[Olsr-dev] New OLSRd Plugin (derivative of olsrd_secure)

Saverio Proto (spam-protected)
Thu Dec 27 09:32:12 CET 2012


> I'm not 100% sure that I understand the distinction, but I believe that we

OLSR messages such as HELLO, TC, HNA have their structure, see RFC or
the structs defined in the C code.

The OLSR packet is a network packet that can hold many OLSR messages
at the same time.

OLSR packets are exchanged just within 1-hop neighbors, OLSR messages
are flooded all around the network.

Saverio



> do both. We sign the messages for negotiating signing parameters with
> neighbors and then we sign the OLSR packets as they are being prepared for
> transmission to neighbors. The plugin adds itself to OLSR as a packet
> transform function and as a preprocessor.
>
> The structure of this plugin is taken directly from the olsrd-secure plugin.
> It's possible that the authors of that plugin might know better how to
> answer this question.
>
> I hope that answers your question!
>
> Will
>
>
>>
>> Henning
>>
>> On Sun, Dec 23, 2012 at 5:46 AM, Will Hawkins
>> <(spam-protected)> wrote:
>>>
>>> On 12/22/2012 03:27 AM, Henning Rogge wrote:
>>>>
>>>>
>>>> I am just curious,
>>>>
>>>> do you have also experimented with using IPsec with a static shared
>>>> key to encrypt/sign your traffic hop-by-hop ?
>>>
>>>
>>>
>>> Hello Henning!
>>>
>>> Yes, we have experimented with that. We are also actively pursuing
>>> AuthSAE
>>> support (from the 802.11s protocol) for doing zero-knowledge link
>>> encryption. We plan on using both link encryption and route signing as
>>> part
>>> of a defense-in-depth strategy.
>>>
>>> Thank you for taking the time to review this submission. Please continue
>>> to
>>> email questions and I will continue to answer them as I am able. :-)
>>>
>>> Will
>>>
>>>
>>>>
>>>> Henning Rogge
>>>>
>>>> On Fri, Dec 21, 2012 at 9:25 PM, Will Hawkins
>>>> <(spam-protected)> wrote:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On 12/21/2012 12:25 PM, Ferry Huberts wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On 21/12/12 17:54, Will Hawkins wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On 12/21/2012 07:51 AM, Saverio Proto wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>> Hello,
>>>>>>>>
>>>>>>>> do you have your git branch published somewhere on the web  ?
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> No, but I could easily make that happen. You could just pull from
>>>>>>> that
>>>>>>> to review the code then, right?
>>>>>>>
>>>>>>
>>>>>> I think we would happily look at your code but you have to make it
>>>>>> easy
>>>>>> for us to understand it ;-)
>>>>>
>>>>>
>>>>>
>>>>> I'm happy to make it easy for you to understand, once I understand it
>>>>> :-) Just kidding, of course.
>>>>>
>>>>> I posted the repo with the mdp branch to github under
>>>>> https://github.com/opentechinstitute/olsrd-mdp
>>>>>
>>>>> As I said previously, this relies heavily on olsrd-secure and I
>>>>> followed
>>>>> their style (which hopefully matches up with the project's general
>>>>> style).
>>>>>
>>>>> I look forward to your feedback. Happy Friday everyone!
>>>>>
>>>>> Will
>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>> Will
>>>>>>>
>>>>>>>>
>>>>>>>> Saverio
>>>>>>>>
>>>>>>>>
>>>>>>>> 2012/12/20 Will Hawkins <(spam-protected)>:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Hello everyone!
>>>>>>>>>
>>>>>>>>> The Open Technology Institute has created a new plugin for OLSRd
>>>>>>>>> known
>>>>>>>>> as olsrd_mdp (Mesh Datagram Protocol [MDP] Secure OLSR). The plugin
>>>>>>>>> integrates OLSRd with Serval to create a mechanism for signing OLSR
>>>>>>>>> packets with a shared private key stored in a Serval keyring. This
>>>>>>>>> plugin is a derivative of the olsrd_secure plugin.
>>>>>>>>>
>>>>>>>>> Serval is a mesh networking project out of Australia
>>>>>>>>> (http://www.servalproject.org). One of their main products,
>>>>>>>>> serval-dna,
>>>>>>>>> includes a keyring that stores (and optionally locks) a set of
>>>>>>>>> public/private keypairs. olsrd_mdp takes a private key from
>>>>>>>>> Serval's
>>>>>>>>> key
>>>>>>>>> ring and uses it to sign OLSR packets.
>>>>>>>>>
>>>>>>>>> It differs from olsrd_secure in a few ways:
>>>>>>>>>
>>>>>>>>> 1. olsrd_mdp is configured with a key identifier. The key
>>>>>>>>> identifier
>>>>>>>>> allows the user to specify which keypair from the Serval keyring
>>>>>>>>> will
>>>>>>>>> sign packets.
>>>>>>>>>
>>>>>>>>> 2. olsrd_mdp allows for variable-length keys.
>>>>>>>>>
>>>>>>>>> 3. olsrd_mdp salts AND signs OLSR packets with a private key.
>>>>>>>>>
>>>>>>>>> We would really like to share this plugin with the OLSRd community.
>>>>>>>>> We
>>>>>>>>> developed the plugin in a branch off of master but the plugin
>>>>>>>>> requires
>>>>>>>>> Serval's serval-dna development kit to compile. This brings up two
>>>>>>>>> questions:
>>>>>>>>>
>>>>>>>>> 1. How do plugin makefiles alert the user that they need
>>>>>>>>> configuration
>>>>>>>>> to compile correctly? The necessary parameter is documented in the
>>>>>>>>> olsrd_mdp README file. Is there another better way to document
>>>>>>>>> this?
>>>>>>>>>
>>>>>>>>> 2. What is the best way to submit the plugin for review for
>>>>>>>>> possible
>>>>>>>>> inclusion? I did my best to follow OLSRd code standards while
>>>>>>>>> developing, but I'd appreciate your feedback in spotting the places
>>>>>>>>> where I inevitably messed up.
>>>>>>>>>
>>>>>>>>> Thanks for reading this rather long message. We are really excited
>>>>>>>>> about
>>>>>>>>> the possibility of sharing this plugin with the OLSRd community.
>>>>>>>>>
>>>>>>>>> Talk to you soon!
>>>>>>>>> Will
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Olsr-dev mailing list
>>>>>>>>> (spam-protected)
>>>>>>>>> https://lists.olsr.org/mailman/listinfo/olsr-dev
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>> --
>>>>> Olsr-dev mailing list
>>>>> (spam-protected)
>>>>> https://lists.olsr.org/mailman/listinfo/olsr-dev
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>
>>
>>
>
>
> --
> Olsr-dev mailing list
> (spam-protected)
> https://lists.olsr.org/mailman/listinfo/olsr-dev




More information about the Olsr-dev mailing list