Implement a bitmap filter besides the bloom filter

responder-bench/src/process.rs

@@ -1,10 +1,10 @@
-use std::{fmt::Debug, path::{Path, PathBuf}, fs::{File, self}, io::{Read, BufReader, BufRead, Write}, collections::{HashMap, HashSet}, net::Ipv4Addr};
+use std::{fmt::Debug, path::{Path, PathBuf}, fs::File, io::{Read, BufReader, BufRead, Write}, collections::{HashMap, HashSet}, net::Ipv4Addr};
 use anyhow::{Context, bail, anyhow};
 use clap::Parser;
 use json::JsonValue;
 use regex::Regex;
 
-use crate::run::{BENCH_BASE_PATH, BENCH_DATA_PATH, TestType};
+use crate::run::{BENCH_BASE_PATH, BENCH_DATA_PATH};
 
 fn json_from_file<P>(path: P) -> anyhow::Result<HashMap<String, f64>>
 where
@@ -132,7 +132,7 @@ pub fn process(opts: Options) -> anyhow::Result<()> {
     let zmap_stats_regex = Regex::new(r"^[^\(;]+(?:\(.+left\))?; send: [^\(;]+done \(([\d\.]+) ([KMG]?)p/s avg\); recv: [^\(;]+\(([\d\.]+) ([KMG]?)p/s avg\); drops: [^\(;]+\(([\d\.]+) ([KMG]?)p/s avg\); hitrate: [^;]+$")?;
 
     let header_row = [
-        "type",
+        "type", "filter-type",
         "subnet_size", "hitrate", "bloom_filter_bits", "bloom_filter_hash_count", "zmap_scanrate",
         "bpf_run_time_total", "bpf_run_count", "bpf_memory_lock",
         "filter_intern_build_time", "filter_intern_write_time",
@@ -174,21 +174,28 @@ pub fn process(opts: Options) -> anyhow::Result<()> {
                     .file_name()
                     .into_string()
                     .map_err(|e| anyhow!(format!("{:?}", e)))?;
-                let (test_type, bloom_bits, bloom_hashes) = if bloom_folder_name.contains('-') {
-                    let (bloom_bits, bloom_hashes) = bloom_folder_name.split_once("-")
-                                                                      .ok_or(anyhow!("Expected filename with -, got {:?}", bloom_dir.file_name()))?;
+                let (test_type, filter_type, bloom_bits, bloom_hashes) = if bloom_folder_name.contains('-') {
+                    let (bloom_bits, rem) = bloom_folder_name.split_once("-")
+                                                             .ok_or(anyhow!("Expected filename with -, got {:?}", bloom_dir.file_name()))?;
+
+                    let (filter_type, rem) = rem.split_once("-").unwrap_or((rem, ""));
+
+                    let (bloom_hashes, bpf_enabled) = if filter_type == "bloom" {
+                        rem.split_once("-").map(|(c, rem)| (c,rem=="bpf")).unwrap_or((rem, false))
+                    } else {
+                        ("0", rem == "bpf")
+                    };
+
                     let bloom_bits = bloom_bits.to_string();
                     let bloom_hashes = bloom_hashes.to_string();
-                    let test_type = if bloom_hashes.as_str() == "0" {
-                        "empty_filter"
-                    } else if bloom_folder_name.contains("bpf") {
+                    let test_type = if bpf_enabled {
                         "bpf-stats"
                     } else {
                         "normal"
                     };
-                    (test_type, bloom_bits, bloom_hashes)
+                    (test_type, filter_type, bloom_bits, bloom_hashes)
                 } else {
-                    ("baseline", String::from("-1"), String::from("-1"))
+                    ("baseline","none", String::from("-1"), String::from("-1"))
                 };
 
                 let bloom_path = bloom_dir.path();
@@ -222,6 +229,7 @@ pub fn process(opts: Options) -> anyhow::Result<()> {
                     let data_row = (|| {
                         Ok([
                             test_type.to_owned(),
+                            filter_type.to_owned(),
                             subnet.clone(), hitrate.clone(), bloom_bits.clone(), bloom_hashes.clone(), scan_rate.clone(),
                             get_or_default(&mut bpf_stats, "run_time"),
                             get_or_default(&mut bpf_stats, "run_count"),

responder-bench/src/run.rs

@@ -1,4 +1,4 @@
-use std::{path::{Path, PathBuf}, fs::{File, self, OpenOptions}, io::{BufWriter, Write, self, Read, BufRead}, net::Ipv4Addr, process::{Command, self, Stdio}, time::{Instant, Duration}, thread::{self, sleep}};
+use std::{path::{Path, PathBuf}, fs::{File, self, OpenOptions}, io::{BufWriter, Write, self, Read, BufRead}, net::Ipv4Addr, process::{Command, self, Stdio}, time::{Instant, Duration}, thread};
 use json::JsonValue;
 use log::info;
 use rand::prelude::*;
@@ -9,6 +9,7 @@ mod error;
 pub use crate::run::args::*;
 pub use crate::run::error::*;
 pub use crate::run::args::TestType::*;
+pub use crate::run::args::FilterType::*;
 
 pub const BENCH_BASE_PATH: &str = "./bench";
 pub const BENCH_DATA_PATH: &str = "data";
@@ -56,16 +57,17 @@ pub fn run() -> Result<(), anyhow::Error> {
     let cores: u32 = 4;
 
     let seed: u64 = 0x1337133713371337;
-    // let scan_sizes: Vec<u64> = vec![8, 16];//, 24];//,32]; // TODO 8 only for test purposes
-    let scan_sizes: Vec<u64> = vec![24];
+    let scan_sizes: Vec<u64> = vec![8, 16];//, 24];//,32]; // TODO 8 only for test purposes
+    // let scan_sizes: Vec<u64> = vec![24];
     // let hit_rates: Vec<f64> = vec![0.001, 0.0032,0.01,0.032,0.1];
     let hit_rates: Vec<f64> = vec![0.02];
     // let false_positive_rates: Vec<TestType> = vec![Baseline, EmptyFilter,Normal(0.1),Normal(0.01),Normal(0.001),Normal(0.0001)];
     let false_positive_rates: Vec<TestType> = vec![Baseline, Normal(0.001), BpfStats(0.001)];
+    let filter_types: Vec<FilterType> = vec![Bitmap, Bloom];
+    let baseline_filter_types: Vec<FilterType> = vec![Bitmap];
     // let scan_rates: Vec<u64> = vec![316_000, 562_000, 1_000_000, 1_780_000, 3_160_000];
     let scan_rates: Vec<u64> = vec![300000, 377678, 475468, 598579, 753566, 948683, 1194322, 1503562, 1892872, 2382985, 3000000];
 
-    // baseline test against dummy interface (drop all)
 
     for scan_size in &scan_sizes {
         for hit_rate in &hit_rates {
@@ -82,126 +84,137 @@ pub fn run() -> Result<(), anyhow::Error> {
             info!("subnet for {} is {}", data_args, subnet);
 
             for test_type in &false_positive_rates {
-                let bloom_args = BloomFilterArgs::from(data_args, *test_type);
-
-                info!("Building binaries for {} {}", data_args, bloom_args);
-                build_binaries(data_args, bloom_args)
-                    .context(format!("Failed to build binaries for {} {}", data_args, bloom_args))?;
-
-                let filter_path = match test_type {
-                    Normal(_) | EmptyFilter | BpfStats(_) => {
-                        info!("Building filter for {} {}", data_args, bloom_args);
-                        let filter_path = build_filter(data_args, bloom_args, ip_file_path.as_path())
-                            .context(format!("Failed to build filter for {} {}", data_args, bloom_args))?;
-                        Some(filter_path)
+                let filter_types = match test_type {
+                    Normal(_) | BpfStats(_) => {
+                        &filter_types
                     },
                     Baseline => {
-                        None
+                        &baseline_filter_types
                     }
                 };
-                for scan_rate in &scan_rates {
-                    let scan_args = ScanArgs::new(*scan_rate);
-                    let args = BenchArgs {data_args, bloom_filter_args: bloom_args, scan_args};
-
-                    let run_output = (|| {
-                        fs::create_dir_all(args.wd_path())
-                            .context("Failed to create wd")
-                            .map_err(|e| (None, e))?;
-
-                        let (handle, stderr_handle, stdout_handle)  = match test_type {
-                            Normal(_) | EmptyFilter | BpfStats(_) => {
-                                info!("Loading XDP program for {}", args);
-                                let (handle, stderr_handle, stdout_handle) = load_xdp(args, Some(filter_path.clone().unwrap().as_path()))
-                                    .map_err(|(h, e)| (h, e.context(format!("Loading XDP program for {}", args))))?;
-
-                                (Some(handle), Some(stderr_handle), Some(stdout_handle))
-                            },
-                            Baseline => {
-                                info!("Not loading XDP program for {}", args);
-                                (None, None, None)
-                            }
-                        };
 
-                        if let BpfStats(_) = test_type {
-                            info!("Enabling bpf_stats");
-                            if let Err(e) = set_bpf_stats(args, true) {
-                                return Err((handle, e));
-                            }
+                for filter_type in filter_types {
+                    let bloom_args = FilterArgs::from(data_args, *test_type, *filter_type);
+                    info!("Building binaries for {} {}", data_args, bloom_args);
+                    build_binaries(data_args, bloom_args)
+                        .context(format!("Failed to build binaries for {} {}", data_args, bloom_args))?;
+
+                    let filter_path = match test_type {
+                        Normal(_) | BpfStats(_) => {
+                            info!("Building filter for {} {}", data_args, bloom_args);
+                            let filter_path = build_filter(data_args, bloom_args, *filter_type, ip_file_path.as_path())
+                                .context(format!("Failed to build filter for {} {}", data_args, bloom_args))?;
+                            Some(filter_path)
+                        },
+                        Baseline => {
+                            None
                         }
-
-                        info!("Running zmap for {}", args);
-                        let zmap_result = run_zmap(args, subnet)
-                            .context(format!("Running zmap for {}", args));
-                        if let Err(e) = zmap_result {
-                            return Err((handle, e));
-                        }
-                        let zmap_output = zmap_result.unwrap();
-
-                        let bpf_stats = match test_type {
-                            BpfStats(_) => {
-                                info!("Disabling and collecting bpf_stats");
-                                if let Err(e) = set_bpf_stats(args, false) {
-                                    return Err((handle, e));
+                    };
+
+                    for scan_rate in &scan_rates {
+                        let scan_args = ScanArgs::new(*scan_rate);
+                        let args = BenchArgs {data_args, bloom_filter_args: bloom_args, scan_args};
+
+                        let run_output = (|| {
+                            fs::create_dir_all(args.wd_path())
+                                .context("Failed to create wd")
+                                .map_err(|e| (None, e))?;
+
+                            let (handle, stderr_handle, stdout_handle)  = match test_type {
+                                Normal(_) | BpfStats(_) => {
+                                    info!("Loading XDP program for {}", args);
+                                    let (handle, stderr_handle, stdout_handle) = load_xdp(args, filter_path.clone().unwrap().as_path())
+                                        .map_err(|(h, e)| (h, e.context(format!("Loading XDP program for {}", args))))?;
+
+                                    (Some(handle), Some(stderr_handle), Some(stdout_handle))
+                                },
+                                Baseline => {
+                                    info!("Not loading XDP program for {}", args);
+                                    (None, None, None)
                                 }
-                                let bpf_stats_result = read_bpf_stats(args)
-                                    .context(format!("Failed to read bpf stats for {}", args));
-                                if let Err(e) = bpf_stats_result {
+                            };
+
+                            if let BpfStats(_) = test_type {
+                                info!("Enabling bpf_stats");
+                                if let Err(e) = set_bpf_stats(args, true) {
                                     return Err((handle, e));
                                 }
-                                let bpf_stats = bpf_stats_result.unwrap();
-
-                                Some(bpf_stats)
-                            }
-                            _ => {
-                                None
-                            }
-                        };
-
-                        let responder_output = match test_type {
-                            BpfStats(_) | Normal(_) | EmptyFilter => {
-                                info!("Telling 'responder' to unload XDP");
-                                let responder_output = unload_xdp(args, handle.unwrap())
-                                    .map_err(|(h, e)| (h, e.context(format!("Could not successfully unload XDP program for {}", args))))?;
-                                Some(responder_output)
                             }
-                            Baseline => {
-                                None
+
+                            info!("Running zmap for {}", args);
+                            let zmap_result = run_zmap(args, subnet)
+                                .context(format!("Running zmap for {}", args));
+                            if let Err(e) = zmap_result {
+                                return Err((handle, e));
                             }
-                        };
-
-                        Ok((zmap_output, responder_output, bpf_stats, stderr_handle, stdout_handle))
-                    })();
-
-                    let (zmap_output, _responder_output, bpf_stats, responder_stderr_handle, responder_stdout_handle) = run_output.map_err(|(handle, e)| {
-                        if let Some(mut handle) = handle {
-                            let kill_result = handle.kill();
-                            if let Err(kill_e) = kill_result {
-                                return anyhow!(kill_e)
-                                    .context(e)
-                                    .context(format!("Failed to kill responder process for {}; Killed because of reason below", args));
+                            let zmap_output = zmap_result.unwrap();
+
+                            let bpf_stats = match test_type {
+                                BpfStats(_) => {
+                                    info!("Disabling and collecting bpf_stats");
+                                    if let Err(e) = set_bpf_stats(args, false) {
+                                        return Err((handle, e));
+                                    }
+                                    let bpf_stats_result = read_bpf_stats(args)
+                                        .context(format!("Failed to read bpf stats for {}", args));
+                                    if let Err(e) = bpf_stats_result {
+                                        return Err((handle, e));
+                                    }
+                                    let bpf_stats = bpf_stats_result.unwrap();
+
+                                    Some(bpf_stats)
+                                }
+                                _ => {
+                                    None
+                                }
+                            };
+
+                            let responder_output = match test_type {
+                                BpfStats(_) | Normal(_) => {
+                                    info!("Telling 'responder' to unload XDP");
+                                    let responder_output = unload_xdp(args, handle.unwrap())
+                                        .map_err(|(h, e)| (h, e.context(format!("Could not successfully unload XDP program for {}", args))))?;
+                                    Some(responder_output)
+                                }
+                                Baseline => {
+                                    None
+                                }
+                            };
+
+                            Ok((zmap_output, responder_output, bpf_stats, stderr_handle, stdout_handle))
+                        })();
+
+                        let (zmap_output, _responder_output, bpf_stats, responder_stderr_handle, responder_stdout_handle) = run_output.map_err(|(handle, e)| {
+                            if let Some(mut handle) = handle {
+                                let kill_result = handle.kill();
+                                if let Err(kill_e) = kill_result {
+                                    return anyhow!(kill_e)
+                                        .context(e)
+                                        .context(format!("Failed to kill responder process for {}; Killed because of reason below", args));
+                                }
                             }
+                            e
+                        })?;
+
+                        if let Some(responder_stderr_handle) = responder_stderr_handle {
+                            responder_stderr_handle.join()
+                                                   .map_err(|_| anyhow!("stderr thread panicked"))
+                                                   .and(responder_stdout_handle.unwrap().join()
+                                                        .map_err(|_| anyhow!("stdout thread panicked")))
+                                                   .and_then(|res| res)
+                                                   .context(format!("Error occured in a log thread for {}", args))?;
                         }
-                        e
-                    })?;
-
-                    if let Some(responder_stderr_handle) = responder_stderr_handle {
-                        responder_stderr_handle.join()
-                                               .map_err(|_| anyhow!("stderr thread panicked"))
-                                               .and(responder_stdout_handle.unwrap().join()
-                                                    .map_err(|_| anyhow!("stdout thread panicked")))
-                                               .and_then(|res| res)
-                                               .context(format!("Error occured in a log thread for {}", args))?;
-                    }
 
-                    File::create(args.wd_path().join("zmap_stats.txt"))
-                        .context(format!("Failed to create zmap_stats.txt file for {}", args))?
-                        .write_all(&zmap_output.stderr.as_slice())
-                        .context(format!("Failed to write to zmap_stats.txt file for {}", args))?;
-                    if let Some(bpf_stats) = bpf_stats {
-                        File::create(args.wd_path().join("bpf_stats.json"))
-                            .context(format!("Failed to create bpf_stats.json file for {}", args))?
-                            .write_all(format!("{{\"run_count\": {}, \"run_time\": {}, \"mem_lock\": {}}}", bpf_stats.0, bpf_stats.1, bpf_stats.2).as_bytes())
-                            .context(format!("Failed to write to bpf_stats.json file for {}", args))?;
+                        File::create(args.wd_path().join("zmap_stats.txt"))
+                            .context(format!("Failed to create zmap_stats.txt file for {}", args))?
+                            .write_all(&zmap_output.stderr.as_slice())
+                            .context(format!("Failed to write to zmap_stats.txt file for {}", args))?;
+                        if let Some(bpf_stats) = bpf_stats {
+                            File::create(args.wd_path().join("bpf_stats.json"))
+                                .context(format!("Failed to create bpf_stats.json file for {}", args))?
+                                .write_all(format!("{{\"run_count\": {}, \"run_time\": {}, \"mem_lock\": {}}}", bpf_stats.0, bpf_stats.1, bpf_stats.2).as_bytes())
+                                .context(format!("Failed to write to bpf_stats.json file for {}", args))?;
+                        }
                     }
                 }
             }
@@ -256,7 +269,7 @@ fn build_ip_file(data_args: DataArgs) -> anyhow::Result<(PathBuf, Ipv4Addr)> {
     Ok((path, Ipv4Addr::from(subnet)))
 }
 
-fn build_binaries(data_args: DataArgs, bloom_args: BloomFilterArgs) -> anyhow::Result<()> {
+fn build_binaries(data_args: DataArgs, bloom_args: FilterArgs) -> anyhow::Result<()> {
     let bin_path = BenchArgs::bin_bin_path(data_args, bloom_args);
     fs::create_dir_all(&bin_path).context("Failed to create bench dir")?;
     let output = Command::new("cargo")
@@ -267,7 +280,7 @@ fn build_binaries(data_args: DataArgs, bloom_args: BloomFilterArgs) -> anyhow::R
         ])
         .env("BLOOMFILTER_ADDRESS_BITS", bloom_args.address_bits.to_string())
         .env("BLOOMFILTER_ADDRESS_BITS_CHUNK", bloom_args.chunk_address_bits.to_string())
-        .env("BLOOMFILTER_HASH_COUNT", bloom_args.hash_count.to_string())
+        .env("BLOOMFILTER_HASH_COUNT", bloom_args.hash_count.unwrap_or(0).to_string())
         .stdin(Stdio::null())
         .stderr(Stdio::piped())
         .stdout(Stdio::null())
@@ -281,10 +294,17 @@ fn build_binaries(data_args: DataArgs, bloom_args: BloomFilterArgs) -> anyhow::R
     Ok(())
 }
 
-fn build_filter(data_args: DataArgs, bloom_args: BloomFilterArgs, ip_file_path: &Path) -> anyhow::Result<PathBuf> {
-    let path = BenchArgs::bin_wd_path(data_args, bloom_args).join("ips.bfb");
+fn build_filter(data_args: DataArgs, bloom_args: FilterArgs, filter_type: FilterType, ip_file_path: &Path) -> anyhow::Result<PathBuf> {
+    let filter_file = match filter_type {
+        Bloom => "ips.bfb",
+        Bitmap => "ips.fb",
+    };
+
+    let path = BenchArgs::bin_wd_path(data_args, bloom_args).join(filter_file);
     fs::create_dir_all(path.parent().unwrap()).context("Failed to create bench dir")?;
 
+    let filter_type_string = filter_type.to_string().to_lowercase();
+
     let output = Command::new("/usr/bin/time")
         .args([
             // time args
@@ -295,6 +315,7 @@ fn build_filter(data_args: DataArgs, bloom_args: BloomFilterArgs, ip_file_path:
             BenchArgs::bin_bin_path(data_args, bloom_args).join("tools/build_filter").to_str().unwrap(),
             "--force",
             "--timing-path", BenchArgs::bin_wd_path(data_args, bloom_args).join("filter_intern_time.json").to_str().unwrap(),
+            filter_type_string.as_str(),
             ip_file_path.to_str().unwrap(),
             path.to_str().unwrap()
         ])
@@ -314,19 +335,23 @@ fn build_filter(data_args: DataArgs, bloom_args: BloomFilterArgs, ip_file_path:
 
 type LogJoinHandle = thread::JoinHandle<anyhow::Result<()>>;
 
