CS 533 - HOMEWORK 4 SOLUTION
			----------------------------

Version 1, Apr. 1, 2004

Problem 1 (0 Points)
---------
A problem is that the host with the incorrect physical address for IP
address X will send a packet with the incorrect PA when sending to X.
If a host has that PA, it will receive the packet and realize that it is
not suppose to be the receiver and either drop the packet or try to
forward the packet on to the correct PA.  [ On some older systems, this
can be used to configure a system to act like a proxy ARP server although
the use of the feature is discouraged. ]

Another possibility is that the physical address that was enterred does
exist and an ARP reply will correct the incorrect IP address-to-physical
address binding.

Problem 2 (0 Points)
---------
The answer is in the back of the Peterson textbook: Ch 4, Prob 5

Problem 3 (0 Points)
---------
The answer is in the back of the Peterson textbook: Ch 4, Prob 22

Problem 4 (0 Points)
---------
I have chosen to assign the host addresses starting with 1 within a subnet. 
By convention, the highest addresses are assigned to router interfaces.

	R1
	| e1.s (192.82.64.1)
	|				Network 192.82.64.0/18
    =========================================================================
	|			|			|
	| e2.n (192.82.64.2)	| e3.n (192.82.64.3)	| e4.n (192.82.64.4)
	R2			R3			R4
	| e2.s (192.82.128.1)	| e3.s (192.82.192.1)	| e4.s (192.83.0.1)
	|			|			|
	Network			Network			Network
	192.82.128.0/18		192.82.192.0/18		192.83.0.0/23
	192.82.1.87 (indirect)	192.82.5.40 (indirect)	192.168.0.0/24 (private)

Note that the subnet IP addresses are constructed from blocks of Class C addresses.
For example, 192.82.64.0/18 consists of the 64 Class C subnets 192.82.64.0,
192.82.64.1, ..., 192.82.127.255.

a)  Let H0 be 192.168.0.21.

	Entry	Destination	Netmask		Next Hop	Out	Comment
	------------------------------------------------------------------------
	R1[0]	192.82.1.87	255.255.255.255	192.82.64.2    	e1.s	thru R2
	R1[1]	192.82.5.40	255.255.255.255	192.82.64.3    	e1.s	thru R3
	R1[2]	192.83.0.0	255.255.254.0	192.82.64.4    	e1.s	thru R4
	R1[3]	192.82.64.0	255.255.192.0	DIRECT      	e1.s
	R1[4]	192.82.128.0	255.255.192.0	192.82.64.2    	e1.s	thru R2
	R1[5]	192.82.192.0	255.255.192.0	192.82.64.3    	e1.s	thru R3
	R1[6]	0.0.0.0		0.0.0.0		Internet    	e1.e	default
	------------------------------------------------------------------------
	R2[0]	192.82.1.87	255.255.255.255	Some Router    	e2.s
	R2[1]	192.82.5.40	255.255.255.255	192.82.64.3    	e2.n	thru R3
	R2[2]	192.83.0.0	255.255.254.0	192.82.64.4    	e2.n	thru R4
	R2[3]	192.82.128.0	255.255.192.0	DIRECT    	e2.s
	R2[4]	192.82.192.0	255.255.192.0	192.82.64.3    	e2.n	thru R3
	R2[5]	192.82.64.0	255.255.192.0	DIRECT      	e2.n
	R2[6]	0.0.0.0		0.0.0.0		192.82.64.1    	e2.n	default
	------------------------------------------------------------------------
	H0[0]	192.83.0.0	255.255.254.0	DIRECT      	e?
	H0[1]	192.168.0.0	255.255.255.0	DIRECT      	e?
	H0[2]	0.0.0.0		0.0.0.0		192.83.0.1    	e?	default
	------------------------------------------------------------------------

    Actually, it might be possible that there is no default (H0[2]) entry in H0's
    routing table.  The choice of the private IP address 192.168.0.21 is not a good
    example since there's no way any packet wanting to come back to it from outside
    of its own subnet can get find it's way back; i.e., there's no entry in R4's
    routing table!  So, no TCP connection can be made.  It might be possible to
    send a UDP datagram to a remote host, but any problem causing an error return
    wouldn't be able to find it's way back.

b)  Let's suppose there is a default entry in H0's routing table.  Then, the sequence
    of frames is:

			      MAC			  IP
	Router/Host	Source	Destination	Source		Destination
	---------------------------------------------------------------------
	H0		e?	e4.s		192.168.0.21	192.82.128.65
	R4		e4.n	e2.n		192.168.0.21	192.82.128.65
	R2		e2.s	eX		192.168.0.21	192.82.128.65

    where eX is the Ethernet interface at 192.82.128.65.

Problem 5 (4 Points)
---------
[ Solution to be presented in class. ]

Problem 6 (6 Points)
---------
[ Solution to be presented in class. ]

Problem 7 (8 Points)
---------
a)  The monitoring can run as a step before routing.  Basically, it involves
    classifying a packet based on something other than the destination IP
    address field.  Note the similarities and dissimilarities to the matching
    algorithm used in a route lookup: In route lookups, there is a destination
    match operation that looks like:

	network = netmask & ipDst;

	if ((routeEntry->netmask & dgram->dst) == routeEntry->dst)
	    { ... Route entry matches destination IP address ... }

    Line 7 in the algorithm below is identical to the route lookup match
    criteria except IP address matches are on the source and destination IP
    addresses instead of just the destination IP address and the mask is a
    netmask for either a Class A, B or C network address instead of a more
    general mask.  This mask is generated automatically from the source IP
    adress criteria (see below).

    The protocol and port fields are easily matched because they are exact
    matches or are matched against the "don't care" field value of 0.

    Another difference is that here we are interested here in all matches
    rather than the best match in route lookup.

b)  [ ***** NOTE:  We assume an Big Endian processor.  So, it's HBO is the
	same as NBO and no extra byte reordering is necessary. ***** ]

    We define the two inline functions ipMatch and exactMatch to be used
    for matching IP addresses (prefix match) and the remaining fields (ports,
    protocol).

	typedef Boolean int;
	inline Boolean ipMatch (uint32_t ipAddr, uint32_t matchAddr,
							uint32_t mask) {
		return ((ipAddr & mask) == matchAddr ? 1 : 0);
	}
	inline Boolean exactMatch (uint16_t in, uint16_t criteria) {
		return ((in & criteria) == criteria ? 1 : 0);
	}

	1 void count (pkt, criteria[]) {
	2   for (int i=0; i<N; i++) {
	3     int match =	exactMatch(pkt.proto, criteria[i].proto)
	4		&&	exactMatch(pkt.srcPort, criteria[i].srcPort)
	5		&&	exactMatch(pkt.dstPort, criteria[i].dstPort)
	6		&&	ipMatch(pkt.srcAddr, criteria[i].srcAddr,
						criteria[i].srcMask)
	7		&&	ipMatch(pkt.dstAddr, criteria[i].dstAddr,
						criteria[i].dstMask);
	8	 count[k] = count[k] + match;
	    }
	  }

    This assumes that criteria[i].srcMask and criteria[i].dstMask were
    precomputed by first determining the class of the network address
    criteria[i].ip:

	enum netClass	{A=0, B, C, ANY}
	u_int32_t	maskClass[3] = {0xFF000000, 0xFFFF0000, 0xFFFFFF00, 0x0};

    Actually, the masks can be determined dynamically.  Note that the netClass
    'ANY' is used when an IP address criteria is a "don't care."

c)  All IP packets coming from your network should have a source IP address that
    matches the network address 128.252.0.0 (with netmask 255.255.0.0).  This
    does not prevent all IP spoofing since the spoofer could choose some random
    IP address from the 128.252.0.0 network.  Note that the number of spoofed
    packets is the total number of packets minus the number of packets matching
    the 128.252.0.0 network address.

d)  The table size N is an issue since the counting has to be done at wire
    speed.

Problem 8 (8 Points)
---------
a)  The subnet IP addresses are 192.169.160+k.0/24, k = 0..(N-1).  For example,
    if N = 96, the subnet address range from 192.169.160.0/24 to
    192.169.255.0/24.  The forwarding function Forward maps a destination IP
    address to a port number:

	Forward:  DstIP X Msk --> Port

    That is, Forward takes an IP address DstIP and it's associated netmask Msk
    and returns a switch port number Port.  Because there is a simple mapping
    from IP address to port number, a simple hash can determine the port number.
    However, I assume below that 'Forward' is implemented using a forwarding
    table FT and search algorithm.  In this manner, there is little difference
    between supporting only endsystems and routers.  FT is the Cartesian product:

	Forwarding Table (FT):  DstIP X Msk X Port

    For example,

	192.169.162.0/24 (PP2) ===> PP3 (192.169.163.0/24)

    FT at Port 2:
		DstIP		Msk		Port
		------------------------------------
		...
		192.169.162.0	0xffffff00	3

	o Ethernet frame arrives at PP2 with:
		FrameSrc=X,
		FrameDst=Y,
		ipSrc=192.169.162.x,
		ipDst=192.169.163.y
	    where Y is the MAC address of the Ethernet interface on PP2, and
	    X is the MAC address of the Ethernet interface of the source host.
	o Strip off Ethernet header and trailer.
	o Match ipDst=192.169.163.y with FT returning Port 3.
	o Encapsulate IP datagram with switch header:
		SwitchSrc=2,
		SwitchDst=3,
		ipSrc=192.169.162.x,
		ipDst=192.169.163.y
	o Send switch frame to switch.
	o Switch frame arrives at PP3.
	o PP3:
	  - Strips off switch header.
	  - PP3 calls ARP to get destination Ethernet (MAC) address for
		192.169.163.y
	  - Encapsulates IP datagram with Ethernet header and trailer:
		FrameSrc=Y',
		FrameDst=X',
		ipSrc=192.169.162.x,
		ipDst=192.169.163.y
	    where Y' is the MAC address of the Ethernet interface on PP3, and
	    X' is the MAC address of the Ethernet interface of the destination
	    host.

b)  PP2 will respond to an ARP request from the source host, and PP3 will send
    an ARP request when the first frame destined for 192.169.163.y arrives
    (assuming that PP3 doesn't do gratuitous ARPing) since it's ARP table is
    empty.

    PP3's ARP implementation does the following:

	o Broadcast ARP request with:
		arpPASrc=Y',
		arpIPSrc=192.169.163.z
	  	arpPADst=???,
		arpIPDst=192.169.163.y
	  where z is the host part of PP3's IP address.
	o An ARP reply returns with the MAC address of 192.169.163.y.

c)  The only difference is that the FT at PP2 must contain entries for all
    possible IP destinations reachable from all ports.  Entries with common
    prefixes can be aggregated.