Re: [tcpm] Comments to draft-ietf-tcpm-tcp-edo-13
Yoshifumi Nishida <nsd.ietf@gmail.com> Wed, 22 November 2023 19:26 UTC
Return-Path: <nsd.ietf@gmail.com>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2AC3BC14CE22 for <tcpm@ietfa.amsl.com>; Wed, 22 Nov 2023 11:26:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.103
X-Spam-Level:
X-Spam-Status: No, score=-2.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xg1xj6DETcEn for <tcpm@ietfa.amsl.com>; Wed, 22 Nov 2023 11:26:33 -0800 (PST)
Received: from mail-lj1-x230.google.com (mail-lj1-x230.google.com [IPv6:2a00:1450:4864:20::230]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5429AC14F738 for <tcpm@ietf.org>; Wed, 22 Nov 2023 11:26:33 -0800 (PST)
Received: by mail-lj1-x230.google.com with SMTP id 38308e7fff4ca-2c8879a1570so1840391fa.1 for <tcpm@ietf.org>; Wed, 22 Nov 2023 11:26:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1700681191; x=1701285991; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=B9+Rq9hfUIpEA6JuIOOQ3FVCvsh7yU99dC4Fv1Oix50=; b=MnXuZdmHZn8sPq4/mbZFVvKx8grrIZWAVMovkaaqirSmZrJftEV9pHUInBEroBDAwe FgUVrN9saOq6dhC2AFywySqDxPPZVTVrlVW1CoBDGwxFOVV/nvLCuhBv3/atsVfh7Orr Yg+fznwkxx0czZe0M1GolzArXOHG46DaGVEI+XpRYdmexSdRf0JnwzrW7lxYJQKHnrGX qf2ARuCVdaVgYlWBsaqqp9Yy1MS4z+ESVL1OoMrF2ZYMr+SNy82ew3p3V2ujkqMeY1Pm euKsNEwHZOWqTKYTIRe65WCeec8KECNZgcsxxrTQ2HGM+p1r2RbPJ60c0Cs9b9UDpgW5 zchg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1700681191; x=1701285991; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=B9+Rq9hfUIpEA6JuIOOQ3FVCvsh7yU99dC4Fv1Oix50=; b=nBK6rsn41AXKHmeye2fFvbSQaUpEv2w9A7b4kNJ18IpxGtkLhASIY4YR5ggnNjkiYC OUvn8zcVY/IMXbstv20050X8To94C/yOKwrTCRyJ7FUvuqmttkF+vfyqzegRpEM4QCw/ KIWgLQ73IHfQzMZV0hsfiPa9RV/byPife07slplWmelWWqyjg4hRqB/rSNhNyk1XLXEk HXFwd4FqJDIpSCJHGOstW/+dbH2U60gthxWnbi51ie9Ab9BFvtEPHCsf3lv7IDkBntvR 2Y4tpeoyncwNmOoCTs06r5OYxAISzAdX7lNv7b0ddj+IvIUx0WBqRpTbmYNbNkil/RfM tWtQ==
X-Gm-Message-State: AOJu0YxX9ZFzO27oMM4Po1/DaHeehAat1kJZDGz9yrbEDuhvAYZjDkdO TnUVBEbRBedn4yJxYiqMWsh7AOo9J2ukLDcpW135yPeA
X-Google-Smtp-Source: AGHT+IEs86akbyHIAlB1xzOSOct6N3F+X3UaCbAfbCmgY5yeVQ0p9wG3a9Q/r/kcWc/uUhCyAQ+qgtjoRi7deDPk+aQ=
X-Received: by 2002:a2e:bb0a:0:b0:2bf:b133:dd65 with SMTP id v10-20020a2ebb0a000000b002bfb133dd65mr2025617lje.38.1700681191242; Wed, 22 Nov 2023 11:26:31 -0800 (PST)
MIME-Version: 1.0
References: <fc2d032a-eed3-536a-7131-f4c8ba697136@linux.alibaba.com>
In-Reply-To: <fc2d032a-eed3-536a-7131-f4c8ba697136@linux.alibaba.com>
From: Yoshifumi Nishida <nsd.ietf@gmail.com>
Date: Wed, 22 Nov 2023 11:26:19 -0800
Message-ID: <CAAK044QNA9dUw=yfPLkRDOFZ58q7vFhbSKNNNADDFNayoZsuUg@mail.gmail.com>
To: "D. Wythe" <alibuda@linux.alibaba.com>
Cc: tcpm@ietf.org
Content-Type: multipart/alternative; boundary="00000000000047c15c060ac2b2ea"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/4pCkfK4cyfa3jBCpVE16Jqe0jUY>
Subject: Re: [tcpm] Comments to draft-ietf-tcpm-tcp-edo-13
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Nov 2023 19:26:37 -0000
Hi Wythe, I'm not the author of the draft. But, there are the following texts in the draft. "Once enabled on a connection, all segments in both directions MUST include the EDO Extension option." "If EDO has been negotiated, any subsequent segments arriving without the EDO Extension option MUST be silently ignored." So, I think you'll probably see connection timeouts in such cases. This may look suboptimal behavior, but at the same time, we probably don't want to think about buggy implementations too much because it can be endless. The behavior you describe is prohibited by RFC9293. BTW, I'm curious about how frequently we see this kind of behavior. -- Yoshi On Wed, Nov 22, 2023 at 12:28 AM D. Wythe <alibuda@linux.alibaba.com> wrote: > > > Hi all, > > I am D. Wythe from Alibaba, currently conducting research on EDO. I > would like to report an issue > involving certain middleboxes that may have an impact on EDO. > > We have observed that some middleboxes incorrectly copy unknown TCP > options from SYN packets into the SYN-ACK packets. > We believe this behavior is entirely incorrect, although we are > uncertain of the reasons behind it. > > Here is an example of a TCP SYN packet I constructed with an unknown SYN > TCP option: > > local.32218 > remote.http: Flags [S], seq 4026107292, win 8192, options > [unknown-100 0x01020304,nop,nop], length 0 > remote.http > local.32218: Flags [S.], seq 3220955308, ack 4026107293, > win 8192, options [unknown-100 0x01020304,nop,nop], length 0 > > Unfortunately, this is not an isolated incident. We have observed > several publicly available services on the internet > exhibiting the same incorrect behavior. > > We would like to know if anyone else has encountered similar issues and > how you perceive the impact of EDO in this scenario > (we believe it may result in the server interpreting the TCP options as > application data). > > Additionally, is there any possibility of adding an explicit > notification when one side detects a violation of the EDO protocol. > This could potentially prevent all segments from being discarded by > restricting the peer from further extending the TCP header. > > > Best regards, > D. Wythe > > > > > _______________________________________________ > tcpm mailing list > tcpm@ietf.org > https://www.ietf.org/mailman/listinfo/tcpm
- [tcpm] Comments to draft-ietf-tcpm-tcp-edo-13 D. Wythe
- Re: [tcpm] Comments to draft-ietf-tcpm-tcp-edo-13 rs.ietf
- Re: [tcpm] Comments to draft-ietf-tcpm-tcp-edo-13 Yoshifumi Nishida
- Re: [tcpm] Comments to draft-ietf-tcpm-tcp-edo-13 D. Wythe
- Re: [tcpm] Comments to draft-ietf-tcpm-tcp-edo-13 Michael Tuexen
- Re: [tcpm] Comments to draft-ietf-tcpm-tcp-edo-13 D. Wythe
- Re: [tcpm] Comments to draft-ietf-tcpm-tcp-edo-13 D. Wythe
- Re: [tcpm] Comments to draft-ietf-tcpm-tcp-edo-13 rs.ietf
- Re: [tcpm] Comments to draft-ietf-tcpm-tcp-edo-13 Yoshifumi Nishida
- Re: [tcpm] Comments to draft-ietf-tcpm-tcp-edo-13 Joe Touch
- Re: [tcpm] Comments to draft-ietf-tcpm-tcp-edo-13 Joe Touch
- Re: [tcpm] Comments to draft-ietf-tcpm-tcp-edo-13 D. Wythe
- Re: [tcpm] Comments to draft-ietf-tcpm-tcp-edo-13 D. Wythe
- Re: [tcpm] Comments to draft-ietf-tcpm-tcp-edo-13 D. Wythe