CDRouter Support

CDRouter Test Summaries

test-summary version 10.4

Test Case Summaries

  • Modules: 61
  • Test Cases: 671

Below is a summary of the testcases in each module


basic.tcl

Initial connectivity tests to verify ARP and DHCP client are connected

Test Name Module Synopsis
cdrouter_basic_1 basic.tcl Router responds to ARP request on LAN interface
cdrouter_basic_2 basic.tcl Router responds to ARP request on WAN interface
cdrouter_basic_10 basic.tcl Verify LAN DHCP clients receive gateway/DNS configuration from WAN side
cdrouter_basic_20 basic.tcl Outbound packets use specified/cloned source MAC address

dhcp-c.tcl

DHCP client tests for the WAN side of the router

Test Name Module Synopsis
cdrouter_dhcp_1 dhcp-c.tcl DHCP client renews lease when current lease expires
cdrouter_dhcp_2 dhcp-c.tcl DHCP client resends DHCPREQUEST packet if server does not respond
cdrouter_dhcp_3 dhcp-c.tcl DHCP client drops back into DISCOVERY mode if original server stops responding
cdrouter_dhcp_4 dhcp-c.tcl DHCP client drops back into DISCOVERY mode if server sends a DHCPNAK
cdrouter_dhcp_5 dhcp-c.tcl DHCP client remains in DISCOVERY mode if server sends a DHCPNAK
cdrouter_dhcp_10 dhcp-c.tcl DHCP client ignores site-specific DHCP options
cdrouter_dhcp_11 dhcp-c.tcl Verify DHCP client handles server option with length 0
cdrouter_dhcp_20 dhcp-c.tcl DHCP client ignores DHCP packets with corrupt UDP checksum
cdrouter_dhcp_30 dhcp-c.tcl DHCP client includes vendor defined options
cdrouter_dhcp_31 dhcp-c.tcl Verify client supports DHCP Rapid Commit option
cdrouter_dhcp_32 dhcp-c.tcl Verify client supports DHCP Forcerenew Nonce Authentication
cdrouter_dhcp_33 dhcp-c.tcl Verify client ignores DHCPFORCERENEW without Authentication option
cdrouter_dhcp_34 dhcp-c.tcl Verify client ignores DHCPFORCERENEW authenticated with incorrect nonce

pppoe-c.tcl

PPPoE client tests for the WAN side of the router

Test Name Module Synopsis
cdrouter_pppoe_client_1 pppoe-c.tcl PPPoE client restarts PPPoE Discovery when PPP LCP Echo-Requests fail
cdrouter_pppoe_client_10 pppoe-c.tcl PPPoE client restarts PPPoE Discovery when PPP LCP terminates PPP link
cdrouter_pppoe_client_50 pppoe-c.tcl PPPoE PPP client replies to LCP Echo-Requests
cdrouter_pppoe_client_60 pppoe-c.tcl PPPoE PPP client maintains LCP Magic Number during session
cdrouter_pppoe_client_200 pppoe-c.tcl PPPoE/PPP restarts if PPP authentication fails
cdrouter_pppoe_client_210 pppoe-c.tcl PPPoE/PPP can recover if LCP renegotiation is attempted
cdrouter_pppoe_client_230 pppoe-c.tcl PPPoE/PPP can recover if LCP Echo-Request contains bad length
cdrouter_pppoe_client_300 pppoe-c.tcl PPPoE client recovers if PPPoE server drops PADR from PPPoE client
cdrouter_pppoe_client_310 pppoe-c.tcl PPPoE client returns AC-Cookie in PADR when server sends AC-Cookie in PADO
cdrouter_pppoe_client_320 pppoe-c.tcl PPPoE client maintains Relay-Session-Id during PPPoE session establishment
cdrouter_pppoe_client_330 pppoe-c.tcl PPPoE client sends PADT packet after idle timeout elapses
cdrouter_pppoe_client_400 pppoe-c.tcl Verify PPPoE client sends correct PPP-Max-Payload tag in PADI packets

pppoa-c.tcl

PPPoA client tests for the WAN side of the router

Test Name Module Synopsis
cdrouter_pppoa_client_1 pppoa-c.tcl PPPoA client restarts PPP when PPP LCP Echo-Request fail
cdrouter_pppoa_client_10 pppoa-c.tcl PPPoA client restarts PPP session when PPP LCP terminates PPP link
cdrouter_pppoa_client_50 pppoa-c.tcl PPPoA PPP client replies to LCP Echo-Requests
cdrouter_pppoa_client_60 pppoa-c.tcl PPPoA PPP client maintains LCP Magic Number during session
cdrouter_pppoa_client_200 pppoa-c.tcl PPPoA/PPP restarts if PPP authentication fails
cdrouter_pppoa_client_210 pppoa-c.tcl PPPoA/PPP can recover if LCP renegotiation is attempted
cdrouter_pppoa_client_230 pppoa-c.tcl PPPoA/PPP can recover if LCP Echo-Request contains bad length
cdrouter_pppoa_client_300 pppoa-c.tcl PPPoA restarts PPP link after detecting mismatched ATM encapsulation

pptp-c.tcl

PPTP client tests for the WAN side of the router

Test Name Module Synopsis
cdrouter_pptp_5 pptp-c.tcl PPTP client restarts PPTP connection when PPTP Echo Requests fail
cdrouter_pptp_10 pptp-c.tcl PPTP client restarts PPTP connection when PPP LCP terminates PPP link
cdrouter_pptp_20 pptp-c.tcl PPTP client restarts PPTP connection when TCP control session is closed
cdrouter_pptp_25 pptp-c.tcl PPTP client restarts PPTP connection when TCP control session is reset
cdrouter_pptp_30 pptp-c.tcl PPTP client initiates new call after a PPTP Call-Disconnect-Notify
cdrouter_pptp_50 pptp-c.tcl PPTP PPP client replies to LCP Echo Requests
cdrouter_pptp_60 pptp-c.tcl PPTP PPP client maintains LCP Magic Number during session
cdrouter_pptp_200 pptp-c.tcl PPTP/PPP restarts if PPP authentication fails
cdrouter_pptp_210 pptp-c.tcl PPTP/PPP can recover if LCP renegotiation is attempted
cdrouter_pptp_230 pptp-c.tcl PPTP/PPP can recover if LCP Echo Request contains bad length

l2tp-c.tcl

L2TP client tests for WAN side of the router

Test Name Module Synopsis
cdrouter_l2tp_5 l2tp-c.tcl L2TP client restarts L2TP connection when L2TP Hello Requests are unanswered
cdrouter_l2tp_10 l2tp-c.tcl L2TP client restarts L2TP connection when PPP LCP terminates PPP link
cdrouter_l2tp_20 l2tp-c.tcl L2TP client initiates new L2TP connection after closing tunnel with StopCCN
cdrouter_l2tp_30 l2tp-c.tcl L2TP client initiates new L2TP tunnel after receiving CDN and StopCCN
cdrouter_l2tp_40 l2tp-c.tcl L2TP client sends HELLO after period of inactivity
cdrouter_l2tp_50 l2tp-c.tcl L2TP PPP client replies to LCP Echo Requests
cdrouter_l2tp_60 l2tp-c.tcl L2TP PPP client maintains LCP Magic Number during session
cdrouter_l2tp_200 l2tp-c.tcl L2TP/PPP restarts if PPP authentication fails
cdrouter_l2tp_210 l2tp-c.tcl L2TP/PPP can recover if LCP renegotiation is attempted
cdrouter_l2tp_230 l2tp-c.tcl L2TP/PPP can recover if LCP Echo Request contains bad length

chap.tcl

PPP CHAP tests for PPP based protocols on the WAN (PPPoE, PPPoA, PPTP)

Test Name Module Synopsis
cdrouter_chap_10 chap.tcl PPP CHAP authentication with various size key lengths
cdrouter_chap_20 chap.tcl Verify PPP client will reauthenticate using CHAP during active connection

mac-filter.tcl

Basic tests for verifying MAC based network filters

Test Name Module Synopsis
cdrouter_mac_filter_1 mac-filter.tcl Verify ARP resolution behavior for filtered hosts with deny policy
cdrouter_mac_filter_2 mac-filter.tcl Verify ARP resolution behavior for filtered hosts with allow policy
cdrouter_mac_filter_3 mac-filter.tcl Verify DHCP behavior for filtered hosts with deny policy
cdrouter_mac_filter_4 mac-filter.tcl Verify DHCP behavior for filtered hosts with allow policy
cdrouter_mac_filter_5 mac-filter.tcl Verify ICMP Echo behavior for filtered hosts with deny policy
cdrouter_mac_filter_6 mac-filter.tcl Verify ICMP Echo behavior for filtered hosts with allow policy

