TCP Migrate Option Support for Linux

Version 1.3  August 25, 2001

CHANGES SINCE VERSION 1.2

  + Remove extraneous files in patch file.
  + Fixed bug related to initializing migrate parameters.

CHANGES SINCE VERSION 1.1

  + Documented new system calls.

CHANGES SINCE VERSION 1.0

  + Force a TCP timeout after migration to speed retransmission.
  + Moved to Linux 2.2.17 kernel
  + Now conform to IETF Internet-Draft <draft-snoeren-tcp-migrate-00.txt>


INSTALLATION INSTRUCTIONS

Apply this patch to the Linux-2.2.17 kernel as you would any other.  From the
directory containing the Linux source tree, issue the command:

patch -p0 < migrate-patch-2_2_17

Then configure your kernel.  Be sure to enable TCP Migrate support in
the networking options section.  If you would like secure connection
migration using Elliptic Curve Diffie Hellman cryptography, you should
also enable the MIRACL crypto library support.  Be sure to download
the MIRACL library and install the patches provided on our web site
first.


ENABLING/DISABLING MIGRATE SUPPORT

After building and installing your patched kernel, you must enable TCP
connection migration.  This is currently done at a system-wide level
through the proc filesystem interface to the sysctl variables.  The
following entry controls TCP migration:

/proc/sys/net/ipv4/tcp_migrate

It is disabled by default.  Writing a non-zero value to the file
enables connection migration.  The entry:

/proc/sys/net/ipv4/tcp_migrate_curve

controls the ECDH curve used for secure migration.  The default value is 0, 
for insecure migrations.  The only currently available option is curve 1, the
default 191-bit EC2 curve provided with the MIRACL library.  Other curves
will be added in later releases.


MIGRATE USAGE INSTRUCTIONS

Processes wishing to migrate their own TCP sockets can issue an ioctl
using SIOCPROTOPRIVATE as the request value, and passing a sockaddr_in
with the new address/port pair to bind to.  For example:

{

struct protoent *proto;
struct sockaddr_in saddr;
int s;

/* Open a TCP socket to saddr */
proto = getprotobyname("tcp");
s = socket(AF_INET, SOCK_STREAM, proto->p_proto);
connect(s, saddr, sizeof(struct sockaddr_in);

/* Change saddr to some other interface */
...

/* Migrate the connection to the new interface */
ioctl(s, SIOCPROTOPRIVATE, saddr);

}

More commonly, connections can be migrated through the /proc
filesystem.  /proc/net/migrate contains entries for each open
connection that has successfully negotiated the migrate option.  The
connections may be migrated by writing a 32-bit IP address in network
byte order to the entry of choice.  For example,

echo 0x7f000001 > "/proc/net/migrate/18.31.0.66:1023->18.31.0.66:22"

Would migrate the connection from 18.31.0.66:1023 to the localhost
interface.  Note that changing ports is currently not supported
through the /proc interface.




NEW TCB SYSCALLS USAGE

This patch adds two new syscalls, that get and set socket state,
respectively.  These system calls are needed to preload a socket
buffer to use Migration across servers.  These syscalls are defined
as:

#define SYS_GETSOCKSTATE 18             /* sys_getsockstate(2)          */
#define SYS_SETSOCKSTATE 19             /* sys_setsockstate(2)          */


The C code below defines functions getsockstate() and setsockstate()
that interface with these system calls to provide the desired
functionality.  Example code can be found on our web page (the URL is
below).

/*
 * Interface to the kernel migrate code
 */

_syscall2(int, socketcall, int, call, unsigned long *, args);

int
getsockstate(int s, struct sockstate *state, int len)
{
    unsigned long buff[3];
    
    buff[0] = s;
    buff[1] = (unsigned long)state;
    buff[2] = (unsigned long)&len;
    
    return socketcall(18, buff);
}

int
setsockstate(int s, struct sockstate *state, int len)
{
    unsigned long buff[3];
    
    buff[0] = s;
    buff[1] = (unsigned long)state;
    buff[2] = len;
    
    return socketcall(19, buff);
}


For further information, please consult our web page

http://nms.lcs.mit.edu/projects/migrate


Send any questions, comments, or bug reports to

Alex C. Snoeren
snoeren@mit.edu
