Switzerland Version Zero often reports being "unable to test" a flow.
That is often because of limitations in the matchmaking strategy in Switzerland.py (the algorithm needs to ensure that communications from/to non-switzerland machines behind a given NAT firewall don't confuse switzerland, and also that synchronization problems don't lead to packets being reported as forged just because they were sent before switzerland was there to record them)
The Verzion Zero matchmaking "algorithm" just looks at tuples of the form (public source ip, public dest ip, hash of opening packet) as reported by Alice and Bob, and only starts tests if these match for a pair of reported flows.
One improvement to be made:
If an opening hash doesn't match, but the IP ID of the opening hash does, as well as port numbers for any non-firewalled hosts, that's probably an indication that Alice and Bob are reporting the same flow (it's just that the opening packet is being modified -- which we should report)!
A harder improvement:
If there is evidence (from port numbers, say) that the two flows are really the same, but the opening hashes are really different, use some new protocol feature to try to get Alice and Bob to resynchronize their capturing of this flow.
Log in to post a comment.