Add eviction filter

src/CMakeLists.txt

@@ -2,5 +2,6 @@ add_subdirectory(timestamp)
 add_subdirectory(tuple)
 add_subdirectory(packet)
 add_subdirectory(dupkt_filter)
+add_subdirectory(eviction_filter)
 add_subdirectory(session)
 add_subdirectory(stellar)

src/dupkt_filter/CMakeLists.txt

@@ -3,7 +3,7 @@
 ###############################################################################
 
 add_library(dupkt_filter dupkt_filter.cpp)
-target_include_directories(dupkt_filter PUBLIC ${CMAKE_SOURCE_DIR}/src/dupkt)
+target_include_directories(dupkt_filter PUBLIC ${CMAKE_SOURCE_DIR}/src/dupkt_filter)
 target_include_directories(dupkt_filter PUBLIC ${CMAKE_SOURCE_DIR}/src/packet)
 target_include_directories(dupkt_filter PUBLIC ${CMAKE_SOURCE_DIR}/src/timestamp)
 target_include_directories(dupkt_filter PUBLIC ${CMAKE_SOURCE_DIR}/deps/dablooms)

src/dupkt_filter/dupkt_filter.cpp

@@ -6,19 +6,19 @@
 #include "ipv4_helpers.h"
 #include "dupkt_filter.h"
 
-struct packet_identify
+struct dupkt_filter_key
 {
     // TCP
     uint32_t seq;
     uint32_t ack;
-    uint16_t sport;
+    uint16_t src_port; /* network order */
-    uint16_t dport;
+    uint16_t dst_port; /* network order */
     uint16_t l4_checksum;
 
     // IPv4
     uint16_t ip_id;
-    uint32_t ip_src;
+    struct in_addr src_addr; /* network order */
-    uint32_t ip_dst;
+    struct in_addr dst_addr; /* network order */
 } __attribute__((__packed__));
 
 struct dupkt_filter
@@ -31,9 +31,13 @@ struct dupkt_filter
     struct expiry_dablooms_handle *handle;
 };
 
+/******************************************************************************
+ * Private API
+ ******************************************************************************/
+
 // return  0: success
 // reutrn -1: error
-static inline int packet_get_identify(const struct packet *packet, struct packet_identify *key)
+static inline int packet_get_dupkt_filter_key(const struct packet *packet, struct dupkt_filter_key *key)
 {
     const struct layer_record *ipv4_layer = packet_get_innermost_layer(packet, LAYER_TYPE_IPV4);
     if (ipv4_layer == NULL)
@@ -46,23 +50,27 @@ static inline int packet_get_identify(const struct packet *packet, struct packet
         return -1;
     }
 
-    memset(key, 0, sizeof(struct packet_identify));
+    memset(key, 0, sizeof(struct dupkt_filter_key));
 
     const struct ip *iphdr = (const struct ip *)ipv4_layer->hdr_ptr;
     key->ip_id = ipv4_hdr_get_ipid(iphdr);
-    key->ip_src = ipv4_hdr_get_src(iphdr);
+    key->src_addr = ipv4_hdr_get_net_order_saddr(iphdr);
-    key->ip_dst = ipv4_hdr_get_dst(iphdr);
+    key->dst_addr = ipv4_hdr_get_net_order_daddr(iphdr);
 
     const struct tcphdr *tcphdr = (const struct tcphdr *)tcp_layer->hdr_ptr;
     key->seq = tcp_hdr_get_seq(tcphdr);
     key->ack = tcp_hdr_get_ack(tcphdr);
-    key->sport = tcp_hdr_get_sport(tcphdr);
+    key->src_port = tcp_hdr_get_net_order_sport(tcphdr);
-    key->dport = tcp_hdr_get_dport(tcphdr);
+    key->dst_port = tcp_hdr_get_net_order_dport(tcphdr);
     key->l4_checksum = tcp_hdr_get_checksum(tcphdr);
 
     return 0;
 }
 
+/******************************************************************************
+ * Public API
+ ******************************************************************************/
+
 struct dupkt_filter *dupkt_filter_create(uint8_t enable, unsigned int capacity, double error_rate, int timeout_s)
 {
     struct dupkt_filter *filter = (struct dupkt_filter *)calloc(1, sizeof(struct dupkt_filter));
@@ -107,20 +115,20 @@ void dupkt_filter_destroy(struct dupkt_filter *filter)
 
 // return 1: found
 // reutrn 0: no found
-int dupkt_filter_search(struct dupkt_filter *filter, const struct packet *packet)
+int dupkt_filter_lookup(struct dupkt_filter *filter, const struct packet *packet)
 {
     if (filter->enable == 0)
     {
         return 0;
     }
 
-    struct packet_identify identify;
+    struct dupkt_filter_key key;
-    if (packet_get_identify(packet, &identify) == -1)
+    if (packet_get_dupkt_filter_key(packet, &key) == -1)
     {
         return 0;
     }
 
-    if (expiry_dablooms_search(filter->handle, (const char *)&identify, sizeof(struct packet_identify), timestamp_get_sec()) == 1)
+    if (expiry_dablooms_search(filter->handle, (const char *)&key, sizeof(struct dupkt_filter_key), timestamp_get_sec()) == 1)
     {
         return 1;
     }
@@ -135,11 +143,11 @@ void dupkt_filter_add(struct dupkt_filter *filter, const struct packet *packet)
         return;
     }
 
-    struct packet_identify identify;
+    struct dupkt_filter_key key;
-    if (packet_get_identify(packet, &identify) == -1)
+    if (packet_get_dupkt_filter_key(packet, &key) == -1)
     {
         return;
     }
 
-    expiry_dablooms_add(filter->handle, (const char *)&identify, sizeof(struct packet_identify), timestamp_get_sec());
+    expiry_dablooms_add(filter->handle, (const char *)&key, sizeof(struct dupkt_filter_key), timestamp_get_sec());
 }

src/dupkt_filter/dupkt_filter.h

@@ -15,7 +15,7 @@ void dupkt_filter_destroy(struct dupkt_filter *filter);
 
