📄 barf.in
字号:
#! /bin/sh# dump assorted information of use in debugging# Copyright (C) 1998, 1999 Henry Spencer.# # This program is free software; you can redistribute it and/or modify it# under the terms of the GNU General Public License as published by the# Free Software Foundation; either version 2 of the License, or (at your# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.# # This program is distributed in the hope that it will be useful, but# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License# for more details.## RCSID $Id: barf.in,v 1.105 2004/12/10 12:38:29 paul Exp $LOGS=${LOGS-/var/log}CONFS=${IPSEC_CONFS-/etc}CONFDDIR=${IPSEC_CONFDDIR-/etc/ipsec.d}me="ipsec barf"# Max lines to use for things like 'route -n'maxlines=100# kludge to produce no barf output mentioning policygroups if none are present.# This will not catch ".file" policygroups. PREPOLICIES=${CONFDDIR}/policiesif [ `ls $PREPOLICIES 2> /dev/null | wc -l` -ne 0 ]then POLICIES=$PREPOLICIESfi# message patterns that start relevant parts of logsfstart='Starting Openswan'pstart='Starting Pluto subsystem'case "$1" in--help) echo "Usage: ipsec barf" ; exit 0 ;;--version) echo "$me $IPSEC_VERSION" ; exit 0 ;;--maxlines) maxlines=$2; shift;;esac# make sure output is in Englishunset LANG LANGUAGE LC_ALL LC_MESSAGES# log-location guesser, results in $findlog_file and $findlog_startline# Fine point: startline is the *last* line containing "string", or# failing that, the *first* line containing "fallbackstring".findlog() { # findlog string fallbackstring possiblefile ... s="$1" shift t="$1" shift # try the suggested files first for f in $* do if test -s $LOGS/$f -a -f $LOGS/$f && egrep -q "$s" $LOGS/$f then # aha, this one has it findlog_file=$LOGS/$f findlog_startline=`egrep -n "$s" $LOGS/$f | sed -n '$s/:.*//p'` return 0 fi done for f in $* do if test -s $LOGS/$f -a -f $LOGS/$f && egrep -q "$t" $LOGS/$f then # aha, this one has it findlog_file=$LOGS/$f findlog_startline=`egrep -n "$t" $LOGS/$f | sed -n '1s/:.*//p'` return 0 fi done # nope, resort to a search, newest first, of uncompressed logs for f in `ls -t $LOGS | egrep -v '^mail' | egrep -v '\.(gz|Z)$'` do if test -f $LOGS/$f -a ! -d $LOGS/$f && egrep -q "$s" $LOGS/$f then # found it findlog_file=$LOGS/$f findlog_startline=`egrep -n "$s" $LOGS/$f | sed -n '$s/:.*//p'` return 0 fi done for f in `ls -t $LOGS | egrep -v '^mail' | egrep -v '\.(gz|Z)$'` do if test -s $LOGS/$f -a -f $LOGS/$f && egrep -q "$t" $LOGS/$f then # found it findlog_file=$LOGS/$f findlog_startline=`egrep -n "$t" $LOGS/$f | sed -n '1s/:.*//p'` return 0 fi done# echo "$0: unable to find $LOGS/$1 or local equivalent" >&2 findlog_file=/dev/null findlog_startline=1 # arbitrary}# try to guess where logs arefindlog "$fstart" "klips" messages syslog auth.log daemon.logif test " $findlog_file" = " /dev/null" thenecho "Unable to find KLIPS messages, typically found in /var/log/messages or equivalent. You may need to run Openswan for the first time; alternatively, your log files have been emptied (ie, logwatch) or we do not understand your logging configuration."fiklog=$findlog_filekline=$findlog_startlinefindlog "$pstart" "Pluto" secure auth.log daemon.log debugif test " $findlog_file" = " /dev/null" thenecho "Unable to find Pluto messages, typically found in /var/log/secure or equivalent. You may need to run Openswan for the first time; alternatively, your log files have been emptied (ie, logwatch) or we do not understand your logging configuration."fi plog=$findlog_filepline=$findlog_startline# /lib/modules examinermodulegoo() { set +x for d in `ls /lib/modules` do if test -d /lib/modules/$d then f=/lib/modules/$d/$1 if test -f $f then nm -g $f | egrep "$2" else echo fi | sed "s;^;$d: ;" fi done set -x}# advanced shell deviousness to get dividers into output_________________________() { $2 # something to do nothing and not echo anything}exec 2>&1 # stderr on stdout, so errors go into main outputhostname ; dateset -x_________________________ versionipsec --version_________________________ proc/versioncat /proc/version_________________________ proc/net/ipsec_erouteif test -r /proc/net/ipsec_eroutethen sort -sg +3 /proc/net/ipsec_eroute || cat /proc/net/ipsec_eroutefi_________________________ netstat-rnnetstat -nr|head -$maxlines_________________________ proc/net/ipsec_spiif test -r proc/net/ipsec_spithen cat /proc/net/ipsec_spifi_________________________ proc/net/ipsec_spigrpif test -r /proc/net/ipsec_spigrpthen cat /proc/net/ipsec_spigrpfi_________________________ proc/net/ipsec_tncfgif test -r /proc/net/ipsec_tncfgthen cat /proc/net/ipsec_tncfgfi_________________________ proc/net/pfkeyif test -r /proc/net/pfkeythen cat /proc/net/pfkey_________________________ setkey-D setkey -D_________________________ setkey-D-P setkey -D -Pfi# not visible on my 2.6 system#_________________________ proc/net/pf_key-star#( cd /proc/net && egrep '^' pf_key_* )_________________________ proc/sys/net/ipsec-starif test -d /proc/sys/net/ipsecthen ( cd /proc/sys/net/ipsec && egrep '^' * )fi_________________________ ipsec/statusipsec auto --status_________________________ ifconfig-aifconfig -a_________________________ ip-addr-listip addr list_________________________ ip-route-listip route list_________________________ ip-rule-listip rule list_________________________ ipsec_verifyipsec verify --nocolour_________________________ mii-toolif [ -x /sbin/mii-tool ] then /sbin/mii-tool -velif [ -x /usr/sbin/mii-tool ] then /usr/sbin/mii-tool -velse mii-tool -vfi_________________________ ipsec/directoryipsec --directory_________________________ hostname/fqdnhostname --fqdn_________________________ hostname/ipaddresshostname --ip-address_________________________ uptimeuptime_________________________ ps# -i ppid picks up the headerps alxwf | egrep -i 'ppid|pluto|ipsec|klips'_________________________ ipsec/showdefaultsipsec showdefaults_________________________ ipsec/confipsec _include $CONFS/ipsec.conf | ipsec _keycensor_________________________ ipsec/secretsipsec _include $CONFS/ipsec.secrets | ipsec _secretcensor_________________________ ipsec/listallipsec auto --listallif [ $POLICIES ]then for policy in $POLICIES/*; do base=`basename $policy`; _________________________ ipsec/policies/$base cat $policy donefi_________________________ ipsec/ls-libdirls -l ${IPSEC_LIBDIR-/usr/local/lib/ipsec}_________________________ ipsec/ls-execdirls -l ${IPSEC_EXECDIR-/usr/local/libexec/ipsec}_________________________ ipsec/updownsfor f in `ls ${IPSEC_EXECDIR-/usr/local/libexec/ipsec} | egrep updown`do cat ${IPSEC_EXECDIR-/usr/local/libexec/ipsec}/$fdone_________________________ proc/net/devcat /proc/net/dev_________________________ proc/net/routecat /proc/net/route_________________________ proc/sys/net/ipv4/ip_forwardcat /proc/sys/net/ipv4/ip_forward_________________________ proc/sys/net/ipv4/conf/star-rp_filter( cd /proc/sys/net/ipv4/conf && egrep '^' */rp_filter )_________________________ uname-auname -a_________________________ config-built-withif test -r /proc/config_built_withthen cat /proc/config_built_withfi_________________________ redhat-releaseif test -r /etc/redhat-releasethen cat /etc/redhat-releaseelse if test -r /etc/fedora-release then cat /etc/fedora-release fifi_________________________ proc/net/ipsec_versionif test -r /proc/net/ipsec_versionthen cat /proc/net/ipsec_versionelse if test -r /proc/net/pfkey then echo "NETKEY (`uname -r`) support detected " else echo "no KLIPS or NETKEY support detected" fifi_________________________ ipfwadmif test -r /sbin/ipfwadmthen ipfwadm -F -l -n -e_________________________ ipfwadm -I -l -n -e_________________________ ipfwadm -O -l -n -e_________________________ ipfwadm -M -l -n -eelse "no old-style linux 1.x/2.0 ipfwadm firewall support"fi_________________________ ipchainsif test -r /sbin/ipchainsthen ipchains -L -v -n_________________________ ipchains -M -L -v -nelse echo "no old-style linux 2.0 ipchains firewall support"fi_________________________ iptablesif test -r /sbin/iptablesthen iptables -L -v -n_________________________ iptables-nat iptables -t nat -L -v -n_________________________ iptables-mangle iptables -t mangle -L -v -nelif test -r /sbin/ipchainsthen echo "Warning: no iptables or ipchains found. no firewalling capabilities found."fi_________________________ proc/modulesif test -f /proc/modulesthen cat /proc/moduleselse echo "kernel without module support"fi_________________________ proc/meminfocat /proc/meminfo#obsolete? not on my klips system#_________________________ dev/ipsec-ls#ls -l /dev/ipsec*_________________________ proc/net/ipsec-lsif test -f /proc/net/ipsec_versionthen ls -l /proc/net/ipsec_*fi_________________________ usr/src/linux/.configif test -f /proc/config.gzthen zcat /proc/config.gz | egrep 'CONFIG_IPSEC|CONFIG_KLIPS|CONFIG_NET_KEY|CONFIG_INET|CONFIG_IP' elif test -f /lib/modules/`uname -r`/build/.configthen cat /lib/modules/`uname -r`/build/.config | egrep 'CONFIG_IPSEC|CONFIG_KLIPS|CONFIG_NET_KEY|CONFIG_INET|CONFIG_IP'else echo "no .config file found, cannot list kernel properties"fi_________________________ etc/syslog.confcat /etc/syslog.conf_________________________ etc/resolv.confcat /etc/resolv.conf_________________________ lib/modules-lsls -ltr /lib/modules_________________________ proc/ksyms-netif_rxif test -r /proc/ksymsthen egrep netif_rx /proc/ksymselse if test -r /proc/kallsyms then egrep netif_rx /proc/kallsyms else echo "broken (redhat/fedora) 2.6 kernel without kallsyms" fifi _________________________ lib/modules-netif_rxmodulegoo kernel/net/ipv4/ipip.o netif_rx_________________________ kern.debugif test -f $LOGS/kern.debugthen tail -100 $LOGS/kern.debugfi_________________________ klogsed -n $kline,'$'p $klog | egrep -i 'ipsec|klips|pluto' | case "$1" in --short) tail -500 ;; *) cat ;; esac_________________________ plogsed -n $pline,'$'p $plog | egrep -i 'pluto' | case "$1" in --short) tail -500 ;; *) cat ;; esac_________________________ datedate⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -