[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(usagi-users 03110) Re: kernel cannot process an IPv6 destination options header after the AH header.

Hello, Sekiya-san

--- Original Messages ---
snip
> > I tried the TAHI test item ipsec#20. 
> > This test item uses a destination option header after AH, and the
> > test is failed.
> > This test item is passed when the undermentioned patch is applied.
> 
> Could you describe detail of TAHI test ipsec#20 ?
> Sometimes the number of TAHI test item is changed, so we will
> happy to know detail of the problem.

The following is the test procedure.

Test version : ct-2.1.1 , v6eval-2.1.1
Test item    : router ipsec#20.
Test item name :
    "Detect modification of DstOpt header option data after AH"

Network topology:
  TN--------------------TN-------------------NUT
  (host)               (router)
    ----------------- transport ------------->

Test procedure:
(1) set SAD and SPD by pfkey command
     parameters :
          src="x:x:x:ff05:200:ff:fe00:c1c1"    ---> TN as host
          dst="x:x:x:ff03:2xx:xxff:fexx:xxxx"  ---> NUT
          mode=transport
          protocol=ah
          upperspec=any
          direction=in

(2) option bit 001: option data is mutable
   TN(host)           NUT
     |                 |
     |--echo request-->| [IPv6hdr][AH][DSTH][ICMPv6EchoReq]
     |                 |
     |                 |  DSTH includes opt type = 0x34
     |                 |                length = 4
     |                 |                data = 0x1f1f0000
     |                 |                (data is modified)
     |<-- echo reply --| *1

  *1 : According to the test procedure, an echo reply should be
       transmitted, but it is not actually transmitted.

But, Miyazawa-san says that an inner destination option should not 
have mutable field.

Thank you.

B.R.
Ueki Kohei