src - OpenBSD base system

diff options


context:
space:
mode:

author	dm <dm@cvs.openbsd.org>	1996-07-18 05:01:10 +0000
committer	dm <dm@cvs.openbsd.org>	1996-07-18 05:01:10 +0000
commit	746e8c40786f598f5da99fed9714ae7961393281 (patch)
tree	7fa485ff1f4c0076948de7742853326232fa0cc1 /usr.sbin/ipftest
parent	6764f712dd3ffd42fd940f9e87d2a9109743c72d (diff)

ipfilter 3.1.0

Diffstat (limited to 'usr.sbin/ipftest')

-rw-r--r--

usr.sbin/ipftest/ipft_ef.c

-rw-r--r--

usr.sbin/ipftest/ipft_hx.c

-rw-r--r--

usr.sbin/ipftest/ipft_pc.c

-rw-r--r--

usr.sbin/ipftest/ipft_sn.c

-rw-r--r--

usr.sbin/ipftest/ipft_td.c

-rw-r--r--

usr.sbin/ipftest/ipft_tx.c

128

-rw-r--r--

usr.sbin/ipftest/ipftest.1

-rw-r--r--

usr.sbin/ipftest/ipt.c

-rw-r--r--

usr.sbin/ipftest/ipt.h

-rw-r--r--

usr.sbin/ipftest/pcap.h

-rw-r--r--

usr.sbin/ipftest/snoop.h

11 files changed, 146 insertions, 47 deletions

diff --git a/usr.sbin/ipftest/ipft_ef.c b/usr.sbin/ipftest/ipft_ef.c
index 0febf3a6c3c..f2af0bc6a61 100644
--- a/usr.sbin/ipftest/ipft_ef.c
+++ b/usr.sbin/ipftest/ipft_ef.c

@@ -47,6 +47,7 @@ etherfind -n -t

#ifndef lint

+static char rcsid[] = "$Id: ipft_ef.c,v 1.4 1996/07/18 04:59:22 dm Exp $";

#endif

static int etherf_open(), etherf_close(), etherf_readip();

diff --git a/usr.sbin/ipftest/ipft_hx.c b/usr.sbin/ipftest/ipft_hx.c
index ceed1189dfb..46c795778cf 100644
--- a/usr.sbin/ipftest/ipft_hx.c
+++ b/usr.sbin/ipftest/ipft_hx.c

@@ -30,6 +30,7 @@

#include <netinet/ip_icmp.h>

#include <netinet/tcpip.h>

#include <net/if.h>

+#include "ip_fil_compat.h"

#include <netdb.h>

#include <arpa/nameser.h>

#include <resolv.h>

@@ -38,6 +39,7 @@

#ifndef lint

+static char rcsid[] = "$Id: ipft_hx.c,v 1.2 1996/07/18 04:59:23 dm Exp $";

#endif

extern int opts;

diff --git a/usr.sbin/ipftest/ipft_pc.c b/usr.sbin/ipftest/ipft_pc.c
index 72f94900fc0..e4020efb3fa 100644
--- a/usr.sbin/ipftest/ipft_pc.c
+++ b/usr.sbin/ipftest/ipft_pc.c

@@ -30,6 +30,10 @@

#include "ipt.h"

#include "pcap.h"

+#ifndef lint

+static char rcsid[] = "$Id: ipft_pc.c,v 1.4 1996/07/18 04:59:23 dm Exp $";

+#endif

struct llc {

int lc_sz; /* LLC header length */

int lc_to; /* LLC Type offset */

diff --git a/usr.sbin/ipftest/ipft_sn.c b/usr.sbin/ipftest/ipft_sn.c
index 68978d8dc37..2e2b3370591 100644
--- a/usr.sbin/ipftest/ipft_sn.c
+++ b/usr.sbin/ipftest/ipft_sn.c

@@ -33,6 +33,10 @@

#include "ipt.h"

#include "snoop.h"

+#ifndef lint

+static char rcsid[] = "$Id: ipft_sn.c,v 1.3 1996/07/18 04:59:24 dm Exp $";

+#endif

struct llc {

int lc_sz; /* LLC header length */

int lc_to; /* LLC Type offset */

diff --git a/usr.sbin/ipftest/ipft_td.c b/usr.sbin/ipftest/ipft_td.c
index 828ac4e4fe1..6ce649dea8a 100644
--- a/usr.sbin/ipftest/ipft_td.c
+++ b/usr.sbin/ipftest/ipft_td.c

@@ -56,6 +56,7 @@ tcpdump -nqte

#ifndef lint

+static char rcsid[] = "$Id: ipft_td.c,v 1.4 1996/07/18 04:59:24 dm Exp $";

#endif

static int tcpd_open(), tcpd_close(), tcpd_readip();

diff --git a/usr.sbin/ipftest/ipft_tx.c b/usr.sbin/ipftest/ipft_tx.c
index 277613ad356..af71291e8c8 100644
--- a/usr.sbin/ipftest/ipft_tx.c
+++ b/usr.sbin/ipftest/ipft_tx.c

@@ -30,27 +30,113 @@

#include <netinet/ip_icmp.h>

#include <netinet/tcpip.h>

#include <net/if.h>

+#include "ip_fil_compat.h"

#include <netdb.h>

#include <arpa/nameser.h>

#include <resolv.h>

-#include "ip_fil.h"

#include "ipf.h"

#include "ipt.h"

#ifndef lint

+static char rcsid[] = "$Id: ipft_tx.c,v 1.4 1996/07/18 04:59:24 dm Exp $";

#endif

extern int opts;

-extern u_short portnum();

extern u_long buildopts();

+static char *tx_proto = "";

static int text_open(), text_close(), text_readip(), parseline();

+static char tcp_flagset[] = "FSRPAU";

+static u_char tcp_flags[] = { TH_FIN, TH_SYN, TH_RST, TH_PUSH,

+ TH_ACK, TH_URG };

struct ipread iptext = { text_open, text_close, text_readip };

static FILE *tfp = NULL;

static int tfd = -1;

+static u_long tx_hostnum();

+static u_short tx_portnum();

+/*

+ * returns an ip address as a long var as a result of either a DNS lookup or

+ * straight inet_addr() call

+ */

+u_long tx_hostnum(host, resolved)

+char *host;

+int *resolved;

+ struct hostent *hp;

+ struct netent *np;

+ *resolved = 0;

+ if (!strcasecmp("any",host))

+ return 0L;

+ if (isdigit(*host))

+ return inet_addr(host);

+ if (!(hp = gethostbyname(host))) {

+ if (!(np = getnetbyname(host))) {

+ *resolved = -1;

+ fprintf(stderr, "can't resolve hostname: %s\n", host);

+ return 0;

+ }

+ return np->n_net;

+ }

+ return *(u_long *)hp->h_addr;

+/*

+ * find the port number given by the name, either from getservbyname() or

+ * straight atoi()

+ */

+u_short tx_portnum(name)

+char *name;

+ struct servent *sp, *sp2;

+ u_short p1 = 0;

+ if (isdigit(*name))

+ return (u_short)atoi(name);

+ if (!tx_proto)

+ tx_proto = "tcp/udp";

+ if (strcasecmp(tx_proto, "tcp/udp")) {

+ sp = getservbyname(name, tx_proto);

+ if (sp)

+ return ntohs(sp->s_port);

+ (void) fprintf(stderr, "unknown service \"%s\".\n", name);

+ return 0;

+ }

+ sp = getservbyname(name, "tcp");

+ if (sp)

+ p1 = sp->s_port;

+ sp2 = getservbyname(name, "udp");

+ if (!sp || !sp2) {

+ (void) fprintf(stderr, "unknown tcp/udp service \"%s\".\n",

+ name);

+ return 0;

+ }

+ if (p1 != sp2->s_port) {

+ (void) fprintf(stderr, "%s %d/tcp is a different port to ",

+ name, p1);

+ (void) fprintf(stderr, "%s %d/udp\n", name, sp->s_port);

+ return 0;

+ }

+ return ntohs(p1);

+char *tx_icmptypes[] = {

+ "echorep", (char *)NULL, (char *)NULL, "unreach", "squench",

+ "redir", (char *)NULL, (char *)NULL, "echo", (char *)NULL,

+ (char *)NULL, "timex", "paramprob", "timest", "timestrep",

+ "inforeq", "inforep", "maskreq", "maskrep", "END"

+};

static int text_open(fname)

char *fname;

{

@@ -119,16 +205,15 @@ struct ip *ip;

char **ifn;

int *out;

{

- extern char *proto;

tcphdr_t th, *tcp = &th;

struct icmp icmp, *ic = &icmp;

- char *cps[20], **cpp, c, opts[68];

+ char *cps[20], **cpp, c, ipopts[68];

int i, r;

bzero((char *)ip, MAX(sizeof(*tcp), sizeof(*ic)) + sizeof(*ip));

bzero((char *)tcp, sizeof(*tcp));

bzero((char *)ic, sizeof(*ic));

- bzero(opts, sizeof(opts));

+ bzero(ipopts, sizeof(ipopts));

ip->ip_hl = sizeof(*ip) >> 2;

ip->ip_v = IPVERSION;

for (i = 0, cps[0] = strtok(line, " \b\t\r\n"); cps[i] && i < 19; )

@@ -160,15 +245,15 @@ int *out;

if (c == 't') {

ip->ip_p = IPPROTO_TCP;

ip->ip_len += sizeof(struct tcphdr);

- proto = "tcp";

+ tx_proto = "tcp";

} else if (c == 'u') {

ip->ip_p = IPPROTO_UDP;

ip->ip_len += sizeof(struct udphdr);

- proto = "udp";

+ tx_proto = "udp";

} else {

ip->ip_p = IPPROTO_ICMP;

ip->ip_len += sizeof(struct icmp);

- proto = "icmp";

+ tx_proto = "icmp";

}

cpp++;

} else

@@ -185,9 +270,9 @@ int *out;

return 1;

}

*last++ = '\0';

- tcp->th_sport = htons(portnum(last));

+ tcp->th_sport = htons(tx_portnum(last));

}

- ip->ip_src.s_addr = hostnum(*cpp, &r);

+ ip->ip_src.s_addr = tx_hostnum(*cpp, &r);

cpp++;

if (!*cpp)

return 1;

@@ -201,27 +286,28 @@ int *out;

return 1;

}

*last++ = '\0';

- tcp->th_dport = htons(portnum(last));

+ tcp->th_dport = htons(tx_portnum(last));

}

- ip->ip_dst.s_addr = hostnum(*cpp, &r);

+ ip->ip_dst.s_addr = tx_hostnum(*cpp, &r);

cpp++;

if (*cpp && ip->ip_p == IPPROTO_TCP) {

- extern char flagset[];

- extern u_char flags[];

+ extern char tcp_flagset[];

+ extern u_char tcp_flags[];

char *s, *t;

for (s = *cpp; *s; s++)

- if ((t = index(flagset, *s)))

- tcp->th_flags |= flags[t - flagset];

+ if ((t = index(tcp_flagset, *s)))

+ tcp->th_flags |= tcp_flags[t - tcp_flagset];

if (tcp->th_flags)

cpp++;

assert(tcp->th_flags != 0);

} else if (*cpp && ip->ip_p == IPPROTO_ICMP) {

- extern char *icmptypes[];

+ extern char *tx_icmptypes[];

char **s, *t;

int i;

- for (s = icmptypes, i = 0; !*s || strcmp(*s, "END"); s++, i++)

+ for (s = tx_icmptypes, i = 0; !*s || strcmp(*s, "END");

+ s++, i++)

if (*s && !strncasecmp(*cpp, *s, strlen(*s))) {

ic->icmp_type = i;

if ((t = index(*cpp, ',')))

@@ -235,9 +321,9 @@ int *out;

u_long olen;

cpp++;

- olen = buildopts(*cpp, opts);

+ olen = buildopts(*cpp, ipopts);

if (olen) {

- bcopy(opts, (char *)(ip + 1), olen);

+ bcopy(ipopts, (char *)(ip + 1), olen);

ip->ip_hl += olen >> 2;

}

diff --git a/usr.sbin/ipftest/ipftest.1 b/usr.sbin/ipftest/ipftest.1
index 2e6991a0d09..72591402fa2 100644
--- a/usr.sbin/ipftest/ipftest.1
+++ b/usr.sbin/ipftest/ipftest.1

@@ -3,7 +3,7 @@

.SH NAME

ipftest - test packet filter rules with arbitary input.

.SH SYNOPSIS

-ipftest [-vbdPSTE] [-I interface] -r <filename> [-i <filename>]

+ipftest [-vbdPSTEHX] [-I interface] -r <filename> [-i <filename>]

.SH DESCRIPTION

.LP

.PP

@@ -77,6 +77,12 @@ option combinations:

tcpdump -nqte

.fi

.LP

+.IP -H

+The input file is to be hex digits, representing the binary makeup of the

+packet. No length correction is made, if an incorrect length is put in

+the IP header.

+.IP -X

+The input file is composed of text descriptions of IP packets.

.IP -E

The input file is to be text output from etherfind. The text formats which

are currently supported are those which result from the following etherfind

diff --git a/usr.sbin/ipftest/ipt.c b/usr.sbin/ipftest/ipt.c
index 315ffd992c0..4ec9a8a5c39 100644
--- a/usr.sbin/ipftest/ipt.c
+++ b/usr.sbin/ipftest/ipt.c

@@ -39,7 +39,8 @@

#include <ctype.h>

#ifndef lint

+static char rcsid[] = "$Id: ipt.c,v 1.5 1996/07/18 04:59:25 dm Exp $";

#endif

extern int fr_check();

@@ -49,8 +50,6 @@ extern struct ipread snoop, etherf, tcpd, pcap, iptext, iphex;

extern void debug(), verbose();

struct frentry *ft_in = NULL, *ft_out = NULL;

-struct ipread *readers[] = { &iptext, &etherf, &tcpd, &snoop, &pcap, &iphex,

- NULL };

int opts = 0;

@@ -58,7 +57,7 @@ int main(argc,argv)

int argc;

char *argv[];

{

- struct ipread **r = readers;

+ struct ipread *r = &iptext;

struct frentry *f;

struct ip *ip;

u_long buf[64];

@@ -66,7 +65,7 @@ char *argv[];

char *rules = NULL, *datain = NULL, *iface = NULL;

int fd, i, dir = 0;

- while ((c = getopt(argc, argv, "bdEHi:I:Pr:STv")) != -1)

+ while ((c = getopt(argc, argv, "bdEHi:I:Pr:STvX")) != -1)

switch (c)

{

case 'b' :

@@ -88,29 +87,22 @@ char *argv[];

opts |= OPT_VERBOSE;

break;

case 'E' :