http://www.kerneltrap.org/taxonomy/term/467/0 en-local http://www.kerneltrap.org/FreeBSD/BSDCan_2008_Stream_Control_Transmission_Protocol <div class="taxonomy-images"><a href="/news/freebsd" class="taxonomy-image-links"><img src="http://kt1.osuosl.org/files/category_pictures/K-FreeBSD_0.gif" alt="FreeBSD news" title="FreeBSD news" width="75" height="75" /></a></div><!-- google_ad_section_start --><p>Randall Stewart of Cisco Systems gave a talk titled <a href="http://www.bsdcan.org/2008/schedule/events/91.en.html">SCTP, what it is and how to use it</a>, discussing the Stream Control Transmission Protocol (SCTP). A paper that was displayed on the overhead projecter before the talk began summarized:</p> <blockquote><p>"Integrated into FreeBSD 7.0 -- first standardized by the Internet Engineering Task force (IETF) in October of 2000, in RFC 2960 and later updated by RFC 4960. SCTP is a message oriented protocol providing reliable end to end communication between two peers in an IP network."</p></blockquote> <p>Randall explained that SCTP is an alternative protocol to TCP, UDP. To describe SCTP, he suggested you start with TCP features, including: reliable retransmission, congestion control, flow control, connection oriented, and selective acknowledgements. You then add to it more features, including: "association" 4-way handshake, framing and ordered service, multistreaming, multihoming, and reachability.</p> <!-- google_ad_section_end --><p><a href="http://www.kerneltrap.org/FreeBSD/BSDCan_2008_Stream_Control_Transmission_Protocol" target="_blank">read more</a></p> http://www.kerneltrap.org/FreeBSD/BSDCan_2008_Stream_Control_Transmission_Protocol#comments BSDCan Cisco FreeBSD networking Randall Stewart SCTP FreeBSD news Sat, 17 May 2008 10:52:37 +0000 Jeremy 16144 at http://www.kerneltrap.org http://www.kerneltrap.org/DragonFlyBSD/Fair_Queuing_For_ALTQ <div class="taxonomy-images"><a href="/news/dragonflybsd" class="taxonomy-image-links"><img src="http://kerneltrap.org/files/category_pictures/K-FlyBSD_1.gif" alt="DragonFlyBSD" title="DragonFlyBSD" width="75" height="75" /></a></div><!-- google_ad_section_start --><p>"<i>I have a question for the PF/ALTQ masters out there,</i>" Matthew Dillon began on the DragonFlyBSD kernel mailing list, having recently switched from using a Cisco router to a DragonFlySD server running PF. "<i>I am trying to configure PF in a manner similar to what Cisco's fair-queue algorithm does. Cisco's algorithm basically hashes TCP and UDP traffic based on the port/IP pairs, creating a bunch of lists of backlogged packets and then schedules the packets at the head of each list.</i>" He went on to explain that he was unsuccessfully trying to configure the same thing with PF, "<i>neither CBQ nor HFSC seem to work well. I can separate certain types of traffic but the real problem is when there are multiple TCP connections that are essentially classified the same, and one is hogging the outgoing bandwidth. So the question is, is there a PF solution for that or do I need to write a new ALTQ mechanic to implement fair queueing?</i>"</p> <p>Not finding a solution, he followed with a series of patches implementing what he needed. He explained the resulting logic noting, "<i>unless something comes up I am going to commit this to DragonFly on Friday and call it done. I would be pleased if other projects picked up some or all of the work</i>":</p> <blockquote><p>"The queues are scanned from highest priority to lowest priority; if the packet bandwidth on the queue does not exceed the bandwidth parameter and a packet is available, a packet will be chosen fro that queue; if a packet is available but the queue has exceeded the specified bandwidth, the next lower priority queue is scanned (and so forth); if NO lower priority queues either have packets or are all over the bandwidth limit, then a packet will be taken from the highest priority queue with a packet ready; packet rate can exceed the queue bandwidth specification (but will not exceed the interface bandwidth specification, of course), but under full saturation the average bandwidth for any given queue will be limited to the specified value."</p></blockquote> <!-- google_ad_section_end --><p><a href="http://www.kerneltrap.org/DragonFlyBSD/Fair_Queuing_For_ALTQ" target="_blank">read more</a></p> http://www.kerneltrap.org/DragonFlyBSD/Fair_Queuing_For_ALTQ#comments ALTQ Cisco DragonFlyBSD Matthew Dillon packet filter PF DragonFlyBSD Thu, 10 Apr 2008 19:45:07 +0000 Jeremy 15960 at http://www.kerneltrap.org http://www.kerneltrap.org/node/3072 <div class="taxonomy-images"><a href="/taxonomy/term/36" class="taxonomy-image-links"><img src="http://kerneltrap.org/files/category_pictures/K-trap_0.gif" alt="Features" title="Features" width="75" height="75" /></a><a href="/taxonomy/term/97" class="taxonomy-image-links"><img src="http://140.211.166.79/files/category_pictures/K-OpenBSD_1.gif" alt="OpenBSD feature article" title="OpenBSD feature article" width="75" height="75" /></a></div><!-- google_ad_section_start --><p>A vulnerability in TCP, the transmission control protocol, recently received some exposure in the media. Paul Watson released a white paper titled <a href="http://www.osvdb.org/reference/SlippingInTheWindow_v1.0.doc" target="new">Slipping In The window: TCP Reset Attacks</a> at the 2004 <a href="http://www.cansecwest.com/" target="new">CanSecWest</a> conference, providing a much better understanding of the real-world risks of TCP reset attacks.</p> <p>To better understand the reality of this threat, KernelTrap spoke with Theo de