IETF Logo Mail Archive

Re: [multipathtcp] MPTCP backup flag attack via MP_PRIO message

Alan Ford <alan.ford@gmail.com> Sun, 23 July 2017 13:04 UTC

Return-Path: <alan.ford@gmail.com>
X-Original-To: multipathtcp@ietfa.amsl.com
Delivered-To: multipathtcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 96C31129AA8 for <multipathtcp@ietfa.amsl.com>; Sun, 23 Jul 2017 06:04:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 283VYc8knrwv for <multipathtcp@ietfa.amsl.com>; Sun, 23 Jul 2017 06:04:22 -0700 (PDT)
Received: from mail-oi0-x22e.google.com (mail-oi0-x22e.google.com [IPv6:2607:f8b0:4003:c06::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 421031270B4 for <multipathtcp@ietf.org>; Sun, 23 Jul 2017 06:04:22 -0700 (PDT)
Received: by mail-oi0-x22e.google.com with SMTP id g131so7782537oic.3 for <multipathtcp@ietf.org>; Sun, 23 Jul 2017 06:04:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=R1oQP37YoCljUPWHBr4bfXACol5pTSQiDzgWzbT3spk=; b=B9ifDBOcq6wTjSixYtAJxrhwIj+E3KVTROEF1aZZlstFNKQt02DM9MurTGuZCVa+IH y/YaYzeeUWzIebJ8Gdk2aMOz+Gp8Wkq9mL8fSgHNzmHh78tuY++AIPdC9TGW173z9W/F kA1CsSOmXVrvcbWu7ShaJMB3ZMAiyoBSK3DYKGnwxh98JisQiqZtaubUpOvhcumyotYF XH6A5+w6UugGL55UlaitILjjkIABIxr/LaNA5s05FnFY6MDV0aQNF+mFHu/KtU/uDp1A vLWe2OR36bj/3vPc1b/R1g5QBEcLc/1crnSkDICLcr9rRBN1Hs9kVaAkaU/VN+9bLopS O8ZQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=R1oQP37YoCljUPWHBr4bfXACol5pTSQiDzgWzbT3spk=; b=Vgf9Rm6ngW2dEW2KkwyPl9j+FPTqISSSS0CAoJGefEyPC/XxxrZgBU85gCHFmKfL35 cSKk2j+TXVahwUKFFAnjKIgZIgC0De5qbKA6RxO1WFf3kpberDG0G2JmL/r1W4Du0Q9M 0oSUoMEFKO/1BwGGylfabyiHFkybAq5+JiMScmLwpKyuHlNZ5sZFo8ObXWXZdJCmhbWx ohXU8WKzUVBcwVizYE5j1ZNTSh4nEdZfG2git7oohm/36ccStdH8UCR/94AQJ5UbfrAb GEtnSuLdv9OByAWhlMBdsnVl6OZbG6IeqmPIAJJX7AuXj9u9xz57EX7YsDID/kp9ptlU N2kg==
X-Gm-Message-State: AIVw111M/DUnSFJempbPHE+OJV0i6lUPcqC260ohI1PF70mTdxVtbIrH sKP2E3kFAhNxdbdoefGiXdVcwB7Paw==
X-Received: by 10.202.61.195 with SMTP id k186mr4997004oia.19.1500815061647; Sun, 23 Jul 2017 06:04:21 -0700 (PDT)
MIME-Version: 1.0
References: <800c331f808d608354fc00be24283cb6.squirrel@webmail.cs.ucr.edu> <742E211F-F754-4149-88E2-3BE51645F49D@gmail.com> <c0929925-1b3a-e36c-511d-bda3da312a71@uclouvain.be> <20170720152058.GJ3049@Chimay.local> <D13C88F7-2CB6-4D84-9FAD-DA10FEE7546C@gmail.com> <CAO249ydZzvyigoZqUp=igH2aPGRZJVaerQvsoiTcOTiXpb7v3w@mail.gmail.com> <FD7F4B1C-A8F0-4A2E-A224-AF0F5CBCB815@gmail.com> <CAO249yeuMgbZJ5Pou7s+-NVLKm8bwE4YznSzniFSciRLU_MY0w@mail.gmail.com>
In-Reply-To: <CAO249yeuMgbZJ5Pou7s+-NVLKm8bwE4YznSzniFSciRLU_MY0w@mail.gmail.com>
From: Alan Ford <alan.ford@gmail.com>
Date: Sun, 23 Jul 2017 13:04:11 +0000
Message-ID: <CAOs_kTYDuAQ-H2y9dEiOyhmqnGBrC5sTxh9d5PT-GW_qCUA_yg@mail.gmail.com>
To: Yoshifumi Nishida <nishida@sfc.wide.ad.jp>
Cc: Alex Liu <alexliu@cse.msu.edu>, Ali Munir <munirali@msu.edu>, Christoph Paasch <cpaasch@apple.com>, Franck Le <fle@us.ibm.com>, Zubair <zubair-shafiq@uiowa.edu>, multipathtcp <multipathtcp@ietf.org>
Content-Type: multipart/alternative; boundary="001a113dd1209f87ad0554fbbc36"
Archived-At: <https://mailarchive.ietf.org/arch/msg/multipathtcp/EkFfKktvX21ONjTFs3hMHdW0vr0>
Subject: Re: [multipathtcp] MPTCP backup flag attack via MP_PRIO message
X-BeenThere: multipathtcp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Multi-path extensions for TCP <multipathtcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/multipathtcp/>
List-Post: <mailto:multipathtcp@ietf.org>
List-Help: <mailto:multipathtcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Jul 2017 13:04:24 -0000

Hi Yoshi,

On Fri, 21 Jul 2017 at 22:37, Yoshifumi Nishida <nishida@sfc.wide.ad.jp>
wrote:

> Hi Alan,
>
> On Fri, Jul 21, 2017 at 12:45 AM, Alan Ford <alan.ford@gmail.com> wrote:
>
>> Hi Yoshi,
>>
>> On 20 Jul 2017, at 22:22, Yoshifumi Nishida <nishida@sfc.wide.ad.jp>
>> wrote:
>>
>> On Thu, Jul 20, 2017 at 8:33 AM, Alan Ford <alan.ford@gmail.com> wrote:
>>>
>>>
>>> So the main reason for this was to permit the signalling of backup for a
>>> subflow which was also signalled via ADD_ADDR. ADD_ADDR does not have a ‘B’
>>> bit in it, so the priority would be signalled separately.
>>>
>>
>> I think adding 'B' bit in ADD_ADDR has been proposed to be added in the
>> bis draft.
>> I have seen a few supports while haven't seen any oppositions.
>> Do we need more discussions on this?
>>
>>
>> Actually on further reflection (i.e. Christoph and Olivier reminding me
>> offline), this would be unnecessary, since MP_JOIN has a ‘B’ bit so it is
>> not required in ADD_ADDR.
>>
>> Given this I can see no reason to have the Address ID in MP_PRIO and feel
>> we can remove it.
>>
>> (The proposal for a bit in ADD_ADDR was, I believe, as a “do not even
>> attempt to establish to this address unless all other subflows fail - which
>> is different to the ‘B’ semantics in MP_PRIO and MP_JOIN)
>>
>
> Yes, I thought it's a valid use case.
> If we remove addr id from MP_PRIO, I think we will always need to
> establish a subflow to make it backup.
>

That has always been the case - MP_PRIO only affects running subflows. With
Address ID it could have affected policy on subflows that were later
established, but would not affect subflow establishment policy.

The proposal to signal a break-before-make backup flag has been suggested
but has not received sufficient traction to be adopted.

Regards,
Alan

v2.23.0 | Report a Bug | By Email