IETF Logo Mail Archive

[tsvwg] OCS option in draft-ietf-tsvwg-udp-options-07

"C. M. Heard" <heard@pobox.com> Sat, 09 March 2019 13:24 UTC

Return-Path: <heard@pobox.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F1111127968 for <tsvwg@ietfa.amsl.com>; Sat, 9 Mar 2019 05:24:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pobox.com; domainkeys=pass (1024-bit key) header.from=heard@pobox.com header.d=pobox.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xVzkGNFrhCpM for <tsvwg@ietfa.amsl.com>; Sat, 9 Mar 2019 05:23:58 -0800 (PST)
Received: from pb-smtp21.pobox.com (pb-smtp21.pobox.com [173.228.157.53]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 56F021276D0 for <tsvwg@ietf.org>; Sat, 9 Mar 2019 05:23:58 -0800 (PST)
Received: from pb-smtp21.pobox.com (unknown [127.0.0.1]) by pb-smtp21.pobox.com (Postfix) with ESMTP id 5C9A840145 for <tsvwg@ietf.org>; Sat, 9 Mar 2019 08:23:57 -0500 (EST) (envelope-from heard@pobox.com)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=mime-version :from:date:message-id:subject:to:cc:content-type; s=sasl; bh=H8X Af/w2O2I2PiKO8IKQ/F3j0WQ=; b=MShnMj+eRWPSlFX4uJR8mW69CNvvUrtmKVi /oUwFnJxQUCnpg2ha28BN4+fjW0K44fC2HF4t59Qq/hQTYabf18Nh2iacPGjacU0 Vg9U8fyXbuv9DEbf5KO9MfrZemI66BdzP5Ne/XH+SANsGqx0qCNg3hY2ufXIok8E UhllOPHE=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=mime-version :from:date:message-id:subject:to:cc:content-type; q=dns; s=sasl; b= nInFfkEqn0lP8C5bDK/5KMIVosJSn59mN4YYxCAwNiSWcrjCpaoi4ssow21gv6+N 2ehuf2U/47i5B9q/W81Xr75ZnTpew3r4obT6278XJePgu+rSn3zKN8/xXOLyMIjN jEymMzlE93R/pFW8Pa3osUi461zb4J2xxyCVSC3LTlo=
Received: from pb-smtp21.sea.icgroup.com (unknown [127.0.0.1]) by pb-smtp21.pobox.com (Postfix) with ESMTP id 55A5F40144 for <tsvwg@ietf.org>; Sat, 9 Mar 2019 08:23:57 -0500 (EST) (envelope-from heard@pobox.com)
Received: from mail-it1-f174.google.com (unknown [209.85.166.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pb-smtp21.pobox.com (Postfix) with ESMTPSA id E8E8140140 for <tsvwg@ietf.org>; Sat, 9 Mar 2019 08:23:54 -0500 (EST) (envelope-from heard@pobox.com)
Received: by mail-it1-f174.google.com with SMTP id l139so529159ita.5 for <tsvwg@ietf.org>; Sat, 09 Mar 2019 05:23:54 -0800 (PST)
X-Gm-Message-State: APjAAAXOPsG0LuqM7o3zWsaw7W0nW7Hahz33nTEnmoONMi9kW6rf1Zmg /c03Nf1PJY9DQbgdogN+1dgKksNmGIZ7d1e+f9Q=
X-Google-Smtp-Source: APXvYqwyeUWzlsPhsEzBBxgjGonZiKYVuSFh5IwyYda79+4mzvhIhk8d6twUZGRPnBLBi6zQLuBVQApv47yByqzk5WU=
X-Received: by 2002:a02:a589:: with SMTP id b9mr13431256jam.40.1552137833682; Sat, 09 Mar 2019 05:23:53 -0800 (PST)
MIME-Version: 1.0
From: "C. M. Heard" <heard@pobox.com>
Date: Sat, 09 Mar 2019 05:23:41 -0800
X-Gmail-Original-Message-ID: <CACL_3VFg-EWCYHZ4+kYV30vjNzPs90ysAu5SCdLNb+9OPxE+3g@mail.gmail.com>
Message-ID: <CACL_3VFg-EWCYHZ4+kYV30vjNzPs90ysAu5SCdLNb+9OPxE+3g@mail.gmail.com>
To: tsvwg <tsvwg@ietf.org>
Cc: Joe Touch <touch@strayalpha.com>, Gorry Fairhurst <gorry@erg.abdn.ac.uk>, Tom Jones <tom@erg.abdn.ac.uk>, Raffaele Zullo <raffaele@erg.abdn.ac.uk>
Content-Type: multipart/alternative; boundary="000000000000381f020583a940d0"
X-Pobox-Relay-ID: 96761C4A-426E-11E9-B991-EE24A11ADF13-06080547!pb-smtp21.pobox.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/a7RvHWPjhI03bqG-IiHSi1QN4jo>
Subject: [tsvwg] OCS option in draft-ietf-tsvwg-udp-options-07
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 09 Mar 2019 13:24:01 -0000

Greetings,

In an off-list e-mail, Gorry Fairhust brought to my attention the fact that
the errant middleboxes that CCO is designed to work around do not use the
correct length value in their (re)computation of the UDP checksum. Quoting
from draft-fairhurst-udp-options-cco-00:

   These middleboxes use the IP Payload Length (obtained as IP Total
   Length - IP Header Length) to fill UDP pseudo-header Length field and
   also compute the checksum over the all IP Payload bytes.

The genesis of this bug is discussed in the maprg presentation given by the
Tom Jones at IETF 103 (
https://datatracker.ietf.org/meeting/103/materials/slides-103-maprg-a-tale-of-two-checksums-tom-jones-00
).

So, besides compensating for the contents of the surplus area, it is
also necessary to compensate for the incorrect length value in the
UDP pseudo-header. The way that CCO does this is to add a 16-bit
pseudo-header of its own that consists of the length of the surplus
area. This pseudo-header needs to be aligned with the UDP pseudo-header
in order to do its job. Aligning the checksum in the CCO option to a
half-word boundary achieves this.

These are the points that Rafaele Zullo was trying to make in the message at
https://mailarchive.ietf.org/arch/msg/tsvwg/ikg4zLMvejJZERWh4hQTAGUrLGY
that escaped both Joe and me.

So, it would seem that the OCS text in draft-ietf-tsvwg-udp-options-07
needs some more editing work to take this into account. The objectives
can still be achieved with an option that has kind = 2 followed by a
16-bit checksum and no length value, but the calculation has to take
into account the fact that the fact that the 16-bit pseudo-header needs
to be aligned with the UDP header. Rafaele Zullo's message discusses
some of the options. One is to use a NOP to force half-word alignment,
but there are other ways to accomplish that objective.

Another point is that it is necessary either for the OCS to cover the
entire surplus area or else for any padding after the UDP options
to be checksum-neutral (e.g., consist of zeroes) in order to properly
compensate for the middlebox behavior described above.

Besides these matters of substance, there are some editorial matters
that need to be attended to. In Section 4 I see:

   UDP options are defined using a TLV (type, length, and optional
   value) syntax similar to that of TCP [RFC793]. They are typically a
   minimum of two bytes in length as shown in Figure 4, excepting only
   the one byte options "No Operation" (NOP) and "End of Options List"
   (EOL) described below.

If OCS is to have no length field (i.e., have an implicit length of 3),
then some text needs to be added to that paragraph. Also, Figure 7 in
Section 5.3 needs to be updated to something like this:

                   +--------+--------+--------+
                   | Kind=2 |     Checksum    |
                   +--------+--------+--------+


The modifications to OCS requested above would not, AFAICT, cause any
significant additional complication. They would also not address the
fact that errant middle box traversal for LITE or FRAG+LITE remains
unaddressed, but I see those as separate issues.

Mike Heard

v2.23.0 | Report a Bug | By Email