void show_status(void) { show_kernel_interface(); show_ifaces_status(); show_myid_status(); show_debug_status(); whack_log(RC_COMMENT, BLANK_FORMAT); /* spacer */ show_virtual_private(); whack_log(RC_COMMENT, BLANK_FORMAT); /* spacer */ #ifdef KERNEL_ALG kernel_alg_show_status(); whack_log(RC_COMMENT, BLANK_FORMAT); /* spacer */ #endif #ifdef IKE_ALG ike_alg_show_status(); whack_log(RC_COMMENT, BLANK_FORMAT); /* spacer */ #endif #ifndef NO_DB_OPS_STATS db_ops_show_status(); whack_log(RC_COMMENT, BLANK_FORMAT); /* spacer */ #endif show_connections_status(whack_log); whack_log(RC_COMMENT, BLANK_FORMAT); /* spacer */ show_states_status(); #ifdef KLIPS whack_log(RC_COMMENT, BLANK_FORMAT); /* spacer */ show_shunt_status(); #endif }
void rekeyit() { struct state *st = NULL; struct pcr_kenonce *kn = &crypto_req->pcr_d.kn; fprintf(stderr, "now pretend that the keylife timer is up, and rekey the connection\n"); show_states_status(); timer_list(); st = state_with_serialno(2); /* capture the rekey message */ send_packet_setup_pcap("OUTPUT/rekeyikev2-I1.pcap"); if(st) { DBG(DBG_LIFECYCLE , openswan_log("replacing stale %s SA" , (IS_PHASE1(st->st_state)|| IS_PHASE15(st->st_state ))? "ISAKMP" : "IPsec")); ipsecdoi_replace(st, LEMPTY, LEMPTY, 1); } else { fprintf(stderr, "no state #2 found\n"); } passert(kn->oakley_group == tc14_oakleygroup); /* now fill in the KE values from a constant.. not calculated */ clonetowirechunk(&kn->thespace, kn->space, &kn->secret, tc14_secret,tc14_secret_len); clonetowirechunk(&kn->thespace, kn->space, &kn->n, tc14_ni, tc14_ni_len); /* maybe change nonce for rekey? */ clonetowirechunk(&kn->thespace, kn->space, &kn->gi, tc14_gi, tc14_gi_len); run_continuation(crypto_req); send_packet_close(); }
void show_status(bool all, const char *name) { if (all) { show_ifaces_status(); show_myid_status(); show_debug_status(); whack_log(RC_COMMENT, BLANK_FORMAT); /* spacer */ } show_connections_status(all, name); show_states_status(name); #ifdef KLIPS show_shunt_status(); #endif }
/* * this routine accepts the I3 packet, and dumps the resulting SAs */ void recv_pcap_I3_process(u_char *user , const struct pcap_pkthdr *h , const u_char *bytes) { struct state *st = NULL; struct pcr_kenonce *kn = &crypto_req->pcr_d.kn; /* create a socket for a possible whack process that is doing --up */ int fake_whack_fd = open("/dev/null", O_RDWR); passert(fake_whack_fd != -1); recv_pcap_packet(user, h, bytes); fprintf(stderr, "now look at the resulting SAs produced.\n"); show_states_status(); }
/* * this routine accepts the I3 packet, and the causes a rekey to be queued */ void recv_pcap_I3_rekey(u_char *user , const struct pcap_pkthdr *h , const u_char *bytes) { struct state *st = NULL; struct pcr_kenonce *kn = &crypto_req->pcr_d.kn; /* create a socket for a possible whack process that is doing --up */ int fake_whack_fd = open("/dev/null", O_RDWR); passert(fake_whack_fd != -1); recv_pcap_packet(user, h, bytes); fprintf(stderr, "now pretend that the keylife timer is up, and rekey the connection\n"); show_states_status(); timer_list(); st = state_with_serialno(2); st->st_whack_sock = fake_whack_fd; if(st) { DBG(DBG_LIFECYCLE , openswan_log("replacing stale %s SA" , (IS_PHASE1(st->st_state)|| IS_PHASE15(st->st_state ))? "ISAKMP" : "IPsec")); ipsecdoi_replace(st, LEMPTY, LEMPTY, 1); } else { fprintf(stderr, "no state #2 found\n"); } /* find new state! */ st = state_with_serialno(3); passert(st->st_whack_sock != -1); passert(kn->oakley_group == SS(oakleygroup)); /* now fill in the KE values from a constant.. not calculated */ clonetowirechunk(&kn->thespace, kn->space, &kn->secret, SS(secret.ptr),SS(secret.len)); clonetowirechunk(&kn->thespace, kn->space, &kn->n, SS(ni.ptr), SS(ni.len)); /* maybe change nonce for rekey? */ clonetowirechunk(&kn->thespace, kn->space, &kn->gi, SS(gi.ptr), SS(gi.len)); run_continuation(crypto_req); }
void show_status(void) { show_kernel_interface(); show_ifaces_status(); show_system_security(); show_setup_plutomain(); show_myid_status(); show_debug_status(); show_setup_natt(); show_virtual_private(); kernel_alg_show_status(); ike_alg_show_status(); #ifndef NO_DB_OPS_STATS db_ops_show_status(); #endif show_connections_status(); show_states_status(); #ifdef KLIPS show_shunt_status(); #endif }
main(int argc, char *argv[]){ int len; char *infile; char *conn_name; int lineno = 0; struct connection *c1; pcap_t *pt; char eb1[256]; EF_PROTECT_BELOW = 1; EF_PROTECT_FREE = 1; EF_FREE_WIPES = 1; progname = argv[0]; leak_detective = 1; init_crypto(); if (argc != 4) { fprintf(stderr, "Usage: %s <whackrecord> <conn-name> <pcapin>\n", progname); exit(10); } /* argv[1] == "-r" */ tool_init_log(); init_fake_vendorid(); infile = argv[1]; conn_name = argv[2]; readwhackmsg(infile); send_packet_setup_pcap("parentR1.pcap"); c1 = con_by_name(conn_name, TRUE); show_one_connection(c1); cur_debugging = DBG_EMITTING | DBG_CONTROL | DBG_CONTROLMORE; pt = pcap_open_offline(argv[3], eb1); if (!pt) { perror(argv[3]); exit(50); } pcap_dispatch(pt, 1, recv_pcap_packet, NULL); pcap_close(pt); /* read same packet from network again, to see what we will do */ pt = pcap_open_offline(argv[3], eb1); if (!pt) { perror(argv[3]); exit(50); } pcap_dispatch(pt, 1, recv_pcap_packet, NULL); pcap_close(pt); show_states_status(); { struct state *st; /* find st involved */ st = state_with_serialno(1); delete_state(st); } report_leaks(); tool_close_log(); exit(0); }