat_t_type Add ESP SA",
ipsaid_txt, extensions);
if (!success)
return FALSE;
if (debug)
fprintf(stderr, "setting natt_type to %d\n", natt);
if (sport != 0) {
err = pfkey_x_nat_t_port_build(
&extensions[K_SADB_X_EXT_NAT_T_SPORT],
K_SADB_X_EXT_NAT_T_SPORT,
sport);
success = pfkey_build(err,
"pfkey_nat_t_sport Add ESP SA",
ipsaid_txt, extensions);
if (debug)
fprintf(stderr, "setting natt_sport to %d\n",
sport);
if (!success)
return FALSE;
}
if (dport != 0) {
err = pfkey_x_nat_t_port_build(
&extensions[K_SADB_X_EXT_NAT_T_DPORT],
K_SADB_X_EXT_NAT_T_DPORT,
dport);
success = pfkey_build(err,
"pfkey_nat_t_dport Add ESP SA",
ipsaid_txt, extensions);
if (debug)
fprintf(stderr, "setting natt_dport to %d\n",
dport);
if (!success)
return FALSE;
}
#if 0
/* not yet implemented */
if (natt != 0 && !isanyaddr(&natt_oa)) {
ip_str_buf b;
success = pfkeyext_address(SADB_X_EXT_NAT_T_OA,
&natt_oa,
"pfkey_nat_t_oa Add ESP SA",
ipsaid_txt, extensions);
if (debug)
fprintf(stderr, "setting nat_oa to %s\n",
ipstr(&natt_oa, &b));
if (!success)
return FALSE;
}
#endif
}
if (debug) {
fprintf(stdout, "%s: assembling pfkey msg....\n",
progname);
}
error = pfkey_msg_build(&pfkey_msg, extensions, EXT_BITS_IN);
if (error != 0) {
fprintf(stderr,
"%s: Trouble building pfkey message, error=%d.\n",
progname, error);
pfkey_extensions_free(extensions);
pfkey_msg_free(&pfkey_msg);
exit(1);
}
if (debug) {
fprintf(stdout, "%s: assembled.\n",
progname);
}
if (debug) {
fprintf(stdout, "%s: writing pfkey msg.\n",
progname);
}
io_error = write(pfkey_sock,
pfkey_msg,
pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN);
if (io_error < 0) {
fprintf(stderr, "%s: pfkey write failed (errno=%d): ",
progname, errno);
pfkey_extensions_free(extensions);
pfkey_msg_free(&pfkey_msg);
switch (errno) {
case EACCES:
fprintf(stderr, "access denied. ");
if (getuid() == 0)
fprintf(stderr,
"Check permissions. Should be 600.\n");
else
fprintf(stderr,
"You must be root to open this file.\n");
break;
case EUNATCH:
fprintf(stderr,
"Netlink not enabled OR KLIPS not loaded.\n");
break;
case EBUSY:
fprintf(stderr,
"KLIPS is busy. Most likely a serious internal error occured in a previous command. Please report as much detail as possible to development team.\n");
break;
case EINVAL:
fprintf(stderr,
"Invalid argument, check kernel log messages for specifics.\n");
break;
case ENODEV:
fprintf(stderr, "KLIPS not loaded or enabled.\n");
fprintf(stderr, "No device?!?\n");
break;
case ENOBUFS:
fprintf(stderr, "No kernel memory to allocate SA.\n");
break;
case ESOCKTNOSUPPORT:
fprintf(stderr,
"Algorithm support not available in the kernel. Please compile in support.\n");
break;
case EEXIST:
fprintf(stderr,
"SA already in use. Delete old one first.\n");
break;
case ENOENT:
fprintf(stderr,
"device does not exist. See Libreswan installation procedure.\n");
break;
case ENXIO:
case ESRCH:
fprintf(stderr,
"SA does not exist. Cannot delete.\n");
break;
case ENOSPC:
fprintf(stderr,
"no room in kernel SAref table. Cannot process request.\n");
break;
case ESPIPE:
fprintf(stderr,
"kernel SAref table internal error. Cannot process request.\n");
break;
default:
fprintf(stderr,
"Unknown socket write error %d (%s). Please report as much detail as possible to development team.\n",
errno, strerror(errno));
}
exit(1);
} else if (io_error !=
(ssize_t)(pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN)) {
fprintf(stderr, "%s: pfkey write truncated to %d bytes\n",
progname, (int)io_error);
pfkey_extensions_free(extensions);
pfkey_msg_free(&pfkey_msg);
exit(1);
}
if (debug) {
fprintf(stdout, "%s: pfkey command written to socket.\n",
progname);
}
if (pfkey_msg != NULL) {
pfkey_extensions_free(extensions);
pfkey_msg_free(&pfkey_msg);
}
if (debug) {
fprintf(stdout, "%s: pfkey message buffer freed.\n",
progname);
}
if (authkey != NULL) {
memset(authkey, 0, authkeylen);
free(authkey);
}
