Date: 11/18/96 To: WinSock 2 mailing list From: David B. Andersen Hi all, The following proposal was developed at a meeting on "hooking and chaining" held at the recently concluded Bakeoff #4. I took an action item to write it all up and publish it to the list for comments and feedback. Enjoy! --Dave Andersen A Proposal for Managing the Ordering of Layered Providers in Protocol Chains A meeting on "hooking and chaining" was held on October 30, 1996, coincident with the last WinSock 2 Bakeoff. At this meeting issues surrounding the installation of layered service providers were discussed. A proposal was generated, and is described below. Note that this proposal supersedes the proposal made coinicident with Bakeoff #3 (the "cloaking" proposal). Based on feedback received, the cloaking proposal is no longer receiving active consideration. Companies that currently use hooking and chaining are now being strongly encouraged to switch to a layered provider architecture. However, serious concerns were raised by those present about the difficulties involved in determining how to install a new layered provider into an existing WinSock 2-enabled system. Each new layered provider needs to be included into one or more protocol chains. Therefore, the install program that creates such chains needs some way to determine how to position a new layered provider relative to any existing providers. The problem being addressed can be summarized as follows: Identify a means whereby new layered service providers can be added to a WinSock 2 enabled system in such a manner that the new provider can successfully perform its intended function without disrupting the functions provided by any existing providers. To address these requirements, it is proposed that each layered provider be assigned to one of several classes, and additionally that each provider be assigned a unique product code. The class and product code information would be carried in the WSAProtocolInfo structure, using one of the currently unused DWORDS that is reserved for future expansion of protocol attributes. The proposed classes fall into two different categories: socket data and socket addressing, and indicate whether the LSP operates on payload data or on addressing and network signaling information. The classes would be organized as follows: Examine (ClassId = 20) Socket Data Modify (ClassId = 40) Encode (ClassId = 60) ============================================ Examine (ClassId = 100) Socket Addressing Modify (ClassId = 120) Encode (ClassId = 140) Examples of LSPs that would fall into these classes are as follows: Data/Examine: An LSP that monitors the data flowing across a socket connection in order to gather statistics or create a local cache. Data/Modify: An LSP that monitors data flowing across a socket connection and which removes selected portions such as advertising or sexually explicit language. Data/Encode: An LSP that encrypts or compresses the payload data. Addressing/Examine: A Quality of Service LSP such as RSVP which needs to see the socket addressing information in order to determine the contents of PATH and RESERVE messages to be sent out. Addressing/Modify: An LSP that implements a firewall proxy (such as SOCKS) by monitoring all addresses and changing those that are outside the local firewall. This could also include an LSP that monitors URLs and blocks those that are for restricted sites. Addressing/Encode: An LSP that tunnels one transport protocol inside of another, particularly when the protocol used for the tunnel is not the same address family as that carried inside the tunnel. An example of this would be a provider that tunnels TCP streams across an IPX network. As can be inferred from the above examples, an LSP that "examines" will not modify the data/addressing information in any way. LSPs that "modify" may add to, remove from and modify data and addressing information. LSPs that either examine or modify are expected to both consume and produce clear data or addressing information, respectively. By "clear" we mean information that is not encoded, compressed or otherwise rendered in a non-native format. LSPs that "encode" perform a transformation on the data/addressing information which could also result in either an increase or a decrease in the size of the transformed output. Encoding LSPs may or may not require clear information as input, and are assumed to produce non-clear information on output. This classification system may result in the need for an LSP incarnation of some current hooking/chaining products to consist of multiple LSPs. This is so because existing products such as pornography filters act on both content and URL (i.e. addressing) information. At least one such vendor was present at the meeting where this was pointed out, and indicated that this was acceptable. We would like very much to hear the reaction of other vendors on this important point. When installing LSPs into protocol chains, the LSPs should be ordered according to their assigned class ID values, with the lowest numbers at the top of the chain (closer to the application) and the highest numbers at the bottom of the chain (closer to the base provider). If there are no other providers of the same class as a new LSP to be installed, the installation program will know immediately how to order the new LSP within protocol chains. When one or more LSPs for a given class are already present, the installation program must examine the product ID's of the incumbent class members in order to determine how to order the new provider relative to each. This determination is to be based on heuristic knowledge (embedded within the install program) which indicates how the LSP being installed should be positioned relative to the specific incumbents involved. This is without question the part of this proposal which we are least fond of, but a better alternative has not been identified. Each developer of a new LSP is responsible to obtain a unique product code from the WinSock Identifier Clearinghouse (currently operated by Stardust). In order to obtain a product code, the developer must indicate the class or classes to which the new LSP belongs, and provide developer contact information. Those who create installation programs for a new LSP are expected to query the LSP product code database and determine which other existing LSPs fall into the same class. For each existing LSP in the same class, a determination should be made as to whether the new LSP is compatible, and, if so, whether the new LSP should be installed above or below the existing LSP. This information should then be incorporated into the installation program's heuristic knowledge base. It is strongly suggested that installation programs be written in such a way that the heuristic knowledge base can be subsequently updated, preferably via the Web. This will minimize ordering dependencies that a consumer may face when installing or re-installing LSP components. Feedback and comments on this proposal are actively solicited! =============++=============++=============++=============++=========== David B. Andersen andersen@alder.intel.com or Intel Architecture Labs david_b_andersen@ccm.jf.intel.com