TCP experimental options

[Tom Harwood <tomharwood () fastmail fm>]

Hi all,

I've been experimenting with TCP Fast Open - https://tools.ietf.org/html/draft-cheng-tcpm-fastopen-02 . The protocol 
currently uses a TCP experimental options kind  (0xfe) for its cookie values. The cookies show in Wireshark as "TCP 
Option - Experimental: fexxf989...", where f989 is TFO's magic number prefix.

I thought it would be neat to label these (albeit experimental) TCP Fast Open cookies in Wireshark. The TCP 
experimental options field strictly has no structure, however the magic number prefix (f989 in this case) could help 
with identification. http://tools.ietf.org/html/draft-touch-tcpm-experimental-options-00 has some ideas related to this.

To generalise, I was thinking of writing a patch to check each TCP experimental option against a list of variable 
length magic numbers. Then Wireshark could identify experimental TFO cookies, and any other experimental options seen 
"in the wild". (however TFO is the only one I have ever seen :-))

As there's no structure to the TCP experimental options fields, some uses could overlap, and some experimental option 
data could plausibly belong to more than one experiment: In this case, we could note the ambiguity and/or list all the 
possible known types the data could be.

Are there any suggestions? (is this a reasonable idea?)

thanks,

Tom

ps - many thanks to the authors of Wireshark, it's a brilliant piece of software :-)
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe