/usr/lib/ipsec/_unbound-hook is in libreswan 3.23-4.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 | #!/usr/bin/python
import sys
import base64
import commands
log = ""
status, myip = commands.getstatusoutput("ip -o route get 1.0.0.1")
myip = myip.split("src")[1].strip().split()[0]
argv = sys.argv
argc = len(sys.argv)
#log += "Number or arguments is %d\n"%argc
#if argc >= 4:
# log += "QNAME:%s\n"%argv[1]
# log += "TTL:%s\n"%argv[2]
# log += "IP:%s\n"%argv[3]
# log += "IPSECKEY:%s\n"%argv[4]
# rr = argv[4]
# pref, gwtype, algo, gw, pubkey = rr.split(" ")
#log += "-----------------------------\n"
cmdname = "/usr/lib/ipsec/whack --keyid @%s --addkey --pubkeyrsa 0s%s"%(argv[1], pubkey)
cmdip = "/usr/lib/ipsec/whack --keyid %s --addkey --pubkeyrsa 0s%s"%(argv[3], pubkey)
cmdoe = "/usr/lib/ipsec/whack --oppohere %s --oppothere %s"%(myip, argv[3])
ret, output = commands.getstatusoutput(cmdname)
ret, output = commands.getstatusoutput(cmdip)
ret, output = commands.getstatusoutput(cmdoe)
ret, output = commands.getstatusoutput("/usr/lib/ipsec whack --trafficstatus")
|