pax_global_header00006660000000000000000000000064135052326200014510gustar00rootroot0000000000000052 comment=c55ef6137fc6f075801eac099cc2687ede0f101d pfilter-0.0.5/000077500000000000000000000000001350523262000131575ustar00rootroot00000000000000pfilter-0.0.5/.gitignore000066400000000000000000000004121350523262000151440ustar00rootroot00000000000000# Compiled Object files, Static and Dynamic libs (Shared Objects) *.o *.a *.so # Folders _obj _test # Architecture specific extensions/prefixes *.[568vq] [568vq].out *.cgo1.go *.cgo2.c _cgo_defun.c _cgo_gotypes.go _cgo_export.* _testmain.go *.exe *.test *.prof pfilter-0.0.5/LICENSE000066400000000000000000000020641350523262000141660ustar00rootroot00000000000000MIT License Copyright (c) 2016 Audrius Butkevicius Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. pfilter-0.0.5/conn.go000066400000000000000000000036631350523262000144530ustar00rootroot00000000000000package pfilter import ( "net" "sync/atomic" "time" ) type FilteredConn struct { // Alignment deadline atomic.Value source *PacketFilter priority int recvBuffer chan packet filter Filter closed chan struct{} } // LocalAddr returns the local address func (r *FilteredConn) LocalAddr() net.Addr { return r.source.conn.LocalAddr() } // SetReadDeadline sets a read deadline func (r *FilteredConn) SetReadDeadline(t time.Time) error { r.deadline.Store(t) return nil } // SetWriteDeadline sets a write deadline func (r *FilteredConn) SetWriteDeadline(t time.Time) error { return r.source.conn.SetWriteDeadline(t) } // SetDeadline sets a read and a write deadline func (r *FilteredConn) SetDeadline(t time.Time) error { r.SetReadDeadline(t) return r.SetWriteDeadline(t) } // WriteTo writes bytes to the given address func (r *FilteredConn) WriteTo(b []byte, addr net.Addr) (n int, err error) { select { case <-r.closed: return 0, errClosed default: } if r.filter != nil { r.filter.Outgoing(b, addr) } return r.source.conn.WriteTo(b, addr) } // ReadFrom reads from the filtered connection func (r *FilteredConn) ReadFrom(b []byte) (n int, addr net.Addr, err error) { select { case <-r.closed: return 0, nil, errClosed default: } var timeout <-chan time.Time if deadline, ok := r.deadline.Load().(time.Time); ok && !deadline.IsZero() { timer := time.NewTimer(deadline.Sub(time.Now())) timeout = timer.C defer timer.Stop() } select { case <-timeout: return 0, nil, errTimeout case pkt := <-r.recvBuffer: n := pkt.n if l := len(b); l < n { n = l } copy(b, pkt.buf[:n]) bufPool.Put(pkt.buf[:maxPacketSize]) return n, pkt.addr, pkt.err case <-r.closed: return 0, nil, errClosed } } // Close closes the filtered connection, removing it's filters func (r *FilteredConn) Close() error { select { case <-r.closed: return errClosed default: } close(r.closed) r.source.removeConn(r) return nil } pfilter-0.0.5/filter.go000066400000000000000000000056361350523262000150050ustar00rootroot00000000000000package pfilter import ( "net" "sort" "sync" "sync/atomic" ) // Filter object receives all data sent out on the Outgoing callback, // and is expected to decide if it wants to receive the packet or not via // the Receive callback type Filter interface { Outgoing([]byte, net.Addr) ClaimIncoming([]byte, net.Addr) bool } // NewPacketFilter creates a packet filter object wrapping the given packet // connection. func NewPacketFilter(conn net.PacketConn) *PacketFilter { d := &PacketFilter{ conn: conn, } return d } // PacketFilter embeds a net.PacketConn to perform the filtering. type PacketFilter struct { // Alignment dropped uint64 overflow uint64 conn net.PacketConn conns []*FilteredConn mut sync.Mutex } // NewConn returns a new net.PacketConn object which filters packets based // on the provided filter. If filter is nil, the connection will receive all // packets. Priority decides which connection gets the ability to claim the packet. func (d *PacketFilter) NewConn(priority int, filter Filter) net.PacketConn { conn := &FilteredConn{ priority: priority, source: d, recvBuffer: make(chan packet, 256), filter: filter, closed: make(chan struct{}), } d.mut.Lock() d.conns = append(d.conns, conn) sort.Sort(filteredConnList(d.conns)) d.mut.Unlock() return conn } func (d *PacketFilter) removeConn(r *FilteredConn) { d.mut.Lock() for i, conn := range d.conns { if conn == r { copy(d.conns[i:], d.conns[i+1:]) d.conns[len(d.conns)-1] = nil d.conns = d.conns[:len(d.conns)-1] break } } d.mut.Unlock() } // NumberOfConns returns the number of currently active virtual connections func (d *PacketFilter) NumberOfConns() int { d.mut.Lock() n := len(d.conns) d.mut.Unlock() return n } // Dropped returns number of packets dropped due to nobody claiming them. func (d *PacketFilter) Dropped() uint64 { return atomic.LoadUint64(&d.dropped) } // Overflow returns number of packets were dropped due to receive buffers being // full. func (d *PacketFilter) Overflow() uint64 { return atomic.LoadUint64(&d.overflow) } // Start starts the packet filter. func (d *PacketFilter) Start() { go d.loop() } func (d *PacketFilter) loop() { var buf []byte next: for { buf = bufPool.Get().([]byte) n, addr, err := d.conn.ReadFrom(buf) pkt := packet{ n: n, addr: addr, err: err, buf: buf[:n], } d.mut.Lock() conns := d.conns d.mut.Unlock() if err != nil { for _, conn := range conns { select { case conn.recvBuffer <- pkt: default: atomic.AddUint64(&d.overflow, 1) } } return } for _, conn := range conns { if conn.filter == nil || conn.filter.ClaimIncoming(pkt.buf, pkt.addr) { select { case conn.recvBuffer <- pkt: default: bufPool.Put(pkt.buf[:maxPacketSize]) atomic.AddUint64(&d.overflow, 1) } goto next } } bufPool.Put(pkt.buf[:maxPacketSize]) atomic.AddUint64(&d.dropped, 1) } } pfilter-0.0.5/misc.go000066400000000000000000000020221350523262000144350ustar00rootroot00000000000000package pfilter import ( "net" "sync" ) var ( maxPacketSize = 1500 bufPool = sync.Pool{ New: func() interface{} { return make([]byte, maxPacketSize) }, } errTimeout = &netError{ msg: "i/o timeout", timeout: true, temporary: true, } errClosed = &netError{ msg: "use of closed network connection", timeout: false, temporary: false, } // Compile time interface assertion. _ net.Error = (*netError)(nil) ) type netError struct { msg string timeout bool temporary bool } func (e *netError) Error() string { return e.msg } func (e *netError) Timeout() bool { return e.timeout } func (e *netError) Temporary() bool { return e.temporary } type filteredConnList []*FilteredConn func (r filteredConnList) Len() int { return len(r) } func (r filteredConnList) Swap(i, j int) { r[i], r[j] = r[j], r[i] } func (r filteredConnList) Less(i, j int) bool { return r[i].priority < r[j].priority } type packet struct { n int addr net.Addr err error buf []byte }