HTR_C_Out_SPD_discard_none - Host Common Outbound, Select SPD entry (policy=discard,none), AH (HMAC-MD5)
Host
HTR_C_Out_SPD_discard_none.seq [-tooloption ...] -pkt HTR_A_SPD_discard_none.def
-tooloption : v6eval tool option
See also HTR_common.def
For details of Network Topology, see 00README
Set NUT's SAD and SPD as following:
NET5 NET3
HOST1_NET5 -+ Router -- NUT
<---policy=discard--
|
HOST2_NET5 -+
<---policy=none-----
Security Association Database (SAD)
| source address | NUT_NET3 |
| destination address | HOST1_NET5 |
| SPI | 0x1000 |
| mode | transport |
| protocol | AH |
| AH algorithm | HMAC-MD5 |
| AH algorithm key | TAHITEST89ABCDEF |
Security Policy Database (SPD) for policy=discard
| source address | NUT_NET3 |
| destination address | HOST1_NET5 |
| upper spec | any |
| direction | out |
| policy | discard |
Security Association Database (SAD)
| source address | NUT_NET3 |
| destination address | HOST2_NET5 |
| SPI | 0x1000 |
| mode | transport |
| protocol | AH |
| AH algorithm | HMAC-SHA1 |
| AH algorithm key | foo0foo1foo2foo3 |
Security Policy Database (SPD) for policy=discard
| source address | NUT_NET3 |
| destination address | HOST2_NET5 |
| upper spec | any |
| direction | out |
| policy | none |
Tester Target | | Subtest No.1 "Disard the packet if policy=discard" |-------------------------->| | ICMP Echo Request | | for policy=discard | | | |(<------------------------)| | No Reply | | Judgement #1 | | | Subtest No.2 "Pass the packet without IPsec process if policy=none" | | |-------------------------->| | ICMP Echo Request | | for policy=none | | | |<--------------------------| | ICMP Echo Reply | | Judgement #2 | | | v v
ICMP Echo Request for policy=discard
| IP Header | Source Address | HOST1_NET5 |
| Destination Address | NUT_NET3 | |
| ICMP | Type | 128 (Echo Request) |
ICMP Echo Request for policy=none
| IP Header | Source Address | HOST2_NET5 |
| Destination Address | NUT_NET3 | |
| ICMP | Type | 128 (Echo Request) |
ICMP Echo Reply
| IP Header | Source Address | NUT_NET3 |
| Destination Address | HOST2_NET5 | |
| ICMP | Type | 129 (Echo Reply) |
Judgement #1:
No Reply
Judgement #2:
ICMP Echo Reply received
perldoc V6evalTool
IPSEC.html IPsec Test Common Utility