rfc2766_5.3.1_checksum_tcp_udp.seq - Verify IPv6 <-> IPv4 header
translation in accordance with RFC2766 [NATPT]
Router
rfc2766_5.3.1_checksum_tcp_udp.seq [-tooloption ...]
-p rfc2766_5.3.1_checksum_tcp_udp.def
Before this test starts, run initialize_natpt.seq.
This test verifies that NUT adjusts header checksum for UDP packets.
Network Topology
Link0
--------------------------
| |
TN NUT
| |
--------------------------
Link1
TN -- (Link0) -- NUT NUT -- (Link1) -- TN
--------------------- ------------------------
1.1.
<===================
IPv4 UDP packet
IPv4 Header
src address : TN LINK1 IPv4 address
dst address : TN LINK0 IPv4 address
DF = 1
UDP packet
Checksum including IPv4 pseudo header
data = repeat(0xff,128)
1.2.
<>
<===================
IPv6 UDP packet
IPv6 Header
src address : TN LINK1 IPv4 embedded IPv6 address
dst address : TN LINK0 IPv4 embedded IPv6 address
UDP packet
Checksum including IPv6 pseudo header
data = repeat(0xff,128)
2.1.
<===================
IPv4 UDP packet
IPv4 Header
src address : TN LINK1 IPv4 address
dst address : TN LINK0 IPv4 address
DF = 1
UDP packet
Checksum = 0xffff (zero checksum)
data = repeat(0xff,128)
2.2.
<>
<===================
IPv6 UDP packet
IPv6 Header
src address : TN LINK1 IPv4 embedded IPv6 address
dst address : TN LINK0 IPv4 embedded IPv6 address
UDP packet
Checksum including IPv6 pseudo header
data = repeat(0xff,128)
3.1.
<===================
IPv4 UDP packet
IPv4 Header
src address : TN LINK1 IPv4 address
dst address : TN LINK0 IPv4 address
MF = 1
UDP packet
Checksum for full UDP packet, including pseudo header
data = repeat(0xff,64)
3.2.
<>
<===================
IPv6 UDP packet
IPv6 Header
src address : TN LINK1 IPv4 embedded IPv6 address
dst address : TN LINK0 IPv4 embedded IPv6 address
Fragment Header
More fragments = 1
UDP packet
Checksum including IPv6 pseudo header
data = repeat(0xff,64)
4.1.
<===================
IPv4 UDP packet
IPv4 Header
src address : TN LINK1 IPv4 address
dst address : TN LINK0 IPv4 address
MF = 0
Protocol = 17
Payload
data = repeat(0xff,64)
4.2.
<>
<===================
IPv6 UDP packet
IPv6 Header
src address : TN LINK1 IPv4 embedded IPv6 address
dst address : TN LINK0 IPv4 embedded IPv6 address
Fragment Header
More fragments = 0
NextHeader = 17
Payload
data = repeat(0xff,64)
5.1.
<===================
IPv4 UDP packet
IPv4 Header
src address : TN LINK1 IPv4 address
dst address : TN LINK0 IPv4 address
MF = 1
UDP packet
Checksum = 0xffff (zero checksum)
data = repeat(0xff,64)
5.2.
<>
No packet is received
6.1.
<===================
IPv4 UDP packet
IPv4 Header
src address : TN LINK1 IPv4 address
dst address : TN LINK0 IPv4 address
MF = 0
Protocol = 17
Payload
data = repeat(0xff,64)
6.2.1
<>
RFC2766(NAT-PT) 5.3.1 (TCP/UDP/ICMP Checksum Update from IPv4 to IPv6):
If a V4 UDP packet with a checksum of zero arrives in
fragments, NAT-PT MUST await all the fragments until they can
be assembled into a single non-fragmented packet
<===================
IPv6 UDP packet
IPv6 Header
src address : TN LINK1 IPv4 embedded IPv6 address
dst address : TN LINK0 IPv4 embedded IPv6 address
Fragment Header
More fragments = 0
NextHeader = 17
UDP packet
Checksum including IPv6 pseudo header
data = repeat(0xff,128) 6.2.2
<>
RFC2765(SIIT), 3.2 (UDP packets with checksum zero):
First fragment SHOULD be dropped (and logged internally).
Following fragments SHOULD be dropped silently.
