ASIC/FPGA Design and Verification Out Source Services

IP TTL filter digital design, implemented in VHDL.

1. This project implements an IP TTL filter in hardware. If an IPV4 packet is identified, the DUT checks its TTL field. Based on previous values of TTL in former packets, the machine decides if the packet is spoofed or not. The main page of this project.


2. This page describes the main Finite State Machine and discusses some cool ways to implement it. The design and bench are written in VHDL. A simple method to measure state machine transition coverage, is demonstrated as well.


3. The second byte from the incoming packet source IP is used as an hash address. If no entry exists in memory, packet info like source IP and TTL, learning count and flag, are simply written and a learning phase for this packet (tagged by the incoming packet source IP) starts. For a programmable number of times, the field TTL, of an identified IPV4 incoming packet, is extracted and averaged. Once that the learning phase ends, the TTL field of an incoming packet source IP is checked against the learned one. If it exceeds a check window range, a spoof indication is issued.
   For more details on this project, please send an e-mail and put in the subject:
   IP TTL filter.


4. The main states and the transitions between them is shown by the following diagram: