tech-invite   World Map     

IETF     RFCs     Groups     SIP     ABNFs    |    3GPP     Specs     Glossaries     Architecture     IMS     UICC    |    search     info

RFC 5533

 
 
 

Shim6: Level 3 Multihoming Shim Protocol for IPv6

Part 2 of 5, p. 17 to 50
Prev RFC Part       Next RFC Part

 


prevText      Top      Up      ToC       Page 17 
4.  Protocol Overview

   The Shim6 protocol operates in several phases over time.  The
   following sequence illustrates the concepts:

   o  An application on host A decides to contact an application on host
      B using some upper-layer protocol.  This results in the ULP on
      host A sending packets to host B.  We call this the initial
      contact.  Assuming the IP addresses selected by default address
      selection [7] and its extensions [9] work, then there is no action
      by the shim at this point in time.  Any shim context establishment
      can be deferred until later.

   o  Some heuristic on A or B (or both) determine that it is
      appropriate to pay the Shim6 overhead to make this host-to-host
      communication robust against locator failures.  For instance, this
      heuristic might be that more than 50 packets have been sent or
      received, or that there was a timer expiration while active packet
      exchange was in place.  This makes the shim initiate the 4-way,
      context-establishment exchange.  The purpose of this heuristic is
      to avoid setting up a shim context when only a small number of
      packets is exchanged between two hosts.

      As a result of this exchange, both A and B will know a list of
      locators for each other.

      If the context-establishment exchange fails, the initiator will
      then know that the other end does not support Shim6, and will
      continue with standard (non-Shim6) behavior for the session.

   o  Communication continues without any change for the ULP packets.
      In particular, there are no Shim6 Extension headers added to the
      ULP packets, since the ULID pair is the same as the locator pair.
      In addition, there might be some messages exchanged between the
      shim sublayers for (un)reachability detection.

   o  At some point in time, something fails.  Depending on the approach
      to reachability detection, there might be some advice from the
      ULP, or the shim (un)reachability detection might discover that
      there is a problem.

      At this point in time, one or both ends of the communication need
      to probe the different alternate locator pairs until a working
      pair is found, and then switch to using that locator pair.

   o  Once a working alternative locator pair has been found, the shim
      will rewrite the packets on transmit and tag the packets with the
      Shim6 Payload Extension header, which contains the receiver's

Top      Up      ToC       Page 18 
      Context Tag.  The receiver will use the Context Tag to find the
      context state, which will indicate which addresses to place in the
      IPv6 header before passing the packet up to the ULP.  The result
      is that, from the perspective of the ULP, the packet passes
      unmodified end-to-end, even though the IP routing infrastructure
      sends the packet to a different locator.

   o  The shim (un)reachability detection will monitor the new locator
      pair as it monitored the original locator pair, so that subsequent
      failures can be detected.

   o  In addition to failures detected based on end-to-end observations,
      one endpoint might know for certain that one or more of its
      locators is not working.  For instance, the network interface
      might have failed or gone down (at layer 2), or an IPv6 address
      might have become deprecated or invalid.  In such cases, the host
      can signal its peer that trying this address is no longer
      recommended.  This triggers something similar to a failure
      handling, and a new working locator pair must be found.

      The protocol also has the ability to express other forms of
      locator preferences.  A change in any preference can be signaled
      to the peer, which will have made the peer record the new
      preferences.  A change in the preferences might optionally make
      the peer want to use a different locator pair.  In this case, the
      peer follows the same locator switching procedure as after a
      failure (by verifying that its peer is indeed present at the
      alternate locator, etc).

   o  When the shim thinks that the context state is no longer used, it
      can garbage collect the state; there is no coordination necessary
      with the peer host before the state is removed.  There is a
      recovery message defined to be able to signal when there is no
      context state, which can be used to detect and recover from both
      premature garbage collection as well as from complete state loss
      (crash and reboot) of a peer.

      The exact mechanism to determine when the context state is no
      longer used is implementation dependent.  For example, an
      implementation might use the existence of ULP state (where known
      to the implementation) as an indication that the state is still
      used, combined with a timer (to handle ULP state that might not be
      known to the shim sublayer) to determine when the state is likely
      to no longer be used.

   NOTE 1: The ULP packets in Shim6 can be carried completely unmodified
   as long as the ULID pair is used as the locator pair.  After a switch
   to a different locator pair, the packets are "tagged" with a Shim6

Top      Up      ToC       Page 19 
   Extension header so that the receiver can always determine the
   context to which they belong.  This is accomplished by including an
   8-octet Shim6 Payload Extension header before the (extension) headers
   that are processed by the IP endpoint sublayer and ULPs.  If,
   subsequently, the original ULIDs are selected as the active locator
   pair, then the tagging of packets with the Shim6 Extension header is
   no longer necessary.

4.1.  Context Tags

   A context between two hosts is actually a context between two ULIDs.
   The context is identified by a pair of Context Tags.  Each end gets
   to allocate a Context Tag, and once the context is established, most
   Shim6 control messages contain the Context Tag that the receiver of
   the message allocated.  Thus, at a minimum, the combination of <peer
   ULID, local ULID, local Context Tag> have to uniquely identify one
   context.  But, since the Shim6 Payload Extension headers are
   demultiplexed without looking at the locators in the packet, the
   receiver will need to allocate Context Tags that are unique for all
   its contexts.  The Context Tag is a 47-bit number (the largest that
   can fit in an 8-octet extension header), while preserving one bit to
   differentiate the Shim6 signaling messages from the Shim6 header
   included in data packets, allowing both to use the same protocol
   number.

   The mechanism for detecting a loss of context state at the peer
   assumes that the receiver can tell the packets that need locator
   rewriting, even after it has lost all state (e.g., due to a crash
   followed by a reboot).  This is achieved because, after a rehoming
   event, the packets that need receive-side rewriting carry the Shim6
   Payload Extension header.

4.2.  Context Forking

   It has been asserted that it will be important for future ULPs -- in
   particular, future transport protocols -- to be able to control which
   locator pairs are used for different communication.  For instance,
   host A and host B might communicate using both Voice over IP (VoIP)
   traffic and ftp traffic, and those communications might benefit from
   using different locator pairs.  However, the basic Shim6 mechanism
   uses a single current locator pair for each context; thus, a single
   context cannot accomplish this.

   For this reason, the Shim6 protocol supports the notion of context
   forking.  This is a mechanism by which a ULP can specify (using some
   API not yet defined) that a context, e.g., the ULID pair <A1, B2>,

Top      Up      ToC       Page 20 
   should be forked into two contexts.  In this case, the forked-off
   context will be assigned a non-zero Forked Instance Identifier, while
   the default context has FII zero.

   The Forked Instance Identifier (FII) is a 32-bit identifier that has
   no semantics in the protocol other than being part of the tuple that
   identifies the context.  For example, a host might allocate FIIs as
   sequential numbers for any given ULID pair.

   No other special considerations are needed in the Shim6 protocol to
   handle forked contexts.

   Note that forking as specified does NOT allow A to be able to tell B
   that certain traffic (a 5-tuple?) should be forked for the reverse
   direction.  The Shim6 forking mechanism as specified applies only to
   the sending of ULP packets.  If some ULP wants to fork for both
   directions, it is up to the ULP to set this up and then instruct the
   shim at each end to transmit using the forked context.

4.3.  API Extensions

   Several API extensions have been discussed for Shim6, but their
   actual specification is out of scope for this document.  The simplest
   one would be to add a socket option to be able to have traffic bypass
   the shim (not create any state and not use any state created by other
   traffic).  This could be an IPV6_DONTSHIM socket option.  Such an
   option would be useful for protocols, such as DNS, where the
   application has its own failover mechanism (multiple NS records in
   the case of DNS) and using the shim could potentially add extra
   latency with no added benefits.

   Some other API extensions are discussed in Appendix A.  The actual
   API extensions are defined in [23].

4.4.  Securing Shim6

   The mechanisms are secured using a combination of techniques:

   o  The HBA technique [3] for verifying the locators to prevent an
      attacker from redirecting the packet stream to somewhere else.

   o  Requiring a Reachability Probe+Reply (defined in [4]) before a new
      locator is used as the destination, in order to prevent 3rd party
      flooding attacks.

Top      Up      ToC       Page 21 
   o  The first message does not create any state on the responder.
      Essentially, a 3-way exchange is required before the responder
      creates any state.  This means that a state-based DoS attack
      (trying to use up all memory on the responder) at least provides
      an IPv6 address that the attacker was using.

   o  The context-establishment messages use nonces to prevent replay
      attacks and to prevent off-path attackers from interfering with
      the establishment.

   o  Every control message of the Shim6 protocol, past the context
      establishment, carries the Context Tag assigned to the particular
      context.  This implies that an attacker needs to discover that
      Context Tag before being able to spoof any Shim6 control message.
      Such discovery probably requires any potential attacker to be
      along the path in order to sniff the Context Tag value.  The
      result is that through this technique, the Shim6 protocol is
      protected against off-path attackers.

4.5.  Overview of Shim Control Messages

   The Shim6 context establishment is accomplished using four messages;
   I1, R1, I2, R2.  Normally, they are sent in that order from initiator
   and responder, respectively.  Should both ends attempt to set up
   context state at the same time (for the same ULID pair), then their
   I1 messages might cross in flight, and result in an immediate R2
   message.  (The names of these messages are borrowed from HIP [20].)

   R1bis and I2bis messages are defined; they are used to recover a
   context after it has been lost.  An R1bis message is sent when a
   Shim6 control or Shim6 Payload Extension header arrives and there is
   no matching context state at the receiver.  When such a message is
   received, it will result in the re-creation of the Shim6 context
   using the I2bis and R2 messages.

   The peers' lists of locators are normally exchanged as part of the
   context-establishment exchange.  But the set of locators might be
   dynamic.  For this reason, there are Update Request and Update
   Acknowledgement messages as well as a Locator List option.

   Even when the list of locators is fixed, a host might determine that
   some preferences might have changed.  For instance, it might
   determine that there is a locally visible failure that implies that
   some locator(s) are no longer usable.  This uses a Locator
   Preferences option in the Update Request message.

Top      Up      ToC       Page 22 
   The mechanism for (un)reachability detection is called Forced
   Bidirectional Communication (FBD).  FBD uses a Keepalive message
   which is sent when a host has received packets from its peer but has
   not yet sent any packets from its ULP to the peer.  The message type
   is reserved in this document, but the message format and processing
   rules are specified in [4].

   In addition, when the context is established and there is a
   subsequent failure, there needs to be a way to probe the set of
   locator pairs to efficiently find a working pair.  This document
   reserves a Probe message type, with the packet format and processing
   rules specified in [4].

   The above Probe and Keepalive messages assume we have an established
   ULID-pair context.  However, communication might fail during the
   initial contact (that is, when the application or transport protocol
   is trying to set up some communication).  This is handled using the
   mechanisms in the ULP to try different address pairs as specified in
   [7] and [9].  In future versions of the protocol, and with a richer
   API between the ULP and the shim, the shim might be able to help
   optimize discovering a working locator pair during initial contact.
   This is for further study.

4.6.  Extension Header Order

   Since the shim is placed between the IP endpoint sublayer and the IP
   routing sublayer, the Shim header will be placed before any Endpoint
   Extension headers (Fragmentation headers, Destination Options header,
   AH, ESP) but after any routing-related headers (Hop-by-Hop Extensions
   header, Routing header, and a Destinations Options header, which
   precedes a Routing header).  When tunneling is used, whether IP-in-IP
   tunneling or the special form of tunneling that Mobile IPv6 uses
   (with Home Address options and Routing header type 2), there is a
   choice whether the shim applies inside the tunnel or outside the
   tunnel, which affects the location of the Shim6 header.

   In most cases, IP-in-IP tunnels are used as a routing technique;
   thus, it makes sense to apply them on the locators, which means that
   the sender would insert the Shim6 header after any IP-in-IP
   encapsulation.  This is what occurs naturally when routers apply IP-
   in-IP encapsulation.  Thus, the packets would have:

   o  Outer IP header

   o  Inner IP header

Top      Up      ToC       Page 23 
   o  Shim6 Extension header (if needed)

   o  ULP

   But the shim can also be used to create "shimmed tunnels", i.e.,
   where an IP-in-IP tunnel uses the shim to be able to switch the
   tunnel endpoint addresses between different locators.  In such a
   case, the packets would have:

   o  Outer IP header

   o  Shim6 Extension header (if needed)

   o  Inner IP header

   o  ULP

   In any case, the receiver behavior is well-defined; a receiver
   processes the Extension headers in order.  However, the precise
   interaction between Mobile IPv6 and Shim6 is for further study; it
   might make sense to have Mobile IPv6 operate on locators as well,
   meaning that the shim would be layered on top of the MIPv6 mechanism.

5.  Message Formats

   The Shim6 messages are all carried using a new IP protocol number
   (140).  The Shim6 messages have a common header (defined below) with
   some fixed fields, followed by type-specific fields.

   The Shim6 messages are structured as an IPv6 Extension header since
   the Shim6 Payload Extension header is used to carry the ULP packets
   after a locator switch.  The Shim6 control messages use the same
   extension header formats so that a single "protocol number" needs to
   be allowed through firewalls in order for Shim6 to function across
   the firewall.

5.1.  Common Shim6 Message Format

   The first 17 bits of the Shim6 header is common for the Shim6 Payload
   Extension header and for the control messages.  It looks as follows:

     0                   1
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |  Next Header  |  Hdr Ext Len  |P|
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Top      Up      ToC       Page 24 
   Fields:

   Next Header:   The payload that follows this header.

   Hdr Ext Len:   8-bit unsigned integer.  Length of the Shim6 header in
                  8-octet units, not including the first 8 octets.

   P:             A single bit to distinguish Shim6 Payload Extension
                  headers from control messages.

   Shim6 signaling packets may not be larger than 1280 bytes, including
   the IPv6 header and any intermediate headers between the IPv6 header
   and the Shim6 header.  One way to meet this requirement is to omit
   part of the locator address information if, with this information
   included, the packet would become larger than 1280 bytes.  Another
   option is to perform option engineering, dividing into different
   Shim6 messages the information to be transmitted.  An implementation
   may impose administrative restrictions to avoid excessively large
   Shim6 packets, such as a limitation on the number of locators to be
   used.

5.2.  Shim6 Payload Extension Header Format

   The Shim6 Payload Extension header is used to carry ULP packets where
   the receiver must replace the content of the Source and/or
   Destination fields in the IPv6 header before passing the packet to
   the ULP.  Thus, this extension header is required when the locator
   pair that is used is not the same as the ULID pair.

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |  Next Header  |       0       |1|                             |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                             |
    |                      Receiver Context Tag                     |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Fields:

   Next Header:   The payload that follows this header.

   Hdr Ext Len:   0 (since the header is 8 octets).

   P:             Set to one.  A single bit to distinguish this from the
                  Shim6 control messages.

Top      Up      ToC       Page 25 
   Receiver Context Tag:
                  47-bit unsigned integer.  Allocated by the receiver to
                  identify the context.

5.3.  Common Shim6 Control Header

   The common part of the header has a Next Header field and a Header
   Extension Length field that are consistent with the other IPv6
   Extension headers, even if the Next Header value is always "NO NEXT
   HEADER" for the control messages.

   The Shim6 headers must be a multiple of 8 octets; hence, the minimum
   size is 8 octets.

   The common Shim6 Control message header is as follows:

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |  Next Header  |  Hdr Ext Len  |P|     Type    |Type-specific|S|
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |            Checksum           |                               |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               |
    |                    Type-specific format                       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Fields:

   Next Header:   8-bit selector.  Normally set to NO_NXT_HDR (59).

   Hdr Ext Len:   8-bit unsigned integer.  Length of the Shim6 header in
                  8-octet units, not including the first 8 octets.

   P:             Set to zero.  A single bit to distinguish this from
                  the Shim6 Payload Extension header.

   Type:          7-bit unsigned integer.  Identifies the actual message
                  from the table below.  Type codes 0-63 will not
                  trigger R1bis messages on a missing context, while
                  codes 64-127 will trigger R1bis.

   S:             A single bit set to zero that allows Shim6 and HIP to
                  have a common header format yet still distinguishes
                  between Shim6 and HIP messages.

   Checksum:      16-bit unsigned integer.  The checksum is the 16-bit
                  one's complement of the one's complement sum of the
                  entire Shim6 header message, starting with the Shim6

Top      Up      ToC       Page 26 
                  Next Header field and ending as indicated by the Hdr
                  Ext Len.  Thus, when there is a payload following the
                  Shim6 header, the payload is NOT included in the Shim6
                  checksum.  Note that, unlike protocols like ICMPv6,
                  there is no pseudo-header checksum part of the
                  checksum; this provides locator agility without having
                  to change the checksum.

   Type-specific: Part of the message that is different for different
                  message types.

    +------------+----------------------------------------------------+
    | Type Value |                       Message                      |
    +------------+----------------------------------------------------+
    |      1     |  I1 (1st establishment message from the initiator) |
    |      2     |  R1 (1st establishment message from the responder) |
    |      3     |  I2 (2nd establishment message from the initiator) |
    |      4     |  R2 (2nd establishment message from the responder) |
    |      5     | R1bis (Reply to reference to non-existent context) |
    |      6     |          I2bis (Reply to an R1bis message)         |
    |     64     |                   Update Request                   |
    |     65     |               Update Acknowledgement               |
    |     66     |                      Keepalive                     |
    |     67     |                    Probe Message                   |
    |     68     |                    Error Message                   |
    +------------+----------------------------------------------------+

                                  Table 1

5.4.  I1 Message Format

   The I1 message is the first message in the context-establishment
   exchange.

Top      Up      ToC       Page 27 
     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |       59      |  Hdr Ext Len  |0|  Type = 1   |   Reserved1 |0|
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |            Checksum           |R|                             |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                             |
    |                  Initiator Context Tag                        |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                    Initiator Nonce                            |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                                                               |
    +                         Options                               +
    |                                                               |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Fields:

   Next Header:   NO_NXT_HDR (59).

   Hdr Ext Len:   At least 1, since the header is 16 octets when there
                  are no options.

   Type:          1

   Reserved1:     7-bit field.  Reserved for future use.  Zero on
                  transmit.  MUST be ignored on receipt.

   R:             1-bit field.  Reserved for future use.  Zero on
                  transmit.  MUST be ignored on receipt.

   Initiator Context Tag:
                  47-bit field.  The Context Tag that the initiator has
                  allocated for the context.

   Initiator Nonce:
                  32-bit unsigned integer.  A random number picked by
                  the initiator, which the responder will return in the
                  R1 message.

   The following options are defined for this message:

   ULID pair:     When the IPv6 source and destination addresses in the
                  IPv6 header does not match the ULID pair, this option
                  MUST be included.  An example of this is when
                  recovering from a lost context.

Top      Up      ToC       Page 28 
   Forked Instance Identifier:
                  When another instance of an existent context with the
                  same ULID pair is being created, a Forked Instance
                  Identifier option MUST be included to distinguish this
                  new instance from the existent one.

   Future protocol extensions might define additional options for this
   message.  The C-bit in the option format defines how such a new
   option will be handled by an implementation.  See Section 5.15.

5.5.  R1 Message Format

   The R1 message is the second message in the context-establishment
   exchange.  The responder sends this in response to an I1 message,
   without creating any state specific to the initiator.

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |       59      |  Hdr Ext Len  |0|  Type = 2   |   Reserved1 |0|
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |            Checksum           |           Reserved2           |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                    Initiator Nonce                            |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                    Responder Nonce                            |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                                                               |
    +                         Options                               +
    |                                                               |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Fields:

   Next Header:   NO_NXT_HDR (59).

   Hdr Ext Len:   At least 1, since the header is 16 octets when there
                  are no options.

   Type:          2

   Reserved1:     7-bit field.  Reserved for future use.  Zero on
                  transmit.  MUST be ignored on receipt.

   Reserved2:     16-bit field.  Reserved for future use.  Zero on
                  transmit.  MUST be ignored on receipt.

Top      Up      ToC       Page 29 
   Initiator Nonce:
                  32-bit unsigned integer.  Copied from the I1 message.

   Responder Nonce:
                  32-bit unsigned integer.  A number picked by the
                  responder, which the initiator will return in the I2
                  message.

   The following options are defined for this message:

   Responder Validator:
                  Variable length option.  This option MUST be included
                  in the R1 message.  Typically, it contains a hash
                  generated by the responder, which the responder uses
                  together with the Responder Nonce value to verify that
                  an I2 message is indeed sent in response to an R1
                  message, and that the parameters in the I2 message are
                  the same as those in the I1 message.

   Future protocol extensions might define additional options for this
   message.  The C-bit in the option format defines how such a new
   option will be handled by an implementation.  See Section 5.15.

5.6.  I2 Message Format

   The I2 message is the third message in the context-establishment
   exchange.  The initiator sends this in response to an R1 message,
   after checking the Initiator Nonce, etc.

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |       59      |  Hdr Ext Len  |0|  Type = 3   |   Reserved1 |0|
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |            Checksum           |R|                             |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                             |
    |                  Initiator Context Tag                        |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                    Initiator Nonce                            |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                    Responder Nonce                            |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                       Reserved2                               |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                                                               |
    +                         Options                               +
    |                                                               |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Top      Up      ToC       Page 30 
   Fields:

   Next Header:   NO_NXT_HDR (59).

   Hdr Ext Len:   At least 2, since the header is 24 octets when there
                  are no options.

   Type:          3

   Reserved1:     7-bit field.  Reserved for future use.  Zero on
                  transmit.  MUST be ignored on receipt.

   R:             1-bit field.  Reserved for future use.  Zero on
                  transmit.  MUST be ignored on receipt.

   Initiator Context Tag:
                  47-bit field.  The Context Tag that the initiator has
                  allocated for the context.

   Initiator Nonce:
                  32-bit unsigned integer.  A random number picked by
                  the initiator, which the responder will return in the
                  R2 message.

   Responder Nonce:
                  32-bit unsigned integer.  Copied from the R1 message.

   Reserved2:     32-bit field.  Reserved for future use.  Zero on
                  transmit.  MUST be ignored on receipt.  (Needed to
                  make the options start on a multiple of 8 octet
                  boundary.)

   The following options are defined for this message:

   Responder Validator:
                  Variable length option.  This option MUST be included
                  in the I2 message and MUST be generated by copying the
                  Responder Validator option received in the R1 message.

   ULID pair:     When the IPv6 source and destination addresses in the
                  IPv6 header do not match the ULID pair, this option
                  MUST be included.  An example of this is when
                  recovering from a lost context.

Top      Up      ToC       Page 31 
   Forked Instance Identifier:
                  When another instance of an existent context with the
                  same ULID pair is being created, a Forked Instance
                  Identifier option MUST be included to distinguish this
                  new instance from the existent one.

   Locator List:  Optionally sent when the initiator immediately wants
                  to tell the responder its list of locators.  When it
                  is sent, the necessary HBA/CGA information for
                  verifying the locator list MUST also be included.

   Locator Preferences:
                  Optionally sent when the locators don't all have equal
                  preference.

   CGA Parameter Data Structure:
                  This option MUST be included in the I2 message when
                  the locator list is included so the receiver can
                  verify the locator list.

   CGA Signature: This option MUST be included in the I2 message when
                  some of the locators in the list use CGA (and not HBA)
                  for verification.

   Future protocol extensions might define additional options for this
   message.  The C-bit in the option format defines how such a new
   option will be handled by an implementation.  See Section 5.15.

5.7.  R2 Message Format

   The R2 message is the fourth message in the context-establishment
   exchange.  The responder sends this in response to an I2 message.
   The R2 message is also used when both hosts send I1 messages at the
   same time and the I1 messages cross in flight.

Top      Up      ToC       Page 32 
     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |       59      |  Hdr Ext Len  |0|  Type = 4   |   Reserved1 |0|
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |            Checksum           |R|                             |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                             |
    |                  Responder Context Tag                        |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                    Initiator Nonce                            |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                                                               |
    +                         Options                               +
    |                                                               |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Fields:

   Next Header:   NO_NXT_HDR (59).

   Hdr Ext Len:   At least 1, since the header is 16 octets when there
                  are no options.

