rlm_wimax - add support for RRQ-HA-MN
Ben Wiechman
wiechman.lists at gmail.com
Thu Feb 4 03:26:29 CET 2010
After looking at this a bit more it should really be broken into two
patches.
Attached is a patch to remove the MN-FA key generation.
Handling of the RRQ-MN-HA keys was a bit incomplete. I missed a crucial
factor. The current WiMAX module generates the required keys at network
entry upon receiving requests from the ASN-GW. However the HA is the one
that would send the RRQ-HA-IP. This finally explains why the WMF states that
the MIP-RK needs to be cached... to generate the RRQ-MN-HA key.
The functionality is there, however all the required information would not
be present at the time of network entry (namely the RRQ-HA-IP) so that
portion of the patch is incomplete.
> -----Original Message-----
> From: Ben Wiechman [mailto:wiechman.lists at gmail.com]
> Sent: Wednesday, February 03, 2010 10:17 AM
> To: freeradius-devel at lists.freeradius.org
> Subject: rlm_wimax - add support for RRQ-HA-MN
>
> Attached patch does two things:
> Removes MN-FA key generation. These keys are generated at the
> authenticator not the AAA so this is not needed.
>
> Adds support to generate the RRQ-MN-HA key.
>
> I am left with two questions.
>
> First - I dug but haven't fully tracked down whether there is any
> validity checking on the IP addresses that arrive in the request
> packets. When testing this by dumping the RRQ-HA-IP address directly
> into the config file with unlang I can see that invalid IP addresses are
> not accepted. Are similar checks performed on packets off the wire and
> where?
>
> Second - is a question of placement of the RRQ-MN-HA generation code.
> These attributes are only needed for CMIP when the MN does not know the
> IP address of the HA during network entry. Is it better to generate the
> appropriate key whenever the RRQ-HA-IP is seen (at the potential expense
> of generating this key if the MN is using PMIP yet somehow the RRQ-HA-IP
> shows up in the request packet as well), or either moving the generation
> of the RRQ-MN-HA keys to the appropriate sections of the switch where
> the MN-HA keys are generated or adding an additional check to the
> generation block to ensure that the appropriate MIP Technology is being
> used.
>
> Ben Wiechman
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mn-fa-key.patch
Type: application/octet-stream
Size: 1741 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20100203/f59b47bc/attachment.obj>
More information about the Freeradius-Devel
mailing list