Implementation Flashcards
TFO has been implemented here…
1) The Linux 2.6.34 kernel
2) Chrome Browser
a key aspect to both the design and implementation
of TFO is that
It does not affect TCP congestion control.
That is, since congestion control only takes place after
TCP’s handshake completes, and TFO is only in use during
the handshake, the two are entirely separate
TFO’s modifications included alterations
to incoming packet handling in the
LISTEN, SYN SENT,
and SYN RCVD states and to the routines that transmit TCP
packets
TFO’s implementation uses
8 byte TFO cookie
The truncated result that is 8 bytes to generate
the cookie.
The 128-bit (16 byte) AES block cipher implementation
available in the Linux Kernel CryptoAPI is used to encrypt each client IP value… which is then truncated to the 8 byte cookie.
We pad IPv4 client IP addresses with zeros
to create a 16 byte IP value while IPv6 addresses are used
in full.
The fixed size, 8 byte TFO cookie.
In order to validate the cookie contained within an incoming TFO request,
the server recomputes the 8 byte cookie value
based upon the incoming source IP address and compares it to the cookie included by the client
For the cookie cache - which is used by clients hosts’ network stack
we implemented a simple LRU policy that
caches cookies, RTT, andMSS by server IP. While we found
that this policy worked well, this cache replacement policy
is not in any way tied to the protocol.
Server side application changes
Server side applications need just a single additional line of
code: a call to setsockopt() to set the TFO socket option
for the listen socket
Client side application changes
Client side applications must replace
connect() and the first send() call with a single
call to sendto() with the appropriate flags