RE: Proposal to replace ACK block count with ACK length
"Deval, Manasi" <manasi.deval@intel.com> Tue, 19 June 2018 20:19 UTC
Return-Path: <manasi.deval@intel.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E2D6130ECB for <quic@ietfa.amsl.com>; Tue, 19 Jun 2018 13:19:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oe9dzHBtRaXk for <quic@ietfa.amsl.com>; Tue, 19 Jun 2018 13:19:07 -0700 (PDT)
Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 27948130E30 for <quic@ietf.org>; Tue, 19 Jun 2018 13:19:07 -0700 (PDT)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 19 Jun 2018 13:19:06 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.51,244,1526367600"; d="scan'208,217";a="233912253"
Received: from orsmsx103.amr.corp.intel.com ([10.22.225.130]) by orsmga005.jf.intel.com with ESMTP; 19 Jun 2018 13:19:05 -0700
Received: from orsmsx153.amr.corp.intel.com (10.22.226.247) by ORSMSX103.amr.corp.intel.com (10.22.225.130) with Microsoft SMTP Server (TLS) id 14.3.319.2; Tue, 19 Jun 2018 13:19:05 -0700
Received: from orsmsx111.amr.corp.intel.com ([169.254.12.50]) by ORSMSX153.amr.corp.intel.com ([10.22.226.247]) with mapi id 14.03.0319.002; Tue, 19 Jun 2018 13:19:05 -0700
From: "Deval, Manasi" <manasi.deval@intel.com>
To: Eric Rescorla <ekr@rtfm.com>, Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>
CC: Kazuho Oku <kazuhooku@gmail.com>, Marten Seemann <martenseemann@gmail.com>, Praveen Balasubramanian <pravb@microsoft.com>, Jana Iyengar <jri.ietf@gmail.com>, IETF QUIC WG <quic@ietf.org>, Martin Thomson <martin.thomson@gmail.com>, Ian Swett <ianswett=40google.com@dmarc.ietf.org>
Subject: RE: Proposal to replace ACK block count with ACK length
Thread-Topic: Proposal to replace ACK block count with ACK length
Thread-Index: AdP8YgwJ2vNnJzEFTfGDVpW0S5D9xAFc4mOAAA2Oe4AAC1gQUACxPCCAAAyM/YAAAWbSgAABAJmAAAUhF4AAJqV6gAAHDGIAABvs+wAAAXoxAAAAa3CAAABfXoAAAUH10ABdzFywAA7XrIAAAZkJAAAMVqCA
Date: Tue, 19 Jun 2018 20:19:05 +0000
Message-ID: <1F436ED13A22A246A59CA374CBC543998B83EEFC@ORSMSX111.amr.corp.intel.com>
References: <1F436ED13A22A246A59CA374CBC543998B832414@ORSMSX111.amr.corp.intel.com> <20180611154244.GA27622@ubuntu-dmitri> <CACpbDcdxzRxeiN93kKoj__vo2TERm4QZKqaesL=jr4wQUN1gXA@mail.gmail.com> <1F436ED13A22A246A59CA374CBC543998B833B91@ORSMSX111.amr.corp.intel.com> <CABcZeBOjjRrX+AsXdgcUKpL=ciL8U_U1+WVAhQv-ZjwGxkQxYw@mail.gmail.com> <MWHPR21MB0638068EFA850328793E55F6B67C0@MWHPR21MB0638.namprd21.prod.outlook.com> <CACpbDcdbTKKEh8dcshWM6-7vq2hBFJC1myL1+H6etpMMjth+wg@mail.gmail.com> <CABkgnnV_thWcAi=AdwV+Za5rXywiUvtOYpsNNp1y7=RvL2MvWA@mail.gmail.com> <CAOYVs2qE=Tw_7eax9HwaESaQPMh7k3BSVV112d+pPeSfZ09EjQ@mail.gmail.com> <CABcZeBOCRHAuh44CrMH02UZ3Ar_2sa5M1c3LG_A-RPzXX+H+Yw@mail.gmail.com> <CAKcm_gOeZHR-BGJiqK=zQKqbgq=briQuH+fzHrkUYbhQx3B_sw@mail.gmail.com> <CANatvzyKv8EGVR-Z5WMDKbeuKHP791OynsTqX=+HriKBxFnafA@mail.gmail.com> <CAOYVs2oE6yawW04MVH1ApewSJ+0g9g2oMxCj+CU+butfiAe8kA@mail.gmail.com> <CANatvzxniU0AUEi5tuKzmX45uTUV6-y0JbqcdKTpu1J4WQR7JA@mail.gmail.com> <CAOYVs2p9vJrCVuXqGsR29rOGj=CNt1m7TcavGV9Kwk-9hA4sPQ@mail.gmail.com> <1F436ED13A22A246A59CA374CBC543998B83AB21@ORSMSX111.amr.corp.intel.com> <1F436ED13A22A246A59CA374CBC543998B83EC27@ORSMSX111.amr.corp.intel.com> <CAN1APdfYmj4M0mVedCUhRG9qYXpDSoN8TgYY_X72HkV6+ixEbg@mail.gmail.com> <CABcZeBOO=Z2ANQ_AvzRDEx7LbABgGAAggLHWGRBB7tNdUZ_0LA@mail.gmail.com>
In-Reply-To: <CABcZeBOO=Z2ANQ_AvzRDEx7LbABgGAAggLHWGRBB7tNdUZ_0LA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiZGQ2NWFlZWMtODQyNC00NTVkLThlMTctOWU1YWM5NWQyYmExIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoicjhjSFwvcllXV2lINWFiTmY4bzBLWmNHVGhLUTFoVFJCeXJDNFpoM0lidFl4a0hrYlhMd2VqbFwvMURrdGNwSjhjIn0=
x-ctpclassification: CTP_NT
dlp-product: dlpe-windows
dlp-version: 11.0.200.100
dlp-reaction: no-action
x-originating-ip: [10.22.254.140]
Content-Type: multipart/alternative; boundary="_000_1F436ED13A22A246A59CA374CBC543998B83EEFCORSMSX111amrcor_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/4YXuOT0PAyOD2A2EGf4pV-4pYZE>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jun 2018 20:19:13 -0000
I have the same question as Eric. From: Eric Rescorla [mailto:ekr@rtfm.com] Sent: Tuesday, June 19, 2018 12:12 PM To: Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com> Cc: Kazuho Oku <kazuhooku@gmail.com>; Deval, Manasi <manasi.deval@intel.com>; Marten Seemann <martenseemann@gmail.com>; Praveen Balasubramanian <pravb@microsoft.com>; Jana Iyengar <jri.ietf@gmail.com>; IETF QUIC WG <quic@ietf.org>; Martin Thomson <martin.thomson@gmail.com>; Ian Swett <ianswett=40google.com@dmarc.ietf.org> Subject: Re: Proposal to replace ACK block count with ACK length On Tue, Jun 19, 2018 at 11:25 AM, Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com<mailto:mikkelfj@gmail.com>> wrote: I don’t think you addressed e) at all. Clearly there is an end of buffer check, but that is not the same as requiring additonal checks at many other levels. Not Manasi, but I don't understand (e). Here's the relevant section of the Minq decoder. func (f *ackFrame) unmarshal(buf []byte) (int, error) { // Omitted the section that decoded the header // Now decode each block for i := uint64(0); i < f.AckBlockCount; i++ { blk := &ackBlock{} n, err := syntax.Unmarshal(buf, blk) if err != nil { return 0, err } buf = buf[n:] read += n f.AckBlockSection = append(f.AckBlockSection, blk) } return read, nil } You pass in the entire remainder of the packet and then it parses out the ACK frame and then returns the amount consumed. If we were to change to what Manasi proposes, it would look like: func (f *ackFrame) unmarshal(buf []byte) (int, error) { // Omitted the section that decoded the header // Trim the buffer to the remainder length if f.AckLength > len(buf) { return 0, ProtocolInvalidError } buf = buf[f.AckLength:] for len(buf) > 0 { blk := &ackBlock{} n, err := syntax.Unmarshal(buf, blk) if err != nil { return 0, err } buf = buf[n:] read += n f.AckBlockSection = append(f.AckBlockSection, blk) } return read, nil } Is your concern here the additional length check after the comment "Trim the buffer"? Something else? -Ekr On 19 June 2018 at 20.22.03, Deval, Manasi (manasi.deval@intel.com<mailto:manasi.deval@intel.com>) wrote: e. Every encodable value should be valid Not every length will be valid. This is inherent to lengths. This same issue ails the ‘payload length’ in QUIC header. Not only does the issue exist for small values, it also applies to large values since data stream will be sent after crypto negotiation. E.g. - how does one craft a payload with 62 bit payload length in a large header?
- Re: Proposal to replace ACK block count with ACK … Mikkel Fahnøe Jørgensen
- Re: Proposal to replace ACK block count with ACK … Eric Rescorla
- Re: Proposal to replace ACK block count with ACK … Kazuho Oku
- RE: Proposal to replace ACK block count with ACK … Nick Banks
- Re: Proposal to replace ACK block count with ACK … Ian Swett
- RE: Proposal to replace ACK block count with ACK … Deval, Manasi
- Re: Proposal to replace ACK block count with ACK … Mikkel Fahnøe Jørgensen
- Re: Proposal to replace ACK block count with ACK … Ian Swett
- Re: Proposal to replace ACK block count with ACK … Mirja Kühlewind
- Re: Proposal to replace ACK block count with ACK … Marten Seemann
- RE: Proposal to replace ACK block count with ACK … Deval, Manasi
- RE: Proposal to replace ACK block count with ACK … Deval, Manasi
- Re: Proposal to replace ACK block count with ACK … Eric Rescorla
- Re: Proposal to replace ACK block count with ACK … Ian Swett
- RE: Proposal to replace ACK block count with ACK … Mikkel Fahnøe Jørgensen
- RE: Proposal to replace ACK block count with ACK … Deval, Manasi
- RE: Proposal to replace ACK block count with ACK … Deval, Manasi
- Re: Proposal to replace ACK block count with ACK … Marten Seemann
- Re: Proposal to replace ACK block count with ACK … Kazuho Oku
- Re: Proposal to replace ACK block count with ACK … Marten Seemann
- Re: Proposal to replace ACK block count with ACK … Kazuho Oku
- Re: Proposal to replace ACK block count with ACK … Ian Swett
- Re: Proposal to replace ACK block count with ACK … Eric Rescorla
- Re: Proposal to replace ACK block count with ACK … Kazuho Oku
- Re: Proposal to replace ACK block count with ACK … Eggert, Lars
- Re: Proposal to replace ACK block count with ACK … Christian Huitema
- Re: Proposal to replace ACK block count with ACK … Kazuho Oku
- Re: Proposal to replace ACK block count with ACK … Marten Seemann
- Re: Proposal to replace ACK block count with ACK … Martin Thomson
- Re: Proposal to replace ACK block count with ACK … Jana Iyengar
- RE: Proposal to replace ACK block count with ACK … Praveen Balasubramanian
- Re: Proposal to replace ACK block count with ACK … Eric Rescorla
- Re: Proposal to replace ACK block count with ACK … Mikkel Fahnøe Jørgensen
- RE: Proposal to replace ACK block count with ACK … Deval, Manasi
- Re: Proposal to replace ACK block count with ACK … Dmitri Tikhonov
- Proposal to replace ACK block count with ACK leng… Deval, Manasi
- Re: Proposal to replace ACK block count with ACK … Jana Iyengar
- RE: Proposal to replace ACK block count with ACK … Deval, Manasi
- Re: Proposal to replace ACK block count with ACK … Subodh Iyengar
- Re: Proposal to replace ACK block count with ACK … Deval, Manasi
- RE: Proposal to replace ACK block count with ACK … Deval, Manasi
- Re: Proposal to replace ACK block count with ACK … Mirja Kühlewind