TDC
368: Network Programming, Winter 09
Extra Credit Project
: Application-level Firewall (Multiprocesses
Implementation)
Due:
Assignment Description
In
this network programming assignment, you are asked to develop a simple application-level firewall (FW) that
filters out received messages based on the header information. The firewall (F)
acts as a broker between the source and destination and uses TCP connection to
receive and send messages. The following is the description of the FW software
architecture:
Concurrent
FW Architecture: (70%)
FW
receives TCP messages from one or more processes (sources) and then forwards them to another process (destination) based on the header
information. After the FW starts, it first reads the firewall policy from a
file call “policy.db” that has rows of the following format:<accept/deny> <
For
example,
accept 5000 hawk
deny 9000 hawk
deny * Uranus
This
implies that the FW will accepts packets that going to hawk and port number
5000 but it will reject all packets going to hawk/9000 or to uranus machine.
After the reading the policy file, the FW binds to a port (P) and then
it waits for connection requests from the sources process (SP). To avoid the
port conflict with your classmates, you can use as a default value for P your
last four digits of your SSN. If your SSN is less than 1024, then the default
port number must be 1024 + the last four digits of your SSN. P can be set in the
command line argument. The SP is a client that you can run as follows:
$SP <HostName> <PortNumber>
Since
you are running all your process in hawk, the HostName
will be “hawk” in this case but your program can generally take any remote
host. After the SP connects to the FW, user can enter:
<Dest. Machine Name or
IP Address> <Dest.
Port Number> <Message to be
sent>
The
FW receives and inspects this message using the host name or IP and the port
number and the contained message is accordingly forwarded to this machine/port
or can be denied. If the message to be forwarded, then the FW establish a TCP
connection with the remote server and send this message and closes the
connection immediately.
When
the source process (sp) is accepted, the FW forks a child to serve this sp.
This child reads the messages from the sp and forwards the PDU of the packet to
the desired destination based on the header information in the packet. When the
SP closes the connection, the FW child closes and terminates the connection
too. The following is the struct format of the packet sent from the SP to FW:
struct PACKET {
int destPort;
char destHost[32];
/*e.g., condor.cs.depaul.edu or 140.192.33.29/ *
char
PDU[128];
}
Pkt;
Notice
that when a packet is received, the child performs a table lookup using the destPort and destHost (after
converting it to IP address) to find out if this packet should be forwarded to
discard. FW must be protected from SIGPIPE and it must also clean up all zombie
processes resulted from terminated processes/connections. The FW program can be
executed as follows:
$ FWf [port]
where Port used by sp(s). As a
hint, you can modify “TCPechod.c” program to develop the
destination program. All what you need to do is to make it print the message to
the standard output (STDOUT) instead of sending it through the socket. Let us
call the modified version is myechod.
Running Example:
$myechod 9000
$myechod 5000
$FWf 8500
In one window you can do:
$SP 8500 hawk
hawk 5000 “This is a message from TDC368 to myechod.5000”
You should see the following message printed out by
myechod.5000:
This is a message from TDC368 to myechod.5000
In another window you can do:
$SP 8500 hawk
hawk 9000 “This is a message from TDC368 to myechod.9000”
But nothing will appear because both messages will be denied by
the FW.
HINT:
(1) Modify TCPecho.c to develop the SP client. Minor
modifications are required.
(2) Modify TCPechod.c to use it as your
destination program
(3) You must use the struct specified above for sending and
receiving messages
(4) Develop an iterative version of the FW first then upgrade it to a
concurrent one
(5) To do the message encoding, packetization,
reading and writing, refer to slides (PacketizationI.pdf)
under Resources in the course home page.
Submission Procedure:
Write your name and SSN in the main program and in the README
file. After cleaning your
directory from objects and bin files, do the following: (Your submission must contain a Makefile
and a README file that describes how to run your program). You must use the
same naming convention and command line arguments as specified in the
assignment description.
- Delete any bin
executables or object files, first.
- $ tar -cvf
<HawkLogin>-<SSNLast4>-hw1.tar *
- $gzip
<HawkLogin>-<SSNLast4>-hw1.tar
- $ ftp as ”bin” to your
local desktop (you just type bin in the ftp prompt)
(if you do not enable the “bin” option,
your file will be corrupted)
- Upload you it to DLWEB
NOTE: Students are responsible to upload a working copy in the
right slot. Thus you may “download”, “untar” and then
“compile” it to verify that it works. DO NOT for get to exclude any binary
or object files in your submission
Grading Policy (READ THIS CARFULLY):
Late penalty is 10% per day. 50 % for the server program,
30% concurrency, 10% for cleaning up and 10% for the README and Makefile files. Use the same naming conventions and command
line argument as described above.
If you have a question about the homework, then the best thing is to ask during office hours or in class. DO NOT wait until few days before the deadline to start on the assignment. The assignments are designed to almost fit the given time window.
The grader should explain clearly
the reason for the deduction if any. Read the comment and in case of questions
or dispute then follow this process:
(1)
Send email to the grader requesting re-grading your assignment,
(2) If they grader did not reply back or his reply was not sufficient, then send an email to the instructor at the word-reverse of this string (edu.depaul.cs@ehabclass) or better to meet him during office hours. The grader name and email will be announced in class.
We will discuss briefly Makefile in class. But I expect students to handle the Makefile and C language issues individually. But if you
look under Resources link in the course home page, you will find tutorials and
enough information to get you started in Makefile and
Unix. This course is very fun..
the average is normally is very high and the
experience is highly appreciated. Good Luck.