Product
Search Results

CDRouter Test Summaries

Test Case Summaries

  • Modules: 65
  • Test Cases: 798

Below is a summary of the testcases in each module


basic.tcl

Initial connectivity tests to verify ARP and DHCP client are connected

Test Name Synopsis
cdrouter_basic_1 Router responds to ARP request on LAN interface
cdrouter_basic_2 Router responds to ARP request on WAN interface
cdrouter_basic_10 Verify LAN DHCP clients receive gateway/DNS configuration from WAN side
cdrouter_basic_20 Outbound packets use specified/cloned source MAC address

connectivity.tcl

Device connectivity tests to verify link, reboot, and other diagnostics

Test Name Synopsis
cdrouter_connectivity_1 Execute and validate DUT Reboot Function
cdrouter_connectivity_2 Validate connectivity of WAN interface while disabling and enabling link layer
cdrouter_connectivity_3 Validate connectivity of LAN interface while disabling and enabling link layer
cdrouter_connectivity_4 Execute simple connectivity check only

dhcp-c.tcl

DHCP client tests for the WAN side of the router

Test Name Synopsis
cdrouter_dhcp_1 DHCP client renews lease when current lease expires
cdrouter_dhcp_2 DHCP client resends DHCPREQUEST packet if server does not respond
cdrouter_dhcp_3 DHCP client drops back into DISCOVERY mode if original server stops responding
cdrouter_dhcp_4 DHCP client drops back into DISCOVERY mode if server sends a DHCPNAK
cdrouter_dhcp_5 DHCP client remains in DISCOVERY mode if server sends a DHCPNAK
cdrouter_dhcp_10 DHCP client ignores site-specific DHCP options
cdrouter_dhcp_11 Verify DHCP client handles server option with length 0
cdrouter_dhcp_20 DHCP client ignores DHCP packets with corrupt UDP checksum
cdrouter_dhcp_30 DHCP client includes vendor defined options
cdrouter_dhcp_31 Verify client supports DHCP Rapid Commit option
cdrouter_dhcp_32 Verify client supports DHCP Forcerenew Nonce Authentication
cdrouter_dhcp_33 Verify client ignores DHCPFORCERENEW without Authentication option
cdrouter_dhcp_34 Verify client ignores DHCPFORCERENEW authenticated with incorrect nonce
cdrouter_dhcp_35 Verify client ignores DHCPFORCERENEW messages on port 67
cdrouter_dhcp_36 Verify client ignores DHCPOFFER messages on port 67
cdrouter_dhcp_40 Verify client requests same parameters in all subsequent DHCP messages
cdrouter_dhcp_41 Verify client uses same Client ID in all subsequent DHCP messages
cdrouter_dhcp_50 Verify client uses a randomized exponential backoff algorithm for DHCPDISCOVER retransmissions
cdrouter_dhcp_51 Verify client uses an exponential backoff algorithm for DHCP Request retransmissions in state RENEW
cdrouter_dhcp_60 DHCP client obtains lease when server delays responses
cdrouter_dhcp_70 DHCP client is able to rebind to alternate DHCP server

ecn.tcl

IPv4 ECN Forwarding Tests

Test Name Synopsis
ecn_tcp_1 TCP Download with ECN Capable Transport, ECN unaware DUT, ECT(0)
ecn_tcp_2 TCP Download with ECN Capable Transport, ECN unaware DUT, ECT(1)
ecn_tcp_3 TCP Download with ECN Capable Transport, ECN unaware DUT, Congestion Encountered
ecn_tcp_4 TCP Upload with ECN Capable Transport, ECN unaware DUT, ECT(0)
ecn_tcp_5 TCP Upload with ECN Capable Transport, ECN unaware DUT, ECT(1)
ecn_tcp_6 TCP Upload with ECN Capable Transport, ECN unaware DUT, ECT(0), Congestion Encountered

pppoe-c.tcl

PPPoE client tests for the WAN side of the router

Test Name Synopsis
cdrouter_pppoe_client_1 PPPoE client restarts PPPoE Discovery when PPP LCP Echo-Requests fail
cdrouter_pppoe_client_10 PPPoE client restarts PPPoE Discovery when PPP LCP terminates PPP link
cdrouter_pppoe_client_50 PPPoE PPP client replies to LCP Echo-Requests
cdrouter_pppoe_client_60 PPPoE PPP client maintains LCP Magic Number during session
cdrouter_pppoe_client_200 PPPoE/PPP restarts if PPP authentication fails
cdrouter_pppoe_client_210 PPPoE/PPP can recover if LCP renegotiation is attempted
cdrouter_pppoe_client_230 PPPoE/PPP can recover if LCP Echo-Request contains bad length
cdrouter_pppoe_client_300 PPPoE client recovers if PPPoE server drops PADR from PPPoE client
cdrouter_pppoe_client_310 PPPoE client returns AC-Cookie in PADR when server sends AC-Cookie in PADO
cdrouter_pppoe_client_320 PPPoE client maintains Relay-Session-Id during PPPoE session establishment
cdrouter_pppoe_client_330 PPPoE client sends PADT packet after idle timeout elapses
cdrouter_pppoe_client_400 Verify PPPoE client sends correct PPP-Max-Payload tag in PADI packets

pptp-c.tcl

PPTP client tests for the WAN side of the router

Test Name Synopsis
cdrouter_pptp_5 PPTP client restarts PPTP connection when PPTP Echo Requests fail
cdrouter_pptp_10 PPTP client restarts PPTP connection when PPP LCP terminates PPP link
cdrouter_pptp_20 PPTP client restarts PPTP connection when TCP control session is closed
cdrouter_pptp_25 PPTP client restarts PPTP connection when TCP control session is reset
cdrouter_pptp_30 PPTP client initiates new call after a PPTP Call-Disconnect-Notify
cdrouter_pptp_50 PPTP PPP client replies to LCP Echo Requests
cdrouter_pptp_60 PPTP PPP client maintains LCP Magic Number during session
cdrouter_pptp_200 PPTP/PPP restarts if PPP authentication fails
cdrouter_pptp_210 PPTP/PPP can recover if LCP renegotiation is attempted
cdrouter_pptp_230 PPTP/PPP can recover if LCP Echo Request contains bad length

l2tp-c.tcl

L2TP client tests for WAN side of the router

Test Name Synopsis
cdrouter_l2tp_5 L2TP client restarts L2TP connection when L2TP Hello Requests are unanswered
cdrouter_l2tp_10 L2TP client restarts L2TP connection when PPP LCP terminates PPP link
cdrouter_l2tp_20 L2TP client initiates new L2TP connection after closing tunnel with StopCCN
cdrouter_l2tp_30 L2TP client initiates new L2TP tunnel after receiving CDN and StopCCN
cdrouter_l2tp_40 L2TP client sends HELLO after period of inactivity
cdrouter_l2tp_50 L2TP PPP client replies to LCP Echo Requests
cdrouter_l2tp_60 L2TP PPP client maintains LCP Magic Number during session
cdrouter_l2tp_200 L2TP/PPP restarts if PPP authentication fails
cdrouter_l2tp_210 L2TP/PPP can recover if LCP renegotiation is attempted
cdrouter_l2tp_230 L2TP/PPP can recover if LCP Echo Request contains bad length

chap.tcl

PPP CHAP tests for PPP based protocols on the WAN (PPPoE and PPTP)

Test Name Synopsis
cdrouter_chap_10 PPP CHAP authentication with various size key lengths
cdrouter_chap_20 Verify PPP client will reauthenticate using CHAP during active connection

mac-filter.tcl

Basic tests for verifying MAC based network filters

Test Name Synopsis
cdrouter_mac_filter_1 Verify ARP resolution behavior for filtered hosts with deny policy
cdrouter_mac_filter_2 Verify ARP resolution behavior for filtered hosts with allow policy
cdrouter_mac_filter_3 Verify DHCP behavior for filtered hosts with deny policy
cdrouter_mac_filter_4 Verify DHCP behavior for filtered hosts with allow policy
cdrouter_mac_filter_5 Verify ICMP Echo behavior for filtered hosts with deny policy
cdrouter_mac_filter_6 Verify ICMP Echo behavior for filtered hosts with allow policy

dhcp-s.tcl

DHCP server tests for the LAN side of the router

Test Name Synopsis
cdrouter_dhcp_server_1 Verify DHCP server returns same IP address when client renews
cdrouter_dhcp_server_2 Verify DHCP server rejects DHCPREQUESTS with non-offered IP address
cdrouter_dhcp_server_3 Verify DHCP server address reservations
cdrouter_dhcp_server_4 Verify DHCP server returns IP address within configured pool
cdrouter_dhcp_server_5 Verify DHCP server returns IP address with expected lease time
cdrouter_dhcp_server_6 Verify DHCP server returns same IP address when client restarts
cdrouter_dhcp_server_7 Verify DHCP server returns same IP address when client releases then restarts
cdrouter_dhcp_server_8 Verify DHCP server returns same IP address when client restarts using Requested IP Address option
cdrouter_dhcp_server_9 Verify DHCP server returns same IP address when client releases and restarts using Requested IP Address option
cdrouter_dhcp_server_10 Verify DHCP server returns requested IP address when new client uses Requested IP Address option
cdrouter_dhcp_server_11 Verify DHCP server does not return an address when invalid Requested IP Address option is used
cdrouter_dhcp_server_30 DHCP server includes vendor defined options
cdrouter_dhcp_server_31 Verify server supports DHCP Rapid Commit option
cdrouter_dhcp_server_35 Verify DHCP server ignores DHCPDISCOVER messages on port 68
cdrouter_dhcp_server_100 Verify DHCP server accepts DHCP client packets with IPv4 length less than 576
cdrouter_dhcp_server_200 Verify DHCP server rejects DHCPREQUESTS with IP address of other clients
cdrouter_dhcp_server_300 Verify DHCP server ignores site-specific DHCP options
cdrouter_dhcp_server_301 Verify DHCP server handles client option with length 0
cdrouter_dhcp_server_401 Verify DHCP server ignores DHCP packets with an invalid UDP checksum
cdrouter_dhcp_server_501 Verify DHCP server allows multiple DHCP clients with same name (DHCP option 12)
cdrouter_dhcp_server_520 Verify DHCP server uses IPv4 broadcast when DHCP client sets broadcast flag
cdrouter_dhcp_server_540 Verify DHCP server probes IPv4 client address before assigning
cdrouter_dhcp_server_600 Verify DHCP server returns correct WINS server(s)
cdrouter_dhcp_server_610 Verify DHCP server returns correct NTP server(s)
cdrouter_dhcp_server_620 Verify DHCP server returns correct client identifier option
cdrouter_dhcp_server_630 Verify DHCP server returns correct DNS server(s)
cdrouter_dhcp_server_700 Verify DHCP server responds to unicast and broadcast DHCPINFORM messages
cdrouter_dhcp_server_710 Verify DHCP server handles clients using V-I Vendor-Specific Information option
cdrouter_dhcp_server_720 Verify DHCP server handles clients using V-I Vendor Class option
cdrouter_dhcp_server_800 Verify DHCP server does not become exhausted after a large number of DHCP restarts
cdrouter_dhcp_server_801 Verify DHCP server does not become exhausted after a large number of DHCP release then restarts

nat.tcl

NAPT tests for TCP, UDP, and ICMP

Test Name Synopsis
cdrouter_nat_1 Outbound TCP connections use NAPT
cdrouter_nat_2 Outbound UDP connections use NAPT
cdrouter_nat_100 Maximum number of TCP connections with single LAN host
cdrouter_nat_101 NAPT with multiple LAN hosts using the same TCP source port
cdrouter_nat_120 NAPT with a TCP and UDP connection using the same source port
cdrouter_nat_130 Verify NAPT with outbound TCP connections using high and low source ports
cdrouter_nat_150 Verify TCP source port can be reused after a passive close behind NAPT
cdrouter_nat_200 Maximum number of UDP connections with single LAN host
cdrouter_nat_201 NAPT with multiple LAN hosts using the same UDP source port
cdrouter_nat_300 Verify NAPT checks source IP address of inbound UDP packets
cdrouter_nat_320 UDP headers with a checksum equal to 0 should not be modified
cdrouter_nat_330 Outbound TCP connection using IPv4 options
cdrouter_nat_340 Outbound UDP connection using IPv4 options
cdrouter_nat_350 Verify NAPT uses port parity preservation
cdrouter_nat_360 Verify ICMP Destination Unreachable message from WAN does not destroy NAT UDP mapping
cdrouter_nat_361 Verify ICMP Destination Unreachable message from WAN does not destroy NAT TCP mapping
cdrouter_nat_400 Verify basic MSS Clamping for TCP sessions
cdrouter_nat_401 Verify MSS Clamping with TCP options from different clients
cdrouter_nat_410 Verify MSS Clamping does not modify smaller MSS values
cdrouter_nat_500 NAT uses single binding for TCP session with same source IP and source port
cdrouter_nat_501 NAT uses single binding for UDP session with same source IP and source port
cdrouter_nat_510 NAT performs hairpin translation for LAN side TCP connections
cdrouter_nat_511 NAT performs hairpin translation for LAN side UDP connections
cdrouter_nat_520 Verify Port-Restricted, Address-Restricted, or Full-Cone NAPT for UDP connections
cdrouter_nat_530 Verify TCP connections using TCP window scale option through NAT
cdrouter_nat_600 Verify TCP Fast Open cookie request through NAT
cdrouter_nat_610 Verify TCP connections using TCP Fast Open option through NAT

nat-timeout.tcl

NAPT tests for session timers

Test Name Synopsis
cdrouter_nat_timeout_1 Verify NAT TCP session timeout after FIN close
cdrouter_nat_timeout_2 Verify NAT TCP session timeout after RST close
cdrouter_nat_timeout_10 Verify NAT TCP session timeout for established session
cdrouter_nat_timeout_11 Verify NAT TCP SYN session timeout
cdrouter_nat_timeout_20 Verify NAT UDP session timeout
cdrouter_nat_timeout_25 Verify NAT DNS session timeout
cdrouter_nat_timeout_30 Verify NAT ICMP session timeout
cdrouter_nat_timeout_40 Verify RTSP session timeout for established session

nat-frag.tcl

NAPT tests for IPv4 fragmentation

Test Name Synopsis
nat_frag_1 Verify NAT with TCP IPv4 fragments
nat_frag_2 Verify NAT with TCP IPv4 out-of-order fragments
nat_frag_11 Verify NAT with UDP IPv4 fragments
nat_frag_12 Verify NAT with UDP IPv4 out-of-order fragments
nat_frag_21 Verify NAT with ICMP IPv4 fragments
nat_frag_22 Verify NAT with ICMP IPv4 out-of-order fragments

renum-dhcp.tcl

WAN side renumbering tests with DHCP on the WAN

Test Name Synopsis
cdrouter_renumber_1 Verify WAN client learns new IP address when WAN server renumbers
cdrouter_renumber_2 Verify existing TCP connections can be reestablished after WAN renumber
cdrouter_renumber_3 Verify LAN clients learn new DNS server during LAN side renew
cdrouter_renumber_4 Verify LAN clients learn new longer domain name during LAN side renew
cdrouter_renumber_5 Verify LAN clients learn new shorter domain name during LAN side renew
cdrouter_renumber_6 Verify WAN side switches to new gateway after renumber
cdrouter_renumber_50 Verify LAN clients learn additional DNS servers

renum-pppoe.tcl

WAN side renumbering tests with PPPoE on the WAN

Test Name Synopsis
cdrouter_renum_pppoe_1 Verify WAN PPPoE client learns new IP address when WAN server renumbers
cdrouter_renum_pppoe_2 Verify existing TCP connections can be reestablished after WAN renumber
cdrouter_renum_pppoe_3 Verify LAN clients learn new DNS server during LAN side renew
cdrouter_renum_pppoe_6 Verify WAN side switches to new gateway after renumber
cdrouter_renum_pppoe_50 Verify LAN clients learn additional DNS server

renum-pptp.tcl

WAN side renumbering tests with PPTP on the WAN

Test Name Synopsis
cdrouter_renum_pptp_1 Verify WAN PPTP client learns new IP address when WAN server renumbers
cdrouter_renum_pptp_2 Verify existing TCP connections can be reestablished after WAN renumber
cdrouter_renum_pptp_3 Verify LAN clients learn new DNS server during LAN side renew
cdrouter_renum_pptp_6 Verify WAN side switches to new gateway after renumber
cdrouter_renum_pptp_50 Verify LAN clients learn additional DNS server

renum-l2tp.tcl

WAN side renumbering tests with L2TP on the WAN

Test Name Synopsis
cdrouter_renum_l2tp_1 Verify WAN L2TP client learns new IP address when WAN server renumbers
cdrouter_renum_l2tp_2 Verify existing TCP connections can be reestablished after WAN renumber
cdrouter_renum_l2tp_3 Verify LAN clients learn new DNS server during LAN side renew
cdrouter_renum_l2tp_6 Verify WAN side switches to new gateway after renumber
cdrouter_renum_l2tp_50 Verify LAN clients learn additional DNS server

icmp.tcl

ICMP tests for generating various ICMP packets and NAPT of ICMP data

Test Name Synopsis
cdrouter_icmp_1 Verify ICMP Echo Requests (ping) work through router
cdrouter_icmp_2 Verify ICMP Echo Requests from multiple LAN clients work through router
cdrouter_icmp_5 Verify ICMP Echo Requests to router's LAN side IP address from the LAN
cdrouter_icmp_6 Verify ICMP Echo Requests to router's WAN side IP address from the LAN
cdrouter_icmp_7 Verify ICMP Echo Requests to router's WAN side IP address from the WAN
cdrouter_icmp_10 Verify ICMP Time Exceeded packet is sent when incoming UDP TTL is 1
cdrouter_icmp_11 Verify NAT translates IP address in ICMP Time Exceeded packet
cdrouter_icmp_12 Verify NAT translates IP address in ICMP Destination Unreachable with code port unreachable
cdrouter_icmp_13 Verify NAT translates IP address in ICMP Destination Unreachable with code fragmentation needed
cdrouter_icmp_14 Verify NAT translates IP address in outbound ICMP Destination Unreachable with code port unreachable
cdrouter_icmp_20 Verify router supports Path MTU Discovery over WAN interface
cdrouter_icmp_30 Verify ICMP Time Exceeded packet is sent when incoming TCP TTL is 1

firewall.tcl

Firewall tests including port scans

Test Name Synopsis
cdrouter_firewall_1 Inbound TCP connections to public side HTTP port are blocked
cdrouter_firewall_2 Inbound TCP connections to LAN hosts are blocked
cdrouter_firewall_10 DHCP server ignores DHCP client request from the WAN
cdrouter_firewall_12 DNS requests from the WAN are ignored by DNS proxy or relay
cdrouter_firewall_100 Perform TCP port scan test on router's public WAN IP address
cdrouter_firewall_101 Perform UDP port scan test on router's public WAN IP address
cdrouter_firewall_110 Perform TCP fragmentation port scan test on router's public WAN IP address
cdrouter_firewall_301 Verify firewall blocks/accepts piggyback TCP SYN connections from WAN
cdrouter_firewall_508 Verify outbound packets are not forwarded if the source address is not a prefix of the interior network

firewall-out.tcl

Firewall tests for limiting outbound access to services

Test Name Synopsis
cdrouter_firewall_outbound_1 Verify CPE does not forward outbound TCP packets to ports that have been administratively blocked
cdrouter_firewall_outbound_2 Verify CPE does not forward outbound UDP packets to ports that have been administratively blocked
cdrouter_firewall_outbound_3 Verify CPE does not forward outbound IP packets for protocols that have been administratively blocked

apps.tcl

Application layer gateway (ALG) tests for FTP, DNS, TFTP, SMTP, POP3, MSN, RTSP and others

