NAME

  RTU_A_In_DM_RH_ipv6h_dst - Router Tunnel Mode AH Inbound, Detect modification of IPv6 header IP dst address with Routing header and AH

TARGET

  Router

INITIALIZATION

For details of Network Topology, see 00README

Set NUT's SAD and SPD as following: 

                          (Link0)  (Link1)
            NET4   NET2      NET0   NET1
  HOST1_NET4 -- SG1 -- Router -- NUT -- HOST1_NET1
                 =====tunnel======>

Security Association Database (SAD)

source address SG1_NET2
destination address NUT_NET0
SPI 0x1000
mode tunnel
protocol AH
AH algorithm HMAC-MD5
AH algorithm key TAHITEST89ABCDEF

Security Policy Database (SPD)

No SPD entry

TEST PROCEDURE

 Tester                      Target                      Tester
              (Link0)                     (Link1)
   |                           |                           |
   |-------------------------->|                           |
   |      ICMP Echo Request    |                           |
   |    within [RH][AH] tunnel |                           |
   |                           |-------------------------->|
   |                           |      ICMP Echo Request    |
   |                           |        Judgement #1       |
   |                           |                           |
   |-------------------------->|                           |
   |      ICMP Echo Request    |                           |
   |    within [RH][AH] tunnel |                           |
   |  (IPdst of outer IPv6H is modified)                   |
   |                           | (---------------------->) |
   |                           |     No ICMP Echo Request  |
   |                           |        Judgement #2       |
   |                           |                           |
   v                           v                           v
  1. Send ICMP Echo Request within [RH][AH] tunnel to Link0
  2. Receive ICMP Echo Request from Link1
  3. Send ICMP Echo Request within [RH][AH] tunnel (IPdst of outer IPv6H is modified) to Link0
  4. Receive nothing

ICMP Echo Request within [RH][AH] tunnel to Link0

IP Header Source Address SG1_NET2
Destination Address NUT_NET0
RH Routing Type 0
Address ROUTER_NET2
AH SPI 0x1000
Sequence Number 1
Algorithm HMAC-MD5
Key TAHITEST89ABCDEF
IP Header Source Address HOST1_NET4
Destination Address HOST1_NET1
ICMP Type 128 (Echo Request)

ICMP Echo Request from Link1

IP Header Source Address HOST1_NET4
Destination Address HOST1_NET1
ICMP Type 128 (Echo Request)

Send ICMP Echo Request within [RH][AH] tunnel (IPdst of outer IPv6H is modified) to Link0

IP Header Source Address SG1_NET2
Destination Address NUT_NET0 (SG1_NET0 is original)
Address ROUTER_NET2
AH SPI 0x1000
Sequence Number 2
Algorithm HMAC-MD5
Key TAHITEST89ABCDEF
IP Header Source Address HOST1_NET4
Destination Address HOST1_NET1
ICMP Type 128 (Echo Request)

JUDGMENT

  Judgement #1:
      Receive ICMP Echo Request from Link1 (MUST)
  Judgement #2:
      Receive nothing (MUST)

SEE ALSO

  perldoc V6evalTool

  IPSEC.html IPsec Test Common Utility