Re: [6tisch] MSF adapts to traffic only for secured packets
Tengfei Chang <tengfei.chang@gmail.com> Thu, 12 December 2019 17:21 UTC
Return-Path: <tengfei.chang@gmail.com>
X-Original-To: 6tisch@ietfa.amsl.com
Delivered-To: 6tisch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 615CC12084C for <6tisch@ietfa.amsl.com>; Thu, 12 Dec 2019 09:21:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ie4JDTET-B0Z for <6tisch@ietfa.amsl.com>; Thu, 12 Dec 2019 09:21:14 -0800 (PST)
Received: from mail-pj1-x1042.google.com (mail-pj1-x1042.google.com [IPv6:2607:f8b0:4864:20::1042]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 76A4512008B for <6tisch@ietf.org>; Thu, 12 Dec 2019 09:21:14 -0800 (PST)
Received: by mail-pj1-x1042.google.com with SMTP id r67so1306973pjb.0 for <6tisch@ietf.org>; Thu, 12 Dec 2019 09:21:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=NXKaMxPM54h9Io4PGQJ1/pXLh6lHH0gB2YjXdrl3Oa0=; b=RgOYcqHglR55yd84ZLwri1cBjskdediaRfPfqLkkxj53Qcyq1ckzFIUHW6ts3C2zPG LmGIHt1/FxzQaeBn5IsVgtFhhe2TJgmADChY+BbX1xlWWtJm4JSov0/WLZg6uH3gsyiS k95G1hwDs/8D8ng09ycz3+N5eyZ1Qp0KiOmezH0oNGV3xiUxCnXOKmVFHfSJ/+qX+mp9 DbFSzlCZuCfsMUgZz7Uo1EhKPTu7/KfYCjjOw26xxUW4Hpl+ERGhf04pnFucgfHjO3Xf Hl9+OVbCOS2ghAiRTtsH+lWjLW5cnYewtKrVU6CrLUe9OIjo51GfuFW92ZO/CDKLatf2 O1wA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=NXKaMxPM54h9Io4PGQJ1/pXLh6lHH0gB2YjXdrl3Oa0=; b=STwEuc7+vVEatPHDOtvCRJD55Z0ctktZIMHQcKeYHN9ubV7+GOBpKtCJUOLag5Pn5T gsHJ5ntmLpeJwcuQxPaQ9Y2VxAbvayOP11mCCEPKbj0aUwNxDucwZZ8LXWSFrk7MS2dN vOMqCxkaHubn2cqSL8HhS1IJoZZx0gbQF3xnGn257zqc+bTCoIFkn83rJtyqhA10sCZR KNvhxnrl0s8rjTq+MJoeZQWkBXRCmBy7BZJdwTLwnHNCSRHIYJSKS4FG5m7EFpgLd75x 4iUc4ExBp6RIbXteiaZ7yGkNX2AqNCaSXv9t81P0HAcmseFKJjsJcZbpCn1v57AyOjEV /bWA==
X-Gm-Message-State: APjAAAXBpKd9v/cRvknp8QUrN7lRBm69/XXwbqdwSHyDkjsgjWLbguLt 7eUm6//kNmEincRI5wVBaZIf0ta8vlnCMvwU95OfNGYc
X-Google-Smtp-Source: APXvYqwMZW5BEMOSRzw/fDZFK83lu7jygWmxL7fV8IjUECW0E/ZyUoZDqpZotllVE4o/0fAaweTVAxE0IjO7NT+VtQo=
X-Received: by 2002:a17:90a:808c:: with SMTP id c12mr10879256pjn.105.1576171273770; Thu, 12 Dec 2019 09:21:13 -0800 (PST)
MIME-Version: 1.0
References: <CAAdgstRGHyRKoMLBhRih8yHwDvf-DTp42ZTEBmBP57FSgt8MyA@mail.gmail.com> <MN2PR11MB35652B278DB4225DAAE30956D85C0@MN2PR11MB3565.namprd11.prod.outlook.com> <CAAdgstQG7nkXr7tKffdChftjd8JDG4LvyOqepFsQ8eqZqHt0Aw@mail.gmail.com> <812b5502-9703-b99d-196b-3c983fdc0d5e@inria.fr> <CAAdgstRB86SUFaMXqCzwggh6gy6Jx6uof3W5kDb3imMGZ85r6A@mail.gmail.com> <C91BE829-44B4-479E-8835-2494D49B1FCD@inria.fr> <CAAdgstRG-HOaWhYxwqjfhzK_9atW8J0WqJzqxnaC09CqTrV-kg@mail.gmail.com> <698e8842-db8e-4470-7682-0662043ac004@inria.fr> <1ADB480A-EE66-4349-B0B8-1D0061525ED4@inria.fr> <4e131204-be7e-077a-62d8-22e4e29aeb97@inria.fr> <CAAdgstR6C6hROzfksTnPosxZUpGPbfB0WcVJUpyXfbmZhWBhRQ@mail.gmail.com> <C2BE4117-CBFE-40F1-8B78-F1E90EAD1B59@inria.fr> <MN2PR11MB35650A829035EBD8C167D682D8550@MN2PR11MB3565.namprd11.prod.outlook.com> <CAAdgstQzdHszkxzTXNZ4fRVjHX6cHUKJ3VTFHyjg6LjYWiB3NQ@mail.gmail.com> <e7c4b715-2537-7e33-cd77-ae9525e525dd@inria.fr> <CAAdgstQzww-z-TE8_jR_Y1kh1SbreDan2s0bBYBHMGtBkttKzg@mail.gmail.com> <CAAdgstRn-5i8TzvQY+VSofqXmDLkcR5F94_jK9fX7Un8g6siEA@mail.gmail.com> <MN2PR11MB3565D5A4DC157BECB84771E4D8550@MN2PR11MB3565.namprd11.prod.outlook.com>
In-Reply-To: <MN2PR11MB3565D5A4DC157BECB84771E4D8550@MN2PR11MB3565.namprd11.prod.outlook.com>
From: Tengfei Chang <tengfei.chang@gmail.com>
Date: Thu, 12 Dec 2019 18:21:02 +0100
Message-ID: <CAAdgstQZFMED=sxcE9g=kWV+vcMMUp_qbrdAbzNX+GBGfxA=fg@mail.gmail.com>
