#!/bin/sh # $Id: check-packet 9882 2007-01-13 17:15:39Z rsh $ # # check-packet -- Shell script to test ike-scan packet data # # Author: Roy Hills # Date: 25 November 2005 # # This script checks that ike-scan builds the correct ISAKMP packets. # It uses the undocumented ike-scan option --writepkttofile to write the # packet to a file rather than sending it via the network. # # It tries to use as many options as possible, in order to gain the maximum # code coverage. For this reason, some of the option combinations may appear # strange. # TMPFILE=/tmp/ike-scan-test.$$.tmp # SAMPLE01="$srcdir/pkt-default-proposal.dat" SAMPLE02="$srcdir/pkt-custom-proposal.dat" SAMPLE03="$srcdir/pkt-aggressive.dat" SAMPLE04="$srcdir/pkt-malformed.dat" SAMPLE05="$srcdir/pkt-ikev2.dat" SAMPLE06="$srcdir/pkt-single-trans.dat" # echo "Checking ike-scan default packet against $SAMPLE01 ..." IKEARGS="--sport=0 --retry=1 --nodns --cookie=deadbeefdeadbeef --file=- --timeout=100 --interval=50 --quiet --timestamp --shownum --backoff=2.0" echo "127.0.0.1" | $srcdir/ike-scan $IKEARGS --writepkttofile=$TMPFILE >/dev/null 2>&1 if test $? -ne 0; then rm -f $TMPFILE echo "FAILED" exit 1 fi cmp -s $TMPFILE $SAMPLE01 if test $? -ne 0; then rm -f $TMPFILE echo "FAILED" exit 1 fi echo "ok" rm -f $TMPFILE # echo "Checking ike-scan custom packet (adv trans) against $SAMPLE02 ..." IKEARGS="--sport=0 --retry=1 --nodns --cookie=deadbeefdeadbeef --mbz=255 --trans=(1=1,2=1,3=1,4=1) --trans=(1=7/128,2=1,3=3,4=5) --vendor=deadbeef --vendor=00010203 --bandwidth=64K" $srcdir/ike-scan $IKEARGS --writepkttofile=$TMPFILE 127.0.0.1 >/dev/null 2>&1 if test $? -ne 0; then rm -f $TMPFILE echo "FAILED" exit 1 fi cmp -s $TMPFILE $SAMPLE02 if test $? -ne 0; then rm -f $TMPFILE echo "FAILED" exit 1 fi echo "ok" rm -f $TMPFILE # echo "Checking ike-scan aggressive mode packet against $SAMPLE03 ..." IKEARGS="--sport=0 --retry=1 --nodns --cookie=deadbeefdeadbeef --randomseed=1234 --aggressive --id=royhills@hotmail.com --idtype=3 --dhgroup=2 --noncelen=20" $srcdir/ike-scan $IKEARGS --writepkttofile=$TMPFILE 127.0.0.1 >/dev/null 2>&1 if test $? -ne 0; then rm -f $TMPFILE echo "FAILED" exit 1 fi cmp -s $TMPFILE $SAMPLE03 if test $? -ne 0; then rm -f $TMPFILE echo "FAILED" exit 1 fi echo "ok" rm -f $TMPFILE # echo "Checking ike-scan malformed packet against $SAMPLE04 ..." IKEARGS="--sport=0 --retry=1 --nodns --cookie=deadbeefdeadbeef --randomseed=1234 --multiline --lifetime=32 --lifesize=64 --auth=3 --gssid=deadbeef --headerlen=+10 --headerver=0x32 --certreq=203040 --doi=2 --situation=3 --protocol=4 --transid=5 --spisize=4 --hdrflags=127 --hdrmsgid=1234 --exchange=6 --nextpayload=57 --rcookie=deadbeefdeadbeef" $srcdir/ike-scan $IKEARGS --writepkttofile=$TMPFILE 127.0.0.1 >/dev/null 2>&1 if test $? -ne 0; then rm -f $TMPFILE echo "FAILED" exit 1 fi cmp -s $TMPFILE $SAMPLE04 if test $? -ne 0; then rm -f $TMPFILE echo "FAILED" exit 1 fi echo "ok" rm -f $TMPFILE # echo "Checking ike-scan IKEv2 packet against $SAMPLE05 ..." IKEARGS="--sport=0 --retry=1 --nodns --cookie=deadbeefdeadbeef --randomseed=1234 --ikev2" $srcdir/ike-scan $IKEARGS --writepkttofile=$TMPFILE 127.0.0.1 >/dev/null 2>&1 if test $? -ne 0; then rm -f $TMPFILE echo "FAILED" exit 1 fi cmp -s $TMPFILE $SAMPLE05 if test $? -ne 0; then rm -f $TMPFILE echo "FAILED" exit 1 fi echo "ok" rm -f $TMPFILE # echo "Checking ike-scan single trans packet against $SAMPLE06 ..." IKEARGS="--sport=0 --retry=1 --nodns --cookie=deadbeefdeadbeef --lifetime=none --lifesize=none --trans=5,2,3,2" $srcdir/ike-scan $IKEARGS --writepkttofile=$TMPFILE 127.0.0.1 >/dev/null 2>&1 if test $? -ne 0; then rm -f $TMPFILE echo "FAILED" exit 1 fi cmp -s $TMPFILE $SAMPLE06 if test $? -ne 0; then rm -f $TMPFILE echo "FAILED" exit 1 fi echo "ok" rm -f $TMPFILE