diff options
Diffstat (limited to 'programs/klipsdebug')
| -rw-r--r-- | programs/klipsdebug/.cvsignore | 1 | ||||
| -rw-r--r-- | programs/klipsdebug/Makefile | 80 | ||||
| -rw-r--r-- | programs/klipsdebug/klipsdebug.5 | 138 | ||||
| -rw-r--r-- | programs/klipsdebug/klipsdebug.8 | 164 | ||||
| -rw-r--r-- | programs/klipsdebug/klipsdebug.c | 436 |
5 files changed, 0 insertions, 819 deletions
diff --git a/programs/klipsdebug/.cvsignore b/programs/klipsdebug/.cvsignore deleted file mode 100644 index 03c1d474c..000000000 --- a/programs/klipsdebug/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -klipsdebug diff --git a/programs/klipsdebug/Makefile b/programs/klipsdebug/Makefile deleted file mode 100644 index 6c98e7592..000000000 --- a/programs/klipsdebug/Makefile +++ /dev/null @@ -1,80 +0,0 @@ -# Makefile for the KLIPS interface utilities -# Copyright (C) 1998, 1999 Henry Spencer. -# Copyright (C) 1999, 2000, 2001 Richard Guy Briggs -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# RCSID $Id: Makefile,v 1.1 2004/03/15 20:35:28 as Exp $ - -FREESWANSRCDIR=../.. -include ${FREESWANSRCDIR}/Makefile.inc - -PROGRAM:=klipsdebug -EXTRA5PROC=${PROGRAM}.5 - -LIBS:=${FREESWANLIB} - -include ../Makefile.program - -# -# $Log: Makefile,v $ -# Revision 1.1 2004/03/15 20:35:28 as -# added files from freeswan-2.04-x509-1.5.3 -# -# Revision 1.4 2002/06/03 20:25:31 mcr -# man page for files actually existant in /proc/net changed back to -# ipsec_foo via new EXTRA5PROC process. -# -# Revision 1.3 2002/06/02 22:02:14 mcr -# changed TOPDIR->FREESWANSRCDIR in all Makefiles. -# (note that linux/net/ipsec/Makefile uses TOPDIR because this is the -# kernel sense.) -# -# Revision 1.2 2002/04/26 01:21:26 mcr -# while tracking down a missing (not installed) /etc/ipsec.conf, -# MCR has decided that it is not okay for each program subdir to have -# some subset (determined with -f) of possible files. -# Each subdir that defines $PROGRAM, MUST have a PROGRAM.8 file as well as a PROGRAM file. -# Optional PROGRAM.5 files have been added to the makefiles. -# -# Revision 1.1 2002/04/24 07:55:32 mcr -# #include patches and Makefiles for post-reorg compilation. -# -# -# - - -# -# $Log: Makefile,v $ -# Revision 1.1 2004/03/15 20:35:28 as -# added files from freeswan-2.04-x509-1.5.3 -# -# Revision 1.4 2002/06/03 20:25:31 mcr -# man page for files actually existant in /proc/net changed back to -# ipsec_foo via new EXTRA5PROC process. -# -# Revision 1.3 2002/06/02 22:02:14 mcr -# changed TOPDIR->FREESWANSRCDIR in all Makefiles. -# (note that linux/net/ipsec/Makefile uses TOPDIR because this is the -# kernel sense.) -# -# Revision 1.2 2002/04/26 01:21:26 mcr -# while tracking down a missing (not installed) /etc/ipsec.conf, -# MCR has decided that it is not okay for each program subdir to have -# some subset (determined with -f) of possible files. -# Each subdir that defines $PROGRAM, MUST have a PROGRAM.8 file as well as a PROGRAM file. -# Optional PROGRAM.5 files have been added to the makefiles. -# -# Revision 1.1 2002/04/24 07:55:32 mcr -# #include patches and Makefiles for post-reorg compilation. -# -# -# diff --git a/programs/klipsdebug/klipsdebug.5 b/programs/klipsdebug/klipsdebug.5 deleted file mode 100644 index 8e5f985f0..000000000 --- a/programs/klipsdebug/klipsdebug.5 +++ /dev/null @@ -1,138 +0,0 @@ -.TH IPSEC_KLIPSDEBUG 5 "26 Jun 2000" -.\" -.\" RCSID $Id: klipsdebug.5,v 1.1 2004/03/15 20:35:28 as Exp $ -.\" -.SH NAME -ipsec_klipsdebug \- list KLIPS (kernel IPSEC support) debug features and level -.SH SYNOPSIS -.B ipsec -.B klipsdebug -.PP -.B cat -.B /proc/net/ipsec_klipsdebug -.SH DESCRIPTION -.I /proc/net/ipsec_klipsdebug -lists flags that control various parts of the debugging output of Klips -(the kernel portion of FreeS/WAN IPSEC). -At this point it is a read-only file. -.PP -A table entry consists of: -.IP + 3 -a KLIPS debug variable -.IP + -a '=' separator for visual and automated parsing between the variable -name and its current value -.IP + -hexadecimal bitmap of variable's flags. -.PP -The variable names roughly describe the scope of the debugging variable. -Currently, no flags are documented or individually accessible yet except -tunnel-xmit. -.ne 5 -.PP -The variable names are: -.TP 8 -.B tunnel -tunnelling code -.TP -.B netlink -userspace communication code (obsolete) -.TP -.B xform -transform selection and manipulation code -.TP -.B eroute -eroute table manipulation code -.TP -.B spi -SA table manipulation code -.TP -.B radij -radij tree manipulation code -.TP -.B esp -encryptions transforms code -.TP -.B ah -authentication transforms code -.TP -.B rcv -receive code -.TP -.B ipcomp -ip compression transforms code -.TP -.B verbose -give even more information, beware this will probably trample the 4k kernel printk buffer giving inaccurate output -.PP -All KLIPS debug output appears as -.B kernel.info -messages to -.IR syslogd (8). -Most systems are set up -to log these messages to -.IR /var/log/messages . -.PP -.SH EXAMPLES -.LP -.B debug_tunnel=00000010. -.br -.B debug_netlink=00000000. -.br -.B debug_xform=00000000. -.br -.B debug_eroute=00000000. -.br -.B debug_spi=00000000. -.br -.B debug_radij=00000000. -.br -.B debug_esp=00000000. -.br -.B debug_ah=00000000. -.br -.B debug_rcv=00000000. -.br -.B debug_pfkey=ffffffff. -.LP -means that one -.B tunnel -flag has been set (tunnel-xmit), -full -.B pfkey -sockets debugging has been set and everything else is not set. -.LP -.SH FILES -/proc/net/ipsec_klipsdebug, /usr/local/bin/ipsec -.SH "SEE ALSO" -ipsec(8), ipsec_manual(8), ipsec_tncfg(8), ipsec_eroute(8), -ipsec_spi(8), ipsec_spigrp(8), ipsec_klipsdebug(5), ipsec_version(5), -ipsec_pf_key(5) -.SH HISTORY -Written for the Linux FreeS/WAN project -<http://www.freeswan.org/> -by Richard Guy Briggs. -.\" -.\" $Log: klipsdebug.5,v $ -.\" Revision 1.1 2004/03/15 20:35:28 as -.\" added files from freeswan-2.04-x509-1.5.3 -.\" -.\" Revision 1.5 2002/04/24 07:35:38 mcr -.\" Moved from ./klips/utils/klipsdebug.5,v -.\" -.\" Revision 1.4 2000/10/10 20:10:19 rgb -.\" Added support for debug_ipcomp and debug_verbose to klipsdebug. -.\" -.\" Revision 1.3 2000/06/30 18:21:55 rgb -.\" Update SEE ALSO sections to include ipsec_version(5) and ipsec_pf_key(5) -.\" and correct FILES sections to no longer refer to /dev/ipsec which has -.\" been removed since PF_KEY does not use it. -.\" -.\" Revision 1.2 2000/06/28 12:44:12 henry -.\" format touchup -.\" -.\" Revision 1.1 2000/06/28 05:43:00 rgb -.\" Added manpages for all 5 klips utils. -.\" -.\" -.\" diff --git a/programs/klipsdebug/klipsdebug.8 b/programs/klipsdebug/klipsdebug.8 deleted file mode 100644 index 60d018eec..000000000 --- a/programs/klipsdebug/klipsdebug.8 +++ /dev/null @@ -1,164 +0,0 @@ -.TH IPSEC_KLIPSDEBUG 8 "21 Jun 2000" -.\" -.\" RCSID $Id: klipsdebug.8,v 1.1 2004/03/15 20:35:28 as Exp $ -.\" -.SH NAME -ipsec klipsdebug \- set KLIPS (kernel IPSEC support) debug features and level -.SH SYNOPSIS -.B ipsec -.B klipsdebug -.PP -.B ipsec -.B klipsdebug -.B \-\-set -flagname -.PP -.B ipsec -.B klipsdebug -.B \-\-clear -flagname -.PP -.B ipsec -.B klipsdebug -.B \-\-all -.PP -.B ipsec -.B klipsdebug -.B \-\-none -.PP -.B ipsec -.B klipsdebug -.B \-\-help -.PP -.B ipsec -.B klipsdebug -.B \-\-version -.SH DESCRIPTION -.I Klipsdebug -sets and clears flags that control -various parts of the debugging output of Klips -(the kernel portion of FreeS/WAN IPSEC). -The form with no additional arguments lists the present contents of -/proc/net/ipsec_klipsdebug. -The -.B \-\-set -form turns the specified flag on, -while the -.B \-\-clear -form turns the specified flag off. -The -.B \-\-all -form -turns all flags on except verbose, while the -.B \-\-none -form turns all flags off. -.PP -The current flag names are: -.TP 8 -.B tunnel -tunnelling code -.TP -.B tunnel-xmit -tunnelling transmit only code -.TP -.B pfkey -userspace communication code -.TP -.B xform -transform selection and manipulation code -.TP -.B eroute -eroute table manipulation code -.TP -.B spi -SA table manipulation code -.TP -.B radij -radij tree manipulation code -.TP -.B esp -encryptions transforms code -.TP -.B ah -authentication transforms code -.B rcv -receive code -.TP -.B ipcomp -ip compression transforms code -.TP -.B verbose -give even more information, BEWARE: -a)this will print authentication and encryption keys in the logs -b)this will probably trample the 4k kernel printk buffer giving inaccurate output -.PP -All Klips debug output appears as -.B kernel.info -messages to -.IR syslogd (8). -Most systems are set up -to log these messages to -.IR /var/log/messages . -Beware that -.B klipsdebug -.B \-\-all -produces a lot of output and the log file will grow quickly. -.PP -The file format for /proc/net/ipsec_klipsdebug is discussed in -ipsec_klipsdebug(5). -.SH EXAMPLES -.TP -.B klipsdebug \-\-all -turns on all KLIPS debugging except verbose. -.TP -.B klipsdebug \-\-clear tunnel -turns off only the -.B tunnel -debugging messages. -.LP -.SH FILES -/proc/net/ipsec_klipsdebug, /usr/local/bin/ipsec -.SH "SEE ALSO" -ipsec(8), ipsec_manual(8), ipsec_tncfg(8), ipsec_eroute(8), -ipsec_spi(8), ipsec_spigrp(8), ipsec_klipsdebug(5) -.SH HISTORY -Written for the Linux FreeS/WAN project -<http://www.freeswan.org/> -by Richard Guy Briggs. -.SH BUGS -It really ought to be possible to set or unset selective combinations -of flags. -.\" -.\" $Log: klipsdebug.8,v $ -.\" Revision 1.1 2004/03/15 20:35:28 as -.\" added files from freeswan-2.04-x509-1.5.3 -.\" -.\" Revision 1.18 2002/04/24 07:35:39 mcr -.\" Moved from ./klips/utils/klipsdebug.8,v -.\" -.\" Revision 1.17 2000/10/10 20:10:19 rgb -.\" Added support for debug_ipcomp and debug_verbose to klipsdebug. -.