ipnsec-0.8/README-0.8 This is the first preliminary release of a merged implementations of IPSec from Linux and OpenBSD, running on Linux. You can fetch this (and the later versions) from ftp://ftp.eunet.cz/icz/ipnsec/ You can find the (old) Linux implementation at http://www.xs4all.nl/~freeswan/ You can find the OpenBSD code at http://www.openbsd.org/ Both the Linux and OpenBSD versions have been originally written by John Ioannidis and the OpenBSD has been heavily modified by Angelos D. Keromytis and Niels Provos (and possibly others). I (Petr Novak, ) took both of the code bases and tried to merge the newer functions from OpenBSD into the existing Linux code. The code bases were ipsec-linux ver. 0.7 and OpenBSD 2.2 with all modifications up to March 9, 1998. The versioning of this software is a continuation of that of the ipsec-linux code, but this does not mean that the ipsec-linux will not evolve further on its own. This version is somewhere half on the way, as it still lacks some of the essential functions of OpenBSD. On the other hand, it should be at least as stable as the existing Linux code, but it should be more interoperable with other IPSec implementations. The code has been tested with Linux kernel 2.0.32 and 2.0.33. The development environment and the testbed is based on Redhat Linux 4.2. Here is a rough sketch of the major changes from the ipsec for Linux 0.7 and some random remarks: - the IP stack kernel interface has not changed (yet), I plan to steal that either from ENskip or to inspire in OpenBSD to fix the known problems with transport mode routing etc. - what *has* changed is the userland to kernel level interface to IPSec. The paradigm of netlink interface has been preserved, but the format of the messages is more close to the OpenBSD PF_ENCAP than to the original Linux code. The reasoning is that I would like to use the OpenBSD user-level code, rather than to stick with the existing Linux utilities (which have been a victim of recent criticism from the interoperability tester team). - the main area of differences is the code of the actual transformations (ie. esp and ah header processing). The file-per-xform approach of the original Linux code has been replaced with the file-per-standard approach of the OpenBSD code. The new files are called ipsec_{ah,esp}_{old,new}.c and the changes there required changing the ipsec_{ah,esp}.h files. To make the structure of the files cleaner, I have moved all the ciphers and hashes code to separate directories (ciphers, hashes) and I have included all the transforms from OpenBSD (ie. Blowfish, CAST and RIPEMD-160). The libdeslite has been enhanced with 3-DES in ecb mode and the cbc mode routines have been deleted for both DES and 3-DES. The ipsec_esp_{old,new}.c code does a central cipher-independent CBC processing and uses only ECB mode external ciphers. This is in line with the recent IETF draft draft-ietf-ipsec-ciph-cbc-01, although the implementation allows backwards compatibility with some older drafts (IV derived from the replay protection field). The implementation does not include the IDEA and RC5 ciphers mentioned in the draft. They were not in the OpenBSD code, as IDEA is patented in several countries (including most EU countries and the USA). If included, it should at least be possible to turn it off. As there are not that many IPSec implementations with IDEA, it is not a major interoperability requirement at this moment. I have not yet investigated the status of RC5 and I will include that cipher once confirmed that it can be distributed freely. The interoperability of all the transforms with existing OpenBSD has been tested with manual keying (using ipsecadm - see later) and they seem to work in all possible combinations, except when OpenBSD tries to receive keyed SHA-1 old-style AH packets, where the problem is at the OpenBSD side (a bug has been opened including fix with the OpenBSD team). Some of the transforms might not work with the old Linux code base, due to different key slicing and possibly other differences (at least the length of the replay protection field has changed). As the OpenBSD code seems to be more up-to-date and is a much more stable implementation at this moment, I gave priority to compatibilty with that, rather than with the existing Linux code. Unfortunately, I have not tested which actual transforms do and which do not work interoperably with the old Linux code. - the tunnel mode does not work at the moment, as the logic is different in both of the original implementations. I will finish porting and testing the tunnelling mode in several days, as that is a showstopper for any tests over the Internet. - it is not possible to print the keys in /proc/net/ipsec-spi any more in most of the cases, as any constant per-packet processing is now done in the key schedule routine (xxx_init), rather than for every packet. This means that the key schedules and hash contexts are available, but the original keys are not. Also, the format of /proc/net/ipsec-spi has changed substantially. - the expiration and statistics processing of OpenBSD are not implemented yet. - the flows of OpenBSD are not implemented yet (ie. we still use the existing eroute code of the Linux implementation - watch this space) - the main user interface for setting up IPSec is the ipsecadm utility, replacing the setsa and spigrp utilities. The ipsecadm is taken from OpenBSD (you will find it in sbin/ipsecadm) and the only changes were in the includes and the kernel interface (although the format of the actual messages has remained - the only real difference is the replacement of using /dev/ipsec instead of the PF_ENCAP socket). The manual page (ipsecadm.1) and usage printed in case of running the program without arguments are the same as in OpenBSD and should be all relevant to the existing code, except the tunnelling mode does not work yet. The diagnostics performed at the kernel level (ie. checking of key lengths, IV lengths etc) are still poorly reported, but you will find a desription of the problem in /var/log/messages (or wherever else you log your kernel messages). The user level code should perform the same sanity checks as the kernel does and report them sensibly to the user (someone to volunteer for implementing this?). - the photurisd and pluto key management daemons are not supposed to work with this release yet. - this release is a development snapshot and will be replaced by enhanced versions on about weekly basis (at least initially). Anyone who wants to run any tests over the Internet (with this or any other IPSec implementation), please mail me (pn@i.cz) and I will setup our end to talk to you. - the code is stable while being used, the only kernel oops I have seen are while bringing down the system. This does not mean there are no memory leaks, but I have fixed (possibly) the TDB memory leaks mentioned in the old XXX comments. I am not sure wheather I have created some race conditions with this or not (anyone to check?). - all the new code has been written in Praha, Czech republic and is therefore free of any export restrictions. The OpenBSD code has been legally exported from Canada (well, actually I have fetched my copy from Sweden). No US originated code has been (knowingly) included. - The code is not under RCS or CVS at the moment, as it seems to be too unstable and still large parts of files are deleted or replaced. The comments at the beginning of files about changes and versions are not always updated, I plan to start the versioning from scratch once the code reaches some of my other objectives (ie. new IP kernel interface, expiration messages etc. to enable full interopeability with ISAKMP/Oakley and Photuris). If you need to know what has changed, you need to make the diffs yourself. The docs directory has not been updated or touched, so you need to read that and *then* the ipsecadm man page. If anything goes wrong, do not blame me, nor the authors of most of the code. This code is provided AS IS, with no warranties or other blah blah. In any case, I'd like to hear from those who had any success or trouble with this code, so that it can do what somebody might think is useful. Praha, 12th March 1998 Petr Novak ICZ, a.s. .