Second night's commit.
We're a bit closer to something sane, now. We can wrap, but not unwrap, packets. Asymmetric encryption is *big*. encrypted text with a 4096-bit RSA public key is 512 bytes. We can't fragment yet. Fortunately, this isn't an infinite regress once we *can* fragment. Performance is still a big question mark, of course. There may still be endianness issues hanging around. The eid<->rloc map is almost certainly far, far too slow to be of any use in the real world.
This commit is contained in:
Nick Thomas
@@ -21,7 +21,7 @@ running on. It then drops a bgpfeeder-suitable file on disc that will redirect
|
||||
all the EIDs in the rloc registry to its IP address, and waits for packets.
|
||||
|
||||
Every time a packet comes in, wrapper reads it, then constructs and emits a
|
||||
corresponding wrapped packet. Probably using pcap to start.
|
||||
corresponding wrapped packet.
|
||||
|
||||
Don't bother implementing RLOC pools for ICMP yet.
|
||||
|
||||
@@ -29,9 +29,8 @@ unwrapper
|
||||
=========
|
||||
This component is fed a private key, and told which RLOC(s) to listen on. It
|
||||
dumps a bgpfeeder-compatible file to disc directing those RLOCs to it, then
|
||||
(again, probably using pcap) waits for wrapped packets to come to it. As it
|
||||
receives them, it decrypts them with the private key, then constructs the
|
||||
unwrapped equivalent and forwards it on.
|
||||
waits for wrapped packets to come to it. As it receives them, it decrypts them
|
||||
with the private key, then constructs the unwrapped equivalent and forwards it.
|
||||
|
||||
|
||||
bgpfeeder
|
||||
|
||||
Reference in New Issue
Block a user