Description
Part B Details
Task
For Assignment 01b on Mimir, you must make your data structures generic using templating. To make a templated class, you will replace all the instances of NetworkPacket with a generic template type. Because this change is incompatible with the code you wrote in the previous part, it is a separate assignment on Mimir.
Templated classes make use of the “template<typename T>” syntax, and instantiated objects use brackets to specify the type. For instance, Node<int> would specify a Node capable of holding an integer, while Node<NetworkPacket> would store a NetworkPacket like the Node created in the previous part.
Templates can be a little odd in C++. Because they only specify a pattern for a class or function, an instantiation in source is still needed to actually generate the corresponding functions in the object files. For instance, you will need to place “template class DoublyLinkedList<NetworkPacket>;” at the bottom of DoublyLinkedList.cpp for the linker to find an instance of the list that holds NetworkPacket objects. Those classes with only header files do not suffer this limitation
Fortunately, after writing the classes for 01a, all of the internal class logic should be resolved. For this part, you only need to focus on adapting to templated classes. The tests for each class are all-or-nothing—they either compile and link or not. In recognition of the difficulty in getting templates working correctly, this part has a larger percentage of points available from the manual code review.
Point Distribution
This part comprises 20% of the overall assignment score. That is distributed as follows:
-
10% – Autograded
-
-
3% for Node
-
-
-
5% for DoublyLinkedList
-
-
-
1% for Queue
-
-
-
1% for the full program
-
-
10% – Manual Code Review
-
-
This will include readability and commenting of code
-
-
-
You can gain partial credit for having some template code in place, even if it’s not to the point of running for the autograded tests
-
Additionally, 5% extra credit is available for small added challenges. See the Appendix for information about this.
The completed assignment for both parts is due by end of day February 11.
Appendix
Extra Credit Challenges
Blocking IP Addresses
Another application of a router beyond determining where next to send traffic (like our internal vs. external example), is when to ignore traffic. One popular form of cyberattack is called Denial of Service in which a remote endpoint, or many endpoints in a distributed attack, will send so many requests to a server that it becomes overwhelmed and unable to respond to any requests. These types of attacks have been used quite successfully in recent years to bring down major websites4.
One popular method of countering a denial of service is maintaining a list of blocked source addresses. If a server is receiving too many requests from a specific location, it can temporarily or permanently add that IP address to an ignore list. Subsequent requests will not be processed.
For 3 points of extra credit, you can extend the NetworkRouter.h and NetworkRouter.cpp file to include a function loadBlockedAddresses(std::string filename).
loadBlockedAddresses(std::string filename) reads from a file which has an IPv4 address on each line. These addresses should be stored in a list so it can be checked when processing requests if they should be sent on or ignored.
Hints:
-
The Assignment 01b starter code includes a sample “blocked.txt” and runner for testing the loadBlockedAddresses behavior.
-
You may use any list structure, such as a vector, to store the blocked addresses for this part. Your templated linked list would be able to store strings as well. You may need to add an instantiation such as “template class DoublyLinkedList<std::string>;” to the bottom of DoublyLinkedList.cpp for this purpose.
-
You will need to add a small amount of logic in processRequests() to determine if the request comes from a blocked source before sending it on or not.
Filtering Packets with Potential SQL Injection
Another type of cyberattack which is perhaps less prominent today is called SQL Injection. The basic idea behind this attack is to attempt to leak database commands through a website’s interface.
For example, imagine Alice is registering a new account on a website. In the “Username” field, it presents a blank box for her to enter her preferred username. The website designers might expect this:
But what is she were to enter something like this:
Alice may be making a guess that the website is storing users in a specific kind of database with a table called “Users”. Furthermore, if they’re taking the user’s input directly and feeding it into a database query, it might look something like this:
INSERT INTO Users (Username) VALUES (‘<data from user form>’);
INSERT INTO Users (Username) VALUES (‘Alice’); is perfectly innocuous and has the desired effect of adding an entry for the username “Alice”.
INSERT INTO Users (Username) VALUES (‘Alice’); DROP TABLE Users; ); is
decidedly not harmless, and in the language of databases, this could cause the system to delete the entire Users table. As is often the case, xkcd has a topically-relevant comic.
A method to prevent this type of attack is called input sanitization. It adds a processing step that ensures no database commands are present in the user-supplied values. There are a number of sophisticated ways to sanitize input. The most basic one is to simply find and replace dangerous symbols like semicolons5.
For 2 points of extra credit, you can add a processing step in NetworkRouter.cpp’s processRequests() function that causes it to ignore packet’s whose data include both “POST” and a semicolon (;). POST requests are one of many ways to send data to a server, and we use a semicolon as a rough proxy for a potential database command.
Hint: You may “find” that std::string has a helpful search function for this.
Note: This is an extreme simplification of the problem, and we’re playing with the network layers in this example. It’s true that this type of raw content filtering could be performed in the days of HTTP traffic, but today, due to the preponderance of HTTPS-encrypted packet data, this type of content filtering or input cleaning is performed at the application layer rather than by a router.
9 of 9
