GSoC 2010 – IPinUDP generic encapsulation module

The main goal of this project is the development of a Linux 2.6 Kernel module and the relevant user-space tools to set up IP in UDP tunnels between two fixed and mobile end points. The project is a proposal, and is sponsored by the Google Summer of Code program.

IPinUDP encapsulation is a well known encapsulation mechanism mainly used for NAT traversal solutions (e.g.: RFC 3948). Moreover, IP/UDP encapsulation can be envisioned in end-to-end overlays and mobility management solutions. Despite its simplicity, a generic IPinUDP encapsulation Linux Kernel module independent from the IPsec framework is not currently available, and usually this kind of tunneling is realized with user-space tools.

The first task of this project is to create a Kernel module allowing a user to export one or more virtual interfaces so that packets routed through them will be encapsulated within a specific IP/UDP encapsulation header, as for other tunneling approaches based on virtual devices (like IP-IP, IP-GRE, etc..).

The second step will be the extension of the basic functionalities described above to realize a generic IP/UDP encapsulation driver to be used in different context that might require UDP encapsulation, like mobility, multihoming or VPNs approaches based on tunneling. The basic idea is that the IP/UDP tunnels are multiplexed on a single virtual interface, and the proper encapsulation header is retrieved from a “internal forwarding table” configurable from user-space.

As for the current status of the implementation, the first task is almost accomplished, as few details regarding locking are missing. The source code is publicly available at: Comments, remarks and any kind of support will be appreciated.


Tags: , ,

Leave a Reply