Re: [RFC] wrr (weighted round-robin) bonding

[Dawid Ciezarkiewicz]

On Thursday, 19 October 2006 21:04, Andy Gospodarek wrote:
 It would seem to me that extending an existing mode would be more
 desirable than adding yet another mode to worry about.  I don't even
 like the fact that there are as many as there are, but I understand why
 they are there.  

Ack. I will probably update wrr bonding patch to replace rr mode.

 I recently extended rr mode to allow an additional parameter called that
 rr_repeat that would allow someone to send more than a single frame out
 of each device before moving to the next one.  It seemed this could be
 helpful when dealing with switches that constantly re-learned source MAC
 addresses.  Network performance would suffer whenever rr_repeat was 1,
 but box performance might be better if there weren't so many locks
 taken.

Thanks. I'll consider adding such functionality.
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [RFC] Ethernet Cheap Cryptography

[Dawid Ciezarkiewicz]

On Thursday, 19 October 2006 05:57, Stephen J. Bevan wrote:
 And if the packets come out of order i.e. you get a packet with a new
 key followed by a packet with the old key?

As IV from invalid frames are saved ccrypt will synchronize anyway, but I was 
wrong in one aspect - in current implementation each reorder will cost two 
frames, not one. This could be possibly reduced to only one, but I must find 
a time to investigate that more.


 If the keying is done manually an attacker won't know when the keys
 are changed.  However, if keying is coordinated over the same link via
 a protocol (as is done with IKE for IPsec) then the attacker can see
 (or at least guess) the packets carrying the keying protcol thus know
 re-keying is going to occur.

Simple random delay should do the trick.

 
 For completness there are also switches that :-
 
 * take notice of the TOS/DiffServ bits in an IP header and will
   re-order based on them 

Looks like a good reason to change frame type field so it does not look like 
IP packet.


 * will re-order frames due to redundancy, load-balancing,
   spanning-tree changes ... etc.

In summary - using ccrypt with switches may lead to problems.

-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [RFC] wrr (weighted round-robin) bonding

[Dawid Ciezarkiewicz]

On Friday, 20 October 2006 21:53, Jay Vosburgh wrote:
 Dawid Ciezarkiewicz [EMAIL PROTECTED] wrote:
 
 On Thursday, 19 October 2006 21:04, Andy Gospodarek wrote:
  It would seem to me that extending an existing mode would be more
  desirable than adding yet another mode to worry about.  I don't even
  like the fact that there are as many as there are, but I understand why
  they are there.  
 
 Ack. I will probably update wrr bonding patch to replace rr mode.
 
   Also, if acceptance into the mainline is your ultimate goal, the
 ioctl control interface will be a very difficult sell.  You'd want to
 look into some other control mechanism, most likely an additional sysfs
 entry.

Oh. I'm quite puzzled here. What is current policy? I'd like sysfs interfaces 
better than ioctl - they are much cleaner etc. - but I thought ioctl will be 
better here because current bonding control uses ioctl and extending it is 
much simpler.

More generally: should I use sysfs always when adding anything to kernel and 
use it even when extending older functionality?

If wrr bonding have chances for inclusion into mainline I'll do any necessary 
changes to let it meet requirements. I'd like to know if functionality from 
Andy's patch is desired to be a part of such round-robin bonding extension. I 
think I could easily integrate it with wrr.
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [RFC] Ethernet Cheap Cryptography

[Dawid Ciezarkiewicz]

On Wednesday, 18 October 2006 05:21, you wrote:
 Dawid Ciezarkiewicz writes:
I'd be thankful for your opinions about that idea. Please forgive me any
   nuances that I didn't know about.
 
 * I suggest extending the documentation with some motivating examples
   of why someone would want to use this rather than IPsec for IP
   and/or in what scenarios you'd envisage someone wanting to encrypt
   ARP, PPPoE, ... etc.  Perhaps, you can somehow mesh it with 802.1x
   to provide link-level encryption to augment 802.1x link-level
   authentication?

You're right. I'll add such documentation. For now - short version: as a 
company dealing with wifi regularly we often come to a problem - using wifi 
bridges with strengths like price, CE included, easy integration, good 
bandwidth, distance etc. - that those devices regularly have max eth mtu 
1500, not much cpu power and are often so feature-less that there are many 
problems with good traffic security. It enforces to use upper level 
encryption with internal fragmentation which is problem because of more more 
frames that those bridges have to handle, bigger traffic etc.

We think that solution like ccrypt will be far more secure and simple - and 
allows to maximize bandwidth and packet per second rate.

 * Your implementation allows the key to be changed but not in a way
   that allows both sides to do so without disrupting traffic i.e. you
   don't have something akin to IKE phase2 re-keying.  Without that
   then if someone can sniff the traffic long enough they are going to
   get a big sample of data to try and crack the keys with.

Well - ccrypt allows to change keys without disrupting traffic. It works like 
this: first new ccrypt_rx alg:key pair is added. After that ccrypt_rx will 
still use old alg:key, but all unmatched frames will be challenged against 
new one too. Then as soon as possible ccrypt_tx should have that new alg:key 
pair added. When ccrypt_rx gets new frame sent by new alg:key it will not 
match old alg:key, but will match new one. Receiver will switch then and from 
now on it will use only new pair.

This allows key switching without loosing any frames. It should be done 
quickly, since when in key transition state all invalid/spoofed frames have 
double cpu impact on receiver. Shouldn't be a problem because attacker should 
have no clue about when key is being switched.

As device ccrypt_rx and tx are independent traffic encryption can use 
independent keys in both traffic directions. And because they use pairs of 
alg:key, in each change: algorithm, key and key length can be changed at 
once. AFAIK attacker have no way to tell where such change occurs nor what 
are parameters of current alg:key.

The idea is to change keys regularly on both sides with userspace tools - like 
ssh on separate vlan, or even simpler static key rotation algorithms or 
something like it. This should allow secure alg:key switching with about any 
frequency.

I hope this will make cracking keys hard enough for attacker that it will not 
even try. Integrity security is more difficult (and possibly weaker) part of 
ccrypt.

 * You write frames will be delivered in order, so on the other side
   IV can be always in sync.  If any switches between the two linux
   boxes are running any kind of link aggregation then you can't
   guarantee that the frames will be delivered in order.  IEEE 802.3ad
   requires that packets belonging to the same session travel down the
   same port to avoid re-ordering but implementations vary as to
   whether they actually guarantee it or not since most higher level
   protcols can survive some re-ordering.

I was not aware of that. Thanks. I will add this info to documentation. There 
is nothing actually I can do about that in the form that ccrypt is mean to be 
now.

 * Given your desire not to change the size of the payload you have no
   space for MAC.  This makes it easier (but by no means easy) to alter
   the payload in such a way that it is still decrypted and considered
   valid.

Could you explain it more? I don't understand. You mean MAC as ... ?

 * For the same reason as above you don't have a sequence number.  This
   combined with the lack of MAC weakens the defense against replay
   attacks i.e. where third party captures a packet and then re-sends
   it at a later time.  The fact that IVs must be in sync for the
   packet to be accepted makes it harder for an attacker but since they
   know how the IV is calculated they know what message to look for
   before replaying a packet.

Maybe because of previous one I don't clearly understand the mechanisms. 
Please - if you could explain it more - that knowledge would be very useful, 
and I could put it into the docs too.

 * A variation of the above is that the attacker doesn't care about
   injecting packets per se, rather they use the above to cause packet
   loss by causing the receiver to update its IV based on a replayed
   packet thereby causing the next real

Re: [RFC] Ethernet Cheap Cryptography

[Dawid Ciezarkiewicz]

On Wednesday, 18 October 2006 05:25, David Miller wrote:
 From: [EMAIL PROTECTED] (Stephen J. Bevan)
 Date: Tue, 17 Oct 2006 20:21:46 -0700
 
  * You write frames will be delivered in order, so on the other side
IV can be always in sync.
 