   Type:          4

   Reserved1:     7-bit field.  Reserved for future use.  Zero on
                  transmit.  MUST be ignored on receipt.

   R:             1-bit field.  Reserved for future use.  Zero on
                  transmit.  MUST be ignored on receipt.

   Responder Context Tag:
                  47-bit field.  The Context Tag that the responder has
                  allocated for the context.

   Initiator Nonce:
                  32-bit unsigned integer.  Copied from the I2 message.

   The following options are defined for this message:

   Locator List:  Optionally sent when the responder immediately wants
                  to tell the initiator its list of locators.  When it
                  is sent, the necessary HBA/CGA information for
                  verifying the locator list MUST also be included.

   Locator Preferences:
                  Optionally sent when the locators don't all have equal
                  preference.

Top      Up      ToC       Page 33 
   CGA Parameter Data Structure:
                  Included when the locator list is included so the
                  receiver can verify the locator list.

   CGA Signature: Included when some of the locators in the list use CGA
                  (and not HBA) for verification.

   Future protocol extensions might define additional options for this
   message.  The C-bit in the option format defines how such a new
   option will be handled by an implementation.  See Section 5.15.

5.8.  R1bis Message Format

   Should a host receive a packet with a Shim6 Payload Extension header
   or Shim6 control message with type code 64-127 (such as an Update or
   Probe message), and the host does not have any context state for the
   received Context Tag, then it will generate a R1bis message.

   This message allows the sender of the packet referring to the non-
   existent context to re-establish the context with a reduced context-
   establishment exchange.  Upon the reception of the R1bis message, the
   receiver can proceed with re-establishing the lost context by
   directly sending an I2bis message.

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |       59      |  Hdr Ext Len  |0|  Type = 5   |   Reserved1 |0|
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |            Checksum           |R|                             |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                             |
    |                     Packet Context Tag                        |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                    Responder Nonce                            |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                                                               |
    +                         Options                               +
    |                                                               |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Fields:

   Next Header:   NO_NXT_HDR (59).

   Hdr Ext Len:   At least 1, since the header is 16 octets when there
                  are no options.

   Type:          5

Top      Up      ToC       Page 34 
   Reserved1:     7-bit field.  Reserved for future use.  Zero on
                  transmit.  MUST be ignored on receipt.

   R:             1-bit field.  Reserved for future use.  Zero on
                  transmit.  MUST be ignored on receipt.

   Packet Context Tag:
                  47-bit unsigned integer.  The Context Tag contained in
                  the received packet that triggered the generation of
                  the R1bis message.

   Responder Nonce:
                  32-bit unsigned integer.  A number picked by the
                  responder which the initiator will return in the I2bis
                  message.

   The following options are defined for this message:

   Responder Validator:
                  Variable length option.  Typically, a hash generated
                  by the responder, which the responder uses together
                  with the Responder Nonce value to verify that an I2bis
                  message is indeed sent in response to an R1bis
                  message.

   Future protocol extensions might define additional options for this
   message.  The C-bit in the option format defines how such a new
   option will be handled by an implementation.  See Section 5.15.

5.9.  I2bis Message Format

   The I2bis message is the third message in the context-recovery
   exchange.  This is sent in response to an R1bis message, after
   checking that the R1bis message refers to an existing context, etc.

Top      Up      ToC       Page 35 
     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |       59      |  Hdr Ext Len  |0|  Type = 6  |   Reserved1 |0|
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |            Checksum           |R|                             |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                             |
    |                  Initiator Context Tag                        |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                    Initiator Nonce                            |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                    Responder Nonce                            |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                       Reserved2                               |
    |                                 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                                 |                             |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                             |
    |                     Packet Context Tag                        |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                                                               |
    +                         Options                               +
    |                                                               |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Fields:

   Next Header:   NO_NXT_HDR (59).

   Hdr Ext Len:   At least 3, since the header is 32 octets when there
                  are no options.

   Type:          6

   Reserved1:     7-bit field.  Reserved for future use.  Zero on
                  transmit.  MUST be ignored on receipt.

   R:             1-bit field.  Reserved for future use.  Zero on
                  transmit.  MUST be ignored on receipt.

   Initiator Context Tag:
                  47-bit field.  The Context Tag that the initiator has
                  allocated for the context.

   Initiator Nonce:
                  32-bit unsigned integer.  A random number picked by
                  the initiator, which the responder will return in the
                  R2 message.

Top      Up      ToC       Page 36 
   Responder Nonce:
                  32-bit unsigned integer.  Copied from the R1bis
                  message.

   Reserved2:     49-bit field.  Reserved for future use.  Zero on
                  transmit.  MUST be ignored on receipt.  (Note that 17
                  bits are not sufficient since the options need to
                  start on a multiple-of-8-octet boundary.)

   Packet Context Tag:
                  47-bit unsigned integer.  Copied from the Packet
                  Context Tag field contained in the received R1bis.

   The following options are defined for this message:

   Responder Validator:
                  Variable length option.  Just a copy of the Responder
                  Validator option in the R1bis message.

   ULID pair:     When the IPv6 source and destination addresses in the
                  IPv6 header do not match the ULID pair, this option
                  MUST be included.

   Forked Instance Identifier:
                  When another instance of an existent context with the
                  same ULID pair is being created, a Forked Instance
                  Identifier option is included to distinguish this new
                  instance from the existent one.

   Locator List:  Optionally sent when the initiator immediately wants
                  to tell the responder its list of locators.  When it
                  is sent, the necessary HBA/CGA information for
                  verifying the locator list MUST also be included.

   Locator Preferences:
                  Optionally sent when the locators don't all have equal
                  preference.

   CGA Parameter Data Structure:
                  Included when the locator list is included so the
                  receiver can verify the locator list.

   CGA Signature: Included when some of the locators in the list use CGA
                  (and not HBA) for verification.

   Future protocol extensions might define additional options for this
   message.  The C-bit in the option format defines how such a new
   option will be handled by an implementation.  See Section 5.15.

Top      Up      ToC       Page 37 
5.10.  Update Request Message Format

   The Update Request message is used to update either the list of
   locators, the locator preferences, or both.  When the list of
   locators is updated, the message also contains the option(s)
   necessary for HBA/CGA to secure this.  The basic sanity check that
   prevents off-path attackers from generating bogus updates is the
   Context Tag in the message.

