1999-07-02 21:41:23 +04:00
|
|
|
#! @LOCALPREFIX@/bin/perl
|
1999-07-06 17:13:03 +04:00
|
|
|
#
|
2000-07-19 03:32:19 +04:00
|
|
|
# $NetBSD: scriptdump.pl,v 1.2 2000/07/18 23:32:19 itojun Exp $
|
1999-07-06 17:13:03 +04:00
|
|
|
#
|
1999-07-02 21:41:23 +04:00
|
|
|
|
|
|
|
if ($< != 0) {
|
|
|
|
print STDERR "must be root to invoke this\n";
|
|
|
|
exit 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
$mode = 'add';
|
|
|
|
while ($i = shift @ARGV) {
|
|
|
|
if ($i eq '-d') {
|
|
|
|
$mode = 'delete';
|
|
|
|
} else {
|
|
|
|
print STDERR "usage: scriptdump [-d]\n";
|
|
|
|
exit 1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
open(IN, "setkey -D |") || die;
|
|
|
|
foreach $_ (<IN>) {
|
|
|
|
if (/^[^\t]/) {
|
2000-01-31 17:22:41 +03:00
|
|
|
($src, $dst) = split(/\s+/, $_);
|
|
|
|
} elsif (/^\t(esp|ah) mode=(\S+) spi=(\d+).*reqid=(\d+)/) {
|
|
|
|
($proto, $ipsecmode, $spi, $reqid) = ($1, $2, $3, $4);
|
1999-07-02 21:41:23 +04:00
|
|
|
} elsif (/^\tE: (\S+) (.*)/) {
|
|
|
|
$ealgo = $1;
|
|
|
|
$ekey = $2;
|
|
|
|
$ekey =~ s/\s//g;
|
|
|
|
$ekey =~ s/^/0x/g;
|
|
|
|
} elsif (/^\tA: (\S+) (.*)/) {
|
|
|
|
$aalgo = $1;
|
|
|
|
$akey = $2;
|
|
|
|
$akey =~ s/\s//g;
|
|
|
|
$akey =~ s/^/0x/g;
|
2000-01-31 17:22:41 +03:00
|
|
|
} elsif (/^\treplay=(\d+) flags=(0x\d+) state=/) {
|
2000-07-19 03:32:19 +04:00
|
|
|
print "$mode $src $dst $proto $spi";
|
2000-01-31 17:22:41 +03:00
|
|
|
$replay = $1;
|
|
|
|
print " -u $reqid" if $reqid;
|
1999-07-02 21:41:23 +04:00
|
|
|
if ($mode eq 'add') {
|
2000-07-19 03:32:19 +04:00
|
|
|
print " -m $ipsecmode -r $replay" if $replay;
|
1999-07-02 21:41:23 +04:00
|
|
|
if ($proto eq 'esp') {
|
|
|
|
print " -E $ealgo $ekey" if $ealgo;
|
|
|
|
print " -A $aalgo $akey" if $aalgo;
|
|
|
|
} elsif ($proto eq 'ah') {
|
|
|
|
print " -A $aalgo $akey" if $aalgo;
|
|
|
|
}
|
2000-01-31 17:22:41 +03:00
|
|
|
}
|
1999-07-02 21:41:23 +04:00
|
|
|
print ";\n";
|
|
|
|
|
|
|
|
$src = $dst = $upper = $proxy = '';
|
|
|
|
$ealgo = $ekey = $aalgo = $akey = '';
|
|
|
|
}
|
|
|
|
}
|
|
|
|
close(IN);
|
|
|
|
|
|
|
|
exit 0;
|