Re: [Hipsec] Completing 5201 state machine
Tobias Heer <heer@cs.rwth-aachen.de> Thu, 21 October 2010 12:41 UTC
Return-Path: <heer@informatik.rwth-aachen.de>
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 22E853A691A for <hipsec@core3.amsl.com>; Thu, 21 Oct 2010 05:41:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.49
X-Spam-Level:
X-Spam-Status: No, score=-4.49 tagged_above=-999 required=5 tests=[AWL=0.311, BAYES_00=-2.599, HELO_EQ_DE=0.35, HELO_MISMATCH_DE=1.448, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F6PS1GHIlZ5o for <hipsec@core3.amsl.com>; Thu, 21 Oct 2010 05:41:37 -0700 (PDT)
Received: from mta-2.ms.rz.rwth-aachen.de (mta-2.ms.rz.RWTH-Aachen.DE [134.130.7.73]) by core3.amsl.com (Postfix) with ESMTP id 548413A69A9 for <hipsec@ietf.org>; Thu, 21 Oct 2010 05:41:28 -0700 (PDT)
MIME-version: 1.0
Content-transfer-encoding: 7bit
Content-type: text/plain; charset="us-ascii"
Received: from ironport-out-1.rz.rwth-aachen.de ([134.130.5.40]) by mta-2.ms.rz.RWTH-Aachen.de (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008)) with ESMTP id <0LAN006054L2E860@mta-2.ms.rz.RWTH-Aachen.de> for hipsec@ietf.org; Thu, 21 Oct 2010 14:41:26 +0200 (CEST)
X-IronPort-AV: E=Sophos;i="4.58,217,1286143200"; d="scan'208";a="77927173"
Received: from relay-auth-2.ms.rz.rwth-aachen.de (HELO relay-auth-2) ([134.130.7.79]) by ironport-in-1.rz.rwth-aachen.de with ESMTP; Thu, 21 Oct 2010 14:41:26 +0200
Received: from umic-i4-137-226-45-90.nn.rwth-aachen.de ([unknown] [137.226.45.90]) by relay-auth-2.ms.rz.rwth-aachen.de (Sun Java(tm) System Messaging Server 7.0-3.01 64bit (built Dec 9 2008)) with ESMTPA id <0LAN009LD4L22340@relay-auth-2.ms.rz.rwth-aachen.de> for hipsec@ietf.org; Thu, 21 Oct 2010 14:41:26 +0200 (CEST)
From: Tobias Heer <heer@cs.rwth-aachen.de>
In-reply-to: <BF345F63074F8040B58C00A186FCA57F29F6C36B6D@NALASEXMB04.na.qualcomm.com>
Date: Thu, 21 Oct 2010 14:41:25 +0200
Message-id: <C8F0A7FC-B2AB-4B81-B028-7F82596428A8@cs.rwth-aachen.de>
References: <917A9DF6-17C4-4AAF-9132-1A865D0A824B@cs.rwth-aachen.de> <BF345F63074F8040B58C00A186FCA57F29F6C36B6D@NALASEXMB04.na.qualcomm.com>
To: "Laganier, Julien" <julienl@qualcomm.com>
X-Mailer: Apple Mail (2.1081)
Cc: HIP WG <hipsec@ietf.org>
Subject: Re: [Hipsec] Completing 5201 state machine
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Oct 2010 12:41:41 -0000
Hi Julien, Am 20.10.2010 um 19:04 schrieb Laganier, Julien: > Hello Tobias, > > I have no time to look into the details so I'm just asking here - sorry about that: > > While we're at moving HIP forward to standard track we're going to make a certain number of changes. Since experimental HIP already has a little brother that made it to Proposed Standard (SHIM6 in RFC 5533), could we simply replicate that state machine into our standard track HIP (v2)? I'll investigate this. Maybe we can borrow this and that. However, the state machine is not wrong or shaky but merely did not mention a few corner cases which should be handled for completeness. I assume that most implementation implement the suggested "new" behavior already. However, thanks for the good suggestion! Tobias > > --julien > > Tobias Heer wrote: >> >> Hello, >> >> the state machine of RFC5201 (not -bis) has some white spots which I >> try to cover now. Nothing essential is missing but it seems slightly >> underspecified the way it is now. >> Handling of the following packets is missing in some states: CLOSE, >> CLOSE_ACK, and NOTIFY. And it is not caught by the "handle ANYOTHER" >> rules that serve as catch-all. >> >> I'll list the changes that I'll make here and ask for feedback from the >> group and especially implementors. >> >> 1.) Receive CLOSE in state I2-sent: >> ------------------------------ >> Why can this happen? >> - R2 is lost (maybe repeatedly), Responder transitions to from R2-SENT >> to ESTABLISHED because of timeout, Responder decides to close >> association (because of some reason) >> >> Proposed action: process packet >> - successful: transition to CLOSING >> - fail: drop and stay at I2-sent >> >> >> 2.) Receive CLOSE in state R2-sent >> ------------------------------ >> Why can this happen? >> - Responder cannot observe data packet flow (this is the case for some >> implementations), Responder timeout for transition from R2-SENT to >> ESTABLISHED has not fired yet, Initiator decides to close association >> (because of some reason) >> >> Proposed action: process packet >> - successful: transition to CLOSING >> - fail: drop and stay at R2-sent >> >> >> 3.) Receive CLOSE_ACK in state R2-sent >> ------------------------------ >> Why can this happen? >> - It shouldn't but there is nothing specified. >> >> Proposed action: drop >> >> >> 4.) Receive NOTIFY in state R2-sent >> ------------------------------ >> Why can this happen? >> - Responder cannot observe the data channel and timeout has not fired >> yet. >> >> Proposed action: process and stay in R2 sent >> >> >> 5.) Receive CLOSE_ACK in state ESTABLISHED >> ------------------------------ >> Why can this happen? >> - It shouldn't but there is nothing specified. >> >> Proposed action: drop >> >> >> 6. Receive NOTIFY in state ESTABLISHED >> ------------------------------ >> Why can this happen? >> - Well, there are many reasons for this. This is normal behavior. >> >> Proposed action: process and stay in ESTABLISHED >> >> >> I would appreciate if you could have a look at the proposed changes and >> give feedback. None of the changes has dramatic effects on existing >> implementations of HIPv1 but 1) and 2) might require some minor change >> of code if the implementations don't handle (or handle differently) the >> CLOSE messages in these states. >> >> BR, >> >> Tobias >> >> -- >> Dipl.-Inform. Tobias Heer, Ph.D. Student >> Chair of Communication and Distributed Systems - comsys >> RWTH Aachen University, Germany >> tel: +49 241 80 207 76 >> web: http://ds.cs.rwth-aachen.de/members/heer >> blog: http://dtobi.wordpress.com/ >> card: http://card.ly/dtobi >> >> >> >> >> >> >> >> _______________________________________________ >> Hipsec mailing list >> Hipsec@ietf.org >> https://www.ietf.org/mailman/listinfo/hipsec -- Dipl.-Inform. Tobias Heer, Ph.D. Student Chair of Communication and Distributed Systems - comsys RWTH Aachen University, Germany tel: +49 241 80 207 76 web: http://ds.cs.rwth-aachen.de/members/heer blog: http://dtobi.wordpress.com/ card: http://card.ly/dtobi
- [Hipsec] Completing 5201 state machine Tobias Heer
- Re: [Hipsec] Completing 5201 state machine Henderson, Thomas R
- Re: [Hipsec] Completing 5201 state machine Miika Komu
- Re: [Hipsec] Completing 5201 state machine Tobias Heer
- Re: [Hipsec] Completing 5201 state machine Henderson, Thomas R
- Re: [Hipsec] Completing 5201 state machine Tobias Heer
- Re: [Hipsec] Completing 5201 state machine Laganier, Julien
- Re: [Hipsec] Completing 5201 state machine Tobias Heer
- Re: [Hipsec] Completing 5201 state machine Laganier, Julien