Disable T/TCP (RFC1644)
Theo Markettos (89) 919 posts |
I’ve just been digging through the Internet stack (digging perhaps being the right word – some of this seems decidedly archaeological). It appears we still have T/TCP support turned on . T/TCP is an experimental protocol for reducing TCP connection startup times. It was described as experimental in RFC1644 and the document is now ‘historic’. It wasn’t widely used, and suffers from security vulnerabilities that were published 17 years ago. In particular, it appears that one bank (Barclays) has long blocked connections that try to do T/TCP (quite sensibly IMHO). I haven’t poked around the implementation in too much depth but I’d be willing to bet it’s insecure. (Actually, I think TCP hijacking in general on RISC OS is fairly straightforward). So is there any reason why we still have this turned on? One I can think of is that it reduces the TIME_WAIT of sockets, which helps socket recycling if the number of socket descriptors is still woefully small. If that’s still a problem, isn’t it time we increased the number of sockets? |
Jeffrey Lee (213) 6048 posts |
FWIW T/TCP is disabled, but it’s disabled via the boot sequence rather than in the Internet module itself. Disabling it by default in the Internet module probably makes sense, though. |
Theo Markettos (89) 919 posts |
Ah, didn’t realise that was standard issue. No reason not to do it in the module, then :) |
Theo Markettos (89) 919 posts |
By the way, I notice tcp_subr.c has both the Castle and BSD licences on the top. BSD was there first so the Castle licence shouldn’t apply. Similarly ip_mroute.c says ‘Written by David Waitzman, BBN Labs, August 1988’ (it’s part of 4.4BSD) but a Castle licence . |