On Thu, 21 Oct 2004, Andre Oppermann wrote:
I want to bring this up for discussion prior to start working on it.
I intend to remove T/TCP (transactional TCP) support from our TCP implementation for the following reasons:
That sounds good.
o The client has to enable the option in the TCP SYN request to the server.
If the server accepts it, then it returns a unique cookie generated from
the IP address of the client and some random seed. On subsequent connections
the client will include the cookie in the TCP SYN request and it will
send the first chunk of payload in the SYN packet. If the cookie matches
I think that it would have to be slightly more complex than that for it to be secure. Instead of using syncookie/RFC1948-like generation, just randomly generate the cookie and store it in the tcp host cache. Then steal the concept of NQNFS leases, giving the cookie a limited lifetime, after which it must be reissued. I think you'll need to track two cookies on the server side, to gracefully handle the cookie transition period...
Well, I'm sure there are many ways to do it, but I agree that it's certainly doable; we have plenty of time to talk about the exact implementation. My reason for avoiding the use of syncookies/RFC1948 in the implementation is that relying on those pieces of code makes a FreeBSD
implementation easy, but would make an implementation in other OSes potentially difficult.
FUD Notice:
If you haven't read and/or unstood the link above or TCP/IP Illustrated Volume 3 then please refrain from participating in this discussion!
Hey, I just looked in section 24.7 in Vol. 1, and it says nothing but good things about T/TCP - you must be the one misunderstanding things here! :)
Mike "Silby" Silbersack _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
