#!/usr/bin/perl # # Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005 Yokogawa Electric Corporation, # IPA (Information-technology Promotion Agency, Japan). # All rights reserved. # # Redistribution and use of this software in source and binary forms, with # or without modification, are permitted provided that the following # conditions and disclaimer are agreed and accepted by the user: # # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # 3. Neither the names of the copyrighters, the name of the project which # is related to this software (hereinafter referred to as "project") nor # the names of the contributors may be used to endorse or promote products # derived from this software without specific prior written permission. # # 4. No merchantable use may be permitted without prior written # notification to the copyrighters. However, using this software for the # purpose of testing or evaluating any products including merchantable # products may be permitted without any notification to the copyrighters. # # # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHTERS, THE PROJECT AND # CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING # BUT NOT LIMITED THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS # FOR A PARTICULAR PURPOSE, ARE DISCLAIMED. IN NO EVENT SHALL THE # COPYRIGHTERS, THE PROJECT OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, # INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES # (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN # CONTRACT,STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF # THE POSSIBILITY OF SUCH DAMAGE. # # $TAHI: ct/ipsec/RTU_E_In_Order_DSTH.seq,v 1.15 2003/05/05 19:37:41 ozoe Exp $ # ###################################################################### BEGIN { unshift(@INC, '../ipsec/'); $V6evalTool::TestVersion = '$Name: REL_2_1_2 $ '; } use V6evalTool; use IPSEC; %pktdesc = ( ### TBD ); $IF0 = Link0; $IF1 = Link1; #----- check NUT type ipsecCheckNUT(router); #----- set SAD,SPD vLogHTML("*** Target initialization phase ***
"); ipsecClearAll(); ## SG1 vs NUT ipsecSetSAD( "src=$IPSEC::IPsecAddr{IPSEC_SG1_NET2_ADDR}" , "dst=$IPSEC::IPsecAddr{IPSEC_NUT_NET0_ADDR}" , "spi=0x1000" , "mode=tunnel" , "direction=in" , "protocol=esp" , "ealgo=des-cbc" , "ealgokey=TAHITEST" , "nsrc=$IPSEC::IPsecAddr{IPSEC_NET4_ADDR}" , "ndst=$IPSEC::IPsecAddr{IPSEC_NET1_ADDR}" , ); ipsecSetSPD( "src=$IPSEC::IPsecAddr{IPSEC_NET4_ADDR}" , "dst=$IPSEC::IPsecAddr{IPSEC_NET1_ADDR}" , "upperspec=any" , "direction=in" , "protocol=esp" , "mode=tunnel" , "tsrc=$IPSEC::IPsecAddr{IPSEC_SG1_NET2_ADDR}" , "tdst=$IPSEC::IPsecAddr{IPSEC_NUT_NET0_ADDR}" , ); # No SPD entry #ipsecSetSPD( # "policy=nopolicy" # ); ipsecEnable(); #====================================================================== vLogHTML("*** Target testing phase ***
"); vCapture($IF0); vCapture($IF1); $test_result = 'PASS'; # NET1 NET0 NET2 NET4 # HOST1_NET1 -- NUT -- Router -- SG1 -- HOST1_NET4 # <====tunnel===== #### subtest No.1 $subtest_no = 1; $subtest_title[$subtest_no] = "Check header order of tunnel mode (acceptable):[IPv6H][DSTH][ESP][IPv6H][UpperH]"; vLogHTML("Subtest No.$subtest_no: $subtest_title[$subtest_no]
"); $csts = 'PASS'; #initialize current subtest status ($stat, %ret) = ipsecForwardDecap($IF0, $IF1, 'esptun_from_sg1_net2_dstopt_esp_echo_request_from_host1_net4_to_host1_net1_on_net0', 'echo_request_from_host1_net4_to_host1_net1_on_net1'); $csts = 'FAIL' if $stat ne 'GOT_PACKET'; vLogHTML("Subtest No.$subtest_no $csts

