[Openswan dev] 'ipsec eroute' on 2.6
Ken Bantoft
ken at xelerance.com
Thu May 20 16:44:54 CEST 2004
I'm now running Fedora Core 2 on my laptop, complete with 2.6 and Openswan
HEAD for daily work, so I'm finding things that annoy me and fixing them.
I know I'm not the only one who misses 'ipsec eroute' on 2.6, so I thought
I'd share this. It's ugly, but works for me. Ideally, it should be
convered to C and should call libipsec stuff directly like setkey does.
setkey output is not much fun to parse, so I'm sure I've missed some
corner cases. You can drop this in to your libexec/ipsec dir renamed to
eroute.
--
Ken Bantoft VP Business Development
ken at xelerance.com Xelerance Corporation
sip://toronto.xelerance.com http://www.xelerance.com
The future is here. It's just not evenly distributed yet.
-- William Gibson
-------------- next part --------------
#!/usr/bin/perl
#
# (c) Xelerance <ken at xelerance.com>
#
# I whipped this up in 15 minutes after switching my laptop to 2.6
# so it's ugly, and could use some major improvement. setkey output is
# ugly to parse
open(SETKEY,"setkey -PD|");
while(<SETKEY>) {
if ( m/any/) {
($dst,$src, $any) = split(" ",$_);
$src =~ s/\[any\]//g;
$dst =~ s/\[any\]//g;
}
if ( m/ipsec/ ) {
($dir,$dummy) = split(" ",$_);
}
if ( m/unique/ ) {
($proto,$type,$tunnel,$dummy) = split("/",$_);
($net1,$net2) = split("-",$tunnel);
if($dir eq "out" ) {
$remotegw=$net2;
$local=$net1;
$temp = $src;
$src=$dst;
$dst=$temp;
}
if ($dir eq "in") {
$remotegw=$net1;
$local=$net2;
}
if ($dir eq "fwd") {
$remotegw=$net1;
$local=$net2;
}
}
if ( m/spid/ ) {
($spidstr,$seqstr, $pidstr) = split(" ",$_);
($tmp,$spi) = split("\=",$spidstr);
if ($spi != "" && $tunnel != "" ) {
for ($src) {
if (! m/\// ) {
$src .= "/32";
}
}
for ($dst) {
if (! m/\// ) {
$dst .= "/32";
}
}
printf("%3s %-18s -> %-18s => tun%s@%s\n",$dir,$src,$dst,$spi,$remotegw);
# Reset
$tunnel = "";
$spi = "";
$dir = "";
}
}
}
close(SETKEY);
More information about the Dev
mailing list