ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

Built the CPAN file structure for the Vici::Session perl module

This commit is contained in:
Andreas Steffen 2015-11-17 13:32:54 +01:00
parent a101bce862
commit a17b6d469c
16 changed files with 1044 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
configure.ac
View File

@ -449,6 +449,10 @@ if test x$python_eggs_install = xtrue; then
python_eggs=true
fi
if test x$perl_cpan_install = xtrue; then
python_cpan=true
fi
# ===========================================
# check required libraries and header files
# ===========================================
@ -1249,6 +1253,8 @@ if test x$python_eggs = xtrue; then
fi
AM_CONDITIONAL(PYTHON_EGGS_INSTALL, [test "x$python_eggs_install" = xtrue])
AM_CONDITIONAL(PERL_CPAN_INSTALL, [test "x$perl_cpan_install" = xtrue])
# ===============================================
# collect plugin list for strongSwan components
# ===============================================

40
src/libcharon/plugins/vici/README.md
View File

@ -1078,3 +1078,43 @@ dictionaries. Objects returned by the library use OrderedDicts.
For more details about the Python egg refer to the comments in the Python source
code.
# Vici::Session Perl CPAN module #
The _Vici::Session Perl CPAN module_ is a pure Perl implementation of the VICI
protocol to implement client applications. It is provided in the _perl_
subdirectory, and gets built and installed if strongSwan has been
_./configure_'d with_--enable-vici_ and _--enable-perl-cpan_.
The _Vici::Session_ module provides a _new()_ constructor for a high level
interface, the underlying _Vici::Packet_ and _Vici::Transport_ classes are
usually not required to build Perl applications using VICI. The _Vici::Session_
class provides methods for the supported VICI commands. The auxiliare
_Vici::Message_ class is used to encode configuration parameters sent to
the daemon and decode data returned by the daemon.
## Connecting to the daemon ##
use IO::Socket::UNIX;
use Vici::Session;
use Vici::Message;
my $socket = IO::Socket::UNIX->new(
Type => SOCK_STREAM,
Peer => '/var/run/charon.vici',
) or die "Vici socket: $!";
my $session = Vici::Session->new($socket);
## A simple client request ##
An example to print the daemon version information is as simple as:
my $version = $session->version()->hash();
foreach my $key ('daemon', 'version', 'sysname', 'release', 'machine' ) {
print $version->{$key}, " ";
}
The _Vici::Session_ methods are explained in the perl/Vici-Session/README.pod
document.

5
src/libcharon/plugins/vici/perl/.gitignore vendored Normal file
View File

@ -0,0 +1,5 @@
Makefile.old
Vici-Session/MYMETA.json
Vici-Session/MYMETA.yml
Vici-Session/pm_to_blib
Vici-Session/blib/

19
src/libcharon/plugins/vici/perl/LICENSE
View File

@ -1,19 +0,0 @@
Copyright (c) 2015 Andreas Steffen
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.

1
src/libcharon/plugins/vici/perl/MANIFEST.in
View File

@ -1 +0,0 @@
include LICENSE

31
src/libcharon/plugins/vici/perl/Makefile.am
View File

@ -1,6 +1,27 @@
EXTRA_DIST = LICENSE \
Vici/Message.pm \
Vici/Packet.pm \
Vici/Session.pm \
Vici/Transport.pm
EXTRA_DIST = \
Vici-Session/Changes \
Vici-Session/Makefile.PL \
Vici-Session/MANIFEST \
Vici-Session/README.pod \
Vici-Session/t/Vici-Session.t \
Vici-Session/lib/Vici/Message.pm \
Vici-Session/lib/Vici/Packet.pm \
Vici-Session/lib/Vici/Session.pm \
Vici-Session/lib/Vici/Transport.pm
all-local: Vici-Session/pm_to_blib
Vici-Session/Makefile: $(srcdir)/Vici-Session/Makefile.PL
(cd $(srcdir)/Vici-Session; $(PERL) Makefile.PL)
Vici-Session/pm_to_blib: $(EXTRA_DIST) $(srcdir)/Vici-Session/Makefile
(cd $(srcdir)/Vici-Session; make)
clean-local:
(cd $(srcdir)/Vici-Session; make clean)
if PERL_CPAN_INSTALL
install-exec-local: Vici-Session/pm_to_blib
(cd $(srcdir)/Vici-Session; make install)
endif

6
src/libcharon/plugins/vici/perl/Vici-Session/Changes Normal file
View File

@ -0,0 +1,6 @@
Revision history for Perl extension Vici::Session.
0.9 Tue Nov 17 11:45:21 2015
- original version; created by h2xs 1.23 with options
-X -n Vici::Session

9
src/libcharon/plugins/vici/perl/Vici-Session/MANIFEST Normal file
View File

@ -0,0 +1,9 @@
Changes
Makefile.PL
MANIFEST
README.pod
t/Vici-Session.t
lib/Vici/Session.pm
lib/Vici/Message.pm
lib/Vici/Packet.pm
lib/Vici/Transport.pm

11
src/libcharon/plugins/vici/perl/Vici-Session/Makefile.PL Normal file
View File

@ -0,0 +1,11 @@
use ExtUtils::MakeMaker;
# See lib/ExtUtils/MakeMaker.pm for details of how to influence
# the contents of the Makefile that is written.
WriteMakefile(
NAME => 'Vici::Session',
VERSION_FROM => 'lib/Vici/Session.pm', # finds $VERSION
PREREQ_PM => {}, # e.g., Module::Name => 1.1
($] >= 5.005 ? ## Add these new keywords supported since 5.005
(ABSTRACT_FROM => 'lib/Vici/Session.pm', # retrieve abstract from module
AUTHOR => 'Andreas Steffen <andreas.steffen@>strongswan.org') : ()),
);

649
src/libcharon/plugins/vici/perl/Vici-Session/README.pod Normal file
View File

@ -0,0 +1,649 @@
=head1 NAME
Vici::Session - Perl binding for the strongSwan VICI configuration interface
=head1 DESCRIPTION
The Vici::Session module allows a Perl script to communicate with the open
source strongSwan IPsec daemon (https://www.strongswan.org) via the documented
Versatile IKE Configuration Interface (VICI). VICI allows the configuration,
management and monitoring of multiple IPsec connections.
=head1 INSTALLATION
To install this module type the following:
perl Makefile.PL
make
make install
=head1 DEPENDENCIES
This module requires the standard networking module:
IO::Socket::UNIX
=head1 METHODS
The following examples show the use of the Vici::Session interface in a
a "net-net" connection between the VPN gateways "moon" and "sun".
=cut
use strict;
use warnings;
use IO::Socket::UNIX;
use Vici::Message;
use Vici::Session;
my $moon_key = "-----BEGIN RSA PRIVATE KEY-----\n" .
"MIIEowIBAAKCAQEApHwF+sUXQdH+WwYzdPMzpjuwhGGvHgsmBah1IQsPsddL9gZy" .
"gerzpTM1vvQ4kbRuvE3SZWLf9uKEbiQV9IABr87L9JAva56EHIAiUMuG8WizVbIK" .
"IhQlZc8S2mIwAW0Jc6EmnoJv9j6F/tVD9+6xvMJbwHLi0h7BUO9tBVLPy72YeGNB" .
"Y6Cob4CrOuFOJyACezJ7i9vZ+XzOfnXpu7qL0DgYP/n2maPEJGEivTFunkJD/mJ8" .
"DecyLTQcchsCj2118BMuf2qjVn4UWPCBBuhyYK5wsATB1ANeAtlFfgH+wsuHjZwt" .
"TJru05lGHBZ3F2hZ9PO68hVHbIZZj6SB8X47nwIDAQABAoIBAAQDXqX6rxGVDQ6t" .
"fQ3qbSUuKaVhOMOT5A6ZSJpQycY+CYVsLNkMoXszX6lUDhlH/Letcme03OAKMM77" .
"JGn9wYzHj+RcrDuE95Y2bh/oh1dWhaGeoW6pbSwpvD0FzkQKpANlOCr/5bltVxmb" .
"nHftI/sGBvUQGIal53ORE+jgV1+SK6I0oAIWiCpU2oZpYMAtp7WxOngsAJaGtk//" .
"m2ckH+T8uVHwe9gJ9HZnEk+Io6BXScMNNrsbd2J+pQ75wQXfzHEzHAj+ElhWzhtc" .
"5XefqHw/DfpPDX/lby3VoSoagqzsVuUx7LylgzIDxTsb9HQVOLjDzOQ+vn22Xj7g" .
"UCEjwLkCgYEA2EZguuzJdxRIWBSnIyzpCzfqm0EgybpeLuJVfzWla0yKWI6AeLhW" .
"cr+7o9UE8nCQHVffIrgjWksjc/S5FhzC9TYSHpPa8TPgebTQK4VxnP9Qkh/XRpJj" .
"CqgJ8k2MYleHYxa+AKQv/25yNhLdowkNR0iU1kbiaYRJMP0WigAmdAUCgYEAwrJe" .
"Y3LAawOkalJFMFTtLXsqZE91TFwMt9TQnzysGH3Q6+9N+qypS5KCes650+qgrwBV" .
"RmRNc1ixylToP3B0BKY5OD/BwMx1L/zSO3x7I4ZDasCu33y2ukGLcVSxrxTPTGdd" .
"8fhEiVO1CDXcM08/kSeQa049J8ziY3M+4NDchlMCgYEAw2VCO1923Tjb64gtQOBw" .
"ZAxOz5nVz6urL9yYted33is2yq9kbqzMnbuQAYKRh6Ae9APRuwJ2HjvIehjdp5aw" .
"pO4HDM00f7sI0ayEbu2PKfKZjotp6X6UMKqE4f8iGC9QSDvhyZ6NJs9YLHZ6+7NP" .
"5dkzbyx3njFAFxxxYpikJSkCgYByShB8YlUvvKCcRRUWbRQZWa6l2brqizJwCz43" .
"636+lcS5au2klAyBL0zm2Elfa+DNOe3U93Y7mrorIrJ+4v1H6We3bD3JdnvoIooq" .
"n0UNsngKx3cf++6r4WQAsA3pz9ZsbFVKgEmDL58aZbuQZxnSlJ4DT5c4sN3IMVOc" .
"1x5MvwKBgHudAaLvioIopBpYzOsK2OtEn6NQ7SwH0BLEUulHysaHqan5oExmM1bm" .
"YeivMDc9hj0YLXA47ryQHTx4vB5Nv3TI/LoUG6VrCvZvocQOXe/n7TguwAjJj7ef" .
"E55Gy8lXDRENyJMP1vif3N2iH8eQ1ASf8k/+gnBNkjSlYSSQUDfV\n" .
"-----END RSA PRIVATE KEY-----\n";
my $moon_cert = "-----BEGIN CERTIFICATE-----\n" .
"MIIEIjCCAwqgAwIBAgIBKzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ" .
"MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS" .
"b290IENBMB4XDTE0MDgyNzE0NDQ1NloXDTE5MDgyNjE0NDQ1NlowRjELMAkGA1UE" .
"BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHDAaBgNVBAMTE21vb24u" .
"c3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCk" .
"fAX6xRdB0f5bBjN08zOmO7CEYa8eCyYFqHUhCw+x10v2BnKB6vOlMzW+9DiRtG68" .
"TdJlYt/24oRuJBX0gAGvzsv0kC9rnoQcgCJQy4bxaLNVsgoiFCVlzxLaYjABbQlz" .
"oSaegm/2PoX+1UP37rG8wlvAcuLSHsFQ720FUs/LvZh4Y0FjoKhvgKs64U4nIAJ7" .
"MnuL29n5fM5+dem7uovQOBg/+faZo8QkYSK9MW6eQkP+YnwN5zItNBxyGwKPbXXw" .
"Ey5/aqNWfhRY8IEG6HJgrnCwBMHUA14C2UV+Af7Cy4eNnC1Mmu7TmUYcFncXaFn0" .
"87ryFUdshlmPpIHxfjufAgMBAAGjggEaMIIBFjAJBgNVHRMEAjAAMAsGA1UdDwQE" .
"AwIDqDAdBgNVHQ4EFgQU2CY9Iex8275aOQxbcMsDgCHerhMwbQYDVR0jBGYwZIAU" .
"XafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkwFwYDVQQK" .
"ExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJvb3QgQ0GC" .
"AQAwHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzATBgNVHSUEDDAKBggr" .
"BgEFBQcDATA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u" .
"b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCpnj6Nc+PuPLPi" .
"4E3g5hyJkr5VZy7SSglcs1uyVP2mfwj6JR9SLd5+JOsL1aCTm0y9qLcqdbHBxG8i" .
"LNLtwVKU3s1hV4EIO3saHe4XUEjxN9bDtLWEoeq5ipmYX8RJ/fXKR8/8vurBARP2" .
"xu1+wqwEhymp4jBmF0LVovT1+o+GhH66zIJnx3zR9BtfMkaeL6804hrx2ygeopeo" .
"buGvMDQ8HcnMB9OU7Y8fK0oY1kULl6hf36K5ApPA6766sRRKRvBSKlmViKSQTq5a" .
"4c8gCWAZbtdT+N/fa8hKDlZt5q10EgjTqDfGTj50xKvAneq7XdfKmYYGnIWoNLY9" .
"ga8NOzX8\n" .
"-----END CERTIFICATE-----\n";
my $ca_cert = "-----BEGIN CERTIFICATE-----\n" .
"MIIDuDCCAqCgAwIBAgIBADANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ" .
"MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS" .
"b290IENBMB4XDTA0MDkxMDEwMDExOFoXDTE5MDkwNzEwMDExOFowRTELMAkGA1UE" .
"BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9u" .
"Z1N3YW4gUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL/y" .
"X2LqPVZuWLPIeknK86xhz6ljd3NNhC2z+P1uoCP3sBMuZiZQEjFzhnKcbXxCeo2f" .
"FnvhOOjrrisSuVkzuu82oxXD3fIkzuS7m9V4E10EZzgmKWIf+WuNRfbgAuUINmLc" .
"4YGAXBQLPyzpP4Ou48hhz/YQo58Bics6PHy5v34qCVROIXDvqhj91P8g+pS+F21/" .
"7P+CH2jRcVIEHZtG8M/PweTPQ95dPzpYd2Ov6SZ/U7EWmbMmT8VcUYn1aChxFmy5" .
"gweVBWlkH6MP+1DeE0/tL5c87xo5KCeGK8Tdqpe7sBRC4pPEEHDQciTUvkeuJ1Pr" .
"K+1LwdqRxo7HgMRiDw8CAwEAAaOBsjCBrzASBgNVHRMBAf8ECDAGAQH/AgEBMAsG" .
"A1UdDwQEAwIBBjAdBgNVHQ4EFgQUXafdcAZRMn7ntm2zteXgYOouTe8wbQYDVR0j" .
"BGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkw" .
"FwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJv" .
"b3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACOSmqEBtBLR9aV3UyCI8gmzR5in" .
"Lte9aUXXS+qis6F2h2Stf4sN+Nl6Gj7REC6SpfEH4wWdwiUL5J0CJhyoOjQuDl3n" .
"1Dw3dE4/zqMZdyDKEYTU75TmvusNJBdGsLkrf7EATAjoi/nrTOYPPhSUZvPp/D+Y" .
"vORJ9Ej51GXlK1nwEB5iA8+tDYniNQn6BD1MEgIejzK+fbiy7braZB1kqhoEr2Si" .
"7luBSnU912sw494E88a2EWbmMvg2TVHPNzCpVkpNk7kifCiwmw9VldkqYy9y/lCa" .
"Epyp7lTfKw7cbD04Vk8QJW782L6Csuxkl346b17wmOqn8AZips3tFsuAY3w=\n" .
"-----END CERTIFICATE-----\n" ;
=pod
The VICI interface requires a UNIX socket in order to communicate with the
strongSwan charon daemon:
use IO::Socket::UNIX;
my $socket = IO::Socket::UNIX->new(
Type => SOCK_STREAM,
Peer => '/var/run/charon.vici',
) or die "Vici socket: $!";
=cut
my $socket = IO::Socket::UNIX->new(
Type => SOCK_STREAM,
Peer => '/var/run/charon.vici',
) or die "Vici socket: $!";
=over
=item new()
creates a new Vici::Session object.
use Vici::Session;
use Vici::Message;
my $session = Vici::Session->new($socket);
=cut
my $session = Vici::Session->new($socket);
=item version()
returns daemon and system specific version information.
my $version = $session->version();
=cut
print "----- version -----\n";
my $version = $session->version();
print $version->raw(), "\n";
=item load_cert()
loads a certificate into the daemon.
my %vars = ( type => 'X509CA', data => $ca_cert );
my ($res, $errmsg) = $session->load_cert(Vici::Message->new(\%vars));
=cut
print "----- load-cert -----\n";
my %vars = ( type => 'X509CA', data => $ca_cert );
my ($res, $errmsg) = $session->load_cert(Vici::Message->new(\%vars));
print $res ? "ok\n" : "failed: $errmsg\n";
=item load_key()
loads a private key into the daemon.
my %vars = ( type => 'RSA', data => $moon_key );
my ($res, $errmsg) = $session->load_key(Vici::Message->new(\%vars));
=cut
print "----- load-key -----\n";
%vars = ( type => 'RSA', data => $moon_key );
($res, $errmsg) = $session->load_key(Vici::Message->new(\%vars));
print $res ? "ok\n" : "failed: $errmsg\n";
=item load_shared()
loads a shared IKE PSK, EAP or XAuth secret into the daemon.
my @owners = ( 'carol' );
my %vars = ( type => 'EAP', data => 'Ar3etTnp', owners => \@owners );
my ($res, $errmsg) = $session->load_shared(Vici::Message->new(\%vars));
=cut
print "----- load-shared -----\n";
my @owners = ( 'carol' );
%vars = ( type => 'EAP', data => 'Ar3etTnp', owners => \@owners );
($res, $errmsg) = $session->load_shared(Vici::Message->new(\%vars));
print $res ? "ok\n" : "failed: $errmsg\n";
=item load_authority()
loads a single certification authority definition into the daemon. An existing
authority with the same name gets replaced.
my @crl_uris = ( 'http://crl.strongswan.org/strongswan.crl' );
my @ocsp_uris = ( 'http://ocsp.strongswan.org:8880' );
my %auth = (
cacert => $ca_cert,
crl_uris => \@crl_uris,
ocsp_uris => \@ocsp_uris
);
my %vars = ( strongswan => \%auth );
my ($res, $errmsg) = $session->load_authority(Vici::Message->new(\%vars));
=cut
print "----- load-authority -----\n";
my @crl_uris = ( 'http://crl.strongswan.org/strongswan.crl' );
my @ocsp_uris = ( 'http://ocsp.strongswan.org:8880' );
