IETF Logo Mail Archive

Re: [Idr] The Use of 'm' and 'not' bits in bitmask Flowspec component.

PVLR Pavana Murthy <pvlrpm@gmail.com> Wed, 21 February 2018 06:52 UTC

Return-Path: <pvlrpm@gmail.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 438761270A7 for <idr@ietfa.amsl.com>; Tue, 20 Feb 2018 22:52:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.997
X-Spam-Level:
X-Spam-Status: No, score=-0.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=1, HTML_MESSAGE=0.001, NORMAL_HTTP_TO_IP=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HBqemvL1_BNh for <idr@ietfa.amsl.com>; Tue, 20 Feb 2018 22:52:03 -0800 (PST)
Received: from mail-wr0-x22e.google.com (mail-wr0-x22e.google.com [IPv6:2a00:1450:400c:c0c::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 62DE01200C1 for <idr@ietf.org>; Tue, 20 Feb 2018 22:52:02 -0800 (PST)
Received: by mail-wr0-x22e.google.com with SMTP id u15so1341475wrg.3 for <idr@ietf.org>; Tue, 20 Feb 2018 22:52:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=dZUbCaYtUXM8lCC52s5wfsaa3vPhFBOOmFogZ4WzOMo=; b=mKi4/50x4c/DOn1dZ6F2Da27fP7by+Y/GyxToGE7MqfNL/yDgfd615+D7O70vW5dUs gwcorxME9dC1EwKoqXstMXcy6SXU0fryFPn79wJAx6Z/Ze0SV+eUXXovwOH3j3ztct6n YIenLSZo6gek6NKFUZ1gNb9QzEP914fIm+sMgJJEd2iIfZ3TjJHWSZNK0fSRBrsdmXs/ 4FH5K6wLE5f4S3ehX4ggNZHSnNOxkKdZUqPeLP+7P3pkMM0MTz+JaJKx/vLRvjyo6SkI 7iHUstYDZanTx17MY31ijbFlt7hn+ytabL1oUgmK4hOTVGl3dXCnq+/KPlCrIdNdddgM y4Rw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=dZUbCaYtUXM8lCC52s5wfsaa3vPhFBOOmFogZ4WzOMo=; b=B2SfLQYVf+wh+P170mPWXwIqE6d8NHX4Vv0uCTIQ+HkucQJLZWEJ7Xm5GDg0RXPcCX ubTpKTPP5LFBGcWo6OdS0FJCJuxZZEw8z/X/549dKJBBfqQj2/kacCoqjcsjVOkXcsMl Yw7LMfA7F/QAn9NccphxuxOTSxpr3uIhrZAdhxg5QqLnhVvsJccjadHtoay8r7qb7ApP RZ39QsJ7kdg5cPonAk1IYMqyCSiPDQx7qM12vdH+wKqPweeSxCnFJ0x+0rveWPNTCKC0 FFYbw9vzjeTPYn+4uyOTRaZhO5oOSLn0Ts6f0TgfKprz1fLgHcZYNLic1QAYBfgAEiti uH7A==
X-Gm-Message-State: APf1xPAjGNsi5QQrRps712/gjd8d2Wo+T93Zs/jNV2f8COQmU+arkgqu nLWafZlRAJ533AFbRZbXjZFOKCPK071eu61+PtQ=
X-Google-Smtp-Source: AH8x224/QFt4/L+zy518vHixO4qXfJ2vASk5WYgfz80Q9oBPv0hu/Oa+RrVX7hn48kH1CiebaoQ97fLU2H4T31zjIWY=
X-Received: by 10.223.153.51 with SMTP id x48mr1846368wrb.216.1519195920634; Tue, 20 Feb 2018 22:52:00 -0800 (PST)
MIME-Version: 1.0
Received: by 10.223.195.200 with HTTP; Tue, 20 Feb 2018 22:52:00 -0800 (PST)
From: PVLR Pavana Murthy <pvlrpm@gmail.com>
Date: Wed, 21 Feb 2018 12:22:00 +0530
Message-ID: <CAN-MQG4F38K6MzutAxirMxHyNcpFHqjuurzDr6gyWURcgFrE1A@mail.gmail.com>
To: Christoph Loibl <c@tix.at>
Cc: idr wg <idr@ietf.org>
Content-Type: multipart/alternative; boundary="f403045f525e3196760565b35de4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/s-hePv5j9fsBDk5AV5Rq-9JrEn8>
Subject: Re: [Idr] The Use of 'm' and 'not' bits in bitmask Flowspec component.
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Feb 2018 06:52:05 -0000

 Hi Christoph,
   The following is given in the RFC.

  0   1   2   3   4   5   6   7
+---+---+---+---+---+---+---+---+
| e | a |   len | 0 | 0 |not| m |
+---+---+---+---+---+---+---+---+

not - NOT bit. If set, logical negation of operation.

m - Match bit. If set, this is a bitwise match operation
defined as "(data & value) == value"; if unset, (data &
value) evaluates to TRUE if any of the bits in the value
mask are set in the data.


I will try to use all the combinations of 'not' and 'm' bits. Please let me
know if the following my understanding is correct.

I will try to use the mask with SYN, ACK bits of TCP header for this.
[CWR ECE URG ACK PSH RST SYN FIN]
mask = 0x12


   1. not-0, m-0  (data & mask) != 0 i.e. either SYN or ACK bits should
   have been set in TCP header.
   2. not-0, m-1  (data & mask)  == mask i.e. SYN and ACK bits both should
   be set in TCP header.
   3. not-1,m-0   (data & mask) == 0    i.e. both SYN and  ACK bits should
   not  be set in TCP header.
   4. not-1, m-1  (data & mask) != mask i.e. at least one of  SYN or ACK
   bits should not be set in TCP header.


Thanks,
Pavana.



On Thu, Feb 15, 2018 at 2:35 PM, PVLR Pavana Murthy <pvlrpm@gmail.com>
wrote:

