Implementation

Question 1

TFO has been implemented here…

Answer 1

1) The Linux 2.6.34 kernel

2) Chrome Browser

Question 2

a key aspect to both the design and implementation

of TFO is that

Answer 2

It does not affect TCP congestion control.
That is, since congestion control only takes place after
TCP’s handshake completes, and TFO is only in use during
the handshake, the two are entirely separate

Question 3

TFO’s modifications included alterations

to incoming packet handling in the

Answer 3

LISTEN, SYN SENT,
and SYN RCVD states and to the routines that transmit TCP
packets

Question 4

TFO’s implementation uses

Answer 4

8 byte TFO cookie

Question 5

The truncated result that is 8 bytes to generate

the cookie.

Answer 5

The 128-bit (16 byte) AES block cipher implementation
available in the Linux Kernel CryptoAPI is used to encrypt each client IP value… which is then truncated to the 8 byte cookie.

Question 6

We pad IPv4 client IP addresses with zeros
to create a 16 byte IP value while IPv6 addresses are used
in full.

Answer 6

The fixed size, 8 byte TFO cookie.

Question 7

In order to validate the cookie contained within an incoming TFO request,

Answer 7

the server recomputes the 8 byte cookie value

based upon the incoming source IP address and compares it to the cookie included by the client

Question 8

For the cookie cache - which is used by clients hosts’ network stack

Answer 8

we implemented a simple LRU policy that
caches cookies, RTT, andMSS by server IP. While we found
that this policy worked well, this cache replacement policy
is not in any way tied to the protocol.

Question 9

Server side application changes

Answer 9

Server side applications need just a single additional line of
code: a call to setsockopt() to set the TFO socket option
for the listen socket

Question 10

Client side application changes

Answer 10

Client side applications must replace
connect() and the first send() call with a single
call to sendto() with the appropriate flags