NAME

  HTR_A_In_DM_DSTH_optdata - Host Transport Mode AH Inbound, Detect modification of DstOpt header option data before AH
  


TARGET

  Host


SYNOPSIS

  HTR_A_In_DM_DSTH_optdata.seq [-tooloption ...] -pkt HTR_A_DM_DSTH_optdata.def
    -tooloption : v6eval tool option
  See also HTR_A_common.def and HTR_common.def


INITIALIZATION

For details of Network Topology, see 00README

Set NUT's SAD and SPD as following:

              NET5      NET3
    HOST1_NET5 -- Router -- NUT
         -----transport----->

Security Association Database (SAD)

source address HOST1_NET5
destination address NUT_NET3
SPI 0x1000
mode transport
protocol AH
AH algorithm HMAC-MD5
AH algorithm key TAHITEST89ABCDEF

Security Policy Database (SPD)

source address HOST1_NET5
destination address NUT_NET3
upper spec any
direction in
protocol AH
mode transport


TEST PROCEDURE

 Tester                      Target
   |                           |
 Subtest No.1 "option bit 000: option data is immutable"
   |                           |
   |-------------------------->|
   |      ICMP Echo Request    |
   |      with [DSTH][AH]      |
   |                           |
   |<--------------------------|
   |      ICMP Echo Reply      |
   |        Judgement #1       |
   |                           |
   |-------------------------->|
   |      ICMP Echo Request    |
   |      with [DSTH][AH]      |
   |  (option type=0x02, option data of DSTH is modified)
   |                           |
   | (<----------------------) |
   |     No ICMP Echo Reply    |
   |        Judgement #2       |
   v                           v
 Subtest No.2 "option bit 001: option data is mutable";
   |                           |
   |-------------------------->|
   |      ICMP Echo Request    |
   |      with [DSTH][AH]      |
   |  (option type=0x22, option data of DSTH is modified)
   |                           |
   |<--------------------------|
   |      ICMP Echo Reply      |
   |        Judgement #3       |
   |                           |
   v                           v

ICMP Echo Request with [DSTH][AH]

IP Header Source Address HOST1_NET5
Destination Address NUT_NET3
Destination Options Header Type 0x02
Data Length 4
Data 0x0f0f0000
AH SPI 0x1000
Sequence Number 1
Algorithm HMAC-MD5
Key TAHITEST89ABCDEF
ICMP Type 128 (Echo Request)

ICMP Echo Reply

IP Header Source Address NUT_NET3
Destination Address HOST1_NET5
ICMP Type 129 (Echo Reply)

ICMP Echo Request with [DSTH][AH] (option type=0x02, option data of DSTH is modified)

IP Header Source Address HOST1_NET5
Destination Address NUT_NET3
Destination Options Header Type 0x02
Data Length 4
Data 0x00000000 (0x0f0f0000 is original)
AH SPI 0x1000
Sequence Number 1
Algorithm HMAC-MD5
Key TAHITEST89ABCDEF
ICMP Type 128 (Echo Request)

ICMP Echo Request with [DSTH][AH] (option type=0x22, option data of DSTH is modified)

IP Header Source Address HOST1_NET5
Destination Address NUT_NET3
Destination Options Header Type 0x22
Data Length 4
Data 0x1f1f0000 (0x0f0f0000 is original)
AH SPI 0x1000
Sequence Number 1
Algorithm HMAC-MD5
Key TAHITEST89ABCDEF
ICMP Type 128 (Echo Request)


JUDGMENT

  Judgement #1:
      Receive ICMP Echo Reply (MUST)
  Judgement #2:
      Receive nothing (MUST)
  Judgement #3:
      Receive ICMP Echo Reply (MUST)


SEE ALSO

  perldoc V6evalTool
  IPSEC.html IPsec Test Common Utility