IETF Logo Mail Archive

Re: [Spud] [tsvwg] New Version Notification for draft-touch-tsvwg-udp-options-01.txt

Bob Briscoe <ietf@bobbriscoe.net> Mon, 02 November 2015 06:06 UTC

Return-Path: <ietf@bobbriscoe.net>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 556371B480C; Sun, 1 Nov 2015 22:06:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZohekUx4lr_i; Sun, 1 Nov 2015 22:05:59 -0800 (PST)
Received: from server.dnsblock1.com (server.dnsblock1.com [85.13.236.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F0AE01B480B; Sun, 1 Nov 2015 22:05:58 -0800 (PST)
Received: from dhcp-25-140.meeting.ietf94.jp ([133.93.25.140]:46769) by server.dnsblock1.com with esmtpsa (TLSv1.2:DHE-RSA-AES128-SHA:128) (Exim 4.86) (envelope-from <ietf@bobbriscoe.net>) id 1Zt8Fg-0002i8-DW; Mon, 02 Nov 2015 06:05:56 +0000
To: Joe Touch <touch@isi.edu>
References: <CACL_3VF5i7FvMR53R8JwRQAW--QJz3a+T9c_Pnwqt9D-baAJ-w@mail.gmail.com>
From: Bob Briscoe <ietf@bobbriscoe.net>
Message-ID: <5636FD40.4030101@bobbriscoe.net>
Date: Mon, 2 Nov 2015 06:05:52 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <CACL_3VF5i7FvMR53R8JwRQAW--QJz3a+T9c_Pnwqt9D-baAJ-w@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server.dnsblock1.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - bobbriscoe.net
X-Get-Message-Sender-Via: server.dnsblock1.com: authenticated_id: in@bobbriscoe.net
X-Authenticated-Sender: server.dnsblock1.com: in@bobbriscoe.net
Archived-At: <http://mailarchive.ietf.org/arch/msg/spud/OMg8ytXZmywkHiepJ9X-UnmpUgg>
Cc: tsvwg <tsvwg@ietf.org>, spud <spud@ietf.org>
Subject: Re: [Spud] [tsvwg] New Version Notification for draft-touch-tsvwg-udp-options-01.txt
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>, <mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>, <mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Nov 2015 06:06:01 -0000

Joe,

Before starting measurements, I would recommend searching the Web for 
the manuals of middleboxes that might block such packets.

For instance, with a quick search of "UDP header length inconsistency" I 
found Alcatel-Lucent's "Brick" Intrusion Detection System blocks such 
packets.

Whether or not there is a buffer overflow vulnerability in any host, 
there will be firewalls and IDSs that block these packets in case 
someone is probing for such vulnerabilities.



bob

On 14/08/15 19:35, C. M. Heard wrote:
> On 7/22/2015 09:52 AM, Joe Touch wrote:
>> On 7/21/2015 11:22 PM, Brian Trammell wrote:
>>> hi Joe,
>>>
>>> Thanks for this draft; I appreciate the elegant redundancy-reducing
>>> length hack. :)
>>>
>>> Data in this case is, I know, hard to come by, but would you have
>>> any feel for how much stuff out there will just break when they see an
>>> inconsistency between IP and UDP length information?
>> I have students starting this fall who will look into this and do some
>> tests. We have no information yet.
> In an off-list e-mail exchange with Joe a couple of weeks ago, I noted
> that every host stack implementation whose code I have inspected simply
> ignores bytes that are past the UDP length but within the IP payload
> length.  The BSD-derived stacks trim the excess bytes before the data
> is passed to the application via the sockets interface.  However, one
> embedded stack I have seen (which does not use a sockets API) makes
> all data available to the application, including the UDP header, and
> lets the application deal with excess bytes as it sees fit.
>
> I have zero information on the behavior of middleboxes (NAT/NAPT).
>
> Assuming that Joe's tests confirm these observations for both end
> systems and middleboxes, then the proposed UDP option trailer should be
> incrementally deployable as long as all options therein can be safely
> ignored if not understood.  The degree of utility (or, at least, the
> length of time needed to make them useful) will of course depend
> strongly on whether middleboxes trim the trailer or leave it intact;
> if the prevalent middlebox practice is to trim it, then they won't be
> useful without updating middleboxes as well as end systems.
>
> Also, Joe, if you and your students have the time and resources to look at
> what middleboxes do with UDP packets where the IP header indicates a
> shorter length than the UDP header, that would be useful information, as it
> could open up a possible means to incorporate fragmentation in the UDP
> layer, independent of whether or not an options trailer is present.
>
> Mike Heard
>
>
>
>
> -- 
> ________________________________________________________________
> Bob Briscoe                               http://bobbriscoe.net/

v2.8.7 | Report a Bug | By Email