1#! @LOCALPREFIX@/bin/perl 2 3if ($< != 0) { 4 print STDERR "must be root to invoke this\n"; 5 exit 1; 6} 7 8$mode = 'add'; 9while ($i = shift @ARGV) { 10 if ($i eq '-d') { 11 $mode = 'delete'; 12 } else { 13 print STDERR "usage: scriptdump [-d]\n"; 14 exit 1; 15 } 16} 17 18open(IN, "setkey -D |") || die; 19foreach $_ (<IN>) { 20 if (/^[^\t]/) { 21 ($src, $dst) = split(/\s+/, $_); 22 } elsif (/^\t(esp|ah) mode=(\S+) spi=(\d+).*reqid=(\d+)/) { 23 ($proto, $ipsecmode, $spi, $reqid) = ($1, $2, $3, $4); 24 } elsif (/^\tE: (\S+) (.*)/) { 25 $ealgo = $1; 26 $ekey = $2; 27 $ekey =~ s/\s//g; 28 $ekey =~ s/^/0x/g; 29 } elsif (/^\tA: (\S+) (.*)/) { 30 $aalgo = $1; 31 $akey = $2; 32 $akey =~ s/\s//g; 33 $akey =~ s/^/0x/g; 34 } elsif (/^\tseq=(0x\d+) replay=(\d+) flags=(0x\d+) state=/) { 35 print "$mode $src $dst $proto $spi"; 36 $replay = $2; 37 print " -u $reqid" if $reqid; 38 if ($mode eq 'add') { 39 print " -m $ipsecmode -r $replay" if $replay; 40 if ($proto eq 'esp') { 41 print " -E $ealgo $ekey" if $ealgo; 42 print " -A $aalgo $akey" if $aalgo; 43 } elsif ($proto eq 'ah') { 44 print " -A $aalgo $akey" if $aalgo; 45 } 46 } 47 print ";\n"; 48 49 $src = $dst = $upper = $proxy = ''; 50 $ealgo = $ekey = $aalgo = $akey = ''; 51 } 52} 53close(IN); 54 55exit 0; 56