diff --git a/conf/stellar.toml b/conf/stellar.toml index 7c20b45..e205161 100644 --- a/conf/stellar.toml +++ b/conf/stellar.toml @@ -13,9 +13,9 @@ cpu_mask = [5, 6, 7, 8, 9, 10, 11, 12] [ip_reassembly] enable = 1 -timeout = 10000 # ms -bucket_entries = 8 -bucket_num = 4096 +timeout = 10000 # range: [1, 60000] (ms) +bucket_entries = 8 # range: [1, 256] (must be power of 2) +bucket_num = 4096 # range: [1, 4294967295] [session_manager] # max session number @@ -27,30 +27,30 @@ tcp_overload_evict_old_sess = 1 # 1: evict old session, 0: bypass new session udp_overload_evict_old_sess = 1 # 1: evict old session, 0: bypass new session # TCP timeout -tcp_timeout_init = 5000 # ms, Range: 1-60,000 -tcp_timeout_handshake = 10000 # ms, Range: 1-60,000 -tcp_timeout_data = 3600000 # ms, Range: 1-15,999,999,000 -tcp_timeout_half_closed = 120000 # ms, Range: 1-604,800,000 -tcp_timeout_time_wait = 15000 # ms, Range: 1-600,000 -tcp_timeout_discard = 90000 # ms, Range: 1-15,999,999,000 - +tcp_init_timeout = 5000 # range: [1, 60000] (ms) +tcp_handshake_timeout = 10000 # range: [1, 60000] (ms) +tcp_data_timeout = 3600000 # range: [1, 15999999000] (ms) +tcp_half_closed_timeout = 120000 # range: [1, 604800000] (ms) +tcp_time_wait_timeout = 15000 # range: [1, 600000] (ms) +tcp_discard_timeout = 90000 # range: [1, 15999999000] (ms) +tcp_unverified_rst_timeout = 10000 # range: [1, 600000] (ms) # UDP timeout -udp_timeout_data = 10000 # ms, Range: 1-15,999,999,000 +udp_data_timeout = 10000 # range: [1, 15999999000] (ms) # duplicate packet filter duplicated_packet_filter_enable = 1 -duplicated_packet_filter_capacity = 1000000 -duplicated_packet_filter_timeout = 10000 # ms, Range: 1-60,000 -duplicated_packet_filter_error_rate = 0.00001 +duplicated_packet_filter_capacity = 1000000 # range: [1, 4294967295] +duplicated_packet_filter_timeout = 10000 # range: [1, 60000] (ms) +duplicated_packet_filter_error_rate = 0.00001 # range: [0.0, 1.0] # evicted session filter evicted_session_filter_enable = 1 -evicted_session_filter_capacity = 1000000 -evicted_session_filter_timeout = 10000 # ms, Range: 1-60,000 -evicted_session_filter_error_rate = 0.00001 +evicted_session_filter_capacity = 1000000 # range: [1, 4294967295] +evicted_session_filter_timeout = 10000 # range: [1, 60000] (ms) +evicted_session_filter_error_rate = 0.00001 # range: [0.0, 1.0] # TCP reassembly (Per direction) tcp_reassembly_enable = 1 -tcp_reassembly_max_timeout = 10000 # ms, Range: 1-60,000 -tcp_reassembly_max_segments = 8 # 0: unlimited -tcp_reassembly_max_bytes = 0 # 0: unlimited +tcp_reassembly_max_timeout = 10000 # range: [1, 60000] (ms) +tcp_reassembly_max_segments = 32 # 0: unlimited +tcp_reassembly_max_bytes = 46720 # 0: unlimited diff --git a/src/config/config.cpp b/src/config/config.cpp index 72a92e6..7efcbcd 100644 --- a/src/config/config.cpp +++ b/src/config/config.cpp @@ -7,30 +7,30 @@ // return 0: success // retuun -1: failed -static int parse_device_options(toml_table_t *table, struct device_options *opts) +static int parse_device_section(toml_table_t *root, struct device_options *opts) { const char *ptr; - toml_table_t *device; + toml_table_t *table; - device = toml_table_in(table, "device"); - if (device == NULL) + table = toml_table_in(root, "device"); + if (table == NULL) { CONFIG_LOG_ERROR("config file missing device section"); return -1; } - ptr = toml_raw_in(device, "device_base"); + ptr = toml_raw_in(table, "device_base"); if (ptr == NULL) { - CONFIG_LOG_ERROR("config file missing device.device_base"); + CONFIG_LOG_ERROR("config file missing device->device_base"); return -1; } opts->device_base = atoi(ptr); - ptr = toml_raw_in(device, "device_offset"); + ptr = toml_raw_in(table, "device_offset"); if (ptr == NULL) { - CONFIG_LOG_ERROR("config file missing device.device_offset"); + CONFIG_LOG_ERROR("config file missing device->device_offset"); return -1; } opts->device_offset = atoi(ptr); @@ -40,23 +40,23 @@ static int parse_device_options(toml_table_t *table, struct device_options *opts // return 0: success // retuun -1: failed -static int parse_packet_io_options(toml_table_t *table, struct packet_io_options *opts) +static int parse_packet_io_section(toml_table_t *root, struct packet_io_options *opts) { const char *ptr; - toml_table_t *packet_io; + toml_table_t *table; toml_array_t *mask_array; - packet_io = toml_table_in(table, "packet_io"); - if (packet_io == NULL) + table = toml_table_in(root, "packet_io"); + if (table == NULL) { CONFIG_LOG_ERROR("config file missing packet_io section"); return -1; } - ptr = toml_raw_in(packet_io, "mode"); + ptr = toml_raw_in(table, "mode"); if (ptr == NULL) { - CONFIG_LOG_ERROR("config file missing packet_io.mode"); + CONFIG_LOG_ERROR("config file missing packet_io->mode"); return -1; } if (strcmp(ptr, "dumpfile") == 0) @@ -69,16 +69,16 @@ static int parse_packet_io_options(toml_table_t *table, struct packet_io_options } else { - CONFIG_LOG_ERROR("config file invalid packet_io.mode %s, only support dumpfile and marsio", ptr); + CONFIG_LOG_ERROR("config file invalid packet_io->mode %s, only support dumpfile and marsio", ptr); return -1; } if (opts->mode == PACKET_IO_DUMPFILE) { - ptr = toml_raw_in(packet_io, "dumpfile_dir"); + ptr = toml_raw_in(table, "dumpfile_dir"); if (ptr == NULL) { - CONFIG_LOG_ERROR("config file missing packet_io.dumpfile_dir"); + CONFIG_LOG_ERROR("config file missing packet_io->dumpfile_dir"); return -1; } // skip "" @@ -86,40 +86,40 @@ static int parse_packet_io_options(toml_table_t *table, struct packet_io_options } else { - ptr = toml_raw_in(packet_io, "app_symbol"); + ptr = toml_raw_in(table, "app_symbol"); if (ptr == NULL) { - CONFIG_LOG_ERROR("config file missing packet_io.app_symbol"); + CONFIG_LOG_ERROR("config file missing packet_io->app_symbol"); return -1; } strncpy(opts->app_symbol, ptr, sizeof(opts->app_symbol) - 1); - ptr = toml_raw_in(packet_io, "dev_symbol"); + ptr = toml_raw_in(table, "dev_symbol"); if (ptr == NULL) { - CONFIG_LOG_ERROR("config file missing packet_io.dev_symbol"); + CONFIG_LOG_ERROR("config file missing packet_io->dev_symbol"); return -1; } strncpy(opts->dev_symbol, ptr, sizeof(opts->dev_symbol) - 1); } - ptr = toml_raw_in(packet_io, "nr_threads"); + ptr = toml_raw_in(table, "nr_threads"); if (ptr == NULL) { - CONFIG_LOG_ERROR("config file missing packet_io.nr_threads"); + CONFIG_LOG_ERROR("config file missing packet_io->nr_threads"); return -1; } if (atoi(ptr) <= 0 || atoi(ptr) > MAX_THREAD_NUM) { - CONFIG_LOG_ERROR("config file invalid packet_io.nr_threads %d, range [1, %d]", atoi(ptr), MAX_THREAD_NUM); + CONFIG_LOG_ERROR("config file invalid packet_io->nr_threads %d, range [1, %d]", atoi(ptr), MAX_THREAD_NUM); return -1; } opts->nr_threads = atoi(ptr); - mask_array = toml_array_in(packet_io, "cpu_mask"); + mask_array = toml_array_in(table, "cpu_mask"); if (mask_array == NULL) { - CONFIG_LOG_ERROR("config file missing packet_io.cpu_mask"); + CONFIG_LOG_ERROR("config file missing packet_io->cpu_mask"); return -1; } for (uint8_t i = 0; i < opts->nr_threads; i++) @@ -127,7 +127,7 @@ static int parse_packet_io_options(toml_table_t *table, struct packet_io_options ptr = toml_raw_at(mask_array, i); if (ptr == NULL) { - CONFIG_LOG_ERROR("config file missing packet_io.cpu_mask[%d]", i); + CONFIG_LOG_ERROR("config file missing packet_io->cpu_mask[%d]", i); return -1; } opts->cpu_mask[i] = atoi(ptr); @@ -138,46 +138,46 @@ static int parse_packet_io_options(toml_table_t *table, struct packet_io_options // return 0: success // retuun -1: failed -static int parse_ip_reassembly_options(toml_table_t *table, struct ip_reassembly_options *opts) +static int parse_ip_reassembly_section(toml_table_t *root, struct ip_reassembly_options *opts) { const char *ptr; - toml_table_t *ip_reassembly; + toml_table_t *table; - ip_reassembly = toml_table_in(table, "ip_reassembly"); - if (ip_reassembly == NULL) + table = toml_table_in(root, "ip_reassembly"); + if (table == NULL) { CONFIG_LOG_ERROR("config file missing ip_reassembly section"); return -1; } - ptr = toml_raw_in(ip_reassembly, "enable"); + ptr = toml_raw_in(table, "enable"); if (ptr == NULL) { - CONFIG_LOG_ERROR("config file missing ip_reassembly.enable"); + CONFIG_LOG_ERROR("config file missing ip_reassembly->enable"); return -1; } opts->enable = atoi(ptr); - ptr = toml_raw_in(ip_reassembly, "timeout"); + ptr = toml_raw_in(table, "timeout"); if (ptr == NULL) { - CONFIG_LOG_ERROR("config file missing ip_reassembly.timeout"); + CONFIG_LOG_ERROR("config file missing ip_reassembly->timeout"); return -1; } opts->timeout = atoi(ptr); - ptr = toml_raw_in(ip_reassembly, "bucket_entries"); + ptr = toml_raw_in(table, "bucket_entries"); if (ptr == NULL) { - CONFIG_LOG_ERROR("config file missing ip_reassembly.bucket_entries"); + CONFIG_LOG_ERROR("config file missing ip_reassembly->bucket_entries"); return -1; } opts->bucket_entries = atoi(ptr); - ptr = toml_raw_in(ip_reassembly, "bucket_num"); + ptr = toml_raw_in(table, "bucket_num"); if (ptr == NULL) { - CONFIG_LOG_ERROR("config file missing ip_reassembly.bucket_num"); + CONFIG_LOG_ERROR("config file missing ip_reassembly->bucket_num"); return -1; } opts->bucket_num = atoi(ptr); @@ -187,205 +187,213 @@ static int parse_ip_reassembly_options(toml_table_t *table, struct ip_reassembly // return 0: success // retuun -1: failed -static int parse_session_manager_options(toml_table_t *table, struct session_manager_options *opts) +static int parse_session_manager_section(toml_table_t *root, struct session_manager_options *opts) { const char *ptr; - toml_table_t *session_manager; + toml_table_t *table; - session_manager = toml_table_in(table, "session_manager"); - if (session_manager == NULL) + table = toml_table_in(root, "session_manager"); + if (table == NULL) { CONFIG_LOG_ERROR("config file missing session_manager section"); return -1; } // max session number - ptr = toml_raw_in(session_manager, "max_tcp_session_num"); + ptr = toml_raw_in(table, "max_tcp_session_num"); if (ptr == NULL) { - CONFIG_LOG_ERROR("config file missing session_manager.max_tcp_session_num"); + CONFIG_LOG_ERROR("config file missing session_manager->max_tcp_session_num"); return -1; } opts->max_tcp_session_num = atoll(ptr); - ptr = toml_raw_in(session_manager, "max_udp_session_num"); + ptr = toml_raw_in(table, "max_udp_session_num"); if (ptr == NULL) { - CONFIG_LOG_ERROR("config file missing session_manager.max_udp_session_num"); + CONFIG_LOG_ERROR("config file missing session_manager->max_udp_session_num"); return -1; } opts->max_udp_session_num = atoll(ptr); // session overload (1: evict old session, 0: bypass new session) - ptr = toml_raw_in(session_manager, "tcp_overload_evict_old_sess"); + ptr = toml_raw_in(table, "tcp_overload_evict_old_sess"); if (ptr == NULL) { - CONFIG_LOG_ERROR("config file missing session_manager.tcp_overload_evict_old_sess"); + CONFIG_LOG_ERROR("config file missing session_manager->tcp_overload_evict_old_sess"); return -1; } opts->tcp_overload_evict_old_sess = atoi(ptr); - ptr = toml_raw_in(session_manager, "udp_overload_evict_old_sess"); + ptr = toml_raw_in(table, "udp_overload_evict_old_sess"); if (ptr == NULL) { - CONFIG_LOG_ERROR("config file missing session_manager.udp_overload_evict_old_sess"); + CONFIG_LOG_ERROR("config file missing session_manager->udp_overload_evict_old_sess"); return -1; } opts->udp_overload_evict_old_sess = atoi(ptr); // TCP timeout - ptr = toml_raw_in(session_manager, "tcp_timeout_init"); + ptr = toml_raw_in(table, "tcp_init_timeout"); if (ptr == NULL) { - CONFIG_LOG_ERROR("config file missing session_manager.tcp_timeout_init"); + CONFIG_LOG_ERROR("config file missing session_manager->tcp_init_timeout"); return -1; } - opts->tcp_timeout_init = atoll(ptr); + opts->tcp_init_timeout = atoll(ptr); - ptr = toml_raw_in(session_manager, "tcp_timeout_handshake"); + ptr = toml_raw_in(table, "tcp_handshake_timeout"); if (ptr == NULL) { - CONFIG_LOG_ERROR("config file missing session_manager.tcp_timeout_handshake"); + CONFIG_LOG_ERROR("config file missing session_manager->tcp_handshake_timeout"); return -1; } - opts->tcp_timeout_handshake = atoll(ptr); + opts->tcp_handshake_timeout = atoll(ptr); - ptr = toml_raw_in(session_manager, "tcp_timeout_data"); + ptr = toml_raw_in(table, "tcp_data_timeout"); if (ptr == NULL) { - CONFIG_LOG_ERROR("config file missing session_manager.tcp_timeout_data"); + CONFIG_LOG_ERROR("config file missing session_manager->tcp_data_timeout"); return -1; } - opts->tcp_timeout_data = atoll(ptr); + opts->tcp_data_timeout = atoll(ptr); - ptr = toml_raw_in(session_manager, "tcp_timeout_half_closed"); + ptr = toml_raw_in(table, "tcp_half_closed_timeout"); if (ptr == NULL) { - CONFIG_LOG_ERROR("config file missing session_manager.tcp_timeout_half_closed"); + CONFIG_LOG_ERROR("config file missing session_manager->tcp_half_closed_timeout"); return -1; } - opts->tcp_timeout_half_closed = atoll(ptr); + opts->tcp_half_closed_timeout = atoll(ptr); - ptr = toml_raw_in(session_manager, "tcp_timeout_time_wait"); + ptr = toml_raw_in(table, "tcp_time_wait_timeout"); if (ptr == NULL) { - CONFIG_LOG_ERROR("config file missing session_manager.tcp_timeout_time_wait"); + CONFIG_LOG_ERROR("config file missing session_manager->tcp_time_wait_timeout"); return -1; } - opts->tcp_timeout_time_wait = atoll(ptr); + opts->tcp_time_wait_timeout = atoll(ptr); - ptr = toml_raw_in(session_manager, "tcp_timeout_discard"); + ptr = toml_raw_in(table, "tcp_discard_timeout"); if (ptr == NULL) { - CONFIG_LOG_ERROR("config file missing session_manager.tcp_timeout_discard"); + CONFIG_LOG_ERROR("config file missing session_manager->tcp_discard_timeout"); return -1; } - opts->tcp_timeout_discard = atoll(ptr); + opts->tcp_discard_timeout = atoll(ptr); + + ptr = toml_raw_in(table, "tcp_unverified_rst_timeout"); + if (ptr == NULL) + { + CONFIG_LOG_ERROR("config file missing session_manager->tcp_unverified_rst_timeout"); + return -1; + } + opts->tcp_unverified_rst_timeout = atoll(ptr); // UDP timeout - ptr = toml_raw_in(session_manager, "udp_timeout_data"); + ptr = toml_raw_in(table, "udp_data_timeout"); if (ptr == NULL) { - CONFIG_LOG_ERROR("config file missing session_manager.udp_timeout_data"); + CONFIG_LOG_ERROR("config file missing session_manager->udp_data_timeout"); return -1; } - opts->udp_timeout_data = atoll(ptr); + opts->udp_data_timeout = atoll(ptr); // duplicate packet filter - ptr = toml_raw_in(session_manager, "duplicated_packet_filter_enable"); + ptr = toml_raw_in(table, "duplicated_packet_filter_enable"); if (ptr == NULL) { - CONFIG_LOG_ERROR("config file missing session_manager.duplicated_packet_filter_enable"); + CONFIG_LOG_ERROR("config file missing session_manager->duplicated_packet_filter_enable"); return -1; } opts->duplicated_packet_filter_enable = atoi(ptr); - ptr = toml_raw_in(session_manager, "duplicated_packet_filter_capacity"); + ptr = toml_raw_in(table, "duplicated_packet_filter_capacity"); if (ptr == NULL) { - CONFIG_LOG_ERROR("config file missing session_manager.duplicated_packet_filter_capacity"); + CONFIG_LOG_ERROR("config file missing session_manager->duplicated_packet_filter_capacity"); return -1; } opts->duplicated_packet_filter_capacity = atoi(ptr); - ptr = toml_raw_in(session_manager, "duplicated_packet_filter_timeout"); + ptr = toml_raw_in(table, "duplicated_packet_filter_timeout"); if (ptr == NULL) { - CONFIG_LOG_ERROR("config file missing session_manager.duplicated_packet_filter_timeout"); + CONFIG_LOG_ERROR("config file missing session_manager->duplicated_packet_filter_timeout"); return -1; } opts->duplicated_packet_filter_timeout = atoi(ptr); - ptr = toml_raw_in(session_manager, "duplicated_packet_filter_error_rate"); + ptr = toml_raw_in(table, "duplicated_packet_filter_error_rate"); if (ptr == NULL) { - CONFIG_LOG_ERROR("config file missing session_manager.duplicated_packet_filter_error_rate"); + CONFIG_LOG_ERROR("config file missing session_manager->duplicated_packet_filter_error_rate"); return -1; } opts->duplicated_packet_filter_error_rate = atof(ptr); - // eviction filter - ptr = toml_raw_in(session_manager, "evicted_session_filter_enable"); + // eviction session filter + ptr = toml_raw_in(table, "evicted_session_filter_enable"); if (ptr == NULL) { - CONFIG_LOG_ERROR("config file missing session_manager.evicted_session_filter_enable"); + CONFIG_LOG_ERROR("config file missing session_manager->evicted_session_filter_enable"); return -1; } opts->evicted_session_filter_enable = atoi(ptr); - ptr = toml_raw_in(session_manager, "evicted_session_filter_capacity"); + ptr = toml_raw_in(table, "evicted_session_filter_capacity"); if (ptr == NULL) { - CONFIG_LOG_ERROR("config file missing session_manager.evicted_session_filter_capacity"); + CONFIG_LOG_ERROR("config file missing session_manager->evicted_session_filter_capacity"); return -1; } opts->evicted_session_filter_capacity = atoi(ptr); - ptr = toml_raw_in(session_manager, "evicted_session_filter_timeout"); + ptr = toml_raw_in(table, "evicted_session_filter_timeout"); if (ptr == NULL) { - CONFIG_LOG_ERROR("config file missing session_manager.evicted_session_filter_timeout"); + CONFIG_LOG_ERROR("config file missing session_manager->evicted_session_filter_timeout"); return -1; } opts->evicted_session_filter_timeout = atoi(ptr); - ptr = toml_raw_in(session_manager, "evicted_session_filter_error_rate"); + ptr = toml_raw_in(table, "evicted_session_filter_error_rate"); if (ptr == NULL) { - CONFIG_LOG_ERROR("config file missing session_manager.evicted_session_filter_error_rate"); + CONFIG_LOG_ERROR("config file missing session_manager->evicted_session_filter_error_rate"); return -1; } opts->evicted_session_filter_error_rate = atof(ptr); // TCP reassembly - ptr = toml_raw_in(session_manager, "tcp_reassembly_enable"); + ptr = toml_raw_in(table, "tcp_reassembly_enable"); if (ptr == NULL) { - CONFIG_LOG_ERROR("config file missing session_manager.tcp_reassembly_enable"); + CONFIG_LOG_ERROR("config file missing session_manager->tcp_reassembly_enable"); return -1; } opts->tcp_reassembly_enable = atoi(ptr); - ptr = toml_raw_in(session_manager, "tcp_reassembly_max_timeout"); + ptr = toml_raw_in(table, "tcp_reassembly_max_timeout"); if (ptr == NULL) { - CONFIG_LOG_ERROR("config file missing session_manager.tcp_reassembly_max_timeout"); + CONFIG_LOG_ERROR("config file missing session_manager->tcp_reassembly_max_timeout"); return -1; } opts->tcp_reassembly_max_timeout = atoi(ptr); - ptr = toml_raw_in(session_manager, "tcp_reassembly_max_segments"); + ptr = toml_raw_in(table, "tcp_reassembly_max_segments"); if (ptr == NULL) { - CONFIG_LOG_ERROR("config file missing session_manager.tcp_reassembly_max_segments"); + CONFIG_LOG_ERROR("config file missing session_manager->tcp_reassembly_max_segments"); return -1; } opts->tcp_reassembly_max_segments = atoi(ptr); - ptr = toml_raw_in(session_manager, "tcp_reassembly_max_bytes"); + ptr = toml_raw_in(table, "tcp_reassembly_max_bytes"); if (ptr == NULL) { - CONFIG_LOG_ERROR("config file missing session_manager.tcp_reassembly_max_bytes"); + CONFIG_LOG_ERROR("config file missing session_manager->tcp_reassembly_max_bytes"); return -1; } opts->tcp_reassembly_max_bytes = atoi(ptr); @@ -401,7 +409,6 @@ int parse_config_file(const char *file, struct config *config) char errbuf[200]; FILE *fp = NULL; toml_table_t *table = NULL; - memset(config, 0, sizeof(*config)); fp = fopen(file, "r"); @@ -418,22 +425,22 @@ int parse_config_file(const char *file, struct config *config) goto error_out; } - if (parse_device_options(table, &config->dev_opts) != 0) + if (parse_device_section(table, &config->device_opts) != 0) { goto error_out; } - if (parse_packet_io_options(table, &config->pkt_io_opts) != 0) + if (parse_packet_io_section(table, &config->packet_io_opts) != 0) { goto error_out; } - if (parse_ip_reassembly_options(table, &config->ip_reass_opts) != 0) + if (parse_ip_reassembly_section(table, &config->ip_reassembly_opts) != 0) { goto error_out; } - if (parse_session_manager_options(table, &config->sess_mgr_opts) != 0) + if (parse_session_manager_section(table, &config->session_manager_opts) != 0) { goto error_out; } @@ -461,67 +468,71 @@ void print_config_options(struct config *config) return; } - struct device_options *dev_opts = &config->dev_opts; - struct packet_io_options *pkt_io_opts = &config->pkt_io_opts; - struct ip_reassembly_options *ip_reass_opts = &config->ip_reass_opts; - struct session_manager_options *sess_mgr_opts = &config->sess_mgr_opts; + struct device_options *device_opts = &config->device_opts; + struct packet_io_options *packet_io_opts = &config->packet_io_opts; + struct ip_reassembly_options *ip_reassembly_opts = &config->ip_reassembly_opts; + struct session_manager_options *session_manager_opts = &config->session_manager_opts; // device config - CONFIG_LOG_DEBUG("device->device_base : %d", dev_opts->device_base); - CONFIG_LOG_DEBUG("device->device_offset : %d", dev_opts->device_offset); + CONFIG_LOG_DEBUG("device->device_base : %d", device_opts->device_base); + CONFIG_LOG_DEBUG("device->device_offset : %d", device_opts->device_offset); // packet io config - CONFIG_LOG_DEBUG("packet_io->mode : %s", pkt_io_opts->mode == PACKET_IO_DUMPFILE ? "dumpfile" : "marsio"); - if (pkt_io_opts->mode == PACKET_IO_DUMPFILE) + CONFIG_LOG_DEBUG("packet_io->mode : %s", packet_io_opts->mode == PACKET_IO_DUMPFILE ? "dumpfile" : "marsio"); + if (packet_io_opts->mode == PACKET_IO_DUMPFILE) { - CONFIG_LOG_DEBUG("packet_io->dumpfile_dir : %s", pkt_io_opts->dumpfile_dir); + CONFIG_LOG_DEBUG("packet_io->dumpfile_dir : %s", packet_io_opts->dumpfile_dir); } else { - CONFIG_LOG_DEBUG("packet_io->app_symbol : %s", pkt_io_opts->app_symbol); - CONFIG_LOG_DEBUG("packet_io->dev_symbol : %s", pkt_io_opts->dev_symbol); + CONFIG_LOG_DEBUG("packet_io->app_symbol : %s", packet_io_opts->app_symbol); + CONFIG_LOG_DEBUG("packet_io->dev_symbol : %s", packet_io_opts->dev_symbol); } - CONFIG_LOG_DEBUG("packet_io->nr_threads : %d", pkt_io_opts->nr_threads); - for (uint8_t i = 0; i < pkt_io_opts->nr_threads; i++) + CONFIG_LOG_DEBUG("packet_io->nr_threads : %d", packet_io_opts->nr_threads); + for (uint8_t i = 0; i < packet_io_opts->nr_threads; i++) { - CONFIG_LOG_DEBUG("packet_io->cpu_mask[%03d] : %d", i, pkt_io_opts->cpu_mask[i]); + CONFIG_LOG_DEBUG("packet_io->cpu_mask[%03d] : %d", i, packet_io_opts->cpu_mask[i]); } // ip reassemble config - CONFIG_LOG_DEBUG("ip_reassembly->enable : %d", ip_reass_opts->enable); - CONFIG_LOG_DEBUG("ip_reassembly->timeout : %d", ip_reass_opts->timeout); - CONFIG_LOG_DEBUG("ip_reassembly->bucket_entries : %d", ip_reass_opts->bucket_entries); - CONFIG_LOG_DEBUG("ip_reassembly->bucket_num : %d", ip_reass_opts->bucket_num); + CONFIG_LOG_DEBUG("ip_reassembly->enable : %d", ip_reassembly_opts->enable); + CONFIG_LOG_DEBUG("ip_reassembly->timeout : %d", ip_reassembly_opts->timeout); + CONFIG_LOG_DEBUG("ip_reassembly->bucket_entries : %d", ip_reassembly_opts->bucket_entries); + CONFIG_LOG_DEBUG("ip_reassembly->bucket_num : %d", ip_reassembly_opts->bucket_num); - // session manager config - CONFIG_LOG_DEBUG("session_manager->max_tcp_session_num : %ld", sess_mgr_opts->max_tcp_session_num); - CONFIG_LOG_DEBUG("session_manager->max_udp_session_num : %ld", sess_mgr_opts->max_udp_session_num); + // session manager config -> max session number + CONFIG_LOG_DEBUG("session_manager->max_tcp_session_num : %ld", session_manager_opts->max_tcp_session_num); + CONFIG_LOG_DEBUG("session_manager->max_udp_session_num : %ld", session_manager_opts->max_udp_session_num); - CONFIG_LOG_DEBUG("session_manager->tcp_overload_evict_old_sess : %d", sess_mgr_opts->tcp_overload_evict_old_sess); - CONFIG_LOG_DEBUG("session_manager->udp_overload_evict_old_sess : %d", sess_mgr_opts->udp_overload_evict_old_sess); + // session manager config -> session overload evict + CONFIG_LOG_DEBUG("session_manager->tcp_overload_evict_old_sess : %d", session_manager_opts->tcp_overload_evict_old_sess); + CONFIG_LOG_DEBUG("session_manager->udp_overload_evict_old_sess : %d", session_manager_opts->udp_overload_evict_old_sess); - CONFIG_LOG_DEBUG("session_manager->tcp_timeout_init : %ld", sess_mgr_opts->tcp_timeout_init); - CONFIG_LOG_DEBUG("session_manager->tcp_timeout_handshake : %ld", sess_mgr_opts->tcp_timeout_handshake); - CONFIG_LOG_DEBUG("session_manager->tcp_timeout_data : %ld", sess_mgr_opts->tcp_timeout_data); - CONFIG_LOG_DEBUG("session_manager->tcp_timeout_half_closed : %ld", sess_mgr_opts->tcp_timeout_half_closed); - CONFIG_LOG_DEBUG("session_manager->tcp_timeout_time_wait : %ld", sess_mgr_opts->tcp_timeout_time_wait); - CONFIG_LOG_DEBUG("session_manager->tcp_timeout_discard : %ld", sess_mgr_opts->tcp_timeout_discard); + // session manager config -> session timeout + CONFIG_LOG_DEBUG("session_manager->tcp_init_timeout : %ld", session_manager_opts->tcp_init_timeout); + CONFIG_LOG_DEBUG("session_manager->tcp_handshake_timeout : %ld", session_manager_opts->tcp_handshake_timeout); + CONFIG_LOG_DEBUG("session_manager->tcp_data_timeout : %ld", session_manager_opts->tcp_data_timeout); + CONFIG_LOG_DEBUG("session_manager->tcp_half_closed_timeout : %ld", session_manager_opts->tcp_half_closed_timeout); + CONFIG_LOG_DEBUG("session_manager->tcp_time_wait_timeout : %ld", session_manager_opts->tcp_time_wait_timeout); + CONFIG_LOG_DEBUG("session_manager->tcp_discard_timeout : %ld", session_manager_opts->tcp_discard_timeout); + CONFIG_LOG_DEBUG("session_manager->tcp_unverified_rst_timeout : %ld", session_manager_opts->tcp_unverified_rst_timeout); + CONFIG_LOG_DEBUG("session_manager->udp_data_timeout : %ld", session_manager_opts->udp_data_timeout); - CONFIG_LOG_DEBUG("session_manager->udp_timeout_data : %ld", sess_mgr_opts->udp_timeout_data); + // session manager config -> duplicated packet filter + CONFIG_LOG_DEBUG("session_manager->duplicated_packet_filter_enable : %d", session_manager_opts->duplicated_packet_filter_enable); + CONFIG_LOG_DEBUG("session_manager->duplicated_packet_filter_capacity : %d", session_manager_opts->duplicated_packet_filter_capacity); + CONFIG_LOG_DEBUG("session_manager->duplicated_packet_filter_timeout : %d", session_manager_opts->duplicated_packet_filter_timeout); + CONFIG_LOG_DEBUG("session_manager->duplicated_packet_filter_error_rate : %f", session_manager_opts->duplicated_packet_filter_error_rate); - CONFIG_LOG_DEBUG("session_manager->duplicated_packet_filter_enable : %d", sess_mgr_opts->duplicated_packet_filter_enable); - CONFIG_LOG_DEBUG("session_manager->duplicated_packet_filter_capacity : %d", sess_mgr_opts->duplicated_packet_filter_capacity); - CONFIG_LOG_DEBUG("session_manager->duplicated_packet_filter_timeout : %d", sess_mgr_opts->duplicated_packet_filter_timeout); - CONFIG_LOG_DEBUG("session_manager->duplicated_packet_filter_error_rate : %f", sess_mgr_opts->duplicated_packet_filter_error_rate); + // session manager config -> evicted session filter + CONFIG_LOG_DEBUG("session_manager->evicted_session_filter_enable : %d", session_manager_opts->evicted_session_filter_enable); + CONFIG_LOG_DEBUG("session_manager->evicted_session_filter_capacity : %d", session_manager_opts->evicted_session_filter_capacity); + CONFIG_LOG_DEBUG("session_manager->evicted_session_filter_timeout : %d", session_manager_opts->evicted_session_filter_timeout); + CONFIG_LOG_DEBUG("session_manager->evicted_session_filter_error_rate : %f", session_manager_opts->evicted_session_filter_error_rate); - CONFIG_LOG_DEBUG("session_manager->evicted_session_filter_enable : %d", sess_mgr_opts->evicted_session_filter_enable); - CONFIG_LOG_DEBUG("session_manager->evicted_session_filter_capacity : %d", sess_mgr_opts->evicted_session_filter_capacity); - CONFIG_LOG_DEBUG("session_manager->evicted_session_filter_timeout : %d", sess_mgr_opts->evicted_session_filter_timeout); - CONFIG_LOG_DEBUG("session_manager->evicted_session_filter_error_rate : %f", sess_mgr_opts->evicted_session_filter_error_rate); - - // TCP reassembly - CONFIG_LOG_DEBUG("session_manager->tcp_reassembly_enable : %d", sess_mgr_opts->tcp_reassembly_enable); - CONFIG_LOG_DEBUG("session_manager->tcp_reassembly_max_timeout : %d", sess_mgr_opts->tcp_reassembly_max_timeout); - CONFIG_LOG_DEBUG("session_manager->tcp_reassembly_max_segments : %d", sess_mgr_opts->tcp_reassembly_max_segments); - CONFIG_LOG_DEBUG("session_manager->tcp_reassembly_max_bytes : %d", sess_mgr_opts->tcp_reassembly_max_bytes); + // session manager config -> TCP reassembly + CONFIG_LOG_DEBUG("session_manager->tcp_reassembly_enable : %d", session_manager_opts->tcp_reassembly_enable); + CONFIG_LOG_DEBUG("session_manager->tcp_reassembly_max_timeout : %d", session_manager_opts->tcp_reassembly_max_timeout); + CONFIG_LOG_DEBUG("session_manager->tcp_reassembly_max_segments : %d", session_manager_opts->tcp_reassembly_max_segments); + CONFIG_LOG_DEBUG("session_manager->tcp_reassembly_max_bytes : %d", session_manager_opts->tcp_reassembly_max_bytes); } diff --git a/src/config/config.h b/src/config/config.h index f1b78ae..2ef90af 100644 --- a/src/config/config.h +++ b/src/config/config.h @@ -21,10 +21,10 @@ struct device_options struct config { - struct device_options dev_opts; - struct packet_io_options pkt_io_opts; - struct ip_reassembly_options ip_reass_opts; - struct session_manager_options sess_mgr_opts; + struct device_options device_opts; + struct packet_io_options packet_io_opts; + struct ip_reassembly_options ip_reassembly_opts; + struct session_manager_options session_manager_opts; }; // return 0: success diff --git a/src/duplicated_packet_filter/duplicated_packet_filter.cpp b/src/duplicated_packet_filter/duplicated_packet_filter.cpp index db094ef..dfa217b 100644 --- a/src/duplicated_packet_filter/duplicated_packet_filter.cpp +++ b/src/duplicated_packet_filter/duplicated_packet_filter.cpp @@ -22,7 +22,7 @@ struct duplicated_packet_key struct duplicated_packet_filter { - struct duplicated_packet_filter_options opts; + uint8_t enable; struct expiry_dablooms_handle *dablooms; }; @@ -62,25 +62,65 @@ static inline int duplicated_packet_key_get(const struct packet *packet, struct return 0; } +static int check_options(const struct duplicated_packet_filter_options *opts) +{ + if (opts == NULL) + { + DUPLICATED_PACKET_FILTER_LOG_ERROR("invalid options"); + return -1; + } + + if (opts->enable == 0) + { + return 0; + } + + // UINT32_MAX = 4294967295 + if (opts->capacity == 0) + { + DUPLICATED_PACKET_FILTER_LOG_ERROR("invalid capacity: %u, supported range: [1, 4294967295]", opts->capacity); + return -1; + } + + if (opts->timeout < 1 || opts->timeout > 60000) + { + DUPLICATED_PACKET_FILTER_LOG_ERROR("invalid timeout: %u, supported range: [1, 60000]", opts->timeout); + return -1; + } + + if (opts->error_rate < 0.0 || opts->error_rate > 1.0) + { + DUPLICATED_PACKET_FILTER_LOG_ERROR("invalid error_rate: %f, supported range: [0.0, 1.0]", opts->error_rate); + return -1; + } + + return 0; +} + /****************************************************************************** * Public API ******************************************************************************/ struct duplicated_packet_filter *duplicated_packet_filter_new(const struct duplicated_packet_filter_options *opts, uint64_t now) { + if (check_options(opts) == -1) + { + return NULL; + } + struct duplicated_packet_filter *filter = (struct duplicated_packet_filter *)calloc(1, sizeof(struct duplicated_packet_filter)); if (filter == NULL) { return NULL; } - memcpy(&filter->opts, opts, sizeof(struct duplicated_packet_filter_options)); - if (filter->opts.enable == 0) + filter->enable = opts->enable; + if (filter->enable == 0) { return filter; } - filter->dablooms = expiry_dablooms_new(filter->opts.capacity, filter->opts.error_rate, now, filter->opts.timeout_sec); + filter->dablooms = expiry_dablooms_new(opts->capacity, opts->error_rate, now, opts->timeout); if (filter->dablooms == NULL) { free(filter); @@ -108,7 +148,7 @@ void duplicated_packet_filter_free(struct duplicated_packet_filter *filter) // reutrn 0: no found int duplicated_packet_filter_lookup(struct duplicated_packet_filter *filter, const struct packet *packet, uint64_t now) { - if (filter->opts.enable == 0) + if (filter->enable == 0) { return 0; } @@ -129,7 +169,7 @@ int duplicated_packet_filter_lookup(struct duplicated_packet_filter *filter, con void duplicated_packet_filter_add(struct duplicated_packet_filter *filter, const struct packet *packet, uint64_t now) { - if (filter->opts.enable == 0) + if (filter->enable == 0) { return; } diff --git a/src/duplicated_packet_filter/duplicated_packet_filter.h b/src/duplicated_packet_filter/duplicated_packet_filter.h index c567bee..04e3489 100644 --- a/src/duplicated_packet_filter/duplicated_packet_filter.h +++ b/src/duplicated_packet_filter/duplicated_packet_filter.h @@ -8,18 +8,20 @@ extern "C" // Duplicated Packet Filter for IPv4-Based TCP Packet +#include "log.h" #include "packet.h" +#define DUPLICATED_PACKET_FILTER_LOG_ERROR(format, ...) LOG_ERROR("duplicated packet filter", format, ##__VA_ARGS__) + struct duplicated_packet_filter_options { uint8_t enable; - uint32_t capacity; - uint32_t timeout_sec; - double error_rate; + uint32_t capacity; // range: [1, 4294967295] (UINT32_MAX = 4294967295) + uint32_t timeout; // range: [1, 60000] + double error_rate; // range: [0.0, 1.0] }; struct duplicated_packet_filter; - struct duplicated_packet_filter *duplicated_packet_filter_new(const struct duplicated_packet_filter_options *opts, uint64_t now); void duplicated_packet_filter_free(struct duplicated_packet_filter *filter); diff --git a/src/duplicated_packet_filter/test/gtest_duplicated_packet_filter.cpp b/src/duplicated_packet_filter/test/gtest_duplicated_packet_filter.cpp index bddec73..3c66126 100644 --- a/src/duplicated_packet_filter/test/gtest_duplicated_packet_filter.cpp +++ b/src/duplicated_packet_filter/test/gtest_duplicated_packet_filter.cpp @@ -67,7 +67,7 @@ unsigned char data[] = { struct duplicated_packet_filter_options opts = { .enable = 1, .capacity = 1000000, - .timeout_sec = 2, + .timeout = 2, .error_rate = 0.00001, }; diff --git a/src/evicted_session_filter/evicted_session_filter.cpp b/src/evicted_session_filter/evicted_session_filter.cpp index 6495b94..feebcc3 100644 --- a/src/evicted_session_filter/evicted_session_filter.cpp +++ b/src/evicted_session_filter/evicted_session_filter.cpp @@ -8,29 +8,73 @@ struct evicted_session_filter { - struct evicted_session_filter_options opts; + uint8_t enable; struct expiry_dablooms_handle *dablooms; }; +/****************************************************************************** + * Private API + ******************************************************************************/ + +static int check_options(const struct evicted_session_filter_options *opts) +{ + if (opts == NULL) + { + EVICTED_SESSION_FILTER_LOG_ERROR("invalid options"); + return -1; + } + + if (opts->enable == 0) + { + return 0; + } + + // UINT32_MAX = 4294967295 + if (opts->capacity == 0) + { + EVICTED_SESSION_FILTER_LOG_ERROR("invalid capacity: %u, supported range: [1, 4294967295]", opts->capacity); + return -1; + } + + if (opts->timeout < 1 || opts->timeout > 60000) + { + EVICTED_SESSION_FILTER_LOG_ERROR("invalid timeout: %u, supported range: [1, 60000]", opts->timeout); + return -1; + } + + if (opts->error_rate < 0.0 || opts->error_rate > 1.0) + { + EVICTED_SESSION_FILTER_LOG_ERROR("invalid error_rate: %f, supported range: [0.0, 1.0]", opts->error_rate); + return -1; + } + + return 0; +} + /****************************************************************************** * Public API ******************************************************************************/ struct evicted_session_filter *evicted_session_filter_new(const struct evicted_session_filter_options *opts, uint64_t now) { + if (check_options(opts) == -1) + { + return NULL; + } + struct evicted_session_filter *filter = (struct evicted_session_filter *)calloc(1, sizeof(struct evicted_session_filter)); if (filter == NULL) { return NULL; } - memcpy(&filter->opts, opts, sizeof(struct evicted_session_filter_options)); - if (filter->opts.enable == 0) + filter->enable = opts->enable; + if (filter->enable == 0) { return filter; } - filter->dablooms = expiry_dablooms_new(filter->opts.capacity, filter->opts.error_rate, now, filter->opts.timeout_sec); + filter->dablooms = expiry_dablooms_new(opts->capacity, opts->error_rate, now, opts->timeout); if (filter->dablooms == NULL) { free(filter); @@ -58,7 +102,7 @@ void evicted_session_filter_free(struct evicted_session_filter *filter) // reutrn 0: no found int evicted_session_filter_lookup(struct evicted_session_filter *filter, const struct tuple6 *key, uint64_t now) { - if (filter->opts.enable == 0) + if (filter->enable == 0) { return 0; } @@ -73,7 +117,7 @@ int evicted_session_filter_lookup(struct evicted_session_filter *filter, const s void evicted_session_filter_add(struct evicted_session_filter *filter, const struct tuple6 *key, uint64_t now) { - if (filter->opts.enable == 0) + if (filter->enable == 0) { return; } diff --git a/src/evicted_session_filter/evicted_session_filter.h b/src/evicted_session_filter/evicted_session_filter.h index e9ef457..a80fd70 100644 --- a/src/evicted_session_filter/evicted_session_filter.h +++ b/src/evicted_session_filter/evicted_session_filter.h @@ -6,14 +6,17 @@ extern "C" { #endif +#include "log.h" #include "tuple.h" +#define EVICTED_SESSION_FILTER_LOG_ERROR(format, ...) LOG_ERROR("evicted session filter", format, ##__VA_ARGS__) + struct evicted_session_filter_options { uint8_t enable; - uint32_t capacity; - uint32_t timeout_sec; - double error_rate; + uint32_t capacity; // range: [1, 4294967295] (UINT32_MAX = 4294967295) + uint32_t timeout; // range: [1, 60000] + double error_rate; // range: [0.0, 1.0] }; struct evicted_session_filter *evicted_session_filter_new(const struct evicted_session_filter_options *opts, uint64_t now); diff --git a/src/evicted_session_filter/test/gtest_evicted_session_filter.cpp b/src/evicted_session_filter/test/gtest_evicted_session_filter.cpp index d417c12..02b98fc 100644 --- a/src/evicted_session_filter/test/gtest_evicted_session_filter.cpp +++ b/src/evicted_session_filter/test/gtest_evicted_session_filter.cpp @@ -5,7 +5,7 @@ struct evicted_session_filter_options opts = { .enable = 1, .capacity = 1000000, - .timeout_sec = 2, + .timeout = 2, .error_rate = 0.00001, }; diff --git a/src/ip_reassembly/ip_reassembly.cpp b/src/ip_reassembly/ip_reassembly.cpp index 2213546..762e07e 100644 --- a/src/ip_reassembly/ip_reassembly.cpp +++ b/src/ip_reassembly/ip_reassembly.cpp @@ -112,7 +112,6 @@ struct ip_reassembly bool enable; uint32_t timeout; uint32_t bucket_entries; - uint32_t bucket_num; // runtime uint32_t entry_used; @@ -187,7 +186,7 @@ static inline int is_power_of_2(uint32_t n) return n && !(n & (n - 1)); } -static inline int ip_reassembly_check_options(const struct ip_reassembly_options *opts) +static int check_options(const struct ip_reassembly_options *opts) { if (opts == NULL) { @@ -197,21 +196,21 @@ static inline int ip_reassembly_check_options(const struct ip_reassembly_options if (opts->enable) { - if (opts->timeout == 0) + if (opts->timeout < 1 || opts->timeout > 60000) { - IP_REASSEMBLE_DEBUG("invalid timeout"); + IP_REASSEMBLE_DEBUG("invalid timeout: %u, supported range: [1, 60000]", opts->timeout); return -1; } - if (opts->bucket_entries == 0 || is_power_of_2(opts->bucket_entries) == 0) + if (opts->bucket_entries < 1 || opts->bucket_entries > 256 || is_power_of_2(opts->bucket_entries) == 0) { - IP_REASSEMBLE_DEBUG("invalid bucket entries, must be power of 2"); + IP_REASSEMBLE_DEBUG("invalid bucket_entries: %u, supported range: [1, 256] (must be power of 2)", opts->bucket_entries); return -1; } if (opts->bucket_num == 0) { - IP_REASSEMBLE_DEBUG("invalid bucket num"); + IP_REASSEMBLE_DEBUG("invalid bucket_num: %u, supported range: [1, 4294967295]", opts->bucket_num); return -1; } } @@ -751,7 +750,7 @@ error_out_overlap: struct ip_reassembly *ip_reassembly_new(const struct ip_reassembly_options *opts) { - if (ip_reassembly_check_options(opts) != 0) + if (check_options(opts) == -1) { return NULL; } @@ -765,14 +764,13 @@ struct ip_reassembly *ip_reassembly_new(const struct ip_reassembly_options *opts assy->enable = opts->enable; assy->timeout = opts->timeout; assy->bucket_entries = opts->bucket_entries; - assy->bucket_num = opts->bucket_num; if (!assy->enable) { return assy; } - uint64_t entry_total = align32pow2(assy->bucket_num) * assy->bucket_entries * IP_FRAG_HASH_FNUM; + uint64_t entry_total = align32pow2(opts->bucket_num) * assy->bucket_entries * IP_FRAG_HASH_FNUM; if (entry_total > UINT32_MAX) { IP_REASSEMBLE_ERROR("bucket_num * bucket_entries is too large"); diff --git a/src/ip_reassembly/ip_reassembly.h b/src/ip_reassembly/ip_reassembly.h index a0e8d87..92bb8bc 100644 --- a/src/ip_reassembly/ip_reassembly.h +++ b/src/ip_reassembly/ip_reassembly.h @@ -14,11 +14,10 @@ extern "C" struct ip_reassembly_options { - bool enable; - - uint32_t timeout; - uint32_t bucket_entries; - uint32_t bucket_num; + uint8_t enable; + uint32_t timeout; // range: [1, 60000] + uint32_t bucket_entries; // range: [1, 256] (must be power of 2) + uint32_t bucket_num; // range: [1, 4294967295] }; struct ip_reassembly_stat diff --git a/src/session/session.cpp b/src/session/session.cpp index 4a303be..b54bda2 100644 --- a/src/session/session.cpp +++ b/src/session/session.cpp @@ -240,6 +240,99 @@ enum session_dir session_get_cur_dir(const struct session *sess) * session tcp reassembly ******************************************************************************/ +int session_new_tcp_reassembly(struct session *sess, struct tcp_reassembly_options *opts) +{ + sess->c2s_reassembly = tcp_reassembly_new(opts); + if (sess->c2s_reassembly == NULL) + { + return -1; + } + sess->s2c_reassembly = tcp_reassembly_new(opts); + if (sess->s2c_reassembly == NULL) + { + tcp_reassembly_free(sess->c2s_reassembly); + return -1; + } + + return 0; +} + +void session_free_tcp_reassembly(struct session *sess) +{ + tcp_reassembly_free(sess->c2s_reassembly); + tcp_reassembly_free(sess->s2c_reassembly); +} + +void session_init_tcp_seq(struct session *sess, uint32_t syn_seq) +{ + if (sess->type != SESSION_TYPE_TCP) + { + assert(0); + return; + } + + if (sess->cur_dir == SESSION_DIR_C2S) + { + sess->c2s_seq = syn_seq; + tcp_reassembly_init(sess->c2s_reassembly, syn_seq); + } + else + { + sess->s2c_seq = syn_seq; + tcp_reassembly_init(sess->s2c_reassembly, syn_seq); + } +} + +void session_set_tcp_seq_ack(struct session *sess, uint32_t seq, uint32_t ack) +{ + if (sess->type != SESSION_TYPE_TCP) + { + assert(0); + return; + } + + if (sess->cur_dir == SESSION_DIR_C2S) + { + sess->c2s_seq = seq; + sess->c2s_ack = ack; + } + else + { + sess->s2c_seq = seq; + sess->s2c_ack = ack; + } +} + +void session_insert_tcp_payload(struct session *sess, uint32_t seq, const char *payload, uint32_t len, uint64_t now) +{ + if (sess->type != SESSION_TYPE_TCP) + { + assert(0); + return; + } + + if (sess->cur_dir == SESSION_DIR_C2S) + { + tcp_reassembly_insert(sess->c2s_reassembly, seq, payload, len, now); + } + else + { + tcp_reassembly_insert(sess->s2c_reassembly, seq, payload, len, now); + } +} + +void session_expire_tcp_payload(struct session *sess, uint64_t now) +{ + if (sess->type != SESSION_TYPE_TCP) + { + assert(0); + return; + } + + tcp_reassembly_expire(sess->c2s_reassembly, now); + tcp_reassembly_expire(sess->s2c_reassembly, now); +} + const char *session_peek_tcp_payload(struct session *sess, uint32_t *len) { if (sess->type != SESSION_TYPE_TCP) diff --git a/src/session/session.h b/src/session/session.h index b51bdc0..0f1f5fd 100644 --- a/src/session/session.h +++ b/src/session/session.h @@ -125,6 +125,12 @@ enum session_dir session_get_cur_dir(const struct session *sess); * session tcp reassembly ******************************************************************************/ +int session_new_tcp_reassembly(struct session *sess, struct tcp_reassembly_options *opts); +void session_free_tcp_reassembly(struct session *sess); +void session_init_tcp_seq(struct session *sess, uint32_t syn_seq); +void session_set_tcp_seq_ack(struct session *sess, uint32_t seq, uint32_t ack); +void session_insert_tcp_payload(struct session *sess, uint32_t offset, const char *payload, uint32_t len, uint64_t now); +void session_expire_tcp_payload(struct session *sess, uint64_t now); const char *session_peek_tcp_payload(struct session *sess, uint32_t *len); void session_consume_tcp_payload(struct session *sess, uint32_t len); diff --git a/src/session/session_manager.cpp b/src/session/session_manager.cpp index f2add1a..82d9fff 100644 --- a/src/session/session_manager.cpp +++ b/src/session/session_manager.cpp @@ -17,6 +17,25 @@ struct session_manager { + // max session number + uint64_t max_tcp_session_num; + uint64_t max_udp_session_num; + // session overload + uint8_t tcp_overload_evict_old_sess; // 1: evict old session, 0: bypass new session + uint8_t udp_overload_evict_old_sess; // 1: evict old session, 0: bypass new session + // TCP timeout + uint64_t tcp_init_timeout; // range: [1, 60000] + uint64_t tcp_handshake_timeout; // range: [1, 60000] + uint64_t tcp_data_timeout; // range: [1, 15999999000] + uint64_t tcp_half_closed_timeout; // range: [1, 604800000] + uint64_t tcp_time_wait_timeout; // range: [1, 600000] + uint64_t tcp_discard_timeout; // range: [1, 15999999000] + uint64_t tcp_unverified_rst_timeout; // range: [1, 600000] + // UDP timeout + uint64_t udp_data_timeout; // range: [1, 15999999000] + + struct tcp_reassembly_options tcp_reassembly_opts; + struct session_pool *sess_pool; struct session_table *tcp_sess_table; struct session_table *udp_sess_table; @@ -26,146 +45,123 @@ struct session_manager struct duplicated_packet_filter *dup_pkt_filter; struct evicted_session_filter *evicte_sess_filter; - struct session_manager_options opts; struct session_manager_stat stat; }; #define EVICTE_SESSION_BURST (RX_BURST_MAX) -struct tcp_reassembly_options tcp_reassembly_opts = {0}; +enum tcp_flags +{ + SYN_RECV = 1 << 0, + SYN_ACK_RECV = 1 << 1, -/****************************************************************************** - * Options - ******************************************************************************/ + C2S_FIN_RECV = 1 << 2, + S2C_FIN_RECV = 1 << 3, -static int check_options(struct session_manager_options *opts) + C2S_RST_RECV = 1 << 4, + S2C_RST_RECV = 1 << 5, + + C2S_UNVERIFIED_RST_RECV = 1 << 6, + S2C_UNVERIFIED_RST_RECV = 1 << 7, +}; + +// TODO +uint8_t tcp_flags_idx = 0; + +static uint64_t tcp_flags_update(struct session *sess, uint8_t flags) +{ + enum session_dir dir = session_get_cur_dir(sess); + uint64_t history = (uint64_t)session_get0_ex_data(sess, tcp_flags_idx); + + if (flags & TH_SYN) + { + history |= (flags & TH_ACK) ? SYN_ACK_RECV : SYN_RECV; + } + + if (flags & TH_FIN) + { + history |= (dir == SESSION_DIR_C2S ? C2S_FIN_RECV : S2C_FIN_RECV); + } + + if (flags & TH_RST) + { + /* + * https://www.rfc-editor.org/rfc/rfc5961#section-3.2 + * + * If the RST bit is set and the sequence number exactly matches the + * next expected sequence number (RCV.NXT), then TCP MUST reset the + * connection. + */ + uint16_t curr_seq = (dir == SESSION_DIR_C2S ? sess->c2s_seq : sess->s2c_seq); + uint16_t expect_seq = (dir == SESSION_DIR_C2S ? sess->s2c_ack : sess->c2s_ack); + // if fin is received, the expected sequence number should be increased by 1 + expect_seq += (dir == SESSION_DIR_C2S ? (flags & S2C_FIN_RECV ? 1 : 0) : (flags & C2S_FIN_RECV ? 1 : 0)); + + if (curr_seq == expect_seq) + { + history |= (dir == SESSION_DIR_C2S ? C2S_RST_RECV : S2C_RST_RECV); + } + // RST is unverified if the sequence number is not as expected + else + { + history |= (dir == SESSION_DIR_C2S ? C2S_UNVERIFIED_RST_RECV : S2C_UNVERIFIED_RST_RECV); + } + } + + session_set_ex_data(sess, tcp_flags_idx, (void *)history); + + return history; +} + +// TODO +int check_options(const struct session_manager_options *opts) { if (opts == NULL) { SESSION_LOG_ERROR("invalid options"); return -1; } - // max session number - if (opts->max_tcp_session_num < EVICTE_SESSION_BURST * 2) + + if (opts->tcp_init_timeout < 1 || opts->tcp_init_timeout > 60000) { - SESSION_LOG_ERROR("invalid max tcp session number, must be greater than %d", EVICTE_SESSION_BURST * 2); + SESSION_LOG_ERROR("invalid tcp_init_timeout: %lu, supported range: [1, 60000]", opts->tcp_init_timeout); return -1; } - if (opts->max_udp_session_num < EVICTE_SESSION_BURST * 2) + if (opts->tcp_handshake_timeout < 1 || opts->tcp_handshake_timeout > 60000) { - SESSION_LOG_ERROR("invalid max udp session number, must be greater than %d", EVICTE_SESSION_BURST * 2); + SESSION_LOG_ERROR("invalid tcp_handshake_timeout: %lu, supported range: [1, 60000]", opts->tcp_handshake_timeout); return -1; } - // session overload - if (opts->tcp_overload_evict_old_sess != 0 && opts->tcp_overload_evict_old_sess != 1) + if (opts->tcp_data_timeout < 1 || opts->tcp_data_timeout > 15999999000) { - SESSION_LOG_ERROR("invalid tcp overload evict old session, support range: 0-1"); + SESSION_LOG_ERROR("invalid tcp_data_timeout: %lu, supported range: [1, 15999999000]", opts->tcp_data_timeout); return -1; } - if (opts->udp_overload_evict_old_sess != 0 && opts->udp_overload_evict_old_sess != 1) + if (opts->tcp_half_closed_timeout < 1 || opts->tcp_half_closed_timeout > 604800000) { - SESSION_LOG_ERROR("invalid udp overload evict old session, support range: 0-1"); + SESSION_LOG_ERROR("invalid tcp_half_closed_timeout: %lu, supported range: [1, 604800000]", opts->tcp_half_closed_timeout); return -1; } - // TCP timeout opts - if (opts->tcp_timeout_init < 1 || opts->tcp_timeout_init > 60000) + if (opts->tcp_time_wait_timeout < 1 || opts->tcp_time_wait_timeout > 600000) { - SESSION_LOG_ERROR("invalid tcp timeout init, support range: 1-60,000"); + SESSION_LOG_ERROR("invalid tcp_time_wait_timeout: %lu, supported range: [1, 600000]", opts->tcp_time_wait_timeout); return -1; } - if (opts->tcp_timeout_handshake < 1 || opts->tcp_timeout_handshake > 60000) + if (opts->tcp_discard_timeout < 1 || opts->tcp_discard_timeout > 15999999000) { - SESSION_LOG_ERROR("invalid tcp timeout handshake, support range: 1-60,000"); + SESSION_LOG_ERROR("invalid tcp_discard_timeout: %lu, supported range: [1, 15999999000]", opts->tcp_discard_timeout); return -1; } - if (opts->tcp_timeout_data < 1 || opts->tcp_timeout_data > 15999999000) + if (opts->tcp_unverified_rst_timeout < 1 || opts->tcp_unverified_rst_timeout > 600000) { - SESSION_LOG_ERROR("invalid tcp timeout data, support range: 1-15,999,999,000"); + SESSION_LOG_ERROR("invalid tcp_unverified_rst_timeout: %lu, supported range: [1, 600000]", opts->tcp_unverified_rst_timeout); return -1; } - if (opts->tcp_timeout_half_closed < 1 || opts->tcp_timeout_half_closed > 604800000) + if (opts->udp_data_timeout < 1 || opts->udp_data_timeout > 15999999000) { - SESSION_LOG_ERROR("invalid tcp timeout half closed, support range: 1-604,800,000"); + SESSION_LOG_ERROR("invalid udp_data_timeout: %lu, supported range: [1, 15999999000]", opts->udp_data_timeout); return -1; } - if (opts->tcp_timeout_time_wait < 1 || opts->tcp_timeout_time_wait > 600000) - { - SESSION_LOG_ERROR("invalid tcp timeout time wait, support range: 1-600,000"); - return -1; - } - if (opts->tcp_timeout_discard < 1 || opts->tcp_timeout_discard > 15999999000) - { - SESSION_LOG_ERROR("invalid tcp timeout discard, support range: 1-15,999,999,000"); - return -1; - } - // UDP timeout opts - if (opts->udp_timeout_data < 1 || opts->udp_timeout_data > 15999999000) - { - SESSION_LOG_ERROR("invalid udp timeout data, support range: 1-15,999,999,000"); - return -1; - } - // duplicate packet filter opts - if (opts->duplicated_packet_filter_enable != 0 && opts->duplicated_packet_filter_enable != 1) - { - SESSION_LOG_ERROR("invalid duplicate packet filter enable, support range: 0-1"); - return -1; - } - if (opts->duplicated_packet_filter_enable) - { - if (opts->duplicated_packet_filter_capacity == 0) - { - SESSION_LOG_ERROR("invalid duplicate packet filter capacity"); - return -1; - } - if (opts->duplicated_packet_filter_timeout < 1 || opts->duplicated_packet_filter_timeout > 60000) - { - SESSION_LOG_ERROR("invalid duplicate packet filter timeout, support range: 1-60,000"); - return -1; - } - if (opts->duplicated_packet_filter_error_rate < 0 || opts->duplicated_packet_filter_error_rate > 1) - { - SESSION_LOG_ERROR("invalid duplicate packet filter error rate, support range: 0-1"); - return -1; - } - } - // eviction filter opts - if (opts->evicted_session_filter_enable != 0 && opts->evicted_session_filter_enable != 1) - { - SESSION_LOG_ERROR("invalid eviction filter enable, support range: 0-1"); - return -1; - } - if (opts->evicted_session_filter_enable) - { - if (opts->evicted_session_filter_capacity == 0) - { - SESSION_LOG_ERROR("invalid eviction filter capacity"); - return -1; - } - if (opts->evicted_session_filter_timeout < 1 || opts->evicted_session_filter_timeout > 60000) - { - SESSION_LOG_ERROR("invalid eviction filter timeout, support range: 1-60,000"); - return -1; - } - if (opts->evicted_session_filter_error_rate < 0 || opts->evicted_session_filter_error_rate > 1) - { - SESSION_LOG_ERROR("invalid eviction filter error rate, support range: 0-1"); - return -1; - } - } - // TCP reassembly opts - if (opts->tcp_reassembly_enable != 0 && opts->tcp_reassembly_enable != 1) - { - SESSION_LOG_ERROR("invalid tcp reassembly enable, support range: 0-1"); - return -1; - } - if (opts->tcp_reassembly_enable) - { - if (opts->tcp_reassembly_max_timeout < 1 || opts->tcp_reassembly_max_timeout > 60000) - { - SESSION_LOG_ERROR("invalid tcp reassembly max timeout, support range: 1-60,000"); - return -1; - } - } return 0; } @@ -298,12 +294,11 @@ typedef int filter(struct session_manager *mgr, struct session *sess, const stru // on pre new session static int session_manager_self_protection(struct session_manager *mgr, struct session *sess, const struct packet *pkt, const struct tuple6 *key, uint64_t now) { - struct session_manager_options *opts = &mgr->opts; struct session_manager_stat *stat = &mgr->stat; switch (key->ip_proto) { case IPPROTO_TCP: - if (stat->tcp_sess.nr_sess_used >= opts->max_tcp_session_num) + if (stat->tcp_sess.nr_sess_used >= mgr->max_tcp_session_num) { stat->evc_pkt.nr_pkts++; stat->evc_pkt.nr_bytes += packet_get_len(pkt); @@ -312,7 +307,7 @@ static int session_manager_self_protection(struct session_manager *mgr, struct s } break; case IPPROTO_UDP: - if (stat->udp_sess.nr_sess_used >= opts->max_udp_session_num) + if (stat->udp_sess.nr_sess_used >= mgr->max_udp_session_num) { stat->evc_pkt.nr_pkts++; stat->evc_pkt.nr_bytes += packet_get_len(pkt); @@ -495,16 +490,16 @@ static void session_manager_evicte_session(struct session_manager *mgr, struct s static struct session *session_manager_new_tcp_session(struct session_manager *mgr, const struct packet *pkt, const struct tuple6 *key, uint64_t now) { - struct session_manager_options *opts = &mgr->opts; const struct layer *tcp_layer = packet_get_innermost_layer(pkt, LAYER_TYPE_TCP); const struct tcphdr *hdr = (const struct tcphdr *)tcp_layer->hdr_ptr; - if (!tcp_hdr_get_syn_flag(hdr)) + uint8_t flags = tcp_hdr_get_flags(hdr); + if (!(flags & TH_SYN)) { return NULL; } // tcp table full evict old session - if (opts->tcp_overload_evict_old_sess && mgr->stat.tcp_sess.nr_sess_used >= opts->max_tcp_session_num - EVICTE_SESSION_BURST) + if (mgr->tcp_overload_evict_old_sess && mgr->stat.tcp_sess.nr_sess_used >= mgr->max_tcp_session_num - EVICTE_SESSION_BURST) { struct session *evic_sess = session_table_find_lru(mgr->tcp_sess_table); session_manager_evicte_session(mgr, evic_sess, now); @@ -518,9 +513,7 @@ static struct session *session_manager_new_tcp_session(struct session_manager *m } session_init(sess); session_set_id(sess, id_generator_alloc()); - sess->c2s_reassembly = tcp_reassembly_new(&tcp_reassembly_opts); - sess->s2c_reassembly = tcp_reassembly_new(&tcp_reassembly_opts); - if (sess->c2s_reassembly == NULL || sess->s2c_reassembly == NULL) + if (session_new_tcp_reassembly(sess, &mgr->tcp_reassembly_opts) == -1) { assert(0); session_pool_push(mgr->sess_pool, sess); @@ -535,14 +528,11 @@ static struct session *session_manager_new_tcp_session(struct session_manager *m session_transition_log(sess, SESSION_STATE_INIT, next_state, TCP_SYN); session_stat_inc(&mgr->stat.tcp_sess, next_state); - tcp_reassembly_init(dir == SESSION_DIR_C2S ? sess->c2s_reassembly : sess->s2c_reassembly, tcp_hdr_get_seq(hdr)); - if (tcp_layer->pld_len) - { - tcp_reassembly_insert(dir == SESSION_DIR_C2S ? sess->c2s_reassembly : sess->s2c_reassembly, - tcp_hdr_get_seq(hdr), tcp_layer->pld_ptr, tcp_layer->pld_len, now); - } + session_init_tcp_seq(sess, tcp_hdr_get_seq(hdr)); + session_set_tcp_seq_ack(sess, tcp_hdr_get_seq(hdr), tcp_hdr_get_ack(hdr)); + session_insert_tcp_payload(sess, tcp_hdr_get_seq(hdr), tcp_layer->pld_ptr, tcp_layer->pld_len, now); - uint64_t timeout = tcp_hdr_get_ack_flag(hdr) ? opts->tcp_timeout_handshake : opts->tcp_timeout_init; + uint64_t timeout = (flags & TH_ACK) ? mgr->tcp_handshake_timeout : mgr->tcp_init_timeout; timer_update(mgr->sess_timer, sess, now + timeout); session_table_add(mgr->tcp_sess_table, key, sess); @@ -553,10 +543,8 @@ static struct session *session_manager_new_tcp_session(struct session_manager *m static struct session *session_manager_new_udp_session(struct session_manager *mgr, const struct packet *pkt, const struct tuple6 *key, uint64_t now) { - struct session_manager_options *opts = &mgr->opts; - // udp table full evict old session - if (opts->udp_overload_evict_old_sess && mgr->stat.udp_sess.nr_sess_used >= opts->max_udp_session_num - EVICTE_SESSION_BURST) + if (mgr->udp_overload_evict_old_sess && mgr->stat.udp_sess.nr_sess_used >= mgr->max_udp_session_num - EVICTE_SESSION_BURST) { struct session *evic_sess = session_table_find_lru(mgr->udp_sess_table); session_manager_evicte_session(mgr, evic_sess, now); @@ -578,7 +566,7 @@ static struct session *session_manager_new_udp_session(struct session_manager *m session_transition_log(sess, SESSION_STATE_INIT, next_state, UDP_DATA); session_stat_inc(&mgr->stat.udp_sess, next_state); - timer_update(mgr->sess_timer, sess, now + opts->udp_timeout_data); + timer_update(mgr->sess_timer, sess, now + mgr->udp_data_timeout); session_table_add(mgr->udp_sess_table, key, sess); return sess; @@ -586,13 +574,13 @@ static struct session *session_manager_new_udp_session(struct session_manager *m static int session_manager_update_tcp_session(struct session_manager *mgr, struct session *sess, const struct packet *pkt, const struct tuple6 *key, uint64_t now) { - struct session_manager_options *opts = &mgr->opts; const struct layer *tcp_layer = packet_get_innermost_layer(pkt, LAYER_TYPE_TCP); const struct tcphdr *hdr = (const struct tcphdr *)tcp_layer->hdr_ptr; enum session_dir dir = identify_direction_by_history(sess, key); - int inputs = tcp_hdr_get_syn_flag(hdr) ? TCP_SYN : NONE; - inputs |= tcp_hdr_get_fin_flag(hdr) ? TCP_FIN : NONE; - inputs |= tcp_hdr_get_rst_flag(hdr) ? TCP_RST : NONE; + uint8_t flags = tcp_hdr_get_flags(hdr); + int inputs = (flags & TH_SYN) ? TCP_SYN : NONE; + inputs |= (flags & TH_FIN) ? TCP_FIN : NONE; + inputs |= (flags & TH_RST) ? TCP_RST : NONE; inputs |= tcp_layer->pld_len ? TCP_DATA : NONE; enum session_state curr_state = session_get_state(sess); enum session_state next_state = session_transition_run(curr_state, inputs); @@ -602,41 +590,12 @@ static int session_manager_update_tcp_session(struct session_manager *mgr, struc if (tcp_hdr_get_syn_flag(hdr)) { - tcp_reassembly_init(dir == SESSION_DIR_C2S ? sess->c2s_reassembly : sess->s2c_reassembly, tcp_hdr_get_seq(hdr)); - } - tcp_reassembly_expire(sess->c2s_reassembly, now); - tcp_reassembly_expire(sess->s2c_reassembly, now); - if (tcp_layer->pld_len) - { - tcp_reassembly_insert(dir == SESSION_DIR_C2S ? sess->c2s_reassembly : sess->s2c_reassembly, - tcp_hdr_get_seq(hdr), tcp_layer->pld_ptr, tcp_layer->pld_len, now); + session_init_tcp_seq(sess, tcp_hdr_get_seq(hdr)); } - // select next timeout - uint64_t timeout = 0; - switch (next_state) - { - case SESSION_STATE_OPENING: - if (tcp_hdr_get_syn_flag(hdr)) - { - timeout = tcp_hdr_get_ack_flag(hdr) ? opts->tcp_timeout_handshake : opts->tcp_timeout_init; - } - else - { - timeout = opts->tcp_timeout_data; - } - break; - case SESSION_STATE_ACTIVE: - timeout = opts->tcp_timeout_data; - break; - case SESSION_STATE_CLOSING: - timeout = opts->tcp_timeout_time_wait; - break; - default: - assert(0); - break; - } - timer_update(mgr->sess_timer, sess, now + timeout); + session_set_tcp_seq_ack(sess, tcp_hdr_get_seq(hdr), tcp_hdr_get_ack(hdr)); + session_expire_tcp_payload(sess, now); + session_insert_tcp_payload(sess, tcp_hdr_get_seq(hdr), tcp_layer->pld_ptr, tcp_layer->pld_len, now); // set closing reason if (next_state == SESSION_STATE_CLOSING && !session_get_closing_reason(sess)) @@ -651,19 +610,59 @@ static int session_manager_update_tcp_session(struct session_manager *mgr, struc } } + uint64_t history = tcp_flags_update(sess, flags); + + uint64_t timeout = 0; + switch (next_state) + { + case SESSION_STATE_OPENING: + if (flags & TH_SYN) + { + timeout = (flags & TH_ACK) ? mgr->tcp_handshake_timeout : mgr->tcp_init_timeout; + } + else + { + timeout = mgr->tcp_data_timeout; + } + break; + case SESSION_STATE_ACTIVE: + timeout = mgr->tcp_data_timeout; + break; + case SESSION_STATE_CLOSING: + if (flags & TH_FIN) + { + timeout = (history & C2S_FIN_RECV && history & S2C_FIN_RECV) ? mgr->tcp_half_closed_timeout : mgr->tcp_time_wait_timeout; + } + else if (flags & TH_RST) + { + timeout = (history & C2S_RST_RECV || history & S2C_RST_RECV) ? mgr->tcp_time_wait_timeout : mgr->tcp_unverified_rst_timeout; + } + else + { + timeout = mgr->tcp_data_timeout; + } + break; + case SESSION_STATE_DISCARD: + timeout = mgr->tcp_discard_timeout; + break; + default: + assert(0); + break; + } + timer_update(mgr->sess_timer, sess, now + timeout); + return 0; } static int session_manager_update_udp_session(struct session_manager *mgr, struct session *sess, const struct packet *pkt, const struct tuple6 *key, uint64_t now) { - struct session_manager_options *opts = &mgr->opts; enum session_dir dir = identify_direction_by_history(sess, key); enum session_state curr_state = session_get_state(sess); enum session_state next_state = session_transition_run(curr_state, UDP_DATA); session_update(sess, next_state, pkt, key, dir, now); session_transition_log(sess, curr_state, next_state, UDP_DATA); session_stat_update(mgr, sess, curr_state, next_state); - timer_update(mgr->sess_timer, sess, now + opts->udp_timeout_data); + timer_update(mgr->sess_timer, sess, now + mgr->udp_data_timeout); return 0; } @@ -678,46 +677,66 @@ struct session_manager *session_manager_new(struct session_manager_options *opts { return NULL; } + struct session_manager *mgr = (struct session_manager *)calloc(1, sizeof(struct session_manager)); if (mgr == NULL) { return NULL; } - - memcpy(&mgr->opts, opts, sizeof(struct session_manager_options)); - struct duplicated_packet_filter_options dup_pkt_opts = { + // max session number + mgr->max_tcp_session_num = (opts->max_tcp_session_num < EVICTE_SESSION_BURST * 2) ? EVICTE_SESSION_BURST * 2 : opts->max_tcp_session_num; + mgr->max_udp_session_num = (opts->max_udp_session_num < EVICTE_SESSION_BURST * 2) ? EVICTE_SESSION_BURST * 2 : opts->max_udp_session_num; + // session overload + mgr->stat.tcp_sess.nr_sess_init = 0; + mgr->tcp_overload_evict_old_sess = opts->tcp_overload_evict_old_sess; + mgr->udp_overload_evict_old_sess = opts->udp_overload_evict_old_sess; + // session timeout + mgr->tcp_init_timeout = opts->tcp_init_timeout; + mgr->tcp_handshake_timeout = opts->tcp_handshake_timeout; + mgr->tcp_data_timeout = opts->tcp_data_timeout; + mgr->tcp_half_closed_timeout = opts->tcp_half_closed_timeout; + mgr->tcp_time_wait_timeout = opts->tcp_time_wait_timeout; + mgr->tcp_discard_timeout = opts->tcp_discard_timeout; + mgr->tcp_unverified_rst_timeout = opts->tcp_unverified_rst_timeout; + mgr->udp_data_timeout = opts->udp_data_timeout; + // duplicated packet filter + struct duplicated_packet_filter_options duplicated_packet_filter_opts = { .enable = opts->duplicated_packet_filter_enable, .capacity = opts->duplicated_packet_filter_capacity, - .timeout_sec = opts->duplicated_packet_filter_timeout, + .timeout = opts->duplicated_packet_filter_timeout, .error_rate = opts->duplicated_packet_filter_error_rate, }; - struct evicted_session_filter_options evc_sess_opts = { + // evicted session filter + struct evicted_session_filter_options evicted_session_filter_opts = { .enable = opts->evicted_session_filter_enable, .capacity = opts->evicted_session_filter_capacity, - .timeout_sec = opts->evicted_session_filter_timeout, + .timeout = opts->evicted_session_filter_timeout, .error_rate = opts->evicted_session_filter_error_rate, }; - tcp_reassembly_opts = { + // tcp reassembly + mgr->tcp_reassembly_opts = { .enable = opts->tcp_reassembly_enable, .max_timeout = opts->tcp_reassembly_max_timeout, .max_segments = opts->tcp_reassembly_max_segments, .max_bytes = opts->tcp_reassembly_max_bytes, }; - mgr->sess_pool = session_pool_new(opts->max_tcp_session_num + opts->max_udp_session_num); + mgr->sess_pool = session_pool_new(mgr->max_tcp_session_num + mgr->max_udp_session_num); mgr->tcp_sess_table = session_table_new(); mgr->udp_sess_table = session_table_new(); mgr->sess_timer = session_timer_new(); mgr->sess_evicte_queue = session_queue_new(); - mgr->dup_pkt_filter = duplicated_packet_filter_new(&dup_pkt_opts, now); - mgr->evicte_sess_filter = evicted_session_filter_new(&evc_sess_opts, now); + mgr->dup_pkt_filter = duplicated_packet_filter_new(&duplicated_packet_filter_opts, now); + mgr->evicte_sess_filter = evicted_session_filter_new(&evicted_session_filter_opts, now); if (mgr->sess_pool == NULL || mgr->tcp_sess_table == NULL || mgr->udp_sess_table == NULL || mgr->sess_timer == NULL || mgr->sess_evicte_queue == NULL || mgr->dup_pkt_filter == NULL || mgr->evicte_sess_filter == NULL) { goto error; } - session_transition_init(); session_filter_init(); + session_transition_init(); + tcp_flags_idx = session_get_ex_new_index("tcp_flags", NULL, NULL); + return mgr; error: @@ -789,8 +808,7 @@ void session_manager_free_session(struct session_manager *mgr, struct session *s switch (session_get_type(sess)) { case SESSION_TYPE_TCP: - tcp_reassembly_free(sess->c2s_reassembly); - tcp_reassembly_free(sess->s2c_reassembly); + session_free_tcp_reassembly(sess); session_table_del(mgr->tcp_sess_table, session_get0_key(sess)); session_stat_dec(&mgr->stat.tcp_sess, session_get_state(sess)); mgr->stat.tcp_sess.nr_sess_used--; @@ -857,7 +875,6 @@ int session_manager_update_session(struct session_manager *mgr, struct session * struct session *session_manager_get_expired_session(struct session_manager *mgr, uint64_t now) { - struct session_manager_options *opts = &mgr->opts; struct session *sess = session_timer_expire(mgr->sess_timer, now); if (sess) { @@ -879,7 +896,19 @@ struct session *session_manager_get_expired_session(struct session_manager *mgr, else { // in closing state, only update timeout - uint64_t timeout = session_get_type(sess) == SESSION_TYPE_TCP ? opts->tcp_timeout_time_wait : opts->udp_timeout_data; + uint64_t timeout = 0; + switch (session_get_type(sess)) + { + case SESSION_TYPE_TCP: + timeout = mgr->tcp_data_timeout; + break; + case SESSION_TYPE_UDP: + timeout = mgr->udp_data_timeout; + break; + default: + assert(0); + break; + } timer_update(mgr->sess_timer, sess, now + timeout); return NULL; } diff --git a/src/session/session_manager.h b/src/session/session_manager.h index 34292b0..9be9829 100644 --- a/src/session/session_manager.h +++ b/src/session/session_manager.h @@ -23,33 +23,33 @@ struct session_manager_options uint8_t udp_overload_evict_old_sess; // 1: evict old session, 0: bypass new session // TCP timeout - uint64_t tcp_timeout_init; // ms, Range: 1-60,000 - uint64_t tcp_timeout_handshake; // ms, Range: 1-60,000 - uint64_t tcp_timeout_data; // ms, Range: 1-15,999,999,000 - uint64_t tcp_timeout_half_closed; // ms, Range: 1-604,800,000 - uint64_t tcp_timeout_time_wait; // ms, Range: 1-600,000 - uint64_t tcp_timeout_discard; // ms, Range: 1-15,999,999,000 - + uint64_t tcp_init_timeout; // range: [1, 60000] (ms) + uint64_t tcp_handshake_timeout; // range: [1, 60000] (ms) + uint64_t tcp_data_timeout; // range: [1, 15999999000] (ms) + uint64_t tcp_half_closed_timeout; // range: [1, 604800000] (ms) + uint64_t tcp_time_wait_timeout; // range: [1, 600000] (ms) + uint64_t tcp_discard_timeout; // range: [1, 15999999000] (ms) + uint64_t tcp_unverified_rst_timeout; // range: [1, 600000] (ms) // UDP timeout - uint64_t udp_timeout_data; // ms, Range: 1-15,999,999,000 + uint64_t udp_data_timeout; // range: [1, 15999999000] (ms) // duplicate packet filter uint8_t duplicated_packet_filter_enable; - uint32_t duplicated_packet_filter_capacity; - uint32_t duplicated_packet_filter_timeout; // ms, Range: 1-60,000 - double duplicated_packet_filter_error_rate; + uint32_t duplicated_packet_filter_capacity; // range: [1, 4294967295] + uint32_t duplicated_packet_filter_timeout; // range: [1, 60000] (ms) + double duplicated_packet_filter_error_rate; // range: [0.0, 1.0] // evicted session filter uint8_t evicted_session_filter_enable; - uint32_t evicted_session_filter_capacity; - uint32_t evicted_session_filter_timeout; // ms, Range: 1-60,000 - double evicted_session_filter_error_rate; + uint32_t evicted_session_filter_capacity; // range: [1, 4294967295] + uint32_t evicted_session_filter_timeout; // range: [1, 60000] (ms) + double evicted_session_filter_error_rate; // range: [0.0, 1.0] // TCP reassembly uint8_t tcp_reassembly_enable; - uint32_t tcp_reassembly_max_timeout; // ms, Range: 1-60,000 - uint32_t tcp_reassembly_max_segments; // 0: unlimited - uint32_t tcp_reassembly_max_bytes; // 0: unlimited + uint32_t tcp_reassembly_max_timeout; // range: [1, 60000] (ms) + uint32_t tcp_reassembly_max_segments; // range: [2, 32] + uint32_t tcp_reassembly_max_bytes; // range: [2920, 46720] [2*MSS, 32*MSS] }; struct session_stat diff --git a/src/session/session_private.h b/src/session/session_private.h index 900cf57..88ead74 100644 --- a/src/session/session_private.h +++ b/src/session/session_private.h @@ -58,6 +58,11 @@ struct session struct tcp_reassembly *c2s_reassembly; struct tcp_reassembly *s2c_reassembly; + uint32_t c2s_seq; + uint32_t s2c_seq; + uint32_t c2s_ack; + uint32_t s2c_ack; + /****************************** * Session Current Packet ******************************/ diff --git a/src/session/test/gtest_filter_tcp_dupkt.cpp b/src/session/test/gtest_filter_tcp_dupkt.cpp index 95f9e6d..2b7dc88 100644 --- a/src/session/test/gtest_filter_tcp_dupkt.cpp +++ b/src/session/test/gtest_filter_tcp_dupkt.cpp @@ -16,15 +16,16 @@ struct session_manager_options opts = { .udp_overload_evict_old_sess = 1, // 1: evict old session, 0: bypass new session // tcp timeout - .tcp_timeout_init = 1, - .tcp_timeout_handshake = 2, - .tcp_timeout_data = 3, - .tcp_timeout_half_closed = 4, - .tcp_timeout_time_wait = 5, - .tcp_timeout_discard = 6, + .tcp_init_timeout = 1, + .tcp_handshake_timeout = 2, + .tcp_data_timeout = 3, + .tcp_half_closed_timeout = 4, + .tcp_time_wait_timeout = 5, + .tcp_discard_timeout = 6, + .tcp_unverified_rst_timeout = 7, // udp timeout - .udp_timeout_data = 7, + .udp_data_timeout = 8, // duplicate packet filter .duplicated_packet_filter_enable = 1, diff --git a/src/session/test/gtest_overload_evict_tcp_sess.cpp b/src/session/test/gtest_overload_evict_tcp_sess.cpp index b2f02b4..da8d7bd 100644 --- a/src/session/test/gtest_overload_evict_tcp_sess.cpp +++ b/src/session/test/gtest_overload_evict_tcp_sess.cpp @@ -17,15 +17,16 @@ struct session_manager_options opts = { .udp_overload_evict_old_sess = 1, // 1: evict old session, 0: bypass new session // tcp timeout - .tcp_timeout_init = 1, - .tcp_timeout_handshake = 2, - .tcp_timeout_data = 3, - .tcp_timeout_half_closed = 4, - .tcp_timeout_time_wait = 5, - .tcp_timeout_discard = 6, + .tcp_init_timeout = 1, + .tcp_handshake_timeout = 2, + .tcp_data_timeout = 3, + .tcp_half_closed_timeout = 4, + .tcp_time_wait_timeout = 5, + .tcp_discard_timeout = 6, + .tcp_unverified_rst_timeout = 7, // udp timeout - .udp_timeout_data = 7, + .udp_data_timeout = 8, // duplicate packet filter diff --git a/src/session/test/gtest_overload_evict_udp_sess.cpp b/src/session/test/gtest_overload_evict_udp_sess.cpp index d048d19..c9d8cfb 100644 --- a/src/session/test/gtest_overload_evict_udp_sess.cpp +++ b/src/session/test/gtest_overload_evict_udp_sess.cpp @@ -17,15 +17,16 @@ struct session_manager_options opts = { .udp_overload_evict_old_sess = 1, // 1: evict old session, 0: bypass new session // tcp timeout - .tcp_timeout_init = 1, - .tcp_timeout_handshake = 2, - .tcp_timeout_data = 3, - .tcp_timeout_half_closed = 4, - .tcp_timeout_time_wait = 5, - .tcp_timeout_discard = 6, + .tcp_init_timeout = 1, + .tcp_handshake_timeout = 2, + .tcp_data_timeout = 3, + .tcp_half_closed_timeout = 4, + .tcp_time_wait_timeout = 5, + .tcp_discard_timeout = 6, + .tcp_unverified_rst_timeout = 7, // udp timeout - .udp_timeout_data = 7, + .udp_data_timeout = 8, // duplicate packet filter diff --git a/src/session/test/gtest_sess_mgr_tcp_reassembly.cpp b/src/session/test/gtest_sess_mgr_tcp_reassembly.cpp index 99426b4..ac2c9ad 100644 --- a/src/session/test/gtest_sess_mgr_tcp_reassembly.cpp +++ b/src/session/test/gtest_sess_mgr_tcp_reassembly.cpp @@ -16,15 +16,16 @@ struct session_manager_options opts = { .udp_overload_evict_old_sess = 1, // 1: evict old session, 0: bypass new session // tcp timeout - .tcp_timeout_init = 1, - .tcp_timeout_handshake = 2, - .tcp_timeout_data = 3, - .tcp_timeout_half_closed = 4, - .tcp_timeout_time_wait = 5, - .tcp_timeout_discard = 6, + .tcp_init_timeout = 1, + .tcp_handshake_timeout = 2, + .tcp_data_timeout = 3, + .tcp_half_closed_timeout = 4, + .tcp_time_wait_timeout = 5, + .tcp_discard_timeout = 6, + .tcp_unverified_rst_timeout = 7, // udp timeout - .udp_timeout_data = 7, + .udp_data_timeout = 8, // duplicate packet filter .duplicated_packet_filter_enable = 1, @@ -237,8 +238,8 @@ TEST(SESS_MGR_TCP_REASSEMBLY, OUT_OF_ORDER) session_consume_tcp_payload(sess, len); // expire session - EXPECT_TRUE(session_manager_get_expired_session(mgr, 7 + opts.tcp_timeout_data) == NULL); // active -> closing - sess = session_manager_get_expired_session(mgr, 7 + opts.tcp_timeout_data + opts.tcp_timeout_time_wait); // closing -> closed + EXPECT_TRUE(session_manager_get_expired_session(mgr, 7 + opts.tcp_data_timeout) == NULL); // active -> closing + sess = session_manager_get_expired_session(mgr, 7 + opts.tcp_data_timeout + opts.tcp_time_wait_timeout); // closing -> closed EXPECT_TRUE(sess); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); @@ -329,8 +330,8 @@ TEST(SESS_MGR_TCP_REASSEMBLY, SEQ_WRAPAROUND) session_consume_tcp_payload(sess, len); // expire session - EXPECT_TRUE(session_manager_get_expired_session(mgr, 4 + opts.tcp_timeout_data) == NULL); // active -> closing - sess = session_manager_get_expired_session(mgr, 4 + opts.tcp_timeout_data + opts.tcp_timeout_time_wait); // closing -> closed + EXPECT_TRUE(session_manager_get_expired_session(mgr, 4 + opts.tcp_data_timeout) == NULL); // active -> closing + sess = session_manager_get_expired_session(mgr, 4 + opts.tcp_data_timeout + opts.tcp_time_wait_timeout); // closing -> closed EXPECT_TRUE(sess); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); diff --git a/src/session/test/gtest_state_tcp_active_to_closing.cpp b/src/session/test/gtest_state_tcp_active_to_closing.cpp index cba6050..a6f1913 100644 --- a/src/session/test/gtest_state_tcp_active_to_closing.cpp +++ b/src/session/test/gtest_state_tcp_active_to_closing.cpp @@ -17,15 +17,16 @@ struct session_manager_options opts = { .udp_overload_evict_old_sess = 1, // 1: evict old session, 0: bypass new session // tcp timeout - .tcp_timeout_init = 1, - .tcp_timeout_handshake = 2, - .tcp_timeout_data = 3, - .tcp_timeout_half_closed = 4, - .tcp_timeout_time_wait = 5, - .tcp_timeout_discard = 6, + .tcp_init_timeout = 1, + .tcp_handshake_timeout = 2, + .tcp_data_timeout = 3, + .tcp_half_closed_timeout = 4, + .tcp_time_wait_timeout = 5, + .tcp_discard_timeout = 6, + .tcp_unverified_rst_timeout = 7, // udp timeout - .udp_timeout_data = 7, + .udp_data_timeout = 8, // duplicate packet filter .duplicated_packet_filter_enable = 1, @@ -144,7 +145,7 @@ TEST(TCP_ACTIVE_TO_CLOSING, BY_FIN_FIN) EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 1); // expire session - sess = session_manager_get_expired_session(mgr, 3 + opts.tcp_timeout_time_wait); + sess = session_manager_get_expired_session(mgr, 3 + opts.tcp_time_wait_timeout); EXPECT_TRUE(sess); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_CLIENT_FIN); @@ -232,7 +233,7 @@ TEST(TCP_ACTIVE_TO_CLOSING, BY_C2S_RST) EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 1); // expire session - sess = session_manager_get_expired_session(mgr, 3 + opts.tcp_timeout_time_wait); + sess = session_manager_get_expired_session(mgr, 3 + opts.tcp_unverified_rst_timeout); EXPECT_TRUE(sess); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_CLIENT_RST); @@ -320,7 +321,7 @@ TEST(TCP_ACTIVE_TO_CLOSING, BY_S2C_RST) EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 1); // expire session - sess = session_manager_get_expired_session(mgr, 3 + opts.tcp_timeout_time_wait); + sess = session_manager_get_expired_session(mgr, 3 + opts.tcp_unverified_rst_timeout); EXPECT_TRUE(sess); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_SERVER_RST); @@ -368,8 +369,8 @@ TEST(TCP_ACTIVE_TO_CLOSING, BY_DATA_TIMEOUT) EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 0); // expire session - EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.tcp_timeout_data) == NULL); - sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_timeout_data + opts.tcp_timeout_time_wait); + EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.tcp_data_timeout) == NULL); + sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_data_timeout + opts.tcp_time_wait_timeout); EXPECT_TRUE(sess); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); @@ -450,7 +451,7 @@ TEST(TCP_ACTIVE_TO_CLOSING, BY_C2S_HALF_CLOSED_TIMEOUT) EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 1); // expire session - sess = session_manager_get_expired_session(mgr, 3 + opts.tcp_timeout_time_wait); + sess = session_manager_get_expired_session(mgr, 3 + opts.tcp_time_wait_timeout); EXPECT_TRUE(sess); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_CLIENT_FIN); @@ -531,7 +532,7 @@ TEST(TCP_ACTIVE_TO_CLOSING, BY_S2C_HALF_CLOSED_TIMEOUT) EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 1); // expire session - sess = session_manager_get_expired_session(mgr, 3 + opts.tcp_timeout_time_wait); + sess = session_manager_get_expired_session(mgr, 3 + opts.tcp_time_wait_timeout); EXPECT_TRUE(sess); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_SERVER_FIN); diff --git a/src/session/test/gtest_state_tcp_init_to_opening.cpp b/src/session/test/gtest_state_tcp_init_to_opening.cpp index 5c41770..3023a3c 100644 --- a/src/session/test/gtest_state_tcp_init_to_opening.cpp +++ b/src/session/test/gtest_state_tcp_init_to_opening.cpp @@ -17,15 +17,16 @@ struct session_manager_options opts = { .udp_overload_evict_old_sess = 1, // 1: evict old session, 0: bypass new session // tcp timeout - .tcp_timeout_init = 1, - .tcp_timeout_handshake = 2, - .tcp_timeout_data = 3, - .tcp_timeout_half_closed = 4, - .tcp_timeout_time_wait = 5, - .tcp_timeout_discard = 6, + .tcp_init_timeout = 1, + .tcp_handshake_timeout = 2, + .tcp_data_timeout = 3, + .tcp_half_closed_timeout = 4, + .tcp_time_wait_timeout = 5, + .tcp_discard_timeout = 6, + .tcp_unverified_rst_timeout = 7, // udp timeout - .udp_timeout_data = 7, + .udp_data_timeout = 8, // duplicate packet filter .duplicated_packet_filter_enable = 1, @@ -104,8 +105,8 @@ TEST(TCP_INIT_TO_OPENING, BY_SYN) EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 0); // expire session - EXPECT_TRUE(session_manager_get_expired_session(mgr, 1 + opts.tcp_timeout_init) == NULL); // opening -> closing - sess = session_manager_get_expired_session(mgr, 1 + opts.tcp_timeout_init + opts.tcp_timeout_time_wait); // closing -> closed + EXPECT_TRUE(session_manager_get_expired_session(mgr, 1 + opts.tcp_init_timeout) == NULL); // opening -> closing + sess = session_manager_get_expired_session(mgr, 1 + opts.tcp_init_timeout + opts.tcp_time_wait_timeout); // closing -> closed EXPECT_TRUE(sess); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); @@ -184,8 +185,8 @@ TEST(TCP_INIT_TO_OPENING, BY_SYNACK) EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 0); // expire session - EXPECT_TRUE(session_manager_get_expired_session(mgr, 1 + opts.tcp_timeout_handshake) == NULL); - sess = session_manager_get_expired_session(mgr, 1 + opts.tcp_timeout_handshake + opts.tcp_timeout_time_wait); + EXPECT_TRUE(session_manager_get_expired_session(mgr, 1 + opts.tcp_handshake_timeout) == NULL); + sess = session_manager_get_expired_session(mgr, 1 + opts.tcp_handshake_timeout + opts.tcp_time_wait_timeout); EXPECT_TRUE(sess); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); @@ -275,8 +276,8 @@ TEST(TCP_INIT_TO_OPENING, BY_SYN_SYNACK) EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 0); // expire session - EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.tcp_timeout_handshake) == NULL); - sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_timeout_handshake + opts.tcp_timeout_time_wait); + EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.tcp_handshake_timeout) == NULL); + sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_handshake_timeout + opts.tcp_time_wait_timeout); EXPECT_TRUE(sess); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); @@ -376,8 +377,8 @@ TEST(TCP_INIT_TO_OPENING, BY_SYN_SYNACK_ACK) EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 0); // expire session - EXPECT_TRUE(session_manager_get_expired_session(mgr, 3 + opts.tcp_timeout_data) == NULL); - sess = session_manager_get_expired_session(mgr, 3 + opts.tcp_timeout_data + opts.tcp_timeout_time_wait); + EXPECT_TRUE(session_manager_get_expired_session(mgr, 3 + opts.tcp_data_timeout) == NULL); + sess = session_manager_get_expired_session(mgr, 3 + opts.tcp_data_timeout + opts.tcp_time_wait_timeout); EXPECT_TRUE(sess); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); @@ -474,8 +475,8 @@ TEST(TCP_INIT_TO_OPENING, BY_SYN_RETRANSMISSION) EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 0); // expire session - EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.tcp_timeout_init) == NULL); - sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_timeout_init + opts.tcp_timeout_time_wait); + EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.tcp_init_timeout) == NULL); + sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_init_timeout + opts.tcp_time_wait_timeout); EXPECT_TRUE(sess); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); @@ -573,8 +574,8 @@ TEST(TCP_INIT_TO_OPENING, BY_SYNACK_RETRANSMISSION) EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 0); // expire session - EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.tcp_timeout_handshake) == NULL); - sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_timeout_handshake + opts.tcp_timeout_time_wait); + EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.tcp_handshake_timeout) == NULL); + sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_handshake_timeout + opts.tcp_time_wait_timeout); EXPECT_TRUE(sess); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); @@ -664,8 +665,8 @@ TEST(TCP_INIT_TO_OPENING, BY_C2S_ASMMETRIC) EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 0); // expire session - EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.tcp_timeout_data) == NULL); - sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_timeout_data + opts.tcp_timeout_time_wait); + EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.tcp_data_timeout) == NULL); + sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_data_timeout + opts.tcp_time_wait_timeout); EXPECT_TRUE(sess); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); @@ -755,8 +756,8 @@ TEST(TCP_INIT_TO_OPENING, BY_S2C_ASMMETRIC) EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 0); // expire session - EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.tcp_timeout_data) == NULL); - sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_timeout_data + opts.tcp_timeout_time_wait); + EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.tcp_data_timeout) == NULL); + sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_data_timeout + opts.tcp_time_wait_timeout); EXPECT_TRUE(sess); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); diff --git a/src/session/test/gtest_state_tcp_init_to_opening_to_active_to_closing_to_closed.cpp b/src/session/test/gtest_state_tcp_init_to_opening_to_active_to_closing_to_closed.cpp index 0dd0176..efb91c5 100644 --- a/src/session/test/gtest_state_tcp_init_to_opening_to_active_to_closing_to_closed.cpp +++ b/src/session/test/gtest_state_tcp_init_to_opening_to_active_to_closing_to_closed.cpp @@ -16,15 +16,16 @@ struct session_manager_options opts = { .udp_overload_evict_old_sess = 1, // 1: evict old session, 0: bypass new session // tcp timeout - .tcp_timeout_init = 1, - .tcp_timeout_handshake = 2, - .tcp_timeout_data = 3, - .tcp_timeout_half_closed = 4, - .tcp_timeout_time_wait = 5, - .tcp_timeout_discard = 6, + .tcp_init_timeout = 1, + .tcp_handshake_timeout = 2, + .tcp_data_timeout = 3, + .tcp_half_closed_timeout = 4, + .tcp_time_wait_timeout = 5, + .tcp_discard_timeout = 6, + .tcp_unverified_rst_timeout = 7, // udp timeout - .udp_timeout_data = 7, + .udp_data_timeout = 8, // duplicate packet filter .duplicated_packet_filter_enable = 1, @@ -408,7 +409,7 @@ TEST(TCP_INIT_TO_OPENING_TO_ACTIVE_TO_CLOSING_TO_CLOSED, TEST) EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 1); // expire session - sess = session_manager_get_expired_session(mgr, 11 + opts.tcp_timeout_time_wait); + sess = session_manager_get_expired_session(mgr, 11 + opts.tcp_time_wait_timeout); EXPECT_TRUE(sess); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_CLIENT_FIN); diff --git a/src/session/test/gtest_state_tcp_opening_to_active.cpp b/src/session/test/gtest_state_tcp_opening_to_active.cpp index 1fcfb03..4cee83c 100644 --- a/src/session/test/gtest_state_tcp_opening_to_active.cpp +++ b/src/session/test/gtest_state_tcp_opening_to_active.cpp @@ -16,15 +16,16 @@ struct session_manager_options opts = { .udp_overload_evict_old_sess = 1, // 1: evict old session, 0: bypass new session // tcp timeout - .tcp_timeout_init = 1, - .tcp_timeout_handshake = 2, - .tcp_timeout_data = 3, - .tcp_timeout_half_closed = 4, - .tcp_timeout_time_wait = 5, - .tcp_timeout_discard = 6, + .tcp_init_timeout = 1, + .tcp_handshake_timeout = 2, + .tcp_data_timeout = 3, + .tcp_half_closed_timeout = 4, + .tcp_time_wait_timeout = 5, + .tcp_discard_timeout = 6, + .tcp_unverified_rst_timeout = 7, // udp timeout - .udp_timeout_data = 7, + .udp_data_timeout = 8, // duplicate packet filter .duplicated_packet_filter_enable = 1, @@ -113,8 +114,8 @@ TEST(TCP_OPENING_TO_ACTIVE, BY_SYN_C2S_DATA) EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 0); // expire session - EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.tcp_timeout_data) == NULL); - sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_timeout_data + opts.tcp_timeout_time_wait); + EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.tcp_data_timeout) == NULL); + sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_data_timeout + opts.tcp_time_wait_timeout); EXPECT_TRUE(sess); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); @@ -203,8 +204,8 @@ TEST(TCP_OPENING_TO_ACTIVE, BY_SYNACK_S2C_DATA) EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 0); // expire session - EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.tcp_timeout_data) == NULL); - sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_timeout_data + opts.tcp_timeout_time_wait); + EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.tcp_data_timeout) == NULL); + sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_data_timeout + opts.tcp_time_wait_timeout); EXPECT_TRUE(sess); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); diff --git a/src/session/test/gtest_state_tcp_opening_to_closing.cpp b/src/session/test/gtest_state_tcp_opening_to_closing.cpp index dc59935..6c7b73b 100644 --- a/src/session/test/gtest_state_tcp_opening_to_closing.cpp +++ b/src/session/test/gtest_state_tcp_opening_to_closing.cpp @@ -17,15 +17,16 @@ struct session_manager_options opts = { .udp_overload_evict_old_sess = 1, // 1: evict old session, 0: bypass new session // tcp timeout - .tcp_timeout_init = 1, - .tcp_timeout_handshake = 2, - .tcp_timeout_data = 3, - .tcp_timeout_half_closed = 4, - .tcp_timeout_time_wait = 5, - .tcp_timeout_discard = 6, + .tcp_init_timeout = 1, + .tcp_handshake_timeout = 2, + .tcp_data_timeout = 3, + .tcp_half_closed_timeout = 4, + .tcp_time_wait_timeout = 5, + .tcp_discard_timeout = 6, + .tcp_unverified_rst_timeout = 7, // udp timeout - .udp_timeout_data = 7, + .udp_data_timeout = 8, // duplicate packet filter .duplicated_packet_filter_enable = 1, @@ -125,7 +126,7 @@ TEST(TCP_OPENING_TO_CLOSING, BY_FIN_FIN) EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 1); // expire session - sess = session_manager_get_expired_session(mgr, 3 + opts.tcp_timeout_time_wait); + sess = session_manager_get_expired_session(mgr, 3 + opts.tcp_time_wait_timeout); EXPECT_TRUE(sess); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_CLIENT_FIN); @@ -221,7 +222,7 @@ TEST(TCP_OPENING_TO_CLOSING, BY_C2S_RST) EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 1); // expire session - sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_timeout_time_wait); + sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_unverified_rst_timeout); EXPECT_TRUE(sess); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_CLIENT_RST); @@ -317,7 +318,7 @@ TEST(TCP_OPENING_TO_CLOSING, BY_S2C_RST) EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 1); // expire session - sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_timeout_time_wait); + sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_unverified_rst_timeout); EXPECT_TRUE(sess); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_SERVER_RST); @@ -374,8 +375,8 @@ TEST(TCP_OPENING_TO_CLOSING, BY_INIT_TIMEOUT) EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 0); // expire session - EXPECT_TRUE(session_manager_get_expired_session(mgr, 1 + opts.tcp_timeout_init) == NULL); - sess = session_manager_get_expired_session(mgr, 1 + opts.tcp_timeout_init + opts.tcp_timeout_time_wait); + EXPECT_TRUE(session_manager_get_expired_session(mgr, 1 + opts.tcp_init_timeout) == NULL); + sess = session_manager_get_expired_session(mgr, 1 + opts.tcp_init_timeout + opts.tcp_time_wait_timeout); EXPECT_TRUE(sess); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); @@ -464,8 +465,8 @@ TEST(TCP_OPENING_TO_CLOSING, BY_HANDSHAKE_TIMEOUT) EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 0); // expire session - EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.tcp_timeout_handshake) == NULL); - sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_timeout_handshake + opts.tcp_timeout_time_wait); + EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.tcp_handshake_timeout) == NULL); + sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_handshake_timeout + opts.tcp_time_wait_timeout); EXPECT_TRUE(sess); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); @@ -565,8 +566,8 @@ TEST(TCP_OPENING_TO_CLOSING, BY_DATA_TIMEOUT) EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 0); // expire session - EXPECT_TRUE(session_manager_get_expired_session(mgr, 3 + opts.tcp_timeout_data) == NULL); - sess = session_manager_get_expired_session(mgr, 3 + opts.tcp_timeout_data + opts.tcp_timeout_time_wait); + EXPECT_TRUE(session_manager_get_expired_session(mgr, 3 + opts.tcp_data_timeout) == NULL); + sess = session_manager_get_expired_session(mgr, 3 + opts.tcp_data_timeout + opts.tcp_time_wait_timeout); EXPECT_TRUE(sess); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); @@ -655,7 +656,7 @@ TEST(TCP_OPENING_TO_CLOSING, BY_C2S_HALF_FIN) EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 1); // expire session - sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_timeout_time_wait); + sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_time_wait_timeout); EXPECT_TRUE(sess); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_CLIENT_FIN); @@ -744,7 +745,7 @@ TEST(TCP_OPENING_TO_CLOSING, BY_S2C_HALF_FIN) EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 1); // expire session - sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_timeout_time_wait); + sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_time_wait_timeout); EXPECT_TRUE(sess); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_SERVER_FIN); diff --git a/src/session/test/gtest_state_udp_init_to_opening_to_active_to_closing.cpp b/src/session/test/gtest_state_udp_init_to_opening_to_active_to_closing.cpp index b48ac4b..47053c9 100644 --- a/src/session/test/gtest_state_udp_init_to_opening_to_active_to_closing.cpp +++ b/src/session/test/gtest_state_udp_init_to_opening_to_active_to_closing.cpp @@ -16,15 +16,16 @@ struct session_manager_options opts = { .udp_overload_evict_old_sess = 1, // 1: evict old session, 0: bypass new session // tcp timeout - .tcp_timeout_init = 1, - .tcp_timeout_handshake = 2, - .tcp_timeout_data = 3, - .tcp_timeout_half_closed = 4, - .tcp_timeout_time_wait = 5, - .tcp_timeout_discard = 6, + .tcp_init_timeout = 1, + .tcp_handshake_timeout = 2, + .tcp_data_timeout = 3, + .tcp_half_closed_timeout = 4, + .tcp_time_wait_timeout = 5, + .tcp_discard_timeout = 6, + .tcp_unverified_rst_timeout = 7, // udp timeout - .udp_timeout_data = 7, + .udp_data_timeout = 8, // duplicate packet filter .duplicated_packet_filter_enable = 1, @@ -128,8 +129,8 @@ TEST(UDP_INIT_TO_OPENING_TO_ACTIVE_TO_CLOSING, TEST) EXPECT_TRUE(stat->udp_sess.nr_sess_closing == 0); // expire session - EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.udp_timeout_data) == NULL); // active -> closing - sess = session_manager_get_expired_session(mgr, 2 + opts.udp_timeout_data + opts.udp_timeout_data); // closing -> closed + EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.udp_data_timeout) == NULL); // active -> closing + sess = session_manager_get_expired_session(mgr, 2 + opts.udp_data_timeout + opts.udp_data_timeout); // closing -> closed EXPECT_TRUE(sess); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); diff --git a/src/session/test/gtest_state_udp_init_to_opening_to_closing.cpp b/src/session/test/gtest_state_udp_init_to_opening_to_closing.cpp index 9489c78..c6ab6f6 100644 --- a/src/session/test/gtest_state_udp_init_to_opening_to_closing.cpp +++ b/src/session/test/gtest_state_udp_init_to_opening_to_closing.cpp @@ -16,15 +16,16 @@ struct session_manager_options opts = { .udp_overload_evict_old_sess = 1, // 1: evict old session, 0: bypass new session // tcp timeout - .tcp_timeout_init = 1, - .tcp_timeout_handshake = 2, - .tcp_timeout_data = 3, - .tcp_timeout_half_closed = 4, - .tcp_timeout_time_wait = 5, - .tcp_timeout_discard = 6, + .tcp_init_timeout = 1, + .tcp_handshake_timeout = 2, + .tcp_data_timeout = 3, + .tcp_half_closed_timeout = 4, + .tcp_time_wait_timeout = 5, + .tcp_discard_timeout = 6, + .tcp_unverified_rst_timeout = 7, // udp timeout - .udp_timeout_data = 7, + .udp_data_timeout = 8, // duplicate packet filter .duplicated_packet_filter_enable = 1, @@ -103,8 +104,8 @@ TEST(UDP_INIT_TO_OPENING_TO_CLOSING, BY_C2S) EXPECT_TRUE(stat->udp_sess.nr_sess_closing == 0); // expire session - EXPECT_TRUE(session_manager_get_expired_session(mgr, 1 + opts.udp_timeout_data) == NULL); // opening -> closing - sess = session_manager_get_expired_session(mgr, 1 + opts.udp_timeout_data + opts.udp_timeout_data); // closing -> closed + EXPECT_TRUE(session_manager_get_expired_session(mgr, 1 + opts.udp_data_timeout) == NULL); // opening -> closing + sess = session_manager_get_expired_session(mgr, 1 + opts.udp_data_timeout + opts.udp_data_timeout); // closing -> closed EXPECT_TRUE(sess); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); @@ -184,8 +185,8 @@ TEST(UDP_INIT_TO_OPENING_TO_CLOSING, BY_S2C) EXPECT_TRUE(stat->udp_sess.nr_sess_closing == 0); // expire session - EXPECT_TRUE(session_manager_get_expired_session(mgr, 1 + opts.udp_timeout_data) == NULL); // opening -> closing - sess = session_manager_get_expired_session(mgr, 1 + opts.udp_timeout_data + opts.udp_timeout_data); // closing -> closed + EXPECT_TRUE(session_manager_get_expired_session(mgr, 1 + opts.udp_data_timeout) == NULL); // opening -> closing + sess = session_manager_get_expired_session(mgr, 1 + opts.udp_data_timeout + opts.udp_data_timeout); // closing -> closed EXPECT_TRUE(sess); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); diff --git a/src/session/test/gtest_timeout_tcp_data.cpp b/src/session/test/gtest_timeout_tcp_data.cpp index 3f2e0d2..9c946e7 100644 --- a/src/session/test/gtest_timeout_tcp_data.cpp +++ b/src/session/test/gtest_timeout_tcp_data.cpp @@ -15,15 +15,16 @@ struct session_manager_options opts = { .udp_overload_evict_old_sess = 1, // 1: evict old session, 0: bypass new session // tcp timeout - .tcp_timeout_init = 1, - .tcp_timeout_handshake = 2, - .tcp_timeout_data = 3, - .tcp_timeout_half_closed = 4, - .tcp_timeout_time_wait = 5, - .tcp_timeout_discard = 6, + .tcp_init_timeout = 1, + .tcp_handshake_timeout = 2, + .tcp_data_timeout = 3, + .tcp_half_closed_timeout = 4, + .tcp_time_wait_timeout = 5, + .tcp_discard_timeout = 6, + .tcp_unverified_rst_timeout = 7, // udp timeout - .udp_timeout_data = 7, + .udp_data_timeout = 8, // duplicate packet filter .duplicated_packet_filter_enable = 1, @@ -77,8 +78,8 @@ TEST(TIMEOUT, TCP_TIMEOUT_DATA) EXPECT_TRUE(session_manager_update_session(mgr, sess, &pkt, 2) == 