1*ddf21c6aSAna Kukec.\"- 2*ddf21c6aSAna Kukec.\" Copyright (c) 2010 Ana Kukec 3*ddf21c6aSAna Kukec.\" All rights reserved. 4*ddf21c6aSAna Kukec.\" 5*ddf21c6aSAna Kukec.\" Redistribution and use in source and binary forms, with or without 6*ddf21c6aSAna Kukec.\" modification, are permitted provided that the following conditions 7*ddf21c6aSAna Kukec.\" are met: 8*ddf21c6aSAna Kukec.\" 1. Redistributions of source code must retain the above copyright 9*ddf21c6aSAna Kukec.\" notice, this list of conditions and the following disclaimer. 10*ddf21c6aSAna Kukec.\" 2. Redistributions in binary form must reproduce the above copyright 11*ddf21c6aSAna Kukec.\" notice, this list of conditions and the following disclaimer in the 12*ddf21c6aSAna Kukec.\" documentation and/or other materials provided with the distribution. 13*ddf21c6aSAna Kukec.\" 14*ddf21c6aSAna Kukec.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15*ddf21c6aSAna Kukec.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16*ddf21c6aSAna Kukec.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17*ddf21c6aSAna Kukec.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18*ddf21c6aSAna Kukec.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19*ddf21c6aSAna Kukec.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20*ddf21c6aSAna Kukec.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21*ddf21c6aSAna Kukec.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22*ddf21c6aSAna Kukec.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23*ddf21c6aSAna Kukec.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24*ddf21c6aSAna Kukec.\" SUCH DAMAGE. 25*ddf21c6aSAna Kukec.\" 26*ddf21c6aSAna Kukec.\" $FreeBSD$ 27*ddf21c6aSAna Kukec.\" 28*ddf21c6aSAna Kukec.Dd September 19, 2010 29*ddf21c6aSAna Kukec.Dt SEND 4 30*ddf21c6aSAna Kukec.Os 31*ddf21c6aSAna Kukec.Sh NAME 32*ddf21c6aSAna Kukec.Nm send 33*ddf21c6aSAna Kukec.Nd "Kernel side support for Secure Neighbor Discovery (SeND)" 34*ddf21c6aSAna Kukec.Sh SYNOPSIS 35*ddf21c6aSAna Kukec.In sys/socket.h 36*ddf21c6aSAna Kukec.In netinet/in.h 37*ddf21c6aSAna Kukec.In netinet6/send.h 38*ddf21c6aSAna Kukec.Ft int 39*ddf21c6aSAna Kukec.Fn socket PF_INET6 SOCK_RAW IPPROTO_SEND 40*ddf21c6aSAna Kukec.Pp 41*ddf21c6aSAna KukecTo enable 42*ddf21c6aSAna Kukec.Ns Nm 43*ddf21c6aSAna Kukecsupport, load the kernel side SeND as a module. 44*ddf21c6aSAna KukecTo load it at boot time, add the following line to 45*ddf21c6aSAna Kukec.Xr loader.conf 5 : 46*ddf21c6aSAna Kukec.Bd -literal -offset indent 47*ddf21c6aSAna Kukecsend_load="YES" 48*ddf21c6aSAna Kukec.Ed 49*ddf21c6aSAna Kukec.Sh DESCRIPTION 50*ddf21c6aSAna KukecIPv6 nodes use the Neighbor Discovery Protocol (NDP) to discover other nodes 51*ddf21c6aSAna Kukecon the link, to determine their link-layer addresses to find routers, and 52*ddf21c6aSAna Kukecto maintain reachability information about the paths to active members. 53*ddf21c6aSAna KukecNDP is vulnerable to various attacks [RFC3756]. 54*ddf21c6aSAna KukecSecure Neighbor Discovery is a set of extensions to NDP that counter threats 55*ddf21c6aSAna Kukecto NDP [RFC3971]. 56*ddf21c6aSAna Kukec.Pp 57*ddf21c6aSAna KukecKernel side support for SeND consists of a kernel module with hooks that 58*ddf21c6aSAna Kukecdivert relevant packets (Neighbor Solicitations, Neighbor Advertisements, 59*ddf21c6aSAna KukecRouter Solicitations, Router Advertisements and Redirects) from the NDP stack, 60*ddf21c6aSAna Kukecsend them to user space on a dedicated socket and reinject them back for 61*ddf21c6aSAna Kukecfurther processing. 62*ddf21c6aSAna KukecHooks are triggered only if the 63*ddf21c6aSAna Kukec.Nm 64*ddf21c6aSAna Kukecmodule is loaded. 65*ddf21c6aSAna Kukec.Pp 66*ddf21c6aSAna KukecThe native SeND socket is similar to a raw IP socket, but with its own, 67*ddf21c6aSAna Kukecinternal pseudo-protocol (IPPROTO_SEND). 68*ddf21c6aSAna KukecStruct sockaddr_send is defined in 69*ddf21c6aSAna Kukec.In netinet6/send.h . 70*ddf21c6aSAna KukecIt defines the total length of the structure, the address family, packet's 71*ddf21c6aSAna Kukecincoming or outgoing direction from the interface's point of view, and the 72*ddf21c6aSAna Kukecinterface index. 73*ddf21c6aSAna Kukec.Pp 74*ddf21c6aSAna Kukec.Bd -literal 75*ddf21c6aSAna Kukecstruct sockaddr_send { 76*ddf21c6aSAna Kukec unsigned char send_len; /* total length */ 77*ddf21c6aSAna Kukec sa_family_t send_family; /* address family */ 78*ddf21c6aSAna Kukec int send_direction; 79*ddf21c6aSAna Kukec int send_ifidx; 80*ddf21c6aSAna Kukec char send_zero[8]; 81*ddf21c6aSAna Kukec}; 82*ddf21c6aSAna Kukec.Ed 83*ddf21c6aSAna Kukec.Pp 84*ddf21c6aSAna KukecThe address family is always 85*ddf21c6aSAna Kukec.Va AF_INET6 . 86*ddf21c6aSAna KukecThe 87*ddf21c6aSAna Kukec.Va send_direction 88*ddf21c6aSAna Kukecvariable denotes the direction of the packet from the interface's 89*ddf21c6aSAna Kukecpoint of view and has either the value 90*ddf21c6aSAna Kukec.Dv SND_IN 91*ddf21c6aSAna Kukecor 92*ddf21c6aSAna Kukec.Dv SND_OUT . 93*ddf21c6aSAna KukecThe 94*ddf21c6aSAna Kukec.Va send_ifidx 95*ddf21c6aSAna Kukecvariable is the interface index of the receiving or sending interface. 96*ddf21c6aSAna KukecThe 97*ddf21c6aSAna Kukec.Va send_zero 98*ddf21c6aSAna Kukecvariable is padding and must always be zero. 99*ddf21c6aSAna Kukec.Pp 100*ddf21c6aSAna KukecIn case that no user space application is connected to the send socket, 101*ddf21c6aSAna Kukecprocessing continues normally as if the module was not loaded. 102*ddf21c6aSAna Kukec.Sh INPUT HOOK 103*ddf21c6aSAna KukecThe input hook is named after the input path of the incoming or outgoing 104*ddf21c6aSAna KukecNDP packets, on the way from the wire, through the nd6 stack, to user 105*ddf21c6aSAna Kukecspace. 106*ddf21c6aSAna KukecRelevant packets are identified by adding an mbuf_tag 107*ddf21c6aSAna Kukec(see 108*ddf21c6aSAna Kukec.Xr mbuf_tags 9 ) 109*ddf21c6aSAna Kukecto the 110*ddf21c6aSAna Kukec.Xr mbuf 9 , 111*ddf21c6aSAna Kukecif the 112*ddf21c6aSAna Kukec.Nm 113*ddf21c6aSAna Kukecmodule is loaded. 114*ddf21c6aSAna KukecIt is then passed on to the kernel-userland interface 115*ddf21c6aSAna Kukecfor either cryptographic protection or validation by the SeND application. 116*ddf21c6aSAna KukecThe hook takes an argument that describes the direction of the packet, both 117*ddf21c6aSAna Kukecin case of incoming and outgoing packets. 118*ddf21c6aSAna Kukec.Dv SND_IN 119*ddf21c6aSAna Kukecis the direction of the incoming packets that are usually protected 120*ddf21c6aSAna Kukecby the SeND options and then sent to user space for cryptographic validation. 121*ddf21c6aSAna Kukec.Dv SND_OUT 122*ddf21c6aSAna Kukecis the outgoing direction. 123*ddf21c6aSAna KukecIt describes both reply and locally 124*ddf21c6aSAna Kukecoriginated outgoing packets that are sent to user space for the addition 125*ddf21c6aSAna Kukecof SeND options. 126*ddf21c6aSAna Kukec.Sh INCOMING PACKETS 127*ddf21c6aSAna KukecThe incoming ND packet from the wire: 128*ddf21c6aSAna Kukec.Bd -literal 129*ddf21c6aSAna Kukec kernelspace ( userspace 130*ddf21c6aSAna Kukec ) 131*ddf21c6aSAna Kukec incoming SeND/ND packet ( 132*ddf21c6aSAna Kukec | ) 133*ddf21c6aSAna Kukec v ( SND_IN ) ( 134*ddf21c6aSAna Kukec icmp6_input() -> send_input_hook ---> send socket ----+ 135*ddf21c6aSAna Kukec : ) | 136*ddf21c6aSAna Kukec : # # ( | 137*ddf21c6aSAna Kukec normal : # # ) v 138*ddf21c6aSAna Kukec processing : # send.ko # ( SeND application 139*ddf21c6aSAna Kukec path : # # ) | 140*ddf21c6aSAna Kukec : # # ( | 141*ddf21c6aSAna Kukec v ) | 142*ddf21c6aSAna Kukec icmp6/nd6_??_input() <- protocol switch <--- send socket <---+ 143*ddf21c6aSAna Kukec | structure (IPPPROTO_SEND) ) 144*ddf21c6aSAna Kukec | ( SND_IN ) ( 145*ddf21c6aSAna Kukec v ) 146*ddf21c6aSAna Kukec continue normal ND processing ( 147*ddf21c6aSAna Kukec.Ed 148*ddf21c6aSAna Kukec.Sh OUTGOING PACKETS 149*ddf21c6aSAna KukecOutgoing ND packet (reply or locally triggered): 150*ddf21c6aSAna Kukec.Bd -literal 151*ddf21c6aSAna Kukec kernelspace ( userspace 152*ddf21c6aSAna Kukec ) 153*ddf21c6aSAna Kukec nd6_na_input() ( 154*ddf21c6aSAna Kukec +PACKET_TAG_ND_OUTGOING ) 155*ddf21c6aSAna Kukec | ) 156*ddf21c6aSAna Kukec | outgoing packet ( 157*ddf21c6aSAna Kukec | | ) 158*ddf21c6aSAna Kukec | v ( 159*ddf21c6aSAna Kukec | icmp6_redirect_output() ) 160*ddf21c6aSAna Kukec | nd6_ns_output() ( 161*ddf21c6aSAna Kukec | nd6_na_output() ) 162*ddf21c6aSAna Kukec | +PACKET_TAG_ND_OUTGOING ( 163*ddf21c6aSAna Kukec | | ) 164*ddf21c6aSAna Kukec | +-----------<- rip6_output() <----------)----- rtsol/rtadvd/.. 165*ddf21c6aSAna Kukec | | +PACKET_TAG_ND_OUTGOING ( 166*ddf21c6aSAna Kukec | v ) 167*ddf21c6aSAna Kukec | ip6_output() ( 168*ddf21c6aSAna Kukec | | ) 169*ddf21c6aSAna Kukec +-------->-+ ( 170*ddf21c6aSAna Kukec | ) 171*ddf21c6aSAna Kukec v ( SND_OUT ) ( 172*ddf21c6aSAna Kukec nd6_output_lle() -> send_input_hook ---> send socket ----+ 173*ddf21c6aSAna Kukec -PACKET_TAG_ND_OUTGOING ) | 174*ddf21c6aSAna Kukec : # # ( | 175*ddf21c6aSAna Kukec normal : # # ) v 176*ddf21c6aSAna Kukec processing : # send.ko # ( SeND application 177*ddf21c6aSAna Kukec path : # # ) | 178*ddf21c6aSAna Kukec : # # ( | 179*ddf21c6aSAna Kukec v ) | 180*ddf21c6aSAna Kukec (*ifp->if_output)() <- protocol switch <--- send socket <---+ 181*ddf21c6aSAna Kukec | structure (IPPPROTO_SEND) ) 182*ddf21c6aSAna Kukec | ( SND_OUT ) ( 183*ddf21c6aSAna Kukec v ) 184*ddf21c6aSAna Kukec continue with normal packet output ( 185*ddf21c6aSAna Kukec.Ed 186*ddf21c6aSAna Kukec.Sh ERRORS 187*ddf21c6aSAna KukecA socket operation may fail with one of the following errors returned: 188*ddf21c6aSAna Kukec.Bl -tag -width Er 189*ddf21c6aSAna Kukec.It Bq Er EEXIST 190*ddf21c6aSAna KukecAnother user space SeND application is bound to the socket. 191*ddf21c6aSAna Kukec.It Bq Er ENOBUFS 192*ddf21c6aSAna KukecShortage of space to receive the incoming (SeND-protected) or outgoing 193*ddf21c6aSAna Kukec(SeND-validated) packet from the SeND application. 194*ddf21c6aSAna Kukec.It Bq Er ENOSYS 195*ddf21c6aSAna KukecA packet received from user space and passed to the NDP stack for further 196*ddf21c6aSAna Kukecprocessing is neither Neighbor Solicitation, Neighbor Advertisement, 197*ddf21c6aSAna KukecRouter Solicitation, Router Advertisement nor Redirect. 198*ddf21c6aSAna Kukec.It Bq Er ENOENT 199*ddf21c6aSAna KukecOccurs if interface output routines fail to send the packet out of the 200*ddf21c6aSAna Kukecinterface. 201*ddf21c6aSAna Kukec.El 202*ddf21c6aSAna Kukec.Sh SEE ALSO 203*ddf21c6aSAna Kukec.Xr recvfrom 2 204*ddf21c6aSAna Kukec.Xr sendto 2 205*ddf21c6aSAna Kukec.Xr socket 2 206*ddf21c6aSAna Kukec.Xr loader.conf 5 207*ddf21c6aSAna Kukec.Sh HISTORY 208*ddf21c6aSAna KukecThe 209*ddf21c6aSAna Kukec.Nm 210*ddf21c6aSAna Kukecmodule first appeared in 211*ddf21c6aSAna Kukec.Fx 9.0 . 212*ddf21c6aSAna Kukec.Sh AUTHORS 213*ddf21c6aSAna Kukec.An Ana Kukec Aq anchie@FreeBSD.org , 214*ddf21c6aSAna KukecUniversity of Zagreb 215*ddf21c6aSAna Kukec.Sh BUGS 216*ddf21c6aSAna KukecDue to the lack of NDP locking, it is currently not possible to unload the 217*ddf21c6aSAna Kukec.Nm 218*ddf21c6aSAna Kukecmodule. 219