dhcp-s.tcl

DHCP server tests for the LAN side of the router

Test Name Module Synopsis
cdrouter_dhcp_server_1 dhcp-s.tcl Verify DHCP server returns same IP address when client renews
cdrouter_dhcp_server_2 dhcp-s.tcl Verify DHCP server rejects DHCPREQUESTS with non-offered IP address
cdrouter_dhcp_server_3 dhcp-s.tcl Verify DHCP server address reservations
cdrouter_dhcp_server_4 dhcp-s.tcl Verify DHCP server returns IP address within configured pool
cdrouter_dhcp_server_5 dhcp-s.tcl Verify DHCP server returns IP address with expected lease time
cdrouter_dhcp_server_6 dhcp-s.tcl Verify DHCP server returns same IP address when client restarts
cdrouter_dhcp_server_7 dhcp-s.tcl Verify DHCP server returns same IP address when client releases then restarts
cdrouter_dhcp_server_8 dhcp-s.tcl Verify DHCP server returns same IP address when client restarts using Requested IP Address option
cdrouter_dhcp_server_9 dhcp-s.tcl Verify DHCP server returns same IP address when client releases and restarts using Requested IP Address option
cdrouter_dhcp_server_10 dhcp-s.tcl Verify DHCP server returns requested IP address when new client uses Requested IP Address option
cdrouter_dhcp_server_11 dhcp-s.tcl Verify DHCP server does not return an address when invalid Requested IP Address option is used
cdrouter_dhcp_server_30 dhcp-s.tcl DHCP server includes vendor defined options
cdrouter_dhcp_server_31 dhcp-s.tcl Verify server supports DHCP Rapid Commit option
cdrouter_dhcp_server_100 dhcp-s.tcl Verify DHCP server accepts DHCP client packets with IPv4 length less than 576
cdrouter_dhcp_server_200 dhcp-s.tcl Verify DHCP server rejects DHCPREQUESTS with IP address of other clients
cdrouter_dhcp_server_300 dhcp-s.tcl Verify DHCP server ignores site-specific DHCP options
cdrouter_dhcp_server_301 dhcp-s.tcl Verify DHCP server handles client option with length 0
cdrouter_dhcp_server_401 dhcp-s.tcl Verify DHCP server ignores DHCP packets with an invalid UDP checksum
cdrouter_dhcp_server_501 dhcp-s.tcl Verify DHCP server allows multiple DHCP clients with same name (DHCP option 12)
cdrouter_dhcp_server_520 dhcp-s.tcl Verify DHCP server uses IPv4 broadcast when DHCP client sets broadcast flag
cdrouter_dhcp_server_540 dhcp-s.tcl Verify DHCP server probes IPv4 client address before assigning
cdrouter_dhcp_server_600 dhcp-s.tcl Verify DHCP server returns correct WINS server(s)
cdrouter_dhcp_server_610 dhcp-s.tcl Verify DHCP server returns correct NTP server(s)
cdrouter_dhcp_server_620 dhcp-s.tcl Verify DHCP server returns correct client identifier option
cdrouter_dhcp_server_630 dhcp-s.tcl Verify DHCP server returns correct DNS server(s)
cdrouter_dhcp_server_700 dhcp-s.tcl Verify DHCP server responds to unicast and broadcast DHCPINFORM messages
cdrouter_dhcp_server_710 dhcp-s.tcl Verify DHCP server handles clients using V-I Vendor-Specific Information option
cdrouter_dhcp_server_720 dhcp-s.tcl Verify DHCP server handles clients using V-I Vendor Class option
cdrouter_dhcp_server_800 dhcp-s.tcl Verify DHCP server does not become exhausted after a large number of DHCP restarts
cdrouter_dhcp_server_801 dhcp-s.tcl Verify DHCP server does not become exhausted after a large number of DHCP release then restarts

nat.tcl

NAPT tests for TCP, UDP, and ICMP

Test Name Module Synopsis
cdrouter_nat_1 nat.tcl Outbound TCP connections use NAPT
cdrouter_nat_2 nat.tcl Outbound UDP connections use NAPT
cdrouter_nat_100 nat.tcl Maximum number of TCP connections with single LAN host
cdrouter_nat_101 nat.tcl NAPT with multiple LAN hosts using the same TCP source port
cdrouter_nat_120 nat.tcl NAPT with a TCP and UDP connection using the same source port
cdrouter_nat_130 nat.tcl Verify NAPT with outbound TCP connections using high and low source ports
cdrouter_nat_150 nat.tcl Verify TCP source port can be reused after a passive close behind NAPT
cdrouter_nat_200 nat.tcl Maximum number of UDP connections with single LAN host
cdrouter_nat_201 nat.tcl NAPT with multiple LAN hosts using the same UDP source port
cdrouter_nat_300 nat.tcl Verify NAPT checks source IP address of inbound UDP packets
cdrouter_nat_320 nat.tcl UDP headers with a checksum equal to 0 should not be modified
cdrouter_nat_330 nat.tcl Outbound TCP connection using IPv4 options
cdrouter_nat_340 nat.tcl Outbound UDP connection using IPv4 options
cdrouter_nat_350 nat.tcl Verify NAPT uses port parity preservation
cdrouter_nat_360 nat.tcl Verify ICMP Destination Unreachable message from WAN does not destroy NAT UDP mapping
cdrouter_nat_361 nat.tcl Verify ICMP Destination Unreachable message from WAN does not destroy NAT TCP mapping
cdrouter_nat_400 nat.tcl Verify basic MSS Clamping for TCP sessions
cdrouter_nat_401 nat.tcl Verify MSS Clamping with TCP options from different clients
cdrouter_nat_410 nat.tcl Verify MSS Clamping does not modify smaller MSS values
cdrouter_nat_500 nat.tcl NAT uses single binding for TCP session with same source IP and source port
cdrouter_nat_501 nat.tcl NAT uses single binding for UDP session with same source IP and source port
cdrouter_nat_510 nat.tcl NAT performs hairpin translation for LAN side TCP connections
cdrouter_nat_511 nat.tcl NAT performs hairpin translation for LAN side UDP connections
cdrouter_nat_520 nat.tcl Verify Port-Restricted, Address-Restricted, or Full-Cone NAPT for UDP connections
cdrouter_nat_530 nat.tcl Verify TCP connections using TCP window scale option through NAT
cdrouter_nat_600 nat.tcl Verify TCP Fast Open cookie request through NAT
cdrouter_nat_610 nat.tcl Verify TCP connections using TCP Fast Open option through NAT

nat-timeout.tcl

NAPT tests for session timers

Test Name Module Synopsis
cdrouter_nat_timeout_1 nat-timeout.tcl Verify NAT TCP session timeout after FIN close
cdrouter_nat_timeout_2 nat-timeout.tcl Verify NAT TCP session timeout after RST close
cdrouter_nat_timeout_10 nat-timeout.tcl Verify NAT TCP session timeout for established session
cdrouter_nat_timeout_11 nat-timeout.tcl Verify NAT TCP SYN session timeout
cdrouter_nat_timeout_20 nat-timeout.tcl Verify NAT UDP session timeout
cdrouter_nat_timeout_25 nat-timeout.tcl Verify NAT DNS session timeout
cdrouter_nat_timeout_30 nat-timeout.tcl Verify NAT ICMP session timeout
cdrouter_nat_timeout_40 nat-timeout.tcl Verify RTSP session timeout for established session

renum-dhcp.tcl

WAN side renumbering tests with DHCP on the WAN

Test Name Module Synopsis
cdrouter_renumber_1 renum-dhcp.tcl Verify WAN client learns new IP address when WAN server renumbers
cdrouter_renumber_2 renum-dhcp.tcl Verify existing TCP connections can be reestablished after WAN renumber
cdrouter_renumber_3 renum-dhcp.tcl Verify LAN clients learn new DNS server during LAN side renew
cdrouter_renumber_4 renum-dhcp.tcl Verify LAN clients learn new longer domain name during LAN side renew
cdrouter_renumber_5 renum-dhcp.tcl Verify LAN clients learn new shorter domain name during LAN side renew
cdrouter_renumber_6 renum-dhcp.tcl Verify WAN side switches to new gateway after renumber
cdrouter_renumber_50 renum-dhcp.tcl Verify LAN clients learn additional DNS servers

renum-pppoe.tcl

WAN side renumbering tests with PPPoE on the WAN

Test Name Module Synopsis
cdrouter_renum_pppoe_1 renum-pppoe.tcl Verify WAN PPPoE client learns new IP address when WAN server renumbers
cdrouter_renum_pppoe_2 renum-pppoe.tcl Verify existing TCP connections can be reestablished after WAN renumber
cdrouter_renum_pppoe_3 renum-pppoe.tcl Verify LAN clients learn new DNS server during LAN side renew
cdrouter_renum_pppoe_6 renum-pppoe.tcl Verify WAN side switches to new gateway after renumber
cdrouter_renum_pppoe_50 renum-pppoe.tcl Verify LAN clients learn additional DNS server

renum-pppoa.tcl

WAN side renumbering tests with PPPoA on the WAN

Test Name Module Synopsis
cdrouter_renum_pppoa_1 renum-pppoa.tcl Verify WAN PPPoA client learns new IP address when WAN server renumbers
cdrouter_renum_pppoa_2 renum-pppoa.tcl Verify existing TCP connections can be reestablished after WAN renumber
cdrouter_renum_pppoa_3 renum-pppoa.tcl Verify LAN clients learn new DNS server during LAN side renew
cdrouter_renum_pppoa_6 renum-pppoa.tcl Verify WAN side switches to new gateway after renumber
cdrouter_renum_pppoa_50 renum-pppoa.tcl Verify LAN clients learn additional DNS server

renum-pptp.tcl

WAN side renumbering tests with PPTP on the WAN

Test Name Module Synopsis
cdrouter_renum_pptp_1 renum-pptp.tcl Verify WAN PPTP client learns new IP address when WAN server renumbers
cdrouter_renum_pptp_2 renum-pptp.tcl Verify existing TCP connections can be reestablished after WAN renumber
cdrouter_renum_pptp_3 renum-pptp.tcl Verify LAN clients learn new DNS server during LAN side renew
cdrouter_renum_pptp_6 renum-pptp.tcl Verify WAN side switches to new gateway after renumber
cdrouter_renum_pptp_50 renum-pptp.tcl Verify LAN clients learn additional DNS server

renum-l2tp.tcl

WAN side renumbering tests with L2TP on the WAN

Test Name Module Synopsis
cdrouter_renum_l2tp_1 renum-l2tp.tcl Verify WAN L2TP client learns new IP address when WAN server renumbers
cdrouter_renum_l2tp_2 renum-l2tp.tcl Verify existing TCP connections can be reestablished after WAN renumber
cdrouter_renum_l2tp_3 renum-l2tp.tcl Verify LAN clients learn new DNS server during LAN side renew
cdrouter_renum_l2tp_6 renum-l2tp.tcl Verify WAN side switches to new gateway after renumber
cdrouter_renum_l2tp_50 renum-l2tp.tcl Verify LAN clients learn additional DNS server

