----- On Jul 5, 2017, at 7:59 PM, Joe Touch [email protected] wrote: > On 7/5/2017 9:39 AM, Vladimir Olteanu wrote: > > > It can also be stacked as many times as desired for arbitrarily long proxy > chains. However: > * We avoid using the SYN's payload as extra option space (which, I think, goes > against TCP's core philosophy). > > [Med] This is also true for MP_CONVERT Information Element which is not a TCP > option, but a data supplied for proxy purposes in the SYN payload. > Fair enough, but this is not a purely layer 5+ protocol. It seems that you are > strongly tied to TFO (between the client and the proxy). MP_CONVERT must be > part of the SYN's payload, because the following SYN+ACK depends on the > contents of MP_CONVERT and signals that the remote server has accepted your > connection. > The biggest impact of including non-data information in the SYN payload area > is > that it completely defeats graceful fallback for SYN receivers that don't > support the option. As you note, it can be *more* safe when tied to > out-of-band > context (e.g., prior TFO support), but TCP has NO requirement that such > context > is absolutely maintained across different connections. You might be speaking > to > a different stack or demuxed off to a different virtual host behind a load > balancer. > > Ultimately, putting any non-data info in the SYN payload violates the > requirement that TCP options can be ignored by receivers that don't support > them *without* impacting the ability of *that* connection attempt to succeed. > > Joe
SOCKSv6 proposal makes use of extra data in the SYN (SOCKS data, and user data), but its correctness and backward compatibility does not depend on TFO, only its RTT performance. In fact, when TFO is not available neither between client and proxy, nor between proxy and server the SOCKSv6 RTT is still lower than SOCKSv4 and SOCKSv5. But TFO is likely to be the most common case in the future - Linux kernel has TFO client side on by default since 3.12 (November 2013)[1], and it seems to be the default in all Android phones and default Linux installs. -- Dragoș [1] https://github.com/torvalds/linux/commit/0d41cca490c274352211efac50e9598d39a9dc80 _______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
