Discussion:
ipftest-ing IPv6 ipf rules
(too old to reply)
Edgar Fuß
2012-02-07 16:15:44 UTC
Permalink
We tried using ipftest to test IPv6 ipf rules and got "bad-packet" output.
Source inspection revealed that the "text" input format (which we normally use) is IPv4-only.

What's the recommended way to test v6 rules? We don't have real packets we want to test against, we need something like the "text" input format.

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Edgar Fuß
2012-02-08 18:01:00 UTC
Permalink
EF> What's the recommended way to test v6 rules?
So I figured out that the snoop reader is v4 only, too.

The tcpdump reader doesn't work either.

Next, I tried the pcap reader. Well, it didn't work with v6.
It didn't work with v4 either.
It's broken on amd64 (more precisely, on systems where sizeof(long) !=4).
The problem is that the pcap packet header is defined to be 16 bytes long,
consisting of four 32-bit quantities. The first two quantities are seconds
and microseconds of the packet's time stamp.
However, in pcap-ipf.h, struct pcap_pkthdr starts with a struct timeval.
A struct timeval is two long's. So you end up with a 24-byte type.

Does anyone actually use ipftest on non-i386 non-IPv4 systems?

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Darren Reed
2012-02-09 06:26:14 UTC
Permalink
Post by Edgar Fuß
We tried using ipftest to test IPv6 ipf rules and got "bad-packet" output.
Source inspection revealed that the "text" input format (which we normally use) is IPv4-only.
What's the recommended way to test v6 rules? We don't have real packets we want to test against, we need something like the "text" input format.
You currently need to use the format that supplies
packets as a hex dump. "ipftest -F hex".

Darren

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Edgar Fuß
2012-02-09 11:01:21 UTC
Permalink
Post by Darren Reed
You currently need to use the format that supplies
packets as a hex dump. "ipftest -F hex.
Do you know of any utility converting the text format (or something similar to it) to hex?
Assembling test packets in hex seems to be both tedious and error-prone.
--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Darren Reed
2012-02-09 12:54:04 UTC
Permalink
Post by Edgar Fuß
Post by Darren Reed
You currently need to use the format that supplies
packets as a hex dump. "ipftest -F hex.
Do you know of any utility converting the text format (or something similar to it) to hex?
If you use "tcpdump -x", you can get a hex dump of already existing
packets. That might help.
Post by Edgar Fuß
Assembling test packets in hex seems to be both tedious and error-prone.
Yes, so...

https://sourceforge.net/tracker/?func=detail&aid=3486236&group_id=169098&atid=849056

Darren

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Edgar Fuß
2012-02-09 19:45:21 UTC
Permalink
Post by Darren Reed
If you use "tcpdump -x", you can get a hex dump of already existing
packets. That might help.
No. We want to craft packets for testing.
Post by Darren Reed
https://sourceforge.net/tracker/?func=detail&aid=3486236&group_id=169098&atid=849056
Until then, probably the attached perl script helps.
It reads a format similar to ipftest's "text" format and outputs ipftest's "hex" format.
I'm always astonished how simple tasks like this are given perl's wealth of modules.
Darren Reed
2012-03-06 21:01:41 UTC
Permalink
Post by Edgar Fuß
Post by Darren Reed
If you use "tcpdump -x", you can get a hex dump of already existing
packets. That might help.
No. We want to craft packets for testing.
Post by Darren Reed
https://sourceforge.net/tracker/?func=detail&aid=3486236&group_id=169098&atid=849056
Until then, probably the attached perl script helps.
It reads a format similar to ipftest's "text" format and outputs ipftest's "hex" format.
I'm always astonished how simple tasks like this are given perl's wealth of modules.
When you update to NetBSD 6, ipftest should work with IPv6
packet descriptions in text like this:

in6 on zx0 tcp 10:1:1::1,1026 10::3:4:5,40000

Cheers,
Darren


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Loading...