 In fact, in addition to your comments, Linux can reorder packets
 locally within the system even within traffic for the same link.

 Any technology which absolutely requires in order packet delivery
 isn't going to work very well.

I've tried to put ccrypt handlers as close to hardware xmit and recv as 
possible so local reorder doesn't matter. Medium doesn't reorder frames and 
switches, bridges shouldn't do that neither (but as Stephen J. Bevan said 
this may not be always true).
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [RFC] Ethernet Cheap Cryptography

[Dawid Ciezarkiewicz]

On Wednesday, 18 October 2006 12:16, David Miller wrote:
 From: Dawid Ciezarkiewicz [EMAIL PROTECTED]
 Date: Wed, 18 Oct 2006 11:51:46 +0200
 
  I've tried to put ccrypt handlers as close to hardware xmit and recv as 
  possible so local reorder doesn't matter. Medium doesn't reorder frames 
and 
  switches, bridges shouldn't do that neither (but as Stephen J. Bevan said 
  this may not be always true).
 
 You can put it all the way in netif_receive_skb() and you still
 can see reordering of receive packets on an SMP system.

Thanks for pointing that out. As every frame reorder will cost only one real 
frame to by lost I need to investigate this issue and get more real testing 
in such environments.
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [RFC] Ethernet Cheap Cryptography

[Dawid Ciezarkiewicz]

On Wednesday, 18 October 2006 11:15, Dawid Ciezarkiewicz wrote:

  * Given your desire not to change the size of the payload you have no
space for MAC.  This makes it easier (but by no means easy) to alter
the payload in such a way that it is still decrypted and considered
valid.
 
 Could you explain it more? I don't understand. You mean MAC as ... ?

Oh. Sorry. You mean message authentication code. Well - ccrypt have to live 
without it. From the start I knew that integrity will be the weakest point of 
ccrypt.
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [RFC] wrr (weighted round-robin) bonding

[Dawid Ciezarkiewicz]

On Monday, 16 October 2006 23:30, Andy Gospodarek wrote:
 On Mon, Oct 16, 2006 at 09:07:57PM +0200, Dawid Ciezarkiewicz wrote:
   
 Before getting into the technical bits of the patch, what's the
   reason for wanting to do this, and why is this rather complex manual
   weight assignment better than an automatic system based on, e.g., link
   speed of the slaves?
  
  In short:
  It was designed as a solution for wireless links bonding - where link 
quality 
  can change rather quickly in time. By using wrr bonding, userspace tools 
can 
  measure current bandwidth and change bonding slave weights in realtime.
 
 Since this is so similar to mode 0, it would seem there would be a way
 to extend it rather than creating yet another mode that is so similar.
 What would be the reason not to enhance that mode?

In fact - as default weight is being set to 1, without changing it wrr bonding 
mode works like plain round-robin one. But it have little more overhead 
(recharging tokens), and code is a bit more complicated. I was not sure if 
some tools could assume that in mode 0 all interfaces work with same weights 
and because of that behave strange with this patch in use. 

It was written as a solution for some problem, and I'm still not sure if such 
change will always be patch to linux kernel or may some day go into mainline. 
For compatibility I've decided to have those modes separated.

Because of that I haven't replaced mode 0. If this patch will be considered 
useful, and my concerns are not a problem - I'd like to replace 0 mode if 
possible.
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[RFC] wrr (weighted round-robin) bonding

[Dawid Ciezarkiewicz]

This patch is little thinner then the previous one.

-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [RFC] wrr (weighted round-robin) bonding

[Dawid Ciezarkiewicz]

On Monday, 16 October 2006 20:21, Dawid Ciezarkiewicz wrote:
 This patch is little thinner then the previous one.

I'm sorry for that. I've just ... nevermind. Here goes the patch.

