diff options
Diffstat (limited to 'ipsec-tools/src/setkey/scriptdump.pl')
-rw-r--r-- | ipsec-tools/src/setkey/scriptdump.pl | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/ipsec-tools/src/setkey/scriptdump.pl b/ipsec-tools/src/setkey/scriptdump.pl new file mode 100644 index 00000000..f5b9f254 --- /dev/null +++ b/ipsec-tools/src/setkey/scriptdump.pl @@ -0,0 +1,55 @@ +#! @LOCALPREFIX@/bin/perl + +if ($< != 0) { + print STDERR "must be root to invoke this\n"; + exit 1; +} + +$mode = 'add'; +while ($i = shift @ARGV) { + if ($i eq '-d') { + $mode = 'delete'; + } else { + print STDERR "usage: scriptdump [-d]\n"; + exit 1; + } +} + +open(IN, "setkey -D |") || die; +foreach $_ (<IN>) { + if (/^[^\t]/) { + ($src, $dst) = split(/\s+/, $_); + } elsif (/^\t(esp|ah) mode=(\S+) spi=(\d+).*reqid=(\d+)/) { + ($proto, $ipsecmode, $spi, $reqid) = ($1, $2, $3, $4); + } elsif (/^\tE: (\S+) (.*)/) { + $ealgo = $1; + $ekey = $2; + $ekey =~ s/\s//g; + $ekey =~ s/^/0x/g; + } elsif (/^\tA: (\S+) (.*)/) { + $aalgo = $1; + $akey = $2; + $akey =~ s/\s//g; + $akey =~ s/^/0x/g; + } elsif (/^\tseq=(0x\d+) replay=(\d+) flags=(0x\d+) state=/) { + print "$mode $src $dst $proto $spi"; + $replay = $2; + print " -u $reqid" if $reqid; + if ($mode eq 'add') { + print " -m $ipsecmode -r $replay" if $replay; + if ($proto eq 'esp') { + print " -E $ealgo $ekey" if $ealgo; + print " -A $aalgo $akey" if $aalgo; + } elsif ($proto eq 'ah') { + print " -A $aalgo $akey" if $aalgo; + } + } + print ";\n"; + + $src = $dst = $upper = $proxy = ''; + $ealgo = $ekey = $aalgo = $akey = ''; + } +} +close(IN); + +exit 0; |