draft-ietf-tcpm-converters-16.txt   draft-ietf-tcpm-converters-17.txt 
TCPM Working Group O. Bonaventure, Ed. TCPM Working Group O. Bonaventure, Ed.
Internet-Draft Tessares Internet-Draft Tessares
Intended status: Experimental M. Boucadair, Ed. Intended status: Experimental M. Boucadair, Ed.
Expires: August 16, 2020 Orange Expires: August 31, 2020 Orange
S. Gundavelli S. Gundavelli
Cisco Cisco
S. Seo S. Seo
Korea Telecom Korea Telecom
B. Hesmans B. Hesmans
Tessares Tessares
February 13, 2020 February 28, 2020
0-RTT TCP Convert Protocol 0-RTT TCP Convert Protocol
draft-ietf-tcpm-converters-16 draft-ietf-tcpm-converters-17
Abstract Abstract
This document specifies an application proxy, called Transport This document specifies an application proxy, called Transport
Converter, to assist the deployment of TCP extensions such as Converter, to assist the deployment of TCP extensions such as
Multipath TCP. A Transport Converter may provide conversion service Multipath TCP. A Transport Converter may provide conversion service
for one or more TCP extensions. The conversion service is provided for one or more TCP extensions. The conversion service is provided
by means of the TCP Convert Protocol (Convert). by means of the TCP Convert Protocol (Convert).
This protocol provides 0-RTT (Zero Round-Trip Time) conversion This protocol provides 0-RTT (Zero Round-Trip Time) conversion
skipping to change at page 1, line 49 skipping to change at page 1, line 49
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on August 16, 2020. This Internet-Draft will expire on August 31, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 39 skipping to change at page 2, line 39
4.2. Theory of Operation . . . . . . . . . . . . . . . . . . . 11 4.2. Theory of Operation . . . . . . . . . . . . . . . . . . . 11
4.3. Data Processing at the Transport Converter . . . . . . . 14 4.3. Data Processing at the Transport Converter . . . . . . . 14
4.4. Address Preservation vs. Address Sharing . . . . . . . . 16 4.4. Address Preservation vs. Address Sharing . . . . . . . . 16
4.4.1. Address Preservation . . . . . . . . . . . . . . . . 16 4.4.1. Address Preservation . . . . . . . . . . . . . . . . 16
4.4.2. Address/Prefix Sharing . . . . . . . . . . . . . . . 17 4.4.2. Address/Prefix Sharing . . . . . . . . . . . . . . . 17
5. Sample Examples . . . . . . . . . . . . . . . . . . . . . . . 18 5. Sample Examples . . . . . . . . . . . . . . . . . . . . . . . 18
5.1. Outgoing Converter-Assisted Multipath TCP Connections . . 18 5.1. Outgoing Converter-Assisted Multipath TCP Connections . . 18
5.2. Incoming Converter-Assisted Multipath TCP Connection . . 20 5.2. Incoming Converter-Assisted Multipath TCP Connection . . 20
6. The Convert Protocol (Convert) . . . . . . . . . . . . . . . 21 6. The Convert Protocol (Convert) . . . . . . . . . . . . . . . 21
6.1. The Convert Fixed Header . . . . . . . . . . . . . . . . 22 6.1. The Convert Fixed Header . . . . . . . . . . . . . . . . 22
6.2. Convert TLVs . . . . . . . . . . . . . . . . . . . . . . 22 6.2. Convert TLVs . . . . . . . . . . . . . . . . . . . . . . 23
6.2.1. Generic Convert TLV Format . . . . . . . . . . . . . 22 6.2.1. Generic Convert TLV Format . . . . . . . . . . . . . 23
6.2.2. Summary of Supported Convert TLVs . . . . . . . . . . 23 6.2.2. Summary of Supported Convert TLVs . . . . . . . . . . 23
6.2.3. The Info TLV . . . . . . . . . . . . . . . . . . . . 24 6.2.3. The Info TLV . . . . . . . . . . . . . . . . . . . . 24
6.2.4. Supported TCP Extensions TLV . . . . . . . . . . . . 24 6.2.4. Supported TCP Extensions TLV . . . . . . . . . . . . 25
6.2.5. Connect TLV . . . . . . . . . . . . . . . . . . . . . 25 6.2.5. Connect TLV . . . . . . . . . . . . . . . . . . . . . 25
6.2.6. Extended TCP Header TLV . . . . . . . . . . . . . . . 28 6.2.6. Extended TCP Header TLV . . . . . . . . . . . . . . . 28
6.2.7. The Cookie TLV . . . . . . . . . . . . . . . . . . . 28 6.2.7. The Cookie TLV . . . . . . . . . . . . . . . . . . . 29
6.2.8. Error TLV . . . . . . . . . . . . . . . . . . . . . . 29 6.2.8. Error TLV . . . . . . . . . . . . . . . . . . . . . . 30
7. Compatibility of Specific TCP Options with the Conversion 7. Compatibility of Specific TCP Options with the Conversion
Service . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 Service . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
7.1. Base TCP Options . . . . . . . . . . . . . . . . . . . . 32 7.1. Base TCP Options . . . . . . . . . . . . . . . . . . . . 33
7.2. Window Scale (WS) . . . . . . . . . . . . . . . . . . . . 33 7.2. Window Scale (WS) . . . . . . . . . . . . . . . . . . . . 33
7.3. Selective Acknowledgments . . . . . . . . . . . . . . . . 33 7.3. Selective Acknowledgments . . . . . . . . . . . . . . . . 34
7.4. Timestamp . . . . . . . . . . . . . . . . . . . . . . . . 34 7.4. Timestamp . . . . . . . . . . . . . . . . . . . . . . . . 34
7.5. Multipath TCP . . . . . . . . . . . . . . . . . . . . . . 34 7.5. Multipath TCP . . . . . . . . . . . . . . . . . . . . . . 35
7.6. TCP Fast Open . . . . . . . . . . . . . . . . . . . . . . 34 7.6. TCP Fast Open . . . . . . . . . . . . . . . . . . . . . . 35
7.7. TCP-AO . . . . . . . . . . . . . . . . . . . . . . . . . 35 7.7. TCP-AO . . . . . . . . . . . . . . . . . . . . . . . . . 36
8. Interactions with Middleboxes . . . . . . . . . . . . . . . . 35 8. Interactions with Middleboxes . . . . . . . . . . . . . . . . 36
9. Security Considerations . . . . . . . . . . . . . . . . . . . 36 9. Security Considerations . . . . . . . . . . . . . . . . . . . 37
9.1. Privacy & Ingress Filtering . . . . . . . . . . . . . . . 36 9.1. Privacy & Ingress Filtering . . . . . . . . . . . . . . . 37
9.2. Authorization . . . . . . . . . . . . . . . . . . . . . . 37 9.2. Authorization . . . . . . . . . . . . . . . . . . . . . . 37
9.3. Denial of Service . . . . . . . . . . . . . . . . . . . . 38 9.3. Denial of Service . . . . . . . . . . . . . . . . . . . . 38
9.4. Traffic Theft . . . . . . . . . . . . . . . . . . . . . . 38 9.4. Traffic Theft . . . . . . . . . . . . . . . . . . . . . . 39
9.5. Authentication Considerations . . . . . . . . . . . . . . 38 9.5. Authentication Considerations . . . . . . . . . . . . . . 39
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 39 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 40
10.1. Convert Service Name . . . . . . . . . . . . . . . . . . 39 10.1. Convert Service Name . . . . . . . . . . . . . . . . . . 40
10.2. The Convert Protocol (Convert) Parameters . . . . . . . 39 10.2. The Convert Protocol (Convert) Parameters . . . . . . . 40
10.2.1. Convert Versions . . . . . . . . . . . . . . . . . . 40 10.2.1. Convert Versions . . . . . . . . . . . . . . . . . . 41
10.2.2. Convert TLVs . . . . . . . . . . . . . . . . . . . . 40 10.2.2. Convert TLVs . . . . . . . . . . . . . . . . . . . . 41
10.2.3. Convert Error Messages . . . . . . . . . . . . . . . 41 10.2.3. Convert Error Messages . . . . . . . . . . . . . . . 42
11. References . . . . . . . . . . . . . . . . . . . . . . . . . 42 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 43
11.1. Normative References . . . . . . . . . . . . . . . . . . 42 11.1. Normative References . . . . . . . . . . . . . . . . . . 43
11.2. Informative References . . . . . . . . . . . . . . . . . 44 11.2. Informative References . . . . . . . . . . . . . . . . . 44
Appendix A. Example Socket API Changes to Support the 0-RTT Appendix A. Example Socket API Changes to Support the 0-RTT
Convert Protocol . . . . . . . . . . . . . . . . . . 47 Convert Protocol . . . . . . . . . . . . . . . . . . 47
