socket session aware socket session aware change of ip
play

Socket (Session) Aware Socket (Session) Aware Change of IP - SACIP - PowerPoint PPT Presentation

Sep 07, 2022 •352 likes •660 views

Socket (Session) Aware Socket (Session) Aware Change of IP - SACIP Change of IP - SACIP network functionality network functionality Samo Poganik Key notes about SACIP Key notes about SACIP On-the-fly changes of network access point of

  1. Socket (Session) Aware Socket (Session) Aware Change of IP - SACIP Change of IP - SACIP network functionality network functionality Samo Pogačnik

  2. Key notes about SACIP Key notes about SACIP ● On-the-fly changes of network access point of a (mobile) user / endpoint device ● Possibility for preserving established network connections ● Application independency? Connection Subnet 3 Subnet 1 Subnet 2 2

  3. Motivation Motivation ● Mobile devices and wireless networks: – Multiple interfaces (access technologies) – Local areas covered by wireless IP networks – Areas covered by multiple IP networks: ● borders of local areas ● multiple access technologies ● multiple providers ● True mobility: – Smooth and unnoticed switching between available access technologies, providers and local areas – Network access point (IP) changes 3

  4. General idea General idea ● Two facts: – IP layer delivers packets through a network independently of the upper (application) layers. – Network access point (IP address, local routing) change by itself does not prevent transmission and reception of packets (if packets contain correct values). ● To preseve existing connections: – Remote sides must be informed about the IP address change. – Application layers have to be adapted to the new IP address (very application specific). 4

  5. Connected sockets Connected sockets User communication Applications Applications User space Socket SOCK_STREAM SOCK_STREAM Established connections Kernel layer space Transport TCP TCP layer End-to-end packet transmission Network lay. IP IP (unreliable) Interfaces ... ... External space IP Network 5

  6. Functionality limitations Functionality limitations ● Ignoring security and reliability issues ● No connection transfer to another network interface of a device ● Just simple network configuration (no NAT in the connection path) ● Ipv4 only ● Not possible to preserve connection, when old IP conectivity already lost ● Only TCP connected sockets tested (telnet) 6

  7. Minimal scenario Minimal scenario ● The simplest change of the network access point represents an IP change within the same subnet. ● New IP gets assigned as the secondary IP of the same interface and no route reconfiguration needed. ● The promote secondaries kernel option must be enabled. ● On deletion of the primary IP address (via ip tool): – SACIP functionality is called – Secondary IP becomes primary 7

  8. Scenario – local Scenario – local ● When SACIP gets called on the local side: – Connected sockets using changed IP addres are being searched for – For each connected socket found: ● A notification (modified ICMP) message is sent to the connected party. This message's source address is still an old one and the message payload contains new IP address value. ● Socket parameters are being updated with a new value (own addresses). – Now deletion of primary IP address finishes and packets of existing connections use new source IP address. 8

  9. Scenario – remote Scenario – remote ● On a receipt of the notification message on the remote side, remote SACIP functionality is called: – Similary, connected sockets using changed remote address are being searched for and socket parameters updated (partner addresses). – Afterwards outgoing packets of existing connections already use new destination IP address. 9

  10. Scenario in picture Scenario in picture connections Device 1 Device 2 Add sec. IP & Del pri. IP For each connected Notification ICMPs socket with ICMP rcv For each del src IP Done connected Critical time period socket with Dev 1 del Done dest IP Upd sock preserved connections Upd sock 10

  11. Implemenation Implemenation ● To be able to perform these actions, socket structure has been extended: – added two additional pairs of IP addresses (source and destination pair) to the inet socket structure – added index for the currently active IP address of each new pair ● The role of the original socket parameters has been split between the original and new parameters. 11

  12. Implementation – cont. Implementation – cont. ● Socket structure initialization ● Replacements of original socket parameters: – Socket match for every packet received, ... ● Local SACIP activation on IP deletion: – Search for affected socket, send notification, update socket params ● ICMP notification message ● Remote SACIP activation on the ICMP notification receipt 12

  13. The socket structure The socket structure ● Inet socket extension: diff -Nurp linux-2.6.19/include/net/inet_sock.h linux-2.6.19-sacip/include/net/inet_sock.h --- linux-2.6.19/include/net/inet_sock.h 2007-01-04 22:40:25.000000000 +0100 +++ linux-2.6.19-sacip/include/net/inet_sock.h 2007-09-13 22:56:17.000000000 +0200 @@ -112,6 +112,12 @@ struct inet_sock { /* Socket demultiplex comparisons on incoming packets. */ __be32 daddr; __be32 rcv_saddr; +#ifdef CONFIG_SACIP + __be32 sac_daddr[2]; + int sac_daddr_act; + __be32 sac_rcv_saddr[2]; + int sac_rcv_saddr_act; +#endif __be16 dport; __u16 num; __be32 saddr; ● Helper functions for the extension manipulation: sac_inet_rcv_saddr(), sac_init_rcv_saddr(), sac_add_rcv_saddr(), sac_act_rcv_saddr() sac_inet_daddr(), sac_init_daddr(), sac_add_daddr(), sac_act_daddr() 13

  14. Socket parameter roles Socket parameter roles Application socket interaction saddr daddr rcv_saddr daddr rcv_saddr saddr sac_daddr sac_rcv_saddr [sac_daddr_act] [sac_rcv_saddr_act] Transport and Network socket interaction 14

  15. Socket match Socket match #ifndef CONFIG_SACIP #define INET_MATCH(__sk, __hash, __cookie, __saddr, __daddr, __ports, __dif) \ (((__sk)->sk_hash == (__hash)) && \ ( inet_sk(__sk)->daddr == (__saddr)) && \ ( inet_sk(__sk)->rcv_saddr == (__daddr)) && \ ((*((__portpair *)&(inet_sk(__sk)->dport))) == (__ports)) && \ (!((__sk)->sk_bound_dev_if) || ((__sk)->sk_bound_dev_if == (__dif)))) #define INET_TW_MATCH(__sk, __hash,__cookie, __saddr, __daddr, __ports, __dif) \ (((__sk)->sk_hash == (__hash)) && \ ( inet_twsk(__sk)->tw_daddr == (__saddr)) && \ ( inet_twsk(__sk)->tw_rcv_saddr == (__daddr)) && \ ((*((__portpair *)&(inet_twsk(__sk)->tw_dport))) == (__ports)) && \ (!((__sk)->sk_bound_dev_if) || ((__sk)->sk_bound_dev_if == (__dif)))) #else #define INET_MATCH(__sk, __hash, __cookie, __saddr, __daddr, __ports, __dif) \ (((__sk)->sk_hash == (__hash)) && \ ( sac_inet_daddr(__sk) == (__saddr)) && \ ( sac_inet_rcv_saddr(__sk) == (__daddr)) && \ ((*((__portpair *)&(inet_sk(__sk)->dport))) == (__ports)) && \ (!((__sk)->sk_bound_dev_if) || ((__sk)->sk_bound_dev_if == (__dif)))) #define INET_TW_MATCH(__sk, __hash,__cookie, __saddr, __daddr, __ports, __dif) \ (((__sk)->sk_hash == (__hash)) && \ ( sac_inet_tw_daddr(__sk) == (__saddr)) && \ ( sac_inet_tw_rcv_saddr(__sk) == (__saddr)) && \ ((*((__portpair *)&(inet_twsk(__sk)->tw_dport))) == (__ports)) && \ (!((__sk)->sk_bound_dev_if) || ((__sk)->sk_bound_dev_if == (__dif)))) #endif 15

