Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Lab 4 - Network Packet Filtering

advertisement 
Programming Multi-Core
Processors based Embedded
Systems
A Hands-On Experience on Cavium
Octeon based Platforms
Lab Exercises
Lab # 4: Network Packet
Filtering
An overview
4-2
Lab Goals

Objective




Learning parallel programming using threads
Utilizing many core systems efficiently
Performance measurement
Packet capture / filter / analyze - A case
study

We will use series of labs to achieve our
objectives. Today’s lab is about packet filtering
4-3
Prerequisites

Sniffing


Capturing of network packets arriving or departing
from a network interface
Mechanism

We use raw sockets as follows
rawSock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL))

This system call picks every packet going out or
coming in on an Ethernet interface
4-4
Prerequisites

Testing


You can use loop back device as a network
interface
Use Netperf or MPAC for traffic generation on the
network interface
4-5
Lab Setup
0
2
4
6
0
2
4
6
1
3
5
7
1
3
5
7
System 1
1 GigE
Link
Sender
Packet
Sniffer
System 2
Receiver
Core
Packet Mapping to Cores
Data Packets
4-6
Sniffing Labs Framework

Sniffing


One thread, called the dispatcher, sniffs the
packets from the interface and puts it in one of
the workers’ queues
Filtering / Analysis



Any kind of processing on a packet is the
responsibility of the workers
Each worker has its own queue or shared queue
depending on sniffer application architecture
Dispatcher assigns packets to worker queues
4-7
Lab 4 – Packet Filtering

Objective


Use different packet header information to sniff
specific type of packets
Mechanism



Use different sniffer application architectures to
compare the performance of these architectures
Dispatcher will sniff frames and will put in worker
queues in round-robin fashion
User will specify source IP, destination IP, source
port and destination port for filtering in TCP
packets
4-8
Lab 4 – Packet Filtering

Mechanism


Each worker will process packets residing in its
queues
Observations



Observer the throughput performance with
increasing number of threads
Compare the throughput with lab 3 throughput
Use core affinity and observe throughput
4-9
Sniffer Application Architecture





MPAC packet sniffer version 1
Single queue
Dispatcher can access whole queue
Each worker thread can access only dedicated locations
In-situ sniffing


No copying from dispatcher to worker space
Each location access is mutually exclusive


Controlled by a flag per location
No locking overhead
Get packet, if flag = 1
(workers)
Location Access Function =
Put packet, if flag = 0
4-10
(Dispatcher)
MPAC Packet Sniffer
(Version 1)
T0
T1
TN-1 T0
T1
TN-1T0
T1
TN-1T0
T1
TN-1
Dispatcher putting space
TN
Worker Threads
Dispatcher putting direction
Workers getting direction
4-11
Cross Compile for Target System

Cross Compile on Host System

Go to Cavium SDK directory and run the command

host$ source env-setup <OCTEON-MODEL>
(where <OCTEON-MODEL> is the model of your target board. E.g. OCTEON_CN56XX)




host$ cd /<path-to-mpac>/mpac_1.2
host$ ./configure --host=i386-redhat-linux-gnu
--target=mips64-octeon-linux-gnu export
CC=mips64-octeon-linux-gnu-gcc
host$ make clean
host$ make CC=mips64-octeon-linux-gnu-gcc
4-12
Run on target system

Copy executable “mpac_net_bm” and
“mpac_sniffer_app” from the directory
mpac_1.2/apps/sniffer/sniffer_1Q/ on target system



target$ ./mpac_net_bm –c <Receiver> –d <duration>
–l <# of threads>
target$ ./mpac_net_bm –c <Sender> –d <duration>
–l <# of threads> -i <IP of Receiver>
target$ ./mpac_sniffer_app –n<# of Threads> –d<duration>
-f<interface to sniff> -e 4
4-13
Sniffer Application Architecture






MPAC Sniffer Version 2
Queue size distributed between worker threads
Dispatcher can access whole queue
Each worker thread can access only dedicated sub-queue
In-situ sniffing
 No copying from dispatcher to worker space
Mutually exclusion is assured by

get and set indices (get chases set)
 Location access directions
 No locking overhead
Get packet,
if get < set
(workers)
Location Access Function =
Put packet,
Wait,
4-14
if get ≤ set
otherwise
(Dispatcher)
T0
T1
T2
TN-1
MPAC Packet Sniffer
(Version 2 & 3)
Dispatcher putting space
TN
Worker Threads
Dispatcher putting direction
Workers getting direction
4-15
Cross Compile for Target System

Cross Compile on Host System

Go to Cavium SDK directory and run the command

host$ source env-setup <OCTEON-MODEL>
(where <OCTEON-MODEL> is the model of your target board. E.g. OCTEON_CN56XX)




host$ cd /<path-to-mpac>/mpac_1.2
host$ ./configure --host=i386-redhat-linux-gnu
--target=mips64-octeon-linux-gnu export
CC=mips64-octeon-linux-gnu-gcc
host$ make clean
host$ make CC=mips64-octeon-linux-gnu-gcc
4-16
Run on target system

Copy executable “mpac_net_bm” and
“mpac_sniffer_app” from the directory
mpac_1.2/apps/sniffer/sniffer_MQ/ on target system



target$ ./mpac_net_bm –c <Receiver> –d <duration>
–l <# of threads>
target$ ./mpac_net_bm –c <Sender> –d <duration>
–l <# of threads> -i <IP of Receiver>
target$ ./mpac_sniffer_app –n<# of Threads> –d<duration>
-f<interface to sniff> -e 4
4-17
Sniffer Application Architecture



MPAC Packet Sniffer Version 3
Data structures and algorithm same as that of
version 2
Packet sniffing functions are optimized for
maximum throughput



No duplicate sniffing
Packet type (IP, ARP, etc.) identification removed
from these functions
Conditionally perform computations on available
packet

Main logic responsible for packet type checking
4-18
Cross Compile for Target System

Cross Compile on Host System

Go to Cavium SDK directory and run the command

host$ source env-setup <OCTEON-MODEL>
(where <OCTEON-MODEL> is the model of your target board. E.g. OCTEON_CN56XX)




host$ cd /<path-to-mpac>/mpac_1.2
host$ ./configure --host=i386-redhat-linux-gnu
--target=mips64-octeon-linux-gnu export
CC=mips64-octeon-linux-gnu-gcc
host$ make clean
host$ make CC=mips64-octeon-linux-gnu-gcc
4-19
Run on target system

Copy executable “mpac_net_bm” and
“mpac_sniffer_app” from the directory
mpac_1.2/apps/sniffer/sniffer_MQ_optimized/ on
target system



target$ ./mpac_net_bm –c <Receiver> –d <duration>
–l <# of threads>
target$ ./mpac_net_bm –c <Sender> –d <duration>
–l <# of threads> -i <IP of Receiver>
target$ ./mpac_sniffer_app –n<# of Threads> –d<duration>
-f<interface to sniff> -e 4
4-20
Lab 4 – Five Tuple comparison
(MPAC sniffer version 3)
$ ./mpac_sniffer_app -f eth0 -d 30 -e 4 -q 1000 -n <# of Threads>
Throughput (Mbps)
Lab #4: 1 GigE
Throughput (Mbps)
Lab #4: Loopback Interface
10000
8000
6000
4000
2000
0
1020
1000
980
960
940
920
900
1
2
3
4
5
No. of Threads
1
2
3
4
5
6
7
8
No. of Threads
$ ./mpac_sniffer_app -f lo -d 30 -e 4 -q 1000 -n <# of Threads>
4-21
6
7
8
Related documents
COE 590 Special Topics: Parallel Architectures
COE 590 Special Topics: Parallel Architectures
Sniffer - TEC LABS TEC LABS
Sniffer - TEC LABS TEC LABS
Transprofessional issues in professional practice
Transprofessional issues in professional practice
Slides
Slides
Positioning difficulties in periapical radiography
Positioning difficulties in periapical radiography
Adaptive Forwarding In Named Data Networking
Adaptive Forwarding In Named Data Networking
Lecture8
Lecture8
River Monitor System - Clark County Washington ARES/RACES
River Monitor System - Clark County Washington ARES/RACES
25D Cyber Network Defender Trifold
25D Cyber Network Defender Trifold
Lab Manual - Cavium University Program
Lab Manual - Cavium University Program
Download
advertisement