From mehmet.asl at gmail.com Wed Dec 1 23:57:42 2010 From: mehmet.asl at gmail.com (Mehmet Aslan) Date: Thu, 2 Dec 2010 09:57:42 +0200 Subject: [sctp-dev] Problem with SCTP_SET_PEER_PRIMARY_ADDR option Message-ID: Hi All, Actually I asked the following question in a reply message to the prior thread. Maybe because this, it did not draw any attention. The problem still exists and I can not go forward and I am not sure if it is a setting issue on SCTP side or if it is a problem in my setup. I will try my chance in a new thread hoping that I can get some useful response, as it happened in the previous thread. Currently, net.sctp.addip_noauth_enable = 1 net.sctp.addip_enable = 1 Now, I can bind new addresses to a connected association or unbind any of local addresses from it. However I can not set peer primary address using related setOption() method. The simple scenario and the case; Server Client 192.168.1.25 :3456 192.168.1.25 :6060 192.168.1.133 :6060 I would like to change peer primary address from ... .25:6060 to ... .133:6060 instructing from the client side (using setOption(SCTP_SET_PEER_PRIMARY_ADDR, sockAddr). When I applied the instruction, I get a java.net exception. Here are the related code parts: Server: ... ssc.getOption(SCTP_PRIMARY_ADDR); // This gives out ... .25 :6060 as the primary addr Client: ... // I want the server to use the other address (... .133 :6060) as the primary address // and I want to make this change by means of an instruction from client side. I use the code below; sockAddr = new InetSocketAddress("192.168.1.133", 6060); sc.setOption(SCTP_SET_PEER_PRIMARY_ADDR, sockAddr); .... In the output window of client, at the line of setOption() method I get the following exception and no change in the primary address: "java.net.SocketException: Cannot assign requested address" I will appreciate much if an explanation is posted about how I can solve this issue. Additionally, is the following setting enough to enable Dynamic Address Reconfiguration extension completely? net.sctp.addip_noauth_enable = 1 net.sctp.addip_enable = 1 Thanks in advance, regards, MehmetAslan -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.openjdk.java.net/pipermail/sctp-dev/attachments/20101202/fceb5d65/attachment.html From chris.hegarty at oracle.com Thu Dec 2 04:56:40 2010 From: chris.hegarty at oracle.com (Chris Hegarty) Date: Thu, 02 Dec 2010 12:56:40 +0000 Subject: [sctp-dev] Problem with SCTP_SET_PEER_PRIMARY_ADDR option In-Reply-To: References: Message-ID: <4CF79788.1060003@oracle.com> Sorry for the delay, but I'm really busy at the moment. I will look into this and get back to you. -Chris. Mehmet Aslan wrote: > Hi All, > Actually I asked the following question in a reply message to the prior > thread. Maybe because this, it did not draw any attention. The problem > still exists and I can not go forward and I am not sure if it is a > setting issue on SCTP side or if it is a problem in my setup. I will try > my chance in a new thread hoping that I can get some useful response, as > it happened in the previous thread. > Currently, > > net.sctp.addip_noauth_enable = 1 > net.sctp.addip_enable = 1 > > Now, I can bind new addresses to a connected association or unbind any > of local addresses from it. However I can not set peer primary address > using related setOption() method. > The simple scenario and the case; > Server Client > 192.168.1.25 :3456 192.168.1.25 :6060 > 192.168.1.133 :6060 > > I would like to change peer primary address from ... .25:6060 to ... > .133:6060 instructing from the client side (using > setOption(SCTP_SET_PEER_PRIMARY_ADDR, sockAddr). When I applied the > instruction, I get a java.net exception. Here are the > related code parts: > > Server: > ... > ssc.getOption(SCTP_PRIMARY_ADDR); // This gives out ... .25 :6060 as > the primary addr > > Client: > ... > // I want the server to use the other address (... .133 :6060) as the > primary address > // and I want to make this change by means of an instruction from client > side. I use the code below; > sockAddr = new InetSocketAddress("192.168.1.133", 6060); > sc.setOption(SCTP_SET_PEER_PRIMARY_ADDR, sockAddr); > .... > > In the output window of client, at the line of setOption() method I get > the following exception and no change in the primary address: > "java.net.SocketException: Cannot assign requested address" > > I will appreciate much if an explanation is posted about how I can solve > this issue. > Additionally, is the following setting enough to enable Dynamic Address > Reconfiguration extension completely? > > net.sctp.addip_noauth_enable = 1 > net.sctp.addip_enable = 1 > > Thanks in advance, > regards, > MehmetAslan From chris.hegarty at oracle.com Fri Dec 3 05:51:25 2010 From: chris.hegarty at oracle.com (Chris Hegarty) Date: Fri, 03 Dec 2010 13:51:25 +0000 Subject: [sctp-dev] Problem with SCTP_SET_PEER_PRIMARY_ADDR option In-Reply-To: References: Message-ID: <4CF8F5DD.1040503@oracle.com> Hi Mehmet, There is certainly a bug in the Java implementation where we set SCTP_SET_PEER_PRIMARY_ADDR, but it is not clear to me that the native lksctp stack is behaving as expected. I've sent a mail to the lksctp-developers mailing list to request clarification on the expected behavior of the native call. Once I have clarification I will make the appropriate changes in the JDK. I filed a bug, CR 7004439 "(sctp) SCTP_SET_PEER_PRIMARY_ADDR throws SocketException on Linux", against this problem for the JDK. Thanks for finding and reporting this issue. I will update this thread (hopefully within the next few days) with more information as it becomes available. Thanks, -Chris. On 02/12/2010 07:57, Mehmet Aslan wrote: > Hi All, > Actually I asked the following question in a reply message to the prior > thread. Maybe because this, it did not draw any attention. The problem > still exists and I can not go forward and I am not sure if it is a > setting issue on SCTP side or if it is a problem in my setup. I will try > my chance in a new thread hoping that I can get some useful response, as > it happened in the previous thread. > Currently, > > net.sctp.addip_noauth_enable = 1 > net.sctp.addip_enable = 1 > > Now, I can bind new addresses to a connected association or unbind any > of local addresses from it. However I can not set peer primary address > using related setOption() method. > The simple scenario and the case; > Server Client > 192.168.1.25 :3456 192.168.1.25 :6060 > 192.168.1.133 :6060 > > I would like to change peer primary address from ... .25:6060 to ... > .133:6060 instructing from the client side (using > setOption(SCTP_SET_PEER_PRIMARY_ADDR, sockAddr). When I applied the > instruction, I get a java.net exception. Here are the > related code parts: > > Server: > ... > ssc.getOption(SCTP_PRIMARY_ADDR); // This gives out ... .25 :6060 as > the primary addr > > Client: > ... > // I want the server to use the other address (... .133 :6060) as the > primary address > // and I want to make this change by means of an instruction from client > side. I use the code below; > sockAddr = new InetSocketAddress("192.168.1.133", 6060); > sc.setOption(SCTP_SET_PEER_PRIMARY_ADDR, sockAddr); > .... > > In the output window of client, at the line of setOption() method I get > the following exception and no change in the primary address: > "java.net.SocketException: Cannot assign requested address" > > I will appreciate much if an explanation is posted about how I can solve > this issue. > Additionally, is the following setting enough to enable Dynamic Address > Reconfiguration extension completely? > > net.sctp.addip_noauth_enable = 1 > net.sctp.addip_enable = 1 > > Thanks in advance, > regards, > MehmetAslan From mehmet.asl at gmail.com Fri Dec 3 13:33:35 2010 From: mehmet.asl at gmail.com (Mehmet Aslan) Date: Fri, 3 Dec 2010 23:33:35 +0200 Subject: [sctp-dev] Problem with SCTP_SET_PEER_PRIMARY_ADDR option In-Reply-To: <4CF8F5DD.1040503@oracle.com> References: <4CF8F5DD.1040503@oracle.com> Message-ID: Hi Chris, Thank you for your kind interest. It would be definitely a pleasure for me if it was a contribution in any way. I am looking forward to your update. By the way, I read your mail in lksctp-developers site. The following quotation from your mail is really interesting for my purposes: " ... when I use the IPv4 address it appears to work as expected. ..." For the moment, being able to set the peer primary address using IPv4 addresses is quite enough for my application. Using the statement in your mail as a clue, I tried changing my addresses by using Inet4Address class, but I get the same exception again. Is there a possibility that you could explain how I can achieve it? Or is there a work around to set the peer primary address with the same switching time comparable to using the setOption() method. Sorry for the inconvenience in your busy time, but it is really important. Regards, MehmetAslan 2010/12/3 Chris Hegarty > Hi Mehmet, > > There is certainly a bug in the Java implementation where we set > SCTP_SET_PEER_PRIMARY_ADDR, but it is not clear to me that the native lksctp > stack is behaving as expected. I've sent a mail to the lksctp-developers > mailing list to request clarification on the expected behavior of the native > call. Once I have clarification I will make the appropriate changes in the > JDK. > > I filed a bug, CR 7004439 "(sctp) SCTP_SET_PEER_PRIMARY_ADDR throws > SocketException on Linux", against this problem for the JDK. > > Thanks for finding and reporting this issue. I will update this thread > (hopefully within the next few days) with more information as it becomes > available. > > Thanks, > -Chris. > > > On 02/12/2010 07:57, Mehmet Aslan wrote: > >> Hi All, >> Actually I asked the following question in a reply message to the prior >> thread. Maybe because this, it did not draw any attention. The problem >> still exists and I can not go forward and I am not sure if it is a >> setting issue on SCTP side or if it is a problem in my setup. I will try >> my chance in a new thread hoping that I can get some useful response, as >> it happened in the previous thread. >> Currently, >> >> net.sctp.addip_noauth_enable = 1 >> net.sctp.addip_enable = 1 >> >> Now, I can bind new addresses to a connected association or unbind any >> of local addresses from it. However I can not set peer primary address >> using related setOption() method. >> The simple scenario and the case; >> Server Client >> 192.168.1.25 :3456 192.168.1.25 :6060 >> 192.168.1.133 :6060 >> >> I would like to change peer primary address from ... .25:6060 to ... >> .133:6060 instructing from the client side (using >> setOption(SCTP_SET_PEER_PRIMARY_ADDR, sockAddr). When I applied the >> instruction, I get a java.net exception. Here are the >> >> related code parts: >> >> Server: >> ... >> ssc.getOption(SCTP_PRIMARY_ADDR); // This gives out ... .25 :6060 as >> the primary addr >> >> Client: >> ... >> // I want the server to use the other address (... .133 :6060) as the >> primary address >> // and I want to make this change by means of an instruction from client >> side. I use the code below; >> sockAddr = new InetSocketAddress("192.168.1.133", 6060); >> sc.setOption(SCTP_SET_PEER_PRIMARY_ADDR, sockAddr); >> .... >> >> In the output window of client, at the line of setOption() method I get >> the following exception and no change in the primary address: >> "java.net.SocketException: Cannot assign requested address" >> >> I will appreciate much if an explanation is posted about how I can solve >> this issue. >> Additionally, is the following setting enough to enable Dynamic Address >> Reconfiguration extension completely? >> >> net.sctp.addip_noauth_enable = 1 >> net.sctp.addip_enable = 1 >> >> Thanks in advance, >> regards, >> MehmetAslan >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.openjdk.java.net/pipermail/sctp-dev/attachments/20101203/8ee7dcdc/attachment.html From chris.hegarty at oracle.com Mon Dec 6 07:28:25 2010 From: chris.hegarty at oracle.com (Chris Hegarty) Date: Mon, 06 Dec 2010 15:28:25 +0000 Subject: [sctp-dev] Problem with SCTP_SET_PEER_PRIMARY_ADDR option In-Reply-To: References: <4CF8F5DD.1040503@oracle.com> Message-ID: <4CFD0119.4000503@oracle.com> Hi Mehmet, Unfortunately there is no way of setting the peer primary address on Linux (using lksctp) because of CR 7004439 (which I filed for this issue). What the Java implementation currently does (when setting the peer primary address) is that it converts all IPv4 addresses to IPv4-mapped addresses. And it does not correctly set the native sock_addr in the sctp_setpeerprim struct. I need to resolve this issues in the JDK, but I also wanted to understand why IPv4-mapped addresses are not accepted when they are for other native calls. What I will do is create a changeset to resolve the JDK issue as I understand lksctp to work today, and follow up with the native clarification separately. Either way I guess if lksctp is ever to change it would be a some point in the future, and old kernels will always behave as they do today. Please give me a few days and I'll send a code review request copying this mailing list. Then the fix will be in a JDK7 promoted build within about 2 weeks. -Chris. On 12/ 3/10 09:33 PM, Mehmet Aslan wrote: > Hi Chris, > Thank you for your kind interest. It would be definitely a pleasure for > me if it was a contribution in any way. > I am looking forward to your update. > By the way, I read your mail in lksctp-developers site. The following > quotation from your mail is really interesting for my purposes: > " ... when I use the IPv4 address it appears to work as expected. ..." > > For the moment, being able to set the peer primary address using IPv4 > addresses is quite enough for my application. Using the statement in > your mail as a clue, I tried changing my addresses by using Inet4Address > class, but I get the same exception again. > Is there a possibility that you could explain how I can achieve it? Or > is there a work around to set the peer primary address with the same > switching time comparable to using the setOption() method. > > Sorry for the inconvenience in your busy time, but it is really important. > Regards, > MehmetAslan > > > 2010/12/3 Chris Hegarty > > > Hi Mehmet, > > There is certainly a bug in the Java implementation where we set > SCTP_SET_PEER_PRIMARY_ADDR, but it is not clear to me that the > native lksctp stack is behaving as expected. I've sent a mail to the > lksctp-developers mailing list to request clarification on the > expected behavior of the native call. Once I have clarification I > will make the appropriate changes in the JDK. > > I filed a bug, CR 7004439 "(sctp) SCTP_SET_PEER_PRIMARY_ADDR throws > SocketException on Linux", against this problem for the JDK. > > Thanks for finding and reporting this issue. I will update this > thread (hopefully within the next few days) with more information as > it becomes available. > > Thanks, > -Chris. > > > On 02/12/2010 07:57, Mehmet Aslan wrote: > > Hi All, > Actually I asked the following question in a reply message to > the prior > thread. Maybe because this, it did not draw any attention. The > problem > still exists and I can not go forward and I am not sure if it is a > setting issue on SCTP side or if it is a problem in my setup. I > will try > my chance in a new thread hoping that I can get some useful > response, as > it