/**************************************************
opengate Mac addr auth program
- module to control cache of mac and ip address pair
- to skip checking every packets.
+ module to control cache of mac and ip address pair.
+ The cache is prepared to lower the load examining all packets.
All detected address pair (allowable or not) are cached.
As checking packet is time consuming procedure,
the recently checked addresses are cached and skiped.
Implemented with HashTable and Queue.
HashTable:
- Key= comcatenation of MAC and IP Addresses
+ Key= comcatenation of MAC and IP Addresses in RAW
Val= checked time
- If address pair is included in table and time is new, skip checking.
- Queue:
- Address pair odrered by checked time.
- If an old item is found in table, elder items are removed from table.
- The queue controls the remove sequence.
+ If the address pair is included in table and time is new, skip checking.
+ If the address pair is elder than the cache limit time,
+ remove the pair and elder pairs from table.
+ Queue(FIFO):
+ Address pair ordered by checked time.
+ The queue is used for the above remove sequence.
Copyright (C) 2011 Opengate Project Team
Written by Yoshiaki Watanabe
**************************************************/
#include "opengatemd.h"
-#define CACHESIZE 1000000 /* mac&ip cache size */
+#define CACHESIZE 1000000 /* mac&ip cache size (max pairs to save) */
int InitQueueForCache(void);
int EnQueueForCache(unsigned char* addrRaw, int addrLen);
int ListQueueForCache(void);
void FreeQueueForCache(void);
-/* Queue to store MacAndIpAddress */
+/* Queue(FIFO) for stores of MacAndIpAddress */
+/* implemented with linked-list */
struct queueNode{
int addrLen;
unsigned char addrRaw[MACADDRLN+IPV6ADDRLN];
static struct queueNode* queueTail=NULL;
static struct queueNode* queueHead=NULL;
-/* HashTable to store MacAndIpAddress and Time */
+/* HashTable for stores of MacAndIpAddress(key) and Time(value) */
static DB* hashDb;
-/* Cache Timeout(seconds) : packet checking interval */
+/* Cache Timeout(seconds) */
+/* it means the packet checking interval */
static int cacheTimeout;
+/* count of address pairs stored in cache */
static int cacheItemCount=0;
/**********************************
This cache is made from HashTable and Queue.
-HashTabel for quick access, and Queue for ordering.
+HashTable for quick access, and Queue for ordering.
Same data are stored in the two data structures.
-If you add/delete items in cache, treat both structures.
+When you add/delete items in cache, treat both structures.
Don't add/delete items from one structure only.
***********************************/
/****************************************
-Is the IpAddress checked recently or not
- input=ipAddress return TRUE if checked recently
+Is the MAC/IPAddress pair checked recently or not
+ input: macAndIpAddressRaw=concatenation of MAC and IP in RAW
+ addrLen=address length
+ return TRUE if checked recently
****************************************/
int isRecentlyCheckedAddress(unsigned char* macAndIpAddressRaw, int addrLen){
memset(&hashVal, 0, sizeof(DBT));
ret=hashDb->get(hashDb, &hashKey, &hashVal, 0);
- /* getting from hash is successed */
+ /*** if getting from hash is successed */
if(ret==0){
/* pick up the pointer to the value */
if( (timeNow-*pTime) < cacheTimeout ) return TRUE;
/***** if timeover, elder items are removed from queue and hashTable */
- /* dequeue data from queue head and inspect the address */
- /* until present address is found. */
+ /* the packet reaching here is over the cache timeout */
+ /* dequeue data from queue head(oldest) until present address is found. */
while(DeQueueForCache(storedAddrRaw, &storedAddrLen)){
hashKey.data=storedAddrRaw;
hashKey.size = storedAddrLen;
if(memcmp(macAndIpAddressRaw,storedAddrRaw,storedAddrLen)==0)break;
}
- /* insert update item to queue and hashTable */
+ /* insert updated item to queue and hashTable */
EnQueueForCache(storedAddrRaw, storedAddrLen);
hashVal.data = &timeNow;
hashVal.size = sizeof(int);
terminateProg(0);
}
- /* and return NO */
+ /* (if timeover) return NO */
return FALSE;
}
- /* if getting from hash is failed, insert address and return NO */
+ /*** if getting from hash is failed, insert address and return NO */
if(ret==1){
- /*************** begin adding item to Cache ***/
+ /*************** begin of adding item to Cache ***/
/* insert to hash table */
hashVal.data = &timeNow;
hashVal.size = sizeof(int);
}
/* insert to queue */
EnQueueForCache(macAndIpAddressRaw, addrLen);
- /*************** end adding item to Cache ***/
+ /*************** end of adding item to Cache ***/
/* if cache size is over, remove oldest one */
if(cacheItemCount>CACHESIZE) DelOldestCacheItem();
return FALSE;
}
- /* else error exit */
+ /*** if getting from hash is error, exit */
err_msg("ERR at %s#%d: fail to get hash table item",__FILE__,__LINE__);
return FALSE;
}
****************************************/
void freeCache(void) {
+ /* free hash table */
hashDb->close(hashDb);
+
+ /* free queue */
FreeQueueForCache();
}
/* set found flag */
found=TRUE;
+ /*************** begin of removing item from Cache ***/
/* delete the item from Hash Table */
hashKey.data = temp->addrRaw;
hashKey.size = temp->addrLen;
prev->next=temp->next;
free(temp);
temp=prev;
+ /*************** end of removing item from Cache ***/
}
/* move to next item */
DBT hashKey;
unsigned char addrRaw[MACADDRLN+IPV6ADDRLN];
int addrLen=0;
-
+
/* delete oldest item(=head) from queue */
if(DeQueueForCache(addrRaw, &addrLen)){
hashKey.data = addrRaw;
hashKey.size = addrLen;
hashDb->del(hashDb, &hashKey, 0);
-
return TRUE;
}
}
/*********************************************
-initialize MacAndIpAddress Queue
+initialize MacAndIpAddress Queue(FIFO)
Queue
- HeadNode - DataNode - DataNode - TailNode
- (dummy) (dummy)
- ^queueHead ^queueTail
+ HeadNode - DataNode - DataNode - TailNode
+ (dummy node) (dummy node)
+ ^queueHead ^queueTail
*********************************************/
int initQueueForCache(void){
return FALSE;
}
- /* add item after the tail and set it as new tail*/
+ /*** add item after the tail and set it as new tail */
+ /* memory area for new node is prepared */
newNode=(struct queueNode*)malloc(sizeof(struct queueNode));
if(newNode==NULL){
err_msg("ERR at %s#%d: fail to malloc",__FILE__,__LINE__);
terminateProg(0);
}
+
+ /* data is set into the tail-node(old) */
memcpy(queueTail->addrRaw, addrRaw, addrLen);
queueTail->addrLen=addrLen;
+
+ /* the new node is linked after the tail-node(old) */
+ /* and is used as the new tail-node */
queueTail->next=newNode;
queueTail=newNode;
+
+ /* the tail-node(new) is initialized */
bzero(queueTail->addrRaw,MACADDRLN+IPV6ADDRLN);
queueTail->addrLen=0;
queueTail->next=NULL;
return FALSE;
}
- /* get item from the head */
+ /* get item from the head and remove the item from the queue */
else {
struct queueNode *temp;
+
+ /* head-node is a dummy node, second-node has the 1st data */
+ /* 'temp' points the 1st data. 'temp->next' points the 2nd data */
+
+ /* link the head-node to 2nd data, get 1st data, and remove 1st data */
temp=queueHead->next;
queueHead->next=temp->next;
memcpy(addrRaw, temp->addrRaw, temp->addrLen);
OSDN Git Service
