Computer Science 881 Quiz 1 Name_______________________ 1. The networking subsystem in Linux is implemented using has a layered architecture that consists of the following layers: af_inet, dev, device driver, ethernet, ip, socket, and transport layers. Provide a diagram of the layers stacked in their proper order. (You may use a two column format to save space and preserve legibility). 2. The struct proto is used in binding a. network layer to af_inet b. transport to af_inet c. network to dev d. af_inet to socket 3. The struct proto_ops is used in binding a. network layer to af_inet b. transport to af_inet c. network to dev d. af_inet to socket 4. The struct packet_type is used in binding a. network layer to transport b. transport to socket c. af_inet to transport d. network to dev 5. Suppose a system has 64MB of real memory. How many entries will the routing cache hash table contain? 6. During a route cache lookup a. Only one rt_hash_bucket[] will b. It may be necessary to search ever need be be searched several buckets or one may suffice c. All buckets must always be searched 7. During a FIB table lookup a. Only one fn_zone will b. It may be necessary to search ever need be be searched several zones or one may suffice c. All zones must always be searched 8. Under precisely what conditions will there be multiple fib_nodes in a single zone 9. There will be a SINGLE route cache entry for each a. routing table entry as shown b. prefix to which an IP packet by /sbin/route has been recently sent c. each IP address to which an d. Each TCP connection or UDP IP packet has been recently pseudo connection sent 10. During a route cache lookup a. Only one rt_hash_bucket[] will b. It may be necessary to search ever need be be searched several buckets or one may suffice c. All buckets must always be searched 11. During a FIB table lookup a. Only one fn_zone will b. It may be necessary to search ever need be be searched several zones or one may suffice c. All zones must always be searched 12. What is the name of the structure used to convey the receive entry point of a transport protocol to the IP layer? 13. Your mission (in the first assignment) is to implement a new transport protocol for unreliable IP datagram transport. Assuming you make reasonable design decisions which of the following structures must you provide (Y), might you provide (M), and should NOT be provided ___ a. struct packet_type ___ b. struct proto ___ c. struct proto_ops ___ d. struct inet_protosw ___ e. struct inet_family_ops ___ f. struct inet_protocol Computer Science 881 Quiz 2 Name _________________ 1. Which of the following best characterizes a "shared" sk_buff. a. Multiple struct sk_buff's b. A single struct sk_buff point to a single kmalloc'd points to multiple kmalloc'd buffer area buffer areas c. Multiple entities hold valid pointers to a single struct sk_buff 2. Which of the following best characterizes a "cloned" sk_buff. a. Multiple struct sk_buff's b. A single struct sk_buff point to a single kmalloc'd points to multiple kmalloc'd buffer area buffer areas c. Multiple entities hold valid pointers to a single struct sk_buff 3. Describe consisely and precisely how "sharing" and "cloning" of an sk_buff affect the "users" and the "dataref" elements. (No effect is a legal but not necessarily correct answer). a new entity shares an sk_buff users - dataref - an sk_buff is cloned users - dataref - 4. When a process has an excessive amount of send buffer space allocated it may have to go to sleep in: static long sock_wait_for_wmem(struct sock * sk, long timeo) Describe precisely and consisely the chain of events that will cause it to wake up. 5. Answer I, D, or N depending upon whether the specified function Increases, Decreases, or has no effect on sk_buff . ___ a. skb_reserve() ___ b. skb_put() ___ c. skb_pull() 6. Diagram the chain of pointers from the "current" task_struct pointer to the inode. 7. During a UDP connect operation a. If the socket is not already b. Any existing bind status is bound inet_autobind() is reset to null called to bind it. c. The bind status is not altered. 8. During a UDP bind operation a. If the socket is not already b. Any existing connection is connected inet_autoconn() is reset to null. called to connect it. c. The connection status is not altered. 9. a. For a UDP struct sock what is the difference in the use of saddr and rcv_saddr elements? 1 - saddr 2 - rcv_saddr b. Which (if either) could (correctly) be set to 0 during normal operation. 10. If you fail to provide a disconnect function in your protocol, how can a hacker cause your system to crash? 11. Suppose that the value of the udp_port_rover in udp_v4_get_port() is 0x9ACD and that this queue is selected but it is not empty. If port 0x9ACD is found already in use what will be the next port number tested. Computer Science 881 Quiz 3 Name_______________________ 1. Under precisely what condition(s) under might a call to sys_sendto() result in the calling process being forced to sleep without passing the packet on to the physical device driver? 2. Under precisely what conditions(s) might a correct and routeable UDP packet be dropped for congestion by the protocol stack before being conveyed to the device driver? 3. Under what condition(s) might a packet that is dequeued by pfifo_fast_dequeue() NOT be the last packet that was enqueued by pfifo_fast_enqueue() (Assume a UNI processor system here.. but also assume the CORRECT no-preemption in kernel mode model used in Linux) 4. For a non-connected UDP socket which of the following must be non-zero in the struct sockaddr_in or the transmission attempt will be rejected. a. dest port b. dest IP address c. source port d. both a. and b. 5. For disconnected sockets it is necessary to: a. call ip_route_output for every packet sent b. call ip_route_output only when the route associated with the struct sock has become stale or for the first packet sent on the socket 6. In the UDP path we have studied so far, indicate whether each of the following actions occurs in (U) user process context, (S) soft irq context or (B) both soft irq and user context, or (H) hardware IRQ. ___ a. dequeuing an sk_buff with pfifo_fast_dequeue ___ b. enqueing an sk_buff with pfifo_fast_enqueue ___ c. enqueuing an sk_buff on the completion_queue of the CPU's softnet_data structure. ___ d. invoking the device drivers hard_start_xmit function 7. What is the main disadvantage of having the device drivers Tx ring configured with a. too many slots b. too few slots 8. The netfilter facility allows firewalls to install hooks that inspect packets. Which best characterizes the normal operation of such hooks a. the packet is allowed to pass if ANY hook accepts it b. the packet is dropped if ANY hook says to drop it c. both a. and b. are true 9. Suppose the R and C bits of the IP TOS are 1 and the D and T are 0. a. What numeric "priority" does this setting correspond to?? b. Which of the three standard priority queues does this setting map to? 10. Identify two conditions that will force the "slow path" to be taken in ip_build_xmit Computer Science 881 Quiz 3 Name_______________________ 1. For each of the following actions indicates whether it occurs in the context of an application process (A), context of a hardware IRQ (H) or the context of a software IRQ (S). (If multiple answers can apply, supply them all). _____ a. Extracting the network layer protocol ID (IP, ARP, etc) from the MAC header _____ b. Enqueuing a received sk_buff on the receive queue of a struct sock _____ c. Reassembly of a fragmented IP packet _____ d. Dequeuing a received sk_buff from the receive queue of a struct sock _____ e. Enqueuing a received sk_buff on the softnet data structure _____ f. Copying received data from the kernel buffer back to user space 2. Describe two conditions under which an unfragmented UDP packet that has been correctly received by the device driver and IS deliverable to an open socket might be discarded instead of being delivered. a - b - 3. Suppose a unicast UDP packet receives a maximum "score" of 2 in the socket matching algorithm but it receives a two on multiple sockets. To which socket(s) is the packet delivered. 4. In IP reassembly a single instance of a struct ipq represents a. a single fragment b. a single packet being reassembled c. all packets presently being resassembled. 5. When a fragement is received and its head-end overlaps the tail-end of a single fragment that has already been received a. the overlapped tail of the b. the overlapping head of the existing fragment is new fragment is discarded discarded c. the ENTIRE existing overlapped d. the entire new fragment is fragment is discarded. discarded 6. Answer the following T or F ____ a. In reassembly the value of "meat" in a struct ipq can never exceed the value of "len" ____ b. A fragment with MF=0 must have an "end" value < qp->len to be acceptable. ____ c. It is never possible for "meat" to equal "len" until reassembly completes 7. How can the IP Fragmentation mechanism be used to generate a DoS attack and how does Linux defend against it? 8. Under what conditions does net_rx_action() return to do_softirq() a. b. c. 9. In the final stage of reassembly a. under what condition is it necessary to dynamically create a new sk_buff and insert it into the fragment chain. b. At what location in the fragment chain will the newly created sk_buff reside? c. what data does that buffer own 10. What does UDP do with a packet that exceeeds the length of the buffer provided by the application Computer Science 881 Quiz 6 Name_______________________ (For all questions referring to ARP states you should EXCLUDE NUD_NOARP and NUD_PERMANENT from consideration and from your answer) Suppose host 192.168.2.15 is on the same LAN with me but that it hasn't been contacted since my host was last booted. If I now send a UDP packet to 192.168.2.15... 1. A new neighbour structure will be created a. at the time the route cache b. At the time the packet is being element is created via call transmitted by ip_finish_output2() to ip_route_output_slow() c. Since we are on the same LAN no new neighbour structure is required. 2. and the sending of the ARP request packet will occur a. at the time the route is b. At the time the packet is being resolved during the call to transmitted by ip_finish_output2() ip_route_output_slow() c. Since we are on the same LAN no ARP request is required. 3. In the above scenario, at entry to ip_finish_output2() a. neighbour structure for b. It will exist an be in the 192.168.2.15 won't yet exist NUD_CONNECTED state c. It will be in the d. It will be in the NUD_NONE NUD_INCOMPLETE state state 4. Suppose I send a burst of 5 UDP packets instead of just one. Which of the following is the most likely scenario a. All 5 will be successfully b. Only the first one will be transmitted transmitted and the others dropped c. The first three will be sent d. The last three will be sent and the last two will be but the first two will be dropped dropped 5. The relation of neighbour structures to rtable structures is a. one to one b. one to many c. many to one 6. Neighbour and route cache structures are related transient data structures. Suppose a related pair are haven't been used in some time and need to be destroyed. Which one must be destroyed first? a. the struct rtable b. the struct neighbour c. whichever one's expiry timer fires first 7. In which of the SIMPLE STATES <> to neigh_event_send() will an ARP request actually be sent. ( NUD_IN_TIMER, NUD_CONNECTED, NUD_VALID are NOT simple states) 8. In which of the SIMPLE STATES <> to neigh_resolve_output() will neigh_resolve_output() invoke dev_queue_xmit() before returning. 7. Precisely what causes each of the following transitions. If the transition is triggered by a timer indiciate WHICH timer. If the transition is triggered by an attempt to send or the arrival of a packet say so. If the transition can't happen say so. a. REACHABLE to STALE b. STALE to DELAY c. DELAY to PROBE d. INCOMPLETE to PROBE e. PROBE to REACHABLE f. STALE to DEAD Computer Science 881 Quiz 6 Name _________________ 1. How is the scope in the key of an OUTPUT route established? 2. The occurence of multiple fib_nodes in an hash chain a. Will occur whenever a routing b. Will occur whenever a routing table has multiple entries table has multiple entries with the same prefix length c. May occur whenever a routing d. May occur only if a routing table has multiple entries table has multiple entries with with the same prefix length the same destination address. 3. When a routing table lookup occurs for an output route a. Both tables will always be a. Both tables will always be searched but a result found searched but a result found in the local table has in the main table has precendence. precendence. c. The main table will be searched d. The local table will be searched first and only if a route is first and only if a route is not found will the local table not found will the main table be searched. be searched. 4. Precisely what will happen in output routing if a source IP address is specified but the source address is not assigned to any netdevice on the system? 5. Precisely what will happen if both an oif and a source address are specified, but the source address is assigned to a netdevice other than the one identified by the oif. 6. How is the source address to be associated with a new UNICAST output route determined in each of the following three cases: a. key.src == 0 && key.oif != 0 b. key.src == 0 && key.oif == 0 7. When the new route cache element is created, its the src, dst, and oif of the key that must be matched in future route cache lookups will be set to: a. The values originally passed b. The values contained in the to ip_route_output() "new" key structure created in ip_route_output_slow() c. The values actually used as d. a. b. and c. are always src, dst, and oif when sending indentical so they are all true. the packet. 8. In a FIB lookup the zone associated with a "default" route will be searched: a. first, because most requests b. last because it corresponds use the default route to a 0 length prefix. c. in random order based on a hash function. 9. The first test for usability of a fib_node is: fn_key_eq(k, f->fn_key) Precisely how is the value "k" constructed from the "key" structure. 10. For input routing how does the action of fib_validate_source() differ based upon whether or not "rpf" is enabled? 11. When a routing table lookup occurs for an input route a. Both tables will always be a. Both tables will always be searched but a result found searched but a result found in the local table has in the main table has precendence. precendence. c. The main table will be searched d. The local table will be searched first and only if a route is first and only if a route is not found will the local table not found will the main table be searched. be searched.