Date: Fri, 21 Aug 2009 23:40:33 +0200 From: Ana Kukec <anchie@fer.hr> To: soc-status@freebsd.org Cc: "Bjoern A. Zeeb" <bz@freebsd.org> Subject: Final GSoC report for IPv6 Secure Neighbor Discovery project Message-ID: <4A8F1451.5030606@fer.hr>
next in thread | raw e-mail | index | archive | help
Hi, For Google Summer of Code I had been working on a native kernel API for IPv6 SEcure Neighbor Discovery (SEND). SEND is a way to secure the Neighbor Discovery protocol messages using public key based signatures, Cryptographically Generated Addresses for proving address ownership on individual nodes, and X.509 certificates for authorizing nodes to act as routers and to delegate certain prefixes. The BSD licensed SEND implementation from NTT DOCOMO USA Labs was changed from using netgraph and the Berkeley Packet Filter to a native FreeBSD interface based on routing sockets. If SEND is loaded, the kernel intercepts the respective incoming and outgoing ICMPv6 packets and sends them to user space for cryptographic processing (signing or validating the signatures) and if ok passes the back to the kernel for further normal processing or discards the packets. During last couple of weeks I was mostly testing, trying to get things to work. Most of the code was already written, but wrong handling of mbufs, especially when sending messages from kernel to the user space, took a few days to be tracked down. Now, most of the things are done and working: - successful exchange and validation of the Neighbor Solicitation, - successful exchange and validation of the Neighbor Advertisement, - successful exchange of the Neighbor Discovery Redirect message, - the processing of the incoming direction of Router Solicitations and Router Advertisements. I'll keep working on this project even now that GSoC has finished to get it to the point so that it can be integrated into the main FreeBSD src tree. Things that are next on the list: - the processing of the outgoing direction of Router Solicitations and Router Advertisements, - interoperability testing, - implementation of the ongoing work in IETF Cga & SeND maintainance WG. Also documentation was updated to reflect the latest state of workflow and APIs. You can find more information on my wiki page here: http://wiki.freebsd.org/SOC2009AnaKukec In case you have p4 access you can find the code here, http://p4web.freebsd.org/@md=d&cd=//&c=0hb@//depot/projects/soc2009/anchie_send/?ac=83 In case you don't feel free to mail me. I plan to post patches once outgoing RS/RA packets will fully work. Thanks to Google and the FreeBSD Project for making it possible that I could work on this. Ana
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A8F1451.5030606>