No. | Title |
Result | Log | Script | Packet | Dump (bin) |
| Host Transport Mode |
|
|
|
|
|
| Initialize for Host |
|
|
|
|
|
1 | Set Global Address and Check (Host) | PASS | X | X | X | Link0 |
| Host Transport AH Outbound |
|
|
|
|
|
| Host Transport AH Outbound with authentication |
|
|
|
|
|
2 | Outbound AH packet (HMAC-MD5) | PASS | X | X | X | Link0 |
3 | Outbound AH packet (HMAC-SHA1) | PASS | X | X | X | Link0 |
| Host Transport AH Outbound Header Order |
|
|
|
|
|
4 | Outbound Header Order (Fragment Header vs AH) | PASS | X | X | X | Link0 |
| Host Transport AH Outbound Connect SA bundles |
|
|
|
|
|
5 | Connect two SA bundles with different spi, different IPdst | PASS | X | X | X | Link0 |
6 | Connect two SA bundles with same spi, different IPdst | PASS | X | X | X | Link0 |
| Host Transport AH Inbound |
|
|
|
|
|
| Host Transport AH Inbound with authentication |
|
|
|
|
|
7 | Inbound AH packet (HMAC-MD5) | PASS | X | X | X | Link0 |
8 | Inbound AH packet (HMAC-SHA1) | PASS | X | X | X | Link0 |
| Host Transport AH Inbound Header Order |
|
|
|
|
|
9 | Inbound Header Order (Fragment Header vs AH) | PASS | X | X | X | Link0 |
| Host Transport AH Inbound Connect SA bundles |
|
|
|
|
|
10 | Connect two SA bundles with different spi, different IPsrc | PASS | X | X | X | Link0 |
11 | Connect two SA bundles with different spi, same IPsrc | PASS | X | X | X | Link0 |
| Host Transport AH Inbound, Detect modification of packet with AH |
|
|
|
|
|
12 | Detect modification of IPv6 header IP dst address with AH | PASS | X | X | X | Link0 |
13 | Detect modification of IPv6 header IP src address with AH | PASS | X | X | X | Link0 |
14 | Undetect modification of IPv6 header hoplimit with AH | PASS | X | X | X | Link0 |
15 | Detect modification of IPv6 header IP dst address with Routing header and AH | PASS | X | X | X | Link0 |
16 | Detect modification of Routing header "last router address" with AH | PASS | X | X | X | Link0 |
17 | Detect modification of DstOpt header option type before AH | PASS | X | X | X | Link0 |
18 | Detect modification of DstOpt header option len before AH | PASS | X | X | X | Link0 |
19 | Detect modification of DstOpt header option data before AH | FAIL, Why | X | X | X | Link0 |
20 | Detect modification of DstOpt header option data after AH | FAIL, Why | X | X | X | Link0 |
21 | Detect modification of HBHOpt header option type with AH | PASS | X | X | X | Link0 |
22 | Detect modification of HBHOpt header option len with AH | PASS | X | X | X | Link0 |
23 | Detect modification of HBHOpt header option data with AH | FAIL, Why | X | X | X | Link0 |
24 | Detect modification of payload with AH | PASS | X | X | X | Link0 |
| Host Transport ESP Outbound |
|
|
|
|
|
| ESP Outbound without authentication |
|
|
|
|
|
25 | Outbound ESP packet (DES-CBC) | PASS | X | X | X | Link0 |
26 | Outbound ESP packet (3DES-CBC) | PASS | X | X | X | Link0 |
27 | Outbound ESP packet (RIJNDAEL-CBC) | PASS | X | X | X | Link0 |
| ESP Outbound with authentication |
|
|
|
|
|
28 | Outbound ESP packet (NULL, HMAC-MD5) | FAIL, Why | X | X | X | Link0 |
29 | Outbound ESP packet (NULL, HMAC-SHA1) | FAIL, Why | X | X | X | Link0 |
30 | Outbound ESP packet (NULL, HMAC-SHA2-256) | FAIL, Why | X | X | X | Link0 |
31 | Outbound ESP packet (DES-CBC, HMAC-MD5) | PASS | X | X | X | Link0 |
32 | Outbound ESP packet (DES-CBC, HMAC-SHA1) | PASS | X | X | X | Link0 |
33 | Outbound ESP packet (DES-CBC, HMAC-SHA2-256) | FAIL, Why | X | X | X | Link0 |
34 | Outbound ESP packet (3DES-CBC, HMAC-MD5) | PASS | X | X | X | Link0 |
35 | Outbound ESP packet (3DES-CBC, HMAC-SHA1) | PASS | X | X | X | Link0 |
36 | Outbound ESP packet (3DES-CBC, HMAC-SHA2-256) | FAIL, Why | X | X | X | Link0 |
37 | Outbound ESP packet (RIJNDAEL-CBC, HMAC-MD5) | PASS | X | X | X | Link0 |
38 | Outbound ESP packet (RIJNDAEL-CBC, HMAC-SHA1) | PASS | X | X | X | Link0 |
39 | Outbound ESP packet (RIJNDAEL-CBC, HMAC-SHA2-256) | FAIL, Why | X | X | X | Link0 |
| ESP Outbound Padding |
|
|
|
|
|
40 | Outbound Padding (NULL, HMAC-MD5) | FAIL, Why | X | X | X | Link0 |
41 | Outbound Padding (NULL, HMAC-SHA1) | FAIL, Why | X | X | X | Link0 |
42 | Outbound Padding (NULL, HMAC-SHA2-256) | FAIL, Why | X | X | X | Link0 |
43 | Outbound Padding (DES-CBC, HMAC-MD5) | PASS | X | X | X | Link0 |
44 | Outbound Padding (DES-CBC, HMAC-SHA1) | PASS | X | X | X | Link0 |
45 | Outbound Padding (DES-CBC, HMAC-SHA2-256) | FAIL, Why | X | X | X | Link0 |
46 | Outbound Padding (3DES-CBC, HMAC-MD5) | PASS | X | X | X | Link0 |
47 | Outbound Padding (3DES-CBC, HMAC-SHA1) | PASS | X | X | X | Link0 |
48 | Outbound Padding (3DES-CBC, HMAC-SHA2-256) | FAIL, Why | X | X | X | Link0 |
49 | Outbound Padding (RIJNDAEL-CBC, HMAC-MD5) | PASS | X | X | X | Link0 |
50 | Outbound Padding (RIJNDAEL-CBC, HMAC-SHA1) | PASS | X | X | X | Link0 |
51 | Outbound Padding (RIJNDAEL-CBC, HMAC-SHA2-256) | FAIL, Why | X | X | X | Link0 |
| ESP Outboud Sequence Counter Overflow |
|
|
|
|
|
52 | Sequence Counter Overflow check | SKIP | - | X | X | - |
| ESP Outbound Lifetime of SA |
|
|
|
|
|
53 | Lifetime of SA using time, ESP (NULL),ESP Authentication HMAC-MD5 | PASS | X | X | X | Link0 |
54 | Lifetime of SA using byte, ESP (NULL),ESP Authentication HMAC-MD5 | Not yet supported | X | X | X | Link0 |
| ESP Outbound Header Order |
|
|
|
|
|
55 | Header Order (Fragment Header vs ESP (NULL, HMAC-MD5) ) | FAIL, Why | X | X | X | Link0 |
56 | Header Order (Fragment Header vs ESP (NULL, HMAC-SHA1) ) | FAIL, Why | X | X | X | Link0 |
57 | Header Order (Fragment Header vs ESP (NULL, HMAC-SHA2-256) ) | FAIL, Why | X | X | X | Link0 |
| ESP Outbound Connect SA bundles |
|
|
|
|
|
58 | Connect two SA bundles with different spi, different IPdst, ESP (DES-CBC) | PASS | X | X | X | Link0 |
59 | Connect two SA bundles with different spi, different IPdst, ESP (3DES-CBC) | PASS | X | X | X | Link0 |
60 | Connect two SA bundles with different spi, different IPdst, ESP (RIJNDAEL-CBC) | PASS | X | X | X | Link0 |
61 | Connect two SA bundles with same spi, different IPdst, ESP (DES-CBC) | PASS | X | X | X | Link0 |
62 | Connect two SA bundles with same spi, different IPdst, ESP (3DES-CBC) | PASS | X | X | X | Link0 |
63 | Connect two SA bundles with same spi, different IPdst, ESP (RIJNDAEL-CBC) | PASS | X | X | X | Link0 |
| Host Transport ESP Inbound |
|
|
|
|
|
| ESP Inbound without authentication |
|
|
|
|
|
64 | Inbound ESP (DES-CBC) packet | PASS | X | X | X | Link0 |
65 | Inbound ESP (3DES-CBC) packet | PASS | X | X | X | Link0 |
66 | Inbound ESP (RIJNDAEL-CBC) packet | PASS | X | X | X | Link0 |
67 | Inbound ESP (DES-CBC) packet (Invalid Encryption Key) | PASS | X | X | X | Link0 |
68 | Inbound ESP (3DES-CBC) packet (Invalid Encryption Key) | PASS | X | X | X | Link0 |
69 | Inbound ESP (RIJNDAEL-CBC) packet (Invalid Encryption Key) | PASS | X | X | X | Link0 |
| ESP Inbound with authentication |
|
|
|
|
|
70 | Inbound ESP packet (NULL, HMAC-MD5) | FAIL, Why | X | X | X | Link0 |
71 | Inbound ESP packet (NULL, HMAC-SHA1) | FAIL, Why | X | X | X | Link0 |
72 | Inbound ESP packet (NULL, HMAC-SHA2-256) | FAIL, Why | X | X | X | Link0 |
73 | Inbound ESP packet (DES-CBC, HMAC-MD5) | PASS | X | X | X | Link0 |
74 | Inbound ESP packet (DES-CBC, HMAC-SHA1) | PASS | X | X | X | Link0 |
75 | Inbound ESP packet (DES-CBC, HMAC-SHA2-256) | FAIL, Why | X | X | X | Link0 |
76 | Inbound ESP packet (3DES-CBC, HMAC-MD5) | PASS | X | X | X | Link0 |
77 | Inbound ESP packet (3DES-CBC, HMAC-SHA1) | PASS | X | X | X | Link0 |
78 | Inbound ESP packet (3DES-CBC, HMAC-SHA2-256) | FAIL, Why | X | X | X | Link0 |
79 | Inbound ESP packet (RIJNDAEL-CBC, HMAC-MD5) | PASS | X | X | X | Link0 |
80 | Inbound ESP packet (RIJNDAEL-CBC, HMAC-SHA1) | PASS | X | X | X | Link0 |
81 | Inbound ESP packet (RIJNDAEL-CBC, HMAC-SHA2-256) | FAIL, Why | X | X | X | Link0 |
82 | Inbound ESP (DES-CBC, HMAC-MD5) packet (Invalid Authentication Key) | PASS | X | X | X | Link0 |
83 | Inbound ESP (DES-CBC, HMAC-SHA1) packet (Invalid Authentication Key) | PASS | X | X | X | Link0 |
84 | Inbound ESP (DES-CBC, HMAC-SHA2-256) packet (Invalid Authentication Key) | FAIL, Why | X | X | X | Link0 |
| ESP Inbound Padding |
|
|
|
|
|
85 | Inbound Padding (NULL, HMAC-MD5) | FAIL, Why | X | X | X | Link0 |
86 | Inbound Padding (NULL, HMAC-SHA1) | FAIL, Why | X | X | X | Link0 |
87 | Inbound Padding (NULL, HMAC-SHA2-256) | FAIL, Why | X | X | X | Link0 |
88 | Inbound Padding (DES-CBC, HMAC-MD5) | PASS | X | X | X | Link0 |
89 | Inbound Padding (DES-CBC, HMAC-SHA1) | PASS | X | X | X | Link0 |
90 | Inbound Padding (DES-CBC, HMAC-SHA2-256) | FAIL, Why | X | X | X | Link0 |
91 | Inbound Padding (3DES-CBC, HMAC-MD5) | PASS | X | X | X | Link0 |
92 | Inbound Padding (3DES-CBC, HMAC-SHA1) | PASS | X | X | X | Link0 |
93 | Inbound Padding (3DES-CBC, HMAC-SHA2-256) | FAIL, Why | X | X | X | Link0 |
94 | Inbound Padding (RIJNDAEL-CBC, HMAC-MD5) | PASS | X | X | X | Link0 |
95 | Inbound Padding (RIJNDAEL-CBC, HMAC-SHA1) | PASS | X | X | X | Link0 |
96 | Inbound Padding (RIJNDAEL-CBC, HMAC-SHA2-256) | FAIL, Why | X | X | X | Link0 |
97 | Padding Length is 255 (max), ESP (DES-CBC) | PASS | X | X | X | Link0 |
98 | Padding Length is 255 (max), ESP (3DES-CBC) | PASS | X | X | X | Link0 |
99 | Padding Length is 255 (max), ESP (RIJNDAEL-CBC) | PASS | X | X | X | Link0 |
100 | Invalid Padding, ESP(DES-CBC) | PASS | X | X | X | Link0 |
101 | Invalid Padding, ESP(3DES-CBC) | PASS | X | X | X | Link0 |
102 | Invalid Padding, ESP(RIJNDAEL-CBC) | PASS | X | X | X | Link0 |
| ESP Inbound Anti-Replay Window |
|
|
|
|
|
103 | Duplicate Sequence Number check | FAIL, Why | X | X | X | Link0 |
104 | Sliding receive window check | FAIL, Why | X | X | X | Link0 |
105 | Expand or shift Receive Window | - | X | X | X | Link0 |
| ESP Inbound Lifetime of SA |
|
|
|
|
|
106 | Lifetime of SA using time, ESP (NULL),ESP Authentication HMAC-MD5 | PASS | X | X | X | Link0 |
107 | Lifetime of SA using byte, ESP (NULL),ESP Authentication HMAC-MD5 | Not yet supported | X | X | X | Link0 |
| ESP Inbound Header Order |
|
|
|
|
|
108 | Header Order (Fragment Header vs ESP (NULL, HMAC-MD5)) | FAIL, Why | X | X | X | Link0 |
109 | Header Order (Fragment Header vs ESP (NULL, HMAC-SHA1)) | FAIL, Why | X | X | X | Link0 |
110 | Header Order (Fragment Header vs ESP (NULL, HMAC-SHA2-256)) | FAIL, Why | X | X | X | Link0 |
| ESP Inbound Connect SA bundles |
|
|
|
|
|
111 | Connect two SA bundles with different spi, different IPsrc, ESP (DES-CBC) | PASS | X | X | X | Link0 |
112 | Connect two SA bundles with different spi, different IPsrc, ESP (3DES-CBC) | PASS | X | X | X | Link0 |
113 | Connect two SA bundles with different spi, different IPsrc, ESP (RIJNDAEL-CBC) | PASS | X | X | X | Link0 |
114 | Connect two SA bundles with different spi, same IPsrc, ESP (DES-CBC) | PASS | X | X | X | Link0 |
115 | Connect two SA bundles with different spi, same IPsrc, ESP (3DES-CBC) | PASS | X | X | X | Link0 |
116 | Connect two SA bundles with different spi, same IPsrc, ESP (RIJNDAEL-CBC) | PASS | X | X | X | Link0 |
| Host Transport AH-ESP Outbound |
|
|
|
|
|
117 | Outbound AH-ESP combination | FAIL, Why | X | X | X | Link0 |
| Host Transport AH-ESP Inbound |
|
|
|
|
|
118 | Inbound AH-ESP combination | FAIL, Why | X | X | X | Link0 |
| Host Transport Common Outbound |
|
|
|
|
|
119 | Select SPD entry (policy=discard,none) | FAIL, Why | X | X | X | Link0 |
120 | Select SPD entry (policy=discard,none), ESP (DES-CBC) | PASS | X | X | X | Link0 |
121 | Select SPD entry (policy=discard,none), ESP (3DES-CBC) | PASS | X | X | X | Link0 |
122 | Select SPD entry (policy=discard,none), ESP(RIJNDAEL-CBC) | PASS | X | X | X | Link0 |
| Host Transport Common Inbound |
|
|
|
|
|
| Inbound Connect SA bundles |
|
|
|
|
|
123 | Connect two SA bundles with same spi, same IPsrc, different protocol | FAIL, Why | X | X | X | Link0 |
124 | Select SPD entry (policy=discard,none), AH (HMAC-MD5) | PASS | X | X | X | Link0 |
125 | Select SPD entry (policy=discard,none), ESP (DES-CBC) | PASS | X | X | X | Link0 |
126 | Select SPD entry (policy=discard,none), ESP (3DES-CBC) | PASS | X | X | X | Link0 |
127 | Select SPD entry (policy=discard,none), ESP (RIJNDAEL-CBC) | PASS | X | X | X | Link0 |
| Router Tunnel Mode |
|
|
|
|
|
| Initialize for Router |
|
|
|
|
|
128 | Set Global Address and Check (Router) | Router Only | X | X | X | Link0 Link1 |
| Router Tunnel AH Outbound |
|
|
|
|
|
| Router Tunnel AH Outbound with authentication |
|
|
|
|
|
129 | Outbound AH packet (HMAC-MD5) | Router Only | X | X | X | Link0 Link1 |
130 | Outbound AH packet (HMAC-SHA1) | Router Only | X | X | X | Link0 Link1 |
| Router Tunnel AH Outbound Connect SA bundles |
|
|
|
|
|
131 | Connect two SA bundles with different spi, different IPdst | Router Only | X | X | X | Link0 Link1 |
132 | Connect two SA bundles with same spi, different IPdst | Router Only | X | X | X | Link0 Link1 |
| Router Tunnel AH Inbound |
|
|
|
|
|
| Router Tunnel AH Inbound with authentication |
|
|
|
|
|
133 | Inbound AH Tunnel packet (with SPD entry) | Router Only | X | X | X | Link0 Link1 |
134 | Inbound AH packet (HMAC-MD5) | Router Only | X | X | X | Link0 Link1 |
135 | Inbound AH packet (HMAC-SHA1) | Router Only | X | X | X | Link0 Link1 |
| Router Tunnel AH Inbound Header Order |
|
|
|
|
|
136 | Header Order (Destination Options Header vs AH) | Router Only | X | X | X | Link0 Link1 |
| Router Tunnel AH Inbound Connect SA bundles |
|
|
|
|
|
137 | Connect two SA bundles with different spi, different IPsrc | Router Only | X | X | X | Link0 Link1 |
138 | Connect two SA bundles with different spi, same IPsrc | Router Only | X | X | X | Link0 Link1 |
| Router Tunnel AH Inbound, Detect modification of packet with AH |
|
|
|
|
|
139 | Detect modification of IPv6 header IP dst address with AH | Router Only | X | X | X | Link0 Link1 |
140 | Detect modification of IPv6 header IP src address with AH | Router Only | X | X | X | Link0 Link1 |
141 | Undetect modification of IPv6 header hoplimit with AH | Router Only | X | X | X | Link0 Link1 |
142 | Detect modification of IPv6 header IP dst address with Routing header and AH | Router Only | X | X | X | Link0 Link1 |
143 | Detect modification of Routing header "last router address" with AH | Router Only | X | X | X | Link0 Link1 |
144 | Detect modification of DstOpt header option type before AH | Router Only | X | X | X | Link0 Link1 |
145 | Detect modification of DstOpt header option len before AH | Router Only | X | X | X | Link0 Link1 |
146 | Detect modification of DstOpt header option data before AH | Router Only | X | X | X | Link0 Link1 |
147 | Detect modification of HBHOpt header option type with AH | Router Only | X | X | X | Link0 Link1 |
148 | Detect modification of HBHOpt header option len with AH | Router Only | X | X | X | Link0 Link1 |
149 | Detect modification of HBHOpt header option data with AH | Router Only | X | X | X | Link0 Link1 |
150 | Detect modification of inner IPv6 header hoplimit of AH tunnel | Router Only | X | X | X | Link0 Link1 |
151 | Detect modification of inner payload of AH tunnel | Router Only | X | X | X | Link0 Link1 |
| Router Tunnel ESP Outbound |
|
|
|
|
|
| ESP Outbound without authentication |
|
|
|
|
|
152 | Outbound ESP packet (DES-CBC) | Router Only | X | X | X | Link0 Link1 |
153 | Outbound ESP packet (3DES-CBC) | Router Only | X | X | X | Link0 Link1 |
| ESP Outbound with authentication |
|
|
|
|
|
154 | Outbound ESP packet (NULL, HMAC-MD5) | Router Only | X | X | X | Link0 Link1 |
