summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--accel-pppd/CMakeLists.txt2
-rw-r--r--accel-pppd/extra/chap-secrets.c6
-rw-r--r--accel-pppd/extra/ippool.c10
-rw-r--r--accel-pppd/ipdb.c37
-rw-r--r--accel-pppd/ipdb.h22
-rw-r--r--accel-pppd/ppp/ccp_mppe.c1
-rw-r--r--accel-pppd/ppp/ipcp_opt_ipaddr.c6
-rw-r--r--accel-pppd/ppp/ppp.c1
-rw-r--r--accel-pppd/ppp/ppp.h5
-rw-r--r--accel-pppd/ppp/ppp_ccp.c1
-rw-r--r--accel-pppd/radius/radius.c25
-rw-r--r--accel-pppd/radius/radius_p.h3
-rw-r--r--rfc/rfc3162.txt675
-rw-r--r--rfc/rfc5072.txt899
14 files changed, 1660 insertions, 33 deletions
diff --git a/accel-pppd/CMakeLists.txt b/accel-pppd/CMakeLists.txt
index 39d57944..45a070fe 100644
--- a/accel-pppd/CMakeLists.txt
+++ b/accel-pppd/CMakeLists.txt
@@ -65,6 +65,8 @@ ADD_EXECUTABLE(accel-pppd
ppp/ppp_ipcp.c
ppp/ipcp_opt_ipaddr.c
ppp/ipcp_opt_dns.c
+ ppp/ipv6cp_opt_intfid.c
+ ppp/ppp_ipv6cp.c
ppp/ppp_ccp.c
ppp/ccp_mppe.c
diff --git a/accel-pppd/extra/chap-secrets.c b/accel-pppd/extra/chap-secrets.c
index 20565b97..61cd2a91 100644
--- a/accel-pppd/extra/chap-secrets.c
+++ b/accel-pppd/extra/chap-secrets.c
@@ -24,7 +24,7 @@ static struct ipdb_t ipdb;
struct cs_pd_t
{
struct ppp_pd_t pd;
- struct ipdb_item_t ip;
+ struct ipv4db_item_t ip;
char *passwd;
char *rate;
};
@@ -212,7 +212,7 @@ static void ev_ppp_pre_up(struct ppp_t *ppp)
}
}
-static struct ipdb_item_t *get_ip(struct ppp_t *ppp)
+static struct ipv4db_item_t *get_ip(struct ppp_t *ppp)
{
struct cs_pd_t *pd;
@@ -244,7 +244,7 @@ static char* get_passwd(struct pwdb_t *pwdb, struct ppp_t *ppp, const char *user
}
static struct ipdb_t ipdb = {
- .get = get_ip,
+ .get_ipv4 = get_ip,
};
static struct pwdb_t pwdb = {
diff --git a/accel-pppd/extra/ippool.c b/accel-pppd/extra/ippool.c
index 6f07e5f8..d49f0f44 100644
--- a/accel-pppd/extra/ippool.c
+++ b/accel-pppd/extra/ippool.c
@@ -14,7 +14,7 @@
struct ippool_item_t
{
struct list_head entry;
- struct ipdb_item_t it;
+ struct ipv4db_item_t it;
};
struct ipaddr_t
@@ -153,7 +153,7 @@ static void generate_pool(void)
}
}
-static struct ipdb_item_t *get_ip(struct ppp_t *ppp)
+static struct ipv4db_item_t *get_ip(struct ppp_t *ppp)
{
struct ippool_item_t *it;
@@ -168,7 +168,7 @@ static struct ipdb_item_t *get_ip(struct ppp_t *ppp)
return it ? &it->it : NULL;
}
-static void put_ip(struct ppp_t *ppp, struct ipdb_item_t *it)
+static void put_ip(struct ppp_t *ppp, struct ipv4db_item_t *it)
{
struct ippool_item_t *pit = container_of(it, typeof(*pit), it);
@@ -178,8 +178,8 @@ static void put_ip(struct ppp_t *ppp, struct ipdb_item_t *it)
}
static struct ipdb_t ipdb = {
- .get = get_ip,
- .put = put_ip,
+ .get_ipv4 = get_ip,
+ .put_ipv4 = put_ip,
};
static void ippool_init(void)
diff --git a/accel-pppd/ipdb.c b/accel-pppd/ipdb.c
index a08d3be2..8054e6bf 100644
--- a/accel-pppd/ipdb.c
+++ b/accel-pppd/ipdb.c
@@ -5,13 +5,15 @@
static LIST_HEAD(ipdb_handlers);
-__export struct ipdb_item_t *ipdb_get(struct ppp_t *ppp)
+struct ipv4db_item_t __export *ipdb_get_ipv4(struct ppp_t *ppp)
{
struct ipdb_t *ipdb;
- struct ipdb_item_t *it;
+ struct ipv4db_item_t *it;
list_for_each_entry(ipdb, &ipdb_handlers, entry) {
- it = ipdb->get(ppp);
+ if (!ipdb->get_ipv4)
+ continue;
+ it = ipdb->get_ipv4(ppp);
if (it)
return it;
}
@@ -19,12 +21,35 @@ __export struct ipdb_item_t *ipdb_get(struct ppp_t *ppp)
return NULL;
}
-void __export ipdb_put(struct ppp_t *ppp, struct ipdb_item_t *it)
+void __export ipdb_put_ipv4(struct ppp_t *ppp, struct ipv4db_item_t *it)
{
- if (it->owner->put)
- it->owner->put(ppp, it);
+ if (it->owner->put_ipv4)
+ it->owner->put_ipv4(ppp, it);
}
+struct ipv6db_item_t __export *ipdb_get_ipv6(struct ppp_t *ppp)
+{
+ struct ipdb_t *ipdb;
+ struct ipv6db_item_t *it;
+
+ list_for_each_entry(ipdb, &ipdb_handlers, entry) {
+ if (!ipdb->get_ipv6)
+ continue;
+ it = ipdb->get_ipv6(ppp);
+ if (it)
+ return it;
+ }
+
+ return NULL;
+}
+
+void __export ipdb_put_ipv6(struct ppp_t *ppp, struct ipv6db_item_t *it)
+{
+ if (it->owner->put_ipv4)
+ it->owner->put_ipv6(ppp, it);
+}
+
+
void __export ipdb_register(struct ipdb_t *ipdb)
{
list_add_tail(&ipdb->entry, &ipdb_handlers);
diff --git a/accel-pppd/ipdb.h b/accel-pppd/ipdb.h
index ebf38853..35394205 100644
--- a/accel-pppd/ipdb.h
+++ b/accel-pppd/ipdb.h
@@ -6,22 +6,34 @@
#include "ppp.h"
#include "list.h"
-struct ipdb_item_t
+struct ipv4db_item_t
{
struct ipdb_t *owner;
in_addr_t addr;
in_addr_t peer_addr;
};
+struct ipv6db_item_t
+{
+ struct ipdb_t *owner;
+ struct in6_addr addr;
+ struct in6_addr peer_addr;
+};
+
+
struct ipdb_t
{
struct list_head entry;
- struct ipdb_item_t *(*get)(struct ppp_t *ppp);
- void (*put)(struct ppp_t *ppp, struct ipdb_item_t *);
+ struct ipv4db_item_t *(*get_ipv4)(struct ppp_t *ppp);
+ void (*put_ipv4)(struct ppp_t *ppp, struct ipv4db_item_t *);
+ struct ipv6db_item_t *(*get_ipv6)(struct ppp_t *ppp);
+ void (*put_ipv6)(struct ppp_t *ppp, struct ipv6db_item_t *);
};
-struct ipdb_item_t *ipdb_get(struct ppp_t *ppp);
-void ipdb_put(struct ppp_t *ppp, struct ipdb_item_t *);
+struct ipv4db_item_t *ipdb_get_ipv4(struct ppp_t *ppp);
+void ipdb_put_ipv4(struct ppp_t *ppp, struct ipv4db_item_t *);
