client-side mobility in natted environments
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
HIPL |
New
|
Undecided
|
Unassigned |
Bug Description
I have fixed some problems occurring in a situation where MN is behind a NAT
box and I am switching between LAN and WLAN manually with a cable. The problem
was that the MN's IP address changes which also changes the NATted port. This
port number is visible to the CN (which is located in a public network), so the
change affected only the CN side. The bug fix is in here:
http://<email address hidden>
Notice that the patch includes one workaround which you should fix in order to
close this bug:
/* @todo: a workaround for bug id 944 */
One problem with the workaround is that there may be multiple echo request and
responses flying around with different port numbers. A second problem is that
this might be prone to replay attacks.
The solution to the workaround is to avoid changing the port number of the host
association until the last minute. So, port pair should be passed around in the
update handler functions and fixed to the HA only when creating the new SA
pair.
I'll merge the change to the update branch asap.
What's the status of this bug? Is this still valid?