-fn load_xdp(bench_args: BenchArgs, filter_path: Option<&Path>) -> Result<(process::Child, LogJoinHandle, LogJoinHandle), (Option<process::Child>, anyhow::Error)> {
+fn load_xdp(bench_args: BenchArgs, filter_path: &Path) -> Result<(process::Child, LogJoinHandle, LogJoinHandle), (Option<process::Child>, anyhow::Error)> {
     let responder_path = bench_args.bin_path().join("responder");
     let target= bench_args.bin_path().join("ebpf");
     let fd_info_out_path = bench_args.wd_path().join("responder_info.json");
+
+    let filter_type = bench_args.bloom_filter_args.filter_type.to_string().to_lowercase();
+
     let mut args = Vec::from(PRIVILEGE_RUNNER);
     args.extend_from_slice(&[
         responder_path.to_str().unwrap(),
+        "--filter-path", filter_path.to_str().unwrap(),
         "--target", target.to_str().unwrap(),
         "--fd-info-out-path", fd_info_out_path.to_str().unwrap(),
+        "--filter-type", filter_type.as_str(),
     ]);
-    if let Some(path) = filter_path {
-        args.extend_from_slice(&["--bfb", path.to_str().unwrap()]);
-    }
+
+    println!("{:?}", args);
 
     let mut handle = Command::new(args.remove(0))
         .args(args)

responder-bench/src/run/args.rs

@@ -2,6 +2,7 @@ use std::{fmt::Display, path::PathBuf};
 
 use crate::run::{BENCH_BASE_PATH, BENCH_DATA_PATH, BENCH_BIN_PATH, BENCH_LOG_PATH};
 use crate::run::args::TestType::*;
+use crate::run::args::FilterType::*;
 
 const CHUNK_MAX_BITS: u64 = 18;
 const ADDRESS_MIN_BITS: u64 = 3;
@@ -10,7 +11,7 @@ const ADDRESS_MIN_BITS: u64 = 3;
 #[derive(Debug, Copy, Clone)]
 pub struct BenchArgs {
     pub data_args: DataArgs,
-    pub bloom_filter_args: BloomFilterArgs,
+    pub bloom_filter_args: FilterArgs,
     pub scan_args: ScanArgs
 }
 
@@ -35,16 +36,17 @@ impl Display for DataArgs {
 }
 
 #[derive(Debug, Copy, Clone)]
-pub struct BloomFilterArgs {
+pub struct FilterArgs {
     pub test_type: TestType,
+    pub filter_type: FilterType,
     pub address_bits: u64,
     pub chunk_address_bits: u64,
-    pub hash_count: u64,
+    pub hash_count: Option<u64>,
 }
 
-impl Display for BloomFilterArgs {
+impl Display for FilterArgs {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-        write!(f, "BloomFilter(type: {}, address bits: {}, hashes: {})",self.test_type, self.address_bits, self.hash_count)
+        write!(f, "BloomFilter(type: {}, address bits: {}, hashes: {:?})",self.test_type, self.address_bits, self.hash_count)
     }
 }
 
@@ -80,7 +82,7 @@ impl BenchArgs {
         Self::bin_bin_path(self.data_args, self.bloom_filter_args)
     }
 
-    pub fn bin_bin_path(data_args: DataArgs, bloom_args: BloomFilterArgs) -> PathBuf {
+    pub fn bin_bin_path(data_args: DataArgs, bloom_args: FilterArgs) -> PathBuf {
         let mut path = PathBuf::new();
         path.push(BENCH_BASE_PATH);
         path.push(BENCH_BIN_PATH);
@@ -89,7 +91,7 @@ impl BenchArgs {
         return path;
     }
 
-    pub fn bin_log_path(data_args: DataArgs, bloom_args: BloomFilterArgs) -> PathBuf {
+    pub fn bin_log_path(data_args: DataArgs, bloom_args: FilterArgs) -> PathBuf {
         let mut path = PathBuf::new();
         path.push(BENCH_BASE_PATH);
         path.push(BENCH_LOG_PATH);
@@ -98,7 +100,7 @@ impl BenchArgs {
         return path;
     }
 
-    pub fn bin_wd_path(data_args: DataArgs, bloom_args: BloomFilterArgs) -> PathBuf {
+    pub fn bin_wd_path(data_args: DataArgs, bloom_args: FilterArgs) -> PathBuf {
         let mut path = PathBuf::new();
         path.push(BENCH_BASE_PATH);
         path.push(BENCH_DATA_PATH);
@@ -136,37 +138,66 @@ impl DataArgs {
     }
 }
 
-impl BloomFilterArgs {
-    pub fn from(data_args: DataArgs, test_type: TestType) -> BloomFilterArgs {
+impl FilterArgs {
+    pub fn from(data_args: DataArgs, test_type: TestType, filter_type: FilterType) -> FilterArgs {
         match test_type {
             Normal(false_hit_rate) | BpfStats(false_hit_rate) => {
-                let hash_count = (-false_hit_rate.log2()).round();
-                let size = (data_args.entries as f64) * (hash_count/ 2f64.ln());
-                let address_bits = size.log2().round() as u64;
-                let address_bits = ADDRESS_MIN_BITS.max(address_bits);
-                let chunk_address_bits = CHUNK_MAX_BITS.min(address_bits);
-
-                BloomFilterArgs {
-                    test_type,
-                    address_bits,
-                    chunk_address_bits,
-                    hash_count: hash_count as u64
+                match filter_type {
+                    Bloom => {
+                        let hash_count = (-false_hit_rate.log2()).round();
+                        let size = (data_args.entries as f64) * (hash_count/ 2f64.ln());
+                        let address_bits = size.log2().round() as u64;
+                        let address_bits = ADDRESS_MIN_BITS.max(address_bits);
+                        let chunk_address_bits = CHUNK_MAX_BITS.min(address_bits);
+
+                        FilterArgs {
+                            test_type,
+                            filter_type,
+                            address_bits,
+                            chunk_address_bits,
+                            hash_count: Some(hash_count as u64)
+                        }
+                    },
+                    Bitmap => {
+                        let address_bits = ADDRESS_MIN_BITS.max(data_args.scan_subnet_size);
+                        let chunk_address_bits = CHUNK_MAX_BITS.min(address_bits);
+
+                        FilterArgs {
+                            test_type,
+                            filter_type,
+                            address_bits,
+                            chunk_address_bits,
+                            hash_count: None
+                        }
+                    }
                 }
             }
-            Baseline | EmptyFilter => BloomFilterArgs {
+            Baseline => FilterArgs {
                 test_type,
+                filter_type,
                 address_bits: ADDRESS_MIN_BITS,
                 chunk_address_bits: ADDRESS_MIN_BITS,
-                hash_count: 0
+                hash_count: None
             },
         }
     }
 
     pub fn rel_path(&self) -> PathBuf {
-        match self.test_type {
-            BpfStats(_) => PathBuf::from(format!("{}-{}-bpf", self.address_bits, self.hash_count)),
-            Normal(_) | EmptyFilter => PathBuf::from(format!("{}-{}", self.address_bits, self.hash_count)),
-            Baseline => PathBuf::from("baseline"),
+        if let Baseline = self.test_type {
+            return PathBuf::from("baseline")
+        } else {
+            let mut name = self.address_bits.to_string();
+            match self.filter_type {
+                Bloom => {
+                    name.push_str("-bloom-");
+                    name.push_str(self.hash_count.unwrap().to_string().as_str());
+                },
+                Bitmap => name.push_str("-bitmap"),
+            }
+            if let BpfStats(_) = self.test_type {
+                name.push_str("-bpf")
+            }
+            return PathBuf::from(name);
         }
     }
 }
@@ -185,7 +216,7 @@ impl ScanArgs {
 
 #[derive(Debug, Copy, Clone)]
 pub enum TestType {
-    Baseline, EmptyFilter, BpfStats(f64), Normal(f64)
+    Baseline, BpfStats(f64), Normal(f64)
 }
 
 impl Display for TestType {
@@ -193,3 +224,14 @@ impl Display for TestType {
         write!(f, "{:?}", self)
     }
 }
+
+#[derive(Debug, Copy, Clone)]
+pub enum FilterType {
+    Bloom, Bitmap
+}
+
+impl Display for FilterType {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        write!(f, "{:?}", self)
+    }
+}

responder-common/src/lib.rs

@@ -1,12 +1,14 @@
 #![no_std]
 
-pub mod bloom_filter {
-    use konst::primitive::{parse_usize, parse_u32};
+pub mod filter {
+    use core::str::FromStr;
+
+    use konst::primitive::parse_usize;
     use konst::unwrap_ctx;
     use konst::option::unwrap_or;
 
-    pub const ADDRESS_BITS: usize = unwrap_ctx!(parse_usize(unwrap_or!(option_env!("BLOOMFILTER_ADDRESS_BITS"), "30"))); // default = 0x1E = 30
-    pub const BITS: usize = 1 << ADDRESS_BITS; // default = 0x40_000_000 = 128MB
+    pub const ADDRESS_BITS: usize = unwrap_ctx!(parse_usize(unwrap_or!(option_env!("FILTER_ADDRESS_BITS"), "32"))); // default = 32
+    pub const BITS: usize = 1 << ADDRESS_BITS; // default = 0x100_000_000 = 512MB
     pub const ADDRESS_MASK: usize = BITS - 1;
 
     pub const WORD_BITS: usize = 0x8; // 8
@@ -14,7 +16,7 @@ pub mod bloom_filter {
     pub const ADDRESS_BITS_WORD: usize = 0x3; // log_2(0x8)
     pub const ADDRESS_MASK_WORD: usize = WORD_BITS - 1; // 0x7
 
-    pub const ADDRESS_BITS_CHUNK: usize = unwrap_ctx!(parse_usize(unwrap_or!(option_env!("BLOOMFILTER_ADDRESS_BITS_CHUNK"), "18"))); // default = 0x12 = 18 = log_2(32KB)
+    pub const ADDRESS_BITS_CHUNK: usize = unwrap_ctx!(parse_usize(unwrap_or!(option_env!("FILTER_ADDRESS_BITS_CHUNK"), "18"))); // default = 0x12 = 18 = log_2(32KB)
     pub const CHUNK_BITS: usize = 1 << ADDRESS_BITS_CHUNK; // default = 0x40000  = 32KB (per-cpu map value size limit)
     pub const CHUNK_BYTES: usize = CHUNK_BITS >> 0x3;
     pub const CHUNK_SIZE: usize = CHUNK_BITS >> ADDRESS_BITS_WORD; // WORD_SIZE * CHUNK_SIZE = 32Kb
@@ -24,33 +26,36 @@ pub mod bloom_filter {
     pub const BUFFER_SIZE: usize = BITS >> ADDRESS_BITS_WORD; // 0x20_0000
     pub const MAP_SIZE: usize = BITS >> ADDRESS_BITS_CHUNK;
 
-    pub const HASH_COUNT: u32 = unwrap_ctx!(parse_u32(unwrap_or!(option_env!("BLOOMFILTER_HASH_COUNT"), "10")));
-    // Hashing based on jhash.h from kernel // TODO improve reference
-    const HASH_INITVAL: u32 = 0xdeadbeef;
-
-    #[inline(always)]
-    pub fn hash(key: u32, initial_value: u32) -> u32 {
-        let mut b = HASH_INITVAL.wrapping_add(initial_value);
-        let mut c = b;
-
-        let mut a = key.wrapping_add(b);
-
-        c ^= b;
-        c = c.wrapping_sub(b.rotate_left(14));
-        a ^= c;
-        a = a.wrapping_sub(c.rotate_left(11));
-        b ^= a;
-        b = b.wrapping_sub(a.rotate_left(25));
-        c ^= b;
-        c = c.wrapping_sub(b.rotate_left(16));
-        a ^= c;
-        a = a.wrapping_sub(c.rotate_left(4));
-        b ^= a;
-        b = b.wrapping_sub(a.rotate_left(14));
-        c ^= b;
-        c = c.wrapping_sub(b.rotate_left(24));
-
-        return c & ADDRESS_MASK as u32;
+    pub mod bloom_filter {
+        use konst::{unwrap_ctx, primitive::parse_u32, option::unwrap_or};
+
+        pub const HASH_COUNT: u32 = unwrap_ctx!(parse_u32(unwrap_or!(option_env!("BLOOMFILTER_HASH_COUNT"), "10")));
+        // Hashing based on jhash.h from kernel // TODO improve reference
+        const HASH_INITVAL: u32 = 0xdeadbeef;
+
+        #[inline(always)]
+        pub fn hash(key: u32, initial_value: u32) -> u32 {
+            let mut b = HASH_INITVAL.wrapping_add(initial_value);
+            let mut c = b;
+
+            let mut a = key.wrapping_add(b);
+
+            c ^= b;
+            c = c.wrapping_sub(b.rotate_left(14));
+            a ^= c;
+            a = a.wrapping_sub(c.rotate_left(11));
+            b ^= a;
+            b = b.wrapping_sub(a.rotate_left(25));
+            c ^= b;
+            c = c.wrapping_sub(b.rotate_left(16));
+            a ^= c;
+            a = a.wrapping_sub(c.rotate_left(4));
+            b ^= a;
+            b = b.wrapping_sub(a.rotate_left(14));
+            c ^= b;
+            c = c.wrapping_sub(b.rotate_left(24));
+
+            return c & super::ADDRESS_MASK as u32;
+        }
     }
 }
-

