[e2e] Call for contribution to middlebox survey

Joe Touch touch at isi.edu
Tue Oct 5 11:25:03 PDT 2010


Hi, all,

The following is forwarded from the multipathtcp mailing list.

Joe (list admin)

------

From: Michio Honda <micchie at sfc.wide.ad.jp>
Date: October 3, 2010 2:30:57 GMT+03:00
To: Multipath TCP Mailing List <multipathtcp at ietf.org>, "tcpm at ietf.org" 
<tcpm at ietf.org>
Cc: Mark Handley <m.handley at cs.ucl.ac.uk>
Subject: [multipathtcp] Call for contribution to middlebox survey

Hi,

We are surveying middleboxes affecting TCP in the Internet, and we'd 
like you to contribute to this work by running 1 python script at your 
available networks, because we want data of as many paths as possible.
This script generates test TCP traffic to a server node, and detects 
various middlebox behavior, for example, it detects how unknown TCP 
options are treated and if sequence number is rewritten.

- Overview of script
This generates test TCP traffic by using raw socket or pcap.
Destinations of the test traffic are port 80, 443 and 34343 on 
vinson3.sfc.wide.ad.jp, which is located in Japan.
The total amount of test traffic is approximately 90 connections (not 
parallel), and each of them uses approximately maximum 2048Byte.

- System requirement
Our script works on Mac OSX 10.5 or 10.6, Linux (kernel 2.6) and FreeBSD 
(7.0 or higher).  This also requires python 2.5 or higher, and libpcap
NOTE. if you try in a virtual machine on Windows, please connect the 
guest OS via not NAT but bridge.

How to run experiment is described below per-OS basis.

After the experiment, you will find 3 log files (logxxxxxxxxx.txt) in 
the same directory as the experiment.
Please send them to us (micchie at sfc.wide.ad.jp) and tell me your network 
information as much as you know (e.g., product name of the broadband 
router, ISP name, product name of firewall appliance etc...)
In addition, let us know if you have hesitation to open these information.
This experiment doesn't collect traffic information other than those our 
script generated.

***** How to run the experiment (Mac OSX) *****

1. Filtering RST TCP segment from OS
Execute a following command by root:
ipfw add 101 deny tcp from any to vinson3.sfc.wide.ad.jp dst-port 
34343,80,443 tcpflags rst

NOTE: if you are already running ipfw, please add equivalent rules
After the experiment, you can revert by "ipfw delete 101"

2. Executing script
Download script from 
http://www.micchie.net/software/tcpexposure/for_distrib.tar.gz, and 
decompress it to anywhere you like (e.g., tar xzf for_distrib.tar.gz by 
command line)

In the for_distrib directory, execute a following command by root:
sh run-bsd2.sh
(This will take approximately 30 min.)


***** How to run the experiment (Linux) *****

1. Filtering RST TCP segment from OS
Execute following command by root:
/sbin/iptables -A OUTPUT -p tcp -d vinson3.sfc.wide.ad.jp --tcp-flags 
RST RST -m multiport --dports 34343,80,443 -j DROP

NOTE: if you are already running iptables, please add equivalent rules
After the experiment, you can revert by opposite commands - using -D 
instead of -A

2. Executing script
Download script from 
http://www.micchie.net/software/tcpexposure/for_distrib.tar.gz, and 
decompress it to anywhere you like (e.g., tar xzf for_distrib.tar.gz)

In the for_distrib directory, execute a following command by root:
sh run-linux2.sh
(This will take approximately 30 min.)


***** How to run the script (FreeBSD) *****

1. Filtering RST TCP segment from OS
If you are using neither ipfw nor pf:
Load pf kernel module with a following command by root:
kldload /boot/kernel/pf.ko

Add following 2 lines to /etc/pf.conf (please replace IFNAME to your 
outgoing interface name (e.g., em0):
pass out all
block out quick on IFNAME proto tcp to vinson3.sfc.wide.ad.jp port 
{34343,80,443} flags R/R

Execute following command by root:
pfctl -e -f /etc/pf.conf

If you are already running pf, please add equivalent rules
After the experiment, you can revert settings by  cleaning up 
/etc/pf.conf and executing "pfctl -d" by root

If you are already using ipfw:
  Please add a following rule to ipfw configuration:
  deny tcp from any to vinson3.sfc.wide.ad.jp dst-port 34343,80,443 
tcpflags rst

2. Executing script
Download script from 
http://www.micchie.net/software/tcpexposure/for_distrib.tar.gz, and 
decompress it to anywhere you like (e.g., tar xzf for_distrib.tar.gz)

In the for_distrib directory, execute a following command by root:
sh run-bsd2.sh
(This will take approximately 30 min.)


Best regards,
- Michio


More information about the end2end-interest mailing list