[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Janos on Moab on Linux - Node OSKit
I can't shed any light on your janosvm problems but wanted to clarify
what you mean by the following:
> The purpose of this is to get a Moab-based active router going on
> top of Linux, rather than on a standalone PC. I wish to explore the
> use of LKMs to provide the level of resource control one would
> like.
I other words, you want to configure/extend the Linux kernel so that
it provides resource control hooks that Moab can plug into?
Two ways suggest themselves:
1) Run a usermode TCP/IP stack.
IIRC (and that's not too likely :-), you can do this if you run
the OSKit in its "run on Unix mode". All you need is permission
to access the ethernet device directly (the way tcpdump does).
2) Use netfilter/iptables under Linux 2.4.x (http://www.netfilter.org/)
Netfilter is the new name for ipchains which is what you use to setup
firewalls and NAT.
The cool thing about netfilter is that you can _extend_ the rules it
understands with new LKMs (at least, that's how I read the documentation).
For example, I use rules like this to filter out anything from Utah
iptables -A filter -s 155.99.212.0/24 -j filter_utah
^^^^^^^^^ which table it is in
^^^^^^^^^^^^^^ jump to this table
and this table to log up to either accept ssh connections
iptables -A filter_utah -m state --state NEW -p tcp --dport ssh -j ACCEPT
or log up to 3 messages per minute for other kinds of connections
and drop them
iptables -A filter_utah -m limit --limit 3/minute --limit-burst 1 -j LOG
iptables -A filter_utah -j DROP
You can also redirect packets up into a usermode process if you want.
Seems to me that you could use the limit rules to implement
Moab-required functionality in netfilter. (Or, if they're not
quite right for Moab, implement your own limits, queues, etc.)
Hope this stimulates useful ideas...
--
Alastair Reid reid@cs.utah.edu http://www.cs.utah.edu/~reid/
[ Janos ] [ OSKit ] [ Network Testbed ] [ Flick ] [ Fluke ]
Flux Research Group / Department of Computer Science / University of Utah