IETF Logo Mail Archive

[tcpm] Comments on draft-ietf-tcpm-tcp-edo-13

"Iwashima, Kuniyuki" <kuniyu@amazon.co.jp> Wed, 16 August 2023 22:47 UTC

Return-Path: <prvs=5858fb9bf=kuniyu@amazon.co.jp>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE2F6C151711 for <tcpm@ietfa.amsl.com>; Wed, 16 Aug 2023 15:47:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazon.co.jp
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uco0It5ZIzCr for <tcpm@ietfa.amsl.com>; Wed, 16 Aug 2023 15:47:54 -0700 (PDT)
Received: from smtp-fw-6002.amazon.com (smtp-fw-6002.amazon.com [52.95.49.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D4B65C151555 for <tcpm@ietf.org>; Wed, 16 Aug 2023 15:47:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.co.jp; i=@amazon.co.jp; q=dns/txt; s=amazon201209; t=1692226074; x=1723762074; h=from:to:cc:subject:date:message-id:content-id: content-transfer-encoding:mime-version; bh=nVZ5gd1IN5NY5RzuAU/fsQ1P16O71Vf5Yoa9Aqs4hpQ=; b=AKEMexuKSw9T53JghvOtAcASEqZJrP29PITlIAHuYV7Ywfo43ouq1DYC FH47Da2xbLAK+sHE0Lxp2JBj1qVs3bAL0hN9bqldMcSlIkk/duAXNjXs+ p16fnRRttFwh03GSRZ3QGgqWtNHuY2akTzpthTIghqkXLVXA3t2Fpwpy/ M=;
X-IronPort-AV: E=Sophos;i="6.01,178,1684800000"; d="scan'208";a="350749594"
Received: from iad12-co-svc-p1-lb1-vlan3.amazon.com (HELO email-inbound-relay-iad-1d-m6i4x-e651a362.us-east-1.amazon.com) ([10.43.8.6]) by smtp-border-fw-6002.iad6.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Aug 2023 22:47:54 +0000
Received: from EX19MTAUWB002.ant.amazon.com (iad12-ws-svc-p26-lb9-vlan3.iad.amazon.com [10.40.163.38]) by email-inbound-relay-iad-1d-m6i4x-e651a362.us-east-1.amazon.com (Postfix) with ESMTPS id 8D2F78062A; Wed, 16 Aug 2023 22:47:52 +0000 (UTC)
Received: from EX19D004ANA002.ant.amazon.com (10.37.240.153) by EX19MTAUWB002.ant.amazon.com (10.250.64.231) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.30; Wed, 16 Aug 2023 22:47:42 +0000
Received: from EX19D004ANA001.ant.amazon.com (10.37.240.138) by EX19D004ANA002.ant.amazon.com (10.37.240.153) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.1118.30; Wed, 16 Aug 2023 22:47:41 +0000
Received: from EX19D004ANA001.ant.amazon.com ([fe80::f099:cbca:cc6b:91ec]) by EX19D004ANA001.ant.amazon.com ([fe80::f099:cbca:cc6b:91ec%5]) with mapi id 15.02.1118.030; Wed, 16 Aug 2023 22:47:41 +0000
From: "Iwashima, Kuniyuki" <kuniyu@amazon.co.jp>
To: Joseph Touch <touch@strayalpha.com>
CC: "Iwashima, Kuniyuki" <kuniyu@amazon.co.jp>, "Nishida, Yoshi" <nyoshif@amazon.com>, "tcpm@ietf.org Extensions" <tcpm@ietf.org>
Thread-Topic: Comments on draft-ietf-tcpm-tcp-edo-13
Thread-Index: AQHZ0JOphAMQRYPPq0S43DHLQsG0EA==
Date: Wed, 16 Aug 2023 22:47:41 +0000
Message-ID: <D2771B75-1DF9-4B49-A0F6-FB4E1A9D083C@amazon.co.jp>
Accept-Language: ja-JP, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.187.171.21]
Content-Type: text/plain; charset="utf-8"
Content-ID: <26B1423754791A418FA2D59879A9223D@amazon.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/dm-l0-jb05EYOL3OPTxwdeNxU1g>
X-Mailman-Approved-At: Wed, 16 Aug 2023 17:16:50 -0700
Subject: [tcpm] Comments on draft-ietf-tcpm-tcp-edo-13
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Aug 2023 22:50:34 -0000

Hello Joe,

I'm Kuniyuki from AWS and recently working on this topic with Yoshi.
I have prototyped Extended Data Offset in Linux based on net-next.git and now
extending packetdrill to test EDO.

I have two comments about EDO fallback mechanism and option processing.

Let's say a middlebox merges the final ACK of 3WHS and the following segment
(3rd & 4th packets in the script below).

---8<---
0   socket(..., SOCK_STREAM, IPPROTO_TCP) = 3
+0  setsockopt(3, SOL_TCP, TCP_EXT_DATA_OFFSET, [1], 4) = 0
+0  bind(3, ..., ...) = 0
+0  listen(3, 1) = 0

+0  < S 0:0(0) win 1000 <mss 1000,edoOK>
+0  > S. 0:0(0) ack 1 <edoOK, mss 1460>
+0  < . 1:1(0) ack 1 win 1000 <edo>
+0  < . 1:2(1) ack 1 win 1000 <edo>
---8<---

If the client uses the longer variant or the middle box changes the header length, 
the server notices that the packet has an invalid EDO options.
So, the server falls back to non-EDO mode as mentioned in this part.

---8<---
   >> The EDO Extension option MAY be used only if confirmed when the
   connection transitions to the ESTABLISHED state, e.g., a client is
   enabled after receiving the EDO Supported option in the SYN/ACK and
   the server is enabled after seeing the EDO Extension option in the
   final ACK of the three-way handshake. If either of those segments
   lacks the appropriate EDO option, the connection MUST NOT use any
   EDO options on any other segments.
---8<---


If the server accepts the packet and 3WHS completes, EDO is disabled at 
the server but enabled at the client.
The server will sends an ACK for the (originally 4th) segment without EDO, 
but the segment will be discarded at the client side.
In this case, the client cannot receive any ACK and data from the server.

So, I think the following parts MUST be applied to the final ACK of 3WHS as well.
It would be helpful to clarify that we MUST NOT complete 3WHS with an invalid EDO.

---8<---
   >> The EDO Header Length MUST be at least as large as the TCP Data
   Offset field of the segment in which they both appear. When the EDO
   Header Length equals the Data Offset length, the EDO Extension
   option is present but it does not extend the option space. When the
   EDO Header Length is invalid, the TCP segment MUST be silently
   dropped.
...
   >> When an endpoint receives a segment using the 6-byte EDO
   Extension option, it MUST validate the Segment_Length field with the
   length of the segment as indicated in the TCP pseudoheader. If the
   segment lengths do not match, the segment MUST be discarded and an
   error SHOULD be logged in a rate-limited manner.
---8<---


Also, after that, client may send out another packet for retransmission and 
newly queued data.
On the server side, EDO is disabled, but the packet will be processed ignoring
only EDO option.
Then, options after 60 bytes would be recv()ed accidentally by user.

---8<---
   >> If EDO has not been negotiated and agreed, the EDO Extension
   option MUST be silently ignored on subsequent segments.
---8<---

I think this behaviour is not intended.
So, I think it's better to make it clear that what MUST be ignored should be
the whole segment, instead of EDO Extension option.

v2.23.0 | Report a Bug | By Email