idnits 2.17.00 (12 Aug 2021) /tmp/idnits24842/draft-werner-nsis-natfw-nslp-statemachine-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 22. -- Found old boilerplate from RFC 3978, Section 5.5 on line 1438. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 1415. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 1422. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 1428. ** This document has an original RFC 3978 Section 5.4 Copyright Line, instead of the newer IETF Trust Copyright according to RFC 4748. ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead of the newer disclaimer which includes the IETF Trust according to RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** There are 2 instances of lines with control characters in the document. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (July 17, 2005) is 6151 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: draft-ietf-nsis-nslp-natfw has been published as RFC 5973 ** Downref: Normative reference to an Experimental draft: draft-ietf-nsis-nslp-natfw (ref. '1') == Outdated reference: draft-ietf-pana-statemachine has been published as RFC 5609 == Outdated reference: draft-ietf-eap-statemachine has been published as RFC 4137 Summary: 6 errors (**), 0 flaws (~~), 5 warnings (==), 7 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 NSIS X. Fu 3 Internet-Draft C. Werner 4 Expires: January 18, 2006 Univ. Goettingen 5 H. Tschofenig 6 T. Tsenov 7 Siemens 8 C. Aoun 9 Nortel 10 N. Steinleitner 11 Univ. Goettingen 12 July 17, 2005 14 NAT/FW NSLP State Machine 15 draft-werner-nsis-natfw-nslp-statemachine-01.txt 17 Status of this Memo 19 By submitting this Internet-Draft, each author represents that any 20 applicable patent or other IPR claims of which he or she is aware 21 have been or will be disclosed, and any of which he or she becomes 22 aware will be disclosed, in accordance with Section 6 of BCP 79. 24 Internet-Drafts are working documents of the Internet Engineering 25 Task Force (IETF), its areas, and its working groups. Note that 26 other groups may also distribute working documents as Internet- 27 Drafts. 29 Internet-Drafts are draft documents valid for a maximum of six months 30 and may be updated, replaced, or obsoleted by other documents at any 31 time. It is inappropriate to use Internet-Drafts as reference 32 material or to cite them other than as "work in progress." 34 The list of current Internet-Drafts can be accessed at 35 http://www.ietf.org/ietf/1id-abstracts.txt. 37 The list of Internet-Draft Shadow Directories can be accessed at 38 http://www.ietf.org/shadow.html. 40 This Internet-Draft will expire on January 18, 2006. 42 Copyright Notice 44 Copyright (C) The Internet Society (2005). 46 Abstract 48 This document describes the state machines for the NSIS Signaling 49 Layer Protocol for Network Address Translation/Firewall signaling 50 (NAT/FW NSLP). A set of state machines for NAT/FW NSLP entities at 51 different locations of a signaling path are presented in order to 52 illustrate how NAT/FW NSLP may be implemented. 54 Table of Contents 56 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 57 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . 3 58 3. Notational conventions used in state diagrams . . . . . . . 3 59 4. State Machine Symbols . . . . . . . . . . . . . . . . . . . 6 60 5. Common Rules . . . . . . . . . . . . . . . . . . . . . . . . 7 61 5.1 Common Procedures . . . . . . . . . . . . . . . . . . . . 7 62 5.2 Common Variables . . . . . . . . . . . . . . . . . . . . . 9 63 5.3 Constants . . . . . . . . . . . . . . . . . . . . . . . . 10 64 6. State machine for the NAT/FW NI . . . . . . . . . . . . . . 10 65 7. State machines for the NAT/FW NF . . . . . . . . . . . . . . 14 66 7.1 State machine for NAT/FW Firewall NF . . . . . . . . . . . 15 67 7.2 State machine for NAT/FW NAT NF . . . . . . . . . . . . . 22 68 8. State machine for the NAT/FW NR . . . . . . . . . . . . . . 29 69 9. Security Considerations . . . . . . . . . . . . . . . . . . 33 70 10. Open Issues . . . . . . . . . . . . . . . . . . . . . . . . 34 71 11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . 34 72 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 34 73 12.1 Normative References . . . . . . . . . . . . . . . . . . 34 74 12.2 Informative References . . . . . . . . . . . . . . . . . 34 75 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 35 76 Intellectual Property and Copyright Statements . . . . . . . 37 78 1. Introduction 80 This document describes the state machines for NAT/FW NSLP [1], 81 trying to show how NAT/FW NSLP can be implemented to support its 82 deployment. The state machines described in this document are 83 illustrative of how the NAT/FW NSLP protocol defined in [1] may be 84 implemented for the first NAT/FW NSLP node in the signaling path, 85 intermediate NAT/FW NSLP nodes with Firewall and/or NAT 86 functionality, and the last NAT/FW NSLP node in the signaling path. 87 Where there are differences [1] are authoritative. The state 88 machines are informative only. Implementations may achieve the same 89 results using different methods. 91 The messages used in the NAT/FW NSLP protocol can be summarized as 92 follows: 94 Requesting message Responding message 95 ------------------------+--------------------------- 96 CREATE |RESPONSE 97 REA |RESPONSE 98 QUERY |RESPONSE 99 RESPONSE |NONE 100 NOTIFY |NONE 101 TRIGGER |CREATE 102 ------------------------+--------------------------- 104 We describe a set of state machines for different roles of entities 105 running NAT/FW NSLP to illustrate how NAT/FW NSLP may be implemented. 107 2. Terminology 109 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 110 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 111 document are to be interpreted as described in [2]. 113 3. Notational conventions used in state diagrams 115 The following state transition tables are completed mostly based on 116 the conventions specified in [3]. The complete text is described 117 below. 119 State transition tables are used to represent the operation of the 120 protocol by a number of cooperating state machines each comprising a 121 group of connected, mutually exclusive states. Only one state of 122 each machine can be active at any given time. 124 All permissible transitions from a given state to other states and 125 associated actions performed when the transitions occur are 126 represented by using triplets of (exit condition, exit action, exit 127 state). All conditions are expressions that evaluate to TRUE or 128 FALSE; if a condition evaluates to TRUE, then the condition is met. 129 A state "ANY" is a wildcard state that matches the current state in 130 each state machine. The exit conditions of a wildcard state are 131 evaluated after all other exit conditions of specific to the current 132 state are met. 134 On exit from a state, the procedures defined for the state and the 135 exit condition are executed exactly once, in the order that they 136 appear on the page. (Note that the procedures defined in [4] are 137 executed on entry to a state, which is one major difference from this 138 document.) Each procedure is deemed to be atomic; i.e., execution of 139 a procedure completes before the next sequential procedure starts to 140 execute. No procedures execute outside of a state block. The 141 procedures in only one state block execute at a time, even if the 142 conditions for execution of state blocks in different state machines 143 are satisfied, and all procedures in an executing state block 144 complete execution before the transition to and execution of any 145 other state block occurs, i.e., the execution of any state block 146 appears to be atomic with respect to the execution of any other state 147 block and the transition condition to that state from the previous 148 state is TRUE when execution commences. The order of execution of 149 state blocks in different state machines is undefined except as 150 constrained by their transition conditions. A variable that is set 151 to a particular value in a state block retains this value until a 152 subsequent state block executes a procedure that modifies the value. 154 On completion of the transition from the previous state to the 155 current state, all exit conditions for the current state (including 156 exit conditions defined for the wildcard state) are evaluated 157 continuously until one of the conditions is met. 159 Any event variable is set to TRUE when the corresponding event occurs 160 and set to FALSE immediately after completion of the action 161 associated with the current state and the event. 163 The interpretation of the special symbols and operators is reused 164 from [4] and the state diagrams are based on the conventions 165 specified in [5], Section 8.2.1. 167 The complete text is reproduced here: 169 State diagrams are used to represent the operation of the protocol 170 by a number of cooperating state machines each comprising a group 171 of connected, mutually exclusive states. Only one state of each 172 machine can be active at any given time. 174 All permissible transitions between states are represented by 175 arrows, the arrowhead denoting the direction of the possible 176 transition. Labels attached to arrows denote the condition(s) 177 that must be met in order for the transition to take place. All 178 conditions are expressions that evaluate to TRUE or FALSE; if a 179 condition evaluates to TRUE, then the condition is met. The label 180 UCT denotes an unconditional transition (i.e., UCT always 181 evaluates to TRUE). A transition that is global in nature (i.e., 182 a transition that occurs from any of the possible states if the 183 condition attached to the arrow is met) is denoted by an open 184 arrow; i.e., no specific state is identified as the origin of the 185 transition. When the condition associated with a global 186 transition is met, it supersedes all other exit conditions 187 including UCT. The special global condition BEGIN supersedes all 188 other global conditions, and once asserted remains asserted until 189 all state blocks have executed to the point that variable 190 assignments and other consequences of their execution remain 191 unchanged. 193 On entry to a state, the procedures defined for the state (if any) 194 are executed exactly once, in the order that they appear on the 195 page. Each action is deemed to be atomic; i.e., execution of a 196 procedure completes before the next sequential procedure starts to 197 execute. No procedures execute outside of a state block. The 198 procedures in only one state block execute at a time, even if the 199 conditions for execution of state blocks in different state 200 machines are satisfied, and all procedures in an executing state 201 block complete execution before the transition to and execution of 202 any other state block occurs, i.e., the execution of any state 203 block appears to be atomic with respect to the execution of any 204 other state block and the transition condition to that state from 205 the previous state is TRUE when execution commences. The order of 206 execution of state blocks in different state machines is undefined 207 except as constrained by their transition conditions. A variable 208 that is set to a particular value in a state block retains this 209 value until a subsequent state block executes a procedure that 210 modifies the value. 212 On completion of all of the procedures within a state, all exit 213 conditions for the state (including all conditions associated with 214 global transitions) are evaluated continuously until one of the 215 conditions is met. The label ELSE denotes a transition that 216 occurs if none of the other conditions for transitions from the 217 state are met (i.e., ELSE evaluates to TRUE if all other possible 218 exit conditions from the state evaluate to FALSE). Where two or 219 more exit conditions with the same level of precedence become TRUE 220 simultaneously, the choice as to which exit condition causes the 221 state transition to take place is arbitrary. 223 In addition to the above notation, there are a couple of 224 clarifications specific to this document. First, all boolean 225 variables are initialized to FALSE before the state machine execution 226 begins. Second, the following notational shorthand is specific to 227 this document: 229 = | | ... 230 Execution of a statement of this form will result in 231 having a value of exactly one of the expressions. The logic for 232 which of those expressions gets executed is outside of the state 233 machine and could be environmental, configurable, or based on 234 another state machine such as that of the method. 236 4. State Machine Symbols 238 ( ) Used to force the precedence of operators in Boolean expressions 239 and to delimit the argument(s) of actions within state boxes. 240 ; Used as a terminating delimiter for actions within state boxes. 241 Where a state box contains multiple actions, the order of 242 execution follows the normal language conventions for reading 243 text. 244 = Assignment action. The value of the expression to the right of 245 the operator is assigned to the variable to the left of the 246 operator. Where this operator is used to define multiple 247 assignments, e.g., a = b = X the action causes the value of the 248 expression following the right-most assignment operator to be 249 assigned to all of the variables that appear to the left of the 250 right-most assignment operator. 251 ! Logical NOT operator. 252 && Logical AND operator. 253 || Logical OR operator. 254 if...then... Conditional action. If the Boolean expression following 255 the if evaluates to TRUE, then the action following the then is 256 executed. 257 \{ statement 1, ... statement N \} Compound statement. Braces are 258 used to group statements that are executed together as if they 259 were a single statement. 260 != Inequality. Evaluates to TRUE if the expression to the left of 261 the operator is not equal in value to the expression to the right. 262 == Equality. Evaluates to TRUE if the expression to the left of the 263 operator is equal in value to the expression to the right. 264 > Greater than. Evaluates to TRUE if the value of the expression to 265 the left of the operator is greater than the value of the 266 expression to the right. 268 <= Less than or equal to. Evaluates to TRUE if the value of the 269 expression to the left of the operator is either less than or 270 equal to the value of the expression to the right. 271 ++ Increment the preceding integer operator by 1. 273 5. Common Rules 275 Throughout the document we use terms defined in the [1], such as NI, 276 NF, NR, NI+, NR+, CREATE, QUERY, or RESPONSE. 278 5.1 Common Procedures 280 tx_CREATE(): Transmit a CREATE message 281 tx_CREATE(LIFETIME=0): Transmit CREATE message with lifetime object 282 explicitly set to 0 for session deletion 283 tx_RESP(code,type): Transmit RESPONSE message with specified code 284 (SUCCESS or ERROR) and result type (related to a specific request 285 type message: CREATE, REA or QUERY). A code or result type may be 286 omitted, typically when forwarding received RESPONSE messages. 287 tx_QUERY(): Transmit QUERY message. 288 tx_NOTIFY(): Transmit NOTIFY message. 289 rx_RESP(code, type): Evaluates to TRUE if a RESPONSE message has been 290 received with the specified code (SUCCESS or ERROR) and result 291 type (related to a specific request type message: CREATE, REA or 292 QUERY). If the code or type is omitted, any received RESPONSE 293 message which is only matching the given code or type will 294 evaluate this procedure to TRUE. 295 rx_NOTIFY(): Evaluates to TRUE if a NOTIFY message has been received. 296 rx_QUERY(): Evaluates to TRUE if a QUERY message has been received 297 rx_CREATE(): Evaluates to TRUE if a CREATE message has been received. 298 CHECK_AA(): Checks Authorization and Authentication of the received 299 message. Evaluates to TRUE if the check is successful, otherwise 300 it evaluates to FALSE. This check is performed on all received 301 messages hence it will only be shown within the state machine when 302 the check has failed. This CHECK_AA also MAY include a local 303 policy check for the received message. 304 CHECK_NoNR(): Checks if the message can reach its targeted 305 destination, i.e. the NR if it exists at the targeted host. 306 CHECK_SCOPE(): Checks if the message has reached the network 307 boundaries defined by the SCOPE object. 308 Process Event(): Processes a NOTIFY messages and adapts the behaviour 309 of this node to the new condition. 310 Process Query(): Processes the received QUERY message and prepares 311 the appropriate RESPONSE message. 313 Binding.create(): Creates a public/private network translation 314 binding on a NAT device for the requesting entity. 315 Binding.clear(): Deletes a previously created a public/private 316 network translation binding on a NAT device for the requesting 317 entity. 318 Session.create(): Installs all session related states, variables, 319 bindings, policies. 320 Session.update(): Updates all session related states, variables, 321 bindings, policies based on received CREATE or TRIGGER if 322 applicable. 323 Session.clear(): Removes all session related states, variables, 324 bindings, policies. 325 PckFilter.create(): Installs a packet filter for the new session. 326 PckFilter.update(): Updates the packet filter for changes in the 327 session rules. 328 PckFilter.clear(): Removes a previously set packet filter. 329 Start.STATE_TIMER(identifier): This procedure starts a timer with a 330 certain timespan, which is up to the specific implementation. The 331 parameter 'identifier' identifies this timer uniquely. Any 332 subsequent Start_STATE_TIMER(x), Stop_STATE_TIMER(x), 333 TIMEOUT_STATE(x) refer to the same timer labeled x. This timer is 334 required to time the lifetime of state, which means that when it 335 times out, it indicates the current machine state should be left 336 or its validation has expired. This procedure starts the timer 337 'identifier'. If a timer with the same 'identifier' has 338 already been started and not yet stopped, the timer is now stopped 339 and restarted. After the timer has timed out, the procedure 340 TIMEOUT_STATE(identifier) evaluates to TRUE. The timer does not 341 restart automatically, but must be started again with a 342 Start_STATE_TIMER(identifier). Notice that there is no difference 343 to the Start_REFRESH_TIMER(identifier) procedure which has exactly 344 the same functionality. The different procedure names are only 345 supplied to underline the purpose of this specific timer. 346 Stop.STATE_TIMER(identifier): This procedure stops the timer labeled 347 'identifier'. If it has already been stopped, this procedure has 348 no effect. If the timer has already timed out, this procedure 349 removes the timeout-state from the timer 'identifier', so 350 subsequent calls to TIMEOUT_STATE(identifier) evaluate to FALSE. 351 A timeout cannot occur until the timer 'identifier' has been 352 (re-)started. 353 TIMEOUT.STATE(identifier): This procedure evaluates to TRUE if the 354 timer 'identifier' has timed out and indicates a state lifetime 355 expiration. Subsequent TIMEOUT_STATE(identifier) calls also 356 evaluate to TRUE until the timer 'identifier' has been 357 (re-)started. This procedure cannot evaluate to TRUE if the timer 358 has been stopped. 360 Start.REFRESH_TIMER(identifier): This procedure starts a timer with a 361 certain timespan, which is up to the specific implementation. The 362 parameter 'identifier' identifies this timer uniquely. Any 363 subsequent Start_REFRESH_TIMER(x), Stop_REFRESH_TIMER(x), 364 TIMEOUT_REFRESH(x) refer to the same timer labeled x. This timer 365 times a refresh interval, which means that when it times out, it 366 indicates a state refresh message is due to be sent. This 367 procedure starts the timer 'identifier'. If a timer with the same 368 'identifier' has already been started and not yet stopped, the 369 timer is now stopped and restarted. After the timer has timed 370 out, the procedure TIMEOUT_REFRESH(identifier) evaluates to TRUE. 371 The timer does not restart automatically, but must be started 372 again with a Start_REFRESH_TIMER(identifier). Notice that there 373 is no difference to the Start_STATE_TIMER(identifier) procedure 374 which has exactly the same functionality. The different procedure 375 names are only supplied to underline the purpose of this specific 376 timer. 377 Stop.REFRESH_TIMER(identifier): This procedure stops the timer 378 labeled 'identifier'. If it has already been stopped, this 379 procedure has no effect. If the timer has already timed out, this 380 procedure removes the timeout-state from the timer 'identifier', 381 so subsequent calls to TIMEOUT_REFRESH(identifier) evaluate to 382 FALSE. A timeout cannot occur until the timer 'identifier' has 383 been (re-)started. 384 TIMEOUT.REFRESH(identifier): This procedure evaluates to TRUE if the 385 timer 'identifier' has timed out and indicates a refresh interval 386 expiration. Subsequent TIMEOUT_REFRESH(identifier) calls also 387 evaluate to TRUE until the timer 'identifier' has been 388 (re-)started. This procedure cannot evaluate to TRUE if the timer 389 has been stopped. 