svn commit: r248243 - user/andre/tcp-ao/sys/netinet
Andre Oppermann
andre at FreeBSD.org
Wed Mar 13 15:05:12 UTC 2013
Author: andre
Date: Wed Mar 13 15:05:11 2013
New Revision: 248243
URL: http://svnweb.freebsd.org/changeset/base/248243
Log:
Add tcp_ao.c file to contain the implementation.
Describe tcp-ao and the steps to implement it.
Sponsored by: Juniper Networks
Added:
user/andre/tcp-ao/sys/netinet/tcp_ao.c
Added: user/andre/tcp-ao/sys/netinet/tcp_ao.c
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/andre/tcp-ao/sys/netinet/tcp_ao.c Wed Mar 13 15:05:11 2013 (r248243)
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 2013 Juniper Networks
+ * All rights reserved.
+ *
+ * Written by Andre Oppermann <andre at FreeBSD.org>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ */
+
+/*
+ * TCP-AO protects a TCP session and individual segments with a keyed hash
+ * mechanism. It is specified in RFC5925 and RFC5926. It is intended to
+ * eventually replace TCP-MD5 RFC2385.
+ *
+ * The implementation consists of 4 parts:
+ * 1. the hash implementation to sign and verify segments.
+ * 2. changes to the tcp input path to validate incoming segments,
+ * and changes to the tcp output path to sign outgoing segments.
+ * 3. key management in the kernel and the exposed userland API.
+ * 4. test programs to verify the correct operation.
+ *
+ * TODO:
+ * all of the above.
+ *
+ * Discussion:
+ * the key management can be done in two ways: via the ipsec key interface
+ * or through the setsockopt() api. Analyse which one is better to handle
+ * in the kernel and for userspace applications.
+ *
+ * legacy tcp-md5 can be brought and integrated into the tcp-ao framework.
+ */
+
More information about the svn-src-user
mailing list