if (enckey != NULL) {
memset(enckey, 0, enckeylen);
free(enckey);
}
if (iv != NULL) {
memset(iv, 0, ivlen);
free(iv);
}
if (listenreply || saref_me || dumpsaref) {
ssize_t readlen;
unsigned char pfkey_buf[PFKEYv2_MAX_MSGSIZE];
while ((readlen = read(pfkey_sock, pfkey_buf,
sizeof(pfkey_buf))) > 0) {
struct sadb_ext *extensions[K_SADB_EXT_MAX + 1];
pfkey_extensions_init(extensions);
pfkey_msg = (struct sadb_msg *)pfkey_buf;
/* first, see if we got enough for an sadb_msg */
if ((size_t)readlen < sizeof(struct sadb_msg)) {
if (debug) {
printf("%s: runt packet of size: %ld (<%lu)\n",
progname, (long)readlen,
(unsigned long)sizeof(struct
sadb_msg));
}
continue;
}
/* okay, we got enough for a message, print it out */
if (debug) {
printf("%s: pfkey v%d msg received. type=%d(%s) seq=%d len=%d pid=%d errno=%d satype=%d(%s)\n",
progname,
pfkey_msg->sadb_msg_version,
pfkey_msg->sadb_msg_type,
pfkey_v2_sadb_type_string(pfkey_msg->
sadb_msg_type),
pfkey_msg->sadb_msg_seq,
pfkey_msg->sadb_msg_len,
pfkey_msg->sadb_msg_pid,
pfkey_msg->sadb_msg_errno,
pfkey_msg->sadb_msg_satype,
satype2name(pfkey_msg->sadb_msg_satype));
}
if (readlen !=
(ssize_t)(pfkey_msg->sadb_msg_len *
IPSEC_PFKEYv2_ALIGN)) {
if (debug) {
printf("%s: packet size read from socket=%d doesn't equal sadb_msg_len %u * %u; message not decoded\n",
progname,
(int)readlen,
(unsigned)pfkey_msg->sadb_msg_len,
(unsigned)IPSEC_PFKEYv2_ALIGN);
}
continue;
}
if (pfkey_msg_parse(pfkey_msg, NULL, extensions,
EXT_BITS_OUT)) {
if (debug) {
printf("%s: unparseable PF_KEY message.\n",
progname);
}
continue;
}
if (debug) {
printf("%s: parseable PF_KEY message.\n",
progname);
}
if ((pid_t)pfkey_msg->sadb_msg_pid == mypid) {
if (saref_me || dumpsaref) {
struct sadb_x_saref *s =
(struct sadb_x_saref *)
extensions[
K_SADB_X_EXT_SAREF];
if (s != NULL) {
printf("%s: saref=%d/%d\n",
progname,
s->sadb_x_saref_me,
s->sadb_x_saref_him);
}
}
break;
}
}
}
(void) close(pfkey_sock); /* close the socket */
if (debug || listenreply)
printf("%s: exited normally\n", progname);
exit(0);
}
main(int argc, char *argv[]){
int len;
char *infile;
FILE *idfile;
char idbuf[256];
int lineno = 0;
EF_PROTECT_FREE = 1;
EF_FREE_WIPES = 1;
lsw_init_rootdir("../../../baseconfigs/all");
progname = argv[0];
leak_detective = 1;
if (argc != 3 ) {
fprintf(stderr, "Usage: %s <whackrecord> <idfile>\n",
progname);
exit(10);
}
/* argv[1] == "-r" */
tool_init_log();
infile = argv[1];
readwhackmsg(infile);
idfile = fopen(argv[2], "r");
if (!idfile) {
perror(argv[2]);
exit(11);
}
cur_debugging = DBG_CONTROL | DBG_CONTROLMORE;
while (fgets(idbuf, sizeof(idbuf), idfile) != NULL) {
struct state *st1;
struct connection *nc;
struct id peer_id;
int aggrmode, initiate;
char id1[256];
/* ignore comments */
if (idbuf[0] == '#')
continue;
st1 = new_state();
sscanf(idbuf, "%s %u %u", id1, &initiate, &aggrmode);
/* set it to the first connection, there may be only one?? */
st1->st_connection = connections; /* safe: from new_state */
st1->st_oakley.auth = OAKLEY_RSA_SIG;
passert(connections != NULL);
atoid(id1, &peer_id, TRUE);
nc = refine_host_connection(st1, &peer_id, initiate, aggrmode);
printf("%u: %s -> conn: %s\n", ++lineno, id1,
nc ? nc->name : "<none>");
}
report_leaks();
tool_close_log();
exit(0);
}
int main(int argc, char *argv[])
{
bool recalculate = FALSE;
int len;
err_t e;
err_t err = NULL;
char *infile;
char *conn_name;
int lineno=0;
struct connection *c1 = NULL;
struct id moon, cassidy;
struct adns_continuation *cr1 = NULL;
#ifdef HAVE_EFENCE
EF_PROTECT_FREE=1;
#endif
initproctitle(argc, argv);
progname = argv[0];
leak_detective = 1;
if(argc != 3 && argc!=4) {
fprintf(stderr, "Usage: %s [-r] <whackrecord> <conn-name>\n", progname);
exit(10);
}
/* skip argv0 */
argc--; argv++;
if(strcmp(argv[0], "-r")==0) {
recalculate = 1; /* do all crypto */
argc--; argv++;
}
tool_init_log();
cur_debugging |= DBG_DNS;
init_adns();
