1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 | #!/bin/bash #shebang must be bash. print_args() { echo "1st is [$1]" echo "2nd is [$2]" echo "3rd is [$3]" echo "4th is [$4]" echo "5th is [$5]" echo "6th is [$6]" echo "7th is [$7]" echo "8th is [$8]" } VAR1=(1 2 "3 4" 5) print_args "${VAR1[@]}" VAR2="11 22 \"33 44\" 55" #eval "VAR2=($VAR2)" declare -a "VAR2=($(echo $VAR2 | tr '`$<>' '????'))" print_args "${VAR2[@]}" |
拉丁语的格
名词
1 2 3 4 | Nominative: 主格,Genitive: 属格,Dative: 与格,Accusative: 宾格 Ablative: 离格、夺格,Locative: 位格,Vocative: 呼格 -ere = to do = -en, -ern, -eln in German |
https://www.online-latin-dictionary.com/
| singular | plural | ||
|---|---|---|---|
| 1ST DECLENSION | |||
| aqua, -ae, f. water | |||
| nom | aqua | aquae | |
| gen | aquae | aquārum | |
| dat | aquae | aquīs | |
| acc | aquam | aquās | |
| abl | aquā | aquīs | |
| 2ND DECLENSION | |||
| servus, -ī, m. slave | |||
| nom | servus | servī | |
| gen | servī | servōrum | |
| dat | servō | servīs | |
| acc | servum | servōs | |
| abl | servō | servīs | |
| dōnum, -ī, n. gift | |||
| nom | dōnum | dōna | |
| gen | dōnī | dōnōrum | |
| dat | dōnō | dōnīs | |
| acc | dōnum | dōna | |
| abl | dōnō | dōnīs | |
| 3RD DECLENSION | |||
| rēx, rēgis, m. king | |||
| nom | rēx | rēgēs | |
| gen | rēgis | rēgum | |
| dat | rēgī | rēgibus | |
| acc | rēgem | rēgēs | |
| abl | rēge | rēgibus | |
| corpus, corporis, n. body | |||
| nom | corpus | corpora | |
| gen | corporis | corporum | |
| dat | corporī | corporibus | |
| acc | corpus | corpora | |
| abl | corpore | corporibus | |
| 3RD DECLENSION I-STEM | |||
| cīvis, -is, m. citizen | |||
| nom | cīvis | cīvēs | |
| gen | cīvis | cīvium | |
| dat | cīvī | cīvibus | |
| acc | cīvem | cīvēs | |
| abl | cīve | cīvibus | |
| mare, -is, n. sea | |||
| nom | mare | maria | |
| gen | maris | marium | |
| dat | marī | maribus | |
| acc | mare | maria | |
| abl | marī | maribus | |
| 4TH DECLENSION | |||
| frūctus, -ūs, m. fruit | |||
| nom | frūctus | frūctūs | |
| gen | frūctūs | frūctuum | |
| dat | frūctuī | frūctibus | |
| acc | frūctum | frūctūs | |
| abl | frūctū | frūctibus | |
| cornū, -ūs, n. horn | |||
| nom | cornū | cornua | |
| gen | cornūs | cornuum | |
| dat | cornū | cornibus | |
| acc | cornū | cornua | |
| abl | cornū | cornibus | |
| 5TH DECLENSION | |||
| rēs, reī, f. thing | |||
| nom | rēs | rēs | |
| gen | reī | rērum | |
| dat | reī | rēbus | |
| acc | rem | rēs | |
| abl | rē | rēbus | |
| diēs, diēī, m. day | |||
| nom | diēs | diēs | |
| gen | diēī | diērum | |
| dat | diēī | diēbus | |
| acc | diem | diēs | |
| abl | diē | diēbus | |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 | go to go went gone ago agere egi actum actus III 做 amo amare avi atum amatus I 爱 audio audire audivi auditum auditus IV 听 capio capere cepi captum captus III 拿,夺取 deleo delere delevi deletum deletus II 毁坏,摧毁 dico dicere dixi dictum dictus III 说 do dare dedi datum datus I 给 duco ducere duxi ductum ductus III 引领,领导 facio facere feci factum factus III 做,制作,使成为 finio finire finivi finitum finitus IV 结束 habeo habere habui habitum habitus II 有 laboro laborare laboravi laboratum laboratus I 劳动 laudo laudare laudavi laudatum laudatus I 表扬 lego legere legi lectum lectus III 读 maneo manere mansi mansum mansus II 留下,逗留 mitto mittere misi missum missus III 派遣,寄,送 moneo monere monui monitum monitus II 劝告 opto optare optavi optatum optatus I 希望 rego regere rexi rectum rectus III 管理 scribo scribere scripsi scriptum scriptus III 写 sentio sentire sensi sensum sensus IV 感觉,感知 venio venire veni ventum ventus IV 来 video videre vidi visum visus II 看见 vinco vincere vici victum victus III 战胜 vivo vivere vixi victum victus III 生活 |
refer to:
https://www.zhihu.com/people/calvinx-28
https://www.thoughtco.com/endings-of-latin-nouns-third-declension-117591
https://www.zhihu.com/question/32303392?sort=created
https://wenku.baidu.com/view/20e6b28ccd7931b765ce0508763231126fdb776d.html
https://www.zhihu.com/question/28861260
StrongSwan配置多个子网
ipsec.conf方式
conn myikesettings
keyexchange=ikev1
left=10.0.0.1
right=10.0.0.2
leftcert=mycert.pem
rightcert=othercert.oem
ike=aesgcm16-prfsha256-modp3072!
