User: Password:
|
|
Subscribe / Log in / New account

Linux gets DCCP

Linux gets DCCP

Posted Sep 1, 2005 2:14 UTC (Thu) by imcdnzl (subscriber, #28899)
Parent article: Linux gets DCCP

One other useful thing to note is that UDP doesn't work well behind firewalls often and DCCP is designed to do that.

For those that would like to learn more about DCCP see http://wlug.org.nz/DCCP or see my research proposal at http://wand.net.nz/~iam4

Ian McDonald (not Ian MacDonald as the article says)


(Log in to post comments)

Spelling screwup

Posted Sep 1, 2005 3:33 UTC (Thu) by corbet (editor, #1) [Link]

The spelling mistake is strange; I remember being extra sure that I had it right. Obviously not, my apologies. Fixed now.

DCCP and legacy firewalls.

Posted Sep 1, 2005 16:19 UTC (Thu) by Duncan (guest, #6647) [Link]

What does DCCP look like to a legacy firewall. You mention that it's
designed to work well with firewalls, but how would I implement "allow"
filters on a default-deny policy firewall, that only understands legacy
protocols? Would DCCP look to it like UDP? IOW, is it UDP with
additional protocol info in what would be the UDP payload, thus recognized
as UDP by legacy routers, or ??? If so, are there NAPT/masquerade
implications similar to those with FTP and various VoIP and security
protocols, or not?

I ask as I run one of those legacy things, one of the first-gen consumer
level NAPT based broadband routers. At some point, I'll likely replace it
with a Linux based appliance and therefore benefit from community firmware
projects, but my old Netgear rt314 has and continues to serve me well, so
why mess with a good thing until I need to?

OTOH, it'll probably be another year or more before there's enough out
there using DCCP in working deployments to be worrisome, particularly if
MSWormOS support lags, and by then I may well have upgraded routers, but
there'll still certainly be others who haven't.

Duncan

DCCP and legacy firewalls.

Posted Sep 1, 2005 21:34 UTC (Thu) by psiren (guest, #29126) [Link]

I'm far from an expert, but having had a quick glance through the RFC, section 19 refers to the protocol number for DCCP being 33 (probably). UDP uses 17, so it will be seen as distinct and different from UDP. Take a quick glance at /etc/protocols to see how many there are (more than you probably realise, not that you use many of them day to day).

Many firewalls support protocols other than the common TCP, UDP and ICMP, so theres no specific reason to think you won't be able to pass the data through. However, there may not be direct support for checking anything inside the packets headers, as the software would need to understand the protocol to extract this information.

DCCP and legacy firewalls.

Posted Sep 4, 2005 22:53 UTC (Sun) by imcdnzl (subscriber, #28899) [Link]

What I meant by friendly to firewalls is that it is easy to track sessions (much easier than UDP where there are no direct sessions). That is one of the main reasons why media applications fall back to TCP...

Of course you have to allow protocol 33 through as another poster says which on some equipment may cause problems.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds