From 85a58f11dd1d98d6795a21b847bead780ae917ad Mon Sep 17 00:00:00 2001 From: Martin Thomson Date: Tue, 9 Jun 2020 18:05:45 +1000 Subject: [PATCH 1/2] ECN validation nits Taking Gorry's suggestions here. Closes #3734. --- draft-ietf-quic-transport.md | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index 35c5ac407b..14e99d42e5 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -3717,9 +3717,10 @@ subsequent ACK frames; see {{generating-acks}} and {{frame-ack}}. Note that this requires being able to read the ECN codepoints from the enclosing IP packet, which is not possible on all platforms. -A packet detected by a receiver as a duplicate does not affect the receiver's -local ECN codepoint counts; see ({{security-ecn}}) for relevant security -concerns. +An IP packet that results in no QUIC packets being processed does not increase +ECN counts. A packet detected by a receiver as a duplicate does not affect the +receiver's local ECN codepoint counts; see {{security-ecn}} for relevant +security concerns. If an endpoint receives a QUIC packet without an ECT or CE codepoint in the IP packet header, it responds per {{generating-acks}} with an ACK frame without @@ -3728,7 +3729,7 @@ support or does not have access to received ECN codepoints, it does not increase ECN counts. Coalesced packets (see {{packet-coalesce}}) mean that several packets can share -the same IP header. The ECN counter for the ECN codepoint received in the +the same IP header. The ECN counts for the ECN codepoint received in the associated IP header are incremented once for each QUIC packet, not per enclosing IP packet or UDP datagram. @@ -3773,10 +3774,10 @@ faulty network element, an endpoint could set the ECT(0) codepoint in the first ten outgoing packets on a path, or for a period of three RTTs, whichever occurs first. -Implementations MAY experiment with and use other strategies for use of ECN. Other methods of probing paths for ECN support are possible, as are different -marking strategies. Implementations can also use the ECT(1) codepoint, as -specified in {{?RFC8311}}. +marking strategies. Implementations MAY use other methods defined in RFCs; see +{{?RFC8311}}. Implementations that use the ECT(1) codepoint need to perform ECN +validation using ECT(1) counts. #### Receiving ACK Frames {#ecn-ack} From ac51483450b4c8824ebfe534487d129470ce0fce Mon Sep 17 00:00:00 2001 From: Martin Thomson Date: Wed, 10 Jun 2020 08:20:10 +1000 Subject: [PATCH 2/2] QUIC packets Co-authored-by: Jana Iyengar --- draft-ietf-quic-transport.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index 14e99d42e5..05085426a6 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -3718,9 +3718,9 @@ this requires being able to read the ECN codepoints from the enclosing IP packet, which is not possible on all platforms. An IP packet that results in no QUIC packets being processed does not increase -ECN counts. A packet detected by a receiver as a duplicate does not affect the -receiver's local ECN codepoint counts; see {{security-ecn}} for relevant -security concerns. +ECN counts. A QUIC packet detected by a receiver as a duplicate does not +affect the receiver's local ECN codepoint counts; see {{security-ecn}} for +relevant security concerns. If an endpoint receives a QUIC packet without an ECT or CE codepoint in the IP packet header, it responds per {{generating-acks}} with an ACK frame without