To: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
Cc: 6tisch <6tisch@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000e0db40059984f88b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/6tisch/kzuI_XYgFjOR0XqH-N-5UqeFApk>
Subject: Re: [6tisch] MSF adapts to traffic only for secured packets
X-BeenThere: 6tisch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discuss link layer model for Deterministic IPv6 over the TSCH mode of IEEE 802.15.4e, and impacts on RPL and 6LoWPAN such as resource allocation" <6tisch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch>, <mailto:6tisch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6tisch/>
List-Post: <mailto:6tisch@ietf.org>
List-Help: <mailto:6tisch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch>, <mailto:6tisch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Dec 2019 17:21:18 -0000
ah... I agree with you . Just submitted the current version though. Will correct it in next version. On Thu, Dec 12, 2019 at 6:04 PM Pascal Thubert (pthubert) < pthubert@cisco.com> wrote: > A nit Tengfei : > > > > « *before it is passed to MSF. “* > > Would be > > *“before it is passed to the 6top sublayer where MSF can observe it.” Or > something similar?* > > > > Otherwise, all good! > > > > Pascal > > > > *From:* 6tisch <6tisch-bounces@ietf.org> *On Behalf Of *Tengfei Chang > *Sent:* jeudi 12 décembre 2019 17:51 > *To:* 6tisch <6tisch@ietf.org> > *Subject:* Re: [6tisch] MSF adapts to traffic only for secured packets > > > > All, > > > > The following is our internal discuss about this issue. > > > > We will add the following text in "Security Consideration " section in > MSF-09: > > > > > > > > > > > > > > > > > > > > > > > * MSF adapts to traffics containing packets from IP layer. It is > possible that the IP packet has a non-zero DSCP (Diffserv Code Point > [RFC2597]) value in its IPv6 header. The decision whether to hand over > that packet to MAC layer to transmit or to drop that packet belongs to > the upper layer and is out of scope of MSF. As long as the decision is > made to hand over to MAC layer to transmit, MSF will take that packet > into account when adapting to traffic. Note that non-zero DSCP value may > imply that the traffic is originated at unauthenticated pledges, > referring to [I-D.ietf-6tisch-minimal-security]. The implementation at > IPv6 layer SHOULD ensure that this join traffic is rate-limited before > it is passed to MSF. In case there is no rate limit for join traffic, > intermediate nodes in the 6TiSCH network may be prone to a resource > exhaustion attack, with the attacker injecting unauthenticated traffic > from the network edge. The assumption is that the rate limiting > function is aware of the available bandwidth in the 6top L3 bundle(s) > towards a next hop, not directly from MSF, but from an interaction with > the 6top sublayer that manages ultimately the bundles under MSF's > guidance. How this rate limit is set is out of* > > * scope of MSF. * > > > > > > > > > > On Thu, Dec 12, 2019 at 5:26 PM Tengfei Chang <tengfei.chang@gmail.com> > wrote: > > Thanks for the confirmation Yatch! > > > > I will forward our discuss back to the mailing list for information. > > > > > > > > On Thu, Dec 12, 2019 at 5:22 PM Yasuyuki Tanaka <yasuyuki.tanaka@inria.fr> > wrote: > > Thank you, all. > > The proposed text looks very good to me. It resolves my concerns. > > Best, > Yatch > > On 12/12/2019 6:01 AM, Tengfei Chang wrote: > > Cool! Thanks for the additional info! Integrated as well! > > > > On Thu, Dec 12, 2019 at 4:55 PM Pascal Thubert (pthubert) > > <pthubert@cisco.com <mailto:pthubert@cisco.com>> wrote: > > > > Hello again > > > > > > > Note that non-zero DSCP value may imply that the traffic is > > originated at unauthenticated pledges, see {{minimal-security}}. > > > The implementation at IPv6 layer SHOULD ensure that this join > > traffic is rate-limited before it is passed to MSF. > > > In case there is no rate limit for join traffic, intermediate > > nodes in the 6TiSCH network may be prone to a resource exhaustion > > attack, with the attacker injecting unauthenticated traffic from the > > network edge. > > > How this rate limit is set is out of scope of MSF. > > > > This would be a nice addition to the security section : ) > > > > Note that the upper layer can only do load control if it is aware of > > the amount of bandwidth that the current bundles provide. 6top > > knows. So either 6top does the whole rate limiting, or there is an > > interface between the IP layer and 6top, that is not described, even > > in the architecture. > > > > The idea was to describe all this in > > https://tools.ietf.org/html/draft-wang-6tisch-6top-sublayer but that > > will probably not happen anytime soon. > > > > So maybe complementing Malisa's text as follows: > > > > ." > > Note that non-zero DSCP value may imply that the traffic is > > originated at unauthenticated pledges, see {{minimal-security}}. > > The implementation at IPv6 layer SHOULD ensure that this join > > traffic is rate-limited before it is passed to MSF. > > In case there is no rate limit for join traffic, intermediate nodes > > in the 6TiSCH network may be prone to a resource exhaustion attack, > > with the attacker injecting unauthenticated traffic from the network > > edge. > > The assumption is that the rate limiting function is aware of the > > available bandwidth in the 6top L3 bundle(s) towards a next hop, not > > directly from MSF, but from an interaction with the 6top sublayer > > that manages ultimately the bundles under MSF's guidance. How this > > rate limit is set is out of scope of MSF. > > " > > > > Pascal > > > > > > On Wed, Dec 11, 2019 at 6:03 PM Yasuyuki Tanaka > > <mailto:yasuyuki.tanaka@inria.fr <mailto:yasuyuki.tanaka@inria.fr>> > > wrote: > > Thanks, Malisa, > > > > First of all, > > > > > 1) MSF not allocating cells in response to AF43 traffic > > > > I think it's a layer violation as I mentioned in previous emails in > > other expressions. So, I'm trying to avoid to do this. MSF, part of > L2, > > shouldn't do anything based on contents in the MAC payload field of a > > frame in process. > > > > > Under the assumption that application traffic is given higher > > priority than join AF43, is this not solved with the two above? Do I > > miss some other issue you raised? > > > > You may be able to solve the issue by that, although prioritizing > > traffic is not a job of a scheduling function. > > > > > Are you considering to set the maximum link capacity (i.e. total > > number of cells) between two neighbors? This is a function of the > > application traffic and the acceptable “untrusted” traffic, where > > you only know the latter in advance through the admin policy. IMO, > > this risks to introduce application drops as well if not properly > > configured.. > > > > If we have the maximum link capacity to a neighbor, we can avoid > > resource exhaustion. But the link could be occupied by acceptable > > "untrusted" traffic, which can cause application packet drops. To > > prevent that, rate limit for AF43 packets at L3 should be aligned > > with , > > less than, the maximum link capacity configured to MSF. > > > > Yes, if it's not configured properly, you may have undesirable > network > > performance. But, it's only a matter of configuration. > > > > > The normative keyword in minimal-security is a SHOULD. If we have > > a good reason not to follow that, we can explain in MSF why it is > > the case... > > > > Thanks; yes I'm aware of that. Having the concern about the layer > > violation thing, I'm not a fan of the section itself. I think now you > > know that. :-) Considering the stage of the CoJP draft, I DON'T > suggest > > any change to Section 6.1.1. > > > > Best, > > Yatch > > > > > > On 12/11/2019 6:09 AM, Mališa Vučinić wrote: > > > Yatch, > > > > > > What I don’t understand is how the combination of > > > > > > 1) MSF not allocating cells in response to AF43 traffic > > > 2) keeping AF43 in a separate buffer from application/network > > traffic, or having dedicated number of slots to AF43 in the same > buffer, > > > > > > has issues we previously discussed. My understanding is that you > > worry about the application traffic being dropped due to AF43 > > traffic being present in the same buffer and occupying cells but not > > causing allocations. Under the assumption that application traffic > > is given higher priority than join AF43, is this not solved with the > > two above? Do I miss some other issue you raised? > > > > > > p.s. yes, we are trying to avoid resource exhaustion where the > > attacker injects join requests into the network causing higher power > > consumption on intermediate nodes. > > > > > > Some remarks on your proposal below. > > > > > > Mališa > > > > > >> On 11 Dec 2019, at 16:02, Yasuyuki Tanaka > > <mailto:yasuyuki.tanaka@inria.fr <mailto:yasuyuki.tanaka@inria.fr>> > > wrote: > > >> > > >> Hi Tengfei, Malisa, > > >> > > >>> To resolve the issue Yatch mentioned in the thread, > > >> > > >> My opinion is, to allow allocations by *acceptable* amount of > > untrusted traffic. This won't need any modification on MSF, TSCH, > > and even L3, while keeping application requirements.. > > >> > > >> L3 enforces traffic controls to ensure untrusted traffic keeps > > below the limit configured by adminimistrative policy. This is a > > common practice in IP networks, I believe. > > >> > > >>> Malisa pointed out we should states that the buffers for trust > > traffic > > >>> and untrusted traffic should be separated. > > >> > > >> This doesn't solve the issue. Suppose a case when NumCellsUsed > > is 74.9999...% and we're going to send one single untrusted packet > > stored in the buffer for such packets, the untrusted packet will > > cause NumCellsUsed to exceed LIM_NUMCELLSUSED_HIGH (75%), and will > > trigger an additional allocation. > > >> > > >> Here is one of Pascal's ideas: > > >> > > >>> You can have different thresholds based on AF to trigger the > > allocation. > > >> > > >> It sounds like, this idea allows additional allocations by AF43 > > traffic to some extent? > > >> > > >> Anyway, as he mentioned, > > >> > > >>> This only pushes the problem a bit though. > > >> > > >> It does. > > >> > > >>> You can have a turbo mode during network startup ... But that > > is not in scope for MSF. > > >> > > >> Regarding "turbo mode" in Pascal's email, it is out of the scope > > of MSF, and could be difficult to implement in a right way since > > there is no explicit timing of the end of network "bootstrap". > > >> > > >> As you may notice, if we don't allow any allocation by > > "untrusted" traffic at all, this would give another DoS window to > > attackers. > > >> > > >> What the CoJP draft is trying to resolve is, resource exhaustion > > attacks by join request packets? > > > > > >> If MSF has the upper limit of scheduled cells, it won't allocate > > cells by untrusted traffic endlessly. Of course, the upper limit > > should be configured with consideration for application requirements > > and acceptable "untrusted" traffic. > > >> > > >> So, with an assumption L3 controls traffic of AF43 packets, my > > opinion ends up to be: > > >> > > >> - 1. allow allocations by "untrusted" traffic > > >> - 2. set the upper limit of (TX/RX) cells scheduled with an > > selected parent > > > > > > I don’t understand point 2. Are you considering to set the > > maximum link capacity (i.e. total number of cells) between two > > neighbors? This is a function of the application traffic and the > > acceptable “untrusted” traffic, where you only know the latter in > > advance through the admin policy. IMO, this risks to introduce > > application drops as well if not properly configured.. > > > > > >> > > >> I'm sorry for raising this at this stage of the CoJP draft... I > > didn't notice Section 6.1.1 of > > draft-ietf-6tisch-minimal-security-14. Section 6.1.1 is very > > constraining. I remember we had a related discussion on this matter > > last summer, regarding MSF autonomous cell allocation. Then, I > > thought, after the discussion, the text of MSf dind't have any issue > > in handing AF43 packets. But, clearly, it isn't the case… > > > > > > The normative keyword in minimal-security is a SHOULD. If we have > > a good reason not to follow that, we can explain in MSF why it is > > the case... > > > > > >> > > >> Best, > > >> Yatch > > >> > > >> On 12/11/2019 1:17 AM, Tengfei Chang wrote: > > >>> Hi Yatch, Pascal, > > >>> Malisa and I have discussed personally on this topic and think > > it's better to have an internal discussion on this. > > >>> To resolve the issue Yatch mentioned in the thread, not > > adapting the untrusted traffic could make the application traffic > > being dropped because of limited bandwidth. > > >>> Malisa pointed out we should states that the buffers for trust > > traffic and untrusted traffic should be separated. > > >>> So they won't effect each other. However, the pledge's join > > traffic still have the same situation being dropped.. > > >>> What is your opinion to handle this issue in MSF? > > >>> Tengfei > > >>> On Fri, Dec 6, 2019 at 11:24 PM Yasuyuki Tanaka > > <mailto:yasuyuki.tanaka@inria.fr <mailto:yasuyuki.tanaka@inria.fr> > > <mailto:mailto <mailto:mailto>:yasuyuki.tanaka@inria.fr > > <mailto:yasuyuki.tanaka@inria.fr>>> wrote: > > >>> Thank you, Tengfei.. > > >>> > On Dec 6, 2019, at 22:49, Tengfei Chang > > <mailto:tengfei.chang@gmail.com <mailto:tengfei.chang@gmail.com> > > >>> <mailto:mailto <mailto:mailto>:tengfei.chang@gmail.com > > <mailto:tengfei.chang@gmail.com>>> wrote: > > >>> > > > >>> > Handling DSCP value will be a per-packet process. Can we > > pass > > >>> DCSP value > > >>> > to the TSCH layer using the interface for