390 tg_QUERY: External trigger to send a QUERY message (typically 391 triggered by the application). 392 tg_CREATE: External trigger to send a CREATE message (typically 393 triggered by the application). 394 tg_NOTIFY: External trigger to notify the entity of a new event to be 395 processed (typically triggered by the application) 396 tg_TRIGGER: External trigger to send a TRIGGER message to a NF 397 (typically triggered by the application) 398 tg_TEARDOWN: External trigger to delete a previously created session 399 (typically triggered by the application) 400 tg_REA: External trigger to send a REA message towards an 401 opportunistic address (typically triggered by the application) 403 5.2 Common Variables 404 IS_EDGE: Boolean flag which evaluates to TRUE if the node is on the 405 network edge, otherwise it evaluates to FALSE. 406 IS_PUBLICSIDE: Boolean flag which evaluates to TRUE if the (CREATE- 407 or REA-) message has been received on the public side of the 408 network. 409 CREATE(LIFETIME?): Gets the value of the LIFETIME object in the 410 CREATE message. 411 CREATE(TRIGGER?): Evaluates to TRUE if the received CREATE message 412 indicates a CREATE trigger. 413 CREATE(POLICY?): Gets the policy for the CREATE message. 414 CREATE(SOURCE?): Retrieves the sender of the CREATE message. 415 CREATE(NoNR?): Evaluates to TRUE if the CREATE message has an active 416 NoNR-flag. 417 CREATE(Scope?): Evaluates to TRUE if the CREATE message has an active 418 Scope-flag. 419 Retry_Counter(CREATE): Denotes the current number of retries of 420 CREATE message which has been re-transmitted due to previous 421 RESPONSE_ERROR message. If the number of Retry_Counter(CREATE) 422 equals the value of MAXRETRY(CREATE), the current session creation 423 attempt is aborted and the application is being notified. 424 Retry_Counter(QUERY): Denotes the current number of retries of QUERY 425 message which has been re-transmitted due to previous 426 RESPONSE_ERROR message. If the number of Retry_Counter(QUERY) 427 equals the value of MAXRETRY(QUERY), the current QUERY attempt is 428 aborted and the application is being notified. 429 Retry_Counter(REA): Denotes the current number of retries of REA 430 message which has been re-transmitted due to previous 431 RESPONSE_ERROR message. If the number of Retry_Counter(REA) 432 equals the value of MAXRETRY(REA), the current REA initiation 433 attempt is aborted and the application is being notified. 435 5.3 Constants 437 Max_Retry(CREATE): Contains the maximum number of retransmission 438 attempts of a CREATE message after it is aborted and the 439 application is being notified. 440 Max_Retry(QUERY): Contains the maximum number of retransmission 441 attempts of a QUERY message after it is aborted and the 442 application is being notified. 443 Max_Retry(REA): Contains the maximum number of retransmission 444 attempts of a REA message after it is aborted and the application 445 is being notified. 447 6. State machine for the NAT/FW NI 449 This section presents the state machines for the NSIS initator which 450 is capable of NSLP NAT/FW signaling 451 ----------- 452 State: INITIALIZE 453 ----------- 455 Condition Action State Note 456 ------------------------+-------------------------+-----------+--- 457 UCT |Initialize variables | IDLE |* 458 ------------------------+-------------------------+-----------+--- 460 NOTE: 461 * - Application triggered for forking process 463 ----------- 464 State: IDLE 465 ----------- 467 Condition Action State Note 468 ------------------------+-------------------------+-----------+--- 469 tg_CREATE |tx_CREATE |WAITRESP2- | 470 (sid, sig, pubkey)| (sid, sig, pubkey);| SESSION| 471 |Start.STATE_TIMER |PENDING | 472 | (Response);| | 473 | | | 474 (tg_CREATE (sid)) |tx_CREATE (sid); |WAITRESP1- | 475 |Start.STATE_TIMER | SESSION| 476 | (Response);|PENDING | 477 ------------------------+-------------------------+-----------+--- 478 ----------- 479 State: WAITRESP-SESSION PENDING 480 ----------- 482 Condition Action State Note 483 ------------------------+-------------------------+-----------+--- 484 TIMEOUT.STATE(Response) |Stop.STATE_TIMER |WAITRESP- | 485 | (Response);| SESSION| 486 |retry_counter(Create)++; |PENDING | 487 |if (retry_counter(Create)| | 488 | <=Max_Retry(Create))| | 489 |{Start_STATE_TIMER | | 490 | (Response)| | 491 |tx_CREATE;} | | 492 | | | 493 (rx_RESPONSE(SUCCESS, |Stop.STATE_TIMER |SESSION | 494 Create))| (Response);|ESTABLISHED| 495 |Session.create(); | | 496 |Start.REFRESH_TIMER | | 497 | (Create);| | 498 |retry_counter(Create)=0; | | 499 | | | 500 (Retry_Counter(Create)> |Send info to Appl.; | IDLE | 501 Max_Retry(Create)) |||Stop.STATE_TIMER | | 502 (tg_TEARDOWN) || | (Response);| | 503 (rx_RESPONSE(ERROR, | | | 504 Create))| | | 505 ------------------------+-------------------------+-----------+ 507 ----------- 508 State: WAITRESP1-SESSION PENDING 509 ----------- 511 Condition Action State Note 512 ------------------------+-------------------------+-----------+--- 513 (TIMEOUT.STATE(Response)|Send info to Appl.; |IDLE | 514 || (rx_RESPONSE(ERROR, | | | 515 Create))| | | 516 | | | 517 (rx_RESPONSE(SUCCESS, |Tx_Create(sid, sig, |WAITPKRESP-| 518 Create))| pubkey);| SESSION| 519 |Start.STATE_TIMER |PENDING | 520 | (Response);| | 521 ------------------------+-------------------------+-----------+--- 522 ----------- 523 State: WAITRESP2-SESSION PENDING 524 ----------- 526 Condition Action State Note 527 ------------------------+-------------------------+-----------+--- 528 (tr(RESPONSE(sid)) |tx_CREATE (sid); |WAITRESP- | 529 |Start.STATE_TIMER | SESSION| 530 | (Response);|PENDING | 531 |retry_counter(Create)=0; | | 532 ------------------------+-------------------------+-----------+--- 534 ----------- 535 State: WAITPKRESP-SESSION PENDING 536 ----------- 538 Condition Action State Note 539 ------------------------+-------------------------+-----------+--- 540 (tr(RESPONSE(sid)) |tx_CREATE (sid); |WAITRESP- | 541 |Start.STATE_TIMER | SESSION| 542 | (Response);|PENDING | 543 |retry_counter(Create)=0; | | 544 ------------------------+-------------------------+-----------+--- 546 ----------- 547 State: SESSION ESTABLISHED 548 ----------- 550 Condition Action State Note 551 ------------------------+-------------------------+-----------+--- 552 (rx_RESPONSE |Stop.STATE_TIMER(QDRQ); |SESSION | 553 (SUCCESS, QDRQ))|Send info to appl.; |ESTABLISHED| 554 && (CHECK_AA) | | | 555 | | | 556 | | 557 (rx_RESPONSE |Stop.STATE_TIMER(QDRQ); |SESSION | 558 (ERROR, QDRQ)|retry_counter(QDRQ)++; |ESTABLISHED| 559 || TIMEOUT_STATE(QDRQ)) |If (retry_counter(QDRQ)< | | 560 | Max_Retry(QDRQ)| | 561 |{Start.STATE_TIMER(QDRQ);| | 562 | tx_QDRQ;}| | 563 |else{send info to appl.;}| | 564 | | | 565 (tg_QDRQ) |tx_QDRQ; |SESSION | 566 |Start.STATE_TIMER(QDRQ); |ESTABLISHED| 567 |retry_counter(QDRQ)=0; | | 568 | | | 569 TIMEOUT.REFRESH(Create) |Start.STATE_TIMER |SESSION | 570 | (Response);|ESTABLISHED| 571 |tx_CREATE; | | 572 | | | 573 TIMEOUT.STATE(Response) |Stop.STATE_TIMER |SESSION | 574 | (Response);|ESTABLISHED| 575 |retry_counter(Create)++; | | 576 |If (retry_counter(Create)| | 577 | <=Max_Retry(Create))| | 578 |{Start.STATE_TIMER | | 579 | (Response);| | 580 |tx_CREATE;} | | 581 | | | 582 (rx_RESPONSE(SUCCESS, |Start.REFRESH_TIMER |SESSION | 583 Create))| (Create);|ESTABLISHED| 584 |Stop.STATE_TIMER | | 585 | (Response);| | 586 |retry_counter(Create)=0; | | 587 | | | 588 (rx_NOTIFY)&&(CHECK_AA) |Process Event(); |SESSION | 589 | |ESTABLISHED| 590 | | | 591 (tg_TEARDOWN) |tx_CREATE(LIFETIME=0); |IDLE | 592 |Session.clear(); | | 593 |Stop.REFRESH_TIMER | | 594 | (Create);| | 595 |Stop.STATE_TIMER( | | 596 | Response);| | 597 | | | 598 (retry_counter(Create)> |Send info to Appl.; |IDLE | 599 Max_Retries(Create) |||Session.clear(); | | 600 rx_RESPONSE(ERROR, |Stop.REFRESH_TIMER | | 601 Create))| (Create);| | 602 ------------------------+-------------------------+-----------+ 604 7. State machines for the NAT/FW NF 606 This section describes the state machines for intermediate nodes 607 within the signaling path capable of processing NAT/FW NSLP messages. 