ASIC/FPGA Design and Verification Out Source Services
IP TTL filter digital design, implemented in VHDL.
-
This project implements an IP TTL filter in hardware. If an IPV4
packet is identified, the DUT checks its TTL field. Based on previous values of TTL in former packets,
the machine decides if the packet is spoofed or not. The main page
of this
project.
-
This page describes the main Finite State Machine and discusses some cool ways to implement it. The
design and bench are written in VHDL. A simple method to measure state machine transition
coverage, is
demonstrated
as well.
-
The second byte from the incoming packet source IP is used as an hash address. If no entry exists
in memory,
packet info like source IP and TTL, learning count and flag,
are simply written and a learning phase for this packet (tagged by the incoming packet source IP)
starts. For a programmable number of times, the field TTL, of an identified IPV4 incoming packet,
is extracted and
averaged.
Once that the learning phase ends, the TTL field of an incoming packet source IP is checked
against the learned one. If it exceeds a check window range, a
spoof indication is issued.
For more details on this project, please send an e-mail
and put in the subject:
IP TTL filter.
-
The main states and the transitions between them is shown by the following diagram:
|