icmp.tcl

ICMP tests for generating various ICMP packets and NAPT of ICMP data

Test Name Module Synopsis
cdrouter_icmp_1 icmp.tcl Verify ICMP Echo Requests (ping) work through router
cdrouter_icmp_2 icmp.tcl Verify ICMP Echo Requests from multiple LAN clients work through router
cdrouter_icmp_5 icmp.tcl Verify ICMP Echo Requests to router’s LAN side IP address from the LAN
cdrouter_icmp_6 icmp.tcl Verify ICMP Echo Requests to router’s WAN side IP address from the LAN
cdrouter_icmp_10 icmp.tcl Verify ICMP Time Exceeded packet is sent when incoming TTL is 1
cdrouter_icmp_11 icmp.tcl Verify NAT translates IP address in ICMP Time Exceeded packet
cdrouter_icmp_12 icmp.tcl Verify NAT translates IP address in ICMP Destination Unreachable with code port unreachable
cdrouter_icmp_13 icmp.tcl Verify NAT translates IP address in ICMP Destination Unreachable with code fragmentation needed
cdrouter_icmp_14 icmp.tcl Verify NAT translates IP address in outbound ICMP Destination Unreachable with code port unreachable
cdrouter_icmp_20 icmp.tcl Verify router supports Path MTU Discovery over WAN interface

firewall.tcl

Firewall tests including port scans

Test Name Module Synopsis
cdrouter_firewall_1 firewall.tcl Inbound TCP connections to public side HTTP port are blocked
cdrouter_firewall_2 firewall.tcl Inbound TCP connections to LAN hosts are blocked
cdrouter_firewall_10 firewall.tcl DHCP server ignores DHCP client request from the WAN
cdrouter_firewall_12 firewall.tcl DNS requests from the WAN are ignored by DNS proxy or relay
cdrouter_firewall_100 firewall.tcl Perform TCP port scan test on router’s public WAN IP address
cdrouter_firewall_101 firewall.tcl Perform UDP port scan test on router’s public WAN IP address
cdrouter_firewall_110 firewall.tcl Perform TCP fragmentation port scan test on router’s public WAN IP address
cdrouter_firewall_301 firewall.tcl Verify firewall blocks/accepts piggyback TCP SYN connections from WAN
cdrouter_firewall_508 firewall.tcl Verify outbound packets are not forwarded if the source address is not a prefix of the interior network

firewall-out.tcl

Firewall tests for limiting outbound access to services

Test Name Module Synopsis
cdrouter_firewall_outbound_1 firewall-out.tcl Verify CPE does not forward outbound TCP packets to ports that have been administratively blocked
cdrouter_firewall_outbound_2 firewall-out.tcl Verify CPE does not forward outbound UDP packets to ports that have been administratively blocked
cdrouter_firewall_outbound_3 firewall-out.tcl Verify CPE does not forward outbound IP packets for protocols that have been administratively blocked

apps.tcl

Application layer gateway (ALG) tests for FTP, DNS, TFTP, SMTP, POP3, H.323, MSN, RTSP and others

Test Name Module Synopsis
cdrouter_app_2 apps.tcl Verify router supports the active mode FTP PORT command
cdrouter_app_3 apps.tcl Multiple FTP connections using the same source port
cdrouter_app_10 apps.tcl Connections opened for FTP PORT command check for correct IPv4 address
cdrouter_app_11 apps.tcl Verify FTP PORT command succeeds when TCP segment is retransmitted
cdrouter_app_12 apps.tcl Verify FTP PORT translation stays the same when TCP segment is retransmitted
cdrouter_app_14 apps.tcl Verify router closes public ports opened with the FTP PORT command
cdrouter_app_15 apps.tcl Verify router supports the active mode FTP EPRT command
cdrouter_app_16 apps.tcl Verify translation of EPRT command accepts non default delimiters
cdrouter_app_17 apps.tcl Verify router supports the passive mode FTP PASV command
cdrouter_app_18 apps.tcl Verify router supports the passive mode FTP EPSV command
cdrouter_app_20 apps.tcl Verify DNS queries to router are forwarded to real DNS server
cdrouter_app_21 apps.tcl Verify DNS queries sent to primary DNS server
cdrouter_app_22 apps.tcl Verify DNS queries sent to backup DNS server
cdrouter_app_25 apps.tcl Verify DNS relay on router fails over to backup DNS server
cdrouter_app_26 apps.tcl Verify DNS relay on router fails over to backup DNS server (using same ID for retransmissions)
cdrouter_app_27 apps.tcl Verify DNS relay on router fails over to third DNS server
cdrouter_app_28 apps.tcl Verify DNS relay on router fails over to third DNS server (using same ID for retransmissions)
cdrouter_app_30 apps.tcl Verify DNS queries sent directly to a 3rd party DNS server
cdrouter_app_100 apps.tcl Verify router supports wrapping of TCP sequence number for FTP transfers
cdrouter_app_110 apps.tcl Verify HTTPS session through the router
cdrouter_app_120 apps.tcl Verify SMTP session through the router
cdrouter_app_122 apps.tcl Verify POP3 session through the router
cdrouter_app_124 apps.tcl Verify TFTP session through the router
cdrouter_app_126 apps.tcl Verify NTP session through the router
cdrouter_app_130 apps.tcl Verify STUN session through the router
cdrouter_app_131 apps.tcl Verify authenticated STUN session through the router
cdrouter_app_200 apps.tcl Verify router translates outbound H.323/Q.931 SETUP messages
cdrouter_app_205 apps.tcl Verify router translates outbound H.245 Open Logical Channel Requests
cdrouter_app_207 apps.tcl Verify router translates outbound H.245 Open Logical Channel Ack Response
cdrouter_app_220 apps.tcl Verify router translates inbound H.323/Q.931 Setup messages
cdrouter_app_225 apps.tcl Verify router translates inbound H.323/Q.931 Connect messages
cdrouter_app_227 apps.tcl Verify router translates inbound H.245 Open Logical Channel Ack Response
cdrouter_app_302 apps.tcl Verify router translates MSN File Transfer Invite messages
cdrouter_app_305 apps.tcl Verify router translates MSN Voice Invite messages
cdrouter_app_310 apps.tcl Verify router does not modify MSN fields related to NAT detection
cdrouter_rtsp_1 apps.tcl Verify basic RTSP session with UDP transport
cdrouter_rtsp_2 apps.tcl Verify basic RTSP session with UDP transport for multiple LAN hosts
cdrouter_rtsp_10 apps.tcl Verify RTSP transport is translated in both outbound and inbound directions
cdrouter_rtsp_20 apps.tcl Verify RTSP port mapping is deleted after TEARDOWN and TCP close
cdrouter_rtsp_21 apps.tcl Verify RTSP port mapping is deleted after TEARDOWN and without TCP close
cdrouter_rtsp_22 apps.tcl Verify RTSP port mappings still work when TCP connection is closed
cdrouter_rtsp_30 apps.tcl Verify IPv4 destination in client transport SETUP is translated to public IP
cdrouter_rtsp_50 apps.tcl Verify RTSP ALG supports persistent TCP connections
cdrouter_rtsp_60 apps.tcl Verify RTSP session with different IPv4 address for RTP media server
cdrouter_rtsp_70 apps.tcl Verify RTSP session timeout for established session
cdrouter_mptcp_1 apps.tcl Verify a Multipath TCP connection can be opened
cdrouter_mptcp_2 apps.tcl Verify a Multipath TCP connection with two subflows can be opened

ipsecpt.tcl

IPSEC based VPN pass through from the LAN to the WAN

Test Name Module Synopsis
cdrouter_ipsecpt_1 ipsecpt.tcl Verify IKE packets pass through router on UDP port 500
cdrouter_ipsecpt_2 ipsecpt.tcl Verify tunnel mode IPSEC packets pass through router
cdrouter_ipsecpt_3 ipsecpt.tcl Fragmented tunnel mode IPSEC packets are forwarded between LAN and WAN
cdrouter_ipsecpt_30 ipsecpt.tcl Verify unknown IPv4 protocol types using the pass through mechanism
cdrouter_ipsecpt_100 ipsecpt.tcl Verify the maximum number of IPSEC pass through connections for a single LAN host
cdrouter_ipsecpt_110 ipsecpt.tcl Verify IPSEC pass through with multiple LAN clients using same VPN server
cdrouter_ipsecpt_120 ipsecpt.tcl Verify IKE with multiple LAN clients using same VPN server
cdrouter_ipsecpt_200 ipsecpt.tcl IPSEC pass through without NAT-T based IPSEC client
cdrouter_ipsecpt_210 ipsecpt.tcl IPSEC pass through with NAT-T based IPSEC client

forward.tcl

Forwarding tests with different packet sizes and directions

Test Name Module Synopsis
cdrouter_forward_1 forward.tcl Verify IPv4 TTL is decremented for forwarded packets
cdrouter_forward_2 forward.tcl Verify packet is not forwarded when IPv4 TTL is 1
cdrouter_forward_3 forward.tcl Verify packet can be forwarded back through incoming LAN interface
cdrouter_forward_4 forward.tcl Verify packet is not forwarded if IPv4 checksum is corrupt
cdrouter_forward_10 forward.tcl Forward UDP packets with various packet lengths (LAN to WAN)
cdrouter_forward_11 forward.tcl Forward UDP packets with various packet lengths (WAN to LAN)
cdrouter_forward_20 forward.tcl No packets are forwarded if WAN lease expires

jumbo.tcl

Jumbo MTU forwarding tests with different packet sizes and directions

Test Name Module Synopsis
cdrouter_jumbo_1 jumbo.tcl Verify IPv4 TTL is decremented for forwarded jumbo MTU packets
cdrouter_jumbo_2 jumbo.tcl Verify jumbo MTU packet is not forwarded when IPv4 TTL is 1
cdrouter_jumbo_3 jumbo.tcl Verify jumbo MTU packet can be forwarded back through incoming LAN interface
cdrouter_jumbo_4 jumbo.tcl Verify jumbo MTU packet is not forwarded if IPv4 checksum is corrupt
cdrouter_jumbo_10 jumbo.tcl Forward jumbo MTU UDP packets with various packet lengths (LAN to WAN)
cdrouter_jumbo_11 jumbo.tcl Forward jumbo MTU UDP packets with various packet lengths (WAN to LAN)

rip.tcl

RIPv1/v2 tests for LAN side of the router

Test Name Module Synopsis
cdrouter_rip_1 rip.tcl Verify router sends RIPv1/v2 update on LAN side
cdrouter_rip_2 rip.tcl Verify router learns new RIP routes from LAN side RIP router (v1 or v2)
cdrouter_rip_5 rip.tcl Verify router responds to RIP requests on LAN interface
cdrouter_rip_10 rip.tcl Verify router selects RIP route with lowest metric (v1 or v2)
cdrouter_rip_12 rip.tcl Verify router ignores routes with a metric of 16
cdrouter_rip_20 rip.tcl Verify router uses split horizon or poison reverse for learned RIP routes
cdrouter_rip_30 rip.tcl Verify router announces default route on LAN side
cdrouter_rip_100 rip.tcl Verify the maximum number of RIP routes supported
cdrouter_rip_200 rip.tcl Verify router learns new RIP routes from WAN side RIP router (v1 or v2)

scaling.tcl

Scaling tests for maximum number of DHCP clients and connections (TCP, HTTP, VPN)