{
int r;
struct sigaction act;
act.sa_handler = &childhandler;
act.sa_flags = SA_RESTART;
r = sigaction(SIGCHLD, &act, NULL);
passert(r == 0);
}
reset_globals();
/* setup a query */
cr1 = alloc_thing(struct adns_continuation, "moon lookup");
moon.kind = ID_FQDN;
strtochunk(moon.name, "moon.testing.openswan.org", "dns name");
e = start_adns_query(&moon, NULL, ns_t_key,
moon_continue, cr1);
freeanychunk(moon.name);
process_dns_results();
#if 0
cr1 = alloc_thing(struct adns_continuation, "cassidy lookup");
cassidy.kind = ID_FQDN;
strtochunk(cassidy.name, "cassidy.sandelman.ca", "dns name 2");
e = start_adns_query(&cassidy, NULL, ns_t_key,
cassidy_continue, cr1);
freeanychunk(cassidy.name);
process_dns_results();
#endif
/* re-use cassidy */
cr1 = alloc_thing(struct adns_continuation, "cassidy A lookup");
e = start_adns_hostname(AF_UNSPEC, "cassidy.sandelman.ca", cassidy_host_continue, cr1);
process_dns_results();
stop_adns();
report_leaks();
tool_close_log();
exit(0);
}
main(int argc, char *argv[])
{
int len;
char *infile;
char *conn_name;
char *pcap1in;
char *pcap2in;
char *pcap_out;
int lineno=0;
int regression;
struct connection *c1;
struct state *st;
EF_PROTECT_FREE=1;
progname = argv[0];
leak_detective = 1;
/* skip argv0 */
argc--; argv++;
if(strcmp(argv[0], "-r")==0) {
regression = 1;
argc--; argv++;
}
if(argc != 5) {
fprintf(stderr, "Usage: %s <whackrecord> <conn-name> <pcapin1> <pcapin2> <pcapout>\n", progname);
exit(10);
}
tool_init_log();
init_crypto();
load_oswcrypto();
init_fake_vendorid();
init_jamesjohnson_interface();
init_seam_kernelalgs();
infile = argv[0];
conn_name = argv[1];
pcap1in = argv[2];
pcap2in = argv[3];
pcap_out = argv[4];
cur_debugging = DBG_CONTROL|DBG_CONTROLMORE;
if(readwhackmsg(infile) == 0) exit(10);
c1 = con_by_name(conn_name, TRUE);
assert(c1 != NULL);
assert(orient(c1, 500));
show_one_connection(c1);
/* omit the R1 reply */
send_packet_setup_pcap("/dev/null");
/* setup to process the I1 packet */
recv_pcap_setup(pcap1in);
/* process first I1 packet */
cur_debugging = DBG_EMITTING|DBG_CONTROL|DBG_CONTROLMORE;
pcap_dispatch(pt, 1, recv_pcap_packet, NULL);
/* set up output file */
send_packet_setup_pcap(pcap_out);
pcap_close(pt);
/* now process the I2 packet */
recv_pcap_setup(pcap2in);
cur_debugging = DBG_EMITTING|DBG_CONTROL|DBG_CONTROLMORE;
pcap_dispatch(pt, 1, recv_pcap_packet2, NULL);
/* clean up so that we can see any leaks */
st = state_with_serialno(1);
if(st!=NULL) {
free_state(st);
}
report_leaks();
tool_close_log();
exit(0);
}
main(int argc, char *argv[]){
int len;
char *infile;
char *conn_name;
int lineno = 0;
struct connection *c1;
struct state *st;
EF_PROTECT_FREE = 1;
EF_FREE_WIPES = 1;
progname = argv[0];
leak_detective = 1;
if (argc != 3) {
fprintf(stderr, "Usage: %s <whackrecord> <conn-name>\n",
progname);
exit(10);
}
/* argv[1] == "-r" */
tool_init_log();
init_fake_vendorid();
infile = argv[1];
conn_name = argv[2];
readwhackmsg(infile);
send_packet_setup_pcap("parentI1.pcap");
c1 = con_by_name(conn_name, TRUE);
c1->sa_keying_tries = 0; /* for this test case, make retries infinite */
maximum_retransmissions_initial = 2;
show_one_connection(c1);
st = sendI1(c1,
DBG_EMITTING | DBG_CONTROL | DBG_CONTROLMORE |
DBG_WHACKWATCH);
run_continuation(r);
/* after three-retransmits, we fallback to trying IKEv1, if necessary */
handle_next_timer_event();
run_continuation(r);
handle_next_timer_event();
run_continuation(r);
handle_next_timer_event();
run_continuation(r);
handle_next_timer_event();
run_continuation(r);
handle_next_timer_event();
run_continuation(r);
handle_next_timer_event();
run_continuation(r);
handle_next_timer_event();
run_continuation(r);
handle_next_timer_event();
run_continuation(r);
handle_next_timer_event();
run_continuation(r);
/* after three more retransmits, we go back to IKEv2 */
handle_next_timer_event();
run_continuation(r);
handle_next_timer_event();
run_continuation(r);
handle_next_timer_event();
run_continuation(r);
/* as the state will have been renewed, it's hard to clean up */
report_leaks();
tool_close_log();
exit(0);
}
int main(int argc, char *argv[])
{
int len;
char *infile, *pcapin, *pcapout;
char *conn_name;
int lineno=0;
struct connection *c1;
struct state *st;
char eb1[256]; /* error buffer for pcap open */
#ifdef HAVE_EFENCE
EF_PROTECT_FREE=1;
#endif
progname = argv[0];
leak_detective = 1;
if(argc <= 4) {
usage:
fprintf(stderr, "Usage: %s <whackrecord> <conn-name> <pcapin> <pcapout>\n", progname);
exit(10);
}
/* argv[1] == "-r" ?? */
tool_init_log();
init_crypto();
init_fake_vendorid();
init_fake_secrets();
init_jamesjohnson_interface();
infile = NULL;
conn_name = NULL;
pcapin = NULL;
pcapout = NULL;
argc--; argv++;
if(argc > 0) {
infile = argv[0];
argc--; argv++;
}
if(argc > 0) {
conn_name = argv[0];
argc--; argv++;
}
if(argc > 0) {
pcapin = argv[0];
argc--; argv++;
}
if(argc > 0) {
pcapout = argv[0];
argc--; argv++;
}
if(conn_name == NULL ||
infile == NULL ||
pcapin == NULL ||
pcapout == NULL) {
goto usage;
}
cur_debugging = DBG_CONTROL|DBG_CONTROLMORE;
if(readwhackmsg(infile) == 0) exit(10);
c1 = con_by_name(conn_name, TRUE);
assert(c1 != NULL);
assert(orient(c1, 500));
show_one_connection(c1, whack_log);
send_packet_setup_pcap(pcapout);
/* setup to process the I1 packet */
recv_pcap_setup(pcapin);
cur_debugging = DBG_EMITTING|DBG_CONTROL|DBG_CONTROLMORE;
pcap_dispatch(pt, 1, recv_pcap_packet, NULL);
/* clean up so that we can see any leaks */
st = state_with_serialno(1);
if(st!=NULL) {
delete_state(st);
free_state(st);
}
delete_connection(c1, TRUE);
report_leaks();
tool_close_log();
exit(0);
}
main(int argc, char *argv[])
{
int len;
char *infile;
char *conn_name;
int lineno=0;
int regression = 0;
struct connection *c1;
struct state *st;
#ifdef HAVE_EFENCE
EF_PROTECT_FREE=1;
#endif
progname = argv[0];
leak_detective = 1;
/* skip argv0 */
argc--; argv++;
if(strcmp(argv[0], "-r")==0) {
regression = 1;
argc--; argv++;
}
if(argc != 4) {
fprintf(stderr, "Usage: %s [-r] <whackrecord> <conn-name> <pcapfile> <pcapout>\n", progname);
exit(10);
}
tool_init_log();
init_crypto();
load_oswcrypto();
init_fake_vendorid();
init_parker_interface();
infile = argv[0];
conn_name = argv[1];
cur_debugging = DBG_CONTROL|DBG_CONTROLMORE;
if(readwhackmsg(infile) == 0) exit(10);
/* input packets */
recv_pcap_setup(argv[2]);
/* output first packets to /dev/null */
send_packet_setup_pcap("/dev/null");
c1 = con_by_name(conn_name, TRUE);
assert(c1 != NULL);
assert(orient(c1, 500));
show_one_connection(c1);
st = sendI1(c1, DBG_CONTROL, regression == 0);
/* now accept the reply packet */
cur_debugging = DBG_CONTROL|DBG_PARSING;
/* now output interesting packet to capture file */
send_packet_setup_pcap(argv[3]);
pcap_dispatch(pt, 1, recv_pcap_packet, NULL);
pcap_close(pt);
recv_pcap_setup(argv[2]);
pcap_dispatch(pt, 1, recv_pcap_packet, NULL);
/* dump the delete message that comes out */
send_packet_setup_pcap("/dev/null");
delete_connection(c1, TRUE);
st = state_with_serialno(1);
if(st!=NULL) {
free_state(st);
}
report_leaks();
tool_close_log();
exit(0);
}
void exit_tool(int code)
{
tool_close_log();
exit(code);
}
main(int argc, char *argv[])
{
int i;
chunk_t blob, crl_uri;
err_t e;
cert_t cacert,t1;
time_t until;
/* sadly, this is actually too late */
EF_DISABLE_BANNER = 1;
progname = argv[0];
leak_detective=1;
tool_init_log();
load_oswcrypto();
set_debugging(DBG_X509|DBG_PARSING|DBG_CONTROL);
until =1421896274;
set_fake_x509_time(until); /* Wed Jan 21 22:11:14 2015 */
#ifdef HAVE_LIBNSS
{
SECStatus nss_init_status= NSS_InitReadWrite("nss.d");
if (nss_init_status != SECSuccess) {
fprintf(stderr, "NSS initialization failed (err %d)\n", PR_GetError());
exit(10);
} else {
printf("NSS Initialized\n");
PK11_SetPasswordFunc(getNSSPassword);
}
}
#endif
if(argc < 3) {
fprintf(stderr, "Usage: nsscert CAcertfile.pem cert1.pem cert2.pem...\n");
exit(5);
}
/* skip argv0 */
argc--;
argv++;
/* load CAcert */
if(!load_cert(CERT_NONE, argv[0], TRUE, "cacert", &cacert)) {
printf("could not load CA cert file: %s\n", argv[0]);
exit(1);
}
add_authcert(cacert.u.x509, AUTH_CA);
argc--;
argv++;
while(argc-- > 0) {
char *file = *argv++;
/* load target cert */
if(!load_cert(CERT_NONE, file, TRUE, "test1", &t1)) {
printf("could not load cert file: %s\n", file);
exit(1);
}
until += 86400;
if(verify_x509cert(t1.u.x509, FALSE, &until) == FALSE) {
printf("verify x509 failed\n");
exit(3);
}
printf("cert: %s is valid\n", file);
free_x509cert(t1.u.x509);
}
free_x509cert(cacert.u.x509);
report_leaks();
tool_close_log();
exit(0);
}
main(int argc, char *argv[]){
int len;
char *infile;
char *conn_name;
int lineno = 0;
struct connection *c1;
pcap_t *pt;
char eb1[256];
struct state *st;
EF_PROTECT_FREE = 1;
EF_FREE_WIPES = 1;
progname = argv[0];
printf("Started %s\n", progname);
leak_detective = 1;
pluto_shared_secrets_file =
"../../../baseconfigs/west/etc/ipsec.secrets";
lsw_init_ipsecdir("../../../baseconfigs/west/etc/ipsec.d");
lsw_init_rootdir("../../../baseconfigs/west");
init_crypto();
init_seam_kernelalgs();
load_authcerts("CA cert",
"../../../baseconfigs/west/etc/ipsec.d/cacerts",
AUTH_CA);
if (argc != 4) {
fprintf(stderr,
"Usage: %s <whackrecord> <conn-name> <pcapin>\n",
progname);
exit(10);
}
/* argv[1] == "-r" */
tool_init_log();
init_fake_vendorid();
infile = argv[1];
conn_name = argv[2];
load_preshared_secrets(NULL_FD);
readwhackmsg(infile);
send_packet_setup_pcap("parentI2x509.pcap");
pt = pcap_open_offline(argv[3], eb1);
if (!pt) {
perror(argv[3]);
exit(50);
}
c1 = con_by_name(conn_name, TRUE);
show_one_connection(c1);
/* now, send the I1 packet, really just so that we are in the right
* state to receive the R1 packet and process it.
*/
st = sendI1(c1, 0);
cur_debugging = DBG_EMITTING | DBG_CONTROL | DBG_CONTROLMORE |
DBG_PARSING | DBG_PRIVATE | DBG_CRYPT;
pcap_dispatch(pt, 1, recv_pcap_packet1, NULL);
{
struct state *st;
/* find st involved */
st = state_with_serialno(1);
delete_state(st);
/* find st involved */
st = state_with_serialno(2);
if (st)
delete_state(st);
}
report_leaks();
tool_close_log();
exit(0);
}
int main(int argc, char *argv[])
{
err_t err = NULL;
struct addrinfo hints, *result1, *result2;
unsigned char buffer1[1024];
unsigned int buffer1_len = sizeof(buffer1);
unsigned int serial_size;
int i,s;
#ifdef HAVE_EFENCE
EF_PROTECT_FREE=1;
#endif
initproctitle(argc, argv);
progname = argv[0];
leak_detective = 1;
tool_init_log();
cur_debugging |= DBG_DNS;
zero(&hints);
hints.ai_family = AF_UNSPEC; /* Allow IPv4 or IPv6 */
hints.ai_socktype = SOCK_DGRAM; /* Datagram socket */
hints.ai_flags = AI_PASSIVE; /* For wildcard IP address */
hints.ai_protocol = 0; /* Any protocol */
hints.ai_canonname = NULL;
hints.ai_addr = NULL;
hints.ai_next = NULL;
if(argc==1) {
printf("usage: %s [name]...\n", progname);
exit(10);
}
for(i=1; i < argc; i++) {
DBG_log("looking up: %s\n", argv[i]);
s = getaddrinfo(argv[i], NULL, &hints, &result1);
if(s!=0) {
printf("lookup: %s a/aaaa lookup error: %s\n"
, argv[i], gai_strerror(s));
continue;
}
/* sort things so they come out consistently */
result1 = sort_addr_info(result1);
dump_addr_info(result1);
/* now serialize it into the buffer */
serial_size = serialize_addr_info(result1, buffer1, buffer1_len);
freeaddrinfo(result1);
DBG_log("serialized size=%u\n", serial_size);
result2 = deserialize_addr_info(buffer1, serial_size);
dump_addr_info(result2);
osw_freeaddrinfo(result2);
}
report_leaks();
tool_close_log();
exit(0);
}
int main(int argc UNUSED, char *argv[])
{
tool_init_log(argv[0]);
/*
* Need to ensure that NSS is initialized before calling
* ike_alg_init(). Some sanity checks require a working NSS.
