On Friday, March 24, 2006 08:23:20 AM -0500 "Steven M. Bellovin"
<smb@xxxxxxxxxxxxxxx> wrote:
On Thu, 23 Mar 2006 20:56:51 -0800, Joe Touch <touch@xxxxxxx> wrote:
Since it seems like this might be useful, I'll pull a draft together on
how to do this without 1078's extra connection, more like the
late-binding we do in datarouter, very shortly...
1078 doesn't use an extra connection; it hands off the open connection
to the protocol handler.
Your suggestion of using a TCP option instead is friendlier to
firewalls, though.
And it uses fewer round trips. I like this idea.
does require a mod to TCP to allow the dest port to be unbound (e.g.,
'0') if the option is present, and enable the return SYN-ACK to update
the TCB on arrival.
This part, though, seems like it could be perilous. Why not start with
a non-zero port and hand off the connection, a la tcpmux?
-- Jeff
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf