DataMuseum.dk

top - metrics - download

    Length: 86678 (0x15296)
    Types: TextFile
    Names: »pnet.ext.ps«

└─⟦4f9d7c866⟧ Bits:30007245 EUUGD6: Sikkerheds distributionen
    └─⟦this⟧ »./papers/pnet.ext.ps« 

TextFile

%!PS
%%Version: 3.1
%%DocumentFonts: (atend)
%%Pages: (atend)
%%EndComments
%
% Version 3.1 prologue for troff files.
%

/#copies 1 store
/aspectratio 1 def
/formsperpage 1 def
/landscape false def
/linewidth .3 def
/magnification 1 def
/margin 0 def
/orientation 0 def
/resolution 720 def
/xoffset 0 def
/yoffset 0 def

/roundpage true def
/useclippath true def
/pagebbox [0 0 612 792] def

/R  /Times-Roman def
/I  /Times-Italic def
/B  /Times-Bold def
/BI /Times-BoldItalic def
/H  /Helvetica def
/HI /Helvetica-Oblique def
/HB /Helvetica-Bold def
/HX /Helvetica-BoldOblique def
/CW /Courier def
/CO /Courier def
/CI /Courier-Oblique def
/CB /Courier-Bold def
/CX /Courier-BoldOblique def
/PA /Palatino-Roman def
/PI /Palatino-Italic def
/PB /Palatino-Bold def
/PX /Palatino-BoldItalic def
/Hr /Helvetica-Narrow def
/Hi /Helvetica-Narrow-Oblique def
/Hb /Helvetica-Narrow-Bold def
/Hx /Helvetica-Narrow-BoldOblique def
/KR /Bookman-Light def
/KI /Bookman-LightItalic def
/KB /Bookman-Demi def
/KX /Bookman-DemiItalic def
/AR /AvantGarde-Book def
/AI /AvantGarde-BookOblique def
/AB /AvantGarde-Demi def
/AX /AvantGarde-DemiOblique def
/NR /NewCenturySchlbk-Roman def
/NI /NewCenturySchlbk-Italic def
/NB /NewCenturySchlbk-Bold def
/NX /NewCenturySchlbk-BoldItalic def
/ZD /ZapfDingbats def
/ZI /ZapfChancery-MediumItalic def
/VR /Varitimes#Roman def
/VI /Varitimes#Italic def
/VB /Varitimes#Bold def
/VX /Varitimes#BoldItalic def
/S  /S def
/S1 /S1 def
/GR /Symbol def

/inch {72 mul} bind def
/min {2 copy gt {exch} if pop} bind def

/setup {
	counttomark 2 idiv {def} repeat pop

	landscape {/orientation 90 orientation add def} if
	/scaling 72 resolution div def
	linewidth setlinewidth
	1 setlinecap

	pagedimensions
	xcenter ycenter translate
	orientation neg rotate
	width 2 div neg height 2 div translate
	xoffset inch yoffset inch neg translate
	margin 2 div dup neg translate
	magnification dup aspectratio mul scale
	scaling scaling scale

	/Symbol /S Sdefs cf
	/Times-Roman /S1 S1defs cf
	0 0 moveto
} def

/pagedimensions {
	useclippath userdict /gotpagebbox known not and {
		/pagebbox [clippath pathbbox newpath] def
		roundpage currentdict /roundpagebbox known and {roundpagebbox} if
	} if
	pagebbox aload pop
	4 -1 roll exch 4 1 roll 4 copy
	landscape {4 2 roll} if
	sub /width exch def
	sub /height exch def
	add 2 div /xcenter exch def
	add 2 div /ycenter exch def
	userdict /gotpagebbox true put
} def

/pagesetup {
	/page exch def
	currentdict /pagedict known currentdict page known and {
		page load pagedict exch get cvx exec
	} if
} def

/decodingdefs [
	{counttomark 2 idiv {y moveto show} repeat}
	{neg /y exch def counttomark 2 idiv {y moveto show} repeat}
	{neg moveto {2 index stringwidth pop sub exch div 0 32 4 -1 roll widthshow} repeat}
	{neg moveto {spacewidth sub 0.0 32 4 -1 roll widthshow} repeat}
	{counttomark 2 idiv {y moveto show} repeat}
	{neg setfunnytext}
] def

/setdecoding {/t decodingdefs 3 -1 roll get bind def} bind def

/w {neg moveto show} bind def
/m {neg dup /y exch def moveto} bind def
/done {/lastpage where {pop lastpage} if} def

/f {
	dup /font exch def findfont exch
	dup /ptsize exch def scaling div dup /size exch def scalefont setfont
	linewidth ptsize mul scaling 10 mul div setlinewidth
	/spacewidth ( ) stringwidth pop def
} bind def

/sf {f} bind def

/cf {
	dup length 2 idiv
	/entries exch def
	/chtab exch def
	/newfont exch def

	findfont dup length 1 add dict
	/newdict exch def
	{1 index /FID ne {newdict 3 1 roll put} {pop pop} ifelse} forall

	newdict /Metrics entries dict put
	newdict /Metrics get
	begin
		chtab aload pop
		1 1 entries {pop def} for
		newfont newdict definefont pop
	end
} bind def

%
% A few arrays used to adjust reference points and character widths in some
% of the printer resident fonts. If square roots are too high try changing
% the lines describing /radical and /radicalex to,
%
%	/radical	[0 -75 550 0]
%	/radicalex	[-50 -75 500 0]
%

/Sdefs [
	/bracketlefttp		[220 500]
	/bracketleftbt		[220 500]
	/bracketrighttp		[-70 380]
	/bracketrightbt		[-70 380]
	/braceleftbt		[220 490]
	/bracketrightex		[220 -125 500 0]
	/radical		[0 0 550 0]
	/radicalex		[-50 0 500 0]
	/parenleftex		[-20 -170 0 0]
	/integral		[100 -50 500 0]
	/infinity		[10 -75 730 0]
] def

/S1defs [
	/underscore		[0 80 500 0]
	/endash			[7 90 650 0]
] def
%%EndProlog
%%BeginSetup
mark
/resolution 720 def
setup
2 setdecoding
%%EndSetup
%%Page: 1 1
save
mark
1 pagesetup
14 B f
(Pseudo-Network Drivers and Virtual Networks)4 2865 1 1447 940 t
12 I f
(S.M. Bellovin)1 661 1 2512 1180 t
15 I f
(*)3173 1180 w
12 I f
(smb)2364 1340 w
12 S1 f
(@)2557 1340 w
12 I f
(ulysses.att.com)2667 1340 w
12 R f
(AT&T Bell Laboratories)2 1214 1 2273 1580 t
(Murray Hill, New Jersey 07974)4 1563 1 2098 1740 t
11 I f
(ABSTRACT)2619 2030 w
11 R f
(Many operating systems have long had)5 1799 1 1270 2355 t
11 I f
(pseudo-teletypes)3113 2355 w
11 R f
(, inter-process)1 638 1 3852 2355 t
(communication channels that provide terminal semantics on one end,)8 3220 1 1270 2485 t
( describe an analogous)3 1059( We)1 236( server program on the other.)5 1379(and a smart)2 546 4 1270 2615 t
(concept,)1270 2745 w
11 I f
(pseudo-network)1682 2745 w
11 R f
( the driver appears to be)5 1132( end of)2 337(drivers. One)1 594 3 2427 2745 t
( and semantics;)2 736(a real network device, with the appropriate interface)7 2484 2 1270 2875 t
( to a program, however, rather than to a physical)9 2222(data written to it goes)4 998 2 1270 3005 t
( this and some auxiliary mechanisms, we present a)8 2474(medium. Using)1 746 2 1270 3135 t
( system test, network monitoring,)4 1640(variety of applications, including)3 1580 2 1270 3265 t
( and subvert network)3 1068(dial-up TCP/IP, and ways to both improve)6 2152 2 1270 3395 t
( notably, we show how pseudo-network devices can be)8 2538(security. Most)1 682 2 1270 3525 t
(used to create)2 788 1 1270 3655 t
11 I f
(virtual networks)1 813 1 2179 3655 t
11 R f
(and to provide encrypted)3 1376 1 3114 3655 t
( describe two implementations, one)4 1713( We)1 253(communications capability.)1 1254 3 1270 3785 t
( systems, and one using)4 1148(using a conventional driver for socket-based)5 2072 2 1270 3915 t
(stream pipes for System V.)4 1227 1 1270 4045 t
10 B f
(1. INTRODUCTION)1 941 1 720 4335 t
11 R f
(Many operating systems have long had)5 1774 1 720 4530 t
11 I f
(pseudo-teletypes,)2533 4530 w
11 R f
(inter-process communication channels)2 1710 1 3330 4530 t
( the)1 179( In)1 172( semantics on one end, and a smart server program on the other.)12 3011(that provide terminal)2 958 4 720 4660 t
(same vein, we have implemented a)5 1607 1 720 4790 t
11 I f
(pseudo-network)2369 4790 w
11 R f
( in particular to)3 720( the kernel, and)3 719(driver. To)1 489 3 3112 4790 t
( over a wire, the output packets are)7 1599(IP, it appears to be a device; instead of transmitting the bits)11 2721 2 720 4920 t
( the program are delivered to the network)7 2008( packets written by)3 911( Similarly,)1 529(sent to a program.)3 872 4 720 5050 t
( general \257ow of control)4 1071( The)1 244(input handlers, exactly as if they were received over a real device.)11 3005 3 720 5180 t
(is shown in Figure 1.)4 961 1 720 5310 t
(IP \(or another network protocol\) hands packets to the bottom half of)11 3099 1 720 5505 t
11 CW f
(Pnet)3886 5505 w
11 R f
( top half of the)4 688(; the)1 202 2 4150 5505 t
( Similarly,)1 514( other servers.)2 640(driver passes them to a server program, which can communicate with)10 3166 3 720 5635 t
(the server can generate packets and pass them to the driver; these are in turn sent to IP.)17 3948 1 720 5765 t
( such as)2 374( socket-based systems,)2 1022( For)1 229(There are two general implementation techniques available.)6 2695 4 720 5960 t
( driver; a detailed)3 903(SunOS and 4.3bsd, we have implemented a standard network device)9 3417 2 720 6090 t
( For)1 248(description of the driver is given below.)6 1936 2 720 6220 t
11 I f
(stream)2963 6220 w
9 R f
([Ritc84])3271 6184 w
11 R f
(implementations of TCP/IP, a)3 1410 1 3630 6220 t
( possibly with no kernel changes whatsoever; again, details are)9 2872(simple stream pipe may suf\256ce,)4 1448 2 720 6350 t
(given below.)1 576 1 720 6480 t
9 S1 f
(________________)720 6799 w
9 R f
( Steven M. Bellovin, Room 3C-536B, AT&T Bell Laboratories, 600 Mountain Avenue,)11 3509( address:)1 348(* Author's)1 463 3 720 6929 t
(Murray Hill, New Jersey 07974.)4 1196 1 863 7029 t
cleartomark
showpage
restore
%%EndPage: 1 1
%%Page: 2 2
save
mark
2 pagesetup
cleartomark restore
%%BeginGlobal
%
% Version 3.1 drawing procedures for dpost. Automatically pulled in, but only
% when needed.
%

/inpath false def
/savematrix matrix currentmatrix def

/Dl {
	inpath
		{pop pop neg lineto}
		{newpath neg moveto neg lineto stroke}
	ifelse
} bind def

/De {
	/y1 exch 2 div def
	/x1 exch 2 div def
	neg exch x1 add exch translate
	x1 y1 scale
	0 0 1 0 360
	inpath
		{1 0 moveto arc savematrix setmatrix}
		{newpath arc savematrix setmatrix stroke}
	ifelse
} bind def

/Da {
	/dy2 exch def
	/dx2 exch def
	/dy1 exch def
	/dx1 exch def
	dy1 add neg exch dx1 add exch
	dx1 dx1 mul dy1 dy1 mul add sqrt
	dy1 dx1 neg atan
	dy2 neg dx2 atan
	inpath
		{arc}
		{newpath arc stroke}
	ifelse
} bind def

/DA {
	/dy2 exch def
	/dx2 exch def
	/dy1 exch def
	/dx1 exch def
	dy1 add neg exch dx1 add exch
	dx1 dx1 mul dy1 dy1 mul add sqrt
	dy1 dx1 neg atan
	dy2 neg dx2 atan
	inpath
		{arcn}
		{newpath arcn stroke}
	ifelse
} bind def

/Ds {
	/y2 exch def
	/x2 exch def
	/y1 exch def
	/x1 exch def
	/y0 exch def
	/x0 exch def
	x0 5 x1 mul add 6 div
	y0 5 y1 mul add -6 div
	x2 5 x1 mul add 6 div
	y2 5 y1 mul add -6 div
	x1 x2 add 2 div
	y1 y2 add -2 div
	inpath
		{curveto}
		{newpath x0 x1 add 2 div y0 y1 add -2 div moveto curveto stroke}
	ifelse
} bind def
%%EndGlobal
save mark
11 R f
3015 1066 3015 1426 Dl
3555 1066 3015 1066 Dl
3555 1426 3555 1066 Dl
3015 1426 3555 1426 Dl
(Server)3143 1268 w
3285 1426 3303 1498 Dl
3285 1426 3267 1498 Dl
3285 1786 3285 1426 Dl
3285 1786 3267 1714 Dl
3285 1786 3303 1714 Dl
11 CW f
(Pnet)3153 1923 w
11 R f
(\(driver\))3119 2053 w
11 CW f
(Pnet)3153 2283 w
11 R f
(\(network\))3070 2413 w
1395 1786 1395 2146 Dl
1935 1786 1395 1786 Dl
1935 2146 1935 1786 Dl
1395 2146 1935 2146 Dl
(IP)1616 1988 w
1935 1966 2009 1971 Dl
1935 1966 1997 2005 Dl
3015 2326 1935 1966 Dl
3014 2325 2940 2320 Dl
3014 2325 2952 2286 Dl
8 R f
(. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .)90 3260 1 1114 1609 t
11 R f
(User)3992 1563 w
(Kernel)3947 1693 w
3555 1246 3627 1228 Dl
3555 1246 3627 1264 Dl
4095 1246 3555 1246 Dl
4095 1246 4023 1264 Dl
4095 1246 4023 1228 Dl
(other)4253 1203 w
(servers)4211 1333 w
3015 1786 3015 2506 Dl
3555 1786 3015 1786 Dl
3555 2506 3555 1786 Dl
3015 2506 3555 2506 Dl
3051 2146 3015 2146 Dl
3123 2146 3087 2146 Dl
3195 2146 3159 2146 Dl
3267 2146 3231 2146 Dl
3339 2146 3303 2146 Dl
3411 2146 3375 2146 Dl
3483 2146 3447 2146 Dl
3555 2146 3519 2146 Dl
11 B f
(Figure 1.)1 430 1 1997 3068 t
11 R f
(The Pseudo-Network Driver)2 1264 1 2499 3068 t
(Although the primary focus of the driver is TCP/IP,)8 2558 1 720 3653 t
9 R f
([Fein85, Come88])1 695 1 3278 3617 t
11 R f
(the socket version is)3 1003 1 4037 3653 t
( It)1 140(actually quite general; it can handle any address families supported by the rest of the kernel.)15 4180 2 720 3783 t
( run on 4.2bsd,)3 755(has been tested on SunOS 4.0.1 and 4.0.3; with minor changes, it should)12 3565 2 720 3913 t
(4.3bsd, and other related operating systems.)5 1970 1 720 4043 t
10 B f
( TECHNIQUES AND ISOLATED INTERFACES)4 2179(2. RE-INJECTION)1 869 2 720 4303 t
11 R f
( for)1 184(A number of uses)3 862 2 720 4498 t
11 CW f
(Pnet)1853 4498 w
11 R f
(involve)2174 4498 w
11 I f
(re-injecting)2561 4498 w
11 R f
(a transformed packet into the kernel for)6 1910 1 3130 4498 t
( packet could be encrypted, repackaged with a new IP)9 2588( example, the)2 641( For)1 243(further processing.)1 848 4 720 4628 t
( discussing)1 508( Before)1 382( number indicating encryption, and sent on its way.)8 2424(header and a protocol)3 1006 4 720 4758 t
11 CW f
(Pnet)720 4888 w
11 R f
( re-injection; it is not trivial to)6 1456(proper, it is worth examining possible mechanisms for)7 2550 2 1034 4888 t
(implement, but is quite necessary.)4 1530 1 720 5018 t
(The \256rst, and most obvious way, is to build a new packet, and simply)13 3406 1 720 5213 t
11 CW f
(write)4181 5213 w
11 R f
( the)1 190(\(\) it to)2 330 2 4520 5213 t
11 CW f
(Pnet)720 5343 w
11 R f
( destination.)1 568(device, under the assumption that IP will then forward it to the proper)12 3430 2 1042 5343 t
(However, many IP modules will)4 1523 1 720 5473 t
11 I f
(not)2295 5473 w
11 R f
(forward packets, either for security reasons or because)7 2552 1 2488 5473 t
(forwarding packets is the business of gateways, not hosts.)8 2605 1 720 5603 t
9 R f
([Brad89])3325 5567 w
11 R f
( a raw IP socket, and use it to)8 1373(For socket-based implementations, a second approach is to create)8 2947 2 720 5798 t
( for transmitting the)3 974( while that mechanism is suitable)5 1630( Unfortunately,)1 740(re-inject the packets.)2 976 4 720 5928 t
( packets \320 received by a user-level)6 1792( Decrypted)1 557( decryption.)1 563(encrypted packets, it fails on)4 1408 4 720 6058 t
( protocol number \320 should carry the IP source address of the original)12 3208(process bound to that IP)4 1112 2 720 6188 t
( socket interface insists that packets carry authentic local source addresses.)10 3471(sender; the raw IP)3 849 2 720 6318 t
( solution can be obtained)4 1140(While it may be possible to kludge around this requirement, a cleaner)11 3180 2 720 6448 t
( a new raw protocol in the Internet address family; this protocol would permit)13 3560(by implementing)1 760 2 720 6578 t
(speci\256cation of an arbitrary IP header.)5 1721 1 720 6708 t
8 R f
(1)2441 6664 w
cleartomark
showpage
restore
%%EndPage: 2 2
%%Page: 3 3
save
mark
3 pagesetup
11 R f
( than create a separate)4 1097( Rather)1 389( a variant of this mechanism.)5 1436(We have opted to implement)4 1398 4 720 850 t
( overloaded the address family \256eld used by)7 2092(interface solely for packet re-injection, we have)6 2228 2 720 980 t
11 CW f
(pnetwrite)720 1110 w
11 R f
( IP output routine, rather than)5 1367( noted, these packets are passed directly to the)8 2124(. As)1 226 3 1323 1110 t
( minimal checks are done,)4 1190( Only)1 294( interface must be used with great care.)7 1788( This)1 270(the input routine.)2 778 5 720 1240 t
( standard packet input)3 1111( attempt is made to provide)5 1437( No)1 245(to guard against kernel panics.)4 1527 4 720 1370 t
( or option)2 545(processing, such as checksum validation, time-to-live counter decrementing,)7 3775 2 720 1500 t
( it)1 100( If)1 146( for this host.)3 613( seriously, the packet is not checked to see if it is destined)12 2654(processing. More)1 807 5 720 1630 t
( if)1 141( course,)1 351( Of)1 189( to IP's input routine.)4 981(is, when the real driver receives the packet, it must pass it)11 2658 5 720 1760 t
(the packet was destined for)4 1294 1 720 1890 t
11 CW f
(Pnet)2097 1890 w
11 R f
( be delivered again to the server,)6 1585('s local address, it will)4 1094 2 2361 1890 t
(possibly causing a loop.)3 1083 1 720 2020 t
11 CW f
(Pnet)1905 2020 w
11 R f
(broadcast packets are a particularly nasty case of this.)8 2418 1 2205 2020 t
( only path into IP is the)6 1139( The)1 252( harder for stream implementations.)4 1643(Implementing re-injection is)2 1286 4 720 2215 t
( sort)1 204( Some)1 326( IP expects to \256ll in the source address, etc.)9 2003(transport protocols' interface; for these,)4 1787 4 720 2345 t
(of raw channel is needed; this might require changes to IP.)10 2659 1 720 2475 t
( is to implement)3 802(An alternative to packet re-injection)4 1696 2 720 2670 t
11 I f
(interface isolation)1 834 1 3275 2670 t
11 R f
( an interface is)3 729(. If)1 193 2 4118 2670 t
(marked as)1 472 1 720 2800 t
11 I f
(isolated)1245 2800 w
11 R f
(\(presumably via)1 735 1 1647 2800 t
11 CW f
(ifconfig)2435 2800 w
11 R f
( Thus,)1 336( not forwarded.)2 721(\), packets from it are)4 1011 3 2972 2800 t
(packets arriving via the)3 1051 1 720 2930 t
11 CW f
(Pnet)1838 2930 w
11 R f
(driver could be forwarded, while packets arriving on an external)9 2901 1 2139 2930 t
( A)1 162( interfaces also.)2 723( source routing would be disabled for isolated)7 2152( Obviously,)1 571(link would not.)2 712 5 720 3060 t
( of interface isolation, possibly controlled by a different bit, is to accept packets)13 3801(\256nal aspect)1 519 2 720 3190 t
( interface if and only if they are destined for the machine's IP address on)14 3307(arriving on an isolated)3 1013 2 720 3320 t
( an alternate address)3 999( is, we do not permit the implicit forwarding to)9 2384( That)1 300(that interface.)1 637 4 720 3450 t
(associated with another network interface on the gateway.)7 2602 1 720 3580 t
8 R f
(2)3322 3536 w
11 R f
( insuf\256cient; one would need isolation groups that)7 2310(For some purposes, a simple isolation bit is)7 2010 2 720 3775 t
( one could escalate to full address)6 1956( Finally,)1 485(de\256ne allowable forwarding patterns.)3 1879 3 720 3905 t
(screening,)720 4035 w
9 R f
([Mogu89])1167 3999 w
11 R f
(though if encryption is univerally performed that is probably not necessary.)10 3398 1 1568 4035 t
10 B f
(3. APPLICATIONS)1 897 1 720 4295 t
11 R f
(The)720 4490 w
11 CW f
(Pnet)956 4490 w
11 R f
( few are discussed)3 827( A)1 152( from the trivial to the complex.)6 1458(driver has many uses, ranging)4 1347 4 1256 4490 t
( have implemented some of these, and plan to implement others.)10 2916(below. We)1 519 2 720 4620 t
10 B f
( Test)1 216(3.1 System)1 496 2 720 4815 t
11 R f
( use sophisticated)2 796( usual approach is to)4 940( The)1 243(It is often dif\256cult to test protocol implementations.)7 2341 4 720 5010 t
( are)1 168( techniques, though,)2 905( Such)1 293(network monitors to observe the traf\256c and to create test packets.)10 2954 4 720 5140 t
( often uncertain \320 fast hosts can easily overrun some network monitors.)11 3655(expensive and)1 665 2 720 5270 t
11 CW f
(Pnet)720 5400 w
11 R f
(, though, makes life much easier \320 a host program can catch or generate all test packets.)16 4035 1 984 5400 t
( features are more dif\256cult)4 1227(Care must be taken when emulating a protocol in a program; some)11 3093 2 720 5595 t
( development of)2 756( During)1 396(to emulate than others.)3 1065 3 720 5725 t
11 CW f
(Pnet)3016 5725 w
11 R f
( ran into trouble with fragmented)5 1556(, we)1 204 2 3280 5725 t
(ICMP)720 5855 w
11 CW f
(ECHO)1069 5855 w
11 R f
( required receipt and reassembly of all)6 1993(packets; generating proper replies)3 1635 2 1412 5855 t
9 S1 f
(________________)720 6055 w
9 R f
( this)1 162( First,)1 250( that allowing a host process to impersonate an IP address is a security risk.)14 2846( people may object)3 714(1. Some)1 348 5 720 6185 t
(facility is only available to)4 1006 1 863 6285 t
9 CW f
(root)1903 6285 w
9 R f
( the very)2 340( Second,)1 353( spoof IP addresses.)3 753(; a rogue super-user has easier ways to)7 1468 4 2126 6285 t
(existence of)1 453 1 863 6385 t
9 CW f
(Pnet)1383 6385 w
9 R f
( as shown elsewhere,)3 822( Finally,)1 351(allows injection of packets with arbitrary addresses.)6 1991 3 1642 6385 t
7 R f
([Bell89])4806 6357 w
9 R f
(using an IP address for authorization is very unsafe in any event.)11 2413 1 863 6485 t
( have a global)3 543( packets can)2 469( ICMP)1 287( does not necessarily provide enough security for the gateway machine.)10 2718(2. This)1 303 5 720 6615 t
(effect, regardless of the destination address used.)6 1811 1 863 6715 t
cleartomark
showpage
restore
%%EndPage: 3 3
%%Page: 4 4
save
mark
4 pagesetup
11 R f
(fragments.)720 850 w
10 B f
(3.2 Netspy)1 485 1 720 1045 t
11 R f
(The)720 1240 w
11 CW f
(Pnet)958 1240 w
11 R f
( to)1 125( routing entry can be constructed)5 1492( A)1 153(driver can be used to monitor conversations.)6 2010 4 1260 1240 t
( to the)2 294(direct traf\256c for a particular destination)5 1777 2 720 1370 t
11 CW f
(Pnet)2858 1370 w
11 R f
( examination, the packet can)4 1289(driver. After)1 592 2 3159 1370 t
(be re-injected, adding IP Loose Source routing to carry the packet to the next hop.)14 3719 1 720 1500 t
(The potential for abuse of this capability is, of course, obvious.)10 2858 1 720 1695 t
10 B f
( Relays)1 316(3.3 Non-IP)1 502 2 720 1890 t
11 R f
