Built the CPAN file structure for the Vici::Session perl module
This commit is contained in:
parent
a101bce862
commit
a17b6d469c
|
@ -449,6 +449,10 @@ if test x$python_eggs_install = xtrue; then
|
|||
python_eggs=true
|
||||
fi
|
||||
|
||||
if test x$perl_cpan_install = xtrue; then
|
||||
python_cpan=true
|
||||
fi
|
||||
|
||||
# ===========================================
|
||||
# check required libraries and header files
|
||||
# ===========================================
|
||||
|
@ -1249,6 +1253,8 @@ if test x$python_eggs = xtrue; then
|
|||
fi
|
||||
AM_CONDITIONAL(PYTHON_EGGS_INSTALL, [test "x$python_eggs_install" = xtrue])
|
||||
|
||||
AM_CONDITIONAL(PERL_CPAN_INSTALL, [test "x$perl_cpan_install" = xtrue])
|
||||
|
||||
# ===============================================
|
||||
# collect plugin list for strongSwan components
|
||||
# ===============================================
|
||||
|
|
|
@ -1078,3 +1078,43 @@ dictionaries. Objects returned by the library use OrderedDicts.
|
|||
|
||||
For more details about the Python egg refer to the comments in the Python source
|
||||
code.
|
||||
|
||||
# Vici::Session Perl CPAN module #
|
||||
|
||||
The _Vici::Session Perl CPAN module_ is a pure Perl implementation of the VICI
|
||||
protocol to implement client applications. It is provided in the _perl_
|
||||
subdirectory, and gets built and installed if strongSwan has been
|
||||
_./configure_'d with_--enable-vici_ and _--enable-perl-cpan_.
|
||||
|
||||
The _Vici::Session_ module provides a _new()_ constructor for a high level
|
||||
interface, the underlying _Vici::Packet_ and _Vici::Transport_ classes are
|
||||
usually not required to build Perl applications using VICI. The _Vici::Session_
|
||||
class provides methods for the supported VICI commands. The auxiliare
|
||||
_Vici::Message_ class is used to encode configuration parameters sent to
|
||||
the daemon and decode data returned by the daemon.
|
||||
|
||||
## Connecting to the daemon ##
|
||||
|
||||
use IO::Socket::UNIX;
|
||||
use Vici::Session;
|
||||
use Vici::Message;
|
||||
|
||||
my $socket = IO::Socket::UNIX->new(
|
||||
Type => SOCK_STREAM,
|
||||
Peer => '/var/run/charon.vici',
|
||||
) or die "Vici socket: $!";
|
||||
|
||||
my $session = Vici::Session->new($socket);
|
||||
|
||||
## A simple client request ##
|
||||
|
||||
An example to print the daemon version information is as simple as:
|
||||
|
||||
my $version = $session->version()->hash();
|
||||
|
||||
foreach my $key ('daemon', 'version', 'sysname', 'release', 'machine' ) {
|
||||
print $version->{$key}, " ";
|
||||
}
|
||||
|
||||
The _Vici::Session_ methods are explained in the perl/Vici-Session/README.pod
|
||||
document.
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
Makefile.old
|
||||
Vici-Session/MYMETA.json
|
||||
Vici-Session/MYMETA.yml
|
||||
Vici-Session/pm_to_blib
|
||||
Vici-Session/blib/
|
|
@ -1,19 +0,0 @@
|
|||
Copyright (c) 2015 Andreas Steffen
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in
|
||||
all copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||||
THE SOFTWARE.
|
|
@ -1 +0,0 @@
|
|||
include LICENSE
|
|
@ -1,6 +1,27 @@
|
|||
EXTRA_DIST = LICENSE \
|
||||
Vici/Message.pm \
|
||||
Vici/Packet.pm \
|
||||
Vici/Session.pm \
|
||||
Vici/Transport.pm
|
||||
EXTRA_DIST = \
|
||||
Vici-Session/Changes \
|
||||
Vici-Session/Makefile.PL \
|
||||
Vici-Session/MANIFEST \
|
||||
Vici-Session/README.pod \
|
||||
Vici-Session/t/Vici-Session.t \
|
||||
Vici-Session/lib/Vici/Message.pm \
|
||||
Vici-Session/lib/Vici/Packet.pm \
|
||||
Vici-Session/lib/Vici/Session.pm \
|
||||
Vici-Session/lib/Vici/Transport.pm
|
||||
|
||||
all-local: Vici-Session/pm_to_blib
|
||||
|
||||
Vici-Session/Makefile: $(srcdir)/Vici-Session/Makefile.PL
|
||||
(cd $(srcdir)/Vici-Session; $(PERL) Makefile.PL)
|
||||
|
||||
Vici-Session/pm_to_blib: $(EXTRA_DIST) $(srcdir)/Vici-Session/Makefile
|
||||
(cd $(srcdir)/Vici-Session; make)
|
||||
|
||||
clean-local:
|
||||
(cd $(srcdir)/Vici-Session; make clean)
|
||||
|
||||
if PERL_CPAN_INSTALL
|
||||
install-exec-local: Vici-Session/pm_to_blib
|
||||
(cd $(srcdir)/Vici-Session; make install)
|
||||
endif
|
||||
|
||||
|
|
|
@ -0,0 +1,6 @@
|
|||
Revision history for Perl extension Vici::Session.
|
||||
|
||||
0.9 Tue Nov 17 11:45:21 2015
|
||||
- original version; created by h2xs 1.23 with options
|
||||
-X -n Vici::Session
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
Changes
|
||||
Makefile.PL
|
||||
MANIFEST
|
||||
README.pod
|
||||
t/Vici-Session.t
|
||||
lib/Vici/Session.pm
|
||||
lib/Vici/Message.pm
|
||||
lib/Vici/Packet.pm
|
||||
lib/Vici/Transport.pm
|
|
@ -0,0 +1,11 @@
|
|||
use ExtUtils::MakeMaker;
|
||||
# See lib/ExtUtils/MakeMaker.pm for details of how to influence
|
||||
# the contents of the Makefile that is written.
|
||||
WriteMakefile(
|
||||
NAME => 'Vici::Session',
|
||||
VERSION_FROM => 'lib/Vici/Session.pm', # finds $VERSION
|
||||
PREREQ_PM => {}, # e.g., Module::Name => 1.1
|
||||
($] >= 5.005 ? ## Add these new keywords supported since 5.005
|
||||
(ABSTRACT_FROM => 'lib/Vici/Session.pm', # retrieve abstract from module
|
||||
AUTHOR => 'Andreas Steffen <andreas.steffen@>strongswan.org') : ()),
|
||||
);
|
|
@ -0,0 +1,649 @@
|
|||
|
||||
=head1 NAME
|
||||
|
||||
Vici::Session - Perl binding for the strongSwan VICI configuration interface
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
The Vici::Session module allows a Perl script to communicate with the open
|
||||
source strongSwan IPsec daemon (https://www.strongswan.org) via the documented
|
||||
Versatile IKE Configuration Interface (VICI). VICI allows the configuration,
|
||||
management and monitoring of multiple IPsec connections.
|
||||
|
||||
=head1 INSTALLATION
|
||||
|
||||
To install this module type the following:
|
||||
|
||||
perl Makefile.PL
|
||||
make
|
||||
make install
|
||||
|
||||
=head1 DEPENDENCIES
|
||||
|
||||
This module requires the standard networking module:
|
||||
|
||||
IO::Socket::UNIX
|
||||
|
||||
=head1 METHODS
|
||||
|
||||
The following examples show the use of the Vici::Session interface in a
|
||||
a "net-net" connection between the VPN gateways "moon" and "sun".
|
||||
|
||||
=cut
|
||||
|
||||
use strict;
|
||||
use warnings;
|
||||
use IO::Socket::UNIX;
|
||||
use Vici::Message;
|
||||
use Vici::Session;
|
||||
|
||||
my $moon_key = "-----BEGIN RSA PRIVATE KEY-----\n" .
|
||||
"MIIEowIBAAKCAQEApHwF+sUXQdH+WwYzdPMzpjuwhGGvHgsmBah1IQsPsddL9gZy" .
|
||||
"gerzpTM1vvQ4kbRuvE3SZWLf9uKEbiQV9IABr87L9JAva56EHIAiUMuG8WizVbIK" .
|
||||
"IhQlZc8S2mIwAW0Jc6EmnoJv9j6F/tVD9+6xvMJbwHLi0h7BUO9tBVLPy72YeGNB" .
|
||||
"Y6Cob4CrOuFOJyACezJ7i9vZ+XzOfnXpu7qL0DgYP/n2maPEJGEivTFunkJD/mJ8" .
|
||||
"DecyLTQcchsCj2118BMuf2qjVn4UWPCBBuhyYK5wsATB1ANeAtlFfgH+wsuHjZwt" .
|
||||
"TJru05lGHBZ3F2hZ9PO68hVHbIZZj6SB8X47nwIDAQABAoIBAAQDXqX6rxGVDQ6t" .
|
||||
"fQ3qbSUuKaVhOMOT5A6ZSJpQycY+CYVsLNkMoXszX6lUDhlH/Letcme03OAKMM77" .
|
||||
"JGn9wYzHj+RcrDuE95Y2bh/oh1dWhaGeoW6pbSwpvD0FzkQKpANlOCr/5bltVxmb" .
|
||||
"nHftI/sGBvUQGIal53ORE+jgV1+SK6I0oAIWiCpU2oZpYMAtp7WxOngsAJaGtk//" .
|
||||
"m2ckH+T8uVHwe9gJ9HZnEk+Io6BXScMNNrsbd2J+pQ75wQXfzHEzHAj+ElhWzhtc" .
|
||||
"5XefqHw/DfpPDX/lby3VoSoagqzsVuUx7LylgzIDxTsb9HQVOLjDzOQ+vn22Xj7g" .
|
||||
"UCEjwLkCgYEA2EZguuzJdxRIWBSnIyzpCzfqm0EgybpeLuJVfzWla0yKWI6AeLhW" .
|
||||
"cr+7o9UE8nCQHVffIrgjWksjc/S5FhzC9TYSHpPa8TPgebTQK4VxnP9Qkh/XRpJj" .
|
||||
"CqgJ8k2MYleHYxa+AKQv/25yNhLdowkNR0iU1kbiaYRJMP0WigAmdAUCgYEAwrJe" .
|
||||
"Y3LAawOkalJFMFTtLXsqZE91TFwMt9TQnzysGH3Q6+9N+qypS5KCes650+qgrwBV" .
|
||||
"RmRNc1ixylToP3B0BKY5OD/BwMx1L/zSO3x7I4ZDasCu33y2ukGLcVSxrxTPTGdd" .
|
||||
"8fhEiVO1CDXcM08/kSeQa049J8ziY3M+4NDchlMCgYEAw2VCO1923Tjb64gtQOBw" .
|
||||
"ZAxOz5nVz6urL9yYted33is2yq9kbqzMnbuQAYKRh6Ae9APRuwJ2HjvIehjdp5aw" .
|
||||
"pO4HDM00f7sI0ayEbu2PKfKZjotp6X6UMKqE4f8iGC9QSDvhyZ6NJs9YLHZ6+7NP" .
|
||||
"5dkzbyx3njFAFxxxYpikJSkCgYByShB8YlUvvKCcRRUWbRQZWa6l2brqizJwCz43" .
|
||||
"636+lcS5au2klAyBL0zm2Elfa+DNOe3U93Y7mrorIrJ+4v1H6We3bD3JdnvoIooq" .
|
||||
"n0UNsngKx3cf++6r4WQAsA3pz9ZsbFVKgEmDL58aZbuQZxnSlJ4DT5c4sN3IMVOc" .
|
||||
"1x5MvwKBgHudAaLvioIopBpYzOsK2OtEn6NQ7SwH0BLEUulHysaHqan5oExmM1bm" .
|
||||
"YeivMDc9hj0YLXA47ryQHTx4vB5Nv3TI/LoUG6VrCvZvocQOXe/n7TguwAjJj7ef" .
|
||||
"E55Gy8lXDRENyJMP1vif3N2iH8eQ1ASf8k/+gnBNkjSlYSSQUDfV\n" .
