Re: draft-ietf-dccp-udpencap-03 - 6-tuple

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Gorry, looks good!  Only nits:

On 2/10/11 1:58 AM, Gorry Fairhurst wrote:
A DCCP-UDP endpoint MAY use any UDP port number, providing the active
endpoint knows a valid UDP Destination Port on the passive endpoint.

By default, a DCCP-UDP client sets the destination port
to the default port number. UDP port number XXX IANA PORT XXX has
been registered with IANA for this purpose. A client SHOULD set
source port to a number that is unique for this DCCP connection.

"valid UDP Destination Port" is weird; it must be a valid **DCCP**-UDP Destination Port.

How about:

A DCCP-UDP server listens for connections on one or more UDP ports. A DCCP-UDP client provides UDP source and destination ports as well as DCCP source and destination ports at connection initiation time. UDP port number XXX IANA PORT XXX has been reserved as the default listening UDP port for DCCP-UDP connections.

Then add "A client SHOULD ensure that each DCCP connection maps to a single UDP connection by setting the UDP Source Port."

Choosing distinct source UDP ports for distinct DCCP connections
ensures that UDP-based flow identifiers differ whenever
DCCP-based flow identifiers differ. Specifically, two connections
with different <source address, source DCCP port, destination
address, destination DCCP port> 4-tuples will have different

^^^^^^^^ s/will/SHOULD/

<source address, source UDP port, destination address,
destination UDP port> 4-tuples.

A DCCP-UDP server (that is, an initially passive endpoint that wishes
to receive DCCP-Request packets [RFC4340] over DCCP-UDP) binds a UDP
port number for all encapsulated DCCP connections. If the DCCP-UDP
server binds to this default port reserved for the DCCP-UDP service,
it SHOULD accept datagrams from any UDP source port.

It SHOULD do this anyway, since we recommend that clients change their source ports. Suggest this sentence be revised to "A DCCP-UDP server SHOULD accept datagrams from any UDP source port.", and delete the following sentence.

For example,
this would be needed if a NAPT along the path had translated the
original UDP source port.

There is a risk that the same DCCP source port number could be used
by two endpoints each behind a NAPT. A DCCP-UDP server MUST
therefore demultiplex a DCCP-UDP flow using both the UDP source and
destination port numbers and the encapsulated DCCP ports.

A DCCP-Server MUST ensure than an active DCCP connection
is uniquely identified by the 6-tuple <source address,
UDP Source Port, DCCP Source Port, destination address,
UDP Destination Port, DCCP Destination Port>.

The demultiplexing at a DCCP-UDP endpoint occurs in two stages:

1) In the first stage DCCP-UDP packets are demultiplexed
using the 4-tuple, <source address, UDP Source Port,
DCCP Source Port, destination address, UDP Destination Port>.

^^^^^^^^^^ Pasi caught this bug


2) In the second stage, a receiving endpoint MUST ensure
that two independent DCCP connections that were
multiplexed to the
same 4-tuple are not associated with the same connection
in the DCCP module. The endpoint therefore needs to keep
state for the set of active DCCP-UDP endpoints using each
4-tuple. This may be achieved in one of two ways:

^^^^^^^^ "4-tuple" is sort of ambiguous since you used it above. Prefer, perhaps, "UDP connection" to "4-tuple"?

A) A DCCP server MAY accept only one
active 6-tuple at any one time for a given 4-tuple. In this
case, DCCP-UDP packets that do not match an active
6-tuple MUST NOT be passed to the DCCP Module and the DCCP
Server SHOULD send a DCCP-Reset
with the reason "encapsulated port reuse". An endpoint that

^^^^^^^^^^^ IANA will need to allocate this Reset Reason (I see you have this below, but probably we will need a new section as well to describe the Reset Reason; see RFC4340)

receives a DCCP-Reset with this reason MAY immediately try
again using a different 4-tuple.

This provides protection should the same 4-tuple be
re-used by multiple DCCP connections, ensuring that
only one DCCP connection is established at one time.

B) A DCCP-SERVER MAY support multiple DCCP connections over
the same UDP 4-tuple. If supported, the endpoint MUST
then associate each 6-tuple with a single connection.
If an endpoint is unable to demultiplex the 6-tuple (e.g.
due to internal resources limits), it MUST NOR pass

^^^^^^^^^ resource limits (not resources)
MUST NOT not MUST NOR
"DCCP server" not "DCCP-SERVER"


DCCP-UDP packets that do not match an active
6-tuple to the DCCP Module. The DCCP

^^^^^^^^^ lc "Module", or say "endpoint"

Eddie

endpoint MAY send a DCCP-Reset
with the reason "encapsulated port reuse"
indicating the connection may be retried using a
different 4-tuple.


---

This document requests IANA to assign a new Reset Reason "encapsulated port
reuse". etc.

---





[Index of Archives]     [Linux Kernel Development]     [Linux DCCP]     [IETF Annouce]     [Linux Networking]     [Git]     [Security]     [Linux Assembly]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [DDR & Rambus]

  Powered by Linux