IETF Logo Mail Archive

Re: [tsvwg] Alternative version of the UDP FRAG option

Tom Herbert <tom@herbertland.com> Tue, 19 March 2019 20:37 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7004D12867B for <tsvwg@ietfa.amsl.com>; Tue, 19 Mar 2019 13:37:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id irripPo5GcOJ for <tsvwg@ietfa.amsl.com>; Tue, 19 Mar 2019 13:37:51 -0700 (PDT)
Received: from mail-qk1-x731.google.com (mail-qk1-x731.google.com [IPv6:2607:f8b0:4864:20::731]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 70CD712796F for <tsvwg@ietf.org>; Tue, 19 Mar 2019 13:37:51 -0700 (PDT)
Received: by mail-qk1-x731.google.com with SMTP id c20so7996646qkc.10 for <tsvwg@ietf.org>; Tue, 19 Mar 2019 13:37:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=4qu5JAt6NRqUsYAsx9jt8oCrGiDGNcyfexCoP0RK4L8=; b=A0Wqc34g4DKPyVgN8LM4HxRVRxF1GeFZT+tRQXsjxOr0YPtkGA3Y9qdOdOX3F9hB8T lk9IXT2NXYtcgmb+X2JkWoCWz4gwmKj8BDwJeiyuuHxi/rCPFYbnH0HyBpAXDWE/HqZi QYU3iZc2v7ncs55I9Vqx0LeYhqIhoA3RD01mRPRcPKqc/xDz2lCyR2KG0WBSSN/h0bPo QjkH7hVi+0KZHMBTSPbgfuQDGTdgQs20ckWFmPyOVvjaMrnz6QVp/QjnDqSAVBvJOucN aOhXxMcSGSlz2eLT73GB20EdwXjXguCGGP51K6fqSPBQYYPHny8eaP6e/wh10j2w6byD lURA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=4qu5JAt6NRqUsYAsx9jt8oCrGiDGNcyfexCoP0RK4L8=; b=gK6+jwPZ2AAB88PArRSpURsuk6QvmF3AaW/YwHrmHlXgbRuSZ8H6M6XERtX3EJXJQy d6Sjq8Q7vdbTB4YBH11oq7N0P8t45c9sh7nQZ8wxBJJDVspJPZA0dk8yf3faEiP1bl+N UaH762VFqVXdy+UrzFDRoWrLHDYEWecT4cgttLp5ISoCp5s7C7rsgmHlP0Co4Yz9yOky SZNtHig68EDchgbPfMB/q7PE6DWgJL55uqqlXA8R/gzuvnmR3W35Uerg7qRzBDJMNoVA ud2IZ39tcbr8b1kpu6sEjc08c8rD1u3HDL1pDrqCI9+mruRBbeoEDlZGzjkTwiGtvmnt 18Yw==
X-Gm-Message-State: APjAAAU30MuINw/88e32Vn90WHXCG40ESgCCCv2L3bEBe7yKXoWfHB6z gw1A5Q/qu5eti4LCMZ9j9p/BI9jIC0S5bTIz3usVkYz/NF8=
X-Google-Smtp-Source: APXvYqyl4aKDGuvb5aWUQZ01+3z45IL7gSR1mX1YIPwnQj6Ez1FkqV6cj3LZKNqTKjKvlRiXf9WOXl17mFKmg/wjei4=
X-Received: by 2002:a37:6c84:: with SMTP id h126mr3637636qkc.168.1553027870324; Tue, 19 Mar 2019 13:37:50 -0700 (PDT)
MIME-Version: 1.0
References: <CACL_3VE1=0OORUuOKg9GjcdVuhBNTkWhymE7PAs5WYO0ZR0DWQ@mail.gmail.com> <CALx6S37y_AbESyX5PcCSu7NEr-uPVrPXksEeAx5aSNAyqshL6Q@mail.gmail.com> <CACL_3VFJTxM3s-GLOTz9xmkNk1uOQoCmAGApbAf1ZgbH3Opptw@mail.gmail.com> <CALx6S36aWKHFXO=Zx8W-wFqqC5-Oueb3j-b9evm-yKpfguVQuw@mail.gmail.com> <5C8FBBED.7000805@erg.abdn.ac.uk> <CALx6S34FKNJ_6Ep659L3t_Kf4bnEKZ5LTjXo-zWz4PrveU_UVA@mail.gmail.com> <CALx6S37MsCmOOsn0bnHoTwJkN7Khfm03z__W4hhy7c29XuvQHw@mail.gmail.com> <5C8FDEED.8010701@erg.abdn.ac.uk> <CALx6S36fQcRdgvCG3XS78EecFjdb36D22iBzovXcODH_W+BHbg@mail.gmail.com> <5C90A81A.8050409@erg.abdn.ac.uk>
In-Reply-To: <5C90A81A.8050409@erg.abdn.ac.uk>
From: Tom Herbert <tom@herbertland.com>
Date: Tue, 19 Mar 2019 20:37:37 +0000
Message-ID: <CALx6S36CttWC88SvA5-87pirGer7EQYD_TGhpHFCTQJS2sPZ2A@mail.gmail.com>
To: Gorry Fairhurst <gorry@erg.abdn.ac.uk>
Cc: tsvwg <tsvwg@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000898a3c0584787adf"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/PqSKafIv0G9mfMAfxQYINyovf34>
Subject: Re: [tsvwg] Alternative version of the UDP FRAG option
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Mar 2019 20:37:55 -0000

