diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 57cd9b6..449f0c2 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -2,5 +2,6 @@ add_subdirectory(timestamp) add_subdirectory(tuple) add_subdirectory(packet) add_subdirectory(dupkt_filter) +add_subdirectory(eviction_filter) add_subdirectory(session) add_subdirectory(stellar) \ No newline at end of file diff --git a/src/dupkt_filter/CMakeLists.txt b/src/dupkt_filter/CMakeLists.txt index 1dc6ad5..70b1c4b 100644 --- a/src/dupkt_filter/CMakeLists.txt +++ b/src/dupkt_filter/CMakeLists.txt @@ -3,7 +3,7 @@ ############################################################################### add_library(dupkt_filter dupkt_filter.cpp) -target_include_directories(dupkt_filter PUBLIC ${CMAKE_SOURCE_DIR}/src/dupkt) +target_include_directories(dupkt_filter PUBLIC ${CMAKE_SOURCE_DIR}/src/dupkt_filter) target_include_directories(dupkt_filter PUBLIC ${CMAKE_SOURCE_DIR}/src/packet) target_include_directories(dupkt_filter PUBLIC ${CMAKE_SOURCE_DIR}/src/timestamp) target_include_directories(dupkt_filter PUBLIC ${CMAKE_SOURCE_DIR}/deps/dablooms) diff --git a/src/dupkt_filter/dupkt_filter.cpp b/src/dupkt_filter/dupkt_filter.cpp index ee2bef2..f016339 100644 --- a/src/dupkt_filter/dupkt_filter.cpp +++ b/src/dupkt_filter/dupkt_filter.cpp @@ -6,19 +6,19 @@ #include "ipv4_helpers.h" #include "dupkt_filter.h" -struct packet_identify +struct dupkt_filter_key { // TCP uint32_t seq; uint32_t ack; - uint16_t sport; - uint16_t dport; + uint16_t src_port; /* network order */ + uint16_t dst_port; /* network order */ uint16_t l4_checksum; // IPv4 uint16_t ip_id; - uint32_t ip_src; - uint32_t ip_dst; + struct in_addr src_addr; /* network order */ + struct in_addr dst_addr; /* network order */ } __attribute__((__packed__)); struct dupkt_filter @@ -31,9 +31,13 @@ struct dupkt_filter struct expiry_dablooms_handle *handle; }; +/****************************************************************************** + * Private API + ******************************************************************************/ + // return 0: success // reutrn -1: error -static inline int packet_get_identify(const struct packet *packet, struct packet_identify *key) +static inline int packet_get_dupkt_filter_key(const struct packet *packet, struct dupkt_filter_key *key) { const struct layer_record *ipv4_layer = packet_get_innermost_layer(packet, LAYER_TYPE_IPV4); if (ipv4_layer == NULL) @@ -46,23 +50,27 @@ static inline int packet_get_identify(const struct packet *packet, struct packet return -1; } - memset(key, 0, sizeof(struct packet_identify)); + memset(key, 0, sizeof(struct dupkt_filter_key)); const struct ip *iphdr = (const struct ip *)ipv4_layer->hdr_ptr; key->ip_id = ipv4_hdr_get_ipid(iphdr); - key->ip_src = ipv4_hdr_get_src(iphdr); - key->ip_dst = ipv4_hdr_get_dst(iphdr); + key->src_addr = ipv4_hdr_get_net_order_saddr(iphdr); + key->dst_addr = ipv4_hdr_get_net_order_daddr(iphdr); const struct tcphdr *tcphdr = (const struct tcphdr *)tcp_layer->hdr_ptr; key->seq = tcp_hdr_get_seq(tcphdr); key->ack = tcp_hdr_get_ack(tcphdr); - key->sport = tcp_hdr_get_sport(tcphdr); - key->dport = tcp_hdr_get_dport(tcphdr); + key->src_port = tcp_hdr_get_net_order_sport(tcphdr); + key->dst_port = tcp_hdr_get_net_order_dport(tcphdr); key->l4_checksum = tcp_hdr_get_checksum(tcphdr); return 0; } +/****************************************************************************** + * Public API + ******************************************************************************/ + struct dupkt_filter *dupkt_filter_create(uint8_t enable, unsigned int capacity, double error_rate, int timeout_s) { struct dupkt_filter *filter = (struct dupkt_filter *)calloc(1, sizeof(struct dupkt_filter)); @@ -107,20 +115,20 @@ void dupkt_filter_destroy(struct dupkt_filter *filter) // return 1: found // reutrn 0: no found -int dupkt_filter_search(struct dupkt_filter *filter, const struct packet *packet) +int dupkt_filter_lookup(struct dupkt_filter *filter, const struct packet *packet) { if (filter->enable == 0) { return 0; } - struct packet_identify identify; - if (packet_get_identify(packet, &identify) == -1) + struct dupkt_filter_key key; + if (packet_get_dupkt_filter_key(packet, &key) == -1) { return 0; } - if (expiry_dablooms_search(filter->handle, (const char *)&identify, sizeof(struct packet_identify), timestamp_get_sec()) == 1) + if (expiry_dablooms_search(filter->handle, (const char *)&key, sizeof(struct dupkt_filter_key), timestamp_get_sec()) == 1) { return 1; } @@ -135,11 +143,11 @@ void dupkt_filter_add(struct dupkt_filter *filter, const struct packet *packet) return; } - struct packet_identify identify; - if (packet_get_identify(packet, &identify) == -1) + struct dupkt_filter_key key; + if (packet_get_dupkt_filter_key(packet, &key) == -1) { return; } - expiry_dablooms_add(filter->handle, (const char *)&identify, sizeof(struct packet_identify), timestamp_get_sec()); + expiry_dablooms_add(filter->handle, (const char *)&key, sizeof(struct dupkt_filter_key), timestamp_get_sec()); } diff --git a/src/dupkt_filter/dupkt_filter.h b/src/dupkt_filter/dupkt_filter.h index 075aca5..91d7132 100644 --- a/src/dupkt_filter/dupkt_filter.h +++ b/src/dupkt_filter/dupkt_filter.h @@ -15,7 +15,7 @@ void dupkt_filter_destroy(struct dupkt_filter *filter); // return 1: found // reutrn 0: no found -int dupkt_filter_search(struct dupkt_filter *filter, const struct packet *packet); +int dupkt_filter_lookup(struct dupkt_filter *filter, const struct packet *packet); void dupkt_filter_add(struct dupkt_filter *filter, const struct packet *packet); #ifdef __cpluscplus diff --git a/src/dupkt_filter/test/gtest_dupkt_filter.cpp b/src/dupkt_filter/test/gtest_dupkt_filter.cpp index 2182109..26db872 100644 --- a/src/dupkt_filter/test/gtest_dupkt_filter.cpp +++ b/src/dupkt_filter/test/gtest_dupkt_filter.cpp @@ -88,7 +88,7 @@ TEST(DUPKT_FILTER, TEST) struct dupkt_filter *filter = dupkt_filter_create(config.enable, config.capacity, config.error_rate, config.timeout_s); EXPECT_TRUE(filter != nullptr); - EXPECT_TRUE(dupkt_filter_search(filter, &pkt) == 0); // no found + EXPECT_TRUE(dupkt_filter_lookup(filter, &pkt) == 0); // no found dupkt_filter_add(filter, &pkt); // add for (int i = 0; i < 12; i++) @@ -97,11 +97,11 @@ TEST(DUPKT_FILTER, TEST) if (i < config.timeout_s) { - EXPECT_TRUE(dupkt_filter_search(filter, &pkt) == 1); // found + EXPECT_TRUE(dupkt_filter_lookup(filter, &pkt) == 1); // found } else { - EXPECT_TRUE(dupkt_filter_search(filter, &pkt) == 0); // no found + EXPECT_TRUE(dupkt_filter_lookup(filter, &pkt) == 0); // no found } sleep(1); printf("sleep[%02d] 1s\n", i); diff --git a/src/eviction_filter/CMakeLists.txt b/src/eviction_filter/CMakeLists.txt new file mode 100644 index 0000000..91c44b9 --- /dev/null +++ b/src/eviction_filter/CMakeLists.txt @@ -0,0 +1,12 @@ +############################################################################### +# eviction_filter +############################################################################### + +add_library(eviction_filter eviction_filter.cpp) +target_include_directories(eviction_filter PUBLIC ${CMAKE_SOURCE_DIR}/src/eviction_filter) +target_include_directories(eviction_filter PUBLIC ${CMAKE_SOURCE_DIR}/src/packet) +target_include_directories(eviction_filter PUBLIC ${CMAKE_SOURCE_DIR}/src/timestamp) +target_include_directories(eviction_filter PUBLIC ${CMAKE_SOURCE_DIR}/deps/dablooms) +target_link_libraries(eviction_filter packet timestamp dablooms) + +add_subdirectory(test) \ No newline at end of file diff --git a/src/eviction_filter/eviction_filter.cpp b/src/eviction_filter/eviction_filter.cpp new file mode 100644 index 0000000..a54ed7b --- /dev/null +++ b/src/eviction_filter/eviction_filter.cpp @@ -0,0 +1,172 @@ + + +#include + +#include "timestamp.h" +#include "dablooms.h" +#include "udp_helpers.h" +#include "ipv4_helpers.h" +#include "ipv6_helpers.h" +#include "eviction_filter.h" + +struct eviction_filter_key +{ + // UDP + uint16_t src_port; /* network order */ + uint16_t dst_port; /* network order */ + + // IPv4 or IPv6 + union ip_address src_addr; /* network order */ + union ip_address dst_addr; /* network order */ +} __attribute__((__packed__)); + +struct eviction_filter +{ + uint8_t enable; + unsigned int capacity; + double error_rate; + int timeout_s; + + struct expiry_dablooms_handle *handle; +}; + +/****************************************************************************** + * Private API + ******************************************************************************/ + +static void eviction_filter_key_reverse(struct eviction_filter_key *in, struct eviction_filter_key *out) +{ + memset(out, 0, sizeof(struct eviction_filter_key)); + out->src_port = in->dst_port; + out->dst_port = in->src_port; + out->src_addr = in->dst_addr; + out->dst_addr = in->src_addr; +} + +// return 0: success +// reutrn -1: error +static inline int packet_get_eviction_filter_key(const struct packet *packet, struct eviction_filter_key *key) +{ + const struct layer_record *l3_layer = packet_get_innermost_layer(packet, LAYER_TYPE_L3); + if (l3_layer == NULL) + { + return -1; + } + const struct layer_record *l4_layer = packet_get_innermost_layer(packet, LAYER_TYPE_L4); + if (l4_layer == NULL) + { + return -1; + } + if (l4_layer->type != LAYER_TYPE_UDP) + { + return -1; + } + + memset(key, 0, sizeof(struct eviction_filter_key)); + if (l3_layer->type == LAYER_TYPE_IPV4) + { + const struct ip *iphdr = (const struct ip *)l3_layer->hdr_ptr; + key->src_addr.v4 = ipv4_hdr_get_net_order_saddr(iphdr); + key->dst_addr.v4 = ipv4_hdr_get_net_order_daddr(iphdr); + } + if (l3_layer->type == LAYER_TYPE_IPV6) + { + const struct ip6_hdr *iphdr = (const struct ip6_hdr *)l3_layer->hdr_ptr; + key->src_addr.v6 = ipv6_hdr_get_net_order_saddr(iphdr); + key->dst_addr.v6 = ipv6_hdr_get_net_order_daddr(iphdr); + } + + const struct udphdr *udphdr = (const struct udphdr *)l4_layer->hdr_ptr; + key->src_port = udp_hdr_get_net_order_sport(udphdr); + key->dst_port = udp_hdr_get_net_order_dport(udphdr); + + return 0; +} + +/****************************************************************************** + * Public API + ******************************************************************************/ + +struct eviction_filter *eviction_filter_create(uint8_t enable, unsigned int capacity, double error_rate, int timeout_s) +{ + struct eviction_filter *filter = (struct eviction_filter *)calloc(1, sizeof(struct eviction_filter)); + if (filter == NULL) + { + return NULL; + } + + filter->enable = enable; + filter->capacity = capacity; + filter->error_rate = error_rate; + filter->timeout_s = timeout_s; + + if (filter->enable == 0) + { + return filter; + } + + filter->handle = expiry_dablooms_init(filter->capacity, filter->error_rate, timestamp_get_sec(), filter->timeout_s); + if (filter->handle == NULL) + { + free(filter); + return NULL; + } + + return filter; +} + +void eviction_filter_destroy(struct eviction_filter *filter) +{ + if (filter) + { + if (filter->handle) + { + expiry_dablooms_destroy(filter->handle); + filter->handle = NULL; + } + free(filter); + filter = NULL; + } +} + +// return 1: found +// reutrn 0: no found +int eviction_filter_lookup(struct eviction_filter *filter, const struct packet *packet) +{ + if (filter->enable == 0) + { + return 0; + } + + struct eviction_filter_key key; + if (packet_get_eviction_filter_key(packet, &key) == -1) + { + return 0; + } + + if (expiry_dablooms_search(filter->handle, (const char *)&key, sizeof(struct eviction_filter_key), timestamp_get_sec()) == 1) + { + return 1; + } + + return 0; +} + +void eviction_filter_add(struct eviction_filter *filter, const struct packet *packet) +{ + if (filter->enable == 0) + { + return; + } + + struct eviction_filter_key key; + if (packet_get_eviction_filter_key(packet, &key) == -1) + { + return; + } + expiry_dablooms_add(filter->handle, (const char *)&key, sizeof(struct eviction_filter_key), timestamp_get_sec()); + + struct eviction_filter_key reverse_key; + eviction_filter_key_reverse(&key, &reverse_key); + expiry_dablooms_add(filter->handle, (const char *)&reverse_key, sizeof(struct eviction_filter_key), timestamp_get_sec()); +} diff --git a/src/eviction_filter/eviction_filter.h b/src/eviction_filter/eviction_filter.h new file mode 100644 index 0000000..5cff5ba --- /dev/null +++ b/src/eviction_filter/eviction_filter.h @@ -0,0 +1,25 @@ +#ifndef _EVICTION_FILTER_H +#define _EVICTION_FILTER_H + +#ifdef __cpluscplus +extern "C" +{ +#endif + +// Eviction Filter Only for UDP Packet + +#include "packet.h" + +struct eviction_filter *eviction_filter_create(uint8_t enable, unsigned int capacity, double error_rate, int timeout_s); +void eviction_filter_destroy(struct eviction_filter *filter); + +// return 1: found +// reutrn 0: no found +int eviction_filter_lookup(struct eviction_filter *filter, const struct packet *packet); +void eviction_filter_add(struct eviction_filter *filter, const struct packet *packet); + +#ifdef __cpluscplus +} +#endif + +#endif diff --git a/src/eviction_filter/test/CMakeLists.txt b/src/eviction_filter/test/CMakeLists.txt new file mode 100644 index 0000000..239ea16 --- /dev/null +++ b/src/eviction_filter/test/CMakeLists.txt @@ -0,0 +1,9 @@ +############################################################################### +# gtest +############################################################################### + +add_executable(gtest_eviction_filter gtest_eviction_filter.cpp) +target_link_libraries(gtest_eviction_filter eviction_filter gtest) + +include(GoogleTest) +gtest_discover_tests(gtest_eviction_filter) \ No newline at end of file diff --git a/src/eviction_filter/test/gtest_eviction_filter.cpp b/src/eviction_filter/test/gtest_eviction_filter.cpp new file mode 100644 index 0000000..3c3769b --- /dev/null +++ b/src/eviction_filter/test/gtest_eviction_filter.cpp @@ -0,0 +1,171 @@ +#include + +#include "eviction_filter.h" +#include "timestamp.h" + +/* + * Frame 1: 74 bytes on wire (592 bits), 74 bytes captured (592 bits) on interface en0, id 0 + * Ethernet II, Src: Apple_0a:c5:ea (3c:a6:f6:0a:c5:ea), Dst: NewH3CTe_96:38:0e (48:73:97:96:38:0e) + * Destination: NewH3CTe_96:38:0e (48:73:97:96:38:0e) + * Source: Apple_0a:c5:ea (3c:a6:f6:0a:c5:ea) + * Type: IPv4 (0x0800) + * Internet Protocol Version 4, Src: 192.168.38.105, Dst: 121.14.154.93 + * 0100 .... = Version: 4 + * .... 