POF表项指令和动作的合法性检测

计算机与现代化 ›› 2020, Vol. 0 ›› Issue (10): 23-30.

POF表项指令和动作的合法性检测

(1.中国科学院声学研究所国家网络新媒体工程技术研究中心，北京100190;2.中国科学院大学，北京100049)

出版日期:2020-10-14 发布日期:2020-10-14
作者简介:封栋(1995—)，男，山西大同人，硕士研究生，研究方向：软件定义网络，可编程数据平面，E-mail: fengd@dsp.ac.cn; 通信作者：陈晓(1964—)，男，研究员，硕士，研究方向：网络通信，新媒体技术，E-mail: xxchen@dsp.ac.cn。
基金资助:
中国科学院战略性科技先导专项课题(XDC02070100)

Validity Check of Instructions and Actions of POF Entries

(1. National Network New Media Engineering Research Center, Institute of Acoustics, Institute of Acoustics,
Chinese Academy of Sciences, Beijing 100190, China; 2. University of Chinese Academy of Sciences, Beijing 100049, China)

Online:2020-10-14 Published:2020-10-14

摘要/Abstract

摘要： POF协议是SDN的一种南向接口协议，相较于经典的OpenFlow协议具有协议无关、灵活性强的特点。在关于POF协议的最近研究中，学者们为POF增加了比较和跳转等动作和指令，使得每个表项可以实现的功能更为强大。但指令数量和功能的增加也为软件交换机对于表项指令和动作的解释执行过程带来了更大的不稳定性。本文旨在通过对表项的静态检查提前发现使得软件交换机崩溃的情形，从而提高系统的鲁棒性。首先分析POF表项动作和指令的特点，并设计检测方案的架构；接着提出基于控制流图的检测算法，用于发现表项中的指令错误、不可达指令和循环块；进一步地，针对出现的循环块，提出一种基于强连通分量的检测算法，用于判断循环块的合法性。在POF交换机上的实验表明，本文所述方案可以准确检测出常见的表项错误，为软件交换机的可靠性提供保证。同时，不同于通常的检测程序，本文的检测方案在设计时着重考虑检测效率，整体检测方案具有线性复杂度，可以实现对流表表项的实时检测。

关键词: 静态检测, POF协议, 流表表项, 控制流图, 强连通分量

Abstract: The POF protocol is a southbound interface protocol of SDN. Compared with the classic OpenFlow protocol, POF is protocol-independent and flexible. In recent research on the POF protocol, scholars have added actions and instructions such as comparison and jump to the POF, making each table entry more powerful. However, the increase in the number of instructions and functions has also brought greater instability to the interpretation and execution of entry instructions and actions by software switches. The purpose of this article is to improve the robustness of the system by statically checking for situations that cause software switches to crash in advance. We first analyze the characteristics of the POF matching action table and design a specific detection scheme. Then a control flow graph-based detection algorithm is proposed to find instruction errors, unreachable instructions, and loop blocks in the entries. Further, for a cyclic block, a detection algorithm based on a strongly connected component is proposed to determine the validity of the cyclic block. Experiments on POF switches show that the scheme described in this article can accurately detect common entry errors and provide reliability for software switches. At the same time, the detection is light and fast, so that it can detect flow table entries in real time.

Key words: static detection, POF protocol, flow table entry, control flow graph, strongly connected component

封栋, 陈晓. POF表项指令和动作的合法性检测[J]. 计算机与现代化, 2020, 0(10): 23-30.

FENG Dong, CHEN Xiao. Validity Check of Instructions and Actions of POF Entries[J]. Computer and Modernization, 2020, 0(10): 23-30.

