1#! @LOCALPREFIX@/bin/perl 2# $FreeBSD$ 3 4if ($< != 0) { 5 print STDERR "must be root to invoke this\n"; 6 exit 1; 7} 8 9$mode = 'add'; 10while ($i = shift @ARGV) { 11 if ($i eq '-d') { 12 $mode = 'delete'; 13 } else { 14 print STDERR "usage: scriptdump [-d]\n"; 15 exit 1; 16 } 17} 18 19open(IN, "setkey -D |") || die; 20foreach $_ (<IN>) { 21 if (/^[^\t]/) { 22 ($src, $dst) = split(/\s+/, $_); 23 } elsif (/^\t(esp|ah) mode=(\S+) spi=(\d+).*reqid=(\d+)/) { 24 ($proto, $ipsecmode, $spi, $reqid) = ($1, $2, $3, $4); 25 } elsif (/^\tE: (\S+) (.*)/) { 26 $ealgo = $1; 27 $ekey = $2; 28 $ekey =~ s/\s//g; 29 $ekey =~ s/^/0x/g; 30 } elsif (/^\tA: (\S+) (.*)/) { 31 $aalgo = $1; 32 $akey = $2; 33 $akey =~ s/\s//g; 34 $akey =~ s/^/0x/g; 35 } elsif (/^\tseq=(0x\d+) replay=(\d+) flags=(0x\d+) state=/) { 36 print "$mode $src $dst $proto $spi"; 37 $replay = $2; 38 print " -u $reqid" if $reqid; 39 if ($mode eq 'add') { 40 print " -m $ipsecmode -r $replay" if $replay; 41 if ($proto eq 'esp') { 42 print " -E $ealgo $ekey" if $ealgo; 43 print " -A $aalgo $akey" if $aalgo; 44 } elsif ($proto eq 'ah') { 45 print " -A $aalgo $akey" if $aalgo; 46 } 47 } 48 print ";\n"; 49 50 $src = $dst = $upper = $proxy = ''; 51 $ealgo = $ekey = $aalgo = $akey = ''; 52 } 53} 54close(IN); 55 56exit 0; 57