--- Begin Message ---
And some initial discussions which aren't yet reflected on the mailing list:

-----Original Message-----
From: Scheffenegger, Richard 
Sent: Freitag, 18. August 2023 14:01
To: Francois-Xavier Le Bail <devel.fx.leb...@orange.fr>; 
Cc: Denis Ovsienko <de...@ovsienko.info>; Guy Harris <ghar...@sonic.net>; 
jyo...@gsu.edu; Casper Andersson <casper.ca...@gmail.com>; Eamon Doyle 
<eamo...@arista.com>; Jonas Chianu <jchi...@onx-jchianu-02.ciena.com>; Jesse 
Rosenstock <j...@google.com>; Michael Richardson <m...@sandelman.ca>; headshog 
<craaaaaach...@gmail.com>; cauldwell.tho...@gmail.com
Subject: RE: Accurate ECN support in tcpdump/libpcap

(Adding everyone who has participated in the discussion so far, since it seems 
that tcpdump-workers mailman is not working, as well as a number of additional 
recent committers and participants)

Hi Francois,

I do not think there is ambiguity here.

Tcpdump - any every tool afterwards - has been using "." for ACKs.

"N" had been in (very rare) use for the NS bit (RFC3540), which is now obsolete 
 While this is the same bit (and arguably, the authors of RFC3540 could have 
made more effort to get that bit adopted in tooling back in 2001-2003), the 
semantics are dramatically different than the current use.

"A" has never been in use before, as a single character abbreviation, and is in 
use for the last 2+ years in other tooling around packet mangling, tracing, 
decoding and forging such as wireshark and packetdrill...
(and yes, I did let the ball drop with tcpdump for a couple months, when all 
the other tools were updated reflecting the "A" char change there, which was 
completely uncontentious in those communities).

I suspect it would create more confusion, if tcpdump was using a different 
mapping, than other tools (just like with the "." for Ack, which is in common 
use throughout those very same tools).

Another interesting aspect which I would be keen on learning, if per-session 
stateful decoding is something that the tcpdump community would entertain. Once 
the AccECN handshake (in a SYN) was seen, subsequently the AE, ECE and CWR bits 
together form the ACE counter. In packetdrill and also wireshark this gets then 
decoded numerically (0..7) instead of having one character per bit...

Best regards,

-----Original Message-----
From: Francois-Xavier Le Bail <devel.fx.leb...@orange.fr> 
Sent: Freitag, 18. August 2023 13:20
To: Scheffenegger, Richard <richard.scheffeneg...@netapp.com>; 
Subject: Re: Accurate ECN support in tcpdump/libpcap

NetApp Security WARNING: This is an external email. Do not click links or open 
attachments unless you recognize the sender and know the content is safe.

On 18/08/2023 09:55, Scheffenegger, Richard wrote:
> Hi,
> I’ve been asked to reach out to this mailing list, to gather some feedback 
> around the support for tcpdump to properly decode the upcoming (WGLC) 
> Accurate ECN signalling enhancement, which is part of the L4S (low loss, low 
> latency, scalable) effort, ultimately culminating in a variant of TCP called 
> TCP Prague:
> Here is the change to tcpdump – adding the additional “A” TCP header flag 
> bit; Since the ACK bit has traditionally been mapped to “.”, and the 
> refurbished former Nonce bit #9 in the 12-bit TCP header flags field has been 
> named “AE” (Accurate ecn Enable), the code changes to other tools such as 
> Wireshark and Packetdrill are using the mapping to the character “A” (or 
> decode Accurate ECN stateful into the ACE counter value of 0..7)


Even if tcpdump prints the "ACK" flag with a ".", "A" is ambiguous precisely 
because of "ACK".
We should use "N" for the new flag, last letter of "Accurate ECN", to avoid 
this ambiguity, as already suggested in a PR comment.

--- End Message ---
tcpdump-workers mailing list -- tcpdump-workers@lists.tcpdump.org
To unsubscribe send an email to tcpdump-workers-le...@lists.tcpdump.org

Reply via email to