Test Name Module Synopsis
cdrouter_scale_1 scaling.tcl Verify all DHCP clients are operational
cdrouter_scale_2 scaling.tcl Verify all DHCP clients with multiple TCP connections
cdrouter_scale_3 scaling.tcl Verify all DHCP clients with single UDP connection
cdrouter_scale_10 scaling.tcl Verify no duplicate IP addresses are assigned when DHCP address pool is exhausted
cdrouter_scale_15 scaling.tcl Verify all DHCP clients can create an IPSEC tunnel
cdrouter_scale_20 scaling.tcl Verify all DHCP clients can create a PPTP tunnel
cdrouter_scale_30 scaling.tcl Verify all DHCP clients can create a L2TP/IPSEC tunnel
cdrouter_scale_40 scaling.tcl Verify all DHCP clients can create a L2TP/IPSEC tunnel with NAT-T

vservice.tcl

Port forwarding tests to verify configured virtual services on the router

Test Name Module Synopsis
cdrouter_vservice_10 vservice.tcl Verify each configured TCP virtual service
cdrouter_vservice_20 vservice.tcl Verify each configured UDP virtual service
cdrouter_vservice_30 vservice.tcl Verify TCP virtual services are reachable from the LAN side
cdrouter_vservice_40 vservice.tcl Verify UDP virtual services are reachable from the LAN side

url-filter.tcl

URL filtering tests for LAN side HTTP clients

Test Name Module Synopsis
cdrouter_urlfilter_10 url-filter.tcl Verify HTTP GETs to filtered URLs are blocked
cdrouter_urlfilter_12 url-filter.tcl Verify HTTP GETs to filtered URLs are blocked without DNS lookups
cdrouter_urlfilter_15 url-filter.tcl Verify HTTP HEADs to filtered URLs are blocked
cdrouter_urlfilter_20 url-filter.tcl Verify HTTP POSTs to filtered URLs are blocked
cdrouter_urlfilter_30 url-filter.tcl Verify URL filtering does not look at Cookie data
cdrouter_urlfilter_40 url-filter.tcl Verify HTTPS GETs to filtered URLs are blocked

triggerp.tcl

Tests to verify configured trigger ports on the router

Test Name Module Synopsis
cdrouter_tport_10 triggerp.tcl Verify basic case for each configured trigger port application
cdrouter_tport_30 triggerp.tcl Verify multiple LAN hosts can use trigger ports after mappings are aged out

upnp.tcl

UPnP tests for routers that support IGDv1/IGDv2 devices

Test Name Module Synopsis
cdrouter_ssdp_1 upnp.tcl Verify UPnP router responds to SSDP Discovery Requests on LAN
cdrouter_ssdp_2 upnp.tcl Verify UPnP router does not respond to SSDP Discovery Requests on WAN
cdrouter_ssdp_3 upnp.tcl Verify UPnP router supports discovery of required IGD devices and services
cdrouter_ssdp_4 upnp.tcl Verify UPnP router does not respond to SSDP Discovery Requests without MX header
cdrouter_ssdp_5 upnp.tcl Verify UPnP router responds to unicast SSDP Discovery Requests on LAN
cdrouter_ssdp_6 upnp.tcl Verify required headers of M-SEARCH responses on LAN
cdrouter_upnp_10 upnp.tcl Verify XML description of IGD root device can be parsed
cdrouter_upnp_12 upnp.tcl Verify XML descriptions cannot be loaded from the WAN side of router
cdrouter_upnp_20 upnp.tcl Verify XML description for WANIPConnection or WANPPPConnection service can be parsed
cdrouter_upnp_25 upnp.tcl Verify router responds to UPnP Query for ConnectionStatus
cdrouter_upnp_30 upnp.tcl Verify UPnP GetExternalIPAddress Action returns WAN IP address
cdrouter_upnp_31 upnp.tcl Verify UPnP GetStatusInfo Action returns correct ConnectionStatus information
cdrouter_upnp_32 upnp.tcl Verify UPnP GetStatusInfo Action returns increasing Uptime value
cdrouter_upnp_35 upnp.tcl Add/delete dynamic UPnP TCP port mapping for wildcard IP source address
cdrouter_upnp_36 upnp.tcl Add/delete dynamic UPnP TCP port mapping for specific IP source address
cdrouter_upnp_40 upnp.tcl Add/delete dynamic UPnP UDP port mapping for wildcard IP source address
cdrouter_upnp_41 upnp.tcl Add/delete dynamic UPnP UDP port mapping for specific IP source address
cdrouter_upnp_45 upnp.tcl Verify UPnP Router rejects new port mappings that conflict
cdrouter_upnp_50 upnp.tcl Verify dynamic UPnP port mapping is deleted when lease expires
cdrouter_upnp_100 upnp.tcl Maximum number of UPnP TCP dynamic port mappings
cdrouter_upnp_200 upnp.tcl Verify UPnP clients can subscribe/unsubcribe to events for WANIPConnection or WANPPPConnection
cdrouter_upnp_201 upnp.tcl Verify UPnP clients can subscribe to events with infinite subscription time
cdrouter_upnp_202 upnp.tcl Verify UPnP clients can renew NOTIFY events for WANIPConnection or WANPPPConnection
cdrouter_upnp_203 upnp.tcl Verify router sends UPnP NOTIFY events for ConnectionStatus
cdrouter_upnp_204 upnp.tcl Verify router sends UPnP NOTIFY events with updated ExternalIPAddress
cdrouter_upnp_210 upnp.tcl Verify router stops sending NOTIFY events when subscription expires
cdrouter_upnp_220 upnp.tcl Verify the maximum number of UPnP event subscriptions that can be created
cdrouter_ssdp_igd2_3 upnp.tcl Verify UPnP router supports discovery of required devices and services (IGD2)
cdrouter_upnp_igd2_10 upnp.tcl Verify XML description of IGD root device can be parsed (IGD2)
cdrouter_upnp_igd2_12 upnp.tcl Verify XML descriptions cannot be loaded from the WAN side of router (IGD2)
cdrouter_upnp_igd2_20 upnp.tcl Verify XML description for WANIPConnection or WANPPPConnection service can be parsed (IGD2)
cdrouter_upnp_igd2_25 upnp.tcl Verify router responds to UPnP Query for ConnectionStatus (IGD2)
cdrouter_upnp_igd2_30 upnp.tcl Verify UPnP GetExternalIPAddress Action returns WAN IP address (IGD2)
cdrouter_upnp_igd2_31 upnp.tcl Verify UPnP GetStatusInfo Action returns correct ConnectionStatus information (IGD2)
cdrouter_upnp_igd2_32 upnp.tcl Verify UPnP GetStatusInfo Action returns increasing Uptime value (IGD2)
cdrouter_upnp_igd2_35 upnp.tcl Add/delete dynamic UPnP TCP port mapping for wildcard IP source address (IGD2)
cdrouter_upnp_igd2_36 upnp.tcl Add/delete dynamic UPnP TCP port mapping for specific IP source address (IGD2)
cdrouter_upnp_igd2_40 upnp.tcl Add/delete dynamic UPnP UDP port mapping for wildcard IP source address (IGD2)
cdrouter_upnp_igd2_41 upnp.tcl Add/delete dynamic UPnP UDP port mapping for specific IP source address (IGD2)
cdrouter_upnp_igd2_45 upnp.tcl Verify UPnP Router rejects new port mappings that conflict (IGD2)
cdrouter_upnp_igd2_50 upnp.tcl Verify dynamic UPnP port mapping is deleted when lease expires (IGD2)
cdrouter_upnp_igd2_100 upnp.tcl Maximum number of UPnP TCP dynamic port mappings (IGD2)
cdrouter_upnp_igd2_200 upnp.tcl Verify UPnP clients can subscribe/unsubcribe to events for WANIPConnection or WANPPPConnection (IGD2)
cdrouter_upnp_igd2_201 upnp.tcl Verify UPnP clients can subscribe to events with infinite subscription time (IGD2)
cdrouter_upnp_igd2_202 upnp.tcl Verify UPnP clients can renew NOTIFY events for WANIPConnection or WANPPPConnection (IGD2)
cdrouter_upnp_igd2_203 upnp.tcl Verify router sends UPnP NOTIFY events for ConnectionStatus (IGD2)
cdrouter_upnp_igd2_204 upnp.tcl Verify router sends UPnP NOTIFY events with updated ExternalIPAddress (IGD2)
cdrouter_upnp_igd2_210 upnp.tcl Verify router stops sending NOTIFY events when subscription expires (IGD2)
cdrouter_upnp_igd2_220 upnp.tcl Verify the maximum number of UPnP event subscriptions that can be created (IGD2)

pptp-pt.tcl

PPTP based VPN pass through from the LAN to the WAN

Test Name Module Synopsis
cdrouter_pptppt_1 pptp-pt.tcl PPTP control session can be established at port 1723
cdrouter_pptppt_2 pptp-pt.tcl Tunneled PPTP data packets pass through router (PPP over GRE)
cdrouter_pptppt_100 pptp-pt.tcl Verify the max number of PPTP pass through connections for a single LAN host

l2tp-pt.tcl

L2TP based VPN pass through from the LAN to the WAN

Test Name Module Synopsis
cdrouter_l2tppt_1 l2tp-pt.tcl Verify L2TP session passes through router
cdrouter_l2tppt_2 l2tp-pt.tcl Verify L2TP over IPSEC session passes through router
cdrouter_l2tppt_10 l2tp-pt.tcl Verify L2TP over IPSEC with NAT-T passes through router

eapol.tcl

Basic EAPOL tests for all types of EAP

Test Name Module Synopsis
cdrouter_eapol_1 eapol.tcl Authenticator sends EAPOL packets to supplicant’s unicast MAC address
cdrouter_eapol_2 eapol.tcl Basic case of authenticator initiated authentication
cdrouter_eapol_3 eapol.tcl Basic case of supplicant initiated authentication
cdrouter_eapol_6 eapol.tcl Authenticator sends EAP Failure after supplicant sends EAPOL-Logoff
cdrouter_eapol_8 eapol.tcl Authenticator sends EAP Failure if identity is unknown
cdrouter_eapol_9 eapol.tcl Authenticator sends EAP Failure if authentication challenge fails
cdrouter_eapol_20 eapol.tcl Authenticator retransmits EAP Identity Request if no response is received
cdrouter_eapol_21 eapol.tcl Authenticator increases EAP identifier for each retransmitted identity request
cdrouter_eapol_23 eapol.tcl Authenticator ignores EAP Identity Responses with unknown id field
cdrouter_eapol_24 eapol.tcl Authenticator enters the held state after authentication is rejected
cdrouter_eapol_100 eapol.tcl No packets are forwarded/processed when port is in unauthorized state
cdrouter_eapol_105 eapol.tcl Inbound traffic is blocked when port is in unauthorized state
cdrouter_eapol_110 eapol.tcl Packets are forwarded during reauthentication if port is in authenticated state
cdrouter_eapol_112 eapol.tcl Port is placed in unauthenticated state if reauthentication fails (bad identity)
cdrouter_eapol_113 eapol.tcl Port is placed in unauthorized state if reauthentication fails (bad auth)
cdrouter_eapol_115 eapol.tcl Port is unauthorized after more than reAuthMax reauthentication attempts
cdrouter_eapol_117 eapol.tcl EAP Success packets from supplicant do not authorize port
cdrouter_eapol_130 eapol.tcl Authenticator initiates reauthentication with supplicant every reAuthPeriod
cdrouter_eapol_140 eapol.tcl Port is placed in unauthorized state if 802.11 layer is reinitialized
cdrouter_eapol_300 eapol.tcl Verify supplicant can login using all configured Identities
cdrouter_eapol_500 eapol.tcl Authenticator handles EAP Start flood DoS attack
cdrouter_eapol_501 eapol.tcl Authenticator handles EAP Logoff flood DoS attack
cdrouter_eapol_502 eapol.tcl Authenticator handles EAP-of-Death DoS attack
cdrouter_eapol_503 eapol.tcl Back-end flood DoS attack

eap-md5.tcl

EAPOL tests specific to EAP-MD5

Test Name Module Synopsis
cdrouter_eapmd5_10 eap-md5.tcl Authenticator sends EAP Failure if MD5 Challenge Response is invalid
cdrouter_eapmd5_20 eap-md5.tcl Authenticator sends EAP Failure if no response to EAP MD5 Challenge Request is received
cdrouter_eapmd5_23 eap-md5.tcl Authenticator ignores EAP MD5 Responses with unknown id field
cdrouter_eapmd5_500 eap-md5.tcl Authenticator handles EAP MD5 Challenge Request DoS attack

eap-tls.tcl

EAPOL tests specific to EAP-TLS

Test Name Module Synopsis
cdrouter_eaptls_10 eap-tls.tcl Authenticator sends EAP Failure when TLS client fails to authenticate server
cdrouter_eaptls_12 eap-tls.tcl Authenticator sends EAP Failure when TLS server fails to authenticate client
cdrouter_eaptls_20 eap-tls.tcl Authenticator sends EAP Failure if no response to EAP-TLS Start request is received
cdrouter_eaptls_23 eap-tls.tcl Authenticator ignores EAP-TLS Response with unknown id field
cdrouter_eaptls_40 eap-tls.tcl Backend sends TLS Alert if supplicant fails server TLS authentication
cdrouter_eaptls_115 eap-tls.tcl Port becomes unauthorized after reAuthMax attempts if TLS session times out
cdrouter_eaptls_300 eap-tls.tcl EAP-TLS authenticator/backend ignores duplicate EAP-TLS packets
cdrouter_eaptls_400 eap-tls.tcl EAP-TLS authentication using small EAP Fragment sizes
cdrouter_eaptls_410 eap-tls.tcl EAP-TLS backend accepts EAP packets without EAP-TLS Message Length field
cdrouter_eaptls_500 eap-tls.tcl Authenticator handles EAP-TLS bad length DoS attack

eap-wep.tcl

EAPOL tests specific to dynamic WEP

Test Name Module Synopsis
cdrouter_wep_1 eap-wep.tcl Authenticator sends EAPOL-Key packet for unicast key after EAP-Success
cdrouter_wep_5 eap-wep.tcl Verify old WEP keys no longer work after new WEP key is generated
cdrouter_wep_10 eap-wep.tcl Verify the Replay Counter increases for each EAPOL-Key packet

eap-radius.tcl

RADIUS client tests for EAP based authentication (802.1X)

Test Name Module Synopsis
eapradius_1 eap-radius.tcl Verify authenticator sends EAP-Success after receiving Access-Accept
eapradius_2 eap-radius.tcl Verify authenticator sends EAP-Failure after Access-Reject
eapradius_5 eap-radius.tcl Validate common RADIUS attributes sent from authenticator
eapradius_6 eap-radius.tcl Verify authentication fails if RADIUS secret is invalid
eapradius_7 eap-radius.tcl Verify authentication fails if Message-Authenticator attribute is invalid
eapradius_8 eap-radius.tcl Verify ID and authenticator are unique for each new Access-Request
eapradius_9 eap-radius.tcl Verify authenticator sends EAP-Failure when no response from RADIUS in unauthenticated state
eapradius_10 eap-radius.tcl Verify authenticator can reassemble EAP packets from many RADIUS eapMessage attributes
eapradius_12 eap-radius.tcl Verify authenticator ignores RADIUS messages with invalid attribute list
eapradius_14 eap-radius.tcl Verify authenticator ignores RADIUS messages without a Message-Authenticator attribute
eapradius_20 eap-radius.tcl Verify authenticator sends canned EAP-Failure message when Access-Reject is received
eapradius_21 eap-radius.tcl Verify authenticator sends canned EAP-Success message when Access-Accept is received

pppoe-pt.tcl

PPPoE pass through from PPPoE client on LAN to WAN side PPPoE server

Test Name Module Synopsis
cdrouter_pppoept_1 pppoe-pt.tcl Verify basic case of PPPoE pass through with LAN PPPoE client
cdrouter_pppoept_2 pppoe-pt.tcl Verify PPPoE packets to unknown MAC address do not use PPPoE pass through

ipsec-esp.tcl

IPSEC ESP tests for IPSEC based VPNs

Test Name Module Synopsis
cdrouter_esp_1 ipsec-esp.tcl The ESP header sequence number increases with each new IPSEC ESP packet
cdrouter_esp_3 ipsec-esp.tcl Manual IPSEC keys continue to work after ESP sequence number wraps
cdrouter_esp_5 ipsec-esp.tcl Verify no anti-relay techniques are used with manual IPSEC keys
cdrouter_esp_8 ipsec-esp.tcl Verify inner IPv4 TTL is decremented for IPSEC tunneled packet
cdrouter_esp_10 ipsec-esp.tcl Verify packets with wrong ESP authentication are dropped
cdrouter_esp_20 ipsec-esp.tcl Verify Incoming IP fragments for ESP tunnel are reassembled
cdrouter_esp_21 ipsec-esp.tcl Verify out-of-order IP fragments for ESP tunnel are reassembled
cdrouter_esp_22 ipsec-esp.tcl Verify router fragments large IP packets before sending over IPSEC tunnel
cdrouter_esp_100 ipsec-esp.tcl Verify router supports PMTU discovery for packets sent over IPSEC tunnel
cdrouter_esp_101 ipsec-esp.tcl Verify DF bit from original packet is copied to encapsulation header
cdrouter_esp_200 ipsec-esp.tcl Verify return traffic that does not use IPSEC/ESP is dropped
cdrouter_esp_400 ipsec-esp.tcl Verify all configured IPSEC tunnels are operational

dmz.tcl

Test cases for DMZ configurations

Test Name Module Synopsis
cdrouter_dmz_1 dmz.tcl Inbound TCP connections to public side HTTP port are forwarded to DMZ host
cdrouter_dmz_100 dmz.tcl Inbound TCP packets are sent to DMZ host for all ports
cdrouter_dmz_101 dmz.tcl Inbound UDP packets are sent to DMZ host for all ports
cdrouter_dmz_110 dmz.tcl ICMP Echo packets are forwarded to DMZ host
cdrouter_dmz_200 dmz.tcl Non TCP, UDP, or ICMP protocol types are forwarded to DMZ host

mcast.tcl

IGMPv2/v3 and multicast data tests for IGMP proxy or pass through

Test Name Module Synopsis
cdrouter_mcast_1 mcast.tcl IGMP packets from LAN are forwarded/proxied to WAN interface
cdrouter_mcast_2 mcast.tcl Verify IPv4 TTL is decremented for multicast packets
cdrouter_mcast_11 mcast.tcl Forward Multicast UDP packets with various packet lengths (LAN to WAN)
cdrouter_mcast_12 mcast.tcl Forward Multicast UDP packets with various packet lengths (WAN to LAN)
cdrouter_mcast_20 mcast.tcl Verify IGMP router periodically sends general IGMP Query on LAN interface
cdrouter_mcast_50 mcast.tcl Multicast streams are not forwarded if no group members exist
cdrouter_mcast_51 mcast.tcl Multicast streams are not forwarded after last member leaves group
cdrouter_mcast_52 mcast.tcl Multicast streams are not forwarded after last member ages out
cdrouter_mcast_53 mcast.tcl IGMP proxy interface answers IGMP general query requests
cdrouter_mcast_54 mcast.tcl IGMP proxy interface answers IGMP specific query requests
cdrouter_mcast_60 mcast.tcl Verify IGMP router sends IGMP Group Specific Query after last member leaves group
cdrouter_mcast_70 mcast.tcl Verify IGMP router sends IGMP Leave after last group member ages out
cdrouter_mcast_100 mcast.tcl Verify the maximum number of multicast groups received on the LAN
cdrouter_mcast_110 mcast.tcl Verify IPTV channel change test scenario 1 (no overlap)
cdrouter_mcast_120 mcast.tcl Verify IPTV channel change test scenario 2 (overlap)
cdrouter_mcast_200 mcast.tcl Verify IGMPv3 membership with source specific ALLOW_NEW_SOURCES/BLOCK_OLD_SOURCES
cdrouter_mcast_210 mcast.tcl Verify IGMPv3 router blocks incoming multicast sources that do not match the source list
cdrouter_mcast_220 mcast.tcl Verify IGMPv3 router blocks incoming sources on a per group basis
cdrouter_mcast_230 mcast.tcl Verify IGMPv3 source specific group with multiple sources
cdrouter_mcast_240 mcast.tcl Verify IGMPv3 general query requests with source specific memberships
cdrouter_mcast_250 mcast.tcl Verify IGMPv3 specific query requests with source specific memberships
cdrouter_mcast_260 mcast.tcl Verify IGMPv3 group and source specific query requests
cdrouter_mcast_300 mcast.tcl Verify IGMPv3 maximum number of multicast groups with multiple group records
cdrouter_mcast_310 mcast.tcl Verify IGMPv3 source specific IPTV channel change test scenario

dyndns.tcl

Tests for routers with built in DynDNS clients

Test Name Module Synopsis
cdrouter_dyndns_1 dyndns.tcl DynDNS client sends an update request when the WAN IP address changes
cdrouter_dyndns_2 dyndns.tcl DynDNS client does not update if the WAN reestablishes with the same IP address
cdrouter_dyndns_10 dyndns.tcl DynDNS client sends correct parameters in update request
cdrouter_dyndns_20 dyndns.tcl DynDNS client uses DNS to resolve the address of members.dyndns.org
cdrouter_dyndns_50 dyndns.tcl DynDNS client doesn’t rely on DNS to determine if an update is necessary
cdrouter_dyndns_101 dyndns.tcl DynDNS client reacts appropriately to error conditions

sip-alg.tcl

SIP testing for SIP ALG or proxy

Test Name Module Synopsis
cdrouter_sip_1 sip-alg.tcl Verify NAT translation of SIP headers during REGISTER
cdrouter_sip_2 sip-alg.tcl Verify NAT translation of short format SIP headers during REGISTER
cdrouter_sip_10 sip-alg.tcl Verify NAT translation of SIP headers during outbound call
cdrouter_sip_11 sip-alg.tcl Verify NAT translation of short format SIP headers during outbound call
cdrouter_sip_20 sip-alg.tcl Verify NAT translation of SIP headers during inbound call
cdrouter_sip_21 sip-alg.tcl Verify NAT translation of short format SIP headers during inbound call
cdrouter_sip_30 sip-alg.tcl Verify NAT translation of SDP headers during outbound call
cdrouter_sip_31 sip-alg.tcl Verify NAT translation of SDP headers during inbound call
cdrouter_sip_40 sip-alg.tcl Verify SIP call with client using source port not equal to 5060
cdrouter_sip_41 sip-alg.tcl Verify outbound SIP call with client ‘Contact’ header using different port
cdrouter_sip_42 sip-alg.tcl Verify inbound SIP call with client ‘Contact’ header using different port
cdrouter_sip_43 sip-alg.tcl Verify outbound SIP calls allow incoming RTP stream when caller uses mute
cdrouter_sip_45 sip-alg.tcl Verify Via header port is used for response instead of UDP source port
cdrouter_sip_50 sip-alg.tcl Verify NAT translation of SDP remains the same on retransmission of INVITE
cdrouter_sip_60 sip-alg.tcl Verify RTP port mapping is deleted when SIP client ends call (BYE)
cdrouter_sip_61 sip-alg.tcl Verify RTP port mapping is deleted when SIP proxy ends call (BYE)
cdrouter_sip_62 sip-alg.tcl Verify RTP port mapping is deleted when SIP client cancels call (CANCEL)
cdrouter_sip_63 sip-alg.tcl Verify RTP port mapping is deleted or not established if call setup fails
cdrouter_sip_70 sip-alg.tcl Verify SIP ALG with various SIP URI formats
cdrouter_sip_71 sip-alg.tcl Verify outbound calls with multiple SIP clients using the same SIP and SDP ports
cdrouter_sip_72 sip-alg.tcl Verify inbound calls with multiple SIP clients using the same SIP and SDP ports
cdrouter_sip_73 sip-alg.tcl Verify outbound calls with multiple SIP clients using corner case port 65535 for SDP
cdrouter_sip_80 sip-alg.tcl Verify outbound SIP calls when server uses early media SDP setup
cdrouter_sip_100 sip-alg.tcl Verify maximum number of simultaneous outbound SIP calls
cdrouter_sip_101 sip-alg.tcl Verify maximum number of simultaneous inbound SIP calls
cdrouter_sip_200 sip-alg.tcl Verify outbound SIP calls with multiple DHCP LAN clients

sip-alg-tcp.tcl

SIP over TCP testing for SIP ALG or proxy

Test Name Module Synopsis
cdrouter_sip_tcp_1 sip-alg-tcp.tcl Verify NAT translation of SIP headers during REGISTER (TCP)
cdrouter_sip_tcp_2 sip-alg-tcp.tcl Verify NAT translation of short format SIP headers during REGISTER (TCP)
cdrouter_sip_tcp_10 sip-alg-tcp.tcl Verify NAT translation of SIP headers during outbound call (TCP)
cdrouter_sip_tcp_11 sip-alg-tcp.tcl Verify NAT translation of short format SIP headers during outbound call (TCP)
cdrouter_sip_tcp_20 sip-alg-tcp.tcl Verify NAT translation of SIP headers during inbound call (TCP)
cdrouter_sip_tcp_21 sip-alg-tcp.tcl Verify NAT translation of short format SIP headers during inbound call (TCP)
cdrouter_sip_tcp_30 sip-alg-tcp.tcl Verify NAT translation of SDP headers during outbound call (TCP)
cdrouter_sip_tcp_31 sip-alg-tcp.tcl Verify NAT translation of SDP headers during inbound call (TCP)
cdrouter_sip_tcp_40 sip-alg-tcp.tcl Verify SIP call with client using source port not equal to 5060 (TCP)
cdrouter_sip_tcp_41 sip-alg-tcp.tcl Verify outbound SIP call with client ‘Contact’ header using different port (TCP)
cdrouter_sip_tcp_42 sip-alg-tcp.tcl Verify inbound SIP call with client ‘Contact’ header using different port (TCP)
cdrouter_sip_tcp_43 sip-alg-tcp.tcl Verify outbound SIP calls allow incoming RTP stream when caller uses mute (TCP)
cdrouter_sip_tcp_45 sip-alg-tcp.tcl Verify Via header port is used for response instead of TCP source port (TCP)
cdrouter_sip_tcp_50 sip-alg-tcp.tcl Verify NAT translation of SDP remains the same on retransmission of INVITE (TCP)
cdrouter_sip_tcp_60 sip-alg-tcp.tcl Verify RTP port mapping is deleted when SIP client ends call (BYE) (TCP)
cdrouter_sip_tcp_61 sip-alg-tcp.tcl Verify RTP port mapping is deleted when SIP proxy ends call (BYE) (TCP)
cdrouter_sip_tcp_62 sip-alg-tcp.tcl Verify RTP port mapping is deleted when SIP client cancels call (CANCEL) (TCP)
cdrouter_sip_tcp_63 sip-alg-tcp.tcl Verify RTP port mapping is deleted or not established if call setup fails (TCP)
cdrouter_sip_tcp_70 sip-alg-tcp.tcl Verify SIP ALG with various SIP URI formats (TCP)
cdrouter_sip_tcp_71 sip-alg-tcp.tcl Verify outbound calls with multiple SIP clients using the same SIP and SDP ports (TCP)
cdrouter_sip_tcp_72 sip-alg-tcp.tcl Verify inbound calls with multiple SIP clients using the same SIP and SDP ports (TCP)
cdrouter_sip_tcp_73 sip-alg-tcp.tcl Verify outbound calls with multiple SIP clients using corner case port 65535 for SDP (TCP)
cdrouter_sip_tcp_80 sip-alg-tcp.tcl Verify outbound SIP calls when server uses early media SDP setup (TCP)
cdrouter_sip_tcp_100 sip-alg-tcp.tcl Verify maximum number of simultaneous outbound SIP calls (TCP)
cdrouter_sip_tcp_101 sip-alg-tcp.tcl Verify maximum number of simultaneous inbound SIP calls (TCP)
cdrouter_sip_tcp_200 sip-alg-tcp.tcl Verify outbound SIP calls with multiple DHCP LAN clients (TCP)

dns.tcl

DNS proxy and DNS failover related tests

Test Name Module Synopsis
dns_10 dns.tcl Verify DNS proxy does not cache DNS entry when DNS TTL is 0
dns_11 dns.tcl Verify DNS proxy returns TTL of 0 when returned DNS TTL is 0
dns_40 dns.tcl Verify AAAA IPv6 DNS queries to router are forwarded to real DNS server
dns_41 dns.tcl Verify AAAA IPv6 DNS queries can return no address for IPv6 to IPv4 failover
dns_45 dns.tcl Verify DNS failover when non-zero error codes are received in non-authoritative DNS response
dns_46 dns.tcl Verify DNS failover when non-zero error codes are received in authoritative DNS response
dns_50 dns.tcl Verify Reverse PTR DNS queries to router are forwarded to real DNS server
dns_51 dns.tcl Verify Reverse AAAA IPv6 DNS queries to router are forwarded to real DNS server
dns_60 dns.tcl Verify DNS proxy fails over when new primary DNS server is learned
dns_70 dns.tcl Verify DNS lookups with multiple IPv4 responses
dns_100 dns.tcl Verify DNS proxy recovers after DNS server outage
dns_110 dns.tcl Verify DNS queries including the EDNS0 option
dns_120 dns.tcl Verify large DNS responses using EDNS0 option
dns_121 dns.tcl Verify maximum UDP payload value in EDNS0 option
dns_130 dns.tcl Verify DNS queries for TXT records
dns_132 dns.tcl Verify DNS queries for CNAME records
dns_133 dns.tcl Verify DNS queries for responses returning both CNAME and A records
dns_134 dns.tcl Verify DNS queries for responses returning both CNAME and AAAA records
dns_140 dns.tcl Verify DNS queries for SPF records
dns_141 dns.tcl Verify DNS queries for SRV records
dns_150 dns.tcl Verify DNS proxy behavior for DNS server status requests
dns_200 dns.tcl Verify DNS proxy does not mangle DNSSEC queries
dns_201 dns.tcl Verify DNS proxy does not mangle large DNSSEC responses
dns_210 dns.tcl Verify DHCP server automatically registers DHCP client’s hostname in DNS
dns_220 dns.tcl Verify DHCP server updates DHCP client’s hostname when it changes
dns_230 dns.tcl Verify DHCP server supports FQDN hostname values
dns_240 dns.tcl Verify DNS proxy removes old DHCP hostname values when hostname changes
dns_250 dns.tcl Verify DHCP server handles DHCP hostname option with maximum size DNS subdomain length
dns_300 dns.tcl Verify DNS proxy honors TTL values when caching responses
dns_301 dns.tcl Verify maximum number of cached DNS responses
dns_400 dns.tcl Verify parallel DNS queries
dns_410 dns.tcl Verify DNS does not deploy NXDOMAIN hijacking for type A records
dns_411 dns.tcl Verify DNS does not deploy NXDOMAIN hijacking for type AAAA records
dns_420 dns.tcl Verify DNS proxy handles use of bit 0x20 in DNS labels

dns-tcp.tcl

DNS over TCP proxy and DNS failover related tests

Test Name Module Synopsis
dns_tcp_10 dns-tcp.tcl Verify DNS proxy does not cache DNS entry when DNS TTL is 0
dns_tcp_11 dns-tcp.tcl Verify DNS proxy returns TTL of 0 when returned DNS TTL is 0
dns_tcp_40 dns-tcp.tcl Verify AAAA IPv6 DNS queries to router are forwarded to real DNS server
dns_tcp_41 dns-tcp.tcl Verify AAAA IPv6 DNS queries can return no address for IPv6 to IPv4 failover
dns_tcp_45 dns-tcp.tcl Verify DNS failover when non-zero error codes are received in non-authoritative DNS response
dns_tcp_46 dns-tcp.tcl Verify DNS failover when non-zero error codes are received in authoritative DNS response
dns_tcp_50 dns-tcp.tcl Verify Reverse PTR DNS queries to router are forwarded to real DNS server
dns_tcp_51 dns-tcp.tcl Verify Reverse AAAA IPv6 DNS queries to router are forwarded to real DNS server
dns_tcp_60 dns-tcp.tcl Verify DNS proxy fails over when new primary DNS server is learned
dns_tcp_70 dns-tcp.tcl Verify DNS lookups with multiple IPv4 responses
dns_tcp_100 dns-tcp.tcl Verify DNS proxy recovers after DNS server outage
dns_tcp_110 dns-tcp.tcl Verify DNS queries including the EDNS0 option
dns_tcp_120 dns-tcp.tcl Verify large DNS responses using EDNS0 option
dns_tcp_121 dns-tcp.tcl Verify maximum UDP payload value in EDNS0 option
dns_tcp_130 dns-tcp.tcl Verify DNS queries for TXT records
dns_tcp_132 dns-tcp.tcl Verify DNS queries for CNAME records
dns_tcp_133 dns-tcp.tcl Verify DNS queries for responses returning both CNAME and A records
dns_tcp_134 dns-tcp.tcl Verify DNS queries for responses returning both CNAME and AAAA records
dns_tcp_140 dns-tcp.tcl Verify DNS queries for SPF records
dns_tcp_141 dns-tcp.tcl Verify DNS queries for SRV records
dns_tcp_150 dns-tcp.tcl Verify DNS proxy behavior for DNS server status requests
dns_tcp_200 dns-tcp.tcl Verify DNS proxy does not mangle DNSSEC queries
dns_tcp_201 dns-tcp.tcl Verify DNS proxy does not mangle large DNSSEC responses
dns_tcp_210 dns-tcp.tcl Verify DHCP server automatically registers DHCP client’s hostname in DNS
dns_tcp_220 dns-tcp.tcl Verify DHCP server updates DHCP client’s hostname when it changes
dns_tcp_230 dns-tcp.tcl Verify DHCP server supports FQDN hostname values
dns_tcp_240 dns-tcp.tcl Verify DNS proxy removes old DHCP hostname values when hostname changes
dns_tcp_250 dns-tcp.tcl Verify DHCP server handles DHCP hostname option with maximum size DNS subdomain length
dns_tcp_300 dns-tcp.tcl Verify DNS proxy honors TTL values when caching responses
dns_tcp_301 dns-tcp.tcl Verify maximum number of cached DNS responses
dns_tcp_400 dns-tcp.tcl Verify parallel DNS queries
dns_tcp_410 dns-tcp.tcl Verify DNS does not deploy NXDOMAIN hijacking for type A records
dns_tcp_411 dns-tcp.tcl Verify DNS does not deploy NXDOMAIN hijacking for type AAAA records
dns_tcp_420 dns-tcp.tcl Verify DNS proxy handles use of bit 0x20 in DNS labels

mdns.tcl

mDNS related test cases

Test Name Module Synopsis
mdns_10 mdns.tcl Verify DUT responds to mDNS query of its hostname
mdns_11 mdns.tcl Verify DUT responds to mDNS reverse query of its LAN IP
mdns_12 mdns.tcl Verify DUT returns DNS-Service Discovery records for its web server

dns-rfc5625.tcl

IETF RFC 5625 DNS Proxy Implementation Guidelines

Test Name Module Synopsis
dns_rfc5625_10 dns-rfc5625.tcl A DNS proxy must forward unknown DNS flags and data
dns_rfc5625_11 dns-rfc5625.tcl A DNS proxy must forward DNS packets regardless of compressed labels
dns_rfc5625_12 dns-rfc5625.tcl A DNS proxy must forward DNS packets regardless of qtype and qclass fields
dns_rfc5625_13 dns-rfc5625.tcl A DNS proxy must always preserve the TC bit
dns_rfc5625_14 dns-rfc5625.tcl A DNS proxy must be able to forward DNS over TCP
dns_rfc5625_15 dns-rfc5625.tcl A DNS proxy should not convert a TCP lookup into a UDP lookup
dns_rfc5625_17 dns-rfc5625.tcl A DNS proxy should be able to forward EDNS0 UDP packets at least 4096 bytes in size
dns_rfc5625_19 dns-rfc5625.tcl A LAN Client should be able to send a DNS query directly to upstream server
dns_rfc5625_22 dns-rfc5625.tcl A DNS query ID from a DNS proxy should not increase monotonically
dns_rfc5625_23 dns-rfc5625.tcl A DNS proxy should not accept connections on the WAN port

static.tcl

IP static route related tests

Test Name Module Synopsis
static_1 static.tcl Verify all LAN static routes with LAN side traffic only
static_2 static.tcl Verify all LAN static routes with LAN to WAN traffic
static_10 static.tcl Verify all WAN static routes
static_20 static.tcl Verify all WAN static routes after WAN ISP address change

dos.tcl

Common denial of service attacks against routers

Test Name Module Synopsis
cdrouter_dos_1 dos.tcl Send ‘ping of death’ ICMP request to LAN side of the router
cdrouter_dos_2 dos.tcl Send ‘ping of death’ ICMP request to WAN side of the router
cdrouter_dos_10 dos.tcl Launch LAND attack against router’s management port on the LAN
cdrouter_dos_20 dos.tcl Verify that the DUT is not a Smurf reflector (ICMP attack)
cdrouter_dos_21 dos.tcl Verify that the DUT is not a Fraggle reflector (UDP attack)
cdrouter_dos_30 dos.tcl SYN floods an open port on the DUT from spoofed LAN clients
cdrouter_dos_31 dos.tcl SYN floods an open port on the WAN from spoofed Internet addresses
cdrouter_dos_32 dos.tcl ARP floods the DUT’s LAN interface
cdrouter_dos_33 dos.tcl Christmas Tree floods the service ports on the WAN from spoofed Internet addresses
cdrouter_dos_34 dos.tcl Floods the WAN interface with anomalous TCP packets

xbox.tcl

Xbox LIVE compatibilty tests to simulate Xbox LIVE console tests

Test Name Module Synopsis
xbox_1 xbox.tcl IP Address Test: Verify DHCP IPv4 address or static IPv4 address
xbox_2 xbox.tcl DNS Test: Verify DNS lookups from LAN client
xbox_3 xbox.tcl MTU Test: Verify IPv4 MTU of 1364 for Xbox LIVE
xbox_4 xbox.tcl ICMP Test: Verify ICMP Destination Unreachable message from WAN does not destroy NAT mapping
xbox_5 xbox.tcl NAT Test: Verify Xbox NAT classification of Open, Moderate, or Strict
xbox_6 xbox.tcl UPnP Test: Verify UDP wildcard port mapping can be created

sctp.tcl

SCTP related test cases

Test Name Module Synopsis
sctp_1 sctp.tcl Verify SCTP association initiation and termination
sctp_2 sctp.tcl Verify SCTP association with bidirectional data transfer
sctp_3 sctp.tcl Verify two simulataneous SCTP associations to same WAN server
sctp_4 sctp.tcl Verify two simulataneous SCTP associations with same source port to same WAN server

lldp.tcl

LLDP tests

Test Name Module Synopsis
lldp_1 lldp.tcl Verify LLDP message transmission interval
lldp_2 lldp.tcl Verify LLDP new neighbor detection
lldp_3 lldp.tcl Verify Chassis TLV in DUT’s LLDP message
lldp_4 lldp.tcl Verify System Name TLV in DUT’s LLDP message

rfc5508.tcl

IETF RFC 5508 NAT behavioral requirements for ICMP

Test Name Module Synopsis
rfc5508_req_1 rfc5508.tcl Section 3.1: ICMP Query Mapping, REQ-1
rfc5508_req_2 rfc5508.tcl Section 3.2: ICMP Query Session Timeouts, REQ-2
rfc5508_req_3 rfc5508.tcl Section 4.1: ICMP Error Payload Validation, REQ-3
rfc5508_req_3a rfc5508.tcl Section 4.1: ICMP Error Payload Validation, REQ-3, Part A
rfc5508_req_4 rfc5508.tcl Section 4.1: ICMP Error Packet Received from the External Realm, REQ-4
rfc5508_req_5 rfc5508.tcl Section 4.2.2: ICMP Error Packet Received from the Private Realm, REQ-5
rfc5508_req_6 rfc5508.tcl Section 4.3: NAT Sessions Pertaining to ICMP Error Payload, REQ-6
rfc5508_req_7 rfc5508.tcl Section 5: Hairpinning Support for ICMP Packets, REQ-7

rfc4787.tcl

RFC 4787 NAT behavioral requirements for unicast UDP

Test Name Module Synopsis
rfc4787_req_1 rfc4787.tcl Section 4.1: Address and Port Mapping, REQ-1 Mapping Behavior
rfc4787_req_2 rfc4787.tcl Section 4.1: Address and Port Mapping, REQ-2 Address Pooling Behavior
rfc4787_req_3 rfc4787.tcl Section 4.2.1: Port Assignment Behavior, REQ-3
rfc4787_req_4 rfc4787.tcl Section 4.2.2: Port Parity, REQ-4
rfc4787_req_5 rfc4787.tcl Section 4.3: Mapping Refresh, REQ-5 Expiration Window
rfc4787_req_6 rfc4787.tcl Section 4.3: Mapping Refresh, REQ-6 Refresh Behavior
rfc4787_req_8 rfc4787.tcl Section 5: Filtering Behavior, REQ-8
rfc4787_req_9 rfc4787.tcl Section 6: Hairpinning Behavior, REQ-9
rfc4787_req_11 rfc4787.tcl Section 8: Deterministic Properties, REQ-11
rfc4787_req_12 rfc4787.tcl Section 9: ICMP Destination Unreachable Behavior, REQ-12
rfc4787_req_13 rfc4787.tcl Section 10: Fragmentation of Outgoing Packets, REQ-13
rfc4787_req_14 rfc4787.tcl Section 11: Receiving Fragmented Packets, REQ-14

http.tcl

HTTP related test cases

Test Name Module Synopsis
cdrouter_http_100 http.tcl Verify HTTP/1.0 GET connections
cdrouter_http_101 http.tcl Verify HTTP/1.0 POST connections
cdrouter_http_102 http.tcl Verify HTTP/1.0 HEAD connections
cdrouter_http_200 http.tcl Verify HTTP/1.1 GET connections
cdrouter_http_201 http.tcl Verify HTTP/1.1 POST connections
cdrouter_http_202 http.tcl Verify HTTP/1.1 HEAD connections
cdrouter_http_203 http.tcl Verify HTTP/1.1 PUT connections
cdrouter_http_204 http.tcl Verify HTTP/1.1 OPTIONS connections
cdrouter_http_205 http.tcl Verify HTTP/1.1 DELETE connections
cdrouter_http_250 http.tcl Verify HTTP/1.1 GET connections with chunked encoding
cdrouter_http_260 http.tcl Verify HTTP/1.1 proxy idle timeout
cdrouter_http_270 http.tcl Verify HTTP/1.1 pipelining
cdrouter_http_280 http.tcl Verify HTTP/1.1 streaming using chunked encoding

https.tcl

HTTPS related test cases

Test Name Module Synopsis
cdrouter_https_100 https.tcl Verify HTTPS/1.0 GET connections
cdrouter_https_101 https.tcl Verify HTTPS/1.0 POST connections
cdrouter_https_102 https.tcl Verify HTTPS/1.0 HEAD connections
cdrouter_https_200 https.tcl Verify HTTPS/1.1 GET connections
cdrouter_https_201 https.tcl Verify HTTPS/1.1 POST connections
cdrouter_https_202 https.tcl Verify HTTPS/1.1 HEAD connections
cdrouter_https_203 https.tcl Verify HTTPS/1.1 PUT connections
cdrouter_https_204 https.tcl Verify HTTPS/1.1 OPTIONS connections
cdrouter_https_205 https.tcl Verify HTTPS/1.1 DELETE connections
cdrouter_https_250 https.tcl Verify HTTPS/1.1 GET connections with chunked encoding

http2.tcl

HTTP/2 related test cases

Test Name Module Synopsis
cdrouter_http2_100 http2.tcl Verify HTTP/2 GET connections
cdrouter_http2_101 http2.tcl Verify HTTP/2 POST connections
cdrouter_http2_102 http2.tcl Verify HTTP/2 HEAD connections
cdrouter_http2_103 http2.tcl Verify HTTP/2 PUT connections
cdrouter_http2_104 http2.tcl Verify HTTP/2 OPTIONS connections
cdrouter_http2_105 http2.tcl Verify HTTP/2 DELETE connections

http2-tls.tcl

HTTP/2 over TLS related test cases

Test Name Module Synopsis
cdrouter_http2_tls_100 http2-tls.tcl Verify HTTP/2 GET connections over TLS
cdrouter_http2_tls_101 http2-tls.tcl Verify HTTP/2 POST connections over TLS
cdrouter_http2_tls_102 http2-tls.tcl Verify HTTP/2 HEAD connections over TLS
cdrouter_http2_tls_103 http2-tls.tcl Verify HTTP/2 PUT connections over TLS
cdrouter_http2_tls_104 http2-tls.tcl Verify HTTP/2 OPTIONS connections over TLS
cdrouter_http2_tls_105 http2-tls.tcl Verify HTTP/2 DELETE connections over TLS

heartbleed.tcl

Heartbleed vulnerability tests for CVE-2014-0160

Test Name Module Synopsis
cdrouter_heartbleed_100 heartbleed.tcl Verify DUT’s LAN HTTPS server is protected against heartbleed exploit
cdrouter_heartbleed_200 heartbleed.tcl Verify DUT’s WAN HTTPS server is protected against heartbleed exploit
cdrouter_heartbleed_300 heartbleed.tcl Verify DUT’s TR-069 client is protected against heartbleed exploit

ssl.tcl

SSL related test cases

Test Name Module Synopsis
cdrouter_ssl_100 ssl.tcl Verify DUT’s LAN HTTPS server refuses connections with deprecated SSL protocols
cdrouter_ssl_200 ssl.tcl Verify DUT’s LAN HTTPS server refuses connections with deprecated SSL ciphers

gre.tcl

IPv4 over GRE related test cases

Test Name Module Synopsis
gre_1 gre.tcl Verify traffic sent to remote GRE host from LAN is forwarded over IPv4 GRE tunnel
gre_2 gre.tcl Verify traffic sent to LAN from remote GRE host is forwarded over IPv4 GRE tunnel
gre_3 gre.tcl Verify DUT’s LAN IPv4 address is reachable over GRE tunnel
gre_4 gre.tcl Verify GRE header fields for IPv4 packet
gre_5 gre.tcl Verify DUT forwards GRE packets with valid GRE checksums
gre_6 gre.tcl Verify DUT drops GRE packets with bad GRE checksums
gre_30 gre.tcl Verify DUT fragments large outbound packets sent over GRE tunnel
gre_31 gre.tcl Verify DUT sends ICMPv4 Destination Unreachables if a GRE packet needs fragmentation and DF=1
gre_32 gre.tcl Verify DUT reassembles and forwards fragmented IPv4 UDP packets from the LAN over GRE tunnel
gre_34 gre.tcl Verify DUT reassembles and forwards fragmented IPv4 UDP packets from the WAN over GRE tunnel
gre_35 gre.tcl Verify DUT reassembles and forwards fragmented IPv4 UDP packets from the WAN over GRE tunnel that also require fragmentation on the LAN
gre_36 gre.tcl Verify DUT properly reassembles and forwards out of order IPv4 fragments
gre_50 gre.tcl Verify DUT sets the DF flag in the GRE delivery header
gre_60 gre.tcl Verify DUT drops invalid GRE packets
gre_80 gre.tcl Verify DUT supports PMTU discovery for packets sent over GRE tunnel
gre_100 gre.tcl Verify that all configured IPv4 over GRE tunnels are capable of forwarding traffic

Contents

×

About CDRouter

CDRouter is made by QA Cafe, a technology company based in Portsmouth, NH.

Get in touch via our Contact page or by following us on your favorite service: