File: ipsec-kernel-state.sed

package info (click to toggle)
libreswan 5.2-2.4
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 81,656 kB
  • sloc: ansic: 129,988; sh: 32,018; xml: 20,646; python: 10,303; makefile: 3,022; javascript: 1,506; sed: 574; yacc: 511; perl: 264; awk: 52
file content (97 lines) | stat: -rw-r--r-- 2,295 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
 
# match: setkey ...

/guestbin\/ipsec-kernel-state.sh/ b next-ipsec-kernel-state
/^ ip xfrm state$/ b next-ipsec-kernel-state
/^ ip xfrm state |/ b next-ipsec-kernel-state
/^ ip -4 xfrm state$/ b next-ipsec-kernel-state
/^ ip -6 xfrm state$/ b next-ipsec-kernel-state

b end-ipsec-kernel-state

:drop-ipsec-kernel-state
  # read next line (drop current)
  N
  s/^.*\n//
  b match-ipsec-kernel-state

:next-ipsec-kernel-state
  # advance to next line (print current, read next)
  n

:match-ipsec-kernel-state
  # next command?
  /^[a-z][a-z]*#/ b end-ipsec-kernel-state
  /^[a-z][a-z]* #/ b end-ipsec-kernel-state

  # SPI: preserve 0

  / spi 0x00000000 /! {
	s/ spi 0x[0-9a-f]\{8\} / spi 0xSPISPI /g
  }
  s/\(\s\)spi=[1-9][0-9]*(0x[^)]*)/\1spi=SPISPI(0xSPISPI)/

  # setkey -D

  /^\s*[AE]:\s/ {
  	s/\(\s\)[0-9a-f]\{8\}/\1XXXXXXXX/g
  }
  s/\(\s\)pid=[1-9][0-9]*/\1pid=PID/
  s/\(\s\)diff: [0-9]\{1,\}/\1diff: N/

  # ipsecctl

  /authkey/ {
	s/0x[0-9a-f][0-9a-f]*/0xHASHKEY/
  }
  /enckey/ {
	s/0x[0-9a-f][0-9a-f]*/0xENCKEY/
  }
  /key_auth:/ {
	s/:\(\s\)[a-f0-9]*$/:\1HASHKEY/
  }
  /key_encrypt:/ {
	s/:\(\s\)[a-f0-9]*$/:\1ENCKEY/
  }
  /lifetime_cur:/ {
	s/ add [1-9][0-9]*/ add N/
	s/ first [1-9][0-9]*/ first N/
  }
  /lifetime_soft:/ {
	s/ bytes [1-9][0-9]* / bytes N /
	s/ add [1-9][0-9]* / add N /
  }
  /lifetime_hard:/ {
	s/ bytes [1-9][0-9]* / bytes N /
	s/ add [1-9][0-9]* / add N /
  }
  /lifetime_lastuse:/ {
	s/ first [1-9][0-9]*/ first N/
  }

  # ip xfrm state

  # some versions print the flag 80, others print esn
  /replay-window [0-9]* flag / {
	s/\( flag.*\) 80/\1 esn/
  }

  # fix up keys and other magic numbers; see also ipsec look
  s/ reqid [1-9][0-9]* / reqid REQID /g

  s/\tauth\(.*\) 0x[^ ]* \(.*\)$/\tauth\1 0xHASHKEY \2/g
  s/\tenc \(.*\) 0x.*$/\tenc \1 0xENCKEY/g
  s/\taead \(.*\) 0x[^ ]*\( .*\)$/\taead \1 0xENCAUTHKEY\2/g

  s/lastused .*/lastused YYYY-MM-DD HH:MM:SS/

  # ephemeral ports
  # - according to IANA: 49152-65535
  # - according to Linux: 32768-61000
  # the below matches 30000-..  which is good enough
  # but not good enough because fedora23 starts in the 29xxx range now :P
  s/ sport [2-6][0-9][0-9][0-9][0-9] / sport EPHEM /g
  s/ dport [2-6][0-9][0-9][0-9][0-9] / dport EPHEM /g;

b next-ipsec-kernel-state

:end-ipsec-kernel-state