CDRouter Test Summaries
Test Case Summaries
- Modules: 65
- Test Cases: 803
Below is a summary of the testcases in each module
basic.tcl
Initial connectivity tests to verify ARP and DHCP client are connected
| Test Name | Synopsis |
|---|---|
cdrouter_basic_1 |
Router responds to ARP request on LAN interface |
cdrouter_basic_2 |
Router responds to ARP request on WAN interface |
cdrouter_basic_10 |
Verify LAN DHCP clients receive gateway/DNS configuration from WAN side |
cdrouter_basic_20 |
Outbound packets use specified/cloned source MAC address |
connectivity.tcl
Device connectivity tests to verify link, reboot, and other diagnostics
| Test Name | Synopsis |
|---|---|
cdrouter_connectivity_1 |
Execute and validate DUT Reboot Function |
cdrouter_connectivity_2 |
Validate connectivity of WAN interface while disabling and enabling link layer |
cdrouter_connectivity_3 |
Validate connectivity of LAN interface while disabling and enabling link layer |
cdrouter_connectivity_4 |
Execute simple connectivity check only |
dhcp-c.tcl
DHCP client tests for the WAN side of the router
| Test Name | Synopsis |
|---|---|
cdrouter_dhcp_1 |
DHCP client renews lease when current lease expires |
cdrouter_dhcp_2 |
DHCP client resends DHCPREQUEST packet if server does not respond |
cdrouter_dhcp_3 |
DHCP client drops back into DISCOVERY mode if original server stops responding |
cdrouter_dhcp_4 |
DHCP client drops back into DISCOVERY mode if server sends a DHCPNAK |
cdrouter_dhcp_5 |
DHCP client remains in DISCOVERY mode if server sends a DHCPNAK |
cdrouter_dhcp_10 |
DHCP client ignores site-specific DHCP options |
cdrouter_dhcp_11 |
Verify DHCP client handles server option with length 0 |
cdrouter_dhcp_20 |
DHCP client ignores DHCP packets with corrupt UDP checksum |
cdrouter_dhcp_30 |
DHCP client includes vendor defined options |
cdrouter_dhcp_31 |
Verify client supports DHCP Rapid Commit option |
cdrouter_dhcp_32 |
Verify client supports DHCP Forcerenew Nonce Authentication |
cdrouter_dhcp_33 |
Verify client ignores DHCPFORCERENEW without Authentication option |
cdrouter_dhcp_34 |
Verify client ignores DHCPFORCERENEW authenticated with incorrect nonce |
cdrouter_dhcp_35 |
Verify client ignores DHCPFORCERENEW messages on port 67 |
cdrouter_dhcp_36 |
Verify client ignores DHCPOFFER messages on port 67 |
cdrouter_dhcp_40 |
Verify client requests same parameters in all subsequent DHCP messages |
cdrouter_dhcp_41 |
Verify client uses same Client ID in all subsequent DHCP messages |
cdrouter_dhcp_50 |
Verify client uses a randomized exponential backoff algorithm for DHCPDISCOVER retransmissions |
cdrouter_dhcp_51 |
Verify client uses an exponential backoff algorithm for DHCP Request retransmissions in state RENEW |
cdrouter_dhcp_60 |
DHCP client obtains lease when server delays responses |
cdrouter_dhcp_70 |
DHCP client is able to rebind to alternate DHCP server |
ecn.tcl
IPv4 ECN Forwarding Tests
| Test Name | Synopsis |
|---|---|
ecn_tcp_1 |
TCP Download with ECN Capable Transport, ECN unaware DUT, ECT(0) |
ecn_tcp_2 |
TCP Download with ECN Capable Transport, ECN unaware DUT, ECT(1) |
ecn_tcp_3 |
TCP Download with ECN Capable Transport, ECN unaware DUT, Congestion Encountered |
ecn_tcp_4 |
TCP Upload with ECN Capable Transport, ECN unaware DUT, ECT(0) |
ecn_tcp_5 |
TCP Upload with ECN Capable Transport, ECN unaware DUT, ECT(1) |
ecn_tcp_6 |
TCP Upload with ECN Capable Transport, ECN unaware DUT, ECT(0), Congestion Encountered |
pppoe-c.tcl
PPPoE client tests for the WAN side of the router
| Test Name | Synopsis |
|---|---|
cdrouter_pppoe_client_1 |
PPPoE client restarts PPPoE Discovery when PPP LCP Echo-Requests fail |
cdrouter_pppoe_client_10 |
PPPoE client restarts PPPoE Discovery when PPP LCP terminates PPP link |
cdrouter_pppoe_client_50 |
PPPoE PPP client replies to LCP Echo-Requests |
cdrouter_pppoe_client_60 |
PPPoE PPP client maintains LCP Magic Number during session |
cdrouter_pppoe_client_200 |
PPPoE/PPP restarts if PPP authentication fails |
cdrouter_pppoe_client_210 |
PPPoE/PPP can recover if LCP renegotiation is attempted |
cdrouter_pppoe_client_230 |
PPPoE/PPP can recover if LCP Echo-Request contains bad length |
cdrouter_pppoe_client_300 |
PPPoE client recovers if PPPoE server drops PADR from PPPoE client |
cdrouter_pppoe_client_310 |
PPPoE client returns AC-Cookie in PADR when server sends AC-Cookie in PADO |
cdrouter_pppoe_client_320 |
PPPoE client maintains Relay-Session-Id during PPPoE session establishment |
cdrouter_pppoe_client_330 |
PPPoE client sends PADT packet after idle timeout elapses |
cdrouter_pppoe_client_400 |
Verify PPPoE client sends correct PPP-Max-Payload tag in PADI packets |
pptp-c.tcl
PPTP client tests for the WAN side of the router
| Test Name | Synopsis |
|---|---|
cdrouter_pptp_5 |
PPTP client restarts PPTP connection when PPTP Echo Requests fail |
cdrouter_pptp_10 |
PPTP client restarts PPTP connection when PPP LCP terminates PPP link |
cdrouter_pptp_20 |
PPTP client restarts PPTP connection when TCP control session is closed |
cdrouter_pptp_25 |
PPTP client restarts PPTP connection when TCP control session is reset |
cdrouter_pptp_30 |
PPTP client initiates new call after a PPTP Call-Disconnect-Notify |
cdrouter_pptp_50 |
PPTP PPP client replies to LCP Echo Requests |
cdrouter_pptp_60 |
PPTP PPP client maintains LCP Magic Number during session |
cdrouter_pptp_200 |
PPTP/PPP restarts if PPP authentication fails |
cdrouter_pptp_210 |
PPTP/PPP can recover if LCP renegotiation is attempted |
cdrouter_pptp_230 |
PPTP/PPP can recover if LCP Echo Request contains bad length |
l2tp-c.tcl
L2TP client tests for WAN side of the router
| Test Name | Synopsis |
|---|---|
cdrouter_l2tp_5 |
L2TP client restarts L2TP connection when L2TP Hello Requests are unanswered |
cdrouter_l2tp_10 |
L2TP client restarts L2TP connection when PPP LCP terminates PPP link |
cdrouter_l2tp_20 |
L2TP client initiates new L2TP connection after closing tunnel with StopCCN |
cdrouter_l2tp_30 |
L2TP client initiates new L2TP tunnel after receiving CDN and StopCCN |
cdrouter_l2tp_40 |
L2TP client sends HELLO after period of inactivity |
cdrouter_l2tp_50 |
L2TP PPP client replies to LCP Echo Requests |
cdrouter_l2tp_60 |
L2TP PPP client maintains LCP Magic Number during session |
cdrouter_l2tp_200 |
L2TP/PPP restarts if PPP authentication fails |
cdrouter_l2tp_210 |
L2TP/PPP can recover if LCP renegotiation is attempted |
cdrouter_l2tp_230 |
L2TP/PPP can recover if LCP Echo Request contains bad length |
chap.tcl
PPP CHAP tests for PPP based protocols on the WAN (PPPoE and PPTP)
| Test Name | Synopsis |
|---|---|
cdrouter_chap_10 |
PPP CHAP authentication with various size key lengths |
cdrouter_chap_20 |
Verify PPP client will reauthenticate using CHAP during active connection |
mac-filter.tcl
Basic tests for verifying MAC based network filters
| Test Name | Synopsis |
|---|---|
cdrouter_mac_filter_1 |
Verify ARP resolution behavior for filtered hosts with deny policy |
cdrouter_mac_filter_2 |
Verify ARP resolution behavior for filtered hosts with allow policy |
cdrouter_mac_filter_3 |
Verify DHCP behavior for filtered hosts with deny policy |
cdrouter_mac_filter_4 |
Verify DHCP behavior for filtered hosts with allow policy |
cdrouter_mac_filter_5 |
Verify ICMP Echo behavior for filtered hosts with deny policy |
cdrouter_mac_filter_6 |
Verify ICMP Echo behavior for filtered hosts with allow policy |
dhcp-s.tcl
DHCP server tests for the LAN side of the router
| Test Name | Synopsis |
|---|---|
cdrouter_dhcp_server_1 |
Verify DHCP server returns same IP address when client renews |
cdrouter_dhcp_server_2 |
Verify DHCP server rejects DHCPREQUESTS with non-offered IP address |
cdrouter_dhcp_server_3 |
Verify DHCP server address reservations |
cdrouter_dhcp_server_4 |
Verify DHCP server returns IP address within configured pool |
cdrouter_dhcp_server_5 |
Verify DHCP server returns IP address with expected lease time |
cdrouter_dhcp_server_6 |
Verify DHCP server returns same IP address when client restarts |
cdrouter_dhcp_server_7 |
Verify DHCP server returns same IP address when client releases then restarts |
cdrouter_dhcp_server_8 |
Verify DHCP server returns same IP address when client restarts using Requested IP Address option |
cdrouter_dhcp_server_9 |
Verify DHCP server returns same IP address when client releases and restarts using Requested IP Address option |
cdrouter_dhcp_server_10 |
Verify DHCP server returns requested IP address when new client uses Requested IP Address option |
cdrouter_dhcp_server_11 |
Verify DHCP server does not return an address when invalid Requested IP Address option is used |
cdrouter_dhcp_server_30 |
DHCP server includes vendor defined options |
cdrouter_dhcp_server_31 |
Verify server supports DHCP Rapid Commit option |
cdrouter_dhcp_server_35 |
Verify DHCP server ignores DHCPDISCOVER messages on port 68 |
cdrouter_dhcp_server_100 |
Verify DHCP server accepts DHCP client packets with IPv4 length less than 576 |
cdrouter_dhcp_server_200 |
Verify DHCP server rejects DHCPREQUESTS with IP address of other clients |
cdrouter_dhcp_server_300 |
Verify DHCP server ignores site-specific DHCP options |
cdrouter_dhcp_server_301 |
Verify DHCP server handles client option with length 0 |
cdrouter_dhcp_server_401 |
Verify DHCP server ignores DHCP packets with an invalid UDP checksum |
cdrouter_dhcp_server_501 |
Verify DHCP server allows multiple DHCP clients with same name (DHCP option 12) |
cdrouter_dhcp_server_520 |
Verify DHCP server uses IPv4 broadcast when DHCP client sets broadcast flag |
cdrouter_dhcp_server_540 |
Verify DHCP server probes IPv4 client address before assigning |
cdrouter_dhcp_server_600 |
Verify DHCP server returns correct WINS server(s) |
cdrouter_dhcp_server_610 |
Verify DHCP server returns correct NTP server(s) |
cdrouter_dhcp_server_620 |
Verify DHCP server returns correct client identifier option |
cdrouter_dhcp_server_630 |
Verify DHCP server returns correct DNS server(s) |
cdrouter_dhcp_server_700 |
Verify DHCP server responds to unicast and broadcast DHCPINFORM messages |
cdrouter_dhcp_server_710 |
Verify DHCP server handles clients using V-I Vendor-Specific Information option |
cdrouter_dhcp_server_720 |
Verify DHCP server handles clients using V-I Vendor Class option |
cdrouter_dhcp_server_800 |
Verify DHCP server does not become exhausted after a large number of DHCP restarts |
cdrouter_dhcp_server_801 |
Verify DHCP server does not become exhausted after a large number of DHCP release then restarts |
nat.tcl
NAPT tests for TCP, UDP, and ICMP
| Test Name | Synopsis |
|---|---|
cdrouter_nat_1 |
Outbound TCP connections use NAPT |
cdrouter_nat_2 |
Outbound UDP connections use NAPT |
cdrouter_nat_100 |
Maximum number of TCP connections with single LAN host |
cdrouter_nat_101 |
NAPT with multiple LAN hosts using the same TCP source port |
cdrouter_nat_120 |
NAPT with a TCP and UDP connection using the same source port |
cdrouter_nat_130 |
Verify NAPT with outbound TCP connections using high and low source ports |
cdrouter_nat_150 |
Verify TCP source port can be reused after a passive close behind NAPT |
cdrouter_nat_200 |
Maximum number of UDP connections with single LAN host |
cdrouter_nat_201 |
NAPT with multiple LAN hosts using the same UDP source port |
cdrouter_nat_300 |
Verify NAPT checks source IP address of inbound UDP packets |
cdrouter_nat_320 |
UDP headers with a checksum equal to 0 should not be modified |
cdrouter_nat_330 |
Outbound TCP connection using IPv4 options |
cdrouter_nat_340 |
Outbound UDP connection using IPv4 options |
cdrouter_nat_350 |
Verify NAPT uses port parity preservation |
cdrouter_nat_360 |
Verify ICMP Destination Unreachable message from WAN does not destroy NAT UDP mapping |
cdrouter_nat_361 |
Verify ICMP Destination Unreachable message from WAN does not destroy NAT TCP mapping |
cdrouter_nat_400 |
Verify basic MSS Clamping for TCP sessions |
cdrouter_nat_401 |
Verify MSS Clamping with TCP options from different clients |
cdrouter_nat_410 |
Verify MSS Clamping does not modify smaller MSS values |
cdrouter_nat_500 |
NAT uses single binding for TCP session with same source IP and source port |
cdrouter_nat_501 |
NAT uses single binding for UDP session with same source IP and source port |
cdrouter_nat_510 |
NAT performs hairpin translation for LAN side TCP connections |
cdrouter_nat_511 |
NAT performs hairpin translation for LAN side UDP connections |
cdrouter_nat_520 |
Verify Port-Restricted, Address-Restricted, or Full-Cone NAPT for UDP connections |
cdrouter_nat_530 |
Verify TCP connections using TCP window scale option through NAT |
cdrouter_nat_600 |
Verify TCP Fast Open cookie request through NAT |
cdrouter_nat_610 |
Verify TCP connections using TCP Fast Open option through NAT |
nat-timeout.tcl
NAPT tests for session timers
| Test Name | Synopsis |
|---|---|
cdrouter_nat_timeout_1 |
Verify NAT TCP session timeout after FIN close |
cdrouter_nat_timeout_2 |
Verify NAT TCP session timeout after RST close |
cdrouter_nat_timeout_10 |
Verify NAT TCP session timeout for established session |
cdrouter_nat_timeout_11 |
Verify NAT TCP SYN session timeout |
cdrouter_nat_timeout_20 |
Verify NAT UDP session timeout |
cdrouter_nat_timeout_25 |
Verify NAT DNS session timeout |
cdrouter_nat_timeout_30 |
Verify NAT ICMP session timeout |
cdrouter_nat_timeout_40 |
Verify RTSP session timeout for established session |
nat-frag.tcl
NAPT tests for IPv4 fragmentation
| Test Name | Synopsis |
|---|---|
nat_frag_1 |
Verify NAT with TCP IPv4 fragments |
nat_frag_2 |
Verify NAT with TCP IPv4 out-of-order fragments |
nat_frag_11 |
Verify NAT with UDP IPv4 fragments |
nat_frag_12 |
Verify NAT with UDP IPv4 out-of-order fragments |
nat_frag_21 |
Verify NAT with ICMP IPv4 fragments |
nat_frag_22 |
Verify NAT with ICMP IPv4 out-of-order fragments |
renum-dhcp.tcl
WAN side renumbering tests with DHCP on the WAN
| Test Name | Synopsis |
|---|---|
cdrouter_renumber_1 |
Verify WAN client learns new IP address when WAN server renumbers |
cdrouter_renumber_2 |
Verify existing TCP connections can be reestablished after WAN renumber |
cdrouter_renumber_3 |
Verify LAN clients learn new DNS server during LAN side renew |
cdrouter_renumber_4 |
Verify LAN clients learn new longer domain name during LAN side renew |
cdrouter_renumber_5 |
Verify LAN clients learn new shorter domain name during LAN side renew |
cdrouter_renumber_6 |
Verify WAN side switches to new gateway after renumber |
cdrouter_renumber_50 |
Verify LAN clients learn additional DNS servers |
renum-pppoe.tcl
WAN side renumbering tests with PPPoE on the WAN
| Test Name | Synopsis |
|---|---|
cdrouter_renum_pppoe_1 |
Verify WAN PPPoE client learns new IP address when WAN server renumbers |
cdrouter_renum_pppoe_2 |
Verify existing TCP connections can be reestablished after WAN renumber |
cdrouter_renum_pppoe_3 |
Verify LAN clients learn new DNS server during LAN side renew |
cdrouter_renum_pppoe_6 |
Verify WAN side switches to new gateway after renumber |
cdrouter_renum_pppoe_50 |
Verify LAN clients learn additional DNS server |
renum-pptp.tcl
WAN side renumbering tests with PPTP on the WAN
| Test Name | Synopsis |
|---|---|
cdrouter_renum_pptp_1 |
Verify WAN PPTP client learns new IP address when WAN server renumbers |
cdrouter_renum_pptp_2 |
Verify existing TCP connections can be reestablished after WAN renumber |
cdrouter_renum_pptp_3 |
Verify LAN clients learn new DNS server during LAN side renew |
cdrouter_renum_pptp_6 |
Verify WAN side switches to new gateway after renumber |
cdrouter_renum_pptp_50 |
Verify LAN clients learn additional DNS server |
renum-l2tp.tcl
WAN side renumbering tests with L2TP on the WAN
| Test Name | Synopsis |
|---|---|
cdrouter_renum_l2tp_1 |
Verify WAN L2TP client learns new IP address when WAN server renumbers |
cdrouter_renum_l2tp_2 |
Verify existing TCP connections can be reestablished after WAN renumber |
cdrouter_renum_l2tp_3 |
Verify LAN clients learn new DNS server during LAN side renew |
cdrouter_renum_l2tp_6 |
Verify WAN side switches to new gateway after renumber |
cdrouter_renum_l2tp_50 |
Verify LAN clients learn additional DNS server |
icmp.tcl
ICMP tests for generating various ICMP packets and NAPT of ICMP data
| Test Name | Synopsis |
|---|---|
cdrouter_icmp_1 |
Verify ICMP Echo Requests (ping) work through router |
cdrouter_icmp_2 |
Verify ICMP Echo Requests from multiple LAN clients work through router |
cdrouter_icmp_5 |
Verify ICMP Echo Requests to router's LAN side IP address from the LAN |
cdrouter_icmp_6 |
Verify ICMP Echo Requests to router's WAN side IP address from the LAN |
cdrouter_icmp_7 |
Verify ICMP Echo Requests to router's WAN side IP address from the WAN |
cdrouter_icmp_10 |
Verify ICMP Time Exceeded packet is sent when incoming UDP TTL is 1 |
cdrouter_icmp_11 |
Verify NAT translates IP address in ICMP Time Exceeded packet |
cdrouter_icmp_12 |
Verify NAT translates IP address in ICMP Destination Unreachable with code port unreachable |
cdrouter_icmp_13 |
Verify NAT translates IP address in ICMP Destination Unreachable with code fragmentation needed |
cdrouter_icmp_14 |
Verify NAT translates IP address in outbound ICMP Destination Unreachable with code port unreachable |
cdrouter_icmp_20 |
Verify router supports Path MTU Discovery over WAN interface |
cdrouter_icmp_30 |
Verify ICMP Time Exceeded packet is sent when incoming TCP TTL is 1 |
firewall.tcl
Firewall tests including port scans
| Test Name | Synopsis |
|---|---|
cdrouter_firewall_1 |
Inbound TCP connections to public side HTTP port are blocked |
cdrouter_firewall_2 |
Inbound TCP connections to LAN hosts are blocked |
cdrouter_firewall_10 |
DHCP server ignores DHCP client request from the WAN |
cdrouter_firewall_12 |
DNS requests from the WAN are ignored by DNS proxy or relay |
cdrouter_firewall_100 |
Perform TCP port scan test on router's public WAN IP address |
cdrouter_firewall_101 |
Perform UDP port scan test on router's public WAN IP address |
cdrouter_firewall_110 |
Perform TCP fragmentation port scan test on router's public WAN IP address |
cdrouter_firewall_301 |
Verify firewall blocks/accepts piggyback TCP SYN connections from WAN |
cdrouter_firewall_508 |
Verify outbound packets are not forwarded if the source address is not a prefix of the interior network |
firewall-out.tcl
Firewall tests for limiting outbound access to services
| Test Name | Synopsis |
|---|---|
cdrouter_firewall_outbound_1 |
Verify CPE does not forward outbound TCP packets to ports that have been administratively blocked |
cdrouter_firewall_outbound_2 |
Verify CPE does not forward outbound UDP packets to ports that have been administratively blocked |
cdrouter_firewall_outbound_3 |
Verify CPE does not forward outbound IP packets for protocols that have been administratively blocked |
apps.tcl
Application layer gateway (ALG) tests for FTP, DNS, TFTP, SMTP, POP3, MSN, RTSP and others
| Test Name | Synopsis |
|---|---|
cdrouter_app_2 |
Verify router supports the active mode FTP PORT command |
cdrouter_app_3 |
Multiple FTP connections using the same source port |
cdrouter_app_10 |
Connections opened for FTP PORT command check for correct IPv4 address |
cdrouter_app_11 |
Verify FTP PORT command succeeds when TCP segment is retransmitted |
cdrouter_app_12 |
Verify FTP PORT translation stays the same when TCP segment is retransmitted |
cdrouter_app_14 |
Verify router closes public ports opened with the FTP PORT command |
cdrouter_app_15 |
Verify router supports the active mode FTP EPRT command |
cdrouter_app_16 |
Verify translation of EPRT command accepts non default delimiters |
cdrouter_app_17 |
Verify router supports the passive mode FTP PASV command |
cdrouter_app_18 |
Verify router supports the passive mode FTP EPSV command |
cdrouter_app_20 |
Verify DNS queries to router are forwarded to real DNS server |
cdrouter_app_21 |
Verify DNS queries sent to primary DNS server |
cdrouter_app_22 |
Verify DNS queries sent to backup DNS server |
cdrouter_app_25 |
Verify DNS relay on router fails over to backup DNS server |
cdrouter_app_26 |
Verify DNS relay on router fails over to backup DNS server (using same ID for retransmissions) |
cdrouter_app_27 |
Verify DNS relay on router fails over to third DNS server |
cdrouter_app_28 |
Verify DNS relay on router fails over to third DNS server (using same ID for retransmissions) |
cdrouter_app_30 |
Verify DNS queries sent directly to a 3rd party DNS server |
cdrouter_app_100 |
Verify router supports wrapping of TCP sequence number for FTP transfers |
cdrouter_app_110 |
Verify HTTPS session through the router |
cdrouter_app_120 |
Verify SMTP session through the router |
cdrouter_app_122 |
Verify POP3 session through the router |
cdrouter_app_124 |
Verify TFTP session through the router |
cdrouter_app_126 |
Verify NTP session through the router |
cdrouter_app_130 |
Verify STUN session through the router |
cdrouter_app_131 |
Verify authenticated STUN session through the router |
cdrouter_app_140 |
Verify IPv4 L2GRE session through the router |
cdrouter_app_302 |
Verify router translates MSN File Transfer Invite messages |
cdrouter_app_305 |
Verify router translates MSN Voice Invite messages |
cdrouter_app_310 |
Verify router does not modify MSN fields related to NAT detection |
cdrouter_rtsp_1 |
Verify basic RTSP session with UDP transport |
cdrouter_rtsp_2 |
Verify basic RTSP session with UDP transport for multiple LAN hosts |
cdrouter_rtsp_10 |
Verify RTSP transport is translated in both outbound and inbound directions |
cdrouter_rtsp_20 |
Verify RTSP port mapping is deleted after TEARDOWN and TCP close |
cdrouter_rtsp_21 |
Verify RTSP port mapping is deleted after TEARDOWN and without TCP close |
cdrouter_rtsp_22 |
Verify RTSP port mappings still work when TCP connection is closed |
cdrouter_rtsp_30 |
Verify IPv4 destination in client transport SETUP is translated to public IP |
cdrouter_rtsp_50 |
Verify RTSP ALG supports persistent TCP connections |
cdrouter_rtsp_60 |
Verify RTSP session with different IPv4 address for RTP media server |
cdrouter_rtsp_70 |
Verify RTSP session timeout for established session |
cdrouter_mptcp_1 |
Verify a Multipath TCP connection can be opened |
cdrouter_mptcp_2 |
Verify a Multipath TCP connection with two subflows can be opened |
ipsecpt.tcl
IPSEC based VPN pass through from the LAN to the WAN
| Test Name | Synopsis |
|---|---|
cdrouter_ipsecpt_1 |
Verify IKE packets pass through router on UDP port 500 |
cdrouter_ipsecpt_2 |
Verify tunnel mode IPSEC packets pass through router |
cdrouter_ipsecpt_3 |
Fragmented tunnel mode IPSEC packets are forwarded between LAN and WAN |
cdrouter_ipsecpt_30 |
Verify unknown IPv4 protocol types using the pass through mechanism |
cdrouter_ipsecpt_100 |
Verify the maximum number of IPSEC pass through connections for a single LAN host |
cdrouter_ipsecpt_110 |
Verify IPSEC pass through with multiple LAN clients using same VPN server |
cdrouter_ipsecpt_120 |
Verify IKE with multiple LAN clients using same VPN server |
cdrouter_ipsecpt_200 |
IPSEC pass through without NAT-T based IPSEC client |
cdrouter_ipsecpt_210 |
IPSEC pass through with NAT-T based IPSEC client |
forward.tcl
Forwarding tests with different packet sizes and directions
| Test Name | Synopsis |
|---|---|
cdrouter_forward_1 |
Verify IPv4 TTL is decremented for forwarded packets |
cdrouter_forward_2 |
Verify packet is not forwarded when IPv4 TTL is 1 |
cdrouter_forward_3 |
Verify packet can be forwarded back through incoming LAN interface |
cdrouter_forward_4 |
Verify packet is not forwarded if IPv4 checksum is corrupt |
cdrouter_forward_10 |
Forward UDP packets with various packet lengths (LAN to WAN) |
cdrouter_forward_11 |
Forward UDP packets with various packet lengths (WAN to LAN) |
cdrouter_forward_20 |
No packets are forwarded if WAN lease expires |
jumbo.tcl
Jumbo MTU forwarding tests with different packet sizes and directions
| Test Name | Synopsis |
|---|---|
cdrouter_jumbo_1 |
Verify IPv4 TTL is decremented for forwarded jumbo MTU packets |
cdrouter_jumbo_2 |
Verify jumbo MTU packet is not forwarded when IPv4 TTL is 1 |
cdrouter_jumbo_3 |
Verify jumbo MTU packet can be forwarded back through incoming LAN interface |
cdrouter_jumbo_4 |
Verify jumbo MTU packet is not forwarded if IPv4 checksum is corrupt |
cdrouter_jumbo_10 |
Forward jumbo MTU UDP packets with various packet lengths (LAN to WAN) |
cdrouter_jumbo_11 |
Forward jumbo MTU UDP packets with various packet lengths (WAN to LAN) |
rip.tcl
RIPv1/v2 tests for LAN side of the router
| Test Name | Synopsis |
|---|---|
cdrouter_rip_1 |
Verify router sends RIPv1/v2 update on LAN side |
cdrouter_rip_2 |
Verify router learns new RIP routes from LAN side RIP router (v1 or v2) |
cdrouter_rip_5 |
Verify router responds to RIP requests on LAN interface |
cdrouter_rip_10 |
Verify router selects RIP route with lowest metric (v1 or v2) |
cdrouter_rip_12 |
Verify router ignores routes with a metric of 16 |
cdrouter_rip_20 |
Verify router uses split horizon or poison reverse for learned RIP routes |
cdrouter_rip_30 |
Verify router announces default route on LAN side |
cdrouter_rip_100 |
Verify the maximum number of RIP routes supported |
cdrouter_rip_200 |
Verify router learns new RIP routes from WAN side RIP router (v1 or v2) |
scaling.tcl
Scaling tests for maximum number of DHCP clients and connections (TCP, HTTP, VPN)
| Test Name | Synopsis |
|---|---|
cdrouter_scale_1 |
Verify all DHCP clients are operational |
cdrouter_scale_2 |
Verify all DHCP clients with multiple TCP connections |
cdrouter_scale_3 |
Verify all DHCP clients with single UDP connection |
cdrouter_scale_10 |
Verify no duplicate IP addresses are assigned when DHCP address pool is exhausted |
cdrouter_scale_15 |
Verify all DHCP clients can create an IPSEC tunnel |
cdrouter_scale_20 |
Verify all DHCP clients can create a PPTP tunnel |
cdrouter_scale_30 |
Verify all DHCP clients can create a L2TP/IPSEC tunnel |
cdrouter_scale_40 |
Verify all DHCP clients can create a L2TP/IPSEC tunnel with NAT-T |
vservice.tcl
Port forwarding tests to verify configured virtual services on the router
| Test Name | Synopsis |
|---|---|
cdrouter_vservice_10 |
Verify each configured TCP virtual service |
cdrouter_vservice_20 |
Verify each configured UDP virtual service |
cdrouter_vservice_30 |
Verify TCP virtual services are reachable from the LAN side |
cdrouter_vservice_40 |
Verify UDP virtual services are reachable from the LAN side |
url-filter.tcl
URL filtering tests for LAN side HTTP clients
| Test Name | Synopsis |
|---|---|
cdrouter_urlfilter_10 |
Verify HTTP GETs to filtered URLs are blocked |
cdrouter_urlfilter_12 |
Verify HTTP GETs to filtered URLs are blocked without DNS lookups |
cdrouter_urlfilter_15 |
Verify HTTP HEADs to filtered URLs are blocked |
cdrouter_urlfilter_20 |
Verify HTTP POSTs to filtered URLs are blocked |
cdrouter_urlfilter_30 |
Verify URL filtering does not look at Cookie data |
cdrouter_urlfilter_40 |
Verify HTTPS GETs to filtered URLs are blocked |
triggerp.tcl
Tests to verify configured trigger ports on the router
| Test Name | Synopsis |
|---|---|
cdrouter_tport_10 |
Verify basic case for each configured trigger port application |
cdrouter_tport_30 |
Verify multiple LAN hosts can use trigger ports after mappings are aged out |
upnp.tcl
UPnP tests for routers that support IGDv1/IGDv2 devices
| Test Name | Synopsis |
|---|---|
cdrouter_ssdp_1 |
Verify UPnP router responds to SSDP Discovery Requests on LAN |
cdrouter_ssdp_2 |
Verify UPnP router does not respond to SSDP Discovery Requests on WAN |
cdrouter_ssdp_3 |
Verify UPnP router supports discovery of required IGD devices and services |
cdrouter_ssdp_4 |
Verify UPnP router does not respond to SSDP Discovery Requests without MX header |
cdrouter_ssdp_5 |
Verify UPnP router responds to unicast SSDP Discovery Requests on LAN |
cdrouter_ssdp_6 |
Verify required headers of M-SEARCH responses on LAN |
cdrouter_upnp_10 |
Verify XML description of IGD root device can be parsed |
cdrouter_upnp_12 |
Verify XML descriptions cannot be loaded from the WAN side of router |
cdrouter_upnp_20 |
Verify XML description for WANIPConnection or WANPPPConnection service can be parsed |
cdrouter_upnp_25 |
Verify router responds to UPnP Query for ConnectionStatus |
cdrouter_upnp_30 |
Verify UPnP GetExternalIPAddress Action returns WAN IP address |
cdrouter_upnp_31 |
Verify UPnP GetStatusInfo Action returns correct ConnectionStatus information |
cdrouter_upnp_32 |
Verify UPnP GetStatusInfo Action returns increasing Uptime value |
cdrouter_upnp_35 |
Add/delete dynamic UPnP TCP port mapping for wildcard IP source address |
cdrouter_upnp_36 |
Add/delete dynamic UPnP TCP port mapping for specific IP source address |
cdrouter_upnp_40 |
Add/delete dynamic UPnP UDP port mapping for wildcard IP source address |
cdrouter_upnp_41 |
Add/delete dynamic UPnP UDP port mapping for specific IP source address |
cdrouter_upnp_45 |
Verify UPnP Router rejects new port mappings that conflict |
cdrouter_upnp_50 |
Verify dynamic UPnP port mapping is deleted when lease expires |
cdrouter_upnp_100 |
Maximum number of UPnP TCP dynamic port mappings |
cdrouter_upnp_200 |
Verify UPnP clients can subscribe/unsubcribe to events for WANIPConnection or WANPPPConnection |
cdrouter_upnp_201 |
Verify UPnP clients can subscribe to events with infinite subscription time |
cdrouter_upnp_202 |
Verify UPnP clients can renew NOTIFY events for WANIPConnection or WANPPPConnection |
cdrouter_upnp_203 |
Verify router sends UPnP NOTIFY events for ConnectionStatus |
cdrouter_upnp_204 |
Verify router sends UPnP NOTIFY events with updated ExternalIPAddress |
cdrouter_upnp_210 |
Verify router stops sending NOTIFY events when subscription expires |
cdrouter_upnp_220 |
Verify the maximum number of UPnP event subscriptions that can be created |
cdrouter_upnp_400 |
Check for UPnP format string vulnerability used by BCMPUPnP_Hunter malware |
cdrouter_ssdp_igd2_3 |
Verify UPnP router supports discovery of required devices and services (IGD2) |
cdrouter_upnp_igd2_10 |
Verify XML description of IGD root device can be parsed (IGD2) |
cdrouter_upnp_igd2_12 |
Verify XML descriptions cannot be loaded from the WAN side of router (IGD2) |
cdrouter_upnp_igd2_20 |
Verify XML description for WANIPConnection or WANPPPConnection service can be parsed (IGD2) |
cdrouter_upnp_igd2_25 |
Verify router responds to UPnP Query for ConnectionStatus (IGD2) |
cdrouter_upnp_igd2_30 |
Verify UPnP GetExternalIPAddress Action returns WAN IP address (IGD2) |
cdrouter_upnp_igd2_31 |
Verify UPnP GetStatusInfo Action returns correct ConnectionStatus information (IGD2) |
cdrouter_upnp_igd2_32 |
Verify UPnP GetStatusInfo Action returns increasing Uptime value (IGD2) |
cdrouter_upnp_igd2_35 |
Add/delete dynamic UPnP TCP port mapping for wildcard IP source address (IGD2) |
cdrouter_upnp_igd2_36 |
Add/delete dynamic UPnP TCP port mapping for specific IP source address (IGD2) |
cdrouter_upnp_igd2_40 |
Add/delete dynamic UPnP UDP port mapping for wildcard IP source address (IGD2) |
cdrouter_upnp_igd2_41 |
Add/delete dynamic UPnP UDP port mapping for specific IP source address (IGD2) |
cdrouter_upnp_igd2_45 |
Verify UPnP Router rejects new port mappings that conflict (IGD2) |
cdrouter_upnp_igd2_50 |
Verify dynamic UPnP port mapping is deleted when lease expires (IGD2) |
cdrouter_upnp_igd2_100 |
Maximum number of UPnP TCP dynamic port mappings (IGD2) |
cdrouter_upnp_igd2_200 |
Verify UPnP clients can subscribe/unsubcribe to events for WANIPConnection or WANPPPConnection (IGD2) |
cdrouter_upnp_igd2_201 |
Verify UPnP clients can subscribe to events with infinite subscription time (IGD2) |
cdrouter_upnp_igd2_202 |
Verify UPnP clients can renew NOTIFY events for WANIPConnection or WANPPPConnection (IGD2) |
cdrouter_upnp_igd2_203 |
Verify router sends UPnP NOTIFY events for ConnectionStatus (IGD2) |
cdrouter_upnp_igd2_204 |
Verify router sends UPnP NOTIFY events with updated ExternalIPAddress (IGD2) |
cdrouter_upnp_igd2_210 |
Verify router stops sending NOTIFY events when subscription expires (IGD2) |
cdrouter_upnp_igd2_220 |
Verify the maximum number of UPnP event subscriptions that can be created (IGD2) |
cdrouter_upnp_igd2_400 |
Check for UPnP format string vulnerability used by BCMPUPnP_Hunter malware |
pptp-pt.tcl
PPTP based VPN pass through from the LAN to the WAN
| Test Name | Synopsis |
|---|---|
cdrouter_pptppt_1 |
PPTP control session can be established at port 1723 |
cdrouter_pptppt_2 |
Tunneled PPTP data packets pass through router (PPP over GRE) |
cdrouter_pptppt_100 |
Verify the max number of PPTP pass through connections for a single LAN host |
l2tp-pt.tcl
L2TP based VPN pass through from the LAN to the WAN
| Test Name | Synopsis |
|---|---|
cdrouter_l2tppt_1 |
Verify L2TP session passes through router |
cdrouter_l2tppt_2 |
Verify L2TP over IPSEC session passes through router |
cdrouter_l2tppt_10 |
Verify L2TP over IPSEC with NAT-T passes through router |
eapol.tcl
Basic EAPOL tests for all types of EAP
| Test Name | Synopsis |
|---|---|
cdrouter_eapol_1 |
Authenticator sends EAPOL packets to correct MAC address |
cdrouter_eapol_2 |
Basic case of authenticator initiated authentication |
cdrouter_eapol_3 |
Basic case of supplicant initiated authentication |
cdrouter_eapol_6 |
Authenticator sends EAP Failure after supplicant sends EAPOL-Logoff |
cdrouter_eapol_8 |
Authenticator sends EAP Failure if identity is unknown |
cdrouter_eapol_9 |
Authenticator sends EAP Failure if authentication challenge fails |
cdrouter_eapol_20 |
Authenticator retransmits EAP Identity Request if no response is received |
cdrouter_eapol_21 |
Authenticator uses same EAP identifier for each retransmitted identity request |
cdrouter_eapol_23 |
Authenticator ignores EAP Identity Responses with unknown id field |
cdrouter_eapol_24 |
Authenticator enters the held state after authentication is rejected |
cdrouter_eapol_100 |
No packets are forwarded/processed when port is in unauthorized state |
cdrouter_eapol_105 |
Inbound traffic is blocked when port is in unauthorized state |
cdrouter_eapol_110 |
Packets are forwarded during reauthentication if port is in authenticated state |
cdrouter_eapol_112 |
Port is placed in unauthenticated state if reauthentication fails (bad identity) |
cdrouter_eapol_113 |
Port is placed in unauthorized state if reauthentication fails (bad auth) |
cdrouter_eapol_115 |
Port becomes unauthorized if no response to EAP Identity request is received |
cdrouter_eapol_117 |
EAP Success packets from supplicant do not authorize port |
cdrouter_eapol_130 |
Authenticator initiates reauthentication with supplicant every reAuthPeriod |
cdrouter_eapol_140 |
Port is placed in unauthorized state if 802.11 layer is reinitialized |
cdrouter_eapol_300 |
Verify supplicant can login using all configured Identities |
cdrouter_eapol_500 |
Authenticator handles EAP Start flood DoS attack |
cdrouter_eapol_501 |
Authenticator handles EAP Logoff flood DoS attack |
cdrouter_eapol_502 |
Authenticator handles EAP-of-Death DoS attack |
cdrouter_eapol_503 |
Back-end flood DoS attack |
eap-md5.tcl
EAPOL tests specific to EAP-MD5
| Test Name | Synopsis |
|---|---|
cdrouter_eapmd5_10 |
Authenticator sends EAP Failure if MD5 Challenge Response is invalid |
cdrouter_eapmd5_20 |
Authenticator sends EAP Failure if no response to EAP MD5 Challenge Request is received |
cdrouter_eapmd5_23 |
Authenticator ignores EAP MD5 Responses with unknown id field |
cdrouter_eapmd5_500 |
Authenticator handles EAP MD5 Challenge Request DoS attack |
eap-tls.tcl
EAPOL tests specific to EAP-TLS
| Test Name | Synopsis |
|---|---|
cdrouter_eaptls_10 |
Authenticator sends EAP Failure when TLS client fails to authenticate server |
cdrouter_eaptls_12 |
Authenticator sends EAP Failure when TLS server fails to authenticate client |
cdrouter_eaptls_20 |
Port becomes unauthorized if no response to EAP-TLS Start request is received |
cdrouter_eaptls_23 |
Authenticator ignores EAP-TLS Response with unknown id field |
cdrouter_eaptls_40 |
Backend sends TLS Alert if supplicant fails server TLS authentication |
cdrouter_eaptls_115 |
Port becomes unauthorized if TLS session times out |
cdrouter_eaptls_300 |
EAP-TLS authenticator/backend ignores duplicate EAP-TLS packets |
cdrouter_eaptls_400 |
EAP-TLS authentication using small EAP Fragment sizes |
cdrouter_eaptls_410 |
EAP-TLS backend accepts EAP packets without EAP-TLS Message Length field |
cdrouter_eaptls_500 |
Authenticator handles EAP-TLS bad length DoS attack |
eap-radius.tcl
RADIUS client tests for EAP based authentication (802.1X)
| Test Name | Synopsis |
|---|---|
eapradius_1 |
Verify authenticator sends EAP-Success after receiving Access-Accept |
eapradius_2 |
Verify authenticator sends EAP-Failure after Access-Reject |
eapradius_5 |
Validate common RADIUS attributes sent from authenticator |
eapradius_6 |
Verify authentication fails if RADIUS secret is invalid |
eapradius_7 |
Verify authentication fails if Message-Authenticator attribute is invalid |
eapradius_8 |
Verify ID and authenticator are unique for each new Access-Request |
eapradius_9 |
Verify authenticator sends EAP-Failure when no response from RADIUS in unauthenticated state |
eapradius_10 |
Verify authenticator can reassemble EAP packets from many RADIUS eapMessage attributes |
eapradius_12 |
Verify authenticator ignores RADIUS messages with invalid attribute list |
eapradius_14 |
Verify authenticator ignores RADIUS messages without a Message-Authenticator attribute |
eapradius_20 |
Verify authenticator sends canned EAP-Failure message when Access-Reject is received |
eapradius_21 |
Verify authenticator sends canned EAP-Success message when Access-Accept is received |
pppoe-pt.tcl
PPPoE pass through from PPPoE client on LAN to WAN side PPPoE server
| Test Name | Synopsis |
|---|---|
cdrouter_pppoept_1 |
Verify basic case of PPPoE pass through with LAN PPPoE client |
cdrouter_pppoept_2 |
Verify PPPoE packets to unknown MAC address do not use PPPoE pass through |
cdrouter_pppoept_3 |
Verify basic case of PPPoE pass through with LAN PPPoE client using random session ID's |
ipsec-esp.tcl
IPSEC ESP tests for IPSEC based VPNs
| Test Name | Synopsis |
|---|---|
cdrouter_esp_1 |
Verify the ESP header sequence number increases with each new IPv4 IPSEC ESP packet |
cdrouter_esp_3 |
Verify manual IPSEC keys continue to work after ESP sequence number wraps |
cdrouter_esp_5 |
Verify no anti-relay techniques are used with manual IPSEC keys |
cdrouter_esp_8 |
Verify inner IPv4 TTL is decremented for IPSEC tunneled packet |
cdrouter_esp_10 |
Verify packets with wrong ESP authentication are dropped |
cdrouter_esp_20 |
Verify Incoming IP fragments for ESP tunnel are reassembled |
cdrouter_esp_21 |
Verify out-of-order IP fragments for ESP tunnel are reassembled |
cdrouter_esp_22 |
Verify router fragments large IP packets before sending over IPSEC tunnel |
cdrouter_esp_100 |
Verify router supports PMTU discovery for packets sent over IPSEC tunnel |
cdrouter_esp_101 |
Verify DF bit from original packet is copied to encapsulation header |
cdrouter_esp_200 |
Verify return traffic that does not use IPSEC/ESP is dropped |
cdrouter_esp_400 |
Verify all configured IPv4 IPSEC tunnels are operational |
dmz.tcl
Test cases for DMZ configurations
| Test Name | Synopsis |
|---|---|
cdrouter_dmz_1 |
Inbound TCP connections to public side HTTP port are forwarded to DMZ host |
cdrouter_dmz_100 |
Inbound TCP packets are sent to DMZ host for all ports |
cdrouter_dmz_101 |
Inbound UDP packets are sent to DMZ host for all ports |
cdrouter_dmz_110 |
ICMP Echo packets are forwarded to DMZ host |
cdrouter_dmz_200 |
Non ICMP, TCP, UDP, or SCTP protocol types are forwarded to DMZ host |
mcast.tcl
IGMPv2/v3 and multicast data tests for IGMP proxy or pass through
| Test Name | Synopsis |
|---|---|
cdrouter_mcast_1 |
IGMP packets from LAN are forwarded/proxied to WAN interface |
cdrouter_mcast_2 |
Verify IPv4 TTL is decremented for multicast packets |
cdrouter_mcast_11 |
Forward Multicast UDP packets with various packet lengths (LAN to WAN) |
cdrouter_mcast_12 |
Forward Multicast UDP packets with various packet lengths (WAN to LAN) |
cdrouter_mcast_20 |
Verify IGMP router periodically sends general IGMP Query on LAN interface |
cdrouter_mcast_50 |
Multicast streams are not forwarded if no group members exist |
cdrouter_mcast_51 |
Multicast streams are not forwarded after last member leaves group |
cdrouter_mcast_52 |
Multicast streams are not forwarded after last member ages out |
cdrouter_mcast_53 |
IGMP proxy interface answers IGMP general query requests |
cdrouter_mcast_54 |
IGMP proxy interface answers IGMP specific query requests |
cdrouter_mcast_60 |
Verify IGMP router sends IGMP Group Specific Query after last member leaves group |
cdrouter_mcast_70 |
Verify IGMP router sends IGMP Leave after last group member ages out |
cdrouter_mcast_80 |
Verify IGMP router accepts reports with unspecified source address |
cdrouter_mcast_81 |
Verify IGMP snooping switch scenario with unspecified source address |
cdrouter_mcast_82 |
Verify IGMP proxy interface answers general IGMP query requests with unspecified source address |
cdrouter_mcast_83 |
Verify IGMP proxy interface answers specific IGMP query requests with unspecified source address |
cdrouter_mcast_100 |
Verify the maximum number of multicast groups received on the LAN |
cdrouter_mcast_110 |
Verify IPTV channel change test scenario 1 (no overlap) |
cdrouter_mcast_120 |
Verify IPTV channel change test scenario 2 (overlap) |
cdrouter_mcast_200 |
Verify IGMPv3 membership with source specific ALLOW_NEW_SOURCES/BLOCK_OLD_SOURCES |
cdrouter_mcast_210 |
Verify IGMPv3 router blocks incoming multicast sources that do not match the source list |
cdrouter_mcast_220 |
Verify IGMPv3 router blocks incoming sources on a per group basis |
cdrouter_mcast_230 |
Verify IGMPv3 source specific group with multiple sources |
cdrouter_mcast_240 |
Verify IGMPv3 general query requests with source specific memberships |
cdrouter_mcast_250 |
Verify IGMPv3 specific query requests with source specific memberships |
cdrouter_mcast_260 |
Verify IGMPv3 group and source specific query requests |
cdrouter_mcast_300 |
Verify IGMPv3 maximum number of multicast groups with multiple group records |
cdrouter_mcast_310 |
Verify IGMPv3 source specific IPTV channel change test scenario |
dyndns.tcl
Tests for routers with built in DynDNS clients
| Test Name | Synopsis |
|---|---|
cdrouter_dyndns_1 |
DynDNS client sends an update request when the WAN IP address changes |
cdrouter_dyndns_2 |
DynDNS client does not update if the WAN reestablishes with the same IP address |
cdrouter_dyndns_10 |
DynDNS client sends correct parameters in update request |
cdrouter_dyndns_20 |
DynDNS client uses DNS to resolve the address of members.dyndns.org |
cdrouter_dyndns_50 |
DynDNS client doesn't rely on DNS to determine if an update is necessary |
cdrouter_dyndns_101 |
DynDNS client reacts appropriately to error conditions |
sip-alg.tcl
SIP testing for SIP ALG or proxy
| Test Name | Synopsis |
|---|---|
cdrouter_sip_1 |
Verify NAT translation of SIP headers during REGISTER |
cdrouter_sip_2 |
Verify NAT translation of short format SIP headers during REGISTER |
cdrouter_sip_10 |
Verify NAT translation of SIP headers during outbound call |
cdrouter_sip_11 |
Verify NAT translation of short format SIP headers during outbound call |
cdrouter_sip_20 |
Verify NAT translation of SIP headers during inbound call |
cdrouter_sip_21 |
Verify NAT translation of short format SIP headers during inbound call |
cdrouter_sip_30 |
Verify NAT translation of SDP headers during outbound call |
cdrouter_sip_31 |
Verify NAT translation of SDP headers during inbound call |
cdrouter_sip_40 |
Verify SIP call with client using source port not equal to 5060 |
cdrouter_sip_41 |
Verify outbound SIP call with client 'Contact' header using different port |
cdrouter_sip_42 |
Verify inbound SIP call with client 'Contact' header using different port |
cdrouter_sip_43 |
Verify outbound SIP calls allow incoming RTP stream when caller uses mute |
cdrouter_sip_45 |
Verify Via header port is used for response instead of UDP source port |
cdrouter_sip_50 |
Verify NAT translation of SDP remains the same on retransmission of INVITE |
cdrouter_sip_60 |
Verify RTP port mapping is deleted when SIP client ends call (BYE) |
cdrouter_sip_61 |
Verify RTP port mapping is deleted when SIP proxy ends call (BYE) |
cdrouter_sip_62 |
Verify RTP port mapping is deleted when SIP client cancels call (CANCEL) |
cdrouter_sip_63 |
Verify RTP port mapping is deleted or not established if call setup fails |
cdrouter_sip_70 |
Verify SIP ALG with various SIP URI formats |
cdrouter_sip_71 |
Verify outbound calls with multiple SIP clients using the same SIP and SDP ports |
cdrouter_sip_72 |
Verify inbound calls with multiple SIP clients using the same SIP and SDP ports |
cdrouter_sip_73 |
Verify outbound calls with multiple SIP clients using corner case port 65535 for SDP |
cdrouter_sip_80 |
Verify outbound SIP calls when server uses early media SDP setup |
cdrouter_sip_100 |
Verify maximum number of simultaneous outbound SIP calls |
cdrouter_sip_101 |
Verify maximum number of simultaneous inbound SIP calls |
cdrouter_sip_200 |
Verify outbound SIP calls with multiple DHCP LAN clients |
cdrouter_sip_201 |
Verify outbound SIP calls with multiple DHCP LAN clients without registering a port |
sip-alg-tcp.tcl
SIP over TCP testing for SIP ALG or proxy
| Test Name | Synopsis |
|---|---|
cdrouter_sip_tcp_1 |
Verify NAT translation of SIP headers during REGISTER (TCP) |
cdrouter_sip_tcp_2 |
Verify NAT translation of short format SIP headers during REGISTER (TCP) |
cdrouter_sip_tcp_10 |
Verify NAT translation of SIP headers during outbound call (TCP) |
cdrouter_sip_tcp_11 |
Verify NAT translation of short format SIP headers during outbound call (TCP) |
cdrouter_sip_tcp_20 |
Verify NAT translation of SIP headers during inbound call (TCP) |
cdrouter_sip_tcp_21 |
Verify NAT translation of short format SIP headers during inbound call (TCP) |
cdrouter_sip_tcp_30 |
Verify NAT translation of SDP headers during outbound call (TCP) |
cdrouter_sip_tcp_31 |
Verify NAT translation of SDP headers during inbound call (TCP) |
cdrouter_sip_tcp_40 |
Verify SIP call with client using source port not equal to 5060 (TCP) |
cdrouter_sip_tcp_41 |
Verify outbound SIP call with client 'Contact' header using different port (TCP) |
cdrouter_sip_tcp_42 |
Verify inbound SIP call with client 'Contact' header using different port (TCP) |
cdrouter_sip_tcp_43 |
Verify outbound SIP calls allow incoming RTP stream when caller uses mute (TCP) |
cdrouter_sip_tcp_45 |
Verify Via header port is used for response instead of TCP source port (TCP) |
cdrouter_sip_tcp_50 |
Verify NAT translation of SDP remains the same on retransmission of INVITE (TCP) |
cdrouter_sip_tcp_60 |
Verify RTP port mapping is deleted when SIP client ends call (BYE) (TCP) |
cdrouter_sip_tcp_61 |
Verify RTP port mapping is deleted when SIP proxy ends call (BYE) (TCP) |
cdrouter_sip_tcp_62 |
Verify RTP port mapping is deleted when SIP client cancels call (CANCEL) (TCP) |
cdrouter_sip_tcp_63 |
Verify RTP port mapping is deleted or not established if call setup fails (TCP) |
cdrouter_sip_tcp_70 |
Verify SIP ALG with various SIP URI formats (TCP) |
cdrouter_sip_tcp_71 |
Verify outbound calls with multiple SIP clients using the same SIP and SDP ports (TCP) |
cdrouter_sip_tcp_72 |
Verify inbound calls with multiple SIP clients using the same SIP and SDP ports (TCP) |
cdrouter_sip_tcp_73 |
Verify outbound calls with multiple SIP clients using corner case port 65535 for SDP (TCP) |
cdrouter_sip_tcp_80 |
Verify outbound SIP calls when server uses early media SDP setup (TCP) |
cdrouter_sip_tcp_100 |
Verify maximum number of simultaneous outbound SIP calls (TCP) |
cdrouter_sip_tcp_101 |
Verify maximum number of simultaneous inbound SIP calls (TCP) |
cdrouter_sip_tcp_200 |
Verify outbound SIP calls with multiple DHCP LAN clients (TCP) |
cdrouter_sip_tcp_201 |
Verify outbound SIP calls with multiple DHCP LAN clients (TCP) without registering a port |
dns.tcl
DNS proxy and DNS failover related tests
| Test Name | Synopsis |
|---|---|
dns_10 |
Verify DNS proxy does not cache DNS entry when DNS TTL is 0 |
dns_11 |
Verify DNS proxy returns TTL of 0 when returned DNS TTL is 0 |
dns_40 |
Verify AAAA IPv6 DNS queries to router are forwarded to real DNS server |
dns_41 |
Verify AAAA IPv6 DNS queries can return no address for IPv6 to IPv4 failover |
dns_45 |
Verify DNS failover when non-zero error codes are received in non-authoritative DNS response |
dns_46 |
Verify DNS failover when non-zero error codes are received in authoritative DNS response |
dns_50 |
Verify Reverse PTR DNS queries to router are forwarded to real DNS server |
dns_51 |
Verify Reverse AAAA IPv6 DNS queries to router are forwarded to real DNS server |
dns_60 |
Verify DNS proxy fails over when new primary DNS server is learned |
dns_70 |
Verify DNS lookups with multiple IPv4 responses |
dns_100 |
Verify DNS proxy recovers after DNS server outage |
dns_110 |
Verify DNS queries including the EDNS0 option |
dns_120 |
Verify large DNS responses using EDNS0 option |
dns_121 |
Verify maximum UDP payload value in EDNS0 option |
dns_130 |
Verify DNS queries for TXT records |
dns_132 |
Verify DNS queries for CNAME records |
dns_133 |
Verify DNS queries for responses returning both CNAME and A records |
dns_134 |
Verify DNS queries for responses returning both CNAME and AAAA records |
dns_140 |
Verify DNS queries for SPF records |
dns_141 |
Verify DNS queries for SRV records |
dns_150 |
Verify DNS proxy behavior for DNS server status requests |
dns_200 |
Verify DNS proxy does not mangle DNSSEC queries |
dns_201 |
Verify DNS proxy does not mangle large DNSSEC responses |
dns_210 |
Verify DHCP server automatically registers DHCP client's hostname in DNS |
dns_220 |
Verify DHCP server updates DHCP client's hostname when it changes |
dns_230 |
Verify DHCP server supports FQDN hostname values |
dns_240 |
Verify DNS proxy removes old DHCP hostname values when hostname changes |
dns_250 |
Verify DHCP server handles DHCP hostname option with maximum size DNS subdomain length |
dns_300 |
Verify DNS proxy honors TTL values when caching responses |
dns_301 |
Verify maximum number of cached DNS responses |
dns_400 |
Verify parallel DNS queries |
dns_410 |
Verify DNS does not deploy NXDOMAIN hijacking for type A records |
dns_411 |
Verify DNS does not deploy NXDOMAIN hijacking for type AAAA records |
dns_420 |
Verify DNS proxy handles use of bit 0x20 in DNS labels |
dns_500 |
Verify DNS proxy enforces DNS strict privacy usage profile |
dns-https.tcl
DNS over HTTPS proxy and DNS failover related tests
| Test Name | Synopsis |
|---|---|
dns_https_10 |
Verify DNS proxy does not cache DNS entry when DNS TTL is 0 |
dns_https_11 |
Verify DNS proxy returns TTL of 0 when returned DNS TTL is 0 |
dns_https_40 |
Verify AAAA IPv6 DNS queries to router are forwarded to real DNS server |
dns_https_41 |
Verify AAAA IPv6 DNS queries can return no address for IPv6 to IPv4 failover |
dns_https_45 |
Verify DNS failover when non-zero error codes are received in non-authoritative DNS response |
dns_https_46 |
Verify DNS failover when non-zero error codes are received in authoritative DNS response |
dns_https_50 |
Verify Reverse PTR DNS queries to router are forwarded to real DNS server |
dns_https_51 |
Verify Reverse AAAA IPv6 DNS queries to router are forwarded to real DNS server |
dns_https_60 |
Verify DNS proxy fails over when new primary DNS server is learned |
dns_https_70 |
Verify DNS lookups with multiple IPv4 responses |
dns_https_100 |
Verify DNS proxy recovers after DNS server outage |
dns_https_110 |
Verify DNS queries including the EDNS0 option |
dns_https_120 |
Verify large DNS responses using EDNS0 option |
dns_https_121 |
Verify maximum UDP payload value in EDNS0 option |
dns_https_130 |
Verify DNS queries for TXT records |
dns_https_132 |
Verify DNS queries for CNAME records |
dns_https_133 |
Verify DNS queries for responses returning both CNAME and A records |
dns_https_134 |
Verify DNS queries for responses returning both CNAME and AAAA records |
dns_https_140 |
Verify DNS queries for SPF records |
dns_https_141 |
Verify DNS queries for SRV records |
dns_https_150 |
Verify DNS proxy behavior for DNS server status requests |
dns_https_200 |
Verify DNS proxy does not mangle DNSSEC queries |
dns_https_201 |
Verify DNS proxy does not mangle large DNSSEC responses |
dns_https_210 |
Verify DHCP server automatically registers DHCP client's hostname in DNS |
dns_https_220 |
Verify DHCP server updates DHCP client's hostname when it changes |
dns_https_230 |
Verify DHCP server supports FQDN hostname values |
dns_https_240 |
Verify DNS proxy removes old DHCP hostname values when hostname changes |
dns_https_250 |
Verify DHCP server handles DHCP hostname option with maximum size DNS subdomain length |
dns_https_300 |
Verify DNS proxy honors TTL values when caching responses |
dns_https_301 |
Verify maximum number of cached DNS responses |
dns_https_400 |
Verify parallel DNS queries |
dns_https_410 |
Verify DNS does not deploy NXDOMAIN hijacking for type A records |
dns_https_411 |
Verify DNS does not deploy NXDOMAIN hijacking for type AAAA records |
dns_https_420 |
Verify DNS proxy handles use of bit 0x20 in DNS labels |
dns_https_500 |
Verify DNS proxy enforces DNS strict privacy usage profile |
dns-tcp.tcl
DNS over TCP proxy and DNS failover related tests
| Test Name | Synopsis |
|---|---|
dns_tcp_10 |
Verify DNS proxy does not cache DNS entry when DNS TTL is 0 |
dns_tcp_11 |
Verify DNS proxy returns TTL of 0 when returned DNS TTL is 0 |
dns_tcp_40 |
Verify AAAA IPv6 DNS queries to router are forwarded to real DNS server |
dns_tcp_41 |
Verify AAAA IPv6 DNS queries can return no address for IPv6 to IPv4 failover |
dns_tcp_45 |
Verify DNS failover when non-zero error codes are received in non-authoritative DNS response |
dns_tcp_46 |
Verify DNS failover when non-zero error codes are received in authoritative DNS response |
dns_tcp_50 |
Verify Reverse PTR DNS queries to router are forwarded to real DNS server |
dns_tcp_51 |
Verify Reverse AAAA IPv6 DNS queries to router are forwarded to real DNS server |
dns_tcp_60 |
Verify DNS proxy fails over when new primary DNS server is learned |
dns_tcp_70 |
Verify DNS lookups with multiple IPv4 responses |
dns_tcp_100 |
Verify DNS proxy recovers after DNS server outage |
dns_tcp_110 |
Verify DNS queries including the EDNS0 option |
dns_tcp_120 |
Verify large DNS responses using EDNS0 option |
dns_tcp_121 |
Verify maximum UDP payload value in EDNS0 option |
dns_tcp_130 |
Verify DNS queries for TXT records |
dns_tcp_132 |
Verify DNS queries for CNAME records |
dns_tcp_133 |
Verify DNS queries for responses returning both CNAME and A records |
dns_tcp_134 |
Verify DNS queries for responses returning both CNAME and AAAA records |
dns_tcp_140 |
Verify DNS queries for SPF records |
dns_tcp_141 |
Verify DNS queries for SRV records |
dns_tcp_150 |
Verify DNS proxy behavior for DNS server status requests |
dns_tcp_200 |
Verify DNS proxy does not mangle DNSSEC queries |
dns_tcp_201 |
Verify DNS proxy does not mangle large DNSSEC responses |
dns_tcp_210 |
Verify DHCP server automatically registers DHCP client's hostname in DNS |
dns_tcp_220 |
Verify DHCP server updates DHCP client's hostname when it changes |
dns_tcp_230 |
Verify DHCP server supports FQDN hostname values |
dns_tcp_240 |
Verify DNS proxy removes old DHCP hostname values when hostname changes |
dns_tcp_250 |
Verify DHCP server handles DHCP hostname option with maximum size DNS subdomain length |
dns_tcp_300 |
Verify DNS proxy honors TTL values when caching responses |
dns_tcp_301 |
Verify maximum number of cached DNS responses |
dns_tcp_400 |
Verify parallel DNS queries |
dns_tcp_410 |
Verify DNS does not deploy NXDOMAIN hijacking for type A records |
dns_tcp_411 |
Verify DNS does not deploy NXDOMAIN hijacking for type AAAA records |
dns_tcp_420 |
Verify DNS proxy handles use of bit 0x20 in DNS labels |
dns_tcp_500 |
Verify DNS proxy enforces DNS strict privacy usage profile |
dns-tls.tcl
DNS over TLS proxy and DNS failover related tests
| Test Name | Synopsis |
|---|---|
dns_tls_10 |
Verify DNS proxy does not cache DNS entry when DNS TTL is 0 |
dns_tls_11 |
Verify DNS proxy returns TTL of 0 when returned DNS TTL is 0 |
dns_tls_40 |
Verify AAAA IPv6 DNS queries to router are forwarded to real DNS server |
dns_tls_41 |
Verify AAAA IPv6 DNS queries can return no address for IPv6 to IPv4 failover |
dns_tls_45 |
Verify DNS failover when non-zero error codes are received in non-authoritative DNS response |
dns_tls_46 |
Verify DNS failover when non-zero error codes are received in authoritative DNS response |
dns_tls_50 |
Verify Reverse PTR DNS queries to router are forwarded to real DNS server |
dns_tls_51 |
Verify Reverse AAAA IPv6 DNS queries to router are forwarded to real DNS server |
dns_tls_60 |
Verify DNS proxy fails over when new primary DNS server is learned |
dns_tls_70 |
Verify DNS lookups with multiple IPv4 responses |
dns_tls_100 |
Verify DNS proxy recovers after DNS server outage |
dns_tls_110 |
Verify DNS queries including the EDNS0 option |
dns_tls_120 |
Verify large DNS responses using EDNS0 option |
dns_tls_121 |
Verify maximum UDP payload value in EDNS0 option |
dns_tls_130 |
Verify DNS queries for TXT records |
dns_tls_132 |
Verify DNS queries for CNAME records |
dns_tls_133 |
Verify DNS queries for responses returning both CNAME and A records |
dns_tls_134 |
Verify DNS queries for responses returning both CNAME and AAAA records |
dns_tls_140 |
Verify DNS queries for SPF records |
dns_tls_141 |
Verify DNS queries for SRV records |
dns_tls_150 |
Verify DNS proxy behavior for DNS server status requests |
dns_tls_200 |
Verify DNS proxy does not mangle DNSSEC queries |
dns_tls_201 |
Verify DNS proxy does not mangle large DNSSEC responses |
dns_tls_210 |
Verify DHCP server automatically registers DHCP client's hostname in DNS |
dns_tls_220 |
Verify DHCP server updates DHCP client's hostname when it changes |
dns_tls_230 |
Verify DHCP server supports FQDN hostname values |
dns_tls_240 |
Verify DNS proxy removes old DHCP hostname values when hostname changes |
dns_tls_250 |
Verify DHCP server handles DHCP hostname option with maximum size DNS subdomain length |
dns_tls_300 |
Verify DNS proxy honors TTL values when caching responses |
dns_tls_301 |
Verify maximum number of cached DNS responses |
dns_tls_400 |
Verify parallel DNS queries |
dns_tls_410 |
Verify DNS does not deploy NXDOMAIN hijacking for type A records |
dns_tls_411 |
Verify DNS does not deploy NXDOMAIN hijacking for type AAAA records |
dns_tls_420 |
Verify DNS proxy handles use of bit 0x20 in DNS labels |
dns_tls_500 |
Verify DNS proxy enforces DNS strict privacy usage profile |
mdns.tcl
mDNS related test cases
| Test Name | Synopsis |
|---|---|
mdns_10 |
Verify DUT responds to one-shot mDNS query of its hostname |
mdns_11 |
Verify DUT responds to one-shot mDNS reverse query of its LAN IP |
mdns_12 |
Verify DUT returns DNS-Service Discovery records for its web server using one-shot mDNS |
mdns_13 |
Verify DUT does not forward LAN one-shot mDNS query onto the WAN |
mdns_14 |
Verify DUT returns additional TXT and SRV records for its web server using one-shot mDNS |
mdns_20 |
Verify DUT responds to mDNS query of its hostname |
mdns_21 |
Verify DUT responds to mDNS reverse query of its LAN IP |
mdns_22 |
Verify DUT returns DNS-Service Discovery records for its web server |
mdns_23 |
Verify DUT does not forward LAN mDNS query onto the WAN |
mdns_24 |
Verify DUT returns TXT and SRV records for its web server |
dns-rfc5625.tcl
IETF RFC 5625 DNS Proxy Implementation Guidelines
| Test Name | Synopsis |
|---|---|
dns_rfc5625_10 |
A DNS proxy must forward unknown DNS flags and data |
dns_rfc5625_11 |
A DNS proxy must forward DNS packets regardless of compressed labels |
dns_rfc5625_12 |
A DNS proxy must forward DNS packets regardless of qtype and qclass fields |
dns_rfc5625_13 |
A DNS proxy must always preserve the TC bit |
dns_rfc5625_14 |
A DNS proxy must be able to forward DNS over TCP |
dns_rfc5625_15 |
A DNS proxy should not convert a TCP lookup into a UDP lookup |
dns_rfc5625_17 |
A DNS proxy should be able to forward EDNS0 UDP packets at least 4096 bytes in size |
dns_rfc5625_19 |
A LAN Client should be able to send a DNS query directly to upstream server |
dns_rfc5625_22 |
A DNS query ID from a DNS proxy should not increase monotonically |
dns_rfc5625_23 |
A DNS proxy should not accept connections on the WAN port |
static.tcl
IP static route related tests
| Test Name | Synopsis |
|---|---|
static_1 |
Verify all LAN static routes with LAN side traffic only |
static_2 |
Verify all LAN static routes with LAN to WAN traffic |
static_10 |
Verify all WAN static routes |
static_20 |
Verify all WAN static routes after WAN ISP address change |
dos.tcl
Common denial of service attacks against routers
| Test Name | Synopsis |
|---|---|
cdrouter_dos_1 |
Send 'ping of death' ICMP request to LAN side of the router |
cdrouter_dos_2 |
Send 'ping of death' ICMP request to WAN side of the router |
cdrouter_dos_10 |
Launch LAND attack against router's management port on the LAN |
cdrouter_dos_20 |
Verify that the DUT is not a Smurf reflector (ICMP attack) |
cdrouter_dos_21 |
Verify that the DUT is not a Fraggle reflector (UDP attack) |
cdrouter_dos_30 |
SYN floods an open port on the DUT from spoofed LAN clients |
cdrouter_dos_31 |
SYN floods an open port on the WAN from spoofed Internet addresses |
cdrouter_dos_32 |
ARP floods the DUT's LAN interface |
cdrouter_dos_33 |
Christmas Tree floods the service ports on the WAN from spoofed Internet addresses |
cdrouter_dos_34 |
Floods the WAN interface with anomalous TCP packets |
xbox.tcl
Xbox LIVE compatibility tests to simulate Xbox LIVE console tests
| Test Name | Synopsis |
|---|---|
xbox_1 |
IP Address Test: Verify DHCP IPv4 address or static IPv4 address |
xbox_2 |
DNS Test: Verify DNS lookups from LAN client |
xbox_3 |
MTU Test: Verify IPv4 MTU of 1364 for Xbox LIVE |
xbox_4 |
ICMP Test: Verify ICMP Destination Unreachable message from WAN does not destroy NAT mapping |
xbox_5 |
NAT Test: Verify Xbox NAT classification of Open, Moderate, or Strict |
xbox_6 |
UPnP Test: Verify UDP wildcard port mapping can be created |
sctp.tcl
SCTP related test cases
| Test Name | Synopsis |
|---|---|
sctp_1 |
Verify SCTP association initiation and termination |
sctp_2 |
Verify SCTP association with bidirectional data transfer |
sctp_3 |
Verify two simultaneous SCTP associations to same WAN server |
sctp_4 |
Verify two simultaneous SCTP associations with same source port to same WAN server |
lldp.tcl
LLDP tests
| Test Name | Synopsis |
|---|---|
lldp_1 |
Verify LLDP message transmission interval |
lldp_2 |
Verify LLDP new neighbor detection |
lldp_3 |
Verify Chassis TLV in DUT's LLDP message |
lldp_4 |
Verify System Name TLV in DUT's LLDP message |
rfc5508.tcl
IETF RFC 5508 NAT behavioral requirements for ICMP
| Test Name | Synopsis |
|---|---|
rfc5508_req_1 |
Section 3.1: ICMP Query Mapping, REQ-1 |
rfc5508_req_2 |
Section 3.2: ICMP Query Session Timeouts, REQ-2 |
rfc5508_req_3 |
Section 4.1: ICMP Error Payload Validation, REQ-3 |
rfc5508_req_3a |
Section 4.1: ICMP Error Payload Validation, REQ-3, Part A |
rfc5508_req_4 |
Section 4.1: ICMP Error Packet Received from the External Realm, REQ-4 |
rfc5508_req_5 |
Section 4.2.2: ICMP Error Packet Received from the Private Realm, REQ-5 |
rfc5508_req_6 |
Section 4.3: NAT Sessions Pertaining to ICMP Error Payload, REQ-6 |
rfc5508_req_7 |
Section 5: Hairpinning Support for ICMP Packets, REQ-7 |
rfc4787.tcl
RFC 4787 NAT behavioral requirements for unicast UDP
| Test Name | Synopsis |
|---|---|
rfc4787_req_1 |
Section 4.1: Address and Port Mapping, REQ-1 Mapping Behavior |
rfc4787_req_2 |
Section 4.1: Address and Port Mapping, REQ-2 Address Pooling Behavior |
rfc4787_req_3 |
Section 4.2.1: Port Assignment Behavior, REQ-3 |
rfc4787_req_4 |
Section 4.2.2: Port Parity, REQ-4 |
rfc4787_req_5 |
Section 4.3: Mapping Refresh, REQ-5 Expiration Window |
rfc4787_req_6 |
Section 4.3: Mapping Refresh, REQ-6 Refresh Behavior |
rfc4787_req_8 |
Section 5: Filtering Behavior, REQ-8 |
rfc4787_req_9 |
Section 6: Hairpinning Behavior, REQ-9 |
rfc4787_req_11 |
Section 8: Deterministic Properties, REQ-11 |
rfc4787_req_12 |
Section 9: ICMP Destination Unreachable Behavior, REQ-12 |
rfc4787_req_13 |
Section 10: Fragmentation of Outgoing Packets, REQ-13 |
rfc4787_req_14 |
Section 11: Receiving Fragmented Packets, REQ-14 |
http.tcl
HTTP related test cases
| Test Name | Synopsis |
|---|---|
cdrouter_http_100 |
Verify HTTP/1.0 GET connections |
cdrouter_http_101 |
Verify HTTP/1.0 POST connections |
cdrouter_http_102 |
Verify HTTP/1.0 HEAD connections |
cdrouter_http_103 |
Verify HTTP/1.0 GET connections with large number of headers |
cdrouter_http_200 |
Verify HTTP/1.1 GET connections |
cdrouter_http_201 |
Verify HTTP/1.1 POST connections |
cdrouter_http_202 |
Verify HTTP/1.1 HEAD connections |
cdrouter_http_203 |
Verify HTTP/1.1 PUT connections |
cdrouter_http_204 |
Verify HTTP/1.1 OPTIONS connections |
cdrouter_http_205 |
Verify HTTP/1.1 DELETE connections |
cdrouter_http_206 |
Verify HTTP/1.1 GET connections with large number of headers |
cdrouter_http_250 |
Verify HTTP/1.1 GET connections with chunked encoding |
cdrouter_http_260 |
Verify HTTP/1.1 proxy idle timeout |
cdrouter_http_270 |
Verify HTTP/1.1 pipelining |
cdrouter_http_280 |
Verify HTTP/1.1 streaming using chunked encoding |
cdrouter_http_300 |
Verify HTTP/1.1 WebSocket Ping message |
cdrouter_http_301 |
Verify HTTP/1.1 WebSocket Text message |
https.tcl
HTTPS related test cases
| Test Name | Synopsis |
|---|---|
cdrouter_https_100 |
Verify HTTPS/1.0 GET connections |
cdrouter_https_101 |
Verify HTTPS/1.0 POST connections |
cdrouter_https_102 |
Verify HTTPS/1.0 HEAD connections |
cdrouter_https_103 |
Verify HTTPS/1.0 GET connections with large number of headers |
cdrouter_https_200 |
Verify HTTPS/1.1 GET connections |
cdrouter_https_201 |
Verify HTTPS/1.1 POST connections |
cdrouter_https_202 |
Verify HTTPS/1.1 HEAD connections |
cdrouter_https_203 |
Verify HTTPS/1.1 PUT connections |
cdrouter_https_204 |
Verify HTTPS/1.1 OPTIONS connections |
cdrouter_https_205 |
Verify HTTPS/1.1 DELETE connections |
cdrouter_https_206 |
Verify HTTPS/1.1 GET connections with large number of headers |
cdrouter_https_250 |
Verify HTTPS/1.1 GET connections with chunked encoding |
cdrouter_https_300 |
Verify HTTPS/1.1 WebSocket Ping message |
cdrouter_https_301 |
Verify HTTPS/1.1 WebSocket Text message |
http2.tcl
HTTP/2 related test cases
| Test Name | Synopsis |
|---|---|
cdrouter_http2_100 |
Verify HTTP/2 GET connections |
cdrouter_http2_101 |
Verify HTTP/2 POST connections |
cdrouter_http2_102 |
Verify HTTP/2 HEAD connections |
cdrouter_http2_103 |
Verify HTTP/2 PUT connections |
cdrouter_http2_104 |
Verify HTTP/2 OPTIONS connections |
cdrouter_http2_105 |
Verify HTTP/2 DELETE connections |
cdrouter_http2_106 |
Verify HTTP/2 GET connections with large number of headers |
http2-tls.tcl
HTTP/2 over TLS related test cases
| Test Name | Synopsis |
|---|---|
cdrouter_http2_tls_100 |
Verify HTTP/2 GET connections over TLS |
cdrouter_http2_tls_101 |
Verify HTTP/2 POST connections over TLS |
cdrouter_http2_tls_102 |
Verify HTTP/2 HEAD connections over TLS |
cdrouter_http2_tls_103 |
Verify HTTP/2 PUT connections over TLS |
cdrouter_http2_tls_104 |
Verify HTTP/2 OPTIONS connections over TLS |
cdrouter_http2_tls_105 |
Verify HTTP/2 DELETE connections over TLS |
cdrouter_http2_tls_106 |
Verify HTTP/2 GET connections over TLS with large number of headers |
heartbleed.tcl
Heartbleed vulnerability tests for CVE-2014-0160
| Test Name | Synopsis |
|---|---|
cdrouter_heartbleed_100 |
Verify DUT's LAN HTTPS server is protected against heartbleed exploit |
cdrouter_heartbleed_200 |
Verify DUT's WAN HTTPS server is protected against heartbleed exploit |
cdrouter_heartbleed_300 |
Verify DUT's TR-069 client is protected against heartbleed exploit |
ssl.tcl
SSL related test cases
| Test Name | Synopsis |
|---|---|
cdrouter_ssl_100 |
Verify DUT's LAN HTTPS server refuses connections with deprecated SSL protocols |
cdrouter_ssl_110 |
Verify DUT's LAN HTTPS server accepts connections with allowed SSL protocols |
cdrouter_ssl_200 |
Verify DUT's LAN HTTPS server refuses connections with deprecated SSL ciphers |
cdrouter_ssl_210 |
Verify DUT's LAN HTTPS server accepts connections with allowed SSL ciphers |
gre.tcl
IPv4 over GRE related test cases
| Test Name | Synopsis |
|---|---|
gre_1 |
Verify traffic sent to remote GRE host from LAN is forwarded over IPv4 GRE tunnel |
gre_2 |
Verify traffic sent to LAN from remote GRE host is forwarded over IPv4 GRE tunnel |
gre_3 |
Verify DUT's LAN IPv4 address is reachable over GRE tunnel |
gre_4 |
Verify GRE header fields for IPv4 packet |
gre_5 |
Verify DUT forwards GRE packets with valid GRE checksums |
gre_6 |
Verify DUT drops GRE packets with bad GRE checksums |
gre_30 |
Verify DUT fragments large outbound packets sent over GRE tunnel |
gre_31 |
Verify DUT sends ICMPv4 Destination Unreachables if a GRE packet needs fragmentation and DF=1 |
gre_32 |
Verify DUT reassembles and forwards fragmented IPv4 UDP packets from the LAN over GRE tunnel |
gre_34 |
Verify DUT reassembles and forwards fragmented IPv4 UDP packets from the WAN over GRE tunnel |
gre_35 |
Verify DUT reassembles and forwards fragmented IPv4 UDP packets from the WAN over GRE tunnel that also require fragmentation on the LAN |
gre_36 |
Verify DUT properly reassembles and forwards out of order IPv4 fragments |
gre_50 |
Verify DUT sets the DF flag in the GRE delivery header |
gre_60 |
Verify DUT drops invalid GRE packets |
gre_80 |
Verify DUT supports PMTU discovery for packets sent over GRE tunnel |
gre_100 |
Verify that all configured IPv4 over GRE tunnels are capable of forwarding traffic |
wifi.tcl
WiFi client association and verification tests
| Test Name | Synopsis |
|---|---|
wifi_1 |
Graceful wireless LAN client restart |
wifi_2 |
Restart wireless LAN client without releasing address |
wifi_3 |
Restart wireless LAN client without releasing or obtaining a new address |
wifi_10 |
Verify connectivity using all wifi modes advertised by the DUT |
wifi_11 |
Verify DUT prevents use of TKIP cipher when using HT/VHT/HE |
wifi_20 |
Verify DUT's wifi beacons contain expected mode information |
wifi_30 |
WiFi association stress test |
wifi_300 |
WiFi association stress test all clients |
wifi_40 |
WiFi SSID scan test |
wifi_50 |
WiFi Band Steering test |
wifi_60 |
Verify DUT permits use of WPA3 H2E on 5GHz |
wifi_61 |
Verify DUT enforces use of WPA3 H2E on 6GHz |
arp.tcl
ARP functional test cases
| Test Name | Synopsis |
|---|---|
arp_1 |
Verify DUT responds to broadcast ARP request on LAN interface |
arp_2 |
Verify DUT responds to unicast ARP request on LAN interface |
arp_3 |
Verify DUT responds to ARP Probes on the LAN interface |
arp_10 |
Verify DUT updates ARP cache when ARP request is received |
arp_11 |
Verify DUT updates ARP cache when ARP reply is received |
arp_12 |
Verify DUT updates ARP cache when a gratuitous ARP request is received |
arp_13 |
Verify DUT updates ARP cache when a gratuitous ARP reply is received |
arp_20 |
Verify DUT does not respond to bad ARP Requests |
arp_30 |
Verify DUT does not leak WAN side addresses on LAN via ARP |
arp_31 |
Verify DUT does not leak LAN side addresses on WAN via ARP |
arp_40 |
Verify DUT ARP mode behavior - open, restricted, strict |
arp_50 |
Verify DUT ignores spoofed ARP reply for WAN gateway |
arp_60 |
Verify DUT handles a large number of ARP requests with unique MAC addresses |
arp_61 |
Verify DUT handles a large number of ARP replies with unique MAC addresses |
