IETF Logo Mail Archive

Re: [Int-area] [multipathtcp] SOCKS 6 Draft

Dragoș Niculescu <dragos.niculescu@cs.pub.ro> Thu, 20 July 2017 07:22 UTC

Return-Path: <dragos.niculescu@cs.pub.ro>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 71E97126CD6; Thu, 20 Jul 2017 00:22:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.453
X-Spam-Level:
X-Spam-Status: No, score=-0.453 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_BRBL_LASTEXT=1.449, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3bfLKOaiB3B1; Thu, 20 Jul 2017 00:22:28 -0700 (PDT)
Received: from vesa.cs.pub.ro (vesa.cs.pub.ro [141.85.227.187]) by ietfa.amsl.com (Postfix) with ESMTP id 97476126557; Thu, 20 Jul 2017 00:22:27 -0700 (PDT)
IronPort-PHdr: 9a23:Oy5rghPo6oAwy3WbqoAl6mtUPXoX/o7sNwtQ0KIMzox0I/j7rarrMEGX3/hxlliBBdydsKMbzbKO+4nbGkU4qa6bt34DdJEeHzQksu4x2zIaPcieFEfgJ+TrZSFpVO5LVVti4m3peRMNQJW2aFLduGC94iAPERvjKwV1Ov71GonPhMiryuy+4ZPebgFKiTanfb9+MAi9oBnMuMURnYZsMLs6xAHTontPdeRWxGdoKkyWkh3h+Mq+/4Nt/jpJtf45+MFOTav1f6IjTbxFFzsmKHw65NfqtRbYUwSC4GYXX3gMnRpJBwjF6wz6Xov0vyDnuOdxxDWWMMvrRr0vRz+s87lkRwPpiCcfNj427mfXitBrjKlGpB6tvgFzz5LIbI2QMvd1Y6HTcs4ARWdZUMhfVzJPDIC+YIsBEuQOMvpXoYb6qVsStha+GRCsC//zxjJSmnP736s32PkhHwHc2wwgGsoDvnrOrNrvO6cSVuC3x7TQwzXCc/xWxDP955bTch89vPGHQLV9ftfLyUY1GAPFiU6QpZbjPzOUyusNrmyb4PR7Ve2zlm4qsB1+oiO1ysc0l4nGnZgZykrD9Shgxos+ONO2SEl+YdG+EZtQsTmXN4R3QsM+Q2FopT01xqcatp68eSgG0JUnyADDa/yJaYSI5QjjVOmXLDxlh3xlYKqyiwu9/ES90OHxVcm53ExUoiZbkNTArH4A2hrO4cadUPR95F2u2TOX2gDW7eFLPF47mLLAK54k3r4wjp0TsVnfHiPumEX5kquWdkI89+i27uToeLTmppuGO4BokQHyKLwumtGkDugiKAgOWHCX+eW61LL94U30WKhGg/IrnqXDs53XJd4XqrCnDwJXyIou5Q6zDzK839QZmXkHIkhFeBWCj4XxJl7OOur3Dfi4g1S3ijtrwfHGMaH8ApXJMHfDi6vufatm5kFA0wo/18hf549PBb0bOvLzXVf9tMbEAR8hLwy03+HnBc1+2IMYRWKDG7WWMLnMvlCS/e8vIveDZJMbuDrnLPgl/fHuh2cjmVABZampwYcXaHegE/RjPkWZZWbsgtYZEWgQogo+TPDqh0GaUTNIZna9Qb485j8hBIKhF4fDSZingKad0yejAp1WemdGB0iQEXfvaoWLR/cMZTmTIs96kzwIT6auRJI81ULmiAiv6b1qZtbT5yYY/cb/08V+58XSjhB0+DBpWZezyWaIGk1ul2wPpXcQ3atipUFmwUrLhaRiivNfDppV5vhUVgohPoP0xPc8E834HBjGKITaAG26S8mrVGliBuk6xMUDNgMkQ42v
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A2CHBgC/WXBZRwPjVY1cDg8BBQELARgBBQELAYQTgRSOfpBSIpgWLoUZAoRCAQEBAQEBAQECAQUBATNYgjMkAYJBAQMBASNWBQsCAQgaAg0ZAgJDFAIEijoMDLBugiaLIAEBCAIBIAWBC4IdhS42gm6EVBaDE4JhBZFiAY1bh0ufA5VcAlaBC1KHWEJzAYl5AQEB
X-IPAS-Result: A2CHBgC/WXBZRwPjVY1cDg8BBQELARgBBQELAYQTgRSOfpBSIpgWLoUZAoRCAQEBAQEBAQECAQUBATNYgjMkAYJBAQMBASNWBQsCAQgaAg0ZAgJDFAIEijoMDLBugiaLIAEBCAIBIAWBC4IdhS42gm6EVBaDE4JhBZFiAY1bh0ufA5VcAlaBC1KHWEJzAYl5AQEB
X-IronPort-AV: E=Sophos;i="5.40,382,1496091600"; d="scan'208";a="1190261"
Received: from mail.cs.pub.ro (HELO vmail.cs.pub.ro) ([141.85.227.3]) by vesa.cs.pub.ro with ESMTP; 20 Jul 2017 10:22:25 +0300
Received: from localhost (localhost [127.0.0.1]) by vmail.cs.pub.ro (Postfix) with ESMTP id 9E1421A6215B; Thu, 20 Jul 2017 10:22:25 +0300 (EEST)
Received: from vmail.cs.pub.ro ([127.0.0.1]) by localhost (vmail.cs.pub.ro [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id SdHSvMI0-Qmz; Thu, 20 Jul 2017 10:22:25 +0300 (EEST)
Received: from vmail.cs.pub.ro (localhost [127.0.0.1]) by vmail.cs.pub.ro (Postfix) with ESMTPS id 84AEB1A62153; Thu, 20 Jul 2017 10:22:25 +0300 (EEST)
Received: from vmail.cs.pub.ro (vmail.cs.pub.ro [141.85.227.3]) by vmail.cs.pub.ro (Postfix) with ESMTP id 817C71A6213C; Thu, 20 Jul 2017 10:22:25 +0300 (EEST)
Date: Thu, 20 Jul 2017 10:22:23 +0300
From: Dragoș Niculescu <dragos.niculescu@cs.pub.ro>
To: Joe Touch <touch@isi.edu>
Cc: Vladimir Olteanu <vladimir.olteanu@cs.pub.ro>, multipathtcp <multipathtcp@ietf.org>, int-area <Int-area@ietf.org>
Message-ID: <1332604938.42424.1500535343962.JavaMail.zimbra@cs.pub.ro>
In-Reply-To: <1cf7caa4-22a2-b61a-662f-8927197baf09@isi.edu>
References: <149871247634.6490.5928844232347189122.idtracker@ietfa.amsl.com> <c15031f3-95cf-d341-2ddb-0b3850a74d76@isi.edu> <53068639.4279258.1500018250846.JavaMail.zimbra@cs.pub.ro> <0f8dd648-d89f-50ee-716a-7547ee34885a@isi.edu> <f7121225-ce5f-4002-d3cf-202dcdd11f04@cs.pub.ro> <2ff22633-8f12-f4ef-868f-9c6c698ae32f@isi.edu> <5c61bf79-5a8f-65cf-e6b7-02a29db37073@cs.pub.ro> <1cf7caa4-22a2-b61a-662f-8927197baf09@isi.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Zimbra 8.6.0_GA_1194 (ZimbraWebClient - GC59 (Mac)/8.6.0_GA_1194)
Thread-Topic: SOCKS 6 Draft
Thread-Index: q00KtaTafiwDIx57FOk/wqLMVoGq8A==
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/3kvd9ggFKY7R0m4P1pYdsEr7e2A>
Subject: Re: [Int-area] [multipathtcp] SOCKS 6 Draft
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Jul 2017 07:22:30 -0000

> 
> I.e., if you're speaking of just an application proxy, then the doc
> needs to be very clear of that goal AND use only the required TCP "user"
> API -- which does not have any indication of an arriving SYN (it would
> only indicate when the connection was established, e.g., after the TWHS
> completes).
> 

SOCKSv6 is an application proxy, just as SOCKSv4 and SOCKSv5. 
This means you can use it with standard TCP API. But it also understands TFO, and if one client wishes lower RTT, he needs to use TFO API. I think this is pretty clear from the figures in the slides [1], and is the way we are currently implementing it [2].

 I think the discussion here is not different from discussions when TFO was adopted: everything works as before with standard API, but you need setsockopt and connect with data if you have idempotent data and want lower RTT.       



> If you're speaking of something that rewrites TCP segments directly,
> then you need to be clear that this is what you intend (and I cannot see
> how you can do that and be compliant with TCP).
> 

We are not talking about this in SOCKSv6. 


> 
> You can make some *assumptions* about what might happen, and even talk
> about ways to configure the outgoing TCP to encourage its putting data
> in the SYN (e.g., by writing before connecting). However, if we're
> talking about an application layer proxy, you cannot assume availability
> of the incoming SYN data unless you also assume TFO - and at best, it's
> an assumption (your application would never know).
> 

There are two points here. First, the application NEEDS TO know, because it needs to decide whether to use TFO API, or classic API(legacy apps will be classic API, of course). Second, for SOCKS (v4, v5, or v6), there is the request data which can be put in SYN, even if the user uses classic API, but this is a proxy implementation issue, and our current specification does not preclude or force this.  



> I.e., if you do everything right, you MIGHT end up looking "LIKE" you
> rewrote the TCP SYN as it "passes through", but speaking of that as the
> actual mechanism violates TCP.

It looks like that IF the client has idempotent data, and IF the client uses TFO API, and IF the proxy enables TFO as a client and as a server, and IF the actual server supports TFO. So, there are a lot of IFs to get that kind of performance, but as shown in slide 9 of the presentation [1], it does work with standard API, only twice as slow.  


-- 
Dragoș

[1] https://www.ietf.org/proceedings/99/slides/slides-99-intarea-socks6-00.pdf
[2] https://github.com/45G/shadowsocks-libev

v2.23.0 | Report a Bug | By Email