[WLANware] GSoC 2010: Project IP/UDP encapsulation Kernel module

marco bonola marco.bonola at gmail.com
Thu Apr 8 14:28:56 CEST 2010 

HI Mitar,

I didn't plan on developing any security mechanism inside this module.
Anyway, since you will have total access to the socket_buff, you can do
whatever you
want. For example you can put a further scrambling lavel after (or before,
it depends from
which point of view you're looking at the picture) the encapsulating UDP.

For example, let's say you want to apply this "scrambling" layer:

the original packet is sent by a totally unaware application and routed
through the virtual interface.
At the end of the IP stack the L2 send() function of the virtual interface
is called.
The original packet can now be scrambled. An additional header can be added
to identify the
"scrambling context"  applied to that packet. The packet is now encapsulated
into the
IP/UDP external header and sent.
Of course, everything is more complicated with respect to what you could do
in user space
with some kind of user-space queueing (IPTABLES NFQUEUE target for example),
but
the performance will be much better.
The nice thing about IP/UDP is that you can tunnel whatever protocol you
want, without needing
a new protocol number.

Marco

On Thu, Apr 8, 2010 at 1:43 PM, Mitar <mmitar at gmail.com> wrote:

> Hi!
>
> On Thu, Apr 8, 2010 at 12:50 PM, marco bonola <marco.bonola at gmail.com>
> wrote:
> > the point is to have it in the kernel.
>
> Good point. :-)
>
> Will there be any encryption or at least scrambling support? In wlan
> ljubljana we are currently using OpenVPN and this makes links limited
> by CPU (as we have often fiber links). It would be really great to
> have something in kernel and thus faster. We do not really need
> encryption (our keys are currently semi-public anyway as they are
> stored on every node) but some scrambling would be great just to
> prevent simple sniffing of traffic in guest (ethernet) networks to
> which nodes are connected to. Maybe RC5 or something?
>
> So we would also be interesting in this. We could also test it.
>
>
> Mitar
> _______________________________________________
> WLANware mailing list
> WLANware at freifunk.net
> Abonnement abbestellen? -> https://freifunk.net/mailman/listinfo/wlanware
>
> Weitere Infos zu den freifunk.net Mailinglisten und zur An- und Abmeldung
> unter http://freifunk.net/mailinglisten
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.freifunk.net/pipermail/wlanware-freifunk.net/attachments/20100408/5b4d4481/attachment.html>

More information about the WLANware mailing list