1. Application Layer Active Network
Developing a Network-Interface for controlling the Data-Communication of an Network-Card (Entwicklung eines Netzwerk-Interface zur Steuerung der Datenkommunikation einer Netzwerkkarte) Diploma Thesis (Diplomarbeit) Martin Wodrich 2004 Presentation 2 (Vortrag 2)

2. Table of Contents What is to do for Active Network
The Windows Network Stack
Type of Network Connections
The Application Layer Active Network Systemarchiteture
Why modules?
How that works?
What can a Execution Enviroment do?
Limits of the Architecture
News and tomorows Windows
Yesterdays Windows
Portability
Protocols TCP/IP

3. What is to do for ALAN? Controlling all Network Traffic
Resource-Managment
Modification of Network-Pakets

4. Windows Network Stack Part I (Usermode)

5. Windows Network Stack Part II (Kernelmode)

6. Usable for Custom Drivers
* Layered Service Provider * Intermediate Driver Choosen for Active Network: * Layered Service Provider

7. Types of Network Connections
Connectionless Sender
Connectionless Receiver
Connectionoriented Server
Connectionoriented Client

8. Steps for a Network Connection – All Types
Open the Winsock
Init the Winsock (WSAStartup())
Open a Socket (WSASocket())

9. Steps for a Network Connection - Connectionless Sender
Send the Data (WSASendto())
Close the Socket (WSAShutdown())
Cleanup the Winsock (WSACleanup())

10. Steps for a Network Connection – Connectionless Receiver
Bind the socket to an adress (bind())
Receive the Data (WSARecvfrom())
Close the Socket
Cleanup the Winsock

11. Steps for a Network Connection – Connectionoriented Server
Bind the Socket to an Adress
Take the Socket into listen state (listen())
Accept a Connection (accept())
Send and Receive Data (send()/received())
Close the Socket
Cleanup the Winsock

12. Steps for a Network Connection – Connectionoriented Client
Connect to a Server (connect())
Send and Receive Data
Close the Socket
Cleanup the Winsock

13. Steps for a Network Connection – Why Steps
All these steps are useful to track and intercept connections to manipulate the data.

14. Application Layer Active Network Systemarchitecture

15. All these Modules nessesary? - Protocol Helper
No Transport Protocol are the same as an other. See TCP/IP v4 and TCP/IP v6 as an Example an the next pages. We must know the Application Layer Protocol to modify the Data. On TCP/IP (both versions) its an Number called Port.

16. TCP/IPv4 Socketaddress
struct sockaddr_in {
short sin_family;
u_short sin_port;
struct in_addr sin_addr;
char sin_zero[8]; };

17. TCP/IPv6 Socketaddress
struct sockaddr_in6 {
short sin6_family;
u_short sin6_port;
u_long sin6_flowinfo;
struct in6_addr sin6_addr;
u_long sin6_scope_id; };

18. All these Modules nessesary? - Execution Enviroments
The use of Execution Enviroments is more flexible than a fixed Ruleset for Modifikation. A new Type of data modifing means nowthing more than adding a new Execution Enviroment.

19. All these Modules nessesary? - Monitor DLL
A Layered Service Provider only have a single entry Point. Everything else is done by List. These List can only have a fixed list of entrys. But we need an interface for a Management Application that control the whool active network system.

20. How that work? - Open a Socket
Application opens a socket
The ALAN_LSP calls the ALAN_MON.dll to save the parameters of the socket (Number of socket,protocolnumber and Type of socket)

21. How that work? - Bind or Connect
Application calls bind() or connect() (Bind is for a server, connect for a client)
The ALAN_LSP calls the ALAN_MON.dll
The ALAN_MON searchs for a protocol helper
The Protocol Helper extracts the Number of the Application Layer Protocol from the sockaddr-Structure (In TCP/IP this is called portnumber).
The ALAN_MON searchs for the right EE.

22. How that work? - Accept Application calls accept()
The ALAN_LSP calls the ALAN_MON
The ALAN_MON copys the Information. Now the old and the new socket akt as the same.

23. How that work? - Send (Part 1)
Application calls the send-function
The ALAN_LSP calls the ALAN_MON to modify the data.
If this is the first send-Call, then the new lenght of the data are the old lenght.
If we don´t have a measurement of the datarate, we use a default instead.

24. How that work? - Send (Part 2)
ALAN_MON calculate the rate with the application will send the data.
ALAN_MON calculate the needed new lenght of the data, and calls then the EE.
The EE modify the data.
The ALAN_LSP measures the datarate.

25. How that work? - Calculation of the application send rate.
size_of_last_senddata send_rate_of_ = the_application time - last_send_time

26. How that work? - Calculation of the new data lenght
size_of_unmodifyed_data sendrate of apl = new_size_of_data data_rate

27. What can a Execution Enviroment do?
Nothing (only a dummy)
Call an other Execution Enviroment
Implement a Virtual Maschine or Just everything that can modify data.

28. Limits of the architecture
Unknown transport level protocols
Unknown application layer protocol
Unknown subtype of data
Connectionless network connection
Broadcast,Multicast and Anycast (Anycast is only TCP/IPv6)

29. News and Tomorows Windows
Windows XP SP2
Windows 2003
Windows 64 Bit Edition
Windows Longhorn

30. Yesterdays Windows Windows 1.0 to 3.11 Windows 95 Windows 98 and ME
Windows NT 3.x
Windows NT4.0
Windows CE

31. Portability
Winsock 1.1
MSDOS and Windows to 3.11
OS not from MS

32. Protocols TCP/IP

33. Any Questions left?
This presentation end now. Are any questions left? This presentation can be downloaded from