608 These nodes typically implement firewall and/or network address 609 translation (NAT) functionality. To keep it simple, the state 610 machines are separated in two independent state machines for nodes 611 with firewall and nodes with NAT functionality. 613 7.1 State machine for NAT/FW Firewall NF 615 ------------------- 616 State: Initialize 617 ------------------- 619 Condition Action State 620 ------------------------+-------------------------+------------ 621 UCT | - |IDLE 622 ------------------------+-------------------------+------------ 624 ------------------- 625 State: IDLE 626 ------------------- 628 Condition Action State 629 ------------------------+-------------------------+------------ 630 (rx_REA) && (!IS_EDGE) |tx_REA; |IDLE 631 | | 632 (rx_CREATE) && |tx_RESPONSE(ERROR, |IDLE 633 !(CHECK_AA) |Create) | 634 | | 635 (rx_RESPONSE (,Rea)) |tx_RESPONSE (,Rea) |IDLE 636 | | 637 (rx_REA) && (IS_EDGE) |tx_RESPONSE(ERROR, Rea) |IDLE 638 | "No NAT here" | 639 | | 640 (rx_UCREATE) && |tx_RESPONSE(ERROR, |IDLE 641 !(CHECK_AA) |UCREATE); | 642 | | 643 ((rx_CREATE(sid)) && |Start.STATE_TIMER |WAITRESP1- 644 (CHECK_AA) && |(Response); |SESSION/ 645 (!IS_PUBLICSIDE)) |tx_CREATE; |USESSION 646 | |PENDING 647 | | 648 (rx_UCREATE) && |tx_RESPONSE(SUCCESS, |WAITRESP- 649 (CHECK_AA) |UCREATE); |SESSION/US 650 |tx_CREATE; |ESSION 651 |Retry_Counter(Create)=0; |PENDING 652 |Start.STATE_TIMER(Respons| 653 |e); | 654 | | 655 (rx_CREATE) && |tx_RESPONSE(SUCCESS, |NoNR/Scope- 656 (CHECK_AA) |Create), |WaitResponse 657 && ((CREATE(NoNR?) && |tx_CREATE; | 658 CHECK_NoNR) || | Start.STATE_TIMER(Respon| 659 CREATE(Scope?) && |se) | 660 CHECK_Scope)) | | 661 ------------------------+-------------------------+------------ 662 ------------------- 663 State: NoNR/Scope-WaitResponse 664 ------------------- 666 Condition Action State 667 ------------------------+-------------------------+------------ 668 (retry_Counter(Create)> |Send info to Appl.; |IDLE 669 Max_Retry(Create)) || |Stop.STATE_TIMER(Response| 670 (tg_TEARDOWN)) |); | 671 | | 672 rx_RESPONSE(SUCCESS, |Stop.STATE_TIMER(Response|NoNR/Scope 673 Create) |); |Sessions 674 |Session.create(); |Established 675 |PckFilter.create(); | 676 |Start.STATE_TIMER(Create)| 677 |; | 678 |Start.REFRESH_TIMER(Creat| 679 |eB); | 680 |retry_counter(Create)=0; | 681 |Retry_counter(CreateB)=0;| 682 ------------------------+-------------------------+------------ 684 ------------------------------ 685 State: NoNR/ScopeSessions Established 686 ------------------------------ 688 Condition Action State 689 ------------------------+-------------------------+------------ 690 (rx_CREATE) && |tx_RESPONSE_SUCCESS(Creat|NoNR/Scope 691 (CHECK_AA) && |e); |Sessions 692 [CHECK_LP] && |Start_STATE_TIMER(Create)|Established 693 (CREATE(LIFETIME?)>0) |; | 694 | | 695 (tg_NOTIFY) |tx_NOTIFY |NoNR/Scope 696 | |Sessions 697 | |Established 698 | | 699 (rx_CREATE) && |tx_RESPONSE(ERROR, |NoNR/Scope 700 !(CHECK_AA)) |Create); |Sessions 701 | |Established 702 | | 703 (rx_RESPONSE(ERROR, |Stop.STATE_TIMER(Response|NoNR/Scope 704 Create) || |); |Sessions 705 TIMOUT.STATE(Response))|retry_counter(Create)++; |Established 706 | if | 707 |(retry_counter(Create)<=M| 708 |ax_Retry(Create)) | 709 |{Start.STATE_TIMER(Respon| 710 |se); | 711 |tx_CREATE;} | 712 | | 713 (rx_QDRQ) && (CHECK_AA)|Process QDRQ(); |NoNR/Scope 714 | tx_RESPONSE (,QDRQ) |Sessions 715 | |Established 716 | | 717 (TIMEOUT.REFRESH(CreateB|retry_counter(CreateB)++;|NoNR/Scope 718 )) |If |Sessions 719 |(retry_counter(CreateB)<=|Established 720 |Max_retries) | 721 |{tx_CREATE; | 722 |Start.TIMER_STATE(Respons| 723 |eB);} | 724 | | 725 (tg_TEARDOWN) || |Session.clear(); |IDLE 726 ((rx_CREATE) && |PckFilter.clear(); | 727 (CREATE(LIFETIME?)==0)) |Stop.STATE_TIMER(Create);| 728 || | Stop.REFRESH_TIMER(Creat| 729 TIMEOUT_STATE(Create) |||eB); | 730 (retry_counter(CreateB)>|tx_CREATE(LIFETIME=0); | 731 Max_Retries(CreateB)) ||| | 732 || | | 733 (retry_counter(Create)> | | 734 Max_Retries(Create)) | | 735 ------------------------+-------------------------+------------ 737 ------------------------------ 738 State: WAITRESP1-SESSION/USESSION PENDING 739 ------------------------------ 741 Condition Action State 742 ------------------------+-------------------------+------------ 743 ((rx_RESPONSE(success)) |Session.create(); |WAITPKRESP- 744 && (CHECK_AA) |Start.STATE_TIMER |SESSION/ 745 |(Response); |USESSION 746 |tx_RESPONSE; Scheme = 1 |PENDING 747 | | 748 (TIMEOUT.STATE(Response)| |IDLE 749 ------------------------+-------------------------+------------ 750 ----------------------------------- 751 State: WAITPKRESP-SESSION/USESSION PENDING 752 ----------------------------------- 754 Condition Action State 755 ------------------------+-------------------------+------------ 756 ((rx_RESPONSE(success)) |pubkey.create(); |WAITRESP- 757 && (CHECK_AA) |Start.STATE_TIMER |SESSION/ 758 |(Response); |USESSION 759 |tx_RESPONSE; |PENDING 760 | | 761 (TIMEOUT.STATE(Response)|Session.remove() |IDLE 762 && (scheme ==2) | | 763 ------------------------+-------------------------+------------ 764 ---------------------------------------- 765 State: WAITRESP-SESSION/USESSION PENDING 766 ---------------------------------------- 768 Condition Action State 769 ------------------------+-------------------------+------------ 770 (TIMEOUT.STATE(Response)|Retry_counter(CREATE)++; |WAITRESP- 771 |If |SESSION/ 772 |(retry_counter(CREATE)<=M|USESSION 773 |ax_Retries(CREATE)) |PENDING 774 |{Start.STATE_TIMER(Respon| 775 |se); tx_CREATE} | 776 | | 777 (rx_RESPONSE(SUCCESS, |Stop.STATE_TIMER(Response|SESSION 778 CREATE) from NR) |); |ESTA- 779 && (CHECK_AA) |Session.create(); |BLISHED 780 |PckFilter.create(); | 781 |Start.REFRESH_TIMER(Creat| 782 |e); | 783 |tx_RESPONSE(SUCCESS, | 784 |Create); | 785 | | 786 (TIMEOUT.STATE(Response)|Pubkey.remove() |WAITPKRESP 787 | |-SESSION/ 788 | |USESSION 789 | |PENDING 790 | | 791 (rx_RESPONSE(ERROR, |Stop.STATE_TIMER(Response|IDLE 792 Create) || |); | 793 if(Retry_counter)>Max_R|Send info to appl. | 794 etries(CREATE) | | 795 | | 796 (rx_RESPONSE(SUCCESS, |Stop.STATE_TIMER(Response|SESSION 797 Create) from NI) |); |ESTA- 798 && (CHECK_AA) |Session.create(); |BLISHED 799 |PckFilter.create(); | 800 |Start.STATE_TIMER(Create)| 801 |; | 802 |tx_RESPONSE(SUCCESS, | 803 |Create); | 804 ------------------------+-------------------------+---------- 806 -------------------------- 807 State: SESSION ESTABLISHED 808 -------------------------- 810 Condition Action State 812 ------------------------+-------------------------+------------ 813 (rx_RESPONSE (,QDRQ)) &&|tx_RESPONSE(.QDRQ) |SESSION 814 (CHECK_AA) | |ESTABLISHED 815 | | 816 (tg_NOTIFY) |tx_NOTIFY |SESSION 817 | |ESTABLISHED 818 | | 819 (rx_NOTIFY) && |Process Event(), |SESSION 820 (CHECK_AA) |tx_NOTIFY |ESTABLISHED 821 | | 822 (rx_CREATE) && |tx_RESPONSE(ERROR, |SESSION 823 !