*/
lsw_nss_buf_t err;
if (!lsw_nss_setup(NULL, 0, NULL, err)) {
fprintf(stderr, "unexpected %s\n", err);
exit(1);
}
ike_alg_init();
/* esp= */
fprintf(stdout, "\n---- ESP tests that should succeed ----\n");
do_test("aes_gcm_a-128-null", PROTO_IPSEC_ESP);
do_test("3des-sha1;modp1024", PROTO_IPSEC_ESP);
do_test("3des-sha1;modp1536", PROTO_IPSEC_ESP);
do_test("3des-sha1;modp2048", PROTO_IPSEC_ESP);
do_test("3des-sha1;dh22", PROTO_IPSEC_ESP);
do_test("3des-sha1;dh23", PROTO_IPSEC_ESP);
do_test("3des-sha1;dh24", PROTO_IPSEC_ESP);
do_test("3des-sha1", PROTO_IPSEC_ESP);
do_test("null-sha1", PROTO_IPSEC_ESP);
do_test("aes", PROTO_IPSEC_ESP);
do_test("aes_cbc", PROTO_IPSEC_ESP);
do_test("aes-sha", PROTO_IPSEC_ESP);
do_test("aes-sha1", PROTO_IPSEC_ESP);
do_test("aes-sha2", PROTO_IPSEC_ESP);
do_test("aes-sha256", PROTO_IPSEC_ESP);
do_test("aes-sha384", PROTO_IPSEC_ESP);
do_test("aes-sha512", PROTO_IPSEC_ESP);
do_test("aes128-sha1", PROTO_IPSEC_ESP);
do_test("aes128-aes_xcbc", PROTO_IPSEC_ESP);
do_test("aes192-sha1", PROTO_IPSEC_ESP);
do_test("aes256-sha1", PROTO_IPSEC_ESP);
do_test("aes256-sha", PROTO_IPSEC_ESP);
do_test("aes256-sha2", PROTO_IPSEC_ESP);
do_test("aes256-sha2_256", PROTO_IPSEC_ESP);
do_test("aes256-sha2_384", PROTO_IPSEC_ESP);
do_test("aes256-sha2_512", PROTO_IPSEC_ESP);
do_test("camellia", PROTO_IPSEC_ESP);
do_test("camellia128", PROTO_IPSEC_ESP);
do_test("camellia192", PROTO_IPSEC_ESP);
do_test("camellia256", PROTO_IPSEC_ESP);
do_test("aes_ccm_a-128-null", PROTO_IPSEC_ESP);
do_test("aes_ccm_a-192-null", PROTO_IPSEC_ESP);
do_test("aes_ccm_a-256-null", PROTO_IPSEC_ESP);
do_test("aes_ccm_b-128-null", PROTO_IPSEC_ESP);
do_test("aes_ccm_b-192-null", PROTO_IPSEC_ESP);
do_test("aes_ccm_b-256-null", PROTO_IPSEC_ESP);
do_test("aes_ccm_c-128-null", PROTO_IPSEC_ESP);
do_test("aes_ccm_c-192-null", PROTO_IPSEC_ESP);
do_test("aes_ccm_c-256-null", PROTO_IPSEC_ESP);
do_test("aes_gcm_a-128-null", PROTO_IPSEC_ESP);
do_test("aes_gcm_a-192-null", PROTO_IPSEC_ESP);
do_test("aes_gcm_a-256-null", PROTO_IPSEC_ESP);
do_test("aes_gcm_b-128-null", PROTO_IPSEC_ESP);
do_test("aes_gcm_b-192-null", PROTO_IPSEC_ESP);
do_test("aes_gcm_b-256-null", PROTO_IPSEC_ESP);
do_test("aes_gcm_c-128-null", PROTO_IPSEC_ESP);
do_test("aes_gcm_c-192-null", PROTO_IPSEC_ESP);
do_test("aes_gcm_c-256-null", PROTO_IPSEC_ESP);
do_test("aes_ccm-null", PROTO_IPSEC_ESP);
do_test("aes_gcm-null", PROTO_IPSEC_ESP);
do_test("aes_ccm-256-null", PROTO_IPSEC_ESP);
do_test("aes_gcm-192-null", PROTO_IPSEC_ESP);
#if 0
/* these are caught using "aliasing" and rewritten to the above syntax */
do_test("aes_ccm_8-128-null", PROTO_IPSEC_ESP);
do_test("aes_ccm_8-192-null", PROTO_IPSEC_ESP);
do_test("aes_ccm_8-256-null", PROTO_IPSEC_ESP);
do_test("aes_ccm_12-128-null", PROTO_IPSEC_ESP);
do_test("aes_ccm_12-192-null", PROTO_IPSEC_ESP);
do_test("aes_ccm_12-256-null", PROTO_IPSEC_ESP);
do_test("aes_ccm_16-128-null", PROTO_IPSEC_ESP);
do_test("aes_ccm_16-192-null", PROTO_IPSEC_ESP);
do_test("aes_ccm_16-256-null", PROTO_IPSEC_ESP);
do_test("aes_gcm_8-128-null", PROTO_IPSEC_ESP);
do_test("aes_gcm_8-192-null", PROTO_IPSEC_ESP);
do_test("aes_gcm_8-256-null", PROTO_IPSEC_ESP);
do_test("aes_gcm_12-128-null", PROTO_IPSEC_ESP);
do_test("aes_gcm_12-192-null", PROTO_IPSEC_ESP);
