NAME

  HTR_C_In_rijndaelcbc_SPD_discard_none - Host Common Inbound, Select SPD entry (policy=discard,none), ESP(RIJNDAEL-CBC)
  


TARGET

  Host


SYNOPSIS

  HTR_C_In_rijndaelcbc_SPD_discard_none.seq [-tooloption ...] -pkt HTR_E_SPD_discard_none.def
    -tooloption : v6eval tool option
  See also HTR_common.def


INITIALIZATION

For details of Network Topology, see 00README

Set NUT's SAD and SPD as following:

              NET5      NET3
    HOST1_NET5 -+ Router -- NUT
         ---policy=discard-->
                |
    HOST2_NET5 -+
         ---policy=none----->

Security Association Database (SAD)

source address HOST1_NET5
destination address NUT_NET3
SPI 0x1000
mode transport
protocol ESP
ESP algorithm RIJNDAEL-CBC
ESP algorithm key TAHITEST89ABCDEF

Security Policy Database (SPD) for policy=discard

source address HOST1_NET5
destination address NUT_NET3
upper spec any
direction in
policy discard

Security Association Database (SAD)

source address HOST2_NET5
destination address NUT_NET3
SPI 0x1000
mode transport
protocol ESP
ESP algorithm RIJNDAEL-CBC
ESP algorithm key foo0foo1foo2foo3

Security Policy Database (SPD) for policy=discard

source address HOST2_NET5
destination address NUT_NET3
upper spec any
direction in
policy none


TEST PROCEDURE

 Tester                      Target
   |                           |
 Subtest No.1 "Discard the packet if policy=discard"
   |-------------------------->|
   |      ICMP Echo Request    |
   |      for policy=discard   |
   |                           |
   |(<------------------------)|
   |          No Reply         |
   |        Judgment #1       |
   |                           |
 Subtest No.2 "Pass the packet without IPsec process if policy=none"
   |                           |
   |-------------------------->|
   |      ICMP Echo Request    |
   |      for policy=none      |
   |                           |
   |<--------------------------|
   |      ICMP Echo Reply      |
   |        Judgment #2       |
   |                           |
   v                           v

ICMP Echo Request for policy=discard

IP Header Source Address HOST1_NET5
Destination Address NUT_NET3
ICMP Type 128 (Echo Request)

ICMP Echo Request for policy=none

IP Header Source Address HOST2_NET5
Destination Address NUT_NET3
ICMP Type 128 (Echo Request)

ICMP Echo Reply

IP Header Source Address NUT_NET3
Destination Address HOST2_NET5
ICMP Type 129 (Echo Reply)


JUDGMENT

  Judgment #1:
      No Reply
  Judgment #2:
      ICMP Echo Reply received


SEE ALSO

  perldoc V6evalTool
  IPSEC.html IPsec Test Common Utility