Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-options-13.txt
"C. M. Heard" <heard@pobox.com> Sat, 31 July 2021 23:29 UTC
Return-Path: <heard@pobox.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4217D3A1FF5 for <tsvwg@ietfa.amsl.com>; Sat, 31 Jul 2021 16:29:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pobox.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1Ws8CT4hTJSk for <tsvwg@ietfa.amsl.com>; Sat, 31 Jul 2021 16:29:15 -0700 (PDT)
Received: from pb-smtp21.pobox.com (pb-smtp21.pobox.com [173.228.157.53]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 52B0E3A1FF3 for <tsvwg@ietf.org>; Sat, 31 Jul 2021 16:29:14 -0700 (PDT)
Received: from pb-smtp21.pobox.com (unknown [127.0.0.1]) by pb-smtp21.pobox.com (Postfix) with ESMTP id 739361572ED for <tsvwg@ietf.org>; Sat, 31 Jul 2021 19:29:07 -0400 (EDT) (envelope-from heard@pobox.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=pobox.com; h= mime-version:references:in-reply-to:from:date:message-id:subject :to:cc:content-type; s=sasl; bh=/ANJlUelEDdtLcb8s7ngAOQLXMQDQwmO d/h4pwFJjEM=; b=kFH20k4cOqSbTuaGpCFD5UAFUGIJqkRUL1Uv5kU3q9Zg+iTi kAAHZwnMYiMpWWiev4rtYU37yQCywqNgzZvNitTURs5WvgBxNfU4B6l9lIaox55h Zr69GaXmURj30voSi6RBrCup3RT/8SgLplqHubJiZtwDDBJtn5RfZYoR1KA=
Received: from pb-smtp21.sea.icgroup.com (unknown [127.0.0.1]) by pb-smtp21.pobox.com (Postfix) with ESMTP id 6D4491572EC for <tsvwg@ietf.org>; Sat, 31 Jul 2021 19:29:07 -0400 (EDT) (envelope-from heard@pobox.com)
Received: from mail-pj1-f41.google.com (unknown [209.85.216.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pb-smtp21.pobox.com (Postfix) with ESMTPSA id 207CE1572EB for <tsvwg@ietf.org>; Sat, 31 Jul 2021 19:29:05 -0400 (EDT) (envelope-from heard@pobox.com)
Received: by mail-pj1-f41.google.com with SMTP id b6so20379652pji.4 for <tsvwg@ietf.org>; Sat, 31 Jul 2021 16:29:05 -0700 (PDT)
X-Gm-Message-State: AOAM531VIpdAxgq91rd/efutMKk6eGw1ObnquUFALVu56RICB7j15IZw T2qWGsoTutaM0WJC7HckxK90sImmVKl0Oy+WptE=
X-Google-Smtp-Source: ABdhPJxpLS7GtWx4UPVnail0V8glLpYnqeF/akeMHp7RTBZPe8s2i7Jc2aKJwF4uht+uBNri5I4aXQ9uKKaVgCrMSz0=
X-Received: by 2002:a63:149:: with SMTP id 70mr493662pgb.413.1627774144143; Sat, 31 Jul 2021 16:29:04 -0700 (PDT)
MIME-Version: 1.0
References: <162408795080.21706.5548660195641640175@ietfa.amsl.com> <C2C396E7-B728-496E-841B-D9F64004D3E3@strayalpha.com> <CACL_3VHC55cdu96=5OuNKmaaXrvDY5wkYid9a+j6=VtQrvJhZg@mail.gmail.com> <5086F1C2-55C9-4BD4-BB80-9C247E379204@strayalpha.com>
In-Reply-To: <5086F1C2-55C9-4BD4-BB80-9C247E379204@strayalpha.com>
From: "C. M. Heard" <heard@pobox.com>
Date: Sat, 31 Jul 2021 16:28:52 -0700
X-Gmail-Original-Message-ID: <CACL_3VF=yW1D9MMMMAHtcQvANRpp0b_e3N41kTnO=_M=aW6X4A@mail.gmail.com>
Message-ID: <CACL_3VF=yW1D9MMMMAHtcQvANRpp0b_e3N41kTnO=_M=aW6X4A@mail.gmail.com>
To: Joseph Touch <touch@strayalpha.com>
Cc: TSVWG <tsvwg@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000a2e52405c873b394"
X-Pobox-Relay-ID: 1877099E-F257-11EB-90E3-FA9E2DDBB1FC-06080547!pb-smtp21.pobox.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/we5ZnbaS1rerw1Lf2p7X3RyZoVg>
Subject: Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-options-13.txt
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 31 Jul 2021 23:29:20 -0000
On Wed, Jul 7, 2021 at 10:25 PM Joseph Touch wrote: > Hi, Mike, > > On Jun 26, 2021, at 10:13 PM, C. M. Heard wrote: > > On Sat, Jun 19, 2021 at 12:39 AM Joseph Touch wrote: > >> Here’s a summary - I tried to catch both everything Mike provided >> feedback on as well as what I have proposed as a way forward. >> > > This is much appreciated, thank you. My item-by-item responses follow. > > > >> - OCS >> - Uses the standard 2-byte prefix (all but NOP and EOL do) >> - Added discussion of RFC 6935 regarding exception to requiring >> the UDP checksum and thus OCS >> - Allow OCS’s checksum to be precomputed, but still check in the >> order options occur >> - Occurs over the entire surplus area (doesn’t stop at EOL) >> >> OK on most points, but I strongly object to the following when OCS is > mandatory (as is the case when UDP CS <> 0): > > Note that a receiver can compute the OCS checksum before processing > any UDP options, but that computation would assume OCS is used and > would not be verified until the OCS option is interpreted. > > > If I perform the computation before processing any options, and OCS is > mandatory, it would be foolish of me to waste any more effort seeking the > OCS option in the TLV chain. I already know that the option area is > invalid, > > > How exactly do you know this? If OCS is mandatory, you need to find it > (seek it in the TLV chain) in order to know whether the value you compute > differs from the value in the option. > This last statement is not true, and I think it's important to clarify that fact. If OCS is mandatory (because UDP CS<>0), then I can determine whether the options area has an INVALID checksum by computing the 16-bit Internet checksum over the options area conceptually prepended by a 2-byte options area pseudo-header containing the options area length. If the result is not a 1s complement zero, then I KNOW that the option checksum is not valid. Full stop. Whether that is because the OCS TLV is absent or because it is present and has the wrong value makes no difference; the option checksum is not valid, and I do not need to parse a single TLV to determine that. I can immediately stop option processing and discard the contents of the option area. Performing the computation early just allows offloading if desired; the > value computed still needs to be checked. > If UDP CS <> 0 and the result of the above computation is a 1s complement zero, then strictly speaking I need to look for OCS when I am looping through the option TLVs: it is possible that there the options area by chance happens to have a zero checksum even though no OCS TLV is present. That is on the same level of probability as an undetected checksum error. Little would be lost by not checking for a required-but-not-present OCS TLV when the option checksum calculation yields zero. If you insist, I will make that check; but please don't tell me that I need to check the option area at all once I know, for sure, that the option checksum is invalid. If UCP CS=0, and the connection has been configured to accept such packets (default for IPv4, non-default for IPv6), and has also not been configured to require OCS (default by the current spec), then I do have to parse the option area whether or not the option checksum calculation described above returns a 1s complement zero. Whether this is wise from a safety perspective is debatable, but having been instructed by the user to do so, I will do as I am told. (I do have to say that I'm not convinced that the use cases where UDP CS=0 is acceptable (e.g., tunnels) will have much use for UDP options, especially in the legacy trailer format, but that's a debate for another thread). Mike Heard
- [tsvwg] I-D Action: draft-ietf-tsvwg-udp-options-… internet-drafts
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Joseph Touch
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Paul Vixie
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Joseph Touch
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Paul Vixie
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Jonathan Morton
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Joseph Touch
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… C. M. Heard
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Joseph Touch
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Joseph Touch
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Sebastian Moeller
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Joseph Touch
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… C. M. Heard
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… C. M. Heard
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Joseph Touch
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Joseph Touch
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Tom Herbert
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Joseph Touch
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Tom Herbert
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Joseph Touch
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Tom Herbert
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Joseph Touch
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Tom Herbert
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Joseph Touch
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… C. M. Heard
- Re: [tsvwg] I-D Action: draft-ietf-tsvwg-udp-opti… Joseph Touch