udplite.rst 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291
  1. .. SPDX-License-Identifier: GPL-2.0
  2. ================================
  3. The UDP-Lite protocol (RFC 3828)
  4. ================================
  5. UDP-Lite is a Standards-Track IETF transport protocol whose characteristic
  6. is a variable-length checksum. This has advantages for transport of multimedia
  7. (video, VoIP) over wireless networks, as partly damaged packets can still be
  8. fed into the codec instead of being discarded due to a failed checksum test.
  9. This file briefly describes the existing kernel support and the socket API.
  10. For in-depth information, you can consult:
  11. - The UDP-Lite Homepage:
  12. http://web.archive.org/web/%2E/http://www.erg.abdn.ac.uk/users/gerrit/udp-lite/
  13. From here you can also download some example application source code.
  14. - The UDP-Lite HOWTO on
  15. http://web.archive.org/web/%2E/http://www.erg.abdn.ac.uk/users/gerrit/udp-lite/files/UDP-Lite-HOWTO.txt
  16. - The Wireshark UDP-Lite WiKi (with capture files):
  17. https://wiki.wireshark.org/Lightweight_User_Datagram_Protocol
  18. - The Protocol Spec, RFC 3828, http://www.ietf.org/rfc/rfc3828.txt
  19. 1. Applications
  20. ===============
  21. Several applications have been ported successfully to UDP-Lite. Ethereal
  22. (now called wireshark) has UDP-Litev4/v6 support by default.
  23. Porting applications to UDP-Lite is straightforward: only socket level and
  24. IPPROTO need to be changed; senders additionally set the checksum coverage
  25. length (default = header length = 8). Details are in the next section.
  26. 2. Programming API
  27. ==================
  28. UDP-Lite provides a connectionless, unreliable datagram service and hence
  29. uses the same socket type as UDP. In fact, porting from UDP to UDP-Lite is
  30. very easy: simply add ``IPPROTO_UDPLITE`` as the last argument of the
  31. socket(2) call so that the statement looks like::
  32. s = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDPLITE);
  33. or, respectively,
  34. ::
  35. s = socket(PF_INET6, SOCK_DGRAM, IPPROTO_UDPLITE);
  36. With just the above change you are able to run UDP-Lite services or connect
  37. to UDP-Lite servers. The kernel will assume that you are not interested in
  38. using partial checksum coverage and so emulate UDP mode (full coverage).
  39. To make use of the partial checksum coverage facilities requires setting a
  40. single socket option, which takes an integer specifying the coverage length:
  41. * Sender checksum coverage: UDPLITE_SEND_CSCOV
  42. For example::
  43. int val = 20;
  44. setsockopt(s, SOL_UDPLITE, UDPLITE_SEND_CSCOV, &val, sizeof(int));
  45. sets the checksum coverage length to 20 bytes (12b data + 8b header).
  46. Of each packet only the first 20 bytes (plus the pseudo-header) will be
  47. checksummed. This is useful for RTP applications which have a 12-byte
  48. base header.
  49. * Receiver checksum coverage: UDPLITE_RECV_CSCOV
  50. This option is the receiver-side analogue. It is truly optional, i.e. not
  51. required to enable traffic with partial checksum coverage. Its function is
  52. that of a traffic filter: when enabled, it instructs the kernel to drop
  53. all packets which have a coverage _less_ than this value. For example, if
  54. RTP and UDP headers are to be protected, a receiver can enforce that only
  55. packets with a minimum coverage of 20 are admitted::
  56. int min = 20;
  57. setsockopt(s, SOL_UDPLITE, UDPLITE_RECV_CSCOV, &min, sizeof(int));
  58. The calls to getsockopt(2) are analogous. Being an extension and not a stand-
  59. alone protocol, all socket options known from UDP can be used in exactly the
  60. same manner as before, e.g. UDP_CORK or UDP_ENCAP.
  61. A detailed discussion of UDP-Lite checksum coverage options is in section IV.
  62. 3. Header Files
  63. ===============
  64. The socket API requires support through header files in /usr/include:
  65. * /usr/include/netinet/in.h
  66. to define IPPROTO_UDPLITE
  67. * /usr/include/netinet/udplite.h
  68. for UDP-Lite header fields and protocol constants
  69. For testing purposes, the following can serve as a ``mini`` header file::
  70. #define IPPROTO_UDPLITE 136
  71. #define SOL_UDPLITE 136
  72. #define UDPLITE_SEND_CSCOV 10
  73. #define UDPLITE_RECV_CSCOV 11
  74. Ready-made header files for various distros are in the UDP-Lite tarball.
  75. 4. Kernel Behaviour with Regards to the Various Socket Options
  76. ==============================================================
  77. To enable debugging messages, the log level need to be set to 8, as most
  78. messages use the KERN_DEBUG level (7).
  79. 1) Sender Socket Options
  80. If the sender specifies a value of 0 as coverage length, the module
  81. assumes full coverage, transmits a packet with coverage length of 0
  82. and according checksum. If the sender specifies a coverage < 8 and
  83. different from 0, the kernel assumes 8 as default value. Finally,
  84. if the specified coverage length exceeds the packet length, the packet
  85. length is used instead as coverage length.
  86. 2) Receiver Socket Options
  87. The receiver specifies the minimum value of the coverage length it
  88. is willing to accept. A value of 0 here indicates that the receiver
  89. always wants the whole of the packet covered. In this case, all
  90. partially covered packets are dropped and an error is logged.
  91. It is not possible to specify illegal values (<0 and <8); in these
  92. cases the default of 8 is assumed.
  93. All packets arriving with a coverage value less than the specified
  94. threshold are discarded, these events are also logged.
  95. 3) Disabling the Checksum Computation
  96. On both sender and receiver, checksumming will always be performed
  97. and cannot be disabled using SO_NO_CHECK. Thus::
  98. setsockopt(sockfd, SOL_SOCKET, SO_NO_CHECK, ... );
  99. will always will be ignored, while the value of::
  100. getsockopt(sockfd, SOL_SOCKET, SO_NO_CHECK, &value, ...);
  101. is meaningless (as in TCP). Packets with a zero checksum field are
  102. illegal (cf. RFC 3828, sec. 3.1) and will be silently discarded.
  103. 4) Fragmentation
  104. The checksum computation respects both buffersize and MTU. The size
  105. of UDP-Lite packets is determined by the size of the send buffer. The
  106. minimum size of the send buffer is 2048 (defined as SOCK_MIN_SNDBUF
  107. in include/net/sock.h), the default value is configurable as
  108. net.core.wmem_default or via setting the SO_SNDBUF socket(7)
  109. option. The maximum upper bound for the send buffer is determined
  110. by net.core.wmem_max.
  111. Given a payload size larger than the send buffer size, UDP-Lite will
  112. split the payload into several individual packets, filling up the
  113. send buffer size in each case.
  114. The precise value also depends on the interface MTU. The interface MTU,
  115. in turn, may trigger IP fragmentation. In this case, the generated
  116. UDP-Lite packet is split into several IP packets, of which only the
  117. first one contains the L4 header.
  118. The send buffer size has implications on the checksum coverage length.
  119. Consider the following example::
  120. Payload: 1536 bytes Send Buffer: 1024 bytes
  121. MTU: 1500 bytes Coverage Length: 856 bytes
  122. UDP-Lite will ship the 1536 bytes in two separate packets::
  123. Packet 1: 1024 payload + 8 byte header + 20 byte IP header = 1052 bytes
  124. Packet 2: 512 payload + 8 byte header + 20 byte IP header = 540 bytes
  125. The coverage packet covers the UDP-Lite header and 848 bytes of the
  126. payload in the first packet, the second packet is fully covered. Note
  127. that for the second packet, the coverage length exceeds the packet
  128. length. The kernel always re-adjusts the coverage length to the packet
  129. length in such cases.
  130. As an example of what happens when one UDP-Lite packet is split into
  131. several tiny fragments, consider the following example::
  132. Payload: 1024 bytes Send buffer size: 1024 bytes
  133. MTU: 300 bytes Coverage length: 575 bytes
  134. +-+-----------+--------------+--------------+--------------+
  135. |8| 272 | 280 | 280 | 280 |
  136. +-+-----------+--------------+--------------+--------------+
  137. 280 560 840 1032
  138. ^
  139. *****checksum coverage*************
  140. The UDP-Lite module generates one 1032 byte packet (1024 + 8 byte
  141. header). According to the interface MTU, these are split into 4 IP
  142. packets (280 byte IP payload + 20 byte IP header). The kernel module
  143. sums the contents of the entire first two packets, plus 15 bytes of
  144. the last packet before releasing the fragments to the IP module.
  145. To see the analogous case for IPv6 fragmentation, consider a link
  146. MTU of 1280 bytes and a write buffer of 3356 bytes. If the checksum
  147. coverage is less than 1232 bytes (MTU minus IPv6/fragment header
  148. lengths), only the first fragment needs to be considered. When using
  149. larger checksum coverage lengths, each eligible fragment needs to be
  150. checksummed. Suppose we have a checksum coverage of 3062. The buffer
  151. of 3356 bytes will be split into the following fragments::
  152. Fragment 1: 1280 bytes carrying 1232 bytes of UDP-Lite data
  153. Fragment 2: 1280 bytes carrying 1232 bytes of UDP-Lite data
  154. Fragment 3: 948 bytes carrying 900 bytes of UDP-Lite data
  155. The first two fragments have to be checksummed in full, of the last
  156. fragment only 598 (= 3062 - 2*1232) bytes are checksummed.
  157. While it is important that such cases are dealt with correctly, they
  158. are (annoyingly) rare: UDP-Lite is designed for optimising multimedia
  159. performance over wireless (or generally noisy) links and thus smaller
  160. coverage lengths are likely to be expected.
  161. 5. UDP-Lite Runtime Statistics and their Meaning
  162. ================================================
  163. Exceptional and error conditions are logged to syslog at the KERN_DEBUG
  164. level. Live statistics about UDP-Lite are available in /proc/net/snmp
  165. and can (with newer versions of netstat) be viewed using::
  166. netstat -svu
  167. This displays UDP-Lite statistics variables, whose meaning is as follows.
  168. ============ =====================================================
  169. InDatagrams The total number of datagrams delivered to users.
  170. NoPorts Number of packets received to an unknown port.
  171. These cases are counted separately (not as InErrors).
  172. InErrors Number of erroneous UDP-Lite packets. Errors include:
  173. * internal socket queue receive errors
  174. * packet too short (less than 8 bytes or stated
  175. coverage length exceeds received length)
  176. * xfrm4_policy_check() returned with error
  177. * application has specified larger min. coverage
  178. length than that of incoming packet
  179. * checksum coverage violated
  180. * bad checksum
  181. OutDatagrams Total number of sent datagrams.
  182. ============ =====================================================
  183. These statistics derive from the UDP MIB (RFC 2013).
  184. 6. IPtables
  185. ===========
  186. There is packet match support for UDP-Lite as well as support for the LOG target.
  187. If you copy and paste the following line into /etc/protocols::
  188. udplite 136 UDP-Lite # UDP-Lite [RFC 3828]
  189. then::
  190. iptables -A INPUT -p udplite -j LOG
  191. will produce logging output to syslog. Dropping and rejecting packets also works.
  192. 7. Maintainer Address
  193. =====================
  194. The UDP-Lite patch was developed at
  195. University of Aberdeen
  196. Electronics Research Group
  197. Department of Engineering
  198. Fraser Noble Building
  199. Aberdeen AB24 3UE; UK
  200. The current maintainer is Gerrit Renker, <gerrit@erg.abdn.ac.uk>. Initial
  201. code was developed by William Stanislaus, <william@erg.abdn.ac.uk>.