I have many years of creating IP session tracking software In C and C++ for a variety of embedded and kernel environments and for a variety of applications, including NAT, firewalling, IDS/IPS, and fingerprinting. I created a highly portable codebase in C++ for such applications which has been deployed in commercial applications and product prototypes, including routers, fiber-to-the-home (FTTH) hardware, wireless aplication servers, Android mobile phones products, and more.
The C++ codebase has been designed to be safe in mission critical applications with highly customizable and OS kernel-focused memory allocation, safely exploiting multiprocessing environments, and designed for extremely low latency, excellent session creation and expiration performance, and extremely high throughput.
For portability and performance reasons, no libraries are used, including the C++ Std library.
I am experimenting with implementing the core of the software in Rust without compromise to the key features of Rust (e.g. Ownership).
To maximize the safety and performance of the code, a session object is allocated that contains all of the elements necessary to insert the session objects into hashtables, active session lists, and freelists. Session objects are of fixed size and no other dynamic memory allocations are necessary (or allowed). Nodes necessary for insertion into hashtable "chains" the active list, and the freelist are within the session object. Session expiration is performed as a dynamically tunable incremental traversal of the active sesion objects. RW locking is used with extreme care for maximum performance. Lock acquisition and release is tracked for recovery ane reporting.
The essence of the apporach is do "design-out" potential mistakes and, intentionally, design the code, as a very high priority, to be deeply testable.