Re: [Captive-portals] Signals from the network and ICMP

• To: Michael Richardson <[email protected]>
• Subject: Re: [Captive-portals] Signals from the network and ICMP
• From: Erik Kline <[email protected]>
• Date: Wed, 16 May 2018 22:49:44 +0900
• Archived-at: <https://mailarchive.ietf.org/arch/msg/captive-portals/NB80Y3X_mEb-Ybl535DGBcmMDoA>
• Authentication-results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
• Cc: [email protected]
• Delivered-to: [email protected]
• Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=7ZFpT/kd/iRdsLkBATDk4j7Dvs31abOIvBkKbDV2MSc=; b=AyMUt7ioGWjFPt0c3q+Z0wDtu4g6bclCs8wkryKmicCU3R80NBdYkgTURaFKL+vmnD sC2dUt/aQ0rm8glrOEcWo7qRnb6z3TTLYYgYnmv4rfqHIBhd/WrVf/8DHYDdMUaq+DsU FBT9PzGTXfRY/iZn0K0fCasDBHkiCmnlQMa8BfHXPbVKs/wBlYZDUZXV0StpKN8ct7xi 3xNBe/zGlU6AZwF0dleqDsVa8lg6bqrGJCkhSaa6lka6lDwxX7nQLOVS4EkuxMnrfOUY IT0S6YnOAxS69VzMZQh4brPoBck/J26cB7OxOe6PuG8awbtreRvrFBeQ7kd+uiAG0X9/ 5ySQ==
• In-reply-to: <[email protected]>
• List-archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>
• List-help: <mailto:[email protected]?subject=help>
• List-id: Discussion of issues related to captive portals <captive-portals.ietf.org>
• List-post: <mailto:[email protected]>
• List-subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:[email protected]?subject=subscribe>
• List-unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:[email protected]?subject=unsubscribe>
• References: <[email protected]om> <[email protected]> <[email protected]om> <[email protected]om> <[email protected]> <[email protected]om> <[email protected]>

On 3 May 2018 at 22:21, Michael Richardson <[email protected]> wrote:
>
> Martin Thomson <[email protected]> wrote:
>     > On Wed, May 2, 2018 at 10:06 PM Michael Richardson <[email protected]>
>     > wrote:
>     >> Have we considered TCP RST already? (I don't think it's better than ICMP,
>     >> but
>     >> I don't remember it being discussed yet)
>
>     > We can now if you like.  But not all protocols use TCP.
>
> Yes, that's true, but essentially all of the "am I behind a captive portal"
> probes do, and in the most restrictive places, that's all that works anyway.
> We don't need every protocol to detect the captive portal, so long as *some*
> method does.

We really need to consider not just the likely traffic mix "on first
attach" as it stands today but also (a) changes in traffic mix in the
future and (b) signaling on "steady-state" traffic when a captive
portal re-asserts itself after session expiry (or on reboot / loss of
state at the enforcement point).

In the latter case especially, what becomes clear is that the UE needs
to be able to receive an unsolicited packet.  ICMP is a canonical
example of receiving and processing an unsolicited packet.  But it
could also be something like a UDP socket listening on a well known
port that receives a 1-byte datagram, which causes the UE to enqueue
(for rate-limiting purposes) a captive API query.

Naively, my expectation for a simple Android implementation was
something along the lines of:

    [1] on network attach, create an ICMP socket (or 2, one each for
v4 and v6) and attach a filter to only get messages of the right type
or code or whatever we decide.

    [2] when a matching packet arrives, lob a message over to
NetworkMonitor (which houses the captive portal checking logic).

    [3] NetworkMonitor already rate limits requests from applications
to revalidate the network, and these would likely be no different (or
pretty much the same).

Since the UE expected action, I'm assuming, would be to reconnect to
the API I'm not sure I see the benefit of any interaction more complex
than this.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

• Follow-Ups:
  • Re: [Captive-portals] Signals from the network and ICMP
    • From: Michael Richardson <[email protected]>
  • Re: [Captive-portals] Signals from the network and ICMP
    • From: Vincent van Dam <[email protected]>

• References:
  • Re: [Captive-portals] Signals from the network and ICMP
    • From: Martin Thomson <[email protected]>
  • Re: [Captive-portals] Signals from the network and ICMP
    • From: Michael Richardson <[email protected]>
  • Re: [Captive-portals] Signals from the network and ICMP
    • From: Martin Thomson <[email protected]>
  • Re: [Captive-portals] Signals from the network and ICMP
    • From: Michael Richardson <[email protected]>

• Prev by Date: Re: [Captive-portals] Signals from the network and ICMP
• Next by Date: Re: [Captive-portals] Signals from the network and ICMP
• Previous by thread: Re: [Captive-portals] Signals from the network and ICMP
• Next by thread: Re: [Captive-portals] Signals from the network and ICMP
• Index(es):
  • Date
  • Thread