Basic protocol:

config

existance of one or more keys means we send beacons
	TBD: maybe beacon on | off ?

beacon <seconds>
	periodicity

net_auth key
ad_hoc   key

---------------------------------------------------------------

protocol

Similar to icmp router solicitation mechanism.  MN may choose
to send beacons with certain periodicity.  May also send/response
to broadcast router solicitation/unicast response.

1. mn sends beacons at rate N (say N = 10 seconds)

each beacon contains:
	ip address of sender | mac address of sender |  timestamp OR nonce | 1 or more mac hashes
		flag indicates agent or mn

	sent to broadcast or multicast group

	the sender may cache this information and either:
		1. use it immediately; i.e., setup a cache entry and wait 
			1. a FA should put info in pending list and only install it
			when HA sends back ACK
			2. a MN can install immediately
			3. a HA can install immediately

		INSTALL it as link-layer route post successful authentication.

	MN will hear
		MNs
		FAs/HAs 
		and can install immediately

details:
	icmp_advert   icmp #9 structure

		icmp_router   is IP address for all hosts on this interface

	mseicmp MIPAGENTAD
		short sequence   indicates reboot
		mse_flags	 ADDITION to indicate MN as opposed to agent
		mse_coa		 not present on MNs

	MACMAC
		has mac address in it, must come before all auth. hashes

	INFO
		mn may use this.  but not currently in our config

	AUTH  
		type
		length
		flags
			NETAUTH - netauth key
			ADHOCAUTH - adhoc key
		spi
		hash[16]   (variable length)

Basic protocol:
	sender broadcasts 1 packet.   recv. installs route


-------------------------------------------------------------------
2. OR more like arp, client sends mcast/broadcast solicitation and we get back unicast reply

	1. sender may WANT to arp in kernel and instead
		send router upcall 
		daemon will send out broadcast/multicast icmp router solicitation
	2. recv. sends back unicast reply
		if authentication works
	3. sender installs information

	TBDs: work out packet formats

Basic protocol:
	sender broadcasts 1 solicitation,  recv broadcasts (unicasts) advertisement

	Details:
	router solicitation value is 10, format same otherwise for mobile-ip

	SO: we need to have new id at end that ids who we want to talk to.

packet type
	icmp_advert   icmp #10 structure

		icmp_router   is our IP address

	mseicmp MIPAGENTAD
		short sequence   indicates reboot
		mse_flags	 ADDITION to indicate MN as opposed to agent
		mse_coa		 not present on MNs

	SOLICIT: who
		desired ip

	MACMAC
		has our mac address in it.

	INFO
		mn may use this.  but not currently in our config

	AUTH  
		type
		length
		flags
			NETAUTH - netauth key
			ADHOCAUTH - adhoc key
		spi
		hash[16]   (variable length)
	
-------------------------------------------------------------------

Problems:

1. replay attacks
	use challenge/response?

	define how replay protection should work

	must cover these cases

	FA/HA link-layer access
	mn-mn link-layer access
	mn in adhoc situation with no distributed time
	doppelganger attack
	passive mn attack
		FA1				FA2
			Mn bad 		Mn good

	Mn bad can hear FA1 and FA2,  Mn good and FA2 cannot observe FA1

2. mns will not have time in ad hoc situation