[Sipping] Re: draft-campen-sipping-stack-loop-detect-00, top route headers and spiraling
Byron Campen <bcampen@estacado.net> Sat, 20 May 2006 16:12 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FhU3h-0006qr-1J; Sat, 20 May 2006 12:12:05 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FhU2s-0006fu-4p for sipping@ietf.org; Sat, 20 May 2006 12:11:14 -0400
Received: from dsl001-129-069.dfw1.dsl.speakeasy.net ([72.1.129.69] helo=vicuna.estacado.net) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FhU2p-0001Kq-CF for sipping@ietf.org; Sat, 20 May 2006 12:11:14 -0400
Received: from [71.159.138.58] (adsl-71-159-138-58.dsl.rcsntx.sbcglobal.net [71.159.138.58]) (authenticated bits=0) by vicuna.estacado.net (8.13.4/8.13.4) with ESMTP id k4KGB3er015846 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NO); Sat, 20 May 2006 11:11:08 -0500 (CDT) (envelope-from bcampen@estacado.net)
In-Reply-To: <002901c67c08$3782a810$31713b51@BEMBUSTER>
References: <002901c67c08$3782a810$31713b51@BEMBUSTER>
Mime-Version: 1.0 (Apple Message framework v750)
X-Priority: 3
Message-Id: <FEDCDCEB-1D7E-48EB-8751-F1461F373F3B@estacado.net>
From: Byron Campen <bcampen@estacado.net>
Date: Sat, 20 May 2006 11:10:53 -0500
To: Jeroen van Bemmel <jbemmel@zonnet.nl>
X-Mailer: Apple Mail (2.750)
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 2a9ffb6f997442a3b543bcdaf483b990
X-Mailman-Approved-At: Sat, 20 May 2006 12:12:03 -0400
Cc: sipping <sipping@ietf.org>
Subject: [Sipping] Re: draft-campen-sipping-stack-loop-detect-00, top route headers and spiraling
X-BeenThere: sipping@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "SIPPING Working Group \(applications of SIP\)" <sipping.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sipping@ietf.org>
List-Help: <mailto:sipping-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1642069652=="
Errors-To: sipping-bounces@ietf.org
In regard to your first question, I had envisioned checking the topmost route header after the route header referring to the proxy was removed. If my wording suggests otherwise, I have erred. In regard to your second question, this problem had occurred to me also, although I did not address the particular variation of the problem where IP address does not have a one-to-one correspondence with proxy. In the case you mention, it would probably be safe to just pick one of the IP addresses being listened on, although if routing behavior differed depending on what address/port a request came in on, an approach like you mention is a likely candidate for solving the problem. As for your last question, yes the stack algorithm will usually detect a loop later than 3261 loop detection, but it is guaranteed to detect before completion of the second iteration of the loop. This is the tradeoff we make with this algorithm. Unfortunately, loop-detection actually doesn't solve the forking- loop exploit detailed in maxforwards-problems. Instead of a maxforwards^m level of amplification(m is the number of proxies involved), we still get well over an m! level of amplification. Robert Sparks worked it out to O(m^m), and I am not surprised (this of course only applies for cases where m < max-forwards). This is an improvement, but is still not acceptable. The only solution put forward so far that seems to adequately reduce the damage caused by the forking loop exploit is the technique detailed in the max-breadth draft. Best regards, Byron Campen > Both draft-campen-sipping-stack-loop-detect-00 and RFC3261 include > the topmost Route header in the calculation of a digest for loop > detection. This will fail in the following scenario involving a UE > and 3 proxies P1,P2,P3: > > UE sends: > INVITE U1 > Route: P1 > > P1 removes Route: P1 and forwards to P2: > INVITE U1 > Route: P2 > > P2 removes Route: P2 and forwards to P3 via P1: > INVITE U1 > Route: P1, P3 > > P1 receives this request and detects a loop (while it shouldn't). > > In other words, the route header that influences the processing is > the topmost Route header *after* removing route headers that point > to the element processing the request. In terms of RFC3261, the > processing step mentioned at the end of section 16.4 should be > performed before section 16.3 point 4. > > Second issue: the loop-detect-draft suggest the use of an IP > address to identify a node. This won't work in case multiple ports > and/or transports are used at a single IP address. Each should be > treated as a different logical instance of a proxy (hence: > suggestion to include the transport and port in the node identifier) > > Final question: do I understand correctly that the stack-based loop > detection algorithm may detect a multi-hop loop later than the > current RFC3261 algorithm? So if I have UE->P1->P2->P3->P1->P2 it > may detect it at P2, not P1? > > Regards, > > Jeroen > >
_______________________________________________ Sipping mailing list https://www1.ietf.org/mailman/listinfo/sipping This list is for NEW development of the application of SIP Use sip-implementors@cs.columbia.edu for questions on current sip Use sip@ietf.org for new developments of core SIP
- [Sipping] draft-campen-sipping-stack-loop-detect-… Jeroen van Bemmel
- [Sipping] Re: draft-campen-sipping-stack-loop-det… Byron Campen
- [Sipping] Re: draft-campen-sipping-stack-loop-det… Jeroen van Bemmel
- [Sipping] Re: draft-campen-sipping-stack-loop-det… Byron Campen