gfwleak/stellar-stellar
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update session timeouts

Browse Source
This commit is contained in:
luwenpeng
2024-03-29 16:32:16 +08:00
parent 814a0d739f
commit 6e422ecb8d
34 changed files with 875 additions and 593 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
conf/stellar.toml
View File

@@ -13,9 +13,9 @@ cpu_mask = [5, 6, 7, 8, 9, 10, 11, 12]
[ip_reassembly] [ip_reassembly]
enable = 1 enable = 1
timeout = 10000 # ms timeout = 10000 # range: [1, 60000] (ms)
bucket_entries = 8 bucket_entries = 8 # range: [1, 256] (must be power of 2)
bucket_num = 4096 bucket_num = 4096 # range: [1, 4294967295]
[session_manager] [session_manager]
# max session number # max session number
@@ -27,30 +27,30 @@ tcp_overload_evict_old_sess = 1 # 1: evict old session, 0: bypass new session
udp_overload_evict_old_sess = 1 # 1: evict old session, 0: bypass new session udp_overload_evict_old_sess = 1 # 1: evict old session, 0: bypass new session
# TCP timeout # TCP timeout
tcp_timeout_init = 5000 # ms, Range: 1-60,000 tcp_init_timeout = 5000 # range: [1, 60000] (ms)
tcp_timeout_handshake = 10000 # ms, Range: 1-60,000 tcp_handshake_timeout = 10000 # range: [1, 60000] (ms)
tcp_timeout_data = 3600000 # ms, Range: 1-15,999,999,000 tcp_data_timeout = 3600000 # range: [1, 15999999000] (ms)
tcp_timeout_half_closed = 120000 # ms, Range: 1-604,800,000 tcp_half_closed_timeout = 120000 # range: [1, 604800000] (ms)
tcp_timeout_time_wait = 15000 # ms, Range: 1-600,000 tcp_time_wait_timeout = 15000 # range: [1, 600000] (ms)
tcp_timeout_discard = 90000 # ms, Range: 1-15,999,999,000 tcp_discard_timeout = 90000 # range: [1, 15999999000] (ms)
tcp_unverified_rst_timeout = 10000 # range: [1, 600000] (ms)
# UDP timeout # UDP timeout
udp_timeout_data = 10000 # ms, Range: 1-15,999,999,000 udp_data_timeout = 10000 # range: [1, 15999999000] (ms)
# duplicate packet filter # duplicate packet filter
duplicated_packet_filter_enable = 1 duplicated_packet_filter_enable = 1
duplicated_packet_filter_capacity = 1000000 duplicated_packet_filter_capacity = 1000000 # range: [1, 4294967295]
duplicated_packet_filter_timeout = 10000 # ms, Range: 1-60,000 duplicated_packet_filter_timeout = 10000 # range: [1, 60000] (ms)
duplicated_packet_filter_error_rate = 0.00001 duplicated_packet_filter_error_rate = 0.00001 # range: [0.0, 1.0]
# evicted session filter # evicted session filter
evicted_session_filter_enable = 1 evicted_session_filter_enable = 1
evicted_session_filter_capacity = 1000000 evicted_session_filter_capacity = 1000000 # range: [1, 4294967295]
evicted_session_filter_timeout = 10000 # ms, Range: 1-60,000 evicted_session_filter_timeout = 10000 # range: [1, 60000] (ms)
evicted_session_filter_error_rate = 0.00001 evicted_session_filter_error_rate = 0.00001 # range: [0.0, 1.0]
# TCP reassembly (Per direction) # TCP reassembly (Per direction)
tcp_reassembly_enable = 1 tcp_reassembly_enable = 1
tcp_reassembly_max_timeout = 10000 # ms, Range: 1-60,000 tcp_reassembly_max_timeout = 10000 # range: [1, 60000] (ms)
tcp_reassembly_max_segments = 8 # 0: unlimited tcp_reassembly_max_segments = 32 # 0: unlimited
tcp_reassembly_max_bytes = 0 # 0: unlimited tcp_reassembly_max_bytes = 46720 # 0: unlimited

303
src/config/config.cpp
View File

@@ -7,30 +7,30 @@
// return 0: success // return 0: success
// retuun -1: failed // retuun -1: failed
static int parse_device_options(toml_table_t *table, struct device_options *opts) static int parse_device_section(toml_table_t *root, struct device_options *opts)
{ {
const char *ptr; const char *ptr;
toml_table_t *device; toml_table_t *table;
device = toml_table_in(table, "device"); table = toml_table_in(root, "device");
if (device == NULL) if (table == NULL)
{ {
CONFIG_LOG_ERROR("config file missing device section"); CONFIG_LOG_ERROR("config file missing device section");
return -1; return -1;
} }
ptr = toml_raw_in(device, "device_base"); ptr = toml_raw_in(table, "device_base");
if (ptr == NULL) if (ptr == NULL)
{ {
CONFIG_LOG_ERROR("config file missing device.device_base"); CONFIG_LOG_ERROR("config file missing device->device_base");
return -1; return -1;
} }
opts->device_base = atoi(ptr); opts->device_base = atoi(ptr);
