ABI suggestions?

From: Julian Elischer (julian_at_elischer.org)
Date: 02/21/05

  • Next message: Mike Silbersack: "Re: ABI suggestions?" 
    Date: Sun, 20 Feb 2005 16:38:16 -0800
To: net@freebsd.org

    I'm looking at implementing a kernel module that implelemnts an ABI that allows
    a particular tcp session to be followed.
    I'm not terribly intereted in the data sent/received bas in the actual session
    behaviour itself..

    In other words I want to watch the tcp stack making decisions.
    Obviously this would require adding trace points (not normally compiled in)
    into the tcp stack. I'd consider that possibly KTR would be good for that except
    that I need to do this on 4.x machines so possibly another mechanism will be
    needed (or I back port KTR).

    I'm looking to see trace messages such as
    "Congestion window changed to %d",
    and
    "process reads %d bytes, %d bytes now available in receive window"

    using tcptrace and other tools okn the data flow across the network "simulates"
    or "guesses" about some of these things, but there is no real authoratative
    information about how the stack is thinking..

    parts of the ABI I'm thinking about include:

    how to get the events out (if not KTR) and
    how to specifiy a session to trace (assuming you want to watch sessions that
    may not exist yet)

    if anyone has any ideas on this, let me know :-)

    regards julian

    p.s. would this be generally useful (assuming it can be achieve without
    any overhead when compiled out)?

    _______________________________________________
    freebsd-net@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-net
    To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

  • Next message: Mike Silbersack: "Re: ABI suggestions?"

    Relevant Pages

    • [NEWS] Vulnerability in the TCP Protocol Allows RST Spoofing (Cisco Advisory)
      ... A vulnerability in the Transmission Control Protocol (TCP) specification ... the connection may get automatically ... Here is an example of a normal termination of a TCP session: ... Access control lists should also be deployed as close to the edge ...
      (Securiteam)
    • Fwd: FW: session-hijacking is still available?
      ... I had thought that the original thesis was that for older TCP ... starting sequence number of a new TCP session, ... so session hijacking is almost impossible ...
      (Security-Basics)
    • Re: ISA RADIUS Authentication per-request -> per-session
      ... What ISA interprets as a "session" is defined as a single TCP connection. ... What the user calls an OWA "session" is actually made up of 4 or more concurrent TCP connections to the server (ISA, ...
      (microsoft.public.isa)
    • Re: [fw-wiz] FW and TCP Sessions
      ... Statefule firewalls maintain a stateful session flow ... contains source, destination addresses, TCP sequencing ... connection object in the firewall. ...
      (Firewall-Wizards)
    • Re: tcp vulnerability? havent seen anything on it here...
      ... >> Anyone who recommends responding to a RST packet, ... >> understand TCP very well. ... during established session, address translation, sequence randomization a la ... with a session cookie. ...
      (Linux-Kernel)