2024-04-16 18:34:41 +08:00
|
|
|
#include <time.h>
|
2023-12-13 19:20:34 +08:00
|
|
|
#include <stdlib.h>
|
|
|
|
|
#include <assert.h>
|
|
|
|
|
|
2024-04-22 20:01:15 +08:00
|
|
|
#include "macro.h"
|
2024-05-16 10:13:43 +08:00
|
|
|
#include "times.h"
|
2024-03-14 10:56:09 +08:00
|
|
|
#include "tcp_utils.h"
|
|
|
|
|
#include "udp_utils.h"
|
|
|
|
|
#include "id_generator.h"
|
2023-12-13 19:20:34 +08:00
|
|
|
#include "session_pool.h"
|
|
|
|
|
#include "session_table.h"
|
|
|
|
|
#include "session_timer.h"
|
2024-01-17 11:47:55 +08:00
|
|
|
#include "session_manager.h"
|
2024-03-14 10:56:09 +08:00
|
|
|
#include "session_transition.h"
|
2024-03-09 19:28:14 +08:00
|
|
|
#include "evicted_session_filter.h"
|
2024-03-14 10:56:09 +08:00
|
|
|
#include "duplicated_packet_filter.h"
|
2023-12-13 19:20:34 +08:00
|
|
|
|
|
|
|
|
struct session_manager
|
|
|
|
|
{
|
2024-04-08 11:28:45 +08:00
|
|
|
struct list_head evicte_queue;
|
2023-12-13 19:20:34 +08:00
|
|
|
struct session_pool *sess_pool;
|
2024-04-08 11:28:45 +08:00
|
|
|
struct session_timer *sess_timer;
|
2024-01-17 11:47:55 +08:00
|
|
|
struct session_table *tcp_sess_table;
|
|
|
|
|
struct session_table *udp_sess_table;
|
|
|
|
|
|
2024-03-14 10:56:09 +08:00
|
|
|
struct duplicated_packet_filter *dup_pkt_filter;
|
|
|
|
|
struct evicted_session_filter *evicte_sess_filter;
|
2024-01-17 11:47:55 +08:00
|
|
|
|
2024-03-11 15:04:18 +08:00
|
|
|
struct session_manager_stat stat;
|
2024-04-08 11:28:45 +08:00
|
|
|
struct session_manager_options opts;
|
2024-03-09 19:28:14 +08:00
|
|
|
};
|
|
|
|
|
|
2024-03-14 10:56:09 +08:00
|
|
|
#define EVICTE_SESSION_BURST (RX_BURST_MAX)
|
2024-01-23 14:30:46 +08:00
|
|
|
|
2024-04-09 10:36:39 +08:00
|
|
|
/******************************************************************************
|
2024-04-09 15:07:53 +08:00
|
|
|
* Session Manager Stat
|
2024-04-09 10:36:39 +08:00
|
|
|
******************************************************************************/
|
|
|
|
|
|
2024-04-30 17:03:36 +08:00
|
|
|
#define SESS_MGR_STAT_INC(stat, state, proto) \
|
|
|
|
|
{ \
|
|
|
|
|
switch ((state)) \
|
|
|
|
|
{ \
|
|
|
|
|
case SESSION_STATE_OPENING: \
|
|
|
|
|
(stat)->curr_nr_##proto##_sess_opening++; \
|
|
|
|
|
break; \
|
|
|
|
|
case SESSION_STATE_ACTIVE: \
|
|
|
|
|
(stat)->curr_nr_##proto##_sess_active++; \
|
|
|
|
|
break; \
|
|
|
|
|
case SESSION_STATE_CLOSING: \
|
|
|
|
|
(stat)->curr_nr_##proto##_sess_closing++; \
|
|
|
|
|
break; \
|
|
|
|
|
case SESSION_STATE_DISCARD: \
|
|
|
|
|
(stat)->curr_nr_##proto##_sess_discard++; \
|
|
|
|
|
break; \
|
|
|
|
|
case SESSION_STATE_CLOSED: \
|
|
|
|
|
(stat)->curr_nr_##proto##_sess_closed++; \
|
|
|
|
|
break; \
|
|
|
|
|
default: \
|
|
|
|
|
break; \
|
|
|
|
|
} \
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#define SESS_MGR_STAT_DEC(stat, state, proto) \
|
|
|
|
|
{ \
|
|
|
|
|
switch ((state)) \
|
|
|
|
|
{ \
|
|
|
|
|
case SESSION_STATE_OPENING: \
|
|
|
|
|
(stat)->curr_nr_##proto##_sess_opening--; \
|
|
|
|
|
break; \
|
|
|
|
|
case SESSION_STATE_ACTIVE: \
|
|
|
|
|
(stat)->curr_nr_##proto##_sess_active--; \
|
|
|
|
|
break; \
|
|
|
|
|
case SESSION_STATE_CLOSING: \
|
|
|
|
|
(stat)->curr_nr_##proto##_sess_closing--; \
|
|
|
|
|
break; \
|
|
|
|
|
case SESSION_STATE_DISCARD: \
|
|
|
|
|
(stat)->curr_nr_##proto##_sess_discard--; \
|
|
|
|
|
break; \
|
|
|
|
|
case SESSION_STATE_CLOSED: \
|
|
|
|
|
(stat)->curr_nr_##proto##_sess_closed--; \
|
|
|
|
|
break; \
|
|
|
|
|
default: \
|
|
|
|
|
break; \
|
|
|
|
|
} \
|
2024-04-09 15:07:53 +08:00
|
|
|
}
|
2024-04-09 10:36:39 +08:00
|
|
|
|
2024-04-09 15:07:53 +08:00
|
|
|
#define SESS_MGR_STAT_UPDATE(stat, curr, next, proto) \
|
|
|
|
|
{ \
|
|
|
|
|
if (curr != next) \
|
|
|
|
|
{ \
|
|
|
|
|
SESS_MGR_STAT_DEC(stat, curr, proto); \
|
|
|
|
|
SESS_MGR_STAT_INC(stat, next, proto); \
|
|
|
|
|
} \
|
|
|
|
|
}
|
2024-04-09 10:36:39 +08:00
|
|
|
|
|
|
|
|
/******************************************************************************
|
2024-04-09 15:07:53 +08:00
|
|
|
* Session Manager Options
|
2024-04-09 10:36:39 +08:00
|
|
|
******************************************************************************/
|
|
|
|
|
|
2024-04-08 12:10:25 +08:00
|
|
|
static int check_options(const struct session_manager_options *opts)
|
2024-03-29 16:32:16 +08:00
|
|
|
{
|
|
|
|
|
if (opts == NULL)
|
2024-01-17 11:47:55 +08:00
|
|
|
{
|
2024-03-29 16:32:16 +08:00
|
|
|
SESSION_LOG_ERROR("invalid options");
|
2024-01-17 11:47:55 +08:00
|
|
|
return -1;
|
|
|
|
|
}
|
2024-03-29 16:32:16 +08:00
|
|
|
|
2024-04-08 11:28:45 +08:00
|
|
|
// max session number
|
2024-04-03 18:59:46 +08:00
|
|
|
if (opts->max_tcp_session_num < EVICTE_SESSION_BURST * 2)
|
|
|
|
|
{
|
|
|
|
|
SESSION_LOG_ERROR("invalid max_tcp_session_num: %lu, supported range: [%u, %lu]", opts->max_tcp_session_num, EVICTE_SESSION_BURST * 2, UINT64_MAX);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
if (opts->max_udp_session_num < EVICTE_SESSION_BURST * 2)
|
|
|
|
|
{
|
|
|
|
|
SESSION_LOG_ERROR("invalid max_udp_session_num: %lu, supported range: [%u, %lu]", opts->max_udp_session_num, EVICTE_SESSION_BURST * 2, UINT64_MAX);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
2024-04-08 11:28:45 +08:00
|
|
|
|
|
|
|
|
// session overload (skip)
|
|
|
|
|
|
|
|
|
|
// TCP timeout
|
2024-03-29 16:32:16 +08:00
|
|
|
if (opts->tcp_init_timeout < 1 || opts->tcp_init_timeout > 60000)
|
2024-01-17 11:47:55 +08:00
|
|
|
{
|
2024-03-29 16:32:16 +08:00
|
|
|
SESSION_LOG_ERROR("invalid tcp_init_timeout: %lu, supported range: [1, 60000]", opts->tcp_init_timeout);
|
2024-01-17 11:47:55 +08:00
|
|
|
return -1;
|
|
|
|
|
}
|
2024-03-29 16:32:16 +08:00
|
|
|
if (opts->tcp_handshake_timeout < 1 || opts->tcp_handshake_timeout > 60000)
|
2024-01-17 11:47:55 +08:00
|
|
|
{
|
2024-03-29 16:32:16 +08:00
|
|
|
SESSION_LOG_ERROR("invalid tcp_handshake_timeout: %lu, supported range: [1, 60000]", opts->tcp_handshake_timeout);
|
2024-01-17 11:47:55 +08:00
|
|
|
return -1;
|
|
|
|
|
}
|
2024-03-29 16:32:16 +08:00
|
|
|
if (opts->tcp_data_timeout < 1 || opts->tcp_data_timeout > 15999999000)
|
2024-01-23 14:30:46 +08:00
|
|
|
{
|
2024-03-29 16:32:16 +08:00
|
|
|
SESSION_LOG_ERROR("invalid tcp_data_timeout: %lu, supported range: [1, 15999999000]", opts->tcp_data_timeout);
|
2024-01-23 14:30:46 +08:00
|
|
|
return -1;
|
|
|
|
|
}
|
2024-03-29 16:32:16 +08:00
|
|
|
if (opts->tcp_half_closed_timeout < 1 || opts->tcp_half_closed_timeout > 604800000)
|
2024-01-17 11:47:55 +08:00
|
|
|
{
|
2024-03-29 16:32:16 +08:00
|
|
|
SESSION_LOG_ERROR("invalid tcp_half_closed_timeout: %lu, supported range: [1, 604800000]", opts->tcp_half_closed_timeout);
|
2024-01-17 11:47:55 +08:00
|
|
|
return -1;
|
|
|
|
|
}
|
2024-03-29 16:32:16 +08:00
|
|
|
if (opts->tcp_time_wait_timeout < 1 || opts->tcp_time_wait_timeout > 600000)
|
2024-01-17 11:47:55 +08:00
|
|
|
{
|
2024-03-29 16:32:16 +08:00
|
|
|
SESSION_LOG_ERROR("invalid tcp_time_wait_timeout: %lu, supported range: [1, 600000]", opts->tcp_time_wait_timeout);
|
2024-01-17 11:47:55 +08:00
|
|
|
return -1;
|
|
|
|
|
}
|
2024-03-29 16:32:16 +08:00
|
|
|
if (opts->tcp_discard_timeout < 1 || opts->tcp_discard_timeout > 15999999000)
|
2024-01-17 11:47:55 +08:00
|
|
|
{
|
2024-03-29 16:32:16 +08:00
|
|
|
SESSION_LOG_ERROR("invalid tcp_discard_timeout: %lu, supported range: [1, 15999999000]", opts->tcp_discard_timeout);
|
2024-01-17 11:47:55 +08:00
|
|
|
return -1;
|
|
|
|
|
}
|
2024-03-29 16:32:16 +08:00
|
|
|
if (opts->tcp_unverified_rst_timeout < 1 || opts->tcp_unverified_rst_timeout > 600000)
|
2024-01-17 11:47:55 +08:00
|
|
|
{
|
2024-03-29 16:32:16 +08:00
|
|
|
SESSION_LOG_ERROR("invalid tcp_unverified_rst_timeout: %lu, supported range: [1, 600000]", opts->tcp_unverified_rst_timeout);
|
2024-01-17 11:47:55 +08:00
|
|
|
return -1;
|
|
|
|
|
}
|
2024-04-08 11:28:45 +08:00
|
|
|
// UDP timeout
|
2024-03-29 16:32:16 +08:00
|
|
|
if (opts->udp_data_timeout < 1 || opts->udp_data_timeout > 15999999000)
|
2024-03-26 15:09:03 +08:00
|
|
|
{
|
2024-03-29 16:32:16 +08:00
|
|
|
SESSION_LOG_ERROR("invalid udp_data_timeout: %lu, supported range: [1, 15999999000]", opts->udp_data_timeout);
|
2024-03-26 15:09:03 +08:00
|
|
|
return -1;
|
|
|
|
|
}
|
2024-01-17 11:47:55 +08:00
|
|
|
|
2024-04-08 11:28:45 +08:00
|
|
|
// duplicate packet filter
|
|
|
|
|
if (opts->duplicated_packet_filter_enable)
|
|
|
|
|
{
|
|
|
|
|
if (opts->duplicated_packet_filter_capacity == 0)
|
|
|
|
|
{
|
|
|
|
|
// UINT32_MAX = 4294967295
|
|
|
|
|
SESSION_LOG_ERROR("invalid duplicated_packet_filter_capacity: %u, supported range: [1, 4294967295]", opts->duplicated_packet_filter_capacity);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
if (opts->duplicated_packet_filter_timeout < 1 || opts->duplicated_packet_filter_timeout > 60000)
|
|
|
|
|
{
|
|
|
|
|
SESSION_LOG_ERROR("invalid duplicated_packet_filter_timeout: %u, supported range: [1, 60000]", opts->duplicated_packet_filter_timeout);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
if (opts->duplicated_packet_filter_error_rate < 0.0 || opts->duplicated_packet_filter_error_rate > 1.0)
|
|
|
|
|
{
|
|
|
|
|
SESSION_LOG_ERROR("invalid duplicated_packet_filter_error_rate: %f, supported range: [0.0, 1.0]", opts->duplicated_packet_filter_error_rate);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// evicted session filter
|
|
|
|
|
if (opts->evicted_session_filter_enable)
|
|
|
|
|
{
|
|
|
|
|
if (opts->evicted_session_filter_capacity == 0)
|
|
|
|
|
{
|
|
|
|
|
// UINT32_MAX = 4294967295
|
|
|
|
|
SESSION_LOG_ERROR("invalid evicted_session_filter_capacity: %u, supported range: [1, 4294967295]", opts->evicted_session_filter_capacity);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
if (opts->evicted_session_filter_timeout < 1 || opts->evicted_session_filter_timeout > 60000)
|
|
|
|
|
{
|
|
|
|
|
SESSION_LOG_ERROR("invalid evicted_session_filter_timeout: %u, supported range: [1, 60000]", opts->evicted_session_filter_timeout);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
if (opts->evicted_session_filter_error_rate < 0.0 || opts->evicted_session_filter_error_rate > 1.0)
|
|
|
|
|
{
|
|
|
|
|
SESSION_LOG_ERROR("invalid evicted_session_filter_error_rate: %f, supported range: [0.0, 1.0]", opts->evicted_session_filter_error_rate);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// TCP reassembly
|
|
|
|
|
if (opts->tcp_reassembly_enable)
|
|
|
|
|
{
|
|
|
|
|
if (opts->tcp_reassembly_max_timeout < 1 || opts->tcp_reassembly_max_timeout > 60000)
|
|
|
|
|
{
|
|
|
|
|
SESSION_LOG_ERROR("invalid tcp_reassembly_max_timeout: %u, supported range: [1, 60000]", opts->tcp_reassembly_max_timeout);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
2024-04-17 17:53:42 +08:00
|
|
|
if (opts->tcp_reassembly_max_segments < 2 || opts->tcp_reassembly_max_segments > 512)
|
2024-04-08 11:28:45 +08:00
|
|
|
{
|
2024-04-17 17:53:42 +08:00
|
|
|
SESSION_LOG_ERROR("invalid tcp_reassembly_max_segments: %u, supported range: [2, 512]", opts->tcp_reassembly_max_segments);
|
2024-04-08 11:28:45 +08:00
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2024-01-17 11:47:55 +08:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2024-04-09 10:36:39 +08:00
|
|
|
/******************************************************************************
|
2024-04-09 15:07:53 +08:00
|
|
|
* TCP
|
2024-04-09 10:36:39 +08:00
|
|
|
******************************************************************************/
|
|
|
|
|
|
2024-04-16 18:34:41 +08:00
|
|
|
static void tcp_clean(struct session_manager *mgr, struct session *sess)
|
2024-04-02 16:21:39 +08:00
|
|
|
{
|
2024-05-09 14:57:12 +08:00
|
|
|
struct tcp_reassembly *c2s_ssembler = sess->tcp_halfs[FLOW_DIRECTION_C2S].assembler;
|
|
|
|
|
struct tcp_reassembly *s2c_ssembler = sess->tcp_halfs[FLOW_DIRECTION_S2C].assembler;
|
2024-04-16 18:34:41 +08:00
|
|
|
struct tcp_segment *seg;
|
|
|
|
|
if (c2s_ssembler)
|
|
|
|
|
{
|
|
|
|
|
while ((seg = tcp_reassembly_expire(c2s_ssembler, UINT64_MAX)))
|
|
|
|
|
{
|
2024-05-09 16:32:45 +08:00
|
|
|
session_inc_stat(sess, FLOW_DIRECTION_C2S, STAT_TCP_SEGMENTS_RELEASED, 1);
|
|
|
|
|
session_inc_stat(sess, FLOW_DIRECTION_C2S, STAT_TCP_PAYLOADS_RELEASED, seg->len);
|
2024-04-16 18:34:41 +08:00
|
|
|
mgr->stat.nr_tcp_seg_released++;
|
|
|
|
|
tcp_segment_free(seg);
|
|
|
|
|
}
|
|
|
|
|
tcp_reassembly_free(c2s_ssembler);
|
|
|
|
|
}
|
|
|
|
|
if (s2c_ssembler)
|
|
|
|
|
{
|
|
|
|
|
while ((seg = tcp_reassembly_expire(s2c_ssembler, UINT64_MAX)))
|
|
|
|
|
{
|
2024-05-09 16:32:45 +08:00
|
|
|
session_inc_stat(sess, FLOW_DIRECTION_S2C, STAT_TCP_SEGMENTS_RELEASED, 1);
|
|
|
|
|
session_inc_stat(sess, FLOW_DIRECTION_S2C, STAT_TCP_PAYLOADS_RELEASED, seg->len);
|
2024-04-16 18:34:41 +08:00
|
|
|
mgr->stat.nr_tcp_seg_released++;
|
|
|
|
|
tcp_segment_free(seg);
|
|
|
|
|
}
|
|
|
|
|
tcp_reassembly_free(s2c_ssembler);
|
|
|
|
|
}
|
2024-04-02 16:21:39 +08:00
|
|
|
}
|
|
|
|
|
|
2024-04-16 18:34:41 +08:00
|
|
|
static int tcp_init(struct session_manager *mgr, struct session *sess)
|
2024-04-02 16:21:39 +08:00
|
|
|
{
|
2024-04-16 18:34:41 +08:00
|
|
|
if (!mgr->opts.tcp_reassembly_enable)
|
2024-04-08 12:10:25 +08:00
|
|
|
{
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2024-05-09 14:57:12 +08:00
|
|
|
sess->tcp_halfs[FLOW_DIRECTION_C2S].assembler = tcp_reassembly_new(mgr->opts.tcp_reassembly_max_timeout, mgr->opts.tcp_reassembly_max_segments);
|
|
|
|
|
sess->tcp_halfs[FLOW_DIRECTION_S2C].assembler = tcp_reassembly_new(mgr->opts.tcp_reassembly_max_timeout, mgr->opts.tcp_reassembly_max_segments);
|
|
|
|
|
if (sess->tcp_halfs[FLOW_DIRECTION_C2S].assembler == NULL || sess->tcp_halfs[FLOW_DIRECTION_S2C].assembler == NULL)
|
2024-04-02 16:21:39 +08:00
|
|
|
{
|
2024-04-16 18:34:41 +08:00
|
|
|
tcp_clean(mgr, sess);
|
2024-04-02 16:21:39 +08:00
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
2024-05-06 15:54:16 +08:00
|
|
|
SESSION_LOG_DEBUG("session %lu %s new c2s tcp assembler %p, s2c tcp assembler %p",
|
2024-05-15 16:29:33 +08:00
|
|
|
session_get_id(sess), session_get_tuple6_str(sess),
|
2024-05-09 14:57:12 +08:00
|
|
|
sess->tcp_halfs[FLOW_DIRECTION_C2S].assembler,
|
|
|
|
|
sess->tcp_halfs[FLOW_DIRECTION_S2C].assembler);
|
2024-05-06 15:54:16 +08:00
|
|
|
|
2024-04-02 16:21:39 +08:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2024-05-09 14:57:12 +08:00
|
|
|
static void tcp_update(struct session_manager *mgr, struct session *sess, enum flow_direction dir, const struct packet_layer *tcp_layer, uint64_t now)
|
2024-04-02 16:21:39 +08:00
|
|
|
{
|
|
|
|
|
struct tcp_segment *seg;
|
|
|
|
|
struct tcphdr *hdr = (struct tcphdr *)tcp_layer->hdr_ptr;
|
2024-04-09 15:07:53 +08:00
|
|
|
struct tcp_half *half = &sess->tcp_halfs[dir];
|
2024-04-02 16:21:39 +08:00
|
|
|
uint8_t flags = tcp_hdr_get_flags(hdr);
|
2024-04-09 15:07:53 +08:00
|
|
|
uint16_t len = tcp_layer->pld_len;
|
2024-04-02 16:21:39 +08:00
|
|
|
|
2024-05-16 19:13:36 +08:00
|
|
|
if ((flags & TH_SYN) && half->isn == 0)
|
|
|
|
|
{
|
|
|
|
|
half->isn = tcp_hdr_get_seq(hdr);
|
|
|
|
|
}
|
2024-05-11 18:58:36 +08:00
|
|
|
half->flags = flags;
|
|
|
|
|
half->history |= flags;
|
2024-04-03 18:59:46 +08:00
|
|
|
half->seq = tcp_hdr_get_seq(hdr);
|
|
|
|
|
half->ack = tcp_hdr_get_ack(hdr);
|
2024-04-25 15:39:02 +08:00
|
|
|
half->len = tcp_layer->pld_len;
|
2024-04-02 16:21:39 +08:00
|
|
|
|
2024-04-09 15:07:53 +08:00
|
|
|
if (!mgr->opts.tcp_reassembly_enable)
|
2024-04-08 12:10:25 +08:00
|
|
|
{
|
2024-04-09 15:07:53 +08:00
|
|
|
if (len)
|
2024-04-08 12:10:25 +08:00
|
|
|
{
|
2024-05-09 16:32:45 +08:00
|
|
|
session_inc_stat(sess, dir, STAT_TCP_SEGMENTS_RECEIVED, 1);
|
|
|
|
|
session_inc_stat(sess, dir, STAT_TCP_PAYLOADS_RECEIVED, len);
|
2024-04-09 15:07:53 +08:00
|
|
|
mgr->stat.nr_tcp_seg_received++;
|
|
|
|
|
|
2024-05-09 16:32:45 +08:00
|
|
|
session_inc_stat(sess, dir, STAT_TCP_SEGMENTS_INORDER, 1);
|
|
|
|
|
session_inc_stat(sess, dir, STAT_TCP_PAYLOADS_INORDER, len);
|
2024-04-09 15:07:53 +08:00
|
|
|
mgr->stat.nr_tcp_seg_inorder++;
|
|
|
|
|
|
|
|
|
|
half->in_order.data = tcp_layer->pld_ptr;
|
|
|
|
|
half->in_order.len = len;
|
2024-05-15 17:45:08 +08:00
|
|
|
half->in_order_ref = 0;
|
2024-04-08 12:10:25 +08:00
|
|
|
}
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2024-04-17 17:53:42 +08:00
|
|
|
if (unlikely(flags & TH_SYN))
|
2024-04-02 16:21:39 +08:00
|
|
|
{
|
2024-05-06 12:06:20 +08:00
|
|
|
// len > 0 is SYN with data (TCP Fast Open)
|
|
|
|
|
tcp_reassembly_set_recv_next(half->assembler, len ? half->seq : half->seq + 1);
|
2024-04-02 16:21:39 +08:00
|
|
|
}
|
|
|
|
|
|
2024-04-03 18:59:46 +08:00
|
|
|
seg = tcp_reassembly_expire(half->assembler, now);
|
2024-04-02 16:21:39 +08:00
|
|
|
if (seg)
|
|
|
|
|
{
|
2024-05-09 16:32:45 +08:00
|
|
|
session_inc_stat(sess, dir, STAT_TCP_SEGMENTS_EXPIRED, 1);
|
|
|
|
|
session_inc_stat(sess, dir, STAT_TCP_PAYLOADS_EXPIRED, seg->len);
|
2024-04-09 15:07:53 +08:00
|
|
|
mgr->stat.nr_tcp_seg_expired++;
|
|
|
|
|
|
2024-05-09 16:32:45 +08:00
|
|
|
session_inc_stat(sess, dir, STAT_TCP_SEGMENTS_RELEASED, 1);
|
|
|
|
|
session_inc_stat(sess, dir, STAT_TCP_PAYLOADS_RELEASED, seg->len);
|
2024-04-09 15:07:53 +08:00
|
|
|
mgr->stat.nr_tcp_seg_released++;
|
|
|
|
|
|
2024-04-02 16:21:39 +08:00
|
|
|
tcp_segment_free(seg);
|
|
|
|
|
}
|
|
|
|
|
|
2024-04-09 15:07:53 +08:00
|
|
|
if (len)
|
2024-04-02 16:21:39 +08:00
|
|
|
{
|
2024-05-09 16:32:45 +08:00
|
|
|
session_inc_stat(sess, dir, STAT_TCP_SEGMENTS_RECEIVED, 1);
|
|
|
|
|
session_inc_stat(sess, dir, STAT_TCP_PAYLOADS_RECEIVED, len);
|
2024-04-09 15:07:53 +08:00
|
|
|
mgr->stat.nr_tcp_seg_received++;
|
2024-04-08 12:10:25 +08:00
|
|
|
|
2024-04-03 18:59:46 +08:00
|
|
|
uint32_t rcv_nxt = tcp_reassembly_get_recv_next(half->assembler);
|
2024-05-06 15:54:16 +08:00
|
|
|
// in order
|
2024-04-03 18:59:46 +08:00
|
|
|
if (half->seq == rcv_nxt)
|
2024-04-02 16:21:39 +08:00
|
|
|
{
|
2024-05-09 16:32:45 +08:00
|
|
|
session_inc_stat(sess, dir, STAT_TCP_SEGMENTS_INORDER, 1);
|
|
|
|
|
session_inc_stat(sess, dir, STAT_TCP_PAYLOADS_INORDER, len);
|
2024-04-09 15:07:53 +08:00
|
|
|
mgr->stat.nr_tcp_seg_inorder++;
|
2024-04-09 10:36:39 +08:00
|
|
|
|
2024-04-09 15:07:53 +08:00
|
|
|
half->in_order.data = tcp_layer->pld_ptr;
|
|
|
|
|
half->in_order.len = len;
|
2024-05-15 17:45:08 +08:00
|
|
|
half->in_order_ref = 0;
|
2024-04-09 15:07:53 +08:00
|
|
|
tcp_reassembly_inc_recv_next(half->assembler, len);
|
2024-04-02 16:21:39 +08:00
|
|
|
}
|
2024-05-06 15:54:16 +08:00
|
|
|
// retransmission
|
|
|
|
|
else if (uint32_before(uint32_add(half->seq, len), rcv_nxt))
|
2024-04-02 16:21:39 +08:00
|
|
|
{
|
2024-05-09 16:32:45 +08:00
|
|
|
session_inc_stat(sess, dir, STAT_TCP_SEGMENTS_RETRANSMIT, 1);
|
|
|
|
|
session_inc_stat(sess, dir, STAT_TCP_PAYLOADS_RETRANSMIT, len);
|
2024-05-06 15:54:16 +08:00
|
|
|
mgr->stat.nr_tcp_seg_retransmit++;
|
2024-04-02 16:21:39 +08:00
|
|
|
}
|
2024-04-09 15:07:53 +08:00
|
|
|
else if ((seg = tcp_segment_new(half->seq, tcp_layer->pld_ptr, len)))
|
2024-04-02 16:21:39 +08:00
|
|
|
{
|
2024-04-03 18:59:46 +08:00
|
|
|
switch (tcp_reassembly_push(half->assembler, seg, now))
|
2024-04-02 16:21:39 +08:00
|
|
|
{
|
2024-05-06 15:54:16 +08:00
|
|
|
case -2:
|
2024-05-09 16:32:45 +08:00
|
|
|
session_inc_stat(sess, dir, STAT_TCP_SEGMENTS_RETRANSMIT, 1);
|
|
|
|
|
session_inc_stat(sess, dir, STAT_TCP_PAYLOADS_RETRANSMIT, len);
|
2024-05-06 15:54:16 +08:00
|
|
|
mgr->stat.nr_tcp_seg_retransmit++;
|
|
|
|
|
tcp_segment_free(seg);
|
2024-05-09 16:32:45 +08:00
|
|
|
break;
|
2024-04-02 16:21:39 +08:00
|
|
|
case -1:
|
2024-05-09 16:32:45 +08:00
|
|
|
session_inc_stat(sess, dir, STAT_TCP_SEGMENTS_NOSPACE, 1);
|
|
|
|
|
session_inc_stat(sess, dir, STAT_TCP_PAYLOADS_NOSPACE, len);
|
2024-04-09 15:07:53 +08:00
|
|
|
mgr->stat.nr_tcp_seg_no_space++;
|
2024-04-02 16:21:39 +08:00
|
|
|
tcp_segment_free(seg);
|
|
|
|
|
break;
|
|
|
|
|
case 0:
|
2024-05-09 16:32:45 +08:00
|
|
|
session_inc_stat(sess, dir, STAT_TCP_SEGMENTS_BUFFERED, 1);
|
|
|
|
|
session_inc_stat(sess, dir, STAT_TCP_PAYLOADS_BUFFERED, len);
|
2024-04-09 15:07:53 +08:00
|
|
|
mgr->stat.nr_tcp_seg_buffered++;
|
2024-04-02 16:21:39 +08:00
|
|
|
break;
|
|
|
|
|
case 1:
|
2024-05-09 16:32:45 +08:00
|
|
|
session_inc_stat(sess, dir, STAT_TCP_SEGMENTS_OVERLAP, 1);
|
|
|
|
|
session_inc_stat(sess, dir, STAT_TCP_PAYLOADS_OVERLAP, len);
|
2024-04-09 15:07:53 +08:00
|
|
|
mgr->stat.nr_tcp_seg_overlap++;
|
|
|
|
|
|
2024-05-09 16:32:45 +08:00
|
|
|
session_inc_stat(sess, dir, STAT_TCP_SEGMENTS_BUFFERED, 1);
|
|
|
|
|
session_inc_stat(sess, dir, STAT_TCP_PAYLOADS_BUFFERED, len);
|
2024-04-09 15:07:53 +08:00
|
|
|
mgr->stat.nr_tcp_seg_buffered++;
|
2024-04-02 16:21:39 +08:00
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
assert(0);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
2024-04-03 18:59:46 +08:00
|
|
|
else
|
|
|
|
|
{
|
2024-05-09 16:32:45 +08:00
|
|
|
session_inc_stat(sess, dir, STAT_TCP_SEGMENTS_NOSPACE, 1);
|
|
|
|
|
session_inc_stat(sess, dir, STAT_TCP_PAYLOADS_NOSPACE, len);
|
2024-04-09 15:07:53 +08:00
|
|
|
mgr->stat.nr_tcp_seg_no_space++;
|
2024-04-03 18:59:46 +08:00
|
|
|
}
|
2024-04-02 16:21:39 +08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2024-03-14 10:56:09 +08:00
|
|
|
/******************************************************************************
|
|
|
|
|
* Session Direction
|
|
|
|
|
******************************************************************************/
|
2023-12-13 19:20:34 +08:00
|
|
|
|
2024-05-09 14:57:12 +08:00
|
|
|
static enum flow_direction identify_direction_by_port(uint16_t src_port, uint16_t dst_port)
|
2024-03-14 10:56:09 +08:00
|
|
|
{
|
2024-01-23 14:30:46 +08:00
|
|
|
// big port is client
|
|
|
|
|
if (src_port > dst_port)
|
2024-01-17 11:47:55 +08:00
|
|
|
{
|
2024-05-09 14:57:12 +08:00
|
|
|
return FLOW_DIRECTION_C2S;
|
2024-01-17 11:47:55 +08:00
|
|
|
}
|
2024-01-23 14:30:46 +08:00
|
|
|
else if (src_port < dst_port)
|
2023-12-19 10:47:26 +08:00
|
|
|
{
|
2024-05-09 14:57:12 +08:00
|
|
|
return FLOW_DIRECTION_S2C;
|
2024-01-17 11:47:55 +08:00
|
|
|
}
|
2024-01-23 14:30:46 +08:00
|
|
|
else
|
2024-01-17 11:47:55 +08:00
|
|
|
{
|
2024-01-23 14:30:46 +08:00
|
|
|
// if port is equal, first packet is C2S
|
2024-05-09 14:57:12 +08:00
|
|
|
return FLOW_DIRECTION_C2S;
|
2023-12-19 10:47:26 +08:00
|
|
|
}
|
2023-12-13 19:20:34 +08:00
|
|
|
}
|
|
|
|
|
|
2024-05-09 14:57:12 +08:00
|
|
|
static enum flow_direction identify_direction_by_history(const struct session *sess, const struct tuple6 *key)
|
2023-12-13 19:20:34 +08:00
|
|
|
{
|
2024-05-15 16:29:33 +08:00
|
|
|
if (tuple6_cmp(session_get_tuple6(sess), key) == 0)
|
2023-12-19 10:47:26 +08:00
|
|
|
{
|
2024-05-15 16:29:33 +08:00
|
|
|
return session_get_tuple6_direction(sess);
|
2024-01-17 11:47:55 +08:00
|
|
|
}
|
2024-01-23 14:30:46 +08:00
|
|
|
else
|
2024-01-17 11:47:55 +08:00
|
|
|
{
|
2024-05-15 16:29:33 +08:00
|
|
|
return (session_get_tuple6_direction(sess) == FLOW_DIRECTION_C2S ? FLOW_DIRECTION_S2C : FLOW_DIRECTION_C2S);
|
2023-12-19 10:47:26 +08:00
|
|
|
}
|
2023-12-13 19:20:34 +08:00
|
|
|
}
|
|
|
|
|
|
2024-03-14 10:56:09 +08:00
|
|
|
/******************************************************************************
|
|
|
|
|
* Session Filter
|
|
|
|
|
******************************************************************************/
|
|
|
|
|
|
2024-04-09 15:07:53 +08:00
|
|
|
// on new session
|
|
|
|
|
static int tcp_overload_bypass(struct session_manager *mgr, const struct tuple6 *key, uint64_t now)
|
2023-12-13 19:20:34 +08:00
|
|
|
{
|
2024-04-30 17:03:36 +08:00
|
|
|
if (key->ip_proto == IPPROTO_TCP && mgr->stat.curr_nr_tcp_sess_used >= mgr->opts.max_tcp_session_num)
|
2024-04-09 15:07:53 +08:00
|
|
|
{
|
2024-04-11 11:26:50 +08:00
|
|
|
mgr->stat.nr_tcp_pkts_nospace_bypass++;
|
2024-04-09 15:07:53 +08:00
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
static int udp_overload_bypass(struct session_manager *mgr, const struct tuple6 *key, uint64_t now)
|
2024-03-14 10:56:09 +08:00
|
|
|
{
|
2024-04-30 17:03:36 +08:00
|
|
|
if (key->ip_proto == IPPROTO_UDP && mgr->stat.curr_nr_udp_sess_used >= mgr->opts.max_udp_session_num)
|
2023-12-13 19:20:34 +08:00
|
|
|
{
|
2024-04-11 11:26:50 +08:00
|
|
|
mgr->stat.nr_udp_pkts_nospace_bypass++;
|
2024-04-09 15:07:53 +08:00
|
|
|
return 1;
|
2023-12-13 19:20:34 +08:00
|
|
|
}
|
2024-03-14 10:56:09 +08:00
|
|
|
return 0;
|
2024-01-17 11:47:55 +08:00
|
|
|
}
|
2024-04-09 15:07:53 +08:00
|
|
|
static int evicted_session_bypass(struct session_manager *mgr, const struct tuple6 *key, uint64_t now)
|
2024-01-17 11:47:55 +08:00
|
|
|
{
|
2024-04-08 11:28:45 +08:00
|
|
|
if (mgr->opts.evicted_session_filter_enable && evicted_session_filter_lookup(mgr->evicte_sess_filter, key, now))
|
2024-01-17 11:47:55 +08:00
|
|
|
{
|
2024-04-11 11:26:50 +08:00
|
|
|
mgr->stat.nr_udp_pkts_evctd_bypass++;
|
2024-03-14 10:56:09 +08:00
|
|
|
return 1;
|
2024-01-17 11:47:55 +08:00
|
|
|
}
|
2024-03-14 10:56:09 +08:00
|
|
|
|
|
|
|
|
return 0;
|
2023-12-13 19:20:34 +08:00
|
|
|
}
|
2024-04-09 15:07:53 +08:00
|
|
|
// on update session
|
|
|
|
|
static int duplicated_packet_bypass(struct session_manager *mgr, struct session *sess, const struct packet *pkt, const struct tuple6 *key, uint64_t now)
|
2023-12-19 10:47:26 +08:00
|
|
|
{
|
2024-04-08 11:28:45 +08:00
|
|
|
if (mgr->opts.duplicated_packet_filter_enable == 0)
|
|
|
|
|
{
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2024-05-09 14:57:12 +08:00
|
|
|
enum flow_direction dir = identify_direction_by_history(sess, key);
|
2024-05-09 16:32:45 +08:00
|
|
|
if (session_get_stat(sess, dir, STAT_RAW_PACKETS_RECEIVED) < 3 || session_has_duplicate_traffic(sess))
|
2023-12-19 10:47:26 +08:00
|
|
|
{
|
2024-03-14 10:56:09 +08:00
|
|
|
if (duplicated_packet_filter_lookup(mgr->dup_pkt_filter, pkt, now))
|
2024-01-17 11:47:55 +08:00
|
|
|
{
|
2024-05-09 16:32:45 +08:00
|
|
|
session_inc_stat(sess, dir, STAT_DUPLICATE_PACKETS_BYPASS, 1);
|
|
|
|
|
session_inc_stat(sess, dir, STAT_DUPLICATE_BYTES_BYPASS, packet_get_len(pkt));
|
2024-04-11 11:26:50 +08:00
|
|
|
switch (session_get_type(sess))
|
|
|
|
|
{
|
|
|
|
|
case SESSION_TYPE_TCP:
|
|
|
|
|
mgr->stat.nr_tcp_pkts_duped_bypass++;
|
|
|
|
|
break;
|
|
|
|
|
case SESSION_TYPE_UDP:
|
|
|
|
|
mgr->stat.nr_udp_pkts_duped_bypass++;
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
assert(0);
|
|
|
|
|
break;
|
|
|
|
|
}
|
2024-05-09 16:32:45 +08:00
|
|
|
session_set_duplicate_traffic(sess);
|
2024-05-16 17:05:45 +08:00
|
|
|
|
|
|
|
|
session_set_current_packet(sess, pkt);
|
|
|
|
|
session_set_current_flow_direction(sess, dir);
|
2024-03-14 10:56:09 +08:00
|
|
|
return 1;
|
2024-01-17 11:47:55 +08:00
|
|
|
}
|
2024-03-14 10:56:09 +08:00
|
|
|
else
|
2024-01-17 11:47:55 +08:00
|
|
|
{
|
2024-03-14 10:56:09 +08:00
|
|
|
duplicated_packet_filter_add(mgr->dup_pkt_filter, pkt, now);
|
|
|
|
|
return 0;
|
2024-01-17 11:47:55 +08:00
|
|
|
}
|
2023-12-19 10:47:26 +08:00
|
|
|
}
|
|
|
|
|
|
2024-03-14 10:56:09 +08:00
|
|
|
return 0;
|
2023-12-19 10:47:26 +08:00
|
|
|
}
|
|
|
|
|
|
2024-03-14 10:56:09 +08:00
|
|
|
/******************************************************************************
|
|
|
|
|
* Session Manager
|
|
|
|
|
******************************************************************************/
|
2024-01-23 14:30:46 +08:00
|
|
|
|
2024-05-09 14:57:12 +08:00
|
|
|
static void session_update(struct session *sess, enum session_state next_state, const struct packet *pkt, const struct tuple6 *key, enum flow_direction dir)
|
2024-01-23 14:30:46 +08:00
|
|
|
{
|
2024-05-16 10:13:43 +08:00
|
|
|
uint64_t real_sec = stellar_get_real_time_sec();
|
2024-03-14 10:56:09 +08:00
|
|
|
if (session_get_state(sess) == SESSION_STATE_INIT)
|
2024-01-23 14:30:46 +08:00
|
|
|
{
|
2024-04-10 11:40:26 +08:00
|
|
|
session_set_id(sess, id_generator_alloc());
|
2024-04-01 17:13:26 +08:00
|
|
|
session_set_tuple(sess, key);
|
2024-04-10 11:40:26 +08:00
|
|
|
session_set_tuple_direction(sess, dir);
|
2024-05-09 14:57:12 +08:00
|
|
|
|
|
|
|
|
enum packet_direction pkt_dir = packet_get_direction(pkt);
|
|
|
|
|
|
|
|
|
|
if (dir == FLOW_DIRECTION_C2S)
|
|
|
|
|
{
|
|
|
|
|
if (pkt_dir == PACKET_DIRECTION_OUTGOING) // Internal -> External
|
|
|
|
|
{
|
|
|
|
|
session_set_direction(sess, SESSION_DIRECTION_OUTBOUND);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
session_set_direction(sess, SESSION_DIRECTION_INBOUND);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
if (pkt_dir == PACKET_DIRECTION_OUTGOING) // Internal -> External
|
|
|
|
|
{
|
|
|
|
|
session_set_direction(sess, SESSION_DIRECTION_INBOUND);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
session_set_direction(sess, SESSION_DIRECTION_OUTBOUND);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2024-04-10 11:40:26 +08:00
|
|
|
tuple6_to_str(key, sess->tuple_str, sizeof(sess->tuple_str));
|
2024-05-16 10:13:43 +08:00
|
|
|
session_set_timestamp(sess, SESSION_TIMESTAMP_START, real_sec);
|
2024-03-14 10:56:09 +08:00
|
|
|
switch (key->ip_proto)
|
|
|
|
|
{
|
|
|
|
|
case IPPROTO_TCP:
|
|
|
|
|
session_set_type(sess, SESSION_TYPE_TCP);
|
|
|
|
|
break;
|
|
|
|
|
case IPPROTO_UDP:
|
|
|
|
|
session_set_type(sess, SESSION_TYPE_UDP);
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
assert(0);
|
|
|
|
|
break;
|
|
|
|
|
}
|
2024-01-23 14:30:46 +08:00
|
|
|
}
|
|
|
|
|
|
2024-05-09 16:32:45 +08:00
|
|
|
session_inc_stat(sess, dir, STAT_RAW_PACKETS_RECEIVED, 1);
|
|
|
|
|
session_inc_stat(sess, dir, STAT_RAW_BYTES_RECEIVED, packet_get_len(pkt));
|
2024-04-09 15:07:53 +08:00
|
|
|
|
2024-05-09 14:57:12 +08:00
|
|
|
if (!session_get_first_packet(sess, dir))
|
2023-12-19 10:47:26 +08:00
|
|
|
{
|
2024-05-08 18:24:26 +08:00
|
|
|
struct route_ctx ctx = {0};
|
|
|
|
|
struct sid_list list = {0};
|
|
|
|
|
packet_get_route_ctx(pkt, &ctx);
|
|
|
|
|
packet_get_sid_list(pkt, &list);
|
|
|
|
|
|
2024-05-15 11:40:00 +08:00
|
|
|
session_set_first_packet(sess, dir, packet_dup(pkt));
|
2024-05-08 18:24:26 +08:00
|
|
|
session_set_route_ctx(sess, dir, &ctx);
|
|
|
|
|
session_set_sid_list(sess, dir, &list);
|
2023-12-19 10:47:26 +08:00
|
|
|
}
|
2024-04-09 15:07:53 +08:00
|
|
|
|
|
|
|
|
session_set_current_packet(sess, pkt);
|
2024-05-16 17:05:45 +08:00
|
|
|
session_set_current_flow_direction(sess, dir);
|
2024-05-16 10:13:43 +08:00
|
|
|
session_set_timestamp(sess, SESSION_TIMESTAMP_LAST, real_sec);
|
2024-03-14 10:56:09 +08:00
|
|
|
session_set_state(sess, next_state);
