Jeffrey Hutzelman wrote:
On Friday, March 24, 2006 08:23:20 AM -0500 "Steven M. Bellovin"
<smb(_at_)cs(_dot_)columbia(_dot_)edu> wrote:
On Thu, 23 Mar 2006 20:56:51 -0800, Joe Touch <touch(_at_)isi(_dot_)edu>
wrote:
Since it seems like this might be useful, I'll pull a draft together on
how to do this without 1078's extra connection, more like the
late-binding we do in datarouter, very shortly...
1078 doesn't use an extra connection; it hands off the open connection
to the protocol handler.
Your suggestion of using a TCP option instead is friendlier to
firewalls, though.
And it uses fewer round trips. I like this idea.
does require a mod to TCP to allow the dest port to be unbound (e.g.,
'0') if the option is present, and enable the return SYN-ACK to update
the TCB on arrival.
This part, though, seems like it could be perilous. Why not start with
a non-zero port and hand off the connection, a la tcpmux?
TCPMUX doesn't 'handoff'. It expects that either the connection is
closed and another is opened, or that the service desired is served off
of its port once opened after the initial exchange (in-band).
The latter is a possibility here. The downside is that it then forces a
two-step demultiplexing of incoming packets; there may be utility in a
variant that allows the dest port to be unbound and later filled-in, or
changed during the connection, so that services can be more efficiently
demultiplexed.
Joe
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf