An Update to the tcpControlBits IP
Flow Information Export (IPFIX) Information ElementOrangeRennes35000Francemohamed.boucadair@orange.comOperations and Management AreaTransportRFC 7125 revised the tcpControlBits IP Flow Information Export
(IPFIX) Information Element that was originally defined in RFC 5102 to
reflect changes to the TCP Flags header field since RFC 793. However,
that update is still problematic for interoperability because some
values were deprecated since then.This document updates RFC 7125 by removing stale information from the
IPFIX registry and avoiding conflicts with the authoritative TCP
registry.TCP defines a set of control bits (also known as "flags") for
managing connections. The "Transmission Control Protocol (TCP) Header
Flags" registry was initially set by , but
it was populated with only TCP control bits that were defined in . fixed that by
moving that registry to be listed as a subregistry under the
"Transmission Control Protocol (TCP) Parameters" registry, adding bits
that had previously been specified in ,
and removing the NS (Nonce Sum) bit as per . Also,
introduces "Bit Offset" to ease referencing each header flag's offset
within the 16-bit aligned view of the TCP header (Section 3.1 of ). is thus
settled as the authoritative reference for the assigned TCP control
bits. revised the tcpControlBits IP Flow
Information Export (IPFIX) Information Element that was originally
defined in to reflect changes to the TCP
Flags header field since . However, that
update is still problematic for interoperability because a value was
deprecated since then (Section 7 of ) and,
therefore, risks to deviate from the
authoritative registry .This document fixes that problem by removing stale information from
the IPFIX registry and avoiding future conflicts with the authoritative
TCP registry. Also, because the setting of control bits may be misused
in some flows (e.g., DDoS attacks), an exporter has to report all
observed control bits even if no meaning is currently associated with a
given flag. This document uses a stronger requirement language compared
to . See for
more details.The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP 14
when, and
only when, they appear in all capitals, as shown here.This document uses the terms defined in Section 2 of .This document updates Section 3 of as
follows:The values of each bit
are shown below, per the definition of the bits in the TCP header
[RFC3540]: As the most significant 4 bits
of octets 12 and 13 (counting from zero) of the TCP header are used to encode the TCP data offset
(header length), the corresponding bits in this Information Element
MUST be exported as zero and MUST be ignored by the collector. Use
the tcpHeaderLength Information Element to encode this value.Each of the 3 bits (0x800, 0x400, and 0x200), which
are reserved for future use in ,
SHOULD be exported as observed in the TCP headers of the packets of
this Flow.As per , the assignment of the TCP control bits is
managed by IANA from the "TCP Header Flags" registry . That registry is authoritative to
retrieve the most recent TCP control bits.As the most significant 4 bits of octets 12 and 13
(counting from zero) of the TCP header are used to encode the TCP data offset
(header length), the corresponding bits in this Information Element
MUST be exported as zero and MUST be ignored by the collector. Use
the tcpHeaderLength Information Element to encode this value.TCP control bits (including unassigned) MUST be
exported as observed in the TCP headers of the packets of this
Flow.IANA is requested to update the "tcpControlBits" entry of the as follows: Update the description of to reflect the change in .Add to the Additional
Information field.Add this document to the referencesThis document does not add new security considerations to those
already discussed in Section 5 of .This document was triggered by a discussion in opswag with the
authors of draft-ietf-opsawg-ipfix-srv6-srh.TCP Header FlagsIP Flow Information Export (IPFIX) Entities