rpms/mipv6-daemon/devel mipv6-daemon-nemo.patch, NONE, 1.1 mipv6-daemon.spec, 1.1, 1.2
Thomas Graf
tgraf at fedoraproject.org
Wed Mar 24 11:05:31 UTC 2010
Author: tgraf
Update of /cvs/pkgs/rpms/mipv6-daemon/devel
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv6283
Modified Files:
mipv6-daemon.spec
Added Files:
mipv6-daemon-nemo.patch
Log Message:
Update to 0.4-2: Inclusion of NEPL patch (NEMO support)
mipv6-daemon-nemo.patch:
AUTHORS | 12
BUGS | 8
COPYING.NEMO | 13
INSTALL | 2
README | 3
README.NEMO | 18
extras/example-nemo-ha.conf | 86 +++
extras/example-nemo-mn.conf | 51 ++
include/netinet/icmp6.h | 28 +
licenses/cisco-ipr-draft-ietf-nemo-basic-support-03.txt | 41 +
licenses/nokia-ipr-draft-ietf-nemo-basic-support.txt | 26 +
man/mip6d.conf.tmpl | 99 +++-
man/mip6d.tmpl | 8
src/bcache.c | 35 +
src/bcache.h | 9
src/bul.c | 13
src/cn.c | 16
src/conf.c | 7
src/conf.h | 4
src/dhaad_ha.c | 27 -
src/dhaad_ha.h | 4
src/dhaad_mn.c | 22
src/gram.y | 99 +++-
src/ha.c | 207 ++++++++
src/ha.h | 1
src/ipsec.c | 375 +++++++++++++++-
src/ipsec.h | 21
src/mh.c | 47 ++
src/mh.h | 7
src/mn.c | 159 ++++++
src/mn.h | 11
src/movement.c | 30 +
src/ndisc.c | 6
src/policy.c | 63 ++
src/policy.h | 9
src/proc_sys.h | 1
src/rtnl.h | 1
src/scan.l | 5
src/vt.c | 11
src/xfrm.c | 169 +++++++
src/xfrm.h | 7
41 files changed, 1664 insertions(+), 97 deletions(-)
--- NEW FILE mipv6-daemon-nemo.patch ---
diff -Nur mipv6-daemon-umip-0.4-orig/AUTHORS mipv6-daemon-umip-0.4-nepl/AUTHORS
--- mipv6-daemon-umip-0.4-orig/AUTHORS 2007-09-13 11:42:42.000000000 +0200
+++ mipv6-daemon-umip-0.4-nepl/AUTHORS 2009-06-24 11:13:41.000000000 +0200
@@ -5,3 +5,15 @@
Petander. Code has been contributed by several individuals. See
THANKS for listing. See libnetlink/README for information regarding
libnetlink.
+
+The NEMO Basic support code is developed by Ville Nuorvala
+<vnuorval at tcs.hut.fi> in co-operation with the Nautilus6/WIDE
+project (http://www.nautilus6.org).
+
+The NEMO Basic Support code has been ported to UMIP by Romain KUNTZ
+<kuntz at lsiit.u-strasbg.fr> and received contributions from the
+following people:
+- Sebastien DECUGIS (Nautilus6): IPsec support for NEMO
+- Arnaud EBALARD (EADS): fixes for Big Endian architectures,
+ improvements of the NEMO debug messages, improvements in the
+ IPsec support code for NEMO.
diff -Nur mipv6-daemon-umip-0.4-orig/BUGS mipv6-daemon-umip-0.4-nepl/BUGS
--- mipv6-daemon-umip-0.4-orig/BUGS 2007-09-13 11:42:42.000000000 +0200
+++ mipv6-daemon-umip-0.4-nepl/BUGS 2009-06-24 11:13:41.000000000 +0200
@@ -17,3 +17,11 @@
* Multihoming support hasn't been very thoroughly tested and should
therefore be considered developmental code. However, it is a lot
more stable than in the Release Candidates.
+
+NEMO issues
+-----------
+
+* The Mobile Router's home address may only be on the egress interface.
