[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Janos on Moab on Linux - Node OSKit

To: "Peter Lutz" <lutz@it.rit.edu>
Subject: Re: Janos on Moab on Linux - Node OSKit
From: Alastair David Reid <reid@cs.utah.edu>
Date: 22 Feb 2002 19:51:49 +0000
Cc: janos-discuss@fast.cs.utah.edu
In-Reply-To: <fc.004c519f00619c38004c519f00619c38.619cca@it.rit.edu>
References: <fc.004c519f00619c38004c519f00619c38.619cca@it.rit.edu>
Sender: owner-janos-discuss@fast.cs.utah.edu
User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7


I can't shed any light on your janosvm problems but wanted to clarify
what you mean by the following:

> The purpose of this is to get a Moab-based active router going on
> top of Linux, rather than on a standalone PC. I wish to explore the
> use of LKMs to provide the level of resource control one would
> like.

I other words, you want to configure/extend the Linux kernel so that
it provides resource control hooks that Moab can plug into?

Two ways suggest themselves:

1) Run a usermode TCP/IP stack.

   IIRC (and that's not too likely :-), you can do this if you run 
   the OSKit in its "run on Unix mode".  All you need is permission 
   to access the ethernet device directly (the way tcpdump does).

2) Use netfilter/iptables under Linux 2.4.x (http://www.netfilter.org/)

   Netfilter is the new name for ipchains which is what you use to setup
   firewalls and NAT.
   The cool thing about netfilter is that you can _extend_ the rules it
   understands with new LKMs (at least, that's how I read the documentation).

   For example, I use rules like this to filter out anything from Utah

     iptables -A filter -s 155.99.212.0/24 -j filter_utah
              ^^^^^^^^^ which table it is in
                                         ^^^^^^^^^^^^^^ jump to this table

   and this table to log up to either accept ssh connections

     iptables -A filter_utah -m state --state NEW -p tcp --dport ssh -j ACCEPT

   or log up to 3 messages per minute for other kinds of connections
   and drop them

     iptables -A filter_utah -m limit --limit 3/minute --limit-burst 1 -j LOG
     iptables -A filter_utah -j DROP

   You can also redirect packets up into a usermode process if you want.

   Seems to me that you could use the limit rules to implement
   Moab-required functionality in netfilter.  (Or, if they're not
   quite right for Moab, implement your own limits, queues, etc.)


Hope this stimulates useful ideas...

-- 
Alastair Reid        reid@cs.utah.edu        http://www.cs.utah.edu/~reid/

References:
- Janos on Moab on Linux - Node OSKit
  - From: "Peter Lutz" <lutz@it.rit.edu>

Prev by Date: Janos on Moab on Linux - Node OSKit
Next by Date: Re: Janos on Moab on Linux - Node OSKit
Prev by thread: Janos on Moab on Linux - Node OSKit
Next by thread: Re: Janos on Moab on Linux - Node OSKit

[ Janos ] [ OSKit ] [ Network Testbed ] [ Flick ] [ Fluke ]
Flux Research Group / Department of Computer Science / University of Utah