IETF Logo Mail Archive

Re: [Hipsec] Completing 5201 state machine

"Henderson, Thomas R" <thomas.r.henderson@boeing.com> Mon, 18 October 2010 23:40 UTC

Return-Path: <thomas.r.henderson@boeing.com>
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1D39F3A6C06 for <hipsec@core3.amsl.com>; Mon, 18 Oct 2010 16:40:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.165
X-Spam-Level:
X-Spam-Status: No, score=-106.165 tagged_above=-999 required=5 tests=[AWL=0.434, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QNPEZ0Cc9tBQ for <hipsec@core3.amsl.com>; Mon, 18 Oct 2010 16:40:30 -0700 (PDT)
Received: from slb-smtpout-01.boeing.com (slb-smtpout-01.boeing.com [130.76.64.48]) by core3.amsl.com (Postfix) with ESMTP id 2ADCD3A6BF6 for <hipsec@ietf.org>; Mon, 18 Oct 2010 16:40:30 -0700 (PDT)
Received: from stl-av-01.boeing.com (stl-av-01.boeing.com [192.76.190.6]) by slb-smtpout-01.ns.cs.boeing.com (8.14.4/8.14.4/8.14.4/SMTPOUT) with ESMTP id o9INfqoX024052 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Mon, 18 Oct 2010 16:41:53 -0700 (PDT)
Received: from stl-av-01.boeing.com (localhost [127.0.0.1]) by stl-av-01.boeing.com (8.14.4/8.14.4/DOWNSTREAM_RELAY) with ESMTP id o9INfp28003438; Mon, 18 Oct 2010 18:41:52 -0500 (CDT)
Received: from XCH-NWHT-11.nw.nos.boeing.com (xch-nwht-11.nw.nos.boeing.com [130.247.25.114]) by stl-av-01.boeing.com (8.14.4/8.14.4/UPSTREAM_RELAY) with ESMTP id o9INfpcX003421 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK); Mon, 18 Oct 2010 18:41:51 -0500 (CDT)
Received: from XCH-NW-10V.nw.nos.boeing.com ([130.247.25.83]) by XCH-NWHT-11.nw.nos.boeing.com ([130.247.25.114]) with mapi; Mon, 18 Oct 2010 16:41:51 -0700
From: "Henderson, Thomas R" <thomas.r.henderson@boeing.com>
To: 'Tobias Heer' <heer@cs.rwth-aachen.de>, HIP WG <hipsec@ietf.org>
Date: Mon, 18 Oct 2010 16:41:50 -0700
Thread-Topic: [Hipsec] Completing 5201 state machine
Thread-Index: Actq8Zr3o9/LxZxbRHKiYjilUp9rBQEKkZwg
Message-ID: <7CC566635CFE364D87DC5803D4712A6C4CEC451A09@XCH-NW-10V.nw.nos.boeing.com>
References: <917A9DF6-17C4-4AAF-9132-1A865D0A824B@cs.rwth-aachen.de>
In-Reply-To: <917A9DF6-17C4-4AAF-9132-1A865D0A824B@cs.rwth-aachen.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [Hipsec] Completing 5201 state machine
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Oct 2010 23:40:31 -0000

Tobias, I reviewed the OpenHIP behavior to these white spots, below:

> -----Original Message-----
> From: hipsec-bounces@ietf.org
> [mailto:hipsec-bounces@ietf.org] On Behalf Of Tobias Heer
> Sent: Wednesday, October 13, 2010 9:13 AM
> To: HIP WG
> Subject: [Hipsec] Completing 5201 state machine
>
> Hello,
>
> the state machine of RFC5201 (not -bis) has some white spots
> which I try to cover now. Nothing essential is missing but it
> seems slightly underspecified the way it is now.
> Handling of the following packets is missing in some states:
> CLOSE, CLOSE_ACK, and NOTIFY. And it is not caught by the
> "handle ANYOTHER" rules that serve as catch-all.
>
> I'll list the changes that I'll make here and ask for
> feedback from the group and especially implementors.
>
> 1.) Receive CLOSE in state I2-sent:
> ------------------------------
> Why can this happen?
> - R2 is lost (maybe repeatedly), Responder transitions to
> from R2-SENT to ESTABLISHED because of timeout, Responder
> decides to close association (because of some reason)
>
> Proposed action: process packet
> - successful: transition to CLOSING
> - fail: drop and stay at I2-sent

OpenHIP allows CLOSE in states ESTABLISHED, CLOSING, CLOSED, and R2_SENT, but does not process it in this state.

Can you clarify what you want to happen here?  Usually, if peer sends a CLOSE, you send CLOSE_ACK and transition to CLOSED, not to CLOSING.

>
>
> 2.) Receive CLOSE in state R2-sent
> ------------------------------
> Why can this happen?
> - Responder cannot observe data packet flow (this is the case
> for some implementations), Responder timeout for transition
> from R2-SENT to ESTABLISHED has not fired yet, Initiator
> decides to close association (because of some reason)
>
> Proposed action: process packet
> - successful: transition to CLOSING
> - fail: drop and stay at R2-sent

OpenHIP accepts this packet, sends CLOSE_ACK, and transitions to CLOSED.  As in 1) above, are you suggesting state CLOSING or CLOSED?

>
>
> 3.) Receive CLOSE_ACK in state R2-sent
> ------------------------------
> Why can this happen?
> - It shouldn't but there is nothing specified.
>
> Proposed action: drop

Agree; in OpenHIP, CLOSE_ACK is only processed in state CLOSING or CLOSED.

>
>
> 4.) Receive NOTIFY in state R2-sent
> ------------------------------
> Why can this happen?
> - Responder cannot observe the data channel and timeout has
> not fired yet.
>
> Proposed action: process and stay in R2 sent

Agree; in OpenHIP, NOTIFY is processed in any state that has a valid association
>
>
> 5.) Receive CLOSE_ACK in state ESTABLISHED
> ------------------------------
> Why can this happen?
> - It shouldn't but there is nothing specified.
>
> Proposed action: drop

Agree; see 3) above.

>
>
> 6. Receive NOTIFY in state ESTABLISHED
> ------------------------------
> Why can this happen?
> - Well, there are many reasons for this. This is normal behavior.
>
> Proposed action: process and stay in ESTABLISHED

Agree.

- Tom

v2.29.0 | Report a Bug | By Email | System Status