Date: Wed, 13 Mar 2013 15:05:11 +0000 (UTC) From: Andre Oppermann <andre@FreeBSD.org> To: src-committers@freebsd.org, svn-src-user@freebsd.org Subject: svn commit: r248243 - user/andre/tcp-ao/sys/netinet Message-ID: <201303131505.r2DF5BAF066257@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: andre Date: Wed Mar 13 15:05:11 2013 New Revision: 248243 URL: http://svnweb.freebsd.org/changeset/base/248243 Log: Add tcp_ao.c file to contain the implementation. Describe tcp-ao and the steps to implement it. Sponsored by: Juniper Networks Added: user/andre/tcp-ao/sys/netinet/tcp_ao.c Added: user/andre/tcp-ao/sys/netinet/tcp_ao.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/andre/tcp-ao/sys/netinet/tcp_ao.c Wed Mar 13 15:05:11 2013 (r248243) @@ -0,0 +1,52 @@ +/* + * Copyright (c) 2013 Juniper Networks + * All rights reserved. + * + * Written by Andre Oppermann <andre@FreeBSD.org> + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + */ + +/* + * TCP-AO protects a TCP session and individual segments with a keyed hash + * mechanism. It is specified in RFC5925 and RFC5926. It is intended to + * eventually replace TCP-MD5 RFC2385. + * + * The implementation consists of 4 parts: + * 1. the hash implementation to sign and verify segments. + * 2. changes to the tcp input path to validate incoming segments, + * and changes to the tcp output path to sign outgoing segments. + * 3. key management in the kernel and the exposed userland API. + * 4. test programs to verify the correct operation. + * + * TODO: + * all of the above. + * + * Discussion: + * the key management can be done in two ways: via the ipsec key interface + * or through the setsockopt() api. Analyse which one is better to handle + * in the kernel and for userspace applications. + * + * legacy tcp-md5 can be brought and integrated into the tcp-ao framework. + */ +
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201303131505.r2DF5BAF066257>