headers
Arnaud Ebalard | 22 Oct 18:20
Favicon

[PATCH] MIPv6, PF_KEY: support for MIGRATE and KMADDRESS

Hi,

Two weeks ago, support for SADB_X_EXT_KMADDRESS extension [1] has been
added to net-next-2.6 [2]: the feature will be available in Linux 2.6.28
kernel. Support for SADB_X_MIGRATE [1] was already in the kernel thanks
to the efforts of USAGI people.

I wrote a set of patches for ipsec-tools providing support for PF_KEY
SADB_X_MIGRATE mesage and SADB_X_EXT_KMADDRESS extension, which I
maintain for quite some time now. Now that the kernel is fully compliant
with what is in [1], this makes it possible to post those ipsec-tools
patches for comments and inclusion. This is a prerequisite to another
last set of patches intended for UMIP (Mobile IPv6 userland daemon for
Linux).

Simply put, those PF_KEY extensions (MIRGATE and KMADDRESS) provide the
ability to use IPsec/IKE in a Mobile IPv6 context, by allowing dynamic
migration of IPsec SP/SA (kernel) and internal IKE daemon's structures
(mirrored SPD, ...) upon movement. This completely removes the need for
time and power consuming rekeying steps that would normally occur after
each handover. More details are available at [3].

The patches against today's CVS will be sent *in order* in following
emails (one patch per email). They have some (hopefully useful) comments
at the beginning. If you prefer accessing them as a quilt set, just
clone the mercurial repository at [4].

Timo, as you have a very good understanding of racoon's scheduler and
possible asynchronous sequences of event, I would be interested by some
thoughts on things that I may have missed in the patches w.r.t rekeying,
reception of a MIGRATE message during an establishment, ...

Comments welcome.

Cheers,

a+

[1]: http://tools.ietf.org/html/draft-ebalard-mext-pfkey-enhanced-migrate-00
[2]: http://article.gmane.org/gmane.linux.network/107711
[3]: http://natisbad.org/MIPv6/
[4]: http://hg.natisbad.org/migrate2_patches_ipsect-tools

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
Permalink | Reply |

Gmane