Yeah, that might be version 2 then :)
At the moment I'll just add some code to do the AES encryption and identity
verification using CRC-32.
Sampsa.
On 25 Aug 2008, at 11:38, Johnny Billquist wrote:
Sampsa Laine wrote:
I figured I might just add some kind of identifier to the packet, and just grab the source
address of the packet and use it as the new address, every time. Would this not work?
Well, you need to change the current code, since it don't work that way.
Also, you need to figure out which "old" source the packet came from, so that
you don't change the source for the wrong other endpoint.
At my end, the bridge is talking to about 12 different other ends...
Johnny
Sampsa
On 25 Aug 2008, at 09:48, Johnny Billquist wrote:
Sampsa Laine wrote:
OK, I'll have a go at it later on today if possible, this literally should not be TOO
difficult to code in.
Oh, it should definitely be easy. The data receive and data transmit are located in very
few places.
There are some trickery in there that you additionally need to maybe think about, such as
the code that tries to avoid receiving the same packets that are sent out.
Also, if you later plan to add functionality to enable sending meta-data, such as IP
address changes, you need to change the contents of the packets, remove the verification
of source address of data, maybe add some handling to make sure that address changes
packets really are received (remember, this is all UDP).
There might be some other things to think about as well. Can't think of anything
offhand, but one never knows... :-)
Johnny
Sampsa
On 25 Aug 2008, at 09:27, Johnny Billquist wrote:
Sampsa Laine wrote:
Guys,
I've had an idea for improving the usability and security of the bridge: Encryption.
Now I realise that we're not dealing with a massively high-security installation here
with
with HECnet but please hear me out :)
Gha! Feel free.
But I don't really want to fool around with that. My aim was to get something rather
simple, that was easy to diagnose when problems occur. :-)
So I'll stick with my version for now. If someone else hacks something together, I
might install it if it don't add much overhead to the data.
Johnny