ptr = toml_raw_in(device, "device_offset"); ptr = toml_raw_in(table, "device_offset");
if (ptr == NULL) if (ptr == NULL)
{ {
CONFIG_LOG_ERROR("config file missing device.device_offset"); CONFIG_LOG_ERROR("config file missing device->device_offset");
return -1; return -1;
} }
opts->device_offset = atoi(ptr); opts->device_offset = atoi(ptr);
@@ -40,23 +40,23 @@ static int parse_device_options(toml_table_t *table, struct device_options *opts
// return 0: success // return 0: success
// retuun -1: failed // retuun -1: failed
static int parse_packet_io_options(toml_table_t *table, struct packet_io_options *opts) static int parse_packet_io_section(toml_table_t *root, struct packet_io_options *opts)
{ {
const char *ptr; const char *ptr;
toml_table_t *packet_io; toml_table_t *table;
toml_array_t *mask_array; toml_array_t *mask_array;
packet_io = toml_table_in(table, "packet_io"); table = toml_table_in(root, "packet_io");
if (packet_io == NULL) if (table == NULL)
{ {
CONFIG_LOG_ERROR("config file missing packet_io section"); CONFIG_LOG_ERROR("config file missing packet_io section");
return -1; return -1;
} }
ptr = toml_raw_in(packet_io, "mode"); ptr = toml_raw_in(table, "mode");
if (ptr == NULL) if (ptr == NULL)
{ {
CONFIG_LOG_ERROR("config file missing packet_io.mode"); CONFIG_LOG_ERROR("config file missing packet_io->mode");
return -1; return -1;
} }
if (strcmp(ptr, "dumpfile") == 0) if (strcmp(ptr, "dumpfile") == 0)
@@ -69,16 +69,16 @@ static int parse_packet_io_options(toml_table_t *table, struct packet_io_options
} }
else else
{ {
CONFIG_LOG_ERROR("config file invalid packet_io.mode %s, only support dumpfile and marsio", ptr); CONFIG_LOG_ERROR("config file invalid packet_io->mode %s, only support dumpfile and marsio", ptr);
return -1; return -1;
} }
if (opts->mode == PACKET_IO_DUMPFILE) if (opts->mode == PACKET_IO_DUMPFILE)
{ {
ptr = toml_raw_in(packet_io, "dumpfile_dir"); ptr = toml_raw_in(table, "dumpfile_dir");
if (ptr == NULL) if (ptr == NULL)
{ {
CONFIG_LOG_ERROR("config file missing packet_io.dumpfile_dir"); CONFIG_LOG_ERROR("config file missing packet_io->dumpfile_dir");
return -1; return -1;
} }
// skip "" // skip ""
@@ -86,40 +86,40 @@ static int parse_packet_io_options(toml_table_t *table, struct packet_io_options
} }
else else
{ {
ptr = toml_raw_in(packet_io, "app_symbol"); ptr = toml_raw_in(table, "app_symbol");
if (ptr == NULL) if (ptr == NULL)
{ {
CONFIG_LOG_ERROR("config file missing packet_io.app_symbol"); CONFIG_LOG_ERROR("config file missing packet_io->app_symbol");
return -1; return -1;
} }
strncpy(opts->app_symbol, ptr, sizeof(opts->app_symbol) - 1); strncpy(opts->app_symbol, ptr, sizeof(opts->app_symbol) - 1);
ptr = toml_raw_in(packet_io, "dev_symbol"); ptr = toml_raw_in(table, "dev_symbol");
if (ptr == NULL) if (ptr == NULL)
{ {
CONFIG_LOG_ERROR("config file missing packet_io.dev_symbol"); CONFIG_LOG_ERROR("config file missing packet_io->dev_symbol");
return -1; return -1;
} }
strncpy(opts->dev_symbol, ptr, sizeof(opts->dev_symbol) - 1); strncpy(opts->dev_symbol, ptr, sizeof(opts->dev_symbol) - 1);
} }
ptr = toml_raw_in(packet_io, "nr_threads"); ptr = toml_raw_in(table, "nr_threads");
if (ptr == NULL) if (ptr == NULL)
{ {
CONFIG_LOG_ERROR("config file missing packet_io.nr_threads"); CONFIG_LOG_ERROR("config file missing packet_io->nr_threads");
return -1; return -1;
} }
if (atoi(ptr) <= 0 || atoi(ptr) > MAX_THREAD_NUM) if (atoi(ptr) <= 0 || atoi(ptr) > MAX_THREAD_NUM)
{ {
CONFIG_LOG_ERROR("config file invalid packet_io.nr_threads %d, range [1, %d]", atoi(ptr), MAX_THREAD_NUM); CONFIG_LOG_ERROR("config file invalid packet_io->nr_threads %d, range [1, %d]", atoi(ptr), MAX_THREAD_NUM);
return -1; return -1;
} }
opts->nr_threads = atoi(ptr); opts->nr_threads = atoi(ptr);
mask_array = toml_array_in(packet_io, "cpu_mask"); mask_array = toml_array_in(table, "cpu_mask");
if (mask_array == NULL) if (mask_array == NULL)
{ {
CONFIG_LOG_ERROR("config file missing packet_io.cpu_mask"); CONFIG_LOG_ERROR("config file missing packet_io->cpu_mask");
return -1; return -1;
} }
for (uint8_t i = 0; i < opts->nr_threads; i++) for (uint8_t i = 0; i < opts->nr_threads; i++)
@@ -127,7 +127,7 @@ static int parse_packet_io_options(toml_table_t *table, struct packet_io_options
ptr = toml_raw_at(mask_array, i); ptr = toml_raw_at(mask_array, i);
if (ptr == NULL) if (ptr == NULL)
{ {
CONFIG_LOG_ERROR("config file missing packet_io.cpu_mask[%d]", i); CONFIG_LOG_ERROR("config file missing packet_io->cpu_mask[%d]", i);
return -1; return -1;
} }
opts->cpu_mask[i] = atoi(ptr); opts->cpu_mask[i] = atoi(ptr);
@@ -138,46 +138,46 @@ static int parse_packet_io_options(toml_table_t *table, struct packet_io_options
// return 0: success // return 0: success
// retuun -1: failed // retuun -1: failed
static int parse_ip_reassembly_options(toml_table_t *table, struct ip_reassembly_options *opts) static int parse_ip_reassembly_section(toml_table_t *root, struct ip_reassembly_options *opts)
{ {
const char *ptr; const char *ptr;
toml_table_t *ip_reassembly; toml_table_t *table;
ip_reassembly = toml_table_in(table, "ip_reassembly"); table = toml_table_in(root, "ip_reassembly");
if (ip_reassembly == NULL) if (table == NULL)
{ {
CONFIG_LOG_ERROR("config file missing ip_reassembly section"); CONFIG_LOG_ERROR("config file missing ip_reassembly section");
return -1; return -1;
} }
ptr = toml_raw_in(ip_reassembly, "enable"); ptr = toml_raw_in(table, "enable");
if (ptr == NULL) if (ptr == NULL)
{ {
CONFIG_LOG_ERROR("config file missing ip_reassembly.enable"); CONFIG_LOG_ERROR("config file missing ip_reassembly->enable");
return -1; return -1;
} }
opts->enable = atoi(ptr); opts->enable = atoi(ptr);
ptr = toml_raw_in(ip_reassembly, "timeout"); ptr = toml_raw_in(table, "timeout");
if (ptr == NULL) if (ptr == NULL)
{ {
CONFIG_LOG_ERROR("config file missing ip_reassembly.timeout"); CONFIG_LOG_ERROR("config file missing ip_reassembly->timeout");
return -1; return -1;
} }
opts->timeout = atoi(ptr); opts->timeout = atoi(ptr);
ptr = toml_raw_in(ip_reassembly, "bucket_entries"); ptr = toml_raw_in(table, "bucket_entries");
if (ptr == NULL) if (ptr == NULL)
{ {
CONFIG_LOG_ERROR("config file missing ip_reassembly.bucket_entries"); CONFIG_LOG_ERROR("config file missing ip_reassembly->bucket_entries");
return -1; return -1;
} }
opts->bucket_entries = atoi(ptr); opts->bucket_entries = atoi(ptr);
ptr = toml_raw_in(ip_reassembly, "bucket_num"); ptr = toml_raw_in(table, "bucket_num");
if (ptr == NULL) if (ptr == NULL)
{ {
CONFIG_LOG_ERROR("config file missing ip_reassembly.bucket_num"); CONFIG_LOG_ERROR("config file missing ip_reassembly->bucket_num");
return -1; return -1;
} }
opts->bucket_num = atoi(ptr); opts->bucket_num = atoi(ptr);
@@ -187,205 +187,213 @@ static int parse_ip_reassembly_options(toml_table_t *table, struct ip_reassembly
// return 0: success // return 0: success
// retuun -1: failed // retuun -1: failed
static int parse_session_manager_options(toml_table_t *table, struct session_manager_options *opts) static int parse_session_manager_section(toml_table_t *root, struct session_manager_options *opts)
{ {
const char *ptr; const char *ptr;
toml_table_t *session_manager; toml_table_t *table;
session_manager = toml_table_in(table, "session_manager"); table = toml_table_in(root, "session_manager");
if (session_manager == NULL) if (table == NULL)
{ {
CONFIG_LOG_ERROR("config file missing session_manager section"); CONFIG_LOG_ERROR("config file missing session_manager section");
return -1; return -1;
} }
// max session number // max session number
ptr = toml_raw_in(session_manager, "max_tcp_session_num"); ptr = toml_raw_in(table, "max_tcp_session_num");
if (ptr == NULL) if (ptr == NULL)
{ {
CONFIG_LOG_ERROR("config file missing session_manager.max_tcp_session_num"); CONFIG_LOG_ERROR("config file missing session_manager->max_tcp_session_num");
return -1; return -1;
} }
opts->max_tcp_session_num = atoll(ptr); opts->max_tcp_session_num = atoll(ptr);
ptr = toml_raw_in(session_manager, "max_udp_session_num"); ptr = toml_raw_in(table, "max_udp_session_num");
if (ptr == NULL) if (ptr == NULL)
{ {
CONFIG_LOG_ERROR("config file missing session_manager.max_udp_session_num"); CONFIG_LOG_ERROR("config file missing session_manager->max_udp_session_num");
return -1; return -1;
} }
opts->max_udp_session_num = atoll(ptr); opts->max_udp_session_num = atoll(ptr);
// session overload (1: evict old session, 0: bypass new session) // session overload (1: evict old session, 0: bypass new session)
ptr = toml_raw_in(session_manager, "tcp_overload_evict_old_sess"); ptr = toml_raw_in(table, "tcp_overload_evict_old_sess");
if (ptr == NULL) if (ptr == NULL)
{ {
CONFIG_LOG_ERROR("config file missing session_manager.tcp_overload_evict_old_sess"); CONFIG_LOG_ERROR("config file missing session_manager->tcp_overload_evict_old_sess");
return -1; return -1;
} }
opts->tcp_overload_evict_old_sess = atoi(ptr); opts->tcp_overload_evict_old_sess = atoi(ptr);
ptr = toml_raw_in(session_manager, "udp_overload_evict_old_sess"); ptr = toml_raw_in(table, "udp_overload_evict_old_sess");
if (ptr == NULL) if (ptr == NULL)
{ {
CONFIG_LOG_ERROR("config file missing session_manager.udp_overload_evict_old_sess"); CONFIG_LOG_ERROR("config file missing session_manager->udp_overload_evict_old_sess");
return -1; return -1;
} }
opts->udp_overload_evict_old_sess = atoi(ptr); opts->udp_overload_evict_old_sess = atoi(ptr);
// TCP timeout // TCP timeout
ptr = toml_raw_in(session_manager, "tcp_timeout_init"); ptr = toml_raw_in(table, "tcp_init_timeout");
if (ptr == NULL) if (ptr == NULL)
{ {
CONFIG_LOG_ERROR("config file missing session_manager.tcp_timeout_init"); CONFIG_LOG_ERROR("config file missing session_manager->tcp_init_timeout");
return -1; return -1;
} }
opts->tcp_timeout_init = atoll(ptr); opts->tcp_init_timeout = atoll(ptr);
ptr = toml_raw_in(session_manager, "tcp_timeout_handshake"); ptr = toml_raw_in(table, "tcp_handshake_timeout");
if (ptr == NULL) if (ptr == NULL)
{ {
CONFIG_LOG_ERROR("config file missing session_manager.tcp_timeout_handshake"); CONFIG_LOG_ERROR("config file missing session_manager->tcp_handshake_timeout");
return -1; return -1;
} }
opts->tcp_timeout_handshake = atoll(ptr); opts->tcp_handshake_timeout = atoll(ptr);
ptr = toml_raw_in(session_manager, "tcp_timeout_data"); ptr = toml_raw_in(table, "tcp_data_timeout");
if (ptr == NULL) if (ptr == NULL)
{ {
CONFIG_LOG_ERROR("config file missing session_manager.tcp_timeout_data"); CONFIG_LOG_ERROR("config file missing session_manager->tcp_data_timeout");
return -1; return -1;
} }
opts->tcp_timeout_data = atoll(ptr); opts->tcp_data_timeout = atoll(ptr);
ptr = toml_raw_in(session_manager, "tcp_timeout_half_closed"); ptr = toml_raw_in(table, "tcp_half_closed_timeout");
if (ptr == NULL) if (ptr == NULL)
{ {
CONFIG_LOG_ERROR("config file missing session_manager.tcp_timeout_half_closed"); CONFIG_LOG_ERROR("config file missing session_manager->tcp_half_closed_timeout");
return -1; return -1;
} }
opts->tcp_timeout_half_closed = atoll(ptr); opts->tcp_half_closed_timeout = atoll(ptr);
ptr = toml_raw_in(session_manager, "tcp_timeout_time_wait"); ptr = toml_raw_in(table, "tcp_time_wait_timeout");
if (ptr == NULL) if (ptr == NULL)
{ {
CONFIG_LOG_ERROR("config file missing session_manager.tcp_timeout_time_wait"); CONFIG_LOG_ERROR("config file missing session_manager->tcp_time_wait_timeout");
return -1; return -1;
} }
opts->tcp_timeout_time_wait = atoll(ptr); opts->tcp_time_wait_timeout = atoll(ptr);
ptr = toml_raw_in(session_manager, "tcp_timeout_discard"); ptr = toml_raw_in(table, "tcp_discard_timeout");
if (ptr == NULL) if (ptr == NULL)
{ {
CONFIG_LOG_ERROR("config file missing session_manager.tcp_timeout_discard"); CONFIG_LOG_ERROR("config file missing session_manager->tcp_discard_timeout");
return -1; return -1;
} }
opts->tcp_timeout_discard = atoll(ptr); opts->tcp_discard_timeout = atoll(ptr);
ptr = toml_raw_in(table, "tcp_unverified_rst_timeout");
if (ptr == NULL)
{
CONFIG_LOG_ERROR("config file missing session_manager->tcp_unverified_rst_timeout");
return -1;
}
opts->tcp_unverified_rst_timeout = atoll(ptr);
// UDP timeout // UDP timeout
ptr = toml_raw_in(session_manager, "udp_timeout_data"); ptr = toml_raw_in(table, "udp_data_timeout");
if (ptr == NULL) if (ptr == NULL)
{ {
CONFIG_LOG_ERROR("config file missing session_manager.udp_timeout_data"); CONFIG_LOG_ERROR("config file missing session_manager->udp_data_timeout");
return -1; return -1;
} }
opts->udp_timeout_data = atoll(ptr); opts->udp_data_timeout = atoll(ptr);
// duplicate packet filter // duplicate packet filter
ptr = toml_raw_in(session_manager, "duplicated_packet_filter_enable"); ptr = toml_raw_in(table, "duplicated_packet_filter_enable");
if (ptr == NULL) if (ptr == NULL)
{ {
CONFIG_LOG_ERROR("config file missing session_manager.duplicated_packet_filter_enable"); CONFIG_LOG_ERROR("config file missing session_manager->duplicated_packet_filter_enable");
return -1; return -1;
} }
opts->duplicated_packet_filter_enable = atoi(ptr); opts->duplicated_packet_filter_enable = atoi(ptr);
ptr = toml_raw_in(session_manager, "duplicated_packet_filter_capacity"); ptr = toml_raw_in(table, "duplicated_packet_filter_capacity");
if (ptr == NULL) if (ptr == NULL)
{ {
CONFIG_LOG_ERROR("config file missing session_manager.duplicated_packet_filter_capacity"); CONFIG_LOG_ERROR("config file missing session_manager->duplicated_packet_filter_capacity");
return -1; return -1;
} }
opts->duplicated_packet_filter_capacity = atoi(ptr); opts->duplicated_packet_filter_capacity = atoi(ptr);
ptr = toml_raw_in(session_manager, "duplicated_packet_filter_timeout"); ptr = toml_raw_in(table, "duplicated_packet_filter_timeout");
if (ptr == NULL) if (ptr == NULL)
{ {
CONFIG_LOG_ERROR("config file missing session_manager.duplicated_packet_filter_timeout"); CONFIG_LOG_ERROR("config file missing session_manager->duplicated_packet_filter_timeout");
return -1; return -1;
} }
opts->duplicated_packet_filter_timeout = atoi(ptr); opts->duplicated_packet_filter_timeout = atoi(ptr);
ptr = toml_raw_in(session_manager, "duplicated_packet_filter_error_rate"); ptr = toml_raw_in(table, "duplicated_packet_filter_error_rate");
if (ptr == NULL) if (ptr == NULL)
{ {
CONFIG_LOG_ERROR("config file missing session_manager.duplicated_packet_filter_error_rate"); CONFIG_LOG_ERROR("config file missing session_manager->duplicated_packet_filter_error_rate");
return -1; return -1;
} }
opts->duplicated_packet_filter_error_rate = atof(ptr); opts->duplicated_packet_filter_error_rate = atof(ptr);
// eviction filter // eviction session filter
ptr = toml_raw_in(session_manager, "evicted_session_filter_enable"); ptr = toml_raw_in(table, "evicted_session_filter_enable");
if (ptr == NULL) if (ptr == NULL)
{ {
CONFIG_LOG_ERROR("config file missing session_manager.evicted_session_filter_enable"); CONFIG_LOG_ERROR("config file missing session_manager->evicted_session_filter_enable");
return -1; return -1;
} }
opts->evicted_session_filter_enable = atoi(ptr); opts->evicted_session_filter_enable = atoi(ptr);
ptr = toml_raw_in(session_manager, "evicted_session_filter_capacity"); ptr = toml_raw_in(table, "evicted_session_filter_capacity");
if (ptr == NULL) if (ptr == NULL)
{ {
CONFIG_LOG_ERROR("config file missing session_manager.evicted_session_filter_capacity"); CONFIG_LOG_ERROR("config file missing session_manager->evicted_session_filter_capacity");
return -1; return -1;
} }
opts->evicted_session_filter_capacity = atoi(ptr); opts->evicted_session_filter_capacity = atoi(ptr);
ptr = toml_raw_in(session_manager, "evicted_session_filter_timeout"); ptr = toml_raw_in(table, "evicted_session_filter_timeout");
if (ptr == NULL) if (ptr == NULL)
{ {
CONFIG_LOG_ERROR("config file missing session_manager.evicted_session_filter_timeout"); CONFIG_LOG_ERROR("config file missing session_manager->evicted_session_filter_timeout");
return -1; return -1;
} }
opts->evicted_session_filter_timeout = atoi(ptr); opts->evicted_session_filter_timeout = atoi(ptr);
ptr = toml_raw_in(session_manager, "evicted_session_filter_error_rate"); ptr = toml_raw_in(table, "evicted_session_filter_error_rate");
if (ptr == NULL) if (ptr == NULL)
{ {
CONFIG_LOG_ERROR("config file missing session_manager.evicted_session_filter_error_rate"); CONFIG_LOG_ERROR("config file missing session_manager->evicted_session_filter_error_rate");
return -1; return -1;
} }
opts->evicted_session_filter_error_rate = atof(ptr); opts->evicted_session_filter_error_rate = atof(ptr);
// TCP reassembly // TCP reassembly
ptr = toml_raw_in(session_manager, "tcp_reassembly_enable"); ptr = toml_raw_in(table, "tcp_reassembly_enable");
if (ptr == NULL) if (ptr == NULL)
{ {
CONFIG_LOG_ERROR("config file missing session_manager.tcp_reassembly_enable"); CONFIG_LOG_ERROR("config file missing session_manager->tcp_reassembly_enable");
return -1; return -1;
} }
opts->tcp_reassembly_enable = atoi(ptr); opts->tcp_reassembly_enable = atoi(ptr);
ptr = toml_raw_in(session_manager, "tcp_reassembly_max_timeout"); ptr = toml_raw_in(table, "tcp_reassembly_max_timeout");
if (ptr == NULL) if (ptr == NULL)
{ {
CONFIG_LOG_ERROR("config file missing session_manager.tcp_reassembly_max_timeout"); CONFIG_LOG_ERROR("config file missing session_manager->tcp_reassembly_max_timeout");
return -1; return -1;
} }
opts->tcp_reassembly_max_timeout = atoi(ptr); opts->tcp_reassembly_max_timeout = atoi(ptr);
ptr = toml_raw_in(session_manager, "tcp_reassembly_max_segments"); ptr = toml_raw_in(table, "tcp_reassembly_max_segments");
if (ptr == NULL) if (ptr == NULL)
{ {
CONFIG_LOG_ERROR("config file missing session_manager.tcp_reassembly_max_segments"); CONFIG_LOG_ERROR("config file missing session_manager->tcp_reassembly_max_segments");
return -1; return -1;
} }
opts->tcp_reassembly_max_segments = atoi(ptr); opts->tcp_reassembly_max_segments = atoi(ptr);
ptr = toml_raw_in(session_manager, "tcp_reassembly_max_bytes"); ptr = toml_raw_in(table, "tcp_reassembly_max_bytes");
if (ptr == NULL) if (ptr == NULL)
{ {
CONFIG_LOG_ERROR("config file missing session_manager.tcp_reassembly_max_bytes"); CONFIG_LOG_ERROR("config file missing session_manager->tcp_reassembly_max_bytes");
return -1; return -1;
} }
opts->tcp_reassembly_max_bytes = atoi(ptr); opts->tcp_reassembly_max_bytes = atoi(ptr);
@@ -401,7 +409,6 @@ int parse_config_file(const char *file, struct config *config)
char errbuf[200]; char errbuf[200];
FILE *fp = NULL; FILE *fp = NULL;
toml_table_t *table = NULL; toml_table_t *table = NULL;
memset(config, 0, sizeof(*config)); memset(config, 0, sizeof(*config));
fp = fopen(file, "r"); fp = fopen(file, "r");
@@ -418,22 +425,22 @@ int parse_config_file(const char *file, struct config *config)
goto error_out; goto error_out;
} }
if (parse_device_options(table, &config->dev_opts) != 0) if (parse_device_section(table, &config->device_opts) != 0)
{ {
goto error_out; goto error_out;
} }
if (parse_packet_io_options(table, &config->pkt_io_opts) != 0) if (parse_packet_io_section(table, &config->packet_io_opts) != 0)
{ {
goto error_out; goto error_out;
} }
if (parse_ip_reassembly_options(table, &config->ip_reass_opts) != 0) if (parse_ip_reassembly_section(table, &config->ip_reassembly_opts) != 0)
{ {
goto error_out; goto error_out;
} }
if (parse_session_manager_options(table, &config->sess_mgr_opts) != 0) if (parse_session_manager_section(table, &config->session_manager_opts) != 0)
{ {
goto error_out; goto error_out;
} }
@@ -461,67 +468,71 @@ void print_config_options(struct config *config)
return; return;
} }
struct device_options *dev_opts = &config->dev_opts; struct device_options *device_opts = &config->device_opts;
struct packet_io_options *pkt_io_opts = &config->pkt_io_opts; struct packet_io_options *packet_io_opts = &config->packet_io_opts;
struct ip_reassembly_options *ip_reass_opts = &config->ip_reass_opts; struct ip_reassembly_options *ip_reassembly_opts = &config->ip_reassembly_opts;
struct session_manager_options *sess_mgr_opts = &config->sess_mgr_opts; struct session_manager_options *session_manager_opts = &config->session_manager_opts;
// device config // device config
CONFIG_LOG_DEBUG("device->device_base : %d", dev_opts->device_base); CONFIG_LOG_DEBUG("device->device_base : %d", device_opts->device_base);
CONFIG_LOG_DEBUG("device->device_offset : %d", dev_opts->device_offset); CONFIG_LOG_DEBUG("device->device_offset : %d", device_opts->device_offset);
// packet io config // packet io config
CONFIG_LOG_DEBUG("packet_io->mode : %s", pkt_io_opts->mode == PACKET_IO_DUMPFILE ? "dumpfile" : "marsio"); CONFIG_LOG_DEBUG("packet_io->mode : %s", packet_io_opts->mode == PACKET_IO_DUMPFILE ? "dumpfile" : "marsio");
if (pkt_io_opts->mode == PACKET_IO_DUMPFILE) if (packet_io_opts->mode == PACKET_IO_DUMPFILE)
{ {
CONFIG_LOG_DEBUG("packet_io->dumpfile_dir : %s", pkt_io_opts->dumpfile_dir); CONFIG_LOG_DEBUG("packet_io->dumpfile_dir : %s", packet_io_opts->dumpfile_dir);
} }
else else
{ {
CONFIG_LOG_DEBUG("packet_io->app_symbol : %s", pkt_io_opts->app_symbol); CONFIG_LOG_DEBUG("packet_io->app_symbol : %s", packet_io_opts->app_symbol);
CONFIG_LOG_DEBUG("packet_io->dev_symbol : %s", pkt_io_opts->dev_symbol); CONFIG_LOG_DEBUG("packet_io->dev_symbol : %s", packet_io_opts->dev_symbol);
} }
CONFIG_LOG_DEBUG("packet_io->nr_threads : %d", pkt_io_opts->nr_threads); CONFIG_LOG_DEBUG("packet_io->nr_threads : %d", packet_io_opts->nr_threads);
for (uint8_t i = 0; i < pkt_io_opts->nr_threads; i++) for (uint8_t i = 0; i < packet_io_opts->nr_threads; i++)
{ {
CONFIG_LOG_DEBUG("packet_io->cpu_mask[%03d] : %d", i, pkt_io_opts->cpu_mask[i]); CONFIG_LOG_DEBUG("packet_io->cpu_mask[%03d] : %d", i, packet_io_opts->cpu_mask[i]);
} }
// ip reassemble config // ip reassemble config
CONFIG_LOG_DEBUG("ip_reassembly->enable : %d", ip_reass_opts->enable); CONFIG_LOG_DEBUG("ip_reassembly->enable : %d", ip_reassembly_opts->enable);
CONFIG_LOG_DEBUG("ip_reassembly->timeout : %d", ip_reass_opts->timeout); CONFIG_LOG_DEBUG("ip_reassembly->timeout : %d", ip_reassembly_opts->timeout);
CONFIG_LOG_DEBUG("ip_reassembly->bucket_entries : %d", ip_reass_opts->bucket_entries); CONFIG_LOG_DEBUG("ip_reassembly->bucket_entries : %d", ip_reassembly_opts->bucket_entries);
CONFIG_LOG_DEBUG("ip_reassembly->bucket_num : %d", ip_reass_opts->bucket_num); CONFIG_LOG_DEBUG("ip_reassembly->bucket_num : %d", ip_reassembly_opts->bucket_num);
// session manager config // session manager config -> max session number
CONFIG_LOG_DEBUG("session_manager->max_tcp_session_num : %ld", sess_mgr_opts->max_tcp_session_num); CONFIG_LOG_DEBUG("session_manager->max_tcp_session_num : %ld", session_manager_opts->max_tcp_session_num);
CONFIG_LOG_DEBUG("session_manager->max_udp_session_num : %ld", sess_mgr_opts->max_udp_session_num); CONFIG_LOG_DEBUG("session_manager->max_udp_session_num : %ld", session_manager_opts->max_udp_session_num);
CONFIG_LOG_DEBUG("session_manager->tcp_overload_evict_old_sess : %d", sess_mgr_opts->tcp_overload_evict_old_sess); // session manager config -> session overload evict
CONFIG_LOG_DEBUG("session_manager->udp_overload_evict_old_sess : %d", sess_mgr_opts->udp_overload_evict_old_sess); CONFIG_LOG_DEBUG("session_manager->tcp_overload_evict_old_sess : %d", session_manager_opts->tcp_overload_evict_old_sess);
CONFIG_LOG_DEBUG("session_manager->udp_overload_evict_old_sess : %d", session_manager_opts->udp_overload_evict_old_sess);
CONFIG_LOG_DEBUG("session_manager->tcp_timeout_init : %ld", sess_mgr_opts->tcp_timeout_init); // session manager config -> session timeout
CONFIG_LOG_DEBUG("session_manager->tcp_timeout_handshake : %ld", sess_mgr_opts->tcp_timeout_handshake); CONFIG_LOG_DEBUG("session_manager->tcp_init_timeout : %ld", session_manager_opts->tcp_init_timeout);
CONFIG_LOG_DEBUG("session_manager->tcp_timeout_data : %ld", sess_mgr_opts->tcp_timeout_data); CONFIG_LOG_DEBUG("session_manager->tcp_handshake_timeout : %ld", session_manager_opts->tcp_handshake_timeout);
CONFIG_LOG_DEBUG("session_manager->tcp_timeout_half_closed : %ld", sess_mgr_opts->tcp_timeout_half_closed); CONFIG_LOG_DEBUG("session_manager->tcp_data_timeout : %ld", session_manager_opts->tcp_data_timeout);
CONFIG_LOG_DEBUG("session_manager->tcp_timeout_time_wait : %ld", sess_mgr_opts->tcp_timeout_time_wait); CONFIG_LOG_DEBUG("session_manager->tcp_half_closed_timeout : %ld", session_manager_opts->tcp_half_closed_timeout);
CONFIG_LOG_DEBUG("session_manager->tcp_timeout_discard : %ld", sess_mgr_opts->tcp_timeout_discard); CONFIG_LOG_DEBUG("session_manager->tcp_time_wait_timeout : %ld", session_manager_opts->tcp_time_wait_timeout);
CONFIG_LOG_DEBUG("session_manager->tcp_discard_timeout : %ld", session_manager_opts->tcp_discard_timeout);
CONFIG_LOG_DEBUG("session_manager->tcp_unverified_rst_timeout : %ld", session_manager_opts->tcp_unverified_rst_timeout);
CONFIG_LOG_DEBUG("session_manager->udp_data_timeout : %ld", session_manager_opts->udp_data_timeout);
CONFIG_LOG_DEBUG("session_manager->udp_timeout_data : %ld", sess_mgr_opts->udp_timeout_data); // session manager config -> duplicated packet filter
CONFIG_LOG_DEBUG("session_manager->duplicated_packet_filter_enable : %d", session_manager_opts->duplicated_packet_filter_enable);
CONFIG_LOG_DEBUG("session_manager->duplicated_packet_filter_capacity : %d", session_manager_opts->duplicated_packet_filter_capacity);
CONFIG_LOG_DEBUG("session_manager->duplicated_packet_filter_timeout : %d", session_manager_opts->duplicated_packet_filter_timeout);
CONFIG_LOG_DEBUG("session_manager->duplicated_packet_filter_error_rate : %f", session_manager_opts->duplicated_packet_filter_error_rate);