  16. Local activation Local activation void sac_add_rcv_saddr_tcp(__be32 orig, __be32 new) { int bucket = 0; for (bucket = 0; bucket < tcp_hashinfo.ehash_size; ++bucket) { struct sock *sk; struct hlist_node *node; read_lock(&tcp_hashinfo.ehash[bucket].lock); sk_for_each(sk, node, &tcp_hashinfo.ehash[bucket].chain) { if (sk->sk_family != AF_INET) { continue; } if (sac_inet_rcv_saddr(sk) == orig) { icmp_sacip_send(sk, ICMP_SACIP , 0, new); read_unlock(&tcp_hashinfo.ehash[bucket].lock); inet_unhash(&tcp_hashinfo, sk); sac_add_rcv_saddr(inet_sk(sk), new); sac_act_rcv_saddr(inet_sk(sk)); inet_sk(sk)->saddr = new; inet_hash(&tcp_hashinfo, sk); read_lock(&tcp_hashinfo.ehash[bucket].lock); } } read_unlock(&tcp_hashinfo.ehash[bucket].lock); } 16 }

  17. Notification ICMP Notification ICMP 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Code | Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | New IP Address of sending device | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ diff -Nurp linux-2.6.19/include/linux/icmp.h linux-2.6.19-sacip/include/linux/icmp.h --- linux-2.6.19/include/linux/icmp.h 2007-01-04 22:40:25.000000000 +0100 +++ linux-2.6.19-sacip/include/linux/icmp.h 2007-09-13 22:56:17 .000000000 +0200 @@ -32,7 +32,12 @@ #define ICMP_INFO_REPLY 16 /* Information Reply */ #define ICMP_ADDRESS 17 /* Address Mask Request */ #define ICMP_ADDRESSREPLY 18 /* Address Mask Reply */ +#ifndef CONFIG_SACIP #define NR_ICMP_TYPES 18 +#else +#define ICMP_SACIP 20 /* Session Aware Change of IP */ +#define NR_ICMP_TYPES 20 +#endif ICMP type 20 as specified by IANA: ● – 20-29 Reserved (for Robustness Experiment) [ZSu] 17

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Building socket-aware BPF programs Joe Stringer Cilium.io Linux Plumbers 2018, Vancouver, BC

Building socket-aware BPF programs Joe Stringer Cilium.io Linux Plumbers 2018, Vancouver, BC

Building socket-aware BPF programs Joe Stringer Cilium.io Linux Plumbers 2018, Vancouver, BC Joe Stringer BPF Socket Lookup Nov 13, 2018 1 / 32 Joe Stringer BPF Socket Lookup Nov 13, 2018 2 / 32 Background Network Policy Endpoint A

432 views • 32 slides
Socket Programming CS457, FA 11 What is a socket? Basically, a socket is just a file

Socket Programming CS457, FA 11 What is a socket? Basically, a socket is just a file

Socket Programming CS457, FA 11 What is a socket? Basically, a socket is just a file descriptor that your application can use to read and write data from. Stream and Datagram sockets provide an interface to the transport layer of the

419 views • 14 slides
Socket Service Types The following socket types are defined: 1. SOCK_STREAM : stream socket 2.

Socket Service Types The following socket types are defined: 1. SOCK_STREAM : stream socket 2.

Socket Service Types The following socket types are defined: 1. SOCK_STREAM : stream socket 2. SOCK_DGRAM : datagram socket 3. SOCK_RAW : raw-protocol interface 4. SOCK_RDM : reliably-delivered message 5. SOCK_SEQPACKET : sequenced packet stream

307 views • 27 slides
What is a socket? Socket Programming Socket: An interface between an application process and

What is a socket? Socket Programming Socket: An interface between an application process and

What is a socket? Socket Programming Socket: An interface between an application process and transport layer The application process can send/receive messages to/from another application process (local or remote)via a socket Kameswari

331 views • 6 slides
Outline ! Socket basics ! TCP sockets ! Socket details ! Socket options Computer Networks ! Final

Outline ! Socket basics ! TCP sockets ! Socket details ! Socket options Computer Networks ! Final

Outline ! Socket basics ! TCP sockets ! Socket details ! Socket options Computer Networks ! Final notes Sockets Socket Basics Ports ! An end-point for a IP network connection ! Numbers (vary in BSD, Solaris): what the application layer

318 views • 5 slides
Outline ! Socket basics ! TCP sockets ! Socket details ! Socket options Operating Systems ! Final

Outline ! Socket basics ! TCP sockets ! Socket details ! Socket options Operating Systems ! Final

Outline ! Socket basics ! TCP sockets ! Socket details ! Socket options Operating Systems ! Final notes ! Project 3 Sockets Socket Basics Ports ! An end-point for a IP network connection ! Numbers (vary in BSD, Solaris): what the

279 views • 4 slides
Scalable Socket I/O PG Consultants Peter Gordon peter@pg-consultants.com Objective

Scalable Socket I/O PG Consultants Peter Gordon peter@pg-consultants.com Objective

Scalable Socket I/O PG Consultants Peter Gordon peter@pg-consultants.com Objective To download some http pages Quickly Start Small One socket use IO::Socket::INET my $socket = new IO::Socket::INET(PeerAddr =&gt;

659 views • 14 slides
Please be aware that this session is being recorded. Podium microphones are currently muted so

Please be aware that this session is being recorded. Podium microphones are currently muted so

Please be aware that this session is being recorded. Podium microphones are currently muted so the remote audience will not hear any sound until the session starts. If you are attending remotely, please be sure your Zoom microphone is on Mute

738 views • 26 slides
Implementazione di un client creazione socket connessione Dobbiamo andare a costruire un

Implementazione di un client creazione socket connessione Dobbiamo andare a costruire un

Implementazione di un client creazione socket connessione Dobbiamo andare a costruire un programma scambio dati in C che richiede un servizio chiusura canale socket() socket() SOCK_DGRAM SOCK_STREAM /etc/protocols SOCK_RAW

381 views • 6 slides
THT / SMT adapter for Test Socket Why need an adapter? In certain cases, you are not able to

THT / SMT adapter for Test Socket Why need an adapter? In certain cases, you are not able to

THT / SMT adapter for Test Socket Why need an adapter? In certain cases, you are not able to place any test socket on your board, because: - Its density is too high - It was not designed to accommodate any test socket. - The package

463 views • 3 slides
Socket programming Goal: learn how to build client/server application that communicate using

Socket programming Goal: learn how to build client/server application that communicate using

Socket programming Goal: learn how to build client/server application that communicate using sockets Socket API socket 5: Socket Programming introduced in BSD4.1 UNIX, a host-local , application- 1981 created/owned , Sockets are

404 views • 8 slides
Please be aware that this session is being recorded. If you are attending remotely, please be

Please be aware that this session is being recorded. If you are attending remotely, please be

Please be aware that this session is being recorded. If you are attending remotely, please be sure your microphone is on Mute . Todays Agenda Welcome and OSP Staff Introductions Uniform Guidance: Procurement Requirements IRES

596 views • 33 slides
Thank you for the opportunity to speak to you at this Registrars information session. I am aware

Thank you for the opportunity to speak to you at this Registrars information session. I am aware

Thank you for the opportunity to speak to you at this Registrars information session. I am aware that many of you are at different stages of understanding and experience in electronic conveyancing. During this session I would like to take you on the

623 views • 28 slides
Please be aware that this session is being recorded. Please wait for the microphone to be passed

Please be aware that this session is being recorded. Please wait for the microphone to be passed

Please be aware that this session is being recorded. Please wait for the microphone to be passed to you before asking your question. Todays Agenda Introductions NIH Salary Cap Increase Workday Reminders External Sales

279 views • 27 slides
Please be aware that this session is being recorded. Please wait for the microphone to be passed

Please be aware that this session is being recorded. Please wait for the microphone to be passed

Please be aware that this session is being recorded. Please wait for the microphone to be passed to you before asking your question. Todays Agenda 1. Introductions &amp; New OSP Staff 6. OSP Electronic Resources: Where to find Important

505 views • 24 slides
Java 2 Micro Edition Socket, SMS and Bluetooth F. Ricci 2009/2010 Content Other Connection

Java 2 Micro Edition Socket, SMS and Bluetooth F. Ricci 2009/2010 Content Other Connection

Java 2 Micro Edition Socket, SMS and Bluetooth F. Ricci 2009/2010 Content Other Connection Types Responding to Incoming Connections Socket and Server Socket Security Permissions Security domains Midlet signing

1.04k views • 59 slides
IPv6 Basics APNIC Training Bali, Indonesia February, 2007 Jordi Palet

IPv6 Basics APNIC Training Bali, Indonesia February, 2007 Jordi Palet

IPv6 Basics APNIC Training Bali, Indonesia February, 2007 Jordi Palet (jordi.palet@consulintel.es) - 1 Why a New IP? Only compelling reason: more addresses! for billions of new devices, e.g., cell phones, PDAs, appliances, cars, etc.

