HTR_A_In_DM_RH_ipv6h_dst - Host Transport Mode AH Inbound, Detect modification of IPv6 header IP dst address with Routing header and AH
Host
For details of Network Topology, see 00README
Set NUT's SAD and SPD as following:
NET5 NET3
HOST1_NET5 -- Router -- NUT
-----transport----->
Security Association Database (SAD)
| source address | HOST1_NET5 |
| destination address | NUT_NET3 |
| SPI | 0x1000 |
| mode | transport |
| protocol | AH |
| AH algorithm | HMAC-MD5 |
| AH algorithm key | TAHITEST89ABCDEF |
Security Policy Database (SPD)
| source address | HOST1_NET5 |
| destination address | NUT_NET3 |
| upper spec | any |
| direction | in |
| protocol | AH |
| mode | transport |
Tester Target | | |-------------------------->| | ICMP Echo Request | | with [RH][AH] | | | |<--------------------------| | ICMP Echo Reply | | Judgement #1 | | | |-------------------------->| | ICMP Echo Request | | with [RH][AH] | | (IPdst of IPv6H is modified) | | | (<----------------------) | | No ICMP Echo Reply | | Judgement #2 | | | v v
ICMP Echo Request with [RH][AH]
| IP Header | Source Address | HOST1_NET5 |
| Destination Address | NUT_NET3 | |
| RH | Routing Type | 0 |
| Address | ROUTER_NET5 | |
| AH | SPI | 0x1000 |
| Sequence Number | 2 | |
| Algorithm | HMAC-MD5 | |
| Key | TAHITEST89ABCDEF | |
| ICMP | Type | 128 (Echo Request) |
ICMP Echo Reply
| IP Header | Source Address | NUT_NET3 |
| Destination Address | HOST1_NET5 | |
| ICMP | Type | 129 (Echo Reply) |
ICMP Echo Request with [RH][AH] (IPdst of IPv6H is modified)
| IP Header | Source Address | HOST1_NET5 |
| Destination Address | NUT_NET3 (HOST1_NET3 is original) | |
| RH | Routing Type | 0 |
| Address | ROUTER_NET5 | |
| AH | SPI | 0x1000 |
| Sequence Number | 2 | |
| Algorithm | HMAC-MD5 | |
| Key | TAHITEST89ABCDEF | |
| ICMP | Type | 128 (Echo Request) |
Judgement #1:
Receive ICMP Echo Reply (MUST)
Judgement #2:
Receive nothing (MUST)
perldoc V6evalTool
IPSEC.html IPsec Test Common Utility