NAME

  HTR_A_In_DM_IPv4H_ttl - Host Transport Mode AH Inbound, Undetect modification of IPv4 header TTL with AH
  


TARGET

  Host


SYNOPSIS

  HTR_A_In_DM_IPv4H_ttl.seq [-tooloption ...] -pkt HTR_A_DM_IPv4H.def
    -tooloption : v6eval tool option
  See also HTR_A_common.def and HTR_common.def


INITIALIZATION

For details of Network Topology, see 00README

Set NUT's SAD and SPD as following:

              NET5      NET3
    HOST1_NET5 -- Router -- NUT
         -----transport----->

Security Association Database (SAD)

source address HOST1_NET5
destination address NUT_NET3
SPI 0x1000
mode transport
protocol AH
AH algorithm HMAC-MD5
AH algorithm key 0123456789ABCDEF

Security Policy Database (SPD)

source address HOST1_NET5
destination address NUT_NET3
upper spec any
direction in
protocol AH
mode transport


TEST PROCEDURE

 Tester                      Target
   |                           |
   |-------------------------->|
   |      ICMP Echo Request    |
   |         with AH           |
   |                           |
   |<--------------------------|
   |      ICMP Echo Reply      |
   |        Judgement #1       |
   |                           |
   |-------------------------->|
   |      ICMP Echo Request    |
   |         with AH           |
   |  (TTL of IPv4H is modified)
   |                           |
   |<--------------------------|
   |      ICMP Echo Reply      |
   |        Judgement #2       |
   |                           |
   v                           v
  1. Send ICMP Echo Request with AH
  2. Receive ICMP Echo Reply
  3. Send ICMP Echo Request with AH (TTL of IPv4H is modified)
  4. Receive ICMP Echo Reply

ICMP Echo Request with AH

IP Header Source Address HOST1_NET5
Destination Address NUT_NET3
AH SPI 0x1000
Sequence Number 1
Algorithm HMAC-MD5
Key 0123456789ABCDEF
ICMP Type Echo Request

ICMP Echo Reply

IP Header Source Address NUT_NET3
Destination Address HOST1_NET5
ICMP Type Echo Reply

ICMP Echo Request with AH (TTL of IPv4H is modified)

IP Header Source Address HOST1_NET5
Destination Address NUT_NET3
TTL 128 (255 is original)
AH SPI 0x1000
Sequence Number 2
Algorithm HMAC-MD5
Key 0123456789ABCDEF
ICMP Type Echo Request


JUDGEMENT

  Judgement #1:
      Receive ICMP Echo Reply (MUST)
  Judgement #2:
      Receive ICMP Echo Reply (MUST)


SEE ALSO

  perldoc V6evalTool
  IPSEC.html IPsec Test Common Utility