Cluster Filter Modules

Home/Documents/Development/High-Level Design/Cluster Filter Modules
 Project Closed
 Site Index
 User Docs
 Introduction to ANet
 High-Level Design
 Run-Time Wrapper
 Client Connection Modules
 Data Transformation Modules
 Client SDK
 Cluster Group Modules
 Cluster Filter Modules
 Core Modules
 Handshaking Protocol Modules
 Packet Protocol Modules
 Connection Protocol Modules
 Bandwidth Manager Module
 Document Type Definition (DTD)
 Low-Level Design
 Protocol Specifications
 Task List
 Development Roadmap
 Other Docs
 Mailing Lists
 Contacting Us


by Benad

The Cluster Filter Modules are used to filter incoming and outgoing data in a cluster.

Table of Contents


Role of the Filter Modules

The Cluster Filter Modules simply filters data coming in or out of a cluster. There could be various reasons why one would want to filter some packets, and this kind of module easily allows developers to do that.

The filtering can be based on the data contained in the packets, the service number, or based on the information given by the Bandwidth Manager.

Also, a Filter Module can decide to force disconnection of an ANet connection to the network if the same connection is not "following the rules" defined by the Filter Module(1). Thus, the Filter Modules have to very important role of defining the security requirements of a cluster; any connection that does not follow the security requirements of the Filter Module should eventually be disconnected.

Input/Output for the Filter Modules

As input, the Filter Modules will have a list of the AIPs[1] that can be filtered and a list of the connection IDs that want to send or receive that data.

As output, you have to produce two lists. The first list is a list of indexes of the AIPs you want to delete. For example, if the fifth AIP in the input list of AIPs has to be deleted, then you add "5" to the list of AIP indexed to be deleted(2). The second list is a list of connection IDs to be deleted.

Other Functions

One other function has to be implemented in the Filter Modules, while another one is optional, but can be very useful for the deamon.

The first function, the required one, gives as output its own definition of the security requirements. This definition consists of a "definition kind" and the definition itself. The definition will be used be the Handshaking Protocol Modules to tell to the other node what are the security requirements of the cluster.

The second function, the optional one, is used to do "forced" filtering. The function will be called by the deamon when it finds out that to much data is trying get out at the same time. Without this function, the deamon will delete random packets, which might not be very good if some packets can be considered as more important than others. The input and output for this function is similar to the "main" function of the Filter Modules, but it additionally has both the total size of the AIP list, and the size, in bytes, of what needs to be deleted.

Implementation Notes


See the complete DTD for more information.

<!-- Cluster Filter Module -->
<!ELEMENT ClusterFilter EMPTY>
<!ATTLIST ClusterFilter %moduleName; %args; %security;>


(1) The "origin or destination" part of the AIP, when inside a Filter Module, is a connection ID.

(2) Thus, you don't have to fill an list of the unfiltered AIPs. Anyways, that would be too awkward.


About the references...

[1] Benad: "Cluster Group Modules". Local link.

Last update for this document: August 24, 2001, at 1:24:32 PST