IETF Logo Mail Archive

Re: [multipathtcp] [Int-area] SOCKS 6 Draft

Vladimir Olteanu <vladimir.olteanu@cs.pub.ro> Fri, 07 July 2017 11:23 UTC

Return-Path: <vladimir.olteanu@cs.pub.ro>
X-Original-To: multipathtcp@ietfa.amsl.com
Delivered-To: multipathtcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F4171129B01; Fri, 7 Jul 2017 04:23:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.89
X-Spam-Level:
X-Spam-Status: No, score=-1.89 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vl5z6n3c9gPb; Fri, 7 Jul 2017 04:23:51 -0700 (PDT)
Received: from vesa.cs.pub.ro (vesa.cs.pub.ro [141.85.227.187]) by ietfa.amsl.com (Postfix) with ESMTP id A7DFD129AD2; Fri, 7 Jul 2017 04:23:50 -0700 (PDT)
IronPort-PHdr: 9a23:u1ZxdhHXJcs6iBNXtutEx51GYnF86YWxBRYc798ds5kLTJ76p8q9bnLW6fgltlLVR4KTs6sC0LuJ9fi4EUU7or+5+EgYd5JNUxJXwe43pCcHRPC/NEvgMfTxZDY7FskRHHVs/nW8LFQHUJ2mPw6arXK99yMdFQviPgRpOOv1BpTSj8Oq3Oyu5pHfeQtFiT6/bL9oMBm6sRjau9ULj4dlNqs/0AbCrGFSe+RRy2NoJFaTkAj568yt4pNt8Dletuw4+cJYXqr0Y6o3TbpDDDQ7KG81/9HktQPCTQSU+HQRVHgdnwdSDAjE6BH6WYrxsjf/u+Fg1iSWIdH6QLYpUjm58axlVAHnhzsGNz4h8WHYlMpwjL5AoBm8oxBz2pPYbJ2JOPZ7eK7WYNEUSndbXstJSiJPHI28YYsMAeQPM+lXoIvyqEcVoBSkGQWhHvnixiNGi3L226AxzuQvERvB3AwlB98Bv3DUo8/oO6cTVOC1zbPIxijaYfNSxTfy9pLHchY8ofqRWr9wb87RxlMyGAPEi1WQqJblMymS1uQJr2iU8fBvVeSyi2M8tw5xuSKjxt8xiobSnI4V0FfE+Dx/zY0oK9O4T0t7bsSlEJtWryyaNpV5Qt8sQ21yvyY60LIGtJimdyYJ0JQq3wPTZvOaf4SS4R/uVPydLSlmiH9nYr6yiQ6+/Eygx+HmVMS50UxGojdbntTPrHwByQDf5tWBR/Bg5EmuwyyP2BrW6uxcJEA0krfUJIA5z74rk5oTrVzDHijrmEXqlKOWdlsr+uyv6+n/fLXmo4WTN45wig3kLqsugdazAfwlMgcVRWSb4+O82KXi/U3/XrpKkuU7nrTWvZzHP8gWpa60DxVL3oo96RuzFTmr3MwdnXYdLVJFfByHj5LuO1HLOP34E/O/jE6xnzdqwvDGP6fhDo/KLnjHjLfuY6xy60hByAco0d9f/IhYCqkcIP3oQEPxrtvYAgcjMwOo2+bnFMl91oQGVG2SGa+WLKPSsV6O5u01IuiMZZQYtyzlK/g94/7hk2U1lkMafamsxZEXcmy3Hux6I0WFZnrhmtQPEWEWvgYnVuPqkkONXiRIanazQa08+j87BJihDYfZSYCnmKaB0zujHp1KemBGDUiBEXL1d4WAR/cMaTqSLdV9kjwESbiuV5ch2AqvtADk17pnIPDY+ioCtZLszNJ1/fHclQku9TxoCMSQy2SNT2Z0nmwSQj85wr1wrVZmxVeEzKh3n+ZXGsFJ6PNISAc3Lpncz/ZgBND0VQLOYM2FR0qhQtWjUnkNSYc0xN8HZktxXd+lkxvK0yOrGZcSjbWNC5Fy+aXZmzDdLth8xz7936kgiVA0Q4MbOXathq95/hrSL4fRi0GU0a2tcPJP8jTK8TK9yWOCvURZSkZXVbnIVHYCLh/Iqd3150bDVfmpDagqOw1c4cWZbLNXYJvzigMVF7/YJN3CbjfpyC+LDhGSy+bJNdKydg==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A2DAAQB0bl9ZjAPjVY1bGgEBAQECAQEBAQgBAQEBFQEBAQECAQEBAQgBAQEBgkSBTwOBEY58kFUimBQuhW4ChBsBAQEBAQEBAQIBEgEBASZXgjMkAYJBAQIBAi1MEAsYIAcHRhEGAQwGAgEBF4oYDLIfKYsLAQEBAQEBBAEBAQEBAQEBGwWDKINMgWErC4JuhEYOTIU+BYlbh3mFYYdngiOTc4VLg06GeoxkiFMCVoELMSGGJIF2cwGGXoI/AQEB
X-IPAS-Result: A2DAAQB0bl9ZjAPjVY1bGgEBAQECAQEBAQgBAQEBFQEBAQECAQEBAQgBAQEBgkSBTwOBEY58kFUimBQuhW4ChBsBAQEBAQEBAQIBEgEBASZXgjMkAYJBAQIBAi1MEAsYIAcHRhEGAQwGAgEBF4oYDLIfKYsLAQEBAQEBBAEBAQEBAQEBGwWDKINMgWErC4JuhEYOTIU+BYlbh3mFYYdngiOTc4VLg06GeoxkiFMCVoELMSGGJIF2cwGGXoI/AQEB
X-IronPort-AV: E=Sophos;i="5.40,322,1496091600"; d="scan'208,217";a="878338"
Received: from mail.cs.pub.ro (HELO vmail.cs.pub.ro) ([141.85.227.3]) by vesa.cs.pub.ro with ESMTP; 07 Jul 2017 14:23:45 +0300
Received: from localhost (localhost [127.0.0.1]) by vmail.cs.pub.ro (Postfix) with ESMTP id 105C91A600E5; Fri, 7 Jul 2017 14:23:46 +0300 (EEST)
Received: from vmail.cs.pub.ro ([127.0.0.1]) by localhost (vmail.cs.pub.ro [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id 85uvMC4ke7oq; Fri, 7 Jul 2017 14:23:45 +0300 (EEST)
Received: from vmail.cs.pub.ro (localhost [127.0.0.1]) by vmail.cs.pub.ro (Postfix) with ESMTPS id E46931A60142; Fri, 7 Jul 2017 14:23:45 +0300 (EEST)
Received: from [192.168.1.70] (unknown [95.76.128.201]) by vmail.cs.pub.ro (Postfix) with ESMTPSA id D3D621A600E5; Fri, 7 Jul 2017 14:23:45 +0300 (EEST)
To: mohamed.boucadair@orange.com, David Schinazi <dschinazi@apple.com>
Cc: "Int-area@ietf.org" <Int-area@ietf.org>, multipathtcp <multipathtcp@ietf.org>
References: <149871247634.6490.5928844232347189122.idtracker@ietfa.amsl.com> <c215bf9d-5313-3a4b-ac47-dd34cb22766f@cs.pub.ro> <F42011E7-0F81-44DF-9DFC-A211B615DD33@apple.com> <004b4557-a926-9128-d3cf-0b3f41bef56e@cs.pub.ro> <AE3FC07A-DE86-4765-9D1F-00640942B4E4@apple.com> <3f975b41-78b0-9f50-6c46-cc8e30007f34@cs.pub.ro> <787AE7BB302AE849A7480A190F8B93300A000764@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <b33e4726-f255-75f7-5203-9e30faa36659@cs.pub.ro> <787AE7BB302AE849A7480A190F8B93300A000D16@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <a922a59f-2670-8d50-f3c5-99e1c29848ca@cs.pub.ro> <787AE7BB302AE849A7480A190F8B93300A001A07@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <6ca9c64f-c9ca-f245-e28f-16073fa46c39@cs.pub.ro> <787AE7BB302AE849A7480A190F8B93300A002076@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
From: Vladimir Olteanu <vladimir.olteanu@cs.pub.ro>
Message-ID: <347e289c-6559-0b3e-f0af-302857fb2d45@cs.pub.ro>
Date: Fri, 07 Jul 2017 14:23:45 +0300
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <787AE7BB302AE849A7480A190F8B93300A002076@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
Content-Type: multipart/alternative; boundary="------------A624619EBE58FDE8F9FE2892"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/multipathtcp/vZ9EqH4ILnCZ9MpKXBZpKK2LMDE>
Subject: Re: [multipathtcp] [Int-area] SOCKS 6 Draft
X-BeenThere: multipathtcp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Multi-path extensions for TCP <multipathtcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/multipathtcp/>
List-Post: <mailto:multipathtcp@ietf.org>
List-Help: <mailto:multipathtcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Jul 2017 11:23:56 -0000

Hi Med,

As per usual, inline.

Cheers,
Vlad

On 7/7/2017 11:17 AM, mohamed.boucadair@orange.com wrote:
>
> Hi Vlad,
>
> Please see inline.
>
> Cheers,
>
> Med
>
> *De :*Vladimir Olteanu [mailto:vladimir.olteanu@cs.pub.ro]
> *Envoyé :* vendredi 7 juillet 2017 09:19
> *À :* BOUCADAIR Mohamed IMT/OLN; David Schinazi
> *Cc :* Int-area@ietf.org; multipathtcp
> *Objet :* Re: [Int-area] SOCKS 6 Draft
>
> Hi Mohamed,
>
> I'm replying specifically to the parts quoted below.
>
> SOCKS is used by explicit proxies; anything related to transparent 
> proxies is beyond its scope.
>
> [Med] The definition we had so far is that “explicit proxy” means that 
> the client is aware about the presence of the proxy and such packets 
> are sent explicitly to that proxy. An explicit proxy can therefore 
> behave either as transparent or non-transparent. I understand, that 
> the current design assumes non-transparent mode.
>
Yes, what I meant was "non-transparent".
>
>  It does not preclude the deployment of anything transparent. In other 
> words, I merely propose it as an alternative to MP_CONVERT.
>
> Discussing PCP, IPv6 source address preservation, UPnP etc. makes no 
> sense in this context.
>
> [Med] I disagree. The support of incoming connections is one of the 
> requirements of the MPTCP WG:"A session can be initiated from either end”.
>
> This is why I’m wondering how this typical flow can be achieved with 
> SOCKS.
>
> H<=====CPEß--------proxy<===RM
>
>          +----------+
>
My point was that if you want any transparent functionality, you have to 
use something other than SOCKS, but now I see what you mean.

Currently, SOCKS 6 has the same limited support for this scenario that 
v5 has. The client opens a connection to the server and asks it to 
listen for an incoming connection. When a remote host connects to the 
proxy, the server sends  a reply (v5)/operation reply (v6) to the client 
(via the connection that the client initiated) containing the remote 
host's address and starts relaying data back and forth.

I think adequately handling this use case would mean adding a reverse 
mode to SOCKS 6:
  * The client informs the proxy on which port it is listening. (It's 
the client's job to set up port forwarding etc.)
  * For each incoming connection, the proxy opens a connection to the 
client, sends an operation reply containing the remote host's IP and 
port, and then relays data.
>
>
> Cheers,
> Vlad
>
> On 7/6/2017 3:56 PM, mohamed.boucadair@orange.com 
> <mailto:mohamed.boucadair@orange.com>wrote:
>
>     *De :*Vladimir Olteanu [mailto:vladimir.olteanu@cs.pub.ro]
>     *Envoyé :* mercredi 5 juillet 2017 18:39
>     *À :* BOUCADAIR Mohamed IMT/OLN; David Schinazi
>     *Cc :* Int-area@ietf.org <mailto:Int-area@ietf.org>; multipathtcp
>     *Objet :* Re: [Int-area] SOCKS 6 Draft
>
>      <SNIP>
>
>     On 7/5/2017 9:00 AM, mohamed.boucadair@orange.com
>     <mailto:mohamed.boucadair@orange.com> wrote:
>
>         <SNIP>
>
>         *De :*Vladimir Olteanu [mailto:vladimir.olteanu@cs.pub.ro]
>         *Envoyé :* mercredi 5 juillet 2017 01:35
>         *À :* BOUCADAIR Mohamed IMT/OLN; David Schinazi
>         *Cc :* Int-area@ietf.org <mailto:Int-area@ietf.org>; multipathtcp
>         *Objet :* Re: [Int-area] SOCKS 6 Draft
>
>         <SNIP>
>
>     Can you please let me know if the proposal supports the following
>     features:
>
>     ·Support incoming connections (Proxy<---Remote Host): That is the
>     proxy intercept a TCP connection that it transforms into an MPTCP one.
>
>     Yes. See section 7.2. The client makes a request and then has to
>     keep the connection to the proxy open. When the proxy accepts a
>     connection from a remote host, it informs the client of the remote
>     host's address and starts relaying data. SOCKS 5 has the exact
>     same feature. You are limited to one incoming connection per
>     request, though.
>
>     [Med] In the plain mode, there is no such limitation because we
>     are leveraging on PCP (RFC6887).
>
>     ·If such feature is supported, how a host located behind a CPE
>     (Host----CPE-----Proxy----Remote Host) can instruct dynamically
>     the CPE so that it can forward appropriately incoming connections?
>
>     It does not have to. The connection on the host-proxy leg is
>     initiated by the client.
>
>     [Med] I’m not sure to understand your answer here. Let’s consider
>     that your host is using UPnP IGD to talk with the CPE to accept
>     incoming connections + those connections are eligible to the MPTCP
>     service. How the solution would work?
>
>
>     <SNIP>
>
>
>     ·IPv6 source address/prefix preservation
>
>     I'm not sure what you mean by that.
>
>     [Med] Please see slide 18 of
>     https://www.ietf.org/proceedings/98/slides/slides-98-mptcp-sessa-network-assisted-mptcp-03.pdf
>
>

v2.23.0 | Report a Bug | By Email