# set various configuration parameters # Use shell "." command to load these into the environment # Where to find programs to test. # These can be overridden by environment. # Note: {WEST,EAST}PLUTO and {WEST,EAST,NORTH,SOUTH}WHACK # allow more specific control # Note: paths must be absolute because dopluto does a cd. if [ -z "${TESTING:-}" ] then if [ -d testing ]; then TESTING=`pwd`/testing elif [ -d ${MYBOX:-}/testing ]; then TESTING=$MYBOX/testing else echo "Please set \$TESTING " fi fi export PATH=$TESTING/pluto/bin:$PATH if [ -z "${OBJDIR:-}" ] then OSDEP=`uname -s | tr 'A-Z' 'a-z'` ARCH=`uname -m` case $ARCH in i?86) ARCH=i386;; esac if [ -d ${MYBOX:-}/OBJ.$OSDEP.$ARCH ] then OBJDIR=OBJ.$OSDEP.$ARCH/; else OBJDIR='./' fi fi if [ -z "${PLUTO:-}" ] then if [ -x ${MYBOX:-}/${OBJDIR}programs/pluto/pluto ] then PLUTO=$MYBOX/${OBJDIR}/programs/pluto/pluto WHACK=$MYBOX/${OBJDIR}/programs/pluto/whack elif [ -x programs/pluto/pluto ] then PLUTO=`pwd`/programs/pluto/pluto WHACK=`pwd`/programs/pluto/whack elif [ -x ../../../programs/pluto/pluto ] then PLUTO=`pwd`/../../../programs/pluto/pluto WHACK=`pwd`/../../../programs/pluto/whack fi fi export PLUTO export WHACK if [ -z "${TESTING:-}" ] then if [ -d ${MYBOX:-}/testing ] then TESTING=$MYBOX/testing elif [ -d testing ] then TESTING=`pwd`/testing fi fi export TESTING if [ ! -x "$PLUTO" -a "$PLUTO" != "ipsec pluto" ] ; then echo "ERROR: Where is Pluto? Not in \"$PLUTO\"; set \$PLUTO correctly." >&2 #exit 1 fi if [ ! -x "$WHACK" -a "$WHACK" != "ipsec whack" ] ; then echo "ERROR: Where is whack? Not in \"$WHACK\"; set \$WHACK correctly." >&2 #exit 1 fi set -u export IKEPORT=8500 export DOMAIN=example export ROUTER=128.95.7.254 export WESTIP=128.95.7.1 export EASTIP=128.95.7.2 export NORTHIP=128.95.7.3 export SOUTHIP=128.95.7.4 case ${OSDEP} in cygwin_nt-5.0) export WESTIF=128.95.7.1; export EASTIF=128.95.7.2; export NORTHIF=128.95.7.3; export SOUTHIF=128.95.7.4;; linux) export WESTIF=lo:w; export EASTIF=lo:e; export NORTHIF=lo:n; export SOUTHIF=lo:s;; esac export WESTSUBNET=128.95.7.8/30 export VICTORIA=128.95.7.10 export VANCOUVER=128.95.7.11 export VANISHED=128.95.7.8 # missing, naturally export WESTSUBNET2=128.95.7.12/30 export WESTSUBNET3=128.95.7.16/30 export EASTSUBNETNET=128.95.7.20 export EASTSUBNET=$EASTSUBNETNET/30 export EASTHALFSUBNET=$EASTSUBNETNET/31 # includes Truro export TRURO=128.95.7.21 export ANTIGONISH=128.95.7.22 export ATLANTIS=128.95.7.23 # missing, naturally export EASTSUBNET2=128.95.7.24/30 export EASTSUBNET3=128.95.7.28/30 export NORTHSUBNET=128.95.7.32/30 export NORTHSUBNET2=128.95.7.36/30 export NORTHSUBNET3=128.95.7.40/30 export SOUTHSUBNET=128.95.7.44/30 export SOUTHSUBNET2=128.95.7.48/30 export SOUTHSUBNET3=128.95.7.52/30 # sometimes CMP=diff is useful CMP=${CMP:-cmp} DOPLUTO=dopluto DOWHACK=dowhack DFAIL="" XFAIL="" SFAIL="" REFMISSING="" CFAIL="" WESTHOST="--host $WESTIP --ikeport $IKEPORT" WESTNET="$WESTHOST --client $WESTSUBNET" EASTHOST="--host $EASTIP --ikeport $IKEPORT" EASTNET="$EASTHOST --client $EASTSUBNET" ANYHOST="--host %any --ikeport $IKEPORT" OPPO="--host %opportunistic --ikeport $IKEPORT" OPPONARROW="$OPPO --client 128.0.0.0/8" OPPOMISS="$OPPO --client 10.0.0.0/8" GROUP="--host %group --ikeport $IKEPORT" OPPOGROUP="--host %opportunisticgroup --ikeport $IKEPORT" WHACKWEST="${WESTWHACK:-$WHACK} --ctlbase pluto/west/pluto.west" WHACKEAST="${EASTWHACK:-$WHACK} --ctlbase pluto/east/pluto.east" # run of the mill lifetimes NORMALMARG=350 NORMALIKE=900 TIMES="--rekeymargin $NORMALMARG --ikelifetime $NORMALIKE --ipseclifetime 800" # half size, to be shorter SHORTMARG=175 SHORTIKE=450 SHORTIPSEC=400 SHORTTIMES="--rekeymargin $SHORTMARG --ikelifetime $SHORTIKE --ipseclifetime $SHORTIPSEC" # really small so we're willing to sleep through a keying interval TINYIPSECLIFETIME=40 TINYTIMES="--rekeymargin 17 --ikelifetime 45 --ipseclifetime $TINYIPSECLIFETIME" TIMES0="$TIMES --keyingtries 0" TIMES1="$TIMES --keyingtries 1" TIMES2="$TIMES --keyingtries 2" LIST="1 2 3 4 5" # dumb boilerplate TO="--updown silly --to --updown sally" function whackwest() { eval $WHACKWEST "$@" } function whackeast() { eval $WHACKEAST "$@" } function perform() { echo "$@" "$@" || echo RC: $? } function me() { perform whackwest "$@" } function him() { perform whackeast "$@" } function both() { perform whackwest "$@" perform whackeast "$@" } function me_status() { me --status | canonicize_status } function him_status() { him --status | canonicize_status } function both_status() { both --status | canonicize_status } # Grab the lifetime setting actually in states. # Turn them into shell variable assignments suitable for eval ``. function grab_lifetimes() { ( me --status ; him --status ) | sed -n -e \ '/STATE_/ { s/.*MAIN/ISAKMP/ s/.*QUICK/IPsec/ s/_I[0-4]/_I!/ s/_R[0-4]/_R!/ s/!.*EVENT_SA_\([^ ]*\)/_\1!/ s/! in \([0-9]*\)s.*/=\1/ p }' } ut() { mount -o rw,remount /testing for f do cp log/$f/wi-log log.ref/$f/wi-log done } # Check if lifetime is close to predicted time # Can't be more, but might be a bit less. # A bit is 3 seconds, for now. # Must not print variable values unless we have an error condition. function notcloseto() { if expr '(' $1 ')' '>' '(' $2 ')' >/dev/null then echo bad $3: $1 '>' $2 return 0 elif expr '(' $1 ')' '<' '(' $2 ')' - 3 >/dev/null then echo bad $3: $1 '<' $2 - 3 return 0 else echo good $3: close to $2 return 1 fi } function canonicize_status() { sed -e 's/ in [1-9][0-9]*s/ in ???s/' \ -e 's/ esp\.[0-9a-f]*@/ esp.???@/g' \ -e 's/ ah\.[0-9a-f]*@/ ah.???@/g' \ -e 's/ comp\.[0-9a-f]*@/ comp.???@/g' \ -e '/^000 my FQDN =/s/@.*/@FQDN/' }