happened in the previous thread. > Currently, > > net.sctp.addip_noauth_enable = 1 > net.sctp.addip_enable = 1 > > Now, I can bind new addresses to a connected association or > unbind any > of local addresses from it. However I can not set peer primary > address > using related setOption() method. > The simple scenario and the case; > Server Client > 192.168.1.25 :3456 192.168.1.25 :6060 > 192.168.1.133 > :6060 > > I would like to change peer primary address from ... .25:6060 to ... > .133:6060 instructing from the client side (using > setOption(SCTP_SET_PEER_PRIMARY_ADDR, sockAddr). When I applied the > instruction, I get a java.net > exception. Here are the > > related code parts: > > Server: > ... > ssc.getOption(SCTP_PRIMARY_ADDR); // This gives out ... .25 > :6060 as > the primary addr > > Client: > ... > // I want the server to use the other address (... .133 :6060) > as the > primary address > // and I want to make this change by means of an instruction > from client > side. I use the code below; > sockAddr = new InetSocketAddress("192.168.1.133", 6060); > sc.setOption(SCTP_SET_PEER_PRIMARY_ADDR, sockAddr); > .... > > In the output window of client, at the line of setOption() > method I get > the following exception and no change in the primary address: > "java.net.SocketException: Cannot assign requested address" > > I will appreciate much if an explanation is posted about how I > can solve > this issue. > Additionally, is the following setting enough to enable Dynamic > Address > Reconfiguration extension completely? > > net.sctp.addip_noauth_enable = 1 > net.sctp.addip_enable = 1 > > Thanks in advance, > regards, > MehmetAslan > > From mehmet.asl at gmail.com Mon Dec 6 11:46:02 2010 From: mehmet.asl at gmail.com (Mehmet Aslan) Date: Mon, 6 Dec 2010 21:46:02 +0200 Subject: [sctp-dev] Problem with SCTP_SET_PEER_PRIMARY_ADDR option In-Reply-To: <4CFD0119.4000503@oracle.com> References: <4CF8F5DD.1040503@oracle.com> <4CFD0119.4000503@oracle.com> Message-ID: Hi Chris, Thank you for the clarification. You are really fast. 2 weeks is a challenging duration. I will wait for the update in JDK. Regards, MehmetAslan 2010/12/6 Chris Hegarty > Hi Mehmet, > > Unfortunately there is no way of setting the peer primary address on Linux > (using lksctp) because of CR 7004439 (which I filed for this issue). > > What the Java implementation currently does (when setting the peer primary > address) is that it converts all IPv4 addresses to IPv4-mapped addresses. > And it does not correctly set the native sock_addr in the sctp_setpeerprim > struct. I need to resolve this issues in the JDK, but I also wanted to > understand why IPv4-mapped addresses are not accepted when they are for > other native calls. > > What I will do is create a changeset to resolve the JDK issue as I > understand lksctp to work today, and follow up with the native clarification > separately. Either way I guess if lksctp is ever to change it would be a > some point in the future, and old kernels will always behave as they do > today. > > Please give me a few days and I'll send a code review request copying this > mailing list. Then the fix will be in a JDK7 promoted build within about 2 > weeks. > > -Chris. > > > On 12/ 3/10 09:33 PM, Mehmet Aslan wrote: > >> Hi Chris, >> Thank you for your kind interest. It would be definitely a pleasure for >> me if it was a contribution in any way. >> I am looking forward to your update. >> By the way, I read your mail in lksctp-developers site. The following >> quotation from your mail is really interesting for my purposes: >> " ... when I use the IPv4 address it appears to work as expected. ..." >> >> For the moment, being able to set the peer primary address using IPv4 >> addresses is quite enough for my application. Using the statement in >> your mail as a clue, I tried changing my addresses by using Inet4Address >> class, but I get the same exception again. >> Is there a possibility that you could explain how I can achieve it? Or >> is there a work around to set the peer primary address with the same >> switching time comparable to using the setOption() method. >> >> Sorry for the inconvenience in your busy time, but it is really important. >> Regards, >> MehmetAslan >> >> >> 2010/12/3 Chris Hegarty > > >> >> >> Hi Mehmet, >> >> There is certainly a bug in the Java implementation where we set >> SCTP_SET_PEER_PRIMARY_ADDR, but it is not clear to me that the >> native lksctp stack is behaving as expected. I've sent a mail to the >> lksctp-developers mailing list to request clarification on the >> expected behavior of the native call. Once I have clarification I >> will make the appropriate changes in the JDK. >> >> I filed a bug, CR 7004439 "(sctp) SCTP_SET_PEER_PRIMARY_ADDR throws >> SocketException on Linux", against this problem for the JDK. >> >> Thanks for finding and reporting this issue. I will update this >> thread (hopefully within the next few days) with more information as >> it becomes available. >> >> Thanks, >> -Chris. >> >> >> On 02/12/2010 07:57, Mehmet Aslan wrote: >> >> Hi All, >> Actually I asked the following question in a reply message