my %auth = (
cacert => $ca_cert,
crl_uris => \@crl_uris,
ocsp_uris => \@ocsp_uris
);
%vars = ( strongswan => \%auth );
($res, $errmsg) = $session->load_authority(Vici::Message->new(\%vars));
print $res ? "ok\n" : "failed: $errmsg\n";
=item load_conn()
loads a single connection definition into the daemon. An existing connection
with the same name gets updated or replaced.
my @l_ts = ( '10.1.0.0/16' );
my @r_ts = ( '10.2.0.0/16' );
my @esp = ( 'aes128gcm128-modp2048' );
my %child = (
local_ts => \@l_ts,
remote_ts => \@r_ts,
esp_proposals => \@esp,
);
my %children = ( 'net-net' => \%child );
my @l_addrs = ( '192.168.0.1' );
my @r_addrs = ( '192.168.0.2' );
my @l_certs = ( $moon_cert );
my %l = ( auth => 'pubkey', id => 'moon.strongswan.org',
certs => \@l_certs );
my %r = ( auth => 'pubkey', id => 'sun.strongswan.org');
my @ike = ( 'aes128-sha256-modp2048' );
my %gw = (
version => 2,
mobike => 'no',
proposals => \@ike,
local_addrs => \@l_addrs,
remote_addrs => \@r_addrs,
local => \%l,
remote => \%r,
children => \%children,
);
my %vars = ( 'gw-gw' => \%gw);
my ($res, $errmsg) = $session->load_conn(Vici::Message->new(\%vars));
=cut
print "----- load-conn -----\n";
my @l_ts = ( '10.1.0.0/16' );
my @r_ts = ( '10.2.0.0/16' );
my @esp = ( 'aes128gcm128-modp2048' );
my %child = (
local_ts => \@l_ts,
remote_ts => \@r_ts,
esp_proposals => \@esp,
);
my %children = ( 'net-net' => \%child );
my @l_addrs = ( '192.168.0.1' );
my @r_addrs = ( '192.168.0.2' );
my @l_certs = ( $moon_cert );
my %l = ( auth => 'pubkey', id => 'moon.strongswan.org', certs => \@l_certs );
my %r = ( auth => 'pubkey', id => 'sun.strongswan.org');
my @ike = ( 'aes128-sha256-modp2048' );
my %gw = (
version => 2,
mobike => 'no',
proposals => \@ike,
local_addrs => \@l_addrs,
remote_addrs => \@r_addrs,
local => \%l,
remote => \%r,
children => \%children,
);
%vars = ( 'gw-gw' => \%gw);
($res, $errmsg) = $session->load_conn(Vici::Message->new(\%vars));
print $res ? "ok\n" : "failed: $errmsg\n";
=item get_algorithms()
lists all currently loaded algorithms and their implementation.
my $algs = $session->get_algorithms();
=cut
print "----- get-algorithms -----\n";
my $algs = $session->get_algorithms();
print $algs->raw(), "\n";
=item get_conns()
returns a list of connection names loaded exclusively over VICI, not including
connections found in other backends.
my $conns = $session->get_conns();
=cut
print "----- get-conns -----\n";
my $conns = $session->get_conns();
print $conns->raw(), "\n";
=item list_conns()
lists currently loaded connections by streaming list-conn events. This
call includes all connections known by the daemon, not only those loaded
over VICI.
my $conns = $session->list_conns();
foreach my $conn (@$conns)
{
print $conn->raw(), "\n";
}
=cut
print "----- list-conns -----\n";
$conns = $session->list_conns();
foreach my $conn (@$conns)
{
print $conn->raw(), "\n";
}
=item initiate()
initiates a CHILD_SA.
my %vars = ( child => 'net-net' );
my($res, $errmsg) = $session->initiate(Vici::Message->new(\%vars));
=cut
print "----- initiate -----\n";
%vars = ( child => 'net-net' );
($res, $errmsg) = $session->initiate(Vici::Message->new(\%vars));
print $res ? "ok\n" : "failed: $errmsg\n";
=item list_sas()
lists currently active IKE_SAs and associated CHILD_SAs by streaming list-sa
events.
my $sas = $session->list_sas();
foreach my $sa (@$sas)
{
print $sa->raw(), "\n";
}
=cut
print "----- list-sas -----\n";
my $sas = $session->list_sas();
foreach my $sa (@$sas)
{
print $sa->raw(), "\n";
}
=item get_authorities()
returns a list of currently loaded certification authority names.
my $auths = $session->get_authorities();
=cut
print "----- get-authorities -----\n";
my $auths = $session->get_authorities();
print $auths->raw(), "\n";
=item list-authorities()
lists currently loaded certification authority information by streaming
list-authority events.
my $auths = $session->list_authorities();
foreach my $auth (@$auths)
{
print $auth->raw(), "\n";
}
=cut
print "----- list-authorities -----\n";
$auths = $session->list_authorities();
foreach my $auth (@$auths)
{
print $auth->raw(), "\n";
}
=item list_certs()
lists currently loaded certificates by streaming list-cert events. This
call includes all certificates known by the daemon, not only those loaded
over VICI.
my %vars = ( subject => 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' );
my $certs = $session->list_certs(Vici::Message->new(\%vars));
=cut
print "----- list-certs -----\n";
%vars = ( subject => 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' );
my $certs = $session->list_certs(Vici::Message->new(\%vars));
foreach my $cert (@$certs)
{
my $hash = $cert->hash();
print $hash->{'type'}, ": ", length($hash->{'data'}), ' bytes',
$hash->{'has_privkey'} ? ', has private key' : '', "\n";
}
=item stats()
returns IKE daemon statistics and load information.
my $stats = $session->stats();
=cut
print "----- stats -----\n";
my $stats = $session->stats();
print $stats->raw(), "\n";
=item terminate()
terminates an IKE_SA or CHILD_SA.
my %vars = ( ike => 'gw-gw' );
my ($res, $errmsg) = $session->terminate(Vici::Message->new(\%vars));
=cut
print "----- terminate -----\n";
%vars = ( ike => 'gw-gw' );
($res, $errmsg) = $session->terminate(Vici::Message->new(\%vars));
print $res ? "ok\n" : "failed: $errmsg\n";
=item install()
installs a trap, drop or bypass policy defined by a CHILD_SA config.
my %vars = ( child => 'net-net' );
my ($res, $errmsg) = $session->install(Vici::Message->new(\%vars));
=cut
print "----- install -----\n";
%vars = ( child => 'net-net' );
($res, $errmsg) = $session->install(Vici::Message->new(\%vars));
print $res ? "ok\n" : "failed: $errmsg\n";
=item list_policies()
lists currently installed trap, drop and bypass policies by streaming
list-policy events.
my %vars = ( trap => 'yes' );
my $pols = $session->list_policies(Vici::Message->new(\%vars));
foreach my $pol (@$pols)
{
print $pol->raw(), "\n";
}
=cut
print "----- list-policies -----\n";
%vars = ( trap => 'yes' );
my $pols = $session->list_policies(Vici::Message->new(\%vars));
foreach my $pol (@$pols)
{
print $pol->raw(), "\n";
}
=item uninstall()
uninstalls a trap, drop or bypass policy defined by a CHILD_SA config.
my %vars = ( child => 'net-net' );
my ($res, $errmsg) = $session->uninstall(Vici::Message->new(\%vars));
=cut
print "----- uninstall -----\n";
%vars = ( child => 'net-net' );
($res, $errmsg) = $session->uninstall(Vici::Message->new(\%vars));
print $res ? "ok\n" : "failed: $errmsg\n";
=item reload_settings()
reloads strongswan.conf settings and all plugins supporting configuration
reload.
my ($res, $errmsg) = $session->reload_settings();
print $res ? "ok\n" : "failed: $errmsg\n";
=cut
print "----- reload-settings -----\n";
($res, $errmsg) = $session->reload_settings();
print $res ? "ok\n" : "failed: $errmsg\n";
=item unload_conn()
unloads a previously loaded connection definition by name.
my %vars = ( name => 'gw-gw' );
my ($res, $errmsg) = $session->unload_conn(Vici::Message->new(\%vars));
=cut
print "----- unload-conn -----\n";
%vars = ( name => 'gw-gw' );
($res, $errmsg) = $session->unload_conn(Vici::Message->new(\%vars));
print $res ? "ok\n" : "failed: $errmsg\n";
=item unload_authority()
unloads a previously loaded certification authority definition by name.
my %vars = ( name => 'strongswan' );
my ($res, $errmsg) = $session->unload_authority(Vici::Message->new(\%vars));
=cut
print "----- unload-authority -----\n";
%vars = ( name => 'strongswan' );
($res, $errmsg) = $session->unload_authority(Vici::Message->new(\%vars));
print $res ? "ok\n" : "failed: $errmsg\n";
=item clear_creds()
clears all loaded certificate, private key and shared key credentials. This
affects only credentials loaded over vici, but additionally flushes the
credential cache.
my ($res, $errmsg) = $session->clear_creds();
=cut
print "----- clear-creds -----\n";
($res, $errmsg) = $session->clear_creds();
print $res ? "ok\n" : "failed: $errmsg\n";
=item load_pool()
loads an in-memory virtual IP and configuration attribute pool. Existing
pools with the same name get updated, if possible.
my %pool = ( addrs => '10.3.0.0/23' );
my %vars = ( my_pool => \%pool );
my ($res, $errmsg) = $session->load_pool(Vici::Message->new(\%vars));
=cut
print "----- load-pool -----\n";
my %pool = ( addrs => '10.3.0.0/23' );
%vars = ( my_pool => \%pool );
($res, $errmsg) = $session->load_pool(Vici::Message->new(\%vars));
print $res ? "ok\n" : "failed: $errmsg\n";
=item get_pools()
lists the currently loaded pools.
my $pools = $session->get_pools();
=cut
print "----- get-pools -----\n";
my $pools = $session->get_pools();
print $pools->raw(), "\n";
=item unload_pool()
unloads a previously loaded virtual IP and configuration attribute pool.
Unloading fails for pools with leases currently online.
my %vars = ( name => 'my_pool' );
my ($res, $errmsg) = $session->unload_pool(Vici::Message->new(\%vars));
=cut
print "----- unload-pool -----\n";
%vars = ( name => 'my_pool' );
($res, $errmsg) = $session->unload_pool(Vici::Message->new(\%vars));
print $res ? "ok\n" : "failed: $errmsg\n";
=back
=cut
# close vici socket
close($socket);
=head1 COPYRIGHT AND LICENCE
Copyright (c) 2015 Andreas Steffen
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.

