gfwleak/stellar-stellar
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Export tuple.h / packet.h / session.h to the include directory

Browse Source
This commit is contained in:
luwenpeng
2024-04-10 11:40:26 +08:00
parent a5a133bf91
commit 24e109e34f
51 changed files with 1238 additions and 1067 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
conf/stellar.toml
View File

@@ -36,6 +36,7 @@ tcp_discard_timeout = 90000 # range: [1, 15999999000] (ms)
tcp_unverified_rst_timeout = 10000 # range: [1, 600000] (ms)
# UDP timeout
udp_data_timeout = 10000 # range: [1, 15999999000] (ms)
udp_discard_timeout = 90000 # range: [1, 15999999000] (ms)
# duplicate packet filter
duplicated_packet_filter_enable = 1

126
include/packet.h Normal file
View File

@@ -0,0 +1,126 @@
#ifndef _PACKET_H
#define _PACKET_H
#ifdef __cpluscplus
extern "C"
{
#endif
#include "tuple.h"
enum layer_type
{
// L2 -- data link layer
LAYER_TYPE_ETHER = 1 << 0,
LAYER_TYPE_PPP = 1 << 1,
LAYER_TYPE_HDLC = 1 << 2,
LAYER_TYPE_L2 = (LAYER_TYPE_ETHER | LAYER_TYPE_PPP | LAYER_TYPE_HDLC),
// L2 -- tunnel
LAYER_TYPE_VLAN = 1 << 3,
LAYER_TYPE_PPPOE = 1 << 4,
LAYER_TYPE_MPLS = 1 << 5,
LAYER_TYPE_L2_TUN = (LAYER_TYPE_VLAN | LAYER_TYPE_PPPOE | LAYER_TYPE_MPLS),
// L3 -- network layer
LAYER_TYPE_IPV4 = 1 << 6,
LAYER_TYPE_IPV6 = 1 << 7,
LAYER_TYPE_L3 = (LAYER_TYPE_IPV4 | LAYER_TYPE_IPV6),
// L3 -- tunnel
LAYER_TYPE_GRE = 1 << 8,
LAYER_TYPE_L3_TUN = (LAYER_TYPE_GRE),
// L4 -- transport layer
LAYER_TYPE_UDP = 1 << 9,
LAYER_TYPE_TCP = 1 << 10,
LAYER_TYPE_L4 = (LAYER_TYPE_UDP | LAYER_TYPE_TCP),
// L4 -- tunnel
LAYER_TYPE_VXLAN = 1 << 11,
LAYER_TYPE_GTPV1_U = 1 << 12,
// ALL
LAYER_TYPE_ALL = (LAYER_TYPE_L2 | LAYER_TYPE_L2_TUN | LAYER_TYPE_L3 | LAYER_TYPE_L3_TUN | LAYER_TYPE_L4 | LAYER_TYPE_VXLAN | LAYER_TYPE_GTPV1_U),
};
struct packet_layer
{
enum layer_type type;
const char *hdr_ptr; // header pointer
const char *pld_ptr; // payload pointer
uint16_t hdr_offset; // header offset from data_ptr
uint16_t hdr_len; // header length
uint16_t pld_len; // payload length
};
// return 0: found
// return -1: not found
int packet_get_innermost_tuple2(const struct packet *pkt, struct tuple2 *tuple);
int packet_get_outermost_tuple2(const struct packet *pkt, struct tuple2 *tuple);
// return 0: found
// return -1: not found
int packet_get_innermost_tuple4(const struct packet *pkt, struct tuple4 *tuple);
int packet_get_outermost_tuple4(const struct packet *pkt, struct tuple4 *tuple);
// return 0: found
// return -1: not found
int packet_get_innermost_tuple6(const struct packet *pkt, struct tuple6 *tuple);
int packet_get_outermost_tuple6(const struct packet *pkt, struct tuple6 *tuple);
const struct packet_layer *packet_get_innermost_layer(const struct packet *pkt, enum layer_type type);
const struct packet_layer *packet_get_outermost_layer(const struct packet *pkt, enum layer_type type);
int8_t packet_get_layers(const struct packet *pkt);
const struct packet_layer *packet_get_layer(const struct packet *pkt, int8_t idx);
/*
******************************************************************************
* Example: getting the innermost TCP layer
******************************************************************************
*
* |<--------------------------- pkt->data_len -------------------------->|
* +----------+------+-----+-------+------+---------------+---------------+
* | Ethernet | IPv4 | UDP | GTP-U | IPv4 | TCP | Payload |
* +----------+------+-----+-------+------+---------------+---------------+
* ^ ^ ^
* | | |
* |<------------ hdr_offset ------------>|<-- hdr_len -->|<-- pld_len -->|
* | | |
* | | +-- pld_ptr
* | +-- hdr_ptr
* +-- data_ptr
*
* const struct packet_layer *tcp_layer = packet_get_innermost_layer(pkt, LAYER_TYPE_TCP);
* const struct tcphdr *hdr = (const struct tcphdr *)tcp_layer->hdr_ptr;
* uint16_t src_port = ntohs(hdr->th_sport);
* uint16_t dst_port = ntohs(hdr->th_dport);
* uint32_t seq = ntohl(hdr->th_seq);
* uint32_t ack = ntohl(hdr->th_ack);
*
******************************************************************************
* Example: foreach layer in packet
******************************************************************************
*
* // inorder
* int8_t layers = packet_get_layers(pkt);
* for (int8_t i = 0; i < layers; i++)
* {
* const struct packet_layer *layer = packet_get_layer(pkt, i);
* printf("layer[%d]: type=%d, hdr_offset=%d, hdr_len=%d, pld_len=%d\n", i, layer->type, layer->hdr_offset, layer->hdr_len, layer->pld_len);
* }
*
* // reverse
* for (int8_t i = layers - 1; i >= 0; i--)
* {
* const struct packet_layer *layer = packet_get_layer(pkt, i);
* printf("layer[%d]: type=%d, hdr_offset=%d, hdr_len=%d, pld_len=%d\n", i, layer->type, layer->hdr_offset, layer->hdr_len, layer->pld_len);
* }
*/
#ifdef __cpluscplus
}
#endif
#endif

131
include/session.h Normal file
View File

@@ -0,0 +1,131 @@
#ifndef _SESSION_H
#define _SESSION_H
#ifdef __cpluscplus
extern "C"
{
#endif
#include <stdint.h>
#include "packet.h"
enum session_state
{
SESSION_STATE_INIT = 0,
SESSION_STATE_OPENING = 1,
SESSION_STATE_ACTIVE = 2,
SESSION_STATE_CLOSING = 3,
SESSION_STATE_DISCARD = 4,
SESSION_STATE_CLOSED = 5,
MAX_STATE = 6,
};
enum session_type
{
SESSION_TYPE_TCP = 0x1,
SESSION_TYPE_UDP = 0x2,
};
enum session_direction
{
SESSION_DIRECTION_NONE = -1,
SESSION_DIRECTION_C2S = 0,
SESSION_DIRECTION_S2C = 1,
MAX_DIRECTION = 2,
};
enum closing_reason
{
CLOSING_BY_TIMEOUT = 0x1,
CLOSING_BY_EVICTED = 0x2,
CLOSING_BY_CLIENT_FIN = 0x3,
CLOSING_BY_CLIENT_RST = 0x4,
CLOSING_BY_SERVER_FIN = 0x5,
CLOSING_BY_SERVER_RST = 0x6,
};
enum session_stat
{
// raw packet
STAT_RAW_PKTS_RX,
STAT_RAW_BYTES_RX,
STAT_RAW_PKTS_TX,
STAT_RAW_BYTES_TX,
STAT_RAW_PKTS_DROP,
STAT_RAW_BYTES_DROP,
STAT_DUP_PKTS_BYPASS,
STAT_DUP_BYTES_BYPASS,
// control packet
STAT_CTRL_PKTS_RX, // TODO
STAT_CTRL_BYTES_RX, // TODO
STAT_CTRL_PKTS_TX,
STAT_CTRL_BYTES_TX,
STAT_CTRL_PKTS_DROP,
STAT_CTRL_BYTES_DROP,
// TCP segment
STAT_TCP_SEGS_RX,
STAT_TCP_PLDS_RX,
STAT_TCP_SEGS_EXPIRED,
STAT_TCP_PLDS_EXPIRED,
STAT_TCP_SEGS_OVERLAP,
STAT_TCP_PLDS_OVERLAP,
STAT_TCP_SEGS_NOSPACE,
STAT_TCP_PLDS_NOSPACE,
STAT_TCP_SEGS_INORDER,
STAT_TCP_PLDS_INORDER,
STAT_TCP_SEGS_REORDERED,
STAT_TCP_PLDS_REORDERED,
STAT_TCP_SEGS_BUFFERED,
STAT_TCP_PLDS_BUFFERED,
STAT_TCP_SEGS_RELEASED,
STAT_TCP_PLDS_RELEASED,
MAX_STAT,
};
enum session_timestamp
{
SESSION_TIMESTAMP_START,
SESSION_TIMESTAMP_LAST,
MAX_TIMESTAMP,
};
struct session;
int session_has_dup_traffic(const struct session *sess);
enum session_type session_get_type(const struct session *sess);
enum session_state session_get_state(const struct session *sess);
enum closing_reason session_get_closing_reason(const struct session *sess);
enum session_direction session_get_current_direction(const struct session *sess);
const struct packet *session_get_1st_packet(const struct session *sess, enum session_direction dir);
uint64_t session_get_id(const struct session *sess);
uint64_t session_get_timestamp(const struct session *sess, enum session_timestamp type);
uint64_t session_get_stat(const struct session *sess, enum session_direction dir, enum session_stat stat);
const char *session_get_tuple_str(const struct session *sess);
const char *session_type_to_str(enum session_type type);
const char *session_state_to_str(enum session_state state);
const char *session_direction_to_str(enum session_direction dir);
const char *closing_reason_to_str(enum closing_reason reason);
#ifdef __cpluscplus
}
#endif
#endif

2
src/tuple/tuple.h → include/tuple.h
View File

@@ -80,6 +80,8 @@ void tuple6_reverse(const struct tuple6 *in, struct tuple6 *out);
void tuple2_to_str(const struct tuple2 *tuple, char *buf, uint32_t size);
void tuple4_to_str(const struct tuple4 *tuple, char *buf, uint32_t size);
void tuple5_to_str(const struct tuple5 *tuple, char *buf, uint32_t size);
// output format: "src_addr:src_port -> dst_addr:dst_port, proto: ip_proto, domain: domain"
// output max len: 46 + 1 + 5 + 4 + 46 + 1 + 5 + 9 + 1 + 10 + 20 = 107
void tuple6_to_str(const struct tuple6 *tuple, char *buf, uint32_t size);
#ifdef __cpluscplus

9
src/config/config.cpp
View File

@@ -299,6 +299,14 @@ static int parse_session_manager_section(toml_table_t *root, struct session_mana
}
opts->udp_data_timeout = atoll(ptr);
ptr = toml_raw_in(table, "udp_discard_timeout");
if (ptr == NULL)
{
CONFIG_LOG_ERROR("config file missing session_manager->udp_discard_timeout");
return -1;
}
opts->udp_discard_timeout = atoll(ptr);
// duplicate packet filter
ptr = toml_raw_in(table, "duplicated_packet_filter_enable");
if (ptr == NULL)
@@ -509,6 +517,7 @@ void print_config_options(struct config *config)
CONFIG_LOG_DEBUG("session_manager->tcp_discard_timeout : %ld", session_manager_opts->tcp_discard_timeout);
CONFIG_LOG_DEBUG("session_manager->tcp_unverified_rst_timeout : %ld", session_manager_opts->tcp_unverified_rst_timeout);
CONFIG_LOG_DEBUG("session_manager->udp_data_timeout : %ld", session_manager_opts->udp_data_timeout);
CONFIG_LOG_DEBUG("session_manager->udp_discard_timeout : %ld", session_manager_opts->udp_discard_timeout);
// session manager config -> duplicated packet filter
CONFIG_LOG_DEBUG("session_manager->duplicated_packet_filter_enable : %d", session_manager_opts->duplicated_packet_filter_enable);

4
src/duplicated_packet_filter/duplicated_packet_filter.cpp
View File

@@ -33,12 +33,12 @@ struct duplicated_packet_filter
// reutrn -1: error
static inline int duplicated_packet_key_get(const struct packet *packet, struct duplicated_packet_key *key)
{
const struct pkt_layer *ipv4_layer = packet_get_innermost_layer(packet, LAYER_TYPE_IPV4);
const struct packet_layer *ipv4_layer = packet_get_innermost_layer(packet, LAYER_TYPE_IPV4);
if (ipv4_layer == NULL)
{
return -1;
}
const struct pkt_layer *tcp_layer = packet_get_innermost_layer(packet, LAYER_TYPE_TCP);
const struct packet_layer *tcp_layer = packet_get_innermost_layer(packet, LAYER_TYPE_TCP);
if (tcp_layer == NULL)
{
return -1;

2
src/duplicated_packet_filter/duplicated_packet_filter.h
View File

@@ -9,7 +9,7 @@ extern "C"
// Duplicated Packet Filter for IPv4-Based TCP Packet
#include "log.h"
#include "packet.h"
#include "packet_private.h"
#define DUPLICATED_PACKET_FILTER_LOG_ERROR(format, ...) LOG_ERROR("duplicated packet filter", format, ##__VA_ARGS__)

10
src/ip_reassembly/ip_reassembly.cpp
View File

@@ -3,7 +3,7 @@
#include <sys/queue.h>
#include <assert.h>
#include "packet.h"
#include "packet_private.h"
#include "crc32_hash.h"
#include "checksum.h"
#include "ipv4_utils.h"
@@ -300,7 +300,7 @@ static inline void ip_flow_key_zero(struct ip_flow_key *key)
static inline void ip_frag_hdr_init(struct ip_frag_hdr *hdr, const struct packet *pkt)
{
struct pkt_layer *layer = pkt->frag_layer;
struct packet_layer *layer = pkt->frag_layer;
if (layer->type == LAYER_TYPE_IPV6)
{
@@ -854,7 +854,7 @@ struct packet *ip_reassembly_packet(struct ip_reassembly *assy, const struct pac
return NULL;
}
const struct pkt_layer *layer = pkt->frag_layer;
const struct packet_layer *layer = pkt->frag_layer;
if (layer == NULL)
{
return NULL;
@@ -892,7 +892,7 @@ struct packet *ip_reassembly_packet(struct ip_reassembly *assy, const struct pac
struct packet *ipv4_reassembly_packet(struct ip_reassembly *assy, const struct packet *pkt, uint64_t now)
{
const struct pkt_layer *layer = pkt->frag_layer;
const struct packet_layer *layer = pkt->frag_layer;
const struct ip *hdr = (const struct ip *)layer->hdr_ptr;
uint16_t frag_len = ipv4_hdr_get_total_len(hdr) - ipv4_hdr_get_hdr_len(hdr);
if (frag_len > layer->pld_len)
@@ -978,7 +978,7 @@ struct packet *ipv4_reassembly_packet(struct ip_reassembly *assy, const struct p
struct packet *ipv6_reassembly_packet(struct ip_reassembly *assy, const struct packet *pkt, uint64_t now)
{
const struct pkt_layer *layer = pkt->frag_layer;
const struct packet_layer *layer = pkt->frag_layer;
const struct ip6_hdr *hdr = (const struct ip6_hdr *)layer->hdr_ptr;
const struct ip6_frag *frag_hdr = ipv6_hdr_get_frag_ext(hdr);
if (frag_hdr == NULL)

2
src/ip_reassembly/ip_reassembly.h
View File

@@ -6,7 +6,7 @@ extern "C"
{
#endif
#include "packet.h"
#include "packet_private.h"
#include "log.h"
#define IP_REASSEMBLE_DEBUG(format, ...) LOG_DEBUG("ip_reassembly", format, ##__VA_ARGS__)

8
src/ip_reassembly/test/gtest_ipv4_reassembly.cpp
View File

@@ -196,7 +196,7 @@ TEST(IPV4_REASSEMBLE, PADDING_ORDER)
{
struct packet pkt;
struct packet *new_pkt;
const struct pkt_layer *layer;
const struct packet_layer *layer;
struct ip_reassembly *assy;
struct ip_reassembly_options opts = {
.enable = true,
@@ -289,7 +289,7 @@ TEST(IPV4_REASSEMBLE, PADDING_UNORDER)
{
struct packet pkt;
struct packet *new_pkt;
const struct pkt_layer *layer;
const struct packet_layer *layer;
struct ip_reassembly *assy;
struct ip_reassembly_options opts = {
.enable = true,
@@ -433,7 +433,7 @@ TEST(IPV4_REASSEMBLE, DUP_FIRST_FRAG)
{
struct packet pkt;
struct packet *new_pkt;
const struct pkt_layer *layer;
const struct packet_layer *layer;
struct ip_reassembly *assy;
struct ip_reassembly_options opts = {
.enable = true,
@@ -537,7 +537,7 @@ TEST(IPV4_REASSEMBLE, DUP_LAST_FRAG)
{
struct packet pkt;
struct packet *new_pkt;
const struct pkt_layer *layer;
const struct packet_layer *layer;
struct ip_reassembly *assy;
struct ip_reassembly_options opts = {
.enable = true,

6
src/ip_reassembly/test/gtest_ipv6_reassembly.cpp
View File

@@ -607,7 +607,7 @@ TEST(IPV6_REASSEMBLE, NORMAL)
{
struct packet pkt;
struct packet *new_pkt;
const struct pkt_layer *layer;
const struct packet_layer *layer;
struct ip_reassembly *assy;
struct ip_reassembly_options opts = {
.enable = true,
@@ -767,7 +767,7 @@ TEST(IPV6_REASSEMBLE, DUP_FIRST_FRAG)
{
struct packet pkt;
struct packet *new_pkt;
const struct pkt_layer *layer;
const struct packet_layer *layer;
struct ip_reassembly *assy;
struct ip_reassembly_options opts = {
.enable = true,
@@ -887,7 +887,7 @@ TEST(IPV6_REASSEMBLE, DUP_LAST_FRAG)
{
struct packet pkt;
struct packet *new_pkt;
const struct pkt_layer *layer;
const struct packet_layer *layer;
struct ip_reassembly *assy;
struct ip_reassembly_options opts = {
.enable = true,

