rfc9868v3.txt   rfc9868.txt 
skipping to change at line 139 skipping to change at line 139
The following terminology is used in this document: The following terminology is used in this document:
IP datagram [RFC0791] [RFC8200]: An IP packet, composed of the IP IP datagram [RFC0791] [RFC8200]: An IP packet, composed of the IP
header (including any IPv4 options) and an IP payload area header (including any IPv4 options) and an IP payload area
(including any IPv6 extension headers or other shim headers). (including any IPv6 extension headers or other shim headers).
Must-support options: UDP Options that all implementations are Must-support options: UDP Options that all implementations are
required to support. Their use in individual UDP packets is required to support. Their use in individual UDP packets is
optional. optional.
SAFE options: UDP Options that are designed to be safe to ignore for SAFE Options: UDP Options that are designed to be safe to ignore for
a receiver that does not understand them. Such options do not a receiver that does not understand them. Such options do not
alter the UDP user data or signal a change in what its contents alter the UDP user data or signal a change in what its contents
represent. represent.
Socket pair: A pair of sockets defining a UDP exchange, defined by a Socket pair: A pair of sockets defining a UDP exchange, defined by a
remote socket and a local socket, each composed of an IP address remote socket and a local socket, each composed of an IP address
and UDP port number (most widely known from TCP [RFC0793], which and UDP port number (most widely known from TCP [RFC0793], which
has been obsoleted by [RFC9293]). has been obsoleted by [RFC9293]).
Surplus area: The area of an IP payload that follows a UDP packet; Surplus area: The area of an IP payload that follows a UDP packet;
skipping to change at line 165 skipping to change at line 165
UDP fragment: One or more components of a UDP packet and its UDP UDP fragment: One or more components of a UDP packet and its UDP
Options that enable transmission over multiple IP payloads, larger Options that enable transmission over multiple IP payloads, larger
than permitted by the maximum size of a single IP packet; note than permitted by the maximum size of a single IP packet; note
that each UDP fragment is itself transmitted as a UDP packet with that each UDP fragment is itself transmitted as a UDP packet with
its own options. its own options.
(UDP) User data: The user data field of a UDP packet [RFC0768]. (UDP) User data: The user data field of a UDP packet [RFC0768].
UDP Length: The length field of a UDP header [RFC0768]. UDP Length: The length field of a UDP header [RFC0768].
UNSAFE options: UDP Options that are not designed to be safely UNSAFE Options: UDP Options that are not designed to be safely
ignored by a receiver that does not understand them. Such options ignored by a receiver that does not understand them. Such options
could alter the UDP user data or signal a change in what its could alter the UDP user data or signal a change in what its
contents represent, but there are restrictions on how they can be contents represent, but there are restrictions on how they can be
transmitted; these restrictions are noted in Sections 10 and 12. transmitted; these restrictions are noted in Sections 10 and 12.
User: The upper layer application, protocol, or service that User: The upper layer application, protocol, or service that
produces and consumes content that UDP transfers. produces and consumes content that UDP transfers.
User datagram: A UDP packet, composed of a UDP header and UDP User datagram: A UDP packet, composed of a UDP header and UDP
payload; as discussed herein, that payload need not extend to the payload; as discussed herein, that payload need not extend to the
skipping to change at line 226 skipping to change at line 226
implied transport payload length, which this document leverages to implied transport payload length, which this document leverages to
support a trailer options field. support a trailer options field.
There are other ways to include additional header fields or options There are other ways to include additional header fields or options
in protocols that otherwise are not extensible. In particular, in- in protocols that otherwise are not extensible. In particular, in-
band encoding can be used to differentiate transport payload from band encoding can be used to differentiate transport payload from
additional fields, such as was proposed in [Hi15]. This approach can additional fields, such as was proposed in [Hi15]. This approach can
cause complications for interactions with legacy devices and is thus cause complications for interactions with legacy devices and is thus
not considered further in this document. not considered further in this document.
IPv6 Teredo extensions (TEs) [RFC4380] [RFC6081] use a similar IPv6 Teredo extensions [RFC4380] [RFC6081] use a similar
inconsistency between UDP and IPv6 packet lengths to support inconsistency between UDP and IPv6 packet lengths to support
trailers, but in this case, the values differ between the UDP header trailers, but in this case, the values differ between the UDP header
and an IPv6 length contained as the payload of the UDP user data. and an IPv6 length contained as the payload of the UDP user data.
This allows IPv6 trailers in the UDP user data but has no relation to This allows IPv6 trailers in the UDP user data but has no relation to
the surplus area discussed in this document. As a consequence, TEs the surplus area discussed in this document. As a consequence,
are compatible with UDP Options. Teredo extensions are compatible with UDP Options.
5. UDP Option Intended Uses 5. UDP Option Intended Uses
UDP Options can be used to provide a soft control plane to UDP. They UDP Options can be used to provide a soft control plane to UDP. They
enable capabilities available in other transport protocols, such as enable capabilities available in other transport protocols, such as
fragmentation and reassembly, that enable UDP frames larger than the fragmentation and reassembly, that enable UDP frames larger than the
IP MTU to traverse devices that rely on transport ports, e.g., IP MTU to traverse devices that rely on transport ports, e.g.,
Network Address Translations (NATs), without additional mechanisms or Network Address Translations (NATs), without additional mechanisms or
state. They add features that could, in the future, protect state. They add features that could, in the future, protect
transport integrity and validate source identity (authentication), as transport integrity and validate source identity (authentication), as
skipping to change at line 336 skipping to change at line 336
Finally, UDP Options do not attempt to match the number of zero- Finally, UDP Options do not attempt to match the number of zero-
length UDP datagrams received by legacy and option-aware receivers length UDP datagrams received by legacy and option-aware receivers
from a source using UDP fragmentation (see Section 11.4). Legacy from a source using UDP fragmentation (see Section 11.4). Legacy
receivers interpret every UDP fragment as a zero-length packet receivers interpret every UDP fragment as a zero-length packet
(because they do not perform reassembly), but option-aware receivers (because they do not perform reassembly), but option-aware receivers
would reassemble the packet as a non-zero-length packet. Zero-length would reassemble the packet as a non-zero-length packet. Zero-length
UDP packets have been used as "liveness" indicators (see Section 5 of UDP packets have been used as "liveness" indicators (see Section 5 of
[RFC8085]), but such use is dangerous because they lack unique [RFC8085]), but such use is dangerous because they lack unique
identifiers (the IPv6 base header has none, and the IPv4 ID field is identifiers (the IPv6 base header has none, and the IPv4 ID field is
deprecated for such use [RFC6994]). deprecated for such use [RFC6864]).
7. The UDP Option Area 7. The UDP Option Area
The UDP transport header includes demultiplexing and service The UDP transport header includes demultiplexing and service
identification (port numbers), an error detection checksum, and a identification (port numbers), an error detection checksum, and a
field that indicates the UDP datagram length (including UDP header). field that indicates the UDP datagram length (including UDP header).
The UDP Length field is typically redundant with the size of the The UDP Length field is typically redundant with the size of the
maximum space available as a transport protocol payload, as maximum space available as a transport protocol payload, as
determined by the IP header (see details in Section 18). The UDP determined by the IP header (see details in Section 18). The UDP
Option area is created when the UDP Length indicates a smaller Option area is created when the UDP Length indicates a smaller
skipping to change at line 375 skipping to change at line 375
|Version| IHL | DSCP |ECN| Total Length | |Version| IHL | DSCP |ECN| Total Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identification |Flags| Fragment Offset | | Identification |Flags| Fragment Offset |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Time to Live | Proto=17 (UDP)| Header Checksum | | Time to Live | Proto=17 (UDP)| Header Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source Address | | Source Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Destination Address | | Destination Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... zero or more IP Options (using space as indicated by IHL) ... ... zero or more IP options (using space as indicated by IHL) ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... zero or more shim headers (each indicating size) ... ... zero or more shim headers (each indicating size) ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| UDP Source Port | UDP Destination Port | | UDP Source Port | UDP Destination Port |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| UDP Length | UDP Checksum | | UDP Length | UDP Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1: IPv4 Datagram with UDP Header Figure 1: IPv4 Datagram with UDP Header
skipping to change at line 479 skipping to change at line 479
The OCS contains an optional one's complement sum that detects errors The OCS contains an optional one's complement sum that detects errors
in the surplus area, which is not otherwise covered by the UDP in the surplus area, which is not otherwise covered by the UDP
checksum, as detailed in Section 9. checksum, as detailed in Section 9.
The remainder of the surplus area consists of options, all except two The remainder of the surplus area consists of options, all except two
of which are defined using a TLV (type, length, and optional value) of which are defined using a TLV (type, length, and optional value)
syntax similar to that of TCP [RFC9293], as detailed in Section 10 syntax similar to that of TCP [RFC9293], as detailed in Section 10
(types No Operation (NOP) and End of Options List (EOL) have an (types No Operation (NOP) and End of Options List (EOL) have an
implicit length of one byte). These options continue until the end implicit length of one byte). These options continue until the end
of the surplus area or can end earlier using the EOL option, followed of the surplus area or can end earlier using the EOL Option, followed
by zeroes (discussed further in Section 10). by zeroes (discussed further in Section 10).
9. The Option Checksum (OCS) 9. The Option Checksum (OCS)
The Option Checksum (OCS) option is a conventional Internet checksum The Option Checksum (OCS) Option is a conventional Internet checksum
[RFC0791] that detects errors in the surplus area. The OCS option [RFC0791] that detects errors in the surplus area. The OCS Option
contains a 16-bit checksum that is aligned to the first 2-byte contains a 16-bit checksum that is aligned to the first 2-byte
boundary, preceded by zeroes for padding (if needed), as shown in boundary, preceded by zeroes for padding (if needed), as shown in
Figure 4. Figure 4.
+--------+--------+--------+--------+ +--------+--------+--------+--------+
| UDP data | 0 | | UDP data | 0 |
+--------+--------+--------+--------+ +--------+--------+--------+--------+
| OCS | UDP Options... | | OCS | UDP Options... |
+--------+--------+--------+--------+ +--------+--------+--------+--------+
skipping to change at line 575 skipping to change at line 575
When not used (i.e., containing zero), the OCS is assumed to be When not used (i.e., containing zero), the OCS is assumed to be
"correct" for the purpose of accepting UDP datagrams at a receiver "correct" for the purpose of accepting UDP datagrams at a receiver
(see Section 14). (see Section 14).
10. UDP Options 10. UDP Options
UDP Options are a minimum of two bytes in length as shown in UDP Options are a minimum of two bytes in length as shown in
Figure 5, except only the one-byte options No Operation (NOP) and End Figure 5, except only the one-byte options No Operation (NOP) and End
of Options List (EOL) described below. of Options List (EOL) described below.
+--------+--------+------- +--------+--------+------------~~------------+
| Kind | Length | (remainder of option...) | Kind | Length | (remainder of option...) |
+--------+--------+------- +--------+--------+------------~~------------+
Figure 5: UDP Option Default Format Figure 5: UDP Option Default Format
The Kind field is always one byte and is named after the The Kind field is always one byte and is named after the
corresponding TCP field (though other protocols refer to this as corresponding TCP field (though other protocols refer to this as
"Type"). The Length field, which indicates the length in bytes of "Type"). The Length field, which indicates the length in bytes of
the entire option, including Kind and Length, is one byte for all the entire option, including Kind and Length, is one byte for all
lengths below 255 (including the Kind and Length bytes). A Length of lengths below 255 (including the Kind and Length bytes). A Length of
255 indicates use of the UDP Option extended format shown in 255 indicates use of the UDP Option extended format shown in
Figure 6. The Extended Length field is a 16-bit field in network Figure 6. The Extended Length field is a 16-bit field in network
skipping to change at line 673 skipping to change at line 673
| 194-253 | | Unassigned-UNSAFE (assignable by IANA) | | 194-253 | | Unassigned-UNSAFE (assignable by IANA) |
+---------+----------+------------------------------------------+ +---------+----------+------------------------------------------+
| 254 | (varies) | RFC3692-style UNSAFE experiments (UEXP) | | 254 | (varies) | RFC3692-style UNSAFE experiments (UEXP) |
+---------+----------+------------------------------------------+ +---------+----------+------------------------------------------+
| 255 | | Reserved-UNSAFE | | 255 | | Reserved-UNSAFE |
+---------+----------+------------------------------------------+ +---------+----------+------------------------------------------+
Table 1 Table 1
Options indicated by Kind values in the range 0..191 are known as Options indicated by Kind values in the range 0..191 are known as
SAFE options because they do not interfere with use of that data by SAFE Options because they do not interfere with use of UDP user data
legacy endpoints or when the option is unsupported. Options by legacy endpoints or when the option is unsupported. Options
indicated by Kind values in the range 192..255 are known as UNSAFE indicated by Kind values in the range 192..255 are known as UNSAFE
options because they might interfere with use by legacy receiving Options because they might interfere with use by legacy receiving
endpoints (e.g., an option that alters the UDP data payload). endpoints (e.g., an option that alters the UDP data payload).
UNSAFE option nicknames are expected to begin with capital "U", which UNSAFE Option nicknames are expected to begin with capital "U", which
needs to be avoided for SAFE option nicknames (see Section 26). needs to be avoided for SAFE Option nicknames (see Section 26).
RESERVED and RESERVED-UNSAFE are not assignable by IANA and not RESERVED and RESERVED-UNSAFE are not assignable by IANA and not
otherwise defined at this time. The AUTH, UCMP, and UENC otherwise defined at this time. The AUTH, UCMP, and UENC
reservations are intended for all future options supporting reservations are intended for all future options supporting
authentication, compression, and encryption, respectively, and remain authentication, compression, and encryption, respectively, and remain
reserved until assigned for those uses. reserved until assigned for those uses.
Although the FRAG option modifies the original UDP payload contents Although the FRAG Option modifies the original UDP payload contents
(i.e., is UNSAFE with respect to the original UDP payload), it is (i.e., is UNSAFE with respect to the original UDP payload), it is
used only in subsequent fragments with zero-length UDP user data used only in subsequent fragments with zero-length UDP user data
payloads, thus is SAFE in actual use, as discussed further in payloads, thus is SAFE in actual use, as discussed further in
Section 11.4. Section 11.4.
These options are defined in the following subsections. Options 0 These options are defined in the following subsections. Options 0
and 1 use the same values as for TCP. and 1 use the same values as for TCP.
>> An endpoint supporting UDP Options MUST support those marked with >> An endpoint supporting UDP Options MUST support those marked with
an "*" above: EOL, NOP, APC, FRAG, MDS, MRDS, REQ, and RES. This an "*" above: EOL, NOP, APC, FRAG, MDS, MRDS, REQ, and RES. This
includes both recognizing and being able to generate these options if includes both recognizing and being able to generate these options if
configured to do so. These are called "must-support" options. configured to do so. These are called "must-support" options.
The set of must-support options is defined herein. New options are The set of must-support options is defined herein. New options are
not eligible for this designation. not eligible for this designation.
>> All other SAFE options (without an "*") MAY be implemented, and >> All other SAFE Options (without an "*") MAY be implemented, and
their use SHOULD be determined either out-of-band or negotiated, their use SHOULD be determined either out-of-band or negotiated,
notably if needed to detect when options are silently ignored by notably if needed to detect when options are silently ignored by
legacy receivers. legacy receivers.
>> Receivers supporting UDP Options MUST silently ignore unknown or >> Receivers supporting UDP Options MUST silently ignore unknown or
malformed SAFE options (i.e., in the same way a legacy receiver would malformed SAFE Options (i.e., in the same way a legacy receiver would
ignore all UDP Options). An option is malformed when its length does ignore all UDP Options). An option is malformed when its length does
not indicate (one of) the value(s) stated in the option's not indicate (one of) the value(s) stated in the option's
specification. A malformed FRAG option is an exception to this rule; specification. A malformed FRAG Option is an exception to this rule;
it SHALL be treated as an unsupported UNSAFE option. it SHALL be treated as an unsupported UNSAFE Option.
>> Options with inherently invalid Length field values, i.e., those >> Options with inherently invalid Length field values, i.e., those
that indicate underruns of the option itself or overruns of the that indicate underruns of the option itself or overruns of the
surplus area (pointing past the end of the IP payload), MUST be surplus area (pointing past the end of the IP payload), MUST be
treated as an indication of a malformed surplus area, and all options treated as an indication of a malformed surplus area, and all options
MUST silently be discarded. MUST silently be discarded.
Receivers cannot generally treat unexpected Option Lengths as Receivers cannot generally treat unexpected Option Lengths as
invalid, as this would unnecessarily limit future revision of options invalid, as this would unnecessarily limit future revision of options
(e.g., defining a new APC that is defined by having a different (e.g., defining a new APC that is defined by having a different
length). length).
>> When UNSAFE options are present, the UDP user data MUST be empty, >> When UNSAFE Options are present, the UDP user data MUST be empty,
and any transport payload MUST be contained in a FRAG option (see and any transport payload MUST be contained in a FRAG Option (see
Section 11.4). Recall that such options may alter the transport Section 11.4). Recall that such options may alter the transport
payload or signal a change in what its contents represent. This payload or signal a change in what its contents represent. This
restriction ensures their safe use in environments that might include restriction ensures their safe use in environments that might include
legacy receivers (see Section 12), because the transport payload legacy receivers (see Section 12), because the transport payload
occurs inside the FRAG option area and is silently discarded by occurs inside the FRAG Option area and is silently discarded by
legacy receivers. legacy receivers.
>> Receivers supporting UDP Options that receive unsupported options >> Receivers supporting UDP Options that receive unsupported options
in the UNSAFE range MUST terminate all option processing and MUST in the UNSAFE range MUST terminate all option processing and MUST
silently drop all UDP Options in that datagram. See Section 12 for silently drop all UDP Options in that datagram. See Section 12 for
further discussion of UNSAFE options. further discussion of UNSAFE Options.
>> Other than FRAG, NOP, EXP, and UEXP, each option SHOULD NOT occur >> Other than FRAG, NOP, EXP, and UEXP, each option SHOULD NOT occur
more than once in a single UDP datagram. If an option other than more than once in a single UDP datagram. If an option other than
these four occurs more than once, a receiver MUST interpret only the these four occurs more than once, a receiver MUST interpret only the
first instance of that option and MUST ignore later instances. first instance of that option and MUST ignore later instances.
Section 25 provides additional advice for Denial of Service (DoS) Section 25 provides additional advice for Denial of Service (DoS)
issues that involve large numbers of options, whether valid, unknown, issues that involve large numbers of options, whether valid, unknown,
or repeating. or repeating.
>> NOP MAY occur multiple times, either in succession or between >> NOP MAY occur multiple times, either in succession or between
skipping to change at line 774 skipping to change at line 774
zero; the OCS is always computed as if its contents are zero and zero; the OCS is always computed as if its contents are zero and
after the AUTH or UENC hash has been computed. after the AUTH or UENC hash has been computed.
>> Future options MUST NOT be defined as having an option field value >> Future options MUST NOT be defined as having an option field value
dependent on the content or presence of other options or on the dependent on the content or presence of other options or on the
remaining contents of the surplus area, i.e., the area after the last remaining contents of the surplus area, i.e., the area after the last
option (presumably EOL). option (presumably EOL).
If future options were to depend on the contents or presence of other If future options were to depend on the contents or presence of other
options, interactions between those values, the OCS, and the AUTH and options, interactions between those values, the OCS, and the AUTH and
UENC options could be unpredictable. This does not prohibit options UENC Options could be unpredictable. This does not prohibit options
that modify later options (in order of appearance within a packet), that modify later options (in order of appearance within a packet),
such as would typically be the case for compression (UCMP). such as would typically be the case for compression (UCMP).
Note that there is no need to reserve area after the last UDP Option Note that there is no need to reserve area after the last UDP Option
for future uses, because any such use can be supported by defining a for future uses, because any such use can be supported by defining a
new UDP Option over that area instead. Using an option for this new UDP Option over that area instead. Using an option for this
purpose is safer than treating the region as an exception, because purpose is safer than treating the region as an exception, because
its use can be verified based on option Kind and Length. its use can be verified based on option Kind and Length.
>> AUTH and UENC MUST NOT be used concurrently. >> AUTH and UENC MUST NOT be used concurrently.
skipping to change at line 802 skipping to change at line 802
logged for diagnostic purposes. logged for diagnostic purposes.
The requirement that must-support options come before others is The requirement that must-support options come before others is
intended to allow for endpoints to implement DoS protection, as intended to allow for endpoints to implement DoS protection, as
discussed further in Section 25. discussed further in Section 25.
11. SAFE UDP Options 11. SAFE UDP Options
SAFE UDP Options can be silently ignored by legacy receivers without SAFE UDP Options can be silently ignored by legacy receivers without
affecting the meaning of the UDP user data. They stand in contrast affecting the meaning of the UDP user data. They stand in contrast
to UNSAFE options, which modify UDP user data in ways that render it to UNSAFE Options, which modify UDP user data in ways that render it
unusable by legacy receivers (Section 12). The following subsections unusable by legacy receivers (Section 12). The following subsections
describe SAFE options defined in this document. describe SAFE Options defined in this document.
11.1. End of Options List (EOL) 11.1. End of Options List (EOL)
The End of Options List (EOL, Kind=0) option indicates that there are The End of Options List (EOL, Kind=0) option indicates that there are
no more options. It is used to indicate the end of the list of no more options. It is used to indicate the end of the list of
options without needing to use NOP options (see the following options without needing to use NOP Options (see the following
section) as padding to fill all available option space. section) as padding to fill all available option space.
+--------+ +--------+
| Kind=0 | | Kind=0 |
+--------+ +--------+
Figure 7: UDP EOL Option Format Figure 7: UDP EOL Option Format
>> When the UDP Options do not consume the entire surplus area or the >> When the UDP Options do not consume the entire surplus area or the
options area of a UDP fragment, the last non-NOP option MUST be EOL. options area of a UDP fragment, the last non-NOP Option MUST be EOL.
>> NOPs SHOULD NOT be used as padding before the EOL option. As a >> NOPs SHOULD NOT be used as padding before the EOL Option. As a
one-byte option, EOL need not be otherwise aligned. one-byte option, EOL need not be otherwise aligned.
>> All bytes after EOL in the surplus area or the options area of a >> All bytes after EOL in the surplus area or the options area of a
UDP fragment MUST be set to zero on transmit. UDP fragment MUST be set to zero on transmit.
>> Bytes after EOL in the surplus area or the options area of a UDP >> Bytes after EOL in the surplus area or the options area of a UDP
fragment MAY be checked as being zero on receipt but MUST NOT be fragment MAY be checked as being zero on receipt but MUST NOT be
otherwise processed (except for OCS calculation, which zeros would otherwise processed (except for OCS calculation, which zeros would
not affect) and MUST NOT be passed to the user. not affect) and MUST NOT be passed to the user.
skipping to change at line 876 skipping to change at line 876
consecutive NOPs SHOULD log such events, at least occasionally, as a consecutive NOPs SHOULD log such events, at least occasionally, as a
potential DoS indicator. potential DoS indicator.
NOPs are not reported to the user, whether used per-datagram or per- NOPs are not reported to the user, whether used per-datagram or per-
fragment (as defined in Section 11.4). fragment (as defined in Section 11.4).
This issue is discussed further in Section 25. This issue is discussed further in Section 25.
11.3. Additional Payload Checksum (APC) 11.3. Additional Payload Checksum (APC)
The Additional Payload Checksum (APC, Kind=2) option provides a The Additional Payload Checksum (APC, Kind=2) Option provides a
stronger supplement to the checksum in the UDP header, using a 32- stronger supplement to the checksum in the UDP header, using a 32-
bit Cyclic Redundancy Check (CRC) of the conventional UDP user data bit Cyclic Redundancy Check (CRC) of the conventional UDP user data
payload only (excluding the IP pseudoheader, UDP header, and surplus payload only (excluding the IP pseudoheader, UDP header, and surplus
area). It is not an alternative to the UDP checksum because it does area). It is not an alternative to the UDP checksum because it does
not cover the IP pseudoheader or UDP header, and it is not a not cover the IP pseudoheader or UDP header, and it is not a
supplement to the OCS because the latter covers the surplus area supplement to the OCS because the latter covers the surplus area
only. Its purpose is to detect user data errors that the UDP only. Its purpose is to detect user data errors that the UDP
checksum might not detect. checksum might not detect.
A CRC32c has been chosen because of its ubiquity and use in other A CRC32c has been chosen because of its ubiquity and use in other
skipping to change at line 941 skipping to change at line 941
treatment as UDP packets with incorrect APC Option checksum fields. treatment as UDP packets with incorrect APC Option checksum fields.
Ensuring that unrecognized APC lengths are treated as incorrect Ensuring that unrecognized APC lengths are treated as incorrect
checksums enables future variants of APC to be treated like APC. checksums enables future variants of APC to be treated like APC.
The APC is reported to the user and useful only per-datagram, because The APC is reported to the user and useful only per-datagram, because
fragments have no UDP user data. fragments have no UDP user data.
11.4. Fragmentation (FRAG) 11.4. Fragmentation (FRAG)
The Fragmentation (FRAG, Kind=3) option supports UDP fragmentation The Fragmentation (FRAG, Kind=3) Option supports UDP fragmentation
and reassembly, which can be used to transfer UDP messages larger and reassembly, which can be used to transfer UDP messages larger
than allowed by the IP Effective MTU for Receiving (EMTU_R) than allowed by the IP Effective MTU for Receiving (EMTU_R)
[RFC1122]. FRAG includes a copy of the same UDP transport ports in [RFC1122]. FRAG includes a copy of the same UDP transport ports in
each fragment, enabling them to traverse stateless Network Address each fragment, enabling them to traverse stateless Network Address
(and port) Translation (NAT) devices, in contrast to the behavior of (and port) Translation (NAT) devices, in contrast to the behavior of
IP fragments [RFC4787]. FRAG is typically used with the UDP MDS and IP fragments [RFC4787]. FRAG is typically used with the UDP MDS and
MRDS options to enable more efficient use of large messages, both at MRDS Options to enable more efficient use of large messages, both at
the UDP and IP layers. The design of FRAG is similar to that of the the UDP and IP layers. The design of FRAG is similar to that of the
IPv6 Fragmentation Header [RFC8200], except that the UDP variant uses IPv6 Fragmentation Header [RFC8200], except that the UDP variant uses
a 16-bit Offset measured in bytes, rather than IPv6's 13-bit Fragment a 16-bit Offset measured in bytes, rather than IPv6's 13-bit Fragment
Offset measured in 8-byte units. This UDP variant avoids creating Offset measured in 8-byte units. This UDP variant avoids creating
reserved fields. reserved fields.
