summaryrefslogtreecommitdiff
path: root/inner_plug
diff options
context:
space:
mode:
authorlijia <[email protected]>2018-10-25 13:02:50 +0800
committerlijia <[email protected]>2018-10-25 13:02:50 +0800
commit6dfed60dddb3518080a08a9618888af85f0770ab (patch)
tree9d3a1a9349a253eae3f8c6044496f35dd9404b40 /inner_plug
parentfb722683106a93f1fac557f6eeabc17c15165e86 (diff)
清理源码中无用的.a, .so, 废弃的.c文件soq_online
Diffstat (limited to 'inner_plug')
-rw-r--r--inner_plug/Makefile7
-rw-r--r--inner_plug/afh_common.c23
-rw-r--r--inner_plug/afh_inner.h226
-rw-r--r--inner_plug/anti_flood_hijack.c873
-rw-r--r--inner_plug/anti_flood_hijack.h87
-rw-r--r--inner_plug/anti_flood_plug.c64
6 files changed, 0 insertions, 1280 deletions
diff --git a/inner_plug/Makefile b/inner_plug/Makefile
index eacde31..b16dbcc 100644
--- a/inner_plug/Makefile
+++ b/inner_plug/Makefile
@@ -29,7 +29,6 @@ TARGET = isakmp_protocol_plug.so ipsec_biz_sample.so l2tp_protocol_plug.so l2tp_
TARGET += pptp_protocol_plug.so pptp_biz_sample.so
TARGET += g_device_plug.so
TARGET += libsapp_assistant.so
-TARGET += libanti_flood_hijack.so
all: $(TARGET)
@@ -83,12 +82,6 @@ libsapp_assistant.so: sapp_assistant.c
mkdir -p $(RELEASE_PLT_PATH)/sapp_assistant/;
cp $@ $(RELEASE_PLT_PATH)/sapp_assistant/sapp_assistant.so
-libanti_flood_hijack.so:anti_flood_plug.o anti_flood_hijack.o
- $(CC) -o $@ -shared -fPIC $(CFLAGS) $^ $(MODULES);
- mkdir -p $(RELEASE_BIZ_PATH)/anti_flood;
- cp $@ $(RELEASE_BIZ_PATH)/anti_flood/;
- cp $@ /opt/MESA/lib/libanti_flood_hijack.so;
-
clean:
rm -f *.o *.so *.a $(TARGET)
diff --git a/inner_plug/afh_common.c b/inner_plug/afh_common.c
deleted file mode 100644
index 0ea4a65..0000000
--- a/inner_plug/afh_common.c
+++ /dev/null
@@ -1,23 +0,0 @@
-#include <stdlib.h>
-#include <stdio.h>
-#include <unistd.h>
-#include <netinet/ip.h>
-#include <netinet/tcp.h>
-#include <netinet/udp.h>
-#include <assert.h>
-#include <time.h>
-#include <arpa/inet.h>
-#include <pthread.h>
-#include <linux/if_ether.h>
-#include "dictator.h"
-#include "afh_inner.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-
-
-#ifdef __cplusplus
-}
-#endif
diff --git a/inner_plug/afh_inner.h b/inner_plug/afh_inner.h
deleted file mode 100644
index ca03e62..0000000
--- a/inner_plug/afh_inner.h
+++ /dev/null
@@ -1,226 +0,0 @@
-#ifndef _AFH_INNER_H_
-#define _AFH_INNER_H_ 1
-
-#include <stdint.h>
-#include <stdio.h>
-#include <netinet/ip.h>
-#include <netinet/in.h>
-#include "avltree.h"
-
-#define AFH_DEBUG (1)
-
-#define SYM_HIDDEN __attribute__((visibility("hidden")))
-
-#define AFH_MAX_THREAD_NUM (64)
-
-/* ȫIP��ΧΪ42��, ��Ŀ�޴�, �޷�ȫ�ּ��. ������ֻʹ���ض�BITλ,
- BITλ��������λ������λ, ���ǵ�һ���豸ͨ��ֻ���ض����ε�IPͨ��,
- ����Ǿ�����, ������IP��������һ��C����, ����ʹ����������.
- ʵ�ʿ��ܻ�������, ����ʹ��24bit��������ʱ, 1.2.3.4��10.2.3.4����Ϊ��һ��IP��.
-*/
-#define AFH_IP_WHITE_LIST_MASK (0x00FFFFFFU)
-#define AFH_IP_WHITE_LIST_MASK_HOST_BIT (24)
-
-#define AFH_FLOOD_THRESHOLD_UNUSUAL_MULTIPE (2) /* ����ƽ����ֵ2����, ��ʼJC, ͳ�� */
-
-#define AFH_FLOOD_THRESHOLD_SERIOUS_MULTIPLE (5) /* ����ƽ����ֵ������, ��ʼ�������� */
-
-#define AFH_DNS_DEFAULT_PORT (53)
-#define AFH_NTP_DEFAULT_PORT (123)
-
-#define AFH_REALTIME_SORT_TOPN (7) /* ʵʱ�������TOPN */
-
-#ifndef afh_likely
-#define afh_likely(x) __builtin_expect(!!(x), 1)
-#endif
-
-#ifndef afh_unlikely
-#define afh_unlikely(x) __builtin_expect(!!(x), 0)
-#endif
-
-
-enum afh_state_t{
- AFH_STATE_NORMAL = 0, /* ���� */
- AFH_STATE_UNUSUAL = 1, /* �쳣, �Գ���������ֵ */
- AFH_STATE_SERIOUS = 2, /* ����, ������̬ */
-};
-
-
-/*
- * TCP packet header prototype.
- */
-#ifndef TH_FIN
-#define TH_FIN 0x01
-#endif
-#ifndef TH_SYN
-#define TH_SYN 0x02
-#endif
-#ifndef TH_RST
-#define TH_RST 0x04
-#endif
-#ifndef TH_PUSH
-#define TH_PUSH 0x08
-#endif
-#ifndef TH_ACK
-#define TH_ACK 0x10
-#endif
-#ifndef TH_URG
-#define TH_URG 0x20
-#endif
-struct afh_tcphdr
-{
- u_int16_t th_sport; /* source port */
- u_int16_t th_dport; /* destination port */
- u_int32_t th_seq; /* sequence number */
- u_int32_t th_ack; /* acknowledgement number */
-#if __BYTE_ORDER == __LITTLE_ENDIAN
- u_int8_t th_x2:4, /* (unused) */
- th_off:4; /* data offset */
-#elif __BYTE_ORDER == __BIG_ENDIAN
- u_int8_t th_off:4, /* data offset */
- th_x2:4; /* (unused) */
-#else
-#error "Please check <endian.h>"
-#endif
- u_int8_t th_flags; /* control flags */
- u_int16_t th_win; /* window */
- u_int16_t th_sum; /* checksum */
- u_int16_t th_urp; /* urgent pointer */
-};
-
-/*
- * UDP packet header prototype.
