(usagi-users 04021) Re: [patch] mip6d daemon: set the (K) bit according to KeyMngMobCapability option

[Sebastien Decugis <sdecugis@xxxxxxxxxxxxxxxx>]

Hi,

Thank you for reply. Please find my comments inline.

> > This small patch for umip 0.4 aims to properly set the (K) bit in BU and 
> > BA messages according to the KeyMngMobCapability option. If a 
> > misconfiguration is detected, a message is generated. The information is 
> > saved in the bule (MN) or bce (HA) data, and can be used later to check 
> > if movement must be signaled to an IKE daemon.
>
> AFAIK the RFC377[56] does not say anything about the K-bit change,
> it is not so problem for MN side, however, it is required clarify for HA side.

Since the behavior is not defined, it seems correct to me to accept the 
change on the HA. It adds more flexibility, IMHO.

> With your patch HA accepts K-bit change for the existing BCE with
> receiving every BU and it is too much as saying configuration mistake
> detection.

You are right, it is not always a configuration mistake. But since there 
is no difference in behavior if we set the bit or not in the Linux 
implementation, and we always send the MIGRATE message which can be used 
to migrate the IKE session; then I think the (H) flag should always be 
set in this Linux implementation. This is the reason for the change. 
With a proper racoon or racoon2 daemon (with patchs to support MIPv6) 
then the IKE session survives.

> Describe also why HA uses syslog when the K-bit change
> detects while MN uses debug message.

It was mostly for consistency with the remaining of the file; please 
change this to what fits best in your opinion.

Best regards,
Sebastien.

--
Sebastien Decugis
http://www.nautilus6.org