[support] How to prevent routing header option from being used

Romain KUNTZ kuntz at lsiit.u-strasbg.fr
Mon Sep 29 18:25:41 JST 2008 

Hi Brian,

On 2008/09/27, at 6:18, Millar, Brian H. wrote:
> Is it possible to configure the NEMOv6 (with MCoA) to always use  
> reverse tunnels and never use the routing header on traffic from the  
> HA to the MR?
>
> The situation we have is that if traffic is originated from the MR,  
> its source IP is it's Home Address, the return packets from the HA  
> then, do not get put into the reverse tunnel.
>
> Instead, they get a packet with a routing header destined to the CoA  
> of the MR, with the MR's Home Address as the option. (I think I have  
> my terms correct)
>
Yes, when the MR/MN communicates with the HA, the specification allows  
the use of home address options / routing header type 2, instead of  
using the tunnel.

> Any ideas on how to prevent this from occuring?
>
> We've tried to figure out how to get all the IP packets from the MR  
> to not be source from its Home Address, and use it's local Mobile  
> network address, but don't know how to force source IP address in  
> the routes using the NEMO code.
>

At the moment there are no options to prevent this from occurring.  
You'll have to modify the code but it's quite easy to do. The HoA  
option and RHT2 are inserted via the XFRM framework. 2 XFRM rules are  
taking care of that, you just need to remove them. I did it for the  
MCoA implementation; to remove the HoA option just replace the  
following code in xfrm.c/xfrm_post_ba_mod_bule():

-   create_dstopt_tmpl(&tmpls[0], &bule->peer_addr, &bule->hoa);
-   ret = xfrm_mip_policy_add(&sel, 1, XFRM_POLICY_OUT,
-                  XFRM_POLICY_ALLOW, prio, tmpls, 1);
+   ret = xfrm_mip_policy_add(&sel, 1, XFRM_POLICY_OUT,
+                      XFRM_POLICY_ALLOW, prio,
+                      NULL, 0);

You may also need to do the same for the RHT2 option, but it seems I  
did not do it for MCoA (I don't remember the reason). I think you'll  
have to modify xfrm.c/_xfrm_add_bce() as follow (not 100% sure for  
this one though):

-    create_rh_tmpl(&tmpl);
-    set_selector(peer_addr, our_addr, 0, 0, 0, 0, &sel);
-    if (xfrm_mip_policy_add(&sel, replace, XFRM_POLICY_OUT,  
XFRM_POLICY_ALLOW,
-                MIP6_PRIO_RO_BCE_DATA, &tmpl, 1))
-        return -1;
+    set_selector(peer_addr, our_addr, 0, 0, 0, 0, &sel);
+    if (xfrm_mip_policy_add(&sel, replace, XFRM_POLICY_OUT,  
XFRM_POLICY_ALLOW,
+                MIP6_PRIO_RO_BCE_DATA, NULL, 0))
+        return -1;


This should remove all HoA and RHT2 options for all data packets. You  
may change a bit the selector in order to match only packets destined  
to/originated from the HA.

Regards,

-- 
Romain KUNTZ
kuntz at lsiit.u-strasbg.fr
LSIIT - Networks and Protocols Team
http://clarinet.u-strasbg.fr/~kuntz/

More information about the Support mailing list