TCPCryptD

Description

The tcpcryptd daemon transforms TCP segments via a kernel “divert” port in order to implement “opportunistic encryption” according to the tcpcrypt protocol.

For a peer that signals in the connection handshake that it has support for the tcpcrypt protocol, ephemeral keys are exchanged and used to protect the confidentiality and integrity of the connection’s application data. (The protocol protects the integrity of parts of the TCP header as well.) When a peer does not indicate support for the protocol, the daemon will pass the remainder of the connection unperturbed (and thus unprotected).

Usage

Syntax

tcpcryptd <opt>

Options

-h	help
-p	<divert port> (default: 666)
-v	verbose
-d	disable
-c	no cache
-a	divert accept (NOP)
-m	divert modify (NOP)
-u	<local control socket> (default: /var/run/tcpcryptd.control)
-n	no crypto
-P	profile
-S	profile time source (0 TSC, 1 gettimeofday)
-t	<test>
-T	<test param>
-D	debug
-x	<divert driver param>
-N	run as nat / middlebox
-C	<preferred cipher>
-M	<preferred MAC>
-r	<random device>
-R	RSA client hack
-i	disable timers
-f	disable network test
-s	<network test server> (default: check.tcpcrypt.org)
-V	show version
-U	<jail username> (default: tcpcryptd)
-J	<jail directory> (default: /var/run/tcpcryptd)

Tests:
0) Symmetric cipher throughput
1) Symmetric MAC throughput
2) Packet dropper

Example

cyborg@cyborg:~$ sudo tcpcryptd -U cyborg -J /usr/local/bin/ -t 0
Initializing...
Reading random seed from /dev/urandom 
Running test 0: Symmetric cipher throughput
Encrypting 1420 bytes of data
55281 ops / sec (627 Mbit/s) [avg 0]
55198 ops / sec (627 Mbit/s) [avg 0]
55006 ops / sec (624 Mbit/s) [avg 0]
54969 ops / sec (624 Mbit/s) [avg 0]
54437 ops / sec (618 Mbit/s) [avg 0]
55187 ops / sec (626 Mbit/s) [avg 54978]
0 Comments

Leave a reply

CONTACT US

We're are building as a community and a team. Be a part of it.

Sending

©2017 Ztrela Knowledge Solutions Pvt. Ltd

Log in with your credentials

Forgot your details?