[e2e] Call for contribution to middlebox survey
Joe Touch
touch at isi.edu
Tue Oct 5 11:25:03 PDT 2010
Hi, all,
The following is forwarded from the multipathtcp mailing list.
Joe (list admin)
------
From: Michio Honda <micchie at sfc.wide.ad.jp>
Date: October 3, 2010 2:30:57 GMT+03:00
To: Multipath TCP Mailing List <multipathtcp at ietf.org>, "tcpm at ietf.org"
<tcpm at ietf.org>
Cc: Mark Handley <m.handley at cs.ucl.ac.uk>
Subject: [multipathtcp] Call for contribution to middlebox survey
Hi,
We are surveying middleboxes affecting TCP in the Internet, and we'd
like you to contribute to this work by running 1 python script at your
available networks, because we want data of as many paths as possible.
This script generates test TCP traffic to a server node, and detects
various middlebox behavior, for example, it detects how unknown TCP
options are treated and if sequence number is rewritten.
- Overview of script
This generates test TCP traffic by using raw socket or pcap.
Destinations of the test traffic are port 80, 443 and 34343 on
vinson3.sfc.wide.ad.jp, which is located in Japan.
The total amount of test traffic is approximately 90 connections (not
parallel), and each of them uses approximately maximum 2048Byte.
- System requirement
Our script works on Mac OSX 10.5 or 10.6, Linux (kernel 2.6) and FreeBSD
(7.0 or higher). This also requires python 2.5 or higher, and libpcap
NOTE. if you try in a virtual machine on Windows, please connect the
guest OS via not NAT but bridge.
How to run experiment is described below per-OS basis.
After the experiment, you will find 3 log files (logxxxxxxxxx.txt) in
the same directory as the experiment.
Please send them to us (micchie at sfc.wide.ad.jp) and tell me your network
information as much as you know (e.g., product name of the broadband
router, ISP name, product name of firewall appliance etc...)
In addition, let us know if you have hesitation to open these information.
This experiment doesn't collect traffic information other than those our
script generated.
***** How to run the experiment (Mac OSX) *****
1. Filtering RST TCP segment from OS
Execute a following command by root:
ipfw add 101 deny tcp from any to vinson3.sfc.wide.ad.jp dst-port
34343,80,443 tcpflags rst
NOTE: if you are already running ipfw, please add equivalent rules
After the experiment, you can revert by "ipfw delete 101"
2. Executing script
Download script from
http://www.micchie.net/software/tcpexposure/for_distrib.tar.gz, and
decompress it to anywhere you like (e.g., tar xzf for_distrib.tar.gz by
command line)
In the for_distrib directory, execute a following command by root:
sh run-bsd2.sh
(This will take approximately 30 min.)
***** How to run the experiment (Linux) *****
1. Filtering RST TCP segment from OS
Execute following command by root:
/sbin/iptables -A OUTPUT -p tcp -d vinson3.sfc.wide.ad.jp --tcp-flags
RST RST -m multiport --dports 34343,80,443 -j DROP
NOTE: if you are already running iptables, please add equivalent rules
After the experiment, you can revert by opposite commands - using -D
instead of -A
2. Executing script
Download script from
http://www.micchie.net/software/tcpexposure/for_distrib.tar.gz, and
decompress it to anywhere you like (e.g., tar xzf for_distrib.tar.gz)
In the for_distrib directory, execute a following command by root:
sh run-linux2.sh
(This will take approximately 30 min.)
***** How to run the script (FreeBSD) *****
1. Filtering RST TCP segment from OS
If you are using neither ipfw nor pf:
Load pf kernel module with a following command by root:
kldload /boot/kernel/pf.ko
Add following 2 lines to /etc/pf.conf (please replace IFNAME to your
outgoing interface name (e.g., em0):
pass out all
block out quick on IFNAME proto tcp to vinson3.sfc.wide.ad.jp port
{34343,80,443} flags R/R
Execute following command by root:
pfctl -e -f /etc/pf.conf
If you are already running pf, please add equivalent rules
After the experiment, you can revert settings by cleaning up
/etc/pf.conf and executing "pfctl -d" by root
If you are already using ipfw:
Please add a following rule to ipfw configuration:
deny tcp from any to vinson3.sfc.wide.ad.jp dst-port 34343,80,443
tcpflags rst
2. Executing script
Download script from
http://www.micchie.net/software/tcpexposure/for_distrib.tar.gz, and
decompress it to anywhere you like (e.g., tar xzf for_distrib.tar.gz)
In the for_distrib directory, execute a following command by root:
sh run-bsd2.sh
(This will take approximately 30 min.)
Best regards,
- Michio
More information about the end2end-interest
mailing list