#!/usr/bin/perl # # Copyright (C) 2002, 2003, 2004, 2005 Yokogawa Electric Corporation, # INTAP(Interoperability Technology Association for Information # Processing, Japan), IPA (Information-technology Promotion Agency, Japan). # All rights reserved. # # Redistribution and use of this software in source and binary forms, with # or without modification, are permitted provided that the following # conditions and disclaimer are agreed and accepted by the user: # # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # 3. Neither the names of the copyrighters, the name of the project which # is related to this software (hereinafter referred to as "project") nor # the names of the contributors may be used to endorse or promote products # derived from this software without specific prior written permission. # # 4. No merchantable use may be permitted without prior written # notification to the copyrighters. However, using this software for the # purpose of testing or evaluating any products including merchantable # products may be permitted without any notification to the copyrighters. # # # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHTERS, THE PROJECT AND # CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING # BUT NOT LIMITED THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS # FOR A PARTICULAR PURPOSE, ARE DISCLAIMED. IN NO EVENT SHALL THE # COPYRIGHTERS, THE PROJECT OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, # INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES # (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN # CONTRACT,STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF # THE POSSIBILITY OF SUCH DAMAGE. # # $TAHI: ct/ipsec/HTR_E_In_ReceiveWindow.seq,v 1.2 2003/06/05 13:42:45 ozoe Exp $ # ###################################################################### BEGIN { unshift(@INC, '../ipsec/'); $V6evalTool::TestVersion = '$Name: REL_2_1_2 $ '; } use V6evalTool; use IPSEC; %pktdesc = ( ### TBD ); $IF = Link0; #----- check NUT type ipsecCheckNUT(host); #----- set SAD,SPD vLogHTML("*** Target initialization phase ***
"); ipsecClearAll(); ## HOST1 vs NUT ipsecSetSAD( "src=$IPSEC::IPsecAddr{IPSEC_HOST1_NET5_ADDR}" , "dst=$IPSEC::IPsecAddr{IPSEC_NUT_NET3_ADDR}" , "spi=0x1000" , "mode=transport" , "protocol=esp" , "rsize=4" , "ealgo=null" , "eauth=hmac-md5" , "eauthkey=TAHITEST89ABCDEF" ); ipsecSetSPD( "src=$IPSEC::IPsecAddr{IPSEC_HOST1_NET5_ADDR}" , "dst=$IPSEC::IPsecAddr{IPSEC_NUT_NET3_ADDR}" , "upperspec=any" , "direction=in" , "protocol=esp-auth" , "mode=transport" , ); #====================================================================== vLogHTML("*** Target testing phase ***
"); #----- start capturing vCapture($IF); $seq = 0; vCPP("-DSEQ=$seq"); if ($IPSEC::IPsecAddr{IPSEC_IPVERSION} == 4) { } else { ## RA vSend($IF, ra_to_nut); vSleep(3); } $seq = 4294967295; vLogHTML("Sequence number = $seq"); vCPP("-DSEQ=$seq"); # ping TN(Host1) <-> NUT ($stat, %ret) = ipsecPing2NUT($IF, 'echo_request_from_host1_esp_2', 'echo_reply_to_host1'); if ($stat eq 'NO_REPLY') { vLogHTML("TN received no echo reply from NUT to HOST1.
"); vLogHTML("TUN doesn't shift receive window.
"); vLogHTML('OK'); } if ($stat eq 'GOT_REPLY') { vLogHTML("TN received echo reply from NUT to HOST1.
"); vLogHTML("TUN shifts receive window.
"); vLogHTML('OK'); } ###################################################################### vClear($IF); $seq = 1; vLogHTML("Sequence number = $seq"); vCPP("-DSEQ=$seq"); # ping TN(Host1) <-> NUT ($stat, %ret) = ipsecPing2NUT($IF, 'echo_request_from_host1_esp_2', 'echo_reply_to_host1'); if ($stat eq 'GOT_REPLY') { vLogHTML("TN received echo reply from NUT to HOST1.
"); vLogHTML("TUN seemes to expand receive window to maximum size.
"); vLogHTML('OK'); ipsecExitIgnore(); } if ($stat eq 'NO_REPLY') { vLogHTML("TN received no echo reply from NUT to HOST1.
"); vLogHTML("TUN seems to shift receive window.
"); vLogHTML("TUN ignored left side sequence packet of receive window.
"); vLogHTML('OK'); ipsecExitIgnore(); } ipsecExitFail(); ###################################################################### __END__ =head1 NAME HTR_E_In_ReceiveWindow - Host Transport Mode ESP (NULL), Inbound Expand or Shift Receive Window =head1 TARGET Host =head1 SYNOPSIS =begin html

  HTR_E_In_ReceiveWindow.seq [-tooloption ...] -pkt HTR_E_ReceiveWindow.def
    -tooloption : v6eval tool option
  See also HTR_E_common.def and HTR_common.def

=end html =head1 INITIALIZATION =begin html

For details of Network Topology, see 00README

Set NUT's SAD and SPD as following:

              NET5      NET3
    HOST1_NET5 -- Router -- NUT
         -----transport----->

Security Association Database (SAD)

source address	HOST1_NET5
destination address	NUT_NET3
SPI	0x1000
mode	transport
protocol	ESP
ESP algorithm	NULL
ESP authentication	HMAC-MD5
ESP authentication key	TAHITEST89ABCDEF

Security Policy Database (SPD)

source address	HOST1_NET5
destination address	NUT_NET3
upper spec	any
direction	in
protocol	ESP
mode	transport

=end html =head1 TEST PROCEDURE =begin html

 Tester                      Target
   |                           |
   |-------------------------->|
   |      ICMP Echo Request    |
   |( with ESP, SEQ=4294967295)|
   |                           |
   |<------------------------- |
   |     no ICMP Echo Reply?   |
   |                           |
   |-------------------------->|
   |      ICMP Echo Request    |
   |    ( with ESP, SEQ=1 )    |
   |                           |
   | (<----------------------) |
   |     no ICMP Echo Reply?   |
   |                           |
   v                           v

Send ICMP Echo Request with ESP
Receive Nothing or Not

ICMP Echo Request with ESP

IP Header	Source Address	HOST1_NET5
	Destination Address	NUT_NET3
ESP	SPI	0x1000
	Sequence Number	4294967295->1
	Receive window size	32
	Algorithm	NULL
	ESP authentication	HMAC-MD5
	ESP authentication key	TAHITEST89ABCDEF
	Padding	Zero
	Padding Length	0
ICMP	Type	128 (Echo Request)
	Data Length	14

ICMP Echo Reply

IP Header	Source Address	NUT_NET3
	Destination Address	HOST1_NET5
ICMP	Type	129 (Echo Reply)
	Data Length	14

=end html =head1 JUDGMENT FYI Nothing received: TUN shift receive window when receiving large sequence number packet. ICMP Echo Reply received: TUN expand receive window size when receiving large sequence number packet. =head1 SEE ALSO perldoc V6evalTool =begin html

  IPSEC.html IPsec Test Common Utility

=cut