responder-ebpf/src/bin/syn-bitmap.rs

@@ -0,0 +1,125 @@
+#![no_std]
+#![no_main]
+
+use aya_bpf::{
+    bindings::xdp_action,
+    macros::{map, xdp},
+    maps::Array,
+    programs::XdpContext,
+};
+
+use responder_ebpf::util::*;
+use responder_ebpf::bindings::tcphdr;
+use responder_common::*;
+
+use core::mem;
+
+const TCP_HDR_LEN: usize = mem::size_of::<tcphdr>();
+const IPPROTO_TCP: u8 = 0x06;
+
+
+#[inline(always)]
+fn parse_tcphdr(ctx: &XdpContext, cursor: &mut usize) -> Option<*mut tcphdr> {
+    let tcp = ptr_at_mut::<tcphdr>(&ctx, *cursor);
+    if tcp.is_some() {
+        *cursor += TCP_HDR_LEN;
+    }
+    tcp
+}
+
+#[xdp(name="responder")]
+pub fn responder(ctx: XdpContext) -> u32 {
+    match try_responder(ctx) {
+        Ok(ret) => ret,
+        Err(_) => xdp_action::XDP_ABORTED,
+    }
+}
+
+#[inline(always)]
+unsafe fn bounce_tcp(_ctx: &XdpContext, tcp: *mut tcphdr) {
+    mem::swap(&mut (*tcp).source, &mut (*tcp).dest);
+    mem::swap(&mut (*tcp).ack_seq, &mut (*tcp).seq); // Swap to keep checksum the same as much as possible
+    let (ack_seq, o) = u32::from_be((*tcp).ack_seq).overflowing_add(1); // If overflow: 1's complement sum is unchanged
+    (*tcp).ack_seq = u32::to_be(ack_seq);
+    (*tcp).set_ack(1);
+    (*tcp).check = !(ones_complement_add_u16(!(*tcp).check, (!o as u16) + (1 << 4)));
+}
+
+#[map(name = "FILTER_MAP")]
+static FILTER_MAP: Array<filter::ChunkType> =
+    Array::<filter::ChunkType>::with_max_entries(filter::MAP_SIZE as u32, 0);
+
+#[inline(always)]
+unsafe fn matches_filter(_ctx: &XdpContext, daddr: IpAddr) -> bool {
+    match daddr {
+        IpAddr::V4(daddr) => {
+            let key = daddr & filter::ADDRESS_MASK as u32;
+            let map_i = key >> (filter::ADDRESS_BITS_CHUNK as u32);
+            let chunk_i = key & (filter::ADDRESS_MASK_CHUNK as u32);
+            // info!(ctx, "{:ipv4} {} {} {}",daddr, hash, map_i, chunk_i);
+            if let Some(chunk) = FILTER_MAP.get(map_i as u32) {
+                let word_i = chunk_i & (filter::ADDRESS_MASK_WORD as u32);
+                let chunk_i = (chunk_i as usize) >> filter::ADDRESS_BITS_WORD;
+                // info!(ctx, "{} [{}]", word_i, b[chunk_i]);
+                let word = chunk[chunk_i];
+                return (word >> (filter::ADDRESS_MASK_WORD as u32 - word_i)) & 1 == 1
+            } else {
+                return false
+            };
+                    }
+        IpAddr::V6(_daddr) => {
+            return false // TODO
+        }
+    }
+}
+
+fn try_responder(ctx: XdpContext) -> Result<xdp_action::Type, xdp_action::Type> {
+    let mut hdr_cursor = 0usize;
+
+    let (eth, ip) = unsafe {
+        parse_routing(&ctx, &mut hdr_cursor)
+            .ok_or(xdp_action::XDP_PASS)?
+    };
+
+    let protocol = unsafe { l3_get_protocol(&ip) };
+    let daddr = unsafe { l3_get_daddr(&ip) };
+
+    if is_local(daddr) {
+        // info!(&ctx, "local: pass");
+        return Ok(xdp_action::XDP_PASS);
+    }
+
+    if unsafe { !matches_filter(&ctx, daddr) } {
+        return Ok(xdp_action::XDP_DROP);
+    }
+
+    if protocol != IPPROTO_TCP {
+        return Ok(xdp_action::XDP_PASS);
+    }
+
+    let tcp = parse_tcphdr(&ctx, &mut hdr_cursor).ok_or(xdp_action::XDP_PASS)?;
+    let tcp_syn = unsafe { (*tcp).syn() };
+    let tcp_ack = unsafe { (*tcp).ack() };
+
+    // match daddr {
+    //     IpAddr::V4(ip) => info!(&ctx, "Received packet with matching daddr: {:ipv4}", ip),
+    //     IpAddr::V6(ip) => unsafe { info!(&ctx, "Received packet with matching daddr: {:ipv6}", ip.in6_u.u6_addr8) }
+    // }
+    // info!(&ctx, "and tcp with syn: {}, ack: {}", tcp_syn, tcp_ack);
+
+    if tcp_syn == 0 || tcp_ack != 0 {
+        return Ok(xdp_action::XDP_PASS);
+    }
+
+    unsafe {
+        bounce_routing(&ctx,eth, ip);
+        bounce_tcp(&ctx, tcp);
+    }
+
+    Ok(xdp_action::XDP_PASS)
+}
+
+#[panic_handler]
+fn panic(_info: &core::panic::PanicInfo) -> ! {
+    unsafe { core::hint::unreachable_unchecked() }
+}

responder-ebpf/src/bin/syn.rs → responder-ebpf/src/bin/syn-bloom.rs

@@ -10,7 +10,8 @@ use aya_bpf::{
 
 use responder_ebpf::util::*;
 use responder_ebpf::bindings::tcphdr;
-use responder_common::*;
+use responder_common::filter;
+use responder_common::filter::bloom_filter;
 
 use core::mem;
 
@@ -46,8 +47,8 @@ unsafe fn bounce_tcp(_ctx: &XdpContext, tcp: *mut tcphdr) {
 }
 
 #[map(name = "FILTER_MAP")]
-static FILTER_MAP: Array<bloom_filter::ChunkType> =
-    Array::<bloom_filter::ChunkType>::with_max_entries(bloom_filter::MAP_SIZE as u32, 0);
+static FILTER_MAP: Array<filter::ChunkType> =
+    Array::<filter::ChunkType>::with_max_entries(filter::MAP_SIZE as u32, 0);
 
 #[inline(always)]
 unsafe fn matches_filter(_ctx: &XdpContext, daddr: IpAddr) -> bool {
@@ -57,14 +58,14 @@ unsafe fn matches_filter(_ctx: &XdpContext, daddr: IpAddr) -> bool {
             for hash_offset in 0..bloom_filter::HASH_COUNT {
                 res = true;
                 let hash = bloom_filter::hash(daddr, hash_offset);
-                let map_i = hash >> (bloom_filter::ADDRESS_BITS_CHUNK as u32);
-                let chunk_i = hash & (bloom_filter::ADDRESS_MASK_CHUNK as u32);
+                let map_i = hash >> (filter::ADDRESS_BITS_CHUNK as u32);
+                let chunk_i = hash & (filter::ADDRESS_MASK_CHUNK as u32);
                 // info!(ctx, "{:ipv4} {} {} {}",daddr, hash, map_i, chunk_i);
                 let test = if let Some(b) = FILTER_MAP.get(map_i as u32) {
-                    let word_i = chunk_i & (bloom_filter::ADDRESS_MASK_WORD as u32);
-                    let chunk_i = (chunk_i as usize) >> bloom_filter::ADDRESS_BITS_WORD;
+                    let word_i = chunk_i & (filter::ADDRESS_MASK_WORD as u32);
+                    let chunk_i = (chunk_i as usize) >> filter::ADDRESS_BITS_WORD;
                     // info!(ctx, "{} [{}]", word_i, b[chunk_i]);
-                    (b[chunk_i] >> (bloom_filter::ADDRESS_MASK_WORD as u32 - word_i)) & 1 == 1
+                    (b[chunk_i] >> (filter::ADDRESS_MASK_WORD as u32 - word_i)) & 1 == 1
                 } else {
                     false
                 };

responder-tools/src/bin/build_filter.rs

@@ -3,10 +3,12 @@ use std::{path::PathBuf, time::Instant, net::Ipv4Addr, fs::File, io::{Write, Buf
 use anyhow::anyhow;
 use clap::Parser;
 use log::info;
-use responder_common::bloom_filter;
+use responder_common::filter;
+use responder_common::filter::bloom_filter;
 
 #[derive(Debug, Parser)]
 struct Options {
+    pub filter_type: String,
     pub ip_path: PathBuf,
     pub out_path: Option<PathBuf>,
     #[clap(short, long)]
@@ -23,9 +25,15 @@ fn main() -> Result<(), anyhow::Error> {
 }
 
 fn build_filter(opts: Options) -> Result<(), anyhow::Error> {
+    let ext_suff = match opts.filter_type.as_str() {
+        "bloom" => ".bfb",
+        "bitmap" => ".fb",
+        _ => return Err(anyhow!("Expected filter type 'bloom' or 'bitmap', got {}", opts.filter_type))
+    };
+
     let out_path = opts.out_path.unwrap_or_else(|| {
         let mut ext = opts.ip_path.extension().unwrap_or_default().to_os_string();
-        ext.push(".bfb");
+        ext.push(ext_suff);
         opts.ip_path.with_extension(ext)
     });
 
@@ -39,11 +47,42 @@ fn build_filter(opts: Options) -> Result<(), anyhow::Error> {
 
     let start = Instant::now();
 
+
+    let filter = start.elapsed();
+
+    let mut file = File::create(out_path)?;
+    file.write(&(filter::ADDRESS_BITS as u64).to_be_bytes())?;
+    file.write(&(filter::ADDRESS_BITS_CHUNK as u64).to_be_bytes())?;
+
+    let filter_vec = match opts.filter_type.as_str() {
+        "bloom" => {
+            file.write(&(bloom_filter::HASH_COUNT as u64).to_be_bytes())?;
+            build_bloom_filter(opts.ip_path)
+        }
+        "bitmap" => build_bitmap_filter(opts.ip_path),
+        _ => Err(anyhow!("Expected 'bloom' or 'bitmap' filtertype, got {}", opts.filter_type))
+    }?;
+
+    let byte_slice: &[u8] = filter_vec.as_slice();
+    file.write_all(byte_slice)?;
+
+    let end = start.elapsed();
+
+    info!("build filter: {:?} write: {:?} | total: {:?}", filter, end-filter, end);
+
+    if let Some(path) = opts.timing_path {
+        File::create(path)?.write_all(format!("{{\"write\": {}, \"build\": {}}}\n",(end-filter).as_nanos(), filter.as_nanos()).as_bytes())?;
+    }
+
+    Ok(())
+}
+
+fn build_bloom_filter(ip_path: PathBuf) -> anyhow::Result<Vec<u8>> {
     // let mut addresses = Vec::new();
-    let mut bloom_filter_vec: Vec<u8> = Vec::with_capacity(bloom_filter::BITS>>3);
-    bloom_filter_vec.resize(bloom_filter::BITS >> 3, 0);
+    let mut bloom_filter_vec: Vec<u8> = Vec::with_capacity(filter::BITS>>3);
+    bloom_filter_vec.resize(filter::BITS >> 3, 0);
 
-    let f = File::open(opts.ip_path)?;
+    let f = File::open(ip_path)?;
     let reader = BufReader::new(f);
     let mut clash_count = 0;
     for (i, line) in reader.lines().enumerate() {
@@ -68,24 +107,29 @@ fn build_filter(opts: Options) -> Result<(), anyhow::Error> {
         }
     }
     info!("clash count: {}", clash_count);
+    return Ok(bloom_filter_vec);
+}
 
-    let filter = start.elapsed();
-
-    let mut file = File::create(out_path)?;
-    file.write(&(bloom_filter::ADDRESS_BITS as u64).to_be_bytes())?;
-    file.write(&(bloom_filter::ADDRESS_BITS_CHUNK as u64).to_be_bytes())?;
-
-
-    let byte_slice: &[u8] = bloom_filter_vec.as_slice();
-    file.write_all(byte_slice)?;
+fn build_bitmap_filter(ip_path: PathBuf) -> anyhow::Result<Vec<u8>> {
+    let mut filter_vec: Vec<u8> = Vec::with_capacity(filter::BITS>>3);
+    filter_vec.resize(filter::BITS >> 3, 0);
 
-    let end = start.elapsed();
-
-    info!("build filter: {:?} write: {:?} | total: {:?}", filter, end-filter, end);
+    let f = File::open(ip_path)?;
+    let reader = BufReader::new(f);
 
-    if let Some(path) = opts.timing_path {
-        File::create(path)?.write_all(format!("{{\"write\": {}, \"build\": {}}}\n",(end-filter).as_nanos(), filter.as_nanos()).as_bytes())?;
+    for (i, line) in reader.lines().enumerate() {
+        if i % 1_000_000 == 0{
+            info!("processed {}M ips",i / 1_000_000);
+        }
+        let line = line?;
+        let key = u32::from(line.parse::<Ipv4Addr>()?);
+        let key = key & (filter::ADDRESS_MASK as u32);
+        // addresses.push(key);
+        let i = key >> 3;
+        let byte_i = key & 7;
+        // info!("{} {} {} {}", line, hash, i, byte_i);
+        filter_vec[i as usize] |= 0x80 >> byte_i;
     }
 
