IETF Logo Mail Archive

Re: [sip-clf] draft-ietf-sipclf-format-01, Flag field

Peter Musgrave <peter.musgrave@magorcorp.com> Tue, 15 March 2011 20:56 UTC

Return-Path: <peter.musgrave@magorcorp.com>
X-Original-To: sip-clf@core3.amsl.com
Delivered-To: sip-clf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A35763A6B45 for <sip-clf@core3.amsl.com>; Tue, 15 Mar 2011 13:56:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.599
X-Spam-Level:
X-Spam-Status: No, score=-104.599 tagged_above=-999 required=5 tests=[AWL=0.999, BAYES_00=-2.599, GB_I_LETTER=-2, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IWqBYW47Fbn9 for <sip-clf@core3.amsl.com>; Tue, 15 Mar 2011 13:56:08 -0700 (PDT)
Received: from mail-yx0-f172.google.com (mail-yx0-f172.google.com [209.85.213.172]) by core3.amsl.com (Postfix) with ESMTP id 0DDE33A6B44 for <sip-clf@ietf.org>; Tue, 15 Mar 2011 13:56:07 -0700 (PDT)
Received: by yxk30 with SMTP id 30so486523yxk.31 for <sip-clf@ietf.org>; Tue, 15 Mar 2011 13:57:33 -0700 (PDT)
Received: by 10.91.195.22 with SMTP id x22mr515549agp.158.1300222651433; Tue, 15 Mar 2011 13:57:31 -0700 (PDT)
Received: from [192.168.1.119] (cpe-173-170-70-85.tampabay.res.rr.com [173.170.70.85]) by mx.google.com with ESMTPS id r8sm220938ane.19.2011.03.15.13.57.29 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 15 Mar 2011 13:57:30 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1082)
Content-Type: multipart/alternative; boundary="Apple-Mail-11--207099518"
From: Peter Musgrave <peter.musgrave@magorcorp.com>
In-Reply-To: <4CDB9960-FC4E-4197-AB64-C708BBE27D80@cisco.com>
Date: Tue, 15 Mar 2011 16:57:27 -0400
Message-Id: <33E31883-E842-46C6-A849-748452FDED3A@magorcorp.com>
References: <AANLkTinaDKurSgbz3m5A2GV0k-zf21VAsRJzZXKTfH26@mail.gmail.com> <C664DEB6-88D5-44F1-88BC-C9FC123D72FE@cisco.com> <AANLkTi=RvWTVaaqBZwY1vEjZHU-smbXr3u-bMxLtSYG5@mail.gmail.com> <4CDB9960-FC4E-4197-AB64-C708BBE27D80@cisco.com>
To: Gonzalo Salgueiro <gsalguei@cisco.com>
X-Mailer: Apple Mail (2.1082)
Cc: "sip-clf@ietf.org Mailing" <sip-clf@ietf.org>
Subject: Re: [sip-clf] draft-ietf-sipclf-format-01, Flag field
X-BeenThere: sip-clf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SIP Common Log File format discussion list <sip-clf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sip-clf>
List-Post: <mailto:sip-clf@ietf.org>
List-Help: <mailto:sip-clf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Mar 2011 20:56:09 -0000

Hi, 

I am a fan of keeping separate things separate. So I agree transport and send/receive would benefit from being untangled (IIRC, I may be the one responsible for entangling them).

The transport field was intended to match the SIP transport protocol - so I think one byte for UDP, TCP, TLS, SCTP is ok. 

I don't see the need to have a separate security field (since we already have TCP/TLS sharing a byte) - so I would continue in the same vein. It's not a biggie for me - so if others want a secure/not secure byte that would be okay. 

Peter Musgrave
(as individual)

On 2011-03-15, at 3:58 PM, Gonzalo Salgueiro wrote:

> Anders - 
> 
> The notion of adding both SCTP and TLS the flag was brought up on the list back in October and it went unreplied to (far as I can tell). Here is the snippet:
> 
> Although, given that TLS can ride on top of UDP or TCP, we may want to think of a second letter added to "L" to
> denote TLS-over-TCP and TLS-over-UDP (I doubt any implementations are using TLS-over-UDP for signaling only, but given that SCTP is starting
> to appear in kernels, maybe our flags ought to be "u, t, s, lu, lt, ls, U, T, S, LU, LT, LS").
> 
> The fact that this is the second time this has been raised leads me to believe there is a need. I will raise this as a discussion topic in the upcoming meeting Prague.
> 
> Regards,
> 
> Gonzalo
> 
> 
> On Mar 15, 2011, at 3:13 PM, Anders Nygren wrote:
> 
>> On Tue, Mar 15, 2011 at 12:38 PM, Gonzalo Salgueiro <gsalguei@cisco.com> wrote:
>>> 
>>> On Mar 15, 2011, at 1:49 PM, Anders Nygren wrote:
>>> 
>>> Hi
>>> I will start writing one email for each issue in order to make it
>>> easier to track the different discussions.
>>> 
>>> Thanks. That should help.
>>> 
>>> I would like to propose that the Flag Field is moved from the
>>> <IndexPointers> to <MandatoryFields>. That way the <IndexPointers>
>>> will be pure metadata that can be ignored if wanted and all interesting
>>> data about the message is in the second line of the record.
>>> 
>>> I have no real preference on this one. I'll let others weigh in with their
>>> thoughts.
>>> 
>>> Also I think it would be good to change the Sent/Received flag from
>>> 
>>> Sent/Received flag
>>> 
>>>         u = received UDP mesage
>>>         t = received TCP mesage
>>>         l = received TLS mesage
>>>         U = sent UDP mesage
>>>         T = sent TCP mesage
>>>         L = sent TLS mesage
>>> 
>>> To
>>> Sent/Received flag [1 byte]
>>>         r = received message
>>>         s = sent message
>>> 
>>> And add
>>> Protocol [1 byte]
>>>         u = UDP
>>>         t = TCP
>>>         l = TLS
>>> 
>>> Since the proposed CLF already requires quite a lot of space there is
>>> little reason to
>>> try to pack different parameters into the same byte.
>>> 
>>> This is what was proposed early on, but the group decided on consolidating
>>> the two. I'm not violently opposed or in favor of either, but I don't see
>>> any real benefit to separating the two out since all permutations are
>>> covered in a single easy byte.
>> 
>> It is not a big deal but for instance if You want to find all sent messages it
>> is 3 tests instead of one for each record, (and if we add SCTP, see below),
>> then it would be 4. And when searching for all messages on a specific protocol
>> it is 2 tests instead of one.
>> 
>> A quick check found RFC 4168, "The Stream Control Transmission
>> Protocol (SCTP) as a Transport for the Session Initiation Protocol
>> (SIP)"
>> 
>> So maybe SCTP should be added as a protocol. I do not know if there is something
>> similar to TLS over SCTP, but I suspect things may get messy with a lot of
>> permutations in the future.
>> 
>> So maybe we should consider 3 parameters
>> send/receive    sent, received
>> protocol           tcp, udp, sctp
>> secure             encrypted, plain text
>> 
>> /Anders
>> 
>>> Regards,
>>> Gonzalo
>>> 
>>> /Anders
>>> _______________________________________________
>>> sip-clf mailing list
>>> sip-clf@ietf.org
>>> https://www.ietf.org/mailman/listinfo/sip-clf
>>> 
>>> 
> 
> _______________________________________________
> sip-clf mailing list
> sip-clf@ietf.org
> https://www.ietf.org/mailman/listinfo/sip-clf

v2.23.0 | Report a Bug | By Email