transmission > > defined by > > >>> > IEEE802.15.4? I don't think so. > > >>> > > > >>> > TC: Not sure this is a standard way to do so. For > > implementing, > > >>> tut this value or a flag could have a default value. > > >>> > TC: If this value is not given, i.e. frame from > IEEE802.15.4 > > >>> layer, just use the default value. > > >>> What we would do are: > > >>> - 1. don't update NumCellsUsed for AF43 packets, otherwise > > update them > > >>> - 2. don't update NumTX/NumTxAck for AF43 packets, > > otherwise update them > > >>> The first one may cause undesirable deallocations. If a > > node has > > >>> relayed join request continuously for a certain period of > > time, the > > >>> computed cell utilization (NumCellsUsed / NumCellsElapsed) > goes > > >>> down, then a negotiated TX cell will be deleted, even if the > > >>> negotiated TX cell was scheduled to handle application > > traffic to > > >>> forward. This behavior may degrade end-to-end reliability. > > >>> The second one may prevent the node from monitoring link > > PDRs on > > >>> scheduled cells correctly. This could affect the scheduling > > >>> collision detection. > > >>> Best, > > >>> Yatch > > >>> -- > > >>> —————————————————————————————————————— > > >>> Dr. Tengfei, Chang > > >>> Postdoctoral Research Engineer, Inria > > >>> http://www.tchang.org/ <http://www..tchang.org/ > <http://www.tchang.org/>> > > >>> —————————————————————————————————————— > > > > > > > > > > > -- > > —————————————————————————————————————— > > > > Dr. Tengfei, Chang > > Postdoctoral Research Engineer, Inria > > > > http://www.tchang.org/ > > —————————————————————————————————————— > > > > > > > > -- > > —————————————————————————————————————— > > > > Dr. Tengfei, Chang > > Postdoctoral Research Engineer, Inria > > > > www.tchang.org/ <http://www.tchang.org/> > > —————————————————————————————————————— > > > > > -- > > —————————————————————————————————————— > > > > Dr. Tengfei, Chang > > Postdoctoral Research Engineer, Inria > > > > www.tchang.org/ > > —————————————————————————————————————— > > > > > -- > > —————————————————————————————————————— > > > > Dr. Tengfei, Chang > > Postdoctoral Research Engineer, Inria > > > > www.tchang.org/ > > —————————————————————————————————————— > -- —————————————————————————————————————— Dr. Tengfei, Chang Postdoctoral Research Engineer, Inria www.tchang.org/ ——————————————————————————————————————
- [6tisch] MSF adapts to traffic only for secured p… Tengfei Chang
- Re: [6tisch] MSF adapts to traffic only for secur… Yasuyuki Tanaka
- Re: [6tisch] MSF adapts to traffic only for secur… Pascal Thubert (pthubert)
- Re: [6tisch] MSF adapts to traffic only for secur… Mališa Vučinić
- Re: [6tisch] MSF adapts to traffic only for secur… Yasuyuki Tanaka
- Re: [6tisch] MSF adapts to traffic only for secur… Mališa Vučinić
- Re: [6tisch] MSF adapts to traffic only for secur… Yasuyuki Tanaka
- Re: [6tisch] MSF adapts to traffic only for secur… Tengfei Chang
- Re: [6tisch] MSF adapts to traffic only for secur… Pascal Thubert (pthubert)
- Re: [6tisch] MSF adapts to traffic only for secur… Yasuyuki Tanaka
- Re: [6tisch] MSF adapts to traffic only for secur… Tengfei Chang
- Re: [6tisch] MSF adapts to traffic only for secur… Yasuyuki Tanaka
- Re: [6tisch] MSF adapts to traffic only for secur… Tengfei Chang
- Re: [6tisch] MSF adapts to traffic only for secur… Pascal Thubert (pthubert)
- Re: [6tisch] MSF adapts to traffic only for secur… Tengfei Chang