NAME

        rfc2765_3.2_udp.seq - Verify IPv6 <-> IPv4 header 
        translation in accordance with RFC2765 [SIIT]


TARGET

        Router


SYNOPSIS

        rfc2765_3.2_udp.seq [-tooloption ...] 
        -p rfc2765_3.2_udp.def


INITIALIZATION

	Before this test starts, run initialize.seq.


TEST PROCEDURE

        This test verifies that NUT adjusts header checksum for UDP packets.
        
        Network Topology
        Link0
        --------------------------
            |               |
           TN              NUT
            |               |
        --------------------------
        Link1
        TN -- (Link0) -- NUT        NUT -- (Link1) -- TN
        
        ---------------------      ------------------------

1.1. <=================== IPv4 UDP packet IPv4 Header src address : TN LINK1 IPv4 address dst address : TN LINK0 IPv4 address Don't Fragment = 1 UDP packet Checksum including IPv4 pseudo header data = repeat(0xff,64) 1.2. <> <=================== IPv6 UDP packet IPv6 Header src address : TN LINK1 IPv4 embedded IPv6 address dst address : TN LINK0 IPv4 embedded IPv6 address UDP packet Checksum including IPv6 pseudo header data = repeat(0xff,64)
2.1. <=================== IPv4 UDP packet IPv4 Header src address : TN LINK1 IPv4 address dst address : TN LINK0 IPv4 address Don't Fragment = 1 UDP packet Checksum = 0xffff (zero checksum) data = repeat(0xff,64) 2.2. <> <=================== IPv6 UDP packet IPv6 Header src address : TN LINK1 IPv4 embedded IPv6 address dst address : TN LINK0 IPv4 embedded IPv6 address UDP packet Checksum including IPv6 pseudo header data = repeat(0xff,64)
3.1. <=================== IPv4 UDP packet IPv4 Header src address : TN LINK1 IPv4 address dst address : TN LINK0 IPv4 address MF = 1 UDP packet Checksum including IPv4 pseudo header data = repeat(0xff,64) 3.2. <> <=================== IPv6 UDP packet IPv6 Header src address : TN LINK1 IPv4 embedded IPv6 address dst address : TN LINK0 IPv4 embedded IPv6 address Fragment Header More fragments = 1 UDP packet Checksum including IPv6 pseudo header data = repeat(0xff,64)
4.1. <=================== IPv4 UDP packet IPv4 Header src address : TN LINK1 IPv4 address dst address : TN LINK0 IPv4 address MF = 1 UDP packet Checksum = 0xffff (zero checksum) data = repeat(0xff,64) 4.2. <> Packet is silently dropped


JUDGMENT

<< PASS >> NUT adjusts header checksum for UDP packets with checksum and recalculates it for UDP packets with zero checksum. Fragmented UDP packets with zero checksum are silently dropped. << FAIL >> NUT send UDP packets with wrong checksum, or doesn't drop fragmented UDP with zero checksum.


NOTE


REFERENCE

B3.2. Translating UDP over IPv4 If a UDP packet has a zero UDP checksum then a valid checksum must be calculated in order to translate the packet. A stateless translator can not do this for fragmented packets but [MILLER] indicates that fragmented UDP packets with a zero checksum appear to only be used for malicious purposes. Thus this is not believed to be a noticeable limitation. When a translator receives the first fragment of a fragmented UDP IPv4 packet and the checksum field is zero the translator SHOULD drop the packet and generate a system management event specifying at least the IP addresses and port numbers in the packet. When it receives fragments other than the first it SHOULD silently drop the packet, since there is no port information to log. When a translator receives an unfragmented UDP IPv4 packet and the checksum field is zero the translator MUST compute the missing UDP checksum as part of translating the packet. Also, the translator SHOULD maintain a counter of how many UDP checksums are generated in this manner.


SEE ALSO

perldoc V6evalTool