1. IntroductionΒΆ

Software-based middleboxes are gaining popularity due to recent interest in network management technologies such as network functions virtualization (NFV) and software-defined networking (SDN). A significant portion of today’s middleboxes are stateful, i.e., they operate by keeping track of application-level protocols as well as TCP-level flow states. Examples of such middleboxes include network intrusion detection/prevention systems (NIDS/NIPS), stateful firewalls, protocol analyzers, stateful NATs, etc. They are indispensable in modern networks as they provide key functionalities in daily network operation.

Building stateful middleboxes that manage flow/application states, however, is very challenging. The foremost difficulty comes from the requirement of tracking the states of various network layers for correct middlebox operation. They need to parse each packet, update TCP flow states, reassemble flow buffers, and follow the application semantics, to infer the behavior, to analyze the application data, and to protect the network from malicious attacks. Organizing the code that maintains the states from different layers for a large number of flows is non-trivial, and unfortunately, we observe that the difficulty is translated into complexity in the source code in many open-source projects.

In this project, we defuse the complexity by providing a resuable networking stack for TCP-flow processing, statful middleboxes. We call it mOS networking stack. The mOS networking stack allows developers to write their core middlebox logic without worrying about maintaining flow states. The role of the mOS networking stack is similar to that of the TCP stack in a general-purpose OS kernel except that it helps write stateful middleboxes whereas the kernel TCP stack helps write TCP end-host applications.

The mOS networking stack offers a “Berkeley socket-like” API with which one can write a middlebox in event-driven programming. Middlebox developers can express their custom middlebox logic by registering flow-level events via the API while the underlying mOS networking stack monitors the events and triggers them through user-provided callback functions. The implementation of the mOS stack and its API is based on mTCP, a highly scalable user-level TCP stack, and extends the socket interface to support monitoring of bi-directional flows. Our experience with porting popular open-source middlebox applications reveals that the mOS API not only improves the modularity of the code, but also simplifies the codebase with little performance degradation.


A copy of this text first appeared in a technical report.