( IP packets over media for which IP drivers do)9 2209(In some environments, it is necessary to send)7 2111 2 720 2085 t
( mechanism for accomplishing this; a program can retrieve)8 2746( provides a simple)3 867( Pnet)1 281(not exist.)1 426 4 720 2215 t
(the IP packets via the)4 1020 1 720 2345 t
11 CW f
(Pnet)1819 2345 w
11 R f
(driver, encapsulate them for some other protocol, and transmit)8 2908 1 2132 2345 t
(them to the far end.)4 890 1 720 2475 t
( where one side implements an IP driver directly.)8 2292(This can be also be done in some situations)8 2028 2 720 2670 t
(For example, some implementations of Datakit)5 2182 1 720 2800 t
9 S f
(\322)2902 2745 w
11 R f
( contain an IP interface, while)5 1422(VCS support)1 595 2 3023 2800 t
( latter can use)3 648( The)1 248(others do not.)2 631 3 720 2930 t
11 CW f
(Pnet)2319 2930 w
11 R f
( packets to and from IP; at the far end of)10 1926(to transmit)1 489 2 2625 2930 t
(the Datakit VCS circuit, IP can handle them directly.)8 2392 1 720 3060 t
10 B f
( SLIP)1 256(3.4 Replacing)1 619 2 720 3255 t
11 R f
(The conventional mechanism for sending IP packets over tty lines \320 SLIP, or Serial Line)14 4320 1 720 3450 t
(IP)720 3580 w
9 R f
([Romk88])818 3544 w
11 R f
( is used for framing, which)5 1235( line discipline)2 671( A)1 154(\320 requires oddball code in the kernel.)6 1753 4 1227 3580 t
( dummy process to linger to)5 1348(is reasonable enough; however, some implementations require a)7 2972 2 720 3710 t
( the normal close operations from taking)6 1921(keep the line open, or some mechanism to prevent)8 2399 2 720 3840 t
( has been done.)3 704( dial-up SLIP operation is awkward, though it)7 2074(place. Furthermore,)1 906 3 720 3970 t
9 R f
([Lanz89])4404 3934 w
11 R f
(All of)1 269 1 4771 3970 t
(that can be bypassed using)4 1256 1 720 4100 t
11 CW f
(Pnet)2054 4100 w
11 R f
( single process can handle packets for all of the SLIP)10 2531(. A)1 191 2 2318 4100 t
( a line)2 315( be sure,)2 413( To)1 208(destinations; it can make calls as needed, transmit and receive data, etc.)11 3384 4 720 4230 t
( in any event, to buffer the incoming characters and avoid the need to)13 3174(discipline may be needed)3 1146 2 720 4360 t
(wake up the SLIP daemon each time, but much of the complexity could be eliminated.)14 3919 1 720 4490 t
(A)720 4685 w
11 CW f
(Pnet)873 4685 w
11 R f
( all of the SLIP destinations would share the)8 2087(implementation has the side-effect that)4 1772 2 1181 4685 t
( good idea \320 using an entire network for each)9 2202( is probably a)3 653( This)1 279(same IP network number.)3 1186 4 720 4815 t
( wasteful, though presumably one could subnet a class C network and use)12 3384(point-to-point link is)2 936 2 720 4945 t
(it for 64 SLIP links)4 953 1 720 5075 t
8 R f
(3)1673 5031 w
11 R f
( requires good routing protocols to handle the point-to-point)8 2855(\320 but it)2 419 2 1766 5075 t
( able to reach every)4 937( IP model normally requires that an interface driver be)9 2576(connections. The)1 807 3 720 5205 t
(connected host directly; this is often not the case with SLIP.)10 2725 1 720 5335 t
10 B f
( Security Controls)2 793(3.5 Bypassing)1 626 2 720 5530 t
11 R f
(The)720 5725 w
11 CW f
(Pnet)959 5725 w
11 R f
( controls.)1 422(driver can also be used to implement a bypass for some common security)12 3356 2 1262 5725 t
( only electronic mail)3 973(Assume, for example, a paranoid gateway that was con\256gured to allow)10 3347 2 720 5855 t
( packets with a source or destination port of 25,)9 2188(traf\256c; this would be con\256gured to accept TCP)7 2132 2 720 5985 t
( all others.)2 498(and to reject)2 580 2 720 6115 t
9 R f
([Mogu89])1798 6079 w
11 R f
(Two co-operating parties could set up a TCP circuit between)9 2831 1 2209 6115 t
11 CW f
(Pnet)720 6245 w
11 R f
( suitable routing information)3 1320( Assuming)1 530( end to port 25.)4 747(servers, and simply assign one)4 1413 4 1030 6245 t
(were exchanged, each end would have access to the other's IP networks.)11 3270 1 720 6375 t
9 S1 f
(________________)720 6575 w
9 R f
( least 2 bits must be used for every subnet, as the host addresses 0 and -1 are still reserved.)19 3401(3. At)1 233 2 720 6705 t
cleartomark
showpage
restore
%%EndPage: 4 4
%%Page: 5 5
save
mark
5 pagesetup
11 R f
( parties who merely wished to leak information could do)9 2570(Obviously, in this sort of situation two)6 1750 2 720 850 t
( point is that)3 607( The)1 253(so rather more simply.)3 1047 3 720 980 t
11 CW f
(Pnet)2704 980 w
11 R f
( and is thus far more)5 991(allows IP-level access,)2 1034 2 3015 980 t
(damaging.)720 1110 w
10 B f
( Reliable Datagrams)2 887(3.6 More)1 423 2 720 1305 t
11 R f
( many)1 292( Too)1 261( current congested Internet environment, datagram services are hard to use.)10 3495(In the)1 272 4 720 1500 t
( delayed, leading to excessive retries and/or congestion.)7 2652(packets are dropped or)3 1084 2 720 1630 t
9 R f
([Nowi89])4456 1594 w
11 R f
(If a)1 177 1 4863 1630 t
(TCP-based relay process is used with)5 1730 1 720 1760 t
11 CW f
(Pnet)2525 1760 w
11 R f
( off,)1 201(, application-level retry timers can be turned)6 2050 2 2789 1760 t
( TCP performance improvements.)3 1525(and advantage can be taken of recent)6 1683 2 720 1890 t
9 R f
([Karn87, Jaco88])1 635 1 3928 1854 t
11 R f
(Similarly,)4601 1890 w
( when using)2 582(if the underlying network is prone to data corruption, this mechanism is useful)12 3738 2 720 2020 t
(systems that turn off UDP checksumming.)5 1911 1 720 2150 t
( application-level retry timers are still)5 1772(If this strategy is adopted, great care must be taken if)10 2548 2 720 2345 t
( segments can be delayed or lost as easily as UDP packets; however, since TCP will)15 3815(used. TCP)1 505 2 720 2475 t
( its own, it is highly undesirable for the application to do so as well.)14 3688(retransmit on)1 632 2 720 2605 t
( will not provide better)4 1077(Application-level retransmissions will simply generate extra load; they)7 3243 2 720 2735 t
(service.)720 2865 w
10 B f
( NETWORKS)1 623(4. VIRTUAL)1 602 2 720 3125 t
11 R f
( that operate properly only)4 1273(There are a number of protocols, typically broadcast-based ones,)8 3047 2 720 3320 t
( that wish to run such a protocol are geographically)9 2327( the machines)2 622( If)1 145(within a single IP network.)4 1226 4 720 3450 t
( Using)1 341(dispersed, it may not be feasible to connect them to the same net.)12 3034 2 720 3580 t
11 CW f
(Pnet)4168 3580 w
11 R f
(, though, this)2 608 1 4432 3580 t
( declare the interface to be a broadcast)7 1793( server could)2 600( a)1 129(can be accomplished reasonably easily:)4 1798 4 720 3710 t
( example of)2 548( is an)2 261( This)1 274(network, and transmit broadcast packets to all appropriate destinations.)8 3237 4 720 3840 t
(a)720 3970 w
11 I f
(virtual network)1 690 1 810 3970 t
11 R f
( obvious ef\256ciency loss in broadcast virtual networks, the)8 2636( there is an)3 521(. While)1 374 3 1509 3970 t
(gain in functionality may make it worthwhile for some applications.)9 3067 1 720 4100 t
( consider the case of a large)6 1499( example,)1 473( For)1 263(Virtual networks have other uses as well.)6 2085 4 720 4295 t
( may)1 229( It)1 143( and a single gateway to the Internet.)7 1701(corporation with many internal TCP/IP networks,)5 2247 4 720 4425 t
( Internet through the gateway;)4 1427(be desirable to allow a very few selected hosts access to the)11 2893 2 720 4555 t
( selected hosts and the gateway)5 1520( The)1 263( reasons.)1 413(most, though, would be blocked for security)6 2124 4 720 4685 t
(could form a virtual network; only its address would be advertised to the outside world.)14 3965 1 720 4815 t
( phrase this is that virtual networks allow for routing and control)11 3191(A more general way to)4 1129 2 720 5010 t
( can be used to implement many different useful)8 2292( This)1 281(independent of the physical topology.)4 1747 3 720 5140 t
(schemes, including ``roamer hosts''.)3 1631 1 720 5270 t
( UDP is used, checksumming)4 1356( If)1 150( carried by TCP, UDP, or IP.)6 1360(Virtual network packets may be)4 1454 4 720 5465 t
( for that connection; it represents needless expense, as the encapsulated)10 3360(should be turned off)3 960 2 720 5595 t
(packet will undergo further validity checking when delivered to its ultimate destination.)11 3948 1 720 5725 t
10 B f
( Encrypted Virtual Network)3 1231(4.1 An)1 319 2 720 5920 t
11 R f
( interesting use of)3 869(Perhaps the most)2 806 2 720 6115 t
11 CW f
(Pnet)2481 6115 w
11 R f
(is to implement encryption, access control, and)6 2239 1 2801 6115 t
( description of just such a)5 1183( shall spend some time on a detailed)7 1677( We)1 227(authentication mechanisms.)1 1233 4 720 6245 t
( ours is loosely modeled on the)6 1431( Since)1 318(system; it is currently under development.)5 1902 3 720 6375 t
11 I f
(Blacker Front)1 630 1 4410 6375 t
(End)720 6505 w
9 R f
([BFE, Mund87])1 590 1 897 6469 t
11 R f
(but is much less secure, we dub it)7 1578 1 1529 6505 t
11 I f
(Greyer)3149 6505 w
11 R f
( are two principal uses for)5 1213(. There)1 360 2 3467 6505 t
11 CW f
(Greyer)720 6635 w
11 R f
( end-to-end encryption between a pair of hosts communicating over an)10 3374(: providing)1 550 2 1116 6635 t
( encryption between a pair of gateways, each of)8 2203(insecure network, and providing network-level)4 2117 2 720 6765 t
( will consider each design in turn.)6 1536( We)1 223(which is protecting a group of naive hosts.)7 1926 3 720 6895 t
cleartomark
showpage
restore
%%EndPage: 5 5
%%Page: 6 6
save
mark
6 pagesetup
11 R f
( a virtual network, as)4 1105( Create)1 394( simple.)1 395(At \256rst blush, providing end-to-end encryption is)6 2426 4 720 850 t
( host wishes to make a secure call to a destination, it uses the)13 3087( a)1 108( When)1 357(described above.)1 768 4 720 980 t
( of the packets are thus delivered to)7 1670( All)1 221( on the virtual network.)4 1094(destination network's address)2 1335 4 720 1110 t
(the)720 1240 w
11 CW f
(Pnet)920 1240 w
11 R f
( servers have addresses on)4 1188( These)1 333(server, which encrypts them and sends them along.)7 2299 3 1220 1240 t
( server receives the packet, decrypts it, and)7 2095( destination)1 540( The)1 263(the insecure physical network.)3 1422 4 720 1370 t
(writes it on the)3 700 1 720 1500 t
11 CW f
(Pnet)1492 1500 w
11 R f
( the local)2 429(device; in the kernel, the packet is recognized as destined for)10 2813 2 1798 1500 t
(host, and is delivered to the application in the usual fashion.)10 2722 1 720 1630 t
( implied authentication it)3 1165( of the bene\256ts of encryption is the)7 1664( One)1 265(There is a catch, however.)4 1226 4 720 1825 t
( which believe they are conversing over the secure virtual net may quite)12 3278(provides. Applications)1 1042 2 720 1955 t
( net destination)2 733( packets with a virtual)4 1087( Unfortunately,)1 736(reasonably extend much greater trust.)4 1764 4 720 2085 t
( network interface; these packets have not)6 1923(address may be delivered to a host over its physical)9 2397 2 720 2215 t
( will nevertheless be accepted.)4 1369( They)1 297(been validated in any way.)4 1206 3 720 2345 t
( that we must)3 636( Note)1 292( described earlier.)2 811(The easiest solution is the interface isolation mechanism)7 2581 4 720 2540 t
( is, we will accept packets over the)7 1720( That)1 292( physical network, not the virtual one.)6 1831(isolate the)1 477 4 720 2670 t
( not wish to accept packets for the presumed-secure)8 2410(virtual interface for either address; we do)6 1910 2 720 2800 t
( the host has more than one physical address, this)9 2386( If)1 160(virtual address over the physical link.)5 1774 3 720 2930 t
(solution is too simplistic; it may be necessary to use isolation groups.)11 3145 1 720 3060 t
( forged packets to the)4 1005( all, even though)3 776( After)1 308(Some may object that this is not a real problem.)9 2231 4 720 3255 t
( may be sent via the physical network, replies will be sent via the virtual)14 3531(protected address)1 789 2 720 3385 t
( there are ways to attack hosts that rely)8 1844( Unfortunately,)1 723(network, and hence will be encrypted.)5 1753 3 720 3515 t
( heard.)1 309(on IP addresses for authentication, even if responses are not)9 2736 2 720 3645 t
9 R f
([Bell89, Morr85])1 631 1 3765 3609 t
11 R f
(More simply,)1 605 1 4435 3645 t
( target host to reply via the same insecure)8 1937(IP source routing could be used, thereby forcing the)8 2383 2 720 3775 t
(path.)720 3905 w
10 B f
(Gateways and)1 611 1 720 4100 t
10 CW f
(Greyer)1391 4100 w
11 R f
(Gateways using)1 727 1 720 4230 t
11 CW f
(Greyer)1534 4230 w
11 R f
( inbound traf\256c, the)3 955( For)1 246(may require interface isolation as well.)5 1852 3 1987 4230 t
( the)1 174( If)1 149( do not wish unauthorized packets to enter the protected subnet.)10 2929( we)1 204(rationale is simple:)2 864 5 720 4360 t
( target)1 287(interface were not isolated, an enemy could simply use the physical network address of a)14 4033 2 720 4490 t
(host.)720 4620 w
( for example,)2 640( a classi\256ed environment,)3 1208( In)1 183(Outbound traf\256c may need to be restricted also.)7 2289 4 720 4815 t
( It)1 145( data transmission mode; that is up to the administrator.)9 2575(individual users may not select the)5 1600 3 720 4945 t
( against internal traf\256c being routed directly to the external interface.)10 3147(is thus necessary to guard)4 1173 2 720 5075 t
( we would have no way to)6 1226(On the other hand, we cannot simply turn off packet-forwarding, or)10 3094 2 720 5205 t
(deliver outbound packets to the)4 1412 1 720 5335 t
11 CW f
(Pnet)2198 5335 w
11 R f
(server.)2498 5335 w
( behind the)2 539( hosts)1 316(Our model, then is this:)4 1139 3 720 5530 t
11 CW f
(Greyer)2797 5530 w
11 R f
( packets to it to)4 778(gateway forward their)2 1016 2 3246 5530 t
( entries specify that the next hop is)7 1629( the gateway, routing table)4 1229( On)1 213(reach a remote secure host.)4 1249 4 720 5660 t
(on the virtual net; this forces the packets to be delivered to the)12 2952 1 720 5790 t
11 CW f
(Pnet)3748 5790 w
11 R f
(server for encryption.)2 982 1 4058 5790 t
( over the insecure network to a)6 1491(The packets are encrypted and encapsulated, and transmitted)7 2829 2 720 5920 t
( may use re-injection;)3 985( We)1 225( them back to IP.)4 790( must then decrypt them and hand)6 1545( It)1 140(remote server.)1 635 6 720 6050 t
( the)1 172(if the host will permit packet-forwarding from)6 2098 2 720 6180 t
11 CW f
(Pnet)3058 6180 w
11 R f
(interface, a)1 495 1 3360 6180 t
11 CW f
(write)3893 6180 w
11 R f
(\(\) over the)2 476 1 4232 6180 t
11 CW f
(Pnet)4776 6180 w
11 R f
(device will serve.)2 787 1 720 6310 t
( key)1 204( the)1 215( also provides authorization:)3 1300( It)1 148(As noted, encryption provides implied authentication.)5 2453 5 720 6505 t
( issue a key for a conversation deemed)7 1963(distribution center may, at its option, decline to)7 2357 2 720 6635 t
( fact, the)2 457( In)1 193(administratively prohibited.)1 1261 3 720 6765 t
11 CW f
(Greyer)2727 6765 w
11 R f
( used for)2 462(mechanisms could simply be)3 1389 2 3189 6765 t
( at all, as in the)5 833(authorization without bothering with transmitting the encrypted text)7 3230 2 720 6895 t
11 I f
(Visa)4844 6895 w
11 R f
(protocols.)720 7025 w
9 R f
([Estr89])1157 6989 w
11 R f
(There are obvious risks of address forgery here, of course.)9 2626 1 1488 7025 t
cleartomark
showpage
restore
%%EndPage: 6 6
%%Page: 7 7
save
mark
7 pagesetup
10 B f
(Encapsulation for)1 773 1 720 850 t
10 CW f
(Greyer)1553 850 w
11 R f
(There are two issues to consider when deciding how to encapsulate)10 3261 1 720 980 t
11 CW f
(Greyer)4070 980 w
11 R f
(packets for)1 515 1 4525 980 t
( should session key information be distributed,)6 2197( how)1 276(transmission over the insecure network:)4 1847 3 720 1110 t
( two questions are related.)4 1182( The)1 242(and what transport mechanism should be used?)6 2123 3 720 1240 t
( assume that the)3 778(First, we)1 409 2 720 1435 t
11 CW f
(Greyer)1989 1435 w
11 R f
(server will not have keys for each possible destination;)8 2603 1 2437 1435 t
(rather, it will use something like Needham-Schroeder)6 2436 1 720 1565 t
9 R f
([Need78, Denn81, Need87])2 1021 1 3156 1529 t
11 R f
(or Kerberos)1 532 1 4218 1565 t
9 R f
([Stei88])4750 1529 w
11 R f
( this session key to the remote)6 1466( is therefore necessary to transmit)5 1588( It)1 153(to obtain a session key.)4 1113 4 720 1695 t
11 CW f
(Greyer)720 1825 w
11 R f
( transport mechanism, the solution is obvious: send the)8 2525( TCP is used as the)5 913(server. If)1 444 3 1158 1825 t
( a key expires, the connection may be torn down)9 2229( If)1 147( connection.)1 548(session key at the start of each)6 1396 4 720 1955 t
(and a new one constructed.)4 1223 1 720 2085 t
( or a new IP protocol type\),)6 1302(If, on the other hand, a datagram mechanism is used \(either UDP)11 3018 2 720 2280 t
( to send a special packet containing the key to)9 2162( possibility is)2 625( One)1 263(the problem is a bit harder.)5 1270 4 720 2410 t
(the remote)1 480 1 720 2540 t
11 CW f
(Greyer)1272 2540 w
11 R f
(server; depending on the reliability of the underlying network, it may be)11 3330 1 1710 2540 t
( More)1 311( packets that use the key.)5 1149(desirable to await an acknowledgement before transmitting any)7 2860 3 720 2670 t
(likely, we will use the SP3 protocol from SDNS.)8 2214 1 720 2800 t
9 R f
([SP3])2934 2764 w
11 R f
( preserves the stateless)3 1041( This)1 275( each packet.)2 598(A \256nal possibility is to include the encrypted key in)9 2406 4 720 2995 t
( exact choice depends heavily on)5 1502( The)1 245( bandwidth.)1 531(nature of IP gateways, at the obvious cost in)8 2042 4 720 3125 t
( the physical network; we will address this question further when)10 3324(the characteristics of)2 996 2 720 3255 t
11 CW f
(Greyer)720 3385 w
11 R f
(is implemented.)1 712 1 1152 3385 t
10 B f
( IMPLEMENTATION DETAILS AND ALTERNATIVES)4 2534(5. SOCKET)1 559 2 720 3645 t
11 R f
(The socket)1 507 1 720 3840 t
11 CW f
(Pnet)1314 3840 w
11 R f
( halves, a network driver and a character)7 1986(driver consists of two distinct)4 1419 2 1635 3840 t
( the usual entry points: attach, output, and ioctl for the network)11 2982( contains)1 414( Each)1 302(device driver.)1 622 4 720 3970 t
( describe each)2 641( We)1 226( read, write, ioctl, and select for the character driver.)9 2398(driver, and open, close,)3 1055 4 720 4100 t
(half in turn.)2 533 1 720 4230 t
(The network output routine \()4 1318 1 720 4425 t
11 CW f
(pnoutput)2038 4425 w
11 R f
( the)1 175( the character half of)4 953( If)1 148(\) is quite straight-forward.)3 1189 4 2575 4425 t
( are rejected with code)4 1023(driver is not open, packets)4 1193 2 720 4555 t
11 CW f
(ENETDOWN)2972 4555 w
11 R f
( the packet is queued)4 953(. Otherwise,)1 578 2 3509 4555 t
( header containing the destination address is prepended to the packet,)10 3131( A)1 152(for the server program.)3 1037 3 720 4685 t
(in the form of a single)5 1040 1 720 4815 t
11 CW f
(struct sockaddr)1 990 1 1801 4815 t
11 R f
( server program use this)4 1103( is important that the)4 965(. It)1 172 3 2800 4815 t
( header, rather than looking at the packet header; to do otherwise)11 3166(address to determine the)3 1154 2 720 4945 t
( the program's input queue is)5 1391( If)1 157( duplicate most of the functions of IP.)7 1811(would require that it)3 961 4 720 5075 t
( is discarded and)3 798(full, the packet)2 696 2 720 5205 t
11 CW f
(ENOBUFS)2263 5205 w
11 R f
( attempt is made to)4 923( No)1 219(is returned to the caller.)4 1124 3 2774 5205 t
(loop back packets destined for a local address; that is left to the server.)13 3210 1 720 5335 t
( decision:)1 443( perhaps incorrect,)2 846( One,)1 291(The rest of the network driver half is comparatively trivial.)9 2740 4 720 5530 t
(if the interface is turned off via)6 1413 1 720 5660 t
11 CW f
(SIOCSIFFLAGS)2169 5660 w
11 R f
(, the server program is sent an EOF message.)8 2048 1 2970 5660 t
( is a bit more complex.)5 1090(The character driver)2 915 2 720 5855 t
11 CW f
(Pnetread)2805 5855 w
11 R f
(blocks until data has been enqueued)5 1663 1 3377 5855 t
(by)720 5985 w
11 CW f
(pnoutput)884 5985 w
11 R f
(; if)1 152 1 1421 5985 t
11 CW f
(FASYNC)1627 5985 w
11 R f
( error code instead if the)5 1194(mode has been selected, it returns an)6 1769 2 2077 5985 t
(queue is empty.)2 710 1 720 6115 t
11 CW f
(Pnetwrite)720 6310 w
11 R f
( it cannot accept just a raw packet;)7 1585( First,)1 304(is more problematic for several reasons.)5 1800 3 1351 6310 t
( a)1 84( While)1 340( family information in order to route the packet to the proper protocol.)12 3183(it needs address)2 713 4 720 6440 t
(simple)720 6570 w
11 CW f
(short)1073 6570 w
11 R f
( requires a full)3 733(would suf\256ce, the current driver)4 1535 2 1462 6570 t
11 CW f
(struct sockaddr)1 990 1 3790 6570 t
11 R f
(; this)1 251 1 4789 6570 t
( The)1 246( input and output halves of the program.)7 1851(simpli\256es use of the same data structures for the)8 2223 3 720 6700 t
(other \256elds in this structure are currently unused, though that may change in the future.)14 3941 1 720 6830 t
cleartomark
showpage
restore
%%EndPage: 7 7
%%Page: 8 8
save
mark
8 pagesetup
11 R f
(A second complication is the need to)6 1703 1 720 850 t
11 I f
(re-inject)2464 850 w
11 R f
( If)1 150( above.)1 331(packets into the system, as described)5 1683 3 2876 850 t
(the high-order bit of the address family is on, the packet is passed to the)14 3316 1 720 980 t
11 I f
(output)4075 980 w
11 R f
( that)1 203(routine of)1 441 2 4396 980 t
( only)1 232( Currently,)1 521(protocol, rather than the input routine.)5 1717 3 720 1110 t
11 CW f
(AF_INET)3226 1110 w
11 R f
(is supported for this option.)4 1248 1 3724 1110 t
( is easy enough for)4 866( It)1 140(Finally, it is not obvious how to block if the protocol input queue is full.)14 3314 3 720 1305 t
( routine'' to awaken it when the)6 1535(the server process to sleep; however, there is no ``interrupt)9 2785 2 720 1435 t
( a timer routine is used to poll the queue status.)10 2158( Accordingly,)1 648(queue drains.)1 593 3 720 1565 t
11 CW f
(Pnetselect)720 1760 w
11 R f
( which protocol)2 708(has a similar problem; additionally, since it lacks information on)9 2916 2 1416 1760 t
( a heuristic, it)3 660( As)1 206(input queue is desired, it cannot assert de\256nitively that space is available.)11 3454 3 720 1890 t
(queries the status of the last queue to which a)9 2066 1 720 2020 t
11 CW f
(write)2822 2020 w
11 R f
(\(\) was attempted.)2 775 1 3161 2020 t
11 CW f
(Pnetioctl)720 2215 w
11 R f
(permits the server to set the)5 1292 1 1358 2215 t
11 CW f
(IFF_BROADCAST)2694 2215 w
11 R f
(and)3596 2215 w
11 CW f
(IFF_POINTOPOINT)3798 2215 w
11 R f
(\257ags)4832 2215 w
( intended use of the interface, it)6 1484(for the interface; since the driver has no way of knowing the)11 2836 2 720 2345 t
( the server can set and reset)6 1307( Additionally,)1 666( default choice.)2 707(cannot make a)2 665 4 720 2475 t
11 CW f
(IFF_UP)4110 2475 w
11 R f
(; while this)2 525 1 4515 2475 t
(\257ag can be set via)4 819 1 720 2605 t
11 CW f
(SIOCSIFFLAGS)1575 2605 w
11 R f
(, use of that)3 538 1 2376 2605 t
11 CW f
(ioctl)2950 2605 w
11 R f
(\(\) is restricted to)3 747 1 3289 2605 t
11 CW f
(root)4072 2605 w
11 R f
(.)4345 2605 w
( unit \(MTU\) allowed for)4 1130(It is also possible for the server to change the maximum transmission)11 3190 2 720 2800 t
( network medium is used to relay)6 1599( another)1 379( If)1 159(the interface.)1 594 4 720 2930 t
11 CW f
(Pnet)3531 2930 w
11 R f
(packets, the MTU for the)4 1195 1 3845 2930 t
11 CW f
(Pnet)720 3060 w
11 R f
(interface should be set to the MTU of the medium minus any required headers, to avoid)15 4018 1 1022 3060 t
(fragmentation.)720 3190 w
10 B f
(Rejected Alternatives)1 924 1 720 3385 t
11 R f
( with a)2 320(An alternative implementation technique would have been to replace the character driver)11 4000 2 720 3515 t
(new)720 3645 w
11 CW f
(socket)949 3645 w
11 R f
( would have allowed use of)5 1295( That)1 283(address family.)1 689 3 1391 3645 t
11 CW f
(sendto)3704 3645 w
11 R f
(\(\) and)1 276 1 4109 3645 t
11 CW f
(recvfrom)4431 3645 w
11 R f
(\(\))4968 3645 w
( Similarly,)1 515( the auxiliary address, rather than requiring a prepended header.)9 2906(system calls to pass)3 899 3 720 3775 t
(much of the existing code for)5 1406 1 720 3905 t
11 CW f
(socket)2177 3905 w
11 R f
(input/output could be used, rather than writing new)7 2416 1 2624 3905 t
( approach turned out to be infeasible for several reasons.)9 2552(routines. This)1 650 2 720 4035 t
( easier)1 293( some systems are distributed, it is much)7 1858( As)1 196(The \256rst is simply a question of packaging.)7 1973 4 720 4230 t
( no accessible table to)4 1040( is)1 122( There)1 338(to add new device drivers than to add new address families.)10 2820 4 720 4360 t
(con\256gure the)1 594 1 720 4490 t
11 CW f
(domain)1360 4490 w
11 R f
( new address family, nor are there vacant entries in the)10 2588(structure for a)2 650 2 1802 4490 t
( unwise.)1 383( some dormant entry could be reused, this seemed)8 2331( While)1 349(address family name space.)3 1257 4 720 4620 t
( binary system; there are several routines, and)7 2138(Nor is it possible to add additional entries to a)9 2182 2 720 4750 t
(one table, that ``know'' how many address families there are.)9 2769 1 720 4880 t
8 R f
(4)3489 4836 w
11 R f
( was useful to permit non-)5 1207( It)1 142( the permission structure.)3 1145(A second reason is)3 856 4 720 5075 t
11 CW f
(root)4070 5075 w
11 R f
(users to access)2 667 1 4373 5075 t
( easily accomplished via the \256le system's)6 2013(this facility, at least during testing; this is very)8 2307 2 720 5205 t
( the same for a)4 678( Doing)1 347(permission mechanisms.)1 1090 3 720 5335 t
11 CW f
(socket)2871 5335 w
11 R f
(family would have been awkward.)4 1546 1 3303 5335 t
( the)1 197(Finally, the device driver interface is much more standardized across releases than is)12 4123 2 720 5530 t
11 CW f
(socket)720 5660 w
11 R f
(interface, and much more documentation exists for it.)7 2409 1 1152 5660 t
( source code is not)4 930(It should be noted parenthetically that although modifying distributed)8 3279 2 720 5855 t
11 I f
(a)4985 5855 w
(priori)720 5985 w
11 R f
( code distributions are sometimes not as current)7 2175( Source)1 379( is often infeasible.)3 870(a bad idea, it)3 598 4 1018 5985 t
(as binary-only distributions, and not everyone is licensed to receive source code.)11 3630 1 720 6115 t
9 S1 f
(________________)720 6409 w
9 R f
( the SunOS 4.0 distribution does not have)7 1609( enough,)1 327(4. Amusingly)1 543 3 720 6539 t
9 CW f
(AF_MAX)3237 6539 w
9 R f
(set high enough for all of the address)7 1441 1 3599 6539 t
(families named in)2 660 1 863 6639 t
9 CW f
(socket.h)1553 6639 w
9 R f
(.)1992 6639 w
cleartomark
showpage
restore
%%EndPage: 8 8
%%Page: 9 9
save
mark
9 pagesetup
10 B f
( of Socket-Based)2 721(5.1 Performance)1 744 2 720 850 t
10 CW f
(Pnet)2245 850 w
11 R f
( copied to and from user level an extra)8 1817(Obviously, performance is a concern when packets are)7 2503 2 720 1045 t
( the performance of the socket implementation, we)7 2337( measure)1 408( To)1 202(time before being transmitted.)3 1373 4 720 1175 t
( modi\256ed version of)3 923(employed a)1 519 2 720 1305 t
11 CW f
(ping)2201 1305 w
11 R f
( version transmitted a new ICMP)5 1513(\(8\). This)1 426 2 2474 1305 t
11 CW f
(ECHO)4452 1305 w
11 R f
(packet)4755 1305 w
( printed the total)3 821(immediately upon receipt of the response to the previous packet; it also)11 3499 2 720 1435 t
( this technique, rather than measuring the)6 1972( Employing)1 580(elapsed time for the packet sequence.)5 1768 3 720 1565 t
( to avoid problems with the coarse granularity of the)9 2530(per-packet round-trip time, allowed us)4 1790 2 720 1695 t
( we measured)2 708( 3/75,)1 260( and a Sun)3 621( 3/60)1 232( Sun)1 253( the actual test, between a)5 1388( In)1 207(system clock.)1 651 8 720 1825 t
( measurement consisted)2 1085( Each)1 300( from 0 to 1300 bytes.)5 1064(performance at user-data lengths ranging)4 1871 4 720 1955 t
( for both the)3 604(of 100 ICMP packets; we repeated each test 100 times The goal was to acount)14 3716 2 720 2085 t
( mechanism, with)2 894( was used as the transport)5 1416( UDP)1 342(per-packet and per-byte overhead.)3 1668 4 720 2215 t
( Note)1 302( times.)1 320( test was repeated several)4 1209( Each)1 306(checksumming turned off \(the SunOS default\).)5 2183 5 720 2345 t
( sending the)2 558( when)1 314( byte:)1 261(that the timing represents four copy operations on each)8 2528 4 720 2475 t
11 CW f
(ECHO)4422 2475 w
11 R f
(packet,)4727 2475 w
( and when it is)4 731(when it is received on the target machine, when the response packet is sent,)13 3589 2 720 2605 t
(received.)720 2735 w
4307 4645 2147 4645 Dl
2147 3205 2147 4645 Dl
(Packet Size)1 517 1 2969 4968 t
(per-packet)1366 3882 w
(time \(ms.\))1 461 1 1366 4012 t
2075 4515 2147 4515 Dl
(0)1984 4537 w
2075 4296 2147 4296 Dl
(.5)1956 4318 w
2075 4078 2147 4078 Dl
(1)1984 4100 w
2075 3860 2147 3860 Dl
(1.5)1901 3882 w
2075 3642 2147 3642 Dl
(2)1984 3664 w
2075 3423 2147 3423 Dl
(2.5)1901 3445 w
2075 3205 2147 3205 Dl
(3)1984 3227 w
2219 4717 2219 4645 Dl
(0)2192 4829 w
2507 4717 2507 4645 Dl
(200)2425 4829 w
2795 4717 2795 4645 Dl
(400)2713 4829 w
3083 4717 3083 4645 Dl
(600)3001 4829 w
3371 4717 3371 4645 Dl
(800)3289 4829 w
3659 4717 3659 4645 Dl
(1000)3549 4829 w
3947 4717 3947 4645 Dl
(1200)3837 4829 w
4235 4717 4235 4645 Dl
(1400)4125 4829 w
8 R f
(.)2208 4352 w
( .)1 0( .)1 36(. .)1 20 3 2244 4334 t
(. .)1 20 1 2316 4308 t
(. .)1 20 1 2352 4299 t
(. .)1 20 1 2388 4282 t
(. .)1 20 1 2424 4273 t
( .)1 0( .)1 36(. .)1 20 3 2460 4265 t
(. .)1 20 1 2532 4256 t
( .)1 0( .)1 36(. .)1 20 3 2568 4247 t
(. .)1 20 1 2640 4239 t
(. .)1 20 1 2676 4230 t
( .)1 0( .)1 36(. .)1 20 3 2712 4221 t
(. .)1 20 1 2784 4212 t
(. .)1 20 1 2820 4203 t
(. .)1 20 1 2856 4195 t
( .)1 0( .)1 36( .)1 0( .)1 36( .)1 0( .)1 36(. .)1 20 7 2892 4186 t
(. .)1 20 1 3036 4177 t
( .)1 0( .)1 36(. .)1 20 3 3072 4169 t
(. .)1 20 1 3144 4160 t
( .)1 0( .)1 36(. .)1 20 3 3180 4151 t
(. .)1 20 1 3252 4142 t
(. .)1 20 1 3288 4133 t
( .)1 0( .)1 36(. .)1 20 3 3324 4125 t
(. .)1 20 1 3396 4116 t
(. .)1 20 1 3432 4108 t
( .)1 0( .)1 36(. .)1 20 3 3468 4099 t
(. .)1 20 1 3540 4090 t
( .)1 0( .)1 36(. .)1 20 3 3576 4081 t
(. .)1 20 1 3648 4072 t
(. .)1 20 1 3684 4064 t
(. .)1 20 1 3720 4055 t
( .)1 0( .)1 36(. .)1 20 3 3756 4046 t
(. .)1 20 1 3828 4038 t
(. .)1 20 1 3864 4029 t
( .)1 0( .)1 36(. .)1 20 3 3900 4020 t
(. .)1 20 1 3972 4011 t
(. .)1 20 1 4008 4002 t
(. .)1 20 1 4044 3994 t
(.)4080 3985 w
11 R f
(physical network)1 761 1 4235 4064 t
2255 3974 2219 3991 Dl
2291 3966 2255 3974 Dl
2327 3922 2291 3965 Dl
2363 3887 2327 3921 Dl
2399 3878 2363 3886 Dl
2435 3878 2399 3878 Dl
2471 3853 2435 3878 Dl
2507 3834 2471 3851 Dl
2543 3809 2507 3834 Dl
2579 3808 2543 3808 Dl
2615 3800 2579 3808 Dl
2651 3799 2615 3799 Dl
2687 3756 2651 3799 Dl
2723 3747 2687 3755 Dl
2759 3730 2723 3747 Dl
2795 3729 2759 3729 Dl
2831 3695 2795 3729 Dl
2867 3677 2831 3694 Dl
2903 3652 2867 3677 Dl
2939 3703 2903 3651 Dl
2975 3703 2939 3703 Dl
3011 3703 2975 3703 Dl
3047 3686 3011 3703 Dl
3083 3686 3047 3686 Dl
3119 3661 3083 3686 Dl
3155 3643 3119 3660 Dl
3191 3642 3155 3642 Dl
3227 3642 3191 3642 Dl
3263 3634 3227 3642 Dl
3299 3633 3263 3633 Dl
3335 3599 3299 3633 Dl
3371 3590 3335 3598 Dl
3407 3573 3371 3590 Dl
3443 3572 3407 3572 Dl
3479 3555 3443 3572 Dl
3515 3546 3479 3554 Dl
3551 3529 3515 3546 Dl
3587 3529 3551 3529 Dl
3623 3504 3587 3529 Dl
3659 3477 3623 3502 Dl
3695 3472 3659 3476 Dl
3731 3468 3695 3472 Dl
3767 3442 3731 3467 Dl
3803 3433 3767 3441 Dl
3839 3398 3803 3432 Dl
3875 3381 3839 3398 Dl
3911 3380 3875 3380 Dl
3947 3380 3911 3380 Dl
3983 3346 3947 3380 Dl
4019 3337 3983 3345 Dl
4055 3319 4019 3336 Dl
4091 3319 4055 3319 Dl
11 CW f
(Pnet)4235 3401 w
11 B f
(Figure 2.)1 430 1 2024 5567 t
11 R f
(Median ICMP)1 641 1 2526 5567 t
11 CW f
(ECHO)3203 5567 w
11 R f
(Time)3503 5567 w
( is a glitch in the)5 793( There)1 330( in milliseconds for each packet size.)6 1692( shows the median times)4 1127(Figure 2)1 378 5 720 6152 t
( of)1 138( Packets)1 418( due to buffer allocation strategies.)5 1620(graph at around 500 bytes; this is most likely)8 2144 4 720 6282 t
( counting the IP and ICMP headers, in this case \320 are copied into a)14 3223(more than 512 bytes \320)4 1097 2 720 6412 t
(single)720 6542 w
11 I f
(mbuf cluster)1 555 1 1019 6542 t
11 R f
(, rather than a chain of)5 1027 1 1583 6542 t
11 I f
(mbuf)2646 6542 w
11 R f
(s.)2875 6542 w
( appeared that)2 646( It)1 147( shows the ratio of the times.)6 1366( 3,)1 119(A second graph, Figure)3 1079 5 720 6737 t
11 CW f
(Pnet)4152 6737 w
11 R f
(performed at)1 579 1 4461 6737 t
( validate this, we used)4 1083( To)1 213( speed of the raw underlying network.)6 1830(one half to one third the)5 1194 4 720 6867 t