Test Name Synopsis
cdrouter_app_2 Verify router supports the active mode FTP PORT command
cdrouter_app_3 Multiple FTP connections using the same source port
cdrouter_app_10 Connections opened for FTP PORT command check for correct IPv4 address
cdrouter_app_11 Verify FTP PORT command succeeds when TCP segment is retransmitted
cdrouter_app_12 Verify FTP PORT translation stays the same when TCP segment is retransmitted
cdrouter_app_14 Verify router closes public ports opened with the FTP PORT command
cdrouter_app_15 Verify router supports the active mode FTP EPRT command
cdrouter_app_16 Verify translation of EPRT command accepts non default delimiters
cdrouter_app_17 Verify router supports the passive mode FTP PASV command
cdrouter_app_18 Verify router supports the passive mode FTP EPSV command
cdrouter_app_20 Verify DNS queries to router are forwarded to real DNS server
cdrouter_app_21 Verify DNS queries sent to primary DNS server
cdrouter_app_22 Verify DNS queries sent to backup DNS server
cdrouter_app_25 Verify DNS relay on router fails over to backup DNS server
cdrouter_app_26 Verify DNS relay on router fails over to backup DNS server (using same ID for retransmissions)
cdrouter_app_27 Verify DNS relay on router fails over to third DNS server
cdrouter_app_28 Verify DNS relay on router fails over to third DNS server (using same ID for retransmissions)
cdrouter_app_30 Verify DNS queries sent directly to a 3rd party DNS server
cdrouter_app_100 Verify router supports wrapping of TCP sequence number for FTP transfers
cdrouter_app_110 Verify HTTPS session through the router
cdrouter_app_120 Verify SMTP session through the router
cdrouter_app_122 Verify POP3 session through the router
cdrouter_app_124 Verify TFTP session through the router
cdrouter_app_126 Verify NTP session through the router
cdrouter_app_130 Verify STUN session through the router
cdrouter_app_131 Verify authenticated STUN session through the router
cdrouter_app_140 Verify IPv4 L2GRE session through the router
cdrouter_app_302 Verify router translates MSN File Transfer Invite messages
cdrouter_app_305 Verify router translates MSN Voice Invite messages
cdrouter_app_310 Verify router does not modify MSN fields related to NAT detection
cdrouter_rtsp_1 Verify basic RTSP session with UDP transport
cdrouter_rtsp_2 Verify basic RTSP session with UDP transport for multiple LAN hosts
cdrouter_rtsp_10 Verify RTSP transport is translated in both outbound and inbound directions
cdrouter_rtsp_20 Verify RTSP port mapping is deleted after TEARDOWN and TCP close
cdrouter_rtsp_21 Verify RTSP port mapping is deleted after TEARDOWN and without TCP close
cdrouter_rtsp_22 Verify RTSP port mappings still work when TCP connection is closed
cdrouter_rtsp_30 Verify IPv4 destination in client transport SETUP is translated to public IP
cdrouter_rtsp_50 Verify RTSP ALG supports persistent TCP connections
cdrouter_rtsp_60 Verify RTSP session with different IPv4 address for RTP media server
cdrouter_rtsp_70 Verify RTSP session timeout for established session
cdrouter_mptcp_1 Verify a Multipath TCP connection can be opened
cdrouter_mptcp_2 Verify a Multipath TCP connection with two subflows can be opened

ipsecpt.tcl

IPSEC based VPN pass through from the LAN to the WAN

Test Name Synopsis
cdrouter_ipsecpt_1 Verify IKE packets pass through router on UDP port 500
cdrouter_ipsecpt_2 Verify tunnel mode IPSEC packets pass through router
cdrouter_ipsecpt_3 Fragmented tunnel mode IPSEC packets are forwarded between LAN and WAN
cdrouter_ipsecpt_30 Verify unknown IPv4 protocol types using the pass through mechanism
cdrouter_ipsecpt_100 Verify the maximum number of IPSEC pass through connections for a single LAN host
cdrouter_ipsecpt_110 Verify IPSEC pass through with multiple LAN clients using same VPN server
cdrouter_ipsecpt_120 Verify IKE with multiple LAN clients using same VPN server
cdrouter_ipsecpt_200 IPSEC pass through without NAT-T based IPSEC client
cdrouter_ipsecpt_210 IPSEC pass through with NAT-T based IPSEC client

forward.tcl

Forwarding tests with different packet sizes and directions

Test Name Synopsis
cdrouter_forward_1 Verify IPv4 TTL is decremented for forwarded packets
cdrouter_forward_2 Verify packet is not forwarded when IPv4 TTL is 1
cdrouter_forward_3 Verify packet can be forwarded back through incoming LAN interface
cdrouter_forward_4 Verify packet is not forwarded if IPv4 checksum is corrupt
cdrouter_forward_10 Forward UDP packets with various packet lengths (LAN to WAN)
cdrouter_forward_11 Forward UDP packets with various packet lengths (WAN to LAN)
cdrouter_forward_20 No packets are forwarded if WAN lease expires

jumbo.tcl

Jumbo MTU forwarding tests with different packet sizes and directions

Test Name Synopsis
cdrouter_jumbo_1 Verify IPv4 TTL is decremented for forwarded jumbo MTU packets
cdrouter_jumbo_2 Verify jumbo MTU packet is not forwarded when IPv4 TTL is 1
cdrouter_jumbo_3 Verify jumbo MTU packet can be forwarded back through incoming LAN interface
cdrouter_jumbo_4 Verify jumbo MTU packet is not forwarded if IPv4 checksum is corrupt
cdrouter_jumbo_10 Forward jumbo MTU UDP packets with various packet lengths (LAN to WAN)
cdrouter_jumbo_11 Forward jumbo MTU UDP packets with various packet lengths (WAN to LAN)

rip.tcl

RIPv1/v2 tests for LAN side of the router

Test Name Synopsis
cdrouter_rip_1 Verify router sends RIPv1/v2 update on LAN side
cdrouter_rip_2 Verify router learns new RIP routes from LAN side RIP router (v1 or v2)
cdrouter_rip_5 Verify router responds to RIP requests on LAN interface
cdrouter_rip_10 Verify router selects RIP route with lowest metric (v1 or v2)
cdrouter_rip_12 Verify router ignores routes with a metric of 16
cdrouter_rip_20 Verify router uses split horizon or poison reverse for learned RIP routes
cdrouter_rip_30 Verify router announces default route on LAN side
cdrouter_rip_100 Verify the maximum number of RIP routes supported
cdrouter_rip_200 Verify router learns new RIP routes from WAN side RIP router (v1 or v2)

scaling.tcl

Scaling tests for maximum number of DHCP clients and connections (TCP, HTTP, VPN)

Test Name Synopsis
cdrouter_scale_1 Verify all DHCP clients are operational
cdrouter_scale_2 Verify all DHCP clients with multiple TCP connections
cdrouter_scale_3 Verify all DHCP clients with single UDP connection
cdrouter_scale_10 Verify no duplicate IP addresses are assigned when DHCP address pool is exhausted
cdrouter_scale_15 Verify all DHCP clients can create an IPSEC tunnel
cdrouter_scale_20 Verify all DHCP clients can create a PPTP tunnel
cdrouter_scale_30 Verify all DHCP clients can create a L2TP/IPSEC tunnel
cdrouter_scale_40 Verify all DHCP clients can create a L2TP/IPSEC tunnel with NAT-T

vservice.tcl

Port forwarding tests to verify configured virtual services on the router

Test Name Synopsis
cdrouter_vservice_10 Verify each configured TCP virtual service
cdrouter_vservice_20 Verify each configured UDP virtual service
cdrouter_vservice_30 Verify TCP virtual services are reachable from the LAN side
cdrouter_vservice_40 Verify UDP virtual services are reachable from the LAN side

url-filter.tcl

URL filtering tests for LAN side HTTP clients

Test Name Synopsis
cdrouter_urlfilter_10 Verify HTTP GETs to filtered URLs are blocked
cdrouter_urlfilter_12 Verify HTTP GETs to filtered URLs are blocked without DNS lookups
cdrouter_urlfilter_15 Verify HTTP HEADs to filtered URLs are blocked
cdrouter_urlfilter_20 Verify HTTP POSTs to filtered URLs are blocked
cdrouter_urlfilter_30 Verify URL filtering does not look at Cookie data
cdrouter_urlfilter_40 Verify HTTPS GETs to filtered URLs are blocked

triggerp.tcl

Tests to verify configured trigger ports on the router

Test Name Synopsis
cdrouter_tport_10 Verify basic case for each configured trigger port application
cdrouter_tport_30 Verify multiple LAN hosts can use trigger ports after mappings are aged out

upnp.tcl

UPnP tests for routers that support IGDv1/IGDv2 devices

Test Name Synopsis
cdrouter_ssdp_1 Verify UPnP router responds to SSDP Discovery Requests on LAN
cdrouter_ssdp_2 Verify UPnP router does not respond to SSDP Discovery Requests on WAN
cdrouter_ssdp_3 Verify UPnP router supports discovery of required IGD devices and services
cdrouter_ssdp_4 Verify UPnP router does not respond to SSDP Discovery Requests without MX header
cdrouter_ssdp_5 Verify UPnP router responds to unicast SSDP Discovery Requests on LAN
cdrouter_ssdp_6 Verify required headers of M-SEARCH responses on LAN
cdrouter_upnp_10 Verify XML description of IGD root device can be parsed
cdrouter_upnp_12 Verify XML descriptions cannot be loaded from the WAN side of router
cdrouter_upnp_20 Verify XML description for WANIPConnection or WANPPPConnection service can be parsed
cdrouter_upnp_25 Verify router responds to UPnP Query for ConnectionStatus
cdrouter_upnp_30 Verify UPnP GetExternalIPAddress Action returns WAN IP address
cdrouter_upnp_31 Verify UPnP GetStatusInfo Action returns correct ConnectionStatus information
cdrouter_upnp_32 Verify UPnP GetStatusInfo Action returns increasing Uptime value
cdrouter_upnp_35 Add/delete dynamic UPnP TCP port mapping for wildcard IP source address
cdrouter_upnp_36 Add/delete dynamic UPnP TCP port mapping for specific IP source address
cdrouter_upnp_40 Add/delete dynamic UPnP UDP port mapping for wildcard IP source address
cdrouter_upnp_41 Add/delete dynamic UPnP UDP port mapping for specific IP source address
cdrouter_upnp_45 Verify UPnP Router rejects new port mappings that conflict
cdrouter_upnp_50 Verify dynamic UPnP port mapping is deleted when lease expires
cdrouter_upnp_100 Maximum number of UPnP TCP dynamic port mappings
cdrouter_upnp_200 Verify UPnP clients can subscribe/unsubcribe to events for WANIPConnection or WANPPPConnection
cdrouter_upnp_201 Verify UPnP clients can subscribe to events with infinite subscription time
cdrouter_upnp_202 Verify UPnP clients can renew NOTIFY events for WANIPConnection or WANPPPConnection
cdrouter_upnp_203 Verify router sends UPnP NOTIFY events for ConnectionStatus
cdrouter_upnp_204 Verify router sends UPnP NOTIFY events with updated ExternalIPAddress
cdrouter_upnp_210 Verify router stops sending NOTIFY events when subscription expires
cdrouter_upnp_220 Verify the maximum number of UPnP event subscriptions that can be created
cdrouter_upnp_400 Check for UPnP format string vulnerability used by BCMPUPnP_Hunter malware
cdrouter_ssdp_igd2_3 Verify UPnP router supports discovery of required devices and services (IGD2)
cdrouter_upnp_igd2_10 Verify XML description of IGD root device can be parsed (IGD2)
cdrouter_upnp_igd2_12 Verify XML descriptions cannot be loaded from the WAN side of router (IGD2)
cdrouter_upnp_igd2_20 Verify XML description for WANIPConnection or WANPPPConnection service can be parsed (IGD2)
cdrouter_upnp_igd2_25 Verify router responds to UPnP Query for ConnectionStatus (IGD2)
cdrouter_upnp_igd2_30 Verify UPnP GetExternalIPAddress Action returns WAN IP address (IGD2)
cdrouter_upnp_igd2_31 Verify UPnP GetStatusInfo Action returns correct ConnectionStatus information (IGD2)
cdrouter_upnp_igd2_32 Verify UPnP GetStatusInfo Action returns increasing Uptime value (IGD2)
cdrouter_upnp_igd2_35 Add/delete dynamic UPnP TCP port mapping for wildcard IP source address (IGD2)
cdrouter_upnp_igd2_36 Add/delete dynamic UPnP TCP port mapping for specific IP source address (IGD2)
cdrouter_upnp_igd2_40 Add/delete dynamic UPnP UDP port mapping for wildcard IP source address (IGD2)
cdrouter_upnp_igd2_41 Add/delete dynamic UPnP UDP port mapping for specific IP source address (IGD2)
cdrouter_upnp_igd2_45 Verify UPnP Router rejects new port mappings that conflict (IGD2)
cdrouter_upnp_igd2_50 Verify dynamic UPnP port mapping is deleted when lease expires (IGD2)
cdrouter_upnp_igd2_100 Maximum number of UPnP TCP dynamic port mappings (IGD2)
cdrouter_upnp_igd2_200 Verify UPnP clients can subscribe/unsubcribe to events for WANIPConnection or WANPPPConnection (IGD2)
cdrouter_upnp_igd2_201 Verify UPnP clients can subscribe to events with infinite subscription time (IGD2)
cdrouter_upnp_igd2_202 Verify UPnP clients can renew NOTIFY events for WANIPConnection or WANPPPConnection (IGD2)
cdrouter_upnp_igd2_203 Verify router sends UPnP NOTIFY events for ConnectionStatus (IGD2)
cdrouter_upnp_igd2_204 Verify router sends UPnP NOTIFY events with updated ExternalIPAddress (IGD2)
cdrouter_upnp_igd2_210 Verify router stops sending NOTIFY events when subscription expires (IGD2)
cdrouter_upnp_igd2_220 Verify the maximum number of UPnP event subscriptions that can be created (IGD2)
cdrouter_upnp_igd2_400 Check for UPnP format string vulnerability used by BCMPUPnP_Hunter malware

pptp-pt.tcl

PPTP based VPN pass through from the LAN to the WAN

Test Name Synopsis
cdrouter_pptppt_1 PPTP control session can be established at port 1723
cdrouter_pptppt_2 Tunneled PPTP data packets pass through router (PPP over GRE)
cdrouter_pptppt_100 Verify the max number of PPTP pass through connections for a single LAN host

l2tp-pt.tcl

L2TP based VPN pass through from the LAN to the WAN

Test Name Synopsis
cdrouter_l2tppt_1 Verify L2TP session passes through router
cdrouter_l2tppt_2 Verify L2TP over IPSEC session passes through router
cdrouter_l2tppt_10 Verify L2TP over IPSEC with NAT-T passes through router

eapol.tcl

Basic EAPOL tests for all types of EAP

Test Name Synopsis
cdrouter_eapol_1 Authenticator sends EAPOL packets to correct MAC address
cdrouter_eapol_2 Basic case of authenticator initiated authentication
cdrouter_eapol_3 Basic case of supplicant initiated authentication
cdrouter_eapol_6 Authenticator sends EAP Failure after supplicant sends EAPOL-Logoff
cdrouter_eapol_8 Authenticator sends EAP Failure if identity is unknown
cdrouter_eapol_9 Authenticator sends EAP Failure if authentication challenge fails
cdrouter_eapol_20 Authenticator retransmits EAP Identity Request if no response is received
cdrouter_eapol_21 Authenticator uses same EAP identifier for each retransmitted identity request
cdrouter_eapol_23 Authenticator ignores EAP Identity Responses with unknown id field
cdrouter_eapol_24 Authenticator enters the held state after authentication is rejected
cdrouter_eapol_100 No packets are forwarded/processed when port is in unauthorized state
cdrouter_eapol_105 Inbound traffic is blocked when port is in unauthorized state
cdrouter_eapol_110 Packets are forwarded during reauthentication if port is in authenticated state
cdrouter_eapol_112 Port is placed in unauthenticated state if reauthentication fails (bad identity)
cdrouter_eapol_113 Port is placed in unauthorized state if reauthentication fails (bad auth)
cdrouter_eapol_115 Port becomes unauthorized if no response to EAP Identity request is received
cdrouter_eapol_117 EAP Success packets from supplicant do not authorize port
cdrouter_eapol_130 Authenticator initiates reauthentication with supplicant every reAuthPeriod
cdrouter_eapol_140 Port is placed in unauthorized state if 802.11 layer is reinitialized
cdrouter_eapol_300 Verify supplicant can login using all configured Identities
cdrouter_eapol_500 Authenticator handles EAP Start flood DoS attack
cdrouter_eapol_501 Authenticator handles EAP Logoff flood DoS attack
cdrouter_eapol_502 Authenticator handles EAP-of-Death DoS attack
cdrouter_eapol_503 Back-end flood DoS attack

eap-md5.tcl

EAPOL tests specific to EAP-MD5

Test Name Synopsis
cdrouter_eapmd5_10 Authenticator sends EAP Failure if MD5 Challenge Response is invalid
cdrouter_eapmd5_20 Authenticator sends EAP Failure if no response to EAP MD5 Challenge Request is received
cdrouter_eapmd5_23 Authenticator ignores EAP MD5 Responses with unknown id field
cdrouter_eapmd5_500 Authenticator handles EAP MD5 Challenge Request DoS attack

eap-tls.tcl

EAPOL tests specific to EAP-TLS

Test Name Synopsis
cdrouter_eaptls_10 Authenticator sends EAP Failure when TLS client fails to authenticate server
cdrouter_eaptls_12 Authenticator sends EAP Failure when TLS server fails to authenticate client
cdrouter_eaptls_20 Port becomes unauthorized if no response to EAP-TLS Start request is received
cdrouter_eaptls_23 Authenticator ignores EAP-TLS Response with unknown id field
cdrouter_eaptls_40 Backend sends TLS Alert if supplicant fails server TLS authentication
cdrouter_eaptls_115 Port becomes unauthorized if TLS session times out
cdrouter_eaptls_300 EAP-TLS authenticator/backend ignores duplicate EAP-TLS packets
cdrouter_eaptls_400 EAP-TLS authentication using small EAP Fragment sizes
cdrouter_eaptls_410 EAP-TLS backend accepts EAP packets without EAP-TLS Message Length field
cdrouter_eaptls_500 Authenticator handles EAP-TLS bad length DoS attack

eap-radius.tcl

RADIUS client tests for EAP based authentication (802.1X)

