holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Use 'ip -s xfrm' to dump the SPD and SAD

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2016-12-17 14:43:16 -08:00
parent b3b637d663
commit 03a9b92a14
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
1 changed files with 17 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
Shorewall-core/lib.cli
View File

@ -1583,6 +1583,19 @@ show_status() {
} }
#
# Don't dump empty SPD entries
#
spd_filter()
{
awk \
'BEGIN { skip=0; }; \
/^src/ { skip=0; }; \
/^src 0.0.0.0\/0/ { skip=1; }; \
/^src ::\/0/ { skip=1; }; \
{ if ( skip == 0 ) print; };'
}
# #
# Dump Command Executor # Dump Command Executor
# #
@ -1733,12 +1746,10 @@ do_dump_command() {
heading "Events" heading "Events"
show_events show_events
if qt mywhich setkey; then heading "PFKEY SPD"
heading "PFKEY SPD" $IP -s xfrm policy | spd_filter
setkey -DP heading "PFKEY SAD"
heading "PFKEY SAD" $IP -s -$g_family xfrm state | egrep -v '[[:space:]]+(auth-trunc|enc )' # Don't divulge the keys
setkey -D | grep -Ev '^[[:space:]](A:|E:)' # Don't divulge the keys
fi
heading "/proc" heading "/proc"
show_proc /proc/version show_proc /proc/version