NAME

hostRecvRedirectInvalid - Verifying invalid redirects vs neighbor cache entry


TARGET

Host only


SYNOPSIS

  hostRecvRedirectInvalid.seq [-tooloption ...] -p hostRecvRedirectInvalid.def


INITIALIZATION

  1. Clear NC state for TN.
  2. Set R1 as the default router, and its state to REACHABLE.

  TN                 NUT
  ----------------------

State: NONCE (for R1, TN)
==== unsolicited RA ===> src=R1's link-local dst=all-node M=0, O=0 RouterLifetime=600 ReachableTime=0 RetransTimer=0 w/ SLLA Prefix Option: L=1, A=1 ValidLifetime=2592000 PreferredLifetime=604800 Prefix=3ffe:501:ffff:100::/64
State: STALE (for R1), NONCE (for TN)
==== solicited NA ===> src=R1's link-local dst=NUT's link-local R=1, S=1, O=1 target=R1's link-local TLLA=R1's LLA
State: REACHABLE (for R1), NONCE (for TN)
Wait (3 sec) for DAD NS


TEST PROCEDURE

hostRecvRedirectInvalid verifies that no neighbor cache entry is created with invalid redirect messages.

  TN               NUT
  ----------------------

State: REACHABLE (for R1), NONCE (for TN)
==== invalid redirect ===> ICMP Target=TN's link-local
Judgment: Examining NUT's neighbor cache state is NONCE


JUDGMENT


 1. Invalid redirect messages

8.1. Validation of Redirect Messages
A host MUST silently discard any received Redirect message that does not satisfy all of the following validity checks:
- IP Source Address is a link-local address. Routers must use their link-local address as the source for Router Advertisement and Redirect messages so that hosts can uniquely identify routers.
- The IP Hop Limit field has a value of 255, i.e., the packet could not possibly have been forwarded by a router.
- If the message includes an IP Authentication Header, the message authenticates correctly.
- ICMP Checksum is valid.
- ICMP Code is 0.
- ICMP length (derived from the IP length) is 40 or more octets.
- The IP source address of the Redirect is the same as the current first-hop router for the specified ICMP Destination Address.
- The ICMP Destination Address field in the redirect message does not contain a multicast address.
- The ICMP Target Address is either a link-local address (when redirected to a router) or the same as the ICMP Destination Address (when redirected to the on-link destination).
- All included options have a length that is greater than zero.
================+================+=========+====+========+==========+===============+=========== IP |ICMP |NC state ----------------+----------------+---------+----+--------+----------+---------------+-----+----- Src |Dst |Hop Limit|Code|Chksum |Dst |Target |Now |New ================+================+=========+====+========+==========+===============+=========== *R1's global |NUT's link-local|255 |0 |valid |off-link |TN's link-local|NONCE|NONCE ----------------+----------------+---------+----+--------+----------+---------------+-----+---- R1's link-local |NUT's link-local|*!=255 |0 |valid |off-link |TN's link-local|NONCE|NONCE ----------------+----------------+---------+----+--------+----------+---------------+-----+----- R1's link-local |NUT's link-local|255 |*!=0|valid |off-link |TN's link-local|NONCE|NONCE ----------------+----------------+---------+----+--------+----------+---------------+-----+----- R1's link-local |NUT's link-local|255 |0 |*invalid|off-link |TN's link-local|NONCE|NONCE ----------------+----------------+---------+----+--------+----------+---------------+-----+----- R1's link-local |NUT's link-local|255 |0 |valid |*multicast|TN's link-local|NONCE|NONCE ----------------+----------------+---------+----+--------+----------+---------------+-----+----- *R2's link-local|NUT's link-local|255 |0 |valid |off-link |TN's link-local|NONCE|NONCE ----------------+----------------+---------+----+--------+----------+---------------+-----+----- R1's link-local |NUT's link-local|255 |0 |valid |*off-link |*TN's global |NONCE|NONCE ================+================+=========+====+========+==========+===============+===========


TERMINATION

  Send RA with RouterLifetime=0 to clear the Default Router List.


NOTE

  The test does not invoke any remote command.


SEE ALSO

  perldoc V6evalTool
  perldoc V6evalRemote