security-scripts/vpn/ike-scan-1.9/check-packet

#!/bin/sh
# $Id: check-packet 9882 2007-01-13 17:15:39Z rsh $
#
# check-packet -- Shell script to test ike-scan packet data
#
# Author: Roy Hills
# Date: 25 November 2005
#
# This script checks that ike-scan builds the correct ISAKMP packets.
# It uses the undocumented ike-scan option --writepkttofile to write the
# packet to a file rather than sending it via the network.
#
# It tries to use as many options as possible, in order to gain the maximum
# code coverage.  For this reason, some of the option combinations may appear
# strange.
#
TMPFILE=/tmp/ike-scan-test.$$.tmp
#
SAMPLE01="$srcdir/pkt-default-proposal.dat"
SAMPLE02="$srcdir/pkt-custom-proposal.dat"
SAMPLE03="$srcdir/pkt-aggressive.dat"
SAMPLE04="$srcdir/pkt-malformed.dat"
SAMPLE05="$srcdir/pkt-ikev2.dat"
SAMPLE06="$srcdir/pkt-single-trans.dat"
#
echo "Checking ike-scan default packet against $SAMPLE01 ..."
IKEARGS="--sport=0 --retry=1 --nodns --cookie=deadbeefdeadbeef --file=- --timeout=100 --interval=50 --quiet --timestamp --shownum --backoff=2.0"
echo "127.0.0.1" | $srcdir/ike-scan $IKEARGS --writepkttofile=$TMPFILE >/dev/null 2>&1
if test $? -ne 0; then
   rm -f $TMPFILE
   echo "FAILED"
   exit 1
fi
cmp -s $TMPFILE $SAMPLE01
if test $? -ne 0; then
   rm -f $TMPFILE
   echo "FAILED"
   exit 1
fi
echo "ok"
rm -f $TMPFILE
#
echo "Checking ike-scan custom packet (adv trans) against $SAMPLE02 ..."
IKEARGS="--sport=0 --retry=1 --nodns --cookie=deadbeefdeadbeef --mbz=255 --trans=(1=1,2=1,3=1,4=1) --trans=(1=7/128,2=1,3=3,4=5) --vendor=deadbeef --vendor=00010203 --bandwidth=64K"
$srcdir/ike-scan $IKEARGS --writepkttofile=$TMPFILE 127.0.0.1 >/dev/null 2>&1
if test $? -ne 0; then
   rm -f $TMPFILE
   echo "FAILED"
   exit 1
fi
cmp -s $TMPFILE $SAMPLE02
if test $? -ne 0; then
   rm -f $TMPFILE
   echo "FAILED"
   exit 1
fi
echo "ok"
rm -f $TMPFILE
#
echo "Checking ike-scan aggressive mode packet against $SAMPLE03 ..."
IKEARGS="--sport=0 --retry=1 --nodns --cookie=deadbeefdeadbeef --randomseed=1234 --aggressive --id=royhills@hotmail.com --idtype=3 --dhgroup=2 --noncelen=20"
$srcdir/ike-scan $IKEARGS --writepkttofile=$TMPFILE 127.0.0.1 >/dev/null 2>&1
if test $? -ne 0; then
   rm -f $TMPFILE
   echo "FAILED"
   exit 1
fi
cmp -s $TMPFILE $SAMPLE03
if test $? -ne 0; then
   rm -f $TMPFILE
   echo "FAILED"
   exit 1
fi
echo "ok"
rm -f $TMPFILE
#
echo "Checking ike-scan malformed packet against $SAMPLE04 ..."
IKEARGS="--sport=0 --retry=1 --nodns --cookie=deadbeefdeadbeef --randomseed=1234 --multiline --lifetime=32 --lifesize=64 --auth=3 --gssid=deadbeef --headerlen=+10 --headerver=0x32  --certreq=203040 --doi=2 --situation=3 --protocol=4 --transid=5 --spisize=4 --hdrflags=127 --hdrmsgid=1234 --exchange=6 --nextpayload=57 --rcookie=deadbeefdeadbeef"
$srcdir/ike-scan $IKEARGS --writepkttofile=$TMPFILE 127.0.0.1 >/dev/null 2>&1
if test $? -ne 0; then
   rm -f $TMPFILE
   echo "FAILED"
   exit 1
fi
cmp -s $TMPFILE $SAMPLE04
if test $? -ne 0; then
   rm -f $TMPFILE
   echo "FAILED"
   exit 1
fi
echo "ok"
rm -f $TMPFILE
#
echo "Checking ike-scan IKEv2 packet against $SAMPLE05 ..."
IKEARGS="--sport=0 --retry=1 --nodns --cookie=deadbeefdeadbeef --randomseed=1234 --ikev2"
$srcdir/ike-scan $IKEARGS --writepkttofile=$TMPFILE 127.0.0.1 >/dev/null 2>&1
if test $? -ne 0; then
   rm -f $TMPFILE
   echo "FAILED"
   exit 1
fi
cmp -s $TMPFILE $SAMPLE05
if test $? -ne 0; then
   rm -f $TMPFILE
   echo "FAILED"
   exit 1
fi
echo "ok"
rm -f $TMPFILE
#
echo "Checking ike-scan single trans packet against $SAMPLE06 ..."
IKEARGS="--sport=0 --retry=1 --nodns --cookie=deadbeefdeadbeef --lifetime=none --lifesize=none --trans=5,2,3,2"
$srcdir/ike-scan $IKEARGS --writepkttofile=$TMPFILE 127.0.0.1 >/dev/null 2>&1
if test $? -ne 0; then
   rm -f $TMPFILE
   echo "FAILED"
   exit 1
fi
cmp -s $TMPFILE $SAMPLE06
if test $? -ne 0; then
   rm -f $TMPFILE
   echo "FAILED"
   exit 1
fi
echo "ok"
rm -f $TMPFILE