sdp – secure datagram protocol


bind -a #Espec /net

unhandled troff command .sp

/net/sdp/clone /net/sdp/log /net/sdp/n /net/sdp/n/data /net/sdp/n/control /net/sdp/n/ctl /net/sdp/n/rstats /net/sdp/n/stats /net/sdp/n/status ...


The sdp device provides the interface to the Secure Datagram Protocol (SDP). SDP (un)compresses and (de-)encrypts packets. Spec is an integer from 0 to 15 identifying a stack. Each stack is independent of all others: the only information transfer between them is via programs that mount multiple stacks. Normally a system uses only one stack. However multiple stacks can be used for debugging new networks or implementing firewalls or proxy services.

The top level directory contains a clone file, a log file, and subdirectories numbered from zero to the number of connections opened for this protocol.

Opening the clone file reserves a connection. The file descriptor returned from the open(2) will point to the control file, ctl, of the newly allocated connection. Reading ctl returns a text string representing the number of the connection. Connections may be used either to listen for incoming calls or to initiate calls to other machines.

A connection is controlled by writing text strings to the associated ctl file. After a connection has been established data may be read from and written to data. A connection can be actively established using the connect message (see also dial(2)). A connection can be established passively by first using an announce message (see dial(2)) to bind to a local port and then opening the listen file (see dial(2)) to receive incoming calls.

The following control messages are supported:

accept file

Accept an incoming encrypted connection on file, typically a data file.  

dial file

Initiate a new encrypted connection on file, typically a UDP data file.  

drop permil

Randomly drop approximately one of every permil output packets, thus simulating network errors.  

cipher algorithm

Use ciphering algorithm; choices are null, des_56_cbc, rc4_128, and rc4_256.  

auth algorithm

Use authentication algorithm; choices are null, hmac_sha1_96, and hmac_md5_96.  

comp algorithm

Use compression algorithm; choices are null and thwack.  

insecret secret

Use secret to decrypt incoming packets.  

outsecret secret

Use secret to encrypt outgoing packets.  


dial(2), ip(3)
Robust Data Compression of Network Packets , Sean Dorward and Sean Quilan, Bell Labs, Lucent Technologies,