Re: [manet] Proposed text for Errata 6472 (and friends)
"Sipos, Brian J." <Brian.Sipos@jhuapl.edu> Fri, 19 November 2021 20:20 UTC
Return-Path: <Brian.Sipos@jhuapl.edu>
X-Original-To: manet@ietfa.amsl.com
Delivered-To: manet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 752EE3A0A7B for <manet@ietfa.amsl.com>; Fri, 19 Nov 2021 12:20:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=jhuapl.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gYaE6eQ19Ydi for <manet@ietfa.amsl.com>; Fri, 19 Nov 2021 12:20:45 -0800 (PST)
Received: from aplegw01.jhuapl.edu (aplegw01.jhuapl.edu [128.244.251.168]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 998D33A0A79 for <manet@ietf.org>; Fri, 19 Nov 2021 12:20:45 -0800 (PST)
Received: from pps.filterd (aplegw01.jhuapl.edu [127.0.0.1]) by aplegw01.jhuapl.edu (8.16.0.43/8.16.0.43) with SMTP id 1AJKFn4r142043; Fri, 19 Nov 2021 15:20:43 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jhuapl.edu; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=JHUAPLDec2018; bh=8AU3gcVUxt+JIqkJb9QI+lzO7eGQSHcixVU7P1syS9c=; b=SvyRV4LcGza6Z7PNkCzPEjp/ZHo0lpUC4nmhzWDZ0+Q1soxpQdnoeO+p9r8Ca0UQ0K2h zGVFBqxIa5RS2hKSf2KUWEp1BVP8oSsIhGjxWYRI28IY6EN61o9HIIVu2ESDLk/LCfmc 5GDz21v+MJah85fRTUwhon3IYqufED080+XKb8tpK8OMCHL9xwW5CsYHyRTbt0pX3Wy9 smJ86EjMMsfA8YCk0jlhY8YgmKTveiLhvm3cQa5M+UXLXty8p4W5GROaqcjAV+WDXSw/ 8lQUwyURXMsM/bcuWrRg0llVsK+WeW2uXg2F85iMaS5crGIRii6I7Xcq9dEwH80QYXlS Uw==
Received: from aplex29.dom1.jhuapl.edu (aplex29.dom1.jhuapl.edu [10.114.162.14]) by aplegw01.jhuapl.edu with ESMTP id 3ccfw3kdrf-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 19 Nov 2021 15:20:43 -0500
Received: from APLEX21.dom1.jhuapl.edu (10.114.162.6) by APLEX29.dom1.jhuapl.edu (10.114.162.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.922.13; Fri, 19 Nov 2021 15:20:43 -0500
Received: from APLEX21.dom1.jhuapl.edu ([fe80::3c73:f90:20fa:eda1]) by APLEX21.dom1.jhuapl.edu ([fe80::3c73:f90:20fa:eda1%5]) with mapi id 15.02.0922.013; Fri, 19 Nov 2021 15:20:43 -0500
From: "Sipos, Brian J." <Brian.Sipos@jhuapl.edu>
To: Rick Taylor <rick@tropicalstormsoftware.com>, Henning Rogge <hrogge@gmail.com>
CC: "manet@ietf.org" <manet@ietf.org>
Thread-Topic: [manet] Proposed text for Errata 6472 (and friends)
Thread-Index: AQHX3SlSCLoW5cMnPUGeSvmfPXFo6KwLC5Bw
Date: Fri, 19 Nov 2021 20:20:43 +0000
Message-ID: <4eaa1ca62ad44a2b96fa4b2e538b072f@jhuapl.edu>
References: <38A5475DE83986499AEACD2CFAFC3F98020B1B9639@tss-server1.home.tropicalstormsoftware.com> <7a3901baf5da4bbeb23adee80a5be596@jhuapl.edu> <CAGnRvurGXxcmbX_s5btwvvTvXnta50Zj=dzOBnM1TkuEW4RT8A@mail.gmail.com> <38A5475DE83986499AEACD2CFAFC3F98020B1BB18D@tss-server1.home.tropicalstormsoftware.com>
In-Reply-To: <38A5475DE83986499AEACD2CFAFC3F98020B1BB18D@tss-server1.home.tropicalstormsoftware.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.162.26]
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_0170_01D7DD59.03DFB7A0"
MIME-Version: 1.0
X-CrossPremisesHeadersFilteredBySendConnector: APLEX29.dom1.jhuapl.edu
X-OrganizationHeadersPreserved: APLEX29.dom1.jhuapl.edu
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.425, 18.0.790 definitions=2021-11-19_10:2021-11-17, 2021-11-19 signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/manet/hYvWtAT-CYsftnk0Xv8XQ4F1YPY>
Subject: Re: [manet] Proposed text for Errata 6472 (and friends)
X-BeenThere: manet@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Mobile Ad-hoc Networks <manet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/manet>, <mailto:manet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/manet/>
List-Post: <mailto:manet@ietf.org>
List-Help: <mailto:manet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/manet>, <mailto:manet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Nov 2021 20:20:51 -0000
Rick, All of these details make sense and I don't disagree with any of the discussion. I believe it would just be helpful for the spec to fully define the Peer Offer source UDP port so that, for example, a Router can configure a firewall and know that things are going to work. If I know that a modem (of some type) is "operating on" UDP and TCP port X, then I can configure my router firewall to allow inbound UDP source port X and not run into a situation where the modem sends UDP from some other port that my firewall will drop. I agree that the UDP source port could be anything and the router application doesn't care; and I expect that current implementations are already responding with a well-defined source port as your notional example shows. It’s the middle-boxes between modem and router application that could be an issue if the port is left unconstrained (when a Connection Point is present within). This is especially true because the Peer Discovery uses a multicast address, so there is no "UDP conversation" to follow from a middle-box's perspective. -----Original Message----- From: Rick Taylor <rick@tropicalstormsoftware.com> Sent: Friday, November 19, 2021 4:39 AM To: Henning Rogge <hrogge@gmail.com>; Sipos, Brian J. <Brian.Sipos@jhuapl.edu> Cc: manet@ietf.org Subject: [EXT] RE: [manet] Proposed text for Errata 6472 (and friends) APL external email warning: Verify sender rick@tropicalstormsoftware.com before clicking links or attachments Hi Both, IPv4/6 Connection Point data items contain a port number, so there is no confusion about which port to use to establish the TCP session when the Data Item is included in the response. The Source IP/port in the response is irrelevant - it just needs to be 'valid' (i.e. not multicast, etc). The source port can be ephemeral, as nothing is listening for anything further on that port. When Connection Point data items are missing, set the Source IP/Port of the Peer Offer response packet to the TCP IP/port combo that is listening for the TCP session connect(). In most cases, that will be the same IP address and port (854) as the Discovery UDP is using, so there is little to do programmatically, it's only difficult when the ports are different. In either case, always set the destination IP/port to the Source combo of the original Discovery signal. When writing this using the BSD sockets API, a lot of this ephemeral port detail is skipped thanks to the API. As a modem: 1. Create a S1 = socket(UDP) 2. bind(S1) to DLEP interface, port 854. 3. Join the multicast group 4. recvfrom(S1, Peer Discovery) 5a. If we use Connection Point Data Items, or use the same address and port 854 for the TCP session: sendto(S1, Peer offer) to source sockaddr of the received packet. 5b. Else: create a new S2 = socket(UDP) and bind(S2) to DLEP interface, UDP port = custom TCP port, then sendto(S2, Peer offer) to source sockaddr of the received packet. Does that help? Cheers, Rick > -----Original Message----- > From: Henning Rogge [mailto:hrogge@gmail.com] > Sent: 19 November 2021 08:44 > To: Sipos, Brian J. > Cc: Rick Taylor; manet@ietf.org > Subject: Re: [manet] Proposed text for Errata 6472 (and friends) > > You cannot do the receiver for the UDP discovery packets on an > ephemeral port anyways... wouldn't it be the usual thing just use the > same socket for sending the unicast reply? > > Henning Rogge > > On Tue, Nov 16, 2021 at 11:26 PM Sipos, Brian J. > <Brian.Sipos@jhuapl.edu> > wrote: > > > > Rick, > > For the first condition (connection point is present) there is still > > a lack of preference for UDP port number, which leaves things open. > > Can the source > UDP > > port in that case be required (even a SHOULD would help) to be the > > same > port > > number listened-for by the modem (i.e. the destination the port > > number of > the > > Peer Discovery Signal)? > > > > In a typical case, I expect the modem would be listening on standard > > UDP > port > > 854 so the Peer Offer would have a source port of 854. This makes > > things easier on traffic monitors so that it's not a UDP datagram > > from ephemeral-to-ephemeral port. It could also simplify > > implementation > because the > > listening bound socket would also be usable for sending the response. > > > > Thanks, > > Brian S. > > > > -----Original Message----- > > From: manet <manet-bounces@ietf.org> On Behalf Of Rick Taylor > > Sent: Friday, November 12, 2021 11:36 AM > > To: manet@ietf.org > > Subject: [EXT] [manet] Proposed text for Errata 6472 (and friends) > > > > APL external email warning: Verify sender manet-bounces@ietf.org > > before clicking links or attachments > > > > Hi All, > > > > Here is my proposed text for the raised Errata. Please review and > comment, as > > there are particular combinations of if/MUST/else that can be confusing. > > > > ------ > > Section 12.4, para 2. Replace with: > > > > A Peer Offer Signal MUST be encoded within a UDP packet. The > > destination > IP > > address and UDP port of the packet MUST be the source IP address and > UDP port > > of the received Peer Discovery Signal packet. If the modem includes > > IPv4 or > > IPv6 Connection Point Data Items in the Peer Offer Signal then the > > source IP address and UDP port of the packet may be any valid local > > UDP > address/port > > combination. If the Peer Offer Signal does not include IPv4 or IPv6 > > Connection Point Data Items, then the source IP address and UDP port > > of > the > > packet MUST be set to the unicast IP address and TCP port the router > > MUST > use > > when connecting the DLEP TCP session, as defined in Section 7.1. > > The Peer Offer Signal completes the discovery process. > > ----- > > > > Cheers, > > > > Rick > > > > _______________________________________________ > > manet mailing list > > manet@ietf.org > > https://www.ietf.org/mailman/listinfo/manet > > _______________________________________________ > > manet mailing list > > manet@ietf.org > > https://www.ietf.org/mailman/listinfo/manet
- [manet] Proposed text for Errata 6472 (and friend… Rick Taylor
- Re: [manet] Proposed text for Errata 6472 (and fr… Sipos, Brian J.
- Re: [manet] Proposed text for Errata 6472 (and fr… Henning Rogge
- Re: [manet] Proposed text for Errata 6472 (and fr… Rick Taylor
- Re: [manet] Proposed text for Errata 6472 (and fr… Henning Rogge
- Re: [manet] Proposed text for Errata 6472 (and fr… Sipos, Brian J.
- Re: [manet] Proposed text for Errata 6472 (and fr… Henning Rogge
- Re: [manet] [EXT] Re: Proposed text for Errata 64… Sipos, Brian J.
- Re: [manet] [EXT] Re: Proposed text for Errata 64… Don Fedyk
- Re: [manet] [EXT] Re: Proposed text for Errata 64… Sipos, Brian J.