 // return 1: found
 // reutrn 0: no found
-int dupkt_filter_search(struct dupkt_filter *filter, const struct packet *packet);
+int dupkt_filter_lookup(struct dupkt_filter *filter, const struct packet *packet);
 void dupkt_filter_add(struct dupkt_filter *filter, const struct packet *packet);
 
 #ifdef __cpluscplus

src/dupkt_filter/test/gtest_dupkt_filter.cpp

@@ -88,7 +88,7 @@ TEST(DUPKT_FILTER, TEST)
     struct dupkt_filter *filter = dupkt_filter_create(config.enable, config.capacity, config.error_rate, config.timeout_s);
     EXPECT_TRUE(filter != nullptr);
 
-    EXPECT_TRUE(dupkt_filter_search(filter, &pkt) == 0); // no found
+    EXPECT_TRUE(dupkt_filter_lookup(filter, &pkt) == 0); // no found
     dupkt_filter_add(filter, &pkt);                      // add
 
     for (int i = 0; i < 12; i++)
@@ -97,11 +97,11 @@ TEST(DUPKT_FILTER, TEST)
 
         if (i < config.timeout_s)
         {
-            EXPECT_TRUE(dupkt_filter_search(filter, &pkt) == 1); // found
+            EXPECT_TRUE(dupkt_filter_lookup(filter, &pkt) == 1); // found
         }
         else
         {
-            EXPECT_TRUE(dupkt_filter_search(filter, &pkt) == 0); // no found
+            EXPECT_TRUE(dupkt_filter_lookup(filter, &pkt) == 0); // no found
         }
         sleep(1);
         printf("sleep[%02d] 1s\n", i);

src/eviction_filter/CMakeLists.txt

@@ -0,0 +1,12 @@
+###############################################################################
+# eviction_filter
+###############################################################################
+
+add_library(eviction_filter eviction_filter.cpp)
+target_include_directories(eviction_filter PUBLIC ${CMAKE_SOURCE_DIR}/src/eviction_filter)
+target_include_directories(eviction_filter PUBLIC ${CMAKE_SOURCE_DIR}/src/packet)
+target_include_directories(eviction_filter PUBLIC ${CMAKE_SOURCE_DIR}/src/timestamp)
+target_include_directories(eviction_filter PUBLIC ${CMAKE_SOURCE_DIR}/deps/dablooms)
+target_link_libraries(eviction_filter packet timestamp dablooms)
+
+add_subdirectory(test)

src/eviction_filter/eviction_filter.cpp

@@ -0,0 +1,172 @@
+
+
+#include <string.h>
+
+#include "timestamp.h"
+#include "dablooms.h"
+#include "udp_helpers.h"
+#include "ipv4_helpers.h"
+#include "ipv6_helpers.h"
+#include "eviction_filter.h"
+
+struct eviction_filter_key
+{
+    // UDP
+    uint16_t src_port; /* network order */
+    uint16_t dst_port; /* network order */
+
+    // IPv4 or IPv6
+    union ip_address src_addr; /* network order */
+    union ip_address dst_addr; /* network order */
+} __attribute__((__packed__));
+
+struct eviction_filter
+{
+    uint8_t enable;
+    unsigned int capacity;
+    double error_rate;
+    int timeout_s;
+
+    struct expiry_dablooms_handle *handle;
+};
+
+/******************************************************************************
+ * Private API
+ ******************************************************************************/
+
+static void eviction_filter_key_reverse(struct eviction_filter_key *in, struct eviction_filter_key *out)
+{
+    memset(out, 0, sizeof(struct eviction_filter_key));
+    out->src_port = in->dst_port;
+    out->dst_port = in->src_port;
+    out->src_addr = in->dst_addr;
+    out->dst_addr = in->src_addr;
+}
+
+// return  0: success
+// reutrn -1: error
+static inline int packet_get_eviction_filter_key(const struct packet *packet, struct eviction_filter_key *key)
+{
+    const struct layer_record *l3_layer = packet_get_innermost_layer(packet, LAYER_TYPE_L3);
+    if (l3_layer == NULL)
+    {
+        return -1;
+    }
+    const struct layer_record *l4_layer = packet_get_innermost_layer(packet, LAYER_TYPE_L4);
+    if (l4_layer == NULL)
+    {
+        return -1;
+    }
+    if (l4_layer->type != LAYER_TYPE_UDP)
+    {
+        return -1;
+    }
+
+    memset(key, 0, sizeof(struct eviction_filter_key));
+    if (l3_layer->type == LAYER_TYPE_IPV4)
+    {
+        const struct ip *iphdr = (const struct ip *)l3_layer->hdr_ptr;
+        key->src_addr.v4 = ipv4_hdr_get_net_order_saddr(iphdr);
+        key->dst_addr.v4 = ipv4_hdr_get_net_order_daddr(iphdr);
+    }
+    if (l3_layer->type == LAYER_TYPE_IPV6)
+    {
+        const struct ip6_hdr *iphdr = (const struct ip6_hdr *)l3_layer->hdr_ptr;
+        key->src_addr.v6 = ipv6_hdr_get_net_order_saddr(iphdr);
+        key->dst_addr.v6 = ipv6_hdr_get_net_order_daddr(iphdr);
+    }
+
+    const struct udphdr *udphdr = (const struct udphdr *)l4_layer->hdr_ptr;
+    key->src_port = udp_hdr_get_net_order_sport(udphdr);
+    key->dst_port = udp_hdr_get_net_order_dport(udphdr);
+
+    return 0;
+}
+
+/******************************************************************************
+ * Public API
+ ******************************************************************************/
+
+struct eviction_filter *eviction_filter_create(uint8_t enable, unsigned int capacity, double error_rate, int timeout_s)
+{
+    struct eviction_filter *filter = (struct eviction_filter *)calloc(1, sizeof(struct eviction_filter));
+    if (filter == NULL)
+    {
+        return NULL;
+    }
+
+    filter->enable = enable;
+    filter->capacity = capacity;
+    filter->error_rate = error_rate;
+    filter->timeout_s = timeout_s;
+
+    if (filter->enable == 0)
+    {
+        return filter;
+    }
+
+    filter->handle = expiry_dablooms_init(filter->capacity, filter->error_rate, timestamp_get_sec(), filter->timeout_s);
+    if (filter->handle == NULL)
+    {
+        free(filter);
+        return NULL;
+    }
+
+    return filter;
+}
+
+void eviction_filter_destroy(struct eviction_filter *filter)
+{
+    if (filter)
+    {
+        if (filter->handle)
+        {
+            expiry_dablooms_destroy(filter->handle);
+            filter->handle = NULL;
+        }
+        free(filter);
+        filter = NULL;
+    }
+}
+
+// return 1: found
+// reutrn 0: no found
+int eviction_filter_lookup(struct eviction_filter *filter, const struct packet *packet)
+{
+    if (filter->enable == 0)
+    {
+        return 0;
+    }
+
+    struct eviction_filter_key key;
+    if (packet_get_eviction_filter_key(packet, &key) == -1)
+    {
+        return 0;
+    }
+
+    if (expiry_dablooms_search(filter->handle, (const char *)&key, sizeof(struct eviction_filter_key), timestamp_get_sec()) == 1)
+    {
+        return 1;
+    }
+
+    return 0;
+}
+
+void eviction_filter_add(struct eviction_filter *filter, const struct packet *packet)
+{
+    if (filter->enable == 0)
+    {
+        return;
+    }
+
+    struct eviction_filter_key key;
+    if (packet_get_eviction_filter_key(packet, &key) == -1)
+    {
+        return;
+    }
+    expiry_dablooms_add(filter->handle, (const char *)&key, sizeof(struct eviction_filter_key), timestamp_get_sec());
+
+    struct eviction_filter_key reverse_key;
+    eviction_filter_key_reverse(&key, &reverse_key);
+    expiry_dablooms_add(filter->handle, (const char *)&reverse_key, sizeof(struct eviction_filter_key), timestamp_get_sec());
+}

