Ladder Diagrams » History » Revision 5
Revision 4 (laforge, 03/03/2022 08:59 PM) → Revision 5/8 (laforge, 03/10/2022 09:34 AM)
h1. Ladder Diagrams
Some ladder diagrams about the proposed OCTOI protocol.
h2. Initial connection setup
Note: we might want to do something for DoS mitigation at the very initial step?
{{mscgen_link()
msc {
hscale=2;
client [label="Client"], server [label="Server (main port)"], worker [label="Server (worker port)"], hlr [label="HLR (database)"];
|||;
--- [label="Initial connection attempt from client to well-known server/port"];
|||;
client => server [label="HELLO_REQ (user_id)"];
server <=> hlr [label="Obtain auth vectors"];
client <= server [label="AUTH_REQ (rand, autn)"];
client => server [label="AUTH_RESP (res)"];
server box server [label="Verify res == xres?"];
server => worker [label="Create worker socket"];
server note server [label="Server accepts client + redirects to worker IP+Port"];
client <= server [label="HELLO_ACK (worker IP:Port, token)"];
...;
client => worker [label="HELLO_REQ (user_id, token)"];
worker box worker [label="Verify user_id + token"];
client <= worker [label="HELLO_ACK"];
...;
client <=> worker [label="TDMoIP"];
...;
}
}}
Both sides operate timeouts, if those occur, the entire procedure is aborted.
h2. subsequent re-authentication
{{mscgen_link()
msc {
hscale=2;
client [label="Client"], server [label="Server (main port)"], worker [label="Server (worker port)"], hlr [label="HLR (database)"];
|||;
--- [label="At any later point in time, whenever the server wants"];
worker <=> hlr [label="Obtain auth vectors"];
client <= worker [label="AUTH_REQ (rand, autn)"];
client => worker [label="AUTH_RESP (res)"];
worker box worker [label="Verify res == xres?"];
}
}}
If there is no response to the AUTH_REQ within a timeout, up to three re-transmissions are attempted, before declaring the link as dead.
h2. dead peer detection
Procedure operates on on both sides:
* Every time a packet is received, a timer is re-started. If the timer expires, the link is declared dead, and no further TDMoIP packets are transmitted.
** On the server side, a dead link means the worker port is closed.
** On the client side, a dead link means the client needs to start like in an initial connection attempt by contacting the well-known server port with a HELLO_REQ.
