NAME

        rfc2766_5.3.1_checksum_tcp_udp.seq - Verify IPv6 <-> IPv4 header 
        translation in accordance with RFC2766 [NATPT]


TARGET

        Router


SYNOPSIS

        rfc2766_5.3.1_checksum_tcp_udp.seq [-tooloption ...] 
        -p rfc2766_5.3.1_checksum_tcp_udp.def


INITIALIZATION

	Before this test starts, run initialize_natpt.seq.


TEST PROCEDURE

        This test verifies that NUT adjusts header checksum for UDP packets.
        
        Network Topology

        Link0
        --------------------------
            |               |
           TN              NUT
            |               |
        --------------------------
        Link1

        TN -- (Link0) -- NUT        NUT -- (Link1) -- TN
        
        ---------------------      ------------------------

        1.1.
                                   <===================
        IPv4 UDP packet
                IPv4 Header
                        src address : TN LINK1 IPv4 address
                        dst address : TN LINK0 IPv4 address
                        DF = 1
                UDP packet
                        Checksum including IPv4 pseudo header
                        data = repeat(0xff,128)
        1.2.
        <<JUDGMENT>>
        <===================
        IPv6 UDP packet
                IPv6 Header
                        src address : TN LINK1 IPv4 embedded IPv6 address
                        dst address : TN LINK0 IPv4 embedded IPv6 address
                UDP packet
                        Checksum including IPv6 pseudo header
                        data = repeat(0xff,128)

        2.1.
                                   <===================
        IPv4 UDP packet
                IPv4 Header
                        src address : TN LINK1 IPv4 address
                        dst address : TN LINK0 IPv4 address
                        DF = 1
                UDP packet
                        Checksum = 0xffff (zero checksum)
                        data = repeat(0xff,128)
        2.2.
        <<JUDGMENT>>
        <===================
        IPv6 UDP packet
                IPv6 Header
                        src address : TN LINK1 IPv4 embedded IPv6 address
                        dst address : TN LINK0 IPv4 embedded IPv6 address
                UDP packet
                        Checksum including IPv6 pseudo header
                        data = repeat(0xff,128)

        3.1.
                                   <===================
        IPv4 UDP packet
                IPv4 Header
                        src address : TN LINK1 IPv4 address
                        dst address : TN LINK0 IPv4 address
                        MF = 1
                UDP packet
                        Checksum for full UDP packet, including pseudo header
                        data = repeat(0xff,64)
        3.2.
        <<JUDGMENT>>
        <===================
        IPv6 UDP packet
                IPv6 Header
                        src address : TN LINK1 IPv4 embedded IPv6 address
                        dst address : TN LINK0 IPv4 embedded IPv6 address
                Fragment Header
                        More fragments = 1
                UDP packet
                        Checksum including IPv6 pseudo header
                        data = repeat(0xff,64)

        4.1.
                                   <===================
        IPv4 UDP packet
                IPv4 Header
                        src address : TN LINK1 IPv4 address
                        dst address : TN LINK0 IPv4 address
                        MF = 0
                        Protocol = 17
                Payload
                        data = repeat(0xff,64)
        4.2.
        <<JUDGMENT>>
        <===================
        IPv6 UDP packet
                IPv6 Header
                        src address : TN LINK1 IPv4 embedded IPv6 address
                        dst address : TN LINK0 IPv4 embedded IPv6 address
                Fragment Header
                        More fragments = 0
                        NextHeader = 17
                Payload
                        data = repeat(0xff,64)

        5.1.
                                   <===================
        IPv4 UDP packet
                IPv4 Header
                        src address : TN LINK1 IPv4 address
                        dst address : TN LINK0 IPv4 address
                        MF = 1
                UDP packet
                        Checksum = 0xffff (zero checksum)
                        data = repeat(0xff,64)
        5.2.
        <<JUDGMENT>>
                No packet is received

        6.1.
                                   <===================
        IPv4 UDP packet
                IPv4 Header
                        src address : TN LINK1 IPv4 address
                        dst address : TN LINK0 IPv4 address
                        MF = 0
                        Protocol = 17
                Payload
                        data = repeat(0xff,64)
        6.2.1
        <<JUDGMENT PASS>>
        RFC2766(NAT-PT) 5.3.1 (TCP/UDP/ICMP Checksum Update from IPv4 to IPv6):
               If a V4 UDP packet with a checksum of zero arrives in
               fragments, NAT-PT MUST await all the fragments until they can
               be assembled into a single non-fragmented packet
        <===================
        IPv6 UDP packet
                IPv6 Header
                        src address : TN LINK1 IPv4 embedded IPv6 address
                        dst address : TN LINK0 IPv4 embedded IPv6 address
                Fragment Header
                        More fragments = 0
                        NextHeader = 17
                UDP packet
                        Checksum including IPv6 pseudo header
                        data = repeat(0xff,128)

        6.2.2
        <<JUDGMENT WARN>>
        RFC2765(SIIT), 3.2 (UDP packets with checksum zero):
               First fragment SHOULD be dropped (and logged internally).
               Following fragments SHOULD be dropped silently. 
               (But are, in a stateless translator, near impossible to 
               recognize, and are therefore translated normally.)
        <===================
        IPv6 UDP packet
                IPv6 Header
                        src address : TN LINK1 IPv4 embedded IPv6 address
                        dst address : TN LINK0 IPv4 embedded IPv6 address
                Fragment Header
                        More fragments = 0
                        NextHeader = 17
                Payload
                        data = repeat(0xff,64)

        6.2.3
        <<JUDGMENT WARN>>
        RFC2765(SIIT), 3.2 (UDP packets with checksum zero):
               First fragment SHOULD be dropped (and logged internally).
               Following fragments SHOULD be dropped silently.
        <===================
                No packet is received

        7.1.
                                   <===================
        IPv4 TCP packet
                IPv4 Header
                        src address : TN LINK1 IPv4 address
                        dst address : TN LINK0 IPv4 address
                        DF = 1
                TCP packet
                        Checksum including IPv4 pseudo header
                        data = repeat(0xff,128)
        7.2.
        <<JUDGMENT>>
        <===================
        IPv6 TCP packet
                IPv6 Header
                        src address : TN LINK1 IPv4 embedded IPv6 address
                        dst address : TN LINK0 IPv4 embedded IPv6 address
                TCP packet
                        Checksum including IPv6 pseudo header
                        data = repeat(0xff,128)

        8.1.
                                   <===================
        IPv4 TCP packet
                IPv4 Header
                        src address : TN LINK1 IPv4 address
                        dst address : TN LINK0 IPv4 address
                        MF = 1
                TCP packet
                        Checksum including IPv4 pseudo header
                        data = repeat(0xff,64)
        8.2.
        <<JUDGMENT>>
        <===================
        IPv6 TCP packet
                IPv6 Header
                        src address : TN LINK1 IPv4 embedded IPv6 address
                        dst address : TN LINK0 IPv4 embedded IPv6 address
                Fragment Header
                        More fragments = 1
                TCP packet
                        Checksum including IPv6 pseudo header
                        data = repeat(0xff,64)

        9.1.
                                   <===================
        IPv4 TCP packet
                IPv4 Header
                        src address : TN LINK1 IPv4 address
                        dst address : TN LINK0 IPv4 address
                        MF = 0
                Payload
                        data = repeat(0xff,64)
        9.2.
        <<JUDGMENT>>
        <===================
        IPv6 TCP packet
                IPv6 Header
                        src address : TN LINK1 IPv4 embedded IPv6 address
                        dst address : TN LINK0 IPv4 embedded IPv6 address
                Fragment Header
                        More fragments = 0
                Payload
                        data = repeat(0xff,64)


JUDGMENT

        << PASS >>
                NUT adjusts header checksum for UDP/TCP packets with 
                checksum and recalculates it for UDP packets with
                zero checksum.
                Fragmented UDP packets with zero checksum are reassembled
                at NUT and the checksum is calculated.
                
        << WARN >> 
                NUT follows RFC2765, 3.2 instead of RFC2766, 5.3.1 when 
                handling fragmented V4 UDP packets with a checksum of zero.

        << FAIL >>      
                NUT send UDP packets with wrong checksum, or doesn't drop
                fragmented UDP with zero checksum.


NOTE


REFERENCE

RFC2766

5.3.1 TCP/UDP/ICMP Checksum Update from IPv4 to IPv6

   UDP checksums, when set to a non-zero value, and TCP checksum SHOULD
   be recalculated to reflect the address change from v4 to v6. The
   incremental checksum adjustment algorithm may be borrowed from [NAT].
   In the case of NAPT-PT, TCP/UDP checksum should be adjusted to
   account for the address and TCP/UDP port changes, going from V4 to V6
   address.

   When the checksum of a V4 UDP packet is set to zero, NAT-PT MUST
   evaluate the checksum in its entirety for the V6-translated UDP
   packet. If a V4 UDP packet with a checksum of zero arrives in
   fragments, NAT-PT MUST await all the fragments until they can be
   assembled into a single non-fragmented packet and evaluate the
   checksum prior to forwarding the translated V6 UDP packet.

RFC2765

3.2. Translating UDP over IPv4

   If a UDP packet has a zero UDP checksum then a valid checksum must be
   calculated in order to translate the packet.  A stateless translator
   can not do this for fragmented packets but [MILLER] indicates that
   fragmented UDP packets with a zero checksum appear to only be used
   for malicious purposes.  Thus this is not believed to be a noticeable
   limitation.

   When a translator receives the first fragment of a fragmented UDP
   IPv4 packet and the checksum field is zero the translator SHOULD drop
   the packet and generate a system management event specifying at least
   the IP addresses and port numbers in the packet.  When it receives
   fragments other than the first it SHOULD silently drop the packet,
   since there is no port information to log.


SEE ALSO

        perldoc V6evalTool