IETF Logo Mail Archive

Re: [tsvwg] Alternative version of the UDP FRAG option

Gorry Fairhurst <gorry@erg.abdn.ac.uk> Tue, 19 March 2019 08:28 UTC

Return-Path: <gorry@erg.abdn.ac.uk>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE0461311FA for <tsvwg@ietfa.amsl.com>; Tue, 19 Mar 2019 01:28:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AMic-mz_3R7l for <tsvwg@ietfa.amsl.com>; Tue, 19 Mar 2019 01:28:16 -0700 (PDT)
Received: from pegasus.erg.abdn.ac.uk (pegasus.erg.abdn.ac.uk [IPv6:2001:630:42:150::2]) by ietfa.amsl.com (Postfix) with ESMTP id EAB161311F6 for <tsvwg@ietf.org>; Tue, 19 Mar 2019 01:28:15 -0700 (PDT)
Received: from Gs-MacBook-Pro.local (fgrpf.plus.com [212.159.18.54]) by pegasus.erg.abdn.ac.uk (Postfix) with ESMTPSA id 8EE191B0013A; Tue, 19 Mar 2019 08:28:11 +0000 (GMT)
Message-ID: <5C90A81A.8050409@erg.abdn.ac.uk>
Date: Tue, 19 Mar 2019 08:28:10 +0000
From: Gorry Fairhurst <gorry@erg.abdn.ac.uk>
Reply-To: gorry@erg.abdn.ac.uk
Organization: University of Aberdeen
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: Tom Herbert <tom@herbertland.com>
CC: tsvwg <tsvwg@ietf.org>
References: <CACL_3VE1=0OORUuOKg9GjcdVuhBNTkWhymE7PAs5WYO0ZR0DWQ@mail.gmail.com> <CALx6S37y_AbESyX5PcCSu7NEr-uPVrPXksEeAx5aSNAyqshL6Q@mail.gmail.com> <CACL_3VFJTxM3s-GLOTz9xmkNk1uOQoCmAGApbAf1ZgbH3Opptw@mail.gmail.com> <CALx6S36aWKHFXO=Zx8W-wFqqC5-Oueb3j-b9evm-yKpfguVQuw@mail.gmail.com> <5C8FBBED.7000805@erg.abdn.ac.uk> <CALx6S34FKNJ_6Ep659L3t_Kf4bnEKZ5LTjXo-zWz4PrveU_UVA@mail.gmail.com> <CALx6S37MsCmOOsn0bnHoTwJkN7Khfm03z__W4hhy7c29XuvQHw@mail.gmail.com> <5C8FDEED.8010701@erg.abdn.ac.uk> <CALx6S36fQcRdgvCG3XS78EecFjdb36D22iBzovXcODH_W+BHbg@mail.gmail.com>
In-Reply-To: <CALx6S36fQcRdgvCG3XS78EecFjdb36D22iBzovXcODH_W+BHbg@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/3D8-WBZcvxfIyoKwparQ45xTUgE>
Subject: Re: [tsvwg] Alternative version of the UDP FRAG option
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Mar 2019 08:28:19 -0000

Tom, I don't agree with some of this...

