rfc2765_3.2_udp.seq - Verify IPv6 <-> IPv4 header
translation in accordance with RFC2765 [SIIT]
Router
rfc2765_3.2_udp.seq [-tooloption ...]
-p rfc2765_3.2_udp.def
Before this test starts, run initialize.seq.
This test verifies that NUT adjusts header checksum for UDP packets.
Network Topology
Link0
--------------------------
| |
TN NUT
| |
--------------------------
Link1
TN -- (Link0) -- NUT NUT -- (Link1) -- TN
--------------------- ------------------------
1.1.
<===================
IPv4 UDP packet
IPv4 Header
src address : TN LINK1 IPv4 address
dst address : TN LINK0 IPv4 address
Don't Fragment = 1
UDP packet
Checksum including IPv4 pseudo header
data = repeat(0xff,64)
1.2.
<>
<===================
IPv6 UDP packet
IPv6 Header
src address : TN LINK1 IPv4 embedded IPv6 address
dst address : TN LINK0 IPv4 embedded IPv6 address
UDP packet
Checksum including IPv6 pseudo header
data = repeat(0xff,64)
2.1.
<===================
IPv4 UDP packet
IPv4 Header
src address : TN LINK1 IPv4 address
dst address : TN LINK0 IPv4 address
Don't Fragment = 1
UDP packet
Checksum = 0xffff (zero checksum)
data = repeat(0xff,64)
2.2.
<>
<===================
IPv6 UDP packet
IPv6 Header
src address : TN LINK1 IPv4 embedded IPv6 address
dst address : TN LINK0 IPv4 embedded IPv6 address
UDP packet
Checksum including IPv6 pseudo header
data = repeat(0xff,64)
3.1.
<===================
IPv4 UDP packet
IPv4 Header
src address : TN LINK1 IPv4 address
dst address : TN LINK0 IPv4 address
MF = 1
UDP packet
Checksum including IPv4 pseudo header
data = repeat(0xff,64)
3.2.
<>
<===================
IPv6 UDP packet
IPv6 Header
src address : TN LINK1 IPv4 embedded IPv6 address
dst address : TN LINK0 IPv4 embedded IPv6 address
Fragment Header
More fragments = 1
UDP packet
Checksum including IPv6 pseudo header
data = repeat(0xff,64)
4.1.
<===================
IPv4 UDP packet
IPv4 Header
src address : TN LINK1 IPv4 address
dst address : TN LINK0 IPv4 address
MF = 1
UDP packet
Checksum = 0xffff (zero checksum)
data = repeat(0xff,64)
4.2.
<>
Packet is silently dropped
<< PASS >>
NUT adjusts header checksum for UDP packets with
checksum and recalculates it for UDP packets with
zero checksum.
Fragmented UDP packets with zero checksum are silently
dropped.
<< FAIL >>
NUT send UDP packets with wrong checksum, or doesn't drop
fragmented UDP with zero checksum.
B3.2. Translating UDP over IPv4 If a UDP packet has a zero UDP checksum then a valid checksum must be
calculated in order to translate the packet. A stateless translator
can not do this for fragmented packets but [MILLER] indicates that
fragmented UDP packets with a zero checksum appear to only be used
for malicious purposes. Thus this is not believed to be a noticeable
limitation. When a translator receives the first fragment of a fragmented UDP
IPv4 packet and the checksum field is zero the translator SHOULD drop
the packet and generate a system management event specifying at least
the IP addresses and port numbers in the packet. When it receives
fragments other than the first it SHOULD silently drop the packet,
since there is no port information to log. When a translator receives an unfragmented UDP IPv4 packet and the
checksum field is zero the translator MUST compute the missing UDP
checksum as part of translating the packet. Also, the translator
SHOULD maintain a counter of how many UDP checksums are generated in
this manner.
perldoc V6evalTool