1 / 22

Digging into the NetBSD Protocol stack and the ANN kernel Applied Research Laboratory

Digging into the NetBSD Protocol stack and the ANN kernel Applied Research Laboratory http://www.arl.wustl.edu/arl/projects/msr/netbsd.pdf. Plugin Requestor. Policy Rules. Plugin DB. Key DB. Active Code DB. Plugin DB Controller. Policy Controller. Security Gateway. Code Server.

kohana
Télécharger la présentation

Digging into the NetBSD Protocol stack and the ANN kernel Applied Research Laboratory

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Digging into the NetBSD Protocol stack and the ANN kernel Applied Research Laboratory http://www.arl.wustl.edu/arl/projects/msr/netbsd.pdf

  2. PluginRequestor PolicyRules PluginDB KeyDB ActiveCode DB Plugin DBController PolicyController SecurityGateway CodeServer CodeServer ANNManager Active Plugin Loader . . . ActiveFunctionDispatcher . . . . . . SAPF Packet Selector/Dispatcher . . . . . . . . . Resource Controller Software Architecture (NetBSD) PE User Space,Switch Controller,& Remote Servers ANTS JavaVM . . . RSVP/SSPRouting anetd NOSI TCP/UDP PE Kernel Space PacketClassificationand Routing IPv4/6HeaderProcessing PluginCtl. Unit IP Packets KernelPlugins PacketScheduler Driver Driver Driver PacketScheduler Driver

  3. PluginCtl. Unit KernelPlugins . . . ActiveFunctionDispatcher . . . . . . Selector/Dispatcher . . . . . . . . . Resource Controller Software Architecture (NetBSD) TCP/UDP PacketClassificationand Routing IPv4/6HeaderProcessing IP Packets Driver PacketScheduler Driver SAPF Packets • Std. proc. for “plain” IP packets. • classification & routing, header processing, output queueing • Active packets move through configured kernel plugins. • active function dispatcher passes packets to instances of plugin objects • instantiates objects or triggers download of plugin class, as needed • streamlined processing of SAPF packets using pre-established state

  4. LLC (AA.AA.03) OUI (00) OUI (00.00) Type (08.00) Version H-length TOS Total length Identification flags Fragment offset TTL protocol Header checksum Source Address Destination Address Options ?? IP data (transport header and transport data) AAL5 padding (0 - 40 bytes) CPCS-UU (0) CPCS-UU (0) Length (IP packet + LLC/SNAP) CRC IP Packets (rfc 791) LLC/ SNAP IP Header IP Datagram AAL5 Trailer

  5. D F M F TOS TOS TOS 0 TOS TOS TOS TOS TOS TOS Precedence D T R 0 0 IP Header Fields (rfc 791) • Version - support IPv4 (4) • Header Length - Length in 32 bit words (>= 5) • TOS - • Total Length - Length of datagram in octets • Id - Assists in reassembling fragments • Flags - • Fragment Offset - Where fragment belongs, offset is in octets • TTL - router must decrement, if 0 then discard packet • Protocol - UDP/TCP/ICMP/RSVP to name a few • Header Checksum - 16 bit one’s complement of the one’s complement sum of all 16 bit words in header • Source Address - Sending hosts IP address • Destination Address - Destination hosts IP address TOS Precedense Field: 111 - Network Control 110 - Internetwork Control 101 - Critic/ECP 100 - Flash Override 011 - Flash 010 - Immediate 001 - Priority 000 - Routine Remaining TOS Fields: D - 1 = Low delay T - 1 = High Throughput R - 1 = High Reliability DF - 1 = Don’t Fragment, MF - 1 = More Fragments

  6. Requirements for IPv4 Routers(RFC 1812) • XX

  7. 0x8002001 (Plugin ID) Active Packet Plugin ID in packet ==> NO FILTERS!!