do_test("aes_gcm_12-256-null", PROTO_IPSEC_ESP);
do_test("aes_gcm_16-128-null", PROTO_IPSEC_ESP);
do_test("aes_gcm_16-192-null", PROTO_IPSEC_ESP);
do_test("aes_gcm_16-256-null", PROTO_IPSEC_ESP);
#endif
/* other */
do_test("aes_ctr", PROTO_IPSEC_ESP);
do_test("aesctr", PROTO_IPSEC_ESP);
do_test("aes_ctr128", PROTO_IPSEC_ESP);
do_test("aes_ctr192", PROTO_IPSEC_ESP);
do_test("aes_ctr256", PROTO_IPSEC_ESP);
do_test("serpent", PROTO_IPSEC_ESP);
do_test("twofish", PROTO_IPSEC_ESP);
do_test("mars", PROTO_IPSEC_ESP);
/*
* should this be supported - for now man page says not
* do_test("modp1536", PROTO_IPSEC_ESP);
*/
fprintf(stdout, "\n---- ESP tests that should fail----\n");
do_test("3des168-sha1", PROTO_IPSEC_ESP); /* should get rejected */
do_test("3des-null", PROTO_IPSEC_ESP); /* should get rejected */
do_test("aes128-null", PROTO_IPSEC_ESP); /* should get rejected */
do_test("aes224-sha1", PROTO_IPSEC_ESP); /* should get rejected */
do_test("aes512-sha1", PROTO_IPSEC_ESP); /* should get rejected */
do_test("aes-sha1555", PROTO_IPSEC_ESP); /* should get rejected */
do_test("camellia666-sha1", PROTO_IPSEC_ESP); /* should get rejected */
do_test("blowfish", PROTO_IPSEC_ESP); /* obsoleted */
do_test("des-sha1", PROTO_IPSEC_ESP); /* obsoleted */
do_test("aes_ctr666", PROTO_IPSEC_ESP); /* bad key size */
do_test("aes128-sha2_128", PROTO_IPSEC_ESP); /* _128 does not exist */
do_test("aes256-sha2_256-4096", PROTO_IPSEC_ESP); /* double keysize */
do_test("aes256-sha2_256-128", PROTO_IPSEC_ESP); /* now what?? */
do_test("vanitycipher", PROTO_IPSEC_ESP);
do_test("ase-sah", PROTO_IPSEC_ESP); /* should get rejected */
do_test("aes-sah1", PROTO_IPSEC_ESP); /* should get rejected */
do_test("id3", PROTO_IPSEC_ESP); /* should be rejected; idXXX removed */
do_test("aes-id3", PROTO_IPSEC_ESP); /* should be rejected; idXXX removed */
do_test("aes_gcm-md5", PROTO_IPSEC_ESP); /* AEAD must have auth null */
/* ah= */
fprintf(stdout, "\n---- AH tests that should succeed ----\n");
do_test("md5", PROTO_IPSEC_AH);
do_test("sha", PROTO_IPSEC_AH);
do_test("sha1", PROTO_IPSEC_AH);
do_test("sha2", PROTO_IPSEC_AH);
do_test("sha256", PROTO_IPSEC_AH);
do_test("sha384", PROTO_IPSEC_AH);
do_test("sha512", PROTO_IPSEC_AH);
do_test("sha2_256", PROTO_IPSEC_AH);
do_test("sha2_384", PROTO_IPSEC_AH);
do_test("sha2_512", PROTO_IPSEC_AH);
do_test("aes_xcbc", PROTO_IPSEC_AH);
do_test("ripemd", PROTO_IPSEC_AH);
fprintf(stdout, "\n---- AH tests that should fail ----\n");
do_test("aes-sha1", PROTO_IPSEC_AH);
do_test("vanityhash1", PROTO_IPSEC_AH);
do_test("aes_gcm_c-256", PROTO_IPSEC_AH);
do_test("id3", PROTO_IPSEC_AH); /* should be rejected; idXXX removed */
do_test("3des", PROTO_IPSEC_AH);
do_test("null", PROTO_IPSEC_AH);
do_test("aes_gcm", PROTO_IPSEC_AH);
do_test("aes_ccm", PROTO_IPSEC_AH);
/* ike= */
fprintf(stdout, "\n---- IKE tests that should succeed ----\n");
do_test("3des-sha1", PROTO_ISAKMP);
fprintf(stdout, "\n---- IKE tests that should fail ----\n");
do_test("id2", PROTO_ISAKMP); /* should be rejected; idXXX removed */
do_test("3des-id2", PROTO_ISAKMP); /* should be rejected; idXXX removed */
fflush(NULL);
report_leaks();
lsw_nss_shutdown();
tool_close_log();
exit(0);
}
main(int argc, char *argv[])