- */
-struct afh_udp_hdr
-{
- u_int16_t uh_sport; /* soure port */
- u_int16_t uh_dport; /* destination port */
- u_int16_t uh_ulen; /* length */
- u_int16_t uh_sum; /* checksum */
-};
-
-struct afh_ip4_hdr
-{
-#if __BYTE_ORDER == __LITTLE_ENDIAN
- u_int8_t ip_hl:4, /* header length */
- ip_v:4; /* version */
-#elif __BYTE_ORDER == __BIG_ENDIAN
- u_int8_t ip_v:4, /* version */
- ip_hl:4; /* header length */
-#else
-#error "Please check <endian.h>"
-#endif
- u_int8_t ip_tos; /* type of service */
- u_int16_t ip_len; /* total length */
- u_int16_t ip_id; /* identification */
-#define AFH_IP_MF 0x2000 /* more fragments flag */
-#define AFH_IP_OFFMASK 0x1fff /* mask for fragmenting bits */
- u_int16_t ip_off;
- u_int8_t ip_ttl; /* time to live */
- u_int8_t ip_p; /* protocol */
- u_int16_t ip_sum; /* checksum */
- struct in_addr ip_src, ip_dst; /* source and dest address */
-};
-
-
-typedef struct{
- struct avl_node avl_node_topN; /* ������AVL�����������ṹ */
- unsigned int dip_net_order; /* Ŀ��IP, �����������IP����̫��, ʹ��Ŀ��IP�� */
- unsigned char thread_seq; /* for dictator */
- char __pad;
- unsigned short detectd_flood_silent_time;
- long long history_cpu_cycle; /* ����ÿ��dip����ʱ����, ������ȫ��ʱ��� */
- unsigned long long realtime_tot_pkt_num; /* ��ǰʵʱͳ�Ƶİ����� */
- unsigned long long history_pkt_num; /* ��һ��ͳ�����ڵļ���, ���ں�realtime_tot_pkt_num����ʵʱPPS */
- unsigned long long anti_flood_drop_pkt;
- unsigned long long realtime_pps; /* ��HTABLE��ʵʱÿ����ͳ��, ����AVL����, ÿ��1����������һ�� */
-}anti_flood_item_t;
-
-/* afhȫ�ֱ���, ÿ�̶߳���, ���̲߳���ʹ��, ��Ҫ��֤64�ֽ�Cache���� */
-typedef struct{
- unsigned long long ip_pkt_num;
- unsigned long long tcp_pkt_num;
- unsigned long long udp_pkt_num;
- unsigned long long ip_frag_pkt_num;
- unsigned long long tcp_syn_pkt_num;
- unsigned long long udp_dns_pkt_num;
- unsigned long long udp_ntp_pkt_num;
- struct avl_tree avl_tree_topN;
- unsigned long long realtime_pps_min_syn_pkt; /* topN��Сֵ */
- unsigned long long realtime_pps_min_dns_pkt; /* topN��Сֵ */
- unsigned long long realtime_pps_min_ntp_pkt; /* topN��Сֵ */
- char __pad[32];
-}afh_thread_variable_t;
-
-
-/* afhȫ�ֱ���, �������̹��� */
-typedef struct{
- /*
- ͳ�Ʒ�����: ȫ��ͳ�� or ���߳�ͳ��, Ŀǰ����ȫ��ͳ�Ʒ�ʽ.
- (1)ÿ���̶߳���ͳ�ơ�����
- ��Ϊȫ������SYN��������ֵ, һ����ij���߳�Ҳ����ֵ,
- ֻ���ض��߳̿��������򶪰�, ��Ӱ�������߳�.
- ������DDOS��˵, ����ij���߳�Ҳ�ж�DIP�Ĺ�������, ���ڷ�������ԭ��,
- ������̫��, �����Ǹ��̵߳�SYN����������ֵ,
- ��ôijЩSYN��Ҳ�Ͳ��ᱻ����,
- ��ɷ���Ч����̫��, ����ȫ��SYN��ֻ��������70%, �����30%û��������.
-
- (2)ȫ��ͳ��
- һ��ȫ��SYN��������ֵ, ���а������߳̿���SYN_flood��������ģʽ,
- ֻҪ�Ƿ���DIP��syn, �Ҳ��ڰ�����, ������,
- ���������������, ����ij���߳�ֻ�м�������DIP�Ҳ��ڰ�������SYN, Ҳ�ܱ���⵽������.
-
- */
- volatile unsigned char syn_flood_state;
- volatile unsigned char dns_flood_state;
- volatile unsigned char ntp_flood_state;
- volatile unsigned char udp_pkt_state; /* רΪsappƽ̨����, ���߷��ֹ�����UDP����, ����DNS, NTP��, ���߳������������̶߳༸��, ��Ҫ���� */
-
- /*
- drop_silent_time:
- ������Ĭ�ڼ�, ����PPS����, ��Ҫ��������һ��ʱ��
- Ҫ�ж�>1, �ھ�Ĭ�ڼ�����1��, �����¼��PPS�Ƿ񻹳�����ֵ,
- ������й���, ����¾�Ĭʱ��, �Լ�������,
- �����˶�����ʮ���رն���, �����½���Flood����1��, �ּ�⵽����, �ٴζ�����ʮ��Ķ���ѭ��.
- */
-
- unsigned char syn_flood_drop_silent_time;
- unsigned char dns_flood_drop_silent_time;
- unsigned char ntp_flood_drop_silent_time;
- unsigned char udp_flood_drop_silent_time;
-
- double syn_in_tcp_ratio;
- double dns_in_udp_ratio;
- double ntp_in_udp_ratio;
- double udp_in_ip_ratio;
-
- unsigned char global_default_drop_silent_time;
-}afh_global_variable_t;
-
-
-void *afh_malloc(int t_seq,size_t size);
-void afh_free(int t_seq,void*p);
-
-inline long long afh_get_cpu_cycle(void)
-{
-#ifdef __x86_64
-#define X86_64_ENV 1
-#endif
-#ifdef __x86_64__
-#define X86_64_ENV 1
-#endif
-
-#ifdef X86_64_ENV
- long long l;
- long long h;
-
- __asm__ volatile("rdtsc" : "=a"(l), "=d"(h));
- return (long long )l | ((long long )h<<32);
-#else
- return 0;
-#endif
-}
-
-#endif
-
-
diff --git a/inner_plug/anti_flood_hijack.c b/inner_plug/anti_flood_hijack.c
deleted file mode 100644
index 7e93cec..0000000
--- a/inner_plug/anti_flood_hijack.c
+++ /dev/null
@@ -1,873 +0,0 @@
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <unistd.h>
-#include <netinet/ip.h>
-#include <netinet/tcp.h>
-#include <netinet/udp.h>
-#include <assert.h>
-#include <time.h>
-#include <arpa/inet.h>
-#include <pthread.h>
-#include <linux/if_ether.h>
-#include "dictator.h"
-#include "MESA_handle_logger.h"
-#include "MESA_prof_load.h"
-#include "MESA_htable.h"
-#include "anti_flood_hijack.h"
-#include "afh_inner.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define RUN_AS_SAPP_PLUG (1) /* ��ΪSAPPƽ̨������� */
-
-
-static const struct afh_pkt_check_res g_afh_check_res_normal = {1,0,0,0,0}; /* �޹�����Ĭ�Ϸ���ֵ, ȫ�ֱ���, ����ÿ���ֳ�����ṹ�� */
-static const struct afh_pkt_check_res g_afh_check_res_syn_drop = {0,1,2,0,0}; /* SYN Flood������Ĭ�Ϸ���ֵ, ȫ�ֱ���, ����ÿ���ֳ�����ṹ�� */
-static const struct afh_pkt_check_res g_afh_check_res_dns_drop = {0,1,3,0,0}; /* DNS Flood������Ĭ�Ϸ���ֵ, ȫ�ֱ���, ����ÿ���ֳ�����ṹ�� */
-
-static int g_afh_tot_thread_num = 1;
-static afh_thread_variable_t *g_afh_thread_status[AFH_MAX_THREAD_NUM];
-
-static afh_global_variable_t *g_afh_global_status;
-
-static unsigned short *g_afh_ip_white_list; /* ��Ϊ��������IP��ͳ��, IP�洢ʱ��Ҫת�������� */
-static unsigned short g_current_trusted_val = 1; /* ÿ��g_white_ip_list_interval����һλ */
-static int g_white_ip_list_interval = 10; /* ��λ: �� */
-
-static time_t g_afh_current_time;
-//static int g_afh_global_normal_state = 1; /* ��ǰϵͳ���д�������״̬, ��FLood���� */
-
-const double g_syn_in_tcp_ratio = 4.0; /* SYNռTCP������ռ��, һ��Ϊ4% */
-const double g_dns_in_udp_ratio = 4.0; /* DNSռUDP������ռ��, һ��Ϊ4% */
-const double g_ntp_in_udp_ratio = 2.0; /* NTPռUDP������ռ��, һ��Ϊ2% */
-
-/************************* get from cfg file *************************/
-static int anti_flood_drop_udp_dns_pps_threshold = 1000; /* ij��DIP, UDP-DNS��PPS������ֵ���� */
-static int anti_flood_drop_udp_ntp_pps_threshold = 1000; /* ij��DIP, UDP-NTP��PPS������ֵ���� */
-static int anti_flood_drop_syn_pps_threshold = 10000; /* ij��DIP, SYN��PPS������ֵ���� */
-static int cpu_frequency_in_MHZ = 2200; /* cpuƵ��, ��λ:MHz */
-static long long cpu_cycle_in_1second; /* 1���ӵ�CPU�δ��� */
-static int anti_flood_detectd_flood_silent_time = 30; /* ���ֹ�����, ��Ĭ����ʱ��, ������ʱ���, ���¼��, ��λ:��. */
-//static int avltree_sort_top_N = 32; /* AVL����, ��ౣ�����ٸ�Ԫ��, ��top-N */
-
-
-#define ANTI_FLOOD_CFG_FILE "conf/anti_flood.conf"
-
-//extern int g_packet_io_thread_num;
-//static char anti_flood_white_list_bpf_string[1024];
-//static struct bpf_program anti_flood_white_list_bpf_bin[MAX_THREAD_NUM];
-//static pcap_t *static_phony_pcap_handle[MAX_THREAD_NUM]; /* ������BPF����ʱʹ�� */
-
-//static volatile int anti_flood_drop_thread_flag[MAX_THREAD_NUM];
-
-static void *g_afh_log_handle;
-
-//static unsigned long long anti_flood_drop_pkt[MAX_THREAD_NUM][COUNTER_NUM]; /* ���⵽����, ���������� */
-
-static MESA_htable_handle anti_flood_syn_htable[AFH_MAX_THREAD_NUM];
-static MESA_htable_handle anti_flood_udp_dns_htable[AFH_MAX_THREAD_NUM];
-
-/* htable�������ֵ��, �µĽڵ��޷�����, ��AVL����ɾ����С�Ľڵ�, �ٲ���! TODO */
-//static struct avl_tree anti_flood_syn_flood_avltree[MAX_THREAD_NUM];
-//static struct avl_tree anti_flood_udp_flood_avltree[MAX_THREAD_NUM];
-
-
-typedef struct{
- anti_flood_item_t common_st; /* ͨ�ýṹ */
- unsigned char dns_s2c_ttl; /* S2C�����IP-TTLֵ, һ�㲻��, ���ڼ���Ƿ���DNS��ƭ */
-}anti_flood_udp_dns_item_t;
-
-
-static int anti_flood_key_cmp(const uchar * key1, uint size1, const uchar * key2, uint size2)
-{
- const unsigned int *ip1 = (const unsigned int *)key1;
- const unsigned int *ip2 = (const unsigned int *)key2;
-
- return (int)(*ip1 - *ip2);
-}
-
-static void anti_flood_data_free_cb(void *data)
-{
- anti_flood_item_t *af_node = (anti_flood_item_t *)data;
- afh_thread_variable_t *afh_thread_status = g_afh_thread_status[af_node->thread_seq];
-
- if((NULL == af_node->avl_node_topN.parent) || (NULL == af_node->avl_node_topN.left) || (NULL == af_node->avl_node_topN.right)){
- avl_remove(&afh_thread_status->avl_tree_topN, &af_node->avl_node_topN);
- }
-
- memset(af_node, 0, sizeof(anti_flood_item_t));
-
- __dictator_free(af_node->thread_seq, data);
-}
-
-static MESA_htable_handle afh_htable_create(void)
-{
- MESA_htable_handle htable;
- int opt;
-
- htable = MESA_htable_born();
-
- opt = 0;
- MESA_htable_set_opt(htable, MHO_THREAD_SAFE, &opt, sizeof(int));
-
- opt = 1024 * 1024;
- MESA_htable_set_opt(htable, MHO_HASH_SLOT_SIZE, &opt, sizeof(int));
-
- opt = 100000;
- MESA_htable_set_opt(htable, MHO_HASH_MAX_ELEMENT_NUM, &opt, sizeof(int));
-
- opt = 120;
- MESA_htable_set_opt(htable, MHO_EXPIRE_TIME, &opt, sizeof(int));
-
- opt = HASH_ELIMINATE_ALGO_LRU;
- MESA_htable_set_opt(htable, MHO_ELIMIMINATE_TYPE, &opt, sizeof(int));
-
- MESA_htable_set_opt(htable, MHO_CBFUN_KEY_COMPARE, (void *)&anti_flood_key_cmp, sizeof(void *));
-
- MESA_htable_set_opt(htable, MHO_CBFUN_DATA_FREE, (void *)&anti_flood_data_free_cb, sizeof(void *));
-
- opt = 30;
- MESA_htable_set_opt(htable, MHO_HASH_LIST_COLLIDE_THRESHOLD, &opt, sizeof(int));
-
- MESA_htable_set_opt(htable, MHO_HASH_LOG_FILE, (void *)"./log/anti_flood_htable.log", strlen("./log/anti_flood_htable.log"));
-
- opt = 0;
- MESA_htable_set_opt(htable, MHO_SCREEN_PRINT_CTRL, &opt, sizeof(int));
-
- MESA_htable_mature(htable);
-
- return htable;
-}
-
-static int afh_htable_init(void)
-{
- int i;
- for(i = 0; i < g_afh_tot_thread_num; i++){
- anti_flood_syn_htable[i] = afh_htable_create();
- anti_flood_udp_dns_htable[i] = afh_htable_create();
- }
-
- return 0;
-}
-
-#if 0
-static int anti_flood_avltree_init(void)
-{
- int i;
- for(i = 0; i < g_packet_io_thread_num; i++){
- avl_init(&anti_flood_syn_flood_avltree[i], NULL);
- avl_init(&anti_flood_udp_flood_avltree[i], NULL);
- }
-
- return 0;
-}
-#endif
-
-static void afh_ip_white_ip_list_add(unsigned int sip_net_order)
-{
- unsigned int sip_segment_host_order; /* ��Ϊ��������IP��ͳ��, ��Ҫת�������� */
-
-#if 0
- /* �쳣̬�����°����� */
- if(afh_unlikely(g_afh_global_normal_state != 1)){
-
- return;
- }
-#endif
-
- sip_segment_host_order = (ntohl(sip_net_order) & AFH_IP_WHITE_LIST_MASK);
-
- if(afh_likely((g_afh_ip_white_list[sip_segment_host_order] & g_current_trusted_val) != 0)){ /* ��ǰʱ���Ѽ�¼, ���ٸ���, �˴�����Ӱ������, �������ٶ��߳�д���� */
- return;
- }
-
- g_afh_ip_white_list[sip_segment_host_order] |= g_current_trusted_val;
-
-#if AFH_DEBUG
- char ip_str[16];
- inet_ntop(AF_INET, &sip_net_order, ip_str, 16);
- MESA_handle_runtime_log(g_afh_log_handle, 10, "AFH", "add ip white list: %s\n", ip_str);
