IETF Logo Mail Archive

Re: [sip-clf] draft-ietf-sipclf-format-01, Flag field

Anders Nygren <anders.nygren@gmail.com> Wed, 16 March 2011 16:15 UTC

Return-Path: <anders.nygren@gmail.com>
X-Original-To: sip-clf@core3.amsl.com
Delivered-To: sip-clf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D35D73A69C7 for <sip-clf@core3.amsl.com>; Wed, 16 Mar 2011 09:15:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.499
X-Spam-Level:
X-Spam-Status: No, score=-3.499 tagged_above=-999 required=5 tests=[AWL=0.100, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W-knyzsDx6HV for <sip-clf@core3.amsl.com>; Wed, 16 Mar 2011 09:15:32 -0700 (PDT)
Received: from mail-ww0-f44.google.com (mail-ww0-f44.google.com [74.125.82.44]) by core3.amsl.com (Postfix) with ESMTP id B27073A69AD for <sip-clf@ietf.org>; Wed, 16 Mar 2011 09:15:31 -0700 (PDT)
Received: by wwa36 with SMTP id 36so1556041wwa.13 for <sip-clf@ietf.org>; Wed, 16 Mar 2011 09:16:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=qOhuPyjmsbBn+6AWSj8SbAxBADb9vQzKhZJFWSJR12o=; b=SQNm+HXoTLfpedBeHTX2R9lWwKXGdN/nG0gt20fJiuHBCwEQQU7DDRObuX+ZRJp5Yd ocP0c3MxGJI/MN1jMbUPeQvUGI23NIiUSnTRp4xM35/A/pqulebbG9ZDOuAJ2hNTphbu qxaveRXz6BBVrrTaJXCuQCIyJvnaoWFztszJg=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=P0hpquCeSEhivEsW4SbXmKp7TnZsvfYqMjWTFhgQjlmIYU9LxKwcacjcFZ16a1iRni GDC0QxxF2gle3Pf8wy1Y94eJhoY5a7ONaWhO04CWVg8A2h71/5cvDnmA1klaAx4A1I05 hvlMAFUahjvHXAT8spn4YZxRIlrB/hW/PY0jE=
MIME-Version: 1.0
Received: by 10.216.145.90 with SMTP id o68mr270541wej.77.1300292217780; Wed, 16 Mar 2011 09:16:57 -0700 (PDT)
Received: by 10.216.25.17 with HTTP; Wed, 16 Mar 2011 09:16:57 -0700 (PDT)
In-Reply-To: <C664DEB6-88D5-44F1-88BC-C9FC123D72FE@cisco.com>
References: <AANLkTinaDKurSgbz3m5A2GV0k-zf21VAsRJzZXKTfH26@mail.gmail.com> <C664DEB6-88D5-44F1-88BC-C9FC123D72FE@cisco.com>
Date: Wed, 16 Mar 2011 10:16:57 -0600
Message-ID: <AANLkTinbpTkkYQrA7hQnvCULq2Hud-N6Pd3Du0Gh-4yB@mail.gmail.com>
From: Anders Nygren <anders.nygren@gmail.com>
To: Gonzalo Salgueiro <gsalguei@cisco.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: "sip-clf@ietf.org Mailing" <sip-clf@ietf.org>
Subject: Re: [sip-clf] draft-ietf-sipclf-format-01, Flag field
X-BeenThere: sip-clf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SIP Common Log File format discussion list <sip-clf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sip-clf>
List-Post: <mailto:sip-clf@ietf.org>
List-Help: <mailto:sip-clf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Mar 2011 16:15:32 -0000

On Tue, Mar 15, 2011 at 12:38 PM, Gonzalo Salgueiro <gsalguei@cisco.com> wrote:
>
> On Mar 15, 2011, at 1:49 PM, Anders Nygren wrote:
>
> Hi
> I will start writing one email for each issue in order to make it
> easier to track the different discussions.
>
> Thanks. That should help.
>
> I would like to propose that the Flag Field is moved from the
> <IndexPointers> to <MandatoryFields>. That way the <IndexPointers>
> will be pure metadata that can be ignored if wanted and all interesting
> data about the message is in the second line of the record.
>
> I have no real preference on this one. I'll let others weigh in with their
> thoughts.
>

Just one more comment on this. In draft-01 ch. 4 it says

  "1.  Index Pointers - The first 64-bytes of this format.  This
      portion is primarily composed of a list of pointers that indicate
      the beginning of both the variable length mandatory and optional
      fields that are logged as part of this record.  These pointers are
      implemented as a mechanism to improve processing of these records
      and to allow a reader to expeditiously skip right to the desired
      field without unnecessarily going through the entire record."

and ch 4.1.  Index Pointers

   "The <IndexPointers> portion of the SIP CLF record (shown in Figure 3)
   is a 64-byte header that indicates meta-data about the record."

And finally ch 6.  Text Tool Considerations

"Index lines may be rapidly discarded by checking the first character
 of the line: index lines will always start with an alphabetical character..."

All these sections together gives the impression that the  <IndexPointers>
portion only contains meta data and can safely ignored if wanted.

So I would prefer that the flags field is moved to the <MandatoryFields>
part. And if not then I think that the descriptions in ch 4, ch 4.1 and ch 6
should be updated.

/Anders

> Also I think it would be good to change the Sent/Received flag from
>
> Sent/Received flag
>
>         u = received UDP mesage
>         t = received TCP mesage
>         l = received TLS mesage
>         U = sent UDP mesage
>         T = sent TCP mesage
>         L = sent TLS mesage
>
> To
> Sent/Received flag [1 byte]
>         r = received message
>         s = sent message
>
> And add
> Protocol [1 byte]
>         u = UDP
>         t = TCP
>         l = TLS
>
> Since the proposed CLF already requires quite a lot of space there is
> little reason to
> try to pack different parameters into the same byte.
>
> This is what was proposed early on, but the group decided on consolidating
> the two. I'm not violently opposed or in favor of either, but I don't see
> any real benefit to separating the two out since all permutations are
> covered in a single easy byte.
> Regards,
> Gonzalo
>
> /Anders
> _______________________________________________
> sip-clf mailing list
> sip-clf@ietf.org
> https://www.ietf.org/mailman/listinfo/sip-clf
>
>

v2.23.0 | Report a Bug | By Email