Netsvc Platform

Netsvc Platform

Remote Authentication Box

Lv Zheng

vlan1

Soliton SecretSoliton Secret

Internet

RA-BOX

br0

ppp0

eth0

Appliance Topology

vlan2

eth2

eth3

ISP

VPN

Internet

NAT Half Bridge

eth1 ppp1

IntranetHome

WorkPC

Ether

HomePC

SmartCard

VPN-TunnelVPN - Session

Execution Flow


Timeouts

Descriptors select

Events Timeout = 0

eloop_register_read_sock

eloop_unregister_read_sock

eloop_register_timeout

eloop_cancel_timeout

eloop_schedule_event

eloop_cancel_event

eloop_cleanup_events

eloop_register_signal

Signal

Implemented by timeouts (tout = 0)

Software timeouts queue (not hw)

Object Interfaces

• Object API naming rules

• Tow objects:

– Parent: higher layered protocol entity

– Child: lower layered protocol entity

• Four cases:

– Parent’s state machine is started first

– Child’s state machine is started first

– Parent’s state machine is stopped first

– Child’s state machine is stopped first

• Notify: notify higher entity state changes to lower listeners


Parent STM First Child STM First Child STM Last Parent STM Last__p_create __c_create __p_delete __c_delete p_new c_new p_stop c_stop driver->open c_start driver->close p_delete c_new p_create c_unbind p_stop c_start p_new c_stop driver->unbind c_bind driver->bind c_free c_unbind p_start c_bind p_free p_free p_start c_free

Notify Chain

State Machines

DFA State machine NFA State machine


PPP NEGO

L2TP LAOC L2TP LAIC

L2TP LNOC L2TP LNIC

L2TP CCE PPP Phase

EAP AuthenticatorEAP Peer

stm_table

stm_entry

stm_instance

stm_event

STM_STATESTM_STEP STM_ENTER

STM_STEP_RUN

STM_STATE

STM_STATE

Module Overview


NETLINK

UDEV KOBJECT_UEVENT

RTNLROUTE

NETLINK

INETADDR

CCID

PCSC

PKCS15

802.1D 802.1Q PPP DHCPIPCP

USB RTC MTD

XFRM

IPSEC

PPPoE L2TP

Linux Kernel Space

Linux User Space

RTNLROUTE

NETLINK

Network

l2tp_sessionpppoe_session CHAP EAP IPCPPAPLCP

Module PPP


channel unit

/dev/ppp NETLINK (LINK)

net_device

ppp_phase

ppp_channel

NETLINK (ADDR)

Link Auth

in4_ifaddr

L2TPPPPoE

ppp_protocol

net_service inet_service

net_device in4_ifaddr

l2tp_service pppoe_service

ppp_channel

ppp_service

ppp_profile

pppoe_profile

l2tp_tunnel

l2tp_profile

Object PPP


l2tp_session

pppoe_session

ppp_phase

Module IPSec


ISAKMP

XCHG DOI

ISAKMPIKE IPDOI

XFRM

info base ident

ISAKMPDOI

newgrp aggaggquickmain

Module UI


ui_entry

ui_schemaui_command

ui_argument

ui_syntax

ui_parser

ui_service

ui_viewui_table

ui_session

cli cgi …

l2tp ppp …

choice range

Module PCSC


PCSC

PKCS11PKCS15

pkcs_icc pkcs_ifd

CCID

USB

Other IFDMuscleISO7816WatchData

Other SPCrypto

Object PCSC


pkcs11

pcsc_icc

ccid_reader

pcsc_handle

pkcs15

usb_device

pcsc_ifd

Icc_wdIcc_muscleIcc_7816

pcsc_trans

Module NAC


nac_client nic_t (backend)nic_t (frontend)

1 2 3 4 5

Idle Negotiating Front-Done Back-Done Networking

Open ncs/2 - - - -

Close - ncf/1 ncf/1 ncf/1 nci,ncf/1

NFU - nba/2 nba/3 nba/2 nci,nba/4

NBU - nfa/2 nfa/2 nfa/4 nci,nfa/3

NFJ - nbr/2 nbr/3 nbr/2 nbr/3

NBJ - nfr/2 nfr/2 nfr/4 nfr/4

RFS - nba/3 nba/3 noi/5 -

RBS - nfa/4 noi/5 nfa/4 -

RNF - 2 2 2 -

NNT - - - - nci,noi/5

nba NAC-Backend-Advance

nfa NAC-Frontend-Advance

nbr NAC-Backend-Retreat

nfr NAC-Frontend-Retreat

ncs NAC-Client-Started

ncf NAC-Client-Finished

noi NAC-Open-Internetworking

nci NAC-Close-Internetworking

NFU NAC-Frontend-Updated

NBU NAC-Backend-Updated

NFJ NAC-Frontend-Rejected

NBJ NAC-Backend-Rejected

RFS Receive-Frontend-Success

RBS Receive-Backend-Success

RNF Receive-NAC-Failure

NNT NAC-Network-Terminated

AVPs AVPs

dict

Module Bridge


Object Bridge


Netsvc Platform

Documents

Transcript of Netsvc Platform