6
src/ip_reassembly/test/gtest_utils.h
View File

@@ -16,7 +16,7 @@ extern "C"
static inline void packet_set_ipv4_src_addr(struct packet *pkt, uint32_t saddr)
{
const struct pkt_layer *ipv4_layer = packet_get_innermost_layer(pkt, LAYER_TYPE_IPV4);
const struct packet_layer *ipv4_layer = packet_get_innermost_layer(pkt, LAYER_TYPE_IPV4);
EXPECT_TRUE(ipv4_layer);
struct ip *hdr = (struct ip *)ipv4_layer->hdr_ptr;
ipv4_hdr_set_src_addr(hdr, saddr);
@@ -24,7 +24,7 @@ static inline void packet_set_ipv4_src_addr(struct packet *pkt, uint32_t saddr)
static inline void packet_set_ipv6_src_addr(struct packet *pkt, struct in6_addr saddr)
{
const struct pkt_layer *ipv6_layer = packet_get_innermost_layer(pkt, LAYER_TYPE_IPV6);
const struct packet_layer *ipv6_layer = packet_get_innermost_layer(pkt, LAYER_TYPE_IPV6);
EXPECT_TRUE(ipv6_layer);
struct ip6_hdr *hdr = (struct ip6_hdr *)ipv6_layer->hdr_ptr;
ipv6_hdr_set_src_in6_addr(hdr, saddr);
@@ -32,7 +32,7 @@ static inline void packet_set_ipv6_src_addr(struct packet *pkt, struct in6_addr
static inline void packet_set_ipv6_frag_offset(struct packet *pkt, uint16_t offset)
{
const struct pkt_layer *ipv6_layer = (struct pkt_layer *)packet_get_innermost_layer(pkt, LAYER_TYPE_IPV6);
const struct packet_layer *ipv6_layer = packet_get_innermost_layer(pkt, LAYER_TYPE_IPV6);
EXPECT_TRUE(ipv6_layer);
struct ip6_hdr *hdr = (struct ip6_hdr *)ipv6_layer->hdr_ptr;
struct ip6_frag *frag_hdr = ipv6_hdr_get_frag_ext(hdr);

1
src/packet/CMakeLists.txt
View File

@@ -1,6 +1,7 @@
add_library(packet packet.cpp)
target_include_directories(packet PUBLIC ${CMAKE_CURRENT_LIST_DIR})
target_include_directories(packet PUBLIC ${CMAKE_SOURCE_DIR}/deps/uthash)
target_include_directories(packet PUBLIC ${CMAKE_SOURCE_DIR}/include)
target_link_libraries(packet tuple log)
add_subdirectory(test)

82
src/packet/packet.cpp
View File

@@ -9,7 +9,7 @@
#include <linux/ppp_defs.h>
#include "uthash.h"
#include "packet.h"
#include "packet_private.h"
#include "udp_utils.h"
#include "tcp_utils.h"
#include "ipv4_utils.h"
@@ -55,7 +55,7 @@ static inline void set_tuple2(const char *data, enum layer_type type, struct tup
static inline void set_tuple4(const char *data, enum layer_type type, struct tuple4 *tuple);
static inline void set_tuple6(const char *data, enum layer_type type, struct tuple6 *tuple, uint64_t domain);
static inline struct pkt_layer *get_free_layer(struct packet *pkt);
static inline struct packet_layer *get_free_layer(struct packet *pkt);
static inline uint16_t get_gtp_hdr_len(const char *data, uint16_t len);
static inline uint16_t get_gre_hdr_len(const char *data, uint16_t len);
@@ -412,7 +412,7 @@ static inline void set_tuple6(const char *data, enum layer_type type, struct tup
}
}
static inline struct pkt_layer *get_free_layer(struct packet *pkt)
static inline struct packet_layer *get_free_layer(struct packet *pkt)
{
if (pkt->layers_used >= pkt->layers_size)
{
@@ -650,7 +650,7 @@ static inline const char *parse_ether(struct packet *pkt, const char *data, uint
return data;
}
struct pkt_layer *layer = get_free_layer(pkt);
struct packet_layer *layer = get_free_layer(pkt);
if (unlikely(layer == NULL))
{
return data;
@@ -670,7 +670,7 @@ static inline const char *parse_ppp(struct packet *pkt, const char *data, uint16
return data;
}
struct pkt_layer *layer = get_free_layer(pkt);
struct packet_layer *layer = get_free_layer(pkt);
if (unlikely(layer == NULL))
{
return data;
@@ -705,7 +705,7 @@ static inline const char *parse_vlan(struct packet *pkt, const char *data, uint1
return data;
}
struct pkt_layer *layer = get_free_layer(pkt);
struct packet_layer *layer = get_free_layer(pkt);
if (unlikely(layer == NULL))
{
return data;
@@ -728,7 +728,7 @@ static inline const char *parse_pppoe_ses(struct packet *pkt, const char *data,
return data;
}
struct pkt_layer *layer = get_free_layer(pkt);
struct packet_layer *layer = get_free_layer(pkt);
if (unlikely(layer == NULL))
{
return data;
@@ -784,7 +784,7 @@ static inline const char *parse_mpls(struct packet *pkt, const char *data, uint1
return data;
}
struct pkt_layer *layer = get_free_layer(pkt);
struct packet_layer *layer = get_free_layer(pkt);
if (unlikely(layer == NULL))
{
return data;
@@ -860,7 +860,7 @@ static inline const char *parse_ipv4(struct packet *pkt, const char *data, uint1
return data;
}
struct pkt_layer *layer = get_free_layer(pkt);
struct packet_layer *layer = get_free_layer(pkt);
if (unlikely(layer == NULL))
{
return data;
@@ -895,7 +895,7 @@ static inline const char *parse_ipv6(struct packet *pkt, const char *data, uint1
return data;
}
struct pkt_layer *layer = get_free_layer(pkt);
struct packet_layer *layer = get_free_layer(pkt);
if (unlikely(layer == NULL))
{
return data;
@@ -929,7 +929,7 @@ static inline const char *parse_gre(struct packet *pkt, const char *data, uint16
return data;
}
struct pkt_layer *layer = get_free_layer(pkt);
struct packet_layer *layer = get_free_layer(pkt);
if (unlikely(layer == NULL))
{
return data;
@@ -960,7 +960,7 @@ static inline const char *parse_udp(struct packet *pkt, const char *data, uint16
return data;
}
struct pkt_layer *layer = get_free_layer(pkt);
struct packet_layer *layer = get_free_layer(pkt);
if (unlikely(layer == NULL))
{
return data;
@@ -993,7 +993,7 @@ static inline const char *parse_tcp(struct packet *pkt, const char *data, uint16
return data;
}
struct pkt_layer *layer = get_free_layer(pkt);
struct packet_layer *layer = get_free_layer(pkt);
if (unlikely(layer == NULL))
{
return data;
@@ -1025,7 +1025,7 @@ static inline const char *parse_vxlan(struct packet *pkt, const char *data, uint
return data;
}
struct pkt_layer *layer = get_free_layer(pkt);
struct packet_layer *layer = get_free_layer(pkt);
if (unlikely(layer == NULL))
{
return data;
@@ -1045,7 +1045,7 @@ static inline const char *parse_gtpv1_u(struct packet *pkt, const char *data, ui
return data;
}
struct pkt_layer *layer = get_free_layer(pkt);
struct packet_layer *layer = get_free_layer(pkt);
if (unlikely(layer == NULL))
{
return data;
@@ -1149,7 +1149,7 @@ void packet_print(const struct packet *pkt)
pkt->layers_used, pkt->layers_size);
for (uint8_t i = 0; i < pkt->layers_used; i++)
{
const struct pkt_layer *layer = &pkt->layers[i];
const struct packet_layer *layer = &pkt->layers[i];
printf(" layer[%u]: %p, type: %s, hdr_offset: %u, hdr_ptr: %p, hdr_len: %u, pld_ptr: %p, pld_len: %u\n",
i, layer, layer_type_to_str(layer->type), layer->hdr_offset,
layer->hdr_ptr, layer->hdr_len, layer->pld_ptr, layer->pld_len);
@@ -1166,7 +1166,7 @@ void packet_print(const struct packet *pkt)
int packet_get_innermost_tuple2(const struct packet *pkt, struct tuple2 *tuple)
{
memset(tuple, 0, sizeof(struct tuple2));
const struct pkt_layer *layer = NULL;
const struct packet_layer *layer = NULL;
for (int8_t i = pkt->layers_used - 1; i >= 0; i--)
{
@@ -1187,7 +1187,7 @@ int packet_get_innermost_tuple2(const struct packet *pkt, struct tuple2 *tuple)
int packet_get_outermost_tuple2(const struct packet *pkt, struct tuple2 *tuple)
{
memset(tuple, 0, sizeof(struct tuple2));
const struct pkt_layer *layer = NULL;
const struct packet_layer *layer = NULL;
for (int8_t i = 0; i < pkt->layers_used; i++)
{
@@ -1208,9 +1208,9 @@ int packet_get_outermost_tuple2(const struct packet *pkt, struct tuple2 *tuple)
int packet_get_innermost_tuple4(const struct packet *pkt, struct tuple4 *tuple)
{
memset(tuple, 0, sizeof(struct tuple4));
const struct pkt_layer *layer_l3 = NULL;
const struct pkt_layer *layer_l4 = NULL;
const struct pkt_layer *layer = NULL;
const struct packet_layer *layer_l3 = NULL;
const struct packet_layer *layer_l4 = NULL;
const struct packet_layer *layer = NULL;
for (int8_t i = pkt->layers_used - 1; i >= 0; i--)
{
@@ -1248,9 +1248,9 @@ int packet_get_innermost_tuple4(const struct packet *pkt, struct tuple4 *tuple)
int packet_get_outermost_tuple4(const struct packet *pkt, struct tuple4 *tuple)
{
memset(tuple, 0, sizeof(struct tuple4));
const struct pkt_layer *layer_l3 = NULL;
const struct pkt_layer *layer_l4 = NULL;
const struct pkt_layer *layer = NULL;
const struct packet_layer *layer_l3 = NULL;
const struct packet_layer *layer_l4 = NULL;
const struct packet_layer *layer = NULL;
for (int8_t i = 0; i < pkt->layers_used; i++)
{
@@ -1288,9 +1288,9 @@ int packet_get_outermost_tuple4(const struct packet *pkt, struct tuple4 *tuple)
int packet_get_innermost_tuple6(const struct packet *pkt, struct tuple6 *tuple)
{
memset(tuple, 0, sizeof(struct tuple6));
const struct pkt_layer *layer_l3 = NULL;
const struct pkt_layer *layer_l4 = NULL;
const struct pkt_layer *layer = NULL;
const struct packet_layer *layer_l3 = NULL;
const struct packet_layer *layer_l4 = NULL;
const struct packet_layer *layer = NULL;
const struct metadata *meta = &pkt->meta;
for (int8_t i = pkt->layers_used - 1; i >= 0; i--)
@@ -1329,9 +1329,9 @@ int packet_get_innermost_tuple6(const struct packet *pkt, struct tuple6 *tuple)
int packet_get_outermost_tuple6(const struct packet *pkt, struct tuple6 *tuple)
{
memset(tuple, 0, sizeof(struct tuple6));
const struct pkt_layer *layer_l3 = NULL;
const struct pkt_layer *layer_l4 = NULL;
const struct pkt_layer *layer = NULL;
const struct packet_layer *layer_l3 = NULL;
const struct packet_layer *layer_l4 = NULL;
const struct packet_layer *layer = NULL;
const struct metadata *meta = &pkt->meta;
for (int8_t i = 0; i < pkt->layers_used; i++)
@@ -1365,9 +1365,9 @@ int packet_get_outermost_tuple6(const struct packet *pkt, struct tuple6 *tuple)
}
}
const struct pkt_layer *packet_get_innermost_layer(const struct packet *pkt, enum layer_type type)
const struct packet_layer *packet_get_innermost_layer(const struct packet *pkt, enum layer_type type)
{
const struct pkt_layer *layer = NULL;
const struct packet_layer *layer = NULL;
for (int8_t i = pkt->layers_used - 1; i >= 0; i--)
{
@@ -1381,9 +1381,9 @@ const struct pkt_layer *packet_get_innermost_layer(const struct packet *pkt, enu
return NULL;
}
const struct pkt_layer *packet_get_outermost_layer(const struct packet *pkt, enum layer_type type)
const struct packet_layer *packet_get_outermost_layer(const struct packet *pkt, enum layer_type type)
{
const struct pkt_layer *layer = NULL;
const struct packet_layer *layer = NULL;
for (int8_t i = 0; i < pkt->layers_used; i++)
{
@@ -1517,6 +1517,20 @@ uint64_t packet_get_hash(const struct packet *pkt, enum ldbc_method method, int
return hash_value;
}
int8_t packet_get_layers(const struct packet *pkt)
{
return pkt->layers_used;
}
const struct packet_layer *packet_get_layer(const struct packet *pkt, int8_t idx)
{
if (idx < 0 || idx >= pkt->layers_used)
{
return NULL;
}
return &pkt->layers[idx];
}
/******************************************************************************
* Packet Meta Data
******************************************************************************/

76
src/packet/packet.h → src/packet/packet_private.h
View File

@@ -1,5 +1,5 @@
#ifndef _PACKET_H
#define _PACKET_H
#ifndef _PACKET_PRIVATE_H
#define _PACKET_PRIVATE_H
#ifdef __cpluscplus
extern "C"
@@ -8,49 +8,15 @@ extern "C"
#include <stdint.h>
#include <stdio.h>
#include "tuple.h"
#include "log.h"
#include "tuple.h"
#include "packet.h"
#define PACKET_MAX_LAYERS 32
#define PACKET_LOG_ERROR(format, ...) LOG_ERROR("packet", format, ##__VA_ARGS__)
#define PACKET_LOG_DEBUG(format, ...) LOG_DEBUG("packet", format, ##__VA_ARGS__)
enum layer_type
{
// 数据链路层
LAYER_TYPE_ETHER = 1 << 0,
LAYER_TYPE_PPP = 1 << 1,
LAYER_TYPE_HDLC = 1 << 2,
LAYER_TYPE_L2 = (LAYER_TYPE_ETHER | LAYER_TYPE_PPP | LAYER_TYPE_HDLC),
// 数据链路层 -- 隧道
LAYER_TYPE_VLAN = 1 << 3,
LAYER_TYPE_PPPOE = 1 << 4,
LAYER_TYPE_MPLS = 1 << 5,
LAYER_TYPE_L2_TUN = (LAYER_TYPE_VLAN | LAYER_TYPE_PPPOE | LAYER_TYPE_MPLS),
// 网络层
LAYER_TYPE_IPV4 = 1 << 6,
LAYER_TYPE_IPV6 = 1 << 7,
LAYER_TYPE_L3 = (LAYER_TYPE_IPV4 | LAYER_TYPE_IPV6),
// 网络层 -- 隧道
LAYER_TYPE_GRE = 1 << 8,
LAYER_TYPE_L3_TUN = (LAYER_TYPE_GRE),
// 传输层
LAYER_TYPE_UDP = 1 << 9,
LAYER_TYPE_TCP = 1 << 10,
LAYER_TYPE_L4 = (LAYER_TYPE_UDP | LAYER_TYPE_TCP),
// 传输层 -- 隧道
LAYER_TYPE_VXLAN = 1 << 11,
LAYER_TYPE_GTPV1_U = 1 << 12,
// ALL
LAYER_TYPE_ALL = (LAYER_TYPE_L2 | LAYER_TYPE_L2_TUN | LAYER_TYPE_L3 | LAYER_TYPE_L3_TUN | LAYER_TYPE_L4 | LAYER_TYPE_VXLAN | LAYER_TYPE_GTPV1_U),
};
enum ldbc_method
{
LDBC_METHOD_HASH_INT_IP = 1,
@@ -102,20 +68,10 @@ struct metadata
enum packet_type type;
};
struct pkt_layer
{
enum layer_type type;
const char *hdr_ptr; // header pointer
const char *pld_ptr; // payload pointer
uint16_t hdr_offset; // header offset from data_ptr
uint16_t hdr_len; // header length
uint16_t pld_len; // payload length
};
struct packet
{
struct pkt_layer layers[PACKET_MAX_LAYERS];
struct pkt_layer *frag_layer; // fragment layer
struct packet_layer layers[PACKET_MAX_LAYERS];
struct packet_layer *frag_layer; // fragment layer
int8_t layers_used;
int8_t layers_size;
@@ -130,24 +86,6 @@ struct packet
const char *packet_parse(struct packet *pkt, const char *data, uint16_t len);
void packet_print(const struct packet *pkt);
// return 0: found
// return -1: not found
int packet_get_innermost_tuple2(const struct packet *pkt, struct tuple2 *tuple);
int packet_get_outermost_tuple2(const struct packet *pkt, struct tuple2 *tuple);
// return 0: found
// return -1: not found
int packet_get_innermost_tuple4(const struct packet *pkt, struct tuple4 *tuple);
int packet_get_outermost_tuple4(const struct packet *pkt, struct tuple4 *tuple);
// return 0: found
// return -1: not found
int packet_get_innermost_tuple6(const struct packet *pkt, struct tuple6 *tuple);
int packet_get_outermost_tuple6(const struct packet *pkt, struct tuple6 *tuple);
const struct pkt_layer *packet_get_innermost_layer(const struct packet *pkt, enum layer_type type);
const struct pkt_layer *packet_get_outermost_layer(const struct packet *pkt, enum layer_type type);
// direction 1: E2I
// direction 0: I2E
uint64_t packet_get_hash(const struct packet *pkt, enum ldbc_method method, int direction);

374
src/packet/test/gtest_packet.cpp
View File

File diff suppressed because it is too large Load Diff

2
src/packet/test/gtest_packet_frag.cpp
View File

@@ -1,6 +1,6 @@
#include <gtest/gtest.h>
#include "packet.h"
#include "packet_private.h"
/******************************************************************************
* [Protocols in frame: eth:ethertype:ip:data]

2
src/packet_io/packet_io.h
View File

@@ -6,7 +6,7 @@ extern "C"
{
#endif
#include "packet.h"
#include "packet_private.h"
#include "stellar.h"
#define PACKET_IO_LOG_STATE(format, ...) LOG_STATE("packet_io", format, ##__VA_ARGS__)

20
src/packet_io/packet_io_dumpfile.cpp
View File

@@ -210,7 +210,6 @@ int packet_io_dumpfile_ingress(struct packet_io_dumpfile *handle, uint16_t threa
return nr_parsed;
}
// pkts from packet_io_dumpfile_ingress
void packet_io_dumpfile_egress(struct packet_io_dumpfile *handle, uint16_t thread_id, struct packet *pkts, int nr_pkts)
{
struct packet *pkt = NULL;
@@ -222,12 +221,14 @@ void packet_io_dumpfile_egress(struct packet_io_dumpfile *handle, uint16_t threa
ATOMIC_ADD(&handle->stat.tx_bytes, packet_get_len(pkt));
struct pcap_pkt *pcap_pkt = (struct pcap_pkt *)packet_get_user_data(pkt);
assert(pcap_pkt != NULL);
if (pcap_pkt)
{
free(pcap_pkt);
}
packet_free(pkt);
}
}
// pkts from packet_io_dumpfile_ingress
void packet_io_dumpfile_drop(struct packet_io_dumpfile *handle, uint16_t thread_id, struct packet *pkts, int nr_pkts)
{
struct packet *pkt = NULL;
@@ -239,12 +240,14 @@ void packet_io_dumpfile_drop(struct packet_io_dumpfile *handle, uint16_t thread_
ATOMIC_ADD(&handle->stat.drop_bytes, packet_get_len(pkt));
struct pcap_pkt *pcap_pkt = (struct pcap_pkt *)packet_get_user_data(pkt);
assert(pcap_pkt != NULL);
if (pcap_pkt)
{
free(pcap_pkt);
}
packet_free(pkt);
}
}
// pkts build by packet_new
void packet_io_dumpfile_inject(struct packet_io_dumpfile *handle, uint16_t thread_id, struct packet *pkts, int nr_pkts)
{
struct packet *pkt = NULL;
@@ -255,8 +258,11 @@ void packet_io_dumpfile_inject(struct packet_io_dumpfile *handle, uint16_t threa
ATOMIC_ADD(&handle->stat.inject_pkts, 1);
ATOMIC_ADD(&handle->stat.inject_bytes, packet_get_len(pkt));
assert(packet_get_user_data(pkt) == NULL);
struct pcap_pkt *pcap_pkt = (struct pcap_pkt *)packet_get_user_data(pkt);
if (pcap_pkt)
{
free(pcap_pkt);
}
packet_free(pkt);
}
}

2
src/packet_io/packet_io_dumpfile.h
View File

@@ -6,7 +6,7 @@ extern "C"
{
#endif
#include "packet.h"
#include "packet_private.h"
struct packet_io_dumpfile_options
{

9
src/packet_io/packet_io_marsio.cpp
View File

@@ -6,7 +6,7 @@
#include "stellar.h"
#include "marsio.h"
#include "packet.h"
#include "packet_private.h"
#include "packet_io.h"
#include "packet_io_marsio.h"
@@ -211,7 +211,6 @@ int packet_io_marsio_ingress(struct packet_io_marsio *handle, uint16_t thread_id
return nr_parsed;
}
// pkts from packet_io_marsio_ingress
void packet_io_marsio_egress(struct packet_io_marsio *handle, uint16_t thread_id, struct packet *pkts, int nr_pkts)
{
struct packet *pkt;
@@ -231,10 +230,10 @@ void packet_io_marsio_egress(struct packet_io_marsio *handle, uint16_t thread_id
meta = &pkt->meta;
marsio_buff_set_sid_list(tx_buff, meta->sid.list, meta->sid.used);
marsio_send_burst(handle->mr_path, thread_id, &tx_buff, 1);
packet_free(pkt);
}
}
// pkts from packet_io_marsio_ingress
void packet_io_marsio_drop(struct packet_io_marsio *handle, uint16_t thread_id, struct packet *pkts, int nr_pkts)
{
struct packet *pkt;
@@ -250,14 +249,10 @@ void packet_io_marsio_drop(struct packet_io_marsio *handle, uint16_t thread_id,
{
marsio_buff_free(handle->mr_ins, &tx_buff, 1, 0, thread_id);
}
else // ip reassembly
{
}
packet_free(pkt);
}
}
// pkts from packet_new
void packet_io_marsio_inject(struct packet_io_marsio *handle, uint16_t thread_id, struct packet *pkts, int nr_pkts)
{
struct packet *pkt;

2
src/packet_io/packet_io_marsio.h
View File

@@ -6,7 +6,7 @@ extern "C"
{
#endif
#include "packet.h"
#include "packet_private.h"
struct packet_io_marsio_options
{

1
src/session/CMakeLists.txt
View File

@@ -8,6 +8,7 @@ add_library(session_manager
)
target_include_directories(session_manager PUBLIC ${CMAKE_CURRENT_LIST_DIR})
target_include_directories(session_manager PUBLIC ${CMAKE_SOURCE_DIR}/src/stellar)
target_include_directories(session_manager PUBLIC ${CMAKE_SOURCE_DIR}/include)
target_link_libraries(session_manager timeout id_generator duplicated_packet_filter evicted_session_filter log tcp_reassembly)
add_subdirectory(test)

110
src/session/session.cpp
View File

@@ -1,6 +1,6 @@
#include <assert.h>
#include "session.h"
#include "session_private.h"
#include "tcp_utils.h"
#include "tcp_reassembly.h"
@@ -50,22 +50,27 @@ const struct tuple6 *session_get_tuple(const struct session *sess)
return &sess->tuple;
}
void session_set_tuple_dir(struct session *sess, enum session_dir dir)
void session_set_tuple_direction(struct session *sess, enum session_direction dir)
{
sess->tuple_dir = dir;
}
enum session_dir session_get_tuple_dir(const struct session *sess)
enum session_direction session_get_tuple_direction(const struct session *sess)
{
return sess->tuple_dir;
}
void session_set_current_dir(struct session *sess, enum session_dir dir)
const char *session_get_tuple_str(const struct session *sess)
{
return sess->tuple_str;
}
void session_set_current_direction(struct session *sess, enum session_direction dir)
{
sess->cur_dir = dir;
}
enum session_dir session_get_current_dir(const struct session *sess)
enum session_direction session_get_current_direction(const struct session *sess)
{
return sess->cur_dir;
}
@@ -110,32 +115,32 @@ enum closing_reason session_get_closing_reason(const struct session *sess)
return sess->reason;
}
void session_inc_stat(struct session *sess, enum session_dir dir, enum session_stat stat, uint64_t val)
void session_inc_stat(struct session *sess, enum session_direction dir, enum session_stat stat, uint64_t val)
{
sess->stats[dir][stat] += val;
}
uint64_t session_get_stat(const struct session *sess, enum session_dir dir, enum session_stat stat)
uint64_t session_get_stat(const struct session *sess, enum session_direction dir, enum session_stat stat)
{
return sess->stats[dir][stat];
}
void session_set_timestamp(struct session *sess, enum session_timestamp idx, uint64_t timestamp)
void session_set_timestamp(struct session *sess, enum session_timestamp type, uint64_t value)
{
sess->timestamps[idx] = timestamp;
sess->timestamps[type] = value;
}
uint64_t session_get_timestamp(const struct session *sess, enum session_timestamp idx)
uint64_t session_get_timestamp(const struct session *sess, enum session_timestamp type)
{
return sess->timestamps[idx];
return sess->timestamps[type];
}
void session_set_1st_packet(struct session *sess, enum session_dir dir, const struct packet *pkt)
void session_set_1st_packet(struct session *sess, enum session_direction dir, const struct packet *pkt)
{
sess->first_pkt[dir] = packet_dup(pkt);
}
const struct packet *session_get_1st_packet(const struct session *sess, enum session_dir dir)
const struct packet *session_get_1st_packet(const struct session *sess, enum session_direction dir)
{
return sess->first_pkt[dir];
}
@@ -162,7 +167,7 @@ void *session_get_user_data(const struct session *sess)
struct tcp_segment *session_get_tcp_segment(struct session *sess)
{
enum session_dir dir = session_get_current_dir(sess);
enum session_direction dir = session_get_current_direction(sess);
struct tcp_half *half = &sess->tcp_halfs[dir];
if (half->in_order.data != NULL && half->in_order.len > 0)
@@ -190,7 +195,7 @@ void session_free_tcp_segment(struct session *sess, struct tcp_segment *seg)
return;
}
enum session_dir dir = session_get_current_dir(sess);
enum session_direction dir = session_get_current_direction(sess);
struct tcp_half *half = &sess->tcp_halfs[dir];
if (seg == &half->in_order)
@@ -370,20 +375,20 @@ const char *session_type_to_str(enum session_type type)
}
}
const char *session_dir_to_str(enum session_dir dir)
const char *session_direction_to_str(enum session_direction dir)
{
switch (dir)
{
case SESSION_DIR_C2S:
case SESSION_DIRECTION_C2S:
return "C2S";
case SESSION_DIR_S2C:
case SESSION_DIRECTION_S2C:
return "S2C";
default:
return "unknown";
}
}
void tcp_flags_to_str(uint8_t flags, char *buffer, size_t len)
static void tcp_flags_to_str(uint8_t flags, char *buffer, size_t len)
{
int used = 0;
@@ -411,21 +416,68 @@ void session_dump(struct session *sess)
tuple6_to_str(session_get_tuple(sess), buffer, sizeof(buffer));
printf("session id : %" PRIu64 "\n", session_get_id(sess));
printf("session tuple : %s\n", buffer);
printf("session tuple dir : %s\n", session_dir_to_str(session_get_tuple_dir(sess)));
printf("session state : %s\n", session_state_to_str(session_get_state(sess)));
printf("session timestamp : %" PRIu64 " -> %" PRIu64 "\n", session_get_timestamp(sess, SESSION_TIMESTAMP_START), session_get_timestamp(sess, SESSION_TIMESTAMP_LAST));
printf("session tuple : %s (%s)\n", buffer, session_direction_to_str(session_get_tuple_direction(sess)));
printf("session type : %s\n", session_type_to_str(session_get_type(sess)));
printf("session dup traffic : %d\n", session_has_dup_traffic(sess));
printf("session state : %s\n", session_state_to_str(session_get_state(sess)));
printf("session closing reason : %s\n", closing_reason_to_str(session_get_closing_reason(sess)));
printf("session new time : %" PRIu64 "\n", session_get_timestamp(sess, SESSION_TIMESTAMP_NEW));
printf("session last time : %" PRIu64 "\n", session_get_timestamp(sess, SESSION_TIMESTAMP_LAST));
printf("session current packet dir : %s\n", session_dir_to_str(session_get_current_dir(sess)));
// TODO session stat
printf("session dup traffic : %d\n", session_has_dup_traffic(sess));
printf("session C2S first packet : %p\n", session_get_1st_packet(sess, SESSION_DIRECTION_C2S));
printf("session S2C first packet : %p\n", session_get_1st_packet(sess, SESSION_DIRECTION_S2C));
printf("session current packet : %p (%s)\n", session_get_current_packet(sess), session_direction_to_str(session_get_current_direction(sess)));
if (session_get_type(sess) == SESSION_TYPE_TCP)
{
memset(buffer, 0, sizeof(buffer));
tcp_flags_to_str(sess->tcp_halfs[SESSION_DIRECTION_C2S].flags, buffer, sizeof(buffer));
printf("TCP C2S half: seq: %u, ack: %u, flags: %s\n", sess->tcp_halfs[SESSION_DIRECTION_C2S].seq, sess->tcp_halfs[SESSION_DIRECTION_C2S].ack, buffer);
memset(buffer, 0, sizeof(buffer));
tcp_flags_to_str(sess->tcp_halfs[SESSION_DIRECTION_S2C].flags, buffer, sizeof(buffer));
printf("TCP S2C half: seq: %u, ack: %u, flags: %s\n", sess->tcp_halfs[SESSION_DIRECTION_S2C].seq, sess->tcp_halfs[SESSION_DIRECTION_S2C].ack, buffer);
}
// exdata
printf("session exdata:\n");
for (uint8_t i = 0; i < g_ex_manager.count; i++)
{
printf(" ex_idx: %d, ex_key: %s, ex_data: %p\n", i, g_ex_manager.schemas[i].key, sess->ex_data[i]);
printf(" idx: %d, key: %s, data: %p\n", i, g_ex_manager.schemas[i].key, sess->ex_data[i]);
}
// stats
printf("session stats:\n");
printf("+------------------------------------------------+\n");
printf("| %-20s | %-10s | %-10s |\n", "stat", "C2S", "S2C");
printf("+------------------------------------------------+\n");
printf("| %-20s | %-10" PRIu64 " | %-10" PRIu64 " |\n", "RAW_PKTS_RX", session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_PKTS_RX), session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_PKTS_RX));
printf("| %-20s | %-10" PRIu64 " | %-10" PRIu64 " |\n", "RAW_BYTES_RX", session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_BYTES_RX), session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_BYTES_RX));
printf("| %-20s | %-10" PRIu64 " | %-10" PRIu64 " |\n", "RAW_PKTS_TX", session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_PKTS_TX), session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_PKTS_TX));
printf("| %-20s | %-10" PRIu64 " | %-10" PRIu64 " |\n", "RAW_BYTES_TX", session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_BYTES_TX), session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_BYTES_TX));
printf("| %-20s | %-10" PRIu64 " | %-10" PRIu64 " |\n", "RAW_PKTS_DROP", session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_PKTS_DROP), session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_PKTS_DROP));
printf("| %-20s | %-10" PRIu64 " | %-10" PRIu64 " |\n", "RAW_BYTES_DROP", session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_BYTES_DROP), session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_BYTES_DROP));
printf("+------------------------------------------------+\n");
printf("| %-20s | %-10" PRIu64 " | %-10" PRIu64 " |\n", "DUP_PKTS_BYPASS", session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_DUP_PKTS_BYPASS), session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_DUP_PKTS_BYPASS));
printf("| %-20s | %-10" PRIu64 " | %-10" PRIu64 " |\n", "DUP_BYTES_BYPASS", session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_DUP_BYTES_BYPASS), session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_DUP_BYTES_BYPASS));
printf("+------------------------------------------------+\n");
printf("| %-20s | %-10" PRIu64 " | %-10" PRIu64 " |\n", "CTRL_PKTS_RX", session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_CTRL_PKTS_RX), session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_CTRL_PKTS_RX));
printf("| %-20s | %-10" PRIu64 " | %-10" PRIu64 " |\n", "CTRL_BYTES_RX", session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_CTRL_BYTES_RX), session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_CTRL_BYTES_RX));
printf("| %-20s | %-10" PRIu64 " | %-10" PRIu64 " |\n", "CTRL_PKTS_TX", session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_CTRL_PKTS_TX), session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_CTRL_PKTS_TX));
printf("| %-20s | %-10" PRIu64 " | %-10" PRIu64 " |\n", "CTRL_BYTES_TX", session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_CTRL_BYTES_TX), session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_CTRL_BYTES_TX));
printf("| %-20s | %-10" PRIu64 " | %-10" PRIu64 " |\n", "CTRL_PKTS_DROP", session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_CTRL_PKTS_DROP), session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_CTRL_PKTS_DROP));
printf("| %-20s | %-10" PRIu64 " | %-10" PRIu64 " |\n", "CTRL_BYTES_DROP", session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_CTRL_BYTES_DROP), session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_CTRL_BYTES_DROP));
printf("+------------------------------------------------+\n");
printf("| %-20s | %-10" PRIu64 " | %-10" PRIu64 " |\n", "TCP_SEGS_RX", session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_TCP_SEGS_RX), session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_TCP_SEGS_RX));
printf("| %-20s | %-10" PRIu64 " | %-10" PRIu64 " |\n", "TCP_PLDS_RX", session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_TCP_PLDS_RX), session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_TCP_PLDS_RX));
printf("| %-20s | %-10" PRIu64 " | %-10" PRIu64 " |\n", "TCP_SEGS_EXPIRED", session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_TCP_SEGS_EXPIRED), session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_TCP_SEGS_EXPIRED));
printf("| %-20s | %-10" PRIu64 " | %-10" PRIu64 " |\n", "TCP_PLDS_EXPIRED", session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_TCP_PLDS_EXPIRED), session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_TCP_PLDS_EXPIRED));
printf("| %-20s | %-10" PRIu64 " | %-10" PRIu64 " |\n", "TCP_SEGS_OVERLAP", session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_TCP_SEGS_OVERLAP), session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_TCP_SEGS_OVERLAP));
printf("| %-20s | %-10" PRIu64 " | %-10" PRIu64 " |\n", "TCP_PLDS_OVERLAP", session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_TCP_PLDS_OVERLAP), session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_TCP_PLDS_OVERLAP));
printf("| %-20s | %-10" PRIu64 " | %-10" PRIu64 " |\n", "TCP_SEGS_NOSPACE", session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_TCP_SEGS_NOSPACE), session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_TCP_SEGS_NOSPACE));
printf("| %-20s | %-10" PRIu64 " | %-10" PRIu64 " |\n", "TCP_PLDS_NOSPACE", session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_TCP_PLDS_NOSPACE), session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_TCP_PLDS_NOSPACE));
printf("| %-20s | %-10" PRIu64 " | %-10" PRIu64 " |\n", "TCP_SEGS_INORDER", session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_TCP_SEGS_INORDER), session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_TCP_SEGS_INORDER));
printf("| %-20s | %-10" PRIu64 " | %-10" PRIu64 " |\n", "TCP_PLDS_INORDER", session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_TCP_PLDS_INORDER), session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_TCP_PLDS_INORDER));
printf("| %-20s | %-10" PRIu64 " | %-10" PRIu64 " |\n", "TCP_SEGS_REORDERED", session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_TCP_SEGS_REORDERED), session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_TCP_SEGS_REORDERED));
printf("| %-20s | %-10" PRIu64 " | %-10" PRIu64 " |\n", "TCP_PLDS_REORDERED", session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_TCP_PLDS_REORDERED), session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_TCP_PLDS_REORDERED));
printf("| %-20s | %-10" PRIu64 " | %-10" PRIu64 " |\n", "TCP_SEGS_BUFFERED", session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_TCP_SEGS_BUFFERED), session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_TCP_SEGS_BUFFERED));
printf("| %-20s | %-10" PRIu64 " | %-10" PRIu64 " |\n", "TCP_PLDS_BUFFERED", session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_TCP_PLDS_BUFFERED), session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_TCP_PLDS_BUFFERED));
printf("| %-20s | %-10" PRIu64 " | %-10" PRIu64 " |\n", "TCP_SEGS_RELEASED", session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_TCP_SEGS_RELEASED), session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_TCP_SEGS_RELEASED));
printf("| %-20s | %-10" PRIu64 " | %-10" PRIu64 " |\n", "TCP_PLDS_RELEASED", session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_TCP_PLDS_RELEASED), session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_TCP_PLDS_RELEASED));
printf("+------------------------------------------------+\n");
}

254
src/session/session.h
View File

@@ -1,254 +0,0 @@
#ifndef _SESSION_H
#define _SESSION_H
#ifdef __cpluscplus
extern "C"
{
#endif
#include <stdint.h>
#include "list.h"
#include "tuple.h"
#include "packet.h"
#include "timeout.h"
#include "uthash.h"
#include "tcp_reassembly.h"
#include "session_manager.h"
#define EX_DATA_MAX_COUNT 16
enum session_state
{
SESSION_STATE_INIT = 0,
SESSION_STATE_OPENING = 1,
SESSION_STATE_ACTIVE = 2,
SESSION_STATE_CLOSING = 3,
SESSION_STATE_DISCARD = 4,
SESSION_STATE_CLOSED = 5,
MAX_STATE = 6,
};
enum session_type
{
SESSION_TYPE_TCP = 0x1,
SESSION_TYPE_UDP = 0x2,
};
enum session_dir
{
SESSION_DIR_NONE = -1,
SESSION_DIR_C2S = 0,
SESSION_DIR_S2C = 1,
MAX_DIR = 2,
};
enum closing_reason
{
CLOSING_BY_TIMEOUT = 0x1,
CLOSING_BY_EVICTED = 0x2,
CLOSING_BY_CLIENT_FIN = 0x3,
CLOSING_BY_CLIENT_RST = 0x4,
CLOSING_BY_SERVER_FIN = 0x5,
CLOSING_BY_SERVER_RST = 0x6,
};
enum session_stat
{
// raw packet
STAT_RAW_PKTS_RX,
STAT_RAW_BYTES_RX,
STAT_RAW_PKTS_TX,
STAT_RAW_BYTES_TX,
STAT_RAW_PKTS_DROP,
STAT_RAW_BYTES_DROP,
// control packet
STAT_CTRL_PKTS_RX, // TODO
STAT_CTRL_BYTES_RX, // TODO
STAT_CTRL_PKTS_TX,
STAT_CTRL_BYTES_TX,
STAT_CTRL_PKTS_DROP,
STAT_CTRL_BYTES_DROP,
// TCP segment
STAT_TCP_SEGS_RX,
STAT_TCP_PLDS_RX,
STAT_TCP_SEGS_EXPIRED,
STAT_TCP_PLDS_EXPIRED,
STAT_TCP_SEGS_OVERLAP,
STAT_TCP_PLDS_OVERLAP,
STAT_TCP_SEGS_NOSPACE,
STAT_TCP_PLDS_NOSPACE,
STAT_TCP_SEGS_INORDER,
STAT_TCP_PLDS_INORDER,
STAT_TCP_SEGS_REORDERED,
STAT_TCP_PLDS_REORDERED,
STAT_TCP_SEGS_BUFFERED,
STAT_TCP_PLDS_BUFFERED,
STAT_TCP_SEGS_RELEASED,
STAT_TCP_PLDS_RELEASED,
MAX_STAT,
};
enum session_timestamp
{
SESSION_TIMESTAMP_NEW,
SESSION_TIMESTAMP_LAST,
MAX_TIMESTAMP,
};
enum session_packet
{
SESSION_PACKET_C2S_1ST,
SESSION_PACKET_S2C_1ST,
SESSION_PACKET_CURRENT,
MAX_PACKETS,
};
struct tcp_half
{
struct tcp_reassembly *assembler;
struct tcp_segment in_order;
uint32_t seq;
uint32_t ack;
uint8_t flags;
};
struct session
{
uint64_t id;
uint64_t stats[MAX_DIR][MAX_STAT];
uint64_t timestamps[MAX_TIMESTAMP];
enum session_dir tuple_dir;
enum session_dir cur_dir;
enum session_type type;
enum session_state state;
enum closing_reason reason;
int dup;
struct tuple6 tuple;
struct timeout timeout; // used for timer
struct list_head lru; // used for lru queue
struct list_head free; // used for free queue
struct list_head evicte; // used for evicte queue
const struct packet *first_pkt[MAX_DIR]; // per direction
const struct packet *curr_pkt;
UT_hash_handle hh; // used for hash table
void *ex_data[EX_DATA_MAX_COUNT];
void *user_data;
struct tcp_half tcp_halfs[MAX_DIR];
struct session_manager_stat *mgr_stat;
};
/******************************************************************************
* session set/get
******************************************************************************/
void session_init(struct session *sess);
void session_set_id(struct session *sess, uint64_t id);
uint64_t session_get_id(const struct session *sess);
void session_set_tuple(struct session *sess, const struct tuple6 *key);
const struct tuple6 *session_get_tuple(const struct session *sess);
void session_set_tuple_dir(struct session *sess, enum session_dir dir);
enum session_dir session_get_tuple_dir(const struct session *sess);
void session_set_current_dir(struct session *sess, enum session_dir dir);
enum session_dir session_get_current_dir(const struct session *sess);
void session_set_state(struct session *sess, enum session_state state);
enum session_state session_get_state(const struct session *sess);
void session_set_type(struct session *sess, enum session_type type);
enum session_type session_get_type(const struct session *sess);
void session_set_dup_traffic(struct session *sess);
int session_has_dup_traffic(const struct session *sess);
void session_set_closing_reason(struct session *sess, enum closing_reason reason);
enum closing_reason session_get_closing_reason(const struct session *sess);
void session_inc_stat(struct session *sess, enum session_dir dir, enum session_stat stat, uint64_t val);
uint64_t session_get_stat(const struct session *sess, enum session_dir dir, enum session_stat stat);
void session_set_timestamp(struct session *sess, enum session_timestamp idx, uint64_t timestamp);
uint64_t session_get_timestamp(const struct session *sess, enum session_timestamp idx);
void session_set_1st_packet(struct session *sess, enum session_dir dir, const struct packet *pkt);
const struct packet *session_get_1st_packet(const struct session *sess, enum session_dir dir);
void session_set_current_packet(struct session *sess, const struct packet *pkt);
const struct packet *session_get_current_packet(const struct session *sess);
void session_set_user_data(struct session *sess, void *user_data);
void *session_get_user_data(const struct session *sess);
struct tcp_segment *session_get_tcp_segment(struct session *sess);
void session_free_tcp_segment(struct session *sess, struct tcp_segment *seg);
/******************************************************************************
* session ex data
******************************************************************************/
typedef void session_ex_free_cb(struct session *sess, uint8_t idx, void *ex_ptr, void *arg);
/*
* the exdata prodoced by user, and comsumed by same user.
* so, the exdata is not shared by different user.
* otherwise, the exdata need dup by refer count, and free by refer count.
*
* if key exist, not allow update, return original index.
*/
uint8_t session_get_ex_new_index(const char *key, session_ex_free_cb *free_cb, void *args);
/*
* Support update ex_data.
*
* if key exist: run free_cb free old value, then set new value.
* if not run free_cb, old value will be memory leak.
* if not allow update, new value will be memory leak.
* if key not exist: set new value.
*/
void session_set_ex_data(struct session *sess, uint8_t idx, void *val);
void *session_get0_ex_data(const struct session *sess, uint8_t idx);
/*
* after set ex_data, the owner of ex_data is session, so user should not free it directly.
* if user want to free ex_data, should use session_free_ex_data.
*/
void session_free_ex_data(struct session *sess, uint8_t idx);
void session_free_all_ex_data(struct session *sess);
/******************************************************************************
* to string
******************************************************************************/
const char *closing_reason_to_str(enum closing_reason reason);
const char *session_state_to_str(enum session_state state);
const char *session_type_to_str(enum session_type type);
const char *session_dir_to_str(enum session_dir dir);
void session_dump(struct session *sess);
#ifdef __cpluscplus
}
#endif
#endif

106
src/session/session_manager.cpp
View File

@@ -236,8 +236,8 @@ static inline bool before(uint32_t seq1, uint32_t seq2)
static void tcp_clean(struct session *sess)
{
tcp_reassembly_free(sess->tcp_halfs[SESSION_DIR_C2S].assembler);
tcp_reassembly_free(sess->tcp_halfs[SESSION_DIR_S2C].assembler);
tcp_reassembly_free(sess->tcp_halfs[SESSION_DIRECTION_C2S].assembler);
tcp_reassembly_free(sess->tcp_halfs[SESSION_DIRECTION_S2C].assembler);
}
static int tcp_init(struct session *sess, uint8_t tcp_reassembly_enable, uint64_t tcp_reassembly_max_timeout, uint64_t tcp_reassembly_max_segments)
@@ -247,9 +247,9 @@ static int tcp_init(struct session *sess, uint8_t tcp_reassembly_enable, uint64_
return 0;
}
sess->tcp_halfs[SESSION_DIR_C2S].assembler = tcp_reassembly_new(tcp_reassembly_max_timeout, tcp_reassembly_max_segments);
sess->tcp_halfs[SESSION_DIR_S2C].assembler = tcp_reassembly_new(tcp_reassembly_max_timeout, tcp_reassembly_max_segments);
if (sess->tcp_halfs[SESSION_DIR_C2S].assembler == NULL || sess->tcp_halfs[SESSION_DIR_S2C].assembler == NULL)
sess->tcp_halfs[SESSION_DIRECTION_C2S].assembler = tcp_reassembly_new(tcp_reassembly_max_timeout, tcp_reassembly_max_segments);
sess->tcp_halfs[SESSION_DIRECTION_S2C].assembler = tcp_reassembly_new(tcp_reassembly_max_timeout, tcp_reassembly_max_segments);
if (sess->tcp_halfs[SESSION_DIRECTION_C2S].assembler == NULL || sess->tcp_halfs[SESSION_DIRECTION_S2C].assembler == NULL)
{
tcp_clean(sess);
return -1;
@@ -258,7 +258,7 @@ static int tcp_init(struct session *sess, uint8_t tcp_reassembly_enable, uint64_
return 0;
}
static void tcp_update(struct session_manager *mgr, struct session *sess, enum session_dir dir, const struct pkt_layer *tcp_layer, uint64_t now)
static void tcp_update(struct session_manager *mgr, struct session *sess, enum session_direction dir, const struct packet_layer *tcp_layer, uint64_t now)
{
struct tcp_segment *seg;
struct tcphdr *hdr = (struct tcphdr *)tcp_layer->hdr_ptr;
@@ -372,33 +372,33 @@ static void tcp_update(struct session_manager *mgr, struct session *sess, enum s
* Session Direction
******************************************************************************/
static enum session_dir identify_direction_by_port(uint16_t src_port, uint16_t dst_port)
static enum session_direction identify_direction_by_port(uint16_t src_port, uint16_t dst_port)
{
// big port is client
if (src_port > dst_port)
{
return SESSION_DIR_C2S;
return SESSION_DIRECTION_C2S;
}
else if (src_port < dst_port)
{
return SESSION_DIR_S2C;
return SESSION_DIRECTION_S2C;
}
else
{
// if port is equal, first packet is C2S
return SESSION_DIR_C2S;
return SESSION_DIRECTION_C2S;
}
}
static enum session_dir identify_direction_by_history(const struct session *sess, const struct tuple6 *key)
static enum session_direction identify_direction_by_history(const struct session *sess, const struct tuple6 *key)
{
if (tuple6_cmp(session_get_tuple(sess), key) == 0)
{
return session_get_tuple_dir(sess);
return session_get_tuple_direction(sess);
}
else
{
return (session_get_tuple_dir(sess) == SESSION_DIR_C2S ? SESSION_DIR_S2C : SESSION_DIR_C2S);
return (session_get_tuple_direction(sess) == SESSION_DIRECTION_C2S ? SESSION_DIRECTION_S2C : SESSION_DIRECTION_C2S);
}
}
@@ -443,11 +443,13 @@ static int duplicated_packet_bypass(struct session_manager *mgr, struct session
return 0;
}
enum session_dir dir = identify_direction_by_history(sess, key);
enum session_direction dir = identify_direction_by_history(sess, key);
if (session_get_stat(sess, dir, STAT_RAW_PKTS_RX) < 3 || session_has_dup_traffic(sess))
{
if (duplicated_packet_filter_lookup(mgr->dup_pkt_filter, pkt, now))
{
session_inc_stat(sess, dir, STAT_DUP_PKTS_BYPASS, 1);
session_inc_stat(sess, dir, STAT_DUP_BYTES_BYPASS, packet_get_len(pkt));
mgr->stat.nr_tcp_pkts_bypass_hit_dup++;
session_set_dup_traffic(sess);
return 1;
@@ -466,13 +468,15 @@ static int duplicated_packet_bypass(struct session_manager *mgr, struct session
* Session Manager
******************************************************************************/
static void session_update(struct session *sess, enum session_state next_state, const struct packet *pkt, const struct tuple6 *key, enum session_dir dir, uint64_t now)
static void session_update(struct session *sess, enum session_state next_state, const struct packet *pkt, const struct tuple6 *key, enum session_direction dir, uint64_t now)
{
if (session_get_state(sess) == SESSION_STATE_INIT)
{
session_set_id(sess, id_generator_alloc());
session_set_tuple(sess, key);
session_set_tuple_dir(sess, dir);
session_set_timestamp(sess, SESSION_TIMESTAMP_NEW, now);
session_set_tuple_direction(sess, dir);
tuple6_to_str(key, sess->tuple_str, sizeof(sess->tuple_str));
session_set_timestamp(sess, SESSION_TIMESTAMP_START, now);
switch (key->ip_proto)
{
case IPPROTO_TCP:
@@ -496,7 +500,7 @@ static void session_update(struct session *sess, enum session_state next_state,
}
session_set_current_packet(sess, pkt);
session_set_current_dir(sess, dir);
session_set_current_direction(sess, dir);
session_set_timestamp(sess, SESSION_TIMESTAMP_LAST, now);
session_set_state(sess, next_state);
}
@@ -546,7 +550,7 @@ static void session_manager_evicte_session(struct session_manager *mgr, struct s
static struct session *session_manager_new_tcp_session(struct session_manager *mgr, const struct packet *pkt, const struct tuple6 *key, uint64_t now)
{
const struct pkt_layer *tcp_layer = packet_get_innermost_layer(pkt, LAYER_TYPE_TCP);
const struct packet_layer *tcp_layer = packet_get_innermost_layer(pkt, LAYER_TYPE_TCP);
const struct tcphdr *hdr = (const struct tcphdr *)tcp_layer->hdr_ptr;
uint8_t flags = tcp_hdr_get_flags(hdr);
if (!(flags & TH_SYN))
@@ -562,7 +566,7 @@ static struct session *session_manager_new_tcp_session(struct session_manager *m
session_manager_evicte_session(mgr, evic_sess, now);
}
enum session_dir dir = (flags & TH_ACK) ? SESSION_DIR_S2C : SESSION_DIR_C2S;
enum session_direction dir = (flags & TH_ACK) ? SESSION_DIRECTION_S2C : SESSION_DIRECTION_C2S;
struct session *sess = session_pool_pop(mgr->sess_pool);
if (sess == NULL)
{
@@ -571,7 +575,10 @@ static struct session *session_manager_new_tcp_session(struct session_manager *m
}
session_init(sess);
sess->mgr_stat = &mgr->stat;
session_set_id(sess, id_generator_alloc());
enum session_state next_state = session_transition_run(SESSION_STATE_INIT, TCP_SYN);
session_update(sess, next_state, pkt, key, dir, now);
session_transition_log(sess, SESSION_STATE_INIT, next_state, TCP_SYN);
if (tcp_init(sess, mgr->opts.tcp_reassembly_enable, mgr->opts.tcp_reassembly_max_timeout, mgr->opts.tcp_reassembly_max_segments) == -1)
{
@@ -581,10 +588,6 @@ static struct session *session_manager_new_tcp_session(struct session_manager *m
}
tcp_update(mgr, sess, dir, tcp_layer, now);
enum session_state next_state = session_transition_run(SESSION_STATE_INIT, TCP_SYN);
session_update(sess, next_state, pkt, key, dir, now);
session_transition_log(sess, SESSION_STATE_INIT, next_state, TCP_SYN);
uint64_t timeout = (flags & TH_ACK) ? mgr->opts.tcp_handshake_timeout : mgr->opts.tcp_init_timeout;
session_timer_update(mgr->sess_timer, sess, now + timeout);
session_table_add(mgr->tcp_sess_table, key, sess);
@@ -617,9 +620,8 @@ static struct session *session_manager_new_udp_session(struct session_manager *m
}
session_init(sess);
sess->mgr_stat = &mgr->stat;
session_set_id(sess, id_generator_alloc());
enum session_dir dir = identify_direction_by_port(ntohs(key->src_port), ntohs(key->dst_port));
enum session_direction dir = identify_direction_by_port(ntohs(key->src_port), ntohs(key->dst_port));
enum session_state next_state = session_transition_run(SESSION_STATE_INIT, UDP_DATA);
session_update(sess, next_state, pkt, key, dir, now);
session_transition_log(sess, SESSION_STATE_INIT, next_state, UDP_DATA);
@@ -635,9 +637,9 @@ static struct session *session_manager_new_udp_session(struct session_manager *m
static int session_manager_update_tcp_session(struct session_manager *mgr, struct session *sess, const struct packet *pkt, const struct tuple6 *key, uint64_t now)
{
const struct pkt_layer *tcp_layer = packet_get_innermost_layer(pkt, LAYER_TYPE_TCP);
const struct packet_layer *tcp_layer = packet_get_innermost_layer(pkt, LAYER_TYPE_TCP);
const struct tcphdr *hdr = (const struct tcphdr *)tcp_layer->hdr_ptr;
enum session_dir dir = identify_direction_by_history(sess, key);
enum session_direction dir = identify_direction_by_history(sess, key);
uint8_t flags = tcp_hdr_get_flags(hdr);
int inputs = 0;
inputs |= (flags & TH_SYN) ? TCP_SYN : NONE;
@@ -666,17 +668,17 @@ static int session_manager_update_tcp_session(struct session_manager *mgr, struc
{
if (flags & TH_FIN)
{
session_set_closing_reason(sess, (dir == SESSION_DIR_C2S ? CLOSING_BY_CLIENT_FIN : CLOSING_BY_SERVER_FIN));
session_set_closing_reason(sess, (dir == SESSION_DIRECTION_C2S ? CLOSING_BY_CLIENT_FIN : CLOSING_BY_SERVER_FIN));
}
if (flags & TH_RST)
{
session_set_closing_reason(sess, (dir == SESSION_DIR_C2S ? CLOSING_BY_CLIENT_RST : CLOSING_BY_SERVER_RST));
session_set_closing_reason(sess, (dir == SESSION_DIRECTION_C2S ? CLOSING_BY_CLIENT_RST : CLOSING_BY_SERVER_RST));
}
}
// update timeout
struct tcp_half *curr = &sess->tcp_halfs[dir];
struct tcp_half *peer = &sess->tcp_halfs[(dir == SESSION_DIR_C2S ? SESSION_DIR_S2C : SESSION_DIR_C2S)];
struct tcp_half *peer = &sess->tcp_halfs[(dir == SESSION_DIRECTION_C2S ? SESSION_DIRECTION_S2C : SESSION_DIRECTION_C2S)];
uint64_t timeout = 0;
switch (next_state)
{
@@ -725,12 +727,20 @@ static int session_manager_update_tcp_session(struct session_manager *mgr, struc
static int session_manager_update_udp_session(struct session_manager *mgr, struct session *sess, const struct packet *pkt, const struct tuple6 *key, uint64_t now)
{
enum session_dir dir = identify_direction_by_history(sess, key);
enum session_direction dir = identify_direction_by_history(sess, key);
enum session_state curr_state = session_get_state(sess);
enum session_state next_state = session_transition_run(curr_state, UDP_DATA);
session_update(sess, next_state, pkt, key, dir, now);
session_transition_log(sess, curr_state, next_state, UDP_DATA);
if (session_get_state(sess) == SESSION_STATE_DISCARD)
{
session_timer_update(mgr->sess_timer, sess, now + mgr->opts.udp_discard_timeout);
}
else
{
session_timer_update(mgr->sess_timer, sess, now + mgr->opts.udp_data_timeout);
}
SESS_MGR_STAT_UPDATE(&mgr->stat, curr_state, next_state, udp);
@@ -888,12 +898,12 @@ void session_manager_free_session(struct session_manager *mgr, struct session *s
break;
}
packet_free((struct packet *)session_get_1st_packet(sess, SESSION_DIR_C2S));
packet_free((struct packet *)session_get_1st_packet(sess, SESSION_DIR_S2C));
session_set_1st_packet(sess, SESSION_DIR_C2S, NULL);
session_set_1st_packet(sess, SESSION_DIR_S2C, NULL);
packet_free((struct packet *)session_get_1st_packet(sess, SESSION_DIRECTION_C2S));
packet_free((struct packet *)session_get_1st_packet(sess, SESSION_DIRECTION_S2C));
session_set_1st_packet(sess, SESSION_DIRECTION_C2S, NULL);
session_set_1st_packet(sess, SESSION_DIRECTION_S2C, NULL);
session_set_current_packet(sess, NULL);
session_set_current_dir(sess, SESSION_DIR_NONE);
session_set_current_direction(sess, SESSION_DIRECTION_NONE);
session_free_all_ex_data(sess);
session_pool_push(mgr->sess_pool, sess);
sess = NULL;
@@ -950,15 +960,12 @@ struct session *session_manager_get_expired_session(struct session_manager *mgr,
session_transition_log(sess, curr_state, next_state, TIMEOUT);
session_set_state(sess, next_state);
uint64_t timeout = 0;
switch (session_get_type(sess))
{
case SESSION_TYPE_TCP:
timeout = mgr->opts.tcp_data_timeout;
SESS_MGR_STAT_UPDATE(&mgr->stat, curr_state, next_state, tcp);
break;
case SESSION_TYPE_UDP:
timeout = mgr->opts.udp_data_timeout;
SESS_MGR_STAT_UPDATE(&mgr->stat, curr_state, next_state, udp);
break;
default:
@@ -966,19 +973,30 @@ struct session *session_manager_get_expired_session(struct session_manager *mgr,
break;
}
// next state is closed, need to free session
if (next_state == SESSION_STATE_CLOSED)
{
// need free session
if (!session_get_closing_reason(sess))
{
session_set_closing_reason(sess, CLOSING_BY_TIMEOUT);
}
return sess;
}
// next state is closing, only update timeout
else
{
// in closing state, only update timeout
session_timer_update(mgr->sess_timer, sess, now + timeout);
switch (session_get_type(sess))
{
case SESSION_TYPE_TCP:
session_timer_update(mgr->sess_timer, sess, now + mgr->opts.tcp_data_timeout);
break;
case SESSION_TYPE_UDP:
session_timer_update(mgr->sess_timer, sess, now + mgr->opts.udp_data_timeout);
break;
default:
assert(0);
break;
}
return NULL;
}
}

3
src/session/session_manager.h
View File

@@ -6,7 +6,7 @@ extern "C"
{
#endif
#include "session.h"
#include "session_private.h"
#include "log.h"
#define SESSION_LOG_ERROR(format, ...) LOG_ERROR("session", format, ##__VA_ARGS__)
@@ -32,6 +32,7 @@ struct session_manager_options
uint64_t tcp_unverified_rst_timeout; // range: [1, 600000] (ms)
// UDP timeout
uint64_t udp_data_timeout; // range: [1, 15999999000] (ms)
uint64_t udp_discard_timeout; // range: [1, 15999999000] (ms)
// duplicate packet filter
uint8_t duplicated_packet_filter_enable;

2
src/session/session_pool.h
View File

@@ -6,7 +6,7 @@ extern "C"
{
#endif
#include "session.h"
#include "session_private.h"
struct session_pool;
struct session_pool *session_pool_new(uint64_t count);

127
src/session/session_private.h Normal file
View File

@@ -0,0 +1,127 @@
#ifndef _SESSION_PRIVATE_H
#define _SESSION_PRIVATE_H
#ifdef __cpluscplus
extern "C"
{
#endif
#include "list.h"
#include "tuple.h"
#include "packet_private.h"
#include "timeout.h"
#include "uthash.h"
#include "session.h"
#include "tcp_reassembly.h"
#include "session_manager.h"
#define EX_DATA_MAX_COUNT 16
// tuple6 str format: "src_addr:src_port -> dst_addr:dst_port, proto: ip_proto, domain: domain"
// tuple6 max len: 46 + 1 + 5 + 4 + 46 + 1 + 5 + 9 + 1 + 10 + 20 = 107
#define TUPLE6_STR_SIZE 108
struct tcp_half
{
struct tcp_reassembly *assembler;
struct tcp_segment in_order;
uint32_t seq;
uint32_t ack;
uint8_t flags;
};
struct session
{
int dup;
uint64_t id;
uint64_t stats[MAX_DIRECTION][MAX_STAT];
uint64_t timestamps[MAX_TIMESTAMP];
struct tuple6 tuple;
char tuple_str[TUPLE6_STR_SIZE];
enum session_direction tuple_dir;
enum session_direction cur_dir;
enum session_type type;
enum session_state state;
enum closing_reason reason;
const struct packet *first_pkt[MAX_DIRECTION];
const struct packet *curr_pkt;
void *ex_data[EX_DATA_MAX_COUNT];
void *user_data;
struct tcp_half tcp_halfs[MAX_DIRECTION];
struct timeout timeout; // used for timer
struct list_head lru; // used for lru queue
struct list_head free; // used for free queue
struct list_head evicte; // used for evicte queue
UT_hash_handle hh; // used for hash table
struct session_manager_stat *mgr_stat;
};
void session_init(struct session *sess);
void session_set_id(struct session *sess, uint64_t id);
void session_set_tuple(struct session *sess, const struct tuple6 *key);
const struct tuple6 *session_get_tuple(const struct session *sess);
void session_set_tuple_direction(struct session *sess, enum session_direction dir);
enum session_direction session_get_tuple_direction(const struct session *sess);
void session_set_current_direction(struct session *sess, enum session_direction dir);
void session_set_state(struct session *sess, enum session_state state);
void session_set_type(struct session *sess, enum session_type type);
void session_set_dup_traffic(struct session *sess);
void session_set_closing_reason(struct session *sess, enum closing_reason reason);
void session_inc_stat(struct session *sess, enum session_direction dir, enum session_stat stat, uint64_t val);
void session_set_timestamp(struct session *sess, enum session_timestamp type, uint64_t value);
void session_set_1st_packet(struct session *sess, enum session_direction dir, const struct packet *pkt);
void session_set_current_packet(struct session *sess, const struct packet *pkt);
const struct packet *session_get_current_packet(const struct session *sess);
void session_set_user_data(struct session *sess, void *user_data);
void *session_get_user_data(const struct session *sess);
struct tcp_segment *session_get_tcp_segment(struct session *sess);
void session_free_tcp_segment(struct session *sess, struct tcp_segment *seg);
/******************************************************************************
* session ex data
******************************************************************************/
typedef void session_ex_free_cb(struct session *sess, uint8_t idx, void *ex_ptr, void *arg);
/*
* the exdata prodoced by user, and comsumed by same user.
* so, the exdata is not shared by different user.
* otherwise, the exdata need dup by refer count, and free by refer count.
*
* if key exist, not allow update, return original index.
*/
uint8_t session_get_ex_new_index(const char *key, session_ex_free_cb *free_cb, void *args);
/*
* Support update ex_data.
*
* if key exist: run free_cb free old value, then set new value.
* if not run free_cb, old value will be memory leak.
* if not allow update, new value will be memory leak.
* if key not exist: set new value.
*/
void session_set_ex_data(struct session *sess, uint8_t idx, void *val);
void *session_get0_ex_data(const struct session *sess, uint8_t idx);
/*
* after set ex_data, the owner of ex_data is session, so user should not free it directly.
* if user want to free ex_data, should use session_free_ex_data.
*/
void session_free_ex_data(struct session *sess, uint8_t idx);
void session_free_all_ex_data(struct session *sess);
/******************************************************************************
* debug
******************************************************************************/
void session_dump(struct session *sess);
#ifdef __cpluscplus
}
#endif
#endif

2
src/session/session_table.h
View File

@@ -6,7 +6,7 @@ extern "C"
{
#endif
#include "session.h"
#include "session_private.h"
struct session_table;
struct session_table *session_table_new();

2
src/session/session_timer.h
View File

@@ -6,7 +6,7 @@ extern "C"
{
#endif
#include "session.h"
#include "session_private.h"
struct session_timer;
struct session_timer *session_timer_new(uint64_t now);

5
src/session/session_transition.cpp
View File

@@ -155,11 +155,10 @@ void session_transition_log(struct session *sess, enum session_state curr_state,
return;
}
char buff[128] = {0};
char reason[128] = {0};
tuple6_to_str(session_get_tuple(sess), buff, sizeof(buff));
session_inputs_to_str(inputs, reason, sizeof(reason));
SESSION_TRANSITION_LOG_INFO("%s session %lu %s (%s) %s -> %s",
session_type_to_str(session_get_type(sess)), session_get_id(sess), buff, reason,
session_type_to_str(session_get_type(sess)),
session_get_id(sess), session_get_tuple_str(sess), reason,
session_state_to_str(curr_state), session_state_to_str(next_state));
}

2
src/session/session_transition.h
View File

@@ -7,7 +7,7 @@ extern "C"
#endif
#include "log.h"
#include "session.h"
#include "session_private.h"
#define SESSION_TRANSITION_LOG_INFO(format, ...) LOG_INFO("session transition", format, ##__VA_ARGS__)

4
src/session/test/gtest_filter_tcp_dupkt.cpp
View File

@@ -1,6 +1,6 @@
#include <gtest/gtest.h>
#include "session.h"
#include "session_private.h"
#include "session_manager.h"
#include "ipv4_utils.h"
@@ -47,7 +47,7 @@ struct session_manager_options opts = {
static void packet_set_ip_id(struct packet *pkt, uint16_t ip_id)
{
const struct pkt_layer *ipv4_layer = packet_get_innermost_layer(pkt, LAYER_TYPE_IPV4);
const struct packet_layer *ipv4_layer = packet_get_innermost_layer(pkt, LAYER_TYPE_IPV4);
EXPECT_TRUE(ipv4_layer);
struct ip *hdr = (struct ip *)ipv4_layer->hdr_ptr;
ipv4_hdr_set_ipid(hdr, ip_id);

4
src/session/test/gtest_overload_evict_tcp_sess.cpp
View File

@@ -1,6 +1,6 @@
#include <gtest/gtest.h>
#include "session.h"
#include "session_private.h"
#include "session_manager.h"
#include "stellar.h"
@@ -49,7 +49,7 @@ struct session_manager_options opts = {
static void packet_set_ip_src_addr(struct packet *pkt, uint32_t addr)
{
const struct pkt_layer *ipv4_layer = packet_get_innermost_layer(pkt, LAYER_TYPE_IPV4);
const struct packet_layer *ipv4_layer = packet_get_innermost_layer(pkt, LAYER_TYPE_IPV4);
EXPECT_TRUE(ipv4_layer);
struct ip *hdr = (struct ip *)ipv4_layer->hdr_ptr;
ipv4_hdr_set_src_addr(hdr, addr);

4
src/session/test/gtest_overload_evict_udp_sess.cpp
View File

@@ -1,6 +1,6 @@
#include <gtest/gtest.h>
#include "session.h"
#include "session_private.h"
#include "session_manager.h"
#include "stellar.h"
@@ -49,7 +49,7 @@ struct session_manager_options opts = {
static void packet_set_ip_src_addr(struct packet *pkt, uint32_t addr)
{
const struct pkt_layer *ipv4_layer = packet_get_innermost_layer(pkt, LAYER_TYPE_IPV4);
const struct packet_layer *ipv4_layer = packet_get_innermost_layer(pkt, LAYER_TYPE_IPV4);
EXPECT_TRUE(ipv4_layer);
struct ip *hdr = (struct ip *)ipv4_layer->hdr_ptr;
ipv4_hdr_set_src_addr(hdr, addr);

2
src/session/test/gtest_sess_mgr_tcp_reassembly.cpp
View File

@@ -1,6 +1,6 @@
#include <gtest/gtest.h>
#include "session.h"
#include "session_private.h"
#include "session_manager.h"
#include "ipv4_utils.h"

2
src/session/test/gtest_session.cpp
View File

@@ -1,6 +1,6 @@
#include <gtest/gtest.h>
#include "session.h"
#include "session_private.h"
#define SESSION_KEY_IPV4_TCP(name) \
struct tuple6 name; \

96
src/session/test/gtest_state_tcp_active_to_closing.cpp
View File

@@ -1,7 +1,7 @@
// TCP state machine test: active -> closing
#include <gtest/gtest.h>
#include "session.h"
#include "session_private.h"
#include "session_manager.h"
#include "tcp_utils.h"
@@ -117,21 +117,21 @@ TEST(TCP_ACTIVE_TO_CLOSING, BY_FIN_FIN)
EXPECT_TRUE(session_get_id(sess) != 0);
tuple6_to_str(session_get_tuple(sess), buffer, sizeof(buffer));
EXPECT_STREQ(buffer, "192.168.38.105:60111 -> 93.184.216.34:80, proto: 6, domain: 0");
EXPECT_TRUE(session_get_tuple_dir(sess) == SESSION_DIR_C2S);
EXPECT_TRUE(session_get_tuple_direction(sess) == SESSION_DIRECTION_C2S);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSING);
EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
EXPECT_TRUE(session_has_dup_traffic(sess) == 0);
EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_CLIENT_FIN);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_BYTES_RX) == 78 + 145 + 66);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_BYTES_RX) == 66);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_PKTS_RX) == 1 + 1 + 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_PKTS_RX) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_NEW) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_BYTES_RX) == 78 + 145 + 66);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_BYTES_RX) == 66);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_PKTS_RX) == 1 + 1 + 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_PKTS_RX) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_START) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_LAST) == 3);
EXPECT_TRUE(session_get_current_packet(sess) == &pkt);
EXPECT_TRUE(session_get_current_dir(sess) == SESSION_DIR_S2C);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_S2C) != NULL);
EXPECT_TRUE(session_get_current_direction(sess) == SESSION_DIRECTION_S2C);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_S2C) != NULL);
session_dump(sess);
// check stat
@@ -189,7 +189,7 @@ TEST(TCP_ACTIVE_TO_CLOSING, BY_C2S_RST)
char tcp_pkt_c2s_rst[1500] = {0};
memcpy(tcp_pkt_c2s_rst, tcp_pkt9_c2s_fin, sizeof(tcp_pkt9_c2s_fin));
packet_parse(&pkt, (const char *)tcp_pkt_c2s_rst, sizeof(tcp_pkt9_c2s_fin));
const struct pkt_layer *tcp_layer = packet_get_innermost_layer(&pkt, LAYER_TYPE_TCP);
const struct packet_layer *tcp_layer = packet_get_innermost_layer(&pkt, LAYER_TYPE_TCP);
EXPECT_TRUE(tcp_layer);
struct tcphdr *hdr = (struct tcphdr *)tcp_layer->hdr_ptr;
tcp_hdr_set_flags(hdr, 0);
@@ -205,21 +205,21 @@ TEST(TCP_ACTIVE_TO_CLOSING, BY_C2S_RST)
EXPECT_TRUE(session_get_id(sess) != 0);
tuple6_to_str(session_get_tuple(sess), buffer, sizeof(buffer));
EXPECT_STREQ(buffer, "192.168.38.105:60111 -> 93.184.216.34:80, proto: 6, domain: 0");
EXPECT_TRUE(session_get_tuple_dir(sess) == SESSION_DIR_C2S);
EXPECT_TRUE(session_get_tuple_direction(sess) == SESSION_DIRECTION_C2S);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSING);
EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
EXPECT_TRUE(session_has_dup_traffic(sess) == 0);
EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_CLIENT_RST);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_BYTES_RX) == 78 + 145 + 66);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_BYTES_RX) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_PKTS_RX) == 1 + 1 + 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_PKTS_RX) == 0);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_NEW) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_BYTES_RX) == 78 + 145 + 66);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_BYTES_RX) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_PKTS_RX) == 1 + 1 + 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_PKTS_RX) == 0);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_START) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_LAST) == 3);
EXPECT_TRUE(session_get_current_packet(sess) == &pkt);
EXPECT_TRUE(session_get_current_dir(sess) == SESSION_DIR_C2S);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_S2C) == NULL);
EXPECT_TRUE(session_get_current_direction(sess) == SESSION_DIRECTION_C2S);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_S2C) == NULL);
session_dump(sess);
// check stat
@@ -277,7 +277,7 @@ TEST(TCP_ACTIVE_TO_CLOSING, BY_S2C_RST)
char tcp_pkt_s2c_rst[1500] = {0};
memcpy(tcp_pkt_s2c_rst, tcp_pkt10_s2c_fin, sizeof(tcp_pkt10_s2c_fin));
packet_parse(&pkt, (const char *)tcp_pkt_s2c_rst, sizeof(tcp_pkt10_s2c_fin));
const struct pkt_layer *tcp_layer = packet_get_innermost_layer(&pkt, LAYER_TYPE_TCP);
const struct packet_layer *tcp_layer = packet_get_innermost_layer(&pkt, LAYER_TYPE_TCP);
EXPECT_TRUE(tcp_layer);
struct tcphdr *hdr = (struct tcphdr *)tcp_layer->hdr_ptr;
tcp_hdr_set_flags(hdr, 0);
@@ -293,21 +293,21 @@ TEST(TCP_ACTIVE_TO_CLOSING, BY_S2C_RST)
EXPECT_TRUE(session_get_id(sess) != 0);
tuple6_to_str(session_get_tuple(sess), buffer, sizeof(buffer));
EXPECT_STREQ(buffer, "192.168.38.105:60111 -> 93.184.216.34:80, proto: 6, domain: 0");
EXPECT_TRUE(session_get_tuple_dir(sess) == SESSION_DIR_C2S);
EXPECT_TRUE(session_get_tuple_direction(sess) == SESSION_DIRECTION_C2S);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSING);
EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
EXPECT_TRUE(session_has_dup_traffic(sess) == 0);
EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_SERVER_RST);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_BYTES_RX) == 78 + 145);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_BYTES_RX) == 66);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_PKTS_RX) == 1 + 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_PKTS_RX) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_NEW) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_BYTES_RX) == 78 + 145);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_BYTES_RX) == 66);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_PKTS_RX) == 1 + 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_PKTS_RX) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_START) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_LAST) == 3);
EXPECT_TRUE(session_get_current_packet(sess) == &pkt);
EXPECT_TRUE(session_get_current_dir(sess) == SESSION_DIR_S2C);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_S2C) != NULL);
EXPECT_TRUE(session_get_current_direction(sess) == SESSION_DIRECTION_S2C);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_S2C) != NULL);
session_dump(sess);
// check stat
@@ -423,21 +423,21 @@ TEST(TCP_ACTIVE_TO_CLOSING, BY_C2S_HALF_CLOSED_TIMEOUT)
EXPECT_TRUE(session_get_id(sess) != 0);
tuple6_to_str(session_get_tuple(sess), buffer, sizeof(buffer));
EXPECT_STREQ(buffer, "192.168.38.105:60111 -> 93.184.216.34:80, proto: 6, domain: 0");
EXPECT_TRUE(session_get_tuple_dir(sess) == SESSION_DIR_C2S);
EXPECT_TRUE(session_get_tuple_direction(sess) == SESSION_DIRECTION_C2S);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSING);
EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
EXPECT_TRUE(session_has_dup_traffic(sess) == 0);
EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_CLIENT_FIN);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_BYTES_RX) == 78 + 145 + 66);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_BYTES_RX) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_PKTS_RX) == 1 + 1 + 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_PKTS_RX) == 0);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_NEW) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_BYTES_RX) == 78 + 145 + 66);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_BYTES_RX) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_PKTS_RX) == 1 + 1 + 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_PKTS_RX) == 0);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_START) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_LAST) == 3);
EXPECT_TRUE(session_get_current_packet(sess) == &pkt);
EXPECT_TRUE(session_get_current_dir(sess) == SESSION_DIR_C2S);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_S2C) == NULL);
EXPECT_TRUE(session_get_current_direction(sess) == SESSION_DIRECTION_C2S);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_S2C) == NULL);
session_dump(sess);
// check stat
@@ -504,21 +504,21 @@ TEST(TCP_ACTIVE_TO_CLOSING, BY_S2C_HALF_CLOSED_TIMEOUT)
EXPECT_TRUE(session_get_id(sess) != 0);
tuple6_to_str(session_get_tuple(sess), buffer, sizeof(buffer));
EXPECT_STREQ(buffer, "192.168.38.105:60111 -> 93.184.216.34:80, proto: 6, domain: 0");
EXPECT_TRUE(session_get_tuple_dir(sess) == SESSION_DIR_C2S);
EXPECT_TRUE(session_get_tuple_direction(sess) == SESSION_DIRECTION_C2S);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSING);
EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
EXPECT_TRUE(session_has_dup_traffic(sess) == 0);
EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_SERVER_FIN);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_BYTES_RX) == 78 + 145);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_BYTES_RX) == 66);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_PKTS_RX) == 1 + 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_PKTS_RX) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_NEW) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_BYTES_RX) == 78 + 145);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_BYTES_RX) == 66);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_PKTS_RX) == 1 + 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_PKTS_RX) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_START) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_LAST) == 3);
EXPECT_TRUE(session_get_current_packet(sess) == &pkt);
EXPECT_TRUE(session_get_current_dir(sess) == SESSION_DIR_S2C);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_S2C) != NULL);
EXPECT_TRUE(session_get_current_direction(sess) == SESSION_DIRECTION_S2C);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_S2C) != NULL);
session_dump(sess);
// check stat

