IETF Logo Mail Archive

Re: [sip-clf] Vendor extensions in draft-ietf-sipclf-format-01.txt

Chris Lonvick <clonvick@cisco.com> Wed, 16 March 2011 19:35 UTC

Return-Path: <clonvick@cisco.com>
X-Original-To: sip-clf@core3.amsl.com
Delivered-To: sip-clf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EA49B3A6A85 for <sip-clf@core3.amsl.com>; Wed, 16 Mar 2011 12:35:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -109.449
X-Spam-Level:
X-Spam-Status: No, score=-109.449 tagged_above=-999 required=5 tests=[AWL=-1.150, BAYES_00=-2.599, MANGLED_PENIS=2.3, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V1+mHFHx3pkm for <sip-clf@core3.amsl.com>; Wed, 16 Mar 2011 12:35:09 -0700 (PDT)
Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com [171.71.176.117]) by core3.amsl.com (Postfix) with ESMTP id 50E353A6A76 for <sip-clf@ietf.org>; Wed, 16 Mar 2011 12:35:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=clonvick@cisco.com; l=6345; q=dns/txt; s=iport; t=1300304192; x=1301513792; h=date:from:to:cc:subject:in-reply-to:message-id: references:mime-version; bh=qTmbM1i7a3PXciLJ1Tt97okI4rWTV2RBtY8tUC4DtqI=; b=Czbuk12/OaYgFeXyW/uk9uBrFGMhVaLPXyZSDsl1qP89iLBlDTONt4x9 YDb85lt3cSeMUdIolh9ffIXuntWbDwqzBRLFD42R4JII0kN/GRfZSb2pP t6EJg6nHuY7Tu+5f8TOtCAw2Nxiao6HdTMHqwoH9NFAbFUsmhQt+m3gt7 k=;
X-IronPort-AV: E=Sophos;i="4.63,195,1299456000"; d="scan'208";a="667818584"
Received: from rcdn-core-2.cisco.com ([173.37.93.153]) by sj-iport-6.cisco.com with ESMTP; 16 Mar 2011 19:36:32 +0000
Received: from sjc-cde-011.cisco.com (sjc-cde-011.cisco.com [171.69.16.68]) by rcdn-core-2.cisco.com (8.14.3/8.14.3) with ESMTP id p2GJaVKe005825; Wed, 16 Mar 2011 19:36:31 GMT
Date: Wed, 16 Mar 2011 12:36:31 -0700
From: Chris Lonvick <clonvick@cisco.com>
To: Gonzalo Salgueiro <gsalguei@cisco.com>
In-Reply-To: <E7D0A5D2-07B2-40DD-A7C8-2DF9FFC35CB4@cisco.com>
Message-ID: <Pine.GSO.4.63.1103150805050.29330@sjc-cde-011.cisco.com>
References: <AANLkTi=4NSXhgqAg75EUkWt6K0jdg4Kgcy6B37vyTMit@mail.gmail.com> <75DCC5B8-DB67-42AD-A6F2-F972FCFD5AB3@cisco.com> <AANLkTi=4d+uJ5kVXjiT-8eUzO_-5xWw3Lr23vo5cHiLH@mail.gmail.com> <E7D0A5D2-07B2-40DD-A7C8-2DF9FFC35CB4@cisco.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
Cc: "sip-clf@ietf.org Mailing" <sip-clf@ietf.org>
Subject: Re: [sip-clf] Vendor extensions in draft-ietf-sipclf-format-01.txt
X-BeenThere: sip-clf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SIP Common Log File format discussion list <sip-clf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sip-clf>
List-Post: <mailto:sip-clf@ietf.org>
List-Help: <mailto:sip-clf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Mar 2011 19:35:17 -0000

Hi,

Sorry for the delay in responding - busy with the day job.  :-)

I see where you're going with this.  You could preclude the 0x2C character 
from the VendorID, and you could establish a fixed length for the 
VendorID, but even with that you're still going to have to do a search 
ahead to see if there is a 0x40 (@) in the field to determine if it's a 
vendor specific optional field, or a pre-defined optional field.  As 
Anders says, not the best way to quickly process.

I also saw Anders' proposal for inserting a new 1-byte field in the 
Optional Fields container.  Using a full byte for two options just seems 
wasteful to me, but that's probably just me.  :-)  A good option for that 
is to tell the IANA that the field currently has two options ("s" and "v") 
but may be expanded at a later time.  In SSH we usually carved out three 
options: standard, vendor, and experimental.  For experimental, we said 
that if you come up with something new and want others to try it out 
(without having to use a single PEN [sort'a]) then have everone agree upon 
a value in the experimental range.  See the last bullet in section 5.1 of 
RFC 4254 for an example.

Regards,
Chris

On Tue, 15 Mar 2011, Gonzalo Salgueiro wrote:

> Anders -
>
> You are absolutely right, I did misunderstand your point the first time around. I thought you were saying '001' was the Vendor-ID, when in fact you were saying that "0001,FFFF,@<PEN>" is the Vendor-ID. Since the name in front of the '@' is only restricted in the following way:
>
> - MUST be printable US-ASCII strings
> - MUST NOT contain an at-sign ('@', ABNF %d64), an equal-sign ('=', ABNF %d61), a closing brace (']', ABNF %d93), a quote-character ('"', ABNF %d34), whitespace, or control characters.
>
> it indeed means your example is a valid Vendor-ID and could cause confusion. While this would be very unlikely to happen in practice [I can't imagine an implementer intentionally doing this], it is undesired. I think this fact makes your original proposal that much more elegant than the existing one.
>
> Regards,
>
> Gonzalo
>
>
> On Mar 15, 2011, at 10:38 AM, Anders Nygren wrote:
>
>> On Tue, Mar 15, 2011 at 12:19 AM, Gonzalo Salgueiro <gsalguei@cisco.com> wrote:
>>> Thanks for raising your concerns Anders.
>>> As you know, this draft was just published today and its principal intent
>>> was to formulate an initial solution for SIP CLF extensibility.
>>> A little history:
>>> The current proposal for Vendor-specific extensions using a Syslog-like
>>> approach (i.e. name@<private enterprise number>) was something proposed over
>>> email and decided at the last SIPCLF Interim meeting in January. So this
>>> really is a first pass at implementing vendor-specificied optional fields.
>>> That said, I'll comment inline to your points
>>>
>>> On Mar 14, 2011, at 10:53 PM, Anders Nygren wrote:
>>>
>>> Hi
>>> I must say that I really dislike the proposed format for vendor specific
>>> fields.
>>> Having a variable length "tag" before the length field means that it
>>> is necessary
>>> to scan the tag looking for the ',' just to find the length field.
>>>
>>> You make a valid point. I'd like others to weigh in here and comment on
>>> whether they think this is a serious performance limitation. I'll propose
>>> this as a discussion point for the upcoming meeting in Prague. The reason
>>> for the variable length tag is that it is based on the SD-ID format from
>>> Syslog, which is variable in length (i.e. the unrestricted name before the
>>> '@').  I think using a Vendor-ID based on a PEN is common sense, so I'd like
>>> to stick with that if possible. We could decide on a fixed length name (or
>>> number to parallel the tag from the Pre-Defined Optional Fields) followed by
>>> four byte PEN.
>>>
>>> There is no simple way to tell he difference between a sip-clf
>>> optional field and
>>> a vendor specific optional field. So it will always be necessary to scan the
>>> record looking for the ',' .
>>> Actually looking at RFC 5424 ch 4.3.2 it looks like this would be a legal
>>> ID, "0001,FFFF,@12345" which would be difficult to differentiate from a
>>> standard optional field without a lot of work.
>>>
>>> Remember that that this draft restricts the scope of the syntax to the 2nd
>>> format definition of SD-IDs in RFC5424. Thus, the above wouldn't be a legal
>>> vendor-specified optional field since "0001" doesn't contain an '@', which
>>> is mandatory for a Vendor-ID as defined in the draft. So there should be no
>>> confusion there as the Vendor-ID from the vendor-specified optional fields
>>> and the Tag from the pre-defined optional fields can never be the same.
>>>
>>
>> I think that You did not understand the point I was trying to make.
>> As I understand the specification in the 2nd format definition of SD-IDs in
>> RFC5424, comma "," is allowed in the name part. So
>> "0001,FFFF,@<Vendor-ID>" would be a legal tag, that would be very difficult to
>> differentiate from a standard optional field with tag="0001", length="FFFF" and
>> a value starting with "@<Vendor-ID>"
>>
>>> I think a better way to do this would be similar to diameter RFC3588, ch
>>> 4.1.
>>> Then we could have just one format for standard optional fields and vendor
>>> specific fields
>>>
>>> byte 1  0x09
>>> byte 2-5 Tag (Hex)
>>> byte 6-9 VendorId
>>> byte 10 0x2C
>>> byte 11-14 Length (Hex)
>>> byte 15 0x2C
>>> byte 16-.. Value (variable length)
>>>
>>> Where VendorId is the IANA assigned "SMI Network Management Private
>>> Enterprise Codes"  [ASSIGNNO] value.
>>> VendorId=0 is used a for the standard optional fields defined in SIP-CLF.
>>>
>>> I know that PEN = 0 is a Reserved value and if it is confirmed that it can
>>> be used in this way (as apparently DIAMETER did), then I think this proposal
>>> is very reasonable. This unifies both optional field types into a single
>>> seamless representation. I'll let others, like Chris Lonvick, more
>>> knowledgeable than I weigh in on this as well to confirm my thoughts.
>>> Regards,
>>> Gonzalo
>>>
>>> /Anders
>>> _______________________________________________
>>> sip-clf mailing list
>>> sip-clf@ietf.org
>>> https://www.ietf.org/mailman/listinfo/sip-clf
>>>
>>>
>
>

v2.23.0 | Report a Bug | By Email