0101 = Header Length: 20 bytes (5) + * Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) + * 0000 00.. = Differentiated Services Codepoint: Default (0) + * .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) + * Total Length: 60 + * Identification: 0xaef9 (44793) + * 000. .... = Flags: 0x0 + * 0... .... = Reserved bit: Not set + * .0.. .... = Don't fragment: Not set + * ..0. .... = More fragments: Not set + * ...0 0000 0000 0000 = Fragment Offset: 0 + * Time to Live: 64 + * Protocol: UDP (17) + * Header Checksum: 0xd13a [correct] + * [Header checksum status: Good] + * [Calculated Checksum: 0xd13a] + * Source Address: 192.168.38.105 + * Destination Address: 121.14.154.93 + * User Datagram Protocol, Src Port: 61099, Dst Port: 53 + * Source Port: 61099 + * Destination Port: 53 + * Length: 40 + * Checksum: 0xdcf1 [correct] + * [Calculated Checksum: 0xdcf1] + * [Checksum Status: Good] + * [Stream index: 0] + * [Timestamps] + * [Time since first frame: 0.000000000 seconds] + * [Time since previous frame: 0.000000000 seconds] + * UDP payload (32 bytes) + * Domain Name System (query) + */ + +unsigned char udp_pkt1_dns_req[] = { + 0x48, 0x73, 0x97, 0x96, 0x38, 0x0e, 0x3c, 0xa6, 0xf6, 0x0a, 0xc5, 0xea, 0x08, 0x00, 0x45, 0x00, 0x00, 0x3c, 0xae, 0xf9, 0x00, 0x00, 0x40, 0x11, 0xd1, 0x3a, + 0xc0, 0xa8, 0x26, 0x69, 0x79, 0x0e, 0x9a, 0x5d, 0xee, 0xab, 0x00, 0x35, 0x00, 0x28, 0xdc, 0xf1, 0xa5, 0xaf, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x03, 0x77, 0x77, 0x77, 0x06, 0x62, 0x61, 0x64, 0x73, 0x73, 0x6c, 0x03, 0x63, 0x6f, 0x6d, 0x00, 0x00, 0x01, 0x00, 0x01}; + +/* + * Frame 2: 550 bytes on wire (4400 bits), 550 bytes captured (4400 bits) on interface en0, id 0 + * Ethernet II, Src: NewH3CTe_96:38:0e (48:73:97:96:38:0e), Dst: Apple_0a:c5:ea (3c:a6:f6:0a:c5:ea) + * Destination: Apple_0a:c5:ea (3c:a6:f6:0a:c5:ea) + * Source: NewH3CTe_96:38:0e (48:73:97:96:38:0e) + * Type: IPv4 (0x0800) + * Internet Protocol Version 4, Src: 121.14.154.93, Dst: 192.168.38.105 + * 0100 .... = Version: 4 + * .... 0101 = Header Length: 20 bytes (5) + * Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) + * 0000 00.. = Differentiated Services Codepoint: Default (0) + * .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) + * Total Length: 536 + * Identification: 0xb578 (46456) + * 000. .... = Flags: 0x0 + * 0... .... = Reserved bit: Not set + * .0.. .... = Don't fragment: Not set + * ..0. .... = More fragments: Not set + * ...0 0000 0000 0000 = Fragment Offset: 0 + * Time to Live: 46 + * Protocol: UDP (17) + * Header Checksum: 0xdadf [correct] + * [Header checksum status: Good] + * [Calculated Checksum: 0xdadf] + * Source Address: 121.14.154.93 + * Destination Address: 192.168.38.105 + * User Datagram Protocol, Src Port: 53, Dst Port: 61099 + * Source Port: 53 + * Destination Port: 61099 + * Length: 516 + * Checksum: 0x9aca [correct] + * [Calculated Checksum: 0x9aca] + * [Checksum Status: Good] + * [Stream index: 0] + * [Timestamps] + * [Time since first frame: 0.525915000 seconds] + * [Time since previous frame: 0.525915000 seconds] + * UDP payload (508 bytes) + * Domain Name System (response) + */ + +unsigned char udp_pkt2_dns_resp[] = { + 0x3c, 0xa6, 0xf6, 0x0a, 0xc5, 0xea, 0x48, 0x73, 0x97, 0x96, 0x38, 0x0e, 0x08, 0x00, 0x45, 0x00, 0x02, 0x18, 0xb5, 0x78, 0x00, 0x00, 0x2e, 0x11, 0xda, 0xdf, + 0x79, 0x0e, 0x9a, 0x5d, 0xc0, 0xa8, 0x26, 0x69, 0x00, 0x35, 0xee, 0xab, 0x02, 0x04, 0x9a, 0xca, 0xa5, 0xaf, 0x81, 0x80, 0x00, 0x01, 0x00, 0x01, 0x00, 0x0d, + 0x00, 0x0e, 0x03, 0x77, 0x77, 0x77, 0x06, 0x62, 0x61, 0x64, 0x73, 0x73, 0x6c, 0x03, 0x63, 0x6f, 0x6d, 0x00, 0x00, 0x01, 0x00, 0x01, 0xc0, 0x0c, 0x00, 0x01, + 0x00, 0x01, 0x00, 0x00, 0x0e, 0x10, 0x00, 0x04, 0x68, 0x9a, 0x59, 0x69, 0xc0, 0x17, 0x00, 0x02, 0x00, 0x01, 0x00, 0x01, 0xa7, 0x1a, 0x00, 0x14, 0x01, 0x62, + 0x0c, 0x67, 0x74, 0x6c, 0x64, 0x2d, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x03, 0x6e, 0x65, 0x74, 0x00, 0xc0, 0x17, 0x00, 0x02, 0x00, 0x01, 0x00, 0x01, + 0xa7, 0x1a, 0x00, 0x04, 0x01, 0x65, 0xc0, 0x3e, 0xc0, 0x17, 0x00, 0x02, 0x00, 0x01, 0x00, 0x01, 0xa7, 0x1a, 0x00, 0x04, 0x01, 0x63, 0xc0, 0x3e, 0xc0, 0x17, + 0x00, 0x02, 0x00, 0x01, 0x00, 0x01, 0xa7, 0x1a, 0x00, 0x04, 0x01, 0x66, 0xc0, 0x3e, 0xc0, 0x17, 0x00, 0x02, 0x00, 0x01, 0x00, 0x01, 0xa7, 0x1a, 0x00, 0x04, + 0x01, 0x61, 0xc0, 0x3e, 0xc0, 0x17, 0x00, 0x02, 0x00, 0x01, 0x00, 0x01, 0xa7, 0x1a, 0x00, 0x04, 0x01, 0x6b, 0xc0, 0x3e, 0xc0, 0x17, 0x00, 0x02, 0x00, 0x01, + 0x00, 0x01, 0xa7, 0x1a, 0x00, 0x04, 0x01, 0x68, 0xc0, 0x3e, 0xc0, 0x17, 0x00, 0x02, 0x00, 0x01, 0x00, 0x01, 0xa7, 0x1a, 