gfwleak/stellar-stellar
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update session timeouts

Browse Source
This commit is contained in:
luwenpeng
2024-03-29 16:32:16 +08:00
parent 814a0d739f
commit 6e422ecb8d
34 changed files with 875 additions and 593 deletions
Download Patch File Download Diff File Expand all files Collapse all files

383
src/session/session_manager.cpp
View File

@@ -17,6 +17,25 @@
struct session_manager
{
// max session number
uint64_t max_tcp_session_num;
uint64_t max_udp_session_num;
// session overload
uint8_t tcp_overload_evict_old_sess; // 1: evict old session, 0: bypass new session
uint8_t udp_overload_evict_old_sess; // 1: evict old session, 0: bypass new session
// TCP timeout
uint64_t tcp_init_timeout; // range: [1, 60000]
uint64_t tcp_handshake_timeout; // range: [1, 60000]
uint64_t tcp_data_timeout; // range: [1, 15999999000]
uint64_t tcp_half_closed_timeout; // range: [1, 604800000]
uint64_t tcp_time_wait_timeout; // range: [1, 600000]
uint64_t tcp_discard_timeout; // range: [1, 15999999000]
uint64_t tcp_unverified_rst_timeout; // range: [1, 600000]
// UDP timeout
uint64_t udp_data_timeout; // range: [1, 15999999000]
struct tcp_reassembly_options tcp_reassembly_opts;
struct session_pool *sess_pool;
struct session_table *tcp_sess_table;
struct session_table *udp_sess_table;
@@ -26,146 +45,123 @@ struct session_manager
struct duplicated_packet_filter *dup_pkt_filter;
struct evicted_session_filter *evicte_sess_filter;
struct session_manager_options opts;
struct session_manager_stat stat;
};
#define EVICTE_SESSION_BURST (RX_BURST_MAX)
struct tcp_reassembly_options tcp_reassembly_opts = {0};
enum tcp_flags
{
SYN_RECV = 1 << 0,
SYN_ACK_RECV = 1 << 1,
/******************************************************************************
* Options
******************************************************************************/
C2S_FIN_RECV = 1 << 2,
S2C_FIN_RECV = 1 << 3,
static int check_options(struct session_manager_options *opts)
C2S_RST_RECV = 1 << 4,
S2C_RST_RECV = 1 << 5,
C2S_UNVERIFIED_RST_RECV = 1 << 6,
S2C_UNVERIFIED_RST_RECV = 1 << 7,
};
// TODO
uint8_t tcp_flags_idx = 0;
static uint64_t tcp_flags_update(struct session *sess, uint8_t flags)
{
enum session_dir dir = session_get_cur_dir(sess);
uint64_t history = (uint64_t)session_get0_ex_data(sess, tcp_flags_idx);
if (flags & TH_SYN)
{
history |= (flags & TH_ACK) ? SYN_ACK_RECV : SYN_RECV;
}
if (flags & TH_FIN)
{
history |= (dir == SESSION_DIR_C2S ? C2S_FIN_RECV : S2C_FIN_RECV);
}
if (flags & TH_RST)
{
/*
* https://www.rfc-editor.org/rfc/rfc5961#section-3.2
*
* If the RST bit is set and the sequence number exactly matches the
* next expected sequence number (RCV.NXT), then TCP MUST reset the
* connection.
*/
uint16_t curr_seq = (dir == SESSION_DIR_C2S ? sess->c2s_seq : sess->s2c_seq);
uint16_t expect_seq = (dir == SESSION_DIR_C2S ? sess->s2c_ack : sess->c2s_ack);
// if fin is received, the expected sequence number should be increased by 1
expect_seq += (dir == SESSION_DIR_C2S ? (flags & S2C_FIN_RECV ? 1 : 0) : (flags & C2S_FIN_RECV ? 1 : 0));
if (curr_seq == expect_seq)
{
history |= (dir == SESSION_DIR_C2S ? C2S_RST_RECV : S2C_RST_RECV);
}
// RST is unverified if the sequence number is not as expected
else
{
history |= (dir == SESSION_DIR_C2S ? C2S_UNVERIFIED_RST_RECV : S2C_UNVERIFIED_RST_RECV);
}
}
session_set_ex_data(sess, tcp_flags_idx, (void *)history);
return history;
}
// TODO
int check_options(const struct session_manager_options *opts)
{
if (opts == NULL)
{
SESSION_LOG_ERROR("invalid options");
return -1;
}
// max session number
if (opts->max_tcp_session_num < EVICTE_SESSION_BURST * 2)
if (opts->tcp_init_timeout < 1 || opts->tcp_init_timeout > 60000)
{
SESSION_LOG_ERROR("invalid max tcp session number, must be greater than %d", EVICTE_SESSION_BURST * 2);
SESSION_LOG_ERROR("invalid tcp_init_timeout: %lu, supported range: [1, 60000]", opts->tcp_init_timeout);
return -1;
}
if (opts->max_udp_session_num < EVICTE_SESSION_BURST * 2)
if (opts->tcp_handshake_timeout < 1 || opts->tcp_handshake_timeout > 60000)
{
SESSION_LOG_ERROR("invalid max udp session number, must be greater than %d", EVICTE_SESSION_BURST * 2);
SESSION_LOG_ERROR("invalid tcp_handshake_timeout: %lu, supported range: [1, 60000]", opts->tcp_handshake_timeout);
return -1;
}
// session overload
if (opts->tcp_overload_evict_old_sess != 0 && opts->tcp_overload_evict_old_sess != 1)
if (opts->tcp_data_timeout < 1 || opts->tcp_data_timeout > 15999999000)
{
SESSION_LOG_ERROR("invalid tcp overload evict old session, support range: 0-1");
SESSION_LOG_ERROR("invalid tcp_data_timeout: %lu, supported range: [1, 15999999000]", opts->tcp_data_timeout);
return -1;
}
if (opts->udp_overload_evict_old_sess != 0 && opts->udp_overload_evict_old_sess != 1)
if (opts->tcp_half_closed_timeout < 1 || opts->tcp_half_closed_timeout > 604800000)
{
SESSION_LOG_ERROR("invalid udp overload evict old session, support range: 0-1");
SESSION_LOG_ERROR("invalid tcp_half_closed_timeout: %lu, supported range: [1, 604800000]", opts->tcp_half_closed_timeout);
return -1;
}
// TCP timeout opts
if (opts->tcp_timeout_init < 1 || opts->tcp_timeout_init > 60000)
if (opts->tcp_time_wait_timeout < 1 || opts->tcp_time_wait_timeout > 600000)
{
SESSION_LOG_ERROR("invalid tcp timeout init, support range: 1-60,000");
SESSION_LOG_ERROR("invalid tcp_time_wait_timeout: %lu, supported range: [1, 600000]", opts->tcp_time_wait_timeout);
return -1;
}
if (opts->tcp_timeout_handshake < 1 || opts->tcp_timeout_handshake > 60000)
if (opts->tcp_discard_timeout < 1 || opts->tcp_discard_timeout > 15999999000)
{
SESSION_LOG_ERROR("invalid tcp timeout handshake, support range: 1-60,000");
SESSION_LOG_ERROR("invalid tcp_discard_timeout: %lu, supported range: [1, 15999999000]", opts->tcp_discard_timeout);
return -1;
}
if (opts->tcp_timeout_data < 1 || opts->tcp_timeout_data > 15999999000)
if (opts->tcp_unverified_rst_timeout < 1 || opts->tcp_unverified_rst_timeout > 600000)
{
SESSION_LOG_ERROR("invalid tcp timeout data, support range: 1-15,999,999,000");
