Home | History | Annotate | Download | only in ns-tools 
      1 #!/bin/sh
      2 
      3 ################################################################################
      4 ##                                                                            ##
      5 ## Copyright (c) International Business Machines  Corp., 2005                 ##
      6 ##                                                                            ##
      7 ## This program is free software;  you can redistribute it and#or modify      ##
      8 ## it under the terms of the GNU General Public License as published by       ##
      9 ## the Free Software Foundation; either version 2 of the License, or          ##
     10 ## (at your option) any later version.                                        ##
     11 ##                                                                            ##
     12 ## This program is distributed in the hope that it will be useful, but        ##
     13 ## WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY ##
     14 ## or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License   ##
     15 ## for more details.                                                          ##
     16 ##                                                                            ##
     17 ## You should have received a copy of the GNU General Public License          ##
     18 ## along with this program;  if not, write to the Free Software               ##
     19 ## Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA    ##
     20 ##                                                                            ##
     21 ##                                                                            ##
     22 ################################################################################
     23 #
     24 # File:
     25 #   output_ipsec_conf
     26 #
     27 # Description:
     28 #   Output IPsec configuration
     29 #
     30 # Author:
     31 #   Mitsuru Chinen <mitch (at] jp.ibm.com>
     32 #
     33 # Exit Value:
     34 #    0: Exit normally
     35 #   >0: Exit abnormally
     36 #
     37 # History:
     38 #   Oct 19 2005 - Created (Mitsuru Chinen)
     39 #
     40 #-----------------------------------------------------------------------
     41 #Uncomment line below for debug output.
     42 $trace_logic
     43 
     44 # Encryption algorithm
     45 EALGO="3des-cbc"
     46 EALGO_KEY="_I_want_to_have_chicken_"
     47 
     48 # Authentication algorithm
     49 AALGO="hmac-sha1"
     50 AALGO_KEY="beef_fish_pork_salad"
     51 
     52 # Compression algorithm
     53 CALGO="deflate"
     54 
     55 
     56 #-----------------------------------------------------------------------
     57 #
     58 # Function: usage
     59 #
     60 # Description:
     61 #   Print the usage of this script, then exit
     62 #
     63 #-----------------------------------------------------------------------
     64 usage(){
     65     cat << EOD >&2
     66 output_ipsec_conf flush
     67     Flush the SAD and SPD entries.
     68 
     69 output_ipsec_conf target protocol mode first_spi src_addr dst_addr
     70     target: target of the configuration file ( src / dst )
     71     protocol: ah / esp / ipcomp
     72     mode: transport / tunnel
     73     first_spi: the first spi value
     74     src_addr: source IP address
     75     dst_addr: destination IP address
     76 EOD
     77 
     78     exit 1
     79 }
     80 
     81 
     82 
     83 #-----------------------------------------------------------------------
     84 #
     85 # Main
     86 #
     87 #
     88 
     89 # When argument is `flush', flush the SAD and SPD
     90 if [ x$1 = x"flush" ]; then
     91     echo "spdflush ;"
     92     echo "flush ;"
     93     exit 0
     94 fi
     95 
     96 # source/destination IP addresses
     97 if [ $# -ne 6 ]; then
     98     usage
     99 fi
    100 target=$1
    101 protocol=$2
    102 mode=$3
    103 first_spi=$4
    104 src_ipaddr=$5
    105 dst_ipaddr=$6
    106 
    107 # Algorithm options for each protocol
    108 case $protocol in
    109     ah)
    110     algo_line="-A $AALGO \"$AALGO_KEY\""
    111     ;;
    112     esp)
    113     algo_line="-E $EALGO \"$EALGO_KEY\" -A $AALGO \"$AALGO_KEY\""
    114     ;;
    115     ipcomp)
    116     algo_line="-C $CALGO"
    117     ;;
    118     *)
    119     usage
    120     ;;
    121 esac
    122 
    123 # Write lines for adding an SAD entry
    124 cat << EOD
    125 add $src_ipaddr $dst_ipaddr $protocol $first_spi
    126     -m $mode
    127     $algo_line ;
    128 
    129 add $dst_ipaddr $src_ipaddr $protocol `expr $first_spi + 1`
    130     -m $mode
    131     $algo_line ;
    132 
    133 EOD
    134 
    135 # Write lines for adding an SPD entry
    136 case $target in
    137     src)
    138     direct1=out
    139     direct2=in
    140     ;;
    141     dst)
    142     direct1=in
    143     direct2=out
    144     ;;
    145     *)
    146     usage
    147     ;;
    148 esac
    149 
    150 case $mode in
    151     transport)
    152     cat << EOD
    153 spdadd $src_ipaddr $dst_ipaddr any
    154     -P $direct1 ipsec $protocol/transport//use ;
    155 
    156 spdadd $dst_ipaddr $src_ipaddr any
    157     -P $direct2 ipsec $protocol/transport//use ;
    158 EOD
    159     ;;
    160 
    161     tunnel)
    162     cat << EOD
    163 spdadd $src_ipaddr $dst_ipaddr any
    164     -P $direct1 ipsec $protocol/tunnel/${src_ipaddr}-${dst_ipaddr}/use ;
    165 
    166 spdadd $dst_ipaddr $src_ipaddr any
    167     -P $direct2 ipsec $protocol/tunnel/${dst_ipaddr}-${src_ipaddr}/use ;
    168 EOD
    169     ;;
    170 esac
    171 
    172 exit 0
    173