|
||||
"-----END RSA PRIVATE KEY-----\n";
|
||||
|
||||
my $moon_cert = "-----BEGIN CERTIFICATE-----\n" .
|
||||
"MIIEIjCCAwqgAwIBAgIBKzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ" .
|
||||
"MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS" .
|
||||
"b290IENBMB4XDTE0MDgyNzE0NDQ1NloXDTE5MDgyNjE0NDQ1NlowRjELMAkGA1UE" .
|
||||
"BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHDAaBgNVBAMTE21vb24u" .
|
||||
"c3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCk" .
|
||||
"fAX6xRdB0f5bBjN08zOmO7CEYa8eCyYFqHUhCw+x10v2BnKB6vOlMzW+9DiRtG68" .
|
||||
"TdJlYt/24oRuJBX0gAGvzsv0kC9rnoQcgCJQy4bxaLNVsgoiFCVlzxLaYjABbQlz" .
|
||||
"oSaegm/2PoX+1UP37rG8wlvAcuLSHsFQ720FUs/LvZh4Y0FjoKhvgKs64U4nIAJ7" .
|
||||
"MnuL29n5fM5+dem7uovQOBg/+faZo8QkYSK9MW6eQkP+YnwN5zItNBxyGwKPbXXw" .
|
||||
"Ey5/aqNWfhRY8IEG6HJgrnCwBMHUA14C2UV+Af7Cy4eNnC1Mmu7TmUYcFncXaFn0" .
|
||||
"87ryFUdshlmPpIHxfjufAgMBAAGjggEaMIIBFjAJBgNVHRMEAjAAMAsGA1UdDwQE" .
|
||||
"AwIDqDAdBgNVHQ4EFgQU2CY9Iex8275aOQxbcMsDgCHerhMwbQYDVR0jBGYwZIAU" .
|
||||
"XafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkwFwYDVQQK" .
|
||||
"ExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJvb3QgQ0GC" .
|
||||
"AQAwHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzATBgNVHSUEDDAKBggr" .
|
||||
"BgEFBQcDATA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u" .
|
||||
"b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCpnj6Nc+PuPLPi" .
|
||||
"4E3g5hyJkr5VZy7SSglcs1uyVP2mfwj6JR9SLd5+JOsL1aCTm0y9qLcqdbHBxG8i" .
|
||||
"LNLtwVKU3s1hV4EIO3saHe4XUEjxN9bDtLWEoeq5ipmYX8RJ/fXKR8/8vurBARP2" .
|
||||
"xu1+wqwEhymp4jBmF0LVovT1+o+GhH66zIJnx3zR9BtfMkaeL6804hrx2ygeopeo" .
|
||||
"buGvMDQ8HcnMB9OU7Y8fK0oY1kULl6hf36K5ApPA6766sRRKRvBSKlmViKSQTq5a" .
|
||||
"4c8gCWAZbtdT+N/fa8hKDlZt5q10EgjTqDfGTj50xKvAneq7XdfKmYYGnIWoNLY9" .
|
||||
"ga8NOzX8\n" .
|
||||
"-----END CERTIFICATE-----\n";
|
||||
|
||||
my $ca_cert = "-----BEGIN CERTIFICATE-----\n" .
|
||||
"MIIDuDCCAqCgAwIBAgIBADANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ" .
|
||||
"MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS" .
|
||||
"b290IENBMB4XDTA0MDkxMDEwMDExOFoXDTE5MDkwNzEwMDExOFowRTELMAkGA1UE" .
|
||||
"BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9u" .
|
||||
"Z1N3YW4gUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL/y" .
|
||||
"X2LqPVZuWLPIeknK86xhz6ljd3NNhC2z+P1uoCP3sBMuZiZQEjFzhnKcbXxCeo2f" .
|
||||
"FnvhOOjrrisSuVkzuu82oxXD3fIkzuS7m9V4E10EZzgmKWIf+WuNRfbgAuUINmLc" .
|
||||
"4YGAXBQLPyzpP4Ou48hhz/YQo58Bics6PHy5v34qCVROIXDvqhj91P8g+pS+F21/" .
|
||||
"7P+CH2jRcVIEHZtG8M/PweTPQ95dPzpYd2Ov6SZ/U7EWmbMmT8VcUYn1aChxFmy5" .
|
||||
"gweVBWlkH6MP+1DeE0/tL5c87xo5KCeGK8Tdqpe7sBRC4pPEEHDQciTUvkeuJ1Pr" .
|
||||
"K+1LwdqRxo7HgMRiDw8CAwEAAaOBsjCBrzASBgNVHRMBAf8ECDAGAQH/AgEBMAsG" .
|
||||
"A1UdDwQEAwIBBjAdBgNVHQ4EFgQUXafdcAZRMn7ntm2zteXgYOouTe8wbQYDVR0j" .
|
||||
"BGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkw" .
|
||||
"FwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJv" .
|
||||
"b3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACOSmqEBtBLR9aV3UyCI8gmzR5in" .
|
||||
"Lte9aUXXS+qis6F2h2Stf4sN+Nl6Gj7REC6SpfEH4wWdwiUL5J0CJhyoOjQuDl3n" .
|
||||
"1Dw3dE4/zqMZdyDKEYTU75TmvusNJBdGsLkrf7EATAjoi/nrTOYPPhSUZvPp/D+Y" .
|
||||
"vORJ9Ej51GXlK1nwEB5iA8+tDYniNQn6BD1MEgIejzK+fbiy7braZB1kqhoEr2Si" .
|
||||
"7luBSnU912sw494E88a2EWbmMvg2TVHPNzCpVkpNk7kifCiwmw9VldkqYy9y/lCa" .
|
||||
"Epyp7lTfKw7cbD04Vk8QJW782L6Csuxkl346b17wmOqn8AZips3tFsuAY3w=\n" .
|
||||
"-----END CERTIFICATE-----\n" ;
|
||||
|
||||
=pod
|
||||
|
||||
The VICI interface requires a UNIX socket in order to communicate with the
|
||||
strongSwan charon daemon:
|
||||
|
||||
use IO::Socket::UNIX;
|
||||
|
||||
my $socket = IO::Socket::UNIX->new(
|
||||
Type => SOCK_STREAM,
|
||||
Peer => '/var/run/charon.vici',
|
||||
) or die "Vici socket: $!";
|
||||
|
||||
=cut
|
||||
|
||||
my $socket = IO::Socket::UNIX->new(
|
||||
Type => SOCK_STREAM,
|
||||
Peer => '/var/run/charon.vici',
|
||||
) or die "Vici socket: $!";
|
||||
|
||||
=over
|
||||
|
||||
=item new()
|
||||
|
||||
creates a new Vici::Session object.
|
||||
|
||||
use Vici::Session;
|
||||
use Vici::Message;
|
||||
|
||||
my $session = Vici::Session->new($socket);
|
||||
|
||||
=cut
|
||||
|
||||
my $session = Vici::Session->new($socket);
|
||||
|
||||
=item version()
|
||||
|
||||
returns daemon and system specific version information.
|
||||
|
||||
my $version = $session->version();
|
||||
|
||||
=cut
|
||||
|
||||
print "----- version -----\n";
|
||||
my $version = $session->version();
|
||||
print $version->raw(), "\n";
|
||||
|
||||
=item load_cert()
|
||||
|
||||
loads a certificate into the daemon.
|
||||
|
||||
my %vars = ( type => 'X509CA', data => $ca_cert );
|
||||
my ($res, $errmsg) = $session->load_cert(Vici::Message->new(\%vars));
|
||||
|
||||
=cut
|
||||
|
||||
print "----- load-cert -----\n";
|
||||
my %vars = ( type => 'X509CA', data => $ca_cert );
|
||||
my ($res, $errmsg) = $session->load_cert(Vici::Message->new(\%vars));
|
||||
print $res ? "ok\n" : "failed: $errmsg\n";
|
||||
|
||||
=item load_key()
|
||||
|
||||
loads a private key into the daemon.
|
||||
|
||||
my %vars = ( type => 'RSA', data => $moon_key );
|
||||
my ($res, $errmsg) = $session->load_key(Vici::Message->new(\%vars));
|
||||
|
||||
=cut
|
||||
|
||||
print "----- load-key -----\n";
|
||||
%vars = ( type => 'RSA', data => $moon_key );
|
||||
($res, $errmsg) = $session->load_key(Vici::Message->new(\%vars));
|
||||
print $res ? "ok\n" : "failed: $errmsg\n";
|
||||
|
||||
=item load_shared()
|
||||
|
||||
loads a shared IKE PSK, EAP or XAuth secret into the daemon.
|
||||
|
||||
my @owners = ( 'carol' );
|
||||
my %vars = ( type => 'EAP', data => 'Ar3etTnp', owners => \@owners );
|
||||
my ($res, $errmsg) = $session->load_shared(Vici::Message->new(\%vars));
|
||||
|
||||
=cut
|
||||
|
||||
print "----- load-shared -----\n";
|
||||
my @owners = ( 'carol' );
|
||||
%vars = ( type => 'EAP', data => 'Ar3etTnp', owners => \@owners );
|
||||
($res, $errmsg) = $session->load_shared(Vici::Message->new(\%vars));
|
||||
print $res ? "ok\n" : "failed: $errmsg\n";
|
||||
|
||||
=item load_authority()
|
||||
|
||||
loads a single certification authority definition into the daemon. An existing
|
||||
authority with the same name gets replaced.
|
||||
|
||||
my @crl_uris = ( 'http://crl.strongswan.org/strongswan.crl' );
|
||||
my @ocsp_uris = ( 'http://ocsp.strongswan.org:8880' );
|
||||
|
||||
my %auth = (
|
||||
cacert => $ca_cert,
|
||||
crl_uris => \@crl_uris,
|
||||
ocsp_uris => \@ocsp_uris
|
||||
);
|
||||
|
||||
my %vars = ( strongswan => \%auth );
|
||||
my ($res, $errmsg) = $session->load_authority(Vici::Message->new(\%vars));
|
||||
|
||||
=cut
|
||||
|
||||
print "----- load-authority -----\n";
|
||||
my @crl_uris = ( 'http://crl.strongswan.org/strongswan.crl' );
|
||||
my @ocsp_uris = ( 'http://ocsp.strongswan.org:8880' );
|
||||
my %auth = (
|
||||
cacert => $ca_cert,
|
||||
crl_uris => \@crl_uris,
|
||||
ocsp_uris => \@ocsp_uris
|
||||
);
|
||||
%vars = ( strongswan => \%auth );
|
||||
($res, $errmsg) = $session->load_authority(Vici::Message->new(\%vars));
|
||||
print $res ? "ok\n" : "failed: $errmsg\n";
|
||||
|
||||
=item load_conn()
|
||||
|
||||
loads a single connection definition into the daemon. An existing connection
|
||||
with the same name gets updated or replaced.
|
||||
|
||||
my @l_ts = ( '10.1.0.0/16' );
|
||||
my @r_ts = ( '10.2.0.0/16' );
|
||||
my @esp = ( 'aes128gcm128-modp2048' );
|
||||
|
||||
my %child = (
|
||||
local_ts => \@l_ts,
|
||||
remote_ts => \@r_ts,
|
||||
esp_proposals => \@esp,
|
||||
);
|
||||
my %children = ( 'net-net' => \%child );
|
||||
|
||||
my @l_addrs = ( '192.168.0.1' );
|
||||
my @r_addrs = ( '192.168.0.2' );
|
||||
my @l_certs = ( $moon_cert );
|
||||
my %l = ( auth => 'pubkey', id => 'moon.strongswan.org',
|
||||
certs => \@l_certs );
|
||||
my %r = ( auth => 'pubkey', id => 'sun.strongswan.org');
|
||||
my @ike = ( 'aes128-sha256-modp2048' );
|
||||
|
||||
my %gw = (
|
||||
version => 2,
|
||||
mobike => 'no',
|
||||
proposals => \@ike,
|
||||
local_addrs => \@l_addrs,
|
||||
remote_addrs => \@r_addrs,
|
||||
local => \%l,
|
||||
remote => \%r,
|
||||
children => \%children,
|
||||
);
|
||||
|
||||
my %vars = ( 'gw-gw' => \%gw);
|
||||
my ($res, $errmsg) = $session->load_conn(Vici::Message->new(\%vars));
|
||||
|
||||
=cut
|
||||
|
||||
print "----- load-conn -----\n";
|
||||
my @l_ts = ( '10.1.0.0/16' );
|
||||
my @r_ts = ( '10.2.0.0/16' );
|
||||
my @esp = ( 'aes128gcm128-modp2048' );
|
||||
my %child = (
|
||||
local_ts => \@l_ts,
|
||||
remote_ts => \@r_ts,
|
||||
esp_proposals => \@esp,
|
||||
);
|
||||
my %children = ( 'net-net' => \%child );
|
||||
my @l_addrs = ( '192.168.0.1' );
|
||||
my @r_addrs = ( '192.168.0.2' );
|
||||
my @l_certs = ( $moon_cert );
|
||||
my %l = ( auth => 'pubkey', id => 'moon.strongswan.org', certs => \@l_certs );
|
||||
my %r = ( auth => 'pubkey', id => 'sun.strongswan.org');
|
||||
my @ike = ( 'aes128-sha256-modp2048' );
|
||||
my %gw = (
|
||||
version => 2,
|
||||
mobike => 'no',
|
||||
proposals => \@ike,
|
||||
local_addrs => \@l_addrs,
|
||||
remote_addrs => \@r_addrs,
|
||||
local => \%l,
|
||||
remote => \%r,
|
||||
children => \%children,
|
||||
);
|
||||
%vars = ( 'gw-gw' => \%gw);
|
||||
($res, $errmsg) = $session->load_conn(Vici::Message->new(\%vars));
|
||||
print $res ? "ok\n" : "failed: $errmsg\n";
|
||||
|
||||
=item get_algorithms()
|
||||
|
||||
lists all currently loaded algorithms and their implementation.
|
||||
|
||||
my $algs = $session->get_algorithms();
|
||||
|
||||
=cut
|
||||
|
||||
print "----- get-algorithms -----\n";
|
||||
my $algs = $session->get_algorithms();
|
||||
print $algs->raw(), "\n";
|
||||
|
||||
=item get_conns()
|
||||
|
||||
returns a list of connection names loaded exclusively over VICI, not including
|
||||
connections found in other backends.
|
||||
|
||||
my $conns = $session->get_conns();
|
||||
|
||||
=cut
|
||||
|
||||
print "----- get-conns -----\n";
|
||||
my $conns = $session->get_conns();
|
||||
print $conns->raw(), "\n";
|
||||
|
||||
=item list_conns()
|
||||
|
||||
lists currently loaded connections by streaming list-conn events. This
|
||||
call includes all connections known by the daemon, not only those loaded
|
||||
over VICI.
|
||||
|
||||
my $conns = $session->list_conns();
|
||||
|
||||
foreach my $conn (@$conns)
|
||||
{
|
||||
print $conn->raw(), "\n";
|
||||
}
|
||||
|
||||
=cut
|
||||
|
||||
print "----- list-conns -----\n";
|
||||
$conns = $session->list_conns();
|
||||
foreach my $conn (@$conns)
|
||||
{
|
||||
print $conn->raw(), "\n";
|
||||
}
|
||||
|
||||
=item initiate()
|
||||
|
||||
initiates a CHILD_SA.
|
||||
|
||||
my %vars = ( child => 'net-net' );
|
||||
my($res, $errmsg) = $session->initiate(Vici::Message->new(\%vars));
|
||||
|
||||
=cut
|
||||
|
||||
print "----- initiate -----\n";
|
||||
%vars = ( child => 'net-net' );
|
||||
($res, $errmsg) = $session->initiate(Vici::Message->new(\%vars));
|
||||
print $res ? "ok\n" : "failed: $errmsg\n";
|
||||
|
||||
=item list_sas()
|
||||
|
||||
lists currently active IKE_SAs and associated CHILD_SAs by streaming list-sa
|
||||
events.
|
||||
|
||||
my $sas = $session->list_sas();
|
||||
|
||||
foreach my $sa (@$sas)
|
||||
{
|
||||
print $sa->raw(), "\n";
|
||||
}
|
||||
|
||||
=cut
|
||||
|
||||
print "----- list-sas -----\n";
|
||||
my $sas = $session->list_sas();
|
||||
foreach my $sa (@$sas)
|
||||
{
|
||||
print $sa->raw(), "\n";
|
||||
}
|
||||
|
||||
=item get_authorities()
|
||||
|
||||
returns a list of currently loaded certification authority names.
|
||||
|
||||
my $auths = $session->get_authorities();
|
||||
|
||||
=cut
|
||||
|
||||
print "----- get-authorities -----\n";
|
||||
my $auths = $session->get_authorities();
|
||||
print $auths->raw(), "\n";
|
||||
|
||||
=item list-authorities()
|
||||
|
||||
lists currently loaded certification authority information by streaming
|
||||
list-authority events.
|
||||
|
||||
my $auths = $session->list_authorities();
|
||||
|
||||
foreach my $auth (@$auths)
|
||||
{
|
||||
print $auth->raw(), "\n";
|
||||
}
|
||||
|
||||
=cut
|
||||
|
||||
print "----- list-authorities -----\n";
|
||||
$auths = $session->list_authorities();
|
||||
foreach my $auth (@$auths)
|
||||
{
|
||||
print $auth->raw(), "\n";
|
||||
}
|
||||
|
||||
=item list_certs()
|
||||
|
||||
lists currently loaded certificates by streaming list-cert events. This
|
||||
call includes all certificates known by the daemon, not only those loaded
|
||||
over VICI.
|
||||
|
||||
my %vars = ( subject => 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' );
|
||||
my $certs = $session->list_certs(Vici::Message->new(\%vars));
|
||||
|
||||
=cut
|
||||
|
||||
print "----- list-certs -----\n";
|
||||
%vars = ( subject => 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' );
|
||||
my $certs = $session->list_certs(Vici::Message->new(\%vars));
|
||||
foreach my $cert (@$certs)
|
||||
{
|
||||
my $hash = $cert->hash();
|
||||
print $hash->{'type'}, ": ", length($hash->{'data'}), ' bytes',
|
||||
$hash->{'has_privkey'} ? ', has private key' : '', "\n";
|
||||
}
|
||||
|
||||
=item stats()
|
||||
|
||||
returns IKE daemon statistics and load information.
|
||||
|
||||
my $stats = $session->stats();
|
||||
|
||||
=cut
|
||||
|
||||
print "----- stats -----\n";
|
||||
my $stats = $session->stats();
|
||||
print $stats->raw(), "\n";
|
||||
|
||||
=item terminate()
|
||||
|
||||
terminates an IKE_SA or CHILD_SA.
|
||||
|
||||
my %vars = ( ike => 'gw-gw' );
|
||||
my ($res, $errmsg) = $session->terminate(Vici::Message->new(\%vars));
|
||||
|
||||
=cut
|
||||
|
||||
print "----- terminate -----\n";
|
||||
%vars = ( ike => 'gw-gw' );
|
||||
($res, $errmsg) = $session->terminate(Vici::Message->new(\%vars));
|
||||
print $res ? "ok\n" : "failed: $errmsg\n";
|
||||
|
||||
=item install()
|
||||
|
||||
installs a trap, drop or bypass policy defined by a CHILD_SA config.
|
||||
|
||||
my %vars = ( child => 'net-net' );
|
||||
my ($res, $errmsg) = $session->install(Vici::Message->new(\%vars));
|
||||
|
||||
=cut
|
||||
|
||||
print "----- install -----\n";
|
||||
%vars = ( child => 'net-net' );
|
||||
($res, $errmsg) = $session->install(Vici::Message->new(\%vars));
|
||||
print $res ? "ok\n" : "failed: $errmsg\n";
|
||||
|
||||
=item list_policies()
|
||||
|
||||
lists currently installed trap, drop and bypass policies by streaming
|
||||
list-policy events.
|
||||
|
||||
my %vars = ( trap => 'yes' );
|
||||
my $pols = $session->list_policies(Vici::Message->new(\%vars));
|
||||
|
||||
foreach my $pol (@$pols)
|
||||
{
|
||||
print $pol->raw(), "\n";
|
||||
}
|
||||
|
||||
=cut
|
||||
|
||||
print "----- list-policies -----\n";
|
||||
%vars = ( trap => 'yes' );
|
||||
my $pols = $session->list_policies(Vici::Message->new(\%vars));
|
||||
foreach my $pol (@$pols)
|
||||
{
|
||||
print $pol->raw(), "\n";
|
||||
}
|
||||
|
||||
=item uninstall()
|
||||
|
||||
uninstalls a trap, drop or bypass policy defined by a CHILD_SA config.
|
||||
|
||||
my %vars = ( child => 'net-net' );
|
||||
my ($res, $errmsg) = $session->uninstall(Vici::Message->new(\%vars));
|
||||
|
||||
=cut
|
||||
|
||||
print "----- uninstall -----\n";
|
||||
%vars = ( child => 'net-net' );
|
||||
($res, $errmsg) = $session->uninstall(Vici::Message->new(\%vars));
|
||||
print $res ? "ok\n" : "failed: $errmsg\n";
|
||||
|
||||
=item reload_settings()
|
||||
|
||||
reloads strongswan.conf settings and all plugins supporting configuration
|
||||
reload.
|
||||
|
||||
my ($res, $errmsg) = $session->reload_settings();
|
||||
print $res ? "ok\n" : "failed: $errmsg\n";
|
||||
|
||||
=cut
|
||||
|
||||
print "----- reload-settings -----\n";
|
||||
($res, $errmsg) = $session->reload_settings();
|
||||
print $res ? "ok\n" : "failed: $errmsg\n";
|
||||
|
||||
=item unload_conn()
|
||||
|
||||
unloads a previously loaded connection definition by name.
|
||||
|
||||
my %vars = ( name => 'gw-gw' );
|
||||
my ($res, $errmsg) = $session->unload_conn(Vici::Message->new(\%vars));
|
||||
|
||||
=cut
|
||||
|
||||
print "----- unload-conn -----\n";
|
||||
%vars = ( name => 'gw-gw' );
|
||||
($res, $errmsg) = $session->unload_conn(Vici::Message->new(\%vars));
|
||||
print $res ? "ok\n" : "failed: $errmsg\n";
|
||||
|
||||
=item unload_authority()
|
||||
|
||||
unloads a previously loaded certification authority definition by name.
|
||||
|
||||
my %vars = ( name => 'strongswan' );
|
||||
my ($res, $errmsg) = $session->unload_authority(Vici::Message->new(\%vars));
|
||||
|
||||
=cut
|
||||
|
||||
print "----- unload-authority -----\n";
|
||||
%vars = ( name => 'strongswan' );
|
||||
($res, $errmsg) = $session->unload_authority(Vici::Message->new(\%vars));
|
||||
print $res ? "ok\n" : "failed: $errmsg\n";
|
||||
|
||||
=item clear_creds()
|
||||
|
||||
clears all loaded certificate, private key and shared key credentials. This
|
||||
affects only credentials loaded over vici, but additionally flushes the
|
||||
credential cache.
|
||||
|
||||
my ($res, $errmsg) = $session->clear_creds();
|
||||
|
||||
=cut
|
||||
|
||||
print "----- clear-creds -----\n";
|
||||
($res, $errmsg) = $session->clear_creds();
|
||||
print $res ? "ok\n" : "failed: $errmsg\n";
|
||||
|
||||
=item load_pool()
|
||||
|
||||
loads an in-memory virtual IP and configuration attribute pool. Existing
|
||||
pools with the same name get updated, if possible.
|
||||
|
||||
my %pool = ( addrs => '10.3.0.0/23' );
|
||||
my %vars = ( my_pool => \%pool );
|
||||
my ($res, $errmsg) = $session->load_pool(Vici::Message->new(\%vars));
|
||||
|
||||
=cut
|
||||
|
||||
print "----- load-pool -----\n";
|
||||
my %pool = ( addrs => '10.3.0.0/23' );
|
||||
%vars = ( my_pool => \%pool );
|
||||
($res, $errmsg) = $session->load_pool(Vici::Message->new(\%vars));
|
||||
print $res ? "ok\n" : "failed: $errmsg\n";
|
||||
|
||||
=item get_pools()
|
||||
|
||||
lists the currently loaded pools.
|
||||
|
||||
my $pools = $session->get_pools();
|
||||
|
||||
=cut
|
||||
|
||||
print "----- get-pools -----\n";
|
||||
my $pools = $session->get_pools();
|
||||
print $pools->raw(), "\n";
|
||||
|
||||
=item unload_pool()
|
||||
|
||||
unloads a previously loaded virtual IP and configuration attribute pool.
|
||||
Unloading fails for pools with leases currently online.
|
||||
|
||||
my %vars = ( name => 'my_pool' );
|
||||
my ($res, $errmsg) = $session->unload_pool(Vici::Message->new(\%vars));
|
||||
|
||||
=cut
|
||||
|
||||
print "----- unload-pool -----\n";
|
||||
%vars = ( name => 'my_pool' );
|
||||
($res, $errmsg) = $session->unload_pool(Vici::Message->new(\%vars));
|
||||
print $res ? "ok\n" : "failed: $errmsg\n";
|
||||
|
||||
=back
|
||||
|
||||
=cut
|
||||
|
||||
# close vici socket
|
||||
close($socket);
|
||||
|
||||
=head1 COPYRIGHT AND LICENCE
|
||||
|
||||
Copyright (c) 2015 Andreas Steffen
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in
|
||||
all copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||||
THE SOFTWARE.
|
||||
|
|
@ -1,12 +1,16 @@
|
|||
package Vici::Message;
|
||||
|
||||
require Exporter;
|
||||
use AutoLoader qw(AUTOLOAD);
|
||||
|
||||
our @ISA = qw(Exporter);
|
||||
our @EXPORT = qw(new, from_data, hash, encode, raw);
|
||||
our @VERSION = 0.9;
|
||||
our @EXPORT = qw(
|
||||
new, from_data, hash, encode, raw
|
||||
);
|
||||
our $VERSION = '0.9';
|
||||
|
||||
use strict;
|
||||
use warnings;
|
||||
use Switch;
|
||||
use Vici::Transport;
|
||||
|
||||
|
@ -210,5 +214,58 @@ sub raw_hash {
|
|||
}
|
||||
|
||||
1;
|
||||
__END__
|
||||
=head1 NAME
|
||||
|
||||
Vici::Message - Perl extension for building and parsing strongSwan VICI messages
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
use Vici::Message;
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
The Vici::Message module is needed by the Vici::Session module to build and
|
||||
parse messages used in the communication with the open source strongSwan IPsec
|
||||
daemon (https://www.strongswan.com) via the documented Versatile IKE
|
||||
Configuration Interface (VICI). VICI allows the configuration, management and
|
||||
monitoring of multiple IPsec connections.
|
||||
|
||||
=head2 EXPORT
|
||||
|
||||
None by default.
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
strongSwan Wiki: https://wiki.strongswan.org/projects/strongswan/wiki/Vici
|
||||
|
||||
strongSwan Mailing list: users@lists.strongswan.org
|
||||
|
||||
=head1 AUTHOR
|
||||
|
||||
Andreas Steffen, E<lt>andreas.steffen@strongswan.orgE<gt>
|
||||
|
||||
=head1 COPYRIGHT AND LICENSE
|
||||
|
||||
Copyright (C) 2015 by Andreas Steffen
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in
|
||||
all copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||||
THE SOFTWARE.
|
||||
|
||||
=cut
|
||||
|
|
@ -1,12 +1,16 @@
|
|||
package Vici::Packet;
|
||||
|
||||
require Exporter;
|
||||
use AutoLoader qw(AUTOLOAD);
|
||||
|
||||
our @ISA = qw(Exporter);
|
||||
our @EXPORT = qw(new, request, register, unregister, streamed_request);
|
||||
our @VERSION = 0.9;
|
||||
our @EXPORT = qw(
|
||||
new, request, register, unregister, streamed_request
|
||||
);
|
||||
our $VERSION = '0.9';
|
||||
|
||||
use strict;
|
||||
use warnings;
|
||||
use Switch;
|
||||
use Vici::Transport;
|
||||
|
||||
|
@ -146,5 +150,57 @@ sub streamed_request {
|
|||
}
|
||||
|
||||
1;
|
||||
__END__
|
||||
=head1 NAME
|
||||
|
||||
Vici::Packet - Perl extension for sending and receiving strongSwan VICI packets
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
use Vici::Packet;
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
The Vici::Packet module is needed by the Vici::Session module to send and
|
||||
receive packets used in the communication with the open source strongSwan IPsec
|
||||
daemon (https://www.strongswan.com) via the documented Versatile IKE
|
||||
Configuration Interface (VICI). VICI allows the configuration, management and
|
||||
monitoring of multiple IPsec connections.
|
||||
|
||||
=head2 EXPORT
|
||||
|
||||
None by default.
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
strongSwan Wiki: https://wiki.strongswan.org/projects/strongswan/wiki/Vici
|
||||
|
||||
strongSwan Mailing list: users@lists.strongswan.org
|
||||
|
||||
=head1 AUTHOR
|
||||
|
||||
Andreas Steffen, E<lt>andreas.steffen@strongswan.orgE<gt>
|
||||
|
||||
=head1 COPYRIGHT AND LICENSE
|
||||
|
||||
Copyright (C) 2015 by Andreas Steffen
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in
|
||||
all copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||||
THE SOFTWARE.
|
||||
|
||||
=cut
|
|
@ -1,14 +1,18 @@
|
|||
package Vici::Session;
|
||||
|
||||
require Exporter;
|
||||
use AutoLoader qw(AUTOLOAD);
|
||||
|
||||
our @ISA = qw(Exporter);
|
||||
our @EXPORT = qw(new, version, stats, reload_settings, initiate, list_sas,
|
||||
list_policies, list_conns, get_conns, list_certs,
|
||||
list_authorities, get_authorities, get_pools);
|
||||
our @VERSION = 0.9;
|
||||
our @EXPORT = qw(
|
||||
new, version, stats, reload_settings, initiate, list_sas, list_policies,
|
||||
list_conns, get_conns, list_certs, list_authorities, get_authorities,
|
||||
get_pools
|
||||
);
|
||||
our $VERSION = '0.9';
|
||||
|
||||
use strict;
|
||||
use warnings;
|
||||
use Vici::Packet;
|
||||
use Vici::Message;
|
||||
|
||||
|
@ -124,3 +128,56 @@ sub get_pools {
|
|||
}
|
||||
|
||||
1;
|
||||
__END__
|
||||
=head1 NAME
|
||||
|
||||
Vici::Session - Perl binding for the strongSwan VICI configuration interface
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
use Vici::Session;
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
The Vici::Session module allows a Perl script to communicate with the open
|
||||
source strongSwan IPsec daemon (https://www.strongswan.com) via the documented
|
||||
Versatile IKE Configuration Interface (VICI). VICI allows the configuration,
|
||||
management and monitoring of multiple IPsec connections.
|
||||
|
||||
=head2 EXPORT
|
||||
|
||||
None by default.
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
strongSwan Wiki: https://wiki.strongswan.org/projects/strongswan/wiki/Vici
|
||||
|
||||
strongSwan Mailing list: users@lists.strongswan.org
|
||||
|
||||
=head1 AUTHOR
|
||||
|
||||
Andreas Steffen, E<lt>andreas.steffen@strongswan.orgE<gt>
|
||||
|
||||
=head1 COPYRIGHT AND LICENSE
|
||||
|
||||
Copyright (C) 2015 by Andreas Steffen
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in
|
||||
all copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||||
THE SOFTWARE.
|
||||
|
||||
=cut
|
|
@ -0,0 +1,96 @@
|
|||
package Vici::Transport;
|
||||
|
||||
require Exporter;
|
||||
use AutoLoader qw(AUTOLOAD);
|
||||
|
||||
our @ISA = qw(Exporter);
|
||||
our @EXPORT = qw(
|
||||
new, send, receive
|
||||
);
|
||||
our $VERSION = '0.9';
|
||||
|
||||
use strict;
|
||||
use warnings;
|
||||
|
||||
sub new {
|
||||
my $class = shift;
|
||||
my $self = {
|
||||
Socket => shift,
|
||||
};
|
||||
bless($self, $class);
|
||||
return $self;
|
||||
}
|
||||
|
||||
sub send {
|
||||
my ($self, $data) = @_;
|
||||
my $packet = pack('N/a*', $data);
|
||||
$self->{'Socket'}->send($packet);
|
||||
}
|
||||
|
||||
sub receive {
|
||||
my $self = shift;
|
||||
my $packet_header;
|
||||
my $data;
|
||||
|
||||
$self->{'Socket'}->recv($packet_header, 4);
|
||||
my $packet_len = unpack('N', $packet_header);
|
||||
$self->{'Socket'}->recv($data, $packet_len);
|
||||
return $data;
|
||||
}
|
||||
|
||||
1;
|
||||
__END__
|
||||
=head1 NAME
|
||||
|
||||
Vici::Transport - Perl extension for communicating via a strongSwan VICI socket
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
use Vici::Transport;
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
The Vici::Transport module is needed by the Vici::Packet module to send
|
||||
and receive packets over the UNIX socket used in the communication with the
|
||||
open source strongSwan IPsec daemon (https://www.strongswan.com) via the
|
||||
documented Versatile IKE Configuration Interface (VICI). VICI allows the
|
||||
onfiguration, management and monitoring of multiple IPsec connections.
|
||||
|
||||
=head2 EXPORT
|
||||
|
||||
None by default.
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
strongSwan Wiki: https://wiki.strongswan.org/projects/strongswan/wiki/Vici
|
||||
|
||||
strongSwan Mailing list: users@lists.strongswan.org
|
||||
|
||||
=head1 AUTHOR
|
||||
|
||||
Andreas Steffen, E<lt>andreas.steffen@strongswan.orgE<gt>
|
||||
|
||||
=head1 COPYRIGHT AND LICENSE
|
||||
|
||||
Copyright (C) 2015 by Andreas Steffen
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in
|
||||
all copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||||
THE SOFTWARE.
|
||||
|
||||
=cut
|
||||
|
|
@ -0,0 +1,18 @@
|
|||
# Before 'make install' is performed this script should be runnable with
|
||||
# 'make test'. After 'make install' it should work as 'perl Vici-Session.t'
|
||||
|
||||
#########################
|
||||
|
||||
# change 'tests => 1' to 'tests => last_test_to_print';
|
||||
|
||||
use strict;
|
||||
use warnings;
|
||||
|
||||
use Test::More tests => 1;
|
||||
BEGIN { use_ok('Vici::Session') };
|
||||
|
||||
#########################
|
||||
|
||||
# Insert your test code below, the Test::More module is use()ed here so read
|
||||
# its man page ( perldoc Test::More ) for help writing this test script.
|
||||
|
|
@ -1,39 +0,0 @@
|
|||
package Vici::Transport;
|
||||
|
||||
require Exporter;
|
||||
|
||||
our @ISA = qw(Exporter);
|
||||
our @EXPORT = qw(new, send, receive);
|
||||
our @VERSION = 0.9;
|
||||
|
||||
use strict;
|
||||
|
||||
sub new {
|
||||
my $class = shift;
|
||||
my $self = {
|
||||
Socket => shift,
|
||||
};
|
||||
bless($self, $class);
|
||||
return $self;
|
||||
}
|
||||
|
||||
sub send {
|
||||
my ($self, $data) = @_;
|
||||
my $packet = pack('N/a*', $data);
|
||||
$self->{'Socket'}->send($packet);
|
||||
}
|
||||
|
||||
sub receive {
|
||||
my $self = shift;
|
||||
my $packet_header;
|
||||
my $data;
|
||||
|
||||
$self->{'Socket'}->recv($packet_header, 4);
|
||||
my $packet_len = unpack('N', $packet_header);
|
||||
$self->{'Socket'}->recv($data, $packet_len);
|
||||
return $data;
|
||||
}
|
||||
|
||||
1;
|
||||
|
||||
|
Loading…
Reference in New Issue