The FRAG header also enables use of options that modify the contents The FRAG header also enables use of options that modify the contents
of the UDP payload, such as encryption (UENC, see Section 12.2). of the UDP payload, such as encryption (UENC, see Section 12.2).
Like FRAG, such options would not be safely used on UDP payloads Like FRAG, such options would not be safely used on UDP payloads
because they would be misinterpreted by legacy receivers. FRAG because they would be misinterpreted by legacy receivers. FRAG
skipping to change at line 970 skipping to change at line 970
unfragmented message (i.e., an "atomic" fragment at the UDP layer, unfragmented message (i.e., an "atomic" fragment at the UDP layer,
similar to atomic IP datagrams [RFC6864]). This is safe because FRAG similar to atomic IP datagrams [RFC6864]). This is safe because FRAG
hides the payload from legacy receivers by placing it within the hides the payload from legacy receivers by placing it within the
surplus area. surplus area.
>> When FRAG is present, it SHOULD come as early as possible in the >> When FRAG is present, it SHOULD come as early as possible in the
UDP Options list. UDP Options list.
When present, placing FRAG first can simplify some implementations, When present, placing FRAG first can simplify some implementations,
notably those using hardware acceleration that assume a fixed notably those using hardware acceleration that assume a fixed
location for the FRAG option. However, there are cases where FRAG location for the FRAG Option. However, there are cases where FRAG
cannot occur first, such as when combined with per-fragment UENC or cannot occur first, such as when combined with per-fragment UENC or
UCMP. In those cases, encryption or compression (or both) would UCMP. In those cases, encryption or compression (or both) would
precede FRAG when they also encrypt or compress the fragment option precede FRAG when they also encrypt or compress the fragment option
itself. Additional cases could include recoding, such as could be itself. Additional cases could include recoding, such as could be
used to support Forward Error Correction (FEC) over a group of used to support Forward Error Correction (FEC) over a group of
fragments. FRAG not being first might result in software (so-called fragments. FRAG not being first might result in software (so-called
"slow path") option processing or might also be accommodated via a "slow path") option processing or might also be accommodated via a
small set of known cases. small set of known cases.
>> When FRAG is present, the UDP user data MUST be empty. If the >> When FRAG is present, the UDP user data MUST be empty. If the
user data is not empty, all UDP Options MUST be silently ignored and user data is not empty, all UDP Options MUST be silently ignored and
the user data received MUST be sent to the user. the user data received MUST be sent to the user.
Legacy receivers interpret FRAG messages as zero-length user data UDP Legacy receivers interpret FRAG messages as zero-length user data UDP
packets (i.e., UDP Length field is 8, the length of just the UDP packets (i.e., UDP Length field is 8, the length of just the UDP
header), which would not affect the receiver unless the presence of header), which would not affect the receiver unless the presence of
the UDP packet itself were a signal (see Section 5 of [RFC8085]). In the UDP packet itself were a signal (see Section 5 of [RFC8085]). In
this manner, the FRAG option also helps hide UNSAFE options so they this manner, the FRAG Option also helps hide UNSAFE Options so they
can be used more safely in the presence of legacy receivers. can be used more safely in the presence of legacy receivers.
The FRAG option has two formats: non-terminal fragments use the The FRAG Option has two formats: non-terminal fragments use the
shorter variant (Figure 10) and terminal fragments use the longer shorter variant (Figure 10) and terminal fragments use the longer
(Figure 11). The latter includes stand-alone fragments, i.e., when (Figure 11). The latter includes stand-alone fragments, i.e., when
data is contained in the FRAG option but reassembly is not required. data is contained in the FRAG Option but reassembly is not required.
+--------+--------+--------+--------+ +--------+--------+--------+--------+
| Kind=3 | Len=10 | Frag. Start | | Kind=3 | Len=10 | Frag. Start |
+--------+--------+--------+--------+ +--------+--------+--------+--------+
| Identification | | Identification |
+--------+--------+--------+--------+ +--------+--------+--------+--------+
| Frag. Offset | | Frag. Offset |
+--------+--------+ +--------+--------+
Figure 10: UDP Non-Terminal FRAG Option Format Figure 10: UDP Non-Terminal FRAG Option Format
Most fields are common to both FRAG option formats. The option Len Most fields are common to both FRAG Option formats. The option Len
field indicates whether there are more fragments (Len=10) or no more field indicates whether there are more fragments (Len=10) or no more
fragments (Len=12). fragments (Len=12).
The Frag. Start field indicates the location of the beginning of the The Frag. Start field indicates the location of the beginning of the
fragment data, measured from the beginning of the UDP header of the fragment data, measured from the beginning of the UDP header of the
fragment. The fragment data follows the remainder of the UDP Options fragment. The fragment data follows the remainder of the UDP Options
and continues to the end of the IP datagram (i.e., the end of the and continues to the end of the IP datagram (i.e., the end of the
surplus area). Those options (i.e., any that precede or follow the surplus area). Those options (i.e., any that precede or follow the
FRAG option) are applied to this UDP fragment. FRAG Option) are applied to this UDP fragment.
The Frag. Offset field indicates the location of this fragment The Frag. Offset field indicates the location of this fragment
relative to the original UDP datagram (prior to fragmentation or relative to the original UDP datagram (prior to fragmentation or
after reassembly), measured from the start of the original UDP after reassembly), measured from the start of the original UDP
datagram's header. datagram's header.
The Identification field is a 32-bit value that, when used in The Identification field is a 32-bit value that, when used in
combination with the IP source address, UDP source port, IP combination with the IP source address, UDP source port, IP
destination address, and UDP destination port, uniquely identifies destination address, and UDP destination port, uniquely identifies
the original UDP datagram. the original UDP datagram.
skipping to change at line 1037 skipping to change at line 1037
+--------+--------+--------+--------+ +--------+--------+--------+--------+
| Kind=3 | Len=12 | Frag. Start | | Kind=3 | Len=12 | Frag. Start |
+--------+--------+--------+--------+ +--------+--------+--------+--------+
| Identification | | Identification |
+--------+--------+--------+--------+ +--------+--------+--------+--------+
| Frag. Offset |Reass DgOpt Start| | Frag. Offset |Reass DgOpt Start|
+--------+--------+--------+--------+ +--------+--------+--------+--------+
Figure 11: UDP Non-Terminal FRAG Option Format Figure 11: UDP Non-Terminal FRAG Option Format
The terminal FRAG option format adds a Reassembled Datagram Option The terminal FRAG Option format adds a Reassembled Datagram Option
Start (RDOS) pointer, measured from the start of the original UDP Start (RDOS) pointer, measured from the start of the original UDP
datagram header, indicating the end of the reassembled data and the datagram header, indicating the end of the reassembled data and the
start of the surplus area within the original UDP datagram. UDP start of the surplus area within the original UDP datagram. UDP
Options that apply to the reassembled datagram are contained in the Options that apply to the reassembled datagram are contained in the
reassembled surplus area, as indicated by RDOS. UDP Options that reassembled surplus area, as indicated by RDOS. UDP Options that
occur within the fragment are processed on the fragment itself. This occur within the fragment are processed on the fragment itself. This
allows either pre-reassembly or post-reassembly UDP Option effects, allows either pre-reassembly or post-reassembly UDP Option effects,
such as using UENC on each fragment while also using TIME on the such as using UENC on each fragment while also using TIME on the
reassembled datagram for round-trip latency measurements. reassembled datagram for round-trip latency measurements.
skipping to change at line 1091 skipping to change at line 1091
| +-------------+------------+ | | +-------------+------------+ |
| | RDOS | Frag.Opts. | | | | RDOS | Frag.Opts. | |
'->+--|----------+------------+ | '->+--|----------+------------+ |
~ | Fragment Data ~ | ~ | Fragment Data ~ |
+--|----------+------------+ | +--|----------+------------+ |
| | | |
'----------------------------' '----------------------------'
Figure 12: UDP Fragments and Original UDP Datagram Figure 12: UDP Fragments and Original UDP Datagram
The FRAG option does not need a "more fragments" bit (as used by IP The FRAG Option does not need a "more fragments" bit (as used by IP
fragmentation) because it provides the same indication by using the fragmentation) because it provides the same indication by using the
longer, 12-byte variant, as shown in Figure 11. longer, 12-byte variant, as shown in Figure 11.
>> The FRAG option MAY be used on a single fragment; in which case, >> The FRAG Option MAY be used on a single fragment; in this case,
the Frag. Offset would be zero and the option would have the 12-byte the Frag. Offset would be zero and the option would have the 12-byte
format. format.
>> Endpoints supporting UDP Options MUST be capable of fragmenting >> Endpoints supporting UDP Options MUST be capable of fragmenting
and reassembling at least two fragments, each of a size that will fit and reassembling at least two fragments, each of a size that will fit
within the standard Ethernet MTU of 1,500 bytes. For further within the standard Ethernet MTU of 1,500 bytes. For further
details, please see Section 11.6. details, please see Section 11.6.
Use of the single fragment variant can be helpful in supporting use Use of the single fragment variant can be helpful in supporting use
of UNSAFE options without undesirable impact to receivers that do not of UNSAFE Options without undesirable impact to receivers that do not
support either UDP Options or the specific UNSAFE options. support either UDP Options or the specific UNSAFE Options.
During fragmentation, the UDP header checksum of each fragment During fragmentation, the UDP header checksum of each fragment
remains constant. It does not depend on the fragment data (which remains constant. It does not depend on the fragment data (which
appears in the surplus area) because all fragments have a zero- appears in the surplus area) because all fragments have a zero-
length user data field. length user data field.
>> The Identification field is a 32-bit value that MUST be unique >> The Identification field is a 32-bit value that MUST be unique
over the expected fragment reassembly timeout. over the expected fragment reassembly timeout.
>> The Identification field SHOULD be generated in a manner similar >> The Identification field SHOULD be generated in a manner similar
skipping to change at line 1158 skipping to change at line 1158
>> UDP reassembly space limits SHOULD NOT be computed as a shared >> UDP reassembly space limits SHOULD NOT be computed as a shared
resource across multiple sockets, to avoid cross-socket pair DoS resource across multiple sockets, to avoid cross-socket pair DoS
attacks. attacks.
>> Individual UDP fragments MUST NOT be forwarded to the user. The >> Individual UDP fragments MUST NOT be forwarded to the user. The
reassembled datagram is received only after complete reassembly, reassembled datagram is received only after complete reassembly,
checksum validation, and continued processing of the remaining UDP checksum validation, and continued processing of the remaining UDP
Options. Options.
Per-fragment UDP Options, if used in addition to FRAG, occur before Per-fragment UDP Options, if used in addition to FRAG, occur before
the fragment data. They typically occur after the FRAG option, the fragment data. They typically occur after the FRAG Option,
except where they modify the FRAG option itself (e.g., UENC or UCMP). except where they modify the FRAG Option itself (e.g., UENC or UCMP).
Per-fragment options are processed before the fragment is included in Per-fragment options are processed before the fragment is included in
the reassembled datagram. Such options can be useful to protect the the reassembled datagram. Such options can be useful to protect the
reassembly process itself, e.g., to prevent the reassembly cache from reassembly process itself, e.g., to prevent the reassembly cache from
being polluted (using AUTH or UENC). being polluted (using AUTH or UENC).
>> Fragments of a single datagram MAY use different sets of options. >> Fragments of a single datagram MAY use different sets of options.
It is expected to be computationally expensive to validate uniformity It is expected to be computationally expensive to validate uniformity
across all fragments, and there could be legitimate reasons for across all fragments, and there could be legitimate reasons for
including options in a fragment but not all fragments (e.g., MDS and including options in a fragment but not all fragments (e.g., MDS and
MRDS). MRDS).
If an option is used per-fragment but defined as not usable per- If an option is used per-fragment but defined as not usable per-
fragment, it is treated the same as any other unknown option. fragment, it is treated the same as any other unknown option.
Per-datagram UDP Options, if used, reside in the surplus area of the Per-datagram UDP Options, if used, reside in the surplus area of the
original UDP datagram. Processing of those options occurs after original UDP datagram. Processing of those options occurs after
reassembly is complete. This enables the safe use of UNSAFE options, reassembly is complete. This enables the safe use of UNSAFE Options,
which are required to result in discarding the entire UDP datagram if which are required to result in discarding the entire UDP datagram if
they are unknown to the receiver or otherwise fail (see Section 12). they are unknown to the receiver or otherwise fail (see Section 12).
In general, UDP packets are fragmented as follows: In general, UDP packets are fragmented as follows:
1. Create a UDP packet with data and UDP Options. This is the 1. Create a UDP packet with data and UDP Options. This is the
original UDP datagram, which we will call "D". The UDP Options original UDP datagram, which we will call "D". The UDP Options
follow the UDP user data and occur in the surplus area, just as follow the UDP user data and occur in the surplus area, just as
in an unfragmented UDP datagram with UDP Options. in an unfragmented UDP datagram with UDP Options.
skipping to change at line 1203 skipping to change at line 1203
the case if each fragment's UDP checksum is non-zero. Similarly, the case if each fragment's UDP checksum is non-zero. Similarly,
the OCS value of the original packet SHOULD be zero if each the OCS value of the original packet SHOULD be zero if each
fragment will have a non-zero OCS value, as will be the case if fragment will have a non-zero OCS value, as will be the case if
each fragment's UDP checksum is non-zero. each fragment's UDP checksum is non-zero.
2. Identify the desired fragment size, which we will call "S". This 2. Identify the desired fragment size, which we will call "S". This
value is calculated to take into account the path MTU (if known) value is calculated to take into account the path MTU (if known)
and to allow space for per-fragment options. and to allow space for per-fragment options.
3. Fragment "D" into chunks of size no larger than "S"-12 each (10 3. Fragment "D" into chunks of size no larger than "S"-12 each (10
for the non-terminal FRAG option and 2 for OCS), with one final for the non-terminal FRAG Option and 2 for OCS), with one final
chunk no larger than "S"-14 (12 for the terminal FRAG option and chunk no larger than "S"-14 (12 for the terminal FRAG Option and
2 for OCS). Note that all the per-datagram options in step #1 2 for OCS). Note that all the per-datagram options in step #1
need not be limited to the terminal fragment, i.e., the RDOS need not be limited to the terminal fragment, i.e., the RDOS
pointer can indicate the start of the original surplus area pointer can indicate the start of the original surplus area
anywhere in the reassembled datagram. anywhere in the reassembled datagram.
4. For each chunk of "D" in step #3, create a UDP packet with no 4. For each chunk of "D" in step #3, create a UDP packet with no
user data (UDP Length=8) followed by the word-aligned OCS, the user data (UDP Length=8) followed by the word-aligned OCS, the
FRAG option, and any additional per-fragment UDP Options, FRAG Option, and any additional per-fragment UDP Options,
followed by the FRAG data chunk. followed by the FRAG data chunk.
5. Complete the processing associated with creating these additional 5. Complete the processing associated with creating these additional
per-fragment UDP Options for each fragment. per-fragment UDP Options for each fragment.
Receivers reverse the above sequence. They process all received Receivers reverse the above sequence. They process all received
options in each fragment. When the FRAG option is encountered, the options in each fragment. When the FRAG Option is encountered, the
FRAG data is used in reassembly. After all fragments are received, FRAG data is used in reassembly. After all fragments are received,
the entire UDP packet is processed with any trailing UDP Options the entire UDP packet is processed with any trailing UDP Options
applying to the reassembled user data. applying to the reassembled user data.
>> Reassembly failures at the receiver result in silent discard of >> Reassembly failures at the receiver result in silent discard of
any per-fragment options and fragment contents, and such failures any per-fragment options and fragment contents, and such failures
SHOULD NOT generate zero-length frames to the user. SHOULD NOT generate zero-length frames to the user.
>> Finally, because fragmentation processing can be expensive, the >> Finally, because fragmentation processing can be expensive, the
FRAG option SHOULD be avoided unless the original datagram requires FRAG Option SHOULD be avoided unless the original datagram requires
fragmentation or it is needed for "safe" use of UNSAFE options. fragmentation or it is needed for "safe" use of UNSAFE Options.
>> The FRAG option MAY also be used to provide limited support for >> The FRAG Option MAY also be used to provide limited support for
UDP Options in systems that have access to only the initial portion UDP Options in systems that have access to only the initial portion
of the data in incoming or outgoing packets, as such systems could of the data in incoming or outgoing packets, as such systems could
potentially access per-fragment options. Such packets would, of potentially access per-fragment options. Such packets would, of
course, be silently ignored by legacy receivers that do not support course, be silently ignored by legacy receivers that do not support
UDP Options. UDP Options.
The presence of the FRAG option is not reported to the user. The presence of the FRAG Option is not reported to the user.
11.5. Maximum Datagram Size (MDS) 11.5. Maximum Datagram Size (MDS)
The Maximum Datagram Size (MDS, Kind=4) option is a 16-bit hint of The Maximum Datagram Size (MDS, Kind=4) Option is a 16-bit hint of
the largest UDP packet or UDP fragment that an endpoint believes can the largest UDP packet or UDP fragment that an endpoint believes can
be received without use of IP fragmentation. It helps UDP be received without use of IP fragmentation. It helps UDP
applications limit the largest UDP packet that can be sent without applications limit the largest UDP packet that can be sent without
UDP fragmentation and helps UDP fragmentation determine the largest UDP fragmentation and helps UDP fragmentation determine the largest
UDP fragment to send -- in both cases, to avoid IP fragmentation. UDP fragment to send -- in both cases, to avoid IP fragmentation.
As with the TCP Maximum Segment Size (MSS) option [RFC9293], the size As with the TCP Maximum Segment Size (MSS) Option [RFC9293], the size
indicated is the IP layer MTU decreased by the fixed IP and UDP indicated is the IP layer MTU decreased by the fixed IP and UDP
headers only [RFC9293]. The space needed for IP and UDP Options headers only [RFC9293]. The space needed for IP and UDP Options
needs to be adjusted by the sender when using the value indicated. needs to be adjusted by the sender when using the value indicated.
The value transmitted is based on EMTU_R, the largest IP datagram The value transmitted is based on EMTU_R, the largest IP datagram
that can be received (i.e., reassembled at the receiver) [RFC1122]. that can be received (i.e., reassembled at the receiver) [RFC1122].
However, as with TCP, this value is only a hint at what the receiver However, as with TCP, this value is only a hint at what the receiver
believes, as when used with PLPMTUD at the UDP layer, as discussed believes, as when used with PLPMTUD at the UDP layer, as discussed
later in this section. later in this section.
>> MDS does not indicate a known path MTU and thus MUST NOT be used >> MDS does not indicate a known path MTU and thus MUST NOT be used
skipping to change at line 1291 skipping to change at line 1291
Packetization Layer Path MTU (PLPMTU) value, though it MUST NOT Packetization Layer Path MTU (PLPMTU) value, though it MUST NOT
prohibit transmission of larger UDP packets used as DPLPMTUD probes. prohibit transmission of larger UDP packets used as DPLPMTUD probes.
MDS is reported to the user, whether used per-datagram or per- MDS is reported to the user, whether used per-datagram or per-
fragment (as defined in Section 11.4). When used per-fragment, the fragment (as defined in Section 11.4). When used per-fragment, the
reported value is the minimum of the MDS values received per- reported value is the minimum of the MDS values received per-
fragment. fragment.
11.6. Maximum Reassembled Datagram Size (MRDS) 11.6. Maximum Reassembled Datagram Size (MRDS)
The Maximum Reassembled Datagram Size (MRDS, Kind=5) option is a 16- The Maximum Reassembled Datagram Size (MRDS, Kind=5) Option is a 16-
bit indicator of the largest reassembled UDP datagram that can be bit indicator of the largest reassembled UDP datagram that can be
received, including the UDP header and any per-datagram UDP Options, received, including the UDP header and any per-datagram UDP Options,
accompanied by an 8-bit indication of how many UDP fragments can be accompanied by an 8-bit indication of how many UDP fragments can be
reassembled. The MRDS size field is the UDP equivalent of IP's reassembled. The MRDS size field is the UDP equivalent of IP's
EMTU_R, but the two are not related [RFC1122]. Using the FRAG option EMTU_R, but the two are not related [RFC1122]. Using the FRAG Option
(Section 11.4), UDP packets can be transmitted as transport (Section 11.4), UDP packets can be transmitted as transport
fragments, each in their own (presumably not fragmented) IP datagram, fragments, each in their own (presumably not fragmented) IP datagram,
and be reassembled at the UDP layer. MRDS segs is the number of UDP and be reassembled at the UDP layer. MRDS segs is the number of UDP
fragments that can be reassembled. fragments that can be reassembled.
+--------+--------+--------+--------+---------+ +--------+--------+--------+--------+---------+
| Kind=5 | Len=5 | MRDS size |MRDS segs| | Kind=5 | Len=5 | MRDS size |MRDS segs|
+--------+--------+--------+--------+---------+ +--------+--------+--------+--------+---------+
Figure 14: UDP MRDS Option Format Figure 14: UDP MRDS Option Format
skipping to change at line 1330 skipping to change at line 1330
no IP options or extension headers and no UDP per-fragment options. no IP options or extension headers and no UDP per-fragment options.
Then, the size of the largest pre-fragmentation UDP packet that the Then, the size of the largest pre-fragmentation UDP packet that the
receiver will guarantee to accept is the smaller of the MRDS size and receiver will guarantee to accept is the smaller of the MRDS size and
(MMS_S - 12) * (MRDS segs) - 2 - (Total Per-Frag IP/UDP Options) + 8 (MMS_S - 12) * (MRDS segs) - 2 - (Total Per-Frag IP/UDP Options) + 8
where Total Per-Frag IP/UDP Options includes the size of all IP where Total Per-Frag IP/UDP Options includes the size of all IP
options and extension headers and all per-fragment UDP Options, options and extension headers and all per-fragment UDP Options,
except for OCS and FRAG, that are in the sequence of UDP fragments. except for OCS and FRAG, that are in the sequence of UDP fragments.
>> If no MRDS option has been received, a sender MUST assume that >> If no MRDS Option has been received, a sender MUST assume that
MRDS size is 2,926 bytes for IPv4 and 2,886 bytes for IPv6 and that MRDS size is 2,926 bytes for IPv4 and 2,886 bytes for IPv6 and that
MRDS segs is 2, i.e., the minimum values allowed. MRDS segs is 2, i.e., the minimum values allowed.
MRDS is reported to the user, whether used per-datagram or per- MRDS is reported to the user, whether used per-datagram or per-
fragment (as defined in Section 11.4). When used per-fragment, the fragment (as defined in Section 11.4). When used per-fragment, the
reported value is the minimum of the MRDS values received per- reported value is the minimum of the MRDS values received per-
fragment. fragment.
11.7. Echo Request (REQ) and Echo Response (RES) 11.7. Echo Request (REQ) and Echo Response (RES)
The echo Request (REQ, Kind=6) and echo Response (RES, Kind=7) The echo Request (REQ, Kind=6) and echo Response (RES, Kind=7)
options provides UDP packet-level acknowledgments as a capability for Options provide UDP packet-level acknowledgments as a capability for
use by upper layer protocols, e.g., user applications, libraries, use by upper layer protocols, e.g., user applications, libraries,
operating systems, etc. Both the REQ and RES are under the control operating systems, etc. Both the REQ and RES are under the control
of these upper layers, i.e., UDP Option support described in this of these upper layers, i.e., UDP Option support described in this
document never automatically responds to a REQ with a RES. Instead, document never automatically responds to a REQ with a RES. Instead,
the REQ is delivered to the upper layer, which decides whether and the REQ is delivered to the upper layer, which decides whether and
when to issue a RES. when to issue a RES.
One such use is described as part of DPLPMTUD [RFC9869]. This use One such use is described as part of DPLPMTUD [RFC9869]. This use
case is described as part of UDP Options but is logically considered case is described as part of UDP Options but is logically considered
to be a capability of an upper layer that uses UDP Options. The to be a capability of an upper layer that uses UDP Options. The
skipping to change at line 1369 skipping to change at line 1369
1 byte 1 byte 4 bytes 1 byte 1 byte 4 bytes
Figure 15: UDP REQ and RES Options Format Figure 15: UDP REQ and RES Options Format
>> As advice to upper layer protocol/library designers, when >> As advice to upper layer protocol/library designers, when
supporting REQ/RES and responding with a RES, the upper layer SHOULD supporting REQ/RES and responding with a RES, the upper layer SHOULD
respond with the most recently received REQ token. respond with the most recently received REQ token.
>> If the implementation includes a layer/library that produces and >> If the implementation includes a layer/library that produces and
consumes REQ/RES on behalf of the user/application, then that layer consumes REQ/RES on behalf of the user/application, then that layer
MUST be disabled by default; in which case, REQ/RES are simply sent MUST be disabled by default; in this case, REQ/RES are simply sent
upon request by the user/application and passed to it when received, upon request by the user/application and passed to it when received,
as with most other UDP Options. as with most other UDP Options.
For example, an application needs to explicitly enable the generation For example, an application needs to explicitly enable the generation
of a RES option by DPLPMTUD when using UDP Options [RFC9869]. of a RES Option by DPLPMTUD when using UDP Options [RFC9869].
>> The token transmitted in a RES option MUST be a token received in >> The token transmitted in a RES Option MUST be a token received in
a REQ option by the transmitter. This ensures that the response is a REQ Option by the transmitter. This ensures that the response is
to a received request. to a received request.
REQ and RES option kinds each appear at most once in each UDP packet, REQ and RES Option kinds each appear at most once in each UDP packet,
as with most other options. A single packet can include both as with most other options. A single packet can include both
options, though they would be otherwise unrelated to each other. options, though they would be otherwise unrelated to each other.
Note also that the FRAG option is not used when sending DPLPMTUD Note also that the FRAG Option is not used when sending DPLPMTUD
probes to determine a PLPMTU [RFC9869]. probes to determine a PLPMTU [RFC9869].
REQ and RES are reported to the user, whether used per-datagram or REQ and RES are reported to the user, whether used per-datagram or
per-fragment (as defined in Section 11.4). When used per-fragment, per-fragment (as defined in Section 11.4). When used per-fragment,
the reported value indicates the most recently received token. the reported value indicates the most recently received token.