Test Name Synopsis
eapradius_1 Verify authenticator sends EAP-Success after receiving Access-Accept
eapradius_2 Verify authenticator sends EAP-Failure after Access-Reject
eapradius_5 Validate common RADIUS attributes sent from authenticator
eapradius_6 Verify authentication fails if RADIUS secret is invalid
eapradius_7 Verify authentication fails if Message-Authenticator attribute is invalid
eapradius_8 Verify ID and authenticator are unique for each new Access-Request
eapradius_9 Verify authenticator sends EAP-Failure when no response from RADIUS in unauthenticated state
eapradius_10 Verify authenticator can reassemble EAP packets from many RADIUS eapMessage attributes
eapradius_12 Verify authenticator ignores RADIUS messages with invalid attribute list
eapradius_14 Verify authenticator ignores RADIUS messages without a Message-Authenticator attribute
eapradius_20 Verify authenticator sends canned EAP-Failure message when Access-Reject is received
eapradius_21 Verify authenticator sends canned EAP-Success message when Access-Accept is received

pppoe-pt.tcl

PPPoE pass through from PPPoE client on LAN to WAN side PPPoE server

Test Name Synopsis
cdrouter_pppoept_1 Verify basic case of PPPoE pass through with LAN PPPoE client
cdrouter_pppoept_2 Verify PPPoE packets to unknown MAC address do not use PPPoE pass through
cdrouter_pppoept_3 Verify basic case of PPPoE pass through with LAN PPPoE client using random session ID's

ipsec-esp.tcl

IPSEC ESP tests for IPSEC based VPNs

Test Name Synopsis
cdrouter_esp_1 Verify the ESP header sequence number increases with each new IPv4 IPSEC ESP packet
cdrouter_esp_3 Verify manual IPSEC keys continue to work after ESP sequence number wraps
cdrouter_esp_5 Verify no anti-relay techniques are used with manual IPSEC keys
cdrouter_esp_8 Verify inner IPv4 TTL is decremented for IPSEC tunneled packet
cdrouter_esp_10 Verify packets with wrong ESP authentication are dropped
cdrouter_esp_20 Verify Incoming IP fragments for ESP tunnel are reassembled
cdrouter_esp_21 Verify out-of-order IP fragments for ESP tunnel are reassembled
cdrouter_esp_22 Verify router fragments large IP packets before sending over IPSEC tunnel
cdrouter_esp_100 Verify router supports PMTU discovery for packets sent over IPSEC tunnel
cdrouter_esp_101 Verify DF bit from original packet is copied to encapsulation header
cdrouter_esp_200 Verify return traffic that does not use IPSEC/ESP is dropped
cdrouter_esp_400 Verify all configured IPv4 IPSEC tunnels are operational

dmz.tcl

Test cases for DMZ configurations

Test Name Synopsis
cdrouter_dmz_1 Inbound TCP connections to public side HTTP port are forwarded to DMZ host
cdrouter_dmz_100 Inbound TCP packets are sent to DMZ host for all ports
cdrouter_dmz_101 Inbound UDP packets are sent to DMZ host for all ports
cdrouter_dmz_110 ICMP Echo packets are forwarded to DMZ host
cdrouter_dmz_200 Non ICMP, TCP, UDP, or SCTP protocol types are forwarded to DMZ host

mcast.tcl

IGMPv2/v3 and multicast data tests for IGMP proxy or pass through

Test Name Synopsis
cdrouter_mcast_1 IGMP packets from LAN are forwarded/proxied to WAN interface
cdrouter_mcast_2 Verify IPv4 TTL is decremented for multicast packets
cdrouter_mcast_11 Forward Multicast UDP packets with various packet lengths (LAN to WAN)
cdrouter_mcast_12 Forward Multicast UDP packets with various packet lengths (WAN to LAN)
cdrouter_mcast_20 Verify IGMP router periodically sends general IGMP Query on LAN interface
cdrouter_mcast_50 Multicast streams are not forwarded if no group members exist
cdrouter_mcast_51 Multicast streams are not forwarded after last member leaves group
cdrouter_mcast_52 Multicast streams are not forwarded after last member ages out
cdrouter_mcast_53 IGMP proxy interface answers IGMP general query requests
cdrouter_mcast_54 IGMP proxy interface answers IGMP specific query requests
cdrouter_mcast_60 Verify IGMP router sends IGMP Group Specific Query after last member leaves group
cdrouter_mcast_70 Verify IGMP router sends IGMP Leave after last group member ages out
cdrouter_mcast_80 Verify IGMP router accepts reports with unspecified source address
cdrouter_mcast_81 Verify IGMP snooping switch scenario with unspecified source address
cdrouter_mcast_82 Verify IGMP proxy interface answers general IGMP query requests with unspecified source address
cdrouter_mcast_83 Verify IGMP proxy interface answers specific IGMP query requests with unspecified source address
cdrouter_mcast_100 Verify the maximum number of multicast groups received on the LAN
cdrouter_mcast_110 Verify IPTV channel change test scenario 1 (no overlap)
cdrouter_mcast_120 Verify IPTV channel change test scenario 2 (overlap)
cdrouter_mcast_200 Verify IGMPv3 membership with source specific ALLOW_NEW_SOURCES/BLOCK_OLD_SOURCES
cdrouter_mcast_210 Verify IGMPv3 router blocks incoming multicast sources that do not match the source list
cdrouter_mcast_220 Verify IGMPv3 router blocks incoming sources on a per group basis
cdrouter_mcast_230 Verify IGMPv3 source specific group with multiple sources
cdrouter_mcast_240 Verify IGMPv3 general query requests with source specific memberships
cdrouter_mcast_250 Verify IGMPv3 specific query requests with source specific memberships
cdrouter_mcast_260 Verify IGMPv3 group and source specific query requests
cdrouter_mcast_300 Verify IGMPv3 maximum number of multicast groups with multiple group records
cdrouter_mcast_310 Verify IGMPv3 source specific IPTV channel change test scenario

dyndns.tcl

Tests for routers with built in DynDNS clients

Test Name Synopsis
cdrouter_dyndns_1 DynDNS client sends an update request when the WAN IP address changes
cdrouter_dyndns_2 DynDNS client does not update if the WAN reestablishes with the same IP address
cdrouter_dyndns_10 DynDNS client sends correct parameters in update request
cdrouter_dyndns_20 DynDNS client uses DNS to resolve the address of members.dyndns.org
cdrouter_dyndns_50 DynDNS client doesn't rely on DNS to determine if an update is necessary
cdrouter_dyndns_101 DynDNS client reacts appropriately to error conditions

sip-alg.tcl

SIP testing for SIP ALG or proxy

Test Name Synopsis
cdrouter_sip_1 Verify NAT translation of SIP headers during REGISTER
cdrouter_sip_2 Verify NAT translation of short format SIP headers during REGISTER
cdrouter_sip_10 Verify NAT translation of SIP headers during outbound call
cdrouter_sip_11 Verify NAT translation of short format SIP headers during outbound call
cdrouter_sip_20 Verify NAT translation of SIP headers during inbound call
cdrouter_sip_21 Verify NAT translation of short format SIP headers during inbound call
cdrouter_sip_30 Verify NAT translation of SDP headers during outbound call
cdrouter_sip_31 Verify NAT translation of SDP headers during inbound call
cdrouter_sip_40 Verify SIP call with client using source port not equal to 5060
cdrouter_sip_41 Verify outbound SIP call with client 'Contact' header using different port
cdrouter_sip_42 Verify inbound SIP call with client 'Contact' header using different port
cdrouter_sip_43 Verify outbound SIP calls allow incoming RTP stream when caller uses mute
cdrouter_sip_45 Verify Via header port is used for response instead of UDP source port
cdrouter_sip_50 Verify NAT translation of SDP remains the same on retransmission of INVITE
cdrouter_sip_60 Verify RTP port mapping is deleted when SIP client ends call (BYE)
cdrouter_sip_61 Verify RTP port mapping is deleted when SIP proxy ends call (BYE)
cdrouter_sip_62 Verify RTP port mapping is deleted when SIP client cancels call (CANCEL)
cdrouter_sip_63 Verify RTP port mapping is deleted or not established if call setup fails
cdrouter_sip_70 Verify SIP ALG with various SIP URI formats
cdrouter_sip_71 Verify outbound calls with multiple SIP clients using the same SIP and SDP ports
cdrouter_sip_72 Verify inbound calls with multiple SIP clients using the same SIP and SDP ports
cdrouter_sip_73 Verify outbound calls with multiple SIP clients using corner case port 65535 for SDP
cdrouter_sip_80 Verify outbound SIP calls when server uses early media SDP setup
cdrouter_sip_100 Verify maximum number of simultaneous outbound SIP calls
cdrouter_sip_101 Verify maximum number of simultaneous inbound SIP calls
cdrouter_sip_200 Verify outbound SIP calls with multiple DHCP LAN clients
cdrouter_sip_201 Verify outbound SIP calls with multiple DHCP LAN clients without registering a port

