(usagi-users 03673) Routing header reversal in Linux kernel

["Sérgio Gomes" <sergiomdgomes@xxxxxxxxx>]

Greetings!

I am trying to get routing headers working in IPv6, specifically the
routing header reversal. That is, the packets I'm sending from one
machine go through a specific route according to the routing header,
and the replies to those packages should follow the same route, in the
opposite direction.

In IPv6 this is implemented with "routing header reversal", that is,
the route (in the routing header) that is received in the destination
machine is inverted, and a routing header with this inverted route is
added to the reply packages. Now, the catch is this can only be done
when there is an authentication layer between the machines (point 8.4
in the IPv6 RFC 2460).

So I implemented a simple system where I connected two machines via a
crossover cable. I used racoon to add authentication between them,
with a simple MD5 check. In theory, the routes should be reversed at
the destination, but the truth is that it doesn't happen: none of the
reply packages have a routing header.

This happens both on listening and active sockets, that is, whether
the machine that receives the packages with routing headers is acting
as a server or a client.

So, I believe the implementation in the Linux kernel is incorrect in
this point. However, I am by no means an expert, and may be
overlooking some detail, like a /proc option or a later RFC that
specifies the AH usage in more detail. Would anyone care to comment on
this?

I am using Linux kernel 2.6.15, without any USAGI patches. The reason
why I am contacting the USAGI project is because from the comments
I've read in the Linux kernel source code, it was this project that
implemented the specific part of the ipv6 implementation that deals
with the aforementioned problem.

I would really appreciate it if anyone could point me in the right
direction, how to get the route reversal working.

Thank you!

Sérgio Gomes,
Portugal