RE: [tcpm] TCP zero window timeout?

"Anantha Ramaiah \(ananth\)" <ananth@cisco.com> Sun, 27 August 2006 00:24 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GH8SO-0006n2-D4; Sat, 26 Aug 2006 20:24:56 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GH8SM-0006mw-RT for tcpm@ietf.org; Sat, 26 Aug 2006 20:24:54 -0400
Received: from stsc1260-eth-s1-s1p1-vip.va.neustar.com ([156.154.16.129] helo=chiedprmail1.ietf.org) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GH8SM-0001RA-PI for tcpm@ietf.org; Sat, 26 Aug 2006 20:24:54 -0400
Received: from sj-iport-6.cisco.com ([171.71.176.117]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1GH8MK-0005jh-8s for tcpm@ietf.org; Sat, 26 Aug 2006 20:18:44 -0400
Received: from sj-dkim-1.cisco.com ([171.71.179.21]) by sj-iport-6.cisco.com with ESMTP; 26 Aug 2006 17:18:37 -0700
Received: from sj-core-5.cisco.com (sj-core-5.cisco.com [171.71.177.238]) by sj-dkim-1.cisco.com (8.12.11.20060308/8.12.11) with ESMTP id k7R0IbqU031217; Sat, 26 Aug 2006 17:18:37 -0700
Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com [128.107.191.63]) by sj-core-5.cisco.com (8.12.10/8.12.6) with ESMTP id k7R0Ia1E028274; Sat, 26 Aug 2006 17:18:36 -0700 (PDT)
Received: from xmb-sjc-21c.amer.cisco.com ([171.70.151.176]) by xbh-sjc-221.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Sat, 26 Aug 2006 17:18:36 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [tcpm] TCP zero window timeout?
Date: Sat, 26 Aug 2006 17:18:35 -0700
Message-ID: <0C53DCFB700D144284A584F54711EC58020CCDBF@xmb-sjc-21c.amer.cisco.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [tcpm] TCP zero window timeout?
Thread-Index: AcbJZDieyU6dVRUuSH+uF8Wmu7DdwgACDxHA
From: "Anantha Ramaiah \(ananth\)" <ananth@cisco.com>
To: "MURALI BASHYAM" <murali_bashyam@yahoo.com>, "Fernando Gont" <fernando@gont.com.ar>, "Mahesh Jethanandani \(mahesh\)" <mahesh@cisco.com>, "Mahdavi, Jamshid" <jamshid.mahdavi@bluecoat.com>
X-OriginalArrivalTime: 27 Aug 2006 00:18:36.0565 (UTC) FILETIME=[56C00C50:01C6C96E]
DKIM-Signature: a=rsa-sha1; q=dns; l=4574; t=1156637917; x=1157501917; c=relaxed/simple; s=sjdkim1002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=ananth@cisco.com; z=From:=22Anantha=20Ramaiah=20\(ananth\)=22=20<ananth@cisco.com> |Subject:RE=3A=20[tcpm]=20TCP=20zero=20window=20timeout?; X=v=3Dcisco.com=3B=20h=3DlGoMr65IuHNTOXy7TDhc9EFdLjY=3D; b=dlfQ440zIKgXDtomyKONl33wuIFGBmGrupDbgfa81qkKRGCzX00231FSSyUbXolbvvUFa5iJ Mul8BomZbTDwUA0kRWEwjS/fEa3Ci3m+BQ7rC+tCDrh4HgKcFom7SqlI;
Authentication-Results: sj-dkim-1.cisco.com; header.From=ananth@cisco.com; dkim=pass ( sig from cisco.com verified; );
X-Spam-Score: -2.6 (--)
X-Scan-Signature: b132cb3ed2d4be2017585bf6859e1ede
Cc: tcpm@ietf.org
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Errors-To: tcpm-bounces@ietf.org

Just to second what Murali said :

Having a timeout on the persist state in case of proxy devices is
advantagous because :

- prevents resource exhaustion from mis-behaving, malicious clients.

- Buggy applications/TCP stacks, which doesn't read data and may also
shrink the window to 0. 

Of course the robustness priniciple does say "be liberal in what you
accept and conservative in what you send" and this applies to window
shrinking ie never shrink the window, but if the peer has shrunk the
window to 0 suddenly and sits tight in that  state for a long time, then
is is a problem. Typically applications have control on this persist
timeout value, but in case of situations which Mahesh points a TCP level
timeout seems to make sense. The question becomes whether do you want a
TCP level protection for this scenario or not?

-Anantha
> -----Original Message-----
> From: MURALI BASHYAM [mailto:murali_bashyam@yahoo.com] 
> Sent: Saturday, August 26, 2006 4:06 PM
> To: Fernando Gont; Mahesh Jethanandani (mahesh); Mahdavi, Jamshid
> Cc: tcpm@ietf.org; Anantha Ramaiah (ananth)
> Subject: Re: [tcpm] TCP zero window timeout?
> 
> 
> Fernando
> 
> I collaborated with mahesh on this, so let me try making the 
> case for it a little better.
> 
> The problem was found on a TCP proxy, which does not have any 
> applicaton awareness. In fact application awareness is not a 
> goal in that environment. Hence the TCP level solution.
> 
> Having said that, i'd say this timeout is in the same spirit 
> as the upper bound on the retransmit mechanism of TCP. TCP 
> could indefinitely retransmit and have the application 
> timeout too, correct? The problem is that TCP has a persist 
> state which can potentially exist infinitely long  and which 
> lends itself to abuse by a malicious peer. Just based purely 
> on this consideration, don't you think TCP should have a 
> mechanism that reduces the impact of this problem by either 
> limiting the number of probes (a la retransmit
> timeout) or the duration. And the application can turn it on 
> per connection via a socket option and set a value which 
> makes sense for that application, so there is per application 
> per connection control anyway.
> 
> Murali
> 
> --- Fernando Gont <fernando@gont.com.ar> wrote:
> 
> > At 21:00 25/08/2006, Mahesh Jethanandani wrote:
> > 
> > >The situation I was referring to is a little
> > different and applies
> > >to persist timer. In our situation the client stops
> > reading data. 
> > >These clients are machines out in the Internet and
> > as such the
> > >server has no control over their behavior. So while
> > there is
> > >unacknowledged data, it is not that the client is
> > not acking any
> > >data. It is responding to the probe but that it
> > continuously
> > >advertises a window of zero.  There is currently to
> > my knowledge no
> > >timeout for this state for the server. This can
> > manifest itself as a
> > >DOS situation if there are several such connections
> > where the server
> > >is forced to hold data.
> > 
> > I'd argue that this should be handled by an application-level timer.
> > 
> > The problem with the scenario you point out is that there 
> will always 
> > be one more way to do the same thing.
> > 
> > If we're talking about connections wasting resources, there 
> are many 
> > protocols (POP3, SMTP) in which after the initial greeting by the 
> > server, the client is supposed to go ahead. In all those cases, the 
> > client could just sit there. And only an application-layer timeout 
> > would help you.
> > 
> > I'm not sure how many servers implement this type of
> > 
> > application-layer timer. But there are some (Apache) that I have 
> > checked, and do.
> > 
> > Nevertheless, I'm interested in the behaviour you described. Is it 
> > supposed to be malicious activity?
> > 
> > Kindest regards,
> > 
> > --
> > Fernando Gont
> > e-mail: fernando@gont.com.ar || fgont@acm.org PGP Fingerprint: 7809 
> > 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
> > 
> > 
> > 
> > 
> > > _______________________________________________
> > tcpm mailing list
> > tcpm@ietf.org
> > https://www1.ietf.org/mailman/listinfo/tcpm
> > 
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection 
> around http://mail.yahoo.com 
> 

_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www1.ietf.org/mailman/listinfo/tcpm