IETF Logo Mail Archive

Re: [tcpm] TCP reserved bits and793bis

Joe Touch <touch@isi.edu> Wed, 09 July 2014 15:29 UTC

Return-Path: <touch@isi.edu>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB0C31A0AF4 for <tcpm@ietfa.amsl.com>; Wed, 9 Jul 2014 08:29:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.551
X-Spam-Level:
X-Spam-Status: No, score=-2.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.651] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1CITxyNdC2g8 for <tcpm@ietfa.amsl.com>; Wed, 9 Jul 2014 08:29:58 -0700 (PDT)
Received: from darkstar.isi.edu (darkstar.isi.edu [128.9.128.127]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 10E551A0AF2 for <tcpm@ietf.org>; Wed, 9 Jul 2014 08:29:58 -0700 (PDT)
Received: from [192.168.1.91] (pool-71-105-87-112.lsanca.dsl-w.verizon.net [71.105.87.112]) (authenticated bits=0) by darkstar.isi.edu (8.13.8/8.13.8) with ESMTP id s69FTSel022399 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Wed, 9 Jul 2014 08:29:33 -0700 (PDT)
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.2\))
Content-Type: text/plain; charset="us-ascii"
From: Joe Touch <touch@isi.edu>
In-Reply-To: <20140709110920.GC4461@verdi>
Date: Wed, 09 Jul 2014 08:29:28 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <3124FE3C-F4D9-456F-A22E-B2B691388CDF@isi.edu>
References: <20140702231048.27968.95757.idtracker@ietfa.amsl.com> <53B49D57.70102@isi.edu> <201407031455.s63EtLAb019563@bagheera.jungle.bt.co.uk> <53B57D88.9090706@isi.edu> <6FC2D64C-65F7-423D-A3A2-35258796C3DA@netapp.com> <201407031843.s63IhNU2020277@bagheera.jungle.bt.co.uk> <53B5B96F.1020304@isi.edu> <0C29294E-7C2D-4653-A706-DE5FF44EF4AF@quantum.com> <53BC25EB.8070301@isi.edu> <20140709110920.GC4461@verdi>
To: John Leslie <john@jlc.net>
X-Mailer: Apple Mail (2.1878.2)
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Archived-At: http://mailarchive.ietf.org/arch/msg/tcpm/-LoyKc0qp5t5crpwU2t26qir-90
Cc: "tcpm@ietf.org" <tcpm@ietf.org>, David Borman <David.Borman@quantum.com>
Subject: Re: [tcpm] TCP reserved bits and793bis
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Jul 2014 15:29:59 -0000

Hi, John,

On Jul 9, 2014, at 4:09 AM, John Leslie <john@jlc.net> wrote:

> Joe Touch <touch@isi.edu> wrote:
>> 
>> There are two interpretations of "Must be zero":
>> a) current implementations should drop segments with those bits set
>> 
>> b) current implementations should ignore those bits
> 
>   Indeed, we must work around endpoints which do either of these.
> 
>> It says "Must be zero." That can easily be interpreted as requiring that 
>> when the bits are set the segment is invalid.
> 
>   But only so interpreted by an endpoint. No middlebox is entitled to
> do that.

Right - my claim has always been that there are no such things as middleboxes; there are hosts and there are routers. Routers ought to look no further than L3; everything else is acting like a host, and breaks what we expect when we think of an Internet. That's especially true for boxes that modify L3 or L4 beyond what RFC1812 permits (HBH options, hopcount, IP checksum).

>   (Of course, a middlebox _is_ entitled to drop an IP packet for any
> reason whatsoever.)

Anything that is visibly indistinguishable from a link is a link (or a part of a link). The same applies to routers and hosts, to me at least. Intent and mechanism aren't relevant; externally visible behavior is.

>   Our problem is that currently-deployed "middleboxes" do a bunch of
> things which really qualify as "damage". Accept that, but don't argue
> that it's a reasonable interpretation of 793.

Agreed.

>> Note that RFC793 doesn't define what to do when the Data Offset is 
>> smaller than 5 - so does that mean you should be liberal and process 
>> such segments, or drop them?
> 
>   That's a good question. Let me at least nibble around the edges.
> 
>   If the two endpoints have agreed on a meaning, of course the receiver
> should process it.

That's true for any property. It doesn't mean they're running TCP anymore, though.

>   If a receiver _hasn't_ agreed on a meaning, it should own up to
> having no clue whether there are any options and/or any data. If
> the checksum validates, it's probably time to give up and close the
> connection; otherwise it could discard the packet.

I don't think a single invalid segment should ever affect a connection or connection in progress. I would say "silent drop" to any packet that can't be understood.


>   If a middlebox sees Data Offset less than five, it similarly
> should probably admit it has no clue whether there are any options
> or any data. If all it wants to do is rewrite source IP and port,
> it should probably do that and pass everything else unchanged,
> adjusting the checksum.

I disagree; a middlebox that modifies the IP address and/or TCP ports is acting as a host to the downstream components, and should be expected to follow host requirements. In this case, if a host MUST silently drop nonsense packets then so should a box that looks like a host.

>   If a middlebox wants to do something with options or data, it
> probably needs to drop the packet -- because it can't do what it is
> designed to do.

I think it has to have already dropped it.

>   Now we get into the really messy area: if a middlebox sees that
> something like EDO has been negotiated (which _is_ possible when
> it intercepts in both directions), should it process according to
> that option?
> 
>   IMHO, there's no fully satisfactory answer to that. Myself, I'd
> prefer it didn't. A middlebox wanting to meddle that much should
> act as an endpoint. (But of course, we can't enforce that.)

See above; I've been saying as much for a long time. Actually NAT boxes are a little more complex:

	- to the upstream (the devices "behind") them, they MUST act like a router
	(including decreasing the hopcount, etc.)

	- to the downstream, they MUST act like a host

So they get twice the requirements.

>> I agree that "liberal" means that, in either case, you MUST NOT generate 
>> a response segment, ICMP message, or user error. But it's not as clear 
>> *from the current text*.
>> 
>> The point of all this is that 793bis needs to be updated to make this 
>> direct and explicit, though.
> 
>   Alas, that won't fix the problem. At best, it might change new
> middlebox designs. There's no way it could fix deployed middleboxes.
> (But it would _feel_ better to have an unambiguous statement that
> this is damage!)

Sometimes that's the best we can do; sometimes it's better to declare what's deployed "broken" than to try to find a way to accommodate it.

Joe

v2.23.0 | Report a Bug | By Email