1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
|
<pre>Network Working Group A.B. Roach
Request for Comments: 4077 Estacado Systems
Category: Standards Track May 2005
<span class="h1">A Negative Acknowledgement Mechanism for Signaling Compression</span>
Status of This Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2005).
Abstract
This document describes a mechanism that allows Signaling Compression
(SigComp) implementations to report precise error information upon
receipt of a message which cannot be decompressed. This negative
feedback can be used by the recipient to make fine-grained
adjustments to the compressed message before retransmitting it,
allowing for rapid and efficient recovery from error situations.
<span class="grey">Roach Standards Track [Page 1]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-2" ></span>
<span class="grey"><a href="./rfc4077">RFC 4077</a> SigComp NACK May 2005</span>
Table of Contents
<a href="#section-1">1</a>. Introduction ....................................................<a href="#page-2">2</a>
<a href="#section-1.1">1.1</a>. The Problem ................................................<a href="#page-2">2</a>
<a href="#section-1.1.1">1.1.1</a>. Compartment Disposal ................................<a href="#page-3">3</a>
<a href="#section-1.1.2">1.1.2</a>. Client Restart ......................................<a href="#page-3">3</a>
<a href="#section-1.1.3">1.1.3</a>. Server Failover .....................................<a href="#page-3">3</a>
<a href="#section-1.2">1.2</a>. The Solution ...............................................<a href="#page-4">4</a>
<a href="#section-2">2</a>. Node Behavior ...................................................<a href="#page-4">4</a>
<a href="#section-2.1">2.1</a>. Normal SigComp Message Transmission ........................<a href="#page-4">4</a>
<a href="#section-2.2">2.2</a>. Receiving a "Bad" SigComp Message ..........................<a href="#page-5">5</a>
<a href="#section-2.3">2.3</a>. Receiving a SigComp NACK ...................................<a href="#page-6">6</a>
<a href="#section-2.3.1">2.3.1</a>. Unreliable Transport ................................<a href="#page-6">6</a>
<a href="#section-2.3.2">2.3.2</a>. Reliable Transport ..................................<a href="#page-6">6</a>
<a href="#section-2.4">2.4</a>. Detecting Support for NACK .................................<a href="#page-7">7</a>
<a href="#section-3">3</a>. Message Format ..................................................<a href="#page-7">7</a>
<a href="#section-3.1">3.1</a>. Message Fields .............................................<a href="#page-8">8</a>
<a href="#section-3.2">3.2</a>. Reason Codes ...............................................<a href="#page-9">9</a>
<a href="#section-4">4</a>. Security Considerations ........................................<a href="#page-13">13</a>
<a href="#section-4.1">4.1</a>. Reflector Attacks .........................................<a href="#page-13">13</a>
<a href="#section-4.2">4.2</a>. NACK Spoofing .............................................<a href="#page-13">13</a>
<a href="#section-5">5</a>. IANA Considerations ............................................<a href="#page-14">14</a>
<a href="#section-6">6</a>. Acknowledgements ...............................................<a href="#page-14">14</a>
<a href="#section-7">7</a>. References .....................................................<a href="#page-14">14</a>
<a href="#section-7.1">7.1</a>. Normative References ......................................<a href="#page-14">14</a>
<a href="#section-7.2">7.2</a>. Informative References ....................................<a href="#page-14">14</a>
<span class="h2"><a class="selflink" id="section-1" href="#section-1">1</a>. Introduction</span>
Signaling Compression [<a href="#ref-1" title=""Signaling Compression (SigComp)"">1</a>], often called "SigComp", defines a protocol
for transportation of compressed messages between two network
elements. One of the key features of SigComp is the ability of the
sending node to request that the receiving node store state objects
for later retrieval.
<span class="h3"><a class="selflink" id="section-1.1" href="#section-1.1">1.1</a>. The Problem</span>
While the "SigComp - Extended Operations" document [<a href="#ref-2" title=""Signaling Compression (SigComp) - Extended Operations"">2</a>] defines a
mechanism that allows for confirmation of state creation, operational
experience with the SigComp protocol has demonstrated that there are
still several circumstances in which a sender's view of the shared
state differs from the receiver's view. A non-exhaustive list
detailing the circumstances in which such failures may occur is
below.
<span class="grey">Roach Standards Track [Page 2]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-3" ></span>
<span class="grey"><a href="./rfc4077">RFC 4077</a> SigComp NACK May 2005</span>
<span class="h4"><a class="selflink" id="section-1.1.1" href="#section-1.1.1">1.1.1</a>. Compartment Disposal</span>
In SigComp, stored states are associated with compartments.
Conceptually, the compartments represent one instance of a remote
application. These compartments are used to limit the amount of
state that each remote application is allowed to store. Compartments
are created upon receipt of a valid SigComp message from a remote
application. In the current protocol, applications are expected to
signal when they are finished with a compartment so that it can be
deleted (by using the S-bit in requested feedback data).
Unfortunately, expecting the applications to be well-behaved is not
sufficient to prevent state from piling up. Unexpected client
failures, reboots, and loss of connectivity can cause compartments to
become "stuck" and never removed. To prevent this situation, it
becomes necessary to implement a scheme by which compartments that
appear disused may eventually be discarded.
While the preceding facts make such a practice necessary, discarding
compartments without explicit signaling can have the unfortunate side
effect that active compartments are sometimes discarded. This leads
to a different view of state between the server and the client.
<span class="h4"><a class="selflink" id="section-1.1.2" href="#section-1.1.2">1.1.2</a>. Client Restart</span>
The prime motivation for SigComp was compression of messages to be
sent over a radio interface. Consequently, most deployments of
SigComp will involve a mobile unit as one of the endpoints. Mobile
terminals are generally not guaranteed to be available for extended
durations of time. Node restarts (due to, for example, a battery
running out) will induce situations in which the network-based server
believes that the client contains several states that are no longer
actually available.
<span class="h4"><a class="selflink" id="section-1.1.3" href="#section-1.1.3">1.1.3</a>. Server Failover</span>
Many applications for which SigComp will be used (e.g., SIP [<a href="#ref-3" title=""SIP: Session Initiation Protocol"">3</a>]) use
DNS SRV records for server lookup. One of the important features of
DNS SRV records is the ability to specify multiple servers from which
clients will select at random, with probabilities determined by the
q-value weighting. The reason for defining this behavior for SRV
records is to allow load distribution through a set of equivalent
servers, and to permit clients to continue to function even if the
server with which they are communicating fails. When using protocols
that use SRV for such distribution, the traffic to a failed server is
typically sent by the client to an equivalent server that can serve
<span class="grey">Roach Standards Track [Page 3]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-4" ></span>
<span class="grey"><a href="./rfc4077">RFC 4077</a> SigComp NACK May 2005</span>
the same purpose. From an application perspective, this new server
often appears to be the same endpoint as the failed server, and will
consequently resolve to the same compartment.
Although SigComp state can be replicated amongst such a cluster of
servers, maintaining integrity of such states requires a two-phase
commit process that adds a great deal of complexity to the server and
can degrade performance significantly.
<span class="h3"><a class="selflink" id="section-1.2" href="#section-1.2">1.2</a>. The Solution</span>
Although SigComp allows returned SigComp parameters to signal that
all states have been lost (by setting "state_memory_size" to 0 for
one message in the reverse direction), such an approach provides an
incomplete solution to the problem. In addition to wiping out an
entire compartment when only one state is corrupt or missing, this
approach suffers from the unfortunate behavior that it requires a
message in the reverse direction that the remote application will
authorize. Unless a lower-layer security mechanism is employed
(e.g., TLS), this would typically mean that a compressed
application-level message in the reverse direction must be sent
before recovery can occur. In many cases (such as SIP-based mobile
terminals), these messages won't be sent often; in others (pure
client/server deployments), they won't ever be sent.
The proposed solution to this problem is a simple Negative
Acknowledgement (NACK) mechanism which allows the recipient to
communicate to the sender that a failure has occurred. This NACK
contains a reason code that communicates the nature of the failure.
For certain types of failures, the NACK will also contain additional
details that might be useful in recovering from the failure.
<span class="h2"><a class="selflink" id="section-2" href="#section-2">2</a>. Node Behavior</span>
The following sections detail the behavior of nodes sending and
receiving SigComp NACKs. The actual format and values are described
in <a href="#section-3">Section 3</a>.
<span class="h3"><a class="selflink" id="section-2.1" href="#section-2.1">2.1</a>. Normal SigComp Message Transmission</span>
Although normal in all other respects, SigComp implementations that
use the NACK mechanism need to calculate and store a SHA-1 hash for
each SigComp message that they send. This must be stored in such a
way that, given the SHA-1 hash, the implementation is able to locate
the compartment with which the sent message was associated.
<span class="grey">Roach Standards Track [Page 4]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-5" ></span>
<span class="grey"><a href="./rfc4077">RFC 4077</a> SigComp NACK May 2005</span>
In other words, if someone hands the SHA-1 hash back to the
compressor, it needs to be able to find the compartment with which it
was working when it sent the message with that hash. This only
requires that the compressor knows with which compartment it is
working when it sends a message (which is always the case), and that
the SHA-1 hash, when stored, points to that compartment in some way.
<span class="h3"><a class="selflink" id="section-2.2" href="#section-2.2">2.2</a>. Receiving a "Bad" SigComp Message</span>
When a received SigComp message causes a decompression failure, the
recipient forms and sends a SigComp NACK message. This NACK message
contains a SHA-1 hash of the received SigComp message that could not
be decompressed. It also contains the exact reason decompression
failed, as well as any additional details that might assist the NACK
recipient to correct any problems. See <a href="#section-3">Section 3</a> for more
information about formatting the NACK message and its fields.
For a connection-oriented transport, such as TCP, the NACK message is
sent back to the originator of the failed message over that same
connection.
For a stream-based transport, such as TCP, the standard SigComp
delimiter of 0xFFFF is used to terminate the NACK message.
For a connectionless transport, such as UDP, the NACK message is sent
back to the originator of the failed message at the port and IP
address from which the message was sent. Note that this may or may
not be the same port on which the application would typically receive
messages. To accommodate implementations that use connect() or
similar constructs, the NACK will be sent from the IP address and
port to which the uninterpretable message was sent. From a practical
perspective, this is probably easiest to determine by binding
listening sockets to a specific interface; however, other mechanisms
may also be employed.
The behavior specified above is strictly necessary for any generally
useful form of a NACK mechanism. In the most general case, when an
implementation receives a message that it cannot decompress, it has
exactly three useful pieces of information: (1) the contents of the
message, (2) an indication of why the message cannot be decoded, and
(3) the IP address and port from which the message originated. Note
that none of these contains any indication of where the remote
application is listening for messages, if it differs from the sending
port.
<span class="grey">Roach Standards Track [Page 5]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-6" ></span>
<span class="grey"><a href="./rfc4077">RFC 4077</a> SigComp NACK May 2005</span>
<span class="h3"><a class="selflink" id="section-2.3" href="#section-2.3">2.3</a>. Receiving a SigComp NACK</span>
The first action taken upon receipt of a NACK is an attempt to find
the message to which the NACK corresponds. This search is performed
using the 20-byte SHA-1 hash contained in the NACK. Once the
matching message is located, further operations are performed based
on the compartment that was associated with the sent message.
Further behavior of a node upon receiving a SigComp NACK depends on
whether a reliable or unreliable transport is being used.
<span class="h4"><a class="selflink" id="section-2.3.1" href="#section-2.3.1">2.3.1</a>. Unreliable Transport</span>
When SigComp is used over an unreliable transport, the application
has no reasonable expectation that the transport layer will deliver
any particular message. It then becomes the application layer's
responsibility to ensure that data is retransmitted as necessary. In
these circumstances, the NACK mechanism relies on such behavior to
ensure delivery of the message, and never performs retransmissions on
the application's behalf.
When a NACK is received for a message sent over an unreliable
transport, the NACK recipient uses the contained information to make
appropriate adjustments to the compressor associated with the proper
compartment. The exact nature of these adjustments are specific to
the compression scheme being used, and will vary from implementation
to implementation. The only requirement on these adjustments is that
they must have the effect of compensating for the error that has been
indicated (e.g., by removing the state that the remote node indicates
it cannot retrieve).
In particular, when an unreliable transport is used, the original
message must not be retransmitted by the SigComp layer upon receipt
of a NACK. Instead, the next application-initiated transmission of a
message will take advantage of the adjustments made as a result of
processing the NACK.
<span class="h4"><a class="selflink" id="section-2.3.2" href="#section-2.3.2">2.3.2</a>. Reliable Transport</span>
When a reliable transport is employed, the application makes a basic
assumption that any message passed down the stack will be
retransmitted as necessary to ensure that the remote node receives
it, unless a failure is indicated by the transport layer. Because
SigComp acts as a shim between the transport-layer and the
application, it becomes the responsibility of the SigComp
implementation to ensure that any failure to transmit a message is
communicated to the application.
<span class="grey">Roach Standards Track [Page 6]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-7" ></span>
<span class="grey"><a href="./rfc4077">RFC 4077</a> SigComp NACK May 2005</span>
When a NACK is received for a message sent over a reliable transport,
the SigComp layer must indicate to the application that an error has
occurred. In general, the application should react in the same way
as it does for any other transport layer error, such as a TCP
connection reset. For most applications, this reaction will
initially be an attempt to reset and re-establish the connection, and
re-initiate the failed transaction. The SigComp layer should also
use the information contained in the NACK to make appropriate
adjustments to the compressor associated with the proper compartment
(similar to the adjustments made for unreliable transport). Thus, if
the compartment is not reset by resetting the TCP connection, the
next message will take advantage of the adjustments.
<span class="h3"><a class="selflink" id="section-2.4" href="#section-2.4">2.4</a>. Detecting Support for NACK</span>
Detection of support for the NACK mechanism may be beneficial in
certain circumstances. For example, with the current definition of
SigComp, acknowledgment of state receipt is required before a sender
can reference such state. When multiple messages are sent before a
response is received, the need to wait for such responses can cause
significant decreases in message compression efficiency. If it is
known that the receiver supports the NACK mechanism, the sender can
instead optimistically assume that the state created by a sent
message has been created, and is allowed to be referenced. If such
an assumption turns out to be false (due to, for example, packet loss
or packet reordering), the sender can recover upon receipt of a NACK.
In order to facilitate such detection, any implementation that will
send NACK messages upon decompression failure will indicate a SigComp
version number of 0x02 in its Universal Decompressor Virtual Machine
(UDVM). The bytecodes sent to such an endpoint can check the version
number, and send appropriate indication back to their compressor as
requested feedback. Except for the NACK mechanism described in this
document, implementations advertising a version of 0x02 behave
exactly like those advertising a version number of 0x01.
<span class="h2"><a class="selflink" id="section-3" href="#section-3">3</a>. Message Format</span>
SigComp NACK packets are syntactically valid SigComp messages which
have been specifically designed to be safely ignored by
implementations that do not support the NACK mechanism.
In particular, NACK messages are formatted as the second variant of a
SigComp message (typically used for code upload) with a "code_len"
field of zero. The NACK information (message identifier, reason for
failure, and error details) is encoded in the "remaining SigComp
<span class="grey">Roach Standards Track [Page 7]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-8" ></span>
<span class="grey"><a href="./rfc4077">RFC 4077</a> SigComp NACK May 2005</span>
message" area, typically used for input data. Further, the
"destination" field is used as a version identifier to indicate which
version of NACK is being employed.
<span class="h3"><a class="selflink" id="section-3.1" href="#section-3.1">3.1</a>. Message Fields</span>
The format of the NACK message and the use of the fields within it
are shown in Figure 1.
0 1 2 3 4 5 6 7
+---+---+---+---+---+---+---+---+
| 1 1 1 1 1 | T | 0 |
+---+---+---+---+---+---+---+---+
| |
: returned feedback item :
| |
+---+---+---+---+---+---+---+---+
| code_len = 0 |
+---+---+---+---+---+---+---+---+
| code_len = 0 | version = 1 |
+---+---+---+---+---+---+---+---+
| Reason Code |
+---+---+---+---+---+---+---+---+
| OPCODE of failed instruction |
+---+---+---+---+---+---+---+---+
| PC of failed instruction |
| |
+---+---+---+---+---+---+---+---+
| |
: SHA-1 Hash of failed message :
| |
+---+---+---+---+---+---+---+---+
| |
: Error Details :
| |
+---+---+---+---+---+---+---+---+
Figure 1: SigComp NACK Message Format
o "Reason Code" is a one-byte value that indicates the nature of the
decompression failure. The specific codes are given in
<a href="#section-3.2">Section 3.2</a>.
o "OPCODE of failed instruction" is a one-byte field that includes
the opcode to which the PC was pointing when the failure occurred.
If failure occurred before the UDVM began executing any code, this
field is set to 0.
