📄 config
字号:
# set various configuration parameters# Use shell "." command to load these into the environment# Where to find programs to test.# These can be overridden by environment.# Note: {WEST,EAST}PLUTO and {WEST,EAST,NORTH,SOUTH}WHACK# allow more specific control# Note: paths must be absolute because dopluto does a cd.if [ -z "${TESTING:-}" ]then if [ -d testing ]; then TESTING=`pwd`/testing elif [ -d ${MYBOX}/testing ]; then TESTING=$MYBOX/testing else echo "Please set \$TESTING " fifiexport PATH=$TESTING/pluto/bin:$PATH if [ -z "${PLUTO:-}" ]then if [ -x ${MYBOX:-}/programs/pluto/pluto ] then PLUTO=$MYBOX/programs/pluto/pluto WHACK=$MYBOX/programs/pluto/whack elif [ -x programs/pluto/pluto ] then PLUTO=`pwd`/programs/pluto/pluto WHACK=`pwd`/programs/pluto/whack elif [ -x ../../../programs/pluto/pluto ] then PLUTO=`pwd`/../../../programs/pluto/pluto WHACK=`pwd`/../../../programs/pluto/whack fifiexport PLUTOexport WHACKif [ -z "${TESTING:-}" ]then if [ -d ${MYBOX:-}/testing ] then TESTING=$MYBOX/testing elif [ -d testing ] then TESTING=`pwd`/testing fi fiexport TESTINGif [ ! -x "$PLUTO" -a "$PLUTO" != "ipsec pluto" ] ; then echo "ERROR: Where is Pluto? Not in \"$PLUTO\"; set \$PLUTO correctly." >&2 #exit 1fiif [ ! -x "$WHACK" -a "$WHACK" != "ipsec whack" ] ; then echo "ERROR: Where is whack? Not in \"$WHACK\"; set \$WHACK correctly." >&2 #exit 1fiexport LWDNSQOPTION=""case "${USE_LWRES:-true}" intrue) if [ -z "${LWDNSQ:-}" ] then if [ -x ${MYBOX:-}/programs/lwdnsq/lwdnsq ] then LWDNSQ=$MYBOX/programs/lwdnsq/lwdnsq elif [ -x programs/lwdnsq/lwdnsq ] then LWDNSQ=`pwd`/programs/lwdnsq/lwdnsq elif [ -x `pwd`/../../programs/lwdnsq/lwdnsq ] then LWDNSQ=`pwd`/../../programs/lwdnsq/lwdnsq elif [ -x `dirname "$PLUTO"`/lwdnsq ] ; then LWDNSQ=`dirname "$PLUTO"`/lwdnsq elif [ "$PLUTO" = "ipsec pluto" ]; then LWDNSQ="" else echo "ERROR: Where is lwdnsq? Not in \"$LWDNSQ\"; set \$LWDNSQ correctly." >&2 exit 1 fi fi if [ -n "${LWDNSQ}" ]; then LWDNSQOPTION="--lwdnsq $LWDNSQ" export LWDNSQ LWDNSQOPTION fi ;;esacset -uexport IKEPORT=8500export DOMAIN=exampleexport ROUTER=127.95.7.254export WESTIP=127.95.7.1export EASTIP=127.95.7.2export NORTHIP=127.95.7.3export SOUTHIP=127.95.7.4export WESTIF=lo:wexport EASTIF=lo:eexport NORTHIF=lo:nexport SOUTHIF=lo:sexport WESTSUBNET=127.95.7.8/30export VICTORIA=127.95.7.10export VANCOUVER=127.95.7.11export VANISHED=127.95.7.8 # missing, naturallyexport WESTSUBNET2=127.95.7.12/30export WESTSUBNET3=127.95.7.16/30export EASTSUBNETNET=127.95.7.20export EASTSUBNET=$EASTSUBNETNET/30export EASTHALFSUBNET=$EASTSUBNETNET/31 # includes Truroexport TRURO=127.95.7.21export ANTIGONISH=127.95.7.22export ATLANTIS=127.95.7.23 # missing, naturallyexport EASTSUBNET2=127.95.7.24/30export EASTSUBNET3=127.95.7.28/30export NORTHSUBNET=127.95.7.32/30export NORTHSUBNET2=127.95.7.36/30export NORTHSUBNET3=127.95.7.40/30export SOUTHSUBNET=127.95.7.44/30export