NAME

  RTU_A_In_DM_HBHH_optdata - Router Tunnel Mode AH Inbound, Detect modification of HBHOpt header option data with AH

TARGET

  Router

INITIALIZATION

For details of Network Topology, see 00README

Set NUT's SAD and SPD as following: 

                          (Link0)  (Link1)
            NET4   NET2      NET0   NET1
  HOST1_NET4 -- SG1 -- Router -- NUT -- HOST1_NET1
                 =====tunnel======>

Security Association Database (SAD)

source address SG1_NET2
destination address NUT_NET0
SPI 0x1000
mode tunnel
protocol AH
AH algorithm HMAC-MD5
AH algorithm key TAHITEST89ABCDEF

Security Policy Database (SPD)

No SPD entry

TEST PROCEDURE

 Tester                      Target                      Tester
              (Link0)                     (Link1)
   |                           |                           |
 Subtest No.1 "option bit 000: option data is immutable"
   |                           |                           |
   |-------------------------->|                           |
   |      ICMP Echo Request    |                           |
   |  within [HBHH][AH] tunnel |                           |
   |                           |-------------------------->|
   |                           |      ICMP Echo Request    |
   |                           |        Judgement #1       |
   |                           |                           |
   |-------------------------->|                           |
   |      ICMP Echo Request    |                           |
   |  within [HBHH][AH] tunnel |                           |
   |  (option data of HBHH is modified)                    |
   |                           | (---------------------->) |
   |                           |     No ICMP Echo Request  |
   |                           |        Judgement #2       |
   |                           |                           |
   v                           v                           v
 Subtest No.2 "option bit 001: option data is mutable";
   |                           |                           |
   |-------------------------->|                           |
   |      ICMP Echo Request    |                           |
   |  within [HBHH][AH] tunnel |                           |
   |  (option data of HBHH is modified)                    |
   |                           |-------------------------->|
   |                           |      ICMP Echo Request    |
   |                           |        Judgement #3       |
   |                           |                           |
   v                           v                           v

ICMP Echo Request within [HBHH][AH] tunnel to Link0

IP Header Source Address SG1_NET2
Destination Address NUT_NET0
HopByHop Options Header Type 0x02
Data Length 4
Data 0x0f0f0000
AH SPI 0x1000
Sequence Number 1
Algorithm HMAC-MD5
Key TAHITEST89ABCDEF
IP Header Source Address HOST1_NET4
Destination Address HOST1_NET1
ICMP Type 128 (Echo Request)

ICMP Echo Request from Link1

IP Header Source Address HOST1_NET4
Destination Address HOST1_NET1
ICMP Type 128 (Echo Request)

Send ICMP Echo Request within [HBHH][AH] tunnel (option type=0x02, option data of HBHH is modified) to Link0

IP Header Source Address SG1_NET2
Destination Address NUT_NET0
HopByHop Options Header Type 0x02
Data Length 4
Data 0x00000000 (0x0f0f0000 is original)
AH SPI 0x1000
Sequence Number 2
Algorithm HMAC-MD5
Key TAHITEST89ABCDEF
IP Header Source Address HOST1_NET4
Destination Address HOST1_NET1
ICMP Type 128 (Echo Request)

Send ICMP Echo Request within [HBHH][AH] tunnel (option type=0x22, option data of HBHH is modified) to Link0

IP Header Source Address SG1_NET2
Destination Address NUT_NET0
HopByHop Options Header Type 0x22
Data Length 4
Data 0x1f1f0000 (0x0f0f0000 is original)
AH SPI 0x1000
Sequence Number 3
Algorithm HMAC-MD5
Key TAHITEST89ABCDEF
IP Header Source Address HOST1_NET4
Destination Address HOST1_NET1
ICMP Type 128 (Echo Request)

JUDGMENT

  Judgement #1:
      Receive ICMP Echo Request from Link1 (MUST)
  Judgement #2:
      Receive nothing (MUST)
  Judgement #3:
      Receive ICMP Echo Request from Link1 (MUST)

SEE ALSO

  perldoc V6evalTool

  IPSEC.html IPsec Test Common Utility