GSOC 2018: Implementing blackholing in Gatekeeper

Makefile

@@ -44,7 +44,7 @@ SRCS-y += sol/main.c
 # Libraries.
 SRCS-y += lib/mailbox.c lib/net.c lib/flow.c lib/ipip.c \
  lib/luajit-ffi-cdata.c lib/launch.c lib/lpm.c lib/acl.c lib/varip.c \
- lib/l2.c
+ lib/l2.c lib/space_saving.c lib/gatekeeper_rhhh.c
 
 LDLIBS += $(LDIR) -Bstatic -lluajit-5.1 -Bdynamic -lm -lmnl
 CFLAGS += $(WERROR_FLAGS) -I${GATEKEEPER}/include -I/usr/local/include/luajit-2.0/

include/gatekeeper_rhhh.h

@@ -0,0 +1,107 @@
+/*
+ * Gatekeeper - DoS protection system.
+ * Copyright (C) 2016 Digirati LTDA.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _GATEKEEPER_RHHH_H_
+#define _GATEKEEPER_RHHH_H_
+
+#include "space_saving.h"
+
+#ifndef DIMENSION
+#define DIMENSION 1
+#endif
+
+#ifndef NUM_V4_COUNTERS
+#define NUM_V4_COUNTERS 5
+#endif
+
+#ifndef NUM_V6_COUNTERS
+#define NUM_V6_COUNTERS 17
+#endif
+
+extern struct rte_hash *counter_ip4[NUM_V4_COUNTERS];
+extern struct rte_hash *counter_ip6[NUM_V6_COUNTERS];
+
+typedef struct heavyhitter {
+ struct ip_key key;
+
+ union {
+ /* Mask for IPv4 packets */
+ struct {
+ uint32_t src_mask;
+ uint32_t dst_mask;
+ } v4;
+
+ /* Mask for IPv6 packets */
+ struct {
+ uint8_t src_mask[16];
+ uint8_t dst_mask[16];
+ } v6;
+ } msk;
+
+ uint32_t upr_bnd;
+ uint32_t lwr_bnd;
+} HeavyHitter;
+
+typedef struct descendant {
+ struct ip_key key;
+ union {
+ /* Mask for IPv4 packet. */ 
+ struct {
+ uint32_t src_mask;
+ uint32_t dst_mask;
+ } v4;
+
+ /* Mask for IPv6 packet. */
+ struct {
+ uint8_t src_mask[16];
+ uint8_t dst_mask[16];
+ } v6;
+ } msk;
+} Descendant;
+
+double dblmax(double a, double b);
+
+double two_to_the_k(int k);
+
+extern int
+rhhh_init(unsigned int socket_id, uint16_t proto, double prob);
+
+void
+rhhh_deinit(uint16_t proto);
+
+extern int
+rhhh_update(unsigned int socket_id, struct ip_key *key);
+
+static
+struct rte_hash *
+create_dblcounter(unsigned int socket_id, uint16_t proto, int dblcounter_id,
+ int dblcounter_size);
+
+extern int 
+rhhh1D_v4_output(double threshold, unsigned int socket_id); 
+
+extern int
+calcPred2D_v4(struct ip_key *key, uint32_t src_mask, uint32_t dst_mask);
+
+extern int
+rhhh2D_v4_output(double threshold, unsigned int socket_id);
+
+extern int
+rhhh1D_v6_output(double threshold, unsigned int socket_id);
+
+#endif /* _GATEKEEPER_RHHH_H_ */ 

include/space_saving.h

@@ -0,0 +1,126 @@
+/*
+ * Gatekeeper - DoS protection system.
+ * Copyright (C) 2016 Digirati LTDA.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _SPACE_SAVING_H_
+#define _SPACE_SAVING_H_
+
+#define OVRFLOW 1000000
+
+#include <netinet/in.h>
+
+#include <rte_ether.h>
+#include <rte_hash.h>
+#include <rte_jhash.h>
+
+#include "list.h"
+//#include "gatekeeper_gk.h"
+//#include "gatekeeper_net.h"
+//#include "gatekeeper_flow.h"
+
+#define DEFAULT_HASH_FUNC rte_jhash
+
+extern struct ip_key *hh_table;
+extern struct list_head bkt_head_ip4;
+extern struct list_head bkt_head_ip6;
+extern int streamlen;
+extern int mx;
+
+struct ip_key {
+ uint16_t proto;
+ union {
+ struct v4{
+ struct in_addr src;
+ struct in_addr dst;
+ } v4;
+
+ struct v6{
+ struct in6_addr src;
+ struct in6_addr dst;
+ } v6; 
+ } k; 
+};
+
+/* Data structure for Counter bucket. */
+struct counter_bucket
+{
+ uint16_t proto;
+ int bkt_id;
+
+ union {
+ /* Bucket for IPV4 address. */
+ struct rte_hash *bkt_ip4;
+
+ /* Bucket for IPV6 address. */
+ struct rte_hash *bkt_ip6;
+ } bkt;
+
+ struct list_head list;
+};
+
+/* Data structure of IP data. */
+struct ip_data
+{
+ int err;
+ int bkt_id;
+ struct ip_key key;
+ struct counter_bucket ct_bucket;
+};
+
+int max(int a, int b);
+
+/* 
+ * Create a counter table of size = 1.0/epsion.
+ * @epsilon is the error parameter for space saving algorithm.
+ */
+struct rte_hash *
+create_counter_table(unsigned int socket_id, uint16_t proto, int counter_id,
+ int ht_size);
+
+/* Destroy a counter table. */
+void destroy_counter_table(uint16_t proto, int counter_id);
+
+/* 
+ * Create a counter bucket.
+ * Size of each bucket is set to 100 by default.
+ * TODO: Find a way to vary the size of a bucket to ensure 
+ * optimum memory usage.
+ */
+struct rte_hash *
+create_bucket(unsigned int socket_id, uint16_t proto, int bkt_id);
+
+/* Increment Counter Algorithm. */
+static int
+increment_counter(unsigned int socket_id, uint16_t proto, 
+ struct ip_data **element);
+
+/* Space Saving algorithm. */
+int space_saving(unsigned int socket_id, uint16_t proto, struct ip_key *key,
+ struct rte_hash *ct_table);
+
+/* 
+ * Iterate through the elements in the Counter Table and find the heavy hitters. 
+ */
+int SSiterate(struct rte_hash *ct_table, int proto, int threshold);
+
+/* Estimate a lower bound for the frequency of an element. */ 
+int SSEstLow(struct rte_hash *ct_table, struct ip_key *key);
+
+/* Estimate an upper bound on the frequency of an element. */
+int SSEstUpp(struct rte_hash *ct_table, struct ip_key *key);
+
+#endif /* _SPACE_SAVING_H */