IETF Logo Mail Archive

Re: [multipathtcp] MPTCP backup flag attack via MP_PRIO message

Yoshifumi Nishida <nishida@sfc.wide.ad.jp> Sat, 29 July 2017 01:20 UTC

Return-Path: <nishida@sfc.wide.ad.jp>
X-Original-To: multipathtcp@ietfa.amsl.com
Delivered-To: multipathtcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4190E131EA4 for <multipathtcp@ietfa.amsl.com>; Fri, 28 Jul 2017 18:20:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.4
X-Spam-Level:
X-Spam-Status: No, score=-1.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_SORBS_SPAM=0.5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n26vOlv8Q3le for <multipathtcp@ietfa.amsl.com>; Fri, 28 Jul 2017 18:20:45 -0700 (PDT)
Received: from mail.sfc.wide.ad.jp (shonan.sfc.wide.ad.jp [IPv6:2001:200:0:8803::53]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DE005131E63 for <multipathtcp@ietf.org>; Fri, 28 Jul 2017 18:20:44 -0700 (PDT)
Received: from mail-io0-f182.google.com (mail-io0-f182.google.com [209.85.223.182]) by mail.sfc.wide.ad.jp (Postfix) with ESMTPSA id 0D625278598 for <multipathtcp@ietf.org>; Sat, 29 Jul 2017 10:20:42 +0900 (JST)
Received: by mail-io0-f182.google.com with SMTP id c74so95362883iod.4 for <multipathtcp@ietf.org>; Fri, 28 Jul 2017 18:20:41 -0700 (PDT)
X-Gm-Message-State: AIVw1113QWvV2fYByNbNlx+9gRFXaAbev+f8M2GAlECmkLgfL0JUGf4a +llQUMO0Y2M7RZY5hz6W41bN6NW7RQ==
X-Received: by 10.107.167.137 with SMTP id q131mr11491383ioe.66.1501291240931; Fri, 28 Jul 2017 18:20:40 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.79.167.19 with HTTP; Fri, 28 Jul 2017 18:20:40 -0700 (PDT)
In-Reply-To: <a915646d-00a5-61ad-5989-3fa23ec8927f@uclouvain.be>
References: <800c331f808d608354fc00be24283cb6.squirrel@webmail.cs.ucr.edu> <742E211F-F754-4149-88E2-3BE51645F49D@gmail.com> <c0929925-1b3a-e36c-511d-bda3da312a71@uclouvain.be> <20170720152058.GJ3049@Chimay.local> <D13C88F7-2CB6-4D84-9FAD-DA10FEE7546C@gmail.com> <CAO249ydZzvyigoZqUp=igH2aPGRZJVaerQvsoiTcOTiXpb7v3w@mail.gmail.com> <FD7F4B1C-A8F0-4A2E-A224-AF0F5CBCB815@gmail.com> <CAO249yeuMgbZJ5Pou7s+-NVLKm8bwE4YznSzniFSciRLU_MY0w@mail.gmail.com> <CAOs_kTYDuAQ-H2y9dEiOyhmqnGBrC5sTxh9d5PT-GW_qCUA_yg@mail.gmail.com> <CAO249yd5msxaU+R-UmMGM4wO-S9weniOCrPH70UqBAOVb7XW5A@mail.gmail.com> <a915646d-00a5-61ad-5989-3fa23ec8927f@uclouvain.be>
From: Yoshifumi Nishida <nishida@sfc.wide.ad.jp>
Date: Fri, 28 Jul 2017 18:20:40 -0700
X-Gmail-Original-Message-ID: <CAO249yeb0rqpzoJhHtpiOOatJvktfh2bnzeM9ghH_0=kbY_VQw@mail.gmail.com>
Message-ID: <CAO249yeb0rqpzoJhHtpiOOatJvktfh2bnzeM9ghH_0=kbY_VQw@mail.gmail.com>
To: "Olivier.Bonaventure@uclouvain.be" <Olivier.Bonaventure@uclouvain.be>
Cc: Yoshifumi Nishida <nishida@sfc.wide.ad.jp>, Alan Ford <alan.ford@gmail.com>, multipathtcp <multipathtcp@ietf.org>
Content-Type: multipart/alternative; boundary="001a113f6b921ec84005556a9b64"
Archived-At: <https://mailarchive.ietf.org/arch/msg/multipathtcp/EPWt3eNN3wvA57PFeBZlOC6gX3Y>
Subject: Re: [multipathtcp] MPTCP backup flag attack via MP_PRIO message
X-BeenThere: multipathtcp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Multi-path extensions for TCP <multipathtcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/multipathtcp/>
List-Post: <mailto:multipathtcp@ietf.org>
List-Help: <mailto:multipathtcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 29 Jul 2017 01:20:47 -0000

On Mon, Jul 24, 2017 at 12:36 AM, Olivier Bonaventure <
Olivier.Bonaventure@uclouvain.be> wrote:
>
>
>>     The proposal to signal a break-before-make backup flag has been
>>     suggested but has not received sufficient traction to be adopted.
>>
>>
>> Right. But, I am wondering if we might want to think about it again just
>> in case.
>>
>> Let's say a server has two address S1, S2 while the client is behind FW.
>> As the client is behind firewall, the server uses ADD_ADDR to send the info
>> for S2, but it want it to be used as a backup.
>>
>> In this case, if MP_PRIO has addr id field, the server is able to set the
>> addr as a backup.
>> But, if MP_PRIO doesn't have addr id, all the server can do is to wait
>> until the client establishes the connection with S2.
>>
>
> If we want to associate a backup status to an address, which could have
> valid use cases, then I'd suggest to use one of the spare bits of the
> ADD_ADDR option for this.
>
> As mentioned earlier, the semantics of the backup bit in the ADD_ADDR
> differs from the semantics of the backup bit in MP_JOIN/MP_PRIO.
>
> In MP_JOIN, it means "don't use this subflow is non-backup subflows are
> active".
>
> In ADD_ADDR, it would mean "don't use this address to establish a subflow
> if subflows to non-backup addresses are still active"
>
> Having both could make sense


It makes sense to me. I personally think supporting only one semantic looks
unbalanced design unless we are not very interested in setting backup
status..
--
Yoshi

v2.23.0 | Report a Bug | By Email