IETF Logo Mail Archive

[tsvwg] LITE+FRAG UDP CS=0 (was Re: OCS option in draft-ietf-tsvwg-udp-options-07)

Derek Fawcus <dfawcus+lists-tsvwg@employees.org> Mon, 11 March 2019 23:28 UTC

Return-Path: <dfawcus@employees.org>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CEE24124184 for <tsvwg@ietfa.amsl.com>; Mon, 11 Mar 2019 16:28:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xuk5QvcieMR9 for <tsvwg@ietfa.amsl.com>; Mon, 11 Mar 2019 16:28:22 -0700 (PDT)
Received: from bugle.employees.org (accordion.employees.org [198.137.202.74]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EA087128B77 for <tsvwg@ietf.org>; Mon, 11 Mar 2019 16:28:22 -0700 (PDT)
Received: by bugle.employees.org (Postfix, from userid 1736) id 605B6FECC035; Mon, 11 Mar 2019 23:28:22 +0000 (UTC)
Date: Tue, 12 Mar 2019 00:28:22 +0100
From: Derek Fawcus <dfawcus+lists-tsvwg@employees.org>
To: tsvwg <tsvwg@ietf.org>
Message-ID: <20190311232822.GA31999@bugle.employees.org>
References: <CACL_3VFg-EWCYHZ4+kYV30vjNzPs90ysAu5SCdLNb+9OPxE+3g@mail.gmail.com> <B1D19ABC-428B-42D8-AE97-BF3B967B1140@strayalpha.com> <20190311221839.GA92478@bugle.employees.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20190311221839.GA92478@bugle.employees.org>
User-Agent: Mutt/1.11.1 (2018-12-01)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/1VKLXrXszniumBjfXcdA2HY_GxY>
Subject: [tsvwg] LITE+FRAG UDP CS=0 (was Re: OCS option in draft-ietf-tsvwg-udp-options-07)
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Mar 2019 23:28:25 -0000

On Mon, Mar 11, 2019 at 11:18:39PM +0100, Derek Fawcus wrote:
> 
> Actually, my original thought here (which I then culled), was to have another
> option, or ACS.  That other option would encode the current style of checksum,
> so for concerns about CPU cost of using CRC, we could mitigate it.
> 
> What I had in mind was an option containing two 16 bit fields, one would
> encode the partial-checksum for the pseudo-header as the originator sent
> it, the other the partial-checksum for the original UDP payload.
> 
> e.g.:  [ Type = Frag-Chks | Len | part-phdr-chk | part-data-chk ]
>   
> That way the receiver can recover from any NAT mangling of the packet which
> would otherwise mess with the checksum calculation.
> 
> i.e. for the UDP portion, assuming the packet was encoded with UDP CS=0
> 
>   1. Calculate partial checksum for pseudo-header as received
>   2. Compare to option part-phdr-chk
>   2a. If equal verify UDP data against part-data-chk
>   2b. If differ verify UDP data against part-data-chk + (part-phdr-chk - phdr-chk)

It might help to explain my line of reasoning here..

My first idea for using UDP CS=0 for LITE+FRAG was simply to move
the original UDP CS in to an option.

i.e. the host stack would operate as normal, building its UDP header.
Then during building the options area, it would copy the
UDP CS in to an option (call it the Moved Checksum - MCS),
and zero the CS in the UDP header.

So we end up with something like:

  [Kind=MCS|Len=4|16 bit checksum]

Then I realised this would be broken by NATs.

Hence concluding one would have to also carry the partial
checksum for the original pseudo-header
(i.e. src-ip/dst-ip/src-port/dst-port/proto) such that
NAT manipulations can be compensated for:

  [Kind=MCS|Len=6|16 bit part-phdr-chk|16 bit original-chk]

So the processing on the TX side to generate that is no
more costly, the RX side would have a bit more work.

Conceptually generating:

  new-chk = original-chk - (part-phdr-chk - rx-phdr-chk)

Then writing that over the UDP CS field, before passing the
packet in to the original receive / validate routine.

Sending two partial checksums is just another way of achieving
the same effect.  Maybe the moved version is clearer?

Since we know that this checksum is for the pseudo-header
and UDP header alone, with len=0 and no carried data;
I'm just wondering now if that can be improved?

DF

v2.23.0 | Report a Bug | By Email