Re: [tcpm] TCP zero window timeout?
MURALI BASHYAM <murali_bashyam@yahoo.com> Mon, 28 August 2006 23:41 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GHqjn-0001a4-2f; Mon, 28 Aug 2006 19:41:51 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GHqjm-0001Zz-FI for tcpm@ietf.org; Mon, 28 Aug 2006 19:41:50 -0400
Received: from web31710.mail.mud.yahoo.com ([68.142.201.190]) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1GHqjl-0001qn-3E for tcpm@ietf.org; Mon, 28 Aug 2006 19:41:50 -0400
Received: (qmail 13659 invoked by uid 60001); 28 Aug 2006 23:15:08 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=d1Ak//OaUtNTk99kQuWKXC1QtAnkj3Mt6rw+88rjXYDdeNSYf9TmJbg2YvtQqUVRCUkm30UelLWB2dx2vKOkunVSCYXoKJqRgXm8CioFVVGU0+0bdGidXLrXikWWjGDva2FtEWOMAv4bLJxQRZ2MaQtgDrUITS2pAhKBVCEIQJA= ;
Message-ID: <20060828231508.13657.qmail@web31710.mail.mud.yahoo.com>
Received: from [24.6.24.35] by web31710.mail.mud.yahoo.com via HTTP; Mon, 28 Aug 2006 16:15:07 PDT
Date: Mon, 28 Aug 2006 16:15:07 -0700
From: MURALI BASHYAM <murali_bashyam@yahoo.com>
Subject: Re: [tcpm] TCP zero window timeout?
To: Fernando Gont <fernando@gont.com.ar>, Mahesh Jethanandani <mahesh@cisco.com>, "Mahdavi, Jamshid" <jamshid.mahdavi@bluecoat.com>
In-Reply-To: <7.0.1.0.0.20060828174420.07977518@gont.com.ar>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 825e642946eda55cd9bc654a36dab8c2
Cc: tcpm@ietf.org, "Anantha Ramaiah (ananth)" <ananth@cisco.com>
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Errors-To: tcpm-bounces@ietf.org
Fernando Today there is nothing that prevents a client side application from simply stopping to read the TCP receive socket buffer and causing the offered window to go down to 0, and thus causing the sender to hold a large send queue worth of data and probe forever. If this is done by a large number of clients against the same server, u have a distributed DOS attack on that server. We have seen this in practice. To answer an earlier question u had raised, the application cannot timeout on this connection because it does not know when the connection enters and leaves the persist state, only TCP knows that. The application can definitely decide the timeout value, but TCP needs to implement the timer because only it is aware of the state of the peer. More comments inline. --- Fernando Gont <fernando@gont.com.ar> wrote: > At 20:05 26/08/2006, MURALI BASHYAM wrote: > > >Having said that, i'd say this timeout is in the > same > >spirit as the upper bound on the retransmit > mechanism > >of TCP. TCP could indefinitely retransmit and have > the > >application timeout too, correct? > > I disagree. In the case of the RTO, you don't have > any hints of the > TCP segments getting to the remote TCP endpoint. > Hence, after some > number of retransmission, you don;t have much else > to do than to > abort the connection. > I agree with you on that, but what i want to borrow from that timer is the aspect of limiting the amount of time trying to retransmit, which is what i meant. > In the case of zero window, as far as TCP is > concerned, there's > nothing wrong with an endpoint advertising a zero > window. And you do > know that packets are getting to the remote TCP > endpoint (that's why > you are getting the advertisements, after all). > And i am not disagreeing with you on that, let's differentiate the legitimate ones from the bad ones or minimize the impact of the bad ones. > > > >The problem is that > >TCP has a persist state which can potentially exist > >infinitely long and which lends itself to abuse by > a > >malicious peer. > > This is the same thing as saying that there should > be an "idle > connection timeout", because a connection can be > opened, and no data > needs to be transmitted on the connection for the > connection to be kept open. > An idle connection does not consume any buffer resources, whereeas here the connection is holding up precious buffer resources. > That said, some upper limit on the number of > window-probes might not > hurt, but then you get into which value to use. > If too small, you may kill legitimate users. If too > long, it may be useless. > I agree, but in the event of a DOS like scenario, this provides the administrator with a tool to control the impact of these bad clients on the system, and he can come up with a value which certainly does not impact legitimate probes. In these scenarios, any limit is better than infinite :-). Murali > And I doubt there really is something in between. > > Kindest regards, > > -- > Fernando Gont > e-mail: fernando@gont.com.ar || fgont@acm.org > PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE > A9EF D076 FFF1 > > > > > > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ tcpm mailing list tcpm@ietf.org https://www1.ietf.org/mailman/listinfo/tcpm
- [tcpm] TCP zero window timeout? Mahesh Jethanandani
- RE: [tcpm] TCP zero window timeout? Mahdavi, Jamshid
- RE: [tcpm] TCP zero window timeout? Fernando Gont
- Re: [tcpm] TCP zero window timeout? Mahesh Jethanandani
- Re: [tcpm] TCP zero window timeout? Joe Touch
- Re: [tcpm] TCP zero window timeout? Fernando Gont
- Re: [tcpm] TCP zero window timeout? MURALI BASHYAM
- RE: [tcpm] TCP zero window timeout? Anantha Ramaiah (ananth)
- Re: [tcpm] TCP zero window timeout? Joe Touch
- Re: [tcpm] TCP zero window timeout? Kuthonuzo Luruo (STSD)
- Re: [tcpm] TCP zero window timeout? Ted Faber
- Re: [tcpm] TCP zero window timeout? Fernando Gont
- Re: [tcpm] TCP zero window timeout? MURALI BASHYAM
- Re: [tcpm] TCP zero window timeout? MURALI BASHYAM
- Re: [tcpm] TCP zero window timeout? Mahesh Jethanandani
- RE: [tcpm] TCP zero window timeout? Caitlin Bestler
- RE: [tcpm] TCP zero window timeout? MURALI BASHYAM
- Re: [tcpm] TCP zero window timeout? Fernando Gont
- Re: [tcpm] TCP zero window timeout? Ted Faber
- Re: [tcpm] TCP zero window timeout? MURALI BASHYAM
- RE: [tcpm] TCP zero window timeout? Caitlin Bestler
- Re: [tcpm] TCP zero window timeout? John Heffner
- RE: [tcpm] TCP zero window timeout? MURALI BASHYAM
- RE: [tcpm] TCP zero window timeout? Caitlin Bestler
- Re: [tcpm] TCP zero window timeout? Mahesh Jethanandani
- Re: [tcpm] TCP zero window timeout? Joe Touch
- Re: [tcpm] TCP zero window timeout? Ted Faber
- Re: [tcpm] TCP zero window timeout? Joe Touch
- Re: [tcpm] TCP zero window timeout? Ted Faber
- Re: [tcpm] TCP zero window timeout? Joe Touch
- Re: [tcpm] TCP zero window timeout? Ted Faber
- Re: [tcpm] TCP zero window timeout? Ted Faber