A.1. Active Open (Client Side) . . . . . . . . . . . . . . . . 47 A.1. Active Open (Client Side) . . . . . . . . . . . . . . . . 47
A.2. Passive Open (Converter Side) . . . . . . . . . . . . . . 47 A.2. Passive Open (Converter Side) . . . . . . . . . . . . . . 48
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 48 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 49
Contributors . . . . . . . . . . . . . . . . . . . . . . . . . . 49 Contributors . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Change Log . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 Change Log . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 52 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 53
1. Introduction 1. Introduction
1.1. The Problem 1.1. The Problem
Transport protocols like TCP evolve regularly [RFC7414]. TCP has Transport protocols like TCP evolve regularly [RFC7414]. TCP has
been improved in different ways. Some improvements such as changing been improved in different ways. Some improvements such as changing
the initial window size [RFC6928] or modifying the congestion control the initial window size [RFC6928] or modifying the congestion control
scheme can be applied independently on clients and servers. Other scheme can be applied independently on clients and servers. Other
improvements such as Selective Acknowledgments [RFC2018] or large improvements such as Selective Acknowledgments [RFC2018] or large
skipping to change at page 12, line 10 skipping to change at page 12, line 10
maintains two connections that are combined together: maintains two connections that are combined together:
o the upstream connection is the one between the Client and the o the upstream connection is the one between the Client and the
Transport Converter. Transport Converter.
o the downstream connection is the one between the Transport o the downstream connection is the one between the Transport
Converter and the Server. Converter and the Server.
Any user data received by the Transport Converter over the upstream Any user data received by the Transport Converter over the upstream
(or downstream) connection is proxied over the downstream (or (or downstream) connection is proxied over the downstream (or
upstream) connection. In particular, if the initial SYN message upstream) connection.
contains user data in its payload (e.g., [RFC7413]), that data MUST
be placed right after the Convert TLVs when generating the SYN.
Figure 5 illustrates the establishment of an outgoing TCP connection Figure 5 illustrates the establishment of an outgoing TCP connection
by a Client through a Transport Converter. by a Client through a Transport Converter.
o Note: The information shown between brackets in Figure 5 (and o Note: The information shown between brackets in Figure 5 (and
other figures in the document) refers to Convert Protocol messages other figures in the document) refers to Convert Protocol messages
described in Section 6. described in Section 6.
Transport Transport
Client Converter Server Client Converter Server
skipping to change at page 14, line 16 skipping to change at page 14, line 14
Fast Open option without consuming space in the TCP header. Fast Open option without consuming space in the TCP header.
Furthermore, this design allows for the use of longer cookies than Furthermore, this design allows for the use of longer cookies than
[RFC7413]. [RFC7413].
If the downstream (or upstream) connection fails for some reason If the downstream (or upstream) connection fails for some reason
(excessive retransmissions, reception of an RST segment, etc.), then (excessive retransmissions, reception of an RST segment, etc.), then
the Converter reacts by forcing the tear-down of the upstream (or the Converter reacts by forcing the tear-down of the upstream (or
downstream) connection. downstream) connection.
The same reasoning applies when the upstream connection ends with an The same reasoning applies when the upstream connection ends with an
exchange of FIN packets. In this case, the Converter should also exchange of FIN packets. In this case, the Converter will also
terminate the downstream connection by using FIN packets. If the terminate the downstream connection by using FIN packets. If the
downstream connection terminates with the exchange of FIN packets, downstream connection terminates with the exchange of FIN packets,
the Converter should initiate a graceful termination of the upstream the Converter should initiate a graceful termination of the upstream
connection. connection.
4.3. Data Processing at the Transport Converter 4.3. Data Processing at the Transport Converter
As mentioned in Section 4.2, the Transport Converter acts as a TCP As mentioned in Section 4.2, the Transport Converter acts as a TCP
proxy between the upstream connection (i.e., between the Client and proxy between the upstream connection (i.e., between the Client and
the Transport Converter) and the downstream connection (i.e., between the Transport Converter) and the downstream connection (i.e., between
skipping to change at page 21, line 32 skipping to change at page 21, line 32
separate document. separate document.
6. The Convert Protocol (Convert) 6. The Convert Protocol (Convert)
This section defines the Convert Protocol (Convert, for short) This section defines the Convert Protocol (Convert, for short)
messages that are exchanged between a Client and a Transport messages that are exchanged between a Client and a Transport
Converter. Converter.
The Transport Converter listens on a dedicated TCP port number for The Transport Converter listens on a dedicated TCP port number for
Convert messages from Clients. That port number is configured by an Convert messages from Clients. That port number is configured by an
administrator. administrator. Absent any policy, the Transport Converter SHOULD
silently ignore SYNs with no Convert TLVs.
Convert messages may appear only in a SYN, SYN+ACK, or in an ACK that
is sent shortly after the SYN+ACK.
Convert messages MUST be included as the first bytes of the Convert messages MUST be included as the first bytes of the
bytestream. All Convert messages starts with a 32 bits long fixed bytestream. All Convert messages starts with a 32 bits long fixed
header (Section 6.1) followed by one or more Convert TLVs (Type, header (Section 6.1) followed by one or more Convert TLVs (Type,
Length, Value) (Section 6.2). Length, Value) (Section 6.2).
If the initial SYN message contains user data in its payload (e.g.,
[RFC7413]), that data MUST be placed right after the Convert TLVs
when generating the SYN.
o Implementation note 1: Several implementers expressed concerns o Implementation note 1: Several implementers expressed concerns
about the use of TFO. As a reminder, the TFO Cookie protects from about the use of TFO. As a reminder, the TFO Cookie protects from
some attack scenarios that affect open servers like web servers. some attack scenarios that affect open servers like web servers.
The Convert Protocol is different and, as discussed in RFC7413, The Convert Protocol is different and, as discussed in RFC7413,
there are different ways to protect from such attacks. Instead of there are different ways to protect from such attacks. Instead of
using a TFO cookie inside the TCP options, which consumes precious using a TFO cookie inside the TCP options, which consumes precious
space in the extended TCP header, the Convert Protocol supports space in the extended TCP header, the Convert Protocol supports
the utilization of a Cookie that is placed in the SYN payload. the utilization of a Cookie that is placed in the SYN payload.
This provides the same level of protection as a TFO Cookie in This provides the same level of protection as a TFO Cookie in
environments were such protection is required. environments were such protection is required.
skipping to change at page 24, line 5 skipping to change at page 24, line 23
| 30 | 0x1E| Variable | Error TLV | | 30 | 0x1E| Variable | Error TLV |
+------+-----+----------+------------------------------------------+ +------+-----+----------+------------------------------------------+
Figure 15: The TLVs used by the Convert Protocol Figure 15: The TLVs used by the Convert Protocol
Type 0x0 is a reserved value. If a Client receives a TLV of type Type 0x0 is a reserved value. If a Client receives a TLV of type
0x0, it MUST reset the associated TCP connection. If a Converter 0x0, it MUST reset the associated TCP connection. If a Converter
receives a TLV of type 0x0, it MUST return an Unsupported Message receives a TLV of type 0x0, it MUST return an Unsupported Message
Error TLV and close the associated TCP connection. Error TLV and close the associated TCP connection.
Implementations MUST reset the connection upon reception of messages
with such TLV.
The Client typically sends in the first connection it established The Client typically sends in the first connection it established
with a Transport Converter the Info TLV (Section 6.2.3) to learn its with a Transport Converter the Info TLV (Section 6.2.3) to learn its
capabilities. Assuming the Client is authorized to invoke the capabilities. Assuming the Client is authorized to invoke the
Transport Converter, the latter replies with the Supported TCP Transport Converter, the latter replies with the Supported TCP
Extensions TLV (Section 6.2.4). Extensions TLV (Section 6.2.4).
The Client can request the establishment of connections to servers by The Client can request the establishment of connections to servers by
using the Connect TLV (Section 6.2.5). If the connection can be using the Connect TLV (Section 6.2.5). If the connection can be
established with the final server, the Transport Converter replies established with the final server, the Transport Converter replies
with the Extended TCP Header TLV (Section 6.2.6). If not, the with the Extended TCP Header TLV (Section 6.2.6). If not, the
Transport Converter returns an Error TLV (Section 6.2.8) and then Transport Converter MUST return an Error TLV (Section 6.2.8) and then
closes the connection. The Transport Converter MUST NOT send a RST closes the connection. The Transport Converter MUST NOT send an RST
immediately after the detection of an error to let the Error TLV immediately after the detection of an error to let the Error TLV
reach the Client. As explained later, the Client will anyway send a reach the Client. As explained later, the Client will anyway send an
RST upon reception of the Error TLV. RST upon reception of the Error TLV.
When an error is encountered an Error TLV with the appropriate error
code MUST be returned by the Transport Converter.
6.2.3. The Info TLV 6.2.3. The Info TLV
The Info TLV (Figure 16) is an optional TLV which can be sent by a The Info TLV (Figure 16) is an optional TLV which can be sent by a
Client to request the TCP extensions that are supported by a Client to request the TCP extensions that are supported by a
Transport Converter. It is typically sent on the first connection Transport Converter. It is typically sent on the first connection
that a Client establishes with a Transport Converter to learn its that a Client establishes with a Transport Converter to learn its
capabilities. Assuming a Client is entitled to invoke the Transport capabilities. Assuming a Client is entitled to invoke the Transport
Converter, the latter replies with the Supported TCP Extensions TLV Converter, the latter replies with the Supported TCP Extensions TLV
described in Section 6.2.4. described in Section 6.2.4.
skipping to change at page 27, line 38 skipping to change at page 28, line 18
If the above check succeeded and absent any rate limit policy or If the above check succeeded and absent any rate limit policy or
resource exhaustion conditions, a Transport Converter MUST attempt to resource exhaustion conditions, a Transport Converter MUST attempt to
establish a connection to the address and port that it contains. It establish a connection to the address and port that it contains. It
MUST include in the SYN that it sends to the Server the options MUST include in the SYN that it sends to the Server the options
listed in the 'TCP Options' sub-field and the TCP options that it listed in the 'TCP Options' sub-field and the TCP options that it
would have used according to its local policies. For the TCP options would have used according to its local policies. For the TCP options
that are included in the TCP Options field without an optional value, that are included in the TCP Options field without an optional value,
the Transport Converter MUST generate its own value. For the TCP the Transport Converter MUST generate its own value. For the TCP
options that are included in the 'TCP Options' field with an optional options that are included in the 'TCP Options' field with an optional
value, it MUST copy the entire option in the SYN sent to the remote value, it MUST copy the entire option in the SYN sent to the remote
server. This feature is required to support TCP Fast Open. See server. This procedure is designed with TFO in mind. Particularly,
Section 7 for a detailed discussion of the different types of TCP this procedure allows to successfully exchange a TFO Cookie between
options. the client and the server. See Section 7 for a detailed discussion
of the different types of TCP options.
The Transport Converter may refuse a Connect TLV request for various The Transport Converter may refuse a Connect TLV request for various
reasons (e.g., authorization failed, out of resources, invalid reasons (e.g., authorization failed, out of resources, invalid
address type, unsupported TCP option). An error message indicating address type, unsupported TCP option). An error message indicating
the encountered error is returned to the requesting Client the encountered error is returned to the requesting Client
(Section 6.2.8). In order to prevent denial-of-service attacks, (Section 6.2.8). In order to prevent denial-of-service attacks,
error messages sent to a Client SHOULD be rate-limited. error messages sent to a Client SHOULD be rate-limited.
6.2.6. Extended TCP Header TLV 6.2.6. Extended TCP Header TLV
skipping to change at page 29, line 4 skipping to change at page 29, line 30
Cookie TLV MUST verify the presence of this TLV in the payload of the Cookie TLV MUST verify the presence of this TLV in the payload of the
received SYN. If this TLV is present, the Transport Converter MUST received SYN. If this TLV is present, the Transport Converter MUST
validate the Cookie by means similar to those in Section 4.1.2 of validate the Cookie by means similar to those in Section 4.1.2 of
[RFC7413] (i.e., IsCookieValid). If the Cookie is valid, the [RFC7413] (i.e., IsCookieValid). If the Cookie is valid, the
connection establishment procedure can continue. Otherwise, the connection establishment procedure can continue. Otherwise, the
Transport Converter MUST return an Error TLV set to "Not Authorized" Transport Converter MUST return an Error TLV set to "Not Authorized"
and close the connection. and close the connection.
If the received SYN did not contain a Cookie TLV, and cookie If the received SYN did not contain a Cookie TLV, and cookie
validation is required, the Transport Converter MAY compute a Cookie validation is required, the Transport Converter MAY compute a Cookie
bound to this Client address and return a Convert message containing bound to this Client address. In such case, the Transport Converter
the fixed header, an Error TLV set to "Missing Cookie" and the MUST return an Error TLV set to "Missing Cookie" and the computed
computed Cookie and close the connection. The Client will react to Cookie and close the connection. The Client will react to this error
this error by first issuing a reset to terminate the connection. It by first issuing a reset to terminate the connection. It also stores
also stores the received Cookie in its cache and attempts to the received Cookie in its cache and attempts to reestablish a new
reestablish a new connection to the Transport Converter that includes connection to the Transport Converter that includes the Cookie TLV.
the Cookie TLV.
The format of the Cookie TLV is shown in Figure 22. The format of the Cookie TLV is shown in Figure 22.
1 2 3 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+---------------+---------------+-------------------------------+ +---------------+---------------+-------------------------------+
| Type=0x16 | Length | Zero | | Type=0x16 | Length | Zero |
+---------------+---------------+-------------------------------+ +---------------+---------------+-------------------------------+
/ Opaque Cookie / / Opaque Cookie /
/ ... / / ... /
skipping to change at page 29, line 32 skipping to change at page 30, line 12
Figure 22: The Cookie TLV Figure 22: The Cookie TLV
6.2.8. Error TLV 6.2.8. Error TLV
The Error TLV (Figure 23) is meant to provide information about some The Error TLV (Figure 23) is meant to provide information about some
errors that occurred during the processing of a Convert message. errors that occurred during the processing of a Convert message.
This TLV has a variable length. Upon reception of an Error TLV, a This TLV has a variable length. Upon reception of an Error TLV, a
Client MUST reset the associated connection. Client MUST reset the associated connection.
An Error TLV can be included in the SYN+ACK or an ACK sent shortly
after the SYN+ACK.
1 2 3 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+---------------+---------------+----------------+--------------+ +---------------+---------------+----------------+--------------+
| Type=0x1E | Length | Error Code | Value | | Type=0x1E | Length | Error Code | Value |
+---------------+---------------+----------------+--------------+ +---------------+---------------+----------------+--------------+
// ... (optional) Value // // ... (optional) Value //
+---------------------------------------------------------------+ +---------------------------------------------------------------+
Figure 23: The Error TLV Figure 23: The Error TLV
skipping to change at page 31, line 12 skipping to change at page 31, line 38
o Unsupported Message (2): This error code is sent to indicate that o Unsupported Message (2): This error code is sent to indicate that
a message type received from a Client is not supported. a message type received from a Client is not supported.
To ease troubleshooting, the value field MUST echo the received To ease troubleshooting, the value field MUST echo the received
message shifted by one byte to keep to original alignment of the message shifted by one byte to keep to original alignment of the
message. message.
o Missing Cookie (3): If a Transport Converter requires the o Missing Cookie (3): If a Transport Converter requires the
utilization of Cookies to prevent spoofing attacks and a Cookie utilization of Cookies to prevent spoofing attacks and a Cookie
TLV was not included in the Convert message, the Transport TLV was not included in the Convert message, the Transport
Converter MUST return this error to the requesting client. The Converter MUST return this error to the requesting client only if
first byte of the value field MUST be set to zero and the it computes a cookie for this client. The first byte of the value
remaining bytes of the Error TLV contain the Cookie computed by field MUST be set to zero and the remaining bytes of the Error TLV
the Transport Converter for this Client. contain the Cookie computed by the Transport Converter for this
Client.
A Client which receives this error code SHOULD cache the received A Client which receives this error code SHOULD cache the received
Cookie and include it in subsequent Convert messages sent to that Cookie and include it in subsequent Convert messages sent to that
Transport Converter. Transport Converter.
o Not Authorized (32): This error code indicates that the Transport o Not Authorized (32): This error code indicates that the Transport
Converter refused to create a connection because of a lack of Converter refused to create a connection because of a lack of
authorization (e.g., administratively prohibited, authorization authorization (e.g., administratively prohibited, authorization
failure, invalid Cookie TLV, etc.). The Value field MUST be set failure, invalid Cookie TLV, etc.). The Value field MUST be set
to zero. to zero.
skipping to change at page 36, line 9 skipping to change at page 36, line 41
section describes how a Client can detect middlebox interference and section describes how a Client can detect middlebox interference and
stop using the Transport Converter affected by this interference. stop using the Transport Converter affected by this interference.
Internet measurements [IMC11] have shown that middleboxes can affect Internet measurements [IMC11] have shown that middleboxes can affect
the deployment of TCP extensions. In this section, we focus the the deployment of TCP extensions. In this section, we focus the
middleboxes that modify the payload since the Convert Protocol places middleboxes that modify the payload since the Convert Protocol places
its messages at the beginning of the bytestream. its messages at the beginning of the bytestream.
Consider a middlebox that removes the SYN payload. The Client can Consider a middlebox that removes the SYN payload. The Client can
detect this problem by looking at the acknowledgment number field of detect this problem by looking at the acknowledgment number field of
the SYN+ACK returned by the Transport Converter. The Client MUST the SYN+ACK if returned by the Transport Converter. The Client MUST
stop to use this Transport Converter given the middlebox stop to use this Transport Converter given the middlebox
interference. interference.
Consider now a middlebox that drops SYN/ACKs with a payload. The Consider now a middlebox that drops SYN/ACKs with a payload. The
Client won't be able to establish a connection via the Transport Client won't be able to establish a connection via the Transport
Converter. The case of a middlebox that removes the payload of Converter. The case of a middlebox that removes the payload of
SYN+ACKs or from the packet that follows the SYN+ACK (but not the SYN+ACKs or from the packet that follows the SYN+ACK (but not the
payload of SYN) can be detected by a Client. This is hinted by the payload of SYN) can be detected by a Client. This is hinted by the
absence of a valid Convert message in the response. absence of a valid Convert message in the response.
 End of changes. 25 change blocks. 
62 lines changed or deleted 66 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/