11 CW f
(ftp)720 6997 w
11 R f
( to)1 143(\(1\) to copy a large \256le)5 1113 2 927 6997 t
11 CW f
(/dev/null)2240 6997 w
11 R f
(, after ensuring that the entire \256le was in the)9 2197 1 2843 6997 t
cleartomark
showpage
restore
%%EndPage: 9 9
%%Page: 10 10
save
mark
10 pagesetup
11 R f
4248 2506 2088 2506 Dl
2088 1066 2088 2506 Dl
2016 2506 2088 2506 Dl
(-0)1889 2528 w
2016 2094 2088 2094 Dl
(1)1925 2116 w
2016 1683 2088 1683 Dl
(2)1925 1705 w
2016 1271 2088 1271 Dl
(3)1925 1293 w
(Packet Size)1 517 1 2910 2828 t
(time)1558 1743 w
(ratio)1556 1873 w
2160 2578 2160 2506 Dl
(0)2133 2690 w
2448 2578 2448 2506 Dl
(200)2366 2690 w
2736 2578 2736 2506 Dl
(400)2654 2690 w
3024 2578 3024 2506 Dl
(600)2942 2690 w
3312 2578 3312 2506 Dl
(800)3230 2690 w
3600 2578 3600 2506 Dl
(1000)3490 2690 w
3888 2578 3888 2506 Dl
(1200)3778 2690 w
4176 2578 4176 2506 Dl
(1400)4066 2690 w
2196 1291 2160 1207 Dl
2232 1272 2196 1291 Dl
2268 1339 2232 1271 Dl
2304 1321 2268 1340 Dl
2340 1392 2304 1320 Dl
2376 1432 2340 1393 Dl
2412 1428 2376 1433 Dl
2448 1399 2412 1427 Dl
2484 1395 2448 1399 Dl
2520 1431 2484 1395 Dl
2556 1419 2520 1431 Dl
2592 1450 2556 1417 Dl
2628 1421 2592 1451 Dl
2664 1441 2628 1421 Dl
2700 1417 2664 1441 Dl
2736 1446 2700 1416 Dl
2772 1432 2736 1448 Dl
2808 1437 2772 1431 Dl
2844 1434 2808 1438 Dl
2880 1497 2844 1433 Dl
2916 1499 2880 1499 Dl
2952 1499 2916 1499 Dl
2988 1504 2952 1499 Dl
3024 1528 2988 1503 Dl
3060 1498 3024 1528 Dl
3096 1502 3060 1498 Dl
3132 1525 3096 1502 Dl
3168 1526 3132 1526 Dl
3204 1538 3168 1526 Dl
3240 1561 3204 1539 Dl
3276 1546 3240 1561 Dl
3312 1537 3276 1546 Dl
3348 1538 3312 1536 Dl
3384 1559 3348 1539 Dl
3420 1562 3384 1560 Dl
3456 1554 3420 1562 Dl
3492 1556 3456 1554 Dl
3528 1575 3492 1557 Dl
3564 1552 3528 1576 Dl
3600 1546 3564 1551 Dl
3636 1560 3600 1546 Dl
3672 1573 3636 1560 Dl
3708 1569 3672 1574 Dl
3744 1561 3708 1568 Dl
3780 1549 3744 1561 Dl
3816 1550 3780 1548 Dl
3852 1566 3816 1550 Dl
3888 1567 3852 1567 Dl
3924 1555 3888 1567 Dl
3960 1564 3924 1555 Dl
3996 1566 3960 1564 Dl
4032 1581 3996 1566 Dl
11 B f
(Figure 3.)1 430 1 2105 3428 t
11 R f
(Ratio of Median Times)3 1048 1 2607 3428 t
( speed ratio was noticeably worse than might be expected from the)11 3085( The)1 248(sender's buffer cache.)2 987 3 720 4013 t
( attributed this difference primarily to CPU time)7 2432( We)1 259( 3.4 to 1.)3 523(previous measurements,)1 1106 4 720 4143 t
( the)1 171( the data to and from)5 953(consumption. Copying)1 1049 3 720 4273 t
11 CW f
(Pnet)2960 4273 w
11 R f
(driver is CPU-intensive; thus,)3 1337 1 3261 4273 t
11 CW f
(Pnet)4665 4273 w
11 R f
(is)4966 4273 w
(competing with)1 716 1 720 4403 t
11 CW f
(ftp)1492 4403 w
11 R f
( The)1 262(and TCP itself for processor time.)5 1631 2 1746 4403 t
11 CW f
(ttcp)3695 4403 w
11 R f
(throughput benchmark)1 1025 1 4015 4403 t
( observation of)2 691( Visual)1 367( Mike Muuss yielded similar results.)5 1690(developed by)1 603 4 720 4533 t
11 CW f
(perfmeter)4115 4533 w
11 R f
(during)4753 4533 w
11 CW f
(ttcp)720 4663 w
11 R f
( the receiving host sustained additional CPU load; the)8 2671(runs displays indicated that)3 1318 2 1051 4663 t
(transmitting host actually had more idle time.)6 2052 1 720 4793 t
( is really the limiting factor, the performance difference would not be seen if)13 3581(If CPU capacity)2 739 2 720 4988 t
( at another way, we can make available more)8 2088( Looked)1 413( extra CPU capacity available.)4 1388(there was)1 431 4 720 5118 t
( was most easily)3 896( This)1 317( interarrival rate.)2 847(CPU time per packet by slowing down the)7 2260 4 720 5248 t
( link, in this case between Murray)6 1643(accomplished by running similar tests across a long-haul)7 2677 2 720 5378 t
( access between the two sites is via a)8 1865( IP)1 193( Pennsylvania.)1 673(Hill, New Jersey, and Allentown,)4 1589 4 720 5508 t
( networks and gateways)3 1117(1.344M bps point-to-point link; additionally, several other local area)8 3203 2 720 5638 t
(intervene at each end.)3 979 1 720 5768 t
( 5.)1 119( the speed ratio is shown in Figure)7 1801( 4;)1 122( shown in Figure)3 867(The raw throughput graph is)4 1411 5 720 5963 t
( link; as can be seen,)5 1030(Performance is a bit more variable, due to the vagaries of the shared)12 3290 2 720 6093 t
( The)1 247( of the two sets of graphs correspond nicely.)8 2048(though, the shapes)2 840 3 720 6223 t
11 CW f
(Pnet)3926 6223 w
11 R f
(link is only about)3 809 1 4231 6223 t
( complication arose because of packet loss)6 1931( A)1 155(1.1 times slower than the direct link in this case.)9 2234 3 720 6353 t
( of the test program, each dropped packet caused a one-second)10 2963(on the link; given the design)5 1357 2 720 6483 t
( subtracting one second)3 1058( adjusted for this by)4 911( We)1 224(timeout before the next ICMP packet was sent.)7 2127 4 720 6613 t
(from the total time for each such packet.)7 1831 1 720 6743 t
(The overhead of)2 743 1 720 6938 t
11 CW f
(Pnet)1534 6938 w
11 R f
( regardless of the)3 794(should be relatively constant for a given packet size,)8 2407 2 1839 6938 t
( sets of tests; as can be seen,)7 1337( shows the difference in throughput for both)7 2036( 6)1 91( Figure)1 365(link speed.)1 491 5 720 7068 t
cleartomark
showpage
restore
%%EndPage: 10 10
%%Page: 11 11
save
mark
11 pagesetup
11 R f
4307 2565 2147 2565 Dl
2147 1125 2147 2565 Dl
(Packet Size)1 517 1 2969 2888 t
(per-packet)1366 1802 w
(time \(ms.\))1 461 1 1366 1932 t
2075 2537 2147 2537 Dl
(0)1984 2559 w
2075 2067 2147 2067 Dl
(5)1984 2089 w
2075 1596 2147 1596 Dl
(10)1929 1618 w
2075 1125 2147 1125 Dl
(15)1929 1147 w
2219 2637 2219 2565 Dl
(0)2192 2749 w
2507 2637 2507 2565 Dl
(200)2425 2749 w
2795 2637 2795 2565 Dl
(400)2713 2749 w
3083 2637 3083 2565 Dl
(600)3001 2749 w
3371 2637 3371 2565 Dl
(800)3289 2749 w
3659 2637 3659 2565 Dl
(1000)3549 2749 w
3947 2637 3947 2565 Dl
(1200)3837 2749 w
4235 2637 4235 2565 Dl
(1400)4125 2749 w
8 R f
(.)2208 2197 w
(. .)1 20 1 2244 2187 t
(. .)1 20 1 2280 2181 t
(. .)1 20 1 2316 2162 t
(. .)1 20 1 2352 2156 t
(. .)1 20 1 2388 2141 t
(. .)1 20 1 2424 2138 t
(. .)1 20 1 2460 2121 t
(. .)1 20 1 2496 2109 t
(. .)1 20 1 2532 2095 t
(. .)1 20 1 2568 2092 t
( .)1 0( .)1 36(. .)1 20 3 2604 2075 t
(. .)1 20 1 2676 2053 t
(. .)1 20 1 2712 2051 t
(. .)1 20 1 2748 2026 t
(. .)1 20 1 2784 2025 t
(. .)1 20 1 2820 2004 t
(. .)1 20 1 2856 2001 t
(. .)1 20 1 2892 1988 t
(. .)1 20 1 2928 1981 t
(. .)1 20 1 2964 1963 t
(. .)1 20 1 3000 1965 t
(. .)1 20 1 3036 1943 t
(. .)1 20 1 3072 1945 t
(. .)1 20 1 3108 1926 t
(. .)1 20 1 3144 1927 t
(. .)1 20 1 3180 1900 t
(. .)1 20 1 3216 1904 t
(. .)1 20 1 3252 1879 t
(. .)1 20 1 3288 1884 t
(. .)1 20 1 3324 1859 t
(. .)1 20 1 3360 1866 t
(. .)1 20 1 3396 1836 t
(. .)1 20 1 3432 1845 t
(. .)1 20 1 3468 1816 t
(. .)1 20 1 3504 1821 t
(. .)1 20 1 3540 1795 t
(. .)1 20 1 3576 1804 t
(. .)1 20 1 3612 1772 t
(. .)1 20 1 3648 1783 t
(. .)1 20 1 3684 1753 t
(. .)1 20 1 3720 1763 t
(. .)1 20 1 3756 1731 t
(. .)1 20 1 3792 1740 t
(. .)1 20 1 3828 1706 t
(. .)1 20 1 3864 1718 t
(. .)1 20 1 3900 1688 t
(. .)1 20 1 3936 1698 t
(. .)1 20 1 3972 1665 t
(. .)1 20 1 4008 1678 t
(. .)1 20 1 4044 1642 t
(.)4080 1657 w
11 R f
(physical network)1 761 1 4235 1736 t
2255 2101 2219 2113 Dl
2291 2093 2255 2101 Dl
2327 2074 2291 2092 Dl
2363 2060 2327 2074 Dl
2399 2042 2363 2059 Dl
2435 2040 2399 2043 Dl
2471 2023 2435 2038 Dl
2507 2015 2471 2023 Dl
2543 1997 2507 2015 Dl
2579 1988 2543 1997 Dl
2615 1966 2579 1988 Dl
2651 1965 2615 1965 Dl
2687 1947 2651 1966 Dl
2723 1943 2687 1946 Dl
2759 1920 2723 1942 Dl
2795 1923 2759 1920 Dl
2831 1896 2795 1924 Dl
2867 1894 2831 1896 Dl
2903 1874 2867 1894 Dl
2939 1878 2903 1873 Dl
2975 1860 2939 1878 Dl
3011 1858 2975 1860 Dl
3047 1836 3011 1858 Dl
3083 1837 3047 1835 Dl
3119 1813 3083 1837 Dl
3155 1811 3119 1813 Dl
3191 1787 3155 1811 Dl
3227 1793 3191 1786 Dl
3263 1763 3227 1793 Dl
3299 1770 3263 1764 Dl
3335 1737 3299 1770 Dl
3371 1746 3335 1737 Dl
3407 1716 3371 1747 Dl
3443 1724 3407 1715 Dl
3479 1696 3443 1724 Dl
3515 1698 3479 1696 Dl
3551 1668 3515 1698 Dl
3587 1682 3551 1667 Dl
3623 1646 3587 1683 Dl
3659 1652 3623 1645 Dl
3695 1622 3659 1652 Dl
3731 1630 3695 1621 Dl
3767 1597 3731 1631 Dl
3803 1608 3767 1596 Dl
3839 1572 3803 1609 Dl
3875 1583 3839 1572 Dl
3911 1550 3875 1583 Dl
3947 1561 3911 1549 Dl
3983 1525 3947 1562 Dl
4019 1534 3983 1525 Dl
4055 1498 4019 1534 Dl
4091 1515 4055 1498 Dl
11 CW f
(Pnet)4235 1597 w
11 B f
(Figure 4.)1 430 1 1693 3487 t
11 R f
(Median ICMP)1 641 1 2195 3487 t
11 CW f
(ECHO)2872 3487 w
11 R f
(Time \320 Long Haul)3 895 1 3172 3487 t
(the two graphs are quite similar.)5 1457 1 720 4072 t
(Finally, the same)2 806 1 720 4267 t
11 CW f
(ftp)1579 4267 w
11 R f
(and)1830 4267 w
11 CW f
(ttcp)2041 4267 w
11 R f
(tests were run; throughput for)4 1406 1 2358 4267 t
11 CW f
(Pnet)3847 4267 w
11 R f
(was essentially the)2 876 1 4164 4267 t
(same as on the physical network.)5 1493 1 720 4397 t
10 B f
( STREAM VERSION OF)3 1122(6. A)1 213 2 720 4657 t
10 CW f
(Pnet)2115 4657 w
11 R f
( of TCP/IP, there is no need for a)8 1666(On a system with a good stream implementation)7 2306 2 720 4852 t
11 CW f
(Pnet)4776 4852 w
11 R f
( The)1 242( described above.)2 780( native drivers can be used instead, for all of the applications)11 2766(driver. The)1 532 4 720 4982 t
( the)1 190( Issue)1 317( one end of it to IP.)6 1017( a stream pipe, and link)5 1162( create)1 350(mechanism is quite simple:)3 1284 6 720 5112 t
(appropriate con\256guration)1 1143 1 720 5242 t
11 CW f
(ioctl)1922 5242 w
11 R f
(\(\) calls \(i.e., to inform IP of the network number and IP)11 2779 1 2261 5242 t
( conventional)1 608( For)1 230( the same as any other device driver.)7 1694(address\), and the stream will be treated)6 1788 4 720 5372 t
( Since)1 364(devices, this con\256guration process is typically table-driven.)6 2950 2 720 5502 t
11 CW f
(Pnet)4148 5502 w
11 R f
(devices are)1 544 1 4496 5502 t
(dynamically created, a table is not usable; instead, the)8 2513 1 720 5632 t
11 CW f
(Pnet)3309 5632 w
11 R f
( the process)2 556(server must handle)2 865 2 3619 5632 t
(manually.)720 5762 w
(Shutting down a pipe-based)3 1264 1 720 5957 t
11 CW f
(Pnet)2055 5957 w
11 R f
( may be disorderly; one)4 1094( Shutdown)1 525( dif\256cult.)1 419(driver is often)2 642 4 2360 5957 t
( ends of the pipe may be closed before IP's)9 2074(or both)1 336 2 720 6087 t
11 CW f
(close)3178 6087 w
11 R f
( is therefore)2 563( It)1 151(routine is called.)2 770 3 3556 6087 t
(vital to detect)2 617 1 720 6217 t
11 CW f
(M_HANGUP)1374 6217 w
11 R f
( crucial detail is whether IP is)6 1361( Another)1 432(messages traveling upstream.)2 1308 3 1939 6217 t
( some versions of stream TCP/IP, much of)7 1928( In)1 163( structures.)1 490(prepared to delete the interface control)5 1739 4 720 6347 t
( with the possibility of such deletions.)6 1814(the rest of the networking code is unprepared to deal)9 2506 2 720 6477 t
( point to the per-interface structure; if these are not)9 2513(For example, route table entries often)5 1807 2 720 6607 t
( fact, some early implementations of SLIP for 4.2bsd were)9 2691( In)1 168(cleaned up, problems can occur.)4 1461 3 720 6737 t
(known to crash when the interface was deleted.)7 2133 1 720 6867 t
cleartomark
showpage
restore
%%EndPage: 11 11
%%Page: 12 12
save
mark
12 pagesetup
11 R f
4248 2506 2088 2506 Dl
2088 1066 2088 2506 Dl
2016 2506 2088 2506 Dl
(-0)1889 2528 w
2016 2146 2088 2146 Dl
(.5)1897 2168 w
2016 1786 2088 1786 Dl
(1)1925 1808 w
2016 1426 2088 1426 Dl
(1.5)1842 1448 w
2016 1066 2088 1066 Dl
(2)1925 1088 w
(Packet Size)1 517 1 2910 2828 t
(time)1558 1743 w
(ratio)1556 1873 w
2160 2578 2160 2506 Dl
(0)2133 2690 w
2448 2578 2448 2506 Dl
(200)2366 2690 w
2736 2578 2736 2506 Dl
(400)2654 2690 w
3024 2578 3024 2506 Dl
(600)2942 2690 w
3312 2578 3312 2506 Dl
(800)3230 2690 w
3600 2578 3600 2506 Dl
(1000)3490 2690 w
3888 2578 3888 2506 Dl
(1200)3778 2690 w
4176 2578 4176 2506 Dl
(1400)4066 2690 w
2196 1614 2160 1613 Dl
2232 1615 2196 1615 Dl
2268 1622 2232 1614 Dl
2304 1610 2268 1623 Dl
2340 1612 2304 1609 Dl
2376 1613 2340 1612 Dl
2412 1621 2376 1614 Dl
2448 1632 2412 1622 Dl
2484 1633 2448 1633 Dl
2520 1623 2484 1634 Dl
2556 1620 2520 1622 Dl
2592 1620 2556 1619 Dl
2628 1632 2592 1621 Dl
2664 1631 2628 1633 Dl
2700 1641 2664 1631 Dl
2736 1648 2700 1641 Dl
2772 1644 2736 1647 Dl
2808 1646 2772 1644 Dl
2844 1640 2808 1646 Dl
2880 1656 2844 1639 Dl
2916 1661 2880 1657 Dl
2952 1655 2916 1661 Dl
2988 1657 2952 1654 Dl
3024 1658 2988 1658 Dl
3060 1657 3024 1658 Dl
3096 1654 3060 1657 Dl
3132 1660 3096 1653 Dl
3168 1662 3132 1660 Dl
3204 1664 3168 1664 Dl
3240 1665 3204 1664 Dl
3276 1661 3240 1665 Dl
3312 1661 3276 1660 Dl
3348 1664 3312 1662 Dl
3384 1664 3348 1665 Dl
3420 1669 3384 1662 Dl
3456 1665 3420 1670 Dl
3492 1665 3456 1665 Dl
3528 1669 3492 1665 Dl
3564 1670 3528 1670 Dl
3600 1664 3564 1669 Dl
3636 1669 3600 1664 Dl
3672 1667 3636 1669 Dl
3708 1668 3672 1666 Dl
3744 1670 3708 1668 Dl
3780 1671 3744 1670 Dl
3816 1671 3780 1672 Dl
3852 1670 3816 1670 Dl
3888 1671 3852 1671 Dl
3924 1672 3888 1672 Dl
3960 1667 3924 1672 Dl
3996 1670 3960 1667 Dl
4032 1672 3996 1672 Dl
11 B f
(Figure 5.)1 430 1 1773 3428 t
11 R f
(Ratio of Median Times \320 Long Haul)6 1711 1 2275 3428 t
( TCP/IP deals well enough with shutdowns; however,)7 2430(The 9th Edition implementation of stream)5 1890 2 720 4013 t
( ARP)1 256(the IP destination address is not passed downstream along with the packet unless)12 3724 2 720 4143 t
9 R f
([Plum82])4700 4107 w
11 R f
( implementation is thus able to deal only with Ethernet)9 2540( The)1 248(is in use.)2 418 3 720 4273 t
8 R f
(5)3926 4229 w
11 R f
(networks and point-to-)2 1031 1 4009 4273 t
( is obviously easy)3 811( This)1 268( not relevant.)2 593(point links, for which the concept of destination address is)9 2648 4 720 4403 t
(to \256x.)1 267 1 720 4533 t
( versions typically use the)4 1263(System V)1 461 2 720 4728 t
11 I f
(Data Link Provider Interface)3 1375 1 2502 4728 t
11 R f
(\(DLPI\))3935 4728 w
9 R f
([McGr89])4251 4692 w
11 R f
(protocol)4674 4728 w
( The)1 247(between IP and the device driver.)5 1538 2 720 4858 t
11 CW f
(Pnet)2576 4858 w
11 R f
(server must implement its half of this protocol,)7 2159 1 2881 4858 t
( along.)1 339( does provide for the destination address to be passed)9 2683( DLPI)1 346(a non-trivial matter.)2 952 4 720 4988 t
( protocol requires that a)4 1087(Unfortunately, it also introduces another complication at shutdown: the)8 3233 2 720 5118 t
(link be unbound at connection tear-down, via a)7 2615 1 720 5248 t
11 CW f
(DL_UNBIND_REQ)3441 5248 w
11 R f
(message and)1 635 1 4405 5248 t
( dif\256cult for a resident device driver, but is problematic when)10 2901( is not)2 313(acknowledgement. This)1 1106 3 720 5378 t
( can occur when a server program has exited; there is)10 2642( Shutdown)1 542( a pipe.)2 383(the ``device'' is)2 753 4 720 5508 t
(obviously no way for the server to receive or send any more messages.)12 3203 1 720 5638 t
( System V Release 4 streams TCP/IP, based on the)9 2320(We worked with a pre-release version of the)7 2000 2 720 5833 t
( example,)1 461( For)1 251(Lachman/Convergent code; for it, some of these concerns were minimized.)9 3608 3 720 5963 t
(although the drivers do acknowledge IP's)5 1872 1 720 6093 t
11 CW f
(DL_UNBIND_REQ)2629 6093 w
11 R f
( is)1 112(message, the acknowledgement)2 1404 2 3524 6093 t
( some implementation-speci\256c)2 1366( while)1 281( Similarly,)1 512(silently ignored; thus, its absence is not missed.)7 2161 4 720 6223 t
( example, associating the stream with a statistics structure, and actually keeping)11 3706(details \320 for)2 614 2 720 6353 t
9 S1 f
(________________)720 6553 w
9 R f
( is a registered trademark of Xerox Corporation.)7 1788(5. Ethernet)1 448 2 720 6683 t
cleartomark
showpage
restore
%%EndPage: 12 12
%%Page: 13 13
save
mark
13 pagesetup
11 R f
4284 2598 2124 2598 Dl
2124 1158 2124 2598 Dl
2052 2238 2124 2238 Dl
(1)1961 2260 w
2052 1837 2124 1837 Dl
(1.2)1878 1859 w
2052 1438 2124 1438 Dl
(1.4)1878 1460 w
(Packet Size)1 517 1 2946 2919 t
(difference)1436 1900 w
2196 2670 2196 2598 Dl
(0)2169 2782 w
2484 2670 2484 2598 Dl
(200)2402 2782 w
2772 2670 2772 2598 Dl
(400)2690 2782 w
3060 2670 3060 2598 Dl
(600)2978 2782 w
3348 2670 3348 2598 Dl
(800)3266 2782 w
3636 2670 3636 2598 Dl
(1000)3526 2782 w
3924 2670 3924 2598 Dl
(1200)3814 2782 w
4212 2670 4212 2598 Dl
(1400)4102 2782 w
8 R f
( .)1 0(. .)1 56 2 2185 2601 t
(. .)1 20 1 2257 2560 t
(.)2275 2521 w
(. .)1 20 1 2293 2480 t
(.)2305 2441 w
(.)2316 2401 w
(. .)1 20 1 2329 2360 t
(. .)1 20 1 2365 2401 t
(. .)1 20 1 2401 2441 t
(.)2419 2401 w
(. .)1 20 1 2437 2360 t
(.)2455 2321 w
(. .)1 20 1 2473 2280 t
(.)2491 2241 w
(. .)1 20 1 2509 2200 t
(. .)1 20 1 2545 2241 t
(. .)1 20 1 2581 2200 t
(. .)1 20 1 2617 2241 t
(.)2624 2208 w
(.)2631 2177 w
(.)2638 2144 w
(.)2645 2113 w
( .)1 0( .)1 36(. .)1 20 3 2653 2081 t
(.)2707 2041 w
(. .)1 20 1 2725 2000 t
(. .)1 20 1 2761 2041 t
(.)2773 2000 w
(.)2784 1961 w
(. .)1 20 1 2797 1920 t
(. .)1 20 1 2833 1881 t
(.)2851 1840 w
(. .)1 20 1 2869 1801 t
(.)2874 1835 w
(.)2879 1869 w
(.)2884 1904 w
(.)2889 1938 w
(.)2894 1972 w
(.)2899 2006 w
( .)1 0( .)1 36( .)1 0( .)1 36(. .)1 20 5 2905 2041 t
(. .)1 20 1 3013 2000 t
(. .)1 20 1 3049 2041 t
(.)3061 2000 w
(.)3072 1961 w
(. .)1 20 1 3085 1920 t
(. .)1 20 1 3121 1881 t
( .)1 0( .)1 36( .)1 0( .)1 36(. .)1 20 5 3157 1920 t
(. .)1 20 1 3265 1961 t
(.)3277 1920 w
(.)3288 1881 w
(. .)1 20 1 3301 1840 t
(. .)1 20 1 3337 1801 t
(. .)1 20 1 3373 1760 t
(. .)1 20 1 3409 1801 t
(. .)1 20 1 3445 1760 t
(. .)1 20 1 3481 1721 t
(. .)1 20 1 3517 1681 t
(. .)1 20 1 3553 1721 t
(.)3565 1681 w
(.)3576 1640 w
(. .)1 20 1 3589 1601 t
(.)3607 1560 w
(. .)1 20 1 3625 1521 t
(. .)1 20 1 3661 1541 t
(. .)1 20 1 3697 1560 t
(.)3715 1521 w
(. .)1 20 1 3733 1480 t
(. .)1 20 1 3769 1441 t
(.)3781 1400 w
(.)3792 1361 w
(. .)1 20 1 3805 1321 t
(. .)1 20 1 3841 1280 t
( .)1 0( .)1 36(. .)1 20 3 3877 1321 t
(.)3925 1280 w
(.)3936 1241 w
( .)1 0( .)1 36(. .)1 20 3 3949 1200 t
(. .)1 20 1 4021 1161 t
(.)4057 1200 w
11 R f
(local)4212 1147 w
2232 2458 2196 2498 Dl
2268 2417 2232 2457 Dl
2304 2418 2268 2418 Dl
2311 2383 2304 2418 Dl
2325 2310 2318 2345 Dl
2339 2238 2332 2273 Dl
2376 2198 2340 2238 Dl
2412 2197 2376 2197 Dl
2448 2217 2412 2197 Dl
2463 2251 2448 2218 Dl
2483 2298 2468 2265 Dl
2520 2238 2484 2297 Dl
2527 2203 2520 2238 Dl
2541 2140 2534 2175 Dl
2555 2077 2548 2112 Dl
2566 2044 2556 2078 Dl
2591 1958 2581 1992 Dl
2628 1978 2592 1958 Dl
2664 2037 2628 1978 Dl
2700 1998 2664 2038 Dl
2736 2037 2700 1997 Dl
2748 2071 2736 2038 Dl
2771 2137 2759 2104 Dl
2780 2104 2772 2138 Dl
2793 2051 2785 2085 Dl
2807 1998 2799 2032 Dl
2844 2017 2808 1997 Dl
2851 1982 2844 2017 Dl
2865 1920 2858 1955 Dl
2879 1858 2872 1893 Dl
2885 1894 2880 1858 Dl
2895 1968 2890 1932 Dl
2905 2043 2900 2007 Dl
2915 2118 2910 2082 Dl
2952 2117 2916 2117 Dl
2964 2084 2952 2117 Dl
2987 2018 2975 2051 Dl
3024 1997 2988 2017 Dl
3060 1997 3024 1997 Dl
3072 1964 3060 1997 Dl
3095 1899 3083 1932 Dl
3132 1839 3096 1898 Dl
3168 1877 3132 1837 Dl
3184 1909 3168 1878 Dl
3203 1947 3187 1916 Dl
3217 1915 3204 1948 Dl
3239 1858 3226 1891 Dl
3276 1898 3240 1858 Dl
3283 1863 3276 1898 Dl
3297 1790 3290 1825 Dl
3311 1718 3304 1753 Dl
3348 1777 3312 1718 Dl
3384 1719 3348 1778 Dl
3420 1718 3384 1718 Dl
3456 1758 3420 1718 Dl
3471 1724 3456 1757 Dl
3491 1678 3476 1711 Dl
3507 1645 3492 1678 Dl
3527 1597 3512 1630 Dl
3538 1632 3528 1598 Dl
3563 1717 3553 1683 Dl
3574 1684 3564 1718 Dl
3599 1598 3589 1632 Dl
3615 1565 3600 1598 Dl
3635 1517 3620 1550 Dl
3672 1518 3636 1518 Dl
3708 1498 3672 1518 Dl
3744 1439 3708 1498 Dl
3759 1471 3744 1438 Dl
3779 1518 3764 1485 Dl
3795 1485 3780 1518 Dl
3815 1437 3800 1470 Dl
3852 1438 3816 1438 Dl
3867 1405 3852 1438 Dl
3887 1357 3872 1390 Dl
3924 1417 3888 1358 Dl
3936 1385 3924 1418 Dl
3959 1318 3947 1351 Dl
3975 1285 3960 1318 Dl
3995 1237 3980 1270 Dl
4032 1218 3996 1238 Dl
4068 1257 4032 1217 Dl
(Long Haul)1 481 1 4212 1340 t
11 B f
(Figure 6.)1 430 1 2241 3520 t
11 R f
(Time Differences)1 776 1 2743 3520 t
(counts in that structure \320 are messy, the existing drivers in our version ignored them, so we)16 4320 1 720 4105 t
(ignored them as well.)3 971 1 720 4235 t
(Given that, we must implement the following aspects of the protocol:)10 3134 1 720 4430 t
9 R f
(\267)798 4625 w
11 R f
(Respond to)1 550 1 885 4625 t
11 CW f
(DL_BIND_REQ)1514 4625 w
11 R f
(with a)1 324 1 2319 4625 t
11 CW f
(DL_BIND_ACK)2723 4625 w
11 R f
( both of these)3 752(message. Since)1 759 2 3529 4625 t
(messages are transmitted as)3 1270 1 885 4755 t
11 CW f
(M_PROTO)2201 4755 w
11 R f
(streams messages, they could be sent and received)7 2332 1 2708 4755 t
(easily enough via)2 785 1 885 4885 t
11 CW f
(putmsg)1706 4885 w
11 R f
(\(\) and)1 266 1 2111 4885 t
11 CW f
(getmsg)2413 4885 w
11 R f
(\(\).)2818 4885 w
9 R f
(\267)798 5080 w
11 R f
(Respond to a)2 653 1 885 5080 t
11 CW f
(DL_INFO_REQ)1606 5080 w
11 R f
(message with a)2 751 1 2400 5080 t
11 CW f
(DL_INFO_ACK)3219 5080 w
11 R f
( this)1 228(message. Again,)1 799 2 4013 5080 t
(requires no kernel code.)3 1077 1 885 5210 t
9 R f
(\267)798 5405 w
11 R f
(Accept and send data via)4 1128 1 885 5405 t
11 CW f
(DL_UNITDATA_REQ)2049 5405 w
11 R f
(and)3075 5405 w
11 CW f
(DL_UNITDATA_IND)3269 5405 w
11 R f
(.)4268 5405 w
9 R f
(\267)798 5600 w
11 R f
(Accept a few)2 616 1 885 5600 t
11 CW f
(ioctl)1549 5600 w
11 R f
( of IP requires that the socket)6 1414( version)1 371( This)1 280(\(\) calls.)1 349 4 1888 5600 t
11 CW f
(ioctl)4351 5600 w
11 R f
(\(\) calls,)1 350 1 4690 5600 t
(notably)885 5730 w
11 CW f
(SIOCSIFFLAGS)1289 5730 w
11 R f
(,)2090 5730 w
11 CW f
(SIOCSIFADDR)2192 5730 w
11 R f
(, and)1 260 1 2927 5730 t
11 CW f
(SIOCSIFNAME)3261 5730 w
11 R f
( the interface)2 661(\(to set)1 318 2 4061 5730 t
( \(or a convergence module\), and an)6 1699(structure name\) be \256elded by the driver)6 1875 2 885 5860 t
11 CW f
(M_IOCACK)4512 5860 w
11 R f
( dif\256cult, since there is no way to process)8 1960( one is more)3 595( This)1 278(message sent back upstream.)3 1322 4 885 5990 t
11 CW f
(M_IOCTL)885 6120 w
11 R f
(messages at the stream head, or to generate responses.)8 2441 1 1383 6120 t
( if a module were)4 884( Indeed,)1 418(We could have implemented this via a special-purpose module.)8 3018 3 720 6315 t
(needed anyway, to handle)3 1169 1 720 6445 t
11 CW f
(DL_UNBIND_REQ)1927 6445 w
11 R f
( opted for that solution.)4 1068(, we would probably have)4 1178 2 2794 6445 t
( level, though, we provided a general)6 1821(Given that everything else could be handled at user)8 2499 2 720 6575 t
(alternative, the)1 694 1 720 6705 t
11 CW f
(mesg)1484 6705 w
11 R f
(/)1757 6705 w
11 CW f
(rmesg)1788 6705 w
11 R f
( modules)1 442( These)1 366(module pair used in 9th Edition systems.)6 2044 3 2188 6705 t
(encapsulate all stream messages, regardless of type, as an)8 2667 1 720 6835 t
11 CW f
(M_DATA)3433 6835 w
11 R f
( by an)2 307(message preceeded)1 858 2 3875 6835 t
11 CW f
(M_PROTO)720 6965 w
11 R f
( user-generated header is examined to produce an)7 2253( the reverse direction, a)4 1078(header. In)1 486 3 1223 6965 t
cleartomark
showpage
restore
%%EndPage: 13 13
%%Page: 14 14
save
mark
14 pagesetup
11 R f
(arbitrary-type message from the data portion written via)7 2558 1 720 850 t
11 CW f
(putmsg)3320 850 w
11 R f
(\(\).)3725 850 w
8 R f
(6)3825 806 w
11 R f
( of this is)3 454(A consequence)1 679 2 3907 850 t
(that even the DLPI messages are encapsulated this way; thus, the user process is slightly more)15 4320 1 720 980 t
(complex than might otherwise be the case.)6 1919 1 720 1110 t
( IP needs to)3 568( important,)1 500( Most)1 307(A few minor changes were needed to the implementation of IP.)10 2945 4 720 1305 t
(recognize the)1 617 1 720 1435 t
11 CW f
(M_HANGUP)1396 1435 w
11 R f
( proper)1 343( The)1 264( been closed.)2 630(message, to indicate that the pipe has)6 1820 4 1983 1435 t
( delete any routing)3 878(response to this is to delete the data structure identifying a stream, and to)13 3442 2 720 1565 t
( routing table adjustments should also be made when an)9 2757( The)1 267( it.)1 151(table entries pointing to)3 1145 4 720 1695 t
11 CW f
(I_UNLINK)720 1825 w
11 R f
( bug in)2 333(message is received for any stream; the lack of such could be considered a)13 3419 2 1288 1825 t
(IP regardless of of the presence of)6 1545 1 720 1955 t
11 CW f
(Pnet)2331 1955 w
11 R f
(.)2595 1955 w
( current code permits a stream to be attached via either)10 2731(Finally, although the)2 980 2 720 2150 t
11 CW f
(I_LINK)4492 2150 w
11 R f
(or)4949 2150 w
11 CW f
(I_PLINK)720 2280 w
11 R f
( the owning process dies, the user end of)8 1930( If)1 154( pipe.)1 263(, the latter is inappropriate for a)6 1502 4 1191 2280 t
(the pipe will be closed, thus generating an)7 1949 1 720 2410 t
11 CW f
(M_HANGUP)2711 2410 w
11 R f
( end,)1 229( IP)1 140( The)1 248(and disabling the stream.)3 1142 4 3281 2410 t
( permanently attached; no process is likely to come along and issue the)12 3577(though, will be)2 743 2 720 2540 t
(appropriate)720 2670 w
11 CW f
(I_PUNLINK)1256 2670 w
11 R f
( in being able)3 629( is there any signi\256cant bene\256t to the user process)9 2280(. Nor)1 272 3 1859 2670 t
( IP should reject)3 910( Consequently,)1 761(to do a persistent link.)4 1233 3 720 2800 t
11 CW f
(I_PLINK)3716 2800 w
11 R f
(calls for pipes.)2 770 1 4270 2800 t
( is very implementation-dependent.)3 1752(Unfortunately, that is not easy to do; the check)8 2568 2 720 2930 t
(Consequently, we have omitted it in this prototype.)7 2312 1 720 3060 t
10 B f
(7. CONCLUSIONS)1 875 1 720 3320 t
11 R f
( of)1 152(We have demonstrated how one simple piece of code can be used to create a variety)15 4168 2 720 3515 t
( minor changes to the stream versions of IP, it)9 2258( comparatively)1 682( Given)1 359(powerful mechanisms.)1 1021 4 720 3645 t
( described above; work on)4 1234( have implemented some of the applications)6 2044( We)1 233(woas simpler yet.)2 809 4 720 3775 t
(others is in progress, notably)4 1301 1 720 3905 t
11 CW f
(Greyer)2087 3905 w
11 R f
(.)2483 3905 w
11 I f
(REFERENCES)2544 4425 w
11 R f
( 1-25)1 283( Front End Interface Control Document,'' pp.)6 2320([BFE] ``Blacker)1 962 3 720 4620 t
11 S1 f
(\261)4285 4620 w
11 R f
(1-40 in)1 369 1 4357 4620 t
11 I f
(DDN)4808 4620 w
(Protocol Handbook)1 878 1 1270 4750 t
11 R f
(, ed. E.J. Feinler, O.J. Jacobsen, M.K. Stahl, and C.A. Ward.)10 2750 1 2148 4750 t
( in the TCP/IP Protocol Suite,'')5 1587( Bellovin, ``Security Problems)3 1460([Bell89] S.M.)1 766 3 720 4945 t
11 I f
(Computer)4600 4945 w
(Communications Review)1 1098 1 1270 5075 t
11 B f
(19)2404 5075 w
11 R f
(\(2\), pp. 32-48 \(April, 1989\).)4 1273 1 2514 5075 t
( Internet hosts - communication layers.,'' RFC)6 2138( Braden,ed., ``Requirements for)3 1435([Brad89] R.T.)1 747 3 720 5270 t
(1122 \(October 1989\).)2 964 1 1270 5400 t
( Comer,)1 370([Come88] D.)1 657 2 720 5595 t
11 I f
(Internetworking with TCP/IP : Principles, Protocols, and Architecture,)7 3250 1 1790 5595 t
11 R f
(Prentice-Hall, Inc. \(1988\).)2 1171 1 1270 5725 t
( G.M. Sacco, ``Timestamps in Key Distribution Protocols,'')7 2904( Denning and)2 664([Denn81] D.E.)1 752 3 720 5920 t
11 I f
(Communications of the ACM)3 1306 1 1270 6050 t
11 B f
(24)2612 6050 w
11 R f
(\(8\), pp. 533-536, ACM \(August 1981\).)5 1756 1 2722 6050 t
9 S1 f
(________________)720 6309 w
9 R f
( practice, life is a bit more complex;)7 1353(6. In)1 218 2 720 6439 t
9 CW f
(M_FLUSH)2321 6439 w
9 R f
( the kernel and sent to the)6 976(messages must be processed both in)5 1335 2 2729 6439 t
( security considerations dictate that use of)6 1717( Furthermore,)1 560(user process.)1 500 3 863 6539 t
9 CW f
(mesg)3697 6539 w
9 R f
(/)3920 6539 w
9 CW f
(rmesg)3945 6539 w
9 R f
(be restricted to the)3 768 1 4272 6539 t
(superuser.)863 6639 w
cleartomark
showpage
restore
%%EndPage: 14 14
%%Page: 15 15
save
mark
15 pagesetup
11 R f
( G. Tsudik, ``Visa Protocols for Controlling Inter-)7 2463( Estrin, J.C. Mogul, and)4 1200([Estr89] D.)1 657 3 720 850 t
(Organization Datagram Flow,'')2 1592 1 1270 980 t
11 I f
( Selected Areas in)3 1096(IEEE Journal on)2 951 2 2993 980 t
(Communications)1270 1110 w
11 B f
(7)2082 1110 w
11 R f
( Issue on Secure Communications\))4 1689( \(Special)1 425( 486-498,)1 430(\(4\), pp.)1 359 4 2137 1110 t
(\(May 1989\).)1 557 1 1270 1240 t
( M.K. Stahl, and C.A. Ward,)5 1325( Feinler, O.J. Jacobsen,)3 1057([Fein85] E.J.)1 716 3 720 1435 t
11 I f
(DDN Protocol Handbook,)2 1182 1 3858 1435 t
11 R f
(DDN Network Information Center, SRI International \(1985\).)6 2732 1 1270 1565 t
( Control,'' pp. 314-329 in)4 1175( Jacobson, ``Congestion Avoidance and)4 1780([Jaco88] V.)1 657 3 720 1760 t
11 I f
(Proceedings of)1 671 1 4369 1760 t
(SIGCOMM '88)1 687 1 1270 1890 t
11 R f
(\(August 1988\).)1 674 1 1993 1890 t
( Transport)1 468( Karn and C. Partridge, ``Improving Round-Trip Estimates in Reliable)9 3212([Karn87] P.)1 640 3 720 2085 t
(Protocols,'' pp. 2-7 in)3 994 1 1270 2215 t
11 I f
(Proceedings of SIGCOMM '87)3 1393 1 2300 2215 t
11 R f
(\(August 1987\).)1 674 1 3729 2215 t
( ``Implementation of Dial-Up IP for U)6 1780( Lanzillo and C. Partridge,)4 1224([Lanz89] L.)1 645 3 720 2410 t
9 R f
(NIX)4369 2410 w
11 R f
(Systems,'')4572 2410 w
(in)1270 2540 w
11 I f
(Proc. Winter)1 576 1 1392 2540 t
10 I f
(USENIX)2001 2540 w
11 I f
(Conference)2381 2540 w
11 R f
(, San Diego, California \(January, 1989\).)5 1802 1 2886 2540 t
( White Paper \(February)3 1128( McGrath, ``DPLI Interface Speci\256cations.,'' AT&T)5 2464([McGr89] G.J.)1 728 3 720 2735 t
(1989\).)1270 2865 w
( Mogul, ``Simple and Flexible Datagram Access Controls for U)9 3254([Mogu89] J.)1 621 2 720 3060 t
9 R f
(NIX)4595 3060 w
11 R f
(-based)4755 3060 w
(Gateways,'' in)1 682 1 1270 3190 t
11 I f
(Proc. Summer)1 665 1 2017 3190 t
10 I f
(USENIX)2744 3190 w
11 I f
(Conference)3153 3190 w
11 R f
(, Baltimore, Maryland \(June,)3 1382 1 3658 3190 t
(1989\).)1270 3320 w
( the 4.2BSD U)3 722( Morris, ``A Weakness in)4 1211([Morr85] R.T.)1 747 3 720 3515 t
9 R f
(NIX)3400 3515 w
11 R f
(TCP/IP Software,'' Computing)2 1428 1 3612 3515 t
( Hill, New)2 500( Murray)1 411( Bell Laboratories,)2 859( AT&T)1 383(Science Technical Report No. 117,)4 1617 5 1270 3645 t
(Jersey \(February 1985\).)2 1060 1 1270 3775 t
( in)1 129( Mundy and R.W. Shirey, ``Defense Data Network Security Architecture,'')9 3432([Mund87] G.R.)1 759 3 720 3970 t
11 I f
(Proc. MILCOM '87)2 892 1 1270 4100 t
11 R f
(, IEEE, Washington, D.C. \(1987\).)4 1525 1 2162 4100 t
( Encryption for Authentication in Large)5 1823( Needham and M. Schroeder, ``Using)5 1719([Need78] R.M.)1 778 3 720 4295 t
(Networks of Computers,'')2 1174 1 1270 4425 t
11 I f
(Communications of the ACM)3 1309 1 2481 4425 t
11 B f
(21)3827 4425 w
11 R f
( ACM)1 288( 993-999,)1 430(\(12\), pp.)1 385 3 3937 4425 t
(\(December, 1978\).)1 832 1 1270 4555 t
( Needham and M. Schroeder, ``Authentication Revisited,'')6 2661([Need87] R.M.)1 778 2 720 4750 t
11 I f
(Operating Systems)1 840 1 4200 4750 t
(Review)1270 4880 w
11 B f
(21)1622 4880 w
11 R f
(\(1\), p. 7 \(January 1987\).)4 1097 1 1732 4880 t
( Nowicki, ``Transport Issues in the Network File System,'')8 3132([Nowi89] B.)1 652 2 720 5075 t
11 I f
(Computer)4600 5075 w
(Communications Review)1 1098 1 1270 5205 t
11 B f
(19)2404 5205 w
11 R f
(\(2\), pp. 16-20 \(April, 1989\).)4 1273 1 2514 5205 t
( Address Resolution Protocol: Or converting network)6 2562( Plummer, ``Ethernet)2 999([Plum82] D.C.)1 759 3 720 5400 t
( transmission on Ethernet)3 1296(protocol addresses to 48.bit Ethernet address for)6 2474 2 1270 5530 t
(hardware.,'' RFC 826 \(November 1982\).)4 1834 1 1270 5660 t
( System,'')1 513( Ritchie, ``A Stream Input-Output)4 1730([Ritc84] D.M.)1 783 3 720 5855 t
11 I f
(AT&T Bell Laboratories)2 1206 1 3834 5855 t
(Technical Journal)1 811 1 1270 5985 t
11 B f
(63)2117 5985 w
11 R f
(\(8, part 2\), pp. 1897-1910 \(October 1984\).)6 1910 1 2227 5985 t
( for transmission of IP datagrams over serial lines:)8 2457( Romkey, ``Nonstandard)2 1147([Romk88] J.L.)1 716 3 720 6180 t
(SLIP.,'' RFC 1055 \(June 1988\).)4 1450 1 1270 6310 t
( Protocol and Signalling Working Group, SP3 Sub-Group, ``SDNS Secure)9 3488([SP3] SDNS)1 832 2 720 6505 t
(Data Networking System Security Protocol 3 \(SP3\),'' SDN.301 \(July 12, 1988\).)10 3615 1 1270 6635 t
( Steiner, C. Neuman, and J.I. Schiller, ``Kerberos: An Authentication Service for)11 3699([Stei88] J.)1 621 2 720 6830 t
(Open Network Systems,'' in)3 1282 1 1270 6960 t
11 I f
(Proc. Winter)1 576 1 2588 6960 t
10 I f
(USENIX)3197 6960 w
11 I f
(Conference)3577 6960 w
11 R f
(, Dallas \(1988\).)2 700 1 4082 6960 t
cleartomark
showpage
restore
%%EndPage: 15 15
%%Page: 16 16
save
mark
16 pagesetup
cleartomark
showpage
restore
%%EndPage: 16 16
%%Trailer
done
%%Pages: 16