+struct ipv6db_item_t *ipdb_get_ipv6(struct ppp_t *ppp);
+void ipdb_put_ipv6(struct ppp_t *ppp, struct ipv6db_item_t *);
void ipdb_register(struct ipdb_t *);
diff --git a/accel-pppd/ppp/ccp_mppe.c b/accel-pppd/ppp/ccp_mppe.c
index ba86ef47..7d9aab21 100644
--- a/accel-pppd/ppp/ccp_mppe.c
+++ b/accel-pppd/ppp/ccp_mppe.c
@@ -1,6 +1,7 @@
#include <stdlib.h>
#include <string.h>
#include <errno.h>
+#include <arpa/inet.h>
#include <sys/socket.h>
#include <sys/ioctl.h>
#include "linux_ppp.h"
diff --git a/accel-pppd/ppp/ipcp_opt_ipaddr.c b/accel-pppd/ppp/ipcp_opt_ipaddr.c
index d584fd7f..217a0806 100644
--- a/accel-pppd/ppp/ipcp_opt_ipaddr.c
+++ b/accel-pppd/ppp/ipcp_opt_ipaddr.c
@@ -30,7 +30,7 @@ static void ipaddr_print(void (*print)(const char *fmt,...),struct ipcp_option_t
struct ipaddr_option_t
{
struct ipcp_option_t opt;
- struct ipdb_item_t *ip;
+ struct ipv4db_item_t *ip;
int started:1;
};
@@ -59,7 +59,7 @@ static void ipaddr_free(struct ppp_ipcp_t *ipcp, struct ipcp_option_t *opt)
struct ipaddr_option_t *ipaddr_opt=container_of(opt,typeof(*ipaddr_opt),opt);
if (ipaddr_opt->ip)
- ipdb_put(ipcp->ppp, ipaddr_opt->ip);
+ ipdb_put_ipv4(ipcp->ppp, ipaddr_opt->ip);
_free(ipaddr_opt);
}
@@ -88,7 +88,7 @@ static int ipaddr_send_conf_req(struct ppp_ipcp_t *ipcp, struct ipcp_option_t *o
struct ipcp_opt32_t *opt32=(struct ipcp_opt32_t*)ptr;
if (!ipaddr_opt->ip) {
- ipaddr_opt->ip = ipdb_get(ipcp->ppp);
+ ipaddr_opt->ip = ipdb_get_ipv4(ipcp->ppp);
if (!ipaddr_opt->ip) {
log_ppp_warn("ppp:ipcp: no free IP address\n");
return -1;
diff --git a/accel-pppd/ppp/ppp.c b/accel-pppd/ppp/ppp.c
index 5c529489..b541ba50 100644
--- a/accel-pppd/ppp/ppp.c
+++ b/accel-pppd/ppp/ppp.c
@@ -494,6 +494,7 @@ static int get_layer_order(const char *name)
if (!strcmp(name,"auth")) return 1;
if (!strcmp(name,"ccp")) return 2;
if (!strcmp(name,"ipcp")) return 2;
+ if (!strcmp(name,"ipv6cp")) return 2;
return -1;
}
diff --git a/accel-pppd/ppp/ppp.h b/accel-pppd/ppp/ppp.h
index c0ebe834..ae2a7c99 100644
--- a/accel-pppd/ppp/ppp.h
+++ b/accel-pppd/ppp/ppp.h
@@ -3,7 +3,6 @@
#include <sys/types.h>
#include <time.h>
-#include <netinet/in.h>
#include <pthread.h>
#include "triton.h"
@@ -99,8 +98,8 @@ struct ppp_t
time_t start_time;
time_t stop_time;
char *username;
- in_addr_t ipaddr;
- in_addr_t peer_ipaddr;
+ uint32_t ipaddr;
+ uint32_t peer_ipaddr;
struct ppp_ctrl_t *ctrl;
diff --git a/accel-pppd/ppp/ppp_ccp.c b/accel-pppd/ppp/ppp_ccp.c
index c277f9f9..79b0c32d 100644
--- a/accel-pppd/ppp/ppp_ccp.c
+++ b/accel-pppd/ppp/ppp_ccp.c
@@ -1,6 +1,7 @@
#include <stdlib.h>
#include <string.h>
#include <errno.h>
+#include <arpa/inet.h>
#include <sys/socket.h>
#include <sys/ioctl.h>
#include "linux_ppp.h"
diff --git a/accel-pppd/radius/radius.c b/accel-pppd/radius/radius.c
index 0fc42cd1..5f507cb4 100644
--- a/accel-pppd/radius/radius.c
+++ b/accel-pppd/radius/radius.c
@@ -90,9 +90,9 @@ int rad_proc_attrs(struct rad_req_t *req)
if (!conf_gw_ip_address)
log_ppp_warn("radius: gw-ip-address not specified, cann't assign IP address...\n");
else {
- req->rpd->ipaddr.owner = &ipdb;
- req->rpd->ipaddr.peer_addr = attr->val.ipaddr;
- req->rpd->ipaddr.addr = conf_gw_ip_address;
+ req->rpd->ipv4_addr.owner = &ipdb;
+ req->rpd->ipv4_addr.peer_addr = attr->val.ipaddr;
+ req->rpd->ipv4_addr.addr = conf_gw_ip_address;
}
break;
case Acct_Interim_Interval:
@@ -163,15 +163,25 @@ static int check(struct pwdb_t *pwdb, struct ppp_t *ppp, const char *username, i
return r;
}
-static struct ipdb_item_t *get_ip(struct ppp_t *ppp)
+static struct ipv4db_item_t *get_ipv4(struct ppp_t *ppp)
{
struct radius_pd_t *rpd = find_pd(ppp);
- if (rpd->ipaddr.peer_addr)
- return &rpd->ipaddr;
+ if (rpd->ipv4_addr.peer_addr)
+ return &rpd->ipv4_addr;
return NULL;
}
+static struct ipv6db_item_t *get_ipv6(struct ppp_t *ppp)
+{
+ struct radius_pd_t *rpd = find_pd(ppp);
+
+ if (memcmp(&rpd->ipv6_addr.peer_addr, &in6addr_any, sizeof(in6addr_any)))
+ return &rpd->ipv6_addr;
+ return NULL;
+}
+
+
static void session_timeout(struct triton_timer_t *t)
{
struct radius_pd_t *rpd = container_of(t, typeof(*rpd), session_timeout);
@@ -402,7 +412,8 @@ void __export rad_register_plugin(struct ppp_t *ppp, struct rad_plugin_t *plugin
}
static struct ipdb_t ipdb = {
- .get = get_ip,
+ .get_ipv4 = get_ipv4,
+ .get_ipv6 = get_ipv6,
};
static struct pwdb_t pwdb = {
diff --git a/accel-pppd/radius/radius_p.h b/accel-pppd/radius/radius_p.h
index 8c3a10d5..578c7770 100644
--- a/accel-pppd/radius/radius_p.h
+++ b/accel-pppd/radius/radius_p.h
@@ -33,7 +33,8 @@ struct radius_pd_t
struct rad_packet_t *dm_coa_req;
struct sockaddr_in dm_coa_addr;
- struct ipdb_item_t ipaddr;
+ struct ipv4db_item_t ipv4_addr;
+ struct ipv6db_item_t ipv6_addr;
int acct_interim_interval;
time_t acct_timestamp;
diff --git a/rfc/rfc3162.txt b/rfc/rfc3162.txt
new file mode 100644
index 00000000..a62642f3
--- /dev/null
+++ b/rfc/rfc3162.txt
@@ -0,0 +1,675 @@
+
+
+
+
+
+
+Network Working Group B. Aboba
+Request for Comments: 3162 Microsoft
+Category: Standards Track G. Zorn
+ Cisco Systems
+ D. Mitton
+ Circular Logic UnLtd.
+ August 2001
+
+
+ RADIUS and IPv6
+
+Status of this Memo
+
+ This document specifies an Internet standards track protocol for the
+ Internet community, and requests discussion and suggestions for
+ improvements. Please refer to the current edition of the "Internet
+ Official Protocol Standards" (STD 1) for the standardization state
+ and status of this protocol. Distribution of this memo is unlimited.
+
+Copyright Notice
+
+ Copyright (C) The Internet Society (2001). All Rights Reserved.
+
+Abstract
+
+ This document specifies the operation of RADIUS (Remote
+ Authentication Dial In User Service) when run over IPv6 as well as
+ the RADIUS attributes used to support IPv6 network access.
+
+1. Introduction
+
+ This document specifies the operation of RADIUS [4]-[8] over IPv6
+ [13] as well as the RADIUS attributes used to support IPv6 network
+ access.
+
+ Note that a NAS sending a RADIUS Access-Request may not know a-priori
+ whether the host will be using IPv4, IPv6, or both. For example,
+ within PPP, IPv6CP [11] occurs after LCP, so that address assignment
+ will not occur until after RADIUS authentication and authorization
+ has completed.
+
+ Therefore it is presumed that the IPv6 attributes described in this
+ document MAY be sent along with IPv4-related attributes within the
+ same RADIUS message and that the NAS will decide which attributes to
+ use. The NAS SHOULD only allocate addresses and prefixes that the
+ client can actually use, however. For example, there is no need for
+
+
+
+
+
+Aboba, et al. Standards Track [Page 1]
+
+RFC 3162 RADIUS and IPv6 August 2001
+
+
+ the NAS to reserve use of an IPv4 address for a host that only
+ supports IPv6; similarly, a host only using IPv4 or 6to4 [12] does
+ not require allocation of an IPv6 prefix.
+
+ The NAS can provide IPv6 access natively, or alternatively, via other
+ methods such as IPv6 within IPv4 tunnels [15] or 6over4 [14]. The
+ choice of method for providing IPv6 access has no effect on RADIUS
+ usage per se, although if it is desired that an IPv6 within IPv4
+ tunnel be opened to a particular location, then tunnel attributes
+ should be utilized, as described in [6], [7].
+
+1.1. Requirements language
+
+ In this document, the key words "MAY", "MUST, "MUST NOT", "optional",
+ "recommended", "SHOULD", and "SHOULD NOT", are to be interpreted as
+ described in [1].
+
+2. Attributes
+
+2.1. NAS-IPv6-Address
+
+ Description
+
+ This Attribute indicates the identifying IPv6 Address of the NAS
+ which is requesting authentication of the user, and SHOULD be
+ unique to the NAS within the scope of the RADIUS server. NAS-
+ IPv6-Address is only used in Access-Request packets. NAS-IPv6-
+ Address and/or NAS-IP-Address MAY be present in an Access-Request
+ packet; however, if neither attribute is present then NAS-
+ Identifier MUST be present.
+
+ A summary of the NAS-IPv6-Address Attribute format is shown below.
+ The fields are transmitted from left to right.
+
+ 0 1 2 3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Type | Length | Address
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ Address
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ Address
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ Address
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ Address |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+
+
+
+Aboba, et al. Standards Track [Page 2]
+
+RFC 3162 RADIUS and IPv6 August 2001
+
+
+ Type
+
+ 95 for NAS-IPv6-Address
+
+ Length
+
+ 18
+
+ Address
+
+ The Address field is 16 octets.
+
+3.2. Framed-Interface-Id
+
+ Description
+
+ This Attribute indicates the IPv6 interface identifier to be
+ configured for the user. It MAY be used in Access-Accept packets.
+ If the Interface-Identifier IPv6CP option [11] has been
+ successfully negotiated, this Attribute MUST be included in an
+ Access-Request packet as a hint by the NAS to the server that it
+ would prefer that value. It is recommended, but not required,
+ that the server honor the hint.
+
+ A summary of the Framed-Interface-Id Attribute format is shown below.
+ The fields are transmitted from left to right.
+
+ 0 1 2 3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Type | Length | Interface-Id
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ Interface-Id
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ Interface-Id |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+ Type
+
+ 96 for Framed-Interface-Id
+
+ Length
+
+ 10
+
+ Interface-Id
+
+ The Interface-Id field is 8 octets.
+
+
+
+Aboba, et al. Standards Track [Page 3]
+
+RFC 3162 RADIUS and IPv6 August 2001
+
+
+2.3. Framed-IPv6-Prefix
+
+ Description
+
+ This Attribute indicates an IPv6 prefix (and corresponding route)
+ to be configured for the user. It MAY be used in Access-Accept
+ packets, and can appear multiple times. It MAY be used in an
+ Access-Request packet as a hint by the NAS to the server that it
+ would prefer these prefix(es), but the server is not required to
+ honor the hint. Since it is assumed that the NAS will plumb a
+ route corresponding to the prefix, it is not necessary for the
+ server to also send a Framed-IPv6-Route attribute for the same
+ prefix.
+
+ A summary of the Framed-IPv6-Prefix Attribute format is shown below.
+ The fields are transmitted from left to right.
+
+ 0 1 2 3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Type | Length | Reserved | Prefix-Length |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ Prefix
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ Prefix
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ Prefix
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ Prefix |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+ Type
+
+ 97 for Framed-IPv6-Prefix
+
+ Length
+
+ At least 4 and no larger than 20.
+
+ Reserved
+
+ This field, which is reserved and MUST be present, is always set
+ to zero.
+
+ Prefix-Length
+
+ The length of the prefix, in bits. At least 0 and no larger than
+ 128.
+
+
+
+Aboba, et al. Standards Track [Page 4]
+
+RFC 3162 RADIUS and IPv6 August 2001
+
+
+ Prefix
+
+ The Prefix field is up to 16 octets in length. Bits outside of
+ the Prefix-Length, if included, must be zero.
+
+2.4. Login-IPv6-Host
+
+ Description
+
+ This Attribute indicates the system with which to connect the
+ user, when the Login-Service Attribute is included. It MAY be
+ used in Access-Accept packets. It MAY be used in an Access-
+ Request packet as a hint to the server that the NAS would prefer
+ to use that host, but the server is not required to honor the
+ hint.
+
+ A summary of the Login-IPv6-Host Attribute format is shown below.
+ The fields are transmitted from left to right.
+
+ 0 1 2 3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Type | Length | Address
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ Address
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ Address
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ Address
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ Address |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+ Type
+
+ 98 for Login-IPv6-Host
+
+ Length
+
+ 18
+
+
+
+
+
+
+
+
+
+
+
+Aboba, et al. Standards Track [Page 5]
+
+RFC 3162 RADIUS and IPv6 August 2001
+
+
+ Address
+
+ The Address field is 16 octets in length. The value
+ 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF indicates that the NAS SHOULD
+ allow the user to select an address or name to be connected to.
+ The value 0 indicates that the NAS SHOULD select a host to connect
+ the user to. Other values indicate the address the NAS SHOULD
+ connect the user to.
+
+2.5. Framed-IPv6-Route
+
+ Description
+
+ This Attribute provides routing information to be configured for
+ the user on the NAS. It is used in the Access-Accept packet and
+ can appear multiple times.
+
+ A summary of the Framed-IPv6-Route Attribute format is shown below.
+ The fields are transmitted from left to right.
+
+ 0 1 2
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
+ | Type | Length | Text ...
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
+
+ Type
+
+ 99 for Framed-IPv6-Route
+
+ Length
+
+ >=3
+
+ Text
+
+ The Text field is one or more octets, and its contents are
+ implementation dependent. The field is not NUL (hex 00)
+ terminated. It is intended to be human readable and MUST NOT
+ affect operation of the protocol.
+
+ For IPv6 routes, it SHOULD contain a destination prefix optionally
+ followed by a slash and a decimal length specifier stating how
+ many high order bits of the prefix to use. That is followed by a
+ space, a gateway address, a space, and one or more metrics
+ (encoded in decimal) separated by spaces. Prefixes and addresses
+ are formatted as described in [16]. For example,
+ "2000:0:0:106::/64 2000::106:a00:20ff:fe99:a998 1".
+
+
+
+Aboba, et al. Standards Track [Page 6]
+
+RFC 3162 RADIUS and IPv6 August 2001
+
+
+ Whenever the gateway address is the IPv6 unspecified address the
+ IP address of the user SHOULD be used as the gateway address. The
+ unspecified address can be expressed in any of the acceptable
+ formats described in [16]. For example, "2000:0:0:106::/64 :: 1".
+
+2.6. Framed-IPv6-Pool
+
+ Description
+
+ This Attribute contains the name of an assigned pool that SHOULD
+ be used to assign an IPv6 prefix for the user. If a NAS does not
+ support multiple prefix pools, the NAS MUST ignore this Attribute.
+
+ A summary of the Framed-IPv6-Pool Attribute format is shown below.
+ The fields are transmitted from left to right.
+
+ 0 1 2
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Type | Length | String...
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+ Type
+
+ 100 for Framed-IPv6-Pool
+
+ Length
+
+ >= 3
+
+ String
+
+ The string field contains the name of an assigned IPv6 prefix pool
+ configured on the NAS. The field is not NUL (hex 00) terminated.
+
+3. Table of Attributes
+
+ The following table provides a guide to which attributes may be found
+ in which kinds of packets, and in what quantity.
+
+ Request Accept Reject Challenge Accounting # Attribute
+ Request
+ 0-1 0 0 0 0-1 95 NAS-IPv6-Address
+ 0-1 0-1 0 0 0-1 96 Framed-Interface-Id
+ 0+ 0+ 0 0 0+ 97 Framed-IPv6-Prefix
+ 0+ 0+ 0 0 0+ 98 Login-IPv6-Host
+ 0 0+ 0 0 0+ 99 Framed-IPv6-Route
+ 0 0-1 0 0 0-1 100 Framed-IPv6-Pool
+
+
+
+Aboba, et al. Standards Track [Page 7]
+
+RFC 3162 RADIUS and IPv6 August 2001
+
+
+4. References
+
+ [1] Bradner, S., "Key words for use in RFCs to Indicate Requirement
+ Levels", BCP 14, RFC 2119, March, 1997.
+
+ [2] Yergeau, F., "UTF-8, a transformation format of Unicode and ISO
+ 10646", RFC 2044, October 1996.
+
+ [3] Aboba, B. and J. Vollbrecht, "Proxy Chaining and Policy
+ Implementation in Roaming", RFC 2607, June 1999.
+
+ [4] Rigney, C., Rubens, A., Simpson, W. and S. Willens, "Remote
+ Authentication Dial In User Service (RADIUS)", RFC 2865, June
+ 2000.
+
+ [5] Rigney, C., "RADIUS Accounting", RFC 2866, June 2000.
+
+ [6] Zorn, G., Mitton, D. and B. Aboba, "RADIUS Accounting
+ Modifications for Tunnel Protocol Support", RFC 2867, June
+ 2000.
+
+ [7] Zorn, G., Leifer, D., Rubens, A., Shriver, J., Holdrege, M.
+ and I. Goyret, "RADIUS Attributes for Tunnel Protocol Support",
+ RFC 2868, June 2000.
+
+ [8] Rigney, C., Willats, W. and P. Calhoun, "RADIUS Extensions",
+ RFC 2869, June 2000.
+
+ [9] Kent S. and R. Atkinson, "Security Architecture for the
+ Internet Protocol", RFC 2401, November 1998.
+
+ [10] Alvestrand, H. and T. Narten, "Guidelines for Writing an IANA
+ Considerations Section in RFCs", BCP 26, RFC 2434, October
+ 1998.
+
+ [11] Haskin, D. and E. Allen, "IP Version 6 over PPP", RFC 2472,
+ December 1998.
+
+ [12] Carpenter, B. and K. Moore, "Connection of IPv6 Domains via
+ IPv4 Clouds", RFC 3056, February 2001.
+
+ [13] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6)
+ Specification", RFC 2460, December 1998.
+
+ [14] Carpenter, B. and C. Jung, "Transmission of IPv6 over IPv4
+ Domains without Explicit Tunnels", RFC 2529, March 1999.
+
+
+
+
+
+Aboba, et al. Standards Track [Page 8]
+
+RFC 3162 RADIUS and IPv6 August 2001
+
+
+ [15] Gilligan, R. and E. Nordmark, "Transition Mechanisms for IPv6
+ Hosts and Routers", RFC 2893, August 2000.
+
+ [16] Hinden, R. and S. Deering, "IP Version 6 Addressing
+ Architecture", RFC 2373, July 1998.
+
+5. Security Considerations
+
+ This document describes the use of RADIUS for the purposes of
+ authentication, authorization and accounting in IPv6-enabled
+ networks. In such networks, the RADIUS protocol may run either over
+ IPv4 or over IPv6. Known security vulnerabilities of the RADIUS
+ protocol are described in [3], [4] and [8].
+
+ Since IPSEC [9] is mandatory to implement for IPv6, it is expected
+ that running RADIUS implementations supporting IPv6 will typically
+ run over IPSEC. Where RADIUS is run over IPSEC and where
+ certificates are used for authentication, it may be desirable to
+ avoid management of RADIUS shared secrets, so as to leverage the
+ improved scalability of public key infrastructure.
+
+ Within RADIUS, a shared secret is used for hiding of attributes such
+ as User-Password [4] and Tunnel-Password [7]. In addition, the
+ shared secret is used in computation of the Response Authenticator
+ [4], as well as the Message-Authenticator attribute [8]. Therefore,
+ in RADIUS a shared secret is used to provide confidentiality as well
+ as integrity protection and authentication. As a result, only use of
+ IPSEC ESP with a non-null transform can provide security services
+ sufficient to substitute for RADIUS application-layer security.
+ Therefore, where IPSEC AH or ESP null is used, it will typically
+ still be necessary to configure a RADIUS shared secret.
+
+ However, where RADIUS is run over IPSEC ESP with a non-null
+ transform, the secret shared between the NAS and the RADIUS server
+ MAY NOT be configured. In this case, a shared secret of zero length
+ MUST be assumed.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Aboba, et al. Standards Track [Page 9]
+
+RFC 3162 RADIUS and IPv6 August 2001
+
+
+6. IANA Considerations
+
+ This document requires the assignment of six new RADIUS attribute
+ numbers for the following attributes:
+
+ NAS-IPv6-Address
+ Framed-Interface-Id
+ Framed-IPv6-Prefix
+ Login-IPv6-Host
+ Framed-IPv6-Route
+ Framed-IPv6-Pool
+
+ See section 3 for the registered list of numbers.
