Network Working Group G. Tsirtsis Internet-Draft G. Giarreta Intended status: Standards Track Qualcomm Expires: November 2, 2009 H. Soliman Elevate Technologies N. Montavont IT/TB May 1, 2009 Definition of Binary Filter Description draft-tsirtsis-mext-binary-filters-00.txt Status of this Memo This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on November 2, 2009. Copyright Notice Copyright (c) 2009 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents in effect on the date of publication of this document (http://trustee.ietf.org/license-info). Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Tsirtsis, et al. Expires November 2, 2009 [Page 1] Internet-Draft Definition of Binary Filter Description May 2009 Abstract This document defines binary formats for IPv4 and IPv6 flow descriptors to be used in conjuction with flow bindings for Mobile IPv6. Table of Contents 1. Requirements notation . . . . . . . . . . . . . . . . . . . . 3 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. Flow Description Sub-Options . . . . . . . . . . . . . . . . . 5 3.1. IPv4 Binary Flow Description . . . . . . . . . . . . . . . 5 3.2. IPv6 Binary Flow Description . . . . . . . . . . . . . . . 8 4. Security Considerations . . . . . . . . . . . . . . . . . . . 11 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 6. Aknowledgements . . . . . . . . . . . . . . . . . . . . . . . 13 7. Normative References . . . . . . . . . . . . . . . . . . . . . 14 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 15 Tsirtsis, et al. Expires November 2, 2009 [Page 2] Internet-Draft Definition of Binary Filter Description May 2009 1. Requirements notation The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. Tsirtsis, et al. Expires November 2, 2009 [Page 3] Internet-Draft Definition of Binary Filter Description May 2009 2. Introduction This document defines binary formats for IPv4 and IPv6 flow description sub-options as defined in [I-D.ietf-mext-flow-binding]. The binary flow descriptors defined here, allow efficient flow identification based on well known field in IPv4, IPv6, and transport layer headers, as well as flexible identification of random fields based on pointers that can identify fields of varied length and location in the IP packet. In that sense, although the format is binary, and thus very efficient in terms of overhead, it is also very flexible. Tsirtsis, et al. Expires November 2, 2009 [Page 4] Internet-Draft Definition of Binary Filter Description May 2009 3. Flow Description Sub-Options [I-D.ietf-mext-flow-binding] defines the format for the Flow description sub-option. The following values of the sub-option Type field, are reserved in this specification for binary flow descriptions TBD IPv4 Binary Flow Description TBD IPv6 Binary Flow Description 3.1. IPv4 Binary Flow Description If the Type field of the Flow Description sub-option indicates an IPv4 Flow then the Filter Descriptor is: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |A|B|C|D|E|F|G|H|I|K|L|R| NxPs | (A)TOS | (B)Protocol | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | (C)Source Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | (D)Destination Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |(E)S. PrefLeng |(F)D. PrefLeng | (G)Source port - Low | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | (H)Source port - High | (I)Dst port - Low | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | (K)Dst port - High | (L)SPI | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | (L)SPI | N number of Pointers ... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 1: IPv4 Filter Descriptor Flags (A-L) Each flag indicates whether the corresponding field is present in the message (A)TOS - Type of Service The TOS field in the data packet as seen by the home agent. (B)Protocol Tsirtsis, et al. Expires November 2, 2009 [Page 5] Internet-Draft Definition of Binary Filter Description May 2009 An 8-bit unsigned integer representing the value of the transport protocol number associated with the port numbers in data packets. (C)Source Address This field identifies the source address of data packets as seen by the home agent that is, the 32-bit IPv4 address of the correspondent node. (D)Destination Address This field identifies the destination address of data packets as seen by the home agent. When included this field must one of the registered home addresses of the mobile node. It is a 32-bit IPv4 address. (E)Source Prefix Length This field includes the prefix length for the source address. This field can only be included if the Source Address field is included. (F)Destination Prefix Length This field includes the prefix length for the destination address. If The Destination Address field is included then it refers to that field. (G)Source Port - Low This field identifies the lowest source port number within a range of port numbers that will be used in data packets, as seen by the home agent. (H)Source Port - High This field identifies the highest source port number within a range of port numbers that will be used in data packets, as seen by the home agent. If a single port is indicated then this field SHOULD NOT be included. If it is included it SHOULD be set to the value of the Source Port - Low field. (I)Destination Port - Low This field identifies the lowest destination port number within a range of port numbers that will be used in data packets as seen by the home agent. Tsirtsis, et al. Expires November 2, 2009 [Page 6] Internet-Draft Definition of Binary Filter Description May 2009 (K)Destination Port - High This field identifies the highest destination port number within a range of port numbers that will be used in data packets as seen by the home agent. If a single port is indicated then this field SHOULD NOT be included. If it is included it SHOULD be set to the value of the Dst Port - Low field. (L)SPI - Security Parameter Index The SPI field in the data packet as seen by the home agent. (R)Reserved Reserved for future use. (NxPs) 'N' Number of Pointers This 3 bit field indicates an integer number identifying 'N' number of pointers included at the end of the flow descriptor. Each pointer has the format shown at Figure 2 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Offset | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Value ... +-+-+-+-+-+-+-+-+-+ Figure 2: Pointer Offset The Offset field identifies an integer number of bytes from the beginning of the IP header. It points to the beginning of the field of interest in the packet. Length The Length field identifies the total length of the Pointer including the Offset, Length and Value fields. Value Tsirtsis, et al. Expires November 2, 2009 [Page 7] Internet-Draft Definition of Binary Filter Description May 2009 The variable length Value field identifies the value to be matched at the point identified by this Pointer. The length if the Value field is the length identified by the Length field minus 3 bytes (for Offset and Length fields). 3.2. IPv6 Binary Flow Description If the Type field of the Flow Identification extension indicates an IPv6 Flow then the Filter Rule Descriptor is: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |A|B|C|D|E|F|G|H|I|K|L|M| NxPs | (A)CS | (B)Protocol | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | | + (C)Source Address + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | | + (D)Destination Address + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |(E)S. PrefLeng |(F)D. PrefLeng | (G)Source port - Low | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | (H)Source port - High | (I)Dst port - Low | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | (K)Dst port - High | (L)SPI | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | (L)SPI | (M)Flow Label | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | (M)Flow Label | 'N' Number of Pointers ... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 3: IPv6 Filter Rule Descriptor Flags (A-M) Tsirtsis, et al. Expires November 2, 2009 [Page 8] Internet-Draft Definition of Binary Filter Description May 2009 Each flag indicates whether the corresponding field is present in the message CS - Class of Service The CS field in the data packet as seen by the home agent. (B)Protocol An 8-bit unsigned integer representing value of the transport protocol number associated with the port numbers in data packets. (C)Source Address This field identifies the source address of data packets as seen by the home agent. That is, the address of the correspondent node and it is a 128-bit IPv6 address. (D)Destination Address This field identifies the destination address of the data packet as seen by the home agent. When included this field must be set to either one of the registered home addresses of the mobile node or to an address that falls under one of the mobile's home network prefixes. The value of this fild is 128-bit IPv6 address. (E)Source Prefix Length This field includes the prefix for the source address. This field can only be included if the Source Address field is included . (F)Destination Prefix Length This field includes the prefix for the destination address. If the Destination Address field is included then it refers to that field. (G)Source Port - Low This field identifies the lowest source port number within a range of port numbers that will be used in data packets, as seen by the home agent. (H)Source Port - High This field identifies the highest source port number within a range of port numbers that will be used in data packets, as seen by the home agent. If a single port is indicated then this field Tsirtsis, et al. Expires November 2, 2009 [Page 9] Internet-Draft Definition of Binary Filter Description May 2009 SHOULD NOT be included. If it is included it SHOULD be set to the value of the Source Port - Low field. (I)Destination Port - Low This field identifies the lowest destination port number within a range of port numbers that will be used in data packets as seen by the home agent. (K)Destination Port - High This field identifies the highest destination port number within a range of port numbers that will be used in data packets as seen by the home agent. If a single port is indicated then this field SHOULD NOT be included. If it is included it SHOULD be set to the value of the Dst Port - Low field. (L)SPI - Security Parameter Index The SPI field in the data packet as seen by the home agent. (M)Flow Label The Flow Label field in the data packet as seen by the home agent. (NxPs) 'N' Number of Pointers This 3 bit field indicates an integer number identifying 'N' number of pointers included at the end of the flow descriptor. Each pointer has the format shown at Figure 2 Tsirtsis, et al. Expires November 2, 2009 [Page 10] Internet-Draft Definition of Binary Filter Description May 2009 4. Security Considerations This draft simply defines a format for a flow descriptor. This foramt is to be used as part of a flow description sub-option defined in the flow bindings [I-D.ietf-mext-flow-binding]. The authors have not identified any security concenrs pertaining to this draft beyond what is already identified in [I-D.ietf-mext-flow-binding]. Tsirtsis, et al. Expires November 2, 2009 [Page 11] Internet-Draft Definition of Binary Filter Description May 2009 5. IANA Considerations TBD Tsirtsis, et al. Expires November 2, 2009 [Page 12] Internet-Draft Definition of Binary Filter Description May 2009 6. Aknowledgements TBD Tsirtsis, et al. Expires November 2, 2009 [Page 13] Internet-Draft Definition of Binary Filter Description May 2009 7. Normative References [I-D.ietf-mext-flow-binding] Soliman, H., Montavont, N., Fikouras, N., and K. Kuladinithi, "Flow Bindings in Mobile IPv6 and Nemo Basic Support", draft-ietf-mext-flow-binding-01 (work in progress), February 2009. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. Tsirtsis, et al. Expires November 2, 2009 [Page 14] Internet-Draft Definition of Binary Filter Description May 2009 Authors' Addresses George Tsirtsis Qualcomm Email: tsirtsis@gmail.com Gerardo Giarreta Qualcomm Email: gerardog@qualcomm.com Hesham Soliman Elevate Technologies Email: hesham@elevatemobile.com Nicolas Montavont Institut Telecom / Telecom Bretagne 2, rue de la chataigneraie Cesson Sevigne 35576 France Phone: (+33) 2 99 12 70 23 Email: nicolas.montavont@telecom-bretagne.eu URI: http://www.rennes.enst-bretagne.fr/~nmontavo// Tsirtsis, et al. Expires November 2, 2009 [Page 15]