Use 'ip -s xfrm' to dump the SPD and SAD

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2016-12-17 14:43:16 -08:00
parent b3b637d663
commit 03a9b92a14
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10

View File

@ -1583,6 +1583,19 @@ show_status() {
}
#
# Don't dump empty SPD entries
#
spd_filter()
{
awk \
'BEGIN { skip=0; }; \
/^src/ { skip=0; }; \
/^src 0.0.0.0\/0/ { skip=1; }; \
/^src ::\/0/ { skip=1; }; \
{ if ( skip == 0 ) print; };'
}
#
# Dump Command Executor
#
@ -1733,12 +1746,10 @@ do_dump_command() {
heading "Events"
show_events
if qt mywhich setkey; then
heading "PFKEY SPD"
setkey -DP
heading "PFKEY SAD"
setkey -D | grep -Ev '^[[:space:]](A:|E:)' # Don't divulge the keys
fi
heading "PFKEY SPD"
$IP -s xfrm policy | spd_filter
heading "PFKEY SAD"
$IP -s -$g_family xfrm state | egrep -v '[[:space:]]+(auth-trunc|enc )' # Don't divulge the keys
heading "/proc"
show_proc /proc/version