Re: [PATCH] TCP: add option for silent port knocking with integrity protection

[Alexander Holler <holler@ahsoftware.de>]

Am 20.08.2014 10:24, schrieb Hagen Paul Pfeifer:
> On 19 August 2014 21:36, Alexander Holler <holler@ahsoftware.de> wrote:
>
>> It doesn't have to work in every environment and it doesn't have to solve
>> all existing problems in the world. ;)
>>
>> But it enables people to protect a bit more against malicious people or
>> governments.
>>
>> And it is really very easy to use. It took me around half an hour to find
>> the places in openvpn and openssh where I had to add the setsockopt() call
>> and it can be used even easier with preloading libknockify.so.
>>
>> There can be found much more useless options in the kernel. At least I like
>> it and it fits my needs too.
>
> It's not about to add another "useless options", it's about changing
> the major transport protocol. You should probably join the IETF
> tcpm/tcpinc mailing list where TCP stealth is currently actively
> discussed. TCP stealth has problems and you can probably help to
> address them on a *technical level* if you like the mechanism.

As written above, it doesn't have to be perfect and it doesn't have to 
work in every environment.

And I didn't say it is useless. At least that was not my intention (I'm 
no native english speaker). In fact I find it very useful. Such useful 
that I would like it to be already  included in the kernel. It doesn't 
do any harm if disabled, besides a few more lines of (unused) source 
code. Thats why I've written my mail (to support inclusion).

For sure it could be better, but I'm already happy with the current 
imperfect solution which I can use now and not some perfect solution 
which might be available in some years.

Regards,

Alexander Holler