IETF Logo Mail Archive

Re: sockets APIs extensions for Host Identity Protocol

Keith Moore <moore@cs.utk.edu> Fri, 11 May 2007 08:13 UTC

Return-path: <discuss-bounces@apps.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HmQFS-0004In-H7; Fri, 11 May 2007 04:13:10 -0400
Received: from discuss by megatron.ietf.org with local (Exim 4.43) id 1HmQFR-0004Ia-Hu for discuss-confirm+ok@megatron.ietf.org; Fri, 11 May 2007 04:13:09 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HmQFP-0004IN-Pb for discuss@apps.ietf.org; Fri, 11 May 2007 04:13:08 -0400
Received: from bes.cs.utk.edu ([160.36.56.220]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HmQFP-0006nr-Al for discuss@apps.ietf.org; Fri, 11 May 2007 04:13:07 -0400
Received: from localhost (localhost [127.0.0.1]) by bes.cs.utk.edu (Postfix) with ESMTP id B45821032AD; Fri, 11 May 2007 04:13:02 -0400 (EDT)
X-Virus-Scanned: by amavisd-new with ClamAV and SpamAssasin at cs.utk.edu
Received: from bes.cs.utk.edu ([127.0.0.1]) by localhost (bes.cs.utk.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LwOIzrx+yFfv; Fri, 11 May 2007 04:12:57 -0400 (EDT)
Received: from lust.indecency.org (user-119b1dm.biz.mindspring.com [66.149.133.182]) by bes.cs.utk.edu (Postfix) with ESMTP id B3F93103099; Fri, 11 May 2007 04:12:56 -0400 (EDT)
Message-ID: <46442588.7020405@cs.utk.edu>
Date: Fri, 11 May 2007 04:12:56 -0400
From: Keith Moore <moore@cs.utk.edu>
User-Agent: Thunderbird 2.0.0.0 (Macintosh/20070326)
MIME-Version: 1.0
To: Miika Komu <miika@iki.fi>
Subject: Re: sockets APIs extensions for Host Identity Protocol
References: <Pine.SOL.4.64.0705041801060.14418@kekkonen.cs.hut.fi> <20070507082737.GB21759@nic.fr> <46413DD7.8020702@cs.utk.edu> <20070509121703.GA21070@nic.fr> <4641CA52.70504@cs.utk.edu> <Pine.LNX.4.64.0705091449360.26169@hermes-1.csi.cam.ac.uk> <4641D94C.9070304@cs.utk.edu> <Pine.SOL.4.64.0705102013550.10049@kekkonen.cs.hut.fi> <46436B10.5090706@cs.utk.edu> <Pine.SOL.4.64.0705102159020.10049@kekkonen.cs.hut.fi> <4643F873.3000501@cs.utk.edu> <Pine.SOL.4.64.0705110851440.24038@kekkonen.cs.hut.fi>
In-Reply-To: <Pine.SOL.4.64.0705110851440.24038@kekkonen.cs.hut.fi>
X-Enigmail-Version: 0.95.0
OpenPGP: id=E1473978
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 3002fc2e661cd7f114cb6bae92fe88f1
Cc: discuss@apps.ietf.org
X-BeenThere: discuss@apps.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: general discussion of application-layer protocols <discuss.apps.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/discuss>, <mailto:discuss-request@apps.ietf.org?subject=unsubscribe>
List-Post: <mailto:discuss@apps.ietf.org>
List-Help: <mailto:discuss-request@apps.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/discuss>, <mailto:discuss-request@apps.ietf.org?subject=subscribe>
Errors-To: discuss-bounces@apps.ietf.org

>> It strikes me that if I'm using opportunistic HIP, then I probably want
>> to use normal sockaddr_in* structures and do a setsockopt() that says
>> "give me HIP if both ends support it" before doing connect() or
>> listen().  In that case I'd want getpeername() to still return the
>> peer's (current) IP address, but I'd want additional functions to return
>> the peer's HIT.  In that case I don't see any real value in having
>> locally-scoped pseudo-HITs.  The reason for doing things this way is
>> that it would require fewer changes to legacy code to support
>> opportunistic HIP.
>
> We have implemented opportunistic mode in the HIPL implementation in
> the way you described. It required some tricks under the sockets API
> hood to get it working, but it is great for legacy apps. Even
> referrals work, assuming that you are behind a NAT or a firewall :)
in other words, they don't work. :)
> What about "native" HIP applications that are aware of HIP? The whole
> point of the locally scoped identifier was to provide single, unified
> end-point token to applications. Is it acceptable to handle both
> sockaddr_in and sockaddr_hip structures in HIP aware apps? I think a
> single identifier type would be simpler.
I don't know why a HIP-aware app would use sockaddr_in* for any socket
on which it wanted to use HIP.  Such an app might want to use
sockaddr_in for some sockets if it had a reason to not use HIP on
specific sockets.  (say for diagnostic purposes)

I must have missed the point of locally-scoped identifiers.  I thought
it was so that you could fit a pseudo-HIT into 32 bits and pretend it
was an IPv4 address for the sake of backward compatibility.  But if your
application was written to be HIP-aware, it would be cleaner to use
HIP-specific sockaddrs.    And in that case, why use a locally-scoped
identifier when you can use a globally-scoped one?   (and if your
application wasn't originally written to use HIP it's probably the case
that the best you can hope for with small mods to your code is
opportunistic HIP anyway.)


>> OTOH, if I'm doing "real" HIP then I want to use something like a
>> sockaddr_hip structure that lets me specify both the HIT (as the
>> "address") and a variable number of IP addresses (including both IPv4
>> and IPv6 addresses) at which the peer named by the HIT might be
>> reachable (or at which a redirect to the actual peer might be
>> obtainable).
>
> The is certainly possible. One could also implement opportunistic mode
> by leaving out the HIT from sockaddr_hip and by specifying only the
> IP. However, there is an inherent problem with this approach as
> described below.
>
>> And then you probably want a HIP-specific replacement for
>> getaddrinfo() that will return not only addresses but also the HIT
>> associated with a DNS name and whatever other information is useful in a
>> form that's easily stuffed into a sockaddr_hip.
>
> Why this can't be done in the current resolver by specifying a flag?
for starters, the addrinfo structure doesn't have a field for a HIT, and
in a HIP aware app you'd certainly want to specify which HIT you wanted
to talk to.   neither does addrinfo have any way of representing things
that are quite reasonable - like a single DNS name mapping to multiple
HITs, each of which maps to multiple IP addresses, where some of those
addresses are addresses at which the peer might reasonably be found, and
others are for redirect servers.

more generally, getaddrinfo() sucks so bad that any excuse to get rid of
it is worth considering.
>> really you want to be able to map a DNS name into multiple HITs, each of
>> which can have zero or more IPv* addresses associated with it.... and
>> you want a standard data structure that consists of a HIT + IP addresses
>> that can be passed around in referrals.
>
> The problem with this approach is that it will encourage developers to
> use the IP address directly from the socket address structure. The
> host corresponding to the HIT may have changed it's IP address at that
> point (independently of whether the structure describes the local or
> remote host). I believe that it is be much better to "force" the
> developer to obtain a valid IP address using a separate function call
> (see draft-ietf-shim6-multihome-shim-api). An extra call should not be
> a problem in a HIP aware application.
it's certainly the case that DNS-to-HIT mapping might change
independently of a HIT-to-IP mapping.  that, and when there are multiple
HITs associated with a single DNS name, a single routine might end up
doing several different lookups for the HIT-to-IP mappings, which could
take a lot of time.   so on reflection I agree that it makes sense to do
the lookups separately.

v2.23.0 | Report a Bug | By Email