155 | Outbound ESP packet (NULL, HMAC-SHA1) | Router Only | X | X | X | Link0 Link1 |
156 | Outbound ESP packet (DES-CBC, HMAC-MD5) | Router Only | X | X | X | Link0 Link1 |
157 | Outbound ESP packet (DES-CBC, HMAC-SHA1) | Router Only | X | X | X | Link0 Link1 |
158 | Outbound ESP packet (3DES-CBC, HMAC-MD5) | Router Only | X | X | X | Link0 Link1 |
159 | Outbound ESP packet (3DES-CBC, HMAC-SHA1) | Router Only | X | X | X | Link0 Link1 |
| ESP Outbound Padding |
|
|
|
|
|
160 | Outbound Padding (NULL, HMAC-MD5) | Router Only | X | X | X | Link0 Link1 |
161 | Outbound Padding (DES-CBC, HMAC-MD5) | Router Only | X | X | X | Link0 Link1 |
162 | Outbound Padding (3DES-CBC, HMAC-MD5) | Router Only | X | X | X | Link0 Link1 |
| ESP Outbound Connect SA bundles |
|
|
|
|
|
163 | Connect two SA bundles with different spi, different IPdst | Router Only | X | X | X | Link0 Link1 |
164 | Connect two SA bundles with same spi, different IPdst | Router Only | X | X | X | Link0 Link1 |
| Router Tunnel ESP Inbound |
|
|
|
|
|
165 | Inbound ESP Tunnel packet (with SPD entry) | Router Only | X | X | X | Link0 Link1 |
| ESP Inbound without authentication |
|
|
|
|
|
166 | Inbound ESP packet (DES-CBC) | Router Only | X | X | X | Link0 Link1 |
167 | Inbound ESP packet (3DES-CBC) | Router Only | X | X | X | Link0 Link1 |
168 | Inbound ESP packet (Invalid Encryption Key) | Router Only | X | X | X | Link0 Link1 |
| ESP Inbound with authentication |
|
|
|
|
|
169 | Inbound ESP packet (NULL, HMAC-MD5) | Router Only | X | X | X | Link0 Link1 |
170 | Inbound ESP packet (NULL, HMAC-SHA1) | Router Only | X | X | X | Link0 Link1 |
171 | Inbound ESP packet (DES-CBC, HMAC-MD5) | Router Only | X | X | X | Link0 Link1 |
172 | Inbound ESP packet (DES-CBC, HMAC-SHA1) | Router Only | X | X | X | Link0 Link1 |
173 | Inbound ESP packet (3DES-CBC, HMAC-MD5) | Router Only | X | X | X | Link0 Link1 |
174 | Inbound ESP packet (3DES-CBC, HMAC-SHA1) | Router Only | X | X | X | Link0 Link1 |
175 | Inbound ESP packet (Invalid Authentication Key) | Router Only | X | X | X | Link0 Link1 |
| Router Tunnel ESP Inbound Header Order |
|
|
|
|
|
176 | Header Order (Destination Options Header vs ESP) | Router Only | X | X | X | Link0 Link1 |
| ESP Inbound Padding |
|
|
|
|
|
177 | Inbound Padding (NULL, HMAC-MD5) | Router Only | X | X | X | Link0 Link1 |
178 | Inbound Padding (DES-CBC, HMAC-MD5) | Router Only | X | X | X | Link0 Link1 |
179 | Inbound Padding (3DES-CBC, HMAC-MD5) | Router Only | X | X | X | Link0 Link1 |
180 | Padding Length is 255 (max) | Router Only | X | X | X | Link0 Link1 |
181 | Invalid Padding | Router Only | X | X | X | Link0 Link1 |
| ESP Inbound Connect SA bundles |
|
|
|
|
|
182 | Connect two SA bundles with different spi, different IPsrc | Router Only | X | X | X | Link0 Link1 |
183 | Connect two SA bundles with different spi, same IPsrc | Router Only | X | X | X | Link0 Link1 |
| Router Tunnel Common Inbound |
|
|
|
|
|
| Inbound Connect SA bundles |
|
|
|
|
|
184 | Connect two SA bundles with same spi, same IPsrc, different protocol | Router Only | X | X | X | Link0 Link1 |