(But are, in a stateless translator, near impossible to
recognize, and are therefore translated normally.)
<===================
IPv6 UDP packet
IPv6 Header
src address : TN LINK1 IPv4 embedded IPv6 address
dst address : TN LINK0 IPv4 embedded IPv6 address
Fragment Header
More fragments = 0
NextHeader = 17
Payload
data = repeat(0xff,64) 6.2.3
<>
RFC2765(SIIT), 3.2 (UDP packets with checksum zero):
First fragment SHOULD be dropped (and logged internally).
Following fragments SHOULD be dropped silently.
<===================
No packet is received
7.1.
<===================
IPv4 TCP packet
IPv4 Header
src address : TN LINK1 IPv4 address
dst address : TN LINK0 IPv4 address
DF = 1
TCP packet
Checksum including IPv4 pseudo header
data = repeat(0xff,128)
7.2.
<>
<===================
IPv6 TCP packet
IPv6 Header
src address : TN LINK1 IPv4 embedded IPv6 address
dst address : TN LINK0 IPv4 embedded IPv6 address
TCP packet
Checksum including IPv6 pseudo header
data = repeat(0xff,128)
8.1.
<===================
IPv4 TCP packet
IPv4 Header
src address : TN LINK1 IPv4 address
dst address : TN LINK0 IPv4 address
MF = 1
TCP packet
Checksum including IPv4 pseudo header
data = repeat(0xff,64)
8.2.
<>
<===================
IPv6 TCP packet
IPv6 Header
src address : TN LINK1 IPv4 embedded IPv6 address
dst address : TN LINK0 IPv4 embedded IPv6 address
Fragment Header
More fragments = 1
TCP packet
Checksum including IPv6 pseudo header
data = repeat(0xff,64)
9.1.
<===================
IPv4 TCP packet
IPv4 Header
src address : TN LINK1 IPv4 address
dst address : TN LINK0 IPv4 address
MF = 0
Payload
data = repeat(0xff,64)
9.2.
<>
<===================
IPv6 TCP packet
IPv6 Header
src address : TN LINK1 IPv4 embedded IPv6 address
dst address : TN LINK0 IPv4 embedded IPv6 address
Fragment Header
More fragments = 0
Payload
data = repeat(0xff,64)
<< PASS >>
NUT adjusts header checksum for UDP/TCP packets with
checksum and recalculates it for UDP packets with
zero checksum.
Fragmented UDP packets with zero checksum are reassembled
at NUT and the checksum is calculated.
<< WARN >>
NUT follows RFC2765, 3.2 instead of RFC2766, 5.3.1 when
handling fragmented V4 UDP packets with a checksum of zero. << FAIL >>
NUT send UDP packets with wrong checksum, or doesn't drop
fragmented UDP with zero checksum.
B5.3.1 TCP/UDP/ICMP Checksum Update from IPv4 to IPv6 UDP checksums, when set to a non-zero value, and TCP checksum SHOULD
be recalculated to reflect the address change from v4 to v6. The
incremental checksum adjustment algorithm may be borrowed from [NAT].
In the case of NAPT-PT, TCP/UDP checksum should be adjusted to
account for the address and TCP/UDP port changes, going from V4 to V6
address. When the checksum of a V4 UDP packet is set to zero, NAT-PT MUST
evaluate the checksum in its entirety for the V6-translated UDP
packet. If a V4 UDP packet with a checksum of zero arrives in
fragments, NAT-PT MUST await all the fragments until they can be
assembled into a single non-fragmented packet and evaluate the
checksum prior to forwarding the translated V6 UDP packet.B3.2. Translating UDP over IPv4 If a UDP packet has a zero UDP checksum then a valid checksum must be
calculated in order to translate the packet. A stateless translator
can not do this for fragmented packets but [MILLER] indicates that
fragmented UDP packets with a zero checksum appear to only be used
for malicious purposes. Thus this is not believed to be a noticeable
limitation. When a translator receives the first fragment of a fragmented UDP
IPv4 packet and the checksum field is zero the translator SHOULD drop
the packet and generate a system management event specifying at least
the IP addresses and port numbers in the packet. When it receives
fragments other than the first it SHOULD silently drop the packet,
since there is no port information to log.
perldoc V6evalTool