150
src/session/test/gtest_state_tcp_init_to_opening.cpp
View File

@@ -1,7 +1,7 @@
// TCP state machine test: init -> opening
#include <gtest/gtest.h>
#include "session.h"
#include "session_private.h"
#include "session_manager.h"
#include "ipv4_utils.h"
@@ -76,21 +76,21 @@ TEST(TCP_INIT_TO_OPENING, BY_SYN)
EXPECT_TRUE(session_get_id(sess) != 0);
tuple6_to_str(session_get_tuple(sess), buffer, sizeof(buffer));
EXPECT_STREQ(buffer, "192.168.38.105:60111 -> 93.184.216.34:80, proto: 6, domain: 0");
EXPECT_TRUE(session_get_tuple_dir(sess) == SESSION_DIR_C2S);
EXPECT_TRUE(session_get_tuple_direction(sess) == SESSION_DIRECTION_C2S);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_OPENING);
EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
EXPECT_TRUE(session_has_dup_traffic(sess) == 0);
EXPECT_TRUE(session_get_closing_reason(sess) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_BYTES_RX) == 78);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_BYTES_RX) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_PKTS_RX) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_PKTS_RX) == 0);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_NEW) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_BYTES_RX) == 78);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_BYTES_RX) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_PKTS_RX) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_PKTS_RX) == 0);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_START) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_LAST) == 1);
EXPECT_TRUE(session_get_current_packet(sess) == &pkt);
EXPECT_TRUE(session_get_current_dir(sess) == SESSION_DIR_C2S);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_S2C) == NULL);
EXPECT_TRUE(session_get_current_direction(sess) == SESSION_DIRECTION_C2S);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_S2C) == NULL);
session_dump(sess);
// check stat
@@ -155,21 +155,21 @@ TEST(TCP_INIT_TO_OPENING, BY_SYNACK)
EXPECT_TRUE(session_get_id(sess) != 0);
tuple6_to_str(session_get_tuple(sess), buffer, sizeof(buffer));
EXPECT_STREQ(buffer, "93.184.216.34:80 -> 192.168.38.105:60111, proto: 6, domain: 0");
EXPECT_TRUE(session_get_tuple_dir(sess) == SESSION_DIR_S2C);
EXPECT_TRUE(session_get_tuple_direction(sess) == SESSION_DIRECTION_S2C);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_OPENING);
EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
EXPECT_TRUE(session_has_dup_traffic(sess) == 0);
EXPECT_TRUE(session_get_closing_reason(sess) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_BYTES_RX) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_BYTES_RX) == 74);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_PKTS_RX) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_PKTS_RX) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_NEW) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_BYTES_RX) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_BYTES_RX) == 74);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_PKTS_RX) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_PKTS_RX) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_START) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_LAST) == 1);
EXPECT_TRUE(session_get_current_packet(sess) == &pkt);
EXPECT_TRUE(session_get_current_dir(sess) == SESSION_DIR_S2C);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_C2S) == NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_S2C) != NULL);
EXPECT_TRUE(session_get_current_direction(sess) == SESSION_DIRECTION_S2C);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_C2S) == NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_S2C) != NULL);
session_dump(sess);
// check stat
@@ -245,21 +245,21 @@ TEST(TCP_INIT_TO_OPENING, BY_SYN_SYNACK)
EXPECT_TRUE(session_get_id(sess) != 0);
tuple6_to_str(session_get_tuple(sess), buffer, sizeof(buffer));
EXPECT_STREQ(buffer, "192.168.38.105:60111 -> 93.184.216.34:80, proto: 6, domain: 0");
EXPECT_TRUE(session_get_tuple_dir(sess) == SESSION_DIR_C2S);
EXPECT_TRUE(session_get_tuple_direction(sess) == SESSION_DIRECTION_C2S);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_OPENING);
EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
EXPECT_TRUE(session_has_dup_traffic(sess) == 0);
EXPECT_TRUE(session_get_closing_reason(sess) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_BYTES_RX) == 78);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_BYTES_RX) == 74);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_PKTS_RX) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_PKTS_RX) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_NEW) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_BYTES_RX) == 78);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_BYTES_RX) == 74);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_PKTS_RX) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_PKTS_RX) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_START) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_LAST) == 2);
EXPECT_TRUE(session_get_current_packet(sess) == &pkt);
EXPECT_TRUE(session_get_current_dir(sess) == SESSION_DIR_S2C);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_S2C) != NULL);
EXPECT_TRUE(session_get_current_direction(sess) == SESSION_DIRECTION_S2C);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_S2C) != NULL);
session_dump(sess);
// check stat
@@ -346,21 +346,21 @@ TEST(TCP_INIT_TO_OPENING, BY_SYN_SYNACK_ACK)
EXPECT_TRUE(session_get_id(sess) != 0);
tuple6_to_str(session_get_tuple(sess), buffer, sizeof(buffer));
EXPECT_STREQ(buffer, "192.168.38.105:60111 -> 93.184.216.34:80, proto: 6, domain: 0");
EXPECT_TRUE(session_get_tuple_dir(sess) == SESSION_DIR_C2S);
EXPECT_TRUE(session_get_tuple_direction(sess) == SESSION_DIRECTION_C2S);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_OPENING);
EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
EXPECT_TRUE(session_has_dup_traffic(sess) == 0);
EXPECT_TRUE(session_get_closing_reason(sess) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_BYTES_RX) == 78 + 66);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_BYTES_RX) == 74);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_PKTS_RX) == 1 + 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_PKTS_RX) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_NEW) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_BYTES_RX) == 78 + 66);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_BYTES_RX) == 74);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_PKTS_RX) == 1 + 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_PKTS_RX) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_START) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_LAST) == 3);
EXPECT_TRUE(session_get_current_packet(sess) == &pkt);
EXPECT_TRUE(session_get_current_dir(sess) == SESSION_DIR_C2S);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_S2C) != NULL);
EXPECT_TRUE(session_get_current_direction(sess) == SESSION_DIRECTION_C2S);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_S2C) != NULL);
session_dump(sess);
// check stat
@@ -429,7 +429,7 @@ TEST(TCP_INIT_TO_OPENING, BY_SYN_RETRANSMISSION)
char syn_retransmission[1500] = {0};
memcpy(syn_retransmission, tcp_pkt1_c2s_syn, sizeof(tcp_pkt1_c2s_syn));
packet_parse(&pkt, (const char *)syn_retransmission, sizeof(tcp_pkt1_c2s_syn));
const struct pkt_layer *ipv4_layer = packet_get_innermost_layer(&pkt, LAYER_TYPE_IPV4);
const struct packet_layer *ipv4_layer = packet_get_innermost_layer(&pkt, LAYER_TYPE_IPV4);
struct ip *hdr = (struct ip *)ipv4_layer->hdr_ptr;
ipv4_hdr_set_ipid(hdr, 0x1234);
printf("<= Packet Parse: done\n\n");
@@ -443,21 +443,21 @@ TEST(TCP_INIT_TO_OPENING, BY_SYN_RETRANSMISSION)
EXPECT_TRUE(session_get_id(sess) != 0);
tuple6_to_str(session_get_tuple(sess), buffer, sizeof(buffer));
EXPECT_STREQ(buffer, "192.168.38.105:60111 -> 93.184.216.34:80, proto: 6, domain: 0");
EXPECT_TRUE(session_get_tuple_dir(sess) == SESSION_DIR_C2S);
EXPECT_TRUE(session_get_tuple_direction(sess) == SESSION_DIRECTION_C2S);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_OPENING);
EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
EXPECT_TRUE(session_has_dup_traffic(sess) == 0);
EXPECT_TRUE(session_get_closing_reason(sess) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_BYTES_RX) == 78 + 78);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_BYTES_RX) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_PKTS_RX) == 1 + 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_PKTS_RX) == 0);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_NEW) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_BYTES_RX) == 78 + 78);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_BYTES_RX) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_PKTS_RX) == 1 + 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_PKTS_RX) == 0);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_START) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_LAST) == 2);
EXPECT_TRUE(session_get_current_packet(sess) == &pkt);
EXPECT_TRUE(session_get_current_dir(sess) == SESSION_DIR_C2S);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_S2C) == NULL);
EXPECT_TRUE(session_get_current_direction(sess) == SESSION_DIRECTION_C2S);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_S2C) == NULL);
session_dump(sess);
// check stat
@@ -526,7 +526,7 @@ TEST(TCP_INIT_TO_OPENING, BY_SYNACK_RETRANSMISSION)
char tcp_pkt_s2c_synack_retransmission[1500] = {0};
memcpy(tcp_pkt_s2c_synack_retransmission, tcp_pkt2_s2c_syn_ack, sizeof(tcp_pkt2_s2c_syn_ack));
packet_parse(&pkt, (const char *)tcp_pkt_s2c_synack_retransmission, sizeof(tcp_pkt2_s2c_syn_ack));
const struct pkt_layer *ipv4_layer = packet_get_innermost_layer(&pkt, LAYER_TYPE_IPV4);
const struct packet_layer *ipv4_layer = packet_get_innermost_layer(&pkt, LAYER_TYPE_IPV4);
EXPECT_TRUE(ipv4_layer);
struct ip *hdr = (struct ip *)ipv4_layer->hdr_ptr;
ipv4_hdr_set_ipid(hdr, 0x1234);
@@ -541,21 +541,21 @@ TEST(TCP_INIT_TO_OPENING, BY_SYNACK_RETRANSMISSION)
EXPECT_TRUE(session_get_id(sess) != 0);
tuple6_to_str(session_get_tuple(sess), buffer, sizeof(buffer));
EXPECT_STREQ(buffer, "93.184.216.34:80 -> 192.168.38.105:60111, proto: 6, domain: 0");
EXPECT_TRUE(session_get_tuple_dir(sess) == SESSION_DIR_S2C);
EXPECT_TRUE(session_get_tuple_direction(sess) == SESSION_DIRECTION_S2C);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_OPENING);
EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
EXPECT_TRUE(session_has_dup_traffic(sess) == 0);
EXPECT_TRUE(session_get_closing_reason(sess) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_BYTES_RX) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_BYTES_RX) == 74 + 74);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_PKTS_RX) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_PKTS_RX) == 1 + 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_NEW) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_BYTES_RX) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_BYTES_RX) == 74 + 74);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_PKTS_RX) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_PKTS_RX) == 1 + 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_START) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_LAST) == 2);
EXPECT_TRUE(session_get_current_packet(sess) == &pkt);
EXPECT_TRUE(session_get_current_dir(sess) == SESSION_DIR_S2C);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_C2S) == NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_S2C) != NULL);
EXPECT_TRUE(session_get_current_direction(sess) == SESSION_DIRECTION_S2C);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_C2S) == NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_S2C) != NULL);
session_dump(sess);
// check stat
@@ -631,21 +631,21 @@ TEST(TCP_INIT_TO_OPENING, BY_C2S_ASMMETRIC)
EXPECT_TRUE(session_get_id(sess) != 0);
tuple6_to_str(session_get_tuple(sess), buffer, sizeof(buffer));
EXPECT_STREQ(buffer, "192.168.38.105:60111 -> 93.184.216.34:80, proto: 6, domain: 0");
EXPECT_TRUE(session_get_tuple_dir(sess) == SESSION_DIR_C2S);
EXPECT_TRUE(session_get_tuple_direction(sess) == SESSION_DIRECTION_C2S);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_OPENING);
EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
EXPECT_TRUE(session_has_dup_traffic(sess) == 0);
EXPECT_TRUE(session_get_closing_reason(sess) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_BYTES_RX) == 78 + 66);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_BYTES_RX) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_PKTS_RX) == 1 + 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_PKTS_RX) == 0);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_NEW) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_BYTES_RX) == 78 + 66);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_BYTES_RX) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_PKTS_RX) == 1 + 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_PKTS_RX) == 0);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_START) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_LAST) == 2);
EXPECT_TRUE(session_get_current_packet(sess) == &pkt);
EXPECT_TRUE(session_get_current_dir(sess) == SESSION_DIR_C2S);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_S2C) == NULL);
EXPECT_TRUE(session_get_current_direction(sess) == SESSION_DIRECTION_C2S);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_S2C) == NULL);
session_dump(sess);
// check stat
@@ -721,21 +721,21 @@ TEST(TCP_INIT_TO_OPENING, BY_S2C_ASMMETRIC)
EXPECT_TRUE(session_get_id(sess) != 0);
tuple6_to_str(session_get_tuple(sess), buffer, sizeof(buffer));
EXPECT_STREQ(buffer, "93.184.216.34:80 -> 192.168.38.105:60111, proto: 6, domain: 0");
EXPECT_TRUE(session_get_tuple_dir(sess) == SESSION_DIR_S2C);
EXPECT_TRUE(session_get_tuple_direction(sess) == SESSION_DIRECTION_S2C);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_OPENING);
EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
EXPECT_TRUE(session_has_dup_traffic(sess) == 0);
EXPECT_TRUE(session_get_closing_reason(sess) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_BYTES_RX) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_BYTES_RX) == 74 + 66);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_PKTS_RX) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_PKTS_RX) == 1 + 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_NEW) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_BYTES_RX) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_BYTES_RX) == 74 + 66);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_PKTS_RX) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_PKTS_RX) == 1 + 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_START) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_LAST) == 2);
EXPECT_TRUE(session_get_current_packet(sess) == &pkt);
EXPECT_TRUE(session_get_current_dir(sess) == SESSION_DIR_S2C);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_C2S) == NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_S2C) != NULL);
EXPECT_TRUE(session_get_current_direction(sess) == SESSION_DIRECTION_S2C);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_C2S) == NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_S2C) != NULL);
session_dump(sess);
// check stat

200
src/session/test/gtest_state_tcp_init_to_opening_to_active_to_closing_to_closed.cpp
View File

