Re: [tsvwg] UDP Options: how to do FRAG without LITE and forced UDP CS=0
Joe Touch <touch@strayalpha.com> Fri, 28 June 2019 18:05 UTC
Return-Path: <touch@strayalpha.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 642CE1206E4 for <tsvwg@ietfa.amsl.com>; Fri, 28 Jun 2019 11:05:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.209
X-Spam-Level:
X-Spam-Status: No, score=-1.209 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.779, T_KAM_HTML_FONT_INVALID=0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=strayalpha.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QLvYSL7fZQjp for <tsvwg@ietfa.amsl.com>; Fri, 28 Jun 2019 11:05:46 -0700 (PDT)
Received: from server217-3.web-hosting.com (server217-3.web-hosting.com [198.54.115.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A399B1206DE for <tsvwg@ietf.org>; Fri, 28 Jun 2019 11:05:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=strayalpha.com; s=default; h=Message-ID:References:In-Reply-To:Subject:Cc: To:From:Date:Content-Type:MIME-Version:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=o9G+HmSYrFXTrKfJhTM61GgkslEImUnnifOKaiM+jh0=; b=5ZoK4NthVTtJ0k6LcccSCrfrE D1Rf3q/gsBuTxij+49CeqnTgyNUphbo1yu12Jw3G8ts3Q4yQFKyplzHdPX/s/PQLbHGO5rGtQzPTl 53cvSc/QhWWQhYj34V4FmHF8ZT2YHv+smQW0HMgh1hX82y8rOcaaSjHC07ZI7t1LB7JNZksmhS+XE XE08IjNbdXkGyo1wd3BWAakFA2s9qAKalFI2S+dxD/jzRXV8JcRbkOJH2ar4tUhnIELHk+dFsqFuS xKBqoJON0YbTWBLpcdSqe+bE1DonAK0ZSKOW3ON/dfza1TbzXVrwt/96KwsnShqfXv8m9RIv3bwGB 8rZl/dGAQ==;
Received: from [::1] (port=44374 helo=server217.web-hosting.com) by server217.web-hosting.com with esmtpa (Exim 4.92) (envelope-from <touch@strayalpha.com>) id 1hgvFT-002RF8-2l; Fri, 28 Jun 2019 14:05:27 -0400
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="=_6da33eee57f3781268dd77010f1517cc"
Date: Fri, 28 Jun 2019 11:05:23 -0700
From: Joe Touch <touch@strayalpha.com>
To: "C. M. Heard" <heard@pobox.com>
Cc: TSVWG <tsvwg@ietf.org>
In-Reply-To: <CACL_3VFtF0B6N5Qk1t42hLvkP-=P2h5WUF=6XzOcOY1eYtwdBw@mail.gmail.com>
References: <CACL_3VFtF0B6N5Qk1t42hLvkP-=P2h5WUF=6XzOcOY1eYtwdBw@mail.gmail.com>
Message-ID: <bdfff3b491c8eaadb99c7350ebef45dd@strayalpha.com>
X-Sender: touch@strayalpha.com
User-Agent: Roundcube Webmail/1.3.7
X-OutGoing-Spam-Status: No, score=-0.5
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server217.web-hosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - strayalpha.com
X-Get-Message-Sender-Via: server217.web-hosting.com: authenticated_id: touch@strayalpha.com
X-Authenticated-Sender: server217.web-hosting.com: touch@strayalpha.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/A-e20b2vvgd6pFLjirnbkWLgTKQ>
Subject: Re: [tsvwg] UDP Options: how to do FRAG without LITE and forced UDP CS=0
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Jun 2019 18:05:49 -0000
Hi, Mike, Intriguing as this is, I think you've overlooked two key design goals: 1) we're not here to fix UDP CS=0. it either works or it doesn't. if middleboxes are broken, they need to be fixed. in short, we cannot - and should not try to - make protocols robust to arbitrary implementation errors. UDP isn't "byzantine robust" 2) the FRAG+LITE current design moves only a small, fixed number of bytes. The solution below doesn't appear to avoid copying/moving large amounts of data. At a minimum, can you address #2? If we can do this without moving around a lot of data, it might be viable. Some further points embedded below... Joe On 2019-06-28 09:23, C. M. Heard wrote: > Greetings, > > The version of FRAG defined in draft-ietf-tsvwg-udp-options-07 suffers > from the following disadvantages: > > 1) A legacy host that does not understand UDP options will erroneously > interpret FRAG without LITE as a complete UDP datagram. I thought we converged to "don't use FRAG without LITE until you confirm the other end speaks UDP options". What's the reason for needing FRAG without LITE? > 2) The same is true for an options-aware host if OCS fails. If OCS fails, why would an options-aware host do anything further with the packet? > 3) Because LITE data (by design) is not covered by OCS/CCO, FRAG+LITE > will have very poor middlebox traversal properties unless the UDP > checksum is set to zero. For IPv6, even that will not work well, > because UDP CS=0 is often blocked by the network (this happened on > 26%-36% of the paths in Raffaele Zullo's recent measurements) That's a significant bug, but we really shouldn't design protocols simply to get around bugs. At least one reason is that IPv6 UDP CS=0 is valid for tunnels and needs to be supported. > All of these disadvantages can be avoided if the fragment data is > pulled into the option. That can be done as follows: instead of having > the FRAG option capture preceding conventional or LITE user data as > fragment data, insist that the FRAG option appear ***last*** in the > option list and have it capture all remaining octets in the packet as > fragment data. The length field is no longer needed (it is implicit), > so it can be replaced by a More Fragments (MF) flag. By convention, if > this option appears, OCS would cover all UDP options as well as all > octets in the UDP trailer that follow the FRAG option; thus, there > would be no need for a separate overall checksum -- the reassembled > datagram would be protected in a manner equivalent to the way TCP user > data is protected by the checksums on individual segments. Frag reassembly is not the same as TCP reconstitution. Our IDs do not operate in sequence, > The revised FRAG option formats would be as follows: > > +--------+--------+--------+--------+ > | Kind=6 | MF=1 | Frag. Offset | > +--------+--------+--------+--------+ > | Identification | > +--------+--------+--------+--------+ > | ... Fragment Data ... | > +--------+--------+--------+--------+ > > UDP non-terminal FRAG option format > > +--------+--------+--------+--------+ > | Kind=6 | MF=0 | Frag. Offset | > +--------+--------+--------+--------+ > | Identification | > +--------+--------+--------+--------+ > | ... Fragment Data ... | > +--------+--------+--------+--------+ > > UDP terminal FRAG option format > > The following requirements would apply: > >>> When the FRAG option appears, it MUST come last in the UDP options > list. All remaining octets in the packet are interpreted as fragment > data. > >>> OCS, if present, covers both the FRAG option and the trailing > fragment data. > >>> A host that wishes to signal that it is able to accept and process > the FRAG option MAY do so by transmitting an unfragmented datagram > with an empty terminal FRAG option whose Offset field is set to zero. > >>> Non-empty FRAG options MUST NOT be present in packets with ordinary > UDP user data or LITE data. Any such options MUST be silently dropped. > >>> UDP options other than OCS and padding MUST NOT accompany the FRAG > option in non-terminal fragments. Any such options MUST be silently > dropped. All other options that apply to a reassembled packet must > accompany the FRAG header in the terminal fragment. > > To handle the case when the user UDP CS setting specifies that the UDP > checksum should be zero, we just omit the OCS option (in line with the > proposal to always tie the presence or absence of OCS to the user UCP CS > setting). By not having a distinct overall checksum for the reassembled > packet, this version of FRAG avoids duplicate work (just as FRAG+LITE does > in the -07 draft). Having the OCS cover the data in each fragment provides > protection that is essentially the same as what TCP provides with > checksums and sequence numbers on individual segments, if the user has > requested a checksum. For in order to deliver the reassembled data, we > require all fragments to be present and to fit together exactly, with no > gaps and no overlap. The result is essentially equivalent to what is > provided by the post-reassembly checksum in the -07 draft, the main > difference being that the options are also included. Note that ACS is > still available if a stronger post-reassembly checksum is wanted. > > I believe that this proposal squarely addresses the disadvantages of the > -07 version of FRAG that are enumerated at the beginning of this message. > It offers a solution that provides protection equivalent to conventional > IP fragmentation coupled with the standard UDP checksum, allows for > middlebox traversal, and avoids duplicate checksum computations. > > Mike Heard