Internet Engineering Task Force Eddie Kohler INTERNET-DRAFT UCLA draft-kohler-tcpm-extopt-00.txt 19 September 2004 Expires: March 2005 Extended Option Space for TCP Status of this Memo This document is an Internet-Draft. By submitting this Internet-Draft, we certify that any applicable patent or other IPR claims of which we are aware have been disclosed, or will be disclosed, and any of which we become aware will be disclosed, in accordance with RFC 3668 (BCP 79). By submitting this Internet-Draft, we accept the provisions of Section 3 of RFC 3667 (BCP 78). Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than a "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/1id-abstracts.html The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html Copyright Notice Copyright (C) The Internet Society (2004). All Rights Reserved. Abstract This memo describes a reinterpretation of the TCP Data Offset field, affecting the previously illegal code points 0-4, that allows Kohler [Page 1] INTERNET-DRAFT Expires: March 2005 September 2004 endpoints to fit more than 40 bytes of option into TCP segments. Kohler [Page 2] INTERNET-DRAFT Expires: March 2005 September 2004 1. Introduction The TCP datagram format has space for up to 40 bytes of TCP options [RFC 793]. Although this is adequate in most cases, a combination of options such as TCP MD5 [RFC 2385], SACK (Selective Acknowledgement) [RFC 2018], and Timestamp [RFC 1323] will not fit in the currently available option space. In fact, SACK alone could take up more space than is available, given a sufficiently complex loss pattern. A mechanism supporting larger option space might support currently illegal option combinations, simplify the deployment of any future TCP options, and discourage kludges that try to fit too much data into too little option space. Further motivation and discussion TBA. The amount of space used for options is determined by the TCP header's 4-bit Data Offset field, or DO. This number equals the offset of application data relative to the start of the TCP header, measured in 32-bit words. The fixed portion of the TCP header is 20 bytes long, so 5 is the smallest legal value for DO; it indicates the absence of options. The largest possible value, 15, indicates a data offset of 60 bytes, and thus 40 bytes of option space. The values 0 through 4 are currently illegal. The proposed mechanism uses these code points to indicate extended option space, taking more than 40 bytes. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC 2119]. 2. Mechanism A TCP implementing this Internet-Draft MUST interpret the TCP header's DO field according to the following table. The intepretation of values 5-15 is identical to that of [RFC 793]. DO Data Offset Option Space Min. TCP Length -- ----------- ------------ --------------- 0 68 48 68 1 84 64 84 2 148 128 148 3 276 256 276 4 infinity whole packet 20 5-15 DO*4 (DO*4)-20 DO*4 A segment's TCP length MUST equal or exceed the Min. TCP Length value indicated by its DO field. A receiving TCP MUST ignore any segment that is too short. Kohler Section 2. [Page 3] INTERNET-DRAFT Expires: March 2005 September 2004 TCP segments with DO between 0 and 4 are called extended segments. 2.1. Requesting Extended Segments with SYN Extended segments MUST NOT be sent unless their use was approved during the TCP three-way handshake. Approval happens when an extended segment (here, the SYN) is acknowledged by another extended segment (the SYNACK). An endpoint performing active open indicates its desire to use extended segments by sending an extended SYN, that is, a SYN with DO < 5. If an extended SYNACK arrives in response, the endpoint will send an ACK and continue, using extended and nonextended segments as appropriate. If the connection attempt fails (through a timeout, ICMP destination unreachable, or received TCP RST), or the received SYNACK is not extended, the active endpoint MUST try again with a non-extended SYN. Unless the connection attempt failed through a RST, the active endpoint MUST clean up any remote state before retrying, by sending a RST and waiting at least a short interval (roughly 1 round-trip time, or 100 ms, if no RTT is available) to discourage packet reordering. A listening endpoint receiving an extended SYN MUST either respond with an extended SYNACK (to allow the use of extended segments), or reset the connection with a non-extended RST (to prevent their use). Requiring a full handshake to approve the use of extended segments has the side effect of ensuring that any middleboxes on both parts of the path can handle extended segments (or at least won't drop them). The procedures described in this section can delay connection establishment, or definitive connection refusal, by up to a SYN timeout (on the order of 3 seconds). 2.2. Requesting Extended Segments with SYNACK A passive, listening endpoint MAY also request the use of extended segments, by sending an extended SYNACK in response to a non- extended SYN. Approval is granted if the response ACK is extended. This procedure is riskier than requesting extended segments on the SYN, however. An active endpoint with a "legacy" implementation might reset the connection in response to the extended SYNACK, and not retry. Furthermore, a listening endpoint implementing this procedure must distinguish SYN transmissions from retransmissions, preventing the use of SYN cookies [SYNCOOKIES]. Kohler Section 2.2. [Page 4] INTERNET-DRAFT Expires: March 2005 September 2004 A listening endpoint receiving a non-extended SYN MAY respond with an extended SYNACK to request the use of extended segments. If an extended ACK arrives in response, the endpoint will continue using extended and nonextended segments as appropriate. If the extended SYNACK transmission fails (a timeout occurs, a retransmitted non- extended SYN is received, or a non-extended RST is received), it MUST try again with a non-extended SYNACK. If a non-extended ACK is received, it MUST send a non-extended SYNACK retransmission; the hope is that the active endpoint will use any options specified on the retransmission. An active-open endpoint that sent a non-extended SYN, but received an extended SYNACK, MUST either respond with an extended ACK (to allow the use of extended segments), or reset the connection with a non-extended RST (to prevent their use). 3. Stability Considerations Existing "legacy" TCP implementations -- both those in end hosts, and those in middleboxes such as firewalls -- clearly will not process extended segments according to this memo. On encountering an extended segment, legacy implementations might drop the segment as erroneous, act as if the segment had no options, reset the connection, or even conceivably crash. Even if endpoints were able to complete an extended-segment handshake, a path change (perhaps induced by mobility) might introduce a legacy middlebox into the connection, leading to possible connection reset. For these reasons, TCP connections SHOULD NOT use extended segments, or the extended segment handshake, unless it is considered required. APIs SHOULD let applications allow the use of extended segments; this API SHOULD be off by default. Legacy endpoints that treat extended segments as if they have DO 5 are particularly problematic. The risk is that any options on the packet, including the mandatory MSS option, will be ignored; and that any options on retransmitted SYN or SYNACK packets will likewise be ignored. This risk should be investigated further. Modern open-source operating systems, at least, appear to drop extended segments. 4. Security Considerations TCP implementations that follow this document will respond more slowly to some received RSTs, specifically those sent in response to extended SYNs and SYNACKs. Endpoints that implement the algorithm in Section 2.2 cannot use SYN cookies to protect against SYN-flood denial-of-service attacks. (Others?) Kohler Section 4. [Page 5] INTERNET-DRAFT Expires: March 2005 September 2004 5. Acknowledgements This mechanism was developed in conversation with Mark Allman, following conversation with Wes Eddy. Normative References [RFC 793] J. Postel, editor. Transmission Control Protocol. RFC 793. [RFC 2119] S. Bradner. Key Words For Use in RFCs to Indicate Requirement Levels. RFC 2119. Informative References [RFC 1323] V. Jacobson, R. Braden, and D. Borman. TCP Extensions for High Performance. RFC 1323, May 1992. [RFC 2018] M. Mathis, J. Mahdavi, S. Floyd, and A. Romanow. TCP Selective Acknowledgement Options. RFC 2018, October 1996. [RFC 2385] A. Heffernan. Protection of BGP Sessions via the TCP MD5 Signature Option. RFC 2385, August 1998. [RFC 3168] K.K. Ramakrishnan, S. Floyd, and D. Black. The Addition of Explicit Congestion Notification (ECN) to IP. RFC 3168. [RFC 3360] S. Floyd. Inappropriate TCP Resets Considered Harmful. RFC 3360. [RFC 3517] E. Blanton, M. Allman, K. Fall, and L. Wang. A Conservative Selective Acknowledgment (SACK)-based Loss Recovery Algorithm for TCP. RFC 3517. [SB00] Alex C. Snoeren and Hari Balakrishnan. An End-to-End Approach to Host Mobility. Proc. 6th Annual ACM/IEEE International Conference on Mobile Computing and Networking (MOBICOM '00), August 2000. [SYNCOOKIES] Daniel J. Bernstein. SYN Cookies. http://cr.yp.to/syncookies.html, as of July 2003. Authors' Addresses Kohler [Page 6] INTERNET-DRAFT Expires: March 2005 September 2004 Eddie Kohler 4531C Boelter Hall UCLA Computer Science Department Los Angeles, CA 90095 USA Full Copyright Statement Copyright (C) The Internet Society 2004. This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Intellectual Property The IETF has been notified of intellectual property rights claimed in regard to some or all of the specification contained in this document. For more information consult the online list of claimed rights. The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf- Kohler [Page 7] INTERNET-DRAFT Expires: March 2005 September 2004 ipr@ietf.org. Kohler [Page 8]