On 18/03/2019, 20:54, Tom Herbert wrote:
> On Mon, Mar 18, 2019 at 11:10 AM Gorry Fairhurst<gorry@erg.abdn.ac.uk>  wrote:
>> On 18/03/2019, 16:27, Tom Herbert wrote:
>>> On Mon, Mar 18, 2019 at 8:58 AM Tom Herbert<tom@herbertland.com>   wrote:
>>>> On Mon, Mar 18, 2019 at 8:40 AM Gorry Fairhurst<gorry@erg.abdn.ac.uk>   wrote:
>>>>> I think I missed something between these emails....
>>>>>
>>>>> On 18/03/2019, 15:13, Tom Herbert wrote:
>>>>>> On Mon, Mar 18, 2019 at 7:43 AM C. M. Heard<heard@pobox.com>    wrote:
>>>>>>> On Sat, Mar 16, 2019 at 9:06 AM Tom Herbert wrote:
>>>>>>>> Thinking about this, it occurs to me be that the LITE option isn't
>>>>>>>> needed. The assumption in the UDP options draft is that a receiver
>>>>>>>> needs the UDP payload to immediately follow the UDP header, but the
>>>>>>>> UDP payload can be anywhere in the surplus area as long as it's
>>>>>>>> aligned to four bytes. A receiver will know how to handle it and
>>>>>>>> deliver the UDP data to the application (e.g. by maintaining a pointer
>>>>>>>> to the data).
>>>>>>>>
>>>>>>>> So that allows a format like:
>>>>>>>>
>>>>>>>> UDP header (Length=8) | Surplus area header | Options | Payload
>>>>>>>>
>>>>>>>> The surplus area header contains the header length and a checksum
>>>>>>>> covering the surplus space (four bytes altogether). The three headers
>>>>>>>> can thought of as an extended UDP header, so the format becomes:
>>>>>>>>
>>>>>>>> Extended UDP header | Payload
>>>>>>>>
>>>>>>>> Which looks a whole lot like any other protocol format with a variable
>>>>>>>> length header such as TCP or IPv4.
>>>>>>> A major downside to this approach is that is does not let you add
>>>>>>> "optional to process" options such as MSS, Echo Request, and Echo
>>>>>>> Response to UDP datagrams that are intended to be processed normally
>>>>>>> by legacy receivers that do not understand UDP options or the extended
>>>>>>> UDP header format. You can do that with the option trailer as
>>>>>>> currently proposed.
>>>>> Right, so this really re-designs UDP as a sublayer to another transport.
>>>>> To me, this looks very like an encaps like DCCP-in-UDP or GRE-in-UDP,
>>>>> etc. So this isn't an "option" it's an encapsulation.
>>>>>> Mike,
>>>>>>
>>>>>> The converse is also true. We can't put options in a trailer that
>>>>>> *must* be processed by the receiver (fragmentation, compression,
>>>>>> security, etc.).
>>>>>>
>>>>>> Tom
>>>>> Why this? I thought that if you make a request to negotiate to use say
>>>>> enhanced integrity checking or some security option, then you can
>>>>> require the option to be present at the receiver?
>>>> Gorry,
>>>>
>>>> How does negotiation work with a transport protocol that is stateless?
>>>> Negotiation implies state is maintained between two endpoints.
>>>>
>>> Also, if there is a negotiation then there communicating endpoint is
>>> known to not be a legacy receiver so the extended header can be used.
>>> Then if the packet is received by some other legacy node (e.g. because
>>> of VIP, address corruption, peer rebooted and state is lost) the
>>> packet is "dropped" (a zero length UDP datagram is received by the
>>> peer).
>>>
>>> Tom
>> So I wa sthinking that the app "knows" what is "negotiated". It could be
>> that the app decides it needs security or enhanced integrity check and
>> therfore configures to add this at the sender and check at the receiver.
>> Whether this "knowing" is hard-coded or uses an upper layer handshake
>> isn't so significant to me. An upper layer handshake/protocol could also
>> include some sort of fall-back.
>>
>> For an apps that is itself stateless it just has to be designed to use a
>> UDP Option or not. In the same way that it chooses TCP or could use SCTP
>> etc.
> Gorry,
>
> If negotiation is an integral mechanism in UDP options then we really
> need the specification for it.
I'm really unsure we need much extra.
> For important options received in a packet (frag, security, integrity
> check, etc.) the requirements are straightforward: either the option
> is processed and appropriately verified, or the packet must be
> dropped. An alternative that allows a receiver to just ignore them and
> still receive the data like nothing happened is a non-starter.
>
> For UDP options this means:
>
> 1. If there are important UDP options present then the receiver must
> process the option space or drop the packet. For this reason,
> important options cannot be in trailers (legacy mode in UDP options
> draft).
I don't think this is correct.
> 2. If there is an important option that is unknown to the receiver or
> can't be processed by the receiver then the packet must be dropped. In
> other protocols (e.g. DO, HBH options in IPv6) the option type
> includes an indication of what to do if type is unknown to the
> receiver (basically skip option or drop).
That makes sense at the network layer - e.g. where a tunnel
does not know what is being transported.

For UDP Options, that operate on endpoints, I can't figure out
why coding for a sending app would add an option and code
for a receiving app would not be correspondingly updated. If they
are different versions of the endpoint code, then that's an app
problem.
> UDP options should adopt this.
You may think so, I don't.
> 3. Important options themselves need to be protected. We can't allow a
> single bit corruption to make an important option just disappear. This
> is a motivation for options to always be covered by a checksum. There
> is a peculiarity that should be documented in that the checksum might
> be used to protect an option holding a stronger integrity check (like
> a CRC option).
If the app relies on the option - then it will look for it, and discard when
it is not found. That includes if you look for a CRC. The code we have
simply throws the packet when expecting a CRC and not finding one,
as if the CRC were wrong. The checksum provides a pre-check including
the pseudo-header.

If the options space is corrupted then the UDP packet should be thrown
away. (OK, one could have LITE
> Tom
Gorry
>>>> Tom
>>>>
>>>>> Am I misunderstanding something?
>>>>>
>>>>> Gorry
>>>>>>> Mike Heard
>> Gorry
>>

v2.23.0 | Report a Bug | By Email