S_RFC3315_21.4.2_MD5Mismatch.seq - Validate incoming message's MAC
Server
S_RFC3315_21.4.2_MD5Mismatch.seq[-tooloption ...]
-pkt S_RFC3315_21.4.2_MD5Mismatch.def
-tooloption: v6eval tool option. See also DHCPv6.def
TN(Client1)
|
Link0 -------+-----------+--------------- 3ffe:501:ffff:100::/64
|
NUT(Server1)
To validate an incoming message, the receiver first checks that the
value in the replay detection field is acceptable according to the
replay detection method specified by the RDM field. Next, the
receiver computes the MAC as described in [8]. The entire DHCP
message (setting the MAC field of the authentication option to 0) is
used as input to the HMAC-MD5 computation function. If the MAC
computed by the receiver does not match the MAC contained in the
authentication option, the receiver MUST discard the DHCP message.
- Configuration
Enable Delayed Authenticaion Protocol Service
Authenticaion parameter
- DHCP realm: DHCPv6.TEST.EXAMPLE.COM
- Client DUID: 00:01:00:01:00:04:93:e0:00:00:00:00:a2:a2
- Key id: 1
- Shared secret key: TAHITEST_VALID12
| Device Name |
Device Type |
I/F |
Assigned Prefix |
Link Local Addr |
MAC Addr |
| Server1 |
NUT |
Link0 |
3ffe:501:ffff:100::/64 |
NUT's Linklocal address |
NUT's MAC address |
| Client1 |
TN |
Link0 |
3ffe:501:ffff:100::/64 |
fe80::200:ff:fe00:a2a2 |
00:00:00:00:a2:a2 |
NUT TN
| |
| | initialize NUT (as a DHCPv6 Server)
| |
| <---- | Solicit w/ Authtication Option
| ----> | Advertise w/ Authtication Option
| <---- | Request w/ Authtication Option including invalid MAC
| --->X | Reply w/ Authtication Option (*1)
| |
(*1) PASS: If NUT received the message that includes invalid MAC, NUT discards it.
N/A
see also RFC3315
21.4.2. Message Validation
22.11 Authentication Option
perldoc V6evalTool