#!/usr/bin/perl # # Copyright (C) 1999,2000 Yokogawa Electric Corporation and # YDC Corporation. # All rights reserved. # # Redistribution and use of this software in source and binary # forms, with or without modification, are permitted provided that # the following conditions and disclaimer are agreed and accepted # by the user: # # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in # the documentation and/or other materials provided with # the distribution. # # 3. Neither the names of the copyrighters, the name of the project # which is related to this software (hereinafter referred to as # "project") nor the names of the contributors may be used to # endorse or promote products derived from this software without # specific prior written permission. # # 4. No merchantable use may be permitted without prior written # notification to the copyrighters. # # 5. The copyrighters, the project and the contributors may prohibit # the use of this software at any time. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHTERS, THE PROJECT AND # CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING # BUT NOT LIMITED THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS # FOR A PARTICULAR PURPOSE, ARE DISCLAIMED. IN NO EVENT SHALL THE # COPYRIGHTERS, THE PROJECT OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, # INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES # (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, # STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING # IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE # POSSIBILITY OF SUCH DAMAGE. # # $Id: RTU_E_In_2SA_DspiSipsrc.seq,v 1.1.1.1 2000/10/31 22:39:39 sekiya Exp $ # ###################################################################### BEGIN { unshift(@INC, '../ipsec/'); $V6evalTool::TestVersion = '$Name: $ '; } use V6evalTool; use IPSEC; %pktdesc = ( ### TBD ); $IF0 = Link0; $IF1 = Link1; #----- check NUT type ipsecCheckNUT(router); #----- set SAD,SPD vLogHTML("*** Target initialization phase ***
"); ipsecClearAll(); # SPI = 0x1000 ipsecSetSAD( "src=$IPSEC::IPsecAddr{IPSEC_SG1_NET2_ADDR}" , "dst=$IPSEC::IPsecAddr{IPSEC_NUT_NET0_ADDR}" , "spi=0x1000" , "mode=tunnel" , "direction=in" , "protocol=esp" , "ealgo=des-cbc" , "ealgokey=01234567" , #"aalgo=hmac-md5" , #"aalgokey=0123456789ABCDEF" , "nsrc=$IPSEC::IPsecAddr{IPSEC_NET4_ADDR}" , "ndst=$IPSEC::IPsecAddr{IPSEC_NET1_ADDR}" , ); # SPI = 0x2000 ipsecSetSAD( "src=$IPSEC::IPsecAddr{IPSEC_SG1_NET2_ADDR}" , "dst=$IPSEC::IPsecAddr{IPSEC_NUT_NET0_ADDR}" , "spi=0x2000" , "mode=tunnel" , "direction=in" , "protocol=esp" , "ealgo=des-cbc" , "ealgokey=foo0foo1" , "nsrc=$IPSEC::IPsecAddr{IPSEC_NET4_ADDR}" , "ndst=$IPSEC::IPsecAddr{IPSEC_NET1_ADDR}" , ); #ipsecSetSPD( # "tsrc=$IPSEC::IPsecAddr{IPSEC_SG1_NET2_ADDR}" , # "tdst=$IPSEC::IPsecAddr{IPSEC_NUT_NET0_ADDR}" , # "src=$IPSEC::IPsecAddr{IPSEC_NET4_ADDR}" , # "dst=$IPSEC::IPsecAddr{IPSEC_NET1_ADDR}" , # "upperspec=any" , # "direction=in" , # "protocol=esp" , # "mode=tunnel" , # ); ipsecEnable(); #====================================================================== vLogHTML("*** Target testing phase ***
"); vCapture($IF0); vCapture($IF1); # NET1 NET0 NET2 NET4 # HOST1_NET1 -- NUT -- Router -- SG1 -- HOST1_NET4 # <====tunnel-1===(SPI=0x1000) # <====tunnel-2===(SPI=0x2000) # <====tunnel-1===(SPI=0x1000) ($stat, %ret) = ipsecForwardDecap($IF0, $IF1, 'esptun_from_sg1_net2_echo_request_from_host1_net4_to_host1_net1_on_net0', 'echo_request_from_host1_net4_to_host1_net1_on_net1'); if ($stat ne 'GOT_PACKET') { vLogHTML('TN received no decapuslated packet from NUT
'); ipsecExitFail(); } vLogHTML("TN received decapsulated packet from HOST1_NET4 to HOST1_NET1.
"); vLogHTML("Tunnel over 1st SA bundle is available.
"); # <====tunnel-2===(SPI=0x2000) ($stat, %ret) = ipsecForwardDecap($IF0, $IF1, 'esptun_from_sg1_net2_2_echo_request_from_host1_net4_to_host1_net1_on_net0', 'echo_request_from_host1_net4_to_host1_net1_on_net1'); if ($stat ne 'GOT_PACKET') { vLogHTML('TN received no decapuslated packet from NUT
'); ipsecExitFail(); } vLogHTML("TN received decapsulated packet from HOST1_NET4 to HOST1_NET1.
"); vLogHTML("Tunnel over 2nd SA bundle is available.
"); vLogHTML("Tunnel over coexisting two SA bundles are available.
"); ipsecExitPass(); ###################################################################### __END__ =head1 NAME RTU_E_In_2SA_DspiSipsrc - Router Tunnel Mode ESP Inbound 2 SA selection, Different SPI, Same IPsrc =head1 TARGET Router =head1 SYNOPSIS =begin html 
  RTU_E_In_2SA_DspiSipsrc.seq [-tooloption ...] -pkt RTU_E_2SA_DspiSip.def
    -tooloption : v6eval tool option
  See also RTU_E_common.def and RTU_common.def
=end html =head1 INITIALIZATION =begin html

For details of Network Topology, see 00README

Set NUT's SAD and SPD as following: 

                           (Link0) (Link1)
            NET4   NET2      NET0   NET1
  HOST1_NET4 -- SG1 -- Router -- NUT -- HOST1_NET1
                 =====tunnel======> (SA1)
                 =====tunnel======> (SA2)

Security Association Database (SAD) for SA1

source address SG1_NET2
destination address NUT_NET0
SPI 0x1000
mode tunnel
protocol ESP
ESP algorithm DES-CBC
ESP algorithm key 01234567

Security Association Database (SAD) for SA2

source address SG1_NET2
destination address NUT_NET0
SPI 0x2000
mode tunnel
protocol ESP
ESP algorithm DES-CBC
ESP algorithm key foo0foo1

Security Policy Database (SPD)

No SPD entry
=end html =head1 TEST PROCEDURE =begin html 
 Tester                      Target                      Tester
              (Link0)                     (Link1)
   |                           |                           |
   |-------------------------->|                           |
   |      ICMP Echo Request    |                           |
   |       From Host1Net4      |                           |
   |        (using SA1)        |                           |
   |                           |                           |
   |                           |-------------------------->|
   |                           |      ICMP Echo Request    |
   |                           |       From Host1Net4      |
   |                           |                           |
   |                           |                           |
   |-------------------------->|                           |
   |      ICMP Echo Request    |                           |
   |       From Host1Net4      |                           |
   |        (using SA2)        |                           |
   |                           |                           |
   |                           |-------------------------->|
   |                           |      ICMP Echo Request    |
   |                           |       From Host1Net4      |
   |                           |                           |
   |                           |                           |
   v                           v                           v
  1. Send ICMP Echo Request FromHost1Net4 using SA1 to Link0
  2. Receive ICMP Echo Request FromHost1Net4 from Link1
  3. Send ICMP Echo Request FromHost1Net4 using SA2 to Link0
  4. Receive ICMP Echo Request FromHost1Net4 from Link1

ICMP Echo Request FromHost1Net4 using SA1 to Link0

IP Header Source Address SG1_NET2
Destination Address NUT_NET0
ESP SPI 0x1000
Algorithm DES-CBC
Key 01234567
IP Header Source Address HOST1_NET4
Destination Address HOST1_NET1
ICMP Type 128 (Echo Request)

ICMP Echo Request FromHost1Net4 from Link1

IP Header Source Address HOST1_NET4
Destination Address HOST1_NET1
ICMP Type 128 (Echo Request)

ICMP Echo Request FromHost1Net6 using SA2 to Link0

IP Header Source Address SG1_NET2
Destination Address NUT_NET0
ESP SPI 0x2000
Algorithm DES-CBC
Key foo0foo1
IP Header Source Address HOST1_NET4
Destination Address HOST1_NET1
ICMP Type 128 (Echo Request)

ICMP Echo Request FromHost1Net4 from Link1

IP Header Source Address HOST1_NET4
Destination Address HOST1_NET1
ICMP Type 128 (Echo Request)
=end html =head1 JUDGEMENT PASS: Both ICMP Echo Request (using SA1, SA2) received =head1 SEE ALSO perldoc V6evalTool =begin html 
  IPSEC.html IPsec Test Common Utility
=end html =cut