Re: [tcpm] ECN++ control packet handling

Bob Briscoe <> Tue, 09 February 2021 15:48 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 4728A3A0E7F; Tue, 9 Feb 2021 07:48:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.432
X-Spam-Status: No, score=-1.432 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Hzf6u5t6L8Sb; Tue, 9 Feb 2021 07:48:56 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 1A7373A0E4B; Tue, 9 Feb 2021 07:48:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;; s=default; h=Content-Type:In-Reply-To:MIME-Version:Date: Message-ID:Cc:From:References:To:Subject:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=SX4YueNZikv3e41Z3J1Ix2CsbEmSBLHyzqqm29MlFsI=; b=79UHRn/87IBOy79TzkSj1ItlF T0UjvqsLIQIZoFnXmCLg/DFV1zPV55FNF+dfz39oH+6pgfrZHQ/FvET6ZSl/mUmNbt8zltd6lWJPP PZD8HoaiQBGEZ7ZzM+C+2kZoXm1VzAfAAtpsUesoyvVekSNgMHESN+f2oA54NSy2YP6tsQVuZh3gj T4dtfCYRtVq8hBEm9ZeWW2+5SkrGW00xJqmzvjG4QOtOUaP8c0P7oX77kHNfbF2nSEBIIuLAfCSMT s9rtQQ/WnxY15T1a8HhRjhGkUUFMUrDF0A6S18spQ6PxbRCynZ5mRbHGnnj2suvNkR5MljYOo/Kqb J+3pb6Bfw==;
Received: from ([]:47862 helo=[]) by with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.93) (envelope-from <>) id 1l9VG2-0006Yp-1u; Tue, 09 Feb 2021 15:48:54 +0000
To: "Scheffenegger, Richard" <>
References: <>
From: Bob Briscoe <>
Cc: "" <>,
Message-ID: <>
Date: Tue, 09 Feb 2021 15:48:52 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: multipart/alternative; boundary="------------36BD4DBD4350BADC1EFAF0CF"
Content-Language: en-GB
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname -
X-AntiAbuse: Original Domain -
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain -
X-Get-Message-Sender-Via: authenticated_id:
Archived-At: <>
Subject: Re: [tcpm] ECN++ control packet handling
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 09 Feb 2021 15:48:58 -0000


Good point. Thanks for noticing this potential implementation pit-fall.

In my local copy of the ECN++ draft I have added the following to the 
end of "3.2.6 RST (Send)":

+ Implementers SHOULD ensure that RST packets (and control packets

+ generally) are always sent out with the same ECN field regardless of

+ the TCP state machine. Otherwise the ECN field could reveal internal

+ TCP state. For instance, the ECN field on a RST ought not to reveal

+ any distinction between a non-listening port, a recently in-use

+ port, and a closed session port.

And I've added this to the end of Security Considerations:

+ Section 3.2.6 on sending TCP RSTs points out

+ that implementers need to take care to ensure that the ECN field on a

+ RST does not depend on TCP's state machine. Otherwise the internal

+ information revealed could be of use to potential attackers. This point

+ applies more generally to all control packets, not just RSTs.

Do you think that's correct / sufficient?



On 08/02/2021 21:03, Scheffenegger, Richard wrote:
> Hi Bob, Marcelo,
> While working on the ecn++ code for fbsd patch, I found that the
> codepath for dealing with out-of-window, past-established and
> non-listening ports is actually quite different there.
> Casually glancing over the draft for ecn++, I didn’t find a reference
> specifically about the handling of RST (non-listening port, vs. closing
> session etc).
> This may need a hint in the security section, that an implementation
> should ensure, that control packets are always sent out with similar
> headers, regardless of the TCP state machine. Otherwise, you could
> potentially leak information (eg. Recently in-use ports) which may be a
> clue to malicious players…
> Richard Scheffenegger
> _______________________________________________
> tcpm mailing list

Bob Briscoe