-    Ok(())
+    return Ok(filter_vec);
 }

responder/src/main.rs

@@ -7,8 +7,8 @@ use aya_log::BpfLogger;
 use clap::Parser;
 use env_logger::Env;
 use log::{info, warn};
-use tokio::signal;
-use responder_common::bloom_filter;
+use responder_common::filter;
+use responder_common::filter::bloom_filter;
 
 #[cfg(all(debug_assertions, not(feature = "default_artifact_build")))]
 const DEFAULT_TARGET: &str = "target/bpfel-unknown-none/debug";
@@ -25,8 +25,10 @@ struct Opt {
     iface: String,
     #[clap(short, long, default_value = "syn")]
     scan_type: String,
+    #[clap(short, long, default_value = "bitmap")]
+    filter_type: String,
     #[clap(short, long)]
-    bfb: Option<String>,
+    filter_path: PathBuf,
     #[clap(default_value = DEFAULT_TARGET, long)]
     target: PathBuf,
     #[clap(short, long)]
@@ -43,7 +45,7 @@ async fn main() -> Result<(), anyhow::Error> {
     let mut bpf_path = PathBuf::new();
     bpf_path.push(opt.target);
 
-    let xdp_name = opt.scan_type;
+    let xdp_name = format!("{}-{}", opt.scan_type, opt.filter_type);
     bpf_path.push(xdp_name.clone());
 
     let mut bpf = Bpf::load_file(bpf_path)?;
@@ -72,53 +74,62 @@ This can happen if the loaded eBPF program has no log statements.", e);
         File::create(path)?.write_all(info.as_bytes())?;
     }
 
-    if let Some(bfb_path) = opt.bfb {
-        info!("Installing filter rules from {}", bfb_path);
-        let mut filter_map: BpfArray<_, [u8; bloom_filter::CHUNK_BYTES]> =
-            BpfArray::try_from(bpf.map_mut("FILTER_MAP")
-                               .ok_or(anyhow!("Could not construct mutable FILTER_MAP"))?)?;
-        let mut bloom_filter_binary = File::open(bfb_path)?;
-        let mut dimensions_buf: [u8; 8] = [0u8; 8];
-
-        bloom_filter_binary.read_exact(&mut dimensions_buf)?;
-        let file_address_bits = u64::from_be_bytes(dimensions_buf);
-        if file_address_bits != (bloom_filter::ADDRESS_BITS as u64) {
-            return Err(anyhow!(
-                "Filter dimension ADDRESS_BITS does not match binary. Please rebuild the filter or recompile the binaries\n\tFile:\t{}\n\tBinary:\t{}",
-                file_address_bits, bloom_filter::ADDRESS_BITS
-            ));
-        }
+    info!("Installing filter rules from {:?}", opt.filter_path);
+    let mut filter_map: BpfArray<_, [u8; filter::CHUNK_BYTES]> =
+        BpfArray::try_from(bpf.map_mut("FILTER_MAP")
+                           .ok_or(anyhow!("Could not construct mutable FILTER_MAP"))?)?;
+    let mut filter_binary = File::open(opt.filter_path)?;
+    let mut dimensions_buf: [u8; 8] = [0u8; 8];
+
+    filter_binary.read_exact(&mut dimensions_buf)?;
+    let file_address_bits = u64::from_be_bytes(dimensions_buf);
+    if file_address_bits != (filter::ADDRESS_BITS as u64) {
+        return Err(anyhow!(
+            "Filter dimension ADDRESS_BITS does not match binary. Please rebuild the filter or recompile the binaries\n\tFile:\t{}\n\tBinary:\t{}",
+            file_address_bits, filter::ADDRESS_BITS
+        ));
+    }
+
+    filter_binary.read_exact(&mut dimensions_buf)?;
+    let file_address_bits_chunk = u64::from_be_bytes(dimensions_buf);
+    if file_address_bits_chunk != (filter::ADDRESS_BITS_CHUNK as u64) {
+        return Err(anyhow!(
+            "Filter dimension ADDRESS_BITS_CHUNK does not match binary. Please rebuild the filter or recompile the binaries\n\tFile:\t{}\n\tBinary:\t{}",
+            file_address_bits_chunk, filter::ADDRESS_BITS_CHUNK
+        ));
+    }
 
-        bloom_filter_binary.read_exact(&mut dimensions_buf)?;
-        let file_address_bits_chunk = u64::from_be_bytes(dimensions_buf);
-        if file_address_bits_chunk != (bloom_filter::ADDRESS_BITS_CHUNK as u64) {
+    if opt.filter_type == "bloom" {
+        filter_binary.read_exact(&mut dimensions_buf)?;
+        let file_hash_count = u64::from_be_bytes(dimensions_buf);
+        if file_hash_count != (bloom_filter::HASH_COUNT as u64) {
             return Err(anyhow!(
-                "Filter dimension ADDRESS_BITS_CHUNK does not match binary. Please rebuild the filter or recompile the binaries\n\tFile:\t{}\n\tBinary:\t{}",
-                file_address_bits_chunk, bloom_filter::ADDRESS_BITS_CHUNK
+                "Filter dimension HASH_COUNT does not match binary. Please rebuild the filter or recompile the binaries\n\tFile:\t{}\n\tBinary:\t{}",
+                file_hash_count, bloom_filter::HASH_COUNT
             ));
         }
+    }
 
-        let mut chunk = [0 as u8; bloom_filter::CHUNK_BYTES];
-
-        let mut i = 0;
-        loop {
-            let read = bloom_filter_binary.read(&mut chunk)?;
-            if read > 0 {
-                filter_map.set(i, chunk, 0)?;
-                i += 1;
-            }
+    let mut chunk = [0 as u8; filter::CHUNK_BYTES];
 
-            if read < bloom_filter::CHUNK_BYTES {
-                break;
-            }
+    let mut i = 0;
+    loop {
+        let read = filter_binary.read(&mut chunk)?;
+        if read > 0 {
+            filter_map.set(i, chunk, 0)?;
+            i += 1;
         }
-        if (i as usize) != bloom_filter::MAP_SIZE {
-            return Err(anyhow!(
-                "Number of chunks in file ({}) do not match expected number ({})",
-                i, bloom_filter::MAP_SIZE
-            ))
+
+        if read < filter::CHUNK_BYTES {
+            break;
         }
-    };
+    }
+    if (i as usize) != filter::MAP_SIZE {
+        return Err(anyhow!(
+            "Number of chunks in file ({}) do not match expected number ({})",
+            i, filter::MAP_SIZE
+        ))
+    }
 
     info!("Loading XDP program took {:?}", start.elapsed());
     println!("press any key to exit");