RTU_A_In_DM_DSTH_optlen - Router Tunnel Mode AH Inbound, Detect modification of DstOpt header option len before AH
Router
RTU_A_In_DM_DSTH_optlen.seq [-tooloption ...] -pkt RTU_A_DM_DSTH_optlen.def
-tooloption : v6eval tool option
See also HTR_A_common.def and HTR_common.def
For details of Network Topology, see 00README
Set NUT's SAD and SPD as following:
(Link0) (Link1)
NET4 NET2 NET0 NET1
HOST1_NET4 -- SG1 -- Router -- NUT -- HOST1_NET1
=====tunnel======>
Security Association Database (SAD)
| source address | SG1_NET2 |
| destination address | NUT_NET0 |
| SPI | 0x1000 |
| mode | tunnel |
| protocol | AH |
| AH algorithm | HMAC-MD5 |
| AH algorithm key | TAHITEST89ABCDEF |
Security Policy Database (SPD)
| No SPD entry |
Tester Target Tester
(Link0) (Link1)
| | |
Subtest No.1 "option bit 000: option len is immutable"
| | |
|-------------------------->| |
| ICMP Echo Request | |
| within [DSTH][AH] tunnel | |
| |-------------------------->|
| | ICMP Echo Request |
| | Judgement #1 |
| | |
|-------------------------->| |
| ICMP Echo Request | |
| within [DSTH][AH] tunnel | |
| (option len of DSTH is modified 0x04->0x02) |
| | (---------------------->) |
| | No ICMP Echo Request |
| | Judgement #2 |
| | |
v v v
Subtest No.2 "option bit 001: option len is immutable"
| | |
|-------------------------->| |
| ICMP Echo Request | |
| within [DSTH][AH] tunnel | |
| (option len of DSTH is modified 0x04->0x02) |
| | (---------------------->) |
| | No ICMP Echo Request |
| | Judgement #3 |
| | |
v v v
ICMP Echo Request within [DSTH][AH] tunnel to Link0
| IP Header | Source Address | SG1_NET2 |
| Destination Address | NUT_NET0 | |
| Destination Options Header | Type | 0x02 |
| Data Length | 4 | |
| Data | 0x0f0f0000 | |
| AH | SPI | 0x1000 |
| Sequence Number | 1 | |
| Algorithm | HMAC-MD5 | |
| Key | TAHITEST89ABCDEF | |
| IP Header | Source Address | HOST1_NET4 |
| Destination Address | HOST1_NET1 | |
| ICMP | Type | 128 (Echo Request) |
ICMP Echo Request from Link1
| IP Header | Source Address | HOST1_NET4 |
| Destination Address | HOST1_NET1 | |
| ICMP | Type | 128 (Echo Request) |
Send ICMP Echo Request within [DSTH][AH] tunnel (option len of DSTH is modified 0x04->0x02) to Link0
| IP Header | Source Address | SG1_NET2 |
| Destination Address | NUT_NET0 | |
| Destination Options Header | Type | 0x02 |
| Data Length | 2 (4 is original) | |
| Data | 0x0f0f | |
| Type | Pad1 | |
| Type | Pad1 | |
| AH | SPI | 0x1000 |
| Sequence Number | 2 | |
| Algorithm | HMAC-MD5 | |
| Key | TAHITEST89ABCDEF | |
| IP Header | Source Address | HOST1_NET4 |
| Destination Address | HOST1_NET1 | |
| ICMP | Type | 128 (Echo Request) |
Send ICMP Echo Request within [DSTH][AH] tunnel (option type of DSTH is modified 0x04->0x02) to Link0
| IP Header | Source Address | SG1_NET2 |
| Destination Address | NUT_NET0 | |
| Destination Options Header | Type | 0x22 |
| Data Length | 2 (4 is original) | |
| Data | 0x0f0f | |
| Type | Pad1 | |
| Type | Pad1 | |
| AH | SPI | 0x1000 |
| Sequence Number | 3 | |
| Algorithm | HMAC-MD5 | |
| Key | TAHITEST89ABCDEF | |
| IP Header | Source Address | HOST1_NET4 |
| Destination Address | HOST1_NET1 | |
| ICMP | Type | 128 (Echo Request) |
Judgement #1:
Receive ICMP Echo Request from Link1 (MUST)
Judgement #2:
Receive nothing (MUST)
Judgement #3:
Receive nothing (MUST)
perldoc V6evalTool
IPSEC.html IPsec Test Common Utility