void
initiate_connection(const char *name, int whackfd
, lset_t moredebug
, enum crypto_importance importance)
{
struct initiate_stuff is;
struct connection *c = con_by_name(name, FALSE);
int count;
is.whackfd = whackfd;
is.moredebug = moredebug;
is.importance= importance;
if (c != NULL)
{
initiate_a_connection(c, &is);
close_any(is.whackfd);
return;
}
loglog(RC_COMMENT, "initiating all conns with alias='%s'\n", name);
count = foreach_connection_by_alias(name, initiate_a_connection, &is);
if(count == 0) {
whack_log(RC_UNKNOWN_NAME
, "no connection named \"%s\"", name);
}
close_any(is.whackfd);
}
int main(int argc, char *argv[])
{
bool recalculate = FALSE;
int len;
err_t err = NULL;
char *infile;
char *conn_name;
int lineno=0;
struct connection *c1 = NULL;
#ifdef HAVE_EFENCE
EF_PROTECT_FREE=1;
#endif
progname = argv[0];
leak_detective = 1;
if(argc != 3 && argc!=4) {
fprintf(stderr, "Usage: %s [-r] <whackrecord> <conn-name>\n", progname);
exit(10);
}
/* skip argv0 */
argc--; argv++;
if(strcmp(argv[0], "-r")==0) {
recalculate = 1; /* do all crypto */
argc--; argv++;
}
tool_init_log();
load_oswcrypto();
init_fake_vendorid();
init_fake_secrets();
init_local_interface();
infile = argv[0];
conn_name = argv[1];
cur_debugging = DBG_CONTROL|DBG_CONTROLMORE;
if(readwhackmsg(infile) == 0) exit(11);
send_packet_setup_pcap("OUTPUT/" TESTNAME ".pcap");
c1 = con_by_name(conn_name, TRUE);
assert(c1 != NULL);
//list_public_keys(FALSE, FALSE);
assert(orient(c1, 500));
show_one_connection(c1, whack_log);
kick_adns_connection_lookup(c1, &c1->spd.that, TRUE);
report_leaks();
tool_close_log();
exit(0);
}
main(int argc, char *argv[])
{
int len;
char *infile;
char *conn_name;
int lineno=0;
struct connection *c1;
struct state *st;
EF_PROTECT_FREE=1;
EF_FREE_WIPES =1;
progname = argv[0];
leak_detective = 1;
if(argc != 3) {
fprintf(stderr, "Usage: %s <whackrecord> <conn-name>\n", progname);
exit(10);
}
/* argv[1] == "-r" */
tool_init_log();
init_fake_vendorid();
infile = argv[1];
conn_name = argv[2];
readwhackmsg(infile);
send_packet_setup_pcap("parentI1.pcap");
c1 = con_by_name(conn_name, TRUE);
show_one_connection(c1);
st = sendI1(c1,DBG_EMITTING|DBG_CONTROL|DBG_CONTROLMORE);
run_continuation(r);
/* now invoke the timer event to cause a re-transmission */
handle_next_timer_event();
/* clean up so that we can see any leaks */
delete_state(st);
report_leaks();
tool_close_log();
exit(0);
}
main(int argc, char *argv[]) {
int len;
char *infile;
char *conn_name;
int lineno = 0;
struct connection *c1;
pcap_t *pt;
char eb1[256];
EF_PROTECT_BELOW = 1;
EF_PROTECT_FREE = 1;
EF_FREE_WIPES = 1;
progname = argv[0];
leak_detective = 1;
init_crypto();
if (argc != 4) {
fprintf(stderr,
"Usage: %s <whackrecord> <conn-name> <pcapin>\n",
progname);
exit(10);
}
/* argv[1] == "-r" */
tool_init_log();
init_fake_vendorid();
infile = argv[1];
conn_name = argv[2];
readwhackmsg(infile);
send_packet_setup_pcap("parentR1.pcap");
c1 = con_by_name(conn_name, TRUE);
show_one_connection(c1);
pt = pcap_open_offline(argv[3], eb1);
if (!pt) {
perror(argv[3]);
exit(50);
}
cur_debugging = DBG_EMITTING | DBG_CONTROL | DBG_CONTROLMORE;
pcap_dispatch(pt, 1, recv_pcap_packet, NULL);
{
struct state *st;
/* find st involved */
st = state_with_serialno(1);
delete_state(st);
}
report_leaks();
tool_close_log();
exit(0);
}
main(int argc, char *argv[]){
int len;
char *infile;
char *conn_name;
int lineno = 0;
struct connection *c1;
struct state *st;
EF_PROTECT_FREE = 1;
EF_FREE_WIPES = 1;
progname = argv[0];
leak_detective = 1;
if (argc != 3) {
fprintf(stderr, "Usage: %s <whackrecord> <conn-name>\n",
progname);
exit(10);
}
/* argv[1] == "-r" */
tool_init_log();
init_fake_vendorid();
infile = argv[1];
conn_name = argv[2];
readwhackmsg(infile);
send_packet_setup_pcap("parentI1.pcap");
c1 = con_by_name(conn_name, TRUE);
c1->sa_keying_tries = 0; /* for this test case, make retries infinite */
maximum_retransmissions_initial = 2;
show_one_connection(c1);
st = sendI1(c1,
DBG_EMITTING | DBG_CONTROL | DBG_CONTROLMORE |
DBG_WHACKWATCH);
run_continuation(r);
/* after three-retransmits, we fallback to trying IKEv1, if necessary */
handle_next_timer_event();
run_continuation(r);
handle_next_timer_event();
run_continuation(r);
handle_next_timer_event();
run_continuation(r);
handle_next_timer_event();
run_continuation(r);
handle_next_timer_event();
run_continuation(r);
handle_next_timer_event();
run_continuation(r);
handle_next_timer_event();
run_continuation(r);
handle_next_timer_event();
run_continuation(r);
handle_next_timer_event();
run_continuation(r);
/* after three more retransmits, we go back to IKEv2 */
handle_next_timer_event();
run_continuation(r);
handle_next_timer_event();
run_continuation(r);
handle_next_timer_event();
run_continuation(r);
/* as the state will have been renewed, it's hard to clean up */
report_leaks();
tool_close_log();
exit(0);
}
main(int argc, char *argv[]){
int len;
char *infile;
char *conn_name;
int lineno = 0;
struct connection *c1;
pcap_t *pt;
char eb1[256];
struct state *st;
EF_PROTECT_FREE = 1;
EF_FREE_WIPES = 1;
progname = argv[0];
printf("Started %s\n", progname);
leak_detective = 1;
pluto_shared_secrets_file =
"../../../baseconfigs/west/etc/ipsec.secrets";
lsw_init_ipsecdir("../../../baseconfigs/west/etc/ipsec.d");
lsw_init_rootdir("../../../baseconfigs/west");
init_crypto();
init_seam_kernelalgs();
load_authcerts("CA cert",
"../../../baseconfigs/west/etc/ipsec.d/cacerts",
AUTH_CA);
if (argc != 4) {
fprintf(stderr,
"Usage: %s <whackrecord> <conn-name> <pcapin>\n",
progname);
exit(10);
}
/* argv[1] == "-r" */
tool_init_log();
init_fake_vendorid();
infile = argv[1];
conn_name = argv[2];
load_preshared_secrets(NULL_FD);
readwhackmsg(infile);
send_packet_setup_pcap("parentI2x509.pcap");
pt = pcap_open_offline(argv[3], eb1);
if (!pt) {
perror(argv[3]);
exit(50);
}
c1 = con_by_name(conn_name, TRUE);
show_one_connection(c1);
/* now, send the I1 packet, really just so that we are in the right
* state to receive the R1 packet and process it.
*/
st = sendI1(c1, 0);
cur_debugging = DBG_EMITTING | DBG_CONTROL | DBG_CONTROLMORE |
DBG_PARSING | DBG_PRIVATE | DBG_CRYPT;
pcap_dispatch(pt, 1, recv_pcap_packet1, NULL);
{
struct state *st;
/* find st involved */
st = state_with_serialno(1);
delete_state(st);
/* find st involved */
st = state_with_serialno(2);
if (st)
delete_state(st);
}
report_leaks();
tool_close_log();
exit(0);
}
main(int argc, char *argv[])
{
int len;
char *infile;
char *conn_name;
int lineno=0;
int regression = 0;
struct connection *c1;
struct state *st;
#ifdef HAVE_EFENCE
EF_PROTECT_FREE=1;
#endif
progname = argv[0];
leak_detective = 1;
if(argc != 3 && argc!=4) {
fprintf(stderr, "Usage: %s [-r] <whackrecord> <conn-name>\n", progname);
exit(10);
}
/* skip argv0 */
argc--; argv++;
if(strcmp(argv[0], "-r")==0) {
regression = 1;
argc--; argv++;
}
tool_init_log();
load_oswcrypto();
init_fake_vendorid();
init_fake_secrets();
init_local_interface();
infile = argv[0];
conn_name = argv[1];
cur_debugging = DBG_CONTROL|DBG_CONTROLMORE;
if(readwhackmsg(infile) == 0) exit(11);
send_packet_setup_pcap("OUTPUT/" TESTNAME ".pcap");
c1 = con_by_name(conn_name, TRUE);
assert(c1 != NULL);
//list_public_keys(FALSE, FALSE);
#ifndef SKIP_ORIENT_ASSERT
assert(orient(c1, 500));
#endif
show_one_connection(c1);
#ifndef SKIP_INITIATE
/* do calculation if not -r for regression */
st = sendI1(c1, DBG_EMITTING|DBG_CONTROL|DBG_CONTROLMORE, regression == 0);
st = state_with_serialno(1);
if(st!=NULL) {
delete_state(st);
free_state(st);
}
#endif
delete_connection(c1, TRUE);
report_leaks();
tool_close_log();
exit(0);
}
main(int argc, char *argv[])
{
int len;
char *infile;
char *conn_name;
int lineno=0;
int regression = 0;
struct connection *c1;
struct state *st;
#ifdef HAVE_EFENCE
EF_PROTECT_FREE=1;
#endif
progname = argv[0];
leak_detective = 1;
/* skip argv0 */
argc--; argv++;
if(strcmp(argv[0], "-r")==0) {
regression = 1;
argc--; argv++;
}
if(argc != 4) {
fprintf(stderr, "Usage: %s [-r] <whackrecord> <conn-name> <pcapfile> <pcapout>\n", progname);
exit(10);
}
tool_init_log();
init_crypto();
load_oswcrypto();
init_fake_vendorid();
init_parker_interface();
infile = argv[0];
conn_name = argv[1];
cur_debugging = DBG_CONTROL|DBG_CONTROLMORE;
if(readwhackmsg(infile) == 0) exit(10);
/* input packets */
recv_pcap_setup(argv[2]);
/* output first packets to /dev/null */
send_packet_setup_pcap("/dev/null");
c1 = con_by_name(conn_name, TRUE);
assert(c1 != NULL);
assert(orient(c1, 500));
show_one_connection(c1);
st = sendI1(c1, DBG_CONTROL, regression == 0);
/* now accept the reply packet */
cur_debugging = DBG_CONTROL|DBG_PARSING;
/* now output interesting packet to capture file */
send_packet_setup_pcap(argv[3]);
pcap_dispatch(pt, 1, recv_pcap_packet, NULL);
pcap_close(pt);
recv_pcap_setup(argv[2]);
pcap_dispatch(pt, 1, recv_pcap_packet, NULL);
/* dump the delete message that comes out */
send_packet_setup_pcap("/dev/null");
delete_connection(c1, TRUE);
st = state_with_serialno(1);
if(st!=NULL) {
free_state(st);
}
report_leaks();
tool_close_log();
exit(0);
}
main(int argc, char *argv[])
{
int len;
char *infile;
char *conn_name;
char *pcap1in;
char *pcap2in;
char *pcap_out;
int lineno=0;
int regression;
struct connection *c1;
struct state *st;
EF_PROTECT_FREE=1;
progname = argv[0];
leak_detective = 1;
/* skip argv0 */
argc--; argv++;
if(strcmp(argv[0], "-r")==0) {
regression = 1;
argc--; argv++;
}
if(argc != 5) {
fprintf(stderr, "Usage: %s <whackrecord> <conn-name> <pcapin1> <pcapin2> <pcapout>\n", progname);
exit(10);
}
tool_init_log();
init_crypto();
load_oswcrypto();
init_fake_vendorid();
init_jamesjohnson_interface();
init_seam_kernelalgs();
infile = argv[0];
conn_name = argv[1];
pcap1in = argv[2];
pcap2in = argv[3];
pcap_out = argv[4];
cur_debugging = DBG_CONTROL|DBG_CONTROLMORE;
if(readwhackmsg(infile) == 0) exit(10);
c1 = con_by_name(conn_name, TRUE);
assert(c1 != NULL);
assert(orient(c1, 500));
show_one_connection(c1);
/* omit the R1 reply */
send_packet_setup_pcap("/dev/null");
/* setup to process the I1 packet */
recv_pcap_setup(pcap1in);
/* process first I1 packet */
cur_debugging = DBG_EMITTING|DBG_CONTROL|DBG_CONTROLMORE;
pcap_dispatch(pt, 1, recv_pcap_packet, NULL);
/* set up output file */
send_packet_setup_pcap(pcap_out);
pcap_close(pt);
/* now process the I2 packet */
recv_pcap_setup(pcap2in);
cur_debugging = DBG_EMITTING|DBG_CONTROL|DBG_CONTROLMORE;
pcap_dispatch(pt, 1, recv_pcap_packet2, NULL);
/* clean up so that we can see any leaks */
st = state_with_serialno(1);
if(st!=NULL) {
free_state(st);
}
report_leaks();
tool_close_log();
exit(0);
}
int main(int argc, char *argv[])
{
int len;
char *infile, *pcapin, *pcapout;
char *conn_name;
int lineno=0;
struct connection *c1;
struct state *st;
char eb1[256]; /* error buffer for pcap open */
#ifdef HAVE_EFENCE
EF_PROTECT_FREE=1;
#endif
progname = argv[0];
leak_detective = 1;
if(argc <= 4) {
usage:
fprintf(stderr, "Usage: %s <whackrecord> <conn-name> <pcapin> <pcapout>\n", progname);
exit(10);
}
/* argv[1] == "-r" ?? */
tool_init_log();
init_crypto();
init_fake_vendorid();
init_fake_secrets();
init_jamesjohnson_interface();
infile = NULL;
conn_name = NULL;
pcapin = NULL;
pcapout = NULL;
argc--; argv++;
if(argc > 0) {
infile = argv[0];
argc--; argv++;
}
if(argc > 0) {
conn_name = argv[0];
argc--; argv++;
}
if(argc > 0) {
pcapin = argv[0];
argc--; argv++;
}
if(argc > 0) {
pcapout = argv[0];
argc--; argv++;
}
if(conn_name == NULL ||
infile == NULL ||
pcapin == NULL ||
pcapout == NULL) {
goto usage;
}
cur_debugging = DBG_CONTROL|DBG_CONTROLMORE;
if(readwhackmsg(infile) == 0) exit(10);
c1 = con_by_name(conn_name, TRUE);
assert(c1 != NULL);
assert(orient(c1, 500));
show_one_connection(c1, whack_log);
send_packet_setup_pcap(pcapout);
/* setup to process the I1 packet */
recv_pcap_setup(pcapin);
cur_debugging = DBG_EMITTING|DBG_CONTROL|DBG_CONTROLMORE;
pcap_dispatch(pt, 1, recv_pcap_packet, NULL);
/* clean up so that we can see any leaks */
st = state_with_serialno(1);
if(st!=NULL) {
delete_state(st);
free_state(st);
}
delete_connection(c1, TRUE);
report_leaks();
tool_close_log();
exit(0);
}
/* Handle a kernel request. Supposedly, there's a message in
* the kernelsock socket.
*/
void
whack_handle(int whackctlfd)
{
struct whack_message msg;
struct sockaddr_un whackaddr;
int whackaddrlen = sizeof(whackaddr);
int whackfd = accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen);
ssize_t n;
if (whackfd < 0)
{
log_errno((e, "accept() failed in whack_handle()"));
return;
}
n = read(whackfd, &msg, sizeof(msg));
if (n == -1)
{
log_errno((e, "read() failed in whack_handle()"));
close(whackfd);
return;
}
whack_log_fd = whackfd;
/* sanity check message */
{
err_t ugh = NULL;
next_str = msg.string;
str_roof = (char *)&msg + n;
if (next_str > str_roof)
{
ugh = builddiag("truncated message from whack: got %d bytes; expected %d. Message ignored."
, n, (int) sizeof(msg));
}
else if (msg.magic != WHACK_MAGIC)
{
ugh = builddiag("message from whack has bad magic %d; should be %d; probably wrong version. Message ignored"
, msg.magic, WHACK_MAGIC);
}
else if (!unpack_str(&msg.name) /* string 1 */
|| !unpack_str(&msg.left.id) /* string 2 */
|| !unpack_str(&msg.left.cert) /* string 3 */
|| !unpack_str(&msg.left.updown) /* string 4 */
#ifdef VIRTUAL_IP
|| !unpack_str(&msg.left.virt)
#endif
|| !unpack_str(&msg.right.id) /* string 5 */
|| !unpack_str(&msg.right.cert) /* string 6 */
|| !unpack_str(&msg.right.updown) /* string 7 */
#ifdef VIRTUAL_IP
|| !unpack_str(&msg.right.virt)
#endif
|| !unpack_str(&msg.keyid) /* string 8 */
|| !unpack_str(&msg.ike) /* string 9 */
|| !unpack_str(&msg.esp) /* string 10 */
|| !unpack_str(&msg.dnshostname) /* string 11 */
|| str_roof - next_str != (ptrdiff_t)msg.keyval.len) /* check chunk */
{
ugh = "message from whack contains bad string";
}
else
{
msg.keyval.ptr = next_str; /* grab chunk */
}
if (ugh != NULL)
{
loglog(RC_BADWHACKMESSAGE, "%s", ugh);
whack_log_fd = NULL_FD;
close(whackfd);
return;
}
}
if (msg.whack_options)
{
#ifdef DEBUG
if (msg.name == NULL)
{
/* we do a two-step so that if either old or new would
* cause the message to print, it will be printed.
*/
cur_debugging |= msg.debugging;
DBG(DBG_CONTROL
, DBG_log("base debugging = %s"
, bitnamesof(debug_bit_names, msg.debugging)));
cur_debugging = base_debugging = msg.debugging;
}
else if (!msg.whack_connection)
{
struct connection *c = con_by_name(msg.name, TRUE);
if (c != NULL)
{
c->extra_debugging = msg.debugging;
DBG(DBG_CONTROL
, DBG_log("\"%s\" extra_debugging = %s"
, c->name
, bitnamesof(debug_bit_names, c->extra_debugging)));
}
}
#endif
}
/* Deleting combined with adding a connection works as replace.
* To make this more useful, in only this combination,
* delete will silently ignore the lack of the connection.
*/
if (msg.whack_delete)
{
struct connection *c = con_by_name(msg.name, !msg.whack_connection);
/* note: this is a "while" because road warrior
* leads to multiple connections with the same name.
*/
for (; c != NULL; c = con_by_name(msg.name, FALSE))
delete_connection(c);
}
if (msg.whack_deletestate)
{
struct state *st = state_with_serialno(msg.whack_deletestateno);
if (st == NULL)
{
loglog(RC_UNKNOWN_NAME, "no state #%lu to delete"
, msg.whack_deletestateno);
}
else
{
delete_state(st);
}
}
if (msg.whack_connection)
add_connection(&msg);
/* process "listen" before any operation that could require it */
if (msg.whack_listen)
{
log("listening for IKE messages");
listening = TRUE;
find_ifaces();
load_preshared_secrets();
}
if (msg.whack_unlisten)
{
log("no longer listening for IKE messages");
listening = FALSE;
}
if (msg.whack_reread & REREAD_SECRETS)
{
load_preshared_secrets();
}
if (msg.whack_reread & REREAD_MYCERT)
{
load_mycert();
}
if (msg.whack_reread & REREAD_CACERTS)
{
load_cacerts();
}
if (msg.whack_reread & REREAD_CRLS)
{
load_crls();
}
if (msg.whack_list & LIST_PUBKEYS)
{
list_public_keys(msg.whack_utc);
}
if (msg.whack_list & LIST_CERTS)
{
list_certs(msg.whack_utc);
}
if (msg.whack_list & LIST_CACERTS)
{
list_cacerts(msg.whack_utc);
}
if (msg.whack_list & LIST_CRLS)
{
list_crls(msg.whack_utc);
}
if (msg.whack_key)
{
/* add a public key */
struct id keyid;
err_t ugh = atoid(msg.keyid, &keyid);
if (ugh != NULL)
{
loglog(RC_BADID, "bad --keyid \"%s\": %s", msg.keyid, ugh);
}
else
{
if (!msg.whack_addkey)
delete_public_keys(&keyid, msg.pubkey_alg);
if (msg.keyval.len == 0)
{
struct key_add_continuation *kc
= alloc_thing(struct key_add_continuation
, "key add continuation");
int wfd = dup_any(whackfd);
kc->whack_fd = wfd;
ugh = start_adns_query(&keyid
, NULL
, T_KEY
, key_add_continue
, &kc->ac);
if (ugh != NULL)
{
key_add_ugh(&keyid, ugh);
close_any(wfd);
}
}
else
{
ugh = add_public_key(&keyid, DAL_LOCAL, msg.pubkey_alg
, &msg.keyval, &pubkeys);
if (ugh != NULL)
loglog(RC_LOG_SERIOUS, "%s", ugh);
}
}
}
main(int argc, char *argv[])
{
int len;
char *infile;
char *conn_name;
int lineno=0;
int regression = 0;
struct connection *c1;
struct state *st;
EF_PROTECT_FREE=1;
progname = argv[0];
leak_detective = 1;
if(argc != 4 && argc != 5) {
fprintf(stderr, "Usage: %s [-r] <whackrecord> <conn-name> <pcapfile>\n", progname);
exit(10);
}
/* skip argv0 */
argc--; argv++;
if(strcmp(argv[0], "-r")==0) {
regression = 1;
argc--; argv++;
}
tool_init_log();
load_oswcrypto();
init_fake_vendorid();
init_parker_interface();
infile = argv[0];
conn_name = argv[1];
cur_debugging = DBG_CONTROL|DBG_CONTROLMORE;
if(readwhackmsg(infile) == 0) exit(10);
/* input packets */
recv_pcap_setup(argv[2]);
/* output packets */
send_packet_setup_pcap("OUTPUT/parentI2.pcap");
c1 = con_by_name(conn_name, TRUE);
assert(c1 != NULL);
assert(orient(c1, 500));
show_one_connection(c1);
st = sendI1(c1, DBG_CONTROL, regression == 0);
/* now accept the reply packet */
cur_debugging = DBG_CONTROL|DBG_PARSING;
pcap_dispatch(pt, 1, recv_pcap_packet, NULL);
st = state_with_serialno(1);
if(st!=NULL) {
delete_state(st);
free_state(st);
}
report_leaks();
tool_close_log();
exit(0);
}