SOUTHSUBNET2=127.95.7.48/30export SOUTHSUBNET3=127.95.7.52/30# sometimes CMP=diff is usefulCMP=${CMP:-cmp}DOPLUTO=doplutoDOWHACK=dowhackDFAIL=""XFAIL=""SFAIL=""REFMISSING=""CFAIL=""WESTHOST="--host $WESTIP --ikeport $IKEPORT"WESTNET="$WESTHOST --client $WESTSUBNET"EASTHOST="--host $EASTIP --ikeport $IKEPORT"EASTNET="$EASTHOST --client $EASTSUBNET"ANYHOST="--host %any --ikeport $IKEPORT"OPPO="--host %opportunistic --ikeport $IKEPORT"OPPONARROW="$OPPO --client 127.0.0.0/8"OPPOMISS="$OPPO --client 10.0.0.0/8"GROUP="--host %group --ikeport $IKEPORT"OPPOGROUP="--host %opportunisticgroup --ikeport $IKEPORT"WHACKWEST="${WESTWHACK:-$WHACK} --ctlbase pluto/west/pluto.west"WHACKEAST="${EASTWHACK:-$WHACK} --ctlbase pluto/east/pluto.east"# run of the mill lifetimesNORMALMARG=350NORMALIKE=900TIMES="--rekeymargin $NORMALMARG --ikelifetime $NORMALIKE --ipseclifetime 800"# half size, to be shorterSHORTMARG=175SHORTIKE=450SHORTIPSEC=400SHORTTIMES="--rekeymargin $SHORTMARG --ikelifetime $SHORTIKE --ipseclifetime $SHORTIPSEC"# really small so we're willing to sleep through a keying intervalTINYIPSECLIFETIME=40TINYTIMES="--rekeymargin 17 --ikelifetime 45 --ipseclifetime $TINYIPSECLIFETIME"TIMES0="$TIMES --keyingtries 0"TIMES1="$TIMES --keyingtries 1"TIMES2="$TIMES --keyingtries 2"LIST="1 2 3 4 5"# dumb boilerplateTO="--updown silly --to --updown sally"function whackwest() { eval $WHACKWEST "$@" }function whackeast() { eval $WHACKEAST "$@" }function perform() { echo "$@" "$@" || echo RC: $? }function me() { perform whackwest "$@" }function him() { perform whackeast "$@" }function both() { perform whackwest "$@" perform whackeast "$@" }function me_status() { me --status | canonicize_status }function him_status() { him --status | canonicize_status }function both_status() { both --status | canonicize_status }# Grab the lifetime setting actually in states.# Turn them into shell variable assignments suitable for eval ``.function grab_lifetimes() { ( me --status ; him --status ) | sed -n -e \ '/STATE_/ { s/.*MAIN/ISAKMP/ s/.*QUICK/IPsec/ s/_I[0-4]/_I!/ s/_R[0-4]/_R!/ s/!.*EVENT_SA_\([^ ]*\)/_\1!/ s/! in \([0-9]*\)s.*/=\1/ p }' }ut() { mount -o rw,remount /testing for f do cp log/$f/wi-log log.ref/$f/wi-log done}# Check if lifetime is close to predicted time# Can't be more, but might be a bit less.# A bit is 3 seconds, for now.# Must not print variable values unless we have an error condition.function notcloseto() { if expr '(' $1 ')' '>' '(' $2 ')' >/dev/null then echo bad $3: $1 '>' $2 return 0 elif expr '(' $1 ')' '<' '(' $2 ')' - 3 >/dev/null then echo bad $3: $1 '<' $2 - 3 return 0 else echo good $3: close to $2 return 1 fi }function canonicize_status() { sed -e 's/ in [1-9][0-9]*s/ in ???s/' \ -e 's/ esp\.[0-9a-f]*@/ esp.???@/g' \ -e 's/ ah\.[0-9a-f]*@/ ah.???@/g' \ -e 's/ comp\.[0-9a-f]*@/ comp.???@/g' \ -e '/^000 my FQDN =/s/@.*/@FQDN/' }⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -