NAME

  HTR_A_Out_Fragment - Host Transport Mode AH Outbound Header Order (Fragment Header vs AH)

TARGET

  Host

SYNOPSIS

  HTR_A_Out_Fragment.seq [-tooloption ...] -pkt HTR_A_Fragment.def
    -tooloption : v6eval tool option
  See also HTR_A_common.def and HTR_common.def

INITIALIZATION

For details of Network Topology, see 00README

Set NUT's SAD and SPD as following: 

              NET5      NET3
    HOST1_NET5 -- Router -- NUT
         <----transport------

Security Association Database (SAD)

source address NUT_NET3
destination address HOST1_NET5
SPI 0x1000
mode transport
protocol AH
AH algorithm HMAC-MD5
AH algorithm key TAHITEST89ABCDEF

Security Policy Database (SPD)

source address NUT_NET3
destination address HOST1_NET5
upper spec any
direction out
protocol AH
mode transport

Update Neighbor Cache

  1. Send ICMP Echo Request
  2. Receive ICMP Echo Reply

TEST PROCEDURE

 Tester                      Target
   |                           |
   |-------------------------->|
   |      ICMP Echo Request    |
   |      1st/2nd fragment     |
   |                           |
   |<--------------------------|
   |      ICMP Echo Reply      |
   |      1st/2nd fragment     |
   |        (with AH)          |
   |                           |
   v                           v
  1. Send ICMP Echo Request 1st and 2nd fragment
  2. Receive ICMP Echo Reply with AH 1st and 2nd fragment

ICMP Echo Request (original)

IP Header Source Address HOST1_NET5
Destination Address NUT_NET3
ICMP Type 128 (Echo Request)

ICMP Echo Request (1st fragment)

IP Header Source Address HOST1_NET5
Destination Address NUT_NET3
Fragment Header Next Header 58 (ICMP)
Offset 0
MFlag 1
Payload data 1st fragment of ICMP Echo Request

ICMP Echo Request (2nd fragment)

IP Header Source Address HOST1_NET5
Destination Address NUT_NET3
Fragment Header Next Header 58 (ICMP)
Offset 181
MFlag 0
Payload data 2nd fragment of ICMP Echo Request

ICMP Echo Reply with AH (original)

IP Header Source Address NUT_NET3
Destination Address HOST1_NET5
AH SPI 0x1000
Algorithm HMAC-MD5
Key TAHITEST89ABCDEF
ICMP Type 129 (Echo Reply)

ICMP Echo Request with AH (1st fragment)

IP Header Source Address HOST1_NET5
Destination Address NUT_NET3
Fragment Header Next Header 51 (AH)
Offset 0
MFlag 1
Payload data 1st fragment of ICMP Echo Reply with AH

ICMP Echo Request with AH (2nd fragment)

IP Header Source Address HOST1_NET5
Destination Address NUT_NET3
Fragment Header Next Header 51 (AH)
Offset 181
MFlag 0
Payload data 2nd fragment of ICMP Echo Reply with AH

JUDGMENT

  PASS: Both ICMP Echo Reply with AH 1st and 2nd fragment received

SEE ALSO

  perldoc V6evalTool

  IPSEC.html IPsec Test Common Utility