Hi All,
I would like to bring IPsec to Genode , if there any one interested to participate and share his experiences . I will start step by step and with the easy parts of the IPsec , depend on static configurations and maybe later we will implement the remain features.
thanks,
Mohammad
Hello Mohammad,
On Thu, Jul 10, 2014 at 09:55:25AM +0100, Mhamad Hmad wrote:
I would like to bring IPsec to Genode , if there any one interested to participate and share his experiences . I will start step by step and with the easy parts of the IPsec , depend on static configurations and maybe later we will implement the remain features.
This sounds like an ambitious endeavor. Also, starting from static PSK-based configurations sounds like the best approach. Do you address IP version 4 or version 6? Do you also plan to implement NAT traversal aka IPSec over UDP?
Best regards
Hi Christian,
Our Goal for now is to implement the IPsec with the minimum setting and options and i will consider the next:
- We will focus on IP v4 - All the policy configurations (ipsec.confg, policy files , ISAKMP files ) will be configured a head . - We are looking for implementing Authentication Header (AH) only and in the next stage we will add Encapsulating Security Payload (ESP). - We are looking for implementing the Transport Mode - The ISAKMP should be able to recognize the KEYNOTE, so we will use the OpenBSD implantation for the ISAKMP - In the current stage we will use static IPs to simplify the negotiate process - The main object now to implement the Security Associations (SA) and the packet filter options .
I am Open for suggestions and prior experiences. In the same time i am welcoming any one would like to participate .
Best Mohammad
2014-07-10 13:19 GMT+01:00 Christian Helmuth < christian.helmuth@...1...>:
Hello Mohammad,
On Thu, Jul 10, 2014 at 09:55:25AM +0100, Mhamad Hmad wrote:
I would like to bring IPsec to Genode , if there any one interested to participate and share his experiences . I will start step by step and with the easy parts of the IPsec , depend
on
static configurations and maybe later we will implement the remain features.
This sounds like an ambitious endeavor. Also, starting from static PSK-based configurations sounds like the best approach. Do you address IP version 4 or version 6? Do you also plan to implement NAT traversal aka IPSec over UDP?
Best regards
Christian Helmuth Genode Labs
http://www.genode-labs.com/ · http://genode.org/ https://twitter.com/GenodeLabs · /ˈdʒiː.nəʊd/
Genode Labs GmbH · Amtsgericht Dresden · HRB 28424 · Sitz Dresden Geschäftsführer: Dr.-Ing. Norman Feske, Christian Helmuth
Open source business process management suite built on Java and Eclipse Turn processes into business applications with Bonita BPM Community Edition Quickly connect people, data, and systems into organized workflows Winner of BOSSIE, CODIE, OW2 and Gartner awards http://p.sf.net/sfu/Bonitasoft _______________________________________________ genode-main mailing list genode-main@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/genode-main
Hi. I have some experience of implementation of IPSec traffic processing protocols and multithread traffic processing daemons. I interesting to bring same functionality to Genode.
Some questions about your plans: - Have you some ideas about architecture? Multiple workers for traffic processing? Dedicated process for cryptography functions? Something else? - Witch approach of packets sending/receiving you want to use? Directly using Nic::Session? Hooks in IP-stack? - Witch cryto library you plan to use? - Do you plan to implement IKEv2?
2014-07-10 12:55 GMT+04:00 Mhamad Hmad <mhh.it1986@...9...>:
Hi All,
I would like to bring IPsec to Genode , if there any one interested to participate and share his experiences . I will start step by step and with the easy parts of the IPsec , depend on static configurations and maybe later we will implement the remain features.
thanks,
Mohammad
Open source business process management suite built on Java and Eclipse Turn processes into business applications with Bonita BPM Community Edition Quickly connect people, data, and systems into organized workflows Winner of BOSSIE, CODIE, OW2 and Gartner awards http://p.sf.net/sfu/Bonitasoft _______________________________________________ genode-main mailing list genode-main@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/genode-main
Hi Nikilay, thank you for your email . - for the architecture , I have only one LwIP stack . with the help of Norman and Johannes i implemented very basic RPC interface for Lwip wich support multi-threading . the Ipsec will be merged with the Lwip stack in some way. -for the crypto library, I will start using MD5 and DES for encryption and authentication and later we will use more sophisticated algorithms. -in the term of implementation IKEv2, Yes I would like.
if you have any suggestions or corrections to any point pleas just let me know.
Best Mohammad
2014-07-10 14:03 GMT+01:00 Nikolay Golikov <nik@...104...>:
Hi. I have some experience of implementation of IPSec traffic processing protocols and multithread traffic processing daemons. I interesting to bring same functionality to Genode.
Some questions about your plans:
- Have you some ideas about architecture? Multiple workers for traffic
processing? Dedicated process for cryptography functions? Something else?
- Witch approach of packets sending/receiving you want to use? Directly
using Nic::Session? Hooks in IP-stack?
- Witch cryto library you plan to use?
- Do you plan to implement IKEv2?
2014-07-10 12:55 GMT+04:00 Mhamad Hmad <mhh.it1986@...9...>:
Hi All,
I would like to bring IPsec to Genode , if there any one interested to participate and share his experiences . I will start step by step and with the easy parts of the IPsec , depend on static configurations and maybe later we will implement the remain features.
thanks,
Mohammad
Open source business process management suite built on Java and Eclipse Turn processes into business applications with Bonita BPM Community Edition Quickly connect people, data, and systems into organized workflows Winner of BOSSIE, CODIE, OW2 and Gartner awards http://p.sf.net/sfu/Bonitasoft _______________________________________________ genode-main mailing list genode-main@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/genode-main
Open source business process management suite built on Java and Eclipse Turn processes into business applications with Bonita BPM Community Edition Quickly connect people, data, and systems into organized workflows Winner of BOSSIE, CODIE, OW2 and Gartner awards http://p.sf.net/sfu/Bonitasoft _______________________________________________ genode-main mailing list genode-main@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/genode-main
-
Christian Helmuth -
Mhamad Hmad -
Nikolay Golikov