ASIC/FPGA Design and Verification Out Source Services

IP TTL filter digital design, implemented in VHDL.

1. This project implements an IP TTL filter in hardware. If an IPV4 packet is identified, the DUT checks its TTL field. Based on previous values of TTL in former packets, the machine decides if the packet is spoofed or not. The main page of this project.


2. This page explains how I randomize the TTL field values. In this project I have already discussed the issue of generating random numbers. While previous case was merely delay between packets, this one is a little bit complex. When the DUT is in learning state (see FSM description), small changes in the TTL are required. Later an attack scenario is presented to the DUT, by vhdl bench.
   
   --random numbers generation
   signal rand_ttl_delta : std_logic_vector(3 downto 0) := "1000";
   signal rand_ttl_deltai : integer := 8;
   ...
                 rand_ttl_delta <= f_my_rand (4, rand_ttl_delta);
                 -- 3 2 1
                 -- 109876543210987654321098765
                 if(o_tot_cnt(31 downto 5) = "000000000000000000000000000") then
                   --small changes during average calculation (learning state)
                   gen_rand := "00" & rand_ttl_delta(1 downto 0);
                 else
                   gen_rand := rand_ttl_delta;
                 end if;
                 tmp_ptr.data := tmp_ptr.data + gen_rand;
                 --
                 write(my_line, string'("gen_rand "));
                 hwrite(my_line, tmp_ptr.data);
                 write(my_line, string'(" "));
                 --write(my_line, gen_ipv4);
                 hwrite(my_line, o_tot_cnt);
                 write(my_line, string'(" "));
                 write(my_line, now);
                 writeline(output, my_line);
   


3. Note that the random function does not work well with small vectors. So in one case, where randomization of of a two bit vector (0 to 3 range), was required, I used a larger vector and got better results in terms of random generation:
   
   --ip rand location
   signal rand_ip_loc : std_logic_vector(3 downto 0) := "1001";
   ...
               else --if(gen_ipv4 and packet_loc = c_ttl_loc-1)
                 rand_ip_loc <= f_my_rand(4, rand_ip_loc);
                 if(gen_ipv4 and packet_loc = (c_ips_loc-1+conv_integer(rand_ip_loc(1 downto 0)))) then
                 ...
   



4. For more details on this project, please send an e-mail and put in the subject:
   IP TTL filter.