Folks,
after sending the first version of BEET patch and having received a
valuable feedback and after the discussion based upon the BEET design,
we now send the new BEET patch which allows for BEET to work without the
inter-family transform (i.e. inner address family different than outer
address family).
The implementation of such a patch is based on the draft you can find at
the following URL:
http://www.ietf.org/internet-drafts/draft-nikander-esp-beet-mode-03.txt
The patch is attached to the email, but, in case it gives some problems
in applying it, you may also find it at the following URL:
http://infrahip.hiit.fi/beet/beet-patch-v2.0-2.6.12.2
As it was originally designed the BEET patch at the moment works for
only ESP protocol.
As Pekka Nikader mentioned in one reply [1]: "[...] defining BEET mode
for AH might be pretty tricky. [...] it probably would require some
careful thinking to define the exact semantics, like what addresses
(inner or outer) are covered by the AH integrity protection, what does
the integrity protection really assert, etc. ".
As previously written, the inter-family transform has been left out at
the moment since the xfrm architecture doesn't support it. As a result,
as soon as the xfrm architecture will be enhanced, the inter-family case
will be properly included as, for example, it can be useful for
supporting HIP over IPv4 network. But, as already mentioned, this would
require more work in properly designing the xfrm architecture (thing
which we consider necessary in order to make xfrm as generic as
possible).
On the behalf of the BEET development team,
Signed-off-by: Diego Beltrami <diego.beltrami@xxxxxxx>
Reference:
[1] http://marc.theaimsgroup.com/?l=linux-netdev&m=112265207304302&w=2
beet-patch-v2.0-2.6.12.2
Description: Text document
|