+
+7. Acknowledgments
+
+ The authors would like to acknowledge Jun-ichiro itojun Hagino of IIJ
+ Research Laboratory, Darran Potter of Cisco and Carl Rigney of Lucent
+ for contributions to this document.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Aboba, et al. Standards Track [Page 10]
+
+RFC 3162 RADIUS and IPv6 August 2001
+
+
+8. Authors' Addresses
+
+ Bernard Aboba
+ Microsoft Corporation
+ One Microsoft Way
+ Redmond, WA 98052
+
+ Phone: +1 425 936 6605
+ Fax: +1 425 936 7329
+ EMail: bernarda@microsoft.com
+
+
+ Glen Zorn
+ Cisco Systems, Inc.
+ 500 108th Avenue N.E., Suite 500
+ Bellevue, WA 98004
+
+ Phone: +1 425 471 4861
+ EMail: gwz@cisco.com
+
+
+ Dave Mitton
+ Circular Logic UnLtd.
+ 733 Turnpike Street #154
+ North Andover, MA 01845
+
+ Phone: 978 683-1814
+ Email: david@mitton.com
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Aboba, et al. Standards Track [Page 11]
+
+RFC 3162 RADIUS and IPv6 August 2001
+
+
+Full Copyright Statement
+
+ Copyright (C) The Internet Society (2001). All Rights Reserved.
+
+ This document and translations of it may be copied and furnished to
+ others, and derivative works that comment on or otherwise explain it
+ or assist in its implementation may be prepared, copied, published
+ and distributed, in whole or in part, without restriction of any
+ kind, provided that the above copyright notice and this paragraph are
+ included on all such copies and derivative works. However, this
+ document itself may not be modified in any way, such as by removing
+ the copyright notice or references to the Internet Society or other
+ Internet organizations, except as needed for the purpose of
+ developing Internet standards in which case the procedures for
+ copyrights defined in the Internet Standards process must be
+ followed, or as required to translate it into languages other than
+ English.
+
+ The limited permissions granted above are perpetual and will not be
+ revoked by the Internet Society or its successors or assigns.
+
+ This document and the information contained herein is provided on an
+ "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+ TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+ BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
+ HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+ MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+Acknowledgement
+
+ Funding for the RFC Editor function is currently provided by the
+ Internet Society.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Aboba, et al. Standards Track [Page 12]
+
diff --git a/rfc/rfc5072.txt b/rfc/rfc5072.txt
new file mode 100644
index 00000000..c3846295
--- /dev/null
+++ b/rfc/rfc5072.txt
@@ -0,0 +1,899 @@
+
+
+
+
+
+
+Network Working Group S. Varada, Ed.
+Request for Comments: 5072 Transwitch
+Obsoletes: 2472 D. Haskins
+Category: Standards Track E. Allen
+ September 2007
+
+
+ IP Version 6 over PPP
+
+Status of This Memo
+
+ This document specifies an Internet standards track protocol for the
+ Internet community, and requests discussion and suggestions for
+ improvements. Please refer to the current edition of the "Internet
+ Official Protocol Standards" (STD 1) for the standardization state
+ and status of this protocol. Distribution of this memo is unlimited.
+
+Abstract
+
+ The Point-to-Point Protocol (PPP) provides a standard method of
+ encapsulating network-layer protocol information over point-to-point
+ links. PPP also defines an extensible Link Control Protocol, and
+ proposes a family of Network Control Protocols (NCPs) for
+ establishing and configuring different network-layer protocols.
+
+ This document defines the method for sending IPv6 packets over PPP
+ links, the NCP for establishing and configuring the IPv6 over PPP,
+ and the method for forming IPv6 link-local addresses on PPP links.
+
+ It also specifies the conditions for performing Duplicate Address
+ Detection on IPv6 global unicast addresses configured for PPP links
+ either through stateful or stateless address autoconfiguration.
+
+ This document obsoletes RFC 2472.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Varada, et al. Standards Track [Page 1]
+
+RFC 5072 IP Version 6 over PPP September 2007
+
+
+Table of Contents
+
+ 1. Introduction ....................................................2
+ 1.1. Specification of Requirements ..............................3
+ 2. Sending IPv6 Datagrams ..........................................3
+ 3. A PPP Network Control Protocol for IPv6 .........................3
+ 4. IPV6CP Configuration Options ....................................4
+ 4.1. Interface Identifier .......................................4
+ 5. Stateless Autoconfiguration and Link-Local Addresses ............9
+ 6. Security Considerations ........................................11
+ 7. IANA Considerations ............................................11
+ 8. Acknowledgments ................................................11
+ 9. References .....................................................12
+ 9.1. Normative References ......................................12
+ 9.2. Informative references ....................................12
+ Appendix A: Global Scope Addresses................................14
+ Appendix B: Changes from RFC-2472.................................14
+
+1. Introduction
+
+ PPP has three main components:
+
+ 1) A method for encapsulating datagrams over serial links.
+
+ 2) A Link Control Protocol (LCP) for establishing, configuring, and
+ testing the data-link connection.
+
+ 3) A family of Network Control Protocols (NCPs) for establishing and
+ configuring different network-layer protocols.
+
+ In order to establish communications over a point-to-point link, each
+ end of the PPP link must first send LCP packets to configure and test
+ the data link. After the link has been established and optional
+ facilities have been negotiated as needed by the LCP, PPP must send
+ NCP packets to choose and configure one or more network-layer
+ protocols. Once each of the chosen network-layer protocols has been
+ configured, datagrams from each network-layer protocol can be sent
+ over the link.
+
+ In this document, the NCP for establishing and configuring the IPv6
+ over PPP is referred to as the IPv6 Control Protocol (IPV6CP).
+
+ The link will remain configured for communications until explicit LCP
+ or NCP packets close the link down, or until some external event
+ occurs (power failure at the other end, carrier drop, etc.).
+
+ This document obsoletes the earlier specification from RFC 2472 [7].
+ Changes from RFC 2472 are listed in Appendix B.
+
+
+
+Varada, et al. Standards Track [Page 2]
+
+RFC 5072 IP Version 6 over PPP September 2007
+
+
+1.1. Specification of Requirements
+
+ In this document, several words are used to signify the requirements
+ of the specification.
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in [6].
+
+2. Sending IPv6 Datagrams
+
+ Before any IPv6 packets may be communicated, PPP MUST reach the
+ network-layer protocol phase, and the IPv6 Control Protocol MUST
+ reach the Opened state.
+
+ Exactly one IPv6 packet is encapsulated in the Information field of
+ PPP Data Link Layer frames where the Protocol field indicates Type
+ hex 0057 (Internet Protocol Version 6).
+
+ The maximum length of an IPv6 packet transmitted over a PPP link is
+ the same as the maximum length of the Information field of a PPP data
+ link layer frame. PPP links supporting IPv6 MUST allow the
+ information field to be at least as large as the minimum link MTU
+ size required for IPv6 [2].
+
+3. A PPP Network Control Protocol for IPv6
+
+ The IPv6 Control Protocol (IPV6CP) is responsible for configuring,
+ enabling, and disabling the IPv6 protocol modules on both ends of the
+ point-to-point link. IPV6CP uses the same packet exchange mechanism
+ as the LCP. IPV6CP packets may not be exchanged until PPP has
+ reached the network-layer protocol phase. IPV6CP packets that are
+ received before this phase is reached should be silently discarded.
+
+ The IPv6 Control Protocol is exactly the same as the LCP [1] with the
+ following exceptions:
+
+ Data Link Layer Protocol Field
+
+ Exactly one IPV6CP packet is encapsulated in the Information
+ field of PPP Data Link Layer frames where the Protocol field
+ indicates type hex 8057 (IPv6 Control Protocol).