\" -.\" Revision 1.16 2000/08/18 17:33:11 rgb -.\" Updated obsolete netlink reference and added pfkey and tunnel-xmit. -.\" -.\" Revision 1.15 2000/06/30 18:21:55 rgb -.\" Update SEE ALSO sections to include ipsec_version(5) and ipsec_pf_key(5) -.\" and correct FILES sections to no longer refer to /dev/ipsec which has -.\" been removed since PF_KEY does not use it. -.\" -.\" Revision 1.14 2000/06/28 05:53:09 rgb -.\" Mention that netlink is obsolete. -.\" -.\" Revision 1.13 2000/06/21 16:54:58 rgb -.\" Added 'no additional args' text for listing contents of -.\" /proc/net/ipsec_* files. -.\" -.\" Revision 1.12 1999/07/19 18:47:24 henry -.\" fix slightly-misformed comments -.\" -.\" Revision 1.11 1999/04/06 04:54:37 rgb -.\" Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes -.\" patch shell fixes. -.\" -.\" diff --git a/programs/klipsdebug/klipsdebug.c b/programs/klipsdebug/klipsdebug.c deleted file mode 100644 index c205038a1..000000000 --- a/programs/klipsdebug/klipsdebug.c +++ /dev/null @@ -1,436 +0,0 @@ -/* - * control KLIPS debugging options - * Copyright (C) 1996 John Ioannidis. - * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs <rgb@freeswan.org> - * 2001 Michael Richardson <mcr@freeswan.org> - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -char klipsdebug_c_version[] = "RCSID $Id: klipsdebug.c,v 1.2 2004/06/07 15:16:34 as Exp $"; - - -#include <sys/types.h> -#include <linux/types.h> /* new */ -#include <string.h> -#include <errno.h> -#include <stdlib.h> /* system(), strtoul() */ -#include <sys/stat.h> /* open() */ -#include <fcntl.h> /* open() */ - -#include <sys/socket.h> - -#include <netinet/in.h> -#include <arpa/inet.h> - - - -#include <unistd.h> -#include <freeswan.h> -#if 0 -#include <linux/autoconf.h> /* CONFIG_IPSEC_PFKEYv2 */ -#endif - -/* permanently turn it on since netlink support has been disabled */ -#include <signal.h> -#include <pfkeyv2.h> -#include <pfkey.h> - -#include "freeswan/radij.h" -#include "freeswan/ipsec_encap.h" -#ifndef CONFIG_IPSEC_DEBUG -#define CONFIG_IPSEC_DEBUG -#endif /* CONFIG_IPSEC_DEBUG */ -#include "freeswan/ipsec_tunnel.h" - -#include <stdio.h> -#include <getopt.h> - -__u32 bigbuf[1024]; -char *program_name; - -int pfkey_sock; -fd_set pfkey_socks; -uint32_t pfkey_seq = 0; - -char copyright[] = -"Copyright (C) 1999 Henry Spencer, Richard Guy Briggs, D. Hugh Redelmeier,\n\ - Sandy Harris, Angelos D. Keromytis, John Ioannidis.\n\ -\n\ - This program is free software; you can redistribute it and/or modify it\n\ - under the terms of the GNU General Public License as published by the\n\ - Free Software Foundation; either version 2 of the License, or (at your\n\ - option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.\n\ -\n\ - This program is distributed in the hope that it will be useful, but\n\ - WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY\n\ - or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License\n\ - (file COPYING in the distribution) for more details.\n"; - -static void -usage(char * arg) -{ - fprintf(stdout, "usage: %s {--set|--clear} {tunnel|tunnel-xmit|netlink|xform|eroute|spi|radij|esp|ah|rcv|pfkey|ipcomp|verbose}\n", arg); - fprintf(stdout, " %s {--all|--none}\n", arg); - fprintf(stdout, " %s --help\n", arg); - fprintf(stdout, " %s --version\n", arg); - fprintf(stdout, " %s\n", arg); - fprintf(stdout, " [ --debug ] is optional to any %s command\n", arg); - fprintf(stdout, " [ --label <label> ] is optional to any %s command.\n", arg); - exit(1); -} - -static struct option const longopts[] = -{ - {"set", 1, 0, 's'}, - {"clear", 1, 0, 'c'}, - {"all", 0, 0, 'a'}, - {"none", 0, 0, 'n'}, - {"help", 0, 0, 'h'}, - {"version", 0, 0, 'v'}, - {"label", 1, 0, 'l'}, - {"optionsfrom", 1, 0, '+'}, - {"debug", 0, 0, 'd'}, - {0, 0, 0, 0} -}; - -int -main(int argc, char **argv) -{ -/* int fd; */ - unsigned char action = 0; - int c, previous = -1; - - int debug = 0; - int error = 0; - int argcount = argc; - int em_db_tn, em_db_nl, em_db_xf, em_db_er, em_db_sp; - int em_db_rj, em_db_es, em_db_ah, em_db_rx, em_db_ky; - int em_db_gz, em_db_vb; - - struct sadb_ext *extensions[SADB_EXT_MAX + 1]; - struct sadb_msg *pfkey_msg; - - em_db_tn=em_db_nl=em_db_xf=em_db_er=em_db_sp=0; - em_db_rj=em_db_es=em_db_ah=em_db_rx=em_db_ky=0; - em_db_gz=em_db_vb=0; - - - program_name = argv[0]; - - while((c = getopt_long(argc, argv, ""/*"s:c:anhvl:+:d"*/, longopts, 0)) != EOF) { - switch(c) { - case 'd': - debug = 1; - pfkey_lib_debug = PF_KEY_DEBUG_PARSE_MAX; - argcount--; - break; - case 's': - if(action) { - fprintf(stderr, "%s: Only one of '--set', '--clear', '--all' or '--none' options permitted.\n", - program_name); - exit(1); - } - action = 's'; - em_db_tn=em_db_nl=em_db_xf=em_db_er=em_db_sp=0; - em_db_rj=em_db_es=em_db_ah=em_db_rx=em_db_ky=0; - em_db_gz=em_db_vb=0; - if(strcmp(optarg, "tunnel") == 0) { - em_db_tn = -1L; - } else if(strcmp(optarg, "tunnel-xmit") == 0) { - em_db_tn = DB_TN_XMIT; - } else if(strcmp(optarg, "netlink") == 0) { - em_db_nl = -1L; - } else if(strcmp(optarg, "xform") == 0) { - em_db_xf = -1L; - } else if(strcmp(optarg, "eroute") == 0) { - em_db_er = -1L; - } else if(strcmp(optarg, "spi") == 0) { - em_db_sp = -1L; - } else if(strcmp(optarg, "radij") == 0) { - em_db_rj = -1L; - } else if(strcmp(optarg, "esp") == 0) { - em_db_es = -1L; - } else if(strcmp(optarg, "ah") == 0) { - em_db_ah = -1L; - } else if(strcmp(optarg, "rcv") == 0) { - em_db_rx = -1L; - } else if(strcmp(optarg, "pfkey") == 0) { - em_db_ky = -1L; - } else if(strcmp(optarg, "comp") == 0) { - em_db_gz = -1L; - } else if(strcmp(optarg, "verbose") == 0) { - em_db_vb = -1L; - } else { - usage(program_name); - } - em_db_nl |= 1 << (sizeof(em_db_nl) * 8 -1); - break; - case 'c': - if(action) { - fprintf(stderr, "%s: Only one of '--set', '--clear', '--all' or '--none' options permitted.\n", - program_name); - exit(1); - } - em_db_tn=em_db_nl=em_db_xf=em_db_er=em_db_sp=-1; - em_db_rj=em_db_es=em_db_ah=em_db_rx=em_db_ky=-1; - em_db_gz=em_db_vb=-1; - - action = 'c'; - if(strcmp(optarg, "tunnel") == 0) { - em_db_tn = 0; - } else if(strcmp(optarg, "tunnel-xmit") == 0) { - em_db_tn = ~DB_TN_XMIT; - } else if(strcmp(optarg, "netlink") == 0) { - em_db_nl = 0; - } else if(strcmp(optarg, "xform") == 0) { - em_db_xf = 0; - } else if(strcmp(optarg, "eroute") == 0) { - em_db_er = 0; - } else if(strcmp(optarg, "spi") == 0) { - em_db_sp = 0; - } else if(strcmp(optarg, "radij") == 0) { - em_db_rj = 0; - } else if(strcmp(optarg, "esp") == 0) { - em_db_es = 0; - } else if(strcmp(optarg, "ah") == 0) { - em_db_ah = 0; - } else if(strcmp(optarg, "rcv") == 0) { - em_db_rx = 0; - } else if(strcmp(optarg, "pfkey") == 0) { - em_db_ky = 0; - } else if(strcmp(optarg, "comp") == 0) { - em_db_gz = 0; - } else if(strcmp(optarg, "verbose") == 0) { - em_db_vb = 0; - } else { - usage(program_name); - } - em_db_nl &= ~(1 << (sizeof(em_db_nl) * 8 -1)); - break; - case 'a': - if(action) { - fprintf(stderr, "%s: Only one of '--set', '--clear', '--all' or '--none' options permitted.\n", - program_name); - exit(1); - } - action = 'a'; - em_db_tn=em_db_nl=em_db_xf=em_db_er=em_db_sp=-1; - em_db_rj=em_db_es=em_db_ah=em_db_rx=em_db_ky=-1; - em_db_gz=-1; - em_db_vb= 0; - break; - case 'n': - if(action) { - fprintf(stderr, "%s: Only one of '--set', '--clear', '--all' or '--none' options permitted.\n", - program_name); - exit(1); - } - action = 'n'; - em_db_tn=em_db_nl=em_db_xf=em_db_er=em_db_sp=0; - em_db_rj=em_db_es=em_db_ah=em_db_rx=em_db_ky=0; - em_db_gz=em_db_vb=0; - break; - case 'h': - case '?': - usage(program_name); - exit(1); - case 'v': - fprintf(stdout, "klipsdebug (Linux FreeS/WAN %s) %s\n", - ipsec_version_code(), klipsdebug_c_version); - fputs(copyright, stdout); - exit(0); - case 'l': - program_name = malloc(strlen(argv[0]) - + 10 /* update this when changing the sprintf() */ - + strlen(optarg)); - sprintf(program_name, "%s --label %s", - argv[0], - optarg); - argcount -= 2; - break; - case '+': /* optionsfrom */ - optionsfrom(optarg, &argc, &argv, optind, stderr); - /* no return on error */ - break; - default: - break; - } - previous = c; - } - - if(argcount == 1) { - system("cat /proc/net/ipsec_klipsdebug"); - exit(0); - } - - if(!action) { - usage(program_name); - } - - if((pfkey_sock = socket(PF_KEY, SOCK_RAW, PF_KEY_V2) ) < 0) { - fprintf(stderr, "%s: Trouble opening PF_KEY family socket with error: ", - program_name); - switch(errno) { - case ENOENT: - fprintf(stderr, "device does not exist. See FreeS/WAN installation procedure.\n"); - break; - case EACCES: - fprintf(stderr, "access denied. "); - if(getuid() == 0) { - fprintf(stderr, "Check permissions. Should be 600.\n"); - } else { - fprintf(stderr, "You must be root to open this file.\n"); - } - break; - case EUNATCH: - fprintf(stderr, "Netlink not enabled OR KLIPS not loaded.\n"); - break; - case ENODEV: - fprintf(stderr, "KLIPS not loaded or enabled.\n"); - break; - case EBUSY: - fprintf(stderr, "KLIPS is busy. Most likely a serious internal error occured in a previous command. Please report as much detail as possible to development team.\n"); - break; - case EINVAL: - fprintf(stderr, "Invalid argument, KLIPS not loaded or check kernel log messages for specifics.\n"); - break; - case ENOBUFS: - fprintf(stderr, "No kernel memory to allocate SA.\n"); - break; - case ESOCKTNOSUPPORT: - fprintf(stderr, "Algorithm support not available in the kernel. Please compile in support.\n"); - break; - case EEXIST: - fprintf(stderr, "SA already in use. Delete old one first.\n"); - break; - case ENXIO: - fprintf(stderr, "SA does not exist. Cannot delete.\n"); - break; - case EAFNOSUPPORT: - fprintf(stderr, "KLIPS not loaded or enabled.\n"); - break; - default: - fprintf(stderr, "Unknown file open error %d. Please report as much detail as possible to development team.\n", errno); - } - exit(1); - } - - pfkey_extensions_init(extensions); - - if((error = pfkey_msg_hdr_build(&extensions[0], - SADB_X_DEBUG, - 0, - 0, - ++pfkey_seq, - getpid()))) { - fprintf(stderr, "%s: Trouble building message header, error=%d.\n", - program_name, error); - pfkey_extensions_free(extensions); - exit(1); - } - - if((error = pfkey_x_debug_build(&extensions[SADB_X_EXT_DEBUG], - em_db_tn, - em_db_nl, - em_db_xf, - em_db_er, - em_db_sp, - em_db_rj, - em_db_es, - em_db_ah, - em_db_rx, - em_db_ky, - em_db_gz, - em_db_vb))) { - fprintf(stderr, "%s: Trouble building message header, error=%d.\n", - program_name, error); - pfkey_extensions_free(extensions); - exit(1); - } - - if((error = pfkey_msg_build(&pfkey_msg, extensions, EXT_BITS_IN))) { - fprintf(stderr, "%s: Trouble building pfkey message, error=%d.\n", - program_name, error); - pfkey_extensions_free(extensions); - pfkey_msg_free(&pfkey_msg); - exit(1); - } - - if((error = write(pfkey_sock, - pfkey_msg, - pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN)) != - (ssize_t)(pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN)) { - fprintf(stderr, - "%s: pfkey write failed, tried to write %u octets, returning %d with errno=%d.\n", - program_name, - (unsigned)(pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN), - error, - errno); - pfkey_extensions_free(extensions); - pfkey_msg_free(&pfkey_msg); - switch(errno) { - case EACCES: - fprintf(stderr, "access denied. "); - if(getuid() == 0) { - fprintf(stderr, "Check permissions. Should be 600.\n"); - } else { - fprintf(stderr, "You must be root to open this file.\n"); - } - break; - case EUNATCH: - fprintf(stderr, "Netlink not enabled OR KLIPS not loaded.\n"); - break; - case EBUSY: - fprintf(stderr, "KLIPS is busy. Most likely a serious internal error occured in a previous command. Please report as much detail as possible to development team.\n"); - break; - case EINVAL: - fprintf(stderr, "Invalid argument, check kernel log messages for specifics.\n"); - break; - case ENODEV: - fprintf(stderr, "KLIPS not loaded or enabled.\n"); - fprintf(stderr, "No device?!?\n"); - break; - case ENOBUFS: - fprintf(stderr, "No kernel memory to allocate SA.\n"); - break; - case ESOCKTNOSUPPORT: - fprintf(stderr, "Algorithm support not available in the kernel. Please compile in support.\n"); - break; - case EEXIST: - fprintf(stderr, "SA already in use. Delete old one first.\n"); - break; - case ENOENT: - fprintf(stderr, "device does not exist. See FreeS/WAN installation procedure.\n"); - break; - case ENXIO: - fprintf(stderr, "SA does not exist. Cannot delete.\n"); - break; - case ENOSPC: - fprintf(stderr, "no room in kernel SAref table. Cannot process request.\n"); - break; - case ESPIPE: - fprintf(stderr, "kernel SAref table internal error. Cannot process request.\n"); - break; - default: - fprintf(stderr, "Unknown socket write error %d. Please report as much detail as possible to development team.\n", errno); - } - exit(1); - } - - if(pfkey_msg) { - pfkey_extensions_free(extensions); - pfkey_msg_free(&pfkey_msg); - } - - (void) close(pfkey_sock); /* close the socket */ - exit(0); -} |