+
+* Dynamic routing protocols between the Home Agent and Mobile Router
+ are not yet supported.
diff -Nur mipv6-daemon-umip-0.4-orig/COPYING.NEMO mipv6-daemon-umip-0.4-nepl/COPYING.NEMO
--- mipv6-daemon-umip-0.4-orig/COPYING.NEMO 1970-01-01 01:00:00.000000000 +0100
+++ mipv6-daemon-umip-0.4-nepl/COPYING.NEMO 2009-06-24 11:13:41.000000000 +0200
@@ -0,0 +1,13 @@
+Cisco and Nokia have both published IPR notices regarding RFC 3963
+"Network Mobility (NEMO) Basic Support Protocol."
+
+Cisco has agreed not to assert its patents against any party agreeing with the
+terms in its IPR notice.
+
+Likewise, Nokia has agreed not to assert its patents against Open Source
+implementations of the specification.
+
+For further information, please read
+licenses/cisco-ipr-draft-ietf-nemo-basic-support-03.txt and
+licenses/nokia-ipr-draft-ietf-nemo-basic-support.txt.
+
diff -Nur mipv6-daemon-umip-0.4-orig/extras/example-nemo-ha.conf mipv6-daemon-umip-0.4-nepl/extras/example-nemo-ha.conf
--- mipv6-daemon-umip-0.4-orig/extras/example-nemo-ha.conf 1970-01-01 01:00:00.000000000 +0100
+++ mipv6-daemon-umip-0.4-nepl/extras/example-nemo-ha.conf 2009-06-24 11:13:41.000000000 +0200
@@ -0,0 +1,86 @@
+# This is an example of NEMO-enabled Home Agent configuration file
+
+NodeConfig HA;
+
+## If set to > 0, will not detach from tty
+DebugLevel 10;
+
+## List of interfaces where we serve as Home Agent
+Interface "eth0";
+#Interface "eth1";
+
+HaAcceptMobRtr enabled;
+
+HaServedPrefix 3ffe:2620:6::/48;
+
+DefaultBindingAclPolicy deny;
+
+BindingAclPolicy 3ffe:2620:6:1::1234 (3ffe:2620:6:2::/64, 3ffe:2620:6:3::/64) allow;
+BindingAclPolicy 3ffe:2620:6:1::1235 allow;
+
+
+##
+## IPsec configuration
+##
+
+UseMnHaIPsec enabled;
+
+## Key Management Mobility Capability
+#KeyMngMobCapability disabled;
+
+IPsecPolicySet {
+ HomeAgentAddress 3ffe:2620:6:1::1;
+
+ HomeAddress 3ffe:2620:6:1::1234/64;
+ HomeAddress 3ffe:2620:6:1::1235/64;
+
+ IPsecPolicy Mh UseESP;
+ IPsecPolicy TunnelMh UseESP;
+
+# IPsecPolicy Mh UseESP 1 2;
+# IPsecPolicy ICMP UseESP 5;
+# IPsecPolicy TunnelMh UseESP 3 4;
+}
+
+##
+## It is possible to specify multiple IPsecPolicySet in order to configure
+## different value for such address.
+#IPsecPolicySet {
+#
+## One HA is for one IPsecPolicySet.
+# HomeAgentAddress 3ffe:2620:6:1::1;
+#
+## It is possible to specify multiple home addresses when they use
+## the same configuration.
+# HomeAddress 3ffe:2620:6:1::1236/64;
+# HomeAddress 3ffe:2620:6:1::1237/64;
+#
+## IPsec protocol syntax: IPsecPolicy TYPE IPSEC_PROTO [ REQID_SET ] [ ACTION ]
+## TYPE (for transport) := Mh | HomeRegBinding | ICMP | MobPfxDisc | any
+## TYPE (for tunnel) := TunnelMh | TunnelHomeTesting | TunnelPayload
+## IPSEC_PROTO := UseESP (UseAH and UseIPCOMP aren't currently supported)
+## REQID_SET := REQID(both-dir) | REQID(to-HA-dir) REQID(to-MN-dir)
+##
+## REQID is a number. "to-HA-dir" is for packet from MN to HA e.g.
+## BU, MPS, or HoTI (it depends on TYPE).
+## REQID should be used when more than one configuration for transport
+## and tunnel respectively. The default value is zero.
+#
+## Transport MH protection
+# IPsecPolicy Mh UseESP 1 2;
+# ## To protect only BU/BA exactly in MH, use below instead.
+# #IPsecPolicy HomeRegBinding UseESP 1 2;
+#
+## Transport ICMP protection
+# IPsecPolicy ICMP UseESP 5 6;
+# ## To protect only MPD exactly in ICMP, use below instead.
