IETF Logo Mail Archive

Re: [tsvwg] Rregarding soft-state and UDP options

Tom Herbert <tom@herbertland.com> Sun, 05 January 2020 19:14 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B0C49120033 for <tsvwg@ietfa.amsl.com>; Sun, 5 Jan 2020 11:14:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0t6_RJXAATRG for <tsvwg@ietfa.amsl.com>; Sun, 5 Jan 2020 11:14:57 -0800 (PST)
Received: from mail-ed1-x535.google.com (mail-ed1-x535.google.com [IPv6:2a00:1450:4864:20::535]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 192C512007A for <tsvwg@ietf.org>; Sun, 5 Jan 2020 11:14:57 -0800 (PST)
Received: by mail-ed1-x535.google.com with SMTP id m8so45746967edi.13 for <tsvwg@ietf.org>; Sun, 05 Jan 2020 11:14:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=xVRfTJF8FV+8IHlxjO9KlnN3VkGSzMDfMHUDjH6O3vs=; b=QmE9BE/ZMBv3ymImT6EDfd0BbmB4goW4HjxrJLdylx3V88wimI4uEj5/PGzPXrGA79 N42lGmDy99e3zM7RcjztvYxexiFFKWYuVj7Q3+BW27AMFWye4JG2cD6ohQ3EEsVn/bUB kD6fSJUQhpfvZYp5lhf8E+RpIy3h/4cu+9QThfw5o5BvyiLijIidQORvdmnA+BrihGfR wsUz6GSULI3krzKVVuhVMZqx3NDFcEzQrcD0xATKklkapRxnW0Z/0wRcEzHV4BXGb5vf ZhrendGd3NHWkEPkY8tFPdX4lcqPBotfJqUqSxiSldTmlHung0wn74/mQhJVMaflYf2D y9xQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=xVRfTJF8FV+8IHlxjO9KlnN3VkGSzMDfMHUDjH6O3vs=; b=JEGao4gP9T1ogoXhgOSZ0OWRUKsFIiH4DwFfA0HE+Q9cVjRr+rIBRaQIeDZRt5lbjW 1/aVZ8WP7wsyQYAwdgIodUKYoiiRsZXNQsX/HPlL8KSaS+aKcyVS4pDBFyN0V94bW93g IZJ1aenosGob7W4MWbkkGxXB14Xy2ASuxRxzkHUMCku4HMEnnx1kziuAzJL9WH2QxBFX NNmUs5CKZEZB/rYCmrklPS8Qg86bImajfj/FvaRTGIBztyUIR/mkENbRqEGcUxXnK6rz x4Vyg6VLBHChiY1LSzwzvrue6pgGMQkZQ9/4NBvWaeeCMK2jKmfKmsECJhW6U6LnTCcB 9mug==
X-Gm-Message-State: APjAAAXDpgPXq7YlUJBt6oiq8kApdseoW5s1ao1G1IPlc4VCnn/oiYBn j+ogz2sUZU3cU7IX41lGwyDnKo+MzPLxsfg3qzt4+A==
X-Google-Smtp-Source: APXvYqw/TQTKhgzNOm6CLbZRchkF2q9Jfd2g7g+PxetmMe+2kjr1mhErOoO/Ke27YOebJNI6s1WIaGcg0SIImO+dTAY=
X-Received: by 2002:a05:6402:1777:: with SMTP id da23mr104072334edb.292.1578251695319; Sun, 05 Jan 2020 11:14:55 -0800 (PST)
MIME-Version: 1.0
References: <CALx6S36227JnMkaZtPUvJoY5Pw-rQgy2R6tqt1PF_L=bgCjxCA@mail.gmail.com> <85C8C994-3FEA-4DF4-8C46-75CB205D09EA@strayalpha.com> <CALx6S34EfhcthoG4Qtr0JtfsdqQPr-2=havTvq_7nh9K8XDhJA@mail.gmail.com> <5E21B9BD-3148-43C9-BCB8-E6F5DFCE69C3@strayalpha.com> <CACL_3VHvHQZgN40VDKg6+ZidmjLq5SisaqZ9ARZZNEq10q7gBw@mail.gmail.com> <251CF72E-05E3-4644-A31E-8B21134B5060@strayalpha.com> <CALx6S37S+6=6=Uv-kFKinS0EXOQ33ie-UsH0dv4HW8skeE=jvw@mail.gmail.com> <C10CCF7C-712A-4667-B9E3-8C9AEDABD7A5@strayalpha.com> <CACL_3VF1_tEN91a3Ze34mjm1K7=6f-9qaBN8Gm1c1vwCPCMgHw@mail.gmail.com> <CALx6S348quRyqME-zM2Td=h7RORL2R93kFCCMX+GuY9DRw1aVA@mail.gmail.com> <D749E1AC-437F-48BD-85BC-1E0F6C381EFF@strayalpha.com> <CACL_3VFxO4ny8F5SD1VxHXQgcj-u1yM5FEXhRtTyjBkG1S=rkg@mail.gmail.com> <F8C76D86-0AF4-4301-9F77-8A13570BCBC0@strayalpha.com>
In-Reply-To: <F8C76D86-0AF4-4301-9F77-8A13570BCBC0@strayalpha.com>
From: Tom Herbert <tom@herbertland.com>
Date: Sun, 05 Jan 2020 11:14:43 -0800
Message-ID: <CALx6S37oZK8urwN-TCpZxs9F_+QXzobT8-rObPH112NkqSpUVQ@mail.gmail.com>
To: Joe Touch <touch@strayalpha.com>
Cc: "C. M. Heard" <heard@pobox.com>, TSVWG <tsvwg@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/rNt4KoQT_zF38dXop7IxzFxCzpw>
Subject: Re: [tsvwg] Rregarding soft-state and UDP options
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Jan 2020 19:15:00 -0000

