");
vCapture($IF);
$ret = ping_host1_to_nut_normal();
if ($ret eq 'PASS') {
$ret = ping_host1_to_nut_ignored(echo_request_from_host1_ah_dm_ipv4h_src);
}
if ($ret eq 'PASS') {
ipsecExitPass();
}else{
ipsecExitFail();
}
#----------------------------------------------------------------------
sub ping_host1_to_nut_normal(;$) {
my($echo_request) = @_;
my($stat, %ret);
$echo_request = 'echo_request_from_host1_ah' unless defined $echo_request;
($stat, %ret) = ipsecPing2NUT($IF, $echo_request, 'echo_reply_to_host1');
if ($stat ne 'GOT_REPLY') {
vLogHTML("TN received no echo reply from NUT to HOST1.
");
return 'FAIL';
}
vLogHTML("TN received echo reply from NUT to HOST1.
");
return 'PASS';
}
sub ping_host1_to_nut_ignored($) {
my($echo_request) = @_;
my($stat, %ret);
($stat, %ret) = ipsecPing2NUT($IF, $echo_request, 'echo_reply_to_host1');
if ($stat ne 'NO_REPLY') {
vLogHTML("TN received something reply packet from NUT to HOST1.
");
vLogHTML("TN did not ignore the modified echo request packet.
");
return 'FAIL';
}
vLogHTML("TN received no echo reply from NUT to HOST1.
");
vLogHTML("TN ignored the modified echo request packet.
");
return 'PASS';
}
######################################################################
__END__
=head1 NAME
HTR_A_In_DM_IPv4H_src - Host Transport Mode AH Inbound, Detect modification of IPv4 header IP src address with AH
=head1 TARGET
Host
=head1 SYNOPSIS
=begin html
HTR_A_In_DM_IPv4H_src.seq [-tooloption ...] -pkt HTR_A_DM_IPv4H.def
-tooloption : v6eval tool option
See also HTR_A_common.def and HTR_common.def
=end html
=head1 INITIALIZATION
=begin html
For details of Network Topology, see 00README
Set NUT's SAD and SPD as following:
NET5 NET3
HOST1_NET5 -- Router -- NUT
-----transport----->
Security Association Database (SAD)
| source address |
HOST1_NET5 |
| destination address |
NUT_NET3 |
| SPI |
0x1000 |
| mode |
transport |
| protocol |
AH |
| AH algorithm |
HMAC-MD5 |
| AH algorithm key |
TAHITEST89ABCDEF |
Security Policy Database (SPD)
| source address |
HOST1_NET5 |
| destination address |
NUT_NET3 |
| upper spec |
any |
| direction |
in |
| protocol |
AH |
| mode |
transport |
=end html
=head1 TEST PROCEDURE
=begin html
Tester Target
| |
|-------------------------->|
| ICMP Echo Request |
| with AH |
| |
|<--------------------------|
| ICMP Echo Reply |
| Judgement #1 |
| |
|-------------------------->|
| ICMP Echo Request |
| with AH |
| (IPsrc of IPv4H is modified)
| |
| (<----------------------) |
| No ICMP Echo Reply |
| Judgement #2 |
| |
v v
- Send ICMP Echo Request with AH
- Receive ICMP Echo Reply
- Send ICMP Echo Request with AH (IPsrc of IPv4H is modified)
- Receive nothing
ICMP Echo Request with AH
| IP Header |
Source Address |
HOST1_NET5 |
|
Destination Address |
NUT_NET3 |
| AH |
SPI |
0x1000 |
|
Sequence Number |
1 |
|
Algorithm |
HMAC-MD5 |
|
Key |
TAHITEST89ABCDEF |
| ICMP |
Type |
Echo Request |
ICMP Echo Reply
| IP Header |
Source Address |
NUT_NET3 |
|
Destination Address |
HOST1_NET5 |
| ICMP |
Type |
Echo Reply |
ICMP Echo Request with AH (IPsrc of IPv4H is modified)
| IP Header |
Source Address |
HOST1_NET5 (HOST2_NET5 is original) |
|
Destination Address |
NUT_NET3 |
| AH |
SPI |
0x1000 |
|
Sequence Number |
2 |
|
Algorithm |
HMAC-MD5 |
|
Key |
TAHITEST89ABCDEF |
| ICMP |
Type |
Echo Request |
=end html
=head1 JUDGEMENT
Judgement #1:
Receive ICMP Echo Reply (MUST)
Judgement #2:
Receive nothing (MUST)
=head1 SEE ALSO
perldoc V6evalTool
=begin html
IPSEC.html IPsec Test Common Utility
=cut