On 04.04.24 12:09, Aleksi wrote:
So what's the complete unworkable thing on this? It requires zero network upgrades, only end points need to understand this.
Go ahead and *prove* that. Grab a bunch of middleboxes - plain NAT implementations, commercial firewalls, IPSes, application level gateways, even just routers that do fragmentation and/or reassembly, some of which have the *explicit task* to "normalize the bytestream" (as long as we're talking TCP) and thus regenerate packet headers from the info they gleaned from the original ones - and demonstrate that your "extension segments", wherever in the packet headers you plan to hide them, get through all of that unscathed, in spite of the boxes having no idea of what you're doing. (And *then*, for sake of completeness, demonstrate that *somehow*, having the relevant "unextended" IP address NATed away also causes the corresponding extension to get dropped/invalidated - *still* with no pertinent update to the middleboxes to teach them about your scheme.) Kind regards, -- Jochen Bern Systemingenieur Binect GmbH