+# #IPsecPolicy MobPfxDisc UseESP 5 6;
+#
+## Tunnel HoTI/HoT protection
+# IPsecPolicy TunnelMh UseESP 3 4;
+# ## To protect only HoTI/HoT exactly in MH, use below instead.
+# #IPsecPolicy TunnelHomeTesting UseESP 3 4;
+#
+## Tunnel payload protection
+# #IPsecPolicy TunnelPayload UseESP 7 8;
+#}
diff -Nur mipv6-daemon-umip-0.4-orig/extras/example-nemo-mn.conf mipv6-daemon-umip-0.4-nepl/extras/example-nemo-mn.conf
--- mipv6-daemon-umip-0.4-orig/extras/example-nemo-mn.conf 1970-01-01 01:00:00.000000000 +0100
+++ mipv6-daemon-umip-0.4-nepl/extras/example-nemo-mn.conf 2009-06-24 11:13:41.000000000 +0200
@@ -0,0 +1,51 @@
+# This is an example of NEMO Mobile Router configuration file
+
+NodeConfig MN;
+
+## If set to > 0, will not detach from tty
+DebugLevel 10;
+
+## Support route optimization with other MNs
+DoRouteOptimizationCN enabled;
+
+## Use route optimization with CNs
+DoRouteOptimizationMN enabled;
+
+UseCnBuAck disabled;
+
+MnDiscardHaParamProb enabled;
+
+Interface "eth0";
+
+#Interface "eth1" {
+# MnIfPreference 2;
+#}
+
+MnRouterProbes 1;
+
+MnHomeLink "eth0" {
+ IsMobRtr enabled;
+ HomeAgentAddress 3ffe:2620:6:1::1;
+ HomeAddress 3ffe:2620:6:1::1234/64 (3ffe:2620:6:2::/64, 3ffe:2620:6:3::/64);
+}
+
+##
+## IPsec configuration
+##
+
+UseMnHaIPsec enabled;
+
+## Key Management Mobility Capability
+KeyMngMobCapability disabled;
+
+IPsecPolicySet {
+ HomeAgentAddress 3ffe:2620:6:1::1;
+ HomeAddress 3ffe:2620:6:1::1234/64;
+
+ IPsecPolicy Mh UseESP;
+ IPsecPolicy TunnelMh UseESP;
+
+# IPsecPolicy Mh UseESP 1 2;
+# IPsecPolicy ICMP UseESP 5;
+# IPsecPolicy TunnelMh UseESP 3 4;
+}
diff -Nur mipv6-daemon-umip-0.4-orig/include/netinet/icmp6.h mipv6-daemon-umip-0.4-nepl/include/netinet/icmp6.h
--- mipv6-daemon-umip-0.4-orig/include/netinet/icmp6.h 2007-09-13 11:42:42.000000000 +0200
+++ mipv6-daemon-umip-0.4-nepl/include/netinet/icmp6.h 2009-06-24 11:13:41.000000000 +0200
[...2598 lines suppressed...]
+
+ /* If Mobile Router for this link, loop for each MNP */
+ if (hai->mob_rtr)
+ {
+ /* Add bypass policies to and from the MNP link */
+ list_for_each(mnps, &hai->mob_net_prefixes)
+ {
+ struct prefix_list_entry * mnp;
+ struct xfrm_selector sel;
+ uid_t uid = getuid();
+
+ mnp = list_entry(mnps, struct prefix_list_entry, list);
+
+ /* IN, src = MNP , dst = any */
+ mr_set_selector(mnp, NULL, uid, &sel);
+ err = xfrm_ipsec_policy_add(&sel, 0, XFRM_POLICY_IN,
+ XFRM_POLICY_ALLOW,
+ MIP6_PRIO_MR_LOCAL_DATA_BYPASS,
+ NULL, 0);
+
+ /* FWD, src = MNP , dst = any */
+ err = xfrm_ipsec_policy_add(&sel, 0, XFRM_POLICY_FWD,
+ XFRM_POLICY_ALLOW,
+ MIP6_PRIO_MR_LOCAL_DATA_BYPASS,
+ NULL, 0);
+
+ /* OUT, src = any , dst = MNP */
+ mr_set_selector(NULL, mnp, uid, &sel);
+ err = xfrm_ipsec_policy_add(&sel, 0, XFRM_POLICY_OUT,
+ XFRM_POLICY_ALLOW,
+ MIP6_PRIO_MR_LOCAL_DATA_BYPASS,
+ NULL, 0);
+ }
+ }
+ }
+
+ return err;
+}
+
static inline int mn_ha_ipsec_init(void)
{
int err;
@@ -686,6 +760,9 @@
/* insert bypass policy */
err = ipsec_policy_walk(_mn_ha_ipsec_bypass_init, NULL);
+ /* insert NEMO-related bypass */
+ err = mr_ipsec_bypass_init();
+
err = ipsec_policy_walk(_mn_ha_ipsec_init, NULL);
return err;
@@ -787,10 +864,54 @@
return err;
}
+static int mr_ipsec_bypass_cleanup(void)
+{
+ struct list_head *home;
+ struct list_head *mnps;
+ int err=0;
+
+ /* Loop for each HomeAddress info */
+ list_for_each(home, &conf.home_addrs)
+ {
+ struct home_addr_info *hai;
+ hai = list_entry(home, struct home_addr_info, list);
+
+ /* If Mobile Router for this link, loop for each MNP */
+ if (hai->mob_rtr)
+ {
+ /* Delete bypass policies to and from the MNP link */
+ list_for_each(mnps, &hai->mob_net_prefixes)
+ {
+ struct prefix_list_entry * mnp;
+ struct xfrm_selector sel;
+ uid_t uid = getuid();
+
+ mnp = list_entry(mnps, struct prefix_list_entry, list);
+
+ /* IN, src = MNP , dst = any */
+ mr_set_selector(mnp, NULL, uid, &sel);
+ err = xfrm_ipsec_policy_del(&sel, XFRM_POLICY_IN);
+
+ /* FWD, src = MNP , dst = any */
+ err = xfrm_ipsec_policy_del(&sel, XFRM_POLICY_FWD);
+
+ /* OUT, src = any , dst = MNP */
+ mr_set_selector(NULL, mnp, uid, &sel);
+ err = xfrm_ipsec_policy_del(&sel, XFRM_POLICY_OUT);
+ }
+ }
+ }
+
+ return err;
+}
+
+
static inline void mn_ha_ipsec_cleanup(void)
{
ipsec_policy_walk(_mn_ha_ipsec_bypass_cleanup, NULL);
+ (void)mr_ipsec_bypass_cleanup();
+
ipsec_policy_walk(_mn_ha_ipsec_cleanup, NULL);
}
@@ -1719,6 +1840,8 @@
if (hai->home_block & HOME_LINK_BLOCK)
xfrm_unblock_link(hai);
xfrm_block_link(hai);
+ if (hai->mob_rtr && !(hai->home_block & NEMO_FWD_BLOCK))
+ xfrm_block_fwd(hai);
}
if (IN6_ARE_ADDR_EQUAL(&bule->hoa, &bule->coa)) {
if (rdata)
@@ -1784,6 +1907,8 @@
struct home_addr_info *hai = bule->home;
if (hai->home_block & HOME_LINK_BLOCK)
xfrm_unblock_link(hai);
+ if (hai->home_block & NEMO_FWD_BLOCK)
+ xfrm_unblock_fwd(hai);
}
/* check if XFRM policies and states have already been cleaned up */
if (IN6_ARE_ADDR_EQUAL(&bule->hoa, &bule->coa))
@@ -2058,6 +2183,50 @@
hai->home_block &= ~HOME_ADDR_BLOCK;
}
+/* block all RA messages sent by MR */
+int xfrm_block_ra(struct home_addr_info *hai)
+{
+ int ret = 0;
+ struct xfrm_selector sel;
+ hai->home_block |= NEMO_RA_BLOCK;
+ set_selector(&in6addr_any, &in6addr_any, IPPROTO_ICMPV6,
+ ND_ROUTER_ADVERT, 0, 0, &sel);
+ if ((ret = xfrm_mip_policy_add(&sel, 0, XFRM_POLICY_OUT, XFRM_POLICY_BLOCK,
+ MIP6_PRIO_HOME_BLOCK, NULL, 0)))
+ return ret;
+ return ret;
+}
+
+void xfrm_unblock_ra(struct home_addr_info *hai)
+{
+ struct xfrm_selector sel;
+ set_selector(&in6addr_any, &in6addr_any, IPPROTO_ICMPV6,
+ ND_ROUTER_ADVERT, 0, 0, &sel);
+ xfrm_mip_policy_del(&sel, XFRM_POLICY_OUT);
+ hai->home_block &= ~NEMO_RA_BLOCK;
+}
+
+/* block all forwarded packets */
+int xfrm_block_fwd(struct home_addr_info *hai)
+{
+ int ret = 0;
+ struct xfrm_selector sel;
+ hai->home_block |= NEMO_FWD_BLOCK;
+ set_selector(&in6addr_any, &in6addr_any, 0, 0, 0, 0, &sel);
+ if ((ret = xfrm_mip_policy_add(&sel, 0, XFRM_POLICY_FWD, XFRM_POLICY_BLOCK,
+ MIP6_PRIO_HOME_BLOCK, NULL, 0)))
+ return ret;
+ return ret;
+}
+
+void xfrm_unblock_fwd(struct home_addr_info *hai)
+{
+ struct xfrm_selector sel;
+ set_selector(&in6addr_any, &in6addr_any, 0, 0, 0, 0, &sel);
+ xfrm_mip_policy_del(&sel, XFRM_POLICY_FWD);
+ hai->home_block &= ~NEMO_FWD_BLOCK;
+}
+
int mn_ipsec_recv_bu_tnl_pol_add(struct bulentry *bule, int ifindex,
struct ipsec_policy_entry *e)
{
diff -Nur mipv6-daemon-umip-0.4-orig/src/xfrm.h mipv6-daemon-umip-0.4-nepl/src/xfrm.h
--- mipv6-daemon-umip-0.4-orig/src/xfrm.h 2007-09-13 11:42:42.000000000 +0200
+++ mipv6-daemon-umip-0.4-nepl/src/xfrm.h 2009-06-24 11:13:41.000000000 +0200
@@ -15,6 +15,7 @@
#define MIP6_PRIO_RO_SIG_IPSEC 7 /* XXX: BU between MN-MN with IPsec */
#define MIP6_PRIO_RO_SIG 8 /* XXX: BU between MN-CN */
#define MIP6_PRIO_RO_SIG_ANY 9
+#define MIP6_PRIO_MR_LOCAL_DATA_BYPASS 9 /* Bypass rule for local traffic in mobile network */
#define MIP6_PRIO_RO_SIG_RR 10 /* XXX: MH(or HoTI/HoT) between MN-CN */
#define MIP6_PRIO_RO_BLOCK 11
#define MIP6_PRIO_NO_RO_SIG_ANY 12
@@ -87,6 +88,12 @@
int xfrm_block_hoa(struct home_addr_info *hai);
void xfrm_unblock_hoa(struct home_addr_info *hai);
+int xfrm_block_ra(struct home_addr_info *hai);
+void xfrm_unblock_ra(struct home_addr_info *hai);
+
+int xfrm_block_fwd(struct home_addr_info *hai);
+void xfrm_unblock_fwd(struct home_addr_info *hai);
+
int ha_mn_ipsec_pol_mod(struct in6_addr *haaddr,
struct in6_addr *hoa);
Index: mipv6-daemon.spec
===================================================================
RCS file: /cvs/pkgs/rpms/mipv6-daemon/devel/mipv6-daemon.spec,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- mipv6-daemon.spec 20 Aug 2009 08:26:47 -0000 1.1
+++ mipv6-daemon.spec 24 Mar 2010 11:05:30 -0000 1.2
@@ -1,6 +1,6 @@
Name: mipv6-daemon
Version: 0.4
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: Mobile IPv6 (MIPv6) Daemon
Group: System Environment/Daemons
@@ -11,6 +11,7 @@ Source1: mip6d.init
Source2: mip6d.sysconfig
Source3: mip6d.conf
Patch0: mipv6-daemon-header-fix.patch
+Patch1: mipv6-daemon-nemo.patch
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
BuildRequires: flex bison indent
@@ -23,6 +24,7 @@ reachable while moving around in the IPv
%prep
%setup -q -n mipv6-daemon-umip-%{version}
%patch0 -p1
+%patch1 -p1
%build
%configure
@@ -68,5 +70,7 @@ fi
%{_mandir}/man7/*
%changelog
+* Wed Mar 24 2010 Thomas Graf <tgraf at, redhat.com> 0.4-2
+- Inclusion of NEPL patch (NEMO support)
* Tue Aug 17 2009 Thomas Graf <tgraf at, redhat.com> 0.4-1
- initial package release
More information about the scm-commits
mailing list