<span class="grey">Roach Standards Track [Page 8]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-9" ></span>
<span class="grey"><a href="./rfc4077">RFC 4077</a> SigComp NACK May 2005</span>
o "PC of failed instruction" is a two-byte field containing the
value of the program counter when failure occurred (i.e., the
memory address of the failed UDVM instruction). The field is
encoded with the most significant byte of the PC first (i.e., in
network or big endian order). If failure occurred before the UDVM
began executing any code, this field is set to 0.
o "SHA-1 Hash of failed message" contains the full 20-byte SHA-1
hash of the SigComp message that could not be decompressed. This
information allows the NACK recipient to locate the message that
failed to decompress so that adjustments to the correct
compartment can be performed. When performing this hash, the
entire SigComp message is used, from the header byte (binary
11111xxx) to the end of the input. Any lower-level protocol
headers (such as UDP or IP) and message delimiters (the 0xFFFF
that marks message boundaries in stream protocols) are not
included in the hash. When used over a stream based protocol, any
0xFFxx escape sequences are un-escaped before performing the hash
operation.
o "Error Details" provides additional information that might be
useful in correcting the problem that caused decompression
failure. Its meaning is specific to the "Reason Code". See
<a href="#section-3.2">Section 3.2</a> for specific information on what appears in this
field.
o "Code_len" is the "code_len" field from a standard SigComp
message. It is always set to "0" for NACK messages.
o "Version" gives the version of the NACK mechanism being employed.
This document defines version 1.
<span class="h3"><a class="selflink" id="section-3.2" href="#section-3.2">3.2</a>. Reason Codes</span>
Note that many of the status codes are more useful in debugging
interoperability problems than with on-the-fly correction of errors.
The "STATE_NOT_FOUND" error is a notable exception: it will generally
cause the NACK recipient to encode future messages so as to not use
the indicated state.
Upon receiving the other status messages, an implementation would
typically be expected either to use a different set of bytecodes or,
if that is not an option, to send that specific message uncompressed.
<span class="grey">Roach Standards Track [Page 9]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-10" ></span>
<span class="grey"><a href="./rfc4077">RFC 4077</a> SigComp NACK May 2005</span>
Error Code Details
-------------------------- ---- ---------------------------
STATE_NOT_FOUND 1 State ID (6 - 20 bytes)
CYCLES_EXHAUSTED 2 Cycles Per Bit (1 byte)
USER_REQUESTED 3
SEGFAULT 4
TOO_MANY_STATE_REQUESTS 5
INVALID_STATE_ID_LENGTH 6
INVALID_STATE_PRIORITY 7
OUTPUT_OVERFLOW 8
STACK_UNDERFLOW 9
BAD_INPUT_BITORDER 10
DIV_BY_ZERO 11
SWITCH_VALUE_TOO_HIGH 12
TOO_MANY_BITS_REQUESTED 13
INVALID_OPERAND 14
HUFFMAN_NO_MATCH 15
MESSAGE_TOO_SHORT 16
INVALID_CODE_LOCATION 17
BYTECODES_TOO_LARGE 18 Memory size (2 bytes)
INVALID_OPCODE 19
INVALID_STATE_PROBE 20
ID_NOT_UNIQUE 21 State ID (6 - 20 bytes)
MULTILOAD_OVERWRITTEN 22
STATE_TOO_SHORT 23 State ID (6 - 20 bytes)
INTERNAL_ERROR 24
FRAMING_ERROR 25
Only the five errors "STATE_NOT_FOUND", "CYCLES_EXHAUSTED",
"BYTECODES_TOO_LARGE", "ID_NOT_UNIQUE", and "STATE_TOO_SHORT" contain
details; for all other error codes, the "Error Details" field has
zero length.
Figure 2: SigComp NACK Reason Codes
1. STATE_NOT_FOUND
A state that was referenced cannot be found. The state may have
been referenced by the UDVM executing a STATE-ACCESS
instruction; it also may have been referenced by the "partial
state identifier" field in a SigComp message. The "details"
field contains the state identifier for the state that could not
be found. This is also the proper error to return in the case
that a unique state item was matched but fewer bytes of state ID
were sent than required by the minimum_access_length.
<span class="grey">Roach Standards Track [Page 10]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-11" ></span>
<span class="grey"><a href="./rfc4077">RFC 4077</a> SigComp NACK May 2005</span>
2. CYCLES_EXHAUSTED
Decompression of the message has taken more cycles than were
allocated to it. The "details" field contains a one-byte value
that communicates the number of cycles per bit. The cycles per
bit is represented as an unsigned 8-bit integer (i.e., not
encoded).
3. USER_REQUESTED
The DECOMPRESSION-FAILURE opcode has been executed.
4. SEGFAULT
An attempt to read from or write to memory that is outside of
the UDVM's memory space has been attempted.
5. TOO_MANY_STATE_REQUESTS
More than four requests to store or delete state objects have
been requested.
6. INVALID_STATE_ID_LENGTH
A state id length less than 6 or greater than 20 has been
specified.
7. INVALID_STATE_PRIORITY
A state priority of 65535 has been specified when attempting to
store a state.
8. OUTPUT_OVERFLOW
The decompressed message is too large to be decoded by the
receiving node.
9. STACK_UNDERFLOW
An attempt to pop a value off the UDVM stack was made with a
stack_fill value of 0.
10. BAD_INPUT_BITORDER
An INPUT-BITS or INPUT-HUFFMAN instruction was encountered with
the "input_bit_order" register set to an invalid value (i.e.,
one of the upper 13 bits is set).
11. DIV_BY_ZERO
A DIVIDE or REMAINDER opcode was encountered with a divisor of
0.
12. SWITCH_VALUE_TOO_HIGH
The input to a SWITCH opcode exceeds the number of branches
defined.
<span class="grey">Roach Standards Track [Page 11]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-12" ></span>
<span class="grey"><a href="./rfc4077">RFC 4077</a> SigComp NACK May 2005</span>
13. TOO_MANY_BITS_REQUESTED
An INPUT-BITS or INPUT-HUFFMAN instruction was encountered that
attempted to input more than 16 bits.
14. INVALID_OPERAND
An operand for an instruction could not be resolved to an
integer value (e.g., a literal or reference operand beginning
with 11111111).
15. HUFFMAN_NO_MATCH
The input string does not match any of the bitcodes in the
INPUT-HUFFMAN opcode.
16. MESSAGE_TOO_SHORT
When attempting to decode a SigComp message, the recipient
determined that there were not enough bytes in the message for
it to be valid.
17. INVALID_CODE_LOCATION
The "code location" field in the SigComp message was set to the
invalid value of 0.
18. BYTECODES_TOO_LARGE
The bytecodes that a SigComp message attempted to upload exceed
the amount of memory available in the receiving UDVM. The
details field is a two-byte expression of the
DECOMPRESSION_MEMORY_SIZE of the receiving UDVM. This value is
communicated most-significant-byte first.
19. INVALID_OPCODE
The UDVM attempted to identify an undefined byte value as an
instruction.
20. INVALID_STATE_PROBE
When attempting to retrieve state, the state_length operand is
set to 0 but the state_begin operand is non-zero.
21. ID_NOT_UNIQUE
A partial state identifier that was used to access state matched
more than one state item. Note that this error might be
returned as the result of executing a STATE-ACCESS instruction
or attempting to locate a unique piece of state as identified by
the "partial state identifier" in a SigComp message. The
"details" field contains the partial state identifier that was
requested.
22. MULTILOAD_OVERWRITTEN
A MULTILOAD instruction attempted to overwrite itself.
<span class="grey">Roach Standards Track [Page 12]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-13" ></span>
<span class="grey"><a href="./rfc4077">RFC 4077</a> SigComp NACK May 2005</span>
23. STATE_TOO_SHORT
A STATE-ACCESS instruction has attempted to copy more bytes from
a state item than the state item actually contains. The
"details" field contains the partial state identifier that was
requested. Implementors are cautioned to return only the
partial state identifier that was requested; if the NACK
contains any state identifier in addition to what was requested,
attackers may be able to use that additional information to
access the state.
24. INTERNAL_ERROR
The UDVM encountered an unexpected condition that prevented it
from decompressing the message.
25. FRAMING_ERROR
The UDVM encountered a framing error (unquoted 0xFF 80 .. 0xFF
FE in an input stream.) This error is applicable only to
messages received on a stream transport. In the case of a
framing error, a SHA-1 hash for a unique message cannot be
determined. Consequently, when a FRAMING_ERROR NACK is sent,
the "SHA-1 Hash of failed message" field should be set to all
zeros.