61
src/libcharon/plugins/vici/perl/Vici/Message.pm → src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Message.pm
View File

@ -1,12 +1,16 @@
package Vici::Message;
require Exporter;
use AutoLoader qw(AUTOLOAD);
our @ISA = qw(Exporter);
our @EXPORT = qw(new, from_data, hash, encode, raw);
our @VERSION = 0.9;
our @EXPORT = qw(
new, from_data, hash, encode, raw
);
our $VERSION = '0.9';
use strict;
use warnings;
use Switch;
use Vici::Transport;
@ -210,5 +214,58 @@ sub raw_hash {
}
1;
__END__
=head1 NAME
Vici::Message - Perl extension for building and parsing strongSwan VICI messages
=head1 SYNOPSIS
use Vici::Message;
=head1 DESCRIPTION
The Vici::Message module is needed by the Vici::Session module to build and
parse messages used in the communication with the open source strongSwan IPsec
daemon (https://www.strongswan.com) via the documented Versatile IKE
Configuration Interface (VICI). VICI allows the configuration, management and
monitoring of multiple IPsec connections.
=head2 EXPORT
None by default.
=head1 SEE ALSO
strongSwan Wiki: https://wiki.strongswan.org/projects/strongswan/wiki/Vici
strongSwan Mailing list: users@lists.strongswan.org
=head1 AUTHOR
Andreas Steffen, E<lt>andreas.steffen@strongswan.orgE<gt>
=head1 COPYRIGHT AND LICENSE
Copyright (C) 2015 by Andreas Steffen
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
=cut

