From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sun, 30 Jul 2017 16:30:34 +0000 (+0200)
Subject: ipsec: Add connection show command
X-Git-Tag: 009~96
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c1e76e9758f607fca6dab394efc50145a4fe3883;p=network.git

ipsec: Add connection show command

This shows the current configuration of a connection

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/functions/functions.ipsec b/src/functions/functions.ipsec
index 9795e5c6..ee6ac9b1 100644
--- a/src/functions/functions.ipsec
+++ b/src/functions/functions.ipsec
@@ -59,6 +59,10 @@ cli_ipsec_connection() {
 			authentication|inactivity-timout|local|mode|peer|remote|security-policy)
 				ipsec_connection_${key} ${connection} $@
 				;;
+			show)
+				cli_ipsec_connection_show "${connection}"
+				exit $?
+				;;
 			*)
 				error "Unrecognized argument: ${key}"
 				exit ${EXIT_ERROR}
@@ -85,6 +89,100 @@ cli_ipsec_connection() {
 	fi
 }
 
+cli_ipsec_connection_show() {
+	local connection="${1}"
+
+	# Read the config settings
+	local ${IPSEC_CONNECTION_CONFIG_SETTINGS}
+	if ! ipsec_connection_read_config "${connection}"; then
+		error "Could not read the connection configuration"
+		return ${EXIT_ERROR}
+	fi
+
+	cli_headline 0 "IPsec VPN Connection: ${connection}"
+	cli_space
+
+	# Peer
+	if isset PEER; then
+		cli_print_fmt1 1 "Peer" "${PEER}"
+	fi
+
+	# Security Policy
+	cli_print_fmt1 1 "Security Policy" "${SECURITY_POLICY-${IPSEC_DEFAULT_SECURITY_POLICY}}"
+	cli_space
+
+	cli_headline 2 "Authentication"
+	case "${AUTH_MODE^^}" in
+		PSK)
+			cli_print_fmt1 2 "Mode" "Pre-Shared-Key"
+
+			if isset PSK; then
+				cli_print_fmt1 2 "Pre-Shared-Key" "****"
+			else
+				cli_print_fmt1 2 "Pre-Shared-Key" "- is not set -"
+			fi
+			;;
+		X509)
+			: # TODO
+			;;
+	esac
+	cli_space
+
+	local i
+	for i in LOCAL REMOTE; do
+		case "${i}" in
+			LOCAL)
+				cli_headline 2 "Local"
+				;;
+			REMOTE)
+				cli_headline 2 "Remote"
+				;;
+		esac
+
+		local id_var="${i}_ID"
+		if [ -n "${!id_var}" ]; then
+			cli_print_fmt1 2 "ID" "${!id_var}"
+		fi
+
+		local prefix_var="${i}_PREFIX"
+		if isset ${prefix_var}; then
+			cli_headline 3 "Prefix(es)"
+
+			local prefix
+			for prefix in ${!prefix_var}; do
+				cli_print_fmt1 3 "${prefix}"
+			done
+		fi
+
+		cli_space
+	done
+
+	cli_headline 2 "Misc."
+
+	case "${MODE}" in
+		gre-transport)
+			cli_print_fmt1 2 "Transport Mode" "GRE Transport"
+			;;
+		tunnel)
+			cli_print_fmt1 2 "Transport Mode" "Tunnel"
+			;;
+		vti)
+			cli_print_fmt1 2 "Transport Mode" "Virtual Tunnel Interface"
+			;;
+		*)
+			cli_print_fmt1 2 "Transport Mode" "- Unknown -"
+			;;
+	esac
+
+	# Inactivity timeout
+	if isset INACTIVITY_TIMEOUT && [ ${INACTIVITY_TIMEOUT} -gt 0 ]; then
+		cli_print_fmt1 2 "Inactivity Timeout" "$(format_time ${INACTIVITY_TIMEOUT})"
+	fi
+	cli_space
+
+	return ${EXIT_OK}
+}
+
 # This function writes all values to a via ${connection} specificated VPN IPsec configuration file
 ipsec_connection_write_config() {
 	assert [ $# -ge 1 ]