IETF Logo Mail Archive

Re: [Spud] [tsvwg] New Version Notification for draft-touch-tsvwg-udp-options-01.txt

Joe Touch <touch@isi.edu> Mon, 02 November 2015 15:37 UTC

Return-Path: <touch@isi.edu>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 30AD21B488E; Mon, 2 Nov 2015 07:37:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Cpum-hw3HJxd; Mon, 2 Nov 2015 07:37:06 -0800 (PST)
Received: from nitro.isi.edu (nitro.isi.edu [128.9.208.207]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 76E351B488A; Mon, 2 Nov 2015 07:37:06 -0800 (PST)
Received: from [192.168.1.189] (cpe-172-250-225-10.socal.res.rr.com [172.250.225.10]) (authenticated bits=0) by nitro.isi.edu (8.13.8/8.13.8) with ESMTP id tA2FZh2K021034 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Mon, 2 Nov 2015 07:35:44 -0800 (PST)
To: Jana Iyengar <jri@google.com>, Bob Briscoe <ietf@bobbriscoe.net>
References: <CACL_3VF5i7FvMR53R8JwRQAW--QJz3a+T9c_Pnwqt9D-baAJ-w@mail.gmail.com> <5636FD40.4030101@bobbriscoe.net> <CAGD1bZZ0t7NxVqndVkVuTZ=MRCmdHYSQ4f67_MDKrJS2FMAYZg@mail.gmail.com>
From: Joe Touch <touch@isi.edu>
Message-ID: <563782CF.4010804@isi.edu>
Date: Mon, 2 Nov 2015 07:35:43 -0800
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <CAGD1bZZ0t7NxVqndVkVuTZ=MRCmdHYSQ4f67_MDKrJS2FMAYZg@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-MailScanner-ID: tA2FZh2K021034
X-ISI-4-69-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Archived-At: <http://mailarchive.ietf.org/arch/msg/spud/Xfu3Rn1kGxb_rE8OLsUVRRLRLgQ>
Cc: spud <spud@ietf.org>, tsvwg <tsvwg@ietf.org>, touch@isi.edu
Subject: Re: [Spud] [tsvwg] New Version Notification for draft-touch-tsvwg-udp-options-01.txt
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>, <mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>, <mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Nov 2015 15:37:08 -0000


On 11/1/2015 10:44 PM, Jana Iyengar wrote:
> What Bob said.
> Also, what problem is this draft seeking to solve, especially given that
> there's no negotiation of options support possible?

See Section 3 of the doc.

There is also interest in using this mechanism to allow UDP-Lite (or
something very close thereto) to share the same transport protocol
number as UDP.

Joe

> - jana
> 
> On Sun, Nov 1, 2015 at 10:05 PM, Bob Briscoe <ietf@bobbriscoe.net
> <mailto:ietf@bobbriscoe.net>> wrote:
> 
>     Joe,
> 
>     Before starting measurements, I would recommend searching the Web
>     for the manuals of middleboxes that might block such packets.
> 
>     For instance, with a quick search of "UDP header length
>     inconsistency" I found Alcatel-Lucent's "Brick" Intrusion Detection
>     System blocks such packets.
> 
>     Whether or not there is a buffer overflow vulnerability in any host,
>     there will be firewalls and IDSs that block these packets in case
>     someone is probing for such vulnerabilities.
> 
> 
> 
>     bob
> 
> 
>     On 14/08/15 19:35, C. M. Heard wrote:
> 
>         On 7/22/2015 09:52 AM, Joe Touch wrote:
> 
>             On 7/21/2015 11:22 PM, Brian Trammell wrote:
> 
>                 hi Joe,
> 
>                 Thanks for this draft; I appreciate the elegant
>                 redundancy-reducing
>                 length hack. :)
> 
>                 Data in this case is, I know, hard to come by, but would
>                 you have
>                 any feel for how much stuff out there will just break
>                 when they see an
>                 inconsistency between IP and UDP length information?
> 
>             I have students starting this fall who will look into this
>             and do some
>             tests. We have no information yet.
> 
>         In an off-list e-mail exchange with Joe a couple of weeks ago, I
>         noted
>         that every host stack implementation whose code I have inspected
>         simply
>         ignores bytes that are past the UDP length but within the IP payload
>         length.  The BSD-derived stacks trim the excess bytes before the
>         data
>         is passed to the application via the sockets interface. 
>         However, one
>         embedded stack I have seen (which does not use a sockets API) makes
>         all data available to the application, including the UDP header, and
>         lets the application deal with excess bytes as it sees fit.
> 
>         I have zero information on the behavior of middleboxes (NAT/NAPT).
> 
>         Assuming that Joe's tests confirm these observations for both end
>         systems and middleboxes, then the proposed UDP option trailer
>         should be
>         incrementally deployable as long as all options therein can be
>         safely
>         ignored if not understood.  The degree of utility (or, at least, the
>         length of time needed to make them useful) will of course depend
>         strongly on whether middleboxes trim the trailer or leave it intact;
>         if the prevalent middlebox practice is to trim it, then they
>         won't be
>         useful without updating middleboxes as well as end systems.
> 
>         Also, Joe, if you and your students have the time and resources
>         to look at
>         what middleboxes do with UDP packets where the IP header indicates a
>         shorter length than the UDP header, that would be useful
>         information, as it
>         could open up a possible means to incorporate fragmentation in
>         the UDP
>         layer, independent of whether or not an options trailer is present.
> 
>         Mike Heard
> 
> 
> 
> 
>         -- 
>         ________________________________________________________________
>         Bob Briscoe                               http://bobbriscoe.net/
> 
> 
>     _______________________________________________
>     Spud mailing list
>     Spud@ietf.org <mailto:Spud@ietf.org>
>     https://www.ietf.org/mailman/listinfo/spud
> 
>

v2.8.7 | Report a Bug | By Email