User: Password:
|
|
Subscribe / Log in / New account

TCP connection hijacking and parasites - as a good thing

TCP connection hijacking and parasites - as a good thing

Posted Aug 11, 2011 17:16 UTC (Thu) by bronson (subscriber, #4806)
In reply to: TCP connection hijacking and parasites - as a good thing by Cyberax
Parent article: TCP connection hijacking and parasites - as a good thing

It's a good prototype. Glue random parts together and see if it flies. If it does, THEN you do the engineering to turn it into a product. If not, no big deal.


(Log in to post comments)

TCP connection hijacking and parasites - as a good thing

Posted Aug 11, 2011 21:29 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link]

I'm very interested in checkpointing to the extent that I've implemented userspace TCP/IP stack using http://sourceforge.net/projects/cipsuite/ with support for rapid resuming.

However, the proposed solution is what I'd call an example of how NOT to do checkpointing. I've read its code and I'd say that it conclusively proves that there should be kernel-level support for it.

Actually, it should not even be that hard! We already have /proc/pid/fd directory with the list of open handles. So we just need to add, say, /proc/pid/fd-pickle directory with the list of files, containing handles' information. So TCP connections would store their endpoints, sequence numbers, the sets of TCP flags, and probably IPSec state in these files.

TCP connection hijacking and parasites - as a good thing

Posted Aug 11, 2011 22:27 UTC (Thu) by bronson (subscriber, #4806) [Link]

cipsuite looks impressive! Wish I'd had it back in my embedded days.

Agreed, the article's technique not the best way of doing it. /proc/pid/fd-pickle seems like it would be somewhat high maint and prone to racing... Is it possible to extract the fd info and other kernel state after the process is frozen?

(asking as someone who has never actually checkpointed a process...)

TCP connection hijacking and parasites - as a good thing

Posted Aug 11, 2011 22:52 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link]

It shouldn't be hard, actually I'm thinking of implementing it myself.

Race conditions would be a problem, but:
1) Checkpoint/restart is inherently racy. Network packets might got lost, connections can time out during migration, etc.
2) It can be mitigated somewhat by providing kernel-level support for freezing.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds