[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(usagi-users 04021) Re: [patch] mip6d daemon: set the (K) bit according to KeyMngMobCapability option



Hi,

Thank you for reply. Please find my comments inline.

This small patch for umip 0.4 aims to properly set the (K) bit in BU and BA messages according to the KeyMngMobCapability option. If a misconfiguration is detected, a message is generated. The information is saved in the bule (MN) or bce (HA) data, and can be used later to check if movement must be signaled to an IKE daemon.

AFAIK the RFC377[56] does not say anything about the K-bit change, it is not so problem for MN side, however, it is required clarify for HA side.

Since the behavior is not defined, it seems correct to me to accept the change on the HA. It adds more flexibility, IMHO.


With your patch HA accepts K-bit change for the existing BCE with
receiving every BU and it is too much as saying configuration mistake
detection.

You are right, it is not always a configuration mistake. But since there is no difference in behavior if we set the bit or not in the Linux implementation, and we always send the MIGRATE message which can be used to migrate the IKE session; then I think the (H) flag should always be set in this Linux implementation. This is the reason for the change. With a proper racoon or racoon2 daemon (with patchs to support MIPv6) then the IKE session survives.


Describe also why HA uses syslog when the K-bit change
detects while MN uses debug message.

It was mostly for consistency with the remaining of the file; please change this to what fits best in your opinion.


Best regards,
Sebastien.

--
Sebastien Decugis
http://www.nautilus6.org