60
src/libcharon/plugins/vici/perl/Vici/Packet.pm → src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Packet.pm
View File

@ -1,12 +1,16 @@
package Vici::Packet;
require Exporter;
use AutoLoader qw(AUTOLOAD);
our @ISA = qw(Exporter);
our @EXPORT = qw(new, request, register, unregister, streamed_request);
our @VERSION = 0.9;
our @EXPORT = qw(
new, request, register, unregister, streamed_request
);
our $VERSION = '0.9';
use strict;
use warnings;
use Switch;
use Vici::Transport;
@ -146,5 +150,57 @@ sub streamed_request {
}
1;
__END__
=head1 NAME
Vici::Packet - Perl extension for sending and receiving strongSwan VICI packets
=head1 SYNOPSIS
use Vici::Packet;
=head1 DESCRIPTION
The Vici::Packet module is needed by the Vici::Session module to send and
receive packets used in the communication with the open source strongSwan IPsec
daemon (https://www.strongswan.com) via the documented Versatile IKE
Configuration Interface (VICI). VICI allows the configuration, management and
monitoring of multiple IPsec connections.
=head2 EXPORT
None by default.
=head1 SEE ALSO
strongSwan Wiki: https://wiki.strongswan.org/projects/strongswan/wiki/Vici
strongSwan Mailing list: users@lists.strongswan.org
=head1 AUTHOR
Andreas Steffen, E<lt>andreas.steffen@strongswan.orgE<gt>
=head1 COPYRIGHT AND LICENSE
Copyright (C) 2015 by Andreas Steffen
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
=cut

65
src/libcharon/plugins/vici/perl/Vici/Session.pm → src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Session.pm
View File

