IETF Logo Mail Archive

Re: [tsvwg] UDP Options: on forcing the use of UDP CS=0 in connection with FRAG+LITE

Tom Herbert <tom@herbertland.com> Tue, 02 July 2019 18:07 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C91C9120381 for <tsvwg@ietfa.amsl.com>; Tue, 2 Jul 2019 11:07:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JJC0BxweXqxA for <tsvwg@ietfa.amsl.com>; Tue, 2 Jul 2019 11:07:29 -0700 (PDT)
Received: from mail-ed1-x543.google.com (mail-ed1-x543.google.com [IPv6:2a00:1450:4864:20::543]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9BFB41206B8 for <tsvwg@ietf.org>; Tue, 2 Jul 2019 11:07:28 -0700 (PDT)
Received: by mail-ed1-x543.google.com with SMTP id d4so878790edr.13 for <tsvwg@ietf.org>; Tue, 02 Jul 2019 11:07:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=LiOpxwob+Hpcsz0Usu+ZE+ixcQvzAa2hLvvPOHbTJh8=; b=VzYoCSX6J5CQlkMkn24PcToLvjlPqUVUCyhb0dKnfr30m7OOxMp3D1Kgg3AIB0HYeh olVM98vb8G4SjcqmRto2aq05dLgEgKAetfnNx5P+ebPcaLgt+RTcNG4fUzXjcFXhdqJp oUfGsxCamjnQE2lGzAqxZ0tavXsZ29tGT/vtuanD8++BxZw6HemEX/ivy8CL/ddpd0LZ inWfMqNS15WjsETOkOa1wckSiwoqidE7AxR5nNA3iaaGdWtjKCxQoTW2ZpWec/OK7sZR 02Sfu1q7F5abEuhawtulbhXg0DTtps7mUxsgLo1glBoZ93jPV+TE1vN9fh7S///Nm2bE ErRw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=LiOpxwob+Hpcsz0Usu+ZE+ixcQvzAa2hLvvPOHbTJh8=; b=r0nKeZQEwTBgfyH+lDwmLg7ckIvzpIu4YXDBgdw/B/RYahCE0xeTCxdy60X+CvENEc 7nGD7uykiRXVx2tnOcgBhTxiNOhDKllLENI0Lpp39jd6GK2yXoO+NFSedwMqbaN5jD4A rJTf744lBlN25Mxk/SpCUay7JfNb8bcTb9JGuXcAq0AoMJ0pjT5P8rOoge59Ol5ozRpt kSbp5Y0q4+iYHz3DsI2dLg6HF3mvKQxal38utEpDe5mYoi4rgcAmJAnboc5ogGYZb+CP QB379af5hlbw3Y7gfMtU/aZFuY6FSEhhsgdz62PVvvKo95spMznEb0Q5lv2UFkXds//Y qr0g==
X-Gm-Message-State: APjAAAVzsQblfUgk0HRav+ofgSEP6EEJuTIY9V/05NcAkBs7JK8j4vMz G9nFBb3U5znkf3DUUwcGo1ajE2F4LT06cHhiSS5VWw==
X-Google-Smtp-Source: APXvYqzuZZCC0q/xAQE+N+FZ5OjroRrZ/ku9u+sCDRBpKzsFLKInMNZcqp4tspQgjmvb6nuV5tKeG6WkV9pt7ZuVauw=
X-Received: by 2002:a17:906:7901:: with SMTP id b1mr29603079ejo.244.1562090846771; Tue, 02 Jul 2019 11:07:26 -0700 (PDT)
MIME-Version: 1.0
References: <CACL_3VHGtMz3htgfFLRGhjXm=qC7kOXQs+cchtamhh-giBnpLA@mail.gmail.com> <CALx6S35T9ApzMaoSVgHSJPpcpfXsbHHogoBbEjMPj6vH-kxYeA@mail.gmail.com> <CACL_3VE6kr33Vk5si5AxSZNmhqysZZGoy6HK37COUgwbvcRkdA@mail.gmail.com> <24692A9B-4AF1-4E32-A760-7D4908A61262@strayalpha.com> <CACL_3VExhAdFCu-kFLLO5DeRYUOFyJztUgJg-vQmnPoecvzeJg@mail.gmail.com> <CALx6S34zY74fhqbXxmiyturfu5mxFjRtA4=R48haX9tP6qLcow@mail.gmail.com> <CACL_3VE5kOqQq6nHqwthXF4=j8KJse5_X5gek0w6j6UdsUuQ2w@mail.gmail.com>
In-Reply-To: <CACL_3VE5kOqQq6nHqwthXF4=j8KJse5_X5gek0w6j6UdsUuQ2w@mail.gmail.com>
From: Tom Herbert <tom@herbertland.com>
Date: Tue, 02 Jul 2019 11:07:14 -0700
Message-ID: <CALx6S36km55fcY7kPUCQFcJSg1kt-CEZRUCfawPifN1nQ8WFMw@mail.gmail.com>
To: "C. M. Heard" <heard@pobox.com>
Cc: Joe Touch <touch@strayalpha.com>, TSVWG <tsvwg@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/iuSZXCl9S_1ZCh_CaAczjSkosqc>
Subject: Re: [tsvwg] UDP Options: on forcing the use of UDP CS=0 in connection with FRAG+LITE
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jul 2019 18:07:32 -0000

On Tue, Jul 2, 2019 at 10:33 AM C. M. Heard <heard@pobox.com> wrote:
>
> On Mon, Jul 1, 2019 at 2:56 PM Tom Herbert wrote:
> > On Mon, Jul 1, 2019 at 12:16 PM C. M. Heard  wrote:
> > > On Sat, Jun 29, 2019 at 7:58 AM Joe Touch wrote:
> > > >
> > > > See sec 8.1, which incorporates rfc 6936:
> > > >
> > > >          As an exception to the default behavior, protocols that use UDP
> > > >          as a tunnel encapsulation may enable zero-checksum mode for a
> > > >          specific port (or set of ports) for sending and/or receiving.
> > > >          Any node implementing zero-checksum mode must follow the
> > > >          requirements specified in "Applicability Statement for the Use
> > > >          of IPv6 UDP Datagrams with Zero Checksums" [RFC6936].
> > > >
> > > > Frag is a kind of such a tunnel because it adds its own reassembly CS.
> > >
> > > I'll agree that FRAG+LITE with UDP CS=0 does conform to the requirements
> > > in RFC 6936 Sections 4 and 5 because it includes a reassembly CS.
> > >
> > The reason that UDPv6 checksums were required in the first place is
> > that IPv6, unlike IPv4, has no header checksum. The pseudo header in
> > the UDP checksum includes the IP addresses which provides protection
> > against misdelivery when addresses are corrupted. The UDP options
> > reassembly checksum doesn't include the pseudo header so it provides
> > no protection of the IP addresses, and hence I don't believe it
> > satisfies the requirements of RFC6936 for using a zero UDP checksum.
>
> Tom, after a more careful review of the relevant specifications I am
> coming around to your point of view on this matter.
>
> The normative requirements in RFC 6936 are in Section 4 (which defines
> requirements and recommendations on the implementation of IPv6 nodes
> that support the use of a zero UDP checksum) and in Section 5 (which
> defines requirements and recommendations for protocols and tunnel
> encapsulations that are transported over IPv6 without performing a UDP
> checksum calculation). Section 3.41 of RFC 8085 reiterates these
> requirements and levies another requirement of its own, which is stated
> in the last bulleted paragraph below:
>
>    o  Use of the UDP checksum with IPv6 MUST be the default
>       configuration for all implementations [RFC6935].  The receiving
>       endpoint MUST only allow the use of UDP zero-checksum mode for
>       IPv6 on a UDP destination port that is specifically enabled.
>
>    o  An application that supports a checksum different than that in
>       [RFC2460] MUST comply with all implementation requirements
>       specified in Section 4 of [RFC6936] and with the usage
>       requirements specified in Section 5 of [RFC6936].
>
>    o  A UDP application MUST check that the source and destination IPv6
>       addresses are valid for any packets with a UDP zero-checksum and
>       MUST discard any packet for which this check fails.  To protect
>       from misdelivery, new encapsulation designs SHOULD include an
>       integrity check at the transport layer that includes at least the
>       IPv6 header, the UDP header and the shim header for the
>       encapsulation, if any [RFC6936].

Mike,

Right. Conceptually the reassembly checksum could meet the criteria if
the IP addresses were included, but that would break in the presence
of NAT since no NAT devices are going update a new checksum field
(with the possible exception that NAT makes a checksum neutral changes
as described in RFC6296).

So the best approach is to not touch the UDPv6 checksum and to ensure
that the surplus area sums to zero (i.e. the UDP checksum effectively
covers both the UDP payload and surplus area). As I've mentioned
previously, this motivates putting a required checksum field in the
surplus space not just in an option like OCS. A per packet checksum in
surplus area has other benefits beyond making UDP checksum compatible
with middleboxes.

Tom

>
>
> So, to fully comply with existing requirements, FRAG+LITE with forced
> CS=0 over IPv6 would have to conform with the following, even when
> the user leaves the UDP checksum enabled for non-fragmented packets:
>
> 1.) The implementation would have to default to disabling FRAG+LITE,
> i.e., unless the application using a particular port specifically
> requests it, do not transmit datagrams fragmented in this manner and
> do not accept datagrams fragmented in this manner (RFC 6936 Section 4,
> requirements 2-5, RFC 6936 Section 5 requirement 1, and first bulleted
> paragraph above). Ideally, this would be an API switch distinct from
> those that allow UDP CS=0 in general, so that allowing it for FRAG+LITE
> would not open up the floodgates for arbitrary UDP CS=0 datagrams. This
> would require updates to Section 9 of draft-ietf-tsvwg-udp-options-07.
>
> 2.) A transport layer checksum must be provided. The reassembly CS in
> draft-ietf-tsvwg-udp-options-07 satisfies this requirement.
>
> 3.) A UDP application, or the transport layer working on its behalf,
> MUST verify that the source and destination IPv6 addresses are valid
> in any received packet that uses FRAG+LITE with CS=0 (RFC 8085 Section
> 3.4.1, last bulleted paragraph above). This is possible for the client
> end of simple request-response protocols such as DNS or (with suitable
> initial handshakes that don't rely on CS=0) for both ends of a UDP
> application that sets up long-lived sessions between peers. It is not
> possible for a general server that does not know (and cannot establish
> during session setup) the source from which it will receive a packet.
>
> 4.) In order to cope with middleboxes that discard UDP datagrams with
> CS=0, a UDP application that uses FRAG+LITE with forced CS=0 SHOULD
> have a means to detect paths with high loss rates (RFC 6936 Section 5,
> objectives 6 and 7). This is possible only for applications that use
> long-lived flows.
>
> From my perspective, (1) and (2) are pretty much a wash between
> FRAG+LITE with CS=0 and the new alternative proposed in
> https://mailarchive.ietf.org/arch/msg/tsvwg/Wv--BLVMPAX6g5umok9BQsXAEGg:
> the new proposal provides a transport checksum of equivalent strength,
> and we still want application control over whether UDP fragmentation is
> enabled (which IMO should be on a per-port basis and should not happen
> by default). The new proposal does not disable the UDP checksum and so
> is not subject to (3). That is a big deal in my book, because (3) is a
> major burden. And (4) does not apply to the new proposal unless the
> application explicitly requests UDP CS=0, in which case it applies anyway.
>
> Mike

v2.23.0 | Report a Bug | By Email