IETF Logo Mail Archive

Re: [tsvwg] LITE+FRAG UDP CS=0 (was Re: OCS option in draft-ietf-tsvwg-udp-options-07)

Joe Touch <touch@strayalpha.com> Tue, 12 March 2019 01:43 UTC

Return-Path: <touch@strayalpha.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3758512AF83 for <tsvwg@ietfa.amsl.com>; Mon, 11 Mar 2019 18:43:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.22
X-Spam-Level:
X-Spam-Status: No, score=-1.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_NEUTRAL=0.779, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=strayalpha.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fc4RMOuDDMbt for <tsvwg@ietfa.amsl.com>; Mon, 11 Mar 2019 18:43:04 -0700 (PDT)
Received: from server217-3.web-hosting.com (server217-3.web-hosting.com [198.54.115.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6FBEE12AF7D for <tsvwg@ietf.org>; Mon, 11 Mar 2019 18:43:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=strayalpha.com; s=default; h=To:References:Message-Id: Content-Transfer-Encoding:Cc:Date:In-Reply-To:From:Subject:Mime-Version: Content-Type:Sender:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=VdkCKFLCACdAaBXgYOIcnidFED++noF2rTl2EldET18=; b=MHOePfhoiQwQfBU1ijWetLAMp z/uzfw0clJLoCy5vXPALBMnPno5N8o1m12iWKkGpBOjnJTjW9LO7JNQzz7WZpU87Yfim/7wdgFCMI Qivo9369dBPdX6Ayqax5qAU/aukN6FGHghNQH84Lwlp9+DDpUSCg+6JGdGuKXo8PLCjRRzzzI2B3b CrsUcjqu1tVXm/mPyhajxV0DAHYRvrozixyfKpK38jBfuiNrwrChUaFmEz83hsj65d3XIjBaeUlMR HpSGVWwsBFKOQkIU4adLCjj/P0GY1d2QevY49Pvva33t96tyhT2HzuwYTfDvb3PPbvkdWCRvgB3aC 0LacYR03A==;
Received: from [65.222.224.130] (port=50923 helo=[172.20.15.93]) by server217.web-hosting.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.91) (envelope-from <touch@strayalpha.com>) id 1h3WRb-002WP5-EP; Mon, 11 Mar 2019 21:43:04 -0400
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (1.0)
From: Joe Touch <touch@strayalpha.com>
X-Mailer: iPad Mail (16D57)
In-Reply-To: <20190311232822.GA31999@bugle.employees.org>
Date: Mon, 11 Mar 2019 18:43:02 -0700
Cc: tsvwg <tsvwg@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <BB40BAC5-F900-4BD7-A54C-C88D14B8285D@strayalpha.com>
References: <CACL_3VFg-EWCYHZ4+kYV30vjNzPs90ysAu5SCdLNb+9OPxE+3g@mail.gmail.com> <B1D19ABC-428B-42D8-AE97-BF3B967B1140@strayalpha.com> <20190311221839.GA92478@bugle.employees.org> <20190311232822.GA31999@bugle.employees.org>
To: Derek Fawcus <dfawcus+lists-tsvwg@employees.org>
X-OutGoing-Spam-Status: No, score=-1.0
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server217.web-hosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - strayalpha.com
X-Get-Message-Sender-Via: server217.web-hosting.com: authenticated_id: touch@strayalpha.com
X-Authenticated-Sender: server217.web-hosting.com: touch@strayalpha.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/PVjC9vd1THpRGrWOKw-6bUtVUi4>
Subject: Re: [tsvwg] LITE+FRAG UDP CS=0 (was Re: OCS option in draft-ietf-tsvwg-udp-options-07)
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Mar 2019 01:43:05 -0000

FYI - all of the stuff below was considered when designing LITE+FRAG and suggesting the reassembled packet had its own reassembly checksum - that did NOT include the pseudo header. 

I.e., IMO, the LITE+FRAG mechanism we have already does basically all we CAN do.

> On Mar 11, 2019, at 4:28 PM, Derek Fawcus <dfawcus+lists-tsvwg@employees.org> wrote:
> 
>> On Mon, Mar 11, 2019 at 11:18:39PM +0100, Derek Fawcus wrote:
>> 
>> Actually, my original thought here (which I then culled), was to have another
>> option, or ACS.  That other option would encode the current style of checksum,
>> so for concerns about CPU cost of using CRC, we could mitigate it.
>> 
>> What I had in mind was an option containing two 16 bit fields, one would
>> encode the partial-checksum for the pseudo-header as the originator sent
>> it, the other the partial-checksum for the original UDP payload.
>> 
>> e.g.:  [ Type = Frag-Chks | Len | part-phdr-chk | part-data-chk ]
>> 
>> That way the receiver can recover from any NAT mangling of the packet which
>> would otherwise mess with the checksum calculation.
>> 
>> i.e. for the UDP portion, assuming the packet was encoded with UDP CS=0
>> 
>>  1. Calculate partial checksum for pseudo-header as received
>>  2. Compare to option part-phdr-chk
>>  2a. If equal verify UDP data against part-data-chk
>>  2b. If differ verify UDP data against part-data-chk + (part-phdr-chk - phdr-chk)
> 
> It might help to explain my line of reasoning here..
> 
> My first idea for using UDP CS=0 for LITE+FRAG was simply to move
> the original UDP CS in to an option.
> 
> i.e. the host stack would operate as normal, building its UDP header.
> Then during building the options area, it would copy the
> UDP CS in to an option (call it the Moved Checksum - MCS),
> and zero the CS in the UDP header.
> 
> So we end up with something like:
> 
>  [Kind=MCS|Len=4|16 bit checksum]
> 
> Then I realised this would be broken by NATs.
> 
> Hence concluding one would have to also carry the partial
> checksum for the original pseudo-header
> (i.e. src-ip/dst-ip/src-port/dst-port/proto) such that
> NAT manipulations can be compensated for:
> 
>  [Kind=MCS|Len=6|16 bit part-phdr-chk|16 bit original-chk]
> 
> So the processing on the TX side to generate that is no
> more costly, the RX side would have a bit more work.
> 
> Conceptually generating:
> 
>  new-chk = original-chk - (part-phdr-chk - rx-phdr-chk)
> 
> Then writing that over the UDP CS field, before passing the
> packet in to the original receive / validate routine.
> 
> Sending two partial checksums is just another way of achieving
> the same effect.  Maybe the moved version is clearer?
> 
> Since we know that this checksum is for the pseudo-header
> and UDP header alone, with len=0 and no carried data;
> I'm just wondering now if that can be improved?
> 
> DF
>

v2.23.0 | Report a Bug | By Email