[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Per packet information extension?
In your previous mail you wrote:
rfc2401bis and IKEv2 mention that the addresses and ports of the
triggering packet are passed in local and remote selectors as first
elements.
I find this somewhat inconvenient, and would prefer to pass this part
more compactly in a separate extension, containing:
- src address
- dst address
- src port
- dst port
=> + protocol
This is more compact than using TS, because in TS we end up using
ranges, and it would take double space.
=> I don't understand your concern: do you like to modify IKEv2
because a TS pair is too large or do you address an issue in
PF_KEY?
BTW for MIPv6 support I proposed to add similar infos to ACQUIRE
messages, there are three solutions:
- put the whole triggering packet
- put enough of it (my proposal)
- put a summary of it (i.e., extract the infos in the kernel).
The extension (SADB_X_EXT_PACKET) should be in the next version
of draft-sugimoto-mip6-pfkey-migrate-xx.txt. The idea is simple:
the IKE daemon gets the triggering packet, recognizes a home
registration binding update and launches the phase one with
the right address (the care-of address) when stupid application
of the SPD gives the wrong one (the home address, usable only
after the home registration).
Regards
Francis.Dupont@xxxxxxxxxxxxxxxx