[Click] IPsec ESP support
Dimitris Syrivelis
jsyr at inf.uth.gr
Sat Jan 27 13:15:16 EST 2007
Eddie,
I will revise and extend the document and i will add it into the Wiki until
the end of this week. I think i should also update the README file that
belonged to the initial ESP implementation with things that have been done as
well as things that remain to be done and send you a copy to check it in CVS.
Best regards,
Dimitris
> Hi Dimitris!
>
> I've gone ahead and applied your patch and checked in this impressive
> collection of elements into mainline Click source.
>
> I did make a change or two. In particular, you had added a new type
> called cp_128_bit_key. I got rid of that, since Click already has a
> pretty effective way to specify keys; example:
>
> 18.26.8.0/24 18.26.4.1 1 234 \<ABCDEFFF001DEFD2354550FE40CD708E>
> \<112233EE556677888877665544332211> 300 64
>
> (note the \<HEX DIGITS>).
>
> I also cleaned up some things that were causing warnings.
>
> The Word document you sent doesn't exactly belong in the source,
> however. I wonder if you'd be interested in cutting and pasting it into
> the Wiki?
>
> Thanks again!
> Eddie
>
> Dimitris Syrivelis wrote:
> > Eddie,
> >
> > Thank you very much! Yes i think you can check this into the click
> > sources - we 've been using this implementation without problems so far
> > and it seems stable. Of course subtle bugs are always hard to find and i
> > can't rule them out :-).
> > We are still active on this and we are working towards performance
> > enchancements so iam open to discuss and perform changes that the click
> > community finds appropriate. I will keep you posted.
> >
> > Dimitris
> >
> >> Dimitris,
> >>
> >> This looks pretty interesting!! Would you like me to apply this and
> >> check it in to our sources? Thanks so much for sharing it!
> >>
> >> Eddie
> >>
> >> Dimitris Syrivelis wrote:
> >>> Hello,
> >>>
> >>> For the purposes of our research on network security, we have
> >>> revived (to a certain extend) IPsec ESP support for the click router.
> >>> We have changed the IP routing modules to use a Security Association
> >>> Database and we have added support for AES encryption, HMAC SHA1
> >>> authentication and Replay prevention.
> >>> Please find attached a tarball with a patch against the click-1.5.0
> >>> release along with short documentation and a click configuration file
> >>> that demonstrates our design choices. We have tested it on the linux
> >>> module version of click.
> >>> I would appreciate feedback and would be happy to discuss possible
> >>> changes on our approach. Finally I would like to thank you all very
> >>> much for making click publicly available.
> >>>
> >>> Best regards,
> >>>
> >>> Dimitris
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> -----------------------------------------------------------------------
> >>>-
> >>>
> >>> _______________________________________________
> >>> click mailing list
> >>> click at amsterdam.lcs.mit.edu
> >>> https://amsterdam.lcs.mit.edu/mailman/listinfo/click
> >
> > --
> >
> > Dimitris Syrivelis
> > Dept of Computer Engineering & Telecommunications ( www.inf.uth.gr )
> > University of Thessaly
> > Volos
> > Greece
> > Tel +302421074973
--
It is with narrow-souled people as with narrow necked bottles: the less they
have in them, the more noise they make in pouring it out.
--
Dimitris Syrivelis
Dept of Computer Engineering & Telecommunications ( www.inf.uth.gr )
University of Thessaly
Volos
Greece
Tel +302421074973
More information about the click
mailing list