mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1146 lines
28 KiB
1146 lines
28 KiB
//+-------------------------------------------------------------------------
|
|
//
|
|
// Microsoft Windows
|
|
//
|
|
// Copyright (C) Microsoft Corporation, 2001
|
|
//
|
|
// File: query.cpp
|
|
// Purpose: query SPD and print IP Security information
|
|
//
|
|
//
|
|
//--------------------------------------------------------------------------
|
|
/* Edit History:
|
|
|
|
1/18/01 dkalin Created
|
|
*/
|
|
|
|
// app's own header file
|
|
|
|
#include "ipseccmd.h"
|
|
|
|
#pragma warning(disable:4311)
|
|
|
|
// forward function declarations
|
|
char *LongLongToString( DWORD dwHigh, DWORD dwLow, int iPrintCommas );
|
|
int AscMultUint( char *cProduct, char *cA, char *cB );
|
|
int AscAddUint( char *cSum, char *cA, char *cB );
|
|
void print_vpi(char *str, unsigned char *vpi, int vpi_len);
|
|
|
|
void reportError ( DWORD dwMessageId )
|
|
{
|
|
LPVOID myErrString = NULL;
|
|
FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_ALLOCATE_BUFFER,
|
|
NULL,
|
|
dwMessageId, 0,
|
|
(LPTSTR)&myErrString, 0, NULL);
|
|
|
|
_ftprintf(stderr,
|
|
TEXT("%s\n"), myErrString);
|
|
LocalFree(myErrString);
|
|
}
|
|
|
|
|
|
// run SPD query and display results, uses global flags to determine what needs to be printed
|
|
int do_show ( )
|
|
{
|
|
int iReturn = 0; // success by default
|
|
int i, j;
|
|
DWORD hr = FALSE; // assume success
|
|
bool fTestPass = TRUE;
|
|
char* pszLLString;
|
|
TCHAR StringTxt[STRING_TEXT_SIZE+1];
|
|
|
|
PMM_FILTER pmmf; // for MM filter calls
|
|
PIPSEC_MM_SA pipsmmsa; // for MM SA calls
|
|
PIPSEC_QM_SA pipsqmsa; // for QM SA calls
|
|
PIPSEC_MM_POLICY pipsmmp; // for MM policy calls
|
|
PIPSEC_QM_POLICY pipsqmp; // for QM policy calls
|
|
PMM_AUTH_METHODS pmmam; // for MM auth methods calls
|
|
IKE_STATISTICS IKEStats; // for IKE stats calls
|
|
PIPSEC_STATISTICS pIPSecStats; // for IPSec stats calls
|
|
PTRANSPORT_FILTER ptf; // for transport filter calls
|
|
PTUNNEL_FILTER ptunf; // for tunnel filter calls
|
|
DWORD dwCount; // counting objects here
|
|
DWORD dwResumeHandle; // handle for continuation calls
|
|
DWORD dwReserved; // reserved container
|
|
GUID gDefaultGUID = {0}; // NULL GUID value
|
|
|
|
if (ipseccmdShow.bFilters)
|
|
{
|
|
// print all filters
|
|
// main mode generic with details
|
|
_tprintf(TEXT("\nGeneric MM Filters\n------------------------------\n"));
|
|
|
|
pmmf=NULL;
|
|
dwResumeHandle=0;
|
|
// make the call(s)
|
|
for (i = 0; ;i+=dwCount)
|
|
{
|
|
hr = EnumMMFilters(szServ, ENUM_GENERIC_FILTERS, gDefaultGUID, &pmmf, 0, &dwCount, &dwResumeHandle);
|
|
if (hr == ERROR_NO_DATA || dwCount == 0)
|
|
{
|
|
if (i == 0)
|
|
{
|
|
_tprintf(TEXT("No filters\n"));
|
|
}
|
|
break;
|
|
}
|
|
if (hr != ERROR_SUCCESS)
|
|
{
|
|
_tprintf(TEXT("EnumMMFilters failed with error %d\n"), hr);
|
|
reportError(hr);
|
|
fTestPass = FALSE; // indicate an error
|
|
break;
|
|
}
|
|
for (j = 0; j < (int) dwCount; j++)
|
|
{
|
|
_tprintf(TEXT("\nGeneric MM Filter #%d:\n"), i+j+1);
|
|
if (!PrintMMFilter(pmmf[j], TRUE, FALSE))
|
|
{
|
|
fTestPass = FALSE; // indicate an error
|
|
break;
|
|
}
|
|
}
|
|
SPDApiBufferFree(pmmf);
|
|
pmmf=NULL;
|
|
if(!fTestPass)
|
|
break;
|
|
}
|
|
if (!fTestPass)
|
|
{
|
|
iReturn++;
|
|
fTestPass = TRUE;
|
|
}
|
|
|
|
// main mode specific without details
|
|
_tprintf(TEXT("\nSpecific MM Filters\n------------------------------\n"));
|
|
|
|
pmmf=NULL;
|
|
dwResumeHandle=0;
|
|
// make the call(s)
|
|
for (i = 0; ;i+=dwCount)
|
|
{
|
|
hr = EnumMMFilters(szServ, ENUM_SPECIFIC_FILTERS, gDefaultGUID, &pmmf, 0, &dwCount, &dwResumeHandle);
|
|
if (hr == ERROR_NO_DATA || dwCount == 0)
|
|
{
|
|
if (i == 0)
|
|
{
|
|
_tprintf(TEXT("No filters\n"));
|
|
}
|
|
break;
|
|
}
|
|
if (hr != ERROR_SUCCESS)
|
|
{
|
|
_tprintf(TEXT("EnumMMFilters failed with error %d\n"), hr);
|
|
reportError(hr);
|
|
fTestPass = FALSE; // indicate an error
|
|
break;
|
|
}
|
|
for (j = 0; j < (int) dwCount; j++)
|
|
{
|
|
_tprintf(TEXT("\nSpecific MM Filter #%d:\n"), i+j+1);
|
|
if (!PrintMMFilter(pmmf[j], FALSE, TRUE))
|
|
{ // error
|
|
fTestPass = FALSE; // indicate an error
|
|
break;
|
|
}
|
|
}
|
|
SPDApiBufferFree(pmmf);
|
|
pmmf=NULL;
|
|
if(!fTestPass)
|
|
break;
|
|
}
|
|
if (!fTestPass)
|
|
{
|
|
iReturn++;
|
|
fTestPass = TRUE;
|
|
}
|
|
|
|
// quick mode transport generic with details
|
|
_tprintf(TEXT("\nGeneric Transport Filters\n------------------------------\n"));
|
|
|
|
ptf=NULL;
|
|
dwResumeHandle=0;
|
|
// make the call(s)
|
|
for (i = 0; ;i+=dwCount)
|
|
{
|
|
hr = EnumTransportFilters(szServ, ENUM_GENERIC_FILTERS, gDefaultGUID, &ptf, 0, &dwCount, &dwResumeHandle);
|
|
if (hr == ERROR_NO_DATA || dwCount == 0)
|
|
{
|
|
if (i == 0)
|
|
{
|
|
_tprintf(TEXT("No filters\n"));
|
|
}
|
|
break;
|
|
}
|
|
if (hr != ERROR_SUCCESS)
|
|
{
|
|
_tprintf(TEXT("EnumTransportFilters failed with error %d\n"), hr);
|
|
reportError(hr);
|
|
fTestPass=FALSE;
|
|
break;
|
|
}
|
|
for (j = 0; j < (int) dwCount; j++)
|
|
{
|
|
_tprintf(TEXT("\nGeneric Transport Filter #%d:\n"), i+j+1);
|
|
if (!PrintFilter(ptf[j], TRUE, FALSE))
|
|
{ // error
|
|
fTestPass=FALSE;
|
|
break;
|
|
}
|
|
}
|
|
SPDApiBufferFree(ptf);
|
|
ptf=NULL;
|
|
if(!fTestPass)
|
|
break;
|
|
}
|
|
if (!fTestPass)
|
|
{
|
|
iReturn++;
|
|
fTestPass = TRUE;
|
|
}
|
|
|
|
// quick mode transport specific without details
|
|
_tprintf(TEXT("\nSpecific Transport Filters\n------------------------------\n"));
|
|
|
|
ptf=NULL;
|
|
dwResumeHandle=0;
|
|
// make the call(s)
|
|
for (i = 0; ;i+=dwCount)
|
|
{
|
|
hr = EnumTransportFilters(szServ, ENUM_SPECIFIC_FILTERS, gDefaultGUID, &ptf, 0, &dwCount, &dwResumeHandle);
|
|
if (hr == ERROR_NO_DATA || dwCount == 0)
|
|
{
|
|
if (i == 0)
|
|
{
|
|
_tprintf(TEXT("No filters\n"));
|
|
}
|
|
break;
|
|
}
|
|
if (hr != ERROR_SUCCESS)
|
|
{
|
|
_tprintf(TEXT("EnumTransportFilters failed with error %d\n"), hr);
|
|
reportError(hr);
|
|
fTestPass=FALSE;
|
|
break;
|
|
}
|
|
for (j = 0; j < (int) dwCount; j++)
|
|
{
|
|
_tprintf(TEXT("\nSpecific Transport Filter #%d:\n"), i+j+1);
|
|
if (!PrintFilter(ptf[j], FALSE, TRUE))
|
|
{ // error
|
|
fTestPass=FALSE;
|
|
break;
|
|
}
|
|
}
|
|
SPDApiBufferFree(ptf);
|
|
ptf=NULL;
|
|
if(!fTestPass)
|
|
break;
|
|
}
|
|
if (!fTestPass)
|
|
{
|
|
iReturn++;
|
|
fTestPass = TRUE;
|
|
}
|
|
|
|
// quick mode tunnel generic with details
|
|
_tprintf(TEXT("\nGeneric Tunnel Filters\n------------------------------\n"));
|
|
|
|
ptunf=NULL;
|
|
dwResumeHandle=0;
|
|
// make the call(s)
|
|
for (i = 0; ;i+=dwCount)
|
|
{
|
|
hr = EnumTunnelFilters(szServ, ENUM_GENERIC_FILTERS, gDefaultGUID, &ptunf, 0, &dwCount, &dwResumeHandle);
|
|
if (hr == ERROR_NO_DATA || dwCount == 0)
|
|
{
|
|
if (i == 0)
|
|
{
|
|
_tprintf(TEXT("No filters\n"));
|
|
}
|
|
break;
|
|
}
|
|
if (hr != ERROR_SUCCESS)
|
|
{
|
|
_tprintf(TEXT("EnumTunnelFilters failed with error %d\n"), hr);
|
|
reportError(hr);
|
|
fTestPass=FALSE;
|
|
break;
|
|
}
|
|
for (j = 0; j < (int) dwCount; j++)
|
|
{
|
|
_tprintf(TEXT("\nGeneric Tunnel Filter #%d:\n"), i+j+1);
|
|
if (!PrintTunnelFilter(ptunf[j], TRUE, FALSE))
|
|
{ // error
|
|
fTestPass=FALSE;
|
|
break;
|
|
}
|
|
}
|
|
SPDApiBufferFree(ptunf);
|
|
ptunf=NULL;
|
|
if(!fTestPass)
|
|
break;
|
|
}
|
|
if (!fTestPass)
|
|
{
|
|
iReturn++;
|
|
fTestPass = TRUE;
|
|
}
|
|
|
|
// quick mode tunnel specific without details
|
|
_tprintf(TEXT("\nSpecific Tunnel Filters\n------------------------------\n"));
|
|
|
|
ptunf=NULL;
|
|
dwResumeHandle=0;
|
|
// make the call(s)
|
|
for (i = 0; ;i+=dwCount)
|
|
{
|
|
hr = EnumTunnelFilters(szServ, ENUM_SPECIFIC_FILTERS, gDefaultGUID, &ptunf, 0, &dwCount, &dwResumeHandle);
|
|
if (hr == ERROR_NO_DATA || dwCount == 0)
|
|
{
|
|
if (i == 0)
|
|
{
|
|
_tprintf(TEXT("No filters\n"));
|
|
}
|
|
break;
|
|
}
|
|
if (hr != ERROR_SUCCESS)
|
|
{
|
|
_tprintf(TEXT("EnumTunnelFilters failed with error %d\n"), hr);
|
|
reportError(hr);
|
|
fTestPass=FALSE;
|
|
break;
|
|
}
|
|
for (j = 0; j < (int) dwCount; j++)
|
|
{
|
|
_tprintf(TEXT("\nSpecific Tunnel Filter #%d:\n"), i+j+1);
|
|
if (!PrintTunnelFilter(ptunf[j], FALSE, TRUE))
|
|
{ // error
|
|
fTestPass=FALSE;
|
|
break;
|
|
}
|
|
}
|
|
SPDApiBufferFree(ptunf);
|
|
ptunf=NULL;
|
|
if(!fTestPass)
|
|
break;
|
|
}
|
|
if (!fTestPass)
|
|
{
|
|
iReturn++;
|
|
fTestPass = TRUE;
|
|
}
|
|
}
|
|
|
|
if (ipseccmdShow.bPolicies)
|
|
{
|
|
// print all policies
|
|
// main mode policies
|
|
_tprintf(TEXT("\nMain Mode Policies\n------------------------------\n"));
|
|
|
|
pipsmmp=NULL;
|
|
dwResumeHandle=0;
|
|
// make the call(s)
|
|
for (i = 0; ;i+=dwCount)
|
|
{
|
|
hr = EnumMMPolicies(szServ, &pipsmmp, 0, &dwCount, &dwResumeHandle);
|
|
if (hr == ERROR_NO_DATA || dwCount == 0)
|
|
{
|
|
if (i == 0)
|
|
{
|
|
_tprintf(TEXT("No policies\n"));
|
|
}
|
|
break;
|
|
}
|
|
if (hr != ERROR_SUCCESS)
|
|
{
|
|
_tprintf(TEXT("EnumMMPolicies failed with error %d\n"), hr);
|
|
reportError(hr);
|
|
fTestPass=FALSE;
|
|
break;
|
|
}
|
|
for (j = 0; j < (int) dwCount; j++)
|
|
{
|
|
_tprintf(TEXT("\nMain Mode Policy #%d:\n"), i+j+1);
|
|
PrintMMPolicy(pipsmmp[j], _T(" "));
|
|
}
|
|
SPDApiBufferFree(pipsmmp);
|
|
pipsmmp=NULL;
|
|
if(!fTestPass)
|
|
break;
|
|
}
|
|
if (!fTestPass)
|
|
{
|
|
iReturn++;
|
|
fTestPass = TRUE;
|
|
}
|
|
|
|
// quick mode policies
|
|
_tprintf(TEXT("\nQuick Mode Policies\n------------------------------\n"));
|
|
|
|
pipsqmp=NULL;
|
|
dwResumeHandle=0;
|
|
// make the call(s)
|
|
for (i = 0; ;i+=dwCount)
|
|
{
|
|
hr = EnumQMPolicies(szServ, &pipsqmp, 0, &dwCount, &dwResumeHandle);
|
|
if (hr == ERROR_NO_DATA || dwCount == 0)
|
|
{
|
|
if (i == 0)
|
|
{
|
|
_tprintf(TEXT("No policies\n"));
|
|
}
|
|
break;
|
|
}
|
|
if (hr != ERROR_SUCCESS)
|
|
{
|
|
_tprintf(TEXT("EnumQMPolicies failed with error %d\n"), hr);
|
|
reportError(hr);
|
|
fTestPass=FALSE;
|
|
break;
|
|
}
|
|
for (j = 0; j < (int) dwCount; j++)
|
|
{
|
|
_tprintf(TEXT("\nQuick Mode Policy #%d:\n"), i+j+1);
|
|
PrintFilterAction(pipsqmp[j], _T(" "));
|
|
}
|
|
SPDApiBufferFree(pipsqmp);
|
|
pipsqmp=NULL;
|
|
if(!fTestPass)
|
|
break;
|
|
}
|
|
if (!fTestPass)
|
|
{
|
|
iReturn++;
|
|
fTestPass = TRUE;
|
|
}
|
|
}
|
|
if (ipseccmdShow.bAuth)
|
|
{
|
|
// print main mode authentication methods
|
|
_tprintf(TEXT("\nMain Mode Authentication Methods\n------------------------------\n"));
|
|
|
|
pmmam=NULL;
|
|
dwResumeHandle=0;
|
|
// make the call(s)
|
|
for (i = 0; ;i+=dwCount)
|
|
{
|
|
hr = EnumMMAuthMethods(szServ, &pmmam, 0, &dwCount, &dwResumeHandle);
|
|
if (hr == ERROR_NO_DATA || dwCount == 0)
|
|
{
|
|
if (i == 0)
|
|
{
|
|
_tprintf(TEXT("No authentication methods\n"));
|
|
}
|
|
break;
|
|
}
|
|
if (hr != ERROR_SUCCESS)
|
|
{
|
|
_tprintf(TEXT("EnumMMAuthMethods failed with error %d\n"), hr);
|
|
reportError(hr);
|
|
fTestPass=FALSE;
|
|
break;
|
|
}
|
|
for (j = 0; j < (int) dwCount; j++)
|
|
{
|
|
_tprintf(TEXT("\nMain Mode Authentication Methods #%d:\n"), i+j+1);
|
|
PrintMMAuthMethods(pmmam[j], _T(" "));
|
|
}
|
|
SPDApiBufferFree(pmmam);
|
|
pmmam=NULL;
|
|
if(!fTestPass)
|
|
break;
|
|
}
|
|
if (!fTestPass)
|
|
{
|
|
iReturn++;
|
|
fTestPass = TRUE;
|
|
}
|
|
}
|
|
if (ipseccmdShow.bStats)
|
|
{
|
|
// print stats
|
|
// ike stats
|
|
if ((hr = IPSecQueryIKEStatistics(szServ,&IKEStats)) != ERROR_SUCCESS)
|
|
{
|
|
_tprintf(TEXT("IPSecQueryIKEStatistics failed with error %d\n"), hr);
|
|
reportError(hr);
|
|
fTestPass=FALSE;
|
|
}
|
|
if (fTestPass)
|
|
{
|
|
_tprintf(TEXT("\nIKE Statistics\n------------------------------\n"));
|
|
printf(" Main Modes %d\n",IKEStats.dwOakleyMainModes);
|
|
printf(" Quick Modes %d\n",IKEStats.dwOakleyQuickModes);
|
|
printf(" Soft SAs %d\n",IKEStats.dwSoftAssociations);
|
|
printf(" Authentication Failures %d\n",IKEStats.dwAuthenticationFailures);
|
|
printf(" Active Acquire %d\n",IKEStats.dwActiveAcquire);
|
|
printf(" Active Receive %d\n",IKEStats.dwActiveReceive);
|
|
printf(" Acquire fail %d\n",IKEStats.dwAcquireFail);
|
|
printf(" Receive fail %d\n",IKEStats.dwReceiveFail);
|
|
printf(" Send fail %d\n",IKEStats.dwSendFail);
|
|
printf(" Acquire Heap size %d\n",IKEStats.dwAcquireHeapSize);
|
|
printf(" Receive Heap size %d\n",IKEStats.dwReceiveHeapSize);
|
|
printf(" Negotiation Failures %d\n",IKEStats.dwNegotiationFailures);
|
|
printf(" Invalid Cookies Rcvd %d\n",IKEStats.dwInvalidCookiesReceived);
|
|
printf(" Total Acquire %d\n",IKEStats.dwTotalAcquire);
|
|
printf(" TotalGetSpi %d\n",IKEStats.dwTotalGetSpi);
|
|
printf(" TotalKeyAdd %d\n",IKEStats.dwTotalKeyAdd);
|
|
printf(" TotalKeyUpdate %d\n",IKEStats.dwTotalKeyUpdate);
|
|
printf(" GetSpiFail %d\n",IKEStats.dwGetSpiFail);
|
|
printf(" KeyAddFail %d\n",IKEStats.dwKeyAddFail);
|
|
printf(" KeyUpdateFail %d\n",IKEStats.dwKeyUpdateFail);
|
|
printf(" IsadbListSize %d\n",IKEStats.dwIsadbListSize);
|
|
printf(" ConnListSize %d\n",IKEStats.dwConnListSize);
|
|
_tprintf(_TEXT("\n"));
|
|
}
|
|
|
|
if (!fTestPass)
|
|
{
|
|
iReturn++;
|
|
fTestPass = TRUE;
|
|
}
|
|
|
|
// ipsec stats
|
|
if ((hr = QueryIPSecStatistics(szServ,&pIPSecStats)) != ERROR_SUCCESS)
|
|
{
|
|
_tprintf(TEXT("QueryIPSecStatistics failed with error %d\n"), hr);
|
|
reportError(hr);
|
|
fTestPass=FALSE;
|
|
}
|
|
if (fTestPass)
|
|
{
|
|
_tprintf(TEXT("\nIPSec Statistics\n------------------------------\n"));
|
|
_tprintf(TEXT(" Active Assoc %lu\n"),pIPSecStats->dwNumActiveAssociations);
|
|
_tprintf(TEXT(" Pending Key %lu\n"),pIPSecStats->dwNumPendingKeyOps);
|
|
_tprintf(TEXT(" Key Adds %lu\n"),pIPSecStats->dwNumKeyAdditions);
|
|
_tprintf(TEXT(" Key Deletes %lu\n"),pIPSecStats->dwNumKeyDeletions);
|
|
_tprintf(TEXT(" ReKeys %lu\n"),pIPSecStats->dwNumReKeys);
|
|
_tprintf(TEXT(" Active Tunnels %lu\n"),pIPSecStats->dwNumActiveTunnels);
|
|
_tprintf(TEXT(" Bad SPI Pkts %lu\n"),pIPSecStats->dwNumBadSPIPackets);
|
|
_tprintf(TEXT(" Pkts not Decrypted %lu\n"),pIPSecStats->dwNumPacketsNotDecrypted);
|
|
_tprintf(TEXT(" Pkts not Authenticated %lu\n"),pIPSecStats->dwNumPacketsNotAuthenticated);
|
|
_tprintf(TEXT(" Pkts with Replay Detection %lu\n"),pIPSecStats->dwNumPacketsWithReplayDetection);
|
|
|
|
pszLLString = LongLongToString(pIPSecStats->uConfidentialBytesSent.HighPart,pIPSecStats->uConfidentialBytesSent.LowPart, 1);
|
|
printf(" Confidential Bytes Sent %s\n", pszLLString);
|
|
free(pszLLString);
|
|
|
|
pszLLString = LongLongToString(pIPSecStats->uConfidentialBytesReceived.HighPart,pIPSecStats->uConfidentialBytesReceived.LowPart, 1);
|
|
printf(" Confidential Bytes Received %s\n", pszLLString);
|
|
free(pszLLString);
|
|
|
|
pszLLString = LongLongToString(pIPSecStats->uAuthenticatedBytesSent.HighPart,pIPSecStats->uAuthenticatedBytesSent.LowPart, 1);
|
|
printf(" Authenticated Bytes Sent %s\n", pszLLString);
|
|
free(pszLLString);
|
|
|
|
pszLLString = LongLongToString(pIPSecStats->uAuthenticatedBytesReceived.HighPart,pIPSecStats->uAuthenticatedBytesReceived.LowPart, 1);
|
|
printf(" Authenticated Bytes Received %s\n", pszLLString);
|
|
free(pszLLString);
|
|
|
|
pszLLString = LongLongToString(pIPSecStats->uOffloadedBytesSent.HighPart,pIPSecStats->uOffloadedBytesSent.LowPart, 1);
|
|
printf(" Offloaded Bytes Sent %s\n", pszLLString);
|
|
free(pszLLString);
|
|
|
|
pszLLString = LongLongToString(pIPSecStats->uOffloadedBytesReceived.HighPart,pIPSecStats->uOffloadedBytesReceived.LowPart, 1);
|
|
printf(" Offloaded Bytes Received %s\n", pszLLString);
|
|
free(pszLLString);
|
|
|
|
pszLLString = LongLongToString(pIPSecStats->uBytesSentInTunnels.HighPart,pIPSecStats->uBytesSentInTunnels.LowPart, 1);
|
|
printf(" Bytes Sent In Tunnels %s\n", pszLLString);
|
|
free(pszLLString);
|
|
|
|
pszLLString = LongLongToString(pIPSecStats->uBytesReceivedInTunnels.HighPart,pIPSecStats->uBytesReceivedInTunnels.LowPart, 1);
|
|
printf(" Bytes Received In Tunnels %s\n", pszLLString);
|
|
free(pszLLString);
|
|
|
|
pszLLString = LongLongToString(pIPSecStats->uTransportBytesSent.HighPart,pIPSecStats->uTransportBytesSent.LowPart, 1);
|
|
printf(" Transport Bytes Sent %s\n", pszLLString);
|
|
free(pszLLString);
|
|
|
|
pszLLString = LongLongToString(pIPSecStats->uTransportBytesReceived.HighPart,pIPSecStats->uTransportBytesReceived.LowPart, 1);
|
|
printf(" Transport Bytes Received %s\n", pszLLString);
|
|
free(pszLLString);
|
|
|
|
|
|
|
|
_tprintf(_TEXT("\n"));
|
|
|
|
SPDApiBufferFree(pIPSecStats);
|
|
}
|
|
|
|
if (!fTestPass)
|
|
{
|
|
iReturn++;
|
|
fTestPass = TRUE;
|
|
}
|
|
}
|
|
if (ipseccmdShow.bSAs)
|
|
{
|
|
// print all SAs
|
|
// main mode SAs
|
|
_tprintf(TEXT("\nMain Mode SAs\n------------------------------\n"));
|
|
|
|
pipsmmsa=NULL;
|
|
dwResumeHandle=0;
|
|
dwCount = 2;
|
|
dwReserved = 0;
|
|
// make the call(s)
|
|
for (i = 0; ;i+=dwCount)
|
|
{
|
|
IPSEC_MM_SA mmsaTemplate;
|
|
memset(&mmsaTemplate, 0, sizeof(IPSEC_MM_SA));
|
|
hr = IPSecEnumMMSAs(szServ, &mmsaTemplate, &pipsmmsa, &dwCount, &dwReserved, &dwResumeHandle, 0);
|
|
if (hr == ERROR_NO_DATA || dwCount == 0)
|
|
{
|
|
if (i == 0)
|
|
{
|
|
_tprintf(TEXT("No SAs\n"));
|
|
}
|
|
break;
|
|
}
|
|
if (hr != ERROR_SUCCESS)
|
|
{
|
|
_tprintf(TEXT("IPSecEnumMMSAs failed with error %d\n"), hr);
|
|
reportError(hr);
|
|
fTestPass=FALSE;
|
|
break;
|
|
}
|
|
for (j = 0; j < (int) dwCount; j++)
|
|
{
|
|
struct in_addr inAddr;
|
|
|
|
_tprintf(TEXT("\nMain Mode SA #%d:\n"), i+j+1);
|
|
// now print SA data
|
|
inAddr.s_addr = pipsmmsa[j].Me.uIpAddr;
|
|
printf(" From %s\n", inet_ntoa(inAddr));
|
|
inAddr.s_addr = pipsmmsa[j].Peer.uIpAddr;
|
|
printf(" To %s\n", inet_ntoa(inAddr));
|
|
|
|
StringFromGUID2(pipsmmsa[j].gMMPolicyID, StringTxt, STRING_TEXT_SIZE);
|
|
_tprintf(TEXT(" Policy Id : %s\n"), StringTxt);
|
|
|
|
_tprintf(TEXT(" Offer Used : \n"));
|
|
PrintMMOffer(pipsmmsa[j].SelectedMMOffer, _T(""), _T("\t"));
|
|
|
|
_tprintf(TEXT(" Auth Used : %s\n"), oak_auth[pipsmmsa[j].MMAuthEnum]);
|
|
|
|
// print cookies
|
|
print_vpi(" Initiator cookie",(BYTE*)&(pipsmmsa[j].MMSpi.Initiator),sizeof(IKE_COOKIE));
|
|
printf("\n");
|
|
print_vpi(" Responder cookie",(BYTE*)&(pipsmmsa[j].MMSpi.Responder),sizeof(IKE_COOKIE));
|
|
printf("\n");
|
|
|
|
if (pipsmmsa[j].dwFlags != 0)
|
|
{
|
|
_tprintf(TEXT(" Flags : %lu\n"), pipsmmsa[j].dwFlags);
|
|
}
|
|
}
|
|
SPDApiBufferFree(pipsmmsa);
|
|
pipsmmsa=NULL;
|
|
if (dwReserved == 0)
|
|
{
|
|
break;
|
|
}
|
|
if(!fTestPass)
|
|
break;
|
|
}
|
|
|
|
if (!fTestPass)
|
|
{
|
|
iReturn++;
|
|
fTestPass = TRUE;
|
|
}
|
|
|
|
// quick mode SAs
|
|
_tprintf(TEXT("\nQuick Mode SAs\n------------------------------\n"));
|
|
|
|
pipsqmsa=NULL;
|
|
dwResumeHandle=0;
|
|
dwCount = 2;
|
|
dwReserved = 0;
|
|
// make the call(s)
|
|
for (i = 0; ;i+=dwCount)
|
|
{
|
|
hr = EnumQMSAs(szServ, NULL, &pipsqmsa, 0, &dwCount, &dwReserved, &dwResumeHandle, 0);
|
|
