[tcpm] review of rev 14 of RFC 793 bis part 2 of 2 - Technical Comments & Questions
Gorry Fairhurst <gorry@erg.abdn.ac.uk> Wed, 28 August 2019 15:39 UTC
Return-Path: <gorry@erg.abdn.ac.uk>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 766D61200E6 for <tcpm@ietfa.amsl.com>; Wed, 28 Aug 2019 08:39:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cDGCKGoGvXWs for <tcpm@ietfa.amsl.com>; Wed, 28 Aug 2019 08:39:52 -0700 (PDT)
Received: from pegasus.erg.abdn.ac.uk (pegasus.erg.abdn.ac.uk [137.50.19.135]) by ietfa.amsl.com (Postfix) with ESMTP id 411FC12000F for <tcpm@ietf.org>; Wed, 28 Aug 2019 08:39:52 -0700 (PDT)
Received: from MacBook-Pro-5.local (fgrpf.plus.com [212.159.18.54]) by pegasus.erg.abdn.ac.uk (Postfix) with ESMTPSA id E15531B00067; Wed, 28 Aug 2019 16:39:48 +0100 (BST)
Message-ID: <5D66A044.3060904@erg.abdn.ac.uk>
Date: Wed, 28 Aug 2019 16:39:48 +0100
From: Gorry Fairhurst <gorry@erg.abdn.ac.uk>
Reply-To: gorry@erg.abdn.ac.uk
Organization: University of Aberdeen
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: gorry@erg.abdn.ac.uk
CC: "tcpm@ietf.org" <tcpm@ietf.org>
References: <5D669BDA.3000506@erg.abdn.ac.uk>
In-Reply-To: <5D669BDA.3000506@erg.abdn.ac.uk>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/hLg8r1xu8tp6TcpW8br_YmwA3hw>
Subject: [tcpm] review of rev 14 of RFC 793 bis part 2 of 2 - Technical Comments & Questions
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Aug 2019 15:39:56 -0000
I promised to provide review comments for rev 14 of RFC 793 bis. This review comes in two parts, the second (this) contains what I think are issues and questions about how to express the document intention. best wishes, Gorry --- Technical Issues. --- Section 2 - OLD: Anycast applications exist that successfully use TCP without modifications, though there is some risk of instability due to rerouting. - Why "rerouting" rather than any other "change of forwarding behaviour", I'd have expected this for instance after an ECMP rehash, or any L2 policy change. --- Section 3 - OLD: Reserved for future use. Must be zero in generated segments and must be ignored in received segments, if corresponding future features are unimplemented by the sending or receiving host. - why is this not an RFC2119 requirement to set and check the reserve fields, this would seem much more normal and the receiver behaviour at least is required? --- Section 3 - OLD: If a segment contains an odd number of header and text octets to be checksummed, the last octet is padded on the right with zeros to form a 16 bit word for checksum purposes. - why is this not an RFC2119 requirement to insert the padding, this seems required for correctness? --- OLD: This option code may be used between options, for example, to align the beginning of a subsequent option on a word boundary. - this seems like a RFC2119 "MAY", since it specifies permission to include this. --- OLD: There is no guarantee that senders will use this option, so receivers must be prepared to process options even if they do not begin on a word boundary. - this seems like a RFC2119 "MUSR", since it specifies requirement to process this. --- Section 3.1- OLD (on MSS): This field may be sent in the initial connection request (i.e., in segments with the SYN control bit set) and must not be sent in other segments. -this seems like a RFC2119 "MUST NOT", since it specifies this as illegal. --- OLD: However, even when the receive window is zero, a TCP must process the RST and URG fields of all incoming segments. -- arguably a RFC2119 "MUST", since it specifies a requirement. NEW: A TCP receiver MUST process the RST and URG fields of all incoming segments, even when the receive window is zero. --- OLD, Section: " Initial Sequence Number Selection" - This I think needs to refer to "Defending against Sequence Number Attacks" in RFC 6528, which formally updated RFC793. I question - if the RFC793 text is safe and correct. - In reviewing this, please also fix "cryptographic has of the concatenation" --- OLD, Section: " The TCP Quiet Time Concept" - Found this section quite amusing. Is this concept widely implemented in stacks? - The examples given need updated, for instance one example starts "At 2 megabits/sec. it takes 4.5 hours to", clearly at 10 Gbps this line of thinking becomes problematic. - There is an odd sentence that states: "In the absence of knowledge about the sequence numbers used on a particular connection, the TCP specification recommends that the source delay for MSL seconds before emitting segments on the connection, to allow time for segments from the earlier connection incarnation to drain from the system." - how would the "source" know the MSL rather than use the Internet default? - To me, this section raises many questions about whether this is best current practice. --- OLD: As a general rule, reset (RST) must be sent whenever... - I can't fathom what was intended, isn't this a RFC2119 SHOULD? --- OLD: SYNs addressed to a non-existent connection are rejected by this means. - Is that a complicated way of saying an RST is sent, or is it something else, please clarify, is the word "addressed" correct here? Could this be rewritten as a "SYN segment that does not match an existing connection..." - This then leads me to ask why this does not refer to SYN cookies? --- OLD: any unacceptable segment (out of window sequence number or unacceptable acknowledgment number) must elicit only an empty acknowledgment segment containing - what does "elicit" mean here and what is an empty ACK segment? --- OLD: We assume that the TCP will signal a user, even if no RECEIVEs are outstanding, that the other side has closed, so the user can terminate his side gracefully. - what is this about? - is the language of single user appropriate? and what does gracefully actually mean? --- OLD: Users must keep reading connections they close for sending until the TCP says no more data. - Is that specifying application behaviour? and how does it "say", please rephrase. --- OLD: The MSS value to be sent in an MSS option must be less than or equal to: - is this a RFC2119 requirement? --- OLD: As a result, when the effective MTU of an interface varies, TCP SHOULD use the smallest effective MTU of the interface to calculate the value to advertise in the MSS option (SHLD-6). - what does "varies" mean here? The MSS is computed when the SYN is exchanged is this actually just: NEW: When multiple IP interfaces have different effective MTUs, TCP SHOULD use the smallest effective MTU of the interface to calculate the value to advertise in the MSS option (SHLD-6). --- OLD: 3.7.5. IPv6 Jumbograms In order to support TCP over IPv6 jumbograms, implementations need to be able to send TCP segments larger than the 64KB limit that the MSS option can convey. RFC 2675 [6] defines that an MSS value of 65,535 bytes is to be treated as infinity, and Path MTU Discovery [3] is used to determine the actual MSS. - This was discussed in the 6Man WG in Montreal, and while there was no consensus reached to obsolete jumbograms, there was encouragement to ensure that specs describe jumbo grams appropriate, rather than suggesting support is required. In this sense, I recommend adding something like: NEW: The Jumbo Payload option need not be implemented or understood by IPv6 nodes that do not support attachment to links with a MTU greater than 65,575 [RFC2675], and the present IPv6 Node Requirements does not include support for Jumbograms [RFC8504]. --- Section 3.8.1 OLD: If a retransmitted packet is identical to the original packet (which implies not only that the data boundaries have not changed, but also that the window and acknowledgment fields of the header have not changed), then the same IP Identification field MAY be used (see Section 3.2.1.5 of RFC 1122) (MAY-4). - What is this MAY about? Is it about the IPv4 IPID field and is that really important for a TCP spec? --- Section 3.8.3 OLD: pass negative advice (see [14] Section 3.3.1.4) to the IP layer, to trigger dead-gateway diagnosis. - Is this still best current practice? - If so please explain and cite RFCs. --- OLD: (e) TCP SHOULD inform the application of the delivery problem (unless such information has been disabled by the application; see Asynchronous Reports section), when R1 is reached and before R2 (SHLD-9). This will allow a remote login (User Telnet) application program to inform the user, for example. - Is this still best current practice? - If so please is there a ref?. --- OLD: (e) TCP SHOULD inform the application of the delivery problem (unless such information has been disabled by the application; see Asynchronous Reports section), when R1 is reached and before R2 (SHLD-9). This will allow a remote login (User Telnet) application program to inform the user, for example. - Is this still best current practice? --- OLD: The value of R1 SHOULD correspond to at least 3 retransmissions, at the current RTO (SHLD-10). The value of R2 SHOULD correspond to at least 100 seconds (SHLD-11). - Is this still best current practice? --- Section 3.8.6.3 Delayed ACK. OLD: and in a stream of full-sized segments there SHOULD be an ACK for at least every second segment (SHLD-19). - Delayed ACK is specified in RFC1122 as: "...and in a stream of full-sized segments there SHOULD be an ACK for at least every second segment." Although correct, this does not specify a behaviour when segments are not "full-sized". When asked by people, I have think this should be something like: NEW: "the receiver SHOULD send an ACK when the data needing acknowledgment corresponds to no more than two full-sized (MSS) segments." --- Section 3.9 - Section 3.1 of RFC8303 also identifies primitives provided by TCP and could be used as a an additional reference to the primitives outside of the stylised version presented in RFC793. --- OLD: We assume that the local TCP is aware of the identity of the processes it serves and will check the authority of the process to use the connection specified.... These considerations are the result of concern about security, to the extent that no TCP be able to masquerade as another one, and so on. Similarly, no process can masquerade as another without the collusion of the TCP. - Is this still meaningful. What does "aware of the identity" mean? and what does the stack will "check the authority" mean? - I don't6 have a clue what "no TCP be able to masquerade as another one" means. - Please supply text of remove this. --- OLD: set includes experimental options that can be extended to support multiple concurrent uses [34]. and OLD: A TCP that supports multiple concurrent users MUST provide an OPEN call that will functionally allow an application to LISTEN on a port while a connection block with the same local port is in SYN-SENT or SYN-RECEIVED state (MUST-42). - what does this mean in today's process architecture with off-loading, multiple cores etc? - I think the requirement remains, but the text needs changed. --- OLD: Any other control or text-bearing segment (not containing SYN) must have an ACK and thus would be discarded by the ACK processing. An incoming RST segment could not be valid, since it could not have been sent in response to anything sent by this incarnation of the connection. So you are unlikely to get here, but if you do, drop the segment, and return. - what is a text bearing segment? - "So you are unlikely to get here, but if you do," ... sounds like a source code comment rather than a spec in 2020! ---
- [tcpm] review of rev 14 of RFC 793 bis part 1 of … Gorry Fairhurst
- [tcpm] review of rev 14 of RFC 793 bis part 2 of … Gorry Fairhurst
- Re: [tcpm] review of rev 14 of RFC 793 bis part 2… Joe Touch
- Re: [tcpm] review of rev 14 of RFC 793 bis part 2… Joe Touch
- Re: [tcpm] review of rev 14 of RFC 793 bis part 2… Gorry Fairhurst
- Re: [tcpm] review of rev 14 of RFC 793 bis part 2… Gorry Fairhurst
- Re: [tcpm] review of rev 14 of RFC 793 bis part 1… Wesley Eddy
- Re: [tcpm] review of rev 14 of RFC 793 bis part 1… Gorry Fairhurst
- Re: [tcpm] review of rev 14 of RFC 793 bis part 1… Rodney W. Grimes
- Re: [tcpm] review of rev 14 of RFC 793 bis part 1… Wesley Eddy
- Re: [tcpm] review of rev 14 of RFC 793 bis part 1… Jonathan Morton
- Re: [tcpm] review of rev 14 of RFC 793 bis part 1… Rodney W. Grimes
- [tcpm] 793bis: TCP Quiet Time Wesley Eddy
- Re: [tcpm] 793bis: TCP Quiet Time Yuchung Cheng
- Re: [tcpm] 793bis: TCP Quiet Time Neal Cardwell
- Re: [tcpm] 793bis: TCP Quiet Time Matt Mathis
- Re: [tcpm] 793bis: TCP Quiet Time Joe Touch
- [tcpm] 793bis: variable MTU Wesley Eddy
- [tcpm] 793bis: reset generation section Wesley Eddy
- [tcpm] 793bis: IPv6 jumbograms Wesley Eddy
- [tcpm] 793bis: IP ID Wesley Eddy
- Re: [tcpm] 793bis: IP ID David Borman
- Re: [tcpm] 793bis: variable MTU Gorry Fairhurst
- Re: [tcpm] 793bis: IP ID Gorry Fairhurst
- Re: [tcpm] 793bis: IP ID Michael Tuexen
- Re: [tcpm] 793bis: TCP Quiet Time Matt Mathis
- [tcpm] 793bis: dead gateway detection Wesley Eddy
- [tcpm] 793bis: delayed ACKs Wesley Eddy
- Re: [tcpm] 793bis: IP ID David Borman
- Re: [tcpm] 793bis: IP ID Joe Touch
- Re: [tcpm] 793bis: IP ID David Borman
- Re: [tcpm] 793bis: IP ID Joe Touch
- Re: [tcpm] 793bis: IP ID Joe Touch
- Re: [tcpm] 793bis: delayed ACKs Yuchung Cheng
- Re: [tcpm] 793bis: TCP Quiet Time Joe Touch
- Re: [tcpm] 793bis: TCP Quiet Time Fernando Gont
- Re: [tcpm] 793bis: IP ID Fernando Gont
- Re: [tcpm] 793bis: IP ID Joe Touch
- Re: [tcpm] 793bis: TCP Quiet Time Matt Mathis
- Re: [tcpm] 793bis: TCP Quiet Time Fernando Gont
- Re: [tcpm] 793bis: TCP Quiet Time Fernando Gont
- Re: [tcpm] 793bis: IP ID Gorry Fairhurst
- Re: [tcpm] 793bis: IP ID Fernando Gont
- Re: [tcpm] 793bis: IP ID Joe Touch
- Re: [tcpm] 793bis: IP ID Fernando Gont
- Re: [tcpm] 793bis: IP ID Joe Touch
- Re: [tcpm] 793bis: IP ID Fernando Gont
- Re: [tcpm] 793bis: IP ID Joe Touch