-#endif
-
- return;
-}
-
-static inline void anti_flood_htable_node_init(anti_flood_item_t *af_node, int thread_seq, unsigned int dip, long long cur_cpu_cycle)
-{
- memset(af_node, 0, sizeof(anti_flood_item_t));
- af_node->thread_seq = thread_seq;
- af_node->history_cpu_cycle = cur_cpu_cycle;
- af_node->dip_net_order = dip;
-
- return;
-}
-
-static inline int anti_flood_item_update_time(anti_flood_item_t *af_node, long long cur_cpu_cycle)
-{
- long long pass_time_in_cpu_cycle;
-
- pass_time_in_cpu_cycle = cur_cpu_cycle - af_node->history_cpu_cycle;
-
- if(pass_time_in_cpu_cycle >= cpu_cycle_in_1second){
- af_node->history_cpu_cycle = cur_cpu_cycle;
-
- /* ������һ���PPS */
- af_node->realtime_pps = (unsigned int)((double)(af_node->realtime_tot_pkt_num - af_node->history_pkt_num)/(double)(pass_time_in_cpu_cycle/cpu_cycle_in_1second));
- af_node->history_pkt_num = af_node->realtime_tot_pkt_num;
-
- if(af_node->detectd_flood_silent_time > 0){
- /* ������⵽FLOOD����, ÿ��1���ֵ�ݼ�1 */
- af_node->detectd_flood_silent_time--;
- }
-
- return 1;
- }
-
- return 0;
-}
-
-
-/* ��TOPN���еݹ����DIP */
-static int avl_check_dip_in_tree_recur(unsigned int dip_net_order, const struct avl_node *avlnode)
-{
- const struct avl_node *left, *right;
- anti_flood_item_t *cur_node, *af_left_node, *af_right_node;
-
- if(NULL == avlnode){
- return 0;
- }
-
- cur_node = _get_entry(avlnode, anti_flood_item_t, avl_node_topN);
- if(dip_net_order == cur_node->dip_net_order){
- return 1;
- }
-
- left = avlnode->left;
- if(left){
- af_left_node = _get_entry(left, anti_flood_item_t, avl_node_topN);
- if(dip_net_order == af_left_node->dip_net_order){
- return 1;
- }else{
- return avl_check_dip_in_tree_recur(dip_net_order, left);
- }
- }
-
- right = avlnode->right;
- if(right){
- af_right_node = _get_entry(right, anti_flood_item_t, avl_node_topN);
- if(dip_net_order == af_right_node->dip_net_order){
- return 1;
- }else{
- return avl_check_dip_in_tree_recur(dip_net_order, right);
- }
- }
-
- return 0;
-}
-
-static int afh_check_dip_is_syn_topN(unsigned int dip_net_order, int thread_seq)
-{
- afh_thread_variable_t *afh_thread_status = g_afh_thread_status[thread_seq];
- const struct avl_node *avlnode;
-
- avlnode = afh_thread_status->avl_tree_topN.root;
-
- if(avlnode && (avl_check_dip_in_tree_recur(dip_net_order, avlnode) != 0)){
- return 1;
- }
-
- return 0;
-}
-
-static int afh_check_sip_is_white_list(unsigned int sip_net_order)
-{
- unsigned int sip_val = (ntohl(sip_net_order) & AFH_IP_WHITE_LIST_MASK);
-
- if(g_afh_ip_white_list[sip_val] > 0){
- return 1;
- }
-
-#if AFH_DEBUG
- char ip_str[16];
- inet_ntop(AF_INET, &sip_net_order, ip_str, 16);
- MESA_handle_runtime_log(g_afh_log_handle, 10, "AFH", "ip:%s is not in white list.\n", ip_str);
-#endif
-
- return 0;
-}
-
-
-static int afh_remove_smaller_from_avl_topN(struct avl_tree *root)
-{
- struct avl_node* smaller_node;
-
- smaller_node = avl_first(root);
-
- if(smaller_node != NULL){
- avl_remove(root, smaller_node);
-
-#if AFH_DEBUG
- char ip_str[16];
- anti_flood_item_t *debug_smaller_node = _get_entry(smaller_node, anti_flood_item_t, avl_node_topN); ;
- inet_ntop(AF_INET, &debug_smaller_node->dip_net_order, ip_str, 16);
- MESA_handle_runtime_log(g_afh_log_handle, 20, "AFH", "dip:%s remove from top-N tree.\n", ip_str);
-#endif
-
- }
-
- return 0;
-}
-
-static int avl_topN_cmp_func(struct avl_node *cur, struct avl_node *new_node, void *aux)
-{
- anti_flood_item_t *af_cur_node, *af_new_node;
-
- af_cur_node = _get_entry(cur, anti_flood_item_t, avl_node_topN);
- af_new_node = _get_entry(new_node, anti_flood_item_t, avl_node_topN);
-
- if(af_cur_node->realtime_pps < af_new_node->realtime_pps){
- return -1;
- }else if(af_cur_node->realtime_pps == af_new_node->realtime_pps){
- return 0;
- }
-
- return 1;
-}
-
-static int afh_insert_to_avl_topN(struct avl_tree *root, anti_flood_item_t *af_node)
-{
- avl_insert(root, &af_node->avl_node_topN, avl_topN_cmp_func);
-
-#if AFH_DEBUG
- char ip_str[16];
- inet_ntop(AF_INET, &af_node->dip_net_order, ip_str, 16);
- MESA_handle_runtime_log(g_afh_log_handle, 20, "AFH", "dip:%s add to top-N tree.\n", ip_str);
-#endif
-
- return 0;
-}
-
-/*
- ÿ��һ��ʱ��,
- �޳�TOPN����С��,
- �ٽ���ǰ�ڵ����topN-AVL������Ӧλ��.
-*/
-static int afh_topN_syn_sift(anti_flood_item_t *af_node)
-{
- afh_thread_variable_t *afh_thread_status = g_afh_thread_status[af_node->thread_seq];
-
- if((long)afh_thread_status->avl_tree_topN.aux >= AFH_REALTIME_SORT_TOPN){ /* top-N������ */
- if(af_node->realtime_pps > afh_thread_status->realtime_pps_min_syn_pkt){
- afh_remove_smaller_from_avl_topN(&afh_thread_status->avl_tree_topN);
- afh_insert_to_avl_topN(&afh_thread_status->avl_tree_topN, af_node);
- afh_thread_status->realtime_pps_min_syn_pkt = af_node->realtime_pps;
- }else{
- ; /* ��ǰĿ��IP��PPS��TOPN-AVL�������Сֵ��С, ���ò������� */
- }
- }else{
- /* ��ǰ�ڵ㲻��TOPN���� */
- if(af_node->avl_node_topN.parent || af_node->avl_node_topN.left || af_node->avl_node_topN.right){
- afh_insert_to_avl_topN(&afh_thread_status->avl_tree_topN, af_node);
- }else{
- /* �Ѿ���TOPN�еĻ�, ��Ϊpps��ʱ�ڱ仯, ��Ҫ��������, ��򵥵İ취��: ȡ�����ٲ��� */
- avl_remove(&afh_thread_status->avl_tree_topN, &af_node->avl_node_topN);
- afh_insert_to_avl_topN(&afh_thread_status->avl_tree_topN, af_node);
- }
- }
-
- return 1;
-
- return 0;
-}
-
-
-/*
- TCPֻ����TCP/SYN FLOOD.
-
- 1.SYN����������ֵ;
- 2.��DIP����ֵ80%;
- 3.���ڰ������ڵ�IP, �����ݵ�ԴIP;
-*/
-static struct afh_pkt_check_res
-anti_flood_tcp_syn_entry(int thread_seq, unsigned int sip_net_order, unsigned int dip_net_order)
-{
- anti_flood_item_t *af_node;
- long long cur_cpu_cycle;
- char ip_str[32];
- int time_updated = 0;
- int ret;
-
- if(afh_unlikely(AFH_STATE_SERIOUS == g_afh_global_status->syn_flood_state)){
- if(afh_check_dip_is_syn_topN(dip_net_order, thread_seq)
- ///&& (0 == afh_check_sip_is_white_list(sip_net_order))
- ){
-#if AFH_DEBUG
- inet_ntop(AF_INET, &dip_net_order, ip_str, 32);
- MESA_handle_runtime_log(g_afh_log_handle, 10, "AFH", "detect TCP_FYN_FLOOD, dip:%s in topN!\n", ip_str);
-#endif
- return g_afh_check_res_syn_drop;
- }
-
- /* TODO, ���dip��topN, sip�ڰ�������, ����pps���ܸ�, ��ô��? */
- }
-
- cur_cpu_cycle = afh_get_cpu_cycle();
-
- af_node = (anti_flood_item_t *)MESA_htable_search(anti_flood_syn_htable[thread_seq], (unsigned char *)&dip_net_order, sizeof(int));
- if(NULL == af_node){
- af_node = (anti_flood_item_t *)__dictator_malloc(thread_seq, sizeof(anti_flood_item_t));
- anti_flood_htable_node_init(af_node, thread_seq, dip_net_order, cur_cpu_cycle);
-
- ret = MESA_htable_add(anti_flood_syn_htable[thread_seq], (unsigned char *)&dip_net_order, sizeof(int), af_node);
- if(ret < 0){
- __dictator_free(thread_seq, af_node);
- return g_afh_check_res_normal;
- }
- }
-
- af_node->realtime_tot_pkt_num++;
-
- time_updated = anti_flood_item_update_time(af_node, cur_cpu_cycle);
-
- if(g_afh_global_status->syn_flood_state != AFH_STATE_NORMAL){
- if(time_updated){
- afh_topN_syn_sift(af_node);
- }
- }
-
- if(af_node->detectd_flood_silent_time > 1){
- /*
- ������Ĭ�ڼ�, ����PPS����, ��Ҫ��������һ��ʱ��
- �˴�Ҫ�ж�>1, �ھ�Ĭ�ڼ�����1��, �����¼��PPS�Ƿ񻹳�����ֵ,
- ������й���, ����¾�Ĭʱ��, �Լ�������,
- �����˶�����ʮ���رն���, �����½���Flood����1��, �ּ�⵽����, �ٴζ�����ʮ��Ķ���ѭ��.
- */
- af_node->anti_flood_drop_pkt++;
- }else{
- /* ������Ĭʱ���ѹ�, ���¼��PPS�Ƿ���ֵ */
- if(af_node->realtime_pps > (unsigned int)anti_flood_drop_syn_pps_threshold){
- af_node->detectd_flood_silent_time = anti_flood_detectd_flood_silent_time;
- af_node->anti_flood_drop_pkt++;
- }
- }
-
- if(time_updated > 0){
- /* ÿ���¼һ�ζ�����־, ��ֹˢӲ�� */
- inet_ntop(AF_INET, &dip_net_order, ip_str, 32);
- MESA_handle_runtime_log(g_afh_log_handle, 30, "anti_flood", "thread:%d, drop SYN_Flood packet dip:%s, last_second_pps:%u, slient_time:%ds, summary: %llu\n",
- thread_seq, ip_str, af_node->realtime_pps, af_node->detectd_flood_silent_time, af_node->anti_flood_drop_pkt);
- }
-
- return g_afh_check_res_normal;
-}
-
-static struct afh_pkt_check_res
-anti_flood_udp_dns_entry(int thread_seq, unsigned int dip_net, unsigned char ip_ttl, unsigned char dir)
-{
- int ret;
- anti_flood_udp_dns_item_t *dns_item;
- anti_flood_item_t *af_node;
- long long cur_cpu_cycle;
- char ip_str[32];
- int time_updated = 0;
-
- cur_cpu_cycle = afh_get_cpu_cycle();
-
- dns_item = (anti_flood_udp_dns_item_t *)MESA_htable_search(anti_flood_udp_dns_htable[thread_seq], (unsigned char *)&dip_net, sizeof(int));
- if(NULL == dns_item){
- dns_item = (anti_flood_udp_dns_item_t *)__dictator_malloc(thread_seq, sizeof(anti_flood_udp_dns_item_t));
- anti_flood_htable_node_init(&dns_item->common_st, thread_seq, dip_net, cur_cpu_cycle);
-
- ret = MESA_htable_add(anti_flood_udp_dns_htable[thread_seq], (unsigned char *)&dip_net, sizeof(int), dns_item);
- if(ret < 0){
- __dictator_free(thread_seq, dns_item);
- return g_afh_check_res_dns_drop;
- }
- }
- af_node = &dns_item->common_st;
-
- af_node->realtime_tot_pkt_num++;
-
- time_updated = anti_flood_item_update_time(af_node, cur_cpu_cycle);
-
- if(af_node->detectd_flood_silent_time > 1){
- /*
- ������Ĭ�ڼ�, ����PPS����, ��Ҫ��������һ��ʱ��
- �˴�Ҫ�ж�>1, �ھ�Ĭ�ڼ�����1��, �����¼��PPS�Ƿ񻹳�����ֵ,
- ������й���, ����¾�Ĭʱ��, �Լ�������,
- �����˶�����ʮ��, �����½���1��, �ּ�⵽����, �ٴζ�����ʮ���ѭ��.
- */
- af_node->anti_flood_drop_pkt++;
- }else{
- /* ������Ĭʱ���ѹ�, ���¼��PPS�Ƿ���ֵ */
- if(af_node->realtime_pps > (unsigned int)anti_flood_drop_udp_dns_pps_threshold){
- af_node->detectd_flood_silent_time = anti_flood_detectd_flood_silent_time;
- af_node->anti_flood_drop_pkt++;
- }
- }
-
- if(time_updated > 0){
- /* ÿ���¼һ�ζ�����־, ��ֹˢӲ�� */
- inet_ntop(AF_INET, &dip_net, ip_str, 32);
- MESA_handle_runtime_log(g_afh_log_handle, 30, "anti_flood", "thread:%d, drop DNS_Flood packet dip:%s, last_second_pps:%u, slient_time:%ds, summary: %llu\n",
- thread_seq, ip_str, af_node->realtime_pps, af_node->detectd_flood_silent_time, af_node->anti_flood_drop_pkt);
- }
-
- return g_afh_check_res_normal;
-}
-
-static struct afh_pkt_check_res
-anti_flood_udp_entry(int thread_seq, const struct afh_ip4_hdr *ip4hdr)
-{
- struct afh_pkt_check_res ret;
- const struct afh_udp_hdr *udphdr = (const struct afh_udp_hdr *)((char *)ip4hdr + ip4hdr->ip_hl * 4);
- unsigned short sport, dport;
-
- sport = ntohs(udphdr->uh_sport);
- dport = ntohs(udphdr->uh_dport);
-
- if(AFH_DNS_DEFAULT_PORT == sport){
- ret = anti_flood_udp_dns_entry(thread_seq, ip4hdr->ip_src.s_addr, ip4hdr->ip_ttl, 2);
- }else if(AFH_NTP_DEFAULT_PORT == sport){
- ;
- }else if(AFH_DNS_DEFAULT_PORT == dport){
- ret = anti_flood_udp_dns_entry(thread_seq, ip4hdr->ip_dst.s_addr, ip4hdr->ip_ttl, 1);
- }else if(AFH_NTP_DEFAULT_PORT == dport){
- ;
- }else{
- //other protocol, do nothing;
- }
-
-#if 0
- if(anti_flood_drop_thread_flag[thread_seq] != 0){
- stream_pr = (struct streaminfo_private *)f_stream;
- raw_pkt = stream_pr->raw_pkt;
-
- if(0 == bpf_filter(anti_flood_white_list_bpf_bin[thread_seq].bf_insns,
- (const unsigned char *)raw_pkt->raw_pkt_data,
- raw_pkt->raw_pkt_len, raw_pkt->raw_pkt_len)){
- anti_flood_drop_pkt[thread_seq][PKT_UDP]++;
- return APP_STATE_GIVEME | APP_STATE_DROPPKT;
- }
- }
-#endif
-
- return ret;
-}
-
-
-/*
- ���ģ�����ݰ���ȡ�ӿڡ�
- ����:
- pkt: �����յ���ԭʼ���ݰ�����MACͷ����ʼ��
- pkt_len: �����յ���ԭʼ���ݰ����ȣ�
- thread_id: �����߳�ID, ��0��ʼ��
- transfer_dir: ���ݰ����䷽��
- ����ֵ:
- ��ǰ���ݰ������, ���struct afh_pkt_check_res��
-*/
-struct afh_pkt_check_res
-anti_flood_hijack_pkt_check(const void *pkt, int pkt_len, int thread_seq, int transfer_dir)
-{
-
- const struct ethhdr *ehdr = (struct ethhdr *)pkt;
- const struct afh_ip4_hdr *ip4hdr;
- const struct afh_tcphdr *tcphdr;
- unsigned char tcp_flags;
- unsigned short ip_offset, ip_flags;
- afh_thread_variable_t *local_thread_stat = g_afh_thread_status[thread_seq];
-
- if(afh_unlikely(ntohs(ehdr->h_proto) != ETH_P_IP)){
- return g_afh_check_res_normal;
- }
-
- ip4hdr = (const struct afh_ip4_hdr *)((char *)pkt + sizeof(struct ethhdr));
- /*See, is this a fragment ? */
- ip_offset = ntohs(ip4hdr->ip_off);
- ip_flags = ip_offset & ~AFH_IP_OFFMASK;
- ip_offset &= AFH_IP_OFFMASK;
-
- if(afh_unlikely(((ip_flags & AFH_IP_MF) != 0) || (ip_offset != 0))){
- local_thread_stat->ip_frag_pkt_num++;
- }else{
- local_thread_stat->ip_pkt_num++;
- }
-
- if(IPPROTO_TCP == ip4hdr->ip_p){
- local_thread_stat->tcp_pkt_num++;
- tcphdr = (const struct afh_tcphdr *)((char *)ip4hdr + ip4hdr->ip_hl*4);
- tcp_flags = tcphdr->th_flags;
- /* TCPĿǰ������SYN_FLOOD */
- if(afh_unlikely(TH_SYN == tcp_flags)){
- local_thread_stat->tcp_syn_pkt_num++;
- return anti_flood_tcp_syn_entry(thread_seq, ip4hdr->ip_src.s_addr, ip4hdr->ip_dst.s_addr);
- }else if(afh_unlikely(TH_FIN & tcp_flags)){
- /* note: ��ν綨һ��ԴIP������������ͨ��? �յ�SYN/ACKҲ������Flood��������, ����������FIN����, һ�㶼������Э��ջ��Ϊ. ������������TCPͨ������RST���� */
- afh_ip_white_ip_list_add(ip4hdr->ip_src.s_addr);
- }else if((tcp_flags & TH_ACK) && (pkt_len > 100)){
- afh_ip_white_ip_list_add(ip4hdr->ip_src.s_addr);
- }else{
- return g_afh_check_res_normal;
- }
- }else if(IPPROTO_UDP == ip4hdr->ip_p){
- local_thread_stat->udp_pkt_num++;
- return anti_flood_udp_entry(thread_seq, ip4hdr);
- }else{
- return g_afh_check_res_normal;
- }
-
- return g_afh_check_res_normal;
-}
-
-
-static void afh_time_event_ip_white_list(void)
-{
- static time_t _last_update_time = 0;
-
- /* ÿ��g_white_ip_list_interval�����һ�� */
- if(_last_update_time + g_white_ip_list_interval < g_afh_current_time){
- _last_update_time = g_afh_current_time;
-
- g_current_trusted_val = g_current_trusted_val << 1;
- if(0 == g_current_trusted_val){
- g_current_trusted_val = 1; /* ѭ������, ���λ�����, ����Ϊ1 */
- }
- }
-}
-
-static void afh_time_event_traffic_calc(void)
-{
- int tid;
- static afh_thread_variable_t _last_stats;
- afh_thread_variable_t current_stats;
- const afh_thread_variable_t *realtime_stats;
- static time_t _last_traffic_update_time = 0;
- double tmp_ratio;
-
- if(_last_traffic_update_time < g_afh_current_time){
- _last_traffic_update_time = g_afh_current_time;
- memset(&current_stats, 0, sizeof(current_stats));
-
- for(tid = 0; tid < g_afh_tot_thread_num; tid++){
- realtime_stats = g_afh_thread_status[tid];
- current_stats.ip_pkt_num += realtime_stats->ip_pkt_num;
- current_stats.tcp_pkt_num += realtime_stats->tcp_pkt_num;
- current_stats.udp_pkt_num += realtime_stats->udp_pkt_num;
- current_stats.ip_frag_pkt_num += realtime_stats->ip_frag_pkt_num;
- current_stats.tcp_syn_pkt_num += realtime_stats->tcp_syn_pkt_num;
- current_stats.udp_dns_pkt_num += realtime_stats->udp_dns_pkt_num;
- current_stats.udp_ntp_pkt_num += realtime_stats->udp_ntp_pkt_num;
- }
-
- /* check and calc SYN pkt ratio */
- if(g_afh_global_status->syn_flood_drop_silent_time > 1){
- g_afh_global_status->syn_flood_drop_silent_time--; /* ���ڶ�����Ĭ��, ����� */
- }else{
- tmp_ratio = (double)current_stats.tcp_syn_pkt_num/(double)current_stats.tcp_pkt_num * 100.0;
- if(tmp_ratio >= AFH_FLOOD_THRESHOLD_UNUSUAL_MULTIPE * g_afh_global_status->syn_in_tcp_ratio){
