NAME

  RTU_A_In_DM_IPv6H_hlim - Router Tunnel Mode AH Inbound, Undetect modification of IPv6 header hoplimit with AH


TARGET

  Router


SYNOPSIS

  RTU_A_In_DM_IPv6H_hlim.seq [-tooloption ...] -pkt RTU_A_DM_IPv6H.def
    -tooloption : v6eval tool option
  See also HTR_A_common.def and HTR_common.def


INITIALIZATION

For details of Network Topology, see 00README

Set NUT's SAD and SPD as following:

                          (Link0)  (Link1)
            NET4   NET2      NET0   NET1
  HOST1_NET4 -- SG1 -- Router -- NUT -- HOST1_NET1
                 =====tunnel======>

Security Association Database (SAD)

source address SG1_NET2
destination address NUT_NET0
SPI 0x1000
mode tunnel
protocol AH
AH algorithm HMAC-MD5
AH algorithm key 0123456789ABCDEF

Security Policy Database (SPD)

No SPD entry


TEST PROCEDURE

 Tester                      Target                      Tester
              (Link0)                     (Link1)
   |                           |                           |
   |-------------------------->|                           |
   |      ICMP Echo Request    |                           |
   |       within AH tunnel    |                           |
   |                           |-------------------------->|
   |                           |      ICMP Echo Request    |
   |                           |        Judgement #1       |
   |                           |                           |
   |-------------------------->|                           |
   |      ICMP Echo Request    |                           |
   |       within AH tunnel    |                           |
   |  (HopLimit of outer IPv6H is modified)                |
   |                           |-------------------------->|
   |                           |       ICMP Echo Request   |
   |                           |        Judgement #2       |
   |                           |                           |
   v                           v                           v
  1. Send ICMP Echo Request within AH tunnel to Link0
  2. Receive ICMP Echo Request from Link1
  3. Send ICMP Echo Request within AH tunnel (HopLimit of outer IPv6H is modified) to Link0
  4. Receive ICMP Echo Request from Link1

ICMP Echo Request within AH tunnel to Link0

IP Header Source Address SG1_NET2
Destination Address NUT_NET0
AH SPI 0x1000
Sequence Number 1
Algorithm HMAC-MD5
Key 0123456789ABCDEF
IP Header Source Address HOST1_NET4
Destination Address HOST1_NET1
ICMP Type 128 (Echo Request)

ICMP Echo Request from Link1

IP Header Source Address HOST1_NET4
Destination Address HOST1_NET1
ICMP Type 128 (Echo Request)

Send ICMP Echo Request within AH tunnel (HopLimit of outer IPv6H is modified) to Link0

IP Header Source Address SG1_NET2
Destination Address NUT_NET0
Hop Limit 15 (64 is original)
AH SPI 0x1000
Sequence Number 2
Algorithm HMAC-MD5
Key 0123456789ABCDEF
IP Header Source Address HOST1_NET4
Destination Address HOST1_NET1
ICMP Type 128 (Echo Request)


JUDGEMENT

  Judgement #1:
      Receive ICMP Echo Request from Link1 (MUST)
  Judgement #2:
      Receive ICMP Echo Request from Link1 (MUST)


SEE ALSO

  perldoc V6evalTool
  IPSEC.html IPsec Test Common Utility