Re: [multipathtcp] [Int-area] SOCKS 6 Draft

Dragoș Niculescu <dragos.niculescu@cs.pub.ro> Fri, 14 July 2017 07:44 UTC

Return-Path: <dragos.niculescu@cs.pub.ro>
X-Original-To: multipathtcp@ietfa.amsl.com
Delivered-To: multipathtcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6CFDF1317BE; Fri, 14 Jul 2017 00:44:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.453
X-Spam-Level:
X-Spam-Status: No, score=-0.453 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_BRBL_LASTEXT=1.449, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tLPSR1r8LR4r; Fri, 14 Jul 2017 00:44:16 -0700 (PDT)
Received: from vesa.cs.pub.ro (vesa.cs.pub.ro [141.85.227.187]) by ietfa.amsl.com (Postfix) with ESMTP id A66EA1317A9; Fri, 14 Jul 2017 00:44:15 -0700 (PDT)
IronPort-PHdr: 9a23:uIfTPx97bhlAOP9uRHKM819IXTAuvvDOBiVQ1KB+0+sWIJqq85mqBkHD//Il1AaPBtSEraocw8Pt8InYEVQa5piAtH1QOLdtbDQizfssogo7HcSeAlf6JvO5JwYzHcBFSUM3tyrjaRsdF8nxfUDdrWOv5jAOBBr/KRB1JuPoEYLOksi7ze6/9pnRbglSmDaxfa55IQmrownWqsQYm5ZpJLwryhvOrHtIeuBWyn1tKFmOgRvy5dq+8YB6/ShItP0v68BPUaPhf6QlVrNYFygpM3o05MLwqxbOSxaE62YGXWUXlhpIBBXF7A3/U5zsvCb2qvZx1S+HNsDtU7s6RSqt4LtqSB/wiScIKTg58H3MisdtiK5XuQ+tqwBjz4LRZoyeKfhwcb7Hfd4CS2RPXthfWS9DDYOycoUAAPYOM+lfoYnhvFYOsQK+ChWwCO711jNFhHn71rA63eQ7FgHG2RQtEdwUsHvOo9X1M6cQWv2twqnJ0TrDcvdW1inm6IfUbxAqvPaBUq9qccXLxkkvEBjFgk+WqYzkIzyVy+ANvHaA7+V8SOKikHIoqxprrji328cjkZPFhpgSyl3d8yhy3YU7JcWgRUJmbtOoDYFcuiKaOodsXM8uXWNltDw0x7AApJW1ZjIFyI49yB7ac/GHdo+I7Q/9W+uJOjd4gW5leKq4hxav7Uis0u38Wdew0FZNtidFjNzMuWoM1xzX8MSIVuB98l252TaSzA/f8PtEIUcsmaraLZ4u3KIwm4IOvUnMAyP6gkb7ga+Mekk65OSl6f7rb7v+qp+ZLYB0iwX+Mqo0msy4BOQ1KhUBX3KB9uSz073j5lf1QLNLjvIqj6nZtI7VJd8Hqa6kGAJazp0j5wynDze7y9sUh2MHLFVddBKdk4fpI03OIOz/Dfqnnlusiytkx/DHPr3nGJrML3nDnaz7crZl805czBQ8wcpD6JJTD7ELOOjzVVPptNzEEh85NBS5zeXhCNVhz48RQ3iPDbGDP67JsF+H+P4vI+eWaI8Sojb9JOAv5+Tygn8hhV8dYa6p0IMSaHClGvRmP0SZYWL2jdcdEWcKohYxTPTxhV2DTzFTe3iyU7g75jEhB4KsFZ3DSZy1gLydwCe7GYVbZnxBClCRDXjod56JW/YXaCKTOMNujCELVaW5QY87yR6urBP6y6ZgLufM/y0YspLj28Jw5+LNiB4+7yd7D8OA026RVW57g3kHRz4s3K1kpkx90E2M0a53g/NGD9Bc+/RJUgJpfaLbms59BpjOXR/Kfp/dVFG7SdWOACowCN893oldTVx6HoCOlBnM2MjiJb4eiriGH5cpuvbQxXH+IN07zXfNya0slFI7asBUc3W7jOhl8F6AVMbyj0yFmvPyJuwn1ynX+TLGlDLWsQ==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A2BcAwDrdGhZXQPjVY1dDg4BAQQBAQoBARcBAQQBAQoBAYUnjn6QZSKYFYV2AoRDAQEBAQEBAQECAQUZFwVYgjMkAYJAAQEBAQIBI0IUBQsCAQgYAgINGQICQxQCBBOKJwyuL4Imix4BAQgCJoELgh2FZIJuhFQWgxOCYQWRXQGNU6ZClVQCVoELUodYQnOIUAEBAQ
X-IPAS-Result: A2BcAwDrdGhZXQPjVY1dDg4BAQQBAQoBARcBAQQBAQoBAYUnjn6QZSKYFYV2AoRDAQEBAQEBAQECAQUZFwVYgjMkAYJAAQEBAQIBI0IUBQsCAQgYAgINGQICQxQCBBOKJwyuL4Imix4BAQgCJoELgh2FZIJuhFQWgxOCYQWRXQGNU6ZClVQCVoELUodYQnOIUAEBAQ
X-IronPort-AV: E=Sophos;i="5.40,357,1496091600"; d="scan'208";a="949657"
Received: from mail.cs.pub.ro (HELO vmail.cs.pub.ro) ([141.85.227.3]) by vesa.cs.pub.ro with ESMTP; 14 Jul 2017 10:44:11 +0300
Received: from localhost (localhost [127.0.0.1]) by vmail.cs.pub.ro (Postfix) with ESMTP id 09ED81A600EE; Fri, 14 Jul 2017 10:44:11 +0300 (EEST)
Received: from vmail.cs.pub.ro ([127.0.0.1]) by localhost (vmail.cs.pub.ro [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id 0kcSbKwqO1sY; Fri, 14 Jul 2017 10:44:10 +0300 (EEST)
Received: from vmail.cs.pub.ro (localhost [127.0.0.1]) by vmail.cs.pub.ro (Postfix) with ESMTPS id DEE901A60102; Fri, 14 Jul 2017 10:44:10 +0300 (EEST)
Received: from vmail.cs.pub.ro (vmail.cs.pub.ro [141.85.227.3]) by vmail.cs.pub.ro (Postfix) with ESMTP id DA32B1A600EE; Fri, 14 Jul 2017 10:44:10 +0300 (EEST)
Date: Fri, 14 Jul 2017 10:44:10 +0300
From: Dragoș Niculescu <dragos.niculescu@cs.pub.ro>
To: Joe Touch <touch@isi.edu>
Cc: Vladimir Olteanu <vladimir.olteanu@cs.pub.ro>, mohamed boucadair <mohamed.boucadair@orange.com>, David Schinazi <dschinazi@apple.com>, multipathtcp <multipathtcp@ietf.org>, int-area <Int-area@ietf.org>
Message-ID: <53068639.4279258.1500018250846.JavaMail.zimbra@cs.pub.ro>
In-Reply-To: <c15031f3-95cf-d341-2ddb-0b3850a74d76@isi.edu>
References: <149871247634.6490.5928844232347189122.idtracker@ietfa.amsl.com> <787AE7BB302AE849A7480A190F8B93300A000764@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <b33e4726-f255-75f7-5203-9e30faa36659@cs.pub.ro> <787AE7BB302AE849A7480A190F8B93300A000D16@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <a922a59f-2670-8d50-f3c5-99e1c29848ca@cs.pub.ro> <ec8cae81-dbeb-ed92-33ca-678bb2b5efeb@isi.edu> <1459306318.3890958.1499330475778.JavaMail.zimbra@cs.pub.ro> <c15031f3-95cf-d341-2ddb-0b3850a74d76@isi.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Zimbra 8.6.0_GA_1194 (ZimbraWebClient - GC59 (Mac)/8.6.0_GA_1194)
Thread-Topic: SOCKS 6 Draft
Thread-Index: xVWpqn13Eak9fCysYUNjHcpFZr8XQw==
Archived-At: <https://mailarchive.ietf.org/arch/msg/multipathtcp/Tblf0QENZP42xL71w-0hRhQGSQ8>
Subject: Re: [multipathtcp] [Int-area] SOCKS 6 Draft
X-BeenThere: multipathtcp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Multi-path extensions for TCP <multipathtcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/multipathtcp/>
List-Post: <mailto:multipathtcp@ietf.org>
List-Help: <mailto:multipathtcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Jul 2017 07:44:18 -0000

----- On Jul 13, 2017, at 8:07 PM, Joe Touch touch@isi.edu wrote:

> On 7/6/2017 1:41 AM, Dragoș Niculescu wrote:
>> ----- On Jul 5, 2017, at 7:59 PM, Joe Touch touch@isi.edu wrote:
>>
>>> On 7/5/2017 9:39 AM, Vladimir Olteanu wrote:
>>>
>>>
>>> It can also be stacked as many times as desired for arbitrarily long proxy
>>> chains. However:
>>> * We avoid using the SYN's payload as extra option space (which, I think, goes
>>> against TCP's core philosophy).
>>>
>>> [Med] This is also true for MP_CONVERT Information Element which is not a TCP
>>> option, but a data supplied for proxy purposes in the SYN payload.
>>> Fair enough, but this is not a purely layer 5+ protocol. It seems that you are
>>> strongly tied to TFO (between the client and the proxy). MP_CONVERT must be
>>> part of the SYN's payload, because the following SYN+ACK depends on the
>>> contents of MP_CONVERT and signals that the remote server has accepted your
>>> connection.
>>> The biggest impact of including non-data information in the SYN payload area is
>>> that it completely defeats graceful fallback for SYN receivers that don't
>>> support the option. As you note, it can be *more* safe when tied to out-of-band
>>> context (e.g., prior TFO support), but TCP has NO requirement that such context
>>> is absolutely maintained across different connections. You might be speaking to
>>> a different stack or demuxed off to a different virtual host behind a load
>>> balancer.
>>>
>>> Ultimately, putting any non-data info in the SYN payload violates the
>>> requirement that TCP options can be ignored by receivers that don't support
>>> them *without* impacting the ability of *that* connection attempt to succeed.
>>>
>>> Joe
>> SOCKSv6 proposal makes use of extra data in the SYN (SOCKS data, and user data),
>> but
>> its correctness and backward compatibility does not depend on TFO, only its RTT
>> performance.
>> In fact, when TFO is not available neither between client and proxy, nor between
>> proxy and
>> server the SOCKSv6 RTT is still lower than SOCKSv4 and SOCKSv5. But TFO is
>> likely to be the most
>> common case in the future - Linux kernel has TFO client side on by default since
>> 3.12
>> (November 2013)[1], and it seems to be the default in all Android phones and
>> default
>> Linux installs.
> What happens with a legacy receiver?
> 
> Joe
Legacy receiver will use plain TCP. Proxies (SOCKS and others) are routinely used to bridge new options to legacy receivers. In this case, TFO will work between client and proxy, but not between proxy and legacy server. 

-- 
Dragoș