From 4bfd864f10b68b71482b35c818559068ef8d5797 Mon Sep 17 00:00:00 2001 From: Thomas Voss Date: Wed, 27 Nov 2024 20:54:24 +0100 Subject: doc: Add RFC documents --- doc/rfc/rfc2371.txt | 1739 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 1739 insertions(+) create mode 100644 doc/rfc/rfc2371.txt (limited to 'doc/rfc/rfc2371.txt') diff --git a/doc/rfc/rfc2371.txt b/doc/rfc/rfc2371.txt new file mode 100644 index 0000000..c91a910 --- /dev/null +++ b/doc/rfc/rfc2371.txt @@ -0,0 +1,1739 @@ + + + + + + +Network Working Group J. Lyon +Request for Comments: 2371 Microsoft +Category: Standards Track K. Evans + J. Klein + Tandem Computers + July 1998 + + + Transaction Internet Protocol + Version 3.0 + +Status of this Memo + + This document specifies an Internet standards track protocol for the + Internet community, and requests discussion and suggestions for + improvements. Please refer to the current edition of the "Internet + Official Protocol Standards" (STD 1) for the standardization state + and status of this protocol. Distribution of this memo is unlimited. + +Copyright Notice + + Copyright (C) The Internet Society (1998). All Rights Reserved. + +Abstract + + In many applications where different nodes cooperate on some work, + there is a need to guarantee that the work happens atomically. That + is, each node must reach the same conclusion as to whether the work + is to be completed, even in the face of failures. This document + proposes a simple, easily-implemented protocol for achieving this + end. + +Table of Contents + + 1. Introduction 2 + 2. Example Usage 3 + 3. Transactions 4 + 4. Connections 4 + 5. Transaction Identifiers 5 + 6. Pushing vs. Pulling Transactions 5 + 7. TIP Transaction Manager Identification & Connection Establishment 6 + 8. TIP Uniform Resource Locators 8 + 9. States of a Connection 10 + 10. Protocol Versioning 12 + 11. Commands and Responses 12 + 12. Command Pipelining 13 + 13. TIP Commands 13 + 14. Error Handling 20 + + + +Lyon, et. al. Standards Track [Page 1] + +RFC 2371 TIP Version 3.0 July 1998 + + + 15. Connection Failure and Recovery 20 + 16. Security Considerations 22 + 17. References 25 + 18. Authors' Addresses 26 + 19. Comments 26 + Appendix A. The TIP Multiplexing Protocol Version 2.0. 27 + Fully Copyright Statement 31 + +1. Introduction + + The standard method for achieving atomic commitment is the two-phase + commit protocol; see [1] for an introduction to atomic commitment and + two-phase commit protocols. + + Numerous two-phase commit protocols have been implemented over the + years. However, none of them has become widely used in the Internet, + due mainly to their complexity. Most of that complexity comes from + the fact that the two-phase commit protocol is bundled together with + a specific program-to-program communication protocol, and that + protocol lives on top of a very large infrastructure. + + This memo proposes a very simple two-phase commit protocol. It + achieves its simplicity by specifying only how different nodes agree + on the outcome of a transaction; it allows (even requires) that the + subject matter on which the nodes are agreeing be communicated via + other protocols. By doing so, we avoid all of the issues related to + application communication semantics and data representation (to name + just a few). Independent of the application communication protocol a + transaction manager may use the Transport Layer Security protocol [3] + to authenticate other transaction managers and encrypt messages. + + It is envisioned that this protocol will be used mainly for a + transaction manager on one Internet node to communicate with a + transaction manager on another node. While it is possible to use this + protocol for application programs and/or resource managers to speak + to transaction managers, this communication is usually intra-node, + and most transaction managers already have more-than-adequate + interfaces for the task. + + While we do not expect this protocol to replace existing ones, we do + expect that it will be relatively easy for many existing + heterogeneous transaction managers to implement this protocol for + communication with each other. + + Further supplemental information regarding the TIP protocol can be + found in [5]. + + + + + +Lyon, et. al. Standards Track [Page 2] + +RFC 2371 TIP Version 3.0 July 1998 + + +2. Example Usage + + Today the electronic shopping basket is a common metaphor at many + electronic store-fronts. Customers browse through an electronic + catalog, select goods and place them into an electronic shopping + basket. HTTP servers [2] provide various means ranging from URL + encoding to context cookies to keep track of client context (e.g. + the shopping basket of a customer) and resume it on subsequent + customer requests. + + Once a customer has finished shopping they may decide to commit their + selection and place the associated orders. Most orders may have no + relationship with each other except being executed as part of the + same shopping transaction; others may be dependent on each other (for + example, if made as part of a special offering). Irrespective of + these details a customer will expect that all orders have been + successfully placed upon receipt of a positive acknowledgment. + Today's electronic store-fronts must implement their own special + protocols to coordinate such placement of all orders. This + programming is especially complex when orders are placed through + multiple electronic store-fronts. This complexity limits the + potential utility of internet applications, and constrains growth. + The protocol described in this document intends to provide a standard + for Internet servers to achieve agreement on a unit of shared work + (e.g. placement of orders in an electronic shopping basket). The + server (e.g. a CGI program) placing the orders may want to start a + transaction calling its local transaction manager, and ask other + servers participating in the work to join the transaction. The + server placing the orders passes a reference to the transaction as + user data on HTTP requests to the other servers. The other servers + call their transaction managers to start a local transaction and ask + them to join the remote transaction using the protocol defined in + this document. Once all orders have been placed, execution of the + two-phase-commit protocol is delegated to the involved transaction + managers. If the transaction commits, all orders have been + successfully placed and the customer gets a positive acknowledgment. + If the transaction aborts no orders will be placed and the customer + will be informed of the problem. + + Transaction support greatly simplifies programming of these + applications as exception handling and failure recovery are delegated + to a special component. End users are also not left having to deal + with the consequences of only partial success. While this example + shows how the protocol can be used by HTTP servers, applications may + use the protocol when accessing a remote database (e.g. via ODBC), or + invoking remote services using other already existing protocols (e.g. + + + + + +Lyon, et. al. Standards Track [Page 3] + +RFC 2371 TIP Version 3.0 July 1998 + + + RPC). The protocol makes it easy for applications in a heterogeneous + network to participate in the same transaction, even if using + different communication protocols. + +3. Transactions + + "Transaction" is the term given to the programming model whereby + computational work performed has atomic semantics. That is, either + all work completes successfully and changes are made permanent (the + transaction commits), or if any work is unsuccessful, changes are + undone (the transaction aborts). The work comprising a transaction + (unit of work), is defined by the application. + +4. Connections + + The Transaction Internet Protocol (TIP) requires a reliable ordered + stream transport with low connection setup costs. In an Internet (IP) + environment, TIP operates over TCP, optionally using TLS to provide a + secured and authenticated connection, and optionally using a protocol + to multiplex light-weight connections over the same TCP or TLS + connection. + + Transaction managers that share transactions establish a TCP (and + optionally a TLS) connection. The protocol uses a different + connection for each simultaneous transaction shared betwween two + transaction managers. After a transaction has ended, the connection + can be reused for a different transaction. + + Optionally, instead of associating a TCP or TLS connection with only + a single transaction, two transaction managers may agree on a + protocol to multiplex light-weight connections over the same TCP or + TLS connection, and associate each simultaneous transaction with a + separate light-weight connection. Using light-weight connections + reduces latency and resource consumption associated with executing + simultaneous transactions. Similar techniques as described here are + widely used by existing transaction processing systems. See Appendix + A for an example of one such protocol. + + Note that although the TIP protocol itself is described only in terms + of TCP and TLS, there is nothing to preclude the use of TIP with + other transport protocols. However, it is up to the implementor to + ensure the chosen transport provides equivalent semantics to TCP, and + to map the TIP protocol appropriately. + + + + + + + + +Lyon, et. al. Standards Track [Page 4] + +RFC 2371 TIP Version 3.0 July 1998 + + + In this document the terms "connection" or "TCP connection" can refer + to a TIP TCP connection, a TIP TLS connection, or a TIP multiplexing + connection (over either TCP or TLS). It makes no difference which, + the behavior is the same in each case. Where there are differences in + behavior between the connection types, these are stated explicitly. + +5. Transaction Identifiers + + Unfortunately, there is no single globally-accepted standard for the + format of a transaction identifier; there are various standard and + proprietary formats. Allowed formats for a TIP transaction + identifier are described below in the section "TIP Uniform Resource + Locators". A transaction manager may map its internal transaction + identifiers into this TIP format in any manner it sees fit. + Furthermore, each party in a superior/subordinate relationship gets + to assign its own identifier to the transaction; these identifiers + are exchanged when the relationship is first established. Thus, a + transaction manager gets to use its own format of transaction + identifier internally, but it must remember a foreign transaction + identifier for each superior/subordinate relationship in which it is + involved. + +6. Pushing vs. Pulling Transactions + + Suppose that some program on node "A" has created a transaction, and + wants some program on node "B" to do some work as part of the + transaction. There are two classical ways that he does this, + referred to as the "push" model and the "pull" model. + + In the "push" model, the program on A first asks his transaction + manager to export the transaction to node B. A's transaction manager + sends a message to B's TM asking it to instantiate the transaction as + a subordinate of A, and return its name for the transaction. The + program on A then sends a message to its counterpart on B on the + order of "Do some work, and make it part of the transaction that your + transaction manager already knows of by the name ...". Because A's + TM knows that it sent the transaction to B's TM, A's TM knows to + involve B's TM in the two-phase commit process. + + In the "pull" model, the program on A merely sends a message to B on + the order of "Do some work, and make it part of the transaction that + my TM knows by the name ...". The program on B asks its TM to enlist + in the transaction. At that time, B's TM will "pull" the transaction + over from A. As a result of this pull, A's TM knows to involve B's + TM in the two-phase commit process. + + The protocol described here supports both the "push" and "pull" + models. + + + +Lyon, et. al. Standards Track [Page 5] + +RFC 2371 TIP Version 3.0 July 1998 + + +7. TIP Transaction Manager Identification and Connection Establishment + + In order for TIP transaction managers to connect they must be able to + identify and locate each other. The information necessary to do this + is described by the TIP transaction manager address. + + [This specification does not prescribe how TIP transaction managers + initially obtain the transaction manager address (which will probably + be via some implementation-specific configuration mechanism).] + + TIP transaction manager addresses take the form: + + + + The component comprises: + + [:] + + where is either a or an ; and is + a decimal number specifying the port at which the transaction manager + (or proxy) is listening for requests to establish TIP connections. If + the port number is omitted, the standard TIP port number (3372) is + used. + + A is a standard name, acceptable to the domain name + service. It must be sufficiently qualified to be useful to the + receiver of the command. + + An is an IP address, in the usual form: four decimal + numbers separated by period characters. + + The component defines the scope (locale) of the + component. + + The component of the transaction manager address contains data + identifying the specific TIP transaction manager, at the location + defined by . + + The component takes the form: + + "/" [path_segments] + + path_segments = segment *( "/" segment ) + segment = *pchar *( ";" param ) + param = *pchar + + pchar = unreserved | escaped | ":" | "@" | "&" | "=" | "+" + unreserved = ASCII character octets with values in the range + + + +Lyon, et. al. Standards Track [Page 6] + +RFC 2371 TIP Version 3.0 July 1998 + + + (inclusive): 48-57, 65-90, 97-122 | "$" | "-" | "_" | + "." | "!" | "~" | "*" | "'" | "(" | ")" | "," + escaped = "%" hex hex + hex = "0" | "1" | "2" | "3" | "4" | "5" | "6" | "7" | "8" | "9" | + "A" | "B" | "C" | "D" | "E" | "F" | "a" | "b" | "c" | "d" | + "e" | "f" + + The component may consist of a sequence of path segments + separated by a single slash "/" character. Within a path segment, the + characters "/", ";", "=", and "?" are reserved. Each path segment may + include a sequence of parameters, indicated by the semicolon ";" + character. The parameters are not significant to the parsing of + relative references. + + [It is intended that the form of the transaction manager address + follow the proposed scheme for Uniform Resource Identifiers (URI) + [8].] + + The TIP transaction manager address therefore provides to the + connection initiator (the primary) the endpoint identifier to be used + for the TCP connection (), and to the connection receiver + (the secondary) the path to be used to locate the specific TIP + transaction manager (). This is all the information required + for the connection between the primary and secondary TIP transaction + managers to be established. + + After a connection has been established, the primary party issues an + IDENTIFY command. This command includes as parameters two transaction + manager addresses: the primary transaction manager address, and the + secondary transaction manager address. + + The primary transaction manager address identifies the TIP + transaction manager that initiated the connection. This information + is required in certain cases after connection failures, when one of + the parties of the connection must re-establish a new connection to + the other party in order to complete the two-phase-commit protocol. + If the primary party needs to re-establish the connection, the job is + easy: a connection is established in the same way as was the original + connection. However, if the secondary party needs to re-establish the + connection, it must be known how to contact the initiator of the + original connection. This information is supplied to the secondary + via the primary transaction manager address on the IDENTIFY command. + If a primary transaction manager address is not supplied, the primary + party must not perform any action which would require a connection to + be re-established (e.g. to perform recovery actions). + + + + + + +Lyon, et. al. Standards Track [Page 7] + +RFC 2371 TIP Version 3.0 July 1998 + + + The secondary transaction manager address identifies the receiving + TIP transaction manager. In the case of TIP communication via + intermediate proxy servers, this URL may be used by the proxy servers + to correctly identify and connect to the required TIP transaction + manager. + +8. TIP Uniform Resource Locators + + Transactions and transaction managers are resources associated with + the TIP protocol. Transaction managers and transactions are located + using the transaction manager address scheme. Once a connection has + been established, TIP commands may be sent to operate on transactions + associated with the respective transaction managers. + + Applications which want to pull a transaction from a remote node must + supply a reference to the remote transaction which allows the local + transaction manager (i.e. the transaction manager pulling the + transaction) to connect to the remote transaction manager and + identify the particular transaction. Applications which want to push + a transaction to a remote node must supply a reference to the remote + transaction manager (i.e. the transaction manager to which the + transaction is to be pushed), which allows the local transaction + manager to locate the remote transaction manager. The TIP protocol + defines a URL scheme [4] which allows applications and transaction + managers to exchange references to transaction managers and + transactions. + + A TIP URL takes the form: + + tip://? + + where identifies the TIP transaction + manager (as defined in Section 7 above); and + specifies a transaction identifier, which may take one of two forms + (standard or non-standard): + + i. "urn:" ":" + + A standard transaction identifier, conforming to the proposed + Internet Standard for Uniform Resource Names (URNs), as specified + by RFC2141; where is the Namespace Identifier, and is + the Namespace Specific String. The Namespace ID determines the + syntactic interpretation of the Namespace Specific String. The + Namespace Specific String is a sequence of characters representing + a transaction identifier (as defined by ). The rules for the + contents of these fields are specified by [6] (valid characters, + encoding, etc.). + + + + +Lyon, et. al. Standards Track [Page 8] + +RFC 2371 TIP Version 3.0 July 1998 + + + This format of may be used to express global + transaction identifiers in terms of standard representations. + Examples for might be or . e.g. + + tip://123.123.123.123/?urn:xopen:xid + + Note that Namespace Ids require registration. See [7] for details + on how to do this. + + ii. + + A sequence of printable ASCII characters (octets with values in the + range 32 through 126 inclusive (excluding ":") representing a + transaction identifier. In this non-standard case, it is the + combination of and which ensures global uniqueness. e.g. + + tip://123.123.123.123/?transid1 + + To create a non-standard TIP URL from a transaction identifier, + first replace any reserved characters in the transaction identifier + with their equivalent escape sequences, then insert the appropriate + transaction manager address. If the transaction identifier is one + that you created, insert your own transaction manager address. If + the transaction identifier is one that you received on a TIP + connection that you initiated, use the secondary transaction + manager address that was sent in the IDENTIFY command. If the + transaction identifier is one that you received on a TIP connection + that you did not initiate, use the primary transaction manager + address that was received in the IDENTIFY command. + + TIP URLs must be guaranteed globally unique for all time. This + uniqueness constraint ensures TIP URLs are never duplicated, thereby + preventing possible non-deterministic behaviour. How uniqueness is + achieved is implementation specific. For example, the Universally + Unique Identifier (UUID, also known as a Globally Unique Identifier, + or GUID (see [9])) could be used as part of the . + Note also that some standard transaction identifiers may define their + own rules for ensuring global uniqueness (e.g. OSI CCR atomic action + identifiers). + + Except as otherwise described above, the TIP URL scheme follows the + rules for reserved characters as defined in [4], and uses escape + sequences as defined in [4] Section 5. + + Note that the TIP protocol itself does not use the TIP URL scheme (it + does use the transaction manager address scheme). The TIP URL scheme + is proposed as a standard way to pass transaction identification + + + +Lyon, et. al. Standards Track [Page 9] + +RFC 2371 TIP Version 3.0 July 1998 + + + information through other protocols. e.g. between cooperating + application processes. The TIP URL may then be used to communicate to + the local transaction manager the information necessary to associate + the application with a particular TIP transaction. e.g. to PULL the + transaction from a remote transaction manager. It is anticipated that + each TIP implementation will provide some set of APIs for this + purpose ([5] includes examples of such APIs). + +9. States of a Connection + + At any instant, only one party on a connection is allowed to send + commands, while the other party is only allowed to respond to + commands that he receives. Throughout this document, the party that + is allowed to send commands is called "primary"; the other party is + called "secondary". Initially, the party that initiated the + connection is primary; however, a few commands cause the roles to + switch. A connection returns to its original polarity whenever the + Idle state is reached. + + When multiplexing is being used, these rules apply independently to + each "virtual" connection, regardless of the polarity of the + underlying connection (which will be in the Multiplexing state). + + Note that commands may be sent "out of band" by the secondary via the + use of pipelining. This does not affect the polarity of the + connection (i.e. the roles of primary and secondary do not switch). + See section 12 for details. + + In the normal case, TIP connections should only be closed by the + primary, when in Initial state. It is generally undesirable for a + connection to be closed by the secondary, although this may be + necessary in certain error cases. + + At any instant, a connection is in one of the following states. From + the point of view of the secondary party, the state changes when he + sends a reply; from the point of view of the primary party, the state + changes when he receives a reply. + + Initial: The initial connection starts out in the Initial state. + Upon entry into this state, the party that initiated the connection + becomes primary, and the other party becomes secondary. There is no + transaction associated with the connection in this state. From this + state, the primary can send an IDENTIFY or a TLS command. + + Idle: In this state, the primary and the secondary have agreed on a + protocol version, and the primary supplied an identifier to the + secondary party to reconnect after a failure. There is no + transaction associated with the connection in this state. Upon + + + +Lyon, et. al. Standards Track [Page 10] + +RFC 2371 TIP Version 3.0 July 1998 + + + entry to this state, the party that initiated the connection + becomes primary, and the other party becomes secondary. From this + state, the primary can send any of the following commands: BEGIN, + MULTIPLEX, PUSH, PULL, QUERY and RECONNECT. + + Begun: In this state, a connection is associated with an active + transaction, which can only be completed by a one-phase protocol. + A BEGUN response to a BEGIN command places a connection into this + state. Failure of a connection in Begun state implies that the + transaction will be aborted. From this state, the primary can send + an ABORT, or COMMIT command. + + Enlisted: In this state, the connection is associated with an active + transaction, which can be completed by a one-phase or, two-phase + protocol. A PUSHED response to a PUSH command, or a PULLED response + to a PULL command, places the connection into this state. Failure + of the connection in Enlisted state implies that the transaction + will be aborted. From this state, the primary can send an ABORT, + COMMIT, or PREPARE command. + + Prepared: In this state, a connection is associated with a + transaction that has been prepared. A PREPARED response to a + PREPARE command, or a RECONNECTED response to a RECONNECT command + places a connection into this state. Unlike other states, failure + of a connection in this state does not cause the transaction to + automatically abort. From this state, the primary can send an + ABORT, or COMMIT command. + + Multiplexing: In this state, the connection is being used by a + multiplexing protocol, which provides its own set of connections. + In this state, no TIP commands are possible on the connection. (Of + course, TIP commands are possible on the connections supplied by + the multiplexing protocol.) The connection can never leave this + state. + + Tls: In this state, the connection is being used by the TLS + protocol, which provides its own secured connection. In this state, + no TIP commands are possible on the connection. (Of course, TIP + commands are possible on the connection supplied by the TLS + protocol.) The connection can never leave this state. + + Error: In this state, a protocol error has occurred, and the + connection is no longer useful. The connection can never leave this + state. + + + + + + + +Lyon, et. al. Standards Track [Page 11] + +RFC 2371 TIP Version 3.0 July 1998 + + +10. Protocol Versioning + + This document describes version 3 of the protocol. In order to + accommodate future versions, the primary party sends a message + indicating the lowest and the highest version number it understands. + The secondary responds with the highest version number it + understands. + + After such an exchange, communication can occur using the smaller of + the highest version numbers (i.e., the highest version number that + both understand). This exchange is mandatory and occurs using the + IDENTIFY command (and IDENTIFIED response). + + If the highest version supported by one party is considered obsolete + and no longer supported by the other party, no useful communication + can occur. In this case, the newer party should merely drop the + connection. + +11. Commands and Responses + + All commands and responses consist of one line of ASCII text, using + only octets with values in the range 32 through 126 inclusive, + followed by either a CR (an octet with value 13) or an LR (an octet + with value 10). Each line can be split up into one or more "words", + where successive words are separated by one or more space octets + (value 32). + + Arbitrary numbers of spaces at the beginning and/or end of each line + are allowed, and ignored. + + Lines that are empty, or consist entirely of spaces are ignored. + (One implication of this is that you can terminate lines with both a + CR and an LF if desired; the LF will be treated as terminating an + empty line, and ignored.) + + In all cases, the first word of each line indicates the type of + command or response; all defined commands and responses consist of + upper-case letters only. + + For some commands and responses, subsequent words convey parameters + for the command or response; each command and response takes a fixed + number of parameters. + + All words on a command or response line after (and including) the + first undefined word are totally ignored. These can be used to pass + human-readable information for debugging or other purposes. + + + + + +Lyon, et. al. Standards Track [Page 12] + +RFC 2371 TIP Version 3.0 July 1998 + + +12. Command Pipelining + + In order to reduce communication latency and improve efficiency, it + is possible for multiple TIP "lines" (commands or responses) to be + pipelined (concatenated) together and sent as a single message. + Lines may also be sent "ahead" (by the secondary, for later procesing + by the primary). Examples are an ABORT command immediately followed + by a BEGIN command, or a COMMITTED response immediately followed by a + PULL command. + + The sending of pipelined lines is an implementation option. Likewise + which lines are pipelined together. Generally, it must be certain + that the pipelined line will be valid for the state of the connection + at the time it is processed by the receiver. It is the responsibility + of the sender to determine this. + + All implementations must support the receipt of pipelined lines - the + rules for processing of which are described by the following + paragraph: + + When the connection state is such that a line should be read + (either command or response), then that line (when received) is + processed. No more lines are read from the connection until + processing again reaches such a state. If a line is received on a + connection when it is not the turn of the other party to send, that + line is _not_ rejected. Instead, the line is held and processed + when the connection state again requires it. The receiving party + must process lines and issue responses in the order of lines + received. If a line causes an error the connection enters the Error + state, and all subsequent lines on the connection are discarded. + +13. TIP Commands + + Commands pertain either to connections or transactions. Commands + which pertain to connections are: IDENTIFY, MULTIPLEX and TLS. + Commands which pertain to transactions are: ABORT, BEGIN, COMMIT, + PREPARE, PULL, PUSH, QUERY, and RECONNECT. + + Following is a list of all valid commands, and all possible responses + to each: + + ABORT + + This command is valid in the Begun, Enlisted, and Prepared states. + It informs the secondary that the current transaction of the + connection will abort. Possible responses are: + + + + + +Lyon, et. al. Standards Track [Page 13] + +RFC 2371 TIP Version 3.0 July 1998 + + + ABORTED + The transaction has aborted; the connection enters Idle state. + + ERROR + The command was issued in the wrong state, or was malformed. The + connection enters the Error state. + + BEGIN + + This command is valid only in the Idle state. It asks the secondary + to create a new transaction and associate it with the connection. + The newly created transaction will be completed with a one-phase + protocol. Possible responses are: + + BEGUN + A new transaction has been successfully begun, and that + transaction is now the current transaction of the connection. + The connection enters Begun state. + + NOTBEGUN + A new transaction could not be begun; the connection remains in + Idle state. + + ERROR + The command was issued in the wrong state, or was malformed. The + connection enters the Error state. + + COMMIT + + This command is valid in the Begun, Enlisted or Prepared states. + In the Begun or Enlisted state, it asks the secondary to attempt to + commit the transaction; in the Prepared state, it informs the + secondary that the transaction has committed. Note that in the + Enlisted state this command represents a one-phase protocol, and + should only be done when the sender has 1) no local recoverable + resources involved in the transaction, and 2) only one subordinate + (the sender will not be involved in any transaction recovery + process). Possible responses are: + + ABORTED + This response is possible only from the Begun and Enlisted + states. It indicates that some party has vetoed the commitment of + the transaction, so it has been aborted instead of committing. + The connection enters the Idle state. + + + + + + + +Lyon, et. al. Standards Track [Page 14] + +RFC 2371 TIP Version 3.0 July 1998 + + + COMMITTED + This response indicates that the transaction has been committed, + and that the primary no longer has any responsibilities to the + secondary with respect to the transaction. The connection enters + the Idle state. + + ERROR + The command was issued in the wrong state, or was malformed. The + connection enters the Error state. + + ERROR + + This command is valid in any state; it informs the secondary that a + previous response was not recognized or was badly formed. A + secondary should not respond to this