@ -1,14 +1,18 @@
package Vici::Session;
require Exporter;
use AutoLoader qw(AUTOLOAD);
our @ISA = qw(Exporter);
our @EXPORT = qw(new, version, stats, reload_settings, initiate, list_sas,
list_policies, list_conns, get_conns, list_certs,
list_authorities, get_authorities, get_pools);
our @VERSION = 0.9;
our @EXPORT = qw(
new, version, stats, reload_settings, initiate, list_sas, list_policies,
list_conns, get_conns, list_certs, list_authorities, get_authorities,
get_pools
);
our $VERSION = '0.9';
use strict;
use warnings;
use Vici::Packet;
use Vici::Message;
@ -124,3 +128,56 @@ sub get_pools {
}
1;
__END__
=head1 NAME
Vici::Session - Perl binding for the strongSwan VICI configuration interface
=head1 SYNOPSIS
use Vici::Session;
=head1 DESCRIPTION
The Vici::Session module allows a Perl script to communicate with the open
source strongSwan IPsec daemon (https://www.strongswan.com) via the documented
Versatile IKE Configuration Interface (VICI). VICI allows the configuration,
management and monitoring of multiple IPsec connections.
=head2 EXPORT
None by default.
=head1 SEE ALSO
strongSwan Wiki: https://wiki.strongswan.org/projects/strongswan/wiki/Vici
strongSwan Mailing list: users@lists.strongswan.org
=head1 AUTHOR
Andreas Steffen, E<lt>andreas.steffen@strongswan.orgE<gt>
=head1 COPYRIGHT AND LICENSE
Copyright (C) 2015 by Andreas Steffen
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
=cut

96
src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Transport.pm Normal file
View File

@ -0,0 +1,96 @@
package Vici::Transport;
require Exporter;
use AutoLoader qw(AUTOLOAD);
our @ISA = qw(Exporter);
our @EXPORT = qw(
new, send, receive
);
our $VERSION = '0.9';
use strict;
use warnings;
sub new {
my $class = shift;
my $self = {
Socket => shift,
};
bless($self, $class);
return $self;
}
sub send {
my ($self, $data) = @_;
my $packet = pack('N/a*', $data);
$self->{'Socket'}->send($packet);
}
sub receive {
my $self = shift;
my $packet_header;
my $data;
$self->{'Socket'}->recv($packet_header, 4);
my $packet_len = unpack('N', $packet_header);
$self->{'Socket'}->recv($data, $packet_len);
return $data;
}
1;
__END__
=head1 NAME
Vici::Transport - Perl extension for communicating via a strongSwan VICI socket
=head1 SYNOPSIS
use Vici::Transport;
=head1 DESCRIPTION
The Vici::Transport module is needed by the Vici::Packet module to send
and receive packets over the UNIX socket used in the communication with the
open source strongSwan IPsec daemon (https://www.strongswan.com) via the
documented Versatile IKE Configuration Interface (VICI). VICI allows the
onfiguration, management and monitoring of multiple IPsec connections.
=head2 EXPORT
None by default.
=head1 SEE ALSO
strongSwan Wiki: https://wiki.strongswan.org/projects/strongswan/wiki/Vici
strongSwan Mailing list: users@lists.strongswan.org
=head1 AUTHOR
Andreas Steffen, E<lt>andreas.steffen@strongswan.orgE<gt>
=head1 COPYRIGHT AND LICENSE
Copyright (C) 2015 by Andreas Steffen
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
=cut

18
src/libcharon/plugins/vici/perl/Vici-Session/t/Vici-Session.t Normal file
View File

@ -0,0 +1,18 @@
# Before 'make install' is performed this script should be runnable with
# 'make test'. After 'make install' it should work as 'perl Vici-Session.t'
#########################
# change 'tests => 1' to 'tests => last_test_to_print';
use strict;
use warnings;
use Test::More tests => 1;
BEGIN { use_ok('Vici::Session') };
#########################
# Insert your test code below, the Test::More module is use()ed here so read
# its man page ( perldoc Test::More ) for help writing this test script.

39
src/libcharon/plugins/vici/perl/Vici/Transport.pm
View File

@ -1,39 +0,0 @@
package Vici::Transport;
require Exporter;
our @ISA = qw(Exporter);
our @EXPORT = qw(new, send, receive);
our @VERSION = 0.9;
use strict;
sub new {
my $class = shift;
my $self = {
Socket => shift,
};
bless($self, $class);
return $self;
}
sub send {
my ($self, $data) = @_;
my $packet = pack('N/a*', $data);
$self->{'Socket'}->send($packet);
}
sub receive {
my $self = shift;
my $packet_header;
my $data;
$self->{'Socket'}->recv($packet_header, 4);
my $packet_len = unpack('N', $packet_header);
$self->{'Socket'}->recv($data, $packet_len);
return $data;
}
1;