707 views • 47 slides
High-Performance GPU Clustering: GPUDirect RDMA over 40GbE iWARP Tom Reu Consulting Applications

High-Performance GPU Clustering: GPUDirect RDMA over 40GbE iWARP Tom Reu Consulting Applications

High-Performance GPU Clustering: GPUDirect RDMA over 40GbE iWARP Tom Reu Consulting Applications Engineer Chelsio Communications tomreu@chelsio.com 1 Efficient Performance Chelsio Corporate Snapshot Leader in High Speed Converged

316 views • 28 slides
Tinfoil attack A study on the security threats and weaknesses of GSM-based communication in BMW

Tinfoil attack A study on the security threats and weaknesses of GSM-based communication in BMW

Tinfoil attack A study on the security threats and weaknesses of GSM-based communication in BMW cars Thijs Houtenbos Jurgen Kloosterman thijs.houtenbos@os3.nl jurgen.kloosterman@os3.nl February 7, 2013 Thijs Houtenbos, Jurgen Kloosterman

440 views • 20 slides
NETWORK TRAFFIC CHARACTERISATION USING FLOW-BASED STATISTICS Wednesday 27 th April, 2016 Petr

NETWORK TRAFFIC CHARACTERISATION USING FLOW-BASED STATISTICS Wednesday 27 th April, 2016 Petr

NETWORK TRAFFIC CHARACTERISATION USING FLOW-BASED STATISTICS Wednesday 27 th April, 2016 Petr Velan Jana Medkov, Tom Jirsk, Pavel eleda Introduction We need to be able to describe the network traffic. The researchers have to be

320 views • 17 slides
InfiniBand Trade Association Status Update Author: Rupert Dance Date: 3/17/2010

InfiniBand Trade Association Status Update Author: Rupert Dance Date: 3/17/2010

InfiniBand Trade Association Status Update Author: Rupert Dance Date: 3/17/2010 www.openfabrics.org 1 Agenda CIWG Update IBTA Plugfest 16 October 2009 IBTA Mini-Interop Event February 2010 IBTA Plugfest 17 April

470 views • 19 slides
Front End Engineering and Design (FEED) Benefits Freedom to Choose. Power to Instruments

Front End Engineering and Design (FEED) Benefits Freedom to Choose. Power to Instruments

Front End Engineering and Design (FEED) Benefits Freedom to Choose. Power to Instruments choice Integrate. Cable routing Where to have the control Flexible assignment to controller Direct alarming Excellent Diagnostics 1 1 Freedom to

1.22k views • 18 slides
Founded in 1998, Staminus Communications provides revolutionary DDoS mitigation services to

Founded in 1998, Staminus Communications provides revolutionary DDoS mitigation services to

Founded in 1998, Staminus Communications provides revolutionary DDoS mitigation services to millions of users and thousands of companies around the globe. Powered by an ever-expanding global network dedicated to DDoS mitigation and multiple

576 views • 9 slides
ICT Standardization for Smart Sustainable Cities Architectures, Protocols &amp; Quality of

ICT Standardization for Smart Sustainable Cities Architectures, Protocols &amp; Quality of

ICT Standardization for Smart Sustainable Cities Architectures, Protocols &amp; Quality of Service Dr. Shane HE ITU-T Q3/20 Rapporteur Nokia Bell-Labs and CTO group 4th Asia-Pacific Forum on Smart Sustainable Cities and e-Government ITU-T

525 views • 18 slides

More recommend