command. The connection enters + Error state. + + IDENTIFY + + | "-" + + + This command is valid only in the Initial state. The primary party + informs the secondary party of: 1) the lowest and highest protocol + version supported (all versions between the lowest and highest must + be supported; 2) optionally, an identifier for the primary party at + which the secondary party can re-establish a connection if ever + needed (the primary transaction manager address); and 3) an + identifier which may be used by intermediate proxy servers to + connect to the required TIP transaction manager (the secondary + transaction manager address). If a primary transaction manager + address is not supplied, the secondary party will respond with + ABORTED or READONLY to any PREPARE commands. Possible responses + are: + + IDENTIFIED + The secondary party has been successfully contacted and has saved + the primary transaction manager address. The response contains + the highest protocol version supported by the secondary party. + All future communication is assumed to take place using the + smaller of the protocol versions in the IDENTIFY command and the + IDENTIFIED response. The connection enters the Idle state. + + NEEDTLS + The secondary party is only willing to communicate over TLS + secured connections. The connection enters the Tls state, and all + subsequent communication is as defined by the TLS protocol. This + protocol will begin with the first octet after the line + + + +Lyon, et. al. Standards Track [Page 15] + +RFC 2371 TIP Version 3.0 July 1998 + + + terminator of the IDENTIFY command (for data sent by the primary + party), and the first byte after the line terminator of the + NEEDTLS response (for data sent by the secondary party). This + implies that an implementation must not send both a CR and a LF + octet after either the IDENTIFY command or the NEEDTLS response, + lest the LF octet be mistaken for the first byte of the TLS + protocol. The connection provided by the TLS protocol starts out + in the Initial state. After TLS has been negotiated, the primary + party must resend the IDENTIFY command. If the primary party + cannot support (or refuses to use) the TLS protocol, it closes + the connection. + + ERROR + The command was issued in the wrong state, or was malformed. + This response also occurs if the secondary party does not support + any version of the protocol in the range supported by the primary + party. The connection enters the Error state. The primary party + should close the connection. + + MULTIPLEX + + This command is only valid in the Idle state. The command seeks + agreement to use the connection for a multiplexing protocol that + will supply a large number of connections on the existing + connection. The primary suggests a particular multiplexing + protocol. The secondary party can either accept or reject use of + this protocol. + + At the present, the only defined protocol identifier is "TMP2.0", + which refers to the TIP Multiplexing Protocol, version 2.0. See + Appendix A for details of this protocol. Other protocol identifiers + may be defined in the future. + + If the MULTIPLEX command is accepted, the specified multiplexing + protocol will totally control the underlying connection. This + protocol will begin with the first octet after the line terminator + of the MULTIPLEX command (for data sent by the initiator), and the + first byte after the line terminator of the MULTIPLEXING response + (for data received by the initiator). This implies that an + implementation must not send both a CR and a LF octet after either + the MULTIPLEX command or the MULTIPLEXING response, lest the LF + octet be mistaken for the first byte of the multiplexing protocol. + + Note that when using TMP V2.0, a single TIP command (TMP + application message) must be wholly contained within a single TMP + packet (the TMP PUSH flag is not used by TIP). Possible responses + to the MULTIPLEX command are: + + + + +Lyon, et. al. Standards Track [Page 16] + +RFC 2371 TIP Version 3.0 July 1998 + + + MULTIPLEXING + The secondary party agrees to use the specified multiplexing + protocol. The connection enters the Multiplexing state, and all + subsequent communication is as defined by that protocol. All + connections created by the multiplexing protocol start out in the + Idle state. + + CANTMULTIPLEX + The secondary party cannot support (or refuses to use) the + specified multiplexing protocol. The connection remains in the + Idle state. + + ERROR + The command was issued in the wrong state, or was malformed. The + connection enters the Error state. + + PREPARE + + This command is valid only in the Enlisted state; it requests the + secondary to prepare the transaction for commitment (phase one of + two-phase commit). Possible responses are: + + PREPARED + The subordinate has prepared the transaction; the connection + enters PREPARED state. + + ABORTED + The subordinate has vetoed committing the transaction. The + connection enters the Idle state. After this response, the + superior has no responsibilities to the subordinate with respect + to the transaction. + + READONLY + The subordinate no longer cares whether the transaction commits + or aborts. The connection enters the Idle state. After this + response, the superior has no responsibilities to the subordinate + with respect to the transaction. + + ERROR + The command was issued in the wrong state, or was malformed. The + connection enters the Error state. + + PULL + + + This command is only valid in Idle state. This command seeks to + establish a superior/subordinate relationship in a transaction, + with the primary party of the connection as the subordinate (i.e., + + + +Lyon, et. al. Standards Track [Page 17] + +RFC 2371 TIP Version 3.0 July 1998 + + + he is pulling a transaction from the secondary party). Note that + the entire value of (as defined in the section + "TIP Uniform Resource Locators") must be specified as the + transaction identifier. Possible responses are: + + PULLED + The relationship has been established. Upon receipt of this + response, the specified transaction becomes the current + transaction of the connection, and the connection enters Enlisted + state. Additionally, the roles of primary and secondary become + reversed. (That is, the superior becomes the primary for the + connection.) + + NOTPULLED + The relationship has not been established (possibly, because the + secondary party no longer has the requested transaction). The + connection remains in Idle state. + + ERROR + The command was issued in the wrong state, or was malformed. The + connection enters the Error state. + + PUSH + + This command is valid only in the Idle state. It seeks to establish + a superior/subordinate relationship in a transaction with the + primary as the superior. Note that the entire value of (as defined in the section "TIP Uniform Resource Locators") + must be specified as the transaction identifier. Possible responses + are: + + PUSHED + The relationship has been established, and the identifier by + which the subordinate knows the transaction is returned. The + transaction becomes the current transaction for the connection, + and the connection enters Enlisted state. + + ALREADYPUSHED + The relationship has been established, and the identifier by + which the subordinate knows the transaction is returned. + However, the subordinate already knows about the transaction, and + is expecting the two-phase commit protocol to arrive via a + different connection. In this case, the connection remains in the + Idle state. + + NOTPUSHED + The relationship could not be established. The connection remains + in the Idle state. + + + +Lyon, et. al. Standards Track [Page 18] + +RFC 2371 TIP Version 3.0 July 1998 + + + ERROR + The command was issued in the wrong state, or was malformed. The + connection enters Error state. + + QUERY + + This command is valid only in the Idle state. A subordinate uses + this command to determine whether a specific transaction still + exists at the superior. Possible responses are: + + QUERIEDEXISTS + The transaction still exists. The connection remains in the Idle + state. + + QUERIEDNOTFOUND + The transaction no longer exists. The connection remains in the + Idle state. + + ERROR + The command was issued in the wrong state, or was malformed. The + connection enters Error state. + + RECONNECT + + This command is valid only in the Idle state. A superior uses the + command to re-establish a connection for a transaction, when the + previous connection was lost during Prepared state. Possible + responses are: + + RECONNECTED + The subordinate accepts the reconnection. The connection enters + Prepared state. + + NOTRECONNECTED + The subordinate no longer knows about the transaction. The + connection remains in Idle state. + + ERROR + The command was issued in the wrong state, or was malformed. The + connection enters Error state. + + TLS + + This command is valid only in the Initial state. A primary uses + this command to attempt to establish a secured connection using + TLS. + + + + + +Lyon, et. al. Standards Track [Page 19] + +RFC 2371 TIP Version 3.0 July 1998 + + + If the TLS command is accepted, the TLS protocol will totally + control the underlying connection. This protocol will begin with + the first octet after the line terminator of the TLS command (for + data sent by the primary), and the first byte after the line + terminator of the TLSING response (for data received by the + primary). This implies that an implementation must not send both a + CR and a LF octet after either the TLS command or the TLSING + response, lest the LF octet be mistaken for the first byte of the + TLS protocol. + + Possible responses to the TLS command are: + + TLSING + The secondary party agrees to use the TLS protocol [3]. The + connection enters the Tls state, and all subsequent communication + is as defined by the TLS protocol. The connection provided by the + TLS protocol starts out in the Initial state. + + CANTTLS + The secondary party cannot support (or refuses to use) the TLS + protocol. The connection remains in the Initial state. + + ERROR + The command was issued in the wrong state, or was malformed. The + connection enters the Error state. + +14. Error Handling + + If either party receives a line that it cannot understand it closes + the connection. If either party (either a command or a response), + receives an ERROR indication or an ERROR response on a connection the + connection enters the Error state and no further communication is + possible on that connection. An implementation may decide to close + the connection. Closing of the connection is treated by the other + party as a communication failure. + + Receipt of an ERROR indication or an ERROR response indicates that + the other party believes that you have not properly implemented the + protocol. + +15. Connection Failure and Recovery + + A connection failure may be caused by a communication failure, or by + any party closing the connection. It is assumed TIP implementations + will use some private mechanism to detect TIP connection failure + (e.g. socket keepalive, or a timeout scheme). + + + + + +Lyon, et. al. Standards Track [Page 20] + +RFC 2371 TIP Version 3.0 July 1998 + + + Depending on the state of a connection, transaction managers will + need to take various actions when a connection fails. + + If the connection fails in Initial or Idle state, the connection does + not refer to a transaction. No action is necessary. + + If the connection fails in the Multiplexing state, all connections + provided by the multiplexing protocol are assumed to have failed. + Each of them will be treated independently. + + If the connection fails in Begun or Enlisted state and COMMIT has + been sent, then transaction completion has been delegated to the + subordinate (the superior is not involved); the outcome of the + transaction is unknown by the superior (it is known at the + subordinate). The superior uses application-specific means to + determine the outcome of the transaction (note that transaction + integrity is not compromised in this case since the superior has no + recoverable resources involved in the transaction). If the connection + fails in Begun or Enlisted state and COMMIT has not been sent, the + transaction will be aborted. + + If the connection fails in Prepared state, then the appropriate + action is different for the superior and subordinate in the + transaction. + + If the superior determines that the transaction commits, then it must + eventually establish a new connection to the subordinate, and send a + RECONNECT command for the transaction. If it receives a + NOTRECONNECTED response, it need do nothing else. However, if it + receives a RECONNECTED response, it must send a COMMIT request and + receive a COMMITTED response. + + If the superior determines that the transaction aborts, it is allowed + to (but not required to) establish a new connection and send a + RECONNECT command for the transaction. If it receives a RECONNECTED + response, it should send an ABORT command. + + The above definition allows the superior to reestablish the + connection before it knows the outcome of the transaction, if it + finds that convenient. Having succeeded in a RECONNECT command, the + connection is back in Prepared state, and the superior can send a + COMMIT or ABORT command as appropriate when it knows the transaction + outcome. + + Note that it is possible for a RECONNECT command to be received by + the subordinate before it is aware that the previous connection has + failed. In this case the subordinate treats the RECONNECT command as + + + + +Lyon, et. al. Standards Track [Page 21] + +RFC 2371 TIP Version 3.0 July 1998 + + + a failure indication and cleans-up any resources associated with the + connection, and associates the transaction state with the new + connection. + + If a subordinate notices a connection failure in Prepared state, then + it should periodically attempt to create a new connection to the + superior and send a QUERY command for the transaction. It should + continue doing this until one of the following two events occurs: + + 1. It receives a QUERIEDNOTFOUND response from the superior. In this + case, the subordinate should abort the transaction. + + 2. The superior, on some connection that it initiated, sends a + RECONNECT command for the transaction to the subordinate. In this + case, the subordinate can expect to learn the outcome of the + transaction on this new connection. If this new connection should + fail before the subordinate learns the outcome of the transaction, + it should again start sending QUERY commands. + + Note that if a TIP system receives either a QUERY or a RECONNECT + command, and for some reason is unable to satisfy the request (e.g. + the necessary recovery information is not currently available), then + the connection should be dropped. + +16. Security Considerations + + This section is meant to inform application developers, transaction + manager developers, and users of the security implications of TIP as + described by this document. The discussion does not include + definitive solutions to the issues described, though it does make + some suggestions for reducing security risks. + + As with all two phase-commit protocols, any security mechanisms + applied to the application communication protocol are liable to be + subverted unless corresponding mechanisms are applied to the + commitment protocol. For example, any authentication between the + parties using the application protocol must be supported by security + of the TIP exchanges to at least the same level of certainty. + +16.1. TLS, Mutual Authentication and Authorization + + TLS provides optional client-side authentication, optional server- + side authentication, and optional packet encryption. + + A TIP implementation may refuse to provide service unless TLS is + being used. It may refuse to provide service if packet encryption is + not being used. It may refuse to provide service unless the remote + party has been authenticated (via TLS). + + + +Lyon, et. al. Standards Track [Page 22] + +RFC 2371 TIP Version 3.0 July 1998 + + + A TIP implementation should be willing to be authenticated itself + (via TLS). This is true regardless of whether the implementation is + acting as a client or a server. + + Once a remote party has been authenticated, a TIP transaction manager + may use that remote party's identity to decide what operations to + allow. + + Whether TLS is to be used on a connection, and if so, how TLS is to + be used, and what operations are to subsequently be allowed, is + determined by the security policies of the connecting TIP transaction + managers towards each other. How these security policies are defined, + and how a TIP transaction manager learns of them is totally private + to the implementation and beyond the scope of this document. + +16.2. PULL-Based Denial-of-Service Attack + + Assume that a malicious user knows the identity of a transaction that + is currently active in some transaction manager. If the malefactor + opens a TIP connection to the transaction manager, sends a PULL + command, then closes the connection, he can cause that transaction to + be aborted. This results in a denial of service to the legitimate + owner of the transaction. + + An implementation may avoid this attack by refusing PULL commands + unless TLS is being used, the remote party has been authenticated, + and the remote party is trusted. + +16.3. PUSH-Based Denial-of-Service Attack + + When the connection between two transaction managers is closed while + a transaction is in the Prepared state, each transaction manager + needs to remember information about the transaction until a + connection can be re-established. + + If a malicious user exploits this fact to repeatedly create + transactions, get them into Prepared state and drop the connection, + he may cause a transaction manager to suffer resource exhaustion, + thus denying service to all legitimate users of that transaction + manager. + + An implementation may avoid this attack by refusing PUSH commands + unless TLS is being used, the remote party has been authenticated, + and the remote party is trusted. + + + + + + + +Lyon, et. al. Standards Track [Page 23] + +RFC 2371 TIP Version 3.0 July 1998 + + +16.4. Transaction Corruption Attack + + If a subordinate transaction manager has lost its connection for a + particular prepared transaction, a malicious user can initiate a TIP + connection to the transaction manager, and send it a RECONNECT + command followed by either a COMMIT or an ABORT command for the + transaction. The malicious user could thus cause part of a + transaction to be committed when it should have been aborted, or vice + versa. + + An implementation may avoid this attack by recording the + authenticated identity of its superior in a transaction, and by + refusing RECONNECT commands unless TLS is being used and the + authenticated identity of the remote party is the same as the + identity of the original superior. + +16.5. Packet-Sniffing Attacks + + If a malicious user can intercept traffic on a TIP connection, he may + be able to deduce information useful in planning other attacks. For + example, if comment fields include the product name and version + number of a transaction manager, a malicious user might be able to + use this information to determine what security bugs exist in the + implementation. + + An implementation may avoid this attack by always using TLS to + provide session encryption, and by not putting any personalizing + information on the TLS/TLSING command/response pair. + +16.6. Man-in-the-Middle Attack + + If a malicious user can intercept and alter traffic on a TIP + connection, he can wreak havoc in a number of ways. For example, he + could replace a COMMIT command with an ABORT command. + + An implementation may avoid this attack by always using TLS to + provide session encryption and authentication of the remote party. + + + + + + + + + + + + + + +Lyon, et. al. Standards Track [Page 24] + +RFC 2371 TIP Version 3.0 July 1998 + + +17. References + + [1] Gray, J. and A. Reuter (1993), Transaction Processing: Concepts + and Techniques. San Francisco, CA: Morgan Kaufmann Publishers. + (ISBN 1-55860-190-2). + + [2] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., and T. + Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1", RFC + 2068, January 1997. + + [3] Dierks, T., et. al., "The TLS Protocol Version 1.0", Work in + Progress. + + [4] Berners-Lee, T., Masinter, L., and M. McCahill, "Uniform + Resource Locators (URL)", RFC 1738, December 1994. + + [5] Evans, K., Klein, J., and J. Lyon, "Transaction Internet + Protocol - Requirements and Supplemental Information", RFC 2372, + July 1998. + + [6] Moats, R., "URN Syntax", RFC 2141, May 1997. + + [7] Faltstrom, P., et. al., "Namespace Identifier Requirements for + URN Services", Work in Progress. + + [8] Berners-Lee, T., et. at., "Uniform Resource Identifiers (URI): + Generic Syntax and Semantics", Work in Progress. + + [9] Leach, P., and R. Salz, "UUIDs and GUIDs", Work in Progress. + + + + + + + + + + + + + + + + + + + + + + +Lyon, et. al. Standards Track [Page 25] + +RFC 2371 TIP Version 3.0 July 1998 + + +18. Authors' Addresses + + Jim Lyon + Microsoft Corporation + One Microsoft Way + Redmond, WA 98052-6399, USA + + Phone: +1 (206) 936 0867 + Fax: +1 (206) 936 7329 + EMail: JimLyon@Microsoft.Com + + + Keith Evans + Tandem Computers, Inc. + 5425 Stevens Creek Blvd + Santa Clara, CA 95051-7200, USA + + Phone: +1 (408) 285 5314 + Fax: +1 (408) 285 5245 + EMail: Keith.Evans@Tandem.Com + + + Johannes Klein + Tandem Computers Inc. + 10555 Ridgeview Court + Cupertino, CA 95014-0789, USA + + Phone: +1 (408) 285 0453 + Fax: +1 (408) 285 9818 + EMail: Johannes.Klein@Tandem.Com + +19. Comments + + Please send comments on this document to the authors at + , , + , or to the TIP mailing list at + . You can subscribe to the TIP mailing list by + sending mail to with the line "subscribe + tip " somewhere in the body of the message. + + + + + + + + + + + + +Lyon, et. al. Standards Track [Page 26] + +RFC 2371 TIP Version 3.0 July 1998 + + +Appendix A. The TIP Multiplexing Protocol Version 2.0. + + This appendix describes version 2.0 of the TIP Multiplexing Protocol + (TMP). TMP is intended solely for use with the TIP protocol, and + forms part of the TIP protocol specification (although its + implementation is optional). TMP V2.0 is the only multiplexing + protocol supported by TIP V3.0. + +Abstract + + TMP provides a simple mechanism for creating multiple lightweight + connections over a single TCP connection. Several such lightweight + connections can be active simultaneously. TMP provides a byte + oriented service, but allows message boundaries to be marked. + +A.1. Introduction + + There are several protocols in widespread use on the Internet which + create a single TCP connection for each transaction. Unfortunately, + because these transactions are short lived, the cost of setting up + and tearing down these TCP connections becomes significant, both in + terms of resources used and in the delays associated with TCP's + congestion control mechanisms. + + The TIP Multiplexing Protocol (TMP) is a simple protocol running on + top of TCP that can be used to create multiple lightweight + connections over a single transport connection. TMP therefore + provides for more efficient use of TCP connections. Data from several + different TMP connections can be interleaved, and both message + boundaries and end of stream markers can be provided. + + Because TMP runs on top of a reliable byte ordered transport service + it can avoid most of the extra work TCP must go through in order to + ensure reliability. For example, TMP connections do not need to be + confirmed, so there is no need to wait for handshaking to complete + before data can be sent. + + Note: TMP is not intended as a generalized multiplexing protocol. If + you are designing a different protocol that needs multiplexing, TMP + may or may not be appropriate. Protocols with large messages can + exceed the buffering capabilities of the receiver, and under certain + conditions this can cause deadlock. TMP when used with TIP does not + suffer from this problem since TIP is a request-response protocol, + and all messages are short. + + + + + + + +Lyon, et. al. Standards Track [Page 27] + +RFC 2371 TIP Version 3.0 July 1998 + + +A.2. Protocol Model + + The basic protocol model is that of multiple lightweight connections + operating over a reliable stream of bytes. The party which initiated + the connection is referred to as the primary, and the party which + accepted the connection is referred to as the secondary. + + Connections may be unidirectional or bi-directional; each end of a + bi-directional connection may be closed separately. Connections may + be closed normally, or reset to indicate an abortive release. + Aborting a connection closes both data streams. + + Once a connection has been opened, applications can send messages + over it, and signal the end of application level messages. + Application messages are encapsulated in TMP packets and transferred + over the byte stream. A single TIP command (TMP application message) + must be wholly contained within a single TMP packet. + +A.3. TMP Packet Format + + A TMP packet consists of a 64 bit header followed by zero or more + octets of data. The header contains three fields; a flag byte, the + connection identifier, and the packet length. Both integers, the + connection identifier and the packet length must be sent in network + byte order. + + FLAGS + +--------+--------+--------+--------+ + |SFPR0000| Connection ID | + +--------+--------+--------+--------+ + | | Length | + +--------+--------+--------+--------+ + +A.3.1. Flag Details + + +-------+-----------+-----------------------------------------+ + | Name | Mask | Description | + +-------+-----------+ ----------------------------------------+ + | SYN | 1xxx|0000 | Open a new connection | + | FIN | x1xx|0000 | Close an existing connection | + | PUSH | xx1x|0000 | Mark application level message boundary | + | RESET | xxx1|0000 | Abort the connection | + +-------+-----------+-----------------------------------------+ + + + + + + + + +Lyon, et. al. Standards Track [Page 28] + +RFC 2371 TIP Version 3.0 July 1998 + + +A.4. Connection Identifiers + + Each TMP connection is identified by a 24 bit integer. TMP + connections created by the party which initiated the underlying TCP + connection must have even identifiers; those created by the other + party must have odd identifiers. + +A.5. TMP Connection States + + TMP connections can exist in several different states; Closed, + OpenWrite, OpenSynRead, OpenSynReset, OpenReadWrite, CloseWrite, and + CloseRead. A connection can change its state in response to receiving + a packet with the SYN, FIN, or RESET bits set, or in response to an + API call by the application. The available API calls are open, close, + and abort. + + The meaning of most states is obvious (e.g. OpenWrite means that a + connection has been opened for writing). The meaning of the states + OpenSynRead and OpenResetRead need more explanation. + + In the OpenSynRead state a primary opened and immediately closed the + output data stream of a connection, and is now waiting for a SYN + response from the secondary to open the input data stream for + reading. + + In the OpenResetRead state a primary opened and immediately aborted a + connection, and is now waiting for a SYN response from the secondary + to finally close the connection. + +A.6. Event Priorities and State Transitions + + The state table shown below describes the actions and state + transitions that occur in response to a given event. The events + accepted by each state are listed in priority order with highest + priority first. If multiple events are present in a message, those + events matching the list are processed. If multiple events match, the + event with the highest priority is accepted and processed first. Any + remaining events are processed in the resultant successor state. + + For example, if a TMP connection at the secondary is in the Closed + state, and the secondary receives a packet containing a SYN event, a + FIN event and an input data event (i.e. DATA-IN), the secondary first + accepts the SYN event (because it is the only match in Closed state). + The secondary accepts the connection, sends a SYN event and enters + the ReadWrite state. The SYN event is removed from the list of + pending events. The remaining events are FIN and DATA-IN. In the + ReadWrite state the secondary reads the input data (i.e. the DATA-IN + event is processed first because it has higher priority than the FIN + + + +Lyon, et. al. Standards Track [Page 29] + +RFC 2371 TIP Version 3.0 July 1998 + + + event). Once the data has been read and the DATA-IN event has been + removed from the list of pending events, the FIN event is processed + and the secondary enters the CloseWrite state. + + If the secondary receives a packet containing a SYN event, and is for + some reason unable to accept the connection (e.g. insufficient + resources), it should reject the request by sending a SYN event + followed by a RESET event. Note that both events can be sent as part + of the same TMP packet. + + If either party receives a TMP packet that it does not understand, or + an event in an incorrect state, it closes the TCP connection. + + +==============+=========+==========+==============+ + | Entry State | Event | Action | Exit State | + +==============+=========+==========+==============+ + | Closed | SYN | SYN | ReadWrite | + | | OPEN | SYN | OpenWrite | + +--------------+---------+----------+--------------+ + | OpenWrite | SYN | Accept | ReadWrite | + | | WRITE | DATA-OUT | OpenWrite | + | | CLOSE | FIN | OpenSynRead | + | | ABORT | RESET | OpenSynReset | + +--------------+---------+----------+--------------+ + | OpenSynRead | SYN | Accept | CloseRead | + +--------------+---------+----------+--------------+ + | OpenSynReset | SYN | Accept | Closed | + +--------------+---------+----------+--------------+ + | ReadWrite | DATA-IN | Accept | ReadWrite | + | | FIN | Accept | CloseWrite | + | | RESET | Accept | Closed | + | | WRITE | DATA-OUT | ReadWrite | + | | CLOSE | FIN | CloseRead | + | | ABORT | RESET | Closed | + +--------------+---------+----------+--------------+ + | CloseWrite | RESET | Accept | Closed | + | | WRITE | DATA-OUT | CloseWrite | + | | CLOSE | FIN | Closed | + | | ABORT | RESET | Closed | + +--------------+---------+----------+--------------+ + | CloseRead | DATA-IN | Accept | CloseRead | + | | FIN | Accept | Closed | + | | RESET | Accept | Closed | + | | ABORT | RESET | Closed | + +--------------+---------+----------+--------------+ + + TMP Event Priorities and State Transitions + + + + +Lyon, et. al. Standards Track [Page 30] + +RFC 2371 TIP Version 3.0 July 1998 + + +Full Copyright Statement + + Copyright (C) The Internet Society (1998). All Rights Reserved. + + This document and translations of it may be copied and furnished to + others, and derivative works that comment on or otherwise explain it + or assist in its implementation may be prepared, copied, published + and distributed, in whole or in part, without restriction of any + kind, provided that the above copyright notice and this paragraph are + included on all such copies and derivative works. However, this + document itself may not be modified in any way, such as by removing + the copyright notice or references to the Internet Society or other + Internet organizations, except as needed for the purpose of + developing Internet standards in which case the procedures for + copyrights defined in the Internet Standards process must be + followed, or as required to translate it into languages other than + English. + + The limited permissions granted above are perpetual and will not be + revoked by the Internet Society or its successors or assigns. + + This document and the information contained herein is provided on an + "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING + TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING + BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION + HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF + MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + + + + + + + + + + + + + + + + + + + + + + + + +Lyon, et. al. Standards Track [Page 31] + -- cgit v1.2.3