Permalink
Switch branches/tags
Nothing to show
Find file
Fetching contributors…
Cannot retrieve contributors at this time
37 lines (22 sloc) 2.78 KB
Scream filter for openWRT
Assignment 4: OpenWRT and the screamer filter
--------------------------------------------------------
This week you will implement middlebox software for openWRT. Therefore you will create a program that uses the netfilter (iptables) architecture to filter screamer packets. You will compile the filter for the ASUS routers and test it in the test network with the N810 device as client and your virtual machine as server.
a) Observe the startup process of the pristine ASUS router with the serial cable. Use screen or minicom to connect to the device. Use a baud rate of 115200, 8 data bits, no parity, 1 stop bit (8n1). (e.g., screen /dev/INSERT_DEVICE_NAME_HERE 115200 8n1).
Compile openWRT from source. Follow the instructions on the openWRT website:
http://wiki.openwrt.org/OpenWrtDocs/Hardware/Asus/WL500W BUT download and use the latest stable version (kamikaze 8.09) from the openWRT website instead of the development release from the svn repositories. Unpack the latest stable release and continue the guide on the website.
When configuring the router firmware make sure you activate kmod-ipt-queue to be built in. Otherwise your ip_queue program won't work.
Flash openWRT to the router with tftp. You can reach the router from nasty (Nasty has the IP address 192.168.2.1) on the internal network interface (eth0:0). You can only flash one router at a time (the router will only listen to 192.168.1.1).
b) Configure the openWRT router to match the IP address assignment scheme (/etc/config/network, /etc/config/wireless). Use the serial cable for this configuration. Make sure that your virtual machine can talk to the router and that the N810 device can talk to your virtual machine when associated with the router via Wi-Fi.
b) Google for ip_queue and netfilter. Acquire basic knowledge about the netfilter architecture.
c) Implement a simple packet filter for ip_queue for the router. You can use the framework in the assignemnts-4 directory for a start. The filter should just delete every third screamer FLOOD packet for each screamer flow between a server and a client.
Subtasks:
1) Register your ip_queue program for UDP packets addressed to your default screamer port.
2) Figure out whether a packet is a ip / udp / screamer packet.
3) Map the packet to a host pair. You should be able to distinguish an arbitrary number of flows.
4) Drop every third packet in the flow that the middlebox forwards.
d) Follow the openwrt tutorials and compile your filter program for openWRT. This may help: http://wiki.openwrt.org/BuildingPackagesHowTo
e) Run your scream filter on the openWRT router and test it with your virtual machine and the N810 device.
Hints:
You have to link your filter program against /usr/lib/libipq.a
gcc -g -Wall -lipq filter.c o /usr/lib/libipq.a -L/usr/lib/ -o filter