Re: [tcpm] I-D Action: draft-ietf-tcpm-1323bis-13.txt

Andre Oppermann <> Sat, 01 June 2013 16:52 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 86A0821F9E45 for <>; Sat, 1 Jun 2013 09:52:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id rHwldqw4ERyc for <>; Sat, 1 Jun 2013 09:52:20 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id E571421F9CEB for <>; Sat, 1 Jun 2013 09:52:19 -0700 (PDT)
Received: (qmail 75402 invoked from network); 1 Jun 2013 17:50:08 -0000
Received: from (HELO []) ([]) (envelope-sender <>) by (qmail-ldap-1.03) with SMTP for <>; 1 Jun 2013 17:50:08 -0000
Message-ID: <>
Date: Sat, 01 Jun 2013 18:52:08 +0200
From: Andre Oppermann <>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130509 Thunderbird/17.0.6
MIME-Version: 1.0
To: "Scheffenegger, Richard" <>
References: Your message of Fri, 31 May 2013 10:24:59 -0700. <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: Fernando Gont <>, " Extensions" <>, Tim Shepard <>, Joe Touch <>
Subject: Re: [tcpm] I-D Action: draft-ietf-tcpm-1323bis-13.txt
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 01 Jun 2013 16:52:25 -0000

On 01.06.2013 15:57, Scheffenegger, Richard wrote:
> Hi Tim,
> I agree with your reasoning, and think that IF Tsopt was established, under the current
> semantics, subsequent segments without Tsopt MUST not be accepted.

The problem seems to be that timestamps are used for two separate
purposes: a) better RTT measurements; b) PAWS.

For a) a missing TSopt on a segment wouldn't be fatal, however which
timestamp shall the receiver reflect from now on?  The last one seen?
That would lead to a rapid inflation in apparent RTT seen on the sender.
For b) a missing TSopt is fatal since it makes it impossible to determine
if this segment is actually valid or not.

> Sending an ACK for the last in-sequence segment MAY be allowed (but a receiver should not keep
> sending such an ACK excessively - if it would, and the reason for the non-TSopt segments is a
> path change where TSopt is being stripped, it could result in a permanent exchange of data/ack,
> without any forward progress... Although the sender would continuously shrink the cwnd, and limit
> the wasted bandwidth.)

The more useful behavior is to ignore the segment missing TSopt.  Sending
an ACK doesn't magically fix the bug on the other side and leads to an
ACK war in the worst case.

> Olivier remarked, that sometimes a sender might push out the TSopt in favor of other options
> (MPTCP, SACK). While I believe that even then a segment should not be accepted, if it lacks
> TSopt, I was wondering if there is any benefit to be had, to allow a fully in-sequence packet to
> be accepted then (shinking the acceptance window basically to one particular sequence number).

TSopt should never be pushed out by other options.  Doing so would be a bug.
One wouldn't expect other always present options (MPTCP for example) to be
pushed out either.

> OTOH, the point of SACK is that it being sent during reorder / loss events, so a rule like above
> wouldn't be all that helpful really...
> Does anyone know why Linux does accept non TSopt segments at any time?

FreeBSD behaves the same.  I once changed syncache to require TSopt in the
ACK completing the 3WHS when it was negotiated during SYN/SYN-ACK.  It was
reverted a short time later because someone reported a problem where some
buggy device on the path responded with an ACK in parallel to the original
host but missing TSopt.  Since the buggy device was slightly faster a RST
was sent and the connection attempt aborted.  I have no idea why the buggy
device responded in parallel with the real endpoint...  After the acceptance
test was relaxed again there was no further detailed analysis and it was
never found out what kind of device caused the trouble along the path.

The reverse check where TSopt must not be present when not negotiated is
still in place and hasn't caused any known problems.

Other errors with TSopt (not) present in established state are currently
not logged.  I should add in the next days.

> In any case, the only proper way for PAWS would be to not accept non-TSopt segments after TSopt
> has been negotiated.