IETF Logo Mail Archive

Re: [Spud] [tsvwg] New Version Notification for draft-touch-tsvwg-udp-options-01.txt

Joe Touch <touch@isi.edu> Mon, 02 November 2015 15:25 UTC

Return-Path: <touch@isi.edu>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB7811B46E5; Mon, 2 Nov 2015 07:25:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kMW4piI0UYRo; Mon, 2 Nov 2015 07:25:53 -0800 (PST)
Received: from nitro.isi.edu (nitro.isi.edu [128.9.208.207]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 001F81B47CD; Mon, 2 Nov 2015 07:25:51 -0800 (PST)
Received: from [192.168.1.189] (cpe-172-250-225-10.socal.res.rr.com [172.250.225.10]) (authenticated bits=0) by nitro.isi.edu (8.13.8/8.13.8) with ESMTP id tA2FOUX6019684 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Mon, 2 Nov 2015 07:24:31 -0800 (PST)
To: Bob Briscoe <ietf@bobbriscoe.net>
References: <CACL_3VF5i7FvMR53R8JwRQAW--QJz3a+T9c_Pnwqt9D-baAJ-w@mail.gmail.com> <5636FD40.4030101@bobbriscoe.net>
From: Joe Touch <touch@isi.edu>
Message-ID: <5637802E.4090602@isi.edu>
Date: Mon, 2 Nov 2015 07:24:30 -0800
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <5636FD40.4030101@bobbriscoe.net>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-MailScanner-ID: tA2FOUX6019684
X-ISI-4-69-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Archived-At: <http://mailarchive.ietf.org/arch/msg/spud/j6-vMj_W-gbsSKQA6H00PjTABzg>
Cc: spud <spud@ietf.org>, tsvwg <tsvwg@ietf.org>, touch@isi.edu
Subject: Re: [Spud] [tsvwg] New Version Notification for draft-touch-tsvwg-udp-options-01.txt
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>, <mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>, <mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Nov 2015 15:25:54 -0000

We did find a few vendors that don't block those packets.

On 11/1/2015 10:05 PM, Bob Briscoe wrote:
> Joe,
> 
> Before starting measurements, I would recommend searching the Web for
> the manuals of middleboxes that might block such packets.
> 
> For instance, with a quick search of "UDP header length inconsistency" I
> found Alcatel-Lucent's "Brick" Intrusion Detection System blocks such
> packets.

Well, since "that which isn't prohibited ought to be permitted", IMO
that' an error in their code.

> Whether or not there is a buffer overflow vulnerability in any host,

This would be an underflow issue, not an overflow one, FWIW.

Joe

> there will be firewalls and IDSs that block these packets in case
> someone is probing for such vulnerabilities.
> 
> 
> 
> bob
> 
> On 14/08/15 19:35, C. M. Heard wrote:
>> On 7/22/2015 09:52 AM, Joe Touch wrote:
>>> On 7/21/2015 11:22 PM, Brian Trammell wrote:
>>>> hi Joe,
>>>>
>>>> Thanks for this draft; I appreciate the elegant redundancy-reducing
>>>> length hack. :)
>>>>
>>>> Data in this case is, I know, hard to come by, but would you have
>>>> any feel for how much stuff out there will just break when they see an
>>>> inconsistency between IP and UDP length information?
>>> I have students starting this fall who will look into this and do some
>>> tests. We have no information yet.
>> In an off-list e-mail exchange with Joe a couple of weeks ago, I noted
>> that every host stack implementation whose code I have inspected simply
>> ignores bytes that are past the UDP length but within the IP payload
>> length.  The BSD-derived stacks trim the excess bytes before the data
>> is passed to the application via the sockets interface.  However, one
>> embedded stack I have seen (which does not use a sockets API) makes
>> all data available to the application, including the UDP header, and
>> lets the application deal with excess bytes as it sees fit.
>>
>> I have zero information on the behavior of middleboxes (NAT/NAPT).
>>
>> Assuming that Joe's tests confirm these observations for both end
>> systems and middleboxes, then the proposed UDP option trailer should be
>> incrementally deployable as long as all options therein can be safely
>> ignored if not understood.  The degree of utility (or, at least, the
>> length of time needed to make them useful) will of course depend
>> strongly on whether middleboxes trim the trailer or leave it intact;
>> if the prevalent middlebox practice is to trim it, then they won't be
>> useful without updating middleboxes as well as end systems.
>>
>> Also, Joe, if you and your students have the time and resources to
>> look at
>> what middleboxes do with UDP packets where the IP header indicates a
>> shorter length than the UDP header, that would be useful information,
>> as it
>> could open up a possible means to incorporate fragmentation in the UDP
>> layer, independent of whether or not an options trailer is present.
>>
>> Mike Heard
>>
>>
>>
>>
>> -- 
>> ________________________________________________________________
>> Bob Briscoe                               http://bobbriscoe.net/

v2.8.7 | Report a Bug | By Email