diff options
Diffstat (limited to 'usr.sbin')
39 files changed, 3 insertions, 9584 deletions
diff --git a/usr.sbin/Makefile b/usr.sbin/Makefile index 2a2dac56d80..45aeb5579d4 100644 --- a/usr.sbin/Makefile +++ b/usr.sbin/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.77 2001/05/29 21:41:23 millert Exp $ +# $OpenBSD: Makefile,v 1.78 2001/05/30 02:11:04 deraadt Exp $ # not yet done: catman @@ -6,8 +6,8 @@ SUBDIR= ac accton adduser amd arp bootpd bootpgw bootpef bootptest \ chroot config cron dev_mkdb dhcp \ - edquota gspa httpd inetd iostat ipfs \ - ipftest ipmon ipsend kgmon kvm_mkdb lpr \ + edquota gspa httpd inetd iostat \ + kgmon kvm_mkdb lpr \ mailwrapper map-mbone mrinfo mopd mrouted mtrace mtree named \ netgroup_mkdb openssl pkg pkg_install portmap ppp pppd pppoe pstat \ pwd_mkdb quot quotaon rarpd rbootd rdconfig rdate repquota rmt \ diff --git a/usr.sbin/ipfs/Makefile b/usr.sbin/ipfs/Makefile deleted file mode 100644 index 1f4d4359651..00000000000 --- a/usr.sbin/ipfs/Makefile +++ /dev/null @@ -1,8 +0,0 @@ -# $OpenBSD: Makefile,v 1.1 2001/01/17 06:31:06 fgsch Exp $ - -PROG= ipfs -MAN= ipfs.8 - -CFLAGS+=-I${.CURDIR}/../../sbin/ipf - -.include <bsd.prog.mk> diff --git a/usr.sbin/ipfs/ipfs.8 b/usr.sbin/ipfs/ipfs.8 deleted file mode 100644 index e321feed9d7..00000000000 --- a/usr.sbin/ipfs/ipfs.8 +++ /dev/null @@ -1,121 +0,0 @@ -.\" $OpenBSD: ipfs.8,v 1.3 2001/01/30 04:29:08 kjell Exp $ -.\" -.TH IPFS 8 -.SH NAME -ipfs \- saves and restores information for NAT and state tables. -.SH SYNOPSIS -.B ipfs -[-nv] -l -.PP -.B ipfs -[-nv] -u -.PP -.B ipfs -[-nv] [ -.B \-d -<\fIdirname\fP> -] -R -.PP -.B ipfs -[-nv] [ -.B \-d -<\fIdirname\fP> -] -W -.PP -.B ipfs -[-nNSv] [ -.B \-f -<\fIfilename\fP> -] -r -.PP -.B ipfs -[-nNSv] [ -.B \-f -<\fIfilename\fP> -] -w -.PP -.B ipfs -[-nNSv] -.B \-f -<\fIfilename\fP> -.B \-i -<if1>,<if2> -.SH DESCRIPTION -.PP -\fBipfs\fP allows state information created for NAT entries and rules using -\fIkeep state\fP to be locked (modification prevented) and then saved to disk, -allowing for the system to experience a reboot, followed by the restoration -of that information, resulting in connections not being interrupted. -.SH OPTIONS -.TP -.B \-d -Change the default directory used with -.B \-R -and -.B \-W -options for saving state information. -.B \-n -Don't actually take any action that would effect information stored in -the kernel or on disk. -.TP -.B \-v -Provides a verbose description of what's being done. -.TP -.B \-N -Operate on NAT information. -.TP -.B \-S -Operate on filtering state information. -.TP -.B \-u -Unlock state tables in the kernel. -.TP -.B \-l -Unlock state tables in the kernel. -.TP -.B \-r -Read information in from the specified file and load it into the -kernel. This requires the state tables to have already been locked -and does not change the lock once comlete. -.TP -.B \-w -Write information out to the specified file and from the kernel. -This requires the state tables to have already been locked -and does not change the lock once comlete. -.TP -.B \-R -Restores all saved state information, if any, from two files, -\fIipstate.ipf\fP and \fIipnat.ipf\fP, stored in the \fI/var/db/ipf\fP -directory unless otherwise specified the -.B \-d -option is used. The state tables are locked at the beginning of this -operation and unlocked once complete. -.TP -.B \-W -Saves in-kernel state information, if any, out to two files, -\fIipstate.ipf\fP and \fIipnat.ipf\fP, stored in the \fI/var/db/ipf\fP -directory unless otherwise specified the -.B \-d -option is used. The state tables are locked at the beginning of this -operation and unlocked once complete. -.DT -.SH FILES -/var/db/ipf/ipstate.ipf -.br -/var/db/ipf/ipnat.ipf -.br -/dev/ipl -.br -/dev/ipstate -.br -/dev/ipnat -.SH SEE ALSO -ipf(8), ipl(4), ipmon(8), ipnat(8) -.SH DIAGNOSTICS -.PP -Perhaps the -W and -R operations should set the locking but rather than -undo it, restore it to what it was previously. Fragment table information -is currently not saved. -.SH BUGS -.PP -If you find any, please send email to me at darrenr@pobox.com diff --git a/usr.sbin/ipfs/ipfs.c b/usr.sbin/ipfs/ipfs.c deleted file mode 100644 index 093ca5dad06..00000000000 --- a/usr.sbin/ipfs/ipfs.c +++ /dev/null @@ -1,795 +0,0 @@ -/* $OpenBSD: ipfs.c,v 1.3 2001/01/30 04:29:08 kjell Exp $ */ - -/* - * Copyright (C) 1999 by Darren Reed. - * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. - */ -#ifdef __FreeBSD__ -# include <osreldate.h> -#endif -#include <stdio.h> -#include <unistd.h> -#include <string.h> -#include <fcntl.h> -#include <errno.h> -#if !defined(__SVR4) && !defined(__GNUC__) -#include <strings.h> -#endif -#include <sys/types.h> -#include <sys/param.h> -#include <sys/file.h> -#include <stdlib.h> -#include <stddef.h> -#include <sys/socket.h> -#include <sys/ioctl.h> -#include <netinet/in.h> -#include <netinet/in_systm.h> -#include <sys/time.h> -#include <net/if.h> -#if __FreeBSD_version >= 300000 -# include <net/if_var.h> -#endif -#include <netinet/ip.h> -#include <netdb.h> -#include <arpa/nameser.h> -#include <resolv.h> -#include <netinet/ip_fil_compat.h> -#include <netinet/ip_fil.h> -#include <netinet/ip_nat.h> -#include <netinet/ip_state.h> -#include "ipf.h" - -#if !defined(lint) -static const char rcsid[] = "@(#)$IPFilter: ipfs.c,v 2.6.2.3 2001/01/10 06:20:12 darrenr Exp $"; -#endif - -#ifndef IPF_SAVEDIR -# define IPF_SAVEDIR "/var/db/ipf" -#endif -#ifndef IPF_NATFILE -# define IPF_NATFILE "ipnat.ipf" -#endif -#ifndef IPF_STATEFILE -# define IPF_STATEFILE "ipstate.ipf" -#endif - -#if !defined(__SVR4) && defined(__GNUC__) -extern char *index __P((const char *, int)); -#endif - -extern char *optarg; - -int main __P((int, char *[])); -void usage __P((void)); -int changestateif __P((char *, char *)); -int changenatif __P((char *, char *)); -int readstate __P((int, char *)); -int readnat __P((int, char *)); -int writestate __P((int, char *)); -int opendevice __P((char *)); -void closedevice __P((int)); -int setlock __P((int, int)); -int writeall __P((char *)); -int readall __P((char *)); -int writenat __P((int, char *)); - -int opts = 0; - - -void usage() -{ - fprintf(stderr, "usage: ipfs [-nv] -l\n"); - fprintf(stderr, "usage: ipfs [-nv] -u\n"); - fprintf(stderr, "usage: ipfs [-nv] [-d <dir>] -R\n"); - fprintf(stderr, "usage: ipfs [-nv] [-d <dir>] -W\n"); - fprintf(stderr, "usage: ipfs [-nNSv] [-f <file>] -r\n"); - fprintf(stderr, "usage: ipfs [-nNSv] [-f <file>] -w\n"); - fprintf(stderr, "usage: ipfs [-nNSv] -f <filename> -i <if1>,<if2>\n"); - exit(1); -} - - -/* - * Change interface names in state information saved out to disk. - */ -int changestateif(ifs, fname) -char *ifs, *fname; -{ - int fd, olen, nlen, rw; - ipstate_save_t ips; - off_t pos; - char *s; - - s = strchr(ifs, ','); - if (!s) - usage(); - *s++ = '\0'; - nlen = strlen(s); - olen = strlen(ifs); - if (nlen >= sizeof(ips.ips_is.is_ifname) || - olen >= sizeof(ips.ips_is.is_ifname)) - usage(); - - fd = open(fname, O_RDWR); - if (fd == -1) { - perror("open"); - exit(1); - } - - for (pos = 0; read(fd, &ips, sizeof(ips)) == sizeof(ips); ) { - rw = 0; - if (!strncmp(ips.ips_is.is_ifname[0], ifs, olen + 1)) { - strcpy(ips.ips_is.is_ifname[0], s); - rw = 1; - } - if (!strncmp(ips.ips_is.is_ifname[1], ifs, olen + 1)) { - strcpy(ips.ips_is.is_ifname[1], s); - rw = 1; - } - if (rw == 1) { - if (lseek(fd, pos, SEEK_SET) != pos) { - perror("lseek"); - exit(1); - } - if (write(fd, &ips, sizeof(ips)) != sizeof(ips)) { - perror("write"); - exit(1); - } - } - pos = lseek(fd, 0, SEEK_CUR); - } - close(fd); - - return 0; -} - - -/* - * Change interface names in NAT information saved out to disk. - */ -int changenatif(ifs, fname) -char *ifs, *fname; -{ - int fd, olen, nlen, rw; - nat_save_t ipn; - nat_t *nat; - off_t pos; - char *s; - - s = strchr(ifs, ','); - if (!s) - usage(); - *s++ = '\0'; - nlen = strlen(s); - olen = strlen(ifs); - nat = &ipn.ipn_nat; - if (nlen >= sizeof(nat->nat_ifname) || olen >= sizeof(nat->nat_ifname)) - usage(); - - fd = open(fname, O_RDWR); - if (fd == -1) { - perror("open"); - exit(1); - } - - for (pos = 0; read(fd, &ipn, sizeof(ipn)) == sizeof(ipn); ) { - rw = 0; - if (!strncmp(nat->nat_ifname, ifs, olen + 1)) { - strcpy(nat->nat_ifname, s); - rw = 1; - } - if (rw == 1) { - if (lseek(fd, pos, SEEK_SET) != pos) { - perror("lseek"); - exit(1); - } - if (write(fd, &ipn, sizeof(ipn)) != sizeof(ipn)) { - perror("write"); - exit(1); - } - } - pos = lseek(fd, 0, SEEK_CUR); - } - close(fd); - - return 0; -} - - -int main(argc,argv) -int argc; -char *argv[]; -{ - int c, lock = -1, devfd = -1, err = 0, rw = -1, ns = -1, set = 0; - char *dirname = NULL, *filename = NULL, *ifs = NULL; - - while ((c = getopt(argc, argv, "d:f:lNnSRruvWw")) != -1) - switch (c) - { - case 'd' : - if ((set == 0) && !dirname && !filename) - dirname = optarg; - else - usage(); - break; - case 'f' : - if ((set == 0) && !dirname && !filename) - filename = optarg; - else - usage(); - break; - case 'i' : - ifs = optarg; - set = 1; - break; - case 'l' : - if (filename || dirname || set) - usage(); - lock = 1; - set = 1; - break; - case 'n' : - opts |= OPT_DONOTHING; - break; - case 'N' : - if ((ns > 0) || dirname || (rw != -1) || set) - usage(); - ns = 0; - set = 1; - break; - case 'r' : - if ((ns > 0) || dirname || (rw != -1)) - usage(); - rw = 0; - set = 1; - break; - case 'R' : - rw = 2; - set = 1; - break; - case 'S' : - if ((ns > 0) || dirname || (rw != -1) || set) - usage(); - ns = 1; - set = 1; - break; - case 'u' : - if (filename || dirname || set) - usage(); - lock = 0; - set = 1; - break; - case 'v' : - opts |= OPT_VERBOSE; - break; - case 'w' : - if ((ns > 0) || dirname || (rw != -1) || (ns == -1)) - usage(); - rw = 1; - set = 1; - break; - case 'W' : - rw = 3; - set = 1; - break; - case '?' : - default : - usage(); - } - - if (ifs) { - if (!filename || ns<0) - usage(); - if (ns == 0) - return changenatif(ifs, filename); - else - return changestateif(ifs, filename); - } - - if ((ns >= 0) || (lock >= 0)) { - if (lock >= 0) - devfd = opendevice(NULL); - else if (ns >= 0) { - if (ns == 1) - devfd = opendevice(IPL_STATE); - else if (ns == 0) - devfd = opendevice(IPL_NAT); - } - if (devfd == -1) - exit(1); - } - - if (lock >= 0) - err = setlock(devfd, lock); - else if (rw >= 0) { - if (rw & 1) { /* WRITE */ - if (rw & 2) - err = writeall(dirname); - else { - if (ns == 0) - err = writenat(devfd, filename); - else if (ns == 1) - err = writestate(devfd, filename); - } - } else { - if (rw & 2) - err = readall(dirname); - else { - if (ns == 0) - err = readnat(devfd, filename); - else if (ns == 1) - err = readstate(devfd, filename); - } - } - } - return err; -} - - -int opendevice(ipfdev) -char *ipfdev; -{ - int fd = -1; - - if (opts & OPT_DONOTHING) - return -2; - - if (!ipfdev) - ipfdev = IPL_NAME; - - if ((fd = open(ipfdev, O_RDWR)) == -1) - if ((fd = open(ipfdev, O_RDONLY)) == -1) - perror("open device"); - return fd; -} - - -void closedevice(fd) -int fd; -{ - close(fd); -} - - -int setlock(fd, lock) -int fd, lock; -{ - if (opts & OPT_VERBOSE) - printf("Turn lock %s\n", lock ? "on" : "off"); - if (!(opts & OPT_DONOTHING)) { - if (ioctl(fd, SIOCSTLCK, &lock) == -1) { - perror("SIOCSTLCK"); - return 1; - } - if (opts & OPT_VERBOSE) - printf("Lock now %s\n", lock ? "on" : "off"); - } - return 0; -} - - -int writestate(fd, file) -int fd; -char *file; -{ - ipstate_save_t ips, *ipsp; - int wfd = -1; - - if (!file) - file = IPF_STATEFILE; - - wfd = open(file, O_WRONLY|O_TRUNC|O_CREAT, 0600); - if (wfd == -1) { - fprintf(stderr, "%s ", file); - perror("state:open"); - return 1; - } - - ipsp = &ips; - bzero((char *)ipsp, sizeof(ips)); - - do { - if (opts & OPT_VERBOSE) - printf("Getting state from addr %p\n", ips.ips_next); - if (ioctl(fd, SIOCSTGET, &ipsp)) { - if (errno == ENOENT) - break; - perror("state:SIOCSTGET"); - close(wfd); - return 1; - } - if (opts & OPT_VERBOSE) - printf("Got state next %p\n", ips.ips_next); - if (write(wfd, ipsp, sizeof(ips)) != sizeof(ips)) { - perror("state:write"); - close(wfd); - return 1; - } - } while (ips.ips_next != NULL); - close(wfd); - - return 0; -} - - -int readstate(fd, file) -int fd; -char *file; -{ - ipstate_save_t ips, *is, *ipshead = NULL, *is1, *ipstail = NULL; - int sfd = -1, i; - - if (!file) - file = IPF_STATEFILE; - - sfd = open(file, O_RDONLY, 0600); - if (sfd == -1) { - fprintf(stderr, "%s ", file); - perror("open"); - return 1; - } - - bzero((char *)&ips, sizeof(ips)); - - /* - * 1. Read all state information in. - */ - do { - i = read(sfd, &ips, sizeof(ips)); - if (i == -1) { - perror("read"); - close(sfd); - return 1; - } - if (i == 0) - break; - if (i != sizeof(ips)) { - fprintf(stderr, "incomplete read: %d != %d\n", i, - (int)sizeof(ips)); - close(sfd); - return 1; - } - is = (ipstate_save_t *)malloc(sizeof(*is)); - if(!is) { - fprintf(stderr, "malloc failed\n"); - return 1; - } - - bcopy((char *)&ips, (char *)is, sizeof(ips)); - - /* - * Check to see if this is the first state entry that will - * reference a particular rule and if so, flag it as such - * else just adjust the rule pointer to become a pointer to - * the other. We do this so we have a means later for tracking - * who is referencing us when we get back the real pointer - * in is_rule after doing the ioctl. - */ - for (is1 = ipshead; is1 != NULL; is1 = is1->ips_next) - if (is1->ips_rule == is->ips_rule) - break; - if (is1 == NULL) - is->ips_is.is_flags |= FI_NEWFR; - else - is->ips_rule = (void *)&is1->ips_rule; - - /* - * Use a tail-queue type list (add things to the end).. - */ - is->ips_next = NULL; - if (!ipshead) - ipshead = is; - if (ipstail) - ipstail->ips_next = is; - ipstail = is; - } while (1); - - close(sfd); - - for (is = ipshead; is; is = is->ips_next) { - if (opts & OPT_VERBOSE) - printf("Loading new state table entry\n"); - if (is->ips_is.is_flags & FI_NEWFR) { - if (opts & OPT_VERBOSE) - printf("Loading new filter rule\n"); - } - if (!(opts & OPT_DONOTHING)) - if (ioctl(fd, SIOCSTPUT, &is)) { - perror("SIOCSTPUT"); - return 1; - } - - if (is->ips_is.is_flags & FI_NEWFR) { - if (opts & OPT_VERBOSE) - printf("Real rule addr %p\n", is->ips_rule); - for (is1 = is->ips_next; is1; is1 = is1->ips_next) - if (is1->ips_rule == (frentry_t *)&is->ips_rule) - is1->ips_rule = is->ips_rule; - } - } - - return 0; -} - - -int readnat(fd, file) -int fd; -char *file; -{ - nat_save_t ipn, *in, *ipnhead = NULL, *in1, *ipntail = NULL, *ipnp; - int nfd = -1, i; - nat_t *nat; - - if (!file) - file = IPF_NATFILE; - - nfd = open(file, O_RDONLY); - if (nfd == -1) { - fprintf(stderr, "%s ", file); - perror("nat:open"); - return 1; - } - - bzero((char *)&ipn, sizeof(ipn)); - - /* - * 1. Read all state information in. - */ - do { - i = read(nfd, &ipn, sizeof(ipn)); - if (i == -1) { - perror("read"); - close(nfd); - return 1; - } - if (i == 0) - break; - if (i != sizeof(ipn)) { - fprintf(stderr, "incomplete read: %d != %d\n", i, - (int)sizeof(ipn)); - close(nfd); - return 1; - } - - if (ipn.ipn_dsize > 0) { - char *s = ipnp->ipn_data; - int n = ipnp->ipn_dsize; - - n -= sizeof(ipnp->ipn_data); - in = malloc(sizeof(*in) + n); - if (!in) - break; - - s += sizeof(ipnp->ipn_data); - i = read(nfd, s, n); - if (i == 0) - break; - if (i != n) { - fprintf(stderr, "incomplete read: %d != %d\n", - i, n); - close(nfd); - return 1; - } - } else - in = (nat_save_t *)malloc(sizeof(*in)); - bcopy((char *)&ipnp, (char *)in, sizeof(ipn)); - - /* - * Check to see if this is the first state entry that will - * reference a particular rule and if so, flag it as such - * else just adjust the rule pointer to become a pointer to - * the other. We do this so we have a means later for tracking - * who is referencing us when we get back the real pointer - * in is_rule after doing the ioctl. - */ - nat = &in->ipn_nat; - if (nat->nat_fr != NULL) { - for (in1 = ipnhead; in1 != NULL; in1 = in1->ipn_next) - if (in1->ipn_rule == nat->nat_fr) - break; - if (in1 == NULL) - nat->nat_flags |= FI_NEWFR; - else - nat->nat_fr = &in1->ipn_fr; - } - - /* - * Use a tail-queue type list (add things to the end).. - */ - in->ipn_next = NULL; - if (!ipnhead) - ipnhead = in; - if (ipntail) - ipntail->ipn_next = in; - ipntail = in; - } while (1); - - close(nfd); - - for (in = ipnhead; in; in = in->ipn_next) { - if (opts & OPT_VERBOSE) - printf("Loading new NAT table entry\n"); - nat = &in->ipn_nat; - if (nat->nat_flags & FI_NEWFR) { - if (opts & OPT_VERBOSE) - printf("Loading new filter rule\n"); - } - if (!(opts & OPT_DONOTHING)) - if (ioctl(fd, SIOCSTPUT, &in)) { - perror("SIOCSTPUT"); - return 1; - } - - if (nat->nat_flags & FI_NEWFR) { - if (opts & OPT_VERBOSE) - printf("Real rule addr %p\n", nat->nat_fr); - for (in1 = in->ipn_next; in1; in1 = in1->ipn_next) - if (in1->ipn_rule == &in->ipn_fr) - in1->ipn_rule = nat->nat_fr; - } - } - - return 0; -} - - -int writenat(fd, file) -int fd; -char *file; -{ - nat_save_t *ipnp = NULL, *next = NULL; - int nfd = -1; - natget_t ng; - - if (!file) - file = IPF_NATFILE; - - nfd = open(file, O_WRONLY|O_TRUNC|O_CREAT, 0600); - if (nfd == -1) { - fprintf(stderr, "%s ", file); - perror("nat:open"); - return 1; - } - - - do { - if (opts & OPT_VERBOSE) - printf("Getting nat from addr %p\n", ipnp); - ng.ng_ptr = next; - ng.ng_sz = 0; - if (ioctl(fd, SIOCSTGSZ, &ng)) { - perror("nat:SIOCSTGSZ"); - close(nfd); - return 1; - } - - if (opts & OPT_VERBOSE) - printf("NAT size %d from %p\n", ng.ng_sz, ng.ng_ptr); - - if (ng.ng_sz == 0) - break; - - if (!ipnp) - ipnp = malloc(ng.ng_sz); - else - ipnp = realloc((char *)ipnp, ng.ng_sz); - if (!ipnp) { - fprintf(stderr, - "malloc for %d bytes failed\n", ng.ng_sz); - break; - } - - bzero((char *)ipnp, ng.ng_sz); - ipnp->ipn_next = next; - if (ioctl(fd, SIOCSTGET, &ipnp)) { - if (errno == ENOENT) - break; - perror("nat:SIOCSTGET"); - close(nfd); - return 1; - } - - if (opts & OPT_VERBOSE) - printf("Got nat next %p\n", ipnp->ipn_next); - if (write(nfd, ipnp, ng.ng_sz) != ng.ng_sz) { - perror("nat:write"); - close(nfd); - return 1; - } - next = ipnp->ipn_next; - } while (ipnp && next); - close(nfd); - - return 0; -} - - -int writeall(dirname) -char *dirname; -{ - int fd, devfd; - - if (!dirname) - dirname = IPF_SAVEDIR; - - if (chdir(dirname)) { - perror("chdir(IPF_SAVEDIR)"); - return 1; - } - - fd = opendevice(NULL); - if (fd == -1) - return 1; - if (setlock(fd, 1)) { - close(fd); - return 1; - } - - devfd = opendevice(IPL_STATE); - if (devfd == -1) - return 1; - if (writestate(devfd, NULL)) - return 1; - close(devfd); - - devfd = opendevice(IPL_NAT); - if (devfd == -1) - return 1; - if (writenat(devfd, NULL)) - return 1; - close(devfd); - - if (setlock(fd, 0)) { - close(fd); - return 1; - } - - return 0; -} - - -int readall(dirname) -char *dirname; -{ - int fd, devfd; - - if (!dirname) - dirname = IPF_SAVEDIR; - - if (chdir(dirname)) { - perror("chdir(IPF_SAVEDIR)"); - return 1; - } - - fd = opendevice(NULL); - if (fd == -1) - return 1; - if (setlock(fd, 1)) { - close(fd); - return 1; - } - - devfd = opendevice(IPL_STATE); - if (devfd == -1) - return 1; - if (readstate(devfd, NULL)) - return 1; - close(devfd); - - devfd = opendevice(IPL_NAT); - if (devfd == -1) - return 1; - if (readnat(devfd, NULL)) - return 1; - close(devfd); - - if (setlock(fd, 0)) { - close(fd); - return 1; - } - - return 0; -} diff --git a/usr.sbin/ipftest/Makefile b/usr.sbin/ipftest/Makefile deleted file mode 100644 index a7c087a9a78..00000000000 --- a/usr.sbin/ipftest/Makefile +++ /dev/null @@ -1,15 +0,0 @@ -# $OpenBSD: Makefile,v 1.9 2001/01/17 06:01:21 fgsch Exp $ - -PROG= ipftest -MAN= ipftest.1 -SRCS= ipt.c fil.c ipft_hx.c ipft_sn.c ipft_ef.c ipft_td.c ipft_pc.c \ - ipft_tx.c misc.c parse.c opt.c ip_frag.c ip_nat.c ip_state.c \ - ip_auth.c ip_fil.c ip_proxy.c facpri.c natparse.c common.c ifaddr.c - -.PATH: ${.CURDIR}/../../sbin/ipf ${.CURDIR}/../../sbin/ipfstat \ - ${.CURDIR}/../../sys/netinet ${.CURDIR}/../../sbin/ipnat - -CFLAGS+=-I${.CURDIR}/../../sbin/ipf \ - -I${.CURDIR} - -.include <bsd.prog.mk> diff --git a/usr.sbin/ipftest/ipft_ef.c b/usr.sbin/ipftest/ipft_ef.c deleted file mode 100644 index ac243cc9503..00000000000 --- a/usr.sbin/ipftest/ipft_ef.c +++ /dev/null @@ -1,156 +0,0 @@ -/* $OpenBSD: ipft_ef.c,v 1.16 2001/01/30 04:31:01 kjell Exp $ */ - -/* - * Copyright (C) 1993-2000 by Darren Reed. - * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. - */ - -/* - icmp type - lnth proto source destination src port dst port - -etherfind -n - - 60 tcp 128.250.20.20 128.250.133.13 2419 telnet - -etherfind -n -t - - 0.32 91 04 131.170.1.10 128.250.133.13 - 0.33 566 udp 128.250.37.155 128.250.133.3 901 901 -*/ -#include <stdio.h> -#include <string.h> -#if !defined(__SVR4) && !defined(__GNUC__) -#include <strings.h> -#endif -#include <sys/types.h> -#include <stdlib.h> -#include <unistd.h> -#include <stddef.h> -#include <sys/socket.h> -#include <sys/ioctl.h> -#include <sys/param.h> -#include <sys/time.h> -#include <netinet/in.h> -#include <arpa/inet.h> -#include <netinet/in_systm.h> -#ifndef linux -#include <netinet/ip_var.h> -#endif -#include <netinet/ip.h> -#include <netinet/tcp.h> -#include <netinet/udp.h> -#include <netinet/ip_icmp.h> -#include <net/if.h> -#include <netdb.h> -#include <netinet/ip_fil_compat.h> -#include <netinet/tcpip.h> -#include "ipf.h" -#include "ipt.h" - -#if !defined(lint) -static const char sccsid[] = "@(#)ipft_ef.c 1.6 2/4/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)$IPFilter: ipft_ef.c,v 2.2 2000/03/13 22:10:24 darrenr Exp $"; -#endif - -static int etherf_open __P((char *)); -static int etherf_close __P((void)); -static int etherf_readip __P((char *, int, char **, int *)); - -struct ipread etherf = { etherf_open, etherf_close, etherf_readip }; - -static FILE *efp = NULL; -static int efd = -1; - - -static int etherf_open(fname) -char *fname; -{ - if (efd != -1) - return efd; - - if (!strcmp(fname, "-")) { - efd = 0; - efp = stdin; - } else { - efd = open(fname, O_RDONLY); - efp = fdopen(efd, "r"); - } - return efd; -} - - -static int etherf_close() -{ - return close(efd); -} - - -static int etherf_readip(buf, cnt, ifn, dir) -char *buf, **ifn; -int cnt, *dir; -{ - struct tcpiphdr pkt; - ip_t *ip = (ip_t *)&pkt; - struct protoent *p = NULL; - char src[16], dst[16], sprt[16], dprt[16]; - char lbuf[128], len[8], prot[8], time[8], *s; - int slen, extra = 0, i, n; - - if (!fgets(lbuf, sizeof(lbuf) - 1, efp)) - return 0; - - if ((s = strchr(lbuf, '\n'))) - *s = '\0'; - lbuf[sizeof(lbuf)-1] = '\0'; - - bzero(&pkt, sizeof(pkt)); - - if ((n = sscanf(lbuf, "%s %s %s %s %s %s", len, prot, src, dst, - sprt, dprt)) != 6) - if ((n = sscanf(lbuf, "%s %s %s %s %s %s %s", time, - len, prot, src, dst, sprt, dprt)) != 7) - return -1; - - ip->ip_p = atoi(prot); - if (ip->ip_p == 0) { - if (!(p = getprotobyname(prot))) - return -1; - ip->ip_p = p->p_proto; - } - - switch (ip->ip_p) { - case IPPROTO_TCP : - case IPPROTO_UDP : - s = strtok(NULL, " :"); - ip->ip_len += atoi(s); - if (p->p_proto == IPPROTO_TCP) - extra = sizeof(struct tcphdr); - else if (p->p_proto == IPPROTO_UDP) - extra = sizeof(struct udphdr); - break; -#ifdef IGMP - case IPPROTO_IGMP : - extra = sizeof(struct igmp); - break; -#endif - case IPPROTO_ICMP : - extra = sizeof(struct icmp); - break; - default : - break; - } - - (void) inet_aton(src, &ip->ip_src); - (void) inet_aton(dst, &ip->ip_dst); - ip->ip_len = atoi(len); - ip->ip_hl = sizeof(ip_t); - - slen = ip->ip_hl + extra; - i = MIN(cnt, slen); - bcopy((char *)&pkt, buf, i); - return i; -} diff --git a/usr.sbin/ipftest/ipft_hx.c b/usr.sbin/ipftest/ipft_hx.c deleted file mode 100644 index 64d8e514e90..00000000000 --- a/usr.sbin/ipftest/ipft_hx.c +++ /dev/null @@ -1,174 +0,0 @@ -/* $OpenBSD: ipft_hx.c,v 1.14 2001/01/30 04:31:01 kjell Exp $ */ - -/* - * Copyright (C) 1995-2000 by Darren Reed. - * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. - */ -#include <stdio.h> -#include <ctype.h> -#include <assert.h> -#include <string.h> -#include <sys/types.h> -#if !defined(__SVR4) && !defined(__svr4__) -#include <strings.h> -#else -#include <sys/byteorder.h> -#endif -#include <sys/param.h> -#include <sys/time.h> -#include <stdlib.h> -#include <unistd.h> -#include <stddef.h> -#include <sys/socket.h> -#include <sys/ioctl.h> -#include <netinet/in.h> -#include <netinet/in_systm.h> -#ifndef linux -#include <netinet/ip_var.h> -#endif -#include <netinet/ip.h> -#include <netinet/udp.h> -#include <netinet/tcp.h> -#include <netinet/ip_icmp.h> -#include <net/if.h> -#include <netdb.h> -#include <arpa/nameser.h> -#include <resolv.h> -#include <netinet/ip_fil_compat.h> -#include <netinet/tcpip.h> -#include "ipf.h" -#include "ipt.h" - -#if !defined(lint) -static const char sccsid[] = "@(#)ipft_hx.c 1.1 3/9/96 (C) 1996 Darren Reed"; -static const char rcsid[] = "@(#)$IPFilter: ipft_hx.c,v 2.2 2000/03/13 22:10:24 darrenr Exp $"; -#endif - -extern int opts; - -static int hex_open __P((char *)); -static int hex_close __P((void)); -static int hex_readip __P((char *, int, char **, int *)); -static char *readhex __P((char *, char *)); - -struct ipread iphex = { hex_open, hex_close, hex_readip }; -static FILE *tfp = NULL; -static int tfd = -1; - -static int hex_open(fname) -char *fname; -{ - if (tfp && tfd != -1) { - rewind(tfp); - return tfd; - } - - if (!strcmp(fname, "-")) { - tfd = 0; - tfp = stdin; - } else { - tfd = open(fname, O_RDONLY); - if (tfd != -1) - tfp = fdopen(tfd, "r"); - } - return tfd; -} - - -static int hex_close() -{ - int cfd = tfd; - - tfd = -1; - return close(cfd); -} - - -static int hex_readip(buf, cnt, ifn, dir) -char *buf, **ifn; -int cnt, *dir; -{ - register char *s, *t, *u; - char line[513]; - ip_t *ip; - - ip = (ip_t *)buf; - while (fgets(line, sizeof(line)-1, tfp)) { - if ((s = index(line, '\n'))) { - if (s == line) - return (char *)ip - buf; - *s = '\0'; - } - if ((s = index(line, '#'))) - *s = '\0'; - if (!*line) - continue; - if (!(opts & OPT_BRIEF)) { - printf("input: %s\n", line); - fflush(stdout); - } - - /* - * interpret start of line as possibly "[ifname]" or - * "[in/out,ifname]". - */ - if (ifn) - *ifn = NULL; - if (dir) - *dir = 0; - if ((*buf == '[') && (s = index(line, ']'))) { - t = buf + 1; - if (t - s > 0) { - if ((u = index(t, ',')) && (u < s)) { - u++; - if (ifn) - *ifn = u; - if (dir) { - if (*t == 'i') - *dir = 0; - else if (*t == 'o') - *dir = 1; - } - } else if (ifn) - *ifn = t; - *s++ = '\0'; - } - } else - s = line; - ip = (ip_t *)readhex(s, (char *)ip); - } - return -1; -} - - -static char *readhex(src, dst) -register char *src, *dst; -{ - int state = 0; - char c; - - while ((c = *src++)) { - if (isspace(c)) { - if (state) { - dst++; - state = 0; - } - continue; - } else if ((c >= '0' && c <= '9') || (c >= 'a' && c <= 'f') || - (c >= 'A' && c <= 'F')) { - c = isdigit(c) ? (c - '0') : (toupper(c) - 55); - if (state == 0) { - *dst = (c << 4); - state++; - } else { - *dst++ |= c; - state = 0; - } - } else - break; - } - return dst; -} diff --git a/usr.sbin/ipftest/ipft_pc.c b/usr.sbin/ipftest/ipft_pc.c deleted file mode 100644 index 1ce697153e6..00000000000 --- a/usr.sbin/ipftest/ipft_pc.c +++ /dev/null @@ -1,236 +0,0 @@ -/* $OpenBSD: ipft_pc.c,v 1.18 2001/01/30 04:31:01 kjell Exp $ */ - -/* - * Copyright (C) 1993-2000 by Darren Reed. - * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. - */ -#include <stdio.h> -#include <string.h> -#if !defined(__SVR4) && !defined(__GNUC__) -#include <strings.h> -#endif -#include <sys/types.h> -#include <sys/time.h> -#include <stdlib.h> -#include <unistd.h> -#include <stddef.h> -#include <sys/socket.h> -#include <sys/ioctl.h> -#include <sys/param.h> -#include <netinet/in.h> -#include <netinet/in_systm.h> -#ifndef linux -#include <netinet/ip_var.h> -#endif -#include <netinet/ip.h> -#include <netinet/tcp.h> -#include <net/if.h> -#include <netinet/ip_fil_compat.h> -#include <netinet/tcpip.h> -#include "ipf.h" -#include "pcap.h" -#include "ipt.h" - -#if !defined(lint) -static const char rcsid[] = "@(#)$IPFilter: ipft_pc.c,v 2.2 2000/03/13 22:10:24 darrenr Exp $"; -#endif - -struct llc { - int lc_sz; /* LLC header length */ - int lc_to; /* LLC Type offset */ - int lc_tl; /* LLC Type length */ -}; - -/* - * While many of these maybe the same, some do have different header formats - * which make this useful. - */ -#define DLT_MAX 14 - -static struct llc llcs[DLT_MAX] = { - { 0, 0, 0 }, /* DLT_NULL */ - { 14, 12, 2 }, /* DLT_E10MB */ - { 0, 0, 0 }, /* DLT_EN3MB */ - { 0, 0, 0 }, /* DLT_AX25 */ - { 0, 0, 0 }, /* DLT_PRONET */ - { 0, 0, 0 }, /* DLT_CHAOS */ - { 0, 0, 0 }, /* DLT_IEEE802 */ - { 0, 0, 0 }, /* DLT_ARCNET */ - { 0, 0, 0 }, /* DLT_SLIP */ - { 0, 0, 0 }, /* DLT_PPP */ - { 0, 0, 0 }, /* DLT_FDDI */ - { 0, 0, 0 }, /* DLT_ATMRFC1483 */ - { 0, 0, 0 }, /* DLT_LOOP */ - { 0, 0, 0 } /* DLT_ENC */ -}; - -static int pcap_open __P((char *)); -static int pcap_close __P((void)); -static int pcap_readip __P((char *, int, char **, int *)); -static void swap_hdr __P((pcaphdr_t *)); -static int pcap_read_rec __P((struct pcap_pkthdr *)); - -static int pfd = -1, s_type = -1, swapped = 0; - -struct ipread pcap = { pcap_open, pcap_close, pcap_readip }; - -#define SWAPLONG(y) \ - ((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff)) -#define SWAPSHORT(y) \ - ( (((y)&0xff)<<8) | (((y)&0xff00)>>8) ) - -static void swap_hdr(p) -pcaphdr_t *p; -{ - p->pc_v_maj = SWAPSHORT(p->pc_v_maj); - p->pc_v_min = SWAPSHORT(p->pc_v_min); - p->pc_zone = SWAPLONG(p->pc_zone); - p->pc_sigfigs = SWAPLONG(p->pc_sigfigs); - p->pc_slen = SWAPLONG(p->pc_slen); - p->pc_type = SWAPLONG(p->pc_type); -} - -static int pcap_open(fname) -char *fname; -{ - pcaphdr_t ph; - int fd; - - if (pfd != -1) - return pfd; - - if (!strcmp(fname, "-")) - fd = 0; - else if ((fd = open(fname, O_RDONLY)) == -1) - return -1; - - if (read(fd, (char *)&ph, sizeof(ph)) != sizeof(ph)) - return -2; - - if (ph.pc_id != TCPDUMP_MAGIC) { - if (SWAPLONG(ph.pc_id) != TCPDUMP_MAGIC) { - (void) close(fd); - return -2; - } - swapped = 1; - swap_hdr(&ph); - } - - if (ph.pc_v_maj != PCAP_VERSION_MAJ || ph.pc_type >= DLT_MAX) { - (void) close(fd); - return -2; - } - - pfd = fd; - s_type = ph.pc_type; - printf("opened pcap file %s:\n", fname); - printf("\tid: %08x version: %d.%d type: %d snap %d\n", - ph.pc_id, ph.pc_v_maj, ph.pc_v_min, ph.pc_type, ph.pc_slen); - - return fd; -} - - -static int pcap_close() -{ - return close(pfd); -} - - -/* - * read in the header (and validate) which should be the first record - * in a pcap file. - */ -static int pcap_read_rec(rec) -struct pcap_pkthdr *rec; -{ - int n, p; - - if (read(pfd, (char *)rec, sizeof(*rec)) != sizeof(*rec)) - return -2; - - if (swapped) { - rec->ph_clen = SWAPLONG(rec->ph_clen); - rec->ph_len = SWAPLONG(rec->ph_len); - rec->ph_ts.tv_sec = SWAPLONG(rec->ph_ts.tv_sec); - rec->ph_ts.tv_usec = SWAPLONG(rec->ph_ts.tv_usec); - } - p = rec->ph_clen; - n = MIN(p, rec->ph_len); - if (!n || n < 0) - return -3; - - return p; -} - - -#ifdef notyet -/* - * read an entire pcap packet record. only the data part is copied into - * the available buffer, with the number of bytes copied returned. - */ -static int pcap_read(buf, cnt) -char *buf; -int cnt; -{ - struct pcap_pkthdr rec; - static char *bufp = NULL; - int i, n; - - if ((i = pcap_read_rec(&rec)) <= 0) - return i; - - if (!bufp) - bufp = malloc(i); - else - bufp = realloc(bufp, i); - - if (read(pfd, bufp, i) != i) - return -2; - - n = MIN(i, cnt); - bcopy(bufp, buf, n); - return n; -} -#endif - - -/* - * return only an IP packet read into buf - */ -static int pcap_readip(buf, cnt, ifn, dir) -char *buf, **ifn; -int cnt, *dir; -{ - static char *bufp = NULL; - struct pcap_pkthdr rec; - struct llc *l; - char *s, ty[4]; - int i, n; - - do { - if ((i = pcap_read_rec(&rec)) <= 0) - return i; - - if (!bufp) - bufp = malloc(i); - else - bufp = realloc(bufp, i); - s = bufp; - - if (read(pfd, s, i) != i) - return -2; - - l = &llcs[s_type]; - i -= l->lc_sz; - s += l->lc_to; - bcopy(s, ty, l->lc_tl); - s += l->lc_tl; - } while (ty[0] != 0x8 && ty[1] != 0); - n = MIN(i, cnt); - bcopy(s, buf, n); - return n; -} diff --git a/usr.sbin/ipftest/ipft_sn.c b/usr.sbin/ipftest/ipft_sn.c deleted file mode 100644 index 3c8318afeab..00000000000 --- a/usr.sbin/ipftest/ipft_sn.c +++ /dev/null @@ -1,215 +0,0 @@ -/* $OpenBSD: ipft_sn.c,v 1.15 2001/01/30 04:31:01 kjell Exp $ */ - -/* - * Copyright (C) 1993-2000 by Darren Reed. - * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. - */ - -/* - * Written to comply with the recent RFC 1761 from Sun. - */ -#include <stdio.h> -#include <string.h> -#if !defined(__SVR4) && !defined(__GNUC__) -#include <strings.h> -#endif -#include <sys/types.h> -#include <stdlib.h> -#include <unistd.h> -#include <stddef.h> -#include <sys/socket.h> -#include <sys/ioctl.h> -#include <sys/param.h> -#include <sys/time.h> -#include <netinet/in.h> -#include <netinet/in_systm.h> -#ifndef linux -#include <netinet/ip_var.h> -#endif -#include <netinet/ip.h> -#include <netinet/tcp.h> -#include <net/if.h> -#include <netinet/ip_fil_compat.h> -#include <netinet/tcpip.h> -#include "ipf.h" -#include "snoop.h" -#include "ipt.h" - -#if !defined(lint) -static const char rcsid[] = "@(#)$IPFilter: ipft_sn.c,v 2.2 2000/03/13 22:10:24 darrenr Exp $"; -#endif - -struct llc { - int lc_sz; /* LLC header length */ - int lc_to; /* LLC Type offset */ - int lc_tl; /* LLC Type length */ -}; - -/* - * While many of these maybe the same, some do have different header formats - * which make this useful. - */ -static struct llc llcs[SDL_MAX+1] = { - { 0, 0, 0 }, /* SDL_8023 */ - { 0, 0, 0 }, /* SDL_8024 */ - { 0, 0, 0 }, /* SDL_8025 */ - { 0, 0, 0 }, /* SDL_8026 */ - { 14, 12, 2 }, /* SDL_ETHER */ - { 0, 0, 0 }, /* SDL_HDLC */ - { 0, 0, 0 }, /* SDL_CHSYNC */ - { 0, 0, 0 }, /* SDL_IBMCC */ - { 0, 0, 0 }, /* SDL_FDDI */ - { 0, 0, 0 }, /* SDL_OTHER */ -}; - -static int snoop_open __P((char *)); -static int snoop_close __P((void)); -static int snoop_readip __P((char *, int, char **, int *)); - -static int sfd = -1, s_type = -1; -static int snoop_read_rec __P((struct snooppkt *)); - -struct ipread snoop = { snoop_open, snoop_close, snoop_readip }; - - -static int snoop_open(fname) -char *fname; -{ - struct snoophdr sh; - int fd; - - if (sfd != -1) - return sfd; - - if (!strcmp(fname, "-")) - fd = 0; - else if ((fd = open(fname, O_RDONLY)) == -1) - return -1; - - if (read(fd, (char *)&sh, sizeof(sh)) != sizeof(sh)) - return -2; - - if (sh.s_v != SNOOP_VERSION || - sh.s_type < 0 || sh.s_type > SDL_MAX) { - (void) close(fd); - return -2; - } - - sfd = fd; - s_type = sh.s_type; - printf("opened snoop file %s:\n", fname); - printf("\tid: %8.8s version: %d type: %d\n", sh.s_id, sh.s_v, s_type); - - return fd; -} - - -static int snoop_close() -{ - return close(sfd); -} - - -/* - * read in the header (and validate) which should be the first record - * in a snoop file. - */ -static int snoop_read_rec(rec) -struct snooppkt *rec; -{ - int n, p; - - if (read(sfd, (char *)rec, sizeof(*rec)) != sizeof(*rec)) - return -2; - - if (rec->sp_ilen > rec->sp_plen || rec->sp_plen < sizeof(*rec)) - return -2; - - p = rec->sp_plen - sizeof(*rec); - n = MIN(p, rec->sp_ilen); - if (!n || n < 0) - return -3; - - return p; -} - - -#ifdef notyet -/* - * read an entire snoop packet record. only the data part is copied into - * the available buffer, with the number of bytes copied returned. - */ -static int snoop_read(buf, cnt) -char *buf; -int cnt; -{ - struct snooppkt rec; - static char *bufp = NULL; - int i, n; - - if ((i = snoop_read_rec(&rec)) <= 0) - return i; - - if (!bufp) - bufp = malloc(i); - else - bufp = realloc(bufp, i); - - if (read(sfd, bufp, i) != i) - return -2; - - n = MIN(i, cnt); - bcopy(bufp, buf, n); - return n; -} -#endif - - -/* - * return only an IP packet read into buf - */ -static int snoop_readip(buf, cnt, ifn, dir) -char *buf, **ifn; -int cnt, *dir; -{ - static char *bufp = NULL; - struct snooppkt rec; - struct llc *l; - char ty[4], *s; - int i, n; - - do { - if ((i = snoop_read_rec(&rec)) <= 0) - return i; - - if (!bufp) - bufp = malloc(i); - else - bufp = realloc(bufp, i); - s = bufp; - - if (read(sfd, s, i) != i) - return -2; - - l = &llcs[s_type]; - i -= l->lc_to; - s += l->lc_to; - /* - * XXX - bogus assumption here on the part of the time field - * that it won't be greater than 4 bytes and the 1st two will - * have the values 8 and 0 for IP. Should be a table of - * these too somewhere. Really only works for SDL_ETHER. - */ - bcopy(s, ty, l->lc_tl); - } while (ty[0] != 0x8 && ty[1] != 0); - - i -= l->lc_tl; - s += l->lc_tl; - n = MIN(i, cnt); - bcopy(s, buf, n); - - return n; -} diff --git a/usr.sbin/ipftest/ipft_td.c b/usr.sbin/ipftest/ipft_td.c deleted file mode 100644 index 3c79dbcf499..00000000000 --- a/usr.sbin/ipftest/ipft_td.c +++ /dev/null @@ -1,193 +0,0 @@ -/* $OpenBSD: ipft_td.c,v 1.16 2001/01/30 04:31:01 kjell Exp $ */ - -/* - * Copyright (C) 1993-2000 by Darren Reed. - * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. - */ - -/* -tcpdump -n - -00:05:47.816843 128.231.76.76.3291 > 224.2.252.231.36573: udp 36 (encap) - -tcpdump -nq - -00:33:48.410771 192.73.213.11.1463 > 224.2.248.153.59360: udp 31 (encap) - -tcpdump -nqt - -128.250.133.13.23 > 128.250.20.20.2419: tcp 27 - -tcpdump -nqtt - -123456789.1234567 128.250.133.13.23 > 128.250.20.20.2419: tcp 27 - -tcpdump -nqte - -8:0:20:f:65:f7 0:0:c:1:8a:c5 81: 128.250.133.13.23 > 128.250.20.20.2419: tcp 27 - -*/ -#include <stdio.h> -#include <string.h> -#if !defined(__SVR4) && !defined(__GNUC__) -#include <strings.h> -#endif -#include <sys/types.h> -#include <sys/param.h> -#include <sys/time.h> -#include <stdlib.h> -#include <unistd.h> -#include <stddef.h> -#include <sys/socket.h> -#include <sys/ioctl.h> -#include <netinet/in.h> -#include <arpa/inet.h> -#include <netinet/in_systm.h> -#ifndef linux -#include <netinet/ip_var.h> -#endif -#include <netinet/ip.h> -#include <netinet/tcp.h> -#include <netinet/udp.h> -#include <netinet/ip_icmp.h> -#include <net/if.h> -#include <netdb.h> -#include <netinet/ip_fil_compat.h> -#include <netinet/tcpip.h> -#include "ipf.h" -#include "ipt.h" - -#if !defined(lint) -static const char sccsid[] = "@(#)ipft_td.c 1.8 2/4/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)$IPFilter: ipft_td.c,v 2.2 2000/03/13 22:10:24 darrenr Exp $"; -#endif - -static int tcpd_open __P((char *)); -static int tcpd_close __P((void)); -static int tcpd_readip __P((char *, int, char **, int *)); -static int count_dots __P((char *)); - -struct ipread tcpd = { tcpd_open, tcpd_close, tcpd_readip }; - -static FILE *tfp = NULL; -static int tfd = -1; - - -static int tcpd_open(fname) -char *fname; -{ - if (tfd != -1) - return tfd; - - if (!strcmp(fname, "-")) { - tfd = 0; - tfp = stdin; - } else { - tfd = open(fname, O_RDONLY); - tfp = fdopen(tfd, "r"); - } - return tfd; -} - - -static int tcpd_close() -{ - (void) fclose(tfp); - return close(tfd); -} - - -static int count_dots(str) -char *str; -{ - int i = 0; - - while (*str) - if (*str++ == '.') - i++; - return i; -} - - -static int tcpd_readip(buf, cnt, ifn, dir) -char *buf, **ifn; -int cnt, *dir; -{ - struct tcpiphdr pkt; - ip_t *ip = (ip_t *)&pkt; - struct protoent *p; - char src[32], dst[32], misc[256], time[32], link1[32], link2[32]; - char lbuf[160], *s; - int n, dots, slen, extra = 0; - - if (!fgets(lbuf, sizeof(lbuf) - 1, tfp)) - return 0; - - if ((s = strchr(lbuf, '\n'))) - *s = '\0'; - lbuf[sizeof(lbuf)-1] = '\0'; - - bzero(&pkt, sizeof(pkt)); - - if ((n = sscanf(lbuf, "%s > %s: %s", src, dst, misc)) != 3) - if ((n = sscanf(lbuf, "%s %s > %s: %s", - time, src, dst, misc)) != 4) - if ((n = sscanf(lbuf, "%s %s: %s > %s: %s", - link1, link2, src, dst, misc)) != 5) { - n = sscanf(lbuf, "%s %s %s: %s > %s: %s", - time, link1, link2, src, dst, misc); - if (n != 6) - return -1; - } - - if ((dots = count_dots(dst)) == 4) { - s = strrchr(src, '.'); - *s++ = '\0'; - (void) inet_aton(src, &ip->ip_src); - pkt.ti_sport = htons(atoi(s)); - *--s = '.'; - s = strrchr(dst, '.'); - - *s++ = '\0'; - (void) inet_aton(src, &ip->ip_dst); - pkt.ti_dport = htons(atoi(s)); - *--s = '.'; - - } else { - (void) inet_aton(src, &ip->ip_src); - (void) inet_aton(src, &ip->ip_dst); - } - ip->ip_len = ip->ip_hl = sizeof(ip_t); - - s = strtok(misc, " :"); - if ((p = getprotobyname(s))) { - ip->ip_p = p->p_proto; - - switch (p->p_proto) { - case IPPROTO_TCP : - case IPPROTO_UDP : - s = strtok(NULL, " :"); - ip->ip_len += atoi(s); - if (p->p_proto == IPPROTO_TCP) - extra = sizeof(struct tcphdr); - else if (p->p_proto == IPPROTO_UDP) - extra = sizeof(struct udphdr); - break; -#ifdef IGMP - case IPPROTO_IGMP : - extra = sizeof(struct igmp); - break; -#endif - case IPPROTO_ICMP : - extra = sizeof(struct icmp); - break; - default : - break; - } - } - slen = ip->ip_hl + extra + ip->ip_len; - return slen; -} diff --git a/usr.sbin/ipftest/ipft_tx.c b/usr.sbin/ipftest/ipft_tx.c deleted file mode 100644 index 18548abe243..00000000000 --- a/usr.sbin/ipftest/ipft_tx.c +++ /dev/null @@ -1,352 +0,0 @@ -/* $OpenBSD: ipft_tx.c,v 1.19 2001/01/30 04:31:02 kjell Exp $ */ - -/* - * Copyright (C) 1995-2000 by Darren Reed. - * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. - */ -#include <stdio.h> -#include <ctype.h> -#include <assert.h> -#include <string.h> -#include <sys/types.h> -#if !defined(__SVR4) && !defined(__svr4__) -#include <strings.h> -#else -#include <sys/byteorder.h> -#endif -#include <sys/param.h> -#include <sys/time.h> -#include <stdlib.h> -#include <unistd.h> -#include <stddef.h> -#include <sys/socket.h> -#include <sys/ioctl.h> -#include <netinet/in.h> -#include <netinet/in_systm.h> -#ifndef linux -#include <netinet/ip_var.h> -#endif -#include <netinet/ip.h> -#include <netinet/udp.h> -#include <netinet/tcp.h> -#include <netinet/ip_icmp.h> -#include <arpa/inet.h> -#include <net/if.h> -#include <netdb.h> -#include <arpa/nameser.h> -#include <resolv.h> -#include <netinet/ip_fil_compat.h> -#include <netinet/tcpip.h> -#include "ipf.h" -#include "ipt.h" - -#if !defined(lint) -static const char sccsid[] = "@(#)ipft_tx.c 1.7 6/5/96 (C) 1993 Darren Reed"; -static const char rcsid[] = "@(#)$IPFilter: ipft_tx.c,v 2.3.2.1 2001/01/10 06:19:53 darrenr Exp $"; -#endif - -extern int opts; - -static char *tx_proto = ""; - -static int text_open __P((char *)), text_close __P((void)); -static int text_readip __P((char *, int, char **, int *)); -static int parseline __P((char *, ip_t *, char **, int *)); - -static char _tcp_flagset[] = "FSRPAUEC"; -static u_char _tcp_flags[] = { TH_FIN, TH_SYN, TH_RST, TH_PUSH, - TH_ACK, TH_URG, TH_ECN, TH_CWR }; - -struct ipread iptext = { text_open, text_close, text_readip }; -static FILE *tfp = NULL; -static int tfd = -1; - -static u_32_t tx_hostnum __P((char *, int *)); -static u_short tx_portnum __P((char *)); - - -/* - * returns an ip address as a long var as a result of either a DNS lookup or - * straight inet_addr() call - */ -static u_32_t tx_hostnum(host, resolved) -char *host; -int *resolved; -{ - struct hostent *hp; - struct netent *np; - - *resolved = 0; - if (!strcasecmp("any",host)) - return 0L; - if (isdigit(*host)) - return inet_addr(host); - - if (!(hp = gethostbyname(host))) { - if (!(np = getnetbyname(host))) { - *resolved = -1; - fprintf(stderr, "can't resolve hostname: %s\n", host); - return 0; - } - return htonl(np->n_net); - } - return *(u_32_t *)hp->h_addr; -} - - -/* - * find the port number given by the name, either from getservbyname() or - * straight atoi() - */ -static u_short tx_portnum(name) -char *name; -{ - struct servent *sp, *sp2; - u_short p1 = 0; - - if (isdigit(*name)) - return (u_short)atoi(name); - if (!tx_proto) - tx_proto = "tcp/udp"; - if (strcasecmp(tx_proto, "tcp/udp")) { - sp = getservbyname(name, tx_proto); - if (sp) - return ntohs(sp->s_port); - (void) fprintf(stderr, "unknown service \"%s\".\n", name); - return 0; - } - sp = getservbyname(name, "tcp"); - if (sp) - p1 = sp->s_port; - sp2 = getservbyname(name, "udp"); - if (!sp || !sp2) { - (void) fprintf(stderr, "unknown tcp/udp service \"%s\".\n", - name); - return 0; - } - if (p1 != sp2->s_port) { - (void) fprintf(stderr, "%s %d/tcp is a different port to ", - name, p1); - (void) fprintf(stderr, "%s %d/udp\n", name, sp->s_port); - return 0; - } - return ntohs(p1); -} - - -char *tx_icmptypes[] = { - "echorep", (char *)NULL, (char *)NULL, "unreach", "squench", - "redir", (char *)NULL, (char *)NULL, "echo", "routerad", - "routersol", "timex", "paramprob", "timest", "timestrep", - "inforeq", "inforep", "maskreq", "maskrep", "END" -}; - -static int text_open(fname) -char *fname; -{ - if (tfp && tfd != -1) { - rewind(tfp); - return tfd; - } - - if (!strcmp(fname, "-")) { - tfd = 0; - tfp = stdin; - } else { - tfd = open(fname, O_RDONLY); - if (tfd != -1) - tfp = fdopen(tfd, "r"); - } - return tfd; -} - - -static int text_close() -{ - int cfd = tfd; - - tfd = -1; - return close(cfd); -} - - -static int text_readip(buf, cnt, ifn, dir) -char *buf, **ifn; -int cnt, *dir; -{ - register char *s; - ip_t *ip; - char line[513]; - - ip = (ip_t *)buf; - *ifn = NULL; - while (fgets(line, sizeof(line)-1, tfp)) { - if ((s = index(line, '\n'))) - *s = '\0'; - if ((s = index(line, '\r'))) - *s = '\0'; - if ((s = index(line, '#'))) - *s = '\0'; - if (!*line) - continue; - if (!(opts & OPT_BRIEF)) - printf("input: %s\n", line); - *ifn = NULL; - *dir = 0; - if (!parseline(line, (ip_t *)buf, ifn, dir)) -#if 0 - return sizeof(*ip) + sizeof(tcphdr_t); -#else - return sizeof(ip_t); -#endif - } - return -1; -} - -static int parseline(line, ip, ifn, out) -char *line; -ip_t *ip; -char **ifn; -int *out; -{ - tcphdr_t th, *tcp = &th; - struct icmp icmp, *ic = &icmp; - char *cps[20], **cpp, c, ipopts[68]; - int i, r; - - if (*ifn) - free(*ifn); - bzero((char *)ip, MAX(sizeof(*tcp), sizeof(*ic)) + sizeof(*ip)); - bzero((char *)tcp, sizeof(*tcp)); - bzero((char *)ic, sizeof(*ic)); - bzero(ipopts, sizeof(ipopts)); - ip->ip_hl = sizeof(*ip) >> 2; - ip->ip_v = IPVERSION; - for (i = 0, cps[0] = strtok(line, " \b\t\r\n"); cps[i] && i < 19; ) - cps[++i] = strtok(NULL, " \b\t\r\n"); - if (i < 2) - return 1; - - cpp = cps; - - c = **cpp; - if (!isalpha(c) || (tolower(c) != 'o' && tolower(c) != 'i')) { - fprintf(stderr, "bad direction \"%s\"\n", *cpp); - return 1; - } - *out = (tolower(c) == 'o') ? 1 : 0; - cpp++; - - if (!strcasecmp(*cpp, "on")) { - cpp++; - if (!*cpp) - return 1; - *ifn = strdup(*cpp++); - } - - c = **cpp; - ip->ip_len = sizeof(ip_t); - if (!strcasecmp(*cpp, "tcp") || !strcasecmp(*cpp, "udp") || - !strcasecmp(*cpp, "icmp")) { - if (c == 't') { - ip->ip_p = IPPROTO_TCP; - ip->ip_len += sizeof(struct tcphdr); - tx_proto = "tcp"; - } else if (c == 'u') { - ip->ip_p = IPPROTO_UDP; - ip->ip_len += sizeof(struct udphdr); - tx_proto = "udp"; - } else { - ip->ip_p = IPPROTO_ICMP; - ip->ip_len += sizeof(struct icmp); - tx_proto = "icmp"; - } - cpp++; - } else if (isdigit(**cpp) && !index(*cpp, '.')) { - ip->ip_p = atoi(*cpp); - cpp++; - } else - ip->ip_p = IPPROTO_IP; - - if (!*cpp) - return 1; - if (ip->ip_p == IPPROTO_TCP || ip->ip_p == IPPROTO_UDP) { - char *last; - - last = index(*cpp, ','); - if (!last) { - fprintf(stderr, "tcp/udp with no source port\n"); - return 1; - } - *last++ = '\0'; - tcp->th_sport = htons(tx_portnum(last)); - } - ip->ip_src.s_addr = tx_hostnum(*cpp, &r); - cpp++; - if (!*cpp) - return 1; - - if (ip->ip_p == IPPROTO_TCP || ip->ip_p == IPPROTO_UDP) { - char *last; - - last = index(*cpp, ','); - if (!last) { - fprintf(stderr, "tcp/udp with no destination port\n"); - return 1; - } - *last++ = '\0'; - tcp->th_dport = htons(tx_portnum(last)); - } - ip->ip_dst.s_addr = tx_hostnum(*cpp, &r); - cpp++; - if (*cpp && ip->ip_p == IPPROTO_TCP) { - extern char _tcp_flagset[]; - extern u_char _tcp_flags[]; - char *s, *t; - - for (s = *cpp; *s; s++) - if ((t = index(_tcp_flagset, *s))) - tcp->th_flags |= _tcp_flags[t - _tcp_flagset]; - if (tcp->th_flags) - cpp++; - assert(tcp->th_flags != 0); - tcp->th_win = htons(4096); - tcp->th_off = sizeof(*tcp) >> 2; - } else if (*cpp && ip->ip_p == IPPROTO_ICMP) { - extern char *tx_icmptypes[]; - char **s, *t; - int i; - - for (s = tx_icmptypes, i = 0; !*s || strcmp(*s, "END"); - s++, i++) - if (*s && !strncasecmp(*cpp, *s, strlen(*s))) { - ic->icmp_type = i; - if ((t = index(*cpp, ','))) - ic->icmp_code = atoi(t+1); - cpp++; - break; - } - } - - if (*cpp && !strcasecmp(*cpp, "opt")) { - u_long olen; - - cpp++; - olen = buildopts(*cpp, ipopts, (ip->ip_hl - 5) << 2); - if (olen) { - bcopy(ipopts, (char *)(ip + 1), olen); - ip->ip_hl += olen >> 2; - } - } - if (ip->ip_p == IPPROTO_TCP || ip->ip_p == IPPROTO_UDP) - bcopy((char *)tcp, ((char *)ip) + (ip->ip_hl << 2), - sizeof(*tcp)); - else if (ip->ip_p == IPPROTO_ICMP) - bcopy((char *)ic, ((char *)ip) + (ip->ip_hl << 2), - sizeof(*ic)); - ip->ip_len = htons(ip->ip_len); - return 0; -} diff --git a/usr.sbin/ipftest/ipftest.1 b/usr.sbin/ipftest/ipftest.1 deleted file mode 100644 index 4f12bd10a4b..00000000000 --- a/usr.sbin/ipftest/ipftest.1 +++ /dev/null @@ -1,164 +0,0 @@ -.\" $OpenBSD: ipftest.1,v 1.16 2000/11/09 17:53:14 aaron Exp $ -.Dd May 23, 1999 -.Dt IPFTEST 1 -.Os -.Sh NAME -.Nm ipftest -.Nd test packet filter rules with arbitrary input -.Sh SYNOPSIS -.Nm ipftest -.Op Fl vbdPSTEHX -.Op Fl I Ar interface -.Fl r -.Ar filename -.Op Fl i Ar filename -.Sh DESCRIPTION -With -.Nm -operators can see the effects of an -.Nm ipf -filter ruleset on test packets, rather than having to observe -the effects of the -ruleset on live traffic. -This can reduce the disruptions experienced -during the development and refinement of secure IP environments. -.Pp -.Nm -reads test packets from -.Ar stdin -or the file specified by the -.Fl i -option, applies the ruleset specified by the -.Fl r -option to each, and generates information about the effect of the ruleset on -each packet to -.Ar stdout . -.Pp -Captured or handcrafted packets to be tested can be supplied -in a variety of formats. -See the options -.Fl P , -.Fl S , -.Fl T , -.Fl H , -and -.Fl E -for details. -In addition the -.Fl X -option gives -.Nm -the ability to use its own text description format to generate -.Dq fake -packets. -The format used is: -.Bd -ragged -in|out on -.Ar if -.Op tcp|udp|icmp -.Ar srchost -.Op , Ar port -.Ar dsthost -.Op , Ar port -.Op Fl FSRPAU -.Ed -.Pp -This allows for input or output ICMP, TCP, or UDP packets to be generated for -any interface. -For TCP or UDP it allows the specification of source and -destination ports. -For TCP it allows the specification of TCP flags. -Some examples are: -.Bd -literal -offset indent -# a UDP packet coming in on le0 -in on le0 udp 10.1.1.1,2210 10.2.1.5,23 -# an IP packet coming in on le0 from localhost - hmm :) -in on le0 localhost 10.4.12.1 -# a TCP packet going out of le0 with the SYN flag set. -out on le0 tcp 10.4.12.1,2245 10.1.1.1,23 S -.Ed -.Pp -The options are as follows: -.Bl -tag -width Ds -.It Fl v -Verbose mode. -This provides more information about which parts of rule -matching the packet passes and fails. -.It Fl d -Turn on filter rule debugging. -Currently, this only shows what caused -the rule to not match in the IP header checking (addresses/netmasks, etc). -.It Fl b -Cause the output to be a one word description of the result of passing -the packet through the filter: pass, block or nomatch. -This is used in the regression testing. -.It Fl I Ar interface -Set the interface name (used in rule matching) to be the name supplied. -This is useful with the -.Fl P , Fl S -and -.Fl E -options, where it is -not otherwise possible to associate a packet with an interface. -Normal -.Dq text packets -can override this setting. -.It Fl P -The input file is in -the binary format produced using libpcap -(i.e., -.Xr tcpdump -version 3). -Packets are read from this file as being input (for rule purposes). -An interface may be specified using -.Fl I . -.It Fl S -The input file is in -.Dq snoop -format (see RFC 1761). -Packets are read -from this file and used as input from any interface. -This is perhaps the most useful input type, currently. -.It Fl T -The input file is text output from -.Xr tcpdump . -The text formats which -are currently supported are those which result from the following -.Xr tcpdump -option combinations: -.Bd -literal -offset indent -tcpdump -n -tcpdump -nq -tcpdump -nqt -tcpdump -nqtt -tcpdump -nqte -.Ed -.It Fl H -The input file is hex digits, representing the binary makeup of the -packets. -No length correction is made if an incorrect length is put in -the IP header. -.It Fl X -The input file is composed of text descriptions of IP packets. -.It Fl E -The input file is text output from etherfind. -The text formats which -are currently supported are those which result from the following etherfind -option combinations: -.Bd -literal -offset indent -etherfind -n -etherfind -n -t -.Ed -.It Fl i Ar filename -Specify the filename from which to take input. -Default is stdin. -.It Fl r Ar filename -Specify the filename from which to read filter rules. -.El -.Sh SEE ALSO -.Xr ipf 5 , -.Xr ipf 8 , -.Xr tcpdump 8 -.Sh BUGS -Not all of the input formats are capable of introducing a -wide enough variety of packets to be useful in testing. diff --git a/usr.sbin/ipftest/ipt.c b/usr.sbin/ipftest/ipt.c deleted file mode 100644 index 9cd04817000..00000000000 --- a/usr.sbin/ipftest/ipt.c +++ /dev/null @@ -1,264 +0,0 @@ -/* $OpenBSD: ipt.c,v 1.19 2001/01/30 04:31:02 kjell Exp $ */ - -/* - * Copyright (C) 1993-2000 by Darren Reed. - * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. - */ -#ifdef __FreeBSD__ -# include <osreldate.h> -#endif -#include <stdio.h> -#include <assert.h> -#include <string.h> -#include <sys/types.h> -#if !defined(__SVR4) && !defined(__svr4__) && !defined(__sgi) -#include <strings.h> -#else -#if !defined(__sgi) -#include <sys/byteorder.h> -#endif -#include <sys/file.h> -#endif -#include <sys/param.h> -#include <sys/time.h> -#include <stdlib.h> -#include <unistd.h> -#include <stddef.h> -#include <sys/socket.h> -#include <sys/ioctl.h> -#include <netinet/in.h> -#include <netinet/in_systm.h> -#ifndef linux -#include <netinet/ip_var.h> -#endif -#include <netinet/ip.h> -#include <netinet/udp.h> -#include <netinet/tcp.h> -#include <netinet/ip_icmp.h> -#include <net/if.h> -#if __FreeBSD_version >= 300000 -# include <net/if_var.h> -#endif -#include <netdb.h> -#include <arpa/nameser.h> -#include <arpa/inet.h> -#include <resolv.h> -#include <ctype.h> -#include <netinet/ip_fil_compat.h> -#include <netinet/tcpip.h> -#include <netinet/ip_fil.h> -#include <netinet/ip_nat.h> -#include <netinet/ip_state.h> -#include "ipf.h" -#include "ipt.h" - -#if !defined(lint) -static const char sccsid[] = "@(#)ipt.c 1.19 6/3/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)$IPFilter: ipt.c,v 2.6 2000/03/13 22:10:25 darrenr Exp $"; -#endif - -extern char *optarg; -extern struct frentry *ipfilter[2][2]; -extern struct ipread snoop, etherf, tcpd, pcap, iptext, iphex; -extern struct ifnet *get_unit __P((char *, int)); -extern void init_ifp __P((void)); -extern ipnat_t *natparse __P((char *, int)); -extern int fr_running; - -int opts = 0; -#ifdef USE_INET6 -int use_inet6 = 0; -#endif -int main __P((int, char *[])); - -int main(argc,argv) -int argc; -char *argv[]; -{ - struct ipread *r = &iptext; - u_long buf[2048]; - struct ifnet *ifp; - char *rules = NULL, *datain = NULL, *iface = NULL; - ip_t *ip; - int fd, i, dir = 0, c; - - while ((c = getopt(argc, argv, "6bdEHi:I:NoPr:STvX")) != -1) - switch (c) - { -#ifdef USE_INET6 - case '6' : - use_inet6 = 1; - break; -#endif - case 'b' : - opts |= OPT_BRIEF; - break; - case 'd' : - opts |= OPT_DEBUG; - break; - case 'i' : - datain = optarg; - break; - case 'I' : - iface = optarg; - break; - case 'o' : - opts |= OPT_SAVEOUT; - break; - case 'r' : - rules = optarg; - break; - case 'v' : - opts |= OPT_VERBOSE; - break; - case 'E' : - r = ðerf; - break; - case 'H' : - r = &iphex; - break; - case 'N' : - opts |= OPT_NAT; - break; - case 'P' : - r = &pcap; - break; - case 'S' : - r = &snoop; - break; - case 'T' : - r = &tcpd; - break; - case 'X' : - r = &iptext; - break; - } - - if (!rules) { - (void)fprintf(stderr,"no rule file present\n"); - exit(-1); - } - - nat_init(); - fr_stateinit(); - initparse(); - fr_running = 1; - - if (rules) { - char line[513], *s; - void *fr; - FILE *fp; - int linenum = 0; - - if (!strcmp(rules, "-")) - fp = stdin; - else if (!(fp = fopen(rules, "r"))) { - (void)fprintf(stderr, "couldn't open %s\n", rules); - exit(-1); - } - if (!(opts & OPT_BRIEF)) - (void)printf("opening rule file \"%s\"\n", rules); - while (fgets(line, sizeof(line)-1, fp)) { - linenum++; - /* - * treat both CR and LF as EOL - */ - if ((s = index(line, '\n'))) - *s = '\0'; - if ((s = index(line, '\r'))) - *s = '\0'; - /* - * # is comment marker, everything after is a ignored - */ - if ((s = index(line, '#'))) - *s = '\0'; - - if (!*line) - continue; - - /* fake an `ioctl' call :) */ - - if ((opts & OPT_NAT) != 0) { - if (!(fr = natparse(line, linenum))) - continue; - i = IPL_EXTERN(ioctl)(IPL_LOGNAT, SIOCADNAT, - (caddr_t)&fr, - FWRITE|FREAD); - if (opts & OPT_DEBUG) - fprintf(stderr, - "iplioctl(ADNAT,%p,1) = %d\n", - fr, i); - } else { - if (!(fr = parse(line, linenum))) - continue; - i = IPL_EXTERN(ioctl)(0, SIOCADAFR, - (caddr_t)&fr, - FWRITE|FREAD); - if (opts & OPT_DEBUG) - fprintf(stderr, - "iplioctl(ADAFR,%p,1) = %d\n", - fr, i); - } - } - (void)fclose(fp); - } - - if (opts & OPT_SAVEOUT) - init_ifp(); - - if (datain) - fd = (*r->r_open)(datain); - else - fd = (*r->r_open)("-"); - - if (fd < 0) - exit(-1); - - ip = (ip_t *)buf; - while ((i = (*r->r_readip)((char *)buf, sizeof(buf), - &iface, &dir)) > 0) { - ifp = iface ? get_unit(iface, ip->ip_v) : NULL; - ip->ip_off = ntohs(ip->ip_off); - ip->ip_len = ntohs(ip->ip_len); - i = fr_check(ip, ip->ip_hl << 2, ifp, dir, (mb_t **)&buf); - if ((opts & OPT_NAT) == 0) - switch (i) - { - case -2 : - (void)printf("auth"); - break; - case -1 : - (void)printf("block"); - break; - case 0 : - (void)printf("pass"); - break; - case 1 : - (void)printf("nomatch"); - break; - } - - if (!(opts & OPT_BRIEF)) { - putchar(' '); - printpacket((ip_t *)buf); - printf("--------------"); - } else if ((opts & (OPT_BRIEF|OPT_NAT)) == (OPT_NAT|OPT_BRIEF)) - printpacket((ip_t *)buf); -#ifndef linux - if (dir && ifp && ip->ip_v) -# ifdef __sgi - (*ifp->if_output)(ifp, (void *)buf, NULL); -# else - (*ifp->if_output)(ifp, (void *)buf, NULL, 0); -# endif -#endif - if ((opts & (OPT_BRIEF|OPT_NAT)) != (OPT_NAT|OPT_BRIEF)) - putchar('\n'); - dir = 0; - } - (*r->r_close)(); - return 0; -} diff --git a/usr.sbin/ipftest/ipt.h b/usr.sbin/ipftest/ipt.h deleted file mode 100644 index 73d4bd0309d..00000000000 --- a/usr.sbin/ipftest/ipt.h +++ /dev/null @@ -1,41 +0,0 @@ -/* $OpenBSD: ipt.h,v 1.11 2001/01/17 06:01:23 fgsch Exp $ */ - -/* - * Copyright (C) 1993-2000 by Darren Reed. - * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. - * $IPFilter: ipt.h,v 2.2 2000/03/13 22:10:25 darrenr Exp $ - */ - -#ifndef __IPT_H__ -#define __IPT_H__ - -#ifndef __P -# define P_DEF -# ifdef __STDC__ -# define __P(x) x -# else -# define __P(x) () -# endif -#endif - -#include <fcntl.h> - - -struct ipread { - int (*r_open) __P((char *)); - int (*r_close) __P((void)); - int (*r_readip) __P((char *, int, char **, int *)); -}; - -extern void debug __P((char *, ...)); -extern void verbose __P((char *, ...)); - -#ifdef P_DEF -# undef __P -# undef P_DEF -#endif - -#endif /* __IPT_H__ */ diff --git a/usr.sbin/ipftest/misc.c b/usr.sbin/ipftest/misc.c deleted file mode 100644 index 261619ae38e..00000000000 --- a/usr.sbin/ipftest/misc.c +++ /dev/null @@ -1,116 +0,0 @@ -/* $OpenBSD: misc.c,v 1.14 2001/01/30 04:31:02 kjell Exp $ */ - -/* - * Copyright (C) 1993-2000 by Darren Reed. - * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. - */ -#if (SOLARIS2 >= 7) -# define _SYS_VARARGS_H -# define _VARARGS_H -#endif -#if defined(__STDC__) -# include <stdarg.h> -#else -# include <varargs.h> -#endif -#include <stdio.h> -#include <assert.h> -#include <string.h> -#include <sys/types.h> -#if !defined(__SVR4) && !defined(__svr4__) -#include <strings.h> -#else -#include <sys/byteorder.h> -#endif -#include <sys/param.h> -#include <sys/time.h> -#include <stdlib.h> -#include <unistd.h> -#include <stddef.h> -#include <sys/socket.h> -#include <sys/ioctl.h> -#include <netinet/in.h> -#include <arpa/inet.h> -#include <netinet/in_systm.h> -#ifndef linux -#include <netinet/ip_var.h> -#endif -#include <netinet/ip.h> -#include <netinet/udp.h> -#include <netinet/tcp.h> -#include <netinet/ip_icmp.h> -#include <net/if.h> -#include <netdb.h> -#include <arpa/nameser.h> -#include <resolv.h> -#include <netinet/ip_fil_compat.h> -#include <netinet/tcpip.h> -#include <netinet/ip_fil.h> -#include "ipf.h" -#include "ipt.h" - -#if !defined(lint) -static const char sccsid[] = "@(#)misc.c 1.3 2/4/96 (C) 1995 Darren Reed"; -static const char rcsid[] = "@(#)$IPFilter: misc.c,v 2.2 2000/03/13 22:10:25 darrenr Exp $"; -#endif - -extern int opts; - - -void printpacket(ip) -ip_t *ip; -{ - tcphdr_t *tcp; - - tcp = (struct tcphdr *)((char *)ip + (ip->ip_hl << 2)); - printf("ip %d(%d) %d", ip->ip_len, ip->ip_hl << 2, ip->ip_p); - if (ip->ip_off & IP_OFFMASK) - printf(" @%d", ip->ip_off << 3); - (void)printf(" %s", inet_ntoa(ip->ip_src)); - if (!(ip->ip_off & IP_OFFMASK)) - if (ip->ip_p == IPPROTO_TCP || ip->ip_p == IPPROTO_UDP) - (void)printf(",%d", ntohs(tcp->th_sport)); - (void)printf(" > "); - (void)printf("%s", inet_ntoa(ip->ip_dst)); - if (!(ip->ip_off & IP_OFFMASK)) - if (ip->ip_p == IPPROTO_TCP || ip->ip_p == IPPROTO_UDP) - (void)printf(",%d", ntohs(tcp->th_dport)); - putchar('\n'); -} - - -#if defined(__STDC__) -void verbose(char *fmt, ...) -#else -void verbose(fmt, va_alist) -char *fmt; -va_dcl -#endif -{ - va_list pvar; - - va_start(pvar, fmt); - if (opts & OPT_VERBOSE) - vprintf(fmt, pvar); - va_end(pvar); -} - - -#ifdef __STDC__ -void debug(char *fmt, ...) -#else -void debug(fmt, va_alist) -char *fmt; -va_dcl -#endif -{ - va_list pvar; - - va_start(pvar, fmt); - if (opts & OPT_DEBUG) - vprintf(fmt, pvar); - va_end(pvar); -} diff --git a/usr.sbin/ipftest/pcap.h b/usr.sbin/ipftest/pcap.h deleted file mode 100644 index 2496ac09e65..00000000000 --- a/usr.sbin/ipftest/pcap.h +++ /dev/null @@ -1,37 +0,0 @@ -/* $OpenBSD: pcap.h,v 1.11 2001/01/17 06:01:23 fgsch Exp $ */ - -/* - * Copyright (C) 1993-2000 by Darren Reed. - * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. - * $IPFilter: pcap.h,v 2.2 2000/03/13 22:10:27 darrenr Exp $ - */ -/* - * This header file is constructed to match the version described by - * PCAP_VERSION_MAJ. - * - * The structure largely derives from libpcap which wouldn't include - * nicely without bpf. - */ -typedef struct pcap_filehdr { - u_int pc_id; - u_short pc_v_maj; - u_short pc_v_min; - u_int pc_zone; - u_int pc_sigfigs; - u_int pc_slen; - u_int pc_type; -} pcaphdr_t; - -#define TCPDUMP_MAGIC 0xa1b2c3d4 - -#define PCAP_VERSION_MAJ 2 - -typedef struct pcap_pkthdr { - struct timeval ph_ts; - u_int ph_clen; - u_int ph_len; -} pcappkt_t; - diff --git a/usr.sbin/ipftest/snoop.h b/usr.sbin/ipftest/snoop.h deleted file mode 100644 index cbed990015c..00000000000 --- a/usr.sbin/ipftest/snoop.h +++ /dev/null @@ -1,49 +0,0 @@ -/* $OpenBSD: snoop.h,v 1.10 2001/01/17 06:01:23 fgsch Exp $ */ - -/* - * Copyright (C) 1993-2000 by Darren Reed. - * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. - */ - -#ifndef __SNOOP_H__ -#define __SNOOP_H__ - -/* - * written to comply with the RFC (1761) from Sun. - * $IPFilter: snoop.h,v 2.2 2000/03/13 22:10:27 darrenr Exp $ - */ -struct snoophdr { - char s_id[8]; - int s_v; - int s_type; -}; - -#define SNOOP_VERSION 2 - -#define SDL_8023 0 -#define SDL_8024 1 -#define SDL_8025 2 -#define SDL_8026 3 -#define SDL_ETHER 4 -#define SDL_HDLC 5 -#define SDL_CHSYNC 6 -#define SDL_IBMCC 7 -#define SDL_FDDI 8 -#define SDL_OTHER 9 - -#define SDL_MAX 9 - - -struct snooppkt { - int sp_olen; - int sp_ilen; - int sp_plen; - int sp_drop; - int sp_sec; - int sp_usec; -}; - -#endif /* __SNOOP_H__ */ diff --git a/usr.sbin/ipsend/Makefile b/usr.sbin/ipsend/Makefile deleted file mode 100644 index 7d87e4ed022..00000000000 --- a/usr.sbin/ipsend/Makefile +++ /dev/null @@ -1,5 +0,0 @@ -# $OpenBSD: Makefile,v 1.4 1997/09/21 11:43:47 deraadt Exp $ - -SUBDIR= ipsend ipresend iptest - -.include <bsd.subdir.mk> diff --git a/usr.sbin/ipsend/common/44arp.c b/usr.sbin/ipsend/common/44arp.c deleted file mode 100644 index 751a03549d3..00000000000 --- a/usr.sbin/ipsend/common/44arp.c +++ /dev/null @@ -1,111 +0,0 @@ -/* $OpenBSD: 44arp.c,v 1.3 2001/01/17 06:01:24 fgsch Exp $ */ - -/* - * Based upon 4.4BSD's /usr/sbin/arp - */ -#include <unistd.h> -#include <string.h> -#include <stdlib.h> -#include <sys/param.h> -#include <sys/file.h> -#include <sys/socket.h> -#include <sys/sysctl.h> -#include <net/if.h> -#include <net/if_dl.h> -#include <net/if_types.h> -#include <net/route.h> -#include <netinet/in.h> -#include <netinet/if_ether.h> -#include <arpa/inet.h> -#include <netdb.h> -#include <errno.h> -#include <nlist.h> -#include <stdio.h> -#include <netinet/in.h> -#include <netinet/ip_var.h> -#include <netinet/tcp.h> -#if __FreeBSD_version >= 300000 -# include <net/if_var.h> -#endif -#include "ipsend.h" -#include "iplang.h" - - -/* - * lookup host and return - * its IP address in address - * (4 bytes) - */ -int resolve(host, address) -char *host, *address; -{ - struct hostent *hp; - u_long add; - - add = inet_addr(host); - if (add == -1) - { - if (!(hp = gethostbyname(host))) - { - fprintf(stderr, "unknown host: %s\n", host); - return -1; - } - bcopy((char *)hp->h_addr, (char *)address, 4); - return 0; - } - bcopy((char*)&add, address, 4); - return 0; -} - - -int arp(addr, eaddr) -char *addr, *eaddr; -{ - int mib[6]; - size_t needed; - char *lim, *buf, *next; - struct rt_msghdr *rtm; - struct sockaddr_inarp *sin; - struct sockaddr_dl *sdl; - -#ifdef IPSEND - if (arp_getipv4(addr, ether) == 0) - return 0; -#endif - - mib[0] = CTL_NET; - mib[1] = PF_ROUTE; - mib[2] = 0; - mib[3] = AF_INET; - mib[4] = NET_RT_FLAGS; - mib[5] = RTF_LLINFO; - if (sysctl(mib, 6, NULL, &needed, NULL, 0) == -1) - { - perror("route-sysctl-estimate"); - exit(-1); - } - if ((buf = malloc(needed)) == NULL) - { - perror("malloc"); - exit(-1); - } - if (sysctl(mib, 6, buf, &needed, NULL, 0) == -1) - { - perror("actual retrieval of routing table"); - exit(-1); - } - lim = buf + needed; - for (next = buf; next < lim; next += rtm->rtm_msglen) - { - rtm = (struct rt_msghdr *)next; - sin = (struct sockaddr_inarp *)(rtm + 1); - sdl = (struct sockaddr_dl *)(sin + 1); - if (addr && !bcmp(addr, (char *)&sin->sin_addr, - sizeof(struct in_addr))) - { - bcopy(LLADDR(sdl), eaddr, sdl->sdl_alen); - return 0; - } - } - return -1; -} diff --git a/usr.sbin/ipsend/common/ip.c b/usr.sbin/ipsend/common/ip.c deleted file mode 100644 index 86bd2fef8b9..00000000000 --- a/usr.sbin/ipsend/common/ip.c +++ /dev/null @@ -1,349 +0,0 @@ -/* $OpenBSD: ip.c,v 1.6 2001/01/17 06:01:24 fgsch Exp $ */ - -/* - * ip.c (C) 1995-1998 Darren Reed - * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. - */ -#if !defined(lint) -static const char sccsid[] = "%W% %G% (C)1995"; -static const char rcsid[] = "@(#)$IPFilter: ip.c,v 2.1 1999/08/04 17:31:04 darrenr Exp $"; -#endif -#include <errno.h> -#include <stdio.h> -#include <stdlib.h> -#include <unistd.h> -#include <string.h> -#include <sys/types.h> -#include <netinet/in_systm.h> -#include <sys/socket.h> -#include <net/if.h> -#include <netinet/in.h> -#include <netinet/ip.h> -#include <netinet/tcp.h> -#include <netinet/udp.h> -#include <netinet/ip_icmp.h> -#include <sys/param.h> -#ifndef linux -# include <netinet/if_ether.h> -# include <netinet/ip_var.h> -# if __FreeBSD_version >= 300000 -# include <net/if_var.h> -# endif -#endif -#include "ipsend.h" - - -static char *ipbuf = NULL, *ethbuf = NULL; - - -u_short chksum(buf,len) -u_short *buf; -int len; -{ - u_long sum = 0; - int nwords = len >> 1; - - for(; nwords > 0; nwords--) - sum += *buf++; - sum = (sum>>16) + (sum & 0xffff); - sum += (sum >>16); - return (~sum); -} - - -int send_ether(nfd, buf, len, gwip) -int nfd, len; -char *buf; -struct in_addr gwip; -{ - static struct in_addr last_gw; - static char last_arp[6] = { 0, 0, 0, 0, 0, 0}; - ether_header_t *eh; - char *s; - int err; - - if (!ethbuf) - ethbuf = (char *)calloc(1, 65536+1024); - s = ethbuf; - eh = (ether_header_t *)s; - - bcopy((char *)buf, s + sizeof(*eh), len); - if (gwip.s_addr == last_gw.s_addr) - bcopy(last_arp, (char *)A_A eh->ether_dhost, 6); - else if (arp((char *)&gwip, (char *)A_A eh->ether_dhost) == -1) - { - perror("arp"); - return -2; - } - eh->ether_type = htons(ETHERTYPE_IP); - last_gw.s_addr = gwip.s_addr; - err = sendip(nfd, s, sizeof(*eh) + len); - return err; -} - - -/* - */ -int send_ip(nfd, mtu, ip, gwip, frag) -int nfd, mtu; -ip_t *ip; -struct in_addr gwip; -int frag; -{ - static struct in_addr last_gw; - static char last_arp[6] = { 0, 0, 0, 0, 0, 0}; - static u_short id = 0; - ether_header_t *eh; - ip_t ipsv; - int err, iplen; - - if (!ipbuf) - ipbuf = (char *)malloc(65536); - eh = (ether_header_t *)ipbuf; - - bzero((char *)A_A eh->ether_shost, sizeof(eh->ether_shost)); - if (last_gw.s_addr && (gwip.s_addr == last_gw.s_addr)) - bcopy(last_arp, (char *)A_A eh->ether_dhost, 6); - else if (arp((char *)&gwip, (char *)A_A eh->ether_dhost) == -1) - { - perror("arp"); - return -2; - } - bcopy((char *)A_A eh->ether_dhost, last_arp, sizeof(last_arp)); - eh->ether_type = htons(ETHERTYPE_IP); - - bcopy((char *)ip, (char *)&ipsv, sizeof(*ip)); - last_gw.s_addr = gwip.s_addr; - iplen = ip->ip_len; - ip->ip_len = htons(iplen); - if (!(frag & 2)) { - if (!ip->ip_v) - ip->ip_v = IPVERSION; - if (!ip->ip_id) - ip->ip_id = htons(id++); - if (!ip->ip_ttl) - ip->ip_ttl = 60; - } - - if (!frag || (sizeof(*eh) + iplen < mtu)) - { - ip->ip_sum = 0; - ip->ip_sum = chksum((u_short *)ip, ip->ip_hl << 2); - - bcopy((char *)ip, ipbuf + sizeof(*eh), iplen); - err = sendip(nfd, ipbuf, sizeof(*eh) + iplen); - } - else - { - /* - * Actually, this is bogus because we're putting all IP - * options in every packet, which isn't always what should be - * done. Will do for now. - */ - ether_header_t eth; - char optcpy[48], ol; - char *s; - int i, sent = 0, ts, hlen, olen; - - hlen = ip->ip_hl << 2; - if (mtu < (hlen + 8)) { - fprintf(stderr, "mtu (%d) < ip header size (%d) + 8\n", - mtu, hlen); - fprintf(stderr, "can't fragment data\n"); - return -2; - } - ol = (ip->ip_hl << 2) - sizeof(*ip); - for (i = 0, s = (char*)(ip + 1); ol > 0; ) - if (*s == IPOPT_EOL) { - optcpy[i++] = *s; - break; - } else if (*s == IPOPT_NOP) { - s++; - ol--; - } else - { - olen = (int)(*(u_char *)(s + 1)); - ol -= olen; - if (IPOPT_COPIED(*s)) - { - bcopy(s, optcpy + i, olen); - i += olen; - s += olen; - } - } - if (i) - { - /* - * pad out - */ - while ((i & 3) && (i & 3) != 3) - optcpy[i++] = IPOPT_NOP; - if ((i & 3) == 3) - optcpy[i++] = IPOPT_EOL; - } - - bcopy((char *)eh, (char *)ð, sizeof(eth)); - s = (char *)ip + hlen; - iplen = ntohs(ip->ip_len) - hlen; - ip->ip_off |= htons(IP_MF); - - while (1) - { - if ((sent + (mtu - hlen)) >= iplen) - { - ip->ip_off ^= htons(IP_MF); - ts = iplen - sent; - } - else - ts = (mtu - hlen); - ip->ip_off &= htons(0xe000); - ip->ip_off |= htons(sent >> 3); - ts += hlen; - ip->ip_len = htons(ts); - ip->ip_sum = 0; - ip->ip_sum = chksum((u_short *)ip, hlen); - bcopy((char *)ip, ipbuf + sizeof(*eh), hlen); - bcopy(s + sent, ipbuf + sizeof(*eh) + hlen, ts - hlen); - err = sendip(nfd, ipbuf, sizeof(*eh) + ts); - - bcopy((char *)ð, ipbuf, sizeof(eth)); - sent += (ts - hlen); - if (!(ntohs(ip->ip_off) & IP_MF)) - break; - else if (!(ip->ip_off & htons(0x1fff))) - { - hlen = i + sizeof(*ip); - ip->ip_hl = (sizeof(*ip) + i) >> 2; - bcopy(optcpy, (char *)(ip + 1), i); - } - } - } - - bcopy((char *)&ipsv, (char *)ip, sizeof(*ip)); - return err; -} - - -/* - * send a tcp packet. - */ -int send_tcp(nfd, mtu, ip, gwip) -int nfd, mtu; -ip_t *ip; -struct in_addr gwip; -{ - static tcp_seq iss = 2; - struct tcpiphdr *ti; - tcphdr_t *t; - int thlen, i, iplen, hlen; - u_32_t lbuf[20]; - - iplen = ip->ip_len; - hlen = ip->ip_hl << 2; - t = (tcphdr_t *)((char *)ip + hlen); - ti = (struct tcpiphdr *)lbuf; - thlen = t->th_off << 2; - if (!thlen) - thlen = sizeof(tcphdr_t); - bzero((char *)ti, sizeof(*ti)); - ip->ip_p = IPPROTO_TCP; - ti->ti_pr = ip->ip_p; - ti->ti_src = ip->ip_src; - ti->ti_dst = ip->ip_dst; - bcopy((char *)ip + hlen, (char *)&ti->ti_sport, thlen); - - if (!ti->ti_win) - ti->ti_win = htons(4096); - iss += 63; - - i = sizeof(struct tcpiphdr) / sizeof(long); - - if ((ti->ti_flags == TH_SYN) && !ntohs(ip->ip_off) && - (lbuf[i] != htonl(0x020405b4))) { - lbuf[i] = htonl(0x020405b4); - bcopy((char *)ip + hlen + thlen, (char *)ip + hlen + thlen + 4, - iplen - thlen - hlen); - thlen += 4; - } - ti->ti_off = thlen >> 2; - ti->ti_len = htons(thlen); - ip->ip_len = hlen + thlen; - ti->ti_sum = 0; - ti->ti_sum = chksum((u_short *)ti, thlen + sizeof(ip_t)); - - bcopy((char *)&ti->ti_sport, (char *)ip + hlen, thlen); - return send_ip(nfd, mtu, ip, gwip, 1); -} - - -/* - * send a udp packet. - */ -int send_udp(nfd, mtu, ip, gwip) -int nfd, mtu; -ip_t *ip; -struct in_addr gwip; -{ - struct tcpiphdr *ti; - int thlen; - u_long lbuf[20]; - - ti = (struct tcpiphdr *)lbuf; - bzero((char *)ti, sizeof(*ti)); - thlen = sizeof(udphdr_t); - ti->ti_pr = ip->ip_p; - ti->ti_src = ip->ip_src; - ti->ti_dst = ip->ip_dst; - bcopy((char *)ip + (ip->ip_hl << 2), - (char *)&ti->ti_sport, sizeof(udphdr_t)); - - ti->ti_len = htons(thlen); - ip->ip_len = (ip->ip_hl << 2) + thlen; - ti->ti_sum = 0; - ti->ti_sum = chksum((u_short *)ti, thlen + sizeof(ip_t)); - - bcopy((char *)&ti->ti_sport, - (char *)ip + (ip->ip_hl << 2), sizeof(udphdr_t)); - return send_ip(nfd, mtu, ip, gwip, 1); -} - - -/* - * send an icmp packet. - */ -int send_icmp(nfd, mtu, ip, gwip) -int nfd, mtu; -ip_t *ip; -struct in_addr gwip; -{ - struct icmp *ic; - - ic = (struct icmp *)((char *)ip + (ip->ip_hl << 2)); - - ic->icmp_cksum = 0; - ic->icmp_cksum = chksum((u_short *)ic, sizeof(struct icmp)); - - return send_ip(nfd, mtu, ip, gwip, 1); -} - - -int send_packet(nfd, mtu, ip, gwip) -int nfd, mtu; -ip_t *ip; -struct in_addr gwip; -{ - switch (ip->ip_p) - { - case IPPROTO_TCP : - return send_tcp(nfd, mtu, ip, gwip); - case IPPROTO_UDP : - return send_udp(nfd, mtu, ip, gwip); - case IPPROTO_ICMP : - return send_icmp(nfd, mtu, ip, gwip); - default : - return send_ip(nfd, mtu, ip, gwip, 1); - } -} diff --git a/usr.sbin/ipsend/common/iplang.h b/usr.sbin/ipsend/common/iplang.h deleted file mode 100644 index e52fd4be33f..00000000000 --- a/usr.sbin/ipsend/common/iplang.h +++ /dev/null @@ -1,56 +0,0 @@ -/* $OpenBSD: iplang.h,v 1.2 2001/01/17 06:01:25 fgsch Exp $ */ - -/* - * Copyright (C) 1997-1998 by Darren Reed. - * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. - */ -typedef struct iface { - int if_MTU; - char *if_name; - struct in_addr if_addr; - struct ether_addr if_eaddr; - struct iface *if_next; - int if_fd; -} iface_t; - - -typedef struct send { - struct iface *snd_if; - struct in_addr snd_gw; -} send_t; - - -typedef struct arp { - struct in_addr arp_addr; - struct ether_addr arp_eaddr; - struct arp *arp_next; -} arp_t; - - -typedef struct aniphdr { - union { - ip_t *ahu_ip; - char *ahu_data; - tcphdr_t *ahu_tcp; - udphdr_t *ahu_udp; - icmphdr_t *ahu_icmp; - } ah_un; - int ah_optlen; - int ah_lastopt; - int ah_p; - size_t ah_len; - struct aniphdr *ah_next; - struct aniphdr *ah_prev; -} aniphdr_t; - -#define ah_ip ah_un.ahu_ip -#define ah_data ah_un.ahu_data -#define ah_tcp ah_un.ahu_tcp -#define ah_udp ah_un.ahu_udp -#define ah_icmp ah_un.ahu_icmp - -extern int get_arpipv4 __P((char *, char *)); - diff --git a/usr.sbin/ipsend/common/ipsend.h b/usr.sbin/ipsend/common/ipsend.h deleted file mode 100644 index e6e64917df6..00000000000 --- a/usr.sbin/ipsend/common/ipsend.h +++ /dev/null @@ -1,71 +0,0 @@ -/* $OpenBSD: ipsend.h,v 1.4 2001/01/30 14:58:23 kjell Exp $ */ - -/* - * ipsend.h (C) 1997-1998 Darren Reed - * - * This was written to test what size TCP fragments would get through - * various TCP/IP packet filters, as used in IP firewalls. In certain - * conditions, enough of the TCP header is missing for unpredictable - * results unless the filter is aware that this can happen. - * - * The author provides this program as-is, with no gaurantee for its - * suitability for any specific purpose. The author takes no responsibility - * for the misuse/abuse of this program and provides it for the sole purpose - * of testing packet filter policies. This file maybe distributed freely - * providing it is not modified and that this notice remains in tact. - * - */ -#ifndef __P -# ifdef __STDC__ -# define __P(x) x -# else -# define __P(x) () -# endif -#endif - -#include "ip_fil_compat.h" -#ifdef linux -#include <linux/sockios.h> -#endif -#include "tcpip.h" -#include "ipt.h" -#include "ipf.h" - -extern int resolve __P((char *, char *)); -extern int arp __P((char *, char *)); -extern u_short chksum __P((u_short *, int)); -extern int send_ether __P((int, char *, int, struct in_addr)); -extern int send_ip __P((int, int, ip_t *, struct in_addr, int)); -extern int send_tcp __P((int, int, ip_t *, struct in_addr)); -extern int send_udp __P((int, int, ip_t *, struct in_addr)); -extern int send_icmp __P((int, int, ip_t *, struct in_addr)); -extern int send_packet __P((int, int, ip_t *, struct in_addr)); -extern int send_packets __P((char *, int, ip_t *, struct in_addr)); -extern u_short seclevel __P((char *)); -extern u_32_t buildopts __P((char *, char *, int)); -extern int addipopt __P((char *, struct ipopt_names *, int, char *)); -extern int initdevice __P((char *, int, int)); -extern int sendip __P((int, char *, int)); -#ifdef linux -extern struct sock *find_tcp __P((int, struct tcpiphdr *)); -#else -extern struct tcpcb *find_tcp __P((int, struct tcpiphdr *)); -#endif -extern int ip_resend __P((char *, int, struct ipread *, struct in_addr, char *)); - -extern void ip_test1 __P((char *, int, ip_t *, struct in_addr, int)); -extern void ip_test2 __P((char *, int, ip_t *, struct in_addr, int)); -extern void ip_test3 __P((char *, int, ip_t *, struct in_addr, int)); -extern void ip_test4 __P((char *, int, ip_t *, struct in_addr, int)); -extern void ip_test5 __P((char *, int, ip_t *, struct in_addr, int)); -extern void ip_test6 __P((char *, int, ip_t *, struct in_addr, int)); -extern void ip_test7 __P((char *, int, ip_t *, struct in_addr, int)); -extern int do_socket __P((char *, int, struct tcpiphdr *, struct in_addr)); -extern int openkmem __P((void)); -extern int kmemcpy __P((char *, void *, int)); - -#define KMCPY(a,b,c) kmemcpy((char *)(a), (void *)(b), (int)(c)) - -#ifndef OPT_RAW -#define OPT_RAW 0x80000 -#endif diff --git a/usr.sbin/ipsend/common/sbpf.c b/usr.sbin/ipsend/common/sbpf.c deleted file mode 100644 index fc4c0e85c2b..00000000000 --- a/usr.sbin/ipsend/common/sbpf.c +++ /dev/null @@ -1,144 +0,0 @@ -/* $OpenBSD: sbpf.c,v 1.5 2001/01/17 06:01:25 fgsch Exp $ */ - -/* - * (C)opyright 1995-1998 Darren Reed. (from tcplog) - * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. - */ -#include <stdio.h> -#include <netdb.h> -#include <string.h> -#include <unistd.h> -#include <stdlib.h> -#include <ctype.h> -#include <signal.h> -#include <errno.h> -#include <sys/types.h> -#include <sys/param.h> -#include <sys/mbuf.h> -#include <sys/time.h> -#include <sys/timeb.h> -#include <sys/socket.h> -#include <sys/file.h> -#include <sys/ioctl.h> -#if BSD < 199103 -#include <sys/fcntlcom.h> -#endif -#if (__FreeBSD_version >= 300000) -# include <sys/dirent.h> -#else -# include <sys/dir.h> -#endif -#include <net/bpf.h> - -#include <net/if.h> -#include <netinet/in.h> -#include <netinet/in_systm.h> -#include <netinet/ip.h> -#include <netinet/ip_var.h> -#include <netinet/udp.h> -#include <netinet/udp_var.h> -#include <netinet/tcp.h> -#include "ipsend.h" - -#if !defined(lint) -static const char sccsid[] = "@(#)sbpf.c 1.3 8/25/95 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)$IPFilter: sbpf.c,v 2.1 1999/08/04 17:31:13 darrenr Exp $"; -#endif - -/* - * the code herein is dervied from libpcap. - */ -static u_char *buf = NULL; -static int bufsize = 0, timeout = 1; - - -int initdevice(device, sport, tout) -char *device; -int sport, tout; -{ - struct bpf_version bv; - struct timeval to; - struct ifreq ifr; - char bpfname[16]; - int fd, i; - - fd = 0; /* shutup gcc */ - - for (i = 0; i < 16; i++) - { - (void) sprintf(bpfname, "/dev/bpf%d", i); - if ((fd = open(bpfname, O_RDWR)) >= 0) - break; - } - if (i == 16) - { - fprintf(stderr, "no bpf devices available as /dev/bpfxx\n"); - return -1; - } - - if (ioctl(fd, BIOCVERSION, (caddr_t)&bv) < 0) - { - perror("BIOCVERSION"); - return -1; - } - if (bv.bv_major != BPF_MAJOR_VERSION || - bv.bv_minor < BPF_MINOR_VERSION) - { - fprintf(stderr, "kernel bpf (v%d.%d) filter out of date:\n", - bv.bv_major, bv.bv_minor); - fprintf(stderr, "current version: %d.%d\n", - BPF_MAJOR_VERSION, BPF_MINOR_VERSION); - return -1; - } - - (void) strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name)); - if (ioctl(fd, BIOCSETIF, &ifr) == -1) - { - fprintf(stderr, "%s(%d):", ifr.ifr_name, fd); - perror("BIOCSETIF"); - exit(1); - } - /* - * get kernel buffer size - */ - if (ioctl(fd, BIOCGBLEN, &bufsize) == -1) - { - perror("BIOCSBLEN"); - exit(-1); - } - buf = (u_char*)malloc(bufsize); - /* - * set the timeout - */ - timeout = tout; - to.tv_sec = 1; - to.tv_usec = 0; - if (ioctl(fd, BIOCSRTIMEOUT, (caddr_t)&to) == -1) - { - perror("BIOCSRTIMEOUT"); - exit(-1); - } - - (void) ioctl(fd, BIOCFLUSH, 0); - return fd; -} - - -/* - * output an IP packet onto a fd opened for /dev/bpf - */ -int sendip(fd, pkt, len) -int fd, len; -char *pkt; -{ - if (write(fd, pkt, len) == -1) - { - perror("send"); - return -1; - } - - return len; -} diff --git a/usr.sbin/ipsend/common/sock.c b/usr.sbin/ipsend/common/sock.c deleted file mode 100644 index 8c169cef19a..00000000000 --- a/usr.sbin/ipsend/common/sock.c +++ /dev/null @@ -1,410 +0,0 @@ -/* $OpenBSD: sock.c,v 1.4 2001/01/17 06:01:25 fgsch Exp $ */ - -/* - * sock.c (C) 1995-1998 Darren Reed - * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. - */ -#if !defined(lint) -static const char sccsid[] = "@(#)sock.c 1.2 1/11/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)$IPFilter: sock.c,v 2.1.4.1 2000/12/16 21:05:44 darrenr Exp $"; -#endif -#include <stdio.h> -#include <unistd.h> -#include <string.h> -#include <stdlib.h> -#include <stddef.h> -#include <pwd.h> -#include <sys/types.h> -#include <sys/time.h> -#include <sys/param.h> -#include <sys/stat.h> -#ifndef ultrix -#include <fcntl.h> -#endif -#if (__FreeBSD_version >= 300000) -# include <sys/dirent.h> -#else -# include <sys/dir.h> -#endif -#define _KERNEL -#define KERNEL -#ifdef ultrix -# undef LOCORE -# include <sys/smp_lock.h> -#endif -#include <sys/file.h> -#undef _KERNEL -#undef KERNEL -#include <nlist.h> -#include <sys/user.h> -#include <sys/socket.h> -#include <sys/socketvar.h> -#include <sys/proc.h> -#if !defined(ultrix) && !defined(hpux) -# include <kvm.h> -#endif -#ifdef sun -#include <sys/systm.h> -#include <sys/session.h> -#endif -#if BSD >= 199103 -#include <sys/sysctl.h> -#include <sys/filedesc.h> -#include <paths.h> -#endif -#include <math.h> -#include <netinet/in.h> -#include <netinet/in_systm.h> -#include <netinet/ip.h> -#include <netinet/tcp.h> -#include <net/if.h> -#include <net/route.h> -#include <netinet/ip_var.h> -#include <netinet/in_pcb.h> -#include <netinet/tcp_timer.h> -#include <netinet/tcp_var.h> -#include "ipsend.h" - -int nproc; -struct proc *proc; - -#ifndef KMEM -# ifdef _PATH_KMEM -# define KMEM _PATH_KMEM -# endif -#endif -#ifndef KERNEL -# ifdef _PATH_UNIX -# define KERNEL _PATH_UNIX -# endif -#endif -#ifndef KMEM -# define KMEM "/dev/kmem" -#endif -#ifndef KERNEL -# define KERNEL "/vmunix" -#endif - - -#if BSD < 199103 -static struct proc *getproc __P((void)); -#else -static struct kinfo_proc *getproc __P((void)); -#endif - - -int kmemcpy(buf, pos, n) -char *buf; -void *pos; -int n; -{ - static int kfd = -1; - off_t offset = (u_long)pos; - - if (kfd == -1) - kfd = open(KMEM, O_RDONLY); - - if (lseek(kfd, offset, SEEK_SET) == -1) - { - perror("lseek"); - return -1; - } - if (read(kfd, buf, n) == -1) - { - perror("read"); - return -1; - } - return n; -} - -struct nlist names[4] = { - { "_proc" }, - { "_nproc" }, -#ifdef ultrix - { "_u" }, -#else - { NULL }, -#endif - { NULL } - }; - -#if BSD < 199103 -static struct proc *getproc() -{ - struct proc *p; - pid_t pid = getpid(); - int siz, n; - - n = nlist(KERNEL, names); - if (n != 0) - { - fprintf(stderr, "nlist(%#x) == %d\n", names, n); - return NULL; - } - if (KMCPY(&nproc, names[1].n_value, sizeof(nproc)) == -1) - { - fprintf(stderr, "read nproc (%#x)\n", names[1].n_value); - return NULL; - } - siz = nproc * sizeof(struct proc); - if (KMCPY(&p, names[0].n_value, sizeof(p)) == -1) - { - fprintf(stderr, "read(%#x,%#x,%d) proc\n", - names[0].n_value, &p, sizeof(p)); - return NULL; - } - proc = (struct proc *)malloc(siz); - if (KMCPY(proc, p, siz) == -1) - { - fprintf(stderr, "read(%#x,%#x,%d) proc\n", - p, proc, siz); - return NULL; - } - - p = proc; - - for (n = nproc; n; n--, p++) - if (p->p_pid == pid) - break; - if (!n) - return NULL; - - return p; -} - - -struct tcpcb *find_tcp(fd, ti) -int fd; -struct tcpiphdr *ti; -{ - struct tcpcb *t; - struct inpcb *i; - struct socket *s; - struct user *up; - struct proc *p; - struct file *f, **o; - - if (!(p = getproc())) - return NULL; -printf("fl %x ty %x cn %d mc %d\n", -f->f_flag, f->f_type, f->f_count, f->f_msgcount); - up = (struct user *)malloc(sizeof(*up)); -#ifndef ultrix - if (KMCPY(up, p->p_uarea, sizeof(*up)) == -1) - { - fprintf(stderr, "read(%#x,%#x) failed\n", p, p->p_uarea); - return NULL; - } -#else - if (KMCPY(up, names[2].n_value, sizeof(*up)) == -1) - { - fprintf(stderr, "read(%#x,%#x) failed\n", p, names[2].n_value); - return NULL; - } -#endif - - o = (struct file **)calloc(1, sizeof(*o) * (up->u_lastfile + 1)); - if (KMCPY(o, up->u_ofile, (up->u_lastfile + 1) * sizeof(*o)) == -1) - { - fprintf(stderr, "read(%#x,%#x,%d) - u_ofile - failed\n", - up->u_ofile, o, sizeof(*o)); - return NULL; - } - f = (struct file *)calloc(1, sizeof(*f)); - if (KMCPY(f, o[fd], sizeof(*f)) == -1) - { - fprintf(stderr, "read(%#x,%#x,%d) - o[fd] - failed\n", - up->u_ofile[fd], f, sizeof(*f)); - return NULL; - } - - s = (struct socket *)calloc(1, sizeof(*s)); - if (KMCPY(s, f->f_data, sizeof(*s)) == -1) - { - fprintf(stderr, "read(%#x,%#x,%d) - f_data - failed\n", - o[fd], s, sizeof(*s)); - return NULL; - } - - i = (struct inpcb *)calloc(1, sizeof(*i)); - if (KMCPY(i, s->so_pcb, sizeof(*i)) == -1) - { - fprintf(stderr, "kvm_read(%#x,%#x,%d) - so_pcb - failed\n", - s->so_pcb, i, sizeof(*i)); - return NULL; - } - - t = (struct tcpcb *)calloc(1, sizeof(*t)); - if (KMCPY(t, i->inp_ppcb, sizeof(*t)) == -1) - { - fprintf(stderr, "read(%#x,%#x,%d) - inp_ppcb - failed\n", - i->inp_ppcb, t, sizeof(*t)); - return NULL; - } - return (struct tcpcb *)i->inp_ppcb; -} -#else -static struct kinfo_proc *getproc() -{ - static struct kinfo_proc kp; - pid_t pid = getpid(); - int mib[4]; - size_t n; - - mib[0] = CTL_KERN; - mib[1] = KERN_PROC; - mib[2] = KERN_PROC_PID; - mib[3] = pid; - - n = sizeof(kp); - if (sysctl(mib, 4, &kp, &n, NULL, 0) == -1) - { - perror("sysctl"); - return NULL; - } - return &kp; -} - - -struct tcpcb *find_tcp(tfd, ti) -int tfd; -struct tcpiphdr *ti; -{ - struct tcpcb *t; - struct inpcb *i; - struct socket *s; - struct filedesc *fd; - struct kinfo_proc *p; - struct file *f, **o; - - if (!(p = getproc())) - return NULL; - - fd = (struct filedesc *)malloc(sizeof(*fd)); -#if defined( __FreeBSD_version) && __FreeBSD_version >= 500013 - if (KMCPY(fd, p->ki_fd, sizeof(*fd)) == -1) - { - fprintf(stderr, "read(%#lx,%#lx) failed\n", - (u_long)p, (u_long)p->ki_fd); - return NULL; - } -#else - if (KMCPY(fd, p->kp_proc.p_fd, sizeof(*fd)) == -1) - { - fprintf(stderr, "read(%#lx,%#lx) failed\n", - (u_long)p, (u_long)p->kp_proc.p_fd); - return NULL; - } -#endif - - o = (struct file **)calloc(1, sizeof(*o) * (fd->fd_lastfile + 1)); - if (KMCPY(o, fd->fd_ofiles, (fd->fd_lastfile + 1) * sizeof(*o)) == -1) - { - fprintf(stderr, "read(%#lx,%#lx,%lu) - u_ofile - failed\n", - (u_long)fd->fd_ofiles, (u_long)o, (u_long)sizeof(*o)); - return NULL; - } - f = (struct file *)calloc(1, sizeof(*f)); - if (KMCPY(f, o[tfd], sizeof(*f)) == -1) - { - fprintf(stderr, "read(%#lx,%#lx,%lu) - o[tfd] - failed\n", - (u_long)o[tfd], (u_long)f, (u_long)sizeof(*f)); - return NULL; - } - - s = (struct socket *)calloc(1, sizeof(*s)); - if (KMCPY(s, f->f_data, sizeof(*s)) == -1) - { - fprintf(stderr, "read(%#lx,%#lx,%lu) - f_data - failed\n", - (u_long)f->f_data, (u_long)s, (u_long)sizeof(*s)); - return NULL; - } - - i = (struct inpcb *)calloc(1, sizeof(*i)); - if (KMCPY(i, s->so_pcb, sizeof(*i)) == -1) - { - fprintf(stderr, "kvm_read(%#lx,%#lx,%lu) - so_pcb - failed\n", - (u_long)s->so_pcb, (u_long)i, (u_long)sizeof(*i)); - return NULL; - } - - t = (struct tcpcb *)calloc(1, sizeof(*t)); - if (KMCPY(t, i->inp_ppcb, sizeof(*t)) == -1) - { - fprintf(stderr, "read(%#lx,%#lx,%lu) - inp_ppcb - failed\n", - (u_long)i->inp_ppcb, (u_long)t, (u_long)sizeof(*t)); - return NULL; - } - return (struct tcpcb *)i->inp_ppcb; -} -#endif /* BSD < 199301 */ - -int do_socket(dev, mtu, ti, gwip) -char *dev; -int mtu; -struct tcpiphdr *ti; -struct in_addr gwip; -{ - struct sockaddr_in rsin, lsin; - struct tcpcb *t, tcb; - int fd, nfd, len; - - printf("Dest. Port: %d\n", ti->ti_dport); - - fd = socket(AF_INET, SOCK_STREAM, 0); - if (fd == -1) - { - perror("socket"); - return -1; - } - - if (fcntl(fd, F_SETFL, FNDELAY) == -1) - { - perror("fcntl"); - return -1; - } - - bzero((char *)&lsin, sizeof(lsin)); - lsin.sin_family = AF_INET; - bcopy((char *)&ti->ti_src, (char *)&lsin.sin_addr, - sizeof(struct in_addr)); - if (bind(fd, (struct sockaddr *)&lsin, sizeof(lsin)) == -1) - { - perror("bind"); - return -1; - } - len = sizeof(lsin); - (void) getsockname(fd, (struct sockaddr *)&lsin, &len); - ti->ti_sport = lsin.sin_port; - printf("sport %d\n", ntohs(lsin.sin_port)); - nfd = initdevice(dev, ntohs(lsin.sin_port), 1); - - if (!(t = find_tcp(fd, ti))) - return -1; - - bzero((char *)&rsin, sizeof(rsin)); - rsin.sin_family = AF_INET; - bcopy((char *)&ti->ti_dst, (char *)&rsin.sin_addr, - sizeof(struct in_addr)); - rsin.sin_port = ti->ti_dport; - if (connect(fd, (struct sockaddr *)&rsin, sizeof(rsin)) == -1 && - errno != EINPROGRESS) - { - perror("connect"); - return -1; - } - KMCPY(&tcb, t, sizeof(tcb)); - ti->ti_win = tcb.rcv_adv; - ti->ti_seq = tcb.snd_nxt - 1; - ti->ti_ack = tcb.rcv_nxt; - - if (send_tcp(nfd, mtu, (ip_t *)ti, gwip) == -1) - return -1; - (void)write(fd, "Hello World\n", 12); - sleep(2); - close(fd); - return 0; -} diff --git a/usr.sbin/ipsend/ipresend/Makefile b/usr.sbin/ipsend/ipresend/Makefile deleted file mode 100644 index f75d2ed2c40..00000000000 --- a/usr.sbin/ipsend/ipresend/Makefile +++ /dev/null @@ -1,15 +0,0 @@ -# $OpenBSD: Makefile,v 1.4 1999/02/21 23:11:05 tholo Exp $ - -PROG= ipresend -BINDIR= /usr/sbin -MAN= ipresend.1 -SRCS= ipresend.c resend.c \ - ipft_ef.c ipft_hx.c ipft_pc.c ipft_sn.c ipft_td.c ipft_tx.c opt.c \ - sock.c 44arp.c sbpf.c ip.c -CFLAGS+= -DDOSOCKET -I${.CURDIR}/../common -I${.CURDIR}/../../ipftest \ - -I${.CURDIR}/../../../sbin/ipf \ - -I${.CURDIR}/../../../sys/netinet -.PATH: ${.CURDIR}/../common ${.CURDIR}/../../ipftest \ - ${.CURDIR}/../../../sbin/ipf - -.include <bsd.prog.mk> diff --git a/usr.sbin/ipsend/ipresend/ipresend.1 b/usr.sbin/ipsend/ipresend/ipresend.1 deleted file mode 100644 index c380c638d2e..00000000000 --- a/usr.sbin/ipsend/ipresend/ipresend.1 +++ /dev/null @@ -1,119 +0,0 @@ -./" $OpenBSD: ipresend.1,v 1.10 2000/11/09 17:53:15 aaron Exp $ -.Dd October 9, 1999 -.Dt IPRESEND 1 -.Os -.Sh NAME -.Nm ipresend -.Nd resend IP packets out to network -.Sh SYNOPSIS -.Nm ipsend -.Op Fl EHPRSTX -.Op Fl d Ar device -.Op Fl g Ar gateway -.Op Fl m Ar mtu -.Op Fl r Ar filename -.Sh DESCRIPTION -.Nm -was designed to allow captured packets to be resent -onto the network for use in testing. -.Nm -supports a -number of different file formats as input, including saved snoop and -.Xr tcpdump 8 -binary data. -.Pp -.Nm -must be run as root. -.Pp -The options are as follows: -.Bl -tag -width Ds -.It Fl d Ar interface -Set the interface name to be the name supplied. -This is useful with the -.Fl P , -.Fl S , -.Fl T , -and -.Fl E -options, where it is not otherwise possible -to associate a packet with an interface. -Normal -.Sq text packets -can override this setting. -.It Fl g Ar gateway -Specify the hostname of the gateway through which to route packets. -This is required whenever the destination host isn't directly attached to the -same network as the host from which you're sending. -.It Fl m Ar mtu -Set the MTU used when sending out packets to -.Ar mtu . -This option allows you -to set a fake MTU, allowing the simulation of network interfaces with small -MTU's. -.It Fl r Ar filename -Specify the filename from which to take input. -Default is -.Va stdin . -.It Fl E -The input file is to be text output from etherfind. -The text formats which -are currently supported are those which result from the following etherfind -option combinations: -.Bd -literal -offset indent -etherfind -n -etherfind -n -t -.Ed -.It Fl H -The input file is to be hex digits, representing the binary makeup of the -packet. -No length correction is made if an incorrect length is put in -the IP header. -.It Fl P -The input file specified by -.Fl r -is a binary file produced using libpcap -(i.e., -.Xr tcpdump 8 -version 3). -Packets are read from this file as being input (for rule purposes). -.It Fl R -When sending packets out, send them out -.Sq raw -(the way they came in). -The only real significance here is that it will expect the link layer (i.e., -Ethernet) headers to be prepended to the IP packet being output. -.It Fl S -The input file is to be in -.Sq snoop -format (see -.Tn RFC 1761 ) . -Packets are read -from this file and used as input from any interface. -This is perhaps the most useful input type, currently. -.It Fl T -The input file is to be text output from -.Xr tcpdump 8 . -The text formats which -are currently supported are those which result from the following -.Xr tcpdump 8 -option combinations: -.Bd -literal -offset indent -tcpdump -n -tcpdump -nq -tcpdump -nqt -tcpdump -nqtt -tcpdump -nqte -.Ed -.It Fl X -The input file is composed of text descriptions of IP packets. -.El -.Sh SEE ALSO -.Xr ipftest 1 , -.Xr ipresend 1 , -.Xr iptest 1 , -.Xr bpf 4 , -.Xr tcpdump 8 -.Sh BUGS -Not all of the input formats are sufficiently capable of introducing a -wide enough variety of packets for them to be all useful in testing. -If you find any, please send email to me at darrenr@cyber.com.au diff --git a/usr.sbin/ipsend/ipresend/ipresend.c b/usr.sbin/ipsend/ipresend/ipresend.c deleted file mode 100644 index 5a4c4ba4aeb..00000000000 --- a/usr.sbin/ipsend/ipresend/ipresend.c +++ /dev/null @@ -1,168 +0,0 @@ -/* $OpenBSD: ipresend.c,v 1.5 2001/01/17 06:01:25 fgsch Exp $ */ - -/* - * ipresend.c (C) 1995-1998 Darren Reed - * - * This was written to test what size TCP fragments would get through - * various TCP/IP packet filters, as used in IP firewalls. In certain - * conditions, enough of the TCP header is missing for unpredictable - * results unless the filter is aware that this can happen. - * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. - */ -#if !defined(lint) -static const char sccsid[] = "%W% %G% (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)$IPFilter: ipresend.c,v 2.1 1999/08/04 17:31:05 darrenr Exp $"; -#endif -#include <stdio.h> -#include <stdlib.h> -#include <unistd.h> -#include <netdb.h> -#include <string.h> -#include <sys/types.h> -#include <sys/time.h> -#include <sys/socket.h> -#include <netinet/in.h> -#include <arpa/inet.h> -#include <netinet/in_systm.h> -#include <netinet/ip.h> -#include <netinet/tcp.h> -#include <netinet/udp.h> -#include <netinet/ip_icmp.h> -#ifndef linux -#include <netinet/ip_var.h> -#endif -#include "ipsend.h" - - -extern char *optarg; -extern int optind; -#ifndef NO_IPF -extern struct ipread snoop, pcap, etherf, iphex, tcpd, iptext; -#endif - -int opts = 0; -#ifndef DEFAULT_DEVICE -# ifdef linux -char default_device[] = "eth0"; -# else -# ifdef sun -char default_device[] = "le0"; -# else -# ifdef ultrix -char default_device[] = "ln0"; -# else -# ifdef __bsdi__ -char default_device[] = "ef0"; -# else -# ifdef __sgi -char default_device[] = "ec0"; -# else -char default_device[] = "lan0"; -# endif -# endif -# endif -# endif -# endif -#else -char default_device[] = DEFAULT_DEVICE; -#endif - - -static void usage __P((char *)); -int main __P((int, char **)); - - -static void usage(prog) -char *prog; -{ - fprintf(stderr, "Usage: %s [options] <-r filename|-R filename>\n\ -\t\t-r filename\tsnoop data file to resend\n\ -\t\t-R filename\tlibpcap data file to resend\n\ -\toptions:\n\ -\t\t-d device\tSend out on this device\n\ -\t\t-g gateway\tIP gateway to use if non-local dest.\n\ -\t\t-m mtu\t\tfake MTU to use when sending out\n\ -", prog); - exit(1); -} - - -int main(argc, argv) -int argc; -char **argv; -{ - struct in_addr gwip; - struct ipread *ipr = NULL; - char *name = argv[0], *gateway = NULL, *dev = NULL; - char *resend = NULL; - int mtu = 1500, c; - - while ((c = getopt(argc, argv, "EHPRSTXd:g:m:r:")) != -1) - switch (c) - { - case 'd' : - dev = optarg; - break; - case 'g' : - gateway = optarg; - break; - case 'm' : - mtu = atoi(optarg); - if (mtu < 28) - { - fprintf(stderr, "mtu must be > 28\n"); - exit(1); - } - case 'r' : - resend = optarg; - break; - case 'R' : - opts |= OPT_RAW; - break; -#ifndef NO_IPF - case 'E' : - ipr = ðerf; - break; - case 'H' : - ipr = &iphex; - break; - case 'P' : - ipr = &pcap; - break; - case 'S' : - ipr = &snoop; - break; - case 'T' : - ipr = &tcpd; - break; - case 'X' : - ipr = &iptext; - break; -#endif - default : - fprintf(stderr, "Unknown option \"%c\"\n", c); - usage(name); - } - - if (!ipr || !resend) - usage(name); - - gwip.s_addr = 0; - if (gateway && resolve(gateway, (char *)&gwip) == -1) - { - fprintf(stderr,"Cant resolve %s\n", gateway); - exit(2); - } - - if (!dev) - dev = default_device; - - printf("Device: %s\n", dev); - printf("Gateway: %s\n", inet_ntoa(gwip)); - printf("mtu: %d\n", mtu); - - return ip_resend(dev, mtu, ipr, gwip, resend); -} diff --git a/usr.sbin/ipsend/ipresend/resend.c b/usr.sbin/ipsend/ipresend/resend.c deleted file mode 100644 index 7890062250d..00000000000 --- a/usr.sbin/ipsend/ipresend/resend.c +++ /dev/null @@ -1,144 +0,0 @@ -/* $OpenBSD: resend.c,v 1.4 2001/01/17 06:01:26 fgsch Exp $ */ - -/* - * resend.c (C) 1995-1998 Darren Reed - * - * This was written to test what size TCP fragments would get through - * various TCP/IP packet filters, as used in IP firewalls. In certain - * conditions, enough of the TCP header is missing for unpredictable - * results unless the filter is aware that this can happen. - * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. - */ -#if !defined(lint) -static const char sccsid[] = "@(#)resend.c 1.3 1/11/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)$IPFilter: resend.c,v 2.1 1999/08/04 17:31:12 darrenr Exp $"; -#endif -#include <stdio.h> -#include <netdb.h> -#include <string.h> -#include <stdlib.h> -#include <unistd.h> -#include <sys/types.h> -#include <sys/time.h> -#include <sys/socket.h> -#include <net/if.h> -#include <netinet/in.h> -#include <arpa/inet.h> -#include <netinet/in_systm.h> -#include <netinet/ip.h> -#include <netinet/tcp.h> -#include <netinet/udp.h> -#include <netinet/ip_icmp.h> -#ifndef linux -# include <netinet/ip_var.h> -# include <netinet/if_ether.h> -# if __FreeBSD_version >= 300000 -# include <net/if_var.h> -# endif -#endif -#include "ipsend.h" - -extern int opts; - -static u_char pbuf[65536]; /* 1 big packet */ -void printpacket __P((ip_t *)); - - -void printpacket(ip) -ip_t *ip; -{ - tcphdr_t *t; - int i, j; - - t = (tcphdr_t *)((char *)ip + (ip->ip_hl << 2)); - if (ip->ip_tos) - printf("tos %#x ", ip->ip_tos); - if (ip->ip_off & 0x3fff) - printf("frag @%#x ", (ip->ip_off & 0x1fff) << 3); - printf("len %d id %d ", ip->ip_len, ip->ip_id); - printf("ttl %d p %d src %s", ip->ip_ttl, ip->ip_p, - inet_ntoa(ip->ip_src)); - if (ip->ip_p == IPPROTO_TCP || ip->ip_p == IPPROTO_UDP) - printf(",%d", t->th_sport); - printf(" dst %s", inet_ntoa(ip->ip_dst)); - if (ip->ip_p == IPPROTO_TCP || ip->ip_p == IPPROTO_UDP) - printf(",%d", t->th_dport); - if (ip->ip_p == IPPROTO_TCP) { - printf(" seq %lu:%lu flags ", - (u_long)t->th_seq, (u_long)t->th_ack); - for (j = 0, i = 1; i < 256; i *= 2, j++) - if (t->th_flags & i) - printf("%c", "FSRPAU--"[j]); - } - putchar('\n'); -} - - -int ip_resend(dev, mtu, r, gwip, datain) -char *dev; -int mtu; -struct in_addr gwip; -struct ipread *r; -char *datain; -{ - ether_header_t *eh; - char dhost[6]; - ip_t *ip; - int fd, wfd = initdevice(dev, 0, 5), len, i; - - if (datain) - fd = (*r->r_open)(datain); - else - fd = (*r->r_open)("-"); - - if (fd < 0) - exit(-1); - - ip = (struct ip *)pbuf; - eh = (ether_header_t *)malloc(sizeof(*eh)); - - bzero((char *)A_A eh->ether_shost, sizeof(eh->ether_shost)); - if (gwip.s_addr && (arp((char *)&gwip, dhost) == -1)) - { - perror("arp"); - return -2; - } - - while ((i = (*r->r_readip)((char *)pbuf, sizeof(pbuf), NULL, NULL)) > 0) - { - if (!(opts & OPT_RAW)) { - len = ntohs(ip->ip_len); - eh = (ether_header_t *)realloc((char *)eh, sizeof(*eh) + len); - eh->ether_type = htons((u_short)ETHERTYPE_IP); - if (!gwip.s_addr) { - if (arp((char *)&gwip, - (char *)A_A eh->ether_dhost) == -1) { - perror("arp"); - continue; - } - } else - bcopy(dhost, (char *)A_A eh->ether_dhost, - sizeof(dhost)); - if (!ip->ip_sum) - ip->ip_sum = chksum((u_short *)ip, - ip->ip_hl << 2); - bcopy(ip, (char *)(eh + 1), len); - len += sizeof(*eh); - printpacket(ip); - } else { - eh = (ether_header_t *)pbuf; - len = i; - } - - if (sendip(wfd, (char *)eh, len) == -1) - { - perror("send_packet"); - break; - } - } - (*r->r_close)(); - return 0; -} diff --git a/usr.sbin/ipsend/ipsend/Makefile b/usr.sbin/ipsend/ipsend/Makefile deleted file mode 100644 index 28427d93ce4..00000000000 --- a/usr.sbin/ipsend/ipsend/Makefile +++ /dev/null @@ -1,16 +0,0 @@ -# $OpenBSD: Makefile,v 1.3 1998/01/26 19:46:23 weingart Exp $ - -PROG= ipsend -BINDIR= /usr/sbin -MAN= ipsend.1 ipsend.5 -SRCS= ipsend.c ip.c ipsopt.c sbpf.c sock.c 44arp.c iplang_y.y iplang_l.l -CFLAGS+= -DDOSOCKET -I${.CURDIR}/../common -I${.CURDIR}/../../ipftest \ - -I${.CURDIR}/../../../sbin/ipf -I${.CURDIR}/../../../sys/netinet \ - -I${.OBJDIR} - -LDADD = -lfl -CLEANFILES+=y.tab.h - -.PATH: ${.CURDIR}/../common - -.include <bsd.prog.mk> diff --git a/usr.sbin/ipsend/ipsend/iplang_l.l b/usr.sbin/ipsend/ipsend/iplang_l.l deleted file mode 100644 index ac570e80115..00000000000 --- a/usr.sbin/ipsend/ipsend/iplang_l.l +++ /dev/null @@ -1,324 +0,0 @@ -%{ -/* $OpenBSD: iplang_l.l,v 1.3 2001/01/30 14:58:23 kjell Exp $ */ - -/* - * Copyright (C) 1997-1998 by Darren Reed. - * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. - * - * $IPFilter: iplang_l.l,v 2.2 2000/02/18 00:18:05 darrenr Exp $ - */ -#include <stdio.h> -#include <string.h> -#include <sys/param.h> -#if defined(__SVR4) || defined(__sysv__) -#include <sys/stream.h> -#endif -#include <sys/types.h> -#include <netinet/in_systm.h> -#include <netinet/in.h> -#include "y.tab.h" -#include "ip_fil_compat.h" -#include "ipf.h" - -#ifndef __P -# ifdef __STDC__ -# define __P(x) x -# else -# define __P(x) () -# endif -#endif - -extern int opts; - -int lineNum = 0, ipproto = 0, oldipproto = 0, next = -1, laststate = 0; -int *prstack = NULL, numpr = 0, state = 0, token = 0; - -void yyerror __P((char *)); -void push_proto __P((void)); -void pop_proto __P((void)); -int next_state __P((int, int)); -int next_item __P((int)); -int save_token __P((void)); -void swallow __P((void)); -int yylex __P((void)); - -struct wordtab { - char *word; - int state; - int next; -}; - -struct wordtab words[] = { - { "interface", IL_INTERFACE, -1 }, - { "iface", IL_INTERFACE, -1 }, - { "name", IL_IFNAME, IL_TOKEN }, - { "ifname", IL_IFNAME, IL_TOKEN }, - { "router", IL_DEFROUTER, IL_TOKEN }, - { "mtu", IL_MTU, IL_NUMBER }, - { "eaddr", IL_EADDR, IL_TOKEN }, - { "v4addr", IL_V4ADDR, IL_TOKEN }, - { "ipv4", IL_IPV4, -1 }, - { "v", IL_V4V, IL_TOKEN }, - { "proto", IL_V4PROTO, IL_TOKEN }, - { "hl", IL_V4HL, IL_TOKEN }, - { "id", IL_V4ID, IL_TOKEN }, - { "ttl", IL_V4TTL, IL_TOKEN }, - { "tos", IL_V4TOS, IL_TOKEN }, - { "src", IL_V4SRC, IL_TOKEN }, - { "dst", IL_V4DST, IL_TOKEN }, - { "opt", IL_OPT, -1 }, - { "len", IL_LEN, IL_TOKEN }, - { "off", IL_OFF, IL_TOKEN }, - { "sum", IL_SUM, IL_TOKEN }, - { "tcp", IL_TCP, -1 }, - { "sport", IL_SPORT, IL_TOKEN }, - { "dport", IL_DPORT, IL_TOKEN }, - { "seq", IL_TCPSEQ, IL_TOKEN }, - { "ack", IL_TCPACK, IL_TOKEN }, - { "flags", IL_TCPFL, IL_TOKEN }, - { "urp", IL_TCPURP, IL_TOKEN }, - { "win", IL_TCPWIN, IL_TOKEN }, - { "udp", IL_UDP, -1 }, - { "send", IL_SEND, -1 }, - { "via", IL_VIA, IL_TOKEN }, - { "arp", IL_ARP, -1 }, - { "data", IL_DATA, -1 }, - { "value", IL_DVALUE, IL_TOKEN }, - { "file", IL_DFILE, IL_TOKEN }, - { "nop", IL_IPO_NOP, -1 }, - { "eol", IL_IPO_EOL, -1 }, - { "rr", IL_IPO_RR, -1 }, - { "zsu", IL_IPO_ZSU, -1 }, - { "mtup", IL_IPO_MTUP, -1 }, - { "mtur", IL_IPO_MTUR, -1 }, - { "encode", IL_IPO_ENCODE, -1 }, - { "ts", IL_IPO_TS, -1 }, - { "tr", IL_IPO_TR, -1 }, - { "sec", IL_IPO_SEC, -1 }, - { "secclass", IL_IPO_SECCLASS, IL_TOKEN }, - { "lsrr", IL_IPO_LSRR, -1 }, - { "esec", IL_IPO_ESEC, -1 }, - { "cipso", IL_IPO_CIPSO, -1 }, - { "satid", IL_IPO_SATID, -1 }, - { "ssrr", IL_IPO_SSRR, -1 }, - { "addext", IL_IPO_ADDEXT, -1 }, - { "visa", IL_IPO_VISA, -1 }, - { "imitd", IL_IPO_IMITD, -1 }, - { "eip", IL_IPO_EIP, -1 }, - { "finn", IL_IPO_FINN, -1 }, - { "mss", IL_TCPO_MSS, IL_TOKEN }, - { "wscale", IL_TCPO_WSCALE, IL_TOKEN }, - { "reserv-4", IL_IPS_RESERV4, -1 }, - { "topsecret", IL_IPS_TOPSECRET, -1 }, - { "secret", IL_IPS_SECRET, -1 }, - { "reserv-3", IL_IPS_RESERV3, -1 }, - { "confid", IL_IPS_CONFID, -1 }, - { "unclass", IL_IPS_UNCLASS, -1 }, - { "reserv-2", IL_IPS_RESERV2, -1 }, - { "reserv-1", IL_IPS_RESERV1, -1 }, - { "icmp", IL_ICMP, -1 }, - { "type", IL_ICMPTYPE, -1 }, - { "code", IL_ICMPCODE, -1 }, - { "echorep", IL_ICMP_ECHOREPLY, -1 }, - { "unreach", IL_ICMP_UNREACH, -1 }, - { "squench", IL_ICMP_SOURCEQUENCH, -1 }, - { "redir", IL_ICMP_REDIRECT, -1 }, - { "echo", IL_ICMP_ECHO, -1 }, - { "routerad", IL_ICMP_ROUTERADVERT, -1 }, - { "routersol", IL_ICMP_ROUTERSOLICIT, -1 }, - { "timex", IL_ICMP_TIMXCEED, -1 }, - { "paramprob", IL_ICMP_PARAMPROB, -1 }, - { "timest", IL_ICMP_TSTAMP, -1 }, - { "timestrep", IL_ICMP_TSTAMPREPLY, -1 }, - { "inforeq", IL_ICMP_IREQ, -1 }, - { "inforep", IL_ICMP_IREQREPLY, -1 }, - { "maskreq", IL_ICMP_MASKREQ, -1 }, - { "maskrep", IL_ICMP_MASKREPLY, -1 }, - { "net-unr", IL_ICMP_UNREACH_NET, -1 }, - { "host-unr", IL_ICMP_UNREACH_HOST, -1 }, - { "proto-unr", IL_ICMP_UNREACH_PROTOCOL, -1 }, - { "port-unr", IL_ICMP_UNREACH_PORT, -1 }, - { "needfrag", IL_ICMP_UNREACH_NEEDFRAG, -1 }, - { "srcfail", IL_ICMP_UNREACH_SRCFAIL, -1 }, - { "net-unk", IL_ICMP_UNREACH_NET_UNKNOWN, -1 }, - { "host-unk", IL_ICMP_UNREACH_HOST_UNKNOWN, -1 }, - { "isolate", IL_ICMP_UNREACH_ISOLATED, -1 }, - { "net-prohib", IL_ICMP_UNREACH_NET_PROHIB, -1 }, - { "host-prohib", IL_ICMP_UNREACH_HOST_PROHIB, -1 }, - { "net-tos", IL_ICMP_UNREACH_TOSNET, -1 }, - { "host-tos", IL_ICMP_UNREACH_TOSHOST, -1 }, - { "filter-prohib", IL_ICMP_UNREACH_FILTER_PROHIB, -1 }, - { "host-preced", IL_ICMP_UNREACH_HOST_PRECEDENCE, -1 }, - { "cutoff-preced", IL_ICMP_UNREACH_PRECEDENCE_CUTOFF, -1 }, - { "net-redir", IL_ICMP_REDIRECT_NET, -1 }, - { "host-redir", IL_ICMP_REDIRECT_HOST, -1 }, - { "tos-net-redir", IL_ICMP_REDIRECT_TOSNET, -1 }, - { "tos-host-redir", IL_ICMP_REDIRECT_TOSHOST, -1 }, - { "intrans", IL_ICMP_TIMXCEED_INTRANS, -1 }, - { "reass", IL_ICMP_TIMXCEED_REASS, -1 }, - { "optabsent", IL_ICMP_PARAMPROB_OPTABSENT, -1 }, - { "otime", IL_ICMP_OTIME, -1 }, - { "rtime", IL_ICMP_RTIME, -1 }, - { "ttime", IL_ICMP_TTIME, -1 }, - { "icmpseq", IL_ICMP_SEQ, -1 }, - { "icmpid", IL_ICMP_SEQ, -1 }, - { ".", IL_DOT, -1 }, - { NULL, 0, 0 } -}; -%} -white [ \t\r]+ -%% -{white} ; -\n { lineNum++; swallow(); } -\{ { push_proto(); return next_item('{'); } -\} { pop_proto(); return next_item('}'); } -; { return next_item(';'); } -[0-9]+ { return next_item(IL_NUMBER); } -[0-9a-fA-F] { return next_item(IL_HEXDIGIT); } -: { return next_item(IL_COLON); } -#[^\n]* { return next_item(IL_COMMENT); } -[^ \{\}\n\t;:{}]* { return next_item(IL_TOKEN); } -\"[^\"]*\" { return next_item(IL_TOKEN); } -%% -void yyerror(msg) -char *msg; -{ - fprintf(stderr, "%s error at \"%s\", line %d\n", msg, yytext, - lineNum + 1); - exit(1); -} - - -void push_proto() -{ - numpr++; - if (!prstack) - prstack = (int *)malloc(sizeof(int)); - else - prstack = (int *)realloc((char *)prstack, numpr * sizeof(int)); - prstack[numpr - 1] = oldipproto; -} - - -void pop_proto() -{ - numpr--; - ipproto = prstack[numpr]; - if (!numpr) { - free(prstack); - prstack = NULL; - return; - } - prstack = (int *)realloc((char *)prstack, numpr * sizeof(int)); -} - - -int save_token() -{ - - yylval.str = strdup(yytext); - return IL_TOKEN; -} - - -int next_item(nstate) -int nstate; -{ - struct wordtab *wt; - - if (opts & OPT_DEBUG) - printf("text=[%s] id=%d next=%d\n", yytext, nstate, next); - if (next == IL_TOKEN) { - next = -1; - return save_token(); - } - token++; - - for (wt = words; wt->word; wt++) - if (!strcasecmp(wt->word, yytext)) - return next_state(wt->state, wt->next); - if (opts & OPT_DEBUG) - printf("unknown keyword=[%s]\n", yytext); - next = -1; - if (nstate == IL_NUMBER) - yylval.num = atoi(yytext); - token++; - return nstate; -} - - -int next_state(nstate, fornext) -int nstate, fornext; -{ - next = fornext; - - switch (nstate) - { - case IL_IPV4 : - case IL_TCP : - case IL_UDP : - case IL_ICMP : - case IL_DATA : - case IL_INTERFACE : - case IL_ARP : - oldipproto = ipproto; - ipproto = nstate; - break; - case IL_SUM : - if (ipproto == IL_IPV4) - nstate = IL_V4SUM; - else if (ipproto == IL_TCP) - nstate = IL_TCPSUM; - else if (ipproto == IL_UDP) - nstate = IL_UDPSUM; - break; - case IL_OPT : - if (ipproto == IL_IPV4) - nstate = IL_V4OPT; - else if (ipproto == IL_TCP) - nstate = IL_TCPOPT; - break; - case IL_IPO_NOP : - if (ipproto == IL_TCP) - nstate = IL_TCPO_NOP; - break; - case IL_IPO_EOL : - if (ipproto == IL_TCP) - nstate = IL_TCPO_EOL; - break; - case IL_IPO_TS : - if (ipproto == IL_TCP) - nstate = IL_TCPO_TS; - break; - case IL_OFF : - if (ipproto == IL_IPV4) - nstate = IL_V4OFF; - else if (ipproto == IL_TCP) - nstate = IL_TCPOFF; - break; - case IL_LEN : - if (ipproto == IL_IPV4) - nstate = IL_V4LEN; - else if (ipproto == IL_UDP) - nstate = IL_UDPLEN; - break; - } - return nstate; -} - - -void swallow() -{ - int c; - - c = input(); - - if (c == '#') { - while ((c != '\n') && (c != EOF)) - c = input(); - } - unput(c); -} diff --git a/usr.sbin/ipsend/ipsend/iplang_y.y b/usr.sbin/ipsend/ipsend/iplang_y.y deleted file mode 100644 index 6ec6307c9c1..00000000000 --- a/usr.sbin/ipsend/ipsend/iplang_y.y +++ /dev/null @@ -1,1869 +0,0 @@ -%{ -/* $OpenBSD: iplang_y.y,v 1.3 2001/01/30 14:58:23 kjell Exp $ */ - -/* - * Copyright (C) 1997-1998 by Darren Reed. - * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. - * - * $IPFilter: iplang_y.y,v 2.2.2.1 2000/08/05 14:43:39 darrenr Exp $ - */ - -#include <stdio.h> -#include <string.h> -#include <fcntl.h> -#if !defined(__SVR4) && !defined(__svr4__) -#include <strings.h> -#else -#include <sys/byteorder.h> -#endif -#include <sys/types.h> -#include <sys/stat.h> -#include <sys/param.h> -#include <sys/time.h> -#include <stdlib.h> -#include <unistd.h> -#include <stddef.h> -#include <sys/socket.h> -#include <netinet/in.h> -#include <netinet/in_systm.h> -#include <netinet/ip.h> -#include <netinet/ip_icmp.h> -#ifndef linux -#include <netinet/ip_var.h> -#endif -#include <netinet/tcp.h> -#include <netinet/udp.h> -#include <net/if.h> -#ifndef linux -#include <netinet/if_ether.h> -#endif -#include <netdb.h> -#include <arpa/nameser.h> -#include <arpa/inet.h> -#include <resolv.h> -#include <ctype.h> -#include "ipsend.h" -#include "ip_fil_compat.h" -#include "ipf.h" -#include "iplang.h" - -#if !defined(__NetBSD__) && (!defined(__FreeBSD_version) && \ - __FreeBSD_version < 400020) -extern struct ether_addr *ether_aton __P((char *)); -#endif - -extern int opts; -extern struct ipopt_names ionames[]; -extern int state, state, lineNum, token; -extern int yylineno; -extern char yytext[]; -extern FILE *yyin; -int yylex __P((void)); -#define YYDEBUG 1 -#if !defined(ultrix) && !defined(hpux) -int yydebug = 1; -#else -extern int yydebug; -#endif - -iface_t *iflist = NULL, **iftail = &iflist; -iface_t *cifp = NULL; -arp_t *arplist = NULL, **arptail = &arplist, *carp = NULL; -struct in_addr defrouter; -send_t sending; -char *sclass = NULL; -u_short c_chksum __P((u_short *, u_int, u_long)); -u_long p_chksum __P((u_short *, u_int)); - -u_long ipbuffer[67584/sizeof(u_long)]; /* 66K */ -aniphdr_t *aniphead = NULL, *canip = NULL, **aniptail = &aniphead; -ip_t *ip = NULL; -udphdr_t *udp = NULL; -tcphdr_t *tcp = NULL; -icmphdr_t *icmp = NULL; - -struct statetoopt { - int sto_st; - int sto_op; -}; - -struct in_addr getipv4addr __P((char *arg)); -u_short getportnum __P((char *, char *)); -struct ether_addr *geteaddr __P((char *, struct ether_addr *)); -void *new_header __P((int)); -void free_aniplist __P((void)); -void inc_anipheaders __P((int)); -void new_data __P((void)); -void set_datalen __P((char **)); -void set_datafile __P((char **)); -void set_data __P((char **)); -void new_packet __P((void)); -void set_ipv4proto __P((char **)); -void set_ipv4src __P((char **)); -void set_ipv4dst __P((char **)); -void set_ipv4off __P((char **)); -void set_ipv4v __P((char **)); -void set_ipv4hl __P((char **)); -void set_ipv4ttl __P((char **)); -void set_ipv4tos __P((char **)); -void set_ipv4id __P((char **)); -void set_ipv4sum __P((char **)); -void set_ipv4len __P((char **)); -void new_tcpheader __P((void)); -void set_tcpsport __P((char **)); -void set_tcpdport __P((char **)); -void set_tcpseq __P((char **)); -void set_tcpack __P((char **)); -void set_tcpoff __P((char **)); -void set_tcpurp __P((char **)); -void set_tcpwin __P((char **)); -void set_tcpsum __P((char **)); -void set_tcpflags __P((char **)); -void set_tcpopt __P((int, char **)); -void end_tcpopt __P((void)); -void new_udpheader __P((void)); -void set_udplen __P((char **)); -void set_udpsum __P((char **)); -void prep_packet __P((void)); -void packet_done __P((void)); -void new_interface __P((void)); -void check_interface __P((void)); -void set_ifname __P((char **)); -void set_ifmtu __P((int)); -void set_ifv4addr __P((char **)); -void set_ifeaddr __P((char **)); -void new_arp __P((void)); -void set_arpeaddr __P((char **)); -void set_arpv4addr __P((char **)); -void reset_send __P((void)); -void set_sendif __P((char **)); -void set_sendvia __P((char **)); -void set_defaultrouter __P((char **)); -void new_icmpheader __P((void)); -void set_icmpcode __P((int)); -void set_icmptype __P((int)); -void set_icmpcodetok __P((char **)); -void set_icmptypetok __P((char **)); -void set_icmpid __P((int)); -void set_icmpseq __P((int)); -void set_icmpotime __P((int)); -void set_icmprtime __P((int)); -void set_icmpttime __P((int)); -void set_icmpmtu __P((int)); -void set_redir __P((int, char **)); -void new_ipv4opt __P((void)); -void set_icmppprob __P((int)); -void add_ipopt __P((int, void *)); -void end_ipopt __P((void)); -void set_secclass __P((char **)); -void free_anipheader __P((void)); -void end_ipv4 __P((void)); -void end_icmp __P((void)); -void end_udp __P((void)); -void end_tcp __P((void)); -void end_data __P((void)); -void yyerror __P((char *)); -void iplang __P((FILE *)); -int arp_getipv4 __P((char *, char *)); -int yyparse __P((void)); -%} -%union { - char *str; - int num; -} -%token <num> IL_NUMBER -%type <num> number digits optnumber -%token <str> IL_TOKEN -%type <str> token optoken -%token IL_HEXDIGIT IL_COLON IL_DOT IL_EOF IL_COMMENT -%token IL_INTERFACE IL_IFNAME IL_MTU IL_EADDR -%token IL_IPV4 IL_V4PROTO IL_V4SRC IL_V4DST IL_V4OFF IL_V4V IL_V4HL IL_V4TTL -%token IL_V4TOS IL_V4SUM IL_V4LEN IL_V4OPT IL_V4ID -%token IL_TCP IL_SPORT IL_DPORT IL_TCPFL IL_TCPSEQ IL_TCPACK IL_TCPOFF -%token IL_TCPWIN IL_TCPSUM IL_TCPURP IL_TCPOPT IL_TCPO_NOP IL_TCPO_EOL -%token IL_TCPO_MSS IL_TCPO_WSCALE IL_TCPO_TS -%token IL_UDP IL_UDPLEN IL_UDPSUM -%token IL_ICMP IL_ICMPTYPE IL_ICMPCODE -%token IL_SEND IL_VIA -%token IL_ARP -%token IL_DEFROUTER -%token IL_SUM IL_OFF IL_LEN IL_V4ADDR IL_OPT -%token IL_DATA IL_DLEN IL_DVALUE IL_DFILE -%token IL_IPO_NOP IL_IPO_RR IL_IPO_ZSU IL_IPO_MTUP IL_IPO_MTUR IL_IPO_EOL -%token IL_IPO_TS IL_IPO_TR IL_IPO_SEC IL_IPO_LSRR IL_IPO_ESEC -%token IL_IPO_SATID IL_IPO_SSRR IL_IPO_ADDEXT IL_IPO_VISA IL_IPO_IMITD -%token IL_IPO_EIP IL_IPO_FINN IL_IPO_SECCLASS IL_IPO_CIPSO IL_IPO_ENCODE -%token <str> IL_IPS_RESERV4 IL_IPS_TOPSECRET IL_IPS_SECRET IL_IPS_RESERV3 -%token <str> IL_IPS_CONFID IL_IPS_UNCLASS IL_IPS_RESERV2 IL_IPS_RESERV1 -%token IL_ICMP_ECHOREPLY IL_ICMP_UNREACH IL_ICMP_UNREACH_NET -%token IL_ICMP_UNREACH_HOST IL_ICMP_UNREACH_PROTOCOL IL_ICMP_UNREACH_PORT -%token IL_ICMP_UNREACH_NEEDFRAG IL_ICMP_UNREACH_SRCFAIL -%token IL_ICMP_UNREACH_NET_UNKNOWN IL_ICMP_UNREACH_HOST_UNKNOWN -%token IL_ICMP_UNREACH_ISOLATED IL_ICMP_UNREACH_NET_PROHIB -%token IL_ICMP_UNREACH_HOST_PROHIB IL_ICMP_UNREACH_TOSNET -%token IL_ICMP_UNREACH_TOSHOST IL_ICMP_UNREACH_FILTER_PROHIB -%token IL_ICMP_UNREACH_HOST_PRECEDENCE IL_ICMP_UNREACH_PRECEDENCE_CUTOFF -%token IL_ICMP_SOURCEQUENCH IL_ICMP_REDIRECT IL_ICMP_REDIRECT_NET -%token IL_ICMP_REDIRECT_HOST IL_ICMP_REDIRECT_TOSNET -%token IL_ICMP_REDIRECT_TOSHOST IL_ICMP_ECHO IL_ICMP_ROUTERADVERT -%token IL_ICMP_ROUTERSOLICIT IL_ICMP_TIMXCEED IL_ICMP_TIMXCEED_INTRANS -%token IL_ICMP_TIMXCEED_REASS IL_ICMP_PARAMPROB IL_ICMP_PARAMPROB_OPTABSENT -%token IL_ICMP_TSTAMP IL_ICMP_TSTAMPREPLY IL_ICMP_IREQ IL_ICMP_IREQREPLY -%token IL_ICMP_MASKREQ IL_ICMP_MASKREPLY IL_ICMP_SEQ IL_ICMP_ID -%token IL_ICMP_OTIME IL_ICMP_RTIME IL_ICMP_TTIME - -%% -file: line - | line file - | IL_COMMENT - | IL_COMMENT file - ; - -line: iface - | arp - | send - | defrouter - | ipline - ; - -iface: ifhdr '{' ifaceopts '}' ';' { check_interface(); } - ; - -ifhdr: IL_INTERFACE { new_interface(); } - ; - -ifaceopts: - ifaceopt - | ifaceopt ifaceopts - ; - -ifaceopt: - IL_IFNAME token { set_ifname(&$2); } - | IL_MTU number { set_ifmtu($2); } - | IL_V4ADDR token { set_ifv4addr(&$2); } - | IL_EADDR token { set_ifeaddr(&$2); } - ; - -send: sendhdr '{' sendbody '}' ';' { packet_done(); } - | sendhdr ';' { packet_done(); } - ; - -sendhdr: - IL_SEND { reset_send(); } - ; - -sendbody: - sendopt - | sendbody sendopt - ; - -sendopt: - IL_IFNAME token { set_sendif(&$2); } - | IL_VIA token { set_sendvia(&$2); } - ; - -arp: arphdr '{' arpbody '}' ';' - ; - -arphdr: IL_ARP { new_arp(); } - ; - -arpbody: - arpopt - | arpbody arpopt - ; - -arpopt: IL_V4ADDR token { set_arpv4addr(&$2); } - | IL_EADDR token { set_arpeaddr(&$2); } - ; - -defrouter: - IL_DEFROUTER token { set_defaultrouter(&$2); } - ; - -bodyline: - ipline - | tcp tcpline - | udp udpline - | icmp icmpline - | data dataline - ; - -ipline: ipv4 '{' ipv4body '}' ';' { end_ipv4(); } - ; - -ipv4: IL_IPV4 { new_packet(); } - -ipv4body: - ipv4type - | ipv4type ipv4body - | bodyline - ; - -ipv4type: - IL_V4PROTO token { set_ipv4proto(&$2); } - | IL_V4SRC token { set_ipv4src(&$2); } - | IL_V4DST token { set_ipv4dst(&$2); } - | IL_V4OFF token { set_ipv4off(&$2); } - | IL_V4V token { set_ipv4v(&$2); } - | IL_V4HL token { set_ipv4hl(&$2); } - | IL_V4ID token { set_ipv4id(&$2); } - | IL_V4TTL token { set_ipv4ttl(&$2); } - | IL_V4TOS token { set_ipv4tos(&$2); } - | IL_V4SUM token { set_ipv4sum(&$2); } - | IL_V4LEN token { set_ipv4len(&$2); } - | ipv4opt '{' ipv4optlist '}' ';' { end_ipopt(); } - ; - -tcp: IL_TCP { new_tcpheader(); } - ; - -tcpline: - '{' tcpheader '}' ';' { end_tcp(); } - ; - -tcpheader: - tcpbody - | tcpbody tcpheader - | bodyline - ; - -tcpbody: - IL_SPORT token { set_tcpsport(&$2); } - | IL_DPORT token { set_tcpdport(&$2); } - | IL_TCPSEQ token { set_tcpseq(&$2); } - | IL_TCPACK token { set_tcpack(&$2); } - | IL_TCPOFF token { set_tcpoff(&$2); } - | IL_TCPURP token { set_tcpurp(&$2); } - | IL_TCPWIN token { set_tcpwin(&$2); } - | IL_TCPSUM token { set_tcpsum(&$2); } - | IL_TCPFL token { set_tcpflags(&$2); } - | IL_TCPOPT '{' tcpopts '}' ';' { end_tcpopt(); } - ; - -tcpopts: - | tcpopt tcpopts - ; - -tcpopt: IL_TCPO_NOP ';' { set_tcpopt(IL_TCPO_NOP, NULL); } - | IL_TCPO_EOL ';' { set_tcpopt(IL_TCPO_EOL, NULL); } - | IL_TCPO_MSS optoken { set_tcpopt(IL_TCPO_MSS,&$2);} - | IL_TCPO_WSCALE optoken { set_tcpopt(IL_TCPO_WSCALE,&$2);} - | IL_TCPO_TS optoken { set_tcpopt(IL_TCPO_TS, &$2);} - ; - -udp: IL_UDP { new_udpheader(); } - ; - -udpline: - '{' udpheader '}' ';' { end_udp(); } - ; - - -udpheader: - udpbody - | udpbody udpheader - | bodyline - ; - -udpbody: - IL_SPORT token { set_tcpsport(&$2); } - | IL_DPORT token { set_tcpdport(&$2); } - | IL_UDPLEN token { set_udplen(&$2); } - | IL_UDPSUM token { set_udpsum(&$2); } - ; - -icmp: IL_ICMP { new_icmpheader(); } - ; - -icmpline: - '{' icmpbody '}' ';' { end_icmp(); } - ; - -icmpbody: - icmpheader - | icmpheader bodyline - ; - -icmpheader: - IL_ICMPTYPE icmptype - | IL_ICMPTYPE icmptype icmpcode - ; - -icmpcode: - IL_ICMPCODE token { set_icmpcodetok(&$2); } - ; - -icmptype: - IL_ICMP_ECHOREPLY ';' { set_icmptype(ICMP_ECHOREPLY); } - | IL_ICMP_ECHOREPLY '{' icmpechoopts '}' ';' - | unreach - | IL_ICMP_SOURCEQUENCH ';' { set_icmptype(ICMP_SOURCEQUENCH); } - | redirect - | IL_ICMP_ROUTERADVERT ';' { set_icmptype(ICMP_ROUTERADVERT); } - | IL_ICMP_ROUTERSOLICIT ';' { set_icmptype(ICMP_ROUTERSOLICIT); } - | IL_ICMP_ECHO ';' { set_icmptype(ICMP_ECHO); } - | IL_ICMP_ECHO '{' icmpechoopts '}' ';' - | IL_ICMP_TIMXCEED ';' { set_icmptype(ICMP_TIMXCEED); } - | IL_ICMP_TIMXCEED '{' exceed '}' ';' - | IL_ICMP_TSTAMP ';' { set_icmptype(ICMP_TSTAMP); } - | IL_ICMP_TSTAMPREPLY ';' { set_icmptype(ICMP_TSTAMPREPLY); } - | IL_ICMP_TSTAMPREPLY '{' icmptsopts '}' ';' - | IL_ICMP_IREQ ';' { set_icmptype(ICMP_IREQ); } - | IL_ICMP_IREQREPLY ';' { set_icmptype(ICMP_IREQREPLY); } - | IL_ICMP_IREQREPLY '{' data dataline '}' ';' - | IL_ICMP_MASKREQ ';' { set_icmptype(ICMP_MASKREQ); } - | IL_ICMP_MASKREPLY ';' { set_icmptype(ICMP_MASKREPLY); } - | IL_ICMP_MASKREPLY '{' token '}' ';' - | IL_ICMP_PARAMPROB ';' { set_icmptype(ICMP_PARAMPROB); } - | IL_ICMP_PARAMPROB '{' paramprob '}' ';' - | IL_TOKEN ';' { set_icmptypetok(&$1); } - ; - -icmpechoopts: - | icmpechoopts icmpecho - ; - -icmpecho: - IL_ICMP_SEQ number { set_icmpseq($2); } - | IL_ICMP_ID number { set_icmpid($2); } - ; - -icmptsopts: - | icmptsopts icmpts ';' - ; - -icmpts: IL_ICMP_OTIME number { set_icmpotime($2); } - | IL_ICMP_RTIME number { set_icmprtime($2); } - | IL_ICMP_TTIME number { set_icmpttime($2); } - ; - -unreach: - IL_ICMP_UNREACH - | IL_ICMP_UNREACH '{' unreachopts '}' ';' - ; - -unreachopts: - IL_ICMP_UNREACH_NET line - | IL_ICMP_UNREACH_HOST line - | IL_ICMP_UNREACH_PROTOCOL line - | IL_ICMP_UNREACH_PORT line - | IL_ICMP_UNREACH_NEEDFRAG number ';' { set_icmpmtu($2); } - | IL_ICMP_UNREACH_SRCFAIL line - | IL_ICMP_UNREACH_NET_UNKNOWN line - | IL_ICMP_UNREACH_HOST_UNKNOWN line - | IL_ICMP_UNREACH_ISOLATED line - | IL_ICMP_UNREACH_NET_PROHIB line - | IL_ICMP_UNREACH_HOST_PROHIB line - | IL_ICMP_UNREACH_TOSNET line - | IL_ICMP_UNREACH_TOSHOST line - | IL_ICMP_UNREACH_FILTER_PROHIB line - | IL_ICMP_UNREACH_HOST_PRECEDENCE line - | IL_ICMP_UNREACH_PRECEDENCE_CUTOFF line - ; - -redirect: - IL_ICMP_REDIRECT - | IL_ICMP_REDIRECT '{' redirectopts '}' ';' - ; - -redirectopts: - | IL_ICMP_REDIRECT_NET token { set_redir(0, &$2); } - | IL_ICMP_REDIRECT_HOST token { set_redir(1, &$2); } - | IL_ICMP_REDIRECT_TOSNET token { set_redir(2, &$2); } - | IL_ICMP_REDIRECT_TOSHOST token { set_redir(3, &$2); } - ; - -exceed: - IL_ICMP_TIMXCEED_INTRANS line - | IL_ICMP_TIMXCEED_REASS line - ; - -paramprob: - IL_ICMP_PARAMPROB_OPTABSENT - | IL_ICMP_PARAMPROB_OPTABSENT paraprobarg - -paraprobarg: - '{' number '}' ';' { set_icmppprob($2); } - ; - -ipv4opt: IL_V4OPT { new_ipv4opt(); } - ; - -ipv4optlist: - | ipv4opts ipv4optlist - ; - -ipv4opts: - IL_IPO_NOP ';' { add_ipopt(IL_IPO_NOP, NULL); } - | IL_IPO_RR optnumber { add_ipopt(IL_IPO_RR, &$2); } - | IL_IPO_ZSU ';' { add_ipopt(IL_IPO_ZSU, NULL); } - | IL_IPO_MTUP ';' { add_ipopt(IL_IPO_MTUP, NULL); } - | IL_IPO_MTUR ';' { add_ipopt(IL_IPO_MTUR, NULL); } - | IL_IPO_ENCODE ';' { add_ipopt(IL_IPO_ENCODE, NULL); } - | IL_IPO_TS ';' { add_ipopt(IL_IPO_TS, NULL); } - | IL_IPO_TR ';' { add_ipopt(IL_IPO_TR, NULL); } - | IL_IPO_SEC ';' { add_ipopt(IL_IPO_SEC, NULL); } - | IL_IPO_SECCLASS secclass { add_ipopt(IL_IPO_SECCLASS, sclass); } - | IL_IPO_LSRR token { add_ipopt(IL_IPO_LSRR,&$2); } - | IL_IPO_ESEC ';' { add_ipopt(IL_IPO_ESEC, NULL); } - | IL_IPO_CIPSO ';' { add_ipopt(IL_IPO_CIPSO, NULL); } - | IL_IPO_SATID optnumber { add_ipopt(IL_IPO_SATID,&$2);} - | IL_IPO_SSRR token { add_ipopt(IL_IPO_SSRR,&$2); } - | IL_IPO_ADDEXT ';' { add_ipopt(IL_IPO_ADDEXT, NULL); } - | IL_IPO_VISA ';' { add_ipopt(IL_IPO_VISA, NULL); } - | IL_IPO_IMITD ';' { add_ipopt(IL_IPO_IMITD, NULL); } - | IL_IPO_EIP ';' { add_ipopt(IL_IPO_EIP, NULL); } - | IL_IPO_FINN ';' { add_ipopt(IL_IPO_FINN, NULL); } - ; - -secclass: - IL_IPS_RESERV4 ';' { set_secclass(&$1); } - | IL_IPS_TOPSECRET ';' { set_secclass(&$1); } - | IL_IPS_SECRET ';' { set_secclass(&$1); } - | IL_IPS_RESERV3 ';' { set_secclass(&$1); } - | IL_IPS_CONFID ';' { set_secclass(&$1); } - | IL_IPS_UNCLASS ';' { set_secclass(&$1); } - | IL_IPS_RESERV2 ';' { set_secclass(&$1); } - | IL_IPS_RESERV1 ';' { set_secclass(&$1); } - ; - -data: IL_DATA { new_data(); } - ; - -dataline: - '{' databody '}' ';' { end_data(); } - ; - -databody: dataopts - | dataopts databody - ; - -dataopts: - IL_DLEN token { set_datalen(&$2); } - | IL_DVALUE token { set_data(&$2); } - | IL_DFILE token { set_datafile(&$2); } - ; - -token: IL_TOKEN ';' - ; - -optoken: ';' { $$ = ""; } - | token - ; - -number: digits ';' - ; - -optnumber: ';' { $$ = 0; } - | number - ; - -digits: IL_NUMBER - | digits IL_NUMBER - ; -%% - -struct statetoopt toipopts[] = { - { IL_IPO_NOP, IPOPT_NOP }, - { IL_IPO_RR, IPOPT_RR }, - { IL_IPO_ZSU, IPOPT_ZSU }, - { IL_IPO_MTUP, IPOPT_MTUP }, - { IL_IPO_MTUR, IPOPT_MTUR }, - { IL_IPO_ENCODE, IPOPT_ENCODE }, - { IL_IPO_TS, IPOPT_TS }, - { IL_IPO_TR, IPOPT_TR }, - { IL_IPO_SEC, IPOPT_SECURITY }, - { IL_IPO_SECCLASS, IPOPT_SECURITY }, - { IL_IPO_LSRR, IPOPT_LSRR }, - { IL_IPO_ESEC, IPOPT_E_SEC }, - { IL_IPO_CIPSO, IPOPT_CIPSO }, - { IL_IPO_SATID, IPOPT_SATID }, - { IL_IPO_SSRR, IPOPT_SSRR }, - { IL_IPO_ADDEXT, IPOPT_ADDEXT }, - { IL_IPO_VISA, IPOPT_VISA }, - { IL_IPO_IMITD, IPOPT_IMITD }, - { IL_IPO_EIP, IPOPT_EIP }, - { IL_IPO_FINN, IPOPT_FINN }, - { 0, 0 } -}; - -struct statetoopt tosecopts[] = { - { IL_IPS_RESERV4, IPSO_CLASS_RES4 }, - { IL_IPS_TOPSECRET, IPSO_CLASS_TOPS }, - { IL_IPS_SECRET, IPSO_CLASS_SECR }, - { IL_IPS_RESERV3, IPSO_CLASS_RES3 }, - { IL_IPS_CONFID, IPSO_CLASS_CONF }, - { IL_IPS_UNCLASS, IPSO_CLASS_UNCL }, - { IL_IPS_RESERV2, IPSO_CLASS_RES2 }, - { IL_IPS_RESERV1, IPSO_CLASS_RES1 }, - { 0, 0 } -}; - -#ifdef bsdi -struct ether_addr * -ether_aton(s) - char *s; -{ - static struct ether_addr n; - u_int i[6]; - - if (sscanf(s, " %x:%x:%x:%x:%x:%x ", &i[0], &i[1], - &i[2], &i[3], &i[4], &i[5]) == 6) { - n.ether_addr_octet[0] = (u_char)i[0]; - n.ether_addr_octet[1] = (u_char)i[1]; - n.ether_addr_octet[2] = (u_char)i[2]; - n.ether_addr_octet[3] = (u_char)i[3]; - n.ether_addr_octet[4] = (u_char)i[4]; - n.ether_addr_octet[5] = (u_char)i[5]; - return &n; - } - return NULL; -} -#endif - - -struct in_addr getipv4addr(arg) -char *arg; -{ - struct hostent *hp; - struct in_addr in; - - in.s_addr = 0xffffffff; - - if ((hp = gethostbyname(arg))) - bcopy(hp->h_addr, &in.s_addr, sizeof(struct in_addr)); - else - in.s_addr = inet_addr(arg); - return in; -} - - -u_short getportnum(pr, name) -char *pr, *name; -{ - struct servent *sp; - - if (!(sp = getservbyname(name, pr))) - return htons(atoi(name)); - return sp->s_port; -} - - -struct ether_addr *geteaddr(arg, buf) -char *arg; -struct ether_addr *buf; -{ - struct ether_addr *e; - -#if !defined(hpux) && !defined(linux) - e = ether_aton(arg); - if (!e) - fprintf(stderr, "Invalid ethernet address: %s\n", arg); - else -# ifdef __FreeBSD__ - bcopy(e->octet, buf->octet, sizeof(e->octet)); -# else - bcopy(e->ether_addr_octet, buf->ether_addr_octet, - sizeof(e->ether_addr_octet)); -# endif - return e; -#else - return NULL; -#endif -} - - -void *new_header(type) -int type; -{ - aniphdr_t *aip, *oip = canip; - int sz = 0; - - aip = (aniphdr_t *)calloc(1, sizeof(*aip)); - *aniptail = aip; - aniptail = &aip->ah_next; - aip->ah_p = type; - aip->ah_prev = oip; - canip = aip; - - if (type == IPPROTO_UDP) - sz = sizeof(udphdr_t); - else if (type == IPPROTO_TCP) - sz = sizeof(tcphdr_t); - else if (type == IPPROTO_ICMP) - sz = sizeof(icmphdr_t); - else if (type == IPPROTO_IP) - sz = sizeof(ip_t); - - if (oip) - canip->ah_data = oip->ah_data + oip->ah_len; - else - canip->ah_data = (char *)ipbuffer; - - /* - * Increase the size fields in all wrapping headers. - */ - for (aip = aniphead; aip; aip = aip->ah_next) { - aip->ah_len += sz; - if (aip->ah_p == IPPROTO_IP) - aip->ah_ip->ip_len += sz; - else if (aip->ah_p == IPPROTO_UDP) - aip->ah_udp->uh_ulen += sz; - } - return (void *)canip->ah_data; -} - - -void free_aniplist() -{ - aniphdr_t *aip, **aipp = &aniphead; - - while ((aip = *aipp)) { - *aipp = aip->ah_next; - free(aip); - } - aniptail = &aniphead; -} - - -void inc_anipheaders(inc) -int inc; -{ - aniphdr_t *aip; - - for (aip = aniphead; aip; aip = aip->ah_next) { - aip->ah_len += inc; - if (aip->ah_p == IPPROTO_IP) - aip->ah_ip->ip_len += inc; - else if (aip->ah_p == IPPROTO_UDP) - aip->ah_udp->uh_ulen += inc; - } -} - - -void new_data() -{ - (void) new_header(-1); - canip->ah_len = 0; -} - - -void set_datalen(arg) -char **arg; -{ - int len; - - len = strtol(*arg, NULL, 0); - inc_anipheaders(len); - free(*arg); - *arg = NULL; -} - - -void set_data(arg) -char **arg; -{ - u_char *s = (u_char *)*arg, *t = (u_char *)canip->ah_data, c; - int len = 0, todo = 0, quote = 0, val = 0; - - while ((c = *s++)) { - if (todo) { - if (isdigit(c)) { - todo--; - if (c > '7') { - fprintf(stderr, "octal with %c!\n", c); - break; - } - val <<= 3; - val |= (c - '0'); - } - if (!isdigit(c) || !todo) { - *t++ = (u_char)(val & 0xff); - todo = 0; - } - if (todo) - continue; - } - if (quote) { - if (isdigit(c)) { - todo = 2; - if (c > '7') { - fprintf(stderr, "octal with %c!\n", c); - break; - } - val = (c - '0'); - } else { - switch (c) - { - case '\"' : - *t++ = '\"'; - break; - case '\\' : - *t++ = '\\'; - break; - case 'n' : - *t++ = '\n'; - break; - case 'r' : - *t++ = '\r'; - break; - case 't' : - *t++ = '\t'; - break; - } - } - quote = 0; - continue; - } - - if (c == '\\') - quote = 1; - else - *t++ = c; - } - if (todo) - *t++ = (u_char)(val & 0xff); - if (quote) - *t++ = '\\'; - len = t - (u_char *)canip->ah_data; - inc_anipheaders(len - canip->ah_len); - canip->ah_len = len; -} - - -void set_datafile(arg) -char **arg; -{ - struct stat sb; - char *file = *arg; - int fd, len; - - if ((fd = open(file, O_RDONLY)) == -1) { - perror("open"); - exit(-1); - } - - if (fstat(fd, &sb) == -1) { - perror("fstat"); - exit(-1); - } - - if ((sb.st_size + aniphead->ah_len ) > 65535) { - fprintf(stderr, "data file %s too big to include.\n", file); - close(fd); - return; - } - if ((len = read(fd, canip->ah_data, sb.st_size)) == -1) { - perror("read"); - close(fd); - return; - } - inc_anipheaders(len); - canip->ah_len += len; - close(fd); -} - - -void new_packet() -{ - static u_short id = 0; - - if (!aniphead) - bzero((char *)ipbuffer, sizeof(ipbuffer)); - - ip = (ip_t *)new_header(IPPROTO_IP); - ip->ip_v = IPVERSION; - ip->ip_hl = sizeof(ip_t) >> 2; - ip->ip_len = sizeof(ip_t); - ip->ip_ttl = 63; - ip->ip_id = htons(id++); -} - - -void set_ipv4proto(arg) -char **arg; -{ - struct protoent *pr; - - if ((pr = getprotobyname(*arg))) - ip->ip_p = pr->p_proto; - else - if (!(ip->ip_p = atoi(*arg))) - fprintf(stderr, "unknown protocol %s\n", *arg); - free(*arg); - *arg = NULL; -} - - -void set_ipv4src(arg) -char **arg; -{ - ip->ip_src = getipv4addr(*arg); - free(*arg); - *arg = NULL; -} - - -void set_ipv4dst(arg) -char **arg; -{ - ip->ip_dst = getipv4addr(*arg); - free(*arg); - *arg = NULL; -} - - -void set_ipv4off(arg) -char **arg; -{ - ip->ip_off = htons(strtol(*arg, NULL, 0)); - free(*arg); - *arg = NULL; -} - - -void set_ipv4v(arg) -char **arg; -{ - ip->ip_v = strtol(*arg, NULL, 0); - free(*arg); - *arg = NULL; -} - - -void set_ipv4hl(arg) -char **arg; -{ - int newhl, inc; - - newhl = strtol(*arg, NULL, 0); - inc = (newhl - ip->ip_hl) << 2; - ip->ip_len += inc; - ip->ip_hl = newhl; - canip->ah_len += inc; - free(*arg); - *arg = NULL; -} - - -void set_ipv4ttl(arg) -char **arg; -{ - ip->ip_ttl = strtol(*arg, NULL, 0); - free(*arg); - *arg = NULL; -} - - -void set_ipv4tos(arg) -char **arg; -{ - ip->ip_tos = strtol(*arg, NULL, 0); - free(*arg); - *arg = NULL; -} - - -void set_ipv4id(arg) -char **arg; -{ - ip->ip_id = htons(strtol(*arg, NULL, 0)); - free(*arg); - *arg = NULL; -} - - -void set_ipv4sum(arg) -char **arg; -{ - ip->ip_sum = strtol(*arg, NULL, 0); - free(*arg); - *arg = NULL; -} - - -void set_ipv4len(arg) -char **arg; -{ - int len; - - len = strtol(*arg, NULL, 0); - inc_anipheaders(len - ip->ip_len); - ip->ip_len = len; - free(*arg); - *arg = NULL; -} - - -void new_tcpheader() -{ - - if ((ip->ip_p) && (ip->ip_p != IPPROTO_TCP)) { - fprintf(stderr, "protocol %d specified with TCP!\n", ip->ip_p); - return; - } - ip->ip_p = IPPROTO_TCP; - - tcp = (tcphdr_t *)new_header(IPPROTO_TCP); - tcp->th_win = htons(4096); - tcp->th_off = sizeof(*tcp) >> 2; -} - - -void set_tcpsport(arg) -char **arg; -{ - u_short *port; - char *pr; - - if (ip->ip_p == IPPROTO_UDP) { - port = &udp->uh_sport; - pr = "udp"; - } else { - port = &tcp->th_sport; - pr = "udp"; - } - - *port = getportnum(pr, *arg); - free(*arg); - *arg = NULL; -} - - -void set_tcpdport(arg) -char **arg; -{ - u_short *port; - char *pr; - - if (ip->ip_p == IPPROTO_UDP) { - port = &udp->uh_dport; - pr = "udp"; - } else { - port = &tcp->th_dport; - pr = "udp"; - } - - *port = getportnum(pr, *arg); - free(*arg); - *arg = NULL; -} - - -void set_tcpseq(arg) -char **arg; -{ - tcp->th_seq = htonl(strtol(*arg, NULL, 0)); - free(*arg); - *arg = NULL; -} - - -void set_tcpack(arg) -char **arg; -{ - tcp->th_ack = htonl(strtol(*arg, NULL, 0)); - free(*arg); - *arg = NULL; -} - - -void set_tcpoff(arg) -char **arg; -{ - int off; - - off = strtol(*arg, NULL, 0); - inc_anipheaders((off - tcp->th_off) << 2); - tcp->th_off = off; - free(*arg); - *arg = NULL; -} - - -void set_tcpurp(arg) -char **arg; -{ - tcp->th_urp = htons(strtol(*arg, NULL, 0)); - free(*arg); - *arg = NULL; -} - - -void set_tcpwin(arg) -char **arg; -{ - tcp->th_win = htons(strtol(*arg, NULL, 0)); - free(*arg); - *arg = NULL; -} - - -void set_tcpsum(arg) -char **arg; -{ - tcp->th_sum = strtol(*arg, NULL, 0); - free(*arg); - *arg = NULL; -} - - -void set_tcpflags(arg) -char **arg; -{ - static char flags[] = "ASURPF"; - static int flagv[] = { TH_ACK, TH_SYN, TH_URG, TH_RST, TH_PUSH, - TH_FIN } ; - char *s, *t; - - for (s = *arg; *s; s++) - if (!(t = strchr(flags, *s))) { - if (s - *arg) { - fprintf(stderr, "unknown TCP flag %c\n", *s); - break; - } - tcp->th_flags = strtol(*arg, NULL, 0); - break; - } else - tcp->th_flags |= flagv[t - flags]; - free(*arg); - *arg = NULL; -} - - -void set_tcpopt(state, arg) -int state; -char **arg; -{ - u_char *s; - int val, len, val2, pad, optval; - - if (arg && *arg) - val = atoi(*arg); - else - val = 0; - - s = (u_char *)tcp + sizeof(*tcp) + canip->ah_optlen; - switch (state) - { - case IL_TCPO_EOL : - optval = 0; - len = 1; - break; - case IL_TCPO_NOP : - optval = 1; - len = 1; - break; - case IL_TCPO_MSS : - optval = 2; - len = 4; - break; - case IL_TCPO_WSCALE : - optval = 3; - len = 3; - break; - case IL_TCPO_TS : - optval = 8; - len = 10; - break; - default : - optval = 0; - len = 0; - break; - } - - if (len > 1) { - /* - * prepend padding - if required. - */ - if (len & 3) - for (pad = 4 - (len & 3); pad; pad--) { - *s++ = 1; - canip->ah_optlen++; - } - /* - * build tcp option - */ - *s++ = (u_char)optval; - *s++ = (u_char)len; - if (len > 2) { - if (len == 3) { /* 1 byte - char */ - *s++ = (u_char)val; - } else if (len == 4) { /* 2 bytes - short */ - *s++ = (u_char)((val >> 8) & 0xff); - *s++ = (u_char)(val & 0xff); - } else if (len >= 6) { /* 4 bytes - long */ - val2 = htonl(val); - bcopy((char *)&val2, s, 4); - } - s += (len - 2); - } - } else - *s++ = (u_char)optval; - - canip->ah_lastopt = optval; - canip->ah_optlen += len; - - if (arg && *arg) { - free(*arg); - *arg = NULL; - } -} - - -void end_tcpopt() -{ - int pad; - char *s = (char *)tcp; - - s += sizeof(*tcp) + canip->ah_optlen; - /* - * pad out so that we have a multiple of 4 bytes in size fo the - * options. make sure last byte is EOL. - */ - if (canip->ah_optlen & 3) { - if (canip->ah_lastopt != 1) { - for (pad = 3 - (canip->ah_optlen & 3); pad; pad--) { - *s++ = 1; - canip->ah_optlen++; - } - canip->ah_optlen++; - } else { - s -= 1; - - for (pad = 3 - (canip->ah_optlen & 3); pad; pad--) { - *s++ = 1; - canip->ah_optlen++; - } - } - *s++ = 0; - } - tcp->th_off = (sizeof(*tcp) + canip->ah_optlen) >> 2; - inc_anipheaders(canip->ah_optlen); -} - - -void new_udpheader() -{ - if ((ip->ip_p) && (ip->ip_p != IPPROTO_UDP)) { - fprintf(stderr, "protocol %d specified with UDP!\n", ip->ip_p); - return; - } - ip->ip_p = IPPROTO_UDP; - - udp = (udphdr_t *)new_header(IPPROTO_UDP); - udp->uh_ulen = sizeof(*udp); -} - - -void set_udplen(arg) -char **arg; -{ - int len; - - len = strtol(*arg, NULL, 0); - inc_anipheaders(len - udp->uh_ulen); - udp->uh_ulen = len; - free(*arg); - *arg = NULL; -} - - -void set_udpsum(arg) -char **arg; -{ - udp->uh_sum = strtol(*arg, NULL, 0); - free(*arg); - *arg = NULL; -} - - -void prep_packet() -{ - iface_t *ifp; - struct in_addr gwip; - - ifp = sending.snd_if; - if (!ifp) { - fprintf(stderr, "no interface defined for sending!\n"); - return; - } - if (ifp->if_fd == -1) - ifp->if_fd = initdevice(ifp->if_name, 0, 5); - gwip = sending.snd_gw; - if (!gwip.s_addr) - gwip = aniphead->ah_ip->ip_dst; - (void) send_ip(ifp->if_fd, ifp->if_MTU, (ip_t *)ipbuffer, gwip, 2); -} - - -void packet_done() -{ - char outline[80]; - int i, j, k; - u_char *s = (u_char *)ipbuffer, *t = (u_char *)outline; - - if (opts & OPT_VERBOSE) { - ip->ip_len = htons(ip->ip_len); - for (i = ntohs(ip->ip_len), j = 0; i; i--, j++, s++) { - if (j && !(j & 0xf)) { - *t++ = '\n'; - *t = '\0'; - fputs(outline, stdout); - fflush(stdout); - t = (u_char *)outline; - *t = '\0'; - } - sprintf((char *)t, "%02x", *s & 0xff); - t += 2; - if (!((j + 1) & 0xf)) { - s -= 15; - sprintf((char *)t, " "); - t += 8; - for (k = 16; k; k--, s++) - *t++ = (isprint(*s) ? *s : '.'); - s--; - } - - if ((j + 1) & 0xf) - *t++ = ' ';; - } - - if (j & 0xf) { - for (k = 16 - (j & 0xf); k; k--) { - *t++ = ' '; - *t++ = ' '; - *t++ = ' '; - } - sprintf((char *)t, " "); - t += 7; - s -= j & 0xf; - for (k = j & 0xf; k; k--, s++) - *t++ = (isprint(*s) ? *s : '.'); - *t++ = '\n'; - *t = '\0'; - } - fputs(outline, stdout); - fflush(stdout); - ip->ip_len = ntohs(ip->ip_len); - } - - prep_packet(); - free_aniplist(); -} - - -void new_interface() -{ - cifp = (iface_t *)calloc(1, sizeof(iface_t)); - *iftail = cifp; - iftail = &cifp->if_next; - cifp->if_fd = -1; -} - - -void check_interface() -{ - if (!cifp->if_name || !*cifp->if_name) - fprintf(stderr, "No interface name given!\n"); - if (!cifp->if_MTU || !*cifp->if_name) - fprintf(stderr, "Interface %s has an MTU of 0!\n", - cifp->if_name); -} - - -void set_ifname(arg) -char **arg; -{ - cifp->if_name = *arg; - *arg = NULL; -} - - -void set_ifmtu(arg) -int arg; -{ - cifp->if_MTU = arg; -} - - -void set_ifv4addr(arg) -char **arg; -{ - cifp->if_addr = getipv4addr(*arg); - free(*arg); - *arg = NULL; -} - - -void set_ifeaddr(arg) -char **arg; -{ - (void) geteaddr(*arg, &cifp->if_eaddr); - free(*arg); - *arg = NULL; -} - - -void new_arp() -{ - carp = (arp_t *)calloc(1, sizeof(arp_t)); - *arptail = carp; - arptail = &carp->arp_next; -} - - -void set_arpeaddr(arg) -char **arg; -{ - (void) geteaddr(*arg, &carp->arp_eaddr); - free(*arg); - *arg = NULL; -} - - -void set_arpv4addr(arg) -char **arg; -{ - carp->arp_addr = getipv4addr(*arg); - free(*arg); - *arg = NULL; -} - - -int arp_getipv4(ip, addr) -char *ip; -char *addr; -{ - arp_t *a; - - for (a = arplist; a; a = a->arp_next) - if (!bcmp(ip, (char *)&a->arp_addr, 4)) { - bcopy((char *)&a->arp_eaddr, addr, 6); - return 0; - } - return -1; -} - - -void reset_send() -{ - sending.snd_if = iflist; - sending.snd_gw = defrouter; -} - - -void set_sendif(arg) -char **arg; -{ - iface_t *ifp; - - for (ifp = iflist; ifp; ifp = ifp->if_next) - if (ifp->if_name && !strcmp(ifp->if_name, *arg)) - break; - sending.snd_if = ifp; - if (!ifp) - fprintf(stderr, "couldn't find interface %s\n", *arg); - free(*arg); - *arg = NULL; -} - - -void set_sendvia(arg) -char **arg; -{ - sending.snd_gw = getipv4addr(*arg); - free(*arg); - *arg = NULL; -} - - -void set_defaultrouter(arg) -char **arg; -{ - defrouter = getipv4addr(*arg); - free(*arg); - *arg = NULL; -} - - -void new_icmpheader() -{ - if ((ip->ip_p) && (ip->ip_p != IPPROTO_ICMP)) { - fprintf(stderr, "protocol %d specified with ICMP!\n", - ip->ip_p); - return; - } - ip->ip_p = IPPROTO_ICMP; - icmp = (icmphdr_t *)new_header(IPPROTO_ICMP); -} - - -void set_icmpcode(code) -int code; -{ - icmp->icmp_code = code; -} - - -void set_icmptype(type) -int type; -{ - icmp->icmp_type = type; -} - - -static char *icmpcodes[] = { - "net-unr", "host-unr", "proto-unr", "port-unr", "needfrag", "srcfail", - "net-unk", "host-unk", "isolate", "net-prohib", "host-prohib", - "net-tos", "host-tos", NULL }; - -void set_icmpcodetok(code) -char **code; -{ - char *s; - int i; - - for (i = 0; (s = icmpcodes[i]); i++) - if (!strcmp(s, *code)) { - icmp->icmp_code = i; - break; - } - if (!s) - fprintf(stderr, "unknown ICMP code %s\n", *code); - free(*code); - *code = NULL; -} - - -static char *icmptypes[] = { - "echorep", (char *)NULL, (char *)NULL, "unreach", "squench", - "redir", (char *)NULL, (char *)NULL, "echo", (char *)NULL, - (char *)NULL, "timex", "paramprob", "timest", "timestrep", - "inforeq", "inforep", "maskreq", "maskrep", "END" -}; - -void set_icmptypetok(type) -char **type; -{ - char *s; - int i, done = 0; - - for (i = 0; !(s = icmptypes[i]) || strcmp(s, "END"); i++) - if (s && !strcmp(s, *type)) { - icmp->icmp_type = i; - done = 1; - break; - } - if (!done) - fprintf(stderr, "unknown ICMP type %s\n", *type); - free(*type); - *type = NULL; -} - - -void set_icmpid(arg) -int arg; -{ - icmp->icmp_id = htons(arg); -} - - -void set_icmpseq(arg) -int arg; -{ - icmp->icmp_seq = htons(arg); -} - - -void set_icmpotime(arg) -int arg; -{ - icmp->icmp_otime = htonl(arg); -} - - -void set_icmprtime(arg) -int arg; -{ - icmp->icmp_rtime = htonl(arg); -} - - -void set_icmpttime(arg) -int arg; -{ - icmp->icmp_ttime = htonl(arg); -} - - -void set_icmpmtu(arg) -int arg; -{ -#if BSD >= 199306 - icmp->icmp_nextmtu = htons(arg); -#endif -} - - -void set_redir(redir, arg) -int redir; -char **arg; -{ - icmp->icmp_code = redir; - icmp->icmp_gwaddr = getipv4addr(*arg); - free(*arg); - *arg = NULL; -} - - -void set_icmppprob(num) -int num; -{ - icmp->icmp_pptr = num; -} - - -void new_ipv4opt() -{ - new_header(-2); -} - - -void add_ipopt(state, ptr) -int state; -void *ptr; -{ - struct ipopt_names *io; - struct statetoopt *sto; - char numbuf[16], *arg, **param = ptr; - int inc, hlen; - - if (state == IL_IPO_RR || state == IL_IPO_SATID) { - if (param) - sprintf(numbuf, "%d", *(int *)param); - else - strcpy(numbuf, "0"); - arg = numbuf; - } else - arg = param ? *param : NULL; - - if (canip->ah_next) { - fprintf(stderr, "cannot specify options after data body\n"); - return; - } - for (sto = toipopts; sto->sto_st; sto++) - if (sto->sto_st == state) - break; - if (!sto || !sto->sto_st) { - fprintf(stderr, "No mapping for state %d to IP option\n", - state); - return; - } - - hlen = sizeof(ip_t) + canip->ah_optlen; - for (io = ionames; io->on_name; io++) - if (io->on_value == sto->sto_op) - break; - canip->ah_lastopt = io->on_value; - - if (io->on_name) { - inc = addipopt((char *)ip + hlen, io, hlen - sizeof(ip_t),arg); - if (inc > 0) { - while (inc & 3) { - ((char *)ip)[sizeof(*ip) + inc] = IPOPT_NOP; - canip->ah_lastopt = IPOPT_NOP; - inc++; - } - hlen += inc; - } - } - - canip->ah_optlen = hlen - sizeof(ip_t); - - if (state != IL_IPO_RR && state != IL_IPO_SATID) - if (param && *param) { - free(*param); - *param = NULL; - } - sclass = NULL; -} - - -void end_ipopt() -{ - int pad; - char *s, *buf = (char *)ip; - - /* - * pad out so that we have a multiple of 4 bytes in size fo the - * options. make sure last byte is EOL. - */ - if (canip->ah_lastopt == IPOPT_NOP) { - buf[sizeof(*ip) + canip->ah_optlen - 1] = IPOPT_EOL; - } else if (canip->ah_lastopt != IPOPT_EOL) { - s = buf + sizeof(*ip) + canip->ah_optlen; - - for (pad = 3 - (canip->ah_optlen & 3); pad; pad--) { - *s++ = IPOPT_NOP; - *s = IPOPT_EOL; - canip->ah_optlen++; - } - canip->ah_optlen++; - } else { - s = buf + sizeof(*ip) + canip->ah_optlen - 1; - - for (pad = 3 - (canip->ah_optlen & 3); pad; pad--) { - *s++ = IPOPT_NOP; - *s = IPOPT_EOL; - canip->ah_optlen++; - } - } - ip->ip_hl = (sizeof(*ip) + canip->ah_optlen) >> 2; - inc_anipheaders(canip->ah_optlen); - free_anipheader(); -} - - -void set_secclass(arg) -char **arg; -{ - sclass = *arg; - *arg = NULL; -} - - -void free_anipheader() -{ - aniphdr_t *aip; - - aip = canip; - if ((canip = aip->ah_prev)) { - canip->ah_next = NULL; - aniptail = &canip->ah_next; - } - - if (canip) - free(aip); -} - - -void end_ipv4() -{ - aniphdr_t *aip; - - ip->ip_sum = 0; - ip->ip_len = htons(ip->ip_len); - ip->ip_sum = chksum((u_short *)ip, ip->ip_hl << 2); - ip->ip_len = ntohs(ip->ip_len); - free_anipheader(); - for (aip = aniphead, ip = NULL; aip; aip = aip->ah_next) - if (aip->ah_p == IPPROTO_IP) - ip = aip->ah_ip; -} - - -void end_icmp() -{ - aniphdr_t *aip; - - icmp->icmp_cksum = 0; - icmp->icmp_cksum = chksum((u_short *)icmp, canip->ah_len); - free_anipheader(); - for (aip = aniphead, icmp = NULL; aip; aip = aip->ah_next) - if (aip->ah_p == IPPROTO_ICMP) - icmp = aip->ah_icmp; -} - - -void end_udp() -{ - u_long sum; - aniphdr_t *aip; - ip_t iptmp; - - bzero((char *)&iptmp, sizeof(iptmp)); - iptmp.ip_p = ip->ip_p; - iptmp.ip_src = ip->ip_src; - iptmp.ip_dst = ip->ip_dst; - iptmp.ip_len = htons(ip->ip_len - (ip->ip_hl << 2)); - sum = p_chksum((u_short *)&iptmp, (u_int)sizeof(iptmp)); - udp->uh_ulen = htons(udp->uh_ulen); - udp->uh_sum = c_chksum((u_short *)udp, (u_int)ntohs(iptmp.ip_len), sum); - free_anipheader(); - for (aip = aniphead, udp = NULL; aip; aip = aip->ah_next) - if (aip->ah_p == IPPROTO_UDP) - udp = aip->ah_udp; -} - - -void end_tcp() -{ - u_long sum; - aniphdr_t *aip; - ip_t iptmp; - - bzero((char *)&iptmp, sizeof(iptmp)); - iptmp.ip_p = ip->ip_p; - iptmp.ip_src = ip->ip_src; - iptmp.ip_dst = ip->ip_dst; - iptmp.ip_len = htons(ip->ip_len - (ip->ip_hl << 2)); - sum = p_chksum((u_short *)&iptmp, (u_int)sizeof(iptmp)); - tcp->th_sum = 0; - tcp->th_sum = c_chksum((u_short *)tcp, (u_int)ntohs(iptmp.ip_len), sum); - free_anipheader(); - for (aip = aniphead, tcp = NULL; aip; aip = aip->ah_next) - if (aip->ah_p == IPPROTO_TCP) - tcp = aip->ah_tcp; -} - - -void end_data() -{ - free_anipheader(); -} - - -void iplang(fp) -FILE *fp; -{ - yyin = fp; - - yydebug = (opts & OPT_DEBUG) ? 1 : 0; - - while (!feof(fp)) - yyparse(); -} - - -u_short c_chksum(buf, len, init) -u_short *buf; -u_int len; -u_long init; -{ - u_long sum = init; - int nwords = len >> 1; - - for(; nwords > 0; nwords--) - sum += *buf++; - sum = (sum>>16) + (sum & 0xffff); - sum += (sum >>16); - return (~sum); -} - - -u_long p_chksum(buf,len) -u_short *buf; -u_int len; -{ - u_long sum = 0; - int nwords = len >> 1; - - for(; nwords > 0; nwords--) - sum += *buf++; - return sum; -} diff --git a/usr.sbin/ipsend/ipsend/ipsend.1 b/usr.sbin/ipsend/ipsend/ipsend.1 deleted file mode 100644 index 550d0318031..00000000000 --- a/usr.sbin/ipsend/ipsend/ipsend.1 +++ /dev/null @@ -1,90 +0,0 @@ -.\" $OpenBSD: ipsend.1,v 1.7 2000/11/08 19:37:35 aaron Exp $ -.Dd August 22, 2000 -.Dt IPSEND 1 -\!\" Originally by Darren Reed <darrenr@cyber.com.au> -.Os -.Sh NAME -.Nm ipsend -.Nd sends IP packets -.Sh SYNOPSIS -.Nm ipsend -.Op Ar -dITUv -.Op Ar -i interface -.Op Ar -f offset -.Op Ar -g gateway -.Op Ar -m MTU -.Op Ar -o option -.Op Ar -P protocol -.Op Ar -s source -.Op Ar -t dest port -.Op Ar -w window -.Op destination -.Op TCP-flags -.Sh DESCRIPTION -.Pp -.Nm -can be compiled in two ways. The first is used to send one-off -packets to a destination host, using command line options to specify various -attributes present in the headers. The destination must be given at the -last command line option, except for when TCP flags are specified as -a combination of A, S, F, U, P and R, last. -.Pp -The other way it may be compiled, with DOSOCKET defined, is to allow an -attempt at making a TCP connection using a with ipsend resending the SYN -packet as per the command line options. -.Pp -The options are as follows: -.Bl -tag -width Ds -.It Fl d -Enable debugging mode. -.It Fl f Ar offset -Allows the IP offset field in the IP header to be set to an arbitrary -value, which can be specified in decimal or hexadecimal. -.It Fl g Ar gateway -Specify the hostname of the gateway through which to route packets. This -is required whenever the destination host isn't directly attached to the -same network as the host from which you're sending. -.It Fl i Ar interface -Set the interface name to be the name supplied. -.It Fl m Ar MTU -Specify the MTU to be used when sending out packets. This option allows you -to set a fake MTU, allowing the simulation of network interfaces with small -MTU's without setting them so. -.It Fl o Ar option -Specify options to be included at the end of the IP header. An EOL option -is automatically appended and need not be given. If an option would also -have data associated with it (source as an IP number for a lsrr option), then -this will not be initialised. -.It Fl s Ar source -Set the source address in the packet to that provided - maybe either a -hostname or IP number. -.It Fl t Ar dest.port -Set the destination port for TCP/UDP packets. -.It Fl w Ar window -Set the window size for TCP packets. -.It Fl I -Set the protocol to ICMP. -.It Fl P -Set the protocol to the value given. If the parameter is a name, the name -is looked up in the -.Pa /etc/protocols -file. -.It Fl T -Set the protocol to TCP. -.It Fl U -Set the protocol to UDP. -.It Fl v -Enable verbose mode. -.El -.Sh SEE ALSO -.Xr ipsend 1 -.Xr ipresend 1 -.Xr iptest 1 -.Xr protocols 4 -.Xr bpf 4 -.Sh DIAGNOSTICS -.Pp -Needs to be run as root. -.Sh BUGS -.Pp -If you find any, please send email to me at darrenr@cyber.com.au diff --git a/usr.sbin/ipsend/ipsend/ipsend.5 b/usr.sbin/ipsend/ipsend/ipsend.5 deleted file mode 100644 index 89aee11281a..00000000000 --- a/usr.sbin/ipsend/ipsend/ipsend.5 +++ /dev/null @@ -1,399 +0,0 @@ -.\" $OpenBSD: ipsend.5,v 1.5 2000/03/14 21:31:36 aaron Exp $ -.TH IPSEND 5 -.SH NAME -ipsend \- IP packet description language -.SH DESCRIPTION -The \fBipsend\fP program expects, with the \fB-L\fP option, input to be a -text file which fits the grammar described below. The purpose of this -grammar is to allow IP packets to be described in an arbitrary way which -also allows encapsulation to be so done to an arbitrary level. -.SH GRAMMAR -.LP -.nf -line ::= iface | arp | send | defrouter | ipv4line . - -iface ::= ifhdr "{" ifaceopts "}" ";" . -ifhdr ::= "interface" | "iface" . -ifaceopts ::= "ifname" name | "mtu" mtu | "v4addr" ipaddr | - "eaddr" eaddr . - -send ::= "send" ";" | "send" "{" sendbodyopts "}" ";" . -sendbodyopts ::= sendbody [ sendbodyopts ] . -sendbody ::= "ifname" name | "via" ipaddr . - -defrouter ::= "router" ipaddr . - -arp ::= "arp" "{" arpbodyopts "}" ";" . -arpbodyopts ::= arpbody [ arpbodyopts ] . -arpbody ::= "v4addr" ipaddr | "eaddr" eaddr . - -bodyline ::= ipv4line | tcpline | udpline | icmpline | dataline . - -ipv4line ::= "ipv4" "{" ipv4bodyopts "}" ";" . -ipv4bodyopts ::= ipv4body [ ipv4bodyopts ] | bodyline . -ipv4body ::= "proto" protocol | "src" ipaddr | "dst" ipaddr | - "off" number | "v" number | "hl" number| "id" number | - "ttl" number | "tos" number | "sum" number | "len" number | - "opt" "{" ipv4optlist "}" ";" . -ipv4optlist ::= ipv4option [ ipv4optlist ] . -ipv4optlist = "nop" | "rr" | "zsu" | "mtup" | "mtur" | "encode" | "ts" | - "tr" | "sec" | "lsrr" | "e-sec" | "cipso" | "satid" | - "ssrr" | "addext" | "visa" | "imitd" | "eip" | "finn" | - "secclass" ipv4secclass. -ipv4secclass := "unclass" | "confid" | "reserv-1" | "reserv-2" | - "reserv-3" | "reserv-4" | "secret" | "topsecret" . - -tcpline ::= "tcp" "{" tcpbodyopts "}" ";" . -tcpbodyopts ::= tcpbody [ tcpbodyopts ] | bodyline . -tcpbody ::= "sport" port | "dport" port | "seq" number | "ack" number | - "off" number | "urp" number | "win" number | "sum" number | - "flags" tcpflags | data . - -udpline ::= "udp" "{" udpbodyopts "}" ";" . -udpbodyopts ::= udpbody [ udpbodyopts ] | bodyline . -udpbody ::= "sport" port | "dport" port | "len" number | "sum" number | - data . - -icmpline ::= "icmp" "{" icmpbodyopts "}" ";" . -icmpbodyopts ::= icmpbody [ icmpbodyopts ] | bodyline . -icmpbody ::= "type" icmptype [ "code" icmpcode ] . -icmptype ::= "echorep" | "echorep" "{" echoopts "}" ";" | "unreach" | - "unreach" "{" unreachtype "}" ";" | "squench" | "redir" | - "redir" "{" redirtype "}" ";" | "echo" "{" echoopts "}" ";" | - "echo" | "routerad" | "routersol" | "timex" | - "timex" "{" timextype "}" ";" | "paramprob" | - "paramprob" "{" parapptype "}" ";" | "timest" | "timestrep" | - "inforeq" | "inforep" | "maskreq" | "maskrep" . - -echoopts ::= echoopts [ icmpechoopts ] . -unreachtype ::= "net-unr" | "host-unr" | "proto-unr" | "port-unr" | - "needfrag" | "srcfail" | "net-unk" | "host-unk" | "isolate" | - "net-prohib" | "host-prohib" | "net-tos" | "host-tos" | - "filter-prohib" | "host-preced" | "cutoff-preced" . -redirtype ::= "net-redir" | "host-redir" | "tos-net-redir" | - "tos-host-redir" . -timextype ::= "intrans" | "reass" . -paramptype ::= "optabsent" . - -data ::= "data" "{" databodyopts "}" ";" . -databodyopts ::= "len" number | "value" string | "file" filename . - -icmpechoopts ::= "icmpseq" number | "icmpid" number . -.fi -.SH COMMANDS -.PP -Before sending any packets or defining any packets, it is necessary to -describe the interface(s) which will be used to send packets out. -.TP -.B interface -is used to describe a network interface. The description included need -not match the actual configuration currently employed by the operating -system. -.TP -.B send -is used to actually send out a packet across the network. If the -destination is not specified, it will attempt to send the packet -directly out on the network to the destination without routing it. -.TP -.B router -configures the default router for ipsend, as distinct from the default -route installed in the kernel. -.TP -.B ipv4 -is used to describe an IP (version 4) packet. IP header fields can be -specified, including options, followed by a data section which may contain -further protocol headers. -.SH IPV4 -.TP -.B hl <number> -manually specifies the IP header length (automatically adjusts with the -presence of IP options and defaults to 5); -.TP -.B v <number> -set the IP version. Default is 4. -.TP -.B tos <number> -set the type of service (TOS) field in the IP header. Default is 0. -.TP -.B len <number> -manually specifies the length of the IP packet. The length will automatically -be adjusted to accomodate data or further protocol headers. -.TP -.B off <number> -sets the fragment offset field of the IP packet. Default is 0. -.TP -.B ttl <number> -sets the time to live (TTL) field of the IP header. Default is 60. -.TP -.B proto <protocol> -sets the protocol field of the IP header. The protocol can either be a -number or a name found in \fB/etc/protocols\fP. -.TP -.B sum -manually specifies the checksum for the IP header. If left unset (0), it -will be calculated prior to being sent. -.TP -.B src -manually specifies the source address of the IP header. If left unset, it -will default to the host's IP address. -.TP -.B dst -sets the destination of the IP packet. The default is 0.0.0.0. -.TP -.B opt -is used to include IP options in the IP header. -.TP -.B tcp -is used to indicate the a TCP protocol header is to follow. See the \fBTCP\fP -section for TCP header options. -.TP -.B udp -is used to indicate the a UDP protocol header is to follow. See the \fBUDP\fP -section for UDP header options. -.TP -.B icmp -is used to indicate the a ICMP protocol header is to follow. See the -\fBICMP\fP section for ICMP header options. -.TP -.B data -is used to indicate that raw data is to be included in the IP packet. See the -\fBDATA\fP section for details on options available. -.SH "IPv4 Options" -these keywords indicate that the releveant IP option should be added to the -IP header (the header length field will be adjusted appropriately). -.TP -.B nop -No Operation [RFC 791] (space filler). -.TP -.B rr <number> -Record Router [RFC 791]. The number given specifies the number of -\fBbytes\fP to be used for storage. This should be a multiple of 4 for -proper operation. -.TP -.B zsu -Experimental Measurement. -.TP -.B mtup [RFC 1191]. -MTU Probe. -.TP -.B mtur [RFC 1191]. -MTU Ready. -.TP -.B encode -.TP -.B ts -Timestamp [RFC 791]. -.TP -.B tr -Traceroute [RFC 1393]. -.TP -.B "sec-class <security-level>, sec" -Security [RFC 1108]. This option specifies the security label for the packet. -Using \fBsec\fP sets up the framework of the security option but unless -\fBsec-class\fP is given, the level may not be set. -.TP -.B "lsrr <ip-address>" -Loose Source Route [RFC 791]. -.TP -.B e-sec -Extended Security [RFC 1108]. -.TP -.B cipso -Commercial Security. -.TP -.B satid -Stream ID [RFC 791]. -.TP -.B "ssrr <ip-address>" -Strict Source Route [RFC 791]. -.TP -.B addext -Address Extension -.TP -.B visa -Expermental Access Control. -.TP -.B imitd -IMI Traffic Descriptor. -.TP -.B eip -[RFC 1358]. -.TP -.B finn -Experimental Flow Control. -.SH TCP -.TP -.B sport <port> -sets the source port to the number/name given. Default is 0. -.TP -.B dport <port> -sets the destination port to the number/name given. Default is 0. -.TP -.B seq <number> -sets the sequence number to the number specified. Default is 0. -.TP -.B ack <number> -sets the acknowledge number to the number specified. Default is 0. -.TP -.B off <number> -sets the offset value for the start of data to the number specified. This -implies the size of the TCP header. It is automatically adjusted if TCP -options are included and defaults to 5. -.TP -.B urp <number> -sets the value of the urgent data pointer to the number specified. Default -is 0. -.TP -.B win <number> -sets the size of the TCP window to the number specified. Default is 4096. -.TP -.B sum <number> -manually specifies the checksum for the TCP pseudo-header and data. If left -unset, it defaults to 0 and is automatically calculated. -.TP -.B flags <tcp-flags> -sets the TCP flags field to match the flags specified. Valid flags are -"S" (SYN), "A" (ACK), "R" (RST), "F" (FIN), "U" (URG), "P" (PUSH). -.TP -.B opt -indicates that TCP header options follow. As TCP options are added to the -TCP header, the \fBoff\fP field is updated to match. -.TP -.B data -indicates that a data section is to follow and is to be included as raw -data, being appended to the header. -.SH "TCP options" -With a TCP header, it is possible to append a number of header options. -The TCP header offset will be updated automatically to reflect the change -in size. The valid options are: \fBnop\fP No Operation, -\fBeol\fP End Of (option) List, \fBmss [ size ]\fP Maximum Segment Size - this -sets the maximum receivable size of a packet containing data, -\fBwscale\fP Window Scale, \fBts\fP Timestamp. -.SH UDP -.TP -.B sport <port> -sets the source port to the number/name given. Default is 0. -.TP -.B dport <port> -sets the destination port to the number/name given. Default is 0. -.TP -.B len <number> -manually specifies the length of the UDP header and data. If left unset, -it is automatically adjusted to match the header presence and any data if -present. -.TP -.B sum <number> -manually specifies the checksum for the UDP pseudo-header and data. If left -unset, it defaults to 0 and is automatically calculated. -.TP -.B data -indicates that a data section is to follow and is to be included as raw -data, being appended to the header. -.SH ICMP -.TP -.B type <icmptype> -sets the ICMP type according the to the icmptype tag. This may either be -a number or one of the recognised tags (see the \fBICMP TYPES\fP section for a -list of names recognised). -.TP -.B code <icmpcode> -sets the ICMP code. -.TP -.B data -indicates that a data section is to follow and is to be included as raw -data, being appended to the header. -.SH DATA -Each of the following extend the packet in a different way. \fBLen\fP just -increases the length (without adding any content), \fBvalue\fP uses a string -and \fBfile\fP a file. -.TP -.B len <number> -extend the length of the packet by \fBnumber\fP bytes (without filling those -bytes with any particular data). -.TP -.B value <string> -indicates that the string provided should be added to the current packet as -data. A string may be a consecutive list of characters and numbers (with -no whitespace) or bounded by "'s (may not contain them, even if \\'d). -The \\ character is recognised with the appropriate C escaped values, including -octal numbers. -.TP -.B file <filename> -reads data in from the specified file and appends it to the current packet. -If the new total length would exceed 64k, an error will be reported. -.SH "ICMP TYPES" -.TP -.B echorep -Eecho Reply. -.TP -.B "unreach [ unreachable-code ]" -Generic Unreachable error. This is used to indicate that an error has -occurred whilst trying to send the packet across the network and that the -destination cannot be reached. The unreachable code names are: -\fBnet-unr\fP network unreachable, \fBhost-unr\fP host unreachable, -\fBproto-unr\fP protocol unreachable, \fBport-unr\fP port unreachable, -\fBneedfrag\fP, \fBsrcfail\fP source route failed, -\fBnet-unk\fP network unknown, \fBhost-unk\fP host unknown, -\fBisolate\fP, \fBnet-prohib\fP administratively prohibited contact with -network, -\fBhost-prohib\fP administratively prohibited contact with host, -\fBnet-tos\fP network unreachable with given TOS, -\fBhost-tos\fP host unreachable with given TOS, -\fBfilter-prohib\fP packet prohibited by packet filter, -\fBhost-preced\fP, -\fBcutoff-preced\fP. -.TP -.B squench -Source Quence. -.TP -.B "redir [ redirect-code ]" -Redirect (routing). This is used to indicate that the route being chosen -for forwarding the packet is suboptimal and that the sender of the packet -should be routing packets via another route. The redirect code names are: -\fBnet-redir\fP redirect packets for a network, -\fBhost-redir\fP redirect packets for a host, -\fBtos-net-redir\fP redirect packets for a network with a given TOS, -\fBtos-host-redir\fP redirect packets for a host with a given TOS. -.TP -.B echo -Echo. -.TP -.B routerad -Router Advertisment. -.TP -.B routersol -Router solicitation. -.TP -.B "timex [ timexceed-code ]" -Time Exceeded. This is used to indicate that the packet failed to reach the -destination because it was in transit too long (i.e., ttl reached 0). The -valid code names are: \fBintrans\fP, -\fBreass\fP could not reassemble packet from fragments within a given time. -.TP -.B "paramprob [ paramprob-code ]" -Parameter problem. There is only one available parameter problem code name: -\fBoptabsent\fP. -.TP -.B timest -Time stamp request. -.TP -.B "timestrep [ { timestamp-code } ]" -Time stamp reply. In a timestamp reply, it is possible to supply the -following values: \fBrtime\fP, \fBotime\fP, \fBttime\fP. -.TP -.B inforeq -Information request. -.TP -.B inforep -Information reply. -.TP -.B maskreq -Address mask request. -.TP -.B maskrep -Address mask reply. -.SH FILES -/etc/protocols -/etc/services -/etc/hosts -.SH SEE ALSO diff --git a/usr.sbin/ipsend/ipsend/ipsend.c b/usr.sbin/ipsend/ipsend/ipsend.c deleted file mode 100644 index 43eedf46dbe..00000000000 --- a/usr.sbin/ipsend/ipsend/ipsend.c +++ /dev/null @@ -1,402 +0,0 @@ -/* $OpenBSD: ipsend.c,v 1.7 2001/01/17 06:01:26 fgsch Exp $ */ - -/* - * ipsend.c (C) 1995-1998 Darren Reed - * - * This was written to test what size TCP fragments would get through - * various TCP/IP packet filters, as used in IP firewalls. In certain - * conditions, enough of the TCP header is missing for unpredictable - * results unless the filter is aware that this can happen. - * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. - */ -#if !defined(lint) -static const char sccsid[] = "@(#)ipsend.c 1.5 12/10/95 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)$IPFilter: ipsend.c,v 2.2 1999/12/04 03:37:05 darrenr Exp $"; -#endif -#include <stdio.h> -#include <stdlib.h> -#include <unistd.h> -#include <netdb.h> -#include <string.h> -#include <sys/param.h> -#include <sys/types.h> -#include <sys/time.h> -#include <sys/socket.h> -#include <netinet/in.h> -#include <arpa/inet.h> -#include <netinet/in_systm.h> -#include <netinet/ip.h> -#include <netinet/tcp.h> -#include <netinet/udp.h> -#include <netinet/ip_icmp.h> -#ifndef linux -#include <netinet/ip_var.h> -#endif -#include "ipsend.h" -#include "ipf.h" - - -extern char *optarg; -extern int optind; -extern void iplang __P((FILE *)); - -char options[68]; -int opts; -#ifdef linux -char default_device[] = "eth0"; -#else -# ifdef sun -char default_device[] = "le0"; -# else -# ifdef ultrix -char default_device[] = "ln0"; -# else -# ifdef __bsdi__ -char default_device[] = "ef0"; -# else -# ifdef __sgi -char default_device[] = "ec0"; -# else -char default_device[] = "lan0"; -# endif -# endif -# endif -# endif -#endif - - -static void usage __P((char *)); -static void do_icmp __P((ip_t *, char *)); -int main __P((int, char **)); - - -static void usage(prog) -char *prog; -{ - fprintf(stderr, "Usage: %s [options] dest [flags]\n\ -\toptions:\n\ -\t\t-d\tdebug mode\n\ -\t\t-i device\tSend out on this device\n\ -\t\t-f fragflags\tcan set IP_MF or IP_DF\n\ -\t\t-g gateway\tIP gateway to use if non-local dest.\n\ -\t\t-I code,type[,gw[,dst[,src]]]\tSet ICMP protocol\n\ -\t\t-m mtu\t\tfake MTU to use when sending out\n\ -\t\t-P protocol\tSet protocol by name\n\ -\t\t-s src\t\tsource address for IP packet\n\ -\t\t-T\t\tSet TCP protocol\n\ -\t\t-t port\t\tdestination port\n\ -\t\t-U\t\tSet UDP protocol\n\ -\t\t-v\tverbose mode\n\ -\t\t-w <window>\tSet the TCP window size\n\ -", prog); - fprintf(stderr, "Usage: %s [-dv] -L <filename>\n\ -\toptions:\n\ -\t\t-d\tdebug mode\n\ -\t\t-L filename\tUse IP language for sending packets\n\ -\t\t-v\tverbose mode\n\ -", prog); - exit(1); -} - - -static void do_icmp(ip, args) -ip_t *ip; -char *args; -{ - struct icmp *ic; - char *s; - - ip->ip_p = IPPROTO_ICMP; - ip->ip_len += sizeof(*ic); - ic = (struct icmp *)(ip + 1); - bzero((char *)ic, sizeof(*ic)); - if (!(s = strchr(args, ','))) - { - fprintf(stderr, "ICMP args missing: ,\n"); - return; - } - *s++ = '\0'; - ic->icmp_type = atoi(args); - ic->icmp_code = atoi(s); - if (ic->icmp_type == ICMP_REDIRECT && strchr(s, ',')) - { - char *t; - - t = strtok(s, ","); - t = strtok(NULL, ","); - if (resolve(t, (char *)&ic->icmp_gwaddr) == -1) - { - fprintf(stderr,"Cant resolve %s\n", t); - exit(2); - } - if ((t = strtok(NULL, ","))) - { - if (resolve(t, (char *)&ic->icmp_ip.ip_dst) == -1) - { - fprintf(stderr,"Cant resolve %s\n", t); - exit(2); - } - if ((t = strtok(NULL, ","))) - { - if (resolve(t, - (char *)&ic->icmp_ip.ip_src) == -1) - { - fprintf(stderr,"Cant resolve %s\n", t); - exit(2); - } - } - } - } -} - - -int send_packets(dev, mtu, ip, gwip) -char *dev; -int mtu; -ip_t *ip; -struct in_addr gwip; -{ - u_short sport = 0; - int wfd; - - if (ip->ip_p == IPPROTO_TCP || ip->ip_p == IPPROTO_UDP) - sport = ((struct tcpiphdr *)ip)->ti_sport; - wfd = initdevice(dev, sport, 5); - - return send_packet(wfd, mtu, ip, gwip); -} - - -int main(argc, argv) -int argc; -char **argv; -{ - FILE *langfile = NULL; - struct tcpiphdr *ti; - struct in_addr gwip; - tcphdr_t *tcp; - ip_t *ip; - char *name = argv[0], host[MAXHOSTNAMELEN + 1]; - char *gateway = NULL, *dev = NULL; - char *src = NULL, *dst, *s; - int mtu = 1500, olen = 0, c, nonl = 0; - - /* - * 65535 is maximum packet size...you never know... - */ - ip = (ip_t *)calloc(1, 65536); - ti = (struct tcpiphdr *)ip; - tcp = (tcphdr_t *)&ti->ti_sport; - ip->ip_len = sizeof(*ip); - ip->ip_hl = sizeof(*ip) >> 2; - - while ((c = getopt(argc, argv, "I:L:P:TUdf:i:g:m:o:s:t:vw:")) != -1) - switch (c) - { - case 'I' : - nonl++; - if (ip->ip_p) - { - fprintf(stderr, "Protocol already set: %d\n", - ip->ip_p); - break; - } - do_icmp(ip, optarg); - break; - case 'L' : - if (nonl) { - fprintf(stderr, - "Incorrect usage of -L option.\n"); - usage(name); - } - if (!strcmp(optarg, "-")) - langfile = stdin; - else if (!(langfile = fopen(optarg, "r"))) { - fprintf(stderr, "can't open file %s\n", - optarg); - exit(1); - } - iplang(langfile); - return 0; - case 'P' : - { - struct protoent *p; - - nonl++; - if (ip->ip_p) - { - fprintf(stderr, "Protocol already set: %d\n", - ip->ip_p); - break; - } - if ((p = getprotobyname(optarg))) - ip->ip_p = p->p_proto; - else - fprintf(stderr, "Unknown protocol: %s\n", - optarg); - break; - } - case 'T' : - nonl++; - if (ip->ip_p) - { - fprintf(stderr, "Protocol already set: %d\n", - ip->ip_p); - break; - } - ip->ip_p = IPPROTO_TCP; - ip->ip_len += sizeof(tcphdr_t); - break; - case 'U' : - nonl++; - if (ip->ip_p) - { - fprintf(stderr, "Protocol already set: %d\n", - ip->ip_p); - break; - } - ip->ip_p = IPPROTO_UDP; - ip->ip_len += sizeof(udphdr_t); - break; - case 'd' : - opts |= OPT_DEBUG; - break; - case 'f' : - nonl++; - ip->ip_off = strtol(optarg, NULL, 0); - break; - case 'g' : - nonl++; - gateway = optarg; - break; - case 'i' : - nonl++; - dev = optarg; - break; - case 'm' : - nonl++; - mtu = atoi(optarg); - if (mtu < 28) - { - fprintf(stderr, "mtu must be > 28\n"); - exit(1); - } - break; - case 'o' : - nonl++; - olen = buildopts(optarg, options, (ip->ip_hl - 5) << 2); - break; - case 's' : - nonl++; - src = optarg; - break; - case 't' : - nonl++; - if (ip->ip_p == IPPROTO_TCP || ip->ip_p == IPPROTO_UDP) - tcp->th_dport = htons(atoi(optarg)); - break; - case 'v' : - opts |= OPT_VERBOSE; - break; - case 'w' : - nonl++; - if (ip->ip_p == IPPROTO_TCP) - tcp->th_win = atoi(optarg); - else - fprintf(stderr, "set protocol to TCP first\n"); - break; - default : - fprintf(stderr, "Unknown option \"%c\"\n", c); - usage(name); - } - - if (argc - optind < 1) - usage(name); - dst = argv[optind++]; - - if (!src) - { - gethostname(host, sizeof(host)); - src = host; - } - - if (resolve(src, (char *)&ip->ip_src) == -1) - { - fprintf(stderr,"Cant resolve %s\n", src); - exit(2); - } - - if (resolve(dst, (char *)&ip->ip_dst) == -1) - { - fprintf(stderr,"Cant resolve %s\n", dst); - exit(2); - } - - if (!gateway) - gwip = ip->ip_dst; - else if (resolve(gateway, (char *)&gwip) == -1) - { - fprintf(stderr,"Cant resolve %s\n", gateway); - exit(2); - } - - if (olen) - { - caddr_t ipo = (caddr_t)ip; - - printf("Options: %d\n", olen); - ti = (struct tcpiphdr *)malloc(olen + ip->ip_len); - bcopy((char *)ip, (char *)ti, sizeof(*ip)); - ip = (ip_t *)ti; - ip->ip_hl = (olen >> 2); - bcopy(options, (char *)(ip + 1), olen); - bcopy((char *)tcp, (char *)(ip + 1) + olen, sizeof(*tcp)); - ip->ip_len += olen; - bcopy((char *)ip, (char *)ipo, ip->ip_len); - ip = (ip_t *)ipo; - tcp = (tcphdr_t *)((char *)(ip + 1) + olen); - } - - if (ip->ip_p == IPPROTO_TCP) - for (s = argv[optind]; s && (c = *s); s++) - switch(c) - { - case 'S' : case 's' : - tcp->th_flags |= TH_SYN; - break; - case 'A' : case 'a' : - tcp->th_flags |= TH_ACK; - break; - case 'F' : case 'f' : - tcp->th_flags |= TH_FIN; - break; - case 'R' : case 'r' : - tcp->th_flags |= TH_RST; - break; - case 'P' : case 'p' : - tcp->th_flags |= TH_PUSH; - break; - case 'U' : case 'u' : - tcp->th_flags |= TH_URG; - break; - } - - if (!dev) - dev = default_device; - printf("Device: %s\n", dev); - printf("Source: %s\n", inet_ntoa(ip->ip_src)); - printf("Dest: %s\n", inet_ntoa(ip->ip_dst)); - printf("Gateway: %s\n", inet_ntoa(gwip)); - if (ip->ip_p == IPPROTO_TCP && tcp->th_flags) - printf("Flags: %#x\n", tcp->th_flags); - printf("mtu: %d\n", mtu); - -#ifdef DOSOCKET - if (tcp->th_dport) - return do_socket(dev, mtu, ti, gwip); -#endif - return send_packets(dev, mtu, (ip_t *)ti, gwip); -} diff --git a/usr.sbin/ipsend/ipsend/ipsopt.c b/usr.sbin/ipsend/ipsend/ipsopt.c deleted file mode 100644 index f24b5b00cc4..00000000000 --- a/usr.sbin/ipsend/ipsend/ipsopt.c +++ /dev/null @@ -1,197 +0,0 @@ -/* $OpenBSD: ipsopt.c,v 1.3 2001/01/17 06:01:27 fgsch Exp $ */ - -/* - * Copyright (C) 1995-1998 by Darren Reed. - * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. - */ -#if !defined(lint) -static const char sccsid[] = "@(#)ipsopt.c 1.2 1/11/96 (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)$IPFilter: ipsopt.c,v 2.1 1999/08/04 17:31:07 darrenr Exp $"; -#endif -#include <stdio.h> -#include <string.h> -#include <stdlib.h> -#include <sys/types.h> -#include <sys/time.h> -#include <sys/socket.h> -#include <netinet/in.h> -#include <netinet/in_systm.h> -#include <netinet/ip.h> -#ifndef linux -#include <netinet/ip_var.h> -#endif -#include <netinet/tcp.h> -#include <arpa/inet.h> -#include "ipsend.h" - - -#ifndef __P -# ifdef __STDC__ -# define __P(x) x -# else -# define __P(x) () -# endif -#endif - - -struct ipopt_names ionames[] = { - { IPOPT_EOL, 0x01, 1, "eol" }, - { IPOPT_NOP, 0x02, 1, "nop" }, - { IPOPT_RR, 0x04, 3, "rr" }, /* 1 route */ - { IPOPT_TS, 0x08, 8, "ts" }, /* 1 TS */ - { IPOPT_SECURITY, 0x08, 11, "sec-level" }, - { IPOPT_LSRR, 0x10, 7, "lsrr" }, /* 1 route */ - { IPOPT_SATID, 0x20, 4, "satid" }, - { IPOPT_SSRR, 0x40, 7, "ssrr" }, /* 1 route */ - { 0, 0, 0, NULL } /* must be last */ -}; - -struct ipopt_names secnames[] = { - { IPOPT_SECUR_UNCLASS, 0x0100, 0, "unclass" }, - { IPOPT_SECUR_CONFID, 0x0200, 0, "confid" }, - { IPOPT_SECUR_EFTO, 0x0400, 0, "efto" }, - { IPOPT_SECUR_MMMM, 0x0800, 0, "mmmm" }, - { IPOPT_SECUR_RESTR, 0x1000, 0, "restr" }, - { IPOPT_SECUR_SECRET, 0x2000, 0, "secret" }, - { IPOPT_SECUR_TOPSECRET, 0x4000,0, "topsecret" }, - { 0, 0, 0, NULL } /* must be last */ -}; - - -u_short seclevel(slevel) -char *slevel; -{ - struct ipopt_names *so; - - for (so = secnames; so->on_name; so++) - if (!strcasecmp(slevel, so->on_name)) - break; - - if (!so->on_name) { - fprintf(stderr, "no such security level: %s\n", slevel); - return 0; - } - return so->on_value; -} - - -int addipopt(op, io, len, class) -char *op; -struct ipopt_names *io; -int len; -char *class; -{ - struct in_addr ipadr; - int olen = len, srr = 0; - u_short val; - u_char lvl; - char *s = op, *t; - - if ((len + io->on_siz) > 48) { - fprintf(stderr, "options too long\n"); - return 0; - } - len += io->on_siz; - *op++ = io->on_value; - if (io->on_siz > 1) { - /* - * Allow option to specify RR buffer length in bytes. - */ - if (io->on_value == IPOPT_RR) { - val = (class && *class) ? atoi(class) : 4; - *op++ = val + io->on_siz; - len += val; - } else - *op++ = io->on_siz; - *op++ = IPOPT_MINOFF; - - while (class && *class) { - t = NULL; - switch (io->on_value) - { - case IPOPT_SECURITY : - lvl = seclevel(class); - *(op - 1) = lvl; - break; - case IPOPT_LSRR : - case IPOPT_SSRR : - if ((t = strchr(class, ','))) - *t = '\0'; - ipadr.s_addr = inet_addr(class); - srr++; - bcopy((char *)&ipadr, op, sizeof(ipadr)); - op += sizeof(ipadr); - break; - case IPOPT_SATID : - val = atoi(class); - bcopy((char *)&val, op, 2); - break; - } - - if (t) - *t++ = ','; - class = t; - } - if (srr) - s[IPOPT_OLEN] = IPOPT_MINOFF - 1 + 4 * srr; - if (io->on_value == IPOPT_RR) - op += val; - else - op += io->on_siz - 3; - } - return len - olen; -} - - -u_32_t buildopts(cp, op, len) -char *cp, *op; -int len; -{ - struct ipopt_names *io; - u_32_t msk = 0; - char *s, *t; - int inc, lastop = -1; - - for (s = strtok(cp, ","); s; s = strtok(NULL, ",")) { - if ((t = strchr(s, '='))) - *t++ = '\0'; - for (io = ionames; io->on_name; io++) { - if (strcasecmp(s, io->on_name) || (msk & io->on_bit)) - continue; - lastop = io->on_value; - if ((inc = addipopt(op, io, len, t))) { - op += inc; - len += inc; - } - msk |= io->on_bit; - break; - } - if (!io->on_name) { - fprintf(stderr, "unknown IP option name %s\n", s); - return 0; - } - } - - if (len & 3) { - while (len & 3) { - *op++ = ((len & 3) == 3) ? IPOPT_EOL : IPOPT_NOP; - len++; - } - } else { - if (lastop != IPOPT_EOL) { - if (lastop == IPOPT_NOP) - *(op - 1) = IPOPT_EOL; - else { - *op++ = IPOPT_NOP; - *op++ = IPOPT_NOP; - *op++ = IPOPT_NOP; - *op = IPOPT_EOL; - len += 4; - } - } - } - return len; -} diff --git a/usr.sbin/ipsend/iptest/Makefile b/usr.sbin/ipsend/iptest/Makefile deleted file mode 100644 index 829a0ca4690..00000000000 --- a/usr.sbin/ipsend/iptest/Makefile +++ /dev/null @@ -1,11 +0,0 @@ -# $OpenBSD: Makefile,v 1.2 1998/01/26 04:17:08 dgregor Exp $ - -PROG= iptest -BINDIR= /usr/sbin -MAN= iptest.1 -SRCS= iptest.c iptests.c ip.c sbpf.c sock.c 44arp.c -CFLAGS+= -DDOSOCKET -I${.CURDIR}/../common -I${.CURDIR}/../../ipftest \ - -I${.CURDIR}/../../../sys/netinet -I${.CURDIR}/../../../sbin/ipf -.PATH: ${.CURDIR}/../common - -.include <bsd.prog.mk> diff --git a/usr.sbin/ipsend/iptest/iptest.1 b/usr.sbin/ipsend/iptest/iptest.1 deleted file mode 100644 index a92913d9c4f..00000000000 --- a/usr.sbin/ipsend/iptest/iptest.1 +++ /dev/null @@ -1,177 +0,0 @@ -.\" $OpenBSD: iptest.1,v 1.5 2000/04/12 21:47:53 aaron Exp $ -.Dd October 8, 1999 -.Dt IPTEST 1 -.Os -.Sh NAME -.Nm iptest -.Nd automatically generate packets to test IP functionality -.Sh SYNOPSIS -.Nm iptest -.Op Fl 1234567 -.Op Fl d Ar device -.Op Fl g Ar gateway -.Op Fl m Ar mtu -.Op Fl p Ar pointtest -.Op Fl s Ar src -.Ar destination -.Sh DESCRIPTION -.Nm -generates a series of IP packets to -.Ar destination -via -.Ar gateway -using the interface -.Ar device . -The packets generated test various aspects of IP functionality. -.Pp -By default all tests are done, using the interface -.Sq lan0 . -This interface does not normally exist on -.Ox -so an existing interface must be specified with the -.Fl d -option. -To limit the tests to a single group or to a single test within a group the -.Fl 1234567 -and -.Fl p -options are available. It is not possible to specify more than one -test group or point test at a time. -.Pp -.Nm -must be run as root. -.Ss Options -.Bl -tag -width "-r " -.It Fl 1 -IP header tests. This group of tests generates packets with the IP -header fields set to invalid values given other packet characteristics. -The point tests are: -.Pp -.Bl -tag -width "10 " -compact -offset indent -.It 1 -ip_hl < ip_len -.It 2 -ip_hl > ip_len -.It 3 -ip_v < 4 -.It 4 -ip_v > 4 -.It 5 -ip_len < packetsize, long packets -.It 6 -ip_len > packet size, short packets -.It 7 -Zero length fragments -.It 8 -packet > 64k after reassembly -.It 9 -IP offset with MSB set -.It 10 -ttl variations -.El -.It Fl 2 -IP options tests. This group of tests generates packets with the IP -options constructed with invalid values given other packet characteristics. -The point tests are: -.Pp -.Bl -tag -compact -width "1 " -offset indent -.It 1 -option length > packet length -.It 2 -option length = 0 -.El -.It Fl 3 -ICMP tests. This group of tests generates packets with the ICMP -header fields set to non-standard values. -The point tests are: -.Pp -.Bl -tag -compact -width "1 " -offset indent -.It 1 -ICMP types 0-31 & 255 -.It 2 -type 3 & codes 0-31 -.It 3 -type 4 & codes 0, 127, 128, 255 -.It 4 -type 5 & codes 0, 127, 128, 255 -.It 5 -types 8-10, 13-18 with codes 0, 127, 128 and 255 -.It 6 -type 12 & codes 0, 127, 128, 129, 255 -.It 7 -type 3 & codes 9-10, 13-14 and 17-18 - shortened packets -.El -.It Fl 4 -UDP tests. This group of tests generates packets with the UDP -header fields set to non-standard values. The point tests are: -.Pp -.Bl -tag -width "1 " -compact -offset indent -.It 1 -UDP length > packet size -.It 2 -UDP length < packetsize -.It 3 -sport = 0, 1, 32767, 32768, 65535 -.It 4 -dport = 0, 1, 32767, 32768, 65535 -.It 5 -sizeof(struct ip) <= MTU <= sizeof(struct udphdr) + sizeof(struct ip) -.El -.It Fl 5 -TCP tests. This group of tests generates packets with the TCP -header fields set to non-standard values. The point tests are: -.Pp -.Bl -tag -width "1 " -compact -offset indent -.It 1 -TCP flags variations, all combinations -.It 2 -seq = 0, 0x7fffffff, 0x8000000, 0xa0000000, 0xffffffff -.It 3 -ack = 0, 0x7fffffff, 0x8000000, 0xa0000000, 0xffffffff -.It 4 -SYN packet with window of 0, 32768, 65535 -.It 5 -set urgent pointer to 1, 0x7fff, 0x8000, 0xffff -.It 6 -data offset -.It 7 -sport = 0, 1, 32767, 32768, 65535 -.It 8 -dport = 0, 1, 32767, 32768, 65535 -.El -.It Fl 6 -Overlapping fragments test. This test generates a large number of fragments in -an attempt to exhaust the network buffers used for holding packets for later -reassembly. -.Pp -WARNING: this may crash or cause serious performance degradation -to the target host. -.It Fl 7 -Random packets. This test generates 1024 random IP packets with only -the IP version, checksum, length and IP offset field correct. -.It Fl d Ar device -Set the interface name to be the name supplied. -.It Fl g Ar gateway -Specify the hostname of the gateway through which to route packets. This -is required whenever the destination host isn't directly attached to the -same network as the host from which you're sending. -.It Fl m Ar mtu -Set the MTU used when sending out packets to -.Ar mtu . -This option lets you -set a fake MTU, allowing the simulation of network interfaces with small -MTU's. -.It Fl p Ar pointtest -Run point test -.Ar pointtest -of the test group. -.It Fl s Ar src -Specify the source address of the IP packets as -.Ar src -.El -.Sh SEE ALSO -.Xr ipsend 1 , -.Xr ipresend 1 , -.Xr bpf 4 -.Sh BUGS -If you find any, please send email to me at darrenr@cyber.com.au diff --git a/usr.sbin/ipsend/iptest/iptest.c b/usr.sbin/ipsend/iptest/iptest.c deleted file mode 100644 index 4130925e6d4..00000000000 --- a/usr.sbin/ipsend/iptest/iptest.c +++ /dev/null @@ -1,227 +0,0 @@ -/* $OpenBSD: iptest.c,v 1.6 2001/01/17 06:11:15 fgsch Exp $ */ - -/* - * ipsend.c (C) 1995-1998 Darren Reed - * - * This was written to test what size TCP fragments would get through - * various TCP/IP packet filters, as used in IP firewalls. In certain - * conditions, enough of the TCP header is missing for unpredictable - * results unless the filter is aware that this can happen. - * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. - */ -#if !defined(lint) -static const char sccsid[] = "%W% %G% (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)$IPFilter: iptest.c,v 2.2 1999/12/04 03:37:05 darrenr Exp $"; -#endif -#include <stdio.h> -#include <netdb.h> -#include <unistd.h> -#include <stdlib.h> -#include <string.h> -#include <sys/param.h> -#include <sys/types.h> -#include <sys/time.h> -#include <sys/socket.h> -#include <netinet/in.h> -#include <arpa/inet.h> -#include <netinet/in_systm.h> -#include <netinet/ip.h> -#include <netinet/tcp.h> -#include <netinet/udp.h> -#include <netinet/ip_icmp.h> -#ifndef linux -#include <netinet/ip_var.h> -#endif -#ifdef linux -#include <linux/sockios.h> -#endif -#include "ipsend.h" - - -extern char *optarg; -extern int optind; - -char options[68]; -#ifdef linux -char default_device[] = "eth0"; -#else -# ifdef sun -char default_device[] = "le0"; -# else -# ifdef ultrix -char default_device[] = "ln0"; -# else -# ifdef __bsdi__ -char default_device[] = "ef0"; -# else -# ifdef __sgi -char default_device[] = "ec0"; -# else -char default_device[] = "lan0"; -# endif -# endif -# endif -# endif -#endif - -static void usage __P((char *)); -int main __P((int, char **)); - - -static void usage(prog) -char *prog; -{ - fprintf(stderr, "Usage: %s [options] dest\n\ -\toptions:\n\ -\t\t-d device\tSend out on this device\n\ -\t\t-g gateway\tIP gateway to use if non-local dest.\n\ -\t\t-m mtu\t\tfake MTU to use when sending out\n\ -\t\t-p pointtest\t\n\ -\t\t-s src\t\tsource address for IP packet\n\ -\t\t-1 \t\tPerform test 1 (IP header)\n\ -\t\t-2 \t\tPerform test 2 (IP options)\n\ -\t\t-3 \t\tPerform test 3 (ICMP)\n\ -\t\t-4 \t\tPerform test 4 (UDP)\n\ -\t\t-5 \t\tPerform test 5 (TCP)\n\ -\t\t-6 \t\tPerform test 6 (overlapping fragments)\n\ -\t\t-7 \t\tPerform test 7 (random packets)\n\ -", prog); - exit(1); -} - - -int main(argc, argv) -int argc; -char **argv; -{ - struct tcpiphdr *ti; - struct in_addr gwip; - ip_t *ip; - char *name = argv[0], host[MAXHOSTNAMELEN + 1]; - char *gateway = NULL, *dev = NULL; - char *src = NULL, *dst; - int mtu = 1500, tests = 0, pointtest = 0, c; - - /* - * 65535 is maximum packet size...you never know... - */ - ip = (ip_t *)calloc(1, 65536); - ti = (struct tcpiphdr *)ip; - ip->ip_len = sizeof(*ip); - ip->ip_hl = sizeof(*ip) >> 2; - - while ((c = getopt(argc, argv, "1234567d:g:m:p:s:")) != -1) - switch (c) - { - case '1' : - case '2' : - case '3' : - case '4' : - case '5' : - case '6' : - case '7' : - tests = c - '0'; - break; - case 'd' : - dev = optarg; - break; - case 'g' : - gateway = optarg; - break; - case 'm' : - mtu = atoi(optarg); - if (mtu < 28) - { - fprintf(stderr, "mtu must be > 28\n"); - exit(1); - } - break; - case 'p' : - pointtest = atoi(optarg); - break; - case 's' : - src = optarg; - break; - default : - fprintf(stderr, "Unknown option \"%c\"\n", c); - usage(name); - } - - if ((argc <= optind) || !argv[optind]) - usage(name); - dst = argv[optind++]; - - if (!src) - { - gethostname(host, sizeof(host)); - host[sizeof(host) - 1] = '\0'; - src = host; - } - - if (resolve(dst, (char *)&ip->ip_dst) == -1) - { - fprintf(stderr,"Cant resolve %s\n", dst); - exit(2); - } - - if (resolve(src, (char *)&ip->ip_src) == -1) - { - fprintf(stderr,"Cant resolve %s\n", src); - exit(2); - } - - if (!gateway) - gwip = ip->ip_dst; - else if (resolve(gateway, (char *)&gwip) == -1) - { - fprintf(stderr,"Cant resolve %s\n", gateway); - exit(2); - } - - - if (!dev) - dev = default_device; - printf("Device: %s\n", dev); - printf("Source: %s\n", inet_ntoa(ip->ip_src)); - printf("Dest: %s\n", inet_ntoa(ip->ip_dst)); - printf("Gateway: %s\n", inet_ntoa(gwip)); - printf("mtu: %d\n", mtu); - - switch (tests) - { - case 1 : - ip_test1(dev, mtu, (ip_t *)ti, gwip, pointtest); - break; - case 2 : - ip_test2(dev, mtu, (ip_t *)ti, gwip, pointtest); - break; - case 3 : - ip_test3(dev, mtu, (ip_t *)ti, gwip, pointtest); - break; - case 4 : - ip_test4(dev, mtu, (ip_t *)ti, gwip, pointtest); - break; - case 5 : - ip_test5(dev, mtu, (ip_t *)ti, gwip, pointtest); - break; - case 6 : - ip_test6(dev, mtu, (ip_t *)ti, gwip, pointtest); - break; - case 7 : - ip_test7(dev, mtu, (ip_t *)ti, gwip, pointtest); - break; - default : - ip_test1(dev, mtu, (ip_t *)ti, gwip, pointtest); - ip_test2(dev, mtu, (ip_t *)ti, gwip, pointtest); - ip_test3(dev, mtu, (ip_t *)ti, gwip, pointtest); - ip_test4(dev, mtu, (ip_t *)ti, gwip, pointtest); - ip_test5(dev, mtu, (ip_t *)ti, gwip, pointtest); - ip_test6(dev, mtu, (ip_t *)ti, gwip, pointtest); - ip_test7(dev, mtu, (ip_t *)ti, gwip, pointtest); - break; - } - return 0; -} diff --git a/usr.sbin/ipsend/iptest/iptests.c b/usr.sbin/ipsend/iptest/iptests.c deleted file mode 100644 index 5148ca1a6c3..00000000000 --- a/usr.sbin/ipsend/iptest/iptests.c +++ /dev/null @@ -1,1341 +0,0 @@ -/* $OpenBSD: iptests.c,v 1.3 2001/01/17 06:01:27 fgsch Exp $ */ - -/* - * Copyright (C) 1993-1998 by Darren Reed. - * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and due credit is given - * to the original author and the contributors. - */ -#if !defined(lint) -static const char sccsid[] = "%W% %G% (C)1995 Darren Reed"; -static const char rcsid[] = "@(#)$IPFilter: iptests.c,v 2.1 1999/08/04 17:31:09 darrenr Exp $"; -#endif -#include <stdio.h> -#include <unistd.h> -#include <stdlib.h> -#include <string.h> -#include <sys/types.h> -#include <sys/time.h> -#include <sys/param.h> -#define _KERNEL -#define KERNEL -#if !defined(solaris) && !defined(linux) && !defined(__sgi) -# include <sys/file.h> -#else -# ifdef solaris -# include <sys/dditypes.h> -# endif -#endif -#undef _KERNEL -#undef KERNEL -#if !defined(solaris) && !defined(linux) && !defined(__sgi) -# include <nlist.h> -# include <sys/user.h> -# include <sys/proc.h> -#endif -#if !defined(ultrix) && !defined(hpux) && !defined(linux) && !defined(__sgi) -# include <kvm.h> -#endif -#ifndef ultrix -# include <sys/socket.h> -#endif -#if defined(solaris) -# include <sys/stream.h> -#endif -#include <sys/socketvar.h> -#ifdef sun -#include <sys/systm.h> -#include <sys/session.h> -#endif -#if BSD >= 199103 -# include <sys/sysctl.h> -# include <sys/filedesc.h> -# include <paths.h> -#endif -#include <netinet/in_systm.h> -#include <sys/socket.h> -#include <net/if.h> -#if defined(linux) && (LINUX >= 0200) -# include <asm/atomic.h> -#endif -#if !defined(linux) -# include <net/route.h> -#else -# define __KERNEL__ /* because there's a macro not wrapped by this */ -# include <net/route.h> /* in this file :-/ */ -#endif -#include <netinet/in.h> -#include <arpa/inet.h> -#include <netinet/ip.h> -#include <netinet/tcp.h> -#include <netinet/udp.h> -#include <netinet/ip_icmp.h> -#ifndef linux -# include <netinet/ip_var.h> -# include <netinet/in_pcb.h> -# include <netinet/tcp_timer.h> -# include <netinet/tcp_var.h> -#endif -#if defined(__SVR4) || defined(__svr4__) || defined(__sgi) -# include <sys/sysmacros.h> -#endif -#include "ipsend.h" - - -#define PAUSE() tv.tv_sec = 0; tv.tv_usec = 10000; \ - (void) select(0, NULL, NULL, NULL, &tv) - - -void ip_test1(dev, mtu, ip, gwip, ptest) -char *dev; -int mtu; -ip_t *ip; -struct in_addr gwip; -int ptest; -{ - struct timeval tv; - udphdr_t *u; - int nfd, i = 0, len, id = getpid(); - - ip->ip_hl = sizeof(*ip) >> 2; - ip->ip_v = IPVERSION; - ip->ip_tos = 0; - ip->ip_off = 0; - ip->ip_ttl = 60; - ip->ip_p = IPPROTO_UDP; - ip->ip_sum = 0; - u = (udphdr_t *)(ip + 1); - u->uh_sport = htons(1); - u->uh_dport = htons(9); - u->uh_sum = 0; - u->uh_ulen = htons(sizeof(*u) + 4); - ip->ip_len = sizeof(*ip) + ntohs(u->uh_ulen); - len = ip->ip_len; - nfd = initdevice(dev, u->uh_sport, 1); - - if (!ptest || (ptest == 1)) { - /* - * Part1: hl < len - */ - ip->ip_id = 0; - printf("1.1. sending packets with ip_hl < ip_len\n"); - for (i = 0; i < ((sizeof(*ip) + ntohs(u->uh_ulen)) >> 2); i++) { - ip->ip_hl = i >> 2; - (void) send_ip(nfd, 1500, ip, gwip, 1); - printf("%d\r", i); - fflush(stdout); - PAUSE(); - } - putchar('\n'); - } - - if (!ptest || (ptest == 2)) { - /* - * Part2: hl > len - */ - ip->ip_id = 0; - printf("1.2. sending packets with ip_hl > ip_len\n"); - for (; i < ((sizeof(*ip) * 2 + ntohs(u->uh_ulen)) >> 2); i++) { - ip->ip_hl = i >> 2; - (void) send_ip(nfd, 1500, ip, gwip, 1); - printf("%d\r", i); - fflush(stdout); - PAUSE(); - } - putchar('\n'); - } - - if (!ptest || (ptest == 3)) { - /* - * Part3: v < 4 - */ - ip->ip_id = 0; - printf("1.3. ip_v < 4\n"); - ip->ip_hl = sizeof(*ip) >> 2; - for (i = 0; i < 4; i++) { - ip->ip_v = i; - (void) send_ip(nfd, 1500, ip, gwip, 1); - printf("%d\r", i); - fflush(stdout); - PAUSE(); - } - putchar('\n'); - } - - if (!ptest || (ptest == 4)) { - /* - * Part4: v > 4 - */ - ip->ip_id = 0; - printf("1.4. ip_v > 4\n"); - for (i = 5; i < 16; i++) { - ip->ip_v = i; - (void) send_ip(nfd, 1500, ip, gwip, 1); - printf("%d\r", i); - fflush(stdout); - PAUSE(); - } - putchar('\n'); - } - - if (!ptest || (ptest == 5)) { - /* - * Part5: len < packet - */ - ip->ip_id = 0; - ip->ip_v = IPVERSION; - i = ip->ip_len + 1; - printf("1.5.0 ip_len < packet size (size++, long packets)\n"); - for (; i < (ip->ip_len * 2); i++) { - ip->ip_id = htons(id++); - ip->ip_sum = 0; - ip->ip_sum = chksum((u_short *)ip, ip->ip_hl << 2); - (void) send_ether(nfd, (char *)ip, i, gwip); - printf("%d\r", i); - fflush(stdout); - PAUSE(); - } - putchar('\n'); - printf("1.5.1 ip_len < packet size (ip_len-, short packets)\n"); - for (i = len; i > 0; i--) { - ip->ip_id = htons(id++); - ip->ip_len = i; - ip->ip_sum = 0; - ip->ip_sum = chksum((u_short *)ip, ip->ip_hl << 2); - (void) send_ether(nfd, (char *)ip, len, gwip); - printf("%d\r", i); - fflush(stdout); - PAUSE(); - } - putchar('\n'); - } - - if (!ptest || (ptest == 6)) { - /* - * Part6: len > packet - */ - ip->ip_id = 0; - printf("1.6.0 ip_len > packet size (increase ip_len)\n"); - for (i = len + 1; i < (len * 2); i++) { - ip->ip_id = htons(id++); - ip->ip_len = i; - ip->ip_sum = 0; - ip->ip_sum = chksum((u_short *)ip, ip->ip_hl << 2); - (void) send_ether(nfd, (char *)ip, len, gwip); - printf("%d\r", i); - fflush(stdout); - PAUSE(); - } - putchar('\n'); - ip->ip_len = len; - printf("1.6.1 ip_len > packet size (size--, short packets)\n"); - for (i = len; i > 0; i--) { - ip->ip_id = htons(id++); - ip->ip_sum = 0; - ip->ip_sum = chksum((u_short *)ip, ip->ip_hl << 2); - (void) send_ether(nfd, (char *)ip, i, gwip); - printf("%d\r", i); - fflush(stdout); - PAUSE(); - } - putchar('\n'); - } - - if (!ptest || (ptest == 7)) { - /* - * Part7: 0 length fragment - */ - printf("1.7.0 Zero length fragments (ip_off = 0x2000)\n"); - ip->ip_id = 0; - ip->ip_len = sizeof(*ip); - ip->ip_off = htons(IP_MF); - (void) send_ip(nfd, mtu, ip, gwip, 1); - fflush(stdout); - PAUSE(); - - printf("1.7.1 Zero length fragments (ip_off = 0x3000)\n"); - ip->ip_id = 0; - ip->ip_len = sizeof(*ip); - ip->ip_off = htons(IP_MF); - (void) send_ip(nfd, mtu, ip, gwip, 1); - fflush(stdout); - PAUSE(); - - printf("1.7.2 Zero length fragments (ip_off = 0xa000)\n"); - ip->ip_id = 0; - ip->ip_len = sizeof(*ip); - ip->ip_off = htons(0xa000); - (void) send_ip(nfd, mtu, ip, gwip, 1); - fflush(stdout); - PAUSE(); - - printf("1.7.3 Zero length fragments (ip_off = 0x0100)\n"); - ip->ip_id = 0; - ip->ip_len = sizeof(*ip); - ip->ip_off = htons(0x0100); - (void) send_ip(nfd, mtu, ip, gwip, 1); - fflush(stdout); - PAUSE(); - } - - if (!ptest || (ptest == 8)) { - struct timeval tv; - - gettimeofday(&tv, NULL); - srand(tv.tv_sec ^ getpid() ^ tv.tv_usec); - /* - * Part8.1: 63k packet + 1k fragment at offset 0x1ffe - * Mark it as being ICMP (so it doesn't get junked), but - * don't bother about the ICMP header, we're not worrying - * about that here. - */ - ip->ip_p = IPPROTO_ICMP; - ip->ip_off = htons(IP_MF); - u->uh_dport = htons(9); - ip->ip_id = htons(id++); - printf("1.8.1 63k packet + 1k fragment at offset 0x1ffe\n"); - ip->ip_len = 768 + 20 + 8; - (void) send_ip(nfd, mtu, ip, gwip, 1); - printf("%d\r", i); - - ip->ip_len = MIN(768 + 20, mtu - 68); - i = 512; - for (; i < (63 * 1024 + 768); i += 768) { - ip->ip_off = htons(IP_MF | (i >> 3)); - (void) send_ip(nfd, mtu, ip, gwip, 1); - printf("%d\r", i); - fflush(stdout); - PAUSE(); - } - ip->ip_len = 896 + 20; - ip->ip_off = htons(i >> 3); - (void) send_ip(nfd, mtu, ip, gwip, 1); - printf("%d\r", i); - putchar('\n'); - fflush(stdout); - - /* - * Part8.2: 63k packet + 1k fragment at offset 0x1ffe - * Mark it as being ICMP (so it doesn't get junked), but - * don't bother about the ICMP header, we're not worrying - * about that here. (Lossage here) - */ - ip->ip_p = IPPROTO_ICMP; - ip->ip_off = htons(IP_MF); - u->uh_dport = htons(9); - ip->ip_id = htons(id++); - printf("1.8.2 63k packet + 1k fragment at offset 0x1ffe\n"); - ip->ip_len = 768 + 20 + 8; - if ((rand() & 0x1f) != 0) { - (void) send_ip(nfd, mtu, ip, gwip, 1); - printf("%d\r", i); - } else - printf("skip 0\n"); - - ip->ip_len = MIN(768 + 20, mtu - 68); - i = 512; - for (; i < (63 * 1024 + 768); i += 768) { - ip->ip_off = htons(IP_MF | (i >> 3)); - if ((rand() & 0x1f) != 0) { - (void) send_ip(nfd, mtu, ip, gwip, 1); - printf("%d\r", i); - } else - printf("skip %d\n", i); - fflush(stdout); - PAUSE(); - } - ip->ip_len = 896 + 20; - ip->ip_off = htons(i >> 3); - if ((rand() & 0x1f) != 0) { - (void) send_ip(nfd, mtu, ip, gwip, 1); - printf("%d\r", i); - } else - printf("skip\n"); - putchar('\n'); - fflush(stdout); - - /* - * Part8.3: 33k packet - test for not dealing with -ve length - * Mark it as being ICMP (so it doesn't get junked), but - * don't bother about the ICMP header, we're not worrying - * about that here. - */ - ip->ip_p = IPPROTO_ICMP; - ip->ip_off = htons(IP_MF); - u->uh_dport = htons(9); - ip->ip_id = htons(id++); - printf("1.8.3 33k packet\n"); - ip->ip_len = 768 + 20 + 8; - (void) send_ip(nfd, mtu, ip, gwip, 1); - printf("%d\r", i); - - ip->ip_len = MIN(768 + 20, mtu - 68); - i = 512; - for (; i < (32 * 1024 + 768); i += 768) { - ip->ip_off = htons(IP_MF | (i >> 3)); - (void) send_ip(nfd, mtu, ip, gwip, 1); - printf("%d\r", i); - fflush(stdout); - PAUSE(); - } - ip->ip_len = 896 + 20; - ip->ip_off = htons(i >> 3); - (void) send_ip(nfd, mtu, ip, gwip, 1); - printf("%d\r", i); - putchar('\n'); - fflush(stdout); - } - - ip->ip_len = len; - ip->ip_off = 0; - if (!ptest || (ptest == 9)) { - /* - * Part9: off & 0x8000 == 0x8000 - */ - ip->ip_id = 0; - ip->ip_off = htons(0x8000); - printf("1.9. ip_off & 0x8000 == 0x8000\n"); - (void) send_ip(nfd, mtu, ip, gwip, 1); - fflush(stdout); - PAUSE(); - } - - ip->ip_off = 0; - - if (!ptest || (ptest == 10)) { - /* - * Part10: ttl = 255 - */ - ip->ip_id = 0; - ip->ip_ttl = 255; - printf("1.10.0 ip_ttl = 255\n"); - (void) send_ip(nfd, mtu, ip, gwip, 1); - fflush(stdout); - PAUSE(); - - ip->ip_ttl = 128; - printf("1.10.1 ip_ttl = 128\n"); - (void) send_ip(nfd, mtu, ip, gwip, 1); - fflush(stdout); - PAUSE(); - - ip->ip_ttl = 0; - printf("1.10.2 ip_ttl = 0\n"); - (void) send_ip(nfd, mtu, ip, gwip, 1); - fflush(stdout); - PAUSE(); - } - - (void) close(nfd); -} - - -void ip_test2(dev, mtu, ip, gwip, ptest) -char *dev; -int mtu; -ip_t *ip; -struct in_addr gwip; -int ptest; -{ - struct timeval tv; - int nfd; - u_char *s; - - s = (u_char *)(ip + 1); - nfd = initdevice(dev, htons(1), 1); - - ip->ip_hl = 6; - ip->ip_len = ip->ip_hl << 2; - s[IPOPT_OPTVAL] = IPOPT_NOP; - s++; - if (!ptest || (ptest == 1)) { - /* - * Test 1: option length > packet length, - * header length == packet length - */ - s[IPOPT_OPTVAL] = IPOPT_TS; - s[IPOPT_OLEN] = 4; - s[IPOPT_OFFSET] = IPOPT_MINOFF; - ip->ip_p = IPPROTO_IP; - printf("2.1 option length > packet length\n"); - (void) send_ip(nfd, mtu, ip, gwip, 1); - fflush(stdout); - PAUSE(); - } - - ip->ip_hl = 7; - ip->ip_len = ip->ip_hl << 2; - if (!ptest || (ptest == 1)) { - /* - * Test 2: options have length = 0 - */ - printf("2.2.1 option length = 0, RR\n"); - s[IPOPT_OPTVAL] = IPOPT_RR; - s[IPOPT_OLEN] = 0; - (void) send_ip(nfd, mtu, ip, gwip, 1); - fflush(stdout); - PAUSE(); - - printf("2.2.2 option length = 0, TS\n"); - s[IPOPT_OPTVAL] = IPOPT_TS; - s[IPOPT_OLEN] = 0; - (void) send_ip(nfd, mtu, ip, gwip, 1); - fflush(stdout); - PAUSE(); - - printf("2.2.3 option length = 0, SECURITY\n"); - s[IPOPT_OPTVAL] = IPOPT_SECURITY; - s[IPOPT_OLEN] = 0; - (void) send_ip(nfd, mtu, ip, gwip, 1); - fflush(stdout); - PAUSE(); - - printf("2.2.4 option length = 0, LSRR\n"); - s[IPOPT_OPTVAL] = IPOPT_LSRR; - s[IPOPT_OLEN] = 0; - (void) send_ip(nfd, mtu, ip, gwip, 1); - fflush(stdout); - PAUSE(); - - printf("2.2.5 option length = 0, SATID\n"); - s[IPOPT_OPTVAL] = IPOPT_SATID; - s[IPOPT_OLEN] = 0; - (void) send_ip(nfd, mtu, ip, gwip, 1); - fflush(stdout); - PAUSE(); - - printf("2.2.6 option length = 0, SSRR\n"); - s[IPOPT_OPTVAL] = IPOPT_SSRR; - s[IPOPT_OLEN] = 0; - (void) send_ip(nfd, mtu, ip, gwip, 1); - fflush(stdout); - PAUSE(); - } - - (void) close(nfd); -} - - -/* - * test 3 (ICMP) - */ -void ip_test3(dev, mtu, ip, gwip, ptest) -char *dev; -int mtu; -ip_t *ip; -struct in_addr gwip; -int ptest; -{ - static int ict1[10] = { 8, 9, 10, 13, 14, 15, 16, 17, 18, 0 }; - static int ict2[8] = { 3, 9, 10, 13, 14, 17, 18, 0 }; - struct timeval tv; - struct icmp *icp; - int nfd, i; - - ip->ip_hl = sizeof(*ip) >> 2; - ip->ip_v = IPVERSION; - ip->ip_tos = 0; - ip->ip_off = 0; - ip->ip_ttl = 60; - ip->ip_p = IPPROTO_ICMP; - ip->ip_sum = 0; - ip->ip_len = sizeof(*ip) + sizeof(*icp); - icp = (struct icmp *)((char *)ip + (ip->ip_hl << 2)); - nfd = initdevice(dev, htons(1), 1); - - if (!ptest || (ptest == 1)) { - /* - * Type 0 - 31, 255, code = 0 - */ - bzero((char *)icp, sizeof(*icp)); - for (i = 0; i < 32; i++) { - icp->icmp_type = i; - (void) send_icmp(nfd, mtu, ip, gwip); - PAUSE(); - printf("3.1.%d ICMP type %d code 0 (all 0's)\r", i, i); - } - icp->icmp_type = 255; - (void) send_icmp(nfd, mtu, ip, gwip); - PAUSE(); - printf("3.1.%d ICMP type %d code 0 (all 0's)\r", i, 255); - putchar('\n'); - } - - if (!ptest || (ptest == 2)) { - /* - * Type 3, code = 0 - 31 - */ - icp->icmp_type = 3; - for (i = 0; i < 32; i++) { - icp->icmp_code = i; - (void) send_icmp(nfd, mtu, ip, gwip); - PAUSE(); - printf("3.2.%d ICMP type 3 code %d (all 0's)\r", i, i); - } - } - - if (!ptest || (ptest == 3)) { - /* - * Type 4, code = 0,127,128,255 - */ - icp->icmp_type = 4; - icp->icmp_code = 0; - (void) send_icmp(nfd, mtu, ip, gwip); - PAUSE(); - printf("3.3.1 ICMP type 4 code 0 (all 0's)\r"); - icp->icmp_code = 127; - (void) send_icmp(nfd, mtu, ip, gwip); - PAUSE(); - printf("3.3.2 ICMP type 4 code 127 (all 0's)\r"); - icp->icmp_code = 128; - (void) send_icmp(nfd, mtu, ip, gwip); - PAUSE(); - printf("3.3.3 ICMP type 4 code 128 (all 0's)\r"); - icp->icmp_code = 255; - (void) send_icmp(nfd, mtu, ip, gwip); - PAUSE(); - printf("3.3.4 ICMP type 4 code 255 (all 0's)\r"); - } - - if (!ptest || (ptest == 4)) { - /* - * Type 5, code = 0,127,128,255 - */ - icp->icmp_type = 5; - icp->icmp_code = 0; - (void) send_icmp(nfd, mtu, ip, gwip); - PAUSE(); - printf("3.4.1 ICMP type 5 code 0 (all 0's)\r"); - icp->icmp_code = 127; - (void) send_icmp(nfd, mtu, ip, gwip); - PAUSE(); - printf("3.4.2 ICMP type 5 code 127 (all 0's)\r"); - icp->icmp_code = 128; - (void) send_icmp(nfd, mtu, ip, gwip); - PAUSE(); - printf("3.4.3 ICMP type 5 code 128 (all 0's)\r"); - icp->icmp_code = 255; - (void) send_icmp(nfd, mtu, ip, gwip); - PAUSE(); - printf("3.4.4 ICMP type 5 code 255 (all 0's)\r"); - } - - if (!ptest || (ptest == 5)) { - /* - * Type 8-10;13-18, code - 0,127,128,255 - */ - for (i = 0; ict1[i]; i++) { - icp->icmp_type = ict1[i]; - icp->icmp_code = 0; - (void) send_icmp(nfd, mtu, ip, gwip); - PAUSE(); - printf("3.5.%d ICMP type 5 code 0 (all 0's)\r", - i * 4); - icp->icmp_code = 127; - (void) send_icmp(nfd, mtu, ip, gwip); - PAUSE(); - printf("3.5.%d ICMP type 5 code 127 (all 0's)\r", - i * 4 + 1); - icp->icmp_code = 128; - (void) send_icmp(nfd, mtu, ip, gwip); - PAUSE(); - printf("3.5.%d ICMP type 5 code 128 (all 0's)\r", - i * 4 + 2); - icp->icmp_code = 255; - (void) send_icmp(nfd, mtu, ip, gwip); - PAUSE(); - printf("3.5.%d ICMP type 5 code 255 (all 0's)\r", - i * 4 + 3); - } - putchar('\n'); - } - - if (!ptest || (ptest == 6)) { - /* - * Type 12, code - 0,127,128,129,255 - */ - icp->icmp_type = 12; - icp->icmp_code = 0; - (void) send_icmp(nfd, mtu, ip, gwip); - PAUSE(); - printf("3.6.1 ICMP type 12 code 0 (all 0's)\r"); - icp->icmp_code = 127; - (void) send_icmp(nfd, mtu, ip, gwip); - PAUSE(); - printf("3.6.2 ICMP type 12 code 127 (all 0's)\r"); - icp->icmp_code = 128; - (void) send_icmp(nfd, mtu, ip, gwip); - PAUSE(); - printf("3.6.3 ICMP type 12 code 128 (all 0's)\r"); - icp->icmp_code = 129; - (void) send_icmp(nfd, mtu, ip, gwip); - PAUSE(); - printf("3.6.4 ICMP type 12 code 129 (all 0's)\r"); - icp->icmp_code = 255; - (void) send_icmp(nfd, mtu, ip, gwip); - PAUSE(); - printf("3.6.5 ICMP type 12 code 255 (all 0's)\r"); - putchar('\n'); - } - - if (!ptest || (ptest == 7)) { - /* - * Type 3;9-10;13-14;17-18 - shorter packets - */ - ip->ip_len = sizeof(*ip) + sizeof(*icp) / 2; - for (i = 0; ict2[i]; i++) { - icp->icmp_type = ict1[i]; - icp->icmp_code = 0; - (void) send_icmp(nfd, mtu, ip, gwip); - PAUSE(); - printf("3.5.%d ICMP type %d code 0 (all 0's)\r", - i * 4, icp->icmp_type); - icp->icmp_code = 127; - (void) send_icmp(nfd, mtu, ip, gwip); - PAUSE(); - printf("3.5.%d ICMP type %d code 127 (all 0's)\r", - i * 4 + 1, icp->icmp_type); - icp->icmp_code = 128; - (void) send_icmp(nfd, mtu, ip, gwip); - PAUSE(); - printf("3.5.%d ICMP type %d code 128 (all 0's)\r", - i * 4 + 2, icp->icmp_type); - icp->icmp_code = 255; - (void) send_icmp(nfd, mtu, ip, gwip); - PAUSE(); - printf("3.5.%d ICMP type %d code 127 (all 0's)\r", - i * 4 + 3, icp->icmp_type); - } - putchar('\n'); - } -} - - -/* Perform test 4 (UDP) */ - -void ip_test4(dev, mtu, ip, gwip, ptest) -char *dev; -int mtu; -ip_t *ip; -struct in_addr gwip; -int ptest; -{ - struct timeval tv; - udphdr_t *u; - int nfd, i; - - - ip->ip_hl = sizeof(*ip) >> 2; - ip->ip_v = IPVERSION; - ip->ip_tos = 0; - ip->ip_off = 0; - ip->ip_ttl = 60; - ip->ip_p = IPPROTO_UDP; - ip->ip_sum = 0; - u = (udphdr_t *)((char *)ip + (ip->ip_hl << 2)); - u->uh_sport = htons(1); - u->uh_dport = htons(1); - u->uh_ulen = htons(sizeof(*u) + 4); - nfd = initdevice(dev, u->uh_sport, 1); - - if (!ptest || (ptest == 1)) { - /* - * Test 1. ulen > packet - */ - u->uh_ulen = htons(sizeof(*u) + 4); - ip->ip_len = (ip->ip_hl << 2) + ntohs(u->uh_ulen); - printf("4.1 UDP uh_ulen > packet size - short packets\n"); - for (i = ntohs(u->uh_ulen) * 2; i > sizeof(*u) + 4; i--) { - u->uh_ulen = htons(i); - (void) send_udp(nfd, 1500, ip, gwip); - printf("%d\r", i); - fflush(stdout); - PAUSE(); - } - putchar('\n'); - } - - if (!ptest || (ptest == 2)) { - /* - * Test 2. ulen < packet - */ - u->uh_ulen = htons(sizeof(*u) + 4); - ip->ip_len = (ip->ip_hl << 2) + ntohs(u->uh_ulen); - printf("4.2 UDP uh_ulen < packet size - short packets\n"); - for (i = ntohs(u->uh_ulen) * 2; i > sizeof(*u) + 4; i--) { - ip->ip_len = i; - (void) send_udp(nfd, 1500, ip, gwip); - printf("%d\r", i); - fflush(stdout); - PAUSE(); - } - putchar('\n'); - } - - if (!ptest || (ptest == 3)) { - /* - * Test 3: sport = 0, sport = 1, sport = 32767 - * sport = 32768, sport = 65535 - */ - u->uh_ulen = sizeof(*u) + 4; - ip->ip_len = (ip->ip_hl << 2) + ntohs(u->uh_ulen); - printf("4.3.1 UDP sport = 0\n"); - u->uh_sport = 0; - (void) send_udp(nfd, 1500, ip, gwip); - printf("0\n"); - fflush(stdout); - PAUSE(); - printf("4.3.2 UDP sport = 1\n"); - u->uh_sport = htons(1); - (void) send_udp(nfd, 1500, ip, gwip); - printf("1\n"); - fflush(stdout); - PAUSE(); - printf("4.3.3 UDP sport = 32767\n"); - u->uh_sport = htons(32767); - (void) send_udp(nfd, 1500, ip, gwip); - printf("32767\n"); - fflush(stdout); - PAUSE(); - printf("4.3.4 UDP sport = 32768\n"); - u->uh_sport = htons(32768); - (void) send_udp(nfd, 1500, ip, gwip); - printf("32768\n"); - putchar('\n'); - fflush(stdout); - PAUSE(); - printf("4.3.5 UDP sport = 65535\n"); - u->uh_sport = htons(65535); - (void) send_udp(nfd, 1500, ip, gwip); - printf("65535\n"); - fflush(stdout); - PAUSE(); - } - - if (!ptest || (ptest == 4)) { - /* - * Test 4: dport = 0, dport = 1, dport = 32767 - * dport = 32768, dport = 65535 - */ - u->uh_ulen = ntohs(sizeof(*u) + 4); - u->uh_sport = htons(1); - ip->ip_len = (ip->ip_hl << 2) + ntohs(u->uh_ulen); - printf("4.4.1 UDP dport = 0\n"); - u->uh_dport = 0; - (void) send_udp(nfd, 1500, ip, gwip); - printf("0\n"); - fflush(stdout); - PAUSE(); - printf("4.4.2 UDP dport = 1\n"); - u->uh_dport = htons(1); - (void) send_udp(nfd, 1500, ip, gwip); - printf("1\n"); - fflush(stdout); - PAUSE(); - printf("4.4.3 UDP dport = 32767\n"); - u->uh_dport = htons(32767); - (void) send_udp(nfd, 1500, ip, gwip); - printf("32767\n"); - fflush(stdout); - PAUSE(); - printf("4.4.4 UDP dport = 32768\n"); - u->uh_dport = htons(32768); - (void) send_udp(nfd, 1500, ip, gwip); - printf("32768\n"); - fflush(stdout); - PAUSE(); - printf("4.4.5 UDP dport = 65535\n"); - u->uh_dport = htons(65535); - (void) send_udp(nfd, 1500, ip, gwip); - printf("65535\n"); - fflush(stdout); - PAUSE(); - } - - if (!ptest || (ptest == 5)) { - /* - * Test 5: sizeof(ip_t) <= MTU <= sizeof(udphdr_t) + - * sizeof(ip_t) - */ - printf("4.5 UDP 20 <= MTU <= 32\n"); - for (i = sizeof(*ip); i <= ntohs(u->uh_ulen); i++) { - (void) send_udp(nfd, i, ip, gwip); - printf("%d\r", i); - fflush(stdout); - PAUSE(); - } - putchar('\n'); - } -} - - -/* Perform test 5 (TCP) */ - -void ip_test5(dev, mtu, ip, gwip, ptest) -char *dev; -int mtu; -ip_t *ip; -struct in_addr gwip; -int ptest; -{ - struct timeval tv; - tcphdr_t *t; - int nfd, i; - - t = (tcphdr_t *)((char *)ip + (ip->ip_hl << 2)); -#ifndef linux - t->th_x2 = 0; -#endif - t->th_off = 0; - t->th_sport = htons(1); - t->th_dport = htons(1); - t->th_win = htons(4096); - t->th_urp = 0; - t->th_sum = 0; - t->th_seq = htonl(1); - t->th_ack = 0; - ip->ip_len = sizeof(ip_t) + sizeof(tcphdr_t); - nfd = initdevice(dev, t->th_sport, 1); - - if (!ptest || (ptest == 1)) { - /* - * Test 1: flags variations, 0 - 3f - */ - t->th_off = sizeof(*t) >> 2; - printf("5.1 Test TCP flag combinations\n"); - for (i = 0; i <= (TH_URG|TH_ACK|TH_PUSH|TH_RST|TH_SYN|TH_FIN); - i++) { - t->th_flags = i; - (void) send_tcp(nfd, mtu, ip, gwip); - printf("%d\r", i); - fflush(stdout); - PAUSE(); - } - putchar('\n'); - } - - if (!ptest || (ptest == 2)) { - t->th_flags = TH_SYN; - /* - * Test 2: seq = 0, seq = 1, seq = 0x7fffffff, seq=0x80000000, - * seq = 0xa000000, seq = 0xffffffff - */ - printf("5.2.1 TCP seq = 0\n"); - t->th_seq = htonl(0); - (void) send_tcp(nfd, mtu, ip, gwip); - fflush(stdout); - PAUSE(); - - printf("5.2.2 TCP seq = 1\n"); - t->th_seq = htonl(1); - (void) send_tcp(nfd, mtu, ip, gwip); - fflush(stdout); - PAUSE(); - - printf("5.2.3 TCP seq = 0x7fffffff\n"); - t->th_seq = htonl(0x7fffffff); - (void) send_tcp(nfd, mtu, ip, gwip); - fflush(stdout); - PAUSE(); - - printf("5.2.4 TCP seq = 0x80000000\n"); - t->th_seq = htonl(0x80000000); - (void) send_tcp(nfd, mtu, ip, gwip); - fflush(stdout); - PAUSE(); - - printf("5.2.5 TCP seq = 0xc0000000\n"); - t->th_seq = htonl(0xc0000000); - (void) send_tcp(nfd, mtu, ip, gwip); - fflush(stdout); - PAUSE(); - - printf("5.2.6 TCP seq = 0xffffffff\n"); - t->th_seq = htonl(0xffffffff); - (void) send_tcp(nfd, mtu, ip, gwip); - fflush(stdout); - PAUSE(); - } - - if (!ptest || (ptest == 3)) { - t->th_flags = TH_ACK; - /* - * Test 3: ack = 0, ack = 1, ack = 0x7fffffff, ack = 0x8000000 - * ack = 0xa000000, ack = 0xffffffff - */ - printf("5.3.1 TCP ack = 0\n"); - t->th_ack = 0; - (void) send_tcp(nfd, mtu, ip, gwip); - fflush(stdout); - PAUSE(); - - printf("5.3.2 TCP ack = 1\n"); - t->th_ack = htonl(1); - (void) send_tcp(nfd, mtu, ip, gwip); - fflush(stdout); - PAUSE(); - - printf("5.3.3 TCP ack = 0x7fffffff\n"); - t->th_ack = htonl(0x7fffffff); - (void) send_tcp(nfd, mtu, ip, gwip); - fflush(stdout); - PAUSE(); - - printf("5.3.4 TCP ack = 0x80000000\n"); - t->th_ack = htonl(0x80000000); - (void) send_tcp(nfd, mtu, ip, gwip); - fflush(stdout); - PAUSE(); - - printf("5.3.5 TCP ack = 0xc0000000\n"); - t->th_ack = htonl(0xc0000000); - (void) send_tcp(nfd, mtu, ip, gwip); - fflush(stdout); - PAUSE(); - - printf("5.3.6 TCP ack = 0xffffffff\n"); - t->th_ack = htonl(0xffffffff); - (void) send_tcp(nfd, mtu, ip, gwip); - fflush(stdout); - PAUSE(); - } - - if (!ptest || (ptest == 4)) { - t->th_flags = TH_SYN; - /* - * Test 4: win = 0, win = 32768, win = 65535 - */ - printf("5.4.1 TCP win = 0\n"); - t->th_seq = htonl(0); - (void) send_tcp(nfd, mtu, ip, gwip); - fflush(stdout); - PAUSE(); - - printf("5.4.2 TCP win = 32768\n"); - t->th_seq = htonl(0x7fff); - (void) send_tcp(nfd, mtu, ip, gwip); - fflush(stdout); - PAUSE(); - - printf("5.4.3 TCP win = 65535\n"); - t->th_win = htons(0xffff); - (void) send_tcp(nfd, mtu, ip, gwip); - fflush(stdout); - PAUSE(); - } - -#if !defined(linux) && !defined(__SVR4) && !defined(__svr4__) && \ - !defined(__sgi) - { - struct tcpcb *tcbp, tcb; - struct tcpiphdr ti; - struct sockaddr_in sin; - int fd, slen; - - bzero((char *)&sin, sizeof(sin)); - - for (i = 1; i < 63; i++) { - fd = socket(AF_INET, SOCK_STREAM, 0); - bzero((char *)&sin, sizeof(sin)); - sin.sin_addr.s_addr = ip->ip_dst.s_addr; - sin.sin_port = htons(i); - sin.sin_family = AF_INET; - if (!connect(fd, (struct sockaddr *)&sin, sizeof(sin))) - break; - close(fd); - } - - if (i == 63) { - printf("Couldn't open a TCP socket between ports 1 and 63\n"); - printf("to host %s for test 5 and 6 - skipping.\n", - inet_ntoa(ip->ip_dst)); - goto skip_five_and_six; - } - - bcopy((char *)ip, (char *)&ti, sizeof(*ip)); - t->th_dport = htons(i); - slen = sizeof(sin); - if (!getsockname(fd, (struct sockaddr *)&sin, &slen)) - t->th_sport = sin.sin_port; - if (!(tcbp = find_tcp(fd, &ti))) { - printf("Can't find PCB\n"); - goto skip_five_and_six; - } - KMCPY(&tcb, tcbp, sizeof(tcb)); - ti.ti_win = tcb.rcv_adv; - ti.ti_seq = htonl(tcb.snd_nxt - 1); - ti.ti_ack = tcb.rcv_nxt; - - if (!ptest || (ptest == 5)) { - /* - * Test 5: urp - */ - t->th_flags = TH_ACK|TH_URG; - printf("5.5.1 TCP Urgent pointer, sport %hu dport %hu\n", - ntohs(t->th_sport), ntohs(t->th_dport)); - t->th_urp = htons(1); - (void) send_tcp(nfd, mtu, ip, gwip); - PAUSE(); - - t->th_seq = htonl(tcb.snd_nxt); - ip->ip_len = sizeof(ip_t) + sizeof(tcphdr_t) + 1; - t->th_urp = htons(0x7fff); - (void) send_tcp(nfd, mtu, ip, gwip); - PAUSE(); - t->th_urp = htons(0x8000); - (void) send_tcp(nfd, mtu, ip, gwip); - PAUSE(); - t->th_urp = htons(0xffff); - (void) send_tcp(nfd, mtu, ip, gwip); - PAUSE(); - t->th_urp = 0; - t->th_flags &= ~TH_URG; - ip->ip_len = sizeof(ip_t) + sizeof(tcphdr_t); - } - - if (!ptest || (ptest == 6)) { - /* - * Test 6: data offset, off = 0, off is inside, off is outside - */ - t->th_flags = TH_ACK; - printf("5.6.1 TCP off = 1-15, len = 40\n"); - for (i = 1; i < 16; i++) { - ti.ti_off = ntohs(i); - (void) send_tcp(nfd, mtu, ip, gwip); - printf("%d\r", i); - fflush(stdout); - PAUSE(); - } - putchar('\n'); - ip->ip_len = sizeof(ip_t) + sizeof(tcphdr_t); - } - - (void) close(fd); - } -skip_five_and_six: -#endif - t->th_seq = htonl(1); - t->th_ack = htonl(1); - t->th_off = 0; - - if (!ptest || (ptest == 7)) { - t->th_flags = TH_SYN; - /* - * Test 7: sport = 0, sport = 1, sport = 32767 - * sport = 32768, sport = 65535 - */ - printf("5.7.1 TCP sport = 0\n"); - t->th_sport = 0; - (void) send_tcp(nfd, mtu, ip, gwip); - fflush(stdout); - PAUSE(); - - printf("5.7.2 TCP sport = 1\n"); - t->th_sport = htons(1); - (void) send_tcp(nfd, mtu, ip, gwip); - fflush(stdout); - PAUSE(); - - printf("5.7.3 TCP sport = 32767\n"); - t->th_sport = htons(32767); - (void) send_tcp(nfd, mtu, ip, gwip); - fflush(stdout); - PAUSE(); - - printf("5.7.4 TCP sport = 32768\n"); - t->th_sport = htons(32768); - (void) send_tcp(nfd, mtu, ip, gwip); - fflush(stdout); - PAUSE(); - - printf("5.7.5 TCP sport = 65535\n"); - t->th_sport = htons(65535); - (void) send_tcp(nfd, mtu, ip, gwip); - fflush(stdout); - PAUSE(); - } - - if (!ptest || (ptest == 8)) { - t->th_sport = htons(1); - t->th_flags = TH_SYN; - /* - * Test 8: dport = 0, dport = 1, dport = 32767 - * dport = 32768, dport = 65535 - */ - printf("5.8.1 TCP dport = 0\n"); - t->th_dport = 0; - (void) send_tcp(nfd, mtu, ip, gwip); - fflush(stdout); - PAUSE(); - - printf("5.8.2 TCP dport = 1\n"); - t->th_dport = htons(1); - (void) send_tcp(nfd, mtu, ip, gwip); - fflush(stdout); - PAUSE(); - - printf("5.8.3 TCP dport = 32767\n"); - t->th_dport = htons(32767); - (void) send_tcp(nfd, mtu, ip, gwip); - fflush(stdout); - PAUSE(); - - printf("5.8.4 TCP dport = 32768\n"); - t->th_dport = htons(32768); - (void) send_tcp(nfd, mtu, ip, gwip); - fflush(stdout); - PAUSE(); - - printf("5.8.5 TCP dport = 65535\n"); - t->th_dport = htons(65535); - (void) send_tcp(nfd, mtu, ip, gwip); - fflush(stdout); - PAUSE(); - } - - /* LAND attack - self connect, so make src & dst ip/port the same */ - if (!ptest || (ptest == 9)) { - printf("5.9 TCP LAND attack. sport = 25, dport = 25\n"); - /* chose SMTP port 25 */ - t->th_sport = htons(25); - t->th_dport = htons(25); - t->th_flags = TH_SYN; - ip->ip_src = ip->ip_dst; - (void) send_tcp(nfd, mtu, ip, gwip); - fflush(stdout); - PAUSE(); - } - - /* TCP options header checking */ - /* 0 length options, etc */ -} - - -/* Perform test 6 (exhaust mbuf test) */ - -void ip_test6(dev, mtu, ip, gwip, ptest) -char *dev; -int mtu; -ip_t *ip; -struct in_addr gwip; -int ptest; -{ - struct timeval tv; - udphdr_t *u; - int nfd, i, j, k; - - ip->ip_v = IPVERSION; - ip->ip_tos = 0; - ip->ip_off = 0; - ip->ip_ttl = 60; - ip->ip_p = IPPROTO_UDP; - ip->ip_sum = 0; - u = (udphdr_t *)(ip + 1); - u->uh_sport = htons(1); - u->uh_dport = htons(9); - u->uh_sum = 0; - - nfd = initdevice(dev, u->uh_sport, 1); - u->uh_ulen = htons(7168); - - printf("6. Exhaustive mbuf test.\n"); - printf(" Send 7k packet in 768 & 128 byte fragments, 128 times.\n"); - printf(" Total of around 8,900 packets\n"); - for (i = 0; i < 128; i++) { - /* - * First send the entire packet in 768 byte chunks. - */ - ip->ip_len = sizeof(*ip) + 768 + sizeof(*u); - ip->ip_hl = sizeof(*ip) >> 2; - ip->ip_off = htons(IP_MF); - (void) send_ip(nfd, 1500, ip, gwip, 1); - printf("%d %d\r", i, 0); - fflush(stdout); - PAUSE(); - /* - * And again using 128 byte chunks. - */ - ip->ip_len = sizeof(*ip) + 128 + sizeof(*u); - ip->ip_off = htons(IP_MF); - (void) send_ip(nfd, 1500, ip, gwip, 1); - printf("%d %d\r", i, 0); - fflush(stdout); - PAUSE(); - - for (j = 768; j < 3584; j += 768) { - ip->ip_len = sizeof(*ip) + 768; - ip->ip_off = htons(IP_MF|(j>>3)); - (void) send_ip(nfd, 1500, ip, gwip, 1); - printf("%d %d\r", i, j); - fflush(stdout); - PAUSE(); - - ip->ip_len = sizeof(*ip) + 128; - for (k = j - 768; k < j; k += 128) { - ip->ip_off = htons(IP_MF|(k>>3)); - (void) send_ip(nfd, 1500, ip, gwip, 1); - printf("%d %d\r", i, k); - fflush(stdout); - PAUSE(); - } - } - } - putchar('\n'); -} - - -/* Perform test 7 (random packets) */ - -static u_long tbuf[64]; - -void ip_test7(dev, mtu, ip, gwip, ptest) -char *dev; -int mtu; -ip_t *ip; -struct in_addr gwip; -int ptest; -{ - ip_t *pip; - struct timeval tv; - int nfd, i, j; - u_char *s; - - nfd = initdevice(dev, 0, 1); - pip = (ip_t *)tbuf; - - srand(time(NULL) ^ (getpid() * getppid())); - - printf("7. send 1024 random IP packets.\n"); - - for (i = 0; i < 512; i++) { - for (s = (u_char *)pip, j = 0; j < sizeof(tbuf); j++, s++) - *s = (rand() >> 13) & 0xff; - pip->ip_v = IPVERSION; - bcopy((char *)&ip->ip_dst, (char *)&pip->ip_dst, - sizeof(struct in_addr)); - pip->ip_sum = 0; - pip->ip_len &= 0xff; - (void) send_ip(nfd, mtu, pip, gwip, 0); - printf("%d\r", i); - fflush(stdout); - PAUSE(); - } - putchar('\n'); - - for (i = 0; i < 512; i++) { - for (s = (u_char *)pip, j = 0; j < sizeof(tbuf); j++, s++) - *s = (rand() >> 13) & 0xff; - pip->ip_v = IPVERSION; - pip->ip_off &= htons(0xc000); - bcopy((char *)&ip->ip_dst, (char *)&pip->ip_dst, - sizeof(struct in_addr)); - pip->ip_sum = 0; - pip->ip_len &= 0xff; - (void) send_ip(nfd, mtu, pip, gwip, 0); - printf("%d\r", i); - fflush(stdout); - PAUSE(); - } - putchar('\n'); -} |