IETF Logo Mail Archive

Re: [tsvwg] Discarding the UDP surplus area when protocol-agnostic checksum offload is used

Gorry Fairhurst <gorry@erg.abdn.ac.uk> Tue, 30 April 2024 07:16 UTC

Return-Path: <gorry@erg.abdn.ac.uk>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A04EFC14F6E2; Tue, 30 Apr 2024 00:16:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E-B6WQyApXeF; Tue, 30 Apr 2024 00:16:43 -0700 (PDT)
Received: from pegasus.erg.abdn.ac.uk (pegasus.erg.abdn.ac.uk [137.50.19.135]) by ietfa.amsl.com (Postfix) with ESMTP id 939BAC14F696; Tue, 30 Apr 2024 00:16:41 -0700 (PDT)
Received: from [192.168.1.81] (fgrpf.plus.com [212.159.18.54]) by pegasus.erg.abdn.ac.uk (Postfix) with ESMTPSA id B5E6A1B00213; Tue, 30 Apr 2024 08:16:34 +0100 (BST)
Message-ID: <39d47d13-53f7-44aa-945b-016abea1b8de@erg.abdn.ac.uk>
Date: Tue, 30 Apr 2024 08:16:33 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-GB
To: "C. M. Heard" <heard@pobox.com>, Tom Herbert <tom@herbertland.com>
Cc: tsvwg <tsvwg@ietf.org>, draft-ietf-tsvwg-udp-options.all@ietf.org
References: <CAEh=tcd2FzQxgbSivuX2cEg2FpsnkoqdFw5gMhrx3pkT_JV88Q@mail.gmail.com> <2BEB5CC3-BB54-4119-A20F-8497ED4B5AE2@erg.abdn.ac.uk> <CAEh=tccKg7YHYkwKZ978uaXmTkBu3zyA+WBAW=eBMKAh2PSVDw@mail.gmail.com> <b7f7b836-c625-445d-bd38-f5ed8f4ba757@huitema.net> <CALx6S34=5CCDY_Wj1+9Moj0NMnZr=gBjpT3NBfom6r6oouGJEw@mail.gmail.com> <CACL_3VG4i+BYZuyDs5pf-t-e8DicU2s=6v6JZCuVSrYFew+wQQ@mail.gmail.com>
From: Gorry Fairhurst <gorry@erg.abdn.ac.uk>
Organization: UNIVERSITY OF ABERDEEN
In-Reply-To: <CACL_3VG4i+BYZuyDs5pf-t-e8DicU2s=6v6JZCuVSrYFew+wQQ@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/3Tz3DnnWX62giC-GEy316YA7RQM>
Subject: Re: [tsvwg] Discarding the UDP surplus area when protocol-agnostic checksum offload is used
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Apr 2024 07:16:46 -0000

On 29/04/2024 22:11, C. M. Heard wrote:
> On Tue, Apr 9, 2024 at 8:17 AM Tom Herbert wrote:
> > In current host stack implementation, when a UDP packet is received
> > with surplus area we truncate the packet down to UDP Length and
> > otherwise ignore the surplus area bits. Are you suggesting that the
> > default behavior should be to drop packets with a UDP surplus area?
> >
> > IMO, this might be worth considering. I agree that this would tighten
> > security. Also, I would point out that even truncating the surplus
> > area like we do today is not without cost. If we are doing protocol
> > agnostic checksum offload, the preferred method, then we need to
> > compute the checksum over the surplus area when truncating and so we
> > do this in the CPU. For a large surplus area this can burn a lot of
> > cycles to process data that is useless to the receiver; conceivably,
> > this could be a basis for a DoS attack on CPU resources.
>
> Hi Tom,
>
> One question that I have is whether existing host stack implementations
> that use protocol-agnostic checksum offload typically do go to the
> trouble of computing the compensating checksum for the surplus area,
> which of course is identical to the OCS computation specified in the
> UDP Options spec. The main motivation for why OCS is specified in
> that way is because of the bugs found in middleboxes that erroneously
> use the IP Payload Length rather than the UDP Length to calculate the
> UDP checksum. The bug also seems to afflict some end systems. See:
>
> https://datatracker.ietf.org/meeting/103/materials/slides-103-maprg-a-tale-of-two-checksums-tom-jones
>
> https://tma.ifip.org/2020/wp-content/uploads/sites/9/2020/06/tma2020-camera-paper70.pdf
>
> In end systems affected by this bug, one side effect would be that
> packets with a correct UDP checksum and UDP options with a properly
> calculated OCS would be accepted by tsuch systems, whereas arbitrary
> packets with a non-empty surplus area likely would not!
>
> Mike Heard

The method in the above TMA paper was derived specifically as input for 
UDP Options, when we did the work, we were not aware of any other 
implementations or analysis of this.

Best wishes,

Gorry

v2.39.1 | Report a Bug | By Email | System Status