Ladder Diagrams » History » Version 4
laforge, 03/03/2022 08:59 PM
1 | 1 | laforge | h1. Ladder Diagrams |
---|---|---|---|
2 | |||
3 | 3 | laforge | h2. Initial connection setup |
4 | |||
5 | 4 | laforge | Note: we might want to do something for DoS mitigation at the very initial step? |
6 | |||
7 | 1 | laforge | {{mscgen_link() |
8 | msc { |
||
9 | hscale=2; |
||
10 | client [label="Client"], server [label="Server (main port)"], worker [label="Server (worker port)"], hlr [label="HLR (database)"]; |
||
11 | |||; |
||
12 | --- [label="Initial connection attempt from client to well-known server/port"]; |
||
13 | |||; |
||
14 | client => server [label="HELLO_REQ (user_id)"]; |
||
15 | server <=> hlr [label="Obtain auth vectors"]; |
||
16 | client <= server [label="AUTH_REQ (rand, autn)"]; |
||
17 | client => server [label="AUTH_RESP (res)"]; |
||
18 | server box server [label="Verify res == xres?"]; |
||
19 | server => worker [label="Create worker socket"]; |
||
20 | server note server [label="Server accepts client + redirects to worker IP+Port"]; |
||
21 | client <= server [label="HELLO_ACK (worker IP:Port, token)"]; |
||
22 | ...; |
||
23 | client => worker [label="HELLO_REQ (user_id, token)"]; |
||
24 | worker box worker [label="Verify user_id + token"]; |
||
25 | client <= worker [label="HELLO_ACK"]; |
||
26 | ...; |
||
27 | client <=> worker [label="TDMoIP"]; |
||
28 | 2 | laforge | ...; |
29 | 3 | laforge | } |
30 | }} |
||
31 | |||
32 | 4 | laforge | Both sides operate timeouts, if those occur, the entire procedure is aborted. |
33 | |||
34 | 3 | laforge | h2. subsequent re-authentication |
35 | |||
36 | {{mscgen_link() |
||
37 | msc { |
||
38 | hscale=2; |
||
39 | client [label="Client"], server [label="Server (main port)"], worker [label="Server (worker port)"], hlr [label="HLR (database)"]; |
||
40 | |||; |
||
41 | 2 | laforge | --- [label="At any later point in time, whenever the server wants"]; |
42 | worker <=> hlr [label="Obtain auth vectors"]; |
||
43 | client <= worker [label="AUTH_REQ (rand, autn)"]; |
||
44 | client => worker [label="AUTH_RESP (res)"]; |
||
45 | 1 | laforge | worker box worker [label="Verify res == xres?"]; |
46 | } |
||
47 | }} |
||
48 | 4 | laforge | |
49 | If there is no response to the AUTH_REQ within a timeout, up to three re-transmissions are attempted, before declaring the link as dead. |
||
50 | |||
51 | h2. dead peer detection |
||
52 | |||
53 | Procedure operates on on both sides: |
||
54 | |||
55 | * Every time a packet is received, a timer is re-started. If the timer expires, the link is declared dead, and no further TDMoIP packets are transmitted. |
||
56 | ** On the server side, a dead link means the worker port is closed. |
||
57 | ** On the client side, a dead link means the client needs to start like in an initial connection attempt by contacting the well-known server port with a HELLO_REQ. |