0x00, 0x04, 0x01, 0x64, 0xc0, 0x3e, + 0xc0, 0x17, 0x00, 0x02, 0x00, 0x01, 0x00, 0x01, 0xa7, 0x1a, 0x00, 0x04, 0x01, 0x67, 0xc0, 0x3e, 0xc0, 0x17, 0x00, 0x02, 0x00, 0x01, 0x00, 0x01, 0xa7, 0x1a, + 0x00, 0x04, 0x01, 0x69, 0xc0, 0x3e, 0xc0, 0x17, 0x00, 0x02, 0x00, 0x01, 0x00, 0x01, 0xa7, 0x1a, 0x00, 0x04, 0x01, 0x6d, 0xc0, 0x3e, 0xc0, 0x17, 0x00, 0x02, + 0x00, 0x01, 0x00, 0x01, 0xa7, 0x1a, 0x00, 0x04, 0x01, 0x6c, 0xc0, 0x3e, 0xc0, 0x17, 0x00, 0x02, 0x00, 0x01, 0x00, 0x01, 0xa7, 0x1a, 0x00, 0x04, 0x01, 0x6a, + 0xc0, 0x3e, 0xc0, 0x8c, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x57, 0x5b, 0x00, 0x04, 0xc0, 0x05, 0x06, 0x1e, 0xc0, 0x3c, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, + 0x70, 0x36, 0x00, 0x04, 0xc0, 0x21, 0x0e, 0x1e, 0xc0, 0x6c, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x72, 0x6d, 0x00, 0x04, 0xc0, 0x1a, 0x5c, 0x1e, 0xc0, 0xbc, + 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x71, 0xdb, 0x00, 0x04, 0xc0, 0x1f, 0x50, 0x1e, 0xc0, 0x5c, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x75, 0x53, 0x00, 0x04, + 0xc0, 0x0c, 0x5e, 0x1e, 0xc0, 0x7c, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x71, 0xdb, 0x00, 0x04, 0xc0, 0x23, 0x33, 0x1e, 0xc0, 0xcc, 0x00, 0x01, 0x00, 0x01, + 0x00, 0x01, 0x78, 0x72, 0x00, 0x04, 0xc0, 0x2a, 0x5d, 0x1e, 0xc0, 0xac, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x7a, 0x75, 0x00, 0x04, 0xc0, 0x36, 0x70, 0x1e, + 0xc0, 0xdc, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x73, 0x3d, 0x00, 0x04, 0xc0, 0x2b, 0xac, 0x1e, 0xc1, 0x0c, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x72, 0x6d, + 0x00, 0x04, 0xc0, 0x30, 0x4f, 0x1e, 0xc0, 0x9c, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x7a, 0x75, 0x00, 0x04, 0xc0, 0x34, 0xb2, 0x1e, 0xc0, 0xfc, 0x00, 0x01, + 0x00, 0x01, 0x00, 0x01, 0x7a, 0x75, 0x00, 0x04, 0xc0, 0x29, 0xa2, 0x1e, 0xc0, 0xec, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x72, 0x6d, 0x00, 0x04, 0xc0, 0x37, + 0x53, 0x1e, 0xc0, 0x8c, 0x00, 0x1c, 0x00, 0x01, 0x00, 0x01, 0xa7, 0x1a, 0x00, 0x10, 0x20, 0x01, 0x05, 0x03, 0xa8, 0x3e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x02, 0x00, 0x30}; + +struct config +{ + uint8_t enable; + unsigned int capacity; + double error_rate; + int timeout_s; +} config = { + .enable = 1, + .capacity = 1000000, + .error_rate = 0.00001, + .timeout_s = 10, +}; + +TEST(EVICTION_FILTER, TEST) +{ + timestamp_update(); + + struct packet c2s_pkt; + struct packet s2c_pkt; + packet_parse(&c2s_pkt, (const char *)udp_pkt1_dns_req, sizeof(udp_pkt1_dns_req)); + packet_parse(&s2c_pkt, (const char *)udp_pkt2_dns_resp, sizeof(udp_pkt2_dns_resp)); + + struct eviction_filter *filter = eviction_filter_create(config.enable, config.capacity, config.error_rate, config.timeout_s); + EXPECT_TRUE(filter != nullptr); + + EXPECT_TRUE(eviction_filter_lookup(filter, &c2s_pkt) == 0); // no found + EXPECT_TRUE(eviction_filter_lookup(filter, &s2c_pkt) == 0); // no found + eviction_filter_add(filter, &c2s_pkt); // add + + for (int i = 0; i < 12; i++) + { + timestamp_update(); + + if (i < config.timeout_s) + { + EXPECT_TRUE(eviction_filter_lookup(filter, &c2s_pkt) == 1); // found + EXPECT_TRUE(eviction_filter_lookup(filter, &s2c_pkt) == 1); // found + } + else + { + EXPECT_TRUE(eviction_filter_lookup(filter, &c2s_pkt) == 0); // no found + EXPECT_TRUE(eviction_filter_lookup(filter, &s2c_pkt) == 0); // no found + } + sleep(1); + printf("sleep[%02d] 1s\n", i); + } + + eviction_filter_destroy(filter); +} + +int main(int argc, char **argv) +{ + ::testing::InitGoogleTest(&argc, argv); + return RUN_ALL_TESTS(); +} diff --git a/src/packet/ipv4_helpers.h b/src/packet/ipv4_helpers.h index 166093e..96b60d9 100644 --- a/src/packet/ipv4_helpers.h +++ b/src/packet/ipv4_helpers.h @@ -94,16 +94,26 @@ static inline uint16_t ipv4_hdr_get_checksum(const struct ip *hdr) return ntohs(hdr->ip_sum); } -static inline uint32_t ipv4_hdr_get_src(const struct ip *hdr) +static inline uint32_t ipv4_hdr_get_host_order_saddr(const struct ip *hdr) { return ntohl(hdr->ip_src.s_addr); } -static inline uint32_t ipv4_hdr_get_dst(const struct ip *hdr) +static inline uint32_t ipv4_hdr_get_host_order_daddr(const struct ip *hdr) { return ntohl(hdr->ip_dst.s_addr); } +static inline struct in_addr ipv4_hdr_get_net_order_saddr(const struct ip *hdr) +{ + return hdr->ip_src; +} + +static inline struct in_addr ipv4_hdr_get_net_order_daddr(const struct ip *hdr) +{ + return hdr->ip_dst; +} + static inline uint8_t ipv4_hdr_get_opt_len(const struct ip *hdr) { return ipv4_hdr_get_hl(hdr) - sizeof(struct ip); diff --git a/src/packet/ipv6_helpers.h b/src/packet/ipv6_helpers.h new file mode 100644 index 0000000..689d7b9 --- /dev/null +++ b/src/packet/ipv6_helpers.h @@ -0,0 +1,86 @@ +#ifndef _IPV6_HELPERS_H +#define _IPV6_HELPERS_H + +#ifdef __cpluscplus +extern "C" +{ +#endif + +#include +#include + +/* + * IPv6 Header Format + * + * 0 1 2 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * |Version| Traffic Class | Flow Label | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Payload Length | Next Header | Hop Limit | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | | + * + + + * | | + * + Source Address + + * | | + * + + + * | | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | | + * + + + * | | + * + Destination Address + + * | | + * + + + * | | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + */ + +static inline uint8_t ipv6_hdr_get_version(const struct ip6_hdr *hdr) +{ + return (ntohl(hdr->ip6_flow) & 0xf0000000) >> 28; +} + +static inline uint8_t ipv6_hdr_get_traffic_class(const struct ip6_hdr *hdr) +{ + return (ntohl(hdr->ip6_flow) & 0x0ff00000) >> 20; +} + +static inline uint32_t ipv6_hdr_get_flow_label(const struct ip6_hdr *hdr) +{ + return ntohl(hdr->ip6_flow) & 0x000fffff; +} + +static inline uint16_t ipv6_hdr_get_payload_len(const struct ip6_hdr *hdr) +{ + return ntohs(hdr->ip6_plen); +} + +static inline uint8_t ipv6_hdr_get_next_header(const struct ip6_hdr *hdr) +{ + return hdr->ip6_nxt; +} + +static inline uint8_t ipv6_hdr_get_hop_limit(const struct ip6_hdr *hdr) +{ + return hdr->ip6_hlim; +} + +static inline struct in6_addr ipv6_hdr_get_net_order_saddr(const struct ip6_hdr *hdr) +{ + return hdr->ip6_src; +} + +static inline struct in6_addr ipv6_hdr_get_net_order_daddr(const struct ip6_hdr *hdr) +{ + return hdr->ip6_dst; +} + +// TODO IPv6 extension headers + +#ifdef __cpluscplus +} +#endif + +#endif diff --git a/src/packet/tcp_helpers.h b/src/packet/tcp_helpers.h index 7468c79..b238131 100644 --- a/src/packet/tcp_helpers.h +++ b/src/packet/tcp_helpers.h @@ -34,16 +34,26 @@ extern "C" * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ -static inline uint16_t tcp_hdr_get_sport(const struct tcphdr *hdr) +static inline uint16_t tcp_hdr_get_host_order_sport(const struct tcphdr *hdr) { return ntohs(hdr->th_sport); } -static inline uint16_t tcp_hdr_get_dport(const struct tcphdr *hdr) +static inline uint16_t tcp_hdr_get_host_order_dport(const struct tcphdr *hdr) { return ntohs(hdr->th_dport); } +static inline uint16_t tcp_hdr_get_net_order_sport(const struct tcphdr *hdr) +{ + return hdr->th_sport; +} + +static inline uint16_t tcp_hdr_get_net_order_dport(const struct tcphdr *hdr) +{ + return hdr->th_dport; +} + static inline uint32_t tcp_hdr_get_seq(const struct tcphdr *hdr) { return ntohl(hdr->th_seq); diff --git a/src/packet/test/CMakeLists.txt b/src/packet/test/CMakeLists.txt index 2f5ca4e..dd9a0fe 100644 --- a/src/packet/test/CMakeLists.txt +++ b/src/packet/test/CMakeLists.txt @@ -17,6 +17,10 @@ add_executable(gtest_ipv4_helpers gtest_ipv4_helpers.cpp) target_include_directories(gtest_ipv4_helpers PUBLIC ${CMAKE_SOURCE_DIR}/src/packet) target_link_libraries(gtest_ipv4_helpers gtest) +add_executable(gtest_ipv6_helpers gtest_ipv6_helpers.cpp) +target_include_directories(gtest_ipv6_helpers PUBLIC ${CMAKE_SOURCE_DIR}/src/packet) +target_link_libraries(gtest_ipv6_helpers gtest) + add_executable(gtest_packet_helpers gtest_packet_helpers.cpp) target_link_libraries(gtest_packet_helpers packet gtest) @@ -25,4 +29,5 @@ gtest_discover_tests(gtest_packet) gtest_discover_tests(gtest_udp_helpers) gtest_discover_tests(gtest_tcp_helpers) gtest_discover_tests(gtest_ipv4_helpers) +gtest_discover_tests(gtest_ipv6_helpers) gtest_discover_tests(gtest_packet_helpers) \ No newline at end of file diff --git a/src/packet/test/gtest_ipv4_helpers.cpp b/src/packet/test/gtest_ipv4_helpers.cpp index 6d8b682..d4dfc56 100644 --- a/src/packet/test/gtest_ipv4_helpers.cpp +++ b/src/packet/test/gtest_ipv4_helpers.cpp @@ -45,8 +45,8 @@ TEST(IPV4_HELPERS, TEST) EXPECT_TRUE(ipv4_hdr_get_ttl(hdr) == 127); EXPECT_TRUE(ipv4_hdr_get_protocol(hdr) == 6); EXPECT_TRUE(ipv4_hdr_get_checksum(hdr) == 0x4d8b); - EXPECT_TRUE(ipv4_hdr_get_src(hdr) == 0xc0a82467); - EXPECT_TRUE(ipv4_hdr_get_dst(hdr) == 0xc0a82889); + EXPECT_TRUE(ipv4_hdr_get_host_order_saddr(hdr) == 0xc0a82467); + EXPECT_TRUE(ipv4_hdr_get_host_order_daddr(hdr) == 0xc0a82889); EXPECT_TRUE(ipv4_hdr_get_opt_len(hdr) == 0); EXPECT_TRUE(ipv4_hdr_get_opt_ptr(hdr) == data + 20); } diff --git a/src/packet/test/gtest_ipv6_helpers.cpp b/src/packet/test/gtest_ipv6_helpers.cpp new file mode 100644 index 0000000..a022e45 --- /dev/null +++ b/src/packet/test/gtest_ipv6_helpers.cpp @@ -0,0 +1,47 @@ +#include + +#include "ipv6_helpers.h" + +/* + * Internet Protocol Version 6, Src: fe80::250:56ff:fe69:dc00, Dst: ff02::1:2 + * 0110 .... = Version: 6 + * .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT) + * .