[e2e] ISN regeneration when Stateless SYN cookies are used
Michael B Greenwald
mbgreen at dsl.cis.upenn.edu
Thu Oct 18 12:38:43 PDT 2001
Thu, 18 Oct 2001 23:25:06 +0530
"gangadharan annapurna" <nallu17 at hotmail.com>
However,
The problem is lets say U send a SYN which falls within the receive
window and the connection is RST. Now if we do implement a stateless SYN
cookie then what exactly must be done to avoid that RST, without
keeping any state.
If we can regenerate the same ISN again, then there is no problem.
OR if we make sure that the next ISN that is generated does not fall within
the receive window we are OK.
How do we solve even one of these issues ?
REMEMBER No State is to be stored. Becoz if we store a state, we can
regenerate the ISN.
Well, we've gone from a correctness problem to a performance problem.
(Perhaps that is a sufficient answer. :-)
I don't know how serious this performance problem is. While we cannot
"make sure" that the next ISN does not fall within the receive window, we
can increase the probability by sending a smaller window with the SYN
packet. Also, how quickly does f(t) increase? If it holds the same value
for a short time then delays would have to be relatively large before this
problem rears its head. So I'm wondering just how serious this problem is
in practice.
More information about the end2end-interest
mailing list