+
+
+
+
+
+
+
+
+
+Varada, et al. Standards Track [Page 3]
+
+RFC 5072 IP Version 6 over PPP September 2007
+
+
+ Code field
+
+ Only Codes 1 through 7 (Configure-Request, Configure-Ack,
+ Configure-Nak, Configure-Reject, Terminate-Request, Terminate-
+ Ack and Code-Reject) are used. Other Codes should be treated
+ as unrecognized and should result in Code-Rejects.
+
+ Timeouts
+
+ IPV6CP packets may not be exchanged until PPP has reached the
+ network-layer protocol phase. An implementation should be
+ prepared to wait for Authentication and Link Quality
+ Determination to finish before timing out waiting for a
+ Configure-Ack or other response. It is suggested that an
+ implementation give up only after user intervention or a
+ configurable amount of time.
+
+ Configuration Option Types
+
+ IPV6CP has a distinct set of Configuration Options.
+
+4. IPV6CP Configuration Options
+
+ IPV6CP Configuration Options allow negotiation of desirable IPv6
+ parameters. IPV6CP uses the same Configuration Option format defined
+ for LCP [1] but with a separate set of Options. If a Configuration
+ Option is not included in a Configure-Request packet, the default
+ value for that Configuration Option is assumed.
+
+ Up-to-date values of the IPV6CP Option Type field are specified in
+ the online database of "Assigned Numbers" maintained at IANA [9].
+ The current value assignment is as follows:
+
+ 1 Interface-Identifier
+
+ The only IPV6CP option defined in this document is the interface
+ identifier. Any other IPV6CP configuration options that can be
+ defined over time are to be defined in separate documents.
+
+4.1. Interface Identifier
+
+ Description
+
+ This Configuration Option provides a way to negotiate a unique, 64-
+ bit interface identifier to be used for the address autoconfiguration
+ [3] at the local end of the link (see Section 5). A Configure-
+ Request MUST contain exactly one instance of the interface-identifier
+ option [1]. The interface identifier MUST be unique within the PPP
+
+
+
+Varada, et al. Standards Track [Page 4]
+
+RFC 5072 IP Version 6 over PPP September 2007
+
+
+ link; i.e., upon completion of the negotiation, different interface-
+ identifier values are to be selected for the ends of the PPP link.
+ The interface identifier may also be unique over a broader scope.
+
+ Before this Configuration Option is requested, an implementation
+ chooses its tentative interface identifier. The non-zero value of
+ the tentative interface identifier SHOULD be chosen such that the
+ value is unique to the link and, preferably, consistently
+ reproducible across initializations of the IPV6CP finite state
+ machine (administrative Close and reOpen, reboots, etc.). The
+ rationale for preferring a consistently reproducible unique interface
+ identifier to a completely random interface identifier is to provide
+ stability to global scope addresses (see Appendix A) that can be
+ formed from the interface identifier.
+
+ Assuming that interface identifier bits are numbered from 0 to 63 in
+ canonical bit order, where the most significant bit is the bit number
+ 0, the bit number 6 is the "u" bit (universal/local bit in IEEE
+ EUI-64 [4] terminology), which indicates whether or not the interface
+ identifier is based on a globally unique IEEE identifier (EUI-48 or
+ EUI-64 [4])(see case 1 below). It is set to one (1) if a globally
+ unique IEEE identifier is used to derive the interface identifier,
+ and it is set to zero (0) otherwise.
+
+ The following are methods for choosing the tentative interface
+ identifier in the preference order:
+
+ 1) If an IEEE global identifier (EUI-48 or EUI-64) is available
+ anywhere on the node, it should be used to construct the tentative
+ interface identifier due to its uniqueness properties. When
+ extracting an IEEE global identifier from another device on the
+ node, care should be taken that the extracted identifier is
+ presented in canonical ordering [14].
+
+ The only transformation from an EUI-64 identifier is to invert the
+ "u" bit (universal/local bit in IEEE EUI-64 terminology).
+
+ For example, for a globally unique EUI-64 identifier of the form:
+
+ most-significant least-significant
+ bit bit
+ |0 1|1 3|3 4|4 6|
+ |0 5|6 1|2 7|8 3|
+ +----------------+----------------+----------------+----------------+
+
+ |cccccc0gcccccccc|cccccccceeeeeeee|eeeeeeeeeeeeeeee|eeeeeeeeeeeeeeee|
+ +----------------+----------------+----------------+----------------+
+
+
+
+
+Varada, et al. Standards Track [Page 5]
+
+RFC 5072 IP Version 6 over PPP September 2007
+
+
+ where "c" are the bits of the assigned company_id, "0" is the
+ value of the universal/local bit to indicate global scope, "g" is
+ the group/individual bit, and "e" are the bits of the extension
+ identifier, the IPv6 interface identifier would be of the form:
+
+ most-significant least-significant
+ bit bit
+ |0 1|1 3|3 4|4 6|
+ |0 5|6 1|2 7|8 3|
+ +----------------+----------------+----------------+----------------+
+
+ |cccccc1gcccccccc|cccccccceeeeeeee|eeeeeeeeeeeeeeee|eeeeeeeeeeeeeeee|
+ +----------------+----------------+----------------+----------------+
+
+ The only change is inverting the value of the universal/local bit.
+
+ In the case of a EUI-48 identifier, it is first converted to the
+ EUI-64 format by inserting two bytes, with hexa-decimal values of
+ 0xFF and 0xFE, in the middle of the 48-bit MAC (between the
+ company_id and extension identifier portions of the EUI-48 value).
+ For example, for a globally unique 48-bit EUI-48 identifier of the
+ form:
+
+ most-significant least-significant
+ bit bit
+ |0 1|1 3|3 4|
+ |0 5|6 1|2 7|
+ +----------------+----------------+----------------+
+ |cccccc0gcccccccc|cccccccceeeeeeee|eeeeeeeeeeeeeeee|
+ +----------------+----------------+----------------+
+
+ where "c" are the bits of the assigned company_id, "0" is the
+ value of the universal/local bit to indicate global scope, "g" is
+ the group/individual bit, and "e" are the bits of the extension
+ identifier, the IPv6 interface identifier would be of the form:
+
+ most-significant least-significant
+ bit bit
+ |0 1|1 3|3 4|4 6|
+ |0 5|6 1|2 7|8 3|
+ +----------------+----------------+----------------+----------------+
+
+ |cccccc1gcccccccc|cccccccc11111111|11111110eeeeeeee|eeeeeeeeeeeeeeee|
+ +----------------+----------------+----------------+----------------+
+
+ 2) If an IEEE global identifier is not available, a different source
+ of uniqueness should be used. Suggested sources of uniqueness
+ include link-layer addresses, machine serial numbers, et cetera.
+
+
+
+Varada, et al. Standards Track [Page 6]
+
+RFC 5072 IP Version 6 over PPP September 2007
+
+
+ In this case, the "u" bit of the interface identifier MUST be set
+ to zero (0).
+
+ 3) If a good source of uniqueness cannot be found, it is recommended
+ that a random number be generated. In this case, the "u" bit of
+ the interface identifier MUST be set to zero (0).
+
+ Good sources [1] of uniqueness or randomness are required for the
+ interface identifier negotiation to succeed. If neither a unique
+ number nor a random number can be generated, it is recommended that a
+ zero value be used for the interface identifier transmitted in the
+ Configure-Request. In this case, the PPP peer may provide a valid
+ non-zero interface identifier in its response as described below.
+ Note that if at least one of the PPP peers is able to generate
+ separate non-zero numbers for itself and its peer, the identifier
+ negotiation will succeed.
+
+ When a Configure-Request is received with the Interface-Identifier
+ Configuration Option and the receiving peer implements this option,
+ the received interface identifier is compared with the interface
+ identifier of the last Configure-Request sent to the peer. Depending
+ on the result of the comparison, an implementation MUST respond in
+ one of the following ways:
+
+ If the two interface identifiers are different but the received
+ interface identifier is zero, a Configure-Nak is sent with a non-zero
+ interface-identifier value suggested for use by the remote peer.
+ Such a suggested interface identifier MUST be different from the
+ interface identifier of the last Configure-Request sent to the peer.
+ It is recommended that the value suggested be consistently
+ reproducible across initializations of the IPV6CP finite state
+ machine (administrative Close and reOpen, reboots, etc). The "u"
+ (universal/local) bit of the suggested identifier MUST be set to zero
+ (0) regardless of its source unless the globally unique EUI-48/EUI-64
+ derived identifier is provided for the exclusive use by the remote
+ peer.
+
+ If the two interface identifiers are different and the received
+ interface identifier is not zero, the interface identifier MUST be
+ acknowledged, i.e., a Configure-Ack is sent with the requested
+ interface identifier, meaning that the responding peer agrees with
+ the interface identifier requested.
+
+ If the two interface identifiers are equal and are not zero,
+ Configure-Nak MUST be sent specifying a different non-zero
+ interface-identifier value suggested for use by the remote peer. It
+ is recommended that the value suggested be consistently reproducible
+ across initializations of the IPV6CP finite state machine
+
+
+
+Varada, et al. Standards Track [Page 7]
+
+RFC 5072 IP Version 6 over PPP September 2007
+
+
+ (administrative Close and reOpen, reboots, etc). The "u"
+ (universal/local) bit of the suggested identifier MUST be set to zero
+ (0) regardless of its source unless the globally unique EUI-48/EUI-64
+ derived identifier is provided for the exclusive use by the remote
+ peer.
+
+ If the two interface identifiers are equal to zero, the interface
+ identifier's negotiation MUST be terminated by transmitting the
+ Configure-Reject with the interface-identifier value set to zero. In
+ this case, a unique interface identifier cannot be negotiated.
+
+ If a Configure-Request is received with the Interface-Identifier
+ Configuration Option and the receiving peer does not implement this
+ option, Configure-Reject is sent.
+
+ A new Configure-Request SHOULD NOT be sent to the peer until normal
+ processing would cause it to be sent (that is, until a Configure-Nak
+ is received or the Restart timer runs out [1]).
+
+ A new Configure-Request MUST NOT contain the interface-identifier
+ option if a valid Interface-Identifier Configure-Reject is received.
+
+ Reception of a Configure-Nak with a suggested interface identifier
+ different from that of the last Configure-Nak sent to the peer
+ indicates a unique interface identifier. In this case, a new
+ Configure-Request MUST be sent with the identifier value suggested in
+ the last Configure-Nak from the peer. But if the received interface
+ identifier is equal to the one sent in the last Configure-Nak, a new
+ interface identifier MUST be chosen. In this case, a new Configure-
+ Request SHOULD be sent with the new tentative interface identifier.
+ This sequence (transmit Configure-Request, receive Configure-Request,
+ transmit Configure-Nak, receive Configure-Nak) might occur a few
+ times, but it is extremely unlikely to occur repeatedly. More
+ likely, the interface identifiers chosen at either end will quickly
+ diverge, terminating the sequence.
+
+ If negotiation of the interface identifier is required, and the peer
+ did not provide the option in its Configure-Request, the option
+ SHOULD be appended to a Configure-Nak. The tentative value of the
+ interface identifier given must be acceptable as the remote interface
+ identifier; i.e., it should be different from the identifier value
+ selected for the local end of the PPP link. The next Configure-
+ Request from the peer may include this option. If the next
+ Configure-Request does not include this option, the peer MUST NOT
+ send another Configure-Nak with this option included. It should
+ assume that the peer's implementation does not support this option.
+
+
+
+
+
+Varada, et al. Standards Track [Page 8]
+
+RFC 5072 IP Version 6 over PPP September 2007
+
+
+ By default, an implementation SHOULD attempt to negotiate the
+ interface identifier for its end of the PPP connection.
+
+ A summary of the Interface-Identifier Configuration Option format is
+ shown below. The fields are transmitted from left to right.
+
+ 0 1 2 3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Type | Length | Interface-Identifier (MS Bytes)
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ Interface-Identifier (cont)
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ Interface-Identifier (LS Bytes) |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+ Type
+
+ 1
+
+ Length
+
+ 10
+
+ Interface-Identifier
+
+ The 64-bit interface identifier, which is very likely to be
+ unique on the link, or zero if a good source of uniqueness
+ cannot be found.
+
+ Default
+
+ If no valid interface identifier can be successfully
+ negotiated, no default interface-identifier value should be
+ assumed. The procedures for recovering from such a case are
+ unspecified. One approach is to manually configure the
+ interface identifier of the interface.
+
+5. Stateless Autoconfiguration and Link-Local Addresses
+
+ The interface identifier of IPv6 unicast addresses [5] of a PPP
+ interface SHOULD be negotiated in the IPV6CP phase of the PPP
+ connection setup (see Section 4.1). If no valid interface identifier
+ has been successfully negotiated, procedures for recovering from such
+ a case are unspecified. One approach is to manually configure the
+ interface identifier of the interface.
+
+
+
+
+
+Varada, et al. Standards Track [Page 9]
+
+RFC 5072 IP Version 6 over PPP September 2007
+
+
+ The negotiated interface identifier is used by the local end of the
+ PPP link to autoconfigure an IPv6 link-local unicast address for the
+ PPP interface. However, it SHOULD NOT be assumed that the same
+ interface identifier is used in configuring global unicast addresses
+ for the PPP interface using IPv6 stateless address autoconfiguration
+ [3]. The PPP peer MAY generate one or more interface identifiers,
+ for instance, using a method described in [8], to autoconfigure one
+ or more global unicast addresses.
+
+ As long as the interface identifier is negotiated in the IPV6CP phase
+ of the PPP connection setup, it is redundant to perform duplicate
+ address detection (DAD) as a part of the IPv6 Stateless Address
+ Autoconfiguration protocol [3] on the IPv6 link-local address
+ generated by the PPP peer. It may also be redundant to perform DAD
+ on any global unicast addresses configured (using an interface
+ identifier that is either negotiated during IPV6CP or generated, for
+ instance, as per [8]) for the interface as part of the IPv6 Stateless
+ Address Autoconfiguration protocol [3] provided that the following
+ two conditions are met:
+
+ 1) The prefixes advertised through the Router Advertisement
+ messages by the access router terminating the PPP link are
+ exclusive to the PPP link.
+
+ 2) The access router terminating the PPP link does not
+ autoconfigure any IPv6 global unicast addresses from the
+ prefixes that it advertises.
+
+ Therefore, it is RECOMMENDED that for PPP links with the IPV6CP
+ interface-identifier option enabled and satisfying the aforementioned
+ two conditions, the default value of the DupAddrDetectTransmits
+ autoconfiguration variable [3] is set to zero by the system
+ management. 3GPP2 networks are an example of a technology that uses
+ PPP to enable a host to obtain an IPv6 global unicast address and
+ satisfies the aforementioned two conditions [10]. 3GPP networks are
+ another example ([11] [13]).
+
+ Link-local addresses
+
+ Link-local addresses of PPP interfaces have the following format:
+
+ | 10 bits | 54 bits | 64 bits |
+ +----------+------------------------+-----------------------------+
+ |1111111010| 0 | Interface-Identifier |
+ +----------+------------------------+-----------------------------+
+
+
+
+
+
+
+Varada, et al. Standards Track [Page 10]
+
+RFC 5072 IP Version 6 over PPP September 2007
+
+
+ The most significant 10 bits of the address is the Link-Local prefix
+ FE80::. 54 zero bits pad out the address between the Link-Local
+ prefix and the interface-identifier fields.
+
+6. Security Considerations
+
+ Lack of link security, such as authentication, trigger the security
+ concerns raised in [3] when the stateless address autoconfiguration
+ method is employed for the generation of global unicast IPv6
+ addresses out of interface identifiers that are either negotiated
+ through the IPV6CP or generated, for instance, using a method
+ described in [8]. Thus, the mechanisms that are appropriate for
+ ensuring PPP link security are addressed below, together with the
+ reference to a generic threat model.
+
+ The mechanisms that are appropriate for ensuring PPP link Security
+ are: 1) Access Control Lists that apply filters on traffic received
+ over the link for enforcing admission policy, 2) an Authentication
+ protocol that facilitates negotiations between peers [15] to select
+ an authentication method (e.g., MD5 [16]) for validation of the peer,
+ and 3) an Encryption protocol that facilitates negotiations between
+ peers to select encryption algorithms (or crypto-suites) to ensure
+ data confidentiality [17].
+
+ There are certain threats associated with peer interactions on a PPP
+ link even with one or more of the above security measures in place.
+ For instance, using the MD5 authentication method [16] exposes one to
+ replay attack, where an attacker could intercept and replay a
+ station's identity and password hash to get access to a network. The
+ user of this specification is advised to refer to [15], which
+ presents a generic threat model, for an understanding of the threats
+ posed to the security of a link. The reference [15] also gives a
+ framework to specify requirements for the selection of an
+ authentication method for a given application.
+
+7. IANA Considerations
+
+ The IANA has assigned value 1 for the Type field of the IPv6 datagram
+ interface-identifier option specified in this document. The current
+ assignment is up-to-date at [9].
+
+8. Acknowledgments
+
+ This document borrows from the Magic-Number LCP option and as such is
+ partially based on previous work done by the PPP working group.
+
+ The editor is grateful for the input provided by members of the IPv6
+ community in the spirit of updating RFC 2472. Thanks, in particular,
+
+
+
+Varada, et al. Standards Track [Page 11]
+
+RFC 5072 IP Version 6 over PPP September 2007
+
+
+ go to Pete Barany and Karim El Malki for their technical
+ contributions. Also, thanks to Alex Conta for a thorough review,
+ Stephen Kent for helping with security aspects, and Spencer Dawkins
+ and Pekka Savola for the nits. Finally, the author is grateful to
+ Jari Arkko for his initiation to bring closure to this specification.
+
+9. References
+
+9.1. Normative References
+
+ [1] Simpson, W., Ed., "The Point-to-Point Protocol (PPP)", STD 51,
+ RFC 1661, July 1994.
+
+ [2] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6)
+ Specification", RFC 2460, December 1998.
+
+ [3] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless Address
+ Autoconfiguration", RFC 4862, September 2007.
+
+ [4] IEEE, "Guidelines For 64-bit Global Identifier (EUI-64)",
+ http://standards.ieee.org/regauth/oui/tutorials/EUI64.html
+
+ [5] Hinden, R. and S. Deering, "IP Version 6 Addressing
+ Architecture", RFC 4291, February 2006.
+
+ [6] Bradner, S., "Key words for use in RFCs to Indicate Requirement
+ Levels", BCP 14, RFC 2119, March 1997.
+
+ [7] Haskin, D. and E. Allen, "IP Version 6 over PPP", RFC 2472,
+ December 1998.
+
+ [8] Narten T., Draves, R., and S. Krishnan, "Privacy Extensions for
+ Stateless Address Autoconfiguration in IPv6", RFC 4941,
+ September 2007.
+
+9.2. Informative references
+
+ [9] IANA, "Assigned Numbers," http://www.iana.org/numbers.html
+
+ [10] 3GPP2 X.S0011-002-C v1.0, "cdma2000 Wireless IP Network
+ Standard: Simple IP and Mobile IP Access Services," September
+ 2003.
+
+ [11] 3GPP TS 29.061 V6.4.0, "Interworking between the Public Land
+ Mobile Network (PLMN) Supporting packet based services and
+ Packet Data Networks (PDN) (Release 6)," April 2005.
+
+
+
+
+
+Varada, et al. Standards Track [Page 12]
+
+RFC 5072 IP Version 6 over PPP September 2007
+
+
+ [12] Droms, R., Ed., Bound, J., Volz, B., Lemon, T., Perkins, C.,
+ and M. Carney, "Dynamic Host Configuration Protocol for IPv6
+ (DHCPv6)", RFC 3315, July 2003.
+
+ [13] 3GPP TS 23.060 v6.8.0, "General Packet Radio Service (GPRS);
+ Service description; Stage 2 (Release 6)," March 2005.
+
+ [14] Narten, T. and C. Burton, "A Caution On The Canonical Ordering
+ Of Link-Layer Addresses", RFC 2469, December 1998.
+
+ [15] Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., and H.
+ Levkowetz, Ed., "Extensible Authentication Protocol (EAP)", RFC
+ 3748, June 2004.
+
+ [16] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, April
+ 1992.
+
+ [17] Meyer, G., "The PPP Encryption Control Protocol (ECP)", RFC
+ 1968, June 1996.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Varada, et al. Standards Track [Page 13]
+
+RFC 5072 IP Version 6 over PPP September 2007
+
+
+Appendix A: Global Scope Addresses
+
+ A node on the PPP link creates global unicast addresses either
+ through stateless or stateful address autoconfiguration mechanisms.
+ In the stateless address autoconfiguration [3], the node relies on
+ sub-net prefixes advertised by the router via the Router
+ Advertisement messages to obtain global unicast addresses from an
+ interface identifier. In the stateful address autoconfiguration, the
+ host relies on a Stateful Server, like DHCPv6 [12], to obtain global
+ unicast addresses.
+
+Appendix B: Changes from RFC 2472
+
+ The following changes were made from RFC 2472 "IPv6 over PPP":
+
+ - Minor updates to Sections 3 and 4
+
+ - Updated the text in Section 4.1 to include the reference to
+ Appendix A and minor text clarifications.
+
+ - Removed Section 4.2 on IPv6-Compression-Protocol based on IESG
+ recommendation, and created a new standards-track document to
+ cover negotiation of the IPv6 datagram compression protocol using
+ IPV6CP.
+
+ - Updated the text in Section 5 to: (a) allow the use of one or more
+ interface identifiers generated by a peer, in addition to the use
+ of interface identifier negotiated between peers of the link, in
+ the creation of global unicast addresses for the local PPP
+ interface, and (b) identify cases against the DAD of created non-
+ link-local addresses.
+
+ - Added new and updated references.
+
+ - Added Appendix A
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Varada, et al. Standards Track [Page 14]
+
+RFC 5072 IP Version 6 over PPP September 2007
+
+
+Authors' Addresses
+
+ Dimitry Haskin
+ Ed Allen
+
+ Srihari Varada (Editor)
+ TranSwitch Corporation
+ 3 Enterprise Dr.
+ Shelton, CT 06484. US.
+
+ Phone: +1 203 929 8810
+ EMail: varada@ieee.org
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Varada, et al. Standards Track [Page 15]
+
+RFC 5072 IP Version 6 over PPP September 2007
+
+
+Full Copyright Statement
+
+ Copyright (C) The IETF Trust (2007).
+
+ This document is subject to the rights, licenses and restrictions
+ contained in BCP 78, and except as set forth therein, the authors
+ retain all their rights.
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
+ THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
+ OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
+ THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+Intellectual Property
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be
+ found in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this
+ specification can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+ ietf-ipr@ietf.org.
+
+
+
+
+
+
+
+
+
+
+
+
+Varada, et al. Standards Track [Page 16]
+