HTR_A_In_DM_DSTH_opttype - Host Transport Mode AH Inbound, Detect modification of DstOpt header option type before AH
Host
HTR_A_In_DM_DSTH_opttype.seq [-tooloption ...] -pkt HTR_A_DM_DSTH_opttype.def
-tooloption : v6eval tool option
See also HTR_A_common.def and HTR_common.def
For details of Network Topology, see 00README
Set NUT's SAD and SPD as following:
NET5 NET3
HOST1_NET5 -- Router -- NUT
-----transport----->
Security Association Database (SAD)
| source address | HOST1_NET5 |
| destination address | NUT_NET3 |
| SPI | 0x1000 |
| mode | transport |
| protocol | AH |
| AH algorithm | HMAC-MD5 |
| AH algorithm key | TAHITEST89ABCDEF |
Security Policy Database (SPD)
| source address | HOST1_NET5 |
| destination address | NUT_NET3 |
| upper spec | any |
| direction | in |
| protocol | AH |
| mode | transport |
Tester Target | | Subtest No.1 "option bit 000: option type is immutable" | | |-------------------------->| | ICMP Echo Request | | with [DSTH][AH] | | | |<--------------------------| | ICMP Echo Reply | | Judgement #1 | | | |-------------------------->| | ICMP Echo Request | | with [DSTH][AH] | | (option type of DSTH is modified 0x02->0x22) | | | (<----------------------) | | No ICMP Echo Reply | | Judgement #2 | v v Subtest No.2 "option bit 001: option type is immutable" | | |-------------------------->| | ICMP Echo Request | | with [DSTH][AH] | | (option type of DSTH is modified 0x22->0x23) | | | (<----------------------) | | No ICMP Echo Reply | | Judgement #3 | | | v v
ICMP Echo Request with [DSTH][AH]
| IP Header | Source Address | HOST1_NET5 |
| Destination Address | NUT_NET3 | |
| Destination Options Header | Type | 0x02 |
| Data Length | 4 | |
| Data | 0x0f0f0000 | |
| AH | SPI | 0x1000 |
| Sequence Number | 1 | |
| Algorithm | HMAC-MD5 | |
| Key | TAHITEST89ABCDEF | |
| ICMP | Type | 128 (Echo Request) |
ICMP Echo Reply
| IP Header | Source Address | NUT_NET3 |
| Destination Address | HOST1_NET5 | |
| ICMP | Type | 129 (Echo Reply) |
ICMP Echo Request with [DSTH][AH] (option type of DSTH is modified 0x02->0x22)
| IP Header | Source Address | HOST1_NET5 |
| Destination Address | NUT_NET3 | |
| Destination Options Header | Type | 0x22 (0x02 is original) |
| Data Length | 4 | |
| Data | 0x0f0f0000 | |
| AH | SPI | 0x1000 |
| Sequence Number | 1 | |
| Algorithm | HMAC-MD5 | |
| Key | TAHITEST89ABCDEF | |
| ICMP | Type | 128 (Echo Request) |
ICMP Echo Request with [DSTH][AH] (option type of DSTH is modified 0x22->0x23)
| IP Header | Source Address | HOST1_NET5 |
| Destination Address | NUT_NET3 | |
| Destination Options Header | Type | 0x23 (0x22 is original) |
| Data Length | 4 | |
| Data | 0x0f0f0000 | |
| AH | SPI | 0x1000 |
| Sequence Number | 1 | |
| Algorithm | HMAC-MD5 | |
| Key | TAHITEST89ABCDEF | |
| ICMP | Type | 128 (Echo Request) |
Judgement #1:
Receive ICMP Echo Reply (MUST)
Judgement #2:
Receive nothing (MUST)
Judgement #3:
Receive nothing (MUST)
perldoc V6evalTool
IPSEC.html IPsec Test Common Utility