Ladder Diagrams » History » Version 6
laforge, 03/19/2022 11:22 AM
1 | 1 | laforge | h1. Ladder Diagrams |
---|---|---|---|
2 | |||
3 | 5 | laforge | Some ladder diagrams about the proposed OCTOI protocol. |
4 | |||
5 | 3 | laforge | h2. Initial connection setup |
6 | |||
7 | 4 | laforge | Note: we might want to do something for DoS mitigation at the very initial step? |
8 | |||
9 | 1 | laforge | {{mscgen_link() |
10 | msc { |
||
11 | hscale=2; |
||
12 | client [label="Client"], server [label="Server (main port)"], worker [label="Server (worker port)"], hlr [label="HLR (database)"]; |
||
13 | |||; |
||
14 | --- [label="Initial connection attempt from client to well-known server/port"]; |
||
15 | |||; |
||
16 | 6 | laforge | client => server [label="SERVICE_REQ (user_id)"]; |
17 | 1 | laforge | server <=> hlr [label="Obtain auth vectors"]; |
18 | client <= server [label="AUTH_REQ (rand, autn)"]; |
||
19 | client => server [label="AUTH_RESP (res)"]; |
||
20 | server box server [label="Verify res == xres?"]; |
||
21 | server => worker [label="Create worker socket"]; |
||
22 | server note server [label="Server accepts client + redirects to worker IP+Port"]; |
||
23 | 6 | laforge | client <= server [label="REDIR_CMD (worker IP:Port, token)"]; |
24 | 1 | laforge | ...; |
25 | 6 | laforge | client => worker [label="SERVICE_REQ (user_id, token)"]; |
26 | worker box worker [label="Verify user_id + token, or\nperform AUTH_REQ/AUTH_CMD again"]; |
||
27 | client <= worker [label="SERVICE_ACK"]; |
||
28 | 1 | laforge | ...; |
29 | client <=> worker [label="TDMoIP"]; |
||
30 | 2 | laforge | ...; |
31 | 3 | laforge | } |
32 | }} |
||
33 | |||
34 | 4 | laforge | Both sides operate timeouts, if those occur, the entire procedure is aborted. |
35 | |||
36 | 3 | laforge | h2. subsequent re-authentication |
37 | |||
38 | {{mscgen_link() |
||
39 | msc { |
||
40 | hscale=2; |
||
41 | client [label="Client"], server [label="Server (main port)"], worker [label="Server (worker port)"], hlr [label="HLR (database)"]; |
||
42 | |||; |
||
43 | 2 | laforge | --- [label="At any later point in time, whenever the server wants"]; |
44 | worker <=> hlr [label="Obtain auth vectors"]; |
||
45 | client <= worker [label="AUTH_REQ (rand, autn)"]; |
||
46 | client => worker [label="AUTH_RESP (res)"]; |
||
47 | 1 | laforge | worker box worker [label="Verify res == xres?"]; |
48 | } |
||
49 | }} |
||
50 | 4 | laforge | |
51 | If there is no response to the AUTH_REQ within a timeout, up to three re-transmissions are attempted, before declaring the link as dead. |
||
52 | |||
53 | h2. dead peer detection |
||
54 | |||
55 | Procedure operates on on both sides: |
||
56 | |||
57 | * Every time a packet is received, a timer is re-started. If the timer expires, the link is declared dead, and no further TDMoIP packets are transmitted. |
||
58 | ** On the server side, a dead link means the worker port is closed. |
||
59 | ** On the client side, a dead link means the client needs to start like in an initial connection attempt by contacting the well-known server port with a HELLO_REQ. |