支援早期封包檢測及樣式比對之快速傳輸層封包重組架構

Po-Han Huang; 黃柏涵

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/43188

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	王勝德
dc.contributor.author	Po-Han Huang	en
dc.contributor.author	黃柏涵	zh_TW
dc.date.accessioned	2021-06-15T01:41:35Z	-
dc.date.available	2011-07-16
dc.date.copyright	2009-07-16
dc.date.issued	2009
dc.date.submitted	2009-07-14
dc.identifier.citation	[1] Transmission Control Protocol wiki, http://en.wikipedia.org/wiki/Transmission_Control_Protocol [2] Perl Compatible Regular Expressions wiki, http://en.wikipedia.org/wiki/PCRE [3] Snort Configuration Directives, http://www.snort.org/ [4] Jhu-Jin Yang, “High-Speed Stateful Packet Inspection Architecture for Network Intrusion Detection Systems,” National Taiwan University mater thesis. [5] Al Basseri , “Different TOEs for different folks,” reprinted from Compact PI systems, December, 2003 [6] M. Necker, D. Contis, and D. Schimmel, “TCP-Stream reassembly and state tracking in hardware,” in Field-Programmable Custom Computing Machines, 2002. Proceedings. 10th Annual IEEE Symposium on, 2002, 286-287 [7] Sarang Dharmapurikar and Vern Paxson, “Robust TCP stream reassembly in the presence of adversaries,” in Proceedings of the 14th conference on USENIX Security Symposium - Volume 14 (Baltimore, MD: USENIX Association, 2005), 5-5, http://portal.acm.org/citation.cfm?id=1251403 [8] Aleksandr Dubrovsky, Roman Yanovsky, Scott Aaron More, Boris Yanovsky, “Method and an apparatus to perform multiple packet payloads analysis”, USPTO Application #: 20060077979 [9] Yasuhiro Yamasaki, Hideyuki Shimonishi, and Tutomu Murase ,” Statistical Estimation of TCP Packet Loss Rate from Sampled ACK Packets,” IEEE Globecom 2005
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/43188	-
dc.description.abstract	隨著網路流量不斷地增加, 軟體形式的網路入侵偵測系統越來越無法滿足這樣的網路環境。因此目前多數的系統開發者會嘗試去設計專為網路應用的硬體電路來取代越來越不符需求的軟體系統, 這樣的概念通常被稱為TCP卸載引擎( TCP offload engine, TOE) 。傳輸層封包重組的工作一般是由作業系統所執行,在設計TOE的硬體架構時, 傳輸層封包重組扮演著足以影響整體系統效能的角色。本篇論文提出一個傳輸層封包重組硬體架構的實作方法。嘗試在有限的記憶體資源之下, 作最大的利用。此傳輸層封包重組架構除了處理一般的重組工作之外, 我們也加入了一套仔細規劃過的排程系統。這個排程系統直接與樣式比對硬體溝通, 通知樣式比對硬體照正確的順序將封包的內容由記憶體讀出進行樣式比對。本篇論文提出的架構, 可以達到超過5 Gbps 的處理能力, 同時提出一個創新的方法名為早期封包檢測。在不影響安全顧慮的前提下, 嘗試及早將記憶體空間釋放。同時也討論封包遺失對於系統記憶體的影響, 避免記憶體空間因為封包遺失而被大量暫存的封包資料給佔滿而無法處理新進的封包。	zh_TW
dc.description.abstract	Network intrusion detection software is becoming insufficient while the traffic on the internet is increasing. As a result, developers seek to design internet specific intellectual circuits, often known as TCP offload engines (TOEs), to substitute for software solutions. TCP reassembly, which is traditionally managed by operating system, plays an important role in the design of TOEs. This thesis presents a hardware implementation of TCP reassembly system dedicated for pattern matching that utilizes the limited memory resources and a carefully designed scheduling mechanism that informs the pattern matching unit to inspect the packet payloads in the correct order. The proposed architecture achieves more than 5 Gbit/s throughput. It also presents a novel mechanism called early inspection to keep the receive buffer from being overwhelmed that packet-loss might cause to common TCP reassembly units.	en
dc.description.provenance	Made available in DSpace on 2021-06-15T01:41:35Z (GMT). No. of bitstreams: 1 ntu-98-J96921019-1.pdf: 2202144 bytes, checksum: c0c8f4e51d39091ca239089664b12071 (MD5) Previous issue date: 2009	en
dc.description.tableofcontents	1 Introduction and Background 10 1.1 TCP Reassembly . . . . . . . . . . . . . . . . . . . 11 1.1.1 Sequence Number . . . . . . . . . . . . . . . . . 13 1.1.2 TCP Sliding Window Protocol and Receive Buffer . . 13 1.2 Pattern Matching and Maximum Length of Snort PCRE Rules . . . . 15 1.2.1 Pattern Matching Unit and Input Patterns . . . . . 15 1.2.2 Maximum Length of Snort PCRE Rules . . . . . . . . 16 1.3 SPI System . . . . . . . . . . . . . . . . . . . . . 20 1.4 Retransmission Time Interval . . . . . . . . . . . . 21 1.5 Problem Statement . . . . . . . .. . . . . . . . . . 22 1.5.1 Common TCP reassembly Concerns . . . . . . . . . . 23 1.5.2 Dedicating to Pattern Matching Concerns . . . .. . 24 1.6 Thesis Organisation . . . . . . . . . . . . . . . . 25 2 Related Works . . . . .. . . . .. . . . .. . . . .. . .26 2.1 Researches on General TCP Reassembly . . . . . . . . 26 2.2 Researches on The Interface Between TCP Reassembly and Pattern Matching......................... . . . . . .. . 27 2.3 Discussions . . . . .. . . . . . . . . . . . . . . . 28 3 TCP Reassembly Architecture 30 3.1 Preliminary . . . . . . .. . . . . . . . . . . . . . 30 3.1.1 Early Inspection . . . . . . . . . . . . . . . . . 31 3.1.2 IP-Layer Reassembly Unit . . . . . . . . . . . . . 34 3.1.3 Simplified Serial Number . . . . . . . . . . . . . 34 3.2 A Simple TCP Reassembly Architecture . . . . . . . . 35 3.3 Proposed TCP Reassembly Architecture . . . . . . . . 37 3.3.1 System Overview and Packet Processing Flow . . . . 37 3.3.2 TCP Header Parsing . . . . . . . . . . . . . . . . 39 3.3.3 Memory Management . . . . . . . . . . .. . . . . . 42 3.3.3.1 Memory Management Unit . . . . . . . . . . . . . 42 3.3.3.2 Data Structure . . . . . . . . . . . . . . . . . 42 3.3.3.3 Linked Pages . . . . . . . . . . . . . . . . . . 43 3.3.3.4 The Policy of Releasing the Pages . . . . .. . . 46 3.3.4 Scheduling . . . . . . . . . . . . . . . . . . . . 47 3.3.4.1 The Approches Dealing with Arriving Segments . . 47 3.3.4.2 Scheduling . . . . . . . . . . . . . . . . . . . 50 3.3.5 Interface Providing to Pattern Matching Unit . . . 54 4 Implementation . . . . .. . . . .. . . . .. . . .. .. .57 4.1 State Machine . . . . . . . . . . . . . . . . . . . 57 4.2 FPGA Verification , Performance and Resources Used . 59 5 Experiments on TCP Reassembly Mechanisms. . . .. . . . 63 5.1 Experiment Setup . . . . . . . . . . . . . . . . . . 64 5.1.1 Attributes and Software Simulation Setup . . . . . 64 5.1.2 Algorithms of the Three Mechanisms . . . . . . . . 66 5.1.2.1 The Simple TCP Reassembly Unit . . . . . . . . . 66 5.1.2.2 TCP Reassembly Unit Using Paging . . . . . . . . 68 5.1.2.3 TCP Reassembly Unit Using Paging and Early Inspection . 68 5.2 Experiment Results . . . . . . . . . . . . . . . . . 68 5.2.1 Configuration of the Amount of Total Packets Sent 68 5.2.2 Configuration of Retransmission Time Interval . . 71 5.3 Configuration of Packet-Loss Rate . . . . . . . . .. 74 5.4 Conclusion . . . . . . . . . . . . . . . . . . . . . 76 6 Conclusion and Future Work . . . . .. . . . .. . . . . 77 Bibliography ......................................... 80
dc.language.iso	en
dc.subject	傳輸層協定卸載引擎	zh_TW
dc.subject	網路安全	zh_TW
dc.subject	傳輸層封包重組	zh_TW
dc.subject	樣式比對	zh_TW
dc.subject	Pattern matching	en
dc.subject	TCP offload engine	en
dc.subject	Internet security	en
dc.subject	TCP reassembly	en
dc.title	支援早期封包檢測及樣式比對之快速傳輸層封包重組架構	zh_TW
dc.title	A High-Speed TCP Reassembly Architecture with Early Inspection Mechanism for Pattern Matching	en
dc.type	Thesis
dc.date.schoolyear	97-2
dc.description.degree	碩士
dc.contributor.oralexamcommittee	羅佳田,熊博安,鄭振牟,雷欽隆
dc.subject.keyword	網路安全,傳輸層封包重組,樣式比對,傳輸層協定卸載引擎,	zh_TW
dc.subject.keyword	Internet security,TCP reassembly,Pattern matching,TCP offload engine,	en
dc.relation.page	81
dc.rights.note	有償授權
dc.date.accepted	2009-07-14
dc.contributor.author-college	電機資訊學院	zh_TW
dc.contributor.author-dept	電機工程學研究所	zh_TW
顯示於系所單位：	電機工程學系

文件中的檔案：

檔案	大小	格式
ntu-98-1.pdf 未授權公開取用	2.15 MB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。