- g_afh_global_status->syn_flood_state = AFH_STATE_UNUSUAL;
- g_afh_global_status->syn_flood_drop_silent_time = 0; /* Ԥ��ģʽ��Ϊ0 */
-
- if(tmp_ratio >= AFH_FLOOD_THRESHOLD_SERIOUS_MULTIPLE * g_afh_global_status->syn_in_tcp_ratio){
- g_afh_global_status->syn_flood_state = AFH_STATE_SERIOUS;
- g_afh_global_status->syn_flood_drop_silent_time = g_afh_global_status->global_default_drop_silent_time;
- }
- }else{
- g_afh_global_status->syn_flood_state = AFH_STATE_NORMAL;
- g_afh_global_status->syn_flood_drop_silent_time = 0;
- }
- }
-
- /* check and calc DNS pkt ratio */
- if(g_afh_global_status->dns_flood_drop_silent_time > 1){
- g_afh_global_status->dns_flood_drop_silent_time--; /* ���ڶ�����Ĭ��, ����� */
- }else{
- tmp_ratio = (double)current_stats.udp_dns_pkt_num/(double)current_stats.udp_pkt_num * 100.0;
- if(tmp_ratio >= AFH_FLOOD_THRESHOLD_UNUSUAL_MULTIPE * g_syn_in_tcp_ratio){
- g_afh_global_status->dns_flood_state = AFH_STATE_UNUSUAL;
- g_afh_global_status->dns_flood_drop_silent_time = 0; /* Ԥ��ģʽ��Ϊ0 */
-
- if(tmp_ratio >= AFH_FLOOD_THRESHOLD_SERIOUS_MULTIPLE * g_syn_in_tcp_ratio){
- g_afh_global_status->dns_flood_state= AFH_STATE_SERIOUS;
- g_afh_global_status->dns_flood_drop_silent_time = g_afh_global_status->global_default_drop_silent_time;
- }
- }else{
- g_afh_global_status->dns_flood_state = AFH_STATE_NORMAL;
- g_afh_global_status->dns_flood_drop_silent_time = 0;
- }
- }
-
- /* TODO, NTP and UDP check */
-
- memcpy(&_last_stats, &current_stats, sizeof(afh_thread_variable_t));
- }
-
- return ;
-}
-
-/* ʱ���¼��ص�����, ÿ��1�����һ����غ���, �ڲ������ٻ����N��ִ��һ�� */
-static void afh_time_event_for_1sec(void)
-{
- afh_time_event_ip_white_list();
- afh_time_event_traffic_calc();
-}
-
-static void *afh_background_thread(void *arg)
-{
- time_t last_time = time(NULL);
-
- while(1){
- g_afh_current_time = time(NULL);
-
- if(g_afh_current_time > last_time){
- last_time = g_afh_current_time;
- afh_time_event_for_1sec();
- }
-
- usleep(1000);
- }
-
- return NULL;
-}
-
-static int afh_structure_init(int thread_count)
-{
- int i, int_tmp;
- MESA_load_profile_int_def(ANTI_FLOOD_CFG_FILE, "log", "log_level", &int_tmp, 10);
-
- g_afh_log_handle = MESA_create_runtime_log_handle("log/anti_flood.log", int_tmp);
-
- if(thread_count > AFH_MAX_THREAD_NUM){
- MESA_handle_runtime_log(g_afh_log_handle, 30, "AFH", "threqd_count is more than max thread: %d!\n", thread_count);
- return -1;
- }
-
- for(i = 0; i < thread_count; i++){
- g_afh_thread_status[i] = (afh_thread_variable_t *)malloc(sizeof(afh_thread_variable_t));
- memset(g_afh_thread_status[i], 0, sizeof(afh_thread_variable_t));
- g_afh_thread_status[i]->realtime_pps_min_syn_pkt = ~0; /* ���ڼ�¼��ǰTOPN�е���Сֵ, ��ʼ��ʱ������ֵ */
- g_afh_thread_status[i]->realtime_pps_min_dns_pkt = ~0;
- g_afh_thread_status[i]->realtime_pps_min_ntp_pkt = ~0;
- avl_init(&g_afh_thread_status[i]->avl_tree_topN, (void *)0);
- }
-
- g_afh_global_status = (afh_global_variable_t *)malloc(sizeof(afh_global_variable_t));
-
- g_afh_ip_white_list = (unsigned short *)malloc(sizeof(short) * (1 << AFH_IP_WHITE_LIST_MASK_HOST_BIT));
-
- afh_htable_init();
-
- //anti_flood_avltree_init();
-
- return 0;
-}
-
-static int afh_variable_init(int thread_count)
-{
- static int anti_flood_plug_init_flag = 0;
-
- if(anti_flood_plug_init_flag != 0){
- MESA_handle_runtime_log(g_afh_log_handle, 30, "AFH", "anti_flood_hijack_module_init is already initialized!\n");
- return -1;
- }
-
- g_afh_current_time = time(NULL);
- g_afh_tot_thread_num = thread_count;
-
- /* TODO: �Զ���ȡCPUƵ�� */
- cpu_cycle_in_1second = (long long)cpu_frequency_in_MHZ * 1000000L;
-
- g_afh_global_status->syn_in_tcp_ratio = 4.0;
- g_afh_global_status->dns_flood_state = 4.0;
- g_afh_global_status->ntp_in_udp_ratio = 2.0;
- g_afh_global_status->udp_in_ip_ratio = 35.0;
-
- g_afh_global_status->global_default_drop_silent_time = 30; /* TODO, �������ļ���ȡ */
-
- anti_flood_plug_init_flag = 1;
- return 0;
-}
-
-
-static int afh_get_cfg(void)
-{
- MESA_load_profile_int_def(ANTI_FLOOD_CFG_FILE, "main", "forced_drop_syn_pps_threshold", &anti_flood_drop_syn_pps_threshold, 10000);
- MESA_load_profile_int_def(ANTI_FLOOD_CFG_FILE, "main", "anti_flood_udp_dns_pps_threshold", &anti_flood_drop_udp_dns_pps_threshold, 1000);
- MESA_load_profile_int_def(ANTI_FLOOD_CFG_FILE, "main", "anti_flood_udp_ntp_pps_threshold", &anti_flood_drop_udp_ntp_pps_threshold, 1000);
-
-#if 0
- //MESA_load_profile_string_def(ANTI_FLOOD_CFG_FILE, "main", "anti_flood_white_list_bpf", anti_flood_white_list_bpf_string, 1024, "udp port 53 or udp port 5060");
-
- for(i = 0; i < g_packet_io_thread_num; i++){
- static_phony_pcap_handle[i] = pcap_open_dead(DLT_EN10MB, 65535);
- if(NULL == static_phony_pcap_handle[i]){
- printf("forced_drop: create pcap_handle error!\n");
- return -1;
- }
-
- if(pcap_compile(static_phony_pcap_handle[i], &anti_flood_white_list_bpf_bin[i], anti_flood_white_list_bpf_string, 1, 0) < 0){
- printf("forced_drop: compile pcap filter '%s' error:%s\n", anti_flood_white_list_bpf_string, pcap_geterr(static_phony_pcap_handle[i]));
- return -1;
- }
- }
-#endif
-
- return 0;
-}
-
-
-static int afh_validity_check(void)
-{
- int i;
- unsigned int sum = 0;
-
- assert(sizeof(afh_thread_variable_t) % 64 == 0);
-
- assert(AFH_FLOOD_THRESHOLD_UNUSUAL_MULTIPE < AFH_FLOOD_THRESHOLD_SERIOUS_MULTIPLE);
-
-
- for(i = 0; i < AFH_IP_WHITE_LIST_MASK_HOST_BIT; i++){
- sum |= (1<< i);
- }
- assert(sum == AFH_IP_WHITE_LIST_MASK);
-
- return 0;
-}
-
-
-int anti_flood_hijack_module_init(int thread_count)
-{
-
- pthread_t pid;
-
-#ifdef MESA_SAPP_PLATFORM
-
-#if (0 == RUN_AS_SAPP_PLUG)
-#error "in sapp mode, but RUN_AS_SAPP_PLUG is 0!"
-
- assert(0);
-#endif
-
-#endif
-
- afh_get_cfg();
-
- afh_structure_init(thread_count);
-
- afh_variable_init(thread_count);
-
- afh_validity_check();
-
- pthread_create(&pid, NULL, afh_background_thread, NULL);
-
- return 0;
-}
-
-
-#ifdef __cplusplus
-}
-#endif
-
diff --git a/inner_plug/anti_flood_hijack.h b/inner_plug/anti_flood_hijack.h
deleted file mode 100644
index 6f56191..0000000
--- a/inner_plug/anti_flood_hijack.h
+++ /dev/null
@@ -1,87 +0,0 @@
-#ifndef ANTI_FLOOD_HIJACK_H
-#define ANTI_FLOOD_HIJACK_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* for 863���һ�廯, ������������ģ�� */
-
-/*
- ģ���ʼ���ӿڣ�ģ������ʱ���á�
-
- ����:
- thread_count: ��ȫ���صIJ����߳�����
- ����ֵ:
- 0 : SUCC;
- -1: ERROR;
-*/
-int anti_flood_hijack_module_init(int thread_count);
-
-/*
- ģ�����Ľӿڣ�ϵͳ�˳�ʱ���ã������ͷ����������Դ��
-*/
-int anti_flood_hijack_module_destroy(void);
-
-
-enum afh_attack_type{
- AFH_ATTACK_TYPE_DDOS = 1,
- AFH_ATTACK_TYPE_HIJACK = 2,
-};
-
-enum afh_ddos_attack_type{
- AFH_ATTACK_DDOS_IPFRAG = 1,
- AFH_ATTACK_DDOS_SYN = 2,
- AFH_ATTACK_DDOS_DNS = 3,
- AFH_ATTACK_DDOS_NTP = 4,
-};
-
-enum afh_hijack_attack_type{
- AFH_ATTACK_HIJACK_HTTP = 1,
- AFH_ATTACK_HIJACK_DNS = 2,
-};
-
-enum afh_hijack_action_type{
- AFH_CHECK_RES_PASS = 1,
- AFH_CHECK_RES_DROP = 0,
-};
-
-/* ����������ṹ�嶨�� */
-struct afh_pkt_check_res{
- unsigned int action:1; /* 1:pass; 0:drop */
- unsigned int attack_type:7; /* 1:ddos; 2:hijack */
- unsigned int ddos_type:8; /* 1:ip-frag-flood; 2:syn-flood; 3:dns-flood; 4:ntp-flood */
- unsigned int hijack_type:8; /* 1:http; 2:dns */
- unsigned int reserved:8;
-};
-
-/*
- ���ģ�����ݰ���ȡ�ӿڡ�
- ����:
- pkt: �����յ���ԭʼ���ݰ�����MACͷ����ʼ��
- pkt_len: �����յ���ԭʼ���ݰ����ȣ�
- thread_id: �����߳�ID, ��0��ʼ��
- transfer_dir: ���ݰ����䷽��
- ����ֵ:
- ��ǰ���ݰ������, ���struct afh_pkt_check_res��
-*/
-struct afh_pkt_check_res
-anti_flood_hijack_pkt_check(const void *pkt, int pkt_len, int thread_id, int transfer_dir);
-
-
-/*
- ��ȫ�����������ݽӿڡ�
- ����:
- pkt: �����͵�ԭʼ���ݰ�����MACͷ����ʼ��
- pkt_len: �����͵�ԭʼ���ݰ����ȣ�
- thread_id: ��ǰ�����߳�ID, ��0��ʼ��
- transfer_dir: ���ݰ����䷽��
-*/
-int gateway_pkt_send(const void *pkt, int pkt_len, int thread_id, int transfer_dir);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
-
diff --git a/inner_plug/anti_flood_plug.c b/inner_plug/anti_flood_plug.c
deleted file mode 100644
index d11ec9d..0000000
--- a/inner_plug/anti_flood_plug.c
+++ /dev/null
@@ -1,64 +0,0 @@
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#include "stream.h"
-#include "stream_internal.h"
-#include "anti_flood_hijack.h"
-
-/* ���������863���һ�廯��Ŀ��, ������������ģ���е�ddos_flood��⹦�� */
-
-
-char ANTI_FLOOD_IPFRAG_ENTRY( struct streaminfo *f_stream,unsigned char routedir,int thread_seq,struct ip * a_packet)
-{
- struct afh_pkt_check_res af_res;
- const struct streaminfo_private *stream_pr = (const struct streaminfo_private *)f_stream;
-
- /* ֻ������IPv4���ݰ� */
- if((NULL == f_stream->pfather) || (f_stream->pfather->addr.addrtype != ADDR_TYPE_MAC)){
- return APP_STATE_GIVEME;
- }
-
- af_res = anti_flood_hijack_pkt_check(stream_pr->raw_pkt->raw_pkt_data, stream_pr->raw_pkt->raw_pkt_len, thread_seq, routedir);
-
- if(AFH_CHECK_RES_DROP == af_res.action){
- return APP_STATE_GIVEME | APP_STATE_DROPPKT;
- }
-
- return APP_STATE_GIVEME;
-}
-
-char ANTI_FLOOD_IP_ENTRY( struct streaminfo *f_stream,unsigned char routedir,int thread_seq,struct ip * a_packet)
-{
- struct afh_pkt_check_res af_res;
- const struct streaminfo_private *stream_pr = (const struct streaminfo_private *)f_stream;
-
- /* ֻ������IPv4���ݰ� */
- if((NULL == f_stream->pfather) || (f_stream->pfather->addr.addrtype != ADDR_TYPE_MAC)){
- return APP_STATE_GIVEME;
- }
-
- af_res = anti_flood_hijack_pkt_check(stream_pr->raw_pkt->raw_pkt_data, stream_pr->raw_pkt->raw_pkt_len, thread_seq, routedir);
-
- if(AFH_CHECK_RES_DROP == af_res.action){
- return APP_STATE_GIVEME | APP_STATE_DROPPKT;
- }
-
- return APP_STATE_GIVEME;
-}
-
-int ANTI_FLOOD_INIT(void)
-{
- if(anti_flood_hijack_module_init(get_thread_count()) < 0){
- printf("anti_flood_hijack_module_init error!\n");
- return -1;
- }
-
- return 0;
-}
-
-
-#ifdef __cplusplus
-}
-#endif
-
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-30 21:40:25 +0000