A Resource Efficient Implementation of the RESTCONF Protocol for OpenWrt Systems
Authors:
Malte Granderath,
Jürgen Schönwälder
Abstract:
In recent years, the open source operating system OpenWrt has become a popular option for replacing proprietary firmware on networking devices such as home routers or access points. In order to configure an OpenWrt system, like setting up firewall rules, the user has to either sign in to the web interface or use SSH to manually change configuration files on the device. While the current approach i…
▽ More
In recent years, the open source operating system OpenWrt has become a popular option for replacing proprietary firmware on networking devices such as home routers or access points. In order to configure an OpenWrt system, like setting up firewall rules, the user has to either sign in to the web interface or use SSH to manually change configuration files on the device. While the current approach is sufficient for small home networks, it only allows for limited automation of management tasks and configuration management becomes time-consuming, for example, on larger campus networks where access control lists on OpenWrt access points need updates regularly.
This paper describes our efforts to implement the RESTCONF configuration management protocol standardized by the IETF on OpenWrt systems that have limited CPU and memory resources. We detail our design choices that make our implementation resource efficient for the use cases we target and we compare our implementation against other similar solutions. Our implementation is available on GitHub under an open source license.
△ Less
Submitted 22 March, 2023;
originally announced March 2023.
One to Rule them All? A First Look at DNS over QUIC
Authors:
Mike Kosek,
Trinh Viet Doan,
Malte Granderath,
Vaibhav Bajpai
Abstract:
The DNS is one of the most crucial parts of the Internet. Since the original DNS specifications defined UDP and TCP as the underlying transport protocols, DNS queries are inherently unencrypted, making them vulnerable to eavesdrop** and on-path manipulations. Consequently, concerns about DNS privacy have gained attention in recent years, which resulted in the introduction of the encrypted protoc…
▽ More
The DNS is one of the most crucial parts of the Internet. Since the original DNS specifications defined UDP and TCP as the underlying transport protocols, DNS queries are inherently unencrypted, making them vulnerable to eavesdrop** and on-path manipulations. Consequently, concerns about DNS privacy have gained attention in recent years, which resulted in the introduction of the encrypted protocols DNS over TLS (DoT) and DNS over HTTPS (DoH). Although these protocols address the key issues of adding privacy to the DNS, they are inherently restrained by their underlying transport protocols, which are at strife with, e.g., IP fragmentation or multi-RTT handshakes - challenges which are addressed by QUIC. As such, the recent addition of DNS over QUIC (DoQ) promises to improve upon the established DNS protocols. However, no studies focusing on DoQ, its adoption, or its response times exist to this date - a gap we close with our study. Our active measurements show a slowly but steadily increasing adoption of DoQ and reveal a high week-over-week fluctuation, which reflects the ongoing development process: As DoQ is still in standardization, implementations and services undergo rapid changes. Analyzing the response times of DoQ, we find that roughly 40% of measurements show considerably higher handshake times than expected, which traces back to the enforcement of the traffic amplification limit despite successful validation of the client's address. However, DoQ already outperforms DoT as well as DoH, which makes it the best choice for encrypted DNS to date.
△ Less
Submitted 23 March, 2022; v1 submitted 7 February, 2022;
originally announced February 2022.