@@ -1,7 +1,7 @@
// TCP state machine test: init -> opening -> active -> closing -> closed
#include <gtest/gtest.h>
#include "session.h"
#include "session_private.h"
#include "session_manager.h"
#include "test_packets.h"
@@ -72,21 +72,21 @@ TEST(TCP_INIT_TO_OPENING_TO_ACTIVE_TO_CLOSING_TO_CLOSED, TEST)
memset(buffer, 0, sizeof(buffer));
tuple6_to_str(session_get_tuple(sess), buffer, sizeof(buffer));
EXPECT_STREQ(buffer, "192.168.38.105:60111 -> 93.184.216.34:80, proto: 6, domain: 0");
EXPECT_TRUE(session_get_tuple_dir(sess) == SESSION_DIR_C2S);
EXPECT_TRUE(session_get_tuple_direction(sess) == SESSION_DIRECTION_C2S);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_OPENING);
EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
EXPECT_TRUE(session_has_dup_traffic(sess) == 0);
EXPECT_TRUE(session_get_closing_reason(sess) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_BYTES_RX) == 78);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_BYTES_RX) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_PKTS_RX) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_PKTS_RX) == 0);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_NEW) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_BYTES_RX) == 78);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_BYTES_RX) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_PKTS_RX) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_PKTS_RX) == 0);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_START) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_LAST) == 1);
EXPECT_TRUE(session_get_current_packet(sess) == &pkt);
EXPECT_TRUE(session_get_current_dir(sess) == SESSION_DIR_C2S);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_S2C) == NULL);
EXPECT_TRUE(session_get_current_direction(sess) == SESSION_DIRECTION_C2S);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_S2C) == NULL);
// S2C SYNACK Packet
printf("\n=> Packet Parse: TCP S2C SYNACK packet\n");
@@ -103,21 +103,21 @@ TEST(TCP_INIT_TO_OPENING_TO_ACTIVE_TO_CLOSING_TO_CLOSED, TEST)
memset(buffer, 0, sizeof(buffer));
tuple6_to_str(session_get_tuple(sess), buffer, sizeof(buffer));
EXPECT_STREQ(buffer, "192.168.38.105:60111 -> 93.184.216.34:80, proto: 6, domain: 0");
EXPECT_TRUE(session_get_tuple_dir(sess) == SESSION_DIR_C2S);
EXPECT_TRUE(session_get_tuple_direction(sess) == SESSION_DIRECTION_C2S);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_OPENING);
EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
EXPECT_TRUE(session_has_dup_traffic(sess) == 0);
EXPECT_TRUE(session_get_closing_reason(sess) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_BYTES_RX) == 78);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_BYTES_RX) == 74);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_PKTS_RX) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_PKTS_RX) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_NEW) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_BYTES_RX) == 78);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_BYTES_RX) == 74);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_PKTS_RX) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_PKTS_RX) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_START) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_LAST) == 2);
EXPECT_TRUE(session_get_current_packet(sess) == &pkt);
EXPECT_TRUE(session_get_current_dir(sess) == SESSION_DIR_S2C);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_S2C) != NULL);
EXPECT_TRUE(session_get_current_direction(sess) == SESSION_DIRECTION_S2C);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_S2C) != NULL);
// C2S ACK Packet
printf("\n=> Packet Parse: TCP C2S ACK packet\n");
@@ -134,21 +134,21 @@ TEST(TCP_INIT_TO_OPENING_TO_ACTIVE_TO_CLOSING_TO_CLOSED, TEST)
memset(buffer, 0, sizeof(buffer));
tuple6_to_str(session_get_tuple(sess), buffer, sizeof(buffer));
EXPECT_STREQ(buffer, "192.168.38.105:60111 -> 93.184.216.34:80, proto: 6, domain: 0");
EXPECT_TRUE(session_get_tuple_dir(sess) == SESSION_DIR_C2S);
EXPECT_TRUE(session_get_tuple_direction(sess) == SESSION_DIRECTION_C2S);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_OPENING);
EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
EXPECT_TRUE(session_has_dup_traffic(sess) == 0);
EXPECT_TRUE(session_get_closing_reason(sess) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_BYTES_RX) == 78 + 66);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_BYTES_RX) == 74);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_PKTS_RX) == 1 + 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_PKTS_RX) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_NEW) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_BYTES_RX) == 78 + 66);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_BYTES_RX) == 74);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_PKTS_RX) == 1 + 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_PKTS_RX) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_START) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_LAST) == 3);
EXPECT_TRUE(session_get_current_packet(sess) == &pkt);
EXPECT_TRUE(session_get_current_dir(sess) == SESSION_DIR_C2S);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_S2C) != NULL);
EXPECT_TRUE(session_get_current_direction(sess) == SESSION_DIRECTION_C2S);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_S2C) != NULL);
// C2S REQ Packet
printf("\n=> Packet Parse: TCP C2S REQ packet\n");
@@ -165,21 +165,21 @@ TEST(TCP_INIT_TO_OPENING_TO_ACTIVE_TO_CLOSING_TO_CLOSED, TEST)
memset(buffer, 0, sizeof(buffer));
tuple6_to_str(session_get_tuple(sess), buffer, sizeof(buffer));
EXPECT_STREQ(buffer, "192.168.38.105:60111 -> 93.184.216.34:80, proto: 6, domain: 0");
EXPECT_TRUE(session_get_tuple_dir(sess) == SESSION_DIR_C2S);
EXPECT_TRUE(session_get_tuple_direction(sess) == SESSION_DIRECTION_C2S);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_ACTIVE);
EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
EXPECT_TRUE(session_has_dup_traffic(sess) == 0);
EXPECT_TRUE(session_get_closing_reason(sess) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_BYTES_RX) == 78 + 66 + 145);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_BYTES_RX) == 74);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_PKTS_RX) == 1 + 1 + 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_PKTS_RX) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_NEW) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_BYTES_RX) == 78 + 66 + 145);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_BYTES_RX) == 74);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_PKTS_RX) == 1 + 1 + 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_PKTS_RX) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_START) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_LAST) == 4);
EXPECT_TRUE(session_get_current_packet(sess) == &pkt);
EXPECT_TRUE(session_get_current_dir(sess) == SESSION_DIR_C2S);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_S2C) != NULL);
EXPECT_TRUE(session_get_current_direction(sess) == SESSION_DIRECTION_C2S);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_S2C) != NULL);
// S2C ACK Packet
printf("\n=> Packet Parse: TCP S2C ACK packet\n");
@@ -196,21 +196,21 @@ TEST(TCP_INIT_TO_OPENING_TO_ACTIVE_TO_CLOSING_TO_CLOSED, TEST)
memset(buffer, 0, sizeof(buffer));
tuple6_to_str(session_get_tuple(sess), buffer, sizeof(buffer));
EXPECT_STREQ(buffer, "192.168.38.105:60111 -> 93.184.216.34:80, proto: 6, domain: 0");
EXPECT_TRUE(session_get_tuple_dir(sess) == SESSION_DIR_C2S);
EXPECT_TRUE(session_get_tuple_direction(sess) == SESSION_DIRECTION_C2S);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_ACTIVE);
EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
EXPECT_TRUE(session_has_dup_traffic(sess) == 0);
EXPECT_TRUE(session_get_closing_reason(sess) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_BYTES_RX) == 78 + 66 + 145);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_BYTES_RX) == 74 + 66);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_PKTS_RX) == 1 + 1 + 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_PKTS_RX) == 1 + 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_NEW) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_BYTES_RX) == 78 + 66 + 145);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_BYTES_RX) == 74 + 66);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_PKTS_RX) == 1 + 1 + 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_PKTS_RX) == 1 + 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_START) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_LAST) == 5);
EXPECT_TRUE(session_get_current_packet(sess) == &pkt);
EXPECT_TRUE(session_get_current_dir(sess) == SESSION_DIR_S2C);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_S2C) != NULL);
EXPECT_TRUE(session_get_current_direction(sess) == SESSION_DIRECTION_S2C);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_S2C) != NULL);
// S2C HTTP Resp Packet1
printf("\n=> Packet Parse: TCP S2C Resp packet1\n");
@@ -227,21 +227,21 @@ TEST(TCP_INIT_TO_OPENING_TO_ACTIVE_TO_CLOSING_TO_CLOSED, TEST)
memset(buffer, 0, sizeof(buffer));
tuple6_to_str(session_get_tuple(sess), buffer, sizeof(buffer));
EXPECT_STREQ(buffer, "192.168.38.105:60111 -> 93.184.216.34:80, proto: 6, domain: 0");
EXPECT_TRUE(session_get_tuple_dir(sess) == SESSION_DIR_C2S);
EXPECT_TRUE(session_get_tuple_direction(sess) == SESSION_DIRECTION_C2S);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_ACTIVE);
EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
EXPECT_TRUE(session_has_dup_traffic(sess) == 0);
EXPECT_TRUE(session_get_closing_reason(sess) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_BYTES_RX) == 78 + 66 + 145);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_BYTES_RX) == 74 + 66 + 1354);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_PKTS_RX) == 1 + 1 + 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_PKTS_RX) == 1 + 1 + 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_NEW) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_BYTES_RX) == 78 + 66 + 145);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_BYTES_RX) == 74 + 66 + 1354);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_PKTS_RX) == 1 + 1 + 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_PKTS_RX) == 1 + 1 + 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_START) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_LAST) == 6);
EXPECT_TRUE(session_get_current_packet(sess) == &pkt);
EXPECT_TRUE(session_get_current_dir(sess) == SESSION_DIR_S2C);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_S2C) != NULL);
EXPECT_TRUE(session_get_current_direction(sess) == SESSION_DIRECTION_S2C);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_S2C) != NULL);
// S2C HTTP Resp Packet2
printf("\n=> Packet Parse: TCP S2C Resp packet2\n");
@@ -258,21 +258,21 @@ TEST(TCP_INIT_TO_OPENING_TO_ACTIVE_TO_CLOSING_TO_CLOSED, TEST)
memset(buffer, 0, sizeof(buffer));
tuple6_to_str(session_get_tuple(sess), buffer, sizeof(buffer));
EXPECT_STREQ(buffer, "192.168.38.105:60111 -> 93.184.216.34:80, proto: 6, domain: 0");
EXPECT_TRUE(session_get_tuple_dir(sess) == SESSION_DIR_C2S);
EXPECT_TRUE(session_get_tuple_direction(sess) == SESSION_DIRECTION_C2S);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_ACTIVE);
EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
EXPECT_TRUE(session_has_dup_traffic(sess) == 0);
EXPECT_TRUE(session_get_closing_reason(sess) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_BYTES_RX) == 78 + 66 + 145);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_BYTES_RX) == 74 + 66 + 1354 + 385);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_PKTS_RX) == 1 + 1 + 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_PKTS_RX) == 1 + 1 + 1 + 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_NEW) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_BYTES_RX) == 78 + 66 + 145);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_BYTES_RX) == 74 + 66 + 1354 + 385);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_PKTS_RX) == 1 + 1 + 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_PKTS_RX) == 1 + 1 + 1 + 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_START) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_LAST) == 7);
EXPECT_TRUE(session_get_current_packet(sess) == &pkt);
EXPECT_TRUE(session_get_current_dir(sess) == SESSION_DIR_S2C);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_S2C) != NULL);
EXPECT_TRUE(session_get_current_direction(sess) == SESSION_DIRECTION_S2C);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_S2C) != NULL);
// C2S ACK Packet
printf("\n=> Packet Parse: TCP C2S ACK packet\n");
@@ -289,21 +289,21 @@ TEST(TCP_INIT_TO_OPENING_TO_ACTIVE_TO_CLOSING_TO_CLOSED, TEST)
memset(buffer, 0, sizeof(buffer));
tuple6_to_str(session_get_tuple(sess), buffer, sizeof(buffer));
EXPECT_STREQ(buffer, "192.168.38.105:60111 -> 93.184.216.34:80, proto: 6, domain: 0");
EXPECT_TRUE(session_get_tuple_dir(sess) == SESSION_DIR_C2S);
EXPECT_TRUE(session_get_tuple_direction(sess) == SESSION_DIRECTION_C2S);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_ACTIVE);
EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
EXPECT_TRUE(session_has_dup_traffic(sess) == 0);
EXPECT_TRUE(session_get_closing_reason(sess) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_BYTES_RX) == 78 + 66 + 145 + 66);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_BYTES_RX) == 74 + 66 + 1354 + 385);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_PKTS_RX) == 1 + 1 + 1 + 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_PKTS_RX) == 1 + 1 + 1 + 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_NEW) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_BYTES_RX) == 78 + 66 + 145 + 66);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_BYTES_RX) == 74 + 66 + 1354 + 385);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_PKTS_RX) == 1 + 1 + 1 + 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_PKTS_RX) == 1 + 1 + 1 + 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_START) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_LAST) == 8);
EXPECT_TRUE(session_get_current_packet(sess) == &pkt);
EXPECT_TRUE(session_get_current_dir(sess) == SESSION_DIR_C2S);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_S2C) != NULL);
EXPECT_TRUE(session_get_current_direction(sess) == SESSION_DIRECTION_C2S);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_S2C) != NULL);
// C2S FIN Packet
printf("\n=> Packet Parse: TCP C2S FIN packet\n");
@@ -320,21 +320,21 @@ TEST(TCP_INIT_TO_OPENING_TO_ACTIVE_TO_CLOSING_TO_CLOSED, TEST)
memset(buffer, 0, sizeof(buffer));
tuple6_to_str(session_get_tuple(sess), buffer, sizeof(buffer));
EXPECT_STREQ(buffer, "192.168.38.105:60111 -> 93.184.216.34:80, proto: 6, domain: 0");
EXPECT_TRUE(session_get_tuple_dir(sess) == SESSION_DIR_C2S);
EXPECT_TRUE(session_get_tuple_direction(sess) == SESSION_DIRECTION_C2S);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSING);
EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
EXPECT_TRUE(session_has_dup_traffic(sess) == 0);
EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_CLIENT_FIN);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_BYTES_RX) == 78 + 66 + 145 + 66 + 66);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_BYTES_RX) == 74 + 66 + 1354 + 385);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_PKTS_RX) == 1 + 1 + 1 + 1 + 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_PKTS_RX) == 1 + 1 + 1 + 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_NEW) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_BYTES_RX) == 78 + 66 + 145 + 66 + 66);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_BYTES_RX) == 74 + 66 + 1354 + 385);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_PKTS_RX) == 1 + 1 + 1 + 1 + 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_PKTS_RX) == 1 + 1 + 1 + 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_START) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_LAST) == 9);
EXPECT_TRUE(session_get_current_packet(sess) == &pkt);
EXPECT_TRUE(session_get_current_dir(sess) == SESSION_DIR_C2S);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_S2C) != NULL);
EXPECT_TRUE(session_get_current_direction(sess) == SESSION_DIRECTION_C2S);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_S2C) != NULL);
// S2C FIN Packet
printf("\n=> Packet Parse: TCP S2C FIN packet\n");
@@ -351,21 +351,21 @@ TEST(TCP_INIT_TO_OPENING_TO_ACTIVE_TO_CLOSING_TO_CLOSED, TEST)
memset(buffer, 0, sizeof(buffer));
tuple6_to_str(session_get_tuple(sess), buffer, sizeof(buffer));
EXPECT_STREQ(buffer, "192.168.38.105:60111 -> 93.184.216.34:80, proto: 6, domain: 0");
EXPECT_TRUE(session_get_tuple_dir(sess) == SESSION_DIR_C2S);
EXPECT_TRUE(session_get_tuple_direction(sess) == SESSION_DIRECTION_C2S);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSING);
EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
EXPECT_TRUE(session_has_dup_traffic(sess) == 0);
EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_CLIENT_FIN);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_BYTES_RX) == 78 + 66 + 145 + 66 + 66);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_BYTES_RX) == 74 + 66 + 1354 + 385 + 66);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_PKTS_RX) == 1 + 1 + 1 + 1 + 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_PKTS_RX) == 1 + 1 + 1 + 1 + 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_NEW) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_BYTES_RX) == 78 + 66 + 145 + 66 + 66);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_BYTES_RX) == 74 + 66 + 1354 + 385 + 66);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_PKTS_RX) == 1 + 1 + 1 + 1 + 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_PKTS_RX) == 1 + 1 + 1 + 1 + 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_START) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_LAST) == 10);
EXPECT_TRUE(session_get_current_packet(sess) == &pkt);
EXPECT_TRUE(session_get_current_dir(sess) == SESSION_DIR_S2C);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_S2C) != NULL);
EXPECT_TRUE(session_get_current_direction(sess) == SESSION_DIRECTION_S2C);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_S2C) != NULL);
// C2S ACK Packet
printf("\n=> Packet Parse: TCP C2S ACK packet\n");
@@ -382,21 +382,21 @@ TEST(TCP_INIT_TO_OPENING_TO_ACTIVE_TO_CLOSING_TO_CLOSED, TEST)
memset(buffer, 0, sizeof(buffer));
tuple6_to_str(session_get_tuple(sess), buffer, sizeof(buffer));
EXPECT_STREQ(buffer, "192.168.38.105:60111 -> 93.184.216.34:80, proto: 6, domain: 0");
EXPECT_TRUE(session_get_tuple_dir(sess) == SESSION_DIR_C2S);
EXPECT_TRUE(session_get_tuple_direction(sess) == SESSION_DIRECTION_C2S);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSING);
EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
EXPECT_TRUE(session_has_dup_traffic(sess) == 0);
EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_CLIENT_FIN);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_BYTES_RX) == 78 + 66 + 145 + 66 + 66 + 66);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_BYTES_RX) == 74 + 66 + 1354 + 385 + 66);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_PKTS_RX) == 1 + 1 + 1 + 1 + 1 + 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_PKTS_RX) == 1 + 1 + 1 + 1 + 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_NEW) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_BYTES_RX) == 78 + 66 + 145 + 66 + 66 + 66);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_BYTES_RX) == 74 + 66 + 1354 + 385 + 66);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_PKTS_RX) == 1 + 1 + 1 + 1 + 1 + 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_PKTS_RX) == 1 + 1 + 1 + 1 + 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_START) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_LAST) == 11);
EXPECT_TRUE(session_get_current_packet(sess) == &pkt);
EXPECT_TRUE(session_get_current_dir(sess) == SESSION_DIR_C2S);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_S2C) != NULL);
EXPECT_TRUE(session_get_current_direction(sess) == SESSION_DIRECTION_C2S);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_S2C) != NULL);
// check stat
session_manager_print_stat(mgr);

38
src/session/test/gtest_state_tcp_opening_to_active.cpp
View File

@@ -1,7 +1,7 @@
// TCP state machine test: opening -> active
#include <gtest/gtest.h>
#include "session.h"
#include "session_private.h"
#include "session_manager.h"
#include "test_packets.h"
@@ -86,21 +86,21 @@ TEST(TCP_OPENING_TO_ACTIVE, BY_SYN_C2S_DATA)
EXPECT_TRUE(session_get_id(sess) != 0);
tuple6_to_str(session_get_tuple(sess), buffer, sizeof(buffer));
EXPECT_STREQ(buffer, "192.168.38.105:60111 -> 93.184.216.34:80, proto: 6, domain: 0");
EXPECT_TRUE(session_get_tuple_dir(sess) == SESSION_DIR_C2S);
EXPECT_TRUE(session_get_tuple_direction(sess) == SESSION_DIRECTION_C2S);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_ACTIVE);
EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
EXPECT_TRUE(session_has_dup_traffic(sess) == 0);
EXPECT_TRUE(session_get_closing_reason(sess) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_BYTES_RX) == 78 + 145);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_BYTES_RX) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_PKTS_RX) == 1 + 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_PKTS_RX) == 0);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_NEW) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_BYTES_RX) == 78 + 145);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_BYTES_RX) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_PKTS_RX) == 1 + 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_PKTS_RX) == 0);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_START) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_LAST) == 2);
EXPECT_TRUE(session_get_current_packet(sess) == &pkt);
EXPECT_TRUE(session_get_current_dir(sess) == SESSION_DIR_C2S);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_S2C) == NULL);
EXPECT_TRUE(session_get_current_direction(sess) == SESSION_DIRECTION_C2S);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_S2C) == NULL);
session_dump(sess);
// check stat
@@ -176,21 +176,21 @@ TEST(TCP_OPENING_TO_ACTIVE, BY_SYNACK_S2C_DATA)
EXPECT_TRUE(session_get_id(sess) != 0);
tuple6_to_str(session_get_tuple(sess), buffer, sizeof(buffer));
EXPECT_STREQ(buffer, "93.184.216.34:80 -> 192.168.38.105:60111, proto: 6, domain: 0");
EXPECT_TRUE(session_get_tuple_dir(sess) == SESSION_DIR_S2C);
EXPECT_TRUE(session_get_tuple_direction(sess) == SESSION_DIRECTION_S2C);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_ACTIVE);
EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
EXPECT_TRUE(session_has_dup_traffic(sess) == 0);
EXPECT_TRUE(session_get_closing_reason(sess) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_BYTES_RX) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_BYTES_RX) == 74 + 1354);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_PKTS_RX) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_PKTS_RX) == 1 + 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_NEW) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_BYTES_RX) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_BYTES_RX) == 74 + 1354);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_PKTS_RX) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_PKTS_RX) == 1 + 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_START) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_LAST) == 2);
EXPECT_TRUE(session_get_current_packet(sess) == &pkt);
EXPECT_TRUE(session_get_current_dir(sess) == SESSION_DIR_S2C);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_C2S) == NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_S2C) != NULL);
EXPECT_TRUE(session_get_current_direction(sess) == SESSION_DIRECTION_S2C);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_C2S) == NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_S2C) != NULL);
session_dump(sess);
// check stat

132
src/session/test/gtest_state_tcp_opening_to_closing.cpp
View File

@@ -1,7 +1,7 @@
// TCP state machine test: opening -> closing
#include <gtest/gtest.h>
#include "session.h"
#include "session_private.h"
#include "session_manager.h"
#include "tcp_utils.h"
@@ -98,21 +98,21 @@ TEST(TCP_OPENING_TO_CLOSING, BY_FIN_FIN)
EXPECT_TRUE(session_get_id(sess) != 0);
tuple6_to_str(session_get_tuple(sess), buffer, sizeof(buffer));
EXPECT_STREQ(buffer, "192.168.38.105:60111 -> 93.184.216.34:80, proto: 6, domain: 0");
EXPECT_TRUE(session_get_tuple_dir(sess) == SESSION_DIR_C2S);
EXPECT_TRUE(session_get_tuple_direction(sess) == SESSION_DIRECTION_C2S);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSING);
EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
EXPECT_TRUE(session_has_dup_traffic(sess) == 0);
EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_CLIENT_FIN);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_BYTES_RX) == 78 + 66);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_BYTES_RX) == 66);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_PKTS_RX) == 1 + 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_PKTS_RX) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_NEW) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_BYTES_RX) == 78 + 66);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_BYTES_RX) == 66);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_PKTS_RX) == 1 + 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_PKTS_RX) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_START) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_LAST) == 3);
EXPECT_TRUE(session_get_current_packet(sess) == &pkt);
EXPECT_TRUE(session_get_current_dir(sess) == SESSION_DIR_S2C);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_S2C) != NULL);
EXPECT_TRUE(session_get_current_direction(sess) == SESSION_DIRECTION_S2C);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_S2C) != NULL);
session_dump(sess);
// check stat
@@ -178,7 +178,7 @@ TEST(TCP_OPENING_TO_CLOSING, BY_C2S_RST)
char tcp_pkt_c2s_rst[1500] = {0};
memcpy(tcp_pkt_c2s_rst, tcp_pkt9_c2s_fin, sizeof(tcp_pkt9_c2s_fin));
packet_parse(&pkt, (const char *)tcp_pkt_c2s_rst, sizeof(tcp_pkt9_c2s_fin));
const struct pkt_layer *tcp_layer = packet_get_innermost_layer(&pkt, LAYER_TYPE_TCP);
const struct packet_layer *tcp_layer = packet_get_innermost_layer(&pkt, LAYER_TYPE_TCP);
EXPECT_TRUE(tcp_layer);
struct tcphdr *hdr = (struct tcphdr *)tcp_layer->hdr_ptr;
tcp_hdr_set_flags(hdr, 0);
@@ -194,21 +194,21 @@ TEST(TCP_OPENING_TO_CLOSING, BY_C2S_RST)
EXPECT_TRUE(session_get_id(sess) != 0);
tuple6_to_str(session_get_tuple(sess), buffer, sizeof(buffer));
EXPECT_STREQ(buffer, "192.168.38.105:60111 -> 93.184.216.34:80, proto: 6, domain: 0");
EXPECT_TRUE(session_get_tuple_dir(sess) == SESSION_DIR_C2S);
EXPECT_TRUE(session_get_tuple_direction(sess) == SESSION_DIRECTION_C2S);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSING);
EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
EXPECT_TRUE(session_has_dup_traffic(sess) == 0);
EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_CLIENT_RST);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_BYTES_RX) == 78 + 66);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_BYTES_RX) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_PKTS_RX) == 1 + 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_PKTS_RX) == 0);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_NEW) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_BYTES_RX) == 78 + 66);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_BYTES_RX) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_PKTS_RX) == 1 + 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_PKTS_RX) == 0);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_START) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_LAST) == 2);
EXPECT_TRUE(session_get_current_packet(sess) == &pkt);
EXPECT_TRUE(session_get_current_dir(sess) == SESSION_DIR_C2S);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_S2C) == NULL);
EXPECT_TRUE(session_get_current_direction(sess) == SESSION_DIRECTION_C2S);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_S2C) == NULL);
session_dump(sess);
// check stat
@@ -274,7 +274,7 @@ TEST(TCP_OPENING_TO_CLOSING, BY_S2C_RST)
char tcp_pkt_s2c_rst[1500] = {0};
memcpy(tcp_pkt_s2c_rst, tcp_pkt10_s2c_fin, sizeof(tcp_pkt10_s2c_fin));
packet_parse(&pkt, (const char *)tcp_pkt_s2c_rst, sizeof(tcp_pkt10_s2c_fin));
const struct pkt_layer *tcp_layer = packet_get_innermost_layer(&pkt, LAYER_TYPE_TCP);
const struct packet_layer *tcp_layer = packet_get_innermost_layer(&pkt, LAYER_TYPE_TCP);
EXPECT_TRUE(tcp_layer);
struct tcphdr *hdr = (struct tcphdr *)tcp_layer->hdr_ptr;
tcp_hdr_set_flags(hdr, 0);
@@ -290,21 +290,21 @@ TEST(TCP_OPENING_TO_CLOSING, BY_S2C_RST)
EXPECT_TRUE(session_get_id(sess) != 0);
tuple6_to_str(session_get_tuple(sess), buffer, sizeof(buffer));
EXPECT_STREQ(buffer, "192.168.38.105:60111 -> 93.184.216.34:80, proto: 6, domain: 0");
EXPECT_TRUE(session_get_tuple_dir(sess) == SESSION_DIR_C2S);
EXPECT_TRUE(session_get_tuple_direction(sess) == SESSION_DIRECTION_C2S);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSING);
EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
EXPECT_TRUE(session_has_dup_traffic(sess) == 0);
EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_SERVER_RST);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_BYTES_RX) == 78);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_BYTES_RX) == 66);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_PKTS_RX) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_PKTS_RX) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_NEW) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_BYTES_RX) == 78);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_BYTES_RX) == 66);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_PKTS_RX) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_PKTS_RX) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_START) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_LAST) == 2);
EXPECT_TRUE(session_get_current_packet(sess) == &pkt);
EXPECT_TRUE(session_get_current_dir(sess) == SESSION_DIR_S2C);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_S2C) != NULL);
EXPECT_TRUE(session_get_current_direction(sess) == SESSION_DIRECTION_S2C);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_S2C) != NULL);
session_dump(sess);
// check stat
@@ -437,21 +437,21 @@ TEST(TCP_OPENING_TO_CLOSING, BY_HANDSHAKE_TIMEOUT)
EXPECT_TRUE(session_get_id(sess) != 0);
tuple6_to_str(session_get_tuple(sess), buffer, sizeof(buffer));
EXPECT_STREQ(buffer, "192.168.38.105:60111 -> 93.184.216.34:80, proto: 6, domain: 0");
EXPECT_TRUE(session_get_tuple_dir(sess) == SESSION_DIR_C2S);
EXPECT_TRUE(session_get_tuple_direction(sess) == SESSION_DIRECTION_C2S);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_OPENING);
EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
EXPECT_TRUE(session_has_dup_traffic(sess) == 0);
EXPECT_TRUE(session_get_closing_reason(sess) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_BYTES_RX) == 78);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_BYTES_RX) == 74);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_PKTS_RX) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_PKTS_RX) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_NEW) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_BYTES_RX) == 78);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_BYTES_RX) == 74);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_PKTS_RX) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_PKTS_RX) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_START) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_LAST) == 2);
EXPECT_TRUE(session_get_current_packet(sess) == &pkt);
EXPECT_TRUE(session_get_current_dir(sess) == SESSION_DIR_S2C);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_S2C) != NULL);
EXPECT_TRUE(session_get_current_direction(sess) == SESSION_DIRECTION_S2C);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_S2C) != NULL);
session_dump(sess);
// check stat
@@ -538,21 +538,21 @@ TEST(TCP_OPENING_TO_CLOSING, BY_DATA_TIMEOUT)
EXPECT_TRUE(session_get_id(sess) != 0);
tuple6_to_str(session_get_tuple(sess), buffer, sizeof(buffer));
EXPECT_STREQ(buffer, "192.168.38.105:60111 -> 93.184.216.34:80, proto: 6, domain: 0");
EXPECT_TRUE(session_get_tuple_dir(sess) == SESSION_DIR_C2S);
EXPECT_TRUE(session_get_tuple_direction(sess) == SESSION_DIRECTION_C2S);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_OPENING);
EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
EXPECT_TRUE(session_has_dup_traffic(sess) == 0);
EXPECT_TRUE(session_get_closing_reason(sess) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_BYTES_RX) == 78 + 66);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_BYTES_RX) == 74);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_PKTS_RX) == 1 + 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_PKTS_RX) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_NEW) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_BYTES_RX) == 78 + 66);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_BYTES_RX) == 74);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_PKTS_RX) == 1 + 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_PKTS_RX) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_START) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_LAST) == 3);
EXPECT_TRUE(session_get_current_packet(sess) == &pkt);
EXPECT_TRUE(session_get_current_dir(sess) == SESSION_DIR_C2S);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_S2C) != NULL);
EXPECT_TRUE(session_get_current_direction(sess) == SESSION_DIRECTION_C2S);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_S2C) != NULL);
session_dump(sess);
// check stat
@@ -628,21 +628,21 @@ TEST(TCP_OPENING_TO_CLOSING, BY_C2S_HALF_FIN)
EXPECT_TRUE(session_get_id(sess) != 0);
tuple6_to_str(session_get_tuple(sess), buffer, sizeof(buffer));
EXPECT_STREQ(buffer, "192.168.38.105:60111 -> 93.184.216.34:80, proto: 6, domain: 0");
EXPECT_TRUE(session_get_tuple_dir(sess) == SESSION_DIR_C2S);
EXPECT_TRUE(session_get_tuple_direction(sess) == SESSION_DIRECTION_C2S);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSING);
EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
EXPECT_TRUE(session_has_dup_traffic(sess) == 0);
EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_CLIENT_FIN);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_BYTES_RX) == 78 + 66);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_BYTES_RX) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_PKTS_RX) == 1 + 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_PKTS_RX) == 0);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_NEW) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_BYTES_RX) == 78 + 66);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_BYTES_RX) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_PKTS_RX) == 1 + 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_PKTS_RX) == 0);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_START) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_LAST) == 2);
EXPECT_TRUE(session_get_current_packet(sess) == &pkt);
EXPECT_TRUE(session_get_current_dir(sess) == SESSION_DIR_C2S);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_S2C) == NULL);
EXPECT_TRUE(session_get_current_direction(sess) == SESSION_DIRECTION_C2S);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_S2C) == NULL);
session_dump(sess);
// check stat
@@ -717,21 +717,21 @@ TEST(TCP_OPENING_TO_CLOSING, BY_S2C_HALF_FIN)
EXPECT_TRUE(session_get_id(sess) != 0);
tuple6_to_str(session_get_tuple(sess), buffer, sizeof(buffer));
EXPECT_STREQ(buffer, "192.168.38.105:60111 -> 93.184.216.34:80, proto: 6, domain: 0");
EXPECT_TRUE(session_get_tuple_dir(sess) == SESSION_DIR_C2S);
EXPECT_TRUE(session_get_tuple_direction(sess) == SESSION_DIRECTION_C2S);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSING);
EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP);
EXPECT_TRUE(session_has_dup_traffic(sess) == 0);
EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_SERVER_FIN);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_BYTES_RX) == 78);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_BYTES_RX) == 66);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_PKTS_RX) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_PKTS_RX) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_NEW) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_BYTES_RX) == 78);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_BYTES_RX) == 66);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_PKTS_RX) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_PKTS_RX) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_START) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_LAST) == 2);
EXPECT_TRUE(session_get_current_packet(sess) == &pkt);
EXPECT_TRUE(session_get_current_dir(sess) == SESSION_DIR_S2C);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_S2C) != NULL);
EXPECT_TRUE(session_get_current_direction(sess) == SESSION_DIRECTION_S2C);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_S2C) != NULL);
session_dump(sess);
// check stat

38
src/session/test/gtest_state_udp_init_to_opening_to_active_to_closing.cpp
View File

@@ -1,7 +1,7 @@
// UDP state machine test: init -> opening -> active -> closing
#include <gtest/gtest.h>
#include "session.h"
#include "session_private.h"
#include "session_manager.h"
#include "test_packets.h"
@@ -71,21 +71,21 @@ TEST(UDP_INIT_TO_OPENING_TO_ACTIVE_TO_CLOSING, TEST)
EXPECT_TRUE(session_get_id(sess) != 0);
tuple6_to_str(session_get_tuple(sess), buffer, sizeof(buffer));
EXPECT_STREQ(buffer, "192.168.38.105:61099 -> 121.14.154.93:53, proto: 17, domain: 0");
EXPECT_TRUE(session_get_tuple_dir(sess) == SESSION_DIR_C2S);
EXPECT_TRUE(session_get_tuple_direction(sess) == SESSION_DIRECTION_C2S);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_OPENING);
EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_UDP);
EXPECT_TRUE(session_has_dup_traffic(sess) == 0);
EXPECT_TRUE(session_get_closing_reason(sess) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_BYTES_RX) == 74);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_BYTES_RX) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_PKTS_RX) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_PKTS_RX) == 0);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_NEW) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_BYTES_RX) == 74);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_BYTES_RX) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_PKTS_RX) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_PKTS_RX) == 0);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_START) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_LAST) == 1);
EXPECT_TRUE(session_get_current_packet(sess) == &pkt);
EXPECT_TRUE(session_get_current_dir(sess) == SESSION_DIR_C2S);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_S2C) == NULL);
EXPECT_TRUE(session_get_current_direction(sess) == SESSION_DIRECTION_C2S);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_S2C) == NULL);
// S2C RESP Packet
printf("\n=> Packet Parse: UDP S2C RESP packet\n");
@@ -101,21 +101,21 @@ TEST(UDP_INIT_TO_OPENING_TO_ACTIVE_TO_CLOSING, TEST)
EXPECT_TRUE(session_get_id(sess) != 0);
tuple6_to_str(session_get_tuple(sess), buffer, sizeof(buffer));
EXPECT_STREQ(buffer, "192.168.38.105:61099 -> 121.14.154.93:53, proto: 17, domain: 0");
EXPECT_TRUE(session_get_tuple_dir(sess) == SESSION_DIR_C2S);
EXPECT_TRUE(session_get_tuple_direction(sess) == SESSION_DIRECTION_C2S);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_ACTIVE);
EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_UDP);
EXPECT_TRUE(session_has_dup_traffic(sess) == 0);
EXPECT_TRUE(session_get_closing_reason(sess) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_BYTES_RX) == 74);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_BYTES_RX) == 550);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_PKTS_RX) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_PKTS_RX) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_NEW) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_BYTES_RX) == 74);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_BYTES_RX) == 550);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_PKTS_RX) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_PKTS_RX) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_START) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_LAST) == 2);
EXPECT_TRUE(session_get_current_packet(sess) == &pkt);
EXPECT_TRUE(session_get_current_dir(sess) == SESSION_DIR_S2C);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_S2C) != NULL);
EXPECT_TRUE(session_get_current_direction(sess) == SESSION_DIRECTION_S2C);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_S2C) != NULL);
session_dump(sess);
// check stat

38
src/session/test/gtest_state_udp_init_to_opening_to_closing.cpp
View File

@@ -1,7 +1,7 @@
// UDP state machine test: init -> opening -> closing
#include <gtest/gtest.h>
#include "session.h"
#include "session_private.h"
#include "session_manager.h"
#include "test_packets.h"
@@ -76,21 +76,21 @@ TEST(UDP_INIT_TO_OPENING_TO_CLOSING, BY_C2S)
EXPECT_TRUE(session_get_id(sess) != 0);
tuple6_to_str(session_get_tuple(sess), buffer, sizeof(buffer));
EXPECT_STREQ(buffer, "192.168.38.105:61099 -> 121.14.154.93:53, proto: 17, domain: 0");
EXPECT_TRUE(session_get_tuple_dir(sess) == SESSION_DIR_C2S);
EXPECT_TRUE(session_get_tuple_direction(sess) == SESSION_DIRECTION_C2S);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_OPENING);
EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_UDP);
EXPECT_TRUE(session_has_dup_traffic(sess) == 0);
EXPECT_TRUE(session_get_closing_reason(sess) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_BYTES_RX) == 74);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_BYTES_RX) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_PKTS_RX) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_PKTS_RX) == 0);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_NEW) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_BYTES_RX) == 74);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_BYTES_RX) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_PKTS_RX) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_PKTS_RX) == 0);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_START) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_LAST) == 1);
EXPECT_TRUE(session_get_current_packet(sess) == &pkt);
EXPECT_TRUE(session_get_current_dir(sess) == SESSION_DIR_C2S);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_S2C) == NULL);
EXPECT_TRUE(session_get_current_direction(sess) == SESSION_DIRECTION_C2S);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_C2S) != NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_S2C) == NULL);
session_dump(sess);
// check stat
@@ -156,21 +156,21 @@ TEST(UDP_INIT_TO_OPENING_TO_CLOSING, BY_S2C)
EXPECT_TRUE(session_get_id(sess) != 0);
tuple6_to_str(session_get_tuple(sess), buffer, sizeof(buffer));
EXPECT_STREQ(buffer, "121.14.154.93:53 -> 192.168.38.105:61099, proto: 17, domain: 0");
EXPECT_TRUE(session_get_tuple_dir(sess) == SESSION_DIR_S2C);
EXPECT_TRUE(session_get_tuple_direction(sess) == SESSION_DIRECTION_S2C);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_OPENING);
EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_UDP);
EXPECT_TRUE(session_has_dup_traffic(sess) == 0);
EXPECT_TRUE(session_get_closing_reason(sess) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_BYTES_RX) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_BYTES_RX) == 550);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_C2S, STAT_RAW_PKTS_RX) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIR_S2C, STAT_RAW_PKTS_RX) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_NEW) == 1);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_BYTES_RX) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_BYTES_RX) == 550);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_C2S, STAT_RAW_PKTS_RX) == 0);
EXPECT_TRUE(session_get_stat(sess, SESSION_DIRECTION_S2C, STAT_RAW_PKTS_RX) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_START) == 1);
EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_LAST) == 1);
EXPECT_TRUE(session_get_current_packet(sess) == &pkt);
EXPECT_TRUE(session_get_current_dir(sess) == SESSION_DIR_S2C);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_C2S) == NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIR_S2C) != NULL);
EXPECT_TRUE(session_get_current_direction(sess) == SESSION_DIRECTION_S2C);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_C2S) == NULL);
EXPECT_TRUE(session_get_1st_packet(sess, SESSION_DIRECTION_S2C) != NULL);
session_dump(sess);
// check stat

2
src/session/test/gtest_timeout_tcp_data.cpp
View File

@@ -1,6 +1,6 @@
#include <gtest/gtest.h>
#include "session.h"
#include "session_private.h"
#include "session_manager.h"
#include "test_packets.h"

2
src/session/test/gtest_timeout_tcp_handshake.cpp
View File

@@ -1,6 +1,6 @@
#include <gtest/gtest.h>
#include "session.h"
#include "session_private.h"
#include "session_manager.h"
#include "ipv4_utils.h"

2
src/session/test/gtest_timeout_tcp_init.cpp
View File

@@ -1,6 +1,6 @@
#include <gtest/gtest.h>
#include "session.h"
#include "session_private.h"
#include "session_manager.h"
#include "ipv4_utils.h"

2
src/session/test/gtest_timeout_udp_data.cpp
View File

@@ -1,6 +1,6 @@
#include <gtest/gtest.h>
#include "session.h"
#include "session_private.h"
#include "session_manager.h"
#include "test_packets.h"

13
src/stellar/stellar.cpp
View File

@@ -11,7 +11,7 @@
#include "logo.h"
#include "stellar.h"
#include "config.h"
#include "packet.h"
#include "packet_private.h"
#include "packet_io.h"
#include "timestamp.h"
#include "id_generator.h"
@@ -157,10 +157,10 @@ static void execute_packet_action(struct packet_io *packet_io, struct session *s
stat_byte = (type == PACKET_TYPE_CTRL) ? STAT_CTRL_BYTES_TX : STAT_RAW_BYTES_TX;
}
session_inc_stat(sess, session_get_current_dir(sess), stat_pkt, 1);
session_inc_stat(sess, session_get_current_dir(sess), stat_byte, packet_get_len(pkt));
session_inc_stat(sess, session_get_current_direction(sess), stat_pkt, 1);
session_inc_stat(sess, session_get_current_direction(sess), stat_byte, packet_get_len(pkt));
session_set_current_packet(sess, NULL);
session_set_current_dir(sess, SESSION_DIR_NONE);
session_set_current_direction(sess, SESSION_DIRECTION_NONE);
}
if (action == PACKET_ACTION_DROP)
@@ -253,7 +253,10 @@ static void *main_loop(void *arg)
}
else
{
session_manager_update_session(sess_mgr, sess, pkt, now);
if (session_manager_update_session(sess_mgr, sess, pkt, now) == -1)
{
goto fast_path;
}
}
plugin_manager_dispatch(plug_mgr, sess, pkt);

1
src/tuple/CMakeLists.txt
View File

@@ -1,6 +1,7 @@
add_library(tuple tuple.cpp)
target_include_directories(tuple PUBLIC ${CMAKE_CURRENT_LIST_DIR})
target_include_directories(tuple PUBLIC ${CMAKE_SOURCE_DIR}/src/crc32)
target_include_directories(tuple PUBLIC ${CMAKE_SOURCE_DIR}/include)
target_link_libraries(tuple)
add_subdirectory(test)