IETF Logo Mail Archive

Re: [radext] Review of draft-ietf-radext-bigger-packets-02.txt

Alan DeKok <aland@deployingradius.com> Thu, 26 February 2015 16:21 UTC

Return-Path: <aland@deployingradius.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 043A01A871A for <radext@ietfa.amsl.com>; Thu, 26 Feb 2015 08:21:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bTKVRvxjTKxA for <radext@ietfa.amsl.com>; Thu, 26 Feb 2015 08:21:11 -0800 (PST)
Received: from power.freeradius.org (power.freeradius.org [195.154.231.44]) by ietfa.amsl.com (Postfix) with ESMTP id C72131A1BD1 for <radext@ietf.org>; Thu, 26 Feb 2015 08:21:10 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by power.freeradius.org (Postfix) with ESMTP id 1881622403C7; Thu, 26 Feb 2015 17:21:10 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at power.freeradius.org
Received: from power.freeradius.org ([127.0.0.1]) by localhost (power.freeradius.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GmbmiMzSmGRe; Thu, 26 Feb 2015 17:21:09 +0100 (CET)
Received: from [192.168.20.59] (69-196-165-104.dsl.teksavvy.com [69.196.165.104]) by power.freeradius.org (Postfix) with ESMTPSA id 203052240084; Thu, 26 Feb 2015 17:21:08 +0100 (CET)
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Alan DeKok <aland@deployingradius.com>
In-Reply-To: <54EF26A3.6040502@um.es>
Date: Thu, 26 Feb 2015 11:21:07 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <CFC9B8C6-3DF9-4A77-9EBD-DB72A75F2EA0@deployingradius.com>
References: <54EF26A3.6040502@um.es>
To: Alejandro Perez Mendez <alex@um.es>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/radext/DcObVSpb3Uwqur_1iK_PVYzVsSg>
Cc: "radext@ietf.org" <radext@ietf.org>
Subject: Re: [radext] Review of draft-ietf-radext-bigger-packets-02.txt
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Feb 2015 16:21:15 -0000

On Feb 26, 2015, at 8:58 AM, Alejandro Perez Mendez <alex@um.es> wrote:
> 13. Section 4. It is not clear to me what's the purpose of the Original-Packet-Code attribute. It is mentioned in the text, and described which values it should take. However, it is not explained how this value is used.

  The problem is that there are multiple packet types (Access-Request, Accounting-Request, etc.) which could theoretically trigger a Protocol-Error response.  We can’t send a normal response (Access-Reject, Accounting-Response), because the error is in the *transport* stage.  So we have to send a Protocol-Error packet.

  But… we don’t want multiple protocol error codes.  e.g. Access-Request-Protocol-Error, Accounting-Request-Protocol-Error, etc.  We just want Protocol-Error.

  The problem then becomes how do you match Protocol-Error to an original packet?  RADIUS/TCP allows for Access-Request and Accounting-Request packets to share the same TCP connection.  So if the client receives Protocol-Error with ID 34, is it for Access-Request ID 34, or Accounting-Request ID 34?

  Putting the Original-Packet-Code into Protocol-Error solves this problem.  The client can now look up the original packet code (Access-Request or Accounting-Request), along with the ID (34), and get the original packet.

  Alan DeKok.

v2.23.0 | Report a Bug | By Email