Links

• Read up on mdns/avahi/bonjour.
• GSSAPI – Generic Security Services Application Program Interface
• Sun Java System Web Proxy server (SJSWPS) – now known as Oracle iPlanet Web Proxy Server
• seven-layer OSI model
• three-way handshake
• UDP hole punching
• SYN flood
• TCP window scaling
• On Buffer Bloat
  • acm.org: Adaptive AQM algorithm publication
    • It explains the "standing queue" phenomena much better than many other sources.
  • Blog article on buffer bloat
• Prefer hostentry = getipnodebyname(name, AF_INET6, AI_DEFAULT, &error_num) to gethostbyname(name)
  • Handles both IPv4 and IPv6 addresses.
  • But you have to call freehostent(hostentry)
• ICE (Interactive Connectivity Establishment)
  • Standard methodology to overcome NAT restrictions
• Tools
  • IP to ASN Mapping - Cymru
  • http://www.submarinecablemap.com/ – shows transatlantic links.
  • apenwarr/sshuttle
• Virtual Ethernet Tunneling
• Classless in-addr.arpa. Delegation
• OpenBSD Manpages for some tools
  • sysctl
  • gif - generic tunnel interface
  • ifconfig
  • ipsecadm
  • bridge

Notes

• The latest Linux (v 2.6.8 and on) and Microsoft (Windows 7 and Windows Vista) operating systems use TCP window scaling for non-HTTP (web) connections. This behavior is incompatible with some firewalls that use SPI (Stateful Packet Inspection) as found in firewalls like the Check Point NG R55, Cisco PIX earlier than v6.3.1, NetApp Cache Appliances, SonicWall, D-Link DI-724U, Netgear WGR614, and Linksys WRT54GS.

Sysctl

• sysctl (OpenBSD manpage)

Some settings

net.inet.ip.forwarding=1        # 1=Permit forwarding (routing) of packets
net.inet.esp.enable=1           # 1=Enable the ESP IPSec protocol
net.inet.ah.enable=1            # 1=Enable the AH IPSec protocol