Comments (5)
It's also good because it doesn't have two ways of saying the same thing, since we'll need to handle 0.0.0.0/32 and ::/128 anyhow. I can try to write that up.
from draft-ietf-masque-connect-ip.
Thanks for filing this @asedeno. I agree that the draft isn't currently clear enough on how to respond to these scenarios. The three options I see are:
- do nothing
- write some text to explain how to use the existing capsule formats to indicate a rejected address request
- add a list of rejected request IDs to the ADDRESS_ASSIGN capsule
Of these I think we really should avoid (1) because that could lead to interoperability issues, but I'm ok with either (2) or (3). I think I prefer (3) because changing the wire format now isn't too high of a cost and I think it'll make the protocol more explicit.
from draft-ietf-masque-connect-ip.
I agree we should do something here. Between (2) and (3), I'm not sure.
We could fairly easily just say that if you include an Assigned Address
with a non-zero Request ID but the assigned address is all zeros with a prefix length of 32 or 128, you're assigning an empty address, which is a rejection. Arguably, client must handle receiving such a capsule response anyway, and treat it as "no address assigned for that request". This is option (2), I think.
If we do something like option (3), we'd have a field in the main ADDRESS_ASSIGN capsule for a list of rejected IDs, which would likely need to have a length in front, so we'd now have a field of at least a byte in all ADDRESS_ASSIGN capsules (even ones with no rejections) to handle the possibility of rejections.
We either have a case where a lot of rejections leads to a somewhat bloated capsule, but the happy cases are nice and concise, or a case that optimizes for lots of rejections and always adds a byte to the happy cases. I personally prefer (2) there, since it only gets ugly if a ton of requests are being made anyhow.
Thoughts @DavidSchinazi ?
from draft-ietf-masque-connect-ip.
I like your proposal @tfpauly, if we add text saying that 0.0.0.0/32 and ::/128 mean "your request was rejected" then we get the explicit property without changing the wire format. That works for me.
from draft-ietf-masque-connect-ip.
I appreciate the added symmetry that comes from giving the zero addresses specific meaning in both requests and assignments, and no wire format changes + no ambiguity is a win. LGTM.
from draft-ietf-masque-connect-ip.
Related Issues (20)
- Proxy capsule handling requirements HOT 4
- ICMP packet location clarification HOT 1
- Missing bits in example HOT 1
- Should there be an ADDRESS_RELEASE capsule? HOT 5
- Editorial: split handling out of HTTP Datagram Payload Format section HOT 2
- Editorial: add a Performance Considerations section HOT 2
- Editorial: in introduction mention why we update RFC 9298
- Text on disabling congestion control HOT 17
- Clarify assumption in ECN considerations
- Mandate usage of HTTPS HOT 2
- Disabling congestion control a SHOULD? HOT 3
- Clarify the conceptual model of router vs link (Tunnel) HOT 5
- Clarify that IPproto is a traffic filter parameter on the outermost IP header that is to be encapsulated by the tunnel HOT 1
- Go through usage of client and server vs IP proxying endpoint HOT 4
- Treating differentiated services equally? HOT 3
- Wording nit found during EDIT phase HOT 1
- AUTH48: Wrong use of HTTP Proxy HOT 5
- AUTH48: Use of Successful response HOT 3
- AUTH48: Use of "Fail the request" HOT 3
- AUTH48: clarify frames per packet HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from draft-ietf-masque-connect-ip.