参考文献［27］

［1］	张朝昆,崔勇,唐翯祎,等. 软件定义网络（SDN）研究进展［J］. 软件学报, 2015,26(1):62-81.
［2］	MCKEOWN N, ANDERSON T, BALAKRISHNAN H, et al. OpenFlow: Enabling innovation in campus networks［J］. ACM SIGCOMM Computer Communication Review, 2008,38(2):69-74.
［3］	左青云,陈鸣,赵广松,等. 基于OpenFlow的SDN技术研究［J］. 软件学报, 2013,24(5):1078-1097.
［4］	BOSSHART P, DALY D, GIBB G, et al. P4: Programming protocol-independent packet processors［J］. ACM SIGCOMM Computer Communication Review, 2014,44(3):88-95.
［5］	〖JP+2〗SONG H Y. Protocol-oblivious forwarding: 〖JP+3〗Unleash the power of SDN through a future-proof forwarding plane［C］// Proceedings of the 2nd ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking. 2013:127-132.
［6］	BOSSHART P, GIBB G, KIM H-S, et al. Forwarding metamorphosis: Fast programmable match-action processing in hardware for SDN［C］// Proceedings of the ACM SIGCOMM 2013 Conference on SIGCOMM. 2013:99-110.
［7］	CHOLE S, FINGERHUT A, MA S, et al. dRMT: Disaggregated programmable switching［C］// Proceedings of the 2017 Conference of the ACM Special Interest Group on Data Communication. 2017:1-14.
［8］	赵敏,田野. P4与POF协议无关可编程网络技术比较研究［J］. 网络新媒体技术, 2018,7(1):54-58.
［9］	刘小龙,朱明. 在POF上实现内容中心网络［J］. 网络新媒体技术, 2018,7(2):16-21.
［10］	曹作伟,陈晓,倪宏,等. 应用于协议无感知转发交换机的流缓存方法［J］. 电子与信息学报, 2018,40(11):2772-2778.
［11］	CANINI M, VENZANO D, PERESINI P, et al. A NICE way to test OpenFlow applications［C］// Proceedings of the 9th USENIX Symposium on Networked Systems Design and Implementation (NSDI). 2012:127-140.
［12］	NOTZLI A, KHAN J, FINGERHUT A, et al. P4pktgen: Automated test case generation for P4 programs［C］// Proceedings of the 2018 Symposium on SDN Research. 2018: Article No. 5, DOI: 10.1145/3185467.3185497.
［13］	STOENESCU R, DUMITRESCU D, POPOVICI M, et al. Debugging P4 programs with Vera［C］// Proceedings of the 2018 Conference of the ACM Special Interest Group on Data Communication. 2018:518-532.
［14］	张仕金,尚赵伟. Cppcheck的软件缺陷模式分析与定位［J］. 计算机工程与应用, 2015,51(3):69-73.
［15］	张林,曾庆凯. 软件安全漏洞的静态检测技术［J］. 计算机工程, 2008,34(12):157-159.
［16］	周宽久,郑红波,赖晓晨,等. 基于XML的软件安全静态检测方法研究［J］. 计算机工程与应用, 2010,46(28):64-69.
［17］	姬秀娟,杨巨峰,许静,等. 基于递推链代数与迭代序列敛散性的死循环检测［J］. 计算机学报, 2013,36(11):2245-2256.
［18］	周雷,陈克非. 基于符号运算的归纳变量识别与约化［J］. 计算机工程, 2010,36(24):71-73.
［19］	常慧娟. 基于循环变量的死循环检测［J］. 自动化技术与应用, 2015,34(4):44-46.
［20］	ALLEN F E. Control flow analysis［J］. ACM SIGPLAN Notices, 1970,5(7):1-19.
［21］	杜子德. 程序控制流图:一种可视化的程序设计工具［J］. 计算机研究与发展, 1995,32(12):15-20.
［22］	马红途,赵荣彩,苏彦兵. 控制流图上支配关系计算方法的分析与实现［J］. 计算机科学, 2009,36(3):54-57.
［23］	陈燕,江克勤. 求强连通分量的几种算法的实现与分析［J］. 电脑知识与技术, 2011,7(9):2140-2142.
［24］	SHARIR M. A strong-connectivity algorithm and its applications in data flow analysis［J］. Computers & Mathematics with Applications, 1981,7(1):67-72.
［25］	BLOEM R, GABOW H N, SOMENZI F. An algorithm for strongly connected component analysis in n log n symbolic steps［C］// Proceedings of the 3rd International Conference on Formal Methods in Computer-Aided Design. 2000:37-54.
［26］	TARJAN R. Depth-first search and linear graph algorithms［C］// Proceedings of the 12th Annual Symposium on Switching and Automata Theory. 1971:114-121.
［27］	DUMITRESCU D, STOENESCU R, POPOVICI M, et al. Equivalence and its applications to network verification［C］// Proceedings of the ACM SIGCOMM 2018 Conference on Posters and Demos. 2018:21-23.

[1]	孙炳林，庄毅. 一种基于Native层的Android恶意代码检测机制[J]. 计算机与现代化, 2019, 0(05): 1-.
[2]	周丹丹;李先国. 基于静态检测工具的软件缺陷检测模型研究[J]. 计算机与现代化, 2012, 1(11): 55-58.
[3]	夏玉辉李鸣万琳王洪艳. 一种基于故障模型的代码静态测试方法研究[J]. 计算机与现代化, 2011, 1(2): 0-80.