An Update to the tcpControlBits IP Flow Information Export (IPFIX) Information Element

TCP defines a set of control bits (also known as "flags") for managing connections. The "Transmission Control Protocol (TCP) Header Flags" registry was initially set by , but it was populated with only TCP control bits that were defined in . fixed that by moving that registry to be listed as a subregistry under the "Transmission Control Protocol (TCP) Parameters" registry, adding bits that had previously been specified in , and removing the NS (Nonce Sum) bit as per . Also, introduces "Bit Offset" to ease referencing each header flag's offset within the 16-bit aligned view of the TCP header (Section 3.1 of ). is thus settled as the authoritative reference for the assigned TCP control bits. revised the tcpControlBits IP Flow Information Export (IPFIX) Information Element that was originally defined in to reflect changes to the TCP Flags header field since . However, that update is still problematic for interoperability because a value was deprecated since then (Section 7 of ) and, therefore, risks to deviate from the authoritative registry . This document fixes that problem by removing stale information from the IPFIX registry and avoiding future conflicts with the authoritative TCP registry. Also, because the setting of control bits may be misused in some flows (e.g., DDoS attacks), an exporter has to report all observed control bits even if no meaning is currently associated with a given flag. This document uses a stronger requirement language compared to . See for more details.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here. This document uses the terms defined in Section 2 of .

This document updates Section 3 of as follows: The values of each bit are shown below, per the definition of the bits in the TCP header [RFC3540]:

As the most significant 4 bits of octets 12 and 13 (counting from zero) of the TCP header are used to encode the TCP data offset (header length), the corresponding bits in this Information Element MUST be exported as zero and MUST be ignored by the collector. Use the tcpHeaderLength Information Element to encode this value.Each of the 3 bits (0x800, 0x400, and 0x200), which are reserved for future use in , SHOULD be exported as observed in the TCP headers of the packets of this Flow. As per , the assignment of the TCP control bits is managed by IANA from the "TCP Header Flags" registry . That registry is authoritative to retrieve the most recent TCP control bits.As the most significant 4 bits of octets 12 and 13 (counting from zero) of the TCP header are used to encode the TCP data offset (header length), the corresponding bits in this Information Element MUST be exported as zero and MUST be ignored by the collector. Use the tcpHeaderLength Information Element to encode this value.TCP control bits (including unassigned) MUST be exported as observed in the TCP headers of the packets of this Flow.

IANA is requested to update the "tcpControlBits" entry of the as follows: Update the description of to reflect the change in . Add to the Additional Information field. Add this document to the references

This document does not add new security considerations to those already discussed in Section 5 of .

This document was triggered by a discussion in opswag with the authors of draft-ietf-opsawg-ipfix-srv6-srh.