Solutions to Sample Problems on the Exam Study Guide (Remember: these problems are meant to complement those found in past assignments, quizzes and scary tests.). And don't look until you've tried them first. 1. Explain what's wrong with the following rules. Don't correct it. Describe what's wrong a. iptables -A INPUT -p udp -p tcp --dport 53 ! -s 10.1.0.0/16 -j DROP an ip packet's protocol field can only hold one number, 6=tcp, 17=udp, it can't be both b. iptables -A OUTPUT -i ens1 -p tcp --dport 79 -j DROP can specify an input interface with -i in the OUTPUT chain c. iptables -t nat -A POSTROUTING -p udp --dport 53 -j DNAT --to 10.1.0.1:53 DNAT is done in the PREROUTING chain. You have to change the destination address before you route, else it won't get where it's supposed to go. 2. Suppose you used the following rules on a router: iptables -A FORWARD -d 147.4.180.0/24 -p udp --dport 53 -j DROP iptables -t nat -A PREROUTING -d 147.4.180.0/24 -p udp --dport 53 -j DNAT --to 10.1.0.3 Assume there are no other rules in effect and the the default policy of FORWARD is ACCEPT. Explain carefully the effect of the above two rules. What will happen to udp dport 53 packets going to 147.4.180.0/24? See 1c above: the DNAT rule is executed before the filter FORWARD rules are even consulted, so the FORWARD rule has no effect: the packets that FORWARD sees has -d 10.1.0.3. The DNAT rule redirects all connections to a DNS server on the 147 subnet to 10.1.0.3. 3. Suppose you're running a router for the subnet 10.1.0.0/16 so they can share your real IP address, 96.57.41.74, on the internet. Write a iptables rule to affect that. iptables -t nat -A POSTROUTING -s 10.1.0.0/16 -j SNAT --to 96.57.41.74 Be careful: I could trie to trick you by saying "subnet 10.1.0.6 is on interface ens1". You can't specify a -i interface in the POSTROUTING chain and the -o interface won't be on ens1 4. Explain what does it mean for a udp "connection" to be in --state ESTABLISHED Why is udp called a "connectionless" protocol if a connection can be established? A udp packet contains no information about a sustained connection. There is nothing that relates one packet to another. However, we can use udp to connect to a server, there is just nothing within udp itself that maintains the connection - it has to be recognized externally. The request and response packets to and from the server are certainly "connected", and this is what the Linux kernel tracked. If a packet with source ip:port A:P has been sent to B:Q, then (within a time limit), packets from B:Q to A:P will be recognized as part of an "ESTABLISHED" connection. 6. Explain as precisely as possible how a TCP sender uses the "advertise window" of the receiving side. The ammount of information that has been sent, but have not been acknowledged, must be <= the ad window of the peer. 6b. Does a TCP agent acknowledge a packet as soon as it's received? If not, describe a specific situation in which the acknowledgement will be delayed. Only packets that have arrived in order are ack'ed. Out-of-order packets are buffered, but not ack'ed. 7. In what way is the Jacobson/Karels algorithm an improvement over the original algorithm, which only took the weighted average of sample RTTs? The original algorithm does not take into account possibliy large variances in the samples, which means that the average is not really a realiable measure. J/K also keeps track of the average variance. 7b. Will a larger average deviation value lead to a longer or shorter timeout value with the Jacobson/Karels algorithm? Explain using either math, or careful reasoning. longer (see above explanation). This is also clear from the formula: Timeout = ERTT + 4*DEV 10. Explain why the TCP congestion control algorithm is needed in addition to the sliding window algorithm. That is, what's the difference between "flow control" and "congestion control". Flow control is a mechanism that regulates the rate of transimission between the two endpoints of a connection. Each side knows, through the ad. window field of the TCP header, how much info the other side is capable of handling. When a network becomes congested, the TCP agents should also slow down their rates of transmission to lessen the burden on the network. But this is much more problematic since the TCP agents can't see the details of the congestion. It will thus simply interpret lost packets (no ack received) as signs of possible congestion (or use the ECN bit which allows it to know a little bit more of what's going on). 11. Given a Socket object cfd, explain the meaning of the call cfd.setTcpNoDelay(true); -- This will turn off Nagel's algorithm. It should rarely be used, because Nagel's algorithm will NOT delay sending small packets as long as all previously sent packets have been acknowledged. -------------- additional problems 4. In a statement such as: int r = din.read(buffer,0,128) Explain the precise meaning of: a. the last parameter b. the return value The last parameter is the maximum number of bytes to be read, the return value is the number of bytes actually read. 4b. in a java call to new ServerSocket(x); What value does x represent? x is the port number (in C, an unsigned short, in Java, an int) that the socket will bind to/ listen for connections on. 4c. Given a ServerSocket sfd, what value (if any) does sfd.accept() return? sfd.accept() returns a Socket object. 4d. What is ntohs in C for? explain why it's needed. Why is there no equivalent command in Java? network to host byte ordering convertion for short (16 bit values). When a two-byte numerical value such as a port number is received over the network, it needs to be converted to the internal form before being used locally. Java enforces network byte ordering (big endian) at the virtual machine level. 4e. Java has a DataInputStream.readUnsignedShort function but no DataOutputStream.writeUnsignedShort function. Explain why. A short is just a 16 bit value, so when writing, it doesn't matter how the 16 bits are to be interpreted. Only when reading do we need to be concerned that there's no unsigned short in Java, so the 16 bit value, if interpreted as an unsigned number, needs to be returned as a 32 bit int. 4f. In in Unix/C call to socket(AF_INET,SOCK_STREAM,0), what do the parameters AF_INET and SOCK_STREAM,0 signify? IP and TCP, respectively 5. Given a buffer in java byte[] A of length A.length, or a buffer unsigned char A[] of length Alength in C. Write a fragment of code that reads in exactly A.length (or Alength) number of bytes into the buffer (fill the buffer). hint: need while loop. static void readFully(DataInputStream din, byte[] buf) throws Exception { int len = buf.length; int br; // bytes read each time; int total = 0; while (total