Observing the Evolution of QUIC Implementations

The QUIC protocol combines features that were initially found inside the TCP, TLS and HTTP/2 protocols. The IETF is currently finalising a complete specification of this protocol. More than a dozen of independent implementations have been developed in parallel with these standardisation activities. We propose and implement a QUIC test suite that interacts with public QUIC servers to verify their conformance with key features of the IETF specification. Our measurements, gathered over a semester, provide a unique viewpoint on the evolution of a protocol and of its implementations. They highlight the arrival of new features and some regressions among the different implementations.Comment: 6 pages, 8 figure

TCP/IP traffic patterns: attacks, errors, steganography or normal behaviour?

This paper presents the results of research on the way the network security is affected by thecurrent state of TCP-IP protocol suite behaviour. A number of examples of possible issues arepresented. When discussing classes of such issues, it is pointed out that security is affected by theexistence of not only incorrect implementations, but also differences in implementations that canbe used for various purposes.In the main part of the paper an analysis of the traffic collected on an Internet backbone linkfrom the year 1999 up to 2006 is presented. The results show that the predicted behaviour can beobserved in the real-world traffic. The differences between the measurement results and the theoryare analysed, with a more in-depth look into a number of patterns and the changes of the patternsbetween the traffic collected in different years. In addition, an operating system detection tool isused to estimate the operating systems used by the nodes. Then the estimation is compared withanomaly patterns and the conclusions are presented. After analysing the findings, the pros andcons to different possible explanations of the observed patterns are presented, including flaws,attacks, various kinds of errors and steganography

Beyond socket options: making the Linux TCP stack truly extensible

The Transmission Control Protocol (TCP) is one of the most important protocols in today's Internet. Its specification and implementations have been refined for almost forty years. The Linux TCP stack is one of the most widely used TCP stacks given its utilisation on servers and Android smartphones and tablets. However, TCP and its implementations evolve very slowly. In this paper, we demonstrate how to leverage the eBPF virtual machine that is part of the recent versions of the Linux kernel to make the TCP stack easier to extend. We demonstrate a variety of use cases where the eBPF code is injected inside a running kernel to update or tune the TCP implementation. We first implement the TCP User Timeout Option. Then we propose a new option that enables a client to request a server to use a specific congestion control scheme. Our third extension is a TCP option that sets the initial congestion window. We then demonstrate how eBPF code can be used to tune the acknowledgment strategy.Comment: 9 pages, 8 figure

Beyond socket options: making the Linux TCP stack truly extensible

The Transmission Control Protocol (TCP) is one of the most important protocols in today's Internet. Its specification and implementations have been refined for almost forty years. The Linux TCP stack is one of the most widely used TCP stacks given its utilisation on servers and Android smartphones and tablets. However, TCP and its implementations evolve very slowly. In this paper, we demonstrate how to leverage the eBPF virtual machine that is part of the recent versions of the Linux kernel to make the TCP stack easier to extend. We demonstrate a variety of use cases where the eBPF code is injected inside a running kernel to update or tune the TCP implementation. We first implement the TCP User Timeout Option. Then we propose a new option that enables a client to request a server to use a specific congestion control scheme. Our third extension is a TCP option that sets the initial congestion window. We then demonstrate how eBPF code can be used to tune the acknowledgment strategy.Comment: 9 pages, 8 figure

State-Based Techniques For Designing, Verifying And Debugging Message Passing Systems

Message passing systems support the applications of concurrent events, where independent or semi-independent events occur simultaneously in a nondeterministic fashion. The nature of independence, random interactions and concurrency made the code development of such applications complicated and error-prone. Conventional code development environments or IDEs, such as Microsoft Visual Studio, provide little programming support in this regard. Furthermore, ensuring the correctness of a message passing system is a challenge. Typically, it is important to guarantee that a system meets its desired specifications along its construction process. Model checking is one of the techniques used in software verification which has proven to be effective in discovering hidden design and implementation errors. The required advanced knowledge of formal methods and temporal languages is one of the impediments in adopting model checking by software developers. To integrate model checking environments and conventional IDEs, this dissertation proposes a multi-phase development framework that facilitates designing, verifying, implementing and debugging state-based message passing systems. The techniques and design principles of the proposed framework focus on improving and easing the software development experience. In the first phase, a two-level design methodology is proposed through using abstract high-level communication blocks and hierarchical state-behavioral descriptions that were developed in this research. In the second phase, a new method based on choosing from a pre-determined set of patterns in concurrent communication properties is proposed to facilitate collecting the essential specifications of the system where the atomic propositions are linked with the system design. A complex property can be attained by hierarchically nesting some of these patterns. A procedure to automatically generate formal models in a model checker (MC) language is proposed. Once the model that contains both the design and the properties of the system are generated, a model checker is used to verify the correctness of the proposed system and ensure its compliance with specifications. To help in locating the source of an undesired specification, if any, a procedure to map a counter example generated by the MC to the original design is presented. In the third phase, a skeleton code of the design specification is generated in a general programming language such as Microsoft C\#, Java, etc. moreover, the ability to debug the generated code using a conventional IDE while tracing the debugging process back to the original design was established. Finally, a graphical software tool that supports the proposed framework is developed where SPIN MC is used as a verifier. The tool was used to develop and verify several case studies. The proposed framework and the developed software tool can be considered a key solution for message passing systems design and verification