IETF Logo Mail Archive

Re: [sip-clf] draft-ietf-sipclf-format-01, Flag field

Gonzalo Salgueiro <gsalguei@cisco.com> Tue, 15 March 2011 19:57 UTC

Return-Path: <gsalguei@cisco.com>
X-Original-To: sip-clf@core3.amsl.com
Delivered-To: sip-clf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B2A7A3A6E17 for <sip-clf@core3.amsl.com>; Tue, 15 Mar 2011 12:57:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -11.298
X-Spam-Level:
X-Spam-Status: No, score=-11.298 tagged_above=-999 required=5 tests=[AWL=1.300, BAYES_00=-2.599, GB_I_LETTER=-2, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1PVKRb0p9iQd for <sip-clf@core3.amsl.com>; Tue, 15 Mar 2011 12:57:18 -0700 (PDT)
Received: from av-tac-rtp.cisco.com (hen.cisco.com [64.102.19.198]) by core3.amsl.com (Postfix) with ESMTP id 3D9173A6B49 for <sip-clf@ietf.org>; Tue, 15 Mar 2011 12:57:18 -0700 (PDT)
X-TACSUNS: Virus Scanned
Received: from rooster.cisco.com (localhost.cisco.com [127.0.0.1]) by av-tac-rtp.cisco.com (8.13.8+Sun/8.13.8) with ESMTP id p2FJweh4022077; Tue, 15 Mar 2011 15:58:41 -0400 (EDT)
Received: from rtp-gsalguei-8714.cisco.com (rtp-gsalguei-8714.cisco.com [10.116.61.53]) by rooster.cisco.com (8.13.8+Sun/8.13.8) with ESMTP id p2FJwejh001158; Tue, 15 Mar 2011 15:58:40 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1082)
Content-Type: multipart/alternative; boundary="Apple-Mail-20--210627528"
From: Gonzalo Salgueiro <gsalguei@cisco.com>
In-Reply-To: <AANLkTi=RvWTVaaqBZwY1vEjZHU-smbXr3u-bMxLtSYG5@mail.gmail.com>
Date: Tue, 15 Mar 2011 15:58:39 -0400
Message-Id: <4CDB9960-FC4E-4197-AB64-C708BBE27D80@cisco.com>
References: <AANLkTinaDKurSgbz3m5A2GV0k-zf21VAsRJzZXKTfH26@mail.gmail.com> <C664DEB6-88D5-44F1-88BC-C9FC123D72FE@cisco.com> <AANLkTi=RvWTVaaqBZwY1vEjZHU-smbXr3u-bMxLtSYG5@mail.gmail.com>
To: Anders Nygren <anders.nygren@gmail.com>
X-Mailer: Apple Mail (2.1082)
Cc: "sip-clf@ietf.org Mailing" <sip-clf@ietf.org>
Subject: Re: [sip-clf] draft-ietf-sipclf-format-01, Flag field
X-BeenThere: sip-clf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SIP Common Log File format discussion list <sip-clf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sip-clf>
List-Post: <mailto:sip-clf@ietf.org>
List-Help: <mailto:sip-clf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Mar 2011 19:57:21 -0000

Anders - 

The notion of adding both SCTP and TLS the flag was brought up on the list back in October and it went unreplied to (far as I can tell). Here is the snippet:

Although, given that TLS can ride on top of UDP or TCP, we may want to think of a second letter added to "L" to
denote TLS-over-TCP and TLS-over-UDP (I doubt any implementations are using TLS-over-UDP for signaling only, but given that SCTP is starting
to appear in kernels, maybe our flags ought to be "u, t, s, lu, lt, ls, U, T, S, LU, LT, LS").

The fact that this is the second time this has been raised leads me to believe there is a need. I will raise this as a discussion topic in the upcoming meeting Prague.

Regards,

Gonzalo


On Mar 15, 2011, at 3:13 PM, Anders Nygren wrote:

> On Tue, Mar 15, 2011 at 12:38 PM, Gonzalo Salgueiro <gsalguei@cisco.com> wrote:
>> 
>> On Mar 15, 2011, at 1:49 PM, Anders Nygren wrote:
>> 
>> Hi
>> I will start writing one email for each issue in order to make it
>> easier to track the different discussions.
>> 
>> Thanks. That should help.
>> 
>> I would like to propose that the Flag Field is moved from the
>> <IndexPointers> to <MandatoryFields>. That way the <IndexPointers>
>> will be pure metadata that can be ignored if wanted and all interesting
>> data about the message is in the second line of the record.
>> 
>> I have no real preference on this one. I'll let others weigh in with their
>> thoughts.
>> 
>> Also I think it would be good to change the Sent/Received flag from
>> 
>> Sent/Received flag
>> 
>>         u = received UDP mesage
>>         t = received TCP mesage
>>         l = received TLS mesage
>>         U = sent UDP mesage
>>         T = sent TCP mesage
>>         L = sent TLS mesage
>> 
>> To
>> Sent/Received flag [1 byte]
>>         r = received message
>>         s = sent message
>> 
>> And add
>> Protocol [1 byte]
>>         u = UDP
>>         t = TCP
>>         l = TLS
>> 
>> Since the proposed CLF already requires quite a lot of space there is
>> little reason to
>> try to pack different parameters into the same byte.
>> 
>> This is what was proposed early on, but the group decided on consolidating
>> the two. I'm not violently opposed or in favor of either, but I don't see
>> any real benefit to separating the two out since all permutations are
>> covered in a single easy byte.
> 
> It is not a big deal but for instance if You want to find all sent messages it
> is 3 tests instead of one for each record, (and if we add SCTP, see below),
> then it would be 4. And when searching for all messages on a specific protocol
> it is 2 tests instead of one.
> 
> A quick check found RFC 4168, "The Stream Control Transmission
> Protocol (SCTP) as a Transport for the Session Initiation Protocol
> (SIP)"
> 
> So maybe SCTP should be added as a protocol. I do not know if there is something
> similar to TLS over SCTP, but I suspect things may get messy with a lot of
> permutations in the future.
> 
> So maybe we should consider 3 parameters
> send/receive    sent, received
> protocol           tcp, udp, sctp
> secure             encrypted, plain text
> 
> /Anders
> 
>> Regards,
>> Gonzalo
>> 
>> /Anders
>> _______________________________________________
>> sip-clf mailing list
>> sip-clf@ietf.org
>> https://www.ietf.org/mailman/listinfo/sip-clf
>> 
>>

v2.23.0 | Report a Bug | By Email