#! /bin/sh
# quick look at current connections and related information
# Copyright (C) 1998, 1999  Henry Spencer.
# 
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
# 
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
# for more details.
#
# RCSID $Id: look,v 1.20 2000/04/17 14:24:41 henry Exp $

info=/var/run/ipsec.info

# Pick up IPSEC configuration etc.
eval `ipsec _confread --varprefix IPSEC --type config setup`
if test " $IPSEC_confreadstatus" != " "
then
	echo "$IPSEC_confreadstatus -- aborting" |
		logger -s -p daemon.error -t ipsec_look
	exit 1
fi
if test -s $info
then
	. $info
fi

# label it just to be sure
echo "`hostname` `date`"

# combine spigrp and eroute
cat /proc/net/ipsec_spigrp /proc/net/ipsec_eroute |
	awk '	$2 != "->" { tun[$1] = $0 }
		function pad(subnet) {
			sub("/", ".", subnet)
			split(subnet, d, ".")
			return sprintf("%03s%03s%03s%03s%03s", d[1], d[2],
							d[3], d[4], d[5])
		}
		$2 == "->" {
			printf "%s:%-18s -> %-18s => %s\n", (pad($1) pad($3)),
				$1, $3, tun[$5]
		}' | sort | sed 's/^[^:]*://'

# tncfg (mostly as a divider line)
egrep -v NULL /proc/net/ipsec_tncfg | paste -d % | sed 's/%/   /g' |
	sed 's/ -> /->/g'

# SAs
sort /proc/net/ipsec_spi

# relevant routing information, including header line (which is good
# enough as a separator, no need for another bar)
pat="^Dest"
if test " $defaultroutephys" != " "
then
	pat="$pat|$defaultroutephys\$|$defaultroutevirt\$"
else
	for i in `echo "$IPSECinterfaces" | tr '=' ' '`
	do
		pat="$pat|$i\$"
	done
fi
netstat -nr | egrep "$pat" | sed '/^Dest/s/^/ /' | sort | sed '/^ Dest/s/ //'