CIS 786-105, Advanced Networking, Fall 2005 Try to re-read Forouzan Chapters 1 - 14 before Sept 01. (Refresher from CIS 656). Otherwise: as soon as practical. As soon as possible, certainly before Sept 08, (re)read Forouzan Chapters 18 (Telnet, rlogin) and 19 (FTP, TFTP). As soon as possible, certainly before Sept 15, (re)read Forouzan Chapters 16 (BOOTP and DHCP) and 17 (Domain Name System). There are password protected pages for this course. Feel free to stop by my office to get username and password. DO NOT HAND OUT! Or get them first class session. --- Assignment (as soon as possible, preferably before Sept 01):: Go to Google, find directions on how to load Linux into a laptop or PC. If you have a laptop or PC, I strongly recommend you load Linux into it. Either as only OS, or in dual boot mode. That way you can do a lot of interesting stuff at home. The computers in the Internet Lab all run Linux. Some run Linux 2.4, some run Linux 2.6. You can read the Linux kernel code. Most of it resides in /usr/src/linux (This may be a little bit different from computer to computer) Assignment: in some computer running Linux, go to /usr/src/linux and have a look at the Linux code. (Or, if in your computer the organization is different, find where it is and have a look at it.) In the next few paragraphs I give subdirectories relative to /usr/src/linux . Most of the Linux networking code is in net/ipv4/ (.c files), include/net (.h files), include/linux (e.g. include/linux/net.h ), net/sched (e.g. net/sched/sch_generic.c ), net/core (e.g. net/core/netfilter.c ), include/asm (e.g. include/asm/types.h ). Assignment: have a look at some of that code. See whether you recognize anything from CIS 656. I just did a Google search for ``linux kernel code''. One of the pages I found is lxr.linux.no . That page makes it easy to search the Penguin Linux kernel code for specific variable names etc. Give it a try. But also try some other pages. Tell me if there is one you find particularly useful. If you look at the kernel code in /usr/src/linux (etc): Make sure you are in user mode when you access that code! If you accidentally change something without realizing it, and then later somebody recompiles the kernel, there will be unpleasantness. You CAN read those files in user mode. You can CHANGE them only in superuser (root) mode. --- Assignment: (duedate to be given, feel free to start now) Go to Google, search for NS2 . NS2 is a ``network simulator''. It is freeware from ISI. It has become a de-facto standard for simulations of the Internet. Download and install NS2 in a computer. (You will be given an account to do this on. Feel free to also put it in your own computer.) Run a few simple simulations. --- Assignment: Move a copy of net/ipv4/tcp_input.c to a SAFE place. (copy it, while in user mode, to some other directory). In that safe place, look at it in your favorite editor. (vi or emacs, or so). Search for Jacobson . Try to make sense out of the code that carries his name. Warning: What he does is simple. However, his code is real ugly, because he uses the same variable for different purposes. (In order to minimize the number of variables). For example, in static __inline__ void tcp_rtt_estimator the variable named ``m'' has at least two different meanings, making the code hard to follow. (I recall it has three different meanings.) Search for RFC . Get some of the RFCs mentioned, find the text refered to. --- Have a look at some of the other .c files and .h files. --- Soon you will have to do the following excercise: 1. With the kernel ``as is'', ftp a small file from one computer to another. Observe the traffic using tcpdump. (Save a trace of the traffic). Verify that ``slow start'' works the way it is supposed to. 2. Change the kernel such, that in slowstart the congestion window ( tp->snd_cwnd is the congestion window of the flow pointed to by tp ) increases by TWO MSSs for every ``good acknowledgement''. Recompile the kernel. Repeat the excercise 1. 3. Bring the kernel code back to the original state. (Somebody will recompile, should not have to deal with your garbage!) Bring the kernel itself back to the original state. (Of course, you saved the original object code!) Start thinking of how to do that! Hint: read man ftp. Hint: read man tcpdump. (At least the first few pages) You can find more on how to do TCPDump in my CIS656 webpages. In particular in the CIS656.F.05 pages. You can find out how to recompile the kernel on the web. See Google. It is also explained in the password protected pages. It will also be discussed in class. --- Later you will learn how to do the above without recompiling the kernel. (BY ``hijacking'' a kernel function.) --- Soon you will have to do the following excercise: ftp a small file from one computer to another. use tcpdump to get a trace of the transfer. What are the port numbers of the control channel? What are the port numbers of the data channel? Get, from the trace, the password you used. Reconstruct, from the trace, the file you transfered. --- At some point I will ftp some paper of mine from one computer to another. I will do the ftp in ``binary form'', but unencrypted. I will use tcpdump to make a trace of the transfer and give you the trace. You must ``steal'' my password. You must reconstruct the paper I sent. (This will be traffic from one computer in the lab to another computer in the lab, and I will use my ``lab password''. If you try to intercept anybody's traffic in any other situation you will fail the course and be reported to the dean of students.) Start thinking of how to do this excercise. --- Look through the Linux networking code and start thinking of modifications you would like to make, for an interesting project. --- For Sept 08: Read Wehrle et al Chapter 4. --- For Sept 15: read Wehrle et al Chapter 5. --- For Sept 22: read the ``DataTag'' paper. Do not go overboard in spending time: different section are often not quite consistent. Don't try to resolve such differences. But the Datatag paper does give very useful high level insights. --- Hand in on Sept 29: FTP a smallish file over with in both computers (sender, receiver) the TCP code as it is supposed to be. Monitor the transfer using tcpdump, or your favorite sniffer. Recognize that slowstart works as it is supposed to. In the sender, modify TCP such, that in slowstart the cwnd increases by 2 MSSs for every good ack it receives. Repeat the experiment in paragraph 1. Change the filesize until you get (roughly) the shortest file for which you get useful results. (Keep two compiled kernels around, do not recompile more often than necessary! Reboot with the one you want to use.) Write a SHORT paragraph explaining what you see. Hand in with just enough data (traffic traces) that you can illustrate what you conclude. --- Hand in on Oct 06: For each of the 5 Netfilter Hooks in the Linux IP code, write an LKM that can be attached to that hook. Give them different names so I can have them active all at the same time. Each of the 5 LKMs will: For every IP packet, print identity of the hook (some sensible format of your choice), and of the packet Identity value in decimal, and Source IP address and dest IP address, in dotted decimal. For every IP packet that contains a TCP packet, print source port and destination port, in decimal. I WILL use this in a router, so certain packets will be seen more than once. Hence the need to print the identity of the hook. Challenge: If you have time, add the time. (Not in Jiffies, but in microseconds). So I can see how much time it takes from one hook to the next. Challenge: Try to write to a file different than /var/log/messages. (I have not done that yet!) Send me the files (.c files and Makefile) by Email. Make sure your name is prominent, in comments in the files. Make your name, and target hook, part of the names of the .c files. I will probably make for each of you a subfile of /root in which I store your files. If I have to do something (simple!) like prepare a file to receive messages, make your directions idiotproof. I will run it in the lab and will have no time to experiment: your LKMs must be ``shrinkwrap quality''. Make sure to try them in the lab before you send them to me! ---