Date: Wed, 2 Sep 2015 12:24:02 -0400 From: Patrick Kelsey <pkelsey@freebsd.org> To: Rui Paulo <rpaulo@me.com> Cc: "net@freebsd.org" <net@freebsd.org> Subject: Re: TCP Fast Open (RFC7413) for FreeBSD Message-ID: <1D272A8E-C411-4FE1-A8C7-6E6FBDE23DC8@freebsd.org> In-Reply-To: <1441210862.1183.14.camel@me.com> References: <CAD44qMVK82rB_MM_fsFt7LXV%2BuwCFj3%2B9BXXj=30teUQs0gzrg@mail.gmail.com> <1441169643.1183.12.camel@me.com> <AEE23E04-C0B7-40D3-B55C-502A41B0D5BE@freebsd.org> <1441210862.1183.14.camel@me.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Sep 2, 2015, at 12:21 PM, Rui Paulo <rpaulo@me.com> wrote: >=20 >> On Wed, 2015-09-02 at 01:30 -0400, Patrick Kelsey wrote: >>=20 >>=20 >>=20 >>>> On Sep 2, 2015, at 12:54 AM, Rui Paulo <rpaulo@me.com> wrote: >>>>=20 >>>> On Tue, 2015-09-01 at 21:19 -0400, Patrick Kelsey wrote: >>>> Hi, >>>>=20 >>>> About two weeks from now, I will be starting work on server-side=20 >>>> TCP=20 >>>> Fast >>>> Open (TFO) support for FreeBSD head and stable/10, with the=20 >>>> intention=20 >>>> of >>>> having patches up for review by November. This message is an=20 >>>> attempt=20 >>>> to >>>> uncover any existing work on TFO for FreeBSD, as the existence of=20 >>>> such work >>>> may change my plans. >>>>=20 >>>> Copying Sara Dickinson and Tom Jones due to this thread: >>>> https://lists.freebsd.org/pipermail/freebsd-net/2015 >>>> -January/040910.html. >>>=20 >>> Have you performed any measurements on the likelihood that stateful >>> packet inspectors (firewalls, NATs, etc.) will allow a SYN or a=20 >>> SYN/ACK >>> to pass with data in it? >>=20 >> I have not performed any such measurements. This issue is discussed=20 >> in section 7.1 of the RFC, which cites such studies and summarizes=20 >> the finding as being that 6% of the probed internet paths dropped SYN=20 >> packets with data or with unknown TCP options. >>=20 >>=20 >>>=20 >>> How would this interact with our syncache? Does it just need to=20 >>> store >>> the cookie? >>=20 >> The exact interaction with the syncache is still TBD, but I do not=20 >> expect to be storing TFO cookies in the syncache as the cookies are=20 >> per client-server IP pair and not per-connection. >=20 > OK. The only request I have is to be conservative and leave it > disabled for a while. The RFC is pretty much experimental for a good > reason and we don't want to repeat the T/TCP mistake. >=20 I agree completely. This feature will be guarded with an #ifdef, default di= sabled. -Patrick=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1D272A8E-C411-4FE1-A8C7-6E6FBDE23DC8>