Dynamics: Technical Definition

Dynamics
Technical Definition	$Revision: 1.29 $	State approved
Date 03-Dec-1998	Author Björn Andersson
Review date 09-Dec-1998	Reviewed by Jouni Malinen
Approval date 10-Dec-1998	Approved by Jouni Malinen

$Id: tech_def.html,v 1.29 1998/12/10 09:29:10 jkmaline Exp $

Summary
1. Introduction
2. General description of the system
3. System architecture description: 3.1. Design Principles; 3.2. Architecture
4. Module and process descriptions: 4.1. Mobile Node; 4.2. Foreign Agent; 4.3. Home Agent; 4.4. Cryptographic algorithm interface and session key generation; 4.5. Mobility Bindings; 4.6. Tunneling interface; 4.7. Routing interface; 4.8. ARP interface; 4.9. Logging (syslog); 4.10. Configuration files; 4.11. Application Programming Interface; 4.12. Support tools
5. Module implementation description: 5.1. Mobile Node; 5.2. Foreign Agent; 5.3. Home Agent
Appendix

Summary

The main motive of the Dynamics project is to make mobile IP more flexible by implementing a prototype version of a hierarchical IP tunnel for a IPv4 network.

The Dynamics group will write the implementation from scratch. The implementation relies on the tunneling and advanced routing features of development version (v2.1) of the Linux-kernel and the upcoming stable version (v2.2).

Three main modules, the mobile home, foreign agent and home agent, will be developed. These modules depend on modules that provide an interface to the kernel functionality. An API module that provides functionality for making programs that control and monitor the main modules will also be developed.

Communication between the main modules is done by using Berkeley IP sockets. The message formats used are as defined in mobile IP related Internet standards and drafts.

The mobile nodes are authenticated with message authentication code from the payload of registration requests based on the MD5 hash algorithm. A publicly available implementation of the algorithm will be used. The foreign agents use public key cryptosystem to get the session keys generated by the home agents. A publicly available RSA implementation will be selected for this purpose.

The Linux system logger is used for all log messages generated by the modules.

All main modules will use a general configuration file format and API for accessing the data.

1. Introduction

The main motive of the Dynamics project is to make a prototype version of a hierarchical IP tunnel for IPv4 network. The project deliverables are made for the MART-project. The main goal is to accomplish a system that can be further used and developed in research of the mobile IP field. More thorough description of the project and its goals is available in the beginning of the project plan.

1.1. Terms

The terminology used in this document follows the custom taken into use in this project. The terms are used as in RFCs of the mobile IP field and they are defined in a separate terminology specification.

1.2. Framework

This project will use existing solutions and solution proposals as far as possible. This will prevent extra work of "reinventing the wheel", and should lead to a more stable implementation. The main task for this project is to select the suitable solutions and to implement a working prototype of the hierarchical IP tunnel.

Chapter 1.2 (Framework) of the functional definition gives the Internet standards and drafts that our implementation depend on. The most import are: IP Mobility Support" [RFC2002], "IP Keys for Route Optimization" [REGKEY] (work in progress) and ICMP Router Discovery Messages [RFC1256]. These documents describe the message formats that we have chosen to use.

1.3. Document structure

A compact summary of the document is given above before the rest of the document. Chapter 1 (Introduction) explains briefly the project and the contents of this document. Chapter 2 (General description of the system) gives a brief summary of the general description of the system in various documents. Chapter 3 (System architecture description) describes the main design decisions and gives an overview of the system architecture. Chapter 4 (Module and process descriptions) gives an overview of each module, defines their interfaces, attributes and intercommunication mechanisms. In chapter 5 (Module implementation description) state machines and pseudocode describes the functionality of the mobile node, foreign agent and home agent.

2. General description of the system

This chapter gives a brief summary of the general description of the system in various documents. Chapter 2 of the requirements specification (General description) is an overview of the environment and the external interfaces relevant to the project. It also describes some of the most important constraints of the system and includes a description of the possible users of the software to be produced.

Chapter 2 of the functional definition (Overview) gives a closer consideration of the system and especially of its functionality. It also describes the security design of the system.

Section 4.1 of the project plan (Software tools and hardware resources) defines the implementation environment and the tools to be used.

3. System architecture description

This chapter describes the main design decisions and gives an overview of the system architecture.

3.1. Design Principles

One of our main design principles was not to put in any functionality beyond the requirements, but still provide the possibility to add further extensions and modifications later on. Keeping the solution as simple as possible was also requested by the customer.

We tried to find a solution where we would need to modify kernel code as little as possible and ultimately not at all, as coding and modifying kernel space code is normally more time consuming and complex than writing user space code. It was found out that by using the current development version of the Linux-kernel (v2.1), and the upcoming stable version (v2.2), we could exploit the new tunneling and advanced routing features to avoid kernel modification.

We also tried to find mobile IP implementations for Linux that we could extend or get ideas from. See appendix for list of implementations that we examined. However, none of the implementations satisfied our requirements, so we decided to write our implementation from scratch.

3.2. Architecture

The modules we will implement can be divided into four categories: the main modules (mobile node, foreign agent and home agent), modules that provide an interface to the kernel (ARP, tunneling and routing), generic support modules (mobility bindings, cryptography and configuration) and an API module.

The following diagram shows the dependencies between the different modules.

The main modules provide the core functionality of the system. Communication between the modules is done through Berkeley sockets using the IP protocol. The exact structure and contents of the messages sent between the mobile node and the mobility agents is described in the Message Formats and Contents document.

The API module functions as an interface between support tools (such as control and monitoring) and the main modules. This module communicates with the main modules through Berkeley sockets using the Unix domain protocol.

The kernel interface provides functions that are easier to use than direct ioctl calls (man 2 ioctl).

The general support modules provide functions that are common to two or more modules.

4. Module and process descriptions

This chapter describes the modules used in the implementation of the system. The state information of the main elements (Mobile Node, Foreign Agent and Home Agent) and their reactions to events are represented. In addition the communication mechanisms of the main elements are described.

4.1. Mobile Node

The Mobile Node is responsible for providing the hierarchical tunneling services to the mobile user. Tasks include tunnel registering, keeping tunnel functional and providing the users means to control and monitor the tunnel. At first stage the Mobile Node provides only bi-directional tunneling.

4.1.1. General design

Mobile node consists of signaling part, support part and tunneling part. Signaling part is responsible for updating the routing tables and controlling the tunneling part. Tunneling part is responsible for physical IP-IP packet encapsulation and decapsulation. Support part is responsible for handling the API calls and interface to library functions.

Support part and signaling part will be integrated into one module, which runs on a single process. This process waits for signaling messages, library calls (through special socket interface) and timers. When library socket is activated, it is served immediately. Results are sent back and if the library call results in state transition, the transition is processed. In case of a signaling message or timer, the current signaling state is used.

For now only bi-directional (full) tunneling mode is supported. However, the other tunneling modes are easy to implement based on the code for bi-directional tunneling. In triangle tunneling, sent packets will not be wrapped and in no-tunneling mode we just do not make the tunnel and use the computer directly with local network.

4.1.2. Preconfigured data

The Mobile Node will be preconfigured with following data. This data will be read via the configuration file interface on startup and on explicit request.

Type	Variable or data structure	Explanation
int	retry_interval	Interval in milliseconds, how long the agent waits a reply before sending the message again.
int	max_retry_count	Number on tries to get the message through before giving up.
int	default_tunnel_lifetime	Requested tunnel lifetime.
ip_address	mobile_address	address of mobile
ip_address	home_agent_address	address of home agent
char*	shared_secret	Shared secret with the home agent
int	spi	Associated authentication method (used to connect the correct shared secret in the home agent to this mobile node)

4.1.3. Dynamic state data

The following variables are used by the state machine of the mobile nodes.

Type	Variable or data structure	Explanation
ip_address	fa_address	Address of the closest foreign agent
int	sequence_number	Sequence number of the last heard advertisement
int	api_call_progressing	Identifies progressing API call. (None, connect or confirm)
int	api_call_socket	Waiting socket connection for blocking API call
int	state	Current state of the machine
int	retry_count	Tries left to re-send the message
key	session_key	The session key used in signaling

4.1.4. Timers

Timer	Explanation
lifetime_left	Indicates the remaining lifetime for the tunnel
advertisement_timer	Remaining time for the last heard advertisement
reply_timer	Timer for reply

4.1.5. Communications with other elements

The Mobile Node communicates with Foreign Agents and Home Agents. The interface to these agents is similar. Communication is done with Berkeley IP sockets. The Mobile Node listens for ICMP agent advertisement messages on a "packet" socket. ICMP agent solicitation messages are sent on the same socket. Registration Request messages are sent to foreign or home agents port 434. Registration Replies are listened in an UDP socket, port 434.

Communication with the API module is done over two Unix domain sockets as described in the API section.

The agent reacts to SIGHUP, SIGTERM and SIGINT signals. SIGHUP cauces the configuration file to be reread. The other two signals will make the process exit in a clean way.

4.1.6. Dependency on other modules

The mobile node depends on the routing, cryptographic and tunnel modules. Configuration data is read by using the configuration module interface.

4.1.7. Operations

The mobile node answers to the following library calls: dynamics_mn_update_location, dynamics_mn_connect, dynamics_mn_get_status, dynamics_mn_disconnect, dynamics_mn_get_care_of_addr, dynamics_mn_get_tunneling_mode, dynamics_mn_confirm. Signaling messages Registration Reply and Mobility Agent Advertisement are accepted, but their processing depends on the state of the machine. See Mobile node signaling state machine for more information.

4.1.8. Exceptional situations and error situations

There are several possible error situation mainly caused by the network environment. General exceptional situations are:

Received message is erroneous. If the message structure is erroneous or data is corrupted, the message will be silently discarded.
The messages are lost. This is an expected situation and the timers in state machine will resend the message.
The configuration file has an error. The program exits and informs about the error.

4.1.9. Testability

The module is tested according to the test plan.

4.2. Foreign Agent

The Foreign Agent is responsible for routing the tunneled data in the tunneling environment. Foreign Agents ease the burden of Home Agent by taking advantage of their hierarchy and updating the tunneling routes intelligently. Foreign Agents are here considered to support the bi-directional tunneling. In triangle-tunneling mode Foreign Agent decapsulates ipip packets and forwards them to internet. The possibility to route packets to some other device than tunnel requires more functionality into Foreign Agent and may be done in later phases.

4.2.1. Foreign Agent in brief

One daemon process
Signaling and API interface communications through sockets
Routes encapsuled data in IP layer
Is part of a hierarchical Foreign Agent structure

4.2.2. Preconfigured data

The Foreign Agent will be preconfigured with the following data. This data will be read via the configuration file interface on startup and on explicit request.

