This shows you the differences between two versions of the page.
Next revision | Previous revisionLast revisionBoth sides next revision | ||
ch11 [2015-09-13 14:24] – created victor | ch11 [2021-02-22 16:53] – [Change history] victor | ||
---|---|---|---|
Line 15: | Line 15: | ||
The protocol, CHUDP, by default uses UDP port 42042, but this can be configured in case, e.g., that port doesn' | The protocol, CHUDP, by default uses UDP port 42042, but this can be configured in case, e.g., that port doesn' | ||
- | The code is a (very) stripped-down version of dvlhdh.c and dpimp.c, and includes minimal patches to the makefile and to kn10dev.c. It can be downloaded [[http:// | + | The code is a (very) stripped-down version of dvlhdh.c and dpimp.c, and includes minimal patches to the makefile and to kn10dev.c. It is now included in [[https:// |
To configure the CH11 device, as a minimum, use | To configure the CH11 device, as a minimum, use | ||
Line 24: | Line 24: | ||
It uses the generic Unibus parameters " | It uses the generic Unibus parameters " | ||
- | | + | |
- | | + | |
+ | |||
+ | (Rather than configuring lots of chip entries, consider using the separate chaosnet bridge program at https:// | ||
If a CHUDP packet is received from an unknown host, a Chaos/IP mapping is dynamically added to the table, so return traffic can find its way. This is useful e.g. if you accept connections from other ITSes without static IP addresses. (There is currently no way to avoid potentially filling your table this way.) | If a CHUDP packet is received from an unknown host, a Chaos/IP mapping is dynamically added to the table, so return traffic can find its way. This is useful e.g. if you accept connections from other ITSes without static IP addresses. (There is currently no way to avoid potentially filling your table this way.) | ||
- | To make use of the interface, you need to recompile ITS after defining CHAOSP, MYCHAD, NINDX, and CH11P in SYSTEM; | + | To make use of the interface, you need to recompile ITS after defining CHAOSP, MYCHAD, NINDX, and CH11P in '' |
Make sure your firewall lets the UDP traffic through. | Make sure your firewall lets the UDP traffic through. | ||
- | I would appreciate very much to get feedback and testing, especially from people who actually *know* how the original interface was supposed to act. I've discovered many things by reading SYSTEM; | + | I would appreciate very much to get feedback and testing, especially from people who actually *know* how the original interface was supposed to act. I've discovered many things by reading |
===== *BEWARE* ===== | ===== *BEWARE* ===== | ||
Line 51: | Line 53: | ||
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | * implemented "lost count" in CSR | + | |
- | * added basic routing support (if DPCHUDP_DO_ROUTING is non-zero): if a packet is sent to DEFAULT_CHAOS_ROUTER (default 03040) or to another subnet, look up header destination in CHIP table, and if found, send it there (after updating forwarding count, trailer destination, | + | |
- | + | * Minor portability fixes (after porting to Solaris/ | |
- | | + | * Checksum now checked in dpimp. |
- | | + | * Dynamic entries in CHIP table are refreshed if it's more than 5 minutes since last reception from that address. |
- | | + | * Front-end command: dev chaos chiptable to show current contents of CHIP table. |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | * Minor portability fixes (after porting to Solaris/ | + | |
- | * Checksum now checked in dpimp. | + | |
- | * Dynamic entries in CHIP table are refreshed if it's more than 5 minutes since last reception from that address. | + | |
- | * Front-end command: dev chaos chiptable to show current contents of CHIP table. | + | |
- | + | ||
- | | + | |
- | | + | |
===== Ideas for future work: ===== | ===== Ideas for future work: ===== | ||
Line 83: | Line 74: | ||
* Setting to only accept dynamic ip/port for specific chaos addresses. (Allow for future authentication extension?) | * Setting to only accept dynamic ip/port for specific chaos addresses. (Allow for future authentication extension?) | ||
* Dynamic setting for chip table ttl. | * Dynamic setting for chip table ttl. | ||
- | * Better routing support. | + | * Better routing support |
* Implement loopback (not LUP, but Chaos pkts to self). Currently they are in practice dropped. I'm not sure ITS handles this very well anyway. | * Implement loopback (not LUP, but Chaos pkts to self). Currently they are in practice dropped. I'm not sure ITS handles this very well anyway. | ||
- | | + | * Use DNS to find Chaos addresses |
- | | + | |
* More CHUDP protocol functions? | * More CHUDP protocol functions? | ||
* Security: while ITS with PANDA/PWORD may keep malicious people out, there are gaping holes once you have Chaosnet access. If dynamic CHIP entries are allowed, anyone can come up with a random Chaos address and read/write your system over MLDEV. Possible improvements: | * Security: while ITS with PANDA/PWORD may keep malicious people out, there are gaping holes once you have Chaosnet access. If dynamic CHIP entries are allowed, anyone can come up with a random Chaos address and read/write your system over MLDEV. Possible improvements: | ||
+ | * Use DTLS - or use the TLS link type in [[https:// | ||
* Let MLSLV check that the chaos address translates to an ITS name in the ITSNMS table. | * Let MLSLV check that the chaos address translates to an ITS name in the ITSNMS table. | ||
* Verify CHIP enties by checking that DNS entries for CH and IN classes match. This doesn' | * Verify CHIP enties by checking that DNS entries for CH and IN classes match. This doesn' | ||
- | * Add a cryptographic handshake to the CHUDP protocol. PKS key distribution using DNS? When UDP port changes (e.g. due to NAT), renegotiate. (When a non-authenticated CHUDP pkt arrives, send a challenge back.) | ||
- | * Chaosnet library for Linux/ | ||
- | |||
+ | See [[https:// |