60 likes | 383 Views
PANA State Machine Issue Resolution (draft-ietf-pana-statemachine-01.txt). Victor Fajardo, Yoshihiro Ohba and Rafael Marin Lopez. Issue #01 EAP_Restart() not required as an initialization action in PaC statemachine since all exit actions from the OFFLINE state performs EAP_Restart()
E N D
PANA State Machine Issue Resolution(draft-ietf-pana-statemachine-01.txt) Victor Fajardo, Yoshihiro Ohba and Rafael Marin Lopez IETF63 PANA WG
Issue #01 • EAP_Restart() not required as an initialization action in PaC statemachine since all exit actions from the OFFLINE state performs EAP_Restart() • Resolution: EAP_Restart() is removed in initialization action of PaC statemachine Issue #02 • Nonce, PPAC, PCAP and ISP information AVP are missing in PSR/PSA exchange in PAC statemachine • Resolution: No action. The AVP’s are excluded for simplicity since it does not affect the state during the PSR/PSA exchange Issue #03 • During separate authentication, if the 1st EAP authentication succeeded and 2nd EAP authentication fails but PAA policy decides that access should be granted, the PAC statemachine closes the session IETF63 PANA WG
Issue #03 (Continued) • Resolution: The EAP_FAILURE event in WAIT_EAP_RESULT state of the PaC statemachine has been modified from: EAP_FAILURE if (key_available()) CLOSED PBA.insert_avp("MAC"); Tx:PBA(); To: EAP_FAILURE && if (key_available()) OPEN (SEPARATE==Set) && PBA.insert_avp("MAC"); ppac_available() && if (CARRY_DEVICE_ID) (!PBR.exist_avp PBA.insert_avp ("Protection- ("Device-Id"); Capability") || PBA.insert_avp("PPAC"); (PBR.exist_avp Tx:PBA(); ("Protection- Authorize(); Capability") && SessionTimerStart(); pcap_supported())) IETF63 PANA WG
Issue #04 • The PANA_PROTECTION_CAPABILITY_UNSUPPORTED error code is not supported in PaC and PAA statemachine. draft-ietf-pana-pana-10.txt specifies when this error code is sent. • Resolution: Added pcap_supported() procedure in PaC statemachine’s WAIT_EAP_RESULT state for every state transition leading to an OPEN state. Also added the following handlers when pcap_supported() procedure fails: EAP_SUCCESS && if (key_available()) WAIT_PEA !ppac_available() PER.insert_avp("MAC"); PER.RESULT_CODE = PANA_PPAC_CAPABILITY_UNSUPPORTED Tx:PER(); RtxTimerStart(); EAP_FAILURE && if (key_available()) WAIT_PEA (SEPARATE==Set) && PER.insert_avp("MAC"); (PBR.exist_avp PER.RESULT_CODE= ("Protection- PANA_PROTECTION_ Capability") && CAPABILITY_UNSUPPORTED !pcap_supported()) Tx:PER(); RtxTimerStart(); IETF63 PANA WG
Issue #05 • In STATEFUL_DISC state of PAA statemachine, re-transmission timer is not stopped in Rx:PSA event • Resolution: RtxTimerStop() is added in the exit action of Rx:PSA state transition in STATEFUL_DISC state of PAA FSM Issue #06 • In WAIT_EAP_MSG_IN_DISC, the state transition action should perform ISP selection. • Resolution: The EAP_RESPONSE events exit action now calls choose_isp() procedure. If the procedure succeeds then the appropriate PSA.insert_avp("ISP") procedure is also called Issue #07 • If EAP retransmission is not handled in WAIT_PAN_OR_PAR state of the PAA statemachine, a dead-lock situation can occur if the PaC moves to WAIT_PAA state because of an EAP_RESP_TIMEOUT event and the PaC has just sent a PAN without an EAP-Payload IETF63 PANA WG
Issue #07 (Continued) • Resolution: An EAP_REQUEST entry in WAIT_PAN_OR_PAR in the PAA statemachine has been added as follows: EAP_REQUEST if (key_available()) WAIT_PAN_OR_PAR PAR.insert_avp("MAC"); if (SEPARATE==Set) { PAR.S_flag=1; if (NAP_AUTH==Set) PAR.N_flag=1; } Tx:PAR(); RtxTimerStart(); IETF63 PANA WG