Type	Variable or data structure	Explanation
int	adv_interval	Agent Advertisement broadcast interval.
int	tunnel_modes	Allowed tunneling modes.
ip_address	upper_fa	Next higher Foreign Agent address
ip_address	highest_fa	Highest Foreign Agent address
int	max_bindings	Number of maximum allowed bindings
char	net_if[8]	Interface of local network, e.g. "eth0"
int	spi	Associated authentication method
int	default_tunnel_lifetime	Default tunnel lifetime in seconds

Please refer to the configuration file specification document for a concrete view of configurable parameters. The concrete use of these variables may be seen from the Foreign Agent pseudocode presentation.

4.2.3. Dynamic data

Type	Variable or data structure	Explanation
HASH	bindings_hash	A hash table of valid Mobility Bindings. See section on Mobility Bindings.
HASH	tunnels_hash	A hash table of tunnels. Contains dynamic tunnel data.

4.2.4. Signaling timers

Timer	Explanation
Binding timer	Shows the time when the binding is to be expired.
Wait reply timer	Shows the time that a registration request for a certain binding has been on its way without being acknowledged.
Advertisement timer	Shows the time when the next Mobility Agent Advertisement message should be send.
Socket select timer	Select(2) takes a timer parameter. The value of this parameter tells how long to wait any changes in the sockets. Bindings have expiration times. Also ICMP Agent Advertisement messages are sent periodically. This timer variable is initialized every round to the next expiration time of the binding or the time of the next advertisement message.

4.2.5. Communication with other elements

The Foreign Agent needs to communicate with:

Other Foreign Agents
Mobile Nodes (only the lowest Foreign Agents)
The Home Agent (only the highest Foreign Agent)
The Foreign Agent administration program

4.2.6. Operations and interfaces

The Foreign Agent operations are defined in detail in the Foreign Agent state machine document. The Foreign Agent state machine picture illustrates the entire Foreign Agent daemon operation. The Foreign Agent single binding state machine picture illustrates the states of a single binding from the signaling point of view.

The Foreign Agent has the following external interfaces:

Signaling interface: UDP socket, port 434
API information request interface: unix socket
API modification interface: unix socket

Communication with the Foreign Agents and Mobile Nodes and the Home Agent is done with Berkeley IP sockets. The Foreign Agent listens to ICMP agent solicitation messages from mobile nodes on a "packet" socket. ICMP agent advertisement messages are sent in reply to these messages on the same socket. The Foreign Agent also listens to Registration Requests on an UDP socket, port 434, originating from mobile nodes or other foreign agents. Upon a request an unconfirmed mobility binding for the requested mobile node will be established or, if one already exists, updated. The request is then forwarded upwards in the hierarchy or, if the Foreign Agent detects that the Mobile Node has moved and the Foreign Agent should act as the Switching Foreign Agent, it answers the request with an appropriate Registration Reply. When a Registration Reply is received, the Foreign Agent updates its binding information as defined in the Foreign Agent state machine document.

Communication with the API module is done over two Unix domain sockets as described in the API section.

The foreign agent reacts to SIGHUP, SIGTERM and SIGINT signals. SIGHUP signal causes the configuration file to be reread. The other two signals will make the process exit in a clean way.

4.2.7. Dependency on other modules

The Foreign Agent is dependent on the routing, cryptographic, bindings, and tunnel modules. Configuration data is read by using the configuration module interface.

4.2.8. Exceptional situations and error situations

There are several possible error situations, caused mainly by the network environment. General exceptional situations are:

Received message is erroneous.
The message structure may be erroneous
The message data may be corrupted
The message will be silently discarded. This may result in unnecessary binding timeouts.
The authorization of a message fails
The message is sent upwards to Home Agent
A message is lost
A Registration Reply message is lost (on its way up or down)
A Registration Request message is lost
A Mobility Agent Solicitation message is lost
The messages are received in undesired order
A Registration Request is received just before the (de)Registration Reply (with expiration time left set to 0) arrives to the Foreign Agent.
When the Foreign Agent receives a Registration Request it creates a unconfirmed binding for the request. When the Registration Reply comes back from Home Agent the binding is confirmed. In this situation the confirmed binding (old) is removed and the unconfirmed binding is confirmed after the reply from Home Agent.
The configuration file has an error
The program exits and informs about the error.

The error situations are covered by the Foreign Agent state machine document.

4.2.9. Testability

The module is tested according to the test plan.

4.2.10. Data structures

Specific data structures in the Foreign Agent:

Data structure	Explanation
Bindings	The structure that contains all the bindings associated to the Foreign Agent and the Mobile Nodes it serves.
Messages	Structure to handle the messages in higher level. Pointers to extensions in the signalling packets and variables to indicate values of the message fields. Presented in high level as a parsed signalling messages.

4.3. Home Agent

The Home Agent is responsible for encapsulating and forwarding packets to its Mobile Nodes when they are away from their Home Network. It also decapsulates and forwards tunneled packets originating from its Mobile Nodes.

4.3.1. Communication with other elements

The Home Agent needs to communicate with:

Foreign Agents
Mobile Nodes
Home Agent administration program

Communication with the Foreign Agents and Mobile Nodes is done with Berkeley IP sockets. The Home Agent listens to ICMP agent solicitation messages from mobile nodes on a "packet" socket. ICMP agent advertisement messages are sent in reply to these messages on the same socket. The home agent also listens to Registration Requests on a UDP socket, port 434, originating from foreign agents or mobile nodes. If the request is authorized then a mobility binding for the requested mobile node will be established or, if one already exists, updated. The request is then answered with an appropriate Registration Reply.

Communication with the API module is done over two Unix domain sockets as described in the API section.

The home agent reacts to SIGHUP, SIGTERM and SIGINT signals. SIGHUP cauces the configuration file to be reread. The other two signals will make the process exit in a clean way.

4.3.2. Dependency on other modules

The home agent depends on the ARP, routing, cryptographic, bindings and tunnel modules. Configuration data is read by using the configuration module interface.

4.3.3. Preconfigured data

The Home Agent will be preconfigured with the following data. This data will be read via the configuration file interface on startup and on explicit request.

int max_reg_time defines the maximum time a mobility binding will be valid before a re-registration is required.

int max_bindings defines maximum number of mobiles that are allowed to be registered at the same time. When the number of mobility bindings reach this limit, further registrations will be rejected.

char arp_if[8] is the network interface where the Mobile Node will listen to packets destined for registered mobile nodes.

char localtunnel_if[8] is the network interface to where the local tunnel interface will be attached.

HASH auth_mns_hash is a hash table of IP addresses of the Mobile Nodes that are allowed to register.

HASH sec_assocs_hash is a hash table of security associations that are used to authenticate Mobile Nodes as they want to register.

4.3.4. Dynamic data

The following describes the data that will be dynamically maintained while the Home Agent is running:

HASH bindings_hash is a hash table of valid Mobility Bindings. See the section on Mobility Bindings.

HASH tunnels_hash is a hash table of active tunnels. See the section on tunnels.

4.3.5. Exceptional situations and error situations

Exceptions and errors will be handled as in the foreign agent where applicable.

4.4. Cryptographic algorithm interface and session key generation

This section describes the cryptographical part of the software. The design of the interface to the third party products to be used is defined.

4.4.1 Secure hash authentication using MD5

The mobile nodes are authenticated with message authentication code (MAC) calculated from the payload of the registration requests. The MAC is produced using a secure hash function and a secret key shared with a mobile node and the home agent or a session key shared with a mobile node and both the foreign agents producing the tunnel and the home agent. The hash function is evaluated similarly on both cases.

MD5 was selected as the hash algorithm to be used. The design of the software allows an easy addition of optional algorithms, but MD5 is the only one taken into use in this project.

There are many publicly available implementations of MD5 algorithm and one will be chosen by the programmer responsible for implementation of the cryptographic part. The interface to the hash algorithm is simply a function that returns the hash value (128 bits of data).

void MD5_MAC(unsigned char const *key, unsigned int key_len,
             unsigned char const *data, unsigned int data_len,
             unsigned char *MAC);

The operation of the MD5_MAC() function is defined as MAC := MD5(key | data | key).

key and data are pointers to memory containing key_len and data_len bytes of data. The contents of the data is not modified by the function. MAC is a pointer to 128 bits (16 bytes) of memory to be used for the result of the calculation.

The normal operation of MD5_MAC() function is to calculate the MAC for the registration reply message sent by a mobile node and authentication of the message by foreign agents or a home agent. In addition this function is used in session key generation and in encrypting the key for the mobile node.

4.4.2 Public key cryptosystem using RSA

The foreign agents use public key cryptosystem to get the session keys generated by the home agents. RSA was selected as a public key system to be used with this project. The design, however, allows an easy addition of additional algorithms in case needed.

A publicly available RSA implementation will be selected by the programmer responsible for the implementation of the cryptographic parts of the software. A suggestion for the base code if Werner Koch's implementation of RSA (ftp://ftp.guug.de/pub/gcrypt/contrib/rsa.c). The routines use an internal presentation form of the public and private keys, but the external users of the module do not need to take this form into consideration. All the keys are provided as a binary data which can be sent to other modules.

The following functions will be used as an interface to the RSA functions.

void rsa_initialize(char const *public_key_file, char const *private_key_file);
int rsa_encrypt_len(unsigned char const *public_key,
                    unsigned int public_key_len);
int rsa_encrypt_session_key(unsigned char const *session_key,
                            unsigned char const *public_key,
                            unsigned int public_key_len,
                            unsigned char *encrypted_key);
void rsa_decrypt_session_key(unsigned char const *encrypted_key,
                             unsigned int encrypted_key_len,
                             unsigned char *session_key);
int rsa_get_public_key_len(void);
char const *rsa_get_public_key(void);

The function rsa_initialize() reads the public and private keys of a foreign agent and prepares the system for RSA encryption and decryption. It must be called before using the other functions of the RSA module. The names of the files containing the public and private keys are given as parameters (they are obtained from the config file).

rsa_encrypt_session_key() is used to encrypt a session key with public key of the following system in the tunnel. session_key is pointer to 128 bit session key to be encrypted. public_key is a pointer to public_key_len bytes of key used in the encryption. encrypted_key is a pointer to memory containing space for the encrypted key. It must contain enough space for the encrypted data. rsa_encrypt_len() can be used to find out how much memory is needed when using a particular public key. rsa_encrypt_session_key() returns the length of the encrypted key or -1 in case the encryption failed.

rsa_decrypt_session_key() is used to decrypt an encrypted session key. encrypted_key is a pointer to memory containing encrypted_key_len bytes of encrypted data. session_key is a pointer to 16 bytes of memory used for the decrypted key.

rsa_get_public_key_len() returns the length (in bytes) of the public key read from the key file. rsa_get_public_key() returns a pointer to the public key read from the key file. This can be used to generate the foreign agent public key extension of the registration request messages. The public key is provided as binary data in a format that can be sent in the registration messages.

4.4.2.1 RSA key generation utility

In order to make the use of public key cryptosystem easy for the foreign agent administrators a RSA key generation utility will be provided. The program will generate a new public/private key pair and write it into two files that the foreign agent can use directly. The RSA key generation program is a separate tool and it needs no direct interface with the rest of the software. The key generation routine of the selected third party implementation of RSA will be adapted in case needed.

4.4.3 Session key generation

The home agents work as key distribution centers in our implementation. They are thus responsible for generating the session keys, which contain 128 bits (16 bytes) of (pseudo) random data. The /dev/random device of Linux kernel is reasonably safe source of pseudorandom sequence and it will be used in the session key generation. In order to make the guessing of session keys more difficult even if the sequence of the pseudorandom numbers can be determined, the pseudorandom sequence is run through MD5 function with a session key generation secret defined for each home agent.

The following function operates as the interface to the session key generation.

void generate_session_key(unsigned char const *key, unsigned int key_len,
                          unsigned char *session_key);

The generate_session_key() function reads 16 bytes of pseudorandom data from /dev/random and calculates session_key by calling MD5_MAC(key, key_len, random_data, 16, session_key).

key is a pointer to memory containing key_len bytes of data (session key generation secret). The contents of the data is not modified by the function. session_key is a pointer to 128 bits (16 bytes) of memory which will be filled with the new pseudorandom session key.

The session key will be encrypted with RSA for the foreign agents on the tunnel. The key will be sent also encrypted with the secret shared by the mobile node and the home agent. The encrypted version is produced with help of MD5 by calculating session_key XOR MD5(secret | session_key | secret).

4.5. Mobility Bindings

Home and foreign agents keep track of registered mobile nodes with mobility bindings.

A mobility binding has the following structure:

struct mob_binding {
      __u32 mn_addr;     /* mobile node address */
      __u32 lower_addr   /* other end of the lower tunnel segment */
      __u32 id[2];       /* timestamp */
      time_t exp_time;   /* time when binding will expire */
      char key[16];      /* the session key for the binding
      int confirmed;     /* boolean value indicating if the binding is confirmed or not */
      int spi;           /* associated authentication method */
}

Bindings have a lifetime. The current time in seconds since 0:00:00 UTC, January 1, 1970 can be retrieved with the time system call (see man 2 time). The expiration time for a binding is set in exp_time. When the current time is equal to or more than exp_time the binding should be removed.

Both foreign and home agents need to know where to forward packets destined for the mobile node; this is indicated by the lower_addr field. The session key for the tunnel is stored in the key field. The corresponding security parameter index for authentication method used is stored in the spi field. Foreign agents need an additional field, confirmed, to keep track of confirmed and unconfirmed bindings.

The following functions will be used as an interface to the mobility bindings:

HASH binding_inithash();
void binding_destroyhash(HASH hash);
int binding_add(HASH hash, struct mob_binding);
void binding_fetch(HASH hash, __u32 mn_addr, struct mob_binding *b);
int binding_delete(HASH hash, __u32 mn_addr);
int binding_nextexpire(HASH hash, struct mob_binding *b);

binding_inithash() initializes a hash table for storing bindings. The function returns a reference that is used in further operations on the hash table.

binding_destroyhash() should be called to destroy a hash table when it is not needed any more.

binding_add() adds a binding to the hash table. The function returns 0 on success.

binding_fetch() fills in the mob_binding structure if any binding for the requested mobile node is found.

binding_delete() deletes a binding with the specified mobile node address. The function returns 0 if a binding was deleted.

binding_nextexpire() gets the binding that is next to expire. The function returns 0 if a binding is found, else -1.

4.6. Tunnels

The home agent, foreign agent and mobile node needs to generate tunnels. Tunnels are generated through kernel ioctl calls. A more simple interface to the tunnel device will be implemented.

This module keeps track of how many mobile nodes are handled by each tunnel. The tunnel will only be removed when the number of tunnel_delete calls are equal to the tunnel_add calls. The following functions will be provided:

HASH tunnel_inithash();
void tunnel_destroyhash(HASH hash);
int tunnel_add(HASH hash, __u32 src_addr, __u32 dst_addr, char *device);
int tunnel_delete(HASH hash, __u32 src_add, __u32 dst_addr);

The list of tunnels should be initialized with tunnel_inithash which returns a reference to the hash table. The hash table is destroyed with tunnel_destroyhash.

tunnel_add takes as argument the end points of the tunnel. It writes the name of the added tunnel device to the memory location pointed by device. At least 8 chars have to be reserved for device. tunnel_add and tunnel_delete both return 0 on success and -1 otherwise.

The internal data structure for the tunnel will be:

struct tunnel {
	char device[8];   /* tunnel device name */
        __u32 dst_addr;
        __u32 src_addr;
	int ref;          /* number of references to tunnel */
}

The implementation of the ip program (ip.c) in the iproute2 package could be used as an example in implementation our interface routines.

4.7. Routing

The routing module provides an interface to the advanced routing mechanisms of the kernel. This is needed for routing packets to and from the mobile node to the right tunnel devices. These routines will be used by all the main modules.

The routing module will provide the following functions:

int route_add(__u32 addr, const char *tunnel_dev)
int route_del(__u32 addr, const char *tunnel_dev)

route_add and route_del adds and deletes a route respectively to the mobile node with address addr through tunnel tunnel_dev. Both functions return 0 on success and -1 otherwise.

As with the tunneling module our implementation could use the ip program (ip.c) in the iproute2 package as an example implementation of our interface routines.

4.8 ARP interface

The home agent uses similar technique as ProxyARP for getting the messages sent to the home address of a remote mobile node. The ARP routines of the Linux kernel takes care of answering the arp who-has questions and the only thing that the home agent daemon must do is the setting of kernel's ARP cache.

Arp command of net-tools manipulates the system ARP cache (see man 8 arp). An simple to use interface to the needed commands will be implemented as a part of the home agent software. Following functions will be provided:

int add_proxyarp_item(__u32 host_addr, char const *interface);
int del_proxyarp_item(__u32 host_addr, char const *interface);

These functions correspond to the following commands: arp -Ds host_addr interface pub and arp -i interface -d host_addr, respectively. In other words, they add (or deleat) a host address to the ARP cache as a static entry that is published by the kernel (it answers the who-has questions). The implementation of the arp(8) command (i.e. arp.c in the net-tools) could be used as an example in implementing our interface routines.

Both functions return 0 for successful operations and -1 if an error occurred in the ARP cache manipulation.

4.9. Logging (syslog)

The system logger (syslogd) is used for all log messages generated by the modules. The functions needed for logging are described on a man page (man 3 syslog). Openlog() is used to open a connection to the system logger and closelog() is used to close the connection.

       #include <syslog.h>
       void openlog( char *ident, int option, int  facility)
       void syslog( int priority, char *format, ...)
       void closelog( void )

The ident parameter includes the identity string added in beginning of each log message. It is set as home agent, foreign agent or mobile node depending on the module in question. The option parameter is set to LOG_PID which logs the process ID with each message. The facility parameter defines the type of the program logging the message. In order to be able to separate the log messages of the tunneling system to its own log file the facility parameter is made configurable. The default value for our system is LOG_LOCAL0 and it can be changed in the config file.

The openlog() function is called after the configuration file has been read. If there is a need to write some error messages before the configuration information has been read, the facility is set to LOG_LOCAL0 with an extra openlog() call just before writing the message with syslog() function.

The priority parameter defines the priority of the message. It can be used with syslogd to change the handling of messages (most important messages could be written directly to the system console and so on). The following priorities are used by the modules:

LOG_DEBUG - any debugging information
LOG_INFO - any informational message of normal function
LOG_WARNING - any message warning about abnormal conditions, which the system is able to handle (e.g. authentication errors)
LOG_ALERT - any message about condition that cannot be handled by the system (e.g. lack of resources)

Example use of syslog

syslog(LOG_INFO, "FA=%s, MN=%s, registration request received",
       inet_ntoa(fa_addr), inet_ntoa(mn_addr));

This example produces following message in the system log:
Nov 30 20:00:52 hostname home agent[459]: FA=127.0.0.1, MN=10.1.2.3, registration request received.

4.10. Configuration files

Configuration files provide a means to define static configuration data for the tunneling system elements. Configuration files are text files. Home Agent, Foreign Agent and Mobile Node can all be configured with configuration files.

We will provide a configuration file parser module with sufficient functions for fetching the configuration data from the configuration file to the variables in memory.

Configuration files are described in detail in a separate Configuration file specification document, which also includes examples of the configuration files.

4.11. Application Programming Interface

Application Programming Interface is provided through library functions. Functions are distributed in three libraries, one for each mobility agent. These functions wrap the socket interface used to access mobility agents allowing the user to give mobility commands easily through C functions and allow user to use C structures to receive data from the agent. The function calls are blocking, but allow user to specify timeout value. If timeout is set to zero, function will not return until it has been completed.

4.11.1. Foreign Agent Library Functions

int dynamics_fa_get_tunnels(int *tunnel_count, int *data, int size_of_array, int timeout);
Returns list of active tunnels in agent. Number of tunnels is placed in variable pointed by tunnel_count and list of active tunnel ids is stored in array, pointed by data. size_of_array parameter specifies size of result buffer.

int dynamics_fa_get_tunnel_info(int id, struct dynamics_tunnel_info *data, int size_of_data, int timeout);
Returns information of tunnel with given id. Results will be in tunnel_info structure pointed by data paramter. Size_of_data determines size of tunnel_info structure.

int dynamics_fa_destroy_tunnel(int id, int timeout);
Destroys tunnel with given id.

4.11.2. Home Agent Library Functions

int dynamics_ha_enable_mobile(ip_address mobile_addr, int enable, int timeout);
Allows or denies the connection requests from given mobile with given address. If enable is set to non-zero value, access is allowed, if it is zero access is not allowed.

int dynamics_ha_get_tunnels(int *tunnel_count, int *data, int size_of_array, int timeout);
Returns list of active tunnels in agent. Number of tunnels is placed in variable pointed by tunnel_count and list of active tunnel ids is stored in array, pointed by data. size_of_array parameter specifies size of result buffer.

int dynamics_ha_get_tunnel_info(int id, struct dynamics_tunnel_info *data, int size_of_data, int timeout);
Returns information of tunnel with given id. Results will be in tunnel_info structure pointed by data parameter. Size_of_data determines size of tunnel_info structure.

int dynamics_ha_destroy_tunnel(int id, int timeout);
Destroys tunnel with given id.

int dynamics_ha_get_care_of_addr(ip_address mobile_addr, ip_address * care_of_addr, int timeout);
Places co-located care of address for the given mobile in variable pointed by care_of_addr.

