Computer Science 881 Quiz 1 Name_______________________ 1. The IP networking subsystem in Linux is implemented using a layered architecture that consists of seven layers. For which TWO of the seven layers is a common implementation used by all protocol families and all physical layers ___ socket ___ network ___ generic device ___ PF/AF ___ transport ___ specific device class (eth) ___ device driver 2. Suppose your mission is to create a new IP transport protocol. For each of the following structures identify whether you protocol MUST provide it, MUST NOT provide it, or MAY provide it. a. struct proto_ops b. struct proto c. struct net_proto_family d. struct inet_protocol e. struct packet_type 3. Suppose your mission is to create a complete non-IP protocol stack named with id PF_MYPROTO. Which of the following MUST your protocol provide a. struct proto_ops b. struct proto c. struct net_proto_family d. struct inet_protocol e. struct packet_type 4. Suppose a system has 256MB of real memory. How many entries will the routing cache hash table contain? 5. During a route cache lookup a. Only one rt_hash_bucket[] will b. It may be necessary to search ever need be be searched several buckets or one may suffice c. All buckets must always be searched 6. During a FIB table lookup a. Only one fn_zone will b. It may be necessary to search ever need be be searched several zones or one may suffice c. All zones must always be searched 7. There will be multiple fib_nodes associated with a single fn_zone a. never b. whenever two routing table entries have the same prefix len c. only if two routing table d. only of two routing table entries of ANY prefix length yield of the same prefix length yield the same hash key the same has key 8. A single entry in the Linux routing table best corresponds to a. An element of type b. An element of type struct struct rtable dstentry b. An element of type struct fib_node 9. IP packet ID numbers are assigned on a per (source, dest) IP address pair basis. What is the problem with assigning them: a. On a per TCP connection basis (each connection has its own counter) b. Using a single global counter for ALL connections c. Between a. and b. which is the LEAST likely to cause problems. 10. Suppose the statement module_init(ip_init); appears in code compiled as part of a kernel build (NOT an installable module). What code will be generated by the expansion of the macro? 11. For each of the following structures answer U if the entry points it provides are for "up calls" and D if for "downcalls". ___ a. struct proto ___ b. struct inet_protocol ___ c. struct net_proto_family ___ d. struct packet_type Computer Science 853 Quiz 2 Name _________________ 1. Which of the following best characterizes a "shared" sk_buff. a. Multiple struct sk_buff's b. A single struct sk_buff point to a single kmalloc'd points to multiple kmalloc'd buffer area buffer areas c. Multiple entities hold valid pointers to a single struct sk_buff 2. Which of the following best characterizes a "cloned" sk_buff. a. Multiple struct sk_buff's b. A single struct sk_buff point to a single kmalloc'd points to multiple kmalloc'd buffer area buffer areas c. Multiple entities hold valid pointers to a single struct sk_buff 3. Describe consisely and precisely how "sharing" and "cloning" of an sk_buff affect the "users" and the "dataref" elements. (No effect is a legal but not necessarily correct answer). a new entity shares an sk_buff users - dataref - an sk_buff is cloned users - dataref - 4. Identify the proper skb_* utility function that would be used to update appropriate buffer pointers and length fields when... a. Appending user data to the buffer. b. Inserting a new protocol header in an outgoing packet c. Removing a protocol header from a incoming packet. 5. The value of skb->len should always be equal to: a. skb->end - skb->head b. skb->end - skb->data c. skb->tail - skb->head d. skb->tail - skb->data 6. Pointers to the fragment list and unmapped page buffers are kept in a. the struct sk_buff b. the kmalloc'd area that is also used to hold header and application data. c. in an extra area that is also kmalloc'd. 7. Sleeping may occur in a. sock_alloc_send_skb() but b. dev_alloc_skb() but not not dev_alloc_skb() sock_alloc_send_skb() c. neither d. both 8. When a Tx buffer is allocated the amount charged to the sock's wmem_alloc is: a. len b. data_len c. truesize 9. wmem_alloc is decremented a. as soon a the buffer is b. as soon as the buffer is passed to the dev layer added to the device's Tx ring c. only after the Tx complete interrupt associated with the transmission of the buffer 10. If two entities need for a buffer to reside on two different buffer lists the most efficient SAFE approach for doing this is: a. share the buffer b. clone the buffer c. make a complete copy of both header and data Computer Science 853 Quiz 3 Name _________________ 1. Suppose I create a socket using: s = socket(PF_INET, SOCK_COP, IPPROTO_COP); Describe how your struct proto will be located and linked to your struct sock. Include a diagram showing all relevant data structures and the linkages between them 2. Suppose I call bind using: err = bind(s, &name, sizeof(name)); To determine whether or not you provided a bind function it will be necessary for the kernel to find your struct proto Include a diagram showing ALL RELEVANT data structures and the linkages between them showing how the value "s" is sufficient to find your struct proto. 3. The routing mechanism is invoked a. during bind b. during connect c. during both d. during neither 4. In UDP the hash queue on which a struct sock resides is derived from a. local IP addr b. remote IP addr c. local port number d. remote port number 5. What is the name of the structure that contains a POINTER TO the table by which read() and write() functions on sockets are vectored to the appropriate handler. 6. During a UDP connect operation a. If the socket is not already b. Any existing bind status is bound inet_autobind() is reset to null called to bind it. c. The bind status is not altered. 7. During a UDP bind operation a. If the socket is not already b. Any existing connection is connected inet_autoconn() is reset to null. called to connect it. c. The connection status is not altered. 8. For a UDP struct sock what is the difference in the use of saddr and rcv_saddr elements? a. saddr b. rcv_saddr 9. If you fail to provide a disconnect function in your protocol, how can a hacker cause your system to crash? Computer Science 853 Quiz 4 Name_______________________ 1. Under precisely what condition will a call to sys_sendto() result in the calling process being forced to sleep without passing the packet on to the IP layer? 2. Moving the struct sockaddr_in to kernel space is done in the a. socket sublayer b. PF_INET sublayer c. transport protocol 3. If a send operation is initiated on an unbound socket an autobind a. is not necessary b. is done in the socket sublayer c. is done in the PF_INET d. is done in the transport protocol sublayer 4. Precisely why is it NECESSARY to process the msghdr and/or connected sock info BEFORE allocating the struct sk_buff. 5. For a non-connected UDP socket a transmission attempt will be rejected if which of the following is 0 a. dest port b. dest IP address c. if either a. or b. is d. even if both are zero 0 the transmission will the transmission will succeed be rejected 6. For a disconnected UDP socket it is necessary to: a. call ip_route_output for every packet sent b. call ip_route_output only when the route associated with the struct sock has become stale or for the first packet sent on the socket 7. For a connected UDP socket it is necessary to: a. call ip_route_output for every packet sent b. call ip_route_output only when the route associated with the struct sock has become stale or for the first packet sent on the socket 8. The netfilter facility allows firewalls to install hooks that inspect packets. Which best characterizes the normal operation of such hooks a. the packet is allowed to pass if ANY hook accepts it b. the packet is dropped if ANY hook says to drop it c. both a. and b. are true 9. Precisely what happens if NO NETFILTERS have been installed and a packet is sent? 10. Identify two conditions that will force the "slow path" to be taken in ip_build_xmit a - b - 11. During a UDP sendto operation, the data to be transmitted is copied from user space to kernel space a. Before the call to b. During the call to ip_build_xmit() ip_build_xmit() c. After return from ip_build_xmit() 12. Describe the effect of replacing in ip_build_xmit() err = NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, skb, NULL, rt->u.dst.dev, output_maybe_reroute); with err = skb->dst->output(skb); Computer Science 853 Quiz 5 Name_______________________ 1. Diagram the sk_buff malloced part showing the location of the link header, IP header, UDP header, and user data along with the values of skb->data and skb->len 2. Which of the following will cause a packet to be dropped in udp_rcv() a. length in udpheader less b. length implied by skb->len than length implied by skb->len less than length in udpheader c. both d. neither one 3. Which best characterises delivery to multicast and unicast sockets a. both types may be delivered b. both types may be delivered only to exactly one socket to multiple sockets c. unicast may go to multiple d. multicast may go to multiple sockets but multicast only one sockets but unicast only one 4. A unicast packet whose dest port matches an open socket but receives a "score" of 0 is a. undeliverable b. is deliverable if no other socket receives a non-zero score 5. It may be necessary to clone skb_buffs a. in multicast delivery but not in b. in unicast but not in multicast unicast c. in both d. in neither 6. A packet that is passed successfully to udp_rcv() a. will never be dropped b. may be subsequently dropped in the "upcall code" due to excessive memory usages c. may be subsequently dropped d. may be dropped in both places in the "downcall" code due due to excessive memory usage to excessive memory usage 7. A packet that whose destination port does not correspond to an open socket a. will be dropped before udp_rcv b. will be dropped in the "upcall" path c. will be dropped in the "downcall" d. will be queued for possible path future delivery 8. When a deliverable packet has been received, at the time udp_rcv()returns returns to its caller in the ip layer, a. application data has been b. the packet is in the receive copied to user space and the queue but the data hasn't been sk_buff freed copied c. application data has been copied but the sk_buff hasn't been freed. 9. The skb_copy_datagram_iovec() is invoked by: a. udp_recvmsg() b. udp_rcv() c. both 10. It was recommended that your protocol use: a. skb_copy_datagram_iovec() b. memcpy_toiovec() c. copy_to_user() 11. If your mission was to absolutely MINIMIZE the amount of CPU time consumed by your protocol you should call: a. skb_copy_datagram_iovec() b. memcpy_toiovec() c. copy_to_user() 12. The skb_dequeue() function will a. sleep if the queue is empty b. return an error code if the queue is empty c. return NULL if the queue is d. cause a kernel OOPS if the empty queue is empty Computer Science 853 Quiz 6 Name_______________________ 1. Under what condition(s) might a packet that is dequeued by pfifo_fast_dequeue() NOT be the last packet that was enqueued by pfifo_fast_enqueue() (Assume a UNI processor system here.. but also assume the CORRECT no-preemption in kernel mode model used in Linux) 2. Indicate whether each of the following actions occurs in (U) user process context, (S) soft irq context or (B) both soft irq and user context, or (H) hardware IRQ. ___ a. dequeuing an sk_buff with pfifo_fast_dequeue ___ b. enqueing an sk_buff with pfifo_fast_enqueue ___ c. enqueuing an sk_buff on the completion_queue of the CPU's softnet_data structure. ___ d. invoking the device drivers hard_start_xmit function ___ e. Extracting the network layer protocol ID (IP, ARP, etc) from the MAC header of a received packet ___ f. Enqueuing a received sk_buff on the softnet data structure ___ g. Dequeuing a received sk_buff from the softnet data structure ___ h. Enqueuing a received sk_buff on the receive queue of a struct sock ___ i. Reassembly of a fragmented IP packet ___ j. Copying received data from the kernel buffer back to user space 3. Suppose the R and C bits of the IP TOS are 1 and the D and T are 0. a. What numeric "priority" does this setting correspond to?? b. Which of the three standard priority queues does this setting map to? 4. Under what (if any) conditions will a received packet be dropped <<< by the dev layer >>> a. In HW IRQ processing: b. In SoftIRQ processing: 5. a. Precisely what is the purpose of the output_queue of the softnet data structure b. Under exactly what condtions(s) does a net_device structure get placed on the output_queue. 6. What is the principal advantage of having one softnet data structure per CPU instead of having a SINGLE softnet data structure that serves all CPUs Computer Science 853 Quiz 7 Name_______________________ (For all questions referring to ARP states you should EXCLUDE NUD_NOARP and NUD_PERMANENT from consideration and from your answer) Suppose host 192.168.2.15 is on the same LAN with me but that it hasn't been contacted since my host was last booted. If I now send a UDP packet to 192.168.2.15... 1. A new neighbour structure will be created a. at the time the route cache b. At the time the packet is being element is created via call transmitted by ip_finish_output2() to ip_route_output_slow() c. Since we are on the same LAN no new neighbour structure is required. 2. and the sending of the ARP request packet will occur a. at the time the route is b. At the time the packet is being resolved during the call to transmitted by ip_finish_output2() ip_route_output_slow() c. Since we are on the same LAN no ARP request is required. 