--- A DIFFUSE feature kernel module which calculates per-flow, bidirectional --- minimum, mean, maximum, standard deviation and sum packet length statistics --- for use in classification decisions. --- --- Sponsored by: FreeBSD Foundation --- Reviewed by: bz --- MFC after: 1 month --- diff -r fda598ecb4bf sys/modules/diffuse/Makefile --- a/sys/modules/diffuse/Makefile Sun Sep 25 17:35:48 2011 +1000 +++ b/sys/modules/diffuse/Makefile Sun Sep 25 17:36:19 2011 +1000 @@ -1,9 +1,10 @@ # $FreeBSD$ SUBDIR= diffuse \ diffuse_feature_iat \ diffuse_feature_iatbd \ diffuse_feature_pcnt \ - diffuse_feature_plen + diffuse_feature_plen \ + diffuse_feature_plenbd .include diff -r fda598ecb4bf sys/modules/diffuse/diffuse_feature_plenbd/Makefile --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/sys/modules/diffuse/diffuse_feature_plenbd/Makefile Sun Sep 25 17:36:19 2011 +1000 @@ -0,0 +1,17 @@ +# $FreeBSD$ + +.include + +.PATH: ${.CURDIR}/../../../netinet/ipfw +KMOD= diffuse_feature_plenbd +SRCS= diffuse_feature_plenbd.c \ + opt_inet6.h + +.if !defined(KERNBUILDDIR) +.if ${MK_INET6_SUPPORT} != "no" +opt_inet6.h: + echo "#define INET6 1" > ${.TARGET} +.endif +.endif + +.include diff -r fda598ecb4bf sys/netinet/ipfw/diffuse_feature_plenbd.c --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/sys/netinet/ipfw/diffuse_feature_plenbd.c Sun Sep 25 17:36:19 2011 +1000 @@ -0,0 +1,516 @@ +/*- + * Copyright (c) 2010-2011 + * Swinburne University of Technology, Melbourne, Australia. + * All rights reserved. + * + * This software was developed at the Centre for Advanced Internet + * Architectures, Swinburne University of Technology, by Sebastian Zander, made + * possible in part by a gift from The Cisco University Research Program Fund, a + * corporate advised fund of Silicon Valley Community Foundation. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +__FBSDID("$FreeBSD$"); + +#ifndef _KERNEL +#include +#include +#endif + +#ifdef _KERNEL +#include +#include +#include +#include +#include +#endif /* _KERNEL */ +#include + +#include + +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#ifdef _KERNEL +#include +#include +#include +#else +#define KPI_USER_COMPAT +#include +#endif /* _KERNEL */ + +/* + * Feature packet length bidirectional computes minimum, mean, maximum and std + * deviation of packet length (length = length of IP data or length of UDP/TCP + * data) for both directions of traffic flow. + */ + +/* If we are linked from userspace only put the declaration here. */ +#ifdef _KERNEL +PLENBD_STAT_NAMES; +#else +PLENBD_STAT_NAMES_DECL; +#endif + +/* State for jump windows. */ +typedef struct plenbd_jump_win_state { + uint16_t fmin; + uint16_t fmax; + uint32_t fsum; + uint64_t fsqsum; + uint16_t bmin; + uint16_t bmax; + uint32_t bsum; + uint64_t bsqsum; + uint16_t fcnt; + uint16_t bcnt; + int jump; + int first; +} plenbd_jump_win_state_t; + +/* Per flow data (ring buffer). */ +typedef struct plenbd_fdata { + int full; + int changed; + int index; + uint16_t *plens; + uint8_t *dirs; + plenbd_jump_win_state_t *jstate; +} plenbd_fdata_t; + +static int plenbd_reset_stats(struct cdata *cdata, struct fdata *fdata); + +static int +plenbd_init_instance(struct cdata *cdata, struct di_oid *params) +{ + di_feature_plenbd_cnf_t *cnf, *p; + + cdata->conf = malloc(sizeof(di_feature_plenbd_cnf_t), M_DIFFUSE, + M_NOWAIT | M_ZERO); + cnf = (di_feature_plenbd_cnf_t *) cdata->conf; + + /* Set default configuration. */ + cnf->plen_window = DEFAULT_PLENBD_WINDOW; + cnf->plen_partial_window = 0; + cnf->plen_len_type = PLEN_LEN_FULL; + cnf->plen_jump_window = 0; + + /* Set configuration. */ + if (params != NULL) { + p = (di_feature_plenbd_cnf_t *)params; + + if (p->plen_window != -1) + cnf->plen_window = p->plen_window; + + if (p->plen_partial_window != -1) + cnf->plen_partial_window = p->plen_partial_window; + + if (p->plen_len_type != -1) + cnf->plen_len_type = p->plen_len_type; + + if (p->plen_jump_window != -1) + cnf->plen_jump_window = p->plen_jump_window; + } + + return (0); +} + +static int +plenbd_destroy_instance(struct cdata *cdata) +{ + + free(cdata->conf, M_DIFFUSE); + + return (0); +} + +static int +plenbd_get_conf(struct cdata *cdata, struct di_oid *cbuf, int size_only) +{ + + if (!size_only) + memcpy(cbuf, cdata->conf, sizeof(di_feature_plenbd_cnf_t)); + + return (sizeof(di_feature_plenbd_cnf_t)); +} + +static int +plenbd_init_stats(struct cdata *cdata, struct fdata *fdata) +{ + di_feature_plenbd_cnf_t *cnf; + plenbd_fdata_t *data; + + cnf = (di_feature_plenbd_cnf_t *)cdata->conf; + + fdata->data = malloc(sizeof(plenbd_fdata_t), M_DIFFUSE, + M_NOWAIT | M_ZERO); + data = (plenbd_fdata_t *) fdata->data; + + if (!cnf->plen_jump_window) { + data->plens = malloc(cnf->plen_window * sizeof(uint16_t), + M_DIFFUSE, M_NOWAIT | M_ZERO); + data->dirs = malloc(cnf->plen_window * sizeof(uint8_t), + M_DIFFUSE, M_NOWAIT | M_ZERO); + } else { + data->jstate = malloc(sizeof(plenbd_jump_win_state_t), + M_DIFFUSE, M_NOWAIT | M_ZERO); + } + fdata->stats = malloc(PLENBD_NO_STATS * sizeof(int32_t), M_DIFFUSE, + M_NOWAIT | M_ZERO); + plenbd_reset_stats(cdata, fdata); + + return (0); +} + +static int +plenbd_destroy_stats(struct cdata *cdata, struct fdata *fdata) +{ + di_feature_plenbd_cnf_t *cnf; + plenbd_fdata_t *data; + + cnf = (di_feature_plenbd_cnf_t *)cdata->conf; + data = (plenbd_fdata_t *)fdata->data; + + if (!cnf->plen_jump_window) { + free(data->plens, M_DIFFUSE); + free(data->dirs, M_DIFFUSE); + } else { + free(data->jstate, M_DIFFUSE); + } + free(fdata->data, M_DIFFUSE); + free(fdata->stats, M_DIFFUSE); + + return (0); +} + +static void +reset_jump_win_state(plenbd_jump_win_state_t *state) +{ + state->fmin = 0xFFFF; + state->fmax = 0; + state->fsum = 0; + state->fsqsum = 0; + state->bmin = 0xFFFF; + state->bmax = 0; + state->bsum = 0; + state->bsqsum = 0; + state->fcnt = 0; + state->bcnt = 0; + state->jump = 0; +} + +static int +plenbd_update_stats(struct cdata *cdata, struct fdata *fdata, struct mbuf *mbuf, + int proto, void *ulp, int dir) +{ + di_feature_plenbd_cnf_t *cnf; + plenbd_fdata_t *data; + struct ip *ip; + struct ip6_hdr *ip6; + struct tcphdr *tcp; + uint16_t plen; + int iplen; + + cnf = (di_feature_plenbd_cnf_t *)cdata->conf; + data = (plenbd_fdata_t *) fdata->data; + ip = mtod(mbuf, struct ip *); + plen = 0; + + /* Length of data in IP. */ + if (cnf->plen_len_type == PLEN_LEN_FULL) { + plen = m_length(mbuf, NULL); + } else { + iplen = 0; + if (ip->ip_v == 6) { + ip6 = (struct ip6_hdr *)ip; + iplen = ntohs(ip6->ip6_plen); + } else { + iplen = ntohs(ip->ip_len) - ip->ip_hl * 4; + } + if (cnf->plen_len_type == PLEN_LEN_IPDATA) { + plen = iplen; + } else { + /* Length of data in UDP or TCP. */ + if (proto != 0 && ulp != NULL) { + if (proto == IPPROTO_TCP) { + tcp = (struct tcphdr *)ulp; + plen = iplen - tcp->th_off * 4; + } else if (proto == IPPROTO_UDP) { + plen = iplen - sizeof(struct udphdr); + } + } + } + } + + if (!cnf->plen_jump_window) { + data->plens[data->index] = plen; + data->dirs[data->index++] = dir; + } else { + if (dir == MATCH_FORWARD) { + if (plen < data->jstate->fmin) + data->jstate->fmin = plen; + + if (plen > data->jstate->fmax) + data->jstate->fmax = plen; + + data->jstate->fsum += plen; + data->jstate->fsqsum += (uint64_t)plen * plen; + data->jstate->fcnt++; + } else { + if (plen < data->jstate->bmin) + data->jstate->bmin = plen; + + if (plen > data->jstate->bmax) + data->jstate->bmax = plen; + + data->jstate->bsum += plen; + data->jstate->bsqsum += (uint64_t)plen * plen; + data->jstate->bcnt++; + } + data->index++; + + if (data->index == cnf->plen_window) { + data->jstate->jump = 1; + if (data->jstate->first) + data->jstate->first = 0; + } + } + + if (!data->full && data->index == cnf->plen_window) + data->full = 1; + + data->changed = 1; + if (data->index == cnf->plen_window) + data->index = 0; + + return (0); +} + +static int +plenbd_reset_stats(struct cdata *cdata, struct fdata *fdata) +{ + di_feature_plenbd_cnf_t *cnf; + plenbd_fdata_t *data; + int i; + + cnf = (di_feature_plenbd_cnf_t *)cdata->conf; + data = (plenbd_fdata_t *)fdata->data; + + fdata->stats[0] = 0x7FFFFFFF; + fdata->stats[1] = 0; + fdata->stats[2] = 0; + fdata->stats[3] = 0; + fdata->stats[4] = 0; + fdata->stats[5] = 0x7FFFFFFF; + fdata->stats[6] = 0; + fdata->stats[7] = 0; + fdata->stats[8] = 0; + fdata->stats[9] = 0; + + if (!cnf->plen_jump_window) { + for (i = 0; i < cnf->plen_window; i++) { + data->plens[i] = 0; + data->dirs[i] = 0; + } + } else { + reset_jump_win_state(data->jstate); + data->jstate->first = 1; + } + data->full = 0; + data->changed = 0; + data->index = 0; + + return (0); +} + +static int +plenbd_get_stats(struct cdata *cdata, struct fdata *fdata, int32_t **stats) +{ +#define PL_FMIN fdata->stats[0] +#define PL_FMEAN fdata->stats[1] +#define PL_FMAX fdata->stats[2] +#define PL_FSTDEV fdata->stats[3] +#define PL_FSUM fdata->stats[4] +#define PL_BMIN fdata->stats[5] +#define PL_BMEAN fdata->stats[6] +#define PL_BMAX fdata->stats[7] +#define PL_BSTDEV fdata->stats[8] +#define PL_BSUM fdata->stats[9] + di_feature_plenbd_cnf_t *cnf; + plenbd_fdata_t *data; + uint32_t bcnt, bsum, fcnt, fsum; + uint64_t bsqsum, fsqsum; + int i, wsize; + + cnf = (di_feature_plenbd_cnf_t *)cdata->conf; + data = (plenbd_fdata_t *)fdata->data; + bcnt = bsum = fcnt = fsum = 0; + bsqsum = fsqsum = 0; + + if (!data->full && !(cnf->plen_partial_window && data->index > 0)) + return (0); /* Window is not full yet. */ + + /* Compute stats only if we need update. */ + if ((!cnf->plen_jump_window && data->changed) + || (cnf->plen_jump_window && (data->jstate->jump + || (cnf->plen_partial_window && data->jstate->first)))) { + wsize = cnf->plen_window; + if (!data->full) + wsize = data->index; + + if (!cnf->plen_jump_window) { + PL_FMIN = 0x7FFFFFFF; + PL_FMAX = 0; + PL_BMIN = 0x7FFFFFFF; + PL_BMAX = 0; + for (i = 0; i < wsize; i++) { + if (data->dirs[i] == MATCH_FORWARD) { + if (data->plens[i] < PL_FMIN) + PL_FMIN = data->plens[i]; + + if (data->plens[i] > PL_FMAX) + PL_FMAX = data->plens[i]; + + fsum += data->plens[i]; + fsqsum += (uint64_t)data->plens[i] + * data->plens[i]; + fcnt++; + } else { + if (data->plens[i] < PL_BMIN) + PL_BMIN = data->plens[i]; + + if (data->plens[i] > PL_BMAX) + PL_BMAX = data->plens[i]; + + bsum += data->plens[i]; + bsqsum += (uint64_t)data->plens[i] + * data->plens[i]; + bcnt++; + } + } + } else { + PL_FMIN = data->jstate->fmin; + PL_FMAX = data->jstate->fmax; + PL_BMIN = data->jstate->bmin; + PL_BMAX = data->jstate->bmax; + fsum = data->jstate->fsum; + fsqsum = data->jstate->fsqsum; + bsum = data->jstate->bsum; + bsqsum = data->jstate->bsqsum; + fcnt = data->jstate->fcnt; + bcnt = data->jstate->bcnt; + + if (data->jstate->jump) + reset_jump_win_state(data->jstate); + } + + PL_FSUM = fsum; + PL_BSUM = bsum; + + if (fcnt > 0) { + PL_FMEAN = fsum / fcnt; + } else { + PL_FMIN = 0; + PL_FMEAN = 0; + } + if (fcnt > 1) { + PL_FSTDEV = fixp_sqrt((fsqsum + - ((uint64_t)fsum * fsum / fcnt)) / (fcnt - 1)); + } else { + PL_FSTDEV = 0; + } + if (bcnt > 0) { + PL_BMEAN = bsum / bcnt; + } else { + PL_BMIN = 0; + PL_BMEAN = 0; + } + if (bcnt > 1) { + PL_BSTDEV = fixp_sqrt((bsqsum + - ((uint64_t)bsum * bsum / bcnt)) / (bcnt - 1)); + } else { + PL_BSTDEV = 0; + } + + data->changed = 0; + } + *stats = fdata->stats; + + return (PLENBD_NO_STATS); +} + +static int +plenbd_get_stat(struct cdata *cdata, struct fdata *fdata, int which, int32_t *stat) +{ + int32_t *stats; + + if (which < 0 || which > PLENBD_NO_STATS) + return (-1); + + if (!plenbd_get_stats(cdata, fdata, &stats)) + return (0); + + *stat = stats[which]; + + return (1); +} + +static int +plenbd_get_stat_names(char **names[]) +{ + + *names = plenbd_stat_names; + + return (PLENBD_NO_STATS); +} + +static struct diffuse_feature_alg diffuse_plenbd_desc = { + _FI( .name = ) PLENBD_NAME, + _FI( .type = ) PLENBD_TYPE, + _FI( .ref_count = ) 0, + + _FI( .init_instance = ) plenbd_init_instance, + _FI( .destroy_instance = ) plenbd_destroy_instance, + _FI( .init_stats = ) plenbd_init_stats, + _FI( .destroy_stats = ) plenbd_destroy_stats, + _FI( .update_stats = ) plenbd_update_stats, + _FI( .reset_stats = ) plenbd_reset_stats, + _FI( .get_stats = ) plenbd_get_stats, + _FI( .get_stat = ) plenbd_get_stat, + _FI( .get_stat_names = ) plenbd_get_stat_names, + _FI( .get_conf = ) plenbd_get_conf, +}; + +DECLARE_DIFFUSE_FEATURE_MODULE(feature_plenbd, &diffuse_plenbd_desc); diff -r fda598ecb4bf sys/netinet/ipfw/diffuse_feature_plenbd.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/sys/netinet/ipfw/diffuse_feature_plenbd.h Sun Sep 25 17:36:19 2011 +1000 @@ -0,0 +1,67 @@ +/*- + * Copyright (c) 2010-2011 + * Swinburne University of Technology, Melbourne, Australia. + * All rights reserved. + * + * This software was developed at the Centre for Advanced Internet + * Architectures, Swinburne University of Technology, by Sebastian Zander, made + * possible in part by a gift from The Cisco University Research Program Fund, a + * corporate advised fund of Silicon Valley Community Foundation. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +/* + * DIFFUSE bidirectional packet length feature. + */ + +#ifndef _NETINET_IPFW_DIFFUSE_FEATURE_PLENBD_H_ +#define _NETINET_IPFW_DIFFUSE_FEATURE_PLENBD_H_ + +#define DEFAULT_PLENBD_WINDOW 25 + +#define di_feature_plenbd_cnf_t di_feature_plen_cnf_t + +/* Main properties, used in kernel and userspace. */ +#define PLENBD_NAME "plenbd" +#define PLENBD_TYPE FEATURE_ALG_BIDIRECTIONAL +#define PLENBD_NO_STATS 10 +#define PLENBD_STAT_NAMES_DECL char *plenbd_stat_names[PLENBD_NO_STATS] +#define PLENBD_STAT_NAMES PLENBD_STAT_NAMES_DECL = \ +{ \ + "fmin", \ + "fmean", \ + "fmax", \ + "fstdev", \ + "fsum", \ + "bmin", \ + "bmean", \ + "bmax", \ + "bstdev", \ + "bsum" \ +}; + +struct feature_module *plenbd_module(void); + +#endif /* _NETINET_IPFW_DIFFUSE_FEATURE_PLENBD_H_ */