CMAND: TCP-HICCUPS

TCP-HICCUPS

TCP-HICCUPS:

HICCUPS (Handshake-based Integrity Check of Critical Underlying Protocol Semantics) is a lightweight extension to TCP that helps end-hosts infer when their communication is being misinterpreted due to middlebox packet header modifications. HICCUPS applies a tamper-evident seal to the TCP 3-way handshake that is incrementally deployable and cooperative with today's middleboxes.
This web page documents HICCUPS and provides code for our development efforts. Please contact us for more information, or if you're interested in hosting a HICCUPS instance to facilitate development and Internet-wide measurement efforts.

Why:

The modern Internet contains a variety of middleboxes that operate on network traffic in ways other than traditional IP routing. Middleboxes are used for a number of reasons: enhancing performance, enforcing policies, and adding new network features. Examples range from a large corporate firewall to the wireless router you have at home.

Unfortunately, middleboxes are often hard to setup and configure. Misconfigurations and out-of-date or non-standard behaviors occur regularly and in some cases can severely degrade TCP performance. The causes are often subtle and can be a challenge to diagnose. Even more troubling is the impact middleboxes have on protocol innovation: any new option, repurposed field, or otherwise unrecognized behavior is often misunderstood and blocked, hindering the deployment of new protocols and extensions.

Downloads:

Cross-platform User Tools

For testing and evaluation on non-HICCUPS kernels (uses raw sockets)

Windows: Download here
Mac OSX / Linux: Download here
(Build with: $ ./configure && make)

To test your connection:

Windows: Open a command prompt and run hc hiccups.cmand.org
OSX / Linux: run $ sudo ./hc hiccups.cmand.org

For lots more options, run the client with -h

Linux Kernel

Built right into the TCP stack for the full HICCUPS experience

Fedora Linux RPMs:
- 32-bit kernel | md5sum: 4e3e2c95617a4c82d998286f9fbd5ac6
- 64-bit kernel | md5sum: e244c213e073efcfb2e31085fd6fff84
(Install with: $ sudo yum install kernel32.rpm and reboot)
Build your own:
- Download the Linux kernel v3.9.4 tarball
- Apply our kernel patch
- Build and install the kernel
Test client for use on a TCP-HICCUPS kernel (coming soon)

Publications:

A Middlebox-Cooperative TCP for a non End-to-End Internet
Ryan Craven, Robert Beverly, and Mark Allman
Proceedings of ACM SIGCOMM 2014 Conference, August, 2014.
Techniques for the detection of faulty packet header modifications
Ryan Craven, Robert Beverly, and Mark Allman
NPS Technical Report CS-14-002, March, 2014.
Experience in using Mechanical Turk for Network Measurement
Gokay Huz, Steven Bauer, kc claffy, and Robert Beverly
Proceedings of ACM SIGCOMM C2BID Workshop, August, 2015.
Resilience of Deployed TCP to Blind Off-Path Attacks
Matthew Luckie, Robert Beverly, Tiange Wu, Mark Allman, and kc claffy
Proceedings of the ACM IMC, October, 2015.

Talks:

Ryan's NANOG 62 talk
SIGCOM 2014 slides

Who:

Ryan Craven (NPS / SPAWAR, now ONR) - ryan -at- rcraven dot net
Robert Beverly (NPS)
Mark Allman (ICSI)

Funding:

Note: Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.

Center for Measurement and Analysis of Network Data

Cross-platform User Tools

Linux Kernel