[Mip6-firewall] New versions of firewall drafts

Niklas Steinleitner steinleitner at cs.uni-goettingen.de
Tue Nov 13 06:10:44 EST 2007 

Hi Suresh, all,
> Hi Folks,
>   I have managed to write up some new text for the vendor document and 
> removed some stuff from the admin document (the dynamic part). Can you 
> please go over the documents and let me know if you have any comments.
some comments to the vendor draft:

Section 3.2:
... type og signaling ... = type *of *signaling

Section 4:
- in the table you swap CoT and CoTI!
right would be:

+---------------------------------+---------------------------------+
|      Passing packet MH Type     |   Setup return filter with MH   |
|                                 |               Type              |
+---------------------------------+---------------------------------+
|   Mobility Header Type:1(HoTI)  |   Mobility Header Type:3(HoT)   |
|                                 |                                 |
|   Mobility Header Type:2(CoTI)  |   Mobility Header Type:4(CoT)   |
|                                 |                                 |
|    Mobility Header Type:5(BU)   |    Mobility Header Type:6(BA)   |
+---------------------------------+---------------------------------+

- There is a needless blank line within the second pinhole format ;-)

Section 5:
This section only specifies how to install a pinhole for the data 
traffic from the CN to the MN to pass through.
A second pinhole installed at the event of receiving a BU would also 
allow the data traffic from the MN to the CN to traverse the firewall.

My proposal:

...

Additionally, the firewall adds a second rule in order to let the data traffic from the MN to the CN pass through.

     Source Address: Source Address of the packet (MN CoA)
     Destination Address: Destination Address of packet (CN)
     Next Header: IPv6 Destination Options Header(60)
     Destination Address in Dest. Opts. Header: HoA

This pattern allows all route optimized traffic coming from the MN to the CN to pass through.


Regards,
Niklas
>
> If you want to be included in the author list of the vendor document, 
> please let me know.
>
> Thanks
> Suresh
> ------------------------------------------------------------------------
>
> _______________________________________________
> Mip6-firewall mailing list
> Mip6-firewall at zeke.ecotroph.net
> https://zeke.ecotroph.net/mailman/listinfo/mip6-firewall

-- 
Niklas Steinleitner          Tel: +49 551 3913583
Institute for Informatics    steinleitner at cs.uni-goettingen.de
University of Göttingen      http://www.tmg.informatik.uni-goettingen.de
Lotzestrasse 16-18
D-37083 Göttingen, Germany

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://zeke.ecotroph.net/pipermail/mip6-firewall/attachments/20071113/963744bf/attachment-0001.html

More information about the Mip6-firewall mailing list