📄 whack.c
字号:
/* command interface to Pluto * Copyright (C) 1997 Angelos D. Keromytis. * Copyright (C) 1998-2003 D. Hugh Redelmeier. * Copyright (C) 2004 Michael Richardson <mcr@sandelman.ottawa.on.ca> * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the * Free Software Foundation; either version 2 of the License, or (at your * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. * * This program is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * * RCSID $Id: whack.c,v 1.139 2004/12/16 01:21:59 mcr Exp $ */#include <stdio.h>#include <stdlib.h>#include <stddef.h>#include <string.h>#include <ctype.h>#include <unistd.h>#include <errno.h>#include <sys/types.h>#include <sys/socket.h>#include <sys/un.h>#include <netinet/in.h>#include <arpa/inet.h>#include <getopt.h>#include <assert.h>#include <openswan.h>#include "constants.h"#include "oswlog.h"#include "defs.h"#include "whack.h"/** * Print the 'ipsec --whack help' message */static voidhelp(void){ fprintf(stderr , "Usage:\n\n" "all forms:" " [--optionsfrom <filename>]" " [--ctlbase <path>]" " [--label <string>]" "\n\n" "help: whack" " [--help]" " [--version]" "\n\n" "connection: whack" " --name <connection_name>" " \\\n " " [--ipv4 | --ipv6]" " [--tunnelipv4 | --tunnelipv6]" " \\\n " " (--host <ip-address> | --id <identity> | --cert <path>)" " [--ca <distinguished name>]" " [--ikeport <port-number>]" " \\\n " " [--nexthop <ip-address>]" " [--client <subnet> | --clientwithin <address range>]" " [--srcip <ip-address>]" " \\\n " " [--clientprotoport <protocol>/<port>]" " [--dnskeyondemand]" " \\\n " " [--updown <updown>]" " --to" " (--host <ip-address> | --id <identity>)" " \\\n " " [--cert <path>]" " [--groups <access control groups>]" " [--ca <distinguished name>]" " [--sendcert]" " [--sendcerttype number]" " \\\n " " [--ikeport <port-number>]" " \\\n " " [--nexthop <ip-address>]" " \\\n " " [--client <subnet> | --clientwithin <address range>]" " \\\n " " [--clientprotoport <protocol>/<port>]" " \\\n " " [--dnskeyondemand]" " [--updown <updown>]" " [--psk]" " [--rsasig]" " \\\n " " [--encrypt]" " [--authenticate]" " [--compress]" " [--tunnel]" " [--pfs]" " \\\n " " [--ikelifetime <seconds>]" " [--ipseclifetime <seconds>]" " \\\n " " [--reykeymargin <seconds>]" " [--reykeyfuzz <percentage>]" " \\\n " " [--keyingtries <count>]" " \\\n " " [--esp <esp-algos>]" " \\\n " " [--dontrekey]" " [--aggrmode]" " [--dpddelay <seconds> --dpdtimeout <seconds>]" " \\\n " " [--dpdaction (clear|hold)]" " [--forceencaps]"#ifdef XAUTH " [--xauthserver]" " [--xauthclient]"#endif " \\\n " " [--initiateontraffic|--pass|--drop|--reject]" " \\\n " " [--failnone|--failpass|--faildrop|--failreject]" "\n\n" "routing: whack" " (--route | --unroute)" " --name <connection_name>" "\n\n" "initiation:" "\n " " whack" " (--initiate | --terminate)" " --name <connection_name>" " [--asynchronous]" " [--xauthname name]" " [--xauthpass pass]" "\n\n" "opportunistic initiation: whack" " [--tunnelipv4 | --tunnelipv6]" " \\\n " " --oppohere <ip-address>" " --oppothere <ip-address>" "\n\n" "delete: whack" " --delete" " --name <connection_name>" "\n\n" "deletestate: whack" " --deletestate <state_object_number>" " --crash <ip-address>" "\n\n" "pubkey: whack" " --keyid <id>" " [--addkey]" " [--pubkeyrsa <key>]" "\n\n" "myid: whack" " --myid <id>" "\n\n"#ifdef DEBUG "debug: whack [--name <connection_name>]" " \\\n " " [--debug-none]" " [--debug-all]" " \\\n " " [--debug-raw]" " [--debug-crypt]" " [--debug-parsing]" " [--debug-emitting]" " \\\n " " [--debug-control]" " [--debug-klips]" " [--debug-dns]" " [--debug-pfkey]" " \\\n " " [--debug-natt]" " [--debug-x509]" " \\\n " " [--debug-private]" "\n\n"#endif "listen: whack" " (--listen | --unlisten)" "\n\n" "list: whack [--utc]" " [--listpubkeys]" " [--listcerts]" " [--listcacerts]" " \\\n " " [--listacerts]" " [--listaacerts]" " [--listocspcerts]" " \\\n " " [--listgroups]" " [--listcrls]" " [--listocsp]" " [--listcards]" " [--listall]" "\n\n" "purge: whack" " [--purgeocsp]" "\n\n" "purge: whack" " [--listevents]" "\n\n" "reread: whack" " [--rereadsecrets]" " [--rereadcacerts]" " [--rereadaacerts]" " [--rereadocspcerts]" " \\\n " " [--rereadacerts]" " [--rereadcrls]" " [--rereadall]" "\n\n" "status: whack" " --status" "\n\n" "shutdown: whack" " --shutdown" "\n\n" "FreeS/WAN %s\n" , ipsec_version_code());}static const char *label = NULL; /* --label operand, saved for diagnostics */static const char *name = NULL; /* --name operand, saved for diagnostics *//** Print a string as a diagnostic, then exit whack unhappily * * @param mess The error message to print when exiting * @return void */static voiddiag(const char *mess){ if (mess != NULL) { fprintf(stderr, "whack error: "); if (label != NULL) fprintf(stderr, "%s ", label); if (name != NULL) fprintf(stderr, "\"%s\" ", name); fprintf(stderr, "%s\n", mess); } exit(RC_WHACK_PROBLEM);}/** * Conditially calls diag if ugh is set. * Prints second arg, if non-NULL, as quoted string * * @param ugh Error message * @param this Optional 2nd part of error message * @return void */static voiddiagq(err_t ugh, const char *this){ if (ugh != NULL) { if (this == NULL) { diag(ugh); } else { char buf[120]; /* arbitrary limit */ snprintf(buf, sizeof(buf), "%s \"%s\"", ugh, this); diag(buf); } }}/** * complex combined operands return one of these enumerated values * Note: these become flags in an lset_t. Since there are more than * 32, we partition them into: * - OPT_* options (most random options) * - LST_* options (list various internal data) * - DBGOPT_* option (DEBUG options) * - END_* options (End description options) * - CD_* options (Connection Description options) */enum option_enums {# define OPT_FIRST OPT_CTLBASE OPT_CTLBASE, OPT_NAME, OPT_CD, OPT_KEYID, OPT_ADDKEY, OPT_PUBKEYRSA, OPT_MYID, OPT_ROUTE, OPT_UNROUTE, OPT_INITIATE, OPT_TERMINATE, OPT_DELETE, OPT_DELETESTATE, OPT_LISTEN, OPT_UNLISTEN, OPT_PURGEOCSP, OPT_REREADSECRETS, OPT_REREADCACERTS, OPT_REREADAACERTS, OPT_REREADOCSPCERTS, OPT_REREADACERTS, OPT_REREADCRLS, OPT_REREADALL, OPT_STATUS, OPT_SHUTDOWN, OPT_OPPO_HERE, OPT_OPPO_THERE, OPT_ASYNC, OPT_DELETECRASH, OPT_XAUTHNAME, OPT_XAUTHPASS,# define OPT_LAST OPT_ASYNC /* last "normal" option *//* List options */# define LST_FIRST LST_UTC /* first list option */ LST_UTC, LST_PUBKEYS, LST_CERTS, LST_CACERTS, LST_ACERTS, LST_AACERTS, LST_OCSPCERTS, LST_GROUPS, LST_CRLS, LST_OCSP, LST_CARDS, LST_EVENTS, LST_ALL,# define LST_LAST LST_ALL /* last list option *//* Connection End Description options */# define END_FIRST END_HOST /* first end description */ END_HOST, END_ID, END_CERT, END_CA, END_GROUPS, END_IKEPORT, END_NEXTHOP, END_CLIENT, END_CLIENTWITHIN, END_CLIENTPROTOPORT, END_DNSKEYONDEMAND, END_XAUTHSERVER, END_XAUTHCLIENT, END_MODECFGCLIENT, END_MODECFGSERVER, END_SENDCERT, END_CERTTYPE, END_SRCIP, END_UPDOWN, #define END_LAST END_UPDOWN /* last end description*//* Connection Description options -- segregated */# define CD_FIRST CD_TO /* first connection description */ CD_TO,# define CD_POLICY_FIRST CD_PSK CD_PSK, /* same order as POLICY_* 0 */ CD_RSASIG, /* same order as POLICY_* 1 */ CD_ENCRYPT, /* same order as POLICY_* 2 */ CD_AUTHENTICATE, /* same order as POLICY_* 3 */ CD_COMPRESS, /* same order as POLICY_* 4 */ CD_TUNNEL, /* same order as POLICY_* 5 */ CD_PFS, /* same order as POLICY_* 6 */ CD_DISABLEARRIVALCHECK, /* same order as POLICY_* 7 */ CD_SHUNT0, /* same order as POLICY_* 8 */ CD_SHUNT1, /* same order as POLICY_* 9 */ CD_FAIL0, /* same order as POLICY_* 10 */ CD_FAIL1, /* same order as POLICY_* 11 */ CD_DONT_REKEY, /* same order as POLICY_* 12 */ CD_OPP0, /* same order as POLICY_* 13 */ CD_GROUP, /* same order as POLICY_* 14 */ CD_GROUPED, /* same order as POLICY_* 15 */ CD_UP, /* same order as POLICY_* 16 */ CD_DUMMY, /* same order as POLICY_* 17 -- was XAUTH */ CD_MODECFGPULL, /* same order as POLICY_* 18 */ CD_AGGRESSIVE, /* same order as POLICY_* 19 */ CD_TUNNELIPV4, CD_TUNNELIPV6, CD_CONNIPV4, CD_CONNIPV6, CD_IKELIFETIME, CD_IPSECLIFETIME, CD_RKMARGIN, CD_RKFUZZ, CD_KTRIES, CD_DPDDELAY, CD_DPDTIMEOUT, CD_DPDACTION, CD_FORCEENCAPS, CD_IKE, CD_PFSGROUP, CD_ESP # define CD_LAST CD_ESP /* last connection description */#ifdef DEBUG /* must be last so others are less than 32 to fit in lset_t */# define DBGOPT_FIRST DBGOPT_NONE , /* NOTE: these definitions must match DBG_* and IMPAIR_* in constants.h */ DBGOPT_NONE, DBGOPT_ALL, DBGOPT_RAW, /* same order as DBG_* */ DBGOPT_CRYPT, /* same order as DBG_* */ DBGOPT_PARSING, /* same order as DBG_* */ DBGOPT_EMITTING, /* same order as DBG_* */ DBGOPT_CONTROL, /* same order as DBG_* */ DBGOPT_LIFECYCLE, /* same order as DBG_* */ DBGOPT_KLIPS, /* same order as DBG_* */ DBGOPT_DNS, /* same order as DBG_* */ DBGOPT_OPPO, /* same order as DBG_* */ DBGOPT_CONTROLMORE, /* same order as DBG_* */ DBGOPT_PFKEY, /* same order as DBG_* */ DBGOPT_NATT, /* same order as DBG_* */ DBGOPT_X509, /* same order as DBG_* */ DBGOPT_DPD, /* same order as DBG_* */ DBGOPT_RES14, DBGOPT_RES15, DBGOPT_RES16, DBGOPT_RES17, DBGOPT_RES18, DBGOPT_RES19, DBGOPT_PRIVATE, /* same order as DBG_* */ DBGOPT_IMPAIR_DELAY_ADNS_KEY_ANSWER, /* same order as IMPAIR_* */ DBGOPT_IMPAIR_DELAY_ADNS_TXT_ANSWER, /* same order as IMPAIR_* */ DBGOPT_IMPAIR_BUST_MI2, /* same order as IMPAIR_* */ DBGOPT_IMPAIR_BUST_MR2 /* same order as IMPAIR_* */# define DBGOPT_LAST DBGOPT_IMPAIR_BUST_MR2#endif};/* Carve up space for result from getop_long. * Stupidly, the only result is an int. * Numeric arg is bit immediately left of basic value. * */#define OPTION_OFFSET 256 /* to get out of the way of letter options */⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -