GSoC 2010 – IPinUDP generic encapsulation module

GSoC 2010 is over and it is time to evaluate the status of the project IPinUDP generic encapsulation module.

The kernel module ipudp can be used to create virtual network devices that perform ip-udp encapsulation. Packets routed through this network interfaces will be encapsulated in IP/UDP headers and sent to the proper tunnel endpoint. Ipudp module supports both IPv4 and IPv6 encapsulation. This means that packets can be encapsulated within IPv4/UDP and IPv6/UDP headers.
As to the current status, ipudp module provides 2 virtual devices modes:
  1. FIXED mode: a single ipudp (v4 or v6) tunnel is bound to a virtual ipudp device. This type of virtual interface is double-stack, in the sense that we can assign both IPv4 and IPv6 address to the device and use it for both IPv4 and IPv6 applications.
  2. MULTI_V4 mode: multiple ipudp (v4 or v6) tunnels can be bound to this type of virtual interface. For each encapsulated packet, the proper tunnel is chosen by a set of rules that bind the destination IP address of the inner packet, with a given tunnel. For this interface type, only IPv4 traffic is supported.
The module can be extended to support other encapsulation modes with different forwarding policies.
Ipudp module comes with ipudp_conf a configuration tool used to create, remove and list virtual devices, add to add, remove and list tunnels and rules.
The module is at a very initial status and it hasn’t been completely tested. I’m not 100% sure that it is bug free, so try it on virtual machines. Moreover, the project still needs some details need to be improved and a simple user-space program for dynamic tunnel establishment when for hosts behind NAT. I’m still working on these last details.
For any additional details please refere to the source code, available at, and in particular to the README file, which provides a simple manual for ipudp_conf and some practical examples.

Tags: , ,

One Response to “GSoC 2010 – IPinUDP generic encapsulation module”

  1. Wireless Community » Blog Archive » GSoC 2011: L-VN Lite Virtual Network Says:

    […] space without encryption/authentication of the tunneled packets. The idea of L-VN is to exploit the IP/UDP encapsulation kernel module proposed for GSoC 2010  to develop a VPN/Overlay tool based on IP/UDP encapsulation performed in kernel space with no […]