xref: /freebsd/sbin/setkey/scriptdump.pl (revision 734e82fe33aa764367791a7d603b383996c6b40b)
1#! @LOCALPREFIX@/bin/perl
2
3if ($< != 0) {
4	print STDERR "must be root to invoke this\n";
5	exit 1;
6}
7
8$mode = 'add';
9while ($i = shift @ARGV) {
10	if ($i eq '-d') {
11		$mode = 'delete';
12	} else {
13		print STDERR "usage: scriptdump [-d]\n";
14		exit 1;
15	}
16}
17
18open(IN, "setkey -D |") || die;
19foreach $_ (<IN>) {
20	if (/^[^\t]/) {
21		($src, $dst) = split(/\s+/, $_);
22	} elsif (/^\t(esp|ah) mode=(\S+) spi=(\d+).*reqid=(\d+)/) {
23		($proto, $ipsecmode, $spi, $reqid) = ($1, $2, $3, $4);
24	} elsif (/^\tE: (\S+) (.*)/) {
25		$ealgo = $1;
26		$ekey = $2;
27		$ekey =~ s/\s//g;
28		$ekey =~ s/^/0x/g;
29	} elsif (/^\tA: (\S+) (.*)/) {
30		$aalgo = $1;
31		$akey = $2;
32		$akey =~ s/\s//g;
33		$akey =~ s/^/0x/g;
34	} elsif (/^\tseq=(0x\d+) replay=(\d+) flags=(0x\d+) state=/) {
35		print "$mode $src $dst $proto $spi";
36		$replay = $2;
37		print " -u $reqid" if $reqid;
38		if ($mode eq 'add') {
39			print " -m $ipsecmode -r $replay" if $replay;
40			if ($proto eq 'esp') {
41				print " -E $ealgo $ekey" if $ealgo;
42				print " -A $aalgo $akey" if $aalgo;
43			} elsif ($proto eq 'ah') {
44				print " -A $aalgo $akey" if $aalgo;
45			}
46		}
47		print ";\n";
48
49		$src = $dst = $upper = $proxy = '';
50		$ealgo = $ekey = $aalgo = $akey = '';
51	}
52}
53close(IN);
54
55exit 0;
56