Authentication Protocol


User--|--userTerminal--|------GatewayMachine --------------------------|Authentication|
                                                                           server

       (WWWbrowser)                                         (ipfw)  (ip6fw)
  AnyURL        IPv6 HTTP                                         
 ------->|-----------------------------------------------------|-------X|
         |      IPv4 HTTP (Retry)                              |        |
         |---------------------------------------------------->|        |
         |                    (WWWserver)                      |        |
         |<----------------------| FwdCGI<---------------------|        |
         |   WebPage             |             IP Forward      :        :
         |   HTML Refresh(IPv4)  |
 --------|---------------------->| AuthCGI
         |   IPv4 Address in     | put IPv4 address in hidden tag
         |  Authentication HTML  |
         |<----------------------|
         |                       |
    ---->|                       |
userID   |                       |
    ---->|                       |
passwd   |                       |
    ---->|     POST(IPv6)        |
SendBtn  |---------------------->|
         |<userID>,<passwd>      |          (SrvCGI)
         |<IPv4 address>(hidden) |------------->| request (arp or ndp)
         |<watchmode>            |      <userID>|--------->|
         |                       |      <passwd>|<---------|
         |                       | <MAC address>|   reply  :
         |                       |<IPv6 address>|IPv6 address form "REMOTE_ADDR"
         |                       |<IPv4 address>|IPv4 address form POST data
         |                       |              |                        (Auth server)
         |                       |              |  AuthRequest                :
         |                       |              |---------------------------->|
         |                       |              |<----------------------------|
         |                       |              |  AuthReply                  :
         |                       |              |            (ipfw)  (ip6fw)
         |                       |              |              :        :
         |                       |              |------------->|        |
         |                       |              |  add rule    |        |
         |                       |              |---------------------->|
         |                       |              |  add rule    |        |
         |                       |           (fork)            |        |
         |                       |              | |            |        |
         |                       |              |(set timer)   |        |
         |                       |              |(listen)      |        |
         |<----------------------|<-------------| |            |        |
         | WebPage(content depends on watchmode)# |            |        |
         |                                        |            |        |
       [watchmode=Time or before connecting Http]
         |                                        |            |        |
         |                                        |----------->|        |  ^
         |                                        |<-----------|        |  |
         |                                        |packet count|        |  |
         |                                        |            |        |  |
         |                                        |      (arp) |        |  |
         |                                        |------>|    |        |  |
         |                                        |<------|    |        |  | (Check Loop
         |                                        | mac/ip     |        |  |  in basic mode)
         |                                        |   (ndp)    |        |  |
         |                     IPv6 address check |---->|      |        |  |
         |                                        |<----|      |        |  |
         |                    Add new IPv6 address|-------------------->|  |
         |                                        | add rule   |        |  |
         |                Del expired IPv6 address|-------------------->|  |
         |                                        | del rule   |        |  v
         |                                        |            |        |
         | (No packet||Mac/Ip mismatch||Timeout   |            |        |
         | ||Click terminate link), Close firewall|----------->|        |
         |                                        | del rule   |        |
         |                                        |-------------------->|
         |                                        | del rule   |        |
         |                                        #            :        :
         |                                                               

       [watchmode=Http]                          
         |     "GET /httpkeep-<userid>"           |            |        |
         |--------------------------------------->|            |        |
         |<---------------------------------------|            |        |
         |     Web page (include JavaScript)      |            |        |
         |                                        |            |        |
         | (JavaScript)                           |            |        |
         |--->|        "GET /hello"               |            |        |
         |    |---------------------------------->|            |        |
         |    |<----------------------------------|            |        |
         |    |                                   |            |        |
         |    |        "GET /hello"               |            |        |  ^
         :    |---------------------------------->|            |        |  |
              |<----------------------------------|            |        |  |
              |     "hello"                       |            |        |  |
              |                                   |   (ndp)    |        |  | (Check Loop
              |                IPv6 address check |---->|      |        |  |  in http mode)
              |                                   |<----|      |        |  |
              |               Add new IPv6 address|-------------------->|  |
              |                                   | add rule   |        |  |
              |           Del expired IPv6 address|-------------------->|  |
              |                                   | del rule   |        |  v
              |    (If no request, close firewall)|            |        |
              |     (If close TCP, close firewall)|            |        |
   ---------->|---------------------------------->|----------->|        |
   Kill Web   |  close                            | del rule   |        |
              |                                   |-------------------->|
              |                                   | del rule   |        |
              #                                   #            :        :