On 3/4/20 10:53 AM, Jeff Ahrenholz wrote:
https://www.iana.org/assignments/icmpv6-parameters/icmpv6-parameters.xhtml#icmpv6-parameters-codes-5
And nothing there that looks right.
So what is done in HIP BEX implementations? Both v1 and v2?
For our HIPv1 implementation:
IPv4 packets - we send ICMPv4-in-UDP with type 12 "parameter problem" code 0
"pointer indicates the error" and point to the first bytes of UDP payload.
(https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml#icmp-parameters-codes-12)
IPv6 packets - we send ICMPv6-in-UDP with type 4 "parameter problem" code 0
"erroneous header field encountered" and point to the first bytes of UDP payload.
Normally this would be if the SPI is unknown (e.g. one side forcefully reboots
while the other continues to send it ESP-in-UDP data.) The pointer includes the
first 8 bytes of the UDP payload so that the SPI is included in the ICMP
message.
For IPv6 you could consider the "erroneous header field" to be the invalid SPI
number, which is the bytes we point to.
-Jeff
Suresh,
How would you recommend handling this? It seems the text in all docs
(5201, 7401, and DEX) might be:
In most cases, the ICMP packet has the Parameter Problem type (12 for
ICMPv4, 4 with code=0 for ICMPv6),
Please advise.
_______________________________________________
Hipsec mailing list
Hipsec@ietf.org
https://www.ietf.org/mailman/listinfo/hipsec
