From 518dd33c94e041db0444c7d1f33da363bb8e3faf Mon Sep 17 00:00:00 2001 From: Yves-Alexis Perez Date: Thu, 24 Mar 2016 11:59:32 +0100 Subject: Imported Upstream version 5.4.0 --- .../plugins/vici/perl/Vici-Session/Changes | 6 + .../plugins/vici/perl/Vici-Session/MANIFEST | 9 + .../plugins/vici/perl/Vici-Session/Makefile.PL | 11 + .../plugins/vici/perl/Vici-Session/README.pod | 649 +++++++++++++++++++++ .../vici/perl/Vici-Session/lib/Vici/Message.pm | 256 ++++++++ .../vici/perl/Vici-Session/lib/Vici/Packet.pm | 191 ++++++ .../vici/perl/Vici-Session/lib/Vici/Session.pm | 204 +++++++ .../vici/perl/Vici-Session/lib/Vici/Transport.pm | 88 +++ .../vici/perl/Vici-Session/t/Vici-Session.t | 18 + 9 files changed, 1432 insertions(+) create mode 100644 src/libcharon/plugins/vici/perl/Vici-Session/Changes create mode 100644 src/libcharon/plugins/vici/perl/Vici-Session/MANIFEST create mode 100644 src/libcharon/plugins/vici/perl/Vici-Session/Makefile.PL create mode 100644 src/libcharon/plugins/vici/perl/Vici-Session/README.pod create mode 100644 src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Message.pm create mode 100644 src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Packet.pm create mode 100644 src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Session.pm create mode 100644 src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Transport.pm create mode 100644 src/libcharon/plugins/vici/perl/Vici-Session/t/Vici-Session.t (limited to 'src/libcharon/plugins/vici/perl/Vici-Session') diff --git a/src/libcharon/plugins/vici/perl/Vici-Session/Changes b/src/libcharon/plugins/vici/perl/Vici-Session/Changes new file mode 100644 index 000000000..0c30328fd --- /dev/null +++ b/src/libcharon/plugins/vici/perl/Vici-Session/Changes @@ -0,0 +1,6 @@ +Revision history for Perl extension Vici::Session. + +0.9 Tue Nov 17 11:45:21 2015 + - original version; created by h2xs 1.23 with options + -X -n Vici::Session + diff --git a/src/libcharon/plugins/vici/perl/Vici-Session/MANIFEST b/src/libcharon/plugins/vici/perl/Vici-Session/MANIFEST new file mode 100644 index 000000000..c19032a08 --- /dev/null +++ b/src/libcharon/plugins/vici/perl/Vici-Session/MANIFEST @@ -0,0 +1,9 @@ +Changes +Makefile.PL +MANIFEST +README.pod +t/Vici-Session.t +lib/Vici/Session.pm +lib/Vici/Message.pm +lib/Vici/Packet.pm +lib/Vici/Transport.pm diff --git a/src/libcharon/plugins/vici/perl/Vici-Session/Makefile.PL b/src/libcharon/plugins/vici/perl/Vici-Session/Makefile.PL new file mode 100644 index 000000000..65f494557 --- /dev/null +++ b/src/libcharon/plugins/vici/perl/Vici-Session/Makefile.PL @@ -0,0 +1,11 @@ +use ExtUtils::MakeMaker; +# See lib/ExtUtils/MakeMaker.pm for details of how to influence +# the contents of the Makefile that is written. +WriteMakefile( + NAME => 'Vici::Session', + VERSION_FROM => 'lib/Vici/Session.pm', # finds $VERSION + PREREQ_PM => {}, # e.g., Module::Name => 1.1 + ($] >= 5.005 ? ## Add these new keywords supported since 5.005 + (ABSTRACT_FROM => 'lib/Vici/Session.pm', # retrieve abstract from module + AUTHOR => 'Andreas Steffen strongswan.org') : ()), +); diff --git a/src/libcharon/plugins/vici/perl/Vici-Session/README.pod b/src/libcharon/plugins/vici/perl/Vici-Session/README.pod new file mode 100644 index 000000000..de374aa11 --- /dev/null +++ b/src/libcharon/plugins/vici/perl/Vici-Session/README.pod @@ -0,0 +1,649 @@ + +=head1 NAME + +Vici::Session - Perl binding for the strongSwan VICI configuration interface + +=head1 DESCRIPTION + +The Vici::Session module allows a Perl script to communicate with the open +source strongSwan IPsec daemon (https://www.strongswan.org) via the documented +Versatile IKE Configuration Interface (VICI). VICI allows the configuration, +management and monitoring of multiple IPsec connections. + +=head1 INSTALLATION + +To install this module type the following: + + perl Makefile.PL + make + make install + +=head1 DEPENDENCIES + +This module requires the standard networking module: + + IO::Socket::UNIX + +=head1 METHODS + +The following examples show the use of the Vici::Session interface in a +a "net-net" connection between the VPN gateways "moon" and "sun". + +=cut + +use strict; +use warnings; +use IO::Socket::UNIX; +use Vici::Message; +use Vici::Session; + +my $moon_key = "-----BEGIN RSA PRIVATE KEY-----\n" . + "MIIEowIBAAKCAQEApHwF+sUXQdH+WwYzdPMzpjuwhGGvHgsmBah1IQsPsddL9gZy" . + "gerzpTM1vvQ4kbRuvE3SZWLf9uKEbiQV9IABr87L9JAva56EHIAiUMuG8WizVbIK" . + "IhQlZc8S2mIwAW0Jc6EmnoJv9j6F/tVD9+6xvMJbwHLi0h7BUO9tBVLPy72YeGNB" . + "Y6Cob4CrOuFOJyACezJ7i9vZ+XzOfnXpu7qL0DgYP/n2maPEJGEivTFunkJD/mJ8" . + "DecyLTQcchsCj2118BMuf2qjVn4UWPCBBuhyYK5wsATB1ANeAtlFfgH+wsuHjZwt" . + "TJru05lGHBZ3F2hZ9PO68hVHbIZZj6SB8X47nwIDAQABAoIBAAQDXqX6rxGVDQ6t" . + "fQ3qbSUuKaVhOMOT5A6ZSJpQycY+CYVsLNkMoXszX6lUDhlH/Letcme03OAKMM77" . + "JGn9wYzHj+RcrDuE95Y2bh/oh1dWhaGeoW6pbSwpvD0FzkQKpANlOCr/5bltVxmb" . + "nHftI/sGBvUQGIal53ORE+jgV1+SK6I0oAIWiCpU2oZpYMAtp7WxOngsAJaGtk//" . + "m2ckH+T8uVHwe9gJ9HZnEk+Io6BXScMNNrsbd2J+pQ75wQXfzHEzHAj+ElhWzhtc" . + "5XefqHw/DfpPDX/lby3VoSoagqzsVuUx7LylgzIDxTsb9HQVOLjDzOQ+vn22Xj7g" . + "UCEjwLkCgYEA2EZguuzJdxRIWBSnIyzpCzfqm0EgybpeLuJVfzWla0yKWI6AeLhW" . + "cr+7o9UE8nCQHVffIrgjWksjc/S5FhzC9TYSHpPa8TPgebTQK4VxnP9Qkh/XRpJj" . + "CqgJ8k2MYleHYxa+AKQv/25yNhLdowkNR0iU1kbiaYRJMP0WigAmdAUCgYEAwrJe" . + "Y3LAawOkalJFMFTtLXsqZE91TFwMt9TQnzysGH3Q6+9N+qypS5KCes650+qgrwBV" . + "RmRNc1ixylToP3B0BKY5OD/BwMx1L/zSO3x7I4ZDasCu33y2ukGLcVSxrxTPTGdd" . + "8fhEiVO1CDXcM08/kSeQa049J8ziY3M+4NDchlMCgYEAw2VCO1923Tjb64gtQOBw" . + "ZAxOz5nVz6urL9yYted33is2yq9kbqzMnbuQAYKRh6Ae9APRuwJ2HjvIehjdp5aw" . + "pO4HDM00f7sI0ayEbu2PKfKZjotp6X6UMKqE4f8iGC9QSDvhyZ6NJs9YLHZ6+7NP" . + "5dkzbyx3njFAFxxxYpikJSkCgYByShB8YlUvvKCcRRUWbRQZWa6l2brqizJwCz43" . + "636+lcS5au2klAyBL0zm2Elfa+DNOe3U93Y7mrorIrJ+4v1H6We3bD3JdnvoIooq" . + "n0UNsngKx3cf++6r4WQAsA3pz9ZsbFVKgEmDL58aZbuQZxnSlJ4DT5c4sN3IMVOc" . + "1x5MvwKBgHudAaLvioIopBpYzOsK2OtEn6NQ7SwH0BLEUulHysaHqan5oExmM1bm" . + "YeivMDc9hj0YLXA47ryQHTx4vB5Nv3TI/LoUG6VrCvZvocQOXe/n7TguwAjJj7ef" . + "E55Gy8lXDRENyJMP1vif3N2iH8eQ1ASf8k/+gnBNkjSlYSSQUDfV\n" . + "-----END RSA PRIVATE KEY-----\n"; + +my $moon_cert = "-----BEGIN CERTIFICATE-----\n" . + "MIIEIjCCAwqgAwIBAgIBKzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ" . + "MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS" . + "b290IENBMB4XDTE0MDgyNzE0NDQ1NloXDTE5MDgyNjE0NDQ1NlowRjELMAkGA1UE" . + "BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHDAaBgNVBAMTE21vb24u" . + "c3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCk" . + "fAX6xRdB0f5bBjN08zOmO7CEYa8eCyYFqHUhCw+x10v2BnKB6vOlMzW+9DiRtG68" . + "TdJlYt/24oRuJBX0gAGvzsv0kC9rnoQcgCJQy4bxaLNVsgoiFCVlzxLaYjABbQlz" . + "oSaegm/2PoX+1UP37rG8wlvAcuLSHsFQ720FUs/LvZh4Y0FjoKhvgKs64U4nIAJ7" . + "MnuL29n5fM5+dem7uovQOBg/+faZo8QkYSK9MW6eQkP+YnwN5zItNBxyGwKPbXXw" . + "Ey5/aqNWfhRY8IEG6HJgrnCwBMHUA14C2UV+Af7Cy4eNnC1Mmu7TmUYcFncXaFn0" . + "87ryFUdshlmPpIHxfjufAgMBAAGjggEaMIIBFjAJBgNVHRMEAjAAMAsGA1UdDwQE" . + "AwIDqDAdBgNVHQ4EFgQU2CY9Iex8275aOQxbcMsDgCHerhMwbQYDVR0jBGYwZIAU" . + "XafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkwFwYDVQQK" . + "ExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJvb3QgQ0GC" . + "AQAwHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzATBgNVHSUEDDAKBggr" . + "BgEFBQcDATA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u" . + "b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCpnj6Nc+PuPLPi" . + "4E3g5hyJkr5VZy7SSglcs1uyVP2mfwj6JR9SLd5+JOsL1aCTm0y9qLcqdbHBxG8i" . + "LNLtwVKU3s1hV4EIO3saHe4XUEjxN9bDtLWEoeq5ipmYX8RJ/fXKR8/8vurBARP2" . + "xu1+wqwEhymp4jBmF0LVovT1+o+GhH66zIJnx3zR9BtfMkaeL6804hrx2ygeopeo" . + "buGvMDQ8HcnMB9OU7Y8fK0oY1kULl6hf36K5ApPA6766sRRKRvBSKlmViKSQTq5a" . + "4c8gCWAZbtdT+N/fa8hKDlZt5q10EgjTqDfGTj50xKvAneq7XdfKmYYGnIWoNLY9" . + "ga8NOzX8\n" . + "-----END CERTIFICATE-----\n"; + +my $ca_cert = "-----BEGIN CERTIFICATE-----\n" . + "MIIDuDCCAqCgAwIBAgIBADANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ" . + "MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS" . + "b290IENBMB4XDTA0MDkxMDEwMDExOFoXDTE5MDkwNzEwMDExOFowRTELMAkGA1UE" . + "BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9u" . + "Z1N3YW4gUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL/y" . + "X2LqPVZuWLPIeknK86xhz6ljd3NNhC2z+P1uoCP3sBMuZiZQEjFzhnKcbXxCeo2f" . + "FnvhOOjrrisSuVkzuu82oxXD3fIkzuS7m9V4E10EZzgmKWIf+WuNRfbgAuUINmLc" . + "4YGAXBQLPyzpP4Ou48hhz/YQo58Bics6PHy5v34qCVROIXDvqhj91P8g+pS+F21/" . + "7P+CH2jRcVIEHZtG8M/PweTPQ95dPzpYd2Ov6SZ/U7EWmbMmT8VcUYn1aChxFmy5" . + "gweVBWlkH6MP+1DeE0/tL5c87xo5KCeGK8Tdqpe7sBRC4pPEEHDQciTUvkeuJ1Pr" . + "K+1LwdqRxo7HgMRiDw8CAwEAAaOBsjCBrzASBgNVHRMBAf8ECDAGAQH/AgEBMAsG" . + "A1UdDwQEAwIBBjAdBgNVHQ4EFgQUXafdcAZRMn7ntm2zteXgYOouTe8wbQYDVR0j" . + "BGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkw" . + "FwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJv" . + "b3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACOSmqEBtBLR9aV3UyCI8gmzR5in" . + "Lte9aUXXS+qis6F2h2Stf4sN+Nl6Gj7REC6SpfEH4wWdwiUL5J0CJhyoOjQuDl3n" . + "1Dw3dE4/zqMZdyDKEYTU75TmvusNJBdGsLkrf7EATAjoi/nrTOYPPhSUZvPp/D+Y" . + "vORJ9Ej51GXlK1nwEB5iA8+tDYniNQn6BD1MEgIejzK+fbiy7braZB1kqhoEr2Si" . + "7luBSnU912sw494E88a2EWbmMvg2TVHPNzCpVkpNk7kifCiwmw9VldkqYy9y/lCa" . + "Epyp7lTfKw7cbD04Vk8QJW782L6Csuxkl346b17wmOqn8AZips3tFsuAY3w=\n" . + "-----END CERTIFICATE-----\n" ; + +=pod + +The VICI interface requires a UNIX socket in order to communicate with the +strongSwan charon daemon: + + use IO::Socket::UNIX; + + my $socket = IO::Socket::UNIX->new( + Type => SOCK_STREAM, + Peer => '/var/run/charon.vici', + ) or die "Vici socket: $!"; + +=cut + +my $socket = IO::Socket::UNIX->new( + Type => SOCK_STREAM, + Peer => '/var/run/charon.vici', +) or die "Vici socket: $!"; + +=over + +=item new() + +creates a new Vici::Session object. + + use Vici::Session; + use Vici::Message; + + my $session = Vici::Session->new($socket); + +=cut + +my $session = Vici::Session->new($socket); + +=item version() + +returns daemon and system specific version information. + + my $version = $session->version(); + +=cut + +print "----- version -----\n"; +my $version = $session->version(); +print $version->raw(), "\n"; + +=item load_cert() + +loads a certificate into the daemon. + + my %vars = ( type => 'X509', flag => 'CA', data => $ca_cert ); + my ($res, $errmsg) = $session->load_cert(Vici::Message->new(\%vars)); + +=cut + +print "----- load-cert -----\n"; +my %vars = ( type => 'X509', flag => 'CA', data => $ca_cert ); +my ($res, $errmsg) = $session->load_cert(Vici::Message->new(\%vars)); +print $res ? "ok\n" : "failed: $errmsg\n"; + +=item load_key() + +loads a private key into the daemon. + + my %vars = ( type => 'RSA', data => $moon_key ); + my ($res, $errmsg) = $session->load_key(Vici::Message->new(\%vars)); + +=cut + +print "----- load-key -----\n"; +%vars = ( type => 'RSA', data => $moon_key ); +($res, $errmsg) = $session->load_key(Vici::Message->new(\%vars)); +print $res ? "ok\n" : "failed: $errmsg\n"; + +=item load_shared() + +loads a shared IKE PSK, EAP or XAuth secret into the daemon. + + my @owners = ( 'carol' ); + my %vars = ( type => 'EAP', data => 'Ar3etTnp', owners => \@owners ); + my ($res, $errmsg) = $session->load_shared(Vici::Message->new(\%vars)); + +=cut + +print "----- load-shared -----\n"; +my @owners = ( 'carol' ); +%vars = ( type => 'EAP', data => 'Ar3etTnp', owners => \@owners ); +($res, $errmsg) = $session->load_shared(Vici::Message->new(\%vars)); +print $res ? "ok\n" : "failed: $errmsg\n"; + +=item load_authority() + +loads a single certification authority definition into the daemon. An existing +authority with the same name gets replaced. + + my @crl_uris = ( 'http://crl.strongswan.org/strongswan.crl' ); + my @ocsp_uris = ( 'http://ocsp.strongswan.org:8880' ); + + my %auth = ( + cacert => $ca_cert, + crl_uris => \@crl_uris, + ocsp_uris => \@ocsp_uris + ); + + my %vars = ( strongswan => \%auth ); + my ($res, $errmsg) = $session->load_authority(Vici::Message->new(\%vars)); + +=cut + +print "----- load-authority -----\n"; +my @crl_uris = ( 'http://crl.strongswan.org/strongswan.crl' ); +my @ocsp_uris = ( 'http://ocsp.strongswan.org:8880' ); +my %auth = ( + cacert => $ca_cert, + crl_uris => \@crl_uris, + ocsp_uris => \@ocsp_uris +); +%vars = ( strongswan => \%auth ); +($res, $errmsg) = $session->load_authority(Vici::Message->new(\%vars)); +print $res ? "ok\n" : "failed: $errmsg\n"; + +=item load_conn() + +loads a single connection definition into the daemon. An existing connection +with the same name gets updated or replaced. + + my @l_ts = ( '10.1.0.0/16' ); + my @r_ts = ( '10.2.0.0/16' ); + my @esp = ( 'aes128gcm128-modp3072' ); + + my %child = ( + local_ts => \@l_ts, + remote_ts => \@r_ts, + esp_proposals => \@esp, + ); + my %children = ( 'net-net' => \%child ); + + my @l_addrs = ( '192.168.0.1' ); + my @r_addrs = ( '192.168.0.2' ); + my @l_certs = ( $moon_cert ); + my %l = ( auth => 'pubkey', id => 'moon.strongswan.org', + certs => \@l_certs ); + my %r = ( auth => 'pubkey', id => 'sun.strongswan.org'); + my @ike = ( 'aes128-sha256-modp3072' ); + + my %gw = ( + version => 2, + mobike => 'no', + proposals => \@ike, + local_addrs => \@l_addrs, + remote_addrs => \@r_addrs, + local => \%l, + remote => \%r, + children => \%children, + ); + + my %vars = ( 'gw-gw' => \%gw); + my ($res, $errmsg) = $session->load_conn(Vici::Message->new(\%vars)); + +=cut + +print "----- load-conn -----\n"; +my @l_ts = ( '10.1.0.0/16' ); +my @r_ts = ( '10.2.0.0/16' ); +my @esp = ( 'aes128gcm128-modp3072' ); +my %child = ( + local_ts => \@l_ts, + remote_ts => \@r_ts, + esp_proposals => \@esp, +); +my %children = ( 'net-net' => \%child ); +my @l_addrs = ( '192.168.0.1' ); +my @r_addrs = ( '192.168.0.2' ); +my @l_certs = ( $moon_cert ); +my %l = ( auth => 'pubkey', id => 'moon.strongswan.org', certs => \@l_certs ); +my %r = ( auth => 'pubkey', id => 'sun.strongswan.org'); +my @ike = ( 'aes128-sha256-modp3072' ); +my %gw = ( + version => 2, + mobike => 'no', + proposals => \@ike, + local_addrs => \@l_addrs, + remote_addrs => \@r_addrs, + local => \%l, + remote => \%r, + children => \%children, +); +%vars = ( 'gw-gw' => \%gw); +($res, $errmsg) = $session->load_conn(Vici::Message->new(\%vars)); +print $res ? "ok\n" : "failed: $errmsg\n"; + +=item get_algorithms() + +lists all currently loaded algorithms and their implementation. + + my $algs = $session->get_algorithms(); + +=cut + +print "----- get-algorithms -----\n"; +my $algs = $session->get_algorithms(); +print $algs->raw(), "\n"; + +=item get_conns() + +returns a list of connection names loaded exclusively over VICI, not including +connections found in other backends. + + my $conns = $session->get_conns(); + +=cut + +print "----- get-conns -----\n"; +my $conns = $session->get_conns(); +print $conns->raw(), "\n"; + +=item list_conns() + +lists currently loaded connections by streaming list-conn events. This +call includes all connections known by the daemon, not only those loaded +over VICI. + + my $conns = $session->list_conns(); + + foreach my $conn (@$conns) + { + print $conn->raw(), "\n"; + } + +=cut + +print "----- list-conns -----\n"; +$conns = $session->list_conns(); +foreach my $conn (@$conns) +{ + print $conn->raw(), "\n"; +} + +=item initiate() + +initiates a CHILD_SA. + + my %vars = ( child => 'net-net' ); + my($res, $errmsg) = $session->initiate(Vici::Message->new(\%vars)); + +=cut + +print "----- initiate -----\n"; +%vars = ( child => 'net-net' ); +($res, $errmsg) = $session->initiate(Vici::Message->new(\%vars)); +print $res ? "ok\n" : "failed: $errmsg\n"; + +=item list_sas() + +lists currently active IKE_SAs and associated CHILD_SAs by streaming list-sa +events. + + my $sas = $session->list_sas(); + + foreach my $sa (@$sas) + { + print $sa->raw(), "\n"; + } + +=cut + +print "----- list-sas -----\n"; +my $sas = $session->list_sas(); +foreach my $sa (@$sas) +{ + print $sa->raw(), "\n"; +} + +=item get_authorities() + +returns a list of currently loaded certification authority names. + + my $auths = $session->get_authorities(); + +=cut + +print "----- get-authorities -----\n"; +my $auths = $session->get_authorities(); +print $auths->raw(), "\n"; + +=item list-authorities() + +lists currently loaded certification authority information by streaming +list-authority events. + + my $auths = $session->list_authorities(); + + foreach my $auth (@$auths) + { + print $auth->raw(), "\n"; + } + +=cut + +print "----- list-authorities -----\n"; +$auths = $session->list_authorities(); +foreach my $auth (@$auths) +{ + print $auth->raw(), "\n"; +} + +=item list_certs() + +lists currently loaded certificates by streaming list-cert events. This +call includes all certificates known by the daemon, not only those loaded +over VICI. + + my %vars = ( subject => 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' ); + my $certs = $session->list_certs(Vici::Message->new(\%vars)); + +=cut + +print "----- list-certs -----\n"; +%vars = ( subject => 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' ); +my $certs = $session->list_certs(Vici::Message->new(\%vars)); +foreach my $cert (@$certs) +{ + my $hash = $cert->hash(); + print $hash->{'type'}, ": ", length($hash->{'data'}), ' bytes', + $hash->{'has_privkey'} ? ', has private key' : '', "\n"; +} + +=item stats() + +returns IKE daemon statistics and load information. + + my $stats = $session->stats(); + +=cut + +print "----- stats -----\n"; +my $stats = $session->stats(); +print $stats->raw(), "\n"; + +=item terminate() + +terminates an IKE_SA or CHILD_SA. + + my %vars = ( ike => 'gw-gw' ); + my ($res, $errmsg) = $session->terminate(Vici::Message->new(\%vars)); + +=cut + +print "----- terminate -----\n"; +%vars = ( ike => 'gw-gw' ); +($res, $errmsg) = $session->terminate(Vici::Message->new(\%vars)); +print $res ? "ok\n" : "failed: $errmsg\n"; + +=item install() + +installs a trap, drop or bypass policy defined by a CHILD_SA config. + + my %vars = ( child => 'net-net' ); + my ($res, $errmsg) = $session->install(Vici::Message->new(\%vars)); + +=cut + +print "----- install -----\n"; +%vars = ( child => 'net-net' ); +($res, $errmsg) = $session->install(Vici::Message->new(\%vars)); +print $res ? "ok\n" : "failed: $errmsg\n"; + +=item list_policies() + +lists currently installed trap, drop and bypass policies by streaming +list-policy events. + + my %vars = ( trap => 'yes' ); + my $pols = $session->list_policies(Vici::Message->new(\%vars)); + + foreach my $pol (@$pols) + { + print $pol->raw(), "\n"; + } + +=cut + +print "----- list-policies -----\n"; +%vars = ( trap => 'yes' ); +my $pols = $session->list_policies(Vici::Message->new(\%vars)); +foreach my $pol (@$pols) +{ + print $pol->raw(), "\n"; +} + +=item uninstall() + +uninstalls a trap, drop or bypass policy defined by a CHILD_SA config. + + my %vars = ( child => 'net-net' ); + my ($res, $errmsg) = $session->uninstall(Vici::Message->new(\%vars)); + +=cut + +print "----- uninstall -----\n"; +%vars = ( child => 'net-net' ); +($res, $errmsg) = $session->uninstall(Vici::Message->new(\%vars)); +print $res ? "ok\n" : "failed: $errmsg\n"; + +=item reload_settings() + +reloads strongswan.conf settings and all plugins supporting configuration +reload. + + my ($res, $errmsg) = $session->reload_settings(); + print $res ? "ok\n" : "failed: $errmsg\n"; + +=cut + +print "----- reload-settings -----\n"; +($res, $errmsg) = $session->reload_settings(); +print $res ? "ok\n" : "failed: $errmsg\n"; + +=item unload_conn() + +unloads a previously loaded connection definition by name. + + my %vars = ( name => 'gw-gw' ); + my ($res, $errmsg) = $session->unload_conn(Vici::Message->new(\%vars)); + +=cut + +print "----- unload-conn -----\n"; +%vars = ( name => 'gw-gw' ); +($res, $errmsg) = $session->unload_conn(Vici::Message->new(\%vars)); +print $res ? "ok\n" : "failed: $errmsg\n"; + +=item unload_authority() + +unloads a previously loaded certification authority definition by name. + + my %vars = ( name => 'strongswan' ); + my ($res, $errmsg) = $session->unload_authority(Vici::Message->new(\%vars)); + +=cut + +print "----- unload-authority -----\n"; +%vars = ( name => 'strongswan' ); +($res, $errmsg) = $session->unload_authority(Vici::Message->new(\%vars)); +print $res ? "ok\n" : "failed: $errmsg\n"; + +=item clear_creds() + +clears all loaded certificate, private key and shared key credentials. This +affects only credentials loaded over vici, but additionally flushes the +credential cache. + + my ($res, $errmsg) = $session->clear_creds(); + +=cut + +print "----- clear-creds -----\n"; +($res, $errmsg) = $session->clear_creds(); +print $res ? "ok\n" : "failed: $errmsg\n"; + +=item load_pool() + +loads an in-memory virtual IP and configuration attribute pool. Existing +pools with the same name get updated, if possible. + + my %pool = ( addrs => '10.3.0.0/23' ); + my %vars = ( my_pool => \%pool ); + my ($res, $errmsg) = $session->load_pool(Vici::Message->new(\%vars)); + +=cut + +print "----- load-pool -----\n"; +my %pool = ( addrs => '10.3.0.0/23' ); +%vars = ( my_pool => \%pool ); +($res, $errmsg) = $session->load_pool(Vici::Message->new(\%vars)); +print $res ? "ok\n" : "failed: $errmsg\n"; + +=item get_pools() + +lists the currently loaded pools. + + my $pools = $session->get_pools(); + +=cut + +print "----- get-pools -----\n"; +my $pools = $session->get_pools(); +print $pools->raw(), "\n"; + +=item unload_pool() + +unloads a previously loaded virtual IP and configuration attribute pool. +Unloading fails for pools with leases currently online. + + my %vars = ( name => 'my_pool' ); + my ($res, $errmsg) = $session->unload_pool(Vici::Message->new(\%vars)); + +=cut + +print "----- unload-pool -----\n"; +%vars = ( name => 'my_pool' ); +($res, $errmsg) = $session->unload_pool(Vici::Message->new(\%vars)); +print $res ? "ok\n" : "failed: $errmsg\n"; + +=back + +=cut + +# close vici socket +close($socket); + +=head1 COPYRIGHT AND LICENCE + +Copyright (c) 2015 Andreas Steffen + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. + diff --git a/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Message.pm b/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Message.pm new file mode 100644 index 000000000..b0a942c04 --- /dev/null +++ b/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Message.pm @@ -0,0 +1,256 @@ +package Vici::Message; + +our $VERSION = '0.9'; + +use strict; +use Vici::Transport; + +use constant { + SECTION_START => 1, # Begin a new section having a name + SECTION_END => 2, # End a previously started section + KEY_VALUE => 3, # Define a value for a named key in the section + LIST_START => 4, # Begin a named list for list items + LIST_ITEM => 5, # Define an unnamed item value in the current list + LIST_END => 6, # End a previously started list +}; + +sub new { + my $class = shift; + my $hash = shift; + my $self = { + Hash => $hash + }; + bless($self, $class); + return $self; +} + +sub from_data { + my $class = shift; + my $data = shift; + my %hash = (); + + parse($data, \%hash); + + my $self = { + Hash => \%hash + }; + bless($self, $class); + return $self; +} + +sub hash { + my $self = shift; + return $self->{Hash}; +} + +sub encode { + my $self = shift; + return encode_hash($self->{'Hash'}); +} + +sub raw { + my $self = shift; + return '{' . raw_hash($self->{'Hash'}) . '}'; +} + +sub result { + my $self = shift; + my $result = $self->{'Hash'}; + return ($result->{'success'} eq 'yes', $result->{'errmsg'}); +} + +# private functions + +sub parse { + my $data = shift; + my $hash = shift; + + while (length($data) > 0) + { + (my $type, $data) = unpack('Ca*', $data); + + if ($type == SECTION_END) + { + return $data; + } + + (my $key, $data) = unpack('C/a*a*', $data); + + if ( $type == KEY_VALUE ) + { + (my $value, $data) = unpack('n/a*a*', $data); + $hash->{$key} = $value; + } + elsif ( $type == SECTION_START ) + { + my %section = (); + $data = parse($data, \%section); + $hash->{$key} = \%section; + } + elsif ( $type == LIST_START ) + { + my @list = (); + my $more = 1; + + while (length($data) > 0 and $more) + { + (my $type, $data) = unpack('Ca*', $data); + if ( $type == LIST_ITEM ) + { + (my $value, $data) = unpack('n/a*a*', $data); + push(@list, $value); + } + elsif ( $type == LIST_END ) + { + $more = 0; + $hash->{$key} = \@list; + } + else + { + die "message parsing error: ", $type, "\n" + } + } + } + else + { + die "message parsing error: ", $type, "\n" + } + } + return $data; +} + + +sub encode_hash { + my $hash = shift; + my $enc = ''; + + while ( (my $key, my $value) = each %$hash ) + { + if ( ref($value) eq 'HASH' ) + { + $enc .= pack('CC/a*', SECTION_START, $key); + $enc .= encode_hash($value); + $enc .= pack('C', SECTION_END); + } + elsif ( ref($value) eq 'ARRAY' ) + { + $enc .= pack('CC/a*', LIST_START, $key); + + foreach my $item (@$value) + { + $enc .= pack('Cn/a*', LIST_ITEM, $item); + } + $enc .= pack('C', LIST_END); + } + else + { + $enc .= pack('CC/a*n/a*', KEY_VALUE, $key, $value); + } + } + return $enc; +} + +sub raw_hash { + my $hash = shift; + my $raw = ''; + my $first = 1; + + while ( (my $key, my $value) = each %$hash ) + { + if ($first) + { + $first = 0; + } + else + { + $raw .= ' '; + } + $raw .= $key; + + if ( ref($value) eq 'HASH' ) + { + $raw .= '{' . raw_hash($value) . '}'; + } + elsif ( ref($value) eq 'ARRAY' ) + { + my $first_item = 1; + $raw .= '['; + + foreach my $item (@$value) + { + if ($first_item) + { + $first_item = 0; + } + else + { + $raw .= ' '; + } + $raw .= $item; + } + $raw .= ']'; + } + else + { + $raw .= '=' . $value; + } + } + return $raw; +} + +1; +__END__ +=head1 NAME + +Vici::Message - Perl extension for building and parsing strongSwan VICI messages + +=head1 SYNOPSIS + + use Vici::Message; + +=head1 DESCRIPTION + +The Vici::Message module is needed by the Vici::Session module to build and +parse messages used in the communication with the open source strongSwan IPsec +daemon (https://www.strongswan.com) via the documented Versatile IKE +Configuration Interface (VICI). VICI allows the configuration, management and +monitoring of multiple IPsec connections. + +=head2 EXPORT + +None by default. + +=head1 SEE ALSO + +strongSwan Wiki: https://wiki.strongswan.org/projects/strongswan/wiki/Vici + +strongSwan Mailing list: users@lists.strongswan.org + +=head1 AUTHOR + +Andreas Steffen, Eandreas.steffen@strongswan.orgE + +=head1 COPYRIGHT AND LICENSE + +Copyright (C) 2015 by Andreas Steffen + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. + +=cut + diff --git a/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Packet.pm b/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Packet.pm new file mode 100644 index 000000000..9e2b77fa5 --- /dev/null +++ b/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Packet.pm @@ -0,0 +1,191 @@ +package Vici::Packet; + +our $VERSION = '0.9'; + +use strict; +use Vici::Message; +use Vici::Transport; + +use constant { + CMD_REQUEST => 0, # Named request message + CMD_RESPONSE => 1, # Unnamed response message for a request + CMD_UNKNOWN => 2, # Unnamed response if requested command is unknown + EVENT_REGISTER => 3, # Named event registration request + EVENT_UNREGISTER => 4, # Named event de-registration request + EVENT_CONFIRM => 5, # Unnamed confirmation for event (de-)registration + EVENT_UNKNOWN => 6, # Unnamed response if event (de-)registration failed + EVENT => 7, # Named event message +}; + +sub new { + my $class = shift; + my $socket = shift; + my $self = { + Transport => Vici::Transport->new($socket), + }; + bless($self, $class); + return $self; +} + +sub request { + my ($self, $command, $vars) = @_; + my $out = defined $vars ? $vars->encode() : ''; + my $request = pack('CC/a*a*', CMD_REQUEST, $command, $out); + $self->{'Transport'}->send($request); + + my $response = $self->{'Transport'}->receive(); + my ($type, $data) = unpack('Ca*', $response); + + if ( $type == CMD_RESPONSE ) + { + return Vici::Message->from_data($data); + } + elsif ( $type == CMD_UNKNOWN ) + { + die "unknown command '", $command, "'\n" + } + else + { + die "invalid response type\n" + } +} + +sub register { + my ($self, $event) = @_; + my $request = pack('CC/a*a*', EVENT_REGISTER, $event); + $self->{'Transport'}->send($request); + + my $response = $self->{'Transport'}->receive(); + my ($type, $data) = unpack('Ca*', $response); + + if ( $type == EVENT_CONFIRM ) + { + return + } + elsif ( $type == EVENT_UNKNOWN ) + { + die "unknown event '", $event, "'\n" + } + else + { + die "invalid response type\n" + } +} + +sub unregister { + my ($self, $event) = @_; + my $request = pack('CC/a*a*', EVENT_UNREGISTER, $event); + $self->{'Transport'}->send($request); + + my $response = $self->{'Transport'}->receive(); + my ($type, $data) = unpack('Ca*', $response); + + if ( $type == EVENT_CONFIRM ) + { + return + } + elsif ( $type == EVENT_UNKNOWN ) + { + die "unknown event '", $event, "'\n" + } + else + { + die "invalid response type\n" + } +} + +sub streamed_request { + my ($self, $command, $event, $vars) = @_; + my $out = defined $vars ? $vars->encode() : ''; + + $self->register($event); + + my $request = pack('CC/a*a*', CMD_REQUEST, $command, $out); + $self->{'Transport'}->send($request); + my $more = 1; + my @list = (); + + while ($more) + { + my $response = $self->{'Transport'}->receive(); + my ($type, $data) = unpack('Ca*', $response); + + if ( $type == EVENT ) + { + (my $event_name, $data) = unpack('C/a*a*', $data); + + if ($event_name eq $event) + { + my $msg = Vici::Message->from_data($data); + push(@list, $msg); + } + } + elsif ( $type == CMD_RESPONSE ) + { + $self->unregister($event); + $more = 0; + } + else + { + $self->unregister($event); + die "invalid response type\n"; + } + } + return \@list; +} + +1; +__END__ +=head1 NAME + +Vici::Packet - Perl extension for sending and receiving strongSwan VICI packets + +=head1 SYNOPSIS + + use Vici::Packet; + +=head1 DESCRIPTION + +The Vici::Packet module is needed by the Vici::Session module to send and +receive packets used in the communication with the open source strongSwan IPsec +daemon (https://www.strongswan.com) via the documented Versatile IKE +Configuration Interface (VICI). VICI allows the configuration, management and +monitoring of multiple IPsec connections. + +=head2 EXPORT + +None by default. + +=head1 SEE ALSO + +strongSwan Wiki: https://wiki.strongswan.org/projects/strongswan/wiki/Vici + +strongSwan Mailing list: users@lists.strongswan.org + +=head1 AUTHOR + +Andreas Steffen, Eandreas.steffen@strongswan.orgE + +=head1 COPYRIGHT AND LICENSE + +Copyright (C) 2015 by Andreas Steffen + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. + +=cut diff --git a/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Session.pm b/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Session.pm new file mode 100644 index 000000000..78197136a --- /dev/null +++ b/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Session.pm @@ -0,0 +1,204 @@ +package Vici::Session; + +our $VERSION = '0.9'; + +use strict; +use Vici::Packet; +use Vici::Message; + +sub new { + my $class = shift; + my $socket = shift; + my $self = { + Packet => Vici::Packet->new($socket), + }; + bless($self, $class); + return $self; +} + +sub version { + return request('version', @_); +} + +sub stats { + return request('stats', @_); +} + +sub reload_settings { + return request_res('reload-settings', @_); +} + +sub initiate { + return request_vars_res('initiate', @_); +} + +sub terminate { + return request_vars_res('terminate', @_); +} + +sub redirect { + return request_vars_res('redirect', @_); +} + +sub install { + return request_vars_res('install', @_); +} + +sub uninstall { + return request_vars_res('uninstall', @_); +} + +sub list_sas { + return request_list('list-sas', 'list-sa', @_); +} + +sub list_policies { + return request_list('list-policies', 'list-policy', @_); +} + +sub list_conns { + return request_list('list-conns', 'list-conn', @_); +} + +sub get_conns { + return request('get-conns', @_); +} + +sub list_certs { + return request_list('list-certs', 'list-cert', @_); +} + +sub list_authorities { + return request_list('list-authorities', 'list-authority', @_); +} + +sub get_authorities { + return request('get-authorities', @_); +} + +sub load_conn { + return request_vars_res('load-conn', @_); +} + +sub unload_conn { + return request_vars_res('unload-conn', @_); +} + +sub load_cert { + return request_vars_res('load-cert', @_); +} + +sub load_key { + return request_vars_res('load-key', @_); +} + +sub load_shared { + return request_vars_res('load-shared', @_); +} + +sub clear_creds { + return request_res('clear-creds', @_); +} + +sub load_authority { + return request_vars_res('load-authority', @_); +} + +sub unload_authority { + return request_vars_res('unload-authority', @_); +} + +sub load_pool { + return request_vars_res('load-pool', @_); +} + +sub unload_pool { + return request_vars_res('unload-pool', @_); +} + +sub get_pools { + return request('get-pools', @_); +} + +sub get_algorithms { + return request('get-algorithms', @_); +} + +# Private functions + +sub request { + my ($command, $self) = @_; + return $self->{'Packet'}->request($command); +} + +sub request_res { + my ($command, $self) = @_; + my $msg = $self->{'Packet'}->request($command); + return $msg->result(); +} + +sub request_vars_res { + my ($command, $self, $vars) = @_; + my $msg = $self->{'Packet'}->request($command, $vars); + return $msg->result(); +} + +sub request_list { + my ($command, $event, $self, $vars) = @_; + return $self->{'Packet'}->streamed_request($command, $event, $vars); +} + +1; +__END__ +=head1 NAME + +Vici::Session - Perl binding for the strongSwan VICI configuration interface + +=head1 SYNOPSIS + + use Vici::Session; + +=head1 DESCRIPTION + +The Vici::Session module allows a Perl script to communicate with the open +source strongSwan IPsec daemon (https://www.strongswan.com) via the documented +Versatile IKE Configuration Interface (VICI). VICI allows the configuration, +management and monitoring of multiple IPsec connections. + +=head2 EXPORT + +None by default. + +=head1 SEE ALSO + +strongSwan Wiki: https://wiki.strongswan.org/projects/strongswan/wiki/Vici + +strongSwan Mailing list: users@lists.strongswan.org + +=head1 AUTHOR + +Andreas Steffen, Eandreas.steffen@strongswan.orgE + +=head1 COPYRIGHT AND LICENSE + +Copyright (C) 2015 by Andreas Steffen + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. + +=cut diff --git a/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Transport.pm b/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Transport.pm new file mode 100644 index 000000000..6524bf76d --- /dev/null +++ b/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Transport.pm @@ -0,0 +1,88 @@ +package Vici::Transport; + +our $VERSION = '0.9'; + +use strict; + +sub new { + my $class = shift; + my $self = { + Socket => shift, + }; + bless($self, $class); + return $self; +} + +sub send { + my ($self, $data) = @_; + my $packet = pack('N/a*', $data); + $self->{'Socket'}->send($packet); +} + +sub receive { + my $self = shift; + my $packet_header; + my $data; + + $self->{'Socket'}->recv($packet_header, 4); + my $packet_len = unpack('N', $packet_header); + $self->{'Socket'}->recv($data, $packet_len); + return $data; +} + +1; +__END__ +=head1 NAME + +Vici::Transport - Perl extension for communicating via a strongSwan VICI socket + +=head1 SYNOPSIS + + use Vici::Transport; + +=head1 DESCRIPTION + +The Vici::Transport module is needed by the Vici::Packet module to send +and receive packets over the UNIX socket used in the communication with the +open source strongSwan IPsec daemon (https://www.strongswan.com) via the +documented Versatile IKE Configuration Interface (VICI). VICI allows the +onfiguration, management and monitoring of multiple IPsec connections. + +=head2 EXPORT + +None by default. + +=head1 SEE ALSO + +strongSwan Wiki: https://wiki.strongswan.org/projects/strongswan/wiki/Vici + +strongSwan Mailing list: users@lists.strongswan.org + +=head1 AUTHOR + +Andreas Steffen, Eandreas.steffen@strongswan.orgE + +=head1 COPYRIGHT AND LICENSE + +Copyright (C) 2015 by Andreas Steffen + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. + +=cut + diff --git a/src/libcharon/plugins/vici/perl/Vici-Session/t/Vici-Session.t b/src/libcharon/plugins/vici/perl/Vici-Session/t/Vici-Session.t new file mode 100644 index 000000000..4c321f3e1 --- /dev/null +++ b/src/libcharon/plugins/vici/perl/Vici-Session/t/Vici-Session.t @@ -0,0 +1,18 @@ +# Before 'make install' is performed this script should be runnable with +# 'make test'. After 'make install' it should work as 'perl Vici-Session.t' + +######################### + +# change 'tests => 1' to 'tests => last_test_to_print'; + +use strict; +use warnings; + +use Test::More tests => 1; +BEGIN { use_ok('Vici::Session') }; + +######################### + +# Insert your test code below, the Test::More module is use()ed here so read +# its man page ( perldoc Test::More ) for help writing this test script. + -- cgit v1.2.3