[net-next-2.6.git] / Documentation / networking / udplite.txt

  ===========================================================================
                      The UDP-Lite protocol (RFC 3828)
  ===========================================================================


  UDP-Lite is a Standards-Track IETF transport protocol whose characteristic
  is a variable-length checksum. This has advantages for transport of multimedia
  (video, VoIP) over wireless networks, as partly damaged packets can still be
  fed into the codec instead of being discarded due to a failed checksum test.

  This file briefly describes the existing kernel support and the socket API.
  For in-depth information, you can consult:

   o The UDP-Lite Homepage: http://www.erg.abdn.ac.uk/users/gerrit/udp-lite/
       From here you can also download some example application source code.

   o The UDP-Lite HOWTO on
       http://www.erg.abdn.ac.uk/users/gerrit/udp-lite/files/UDP-Lite-HOWTO.txt

   o The Wireshark UDP-Lite WiKi (with capture files):
       http://wiki.wireshark.org/Lightweight_User_Datagram_Protocol

   o The Protocol Spec, RFC 3828, http://www.ietf.org/rfc/rfc3828.txt


  I) APPLICATIONS

  Several applications have been ported successfully to UDP-Lite. Ethereal
  (now called wireshark) has UDP-Litev4/v6 support by default. The tarball on

   http://www.erg.abdn.ac.uk/users/gerrit/udp-lite/files/udplite_linux.tar.gz

  has source code for several v4/v6 client-server and network testing examples.

  Porting applications to UDP-Lite is straightforward: only socket level and
  IPPROTO need to be changed; senders additionally set the checksum coverage
  length (default = header length = 8). Details are in the next section.


  II) PROGRAMMING API

  UDP-Lite provides a connectionless, unreliable datagram service and hence
  uses the same socket type as UDP. In fact, porting from UDP to UDP-Lite is
  very easy: simply add `IPPROTO_UDPLITE' as the last argument of the socket(2)
  call so that the statement looks like:

      s = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDPLITE);

                      or, respectively,

      s = socket(PF_INET6, SOCK_DGRAM, IPPROTO_UDPLITE);

  With just the above change you are able to run UDP-Lite services or connect
  to UDP-Lite servers. The kernel will assume that you are not interested in
  using partial checksum coverage and so emulate UDP mode (full coverage).

  To make use of the partial checksum coverage facilities requires setting a
  single socket option, which takes an integer specifying the coverage length:

    * Sender checksum coverage: UDPLITE_SEND_CSCOV

      For example,

        int val = 20;
        setsockopt(s, SOL_UDPLITE, UDPLITE_SEND_CSCOV, &val, sizeof(int));

      sets the checksum coverage length to 20 bytes (12b data + 8b header).
      Of each packet only the first 20 bytes (plus the pseudo-header) will be
      checksummed. This is useful for RTP applications which have a 12-byte
      base header.


    * Receiver checksum coverage: UDPLITE_RECV_CSCOV

      This option is the receiver-side analogue. It is truly optional, i.e. not
      required to enable traffic with partial checksum coverage. Its function is
      that of a traffic filter: when enabled, it instructs the kernel to drop
      all packets which have a coverage _less_ than this value. For example, if
      RTP and UDP headers are to be protected, a receiver can enforce that only
      packets with a minimum coverage of 20 are admitted:

        int min = 20;
        setsockopt(s, SOL_UDPLITE, UDPLITE_RECV_CSCOV, &min, sizeof(int));

  The calls to getsockopt(2) are analogous. Being an extension and not a stand-
  alone protocol, all socket options known from UDP can be used in exactly the
  same manner as before, e.g. UDP_CORK or UDP_ENCAP.

  A detailed discussion of UDP-Lite checksum coverage options is in section IV.


  III) HEADER FILES

  The socket API requires support through header files in /usr/include:

    * /usr/include/netinet/in.h
        to define IPPROTO_UDPLITE

    * /usr/include/netinet/udplite.h
        for UDP-Lite header fields and protocol constants

  For testing purposes, the following can serve as a `mini' header file:

    #define IPPROTO_UDPLITE       136
    #define SOL_UDPLITE           136
    #define UDPLITE_SEND_CSCOV     10
    #define UDPLITE_RECV_CSCOV     11

  Ready-made header files for various distros are in the UDP-Lite tarball.


  IV) KERNEL BEHAVIOUR WITH REGARD TO THE VARIOUS SOCKET OPTIONS

  To enable debugging messages, the log level need to be set to 8, as most
  messages use the KERN_DEBUG level (7).

  1) Sender Socket Options

  If the sender specifies a value of 0 as coverage length, the module
  assumes full coverage, transmits a packet with coverage length of 0
  and according checksum.  If the sender specifies a coverage < 8 and
  different from 0, the kernel assumes 8 as default value.  Finally,
  if the specified coverage length exceeds the packet length, the packet
  length is used instead as coverage length.

  2) Receiver Socket Options

  The receiver specifies the minimum value of the coverage length it
  is willing to accept.  A value of 0 here indicates that the receiver
  always wants the whole of the packet covered. In this case, all
  partially covered packets are dropped and an error is logged.

  It is not possible to specify illegal values (<0 and <8); in these
  cases the default of 8 is assumed.

  All packets arriving with a coverage value less than the specified
  threshold are discarded, these events are also logged.

  3) Disabling the Checksum Computation

  On both sender and receiver, checksumming will always be performed
  and cannot be disabled using SO_NO_CHECK. Thus

        setsockopt(sockfd, SOL_SOCKET, SO_NO_CHECK,  ... );

  will always will be ignored, while the value of

        getsockopt(sockfd, SOL_SOCKET, SO_NO_CHECK, &value, ...);

  is meaningless (as in TCP). Packets with a zero checksum field are
  illegal (cf. RFC 3828, sec. 3.1) and will be silently discarded.

  4) Fragmentation

  The checksum computation respects both buffersize and MTU. The size
  of UDP-Lite packets is determined by the size of the send buffer. The
  minimum size of the send buffer is 2048 (defined as SOCK_MIN_SNDBUF
  in include/net/sock.h), the default value is configurable as
  net.core.wmem_default or via setting the SO_SNDBUF socket(7)
  option. The maximum upper bound for the send buffer is determined
  by net.core.wmem_max.

  Given a payload size larger than the send buffer size, UDP-Lite will
  split the payload into several individual packets, filling up the
  send buffer size in each case.

  The precise value also depends on the interface MTU. The interface MTU,
  in turn, may trigger IP fragmentation. In this case, the generated
  UDP-Lite packet is split into several IP packets, of which only the
  first one contains the L4 header.

  The send buffer size has implications on the checksum coverage length.
  Consider the following example:

  Payload: 1536 bytes          Send Buffer:     1024 bytes
  MTU:     1500 bytes          Coverage Length:  856 bytes

  UDP-Lite will ship the 1536 bytes in two separate packets:

  Packet 1: 1024 payload + 8 byte header + 20 byte IP header = 1052 bytes
  Packet 2:  512 payload + 8 byte header + 20 byte IP header =  540 bytes

  The coverage packet covers the UDP-Lite header and 848 bytes of the
  payload in the first packet, the second packet is fully covered. Note
  that for the second packet, the coverage length exceeds the packet
  length. The kernel always re-adjusts the coverage length to the packet
  length in such cases.

  As an example of what happens when one UDP-Lite packet is split into
  several tiny fragments, consider the following example.

  Payload: 1024 bytes            Send buffer size: 1024 bytes
  MTU:      300 bytes            Coverage length:   575 bytes

  +-+-----------+--------------+--------------+--------------+
  |8|    272    |      280     |     280      |     280      |
  +-+-----------+--------------+--------------+--------------+
               280            560            840           1032
                                    ^
  *****checksum coverage*************

  The UDP-Lite module generates one 1032 byte packet (1024 + 8 byte
  header). According to the interface MTU, these are split into 4 IP
  packets (280 byte IP payload + 20 byte IP header). The kernel module
  sums the contents of the entire first two packets, plus 15 bytes of
  the last packet before releasing the fragments to the IP module.

  To see the analogous case for IPv6 fragmentation, consider a link
  MTU of 1280 bytes and a write buffer of 3356 bytes. If the checksum
  coverage is less than 1232 bytes (MTU minus IPv6/fragment header
  lengths), only the first fragment needs to be considered. When using
  larger checksum coverage lengths, each eligible fragment needs to be
  checksummed. Suppose we have a checksum coverage of 3062. The buffer
  of 3356 bytes will be split into the following fragments:

    Fragment 1: 1280 bytes carrying  1232 bytes of UDP-Lite data
    Fragment 2: 1280 bytes carrying  1232 bytes of UDP-Lite data
    Fragment 3:  948 bytes carrying   900 bytes of UDP-Lite data

  The first two fragments have to be checksummed in full, of the last
  fragment only 598 (= 3062 - 2*1232) bytes are checksummed.

  While it is important that such cases are dealt with correctly, they
  are (annoyingly) rare: UDP-Lite is designed for optimising multimedia
  performance over wireless (or generally noisy) links and thus smaller
  coverage lengths are likely to be expected.


  V) UDP-LITE RUNTIME STATISTICS AND THEIR MEANING

  Exceptional and error conditions are logged to syslog at the KERN_DEBUG
  level.  Live statistics about UDP-Lite are available in /proc/net/snmp
  and can (with newer versions of netstat) be viewed using

                            netstat -svu

  This displays UDP-Lite statistics variables, whose meaning is as follows.

   InDatagrams:     The total number of datagrams delivered to users.

   NoPorts:         Number of packets received to an unknown port.
                    These cases are counted separately (not as InErrors).

   InErrors:        Number of erroneous UDP-Lite packets. Errors include:
                      * internal socket queue receive errors
                      * packet too short (less than 8 bytes or stated
                        coverage length exceeds received length)
                      * xfrm4_policy_check() returned with error
                      * application has specified larger min. coverage
                        length than that of incoming packet
                      * checksum coverage violated
                      * bad checksum

   OutDatagrams:    Total number of sent datagrams.

   These statistics derive from the UDP MIB (RFC 2013).


  VI) IPTABLES

  There is packet match support for UDP-Lite as well as support for the LOG target.
  If you copy and paste the following line into /etc/protocols,

  udplite 136     UDP-Lite        # UDP-Lite [RFC 3828]

  then
              iptables -A INPUT -p udplite -j LOG

  will produce logging output to syslog. Dropping and rejecting packets also works.


  VII) MAINTAINER ADDRESS

  The UDP-Lite patch was developed at
                    University of Aberdeen
                    Electronics Research Group
                    Department of Engineering
                    Fraser Noble Building
                    Aberdeen AB24 3UE; UK
  The current maintainer is Gerrit Renker, <gerrit@erg.abdn.ac.uk>. Initial
  code was developed by William  Stanislaus, <william@erg.abdn.ac.uk>.
Commit	Line	Data
ba4e58ec GR	1	===========================================================================
	2	The UDP-Lite protocol (RFC 3828)
	3	===========================================================================
	4
	5
	6	UDP-Lite is a Standards-Track IETF transport protocol whose characteristic
	7	is a variable-length checksum. This has advantages for transport of multimedia
	8	(video, VoIP) over wireless networks, as partly damaged packets can still be
	9	fed into the codec instead of being discarded due to a failed checksum test.
	10
	11	This file briefly describes the existing kernel support and the socket API.
	12	For in-depth information, you can consult:
	13
	14	o The UDP-Lite Homepage: http://www.erg.abdn.ac.uk/users/gerrit/udp-lite/
01dd2fbf	15	From here you can also download some example application source code.
ba4e58ec GR	16
	17	o The UDP-Lite HOWTO on
	18	http://www.erg.abdn.ac.uk/users/gerrit/udp-lite/files/UDP-Lite-HOWTO.txt
	19
	20	o The Wireshark UDP-Lite WiKi (with capture files):
	21	http://wiki.wireshark.org/Lightweight_User_Datagram_Protocol
	22
	23	o The Protocol Spec, RFC 3828, http://www.ietf.org/rfc/rfc3828.txt
	24
	25
	26	I) APPLICATIONS
	27
	28	Several applications have been ported successfully to UDP-Lite. Ethereal
	29	(now called wireshark) has UDP-Litev4/v6 support by default. The tarball on
	30
	31	http://www.erg.abdn.ac.uk/users/gerrit/udp-lite/files/udplite_linux.tar.gz
	32
	33	has source code for several v4/v6 client-server and network testing examples.
	34
	35	Porting applications to UDP-Lite is straightforward: only socket level and
	36	IPPROTO need to be changed; senders additionally set the checksum coverage
	37	length (default = header length = 8). Details are in the next section.
	38
	39
	40	II) PROGRAMMING API
	41
	42	UDP-Lite provides a connectionless, unreliable datagram service and hence
	43	uses the same socket type as UDP. In fact, porting from UDP to UDP-Lite is
	44	very easy: simply add `IPPROTO_UDPLITE' as the last argument of the socket(2)
	45	call so that the statement looks like:
	46
	47	s = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDPLITE);
	48
	49	or, respectively,
	50
	51	s = socket(PF_INET6, SOCK_DGRAM, IPPROTO_UDPLITE);
	52
	53	With just the above change you are able to run UDP-Lite services or connect
	54	to UDP-Lite servers. The kernel will assume that you are not interested in
	55	using partial checksum coverage and so emulate UDP mode (full coverage).
	56
	57	To make use of the partial checksum coverage facilities requires setting a
	58	single socket option, which takes an integer specifying the coverage length:
	59
	60	* Sender checksum coverage: UDPLITE_SEND_CSCOV
	61
	62	For example,
	63
	64	int val = 20;
	65	setsockopt(s, SOL_UDPLITE, UDPLITE_SEND_CSCOV, &val, sizeof(int));
	66
	67	sets the checksum coverage length to 20 bytes (12b data + 8b header).
	68	Of each packet only the first 20 bytes (plus the pseudo-header) will be
	69	checksummed. This is useful for RTP applications which have a 12-byte
	70	base header.
	71
	72
	73	* Receiver checksum coverage: UDPLITE_RECV_CSCOV
	74
	75	This option is the receiver-side analogue. It is truly optional, i.e. not
	76	required to enable traffic with partial checksum coverage. Its function is
	77	that of a traffic filter: when enabled, it instructs the kernel to drop
	78	all packets which have a coverage _less_ than this value. For example, if
	79	RTP and UDP headers are to be protected, a receiver can enforce that only
80	packets with a minimum coverage of 20 are admitted:
81
82	int min = 20;
83	setsockopt(s, SOL_UDPLITE, UDPLITE_RECV_CSCOV, &min, sizeof(int));
84
85	The calls to getsockopt(2) are analogous. Being an extension and not a stand-
86	alone protocol, all socket options known from UDP can be used in exactly the
87	same manner as before, e.g. UDP_CORK or UDP_ENCAP.
88
89	A detailed discussion of UDP-Lite checksum coverage options is in section IV.
90
91
92	III) HEADER FILES
93
94	The socket API requires support through header files in /usr/include:
95
96	* /usr/include/netinet/in.h
97	to define IPPROTO_UDPLITE
98
99	* /usr/include/netinet/udplite.h
100	for UDP-Lite header fields and protocol constants
101
102	For testing purposes, the following can serve as a `mini' header file:
103
104	#define IPPROTO_UDPLITE 136
105	#define SOL_UDPLITE 136
106	#define UDPLITE_SEND_CSCOV 10
107	#define UDPLITE_RECV_CSCOV 11
108
109	Ready-made header files for various distros are in the UDP-Lite tarball.
110
111
112	IV) KERNEL BEHAVIOUR WITH REGARD TO THE VARIOUS SOCKET OPTIONS
113
114	To enable debugging messages, the log level need to be set to 8, as most
115	messages use the KERN_DEBUG level (7).
116
117	1) Sender Socket Options
118
119	If the sender specifies a value of 0 as coverage length, the module
120	assumes full coverage, transmits a packet with coverage length of 0
121	and according checksum. If the sender specifies a coverage < 8 and
122	different from 0, the kernel assumes 8 as default value. Finally,
123	if the specified coverage length exceeds the packet length, the packet
124	length is used instead as coverage length.
125
126	2) Receiver Socket Options
127
128	The receiver specifies the minimum value of the coverage length it
129	is willing to accept. A value of 0 here indicates that the receiver
130	always wants the whole of the packet covered. In this case, all
131	partially covered packets are dropped and an error is logged.
132
133	It is not possible to specify illegal values (<0 and <8); in these
134	cases the default of 8 is assumed.
135
136	All packets arriving with a coverage value less than the specified
137	threshold are discarded, these events are also logged.
138
139	3) Disabling the Checksum Computation
140
141	On both sender and receiver, checksumming will always be performed
a982ac06	142	and cannot be disabled using SO_NO_CHECK. Thus
ba4e58ec GR	143
	144	setsockopt(sockfd, SOL_SOCKET, SO_NO_CHECK, ... );
	145
	146	will always will be ignored, while the value of
	147
	148	getsockopt(sockfd, SOL_SOCKET, SO_NO_CHECK, &value, ...);
	149
	150	is meaningless (as in TCP). Packets with a zero checksum field are
47112e25	151	illegal (cf. RFC 3828, sec. 3.1) and will be silently discarded.
ba4e58ec GR	152
	153	4) Fragmentation
	154
	155	The checksum computation respects both buffersize and MTU. The size
	156	of UDP-Lite packets is determined by the size of the send buffer. The
	157	minimum size of the send buffer is 2048 (defined as SOCK_MIN_SNDBUF
	158	in include/net/sock.h), the default value is configurable as
	159	net.core.wmem_default or via setting the SO_SNDBUF socket(7)
	160	option. The maximum upper bound for the send buffer is determined
	161	by net.core.wmem_max.
	162
	163	Given a payload size larger than the send buffer size, UDP-Lite will
	164	split the payload into several individual packets, filling up the
	165	send buffer size in each case.
	166
	167	The precise value also depends on the interface MTU. The interface MTU,
	168	in turn, may trigger IP fragmentation. In this case, the generated
	169	UDP-Lite packet is split into several IP packets, of which only the
	170	first one contains the L4 header.
	171
	172	The send buffer size has implications on the checksum coverage length.
	173	Consider the following example:
	174
	175	Payload: 1536 bytes Send Buffer: 1024 bytes
	176	MTU: 1500 bytes Coverage Length: 856 bytes
	177
	178	UDP-Lite will ship the 1536 bytes in two separate packets:
	179
	180	Packet 1: 1024 payload + 8 byte header + 20 byte IP header = 1052 bytes
	181	Packet 2: 512 payload + 8 byte header + 20 byte IP header = 540 bytes
	182
	183	The coverage packet covers the UDP-Lite header and 848 bytes of the
	184	payload in the first packet, the second packet is fully covered. Note
	185	that for the second packet, the coverage length exceeds the packet
	186	length. The kernel always re-adjusts the coverage length to the packet
	187	length in such cases.
	188
	189	As an example of what happens when one UDP-Lite packet is split into
	190	several tiny fragments, consider the following example.
	191
	192	Payload: 1024 bytes Send buffer size: 1024 bytes
	193	MTU: 300 bytes Coverage length: 575 bytes
	194
	195	+-+-----------+--------------+--------------+--------------+
	196	\|8\| 272 \| 280 \| 280 \| 280 \|
	197	+-+-----------+--------------+--------------+--------------+
	198	280 560 840 1032
	199	^
	200	***checksum coverage***********
	201
	202	The UDP-Lite module generates one 1032 byte packet (1024 + 8 byte
	203	header). According to the interface MTU, these are split into 4 IP
	204	packets (280 byte IP payload + 20 byte IP header). The kernel module
	205	sums the contents of the entire first two packets, plus 15 bytes of
	206	the last packet before releasing the fragments to the IP module.
	207
	208	To see the analogous case for IPv6 fragmentation, consider a link
	209	MTU of 1280 bytes and a write buffer of 3356 bytes. If the checksum
	210	coverage is less than 1232 bytes (MTU minus IPv6/fragment header
	211	lengths), only the first fragment needs to be considered. When using
	212	larger checksum coverage lengths, each eligible fragment needs to be
	213	checksummed. Suppose we have a checksum coverage of 3062. The buffer
	214	of 3356 bytes will be split into the following fragments:
	215
216	Fragment 1: 1280 bytes carrying 1232 bytes of UDP-Lite data
217	Fragment 2: 1280 bytes carrying 1232 bytes of UDP-Lite data
218	Fragment 3: 948 bytes carrying 900 bytes of UDP-Lite data
219
220	The first two fragments have to be checksummed in full, of the last
221	fragment only 598 (= 3062 - 2*1232) bytes are checksummed.
222
223	While it is important that such cases are dealt with correctly, they
224	are (annoyingly) rare: UDP-Lite is designed for optimising multimedia
225	performance over wireless (or generally noisy) links and thus smaller
01dd2fbf	226	coverage lengths are likely to be expected.
ba4e58ec GR	227
	228
	229	V) UDP-LITE RUNTIME STATISTICS AND THEIR MEANING
	230
	231	Exceptional and error conditions are logged to syslog at the KERN_DEBUG
	232	level. Live statistics about UDP-Lite are available in /proc/net/snmp
	233	and can (with newer versions of netstat) be viewed using
	234
	235	netstat -svu
	236
	237	This displays UDP-Lite statistics variables, whose meaning is as follows.
	238
cb75994e	239	InDatagrams: The total number of datagrams delivered to users.
ba4e58ec GR	240
	241	NoPorts: Number of packets received to an unknown port.
	242	These cases are counted separately (not as InErrors).
	243
	244	InErrors: Number of erroneous UDP-Lite packets. Errors include:
	245	* internal socket queue receive errors
	246	* packet too short (less than 8 bytes or stated
	247	coverage length exceeds received length)
	248	* xfrm4_policy_check() returned with error
	249	* application has specified larger min. coverage
	250	length than that of incoming packet
	251	* checksum coverage violated
	252	* bad checksum
	253
	254	OutDatagrams: Total number of sent datagrams.
	255
	256	These statistics derive from the UDP MIB (RFC 2013).
	257
	258
	259	VI) IPTABLES
	260
	261	There is packet match support for UDP-Lite as well as support for the LOG target.
01dd2fbf	262	If you copy and paste the following line into /etc/protocols,
ba4e58ec GR	263
	264	udplite 136 UDP-Lite # UDP-Lite [RFC 3828]
	265
	266	then
	267	iptables -A INPUT -p udplite -j LOG
	268
	269	will produce logging output to syslog. Dropping and rejecting packets also works.
	270
	271
	272	VII) MAINTAINER ADDRESS
	273
	274	The UDP-Lite patch was developed at
	275	University of Aberdeen
	276	Electronics Research Group
	277	Department of Engineering
	278	Fraser Noble Building
	279	Aberdeen AB24 3UE; UK
	280	The current maintainer is Gerrit Renker, <gerrit@erg.abdn.ac.uk>. Initial
	281	code was developed by William Stanislaus, <william@erg.abdn.ac.uk>.