Re: [Dots] multiple values in the filter RE: DOTS telemetry Issues picked up in Interop Testing
Jon Shallow <supjps-ietf@jpshallow.com> Wed, 22 April 2020 09:32 UTC
Return-Path: <supjps-ietf@jpshallow.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B71673A0C72 for <dots@ietfa.amsl.com>; Wed, 22 Apr 2020 02:32:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VGXqwYvtiqZm for <dots@ietfa.amsl.com>; Wed, 22 Apr 2020 02:32:39 -0700 (PDT)
Received: from mail.jpshallow.com (mail.jpshallow.com [217.40.240.153]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9A3143A0C71 for <dots@ietf.org>; Wed, 22 Apr 2020 02:32:39 -0700 (PDT)
Received: from mail2.jpshallow.com ([192.168.0.3] helo=N01332) by mail.jpshallow.com with esmtp (Exim 4.92.3) (envelope-from <jon.shallow@jpshallow.com>) id 1jRBkD-0004Qa-J4; Wed, 22 Apr 2020 10:32:37 +0100
From: Jon Shallow <supjps-ietf@jpshallow.com>
To: mohamed.boucadair@orange.com, dots@ietf.org
References: <787AE7BB302AE849A7480A190F8B93303149B679@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <120701d617e8$ad6a1370$083e3a50$@jpshallow.com> <787AE7BB302AE849A7480A190F8B93303149C2C5@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
In-Reply-To: <787AE7BB302AE849A7480A190F8B93303149C2C5@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
Date: Wed, 22 Apr 2020 10:32:46 +0100
Message-ID: <00b401d61888$fb228250$f16786f0$@jpshallow.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_00B5_01D61891.5CE9F790"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQLXo3sU9r4cWwKI1jsej+w/E829ygG68+wKAnXBTwemYEUzEA==
Content-Language: en-gb
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/T20mVh7wVNMB_xJGQufFBcQ1YZw>
Subject: Re: [Dots] multiple values in the filter RE: DOTS telemetry Issues picked up in Interop Testing
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Apr 2020 09:32:43 -0000
Hi Med, Thanks this works for me. Regards Jon From: Dots [mailto: dots-bounces@ietf.org] On Behalf Of mohamed.boucadair@orange.com Sent: 22 April 2020 10:26 To: Jon Shallow; dots@ietf.org Subject: Re: [Dots] multiple values in the filter RE: DOTS telemetry Issues picked up in Interop Testing Re-, Below a change proposal to cover the following: · Multiple non-contiguous values · Contiguous blocks · wildcard OLD: The DOTS client can filter out the asynchronous notifications from the DOTS server by indicating one or more Uri-Query options in its GET request. A Uri-Query option can include the following parameters: target-prefix, lower-port, upper-port, target-protocol, target-fqdn, target-uri, alias-name. NEW: The DOTS client can filter out the asynchronous notifications from the DOTS server by indicating one or more Uri-Query options in its GET request. An Uri-Query option can include the following parameters: target-prefix, target-port, target-protocol, target-fqdn, target-uri, alias-name, 'mid', and 'c' (content) (Section 4.4). If more than one Uri-Query option is included in a request, these options are interpreted in the same way as when multiple target clauses are included in a message body. If multiple values of a query parameter are included in an Uri-Query option, these values MUST be separated by a "," character without any spaces. Range values (i.e., contiguous inclusive block) can be included for target- port, target-protocol, and 'mid' parameters by indicating two bound values separated by a "-" character.. Wildcard names (i.e., a name with the leftmost label is the "*" character) can be included in target-fqdn or target-uri parameters. For example, "*.example.com" can be included as a value of the target-fqdn parameter in an Uri- Query option. Better? Cheers, Med De : Jon Shallow [mailto:supjps-ietf@jpshallow.com] Envoyé : mardi 21 avril 2020 16:25 À : BOUCADAIR Mohamed TGI/OLN; dots@ietf.org Objet : RE: [Dots] multiple values in the filter RE: DOTS telemetry Issues picked up in Interop Testing For me, - (minus) is for a range and , (comma) for distinct elements. Spaces not allowed. Regards Jon From: Dots [mailto: dots-bounces@ietf.org] On Behalf Of mohamed.boucadair@orange.com Sent: 21 April 2020 15:20 To: Jon Shallow; dots@ietf.org Subject: [Dots] multiple values in the filter RE: DOTS telemetry Issues picked up in Interop Testing Re-, If we want to allow for multiple values to be included, all what we need is to agree on the separator to be used for ranges and for distinct elements. We can get rid of []. Cheers, Med De : Jon Shallow [mailto:supjps-ietf@jpshallow.com] Envoyé : mardi 21 avril 2020 12:56 À : BOUCADAIR Mohamed TGI/OLN; dots@ietf.org Objet : RE: [Dots] DOTS telemetry Issues picked up in Interop Testing De : Jon Shallow [mailto:supjps-ietf@jpshallow.com] Envoyé : mardi 21 avril 2020 10:59 À : BOUCADAIR Mohamed TGI/OLN; dots@ietf.org Objet : RE: [Dots] DOTS telemetry Issues picked up in Interop Testing Hi all, A further thought on the use of Uri-Queries to clarify the AND/OR usage. If you only allow one query per query type and put the match list in an array, then this will be an OR of the array list (the same as we do for the target* definitions right now. E.G. :- Uri-Query: target_prefix=[1.2.3.4/32,4.3.2.1/32] Gives either 1.2.3.4 or 4.3.2.1 as a valid match. And Uri-Query: target-prefix=[1.2.3.4/32,4.3.2.1/32] Uri-Query: lower-port=[80,443] Gives (either 1.2.3.4 or 4.3.2.1) and (either port 80 or 443) [] should not include spaces and comma used as a separator. [Med] The issue I have with this is that we will need to handle cases where both lower-port and upper-port are present. Not sure what would be the benefit of allowing multiple key values, compact uris? If thats a concern, we may consider shortened names in the query (e.g., s/target-prefix/tp, s/lower-port/lp, ..). Jon> fair point about lower and upper ports.. Uri-Query: target-port[80-85,443] works for me and covers both ranges and individual ports. Jon> As this would be options on a GET request that has no body data, I dont think that I am too worried about using shortened names at this point.
- [Dots] multiple values in the filter RE: DOTS tel… mohamed.boucadair
- Re: [Dots] multiple values in the filter RE: DOTS… Jon Shallow
- Re: [Dots] multiple values in the filter RE: DOTS… mohamed.boucadair
- Re: [Dots] multiple values in the filter RE: DOTS… Jon Shallow