> Hi Christoph,
>    Thanks a lot for the detailed explanation. That answers my question
> completely :-).
>
>
>
> On Thu, Feb 15, 2018 at 1:07 PM, Christoph Loibl <c@tix.at> wrote:
>
>> Hi Pavana,
>>
>> You can rather easily test the behaviour when you feed your case into the
>> python function:
>>
>> def main():
>>     fs1 = FS_nlri(components=[
>>         FS_component(component_type=IP_DESTINATION,
>> value=ipaddress.ip_network('88.88.88.0/24')),
>>         FS_component(component_type=4, value=bytearray([0x01, 0x46, 0x81,
>> 0x50]))
>>     ])
>>
>>     fs2 = FS_nlri(components=[
>>         FS_component(component_type=IP_DESTINATION,
>> value=ipaddress.ip_network('88.88.88.0/24')),
>>         FS_component(component_type=4, value=bytearray([0x03, 0x5a, 0xc5,
>> 0x6e]))
>>     ])
>>     print(flow_rule_cmp(fs1, fs2))
>>
>> What happens is (I refer to line numbers of the code in the github repo
>> https://github.com/stoffi92/flowspec-cmp/blob/master/flow_cmp.py :
>>
>> *) The IP components are compared and as you mentioned: no decision can
>> be made since the ip components are equal. (we reach line 74 for the equal
>> ip components and continue with the next iteration)
>>
>> *) The second component _types_ are equal but not IP (we end up in the
>> branch in line 80 since the components are type=4 and not 1 or 2)
>>
>> *) The length of the second components is compared and equal, so we
>> continue in line 82
>>
>> ** See below: this is basically where the compare that you asked for
>> happens **
>>
>> *) Now we come to the point where we compare the string of bytes one by
>> one. As long as they are equal. (this is basically what memcmp does - this
>> is not very explicit in the python code, since it is done by the <, >
>> operators for the bytearray implicitly)
>>
>> In your case what it does is, that it compares 0x01 to 0x03 and figures
>> out that 0x01 is the lower value so it takes the branch in line 84 and
>> returns with A_HAS_PRECEDENCE from line 85 (if both of your components
>> would start with 0x01 it would continue to the second byte and so on).
>>
>> Your first FS nlri has precedence because of the “lower” value.
>>
>> 01 *18 58 58 58* 04 *01 46 81 50  ----> Dst.Prefix: 88.88.88.0/24
>>> <http://88.88.88.0/24>  Port: 70 | 80*
>>>
>>>
>> Discamer: I assumed that you encoded the components themselfs correctly
>> (the 01 46 81 50 and 03 5a c5 6e)
>>
>> Does this answer your question?
>>
>> Christoph
>>
>> --
>> Christoph Loibl
>> c@tix.at | CL8-RIPE | PGP-Key-ID: 0x4B2C0055 | http://www.nextlayer.at
>>
>>
>>
>> On 15.02.2018, at 05:08, PVLR Pavana Murthy <pvlrpm@gmail.com> wrote:
>>
>> Hi Christoph,
>>   Even in the  RFC5575bis,  the following is given  for comparing
>> non-prefix type components.
>>
>>  else:
>>                # assuming comp_a.value, comp_b.value of type bytearray
>>                if len(comp_a.value) == len(comp_b.value):
>>                    if comp_a.value > comp_b.value:
>>                        return B_HAS_PRECEDENCE
>>                    if comp_a.value < comp_b.value:
>>                        return A_HAS_PRECEDENCE
>>                    # components equal -> continue with next component
>>                else:
>>                    common = min(len(comp_a.value), len(comp_b.value))
>>                    if comp_a.value[:common] > comp_b.value[:common]:
>>                        return B_HAS_PRECEDENCE
>>                    elif comp_a.value[:common] < comp_b.value[:common]:
>>                        return A_HAS_PRECEDENCE
>>                    # the first common bytes match
>>                    elif len(comp_a.value) > len(comp_b.value):
>>                        return A_HAS_PRECEDENCE
>>                    else:
>>                        return B_HAS_PRECEDENCE
>>
>>
>> *What is  comp_a.value here ? Is it the binary sting of [op, value]/[op,bitmask] or only value/bitmask ?*
>>
>>
>> Thanks,
>>
>> Pavana.
>>
>>
>> On Thu, Feb 15, 2018 at 3:11 AM, Christoph Loibl <c@tix.at> wrote:
>>
>>> Hi Pavana,
>>>
>>> Did you have a look into the actual code (thanks to Job’s comment) that
>>> is contained in the RFC5575bis draft which should be identical from the
>>> behaviour:
>>>
>>> https://tools.ietf.org/html/draft-ietf-idr-rfc5575bis-06
>>>
>>> Christoph
>>>
>>> --
>>> Christoph Loibl
>>> c@tix.at | CL8-RIPE | PGP-Key-ID: 0x4B2C0055 | http://www.nextlayer.at
>>>
>>>
>>>
>>> On 12.02.2018, at 12:03, PVLR Pavana Murthy <pvlrpm@gmail.com> wrote:
>>>
>>> Hello,
>>>   In the RFC 5575, the following is given for the comparing the Flowspec
>>> components of types other then prefix.
>>>
>>> } else {
>>> common =
>>> MIN(component_length(comp1), component_length(comp2));
>>> cmp = memcmp(data(comp1), data(comp2), common);
>>> // not equal, lowest value has precedence
>>> // equal, longest string has precedence
>>> }
>>>
>>>
>>> Here, what does *data* refrer to  ?
>>>
>>> Is it the binary form of 1) [op, value]> / [op, bitmask]  or 2) Just
>>> [value] / [bitmask]
>>>
>>> eg:
>>>
>>>
>>> 1)  01 *18 58 58 58* 04 *01 46 81 50  ----> Dst.Prefix: 88.88.88.0/24
>>> <http://88.88.88.0/24>  Port: 70 | 80*
>>>
>>> 2)  01* 18 58 58 58 *04* 03 5a c5 6e    ---->   Dst.Prefix:
>>> 88.88.88.0/24 <http://88.88.88.0/24>  Port: >=90 & <= 110*
>>>
>>> *In the above FS rules,  Dst. Prefix is same in both, so we need to
>>> compare the data of next type 4 (Port). *
>>> *So do we need to do memcmp of  (01 46 81 50) and  (03 5a c5 6e) ?*
>>>
>>> Thanks,
>>> Pavana*.*
>>>
>>>
>>>
>>> _______________________________________________
>>> Idr mailing list
>>> Idr@ietf.org
>>> https://www.ietf.org/mailman/listinfo/idr
>>>
>>>
>>>
>>
>>
>

v2.23.0 | Report a Bug | By Email