On Tue, Mar 19, 2019, 9:28 AM Gorry Fairhurst <gorry@erg.abdn.ac.uk> wrote:

> Tom, I don't agree with some of this...
>
> On 18/03/2019, 20:54, Tom Herbert wrote:
> > On Mon, Mar 18, 2019 at 11:10 AM Gorry Fairhurst<gorry@erg.abdn.ac.uk>
> wrote:
> >> On 18/03/2019, 16:27, Tom Herbert wrote:
> >>> On Mon, Mar 18, 2019 at 8:58 AM Tom Herbert<tom@herbertland.com>
>  wrote:
> >>>> On Mon, Mar 18, 2019 at 8:40 AM Gorry Fairhurst<gorry@erg.abdn.ac.uk>
>  wrote:
> >>>>> I think I missed something between these emails....
> >>>>>
> >>>>> On 18/03/2019, 15:13, Tom Herbert wrote:
> >>>>>> On Mon, Mar 18, 2019 at 7:43 AM C. M. Heard<heard@pobox.com>
> wrote:
> >>>>>>> On Sat, Mar 16, 2019 at 9:06 AM Tom Herbert wrote:
> >>>>>>>> Thinking about this, it occurs to me be that the LITE option isn't
> >>>>>>>> needed. The assumption in the UDP options draft is that a receiver
> >>>>>>>> needs the UDP payload to immediately follow the UDP header, but
> the
> >>>>>>>> UDP payload can be anywhere in the surplus area as long as it's
> >>>>>>>> aligned to four bytes. A receiver will know how to handle it and
> >>>>>>>> deliver the UDP data to the application (e.g. by maintaining a
> pointer
> >>>>>>>> to the data).
> >>>>>>>>
> >>>>>>>> So that allows a format like:
> >>>>>>>>
> >>>>>>>> UDP header (Length=8) | Surplus area header | Options | Payload
> >>>>>>>>
> >>>>>>>> The surplus area header contains the header length and a checksum
> >>>>>>>> covering the surplus space (four bytes altogether). The three
> headers
> >>>>>>>> can thought of as an extended UDP header, so the format becomes:
> >>>>>>>>
> >>>>>>>> Extended UDP header | Payload
> >>>>>>>>
> >>>>>>>> Which looks a whole lot like any other protocol format with a
> variable
> >>>>>>>> length header such as TCP or IPv4.
> >>>>>>> A major downside to this approach is that is does not let you add
> >>>>>>> "optional to process" options such as MSS, Echo Request, and Echo
> >>>>>>> Response to UDP datagrams that are intended to be processed
> normally
> >>>>>>> by legacy receivers that do not understand UDP options or the
> extended
> >>>>>>> UDP header format. You can do that with the option trailer as
> >>>>>>> currently proposed.
> >>>>> Right, so this really re-designs UDP as a sublayer to another
> transport.
> >>>>> To me, this looks very like an encaps like DCCP-in-UDP or GRE-in-UDP,
> >>>>> etc. So this isn't an "option" it's an encapsulation.
> >>>>>> Mike,
> >>>>>>
> >>>>>> The converse is also true. We can't put options in a trailer that
> >>>>>> *must* be processed by the receiver (fragmentation, compression,
> >>>>>> security, etc.).
> >>>>>>
> >>>>>> Tom
> >>>>> Why this? I thought that if you make a request to negotiate to use
> say
> >>>>> enhanced integrity checking or some security option, then you can
> >>>>> require the option to be present at the receiver?
> >>>> Gorry,
> >>>>
> >>>> How does negotiation work with a transport protocol that is stateless?
> >>>> Negotiation implies state is maintained between two endpoints.
> >>>>
> >>> Also, if there is a negotiation then there communicating endpoint is
> >>> known to not be a legacy receiver so the extended header can be used.
> >>> Then if the packet is received by some other legacy node (e.g. because
> >>> of VIP, address corruption, peer rebooted and state is lost) the
> >>> packet is "dropped" (a zero length UDP datagram is received by the
> >>> peer).
> >>>
> >>> Tom
> >> So I wa sthinking that the app "knows" what is "negotiated". It could be
> >> that the app decides it needs security or enhanced integrity check and
> >> therfore configures to add this at the sender and check at the receiver.
> >> Whether this "knowing" is hard-coded or uses an upper layer handshake
> >> isn't so significant to me. An upper layer handshake/protocol could also
> >> include some sort of fall-back.
> >>
> >> For an apps that is itself stateless it just has to be designed to use a
> >> UDP Option or not. In the same way that it chooses TCP or could use SCTP
> >> etc.
> > Gorry,
> >
> > If negotiation is an integral mechanism in UDP options then we really
> > need the specification for it.
> I'm really unsure we need much extra.
> > For important options received in a packet (frag, security, integrity
> > check, etc.) the requirements are straightforward: either the option
> > is processed and appropriately verified, or the packet must be
> > dropped. An alternative that allows a receiver to just ignore them and
> > still receive the data like nothing happened is a non-starter.
> >
> > For UDP options this means:
> >
> > 1. If there are important UDP options present then the receiver must
> > process the option space or drop the packet. For this reason,
> > important options cannot be in trailers (legacy mode in UDP options
> > draft).
> I don't think this is correct.
> > 2. If there is an important option that is unknown to the receiver or
> > can't be processed by the receiver then the packet must be dropped. In
> > other protocols (e.g. DO, HBH options in IPv6) the option type
> > includes an indication of what to do if type is unknown to the
> > receiver (basically skip option or drop).
> That makes sense at the network layer - e.g. where a tunnel
> does not know what is being transported.
>
> For UDP Options, that operate on endpoints, I can't figure out
> why coding for a sending app would add an option and code
> for a receiving app would not be correspondingly updated. If they
> are different versions of the endpoint code, then that's an app
> problem.
> > UDP options should adopt this.
> You may think so, I don't.
>

Gorry,

Suppose we create a compression option whereby UDP payload is compressed
and decompressed at the receiver. The option must be processed or the
packet containing it must be dropped, lest the application receives
gibberish. Now suppose a host receives a packet with the option, but hasn't
yet implemented it so it is an unknown type. Regardless of whether the
sender is "allowed" to send the option, the robustness principle dictates
that the host needs to be prepared deal with it when it is received. The
correct behavior is that the host drops the packet. It does this because
the option is unknown and it's bad to ignore. So to ensure correct
behavior, either the bit is needed or all packets with any unknown options
need to be dropped.

Tom


> 3. Important options themselves need to be protected. We can't allow a
> > single bit corruption to make an important option just disappear. This
> > is a motivation for options to always be covered by a checksum. There
> > is a peculiarity that should be documented in that the checksum might
> > be used to protect an option holding a stronger integrity check (like
> > a CRC option).
> If the app relies on the option - then it will look for it, and discard
> when
> it is not found. That includes if you look for a CRC. The code we have
> simply throws the packet when expecting a CRC and not finding one,
> as if the CRC were wrong. The checksum provides a pre-check including
> the pseudo-header.
>
> If the options space is corrupted then the UDP packet should be thrown
> away. (OK, one could have LITE
>

Right, and the only way to detect a corrupted

> > Tom
> Gorry
> >>>> Tom
> >>>>
> >>>>> Am I misunderstanding something?
> >>>>>
> >>>>> Gorry
> >>>>>>> Mike Heard
> >> Gorry
> >>
>
>

v2.23.0 | Report a Bug | By Email