From owner-soc-status@FreeBSD.ORG Fri Aug 21 21:40:41 2009 Return-Path: Delivered-To: soc-status@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 17FB5106568C; Fri, 21 Aug 2009 21:40:41 +0000 (UTC) (envelope-from anchie@fer.hr) Received: from labs3.cc.fer.hr (labs3.cc.fer.hr [161.53.72.21]) by mx1.freebsd.org (Postfix) with ESMTP id 8A06E8FC1A; Fri, 21 Aug 2009 21:40:39 +0000 (UTC) Received: from sluga.fer.hr (sluga.cc.fer.hr [161.53.72.14]) by labs3.cc.fer.hr (8.13.8+Sun/8.12.10) with ESMTP id n7LLechJ011082; Fri, 21 Aug 2009 23:40:38 +0200 (CEST) Received: from vipnet34-85.mobile.carnet.hr ([193.198.85.34]) by sluga.fer.hr with Microsoft SMTPSVC(6.0.3790.3959); Fri, 21 Aug 2009 23:40:37 +0200 Message-ID: <4A8F1451.5030606@fer.hr> Date: Fri, 21 Aug 2009 23:40:33 +0200 From: Ana Kukec User-Agent: Thunderbird 2.0.0.22 (Macintosh/20090605) MIME-Version: 1.0 To: soc-status@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 21 Aug 2009 21:40:38.0246 (UTC) FILETIME=[05E89860:01CA22A8] Cc: "Bjoern A. Zeeb" Subject: Final GSoC report for IPv6 Secure Neighbor Discovery project X-BeenThere: soc-status@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Summer of Code Status Reports and Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Aug 2009 21:40:41 -0000 Hi, For Google Summer of Code I had been working on a native kernel API for IPv6 SEcure Neighbor Discovery (SEND). SEND is a way to secure the Neighbor Discovery protocol messages using public key based signatures, Cryptographically Generated Addresses for proving address ownership on individual nodes, and X.509 certificates for authorizing nodes to act as routers and to delegate certain prefixes. The BSD licensed SEND implementation from NTT DOCOMO USA Labs was changed from using netgraph and the Berkeley Packet Filter to a native FreeBSD interface based on routing sockets. If SEND is loaded, the kernel intercepts the respective incoming and outgoing ICMPv6 packets and sends them to user space for cryptographic processing (signing or validating the signatures) and if ok passes the back to the kernel for further normal processing or discards the packets. During last couple of weeks I was mostly testing, trying to get things to work. Most of the code was already written, but wrong handling of mbufs, especially when sending messages from kernel to the user space, took a few days to be tracked down. Now, most of the things are done and working: - successful exchange and validation of the Neighbor Solicitation, - successful exchange and validation of the Neighbor Advertisement, - successful exchange of the Neighbor Discovery Redirect message, - the processing of the incoming direction of Router Solicitations and Router Advertisements. I'll keep working on this project even now that GSoC has finished to get it to the point so that it can be integrated into the main FreeBSD src tree. Things that are next on the list: - the processing of the outgoing direction of Router Solicitations and Router Advertisements, - interoperability testing, - implementation of the ongoing work in IETF Cga & SeND maintainance WG. Also documentation was updated to reflect the latest state of workflow and APIs. You can find more information on my wiki page here: http://wiki.freebsd.org/SOC2009AnaKukec In case you have p4 access you can find the code here, http://p4web.freebsd.org/@md=d&cd=//&c=0hb@//depot/projects/soc2009/anchie_send/?ac=83 In case you don't feel free to mail me. I plan to post patches once outgoing RS/RA packets will fully work. Thanks to Google and the FreeBSD Project for making it possible that I could work on this. Ana