source: liacs/net/as3/doc/report.tex@ 37

Last change on this file since 37 was 2, checked in by Rick van der Zwet, 15 years ago

Initial import of data of old repository ('data') worth keeping (e.g. tracking
means of URL access statistics)

File size: 3.7 KB
RevLine 
[2]1%
2% $Id: report.tex 747 2009-09-20 17:01:15Z rick $
3%
4
5\documentclass[12pt,a4paper]{article}
6
7\frenchspacing
8\usepackage[english,dutch]{babel}
9\selectlanguage{dutch}
10\usepackage{graphicx}
11\usepackage{url}
12\usepackage{multicol}
13\usepackage{fancybox}
14\usepackage{amssymb,amsmath}
15
16\author{Johan IJsveld \& Rick van der Zwet, Universiteit Leiden}
17\title{Networking - Assignment 3\\
18\large{Packet Filtering and Encryption}}
19\author{Johan IJsveld \& Rick van der Zwet\\
20 \texttt{<jijsveld@xs4all.nl> \& <hvdzwet@liacs.nl>}\\
21 \\
22 LIACS\\
23 Leiden University\\
24 Niels Bohrweg 1\\
25 2333 CA Leiden\\
26 The Netherlands}
27\date{\today}
28
29\begin{document}
30
31\maketitle
32
33\section{Implementation}
34We have chosen for a single emph{C} program without any arguments to keep it
35simple, meaning for the encryption key \emph{0x12345678} will be hard-coded into
36the program and queue number are hard-coded \emph{0} for input and \emph{1} for output.
37
38\section{Global working}
39At first a package arrives at \emph{netfilter} which is a Linux packet filter
40implementation. This will push the packet using callback function implemented
41at in\emph{libnetfilter\_queue} to our implementation. let's call our application
42\emph{xorfilter} for a moment. The xorfilter preforms it's 'magic' which will
43be in this case a mangle of the data payload using a XOR computation with the
44key above. Next it recalculates the TCP checksum to ensure the checksum matches
45the altered payload, leading to proper validation of the packet on the other end.
46
47\section{Usage xorfilter}
48At first make sure to enable the \emph{xorfilter}, this needed to be running
49under the root user, due to the enhanced privileges it needs at start by
50'hooking' into \emph{iptables}. Next alter \emph{iptables} using the CLI
51script, for a reference sample, check \emph{setqueue.sh}.
52
53\section{Usage echod}
54Ones started the program \emph{echod} will listen at port \emph{12345}. It's
55only purpose it serves (hences the 'd' of daemon in echod) is to reply the data
56it receives. One could connect using the program telnet to the program using
57\emph{telnet localhost 12345} and everything you type will be returned as well.
58
59\section{xorfilter encryption}
60The key consist of 4 bytes, so for every 4 bytes, the data is XORed with the
61key, which is first translated using \emph{htonl} to make sure we are using
62big endian instead of small endian as all network traffic is big endian by
63definition. Next in case of a remainder -when the length of the data is not a
64power of 4 bytes- the remainder is XORed with the relevant byte of the key. Example:
65
66\begin{verbatim}
67 DATA: AB CD EF 34 23 21 34 (7 bytes)
68Step 1 (key repeated each 4 bytes, done using for loop on words):
69 KEY : 12 34 56 78
70 IMM : B9 F9 B9 4C 23 21 34
71Step 2 (remainder key, done using for loop on bytes):
72 KEY : 12 34 56
73 IMM : B9 F9 B9 4C 31 15 62
74\end{verbatim}
75
76
77% \begin{thebibliography}{10}
78% \end{thebibliography}
79\newpage
80\advance\textwidth by 8cm
81\advance\oddsidemargin by -3cm
82\advance\evensidemargin by -3cm
83\advance\topmargin by -2cm
84\advance\textheight by 4cm
85\advance\footskip by -4cm
86\marginparwidth 0cm
87\twocolumn
88\section*{Appendix}
89echod (1 file), xorfilter (9 files), netfilter CLI example (2 files)
90\newline
91\tiny
92%preformatted with `source-highlight -n -f latex bridge.cc`
93\input{../src/echod/echod.c}
94\input{../src/xorfilter/checksum.c}
95\input{../src/xorfilter/checksum.h}
96\input{../src/xorfilter/filter.c}
97\input{../src/xorfilter/filter.h}
98\input{../src/xorfilter/queue.c}
99\input{../src/xorfilter/queue.h}
100\input{../src/xorfilter/xorencrypt.c}
101\input{../src/xorfilter/xorencrypt.h}
102\input{../src/xorfilter/xorfilter.c}
103\input{../tools/setqueue.sh}
104\input{../tools/rmqueue.sh}
105
106\onecolumn
107
108\end{document}
Note: See TracBrowser for help on using the repository browser.