0); // expire session - EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.tcp_timeout_data) == NULL); - sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_timeout_data + opts.tcp_timeout_time_wait); + EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.tcp_data_timeout) == NULL); + sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_data_timeout + opts.tcp_time_wait_timeout); EXPECT_TRUE(sess); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); diff --git a/src/session/test/gtest_timeout_tcp_handshake.cpp b/src/session/test/gtest_timeout_tcp_handshake.cpp index b1bcce1..96182d1 100644 --- a/src/session/test/gtest_timeout_tcp_handshake.cpp +++ b/src/session/test/gtest_timeout_tcp_handshake.cpp @@ -16,15 +16,16 @@ struct session_manager_options opts = { .udp_overload_evict_old_sess = 1, // 1: evict old session, 0: bypass new session // tcp timeout - .tcp_timeout_init = 1, - .tcp_timeout_handshake = 2, - .tcp_timeout_data = 3, - .tcp_timeout_half_closed = 4, - .tcp_timeout_time_wait = 5, - .tcp_timeout_discard = 6, + .tcp_init_timeout = 1, + .tcp_handshake_timeout = 2, + .tcp_data_timeout = 3, + .tcp_half_closed_timeout = 4, + .tcp_time_wait_timeout = 5, + .tcp_discard_timeout = 6, + .tcp_unverified_rst_timeout = 7, // udp timeout - .udp_timeout_data = 7, + .udp_data_timeout = 8, // duplicate packet filter .duplicated_packet_filter_enable = 1, @@ -67,8 +68,8 @@ TEST(TIMEOUT, TCP_TIMEOUT_HANDSHAKE) EXPECT_TRUE(sess); // expire session - EXPECT_TRUE(session_manager_get_expired_session(mgr, 1 + opts.tcp_timeout_handshake) == NULL); - sess = session_manager_get_expired_session(mgr, 1 + opts.tcp_timeout_handshake + opts.tcp_timeout_time_wait); + EXPECT_TRUE(session_manager_get_expired_session(mgr, 1 + opts.tcp_handshake_timeout) == NULL); + sess = session_manager_get_expired_session(mgr, 1 + opts.tcp_handshake_timeout + opts.tcp_time_wait_timeout); EXPECT_TRUE(sess); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); diff --git a/src/session/test/gtest_timeout_tcp_init.cpp b/src/session/test/gtest_timeout_tcp_init.cpp index 5e86b9d..28f621d 100644 --- a/src/session/test/gtest_timeout_tcp_init.cpp +++ b/src/session/test/gtest_timeout_tcp_init.cpp @@ -16,15 +16,16 @@ struct session_manager_options opts = { .udp_overload_evict_old_sess = 1, // 1: evict old session, 0: bypass new session // tcp timeout - .tcp_timeout_init = 1, - .tcp_timeout_handshake = 2, - .tcp_timeout_data = 3, - .tcp_timeout_half_closed = 4, - .tcp_timeout_time_wait = 5, - .tcp_timeout_discard = 6, + .tcp_init_timeout = 1, + .tcp_handshake_timeout = 2, + .tcp_data_timeout = 3, + .tcp_half_closed_timeout = 4, + .tcp_time_wait_timeout = 5, + .tcp_discard_timeout = 6, + .tcp_unverified_rst_timeout = 7, // udp timeout - .udp_timeout_data = 7, + .udp_data_timeout = 8, // duplicate packet filter .duplicated_packet_filter_enable = 1, @@ -67,8 +68,8 @@ TEST(TIMEOUT, TCP_TIMEOUT_INIT) EXPECT_TRUE(sess); // expire session - EXPECT_TRUE(session_manager_get_expired_session(mgr, 1 + opts.tcp_timeout_init) == NULL); // opening -> closing - sess = session_manager_get_expired_session(mgr, 1 + opts.tcp_timeout_init + opts.tcp_timeout_time_wait); // closing -> closed + EXPECT_TRUE(session_manager_get_expired_session(mgr, 1 + opts.tcp_init_timeout) == NULL); // opening -> closing + sess = session_manager_get_expired_session(mgr, 1 + opts.tcp_init_timeout + opts.tcp_time_wait_timeout); // closing -> closed EXPECT_TRUE(sess); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); diff --git a/src/session/test/gtest_timeout_udp_data.cpp b/src/session/test/gtest_timeout_udp_data.cpp index c60bd30..ebe0ab5 100644 --- a/src/session/test/gtest_timeout_udp_data.cpp +++ b/src/session/test/gtest_timeout_udp_data.cpp @@ -15,15 +15,16 @@ struct session_manager_options opts = { .udp_overload_evict_old_sess = 1, // 1: evict old session, 0: bypass new session // tcp timeout - .tcp_timeout_init = 1, - .tcp_timeout_handshake = 2, - .tcp_timeout_data = 3, - .tcp_timeout_half_closed = 4, - .tcp_timeout_time_wait = 5, - .tcp_timeout_discard = 6, + .tcp_init_timeout = 1, + .tcp_handshake_timeout = 2, + .tcp_data_timeout = 3, + .tcp_half_closed_timeout = 4, + .tcp_time_wait_timeout = 5, + .tcp_discard_timeout = 6, + .tcp_unverified_rst_timeout = 7, // udp timeout - .udp_timeout_data = 7, + .udp_data_timeout = 8, // duplicate packet filter .duplicated_packet_filter_enable = 1, @@ -66,8 +67,8 @@ TEST(TIMEOUT, UDP_TIMEOUT_DATA1) EXPECT_TRUE(sess); // expire session - EXPECT_TRUE(session_manager_get_expired_session(mgr, 1 + opts.udp_timeout_data) == NULL); // opening -> closing - sess = session_manager_get_expired_session(mgr, 1 + opts.udp_timeout_data + opts.udp_timeout_data); // closing -> closed + EXPECT_TRUE(session_manager_get_expired_session(mgr, 1 + opts.udp_data_timeout) == NULL); // opening -> closing + sess = session_manager_get_expired_session(mgr, 1 + opts.udp_data_timeout + opts.udp_data_timeout); // closing -> closed EXPECT_TRUE(sess); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); @@ -112,8 +113,8 @@ TEST(TIMEOUT, UDP_TIMEOUT_DATA2) EXPECT_TRUE(session_manager_update_session(mgr, sess, &pkt, 2) == 0); // expire session - EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.udp_timeout_data) == NULL); // active -> closing - sess = session_manager_get_expired_session(mgr, 2 + opts.udp_timeout_data + opts.udp_timeout_data); // closing -> closed + EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.udp_data_timeout) == NULL); // active -> closing + sess = session_manager_get_expired_session(mgr, 2 + opts.udp_data_timeout + opts.udp_data_timeout); // closing -> closed EXPECT_TRUE(sess); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); diff --git a/src/stellar/stellar.cpp b/src/stellar/stellar.cpp index a7864c9..b6d6546 100644 --- a/src/stellar/stellar.cpp +++ b/src/stellar/stellar.cpp @@ -48,10 +48,10 @@ struct stellar_context stellar_context; struct stellar_context *stellar_ctx = &stellar_context; // config -struct device_options *dev_opts = &stellar_context.config.dev_opts; -struct packet_io_options *pkt_io_opts = &stellar_context.config.pkt_io_opts; -struct ip_reassembly_options *ip_reass_opts = &stellar_context.config.ip_reass_opts; -struct session_manager_options *sess_mgr_opts = &stellar_context.config.sess_mgr_opts; +struct device_options *device_opts = &stellar_context.config.device_opts; +struct packet_io_options *packet_io_opts = &stellar_context.config.packet_io_opts; +struct ip_reassembly_options *ip_reassembly_opts = &stellar_context.config.ip_reassembly_opts; +struct session_manager_options *session_manager_opts = &stellar_context.config.session_manager_opts; static const char *log_config_file = "./conf/log.toml"; static const char *stellar_config_file = "./conf/stellar.toml"; @@ -291,14 +291,14 @@ static int thread_context_init(struct stellar_context *ctx, uint8_t nr_threads) threads_ctx->need_exit = 0; threads_ctx->is_runing = 0; - threads_ctx->sess_mgr = session_manager_new(sess_mgr_opts, now); + threads_ctx->sess_mgr = session_manager_new(session_manager_opts, now); if (threads_ctx->sess_mgr == NULL) { STELLAR_LOG_ERROR("unable to create session manager"); return -1; } - threads_ctx->ip_mgr = ip_reassembly_new(ip_reass_opts); + threads_ctx->ip_mgr = ip_reassembly_new(ip_reassembly_opts); if (threads_ctx->ip_mgr == NULL) { STELLAR_LOG_ERROR("unable to create ip reassemble manager"); @@ -382,7 +382,7 @@ int main(int argc, char **argv) print_config_options(&stellar_ctx->config); - if (id_generator_init(dev_opts->device_base, dev_opts->device_offset) != 0) + if (id_generator_init(device_opts->device_base, device_opts->device_offset) != 0) { STELLAR_LOG_ERROR("unable to init id generator"); return -1; @@ -390,8 +390,8 @@ int main(int argc, char **argv) // TODO load plugin - uint8_t nr_threads = pkt_io_opts->nr_threads; - stellar_ctx->packet_io = packet_io_new(pkt_io_opts); + uint8_t nr_threads = packet_io_opts->nr_threads; + stellar_ctx->packet_io = packet_io_new(packet_io_opts); if (stellar_ctx->packet_io == NULL) { STELLAR_LOG_ERROR("unable to create packet io"); diff --git a/src/tcp_reassembly/tcp_reassembly.cpp b/src/tcp_reassembly/tcp_reassembly.cpp index 25f0a56..8a1dd36 100644 --- a/src/tcp_reassembly/tcp_reassembly.cpp +++ b/src/tcp_reassembly/tcp_reassembly.cpp @@ -18,7 +18,10 @@ struct segment struct tcp_reassembly { - struct tcp_reassembly_options opts; + uint8_t enable; + uint32_t max_timeout; + uint32_t max_segments; + uint32_t max_bytes; struct tcp_reassembly_stat stat; struct rb_root_cached tree_root; @@ -26,6 +29,10 @@ struct tcp_reassembly uint64_t exp_seq; }; +/****************************************************************************** + * Private API + ******************************************************************************/ + /* * The next routines deal with comparing 32 bit unsigned ints * and worry about wraparound (automatic with unsigned arithmetic). @@ -36,16 +43,46 @@ static inline bool before(uint32_t seq1, uint32_t seq2) return (int32_t)(seq1 - seq2) < 0; } +static int check_options(const struct tcp_reassembly_options *opts) +{ + if (opts == NULL) + { + TCP_REASSEMBLE_ERROR("invalid options"); + return -1; + } + + if (opts->enable) + { + if (opts->max_timeout < 1 || opts->max_timeout > 60000) + { + TCP_REASSEMBLE_ERROR("invalid max_timeout: %u, supported range: [1, 60000]", opts->max_timeout); + return -1; + } + } + + return 0; +} + +/****************************************************************************** + * Public API + ******************************************************************************/ + struct tcp_reassembly *tcp_reassembly_new(struct tcp_reassembly_options *opts) { - struct tcp_reassembly *assy = NULL; + if (check_options(opts) == -1) + { + return NULL; + } - assy = (struct tcp_reassembly *)calloc(1, sizeof(struct tcp_reassembly)); + struct tcp_reassembly *assy = (struct tcp_reassembly *)calloc(1, sizeof(struct tcp_reassembly)); if (assy == NULL) { return NULL; } - memcpy(&assy->opts, opts, sizeof(struct tcp_reassembly_options)); + assy->enable = opts->enable; + assy->max_timeout = opts->max_timeout; + assy->max_segments = opts->max_segments; + assy->max_bytes = opts->max_bytes; assy->tree_root = RB_ROOT_CACHED; INIT_LIST_HEAD(&assy->list_root); @@ -74,7 +111,7 @@ void tcp_reassembly_free(struct tcp_reassembly *assy) void tcp_reassembly_init(struct tcp_reassembly *assy, uint32_t syn_seq) { - if (!assy->opts.enable) + if (!assy->enable) { return; } @@ -85,7 +122,7 @@ void tcp_reassembly_init(struct tcp_reassembly *assy, uint32_t syn_seq) void tcp_reassembly_expire(struct tcp_reassembly *assy, uint64_t now) { - if (!assy->opts.enable) + if (!assy->enable) { return; } @@ -95,7 +132,7 @@ void tcp_reassembly_expire(struct tcp_reassembly *assy, uint64_t now) while (!list_empty(&assy->list_root)) { seg = list_first_entry(&assy->list_root, struct segment, list_node); - if (seg->time + assy->opts.max_timeout > now) + if (seg->time + assy->max_timeout > now) { break; } @@ -119,7 +156,7 @@ void tcp_reassembly_expire(struct tcp_reassembly *assy, uint64_t now) void tcp_reassembly_insert(struct tcp_reassembly *assy, uint32_t offset, const char *payload, uint32_t len, uint64_t now) { - if (!assy->opts.enable) + if (!assy->enable || len == 0) { return; } @@ -130,23 +167,23 @@ void tcp_reassembly_insert(struct tcp_reassembly *assy, uint32_t offset, const c assy->stat.insert_segments++; assy->stat.insert_bytes += len; - if (assy->opts.max_segments > 0 && assy->stat.curr_segments >= assy->opts.max_segments) + if (assy->max_segments > 0 && assy->stat.curr_segments >= assy->max_segments) { assy->stat.overload_bypass_segments++; assy->stat.overload_bypass_bytes += len; - TCP_REASSEMBLE_DEBUG("reassembler %p insert [%lu, %lu] failed, reach max packets %u", assy, low, high, assy->opts.max_segments); + TCP_REASSEMBLE_DEBUG("reassembler %p insert [%lu, %lu] failed, reach max packets %u", assy, low, high, assy->max_segments); return; } - if (assy->opts.max_bytes > 0 && assy->stat.curr_bytes >= assy->opts.max_bytes) + if (assy->max_bytes > 0 && assy->stat.curr_bytes >= assy->max_bytes) { assy->stat.overload_bypass_segments++; assy->stat.overload_bypass_bytes += len; - TCP_REASSEMBLE_DEBUG("reassembler %p insert [%lu, %lu] failed, reach max bytes %u", assy, low, high, assy->opts.max_bytes); + TCP_REASSEMBLE_DEBUG("reassembler %p insert [%lu, %lu] failed, reach max bytes %u", assy, low, high, assy->max_bytes); return; } - if (len == 0 || before(offset + len, assy->exp_seq)) + if (before(offset + len, assy->exp_seq)) { assy->stat.retrans_bypass_segments++; assy->stat.retrans_bypass_bytes += len; @@ -183,7 +220,7 @@ const char *tcp_reassembly_peek(struct tcp_reassembly *assy, uint32_t *len) { *len = 0; - if (!assy->opts.enable) + if (!assy->enable) { return NULL; } @@ -226,7 +263,7 @@ const char *tcp_reassembly_peek(struct tcp_reassembly *assy, uint32_t *len) void tcp_reassembly_consume(struct tcp_reassembly *assy, uint32_t len) { - if (!assy->opts.enable || len == 0) + if (!assy->enable || len == 0) { return; } @@ -293,7 +330,7 @@ void tcp_reassembly_consume(struct tcp_reassembly *assy, uint32_t len) struct tcp_reassembly_stat *tcp_reassembly_get_stat(struct tcp_reassembly *assy) { - if (!assy->opts.enable) + if (!assy->enable) { return NULL; } @@ -303,7 +340,7 @@ struct tcp_reassembly_stat *tcp_reassembly_get_stat(struct tcp_reassembly *assy) void tcp_reassembly_print_stat(struct tcp_reassembly *assy) { - if (!assy->opts.enable) + if (!assy->enable) { return; } diff --git a/src/tcp_reassembly/tcp_reassembly.h b/src/tcp_reassembly/tcp_reassembly.h index f2ebfb6..e4619b8 100644 --- a/src/tcp_reassembly/tcp_reassembly.h +++ b/src/tcp_reassembly/tcp_reassembly.h @@ -21,9 +21,9 @@ extern "C" struct tcp_reassembly_options { uint8_t enable; - uint32_t max_timeout; - uint32_t max_segments; - uint32_t max_bytes; + uint32_t max_timeout; // range: [1, 60000] + uint32_t max_segments; // 0: unlimited + uint32_t max_bytes; // 0: unlimited }; struct tcp_reassembly_stat