  8. sgate U U U U dgate U U ipintrq: PS_Q packet_scheduler atmc_output apic_devoutput apic_start IP Packet Handling in ANN Kernel (APIC) socket layer T P R O A tcp/udp_input tcp/udp_output R N T S N E T W O R K ip6_input ip6_forward ip6_output ip_forward ip_output ipintr U PPER D A T A Fast path atmc_input L OWER L I N K apic_isr apic_intr input packets interrupts output packets

  9. ip_forward ip_output ipintr ipintrq: atmc_output atmc_input apic_devoutput apic_isr apic_intr IP Packet Handling in ANN Kernel (APIC) • Device Driver -- Device Dependent • apic_intr() • read INTR_ACK: 0 => not for us, return • apic_isr() • apic_isr() • read NOTIFY_LIST, next rcv channel needing attention • Process descriptors for RCV channel • swap words in each received mbuf (APIC BUG) • link mbufs until we find end of frame • verify CRC (just check flag set by APIC) • atmc_input(packet) • repeat • repeat

  10. ip_forward ip_output ipintr ipintrq: atmc_output atmc_input apic_devoutput apic_isr apic_intr IP Packet Handling in ANN Kernel (APIC) • Device Driver - Dev. Independent atmc_input(): • LLC/SNAP processing (if needed) • extract type (IP/RATM/…) • AAL5 processing • extract length • strip trailer • if gateway and !crossbow • ipflow_fastforward() • aiu_getafix(packet) • aiu_getafix stores a ptr to FTE in packet • aiu_fastforward(packet) • currently commented out. WHY? • Enqueue in IP Queue

  11. atmc_input() If (interface is not UP), then release mbuf and return // get packet ethertype if (LLC/SNAP) then get ethertype from LLC/SNAP header else use value stored in vc entry (vc->vc_etype) if (AAL type for this VC (vc->vc_aal) == AAL5) then // strip off trailer locate last mbuf and get packet length remove padding and trailer (packet length - mbuf data length) if (ethertype == IP) try NetBSD/CB fastpath -- not configured in ANN aiu_getafix() // check flow table for entry (for this packet) // if one is found then store pointer in mbuf // else add new entry and cache pointer in mbuf scheduler software interrupt for IP (ipintr()) block interrupts place packet on IP queue unblock interrupts; return

  12. ip_forward ip_output ipintr ipintrq: atmc_output atmc_input apic_devoutput apic_isr apic_intr IP Packet Handling in ANN Kernel (APIC) • IP Input -- ipintr(): • Get next packet from IP Queue • Do some basic checks, header, length, checksum… • process IP options • Source Route, Record Route, Timestamps • aiu_dgate(&m,2) Router Plugins Dynamic Gate #2 • if packet is not for us and we can forward it: • forward packet ip_forward() -- upcoming slide... • return • aiu_dgate(&m,4) Router Plugins Dynamic Gate #4 • protocol specific input routine e.g. tcp_input()

  13. ipintr() - 1 While packets in the IP queue loop block interrupts get next packet from IP queue unblock interrupts if (mbuf->len < IP header size) then pullup (mbuf, (IP header size)) if (bad packet IP version), then drop packet and continue if (receiving interface is NOT configured with an address), then drop packet and continue if (ip_hdr->header_length < IP header length) then drop packet and continue if (ip_hdr->header_length > mbuf data length) then pullup(mbuf (ip_hdr->header_length) if (bad ip_hdr header checksum) then drop packet and continue if (ip_hdr->total_length < ip_hdr->header_length) then drop and continue if (mbuf->pkt_length < ip_hdr->total_length)then drop and continue <continued>

  14. ipintr() - 2 if (mbuf->pkt_length > ip_hdr->total_length) then adjust mbuf (trim) if (IP options are present), then process them if (ip_hdr->protocol == RSVP) then deliver local aiu_dgate(2) // Crossbow gate number 2 if (packet destination address matches us -- unicast and broadcast) then deliver locally if (multicast destination address) then if (mbuf uses external buffers) then mpullup(mbuf, ip_hdr->header_length) call ip_mforward() if (ip_hdr->protocol == IGMP) then deliver local if (local host belongs to mcast group) then deliver local if (forwarding enabled) then ip_forward () repeat loop

  15. ip_forward ip_output ipintr ipintrq: atmc_output atmc_input apic_devoutput apic_isr apic_intr IP Packet Handling in ANN Kernel (APIC) • IP Forwarding -- ip_forward(): • decide if we need to send any redirects to sender • ip_output() • IP Output -- ip_output() • aiu_dgate(&m,3)Router Plugins Dynamic Gate #3 • get route • check for special processing • ANEP Options • anep_output() • if DAN then afd_handle_dan_packet() :ACTIVE PROCESSING • send on interface

  16. ip_forward () - 1 If (broadcast destination address) then drop and return if (ip_hdr->ttl <= minimum value) then drop and send ICMP error to source address decrement ip_hdr->ttl get cached route // this is a global variable that holds the // last successful route lookup if (no cached route || cached route destination != ip_hdr->dest) then rtalloc(&global_cached_route); // lookup route if (no route found) then send ICMP error save copy of packet header // used to create cached flow entries (NetBSD) // if pkt successfully forwarded. Also used for // generating ICMP messages if forwarding fails <continued>

  17. ip_forward () if (forwarding to received interface && not source routed && source send directly to us && not using default route && route not set by a redirect) then send ICMP redirect error = ip_output() // ip_output (mbuf, 0, &cached_route, IP_FORWARDING, 0); if (error in ip_output) then ICMP message Redirect (Host), Unreachable (Host, Needs Fragmentation) else if CAN FASTFORWARD then cache flow return

  18. ip_output () - 1 Process variable length argument list if (IP options requested) then insert them if (IP header not filled in) then initialize it aiu_dgate (mbuf, 3) // Crossbow gate 3 // Verify route is still valid if NOT (route not null && interface is up&& rotue->dest == ip_hdr->dest) then lookup route get interface pointer (ifp) from route entry If (destination address is multicast) then process multicast packet // only applicable for packets originating on local host If (destination is a broadcast address) then verify interface can handle this (check flags) <continue>

  19. ip_output () - 2 aiu_findfix() // cache route in flow table if (ip_hdr->protocol == ANEP) then anep_output(mbuf); if (ip_hdr->total_length < ifp->mtu) then ip_hdr->checksum = calculate header checksum amtc_output(ifp, mbuf, dest, route) else if (fragmentation allowed) then fragment packet and link all fragments together (mbuf chains) block interrupts if (output interface queue is smaller then number of fragments) then drop packet and return unblock interrupts return call atmc_output() for each fragment return

  20. ip_forward ip_output ipintr ipintrq: atmc_output atmc_input apic_devoutput apic_isr apic_intr IP Packet Handling in ANN Kernel (APIC) • Device Driver Device Indep.-- atmc_output(): • LLC/SNAP processing • AAL5 processing (if needed) • if packet_scheduling: enqueue for PS • if !packet_scheduling: send to devoutput() • Device Driver Device Dep. -- apic_devoutput() • configure an APIC descriptor for each mbuf in packet • Resume APIC TX channel

  21. amtc_output () Verify interface is UP // check flags if (supplied route is marked as down) then lookup route extract vpi/vci from route entry if (simplex interface and broadcast) then use loopback // gives us a copy lookup VC specific data struct (atm_vc) using vpi/vci (32 bit int) hash into array, then linked list // add LLC/SNAP header prepend 8 bytes and copy LLC/SNAP field values // Do ATM AAL5 processing if (packet is too big (16 bits for size)) then drop and return add AAL5 trailer // padding and length <continue>

  22. amtc_output () If (packet scheduling) then add VPI/VCI to header (prepend 8 bytes to mbuf) block interrupts call crossbow PS gate // staticps_enq_gate() unblock interrupts else block interrupts atm_devoutput() unblock interrupts return

More Related