SESSION_LOG_ERROR("invalid tcp_unverified_rst_timeout: %lu, supported range: [1, 600000]", opts->tcp_unverified_rst_timeout);
return -1;
}
if (opts->tcp_timeout_half_closed < 1 || opts->tcp_timeout_half_closed > 604800000)
if (opts->udp_data_timeout < 1 || opts->udp_data_timeout > 15999999000)
{
SESSION_LOG_ERROR("invalid tcp timeout half closed, support range: 1-604,800,000");
SESSION_LOG_ERROR("invalid udp_data_timeout: %lu, supported range: [1, 15999999000]", opts->udp_data_timeout);
return -1;
}
if (opts->tcp_timeout_time_wait < 1 || opts->tcp_timeout_time_wait > 600000)
{
SESSION_LOG_ERROR("invalid tcp timeout time wait, support range: 1-600,000");
return -1;
}
if (opts->tcp_timeout_discard < 1 || opts->tcp_timeout_discard > 15999999000)
{
SESSION_LOG_ERROR("invalid tcp timeout discard, support range: 1-15,999,999,000");
return -1;
}
// UDP timeout opts
if (opts->udp_timeout_data < 1 || opts->udp_timeout_data > 15999999000)
{
SESSION_LOG_ERROR("invalid udp timeout data, support range: 1-15,999,999,000");
return -1;
}
// duplicate packet filter opts
if (opts->duplicated_packet_filter_enable != 0 && opts->duplicated_packet_filter_enable != 1)
{
SESSION_LOG_ERROR("invalid duplicate packet filter enable, support range: 0-1");
return -1;
}
if (opts->duplicated_packet_filter_enable)
{
if (opts->duplicated_packet_filter_capacity == 0)
{
SESSION_LOG_ERROR("invalid duplicate packet filter capacity");
return -1;
}
if (opts->duplicated_packet_filter_timeout < 1 || opts->duplicated_packet_filter_timeout > 60000)
{
SESSION_LOG_ERROR("invalid duplicate packet filter timeout, support range: 1-60,000");
return -1;
}
if (opts->duplicated_packet_filter_error_rate < 0 || opts->duplicated_packet_filter_error_rate > 1)
{
SESSION_LOG_ERROR("invalid duplicate packet filter error rate, support range: 0-1");
return -1;
}
}
// eviction filter opts
if (opts->evicted_session_filter_enable != 0 && opts->evicted_session_filter_enable != 1)
{
SESSION_LOG_ERROR("invalid eviction filter enable, support range: 0-1");
return -1;
}
if (opts->evicted_session_filter_enable)
{
if (opts->evicted_session_filter_capacity == 0)
{
SESSION_LOG_ERROR("invalid eviction filter capacity");
return -1;
}
if (opts->evicted_session_filter_timeout < 1 || opts->evicted_session_filter_timeout > 60000)
{
SESSION_LOG_ERROR("invalid eviction filter timeout, support range: 1-60,000");
return -1;
}
if (opts->evicted_session_filter_error_rate < 0 || opts->evicted_session_filter_error_rate > 1)
{
SESSION_LOG_ERROR("invalid eviction filter error rate, support range: 0-1");
return -1;
}
}
// TCP reassembly opts
if (opts->tcp_reassembly_enable != 0 && opts->tcp_reassembly_enable != 1)
{
SESSION_LOG_ERROR("invalid tcp reassembly enable, support range: 0-1");
return -1;
}
if (opts->tcp_reassembly_enable)
{
if (opts->tcp_reassembly_max_timeout < 1 || opts->tcp_reassembly_max_timeout > 60000)
{
SESSION_LOG_ERROR("invalid tcp reassembly max timeout, support range: 1-60,000");
return -1;
}
}
return 0;
}
@@ -298,12 +294,11 @@ typedef int filter(struct session_manager *mgr, struct session *sess, const stru
// on pre new session
static int session_manager_self_protection(struct session_manager *mgr, struct session *sess, const struct packet *pkt, const struct tuple6 *key, uint64_t now)
{
struct session_manager_options *opts = &mgr->opts;
