");
vCapture($IF);
if ($IPSEC::IPsecAddr{IPSEC_IPVERSION} == 4) {
} else {
## RA
vSend($IF, ra_to_nut);
vSleep(3);
}
#### subtest No.1
$subtest_no = 1;
$subtest_title[$subtest_no] = "Discard the packet if policy=discard";
vLogHTML("Subtest No.$subtest_no: $subtest_title[$subtest_no]
");
($stat, %ret) = ipsecPing2NUT($IF, 'echo_request_from_host1', 'echo_reply_to_host1');
if ($stat ne 'NO_REPLY') {
vLogHTML("TN received something reply packet from NUT to HOST1.
");
$ret = 'FAIL';
} else {
vLogHTML("TN received no echo reply from NUT to HOST2.
");
vLogHTML("Ping over 1st SPD entry (policy=discard) is available.
");
$ret = 'PASS';
}
vLogHTML("Subtest No.$subtest_no $ret
");
$subtest_results[$subtest_no] = $ret;
#### subtest No.2
$subtest_no = 2;
$subtest_title[$subtest_no] = "Pass the packet without IPsec process if policy=none";
vLogHTML("Subtest No.$subtest_no: $subtest_title[$subtest_no]
");
($stat, %ret) = ipsecPing2NUT($IF, 'echo_request_from_host2', 'echo_reply_to_host2');
if ($stat ne 'GOT_REPLY') {
vLogHTML("TN received no echo reply from NUT to HOST2.
");
$ret = 'FAIL';
} else {
vLogHTML("TN received echo reply from NUT to HOST2.
");
vLogHTML("Ping over 2nd SPD entry (policy=none) is available.
");
$ret = 'PASS';
}
vLogHTML("Subtest No.$subtest_no $ret
");
$subtest_results[$subtest_no] = $ret;
### resluts table
vLogHTML("Subtest Results
");
for($i=1; $i < @subtest_title; $i++) {
vLogHTML("|$i| $subtest_title[$i] | $subtest_results[$i] |
");
$test_results = 'FAIL' if $subtest_results[$i] eq 'FAIL';
}
if ($test_results eq 'FAIL') {
ipsecExitFail();
}else{
ipsecExitPass();
}
######################################################################
__END__
=head1 NAME
HTR_C_Out_descbc_SPD_discard_none - Host Common Outbound, Select SPD entry (policy=discard,none), ESP (DES-CBC)
=head1 TARGET
Host
=head1 SYNOPSIS
=begin html
HTR_C_Out_descbc_SPD_discard_none.seq [-tooloption ...] -pkt HTR_E_SPD_discard_none.def
-tooloption : v6eval tool option
See also HTR_common.def
=end html
=head1 INITIALIZATION
=begin html
For details of Network Topology, see 00README
Set NUT's SAD and SPD as following:
NET5 NET3
HOST1_NET5 -+ Router -- NUT
<---policy=discard--
|
HOST2_NET5 -+
<---policy=none-----
Security Association Database (SAD)
source address |
NUT_NET3 |
destination address |
HOST1_NET5 |
SPI |
0x1000 |
mode |
transport |
protocol |
ESP |
ESP algorithm |
DES-CBC |
ESP algorithm key |
TAHITEST |
Security Policy Database (SPD) for policy=discard
source address |
NUT_NET3 |
destination address |
HOST1_NET5 |
upper spec |
any |
direction |
out |
policy |
discard |
Security Association Database (SAD)
source address |
NUT_NET3 |
destination address |
HOST2_NET5 |
SPI |
0x1000 |
mode |
transport |
protocol |
ESP |
ESP algorithm |
DES-CBC |
ESP algorithm key |
foo0foo1 |
Security Policy Database (SPD) for policy=discard
source address |
NUT_NET3 |
destination address |
HOST2_NET5 |
upper spec |
any |
direction |
out |
policy |
none |
=end html
=head1 TEST PROCEDURE
=begin html
Tester Target
| |
Subtest No.1 "Discard the packet if policy=discard"
|-------------------------->|
| ICMP Echo Request |
| for policy=discard |
| |
|(<------------------------)|
| No Reply |
| Judgment #1 |
| |
Subtest No.2 "Pass the packet without IPsec process if policy=none"
| |
|-------------------------->|
| ICMP Echo Request |
| for policy=none |
| |
|<--------------------------|
| ICMP Echo Reply |
| Judgment #2 |
| |
v v
ICMP Echo Request for policy=discard
IP Header |
Source Address |
HOST1_NET5 |
|
Destination Address |
NUT_NET3 |
ICMP |
Type |
128 (Echo Request) |
ICMP Echo Request for policy=none
IP Header |
Source Address |
HOST2_NET5 |
|
Destination Address |
NUT_NET3 |
ICMP |
Type |
128 (Echo Request) |
ICMP Echo Reply
IP Header |
Source Address |
NUT_NET3 |
|
Destination Address |
HOST2_NET5 |
ICMP |
Type |
129 (Echo Reply) |
=end html
=head1 JUDGMENT
Judgment #1:
No Reply
Judgment #2:
ICMP Echo Reply received
=head1 SEE ALSO
perldoc V6evalTool
=begin html
IPSEC.html IPsec Test Common Utility
=cut