Moby Dick Consolidated System Integration Plan

More documents

Recommendations

Info

D0103v1.doc Version 1 6.7.2003 Kernel Space User Space DSCP Marking Function (IPv6) Table update Module Service Table DSCP Matching Table Filters Db Rules1.txt Rules2.txt Rules3.txt Figure 49: DMS Components Packet filtering The description of a filter is as follows: Filter 10 Description FTPFilter TCPDestPort 21 IP6SrcAddr FEDC:BA98:7654:3210:FEDC:BA98:7654:3210 CoS S1 Table 11: Packet Filter The complete descriptions of the filters are stored in one or several files (the FD). Each file is loaded in the DMT with help of the TUM. Then, when a packet is ready to be delivered to the lower layer, the DMF consults the DMT, and marks the packet with the DSCP associated with the first filter that matches with the information of its header(s). A filter contains: • An identifier (the ‘Description’ field), which also represents its priority. Thus, if two filters match, only the first one, i.e. the one with the lowest identifier, is considered. • A description, i.e. a filter name. • A CoS: the value of this field can be either a service identifier (S1, S2, …) or a DSCP. If this value is a service identifier, then the DSCP associated with the filter will be found by the TUM in the ST. • A list of items, with their values. The number of items is not limited, and a list of items can be empty (then, all the packets are marked with the DSCP associated with the filter). Packets are marked with the DSCP associated with the filter only if all the items values are equal to the corresponding fields values in the different headers of the packet. On the previous example, a packet will be marked with the ‘101110’ DSCP (which is associated with the S1 service in the ST) only if, in the packet headers, the TCP Destination Port is set to ‘21’ and the IPv6 Source Address is set to ‘FEDC:…:3210’. If only one value doesn’t match, then the filter also doesn’t match. Typically, each description can use all the possible fields of the different headers added by the network and the transport layers. This software supports a large subset of these fields, in the following headers: IPv6 main header, TCP, UDP, Destination option (including the Binding Update, Binding Acknowledgment, Binding Request, and Home Address options), Routing option, Hop-by-hop option, Authentication option, Encapsulating Security Payload (ESP) option, Fragment option, IPv6 (tunnelling), and ICMPv6. The goal of this software is simple: the filtering rules will not be directly written in the. In fact, the software offers the possibility to filter packets using a more or less complete subset of the different header fields. Only the user, and/or the network administrator, thanks to their good knowledge of the network protocols, is able to define precisely these rules. Thus, the code of the software is the same in all the different entities of the network using it, and in all the different QoS domains. Only the contents of the filters can change from an entity to another, or from a QoS domain to another. The different filtering rules supported by the DMS are listed in Table 10. DSCP Matching Table When a user, or a network administrator, triggers a modification of the filters descriptions, the TUM modifies the DMT automatically. In this section, we describe how this table is organized. D0103v1.doc 62 / 168
D0103v1.doc Version 1 6.7.2003 Filter number (= line number) 0 1 2 3 4 … N Filter Pointer Filter0Ptr NULL Filter2Ptr Filter3Ptr NULL … FilterNPtr Table 12: Format of the DMT Each line of the table only contains a pointer to a complete description of a filter loaded in the memory (see Table 3). Each filter is a simple structure containing a description, the DSCP (CoS) used to mark each packet that matches this filter, a set of bits identifying the different headers to examine, and a pointer to a list of items representing the different fields of the packet header that are to be inspected (see figure 26). Thus, the number of fields in a filter is variable. The bits identifying the different headers to examine accelerate the filtering process. Indeed, if a filter contains items related to TCP fields, and if the packet does not contain a TCP header, the filter doesn’t match, and browsing its items list and the header fields’ values becomes useless. The use of these bits avoids useless treatments in the DMF. Every item of this list contains an identification of the field to inspect, i.e. a value identifying the name of the field in the kernel (IP6_SRC_ADDR is equivalent to the IP6SrcAddr field in the FD, TCP_SRC_PORT is equivalent to the TCPSrcPort field, etc.), the expected value of this field, and a pointer to the next item. It is possible that the information extracted from the packet header matches with several filters. Only the first filter is taken into account. Thus, the number of the filter, which is the range of the filter in the table, represents its priority. The lower is this number, the greater is the priority of the filter. So, it is important to sort the filters from the more detailed to the less detailed. Desc.: ANiceFilter Headers:IP6, TCP CoS: 101101 Items list: item1 Ident.: IP6_SRC_ADDR Value: FEC0::1 Next: item2 Ident.: IP6_DSCP Value: 010110 Next: item3 Ident.: TCP_SRC_PORT Value: 21 Next: NULL Figure 50: Representation of a filter in the Linux kernel Table updates The TUM modifies the DMT each time the user, or the network administrator, modifies the FD and communicates it to the module (figure 27). The modified FD – which is a single text file – is forwarded to the module over a simple Linux character device (/dev/dscp). This solution is the simplest way to communicate information from the user space (here, the FD) to the kernel space where the DMT is located. Thus, the user only has to write on this device with the contents of the FD (by the ‘cat filters_database.txt > /dev/dscp’ command for ex.). Then, the TUM automatically reads the text written on the device, and updates the DMT in the Linux kernel. Note that it is not necessary to write the entire FD on the device to update properly the DMT: only a file containing new filters, or a subset of modified filters can be communicated to the TUM. D0103v1.doc 63 / 168
Page 1 and 2:
IST-2000-25394 Moby Dick D0103 Moby
Page 3 and 4:
D0103v1.doc Version 1 6.7.2003 4.2.
Page 5 and 6:
D0103v1.doc Version 1 6.7.2003 5.1.
Page 7 and 8:
D0103v1.doc Version 1 6.7.2003 Abbr
Page 9 and 10:
D0103v1.doc Version 1 6.7.2003 1 In
Page 11 and 12: D0103v1.doc Version 1 6.7.2003 3 Mo
Page 13 and 14: D0103v1.doc Version 1 6.7.2003 Doma
Page 15 and 16: D0103v1.doc Version 1 6.7.2003 NCP
Page 17 and 18: D0103v1.doc Version 1 6.7.2003 It w
Page 19 and 20: D0103v1.doc Version 1 6.7.2003 curr
Page 21 and 22: D0103v1.doc Version 1 6.7.2003 •
Page 23 and 24: D0103v1.doc Version 1 6.7.2003 No A
Page 25 and 26: D0103v1.doc Version 1 6.7.2003 o Fo
Page 27 and 28: D0103v1.doc Version 1 6.7.2003 NCP
Page 29 and 30: D0103v1.doc Version 1 6.7.2003 4.1.
Page 33 and 34: D0103v1.doc Version 1 6.7.2003 asso
Page 35 and 36: D0103v1.doc Version 1 6.7.2003 Mobi
Page 37 and 38: D0103v1.doc Version 1 6.7.2003 WP4
Page 39 and 40: D0103v1.doc Version 1 6.7.2003 Para
Page 41 and 42: D0103v1.doc Version 1 6.7.2003 Ackn
Page 43 and 44: D0103v1.doc Version 1 6.7.2003 inst
Page 45 and 46: D0103v1.doc Version 1 6.7.2003 MT P
Page 47 and 48: D0103v1.doc Version 1 6.7.2003 The
Page 49 and 50: D0103v1.doc Version 1 6.7.2003 RtSo
Page 51 and 52: D0103v1.doc Version 1 6.7.2003 auth
Page 53 and 54: D0103v1.doc Version 1 6.7.2003 In a
Page 55 and 56: D0103v1.doc Version 1 6.7.2003 AR s
Page 59 and 60: D0103v1.doc Version 1 6.7.2003 Even
Page 61: D0103v1.doc Version 1 6.7.2003 4.2.
Page 67 and 68: D0103v1.doc Version 1 6.7.2003 •
Page 71 and 72: D0103v1.doc Version 1 6.7.2003 is t
Page 73 and 74: D0103v1.doc Version 1 6.7.2003 4.3
Page 77 and 78: D0103v1.doc Version 1 6.7.2003 This
Page 79 and 80: D0103v1.doc Version 1 6.7.2003 This
Page 89 and 90: D0103v1.doc Version 1 6.7.2003 be u
Page 91 and 92: D0103v1.doc Version 1 6.7.2003 o Ma
Page 93 and 94: D0103v1.doc Version 1 6.7.2003 Gene
Page 95 and 96: D0103v1.doc Version 1 6.7.2003 Upli
Page 97 and 98: D0103v1.doc Version 1 6.7.2003 Now
Page 99 and 100: D0103v1.doc Version 1 6.7.2003 3. D
Page 101 and 102: D0103v1.doc Version 1 6.7.2003 User
Page 103 and 104: D0103v1.doc Version 1 6.7.2003 Inte
Page 105 and 106: D0103v1.doc Version 1 6.7.2003 User
Page 107 and 108: D0103v1.doc Version 1 6.7.2003 Serv
Page 109 and 110: D0103v1.doc Version 1 6.7.2003 S1 E
Page 113 and 114:
D0103v1.doc Version 1 6.7.2003 Old
Page 115 and 116:
D0103v1.doc Version 1 6.7.2003 This
Page 117 and 118:
D0103v1.doc Version 1 6.7.2003 Leng
Page 119 and 120:
D0103v1.doc Version 1 6.7.2003 4.5.
Page 121 and 122:
D0103v1.doc Version 1 6.7.2003 MN M
Page 123 and 124:
D0103v1.doc Version 1 6.7.2003 4.5.
Page 125 and 126:
D0103v1.doc Version 1 6.7.2003 Afte
Page 127 and 128:
D0103v1.doc Version 1 6.7.2003 Pack
Page 129 and 130:
D0103v1.doc Version 1 6.7.2003 4.5.
Page 131 and 132:
D0103v1.doc Version 1 6.7.2003 miss
Page 133 and 134:
D0103v1.doc Version 1 6.7.2003 Conn
Page 135 and 136:
D0103v1.doc Version 1 6.7.2003 4.5.
Page 137 and 138:
D0103v1.doc Version 1 6.7.2003 Acce
Page 139 and 140:
D0103v1.doc Version 1 6.7.2003 Logg
Page 141 and 142:
D0103v1.doc Version 1 6.7.2003 repr
Page 143 and 144:
D0103v1.doc Version 1 6.7.2003 Type
Page 145 and 146:
D0103v1.doc Version 1 6.7.2003 o DM
Page 147 and 148:
D0103v1.doc Version 1 6.7.2003 5 Mo
Page 149 and 150:
D0103v1.doc Version 1 6.7.2003 MN A
Page 151 and 152:
D0103v1.doc Version 1 6.7.2003 3 AA
Page 153 and 154:
D0103v1.doc Version 1 6.7.2003 give
Page 155 and 156:
D0103v1.doc Version 1 6.7.2003 9 Ha
Page 157 and 158:
D0103v1.doc Version 1 6.7.2003 MN 1
Page 159 and 160:
D0103v1.doc Version 1 6.7.2003 5.2.
Page 161 and 162:
D0103v1.doc Version 1 6.7.2003 No.
Page 163 and 164:
D0103v1.doc Version 1 6.7.2003 The
Page 165 and 166:
D0103v1.doc Version 1 6.7.2003 MN R
Page 167 and 168:
D0103v1.doc Version 1 6.7.2003 for
show all

Moby Dick Consolidated System Integration Plan

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?