4.11.3. Mobile Node Library Functions

int dynamics_mn_get_care_of_addr(ip_address * care_of_addr, int timeout);
Places co-located care of address for the mobile in variable pointed by care_of_addr.

int dynamics_mn_get_tunneling_mode(int *tunneling_mode, int timeout);
Stores the active tunneling mode in variable pointed by tunneling_mode.

int dynamics_mn_get_status(struct dynamics_mobile_status *status, int timeout);
Stores status code of the mobile node in variables pointed by status.

int dynamics_mn_connect(int tunneling_mode, int timeout);
Tries to connect to tunneling system and create a tunnel of specified type. For now, only available tunneling mode is full tunnel. Function blocks until connection is established or an error occurs or the call timeouts.

int dynamics_mn_disconnect(int timeout);
Disconnects the mobile from tunneling system and closes the tunnel.

int dynamics_mn_update_location(int timeout);
Signals the mobile node of location change. Results in location update.

int dynamics_mn_home_update(int timeout);
Signals the mobile that we have arrived in the home network and tunneling is no longer needed. The tunneling system is ready to switch back to tunneling if location update to foreign network is done.

int dynamics_mn_confirm(int timeout);
Confirms that tunnel is still functional by sending a request message to home agent. Function blocks until reply from home agent is received or error occurs or the call timeouts.

4.11.4. Function parameters

Structures:

struct dynamics_tunnel_info {
      __u32 mn_addr;     /* mobile node address */
      __u32 lower_addr   /* other end of the lower tunnel segment */
      __u32 id[2];       /* timestamp */
      time_t exp_time;   /* time when binding will expire */
      int confirmed;     /* boolean value indicating if the binding is confirmed or not */
      int spi;           /* associated authentication method */
}

Return Values:

Return value	Code	Description
Success	0	Operation completed successfully
Operation not permitted	-1	This operation is not allowed in the present state
Illegal parameters	-2	One of the parameters was illegal
Undefined error	-3	The cause of error is undetermined
Agent unreachable	-4	Could not connect to agent.
Timeout	-5	Timeout while waiting reply from agent
Insufficient buffer size	-6	Could not return all result data, because result buffer was too small
Operation not supported	-7	This command is not available in agent.
Data not available	-8	The requested data was not available (due to current state).
In Progress	-9	Other blocking API call is currently in progress.
Canceled	-10	Operation canceled by other command

Tunneling modes:

Mode	Value
No tunnel	0
Full tunnel	1

4.11.5. Socket interface

All mobility agents use similar socket interface to exchange information between agent and library functions. Functions first open socket connection and then send integer function code followed by possible parameter value. Then they will wait for results. Timeout specifies how long the function should wait for results. If Timeout is zero, function will wait forever. Results arrive in raw data, which is assigned directly to user supplied buffer. Data structures used in agents must be similar to ones used in mobility agents sending the data. To assure that all data will be received, the sending is preceded by length field.

Message format from library function to agent:
0                   1                   2                   3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+---------------------------------------------------------------+
|Type = 0       | Function code                 | Param. Length |
+---------------+---------------+---------------+---------------+
. Parameters                                                    .
.                                                               .
+---------------------------------------------------------------+

Type
    Message type identifier, must be 0
Function code
    Code value for function to perform
Param. Length
    Length of additional parameters in bytes
Parameters
    Additional parameters to be passed to agent.

Message format from agent to library:

0                   1                   2                   3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+---------------------------------------------------------------+
|Type = 1       | Return value                  | Data Length   |
+---------------+---------------+---------------+---------------+
. Data                                                          .
.                                                               .
+---------------------------------------------------------------+

Type
    Message type identifier, must be 1
Return Value
    Return value from function call. One of the values specified in Error values table
Param. Length
    Length of additional parameters in bytes
Data
    Additional result data from function call

Function	Code to send	Parameter
Dummy	0	-
get_tunnels	1	-
get_tunnel_info	2	(int) tunnel_id
destroy_tunnel	3	(int) tunnel_id;
enable_mobile	4	(dw) ip_addr
get_care_of_addr	5	for HA (dw) ip_addr
get_tunneling_mode	6	-
get_status	7	-
connect	8	(int) tunneling_mode
disconnect	9	-
update_location	10	-
confirm	11	-
home_update	12	-

4.12. Support Tools

All support tools will be based on basic command interpreter which has two main modules. Parser parses the command and translates the parameters to a form needed by the mobility agent library functions and executes the commands. The other module is responsible for prompting the user and receiving input. Monitoring commands, with interval parameter specified, will block the user interface and will fetch the required values automatically after the specified interval.

4.12.1. Commands

General about commands
All commands are case insensitive and white space is used to separate parameters.

Following notation is used for commands:
<parameter> User supplied parameter value
[parameter] Optional parameter

Home Agent Configuration & Monitoring Tool Commands
Command	Description
`help [command]`	Displays a help screen
`quit`	Quit program
`enable <ip-address>`	Allow the mobile to connect
`disable <ip-address>`	Deny connections from the mobile
`list [interval]`	Show list of active tunnels, update information after interval seconds
`show <tunnel> [interval]`	Show information of specific tunnel, update information after interval seconds
`careof <mobile>`	Shows careof address for the mobile
`destroy <tunnel>`	Remove specified tunnel from agents tables and routing table

Foreign Agent Configuration & Monitoring Tool Commands
Command	Description
`help [<command>]`	Displays a help screen
`quit`	Quit program
`list [interval]`	Show list of active tunnels, update information after interval seconds
`show <tunnel> [interval]`	Show information of specific tunnel, update information after interval seconds
`destroy <tunnel>`	Remove specified tunnel from agents tables and routing table

Mobile Configuration & Monitoring Tool Commands
Command	Description
`help [<command>]`	Displays a help screen
`quit`	Quit program
`update`	Trigger location update
`tunnel <mode>`	Create tunnel of specified mode. For now only 'full' tunnel is allowed.
`status [interval]`	Show agents status, update information after interval seconds
`disconnect`	Disconnect from tunnel
`careof`	Shows careof address for the mobile
`confirm`	Confirm the tunnel by sending a request to HA.
`home`	Inform mobile node that we are in home network.

