IETF Logo Mail Archive

Re: deprecating dangerous bit patterns and non-TC non-AXFR

Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp> Fri, 22 August 2008 01:03 UTC

Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CE02D3A6A8C; Thu, 21 Aug 2008 18:03:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 3.05
X-Spam-Level: ***
X-Spam-Status: No, score=3.05 tagged_above=-999 required=5 tests=[AWL=0.995, BAYES_20=-0.74, FH_RELAY_NODNS=1.451, HELO_EQ_JP=1.244, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0J1TcXvN7e9p; Thu, 21 Aug 2008 18:03:20 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id E3D863A68A4; Thu, 21 Aug 2008 18:03:19 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1KWKx3-000GoY-Av for namedroppers-data@psg.com; Fri, 22 Aug 2008 00:56:29 +0000
Received: from [131.112.32.132] (helo=necom830.hpcl.titech.ac.jp) by psg.com with smtp (Exim 4.69 (FreeBSD)) (envelope-from <mohta@necom830.hpcl.titech.ac.jp>) id 1KWKwy-000Gnl-LF for namedroppers@ops.ietf.org; Fri, 22 Aug 2008 00:56:26 +0000
Received: (qmail 6448 invoked from network); 22 Aug 2008 01:02:21 -0000
Received: from softbank219001188017.bbtec.net (HELO necom830.hpcl.titech.ac.jp) (219.1.188.17) by necom830.hpcl.titech.ac.jp with SMTP; 22 Aug 2008 01:02:21 -0000
Message-ID: <48AE0EA6.5030607@necom830.hpcl.titech.ac.jp>
Date: Fri, 22 Aug 2008 09:56:06 +0900
From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ja-JP; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)
X-Accept-Language: ja, en
MIME-Version: 1.0
To: Mohsen Souissi <mohsen.souissi@nic.fr>
CC: Paul Vixie <vixie@vix.com>, namedroppers@ops.ietf.org
Subject: Re: deprecating dangerous bit patterns and non-TC non-AXFR
References: <g3od3qnuy1.fsf@nsa.vix.com> <82myj85dt4.fsf@mid.bfk.de> <72546.1219243301@nsa.vix.com> <82bpzn3etu.fsf@mid.bfk.de> <81795.1219246023@nsa.vix.com> <20080820172800.GF95996@kerkenna.nic.fr> <56470.1219266519@nsa.vix.com> <20080821171619.GA68008@kerkenna.nic.fr>
In-Reply-To: <20080821171619.GA68008@kerkenna.nic.fr>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>

Mohsen Souissi wrote:

>  | i worry about
>  | <http://tools.ietf.org/html/draft-heffner-frag-harmful-02> and
>  | <http://tools.ietf.org/html/rfc4963>.

An inappropriate assumption in them is reassembly timeout of 15 second.

> ==> Hmm, I can see. Otoh, nobody could imagine at that time (and even
> 10 years ago) how the network-layer would become complex and its
> components (often) misbehaving (magic combination of NATs, Firewalls, Load
> Balancers...). So don't blame yourself ;-)

More than 20 years ago when IPv4 was designed, it was considered that
packet transit time can be as long as several or tens of seconds. For
example, TTL of IPv4 is a transit time upper limit measured in seconds.

Then, 15 seconds of reassembly timeout was reasonable.

Today, though TTL could be more than 1 second, which is already
quite unlikely, jitter of packet transit time is a lot less than
1 second that 0.4~0.2 second of reassembly timeout is enough,
which requires several lines of kernel modification.

It solves the reassembly problem, at least for the time being.

						Masataka Ohta


--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

v2.23.0 | Report a Bug | By Email