Reliable Datagram Sockets

Last updated
Reliable Datagram Sockets
Communication protocol
AbbreviationRDS
Developer(s) Oracle Corporation
IntroductionJune 9, 2009;15 years ago (2009-06-09)
OSI layer Transport layer
Port(s) 16385 (RDS-over-TCP)

Reliable Datagram Sockets (RDS) is a high-performance, low-latency, reliable, connectionless protocol for delivering datagrams. It is developed by Oracle Corporation.

Contents

It was included in the Linux kernel 2.6.30 which was released on 9 June 2009. The code was contributed by the OpenFabrics Alliance (OFA). [1]

On October 19, 2010, VSR announced CVE - 2010-3904, a vulnerability within the Linux 2.6.30 kernel which could result in a local privilege escalation via the kernel's implementation of RDS. [2] This was subsequently fixed in Linux 2.6.36. [3]

On May 8, 2019, CVE - 2019-11815 was published, regarding a race condition in the Linux RDS implementation that could lead to a use-after-free bug and possible arbitrary code execution. [4] The bug has been fixed in Linux 5.0.8.

RDS Header
Size (bits)NameDescription
be64h_sequenceSequence number
be64h_ackSequence number of last received message
be32h_lenLength of the message payload
be16h_sportPort on source node
be16h_dportPort on destination node
8h_flagsDescribed below
8h_creditCredits given (used for credit-based flow control)
32h_paddingPadding for 64-bit struct alignment
16h_csum1's complement header checksum
128h_exthdrOptional extension header space
RDS Header
Offset Octet 0123
Octet Bit 012345678910111213141516171819202122232425262728293031
00h_sequence
432
864h_ack
1296
16128h_len
20160h_sporth_dport
24192h_flagsh_credith_padding…
26208…h_paddingh_csum
32256h_exthdr
36288
40320
44352
Sequence (h_sequence): 64 bits:The sequence number.
Acknowledge (h_ack): 64 bits:The sequence number of last received message.
Length (h_len): 32 bits:The length of the message payload.
Source Port (h_sport): 16 bits:Identifies the sending port.
Destination Port (h_dport): 16 bits:Identifies the receiving port.
Flags (h_flags): 8 bits:Described below.
Credits (h_credit): 8 bits:Credits given (used for credit-based flow control).
Padding (h_padding): 32 bits:Padding for 64-bit struct alignment.
Checksum (h_csum): 16 bits:1's complement header checksum.
Extension Header (h_exthdr): 128 bits:Optional extension header space.

See also

Related Research Articles

The Internet Control Message Protocol (ICMP) is a supporting protocol in the Internet protocol suite. It is used by network devices, including routers, to send error messages and operational information indicating success or failure when communicating with another IP address. For example, an error is indicated when a requested service is not available or that a host or router could not be reached. ICMP differs from transport protocols such as TCP and UDP in that it is not typically used to exchange data between systems, nor is it regularly employed by end-user network applications.

The Real-time Transport Protocol (RTP) is a network protocol for delivering audio and video over IP networks. RTP is used in communication and entertainment systems that involve streaming media, such as telephony, video teleconference applications including WebRTC, television services and web-based push-to-talk features.

The Transmission Control Protocol (TCP) is one of the main protocols of the Internet protocol suite. It originated in the initial network implementation in which it complemented the Internet Protocol (IP). Therefore, the entire suite is commonly referred to as TCP/IP. TCP provides reliable, ordered, and error-checked delivery of a stream of octets (bytes) between applications running on hosts communicating via an IP network. Major internet applications such as the World Wide Web, email, remote administration, and file transfer rely on TCP, which is part of the Transport layer of the TCP/IP suite. SSL/TLS often runs on top of TCP.

In computer networking, the User Datagram Protocol (UDP) is one of the core communication protocols of the Internet protocol suite used to send messages to other hosts on an Internet Protocol (IP) network. Within an IP network, UDP does not require prior communication to set up communication channels or data paths.

In computing, Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in virtual private networks (VPNs).

The Serial Line Internet Protocol (SLIP) is an encapsulation of the Internet Protocol designed to work over serial ports and router connections. It is documented in RFC 1055. On personal computers, SLIP has largely been replaced by the Point-to-Point Protocol (PPP), which is better engineered, has more features, and does not require its IP address configuration to be set before it is established. On microcontrollers, however, SLIP is still the preferred way of encapsulating IP packets, due to its very small overhead.

<span class="mw-page-title-main">Transport layer</span> Layer in the OSI and TCP/IP models providing host-to-host communication services for applications

In computer networking, the transport layer is a conceptual division of methods in the layered architecture of protocols in the network stack in the Internet protocol suite and the OSI model. The protocols of this layer provide end-to-end communication services for applications. It provides services such as connection-oriented communication, reliability, flow control, and multiplexing.

Cisco PIX was a popular IP firewall and network address translation (NAT) appliance. It was one of the first products in this market segment.