"); $subtest_results[$subtest_no] = $csts; #### subtest No.2 $subtest_no = 2; $subtest_title[$subtest_no] = "Check header order of tunnel mode (ignored):[IPv6H][ESP][DSTH][IPv6H][UpperH]"; vLogHTML("Subtest No.$subtest_no: $subtest_title[$subtest_no]
"); $csts = 'PASS'; #initialize current subtest status ($stat, %ret) = ipsecForwardDecap($IF0, $IF1, 'esptun_from_sg1_net2_esp_dstopt_echo_request_from_host1_net4_to_host1_net1_on_net0', 'echo_request_from_host1_net4_to_host1_net1_on_net1'); $csts = 'FAIL' if $stat eq 'GOT_PACKET'; vLogHTML("Subtest No.$subtest_no $csts

"); $subtest_results[$subtest_no] = $csts; ### results table vLogHTML("Subtest Results
"); for($i=1; $i < @subtest_title; $i++) { vLogHTML("|$i| $subtest_title[$i] | $subtest_results[$i] |
"); $test_results = 'FAIL' if $subtest_results[$i] eq 'FAIL'; } if ($test_results eq 'FAIL') { ipsecExitFail(); }else{ ipsecExitPass(); } ###################################################################### __END__ =head1 NAME RTU_E_In_Order_DSTH - Router Tunnel Mode ESP Inbound Header Order =head1 TARGET Router =head1 SYNOPSIS =begin html 
  RTU_E_In_Order_DSTH.seq [-tooloption ...] -pkt RTU_E_Order_DSTH.def
    -tooloption : v6eval tool option
  See also RTU_E_common.def and RTU_common.def
=end html =head1 INITIALIZATION =begin html

For details of Network Topology, see 00README

Set NUT's SAD and SPD as following: 

                           (Link0) (Link1)
            NET4   NET2      NET0   NET1
  HOST1_NET4 -- SG1 -- Router -- NUT -- HOST1_NET1
                 =====tunnel======>

Security Association Database (SAD)

source address SG1_NET2
destination address NUT_NET0
SPI 0x1000
mode tunnel
protocol ESP
ESP algorithm DES-CBC
ESP algorithm key TAHITEST

Security Policy Database (SPD)

No SPD entry
=end html =head1 TEST PROCEDURE =begin html 
 Tester                      Target                      Tester
              (Link0)                     (Link1)
   |                           |                           |
   |-------------------------->|                           |
   |      ICMP Echo Request    |                           |
   |        [DSTH][ESP]        |                           |
   |        (with ESP)         |                           |
   |                           |-------------------------->|
   |                           |      ICMP Echo Request    |
   |                           |                           |
   |                           |                           |
   |-------------------------->|                           |
   |      ICMP Echo Request    |                           |
   |        [ESP][DSTH]        |                           |
   |        (with ESP)         |                           |
   |                           | (---------------------->) |
   |                           |    No ICMP Echo Request   |
   |                           |                           |
   |                           |                           |
   |                           |                           |
   v                           v                           v
  1. Send ICMP Echo Request [DSTH][ESP] to Link0
  2. Receive ICMP Echo Request from Link1
  3. Send ICMP Echo Request [ESP][DST] to Link0
  4. Receive No Packet from Link1

ICMP Echo Request [DSTH][ESP] to Link0

IP Header Source Address SG1_NET2
Destination Address NUT_NET0
Destination Options Header Type PadN
ESP SPI 0x1000
Algorithm DES-CBC
Key TAHITEST
IP Header Source Address HOST1_NET4
Destination Address HOST1_NET1
ICMP Type 128 (Echo Request)

ICMP Echo Request from Link1

IP Header Source Address HOST1_NET4
Destination Address HOST1_NET1
ICMP Type 128 (Echo Request)

ICMP Echo Request [ESP][DSTH] to Link0

IP Header Source Address SG1_NET2
Destination Address NUT_NET0
ESP SPI 0x1000
Algorithm DES-CBC
Key TAHITEST
Destination Options Header Type PadN
IP Header Source Address HOST1_NET4
Destination Address HOST1_NET1
ICMP Type 128 (Echo Request)

ICMP Echo Request from Link1

IP Header Source Address HOST1_NET4
Destination Address HOST1_NET1
ICMP Type 128 (Echo Request)
=end html =head1 JUDGMENT PASS: ICMP Echo Request received =head1 SEE ALSO perldoc V6evalTool =begin html 
  IPSEC.html IPsec Test Common Utility
=end html =cut