[Click] IPsec ESP support
Eddie Kohler
kohler at cs.ucla.edu
Fri Jan 26 21:44:35 EST 2007
Hi Dimitris!
I've gone ahead and applied your patch and checked in this impressive
collection of elements into mainline Click source.
I did make a change or two. In particular, you had added a new type
called cp_128_bit_key. I got rid of that, since Click already has a
pretty effective way to specify keys; example:
18.26.8.0/24 18.26.4.1 1 234 \<ABCDEFFF001DEFD2354550FE40CD708E>
\<112233EE556677888877665544332211> 300 64
(note the \<HEX DIGITS>).
I also cleaned up some things that were causing warnings.
The Word document you sent doesn't exactly belong in the source,
however. I wonder if you'd be interested in cutting and pasting it into
the Wiki?
Thanks again!
Eddie
Dimitris Syrivelis wrote:
> Eddie,
>
> Thank you very much! Yes i think you can check this into the click sources -
> we 've been using this implementation without problems so far and it seems
> stable. Of course subtle bugs are always hard to find and i can't rule them
> out :-).
> We are still active on this and we are working towards performance
> enchancements so iam open to discuss and perform changes that the click
> community finds appropriate. I will keep you posted.
>
> Dimitris
>
>
>> Dimitris,
>>
>> This looks pretty interesting!! Would you like me to apply this and check
>> it in to our sources? Thanks so much for sharing it!
>>
>> Eddie
>>
>> Dimitris Syrivelis wrote:
>>> Hello,
>>>
>>> For the purposes of our research on network security, we have revived
>>> (to a certain extend) IPsec ESP support for the click router.
>>> We have changed the IP routing modules to use a Security Association
>>> Database and we have added support for AES encryption, HMAC SHA1
>>> authentication and Replay prevention.
>>> Please find attached a tarball with a patch against the click-1.5.0
>>> release along with short documentation and a click configuration file
>>> that demonstrates our design choices. We have tested it on the linux
>>> module version of click.
>>> I would appreciate feedback and would be happy to discuss possible
>>> changes on our approach. Finally I would like to thank you all very much
>>> for making click publicly available.
>>>
>>> Best regards,
>>>
>>> Dimitris
>>>
>>>
>>>
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> click mailing list
>>> click at amsterdam.lcs.mit.edu
>>> https://amsterdam.lcs.mit.edu/mailman/listinfo/click
>
> --
>
> Dimitris Syrivelis
> Dept of Computer Engineering & Telecommunications ( www.inf.uth.gr )
> University of Thessaly
> Volos
> Greece
> Tel +302421074973
More information about the click
mailing list