Comments (18)
what exactly does Connection migration means?
from kcp-go.
See https://github.com/devsisters/goquic/blob/master/README.md or https://mosh.org. Means tunnel is kept open even while switching between 3G or WiFi, or connecting over different uplinks.
from kcp-go.
Zerotier does this very well. UDP Packets can come in over any interface or route but are first validated. Only if successfully validated, will the new udp connection/source be registered as an active path. Tested kcptun with --conn 2 and Kcptun breaks the inside TCP connection when the WAN on client side does failover.
from kcp-go.
yes, i mean , connection migration is another layer above connection
so, it's not to be implemented in this layer, It should be designed as an overlay network library.
from kcp-go.
Tested kcptun with --conn 2 and Kcptun breaks all tunneled TCP connections when the WAN on client-side does failover to another uplink. Should this issue be under kcptun repo?
from kcp-go.
this library acts exactly(almost) like a TCPConn, behaves like a TCPConn.
ovpn(or other IP over IP tech) can act as an overlay network above this connection, i think it's the correct way.
from kcp-go.
Behaves like a TCP connection sounds just like QUIC protocol specification by google. Just that kcp does not do connection migration which is one less feature. Which makes it unsuitable for mobile.
from kcp-go.
Would the QUIC Google Chrome developers say: oh, just use another overlay network like ovpn to access your website.
from kcp-go.
Are there other considerations that I am not aware of as to why this feature request is being refused? Yes, KCP should be a reliable transport over UDP, but it does not mean that connection migration is out of scope cause the inside stream should not need to care that the uplink or udp source/dst has changed many times since the stream opened.
from kcp-go.
connection migration needs careful design of authentication & authorization, it's so complicated, and like session hijacking, and QUIC hasn't larged deployed in mobile devices(i think), from my experience, application-level auto-reconnection is enough for most non-realtime applications.
from kcp-go.
the intention of kcp.conv is connection migration
from kcp-go.
but, it's so easy for session hijacking, actually , I haven't found a way for secure connection migration, it's definitely a hard problem.
from kcp-go.
Thanks for the explanation. Is integrity and authenticity validated on every kcp udp packet in the current implementation? https://en.m.wikipedia.org/wiki/Authenticated_encryption
from kcp-go.
It would be nice if this was an option. If you are using tls on top of kcp, the only thing you can do by hijacking is DoS. Linux/Android also supports mTCP (multipath tcp) that does the same thing, which could perhaps be an inspiration on how to make hijacking hard.
from kcp-go.
We can add AEAD for every outgoing udp packet, but it's far from the entire story.
The hard part is how to prove it's security.
from kcp-go.
That doesn't really help as the key exchange still happens in plain text as far as I understand.
from kcp-go.
most key exchange use DH algorithm, that's not a problem for establishing temporary encrypted session without authorization.
when switching client uplink, how can you tell from a Captured Replay Attack Packet from a Real Uplink change?
from kcp-go.
I think we need to figure out the whole picture of how QUIC handles connection migration first.
from kcp-go.
Related Issues (20)
- 为什么一重启服务器端,就收不到客户端传来的信息呢
- 服务器链接超过某个数后内存暴涨 HOT 1
- 如何抵御重放攻击(How to defend against replay attacks)? HOT 1
- 用户数据过大时,会出现数据错乱问题 HOT 3
- 只能通过UDPSession.Close才能跳出readloop循环,如果通过调用SetXXXDeadline的方式,会造成协程泄露。 HOT 1
- 在穿越了NAT的P2P隧道里,使用kcp.NewConn2建立的一对连接无法成功通信
- 请教一个dynamic fec的参数问题 HOT 2
- CI
- Use of deprecated crypto libraries HOT 2
- 客户端动态fec调整问题请教 HOT 2
- [请教一下] 客户端和服务端任何一侧离线了该如何感知
- 当调用Read和Write后,修改UDPSession的超时时间不生效 HOT 1
- Data splitting and merging HOT 6
- How to handle restarts? HOT 3
- 多客户端连接连接至同一个服务器的时候,如果有一个客户端断开了,服务端就会停止广播,即使客户端重新连接,服务端也收不到任何的连接信息,需要服务端重启才能解决此问题 HOT 6
- kcp是否支持可丢失传输
- kcp-go有没有推荐的 c/c++客户端封装实现? HOT 2
- Sending big chunks of data through kcp-go
- 服务端恢复session时,恢复rcv_nxt(让服务端可以继续read)是否可行
- 新增:服务端主动对外发动链接方法
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kcp-go.