Re: [sip-clf] draft-ietf-sipclf-format-01, Flag field
Anders Nygren <anders.nygren@gmail.com> Tue, 15 March 2011 22:00 UTC
Return-Path: <anders.nygren@gmail.com>
X-Original-To: sip-clf@core3.amsl.com
Delivered-To: sip-clf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 46FE93A6E24 for <sip-clf@core3.amsl.com>; Tue, 15 Mar 2011 15:00:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.407
X-Spam-Level:
X-Spam-Status: No, score=-4.407 tagged_above=-999 required=5 tests=[AWL=1.192, BAYES_00=-2.599, GB_I_LETTER=-2, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZOtr26gDfunW for <sip-clf@core3.amsl.com>; Tue, 15 Mar 2011 15:00:08 -0700 (PDT)
Received: from mail-ww0-f44.google.com (mail-ww0-f44.google.com [74.125.82.44]) by core3.amsl.com (Postfix) with ESMTP id 73EEE3A6EEB for <sip-clf@ietf.org>; Tue, 15 Mar 2011 15:00:07 -0700 (PDT)
Received: by wwa36 with SMTP id 36so891916wwa.13 for <sip-clf@ietf.org>; Tue, 15 Mar 2011 15:01:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=ImlKCPLHLjm5ltlcmIpOY1xfOwtI+JT7eFk0+5DomAc=; b=PMtHIvxLovcuZ6jecsHgf1h5xxd/QLr4VJavqsFR2PCWiTkvNV62NfnBctKE8DtUq8 yCbFwRH3i0IR5d6Y48+nNCpstfUkIdP2UPE5jsFLBOEuOsy9aTOGUwRTOXXFxC8DyIYT IIfpKlB+a6/yxml1jmvTz+nVcuSe68ArL7dX8=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=BkLZ3yEoxgL3ETZphqHGQWB5wCE1hFR2cYlYdgAveqAFmju4DHZdIP/vk/UuhVlE90 UQQP+ypIPfMWNBf7y8UECjfipYQvxZFVGhA8AcIUGjn32JV5RkabMDKqDsUuUSyRGeMN ok5wiEDZe5QcyrQcJuBwmvi/nsGVU8RAANezs=
MIME-Version: 1.0
Received: by 10.216.221.92 with SMTP id q70mr12211738wep.107.1300226492330; Tue, 15 Mar 2011 15:01:32 -0700 (PDT)
Received: by 10.216.25.17 with HTTP; Tue, 15 Mar 2011 15:01:32 -0700 (PDT)
In-Reply-To: <1143C00C-3085-42FE-B6FE-C4E66DAA83C8@cisco.com>
References: <AANLkTinaDKurSgbz3m5A2GV0k-zf21VAsRJzZXKTfH26@mail.gmail.com> <C664DEB6-88D5-44F1-88BC-C9FC123D72FE@cisco.com> <AANLkTi=RvWTVaaqBZwY1vEjZHU-smbXr3u-bMxLtSYG5@mail.gmail.com> <4CDB9960-FC4E-4197-AB64-C708BBE27D80@cisco.com> <33E31883-E842-46C6-A849-748452FDED3A@magorcorp.com> <1143C00C-3085-42FE-B6FE-C4E66DAA83C8@cisco.com>
Date: Tue, 15 Mar 2011 16:01:32 -0600
Message-ID: <AANLkTiknCiZGLWMCg8CacGb3xDbFEbH9hgqqoSutKXx_@mail.gmail.com>
From: Anders Nygren <anders.nygren@gmail.com>
To: Gonzalo Salgueiro <gsalguei@cisco.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: "sip-clf@ietf.org Mailing" <sip-clf@ietf.org>
Subject: Re: [sip-clf] draft-ietf-sipclf-format-01, Flag field
X-BeenThere: sip-clf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SIP Common Log File format discussion list <sip-clf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sip-clf>
List-Post: <mailto:sip-clf@ietf.org>
List-Help: <mailto:sip-clf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Mar 2011 22:00:11 -0000
On Tue, Mar 15, 2011 at 3:37 PM, Gonzalo Salgueiro <gsalguei@cisco.com> wrote: > I agree Peter. Based on Ander's search example and some further thought on > the matter has led me to the conclusion that we really do need to have these > two separated. As far as the separate security field, I think it comes down > to whether it is descriptive enough to say it is using TLS versus TLS over > <blah>. Since TLS can be run over TCP, UDP or SCTP, (I don't know if all alternatives apply for SIP), I think it may be useful to separate the transport protocol from the encryption. It is not something I feel very strongly about but I prefer to keep things separate and orthogonal. /Anders > Gonzalo > On Mar 15, 2011, at 4:57 PM, Peter Musgrave wrote: > > Hi, > I am a fan of keeping separate things separate. So I agree transport and > send/receive would benefit from being untangled (IIRC, I may be the one > responsible for entangling them). > The transport field was intended to match the SIP transport protocol - so I > think one byte for UDP, TCP, TLS, SCTP is ok. > I don't see the need to have a separate security field (since we already > have TCP/TLS sharing a byte) - so I would continue in the same vein. It's > not a biggie for me - so if others want a secure/not secure byte that would > be okay. > Peter Musgrave > (as individual) > On 2011-03-15, at 3:58 PM, Gonzalo Salgueiro wrote: > > Anders - > The notion of adding both SCTP and TLS the flag was brought up on the list > back in October and it went unreplied to (far as I can tell). Here is the > snippet: > Although, given that TLS can ride on top of UDP or TCP, we may want to think > of a second letter added to "L" to > denote TLS-over-TCP and TLS-over-UDP (I doubt any implementations are using > TLS-over-UDP for signaling only, but given that SCTP is starting > to appear in kernels, maybe our flags ought to be "u, t, s, lu, lt, ls, U, > T, S, LU, LT, LS"). > The fact that this is the second time this has been raised leads me to > believe there is a need. I will raise this as a discussion topic in the > upcoming meeting Prague. > Regards, > Gonzalo > > On Mar 15, 2011, at 3:13 PM, Anders Nygren wrote: > > On Tue, Mar 15, 2011 at 12:38 PM, Gonzalo Salgueiro <gsalguei@cisco.com> > wrote: > > On Mar 15, 2011, at 1:49 PM, Anders Nygren wrote: > > Hi > > I will start writing one email for each issue in order to make it > > easier to track the different discussions. > > Thanks. That should help. > > I would like to propose that the Flag Field is moved from the > > <IndexPointers> to <MandatoryFields>. That way the <IndexPointers> > > will be pure metadata that can be ignored if wanted and all interesting > > data about the message is in the second line of the record. > > I have no real preference on this one. I'll let others weigh in with their > > thoughts. > > Also I think it would be good to change the Sent/Received flag from > > Sent/Received flag > > u = received UDP mesage > > t = received TCP mesage > > l = received TLS mesage > > U = sent UDP mesage > > T = sent TCP mesage > > L = sent TLS mesage > > To > > Sent/Received flag [1 byte] > > r = received message > > s = sent message > > And add > > Protocol [1 byte] > > u = UDP > > t = TCP > > l = TLS > > Since the proposed CLF already requires quite a lot of space there is > > little reason to > > try to pack different parameters into the same byte. > > This is what was proposed early on, but the group decided on consolidating > > the two. I'm not violently opposed or in favor of either, but I don't see > > any real benefit to separating the two out since all permutations are > > covered in a single easy byte. > > It is not a big deal but for instance if You want to find all sent messages > it > is 3 tests instead of one for each record, (and if we add SCTP, see below), > then it would be 4. And when searching for all messages on a specific > protocol > it is 2 tests instead of one. > > A quick check found RFC 4168, "The Stream Control Transmission > Protocol (SCTP) as a Transport for the Session Initiation Protocol > (SIP)" > > So maybe SCTP should be added as a protocol. I do not know if there is > something > similar to TLS over SCTP, but I suspect things may get messy with a lot of > permutations in the future. > > So maybe we should consider 3 parameters > send/receive sent, received > protocol tcp, udp, sctp > secure encrypted, plain text > > /Anders > > Regards, > > Gonzalo > > /Anders > > _______________________________________________ > > sip-clf mailing list > > sip-clf@ietf.org > > https://www.ietf.org/mailman/listinfo/sip-clf > > > > _______________________________________________ > sip-clf mailing list > sip-clf@ietf.org > https://www.ietf.org/mailman/listinfo/sip-clf > > >
- [sip-clf] draft-ietf-sipclf-format-01, Flag field Anders Nygren
- Re: [sip-clf] draft-ietf-sipclf-format-01, Flag f… Gonzalo Salgueiro
- Re: [sip-clf] draft-ietf-sipclf-format-01, Flag f… Anders Nygren
- Re: [sip-clf] draft-ietf-sipclf-format-01, Flag f… Gonzalo Salgueiro
- Re: [sip-clf] draft-ietf-sipclf-format-01, Flag f… Peter Musgrave
- Re: [sip-clf] draft-ietf-sipclf-format-01, Flag f… Gonzalo Salgueiro
- Re: [sip-clf] draft-ietf-sipclf-format-01, Flag f… Anders Nygren
- Re: [sip-clf] draft-ietf-sipclf-format-01, Flag f… Anders Nygren
- Re: [sip-clf] draft-ietf-sipclf-format-01, Flag f… Gonzalo Salgueiro