IETF Logo Mail Archive

Re: [sip-clf] draft-ietf-sipclf-format-01, Flag field

Gonzalo Salgueiro <gsalguei@cisco.com> Tue, 15 March 2011 21:43 UTC

Return-Path: <gsalguei@cisco.com>
X-Original-To: sip-clf@core3.amsl.com
Delivered-To: sip-clf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A05F63A6EC6 for <sip-clf@core3.amsl.com>; Tue, 15 Mar 2011 14:43:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -11.385
X-Spam-Level:
X-Spam-Status: No, score=-11.385 tagged_above=-999 required=5 tests=[AWL=1.213, BAYES_00=-2.599, GB_I_LETTER=-2, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VmnWfsackuVQ for <sip-clf@core3.amsl.com>; Tue, 15 Mar 2011 14:43:39 -0700 (PDT)
Received: from av-tac-rtp.cisco.com (hen.cisco.com [64.102.19.198]) by core3.amsl.com (Postfix) with ESMTP id 19C703A6B57 for <sip-clf@ietf.org>; Tue, 15 Mar 2011 14:43:39 -0700 (PDT)
X-TACSUNS: Virus Scanned
Received: from rooster.cisco.com (localhost.cisco.com [127.0.0.1]) by av-tac-rtp.cisco.com (8.13.8+Sun/8.13.8) with ESMTP id p2FLbWKW001211; Tue, 15 Mar 2011 17:37:32 -0400 (EDT)
Received: from rtp-gsalguei-8714.cisco.com (rtp-gsalguei-8714.cisco.com [10.116.61.53]) by rooster.cisco.com (8.13.8+Sun/8.13.8) with ESMTP id p2FLbVEV015554; Tue, 15 Mar 2011 17:37:31 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1082)
Content-Type: multipart/alternative; boundary="Apple-Mail-25--204695844"
From: Gonzalo Salgueiro <gsalguei@cisco.com>
In-Reply-To: <33E31883-E842-46C6-A849-748452FDED3A@magorcorp.com>
Date: Tue, 15 Mar 2011 17:37:31 -0400
Message-Id: <1143C00C-3085-42FE-B6FE-C4E66DAA83C8@cisco.com>
References: <AANLkTinaDKurSgbz3m5A2GV0k-zf21VAsRJzZXKTfH26@mail.gmail.com> <C664DEB6-88D5-44F1-88BC-C9FC123D72FE@cisco.com> <AANLkTi=RvWTVaaqBZwY1vEjZHU-smbXr3u-bMxLtSYG5@mail.gmail.com> <4CDB9960-FC4E-4197-AB64-C708BBE27D80@cisco.com> <33E31883-E842-46C6-A849-748452FDED3A@magorcorp.com>
To: Peter Musgrave <peter.musgrave@magorcorp.com>
X-Mailer: Apple Mail (2.1082)
Cc: "sip-clf@ietf.org Mailing" <sip-clf@ietf.org>
Subject: Re: [sip-clf] draft-ietf-sipclf-format-01, Flag field
X-BeenThere: sip-clf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SIP Common Log File format discussion list <sip-clf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sip-clf>
List-Post: <mailto:sip-clf@ietf.org>
List-Help: <mailto:sip-clf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Mar 2011 21:43:40 -0000

I agree Peter. Based on Ander's search example and some further thought on the matter has led me to the conclusion that we really do need to have these two separated. As far as the separate security field, I think it comes down to whether it is descriptive enough to say it is using TLS versus TLS over <blah>.

Gonzalo

On Mar 15, 2011, at 4:57 PM, Peter Musgrave wrote:

> Hi, 
> 
> I am a fan of keeping separate things separate. So I agree transport and send/receive would benefit from being untangled (IIRC, I may be the one responsible for entangling them).
> 
> The transport field was intended to match the SIP transport protocol - so I think one byte for UDP, TCP, TLS, SCTP is ok. 
> 
> I don't see the need to have a separate security field (since we already have TCP/TLS sharing a byte) - so I would continue in the same vein. It's not a biggie for me - so if others want a secure/not secure byte that would be okay. 
> 
> Peter Musgrave
> (as individual)
> 
> On 2011-03-15, at 3:58 PM, Gonzalo Salgueiro wrote:
> 
>> Anders - 
>> 
>> The notion of adding both SCTP and TLS the flag was brought up on the list back in October and it went unreplied to (far as I can tell). Here is the snippet:
>> 
>> Although, given that TLS can ride on top of UDP or TCP, we may want to think of a second letter added to "L" to
>> denote TLS-over-TCP and TLS-over-UDP (I doubt any implementations are using TLS-over-UDP for signaling only, but given that SCTP is starting
>> to appear in kernels, maybe our flags ought to be "u, t, s, lu, lt, ls, U, T, S, LU, LT, LS").
>> 
>> The fact that this is the second time this has been raised leads me to believe there is a need. I will raise this as a discussion topic in the upcoming meeting Prague.
>> 
>> Regards,
>> 
>> Gonzalo
>> 
>> 
>> On Mar 15, 2011, at 3:13 PM, Anders Nygren wrote:
>> 
>>> On Tue, Mar 15, 2011 at 12:38 PM, Gonzalo Salgueiro <gsalguei@cisco.com> wrote:
>>>> 
>>>> On Mar 15, 2011, at 1:49 PM, Anders Nygren wrote:
>>>> 
>>>> Hi
>>>> I will start writing one email for each issue in order to make it
>>>> easier to track the different discussions.
>>>> 
>>>> Thanks. That should help.
>>>> 
>>>> I would like to propose that the Flag Field is moved from the
>>>> <IndexPointers> to <MandatoryFields>. That way the <IndexPointers>
>>>> will be pure metadata that can be ignored if wanted and all interesting
>>>> data about the message is in the second line of the record.
>>>> 
>>>> I have no real preference on this one. I'll let others weigh in with their
>>>> thoughts.
>>>> 
>>>> Also I think it would be good to change the Sent/Received flag from
>>>> 
>>>> Sent/Received flag
>>>> 
>>>>         u = received UDP mesage
>>>>         t = received TCP mesage
>>>>         l = received TLS mesage
>>>>         U = sent UDP mesage
>>>>         T = sent TCP mesage
>>>>         L = sent TLS mesage
>>>> 
>>>> To
>>>> Sent/Received flag [1 byte]
>>>>         r = received message
>>>>         s = sent message
>>>> 
>>>> And add
>>>> Protocol [1 byte]
>>>>         u = UDP
>>>>         t = TCP
>>>>         l = TLS
>>>> 
>>>> Since the proposed CLF already requires quite a lot of space there is
>>>> little reason to
>>>> try to pack different parameters into the same byte.
>>>> 
>>>> This is what was proposed early on, but the group decided on consolidating
>>>> the two. I'm not violently opposed or in favor of either, but I don't see
>>>> any real benefit to separating the two out since all permutations are
>>>> covered in a single easy byte.
>>> 
>>> It is not a big deal but for instance if You want to find all sent messages it
>>> is 3 tests instead of one for each record, (and if we add SCTP, see below),
>>> then it would be 4. And when searching for all messages on a specific protocol
>>> it is 2 tests instead of one.
>>> 
>>> A quick check found RFC 4168, "The Stream Control Transmission
>>> Protocol (SCTP) as a Transport for the Session Initiation Protocol
>>> (SIP)"
>>> 
>>> So maybe SCTP should be added as a protocol. I do not know if there is something
>>> similar to TLS over SCTP, but I suspect things may get messy with a lot of
>>> permutations in the future.
>>> 
>>> So maybe we should consider 3 parameters
>>> send/receive    sent, received
>>> protocol           tcp, udp, sctp
>>> secure             encrypted, plain text
>>> 
>>> /Anders
>>> 
>>>> Regards,
>>>> Gonzalo
>>>> 
>>>> /Anders
>>>> _______________________________________________
>>>> sip-clf mailing list
>>>> sip-clf@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/sip-clf
>>>> 
>>>> 
>> 
>> _______________________________________________
>> sip-clf mailing list
>> sip-clf@ietf.org
>> https://www.ietf.org/mailman/listinfo/sip-clf
>

v2.23.0 | Report a Bug | By Email