Re: [Dots] multiple values in the filter RE: DOTS telemetry Issues picked up in Interop Testing
mohamed.boucadair@orange.com Wed, 22 April 2020 09:26 UTC
Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 42DD33A0C56 for <dots@ietfa.amsl.com>; Wed, 22 Apr 2020 02:26:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=orange.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iQ91v7znXnNx for <dots@ietfa.amsl.com>; Wed, 22 Apr 2020 02:26:17 -0700 (PDT)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.66.41]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C47D53A0C54 for <dots@ietf.org>; Wed, 22 Apr 2020 02:26:16 -0700 (PDT)
Received: from opfedar01.francetelecom.fr (unknown [xx.xx.xx.2]) by opfedar27.francetelecom.fr (ESMTP service) with ESMTP id 496Zn30Dkzz2xRc; Wed, 22 Apr 2020 11:26:15 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com; s=ORANGE001; t=1587547575; bh=jCUmGq5G8wgqlE+U/zA8XZU64Q7DC4/B5iI7jt3ydSU=; h=From:To:Subject:Date:Message-ID:Content-Type:MIME-Version; b=cUNXfSEKumCwa68meXH/XFTCGP5YJXsDRwXUKxAklOzzAMdAZ7uBpMNTXGgyO6iPc 7qcwiQ7OePeptNAQqOua5jgplphMhEGnZD99M1M9akQUfSDgN3iDek83DtGDl9qxV+ 9Wi45T/jxzb6c3hgCy/mAzaFK0pRKK+kUDztfalGmCrdiz+2sNgYsukke+sYK3q9lh Bh0XcHl12sy2Jfk8q/moy1YcUj97ofqsn9etP0U0kL/RQzJOdfse0lAMbGJG5fojir 6+Nd9VysbHZ3Z6f4pnD8zHYehb4/0WNT1XkEPisiohtfqB/PqxS69syqQKXrac/c0y 504R8PFZvzVZw==
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.32]) by opfedar01.francetelecom.fr (ESMTP service) with ESMTP id 496Zn24zkvzBrLR; Wed, 22 Apr 2020 11:26:14 +0200 (CEST)
From: mohamed.boucadair@orange.com
To: Jon Shallow <supjps-ietf@jpshallow.com>, "dots@ietf.org" <dots@ietf.org>
Thread-Topic: [Dots] multiple values in the filter RE: DOTS telemetry Issues picked up in Interop Testing
Thread-Index: AQLXo3sU9r4cWwKI1jsej+w/E829yqaAicSAgAE/SZA=
Date: Wed, 22 Apr 2020 09:26:13 +0000
Message-ID: <787AE7BB302AE849A7480A190F8B93303149C2C5@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <787AE7BB302AE849A7480A190F8B93303149B679@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <120701d617e8$ad6a1370$083e3a50$@jpshallow.com>
In-Reply-To: <120701d617e8$ad6a1370$083e3a50$@jpshallow.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.13.247]
Content-Type: multipart/alternative; boundary="_000_787AE7BB302AE849A7480A190F8B93303149C2C5OPEXCAUBMA2corp_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/6cwnsUcOIqduaLgLjioSv8qMKj0>
Subject: Re: [Dots] multiple values in the filter RE: DOTS telemetry Issues picked up in Interop Testing
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Apr 2020 09:26:20 -0000
Re-, Below a change proposal to cover the following: · Multiple non-contiguous values · Contiguous blocks · wildcard OLD: The DOTS client can filter out the asynchronous notifications from the DOTS server by indicating one or more Uri-Query options in its GET request. A Uri-Query option can include the following parameters: target-prefix, lower-port, upper-port, target-protocol, target-fqdn, target-uri, alias-name. NEW: The DOTS client can filter out the asynchronous notifications from the DOTS server by indicating one or more Uri-Query options in its GET request. An Uri-Query option can include the following parameters: target-prefix, target-port, target-protocol, target-fqdn, target-uri, alias-name, 'mid', and 'c' (content) (Section 4.4). If more than one Uri-Query option is included in a request, these options are interpreted in the same way as when multiple target clauses are included in a message body. If multiple values of a query parameter are included in an Uri-Query option, these values MUST be separated by a "," character without any spaces. Range values (i.e., contiguous inclusive block) can be included for target- port, target-protocol, and 'mid' parameters by indicating two bound values separated by a "-" character. Wildcard names (i.e., a name with the leftmost label is the "*" character) can be included in target-fqdn or target-uri parameters. For example, "*.example.com" can be included as a value of the target-fqdn parameter in an Uri- Query option. Better? Cheers, Med De : Jon Shallow [mailto:supjps-ietf@jpshallow.com] Envoyé : mardi 21 avril 2020 16:25 À : BOUCADAIR Mohamed TGI/OLN; dots@ietf.org Objet : RE: [Dots] multiple values in the filter RE: DOTS telemetry Issues picked up in Interop Testing For me, - (minus) is for a range and , (comma) for distinct elements. Spaces not allowed. Regards Jon From: Dots [mailto: dots-bounces@ietf.org] On Behalf Of mohamed.boucadair@orange.com Sent: 21 April 2020 15:20 To: Jon Shallow; dots@ietf.org Subject: [Dots] multiple values in the filter RE: DOTS telemetry Issues picked up in Interop Testing Re-, If we want to allow for multiple values to be included, all what we need is to agree on the separator to be used for ranges and for distinct elements. We can get rid of []. Cheers, Med De : Jon Shallow [mailto:supjps-ietf@jpshallow.com] Envoyé : mardi 21 avril 2020 12:56 À : BOUCADAIR Mohamed TGI/OLN; dots@ietf.org Objet : RE: [Dots] DOTS telemetry Issues picked up in Interop Testing De : Jon Shallow [mailto:supjps-ietf@jpshallow.com] Envoyé : mardi 21 avril 2020 10:59 À : BOUCADAIR Mohamed TGI/OLN; dots@ietf.org Objet : RE: [Dots] DOTS telemetry Issues picked up in Interop Testing Hi all, A further thought on the use of Uri-Queries to clarify the AND/OR usage. If you only allow one query per query type and put the match list in an array, then this will be an OR of the array list (the same as we do for the target* definitions right now. E.G. :- Uri-Query: target_prefix=[1.2.3.4/32,4.3.2.1/32] Gives either 1.2.3.4 or 4.3.2.1 as a valid match. And Uri-Query: target-prefix=[1.2.3.4/32,4.3.2.1/32] Uri-Query: lower-port=[80,443] Gives (either 1.2.3.4 or 4.3.2.1) and (either port 80 or 443) [] should not include spaces and comma used as a separator. [Med] The issue I have with this is that we will need to handle cases where both lower-port and upper-port are present. Not sure what would be the benefit of allowing multiple key values, compact uris? If that's a concern, we may consider shortened names in the query (e.g., s/target-prefix/tp, s/lower-port/lp, ..). Jon> fair point about lower and upper ports. Uri-Query: target-port[80-85,443] works for me and covers both ranges and individual ports. Jon> As this would be options on a GET request that has no body data, I don't think that I am too worried about using shortened names at this point.
- [Dots] multiple values in the filter RE: DOTS tel… mohamed.boucadair
- Re: [Dots] multiple values in the filter RE: DOTS… Jon Shallow
- Re: [Dots] multiple values in the filter RE: DOTS… mohamed.boucadair
- Re: [Dots] multiple values in the filter RE: DOTS… Jon Shallow