On Sun, Jan 5, 2020 at 8:25 AM Joe Touch <touch@strayalpha.com> wrote:
>
> Just to dive a little into the TCP example, additionally:
>
> On Jan 4, 2020, at 7:10 PM, C. M. Heard <heard@pobox.com> wrote:
>
> Since you brought it up, let's compare and contrast the operation of TCP-AO and TCP-MD5 with that of UDP-AE, in the case that an endpoint erroneously (due, e.g., to a misconfiguration) attempts to initiates an exchange containing the option with a peer that does not understand it.
>
> For TCP-AO or TCP-MD5, the listener will receive a SYN segment with the option. Since it does not understand the option, it will return a SYN-ACK that does not contain the option.
>
>
> The presence of unknown TCP options **NEVER** causes a SYN to be ignored, discarded, or to generate a RST. It is simply ignored.
>
> It is the result of *state exchange* that enables the endpoints to know when to use - or not use - those options. It is the responsibility of the sender to know what options to use; the receiver is ALWAYS ALLOWED TO INGORE OPTIONS that it hasn’t confirmed by state exchange - even after a connection is established.
>
> E.g., even if the side opening the connection, sending the SYN+AO were to ignore the reply (SYN-ACK without AO, never RST), let’s look at what happens to the connection afterwards. Let’s say the side opening the connection decides to include AO anyway. The receiver WOULD CONTINUE TO IGNORE OPTIONS IT DOESN’T UNDERSTAND.
>
> See RFC1122, Sec 4.2.2.5.
>
> Your subsequent claim is incorrect, as per the citations below:
> > Seeing a SYN-ACK without the option, the initiator will return a RST segment.
>
> RFC2385 for TCP-MD5, Sec 2.0:
>
>    Unlike other TCP extensions (e.g., the Window Scale option
>    [RFC1323]), the absence of the option in the SYN,ACK segment must not
>    cause the sender to disable its sending of signatures.  This
>    negotiation is typically done to prevent some TCP implementations
>    from misbehaving upon receiving options in non-SYN segments.  This is
>    not a problem for this option, since the SYN,ACK sent during
>    connection negotiation will not be signed and will thus be ignored.
>    The connection will never be made, and non-SYN segments with options
>    will never be sent.  More importantly, the sending of signatures must
>    be under the complete control of the application, not at the mercy of
>    the remote host not understanding the option.
>
>
> RFC5925 for TCP-AO, Sec 11:
>
>    TCP-AO does not include a fast decline capability, e.g., where a SYN-
>    ACK is received without an expected TCP-AO and the connection is
>    quickly reset or aborted.
>
>
> —
>
> For UDP, the original design goal was to follow this behavior, i.e., that the receiver always ignores options it doesn’t understand individually.

Since when was options considered in the design of UDP? I'm looking at
RFC768 and see nothing about this.

> That’s largely because options overall can be ignored - there’s no way to “unring the bell”. Even if we bury options or user data inside the FRAG+LITE, the *ONLY* correct behavior is to have the receiver see a zero-length UDP packet arrival.
>
> There is NO way to prevent that for legacy receivers - and thus there should be no way to do otherwise for option-aware receivers. The best we should ever try to do is to make option-aware receivers see what legacy receivers see in that case (unknown options) - a blank packet.

Joe,

As discussed before, the fact that a legacy receiver can receive a
blank packet is potentially problematic. We cannot eliminate the
possibility that zero length UDP packets don't have some detrimental
side effect by some receiving application. We're accepting that the
risk of this is small, but this behavior is far from optimal and if
there were a way to ensure that legacy receivers dropped packets with
UDP options we'd do that. Forcing option-aware receivers to have this
same sub-optimal behavior just to be consistent with legacy receivers
makes no sense.
>
> So regardless of any rules, we MUST NOT try to declare any rule where the receiver “sees NO packet”.
>
Your draft doesn't meet this requirement. e.g. "Option lengths MUST
NOT exceed the IP length of the packet. If this occurs, the packet
MUST be treated as malformed and dropped".

Tom

> Joe
>

v2.23.0 | Report a Bug | By Email