diff options
Diffstat (limited to 'src')
15 files changed, 1038 insertions, 72 deletions
diff --git a/src/libcharon/plugins/vici/README.md b/src/libcharon/plugins/vici/README.md index ae986186b..f5759870d 100644 --- a/src/libcharon/plugins/vici/README.md +++ b/src/libcharon/plugins/vici/README.md @@ -1078,3 +1078,43 @@ dictionaries. Objects returned by the library use OrderedDicts. For more details about the Python egg refer to the comments in the Python source code. + +# Vici::Session Perl CPAN module # + +The _Vici::Session Perl CPAN module_ is a pure Perl implementation of the VICI +protocol to implement client applications. It is provided in the _perl_ +subdirectory, and gets built and installed if strongSwan has been + _./configure_'d with_--enable-vici_ and _--enable-perl-cpan_. + +The _Vici::Session_ module provides a _new()_ constructor for a high level +interface, the underlying _Vici::Packet_ and _Vici::Transport_ classes are +usually not required to build Perl applications using VICI. The _Vici::Session_ +class provides methods for the supported VICI commands. The auxiliare + _Vici::Message_ class is used to encode configuration parameters sent to +the daemon and decode data returned by the daemon. + +## Connecting to the daemon ## + + use IO::Socket::UNIX; + use Vici::Session; + use Vici::Message; + + my $socket = IO::Socket::UNIX->new( + Type => SOCK_STREAM, + Peer => '/var/run/charon.vici', + ) or die "Vici socket: $!"; + + my $session = Vici::Session->new($socket); + +## A simple client request ## + +An example to print the daemon version information is as simple as: + + my $version = $session->version()->hash(); + + foreach my $key ('daemon', 'version', 'sysname', 'release', 'machine' ) { + print $version->{$key}, " "; + } + +The _Vici::Session_ methods are explained in the perl/Vici-Session/README.pod +document. diff --git a/src/libcharon/plugins/vici/perl/.gitignore b/src/libcharon/plugins/vici/perl/.gitignore new file mode 100644 index 000000000..02793d85a --- /dev/null +++ b/src/libcharon/plugins/vici/perl/.gitignore @@ -0,0 +1,5 @@ +Makefile.old +Vici-Session/MYMETA.json +Vici-Session/MYMETA.yml +Vici-Session/pm_to_blib +Vici-Session/blib/ diff --git a/src/libcharon/plugins/vici/perl/LICENSE b/src/libcharon/plugins/vici/perl/LICENSE deleted file mode 100644 index 2e25c83ce..000000000 --- a/src/libcharon/plugins/vici/perl/LICENSE +++ /dev/null @@ -1,19 +0,0 @@ -Copyright (c) 2015 Andreas Steffen - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in -all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -THE SOFTWARE. diff --git a/src/libcharon/plugins/vici/perl/MANIFEST.in b/src/libcharon/plugins/vici/perl/MANIFEST.in deleted file mode 100644 index 1aba38f67..000000000 --- a/src/libcharon/plugins/vici/perl/MANIFEST.in +++ /dev/null @@ -1 +0,0 @@ -include LICENSE diff --git a/src/libcharon/plugins/vici/perl/Makefile.am b/src/libcharon/plugins/vici/perl/Makefile.am index a160d9c9e..1c2d86e53 100644 --- a/src/libcharon/plugins/vici/perl/Makefile.am +++ b/src/libcharon/plugins/vici/perl/Makefile.am @@ -1,6 +1,27 @@ -EXTRA_DIST = LICENSE \ - Vici/Message.pm \ - Vici/Packet.pm \ - Vici/Session.pm \ - Vici/Transport.pm +EXTRA_DIST = \ + Vici-Session/Changes \ + Vici-Session/Makefile.PL \ + Vici-Session/MANIFEST \ + Vici-Session/README.pod \ + Vici-Session/t/Vici-Session.t \ + Vici-Session/lib/Vici/Message.pm \ + Vici-Session/lib/Vici/Packet.pm \ + Vici-Session/lib/Vici/Session.pm \ + Vici-Session/lib/Vici/Transport.pm + +all-local: Vici-Session/pm_to_blib + +Vici-Session/Makefile: $(srcdir)/Vici-Session/Makefile.PL + (cd $(srcdir)/Vici-Session; $(PERL) Makefile.PL) + +Vici-Session/pm_to_blib: $(EXTRA_DIST) $(srcdir)/Vici-Session/Makefile + (cd $(srcdir)/Vici-Session; make) + +clean-local: + (cd $(srcdir)/Vici-Session; make clean) + +if PERL_CPAN_INSTALL +install-exec-local: Vici-Session/pm_to_blib + (cd $(srcdir)/Vici-Session; make install) +endif diff --git a/src/libcharon/plugins/vici/perl/Vici-Session/Changes b/src/libcharon/plugins/vici/perl/Vici-Session/Changes new file mode 100644 index 000000000..0c30328fd --- /dev/null +++ b/src/libcharon/plugins/vici/perl/Vici-Session/Changes @@ -0,0 +1,6 @@ +Revision history for Perl extension Vici::Session. + +0.9 Tue Nov 17 11:45:21 2015 + - original version; created by h2xs 1.23 with options + -X -n Vici::Session + diff --git a/src/libcharon/plugins/vici/perl/Vici-Session/MANIFEST b/src/libcharon/plugins/vici/perl/Vici-Session/MANIFEST new file mode 100644 index 000000000..c19032a08 --- /dev/null +++ b/src/libcharon/plugins/vici/perl/Vici-Session/MANIFEST @@ -0,0 +1,9 @@ +Changes +Makefile.PL +MANIFEST +README.pod +t/Vici-Session.t +lib/Vici/Session.pm +lib/Vici/Message.pm +lib/Vici/Packet.pm +lib/Vici/Transport.pm diff --git a/src/libcharon/plugins/vici/perl/Vici-Session/Makefile.PL b/src/libcharon/plugins/vici/perl/Vici-Session/Makefile.PL new file mode 100644 index 000000000..65f494557 --- /dev/null +++ b/src/libcharon/plugins/vici/perl/Vici-Session/Makefile.PL @@ -0,0 +1,11 @@ +use ExtUtils::MakeMaker; +# See lib/ExtUtils/MakeMaker.pm for details of how to influence +# the contents of the Makefile that is written. +WriteMakefile( + NAME => 'Vici::Session', + VERSION_FROM => 'lib/Vici/Session.pm', # finds $VERSION + PREREQ_PM => {}, # e.g., Module::Name => 1.1 + ($] >= 5.005 ? ## Add these new keywords supported since 5.005 + (ABSTRACT_FROM => 'lib/Vici/Session.pm', # retrieve abstract from module + AUTHOR => 'Andreas Steffen <andreas.steffen@>strongswan.org') : ()), +); diff --git a/src/libcharon/plugins/vici/perl/Vici-Session/README.pod b/src/libcharon/plugins/vici/perl/Vici-Session/README.pod new file mode 100644 index 000000000..9bfd3ff0e --- /dev/null +++ b/src/libcharon/plugins/vici/perl/Vici-Session/README.pod @@ -0,0 +1,649 @@ + +=head1 NAME + +Vici::Session - Perl binding for the strongSwan VICI configuration interface + +=head1 DESCRIPTION + +The Vici::Session module allows a Perl script to communicate with the open +source strongSwan IPsec daemon (https://www.strongswan.org) via the documented +Versatile IKE Configuration Interface (VICI). VICI allows the configuration, +management and monitoring of multiple IPsec connections. + +=head1 INSTALLATION + +To install this module type the following: + + perl Makefile.PL + make + make install + +=head1 DEPENDENCIES + +This module requires the standard networking module: + + IO::Socket::UNIX + +=head1 METHODS + +The following examples show the use of the Vici::Session interface in a +a "net-net" connection between the VPN gateways "moon" and "sun". + +=cut + +use strict; +use warnings; +use IO::Socket::UNIX; +use Vici::Message; +use Vici::Session; + +my $moon_key = "-----BEGIN RSA PRIVATE KEY-----\n" . + "MIIEowIBAAKCAQEApHwF+sUXQdH+WwYzdPMzpjuwhGGvHgsmBah1IQsPsddL9gZy" . + "gerzpTM1vvQ4kbRuvE3SZWLf9uKEbiQV9IABr87L9JAva56EHIAiUMuG8WizVbIK" . + "IhQlZc8S2mIwAW0Jc6EmnoJv9j6F/tVD9+6xvMJbwHLi0h7BUO9tBVLPy72YeGNB" . + "Y6Cob4CrOuFOJyACezJ7i9vZ+XzOfnXpu7qL0DgYP/n2maPEJGEivTFunkJD/mJ8" . + "DecyLTQcchsCj2118BMuf2qjVn4UWPCBBuhyYK5wsATB1ANeAtlFfgH+wsuHjZwt" . + "TJru05lGHBZ3F2hZ9PO68hVHbIZZj6SB8X47nwIDAQABAoIBAAQDXqX6rxGVDQ6t" . + "fQ3qbSUuKaVhOMOT5A6ZSJpQycY+CYVsLNkMoXszX6lUDhlH/Letcme03OAKMM77" . + "JGn9wYzHj+RcrDuE95Y2bh/oh1dWhaGeoW6pbSwpvD0FzkQKpANlOCr/5bltVxmb" . + "nHftI/sGBvUQGIal53ORE+jgV1+SK6I0oAIWiCpU2oZpYMAtp7WxOngsAJaGtk//" . + "m2ckH+T8uVHwe9gJ9HZnEk+Io6BXScMNNrsbd2J+pQ75wQXfzHEzHAj+ElhWzhtc" . + "5XefqHw/DfpPDX/lby3VoSoagqzsVuUx7LylgzIDxTsb9HQVOLjDzOQ+vn22Xj7g" . + "UCEjwLkCgYEA2EZguuzJdxRIWBSnIyzpCzfqm0EgybpeLuJVfzWla0yKWI6AeLhW" . + "cr+7o9UE8nCQHVffIrgjWksjc/S5FhzC9TYSHpPa8TPgebTQK4VxnP9Qkh/XRpJj" . + "CqgJ8k2MYleHYxa+AKQv/25yNhLdowkNR0iU1kbiaYRJMP0WigAmdAUCgYEAwrJe" . + "Y3LAawOkalJFMFTtLXsqZE91TFwMt9TQnzysGH3Q6+9N+qypS5KCes650+qgrwBV" . + "RmRNc1ixylToP3B0BKY5OD/BwMx1L/zSO3x7I4ZDasCu33y2ukGLcVSxrxTPTGdd" . + "8fhEiVO1CDXcM08/kSeQa049J8ziY3M+4NDchlMCgYEAw2VCO1923Tjb64gtQOBw" . + "ZAxOz5nVz6urL9yYted33is2yq9kbqzMnbuQAYKRh6Ae9APRuwJ2HjvIehjdp5aw" . + "pO4HDM00f7sI0ayEbu2PKfKZjotp6X6UMKqE4f8iGC9QSDvhyZ6NJs9YLHZ6+7NP" . + "5dkzbyx3njFAFxxxYpikJSkCgYByShB8YlUvvKCcRRUWbRQZWa6l2brqizJwCz43" . + "636+lcS5au2klAyBL0zm2Elfa+DNOe3U93Y7mrorIrJ+4v1H6We3bD3JdnvoIooq" . + "n0UNsngKx3cf++6r4WQAsA3pz9ZsbFVKgEmDL58aZbuQZxnSlJ4DT5c4sN3IMVOc" . + "1x5MvwKBgHudAaLvioIopBpYzOsK2OtEn6NQ7SwH0BLEUulHysaHqan5oExmM1bm" . + "YeivMDc9hj0YLXA47ryQHTx4vB5Nv3TI/LoUG6VrCvZvocQOXe/n7TguwAjJj7ef" . + "E55Gy8lXDRENyJMP1vif3N2iH8eQ1ASf8k/+gnBNkjSlYSSQUDfV\n" . + "-----END