   The Update Request message contains options (the Locator List and the
   Locator Preferences) that, when included, completely replace the
   previous locator list and locator preferences, respectively.  Thus,
   there is no mechanism to just send deltas to the locator list.

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |       59      |  Hdr Ext Len  |0|  Type = 64  |   Reserved1 |0|
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |            Checksum           |R|                             |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                             |
    |                   Receiver Context Tag                        |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                    Request Nonce                              |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                                                               |
    +                         Options                               +
    |                                                               |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Fields:

   Next Header:   NO_NXT_HDR (59).

   Hdr Ext Len:   At least 1, since the header is 16 octets when there
                  are no options.

   Type:          64

   Reserved1:     7-bit field.  Reserved for future use.  Zero on
                  transmit.  MUST be ignored on receipt.

   R:             1-bit field.  Reserved for future use.  Zero on
                  transmit.  MUST be ignored on receipt.

   Receiver Context Tag:
                  47-bit field.  The Context Tag that the receiver has
                  allocated for the context.

Top      Up      ToC       Page 38 
   Request Nonce:
                  32-bit unsigned integer.  A random number picked by
                  the initiator, which the peer will return in the
                  Update Acknowledgement message.

   The following options are defined for this message:

   Locator List:  The list of the sender's (new) locators.  The locators
                  might be unchanged and only the preferences have
                  changed.

   Locator Preferences:
                  Optionally sent when the locators don't all have equal
                  preference.

   CGA Parameter Data Structure (PDS):
                  Included when the locator list is included and the PDS
                  was not included in the I2/ I2bis/R2 messages, so the
                  receiver can verify the locator list.

   CGA Signature: Included when some of the locators in the list use CGA
                  (and not HBA) for verification.

   Future protocol extensions might define additional options for this
   message.  The C-bit in the option format defines how such a new
   option will be handled by an implementation.  See Section 5.15.

5.11.  Update Acknowledgement Message Format

   This message is sent in response to an Update Request message.  It
   implies that the Update Request has been received and that any new
   locators in the Update Request can now be used as the source locators
   of packets.  But it does not imply that the (new) locators have been
   verified to be used as a destination, since the host might defer the
   verification of a locator until it sees a need to use a locator as
   the destination.

Top      Up      ToC       Page 39 
     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |       59      |  Hdr Ext Len  |0|  Type = 65  |   Reserved1 |0|
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |            Checksum           |R|                             |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                             |
    |                   Receiver Context Tag                        |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                      Request Nonce                            |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                                                               |
    +                         Options                               +
    |                                                               |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Fields:

   Next Header:   NO_NXT_HDR (59).

   Hdr Ext Len:   At least 1, since the header is 16 octets when there
                  are no options.

   Type:          65

   Reserved1:     7-bit field.  Reserved for future use.  Zero on
                  transmit.  MUST be ignored on receipt.

   R:             1-bit field.  Reserved for future use.  Zero on
                  transmit.  MUST be ignored on receipt.

   Receiver Context Tag:
                  47-bit field.  The Context Tag the receiver has
                  allocated for the context.

   Request Nonce: 32-bit unsigned integer.  Copied from the Update
                  Request message.

   No options are currently defined for this message.

   Future protocol extensions might define additional options for this
   message.  The C-bit in the option format defines how such a new
   option will be handled by an implementation.  See Section 5.15.

Top      Up      ToC       Page 40 
5.12.  Keepalive Message Format

   This message format is defined in [4].

   The message is used to ensure that when a peer is sending ULP packets
   on a context, it always receives some packets in the reverse
   direction.  When the ULP is sending bidirectional traffic, no extra
   packets need to be inserted.  But for a unidirectional ULP traffic
   pattern, the shim will send back some Keepalive messages when it is
   receiving ULP packets.

5.13.  Probe Message Format

   This message and its semantics are defined in [4].

   The goal of this mechanism is to test whether or not locator pairs
   work in the general case.  In particular, this mechanism is to be
   able to handle the case when one locator pair works from A to B and
   another locator pair works from B to A, but there is no locator pair
   that works in both directions.  The protocol mechanism is that, as A
   is sending Probe messages to B, B will observe which locator pairs it
   has received and report that back in Probe messages it sends to A.

5.14.  Error Message Format

   The Error message is generated by a Shim6 receiver upon the reception
   of a Shim6 message containing critical information that cannot be
   processed properly.

   In the case that a Shim6 node receives a Shim6 packet that contains
   information that is critical for the Shim6 protocol and that is not
   supported by the receiver, it sends an Error Message back to the
   originator of the Shim6 message.  The Error message is
   unacknowledged.

   In addition, Shim6 Error messages defined in this section can be used
   to identify problems with Shim6 implementations.  In order to do so,
   a range of Error Code types is reserved for that purpose.  In
   particular, implementations may generate Shim6 Error messages with
   Code types in that range, instead of silently discarding Shim6
   packets during the debugging process.

Top      Up      ToC       Page 41 
     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |       59      |  Hdr Ext Len  |0|  Type = 68  |  Error Code |0|
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |            Checksum           |            Pointer            |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                                                               |
    +                         Packet in error                       +
    |                                                               |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Fields:

   Next Header:   NO_NXT_HDR (59).

   Hdr Ext Len:   At least 1, since the header is 16 octets.  Depends on
                  the specific Error Data.

   Type:          68

   Error Code:    7-bit field describing the error that generated the
                  Error message.  See Error Code list below.

   Pointer:       16-bit field.  Identifies the octet offset within the
                  invoking packet where the error was detected.

   Packet in error:
                  As much of invoking packet as possible without the
                  Error message packet exceeding the minimum IPv6 MTU.

   The following Error Codes are defined:

   +---------+---------------------------------------------------------+
   |   Code  |                       Description                       |
   |  Value  |                                                         |
   +---------+---------------------------------------------------------+
   |    0    |                Unknown Shim6 message type               |
   |    1    |              Critical option not recognized             |
   |    2    |    Locator verification method failed (Pointer to the   |
   |         |         inconsistent verification method octet)         |
   |    3    |       Locator List Generation number out of sync.       |
   |    4    | Error in the number of locators in a Locator Preference |
   |         |                          option                         |
   | 120-127 |             Reserved for debugging purposes             |
   +---------+---------------------------------------------------------+

                                  Table 2

Top      Up      ToC       Page 42 
5.15.  Option Formats

   The format of the options is a snapshot of the current HIP option
   format [20].  However, there is no intention to track any changes to
   the HIP option format, nor is there an intent to use the same name
   space for the option type values.  But using the same format will
   hopefully make it easier to import HIP capabilities into Shim6 as
   extensions to Shim6, should this turn out to be useful.

   All of the TLV parameters have a length (including Type and Length
   fields) that is a multiple of 8 bytes.  When needed, padding MUST be
   added to the end of the parameter so that the total length becomes a
   multiple of 8 bytes.  This rule ensures proper alignment of data.  If
   padding is added, the Length field MUST NOT include the padding.  Any
   added padding bytes MUST be zeroed by the sender, and their values
   SHOULD NOT be checked by the receiver.

   Consequently, the Length field indicates the length of the Contents
   field (in bytes).  The total length of the TLV parameter (including
   Type, Length, Contents, and Padding) is related to the Length field
   according to the following formula:

   Total Length = 11 + Length - (Length + 3) mod 8;

   The total length of the option is the smallest multiple of 8 bytes
   that allows for the 4 bytes of the Option header and option, itself.
   The amount of padding required can be calculated as follows:

   padding = 7 - ((Length + 3) mod 8)

   And:

   Total Length = 4 + Length + padding

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |             Type            |C|             Length            |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    ~                                                               ~
    ~                          Contents                             ~
    ~                                               +-+-+-+-+-+-+-+-+
    ~                                               |    Padding    |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Top      Up      ToC       Page 43 
   Fields:

   Type:          15-bit identifier of the type of option.  The options
                  defined in this document are below.

   C:             Critical.  One, if this parameter is critical and MUST
                  be recognized by the recipient; zero otherwise.  An
                  implementation might view the C-bit as part of the
                  Type field by multiplying the type values in this
                  specification by two.

   Length:        Length of the Contents, in bytes.

   Contents:      Parameter-specific, defined by Type.

   Padding:       Padding, 0-7 bytes, added if needed.

                  +------+------------------------------+
                  | Type |          Option Name         |
                  +------+------------------------------+
                  |   1  |      Responder Validator     |
                  |   2  |         Locator List         |
                  |   3  |      Locator Preferences     |
                  |   4  | CGA Parameter Data Structure |
                  |   5  |         CGA Signature        |
                  |   6  |           ULID Pair          |
                  |   7  |  Forked Instance Identifier  |
                  |  10  |   Keepalive Timeout Option   |
                  +------+------------------------------+

                                  Table 3

   Future protocol extensions might define additional options for the
   Shim6 messages.  The C-bit in the option format defines how such a
   new option will be handled by an implementation.

   If a host receives an option that it does not understand (an option
   that was defined in some future extension to this protocol) or that
   is not listed as a valid option for the different message types
   above, then the Critical bit in the option determines the outcome.

   o  If C=0, then the option is silently ignored, and the rest of the
      message is processed.

   o  If C=1, then the host SHOULD send back a Shim6 Error message with
      Error Code=1, with the Pointer field referencing the first octet
      in the Option Type field.  When C=1, the rest of the message MUST
      NOT be processed.

Top      Up      ToC       Page 44 
5.15.1.  Responder Validator Option Format

   The responder can choose exactly what input is used to compute the
   validator and what one-way function (such as MD5 or SHA1) it uses, as
   long as the responder can check that the validator it receives back
   in the I2 or I2bis message is indeed one that:

   1) computed,

   2) computed for the particular context, and

   3) isn't a replayed I2/I2bis message.

   Some suggestions on how to generate the validators are captured in
   Sections 7.10.1 and 7.17.1.

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |           Type = 1          |0|            Length             |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    ~                           Validator                           ~
    ~                                               +-+-+-+-+-+-+-+-+
    ~                                               |    Padding    |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Fields:

   Validator:     Variable length content whose interpretation is local
                  to the responder.

   Padding:       Padding, 0-7 bytes, added if needed.  See
                  Section 5.15.

5.15.2.  Locator List Option Format

   The Locator List option is used to carry all the locators of the
   sender.  Note that the order of the locators is important, since the
   Locator Preferences option refers to the locators by using the index
   in the list.

   Note that we carry all the locators in this option even though some
   of them can be created automatically from the CGA Parameter Data
   Structure.

Top      Up      ToC       Page 45 
     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |           Type = 2          |0|            Length             |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                     Locator List Generation                   |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |  Num Locators |            N Octets of Verification Method    |
    +-+-+-+-+-+-+-+-+                                               |
    ~                                                               ~
    ~                                               +-+-+-+-+-+-+-+-+
    ~                                               |    Padding    |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    ~                     Locators 1 through N                      ~
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Fields:

   Locator List Generation:
                  32-bit unsigned integer.  Indicates a generation
                  number that is increased by one for each new locator
                  list.  This is used to ensure that the index in the
                  Locator Preferences refers to the right version of the
                  locator list.

   Num Locators:  8-bit unsigned integer.  The number of locators that
                  are included in the option.  We call this number "N"
                  below.

   Verification Method:
                  N octets.  The ith octet specifies the verification
                  method for the ith locator.

   Padding:       Padding, 0-7 bytes, added if needed so that the
                  Locators start on a multiple-of-8-octet boundary.
                  Note that for this option, there is never a need to
                  pad at the end since the Locators are a multiple-of-8-
                  octets in length.  This internal padding is included
                  in the Length field.

   Locators:      N 128-bit locators.

   The defined verification methods are:

Top      Up      ToC       Page 46 
              +---------+----------------------------------+
              |  Value  |              Method              |
              +---------+----------------------------------+
              |    0    |             Reserved             |
              |    1    |                HBA               |
              |    2    |                CGA               |
              |  3-200  | Allocated using Standards action |
              | 201-254 |         Experimental use         |
              |   255   |             Reserved             |
              +---------+----------------------------------+

                                  Table 4

5.15.3.  Locator Preferences Option Format

   The Locator Preferences option can have some flags to indicate
   whether or not a locator is known to work.  In addition, the sender
   can include a notion of preferences.  It might make sense to define
   "preferences" as a combination of priority and weight, the same way
   that DNS SRV records have such information.  The priority would
   provide a way to rank the locators, and, within a given priority, the
   weight would provide a way to do some load sharing.  See [5] for how
   SRV defines the interaction of priority and weight.