Mobile Tunnel Control Tool Commands
Command	Description
`help [<command>]`	Displays a help screen
`quit`	Quit program
`tunnel <mode>`	Create tunnel of specified mode. For now only 'full' tunnel is allowed.
`disconnect`	Disconnect from tunnel
`confirm`	Confirm the tunnel by sending a request to HA.
`home`	Inform mobile node that we are in home network.
`update`	Trigger location update

5. Module implementation description

This section describes the three main modules, i.e. the mobile node, the foreign agent and the home agent, in greater detail.

5.1. Mobile Node

The Mobile Node is separated in three parts. Signaling part is responsible for performing the signaling protocol for the tunneling. Tunneling part performs the actual capsulation and decapsulation of packets. Support part handles interface to library functions for API.

The Mobile Node runs a simple driver code for the state machine. This driver waits for inputs coming through various socket interfaces and timer. Processing of input depends on where the data is coming from. For data coming from other mobility agent, the incoming message is first parsed and then transition function is decided depending on message type, some field values and values of current state variables.

Same message construction and parsing functions, logging functions and tunnel manipulation functions are used as in other mobility agents.

Mobile Node Signaling Part is constructed as a state machine. The inputs to state machine consist of signaling messages, API calls and timer expirations. The library monitoring functions will not affect the state machine and therefore they will be processed beside the state machine. The textual state machine describes the states and effect of inputs in each state. Graphical version presents the states and transitions between them.

Tunneling part is provided by Linux kernel. The Signaling part will use add_tunnel(...) and remove_tunnel(...) functions to control tunneling. This part will be similar in all mobility agents.

Support part communicates with library functions through socket interface using methods and messages specified in API specification. This part consists of functions which respond to the library function calls (through socket interface), modify the agents data structures and trigger state transitions.

Functions Connect and Confirm are blocking functions. These functions will return their results when the machine reaches Connected state, an error occurs (including denials of registration) or call timer expires. Additional state variables api_call_progressing and api_call_socket are used to identify the caller when the target state is reached. Because a call lasts over several state changes and includes data, which affects to the sent messages, only one call to connect or confirm is allowed to progress. If other call to connect or confirm is made while a call is in progress, Call_In_Progress error message is returned. Because both calls intend to register a tunnel, the only way to cancel the API call is to use disconnect library function. The call timeouts if the caller closes the API socket.

Command: update_location

Apply Location_Update input to state machine

Command: connect

If api_call_progressing
    return In Progress
Else If machine is in Disconnect state
    Set API state variables to this call.
    Apply input Connect to state machine.
    If call timeouts
        Disconnect
        Return timeout.
Else return Operation not permitted.

Command: get_status

Return: Success, Data: Current Status

Command: disconnect

Apply Disconnect input to state machine.
Return: Success

Command: get_care_of_addr

If we are connected
Return: Success, Data: care of addr
Else Return: Data not available

Command: get_tunneling_mode

Return value: Success, Data: Full Tunnel

Command: confirm

If api_call_progressing
    Return In Progress
Else If machine is in Connected state
    Set API state variables to this call.
    Apply Confirm input to state machine
    Return: Success
    If call timeouts
        Return to Connected state
        Return timeout.
Else return operation Not permitted.
Note: We want to let the user to decide if tunnel should be closed, because we might just be temporarily out of radio coverage.

Command: home_update

Apply Home_Update transition to state machine.
If state doesn't allow this input
Return: Operation not permitted.
Else Return Success

[REGKEY]: C. Perkins, Registration Keys for Route Optimization (work in progress)
<URL: ftp://ftp.ietf.org/internet-drafts/draft-ietf-mobileip-regkey-00.txt>
[RFC1256]: Stephen E. Deering, ICMP Router Discovery Messages
<URL: ftp://ftp.funet.fi/pub/standards/RFC/rfc1256.txt>
[RFC2002]: C. Perkins, RFC2002 IP Mobility Support
<URL: ftp://ftp.funet.fi/pub/standards/RFC/rfc2002.txt>

Appendix

The following mobile IP implementation were investigated:

Table of contents

1.1. Terms

1.2. Framework

1.3. Document structure

4.1.1. General design

4.1.2. Preconfigured data

4.1.3. Dynamic state data

4.1.4. Timers

4.1.5. Communications with other elements

4.1.6. Dependency on other modules

4.1.7. Operations

4.1.8. Exceptional situations and error situations

4.1.9. Testability

4.2.1. Foreign Agent in brief

4.2.2. Preconfigured data

4.2.3. Dynamic data

4.2.4. Signaling timers

4.2.5. Communication with other elements

4.2.6. Operations and interfaces

4.2.7. Dependency on other modules

4.2.8. Exceptional situations and error situations

4.2.9. Testability

4.2.10. Data structures

4.3.1. Communication with other elements

4.3.2. Dependency on other modules

4.3.3. Preconfigured data

4.3.4. Dynamic data

4.3.5. Exceptional situations and error situations

4.4.1 Secure hash authentication using MD5

4.4.2 Public key cryptosystem using RSA

4.4.2.1 RSA key generation utility

4.4.3 Session key generation

Example use of syslog

4.11.1. Foreign Agent Library Functions

4.11.2. Home Agent Library Functions

4.11.3. Mobile Node Library Functions

4.11.4. Function parameters

4.11.5. Socket interface

4.12.1. Commands