Practical Guidelines for TCP Implementers
What do I do? Where do I start? How do I test TCP/IP?
Software developers and implementers want guidelines and advisories for testing TCP/IP. Available and implemented in the 1970s and codified in the 1980s, updates and changes to the TCP/IP protocol continue up through the present day.
While many open source TCP/IP implementations are available via standard operating system distributions, some applications require changes and customization to TCP/IP. Hence, the requirement to track best practices and the current status of the protocol’s evolution. What has changed? A lot, really!
The two RFCs that form the basis for the TCP/IP protocol are:
RFC 1122 covers the communications protocol layers: link layer, IP layer, and transport layer.
RFC 1123 covers the applications layer and support protocols that work with TCP/IP.
But a great deal has changed in the 30 years since RFCs 1122 and 1123 were first published.
For example, both RFC 1122 and RFC 1123 discuss the “Robustness Principle”: "Be liberal in what you accept, and conservative in what you send.” This refers to incoming and outgoing packets from various nodes, hosts or applications to assure maximum interoperability. But this principle is now outdated and dangerous! The network security experts advise that one should be conservative in what one accepts to guard against malicious attacks formulated through variations in the protocol implementations.
In addition, most of the applications layer and support protocols enumerated in RFC 1123 are now obsolete for security reasons. RFC 1123 addresses requirements for telnet and ftp. But SSH has replaced telnet and Secure Shell File Transfer Protocol (SFTP), among others, replaced ftp.
TCP Roadmap
Fortunately, there’s a great roadmap for TCP specification documents contained in RFC 7414 and later RFC 7805.
RFC 7414 is an informational roadmap that captures, organizes, and summarizes most of the RFC documents for a TCP implementer.
RFC 7805 goes a step further and changes the status of the RFCs in the RFC database. The possible “states” are:
S - Standards Track (Proposed Standard, Draft Standard, or Internet Standard)
E - Experimental
I - Informational
H - Historic
B - Best Current Practice
U - Unknown (not formally defined)
What is RFC 7414 “A Roadmap for Transmission Control Protocol (TCP) Specification Documents”?
RFC 7414 is intended to help the software developer follow the right guidelines for properly implementing TCP by listing newer documents that replace, expand or enhance the original specifications.
While the software developer should study this document carefully, we include a few highlights below:
RFC 5681 defines TCP Congestion Control: slow start, congestion avoidance, fast retransmit, and fast recovery
RFC 6298 defines Computing TCP's Retransmission Timer
RFC 8200 the Internet Protocol, Version 6 (IPv6) Specification (July 2017) (Errata) – defines how TCP handles 128-bit IPv6 addresses, as well as many other issues
Finally, if you are customizing an existing TCP/IP implementation, it is best to determine the licensing requirements for the original work and your enhanced or modified work. Some of the more popular open source software licenses are listed below.
List of Open Source Software Licenses
Apache License 2.0
BSD 3-Clause “New” or “Revised” license
BSD 2-Clause “Simplified” or “FreeBSD” license
GNU General Public License (GPL) v3.0
GNU Library or “Lesser” General Public License (LGPL)
MIT license
Mozilla Public License 2.0
Common Development and Distribution License
Eclipse Public License
Creative Commons License
Click here for a tutorial highlighting the differences of these licenses.
How do I test my TCP/IP implementation?
IWL has an executive overview describing the big picture of Network Protocol Testing
More details on our TCP/IP test suite and the supported test cases.
Of course we are happy to support you in your journey to ensure you release a robust, secure, interoperable TCP/IP implementation.
TCP does its work silently, without extensive reporting and error message infrastructure, making it notoriously difficult to test with automated testing procedures. However, our solutions address these challenges. Contact us to learn how we can help you.