RSA PRIVATE KEY-----\n"; + +my $moon_cert = "-----BEGIN CERTIFICATE-----\n" . + "MIIEIjCCAwqgAwIBAgIBKzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ" . + "MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS" . + "b290IENBMB4XDTE0MDgyNzE0NDQ1NloXDTE5MDgyNjE0NDQ1NlowRjELMAkGA1UE" . + "BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHDAaBgNVBAMTE21vb24u" . + "c3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCk" . + "fAX6xRdB0f5bBjN08zOmO7CEYa8eCyYFqHUhCw+x10v2BnKB6vOlMzW+9DiRtG68" . + "TdJlYt/24oRuJBX0gAGvzsv0kC9rnoQcgCJQy4bxaLNVsgoiFCVlzxLaYjABbQlz" . + "oSaegm/2PoX+1UP37rG8wlvAcuLSHsFQ720FUs/LvZh4Y0FjoKhvgKs64U4nIAJ7" . + "MnuL29n5fM5+dem7uovQOBg/+faZo8QkYSK9MW6eQkP+YnwN5zItNBxyGwKPbXXw" . + "Ey5/aqNWfhRY8IEG6HJgrnCwBMHUA14C2UV+Af7Cy4eNnC1Mmu7TmUYcFncXaFn0" . + "87ryFUdshlmPpIHxfjufAgMBAAGjggEaMIIBFjAJBgNVHRMEAjAAMAsGA1UdDwQE" . + "AwIDqDAdBgNVHQ4EFgQU2CY9Iex8275aOQxbcMsDgCHerhMwbQYDVR0jBGYwZIAU" . + "XafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkwFwYDVQQK" . + "ExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJvb3QgQ0GC" . + "AQAwHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzATBgNVHSUEDDAKBggr" . + "BgEFBQcDATA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u" . + "b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCpnj6Nc+PuPLPi" . + "4E3g5hyJkr5VZy7SSglcs1uyVP2mfwj6JR9SLd5+JOsL1aCTm0y9qLcqdbHBxG8i" . + "LNLtwVKU3s1hV4EIO3saHe4XUEjxN9bDtLWEoeq5ipmYX8RJ/fXKR8/8vurBARP2" . + "xu1+wqwEhymp4jBmF0LVovT1+o+GhH66zIJnx3zR9BtfMkaeL6804hrx2ygeopeo" . + "buGvMDQ8HcnMB9OU7Y8fK0oY1kULl6hf36K5ApPA6766sRRKRvBSKlmViKSQTq5a" . + "4c8gCWAZbtdT+N/fa8hKDlZt5q10EgjTqDfGTj50xKvAneq7XdfKmYYGnIWoNLY9" . + "ga8NOzX8\n" . + "-----END CERTIFICATE-----\n"; + +my $ca_cert = "-----BEGIN CERTIFICATE-----\n" . + "MIIDuDCCAqCgAwIBAgIBADANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ" . + "MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS" . + "b290IENBMB4XDTA0MDkxMDEwMDExOFoXDTE5MDkwNzEwMDExOFowRTELMAkGA1UE" . + "BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9u" . + "Z1N3YW4gUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL/y" . + "X2LqPVZuWLPIeknK86xhz6ljd3NNhC2z+P1uoCP3sBMuZiZQEjFzhnKcbXxCeo2f" . + "FnvhOOjrrisSuVkzuu82oxXD3fIkzuS7m9V4E10EZzgmKWIf+WuNRfbgAuUINmLc" . + "4YGAXBQLPyzpP4Ou48hhz/YQo58Bics6PHy5v34qCVROIXDvqhj91P8g+pS+F21/" . + "7P+CH2jRcVIEHZtG8M/PweTPQ95dPzpYd2Ov6SZ/U7EWmbMmT8VcUYn1aChxFmy5" . + "gweVBWlkH6MP+1DeE0/tL5c87xo5KCeGK8Tdqpe7sBRC4pPEEHDQciTUvkeuJ1Pr" . + "K+1LwdqRxo7HgMRiDw8CAwEAAaOBsjCBrzASBgNVHRMBAf8ECDAGAQH/AgEBMAsG" . + "A1UdDwQEAwIBBjAdBgNVHQ4EFgQUXafdcAZRMn7ntm2zteXgYOouTe8wbQYDVR0j" . + "BGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkw" . + "FwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJv" . + "b3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACOSmqEBtBLR9aV3UyCI8gmzR5in" . + "Lte9aUXXS+qis6F2h2Stf4sN+Nl6Gj7REC6SpfEH4wWdwiUL5J0CJhyoOjQuDl3n" . + "1Dw3dE4/zqMZdyDKEYTU75TmvusNJBdGsLkrf7EATAjoi/nrTOYPPhSUZvPp/D+Y" . + "vORJ9Ej51GXlK1nwEB5iA8+tDYniNQn6BD1MEgIejzK+fbiy7braZB1kqhoEr2Si" . + "7luBSnU912sw494E88a2EWbmMvg2TVHPNzCpVkpNk7kifCiwmw9VldkqYy9y/lCa" . + "Epyp7lTfKw7cbD04Vk8QJW782L6Csuxkl346b17wmOqn8AZips3tFsuAY3w=\n" . + "-----END CERTIFICATE-----\n" ; + +=pod + +The VICI interface requires a UNIX socket in order to communicate with the +strongSwan charon daemon: + + use IO::Socket::UNIX; + + my $socket = IO::Socket::UNIX->new( + Type => SOCK_STREAM, + Peer => '/var/run/charon.vici', + ) or die "Vici socket: $!"; + +=cut + +my $socket = IO::Socket::UNIX->new( + Type => SOCK_STREAM, + Peer => '/var/run/charon.vici', +) or die "Vici socket: $!"; + +=over + +=item new() + +creates a new Vici::Session object. + + use Vici::Session; + use Vici::Message; + + my $session = Vici::Session->new($socket); + +=cut + +my $session = Vici::Session->new($socket); + +=item version() + +returns daemon and system specific version information. + + my $version = $session->version(); + +=cut + +print "----- version -----\n"; +my $version = $session->version(); +print $version->raw(), "\n"; + +=item load_cert() + +loads a certificate into the daemon. + + my %vars = ( type => 'X509CA', data => $ca_cert ); + my ($res, $errmsg) = $session->load_cert(Vici::Message->new(\%vars)); + +=cut + +print "----- load-cert -----\n"; +my %vars = ( type => 'X509CA', data => $ca_cert ); +my ($res, $errmsg) = $session->load_cert(Vici::Message->new(\%vars)); +print $res ? "ok\n" : "failed: $errmsg\n"; + +=item load_key() + +loads a private key into the daemon. + + my %vars = ( type => 'RSA', data => $moon_key ); + my ($res, $errmsg) = $session->load_key(Vici::Message->new(\%vars)); + +=cut + +print "----- load-key -----\n"; +%vars = ( type => 'RSA', data => $moon_key ); +($res, $errmsg) = $session->load_key(Vici::Message->new(\%vars)); +print $res ? "ok\n" : "failed: $errmsg\n"; + +=item load_shared() + +loads a shared IKE PSK, EAP or XAuth secret into the daemon. + + my @owners = ( 'carol' ); + my %vars = ( type => 'EAP', data => 'Ar3etTnp', owners => \@owners ); + my ($res, $errmsg) = $session->load_shared(Vici::Message->new(\%vars)); + +=cut + +print "----- load-shared -----\n"; +my @owners = ( 'carol' ); +%vars = ( type => 'EAP', data => 'Ar3etTnp', owners => \@owners ); +($res, $errmsg) = $session->load_shared(Vici::Message->new(\%vars)); +print $res ? "ok\n" : "failed: $errmsg\n"; + +=item load_authority() + +loads a single certification authority definition into the daemon. An existing +authority with the same name gets replaced. + + my @crl_uris = ( 'http://crl.strongswan.org/strongswan.crl' ); + my @ocsp_uris = ( 'http://ocsp.strongswan.org:8880' ); + + my %auth = ( + cacert => $ca_cert, + crl_uris => \@crl_uris, + ocsp_uris => \@ocsp_uris + ); + + my %vars = ( strongswan => \%auth ); + my ($res, $errmsg) = $session->load_authority(Vici::Message->new(\%vars)); + +=cut + +print "----- load-authority -----\n"; +my @crl_uris = ( 'http://crl.strongswan.org/strongswan.crl' ); +my @ocsp_uris = ( 'http://ocsp.strongswan.org:8880' ); +my %auth = ( + cacert => $ca_cert, + crl_uris => \@crl_uris, + ocsp_uris => \@ocsp_uris +); +%vars = ( strongswan => \%auth ); +($res, $errmsg) = $session->load_authority(Vici::Message->new(\%vars)); +print $res ? "ok\n" : "failed: $errmsg\n"; + +=item load_conn() + +loads a single connection definition into the daemon. An existing connection +with the same name gets updated or replaced. + + my @l_ts = ( '10.1.0.0/16' ); + my @r_ts = ( '10.2.0.0/16' ); + my @esp = ( 'aes128gcm128-modp2048' ); + + my %child = ( + local_ts => \@l_ts, + remote_ts => \@r_ts, + esp_proposals => \@esp, + ); + my %children = ( 'net-net' => \%child ); + + my @l_addrs = ( '192.168.0.1' ); + my @r_addrs = ( '192.168.0.2' ); + my @l_certs = ( $moon_cert ); + my %l = ( auth => 'pubkey', id => 'moon.strongswan.org', + certs => \@l_certs ); + my %r = ( auth => 'pubkey', id => 'sun.strongswan.org'); + my @ike = ( 'aes128-sha256-modp2048' ); + + my %gw = ( + version => 2, + mobike => 'no', + proposals => \@ike, + local_addrs => \@l_addrs, + remote_addrs => \@r_addrs, + local => \%l, + remote => \%r, + children => \%children, + ); + + my %vars = ( 'gw-gw' => \%gw); + my ($res, $errmsg) = $session->load_conn(Vici::Message->new(\%vars)); + +=cut + +print "----- load-conn -----\n"; +my @l_ts = ( '10.1.0.0/16' ); +my @r_ts = ( '10.2.0.0/16' ); +my @esp = ( 'aes128gcm128-modp2048' ); +my %child = ( + local_ts => \@l_ts, + remote_ts => \@r_ts, + esp_proposals => \@esp, +); +my %children = ( 'net-net' => \%child ); +my @l_addrs = ( '192.168.0.1' ); +my @r_addrs = ( '192.168.0.2' ); +my @l_certs = ( $moon_cert ); +my %l = ( auth => 'pubkey', id => 'moon.strongswan.org', certs => \@l_certs ); +my %r = ( auth => 'pubkey', id => 'sun.strongswan.org'); +my @ike = ( 'aes128-sha256-modp2048' ); +my %gw = ( + version => 2, + mobike => 'no', + proposals => \@ike, + local_addrs => \@l_addrs, + remote_addrs => \@r_addrs, + local => \%l, + remote => \%r, + children => \%children, +); +%vars = ( 'gw-gw' => \%gw); +($res, $errmsg) = $session->load_conn(Vici::Message->new(\%vars)); +print $res ? "ok\n" : "failed: $errmsg\n"; + +=item get_algorithms() + +lists all currently loaded algorithms and their implementation. + + my $algs = $session->get_algorithms(); + +=cut + +print "----- get-algorithms -----\n"; +my $algs = $session->get_algorithms(); +print $algs->raw(), "\n"; + +=item get_conns() + +returns a list of connection names loaded exclusively over VICI, not including +connections found in other backends. + + my $conns = $session->get_conns(); + +=cut + +print "----- get-conns -----\n"; +my $conns = $session->get_conns(); +print $conns->raw(), "\n"; + +=item list_conns() + +lists currently loaded connections by streaming list-conn events. This +call includes all connections known by the daemon, not only those loaded +over VICI. + + my $conns = $session->list_conns(); + + foreach my $conn (@$conns) + { + print $conn->raw(), "\n"; + } + +=cut + +print "----- list-conns -----\n"; +$conns = $session->list_conns(); +foreach my $conn (@$conns) +{ + print $conn->raw(), "\n"; +} + +=item initiate() + +initiates a CHILD_SA. + + my %vars = ( child => 'net-net' ); + my($res, $errmsg) = $session->initiate(Vici::Message->new(\%vars)); + +=cut + +print "----- initiate -----\n"; +%vars = ( child => 'net-net' ); +($res, $errmsg) = $session->initiate(Vici::Message->new(\%vars)); +print $res ? "ok\n" : "failed: $errmsg\n"; + +=item list_sas() + +lists currently active IKE_SAs and associated CHILD_SAs by streaming list-sa +events. + + my $sas = $session->list_sas(); + + foreach my $sa (@$sas) + { + print $sa->raw(), "\n"; + } + +=cut + +print "----- list-sas -----\n"; +my $sas = $session->list_sas(); +foreach my $sa (@$sas) +{ + print $sa->raw(), "\n"; +} + +=item get_authorities() + +returns a list of currently loaded certification authority names. + + my $auths = $session->get_authorities(); + +=cut + +print "----- get-authorities -----\n"; +my $auths = $session->get_authorities(); +print $auths->raw(), "\n"; + +=item list-authorities() + +lists currently loaded certification authority information by streaming +list-authority events. + + my $auths = $session->list_authorities(); + + foreach my $auth (@$auths) + { + print $auth->raw(), "\n"; + } + +=cut + +print "----- list-authorities -----\n"; +$auths = $session->list_authorities(); +foreach my $auth (@$auths) +{ + print $auth->raw(), "\n"; +} + +=item list_certs() + +lists currently loaded certificates by streaming list-cert events. This +call includes all certificates known by the daemon, not only those loaded +over VICI. + + my %vars = ( subject => 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' ); + my $certs = $session->list_certs(Vici::Message->new(\%vars)); + +=cut + +print "----- list-certs -----\n"; +%vars = ( subject => 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' ); +my $certs = $session->list_certs(Vici::Message->new(\%vars)); +foreach my $cert (@$certs) +{ + my $hash = $cert->hash(); + print $hash->{'type'}, ": ", length($hash->{'data'}), ' bytes', + $hash->{'has_privkey'} ? ', has private key' : '', "\n"; +} + +=item stats() + +returns IKE daemon statistics and load information. + + my $stats = $session->stats(); + +=cut + +print "----- stats -----\n"; +my $stats = $session->stats(); +print $stats->raw(), "\n"; + +=item terminate() + +terminates an IKE_SA or CHILD_SA. + + my %vars = ( ike => 'gw-gw' ); + my ($res, $errmsg) = $session->terminate(Vici::Message->new(\%vars)); + +=cut + +print "----- terminate -----\n"; +%vars = ( ike => 'gw-gw' ); +($res, $errmsg) = $session->terminate(Vici::Message->new(\%vars)); +print $res ? "ok\n" : "failed: $errmsg\n"; + +=item install() + +installs a trap, drop or bypass policy defined by a CHILD_SA config. + + my %vars = ( child => 'net-net' ); + my ($res, $errmsg) = $session->install(Vici::Message->new(\%vars)); + +=cut + +print "----- install -----\n"; +%vars = ( child => 'net-net' ); +($res, $errmsg) = $session->install(Vici::Message->new(\%vars)); +print $res ? "ok\n" : "failed: $errmsg\n"; + +=item list_policies() + +lists currently installed trap, drop and bypass policies by streaming +list-policy events. + + my %vars = ( trap => 'yes' ); + my $pols = $session->list_policies(Vici::Message->new(\%vars)); + + foreach my $pol (@$pols) + { + print $pol->raw(), "\n"; + } + +=cut + +print "----- list-policies -----\n"; +%vars = ( trap => 'yes' ); +my $pols = $session->list_policies(Vici::Message->new(\%vars)); +foreach my $pol (@$pols) +{ + print $pol->raw(), "\n"; +} + +=item uninstall() + +uninstalls a trap, drop or bypass policy defined by a CHILD_SA config. + + my %vars = ( child => 'net-net' ); + my ($res, $errmsg) = $session->uninstall(Vici::Message->new(\%vars)); + +=cut + +print "----- uninstall -----\n"; +%vars = ( child => 'net-net' ); +($res, $errmsg) = $session->uninstall(Vici::Message->new(\%vars)); +print $res ? "ok\n" : "failed: $errmsg\n"; + +=item reload_settings() + +reloads strongswan.conf settings and all plugins supporting configuration +reload. + + my ($res, $errmsg) = $session->reload_settings(); + print $res ? "ok\n" : "failed: $errmsg\n"; + +=cut + +print "----- reload-settings -----\n"; +($res, $errmsg) = $session->reload_settings(); +print $res ? "ok\n" : "failed: $errmsg\n"; + +=item unload_conn() + +unloads a previously loaded connection definition by name. + + my %vars = ( name => 'gw-gw' ); + my ($res, $errmsg) = $session->unload_conn(Vici::Message->new(\%vars)); + +=cut + +print "----- unload-conn -----\n"; +%vars = ( name => 'gw-gw' ); +($res, $errmsg) = $session->unload_conn(Vici::Message->new(\%vars)); +print $res ? "ok\n" : "failed: $errmsg\n"; + +=item unload_authority() + +unloads a previously loaded certification authority definition by name. + + my %vars = ( name => 'strongswan' ); + my ($res, $errmsg) = $session->unload_authority(Vici::Message->new(\%vars)); + +=cut + +print "----- unload-authority -----\n"; +%vars = ( name => 'strongswan' ); +($res, $errmsg) = $session->unload_authority(Vici::Message->new(\%vars)); +print $res ? "ok\n" : "failed: $errmsg\n"; + +=item clear_creds() + +clears all loaded certificate, private key and shared key credentials. This +affects only credentials loaded over vici, but additionally flushes the +credential cache. + + my ($res, $errmsg) = $session->clear_creds(); + +=cut + +print "----- clear-creds -----\n"; +($res, $errmsg) = $session->clear_creds(); +print $res ? "ok\n" : "failed: $errmsg\n"; + +=item load_pool() + +loads an in-memory virtual IP and configuration attribute pool. Existing +pools with the same name get updated, if possible. + + my %pool = ( addrs => '10.3.0.0/23' ); + my %vars = ( my_pool => \%pool ); + my ($res, $errmsg) = $session->load_pool(Vici::Message->new(\%vars)); + +=cut + +print "----- load-pool -----\n"; +my %pool = ( addrs => '10.3.0.0/23' ); +%vars = ( my_pool => \%pool ); +($res, $errmsg) = $session->load_pool(Vici::Message->new(\%vars)); +print $res ? "ok\n" : "failed: $errmsg\n"; + +=item get_pools() + +lists the currently loaded pools. + + my $pools = $session->get_pools(); + +=cut + +print "----- get-pools -----\n"; +my $pools = $session->get_pools(); +print $pools->raw(), "\n"; + +=item unload_pool() + +unloads a previously loaded virtual IP and configuration attribute pool. +Unloading fails for pools with leases currently online. + + my %vars = ( name => 'my_pool' ); + my ($res, $errmsg) = $session->unload_pool(Vici::Message->new(\%vars)); + +=cut + +print "----- unload-pool -----\n"; +%vars = ( name => 'my_pool' ); +($res, $errmsg) = $session->unload_pool(Vici::Message->new(\%vars)); +print $res ? "ok\n" : "failed: $errmsg\n"; + +=back + +=cut + +# close vici socket +close($socket); + +=head1 COPYRIGHT AND LICENCE + +Copyright (c) 2015 Andreas Steffen + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. + diff --git a/src/libcharon/plugins/vici/perl/Vici/Message.pm b/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Message.pm index 81cbbaa17..7a6385288 100644 --- a/src/libcharon/plugins/vici/perl/Vici/Message.pm +++ b/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Message.pm @@ -1,12 +1,16 @@ package Vici::Message; require Exporter; +use AutoLoader qw(AUTOLOAD); our @ISA = qw(Exporter); -our @EXPORT = qw(new, from_data, hash, encode, raw); -our @VERSION = 0.9; +our @EXPORT = qw( + new, from_data, hash, encode, raw +); +our $VERSION = '0.9'; use strict; +use warnings; use Switch; use Vici::Transport; @@ -210,5 +214,58 @@ sub raw_hash { } 1; +__END__ +=head1 NAME +Vici::Message - Perl extension for building and parsing strongSwan VICI messages + +=head1 SYNOPSIS + + use Vici::Message; + +=head1 DESCRIPTION + +The Vici::Message module is needed by the Vici::Session module to build and +parse messages used in the communication with the open source strongSwan IPsec +daemon (https://www.strongswan.com) via the documented Versatile IKE +Configuration Interface (VICI). VICI allows the configuration, management and +monitoring of multiple IPsec connections. + +=head2 EXPORT + +None by default. + +=head1 SEE ALSO + +strongSwan Wiki: https://wiki.strongswan.org/projects/strongswan/wiki/Vici + +strongSwan Mailing list: users@lists.strongswan.org + +=head1 AUTHOR + +Andreas Steffen, E<lt>andreas.steffen@strongswan.orgE<gt> + +=head1 COPYRIGHT AND LICENSE + +Copyright (C) 2015 by Andreas Steffen + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. + +=cut diff --git a/src/libcharon/plugins/vici/perl/Vici/Packet.pm b/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Packet.pm index 4f731ecd9..bcd172593 100644 --- a/src/libcharon/plugins/vici/perl/Vici/Packet.pm +++ b/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Packet.pm @@ -1,12 +1,16 @@ package Vici::Packet; require Exporter; +use AutoLoader qw(AUTOLOAD); our @ISA = qw(Exporter); -our @EXPORT = qw(new, request, register, unregister, streamed_request); -our @VERSION = 0.9; +our @EXPORT = qw( + new, request, register, unregister, streamed_request +); +our $VERSION = '0.9'; use strict; +use warnings; use Switch; use Vici::Transport; @@ -146,5 +150,57 @@ sub streamed_request { } 1; +__END__ +=head1 NAME +Vici::Packet - Perl extension for sending and receiving strongSwan VICI packets +=head1 SYNOPSIS + + use Vici::Packet; + +=head1 DESCRIPTION + +The Vici::Packet module is needed by the Vici::Session module to send and +receive packets used in the communication with the open source strongSwan IPsec +daemon (https://www.strongswan.com) via the documented Versatile IKE +Configuration Interface (VICI). VICI allows the configuration, management and +monitoring of multiple IPsec connections. + +=head2 EXPORT + +None by default. + +=head1 SEE ALSO + +strongSwan Wiki: https://wiki.strongswan.org/projects/strongswan/wiki/Vici + +strongSwan Mailing list: users@lists.strongswan.org + +=head1 AUTHOR + +Andreas Steffen, E<lt>andreas.steffen@strongswan.orgE<gt> + +=head1 COPYRIGHT AND LICENSE + +Copyright (C) 2015 by Andreas Steffen + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. + +=cut diff --git a/src/libcharon/plugins/vici/perl/Vici/Session.pm b/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Session.pm index c05a1a819..9b7070c12 100644 --- a/src/libcharon/plugins/vici/perl/Vici/Session.pm +++ b/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Session.pm @@ -1,14 +1,18 @@ package Vici::Session; require Exporter; +use AutoLoader qw(AUTOLOAD); our @ISA = qw(Exporter); -our @EXPORT = qw(new, version, stats, reload_settings, initiate, list_sas, - list_policies, list_conns, get_conns, list_certs, - list_authorities, get_authorities, get_pools); -our @VERSION = 0.9; +our @EXPORT = qw( + new, version, stats, reload_settings, initiate, list_sas, list_policies, + list_conns, get_conns, list_certs, list_authorities, get_authorities, + get_pools +); +our $VERSION = '0.9'; use strict; +use warnings; use Vici::Packet; use Vici::Message; @@ -124,3 +128,56 @@ sub get_pools { } 1; +__END__ +=head1 NAME + +Vici::Session - Perl binding for the strongSwan VICI configuration interface + +=head1 SYNOPSIS + + use Vici::Session; + +=head1 DESCRIPTION + +The Vici::Session module allows a Perl script to communicate with the open +source strongSwan IPsec daemon (https://www.strongswan.com) via the documented +Versatile IKE