NAME

  HTR_A_In_DM_HBHH_opttype - Host Transport Mode AH Inbound, Detect modification of HBHOpt header option type with AH

TARGET

  Host

INITIALIZATION

For details of Network Topology, see 00README

Set NUT's SAD and SPD as following: 

              NET5      NET3
    HOST1_NET5 -- Router -- NUT
         -----transport----->

Security Association Database (SAD)

source address HOST1_NET5
destination address NUT_NET3
SPI 0x1000
mode transport
protocol AH
AH algorithm HMAC-MD5
AH algorithm key TAHITEST89ABCDEF

Security Policy Database (SPD)

source address HOST1_NET5
destination address NUT_NET3
upper spec any
direction in
protocol AH
mode transport

TEST PROCEDURE

 Tester                      Target
   |                           |
 Subtest No.1 "option bit 000: option type is immutable"
   |                           |
   |-------------------------->|
   |      ICMP Echo Request    |
   |      with [HBHH][AH]      |
   |                           |
   |<--------------------------|
   |      ICMP Echo Reply      |
   |        Judgement #1       |
   |                           |
   |-------------------------->|
   |      ICMP Echo Request    |
   |      with [HBHH][AH]      |
   |  (option type of HBHH is modified 0x02->0x22)
   |                           |
   | (<----------------------) |
   |     No ICMP Echo Reply    |
   |        Judgement #2       |
   v                           v
 Subtest No.2 "option bit 001: option type is immutable"
   |                           |
   |-------------------------->|
   |      ICMP Echo Request    |
   |      with [HBHH][AH]      |
   |  (option type of HBHH is modified 0x22->0x23)
   |                           |
   | (<----------------------) |
   |     No ICMP Echo Reply    |
   |        Judgement #3       |
   |                           |
   v                           v

ICMP Echo Request with [HBHH][AH]

IP Header Source Address HOST1_NET5
Destination Address NUT_NET3
HopByHop Options Header Type 0x02
Data Length 4
Data 0x0f0f0000
AH SPI 0x1000
Sequence Number 1
Algorithm HMAC-MD5
Key TAHITEST89ABCDEF
ICMP Type 128 (Echo Request)

ICMP Echo Reply

IP Header Source Address NUT_NET3
Destination Address HOST1_NET5
ICMP Type 129 (Echo Reply)

ICMP Echo Request with [HBHH][AH] (option type of HBHH is modified 0x02->0x22)

IP Header Source Address HOST1_NET5
Destination Address NUT_NET3
HopByHop Options Header Type 0x22 (0x02 is original)
Data Length 4
Data 0x0f0f0000
AH SPI 0x1000
Sequence Number 1
Algorithm HMAC-MD5
Key TAHITEST89ABCDEF
ICMP Type 128 (Echo Request)

ICMP Echo Request with [HBHH][AH] (option type of HBHH is modified 0x22->0x23)

IP Header Source Address HOST1_NET5
Destination Address NUT_NET3
HopByHop Options Header Type 0x23 (0x22 is original)
Data Length 4
Data 0x0f0f0000
AH SPI 0x1000
Sequence Number 1
Algorithm HMAC-MD5
Key TAHITEST89ABCDEF
ICMP Type 128 (Echo Request)

JUDGMENT

  Judgement #1:
      Receive ICMP Echo Reply (MUST)
  Judgement #2:
      Receive nothing (MUST)
  Judgement #3:
      Receive nothing (MUST)

SEE ALSO

  perldoc V6evalTool

  IPSEC.html IPsec Test Common Utility