IETF Logo Mail Archive

Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-options-13.txt

Joseph Touch <touch@strayalpha.com> Sat, 10 July 2021 16:09 UTC

Return-Path: <touch@strayalpha.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 80F433A13B5 for <tsvwg@ietfa.amsl.com>; Sat, 10 Jul 2021 09:09:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.318
X-Spam-Level:
X-Spam-Status: No, score=-1.318 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.779, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=strayalpha.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kWHl-rtEuZ2M for <tsvwg@ietfa.amsl.com>; Sat, 10 Jul 2021 09:09:44 -0700 (PDT)
Received: from server217-3.web-hosting.com (server217-3.web-hosting.com [198.54.115.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D95893A13B2 for <tsvwg@ietf.org>; Sat, 10 Jul 2021 09:09:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=strayalpha.com; s=default; h=To:References:Message-Id:Cc:Date:In-Reply-To: From:Subject:Mime-Version:Content-Type:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=4VvPytsLAY6GzncPSABq83KbMYn7siUXY7gBHvOXpSY=; b=e4x11oHN1mUsEC54KCWtLcE/Gv M4Wn1nLbRVi/2+JvivMNhBL+3R4LERrWdb2JNe1pDz2pdpS4tvuZxH54HksZs5UWXL/9UkSl2tb8R yhT2KeA40kMG4ydXfBPxwpeunWCi5a2FoUAszQfxjrWObJTXWZmTE9odiMRRqWv3da40tQ+DjCSSK OXthPrQgM5P8DSb3kDr7b35zDZJujVXGhBw0fu9OxHTE3dxqu/2yOQrKBtbN7BfmHeHDofbAi3FUy n77M70+FU6tL871vihc3g1Mc7G/T3whF8wJ5cFQ2a5IPjCvPlv9bEghsdW7KjMfFD0P+sRifUjTbP 7HchFaxA==;
Received: from cpe-172-250-225-198.socal.res.rr.com ([172.250.225.198]:53573 helo=smtpclient.apple) by server217.web-hosting.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <touch@strayalpha.com>) id 1m2FXv-000ouD-1s; Sat, 10 Jul 2021 12:09:43 -0400
Content-Type: multipart/alternative; boundary="Apple-Mail=_AD724A0B-5D47-48BF-A889-23A85AC661A6"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.100.0.2.22\))
From: Joseph Touch <touch@strayalpha.com>
In-Reply-To: <CALx6S36Avgjhz84rKc_=c1DCRsWHquSgztPT_7visUkacj+H8A@mail.gmail.com>
Date: Sat, 10 Jul 2021 09:09:37 -0700
Cc: TSVWG <tsvwg@ietf.org>
Message-Id: <EBBDB369-55D6-4E5B-8FC5-1EDF65A13327@strayalpha.com>
References: <162408795080.21706.5548660195641640175@ietfa.amsl.com> <C2C396E7-B728-496E-841B-D9F64004D3E3@strayalpha.com> <CACL_3VHC55cdu96=5OuNKmaaXrvDY5wkYid9a+j6=VtQrvJhZg@mail.gmail.com> <5086F1C2-55C9-4BD4-BB80-9C247E379204@strayalpha.com> <CALx6S373DmsGAncT8j2rGdpSfQ8q6pZi7iTVw4geZuxQdbA-sA@mail.gmail.com> <6E26E6BD-9AC0-46FF-8BA5-EDA016F840CE@strayalpha.com> <CALx6S352p8rboxD9k3bebLvep0rwk37y5avxbqFaFCsuQ_Nt2w@mail.gmail.com> <FE7B082E-B684-4D0A-B0F7-3761EBC25720@strayalpha.com> <CALx6S36Avgjhz84rKc_=c1DCRsWHquSgztPT_7visUkacj+H8A@mail.gmail.com>
To: Tom Herbert <tom@herbertland.com>
X-Mailer: Apple Mail (2.3654.100.0.2.22)
X-OutGoing-Spam-Status: No, score=-1.0
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server217.web-hosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - strayalpha.com
X-Get-Message-Sender-Via: server217.web-hosting.com: authenticated_id: touch@strayalpha.com
X-Authenticated-Sender: server217.web-hosting.com: touch@strayalpha.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/TstTV-uG9E7AoWOAmECobQhqNvc>
Subject: Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-options-13.txt
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 10 Jul 2021 16:09:50 -0000

Hi, Tom,

> On Jul 10, 2021, at 8:19 AM, Tom Herbert <tom@herbertland.com> wrote:
> 
> On Fri, Jul 9, 2021 at 5:15 PM Joseph Touch <touch@strayalpha.com> wrote:
>> ...
>> 
>>> In contrast to checksum calculation, walking TLV lists is still
>>> considered a major problem for performance.
>> 
>> And that’s still required for TCP and IP. We’re no different. That has no impact on checksum offload for UDP, only in option processing.
>> 
> TCP and IPv4 do not require walking their respective options to
> validate the checksum,  

OK, we agree on that. So at least we’ve established the use of TLVs isn’t an offload issue.

> UDP options does at least when UDP checksum is
> non-zero. If processing UDP options walks the list twice,

Only when the SHOULD is not followed; we can certainly add that note.

An implementation could easily walk the TLV and set a flag if options other than OCS or NOP appear. The walk ignores such options until OCS and restarts if OCS works.

So we can note that this “double walk” would incur double work if:
	- options other than OCS and NOP appear before OCS
	AND
	- offloading is used

Without offloading, the walk always occurs twice: once to compute the checksum, once to process options, and the first pass can keep a copy of the OCS value to check before the second pass.

> .... Maybe there are other intended methods like
> provisionally processing TLVs and throwing out work when a bad
> checksum is detected or scoreboarding of TLVs, but those options are
> not articulated in the draft nor are there any references to
> implementation that show this.

We can mention that possibility, which would be no different than deep conditional processing that many systems alr

But, again, the issue isn’t about offloading, it’s in post-offload processing, and only if the SHOULD is not followed.

At that point, yes, we could do something to avoid that possible issue without impacting those who don’t use OCS, but it’s a lot simpler than has been proposed before. It does revive the idea of a required UDP option header, but it would basically be just an aligned OCS checksum:

	- NOPs until 4-byte alignment (note that some wanted 8-byte alignment, so we have to pick)
	- OCS checksum field only (no kind, no length)

If we don’t require alignment, there’s a small amount of additional work. That might not be useful to optimize for because the UDP option space isn’t constrained the way TCP’s is, though.

That overcomes the post-offload issue for OCS, though there’s still a similar post-offload issue for other options (ENCR, AUTH) that matches the same ‘chain’ problem you’ve been concerned about that still in other protocols that use offloading for crypto, e.g., IPsec, TCP-MD5/TCP-AO, etc.

Joe

v2.23.0 | Report a Bug | By Email