Configuration Interface (VICI). VICI allows the configuration, +management and monitoring of multiple IPsec connections. + +=head2 EXPORT + +None by default. + +=head1 SEE ALSO + +strongSwan Wiki: https://wiki.strongswan.org/projects/strongswan/wiki/Vici + +strongSwan Mailing list: users@lists.strongswan.org + +=head1 AUTHOR + +Andreas Steffen, E<lt>andreas.steffen@strongswan.orgE<gt> + +=head1 COPYRIGHT AND LICENSE + +Copyright (C) 2015 by Andreas Steffen + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. + +=cut diff --git a/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Transport.pm b/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Transport.pm new file mode 100644 index 000000000..88a09fb0c --- /dev/null +++ b/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Transport.pm @@ -0,0 +1,96 @@ +package Vici::Transport; + +require Exporter; +use AutoLoader qw(AUTOLOAD); + +our @ISA = qw(Exporter); +our @EXPORT = qw( + new, send, receive +); +our $VERSION = '0.9'; + +use strict; +use warnings; + +sub new { + my $class = shift; + my $self = { + Socket => shift, + }; + bless($self, $class); + return $self; +} + +sub send { + my ($self, $data) = @_; + my $packet = pack('N/a*', $data); + $self->{'Socket'}->send($packet); +} + +sub receive { + my $self = shift; + my $packet_header; + my $data; + + $self->{'Socket'}->recv($packet_header, 4); + my $packet_len = unpack('N', $packet_header); + $self->{'Socket'}->recv($data, $packet_len); + return $data; +} + +1; +__END__ +=head1 NAME + +Vici::Transport - Perl extension for communicating via a strongSwan VICI socket + +=head1 SYNOPSIS + + use Vici::Transport; + +=head1 DESCRIPTION + +The Vici::Transport module is needed by the Vici::Packet module to send +and receive packets over the UNIX socket used in the communication with the +open source strongSwan IPsec daemon (https://www.strongswan.com) via the +documented Versatile IKE Configuration Interface (VICI). VICI allows the +onfiguration, management and monitoring of multiple IPsec connections. + +=head2 EXPORT + +None by default. + +=head1 SEE ALSO + +strongSwan Wiki: https://wiki.strongswan.org/projects/strongswan/wiki/Vici + +strongSwan Mailing list: users@lists.strongswan.org + +=head1 AUTHOR + +Andreas Steffen, E<lt>andreas.steffen@strongswan.orgE<gt> + +=head1 COPYRIGHT AND LICENSE + +Copyright (C) 2015 by Andreas Steffen + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. + +=cut + diff --git a/src/libcharon/plugins/vici/perl/Vici-Session/t/Vici-Session.t b/src/libcharon/plugins/vici/perl/Vici-Session/t/Vici-Session.t new file mode 100644 index 000000000..4c321f3e1 --- /dev/null +++ b/src/libcharon/plugins/vici/perl/Vici-Session/t/Vici-Session.t @@ -0,0 +1,18 @@ +# Before 'make install' is performed this script should be runnable with +# 'make test'. After 'make install' it should work as 'perl Vici-Session.t' + +######################### + +# change 'tests => 1' to 'tests => last_test_to_print'; + +use strict; +use warnings; + +use Test::More tests => 1; +BEGIN { use_ok('Vici::Session') }; + +######################### + +# Insert your test code below, the Test::More module is use()ed here so read +# its man page ( perldoc Test::More ) for help writing this test script. + diff --git a/src/libcharon/plugins/vici/perl/Vici/Transport.pm b/src/libcharon/plugins/vici/perl/Vici/Transport.pm deleted file mode 100644 index 444446790..000000000 --- a/src/libcharon/plugins/vici/perl/Vici/Transport.pm +++ /dev/null @@ -1,39 +0,0 @@ -package Vici::Transport; - -require Exporter; - -our @ISA = qw(Exporter); -our @EXPORT = qw(new, send, receive); -our @VERSION = 0.9; - -use strict; - -sub new { - my $class = shift; - my $self = { - Socket => shift, - }; - bless($self, $class); - return $self; -} - -sub send { - my ($self, $data) = @_; - my $packet = pack('N/a*', $data); - $self->{'Socket'}->send($packet); -} - -sub receive { - my $self = shift; - my $packet_header; - my $data; - - $self->{'Socket'}->recv($packet_header, 4); - my $packet_len = unpack('N', $packet_header); - $self->{'Socket'}->recv($data, $packet_len); - return $data; -} - -1; - - |