Re: [tcpm] poll for adopting draft-gont-tcp-security
Fernando Gont <fernando@gont.com.ar> Tue, 30 June 2009 08:19 UTC
Return-Path: <fernando@gont.com.ar>
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 976313A6BB9 for <tcpm@core3.amsl.com>; Tue, 30 Jun 2009 01:19:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.663
X-Spam-Level:
X-Spam-Status: No, score=-2.663 tagged_above=-999 required=5 tests=[AWL=0.936, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FrERCELNHjaL for <tcpm@core3.amsl.com>; Tue, 30 Jun 2009 01:19:11 -0700 (PDT)
Received: from smtp1.xmundo.net (smtp1.xmundo.net [201.216.232.80]) by core3.amsl.com (Postfix) with ESMTP id 67C193A6841 for <tcpm@ietf.org>; Tue, 30 Jun 2009 01:18:41 -0700 (PDT)
Received: from venus.xmundo.net (venus.xmundo.net [201.216.232.56]) by smtp1.xmundo.net (Postfix) with ESMTP id 0E88E6B65AB; Tue, 30 Jun 2009 05:17:48 -0300 (ART)
Received: from [192.168.0.156] (129-130-17-190.fibertel.com.ar [190.17.130.129]) (authenticated bits=0) by venus.xmundo.net (8.14.1/8.14.1) with ESMTP id n5U8HhUU009786; Tue, 30 Jun 2009 05:17:44 -0300
Message-ID: <4A49CA1A.6060702@gont.com.ar>
Date: Tue, 30 Jun 2009 07:17:30 -0100
From: Fernando Gont <fernando@gont.com.ar>
User-Agent: Thunderbird 2.0.0.19 (Windows/20081209)
MIME-Version: 1.0
To: Matt Mathis <matt.mathis@gmail.com>
References: <C304DB494AC0C04C87C6A6E2FF5603DB2217B28763@NDJSSCC01.ndc.nasa.gov> <fc0ff13d0906241711k44de4f77u8ec825e1ea151a1e@mail.gmail.com> <4A4317ED.1040905@gont.com.ar> <4A48F60A.7020602@gmail.com>
In-Reply-To: <4A48F60A.7020602@gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH authentication, not delayed by milter-greylist-3.0 (venus.xmundo.net [201.216.232.56]); Tue, 30 Jun 2009 05:17:46 -0300 (ART)
Cc: Matt Mathis <mathis@psc.edu>, tcpm Extensions WG <tcpm@ietf.org>
Subject: Re: [tcpm] poll for adopting draft-gont-tcp-security
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jun 2009 08:19:12 -0000
Hello, Matt, > Consider sect 4.4.1, SACK-permitted option length must be 2: This > forbids ever extending SACK by adding a subtype, for example to > negotiate non-renege-able SACK, by putting a 1 in an optional sub-type > carried in additional bytes in the SACK-permitted option. As far as I > know every implementation today correctly parses the option length (e.g. > skips forward by the relevant amount), but ignores the option data, so > such a change would be backwards compatible with all existing > implementations. I had promised to come back to you on this one. FreeBSD ignores those options whose length is not equal to the expected value. Excerpt of the tcp_dooptions() function from netinet/tcp_input.c: case TCPOPT_SACK_PERMITTED: if (optlen != TCPOLEN_SACK_PERMITTED) continue; if (!(flags & TO_SYN)) continue; if (!V_tcp_do_sack) continue; to->to_flags |= TOF_SACKPERM; break; The same thing is done for all other TCP options. Linux does exactly the same thing. Excerpt of the tcp_parse_options() function from net(ipv4/tcp_input.c (available online at: http://lxr.linux.no/linux+v2.6.30/net/ipv4/tcp_input.c#L3763): 3763 case TCPOPT_SACK_PERM: 3764 if (opsize == TCPOLEN_SACK_PERM && th->syn && 3765 !estab && sysctl_tcp_sack) { 3766 opt_rx->sack_ok = 1; 3767 tcp_sack_reset(opt_rx); 3768 } 3769 break; This suggests that extending SACK while still using the same option type is not a good idea, or at least not a backwards-compatible one. (It's worth noting that about 220 of the 256 available TCP option numbers are currently unassigned... so it doesn't look like there's a TCP option-number shortage problem, either) That said, the point you raised is worth noting (i.e., that TCP implementations ignore options that do not match the expected option length), so it doesn't come as a surprise to anybody trying to extend an existing TCP option. Thanks, -- Fernando Gont e-mail: fernando@gont.com.ar || fgont@acm.org PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
- [tcpm] poll for adopting draft-gont-tcp-security Eddy, Wesley M. (GRC-MS00)[Verizon]
- Re: [tcpm] poll for adopting draft-gont-tcp-secur… Matt Mathis
- Re: [tcpm] poll for adopting draft-gont-tcp-secur… Joe Touch
- Re: [tcpm] poll for adopting draft-gont-tcp-secur… Fernando Gont
- Re: [tcpm] poll for adopting draft-gont-tcp-secur… Fernando Gont
- Re: [tcpm] poll for adopting draft-gont-tcp-secur… Matt Mathis
- Re: [tcpm] poll for adopting draft-gont-tcp-secur… Fernando Gont
- Re: [tcpm] poll for adopting draft-gont-tcp-secur… Alfred Hönes
- Re: [tcpm] poll for adopting draft-gont-tcp-secur… Ilpo Järvinen
- Re: [tcpm] poll for adopting draft-gont-tcp-secur… Fernando Gont
- Re: [tcpm] poll for adopting draft-gont-tcp-secur… Joe Touch
- Re: [tcpm] poll for adopting draft-gont-tcp-secur… Joe Touch
- Re: [tcpm] poll for adopting draft-gont-tcp-secur… Eddy, Wesley M. (GRC-MS00)[Verizon]
- [tcpm] [Fwd: Re: poll for adopting draft-gont-tcp… Fernando Gont
- [tcpm] [Fwd: Re: poll for adopting draft-gont-tcp… Fernando Gont
- Re: [tcpm] poll for adopting draft-gont-tcp-secur… Fernando Gont
- Re: [tcpm] poll for adopting draft-gont-tcp-secur… Fernando Gont
- Re: [tcpm] poll for adopting draft-gont-tcp-secur… Fernando Gont
- Re: [tcpm] poll for adopting draft-gont-tcp-secur… Joe Touch
- Re: [tcpm] poll for adopting draft-gont-tcp-secur… Joe Touch
- Re: [tcpm] poll for adopting draft-gont-tcp-secur… Fernando Gont
- Re: [tcpm] poll for adopting draft-gont-tcp-secur… Christos Zoulas
- Re: [tcpm] poll for adopting draft-gont-tcp-secur… Eddy, Wesley M. (GRC-MS00)[Verizon]
- [tcpm] Handling of malformed options (was: Re: po… Fernando Gont
- Re: [tcpm] Handling of malformed options Joe Touch
- Re: [tcpm] Handling of malformed options Fernando Gont
- Re: [tcpm] poll for adopting draft-gont-tcp-secur… Lloyd Wood
- Re: [tcpm] poll for adopting draft-gont-tcp-secur… Joe Touch
- Re: [tcpm] poll for adopting draft-gont-tcp-secur… Lloyd Wood
- Re: [tcpm] poll for adopting draft-gont-tcp-secur… Joe Touch
- Re: [tcpm] poll for adopting draft-gont-tcp-secur… Fernando Gont
- Re: [tcpm] poll for adopting draft-gont-tcp-secur… Fernando Gont
- Re: [tcpm] poll for adopting draft-gont-tcp-secur… Joe Touch
- Re: [tcpm] poll for adopting draft-gont-tcp-secur… Joe Touch
- Re: [tcpm] poll for adopting draft-gont-tcp-secur… Lloyd Wood
- Re: [tcpm] poll for adopting draft-gont-tcp-secur… Joe Touch
- Re: [tcpm] poll for adopting draft-gont-tcp-secur… Lloyd Wood
- Re: [tcpm] poll for adopting draft-gont-tcp-secur… Joe Touch
- Re: [tcpm] poll for adopting draft-gont-tcp-secur… Lloyd Wood
- Re: [tcpm] poll for adopting draft-gont-tcp-secur… Fernando Gont
- Re: [tcpm] poll for adopting draft-gont-tcp-secur… Joe Touch
- Re: [tcpm] poll for adopting draft-gont-tcp-secur… Joe Touch
- Re: [tcpm] poll for adopting draft-gont-tcp-secur… Lloyd Wood
- Re: [tcpm] poll for adopting draft-gont-tcp-secur… Andrew Yourtchenko
- Re: [tcpm] poll for adopting draft-gont-tcp-secur… Dan Wing
- Re: [tcpm] poll for adopting draft-gont-tcp-secur… David Borman