ASIC/FPGA Design and Verification Out Source Services
IP TTL filter
digital design, implemented in VHDL.
-
This project implements an IP TTL filter in hardware. If an IPV4
packet is identified, the DUT checks its TTL field. Based on previous values of TTL in former packets,
the machine decides if the packet is spoofed or not. The main page
of this
project.;
-
To verify the IP filter a reference model has to be build. Due to the DUT specific
memory model,
which allows any memory size (first packets to arrive are stored and served), the exact timing of DUT
analysis is hardly predictable. Cycle accurate verification models are not good practice anyways.
Therefore an easy way to implement the reference model is to use some sort of lists.
-
At work, using c++ and DPI, I have a lot of flexibility of STL containers, vector, double ended queue, list
etc... Where speed is traded with access features.
This project is coded, design and verification, using only VHDL. So I decided to use VHDL linked list
feature.
-
First I define the main item of the reference model. The fields are info collected from an incoming packet
and used to find out if this packet is spoofed or not.
--scorebaord item (IPV4)
type scbd_item;
type scbd_item_ptr is access scbd_item; -- pointer to item
type scbd_item is record -- full definition of item
--ignore flag if a packet starts and DUT is in freeze mode, ignore that packet
ignore : boolean;
ttl : std_logic_vector( 7 downto 0); --ttl
ips : std_logic_vector(31 downto 0); --source ip
cnt : std_logic_vector( 3 downto 0); --count
learning : boolean;
pkt_in_t : time; --packet in time (debug)
next_rec : scbd_item_ptr;
end record;
-
If a packet is detected as IPV4, the reference model starts to collect relevant data:
if(scbd_start and packet_loc = c_ttl_loc) then
--get ttl
new_sbd := new scbd_item;
new_sbd.ttl := fifo_data;
new_sbd.pkt_in_t := now;
new_sbd.ignore := o_freeze_q = '1';
end if;
...
-
In vhdl linked lists the very first item is simply added. For the rest, in the IP filter model,
the list has to be first searched to see if an entry for the incoming packet already exists.
if(scbd_start) then --add to scoreboard
if(scbd_first) then
new_sbd.learning := true;
new_sbd.cnt := (others =>gt; '0');
scbd_ptr := new_sbd;
scbd_first := false;
else
tmp_ptr := scbd_ptr;
scbd_found := false;
scbd_loop := true;
while(scbd_loop) loop --find last
--check if this ip was stored before
if(not scbd_found) then
if(new_sbd.ips = tmp_ptr.ips) then
scbd_found := true;
if(tmp_ptr.learning) then --learning
...
end if;
end if; --if(not scbd_found)
scbd_loop := tmp_ptr.next_rec /= null;
--write(my_line, string'("new "));
--hwrite(my_line, new_sbd.ips);
--write(my_line, string'(" tmp "));
--hwrite(my_line, tmp_ptr.ips);
--write(my_line, now);
--writeline(output, my_line);
tmp_ptr := tmp_ptr.next_rec;
end loop; --while(tmp_ptr.next_rec /= null)
if(not scbd_found) then
new_sbd.learning := true;
--add new entry to end of the linked list
new_sbd.cnt := (others =>gt; '0');
tmp_ptr := scbd_ptr;
while(tmp_ptr.next_rec /= null) loop
tmp_ptr := tmp_ptr.next_rec;
end loop;
tmp_ptr.next_rec := new_sbd;
assert false report "scbd not first " severity warning;
end if;
end if;
end if;
scbd_start := false;
end if;
end if;
end if;
end if;
end process;--p_packet_loc
|
Search This Site
Feedback This Site
new pages on this site