Re: TCP end-to-end Semantics - OPTIONS

From: Dr G Fairhurst ([email protected])
Date: Thu Jan 18 2001 - 08:01:15 EST

Next message: Andreas Pitsillides: "INFOCOM 2002 CALL FOR PAPERS"

Previous message: Megabert: "Re: RFC1323 Window scale behavior"
In reply to: Mingyan Liu: "Re: TCP end-to-end Semantics - OPTIONS"
Next in thread: Lloyd Wood: "Re: TCP end-to-end Semantics - OPTIONS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Mingyan Liu wrote:
>
> >
> > > TCP OPTION?
> > >
> > > If you can find out why you want to do it, and what benefit you get, why
> > > not consider a TCP option? I haven't heard of anyone (yet?) trying
> > > these spoofing ideas for UDP (???). If your target is TCP, and your spoofer
> > > **must** demultiplex individual flows and interpret TCP header semantics,
> > > why not negotiate "willingness to spoof" on TCP connection setup? Failure
> > > to see this option, could indicate unwillingness (including encryption? old
> > > protocol stack? lazy application?) - I wonder whether this has more
> > > potential?
> >
> > This is an interesting idea. Something like the following...
> >
> > The initiator adds a "PEP" option to the SYN. If there is no PEP in the path,
> > the receiver sends no option in the SYN ACK, letting the initiator know the
> > connection is end to end. If there is a PEP in the path, the PEP adds a "PEP"
> > option when it sends a SYN ACK to initiator and when it forwards or sends a
> > SYN to the receiver. (The receiver could even, in theory, tell the PEP to get
> > out of the way by not including the "PEP" option in its own SYN ACK response.)
> >
>
> I can see why it makes sense to do so, but this would mean the spoofer
> will need to check the TCP header of all passing (TCP) packets, even
> those belonging to a connection that did not choose to use the PEP?
> I guess this probably still beats using an IP "option", which gets the
> packet kicked out of the fast lane...?
>

Sure it does.

The TCP option allows fast path forwarding by all routers along path from
the source to the destination, except the PEP itself. The IP option,
means the spoofer has to look at all IP packets (slow path), THEN
look at any TCP packet which it MAY spoof. Furthermore each router
along the TCP PATH also looks at the IP OPTIONS.

The PEP can choose to do as much work as it likes. It can look at all
TCP packets - or it can implement a TCP flow cache, based on a list
of established connections. and there known use of PEP or not.

> -mingyan

-- 
------------------------------
http://www.erg.abdn.ac.uk/users/gorry

Next message: Andreas Pitsillides: "INFOCOM 2002 CALL FOR PAPERS"
Previous message: Megabert: "Re: RFC1323 Window scale behavior"
In reply to: Mingyan Liu: "Re: TCP end-to-end Semantics - OPTIONS"
Next in thread: Lloyd Wood: "Re: TCP end-to-end Semantics - OPTIONS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Thu Jan 18 2001 - 08:36:52 EST