sip-alg-tcp.tcl

SIP over TCP testing for SIP ALG or proxy

Test Name Synopsis
cdrouter_sip_tcp_1 Verify NAT translation of SIP headers during REGISTER (TCP)
cdrouter_sip_tcp_2 Verify NAT translation of short format SIP headers during REGISTER (TCP)
cdrouter_sip_tcp_10 Verify NAT translation of SIP headers during outbound call (TCP)
cdrouter_sip_tcp_11 Verify NAT translation of short format SIP headers during outbound call (TCP)
cdrouter_sip_tcp_20 Verify NAT translation of SIP headers during inbound call (TCP)
cdrouter_sip_tcp_21 Verify NAT translation of short format SIP headers during inbound call (TCP)
cdrouter_sip_tcp_30 Verify NAT translation of SDP headers during outbound call (TCP)
cdrouter_sip_tcp_31 Verify NAT translation of SDP headers during inbound call (TCP)
cdrouter_sip_tcp_40 Verify SIP call with client using source port not equal to 5060 (TCP)
cdrouter_sip_tcp_41 Verify outbound SIP call with client 'Contact' header using different port (TCP)
cdrouter_sip_tcp_42 Verify inbound SIP call with client 'Contact' header using different port (TCP)
cdrouter_sip_tcp_43 Verify outbound SIP calls allow incoming RTP stream when caller uses mute (TCP)
cdrouter_sip_tcp_45 Verify Via header port is used for response instead of TCP source port (TCP)
cdrouter_sip_tcp_50 Verify NAT translation of SDP remains the same on retransmission of INVITE (TCP)
cdrouter_sip_tcp_60 Verify RTP port mapping is deleted when SIP client ends call (BYE) (TCP)
cdrouter_sip_tcp_61 Verify RTP port mapping is deleted when SIP proxy ends call (BYE) (TCP)
cdrouter_sip_tcp_62 Verify RTP port mapping is deleted when SIP client cancels call (CANCEL) (TCP)
cdrouter_sip_tcp_63 Verify RTP port mapping is deleted or not established if call setup fails (TCP)
cdrouter_sip_tcp_70 Verify SIP ALG with various SIP URI formats (TCP)
cdrouter_sip_tcp_71 Verify outbound calls with multiple SIP clients using the same SIP and SDP ports (TCP)
cdrouter_sip_tcp_72 Verify inbound calls with multiple SIP clients using the same SIP and SDP ports (TCP)
cdrouter_sip_tcp_73 Verify outbound calls with multiple SIP clients using corner case port 65535 for SDP (TCP)
cdrouter_sip_tcp_80 Verify outbound SIP calls when server uses early media SDP setup (TCP)
cdrouter_sip_tcp_100 Verify maximum number of simultaneous outbound SIP calls (TCP)
cdrouter_sip_tcp_101 Verify maximum number of simultaneous inbound SIP calls (TCP)
cdrouter_sip_tcp_200 Verify outbound SIP calls with multiple DHCP LAN clients (TCP)
cdrouter_sip_tcp_201 Verify outbound SIP calls with multiple DHCP LAN clients (TCP) without registering a port

dns.tcl

DNS proxy and DNS failover related tests

Test Name Synopsis
dns_10 Verify DNS proxy does not cache DNS entry when DNS TTL is 0
dns_11 Verify DNS proxy returns TTL of 0 when returned DNS TTL is 0
dns_40 Verify AAAA IPv6 DNS queries to router are forwarded to real DNS server
dns_41 Verify AAAA IPv6 DNS queries can return no address for IPv6 to IPv4 failover
dns_45 Verify DNS failover when non-zero error codes are received in non-authoritative DNS response
dns_46 Verify DNS failover when non-zero error codes are received in authoritative DNS response
dns_50 Verify Reverse PTR DNS queries to router are forwarded to real DNS server
dns_51 Verify Reverse AAAA IPv6 DNS queries to router are forwarded to real DNS server
dns_60 Verify DNS proxy fails over when new primary DNS server is learned
dns_70 Verify DNS lookups with multiple IPv4 responses
dns_100 Verify DNS proxy recovers after DNS server outage
dns_110 Verify DNS queries including the EDNS0 option
dns_120 Verify large DNS responses using EDNS0 option
dns_121 Verify maximum UDP payload value in EDNS0 option
dns_130 Verify DNS queries for TXT records
dns_132 Verify DNS queries for CNAME records
dns_133 Verify DNS queries for responses returning both CNAME and A records
dns_134 Verify DNS queries for responses returning both CNAME and AAAA records
dns_140 Verify DNS queries for SPF records
dns_141 Verify DNS queries for SRV records
dns_150 Verify DNS proxy behavior for DNS server status requests
dns_200 Verify DNS proxy does not mangle DNSSEC queries
dns_201 Verify DNS proxy does not mangle large DNSSEC responses
dns_210 Verify DHCP server automatically registers DHCP client's hostname in DNS
dns_220 Verify DHCP server updates DHCP client's hostname when it changes
dns_230 Verify DHCP server supports FQDN hostname values
dns_240 Verify DNS proxy removes old DHCP hostname values when hostname changes
dns_250 Verify DHCP server handles DHCP hostname option with maximum size DNS subdomain length
dns_300 Verify DNS proxy honors TTL values when caching responses
dns_301 Verify maximum number of cached DNS responses
dns_400 Verify parallel DNS queries
dns_410 Verify DNS does not deploy NXDOMAIN hijacking for type A records
dns_411 Verify DNS does not deploy NXDOMAIN hijacking for type AAAA records
dns_420 Verify DNS proxy handles use of bit 0x20 in DNS labels
dns_500 Verify DNS proxy enforces DNS strict privacy usage profile

dns-https.tcl

DNS over HTTPS proxy and DNS failover related tests

Test Name Synopsis
dns_https_10 Verify DNS proxy does not cache DNS entry when DNS TTL is 0
dns_https_11 Verify DNS proxy returns TTL of 0 when returned DNS TTL is 0
dns_https_40 Verify AAAA IPv6 DNS queries to router are forwarded to real DNS server
dns_https_41 Verify AAAA IPv6 DNS queries can return no address for IPv6 to IPv4 failover
dns_https_45 Verify DNS failover when non-zero error codes are received in non-authoritative DNS response
dns_https_46 Verify DNS failover when non-zero error codes are received in authoritative DNS response
dns_https_50 Verify Reverse PTR DNS queries to router are forwarded to real DNS server
dns_https_51 Verify Reverse AAAA IPv6 DNS queries to router are forwarded to real DNS server
dns_https_60 Verify DNS proxy fails over when new primary DNS server is learned
dns_https_70 Verify DNS lookups with multiple IPv4 responses
dns_https_100 Verify DNS proxy recovers after DNS server outage
dns_https_110 Verify DNS queries including the EDNS0 option
dns_https_120 Verify large DNS responses using EDNS0 option
dns_https_121 Verify maximum UDP payload value in EDNS0 option
dns_https_130 Verify DNS queries for TXT records
dns_https_132 Verify DNS queries for CNAME records
dns_https_133 Verify DNS queries for responses returning both CNAME and A records
dns_https_134 Verify DNS queries for responses returning both CNAME and AAAA records
dns_https_140 Verify DNS queries for SPF records
dns_https_141 Verify DNS queries for SRV records
dns_https_150 Verify DNS proxy behavior for DNS server status requests
dns_https_200 Verify DNS proxy does not mangle DNSSEC queries
dns_https_201 Verify DNS proxy does not mangle large DNSSEC responses
dns_https_210 Verify DHCP server automatically registers DHCP client's hostname in DNS
dns_https_220 Verify DHCP server updates DHCP client's hostname when it changes
dns_https_230 Verify DHCP server supports FQDN hostname values
dns_https_240 Verify DNS proxy removes old DHCP hostname values when hostname changes
dns_https_250 Verify DHCP server handles DHCP hostname option with maximum size DNS subdomain length
dns_https_300 Verify DNS proxy honors TTL values when caching responses
dns_https_301 Verify maximum number of cached DNS responses
dns_https_400 Verify parallel DNS queries
dns_https_410 Verify DNS does not deploy NXDOMAIN hijacking for type A records
dns_https_411 Verify DNS does not deploy NXDOMAIN hijacking for type AAAA records
dns_https_420 Verify DNS proxy handles use of bit 0x20 in DNS labels
dns_https_500 Verify DNS proxy enforces DNS strict privacy usage profile

dns-tcp.tcl

DNS over TCP proxy and DNS failover related tests

Test Name Synopsis
dns_tcp_10 Verify DNS proxy does not cache DNS entry when DNS TTL is 0
dns_tcp_11 Verify DNS proxy returns TTL of 0 when returned DNS TTL is 0
dns_tcp_40 Verify AAAA IPv6 DNS queries to router are forwarded to real DNS server
dns_tcp_41 Verify AAAA IPv6 DNS queries can return no address for IPv6 to IPv4 failover
dns_tcp_45 Verify DNS failover when non-zero error codes are received in non-authoritative DNS response
dns_tcp_46 Verify DNS failover when non-zero error codes are received in authoritative DNS response
dns_tcp_50 Verify Reverse PTR DNS queries to router are forwarded to real DNS server
dns_tcp_51 Verify Reverse AAAA IPv6 DNS queries to router are forwarded to real DNS server
dns_tcp_60 Verify DNS proxy fails over when new primary DNS server is learned
dns_tcp_70 Verify DNS lookups with multiple IPv4 responses
dns_tcp_100 Verify DNS proxy recovers after DNS server outage
dns_tcp_110 Verify DNS queries including the EDNS0 option
dns_tcp_120 Verify large DNS responses using EDNS0 option
dns_tcp_121 Verify maximum UDP payload value in EDNS0 option
dns_tcp_130 Verify DNS queries for TXT records
dns_tcp_132 Verify DNS queries for CNAME records
dns_tcp_133 Verify DNS queries for responses returning both CNAME and A records
dns_tcp_134 Verify DNS queries for responses returning both CNAME and AAAA records
dns_tcp_140 Verify DNS queries for SPF records
dns_tcp_141 Verify DNS queries for SRV records
dns_tcp_150 Verify DNS proxy behavior for DNS server status requests
dns_tcp_200 Verify DNS proxy does not mangle DNSSEC queries
dns_tcp_201 Verify DNS proxy does not mangle large DNSSEC responses
dns_tcp_210 Verify DHCP server automatically registers DHCP client's hostname in DNS
dns_tcp_220 Verify DHCP server updates DHCP client's hostname when it changes
dns_tcp_230 Verify DHCP server supports FQDN hostname values
dns_tcp_240 Verify DNS proxy removes old DHCP hostname values when hostname changes
dns_tcp_250 Verify DHCP server handles DHCP hostname option with maximum size DNS subdomain length
dns_tcp_300 Verify DNS proxy honors TTL values when caching responses
dns_tcp_301 Verify maximum number of cached DNS responses
dns_tcp_400 Verify parallel DNS queries
dns_tcp_410 Verify DNS does not deploy NXDOMAIN hijacking for type A records
dns_tcp_411 Verify DNS does not deploy NXDOMAIN hijacking for type AAAA records
dns_tcp_420 Verify DNS proxy handles use of bit 0x20 in DNS labels
dns_tcp_500 Verify DNS proxy enforces DNS strict privacy usage profile

dns-tls.tcl

DNS over TLS proxy and DNS failover related tests

Test Name Synopsis
dns_tls_10 Verify DNS proxy does not cache DNS entry when DNS TTL is 0
dns_tls_11 Verify DNS proxy returns TTL of 0 when returned DNS TTL is 0
dns_tls_40 Verify AAAA IPv6 DNS queries to router are forwarded to real DNS server
dns_tls_41 Verify AAAA IPv6 DNS queries can return no address for IPv6 to IPv4 failover
dns_tls_45 Verify DNS failover when non-zero error codes are received in non-authoritative DNS response
dns_tls_46 Verify DNS failover when non-zero error codes are received in authoritative DNS response
dns_tls_50 Verify Reverse PTR DNS queries to router are forwarded to real DNS server
dns_tls_51 Verify Reverse AAAA IPv6 DNS queries to router are forwarded to real DNS server
dns_tls_60 Verify DNS proxy fails over when new primary DNS server is learned
dns_tls_70 Verify DNS lookups with multiple IPv4 responses
dns_tls_100 Verify DNS proxy recovers after DNS server outage
dns_tls_110 Verify DNS queries including the EDNS0 option
dns_tls_120 Verify large DNS responses using EDNS0 option
dns_tls_121 Verify maximum UDP payload value in EDNS0 option
dns_tls_130 Verify DNS queries for TXT records
dns_tls_132 Verify DNS queries for CNAME records
dns_tls_133 Verify DNS queries for responses returning both CNAME and A records
dns_tls_134 Verify DNS queries for responses returning both CNAME and AAAA records
dns_tls_140 Verify DNS queries for SPF records
dns_tls_141 Verify DNS queries for SRV records
dns_tls_150 Verify DNS proxy behavior for DNS server status requests
dns_tls_200 Verify DNS proxy does not mangle DNSSEC queries
dns_tls_201 Verify DNS proxy does not mangle large DNSSEC responses
dns_tls_210 Verify DHCP server automatically registers DHCP client's hostname in DNS
dns_tls_220 Verify DHCP server updates DHCP client's hostname when it changes
dns_tls_230 Verify DHCP server supports FQDN hostname values
dns_tls_240 Verify DNS proxy removes old DHCP hostname values when hostname changes
dns_tls_250 Verify DHCP server handles DHCP hostname option with maximum size DNS subdomain length
dns_tls_300 Verify DNS proxy honors TTL values when caching responses
dns_tls_301 Verify maximum number of cached DNS responses
dns_tls_400 Verify parallel DNS queries
dns_tls_410 Verify DNS does not deploy NXDOMAIN hijacking for type A records
dns_tls_411 Verify DNS does not deploy NXDOMAIN hijacking for type AAAA records
dns_tls_420 Verify DNS proxy handles use of bit 0x20 in DNS labels
dns_tls_500 Verify DNS proxy enforces DNS strict privacy usage profile

mdns.tcl

mDNS related test cases

Test Name Synopsis
mdns_10 Verify DUT responds to one-shot mDNS query of its hostname
mdns_11 Verify DUT responds to one-shot mDNS reverse query of its LAN IP
mdns_12 Verify DUT returns DNS-Service Discovery records for its web server using one-shot mDNS
mdns_13 Verify DUT does not forward LAN one-shot mDNS query onto the WAN
mdns_14 Verify DUT returns additional TXT and SRV records for its web server using one-shot mDNS
mdns_20 Verify DUT responds to mDNS query of its hostname
mdns_21 Verify DUT responds to mDNS reverse query of its LAN IP
mdns_22 Verify DUT returns DNS-Service Discovery records for its web server
mdns_23 Verify DUT does not forward LAN mDNS query onto the WAN
mdns_24 Verify DUT returns TXT and SRV records for its web server

dns-rfc5625.tcl

IETF RFC 5625 DNS Proxy Implementation Guidelines

Test Name Synopsis
dns_rfc5625_10 A DNS proxy must forward unknown DNS flags and data
dns_rfc5625_11 A DNS proxy must forward DNS packets regardless of compressed labels
dns_rfc5625_12 A DNS proxy must forward DNS packets regardless of qtype and qclass fields
dns_rfc5625_13 A DNS proxy must always preserve the TC bit
dns_rfc5625_14 A DNS proxy must be able to forward DNS over TCP
dns_rfc5625_15 A DNS proxy should not convert a TCP lookup into a UDP lookup
dns_rfc5625_17 A DNS proxy should be able to forward EDNS0 UDP packets at least 4096 bytes in size
dns_rfc5625_19 A LAN Client should be able to send a DNS query directly to upstream server
dns_rfc5625_22 A DNS query ID from a DNS proxy should not increase monotonically
dns_rfc5625_23 A DNS proxy should not accept connections on the WAN port

static.tcl

IP static route related tests

Test Name Synopsis
static_1 Verify all LAN static routes with LAN side traffic only
static_2 Verify all LAN static routes with LAN to WAN traffic
static_10 Verify all WAN static routes
static_20 Verify all WAN static routes after WAN ISP address change

dos.tcl

Common denial of service attacks against routers

Test Name Synopsis
cdrouter_dos_1 Send 'ping of death' ICMP request to LAN side of the router
cdrouter_dos_2 Send 'ping of death' ICMP request to WAN side of the router
cdrouter_dos_10 Launch LAND attack against router's management port on the LAN
cdrouter_dos_20 Verify that the DUT is not a Smurf reflector (ICMP attack)
cdrouter_dos_21 Verify that the DUT is not a Fraggle reflector (UDP attack)
cdrouter_dos_30 SYN floods an open port on the DUT from spoofed LAN clients
cdrouter_dos_31 SYN floods an open port on the WAN from spoofed Internet addresses
cdrouter_dos_32 ARP floods the DUT's LAN interface
cdrouter_dos_33 Christmas Tree floods the service ports on the WAN from spoofed Internet addresses
cdrouter_dos_34 Floods the WAN interface with anomalous TCP packets

xbox.tcl

Xbox LIVE compatibility tests to simulate Xbox LIVE console tests

Test Name Synopsis
xbox_1 IP Address Test: Verify DHCP IPv4 address or static IPv4 address
xbox_2 DNS Test: Verify DNS lookups from LAN client
xbox_3 MTU Test: Verify IPv4 MTU of 1364 for Xbox LIVE
xbox_4 ICMP Test: Verify ICMP Destination Unreachable message from WAN does not destroy NAT mapping
xbox_5 NAT Test: Verify Xbox NAT classification of Open, Moderate, or Strict
xbox_6 UPnP Test: Verify UDP wildcard port mapping can be created

sctp.tcl

SCTP related test cases

Test Name Synopsis
sctp_1 Verify SCTP association initiation and termination
sctp_2 Verify SCTP association with bidirectional data transfer
sctp_3 Verify two simultaneous SCTP associations to same WAN server
sctp_4 Verify two simultaneous SCTP associations with same source port to same WAN server

lldp.tcl

LLDP tests

Test Name Synopsis
lldp_1 Verify LLDP message transmission interval
lldp_2 Verify LLDP new neighbor detection
lldp_3 Verify Chassis TLV in DUT's LLDP message
lldp_4 Verify System Name TLV in DUT's LLDP message

rfc5508.tcl

IETF RFC 5508 NAT behavioral requirements for ICMP

Test Name Synopsis
rfc5508_req_1 Section 3.1: ICMP Query Mapping, REQ-1
rfc5508_req_2 Section 3.2: ICMP Query Session Timeouts, REQ-2
rfc5508_req_3 Section 4.1: ICMP Error Payload Validation, REQ-3
rfc5508_req_3a Section 4.1: ICMP Error Payload Validation, REQ-3, Part A
rfc5508_req_4 Section 4.1: ICMP Error Packet Received from the External Realm, REQ-4
rfc5508_req_5 Section 4.2.2: ICMP Error Packet Received from the Private Realm, REQ-5
rfc5508_req_6 Section 4.3: NAT Sessions Pertaining to ICMP Error Payload, REQ-6
rfc5508_req_7 Section 5: Hairpinning Support for ICMP Packets, REQ-7

rfc4787.tcl

RFC 4787 NAT behavioral requirements for unicast UDP

Test Name Synopsis
rfc4787_req_1 Section 4.1: Address and Port Mapping, REQ-1 Mapping Behavior
rfc4787_req_2 Section 4.1: Address and Port Mapping, REQ-2 Address Pooling Behavior
rfc4787_req_3 Section 4.2.1: Port Assignment Behavior, REQ-3
rfc4787_req_4 Section 4.2.2: Port Parity, REQ-4
rfc4787_req_5 Section 4.3: Mapping Refresh, REQ-5 Expiration Window
rfc4787_req_6 Section 4.3: Mapping Refresh, REQ-6 Refresh Behavior
rfc4787_req_8 Section 5: Filtering Behavior, REQ-8
rfc4787_req_9 Section 6: Hairpinning Behavior, REQ-9
rfc4787_req_11 Section 8: Deterministic Properties, REQ-11
rfc4787_req_12 Section 9: ICMP Destination Unreachable Behavior, REQ-12
rfc4787_req_13 Section 10: Fragmentation of Outgoing Packets, REQ-13
rfc4787_req_14 Section 11: Receiving Fragmented Packets, REQ-14

http.tcl

HTTP related test cases

Test Name Synopsis
cdrouter_http_100 Verify HTTP/1.0 GET connections
cdrouter_http_101 Verify HTTP/1.0 POST connections
cdrouter_http_102 Verify HTTP/1.0 HEAD connections
cdrouter_http_103 Verify HTTP/1.0 GET connections with large number of headers
cdrouter_http_200 Verify HTTP/1.1 GET connections
cdrouter_http_201 Verify HTTP/1.1 POST connections
cdrouter_http_202 Verify HTTP/1.1 HEAD connections
cdrouter_http_203 Verify HTTP/1.1 PUT connections
cdrouter_http_204 Verify HTTP/1.1 OPTIONS connections
cdrouter_http_205 Verify HTTP/1.1 DELETE connections
cdrouter_http_206 Verify HTTP/1.1 GET connections with large number of headers
cdrouter_http_250 Verify HTTP/1.1 GET connections with chunked encoding
cdrouter_http_260 Verify HTTP/1.1 proxy idle timeout
cdrouter_http_270 Verify HTTP/1.1 pipelining
cdrouter_http_280 Verify HTTP/1.1 streaming using chunked encoding
cdrouter_http_300 Verify HTTP/1.1 WebSocket Ping message
cdrouter_http_301 Verify HTTP/1.1 WebSocket Text message

https.tcl

HTTPS related test cases

Test Name Synopsis
cdrouter_https_100 Verify HTTPS/1.0 GET connections
cdrouter_https_101 Verify HTTPS/1.0 POST connections
cdrouter_https_102 Verify HTTPS/1.0 HEAD connections
cdrouter_https_103 Verify HTTPS/1.0 GET connections with large number of headers
cdrouter_https_200 Verify HTTPS/1.1 GET connections
cdrouter_https_201 Verify HTTPS/1.1 POST connections
cdrouter_https_202 Verify HTTPS/1.1 HEAD connections
cdrouter_https_203 Verify HTTPS/1.1 PUT connections
cdrouter_https_204 Verify HTTPS/1.1 OPTIONS connections
cdrouter_https_205 Verify HTTPS/1.1 DELETE connections
cdrouter_https_206 Verify HTTPS/1.1 GET connections with large number of headers
cdrouter_https_250 Verify HTTPS/1.1 GET connections with chunked encoding
cdrouter_https_300 Verify HTTPS/1.1 WebSocket Ping message
cdrouter_https_301 Verify HTTPS/1.1 WebSocket Text message

http2.tcl

HTTP/2 related test cases

Test Name Synopsis
cdrouter_http2_100 Verify HTTP/2 GET connections
cdrouter_http2_101 Verify HTTP/2 POST connections
cdrouter_http2_102 Verify HTTP/2 HEAD connections
cdrouter_http2_103 Verify HTTP/2 PUT connections
cdrouter_http2_104 Verify HTTP/2 OPTIONS connections
cdrouter_http2_105 Verify HTTP/2 DELETE connections
cdrouter_http2_106 Verify HTTP/2 GET connections with large number of headers

http2-tls.tcl

HTTP/2 over TLS related test cases

Test Name Synopsis
cdrouter_http2_tls_100 Verify HTTP/2 GET connections over TLS
cdrouter_http2_tls_101 Verify HTTP/2 POST connections over TLS
cdrouter_http2_tls_102 Verify HTTP/2 HEAD connections over TLS
cdrouter_http2_tls_103 Verify HTTP/2 PUT connections over TLS
cdrouter_http2_tls_104 Verify HTTP/2 OPTIONS connections over TLS
cdrouter_http2_tls_105 Verify HTTP/2 DELETE connections over TLS
cdrouter_http2_tls_106 Verify HTTP/2 GET connections over TLS with large number of headers

heartbleed.tcl

Heartbleed vulnerability tests for CVE-2014-0160

Test Name Synopsis
cdrouter_heartbleed_100 Verify DUT's LAN HTTPS server is protected against heartbleed exploit
cdrouter_heartbleed_200 Verify DUT's WAN HTTPS server is protected against heartbleed exploit
cdrouter_heartbleed_300 Verify DUT's TR-069 client is protected against heartbleed exploit

ssl.tcl

SSL related test cases

Test Name Synopsis
cdrouter_ssl_100 Verify DUT's LAN HTTPS server refuses connections with deprecated SSL protocols
cdrouter_ssl_200 Verify DUT's LAN HTTPS server refuses connections with deprecated SSL ciphers

gre.tcl

IPv4 over GRE related test cases

Test Name Synopsis
gre_1 Verify traffic sent to remote GRE host from LAN is forwarded over IPv4 GRE tunnel
gre_2 Verify traffic sent to LAN from remote GRE host is forwarded over IPv4 GRE tunnel
gre_3 Verify DUT's LAN IPv4 address is reachable over GRE tunnel
gre_4 Verify GRE header fields for IPv4 packet
gre_5 Verify DUT forwards GRE packets with valid GRE checksums
gre_6 Verify DUT drops GRE packets with bad GRE checksums
gre_30 Verify DUT fragments large outbound packets sent over GRE tunnel
gre_31 Verify DUT sends ICMPv4 Destination Unreachables if a GRE packet needs fragmentation and DF=1
gre_32 Verify DUT reassembles and forwards fragmented IPv4 UDP packets from the LAN over GRE tunnel
gre_34 Verify DUT reassembles and forwards fragmented IPv4 UDP packets from the WAN over GRE tunnel
gre_35 Verify DUT reassembles and forwards fragmented IPv4 UDP packets from the WAN over GRE tunnel that also require fragmentation on the LAN
gre_36 Verify DUT properly reassembles and forwards out of order IPv4 fragments
gre_50 Verify DUT sets the DF flag in the GRE delivery header
gre_60 Verify DUT drops invalid GRE packets
gre_80 Verify DUT supports PMTU discovery for packets sent over GRE tunnel
gre_100 Verify that all configured IPv4 over GRE tunnels are capable of forwarding traffic

wifi.tcl

WiFi client association and verification tests

Test Name Synopsis
wifi_1 Graceful wireless LAN client restart
wifi_2 Restart wireless LAN client without releasing address
wifi_3 Restart wireless LAN client without releasing or obtaining a new address
wifi_10 Verify connectivity using all wifi modes advertised by the DUT
wifi_11 Verify DUT prevents use of TKIP cipher when using HT/VHT/HE
wifi_20 Verify DUT's wifi beacons contain expected mode information
wifi_30 WiFi association stress test
wifi_40 WiFi SSID scan test
wifi_50 WiFi Band Steering test

arp.tcl

ARP functional test cases

Test Name Synopsis
arp_1 Verify DUT responds to broadcast ARP request on LAN interface
arp_2 Verify DUT responds to unicast ARP request on LAN interface
arp_3 Verify DUT responds to ARP Probes on the LAN interface
arp_10 Verify DUT updates ARP cache when ARP request is received
arp_11 Verify DUT updates ARP cache when ARP reply is received
arp_12 Verify DUT updates ARP cache when a gratuitous ARP request is received
arp_13 Verify DUT updates ARP cache when a gratuitous ARP reply is received
arp_20 Verify DUT does not respond to bad ARP Requests
arp_30 Verify DUT does not leak WAN side addresses on LAN via ARP
arp_31 Verify DUT does not leak LAN side addresses on WAN via ARP
arp_40 Verify DUT ARP mode behavior - open, restricted, strict
arp_50 Verify DUT ignores spoofed ARP reply for WAN gateway
arp_60 Verify DUT handles a large number of ARP requests with unique MAC addresses
arp_61 Verify DUT handles a large number of ARP replies with unique MAC addresses