IETF Logo Mail Archive

Re: Proposal to replace ACK block count with ACK length

Eric Rescorla <ekr@rtfm.com> Tue, 19 June 2018 19:12 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A8A2B130E1E for <quic@ietfa.amsl.com>; Tue, 19 Jun 2018 12:12:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.908
X-Spam-Level:
X-Spam-Status: No, score=-1.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LQ39jWfvIzL5 for <quic@ietfa.amsl.com>; Tue, 19 Jun 2018 12:12:13 -0700 (PDT)
Received: from mail-ot0-x233.google.com (mail-ot0-x233.google.com [IPv6:2607:f8b0:4003:c0f::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BB5D7130DED for <quic@ietf.org>; Tue, 19 Jun 2018 12:12:13 -0700 (PDT)
Received: by mail-ot0-x233.google.com with SMTP id q17-v6so945104otg.2 for <quic@ietf.org>; Tue, 19 Jun 2018 12:12:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=WwEVWf3OM61j7LTvcShF9Z2iR7sFGqz/GJgJjJ9u5dg=; b=2BFcCNx7FPAtUc+sp7LHbkBaOwsk3w3O0UIdhVzf3plYSSMG3MOZi/Ud6g/v65JIhQ LaRuQUWFtWurwS93hmUBQw0yVmbXTPyFubcB+dMHfPB4ZpnFa3BhyXWBRZYb8oFEXOcZ zEgI8lR+Ina29tfrPoANrYuNgDJmoUg78FqMfM90Hp8J7OAeBr997qQaBGJumymmNyy4 EqdX9gCv8FatjgcmlCZDcmWffA/ZQA07cvduLjYoFXIi8pn28vZf530Ip55BQOI9JnKJ ogvFTJZdpYQQSi1BbdLUFINT2SLfm2SunFl5jKABYgm8Fpe5jj1alBjYCBPKJp2ZTudw xrYA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=WwEVWf3OM61j7LTvcShF9Z2iR7sFGqz/GJgJjJ9u5dg=; b=PXqhve2AKE9F7NOpkD3sU/k2P6xe2PZLcPsCvljjjVNBPU2yo0OLYk5crUpZj6Uy1d A0wvzwpoxdPdimQLYQNsPyOsf/vQNG5tPLd0ZZFD/q6HrFd1A3GLjdmqg09c/mAyhxuG naSOo8RA+ptbC8wnKLbhnyMDYU0Km5VAh21jS13iNjwzOEqOgLjgZe/SsAPA9ffItyzE HO9UBx1R7PBy8fdIYhilds8a6B4egNEHqSHAScW7biGzbsRk1YK4c+taeofsqHwTaRKG Kjq4yfbrLamh07dX6VrKLtpUcK0TTVX9UVIeQDsEhO1uP1ASE7fpfJo8EA1XXR43MDNz VcJA==
X-Gm-Message-State: APt69E0/TPaTjE6NUU6dAv7Md+WHZ7yAhANQ5Md7ff6VqfzUsr2NCdhb Z4KA47Pzj0sQgF2HL/Rng5gOu9I68gOiLhK9Y7mBig==
X-Google-Smtp-Source: ADUXVKJyhGspILb74lovGrxokd7G2uaml7ND80+UOsgdzWXOZ6EuUvuCN9GMALATrXP9bLJ8Mph3yXhp9nWfWucZ8ng=
X-Received: by 2002:a9d:55d0:: with SMTP id z16-v6mr11890223oti.176.1529435533101; Tue, 19 Jun 2018 12:12:13 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:ac9:3a8a:0:0:0:0:0 with HTTP; Tue, 19 Jun 2018 12:11:32 -0700 (PDT)
In-Reply-To: <CAN1APdfYmj4M0mVedCUhRG9qYXpDSoN8TgYY_X72HkV6+ixEbg@mail.gmail.com>
References: <1F436ED13A22A246A59CA374CBC543998B832414@ORSMSX111.amr.corp.intel.com> <20180611154244.GA27622@ubuntu-dmitri> <CACpbDcdxzRxeiN93kKoj__vo2TERm4QZKqaesL=jr4wQUN1gXA@mail.gmail.com> <1F436ED13A22A246A59CA374CBC543998B833B91@ORSMSX111.amr.corp.intel.com> <CABcZeBOjjRrX+AsXdgcUKpL=ciL8U_U1+WVAhQv-ZjwGxkQxYw@mail.gmail.com> <MWHPR21MB0638068EFA850328793E55F6B67C0@MWHPR21MB0638.namprd21.prod.outlook.com> <CACpbDcdbTKKEh8dcshWM6-7vq2hBFJC1myL1+H6etpMMjth+wg@mail.gmail.com> <CABkgnnV_thWcAi=AdwV+Za5rXywiUvtOYpsNNp1y7=RvL2MvWA@mail.gmail.com> <CAOYVs2qE=Tw_7eax9HwaESaQPMh7k3BSVV112d+pPeSfZ09EjQ@mail.gmail.com> <CABcZeBOCRHAuh44CrMH02UZ3Ar_2sa5M1c3LG_A-RPzXX+H+Yw@mail.gmail.com> <CAKcm_gOeZHR-BGJiqK=zQKqbgq=briQuH+fzHrkUYbhQx3B_sw@mail.gmail.com> <CANatvzyKv8EGVR-Z5WMDKbeuKHP791OynsTqX=+HriKBxFnafA@mail.gmail.com> <CAOYVs2oE6yawW04MVH1ApewSJ+0g9g2oMxCj+CU+butfiAe8kA@mail.gmail.com> <CANatvzxniU0AUEi5tuKzmX45uTUV6-y0JbqcdKTpu1J4WQR7JA@mail.gmail.com> <CAOYVs2p9vJrCVuXqGsR29rOGj=CNt1m7TcavGV9Kwk-9hA4sPQ@mail.gmail.com> <1F436ED13A22A246A59CA374CBC543998B83AB21@ORSMSX111.amr.corp.intel.com> <1F436ED13A22A246A59CA374CBC543998B83EC27@ORSMSX111.amr.corp.intel.com> <CAN1APdfYmj4M0mVedCUhRG9qYXpDSoN8TgYY_X72HkV6+ixEbg@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 19 Jun 2018 12:11:32 -0700
Message-ID: <CABcZeBOO=Z2ANQ_AvzRDEx7LbABgGAAggLHWGRBB7tNdUZ_0LA@mail.gmail.com>
Subject: Re: Proposal to replace ACK block count with ACK length
To: Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>
Cc: Kazuho Oku <kazuhooku@gmail.com>, "Deval, Manasi" <manasi.deval@intel.com>, Marten Seemann <martenseemann@gmail.com>, Praveen Balasubramanian <pravb@microsoft.com>, Jana Iyengar <jri.ietf@gmail.com>, IETF QUIC WG <quic@ietf.org>, Martin Thomson <martin.thomson@gmail.com>, Ian Swett <ianswett=40google.com@dmarc.ietf.org>
Content-Type: multipart/alternative; boundary="000000000000a85fdb056f0375d2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/72W0rk379OVQvG7FVHmJ8sAJb44>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jun 2018 19:12:17 -0000

On Tue, Jun 19, 2018 at 11:25 AM, Mikkel Fahnøe Jørgensen <
mikkelfj@gmail.com> wrote:

> I don’t think you addressed e) at all. Clearly there is an end of buffer
> check, but that is not the same as requiring additonal checks at many other
> levels.
>


Not Manasi, but I don't understand (e).

Here's the relevant section of the Minq decoder.

    func (f *ackFrame) unmarshal(buf []byte) (int, error) {
        // Omitted the section that decoded the header

        // Now decode each block
        for i := uint64(0); i < f.AckBlockCount; i++ {
            blk := &ackBlock{}
            n, err := syntax.Unmarshal(buf, blk)
            if err != nil {
                return 0, err
            }
            buf = buf[n:]
            read += n

            f.AckBlockSection = append(f.AckBlockSection, blk)
        }

        return read, nil
    }

You pass in the entire remainder of the packet and then it parses
out the ACK frame and then returns the amount consumed.

If we were to change to what Manasi proposes, it would look like:

    func (f *ackFrame) unmarshal(buf []byte) (int, error) {
        // Omitted the section that decoded the header

        // Trim the buffer to the remainder length
        if f.AckLength > len(buf) {
                return 0, ProtocolInvalidError
        }
        buf = buf[f.AckLength:]

        for len(buf) > 0 {
            blk := &ackBlock{}
            n, err := syntax.Unmarshal(buf, blk)
            if err != nil {
                return 0, err
            }
            buf = buf[n:]
            read += n

            f.AckBlockSection = append(f.AckBlockSection, blk)
        }

        return read, nil
    }

Is your concern here the additional length check after the
comment "Trim the buffer"? Something else?

-Ekr





>
> On 19 June 2018 at 20.22.03, Deval, Manasi (manasi.deval@intel.com) wrote:
>
>
>
> e.      Every encodable value should be valid
>
> Not every length will be valid. This is inherent to lengths. This same
> issue ails the ‘payload length’ in QUIC header. Not only does the issue
> exist for small values, it also applies to large values since data stream
> will be sent after crypto negotiation.  E.g.  - how does one craft a
> payload with 62 bit payload length in a large header?
>
>

v2.23.0 | Report a Bug | By Email