[ previous ] [ next ] [ threads ]
 From:  Joey Morin <jmorin at icomm dot ca>
 To:  "Mitch (WebCob)" <mitch at webcob dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Wondershaper (fwd)
 Date:  Wed, 9 Jun 2004 18:09:10 -0400 (EDT)
This one time, at band camp, Mitch (WebCob) said:

> > > err, chaps, that is part of the tcp protocol. all tcp connections
> > > follow that behaviour, be it http, ssh, smtp, pop and stuff. udp is
> > > a connectionless protocol and doesnt. udp examples include dns,
> > > RADIUS, and some p2p networks.
> >
> > i never implied otherwise.  there are other protocols besided TCP and
> > UDP, i'm not familiar with all of them.  i expect some are ACKing, and
> > others are ACKless.  HTTP was just an example of the former.
> Err... which others are you thinking of?
> TCP/IP and UDP/IP are your two choices on top of raw IP.


what about ICMP (ping a bell? :-).  it is not a part of TCP or UDP, but is
it's own IP protocol.  here's a partial list:

ICMP (IP prot 1)
TCP (IP prot 6)
UDP (IP prot 17)
GRE (IP prot 47) for PPTP?
IPv6 (IP prot 51) for IPSEC

there are well over 100 protocols that are built on top of IP, granted
that TCP and UDP are arguably the most common, at least on the internet
and in home/office networks. for a more-or-less complete list:


i used to have a slackware 7.1 box as my firewall/router, but i recently
had to purchase an iNexQ router appliance because i needed to pass PPTP,
and the (old) ipfw, etc., on my slackware box only handled TCP and UDP,
but i lacked the time/expertise to patch/reconfigure slackware.  the iNexQ
is now a backup to my m0n0.

> Anything else is at a higher osi layer protocol...

no, but to be fair it is a confusing issue.  for example, there were some
VPN packages (like checkpoint's secure remote?) which could encapsulate
IPv6 in UDP for servers behind a firewall that suffered the same
shortcomming as my slackware 7.1 box.  but even that didn't work for some
older firewalls that could handle only TCP.

> Anything that uses TCP by definition uses ACK's for packet flow control
> - regardless of whether the application protocol is http, ftp, smb or
> other...
> Does this help?

again, i never suggested otherwise.  to be clear, my original points were:

	- TCP uses ACKs
	- UDP is stateless and doesn't use ACKs at the protocol level
	- other protocols may or may not use ACKs (or a similar scheme)

does this help? :)