IETF Logo Mail Archive

Re: [core] RFC 7252 - Forward Proxies

Achim Kraus <achimkraus@gmx.net> Sat, 11 January 2020 10:30 UTC

Return-Path: <achimkraus@gmx.net>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C4171200FB for <core@ietfa.amsl.com>; Sat, 11 Jan 2020 02:30:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gmx.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2Oq-thtKojQ5 for <core@ietfa.amsl.com>; Sat, 11 Jan 2020 02:30:39 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BDE39120033 for <core@ietf.org>; Sat, 11 Jan 2020 02:30:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1578738633; bh=pQxkLDd3Wq++g5CCwNt291NaG387dg75lGF77Z+MkH0=; h=X-UI-Sender-Class:Subject:To:Cc:References:From:Date:In-Reply-To; b=Op6vymW7xJUoUfo2XcdNos5eaeR54pZkJ6zPLjuttN6A6i8LzJ9JLtsBfKcYxpdLq 4qy7Dze3cNumYrcDgmr+oGkCbhUNgCz10oarSPVPc4OZuyhb/RL/E8puFBAnYv1jiv uMhfac46sEW2KqTqsyG0+yUShz8ws/oySxr9eyj0=
X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c
Received: from [192.168.178.45] ([178.10.248.240]) by mail.gmx.com (mrgmx005 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MfYPi-1jIiAL2Zbc-00g2wx; Sat, 11 Jan 2020 11:30:33 +0100
To: Klaus Hartke <hartke@projectcool.de>
Cc: "core@ietf.org" <core@ietf.org>
References: <324677e1-06d4-a4d6-b79c-9a55c01adcbb@gmx.net> <CAAzbHvYA4nX2ZaL__+yuk8W1e0JXZTx5D4fTgW0F3nJTat0spA@mail.gmail.com>
From: Achim Kraus <achimkraus@gmx.net>
Message-ID: <d192fb34-31eb-e9b6-d446-782d8145ca16@gmx.net>
Date: Sat, 11 Jan 2020 11:30:32 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.2.2
MIME-Version: 1.0
In-Reply-To: <CAAzbHvYA4nX2ZaL__+yuk8W1e0JXZTx5D4fTgW0F3nJTat0spA@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: de-AT-frami
Content-Transfer-Encoding: quoted-printable
X-Provags-ID: V03:K1:cuu6q397UZcX9/RwQhQ0ErBi9fM665UdkPYwdRzvYoZur9pbOFm sLtgwjrjuQIvEXy2uxdzwiRzq3Bc2EqKkT325rg4U593D/eRn+1HMMaKTQh8spUik0n9pS1 cNgcf7NFHL09K6io4Up4jZ2qdp5RlY5zhj3UYHHb1V0WfqXU0HLceOKB1CrhbDO9/mOYQ5K j/17sCoj7qRX3i0U6aYjg==
X-UI-Out-Filterresults: notjunk:1;V03:K0:fypes+CVgyI=:Oo7+YSrXFN1/p2YeNhDnbc 7Sm6RJQmWN5qiyScbOJYQzEwWGmtdKm4/L4I9hFS+dAcOiXbWxypnp2U7K8ZpF/l0tgSh7rqv NOcrtfaOhPb2r9gXnUK6+MNwU5Q/qqwm8LebiUNAKFAtUVYe8xCwZM1rqbK2W1nJ2mEJOdxJj iO1PYuuqm9Uq2deINTF1E/hlzeo2IL+SGm7Al0Y3pLnBmLTFlAIqNUc/ucTXsrPWro34iTqV+ 0N8+l83LkAB4Vfp0IBDM91EFJaf+WP5CKRFla1fooITg7G92ZTRs2w8hCNO5mUS3P9ok8a6SU t0fWxN6k1+b4CqWGMwVPtRNoSmG8kMaepPFs6XbFqDLxBHDYQt2V6O/duJSqXZBhiFioyoUio k10SR6kbnP1pCTrDspfQg9JKp97MVMi9EH2ZlqVkKgsUfq2HCa/6a2fCxVy9cui5ZKujAzcOg HTXg3lYxJop8vajUPjD00FZfPHcfrfguqxSaTNN/zaD4IoWkah8HWL+cy5t/h1nx/AEv7BIf0 J5j2ZuVkuHgFKNjuHbDzIW6ZPL1+1d2UMy8287I/kujFvbDJNfkg85tvpXfURGyVk8uwPa0lp 8EX5IOVOZKgGQAuebj5R2fW/okNVPDJcOMFt1nUPVhf5OSqmbR7Fklb2t4PzDlj5qXlQQAf/f 1uTv20KnD/2UnS5LPxvQDuAHfxpLQl1wEvpDyZO8EJs5hShip8Ig9uO08L0DDWCXgArLpJtEk /bvf66ej4v9+vbeUSpM2L1U/MZ4cX+gViVxdV88AVJIs8C4UwVp6xtJ1/ElK0mfFqh538FIQB Hn942/kwFRN4fUN1Oixd3v9l+8pQMbYT8TSK95YpUyn4b4mcPKorPIRxFiKH4esD2ErjXd4Ka 2f6ncI8VNohPTPFttn4jEQW4kijWbnoOalw/ETY8suL4IDLjKbf+PTv+w6F0DkogYOyryDihT tVBbNaC4oVXG+zEHh1+1WQ2WtDT5v9MAuGXwtqpe/1DShxG9iA/PQo+h3ZiDUq3rUZNJMX3TC qsQ8ZZSX9DvGGB5dkfN7eYDkhkr622FkmtvYYxRZU5mYom2uC28DIxajPVrDKxRehAz6EW6RI pkgQhOuo/xykyycG8BAINn4vmShk6lvuNxQAZm7ThwYf79d/9lZwixV6XN0/mTl28JNqyygWz UJ7salDr+5C9HiQVlkN21nUAkSPeBl355LxUrQKR88UKxKi9ZzZnFk5UK2oRbLrOI7QQsd9Y3 BDcWjHoEauH/1u5E+w+HcNOZuzQWqjztwqxYMF3tDakdHkwf5sG474w4jBH0=
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/Lz71emIw0ev4B0LSWm65dk_yEz8>
Subject: Re: [core] RFC 7252 - Forward Proxies
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Jan 2020 10:30:41 -0000

Hi Klaus,

thanks for your answers and reference explaining the term "IPv4address"!

 > For example, if a client wants to GET a representation of
<coap://example.com:12345/.well-known/core>, then the CoAP options
always encode <coap://198.51.100.1:12345/.well-known/core>, regardless
of whether the destination of the UDP datagram is (198.51.100.1, 12345)
or the IP address and UDP port number of a forward proxy.

In my understanding the, CoAP URI-Host option will be "example.com" and
not "198.51.100.1", otherwise hosts with multiple virtual server will
not be able to differentiate the logical request destination.

Also in my understanding, the port, IP-literal and IPv4address (the none
regname variants), are only included, if they differ from the
destination (which will be the porxy's address in case of a proxy).
Otherwise the note to point 5 of
https://tools.ietf.org/html/rfc7252#section-6.4

"NOTE: In the usual case where the request's destination IP
address is derived from the host part, this ensures that a Uri-
Host Option is only used for a <host> component of the form regname."

will not make sense.

 >> "6 ... otherwise": if a Proxy-Scheme is used, should that default port
 >> be use? Or still the URI-Scheme's port? If the Proxy-Scheme is to be
 >> considered, that default port maybe unclear/unknown by the client
 >> implementation.

 > It's the port number of the request URI (or, if the port number in
the request URI is omitted, the default port number for the scheme of
the request URI). It's not the port number of the forward proxy.

My question was rather, if it's the default port of the proxy scheme
(maybe http), or the requests coap-uri-scheme. My intention of the
question is:

"logical URI"  => "http://example.com/test"

Will be either:
Proxy-Scheme : "http"
CoAP-URI: "coap://example.com/test"
or
Proxy-Scheme : "http"
CoAP-URI: "coap://example.com:80/test"

Best regards

Achim Kraus


Am 10.01.20 um 10:47 schrieb Klaus Hartke:
> Hej Achim!
>
> Achim Kraus wrote:
>> A informal description would be in my opinion, add the uri-host option,
>> if it's not the IP-literal of the destination
>
> Yes. A bit more precisely: The Uri-Host option is omitted in a request
> if and only if its value equals the destination IP address of the
> containing UDP datagram.
>
>> (that assumes, that the
>> term "destination" refers to the actual proxy to send the request to).
>
> Yes. When sending a CoAP request to a forward proxy, the destination
> of the UDP datagram is set to the IP address and UDP port number of
> the forward proxy.
>
>> But the text seems not to differentiate between the request's (which
>> maybe the proxy) and the URI destination (which will be the "final
>> destination", or something like that).
>
> The CoAP options always encode the request URI, i.e., the URI of the
> target resource. For example, if a client wants to GET a
> representation of <coap://example.com:12345/.well-known/core>, then
> the CoAP options always encode
> <coap://198.51.100.1:12345/.well-known/core>, regardless of whether
> the destination of the UDP datagram is (198.51.100.1, 12345) or the IP
> address and UDP port number of a forward proxy.
>
>> I'm also not sure, what the "or
>> IPv4address" refers to.
>
> This refers to the syntax rules for hosts in RFC 3986:
>
>      host = IP-literal / IPv4address / reg-name
>
> Example IP-literal: "[2001:db8::1]"
> Example IPv4address: "198.51.100.1"
> Example reg-name: "example.com"
>
>> For me it seems, that stick strict to 6.4 would cause different option
>> values, if a proxy is used and the "final destination" URI contains also
>> a (different) literal IP address. For me "strict" will then result in a
>> wrong request to the proxy.
>
> This may need a bit clarification. When a request is intended for a
> server, the request URI is encoded using the Uri-Host, Uri-Port,
> Uri-Path, and Uri-Query options. (So, all the request URI components
> are present, except for the scheme.) When a request is intended for a
> forward proxy, the request URI is either encoded using the Proxy-Uri
> option or the Proxy-Scheme, Uri-Host, Uri-Port, Uri-Path, and
> Uri-Query options. (So, all the request URI components are present,
> including the scheme.) Even though some of these options have the word
> "Proxy" in their name, they still contain the components of the
> request URI, not the IP address or UDP port number of the forward
> proxy.
>
>> "6 ... otherwise": if a Proxy-Scheme is used, should that default port
>> be use? Or still the URI-Scheme's port? If the Proxy-Scheme is to be
>> considered, that default port maybe unclear/unknown by the client
>> implementation.
>
> It's the port number of the request URI (or, if the port number in the
> request URI is omitted, the default port number for the scheme of the
> request URI). It's not the port number of the forward proxy.
>
> Does that answer your questions?
>
> Best regards,
> Klaus
>

v2.23.0 | Report a Bug | By Email