Wednesday, April 20, 2011

usage of bless function in perl

There are many chances that you may get confused with Perl Object Programming

To make the point clear let us first look at references at Perl

@friends = ("Rachael","Phoebs");
%animals = ('donald' => 'duck','mickey' => 'mouse' );

To intiaize  references to a variable use:
In case of array:
$ref  = \@friends
In case of hashes
ref = \%animals;
In case of sub-routine:

Print ref ;   ---> to see refernce value

To access elements through references

print $$ref[0]  - it prints Rachael
print  $$ref{ 'mickey'}   - > it prints mouse

Having a basic idea of reference  will help you to use object oriented programming.

In perl ,object is a reference that belongs to a specific package.

method - used to associate a reference with a specific package is referred as "blessing"

constructor is merely a sub-routine that returns a reference to something blessed into a class.

To invoke the constructor in perl you can use:

$bob = Easterbunny::new();
$bob = new Easterbunny;
$bob=Easterbunny - > new();

bless function is used to change the datatype of the anonymous hash to $class.

An anonymous hash is used to hold the properties of the classs.

some key items to remember:
1)All objects are anonymous hashes which not strictly true,perhaps it should be.
2)bless function changes the data type of the anonymous hashes.
3)objects can belong to only one class at a time.
5)the -> operator is  used to call a method.

to demonstrate the bless function changes the datatype of the class:

$foo = {};
$fooref = \$ref;
print (" datatype of \$foo is " .ref($foo) . "\n");   ---> Hash here
bless ($foo,"Bar"); 
print ("datatype of \$foo is " ref($foo) ."\n");  ---->Bar here after blessing with the Bar class

output :

datatype of $foo is Hash
datatype of $foo is  Bar

setting IPsec in Linux

IPsec  - is a network level protocol for strong pervasive Security.It can provide privacy and block variety of threats.

First decide the remote host and local host between which IPsec has to be enabled.

There are two types of authentication headers in IPsec

1)Authentication Header
2)Encryption Header

For both types key has to be generated to enable IPsec

For AH you can use 64 bit key
For EH  you can use 96 bit key

You have to declare both SA(security association) and SP(Security Policy) to effectively establish a IPsec.

SA - to define the security needed to be associated between the IPs.

SP  - to define when the SA is to be used
TO define SA:

1)add localIP  remoteIP ah 15700 -A hmac-md5 "123456701234"

ah                            -to indicate it is defined for authentication header
15700                     - Security Index
-A                           - authentication
hmac-md5               - authentication algorithm
"123456701234"    -AH key

2)add localIP  remoteIP esp  12222 -E  desc-cbc   "23123234324324324234234"

esp            -to indicate it is defined for authentication header
12222       -Security Index
-E             -encryption
3dec-cbc  - encryption algoritm
"23123234324324324234234"   -  esp Key

you can also define both together

1& 2 together ) add localIP  remoteIP esp  12222  -E  desc-cbc   "23123234324324324234234" -A hmac-md5 "123456701234"

This combined format worked better for me compared to defining separately for both
ah and esp.

This also has to be done for the reverse direction like
add remoteIP localIP  ah 15700 -A hmac-md5 "123456701234" likewise for all the three formats.

To setup the SA you have to copy the add commands into a file like

>cat ff
add esp  12222  -E  desc-cbc   "23123234324324324234234" -A hmac-md5 "123456701234"
add esp  12222  -E  desc-cbc   "23123234324324324234234" -A hmac-md5 "123456701234"
and then run
>setkey -f ff
AND it has to return no errors.
If so ,you can confirm a IPsec security association has been setup.

To display the setup SA(Security  Association) setup  you can use the command

setkey -D
IF a SA is setup it will show the details
else it will display  "NO SAD entries"

To  setup SP(security policy):

you have to use somewhat the same strategy:

you have to add these commands into a file and call setkey -f filename command

you have to add:
spdadd localip remoteip any -P out ipsec

these information say for any packet moving out of the localip esp encrypted and ah authenticated header has to be used.

likewise you can define :

spdadd remoteip localip any -P in ipsec
esp/ transport/require

these information say for any packet moving into the remoteip  esp encrypted and ah authenticated header has to be used.

Simply put these spdadd commands into a file substuting your localip and remoteip information.
And run setkey -f  filename command

Your SPD will be established.

You can view your registered SPD by typing the command

setkey -DP

if it does't  show any of the the information
you might have committed some error.Double check with spdadd and add commands.

By this have you can easily setup a IPsec Connection between two IP's.