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0) + * .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0) + * .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000 + * Payload Length: 60 + * Next Header: UDP (17) + * Hop Limit: 1 + * Source Address: fe80::250:56ff:fe69:dc00 + * Destination Address: ff02::1:2 + * [Source SLAAC MAC: VMware_69:dc:00 (00:50:56:69:dc:00)] + * */ + +unsigned char data[] = { + 0x60, 0x00, 0x00, 0x00, 0x00, 0x3c, 0x11, 0x01, 0xfe, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x50, 0x56, 0xff, 0xfe, 0x69, 0xdc, 0x00, 0xff, 0x02, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x02}; + +TEST(IPV6_HELPERS, TEST) +{ + char src_str[INET6_ADDRSTRLEN]; + char dst_str[INET6_ADDRSTRLEN]; + const struct ip6_hdr *hdr = (struct ip6_hdr *)data; + EXPECT_TRUE(ipv6_hdr_get_version(hdr) == 6); + EXPECT_TRUE(ipv6_hdr_get_traffic_class(hdr) == 0); + EXPECT_TRUE(ipv6_hdr_get_flow_label(hdr) == 0); + EXPECT_TRUE(ipv6_hdr_get_payload_len(hdr) == 60); + EXPECT_TRUE(ipv6_hdr_get_next_header(hdr) == 17); + EXPECT_TRUE(ipv6_hdr_get_hop_limit(hdr) == 1); + struct in6_addr src_addr = ipv6_hdr_get_net_order_saddr(hdr); + struct in6_addr dst_addr = ipv6_hdr_get_net_order_daddr(hdr); + inet_ntop(AF_INET6, &src_addr, src_str, INET6_ADDRSTRLEN); + inet_ntop(AF_INET6, &dst_addr, dst_str, INET6_ADDRSTRLEN); + EXPECT_TRUE(strcmp(src_str, "fe80::250:56ff:fe69:dc00") == 0); + EXPECT_TRUE(strcmp(dst_str, "ff02::1:2") == 0); +} + +int main(int argc, char **argv) +{ + ::testing::InitGoogleTest(&argc, argv); + return RUN_ALL_TESTS(); +} diff --git a/src/packet/test/gtest_tcp_helpers.cpp b/src/packet/test/gtest_tcp_helpers.cpp index 75a5aec..739edf7 100644 --- a/src/packet/test/gtest_tcp_helpers.cpp +++ b/src/packet/test/gtest_tcp_helpers.cpp @@ -77,8 +77,8 @@ unsigned char data[] = { TEST(TCP_HELPERS, TEST) { const struct tcphdr *hdr = (struct tcphdr *)data; - EXPECT_TRUE(tcp_hdr_get_sport(hdr) == 55555); - EXPECT_TRUE(tcp_hdr_get_dport(hdr) == 40856); + EXPECT_TRUE(tcp_hdr_get_host_order_sport(hdr) == 55555); + EXPECT_TRUE(tcp_hdr_get_host_order_dport(hdr) == 40856); EXPECT_TRUE(tcp_hdr_get_seq(hdr) == 3965699644); EXPECT_TRUE(tcp_hdr_get_ack(hdr) == 991053714); EXPECT_TRUE(tcp_hdr_get_doff(hdr) == 40); diff --git a/src/packet/test/gtest_udp_helpers.cpp b/src/packet/test/gtest_udp_helpers.cpp index c1b8144..000ec73 100644 --- a/src/packet/test/gtest_udp_helpers.cpp +++ b/src/packet/test/gtest_udp_helpers.cpp @@ -17,8 +17,8 @@ unsigned char data[] = {0x0f, 0xa1, 0x1f, 0x40, 0x00, 0x9b, 0x1e, 0x1e}; TEST(UDP_HELPERS, TEST) { const struct udphdr *hdr = (struct udphdr *)data; - EXPECT_TRUE(udp_hdr_get_sport(hdr) == 4001); - EXPECT_TRUE(udp_hdr_get_dport(hdr) == 8000); + EXPECT_TRUE(udp_hdr_get_host_order_sport(hdr) == 4001); + EXPECT_TRUE(udp_hdr_get_host_order_dport(hdr) == 8000); EXPECT_TRUE(udp_hdr_get_len(hdr) == 155); EXPECT_TRUE(udp_hdr_get_checksum(hdr) == 0x1e1e); } diff --git a/src/packet/udp_helpers.h b/src/packet/udp_helpers.h index 88b9d35..424d297 100644 --- a/src/packet/udp_helpers.h +++ b/src/packet/udp_helpers.h @@ -24,16 +24,26 @@ extern "C" * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ -static inline uint16_t udp_hdr_get_sport(const struct udphdr *hdr) +static inline uint16_t udp_hdr_get_host_order_sport(const struct udphdr *hdr) { return ntohs(hdr->uh_sport); } -static inline uint16_t udp_hdr_get_dport(const struct udphdr *hdr) +static inline uint16_t udp_hdr_get_host_order_dport(const struct udphdr *hdr) { return ntohs(hdr->uh_dport); } +static inline uint16_t udp_hdr_get_net_order_sport(const struct udphdr *hdr) +{ + return hdr->uh_sport; +} + +static inline uint16_t udp_hdr_get_net_order_dport(const struct udphdr *hdr) +{ + return hdr->uh_dport; +} + static inline uint16_t udp_hdr_get_len(const struct udphdr *hdr) { return ntohs(hdr->uh_ulen); diff --git a/src/session/session.cpp b/src/session/session.cpp index a5288d0..0cf2611 100644 --- a/src/session/session.cpp +++ b/src/session/session.cpp @@ -190,9 +190,32 @@ uint64_t session_get_last_time(const struct session *sess) } /****************************************************************************** - * session current packet + * session packet ******************************************************************************/ +const struct packet *session_get0_c2s_1st_pkt(const struct session *sess) +{ + return (const struct packet *)session_get0_ex_data(sess, c2s_1st_pkt_ex); +} + +const struct packet *session_get0_s2c_1st_pkt(const struct session *sess) +{ + return (const struct packet *)session_get0_ex_data(sess, s2c_1st_pkt_ex); +} + +const struct packet *session_get0_1st_pkt(const struct session *sess) +{ + const struct packet *c2s_1st_pkt = session_get0_c2s_1st_pkt(sess); + if (c2s_1st_pkt) + { + return c2s_1st_pkt; + } + else + { + return session_get0_s2c_1st_pkt(sess); + } +} + // session current packet void session_set0_cur_pkt(struct session *sess, const struct packet *pkt) { diff --git a/src/session/session.h b/src/session/session.h index 273dda5..268dc30 100644 --- a/src/session/session.h +++ b/src/session/session.h @@ -94,9 +94,13 @@ uint64_t session_get_create_time(const struct session *sess); uint64_t session_get_last_time(const struct session *sess); /****************************************************************************** - * session current packet + * session packet ******************************************************************************/ +const struct packet *session_get0_c2s_1st_pkt(const struct session *sess); +const struct packet *session_get0_s2c_1st_pkt(const struct session *sess); +const struct packet *session_get0_1st_pkt(const struct session *sess); + // session current packet void session_set0_cur_pkt(struct session *sess, const struct packet *pkt); const struct packet *session_get0_cur_pkt(const struct session *sess); diff --git a/src/stellar/CMakeLists.txt b/src/stellar/CMakeLists.txt index 9e86b39..ee9495d 100644 --- a/src/stellar/CMakeLists.txt +++ b/src/stellar/CMakeLists.txt @@ -1,8 +1,7 @@ add_executable(stellar stellar.cpp) - -target_include_directories(stellar PUBLIC ${CMAKE_SOURCE_DIR}/src/packet) -target_include_directories(stellar PUBLIC ${CMAKE_SOURCE_DIR}/src/session) -target_include_directories(stellar PUBLIC ${CMAKE_SOURCE_DIR}/src/dupkt) -target_link_libraries(stellar session_manager dupkt_filter pthread) +target_link_libraries(stellar session_manager) +target_link_libraries(stellar dupkt_filter) +target_link_libraries(stellar eviction_filter) +target_link_libraries(stellar pthread) install(TARGETS stellar RUNTIME DESTINATION bin COMPONENT Program) \ No newline at end of file diff --git a/src/stellar/stellar.cpp b/src/stellar/stellar.cpp index 6fa6bc9..4107ccf 100644 --- a/src/stellar/stellar.cpp +++ b/src/stellar/stellar.cpp @@ -11,6 +11,7 @@ #include "timestamp.h" #include "session_manager.h" #include "dupkt_filter.h" +#include "eviction_filter.h" #ifndef STELLAR_LOG_ERROR #define STELLAR_LOG_ERROR(format, ...) \ @@ -32,6 +33,7 @@ struct thread_ctx uint64_t is_runing; struct session_manager *sess_mgr; struct dupkt_filter *dupkt_filter; + struct eviction_filter *eviction_filter; }; struct stellar_ctx @@ -50,6 +52,12 @@ struct stellar_ctx double dupkt_filter_error_rate; int dupkt_filter_timeout_s; + // eviction filter + uint8_t eviction_filter_enable; + unsigned int eviction_filter_capacity; + double eviction_filter_error_rate; + int eviction_filter_timeout_s; + // thread struct thread_ctx thread_ctx[128]; } g_stellar_ctx = { @@ -65,7 +73,14 @@ struct stellar_ctx .dupkt_filter_enable = 1, .dupkt_filter_capacity = 1000000, .dupkt_filter_error_rate = 0.0001, - .dupkt_filter_timeout_s = 10}; + .dupkt_filter_timeout_s = 10, + + // eviction filter + .eviction_filter_enable = 1, + .eviction_filter_capacity = 1000000, + .eviction_filter_error_rate = 0.0001, + .eviction_filter_timeout_s = 10, +}; // TODO static int recv_packet(const char **data) @@ -126,6 +141,9 @@ static void thread_ctx_init(struct stellar_ctx *ctx) // duplicated packet filter thd_ctx->dupkt_filter = dupkt_filter_create(ctx->dupkt_filter_enable, ctx->dupkt_filter_capacity, ctx->dupkt_filter_error_rate, ctx->dupkt_filter_timeout_s); assert(thd_ctx->dupkt_filter != NULL); + // eviction filter + thd_ctx->eviction_filter = eviction_filter_create(ctx->eviction_filter_enable, ctx->eviction_filter_capacity, ctx->eviction_filter_error_rate, ctx->eviction_filter_timeout_s); + assert(thd_ctx->eviction_filter != NULL); } } @@ -166,12 +184,19 @@ static void *thread_cycle(void *arg) packet_parse(&pkt, data, len); // duplicated packet filter - if (dupkt_filter_search(dupkt_filter, &pkt) == 0) + if (dupkt_filter_lookup(dupkt_filter, &pkt) == 0) { STELLAR_LOG_DEBUG("duplicated packet, forward it"); goto fast_forward; } + // eviction filter + if (eviction_filter_lookup(thd_ctx->eviction_filter, &pkt) == 0) + { + STELLAR_LOG_DEBUG("eviction packet, forward it"); + goto fast_forward; + } + // update session sess = session_manager_update(sess_mgr, &pkt); if (sess == NULL) @@ -189,6 +214,11 @@ static void *thread_cycle(void *arg) // dispatch expire session sess = session_manager_expire(sess_mgr); + if (sess && session_get_type(sess) == SESSION_TYPE_UDP && session_get_state(sess) == SESSION_STATE_CLOSING) + { + const struct packet *sess_1st_pkt = session_get0_1st_pkt(sess); + eviction_filter_add(thd_ctx->eviction_filter, sess_1st_pkt); + } session_manager_dispatch(sess_mgr, sess); // TODO get next timeout