On 07/19/2017 09:26 PM, Joe Touch wrote:
On 7/14/2017 12:44 AM, Dragoș Niculescu wrote:
SOCKSv6 proposal makes use of extra data in the SYN (SOCKS data, and user data),
but
its correctness and backward compatibility does not depend on TFO, only its RTT
performance.
In fact, when TFO is not available neither between client and proxy, nor between
proxy and
server the SOCKSv6 RTT is still lower than SOCKSv4 and SOCKSv5. But TFO is
likely to be the most
common case in the future - Linux kernel has TFO client side on by default since
3.12
(November 2013)[1], and it seems to be the default in all Android phones and
default
Linux installs.
What happens with a legacy receiver?
Joe
Legacy receiver will use plain TCP.
No - a legacy receiver will interpret the SYN information as user
data, which there is no way to "undo".
You can't know that you're not talking to a legacy receiver until you
receive the SYN-ACK. Even if you cache TFO availability, you could be
wrong - the endpoint could reboot or be replaced with a new endpoint, etc.
Ultimately, the onus is on you to NEVER poison a TCP connection that
could be to a legacy receiver. That's a requirement in RFC793.
Joe
I think there's a misunderstanding here. SOCKSv6 runs strictly on top of
TCP. The "user data" to which we're referring is data meant to be
relayed by the proxy to the server. The SYN's payload (both SOCKS
request and said user data) is irrevocably part of the client-proxy data
stream and we do not change it retroactively after learning that the
proxy does not support TFO.
Vlad
_______________________________________________
Int-area mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/int-area
