Re: [sip-clf] draft-ietf-sipclf-format-01, Flag field
Peter Musgrave <peter.musgrave@magorcorp.com> Tue, 15 March 2011 20:56 UTC
Return-Path: <peter.musgrave@magorcorp.com>
X-Original-To: sip-clf@core3.amsl.com
Delivered-To: sip-clf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A35763A6B45 for <sip-clf@core3.amsl.com>; Tue, 15 Mar 2011 13:56:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.599
X-Spam-Level:
X-Spam-Status: No, score=-104.599 tagged_above=-999 required=5 tests=[AWL=0.999, BAYES_00=-2.599, GB_I_LETTER=-2, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IWqBYW47Fbn9 for <sip-clf@core3.amsl.com>; Tue, 15 Mar 2011 13:56:08 -0700 (PDT)
Received: from mail-yx0-f172.google.com (mail-yx0-f172.google.com [209.85.213.172]) by core3.amsl.com (Postfix) with ESMTP id 0DDE33A6B44 for <sip-clf@ietf.org>; Tue, 15 Mar 2011 13:56:07 -0700 (PDT)
Received: by yxk30 with SMTP id 30so486523yxk.31 for <sip-clf@ietf.org>; Tue, 15 Mar 2011 13:57:33 -0700 (PDT)
Received: by 10.91.195.22 with SMTP id x22mr515549agp.158.1300222651433; Tue, 15 Mar 2011 13:57:31 -0700 (PDT)
Received: from [192.168.1.119] (cpe-173-170-70-85.tampabay.res.rr.com [173.170.70.85]) by mx.google.com with ESMTPS id r8sm220938ane.19.2011.03.15.13.57.29 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 15 Mar 2011 13:57:30 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1082)
Content-Type: multipart/alternative; boundary="Apple-Mail-11--207099518"
From: Peter Musgrave <peter.musgrave@magorcorp.com>
In-Reply-To: <4CDB9960-FC4E-4197-AB64-C708BBE27D80@cisco.com>
Date: Tue, 15 Mar 2011 16:57:27 -0400
Message-Id: <33E31883-E842-46C6-A849-748452FDED3A@magorcorp.com>
References: <AANLkTinaDKurSgbz3m5A2GV0k-zf21VAsRJzZXKTfH26@mail.gmail.com> <C664DEB6-88D5-44F1-88BC-C9FC123D72FE@cisco.com> <AANLkTi=RvWTVaaqBZwY1vEjZHU-smbXr3u-bMxLtSYG5@mail.gmail.com> <4CDB9960-FC4E-4197-AB64-C708BBE27D80@cisco.com>
To: Gonzalo Salgueiro <gsalguei@cisco.com>
X-Mailer: Apple Mail (2.1082)
Cc: "sip-clf@ietf.org Mailing" <sip-clf@ietf.org>
Subject: Re: [sip-clf] draft-ietf-sipclf-format-01, Flag field
X-BeenThere: sip-clf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SIP Common Log File format discussion list <sip-clf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sip-clf>
List-Post: <mailto:sip-clf@ietf.org>
List-Help: <mailto:sip-clf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Mar 2011 20:56:09 -0000
Hi, I am a fan of keeping separate things separate. So I agree transport and send/receive would benefit from being untangled (IIRC, I may be the one responsible for entangling them). The transport field was intended to match the SIP transport protocol - so I think one byte for UDP, TCP, TLS, SCTP is ok. I don't see the need to have a separate security field (since we already have TCP/TLS sharing a byte) - so I would continue in the same vein. It's not a biggie for me - so if others want a secure/not secure byte that would be okay. Peter Musgrave (as individual) On 2011-03-15, at 3:58 PM, Gonzalo Salgueiro wrote: > Anders - > > The notion of adding both SCTP and TLS the flag was brought up on the list back in October and it went unreplied to (far as I can tell). Here is the snippet: > > Although, given that TLS can ride on top of UDP or TCP, we may want to think of a second letter added to "L" to > denote TLS-over-TCP and TLS-over-UDP (I doubt any implementations are using TLS-over-UDP for signaling only, but given that SCTP is starting > to appear in kernels, maybe our flags ought to be "u, t, s, lu, lt, ls, U, T, S, LU, LT, LS"). > > The fact that this is the second time this has been raised leads me to believe there is a need. I will raise this as a discussion topic in the upcoming meeting Prague. > > Regards, > > Gonzalo > > > On Mar 15, 2011, at 3:13 PM, Anders Nygren wrote: > >> On Tue, Mar 15, 2011 at 12:38 PM, Gonzalo Salgueiro <gsalguei@cisco.com> wrote: >>> >>> On Mar 15, 2011, at 1:49 PM, Anders Nygren wrote: >>> >>> Hi >>> I will start writing one email for each issue in order to make it >>> easier to track the different discussions. >>> >>> Thanks. That should help. >>> >>> I would like to propose that the Flag Field is moved from the >>> <IndexPointers> to <MandatoryFields>. That way the <IndexPointers> >>> will be pure metadata that can be ignored if wanted and all interesting >>> data about the message is in the second line of the record. >>> >>> I have no real preference on this one. I'll let others weigh in with their >>> thoughts. >>> >>> Also I think it would be good to change the Sent/Received flag from >>> >>> Sent/Received flag >>> >>> u = received UDP mesage >>> t = received TCP mesage >>> l = received TLS mesage >>> U = sent UDP mesage >>> T = sent TCP mesage >>> L = sent TLS mesage >>> >>> To >>> Sent/Received flag [1 byte] >>> r = received message >>> s = sent message >>> >>> And add >>> Protocol [1 byte] >>> u = UDP >>> t = TCP >>> l = TLS >>> >>> Since the proposed CLF already requires quite a lot of space there is >>> little reason to >>> try to pack different parameters into the same byte. >>> >>> This is what was proposed early on, but the group decided on consolidating >>> the two. I'm not violently opposed or in favor of either, but I don't see >>> any real benefit to separating the two out since all permutations are >>> covered in a single easy byte. >> >> It is not a big deal but for instance if You want to find all sent messages it >> is 3 tests instead of one for each record, (and if we add SCTP, see below), >> then it would be 4. And when searching for all messages on a specific protocol >> it is 2 tests instead of one. >> >> A quick check found RFC 4168, "The Stream Control Transmission >> Protocol (SCTP) as a Transport for the Session Initiation Protocol >> (SIP)" >> >> So maybe SCTP should be added as a protocol. I do not know if there is something >> similar to TLS over SCTP, but I suspect things may get messy with a lot of >> permutations in the future. >> >> So maybe we should consider 3 parameters >> send/receive sent, received >> protocol tcp, udp, sctp >> secure encrypted, plain text >> >> /Anders >> >>> Regards, >>> Gonzalo >>> >>> /Anders >>> _______________________________________________ >>> sip-clf mailing list >>> sip-clf@ietf.org >>> https://www.ietf.org/mailman/listinfo/sip-clf >>> >>> > > _______________________________________________ > sip-clf mailing list > sip-clf@ietf.org > https://www.ietf.org/mailman/listinfo/sip-clf
- [sip-clf] draft-ietf-sipclf-format-01, Flag field Anders Nygren
- Re: [sip-clf] draft-ietf-sipclf-format-01, Flag f… Gonzalo Salgueiro
- Re: [sip-clf] draft-ietf-sipclf-format-01, Flag f… Anders Nygren
- Re: [sip-clf] draft-ietf-sipclf-format-01, Flag f… Gonzalo Salgueiro
- Re: [sip-clf] draft-ietf-sipclf-format-01, Flag f… Peter Musgrave
- Re: [sip-clf] draft-ietf-sipclf-format-01, Flag f… Gonzalo Salgueiro
- Re: [sip-clf] draft-ietf-sipclf-format-01, Flag f… Anders Nygren
- Re: [sip-clf] draft-ietf-sipclf-format-01, Flag f… Anders Nygren
- Re: [sip-clf] draft-ietf-sipclf-format-01, Flag f… Gonzalo Salgueiro