");
vCapture($IF);
if ($IPSEC::IPsecAddr{IPSEC_IPVERSION} == 4) {
} else {
## RA
vSend($IF, ra_to_nut);
vSleep(3);
}
# ping TN(HOST1) <-> NUT (Valid Key)
($stat, %ret) = ipsecPing2NUT($IF, 'echo_request_from_host1_esp', 'echo_reply_to_host1');
if ($stat ne 'GOT_REPLY') {
vLogHTML("TN received no echo reply from NUT to HOST1. (SPI=0x1000)
");
ipsecExitFail();
}
vLogHTML("TN received echo reply from NUT to HOST1.
");
# ping TN(HOST1) <-> NUT (Invalid Key)
($stat, %ret) = ipsecPing2NUT($IF, 'echo_request_from_host1_esp_2', 'echo_reply_to_host1_2');
if ($stat ne 'NO_REPLY') {
vLogHTML("TN received something reply packet from NUT to HOST1.
");
vLogHTML("TN did not ignore the invalid encryption key
");
ipsecExitFail();
}
vLogHTML("TN received no echo reply packet from NUT to HOST1.
");
vLogHTML("TN ignored the invalid encryption key
");
ipsecExitPass();
######################################################################
__END__
=head1 NAME
HTR_E_In_EncryptKey_descbc - Host Transport Mode ESP (DES-CBC) Inbound Invalid Encryption Key
=head1 TARGET
Host
=head1 SYNOPSIS
=begin html
HTR_E_In_EncryptKey_descbc.seq [-tooloption ...] -pkt HTR_E_EncryptKey_descbc.def
-tooloption : v6eval tool option
See also HTR_E_common.def and HTR_common.def
=end html
=head1 INITIALIZATION
=begin html
For details of Network Topology, see 00README
Set NUT's SAD and SPD as following:
NET5 NET3
HOST1_NET5 -- Router -- NUT
-----transport----->
Security Association Database (SAD)
source address |
HOST1_NET5 |
destination address |
NUT_NET3 |
SPI |
0x1000 |
mode |
transport |
protocol |
ESP |
ESP algorithm |
DES-CBC |
ESP algorithm key |
TAHITEST |
Security Policy Database (SPD)
source address |
HOST1_NET5 |
destination address |
NUT_NET3 |
upper spec |
any |
direction |
in |
protocol |
ESP |
mode |
transport |
=end html
=head1 TEST PROCEDURE
=begin html
Tester Target
| |
|-------------------------->|
| ICMP Echo Request |
| (with ESP) |
| |
| (<----------------------) |
| No ICMP Echo Reply |
| |
v v
- Send ICMP Echo Request with ESP
- Receive nothing
ICMP Echo Request with ESP
IP Header |
Source Address |
HOST1_NET5 |
|
Destination Address |
NUT_NET3 |
ESP |
SPI |
0x1000 |
|
Algorithm |
DES-CBC |
|
Key |
foo0foo1 |
ICMP |
Type |
128 (Echo Request) |
ICMP Echo Reply
IP Header |
Source Address |
NUT_NET3 |
|
Destination Address |
HOST1_NET5 |
ICMP |
Type |
129 (Echo Reply) |
=end html
=head1 JUDGMENT
PASS: Nothing received
FAIL: ICMP Echo Reply received
=head1 SEE ALSO
perldoc V6evalTool
=begin html
IPSEC.html IPsec Test Common Utility
=cut