In computer networking, the Datagram Congestion Control Protocol (DCCP) is a message-oriented transport layer protocol. DCCP implements reliable connection setup, teardown, Explicit Congestion Notification (ECN), congestion control, and feature negotiation. The IETF published DCCP as RFC 4340, a proposed standard, in March 2006. RFC 4336 provides an introduction.

In computer security, arbitrary code execution (ACE) is an attacker's ability to run any commands or code of the attacker's choice on a target machine or in a target process. An arbitrary code execution vulnerability is a security flaw in software or hardware allowing arbitrary code execution. A program that is designed to exploit such a vulnerability is called an arbitrary code execution exploit. The ability to trigger arbitrary code execution over a network is often referred to as remote code execution.

The Internet Link protocol or IL is a connection-based transport-layer protocol designed at Bell Labs originally as part of the Plan 9 operating system and is used to carry 9P. It is assigned the Internet Protocol number of 40. It is similar to TCP but much simpler.

A network socket is a software structure within a network node of a computer network that serves as an endpoint for sending and receiving data across the network. The structure and properties of a socket are defined by an application programming interface (API) for the networking architecture. Sockets are created only during the lifetime of a process of an application running in the node.

<span class="mw-page-title-main">Oracle Linux</span> Linux distribution by Oracle

Oracle Linux is a Linux distribution packaged and freely distributed by Oracle, available partially under the GNU General Public License since late 2006. It is compiled from Red Hat Enterprise Linux (RHEL) source code, replacing Red Hat branding with Oracle's. It is also used by Oracle Cloud and Oracle Engineered Systems such as Oracle Exadata and others.

UDP-Lite is a connectionless protocol that allows a potentially damaged data payload to be delivered to an application rather than being discarded by the receiving station. This is useful as it allows decisions about the integrity of the data to be made in the application layer, where the significance of the bits is understood. UDP-Lite is described in RFC 3828.

<span class="mw-page-title-main">KWallet</span> Password manager

KDE Wallet Manager (KWallet) is free and open-source password management software written in C++ for UNIX-style operating systems. KDE Wallet Manager runs on a Linux-based OS and Its main feature is storing encrypted passwords in KDE Wallets. The main feature of KDE wallet manager (KWallet) is to collect user's credentials such as passwords or IDs and encrypt them through Blowfish symmetric block cipher algorithm or GNU Privacy Guard encryption.

The Stream Control Transmission Protocol (SCTP) is a computer networking communications protocol in the transport layer of the Internet protocol suite. Originally intended for Signaling System 7 (SS7) message transport in telecommunication, the protocol provides the message-oriented feature of the User Datagram Protocol (UDP), while ensuring reliable, in-sequence transport of messages with congestion control like the Transmission Control Protocol (TCP). Unlike UDP and TCP, the protocol supports multihoming and redundant paths to increase resilience and reliability.

In computer networking, Cisco ASA 5500 Series Adaptive Security Appliances, or simply Cisco ASA, is Cisco's line of network security devices introduced in May 2005. It succeeded three existing lines of Cisco products:

POODLE is a security vulnerability which takes advantage of the fallback to SSL 3.0. If attackers successfully exploit this vulnerability, on average, they only need to make 256 SSL 3.0 requests to reveal one byte of encrypted messages. Bodo Möller, Thai Duong and Krzysztof Kotowicz from the Google Security Team discovered this vulnerability; they disclosed the vulnerability publicly on October 14, 2014. On December 8, 2014, a variation of the POODLE vulnerability that affected TLS was announced.

<span class="mw-page-title-main">DROWN attack</span> Security bug

The DROWN attack is a cross-protocol security bug that attacks servers supporting modern SSLv3/TLS protocol suites by using their support for the obsolete, insecure, SSL v2 protocol to leverage an attack on connections using up-to-date protocols that would otherwise be secure. DROWN can affect all types of servers that offer services encrypted with SSLv3/TLS yet still support SSLv2, provided they share the same public key credentials between the two protocols. Additionally, if the same public key certificate is used on a different server that supports SSLv2, the TLS server is also vulnerable due to the SSLv2 server leaking key information that can be used against the TLS server.

BlueBorne is a type of security vulnerability with Bluetooth implementations in Android, iOS, Linux and Windows. It affects many electronic devices such as laptops, smart cars, smartphones and wearable gadgets. One example is CVE-2017-14315. The vulnerabilities were first reported by Armis, the asset intelligence cybersecurity company, on 12 September 2017. According to Armis, "The BlueBorne attack vector can potentially affect all devices with Bluetooth capabilities, estimated at over 8.2 billion devices today [2017]."

References

  1. "Linux 2 6 30 - Linux Kernel Newbies". Kernelnewbies.org. 2009-06-12. Retrieved 2015-10-11.
  2. "VSR Security Advisory : Product Description". Vsecurity.com. Retrieved 2015-10-11.
  3. "CVE-2010-3904". NIST National Vulnerability Database . Retrieved 2020-12-27.
  4. "NVD - CVE-2019-11815". nvd.nist.gov. Retrieved 2019-05-14.


Crystal Clear app network.png

This computer networking article is a stub. You can help Wikipedia by expanding it.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.