Re: [tcpm] Please review RFC 1323bis
"Scheffenegger, Richard" <rs@netapp.com> Sun, 04 November 2012 13:23 UTC
Return-Path: <rs@netapp.com>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A554B21F84A4 for <tcpm@ietfa.amsl.com>; Sun, 4 Nov 2012 05:23:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.901
X-Spam-Level:
X-Spam-Status: No, score=-9.901 tagged_above=-999 required=5 tests=[AWL=-0.698, BAYES_00=-2.599, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2lsHIC9qLiye for <tcpm@ietfa.amsl.com>; Sun, 4 Nov 2012 05:23:37 -0800 (PST)
Received: from mx2.netapp.com (mx2.netapp.com [216.240.18.37]) by ietfa.amsl.com (Postfix) with ESMTP id C9F2521F8475 for <tcpm@ietf.org>; Sun, 4 Nov 2012 05:23:37 -0800 (PST)
X-IronPort-AV: E=Sophos;i="4.80,710,1344236400"; d="scan'208";a="706872660"
Received: from smtp1.corp.netapp.com ([10.57.156.124]) by mx2-out.netapp.com with ESMTP; 04 Nov 2012 05:23:36 -0800
Received: from vmwexceht05-prd.hq.netapp.com (exchsmtp.hq.netapp.com [10.106.77.35]) by smtp1.corp.netapp.com (8.13.1/8.13.1/NTAP-1.6) with ESMTP id qA4DNaO0008815; Sun, 4 Nov 2012 05:23:36 -0800 (PST)
Received: from SACEXCMBX02-PRD.hq.netapp.com ([169.254.1.165]) by vmwexceht05-prd.hq.netapp.com ([10.106.77.35]) with mapi id 14.02.0318.001; Sun, 4 Nov 2012 05:23:36 -0800
From: "Scheffenegger, Richard" <rs@netapp.com>
To: David Malone <David.Malone@nuim.ie>, Pasi Sarolahti <pasi.sarolahti@iki.fi>
Thread-Topic: [tcpm] Please review RFC 1323bis
Thread-Index: AQHNrT6PEdxq9Hj7Jka5D+UMWSeRQpe/p3sAgBoYkIA=
Date: Sun, 04 Nov 2012 13:23:35 +0000
Message-ID: <012C3117EDDB3C4781FD802A8C27DD4F0D73D873@SACEXCMBX02-PRD.hq.netapp.com>
References: <B12C9C9B-C0ED-4452-86B0-869220F9AB81@iki.fi> <20121018153616.GA77317@marble.hamilton.local>
In-Reply-To: <20121018153616.GA77317@marble.hamilton.local>
Accept-Language: de-AT, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.104.60.114]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "tcpm@ietf.org" <tcpm@ietf.org>
Subject: Re: [tcpm] Please review RFC 1323bis
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 04 Nov 2012 13:23:38 -0000
Hi David, thank you for your comment. As far as I can see, receivers modifying the timestamps as their usage is defined in RFC1323(bis) can really only affect their RTO; either decrease the effective RTO time - leading to increased spurious retransmission timeouts, thus a performance penalty to themselves, or increase the effective RTO time - leading to less timely retransmissions for last resort recovery, again leading to a performance penalty to themselves (assuming the RTTM / RTO mechanism is not severely broken in the sender). >From what I learned, the linux code switched to internal bookkeeping when CUBIC was developed, because TS got repurposed to provide the Cubic epoch time; by modifying the TSecr values, the receiver could modify the epoch time, which in turn resulted in a much faster ramp-up of the senders cwnd than intended. Thus a receiver could actually gain from that modification. However, RFC1323(bis) defines timestamps only for two purposes (PAWS, RTTM for RTO). So, I agree that there exists an attack vector to the RTTM part of RFC1323, but the outcome will be detrimential to the attacker. We do have other drafts in the WG, that deal with timestamps and additional mechanisms using those (draft-scheffenegger-tcpm-timestamp-negotiation and draft-trammell-tcpm-timestamp-interval). I think your concerns are valid, and are discussed in those documents, specifically when timestamps are to be used for mechanisms outside RFC1323 (such as Cubic; Chirp, Ledbat,...). But perhaps some of the text in those drafts should become part of 1323bis at this time? Any opinions? Richard Scheffenegger > -----Original Message----- > From: tcpm-bounces@ietf.org [mailto:tcpm-bounces@ietf.org] On Behalf Of > David Malone > Sent: Donnerstag, 18. Oktober 2012 17:36 > To: Pasi Sarolahti > Cc: tcpm@ietf.org > Subject: Re: [tcpm] Please review RFC 1323bis > > I wonder if the text in Section 4.3 needs modification: > > It is vitally important to use the RTTM mechanism with big windows; > otherwise, the door is opened to some dangerous instabilities due to > aliasing. Furthermore, the option is probably useful for all TCP's, > since it simplifies the sender. > > I believe that Linux hasn't used the echoed timestamp to calculate RTTs > for some years (though I haven't looked at the code recently, Matt Mathis > could probably say). I believe the book-keeping is just done internally, > as much as possible. > > I also wonder if it is worth mentioning the issue of a reciever who echos > modified timestamps? If the timestamps are used without sanity checking, > then the timeout can be controlled by the reciever (without changing the > actual RTT). > > The security section has some comments on middle boxes that remove > timestamp options. I don't know if we need to offer any advice on > scrubbing timestamp options? I haven't heard any problems being caused by > this, so maybe there is nothing to be said. > > David. > _______________________________________________ > tcpm mailing list > tcpm@ietf.org > https://www.ietf.org/mailman/listinfo/tcpm
- [tcpm] Please review RFC 1323bis Pasi Sarolahti
- Re: [tcpm] Please review RFC 1323bis David Malone
- Re: [tcpm] Please review RFC 1323bis Scheffenegger, Richard