[tsvwg] Issues with FRAG changes in draft-ietf-tsvwg-udp-options-19
"C. M. Heard" <heard@pobox.com> Tue, 17 January 2023 18:52 UTC
Return-Path: <heard@pobox.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC283C15155B for <tsvwg@ietfa.amsl.com>; Tue, 17 Jan 2023 10:52:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.795
X-Spam-Level:
X-Spam-Status: No, score=-2.795 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pobox.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id USFmNTF1Y7Mq for <tsvwg@ietfa.amsl.com>; Tue, 17 Jan 2023 10:52:47 -0800 (PST)
Received: from pb-smtp21.pobox.com (pb-smtp21.pobox.com [173.228.157.53]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 98D72C15153D for <tsvwg@ietf.org>; Tue, 17 Jan 2023 10:52:46 -0800 (PST)
Received: from pb-smtp21.pobox.com (unknown [127.0.0.1]) by pb-smtp21.pobox.com (Postfix) with ESMTP id C6A881D2A69 for <tsvwg@ietf.org>; Tue, 17 Jan 2023 13:52:45 -0500 (EST) (envelope-from heard@pobox.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=pobox.com; h= mime-version:references:in-reply-to:from:date:message-id:subject :to:cc:content-type; s=sasl; bh=s2rOziTdxwuQqklc8UEQE9bVVa6+4i/i KhQHUIz3zUI=; b=SGxr9w9bbNazSoCdjdzPDB2SclNZ5b9BRkBpl2M+wWXRmHxy bzZKQZQ89/SU3KpqEJgoxlPwKU6J9fFpLs3fuQboqM9FVUvktiBQP3zBtQcwPsMO U+vYJkBIZRXCRtsVXQWBmoDdShxz0mKq+1YWcFdxErUOTtYnMhVPa7DZpkc=
Received: from pb-smtp21.sea.icgroup.com (unknown [127.0.0.1]) by pb-smtp21.pobox.com (Postfix) with ESMTP id C01121D2A68 for <tsvwg@ietf.org>; Tue, 17 Jan 2023 13:52:45 -0500 (EST) (envelope-from heard@pobox.com)
Received: from mail-ed1-f53.google.com (unknown [209.85.208.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pb-smtp21.pobox.com (Postfix) with ESMTPSA id 123E71D2A5A for <tsvwg@ietf.org>; Tue, 17 Jan 2023 13:52:43 -0500 (EST) (envelope-from heard@pobox.com)
Received: by mail-ed1-f53.google.com with SMTP id b4so26907471edf.0 for <tsvwg@ietf.org>; Tue, 17 Jan 2023 10:52:42 -0800 (PST)
X-Gm-Message-State: AFqh2kqUoTAoY9KVY1a47XaXthmf+mENHv76OJyF8FJ95cKHsRf7QqKY vtaoS47k3wQWTargzMso34eza7rx2/vaSTWHgiA=
X-Google-Smtp-Source: AMrXdXtheUjsZ8pNfLK2SUQdFh7nNUb9EoJr2BdwSfU4r4J3Tj+EUtkv+68CiuhtFozQ9RYBCVyRbO3SIzetiWbv8jY=
X-Received: by 2002:a05:6402:14c3:b0:48e:c093:c06d with SMTP id f3-20020a05640214c300b0048ec093c06dmr356679edx.166.1673981560970; Tue, 17 Jan 2023 10:52:40 -0800 (PST)
MIME-Version: 1.0
References: <167220049895.33529.3350734505016599651@ietfa.amsl.com> <D83FA123-6246-47A3-ACC5-6775F551E542@strayalpha.com>
In-Reply-To: <D83FA123-6246-47A3-ACC5-6775F551E542@strayalpha.com>
From: "C. M. Heard" <heard@pobox.com>
Date: Tue, 17 Jan 2023 10:52:27 -0800
X-Gmail-Original-Message-ID: <CACL_3VESWvBjvCYymt+MHi5E_342p2U3dyapwD0fCwGquz2Qrg@mail.gmail.com>
Message-ID: <CACL_3VESWvBjvCYymt+MHi5E_342p2U3dyapwD0fCwGquz2Qrg@mail.gmail.com>
To: TSVWG <tsvwg@ietf.org>
Cc: Joe Touch <touch@strayalpha.com>
Content-Type: multipart/alternative; boundary="0000000000004d658305f27a34a1"
X-Pobox-Relay-ID: 1FC9FB34-9698-11ED-A2DD-B31D44D1D7AA-06080547!pb-smtp21.pobox.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/8vV-zzXJw_Whz5sHiDqiKiA66CQ>
Subject: [tsvwg] Issues with FRAG changes in draft-ietf-tsvwg-udp-options-19
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Jan 2023 18:52:51 -0000
On Tue, Dec 27, 2022 at 8:11 PM touch@strayalpha.com <touch@strayalpha.com> wrote: > This incorporates all pending updates, notably the change to the DOS > (datagram offset start) that was pending. > It also addresses some of the security issues raised, though we look > forward to having the security directorate provide a review based on a > complete read of the document. > Hello everyone, In this message I address just the changes to DOS in Section 9.4, with other matters being deferred to a subsequent email. Unless I am missing something, the changes made to the fragmentation text regarding the DOS (datagram offset start) field in the terminal FRAG option result in an incoherent specification. I think that these changes need to be rolled back to what was in -18 (modulo polishing of the rough edges) or, alternatively, a corrected description of the semantics of DOS in *atomic* terminal fragments needs to be crafted. Here is the text from Section 9.4, p. 18, that was added in going from -18 to -19: If DOS is larger than Frag. Start of the first fragment (offset=8), then all the per-packet options occur before the user data as it is reassembled. If DOS points to the end of the original IP packet, then there are no per-packet options. If DOS is smaller than Frag. Start of the first fragment, then it indicates the end of the per- fragment options (of the first fragment) and the start of per-packet options (of the reassembled user data). The DOS field enables the FRAG option to precede other options in every fragment and to enable all packet options to precede user data, enabling easier support for reassembly offload via DMA and to support limited router option processing hardware. The scheme as described above was the subject of a thread back in April 2022. The fundamental problem with it is that Datagram Option Start (DOS) indicates the start of the surplus area of the reassembled UDP datagram, *as measured from the start of the original UDP datagram*. Frag. Start, on the other hand, indicates the location of the beginning of the fragment data, *as measured from the beginning of the UDP header of the fragment*. As I pointed out in https://mailarchive.ietf.org/arch/msg/tsvwg/qbycDNzK41ZijjEip57VUwd1SZA/, these two quantities are *incommensurate*, as they refer to offsets in *different* packets. In https://mailarchive.ietf.org/arch/msg/tsvwg/d0BTAJjPIlxYH5OAdxcB5ckOgFc/, Joe Touch replied: They are intended to be commensurate ONLY In atomic fragments. I never > intended for this to be viable with non-atomic fragments, > However, that's not what the text in -19 says. In https://mailarchive.ietf.org/arch/msg/tsvwg/B1Si2S_3GHi4hEqI8fbPXRg21OI/ Joe went on to add: Ps - it might be a LOT simpler to say that limited routers should use only > per fragment options. We can then leave things as they are and avoid the > complexity of varying format interpretations. As I said at the time, I would MUCH prefer to see that than to have varying interpretations of the terminal FRAG option depending on whether it is or is not atomic. And in https://mailarchive.ietf.org/arch/msg/tsvwg/uAS9sgOpk36t03hjRVvVdNeBehU/, Joe seemed to agree: > > Additionally, this approach allows UDP fragmentation as BITW, which could > be useful in traversing paths with [....] MTU limits. > > The only downside is limiting options to per frag for constrained > implementation routers, which seems like a reasonable compromise to me. > > I think that a strong argument can be made that the intended purpose of changes to the interpretation of DOS in atomic fragments can be served just as well by per-fragment options. That purpose is to support "limited router option processing hardware," in other words, systems that can process packet data (apart from Internet checksum offload) only within a limited distance from the start of the packet. Such systems are not capable of parsing options in trailers appended to long packets. Neither are they capable of processing the entirety of the payload of long packets. That capability, however, is needed to support payload-dependent options such as APC, AUTH, and UENC, irrespective of where those options are located. But in an atomic terminal fragment, there is no semantic distinction between per-fragment and per-datagram options that do not depend on the UDP user data, such as MDS, MRDS, REQ, RES, and TIME. So, to my mind, there is no point in changing the interpretation of the DOS field in atomic fragments to accommodate such systems. Just use per-fragment options. Here are the specific changes that I propose to the text of -19 Section 9.4: On p. 18, replace The terminal FRAG option format adds a Datagram Option Start (DOS) pointer, measured from the start of the original UDP datagram header, indicating the end of the reassembled data and the start of the surplus area after the original UDP datagram. UDP options that apply to the reassembled datagram are contained in the partially reassembled payload, as indicated by DOS. UDP options that occur within the fragment are processed on the fragment itself. This allows either pre-reassembly or post-reassembly UDP option effects, such as using UENC on each fragment while also using TIME on the reassembled datagram for round-trip latency measurements. If DOS is larger than Frag. Start of the first fragment (offset=8), then all the per-packet options occur before the user data as it is reassembled. If DOS points to the end of the original IP packet, then there are no per-packet options. If DOS is smaller than Frag. Start of the first fragment, then it indicates the end of the per- fragment options (of the first fragment) and the start of per-packet options (of the reassembled user data). The DOS field enables the FRAG option to precede other options in every fragment and to enable all packet options to precede user data, enabling easier support for reassembly offload via DMA and to support limited router option processing hardware. with The terminal FRAG option format adds a Datagram Option Start (DOS) pointer, measured from the start of the original UDP datagram header, indicating the end of the reassembled data and the start of the surplus area after the original UDP datagram. UDP options that apply to the reassembled datagram are contained in the reassembled payload, as indicated by DOS. UDP options that occur within the fragment are processed on the fragment itself. This allows either pre-reassembly or post-reassembly UDP option effects, such as using UENC on each fragment while also using TIME on the reassembled datagram for round-trip latency measurements. Some devices are capable of parsing only a limited amount of data following the start of the received IP packet and thus need for all options to precede the user data. Limited support for such devices can be provided by using per-fragment options. On p. 20, delete the following paragraph: Note: per packet options can occur either at the end of the original user data or be placed after the FRAG option of the first segment, with the Datagram Option Start (DOS) in the terminal FRAG option set accordingly. This includes its use in atomic fragments, where the terminal option is the initial and only fragment. I think that the proposed update remains consistent with the final sentence on p. 20, i.e., "Users MAY also select the FRAG option to support limited header processing." If we want to drop that claim, the second replacement paragraph above ("Some devices ...") can also be dropped. I'll address other issues in -19 in a forthcoming message. Hopefully those issues will be uncontroversial and easy to deal with. Thanks and regards, Mike Heard
- [tsvwg] I-D Action: draft-ietf-tsvwg-udp-options-… internet-drafts
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… touch@strayalpha.com
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Jeremy Harris
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… touch@strayalpha.com
- [tsvwg] Issues with FRAG changes in draft-ietf-ts… C. M. Heard
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… C. M. Heard