|
2024-01-17 11:47:55 +08:00
|
|
|
}
|
2023-12-19 10:47:26 +08:00
|
|
|
|
2024-05-16 19:13:36 +08:00
|
|
|
static void session_manager_evicte_session(struct session_manager *mgr, struct session *sess, uint64_t now, int reason)
|
2024-01-23 14:30:46 +08:00
|
|
|
{
|
2024-03-14 10:56:09 +08:00
|
|
|
if (sess == NULL)
|
2024-01-23 14:30:46 +08:00
|
|
|
{
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2024-03-14 10:56:09 +08:00
|
|
|
// when session add to evicted queue, session lifetime is over
|
|
|
|
|
enum session_state curr_state = session_get_state(sess);
|
2024-05-16 19:13:36 +08:00
|
|
|
enum session_state next_state = session_transition_run(curr_state, reason);
|
|
|
|
|
session_transition_log(sess, curr_state, next_state, reason);
|
2024-03-14 10:56:09 +08:00
|
|
|
session_set_state(sess, next_state);
|
2024-04-09 15:07:53 +08:00
|
|
|
if (!session_get_closing_reason(sess))
|
|
|
|
|
{
|
2024-05-16 19:13:36 +08:00
|
|
|
if (reason == PORT_REUSE_EVICT)
|
|
|
|
|
{
|
|
|
|
|
session_set_closing_reason(sess, CLOSING_BY_PORT_REUSE_EVICTED);
|
|
|
|
|
}
|
|
|
|
|
if (reason == LRU_EVICT)
|
|
|
|
|
{
|
|
|
|
|
session_set_closing_reason(sess, CLOSING_BY_LRU_EVICTED);
|
|
|
|
|
}
|
2024-04-09 15:07:53 +08:00
|
|
|
}
|
2024-03-14 10:56:09 +08:00
|
|
|
session_timer_del(mgr->sess_timer, sess);
|
2024-03-29 17:45:41 +08:00
|
|
|
list_add_tail(&sess->evicte, &mgr->evicte_queue);
|
2024-01-17 11:47:55 +08:00
|
|
|
|
2024-03-14 10:56:09 +08:00
|
|
|
switch (session_get_type(sess))
|
2023-12-19 10:47:26 +08:00
|
|
|
{
|
2024-03-14 10:56:09 +08:00
|
|
|
case SESSION_TYPE_TCP:
|
|
|
|
|
SESSION_LOG_DEBUG("evicte tcp old session: %lu", session_get_id(sess));
|
2024-04-30 15:29:31 +08:00
|
|
|
session_table_del(mgr->tcp_sess_table, sess);
|
2024-04-09 15:07:53 +08:00
|
|
|
SESS_MGR_STAT_UPDATE(&mgr->stat, curr_state, next_state, tcp);
|
2024-04-09 10:36:39 +08:00
|
|
|
mgr->stat.nr_tcp_sess_evicted++;
|
2024-03-14 10:56:09 +08:00
|
|
|
break;
|
|
|
|
|
case SESSION_TYPE_UDP:
|
|
|
|
|
SESSION_LOG_DEBUG("evicte udp old session: %lu", session_get_id(sess));
|
2024-04-30 15:29:31 +08:00
|
|
|
session_table_del(mgr->udp_sess_table, sess);
|
2024-04-08 11:28:45 +08:00
|
|
|
if (mgr->opts.evicted_session_filter_enable)
|
|
|
|
|
{
|
2024-05-15 16:29:33 +08:00
|
|
|
evicted_session_filter_add(mgr->evicte_sess_filter, session_get_tuple6(sess), now);
|
2024-04-08 11:28:45 +08:00
|
|
|
}
|
2024-04-09 15:07:53 +08:00
|
|
|
SESS_MGR_STAT_UPDATE(&mgr->stat, curr_state, next_state, udp);
|
2024-04-09 10:36:39 +08:00
|
|
|
mgr->stat.nr_udp_sess_evicted++;
|
2024-03-14 10:56:09 +08:00
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
assert(0);
|
|
|
|
|
break;
|
2023-12-19 10:47:26 +08:00
|
|
|
}
|
2024-01-23 14:30:46 +08:00
|
|
|
}
|
|
|
|
|
|
2024-05-16 19:13:36 +08:00
|
|
|
static struct session *session_manager_lookup_tcp_session(struct session_manager *mgr, const struct packet *pkt, const struct tuple6 *key, uint64_t now)
|
|
|
|
|
{
|
|
|
|
|
struct session *sess = session_table_find_tuple6(mgr->tcp_sess_table, key);
|
|
|
|
|
if (sess == NULL)
|
|
|
|
|
{
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const struct packet_layer *tcp_layer = packet_get_innermost_layer(pkt, LAYER_TYPE_TCP);
|
|
|
|
|
const struct tcphdr *hdr = (const struct tcphdr *)tcp_layer->hdr_ptr;
|
|
|
|
|
uint8_t flags = tcp_hdr_get_flags(hdr);
|
|
|
|
|
if ((flags & TH_SYN) == 0)
|
|
|
|
|
{
|
|
|
|
|
return sess;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
enum flow_direction dir = identify_direction_by_history(sess, key);
|
|
|
|
|
struct tcp_half *half = &sess->tcp_halfs[dir];
|
2024-05-17 17:38:08 +08:00
|
|
|
if ((half->isn && half->isn != tcp_hdr_get_seq(hdr)) || // recv SYN with different ISN
|
|
|
|
|
((half->history & TH_FIN) || (half->history & TH_RST))) // recv SYN after FIN or RST
|
2024-05-16 19:13:36 +08:00
|
|
|
{
|
|
|
|
|
// TCP port reuse, evict old session
|
|
|
|
|
session_manager_evicte_session(mgr, sess, now, PORT_REUSE_EVICT);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
// TCP SYN retransmission
|
|
|
|
|
return sess;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2024-03-14 10:56:09 +08:00
|
|
|
static struct session *session_manager_new_tcp_session(struct session_manager *mgr, const struct packet *pkt, const struct tuple6 *key, uint64_t now)
|
2023-12-19 10:47:26 +08:00
|
|
|
{
|
2024-04-10 11:40:26 +08:00
|
|
|
const struct packet_layer *tcp_layer = packet_get_innermost_layer(pkt, LAYER_TYPE_TCP);
|
2024-01-03 09:57:06 +08:00
|
|
|
const struct tcphdr *hdr = (const struct tcphdr *)tcp_layer->hdr_ptr;
|
2024-03-29 16:32:16 +08:00
|
|
|
uint8_t flags = tcp_hdr_get_flags(hdr);
|
|
|
|
|
if (!(flags & TH_SYN))
|
2023-12-19 10:47:26 +08:00
|
|
|
{
|
2024-04-11 11:26:50 +08:00
|
|
|
mgr->stat.nr_tcp_pkts_nosess_bypass++;
|
2024-01-17 11:47:55 +08:00
|
|
|
return NULL;
|
2023-12-19 10:47:26 +08:00
|
|
|
}
|
|
|
|
|
|
2024-03-14 10:56:09 +08:00
|
|
|
// tcp table full evict old session
|
2024-04-30 17:03:36 +08:00
|
|
|
if (mgr->opts.tcp_overload_evict_old_sess && mgr->stat.curr_nr_tcp_sess_used >= mgr->opts.max_tcp_session_num - EVICTE_SESSION_BURST)
|
2024-01-17 11:47:55 +08:00
|
|
|
{
|
2024-03-14 10:56:09 +08:00
|
|
|
struct session *evic_sess = session_table_find_lru(mgr->tcp_sess_table);
|
2024-05-16 19:13:36 +08:00
|
|
|
session_manager_evicte_session(mgr, evic_sess, now, LRU_EVICT);
|
2024-01-17 11:47:55 +08:00
|
|
|
}
|
2023-12-19 10:47:26 +08:00
|
|
|
|
2024-05-09 14:57:12 +08:00
|
|
|
enum flow_direction dir = (flags & TH_ACK) ? FLOW_DIRECTION_S2C : FLOW_DIRECTION_C2S;
|
2024-03-09 19:28:14 +08:00
|
|
|
struct session *sess = session_pool_pop(mgr->sess_pool);
|
2024-03-14 10:56:09 +08:00
|
|
|
if (sess == NULL)
|
|
|
|
|
{
|
|
|
|
|
assert(0);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
session_init(sess);
|
2024-04-09 10:36:39 +08:00
|
|
|
sess->mgr_stat = &mgr->stat;
|
2024-04-10 11:40:26 +08:00
|
|
|
|
|
|
|
|
enum session_state next_state = session_transition_run(SESSION_STATE_INIT, TCP_SYN);
|
2024-04-16 18:34:41 +08:00
|
|
|
session_update(sess, next_state, pkt, key, dir);
|
2024-04-10 11:40:26 +08:00
|
|
|
session_transition_log(sess, SESSION_STATE_INIT, next_state, TCP_SYN);
|
2024-04-02 16:21:39 +08:00
|
|
|
|
2024-04-16 18:34:41 +08:00
|
|
|
if (tcp_init(mgr, sess) == -1)
|
2024-03-26 15:09:03 +08:00
|
|
|
{
|
|
|
|
|
assert(0);
|
|
|
|
|
session_pool_push(mgr->sess_pool, sess);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
2024-04-09 15:07:53 +08:00
|
|
|
tcp_update(mgr, sess, dir, tcp_layer, now);
|
2024-01-17 11:47:55 +08:00
|
|
|
|
2024-04-03 18:59:46 +08:00
|
|
|
uint64_t timeout = (flags & TH_ACK) ? mgr->opts.tcp_handshake_timeout : mgr->opts.tcp_init_timeout;
|
2024-03-29 19:44:20 +08:00
|
|
|
session_timer_update(mgr->sess_timer, sess, now + timeout);
|
2024-04-30 15:29:31 +08:00
|
|
|
session_table_add(mgr->tcp_sess_table, sess);
|
2024-01-31 14:45:50 +08:00
|
|
|
|
2024-04-17 17:53:42 +08:00
|
|
|
if (mgr->opts.duplicated_packet_filter_enable)
|
2024-04-08 11:28:45 +08:00
|
|
|
{
|
|
|
|
|
duplicated_packet_filter_add(mgr->dup_pkt_filter, pkt, now);
|
|
|
|
|
}
|
|
|
|
|
|
2024-04-09 15:07:53 +08:00
|
|
|
SESS_MGR_STAT_INC(&mgr->stat, next_state, tcp);
|
2024-04-30 17:03:36 +08:00
|
|
|
mgr->stat.curr_nr_tcp_sess_used++;
|
|
|
|
|
mgr->stat.total_nr_tcp_sess_used++;
|
2023-12-19 10:47:26 +08:00
|
|
|
|
2024-01-17 11:47:55 +08:00
|
|
|
return sess;
|
|
|
|
|
}
|
2023-12-19 10:47:26 +08:00
|
|
|
|
2024-03-14 10:56:09 +08:00
|
|
|
static struct session *session_manager_new_udp_session(struct session_manager *mgr, const struct packet *pkt, const struct tuple6 *key, uint64_t now)
|
2024-01-17 11:47:55 +08:00
|
|
|
{
|
2024-03-14 10:56:09 +08:00
|
|
|
// udp table full evict old session
|
2024-04-30 17:03:36 +08:00
|
|
|
if (mgr->opts.udp_overload_evict_old_sess && mgr->stat.curr_nr_udp_sess_used >= mgr->opts.max_udp_session_num - EVICTE_SESSION_BURST)
|
2024-01-23 14:30:46 +08:00
|
|
|
{
|
2024-03-14 10:56:09 +08:00
|
|
|
struct session *evic_sess = session_table_find_lru(mgr->udp_sess_table);
|
2024-05-16 19:13:36 +08:00
|
|
|
session_manager_evicte_session(mgr, evic_sess, now, LRU_EVICT);
|
2024-01-23 14:30:46 +08:00
|
|
|
}
|
|
|
|
|
|
2024-03-09 19:28:14 +08:00
|
|
|
struct session *sess = session_pool_pop(mgr->sess_pool);
|
2024-03-14 10:56:09 +08:00
|
|
|
if (sess == NULL)
|
|
|
|
|
{
|
|
|
|
|
assert(sess);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
session_init(sess);
|
2024-04-09 10:36:39 +08:00
|
|
|
sess->mgr_stat = &mgr->stat;
|
2024-01-23 14:30:46 +08:00
|
|
|
|
2024-05-09 14:57:12 +08:00
|
|
|
enum flow_direction dir = identify_direction_by_port(ntohs(key->src_port), ntohs(key->dst_port));
|
2024-03-14 10:56:09 +08:00
|
|
|
enum session_state next_state = session_transition_run(SESSION_STATE_INIT, UDP_DATA);
|
2024-04-16 18:34:41 +08:00
|
|
|
session_update(sess, next_state, pkt, key, dir);
|
2024-03-26 15:09:03 +08:00
|
|
|
session_transition_log(sess, SESSION_STATE_INIT, next_state, UDP_DATA);
|
2024-01-23 14:30:46 +08:00
|
|
|
|
2024-04-03 18:59:46 +08:00
|
|
|
session_timer_update(mgr->sess_timer, sess, now + mgr->opts.udp_data_timeout);
|
2024-04-30 15:29:31 +08:00
|
|
|
session_table_add(mgr->udp_sess_table, sess);
|
2024-01-31 14:45:50 +08:00
|
|
|
|
2024-04-09 15:07:53 +08:00
|
|
|
SESS_MGR_STAT_INC(&mgr->stat, next_state, udp);
|
2024-04-30 17:03:36 +08:00
|
|
|
mgr->stat.curr_nr_udp_sess_used++;
|
|
|
|
|
mgr->stat.total_nr_udp_sess_used++;
|
2024-04-09 10:36:39 +08:00
|
|
|
|
2024-01-23 14:30:46 +08:00
|
|
|
return sess;
|
|
|
|
|
}
|
|
|
|
|
|
2024-03-14 10:56:09 +08:00
|
|
|
static int session_manager_update_tcp_session(struct session_manager *mgr, struct session *sess, const struct packet *pkt, const struct tuple6 *key, uint64_t now)
|
2024-01-23 14:30:46 +08:00
|
|
|
{
|
2024-04-10 11:40:26 +08:00
|
|
|
const struct packet_layer *tcp_layer = packet_get_innermost_layer(pkt, LAYER_TYPE_TCP);
|
2024-03-14 10:56:09 +08:00
|
|
|
const struct tcphdr *hdr = (const struct tcphdr *)tcp_layer->hdr_ptr;
|
2024-05-09 14:57:12 +08:00
|
|
|
enum flow_direction dir = identify_direction_by_history(sess, key);
|
2024-03-29 16:32:16 +08:00
|
|
|
uint8_t flags = tcp_hdr_get_flags(hdr);
|
2024-04-03 18:59:46 +08:00
|
|
|
int inputs = 0;
|
|
|
|
|
inputs |= (flags & TH_SYN) ? TCP_SYN : NONE;
|
2024-03-29 16:32:16 +08:00
|
|
|
inputs |= (flags & TH_FIN) ? TCP_FIN : NONE;
|
|
|
|
|
inputs |= (flags & TH_RST) ? TCP_RST : NONE;
|
2024-03-14 10:56:09 +08:00
|
|
|
inputs |= tcp_layer->pld_len ? TCP_DATA : NONE;
|
2024-04-03 18:59:46 +08:00
|
|
|
|
|
|
|
|
// update state
|
2024-03-14 10:56:09 +08:00
|
|
|
enum session_state curr_state = session_get_state(sess);
|
|
|
|
|
enum session_state next_state = session_transition_run(curr_state, inputs);
|
2024-04-03 18:59:46 +08:00
|
|
|
|
|
|
|
|
// update session
|
2024-04-16 18:34:41 +08:00
|
|
|
session_update(sess, next_state, pkt, key, dir);
|
2024-04-03 18:59:46 +08:00
|
|
|
session_transition_log(sess, curr_state, next_state, inputs);
|
2024-03-14 10:56:09 +08:00
|
|
|
|
2024-04-09 15:07:53 +08:00
|
|
|
// update tcp
|
|
|
|
|
tcp_update(mgr, sess, dir, tcp_layer, now);
|
2024-04-08 11:28:45 +08:00
|
|
|
|
2024-03-29 16:32:16 +08:00
|
|
|
// set closing reason
|
|
|
|
|
if (next_state == SESSION_STATE_CLOSING && !session_get_closing_reason(sess))
|
2024-03-26 15:09:03 +08:00
|
|
|
{
|
2024-04-03 18:59:46 +08:00
|
|
|
if (flags & TH_FIN)
|
2024-03-29 16:32:16 +08:00
|
|
|
{
|
2024-05-09 14:57:12 +08:00
|
|
|
session_set_closing_reason(sess, (dir == FLOW_DIRECTION_C2S ? CLOSING_BY_CLIENT_FIN : CLOSING_BY_SERVER_FIN));
|
2024-03-29 16:32:16 +08:00
|
|
|
}
|
2024-04-03 18:59:46 +08:00
|
|
|
if (flags & TH_RST)
|
2024-03-29 16:32:16 +08:00
|
|
|
{
|
2024-05-09 14:57:12 +08:00
|
|
|
session_set_closing_reason(sess, (dir == FLOW_DIRECTION_C2S ? CLOSING_BY_CLIENT_RST : CLOSING_BY_SERVER_RST));
|
2024-03-29 16:32:16 +08:00
|
|
|
}
|
2024-03-26 15:09:03 +08:00
|
|
|
}
|
|
|
|
|
|
2024-04-03 18:59:46 +08:00
|
|
|
// update timeout
|
2024-04-09 15:07:53 +08:00
|
|
|
struct tcp_half *curr = &sess->tcp_halfs[dir];
|
2024-05-09 14:57:12 +08:00
|
|
|
struct tcp_half *peer = &sess->tcp_halfs[(dir == FLOW_DIRECTION_C2S ? FLOW_DIRECTION_S2C : FLOW_DIRECTION_C2S)];
|
2024-03-14 10:56:09 +08:00
|
|
|
uint64_t timeout = 0;
|
|
|
|
|
switch (next_state)
|
2023-12-19 10:47:26 +08:00
|
|
|
{
|
2024-01-23 14:30:46 +08:00
|
|
|
case SESSION_STATE_OPENING:
|
2024-03-29 16:32:16 +08:00
|
|
|
if (flags & TH_SYN)
|
2024-03-14 10:56:09 +08:00
|
|
|
{
|
2024-04-03 18:59:46 +08:00
|
|
|
timeout = (flags & TH_ACK) ? mgr->opts.tcp_handshake_timeout : mgr->opts.tcp_init_timeout;
|
2024-03-14 10:56:09 +08:00
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2024-04-03 18:59:46 +08:00
|
|
|
timeout = mgr->opts.tcp_data_timeout;
|
2024-03-14 10:56:09 +08:00
|
|
|
}
|
2024-01-23 14:30:46 +08:00
|
|
|
break;
|
|
|
|
|
case SESSION_STATE_ACTIVE:
|
2024-04-03 18:59:46 +08:00
|
|
|
timeout = mgr->opts.tcp_data_timeout;
|
2024-01-23 14:30:46 +08:00
|
|
|
break;
|
|
|
|
|
case SESSION_STATE_CLOSING:
|
2024-03-29 16:32:16 +08:00
|
|
|
if (flags & TH_FIN)
|
|
|
|
|
{
|
2024-05-11 18:58:36 +08:00
|
|
|
timeout = (peer->history & TH_FIN) ? mgr->opts.tcp_time_wait_timeout : mgr->opts.tcp_half_closed_timeout;
|
2024-03-29 16:32:16 +08:00
|
|
|
}
|
|
|
|
|
else if (flags & TH_RST)
|
|
|
|
|
{
|
2024-04-03 18:59:46 +08:00
|
|
|
// if fin is received, the expected sequence number should be increased by 1
|
2024-05-11 18:58:36 +08:00
|
|
|
uint32_t expected = (peer->history & TH_FIN) ? peer->ack + 1 : peer->ack;
|
2024-04-03 18:59:46 +08:00
|
|
|
timeout = (expected == curr->seq) ? mgr->opts.tcp_time_wait_timeout : mgr->opts.tcp_unverified_rst_timeout;
|
2024-03-29 16:32:16 +08:00
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2024-04-03 18:59:46 +08:00
|
|
|
timeout = mgr->opts.tcp_data_timeout;
|
2024-03-29 16:32:16 +08:00
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case SESSION_STATE_DISCARD:
|
2024-04-03 18:59:46 +08:00
|
|
|
timeout = mgr->opts.tcp_discard_timeout;
|
2024-01-23 14:30:46 +08:00
|
|
|
break;
|
|
|
|
|
default:
|
2024-03-14 10:56:09 +08:00
|
|
|
assert(0);
|
2024-01-23 14:30:46 +08:00
|
|
|
break;
|
2023-12-19 10:47:26 +08:00
|
|
|
}
|
2024-03-29 19:44:20 +08:00
|
|
|
session_timer_update(mgr->sess_timer, sess, now + timeout);
|
2023-12-19 10:47:26 +08:00
|
|
|
|
2024-04-09 15:07:53 +08:00
|
|
|
SESS_MGR_STAT_UPDATE(&mgr->stat, curr_state, next_state, tcp);
|
2024-04-09 10:36:39 +08:00
|
|
|
|
2024-03-08 18:10:38 +08:00
|
|
|
return 0;
|
2023-12-19 10:47:26 +08:00
|
|
|
}
|
|
|
|
|
|
2024-03-14 10:56:09 +08:00
|
|
|
static int session_manager_update_udp_session(struct session_manager *mgr, struct session *sess, const struct packet *pkt, const struct tuple6 *key, uint64_t now)
|
2023-12-19 10:47:26 +08:00
|
|
|
{
|
2024-05-09 14:57:12 +08:00
|
|
|
enum flow_direction dir = identify_direction_by_history(sess, key);
|
2024-03-14 10:56:09 +08:00
|
|
|
enum session_state curr_state = session_get_state(sess);
|
|
|
|
|
enum session_state next_state = session_transition_run(curr_state, UDP_DATA);
|
2024-04-16 18:34:41 +08:00
|
|
|
session_update(sess, next_state, pkt, key, dir);
|
2024-03-26 15:09:03 +08:00
|
|
|
session_transition_log(sess, curr_state, next_state, UDP_DATA);
|
2024-04-10 11:40:26 +08:00
|
|
|
|
|
|
|
|
if (session_get_state(sess) == SESSION_STATE_DISCARD)
|
|
|
|
|
{
|
|
|
|
|
session_timer_update(mgr->sess_timer, sess, now + mgr->opts.udp_discard_timeout);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
session_timer_update(mgr->sess_timer, sess, now + mgr->opts.udp_data_timeout);
|
|
|
|
|
}
|
2024-01-23 14:30:46 +08:00
|
|
|
|
2024-04-09 15:07:53 +08:00
|
|
|
SESS_MGR_STAT_UPDATE(&mgr->stat, curr_state, next_state, udp);
|
2024-04-09 10:36:39 +08:00
|
|
|
|
2024-03-14 10:56:09 +08:00
|
|
|
return 0;
|
2023-12-13 19:20:34 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/******************************************************************************
|
2024-01-23 14:30:46 +08:00
|
|
|
* Public API
|
2023-12-13 19:20:34 +08:00
|
|
|
******************************************************************************/
|
|
|
|
|
|
2024-03-14 10:56:09 +08:00
|
|
|
struct session_manager *session_manager_new(struct session_manager_options *opts, uint64_t now)
|
2023-12-13 19:20:34 +08:00
|
|
|
{
|
2024-03-14 10:56:09 +08:00
|
|
|
if (check_options(opts) == -1)
|
2024-01-17 11:47:55 +08:00
|
|
|
{
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
2024-03-29 16:32:16 +08:00
|
|
|
|
2023-12-13 19:20:34 +08:00
|
|
|
struct session_manager *mgr = (struct session_manager *)calloc(1, sizeof(struct session_manager));
|
|
|
|
|
if (mgr == NULL)
|
|
|
|
|
{
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
2024-04-03 18:59:46 +08:00
|
|
|
memcpy(&mgr->opts, opts, sizeof(struct session_manager_options));
|
|
|
|
|
|
|
|
|
|
mgr->sess_pool = session_pool_new(mgr->opts.max_tcp_session_num + mgr->opts.max_udp_session_num);
|
2024-03-08 14:20:36 +08:00
|
|
|
mgr->tcp_sess_table = session_table_new();
|
|
|
|
|
mgr->udp_sess_table = session_table_new();
|
2024-03-29 19:44:20 +08:00
|
|
|
mgr->sess_timer = session_timer_new(now);
|
2024-04-08 11:28:45 +08:00
|
|
|
if (mgr->sess_pool == NULL || mgr->tcp_sess_table == NULL || mgr->udp_sess_table == NULL || mgr->sess_timer == NULL)
|
2024-01-17 11:47:55 +08:00
|
|
|
{
|
|
|
|
|
goto error;
|
|
|
|
|
}
|
2024-04-08 11:28:45 +08:00
|
|
|
if (mgr->opts.evicted_session_filter_enable)
|
|
|
|
|
{
|
2024-04-09 15:07:53 +08:00
|
|
|
mgr->evicte_sess_filter = evicted_session_filter_new(mgr->opts.evicted_session_filter_capacity,
|
|
|
|
|
mgr->opts.evicted_session_filter_timeout,
|
|
|
|
|
mgr->opts.evicted_session_filter_error_rate, now);
|
2024-04-08 11:28:45 +08:00
|
|
|
if (mgr->evicte_sess_filter == NULL)
|
|
|
|
|
{
|
|
|
|
|
goto error;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (mgr->opts.duplicated_packet_filter_enable)
|
|
|
|
|
{
|
2024-04-09 15:07:53 +08:00
|
|
|
mgr->dup_pkt_filter = duplicated_packet_filter_new(mgr->opts.duplicated_packet_filter_capacity,
|
|
|
|
|
mgr->opts.duplicated_packet_filter_timeout,
|
|
|
|
|
mgr->opts.duplicated_packet_filter_error_rate, now);
|
2024-04-08 11:28:45 +08:00
|
|
|
if (mgr->dup_pkt_filter == NULL)
|
|
|
|
|
{
|
|
|
|
|
goto error;
|
|
|
|
|
}
|
|
|
|
|
}
|
2023-12-19 10:47:26 +08:00
|
|
|
|
2024-03-29 17:45:41 +08:00
|
|
|
INIT_LIST_HEAD(&mgr->evicte_queue);
|
2024-03-29 16:32:16 +08:00
|
|
|
session_transition_init();
|
|
|
|
|
|
2023-12-13 19:20:34 +08:00
|
|
|
return mgr;
|
|
|
|
|
|
|
|
|
|
error:
|
2024-03-08 14:20:36 +08:00
|
|
|
session_manager_free(mgr);
|
2023-12-13 19:20:34 +08:00
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2024-03-08 14:20:36 +08:00
|
|
|
void session_manager_free(struct session_manager *mgr)
|
2023-12-13 19:20:34 +08:00
|
|
|
{
|
2024-01-31 14:45:50 +08:00
|
|
|
struct session *sess;
|
2023-12-13 19:20:34 +08:00
|
|
|
if (mgr)
|
|
|
|
|
{
|
2024-03-14 10:56:09 +08:00
|
|
|
// free all evicted session
|
2024-03-29 17:45:41 +08:00
|
|
|
while (!list_empty(&mgr->evicte_queue))
|
2024-01-31 14:45:50 +08:00
|
|
|
{
|
2024-03-29 17:45:41 +08:00
|
|
|
sess = list_first_entry(&mgr->evicte_queue, struct session, evicte);
|
|
|
|
|
list_del(&sess->evicte);
|
2024-03-08 18:10:38 +08:00
|
|
|
session_manager_free_session(mgr, sess);
|
2024-01-31 14:45:50 +08:00
|
|
|
}
|
2024-03-14 10:56:09 +08:00
|
|
|
// free all udp session
|
|
|
|
|
while (mgr->udp_sess_table && (sess = session_table_find_lru(mgr->udp_sess_table)))
|
2024-01-31 14:45:50 +08:00
|
|
|
{
|
|
|
|
|
session_manager_free_session(mgr, sess);
|
|
|
|
|
}
|
2024-03-14 10:56:09 +08:00
|
|
|
// free all tcp session
|
|
|
|
|
while (mgr->tcp_sess_table && (sess = session_table_find_lru(mgr->tcp_sess_table)))
|
2024-01-31 14:45:50 +08:00
|
|
|
{
|
|
|
|
|
session_manager_free_session(mgr, sess);
|
|
|
|
|
}
|
2024-04-08 11:28:45 +08:00
|
|
|
if (mgr->opts.evicted_session_filter_enable)
|
|
|
|
|
{
|
|
|
|
|
evicted_session_filter_free(mgr->evicte_sess_filter);
|
|
|
|
|
}
|
|
|
|
|
if (mgr->opts.duplicated_packet_filter_enable)
|
|
|
|
|
{
|
|
|
|
|
duplicated_packet_filter_free(mgr->dup_pkt_filter);
|
|
|
|
|
}
|
2024-03-08 14:20:36 +08:00
|
|
|
session_timer_free(mgr->sess_timer);
|
|
|
|
|
session_table_free(mgr->udp_sess_table);
|
|
|
|
|
session_table_free(mgr->tcp_sess_table);
|
|
|
|
|
session_pool_free(mgr->sess_pool);
|
2023-12-13 19:20:34 +08:00
|
|
|
free(mgr);
|
|
|
|
|
mgr = NULL;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2024-05-16 10:32:42 +08:00
|
|
|
void session_manager_record_duplicated_packet(struct session_manager *mgr, const struct packet *pkt, uint64_t now)
|
|
|
|
|
{
|
|
|
|
|
if (mgr->opts.duplicated_packet_filter_enable)
|
|
|
|
|
{
|
|
|
|
|
duplicated_packet_filter_add(mgr->dup_pkt_filter, pkt, now);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2024-03-14 10:56:09 +08:00
|
|
|
struct session *session_manager_new_session(struct session_manager *mgr, const struct packet *pkt, uint64_t now)
|
2023-12-22 18:18:21 +08:00
|
|
|
{
|
|
|
|
|
struct tuple6 key;
|
2024-01-17 11:47:55 +08:00
|
|
|
if (packet_get_innermost_tuple6(pkt, &key))
|
2023-12-22 18:18:21 +08:00
|
|
|
{
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
2024-03-14 10:56:09 +08:00
|
|
|
switch (key.ip_proto)
|
2023-12-13 19:20:34 +08:00
|
|
|
{
|
2024-03-14 10:56:09 +08:00
|
|
|
case IPPROTO_TCP:
|
2024-04-09 15:07:53 +08:00
|
|
|
if (tcp_overload_bypass(mgr, &key, now))
|
|
|
|
|
{
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
2024-03-14 10:56:09 +08:00
|
|
|
return session_manager_new_tcp_session(mgr, pkt, &key, now);
|
|
|
|
|
case IPPROTO_UDP:
|
2024-04-09 15:07:53 +08:00
|
|
|
if (udp_overload_bypass(mgr, &key, now))
|
|
|
|
|
{
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
if (evicted_session_bypass(mgr, &key, now))
|
|
|
|
|
{
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
2024-03-14 10:56:09 +08:00
|
|
|
return session_manager_new_udp_session(mgr, pkt, &key, now);
|
|
|
|
|
default:
|
2024-01-17 11:47:55 +08:00
|
|
|
return NULL;
|
2023-12-13 19:20:34 +08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2024-03-08 18:10:38 +08:00
|
|
|
void session_manager_free_session(struct session_manager *mgr, struct session *sess)
|
2023-12-13 19:20:34 +08:00
|
|
|
{
|
2024-01-23 14:30:46 +08:00
|
|
|
if (sess)
|
2023-12-22 18:18:21 +08:00
|
|
|
{
|
2024-04-01 17:13:26 +08:00
|
|
|
SESSION_LOG_DEBUG("session %lu closed (%s)", session_get_id(sess), closing_reason_to_str(session_get_closing_reason(sess)));
|
2024-03-08 18:10:38 +08:00
|
|
|
|
2024-03-14 10:56:09 +08:00
|
|
|
session_timer_del(mgr->sess_timer, sess);
|
|
|
|
|
switch (session_get_type(sess))
|
2024-01-23 14:30:46 +08:00
|
|
|
{
|
2024-03-14 10:56:09 +08:00
|
|
|
case SESSION_TYPE_TCP:
|
2024-04-16 18:34:41 +08:00
|
|
|
tcp_clean(mgr, sess);
|
2024-04-30 15:29:31 +08:00
|
|
|
if (session_table_find_sessid(mgr->tcp_sess_table, session_get_id(sess)) == sess)
|
|
|
|
|
{
|
|
|
|
|
session_table_del(mgr->tcp_sess_table, sess);
|
|
|
|
|
}
|
2024-04-09 15:07:53 +08:00
|
|
|
SESS_MGR_STAT_DEC(&mgr->stat, session_get_state(sess), tcp);
|
2024-04-30 17:03:36 +08:00
|
|
|
mgr->stat.curr_nr_tcp_sess_used--;
|
2024-03-14 10:56:09 +08:00
|
|
|
break;
|
|
|
|
|
case SESSION_TYPE_UDP:
|
2024-04-30 15:29:31 +08:00
|
|
|
if (session_table_find_sessid(mgr->udp_sess_table, session_get_id(sess)) == sess)
|
|
|
|
|
{
|
|
|
|
|
session_table_del(mgr->udp_sess_table, sess);
|
|
|
|
|
}
|
2024-04-09 15:07:53 +08:00
|
|
|
SESS_MGR_STAT_DEC(&mgr->stat, session_get_state(sess), udp);
|
2024-04-30 17:03:36 +08:00
|
|
|
mgr->stat.curr_nr_udp_sess_used--;
|
2024-03-14 10:56:09 +08:00
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
assert(0);
|
|
|
|
|
break;
|
2024-01-23 14:30:46 +08:00
|
|
|
}
|
2024-04-09 15:07:53 +08:00
|
|
|
|
2024-05-08 18:24:26 +08:00
|
|
|
session_free_all_ex_data(sess);
|
2024-05-09 14:57:12 +08:00
|
|
|
packet_free((struct packet *)session_get_first_packet(sess, FLOW_DIRECTION_C2S));
|
|
|
|
|
packet_free((struct packet *)session_get_first_packet(sess, FLOW_DIRECTION_S2C));
|
|
|
|
|
session_set_first_packet(sess, FLOW_DIRECTION_C2S, NULL);
|
|
|
|
|
session_set_first_packet(sess, FLOW_DIRECTION_S2C, NULL);
|
|
|
|
|
session_clear_route_ctx(sess, FLOW_DIRECTION_C2S);
|
|
|
|
|
session_clear_route_ctx(sess, FLOW_DIRECTION_S2C);
|
|
|
|
|
session_clear_sid_list(sess, FLOW_DIRECTION_C2S);
|
|
|
|
|
session_clear_sid_list(sess, FLOW_DIRECTION_S2C);
|
2024-04-09 15:07:53 +08:00
|
|
|
session_set_current_packet(sess, NULL);
|
2024-05-16 17:05:45 +08:00
|
|
|
session_set_current_flow_direction(sess, FLOW_DIRECTION_NONE);
|
2024-03-09 19:28:14 +08:00
|
|
|
session_pool_push(mgr->sess_pool, sess);
|
2024-03-08 18:10:38 +08:00
|
|
|
sess = NULL;
|
2023-12-22 18:18:21 +08:00
|
|
|
}
|
2024-01-17 11:47:55 +08:00
|
|
|
}
|
2023-12-22 18:18:21 +08:00
|
|
|
|
2024-05-16 19:13:36 +08:00
|
|
|
struct session *session_manager_lookup_session(struct session_manager *mgr, const struct packet *pkt, uint64_t now)
|
2024-01-17 11:47:55 +08:00
|
|
|
{
|
2024-03-14 10:56:09 +08:00
|
|
|
struct tuple6 key;
|
|
|
|
|
if (packet_get_innermost_tuple6(pkt, &key))
|
2024-03-08 18:10:38 +08:00
|
|
|
{
|
2024-03-14 10:56:09 +08:00
|
|
|
return NULL;
|
2024-03-08 18:10:38 +08:00
|
|
|
}
|
2024-03-14 10:56:09 +08:00
|
|
|
switch (key.ip_proto)
|
2024-03-08 18:10:38 +08:00
|
|
|
{
|
2024-03-14 10:56:09 +08:00
|
|
|
case IPPROTO_UDP:
|
2024-04-24 11:39:15 +08:00
|
|
|
return session_table_find_tuple6(mgr->udp_sess_table, &key);
|
2024-03-14 10:56:09 +08:00
|
|
|
case IPPROTO_TCP:
|
2024-05-16 19:13:36 +08:00
|
|
|
return session_manager_lookup_tcp_session(mgr, pkt, &key, now);
|
2024-03-14 10:56:09 +08:00
|
|
|
default:
|
|
|
|
|
return NULL;
|
2024-03-08 18:10:38 +08:00
|
|
|
}
|
2024-03-14 10:56:09 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int session_manager_update_session(struct session_manager *mgr, struct session *sess, const struct packet *pkt, uint64_t now)
|
|
|
|
|
{
|
|
|
|
|
struct tuple6 key;
|
|
|
|
|
if (packet_get_innermost_tuple6(pkt, &key))
|
2024-03-08 18:10:38 +08:00
|
|
|
{
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
2024-04-11 11:26:50 +08:00
|
|
|
if (duplicated_packet_bypass(mgr, sess, pkt, &key, now))
|
|
|
|
|
{
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
2024-03-14 10:56:09 +08:00
|
|
|
switch (session_get_type(sess))
|
|
|
|
|
{
|
|
|
|
|
case SESSION_TYPE_TCP:
|
|
|
|
|
return session_manager_update_tcp_session(mgr, sess, pkt, &key, now);
|
|
|
|
|
case SESSION_TYPE_UDP:
|
|
|
|
|
return session_manager_update_udp_session(mgr, sess, pkt, &key, now);
|
|
|
|
|
default:
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
2024-03-08 18:10:38 +08:00
|
|
|
}
|
2024-01-17 11:47:55 +08:00
|
|
|
|
2024-03-14 10:56:09 +08:00
|
|
|
struct session *session_manager_get_expired_session(struct session_manager *mgr, uint64_t now)
|
2024-03-08 18:10:38 +08:00
|
|
|
{
|
2024-03-14 10:56:09 +08:00
|
|
|
struct session *sess = session_timer_expire(mgr->sess_timer, now);
|
2024-01-17 11:47:55 +08:00
|
|
|
if (sess)
|
2023-12-13 19:20:34 +08:00
|
|
|
{
|
2024-03-14 10:56:09 +08:00
|
|
|
enum session_state curr_state = session_get_state(sess);
|
|
|
|
|
enum session_state next_state = session_transition_run(curr_state, TIMEOUT);
|
|
|
|
|
session_transition_log(sess, curr_state, next_state, TIMEOUT);
|
|
|
|
|
session_set_state(sess, next_state);
|
2024-04-09 10:36:39 +08:00
|
|
|
|
|
|
|
|
switch (session_get_type(sess))
|
|
|
|
|
{
|
|
|
|
|
case SESSION_TYPE_TCP:
|
2024-04-09 15:07:53 +08:00
|
|
|
SESS_MGR_STAT_UPDATE(&mgr->stat, curr_state, next_state, tcp);
|
2024-04-09 10:36:39 +08:00
|
|
|
break;
|
|
|
|
|
case SESSION_TYPE_UDP:
|
2024-04-09 15:07:53 +08:00
|
|
|
SESS_MGR_STAT_UPDATE(&mgr->stat, curr_state, next_state, udp);
|
2024-04-09 10:36:39 +08:00
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
assert(0);
|
|
|
|
|
break;
|
|
|
|
|
}
|
2024-03-14 10:56:09 +08:00
|
|
|
|
2024-04-10 11:40:26 +08:00
|
|
|
// next state is closed, need to free session
|
2024-03-14 10:56:09 +08:00
|
|
|
if (next_state == SESSION_STATE_CLOSED)
|
2024-03-08 18:10:38 +08:00
|
|
|
{
|
2024-03-14 10:56:09 +08:00
|
|
|
if (!session_get_closing_reason(sess))
|
|
|
|
|
{
|
|
|
|
|
session_set_closing_reason(sess, CLOSING_BY_TIMEOUT);
|
|
|
|
|
}
|
2024-03-08 18:10:38 +08:00
|
|
|
return sess;
|
|
|
|
|
}
|
2024-04-10 11:40:26 +08:00
|
|
|
// next state is closing, only update timeout
|
2024-03-14 10:56:09 +08:00
|
|
|
else
|
|
|
|
|
{
|
2024-04-10 11:40:26 +08:00
|
|
|
switch (session_get_type(sess))
|
|
|
|
|
{
|
|
|
|
|
case SESSION_TYPE_TCP:
|
|
|
|
|
session_timer_update(mgr->sess_timer, sess, now + mgr->opts.tcp_data_timeout);
|
|
|
|
|
break;
|
|
|
|
|
case SESSION_TYPE_UDP:
|
|
|
|
|
session_timer_update(mgr->sess_timer, sess, now + mgr->opts.udp_data_timeout);
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
assert(0);
|
|
|
|
|
break;
|
|
|
|
|
}
|
2024-03-14 10:56:09 +08:00
|
|
|
return NULL;
|
|
|
|
|
}
|
2023-12-22 18:18:21 +08:00
|
|
|
}
|
|
|
|
|
|
2024-03-08 18:10:38 +08:00
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
struct session *session_manager_get_evicted_session(struct session_manager *mgr)
|
|
|
|
|
{
|
2024-03-29 17:45:41 +08:00
|
|
|
if (list_empty(&mgr->evicte_queue))
|
|
|
|
|
{
|
2024-04-02 16:21:39 +08:00
|
|
|
return NULL;
|
2024-03-29 17:45:41 +08:00
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2024-04-02 16:21:39 +08:00
|
|
|
struct session *sess = list_first_entry(&mgr->evicte_queue, struct session, evicte);
|
2024-03-29 17:45:41 +08:00
|
|
|
list_del(&sess->evicte);
|
|
|
|
|
return sess;
|
|
|
|
|
}
|
2023-12-22 18:18:21 +08:00
|
|
|
}
|
2023-12-19 10:47:26 +08:00
|
|
|
|
2024-01-17 11:47:55 +08:00
|
|
|
uint64_t session_manager_get_expire_interval(struct session_manager *mgr)
|
2023-12-22 18:18:21 +08:00
|
|
|
{
|
2024-01-17 11:47:55 +08:00
|
|
|
return session_timer_next_expire_interval(mgr->sess_timer);
|
2023-12-13 19:20:34 +08:00
|
|
|
}
|
2023-12-19 10:47:26 +08:00
|
|
|
|
2024-04-18 14:20:28 +08:00
|
|
|
struct session_manager_stat *session_manager_stat(struct session_manager *mgr)
|
2024-03-08 14:25:01 +08:00
|
|
|
{
|
2024-03-11 15:04:18 +08:00
|
|
|
return &mgr->stat;
|
2024-03-08 14:25:01 +08:00
|
|
|
}
|
