IETF Logo Mail Archive

[tsvwg] Discarding the UDP surplus area when protocol-agnostic checksum offload is used

"C. M. Heard" <heard@pobox.com> Mon, 29 April 2024 21:12 UTC

Return-Path: <heard@pobox.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 91F00C15155A; Mon, 29 Apr 2024 14:12:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.796
X-Spam-Level:
X-Spam-Status: No, score=-2.796 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pobox.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6E4TBxLTscwe; Mon, 29 Apr 2024 14:12:15 -0700 (PDT)
Received: from pb-smtp21.pobox.com (pb-smtp21.pobox.com [173.228.157.53]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0ACAC151536; Mon, 29 Apr 2024 14:12:14 -0700 (PDT)
Received: from pb-smtp21.pobox.com (unknown [127.0.0.1]) by pb-smtp21.pobox.com (Postfix) with ESMTP id A21B31932F; Mon, 29 Apr 2024 17:12:11 -0400 (EDT) (envelope-from heard@pobox.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=pobox.com; h= mime-version:references:in-reply-to:from:date:message-id:subject :to:cc:content-type; s=sasl; bh=Dr8iFeRMr4Sw9X7BnhlnEAJURC/3WInG d54nit1pojY=; b=RfHv7jh8bmpcGuo50JUGmhPwMLSGpH+zKLWZWCfz21s8N3hU Os6gaM/hIOuzRm9/kL/oaWF1MTcnMY4tsQgvuJGPMSdcMTAjGf/KwuBahOC6R9AK jQQmu3Q3BC3+XcRnX/ErweBfWYQ62rr2e6POFXdoTbl7OpDUhLJ/PtTplAs=
Received: from pb-smtp21.sea.icgroup.com (unknown [127.0.0.1]) by pb-smtp21.pobox.com (Postfix) with ESMTP id 9A8071932E; Mon, 29 Apr 2024 17:12:11 -0400 (EDT) (envelope-from heard@pobox.com)
Received: from mail-ed1-f53.google.com (unknown [209.85.208.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pb-smtp21.pobox.com (Postfix) with ESMTPSA id 510B419329; Mon, 29 Apr 2024 17:12:07 -0400 (EDT) (envelope-from heard@pobox.com)
Received: by mail-ed1-f53.google.com with SMTP id 4fb4d7f45d1cf-571ba432477so5229071a12.1; Mon, 29 Apr 2024 14:12:07 -0700 (PDT)
X-Forwarded-Encrypted: i=1; AJvYcCX5MPMu4CMcSjapnxrT5cJs8DQYpC6oCUXVdUdCb1pLr/yVhzkn5nsCSXk6gYA+R/EUSNSbVlcoyxo+NdIZ5wJqamhi78CJ4n3RlEXOoO+IVvMBqixBp3IjP0VyE1ZaIptVzTf8gZAjZdc=
X-Gm-Message-State: AOJu0Yxi7UjeShT8lQNHqJdRPqYNJVsp8El4GKKSjqyWX6fIlCBMY8rz D10nUgkOwByt83AqaHouSrYQZsarnvUWIV+VTwQ33Xi00MOc60BYnXc+3dlExA3zeaBdwjhtTfk 7EujvtYCDMrbzidhvahk9+RzTJiU=
X-Google-Smtp-Source: AGHT+IF/IQtSpQRVctP7Jdo4GNVTeLUUJrSnijhLsoAL9jqF+9Enl1TlY/kPtxuN61mstk+j1AawgvDGBB7hDFtQR7g=
X-Received: by 2002:a50:930e:0:b0:572:3cc4:2dcf with SMTP id m14-20020a50930e000000b005723cc42dcfmr615384eda.14.1714425125159; Mon, 29 Apr 2024 14:12:05 -0700 (PDT)
MIME-Version: 1.0
References: <CAEh=tcd2FzQxgbSivuX2cEg2FpsnkoqdFw5gMhrx3pkT_JV88Q@mail.gmail.com> <2BEB5CC3-BB54-4119-A20F-8497ED4B5AE2@erg.abdn.ac.uk> <CAEh=tccKg7YHYkwKZ978uaXmTkBu3zyA+WBAW=eBMKAh2PSVDw@mail.gmail.com> <b7f7b836-c625-445d-bd38-f5ed8f4ba757@huitema.net> <CALx6S34=5CCDY_Wj1+9Moj0NMnZr=gBjpT3NBfom6r6oouGJEw@mail.gmail.com>
In-Reply-To: <CALx6S34=5CCDY_Wj1+9Moj0NMnZr=gBjpT3NBfom6r6oouGJEw@mail.gmail.com>
From: "C. M. Heard" <heard@pobox.com>
Date: Mon, 29 Apr 2024 14:11:53 -0700
X-Gmail-Original-Message-ID: <CACL_3VG4i+BYZuyDs5pf-t-e8DicU2s=6v6JZCuVSrYFew+wQQ@mail.gmail.com>
Message-ID: <CACL_3VG4i+BYZuyDs5pf-t-e8DicU2s=6v6JZCuVSrYFew+wQQ@mail.gmail.com>
To: Tom Herbert <tom@herbertland.com>
Cc: "Gorry (erg)" <gorry@erg.abdn.ac.uk>, tsvwg <tsvwg@ietf.org>, draft-ietf-tsvwg-udp-options.all@ietf.org
Content-Type: multipart/alternative; boundary="0000000000009455e9061742b414"
X-Pobox-Relay-ID: 2299941E-066D-11EF-A266-A19503B9AAD1-06080547!pb-smtp21.pobox.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/8mKP1sbyNYuUXeEK0NbfQMRpq_Q>
Subject: [tsvwg] Discarding the UDP surplus area when protocol-agnostic checksum offload is used
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Apr 2024 21:12:19 -0000

On Tue, Apr 9, 2024 at 8:17 AM Tom Herbert wrote:
> In current host stack implementation, when a UDP packet is received
> with surplus area we truncate the packet down to UDP Length and
> otherwise ignore the surplus area bits. Are you suggesting that the
> default behavior should be to drop packets with a UDP surplus area?
>
> IMO, this might be worth considering. I agree that this would tighten
> security. Also, I would point out that even truncating the surplus
> area like we do today is not without cost. If we are doing protocol
> agnostic checksum offload, the preferred method, then we need to
> compute the checksum over the surplus area when truncating and so we
> do this in the CPU. For a large surplus area this can burn a lot of
> cycles to process data that is useless to the receiver; conceivably,
> this could be a basis for a DoS attack on CPU resources.

Hi Tom,

One question that I have is whether existing host stack implementations
that use protocol-agnostic checksum offload typically do go to the
trouble of computing the compensating checksum for the surplus area,
which of course is identical to the OCS computation specified in the
UDP Options spec. The main motivation for why OCS is specified in
that way is because of the bugs found in middleboxes that erroneously
use the IP Payload Length rather than the UDP Length to calculate the
UDP checksum. The bug also seems to afflict some end systems. See:

https://datatracker.ietf.org/meeting/103/materials/slides-103-maprg-a-tale-of-two-checksums-tom-jones

https://tma.ifip.org/2020/wp-content/uploads/sites/9/2020/06/tma2020-camera-paper70.pdf

In end systems affected by this bug, one side effect would be that
packets with a correct UDP checksum and UDP options with a properly
calculated OCS would be accepted by tsuch systems, whereas arbitrary
packets with a non-empty surplus area likely would not!

Mike Heard

v2.35.0 | Report a Bug | By Email | System Status