struct session_manager_stat *stat = &mgr->stat;
switch (key->ip_proto)
{
case IPPROTO_TCP:
if (stat->tcp_sess.nr_sess_used >= opts->max_tcp_session_num)
if (stat->tcp_sess.nr_sess_used >= mgr->max_tcp_session_num)
{
stat->evc_pkt.nr_pkts++;
stat->evc_pkt.nr_bytes += packet_get_len(pkt);
@@ -312,7 +307,7 @@ static int session_manager_self_protection(struct session_manager *mgr, struct s
}
break;
case IPPROTO_UDP:
if (stat->udp_sess.nr_sess_used >= opts->max_udp_session_num)
if (stat->udp_sess.nr_sess_used >= mgr->max_udp_session_num)
{
stat->evc_pkt.nr_pkts++;
stat->evc_pkt.nr_bytes += packet_get_len(pkt);
@@ -495,16 +490,16 @@ static void session_manager_evicte_session(struct session_manager *mgr, struct s
static struct session *session_manager_new_tcp_session(struct session_manager *mgr, const struct packet *pkt, const struct tuple6 *key, uint64_t now)
{
struct session_manager_options *opts = &mgr->opts;
const struct layer *tcp_layer = packet_get_innermost_layer(pkt, LAYER_TYPE_TCP);
const struct tcphdr *hdr = (const struct tcphdr *)tcp_layer->hdr_ptr;
if (!tcp_hdr_get_syn_flag(hdr))
uint8_t flags = tcp_hdr_get_flags(hdr);
if (!(flags & TH_SYN))
{
return NULL;
}
// tcp table full evict old session
if (opts->tcp_overload_evict_old_sess && mgr->stat.tcp_sess.nr_sess_used >= opts->max_tcp_session_num - EVICTE_SESSION_BURST)
if (mgr->tcp_overload_evict_old_sess && mgr->stat.tcp_sess.nr_sess_used >= mgr->max_tcp_session_num - EVICTE_SESSION_BURST)
{
struct session *evic_sess = session_table_find_lru(mgr->tcp_sess_table);
session_manager_evicte_session(mgr, evic_sess, now);
@@ -518,9 +513,7 @@ static struct session *session_manager_new_tcp_session(struct session_manager *m
}
session_init(sess);
session_set_id(sess, id_generator_alloc());
sess->c2s_reassembly = tcp_reassembly_new(&tcp_reassembly_opts);
sess->s2c_reassembly = tcp_reassembly_new(&tcp_reassembly_opts);
if (sess->c2s_reassembly == NULL || sess->s2c_reassembly == NULL)
if (session_new_tcp_reassembly(sess, &mgr->tcp_reassembly_opts) == -1)
{
assert(0);
session_pool_push(mgr->sess_pool, sess);
@@ -535,14 +528,11 @@ static struct session *session_manager_new_tcp_session(struct session_manager *m
session_transition_log(sess, SESSION_STATE_INIT, next_state, TCP_SYN);
session_stat_inc(&mgr->stat.tcp_sess, next_state);
tcp_reassembly_init(dir == SESSION_DIR_C2S ? sess->c2s_reassembly : sess->s2c_reassembly, tcp_hdr_get_seq(hdr));
if (tcp_layer->pld_len)
{
tcp_reassembly_insert(dir == SESSION_DIR_C2S ? sess->c2s_reassembly : sess->s2c_reassembly,
tcp_hdr_get_seq(hdr), tcp_layer->pld_ptr, tcp_layer->pld_len, now);
}
session_init_tcp_seq(sess, tcp_hdr_get_seq(hdr));
session_set_tcp_seq_ack(sess, tcp_hdr_get_seq(hdr), tcp_hdr_get_ack(hdr));
session_insert_tcp_payload(sess, tcp_hdr_get_seq(hdr), tcp_layer->pld_ptr, tcp_layer->pld_len, now);
uint64_t timeout = tcp_hdr_get_ack_flag(hdr) ? opts->tcp_timeout_handshake : opts->tcp_timeout_init;
uint64_t timeout = (flags & TH_ACK) ? mgr->tcp_handshake_timeout : mgr->tcp_init_timeout;
timer_update(mgr->sess_timer, sess, now + timeout);
session_table_add(mgr->tcp_sess_table, key, sess);
@@ -553,10 +543,8 @@ static struct session *session_manager_new_tcp_session(struct session_manager *m
static struct session *session_manager_new_udp_session(struct session_manager *mgr, const struct packet *pkt, const struct tuple6 *key, uint64_t now)
{
struct session_manager_options *opts = &mgr->opts;
// udp table full evict old session
if (opts->udp_overload_evict_old_sess && mgr->stat.udp_sess.nr_sess_used >= opts->max_udp_session_num - EVICTE_SESSION_BURST)
if (mgr->udp_overload_evict_old_sess && mgr->stat.udp_sess.nr_sess_used >= mgr->max_udp_session_num - EVICTE_SESSION_BURST)
{
struct session *evic_sess = session_table_find_lru(mgr->udp_sess_table);
session_manager_evicte_session(mgr, evic_sess, now);
@@ -578,7 +566,7 @@ static struct session *session_manager_new_udp_session(struct session_manager *m
session_transition_log(sess, SESSION_STATE_INIT, next_state, UDP_DATA);
session_stat_inc(&mgr->stat.udp_sess, next_state);
timer_update(mgr->sess_timer, sess, now + opts->udp_timeout_data);
timer_update(mgr->sess_timer, sess, now + mgr->udp_data_timeout);
session_table_add(mgr->udp_sess_table, key, sess);
return sess;
@@ -586,13 +574,13 @@ static struct session *session_manager_new_udp_session(struct session_manager *m
static int session_manager_update_tcp_session(struct session_manager *mgr, struct session *sess, const struct packet *pkt, const struct tuple6 *key, uint64_t now)
{
struct session_manager_options *opts = &mgr->opts;
const struct layer *tcp_layer = packet_get_innermost_layer(pkt, LAYER_TYPE_TCP);
const struct tcphdr *hdr = (const struct tcphdr *)tcp_layer->hdr_ptr;
enum session_dir dir = identify_direction_by_history(sess, key);
int inputs = tcp_hdr_get_syn_flag(hdr) ? TCP_SYN : NONE;
inputs |= tcp_hdr_get_fin_flag(hdr) ? TCP_FIN : NONE;
inputs |= tcp_hdr_get_rst_flag(hdr) ? TCP_RST : NONE;
uint8_t flags = tcp_hdr_get_flags(hdr);
int inputs = (flags & TH_SYN) ? TCP_SYN : NONE;
inputs |= (flags & TH_FIN) ? TCP_FIN : NONE;
inputs |= (flags & TH_RST) ? TCP_RST : NONE;
inputs |= tcp_layer->pld_len ? TCP_DATA : NONE;
enum session_state curr_state = session_get_state(sess);
enum session_state next_state = session_transition_run(curr_state, inputs);
@@ -602,41 +590,12 @@ static int session_manager_update_tcp_session(struct session_manager *mgr, struc
if (tcp_hdr_get_syn_flag(hdr))
{
tcp_reassembly_init(dir == SESSION_DIR_C2S ? sess->c2s_reassembly : sess->s2c_reassembly, tcp_hdr_get_seq(hdr));
}
tcp_reassembly_expire(sess->c2s_reassembly, now);
tcp_reassembly_expire(sess->s2c_reassembly, now);
if (tcp_layer->pld_len)
{
tcp_reassembly_insert(dir == SESSION_DIR_C2S ? sess->c2s_reassembly : sess->s2c_reassembly,
tcp_hdr_get_seq(hdr), tcp_layer->pld_ptr, tcp_layer->pld_len, now);
session_init_tcp_seq(sess, tcp_hdr_get_seq(hdr));
}
// select next timeout
uint64_t timeout = 0;
switch (next_state)
{
case SESSION_STATE_OPENING:
if (tcp_hdr_get_syn_flag(hdr))
{
timeout = tcp_hdr_get_ack_flag(hdr) ? opts->tcp_timeout_handshake : opts->tcp_timeout_init;
}
else
{
timeout = opts->tcp_timeout_data;
}
break;
case SESSION_STATE_ACTIVE:
timeout = opts->tcp_timeout_data;
break;
case SESSION_STATE_CLOSING:
timeout = opts->tcp_timeout_time_wait;
break;
default:
assert(0);
break;
}
timer_update(mgr->sess_timer, sess, now + timeout);
session_set_tcp_seq_ack(sess, tcp_hdr_get_seq(hdr), tcp_hdr_get_ack(hdr));
session_expire_tcp_payload(sess, now);
session_insert_tcp_payload(sess, tcp_hdr_get_seq(hdr), tcp_layer->pld_ptr, tcp_layer->pld_len, now);
// set closing reason
if (next_state == SESSION_STATE_CLOSING && !session_get_closing_reason(sess))
@@ -651,19 +610,59 @@ static int session_manager_update_tcp_session(struct session_manager *mgr, struc
}
}
uint64_t history = tcp_flags_update(sess, flags);
uint64_t timeout = 0;
switch (next_state)
{
case SESSION_STATE_OPENING:
if (flags & TH_SYN)
{
timeout = (flags & TH_ACK) ? mgr->tcp_handshake_timeout : mgr->tcp_init_timeout;
}
else
{
timeout = mgr->tcp_data_timeout;
}
break;
case SESSION_STATE_ACTIVE:
timeout = mgr->tcp_data_timeout;
break;
case SESSION_STATE_CLOSING:
if (flags & TH_FIN)
{
timeout = (history & C2S_FIN_RECV && history & S2C_FIN_RECV) ? mgr->tcp_half_closed_timeout : mgr->tcp_time_wait_timeout;
}
else if (flags & TH_RST)
{
timeout = (history & C2S_RST_RECV || history & S2C_RST_RECV) ? mgr->tcp_time_wait_timeout : mgr->tcp_unverified_rst_timeout;
}
else
{
timeout = mgr->tcp_data_timeout;
}
break;
case SESSION_STATE_DISCARD:
timeout = mgr->tcp_discard_timeout;
break;
default:
assert(0);
break;
}
timer_update(mgr->sess_timer, sess, now + timeout);
return 0;
}
static int session_manager_update_udp_session(struct session_manager *mgr, struct session *sess, const struct packet *pkt, const struct tuple6 *key, uint64_t now)
{
struct session_manager_options *opts = &mgr->opts;
enum session_dir dir = identify_direction_by_history(sess, key);
enum session_state curr_state = session_get_state(sess);
enum session_state next_state = session_transition_run(curr_state, UDP_DATA);
session_update(sess, next_state, pkt, key, dir, now);
session_transition_log(sess, curr_state, next_state, UDP_DATA);
session_stat_update(mgr, sess, curr_state, next_state);
timer_update(mgr->sess_timer, sess, now + opts->udp_timeout_data);
timer_update(mgr->sess_timer, sess, now + mgr->udp_data_timeout);
return 0;
}
@@ -678,46 +677,66 @@ struct session_manager *session_manager_new(struct session_manager_options *opts
{
return NULL;
}
struct session_manager *mgr = (struct session_manager *)calloc(1, sizeof(struct session_manager));
if (mgr == NULL)
{
return NULL;
}
memcpy(&mgr->opts, opts, sizeof(struct session_manager_options));
struct duplicated_packet_filter_options dup_pkt_opts = {
// max session number
mgr->max_tcp_session_num = (opts->max_tcp_session_num < EVICTE_SESSION_BURST * 2) ? EVICTE_SESSION_BURST * 2 : opts->max_tcp_session_num;
mgr->max_udp_session_num = (opts->max_udp_session_num < EVICTE_SESSION_BURST * 2) ? EVICTE_SESSION_BURST * 2 : opts->max_udp_session_num;
// session overload
mgr->stat.tcp_sess.nr_sess_init = 0;
mgr->tcp_overload_evict_old_sess = opts->tcp_overload_evict_old_sess;
mgr->udp_overload_evict_old_sess = opts->udp_overload_evict_old_sess;
// session timeout
mgr->tcp_init_timeout = opts->tcp_init_timeout;
mgr->tcp_handshake_timeout = opts->tcp_handshake_timeout;
mgr->tcp_data_timeout = opts->tcp_data_timeout;
mgr->tcp_half_closed_timeout = opts->tcp_half_closed_timeout;
mgr->tcp_time_wait_timeout = opts->tcp_time_wait_timeout;
mgr->tcp_discard_timeout = opts->tcp_discard_timeout;
mgr->tcp_unverified_rst_timeout = opts->tcp_unverified_rst_timeout;
mgr->udp_data_timeout = opts->udp_data_timeout;
// duplicated packet filter
struct duplicated_packet_filter_options duplicated_packet_filter_opts = {