   The minimum notion of preferences we need is to be able to indicate
   that a locator is "dead".  We can handle this using a single octet
   flag for each locator.

   We can extend that by carrying a larger "element" for each locator.
   This document presently also defines 2-octet and 3-octet elements,
   and we can add more information by having even larger elements if
   need be.

   The locators are not included in the preference list.  Instead, the
   first element refers to the locator that was in the first element in
   the Locator List option.  The generation number carried in this
   option and the Locator List option is used to verify that they refer
   to the same version of the locator list.

Top      Up      ToC       Page 47 
     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |           Type = 3          |0|            Length             |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                     Locator List Generation                   |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |  Element Len  |  Element[1]   |  Element[2]   |  Element[3]   |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    ~                              ...                              ~
    ~                                               +-+-+-+-+-+-+-+-+
    ~                                               |    Padding    |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Case of Element Len = 1 is depicted.

   Fields:

   Locator List Generation:
                  32-bit unsigned integer.  Indicates a generation
                  number for the locator list to which the elements
                  should apply.

   Element Len:   8-bit unsigned integer.  The length in octets of each
                  element.  This specification defines the cases when
                  the length is 1, 2, or 3.

   Element[i]:    A field with a number of octets defined by the Element
                  Len field.  Provides preferences for the ith locator
                  in the Locator List option that is in use.

   Padding:       Padding, 0-7 bytes, added if needed.  See
                  Section 5.15.

   When the Element length equals one, then the element consists of only
   a one-octet Flags field.  The currently defined set of flags are:

      BROKEN: 0x01

      TRANSIENT: 0x02

   The intent of the BROKEN flag is to inform the peer that a given
   locator is known to be not working.  The intent of TRANSIENT is to
   allow the distinction between more stable addresses and less stable
   addresses when Shim6 is combined with IP mobility, and when we might
   have more stable home locators and less stable care-of-locators.

Top      Up      ToC       Page 48 
   When the Element length equals two, then the element consists of a
   one-octet Flags field followed by a one-octet Priority field.  This
   Priority field has the same semantics as the Priority field in DNS
   SRV records.

   When the Element length equals three, then the element consists of a
   one-octet Flags field followed by a one-octet Priority field and a
   one-octet Weight field.  This Weight field has the same semantics as
   the Weight field in DNS SRV records.

   This document doesn't specify the format when the Element length is
   more than three, except that any such formats MUST be defined so that
   the first three octets are the same as in the above case, that is, a
   one-octet Flags field followed by a one-octet Priority field, and a
   one-octet Weight field.

5.15.4.  CGA Parameter Data Structure Option Format

   This option contains the CGA Parameter Data Structure (PDS).  When
   HBA is used to verify the locators, the PDS contains the HBA
   multiprefix extension in addition to the PDS mandatory fields and
   other extensions unrelated to Shim6 that the PDS might have.  When
   CGA is used to verify the locators, in addition to the PDS option,
   the host also needs to include the signature in the form of a CGA
   Signature option.

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |           Type = 4          |0|            Length             |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    ~                   CGA Parameter Data Structure                ~
    ~                                               +-+-+-+-+-+-+-+-+
    ~                                               |    Padding    |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Fields:

   CGA Parameter Data Structure:
                  Variable length content.  Content defined in [2] and
                  [3].

   Padding:       Padding, 0-7 bytes, added if needed.  See
                  Section 5.15.

Top      Up      ToC       Page 49 
5.15.5.  CGA Signature Option Format

   When CGA is used for verification of one or more of the locators in
   the Locator List option, then the message in question will need to
   contain this option.

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |           Type = 5          |0|            Length             |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    ~                        CGA Signature                          ~
    ~                                               +-+-+-+-+-+-+-+-+
    ~                                               |    Padding    |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Fields:

   CGA Signature: A variable-length field containing a PKCS#1 v1.5
                  signature, constructed by using the sender's private
                  key over the following sequence of octets:

                  1.  The 128-bit CGA Message Type tag [CGA] value for
                      Shim6: 0x4A 30 5662 4858 574B 3655 416F 506A 6D48.
                      (The tag value has been generated randomly by the
                      editor of this specification.).

                  2.  The Locator List Generation number of the
                      correspondent Locator List option.

                  3.  The subset of locators included in the
                      correspondent Locator List option whose
                      verification method is set to CGA.  The locators
                      MUST be included in the order in which they are
                      listed in the Locator List Option.

   Padding:       Padding, 0-7 bytes, added if needed.  See
                  Section 5.15.

5.15.6.  ULID Pair Option Format

   I1, I2, and I2bis messages MUST contain the ULID pair; normally, this
   is in the IPv6 Source and Destination fields.  In case the ULID for
   the context differs from the address pair included in the Source and
   Destination Address fields of the IPv6 packet used to carry the I1/
   I2/I2bis message, the ULID Pair option MUST be included in the I1/I2/
   I2bis message.

Top      Up      ToC       Page 50 
     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |           Type = 6          |0|        Length = 36            |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                       Reserved2                               |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                                                               |
    +                         Sender ULID                           +
    |                                                               |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                                                               |
    +                        Receiver ULID                          +
    |                                                               |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Fields:

   Reserved2:     32-bit field.  Reserved for future use.  Zero on
                  transmit.  MUST be ignored on receipt.  (Needed to
                  make the ULIDs start on a multiple-of-8-octet
                  boundary.)

   Sender ULID:   A 128-bit IPv6 address.

   Receiver ULID: A 128-bit IPv6 address.

5.15.7.  Forked Instance Identifier Option Format

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |           Type = 7          |0|         Length = 4            |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                  Forked Instance Identifier                   |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Fields:

   Forked Instance Identifier:
                  32-bit field containing the identifier of the
                  particular forked instance.

5.15.8.  Keepalive Timeout Option Format

   This option is defined in [4].


Next RFC Part