From patchwork Mon Sep 28 07:25:34 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Alexander Aring <alex.aring@gmail.com>
X-Patchwork-Id: 523252
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 2066614010F
	for <patchwork-incoming@ozlabs.org>;
	Mon, 28 Sep 2015 17:27:32 +1000 (AEST)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com header.b=o3t2jhYy;
	dkim-atps=neutral
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1756675AbbI1H10 (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Mon, 28 Sep 2015 03:27:26 -0400
Received: from mail-wi0-f175.google.com ([209.85.212.175]:36682 "EHLO
	mail-wi0-f175.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1756522AbbI1H1Y (ORCPT
	<rfc822;netdev@vger.kernel.org>); Mon, 28 Sep 2015 03:27:24 -0400
Received: by wicgb1 with SMTP id gb1so90586324wic.1;
	Mon, 28 Sep 2015 00:27:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20120113;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=iJgTFVxglIlj4FIHSXvp32Tbtz9BxtA/OLHyfo+Nzsw=;
	b=o3t2jhYyGqP9oOsvqMZ8Gu+4UUWV3b876pcNSR/w9ySSxvlJF0FgKLjxrKRMWUZl4W
	zRFQ82HIhAMLfSf8sVDcslyLGnYbGz2EffArcHH126XBViQUedggSfZoa8iDoS1fA24a
	a72hRsvp/7zf/vbzza4LXypaIvHeDA34u9wGh5Th9Iw3f2ByBETnHjx9w8D1dLzzmv52
	I7rL1LrpUpfSKP/PrNNsDk/QL9vMG9rDBtCgCviJ4ZEXK09tSxI8mV/JBVrNV8ll3/pH
	hDNbsC9AGPOJB3+UBe2y0RkSlQd/BMRdDHCTvQkCgJVvsDB1qb3NSNzkL/kBoyxQscdk
	g8Kg==
X-Received: by 10.194.117.164 with SMTP id kf4mr20013046wjb.9.1443425243390;
	Mon, 28 Sep 2015 00:27:23 -0700 (PDT)
Received: from omega.localdomain (p4FD38193.dip0.t-ipconnect.de.
	[79.211.129.147]) by smtp.gmail.com with ESMTPSA id
	gl4sm16795612wjb.29.2015.09.28.00.27.21
	(version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Mon, 28 Sep 2015 00:27:22 -0700 (PDT)
From: Alexander Aring <alex.aring@gmail.com>
To: linux-wpan@vger.kernel.org
Cc: kernel@pengutronix.de, netdev@vger.kernel.org,
	phoebe.buckheister@itwm.fraunhofer.de,
	Alexander Aring <alex.aring@gmail.com>
Subject: [PATCH wpan-tools 2/2] security: add store and restore scripts
Date: Mon, 28 Sep 2015 09:25:34 +0200
Message-Id: <1443425134-27910-2-git-send-email-alex.aring@gmail.com>
X-Mailer: git-send-email 2.5.3
In-Reply-To: <1443425134-27910-1-git-send-email-alex.aring@gmail.com>
References: <1443425134-27910-1-git-send-email-alex.aring@gmail.com>
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

This patch adds two new bash script commands."iwpan-store" and
"iwpan-restore" which can store and restore the current security
table settings. This is currently a very KISS solution, we should lookup
iptables implementation for storing and restoring the tables.

Signed-off-by: Alexander Aring <alex.aring@gmail.com>
---
 src/Makefile.am   |  4 ++++
 src/iwpan-restore | 36 ++++++++++++++++++++++++++++++++++++
 src/iwpan-store   | 39 +++++++++++++++++++++++++++++++++++++++
 3 files changed, 79 insertions(+)
 create mode 100755 src/iwpan-restore
 create mode 100755 src/iwpan-store

diff --git a/src/Makefile.am b/src/Makefile.am
index b2177a2..37a6d82 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -1,6 +1,10 @@
 bin_PROGRAMS = \
 	iwpan
 
+bin_SCRIPTS = \
+	iwpan-store \
+	iwpan-restore
+
 iwpan_SOURCES = \
 	iwpan.c \
 	iwpan.h \
diff --git a/src/iwpan-restore b/src/iwpan-restore
new file mode 100755
index 0000000..0e305f6
--- /dev/null
+++ b/src/iwpan-restore
@@ -0,0 +1,36 @@
+#!/bin/bash
+
+WPAN_DEV=""
+FILE=""
+
+function usage() {
+	echo "usage: -d \$WPAN_DEV -f \$FILE"
+}
+
+while getopts "d:f:" opt; do
+	case $opt in
+		d)
+			WPAN_DEV=$OPTARG
+			;;
+		f)
+			FILE=$OPTARG
+			;;
+		?)
+			usage
+			;;
+	esac
+done
+
+if [ -z $FILE ] || [ -z $WPAN_DEV ]
+then
+	usage
+	exit 1
+fi
+
+function failed() {
+	echo "failed" >&2
+}
+
+export WPAN_DEV &&
+/bin/bash $FILE ||
+failed
diff --git a/src/iwpan-store b/src/iwpan-store
new file mode 100755
index 0000000..acce807
--- /dev/null
+++ b/src/iwpan-store
@@ -0,0 +1,39 @@
+#!/bin/bash
+
+WPAN_DEV=""
+FILE=""
+
+function usage() {
+	echo "usage: -d \$WPAN_DEV -f \$FILE"
+}
+
+while getopts "d:f:" opt; do
+	case $opt in
+		d)
+			WPAN_DEV=$OPTARG
+			;;
+		f)
+			FILE=$OPTARG
+			;;
+		?)
+			usage
+			;;
+	esac
+done
+
+if [ -z $FILE ] || [ -z $WPAN_DEV ]
+then
+	usage
+	exit 1
+fi
+
+function failed() {
+	echo "failed" >&2
+	rm $FILE
+}
+
+iwpan dev $WPAN_DEV seclevel dump > $FILE &&
+iwpan dev $WPAN_DEV device dump >> $FILE &&
+iwpan dev $WPAN_DEV devkey dump >> $FILE &&
+iwpan dev $WPAN_DEV key dump >> $FILE ||
+failed