<span class="h2"><a class="selflink" id="section-4" href="#section-4">4</a>. Security Considerations</span>
<span class="h3"><a class="selflink" id="section-4.1" href="#section-4.1">4.1</a>. Reflector Attacks</span>
Because SigComp NACK messages are by necessity sent in response to
other messages, it is possible to trigger them by intentionally
sending malformed messages to a SigComp implementation with a spoofed
IP address. However, because such actions can only generate one
message for each message sent, they don't serve as amplifier attacks.
Further, due to the reasonably small size of NACK packets, there
cannot be a significant increase in the size of the packet generated.
It is worth noting that nearly all deployed protocols exhibit this
same behavior.
<span class="h3"><a class="selflink" id="section-4.2" href="#section-4.2">4.2</a>. NACK Spoofing</span>
Although it is possible to forge NACK messages as if they were
generated by a different node, the damage that can be caused is
minimal. Reporting a loss of state will typically result in nothing
more than the re-transmission of that state in a subsequent message.
Other failure codes would result in the next message being sent using
an alternate compression mechanism, or possibly uncompressed.
<span class="grey">Roach Standards Track [Page 13]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-14" ></span>
<span class="grey"><a href="./rfc4077">RFC 4077</a> SigComp NACK May 2005</span>
Although all of the above consequences result in slightly larger
messages, none of them have particularly catastrophic implications
for security.
<span class="h2"><a class="selflink" id="section-5" href="#section-5">5</a>. IANA Considerations</span>
This document defines a new value for the IANA registered attribute
SigComp_version.
Value (in hex): 02
Description: SigComp version 2 (NACK support)
Reference: [<a href="./rfc4077">RFC4077</a>]
<span class="h2"><a class="selflink" id="section-6" href="#section-6">6</a>. Acknowledgements</span>
Thanks to Carsten Bormann, Zhigang Liu, Pekka Pessi, and Robert Sugar
for their comments and suggestions. Special thanks to Abigail
Surtees and Richard Price for several very detailed reviews and
suggestions.
<span class="h2"><a class="selflink" id="section-7" href="#section-7">7</a>. References</span>
<span class="h3"><a class="selflink" id="section-7.1" href="#section-7.1">7.1</a>. Normative References</span>
[<a id="ref-1">1</a>] Price, R., Bormann, C., Christoffersson, J., Hannu, H., Liu, Z.,
and J. Rosenberg, "Signaling Compression (SigComp)", <a href="./rfc3320">RFC 3320</a>,
January 2003.
[<a id="ref-2">2</a>] Hannu, H., Christoffersson, J., Forsgren, S., Leung, K.-C., Liu,
Z., and R. Price, "Signaling Compression (SigComp) - Extended
Operations", <a href="./rfc3321">RFC 3321</a>, January 2003.
<span class="h3"><a class="selflink" id="section-7.2" href="#section-7.2">7.2</a>. Informative References</span>
[<a id="ref-3">3</a>] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A.,
Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP:
Session Initiation Protocol", <a href="./rfc3261">RFC 3261</a>, June 2002.
<span class="grey">Roach Standards Track [Page 14]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-15" ></span>
<span class="grey"><a href="./rfc4077">RFC 4077</a> SigComp NACK May 2005</span>
Author's Address
Adam Roach
Estacado Systems
17210 Campbell Road
Suite 250
Dallas, TX 75252
US
EMail: adam@estacado.net
<span class="grey">Roach Standards Track [Page 15]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-16" ></span>
<span class="grey"><a href="./rfc4077">RFC 4077</a> SigComp NACK May 2005</span>
Full Copyright Statement
Copyright (C) The Internet Society (2005).
This document is subject to the rights, licenses and restrictions
contained in <a href="https://www.rfc-editor.org/bcp/bcp78">BCP 78</a>, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in <a href="https://www.rfc-editor.org/bcp/bcp78">BCP 78</a> and <a href="https://www.rfc-editor.org/bcp/bcp79">BCP 79</a>.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
<a href="http://www.ietf.org/ipr">http://www.ietf.org/ipr</a>.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at ietf-
ipr@ietf.org.
Acknowledgement
Funding for the RFC Editor function is currently provided by the
Internet Society.
Roach Standards Track [Page 16]
</pre>
|
