#7 Improve the matchmaking algorithm

open
nobody
None
5
2008-08-19
2008-08-19
No

Switzerland Version Zero often reports being "unable to test" a flow.

That is often because of limitations in the matchmaking strategy in Switzerland.py (the algorithm needs to ensure that communications from/to non-switzerland machines behind a given NAT firewall don't confuse switzerland, and also that synchronization problems don't lead to packets being reported as forged just because they were sent before switzerland was there to record them)

The Verzion Zero matchmaking "algorithm" just looks at tuples of the form (public source ip, public dest ip, hash of opening packet) as reported by Alice and Bob, and only starts tests if these match for a pair of reported flows.

One improvement to be made:

If an opening hash doesn't match, but the IP ID of the opening hash does, as well as port numbers for any non-firewalled hosts, that's probably an indication that Alice and Bob are reporting the same flow (it's just that the opening packet is being modified -- which we should report)!

A harder improvement:

If there is evidence (from port numbers, say) that the two flows are really the same, but the opening hashes are really different, use some new protocol feature to try to get Alice and Bob to resynchronize their capturing of this flow.

Discussion

  • Peter Eckersley

    Peter Eckersley - 2008-08-19

    Logged In: YES
    user_id=8965
    Originator: YES

    Also if Alice reports a flow to Bob, and Bob is not firewalled, and Bob does not report the flow, that's a sign that the flow is being dropped somewhere.

     
  • Nobody/Anonymous

    Transport layer sequence number (if there is one) is probably a better measure than IP ID.

     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks