summaryrefslogtreecommitdiff
path: root/inner_plug/afh_inner.h
diff options
context:
space:
mode:
Diffstat (limited to 'inner_plug/afh_inner.h')
-rw-r--r--inner_plug/afh_inner.h226
1 files changed, 0 insertions, 226 deletions
diff --git a/inner_plug/afh_inner.h b/inner_plug/afh_inner.h
deleted file mode 100644
index ca03e62..0000000
--- a/inner_plug/afh_inner.h
+++ /dev/null
@@ -1,226 +0,0 @@
-#ifndef _AFH_INNER_H_
-#define _AFH_INNER_H_ 1
-
-#include <stdint.h>
-#include <stdio.h>
-#include <netinet/ip.h>
-#include <netinet/in.h>
-#include "avltree.h"
-
-#define AFH_DEBUG (1)
-
-#define SYM_HIDDEN __attribute__((visibility("hidden")))
-
-#define AFH_MAX_THREAD_NUM (64)
-
-/* ȫIP��ΧΪ42��, ��Ŀ�޴�, �޷�ȫ�ּ��. ������ֻʹ���ض�BITλ,
- BITλ��������λ������λ, ���ǵ�һ���豸ͨ��ֻ���ض����ε�IPͨ��,
- ����Ǿ�����, ������IP��������һ��C����, ����ʹ����������.
- ʵ�ʿ��ܻ�������, ����ʹ��24bit��������ʱ, 1.2.3.4��10.2.3.4����Ϊ��һ��IP��.
-*/
-#define AFH_IP_WHITE_LIST_MASK (0x00FFFFFFU)
-#define AFH_IP_WHITE_LIST_MASK_HOST_BIT (24)
-
-#define AFH_FLOOD_THRESHOLD_UNUSUAL_MULTIPE (2) /* ����ƽ����ֵ2����, ��ʼJC, ͳ�� */
-
-#define AFH_FLOOD_THRESHOLD_SERIOUS_MULTIPLE (5) /* ����ƽ����ֵ������, ��ʼ�������� */
-
-#define AFH_DNS_DEFAULT_PORT (53)
-#define AFH_NTP_DEFAULT_PORT (123)
-
-#define AFH_REALTIME_SORT_TOPN (7) /* ʵʱ�������TOPN */
-
-#ifndef afh_likely
-#define afh_likely(x) __builtin_expect(!!(x), 1)
-#endif
-
-#ifndef afh_unlikely
-#define afh_unlikely(x) __builtin_expect(!!(x), 0)
-#endif
-
-
-enum afh_state_t{
- AFH_STATE_NORMAL = 0, /* ���� */
- AFH_STATE_UNUSUAL = 1, /* �쳣, �Գ���������ֵ */
- AFH_STATE_SERIOUS = 2, /* ����, ������̬ */
-};
-
-
-/*
- * TCP packet header prototype.
- */
-#ifndef TH_FIN
-#define TH_FIN 0x01
-#endif
-#ifndef TH_SYN
-#define TH_SYN 0x02
-#endif
-#ifndef TH_RST
-#define TH_RST 0x04
-#endif
-#ifndef TH_PUSH
-#define TH_PUSH 0x08
-#endif
-#ifndef TH_ACK
-#define TH_ACK 0x10
-#endif
-#ifndef TH_URG
-#define TH_URG 0x20
-#endif
-struct afh_tcphdr
-{
- u_int16_t th_sport; /* source port */
- u_int16_t th_dport; /* destination port */
- u_int32_t th_seq; /* sequence number */
- u_int32_t th_ack; /* acknowledgement number */
-#if __BYTE_ORDER == __LITTLE_ENDIAN
- u_int8_t th_x2:4, /* (unused) */
- th_off:4; /* data offset */
-#elif __BYTE_ORDER == __BIG_ENDIAN
- u_int8_t th_off:4, /* data offset */
- th_x2:4; /* (unused) */
-#else
-#error "Please check <endian.h>"
-#endif
- u_int8_t th_flags; /* control flags */
- u_int16_t th_win; /* window */
- u_int16_t th_sum; /* checksum */
- u_int16_t th_urp; /* urgent pointer */
-};
-
-/*
- * UDP packet header prototype.
- */
-struct afh_udp_hdr
-{
- u_int16_t uh_sport; /* soure port */
- u_int16_t uh_dport; /* destination port */
- u_int16_t uh_ulen; /* length */
- u_int16_t uh_sum; /* checksum */
-};
-
-struct afh_ip4_hdr
-{
-#if __BYTE_ORDER == __LITTLE_ENDIAN
- u_int8_t ip_hl:4, /* header length */
- ip_v:4; /* version */
-#elif __BYTE_ORDER == __BIG_ENDIAN
- u_int8_t ip_v:4, /* version */
- ip_hl:4; /* header length */
-#else
-#error "Please check <endian.h>"
-#endif
- u_int8_t ip_tos; /* type of service */
- u_int16_t ip_len; /* total length */
- u_int16_t ip_id; /* identification */
-#define AFH_IP_MF 0x2000 /* more fragments flag */
-#define AFH_IP_OFFMASK 0x1fff /* mask for fragmenting bits */
- u_int16_t ip_off;
- u_int8_t ip_ttl; /* time to live */
- u_int8_t ip_p; /* protocol */
- u_int16_t ip_sum; /* checksum */
- struct in_addr ip_src, ip_dst; /* source and dest address */
-};
-
-
-typedef struct{
- struct avl_node avl_node_topN; /* ������AVL�����������ṹ */
- unsigned int dip_net_order; /* Ŀ��IP, �����������IP����̫��, ʹ��Ŀ��IP�� */
- unsigned char thread_seq; /* for dictator */
- char __pad;
- unsigned short detectd_flood_silent_time;
- long long history_cpu_cycle; /* ����ÿ��dip����ʱ����, ������ȫ��ʱ��� */
- unsigned long long realtime_tot_pkt_num; /* ��ǰʵʱͳ�Ƶİ����� */
- unsigned long long history_pkt_num; /* ��һ��ͳ�����ڵļ���, ���ں�realtime_tot_pkt_num����ʵʱPPS */
- unsigned long long anti_flood_drop_pkt;
- unsigned long long realtime_pps; /* ��HTABLE��ʵʱÿ����ͳ��, ����AVL����, ÿ��1����������һ�� */
-}anti_flood_item_t;
-
-/* afhȫ�ֱ���, ÿ�̶߳���, ���̲߳���ʹ��, ��Ҫ��֤64�ֽ�Cache���� */
-typedef struct{
- unsigned long long ip_pkt_num;
- unsigned long long tcp_pkt_num;
- unsigned long long udp_pkt_num;
- unsigned long long ip_frag_pkt_num;
- unsigned long long tcp_syn_pkt_num;
- unsigned long long udp_dns_pkt_num;
- unsigned long long udp_ntp_pkt_num;
- struct avl_tree avl_tree_topN;
- unsigned long long realtime_pps_min_syn_pkt; /* topN��Сֵ */
- unsigned long long realtime_pps_min_dns_pkt; /* topN��Сֵ */
- unsigned long long realtime_pps_min_ntp_pkt; /* topN��Сֵ */
- char __pad[32];
-}afh_thread_variable_t;
-
-
-/* afhȫ�ֱ���, �������̹��� */
-typedef struct{
- /*
- ͳ�Ʒ�����: ȫ��ͳ�� or ���߳�ͳ��, Ŀǰ����ȫ��ͳ�Ʒ�ʽ.
- (1)ÿ���̶߳���ͳ�ơ�����
- ��Ϊȫ������SYN��������ֵ, һ����ij���߳�Ҳ����ֵ,
- ֻ���ض��߳̿��������򶪰�, ��Ӱ�������߳�.
- ������DDOS��˵, ����ij���߳�Ҳ�ж�DIP�Ĺ�������, ���ڷ�������ԭ��,
- ������̫��, �����Ǹ��̵߳�SYN����������ֵ,
- ��ôijЩSYN��Ҳ�Ͳ��ᱻ����,
- ��ɷ���Ч����̫��, ����ȫ��SYN��ֻ��������70%, �����30%û��������.
-
- (2)ȫ��ͳ��
- һ��ȫ��SYN��������ֵ, ���а������߳̿���SYN_flood��������ģʽ,
- ֻҪ�Ƿ���DIP��syn, �Ҳ��ڰ�����, ������,
- ���������������, ����ij���߳�ֻ�м�������DIP�Ҳ��ڰ�������SYN, Ҳ�ܱ���⵽������.
-
- */
- volatile unsigned char syn_flood_state;
- volatile unsigned char dns_flood_state;
- volatile unsigned char ntp_flood_state;
- volatile unsigned char udp_pkt_state; /* רΪsappƽ̨����, ���߷��ֹ�����UDP����, ����DNS, NTP��, ���߳������������̶߳༸��, ��Ҫ���� */
-
- /*
- drop_silent_time:
- ������Ĭ�ڼ�, ����PPS����, ��Ҫ��������һ��ʱ��
- Ҫ�ж�>1, �ھ�Ĭ�ڼ�����1��, �����¼��PPS�Ƿ񻹳�����ֵ,
- ������й���, ����¾�Ĭʱ��, �Լ�������,
- �����˶�����ʮ���رն���, �����½���Flood����1��, �ּ�⵽����, �ٴζ�����ʮ��Ķ���ѭ��.
- */
-
- unsigned char syn_flood_drop_silent_time;
- unsigned char dns_flood_drop_silent_time;
- unsigned char ntp_flood_drop_silent_time;
- unsigned char udp_flood_drop_silent_time;
-
- double syn_in_tcp_ratio;
- double dns_in_udp_ratio;
- double ntp_in_udp_ratio;
- double udp_in_ip_ratio;
-
- unsigned char global_default_drop_silent_time;
-}afh_global_variable_t;
-
-
-void *afh_malloc(int t_seq,size_t size);
-void afh_free(int t_seq,void*p);
-
-inline long long afh_get_cpu_cycle(void)
-{
-#ifdef __x86_64
-#define X86_64_ENV 1
-#endif
-#ifdef __x86_64__
-#define X86_64_ENV 1
-#endif
-
-#ifdef X86_64_ENV
- long long l;
- long long h;
-
- __asm__ volatile("rdtsc" : "=a"(l), "=d"(h));
- return (long long )l | ((long long )h<<32);
-#else
- return 0;
-#endif
-}
-
-#endif
-
-
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-30 17:35:27 +0000