3. In the above scenario, at entry to ip_finish_output2() a. neighbour structure for b. It will exist an be in the 192.168.2.15 won't yet exist NUD_CONNECTED state c. It will be in the d. It will be in the NUD_NONE NUD_INCOMPLETE state state 4. When 192.168.2.15 receives my ARP request a. it will create a neighbour b. it will create a neighbour struct and set its state to struct and set its state to NUD_STALE NUD_REACHABLE c. It won't create a neighbour structure until an application tries to respond to me. 5. Neighbour and route cache structures are related transient data structures. Suppose a related pair are haven't been used in some time and need to be destroyed. Which one must be destroyed first? a. the struct rtable b. the struct neighbour c. whichever one's expiry timer fires first 6. In which of the SIMPLE STATES <> to neigh_event_send() will an ARP request actually be sent. ( NUD_IN_TIMER, NUD_CONNECTED, NUD_VALID are NOT simple states) 7. In which of the SIMPLE STATES <> to neigh_resolve_output() will neigh_resolve_output() invoke dev_queue_xmit() before returning. 8. Precisely what causes each of the following transitions. If the transition is triggered by a timer indiciate WHICH timer. If the transition is triggered by an attempt to send or the arrival of a packet say so. If the transition can't happen, say so. a. REACHABLE to STALE b. STALE to DELAY c. STALE to DEAD d. DELAY to PROBE 9. In what states is receipt of an ARP <> an expected event. 10. What will happen if a SPOOFED arp response is received in the NUD_REACHABLE state? Computer Science 853 Quiz 8 Name _________________ 1. The occurence of multiple fib_nodes in a single hash chain a. Will occur whenever a routing b. Will occur whenever a routing table has multiple entries table has multiple entries with the same prefix length c. May occur whenever a routing d. May occur only if a routing table has multiple entries table has multiple entries with with the same prefix length the same destination address. 2. When a routing table lookup occurs for an output route a. Both tables will always be a. Both tables will always be searched but a result found searched but a result found in the local table has in the main table has precendence. precendence. c. The main table will be searched d. The local table will be searched first and only if a route is first and only if a route is not found will the local table not found will the main table be searched. be searched. 3. During a FIB table lookup a. Only one fn_zone will b. It may be necessary to search ever need be be searched several zones or one may suffice c. All zones must always be searched 4. The IP address of the next hop of a route is kept in which of the following structures: a. fib_nh b. fib_node c. fn_zone 5. The IP address that is compared with the input key in the FIB lookup process is kept in which of the following structures: a. fib_nh b. fib_node c. fn_zone d. fib_info 6. A single entry in the Linux routing table best corresponds to a. An element of type b. An element of type struct struct rtable dst_entry c. An element of type d. An element of type struct struct fib_node fib_info 7. For a fib_node to be used for an output route it is necessary that a. fn_scope < key->scope b. fn_scope > key->scope c. fn_scope <= key->scope d. fn_scope >= key->scope 8. Answer the following questions pertaining to fib_select_default() and fib_detect_death() T or F. (Assume there are exactly three default routes and that they all have different fib_info's and different next hop gateways). ___ a. For a given call to fib_select_default() the value of last_resort will be set at most one time. ___ b. For a given call to fib_select_default() the value of last_resort will be set at least one time. ___ c. For a given call to fib_select_default(), fib_detect_death() will always be called at least one time. ___ d. It is possible for an unreachable gateway to be used 9. When the new route cache element is created, its the src, dst, and oif of the key that must be matched in future route cache lookups will be set to: a. The values originally passed b. The values contained in the to ip_route_output() "new" key structure created in ip_route_output_slow() c. The values actually used as d. a. b. and c. are always src, dst, and oif when sending indentical so they are all true. the packet. 10. In a FIB lookup the zone associated with a "default" route will be searched: a. first, because most requests b. last because it corresponds use the default route to a 0 length prefix. c. in random order based on a hash function. 11. Suppose source address, destination address, and oif are specified and that the source address is a legit unicast address on this machine and that the dest address is a legit unicast address elsewhere in the Internet. Which of the following conditions will cause a possible output route to be rejected a. source address is on an interface b. only route to next hop doesn't other than oif use oif c. both of the above d. neither of the above 12. Assuming the destination address of an incoming packet is a unicast owned by this host and that the incoming interface has an IP address and rpf is disabled on that interface what if any characteristics of the source address will cause the packet to be dropped.