[MEXT] firewall docs review
RYUJI WAKIKAWA <ryuji.wakikawa@gmail.com> Mon, 18 February 2008 07:37 UTC
Return-Path: <mext-bounces@ietf.org>
X-Original-To: ietfarch-mip6-archive@core3.amsl.com
Delivered-To: ietfarch-mip6-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 121D13A6C8B; Sun, 17 Feb 2008 23:37:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.441
X-Spam-Level:
X-Spam-Status: No, score=-1.441 tagged_above=-999 required=5 tests=[AWL=-1.004, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G6MCdWUOEavF; Sun, 17 Feb 2008 23:37:57 -0800 (PST)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3A3703A6BD5; Sun, 17 Feb 2008 23:37:57 -0800 (PST)
X-Original-To: mext@core3.amsl.com
Delivered-To: mext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2E0723A6BD5 for <mext@core3.amsl.com>; Sun, 17 Feb 2008 23:37:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eTnLyoYNC33r for <mext@core3.amsl.com>; Sun, 17 Feb 2008 23:37:55 -0800 (PST)
Received: from rv-out-0910.google.com (rv-out-0910.google.com [209.85.198.190]) by core3.amsl.com (Postfix) with ESMTP id 127063A69AC for <mext@ietf.org>; Sun, 17 Feb 2008 23:37:54 -0800 (PST)
Received: by rv-out-0910.google.com with SMTP id l15so1094799rvb.49 for <mext@ietf.org>; Sun, 17 Feb 2008 23:37:52 -0800 (PST)
Received: by 10.141.198.9 with SMTP id a9mr336285rvq.219.1203320272782; Sun, 17 Feb 2008 23:37:52 -0800 (PST)
Received: from ?203.178.143.221? ( [203.178.143.221]) by mx.google.com with ESMTPS id b5sm10978762rva.20.2008.02.17.23.37.51 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 17 Feb 2008 23:37:52 -0800 (PST)
Message-Id: <7C5C82DC-66BA-4C6E-9195-4B773C8D3542@gmail.com>
From: RYUJI WAKIKAWA <ryuji.wakikawa@gmail.com>
To: mext@ietf.org
Mime-Version: 1.0 (Apple Message framework v915)
Date: Mon, 18 Feb 2008 16:37:49 +0900
X-Mailer: Apple Mail (2.915)
Subject: [MEXT] firewall docs review
X-BeenThere: mext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Mobile IPv6 EXTensions WG <mext.ietf.org>
List-Unsubscribe: <http://www.ietf.org/mailman/listinfo/mext>, <mailto:mext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/mext>
List-Post: <mailto:mext@ietf.org>
List-Help: <mailto:mext-request@ietf.org?subject=help>
List-Subscribe: <http://www.ietf.org/mailman/listinfo/mext>, <mailto:mext-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: mext-bounces@ietf.org
Errors-To: mext-bounces@ietf.org
Hi Suresh and authors,
I was asked to review draft-krishnan-mip6-firewall-admin-02 and
draft-krishnan-mip6-firewall-vendor-02.
- Can current filtering mechanism check the IP options field?!
If yes, the document should mention which IP options are appeared
for which packets.
An example is DST Opt for BU and RTHDR for BA.
Otherwise, the operator might just block all the packets having
RTHDR option regardless of BA.
For example, in section 3.1 of draft-admin ,
Destination Address: Address of HA
<-- adding Dest
option (HoA option)?
Next Header: 50 (ESP)
Mobility Header Type: 5 (BU)
- missing authentication option and DSMIP support?
DSMIP will introduce much complexity to firewall setup.
- RO is optional in the RFC3775. I am not sure you can treat
RO signaling as same as the BU/BA for firewall filters setup.
It might be good if you provide the minimum set of rules (BU/BA
only)
and the full set of rules (All MH signaling).
- why are these two separate documents?
regards,
ryuji
_______________________________________________
MEXT mailing list
MEXT@ietf.org
http://www.ietf.org/mailman/listinfo/mext
- [MEXT] firewall docs review RYUJI WAKIKAWA
- Re: [MEXT] firewall docs review QIU Ying
- Re: [MEXT] firewall docs review RYUJI WAKIKAWA
- Re: [MEXT] firewall docs review QIU Ying