src/eviction_filter/eviction_filter.h

@@ -0,0 +1,25 @@
+#ifndef _EVICTION_FILTER_H
+#define _EVICTION_FILTER_H
+
+#ifdef __cpluscplus
+extern "C"
+{
+#endif
+
+// Eviction Filter Only for UDP Packet
+
+#include "packet.h"
+
+struct eviction_filter *eviction_filter_create(uint8_t enable, unsigned int capacity, double error_rate, int timeout_s);
+void eviction_filter_destroy(struct eviction_filter *filter);
+
+// return 1: found
+// reutrn 0: no found
+int eviction_filter_lookup(struct eviction_filter *filter, const struct packet *packet);
+void eviction_filter_add(struct eviction_filter *filter, const struct packet *packet);
+
+#ifdef __cpluscplus
+}
+#endif
+
+#endif

src/eviction_filter/test/CMakeLists.txt

@@ -0,0 +1,9 @@
+###############################################################################
+# gtest
+###############################################################################
+
+add_executable(gtest_eviction_filter gtest_eviction_filter.cpp)
+target_link_libraries(gtest_eviction_filter eviction_filter gtest)
+
+include(GoogleTest)
+gtest_discover_tests(gtest_eviction_filter)

src/eviction_filter/test/gtest_eviction_filter.cpp

@@ -0,0 +1,171 @@
+#include <gtest/gtest.h>
+
+#include "eviction_filter.h"
+#include "timestamp.h"
+
+/*
+ * Frame 1: 74 bytes on wire (592 bits), 74 bytes captured (592 bits) on interface en0, id 0
+ * Ethernet II, Src: Apple_0a:c5:ea (3c:a6:f6:0a:c5:ea), Dst: NewH3CTe_96:38:0e (48:73:97:96:38:0e)
+ *     Destination: NewH3CTe_96:38:0e (48:73:97:96:38:0e)
+ *     Source: Apple_0a:c5:ea (3c:a6:f6:0a:c5:ea)
+ *     Type: IPv4 (0x0800)
+ * Internet Protocol Version 4, Src: 192.168.38.105, Dst: 121.14.154.93
+ *     0100 .... = Version: 4
+ *     .... 0101 = Header Length: 20 bytes (5)
+ *     Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
+ *         0000 00.. = Differentiated Services Codepoint: Default (0)
+ *         .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
+ *     Total Length: 60
+ *     Identification: 0xaef9 (44793)
+ *     000. .... = Flags: 0x0
+ *         0... .... = Reserved bit: Not set
+ *         .0.. .... = Don't fragment: Not set
+ *         ..0. .... = More fragments: Not set
+ *     ...0 0000 0000 0000 = Fragment Offset: 0
+ *     Time to Live: 64
+ *     Protocol: UDP (17)
+ *     Header Checksum: 0xd13a [correct]
+ *     [Header checksum status: Good]
+ *     [Calculated Checksum: 0xd13a]
+ *     Source Address: 192.168.38.105
+ *     Destination Address: 121.14.154.93
+ * User Datagram Protocol, Src Port: 61099, Dst Port: 53
+ *     Source Port: 61099
+ *     Destination Port: 53
+ *     Length: 40
+ *     Checksum: 0xdcf1 [correct]
+ *         [Calculated Checksum: 0xdcf1]
+ *     [Checksum Status: Good]
+ *     [Stream index: 0]
+ *     [Timestamps]
+ *         [Time since first frame: 0.000000000 seconds]
+ *         [Time since previous frame: 0.000000000 seconds]
+ *     UDP payload (32 bytes)
+ * Domain Name System (query)
+ */
+
+unsigned char udp_pkt1_dns_req[] = {
+    0x48, 0x73, 0x97, 0x96, 0x38, 0x0e, 0x3c, 0xa6, 0xf6, 0x0a, 0xc5, 0xea, 0x08, 0x00, 0x45, 0x00, 0x00, 0x3c, 0xae, 0xf9, 0x00, 0x00, 0x40, 0x11, 0xd1, 0x3a,
+    0xc0, 0xa8, 0x26, 0x69, 0x79, 0x0e, 0x9a, 0x5d, 0xee, 0xab, 0x00, 0x35, 0x00, 0x28, 0xdc, 0xf1, 0xa5, 0xaf, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x03, 0x77, 0x77, 0x77, 0x06, 0x62, 0x61, 0x64, 0x73, 0x73, 0x6c, 0x03, 0x63, 0x6f, 0x6d, 0x00, 0x00, 0x01, 0x00, 0x01};
+
+/*
+ * Frame 2: 550 bytes on wire (4400 bits), 550 bytes captured (4400 bits) on interface en0, id 0
+ * Ethernet II, Src: NewH3CTe_96:38:0e (48:73:97:96:38:0e), Dst: Apple_0a:c5:ea (3c:a6:f6:0a:c5:ea)
+ *     Destination: Apple_0a:c5:ea (3c:a6:f6:0a:c5:ea)
+ *     Source: NewH3CTe_96:38:0e (48:73:97:96:38:0e)
+ *     Type: IPv4 (0x0800)
+ * Internet Protocol Version 4, Src: 121.14.154.93, Dst: 192.168.38.105
+ *     0100 .... = Version: 4
+ *     .... 0101 = Header Length: 20 bytes (5)
+ *     Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
+ *         0000 00.. = Differentiated Services Codepoint: Default (0)
+ *         .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
+ *     Total Length: 536
+ *     Identification: 0xb578 (46456)
+ *     000. .... = Flags: 0x0
+ *         0... .... = Reserved bit: Not set
+ *         .0.. .... = Don't fragment: Not set
+ *         ..0. .... = More fragments: Not set
+ *     ...0 0000 0000 0000 = Fragment Offset: 0
+ *     Time to Live: 46
+ *     Protocol: UDP (17)
+ *     Header Checksum: 0xdadf [correct]
+ *     [Header checksum status: Good]
+ *     [Calculated Checksum: 0xdadf]
+ *     Source Address: 121.14.154.93
+ *     Destination Address: 192.168.38.105
+ * User Datagram Protocol, Src Port: 53, Dst Port: 61099
+ *     Source Port: 53
+ *     Destination Port: 61099
+ *     Length: 516
+ *     Checksum: 0x9aca [correct]
+ *         [Calculated Checksum: 0x9aca]
+ *     [Checksum Status: Good]
+ *     [Stream index: 0]
+ *     [Timestamps]
+ *         [Time since first frame: 0.525915000 seconds]
+ *         [Time since previous frame: 0.525915000 seconds]
+ *     UDP payload (508 bytes)
+ * Domain Name System (response)
+ */
+
+unsigned char udp_pkt2_dns_resp[] = {
+    0x3c, 0xa6, 0xf6, 0x0a, 0xc5, 0xea, 0x48, 0x73, 0x97, 0x96, 0x38, 0x0e, 0x08, 0x00, 0x45, 0x00, 0x02, 0x18, 0xb5, 0x78, 0x00, 0x00, 0x2e, 0x11, 0xda, 0xdf,
+    0x79, 0x0e, 0x9a, 0x5d, 0xc0, 0xa8, 0x26, 0x69, 0x00, 0x35, 0xee, 0xab, 0x02, 0x04, 0x9a, 0xca, 0xa5, 0xaf, 0x81, 0x80, 0x00, 0x01, 0x00, 0x01, 0x00, 0x0d,
+    0x00, 0x0e, 0x03, 0x77, 0x77, 0x77, 0x06, 0x62, 0x61, 0x64, 0x73, 0x73, 0x6c, 0x03, 0x63, 0x6f, 0x6d, 0x00, 0x00, 0x01, 0x00, 0x01, 0xc0, 0x0c, 0x00, 0x01,
+    0x00, 0x01, 0x00, 0x00, 0x0e, 0x10, 0x00, 0x04, 0x68, 0x9a, 0x59, 0x69, 0xc0, 0x17, 0x00, 0x02, 0x00, 0x01, 0x00, 0x01, 0xa7, 0x1a, 0x00, 0x14, 0x01, 0x62,
+    0x0c, 0x67, 0x74, 0x6c, 0x64, 0x2d, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x03, 0x6e, 0x65, 0x74, 0x00, 0xc0, 0x17, 0x00, 0x02, 0x00, 0x01, 0x00, 0x01,
+    0xa7, 0x1a, 0x00, 0x04, 0x01, 0x65, 0xc0, 0x3e, 0xc0, 0x17, 0x00, 0x02, 0x00, 0x01, 0x00, 0x01, 0xa7, 0x1a, 0x00, 0x04, 0x01, 0x63, 0xc0, 0x3e, 0xc0, 0x17,
+    0x00, 0x02, 0x00, 0x01, 0x00, 0x01, 0xa7, 0x1a, 0x00, 0x04, 0x01, 0x66, 0xc0, 0x3e, 0xc0, 0x17, 0x00, 0x02, 0x00, 0x01, 0x00, 0x01, 0xa7, 0x1a, 0x00, 0x04,
+    0x01, 0x61, 0xc0, 0x3e, 0xc0, 0x17, 0x00, 0x02, 0x00, 0x01, 0x00, 0x01, 0xa7, 0x1a, 0x00, 0x04, 0x01, 0x6b, 0xc0, 0x3e, 0xc0, 0x17, 0x00, 0x02, 0x00, 0x01,
+    0x00, 0x01, 0xa7, 0x1a, 0x00, 0x04, 0x01, 0x68, 0xc0, 0x3e, 0xc0, 0x17, 0x00, 0x02, 0x00, 0x01, 0x00, 0x01, 0xa7, 0x1a, 0x00, 0x04, 0x01, 0x64, 0xc0, 0x3e,
+    0xc0, 0x17, 0x00, 0x02, 0x00, 0x01, 0x00, 0x01, 0xa7, 0x1a, 0x00, 0x04, 0x01, 0x67, 0xc0, 0x3e, 0xc0, 0x17, 0x00, 0x02, 0x00, 0x01, 0x00, 0x01, 0xa7, 0x1a,
+    0x00, 0x04, 0x01, 0x69, 0xc0, 0x3e, 0xc0, 0x17, 0x00, 0x02, 0x00, 0x01, 0x00, 0x01, 0xa7, 0x1a, 0x00, 0x04, 0x01, 0x6d, 0xc0, 0x3e, 0xc0, 0x17, 0x00, 0x02,
+    0x00, 0x01, 0x00, 0x01, 0xa7, 0x1a, 0x00, 0x04, 0x01, 0x6c, 0xc0, 0x3e, 0xc0, 0x17, 0x00, 0x02, 0x00, 0x01, 0x00, 0x01, 0xa7, 0x1a, 0x00, 0x04, 0x01, 0x6a,
+    0xc0, 0x3e, 0xc0, 0x8c, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x57, 0x5b, 0x00, 0x04, 0xc0, 0x05, 0x06, 0x1e, 0xc0, 0x3c, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01,
+    0x70, 0x36, 0x00, 0x04, 0xc0, 0x21, 0x0e, 0x1e, 0xc0, 0x6c, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x72, 0x6d, 0x00, 0x04, 0xc0, 0x1a, 0x5c, 0x1e, 0xc0, 0xbc,
+    0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x71, 0xdb, 0x00, 0x04, 0xc0, 0x1f, 0x50, 0x1e, 0xc0, 0x5c, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x75, 0x53, 0x00, 0x04,
+    0xc0, 0x0c, 0x5e, 0x1e, 0xc0, 0x7c, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x71, 0xdb, 0x00, 0x04, 0xc0, 0x23, 0x33, 0x1e, 0xc0, 0xcc, 0x00, 0x01, 0x00, 0x01,
+    0x00, 0x01, 0x78, 0x72, 0x00, 0x04, 0xc0, 0x2a, 0x5d, 0x1e, 0xc0, 0xac, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x7a, 0x75, 0x00, 0x04, 0xc0, 0x36, 0x70, 0x1e,
+    0xc0, 0xdc, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x73, 0x3d, 0x00, 0x04, 0xc0, 0x2b, 0xac, 0x1e, 0xc1, 0x0c, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x72, 0x6d,
+    0x00, 0x04, 0xc0, 0x30, 0x4f, 0x1e, 0xc0, 0x9c, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x7a, 0x75, 0x00, 0x04, 0xc0, 0x34, 0xb2, 0x1e, 0xc0, 0xfc, 0x00, 0x01,
+    0x00, 0x01, 0x00, 0x01, 0x7a, 0x75, 0x00, 0x04, 0xc0, 0x29, 0xa2, 0x1e, 0xc0, 0xec, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x72, 0x6d, 0x00, 0x04, 0xc0, 0x37,
+    0x53, 0x1e, 0xc0, 0x8c, 0x00, 0x1c, 0x00, 0x01, 0x00, 0x01, 0xa7, 0x1a, 0x00, 0x10, 0x20, 0x01, 0x05, 0x03, 0xa8, 0x3e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x02, 0x00, 0x30};
+
+struct config
+{
+    uint8_t enable;
+    unsigned int capacity;
+    double error_rate;
+    int timeout_s;
+} config = {
+    .enable = 1,
+    .capacity = 1000000,
+    .error_rate = 0.00001,
+    .timeout_s = 10,
+};
+
+TEST(EVICTION_FILTER, TEST)
+{
+    timestamp_update();
+
+    struct packet c2s_pkt;
+    struct packet s2c_pkt;
+    packet_parse(&c2s_pkt, (const char *)udp_pkt1_dns_req, sizeof(udp_pkt1_dns_req));
+    packet_parse(&s2c_pkt, (const char *)udp_pkt2_dns_resp, sizeof(udp_pkt2_dns_resp));
+
+    struct eviction_filter *filter = eviction_filter_create(config.enable, config.capacity, config.error_rate, config.timeout_s);
+    EXPECT_TRUE(filter != nullptr);
+
+    EXPECT_TRUE(eviction_filter_lookup(filter, &c2s_pkt) == 0); // no found
+    EXPECT_TRUE(eviction_filter_lookup(filter, &s2c_pkt) == 0); // no found
+    eviction_filter_add(filter, &c2s_pkt);                      // add
+
+    for (int i = 0; i < 12; i++)
+    {
+        timestamp_update();
+
+        if (i < config.timeout_s)
+        {
+            EXPECT_TRUE(eviction_filter_lookup(filter, &c2s_pkt) == 1); // found
+            EXPECT_TRUE(eviction_filter_lookup(filter, &s2c_pkt) == 1); // found
+        }
+        else
+        {
+            EXPECT_TRUE(eviction_filter_lookup(filter, &c2s_pkt) == 0); // no found
+            EXPECT_TRUE(eviction_filter_lookup(filter, &s2c_pkt) == 0); // no found
+        }
+        sleep(1);
+        printf("sleep[%02d] 1s\n", i);
+    }
+
+    eviction_filter_destroy(filter);
+}
+
+int main(int argc, char **argv)
+{
+    ::testing::InitGoogleTest(&argc, argv);
+    return RUN_ALL_TESTS();
+}

src/packet/ipv4_helpers.h

@@ -94,16 +94,26 @@ static inline uint16_t ipv4_hdr_get_checksum(const struct ip *hdr)
     return ntohs(hdr->ip_sum);
 }
 
-static inline uint32_t ipv4_hdr_get_src(const struct ip *hdr)
+static inline uint32_t ipv4_hdr_get_host_order_saddr(const struct ip *hdr)
 {
     return ntohl(hdr->ip_src.s_addr);
 }
 
-static inline uint32_t ipv4_hdr_get_dst(const struct ip *hdr)
+static inline uint32_t ipv4_hdr_get_host_order_daddr(const struct ip *hdr)
 {
     return ntohl(hdr->ip_dst.s_addr);
 }
 
+static inline struct in_addr ipv4_hdr_get_net_order_saddr(const struct ip *hdr)
+{
+    return hdr->ip_src;
+}
+
+static inline struct in_addr ipv4_hdr_get_net_order_daddr(const struct ip *hdr)
+{
+    return hdr->ip_dst;
+}
+
 static inline uint8_t ipv4_hdr_get_opt_len(const struct ip *hdr)
 {
     return ipv4_hdr_get_hl(hdr) - sizeof(struct ip);

src/packet/ipv6_helpers.h

@@ -0,0 +1,86 @@
+#ifndef _IPV6_HELPERS_H
+#define _IPV6_HELPERS_H
+
+#ifdef __cpluscplus
+extern "C"
+{
+#endif
+
+#include <arpa/inet.h>
+#include <netinet/ip6.h>
+
+/*
+ * IPv6 Header Format
+ *
+ *   0                   1                   2                   3
+ *   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *  |Version| Traffic Class |           Flow Label                  |
+ *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *  |         Payload Length        |  Next Header  |   Hop Limit   |
+ *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *  |                                                               |
+ *  +                                                               +
+ *  |                                                               |
+ *  +                         Source Address                        +
+ *  |                                                               |
+ *  +                                                               +
+ *  |                                                               |
+ *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *  |                                                               |
+ *  +                                                               +
+ *  |                                                               |
+ *  +                      Destination Address                      +
+ *  |                                                               |
+ *  +                                                               +
+ *  |                                                               |
+ *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ */
+
+static inline uint8_t ipv6_hdr_get_version(const struct ip6_hdr *hdr)
+{
+    return (ntohl(hdr->ip6_flow) & 0xf0000000) >> 28;
+}
+
+static inline uint8_t ipv6_hdr_get_traffic_class(const struct ip6_hdr *hdr)
+{
+    return (ntohl(hdr->ip6_flow) & 0x0ff00000) >> 20;
+}
+
+static inline uint32_t ipv6_hdr_get_flow_label(const struct ip6_hdr *hdr)
+{
+    return ntohl(hdr->ip6_flow) & 0x000fffff;
+}
+
+static inline uint16_t ipv6_hdr_get_payload_len(const struct ip6_hdr *hdr)
+{
+    return ntohs(hdr->ip6_plen);
+}
+
+static inline uint8_t ipv6_hdr_get_next_header(const struct ip6_hdr *hdr)
+{
+    return hdr->ip6_nxt;
+}
+
+static inline uint8_t ipv6_hdr_get_hop_limit(const struct ip6_hdr *hdr)
+{
+    return hdr->ip6_hlim;
+}
+
+static inline struct in6_addr ipv6_hdr_get_net_order_saddr(const struct ip6_hdr *hdr)
+{
+    return hdr->ip6_src;
+}
+
+static inline struct in6_addr ipv6_hdr_get_net_order_daddr(const struct ip6_hdr *hdr)
+{
+    return hdr->ip6_dst;
+}
+
+// TODO IPv6 extension headers
+
+#ifdef __cpluscplus
+}
+#endif
+
+#endif

src/packet/tcp_helpers.h

@@ -34,16 +34,26 @@ extern "C"
  *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  */
 
-static inline uint16_t tcp_hdr_get_sport(const struct tcphdr *hdr)
+static inline uint16_t tcp_hdr_get_host_order_sport(const struct tcphdr *hdr)
 {
     return ntohs(hdr->th_sport);
 }
 
-static inline uint16_t tcp_hdr_get_dport(const struct tcphdr *hdr)
+static inline uint16_t tcp_hdr_get_host_order_dport(const struct tcphdr *hdr)
 {
     return ntohs(hdr->th_dport);
 }
 
+static inline uint16_t tcp_hdr_get_net_order_sport(const struct tcphdr *hdr)
+{
+    return hdr->th_sport;
+}
+
+static inline uint16_t tcp_hdr_get_net_order_dport(const struct tcphdr *hdr)
+{
+    return hdr->th_dport;
+}
+
 static inline uint32_t tcp_hdr_get_seq(const struct tcphdr *hdr)
 {
     return ntohl(hdr->th_seq);

src/packet/test/CMakeLists.txt

@@ -17,6 +17,10 @@ add_executable(gtest_ipv4_helpers gtest_ipv4_helpers.cpp)
 target_include_directories(gtest_ipv4_helpers PUBLIC ${CMAKE_SOURCE_DIR}/src/packet)
 target_link_libraries(gtest_ipv4_helpers gtest)
 
+add_executable(gtest_ipv6_helpers gtest_ipv6_helpers.cpp)
+target_include_directories(gtest_ipv6_helpers PUBLIC ${CMAKE_SOURCE_DIR}/src/packet)
+target_link_libraries(gtest_ipv6_helpers gtest)
+
 add_executable(gtest_packet_helpers gtest_packet_helpers.cpp)
 target_link_libraries(gtest_packet_helpers packet gtest)
 
@@ -25,4 +29,5 @@ gtest_discover_tests(gtest_packet)
 gtest_discover_tests(gtest_udp_helpers)
 gtest_discover_tests(gtest_tcp_helpers)
 gtest_discover_tests(gtest_ipv4_helpers)
+gtest_discover_tests(gtest_ipv6_helpers)
 gtest_discover_tests(gtest_packet_helpers)

src/packet/test/gtest_ipv4_helpers.cpp

@@ -45,8 +45,8 @@ TEST(IPV4_HELPERS, TEST)
     EXPECT_TRUE(ipv4_hdr_get_ttl(hdr) == 127);
     EXPECT_TRUE(ipv4_hdr_get_protocol(hdr) == 6);
     EXPECT_TRUE(ipv4_hdr_get_checksum(hdr) == 0x4d8b);
-    EXPECT_TRUE(ipv4_hdr_get_src(hdr) == 0xc0a82467);
+    EXPECT_TRUE(ipv4_hdr_get_host_order_saddr(hdr) == 0xc0a82467);
-    EXPECT_TRUE(ipv4_hdr_get_dst(hdr) == 0xc0a82889);
+    EXPECT_TRUE(ipv4_hdr_get_host_order_daddr(hdr) == 0xc0a82889);
     EXPECT_TRUE(ipv4_hdr_get_opt_len(hdr) == 0);
     EXPECT_TRUE(ipv4_hdr_get_opt_ptr(hdr) == data + 20);
 }

src/packet/test/gtest_ipv6_helpers.cpp

@@ -0,0 +1,47 @@
+#include <gtest/gtest.h>
+
+#include "ipv6_helpers.h"
+
+/*
+ * Internet Protocol Version 6, Src: fe80::250:56ff:fe69:dc00, Dst: ff02::1:2
+ *     0110 .... = Version: 6
+ *     .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
+ *         .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
+ *         .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
+ *     .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
+ *     Payload Length: 60
+ *     Next Header: UDP (17)
+ *     Hop Limit: 1
+ *     Source Address: fe80::250:56ff:fe69:dc00
+ *     Destination Address: ff02::1:2
+ *     [Source SLAAC MAC: VMware_69:dc:00 (00:50:56:69:dc:00)]
+ *  */
+
+unsigned char data[] = {
+    0x60, 0x00, 0x00, 0x00, 0x00, 0x3c, 0x11, 0x01, 0xfe, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x50, 0x56, 0xff, 0xfe, 0x69, 0xdc, 0x00, 0xff, 0x02,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x02};
+
+TEST(IPV6_HELPERS, TEST)
+{
+    char src_str[INET6_ADDRSTRLEN];
+    char dst_str[INET6_ADDRSTRLEN];
+    const struct ip6_hdr *hdr = (struct ip6_hdr *)data;
+    EXPECT_TRUE(ipv6_hdr_get_version(hdr) == 6);
+    EXPECT_TRUE(ipv6_hdr_get_traffic_class(hdr) == 0);
+    EXPECT_TRUE(ipv6_hdr_get_flow_label(hdr) == 0);
+    EXPECT_TRUE(ipv6_hdr_get_payload_len(hdr) == 60);
+    EXPECT_TRUE(ipv6_hdr_get_next_header(hdr) == 17);
+    EXPECT_TRUE(ipv6_hdr_get_hop_limit(hdr) == 1);
+    struct in6_addr src_addr = ipv6_hdr_get_net_order_saddr(hdr);
+    struct in6_addr dst_addr = ipv6_hdr_get_net_order_daddr(hdr);
+    inet_ntop(AF_INET6, &src_addr, src_str, INET6_ADDRSTRLEN);
+    inet_ntop(AF_INET6, &dst_addr, dst_str, INET6_ADDRSTRLEN);
+    EXPECT_TRUE(strcmp(src_str, "fe80::250:56ff:fe69:dc00") == 0);
+    EXPECT_TRUE(strcmp(dst_str, "ff02::1:2") == 0);
+}
+
+int main(int argc, char **argv)
+{
+    ::testing::InitGoogleTest(&argc, argv);
+    return RUN_ALL_TESTS();
+}

src/packet/test/gtest_tcp_helpers.cpp

@@ -77,8 +77,8 @@ unsigned char data[] = {
 TEST(TCP_HELPERS, TEST)
 {
     const struct tcphdr *hdr = (struct tcphdr *)data;
-    EXPECT_TRUE(tcp_hdr_get_sport(hdr) == 55555);
+    EXPECT_TRUE(tcp_hdr_get_host_order_sport(hdr) == 55555);
-    EXPECT_TRUE(tcp_hdr_get_dport(hdr) == 40856);
+    EXPECT_TRUE(tcp_hdr_get_host_order_dport(hdr) == 40856);
     EXPECT_TRUE(tcp_hdr_get_seq(hdr) == 3965699644);
     EXPECT_TRUE(tcp_hdr_get_ack(hdr) == 991053714);
     EXPECT_TRUE(tcp_hdr_get_doff(hdr) == 40);

src/packet/test/gtest_udp_helpers.cpp

@@ -17,8 +17,8 @@ unsigned char data[] = {0x0f, 0xa1, 0x1f, 0x40, 0x00, 0x9b, 0x1e, 0x1e};
 TEST(UDP_HELPERS, TEST)
 {
     const struct udphdr *hdr = (struct udphdr *)data;
-    EXPECT_TRUE(udp_hdr_get_sport(hdr) == 4001);
+    EXPECT_TRUE(udp_hdr_get_host_order_sport(hdr) == 4001);
-    EXPECT_TRUE(udp_hdr_get_dport(hdr) == 8000);
+    EXPECT_TRUE(udp_hdr_get_host_order_dport(hdr) == 8000);
     EXPECT_TRUE(udp_hdr_get_len(hdr) == 155);
     EXPECT_TRUE(udp_hdr_get_checksum(hdr) == 0x1e1e);
 }

src/packet/udp_helpers.h

@@ -24,16 +24,26 @@ extern "C"
  *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  */
 
-static inline uint16_t udp_hdr_get_sport(const struct udphdr *hdr)
+static inline uint16_t udp_hdr_get_host_order_sport(const struct udphdr *hdr)
 {
     return ntohs(hdr->uh_sport);
 }
 
-static inline uint16_t udp_hdr_get_dport(const struct udphdr *hdr)
+static inline uint16_t udp_hdr_get_host_order_dport(const struct udphdr *hdr)
 {
     return ntohs(hdr->uh_dport);
 }
 
+static inline uint16_t udp_hdr_get_net_order_sport(const struct udphdr *hdr)
+{
+    return hdr->uh_sport;
+}
+
+static inline uint16_t udp_hdr_get_net_order_dport(const struct udphdr *hdr)
+{
+    return hdr->uh_dport;
+}
+
 static inline uint16_t udp_hdr_get_len(const struct udphdr *hdr)
 {
     return ntohs(hdr->uh_ulen);

src/session/session.cpp

@@ -190,9 +190,32 @@ uint64_t session_get_last_time(const struct session *sess)
 }
 
 /******************************************************************************
- * session current packet
+ * session packet
  ******************************************************************************/
 
+const struct packet *session_get0_c2s_1st_pkt(const struct session *sess)
+{
+    return (const struct packet *)session_get0_ex_data(sess, c2s_1st_pkt_ex);
+}
+
+const struct packet *session_get0_s2c_1st_pkt(const struct session *sess)
+{
+    return (const struct packet *)session_get0_ex_data(sess, s2c_1st_pkt_ex);
+}
+
+const struct packet *session_get0_1st_pkt(const struct session *sess)
+{
+    const struct packet *c2s_1st_pkt = session_get0_c2s_1st_pkt(sess);
+    if (c2s_1st_pkt)
+    {
+        return c2s_1st_pkt;
+    }
+    else
+    {
+        return session_get0_s2c_1st_pkt(sess);
+    }
+}
+
 // session current packet
 void session_set0_cur_pkt(struct session *sess, const struct packet *pkt)
 {

src/session/session.h

@@ -94,9 +94,13 @@ uint64_t session_get_create_time(const struct session *sess);
 uint64_t session_get_last_time(const struct session *sess);
 
 /******************************************************************************
- * session current packet
+ * session packet
  ******************************************************************************/
 
+const struct packet *session_get0_c2s_1st_pkt(const struct session *sess);
+const struct packet *session_get0_s2c_1st_pkt(const struct session *sess);
+const struct packet *session_get0_1st_pkt(const struct session *sess);
+
 // session current packet
 void session_set0_cur_pkt(struct session *sess, const struct packet *pkt);
 const struct packet *session_get0_cur_pkt(const struct session *sess);

src/stellar/CMakeLists.txt

@@ -1,8 +1,7 @@
 add_executable(stellar stellar.cpp)
-
+target_link_libraries(stellar session_manager)
-target_include_directories(stellar PUBLIC ${CMAKE_SOURCE_DIR}/src/packet)
+target_link_libraries(stellar dupkt_filter)
-target_include_directories(stellar PUBLIC ${CMAKE_SOURCE_DIR}/src/session)
+target_link_libraries(stellar eviction_filter)
-target_include_directories(stellar PUBLIC ${CMAKE_SOURCE_DIR}/src/dupkt)
+target_link_libraries(stellar pthread)
-target_link_libraries(stellar session_manager dupkt_filter pthread)
 
 install(TARGETS stellar RUNTIME DESTINATION bin COMPONENT Program)

src/stellar/stellar.cpp

@@ -11,6 +11,7 @@
 #include "timestamp.h"
 #include "session_manager.h"
 #include "dupkt_filter.h"
+#include "eviction_filter.h"
 
 #ifndef STELLAR_LOG_ERROR
 #define STELLAR_LOG_ERROR(format, ...) \
@@ -32,6 +33,7 @@ struct thread_ctx
     uint64_t is_runing;
     struct session_manager *sess_mgr;
     struct dupkt_filter *dupkt_filter;
+    struct eviction_filter *eviction_filter;
 };
 
 struct stellar_ctx
@@ -50,6 +52,12 @@ struct stellar_ctx
     double dupkt_filter_error_rate;
     int dupkt_filter_timeout_s;
 
+    // eviction filter
+    uint8_t eviction_filter_enable;
+    unsigned int eviction_filter_capacity;
+    double eviction_filter_error_rate;
+    int eviction_filter_timeout_s;
+
     // thread
     struct thread_ctx thread_ctx[128];
 } g_stellar_ctx = {
@@ -65,7 +73,14 @@ struct stellar_ctx
     .dupkt_filter_enable = 1,
     .dupkt_filter_capacity = 1000000,
     .dupkt_filter_error_rate = 0.0001,
-    .dupkt_filter_timeout_s = 10};
+    .dupkt_filter_timeout_s = 10,
+
+    // eviction filter
+    .eviction_filter_enable = 1,
+    .eviction_filter_capacity = 1000000,
+    .eviction_filter_error_rate = 0.0001,
+    .eviction_filter_timeout_s = 10,
+};
 
 // TODO
 static int recv_packet(const char **data)
@@ -126,6 +141,9 @@ static void thread_ctx_init(struct stellar_ctx *ctx)
         // duplicated packet filter
         thd_ctx->dupkt_filter = dupkt_filter_create(ctx->dupkt_filter_enable, ctx->dupkt_filter_capacity, ctx->dupkt_filter_error_rate, ctx->dupkt_filter_timeout_s);
         assert(thd_ctx->dupkt_filter != NULL);
+        // eviction filter
+        thd_ctx->eviction_filter = eviction_filter_create(ctx->eviction_filter_enable, ctx->eviction_filter_capacity, ctx->eviction_filter_error_rate, ctx->eviction_filter_timeout_s);
+        assert(thd_ctx->eviction_filter != NULL);
     }
 }
 
@@ -166,12 +184,19 @@ static void *thread_cycle(void *arg)
         packet_parse(&pkt, data, len);
 
         // duplicated packet filter
-        if (dupkt_filter_search(dupkt_filter, &pkt) == 0)
+        if (dupkt_filter_lookup(dupkt_filter, &pkt) == 0)
         {
             STELLAR_LOG_DEBUG("duplicated packet, forward it");
             goto fast_forward;
         }
 
+        // eviction filter
+        if (eviction_filter_lookup(thd_ctx->eviction_filter, &pkt) == 0)
+        {
+            STELLAR_LOG_DEBUG("eviction packet, forward it");
+            goto fast_forward;
+        }
+
         // update session
         sess = session_manager_update(sess_mgr, &pkt);
         if (sess == NULL)
@@ -189,6 +214,11 @@ static void *thread_cycle(void *arg)
 
         // dispatch expire session
         sess = session_manager_expire(sess_mgr);
+        if (sess && session_get_type(sess) == SESSION_TYPE_UDP && session_get_state(sess) == SESSION_STATE_CLOSING)
+        {
+            const struct packet *sess_1st_pkt = session_get0_1st_pkt(sess);
+            eviction_filter_add(thd_ctx->eviction_filter, sess_1st_pkt);
+        }
         session_manager_dispatch(sess_mgr, sess);
 
         // TODO get next timeout