1 / 30

CS 162: Operating Systems and Systems Programming

This lecture covers the concepts of networking, layering, and communication in operating systems and systems programming. Topics include physical and link layers, network and transport layers, shared communication mediums, MAC and IP addresses, Ethernet, switches and routers, and wireless LAN architecture.

jwaters
Download Presentation

CS 162: Operating Systems and Systems Programming

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CS 162: Operating Systems and Systems Programming Lecture 28: Networking, Course Conclusion August 13, 2019 Instructor: Jack Kolb https://cs162.eecs.berkeley.edu

  2. Logistics • HW3 Due Tonight, 11:59 PM • Course Evals Fixed • Review Session for Wednesday's Lecture • Final Exam: Thursday, 5-8PM

  3. Layering • Complex services from simpler ones • Physical and Link Layers (Wi-Fi, Ethernet, …) • Unreliable, local exchange of limited-size frames • Network (IP) – routing between local networks • Unreliable, global exchange of limited-size packets • Transport (e.g., TCP) – Glue • Reliable (with retries), ordering, stream of bytes • Application – Everything on top of sockets

  4. I/O Device I/O Device I/O Device Processor Memory Internet Broadcast Networks • Shared communication medium: A Bus

  5. Broadcast Networks • Shared Communication Medium • Examples: • Original Ethernet • All types of wireless (WiFi, Cellular Networks, …) • Coaxial Cable (e.g., Cable Internet)

  6. Header (Dest:2) Body (Data) Message ID:3 (sender) Broadcast Networks ID:1 (ignore) • How do we get unicast (message to one host) from broadcast (message to all hosts)? • Put Header on Front of Packet: Dest | Packet • Often handled directly in hardware ID:4 (ignore) ID:2 (receive)

  7. How do we specify a destination? • Link Layer has its own addressing scheme: Media Access Control (MAC) Addresses • MAC Address: 48 bits uniquely bound to your hardware device (hard coded by manufacturer) • Remember: MAC Addresses only used for exchange of a frame across a single link/broadcast domain • IP Address can change (e.g. you move from campus to home network) • MAC address is constant

  8. Data Link Layer • MAC Dest. Address • MAC Src. Address • … Network Layer Network Layer Datalink Layer Datalink Layer Frame Hdr. Frame Payload Frame Hdr. Frame Payload Physical Layer Physical Layer 101010100110101110 101010100110101110

  9. Media Access Control • Arbitration: Who can use the broadcast medium when? • Early example: Aloha Network (1970's), packet radio within Hawaii • Use checksum in frame header to detect error • If two senders try to send at same time, both packets get garbled, wait and re-send later • Problems: • If network is too busy, no one gets through • Need senders to retry again at different times

  10. Example: OriginalEthernet • All computers communicate on shared wire (bus) • CSMA/CD: Carrier Sense Multiple Access with Collision Detection • Carrier Sense: Don't send unless medium is idle • Listen before Speaking • Collision Detection: Determine if sent packet was trampled by someone else on bus • If so, abort, wait and retry

  11. Adaptive Randomized Backoff • Wait a random amount of time before retransmitting again • Why? Two machines involved in collision don't want to retransmit at same time • Just causes another collision! • Increase wait time after each retry to adjust to how busy the shared medium is

  12. Original Ethernet • All frames delivered to all hosts • If host is not intended recipient, drops frame MAC Addr: A MAC Addr: B MAC Addr: C B B

  13. Link Layer Switches • Inspects destination MAC address of incoming packet • Forwards on relevant outgoing link MAC Addr: D MAC Addr: B Switch MAC Addr: C MAC Addr: A B

  14. Switches vs Routers • Routers operate at network layer, understand IP addresses • Build routing tables by exchanging information with neighbors, can also manually configure • Switches operate at link layer, understand MAC addresses • "Self Learning" – build switching tables automatically by inspecting source MAC address of frames received on different links • Unknown MAC address: just broadcast

  15. Switch Router Internet Point-to-Point Networks • Switches make an Ethernet LAN operate more like a point-to-point network • No shared medium: Physical wire connected to only two specific nodes

  16. Putting it all together Application Layer Application Layer Data Data Transport Layer Transport Layer Trans. Hdr. Data Trans. Hdr. Data Network Layer Network Layer Net. Hdr. Trans. Hdr. Data Net. Hdr. Trans. Hdr. Data Datalink Layer Datalink Layer Frame Hdr. Net. Hdr. Trans. Hdr. Data Frame Hdr. Net. Hdr. Trans. Hdr. Data Physical Layer Physical Layer 101010100110101110 101010100110101110

  17. Putting it all Together Application Application • One technicality: a Switch works at the data link layer (can parse frame headers) but is transparent to communication endpoints • Host does not specify Switch MAC address as destination of frame Transport Transport Network Network Network Datalink Datalink Datalink Datalink Physical Physical Physical Physical Switch Host A Router Host B

  18. Bonus: Wi-Fi (802.11) • Some challenges unique to wireless setting: • Interference (other transmissions, environment) • Signal attenuation • Multipath Propagation • Typically: Traverse one wireless link to access point, then we're back at a wired link layer (e.g., Ethernet)

  19. Wireless LAN Architecture Internet Router Access Point Access Point

  20. Wi-Fi Access Point • Bridges last-hop wireless link with wired network that leads to local router (and therefore to the Internet) • Periodically sends beacon frames with • Network Name (SSID), e.g. Airbears 2 • Access Point's MAC address • Your laptop listens for these beacon frames when you are looking for a network to join • May also broadcast a "probe frame" to solicit beacons

  21. Media Access Control Challenges • Hidden Terminal Problem • Two nodes may not know they are both transmitting Signal Obstruction

  22. Media Access Control Challenges • Fading: Signals Weaken with Distance • Two nodes may not know they are both transmitting

  23. Wi-Fi: CSMA/CA • Carrier Sense Multiple Access with Collision Avoidance • Why not collision detection like Ethernet? • Two nodes may not be able to perceive each other's transmissions (e.g., hidden terminal problem) • Even in "perfect" conditions, very hard to receive (detect channel use) while you are sending

  24. Wi-Fi: Acknowledgements • Acknowledgement/Retransmission scheme is implemented in the link layer • Doesn't this violate the end-to-end principle? • Strict interpretation: leave reliability to TCP at end hosts • But likelihood of errors (e.g. corrupted packet from interference or overlapping transmission) high enough to warrant addressing it here

  25. Transmitting a Frame • Check if channel is idle • If in use, choose a random backofflength • Count down only while channel is idle • Stop counting while it is in use • Transmit frame, wait for ACK • If success, move on to next frame. Otherwise, pick a larger backoff period, return to (2)

  26. Break

  27. Linux Virtual memory map (old) 0xFFFFFFFFFFFFFFFF 0xFFFFFFFF KernelAddresses 128TiB 1GB KernelAddresses 896MBPhysical 64 TiBPhysical 0xC0000000 UserAddresses 0xFFFF800000000000 3GB Total Empty Space “Canonical Hole” 0x00007FFFFFFFFFFF 128TiB User Addresses 0x0000000000000000 0x00000000 32-Bit Virtual Address Space 64-Bit Virtual Address Space

  28. January 2018 - Meltdown • Possible to inspect contents of kernel memory if it's mapped into address space (even as user!) • Fix: Kernel Page Table Isolation • Use entirely different page tables when in user mode vs. when in kernel mode • Problem: Address space change whenever an interrupt or syscall occurs! • Change page tables • Flush TLB unless it is tagged • Reduced Performance, depends on syscall workload

  29. Meltdown Code uint8_t array[256 * 4096]; // Flush array from CPU cache // Install signal handler for SIGSEGV uint64_t priv_addr = 0xFFF…; uint8_t data = *(uint8_t*)(priv_addr); uint8_t dummy = array[data * 4096]; for (int i = 0; i < 256; i++) { // Check if array[i * 4096] is cached }

  30. Takeaway Points • Intel CPUs did not check virtual memory permissions on speculative execution • Eventually this gets cleaned up, but some effects persist (most importantly: data in cache) • We can then observe how long it takes to access different elements from our test array • Slot that was cached uniquely determined by value of data in kernel memory region! • Timing Side Channel Attack

More Related