| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <330e58f3-61d3-6abc-4f7c-1726e0ce852d@enhancedip.org> Date: Sat, 2 Jun 2018 12:17:12 -0400 From: Sam Patton <sam@...ancedip.org> To: Willy Tarreau <w@....eu> Cc: netdev@...r.kernel.org Subject: Re: ANNOUNCE: Enhanced IP v1.4 Hello Willy, netdev, Thank you for your reply and advice. I couldn't agree more with you about containers and the exciting prospects there, as well as the ADSL scenario you mention. As far as application examples, check out this simple netcat-like program I use for testing: https://github.com/EnIP/enhancedip/blob/master/userspace/netcat/netcat.c Lines 61-67 show how to connect directly via an EnIP address. The netcat-like application uses a header file called eip.h. You can look at it here: https://github.com/EnIP/enhancedip/blob/master/userspace/include/eip.h EnIP makes use of IPv6 AAAA records for DNS lookup. We simply put 2001:0101 (which is an IPv6 experimental prefix) and then we put the 64-bit EnIP address into the next 8 bytes of the address. The remaining bytes are set to zero. In the kernel, if you want to see how we convert the IPv6 DNS lookup into something connect() can manage, check out the add_enhanced_ip() routine found here: https://github.com/EnIP/enhancedip/blob/master/kernel/4.9.28/socket.c The reason we had to do changes for openssh and not other applications (that use DNS) is openssh has a check to see if the socket is using IP options. If the socket does, sshd drops the connection. I had to work around that to get openssh working with EnIP. The result: if you want to connect the netcat-like program with IP addresses you'll end up doing something like the example above. If you're using DNS (getaddrinfo) to connect(), it should just work (except for sshd as noted). Here's the draft experimental RFC: https://tools.ietf.org/html/draft-chimiak-enhanced-ipv4-03 I'll also note that I am doing this code part time as a hobby for a long time so I appreciate your help and support. It would be really great if the kernel community decided to pick this up, but if it's not a reality please let me know soonest so I can move on to a different hobby. :) Thank you. Sam Patton On 6/2/18 1:57 AM, Willy Tarreau wrote: > Hello Sam, > > On Fri, Jun 01, 2018 at 09:48:28PM -0400, Sam Patton wrote: >> Hello! >> >> If you do not know what Enhanced IP is, read this post on netdev first: >> >> https://www.spinics.net/lists/netdev/msg327242.html >> >> >> The Enhanced IP project presents: >> >> Enhanced IP v1.4 >> >> The Enhanced IP (EnIP) code has been updated. It now builds with OpenWRT barrier breaker (for 148 different devices). We've been testing with the Western Digital N600 and N750 wireless home routers. > (...) First note, please think about breaking your lines if you want your > mails to be read by the widest audience, as for some of us here, reading > lines wider than a terminal is really annoying, and often not considered > worth spending time on them considering there are so many easier ones > left to read. > >> Interested in seeing Enhanced IP in the Linux kernel, read on. Not >> interested in seeing Enhanced IP in the Linux kernel read on. > (...) > > So I personally find the concept quite interesting. It reminds me of the > previous IPv5/IPv7/IPv8 initiatives, which in my opinion were a bit hopeless. > Here the fact that you decide to consider the IPv4 address as a network opens > new perspectives. For containerized environments it could be considered that > each server, with one IPv4, can host 2^32 guests and that NAT is not needed > anymore for example. It could also open the possibility that enthousiasts > can more easily host some services at home behind their ADSL line without > having to run on strange ports. > > However I think your approach is not the most efficient to encourage adoption. > It's important to understand that there will be little incentive for people > to patch their kernels to run some code if they don't have the applications > on top of it. The kernel is not the end goal for most users, the kernel is > just the lower layer needed to run applications on top. I looked at your site > and the github repo, and all I could find was a pre-patched openssh, no simple > explanation of what to change in an application. > > What you need to do first is to *explain* how to modify userland applications > to support En-IP, provide an echo server and show the parts which have to be > changed. Write a simple client and do the same. Provide your changes to > existing programs as patches, not as pre-patched code. This way anyone can > use your patches on top of other versions, and can use these patches to > understand what has to be modified in their applications. > > Once applications are easy to patch, the incentive to install patched kernels > everywhere will be higher. For many enthousiasts, knowing that they only have > to modify the ADSL router to automatically make their internal IoT stuff > accessible from outside indeed becomes appealing. > > Then you'll need to provide patches for well known applications like curl, > wget, DNS servers (bind...), then browsers. > > In my case I could be interested in adding support for En-ip into haproxy, > and only once I don't see any showstopped in doing this, I'd be willing to > patch my kernel to support it. > > Last advice, provide links to your drafts in future e-mails, they are not > easy to find on your site, we have to navigate through various pages to > finally find them. > > Regards, > Willy
Powered by blists - more mailing lists