");
vCapture($IF0);
vCapture($IF1);
$test_result = 'PASS';
# NET1 NET0 NET2 NET4
# HOST1_NET1 <- NUT <- Router <- SG1 <- HOST1_NET4
# <====tunnel=====
#### subtest No.1
$subtest_no = 1;
$subtest_title[$subtest_no] = "Check header order of tunnel mode (acceptable):[IPv6H][DSTH][AH][IPv6H][UpperH]";
vLogHTML("Subtest No.$subtest_no: $subtest_title[$subtest_no]
");
$csts = 'PASS'; #initialize current subtest status
($stat, %ret) = ipsecForwardDecap($IF0, $IF1,
'ahtun_from_sg1_net2_dstopt_ah_echo_request_from_host1_net4_to_host1_net1_on_net0',
'echo_request_from_host1_net4_to_host1_net1_on_net1');
$csts = 'FAIL' if $stat ne 'GOT_PACKET';
vLogHTML("Subtest No.$subtest_no $csts
");
$subtest_results[$subtest_no] = $csts;
#### subtest No.2
$subtest_no = 2;
$subtest_title[$subtest_no] = "Check header order of tunnel mode (ignored):[IPv6H][AH][DSTH][IPv6H][UpperH]";
vLogHTML("Subtest No.$subtest_no: $subtest_title[$subtest_no]
");
$csts = 'PASS'; #initialize current subtest status
($stat, %ret) = ipsecForwardDecap($IF0, $IF1,
'ahtun_from_sg1_net2_ah_dstopt_echo_request_from_host1_net4_to_host1_net1_on_net0',
'echo_request_from_host1_net4_to_host1_net1_on_net1');
$csts = 'FAIL' if $stat eq 'GOT_PACKET';
vLogHTML("Subtest No.$subtest_no $csts
");
$subtest_results[$subtest_no] = $csts;
### resluts table
vLogHTML("Subtest Results
");
for($i=1; $i < @subtest_title; $i++) {
vLogHTML("|$i| $subtest_title[$i] | $subtest_results[$i] |
");
$test_results = 'FAIL' if $subtest_results[$i] eq 'FAIL';
}
if ($test_results eq 'FAIL') {
ipsecExitFail();
}else{
ipsecExitPass();
}
######################################################################
__END__
=head1 NAME
RTU_A_In_Order_DSTH - Router Tunnel Mode AH Inbound Header Order (Destination Options Header vs AH)
=head1 TARGET
Router
=head1 SYNOPSIS
=begin html
RTU_A_In_Order_DSTH.seq [-tooloption ...] -pkt RTU_A_Order_DSTH.def
-tooloption : v6eval tool option
See also HTR_A_common.def and HTR_common.def
=end html
=head1 INITIALIZATION
=begin html
For details of Network Topology, see 00README
Set NUT's SAD and SPD as following:
(Link0) (Link1)
NET4 NET2 NET0 NET1
HOST1_NET4 -- SG1 -- Router -- NUT -- HOST1_NET1
=====tunnel======>
Security Association Database (SAD)
source address |
SG1_NET2 |
destination address |
NUT_NET0 |
SPI |
0x1000 |
mode |
tunnel |
protocol |
AH |
AH algorithm |
HMAC-MD5 |
AH algorithm key |
TAHITEST89ABCDEF |
Security Policy Database (SPD)
=end html
=head1 TEST PROCEDURE
=begin html
Tester Target Tester
(Link0) (Link1)
| | |
|-------------------------->| |
| ICMP Echo Request | |
| [DSTH][AH] | |
| (with AH) | |
| |-------------------------->|
| | ICMP Echo Request |
| | |
| | |
|-------------------------->| |
| ICMP Echo Request | |
| [AH][DSTH] | |
| (with AH) | |
| | (---------------------->) |
| | No ICMP Echo Request |
| | |
| | |
| | |
v v v
- Send ICMP Echo Request [DSTH][AH] to Link0
- Receive ICMP Echo Request from Link1
- Send ICMP Echo Request [AH][DST] to Link0
- Receive No Packet from Link1
ICMP Echo Request [DSTH][AH] to Link0
IP Header |
Source Address |
SG1_NET2 |
|
Destination Address |
NUT_NET0 |
Destination Options Header |
Type |
PadN |
AH |
SPI |
0x1000 |
|
Algorithm |
HMAC-MD5 |
|
Key |
TAHITEST89ABCDEF |
IP Header |
Source Address |
HOST1_NET4 |
|
Destination Address |
HOST1_NET1 |
ICMP |
Type |
128 (Echo Request) |
ICMP Echo Request from Link1
IP Header |
Source Address |
HOST1_NET4 |
|
Destination Address |
HOST1_NET1 |
ICMP |
Type |
128 (Echo Request) |
ICMP Echo Request [AH][DSTH] to Link0
IP Header |
Source Address |
SG1_NET2 |
|
Destination Address |
NUT_NET0 |
AH |
SPI |
0x1000 |
|
Algorithm |
HMAC-MD5 |
|
Key |
TAHITEST89ABCDEF |
Destination Options Header |
Type |
PadN |
IP Header |
Source Address |
HOST1_NET4 |
|
Destination Address |
HOST1_NET1 |
ICMP |
Type |
128 (Echo Request) |
ICMP Echo Request from Link1
IP Header |
Source Address |
HOST1_NET4 |
|
Destination Address |
HOST1_NET1 |
ICMP |
Type |
128 (Echo Request) |
=end html
=head1 JUDGMENT
PASS: ICMP Echo Request received
=head1 SEE ALSO
perldoc V6evalTool
=begin html
IPSEC.html IPsec Test Common Utility
=end html
=cut