[tcpm] 1323bis - PAWS check's problem with reodering on the reverse path

Alexander Zimmermann <alexander.zimmermann@nets.rwth-aachen.de> Thu, 26 March 2009 23:09 UTC

Return-Path: <alexander.zimmermann@nets.rwth-aachen.de>
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 097DA3A69A2 for <tcpm@core3.amsl.com>; Thu, 26 Mar 2009 16:09:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.601
X-Spam-Level:
X-Spam-Status: No, score=-3.601 tagged_above=-999 required=5 tests=[AWL=-1.200, BAYES_00=-2.599, HELO_EQ_DE=0.35, HELO_MISMATCH_DE=1.448, J_CHICKENPOX_26=0.6, J_CHICKENPOX_31=0.6, J_CHICKENPOX_33=0.6, J_CHICKENPOX_35=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T-wm9-sirO7O for <tcpm@core3.amsl.com>; Thu, 26 Mar 2009 16:09:37 -0700 (PDT)
Received: from mta-1.ms.rz.rwth-aachen.de (mta-1.ms.rz.RWTH-Aachen.DE [134.130.7.72]) by core3.amsl.com (Postfix) with ESMTP id 03D6D3A682F for <tcpm@ietf.org>; Thu, 26 Mar 2009 16:09:37 -0700 (PDT)
MIME-version: 1.0
Received: from ironport-out-1.rz.rwth-aachen.de ([134.130.5.40]) by mta-1.ms.rz.RWTH-Aachen.de (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008)) with ESMTP id <0KH4000ZLZ1H5610@mta-1.ms.rz.RWTH-Aachen.de> for tcpm@ietf.org; Fri, 27 Mar 2009 00:10:29 +0100 (CET)
X-IronPort-AV: E=Sophos; i="4.38,429,1233529200"; d="txt'?sig'?scan'208"; a="6194923"
Received: from relay-auth-2.ms.rz.rwth-aachen.de (HELO relay-auth-2) ([134.130.7.79]) by ironport-in-1.rz.rwth-aachen.de with ESMTP; Fri, 27 Mar 2009 00:10:29 +0100
Received: from dhcp-12ac.meeting.ietf.org ([unknown] [130.129.18.172]) by relay-auth-2.ms.rz.rwth-aachen.de (Sun Java(tm) System Messaging Server 7.0-3.01 64bit (built Dec 9 2008)) with ESMTPA id <0KH400IUNZ1FJS20@relay-auth-2.ms.rz.rwth-aachen.de> for tcpm@ietf.org; Fri, 27 Mar 2009 00:10:29 +0100 (CET)
Message-id: <1E6B7C58-4AE4-4B82-B110-F26D8F76F71B@nets.rwth-aachen.de>
From: Alexander Zimmermann <alexander.zimmermann@nets.rwth-aachen.de>
To: David Borman <david.borman@windriver.com>
Content-type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha1"; boundary="Apple-Mail-11--43695090"
Date: Fri, 27 Mar 2009 00:10:26 +0100
X-Pgp-Agent: GPGMail 1.2.0 (v56)
Content-transfer-encoding: 7bit
X-Mailer: Apple Mail (2.930.3)
Cc: tcpm@ietf.org
Subject: [tcpm] 1323bis - PAWS check's problem with reodering on the reverse path
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Mar 2009 23:09:38 -0000

Hi David, hi TCPM Folks,

in the 1323bis draft the PAWS check has a problem (discarding ACKs) if  
reordering is present on the
reverse path and no data is piggybacked. Actually, it's not the PAWS  
check itself, it's the modification
of section 3.4: "Which Timestamp to Echo".

The important parts of the RFC1323 and the draft (in this order) are

---
(2) If Last.ACK.sent falls within the range of sequence numbers
       of an incoming segment:

          SEG.SEQ <= Last.ACK.sent < SEG.SEQ + SEG.LEN

       then the TSval from the segment is copied to TS.Recent;
       otherwise, the TSval is ignored.

---

(2) If:

        SEG.TSval >= TS.recent and SEG.SEQ <= Last.ACK.sent

        then SEG.TSval is copied to TS.Recent; otherwise, it is
        ignored.
---

The addition of "SEG.TSval >= TS.recent" is not important for us at  
moment. As the appendix said,
this check is included for consistency with the PAWS test only.

The relevant paragraph is the change from "SEG.SEQ <= Last.ACK.sent <  
SEG.SEQ + SEG.LEN" to the
reduced form "SEG.SEQ <= Last.ACK.sent". Again, the appendix said that  
this change was made
since the original algorithm to control which timestamp is echoed was  
incorrect in two regards:

(1) It failed to update TSrecent for a retransmitted segment that  
resulted from a lost ACK.

(2) It failed if SEG.LEN = 0.

It's right that the 1323bis algo fix these two problems, however, it's  
introduced the new problem mentioned
already above.

Following situation:
- One-way flow from TCP A to TCP B
- Reordering on the reverse path

Consequence
- TCP A will discard all ACKs with were delayed
- Harmful in the case ABC (RFC 3465) is off, since we count ACKs for  
slow-start and congestion avoidance

Examples are attached.

Alex

//
// Dipl.-Inform. Alexander Zimmermann
// Department of Computer Science, Informatik 4
// RWTH Aachen University
// Ahornstr. 55, 52056 Aachen, Germany
// phone: (49-241) 80-21422, fax: (49-241) 80-22220
// email: zimmermann@cs.rwth-aachen.de
// web: http://www.umic-mesh.net
//