1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
|
Realm Specific IP (RSIP) Parameters - RFC 3103 and RFC 3104
(last updated 2001 October 15)
RSIP Parameters
-address types
-tunnel types
-RSIP methods
-flow policy
-vendor ID
RSIP message type codes
RSIP error codes
RSIP Parameters (defined in section 8 of [RFC3103], unless
otherwise stated)
RSIP Parameters
Value Parameter Reference
----- --------------------- ---------
1 Address
2 Ports
3 Lease Time
4 Client ID
5 Bind ID
6 Tunnel Type
7 RSIP Method
8 Error
9 Flow Policy
10 Indicator
11 Message Counter
12 Vendor Specific Parameter
13-21 Assigned by IANA
22 SPI (reference: [RFC3104])
24-240 Assigned by IANA
241-255 Reserved for private use
RSIP address types (section 8.1, [RFC3103])
Length of value
Value Addrtype field (in bytes) Reference
----- -------- ---------------- ---------
0 Reserved 0
1 IPv4 4
2 IPv4 netmask 4
3 IPv6 16
4 FQDN varies
RSIP Tunnel Types
Value Tunnel Type Reference
----- ----------- ---------
0 Reserved [RFC3103]
1 IP-IP [RFC3103]
2 GRE [RFC3103]
3 L2TP [RFC3103]
RSIP Methods
Value RSIP method Reference
----- ----------- ---------
0 Reserved [RFC3103]
1 RSA-IP [RFC3103]
2 RSAP-IP [RFC3103]
3 RSIP with IPsec (RSIPSEC) [RFC3104]
RSIP Flow Policies
Value Flow Policy Reference
----- ----------- ---------
0 Reserved [RFC3103]
1 Macro flows [RFC3103]
2 Micro flows [RFC3103]
3 No policy [RFC3103]
RSIP Vendor ID's
Value Vendor ID Reference
----- ----------- ---------
0 Reserved [RFC3103]
RSIP Message Types
Value Message Implementation Status Reference
----- --------------------- -------------- ---------- ---------
0 Reserved
1 ERROR_RESPONSE gateway mandatory [RFC3103]
2 REGISTER_REQUEST host mandatory [RFC3103]
3 REGISTER_RESPONSE gateway mandatory [RFC3103]
4 DE-REGISTER_REQUEST host mandatory [RFC3103]
5 DE-REGISTER_RESPONSE gateway mandatory [RFC3103]
6 ASSIGN_REQUEST_RSA-IP host optional [RFC3103]
7 ASSIGN_RESPONSE_RSA-IP gateway optional [RFC3103]
8 ASSIGN_REQUEST_RSAP-IP host mandatory [RFC3103]
9 ASSIGN_RESPONSE_RSAP-IP gateway mandatory [RFC3103]
10 EXTEND_REQUEST host mandatory [RFC3103]
11 EXTEND_RESPONSE gateway mandatory [RFC3103]
12 FREE_REQUEST host mandatory [RFC3103]
13 FREE_RESPONSE gateway mandatory [RFC3103]
14 QUERY_REQUEST host optional [RFC3103]
15 QUERY_RESPONSE gateway mandatory [RFC3103]
16 LISTEN_REQUEST host optional [RFC3103]
17 LISTEN_RESPONSE gateway optional [RFC3103]
18-21 Assigned by IANA
22 ASSIGN_REQUEST_RSIPSEC host optional [RFC3104]
23 ASSIGN_RESPONSE_RSIPSEC gateway optional [RFC3104]
24-240 Assigned by IANA
241-255 Reserved for private use
RSIP Error Codes
Code Description Reference
---- --------------------------------------------------------- ---------
100's: General errors.
101: UNKNOWN_ERROR. An error that cannot be identified has occurred.
This error should be used when all other error messages are
inappropriate.
102: USE_TCP. A host has attempted to use UDP on a server that
only supports TCP.
103: FLOW_POLICY_VIOLATION: A host has not specified address or
port information in enough detail for its assigned flow policy.
104: INTERNAL_SERVER_ERROR: An RSIP server application has detected
an unrecoverable error within itself or the RSIP gateway.
105: MESSAGE_COUNTER_REQUIRED: An RSIP host did not use a message
counter parameter in a situation in which it should have.
200's: Parameter and message errors. The gateway uses these errors
when it detects that a parameter or message is malformed, as
well as when it does not understand a parameter or message.
201: MISSING_PARAM. The request does not contain a required parameter.
202: DUPLICATE_PARAM. The request contains an illegal duplicate
parameter.
203: EXTRA_PARAM. The request contains a parameter that it should not.
204: ILLEGAL_PARAM. The gateway does not understand a parameter type.
205: BAD_PARAM. A parameter is malformed.
206: ILLEGAL_MESSAGE. The gateway does not understand the message
type. The message type is neither mandatory nor optional.
207: BAD_MESSAGE. A message is malformed and gateway parsing failed.
208: UNSUPPORTED_MESSAGE: The host has transmitted an optional message
that the gateway does not support.
300's: Permission, resource, and policy errors. The gateway uses these
errors when a host has attempted to do something that it is
not permitted to do, or something that violated gateway policy.
301: REGISTER_FIRST. The RSIP host has attempted to request or use
resources without registering.
302: ALREADY_REGISTERED. The host has attempted to register again
without first de-registering.
303: ALREADY_UNREGISTERED. The host has attempted to de-register but it
is already in the unregistered state.
304: REGISTRATION_DENIED. The gateway will not allow the host to register.
305: BAD_CLIENT_ID. The host has referred to itself with the wrong client ID.
306: BAD_BIND_ID. The request refers to a bind ID that is not valid for
the host.
307: BAD_TUNNEL_TYPE. The request refers to a tunnel type that is
not valid for the host.
308: LOCAL_ADDR_UNAVAILABLE. The gateway is currently not able to
allocate ANY local address, but the host may try again later.
309: LOCAL_ADDRPORT_UNAVAILABLE. The gateway is currently not able to
allocate ANY local IP address / port tuple of the requested magnitude
(i.e., number of ports), but the host may try again later.
310: LOCAL_ADDR_INUSE. The gateway was not able to allocate the requested
local address because it is currently used by another entity.
311: LOCAL_ADDRPORT_INUSE. The gateway was not able to allocate the
requested local address / port tuple because it is currently used
by another entity.
312: LOCAL_ADDR_UNALLOWED. The gateway will not let the host use
the specified local IP address due to policy.
313: LOCAL_ADDRPORT_UNALLOWED. The gateway will not let the host
use the specified local address / port pair due to policy.
314: REMOTE_ADDR_UNALLOWED. The gateway will not allow the host
to establish a session to the specified remote address.
315: REMOTE_ADDRPORT_UNALLOWED. The gateway will not allow the host to
establish a session to the specified remote address / port tuple.
400's: IPsec errors. All errors specific to RSIP / IPsec operation.
401: IPSEC_UNALLOWED. The server will not allow the client [RFC3104]
to use end-to-end IPsec.
402: IPSEC_SPI_UNAVAILABLE. The server does not have an SPI [RFC3104]
available for client use.
403: IPSEC_SPI_INUSE. The client has requested an SPI that [RFC3104]
another client is currently using.
References
----------
[RFC3103] M. Borella, D. Grabelsky, J. Lo, and K. Tuniguchi, "Realm
Specific IP: Protocol Specification", RFC 3103,
October 2001.
[RFC3104] G. Montenegro and M. Borella, "RSIP Support for End-to-end
IPsec", RFC 3104, October 2001.
(created Apr 20 2001)
[]
|
