Hi!
I'm having problems setting up IPF rules (version 4.1.3, NetBSD/i386 2.0) for Mobile IPv6. When my Mobile Node is sending Binding Update to its Home Agent I'm getting this on my logs:
Dec 29 13:48:07 fw ipmon[319]: 13:48:07.189320 wm5 @0:15 b 2001:xxxx:xxxx:xxxx:204:75ff:fed6:1743 -> 2001:xxxx:xxxx:xxxx::1 PR ipv6-opts len 40 (96) OUT
The packet looks like this (captured with ethereal). After IPv6 header there's one destination option followed by protocol 135.
Internet Protocol Version 6 Version: 6 Traffic class: 0x00 Flowlabel: 0x00000 Payload length: 56 Next header: IPv6 destination option (0x3c) Hop limit: 64 Source address: 2001:xxxx:xxxx:xxxx:204:75ff:fed6:1743 Destination address: 2001:xxxx:xxxx:xxxx::1 Destination Option Header Next header: Mobile IPv6 (0x87) Length: 2 (24 bytes) PadN: 4 bytes Option Type: 201 (0xc9) - Home Address Option Option Length : 16 Home Address : 2001:xxxx:xxxx:xxxx::40 Mobile IPv6 Payload protocol: IPv6 no next header (0x3b) Header length: 3 (32 bytes) Mobility Header Type: Binding Update (5) Reserved: 0x00 Checksum: 0x4f67 Binding Update Sequence number: 57751 1... .... = Acknowledge (A) flag .1.. .... = Home Registration (H) flag ..0. .... = Link-Local Compatibility (L) flag ...0 .... = Key Management Compatibility (K) flag Lifetime: 12582 (50328 seconds) Mobility Options PadN: 2 bytes Alternate care-of address: 2001:xxxx:xxxx:xxxx:204:75ff:fed6:1743
Now the questions:
- how do I allow destination option followed by protocol 135?
- is it possible to allow destination option with only specific option types (padding and 0xC9 in this case)?
Inspired by the logs I've tried this (with and without keep state) but without any luck:
pass out quick proto ipv6-opts from any to any
All ideas are welcome...
Martti
