1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
|
# Zheng Da
Email: zhengda1936 at gmail dot com
Project: Network virtualization for subhurds etc.
The [code](http://www.assembla.com/spaces/VNetHurd/trac_subversion_tool).
---
## The design and the implementation
### The requirements:
* to implement a mechanism which help pfinet servers communicate with each other. For example, if pfinet 1 has IP A and pfinet 2 has IP B, the packet sent by pfinet 1 with destination address IP B should be received by pfinet 2.
* Sub-hurd should be able to use this mechanism to communicate with each other.
* Meanwhile this mechanism should allow non-privileged the user to start his own pfinet.
### The possible approach is to use the multiplexer and the filter.
The multiplexer's roles are:
1. to create some virtual network interface, so pfinet can send packets to it.
2. to receive the packet from pfinet, and forward the packet to other pfinets in hurd
3. or forward the packet to the real network device in the kernel and send it to the network.
A filter translator is needed to enforce the policies between the interface and the pfinet server. For example, the filter can control which packets can be delivered to the pfinet server, and which packets can be sent to the network interface. The filter can also guard the network traffic and drop illegal packets (forged by some malicious users) from pfinet or some other programs.
### To create a virtual network interface:
* Implement the RPC interface defined in device.defs.
* The multiplexer works as a translator and other programs can get the port to it by calling file_name_port().
* Other programs can use this port as a master device port to open the virtual interface.
### The routing inside the multiplexer:
* when the multiplexer gets a packet, it forwards it to every interface.
* BPF is ported to the multiplexer. BPF delivers the packet to the right pfinet (according to the filter set by the pfinet) just as the BPF in Mach does.
* All packets are forwarded to the interface which the multiplexer sits on.
### The implementation of the filter translator:
* The filter works as a proxy, forwarding the packet between the interface and the pfinet server.
* BPF is also ported to the filter translator. There are two filers in the translator, one for outgoing packets, the other for incoming packets.
* Only one pfinet can connect to the translator at a time.
---
## TODO
### Coding
- give more options in the filter translator to provide the range of IP addresses
- writing the /dev/eth0 translator
- a proxy of the proc server
- make subhurds running without root privileges
- merge BPF rules from the filter translator and the multiplexer
- add the policy control. for example, a suer's pfinet has to connect to the filter translator instead of to the interface directly.
---
## Completed tasks
### Coding
pfinet server overriding by modifying glibc. The patch of glibc is [here](http://www.assembla.com/spaces/VNetHurd/documents/aJidqKp6ur3z-Nab7jnrAJ/download/A%20patch%20of%20glibc).
fix pfinet to use the proper filter rule. The patch of pfinet is [here](http://www.assembla.com/spaces/VNetHurd/documents/dqoQg0qUer3Asvab7jnrAJ/download/A%20patch%20of%20pfinet).
add an option to open the virtual network interface. The patch of boot is [here](http://www.assembla.com/spaces/VNetHurd/documents/cWkeEixHar3AdKab7jnrAJ/download/A%20patch%20of%20boot).
set the network device into the promiscuous mode. The patch of gnumach is [here](http://www.assembla.com/spaces/VNetHurd/documents/b0eLzUxHmr3ymXab7jnrAJ/download/A%20patch%20of%20gnumach).
the multiplexer:
- Create multiple virtual network interfaces.
- Port BPF to the multiplexer.
- Finish the routing among the pfinet servers.
the filter translator:
- Forward the packet between the interface and the pfinet server.
- Filter the packet.
### The Code Read
- boot
### Documentation Read
- [A Programmer's Guide to the Mach System Calls](ftp://ftp.cs.cmu.edu/afs/cs/project/mach/public/doc/unpublished/machsys.doc)
- [Meet Mach](http://www.stepwise.com/Articles/Technical/MeetMach.html) by James Scott
- [A Programmer's Guide to the Mach User Environment](ftp://ftp.cs.cmu.edu/afs/cs/project/mach/public/doc/unpublished/machuse.doc), the MIG part
- Part of The GNU Mach Reference Manual and The GNU Hurd Reference Manual
- The Hurd, a presentation by Marcus Brinkmann
- Towards a New Strategy of OS Design, an architectural overview by Thomas Bushnell, BSG.
- GNU/Hurd User's Guide
- The Hurd Hacking Guide
|