Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[tcpcrypt-dev] new tcpcrypt version and IETF meeting

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Jul 22 19:55:12 PDT 2014


Hi Andrea--

On Tue 2014-07-22 18:21:16 -0400, Andrea Bittau <bittau at cs.stanford.edu> wrote:
> I just released a major change to tcpcrypt.  Changes include:
>
> * Stable support for windows.  We're now using WinDivert.
>
> * Match the code to the new spec.  ECDHE support, new wire format,
> etc. [http://www.ietf.org/id/draft-bittau-tcpinc-01.txt]

Nice!

> Please download the new version and test it.  Let me know if you have
> any problems.  I plan to make it as stable as possible during this
> week.

I see a few warnings when building against debian unstable:

libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I.. -I../include/ -g -O2 -Wall -Wno-deprecated-declarations -MT libtcpcrypt_la-sockopt.lo -MD -MP -MF .deps/libtcpcrypt_la-sockopt.Tpo -c sockopt.c  -fPIC -DPIC -o .libs/libtcpcrypt_la-sockopt.o
sockopt.c: In function 'setsockopt_kernel':
sockopt.c:259:2: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
  *((int*) lame) = optname;
  ^
sockopt.c: In function 'getsockopt_kernel':
sockopt.c:277:2: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
  *((int*) lame) = optname;
  ^

and:


gcc -DHAVE_CONFIG_H -I. -I..    -I../include/ -g -O2 -Wall -Wno-deprecated-declarations -MT tcpcryptd-tcpcrypt.o -MD -MP -MF .deps/tcpcryptd-tcpcrypt.Tpo -c -o tcpcryptd-tcpcrypt.o `test -f 'tcpcrypt.c' || echo './'`tcpcrypt.c
tcpcrypt.c: In function ‘process_init2’:
tcpcrypt.c:2447:6: warning: variable ‘kxs_len’ set but not used [-Wunused-but-set-variable]
  int kxs_len;
      ^
tcpcrypt.c:2445:6: warning: variable ‘klen’ set but not used [-Wunused-but-set-variable]
  int klen;
      ^
In file included from tcpcrypt.c:12:0:
tcpcrypt.c: At top level:
tcpcryptd.h:34:14: warning: ‘REQS’ defined but not used [-Wunused-variable]
 static char *REQS[] = {
              ^
tcpcryptd.h:44:14: warning: ‘TEST_REPLY’ defined but not used [-Wunused-variable]
 static char *TEST_REPLY = "HTTP/1.0 200 OK\r\n"
              ^
mv -f .deps/tcpcryptd-tcpcrypt.Tpo .deps/tcpcryptd-tcpcrypt.Po
gcc -DHAVE_CONFIG_H -I. -I..    -I../include/ -g -O2 -Wall -Wno-deprecated-declarations -MT tcpcryptd-crypto.o -MD -MP -MF .deps/tcpcryptd-crypto.Tpo -c -o tcpcryptd-crypto.o `test -f 'crypto.c' || echo './'`crypto.c
In file included from crypto.c:12:0:
tcpcryptd.h:34:14: warning: ‘REQS’ defined but not used [-Wunused-variable]
 static char *REQS[] = {
              ^
tcpcryptd.h:44:14: warning: ‘TEST_REPLY’ defined but not used [-Wunused-variable]
 static char *TEST_REPLY = "HTTP/1.0 200 OK\r\n"
              ^
mv -f .deps/tcpcryptd-crypto.Tpo .deps/tcpcryptd-crypto.Po
gcc -DHAVE_CONFIG_H -I. -I..    -I../include/ -g -O2 -Wall -Wno-deprecated-declarations -MT tcpcryptd-crypto_rsa.o -MD -MP -MF .deps/tcpcryptd-crypto_rsa.Tpo -c -o tcpcryptd-crypto_rsa.o `test -f 'crypto_rsa.c' || echo './'`crypto_rsa.c
In file included from crypto_rsa.c:14:0:
tcpcryptd.h:34:14: warning: ‘REQS’ defined but not used [-Wunused-variable]
 static char *REQS[] = {
              ^
tcpcryptd.h:44:14: warning: ‘TEST_REPLY’ defined but not used [-Wunused-variable]
 static char *TEST_REPLY = "HTTP/1.0 200 OK\r\n"
              ^
mv -f .deps/tcpcryptd-crypto_rsa.Tpo .deps/tcpcryptd-crypto_rsa.Po
gcc -DHAVE_CONFIG_H -I. -I..    -I../include/ -g -O2 -Wall -Wno-deprecated-declarations -MT tcpcryptd-crypto_aes.o -MD -MP -MF .deps/tcpcryptd-crypto_aes.Tpo -c -o tcpcryptd-crypto_aes.o `test -f 'crypto_aes.c' || echo './'`crypto_aes.c
In file included from crypto_aes.c:13:0:
tcpcryptd.h:34:14: warning: ‘REQS’ defined but not used [-Wunused-variable]
 static char *REQS[] = {
              ^
tcpcryptd.h:44:14: warning: ‘TEST_REPLY’ defined but not used [-Wunused-variable]
 static char *TEST_REPLY = "HTTP/1.0 200 OK\r\n"
              ^
mv -f .deps/tcpcryptd-crypto_aes.Tpo .deps/tcpcryptd-crypto_aes.Po
gcc -DHAVE_CONFIG_H -I. -I..    -I../include/ -g -O2 -Wall -Wno-deprecated-declarations -MT tcpcryptd-crypto_hmac.o -MD -MP -MF .deps/tcpcryptd-crypto_hmac.Tpo -c -o tcpcryptd-crypto_hmac.o `test -f 'crypto_hmac.c' || echo './'`crypto_hmac.c
In file included from crypto_hmac.c:12:0:
tcpcryptd.h:34:14: warning: ‘REQS’ defined but not used [-Wunused-variable]
 static char *REQS[] = {
              ^
tcpcryptd.h:44:14: warning: ‘TEST_REPLY’ defined but not used [-Wunused-variable]
 static char *TEST_REPLY = "HTTP/1.0 200 OK\r\n"
              ^
mv -f .deps/tcpcryptd-crypto_hmac.Tpo .deps/tcpcryptd-crypto_hmac.Po
gcc -DHAVE_CONFIG_H -I. -I..    -I../include/ -g -O2 -Wall -Wno-deprecated-declarations -MT tcpcryptd-crypto_dummy.o -MD -MP -MF .deps/tcpcryptd-crypto_dummy.Tpo -c -o tcpcryptd-crypto_dummy.o `test -f 'crypto_dummy.c' || echo './'`crypto_dummy.c
In file included from crypto_dummy.c:11:0:
tcpcryptd.h:34:14: warning: ‘REQS’ defined but not used [-Wunused-variable]
 static char *REQS[] = {
              ^
tcpcryptd.h:44:14: warning: ‘TEST_REPLY’ defined but not used [-Wunused-variable]
 static char *TEST_REPLY = "HTTP/1.0 200 OK\r\n"
              ^


I don't think any of these are particularly scary, but cleaning up the
warnings would make the code less noisy, so that any future warnings or
errors would be more visible.

Building on powerpc, i also get some hard failures:

gcc -DHAVE_CONFIG_H -I. -I..    -I../include/ -g -O2 -Wall -Wno-deprecated-declarations -MT tcpcryptd-profile.o -MD -MP -MF .deps/tcpcryptd-profile.Tpo -c -o tcpcryptd-profile.o `test -f 'profile.c' || echo './'`profile.c
profile.c: In function ‘get_tsc’:
profile.c:70:9: error: impossible constraint in ‘asm’
         __asm__ volatile (".byte 0x0f, 0x31" : "=A" (t));
         ^

Is there an expectation that tcpcrypt will only work on 

> We have an IETF meeting on Thursday where we'll be trying to
> standardize tcpcrypt (tcpinc working group).  The more support and
> users we can get, the more likely that we'll be able to make tcpcrypt
> a standard.  So keep using it and spread the word!

I'll be at this meeting, I'd be happy to meet and talk to you about
this.  I'd like to get it packaged for debian, if possible.  I think
i'll start with the userspace, but am also interested in seeing what we
can do for the kernel module.

Regards,

       --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 948 bytes
Desc: not available
URL: <http://mailman.stanford.edu/pipermail/tcpcrypt-dev/attachments/20140722/3f6d8c55/attachment.sig>


More information about the tcpcrypt-dev mailing list