IETF Logo Mail Archive

Re: [tcpm] TCP SEQ validation (Fwd: New Version Notification for draft-gont-tcpm-tcp-seq-validation-02.txt)

Yoshifumi Nishida <nishida@sfc.wide.ad.jp> Wed, 01 April 2015 18:53 UTC

Return-Path: <nishida@sfc.wide.ad.jp>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A037B1A87ED for <tcpm@ietfa.amsl.com>; Wed, 1 Apr 2015 11:53:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.215
X-Spam-Level: **
X-Spam-Status: No, score=2.215 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265, HTML_MESSAGE=0.001, RELAY_IS_203=0.994, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B8XVyFmJtlXX for <tcpm@ietfa.amsl.com>; Wed, 1 Apr 2015 11:53:00 -0700 (PDT)
Received: from mail.sfc.wide.ad.jp (shonan.sfc.wide.ad.jp [203.178.142.130]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D89481A86FA for <tcpm@ietf.org>; Wed, 1 Apr 2015 11:52:59 -0700 (PDT)
Received: from mail-wi0-f176.google.com (mail-wi0-f176.google.com [209.85.212.176]) by mail.sfc.wide.ad.jp (Postfix) with ESMTPSA id 58A93278124 for <tcpm@ietf.org>; Thu, 2 Apr 2015 03:52:57 +0900 (JST)
Received: by widdi4 with SMTP id di4so55205196wid.0 for <tcpm@ietf.org>; Wed, 01 Apr 2015 11:52:54 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.180.13.145 with SMTP id h17mr17894520wic.38.1427914374710; Wed, 01 Apr 2015 11:52:54 -0700 (PDT)
Received: by 10.194.41.167 with HTTP; Wed, 1 Apr 2015 11:52:54 -0700 (PDT)
In-Reply-To: <551B8501.1040508@si6networks.com>
References: <20150326185546.29511.2115.idtracker@ietfa.amsl.com> <5514581D.4020909@si6networks.com> <CAO249yc3fJJ_5eDnqpHktzLCz8ho9GsEN3AZD1bKfJF1E4Bwsw@mail.gmail.com> <915de06f7beb41c78b1a0b324ab14287@hioexcmbx05-prd.hq.netapp.com> <CAO249ycyG8Q4TfnwBzvCnt34+YPXX5c=nhsaJ=6Aw6tMoe7c6g@mail.gmail.com> <BC841281-C017-4A04-8491-432359316604@weston.borman.com> <551B8501.1040508@si6networks.com>
Date: Wed, 01 Apr 2015 11:52:54 -0700
Message-ID: <CAO249yc7VvAE4O8R+p9m3X430NhCAPMOvrErR+1YG53LMb2tAQ@mail.gmail.com>
From: Yoshifumi Nishida <nishida@sfc.wide.ad.jp>
To: Fernando Gont <fgont@si6networks.com>
Content-Type: multipart/alternative; boundary="001a11c2413e130a6b0512ae3937"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tcpm/Zi6pbTy_kTN34gyBffA5_YGE58Y>
Cc: "tcpm-chairs@tools.ietf.org" <tcpm-chairs@tools.ietf.org>, David Borman <dab@weston.borman.com>, "tcpm@ietf.org" <tcpm@ietf.org>
Subject: Re: [tcpm] TCP SEQ validation (Fwd: New Version Notification for draft-gont-tcpm-tcp-seq-validation-02.txt)
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Apr 2015 18:53:03 -0000

Hi Fernando,

Please allow us some time to think about how to proceed this.
In the meantime, we welcome further feedback on the draft.

Regards,
--
Yoshi

On Tue, Mar 31, 2015 at 10:41 PM, Fernando Gont <fgont@si6networks.com>
wrote:

> Folks,
>
> Would it make sense to do a wg call for adoption of this document?
>
> Thanks!
>
> Best regards,
> Fernando
>
>
>
>
> On 03/28/2015 02:59 AM, David Borman wrote:
> > Accepting the ACK in a packet one to the left of the window is what was
> implemented years (decades?) ago.  It’s what I put into BSD/OS, the comment
> at that time was:
> >                         /*
> >                          * If segment is just one to the left of the
> window,
> >                          * check three special cases:
> >                          * 1. Don't toss RST in response to 4.2-style
> keepalive.
> >                          * 2. If the only thing to drop is a FIN, we can
> drop
> >                          *    it, but check the ACK or we will get into
> FIN
> >                          *    wars if our FINs crossed (both CLOSING).
> >                          * 3. If we have sent a window probe, it may or
> may not
> >                          *    have been accepted.  If window probes
> crossed,
> >                          *    we must accept ACK on segments one to the
> left
> >                          *    of the window, or we can get ACK wars after
> >                          *    exchanging probes.  (After sending a probe,
> >                          *    ACK-only packets are sent with the
> pre-probe
> >                          *    sequence number.)
> >                          * In any of these cases, send ACK to
> resynchronize,
> >                          * but keep on processing for RST or ACK.
> >                          */
> > So mainly, the “accept the ACK if it is one to the left of the window”
> was the original implementation.
> >
> > The only question is if there are any TCPs out there that actually do a
> window probe of more than 1 byte; in that case you’d want to accept an ACK
> if it is within the maximum window probe size to the left of the window.
> But only the implementations that generate a window probe of more than one
> byte would need to worry about that, in case they had crossing probes with
> another TCP that also generated probes more than one byte in length.  If
> you have a one-byte probe crossing with a multi-byte probe, the one-byte
> probe check is sufficient to break the ACK war.
> >
> > So maybe a comment needs to be inserted that if an implementation can
> generate a multi-byte probe, then they have to also implement accepting
> ACKs in packets within the maximum window probe size that they might
> generate.  That guarantees that whichever side sends the larger probe,
> it’ll accept the ACK from the smaller probe, and the ACK war will be broken.
> >
> >                       -David Borman
> >
> >> On Mar 27, 2015, at 12:54 PM, Yoshifumi Nishida <nishida@sfc.wide.ad.jp>
> wrote:
> >>
> >> Hi Richard,
> >>
> >> On Fri, Mar 27, 2015 at 4:41 AM, Scheffenegger, Richard <rs@netapp.com>
> wrote:
> >> I would think PS is the proper way – there is no experimenting with a
> buggy spec, and Fernando pointed out, that most stacks had fixed that
> particular bug in 793 for quite some while, right?
> >>
> >>
> >> Yes.  I believe no one would argue the bug in 793 pointed out in the
> draft. Also, I believe the solution presented in the draft is "make sense".
> >> What I am wondering is this make sense solution can be the "once for
> all" solution and we can happily update 793.
> >> I guess some implementations have been using a bit different approach
> than this, which gives me some concerns to update 793.
> >> It will be very useful info if some implementations use this approach
> or have a plan to use this approach.
> >>
> >> Thanks,
> >> --
> >> Yoshi
> >>
> >>
> >>
> >> From: tcpm [mailto:tcpm-bounces@ietf.org] On Behalf Of Yoshifumi
> Nishida
> >> Sent: Donnerstag, 26. März 2015 18:23
> >> To: Fernando Gont
> >> Cc: tcpm@ietf.org
> >> Subject: Re: [tcpm] TCP SEQ validation (Fwd: New Version Notification
> for draft-gont-tcpm-tcp-seq-validation-02.txt)
> >>
> >>
> >>
> >> Hi,
> >>
> >> I would like to check people who are willing to support it also agree
> that this draft is published as a PS and it updates 793, or prefer other
> ways.
> >>
> >> --
> >>
> >> Yoshi
> >>
> >>
> >>
> >> On Thu, Mar 26, 2015 at 12:03 PM, Fernando Gont <fgont@si6networks.com>
> wrote:
> >>
> >> Folks,
> >>
> >> Thanks to some folks' push over time, and the fact that both co-authors
> >> happened to find themselves at IETF 92, we've reposted our latests
> >> version of this I-D (since the previous one had expired), in the hopes
> >> of making progress.
> >>
> >> Any comments on this rev will be appreciated. Additionally, I'll
> >> repost/fwd Karen's latest comments on this I-D, which will be the basis
> >> for the changes in the next rev.
> >>
> >> Thanks!
> >>
> >> Best regards,
> >> Fernando
> >>
> >>
> >>
> >>
> >> -------- Forwarded Message --------
> >> Subject: New Version Notification for
> >> draft-gont-tcpm-tcp-seq-validation-02.txt
> >> Date: Thu, 26 Mar 2015 11:55:46 -0700
> >> From: internet-drafts@ietf.org
> >> To: Fernando Gont <fgont@si6networks.com>, David Borman
> >> <david.borman@quantum.com>, Fernando Gont <fgont@si6networks.com>,
> David
> >> Borman <david.borman@quantum.com>
> >>
> >>
> >> A new version of I-D, draft-gont-tcpm-tcp-seq-validation-02.txt
> >> has been successfully submitted by Fernando Gont and posted to the
> >> IETF repository.
> >>
> >> Name:           draft-gont-tcpm-tcp-seq-validation
> >> Revision:       02
> >> Title:          On the Validation of TCP Sequence Numbers
> >> Document date:  2015-03-26
> >> Group:          Individual Submission
> >> Pages:          16
> >> URL:
> >>
> http://www.ietf.org/internet-drafts/draft-gont-tcpm-tcp-seq-validation-02.txt
> >> Status:
> >> https://datatracker.ietf.org/doc/draft-gont-tcpm-tcp-seq-validation/
> >> Htmlized:
> >> http://tools.ietf.org/html/draft-gont-tcpm-tcp-seq-validation-02
> >> Diff:
> >> http://www.ietf.org/rfcdiff?url2=draft-gont-tcpm-tcp-seq-validation-02
> >>
> >> Abstract:
> >>    When TCP receives packets that lie outside of the receive window, the
> >>    corresponding packets are dropped and either an ACK, RST or no
> >>    response is generated due to the out-of-window packet, with no
> >>    further processing of the packet.  Most of the time, this works just
> >>    fine and TCP remains stable, especially when a TCP connection has
> >>    unidirectional data flow.  However, there are three scenarios in
> >>    which packets that are outside of the receive window should still
> >>    have their ACK field processed, or else a packet war will take place.
> >>    The aforementioned issues have affected a number of popular TCP
> >>    implementations, typically leading to connection failures, system
> >>    crashes, or other undesirable behaviors.  This document describes the
> >>    three scenarios in which the aforementioned issues might arise, and
> >>    formally updates RFC 793 such that these potential problems are
> >>    mitigated.
> >>
> >>
> >>
> >>
> >>
> >> Please note that it may take a couple of minutes from the time of
> submission
> >> until the htmlized version and diff are available at tools.ietf.org.
> >>
> >> The IETF Secretariat
> >>
> >>
> >>
> >>
> >> _______________________________________________
> >> tcpm mailing list
> >> tcpm@ietf.org
> >> https://www.ietf.org/mailman/listinfo/tcpm
> >>
> >>
> >>
> >>
> >> _______________________________________________
> >> tcpm mailing list
> >> tcpm@ietf.org
> >> https://www.ietf.org/mailman/listinfo/tcpm
> >
> > _______________________________________________
> > tcpm mailing list
> > tcpm@ietf.org
> > https://www.ietf.org/mailman/listinfo/tcpm
> >
>
>
> --
> Fernando Gont
> SI6 Networks
> e-mail: fgont@si6networks.com
> PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
>
>
>
>
>

v2.23.0 | Report a Bug | By Email