論文使用權限 Thesis access permission:校內一年後公開,校外永不公開 campus withheld
開放時間 Available:
校內 Campus: 已公開 available
校外 Off-campus:永不公開 not available
博碩士論文 etd-0725107-191401 詳細資訊
Title page for etd-0725107-191401
論文名稱 Title |
Linux核心中IP和Netfilter架構的元件化 Componentization of IP and Netfilter Architecture in Linux Kernel |
||
系所名稱 Department |
|||
畢業學年期 Year, semester |
語文別 Language |
||
學位類別 Degree |
頁數 Number of pages |
57 |
|
研究生 Author |
|||
指導教授 Advisor |
|||
召集委員 Convenor |
|||
口試委員 Advisory Committee |
|||
口試日期 Date of Exam |
2007-06-29 |
繳交日期 Date of Submission |
2007-07-25 |
關鍵字 Keywords |
核心模組、元件化、軟體元件 hot-swapping, software component, componentization, Linux, IP Tables, Netfilter |
||
統計 Statistics |
本論文已被瀏覽 5643 次,被下載 7 次 The thesis/dissertation has been browsed 5643 times, has been downloaded 7 times. |
中文摘要 |
本論文以元件化架構為基礎,介紹如何將模組進行元件化,讓模組元件可以重新組合建構出理想的架構。藉著元件化Linux網路系統中的Netfilter架構來說明元件的可重組性跟彈性。Netfilter是專為Linux網路設計過濾封包的架構,讓系統使用者可以藉著iptables指令註冊匹配規則與目標處理函式,並且於特定的掛勾處將封包好好檢視或修改一番。熱抽換(hot-swapping)是元件化的重點技術之一,論文中採用Linux核心元件化[1]所提供的概念與工具,將重定位的資訊紀錄在模組的符號表中,藉由此項紀錄可以重新給定函式呼叫的位址,達到元件連結關係線上重組。另外,重覆載入同一個模組元件也使得元件的彈性增加,並提昇元件的可重複使用性。 論文中以切割Netfilter架構中的掛勾函式為出發點,掛勾函式切割成更小的元件,新增進入埠與外出埠,註冊自己的表格,打破傳統函式呼叫與模組載入的一些限制等。經由Netfilter元件化後的結果發現,我們可以描述一個新的組合,而這個新組合是原本架構所無法表示的,並且可以只載入必須的元件到系統上,讓整個系統將變得更為簡潔。另外,在本論文的實驗量測結果下發現,Netfilter的效能並沒有因為元件化的緣故而變差,反而有些許的效率增進,打破了其他元件化研究,因元件化所增加負擔而導致效能變差的觀念。然而整個IP層雖然還沒完整元件化,但是期望藉著Netfilter的元件化,突顯出元件的效能與彈性,進而慢慢地將整個龐大複雜的Linux網路子系統元件化,甚至整個Linux核心都元件化,徹底改善整個系統軟體的開發環境。 |
Abstract |
In this thesis, we exercised the componentization technique to componentize the Netfilter architecture in Linux network system. Netfilter is a software architecture for filtering packets. System administrator can register packet-matching rules and target handling function into the system. Netfilter matches packets according to the rules and processes them by the corresponding target functions. By componentizing the architecture, we can improve the elasticity and the reusability of Netfilter. Hot-swapping is an important procedure in componentized software system. In this study, we implemented hot-swapping based on the work developed by Fan[1]. It stores the relocation information of exporting symbols into the module symbol table. With this information, we are able to dynamically change the caller-callee relationship of modular components at run time. In addition, we extend their work to allow the same modular component to be loaded into Linux kernel for more than once so that the same component can be replicated in the system. We started with decomposing all the “hook” functions into smaller and simpler components and then for each component, we added in-ports and out-ports and registered its own iptables, and we fixed the limitation of only one instance of a module allowed in kernel and broke the hard rule in iptables. As a result, after Netfilter componentization, we are able to illustrate new configurations that cannot be done in the original architecture, and the system becomes further compact with only necessary components loaded in the system. This reflects in slight performance improvement in our experiments, which is not usually seen in other frameworks due to componentization overhead. |
目次 Table of Contents |
第一章 緒論 1 第二章 研究背景 3 2.1 Linux IP層實作與Linux Netfilter架構 3 2.2 Linux 核心的元件化:方法與工具 9 2.2.1 元件的概念 9 2.2.2 熱抽換(hot-swapping)技術 10 第三章 系統架構與研究方法 15 3.1 Netfilter基本結構:nf_hook_ops 15 3.2 全域變數的處理 18 3.3 定義相同的介面 19 3.4 掛勾函式的元件化 20 3.4.1 Netfilter元件化的基本步驟 23 3.4.2 FILTER模組元件化 24 3.4.3 NAT模組元件化 25 3.4.4 MANGLE模組元件化 28 3.5 組合元件 28 3.5.1 改變函式指標 29 3.5.2 熱抽換函式 31 3.6 重覆載入元件 32 3.7 打破iptables限制 34 第四章 實驗架構與結果 36 4.1 Netperf簡介 36 4.2 環境設定 36 4.3 實驗結果 37 4.4 IP層的延遲量測 41 4.5 元件彈性效益 41 第五章 結論與未來工作 44 參考文獻 46 |
參考文獻 References |
[1] Shu-Ming Fan, “Componentization in Linux Kernel:Approach and Tools.” MS thesis, Department of Electrical Engineering, National Sun Yat-sen University, 2007. [2] Bryan Ford, Godmar Back, Greg Benson, Jay Lepreau, Albert Lin, and Olin Shivers, “The Flux OSKit: A Substrate for Kernel and Language Research.” In Symposium on Operating Systems Principles, pp.38-51, 1997. [3] The OSKit Project http://www.cs.utah.edu/flux/oskit/ [4] E. Kohler, R. Morris, B. Chen, J. Jannotti, and M. F. Kaashoek, “The Click Modular Router.” ACM Transactions on Computer Systems, v.18, no.3, pp.263-297, August 2000. [5] The Click Modular Project http://read.cs.ucla.edu/click/ [6] A. Baumann, J. Kerr, J. Appavoo, D. Da Silva, O. Krieger, and R. W. Wisniewski, “Module Hot-Swapping for Dynamic Update and Reconfiguration in K42.” in 6th Linux.Conf.Au, Canberra, Australia, April 2005. [7] Yueh-Feng Lee and Ruei-Chuan Chang, “Hotswapping Linux kernel modules.” The Journal of Systems and Software, V.79, Issue 2, pp.163-175, February 2006. [8] NetPerf WWW pages and NetPerf manual included in archive http://www.netperf.org/netperf/ [9] Paul Russel and Harald Welte, “Netfilter Hacking How-to” http://www.netfilter.org/documentation/HOWTO/netfilter-hacking-HOWTO.txt [10] Christian Benvenuti, “Understanding Linux Network Internals”,ch18-25, O'Reilly, 2005. [11] Pablo Neira Ayuso, “Netfilter’s Connection Tracking System.” The USENIX Magazine, v31, no.3, pp.34-39, June 2006. |
電子全文 Fulltext |
本電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。 您的 IP(校外) 位址是 3.22.119.251 論文開放下載的時間是 校外不公開 Your IP address is 3.22.119.251 This thesis will be available to you on Indicate off-campus access is not available. |
紙本論文 Printed copies |
紙本論文的公開資訊在102學年度以後相對較為完整。如果需要查詢101學年度以前的紙本論文公開資訊,請聯繫圖資處紙本論文服務櫃台。如有不便之處敬請見諒。 開放時間 available 已公開 available |
QR Code |
國立中山大學 圖書與資訊處 │ 諮詢服務:2452 論文審查小組 │ 服務信箱 │ 系統開發維運:圖資處知識創新組
Office of Library and Information Services, National Sun Yat-sen University │ Contact Us : 2452 Thesis Format Review Team , Mail │ Development and operations : Knowledge Innovation Division, LIS