gfwleak/stellar-stellar
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add eviction filter

Browse Source
This commit is contained in:
luwenpeng
2024-01-11 16:46:33 +08:00
parent 76d5fb36bb
commit 02f8d40c1e
23 changed files with 666 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/dupkt_filter/CMakeLists.txt
View File

@@ -3,7 +3,7 @@
###############################################################################
add_library(dupkt_filter dupkt_filter.cpp)
target_include_directories(dupkt_filter PUBLIC ${CMAKE_SOURCE_DIR}/src/dupkt)
target_include_directories(dupkt_filter PUBLIC ${CMAKE_SOURCE_DIR}/src/dupkt_filter)
target_include_directories(dupkt_filter PUBLIC ${CMAKE_SOURCE_DIR}/src/packet)
target_include_directories(dupkt_filter PUBLIC ${CMAKE_SOURCE_DIR}/src/timestamp)
target_include_directories(dupkt_filter PUBLIC ${CMAKE_SOURCE_DIR}/deps/dablooms)

44
src/dupkt_filter/dupkt_filter.cpp
View File

@@ -6,19 +6,19 @@
#include "ipv4_helpers.h"
#include "dupkt_filter.h"
struct packet_identify
struct dupkt_filter_key
{
// TCP
uint32_t seq;
uint32_t ack;
uint16_t sport;
uint16_t dport;
uint16_t src_port; /* network order */
uint16_t dst_port; /* network order */
uint16_t l4_checksum;
// IPv4
uint16_t ip_id;
uint32_t ip_src;
uint32_t ip_dst;
struct in_addr src_addr; /* network order */
struct in_addr dst_addr; /* network order */
} __attribute__((__packed__));
struct dupkt_filter
@@ -31,9 +31,13 @@ struct dupkt_filter
struct expiry_dablooms_handle *handle;
};
/******************************************************************************
* Private API
******************************************************************************/
// return 0: success
// reutrn -1: error
static inline int packet_get_identify(const struct packet *packet, struct packet_identify *key)
static inline int packet_get_dupkt_filter_key(const struct packet *packet, struct dupkt_filter_key *key)
{
const struct layer_record *ipv4_layer = packet_get_innermost_layer(packet, LAYER_TYPE_IPV4);
if (ipv4_layer == NULL)
@@ -46,23 +50,27 @@ static inline int packet_get_identify(const struct packet *packet, struct packet
return -1;
}
memset(key, 0, sizeof(struct packet_identify));
memset(key, 0, sizeof(struct dupkt_filter_key));
const struct ip *iphdr = (const struct ip *)ipv4_layer->hdr_ptr;
key->ip_id = ipv4_hdr_get_ipid(iphdr);
key->ip_src = ipv4_hdr_get_src(iphdr);
key->ip_dst = ipv4_hdr_get_dst(iphdr);
key->src_addr = ipv4_hdr_get_net_order_saddr(iphdr);
key->dst_addr = ipv4_hdr_get_net_order_daddr(iphdr);
const struct tcphdr *tcphdr = (const struct tcphdr *)tcp_layer->hdr_ptr;
key->seq = tcp_hdr_get_seq(tcphdr);
key->ack = tcp_hdr_get_ack(tcphdr);
key->sport = tcp_hdr_get_sport(tcphdr);
key->dport = tcp_hdr_get_dport(tcphdr);
key->src_port = tcp_hdr_get_net_order_sport(tcphdr);
key->dst_port = tcp_hdr_get_net_order_dport(tcphdr);
key->l4_checksum = tcp_hdr_get_checksum(tcphdr);
return 0;
}
/******************************************************************************
* Public API
******************************************************************************/
struct dupkt_filter *dupkt_filter_create(uint8_t enable, unsigned int capacity, double error_rate, int timeout_s)
{
struct dupkt_filter *filter = (struct dupkt_filter *)calloc(1, sizeof(struct dupkt_filter));
@@ -107,20 +115,20 @@ void dupkt_filter_destroy(struct dupkt_filter *filter)
// return 1: found
// reutrn 0: no found
int dupkt_filter_search(struct dupkt_filter *filter, const struct packet *packet)
int dupkt_filter_lookup(struct dupkt_filter *filter, const struct packet *packet)
{
if (filter->enable == 0)
{
return 0;
}
struct packet_identify identify;
if (packet_get_identify(packet, &identify) == -1)
struct dupkt_filter_key key;
if (packet_get_dupkt_filter_key(packet, &key) == -1)
{
return 0;
}
if (expiry_dablooms_search(filter->handle, (const char *)&identify, sizeof(struct packet_identify), timestamp_get_sec()) == 1)
if (expiry_dablooms_search(filter->handle, (const char *)&key, sizeof(struct dupkt_filter_key), timestamp_get_sec()) == 1)
{
return 1;
}
@@ -135,11 +143,11 @@ void dupkt_filter_add(struct dupkt_filter *filter, const struct packet *packet)
return;
}
struct packet_identify identify;
if (packet_get_identify(packet, &identify) == -1)
struct dupkt_filter_key key;
if (packet_get_dupkt_filter_key(packet, &key) == -1)
{
return;
}
expiry_dablooms_add(filter->handle, (const char *)&identify, sizeof(struct packet_identify), timestamp_get_sec());
expiry_dablooms_add(filter->handle, (const char *)&key, sizeof(struct dupkt_filter_key), timestamp_get_sec());
}

2
src/dupkt_filter/dupkt_filter.h
View File

@@ -15,7 +15,7 @@ void dupkt_filter_destroy(struct dupkt_filter *filter);
// return 1: found
// reutrn 0: no found
int dupkt_filter_search(struct dupkt_filter *filter, const struct packet *packet);
int dupkt_filter_lookup(struct dupkt_filter *filter, const struct packet *packet);
void dupkt_filter_add(struct dupkt_filter *filter, const struct packet *packet);
#ifdef __cpluscplus

6
src/dupkt_filter/test/gtest_dupkt_filter.cpp
View File

@@ -88,7 +88,7 @@ TEST(DUPKT_FILTER, TEST)
struct dupkt_filter *filter = dupkt_filter_create(config.enable, config.capacity, config.error_rate, config.timeout_s);
EXPECT_TRUE(filter != nullptr);
EXPECT_TRUE(dupkt_filter_search(filter, &pkt) == 0); // no found
EXPECT_TRUE(dupkt_filter_lookup(filter, &pkt) == 0); // no found
dupkt_filter_add(filter, &pkt); // add
for (int i = 0; i < 12; i++)
@@ -97,11 +97,11 @@ TEST(DUPKT_FILTER, TEST)
if (i < config.timeout_s)
{
EXPECT_TRUE(dupkt_filter_search(filter, &pkt) == 1); // found
EXPECT_TRUE(dupkt_filter_lookup(filter, &pkt) == 1); // found
}
else
{
EXPECT_TRUE(dupkt_filter_search(filter, &pkt) == 0); // no found
EXPECT_TRUE(dupkt_filter_lookup(filter, &pkt) == 0); // no found
}
sleep(1);
printf("sleep[%02d] 1s\n", i);