1 / 12

15-441 Computer Networking

This Q&A session discusses various topics related to the Computer Networking Project II, including IP layer, NAT firewall, DHCP, IP header, freeing pbufs, setsockopt, and miscellaneous considerations.

livvy
Download Presentation

15-441 Computer Networking

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 15-441 Computer Networking Project II question/answer session October 18, 2001

  2. Handin • Send me email listing group members. • Exact format described in project handout. • Execute ‘cklog cs.cmu.edu’. • Wait for confirmation email from me. • Test read/write access. • Hand in the following files: • Source files • Makefile • Project report. • Make sure handin is correct!! Project II Q/A session: 10-18-01

  3. Progress Report • Who has IP layer running? • NAT/Firewall? • DHCP? Project II Q/A session: 10-18-01

  4. IP Header – ip_output() • TCP and UDP layer already allocate space for the IP header in the pbuf. • Breaks layering. • Convenient. • Makes TCP/UDP checksumming easier. • p_data member of pbuf handed over to ip_output() points to allocated IP header. • Do not modify p_len, p_data,… Project II Q/A session: 10-18-01

  5. IP Header – ip_input() • TCP and UDP need access to the IP header. • Do not modify p_len, p_data,… when handing packet over to upper layer. Project II Q/A session: 10-18-01

  6. Freeing pbufs() • ip_input(): • Always takes over responsibility for freeing a packet when called from link layer. • TCP and UDP receive function will free packet unless port is unreachable. • ICMP receive function always frees packets. • ICMP send function takes over responsibility for freeing packet. • Note: icmp_send() calls ip_output(). Project II Q/A session: 10-18-01

  7. Freeing pbufs() • ip_output(): • Always takes over responsibility for freeing a packet when called from transport layer. • Needs to free packet if error condition is detected and packet is not handed over to link layer. • Link layer takes over responsibility when calling if_start(). Project II Q/A session: 10-18-01

  8. Setsockopt() • Need mechanism to set firewalling/NAT rules in kernel from user space. • Setsockopt(int s, int level, int optname, const void *optval, int optlen); • First argument is routing socket. • Used for configuring routing table (and other). • Socket(AF_ROUTE, SOCK_RAW, 0); • Second and third argument determine kernel function to be called. • IPPROTO_IP/IP_FW_SET→ fw_setsockopt() • IPPROTO_IP/IP_NAT_SET → nat_setsockopt() Project II Q/A session: 10-18-01

  9. Setsockopt() • Setsockopt(int s, int level, int optname, const void *optval, int optlen); • Fourth argument is pointer to arbitrary data structure. • Fifth argument denotes length of this data structure. • Setsockopt()will copy data structure from user to kernel space, call requested function, and pass it pointer to copied data structure and its length. Project II Q/A session: 10-18-01

  10. Setsockopt() • How can we exploit Setsockopt() to configure NAT/firewalling rules in kernel? • Define data structures containing mapping or filtering rule: • struct nat_rule {…}; • struct filter_rule {…}; • Pass pointer to it (and its length) to Setsockopt(). • Setsockopt() will copy data structure to kernel space. • Infw_setsockopt()/nat_setsockopt(), cast const void pointer back to pointer to your data structure. • Parse new rule and add it to set of rules kept in kernel. Project II Q/A session: 10-18-01

  11. Miscellaneous • Initialize routing table with a default gateway before looking up route. • rttest utility. • Keep robustness of your code in mind, e.g., • byte ordering, • checking for error/boundary conditions. • You can ignore next packet in pbuf packet queue (p_nextpkt). • Flag passed to ip_output() can be set to IP_FORWARDING (not to IP header flags!!). • Should be set when calling ip_output() from ip_forwarding(). Project II Q/A session: 10-18-01

  12. Questions? • Read FAQ and bboard before sending email to TAs. Project II Q/A session: 10-18-01

More Related