Greg Troxel wrote:
> Which MIPv6 implementation are you running, and are you using KAME
> patches in the kernel?

The Mobile Node is not running on xBSD and it's my employer's
"research prototype".

I'd like to participate the next TAHI interop and for that purpose I
need to setup network connectivity to our IPv6 testbed. But looks like
it will be a difficult task to do...

> A cursory look through netinet/fil.c indicates there isn't any support
> for what you want.  It's likely you are on the bleeding edge, and that
> ipf needs to be extended for MIPv6.

Yeah, I though so.

> One path would be to allow expressing fairly arbitrary combinations of
> headers, such as you suggest.  Another would be (somehow) to enable
> some sort of Mobile IP processing that would, for filtering purposes,
> treat destination options with only home address as not present, so
> that one's normal firewall rules would apply while mobile.  But, some
> people will want to filter these, so that needs to be configurable.

I agree, it should be possible to process Home Address destination
option and Routing Header type 2 somehow.

Martti