% % $Id: report.tex 747 2009-09-20 17:01:15Z rick $ % \documentclass[12pt,a4paper]{article} \frenchspacing \usepackage[english,dutch]{babel} \selectlanguage{dutch} \usepackage{graphicx} \usepackage{url} \usepackage{multicol} \usepackage{fancybox} \usepackage{amssymb,amsmath} \author{Johan IJsveld \& Rick van der Zwet, Universiteit Leiden} \title{Networking - Assignment 3\\ \large{Packet Filtering and Encryption}} \author{Johan IJsveld \& Rick van der Zwet\\ \texttt{ \& }\\ \\ LIACS\\ Leiden University\\ Niels Bohrweg 1\\ 2333 CA Leiden\\ The Netherlands} \date{\today} \begin{document} \maketitle \section{Implementation} We have chosen for a single emph{C} program without any arguments to keep it simple, meaning for the encryption key \emph{0x12345678} will be hard-coded into the program and queue number are hard-coded \emph{0} for input and \emph{1} for output. \section{Global working} At first a package arrives at \emph{netfilter} which is a Linux packet filter implementation. This will push the packet using callback function implemented at in\emph{libnetfilter\_queue} to our implementation. let's call our application \emph{xorfilter} for a moment. The xorfilter preforms it's 'magic' which will be in this case a mangle of the data payload using a XOR computation with the key above. Next it recalculates the TCP checksum to ensure the checksum matches the altered payload, leading to proper validation of the packet on the other end. \section{Usage xorfilter} At first make sure to enable the \emph{xorfilter}, this needed to be running under the root user, due to the enhanced privileges it needs at start by 'hooking' into \emph{iptables}. Next alter \emph{iptables} using the CLI script, for a reference sample, check \emph{setqueue.sh}. \section{Usage echod} Ones started the program \emph{echod} will listen at port \emph{12345}. It's only purpose it serves (hences the 'd' of daemon in echod) is to reply the data it receives. One could connect using the program telnet to the program using \emph{telnet localhost 12345} and everything you type will be returned as well. \section{xorfilter encryption} The key consist of 4 bytes, so for every 4 bytes, the data is XORed with the key, which is first translated using \emph{htonl} to make sure we are using big endian instead of small endian as all network traffic is big endian by definition. Next in case of a remainder -when the length of the data is not a power of 4 bytes- the remainder is XORed with the relevant byte of the key. Example: \begin{verbatim} DATA: AB CD EF 34 23 21 34 (7 bytes) Step 1 (key repeated each 4 bytes, done using for loop on words): KEY : 12 34 56 78 IMM : B9 F9 B9 4C 23 21 34 Step 2 (remainder key, done using for loop on bytes): KEY : 12 34 56 IMM : B9 F9 B9 4C 31 15 62 \end{verbatim} % \begin{thebibliography}{10} % \end{thebibliography} \newpage \advance\textwidth by 8cm \advance\oddsidemargin by -3cm \advance\evensidemargin by -3cm \advance\topmargin by -2cm \advance\textheight by 4cm \advance\footskip by -4cm \marginparwidth 0cm \twocolumn \section*{Appendix} echod (1 file), xorfilter (9 files), netfilter CLI example (2 files) \newline \tiny %preformatted with `source-highlight -n -f latex bridge.cc` \input{../src/echod/echod.c} \input{../src/xorfilter/checksum.c} \input{../src/xorfilter/checksum.h} \input{../src/xorfilter/filter.c} \input{../src/xorfilter/filter.h} \input{../src/xorfilter/queue.c} \input{../src/xorfilter/queue.h} \input{../src/xorfilter/xorencrypt.c} \input{../src/xorfilter/xorencrypt.h} \input{../src/xorfilter/xorfilter.c} \input{../tools/setqueue.sh} \input{../tools/rmqueue.sh} \onecolumn \end{document}