IETF Logo Mail Archive

Re: [tsvwg] A review of draft-ietf-tsvwg-udp-options-12

"C. M. Heard" <heard@pobox.com> Mon, 14 June 2021 19:51 UTC

Return-Path: <heard@pobox.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3305D3A07E2 for <tsvwg@ietfa.amsl.com>; Mon, 14 Jun 2021 12:51:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pobox.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x07AytEr3HEv for <tsvwg@ietfa.amsl.com>; Mon, 14 Jun 2021 12:51:38 -0700 (PDT)
Received: from pb-smtp21.pobox.com (pb-smtp21.pobox.com [173.228.157.53]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B2BBA3A0812 for <tsvwg@ietf.org>; Mon, 14 Jun 2021 12:51:38 -0700 (PDT)
Received: from pb-smtp21.pobox.com (unknown [127.0.0.1]) by pb-smtp21.pobox.com (Postfix) with ESMTP id 6C80A139462 for <tsvwg@ietf.org>; Mon, 14 Jun 2021 15:51:37 -0400 (EDT) (envelope-from heard@pobox.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=pobox.com; h= mime-version:references:in-reply-to:from:date:message-id:subject :to:cc:content-type; s=sasl; bh=8ZE/EXXqniOfrqu0KzKXVOaPEKSSs6xU CV53TMRYLHE=; b=oEk1J6XlnWRzd4KnYZKmSYc+Hnhuo/ew6GulPKz2Xw26ut29 /YoSAGfS4jieHfmUye3B7jrPKtRvE4BOeyNgKUPfj5TucOpNNmVQxNipWovJSjNL WdGTwjq+58AOL0CQQsh3TMXIIJJeW91nErkGfbPSj+CbvNJDTZ52PuZpbBc=
Received: from pb-smtp21.sea.icgroup.com (unknown [127.0.0.1]) by pb-smtp21.pobox.com (Postfix) with ESMTP id 65006139460 for <tsvwg@ietf.org>; Mon, 14 Jun 2021 15:51:37 -0400 (EDT) (envelope-from heard@pobox.com)
Received: from mail-il1-f181.google.com (unknown [209.85.166.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pb-smtp21.pobox.com (Postfix) with ESMTPSA id 1218313945E for <tsvwg@ietf.org>; Mon, 14 Jun 2021 15:51:35 -0400 (EDT) (envelope-from heard@pobox.com)
Received: by mail-il1-f181.google.com with SMTP id i13so13270703ilk.3 for <tsvwg@ietf.org>; Mon, 14 Jun 2021 12:51:35 -0700 (PDT)
X-Gm-Message-State: AOAM5312/k81y3T4DrUgZzU2fLAok5d+BEMZ063oOqekXkgfNMzCtCQM Kv3CfMXCdcwakIxZG4/WEhnPGVBuYzX2dDc2upg=
X-Google-Smtp-Source: ABdhPJzjEDAZdqOLSLae9zsb4BKrRPdvlcluWgMsO9peEGMnkHHq+jjd6t++3LYlypmMqUrnCucFjQSIXUoT6jXcdd8=
X-Received: by 2002:a05:6e02:4b0:: with SMTP id e16mr14457428ils.71.1623700293804; Mon, 14 Jun 2021 12:51:33 -0700 (PDT)
MIME-Version: 1.0
References: <D9B2E315-5C7A-4BE9-97A9-AF627F6FD6FF@strayalpha.com> <DCF3D0D3-83E0-4F84-8C1F-57DF9EE63C59@strayalpha.com> <CALx6S37Hx1zafjjr_fnG1ZY7afGEF081QfV5yhdfPftM57Ro0g@mail.gmail.com> <5A6C1B4E-491E-4F62-82EF-F49292F433AB@strayalpha.com> <CALx6S34zXstyhwe8naRozNK3=dtHU-FV6F-L4uv1CK9Yim_-7w@mail.gmail.com> <FC3C3A51-B1D1-4893-8184-3F9CB83F3E66@strayalpha.com> <CALx6S34ejysvRS8GVpTQ=CKimC7LAfMY1Jqs1Y47SJAqPzw-Hg@mail.gmail.com> <D32A5A2A-45EC-4EBE-8861-C12CB29E8297@strayalpha.com>
In-Reply-To: <D32A5A2A-45EC-4EBE-8861-C12CB29E8297@strayalpha.com>
From: "C. M. Heard" <heard@pobox.com>
Date: Mon, 14 Jun 2021 12:51:22 -0700
X-Gmail-Original-Message-ID: <CACL_3VGMHt++gkn+Qa9zi4CyfEXgN-sAXFQEdOacHpX=8OmjcQ@mail.gmail.com>
Message-ID: <CACL_3VGMHt++gkn+Qa9zi4CyfEXgN-sAXFQEdOacHpX=8OmjcQ@mail.gmail.com>
To: Tom Herbert <tom@herbertland.com>, Joseph Touch <touch@strayalpha.com>
Cc: Gorry Fairhurst <gorry@erg.abdn.ac.uk>, TSVWG <tsvwg@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000003bec8c05c4bf2ff2"
X-Pobox-Relay-ID: EC9C214C-CD49-11EB-A04B-FA9E2DDBB1FC-06080547!pb-smtp21.pobox.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/j7LoRya3M2Sb7BiUNZxPvQ9WF6w>
Subject: Re: [tsvwg] A review of draft-ietf-tsvwg-udp-options-12
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Jun 2021 19:51:45 -0000

On Mon, Jun 14, 2021 at 11:44 AM Tom Herbert wrote:

> If it's required and it's first then it's no longer an option, it's
> just a two-byte field in a header that precedes the option list. This
> is much better for efficient processing.
>

That idea will work, but if it is adopted, I would like to make sure that
the following points are covered:

1.) Many of us want it to be possible to include "safe" UDP options in a
trailer for compatibility with legacy receivers who don't support UDP
options.

2.) OCS needs to be present in that case too, and it must cover the entire
trailer, in order to ensure middlebox traversal (as discovered by Tom
Jones).

Thus, if there is a UDP options header that contains OCS, it would need to
be at the front end of the options trailer. If that header included a total
options length, EOL would no longer serve a useful purpose. Everything from
the first byte pointed to by the option length to the end of the packet
would be padding, required to be set to zeroes (but not required to be
checked), and would be covered by the OCS.

Honestly, though, I fail to see a compelling advantage in having a UDP
options header, since an implementation of UDP options is required to loop
through all options in the packet. To paraphrase RFC 791, what is optional
is not the requirement to inspect options when present, but the requirement
that they be in any particular packet. Given that, I don't see how an
options header would be better for fragmentation offload than what I
proposed in
https://mailarchive.ietf.org/arch/msg/tsvwg/N1fmoBxQ5iOL5X7o34oVSA8Ayvw/.

On Mon, Jun 14, 2021 at 11:52 AM Joseph Touch <touch@strayalpha.com> wrote:

> It isn’t required. It’s required to be first *if present*. It’s still
> optional if the UDP checksum is zero.
>

For the record, it actually does not matter where OCS is placed when it is
required to be present (UDP CS<>0), for it is possible to check OCS without
ever parsing the options at all: just calculate the Internet checksum over
the trailer (using the appropriate pseudo-header, of course). That
comprehensively covers the case where UDP CS<>0, which IMO is the important
one, as CS<>0 is required by operational considerations in most situations.

For sockets where UDP CS=0 is allowed, OCS is optional unless the receiver
is configured otherwise. In that case it is indeed advantageous to require
that OCS be first (preceded only by a handful of NOPs) if it is present.
It's not hard to implement optional OCS with UDP CS=0, but IMO parsing a
list of TLVs without first doing an integrity check is a very risky
business, and I question whether it adds any value. (But I won't squawk if
it stays.)

Mike Heard

v2.23.0 | Report a Bug | By Email