tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Trimming TCP options



Hi, Mihai--

On Jan 4, 2011, at 1:48 AM, Mihai Chelaru wrote:
> It's not NetBSD case, where by default all 3 retransmits will use the same 
> options.
> 
> I modified this morning a little bit that code, and let initial syn and first 
> retransmit with full options, the second retransmit with MSS option only and 
> the last one with no options at all, and added some stats. Until now results 
> look good:
> 
>        1072 connection requests
>        1654 connection accepts
>        2196 connections established (including accepts)
>        2721 connections closed (including 47 drops)
>        145 embryonic connections dropped
>        400 SYN options degraded -> incremented at second syn re-xmit
>        2 connected with no options -> connection established after second syn 
> re-xmit
> 
> I'll keep an eye on the last counter in the following days.

Excellent.  While TCP stacks are required to implement NOP, EOL, and MSS, and 
should also be written to simply pass over options which they do not 
understand, some don't, and some folks use firewalls which drop various 
options, so falling back to M only is a good procedure.

>> Hmm, I find it more useful to describe TCP options by strings representing 
>> the options in the sequence they appear, which is the mechanism various OS 
>> fingerprinting tools like NMAP, p0f, etc use.
>> 
>> NetBSD: MNWSNNNT
> 
> It's even MNWSNNNNT (one more N).

OK.

>> MacOS X: MNWNNTS (10.3 or older uses MNWNNT, similar to FreeBSD 4.x)
> 
> MNWNNTSNN or MNWNNTSE0 ?

MNWNNTSE0:

09:54:14.219381 IP6 2620::1b00:2211:217:f2ff:fe08:ae62.55065 > 
www.netbsd.org.http: Flags [S], seq 2507270230, win 65535, options [mss 
1440,nop,wscale 2,nop,nop,TS val 425013903 ecr 0,sackOK,eol], length 0
        0x0000:  6000 0000 002c 0640 2620 0000 1b00 2211  `....,.@&.....".
        0x0010:  0217 f2ff fe08 ae62 2001 04f8 0003 0007  .......b........
        0x0020:  02e0 81ff fe52 9a6b d719 0050 9571 e856  .....R.k...P.q.V
        0x0030:  0000 0000 b002 ffff 4ea9 0000 0204 05a0  ........N.......
        0x0040:  0103 0302 0101 080a 1955 328f 0000 0000  .........U2.....
        0x0050:  0402 0000                                ....

Most implementations will emit trailing EOLs / zeros as needed to pad out to a 
32-bit boundary, rather than using trailing NOPS.

Regards,
-- 
-Chuck



Home | Main Index | Thread Index | Old Index