Lightweight Internet Protocol Stack Ideal Choice for High-Performance HFT and Telecom Packet Processing Applications Lightweight Internet Protocol Stack
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
AMNESIA 33: How TCP/IP Stacks Breed Critical Vulnerabilities in Iot
AMNESIA:33 | RESEARCH REPORT How TCP/IP Stacks Breed Critical Vulnerabilities in IoT, OT and IT Devices Published by Forescout Research Labs Written by Daniel dos Santos, Stanislav Dashevskyi, Jos Wetzels and Amine Amri RESEARCH REPORT | AMNESIA:33 Contents 1. Executive summary 4 2. About Project Memoria 5 3. AMNESIA:33 – a security analysis of open source TCP/IP stacks 7 3.1. Why focus on open source TCP/IP stacks? 7 3.2. Which open source stacks, exactly? 7 3.3. 33 new findings 9 4. A comparison with similar studies 14 4.1. Which components are typically flawed? 16 4.2. What are the most common vulnerability types? 17 4.3. Common anti-patterns 22 4.4. What about exploitability? 29 4.5. What is the actual danger? 32 5. Estimating the reach of AMNESIA:33 34 5.1. Where you can see AMNESIA:33 – the modern supply chain 34 5.2. The challenge – identifying and patching affected devices 36 5.3. Facing the challenge – estimating numbers 37 5.3.1. How many vendors 39 5.3.2. What device types 39 5.3.3. How many device units 40 6. An attack scenario 41 6.1. Other possible attack scenarios 44 7. Effective IoT risk mitigation 45 8. Conclusion 46 FORESCOUT RESEARCH LABS RESEARCH REPORT | AMNESIA:33 A note on vulnerability disclosure We would like to thank the CERT Coordination Center, the ICS-CERT, the German Federal Office for Information Security (BSI) and the JPCERT Coordination Center for their help in coordinating the disclosure of the AMNESIA:33 vulnerabilities. -
Lwip TCP/IP Stack Demonstration for Stm32f107xx Connectivity Line Microcontrollers
AN3102 Application note lwIP TCP/IP stack demonstration for STM32F107xx connectivity line microcontrollers Introduction STM32F107xx connectivity line microcontrollers feature a high-quality 10/100 Ethernet peripheral that supports both MII and RMII to interface the PHY. One of the advanced features of the STM32F107xx's Ethernet controller is the capability of generating, inserting and verifying the checksums of the IP, UDP, TCP and ICMP protocols by hardware. In this application note, you can find a real application that uses this feature. The objective of this application note is to present a demonstration package built on top of a free TCP/IP stack: the lwIP (lightweight IP). This package contains: ● A DHCP client, for IP address setting ● A Hello example based on the Telnet protocol ● A TFTP server, which transfers files from and to the microSD™ card located on the STM3210C-EVAL board ● A web server ● A Server/Clients example, which uses multiple boards and allows clients to control the server's LEDs. November 2009 Doc ID 16620 Rev 1 1/18 www.st.com Contents AN3102 Contents 1 Porting lwIP to the STM32F107xx . 5 1.1 lwIP stack overview . 5 1.2 How to port lwIP to the STM32F107xx . 5 1.2.1 Ethernet controller interface . 5 1.2.2 Periodic lwIP tasks . 6 1.2.3 lwIP configuration . 6 1.2.4 STM32F107xx hardware checksum . 7 2 Description of the demonstration package . 8 2.1 Package directories . 8 2.2 Demonstration settings . 8 2.2.1 PHY interface configuration . 8 2.2.2 MAC address settings . 9 2.2.3 IP address settings . -
Master Thesis
Vrije Universiteit Amsterdam Parallel and Distributed Computer Systems Efficient Use of Heterogeneous Multicore Architectures in Reliable Multiserver Systems MASTER THESIS Valentin Gabriel Priescu student number: 2206421 Supervisors: Second reader: Herbert Bos Dirk Vogt Tomas Hruby August 2012 Abstract While designing operating systems, we often have to make a compromise between per- formance and reliability. This is not a problem anymore, as we can take advantage of today's powerful multicore platforms to improve performance in reliable systems. How- ever, this comes with the cost of wasting too many hardware resources and energy. This thesis discusses techniques to make fast and reliable operating systems better utilize their resources. Therefore we perform a case study that extends a previous imple- mentation of a very reliable and fast OS subsystem (the network stack), which wastes too many cores. We analyze if OS components really need powerful cores and if we can replace them with smaller low power cores. We simulate these small cores using commodity hardware and frequency scaling. This work also presents performance eval- uation for different frequencies, discussion of different hardware capabilities that can be used to improve system efficiency, and compares with other related work. i Contents Abstract i 1 Introduction1 2 Background5 2.1 What are Fast-Path Channels?.......................5 2.2 High Throughput Networking Stack....................7 3 Implementation9 3.1 ACPI driver.................................. 