NAME

  RTU_A_In_Order_DSTH - Router Tunnel Mode AH Inbound Header Order (Destination Options Header vs AH)

TARGET

  Router

SYNOPSIS

  RTU_A_In_Order_DSTH.seq [-tooloption ...] -pkt RTU_A_Order_DSTH.def
    -tooloption : v6eval tool option
  See also HTR_A_common.def and HTR_common.def

INITIALIZATION

For details of Network Topology, see 00README

Set NUT's SAD and SPD as following: 

                           (Link0)  (Link1)
            NET4   NET2      NET0   NET1
  HOST1_NET4 -- SG1 -- Router -- NUT -- HOST1_NET1
                 =====tunnel======>

Security Association Database (SAD)

source address SG1_NET2
destination address NUT_NET0
SPI 0x1000
mode tunnel
protocol AH
AH algorithm HMAC-MD5
AH algorithm key 0123456789ABCDEF

Security Policy Database (SPD)

No SPD entry

TEST PROCEDURE

 Tester                      Target                      Tester
              (Link0)                     (Link1)
   |                           |                           |
   |-------------------------->|                           |
   |      ICMP Echo Request    |                           |
   |        [DSTH][AH]         |                           |
   |        (with AH)          |                           |
   |                           |-------------------------->|
   |                           |      ICMP Echo Request    |
   |                           |                           |
   |                           |                           |
   |-------------------------->|                           |
   |      ICMP Echo Request    |                           |
   |        [AH][DSTH]         |                           |
   |        (with AH)          |                           |
   |                           | (---------------------->) |
   |                           |    No ICMP Echo Request   |
   |                           |                           |
   |                           |                           |
   |                           |                           |
   v                           v                           v
  1. Send ICMP Echo Request [DSTH][AH] to Link0
  2. Receive ICMP Echo Request from Link1
  3. Send ICMP Echo Request [AH][DST] to Link0
  4. Receive No Packet from Link1

ICMP Echo Request [DSTH][AH] to Link0

IP Header Source Address SG1_NET2
Destination Address NUT_NET0
Destination Options Header Type PadN
AH SPI 0x1000
Algorithm HMAC-MD5
Key 0123456789ABCDEF
IP Header Source Address HOST1_NET4
Destination Address HOST1_NET1
ICMP Type 128 (Echo Request)

ICMP Echo Request from Link1

IP Header Source Address HOST1_NET4
Destination Address HOST1_NET1
ICMP Type 128 (Echo Request)

ICMP Echo Request [AH][DSTH] to Link0

IP Header Source Address SG1_NET2
Destination Address NUT_NET0
AH SPI 0x1000
Algorithm HMAC-MD5
Key 0123456789ABCDEF
Destination Options Header Type PadN
IP Header Source Address HOST1_NET4
Destination Address HOST1_NET1
ICMP Type 128 (Echo Request)

ICMP Echo Request from Link1

IP Header Source Address HOST1_NET4
Destination Address HOST1_NET1
ICMP Type 128 (Echo Request)

JUDGEMENT

  PASS: ICMP Echo Request received

SEE ALSO

  perldoc V6evalTool

  IPSEC.html IPsec Test Common Utility