.enable = opts->duplicated_packet_filter_enable,
.capacity = opts->duplicated_packet_filter_capacity,
.timeout_sec = opts->duplicated_packet_filter_timeout,
.timeout = opts->duplicated_packet_filter_timeout,
.error_rate = opts->duplicated_packet_filter_error_rate,
};
struct evicted_session_filter_options evc_sess_opts = {
// evicted session filter
struct evicted_session_filter_options evicted_session_filter_opts = {
.enable = opts->evicted_session_filter_enable,
.capacity = opts->evicted_session_filter_capacity,
.timeout_sec = opts->evicted_session_filter_timeout,
.timeout = opts->evicted_session_filter_timeout,
.error_rate = opts->evicted_session_filter_error_rate,
};
tcp_reassembly_opts = {
// tcp reassembly
mgr->tcp_reassembly_opts = {
.enable = opts->tcp_reassembly_enable,
.max_timeout = opts->tcp_reassembly_max_timeout,
.max_segments = opts->tcp_reassembly_max_segments,
.max_bytes = opts->tcp_reassembly_max_bytes,
};
mgr->sess_pool = session_pool_new(opts->max_tcp_session_num + opts->max_udp_session_num);
mgr->sess_pool = session_pool_new(mgr->max_tcp_session_num + mgr->max_udp_session_num);
mgr->tcp_sess_table = session_table_new();
mgr->udp_sess_table = session_table_new();
mgr->sess_timer = session_timer_new();
mgr->sess_evicte_queue = session_queue_new();
mgr->dup_pkt_filter = duplicated_packet_filter_new(&dup_pkt_opts, now);
mgr->evicte_sess_filter = evicted_session_filter_new(&evc_sess_opts, now);
mgr->dup_pkt_filter = duplicated_packet_filter_new(&duplicated_packet_filter_opts, now);
mgr->evicte_sess_filter = evicted_session_filter_new(&evicted_session_filter_opts, now);
if (mgr->sess_pool == NULL || mgr->tcp_sess_table == NULL || mgr->udp_sess_table == NULL || mgr->sess_timer == NULL || mgr->sess_evicte_queue == NULL || mgr->dup_pkt_filter == NULL || mgr->evicte_sess_filter == NULL)
{
goto error;
}
session_transition_init();
session_filter_init();
session_transition_init();
tcp_flags_idx = session_get_ex_new_index("tcp_flags", NULL, NULL);
return mgr;
error:
@@ -789,8 +808,7 @@ void session_manager_free_session(struct session_manager *mgr, struct session *s
switch (session_get_type(sess))
{
case SESSION_TYPE_TCP:
tcp_reassembly_free(sess->c2s_reassembly);
tcp_reassembly_free(sess->s2c_reassembly);
session_free_tcp_reassembly(sess);
session_table_del(mgr->tcp_sess_table, session_get0_key(sess));
session_stat_dec(&mgr->stat.tcp_sess, session_get_state(sess));
mgr->stat.tcp_sess.nr_sess_used--;
@@ -857,7 +875,6 @@ int session_manager_update_session(struct session_manager *mgr, struct session *
struct session *session_manager_get_expired_session(struct session_manager *mgr, uint64_t now)
{
struct session_manager_options *opts = &mgr->opts;
struct session *sess = session_timer_expire(mgr->sess_timer, now);
if (sess)
{
@@ -879,7 +896,19 @@ struct session *session_manager_get_expired_session(struct session_manager *mgr,
else
{
// in closing state, only update timeout
uint64_t timeout = session_get_type(sess) == SESSION_TYPE_TCP ? opts->tcp_timeout_time_wait : opts->udp_timeout_data;
uint64_t timeout = 0;
switch (session_get_type(sess))
{
case SESSION_TYPE_TCP:
timeout = mgr->tcp_data_timeout;
break;
case SESSION_TYPE_UDP:
timeout = mgr->udp_data_timeout;
break;
default:
assert(0);
break;
}
timer_update(mgr->sess_timer, sess, now + timeout);
return NULL;
}