I. Field
The present disclosure generally relates to network devices. More particularly, the disclosure relates to multi-homing network devices.
II. Description of Related Art
In recent years, the number of wireless handsets in operation has increased dramatically. With the increase in demand for these mobile devices, the manufacturers are building these devices to include numerous data services. This convergence of data services can make wireless devices powerful resources for data networking. However, due to the increase in data services provided by wireless devices, the number of nefarious attacks on wireless devices has also increased. Hence, there is an increasing concern to protect these devices from malicious attacks.
Wireless telephones have become multi-homing devices that include many data interfaces through which the wireless telephones can accept and send data. At any time, within a particular wireless telephone, more than one of these data interfaces can be open for direct data transfer with the Internet, or another data network. The data protocol stack in the mobile device is mostly transparent to the multiple data interfaces of the device. Further, the data protocol stack can accept data from any of the data interfaces as long as the protocol address of the incoming data matches the protocol address of the phone. As such, the wireless telephone is open and vulnerable to many attacks from the Internet and other data networks.
For example, when a packet is received on a data interface at a multi-homing device, the packet can be routed to an appropriate socket, or application. In general, for a socket that is connected using transmission control protocol (TCP), a packet is routed to the socket based on four (4) tuples, e.g., source address (src_addr), source port (src_port), destination address (dst_addr), and destination port (dst_port). For a socket that is connected using user datagram protocol (UDP), a packet is routed to the socket based on two tuples, e.g., destination address (dst_addr) and destination port (dst_port). For other protocols, such as Internet control message protocol (ICMP) or non-Internet protocol (IP) based protocols, other fields in the network and transport layer headers can be used.
Unfortunately, in a multi-homing device the parameters described above may not be able to uniquely identify a data interface for several reasons. For example, the data interfaces within a multi-homing device may be assigned duplicate private addresses. Also, multiple applications within the multi-homing device may try to access the same service using different network data interfaces. In such scenarios, the applications may bind to the same service access point (SAP), e.g., the same port number in case of UDP or TCP. As such, it may not be possible to correctly route a packet to the appropriate destination application.
A multi-homing device may also be vulnerable to spurious attacks via the different data interfaces available at the multi-homing device. For example, in a typical multi-homing device, an application installed therein can receive data from any network data interface as long as the data interface is open for data transfer and the data protocol addresses, e.g., IP address, port number, etc., match with that of the application.
Apart from security considerations, data network providers are also concerned about the billing and usage of various services and technologies available to the mobile telephones on the data networks. For example, there is a certain cost associated with each new service and technology that a data network provider provides and carriers are typically interested in hassle free discrete billing of various services used by the mobile phone user. If an application within a mobile telephone is restricted to use certain data interfaces available at the mobile telephone for data transfers, it can be easier for the carrier network to track the billing and cost associated with the usage of the different technologies and services distinctly, based on per-data interface usage.
Additionally, in a multi-homing networking device the port space for networking applications is usually shared between all of the data interfaces available to the device. If an application is using a particular port number for data transfer on a particular data interface, no other application can use the same port number—even if the other application is using a completely different data interface. This can be an unnecessary restriction for a device that may need to run different services on different data interfaces but with the same port number. For example, the network device can include two different web servers that use the same port number, e.g., port eighty (80), but on different data interfaces. Most network devices do not allow this flexibility. Some implementations allow binding to a port for all of the data interfaces or for a specific data interface, i.e., one interface or all interfaces.