• Like
project2.ppt
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Published

 

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
164
On SlideShare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
1
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. 15-441 Computer Networking Project II question/answer session October 18, 2001
  • 2. Handin
    • Send me email listing group members.
      • Exact format described in project handout.
    • Execute ‘ cklog cs.cmu.edu ’.
    • Wait for confirmation email from me.
      • Test read/write access.
    • Hand in the following files:
      • Source files
      • Makefile
      • Project report.
    • Make sure handin is correct!!
  • 3. Progress Report
    • Who has IP layer running?
    • NAT/Firewall?
    • DHCP?
  • 4. IP Header – ip_output()
    • TCP and UDP layer already allocate space for the IP header in the pbuf .
      • Breaks layering.
      • Convenient.
      • Makes TCP/UDP checksumming easier.
    • p_data member of pbuf handed over to ip_output() points to allocated IP header.
      • Do not modify p_len , p_data ,…
  • 5. IP Header – ip_input()
    • TCP and UDP need access to the IP header.
      • Do not modify p_len , p_data ,… when handing packet over to upper layer.
  • 6. Freeing pbufs()
    • ip_input():
      • Always takes over responsibility for freeing a packet when called from link layer.
      • TCP and UDP receive function will free packet unless port is unreachable.
      • ICMP receive function always frees packets.
      • ICMP send function takes over responsibility for freeing packet.
        • Note: icmp_send() calls ip_output().
  • 7. Freeing pbufs()
    • ip_output():
      • Always takes over responsibility for freeing a packet when called from transport layer.
      • Needs to free packet if error condition is detected and packet is not handed over to link layer.
      • Link layer takes over responsibility when calling if_start().
  • 8. Setsockopt()
    • Need mechanism to set firewalling/NAT rules in kernel from user space.
    • Setsockopt(int s, int level, int optname, const void *optval, int optlen);
      • First argument is routing socket.
        • Used for configuring routing table (and other).
        • Socket(AF_ROUTE, SOCK_RAW, 0);
      • Second and third argument determine kernel function to be called.
        • IPPROTO_IP/IP_FW_SET -> fw_setsockopt()
        • IPPROTO_IP/IP_NAT_SET -> nat_setsockopt()
  • 9. Setsockopt()
    • Setsockopt(int s, int level, int optname, const void *optval, int optlen);
      • Fourth argument is pointer to arbitrary data structure.
      • Fifth argument denotes length of this data structure.
      • Setsockopt() will copy data structure from user to kernel space, call requested function, and pass it pointer to copied data structure and its length.
  • 10. Setsockopt()
    • How can we exploit Setsockopt() to configure NAT/firewalling rules in kernel?
    • Define data structures containing mapping or filtering rule:
      • struct nat_rule {…};
      • struct filter_rule {…};
    • Pass pointer to it (and its length) to Setsockopt().
    • Setsockopt() will copy data structure to kernel space.
    • In fw_setsockopt()/nat_setsockopt(), cast const void pointer back to pointer to your data structure.
    • Parse new rule and add it to set of rules kept in kernel.
  • 11. Miscellaneous
    • Initialize routing table with a default gateway before looking up route.
      • rttest utility.
    • Keep robustness of your code in mind, e.g.,
      • byte ordering,
      • checking for error/boundary conditions.
    • You can ignore next packet in pbuf packet queue ( p_nextpkt ).
    • Flag passed to ip_output() can be set to IP_FORWARDING (not to IP header flags!!).
      • Should be set when calling ip_output() from ip_forwarding().
  • 12. Questions?
    • Read FAQ and bboard before sending email to TAs.