SYN-Cookies

I found a nice thing mentioned in the comments section of a blog entry which talks about asynchronous network communication for better performance:

Nkiller2 uses the technique of client syn-cookies to keep track of the SYNs it sends without any additional memory overhead. Essentially, it encodes the quadruple { src port, src IP address, dst port, dst IP address } along with a secret key into the TCP sequence field and upon receiving a SYN-ACK it can deduce whether or not this belonged to a SYN it previously sent by subtracting 1 from the TCP ACK field, and checking the number against the current packet’s reencoded quadruple.

The idea of treating the sequence number as a place holder for keeping custom handles is cool. 🙂

This is possible only with SYNs. Because the ack that gets exchanged during the SYN will just increment sequentially after that. They cannot have random values once the intial ack is negotiated.

The article also highlights some important things which are unknown to me earlier:

  • How do you find the list of DNS servers out there on the web? – by iterating through all possible IP addresses and sending a DNS request packet to it. If it comes, good enough, note it down.
  • How to do things parallely? – by using asynchronous communication. It also improves throughput/performance. For example, in the above case, we cannot traverse the IP address space sequentially. We send it asynchronously – by creating as many sockets as possible and sending out a DNS packet to them.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s