(CHECK_AA) |Create); |ESTABLISHED 824 | | 825 (rx_TRIGGER) && |tx_TRIGGER |SESSION 826 (Check_AA) && | |ESTABLISHED 827 (!IS_EDGE) | | 828 | | 829 (rx_RESPONSE(SUCCESS, |Start.STATE_TIMER(Create)|SESSION 830 Create)) |; tx_RESPONSE(SUCCESS, |ESTABLISHED 831 |Create); | 832 |Stop.STATE_TIMER(Response| 833 |); | 834 |retry_counter(Create)=0; | 835 | | 836 (rx_QDRQ) && (CHECK_AA)|Process QDRQ(); tx_QDRQ |SESSION 837 | |ESTABLISHED 838 | | 839 TIMEOUT.STATE(Response) |Stop.STATE_TIMER(Response|SESSION 840 |); |ESTABLISHED 841 |retry_counter(Create)++; | 842 |If | 843 |(retry_counter(Create)<=M| 844 |ax_Retries(Create)) | 845 |{Start.STATE_TIMER(Respon| 846 |se); tx_CREATE;} | 847 | | 848 (TIMEOUT.REFRESH |Start.STATE_TIMER(Respons|SESSION 849 (Create)) |e); |ESTABLISHED 850 |tx_CREATE; | 851 | | 852 (rx_CREATE) && |tx_CREATE |SESSION 853 (CHECK_AA) && | |ESTABLISHED 854 (CREATE(LIFETIME?)>0) | | 855 | | 856 (TIMEOUT.STATE (Create) |Stop.REFRESH_TIMER(Create|IDLE 857 || (tg_TEARDOWN) || |); | 858 (retry_counter(Create)> |Session.clear(); | 859 Max_Retries(Create) || |PckFilter.clear(); | 860 rx_RESPONSE(ERROR, |Send info to Appl.; | 861 Create)) | | 862 ------------------------+-------------------------+------------ 864 7.2 State machine for NAT/FW NAT NF 866 ------------------- 867 State: Initialize 868 ------------------- 870 Condition Action State 871 ------------------------+-------------------------+------------ 872 UCT | |IDLE 873 ------------------------+-------------------------+------------ 874 ------------------- 875 State: IDLE 876 ------------------- 878 Condition Action State 879 ------------------------+-------------------------+------------ 880 rx_REA && (CHECK_AA) |tx_RESPONSE(ERROR, REA) |IDLE 881 && (IS_PUBLICSIDE) | "No reservation made" | 882 | | 883 rx_REA&& (IS_PUBLICSIDE)|tx_RESPONSE(ERROR, REA) |IDLE 884 | "Rea on public side" | 885 | | 886 rx_REA && (CHECK_AA) |Binding_create(); |REA 887 && (I _EDGE) && | Start.STATE_TIMER(Rea);| 888 (!IS_ UBLICSIDE) | Start.REFRESH_TIMER(Create); 889 | tx_RESPONSE(SUCCESS, Rea); 890 | | 891 | Start.STATE_TIMER(Response); 892 | tx_CREATE | 893 | | 894 | | 895 rx_UCREATE && (CHECK_AA)|tx_RESPONSE(SUCCESS,UCREA|WAITRESP- 896 |TE);tx_CREATE; | SESSION/ 897 | Retry_counter(Create)=0| USESSION 898 | Start.STATE_TIMER(Respo| PENDING 899 | nse) | 900 | | 901 rx_REA && (CHECK_AA) |Binding_create(); |Non-edge 902 &&(!IS_EDGE) && | PckFilter.create(); | NAT Binding 903 (!IS_PUBLICSIDE) | Start.STATE_TIMER(Rea);| 904 | tx_REA; | 905 | | 906 (rx_CREATE(sid) |Start.STATE_TIMER(Respons|WAITRESP- 907 && (CHECK_AA) |e); tx_CREATE(); scheme=1| SESESION 908 && (!US_PUBLICSIDE)) | | 909 | | 910 (rx_CREATE(sid,sig, |Start.STATE_TIMER(Respons|WAITRESP- 911 pubkey)) && (CHECK_AA) |e); tx_CREATE(); scheme=2| SESSION/ 912 && (!US_PUBLICSIDE)) | | USESSION 913 | | PENDING 914 ------------------------+-------------------------+------------ 915 ------------------- 916 State: REA 917 ------------------- 919 Condition Action State 920 ------------------------+-------------------------+------------ 921 TIMEOUT.STATE(Create) |Start.STATE_TIMER(Rea); |REA 922 | Start.STATE_TIMER(Respo| 923 | nse); tx_CREATE; | 924 | Retry_Counter(Create)=0| 925 | | 926 rx_QDRQ && (CHECK_AA) |tx_RESPONSE(QDRQ) | 927 | | 928 rg_Notify |tx_Notify | 929 | | 930 TIMEOUT.STATE(Response) |Stop.STATE_TIMER(Response)|REA 931 | Retry_Counter(Create)++;| 932 | If(Retry_Counter(Create)| 933 | <=Max_Retry(Create)) { | 934 | tx_CREATE; | 935 | Start.STATE_TIMER(Respon| 936 | se); } | 937 | | 938 rx_RESPONSE(from NI) && |Start.STATE_TIMER(Respons|WAITRESP- 939 (CHECK_AA) | e); Stop.REFRESH_TIMER | REA+NI- 940 | (Create); tx_CREATE; | SESSION 941 | | PENDING 942 | | 943 rx_RESPONSE(SUCCESS, |Stop.STATE_TIMER(Response);|REA 944 Create) |Start.REFRESH_TIMER(Create)| 945 | | 946 TIMEOUT.STATE(Rea) |Binding.clear(); |IDLE 947 ------------------------+-------------------------+------------ 948 ------------------- 949 State: WAITRESP-REA+NI-SESSION PENDING 950 ------------------- 952 Condition Action State 953 ------------------------+-------------------------+------------ 954 rx_RESPONSE(ERROR, | |REA 955 Create)||TIMEOUT.STATE| | 956 (Response) | | 957 | | 958 rx_RESPONSE(SUCCESS, |Stop.STATE_TIMER | 959 Create) | (Response); | 960 | Session.clear(); | 961 | Session.create(); | 962 | PckFilter.create(); | 963 | Start_STATE_TIMER | 964 | (Create); | 965 | tx_REPONSE(SUCCESS, | 966 | Create); | 967 ------------------------+-------------------------+------------ 969 ------------------- 970 State: WAITRESP1-SESSION/USESSION PENDING 971 ------------------- 973 Condition Action State 974 ------------------------+-------------------------+------------ 975 TIMEOUT.STATE(Response)| |IDLE 976 | | 977 ((rx_RESPONSE(success)) |Session.create(); |WAITPKRESP- 978 && (CHECK_AA) |Start.STATE_TIMER |SESSION/ 979 |(Response); |USESSION 980 |tx_RESPONSE; Scheme = 1 |PENDING 981 ------------------------+-------------------------+------------ 982 -------------------------- 983 State: WAITPKRESP-SESSION/USESSION PENDING 984 -------------------------- 986 Condition Action State 987 ------------------------+-------------------------+------------ 988 (TIMEOUT.STATE(Response)|Session.remove() |IDLE 989 && (scheme ==2)) | | 990 | | 991 ((rx_RESPONSE(success)) |pubkey.create(); |WAITRESP- 992 && (CHECK_AA) |Start.STATE_TIMER |SESSION/ 993 |(Response); |USESSION 994 |tx_RESPONSE; |PENDING 995 | | 996 (TIMEOUT.STATE(Response)| Session.remove() |WAITRESP1- 997 && (scheme ==1) | |SESSION/ 998 | |USESSION 999 | |PENDING 1000 ------------------------+-------------------------+------------ 1002 -------------------------- 1003 State: WAITRESP-SESSION/USESSION PENDING 1004 -------------------------- 1005 Condition Action State 1006 ------------------------+-------------------------+------------ 1007 (rx_RESPONSE(ERROR, |Stop.STATE_TIMER(Response|IDLE 1008 Create) || |); | 1009 | | 1010 (TIMEOUT.STATE(Response)|Pubkey.remove() |WAITPKRESP- 1011 | |SESSION/ 1012 | |USESSION 1013 | |PENDING 1014 | | 1015 (rx_RESPONSE(SUCCESS, |Stop.STATE_TIMER(Response|SESSION 1016 CREATE) from NR) |); |ESTA- 1017 && (CHECK_AA) |Session.create(); |BLISHED 1018 |PckFilter.create(); | 1019 |Start.REFRESH_TIMER(Creat| 1020 |e); | 1021 |tx_RESPONSE(SUCCESS, | 1022 |Create); | 1023 ------------------------+-------------------------+------------ 1024 -------------------------- 1025 State: Non-edge NAT Binding 1026 -------------------------- 1028 Condition Action State 1029 ------------------------+-------------------------+------------ 1030 (TIMEOUT.STATE (Rea) || |Binding.clear(); |IDLE 1031 rx_RESPONSE(ERROR, |PckFilter.clear(); | 1032 Rea)) | | 1033 | | 1034 (rx_RESPONSE (,QDRQ)) &&|tx_RESPONSE(,QDRQ); |Non-edge 1035 (CHECK_AA) | |NAT Binding 1036 | | 1037 (rx_QDRQ) && (CHECK_AA) |Process QDRQ(); tx_QDRQ;|Non-edge 1038 | |NAT Binding 1039 | | 1040 (rx_TRIGGER) && |PckFilter.update(); |Non-edge 1041 (CHECK_AA) |Start.STATE_TIMER(Rea); |NAT Binding 1042 |tx_TRIGGER; | 1043 | | 1044 (rx_CREATE) && |Stop.STATE_TIMER(Rea); |WAITRESP- 1045 (CHECK_AA) |Start.STATE_TIMER |SESSION/ 1046 |(Response); |USESSION 1047 |tx_CREATE; |PENDING 1048 ------------------------+-------------------------+------------ 1050 -------------------------- 1051 State: SESSION ESTABLISHED 1052 -------------------------- 1054 Condition Action State 1055 ------------------------+-------------------------+------------ 1056 (TIMEOUT.STATE (Create) |Stop.REFRESH_TIMER(Create|IDLE 1057 || (tg_TEARDOWN) || |); | 1058 (retry_counter(Create)> |Session.clear(); | 1059 Max_Retries(Create) || |PckFilter.clear(); | 1060 rx_RESPONSE(ERROR, |Send info to Appl.; | 1061 Create)) | | 1062 | | 1063 ((rx_CREATE) && |tx_CREATE(LIFETIME=0); |IDLE 1064 (CHECK_AA) && |Session.clear(); | 1065 (CREATE(LIFETIME)==0)) |PckFilter.clear();?Stop.S| 1066 |TATE_TIMER(Create); | 1067 |Stop.REFRESH_TIMER(Create| 1068 |); | 1069 |Stop.STATE_TIMER(Response| 1070 |); | 1071 | | 1072 (rx_TRIGGER) && |PckFilter.update(); |SESSION 1073 (!IS_EDGE) && |tx_TRIGGER; |ESTABLISHED 1074 (CHECK_AA) | | 1075 | | 1076 (rx_QDRQ) && (CHECK_AA)|Process QDRQ(); tx_QDRQ;|SESSION 1077 | |ESTABLISHED 1078 | | 1079 (tg_NOTIFY) |tx_NOTIFY; |SESSION 1080 | |ESTABLISHED 1081 | | 1082 (rx_CREATE) && |tx_RESPONSE(ERROR, |SESSION 1083 !(CHECK_AA) |Create); |ESTABLISHED 1084 | | 1085 rx_RESPONSE(ERROR, |tx_RESPONSE(ERROR, |SESSION 1086 Create) |Create); |ESTABLISHED 1087 | | 1088 (rx_RESPONSE(SUCCESS, |Start.STATE_TIMER(Create)|SESSION 1089 Create)) |; tx_RESPONSE(SUCCESS, |ESTABLISHED 1090 |Create); | 1091 |Stop.STATE_TIMER(Response| 1092 |); | 1093 |retry_counter(Create)=0; | 1094 | | 1095 rx_RESPONSE(SUCCESS, |Start.STATE_TIMER(Create)|SESSION 1096 Create) |; tx_RESPONSE(SUCCESS, |ESTABLISHED 1097 |Create); | 1098 | | 1099 TIMEOUT.STATE(Response) |Stop.STATE_TIMER(Response|SESSION 1100 |); |ESTABLISHED 1101 |retry_counter(Create)++; | 1102 |If | 1103 |(retry_counter(Create)<=M| 1104 |ax_Retries(Create)) | 1105 |{Start.STATE_TIMER(Respon| 1106 |se); tx_CREATE;} | 1107 | | 1108 rx_CREATE) && |PckFilter.update(): |SESSION 1109 CREATE(LIFETIME?)>0) &&|tx_CREATE; |ESTABLISHED 1110 CHECK_AA) | | 1111 | | 1112 (rx_NOTIFY) && |Process |SESSION 1113 (CHECK_AA) |Event(); tx_NOTIFY; |ESTABLISHED 1114 | | 1115 (rx_RESPONSE (QDRQ)) && |tx_RESPONSE (QDRQ); |SESSION 1116 (CHECK_AA) | |ESTABLISHED 1117 ------------------------+-------------------------+------------ 1119 8. State machine for the NAT/FW NR 1121 This section presents the state machines for the NSIS responder which 1122 is capable of NSLP NAT/FW signaling 1124 ----------- 1125 State: INITIALIZE 1126 ----------- 1128 Condition Action State Note 1129 ------------------------+-------------------------+-----------+--- 1130 UCT |Initialize variables | IDLE |* 1131 ------------------------+-------------------------+-----------+--- 1133 NOTE: 1134 * - Application triggered for forking process 1136 ----------- 1137 State: IDLE 1138 ----------- 1140 Condition Action State Note 1141 ------------------------+-------------------------+-----------+--- 1142 ((rx_CREATE(sid)) && |Start.STATE_TIMER |WAITRESP1- | 1143 (CHECK_AA) && | (Response);| SESSION/ | 1144 (!IS_PUBLICSIDE)) |tx_CREATE; |USESSION | 1145 | |PENDING | 1146 | | | 1147 (rx_CREATE)&&!(CHECK_AA)|tx_RESPONSE(ERROR, |IDLE | 1148 | Create);| | 1149 | | | 1150 (tg_UCREATE) |(tx_UCREATE); |WAITRESP - | 1151 |retry_counter(UCREATE)=0;| UCREATE/| 1152 |Start.STATE_TIMER |REA PENDING| 1153 | (Response);| | 1154 | | | 1155 (tg_REA) |tx_REA; |WAITRESP - | 1156 |retry_counter(REA)=0; | UCREATE/| 1157 |Start.STATE_TIMER |REA PENDING| 1158 | (Response);| | 1159 ------------------------+-------------------------+-----------+ 1160 ----------- 1161 State: WAITRESP -UCREATE/REA PENDING 1162 ----------- 1164 Condition Action State Note 1165 ------------------------+-------------------------+-----------+--- 1166 (Retry_counter(REA)> |Send info to Appl.; | IDLE | 1167 Max_Retries(REA)) ||| | | 1168 try_counter(UCREATE)> | | | 1169 Max_Retries(UCREATE)) ||| | | 1170 rx_RESPONSE | | | 1171 (ERROR, UCREATE)) ||| | | 1172 rx_RESPONSE(ERROR, Rea))| | | 1173 | | | 1174 TIMEOUT.STATE(Response))|Retry_counter |WAITRESP - | 1175 | (REA/UCREATE)++;| UCREATE/| 1176 |If (retry_counter |REA PENDING| 1177 | (REA/UCREATE)<=| | 1178 |Max_Retry(REA/UCREATE)) | | 1179 |{Start.STATE_TIMER | | 1180 | (Response);| | 1181 |tx_REA/tx_UCREATE} | | 1182 | | | 1183 (rx_RESPONSE |Stop.STATE_TIMER |TRIGGERED | 1184 (SUCCESS, REA)) ||| (Response);|CREATE/ | 1185 (rx_RESPONSE |Start.STATE_TIMER | UCREATE| 1186 (SUCCESS, UCREATE))| (CREATE);|PENDING | 1187 ------------------------+-------------------------+-----------+ 1188 ----------- 1189 State: TRIGGERED CREATE/UCREATE PENDING 1190 ----------- 1192 Condition Action State Note 1193 ------------------------+-------------------------+-----------+--- 1194 (Retry_counter(Create)> | Send info to appl.; | IDLE | 1195 Max_Retries(Create)| | | 1196 | | | 1197 (rx_CREATE)&& (CHECK_AA)|tx_RESPONSE |SESSION | 1198 | (SUCCESS, Create);|ESTABLISHED| 1199 |Stop.STATE_TIMER(CREATE);| | 1200 |Session.create(); | | 1201 |PckFilter.create(); | | 1202 |Send Info to Appl. |WAITRESP - | 1203 |((Start.REFRESH_TIMER | REATE/| 1204 | (UCreate);|REA PENDING| 1205 |retry_counter | | 1206 | (UCreate)=0;))| | 1207 | | | 1208 (TIMEOUT.STATE(CREATE) |Retry_counter(CREATE)++; |TRIGGERED | 1209 |If (retry_counter(CREATE)|CREATE/ | 1210 | <=Max_Retries(CREATE))| UCREATE| 1211 |{Start.STATE_TIMER |PENDING | 1212 | (CREATE)}| | 1213 ------------------------+-------------------------+-----------+ 1215 ----------- 1216 State: SESSION ESTABLISHED 1217 ----------- 1219 Condition Action State Note 1220 ------------------------+-------------------------+-----------+--- 1221 (tg_NOTIFY) |tx_NOTIFY; |SESSION | 1222 | |ESTABLISHED| 1223 | | | 1224 (rx_NOTIFY) &&(CHECK_AA)|Process Event(); |SESSION | 1225 | |ESTABLISHED| 1226 | | | 1227 (rx_QDRQ) && (CHECK_AA) |Process QDRQ(); |SESSION | 1228 |tx_RESPONSE |ESTABLISHED| 1229 | (SUCCESS,Query);| | 1230 | | | 1231 (rx_RESPONSE |Start.REFRESH_TIMER |SESSION | 1232 (SUCCESS,UCreate))| (Create);|ESTABLISHED| 1233 |Stop.STATE_TIMER | | 1234 | (Response);| | 1235 |retry_counter(UCreate)=0;| | 1236 | | | 1237 (TIMEOUT.REFRESH |Start.STATE_TIMER |SESSION | 1238 (UCreate))| (Response);|ESTABLISHED| 1239 |tx_UCREATE; | | 1240 | | | 1241 | | | 1242 (rx_CREATE) && |tx_RESPONSE(SUCCESS, |SESSION | 1243 (CREATE(LIFETIME)>0)| Create);|ESTABLISHED| 1244 && (CHECK_AA) |Start.STATE_TIMER | | 1245 | (Create);| | 1246 | | | 1247 TIMEOUT.STATE(Response) |Stop.STATE_TIMER |SESSION | 1248 || rx_RESPONSE(ERROR, | (Response);|ESTABLISHED| 1249 UCreate))|retry_counter(UCreate)++;| | 1250 |If(retry_counter(UCreate)| | 1251 | <=Max_Retries(UCreate))| | 1252 |{Start.STATE_TIMER | | 1253 | (Response);| | 1254 |tx_UCREATE;} | | 1255 | | | 1256 (rx_CREATE)&&!(CHECK_AA)|tx_RESPONSE(ERROR, |SESSION | 1257 | Create);|ESTABLISHED| 1258 | | | 1259 (rx_CREATE) && |Session.clear(); | IDLE | 1260 (CREATE(LIFETIME)==0)|PckFilter.clear(); | | 1261 && (CHECK_AA)) || |Send Info to Appl.; | | 1262 (TIMEOUT.STATE(Create)) | | | 1263 ||(tg_TEARDOWN) || | | | 1264 (retry_counter(UCreate)>| | | 1265 Max_Retries(UCreate) | | | 1266 ------------------------+-------------------------+-----------+ 1267 ----------- 1268 State: WAITPKRESP-SESSION/ USESSION PENDING 1269 ----------- 1271 Condition Action State Note 1272 ------------------------+-------------------------+-----------+--- 1273 (rx_CREATE) &&(CHECK_AA)|tx_RESPONSE(SUCCESS, |SESSION | 1274 | Create);|ESTABLISHED| 1275 |Start.STATE_TIMER | | 1276 | (Create);| | 1277 |Session.create(); | | 1278 |PckFilter.create(); | | 1279 |Send Info to Appl. | | 1280 | | | 1281 (TIMEOUT.STATE(Response)|Session.remove() |WAITRESP1- | 1282 && (scheme ==1)| | SESSION/| 1283 | |USESSION | 1284 | |PENDING | 1285 | | | 1286 (TIMEOUT.STATE(Response)|Session.remove() | IDLE | 1287 && (scheme ==2)| | | 1288 ------------------------+-------------------------+-----------+ 1290 ----------- 1291 State: WAITRESP1-SESSION/ USESSION PENDING 1292 ----------- 1294 Condition Action State Note 1295 ------------------------+-------------------------+-----------+--- 1296 ((rx_RESPONSE(success)) |Session.create(); |WAITPKRESP-| 1297 && (CHECK_AA)|Start.STATE_TIMER | SESSION/| 1298 | (Response);|USESSION | 1299 |tx_RESPONSE; Scheme = 1;|PENDING | 1300 | | | 1301 (TIMEOUT.STATE(Response)| | IDLE | 1302 ------------------------+-------------------------+-----------+ 1304 9. Security Considerations 1306 This document does not raise new security considerations. Any 1307 security concerns with the NAT/FW NSLP are likely reflected in 1308 security related NSIS work already (such as [1] or [6]). 1310 For the time being, the state machines described in this document do 1311 not consider the security aspect of NAT/FW NSLP protocol itself. A 1312 future version of this document will add security relevant states and 1313 state transitions. 1315 10. Open Issues 1317 Since 00 version, we added session ownership and UCREATE and some 1318 clarifications according to the specification evolution. Route 1319 change handling and Nonce object, as well as the open issues in [1] 1320 will be added in future versions of this document. 1322 11. Acknowledgments 1324 The authors would like to thank Martin Stiemerling for his valuable 1325 comments and discussions. 1327 12. References 1329 12.1 Normative References 1331 [1] Stiemerling, M., "NAT/Firewall NSIS Signaling Layer Protocol 1332 (NSLP)", draft-ietf-nsis-nslp-natfw-07 (work in progress), 1333 July 2005. 1335 [2] Bradner, S., "Key words for use in RFCs to Indicate Requirement 1336 Levels", RFC 2119, March 1997. 1338 12.2 Informative References 1340 [3] Fajardo, V., "State Machines for Protocol for Carrying 1341 Authentication for Network Access (PANA)", 1342 draft-ietf-pana-statemachine-01 (work in progress), July 2005. 1344 [4] Vollbrecht, J., Eronen, P., Petroni, N., and Y. Ohba, "State 1345 Machines for Extensible Authentication Protocol (EAP) Peer and 1346 Authenticator", draft-ietf-eap-statemachine-06 (work in 1347 progress), December 2004. 1349 [5] Institute of Electrical and Electronics Engineers, "DRAFT 1350 Standard for Local and Metropolitan Area Networks: Port-Based 1351 Network Access Control (Revision)", IEEE 802-1X-REV/D9, 1352 January 2004. 1354 [6] Tschofenig, H. and D. Kroeselberg, "Security Threats for NSIS", 1355 RFC 4081, June 2005. 1357 Authors' Addresses 1359 Constantin Werner 1360 University of Goettingen 1361 Telematics Group 1362 Lotzestr. 16-18 1363 Goettingen 37083 1364 Germany 1366 Email: werner@cs.uni-goettingen.de 1368 Xiaoming Fu 1369 University of Goettingen 1370 Telematics Group 1371 Lotzestr. 16-18 1372 Goettingen 37083 1373 Germany 1375 Email: fu@cs.uni-goettingen.de 1377 Hannes Tschofenig 1378 Siemens 1379 Otto-Hahn-Ring 6 1380 Munich, Bayern 81739 1381 Germany 1383 Email: Hannes.Tschofenig@siemens.com 1385 T. Tsenov 1386 Siemens 1387 Otto-Hahn-Ring 6 1388 Munich, Bayern 81739 1389 Germany 1391 Email: tseno.tsenov@mytum.de 1393 Cedric Aoun 1394 Nortel Networks/ENST Paris 1396 Email: cedric.aoun@nortelnetworks.com 1397 Niklas Steinleitner 1398 University of Goettingen 1399 Telematics Group 1400 Lotzestr. 16-18 1401 Goettingen 37083 1402 Germany 1404 Email: nsteinleitner@cs.uni-goettingen.de 1406 Intellectual Property Statement 1408 The IETF takes no position regarding the validity or scope of any 1409 Intellectual Property Rights or other rights that might be claimed to 1410 pertain to the implementation or use of the technology described in 1411 this document or the extent to which any license under such rights 1412 might or might not be available; nor does it represent that it has 1413 made any independent effort to identify any such rights. Information 1414 on the procedures with respect to rights in RFC documents can be 1415 found in BCP 78 and BCP 79. 1417 Copies of IPR disclosures made to the IETF Secretariat and any 1418 assurances of licenses to be made available, or the result of an 1419 attempt made to obtain a general license or permission for the use of 1420 such proprietary rights by implementers or users of this 1421 specification can be obtained from the IETF on-line IPR repository at 1422 http://www.ietf.org/ipr. 1424 The IETF invites any interested party to bring to its attention any 1425 copyrights, patents or patent applications, or other proprietary 1426 rights that may cover technology that may be required to implement 1427 this standard. Please address the information to the IETF at 1428 ietf-ipr@ietf.org. 1430 Disclaimer of Validity 1432 This document and the information contained herein are provided on an 1433 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 1434 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET 1435 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, 1436 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE 1437 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 1438 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 1440 Copyright Statement 1442 Copyright (C) The Internet Society (2005). This document is subject 1443 to the rights, licenses and restrictions contained in BCP 78, and 1444 except as set forth therein, the authors retain all their rights. 1446 Acknowledgment 1448 Funding for the RFC Editor function is currently provided by the 1449 Internet Society.