10 3.2 P-states and frequency scaling driver.................... 15 3.3 Core-expansion/consolidation for OS Components............ 16 4 Evaluation 18 4.1 Experimental Setup............................. 18 4.2 Low Power Cores on AMD Opteron.................... 19 4.3 TCP/IP Stack Consolidation on AMD Opteron............. -
Lwip TCP/IP Stack
Design and Implementation of the lwIP TCP/IP Stack Swedish Institute of Computer Science February 20, 2001 Adam Dunkels [email protected] Abstract lwIP is an implementation of the TCP/IP protocol stack. The focus of the lwIP stack is to reduce memory usage and code size, making lwIP suitable for use in small clients with very limited resources such as embedded systems. In order to reduce processing and memory demands, lwIP uses a tailor made API that does not require any data copying. This report describes the design and implementation of lwIP. The algorithms and data struc- tures used both in the protocol implementations and in the sub systems such as the memory and bu®er management systems are described. Also included in this report is a reference manual for the lwIP API and some code examples of using lwIP. Contents 1 Introduction 1 2 Protocol layering 1 3 Overview 2 4 Process model 2 5 The operating system emulation layer 3 6 Bu®er and memory management 3 6.1 Packet bu®ers | pbufs .................................. 3 6.2 Memory management .................................. 5 7 Network interfaces 5 8 IP processing 7 8.1 Receiving packets ..................................... 7 8.2 Sending packets ...................................... 7 8.3 Forwarding packets .................................... 8 8.4 ICMP processing ..................................... 8 9 UDP processing 8 10 TCP processing 9 10.1 Overview ......................................... 9 10.2 Data structures ...................................... 10 10.3 Sequence number calculations .............................. 12 10.4 Queuing and transmitting data ............................. 12 10.4.1 Silly window avoidance ............................. 13 10.5 Receiving segments .................................... 13 10.5.1 Demultiplexing .................................. 13 10.5.2 Receiving data ................................. -
Lwip (Light Weight) TCP/IP Stack on 16-Bit XC167CI Microcontroller
Application Note, V1.0, Jan. 2007 AP16106 XC167CI lwIP (Light weight) TCP/IP Stack on 16-bit XC167CI Microcontroller Microcontrollers Edition 2007-01-15 Published by Infineon Technologies AG 81726 München, Germany © Infineon Technologies AG 2007. All Rights Reserved. LEGAL DISCLAIMER THE INFORMATION GIVEN IN THIS APPLICATION NOTE IS GIVEN AS A HINT FOR THE IMPLEMENTATION OF THE INFINEON TECHNOLOGIES COMPONENT ONLY AND SHALL NOT BE REGARDED AS ANY DESCRIPTION OR WARRANTY OF A CERTAIN FUNCTIONALITY, CONDITION OR QUALITY OF THE INFINEON TECHNOLOGIES COMPONENT. THE RECIPIENT OF THIS APPLICATION NOTE MUST VERIFY ANY FUNCTION DESCRIBED HEREIN IN THE REAL APPLICATION. INFINEON TECHNOLOGIES HEREBY DISCLAIMS ANY AND ALL WARRANTIES AND LIABILITIES OF ANY KIND (INCLUDING WITHOUT LIMITATION WARRANTIES OF NON-INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OF ANY THIRD PARTY) WITH RESPECT TO ANY AND ALL INFORMATION GIVEN IN THIS APPLICATION NOTE. Information For further information on technology, delivery terms and conditions and prices please contact your nearest Infineon Technologies Office (www.infineon.com). Warnings Due to technical requirements components may contain dangerous substances. For information on the types in question please contact your nearest Infineon Technologies Office. Infineon Technologies Components may only be used in life-support devices or systems with the express written approval of Infineon Technologies, if a failure of such components can reasonably be expected to cause the failure of that life-support device or system, or to affect the safety or effectiveness of that device or system. Life support devices or systems are intended to be implanted in the human body, or to support and/or maintain and sustain and/or protect human life. -
Packet Processing at Wire Speed Using Network Processors
Packet processing at wire speed using Network processors Chethan Kumar and Hao Che University of Texas at Arlington {ckumar, hche}@cse.uta.edu Abstract 1 Introduction Recent developments in fiber optics and the new The modern day Internet has seen an explosive bandwidth hungry applications have put more stress growth of applications being used on it. As more and on the active components (switches, routers etc.,) of a more applications are being developed, there is an network. Optical fiber bandwidth is no longer a increase in the amount of load put on the internet. At constraint for increasing the network bandwidth. the same time the fiber optics bandwidth has However, the processing power of the network has not increased dramatically to meet the traffic demand, but scaled upto the increase in the fiber bandwidth. the present day routers have limited processing power Communication industry is looking forward for more to handle this profound demand increase. Hence the innovative ways of designing router1 architecture and networking and telecommunications industry is research is being conducted to develop a scalable, compelled to look for new solutions for improving flexible and cost-effective architecture for routers. A the performance and the processing power of the successful outcome of this effort is a specialized routers. processor called Network processor. Network processor provides performance at hardware speeds One of the industry’s solutions to the challenges while attaining the flexibility of software. Network posed by the increased demand for the processing processors from different vendors employ different power is programmable functional units grouped into architectures and the choice of a particular type of a processor called Application Specific Instruction network processor can affect the architecture of the Processor (ASIP) or Network processor (NP)2. -
Packet Processing Execution Engine (PROX) - Performance Characterization for NFVI User Guide
USER GUIDE Intel Corporation Packet pROcessing eXecution Engine (PROX) - Performance Characterization for NFVI User Guide Authors 1 Introduction Yury Kylulin Properly designed Network Functions Virtualization Infrastructure (NFVI) environments deliver high packet processing rates, which are also a required dependency for Luc Provoost onboarded network functions. NFVI testing methodology typically includes both Petar Torre functionality testing and performance characterization testing, to ensure that NFVI both exposes the correct APIs and is capable of packet processing. This document describes how to use open source software tools to automate peak traffic (also called saturation) throughput testing to characterize the performance of a containerized NFVI system. The text and examples in this document are intended for architects and testing engineers for Communications Service Providers (CSPs) and their vendors. This document describes tools used during development to evaluate whether or not a containerized NFVI can perform the required rates of packet processing within set packet drop rates and latency percentiles. This document is part of the Network Transformation Experience Kit, which is available at https://networkbuilders.intel.com/network-technologies/network-transformation-exp- kits. 1 User Guide | Packet pROcessing eXecution Engine (PROX) - Performance Characterization for NFVI Table of Contents 1 Introduction ................................................................................................................................................................................................................ -
Nrf51 Iot SDK SDK for Iot Applications Using Ipv6 Over Bluetooth Smart
nRF51 IoT SDK SDK for IoT applications using IPv6 over Bluetooth Smart Overview KEY FEATURES This SDK is a complete IPv6 capable Bluetooth® Smart software stack with examples for the nRF51 Series SoCs. It supports 6LoWPAN and IPSP library: the Internet Protocol Support Profile (IPSP) and also supports • 6LoWPAN compression/decompression. 6LoWPAN over Bluetooth Smart. • 6LoWPAN Node role. • Packet flow control. Internet of Things, IPv6 and Bluetooth Smart • IPv6 prefix management. Up until now Bluetooth Smart enabled products have been able to • Can use a third-party IPv6 stack connect to the Internet via gateway devices such as a smartphone or tablet, see fig 1. In this scenario the Nordic’s IPv6 stack: App in the gateway device carries out the • Support for multiple IP addresses necessary task of bridging Bluetooth • ICMPv6 module Smart to IP-based messages for • UDP socket APIs internet communication to the cloud. Wi-Fi Nordic’s CoAP library: It is desirable to have ‘things’ • CoAP message types CON, NON, ACK, and RESET that can communicate with other Smart Phone • Token matching on responses to a local client generated ‘things’ using native IP directly. Bluetooth request In this scenario Bluetooth Smart Smart • Endpoint creation as resources devices can connect directly to the Internet via Bluetooth smart enabled • Automatic lookup of requested endpoint on remote request headless routers, see fig 2. • Endpoint resource function callback • Endpoint permission setting APPLICATIONS: • Internet of Things applications Wi-Fi, Fiber etc. Wi-Fi, Ethernet, IPS over IPv6 significantly expands the number of available IP addresses for use and makes available 2128 addresses. -
High Level Synthesis for Packet Processing Pipelines Cristian
High Level Synthesis for Packet Processing Pipelines Cristian Soviani Submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy in the Graduate School of Arts and Sciences COLUMBIA UNIVERSITY 2007 c 2007 Cristian Soviani All Rights Reserved ABSTRACT High Level Synthesis for Packet Processing Pipelines Cristian Soviani Packet processing is an essential function of state-of-the-art network routers and switches. Implementing packet processors in pipelined architectures is a well-known, established technique, albeit different approaches have been proposed. The design of packet processing pipelines is a delicate trade-off between the desire for abstract specifications, short development time, and design maintainability on one hand and very aggressive performance requirements on the other. This thesis proposes a coherent design flow for packet processing pipelines. Like the design process itself, I start by introducing a novel domain-specific language that provides a high-level specification of the pipeline. Next, I address synthesizing this model and calculating its worst-case throughput. Finally, I address some specific circuit optimization issues. I claim, based on experimental results, that my proposed technique can dramat- ically improve the design process of these pipelines, while the resulting performance matches the expectations of hand-crafted design. The considered pipelines exhibit a pseudo-linear topology, which can be too re- strictive in the general case. However, especially due to its high performance, such an architecture may be suitable for applications outside packet processing, in which case some of my proposed techniques could be easily adapted. Since I ran my experiments on FPGAs, this work has an inherent bias towards that technology; however, most results are technology-independent. -
Evaluating the Power of Flexible Packet Processing for Network Resource Allocation Naveen Kr
Evaluating the Power of Flexible Packet Processing for Network Resource Allocation Naveen Kr. Sharma, Antoine Kaufmann, and Thomas Anderson, University of Washington; Changhoon Kim, Barefoot Networks; Arvind Krishnamurthy, University of Washington; Jacob Nelson, Microsoft Research; Simon Peter, The University of Texas at Austin https://www.usenix.org/conference/nsdi17/technical-sessions/presentation/sharma This paper is included in the Proceedings of the 14th USENIX Symposium on Networked Systems Design and Implementation (NSDI ’17). March 27–29, 2017 • Boston, MA, USA ISBN 978-1-931971-37-9 Open access to the Proceedings of the 14th USENIX Symposium on Networked Systems Design and Implementation is sponsored by USENIX. Evaluating the Power of Flexible Packet Processing for Network Resource Allocation Naveen Kr. Sharma∗ Antoine Kaufmann∗ Thomas Anderson∗ Changhoon Kim† Arvind Krishnamurthy∗ Jacob Nelson‡ Simon Peter§ Abstract of the packet header, perform simple computations on Recent hardware switch architectures make it feasible values in packet headers, and maintain mutable state that to perform flexible packet processing inside the net- preserves the results of computations across packets. Im- work. This allows operators to configure switches to portantly, these advanced data-plane processing features parse and process custom packet headers using flexi- operate at line rate on every packet, addressing a ma- ble match+action tables in order to exercise control over jor limitation of earlier solutions such as OpenFlow [22] how packets are processed and routed. However, flexible which could only operate on a small fraction of packets, switches have limited state, support limited types of op- e.g., for flow setup. FlexSwitches thus hold the promise erations, and limit per-packet computation in order to be of ushering in the new paradigm of a software defined able to operate at line rate. -
How to Port a TCP/IP Stack in Your Kernel
How to port a TCP/IP stack in your kernel Nassim Eddequiouaq Introduction How to port a TCP/IP stack in your kernel TCP/IP stacks without an Ethernet driver Focus on lwIP Conclusion Nassim Eddequiouaq July 20, 2014 Plan How to port a TCP/IP stack in your kernel Nassim Eddequiouaq Introduction TCP/IP stacks 1 Introduction Focus on lwIP Conclusion Generic TCP/IP stack How to port a TCP/IP stack in your kernel Nassim Eddequiouaq Introduction TCP/IP stacks Focus on lwIP Conclusion Plan How to port a TCP/IP stack in your kernel Nassim Eddequiouaq Introduction TCP/IP stacks 2 TCP/IP stacks Focus on lwIP Conclusion Which free open source stacks ? How to port a TCP/IP stack in your kernel Nassim Eddequiouaq Introduction uIP • TCP/IP stacks lwIP Focus on lwIP • tinytcp, wattcp.. Conclusion • fNET • Bentham’s TCP/IP stack • OpenBSD not standalone • ! Focus on what you need How to port a TCP/IP stack in your kernel Nassim Eddequiouaq embedded ? Introduction • TCP/IP stacks bare metal ? (no operating system) • Focus on lwIP Keep It Simple, Stupid ? Conclusion • fast ? • out of the box ? • Your choice. uIP How to port a TCP/IP stack in your kernel Nassim Eddequiouaq Introduction world’s smallest TCP/IP Stack • TCP/IP stacks used mostly for 8/16 bits microcontrollers Focus on lwIP • separates 32-bit arithmetic Conclusion • useful for embedded systems • uses polling • handles TCP, UDP (poorly), IPv4 • uIP simple example How to port a TCP/IP stack in your kernel #define UIP_ACTIVE_OPEN 1 Nassim void setup() { Eddequiouaq connect_test(); } Introduction TCP/IP stacks void loop() { Focus on lwIP uip_send("foo\n", 4); Conclusion } void connect_test(void){ uip_ipaddr_t ipaddr; uip_ipaddr(&ipaddr, 192, 168, 1, 100); uip_connect(&ipaddr, HTONS(8080)); } [...] lwIP How to port a TCP/IP stack in your kernel Nassim Eddequiouaq Introduction works with IRQs TCP/IP stacks • Focus on lwIP which makes it VERY fast • Conclusion DHCP, AUTO-IP, ARP, UDP, PPP. -
An Architecture for High-Speed Packet Switched Networks (Thesis)
Purdue University Purdue e-Pubs Department of Computer Science Technical Reports Department of Computer Science 1989 An Architecture for High-Speed Packet Switched Networks (Thesis) Rajendra Shirvaram Yavatkar Report Number: 89-898 Yavatkar, Rajendra Shirvaram, "An Architecture for High-Speed Packet Switched Networks (Thesis)" (1989). Department of Computer Science Technical Reports. Paper 765. https://docs.lib.purdue.edu/cstech/765 This document has been made available through Purdue e-Pubs, a service of the Purdue University Libraries. Please contact [email protected] for additional information. AN ARCIITTECTURE FOR IDGH-SPEED PACKET SWITCHED NETWORKS Rajcndra Shivaram Yavalkar CSD-TR-898 AugusL 1989 AN ARCHITECTURE FOR HIGH-SPEED PACKET SWITCHED NETWORKS A Thesis Submitted to the Faculty of Purdue University by Rajendra Shivaram Yavatkar In Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy August 1989 Il TABLE OF CONTENTS Page LIST OF FIGURES Vl ABSTRACT ................................... Vlll 1. INTRODUCTION 1 1.1 BackgroWld... 2 1.1.1 Network Architecture 2 1.1.2 Network-Level Services. 7 1.1.3 Circuit Switching. 7 1.1.4 Packet Switching . 8 1.1.5 Summary.... 11 1.2 The Proposed Solution. 12 1.3 Plan of Thesis. ..... 14 2. DEFINITIONS AND TERMINOLOGY 15 2.1 Components of Packet Switched Networks 15 2.2 Concept Of Internetworking .. 16 2.3 Communication Services .... 17 2.4 Flow And Congestion Control. 18 3. NETWORK ARCHITECTURE 19 3.1 Basic Model . ... 20 3.2 Services Provided. 22 3.3 Protocol Hierarchy 24 3.4 Addressing . 26 3.5 Routing .. 29 3.6 Rate-based Congestion Avoidance 31 3.7 Responsibilities of a Router 32 3.8 Autoconfiguration ..