{
int len;
char *infile;
char *conn_name;
int lineno=0;
int regression = 0;
struct connection *c1;
struct state *st;
#ifdef HAVE_EFENCE
EF_PROTECT_FREE=1;
#endif
progname = argv[0];
leak_detective = 1;
if(argc != 3 && argc!=4) {
fprintf(stderr, "Usage: %s [-r] <whackrecord> <conn-name>\n", progname);
exit(10);
}
/* skip argv0 */
argc--; argv++;
if(strcmp(argv[0], "-r")==0) {
regression = 1;
argc--; argv++;
}
tool_init_log();
load_oswcrypto();
init_fake_vendorid();
init_fake_secrets();
init_local_interface();
infile = argv[0];
conn_name = argv[1];
cur_debugging = DBG_CONTROL|DBG_CONTROLMORE;
if(readwhackmsg(infile) == 0) exit(11);
send_packet_setup_pcap("OUTPUT/" TESTNAME ".pcap");
c1 = con_by_name(conn_name, TRUE);
assert(c1 != NULL);
//list_public_keys(FALSE, FALSE);
#ifndef SKIP_ORIENT_ASSERT
assert(orient(c1, 500));
#endif
show_one_connection(c1);
#ifndef SKIP_INITIATE
/* do calculation if not -r for regression */
st = sendI1(c1, DBG_EMITTING|DBG_CONTROL|DBG_CONTROLMORE, regression == 0);
st = state_with_serialno(1);
if(st!=NULL) {
delete_state(st);
free_state(st);
}
#endif
delete_connection(c1, TRUE);
report_leaks();
tool_close_log();
exit(0);
}
main(int argc, char *argv[]) {
int len;
char *infile;
char *conn_name;
int lineno = 0;
struct connection *c1;
pcap_t *pt;
char eb1[256];
EF_PROTECT_BELOW = 1;
EF_PROTECT_FREE = 1;
EF_FREE_WIPES = 1;
progname = argv[0];
leak_detective = 1;
init_crypto();
if (argc != 4) {
fprintf(stderr,
"Usage: %s <whackrecord> <conn-name> <pcapin>\n",
progname);
exit(10);
}
/* argv[1] == "-r" */
tool_init_log();
init_fake_vendorid();
infile = argv[1];
conn_name = argv[2];
readwhackmsg(infile);
send_packet_setup_pcap("parentR1.pcap");
c1 = con_by_name(conn_name, TRUE);
show_one_connection(c1);
pt = pcap_open_offline(argv[3], eb1);
if (!pt) {
perror(argv[3]);
exit(50);
}
cur_debugging = DBG_EMITTING | DBG_CONTROL | DBG_CONTROLMORE;
pcap_dispatch(pt, 1, recv_pcap_packet, NULL);
{
struct state *st;
/* find st involved */
st = state_with_serialno(1);
delete_state(st);
}
report_leaks();
tool_close_log();
exit(0);
}
main(int argc, char *argv[])
{
int len;
char *infile;
char *conn_name;
int lineno=0;
int regression = 0;
struct connection *c1;
struct state *st;
EF_PROTECT_FREE=1;
progname = argv[0];
leak_detective = 1;
if(argc != 4 && argc != 5) {
fprintf(stderr, "Usage: %s [-r] <whackrecord> <conn-name> <pcapfile>\n", progname);
exit(10);
}
/* skip argv0 */
argc--; argv++;
if(strcmp(argv[0], "-r")==0) {
regression = 1;
argc--; argv++;
}
tool_init_log();
load_oswcrypto();
init_fake_vendorid();
init_parker_interface();
infile = argv[0];
conn_name = argv[1];
cur_debugging = DBG_CONTROL|DBG_CONTROLMORE;
if(readwhackmsg(infile) == 0) exit(10);
/* input packets */
recv_pcap_setup(argv[2]);
/* output packets */
send_packet_setup_pcap("OUTPUT/parentI2.pcap");
c1 = con_by_name(conn_name, TRUE);
assert(c1 != NULL);
assert(orient(c1, 500));
show_one_connection(c1);
st = sendI1(c1, DBG_CONTROL, regression == 0);
/* now accept the reply packet */
cur_debugging = DBG_CONTROL|DBG_PARSING;
pcap_dispatch(pt, 1, recv_pcap_packet, NULL);
st = state_with_serialno(1);
if(st!=NULL) {
delete_state(st);
free_state(st);
}
report_leaks();
tool_close_log();
exit(0);
}