1ddf21c6aSAna Kukec.\"- 2ddf21c6aSAna Kukec.\" Copyright (c) 2010 Ana Kukec 3ddf21c6aSAna Kukec.\" All rights reserved. 4ddf21c6aSAna Kukec.\" 5ddf21c6aSAna Kukec.\" Redistribution and use in source and binary forms, with or without 6ddf21c6aSAna Kukec.\" modification, are permitted provided that the following conditions 7ddf21c6aSAna Kukec.\" are met: 8ddf21c6aSAna Kukec.\" 1. Redistributions of source code must retain the above copyright 9ddf21c6aSAna Kukec.\" notice, this list of conditions and the following disclaimer. 10ddf21c6aSAna Kukec.\" 2. Redistributions in binary form must reproduce the above copyright 11ddf21c6aSAna Kukec.\" notice, this list of conditions and the following disclaimer in the 12ddf21c6aSAna Kukec.\" documentation and/or other materials provided with the distribution. 13ddf21c6aSAna Kukec.\" 14ddf21c6aSAna Kukec.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15ddf21c6aSAna Kukec.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16ddf21c6aSAna Kukec.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17ddf21c6aSAna Kukec.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18ddf21c6aSAna Kukec.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19ddf21c6aSAna Kukec.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20ddf21c6aSAna Kukec.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21ddf21c6aSAna Kukec.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22ddf21c6aSAna Kukec.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23ddf21c6aSAna Kukec.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24ddf21c6aSAna Kukec.\" SUCH DAMAGE. 25ddf21c6aSAna Kukec.\" 26ddf21c6aSAna Kukec.\" $FreeBSD$ 27ddf21c6aSAna Kukec.\" 28ddf21c6aSAna Kukec.Dd September 19, 2010 29ddf21c6aSAna Kukec.Dt SEND 4 30ddf21c6aSAna Kukec.Os 31ddf21c6aSAna Kukec.Sh NAME 32ddf21c6aSAna Kukec.Nm send 33ddf21c6aSAna Kukec.Nd "Kernel side support for Secure Neighbor Discovery (SeND)" 34ddf21c6aSAna Kukec.Sh SYNOPSIS 35ddf21c6aSAna Kukec.In sys/socket.h 36ddf21c6aSAna Kukec.In netinet/in.h 37ddf21c6aSAna Kukec.In netinet6/send.h 38ddf21c6aSAna Kukec.Ft int 39ddf21c6aSAna Kukec.Fn socket PF_INET6 SOCK_RAW IPPROTO_SEND 40ddf21c6aSAna Kukec.Pp 41*7646a841SJoel DahlTo load the driver as a module at boot time, place the following line in 42ddf21c6aSAna Kukec.Xr loader.conf 5 : 43ddf21c6aSAna Kukec.Bd -literal -offset indent 44ddf21c6aSAna Kukecsend_load="YES" 45ddf21c6aSAna Kukec.Ed 46ddf21c6aSAna Kukec.Sh DESCRIPTION 47ddf21c6aSAna KukecIPv6 nodes use the Neighbor Discovery Protocol (NDP) to discover other nodes 48ddf21c6aSAna Kukecon the link, to determine their link-layer addresses to find routers, and 49ddf21c6aSAna Kukecto maintain reachability information about the paths to active members. 50ddf21c6aSAna KukecNDP is vulnerable to various attacks [RFC3756]. 51ddf21c6aSAna KukecSecure Neighbor Discovery is a set of extensions to NDP that counter threats 52ddf21c6aSAna Kukecto NDP [RFC3971]. 53ddf21c6aSAna Kukec.Pp 54ddf21c6aSAna KukecKernel side support for SeND consists of a kernel module with hooks that 55ddf21c6aSAna Kukecdivert relevant packets (Neighbor Solicitations, Neighbor Advertisements, 56ddf21c6aSAna KukecRouter Solicitations, Router Advertisements and Redirects) from the NDP stack, 57ddf21c6aSAna Kukecsend them to user space on a dedicated socket and reinject them back for 58ddf21c6aSAna Kukecfurther processing. 59ddf21c6aSAna KukecHooks are triggered only if the 60ddf21c6aSAna Kukec.Nm 61ddf21c6aSAna Kukecmodule is loaded. 62ddf21c6aSAna Kukec.Pp 63ddf21c6aSAna KukecThe native SeND socket is similar to a raw IP socket, but with its own, 64ddf21c6aSAna Kukecinternal pseudo-protocol (IPPROTO_SEND). 65ddf21c6aSAna KukecStruct sockaddr_send is defined in 66ddf21c6aSAna Kukec.In netinet6/send.h . 67ddf21c6aSAna KukecIt defines the total length of the structure, the address family, packet's 68ddf21c6aSAna Kukecincoming or outgoing direction from the interface's point of view, and the 69ddf21c6aSAna Kukecinterface index. 70ddf21c6aSAna Kukec.Bd -literal 71ddf21c6aSAna Kukecstruct sockaddr_send { 72ddf21c6aSAna Kukec unsigned char send_len; /* total length */ 73ddf21c6aSAna Kukec sa_family_t send_family; /* address family */ 74ddf21c6aSAna Kukec int send_direction; 75ddf21c6aSAna Kukec int send_ifidx; 76ddf21c6aSAna Kukec char send_zero[8]; 77ddf21c6aSAna Kukec}; 78ddf21c6aSAna Kukec.Ed 79ddf21c6aSAna Kukec.Pp 80ddf21c6aSAna KukecThe address family is always 81ddf21c6aSAna Kukec.Va AF_INET6 . 82ddf21c6aSAna KukecThe 83ddf21c6aSAna Kukec.Va send_direction 84ddf21c6aSAna Kukecvariable denotes the direction of the packet from the interface's 85ddf21c6aSAna Kukecpoint of view and has either the value 86ddf21c6aSAna Kukec.Dv SND_IN 87ddf21c6aSAna Kukecor 88ddf21c6aSAna Kukec.Dv SND_OUT . 89ddf21c6aSAna KukecThe 90ddf21c6aSAna Kukec.Va send_ifidx 91ddf21c6aSAna Kukecvariable is the interface index of the receiving or sending interface. 92ddf21c6aSAna KukecThe 93ddf21c6aSAna Kukec.Va send_zero 94ddf21c6aSAna Kukecvariable is padding and must always be zero. 95ddf21c6aSAna Kukec.Pp 96ddf21c6aSAna KukecIn case that no user space application is connected to the send socket, 97ddf21c6aSAna Kukecprocessing continues normally as if the module was not loaded. 98ddf21c6aSAna Kukec.Sh INPUT HOOK 99ddf21c6aSAna KukecThe input hook is named after the input path of the incoming or outgoing 100ddf21c6aSAna KukecNDP packets, on the way from the wire, through the nd6 stack, to user 101ddf21c6aSAna Kukecspace. 102ddf21c6aSAna KukecRelevant packets are identified by adding an mbuf_tag 103ddf21c6aSAna Kukec(see 104ddf21c6aSAna Kukec.Xr mbuf_tags 9 ) 105ddf21c6aSAna Kukecto the 106ddf21c6aSAna Kukec.Xr mbuf 9 , 107ddf21c6aSAna Kukecif the 108ddf21c6aSAna Kukec.Nm 109ddf21c6aSAna Kukecmodule is loaded. 110ddf21c6aSAna KukecIt is then passed on to the kernel-userland interface 111ddf21c6aSAna Kukecfor either cryptographic protection or validation by the SeND application. 112ddf21c6aSAna KukecThe hook takes an argument that describes the direction of the packet, both 113ddf21c6aSAna Kukecin case of incoming and outgoing packets. 114ddf21c6aSAna Kukec.Dv SND_IN 115ddf21c6aSAna Kukecis the direction of the incoming packets that are usually protected 116ddf21c6aSAna Kukecby the SeND options and then sent to user space for cryptographic validation. 117ddf21c6aSAna Kukec.Dv SND_OUT 118ddf21c6aSAna Kukecis the outgoing direction. 119ddf21c6aSAna KukecIt describes both reply and locally 120ddf21c6aSAna Kukecoriginated outgoing packets that are sent to user space for the addition 121ddf21c6aSAna Kukecof SeND options. 122ddf21c6aSAna Kukec.Sh INCOMING PACKETS 123ddf21c6aSAna KukecThe incoming ND packet from the wire: 124ddf21c6aSAna Kukec.Bd -literal 125ddf21c6aSAna Kukec kernelspace ( userspace 126ddf21c6aSAna Kukec ) 127ddf21c6aSAna Kukec incoming SeND/ND packet ( 128ddf21c6aSAna Kukec | ) 129ddf21c6aSAna Kukec v ( SND_IN ) ( 130ddf21c6aSAna Kukec icmp6_input() -> send_input_hook ---> send socket ----+ 131ddf21c6aSAna Kukec : ) | 132ddf21c6aSAna Kukec : # # ( | 133ddf21c6aSAna Kukec normal : # # ) v 134ddf21c6aSAna Kukec processing : # send.ko # ( SeND application 135ddf21c6aSAna Kukec path : # # ) | 136ddf21c6aSAna Kukec : # # ( | 137ddf21c6aSAna Kukec v ) | 138ddf21c6aSAna Kukec icmp6/nd6_??_input() <- protocol switch <--- send socket <---+ 139ddf21c6aSAna Kukec | structure (IPPPROTO_SEND) ) 140ddf21c6aSAna Kukec | ( SND_IN ) ( 141ddf21c6aSAna Kukec v ) 142ddf21c6aSAna Kukec continue normal ND processing ( 143ddf21c6aSAna Kukec.Ed 144ddf21c6aSAna Kukec.Sh OUTGOING PACKETS 145ddf21c6aSAna KukecOutgoing ND packet (reply or locally triggered): 146ddf21c6aSAna Kukec.Bd -literal 147ddf21c6aSAna Kukec kernelspace ( userspace 148ddf21c6aSAna Kukec ) 149ddf21c6aSAna Kukec nd6_na_input() ( 150ddf21c6aSAna Kukec +PACKET_TAG_ND_OUTGOING ) 151ddf21c6aSAna Kukec | ) 152ddf21c6aSAna Kukec | outgoing packet ( 153ddf21c6aSAna Kukec | | ) 154ddf21c6aSAna Kukec | v ( 155ddf21c6aSAna Kukec | icmp6_redirect_output() ) 156ddf21c6aSAna Kukec | nd6_ns_output() ( 157ddf21c6aSAna Kukec | nd6_na_output() ) 158ddf21c6aSAna Kukec | +PACKET_TAG_ND_OUTGOING ( 159ddf21c6aSAna Kukec | | ) 160ddf21c6aSAna Kukec | +-----------<- rip6_output() <----------)----- rtsol/rtadvd/.. 161ddf21c6aSAna Kukec | | +PACKET_TAG_ND_OUTGOING ( 162ddf21c6aSAna Kukec | v ) 163ddf21c6aSAna Kukec | ip6_output() ( 164ddf21c6aSAna Kukec | | ) 165ddf21c6aSAna Kukec +-------->-+ ( 166ddf21c6aSAna Kukec | ) 167ddf21c6aSAna Kukec v ( SND_OUT ) ( 168ddf21c6aSAna Kukec nd6_output_lle() -> send_input_hook ---> send socket ----+ 169ddf21c6aSAna Kukec -PACKET_TAG_ND_OUTGOING ) | 170ddf21c6aSAna Kukec : # # ( | 171ddf21c6aSAna Kukec normal : # # ) v 172ddf21c6aSAna Kukec processing : # send.ko # ( SeND application 173ddf21c6aSAna Kukec path : # # ) | 174ddf21c6aSAna Kukec : # # ( | 175ddf21c6aSAna Kukec v ) | 176ddf21c6aSAna Kukec (*ifp->if_output)() <- protocol switch <--- send socket <---+ 177ddf21c6aSAna Kukec | structure (IPPPROTO_SEND) ) 178ddf21c6aSAna Kukec | ( SND_OUT ) ( 179ddf21c6aSAna Kukec v ) 180ddf21c6aSAna Kukec continue with normal packet output ( 181ddf21c6aSAna Kukec.Ed 182ddf21c6aSAna Kukec.Sh ERRORS 183ddf21c6aSAna KukecA socket operation may fail with one of the following errors returned: 184ddf21c6aSAna Kukec.Bl -tag -width Er 185ddf21c6aSAna Kukec.It Bq Er EEXIST 186ddf21c6aSAna KukecAnother user space SeND application is bound to the socket. 187ddf21c6aSAna Kukec.It Bq Er ENOBUFS 188ddf21c6aSAna KukecShortage of space to receive the incoming (SeND-protected) or outgoing 189ddf21c6aSAna Kukec(SeND-validated) packet from the SeND application. 190ddf21c6aSAna Kukec.It Bq Er ENOSYS 191ddf21c6aSAna KukecA packet received from user space and passed to the NDP stack for further 192ddf21c6aSAna Kukecprocessing is neither Neighbor Solicitation, Neighbor Advertisement, 193ddf21c6aSAna KukecRouter Solicitation, Router Advertisement nor Redirect. 194ddf21c6aSAna Kukec.It Bq Er ENOENT 195ddf21c6aSAna KukecOccurs if interface output routines fail to send the packet out of the 196ddf21c6aSAna Kukecinterface. 197ddf21c6aSAna Kukec.El 198ddf21c6aSAna Kukec.Sh SEE ALSO 199ddf21c6aSAna Kukec.Xr recvfrom 2 200ddf21c6aSAna Kukec.Xr sendto 2 201ddf21c6aSAna Kukec.Xr socket 2 202ddf21c6aSAna Kukec.Xr loader.conf 5 203ddf21c6aSAna Kukec.Sh HISTORY 204ddf21c6aSAna KukecThe 205ddf21c6aSAna Kukec.Nm 206ddf21c6aSAna Kukecmodule first appeared in 207ddf21c6aSAna Kukec.Fx 9.0 . 208ddf21c6aSAna Kukec.Sh AUTHORS 209ddf21c6aSAna Kukec.An Ana Kukec Aq anchie@FreeBSD.org , 210ddf21c6aSAna KukecUniversity of Zagreb 211ddf21c6aSAna Kukec.Sh BUGS 212ddf21c6aSAna KukecDue to the lack of NDP locking, it is currently not possible to unload the 213ddf21c6aSAna Kukec.Nm 214ddf21c6aSAna Kukecmodule. 215