[Click] IPsec ESP support

Eddie Kohler kohler at cs.ucla.edu
Fri Jan 26 21:44:35 EST 2007 

Hi Dimitris!

I've gone ahead and applied your patch and checked in this impressive 
collection of elements into mainline Click source.

I did make a change or two.  In particular, you had added a new type 
called cp_128_bit_key.  I got rid of that, since Click already has a 
pretty effective way to specify keys; example:

18.26.8.0/24 18.26.4.1 1 234 \<ABCDEFFF001DEFD2354550FE40CD708E> 
\<112233EE556677888877665544332211> 300 64

(note the \<HEX DIGITS>).

I also cleaned up some things that were causing warnings.

The Word document you sent doesn't exactly belong in the source, 
however.  I wonder if you'd be interested in cutting and pasting it into 
the Wiki?

Thanks again!
Eddie



Dimitris Syrivelis wrote:
> Eddie,
> 
>   Thank you very much! Yes i think you can check this into the click sources - 
> we 've been using this implementation without problems so far and it seems 
> stable. Of course subtle bugs are always hard to find and i can't rule them 
> out :-). 
>  We are still active on this and we are working towards performance 
> enchancements so iam open to discuss and perform changes that the click 
> community finds appropriate. I will keep you posted.
> 
>  Dimitris           
> 
> 
>> Dimitris,
>>
>> This looks pretty interesting!!  Would you like me to apply this and check
>> it in to our sources?  Thanks so much for sharing it!
>>
>> Eddie
>>
>> Dimitris Syrivelis wrote:
>>>   Hello,
>>>
>>>     For the purposes of our research on network security, we have revived
>>> (to a certain extend) IPsec ESP support for the click router.
>>>   We have changed the IP routing modules to use a Security Association
>>> Database and we have added support for AES encryption, HMAC SHA1
>>> authentication and Replay prevention.
>>>  Please find attached a tarball with a patch against the click-1.5.0
>>> release along with short documentation and a click configuration file
>>> that demonstrates our design choices. We have tested it on the linux
>>> module version of click.
>>>  I would appreciate feedback and would be happy to discuss possible
>>> changes on our approach. Finally I would like to thank you all very much
>>> for making click publicly available.
>>>
>>>   Best regards,
>>>
>>>       Dimitris
>>>
>>>
>>>
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> click mailing list
>>> click at amsterdam.lcs.mit.edu
>>> https://amsterdam.lcs.mit.edu/mailman/listinfo/click
> 
> --
> 
> Dimitris Syrivelis
> Dept of Computer Engineering & Telecommunications ( www.inf.uth.gr )
> University of Thessaly 
> Volos
> Greece
> Tel +302421074973

More information about the click mailing list