if (hr == ERROR_NO_DATA || dwCount == 0)
|
|
{
|
|
if (i == 0)
|
|
{
|
|
_tprintf(TEXT("No SAs\n"));
|
|
}
|
|
break;
|
|
}
|
|
if (hr != ERROR_SUCCESS)
|
|
{
|
|
_tprintf(TEXT("EnumQMSAs failed with error %d\n"), hr);
|
|
fTestPass=FALSE;
|
|
break;
|
|
}
|
|
for (j = 0; j < (int) dwCount; j++)
|
|
{
|
|
struct in_addr inAddr;
|
|
|
|
_tprintf(TEXT("\nQuick Mode SA #%d:\n"), i+j+1);
|
|
// now print SA data - QM filter
|
|
StringFromGUID2(pipsqmsa[j].gQMFilterID, StringTxt, STRING_TEXT_SIZE);
|
|
_tprintf(TEXT(" Filter Id : %s\n"), StringTxt);
|
|
_tprintf(TEXT(" %s Filter\n"),
|
|
(pipsqmsa[j].IpsecQMFilter.QMFilterType == QM_TRANSPORT_FILTER) ? _T("Transport") :
|
|
((pipsqmsa[j].IpsecQMFilter.QMFilterType == QM_TUNNEL_FILTER) ? _T("Tunnel") : _T("Unknown"))
|
|
);
|
|
|
|
printf(" From ");
|
|
PrintAddr(pipsqmsa[j].IpsecQMFilter.SrcAddr);
|
|
printf("\n");
|
|
printf(" To ");
|
|
PrintAddr(pipsqmsa[j].IpsecQMFilter.DesAddr);
|
|
printf("\n");
|
|
|
|
_tprintf(TEXT(" Protocol : %lu Src Port : %u Des Port : %u\n"),
|
|
pipsqmsa[j].IpsecQMFilter.Protocol.dwProtocol, pipsqmsa[j].IpsecQMFilter.SrcPort.wPort, pipsqmsa[j].IpsecQMFilter.DesPort.wPort);
|
|
_tprintf(TEXT(" Direction : %s\n"),
|
|
(pipsqmsa[j].IpsecQMFilter.dwFlags & FILTER_DIRECTION_INBOUND) ? _T("Inbound") :
|
|
((pipsqmsa[j].IpsecQMFilter.dwFlags & FILTER_DIRECTION_OUTBOUND) ? _T("Outbound") : _T("Error")));
|
|
|
|
if (pipsqmsa[j].IpsecQMFilter.QMFilterType == QM_TUNNEL_FILTER)
|
|
{
|
|
printf(" Tunnel From ");
|
|
PrintAddr(pipsqmsa[j].IpsecQMFilter.MyTunnelEndpt);
|
|
printf("\n");
|
|
printf(" Tunnel To ");
|
|
PrintAddr(pipsqmsa[j].IpsecQMFilter.PeerTunnelEndpt);
|
|
printf("\n");
|
|
}
|
|
|
|
// policy and cookie
|
|
StringFromGUID2(pipsqmsa[j].gQMPolicyID, StringTxt, STRING_TEXT_SIZE);
|
|
_tprintf(TEXT(" Policy Id : %s\n"), StringTxt);
|
|
|
|
_tprintf(TEXT(" Offer Used : \n"));
|
|
PrintQMOffer(pipsqmsa[j].SelectedQMOffer, _T(""), _T("\t"));
|
|
|
|
// print cookies
|
|
print_vpi(" Initiator cookie",(BYTE*)&(pipsqmsa[j].MMSpi.Initiator),sizeof(IKE_COOKIE));
|
|
printf("\n");
|
|
print_vpi(" Responder cookie",(BYTE*)&(pipsqmsa[j].MMSpi.Responder),sizeof(IKE_COOKIE));
|
|
printf("\n");
|
|
|
|
}
|
|
SPDApiBufferFree(pipsqmsa);
|
|
pipsqmsa=NULL;
|
|
if (dwReserved == 0)
|
|
{
|
|
break;
|
|
}
|
|
if(!fTestPass)
|
|
break;
|
|
}
|
|
|
|
if (!fTestPass)
|
|
{
|
|
iReturn++;
|
|
fTestPass = TRUE;
|
|
}
|
|
}
|
|
|
|
return iReturn;
|
|
}
|
|
|
|
// process query command line
|
|
// accept command line (argc/argv) and the index where show flags start
|
|
// return 0 if command completed successfully,
|
|
// IPSECCMD_USAGE if there is usage error,
|
|
// any other value indicates failure during execution (gets passed up)
|
|
//
|
|
// IMPORTANT: we assume that main module provide us with remote vs. local machine information
|
|
// in the global variables
|
|
//
|
|
int ipseccmd_show_main ( int argc, char** argv, int start_index )
|
|
{
|
|
int i;
|
|
|
|
ipseccmdShow.bFilters = ipseccmdShow.bPolicies = ipseccmdShow.bAuth = ipseccmdShow.bStats = ipseccmdShow.bSAs = false;
|
|
for (i = start_index ; i < argc; i++)
|
|
{
|
|
if (!_stricmp(argv[i], KEYWORD_SHOW))
|
|
{
|
|
continue; // skip that
|
|
}
|
|
else if (!_stricmp(argv[i], KEYWORD_FILTERS))
|
|
{
|
|
ipseccmdShow.bFilters = true;
|
|
}
|
|
else if (!_stricmp(argv[i], KEYWORD_POLICIES))
|
|
{
|
|
ipseccmdShow.bPolicies = true;
|
|
}
|
|
else if (!_stricmp(argv[i], KEYWORD_AUTH))
|
|
{
|
|
ipseccmdShow.bAuth = true;
|
|
}
|
|
else if (!_stricmp(argv[i], KEYWORD_STATS))
|
|
{
|
|
ipseccmdShow.bStats = true;
|
|
}
|
|
else if (!_stricmp(argv[i], KEYWORD_SAS))
|
|
{
|
|
ipseccmdShow.bSAs = true;
|
|
}
|
|
else if (!_stricmp(argv[i], KEYWORD_ALL))
|
|
{
|
|
ipseccmdShow.bFilters = ipseccmdShow.bPolicies = ipseccmdShow.bAuth = ipseccmdShow.bStats = ipseccmdShow.bSAs = true;
|
|
}
|
|
else
|
|
{
|
|
return IPSECCMD_USAGE;
|
|
}
|
|
}
|
|
|
|
return do_show();
|
|
}
|
|
|
|
// print_vpi prints IKE_COOKIE information
|
|
// Parms:
|
|
// Returns: None
|
|
|
|
void print_vpi(char *str, unsigned char *vpi, int vpi_len)
|
|
{
|
|
int i, j;
|
|
char msg [256] ;
|
|
char c [5];
|
|
|
|
strcpy ( msg, str) ;
|
|
strcat ( msg," ") ;
|
|
if (vpi == NULL) {
|
|
strcat(msg,"VPI NULL ");
|
|
printf("%s", msg) ;
|
|
return;
|
|
}
|
|
for (j=1, i=0; i<vpi_len; i++) {
|
|
sprintf(c,"%02x",vpi[i]);
|
|
strcat(msg, c) ;
|
|
if (j == 16) {
|
|
j = 0;
|
|
printf("%s", msg);
|
|
msg[0] = 0 ;
|
|
}
|
|
j++;
|
|
}
|
|
if ( j != 1)
|
|
{
|
|
printf("%s", msg);
|
|
}
|
|
else
|
|
{
|
|
printf("");
|
|
}
|
|
} // end of print_vpi
|
|
|
|
/**********************************************************************************
|
|
*
|
|
* AscAddUint - Add two numbers in ascii strings, storing the results in a third buffer
|
|
* cSum - Buffer for the sum
|
|
* cA - First addend
|
|
* cB - Second addend
|
|
*
|
|
* This routine will add two arbitrarily long ascii strings. It makes several
|
|
* assumptions about them.
|
|
* 1) the string is null terminated.
|
|
* 2) The LSB is the last char of the string. "1000000" is a million
|
|
* 3) There are no signs or decimal points.
|
|
* 4) The cSum buffer is large enough to store the result
|
|
* 5) The sum will require 254 bytes or less.
|
|
*
|
|
* returns: 0 on success, else failure code.
|
|
*
|
|
**********************************************************************************/
|
|
|
|
int
|
|
AscAddUint(
|
|
char *cSum,
|
|
char *cA,
|
|
char *cB
|
|
)
|
|
{
|
|
int iALen, iBLen, iSumLen, iBiggerLen;
|
|
int i,j,k, iCarry;
|
|
char cTmp[255]={0}, *cBigger;
|
|
|
|
// Verify parameters
|
|
|
|
if ((cA == NULL) || (cB == NULL) || (cSum == NULL))
|
|
{
|
|
printf("AscAddUint(%0X,%0X, %0X) ERROR - bad parameters\n",
|
|
(UINT) cA, (UINT) cB, (UINT) cSum);
|
|
return(-1);
|
|
}
|
|
|
|
iALen = strlen(cA);
|
|
iBLen = strlen(cB);
|
|
iCarry = 0;
|
|
|
|
// Loop through, adding the values. Our result string will be
|
|
// backwards, we'll straighten it out when we copy it to the
|
|
// cSum buffer.
|
|
|
|
for (i=0; (i < iALen) && (i < iBLen); i++)
|
|
{
|
|
// Figure out the actual decimal value of the add.
|
|
|
|
k = (int) (cA[iALen-i-1] + cB[iBLen-i-1] + iCarry);
|
|
k -= 2 * '0';
|
|
|
|
// Set the carry as appropriate
|
|
|
|
iCarry = k/10;
|
|
|
|
// Set the current digit's value.
|
|
|
|
cTmp[i] = '0' + k%10;
|
|
}
|
|
|
|
// At this point, all digits present in both strings have been added.
|
|
// In other words, "12345" + "678901", "12345" has been added to "78901"
|
|
// The next step is to account for the high-order digits of the larger number.
|
|
|
|
if (iALen > iBLen)
|
|
{
|
|
cBigger = cA;
|
|
iBiggerLen = iALen;
|
|
}
|
|
else
|
|
{
|
|
cBigger = cB;
|
|
iBiggerLen = iBLen;
|
|
}
|
|
|
|
while (i < iBiggerLen)
|
|
{
|
|
k = cBigger[iBiggerLen - i - 1] + iCarry - '0';
|
|
|
|
// Set the carry as appropriate
|
|
|
|
iCarry = k/10;
|
|
|
|
// Set the current digit's value.
|
|
|
|
cTmp[i] = '0' + k%10;
|
|
i++;
|
|
}
|
|
|
|
// Finally, we might still have a set carry to put in the next
|
|
// digit.
|
|
|
|
if (iCarry)
|
|
{
|
|
cTmp[i++] = '0' + iCarry;
|
|
}
|
|
|
|
// Now that we've got the entire number, reverse it and put it back in the dest.
|
|
|
|
// Skip leading 0's.
|
|
|
|
i = strlen(cTmp) - 1;
|
|
|
|
while ((i > 0)&&(cTmp[i] == '0'))
|
|
{
|
|
i--;
|
|
}
|
|
|
|
// and copy the number.
|
|
|
|
j = 0;
|
|
while (i >= 0)
|
|
{
|
|
cSum[j++] = cTmp[i--];
|
|
}
|
|
|
|
cSum[j] = '\0';
|
|
|
|
// We're done. Return 0 for success!
|
|
|
|
return(0);
|
|
}
|
|
|
|
|
|
|
|
/**********************************************************************************
|
|
*
|
|
* AscMultUint - Multiply two numbers in ascii strings, storing the results in a third buffer
|
|
* cProduct - Buffer for the product
|
|
* cA - First multiplicand
|
|
* cB - Second multiplicand
|
|
*
|
|
* This routine will add two arbitrarily long ascii strings. It makes several
|
|
* assumptions about them.
|
|
* 1) the string is null terminated.
|
|
* 2) The LSB is the last char of the string. "1000000" is a million
|
|
* 3) There are no signs or decimal points.
|
|
* 4) The cProduct buffer is large enough to store the result
|
|
* 5) The product will require 254 bytes or less.
|
|
*
|
|
* returns: 0 on success, else failure code.
|
|
*
|
|
**********************************************************************************/
|
|
|
|
int
|
|
AscMultUint(
|
|
char *cProduct,
|
|
char *cA,
|
|
char *cB
|
|
)
|
|
{
|
|
int iALen, iBLen, iProductLen;
|
|
int i,j,k, iCarry;
|
|
char cTmp[255]={0};
|
|
|
|
// Verify parameters
|
|
|
|
if ((cA == NULL) || (cB == NULL) || (cProduct == NULL))
|
|
{
|
|
printf("AscMultUint(%0X,%0X, %0X) ERROR - bad parameters\n",
|
|
(UINT) cA, (UINT) cB, (UINT) cProduct);
|
|
return(-1);
|
|
}
|
|
|
|
iALen = strlen(cA);
|
|
iBLen = strlen(cB);
|
|
|
|
// We will multiply the traditional longhand way: for each digit in
|
|
// cA, we will multiply it against cB and add the incremental result
|
|
// into our temporary product.
|
|
|
|
// for each digit of the first multiplicand
|
|
|
|
for (i=0; i < iALen; i++)
|
|
{
|
|
iCarry = 0;
|
|
|
|
// for each digit of the second multiplicand
|
|
|
|
for(j=0; j < iBLen; j++)
|
|
{
|
|
// calculate this digit's value
|
|
|
|
k = ((int) cA[iALen-i-1]-'0') * ((int) cB[iBLen-j-1]-'0');
|
|
k += iCarry;
|
|
|
|
// Add it in to the appropriate place in the result
|
|
|
|
if (cTmp[i+j] != '\0')
|
|
{
|
|
k += (int) cTmp[i+j] - '0';
|
|
}
|
|
cTmp[i+j] = '0' + (k % 10);
|
|
iCarry = k/10;
|
|
}
|
|
|
|
// Take care of the straggler carry. If the higher
|
|
// digits happen to be '9999' then this can require
|
|
// a loop.
|
|
|
|
while (iCarry)
|
|
{
|
|
if (cTmp[i+j] != '\0')
|
|
{
|
|
iCarry += cTmp[i+j] - '0';
|
|
}
|
|
cTmp[i+j] = '0' + iCarry%10;
|
|
iCarry /= 10;
|
|
j++;
|
|
}
|
|
}
|
|
|
|
// Now that we've got the entire number, reverse it and put it back in the dest.
|
|
|
|
// Skip leading 0's.
|
|
|
|
i = strlen(cTmp) - 1;
|
|
|
|
while ((i > 0)&&(cTmp[i] == '0'))
|
|
{
|
|
i--;
|
|
}
|
|
|
|
// Copy the product.
|
|
|
|
j = 0;
|
|
while (i >= 0)
|
|
{
|
|
cProduct[j++] = cTmp[i--];
|
|
}
|
|
|
|
cProduct[j] = '\0';
|
|
|
|
// We're done. Return 0 for success!
|
|
|
|
return(0);
|
|
}
|
|
|
|
|
|
|
|
/*******************************************************
|
|
*
|
|
* LongLongToString - Convert a low and high DWORD to a decimal string
|
|
* dwLow - Low order dword
|
|
* dwHigh - High order dword
|
|
* iPrintCommas - insert comma's if non-zero
|
|
*
|
|
* This routine will make a pretty string to match an input long-long,
|
|
* and return it. If iPrintCommas is set, it will put in commas.
|
|
*
|
|
*
|
|
* returns: pointer to newly allocated string with number in it.
|
|
* NOTE - the caller is responsible for freeing the memory allocated.
|
|
*
|
|
*******************************************************/
|
|
|
|
char *
|
|
LongLongToString(
|
|
DWORD dwHigh,
|
|
DWORD dwLow,
|
|
int iPrintCommas
|
|
)
|
|
{
|
|
char cFourGig[]="4294967296"; // "four gigabytes"
|
|
char cBuf[255]={0};
|
|
char cRes[255]={0}, cFullRes[255]={0}, *cRet;
|
|
int iPos, iPosRes, iThreeCount;
|
|
|
|
// First, multiply the high dword by decimal 2^32 to
|
|
// get the right decimal value for it.
|
|
|
|
sprintf(cBuf,"%u",dwHigh);
|
|
AscMultUint(cRes,cBuf,cFourGig);
|
|
|
|
// next, add in the low DWORD (fine as it is)
|
|
// to the previous product
|
|
|
|
sprintf(cBuf,"%u",dwLow);
|
|
AscAddUint(cFullRes, cRes, cBuf);
|
|
|
|
// Finally, copy the buffer with commas.
|
|
|
|
iPos = iPosRes = 0;
|
|
iThreeCount = strlen(cFullRes)%3;
|
|
while(cFullRes[iPosRes] != '\0')
|
|
{
|
|
cBuf[iPos++] = cFullRes[iPosRes++];
|
|
|
|
iThreeCount +=2; // Same as subtracting one for modulo math
|
|
|
|
if ((!(iThreeCount%3))&&(cFullRes[iPosRes] != '\0')&&(iPrintCommas))
|
|
{
|
|
cBuf[iPos++]=',';
|
|
}
|
|
}
|
|
|
|
cBuf[iPos] = '\0';
|
|
|
|
cRet = _strdup(cBuf);
|
|
|
|
return(cRet);
|
|
}
|
|
|