Should I post patch for ifenslave here, too?



diff -Nur linux-2.6.17.orig/Documentation/networking/bonding.txt 
linux-2.6.17/Documentation/networking/bonding.txt
--- linux-2.6.17.orig/Documentation/networking/bonding.txt  2006-06-18 
03:49:35.0 +0200
+++ linux-2.6.17/Documentation/networking/bonding.txt   2006-07-28 
15:47:55.0 +0200
@@ -398,6 +398,19 @@
swapped with the new curr_active_slave that was
chosen.
 
+   weighted-rr or 7
+
+   Weighted round-robin bonding. In this mode bonding
+   interface will use weights assigned to it's slaves.
+
+   Each slave can have weight assigned via ioctl (ifenslave).
+   These values will be used at the start of each cycle.
+   Each slave will have token counter restored to it's weight.
+   Then using round-robin mechanism those tokens are used
+   to pay for emitted frames. When all token counters are
+   zeroed - new cycle begins.
+   
+
 primary
 
A string (eth0, eth2, etc) specifying which slave is the
diff -Nur linux-2.6.17.orig/drivers/net/bonding/bond_main.c 
linux-2.6.17/drivers/net/bonding/bond_main.c
--- linux-2.6.17.orig/drivers/net/bonding/bond_main.c   2006-06-18 
03:49:35.0 +0200
+++ linux-2.6.17/drivers/net/bonding/bond_main.c2006-07-28 
15:31:44.0 +0200
@@ -115,7 +115,7 @@
 MODULE_PARM_DESC(mode, Mode of operation : 0 for balance-rr, 
   1 for active-backup, 2 for balance-xor, 
   3 for broadcast, 4 for 802.3ad, 5 for balance-tlb, 
-  6 for balance-alb);
+  6 for balance-alb, 7 for weighted-rr);
 module_param(primary, charp, 0);
 MODULE_PARM_DESC(primary, Primary network device to use);
 module_param(lacp_rate, charp, 0);
@@ -162,6 +162,7 @@
 {  802.3ad,  BOND_MODE_8023AD},
 {  balance-tlb,  BOND_MODE_TLB},
 {  balance-alb,  BOND_MODE_ALB},
+{  weighted-rr,  BOND_MODE_WEIGHTED_RR},
 {  NULL,   -1},
 };
 
@@ -194,6 +195,8 @@
return transmit load balancing;
case BOND_MODE_ALB:
return adaptive load balancing;
+   case BOND_MODE_WEIGHTED_RR:
+   return weighted round robin (weighted-rr);
default:
return unknown;
}
@@ -1198,6 +1201,24 @@
return 0;
 }
 
+int bond_set_weight(struct net_device *bond_dev, struct net_device *slave_dev,
+   u16 weight)
+{
+   struct slave* slave;
+   slave = bond_get_slave_by_dev(bond_dev-priv, slave_dev);
+   if (!slave) {
+   return -EINVAL;
+   }
+
+   slave-weight = weight;
+
+   if (weight) {
+   slave-link = BOND_LINK_UP;
+   slave-state = BOND_STATE_ACTIVE;
+   }
+   return 0;
+}
+
 #define BOND_INTERSECT_FEATURES \
(NETIF_F_SG|NETIF_F_IP_CSUM|NETIF_F_NO_CSUM|NETIF_F_HW_CSUM|\
NETIF_F_TSO|NETIF_F_UFO)
@@ -1336,6 +1352,9 @@
 */
new_slave-original_flags = slave_dev-flags;
 
+   /* slave default weight = 1 */
+   new_slave-weight = 1;
+
/*
 * Save slave's original (permanent) mac address for modes
 * that need it, and for restoring it upon release, and then
@@ -3601,7 +3620,10 @@
}
 
down_write((bonding_rwsem));
-   slave_dev = dev_get_by_name(ifr-ifr_slave);
+   if (cmd != SIOCBONDSETWEIGHT)
+   slave_dev = dev_get_by_name(ifr-ifr_slave);
+   else
+   slave_dev = dev_get_by_name(ifr-ifr_weight_slave);
 
dprintk(slave_dev=%p: \n, slave_dev);
 
@@ -3626,6 +3648,9 @@
case SIOCBONDCHANGEACTIVE:
res = bond_ioctl_change_active(bond_dev, slave_dev);
break;
+   case SIOCBONDSETWEIGHT:
+   res = bond_set_weight(bond_dev, slave_dev, 
ifr-ifr_weight_weight);
+   break;
default:
res = -EOPNOTSUPP;
}
@@ -3881,6 +3906,67 @@
return 0;
 }
 
+static int bond_xmit_weighted_rr(struct sk_buff *skb, struct net_device 
*bond_dev)
+{
+   struct bonding *bond = bond_dev-priv;
+   struct slave *slave, *start_at;
+   int i;
+   int res = 1;
+   int were_weight_tokens_recharged = 0;
+
+   read_lock(bond-lock);
+
+   if (!BOND_IS_OK(bond)) {
+   goto out;
+   }
+
+   read_lock(bond-curr_slave_lock);
+   slave = start_at = bond-curr_active_slave;
+   read_unlock(bond-curr_slave_lock);
+
+   if (!slave) {
+   goto out;
+   }
+
+try_send:
+   bond_for_each_slave_from(bond, slave, i

Re: [RFC] wrr (weighted round-robin) bonding

[Dawid Ciezarkiewicz]

On Monday, 16 October 2006 20:50, you wrote:
 
 Dawid Ciezarkiewicz [EMAIL PROTECTED] wrote:
 [...]
 +weighted-rr or 7
 +
 +Weighted round-robin bonding. In this mode bonding
 +interface will use weights assigned to it's slaves.
 +
 +Each slave can have weight assigned via ioctl (ifenslave).
 +These values will be used at the start of each cycle.
 +Each slave will have token counter restored to it's weight.
 +Then using round-robin mechanism those tokens are used
 +to pay for emitted frames. When all token counters are
 +zeroed - new cycle begins.
 
   Before getting into the technical bits of the patch, what's the
 reason for wanting to do this, and why is this rather complex manual
 weight assignment better than an automatic system based on, e.g., link
 speed of the slaves?

In short:
It was designed as a solution for wireless links bonding - where link quality 
can change rather quickly in time. By using wrr bonding, userspace tools can 
measure current bandwidth and change bonding slave weights in realtime.

It was written for Lintrack, and you can read about it's usage here:
http://lintrack.org/index.php/about/advantage
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[RFC] Ethernet Cheap Cryptography

[Dawid Ciezarkiewicz]

 Foremski [EMAIL PROTECTED].
+Implementation details and implementation itself was written by
+Dawid Ciezarkiewicz [EMAIL PROTECTED]. Both working in ASN team.
+
+Ccrypt was written as a part of the Lintrack project.
+http://lintrack.org
diff --git a/include/linux/ccrypt.h b/include/linux/ccrypt.h
new file mode 100644
index 000..96f1ad6
--- /dev/null
+++ b/include/linux/ccrypt.h
@@ -0,0 +1,56 @@
+/* 
+ * Cheap crypt (ccrypt).
+ * (C) 2006 Dawid Ciezarkiewicz [EMAIL PROTECTED]
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#ifdef __KERNEL__
+#ifndef __CCRYPT_H__
+#define __CCRYPT_H__
+#ifdef CONFIG_NETDEV_CCRYPT
+
+#include linux/crypto.h
+
+struct ccrypt_rx
+{
+   /* tfms[0] - new key */
+   /* tfms[1] - old key */
+   struct crypto_tfm* tfms[2];
+
+   /* [key][0] = iv from last good received packet */
+   /* [key][1] = iv from last received packet */
+   u8* last_recv_iv[2][2];
+
+   /* are last_recv_iv[key][0] and [key][1] equal? */
+   u8 last_recv_iv_matched[2];
+
+   /* should receiver use reversed order of keys
+* until sender starts using new key? */
+   u8 after_switch;
+};
+
+
+struct ccrypt_tx
+{
+   struct crypto_tfm* tfm;
+   u8* last_sent_iv;
+};
+
+struct sk_buff;
+struct class_device;
+struct net_device;
+
+int ccrypt_encrypt(struct sk_buff **pskb);
+int ccrypt_decrypt(struct sk_buff **pskb);
+ssize_t ccrypt_rx_store(struct class_device *dev, const char *buf, size_t len);
+ssize_t ccrypt_tx_store(struct class_device *dev, const char *buf, size_t len);
+ssize_t ccrypt_rx_show(struct class_device *dev, char *buf);
+ssize_t ccrypt_tx_show(struct class_device *dev, char *buf);
+void ccrypt_tx_reset(struct net_device* dev);
+void ccrypt_rx_reset(struct net_device* dev);
+#endif /* CONFIG_NETDEV_CCRYPT */
+#endif /* __CCRYPT_H__ */
+#endif /* __KERNEL__ */
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
index 50a4719..30daed3 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -38,6 +38,11 @@ #include linux/device.h
 #include linux/percpu.h
 #include linux/dmaengine.h
 
+#ifdef CONFIG_NETDEV_CCRYPT
+struct ccrypt_rx;
+struct ccrypt_tx;
+#endif /* CONFIG_NETDEV_CCRYPT */
+
 struct divert_blk;
 struct vlan_group;
 struct ethtool_ops;
@@ -521,6 +526,14 @@ #ifdef CONFIG_NET_DIVERT
struct divert_blk   *divert;
 #endif /* CONFIG_NET_DIVERT */
 
+#ifdef CONFIG_NETDEV_CCRYPT
+   /* 0 means - don't use */
+   struct ccrypt_rx* ccrypt_rx;
+   spinlock_t ccrypt_rx_lock;
+   struct ccrypt_tx* ccrypt_tx;
+   spinlock_t ccrypt_tx_lock;
+#endif /* CONFIG_NETDEV_CCRYPT */
+
/* class/net/name entry */
struct class_device class_dev;
/* space for optional statistics and wireless sysfs groups */
diff --git a/net/Kconfig b/net/Kconfig
index 4959a4e..ccf6cd8 100644
--- a/net/Kconfig
+++ b/net/Kconfig
@@ -73,6 +73,16 @@ config NETWORK_SECMARK
  to nfmark, but designated for security purposes.
  If you are unsure how to answer this question, answer N.
 
+config NETDEV_CCRYPT
+   bool Ethernet Cheap Crypt
+   depends on CRYPTO
+   help
+ This enables cheap cryptography in layer2. For more info read
+ Documentation/networking/ccrypt.txt . This is experimental
+ functionality and should be used with care.
+
+ If you are unsure how to answer this question, answer N.
+
 menuconfig NETFILTER
bool Network packet filtering (replaces ipchains)
---help---
diff --git a/net/core/Makefile b/net/core/Makefile
index 2645ba4..1c05def 100644
--- a/net/core/Makefile
+++ b/net/core/Makefile
@@ -12,6 +12,7 @@ obj-y  += dev.o ethtool.o dev_mcast
 
 obj-$(CONFIG_XFRM) += flow.o
 obj-$(CONFIG_SYSFS) += net-sysfs.o
+obj-$(CONFIG_NETDEV_CCRYPT) += ccrypt.o
 obj-$(CONFIG_NET_DIVERT) += dv.o
 obj-$(CONFIG_NET_PKTGEN) += pktgen.o
 obj-$(CONFIG_WIRELESS_EXT) += wireless.o
diff --git a/net/core/ccrypt.c b/net/core/ccrypt.c
new file mode 100644
index 000..c03ad11
--- /dev/null
+++ b/net/core/ccrypt.c
@@ -0,0 +1,941 @@
+/*
+ * Ethernet Cheap Crypt (ccrypt).
+ * (C) 2006 Dawid Ciezarkiewicz [EMAIL PROTECTED]
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#include linux/ccrypt.h
+
+#include linux/if_arp.h
+#include linux/if_pppox.h
+#include linux/if_vlan.h
+#include linux/scatterlist.h
+
+#include linux/crypto.h
+#include linux/module.h
+#include linux/skbuff.h
+#include linux/ip.h
+#include net/checksum.h
+
+#define to_net_dev(class) container_of(class, struct net_device, class_dev)
+
+/**
+ * Allocate ccrypt_rx.
+ */
+struct ccrypt_rx* ccrypt_rx_alloc(void) {
+   struct ccrypt_rx* new_cc = kmalloc

Re: [RFC] Ethernet Cheap Cryptography

[Dawid Ciezarkiewicz]

On Sunday, 15 October 2006 23:35, you wrote:
  Hi,
   I'd be thankful for your opinions about that idea. Please forgive me any
  nuances that I didn't know about.
 
 This limits the system to only talking to one other system on the same 
 link.  I guess you could have per-MAC keys and associate the crypto info 
 with neighbor cache entries.

The idea is to use vlan and macvlan devices to separate encrypted traffic - 
as you can just encrypt vlan device. Other than that - yes ccrypt was 
considered as solution for point-to-point links.

 Likely need a cryptographer to review the protocol -- blindly using the 
 first block of every encrypted packet as the IV smells problematic, for 
 example.

Cryptographic part needs attention. I'm not a cryptographer and no 
cryptographer have checked the idea or code.

And yes - this is little problematic, but I think the solution is good 
enough - there is little chance to inject valid upper level packet, and even 
if such event occur - there is no chance that can carry valid hostile 
information.

The magic function is is_decoded_buffer_valid, which - using upper level 
info - will just drop packets that weren't encrypted correctly. There are 
little chances that spoofed frame after decryption will look like good 
packet - for IPv4 I estimate them to be much less than 1 to 256 * 256 * 32 
(2097152) and this can be rather easily improved.

Injected packets that will not pass such validation will not change stored IV, 
so transmition will not be affected. And even when such frame will pass - it 
will probable consist of garbages - the only effect will be using bad IV in 
the next encryption - so next good frame will be dropped.

If ccrypt will be considered reasonable I was thinking about kernel warnings 
on spoofing tries detection, using simple bad frames counters.
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH][ebtables][vlan] ebt_vlan_t target

[Dawid Ciezarkiewicz]

On Thursday, 6 July 2006 13:15, Ingo Oeser wrote:
 First of all: 
   You should not implemented --vlan-target. 
   Always return EBT_CONTINUE. That saves a lot of (duplicated) code
   (you can express the same using some more rules) while keeping 
   the same flexibility level. Rules for transforming/mangling 
   and decision rules should be seperate.

OK. I've been doing everything looking how ebt_mark.c is written. I thought 
about dropping 
it (iptables has nothing like this and works), but I havent't been sure if I 
should.

  diff -Nur linux-2.6.17.orig/net/bridge/netfilter/Kconfig 
  linux-2.6.17/net/bridge/netfilter/Kconfig
  --- linux-2.6.17.orig/net/bridge/netfilter/Kconfig  2006-06-18 
  03:49:35.0 +0200
  +++ linux-2.6.17/net/bridge/netfilter/Kconfig   2006-06-28 
  20:48:27.0 
  +0200
  @@ -165,6 +165,15 @@
  
To compile it as a module, choose M here.  If unsure, say N.
  
  +config BRIDGE_EBT_VLAN_T
  +   tristate ebt: vlan target support
  +   depends on BRIDGE_NF_EBTABLES
  +   help
  + This option adds the vlan target.
  +
  + To compile it as a module, choose M here.  If unsure, say N.
  +
  +
 
 Please put your nice explanations to change vlan ids in fly from your email 
 here.

OK.

 I cannot comment on rest of the patch and hope other people will do :-)

I hope they do, too. Thanks. :)
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html