[Olsr-dev] New OLSRd Plugin (derivative of olsrd_secure)

Will Hawkins (spam-protected)
Mon Dec 24 06:26:02 CET 2012


On 12/23/2012 07:48 AM, Henning Rogge wrote:
> Unfortunately I will not have time to review it until after Christmas...

No problem at all! I am off all next week too! I hope that you enjoy 
some time off!

>
> just another question... do you sign the packets or do you sign the messages?

I'm not 100% sure that I understand the distinction, but I believe that 
we do both. We sign the messages for negotiating signing parameters with 
neighbors and then we sign the OLSR packets as they are being prepared 
for transmission to neighbors. The plugin adds itself to OLSR as a 
packet transform function and as a preprocessor.

The structure of this plugin is taken directly from the olsrd-secure 
plugin. It's possible that the authors of that plugin might know better 
how to answer this question.

I hope that answers your question!

Will

>
> Henning
>
> On Sun, Dec 23, 2012 at 5:46 AM, Will Hawkins
> <(spam-protected)> wrote:
>> On 12/22/2012 03:27 AM, Henning Rogge wrote:
>>>
>>> I am just curious,
>>>
>>> do you have also experimented with using IPsec with a static shared
>>> key to encrypt/sign your traffic hop-by-hop ?
>>
>>
>> Hello Henning!
>>
>> Yes, we have experimented with that. We are also actively pursuing AuthSAE
>> support (from the 802.11s protocol) for doing zero-knowledge link
>> encryption. We plan on using both link encryption and route signing as part
>> of a defense-in-depth strategy.
>>
>> Thank you for taking the time to review this submission. Please continue to
>> email questions and I will continue to answer them as I am able. :-)
>>
>> Will
>>
>>
>>>
>>> Henning Rogge
>>>
>>> On Fri, Dec 21, 2012 at 9:25 PM, Will Hawkins
>>> <(spam-protected)> wrote:
>>>>
>>>>
>>>>
>>>> On 12/21/2012 12:25 PM, Ferry Huberts wrote:
>>>>>
>>>>>
>>>>>
>>>>> On 21/12/12 17:54, Will Hawkins wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>> On 12/21/2012 07:51 AM, Saverio Proto wrote:
>>>>>>>
>>>>>>> Hello,
>>>>>>>
>>>>>>> do you have your git branch published somewhere on the web  ?
>>>>>>
>>>>>>
>>>>>> No, but I could easily make that happen. You could just pull from that
>>>>>> to review the code then, right?
>>>>>>
>>>>>
>>>>> I think we would happily look at your code but you have to make it easy
>>>>> for us to understand it ;-)
>>>>
>>>>
>>>> I'm happy to make it easy for you to understand, once I understand it
>>>> :-) Just kidding, of course.
>>>>
>>>> I posted the repo with the mdp branch to github under
>>>> https://github.com/opentechinstitute/olsrd-mdp
>>>>
>>>> As I said previously, this relies heavily on olsrd-secure and I followed
>>>> their style (which hopefully matches up with the project's general
>>>> style).
>>>>
>>>> I look forward to your feedback. Happy Friday everyone!
>>>>
>>>> Will
>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> Will
>>>>>>
>>>>>>>
>>>>>>> Saverio
>>>>>>>
>>>>>>>
>>>>>>> 2012/12/20 Will Hawkins <(spam-protected)>:
>>>>>>>>
>>>>>>>> Hello everyone!
>>>>>>>>
>>>>>>>> The Open Technology Institute has created a new plugin for OLSRd
>>>>>>>> known
>>>>>>>> as olsrd_mdp (Mesh Datagram Protocol [MDP] Secure OLSR). The plugin
>>>>>>>> integrates OLSRd with Serval to create a mechanism for signing OLSR
>>>>>>>> packets with a shared private key stored in a Serval keyring. This
>>>>>>>> plugin is a derivative of the olsrd_secure plugin.
>>>>>>>>
>>>>>>>> Serval is a mesh networking project out of Australia
>>>>>>>> (http://www.servalproject.org). One of their main products,
>>>>>>>> serval-dna,
>>>>>>>> includes a keyring that stores (and optionally locks) a set of
>>>>>>>> public/private keypairs. olsrd_mdp takes a private key from Serval's
>>>>>>>> key
>>>>>>>> ring and uses it to sign OLSR packets.
>>>>>>>>
>>>>>>>> It differs from olsrd_secure in a few ways:
>>>>>>>>
>>>>>>>> 1. olsrd_mdp is configured with a key identifier. The key identifier
>>>>>>>> allows the user to specify which keypair from the Serval keyring will
>>>>>>>> sign packets.
>>>>>>>>
>>>>>>>> 2. olsrd_mdp allows for variable-length keys.
>>>>>>>>
>>>>>>>> 3. olsrd_mdp salts AND signs OLSR packets with a private key.
>>>>>>>>
>>>>>>>> We would really like to share this plugin with the OLSRd community.
>>>>>>>> We
>>>>>>>> developed the plugin in a branch off of master but the plugin
>>>>>>>> requires
>>>>>>>> Serval's serval-dna development kit to compile. This brings up two
>>>>>>>> questions:
>>>>>>>>
>>>>>>>> 1. How do plugin makefiles alert the user that they need
>>>>>>>> configuration
>>>>>>>> to compile correctly? The necessary parameter is documented in the
>>>>>>>> olsrd_mdp README file. Is there another better way to document this?
>>>>>>>>
>>>>>>>> 2. What is the best way to submit the plugin for review for possible
>>>>>>>> inclusion? I did my best to follow OLSRd code standards while
>>>>>>>> developing, but I'd appreciate your feedback in spotting the places
>>>>>>>> where I inevitably messed up.
>>>>>>>>
>>>>>>>> Thanks for reading this rather long message. We are really excited
>>>>>>>> about
>>>>>>>> the possibility of sharing this plugin with the OLSRd community.
>>>>>>>>
>>>>>>>> Talk to you soon!
>>>>>>>> Will
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Olsr-dev mailing list
>>>>>>>> (spam-protected)
>>>>>>>> https://lists.olsr.org/mailman/listinfo/olsr-dev
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>> --
>>>> Olsr-dev mailing list
>>>> (spam-protected)
>>>> https://lists.olsr.org/mailman/listinfo/olsr-dev
>>>
>>>
>>>
>>>
>>
>
>
>





More information about the Olsr-dev mailing list