11.8. Timestamp (TIME) 11.8. Timestamp (TIME)
Timestamps are provided as a capability to be used by applications Timestamps are provided as a capability to be used by applications
and other upper layer protocols. They are based on a notion of time and other upper layer protocols. They are based on a notion of time
as a monotonically non-decreasing unsigned integer, with wraparound. as a monotonically non-decreasing unsigned integer, with wraparound.
They are defined the same way as TCP Protection Against Wrapped They are defined the same way as TCP Protection Against Wrapped
Sequence (PAWS) numbers, i.e., "without any connection to [real- Sequence (PAWS) numbers, i.e., "without any connection to [real-
world, classical physics wall-clock] time" [RFC7323]. They are quite world, classical physics wall-clock] time" [RFC7323]. They are quite
similar to the behavior of relativistic time or the individual similar to the behavior of relativistic time or the individual
scalars of Lamport clocks [La78]. However, if desired, they can scalars of Lamport clocks [La78]. However, if desired, they can
correspond to real-world time, e.g., as used for round-trip time correspond to real-world time, e.g., as used for round-trip time
(RTT) estimation. This option makes no assertions as to which is the (RTT) estimation. This option makes no assertions as to which is the
case; the decision is up to the application layer using this option. case; the decision is up to the application layer using this option.
The Timestamp (TIME, Kind=8) option exchanges two four-byte unsigned The Timestamp (TIME, Kind=8) Option exchanges two four-byte unsigned
timestamp fields. It serves a similar purpose to TCP's Timestamp timestamp fields. It serves a similar purpose to TCP's Timestamp
(TS) option [RFC7323], enabling UDP to estimate the RTT between (TS) Option [RFC7323], enabling UDP to estimate the RTT between
hosts. For UDP, this RTT can be useful for establishing UDP fragment hosts. For UDP, this RTT can be useful for establishing UDP fragment
reassembly timeouts or transport-layer rate limiting [RFC8085]. reassembly timeouts or transport-layer rate limiting [RFC8085].
+--------+--------+------------------+------------------+ +--------+--------+------------------+------------------+
| Kind=8 | Len=10 | TSval | TSecr | | Kind=8 | Len=10 | TSval | TSecr |
+--------+--------+------------------+------------------+ +--------+--------+------------------+------------------+
1 byte 1 byte 4 bytes 4 bytes 1 byte 1 byte 4 bytes 4 bytes
Figure 16: UDP TIME Option Format Figure 16: UDP TIME Option Format
TS Value (TSval) and TS Echo Reply (TSecr) are used in a similar TS Value (TSval) and TS Echo Reply (TSecr) are used in a similar
manner to the TCP TS option [RFC7323]. On transmitted UDP packets manner to the TCP TS Option [RFC7323]. On transmitted UDP packets
using the option, TSval is always set based on the local "time" using the option, TSval is always set based on the local "time"
value. Received TSval and TSecr field contents are provided to the value. Received TSval and TSecr field contents are provided to the
application, which can pass the received TSval to be used as TSecr in application, which can pass the received TSval to be used as TSecr in
UDP messages sent in response (i.e., to echo the received TSval). A UDP messages sent in response (i.e., to echo the received TSval). A
received TSecr of zero indicates that the TSval was not echoed by the received TSecr of zero indicates that the TSval was not echoed by the
transmitter, i.e., from a previously received UDP packet. transmitter, i.e., from a previously received UDP packet.
>> TIME MAY use an RTT estimate based on non-zero Timestamp values as >> TIME MAY use an RTT estimate based on non-zero Timestamp values as
a hint for fragmentation reassembly, rate limiting, or other a hint for fragmentation reassembly, rate limiting, or other
mechanisms that benefit from such an estimate. mechanisms that benefit from such an estimate.
skipping to change at line 1469 skipping to change at line 1469
reported value is the minimum and maximum of each of the timestamp reported value is the minimum and maximum of each of the timestamp
values received per-fragment. values received per-fragment.
>> Use of TIME per-fragment is NOT RECOMMENDED. Exceptions include >> Use of TIME per-fragment is NOT RECOMMENDED. Exceptions include
supporting diagnostics on the reassembly process itself, which could supporting diagnostics on the reassembly process itself, which could
be more appropriate to handle within the UDP Option processing be more appropriate to handle within the UDP Option processing
implementation. implementation.
11.9. Authentication (AUTH), RESERVED Only 11.9. Authentication (AUTH), RESERVED Only
The Authentication (AUTH, Kind=9) option is reserved for all UDP The Authentication (AUTH, Kind=9) Option is reserved for all UDP
authentication mechanisms [To24]. AUTH is expected to cover the UDP authentication mechanisms [To24]. AUTH is expected to cover the UDP
user data and UDP Options, with possible additional coverage of the user data and UDP Options, with possible additional coverage of the
IP pseudoheader and UDP header and potentially also support for NAT IP pseudoheader and UDP header and potentially also support for NAT
traversal (i.e., by zeroing the remote socket -- the source IP traversal (i.e., by zeroing the remote socket -- the source IP
address and UDP port -- before computing the check), the latter in a address and UDP port -- before computing the check), the latter in a
similar manner as per TCP Authentication Option (TCP-AO) NAT similar manner as per TCP Authentication Option (TCP-AO) NAT
traversal [RFC6978]. traversal [RFC6978].
Like APC, AUTH is a SAFE option because it does not modify the UDP Like APC, AUTH is a SAFE Option because it does not modify the UDP
user data. AUTH could fail even where the user data has not been user data. AUTH could fail even where the user data has not been
corrupted, such as when its contents have been overwritten. Such corrupted, such as when its contents have been overwritten. Such
overwrites could be intentional and not widely known; defaulting to overwrites could be intentional and not widely known; defaulting to
silent ignore ensures that option-aware endpoints do not change how silent ignore ensures that option-aware endpoints do not change how
users or applications operate unless explicitly directed to do users or applications operate unless explicitly directed to do
otherwise. When a socket pair relies on AUTH, e.g., upon otherwise. When a socket pair relies on AUTH, e.g., upon
configuration of a security policy, this default is expected to be configuration of a security policy, this default is expected to be
overridden, where incoming packets without AUTH or with a failed AUTH overridden, where incoming packets without AUTH or with a failed AUTH
check would be silently dropped, such that only authenticated packets check would be silently dropped, such that only authenticated packets
would be sent to the user. This approach enables security checks for would be sent to the user. This approach enables security checks for
skipping to change at line 1500 skipping to change at line 1500
library. library.
A specification for using AUTH is expected to define the coordination A specification for using AUTH is expected to define the coordination
of AUTH security parameters and configuration of the socket pair when of AUTH security parameters and configuration of the socket pair when
those parameters are installed. That specification is expected to those parameters are installed. That specification is expected to
address rules for when AUTH is required upon transmission and when address rules for when AUTH is required upon transmission and when
the presence and correct validation of AUTH is required on reception. the presence and correct validation of AUTH is required on reception.
11.10. Experimental (EXP) 11.10. Experimental (EXP)
The Experimental (EXP, Kind=127) option is allocated for experiments The Experimental (EXP, Kind=127) Option is allocated for experiments
[RFC3692]. Only one such value is allocated because experiments are [RFC3692]. Only one such value is allocated because experiments are
expected to use an Experimental ID (ExID) to differentiate concurrent expected to use an Experimental ID (ExID) to differentiate concurrent
use for different purposes, using UDP ExIDs registered with IANA use for different purposes, using UDP ExIDs registered with IANA
according to the approach developed for TCP experimental options according to the approach developed for TCP experimental options
[RFC6994]. [RFC6994].
+----------+----------+----------+----------+ +----------+----------+----------+----------+
| Kind=127 | Len | UDP ExID | | Kind=127 | Len | UDP ExID |
+----------+----------+----------+----------+ +----------+----------+----------+----------+
| (option contents, as defined)... | | (option contents, as defined)... |
+----------+----------+----------+----------+ +----------+----------+----------+----------+
Figure 17: UDP EXP Option Format Figure 17: UDP EXP Option Format
>> The length of the Experimental option MUST be at least 4 to >> The length of the Experimental Option MUST be at least 4 to
account for the Kind, Len, and 16-bit UDP ExID (similar to TCP ExIDs account for the Kind, Len, and 16-bit UDP ExID (similar to TCP ExIDs
[RFC6994]). [RFC6994]).
The UDP EXP option uses only 16-bit ExIDs, unlike TCP ExIDs. In TCP, The UDP EXP Option uses only 16-bit ExIDs, unlike TCP ExIDs. In TCP,
the first 16 bits of the ExID is unique; the additional 16 bits, the first 16 bits of the ExID is unique; the additional 16 bits,
where present, are used to decrease the chance of the entire ExID where present, are used to decrease the chance of the entire ExID
occurring in legacy use of the TCP EXP option. This extended variant occurring in legacy use of the TCP EXP Option. This extended variant
provides no similar use for UDP EXP because ExIDs are required. provides no similar use for UDP EXP because ExIDs are required.
The UDP EXP option also includes an Extended Length format, where the The UDP EXP Option also includes an Extended Length format, where the
option Len is 255, followed by two bytes of Extended Length. option Len is 255, followed by two bytes of Extended Length.
+----------+----------+----------+----------+ +----------+----------+----------+----------+
| Kind=127 | 255 | Extended Length | | Kind=127 | 255 | Extended Length |
+----------+----------+----------+----------+ +----------+----------+----------+----------+
| UDP ExID |(option contents...) | | UDP ExID |(option contents...) |
+----------+----------+----------+----------+ +----------+----------+----------+----------+
Figure 18: UDP EXP Extended Option Format Figure 18: UDP EXP Extended Option Format
Assigned UDP Experimental IDs (ExIDs) are assigned from a combined UDP Experimental IDs (ExIDs) are assigned from a combined TCP/UDP
TCP/UDP ExID registry managed by IANA (see Section 26). Assigned ExID registry managed by IANA (see Section 26). Assigned ExIDs can
ExIDs can be used in either the EXP or UEXP options (see Section 12.3 be used in either the EXP or UEXP Options (see Section 12.3 for the
for the latter). latter).
12. UNSAFE Options 12. UNSAFE Options
UNSAFE options are not safe to ignore and can be used UNSAFE Options are not safe to ignore and can be used
unidirectionally or without soft-state confirmation of UDP Option unidirectionally or without soft-state confirmation of UDP Option
capability. They are always used only when the user data occurs capability. They are always used only when the user data occurs
inside a reassembled set of one or more UDP fragments, such that if inside a reassembled set of one or more UDP fragments, such that if
UDP fragmentation is not supported, the enclosed UDP user data would UDP fragmentation is not supported, the enclosed UDP user data would
be silently dropped anyway. be silently dropped anyway.
>> Applications using UNSAFE options SHOULD NOT also use zero-length >> Applications using UNSAFE Options SHOULD NOT also use zero-length
UDP packets as signals, because they will arrive when UNSAFE options UDP packets as signals, because they will arrive when UNSAFE Options
fail. Those that choose to allow such packets MUST account for such fail. Those that choose to allow such packets MUST account for such
events. events.
>> UNSAFE options MUST be used only as part of UDP fragments, used >> UNSAFE Options MUST be used only as part of UDP fragments, used
either per-fragment or after reassembly. either per-fragment or after reassembly.
>> Receivers supporting UDP Options MUST silently drop the UDP user >> Receivers supporting UDP Options MUST silently drop the UDP user
data of the reassembled datagram if any fragment or the entire data of the reassembled datagram if any fragment or the entire
datagram includes an UNSAFE option whose Kind is not supported or if datagram includes an UNSAFE Option whose Kind is not supported or if
an UNSAFE option appears outside the context of a fragment or an UNSAFE Option appears outside the context of a fragment or
reassembled fragments. reassembled fragments.
12.1. UNSAFE Compression (UCMP) 12.1. UNSAFE Compression (UCMP)
The UNSAFE Compression (UCMP, Kind=192) option is reserved for all The UNSAFE Compression (UCMP, Kind=192) Option is reserved for all
UDP compression mechanisms. UCMP is expected to cover the UDP user UDP compression mechanisms. UCMP is expected to cover the UDP user
data and some (e.g., later, in sequence) UDP Options. data and some (e.g., later, in sequence) UDP Options.
12.2. UNSAFE Encryption (UENC) 12.2. UNSAFE Encryption (UENC)
The UNSAFE Encryption (UENC, Kind=193) option is reserved for all UDP The UNSAFE Encryption (UENC, Kind=193) Option is reserved for all UDP
encryption mechanisms. UENC is expected to provide all of the encryption mechanisms. UENC is expected to provide all of the
services of the AUTH option (Section 11.9) and in addition to encrypt services of the AUTH Option (Section 11.9) and in addition to encrypt
the UDP user data and some (e.g., later or in sequence) UDP Options, the UDP user data and some (e.g., later or in sequence) UDP Options,
in a similar manner as TCP Authentication Option Extension for in a similar manner as TCP Authentication Option Extension for
Payload Encryption (TCP-AO-ENC) [To18]. Payload Encryption (TCP-AO-ENC) [To18].
12.3. UNSAFE Experimental (UEXP) 12.3. UNSAFE Experimental (UEXP)
The UNSAFE Experimental (UEXP, Kind=254) option is reserved for The UNSAFE Experimental (UEXP, Kind=254) Option is reserved for
experiments [RFC3692]. As with EXP, only one such UEXP value is experiments [RFC3692]. As with EXP, only one such UEXP value is
reserved because experiments are expected to use an Experimental ID reserved because experiments are expected to use an Experimental ID
(ExIDs) to differentiate concurrent use for different purposes, using (ExIDs) to differentiate concurrent use for different purposes, using
UDP ExIDs registered with IANA according to the approach developed UDP ExIDs registered with IANA according to the approach developed
for TCP experimental options [RFC6994]. for TCP experimental options [RFC6994].
Assigned ExIDs can be used with either the UEXP or EXP options. Assigned ExIDs can be used with either the UEXP or EXP Options.
13. Rules for Designing New Options 13. Rules for Designing New Options
The UDP Option Kind space allows for the definition of new options; The UDP Option Kind space allows for the definition of new options;
however, the currently defined options (including AUTH, UENC, and however, the currently defined options (including AUTH, UENC, and
UCMP) do not allow for arbitrary new options. The following is a UCMP) do not allow for arbitrary new options. The following is a
summary of rules for new options and their rationales: summary of rules for new options and their rationales:
>> New options MUST NOT be defined as "must-implement", i.e., they >> New options MUST NOT be defined as "must-implement", i.e., they
are not eligible for the asterisk ("*") designation used in are not eligible for the asterisk ("*") designation used in
skipping to change at line 1611 skipping to change at line 1611
This document defines the minimum set of "must-implement" UDP This document defines the minimum set of "must-implement" UDP
Options. All new options are included at the discretion of a given Options. All new options are included at the discretion of a given
implementation. implementation.
>> New options MUST NOT modify the content of options that precede >> New options MUST NOT modify the content of options that precede
them (in order of appearance and thus processing). them (in order of appearance and thus processing).
>> The fields of new options MUST NOT depend on the content of other >> The fields of new options MUST NOT depend on the content of other
options. options.
UNSAFE options can both depend on and vary user data content because UNSAFE Options can both depend on and vary user data content because
they are contained only inside UDP fragments and thus are processed they are contained only inside UDP fragments and thus are processed
only by receivers capable of handling UDP Options. only by receivers capable of handling UDP Options.
>> New options MUST NOT declare their order relative to other >> New options MUST NOT declare their order relative to other
options, whether new or old, even as a preference. options, whether new or old, even as a preference.
>> At the sender, new options MUST NOT modify UDP packet content >> At the sender, new options MUST NOT modify UDP packet content
anywhere outside their option field, excepting only those contained anywhere outside their option field, excepting only UNSAFE Options;
within the UNSAFE option; areas that need to remain unmodified areas that need to remain unmodified include the IP header, IP
include the IP header, IP options, UDP user data, and surplus area options, UDP user data, and surplus area (i.e., other options).
(i.e., other options).
>> Options MUST NOT be modified in transit. This includes those >> Options MUST NOT be modified in transit. This includes those
already defined as well as new options. already defined as well as new options.
>> New options MUST NOT require or allow that any UDP Options >> New options MUST NOT require or allow that any UDP Options
(including themselves) or the remaining surplus area be modified in (including themselves) or the remaining surplus area be modified in
transit. transit.
>> All options MUST indicate whether they can be used per-fragment >> All options MUST indicate whether they can be used per-fragment
and, if so, MUST also indicate how their success or failure is and, if so, MUST also indicate how their success or failure is
reported to the user. It is RECOMMENDED to support UDP Options for reported to the user. It is RECOMMENDED that new options be designed
each fragment; it is also RECOMMENDED that options used for each to support per-fragment use; it is also RECOMMENDED that options used
fragment be reported to the user as a finite aggregate (e.g., a sum, per-fragment be reported to the user as a finite aggregate (e.g., a
a flag, etc.) rather than individually. sum, a flag, etc.) rather than individually.
With one exception, UNSAFE options are used when UDP user data needs With one exception, UNSAFE Options are used when UDP user data needs
to be modified: to be modified:
* >> The FRAG option modifies UDP user data, splitting it across >> The FRAG Option modifies UDP user data, splitting it across
multiple IP packets. UNSAFE options MAY modify the UDP user data, multiple IP packets. UNSAFE Options MAY modify the UDP user data,
e.g., by encryption, compression, or other transformations. All e.g., by encryption, compression, or other transformations. All
other (SAFE) options MUST NOT modify the UDP user data. other (SAFE) options MUST NOT modify the UDP user data.
14. Option Inclusion and Processing 14. Option Inclusion and Processing
The following rules apply to option inclusion by senders and The following rules apply to option inclusion by senders and
processing by receivers. processing by receivers.
>> Senders MAY add any option, as configured by the API. >> Senders MAY add any option, as configured by the API.
>> All "must-support" options MUST be processed by receivers, if >> All "must-support" options MUST be processed by receivers, if
present (presuming UDP Options are supported at that receiver). present (presuming UDP Options are supported at that receiver).
>> Options that are not "must-support" options MAY, if present, be >> Options that are not "must-support" options MAY, if present, be
ignored by receivers, based, e.g., on API settings. ignored by receivers, based, e.g., on API settings.
>> All options MUST be processed by receivers in the order >> All options MUST be processed by receivers in the order
encountered in the options area. encountered in the options area.
>> Unless configuration settings direct otherwise, all options except >> Unless configuration settings direct otherwise, all options except
UNSAFE options MUST result in the UDP user data being passed to the UNSAFE Options MUST result in the UDP user data being passed to the
upper layer protocol or application, regardless of whether all upper layer protocol or application, regardless of whether all
options are processed, are supported, or succeed. options are processed, are supported, or succeed.
The basic premise is that, for options-aware endpoints, the sender The basic premise is that, for options-aware endpoints, the sender
decides what options to add and the receiver decides what options to decides what options to add and the receiver decides what options to
handle. Simply adding an option does not force work upon a receiver, handle. Simply adding an option does not force work upon a receiver,
with the exception of the "must-support" options. with the exception of the "must-support" options.
Upon receipt, the receiver checks various properties of the UDP Upon receipt, the receiver checks various properties of the UDP
packet and its options to decide whether to accept or drop the UDP packet and its options to decide whether to accept or drop the UDP
skipping to change at line 1691 skipping to change at line 1690
(OCS == 0 and UDP CS != 0) then (OCS == 0 and UDP CS != 0) then
deliver the UDP user data but ignore other options deliver the UDP user data but ignore other options
(this is required to emulate legacy behavior) (this is required to emulate legacy behavior)
if (OCS != 0 and OCS passes) or if (OCS != 0 and OCS passes) or
(OCS == 0 and UDP CS == 0) then (OCS == 0 and UDP CS == 0) then
deliver the UDP user data after parsing deliver the UDP user data after parsing
and processing the rest of the options, and processing the rest of the options,
regardless of whether each is supported or succeeds regardless of whether each is supported or succeeds
(again, this is required to emulate legacy behavior) (again, this is required to emulate legacy behavior)
The design of the UNSAFE options ensures that the resulting UDP data The design of the UNSAFE Options ensures that the resulting UDP data
will be silently dropped in both legacy receivers and options-aware will be silently dropped in both legacy receivers and options-aware
receivers that do not recognize those options. Again, note that this receivers that do not recognize those options. Again, note that this
still results in the delivery of a zero-length UDP packet. still results in the delivery of a zero-length UDP packet.
Options-aware receivers can drop UDP packets with option processing Options-aware receivers can drop UDP packets with option processing
errors via either an override of the default UDP processing or at the errors via either an override of the default UDP processing or at the
application layer. application layer.
That is, all options are treated the same, in that the transmitter That is, all options are treated the same, in that the transmitter
can add it as desired and the receiver has the option to require it can add it as desired and the receiver has the option to require it
skipping to change at line 1770 skipping to change at line 1769
* Extend the receive function to indicate the per-packet options and * Extend the receive function to indicate the per-packet options and
their parameters as received with the corresponding received their parameters as received with the corresponding received
datagram. Note that per-fragment options are handled within the datagram. Note that per-fragment options are handled within the
processing of each fragment. processing of each fragment.
>> Options and their processing status (success/fail) MUST be >> Options and their processing status (success/fail) MUST be
available to the user (i.e., application layer or upper layer available to the user (i.e., application layer or upper layer
protocol/service), both for the packet and for the fragment set, protocol/service), both for the packet and for the fragment set,
except for FRAG, NOP, and EOL; those three options are handled except for FRAG, NOP, and EOL; those three options are handled
within UDP Option processing only. As a reminder (from within UDP Option processing only. As a reminder (from
Section 14), all options except UNSAFE options MUST result in the Section 14), all options except UNSAFE Options MUST result in the
UDP user data being passed to the application layer (unless UDP user data being passed to the application layer (unless
overridden in the API), regardless of whether all options are overridden in the API), regardless of whether all options are
processed, supported, or succeed. processed, supported, or succeed.
* For fragments, success for an option is reported only when all * For fragments, success for an option is reported only when all
fragments succeed for that option. fragments succeed for that option.
>> Per-fragment option status reporting SHOULD default as needed >> Per-fragment option status reporting SHOULD default as needed
(e.g., not computed and/or not passed up to the upper layers) to (e.g., not computed and/or not passed up to the upper layers) to
minimize overhead unless actively requested (e.g., by the user/ minimize overhead unless actively requested (e.g., by the user/
application layer). application layer).
>> SAFE options associated with fragments are accumulated when >> SAFE Options associated with fragments are accumulated when
associated with the reassembled packet; values MAY be coalesced, associated with the reassembled packet; values MAY be coalesced,
e.g., to indicate that only an AUTH failure of a fragment e.g., to indicate that only an AUTH failure of a fragment
occurred, rather than not indicating the AUTH status of each occurred, rather than not indicating the AUTH status of each
fragment. fragment.
* Extend the send function to indicate the options to be added to * Extend the send function to indicate the options to be added to
the corresponding sent datagram. This includes indicating which the corresponding sent datagram. This includes indicating which
options apply to individual fragments vs. which apply to the UDP options apply to individual fragments vs. which apply to the UDP
packet prior to fragmentation, if fragmentation is enabled. This packet prior to fragmentation, if fragmentation is enabled. This
includes a minimum datagram length, such that the options list includes a minimum datagram length, such that the options list
skipping to change at line 1806 skipping to change at line 1805
DPLPMTUD, whether implemented at the application layer per DPLPMTUD, whether implemented at the application layer per
[RFC8899] or in conjunction with other UDP Options [RFC9869]. [RFC8899] or in conjunction with other UDP Options [RFC9869].
Examples of API instances for Linux and FreeBSD are provided in Examples of API instances for Linux and FreeBSD are provided in
Appendix A to encourage uniform cross-platform implementations. Appendix A to encourage uniform cross-platform implementations.
APIs are not intended to provide user control over option order, APIs are not intended to provide user control over option order,
especially on a per-packet basis, as this could create a covert especially on a per-packet basis, as this could create a covert
channel (see Section 25). Similarly, APIs are not intended to channel (see Section 25). Similarly, APIs are not intended to
provide user/application control over UDP fragment boundaries on a provide user/application control over UDP fragment boundaries on a
per-packet basis; although, they are expected to allow control over per-packet basis; they are, however, expected to allow control over
which options, including fragmentation, are enabled (or disabled) on which options, including fragmentation, are enabled (or disabled) on
a per-packet basis. Such control over fragmentation is critical to a per-packet basis. Such control over fragmentation is critical to
DPLPMTUD. DPLPMTUD.
16. UDP Options Are for Transport, Not Transit 16. UDP Options Are for Transport, Not Transit
UDP Options are indicated in the surplus area of the IP payload that UDP Options are indicated in the surplus area of the IP payload that
is not used by UDP. That area is really part of the IP payload, not is not used by UDP. That area is really part of the IP payload, not
the UDP payload, and as such, it might be tempting to consider the UDP payload, and as such, it might be tempting to consider
whether this is a generally useful approach to extending IP. whether this is a generally useful approach to extending IP.
skipping to change at line 1881 skipping to change at line 1880
any other form, because the entire payload of the UDP packet is any other form, because the entire payload of the UDP packet is
already defined as user data and there is no additional field in already defined as user data and there is no additional field in
which to indicate a surplus area for options. The UDP Length field which to indicate a surplus area for options. The UDP Length field
in UDP-Lite is already used to indicate the boundary between user in UDP-Lite is already used to indicate the boundary between user
data covered by the checksum and user data not covered. data covered by the checksum and user data not covered.
18. Interactions with Legacy Devices 18. Interactions with Legacy Devices
It has always been permissible for the UDP Length to be inconsistent It has always been permissible for the UDP Length to be inconsistent
with the IP transport payload length [RFC0768]. Such inconsistency with the IP transport payload length [RFC0768]. Such inconsistency
has been utilized in UDP-Lite using a different transport number. has been utilized in UDP-Lite using a different transport number
There are no known systems that use this inconsistency for UDP [RFC3828]. There are no known systems that use this inconsistency
[RFC3828]. It is possible that such use might interact with UDP for UDP. It is possible that such use might interact with UDP
Options, i.e., where legacy systems might generate UDP datagrams that Options, i.e., where legacy systems might generate UDP datagrams that
appear to have UDP Options. The OCS provides protection against such appear to have UDP Options. The OCS provides protection against such
events and is stronger than a static "magic number". events and is stronger than a static "magic number".
UDP Options have been tested as interoperable with Linux, macOS, and UDP Options have been tested as interoperable with Linux, macOS, and
Windows Cygwin and worked through NAT devices. These systems Windows Cygwin and worked through NAT devices. These systems
successfully delivered only the user data indicated by the UDP Length successfully delivered only the user data indicated by the UDP Length
field and silently discarded the surplus area. field and silently discarded the surplus area.
One reported embedded device passes the entire IP datagram to the UDP One reported embedded device passes the entire IP datagram to the UDP
application layer. Although this feature could enable application- application layer. Although this feature could enable application-
layer UDP Option processing, it would require that conventional UDP layer UDP Option processing, it would require that conventional UDP
user applications examine only the UDP user data. user applications examine only the UDP user data. This feature is
also inconsistent with the UDP application interface [RFC0768]
This feature is also inconsistent with the UDP application interface [RFC1122].
[RFC0768] [RFC1122].
It has been noted that Alcatel-Lucent's "Brick" Intrusion Detection It has been noted that Alcatel-Lucent's "Brick" Intrusion Detection
System has a default configuration that interprets inconsistencies System has a default configuration that interprets inconsistencies
between UDP Length and IP Length as an attack to be reported. Note between UDP Length and IP Length as an attack to be reported. Note
that other firewall systems, e.g., Check Point, use a default that other firewall systems, e.g., Check Point, use a default
"relaxed UDP Length verification" to avoid falsely interpreting this "relaxed UDP Length verification" to avoid falsely interpreting this
inconsistency as an attack. inconsistency as an attack.
There are known uses of UDP exchanges of zero-length UDP user data There are known uses of UDP exchanges of zero-length UDP user data
packets, notably in the TIME protocol [RFC0868]. The need to support packets, notably in the TIME protocol [RFC0868]. The need to support
skipping to change at line 1942 skipping to change at line 1940
>> All UDP Options that fail MUST result in the UDP data still being >> All UDP Options that fail MUST result in the UDP data still being
sent to the application layer by default to ensure equivalence with sent to the application layer by default to ensure equivalence with
legacy devices. legacy devices.
UDP Options that rely on soft-state exchange need to allow message UDP Options that rely on soft-state exchange need to allow message
reordering and loss, in the same way as UDP applications [RFC8085]. reordering and loss, in the same way as UDP applications [RFC8085].
The above requirements prevent using any option that cannot be safely The above requirements prevent using any option that cannot be safely
ignored unless it is hidden inside the FRAG area (i.e., UNSAFE ignored unless it is hidden inside the FRAG area (i.e., UNSAFE
options). Legacy systems also always need to be able to interpret Options). Legacy systems also always need to be able to interpret
the transport fragments as individual UDP packets. the transport fragments as individual UDP packets.
20. UDP Option State Caching 20. UDP Option State Caching
Some TCP connection parameters, stored in the TCP Control Block Some TCP connection parameters, stored in the TCP Control Block
(TCB), can be usefully shared either among concurrent connections or (TCB), can be usefully shared either among concurrent connections or
between connections in sequence, known as TCB sharing [RFC9040]. between connections in sequence, known as TCB sharing [RFC9040].
Although UDP is stateless, some of the options proposed herein could Although UDP is stateless, some of the options proposed herein could
have similar benefits in being shared or cached. We call this UCB have similar benefits in being shared or cached. We call this UCB
sharing, or UDP Control Block sharing, by analogy. Just as TCB sharing, or UDP Control Block sharing, by analogy. Just as TCB
skipping to change at line 2046 skipping to change at line 2044
options over multicast or broadcast IP requires careful options over multicast or broadcast IP requires careful
consideration, e.g., to ensure that the options used are safe for consideration, e.g., to ensure that the options used are safe for
different endpoints to interpret differently (e.g., either to support different endpoints to interpret differently (e.g., either to support
or silently ignore) or to ensure that all receivers of a multicast or or silently ignore) or to ensure that all receivers of a multicast or
broadcast group confirm support for the options in use. broadcast group confirm support for the options in use.
24. Network Management Considerations 24. Network Management Considerations
UDP Options use and configuration may be useful to track and manage UDP Options use and configuration may be useful to track and manage
remotely. IP Flow Information Export (IPFIX) [RFC7011] Information remotely. IP Flow Information Export (IPFIX) [RFC7011] Information
Elements for UDP Options have been defined in [Bo24]. Similar to Elements for UDP Options have been defined in [RFC9870]. Similar to
what has been done for TCP [RFC9648], a YANG model [RFC7950] for use what has been done for TCP [RFC9648], a YANG model [RFC7950] for use
by network management protocols (e.g., NETCONF [RFC6241] or RESTCONF by network management protocols (e.g., NETCONF [RFC6241] or RESTCONF
[RFC8040]) may be developed. Development of these models is outside [RFC8040]) may be developed. Development of these models is outside
the scope of this document. the scope of this document.
25. Security Considerations 25. Security Considerations
There are a number of security issues raised by the introduction of There are a number of security issues raised by the introduction of
options to UDP. Some are specific to this variant, but others are options to UDP. Some are specific to this variant, but others are
associated with any packet processing mechanism; all are discussed associated with any packet processing mechanism; all are discussed
skipping to change at line 2078 skipping to change at line 2076
UDP Options are not covered by DTLS [RFC9147]. Neither TLS [RFC8446] UDP Options are not covered by DTLS [RFC9147]. Neither TLS [RFC8446]
(Transport Layer Security for TCP) nor DTLS (TLS for UDP) protect the (Transport Layer Security for TCP) nor DTLS (TLS for UDP) protect the
transport layer; both operate as a shim layer solely on the user data transport layer; both operate as a shim layer solely on the user data
of transport packets, protecting only their contents. of transport packets, protecting only their contents.
Just as TLS does not protect the TCP header or its options, DTLS does Just as TLS does not protect the TCP header or its options, DTLS does
not protect the UDP header or the new options introduced by this not protect the UDP header or the new options introduced by this
document. Transport security is provided in TCP by the TCP document. Transport security is provided in TCP by the TCP
Authentication Option (TCP-AO) [RFC5925] and (when defined) in UDP by Authentication Option (TCP-AO) [RFC5925] and (when defined) in UDP by
the Authentication (AUTH) option (Section 11.9) and (when defined) the Authentication (AUTH) Option (Section 11.9) and (when defined)
the UNSAFE Encryption (UENC) option (Section 12). Transport headers the UNSAFE Encryption (UENC) Option (Section 12). Transport headers
are also protected as payload when using IP security (IPsec) are also protected as payload when using IP security (IPsec)
[RFC4301]. [RFC4301].
Some UDP Options are never passed to the receiving application, Some UDP Options are never passed to the receiving application,
notably FRAG, NOP, and EOL. They are not intended to convey notably FRAG, NOP, and EOL. They are not intended to convey
information, either by their presence (FRAG, EOL) or number (NOP). information, either by their presence (FRAG, EOL) or number (NOP).
It could also be useful to provide the options received in a It could also be useful to provide the options received in a
reference order (e.g., sorted by option number) to avoid the order of reference order (e.g., sorted by option number) to avoid the order of
options being used as a covert channel. options being used as a covert channel.
skipping to change at line 2183 skipping to change at line 2181
minimum fragment size, e.g., that non-terminal fragments are never be minimum fragment size, e.g., that non-terminal fragments are never be
smaller than 500 bytes. smaller than 500 bytes.
>> Implementations concerned with the potential for UDP fragmentation >> Implementations concerned with the potential for UDP fragmentation
introducing a vulnerability SHOULD implement limits on the number of introducing a vulnerability SHOULD implement limits on the number of
pending fragments. pending fragments.
25.5. Considerations for Providing UDP Security 25.5. Considerations for Providing UDP Security
UDP security is not intended to rely solely on transport layer UDP security is not intended to rely solely on transport layer
processing of options. UNSAFE options are the only type that share processing of options. UNSAFE Options are the only type that share
fate with the UDP data because of the way that data is hidden in the fate with the UDP data because of the way that data is hidden in the
surplus area until after those options are processed. All other surplus area until after those options are processed. All other
options default to being silently ignored at the transport layer but options default to being silently ignored at the transport layer but
could be dropped if that default is either overridden (e.g., by could be dropped if that default is either overridden (e.g., by
configuration) or discarded at the application layer (e.g., using configuration) or discarded at the application layer (e.g., using
information about the options processed that are passed along with information about the options processed that are passed along with
the UDP packet). the UDP packet).
Options providing UDP security, e.g., AUTH and UENC, require endpoint Options providing UDP security, e.g., AUTH and UENC, require endpoint
key and security parameter coordination, which UDP Options (being key and security parameter coordination, which UDP Options (being
skipping to change at line 2209 skipping to change at line 2207
to the user/application. to the user/application.
25.6. Considerations Regarding Middleboxes 25.6. Considerations Regarding Middleboxes
Some middleboxes operate as UDP relays, forwarding data between a UDP Some middleboxes operate as UDP relays, forwarding data between a UDP
socket and another transport socket by modifying the IP and/or UDP socket and another transport socket by modifying the IP and/or UDP
headers without properly acting as a protocol endpoint (i.e., an headers without properly acting as a protocol endpoint (i.e., an
application layer proxy). In such cases, a sender might add UDP application layer proxy). In such cases, a sender might add UDP
Options that could be stripped by the middlebox before the packet is Options that could be stripped by the middlebox before the packet is
forwarded to the second socket. A remote application will not forwarded to the second socket. A remote application will not
receive the options (for SAFE options, the payload data will be receive the options (for SAFE Options, the payload data will be
received; for UNSAFE options, the payload data will not be received). received; for UNSAFE Options, the payload data will not be received).
In such cases, the application will function as it would if In such cases, the application will function as it would if
communicating with a remote endpoint that does not support UDP communicating with a remote endpoint that does not support UDP
Options. Options.
Additionally, [Zu20] reports that packets containing UDP Options do Additionally, [Zu20] reports that packets containing UDP Options do
not traverse certain Internet paths; most likely, those options were not traverse certain Internet paths; most likely, those options were
stripped (e.g., by resetting the IP Length to correspond to the UDP stripped (e.g., by resetting the IP Length to correspond to the UDP
Length, truncating the surplus area) or packets with options were Length, truncating the surplus area) or packets with options were
dropped. UDP Options do not function over such paths. dropped. UDP Options do not function over such paths.
skipping to change at line 2232 skipping to change at line 2230
IANA has created the "User Datagram Protocol (UDP)" registry group, IANA has created the "User Datagram Protocol (UDP)" registry group,
which consists of the "UDP Option Kind Numbers" registry and a which consists of the "UDP Option Kind Numbers" registry and a
pointer to the unified "TCP/UDP Experimental Option Experiment pointer to the unified "TCP/UDP Experimental Option Experiment
Identifiers (TCP/UDP ExIDs)" registry. Note that the "TCP Identifiers (TCP/UDP ExIDs)" registry. Note that the "TCP
experimental IDs (ExIDs)" registry has been renamed as the "TCP/UDP experimental IDs (ExIDs)" registry has been renamed as the "TCP/UDP
Experimental Option Experiment Identifiers (TCP/UDP ExIDs)" registry, Experimental Option Experiment Identifiers (TCP/UDP ExIDs)" registry,
and is a unified registry for both TCP and UDP ExIDs. IANA has added and is a unified registry for both TCP and UDP ExIDs. IANA has added
the following note to the unified TCP/UDP ExID registry: the following note to the unified TCP/UDP ExID registry:
| Note 16-bit ExIDs can be used with either TCP or UDP; 32-bit ExIDs | 16-bit ExIDs can be used with either TCP or UDP; 32-bit ExIDs can
| can be used with TCP or their first 16 bits can be used with UDP. | be used with TCP or their first 16 bits can be used with UDP. Use
| Use with each transport (TCP, UDP) is indicated in the protocol | with each transport (TCP, UDP) is indicated in the protocol
| column, as defined in RFC 9868. | column, as defined in RFC 9868.
Initial values of the UDP Option Kind registry are as listed in Initial values of the "UDP Option Kind Numbers" registry are as
Section 10, including those both assigned and reserved. Additional listed in Section 10, including those both assigned and reserved.
values in this registry are to be assigned from the Unassigned values Additional values in this registry are to be assigned from the
in Section 10 by IESG Approval or Standards Action [RFC8126]. Those Unassigned values in Section 10 by IESG Approval or Standards Action
assignments are subject to the conditions set forth in this document, [RFC8126]. Those assignments are subject to the conditions set forth
particularly (but not limited to) those in Section 13. in this document, particularly (but not limited to) those in
Section 13.
>> Although option nicknames are not used in-band, new UNSAFE option >> Although option nicknames are not used in-band, new UNSAFE Option
names MUST commence with the capital letter "U" and new SAFE options names MUST commence with the capital letter "U" and new SAFE Options
MUST NOT commence with either uppercase or lowercase "U". MUST NOT commence with either uppercase or lowercase "U".
IANA has added the following note to the "UDP Option Kind Numbers" IANA has added the following note to the "UDP Option Kind Numbers"
indicating entries are mandatory to implement when UDP Options are indicating entries are mandatory to implement when UDP Options are
supported. No new options may be created that are mandatory to supported. No new options may be created that are mandatory to
implement in all UDP Options implementations. implement in all UDP Options implementations.
| Codepoints 0-7 MUST be supported on any implementation supporting | Codepoints 0-7 MUST be supported on any implementation supporting
| UDP Options. All others are supported at the discretion of each | UDP Options. All others are supported at the discretion of each
| implementation. | implementation.
skipping to change at line 2272 skipping to change at line 2271
maintain them separately. This new TCP/UDP ExIDs registry has maintain them separately. This new TCP/UDP ExIDs registry has
entries for both transports, although each codepoint needs to be entries for both transports, although each codepoint needs to be
explicitly defined for each transport protocol in which it is used, explicitly defined for each transport protocol in which it is used,
i.e., defining a codepoint in TCP does not imply it has a similar use i.e., defining a codepoint in TCP does not imply it has a similar use
in UDP. IANA has added a "Protocol" field to the registry and in UDP. IANA has added a "Protocol" field to the registry and
updated the current TCP ExIDs to be indicated as defined for TCP. updated the current TCP ExIDs to be indicated as defined for TCP.
New assignments are to indicate the transport for which it is New assignments are to indicate the transport for which it is
defined. defined.
TCP/UDP ExIDs can be used in either (or both) the UDP EXP TCP/UDP ExIDs can be used in either (or both) the UDP EXP
(Section 11.10) or UEXP (Section 12.3) options. TCP/UDP ExID entries (Section 11.10) or UEXP (Section 12.3) Options. TCP/UDP ExID entries
for use in UDP consist of a 16-bit ExID (in network-standard order), for use in UDP consist of a 16-bit ExID (in network-standard order),
and (as with the original TCP ExIDs) will preferentially also include and (as with the original TCP ExIDs) will preferentially also include
a short description and acronym for use in documentation. TCP/UDP a short description and acronym for use in documentation. TCP/UDP
ExIDs used for UDP are always 16 bits because their use in EXP and ExIDs used for UDP are always 16 bits because their use in EXP and
UEXP options is required and thus do not need a larger codepoint UEXP Options is required and thus do not need a larger codepoint
value to decrease the probability of accidental occurrence with non- value to decrease the probability of accidental occurrence with non-
ExID uses of the experimental options, as is the case with TCP ExIDs ExID uses of the experimental options, as is the case with TCP ExIDs
(e.g., when using 32-bit ExIDs). ExIDs defined solely for TCP (e.g., when using 32-bit ExIDs). ExIDs defined solely for TCP
options could be either 16 or 32 bits and all ExIDs (including now options could be either 16 or 32 bits and all ExIDs (including now
UDP) need to be unique in their first 16 bits, as originally UDP) need to be unique in their first 16 bits, as originally
described for TCP [RFC6994]. described for TCP [RFC6994].
Values in the TCP/UDP ExID registry are to be assigned by IANA using Values in the TCP/UDP ExID registry are to be assigned by IANA using
the First Come First Served (FCFS) policy [RFC8126], which applies to the First Come First Served (FCFS) policy [RFC8126], which applies to
both the ExID value and the acronym. UDP Options using these ExIDs both the ExID value and the acronym. UDP Options using these ExIDs
skipping to change at line 2324 skipping to change at line 2323
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC9869] Fairhurst, G. and T. Jones, "Datagram PLPMTUD for UDP [RFC9869] Fairhurst, G. and T. Jones, "Datagram PLPMTUD for UDP
Options", RFC 9869, DOI 10.17487/RFC9869, September 2025, Options", RFC 9869, DOI 10.17487/RFC9869, September 2025,
<https://www.rfc-editor.org/info/rfc9869>. <https://www.rfc-editor.org/info/rfc9869>.
27.2. Informative References 27.2. Informative References
[Bo24] Boucadair, M. and T. Reddy.K, "Export of UDP Options
Information in IP Flow Information Export (IPFIX)", Work
in Progress, Internet-Draft, draft-ietf-opsawg-tsvwg-udp-
ipfix-14, 22 July 2024,
<https://datatracker.ietf.org/doc/html/draft-ietf-opsawg-
tsvwg-udp-ipfix-14>.
[CERT18] CERT Coordination Center, "TCP implementations vulnerable [CERT18] CERT Coordination Center, "TCP implementations vulnerable
to Denial of Service", Vulnerability Note VU#962459, to Denial of Service", Vulnerability Note VU#962459,
Software Engineering Institute, CMU, 2018, Software Engineering Institute, CMU, 2018,
<https://www.kb.cert.org/vuls/id/962459>. <https://www.kb.cert.org/vuls/id/962459>.
[Fa18] Fairhurst, G., Jones, T., and R. Zullo, "Checksum [Fa18] Fairhurst, G., Jones, T., and R. Zullo, "Checksum
Compensation Options for UDP Options", Work in Progress, Compensation Options for UDP Options", Work in Progress,
Internet-Draft, draft-fairhurst-udp-options-cco-00, 19 Internet-Draft, draft-fairhurst-udp-options-cco-00, 19
October 2018, <https://datatracker.ietf.org/doc/html/ October 2018, <https://datatracker.ietf.org/doc/html/
draft-fairhurst-udp-options-cco-00>. draft-fairhurst-udp-options-cco-00>.
skipping to change at line 2551 skipping to change at line 2543
<https://www.rfc-editor.org/info/rfc9293>. <https://www.rfc-editor.org/info/rfc9293>.
[RFC9298] Schinazi, D., "Proxying UDP in HTTP", RFC 9298, [RFC9298] Schinazi, D., "Proxying UDP in HTTP", RFC 9298,
DOI 10.17487/RFC9298, August 2022, DOI 10.17487/RFC9298, August 2022,
<https://www.rfc-editor.org/info/rfc9298>. <https://www.rfc-editor.org/info/rfc9298>.
[RFC9648] Scharf, M., Jethanandani, M., and V. Murgai, "YANG Data [RFC9648] Scharf, M., Jethanandani, M., and V. Murgai, "YANG Data
Model for TCP", RFC 9648, DOI 10.17487/RFC9648, October Model for TCP", RFC 9648, DOI 10.17487/RFC9648, October
2024, <https://www.rfc-editor.org/info/rfc9648>. 2024, <https://www.rfc-editor.org/info/rfc9648>.
[RFC9870] Boucadair, M. and T. Reddy.K, "Export of UDP Options
Information in IP Flow Information Export (IPFIX)",
RFC 9870, DOI 10.17487/RFC9870, September 2025,
<https://www.rfc-editor.org/info/rfc9870>.
[To18] Touch, J. D., "A TCP Authentication Option Extension for [To18] Touch, J. D., "A TCP Authentication Option Extension for
Payload Encryption", Work in Progress, Internet-Draft, Payload Encryption", Work in Progress, Internet-Draft,
draft-touch-tcp-ao-encrypt-09, 19 July 2018, draft-touch-tcp-ao-encrypt-09, 19 July 2018,
<https://datatracker.ietf.org/doc/html/draft-touch-tcp-ao- <https://datatracker.ietf.org/doc/html/draft-touch-tcp-ao-
encrypt-09>. encrypt-09>.
[To24] Touch, J. D., "The UDP Authentication Option", Work in [To24] Touch, J. D., "The UDP Authentication Option", Work in
Progress, Internet-Draft, draft-touch-tsvwg-udp-auth-opt- Progress, Internet-Draft, draft-touch-tsvwg-udp-auth-opt-
00, 3 March 2024, <https://datatracker.ietf.org/doc/html/ 00, 3 March 2024, <https://datatracker.ietf.org/doc/html/
draft-touch-tsvwg-udp-auth-opt-00>. draft-touch-tsvwg-udp-auth-opt-00>.
skipping to change at line 2618 skipping to change at line 2615
Socket options (sockopt), cached for outgoing datagrams: Socket options (sockopt), cached for outgoing datagrams:
+==============+=============================+ +==============+=============================+
| Name | Meaning | | Name | Meaning |
+==============+=============================+ +==============+=============================+
| UDP_OPT | Enable UDP Options (at all) | | UDP_OPT | Enable UDP Options (at all) |
+--------------+-----------------------------+ +--------------+-----------------------------+
| UDP_OPT_OCS | Use UDP OCS | | UDP_OPT_OCS | Use UDP OCS |
+--------------+-----------------------------+ +--------------+-----------------------------+
| UDP_OPT_APC | Enable UDP APC option | | UDP_OPT_APC | Enable UDP APC Option |
+--------------+-----------------------------+ +--------------+-----------------------------+
| UDP_OPT_FRAG | Enable UDP fragmentation | | UDP_OPT_FRAG | Enable UDP fragmentation |
+--------------+-----------------------------+ +--------------+-----------------------------+
| UDP OPT MDS | Enable UDP MDS option | | UDP OPT MDS | Enable UDP MDS Option |
+--------------+-----------------------------+ +--------------+-----------------------------+
| UDP OPT MRDS | Enable UDP MRDS option | | UDP OPT MRDS | Enable UDP MRDS Option |
+--------------+-----------------------------+ +--------------+-----------------------------+
| UDP OPT REQ | Enable UDP REQ option | | UDP OPT REQ | Enable UDP REQ Option |
+--------------+-----------------------------+ +--------------+-----------------------------+
| UDP OPT RES | Enable UDP RES option | | UDP OPT RES | Enable UDP RES Option |
+--------------+-----------------------------+ +--------------+-----------------------------+
| UDP_OPT_TIME | Enable UDP TIME option | | UDP_OPT_TIME | Enable UDP TIME Option |
+--------------+-----------------------------+ +--------------+-----------------------------+
| UDP OPT AUTH | Enable UDP AUTH option | | UDP OPT AUTH | Enable UDP AUTH Option |
+--------------+-----------------------------+ +--------------+-----------------------------+
| UDP OPT EXP | Enable UDP EXP option | | UDP OPT EXP | Enable UDP EXP Option |
+--------------+-----------------------------+ +--------------+-----------------------------+
| UDP_OPT_UCMP | Enable UDP UCMP option | | UDP_OPT_UCMP | Enable UDP UCMP Option |
+--------------+-----------------------------+ +--------------+-----------------------------+
| UDP_OPT_UENC | Enable UDP UENC option | | UDP_OPT_UENC | Enable UDP UENC Option |
+--------------+-----------------------------+ +--------------+-----------------------------+
| UDP OPT UEXP | Enable UDP UEXP option | | UDP OPT UEXP | Enable UDP UEXP Option |
+--------------+-----------------------------+ +--------------+-----------------------------+
Table 3 Table 3
Send/sendto parameters: Send/sendto parameters:
* (Same as sysctl, with different prefixes) * (Same as sysctl, with different prefixes)
Connection parameters (per-socket pair cached state, part UCB): Connection parameters (per-socket pair cached state, part UCB):
+==============+======================+ +==============+======================+
| Name | Initial Value | | Name | Initial Value |
+==============+======================+ +==============+======================+
| opts_enabled | net.ipv4.udp_opt | | opts_enabled | net.ipv4.udp_opt |
+--------------+----------------------+ +--------------+----------------------+
| ocs_enabled | net.ipv4.udp_opt_ocs | | ocs_enabled | net.ipv4.udp_opt_ocs |
+--------------+----------------------+ +--------------+----------------------+
Table 4 Table 4
NB: The JUNK option is included for debugging purposes and is not NB: The JUNK Option is included for debugging purposes and is not
intended to be enabled otherwise. intended to be enabled otherwise.
System variables: System variables:
net.ipv4.udp_opt_junk 0 net.ipv4.udp_opt_junk 0
System-level variables (sysctl): System-level variables (sysctl):
+=======================+=========+=====================+ +=======================+=========+=====================+
| Name | Default | Meaning | | Name | Default | Meaning |
skipping to change at line 2711 skipping to change at line 2708
| junk_len | 4 | | junk_len | 4 |
+--------------+-----------------------+ +--------------+-----------------------+
Table 7 Table 7
Acknowledgments Acknowledgments
This work benefitted from feedback from Erik Auerswald, Bob Briscoe, This work benefitted from feedback from Erik Auerswald, Bob Briscoe,
Ken Calvert, Ted Faber, Gorry Fairhurst (including OCS for errant Ken Calvert, Ted Faber, Gorry Fairhurst (including OCS for errant
middlebox traversal), C. M. Heard (editor of this document, including middlebox traversal), C. M. Heard (editor of this document, including
combining previous FRAG and LITE options into the new FRAG, as well combining previous FRAG and LITE Options into the new FRAG, as well
as Figure 12), Tom Herbert, Tom Jones, Mark Smith, Carl Williams, and as Figure 12), Tom Herbert, Tom Jones, Mark Smith, Carl Williams, and
Raffaele Zullo, as well as discussions on the IETF TSVWG and SPUD Raffaele Zullo, as well as discussions on the IETF TSVWG and SPUD
email lists. email lists.
This work was partly supported by USC/ISI's Postel Center. This work was partly supported by USC/ISI's Postel Center.
Authors' Addresses Authors' Addresses
Joe Touch Joe Touch
Independent Consultant Independent Consultant
 End of changes. 114 change blocks. 
161 lines changed or deleted 158 lines changed or added

This html diff was produced by rfcdiff 1.48.