mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-23 22:58:52 +01:00
Use 'ip -s xfrm' to dump the SPD and SAD
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
273b02c6da
commit
7ce5c31c68
@ -1579,6 +1579,19 @@ show_status() {
|
||||
|
||||
}
|
||||
|
||||
#
|
||||
# Don't dump empty SPD entries
|
||||
#
|
||||
spd_filter()
|
||||
{
|
||||
awk \
|
||||
'BEGIN { skip=0; }; \
|
||||
/^src/ { skip=0; }; \
|
||||
/^src 0.0.0.0\/0/ { skip=1; }; \
|
||||
/^src ::\/0/ { skip=1; }; \
|
||||
{ if ( skip == 0 ) print; };'
|
||||
}
|
||||
|
||||
#
|
||||
# Dump Command Executor
|
||||
#
|
||||
@ -1729,12 +1742,10 @@ do_dump_command() {
|
||||
heading "Events"
|
||||
show_events
|
||||
|
||||
if qt mywhich setkey; then
|
||||
heading "PFKEY SPD"
|
||||
setkey -DP
|
||||
heading "PFKEY SAD"
|
||||
setkey -D | grep -Ev '^[[:space:]](A:|E:)' # Don't divulge the keys
|
||||
fi
|
||||
heading "PFKEY SPD"
|
||||
$IP -s xfrm policy | spd_filter
|
||||
heading "PFKEY SAD"
|
||||
$IP -s -$g_family xfrm state | egrep -v '[[:space:]]+(auth-trunc|enc )' # Don't divulge the keys
|
||||
|
||||
heading "/proc"
|
||||
show_proc /proc/version
|
||||
|
Loading…
Reference in New Issue
Block a user