IETF Logo Mail Archive

Re: [multipathtcp] [Int-area] SOCKS 6 Draft

Dragoș Niculescu <dragos.niculescu@cs.pub.ro> Thu, 06 July 2017 08:41 UTC

Return-Path: <dragos.niculescu@cs.pub.ro>
X-Original-To: multipathtcp@ietfa.amsl.com
Delivered-To: multipathtcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C3BE5129A9C; Thu, 6 Jul 2017 01:41:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hFTP8_Szhnc8; Thu, 6 Jul 2017 01:41:18 -0700 (PDT)
Received: from vesa.cs.pub.ro (vesa.cs.pub.ro [141.85.227.187]) by ietfa.amsl.com (Postfix) with ESMTP id CEE761270A3; Thu, 6 Jul 2017 01:41:17 -0700 (PDT)
IronPort-PHdr: 9a23:TrT2aRTpXkKw6GY0YXVjnARNbdpsv+yvbD5Q0YIujvd0So/mwa67ZBCPt8tkgFKBZ4jH8fUM07OQ6PG/HzRYqb+681k6OKRWUBEEjchE1ycBO+WiTXPBEfjxciYhF95DXlI2t1uyMExSBdqsLwaK+i764jEdAAjwOhRoLerpBIHSk9631+ev8JHPfglEnjSwbLdwIRmssQndqtQdjJd/JKo21hbHuGZDdf5MxWNvK1KTnhL86dm18ZV+7SleuO8v+tBZX6nicKs2UbJXDDI9M2Ao/8LrrgXMTRGO5nQHTGoblAdDDhXf4xH7WpfxtTb6tvZ41SKHM8D6Uaw4VDK/5KpwVhTmlDkIOCI48GHPi8x/kqRboA66pxdix4LYeZyZOOZicq/Ye94RWGhPUdtLVyFZDI2yb5UBAekDMuZWsofyqEcBoxS5CwmwH+7v1iZIiWPq0aAgz+gsEwfL1xEgEdIUt3TUqc34OqkIUe+vw6nIyjXBZO5O1zf89IfIbxQhru+XXb1sbMra1E4iGB7fjlqKpozlOCiV2v4Ls2ia8+VgSOavhHA8qw5tvzii3dsjipLTioIN11DL7j91wJwyJdChTkNwfNCqEJxVty6ANot2RNsvQ25puCYmyr0GpIW0cDIWx5Qgwh7SbeGMfYuQ4h/7SeqcLip0iGhmdb+/nRq+71asx+/mWsS61ltBszBLncPWtn8X0hze8s2HSvxg8Ui/wTuPzAXT6v1cIUAziKrbN4Ytwr4umZoXtkTOBjH2mEDsg6+XckUo4PSn6//9brX+u5+TLJV4ihv5Mqg2m8y/B/o3MhQWUmSG9umwyafv8E75TblQkPE6jKvUvIrUKMgDo662GQ5V0oIt6xalCDem1cwVkmQdLF1fdxKHiJPpN0vIIPD5Efi/nlCsnylwx//aI73sGYnCLmPZnLf5YLZy8FRQyBA0zdxH/ZJbFqkBIO7vWk/2rNHXEwQ5PBC0w+bmDtVyzIIfWWOUD6CDKKPSqVuI6fw1L+aQY48VvS73K+I56P72kX85hVgdcLGq05sRdHC0B+5pI1+HbnX2mdoBEHkFvhYwTODwj12CSzFTbW6oX60g/jE7FJ6mDYDbS4ConbyB2Du7HpxOZm9cFlCMEWvoeJmcW/oXaSKdPNNhkjIeWbimUY8h2gmktBXmxLp/MurU5ioYuIr/1Nhy+u3ciREy+Cd1D8SG0mGBVX97kX4VRzUuxqBwvVR9ykuf0ah/m/FYENtT5/NTXQc/K5HT0vZ2BMv1WgLcYtiGUkupTc+nATErVd8xxMUObFx7G9WtkB/PxTalA7gQl+/DOJth0KXRl0T2Os19gyLa07Qqj3EnWcoJOGG70P1R7Q/WUqLTmkqede6MdK8B2CPW/3rLmWaUtU5fS0h2UK7YWX0EbVb+ps+//l7ICaWpX+d0ejBdwNKPf/MZIubiik9LEbK6YIzT
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A2BIAgAP911ZjAPjVY1dDg4BAQQBAQoBARcBAQQBAQoBAYQRgRCOfJBUIpgULoVuAoN4AQEBAQEBAQECARIBAQEmV4IzJAGCQAEBAQECASNCFAULAgEIGAICDRkCAlcCBBOKJwwMsHeCJotFAQEBBwEBAQEfBYELghyFY4JuhFQWgxOCYQWRTgGNQIdHnl2VNgJWgQtShiSBNEJzBYhtAQEB
X-IPAS-Result: A2BIAgAP911ZjAPjVY1dDg4BAQQBAQoBARcBAQQBAQoBAYQRgRCOfJBUIpgULoVuAoN4AQEBAQEBAQECARIBAQEmV4IzJAGCQAEBAQECASNCFAULAgEIGAICDRkCAlcCBBOKJwwMsHeCJotFAQEBBwEBAQEfBYELghyFY4JuhFQWgxOCYQWRTgGNQIdHnl2VNgJWgQtShiSBNEJzBYhtAQEB
X-IronPort-AV: E=Sophos;i="5.40,316,1496091600"; d="scan'208";a="875802"
Received: from mail.cs.pub.ro (HELO vmail.cs.pub.ro) ([141.85.227.3]) by vesa.cs.pub.ro with ESMTP; 06 Jul 2017 11:41:16 +0300
Received: from localhost (localhost [127.0.0.1]) by vmail.cs.pub.ro (Postfix) with ESMTP id EF2A71A60060; Thu, 6 Jul 2017 11:41:15 +0300 (EEST)
Received: from vmail.cs.pub.ro ([127.0.0.1]) by localhost (vmail.cs.pub.ro [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id Uzkrj54EBwVe; Thu, 6 Jul 2017 11:41:15 +0300 (EEST)
Received: from vmail.cs.pub.ro (localhost [127.0.0.1]) by vmail.cs.pub.ro (Postfix) with ESMTPS id CE1BA1A60101; Thu, 6 Jul 2017 11:41:15 +0300 (EEST)
Received: from vmail.cs.pub.ro (vmail.cs.pub.ro [141.85.227.3]) by vmail.cs.pub.ro (Postfix) with ESMTP id C891C1A60060; Thu, 6 Jul 2017 11:41:15 +0300 (EEST)
Date: Thu, 06 Jul 2017 11:41:15 +0300
From: Dragoș Niculescu <dragos.niculescu@cs.pub.ro>
To: Joe Touch <touch@isi.edu>
Cc: Vladimir Olteanu <vladimir.olteanu@cs.pub.ro>, mohamed boucadair <mohamed.boucadair@orange.com>, David Schinazi <dschinazi@apple.com>, multipathtcp <multipathtcp@ietf.org>, int-area <Int-area@ietf.org>
Message-ID: <1459306318.3890958.1499330475778.JavaMail.zimbra@cs.pub.ro>
In-Reply-To: <ec8cae81-dbeb-ed92-33ca-678bb2b5efeb@isi.edu>
References: <149871247634.6490.5928844232347189122.idtracker@ietfa.amsl.com> <AE3FC07A-DE86-4765-9D1F-00640942B4E4@apple.com> <3f975b41-78b0-9f50-6c46-cc8e30007f34@cs.pub.ro> <787AE7BB302AE849A7480A190F8B93300A000764@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <b33e4726-f255-75f7-5203-9e30faa36659@cs.pub.ro> <787AE7BB302AE849A7480A190F8B93300A000D16@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <a922a59f-2670-8d50-f3c5-99e1c29848ca@cs.pub.ro> <ec8cae81-dbeb-ed92-33ca-678bb2b5efeb@isi.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Zimbra 8.6.0_GA_1194 (ZimbraWebClient - GC55 (Linux)/8.6.0_GA_1194)
Thread-Topic: SOCKS 6 Draft
Thread-Index: eMpyD6EcluPlwF6M4Jex+y3159prqA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/multipathtcp/qfpgHSrm-il7l8XdSVpzZf6Yy4c>
Subject: Re: [multipathtcp] [Int-area] SOCKS 6 Draft
X-BeenThere: multipathtcp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Multi-path extensions for TCP <multipathtcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/multipathtcp/>
List-Post: <mailto:multipathtcp@ietf.org>
List-Help: <mailto:multipathtcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Jul 2017 08:41:22 -0000

----- On Jul 5, 2017, at 7:59 PM, Joe Touch touch@isi.edu wrote:

> On 7/5/2017 9:39 AM, Vladimir Olteanu wrote:
> 
> 
> It can also be stacked as many times as desired for arbitrarily long proxy
> chains. However:
> * We avoid using the SYN's payload as extra option space (which, I think, goes
> against TCP's core philosophy).
> 
> [Med] This is also true for MP_CONVERT Information Element which is not a TCP
> option, but a data supplied for proxy purposes in the SYN payload.
> Fair enough, but this is not a purely layer 5+ protocol. It seems that you are
> strongly tied to TFO (between the client and the proxy). MP_CONVERT must be
> part of the SYN's payload, because the following SYN+ACK depends on the
> contents of MP_CONVERT and signals that the remote server has accepted your
> connection.
> The biggest impact of including non-data information in the SYN payload area is
> that it completely defeats graceful fallback for SYN receivers that don't
> support the option. As you note, it can be *more* safe when tied to out-of-band
> context (e.g., prior TFO support), but TCP has NO requirement that such context
> is absolutely maintained across different connections. You might be speaking to
> a different stack or demuxed off to a different virtual host behind a load
> balancer.
> 
> Ultimately, putting any non-data info in the SYN payload violates the
> requirement that TCP options can be ignored by receivers that don't support
> them *without* impacting the ability of *that* connection attempt to succeed.
> 
> Joe

SOCKSv6 proposal makes use of extra data in the SYN (SOCKS data, and user data), but 
its correctness and backward compatibility does not depend on TFO, only its RTT performance. 
In fact, when TFO is not available neither between client and proxy, nor between proxy and 
server the SOCKSv6 RTT is still lower than SOCKSv4 and SOCKSv5. But TFO is likely to be the most 
common case in the future - Linux kernel has TFO client side on by default since 3.12 
(November 2013)[1], and it seems to be the default in all Android phones and default 
Linux installs.  


-- 
Dragoș

[1] https://github.com/torvalds/linux/commit/0d41cca490c274352211efac50e9598d39a9dc80

v2.23.0 | Report a Bug | By Email