esp=aesgcm16-modp3072!
auto=add
conn sa_1
leftsubnet=192.168.1.0/24
rightsubnet=192.168.51.0/24
also=myikesettings
conn sa_2
leftsubnet=192.168.2.0/24
rightsubnet=192.168.52.0/24
also=myikesettings |
1 2 3 4 | ipsec restart ipsec reload ipsec up sa_1 ipsec up sa_2 |
swanctl方式
connections { host-host { ... children { host-host1 { local_ts=10.1.0.0/24 remote_ts=10.2.0.0/24 ... } host-host2 { local_ts=10.1.0.0/24 remote_ts=10.2.0.0/24 ... } } } } |
1 2 3 4 | charon & swanctl --load-all --clear swanctl --initiate --child host-host1 swanctl --initiate --child host-host2 |
refer to:
https://wiki.strongswan.org/projects/strongswan/wiki/FAQ#Multiple-subnets-per-SA
overlayfs mount: Stale file handle
The reason is that the content of lowerdir or upperdir is not synchronized with workdir.
Just clean the workdir will be ok.
recover terminal tty
When my terminal is in gui mode using such as ncurses library, if exception occurs, my console may be soiled. Just blindly type command below to recover it.
1 2 | #reset stty sane <press enter key> |
mount squashfs: Operation not permitted
Need recompile Linux kernel with squashfs support.
1 2 3 4 | CONFIG_SQUASHFS Location: -> File systems -> Miscellaneous filesystems (MISC_FILESYSTEMS [=y]) |
Or use user space cmd
1 | squashfuse ./sysrcd.dat sysrcd_dir |
SecureFX连接失败
连接linux主机A失败,返回
i Available Remote Kex Methods = curve25519-sha256,curve25519-sha256@libssh.org,... i Selected Kex Method = |
连接linux主机B成功,返回
i Available Remote Kex Methods = curve25519-sha256@libssh.org,ecdh-sha2-nistp256,... i Selected Kex Method = diffie-hellman-group14-sha1 |
原因是主机A中的OpenSSH升级了,可用以下命令确认
1 | ssh -V |
解决办法为,在/etc/ssh/sshd_config文件尾部加入
1 2 3 | #Ciphers aes128-cbc #MACs hmac-md5,hmac-sha1 KexAlgorithms diffie-hellman-group14-sha1 |
重启sshd
1 | service sshd restart |
refer to:
https://blog.csdn.net/lk_db/article/details/50964912
验证IPSec抗重放攻击
linux内核xfrm参数replay-window用于设定抗重放攻击效果。
replay-window为0表示不启用抗重放攻击,大于0时表示当前esp/ah包活动序列窗口大小,序号太旧的包因赶不上活动窗口而被丢弃或回复失败包。
在基于
StrongSwan PSK RSA
连通的环境下。
在C机器中编辑/etc/strongswan.d/charon.conf,更改replay-window值。
重启strongswan并启动连接后,可能通过命令
1 | ip xfrm state |
查看strongswan有没有将参数值设定到内核中。
在B机器中
1 | apt install tcpreplay |
在B机器中启动两个wireshark进程,分别抓包vmnet2和vmnet3。
当B和C中的strongswan都启动并连通后,在A中ping D的ip。
此时在B中抓vmnet3上的esp包,抓了几个后,点击对应wireshark窗口菜单
1 | File/Export Specified Packet |
将这些esp包保存为文件
1 | /tmp/esp-b2c.pcapng |
在A中停止ping D的ip。
在B的bash中执行
1 | tcpreplay -i enp2s6 /tmp/esp-b2c.pcapng |
其中enp2s6是网卡vmnet3对应的识别名。
可以看到,
当C中的replay-window参数设为0时,B中的vmnet2上会抓到模拟重放的icmp ping包,并且方向是10.2.0.10至10.1.0.10。
当C中的replay-window参数不为0时,B中的vmnet2上抓不到模拟重放的icmp ping包。
一旦重启B或C中的strongswan,使用旧的esp-b2c.pcapng文件重放时,不管C中的replay-window取何值,B中的vmnet2上都不会出现模拟重放包。
Strongswan中验证NATT
在基于
StrongSwan PSK RSA
连通的环境下。
四台虚拟机ABCD,三段Host Only虚拟网络vmnet2、vmnet3、vmnet4,DHCP都禁掉。
1 2 3 4 5 6 7 8 9 10 | A vmnet2: 10.1.0.10/24 gw 10.1.0.2 B vmnet2: 10.1.0.2/24 vmnet3: 192.168.0.12/24 <--这里变了 C vmnet3: 192.168.0.3/24 vmnet4: 10.2.0.2/24 D vmnet4: 10.2.0.10/24 gw 10.2.0.2 |
在B的bash中执行
1 2 | iptables -t nat -A POSTROUTING -s 192.168.0.12 -j SNAT --to-source 192.168.0.2 iptables -t nat -A PREROUTING -d 192.168.0.2 -j DNAT --to-destination 192.168.0.12 |
在B中用ifconfig命令查看vmnet3的hwaddr,比如为00:0c:29:5a:fc:8e。
在C的bash中执行
1 | arp -s 192.168.0.2 00:0c:29:5a:fc:8e |
修改B的ipsec.conf中指定conn下的left为192.168.0.12。
而仍将C的ipsec.conf中指定conn下的right设为192.168.0.2。
之后再重启BC中的strongswan并连接会看到第5条ISAKMP消息开始端口都走4500了。