“TCP Fast Open”的意思、由来-开放百科全书

In computer networking, TCP Fast Open (TFO) is an extension to speed up the opening of successive Transmission Control Protocol (TCP) connections between two endpoints. It works by using a TFO cookie (a TCP option), which is a cryptographic cookie stored on the client and set upon the initial connection with the server.^[1] When the client later reconnects, it sends the initial SYN packet along with the TFO cookie data to authenticate itself. If successful, the server may start sending data to the client even before the reception of the final ACK packet of the three-way handshake, skipping that way a round-trip delay and lowering the latency in the start of data transmission.

The cookie is generated by applying a block cipher keyed on a key held secret by the server to the client's IP address, generating an authentication tag that is difficult for third parties to spoof, even if they can forge a source IP address or make two-way connections to the same server from other IP addresses. Although it uses cryptographic techniques to generate the cookie, TFO is not intended to provide more security than the three-way handshake it replaces, and does not give any form of cryptographic protection to the resulting TCP connection, or provide identity assurance about either endpoint. It also is not intended to be resistant to man-in-the-middle attacks. If such resistance is required, it may be used in combination with a cryptographic protocol such as TLS or IPsec.

and was published as RFC 7413 in December 2014.^[3] TCP Fast Open shares the goal of bypassing the three-way handshake of TCP with an earlier proposal from 1994, called T/TCP (RFC 1644). In contrast to TCP Fast Open, T/TCP paid no attention to security,^[3] opening a path for vulnerabilities and failing to gain traction.

See also

References

1. ^{{cite news |first=Michael |last=Kerrisk |date=2012-08-01 |title=TCP Fast Open: expediting web services |publisher=LWN.net |url=https://lwn.net/Articles/508865/ }}
2. ^{{cite news| title=TCP Fast Open|vauthors=Radhakrishnan S, Cheng Y, Chu J, Jain A, Raghavan B | date=2011-12-06| url=http://conferences.sigcomm.org/co-next/2011/papers/1569470463.pdf| publisher=ACM CoNEXT }}
3. ^¹{{cite web | url=https://tools.ietf.org/html/rfc7413 | title=TCP Fast Open | publisher=IETF | date=December 2014 | accessdate=10 January 2015 |author1=Yuchung Cheng |author2=Jerry Chu |author3=Sivasankar Radhakrishnan |author4=Arvind Jain |last-author-amp=yes }}
4. ^{{cite news |first=Michael |last=Kerrisk |url=https://lwn.net/Articles/508865/ |title=TCP Fast Open: expediting web services |publisher=LWN.net |date=2012-08-01 |quote=The client-side support has been merged for Linux 3.6}}
5. ^{{cite news |first=Steven J |last=Vaughan-Nichols |url=http://www.zdnet.com/linux-3-7-arrives-arm-developers-rejoice-7000008638/ |title=Linux 3.7 arrives, ARM developers rejoice |publisher=ZDNet |work=Linux and Open Source |date=2012-12-11 |quote=Linux 3.7. TCP Fast Open will now be supported on servers}}
6. ^{{cite web | title = Linux Kernel 3.13, Section 1.10. TCP Fast Open enabled by default | url = http://kernelnewbies.org/Linux_3.13#head-159ff61ea3acfd67b88855e75dbbb140f8825c4a | date = 19 January 2014 | accessdate = 11 February 2014 | website = kernelnewbies.org}}
7. ^{{cite web | title = Linux Kernel 3.16, Section 1.4. TCP Fast Open server mode on IPv6 support | url = http://kernelnewbies.org/Linux_3.16#head-93fbb9abc6149e9c3055322f27cdc3a8fcc198e6 | date = 3 August 2014 | accessdate = 14 September 2014 | website = kernelnewbies.org}}
8. ^{{cite web|url=https://svnweb.freebsd.org/base?view=revision&revision=292823|title=Implementation of server-side TCP Fast Open (TFO) [RFC7413]: MFC into stable/10 branch|date=2015-12-28}}
9. ^{{cite web|url=https://svnweb.freebsd.org/base?view=revision&revision=330001|title=This is an implementation of the client side of TCP Fast Open (TFO) [RFC7413]|date=2018-02-26}}
10. ^{{Cite web|url=https://svnweb.freebsd.org/base?view=revision&revision=335610|title=Enable TCP_FASTOPEN by default for FreeBSD 12|last=|first=|date=2018-06-24|website=|archive-url=|archive-date=|dead-url=|access-date=}}
11. ^{{cite web|url=https://bugzilla.mozilla.org/show_bug.cgi?id=1188435|title=1188435 - Support TCP Fast Open|date=2017-05-05}}
12. ^{{cite web|url=https://bugzilla.mozilla.org/show_bug.cgi?id=1398201|title=1398201 - Disable TCP Fast Open for 57|date=2017-09-10}}
13. ^{{cite web|url=https://lists.exim.org/lurker/message/20161225.101705.4bbe7ae8.en.html|title=Exim 4.88 released|date=2016-12-25}}
14. ^{{Cite web|url=https://www.unbound.net/pipermail/unbound-users/2016-September/004466.html|title=Unbound 1.5.10|access-date=2017-12-05}}
15. ^{{cite web|url=https://ftp.isc.org/isc/bind9/9.11.0/RELEASE-NOTES-bind-9.11.0.html|title=Release Notes for BIND Version 9.11.0|date=2016-10-05}}
16. ^{{cite web|url=https://developer.apple.com/videos/wwdc/2015/?id=719|title=Your App and Next Generation Networks|publisher=Apple Inc.|date=2015}}
17. ^{{cite web|url=https://developer.microsoft.com/en-us/microsoft-edge/platform/changelog/desktop/14352/|title=Windows 10 build 14352 - New web platform features|publisher=Microsoft|accessdate=2016-05-27}}
18. ^{{cite web|url=https://doc.powerdns.com/recursor/changelog/4.1.html|title=Changelogs for 4.1.x|publisher=PowerDNS|date=2017-12-04}}

See also

References

External links