Hi Bob/Jeff,
> On Mar 4, 2020, at 11:09 AM, Robert Moskowitz <[email protected]> wrote: > > > > On 3/4/20 10:53 AM, Jeff Ahrenholz wrote: >>> https://www.iana.org/assignments/icmpv6-parameters/icmpv6-parameters.xhtml#icmpv6-parameters-codes-5 >>> >>> And nothing there that looks right. >>> >>> So what is done in HIP BEX implementations? Both v1 and v2? >> For our HIPv1 implementation: >> IPv4 packets - we send ICMPv4-in-UDP with type 12 "parameter problem" code 0 >> "pointer indicates the error" and point to the first bytes of UDP payload. >> (https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml#icmp-parameters-codes-12) >> >> IPv6 packets - we send ICMPv6-in-UDP with type 4 "parameter problem" code 0 >> "erroneous header field encountered" and point to the first bytes of UDP >> payload. >> >> Normally this would be if the SPI is unknown (e.g. one side forcefully >> reboots while the other continues to send it ESP-in-UDP data.) The pointer >> includes the first 8 bytes of the UDP payload so that the SPI is included in >> the ICMP message. >> >> For IPv6 you could consider the "erroneous header field" to be the invalid >> SPI number, which is the bytes we point to. >> >> -Jeff >> > > Suresh, > > How would you recommend handling this? It seems the text in all docs (5201, > 7401, and DEX) might be: > > In most cases, the ICMP packet has the Parameter Problem type (12 for ICMPv4, > 4 with code=0 for ICMPv6), I am happy with the Code being set to 0 for ICMPv6 and the Pointer being set as Jeff proposed above. Regards Suresh _______________________________________________ Hipsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/hipsec
