> > https://www.iana.org/assignments/icmpv6-parameters/icmpv6-parameters.xhtml#icmpv6-parameters-codes-5 > > And nothing there that looks right. > > So what is done in HIP BEX implementations? Both v1 and v2?
For our HIPv1 implementation: IPv4 packets - we send ICMPv4-in-UDP with type 12 "parameter problem" code 0 "pointer indicates the error" and point to the first bytes of UDP payload. (https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml#icmp-parameters-codes-12) IPv6 packets - we send ICMPv6-in-UDP with type 4 "parameter problem" code 0 "erroneous header field encountered" and point to the first bytes of UDP payload. Normally this would be if the SPI is unknown (e.g. one side forcefully reboots while the other continues to send it ESP-in-UDP data.) The pointer includes the first 8 bytes of the UDP payload so that the SPI is included in the ICMP message. For IPv6 you could consider the "erroneous header field" to be the invalid SPI number, which is the bytes we point to. -Jeff _______________________________________________ Hipsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/hipsec
