Jeffrey Hutzelman wrote: > > > On Friday, March 24, 2006 08:23:20 AM -0500 "Steven M. Bellovin" > <smb@xxxxxxxxxxxxxxx> wrote: > >> On Thu, 23 Mar 2006 20:56:51 -0800, Joe Touch <touch@xxxxxxx> wrote: >> >>> >> >>> >>> Since it seems like this might be useful, I'll pull a draft together on >>> how to do this without 1078's extra connection, more like the >>> late-binding we do in datarouter, very shortly... >>> >> >> 1078 doesn't use an extra connection; it hands off the open connection >> to the protocol handler. >> >> Your suggestion of using a TCP option instead is friendlier to >> firewalls, though. > > And it uses fewer round trips. I like this idea. > > >> does require a mod to TCP to allow the dest port to be unbound (e.g., >> '0') if the option is present, and enable the return SYN-ACK to update >> the TCB on arrival. > > This part, though, seems like it could be perilous. Why not start with > a non-zero port and hand off the connection, a la tcpmux? TCPMUX doesn't 'handoff'. It expects that either the connection is closed and another is opened, or that the service desired is served off of its port once opened after the initial exchange (in-band). The latter is a possibility here. The downside is that it then forces a two-step demultiplexing of incoming packets; there may be utility in a variant that allows the dest port to be unbound and later filled-in, or changed during the connection, so that services can be more efficiently demultiplexed. Joe _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf