Lab 4 - Network Packet Filtering
Download
Report
Transcript Lab 4 - Network Packet Filtering
Programming Multi-Core
Processors based Embedded
Systems
A Hands-On Experience on Cavium
Octeon based Platforms
Lab Exercises
Lab # 4: Network Packet
Filtering
An overview
4-2
Lab Goals
Objective
Learning parallel programming using threads
Utilizing many core systems efficiently
Performance measurement
Packet capture / filter / analyze - A case
study
We will use series of labs to achieve our
objectives. Today’s lab is about packet filtering
4-3
Prerequisites
Sniffing
Capturing of network packets arriving or departing
from a network interface
Mechanism
We use raw sockets as follows
rawSock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL))
This system call picks every packet going out or
coming in on an Ethernet interface
4-4
Prerequisites
Testing
You can use loop back device as a network
interface
Use Netperf or MPAC for traffic generation on the
network interface
4-5
Lab Setup
0
2
4
6
0
2
4
6
1
3
5
7
1
3
5
7
System 1
1 GigE
Link
Sender
Packet
Sniffer
System 2
Receiver
Core
Packet Mapping to Cores
Data Packets
4-6
Sniffing Labs Framework
Sniffing
One thread, called the dispatcher, sniffs the
packets from the interface and puts it in one of
the workers’ queues
Filtering / Analysis
Any kind of processing on a packet is the
responsibility of the workers
Each worker has its own queue or shared queue
depending on sniffer application architecture
Dispatcher assigns packets to worker queues
4-7
Lab 4 – Packet Filtering
Objective
Use different packet header information to sniff
specific type of packets
Mechanism
Use different sniffer application architectures to
compare the performance of these architectures
Dispatcher will sniff frames and will put in worker
queues in round-robin fashion
User will specify source IP, destination IP, source
port and destination port for filtering in TCP
packets
4-8
Lab 4 – Packet Filtering
Mechanism
Each worker will process packets residing in its
queues
Observations
Observer the throughput performance with
increasing number of threads
Compare the throughput with lab 3 throughput
Use core affinity and observe throughput
4-9
Sniffer Application Architecture
MPAC packet sniffer version 1
Single queue
Dispatcher can access whole queue
Each worker thread can access only dedicated locations
In-situ sniffing
No copying from dispatcher to worker space
Each location access is mutually exclusive
Controlled by a flag per location
No locking overhead
Get packet, if flag = 1
(workers)
Location Access Function =
Put packet, if flag = 0
4-10
(Dispatcher)
MPAC Packet Sniffer
(Version 1)
T0
T1
TN-1 T0
T1
TN-1T0
T1
TN-1T0
T1
TN-1
Dispatcher putting space
TN
Worker Threads
Dispatcher putting direction
Workers getting direction
4-11
Cross Compile for Target System
Cross Compile on Host System
Go to Cavium SDK directory and run the command
host$ source env-setup <OCTEON-MODEL>
(where <OCTEON-MODEL> is the model of your target board. E.g. OCTEON_CN56XX)
host$ cd /<path-to-mpac>/mpac_1.2
host$ ./configure --host=i386-redhat-linux-gnu
--target=mips64-octeon-linux-gnu export
CC=mips64-octeon-linux-gnu-gcc
host$ make clean
host$ make CC=mips64-octeon-linux-gnu-gcc
4-12
Run on target system
Copy executable “mpac_net_bm” and
“mpac_sniffer_app” from the directory
mpac_1.2/apps/sniffer/sniffer_1Q/ on target system
target$ ./mpac_net_bm –c <Receiver> –d <duration>
–l <# of threads>
target$ ./mpac_net_bm –c <Sender> –d <duration>
–l <# of threads> -i <IP of Receiver>
target$ ./mpac_sniffer_app –n<# of Threads> –d<duration>
-f<interface to sniff> -e 4
4-13
Sniffer Application Architecture
MPAC Sniffer Version 2
Queue size distributed between worker threads
Dispatcher can access whole queue
Each worker thread can access only dedicated sub-queue
In-situ sniffing
No copying from dispatcher to worker space
Mutually exclusion is assured by
get and set indices (get chases set)
Location access directions
No locking overhead
Get packet,
if get < set
(workers)
Location Access Function =
Put packet,
Wait,
4-14
if get ≤ set
otherwise
(Dispatcher)
T0
T1
T2
TN-1
MPAC Packet Sniffer
(Version 2 & 3)
Dispatcher putting space
TN
Worker Threads
Dispatcher putting direction
Workers getting direction
4-15
Cross Compile for Target System
Cross Compile on Host System
Go to Cavium SDK directory and run the command
host$ source env-setup <OCTEON-MODEL>
(where <OCTEON-MODEL> is the model of your target board. E.g. OCTEON_CN56XX)
host$ cd /<path-to-mpac>/mpac_1.2
host$ ./configure --host=i386-redhat-linux-gnu
--target=mips64-octeon-linux-gnu export
CC=mips64-octeon-linux-gnu-gcc
host$ make clean
host$ make CC=mips64-octeon-linux-gnu-gcc
4-16
Run on target system
Copy executable “mpac_net_bm” and
“mpac_sniffer_app” from the directory
mpac_1.2/apps/sniffer/sniffer_MQ/ on target system
target$ ./mpac_net_bm –c <Receiver> –d <duration>
–l <# of threads>
target$ ./mpac_net_bm –c <Sender> –d <duration>
–l <# of threads> -i <IP of Receiver>
target$ ./mpac_sniffer_app –n<# of Threads> –d<duration>
-f<interface to sniff> -e 4
4-17
Sniffer Application Architecture
MPAC Packet Sniffer Version 3
Data structures and algorithm same as that of
version 2
Packet sniffing functions are optimized for
maximum throughput
No duplicate sniffing
Packet type (IP, ARP, etc.) identification removed
from these functions
Conditionally perform computations on available
packet
Main logic responsible for packet type checking
4-18
Cross Compile for Target System
Cross Compile on Host System
Go to Cavium SDK directory and run the command
host$ source env-setup <OCTEON-MODEL>
(where <OCTEON-MODEL> is the model of your target board. E.g. OCTEON_CN56XX)
host$ cd /<path-to-mpac>/mpac_1.2
host$ ./configure --host=i386-redhat-linux-gnu
--target=mips64-octeon-linux-gnu export
CC=mips64-octeon-linux-gnu-gcc
host$ make clean
host$ make CC=mips64-octeon-linux-gnu-gcc
4-19
Run on target system
Copy executable “mpac_net_bm” and
“mpac_sniffer_app” from the directory
mpac_1.2/apps/sniffer/sniffer_MQ_optimized/ on
target system
target$ ./mpac_net_bm –c <Receiver> –d <duration>
–l <# of threads>
target$ ./mpac_net_bm –c <Sender> –d <duration>
–l <# of threads> -i <IP of Receiver>
target$ ./mpac_sniffer_app –n<# of Threads> –d<duration>
-f<interface to sniff> -e 4
4-20
Lab 4 – Five Tuple comparison
(MPAC sniffer version 3)
$ ./mpac_sniffer_app -f eth0 -d 30 -e 4 -q 1000 -n <# of Threads>
Throughput (Mbps)
Lab #4: 1 GigE
Throughput (Mbps)
Lab #4: Loopback Interface
10000
8000
6000
4000
2000
0
1020
1000
980
960
940
920
900
1
2
3
4
5
No. of Threads
1
2
3
4
5
6
7
8
No. of Threads
$ ./mpac_sniffer_app -f lo -d 30 -e 4 -q 1000 -n <# of Threads>
4-21
6
7
8