RE: [Syslog] delineated datagrams
Balazs Scheidler <bazsi@balabit.hu> Sun, 06 August 2006 11:20 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1G9ggW-0008Dl-7T; Sun, 06 Aug 2006 07:20:44 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G9ggV-0008Cr-HL for syslog@ietf.org; Sun, 06 Aug 2006 07:20:43 -0400
Received: from balabit.hu ([82.141.167.23]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G9ggT-0001Xj-Qi for syslog@ietf.org; Sun, 06 Aug 2006 07:20:43 -0400
Subject: RE: [Syslog] delineated datagrams
From: Balazs Scheidler <bazsi@balabit.hu>
To: David Harrington <ietfdbh@comcast.net>
In-Reply-To: <049a01c6b7ef$b42a36d0$0400a8c0@china.huawei.com>
References: <049a01c6b7ef$b42a36d0$0400a8c0@china.huawei.com>
Content-Type: text/plain
Date: Sun, 06 Aug 2006 13:20:38 +0200
Message-Id: <1154863238.5782.20.camel@bzorp.balabit>
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: b280b4db656c3ca28dd62e5e0b03daa8
Cc: syslog@ietf.org, 'Tom Petch' <nwnetworks@dial.pipex.com>
X-BeenThere: syslog@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Security Issues in Network Event Logging <syslog.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/syslog>
List-Post: <mailto:syslog@lists.ietf.org>
List-Help: <mailto:syslog-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@lists.ietf.org?subject=subscribe>
Errors-To: syslog-bounces@lists.ietf.org
On Fri, 2006-08-04 at 13:59 -0400, David Harrington wrote: > Hi, > > As you probably know by now, I like to see design reuse across IETF NM > solutions, especially across SNMP, syslog, ipfix, and netconf where > feasible. > > As all the IETF NM protocols move toward similar secure transport > solutions, including moving from datagrams to streams, it would be a > good thing to use consistent aproaches to framing. > > Here is what is happening in the other IETF NM protocols: > > SNMPv1/v2c/v3 uses octet-counting within its BER encoded messages. > For SNMP over TCP (RFC3430): > It is possible that the underlying TCP implementation delivers byte > sequences that do not align with SNMP message boundaries. A > receiving SNMP engine MUST therefore use the length field in the > BER-encoded SNMP message to separate multiple requests sent over a > single TCP connection (framing). An SNMP engine which looses > framing > (for example due to ASN.1 parse errors) SHOULD close the TCP > connection. > > SNMP over SSH (ISMS) does not specify how to delineate datagrams, > beyond the BER octet-counting. > (As editor of the SNMP/SSH draft, I will probably copy the text from > RFC3430.) > > IPFIX uses octet-counting. See > http://www.ietf.org/internet-drafts/draft-ietf-ipfix-protocol-22.txt > section 3.1. > > The NETCONF protocol uses an RPC-based communication model. > From > http://www.ietf.org/internet-drafts/draft-ietf-netconf-prot-12.txt: > NETCONF peers use <rpc> and <rpc-reply> elements to provide > transport > protocol-independent framing of NETCONF requests and responses. > There is ongoing discussion about the framing in the netconf > notification protocol, and the possibility of interleaving > notifications and request/responses within a session or channel. I see a significant difference between syslog and and SNMP, SNMP is binary and has an internal structure with no appearent record terminator. IPFIX is again different to syslog, it has a well defined binary structure, adding a "byte counter" is a natural extension of the protocol. Netconf as I see from your description started out with a stream based transport from the first place (and by browsing the RFC quickly) In this sence Netconf has the most similarities to syslog, it has a text-based internal structure (XML) and no byte-counter based framing, the closing XML tag finishes the transaction. Syslog also has a text based internal structure (one syslog entry), terminated via NL. Adding a byte counter feels somewhat alien. I agreed with Rainer about byte-counters when he proposed that, I did it for the sake of moving forward. Dropping the byte counter idea and adding simple extensions to the message format (trying to stay compatible as much as possible) could buy us very easy migration to the new protocol. In fact this would mean that currently deployed existing syslog/tls implementations would be compliant. I read through the BEEP based syslog protocols and I liked some of the features it'd provide (see the mailing list archives), however I don't like that syslog/COOKED is not simply a syslog transport, but a format spec as well. After specifying syslog-transport-tls we might continue working on a BEEP based transport but strictly adhering to the current syslog message model (e.g. skipping the XML message representation which has no benefits over SD-IDs but is a lot more verbose). -- Bazsi _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog
- [Syslog] draft-ietf-syslog-transport-tls-01.txt David B Harrington
- RE: [Syslog] draft-ietf-syslog-transport-tls-01.t… Rainer Gerhards
- Re: [Syslog] stream transport was draft-ietf-sysl… Tom Petch
- Re: [Syslog] ciphersuites was draft-ietf-syslog-t… Tom Petch
- RE: [Syslog] ciphersuites was draft-ietf-syslog-t… Miao Fuyou
- RE: [Syslog] stream transport wasdraft-ietf-syslo… Miao Fuyou
- Re: [Syslog] stream transport wasdraft-ietf-syslo… Darren J Moffat
- RE: [Syslog] stream transportwasdraft-ietf-syslog… Rainer Gerhards
- Re: [Syslog] delineated datagrams was draft-ietf-… Tom Petch
- [Syslog] stream transport David Harrington
- RE: [Syslog] delineated datagrams wasdraft-ietf-s… Miao Fuyou
- RE: [Syslog] delineated datagramswasdraft-ietf-sy… Rainer Gerhards
- RE: [Syslog] delineated datagrams Miao Fuyou
- RE: [Syslog] delineated datagrams Chris Lonvick
- RE: [Syslog] delineated datagrams Rainer Gerhards
- RE: [Syslog] delineated datagrams David Harrington
- RE: [Syslog] delineated datagrams Balazs Scheidler
- RE: [Syslog] delineated datagrams John Calcote
- RE: [Syslog] delineated datagrams Balazs Scheidler
- RE: [Syslog] delineated datagrams John Calcote
- RE: [Syslog] delineated datagrams Rainer Gerhards
- RE: [Syslog] delineated datagrams Balazs Scheidler
- RE: [Syslog] delineated datagrams Rainer Gerhards
- Re: [Syslog] delineated datagrams Chris Lonvick
- RE: [Syslog] delineated datagrams Rainer Gerhards
- RE: [Syslog] delineated datagrams David Harrington