IETF Logo Mail Archive

Re: [tsvwg] draft-ietf-udp-options issues from IETF 104

Joe Touch <touch@strayalpha.com> Tue, 16 July 2019 06:47 UTC

Return-Path: <touch@strayalpha.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E6D91120191 for <tsvwg@ietfa.amsl.com>; Mon, 15 Jul 2019 23:47:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.917
X-Spam-Level:
X-Spam-Status: No, score=-0.917 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.779, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=strayalpha.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Gek_2Z53fNSt for <tsvwg@ietfa.amsl.com>; Mon, 15 Jul 2019 23:47:51 -0700 (PDT)
Received: from server217-3.web-hosting.com (server217-3.web-hosting.com [198.54.115.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2B265120192 for <tsvwg@ietf.org>; Mon, 15 Jul 2019 23:47:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=strayalpha.com; s=default; h=To:References:Message-Id: Content-Transfer-Encoding:Cc:Date:In-Reply-To:From:Subject:Mime-Version: Content-Type:Sender:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=8UwrXyxz0vqhJA52sLPZYnIfxDymTCWpzJ6BoqU+CNg=; b=Dbr8AYVTswKHBiP6mosn3nxhx 6zqDGQqsOBpQKKLezHIPbQjq2R+U/IrSDvfz1GmJLxRVwf3+IGcnmiwsUnhsx3btZREsUd9RoqEA/ 9qlgSRHc+P0Hs5R7jnTbVF1wzbMXyTilCdjaWzzearEHYThK+fQJ32/63RrqcYDmGsOhMsaKCPeT+ UYCdiHyXDRujPe2eYxA4aUx13HVKBAMA0X+ZAdZg9ocdAvdKnb0bkSkmZu2ptIxmJUdpBDtdTo7pn EPDwcpxqfTLkL5EcX9+abdGv4KulidyKKMP2wLYO3PQ+S5ChXFbifn5iuLRkufVcAgIBAQsUsPQe2 rnr13hKVQ==;
Received: from cpe-172-250-225-198.socal.res.rr.com ([172.250.225.198]:50035 helo=[192.168.1.6]) by server217.web-hosting.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92) (envelope-from <touch@strayalpha.com>) id 1hnHFW-003svR-UV; Tue, 16 Jul 2019 02:47:50 -0400
Content-Type: multipart/alternative; boundary="Apple-Mail-D49234EF-D11B-4F89-B345-89BCF8542384"
Mime-Version: 1.0 (1.0)
From: Joe Touch <touch@strayalpha.com>
X-Mailer: iPad Mail (16F203)
In-Reply-To: <CACL_3VEq=3AVbET3q-PsYMdVYx7K971=pFtM0O8b2pU5cNUEOQ@mail.gmail.com>
Date: Mon, 15 Jul 2019 23:47:38 -0700
Cc: tsvwg <tsvwg@ietf.org>
Content-Transfer-Encoding: 7bit
Message-Id: <0E711F6E-61C5-48BB-824B-E62AEE445A62@strayalpha.com>
References: <CAPDqMeq9GjEQKukH1pZOTdE50e_rc3U6gpdxT-5qrS5phD0RGw@mail.gmail.com> <646D45AD-D79B-4BD2-A084-7DA97CE2C415@strayalpha.com> <7EC37B50-45D5-4CF1-B113-205E55BF244E@strayalpha.com> <CALx6S34s7L7xo+26bt5Cdaqi4Es5Aci42GHk1WNKzugr5st-Gw@mail.gmail.com> <B525BF50-EFCC-44A5-A604-6CDDA914A1CB@strayalpha.com> <CAPDqMep3R6z9PRKkHyOvrh6sV9n5Sc0B++-zVz0FYJCwE6swrQ@mail.gmail.com> <E42A2AE2-F499-465E-BDE6-5EFC0AB20042@strayalpha.com> <CE03DB3D7B45C245BCA0D24327794936306138E9@MX307CL04.corp.emc.com> <CAPDqMeoyNb7vQTdqxLpZpnKb9S7QKeDJNLyQJBmq95yXhB+xfQ@mail.gmail.com> <7D365770-64FE-40BC-901D-B4D7DF6B484B@strayalpha.com> <20190713182554.GB39770@clarinet.employees.org> <CALx6S36mH2M6SYnRSecWXa7k_d1u8O43+CXE-=KqeO0x2e5+qw@mail.gmail.com> <82FF6486-FABF-4D2C-B5E2-178779C720A4@strayalpha.com> <CALx6S34YhtgNNJtHazqJdsGRhiMa4PQXiSOuDz0JhqqyHWfNyA@mail.gmail.com> <757FDD92-EC4A-4AC2-B491-74B75119A951@strayalpha.com> <CALx6S36XCUs-oQVBSBX_KTg5qN4fgTBrrgqZqmwBwo75J3UqUA@mail.gmail.com> <3b6db46d21 ac1bb7e6c6761df7501c92@strayalpha.com> <CALx6S37L0gxaUmE5FT=ByvETY6FnzqXDPMU++RpCQaqpwPXEyA@mail.gmail.com> <4bfbcce574679f741e47cacd87919de1@strayalpha.com> <CACL_3VE_DkRQdBMYc7pW2oB88p7dE-B6Ev7JPfhxA7nUX7tZKA@mail.gmail.com> <193984167bc0b98ffe22da4efe803159@strayalpha.com> <CACL_3VEq=3AVbET3q-PsYMdVYx7K971=pFtM0O8b2pU5cNUEOQ@mail.gmail.com>
To: "C. M. Heard" <heard@pobox.com>
X-OutGoing-Spam-Status: No, score=-0.5
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server217.web-hosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - strayalpha.com
X-Get-Message-Sender-Via: server217.web-hosting.com: authenticated_id: touch@strayalpha.com
X-Authenticated-Sender: server217.web-hosting.com: touch@strayalpha.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/NsfmJcFP7RdJZPNwoi_JKW97OiI>
Subject: Re: [tsvwg] draft-ietf-udp-options issues from IETF 104
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Jul 2019 06:47:55 -0000

Mike, 

Did you had read my earlier post today about using OCS only on transmit for LITE - as a user choice?

That costs on transmit *but not receive* and allows errors in the LITE data *if* the packet doesn’t cross a buggy middlebox afterwards (which kills the packet no matter what we do anyway).

And in that context, can you update your response below?

Joe

> On Jul 15, 2019, at 10:43 PM, C. M. Heard <heard@pobox.com> wrote:
> 
>> On Mon, Jul 15, 2019 at 3:01 PM Joe Touch wrote:
> 
>>> On 2019-07-15 14:43, C. M.. Heard wrote:
>>> ...
>>> > NOTE2: *as repeatedly already noted*, again - GIVEN THIS CONTEXT -
>>> > there is no utility in the additional pre-option header proposed in
>>> > draft-herbert-udp-space-hdr-01.
>>>  
>>> Actually, there is something in the draft that IMO has great utility --
>>> not the pre-option header per-se, but the **functionality** provided by
>>> the draft's protocol header packet format. Specifically, that packet
>>> format allows options to share fate with the payload data that they
>>> accompany (i.e., either both are accepted and processed or neither is)..
>>  
>> How is that true? We can't redefine the UDP checksum, which covers the 
>> payload.
> 
> The answer is that for this variant, the the UDP length is set to 8,
> so the UDP checksum just covers the UDP header (as with FRAG+LITE in
> draft-ietf-tsvwg-udp-options-07). Everything else -- the pre-option
> header, options, and user data go in the surplus space, and is covered
> by the checksum in the pre-option header. I think this this clip from
> the draft will help to clarify:
> 
> 2.2 Protocol header format (Extended UDP header)
> 
>    The UDP Surplus Header can be used as a protocol header. Effectively,
>    this creates an extended UDP header format. The logical protocol
>    layering is:
> 
>                       +-+-+-+-+-+-+-+-+-+-+-+ \
>                       |      UDP header     |  |
>                     / +-+-+-+-+-+-+-+-+-+-+-+  | Extended
>                    |  |   UDP space header  |  | UDP header
>            Surplus |  +-+-+-+-+-+-+-+-+-+-+-+  |
>            space   |  | Type specific data  |  |
>                    |  +-+-+-+-+-+-+-+-+-+-+-+ /
>                    |  |       UDP data      |
>                     \ +-+-+-+-+-+-+-+-+-+-+-+
> 
>    The packet format containing an extended UDP header is:
> 
>     0                   1                   2                   3
>     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\
>    |        Source port            |      Destination port         | |
>    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ UDP
>    |           Length              |         Checksum              | |
>    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/
>    |     Type      |   TSLength    |         Checksum              |\
>    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
>    |                                                               | |
>    ~                      Type Specific Data                       ~ USH
>    |                                                               | |
>    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ /
>    |                                                               |
>    ~                           UDP data                            ~
>    |                                                               |
>    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> 
>    Notes:
> 
>       - Since the UDP header is aligned and a multiple of four bytes, no
>         padding for USH is necessary.
> 
>       - The UDP length is fixed to be eight so that all bytes beyond the
>         UDP header are contained in the surplus space.
> 
>       - The UDP checksum covers the eight bytes of UDP header and the
>         checksum pseudo header. The USH checksum covers the entire
>         surplus space which includes the UDP Surplus Header and UDP
>         data.
> 
> The USH checksum does needs to include a compensation pseudo-header that
> is equal to the length of the surplus area (the draft omits that through
> oversight, but that is easily fixed and does not affect the discussion
> in the draft in a fundamental way).  
>  
>> A legacy receiver doesn't care about the surplus area and can ignore it. 
>> At which point, whether the surplus is corrupted or not, a legacy 
>> receiver will accept it.
> 
> Yes, but what it will see is a zero-length UDP datagram.
>  
>> A UDP-option-aware receiver would do the same thing with OCS (as 
>> currently defined) as with the one in draft-herbert. Remember, OCS was 
>> already redefined before the last IETF to have the same "zero out" 
>> property as in draft-herbert-00.
> 
> Agreed -- subject of course to adding the compensation pseudo-header.
>  
>>> ...
>>> Besides defining a UDP surplus header (USH, Section 2), the draft also
>>> defines two variations of is usage: a protocol trailer variant (Section
>>> 2.1) and a protocol header variant (Section 2.2).
>>>  
>>> In the trailer variant the UDP user data (and padding bytes as needed
>>> for alignment) precede the USH and trailing options appear at the the
>>> offset indicated by the UDP Length. It applies only when UDP Length > 8.
>>> It provides functionality similar to the packet format defined in
>>> draft-ietf-tsvwg-udp-options-07.
>>>  
>>> In the header variant the UDP Length is set to 8. The USH immediately
>>> follows the UDP header (with no padding), the options are next, and the
>>> payload is last. This is functionally similar to what you get if you
>>> start with draft-ietf-tsvwg-udp-options-07 and add a "user data" option
>>> that consumes all trailing bytes, like the modified FRAG proposed in
>>> https://mailarchive.ietf.org/arch/msg/tsvwg/Wv--BLVMPAX6g5umok9BQsXAEGg.
>>>  
>>> One can reasonably ask, why on earth would we want both formats? My
>>> answer is that they provide different but complementary functions.
>>  
>> Didn't you just prove they're equivalent to, in essence, LITE and non-LITE? 
> 
> No, not at all. By definition, LITE data is excluded from OCS. The
> protocol header packet format (aka extended UDP packer format) includes
> the payload data in its checksum, along with the options. One could
> certainly do that with OCS, but it would be necessary to add an
> "payload data" option of some sort.
>  
>>> - The trailer variant can be sent to a legacy receiver with a reasonable
>>> expectation that the user data will be processed normally and the
>>> options will be ignored.
>>  
>> that's how UDP options already work...
> 
> Exactly so. To expand on this a bit, here is the packet format:
> 
> 2.1 Protocol trailer format
> 
>    When used as a protocol trailer, the UDP Surplus Header immediately
>    follows the UDP data. The logical protocol layering is:
> 
>                       +-+-+-+-+-+-+-+-+-+-+-+
>                       |      UDP header     |
>                       +-+-+-+-+-+-+-+-+-+-+-+
>                       |       UDP data      |
>                     / +-+-+-+-+-+-+-+-+-+-+-+ \
>            Surplus |  |   USH base header   |  |
>            space   |  +-+-+-+-+-+-+-+-+-+-+-+  |  USH
>                    |  | Type specific data  |  |
>                     \ +-+-+-+-+-+-+-+-+-+-+-+ /
>    The packet format of UDP Surplus Header as a protocol trailer is:
> 
>     0                   1                   2                   3
>     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\
>    |        Source port            |      Destination port         | |
>    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ UDP
>    |           Length              |         Checksum              | |
>    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/
>    |                                                               |
>    ~                           UDP data                            ~
>    |                                                               |
>    +               +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>    |               |                      Padding                  |
>    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>    |     Type      |   TSLength    |         Checksum              |\
>    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
>    |                                                               | |
>    ~                      Type Specific Data                       ~ USH
>    |                                                               | |
>    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ /
> 
>    Notes:
> 
>       - The offset of the UDP Surplus Header from the start of the UDP
>         header, including possible padding for the USH, is equal the UDP
>         Length.
> 
>       - The number of padding bytes is 3 - ((udp_length - 1) % 4), where
>         udp_length is equal to the UDP Length field. The offset of the
>         Type field of the USH is 4 * ((udp_length - 1) / 4 + 1).
> 
>       - If the size of the USH header (four plus four times TSLength) is
>         less than the size of the UDP surplus space in a packet, then
>         the USH is considered to be malformed (see section 3.2).
> 
>       - The UDP checksum covers the UDP header and UDP data. The USH
>         checksum covers the entire UDP surplus space.
> 
>       - A legacy receiver, one that does not understand the UDP Surplus
>         Header, will ignore the contents of the UDP surplus space and
>         process the UDP data as normal. Protocol data that cannot
>         correctly be ignored by a receiver, such as the fragmentation
>         option in the [UDPOPT], MUST NOT be in a surplus space trailer.
> 
> hese are the main functional differences between the protocol trailer
> packet format and what is currently in draft-ietf-tsvwg-udp-options-07:
> 
> - The checksum is not optional; it is required. It covers all data
> from the padding preceding the fixed surplus header to the end of
> the packet. As a consequence, full checksum compensation is provided.
> 
> - Option data (not including fixed surplus header) is limited to 1020
> bytes, and it must be aligned on a four-byte boundary.
> 
> - Options that affect the handling of the data preceding the trailer
> are not allowed there. In other words, an option would not be allowed
> in the trailer if the interpretation of the data preceding the trailer
> would be different depending on whether the option was processed or
> ignored. Examples include FRAG (for obvious reasons), ACS (as data
> failing the alternate checksum would normally be discarded), and AE
> (as data failing authentication or decryption would normally be
> discarded). Such options are allowed in the header variant only.
> 
> - LITE data is not accommodated, both because of the above rule and
> also because of the mandatory nature of the surplus space checksum.
> 
> EVALUATION: I do understand from what you wrote elsewhere on this thread
> that OCS will incorporate the essential checksum functionality described 
> above in the -08 rev, which I applaud. Indeed, I already proposed that
> OCS, if present, should cover the entire UDP options trailer (excluding
> LITE data), and that it should be present whenever the checksum in the
> UDP header is non-zero (and I'd still to see "required when UDP CS<>0"
> instead of "required"). The other functional requirement that I'd
> like to see levied is to ban, or at least strongly discourage, options
> from the trailer if they affect the handling of the payload. I include
> FRAG, ACS, and AE in this category (see comments below about LITE).
> Neither of those changes require the use of a fixed pre-option header. 
> 
> <OPINIONATED COMMENTARY>
> For the protocol trailer packet format I see only downsides to the
> fixed pre-option header as compared to what is currently defined in
> draft-ietf-tsvwg-udp-options-07, including OCS as a 3-byte option.
> When sending I can align OCS with NOPs if I need to, and when receiving
> I don't care if it's aligned or not, since I'll use a standard Internet
> checksum calculation (with compensation pseudo-header) over the whole
> trailer area, conceptually prepending or appending zero bytes if it
> starts or ends on an odd byte boundary. If the checksum passes, I don't
> have to do anything with OCS when I go looping through the option TLVs.
> So, the protocol trailer packet format has no advantage when it comes to
> checksum handling. Limiting the size of the trailer area limits the
> ability of DPLPMTUD to pad user data packet for MTU probing (that is a
> good use for EOL, please keep it). And it precludes LITE, though given
> that an OCS failure causes LITE data to be discarded while the non-LITE
> data is delivered, it may be better to tell folks to use UDP-Lite if
> they need a partial checksum coverage capability.
> </OPINIONATED COMMENTARY>
>  
>>> ...
>>> - The header variant can be used to safely send options that need to
>>> share the fate of the payload data that they accompany (the options
>>> and payload share the same checksum, so both will be discarded if
>>> the checksum fails).
>>  
>> How is this not LITE?
> 
> If you mean LITE with UDP Length = 8, the answer is because LITE data
> is not checksummed. In the usual case, one wants the user data to be
> protected by a checksum.
>  
>> Note, however, that a packet still shows up (albeit zero length) with 
>> either approach. So this isn't exactly the same as true fate-sharing.
>  
> That's true; as I noted above, it is possible for a the zero-length UDP
> datagram to affect a legacy receiver. However, it need not affect an
> options-aware receiver; the transport module can certainly distinguish
> between UDP Length = 8 and no additional data vs. UDP Length = 8
> and a additional data that fails OCS or the USH checksum.
>  
>>> Options that cause the payload to be handled
>>> differently when they are present fall into that category. Examples
>>> include FRAG (for obvious reasons), ACS (as data failing the alternate
>>> checksum would normally be discarded instead of being passed to the
>>> application), and AE (as data failing authentication or decryption would
>>> normally be discarded instead of being passed to the application).
>>>  
>>> Note that draft-herbert-udp-space-hdr-01 stipulates that options which
>>> cause the payload to be handled differently when they are present may
>>> reside in the header variant only.
>>>  
>>> Why is this important?
>>>  
>>> Clearly, for legacy receivers, options in the trailer cannot be
>>> guaranteed to share fate with the payload because they discard all
>>> options. Similarly, if a new option option that affects data
>>> handling is defined in the future, option-aware receivers that do
>>> not recognize it will skip over it. These issues can in principle
>>> be dealt with by insisting (as draft-ietf-tsvwg-udp-options-07 does)
>>> that options that are not safe to ignore must not be sent without
>>> prior knowledge (obtained by negotiation or configuration) that the
>>> target receiver can properly handle them.
>>>  
>>> BUT, it's not just legacy receivers that feel the impact; option-aware
>>> receivers treat the entire options trailer as being absent if the option 
>>> checksum fails. If the UDP checksum passes, and there are options that
>>> change the handling of the preceding payload data, then that data will
>>> be handled incorrectly. In other words, a correctly implemented receiver
>>> that recognizes all options nonetheless has the potential to pass
>>> corrupted data to the application. In my opinion that's not acceptable.
>>  
>> That's not a feature of draft-herbert vs the exising UDP options; that 
>> is a choice in Sec 8 of udp-options.
>>  
>> We chose to have that case ignore options to emulate legacy receivers; 
>> if that's not what we want, we change that rule.
>>  
>> If that rule is changed, then you'd get the fate sharing you seek.
>>  
>> But you can't have it both ways - with either solution. They're the same 
>> here. Either failed options means "act like legacy" or it means "fail", but 
>> that means that incorrect options would succeed in a legacy receiver but 
>> fail in an options-aware one - EITHER WAY.
> 
> It seems to me that you are actually making the case for devoting a bit
> in the Option Kind that specifies what to when the option is not
> recognized (or recognized but not supported). This shows up in the IETF
> 104 slides under the rubric of a "require/ignore" but that misrepresents
> what the advocates (myself included) had in mind.. What we (or I, at
> least) had in mind was something similar to what's in RFC 8200:
> 
>       0 - skip over this option and continue processing the packet
> 
>       1 - discard the packet.
> 
> With this capability available, we could assign an Option Kind with the
> flag set if the option affects the handling of the accompanying payload
> (FRAG, AE, and ACS, at a minimum) and an Option Kind with the flag clear
> if the option can be safely ignored by a legacy receiver (EOL, NOP, OCS,
> MSS, TIME, REQ, RSP). There should be an EXP option of each flavor to
> be used as appropriate for the experiment. Then the rule is, only those
> options whose flag is clear can be in an options trailer; options whose
> flag is set have to be in the options header. Then the desired behavior
> results: an option whose flag is set will be discarded, along with its
> data, either by a legacy receiver that does not understand options at
> all (thought it will see a zero-length datagram) or by an options-aware
> receiver that does not understand the option.
> 
> I'm of two minds about LITE: I don't see a way to make it work with the
> protocol header format or something similar, but I don't see a way to
> make it safe with the trailer format of draft-ietf-tsvwg-udp-options-07.
> I could accept seeing it remain with a "for mutually consenting parties
> only" health warning, but unless it solves actual problems that
> UDP-Lite does not, maybe it's best to say "just use UDP-Lite." It does
> seem as if the fond hopes of easy traversal of middleboxes that block
> protocol 136 are not to be, as LITE defeats checksum compensation.
> 
>>> AFAICT, draft-ietf-tsvwg-udp-options-07 currently has no means for
>>> providing the fate-sharing of options and payload.
>> 
>> It does, as shown above.
> 
> LITE data is delivered or dscarded depending on the fate if the LITE
> option, but only at the cost of having no checksum protection for the
> data. The protocol header packet format in draft-herbert does not
> have that drawback.
>  
>>> The protocol header
>>> format in draft-herbert-udp-space-hdr-01 does. I'd like to see
>>> draft-ietf-tsvwg-udp-options-07 revised to provide that functionality.
>>>  
>>> I have my own ideas on how best to do that, but I am going to hold them
>>> in abeyance for a later time because I think it's much more important
>>> for us to discuss whether I am correct to insist on the need for an
>>> option and payload fate-sharing capability for protocol correctness.
>>  
>> I agree with that - let's decide what functionality we want and THEN 
>> figure out how to deliver it. Or at least separate those two discussions 
>> where possible.
> 
> Excellent, thank you.
>  
>> However, header/trailer is a misnomer. It's really about whether and how 
>> much to use LITE.
> 
> Sorry, but I disagree with that. LITE does not and cannot deliver the
> functionality of the protocol header packet format in draft-herbert.
> LITE  does not checksum the payload data; the protocol header packet
> format in draft-herbert does. I do believe that improvements can be
> made to the latter; details for those who care are below my .sig
> 
> Mike
> 
> --
> The main properties of of the protocol header packet format in
> draft-herbert are:
> 
> - The UDP Length is required to be 8. The fixed-size surplus header
> begins immediately after the UDP header, without padding.
> 
> - The checksum is not optional; it is required. It covers all data
> from the the fixed surplus header to the end of the packet (as above).
> As a consequence, full checksum compensation is provided.
> 
> - Option data (not including the fixed surplus header) is limited to
> 1020 bytes, and it must be aligned on a four-byte boundary (as above).
> 
> - LITE data is not accommodated.
> 
> - All other options are allowed.
> 
> - Data following the end of the options area (as indicated by the length
> field in the surplus header) starts on a four-byte boundary. It is
> processed as indicated in the options and passed to the application
> (if appropriate) following such processing. In many cases there is no
> processing and it's just passed upward, but that would not be the case
> for FRAG, ACS, and AE.
> 
> The limitation to 1020 bytes of options seems needless and arbitrary,
> and it interferes with the capability of this format to support DPLPMTUD
> probe packets that consist of padding only (for more information see
> draft-ietf-tsvwg-datagram-plpmtud-08 Section 4.1). This limitation is
> a result of reserving a byte in the pre-option header as a type for
> extensibility; if we agree that the options themselves provide enough
> flexibility, then this issue can be overcome by modifying the format
> to be as follows:
> 
>     0                   1                   2                   3
>     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\
>    |        Source port            |      Destination port         | |
>    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ -Base Hdr
>    |        UDP Length = 8         |   UDP Header Checksum         | |
>    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/
>    |        Payload Offset         |  Option+Payload Checksum      |\
>    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
>    |                                                               | |
>    ~                           UDP Options                           ~Ext Hdr
>    |                                                               | |
>    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ /
>    |                                                               |
>    ~                         Payload Data                          ~
>    |                                                               |
>    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> 
> If alignment of the payload data is seen as desirable (which is likely
> the case), then Payload Offset can be restricted to be a multiple of 2,
> 4, or 8 as appropriate, with a minimum value of 4. Fragments should be
> similarly aligned.
> 
> Several alternatives to this format were considered, notably including
> the currently-defined 3-byte OCS (one byte Kind, two byte checksum)
> with a to-be-defined one-byte "user data" option that would appear at
> the end and consume all following data. That combination uses at least
> as much space and will use more if NOPs are inserted for alignment. So
> in this case (unlike the trailer case), a fixed header appears to be
> advantageous compared to possible alternatives. FRAG would be as in
> https://mailarchive.ietf.org/arch/msg/tsvwg/Wv--BLVMPAX6g5umok9BQsXAEGg
> but with the interpretation changed to have it consume all payload
> data instead of all data that follows.
>

v2.23.0 | Report a Bug | By Email