2 .\" Copyright (c) 2010 Ana Kukec
3 .\" All rights reserved.
5 .\" Redistribution and use in source and binary forms, with or without
6 .\" modification, are permitted provided that the following conditions
8 .\" 1. Redistributions of source code must retain the above copyright
9 .\" notice, this list of conditions and the following disclaimer.
10 .\" 2. Redistributions in binary form must reproduce the above copyright
11 .\" notice, this list of conditions and the following disclaimer in the
12 .\" documentation and/or other materials provided with the distribution.
14 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28 .Dd September 19, 2010
33 .Nd "Kernel side support for Secure Neighbor Discovery (SeND)"
39 .Fn socket PF_INET6 SOCK_RAW IPPROTO_SEND
41 To load the driver as a module at boot time, place the following line in
43 .Bd -literal -offset indent
47 IPv6 nodes use the Neighbor Discovery Protocol (NDP) to discover other nodes
48 on the link, to determine their link-layer addresses to find routers, and
49 to maintain reachability information about the paths to active members.
50 NDP is vulnerable to various attacks [RFC3756].
51 Secure Neighbor Discovery is a set of extensions to NDP that counter threats
54 Kernel side support for SeND consists of a kernel module with hooks that
55 divert relevant packets (Neighbor Solicitations, Neighbor Advertisements,
56 Router Solicitations, Router Advertisements and Redirects) from the NDP stack,
57 send them to user space on a dedicated socket and reinject them back for
59 Hooks are triggered only if the
63 The native SeND socket is similar to a raw IP socket, but with its own,
64 internal pseudo-protocol (IPPROTO_SEND).
65 Struct sockaddr_send is defined in
67 It defines the total length of the structure, the address family, packet's
68 incoming or outgoing direction from the interface's point of view, and the
71 struct sockaddr_send {
72 unsigned char send_len; /* total length */
73 sa_family_t send_family; /* address family */
80 The address family is always
84 variable denotes the direction of the packet from the interface's
85 point of view and has either the value
91 variable is the interface index of the receiving or sending interface.
94 variable is padding and must always be zero.
96 In case that no user space application is connected to the send socket,
97 processing continues normally as if the module was not loaded.
99 The input hook is named after the input path of the incoming or outgoing
100 NDP packets, on the way from the wire, through the nd6 stack, to user
102 Relevant packets are identified by adding an mbuf_tag
110 It is then passed on to the kernel-userland interface
111 for either cryptographic protection or validation by the SeND application.
112 The hook takes an argument that describes the direction of the packet, both
113 in case of incoming and outgoing packets.
115 is the direction of the incoming packets that are usually protected
116 by the SeND options and then sent to user space for cryptographic validation.
118 is the outgoing direction.
119 It describes both reply and locally
120 originated outgoing packets that are sent to user space for the addition
123 The incoming ND packet from the wire:
125 kernelspace ( userspace
127 incoming SeND/ND packet (
130 icmp6_input() -> send_input_hook ---> send socket ----+
134 processing : # send.ko # ( SeND application
138 icmp6/nd6_??_input() <- protocol switch <--- send socket <---+
139 | structure (IPPPROTO_SEND) )
142 continue normal ND processing (
145 Outgoing ND packet (reply or locally triggered):
147 kernelspace ( userspace
150 +PACKET_TAG_ND_OUTGOING )
155 | icmp6_redirect_output() )
158 | +PACKET_TAG_ND_OUTGOING (
160 | +-----------<- rip6_output() <----------)----- rtsol/rtadvd/..
161 | | +PACKET_TAG_ND_OUTGOING (
168 nd6_output_lle() -> send_input_hook ---> send socket ----+
169 -PACKET_TAG_ND_OUTGOING ) |
172 processing : # send.ko # ( SeND application
176 (*ifp->if_output)() <- protocol switch <--- send socket <---+
177 | structure (IPPPROTO_SEND) )
180 continue with normal packet output (
183 A socket operation may fail with one of the following errors returned:
186 Another user space SeND application is bound to the socket.
188 Shortage of space to receive the incoming (SeND-protected) or outgoing
189 (SeND-validated) packet from the SeND application.
191 A packet received from user space and passed to the NDP stack for further
192 processing is neither Neighbor Solicitation, Neighbor Advertisement,
193 Router Solicitation, Router Advertisement nor Redirect.
195 Occurs if interface output routines fail to send the packet out of the
206 module first appeared in
209 .An Ana Kukec Aq Mt anchie@FreeBSD.org ,
212 Due to the lack of NDP locking, it is currently not possible to unload the