to >> the prior >> thread. Maybe because this, it did not draw any attention. The >> problem >> still exists and I can not go forward and I am not sure if it is a >> setting issue on SCTP side or if it is a problem in my setup. I >> will try >> my chance in a new thread hoping that I can get some useful >> response, as >> it happened in the previous thread. >> Currently, >> >> net.sctp.addip_noauth_enable = 1 >> net.sctp.addip_enable = 1 >> >> Now, I can bind new addresses to a connected association or >> unbind any >> of local addresses from it. However I can not set peer primary >> address >> using related setOption() method. >> The simple scenario and the case; >> Server Client >> 192.168.1.25 :3456 192.168.1.25 :6060 >> 192.168.1.133 >> :6060 >> >> I would like to change peer primary address from ... .25:6060 to >> ... >> .133:6060 instructing from the client side (using >> setOption(SCTP_SET_PEER_PRIMARY_ADDR, sockAddr). When I applied the >> instruction, I get a java.net >> exception. Here are the >> >> related code parts: >> >> Server: >> ... >> ssc.getOption(SCTP_PRIMARY_ADDR); // This gives out ... .25 >> :6060 as >> the primary addr >> >> Client: >> ... >> // I want the server to use the other address (... .133 :6060) >> as the >> primary address >> // and I want to make this change by means of an instruction >> from client >> side. I use the code below; >> sockAddr = new InetSocketAddress("192.168.1.133", 6060); >> sc.setOption(SCTP_SET_PEER_PRIMARY_ADDR, sockAddr); >> .... >> >> In the output window of client, at the line of setOption() >> method I get >> the following exception and no change in the primary address: >> "java.net.SocketException: Cannot assign requested address" >> >> I will appreciate much if an explanation is posted about how I >> can solve >> this issue. >> Additionally, is the following setting enough to enable Dynamic >> Address >> Reconfiguration extension completely? >> >> net.sctp.addip_noauth_enable = 1 >> net.sctp.addip_enable = 1 >> >> Thanks in advance, >> regards, >> MehmetAslan >> >> >> -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.openjdk.java.net/pipermail/sctp-dev/attachments/20101206/b76a02e9/attachment.html From chris.hegarty at oracle.com Wed Dec 8 08:20:01 2010 From: chris.hegarty at oracle.com (Chris Hegarty) Date: Wed, 08 Dec 2010 16:20:01 +0000 Subject: [sctp-dev] Code Review 7004439: SCTP_SET_PEER_PRIMARY_ADDR throws SocketException on Linux Message-ID: <4CFFB031.2070108@oracle.com> Hi Michael, The native sockaddr is not being correctly set in sctp_setpeerprim. Also, the value of SCTP_SET_PEER_PRIMARY_ADDR should not be an IPv4-mapped address for IPv4 addresses on lksctp. It should be an IPv4 address, in a similar way to how we handle addresses being passed to bindx. Webrev: http://cr.openjdk.java.net/~chegar/7004439/webrev.00/webrev/ Thanks, -Chris. From e_halep at yahoo.gr Wed Dec 8 11:25:41 2010 From: e_halep at yahoo.gr (Haleplidis Evangelos) Date: Wed, 8 Dec 2010 21:25:41 +0200 Subject: [sctp-dev] SCTP over IPSec In-Reply-To: References: <20090127151050.CA252E25B@hg.openjdk.java.net><003101c99037$e7bdb3a0$0501a8c0@ehallaptop><49997501.4030505@Sun.COM><008501c9a0ff$ba463e00$0501a8c0@ehallaptop> Message-ID: <005e01cb970d$b56e8800$204b9800$@gr> Greetings everyone, I know this is a very old question, but we've just got to the point that we need to implement SCTP over IPSec. Has it been implemented by anyone? Is it's possible to provide any pointers other than the one Mr. Hegarty proposed one year from now? "There is an RFC, 3554, which I believe is an attempt to simplify running SCTP on top of IPsec, but even without this it should work. You will need to configure 2 * n * m Security Associations, where one SCTP endpoint has n addresses and the other m. An implementation of RFC 3554 would reduce this number to 2." Thank you in advance. Regards, Evangelos Haleplidis. > -----Original Message----- > From: sctp-dev-bounces at openjdk.java.net [mailto:sctp-dev- > bounces at openjdk.java.net] On Behalf Of Dennis Hjort > Sent: Tuesday, March 10, 2009 8:41 AM > To: sctp-dev at openjdk.java.net > Subject: Re: [sctp-dev] SCTP over IPSec > > Hi Evangelos, > > Okey, in that case we are "in the same boat" so to speak ! ;-) > > In our case, it will be in our implementation list, but not until Q3 or > Q4 of this year. Perhaps we do a test before that, and if that's the > case I'll try to post how we ran Ipsec ! :-) > > Regards, > > // D > > > -----Original Message----- > > From: sctp-dev-bounces at openjdk.java.net > > [mailto:sctp-dev-bounces at openjdk.java.net] On Behalf Of > > Evangelos Haleplidis > > Sent: den 9 mars 2009 22:41 > > To: sctp-dev at openjdk.java.net > > Subject: Re: [sctp-dev] SCTP over IPSec > > > > Greetings Dennis, > > > > Sorry, but i have not have started working on IPsec yet. > > > > IPsec is not currently on my to implement list, but it may be > > in the near future, and that was the cause of my question. > > > > Regards, > > Evangelos Haleplidis. > > > > > -----Original Message----- > > > From: sctp-dev-bounces at openjdk.java.net > > > [mailto:sctp-dev-bounces at openjdk.java.net] On Behalf Of Dennis > Hjort > > > Sent: Monday, March 09, 2009 11:41 AM > > > To: sctp-dev at openjdk.java.net > > > Subject: Re: [sctp-dev] SCTP over IPSec > > > > > > Hi Evangelos ! > > > > > > I was wondering if you have managed to get any further with IPSEC ? > > > Have you managed to run SCTP over IPSEC to this date or are > > you still > > > working on how to run IPSEC in the first place ? > > > > > > With kind regards > > > > > > // Dennis > > > > > > > -----Original Message----- > > > > From: sctp-dev-bounces at openjdk.java.net > > > > [mailto:sctp-dev-bounces at openjdk.java.net] On Behalf Of > > Christopher > > > > Hegarty - Sun Microsystems Ireland > > > > Sent: den 16 februari 2009 15:15 > > > > To: Evangelos Haleplidis > > > > Cc: sctp-dev at openjdk.java.net > > > > Subject: Re: [sctp-dev] SCTP over IPSec > > > > > > > > Hi Evangelos, > > > > > > > > The simple answer is YES. You should be able to use a > > > standard IPSec > > > > implementation and run SCTP on top of it. > > > > > > > > There is no direct support for IPsec in the Java API of > > > course. IPsec > > > > (if configured) would live above the IP layer and below > > the native > > > > SCTP stack. Therefore, the Java SCTP implementation would > > > leverage the > > > > platforms IPsec implementation. > > > > > > > > There is an RFC, 3554, which I believe is an attempt to simplify > > > > running SCTP on top of IPsec, but even without this it > > should work. > > > > You will need to configure 2 * n * m Security Associations, > > > where one > > > > SCTP endpoint has n addresses and the other m. An > > implementation of > > > > RFC 3554 would reduce this number to 2. > > > > > > > > I checked both reference platforms, Solaris and LKSCTP, and both > > > > support this. > > > > > > > > Running a java.net.Socket over IPsec should be pretty much > > > the same as > > > > SCTP, only not as much SA's! But I have not tried this. > > > > > > > > -Chris. > > > > > > > > On 02/16/09 13:10, Evangelos Haleplidis wrote: > > > > > Greetings to the list, > > > > > > > > > > I have one question to make. > > > > > > > > > > Is there support of SCTP over IPsec in java? How can one use > it? > > > > > > > > > > Also, this is out of scope of the mailing list, but > > > relevant to the > > > > > question, how can you use IPsec in Java (TCP over IPsec). > > > > > > > > > > Regards, > > > > > Evangelos Haleplidis. > > > > > > > > > > > > > > > > > > > > From michael.x.mcmahon at oracle.com Wed Dec 8 08:48:57 2010 From: michael.x.mcmahon at oracle.com (Michael McMahon) Date: Wed, 08 Dec 2010 16:48:57 +0000 Subject: [sctp-dev] Code Review 7004439: SCTP_SET_PEER_PRIMARY_ADDR throws SocketException on Linux In-Reply-To: <4CFFB031.2070108@oracle.com> References: <4CFFB031.2070108@oracle.com> Message-ID: <4CFFB6F9.3030802@oracle.com> Chris Hegarty wrote: > Hi Michael, > > The native sockaddr is not being correctly set in sctp_setpeerprim. > Also, the value of SCTP_SET_PEER_PRIMARY_ADDR should not be an > IPv4-mapped address for IPv4 addresses on lksctp. It should be an IPv4 > address, in a similar way to how we handle addresses being passed to > bindx. > > Webrev: > http://cr.openjdk.java.net/~chegar/7004439/webrev.00/webrev/ > > Thanks, > -Chris. Looks fine. Thanks Michael. From chris.hegarty at oracle.com Fri Dec 10 02:19:32 2010 From: chris.hegarty at oracle.com (Chris Hegarty) Date: Fri, 10 Dec 2010 10:19:32 +0000 Subject: [sctp-dev] SCTP over IPSec In-Reply-To: <005e01cb970d$b56e8800$204b9800$@gr> References: <20090127151050.CA252E25B@hg.openjdk.java.net><003101c99037$e7bdb3a0$0501a8c0@ehallaptop><49997501.4030505@Sun.COM><008501c9a0ff$ba463e00$0501a8c0@ehallaptop> <005e01cb970d$b56e8800$204b9800$@gr> Message-ID: <4D01FEB4.3060604@oracle.com> On 12/ 8/10 07:25 PM, Haleplidis Evangelos wrote: > Greetings everyone, > > I know this is a very old question, but we've just got to the point that we > need to implement SCTP over IPSec. > > Has it been implemented by anyone? Is it's possible to provide any pointers > other than the one Mr. Hegarty proposed one year from now? Sorry, I haven't looked into this further since your last mail. I would be very interested in hearing about any experience you have with setup/config when you get this working. -Chris. > "There is an RFC, 3554, which I believe is an attempt to simplify running > SCTP on top of IPsec, but even without this it should work. > You will need to configure 2 * n * m Security Associations, where one SCTP > endpoint has n addresses and the other m. An implementation of > RFC 3554 would reduce this number to 2." > > Thank you in advance. > > Regards, > Evangelos Haleplidis. > >> -----Original Message----- >> From: sctp-dev-bounces at openjdk.java.net [mailto:sctp-dev- >> bounces at openjdk.java.net] On Behalf Of Dennis Hjort >> Sent: Tuesday, March 10, 2009 8:41 AM >> To: sctp-dev at openjdk.java.net >> Subject: Re: [sctp-dev] SCTP over IPSec >> >> Hi Evangelos, >> >> Okey, in that case we are "in the same boat" so to speak ! ;-) >> >> In our case, it will be in our implementation list, but not until Q3 or >> Q4 of this year. Perhaps we do a test before that, and if that's the >> case I'll try to post how we ran Ipsec ! :-) >> >> Regards, >> >> // D >> >>> -----Original Message----- >>> From: sctp-dev-bounces at openjdk.java.net >>> [mailto:sctp-dev-bounces at openjdk.java.net] On Behalf Of >>> Evangelos Haleplidis >>> Sent: den 9 mars 2009 22:41 >>> To: sctp-dev at openjdk.java.net >>> Subject: Re: [sctp-dev] SCTP over IPSec >>> >>> Greetings Dennis, >>> >>> Sorry, but i have not have started working on IPsec yet. >>> >>> IPsec is not currently on my to implement list, but it may be >>> in the near future, and that was the cause of my question. >>> >>> Regards, >>> Evangelos Haleplidis. >>> >>>> -----Original Message----- >>>> From: sctp-dev-bounces at openjdk.java.net >>>> [mailto:sctp-dev-bounces at openjdk.java.net] On Behalf Of Dennis >> Hjort >>>> Sent: Monday, March 09, 2009 11:41 AM >>>> To: sctp-dev at openjdk.java.net >>>> Subject: Re: [sctp-dev] SCTP over IPSec >>>> >>>> Hi Evangelos ! >>>> >>>> I was wondering if you have managed to get any further with IPSEC ? >>>> Have you managed to run SCTP over IPSEC to this date or are >>> you still >>>> working on how to run IPSEC in the first place ? >>>> >>>> With kind regards >>>> >>>> // Dennis >>>> >>>>> -----Original Message----- >>>>> From: sctp-dev-bounces at openjdk.java.net >>>>> [mailto:sctp-dev-bounces at openjdk.java.net] On Behalf Of >>> Christopher >>>>> Hegarty - Sun Microsystems Ireland >>>>> Sent: den 16 februari 2009 15:15 >>>>> To: Evangelos Haleplidis >>>>> Cc: sctp-dev at openjdk.java.net >>>>> Subject: Re: [sctp-dev] SCTP over IPSec >>>>> >>>>> Hi Evangelos, >>>>> >>>>> The simple answer is YES. You should be able to use a >>>> standard IPSec >>>>> implementation and run SCTP on top of it. >>>>> >>>>> There is no direct support for IPsec in the Java API of >>>> course. IPsec >>>>> (if configured) would live above the IP layer and below >>> the native >>>>> SCTP stack. Therefore, the Java SCTP implementation would >>>> leverage the >>>>> platforms IPsec implementation. >>>>> >>>>> There is an RFC, 3554, which I believe is an attempt to simplify >>>>> running SCTP on top of IPsec, but even without this it >>> should work. >>>>> You will need to configure 2 * n * m Security Associations, >>>> where one >>>>> SCTP endpoint has n addresses and the other m. An >>> implementation of >>>>> RFC 3554 would reduce this number to 2. >>>>> >>>>> I checked both reference platforms, Solaris and LKSCTP, and both >>>>> support this. >>>>> >>>>> Running a java.net.Socket over IPsec should be pretty much >>>> the same as >>>>> SCTP, only not as much SA's! But I have not tried this. >>>>> >>>>> -Chris. >>>>> >>>>> On 02/16/09 13:10, Evangelos Haleplidis wrote: >>>>>> Greetings to the list, >>>>>> >>>>>> I have one question to make. >>>>>> >>>>>> Is there support of SCTP over IPsec in java? How can one use >> it? >>>>>> >>>>>> Also, this is out of scope of the mailing list, but >>>> relevant to the >>>>>> question, how can you use IPsec in Java (TCP over IPsec). >>>>>> >>>>>> Regards, >>>>>> Evangelos Haleplidis. >>>>>> >>>>>> >>>>> >>> >>> >>> > From chris.hegarty at oracle.com Fri Dec 10 02:50:13 2010 From: chris.hegarty at oracle.com (Chris Hegarty) Date: Fri, 10 Dec 2010 10:50:13 +0000 Subject: [sctp-dev] Problem with SCTP_SET_PEER_PRIMARY_ADDR option In-Reply-To: References: <4CF8F5DD.1040503@oracle.com> <4CFD0119.4000503@oracle.com> Message-ID: <4D0205E5.5080406@oracle.com> MehmetAslan, We expect this fix to be in JDK7 b123. Please try it when it becomes available. Changeset: 79947a4ad7a1 Author: chegar Date: 2010-12-10 10:47 +0000 URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/79947a4ad7a1 7004439: SCTP_SET_PEER_PRIMARY_ADDR throws SocketException on Linux Summary: IPv4 addrs passed to SCTP_SET_PEER_PRIMARY_ADDR should not be converted to IPv4-mapped addrs Reviewed-by: michaelm ! src/solaris/classes/sun/nio/ch/SctpNet.java ! src/solaris/native/sun/nio/ch/SctpNet.c ! test/com/sun/nio/sctp/SctpChannel/SocketOptionTests.java -Chris. On 12/ 6/10 07:46 PM, Mehmet Aslan wrote: > Hi Chris, > Thank you for the clarification. > You are really fast. 2 weeks is a challenging duration. I will wait for > the update in JDK. > > Regards, > MehmetAslan > From jason.kania at genband.com Wed Dec 15 08:58:18 2010 From: jason.kania at genband.com (Jason Kania) Date: Wed, 15 Dec 2010 16:58:18 +0000 Subject: [sctp-dev] Access Restrictions when running Message-ID: <4A62469B6AD0314586E6173A7A8D74912D3D339E@gbplmail01.genband.com> Hello, I am not sure what I have done wrong, and cannot see general instructions to address this, but in attempting to compile or run the SCTP code in java 6, I am encountering access restrictions. The "Access restriction" issues occur in trying to access some core java classes in rt.jar used by sctp despite running the code with -Xbootclasspath/a:. The classes in sctp6.jar are accessible, but not the ones that the library is attempting to call. I did not observe any compile flag or anything else that would resolve this. Do I need to place the jar in a specific location? Do I need compile flags to allow the compilation? Am I using the wrong instance of the compiler? >From the instructions, I did not understand and this is my first attempt at extending the classes in this manner. Any clarifications would be appreciated. Thanks, Jason -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.openjdk.java.net/pipermail/sctp-dev/attachments/20101215/2c0501cc/attachment.html From chris.hegarty at oracle.com Wed Dec 15 09:42:28 2010 From: chris.hegarty at oracle.com (Chris Hegarty) Date: Wed, 15 Dec 2010 17:42:28 +0000 Subject: [sctp-dev] Access Restrictions when running In-Reply-To: <4A62469B6AD0314586E6173A7A8D74912D3D339E@gbplmail01.genband.com> References: <4A62469B6AD0314586E6173A7A8D74912D3D339E@gbplmail01.genband.com> Message-ID: <4D08FE04.2050201@oracle.com> Hi Jason, Did you follow these instruction? http://openjdk.java.net/projects/sctp/html/sctp6.html If so, can you please include details of the specific failure. -Chris. On 15/12/2010 16:58, Jason Kania wrote: > Hello, > > I am not sure what I have done wrong, and cannot see general > instructions to address this, but in attempting to compile or run the > SCTP code in java 6, I am encountering access restrictions. > > The ?Access restriction? issues occur in trying to access some core java > classes in rt.jar used by sctp despite running the code with > -Xbootclasspath/a:. The classes in sctp6.jar are > accessible, but not the ones that the library is attempting to call. > > I did not observe any compile flag or anything else that would resolve this. > > Do I need to place the jar in a specific location? > > Do I need compile flags to allow the compilation? > > Am I using the wrong instance of the compiler? > > From the instructions, I did not understand and this is my first > attempt at extending the classes in this manner. > > Any clarifications would be appreciated. > > Thanks, > > Jason > From jason.kania at genband.com Wed Dec 15 12:29:52 2010 From: jason.kania at genband.com (Jason Kania) Date: Wed, 15 Dec 2010 20:29:52 +0000 Subject: [sctp-dev] Access Restrictions when running In-Reply-To: <4D08FE04.2050201@oracle.com> References: <4A62469B6AD0314586E6173A7A8D74912D3D339E@gbplmail01.genband.com> <4D08FE04.2050201@oracle.com> Message-ID: <4A62469B6AD0314586E6173A7A8D74912D3D33C7@gbplmail01.genband.com> Chris, Thanks for the reply. I more or less followed the instructions from the URL you referenced on the basis that I am working in eclipse, but I don't know if I missed something obvious. I am not seeing any specific compiler flags or directories that are special. The errors I get on compile all look like the following: Access restriction: The type PollArrayWrapper is not accessible due to restriction on required library D:\Program Files\Java\jdk1.6.0\jre\lib\rt.jar Access restriction: The type SelChImpl is not accessible due to restriction on required library D:\Program Files\Java\jdk1.6.0\jre\lib\rt.jar I was hoping the errors would resolve at runtime with the appropriate inclusion of the sctp jar, but this did not work. I am now trying to compile from the command line so see if that works but since we work in eclipse all the time, I have to figure out compilation in that environment. Thanks, Jason -----Original Message----- From: Chris Hegarty [mailto:chris.hegarty at oracle.com] Sent: Wednesday, December 15, 2010 12:42 PM To: Jason Kania Cc: sctp-dev at openjdk.java.net Subject: Re: [sctp-dev] Access Restrictions when running Hi Jason, Did you follow these instruction? http://openjdk.java.net/projects/sctp/html/sctp6.html If so, can you please include details of the specific failure. -Chris. On 15/12/2010 16:58, Jason Kania wrote: > Hello, > > I am not sure what I have done wrong, and cannot see general > instructions to address this, but in attempting to compile or run the > SCTP code in java 6, I am encountering access restrictions. > > The "Access restriction" issues occur in trying to access some core java > classes in rt.jar used by sctp despite running the code with > -Xbootclasspath/a:. The classes in sctp6.jar are > accessible, but not the ones that the library is attempting to call. > > I did not observe any compile flag or anything else that would resolve this. > > Do I need to place the jar in a specific location? > > Do I need compile flags to allow the compilation? > > Am I using the wrong instance of the compiler? > > From the instructions, I did not understand and this is my first > attempt at extending the classes in this manner. > > Any clarifications would be appreciated. > > Thanks, > > Jason > From gustav at veide.se Tue Dec 28 05:39:09 2010 From: gustav at veide.se (Gustav Veide) Date: Tue, 28 Dec 2010 14:39:09 +0100 Subject: [sctp-dev] Relations to "Support asynchronous I/O" in nio2 Message-ID: Hi, I'm curios in how the new SCTP support in JDK 7 relates to the new AsynchronousChannel and AsynchronousByteChannel interfaces in nio2. Will it be possible to interact with SCTP sockets in the same async manner as with UDP and TCP sockets? Regards Gustav -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.openjdk.java.net/pipermail/sctp-dev/attachments/20101228/ebac4745/attachment.html