CONFIG_LOG_DEBUG("session_manager->duplicated_packet_filter_enable : %d", sess_mgr_opts->duplicated_packet_filter_enable); // session manager config -> evicted session filter
CONFIG_LOG_DEBUG("session_manager->duplicated_packet_filter_capacity : %d", sess_mgr_opts->duplicated_packet_filter_capacity); CONFIG_LOG_DEBUG("session_manager->evicted_session_filter_enable : %d", session_manager_opts->evicted_session_filter_enable);
CONFIG_LOG_DEBUG("session_manager->duplicated_packet_filter_timeout : %d", sess_mgr_opts->duplicated_packet_filter_timeout); CONFIG_LOG_DEBUG("session_manager->evicted_session_filter_capacity : %d", session_manager_opts->evicted_session_filter_capacity);
CONFIG_LOG_DEBUG("session_manager->duplicated_packet_filter_error_rate : %f", sess_mgr_opts->duplicated_packet_filter_error_rate); CONFIG_LOG_DEBUG("session_manager->evicted_session_filter_timeout : %d", session_manager_opts->evicted_session_filter_timeout);
CONFIG_LOG_DEBUG("session_manager->evicted_session_filter_error_rate : %f", session_manager_opts->evicted_session_filter_error_rate);
CONFIG_LOG_DEBUG("session_manager->evicted_session_filter_enable : %d", sess_mgr_opts->evicted_session_filter_enable); // session manager config -> TCP reassembly
CONFIG_LOG_DEBUG("session_manager->evicted_session_filter_capacity : %d", sess_mgr_opts->evicted_session_filter_capacity); CONFIG_LOG_DEBUG("session_manager->tcp_reassembly_enable : %d", session_manager_opts->tcp_reassembly_enable);
CONFIG_LOG_DEBUG("session_manager->evicted_session_filter_timeout : %d", sess_mgr_opts->evicted_session_filter_timeout); CONFIG_LOG_DEBUG("session_manager->tcp_reassembly_max_timeout : %d", session_manager_opts->tcp_reassembly_max_timeout);
CONFIG_LOG_DEBUG("session_manager->evicted_session_filter_error_rate : %f", sess_mgr_opts->evicted_session_filter_error_rate); CONFIG_LOG_DEBUG("session_manager->tcp_reassembly_max_segments : %d", session_manager_opts->tcp_reassembly_max_segments);
CONFIG_LOG_DEBUG("session_manager->tcp_reassembly_max_bytes : %d", session_manager_opts->tcp_reassembly_max_bytes);
// TCP reassembly
CONFIG_LOG_DEBUG("session_manager->tcp_reassembly_enable : %d", sess_mgr_opts->tcp_reassembly_enable);
CONFIG_LOG_DEBUG("session_manager->tcp_reassembly_max_timeout : %d", sess_mgr_opts->tcp_reassembly_max_timeout);
CONFIG_LOG_DEBUG("session_manager->tcp_reassembly_max_segments : %d", sess_mgr_opts->tcp_reassembly_max_segments);
CONFIG_LOG_DEBUG("session_manager->tcp_reassembly_max_bytes : %d", sess_mgr_opts->tcp_reassembly_max_bytes);
} }

8
src/config/config.h
View File

@@ -21,10 +21,10 @@ struct device_options
struct config struct config
{ {
struct device_options dev_opts; struct device_options device_opts;
struct packet_io_options pkt_io_opts; struct packet_io_options packet_io_opts;
struct ip_reassembly_options ip_reass_opts; struct ip_reassembly_options ip_reassembly_opts;
struct session_manager_options sess_mgr_opts; struct session_manager_options session_manager_opts;
}; };
// return 0: success // return 0: success

52
src/duplicated_packet_filter/duplicated_packet_filter.cpp
View File

@@ -22,7 +22,7 @@ struct duplicated_packet_key
struct duplicated_packet_filter struct duplicated_packet_filter
{ {
struct duplicated_packet_filter_options opts; uint8_t enable;
struct expiry_dablooms_handle *dablooms; struct expiry_dablooms_handle *dablooms;
}; };
@@ -62,25 +62,65 @@ static inline int duplicated_packet_key_get(const struct packet *packet, struct
return 0; return 0;
} }
static int check_options(const struct duplicated_packet_filter_options *opts)
{
if (opts == NULL)
{
DUPLICATED_PACKET_FILTER_LOG_ERROR("invalid options");
return -1;
}
if (opts->enable == 0)
{
return 0;
}
// UINT32_MAX = 4294967295
if (opts->capacity == 0)
{
DUPLICATED_PACKET_FILTER_LOG_ERROR("invalid capacity: %u, supported range: [1, 4294967295]", opts->capacity);
return -1;
}
if (opts->timeout < 1 || opts->timeout > 60000)
{
DUPLICATED_PACKET_FILTER_LOG_ERROR("invalid timeout: %u, supported range: [1, 60000]", opts->timeout);
return -1;
}
if (opts->error_rate < 0.0 || opts->error_rate > 1.0)
{
DUPLICATED_PACKET_FILTER_LOG_ERROR("invalid error_rate: %f, supported range: [0.0, 1.0]", opts->error_rate);
return -1;
}
return 0;
}
/****************************************************************************** /******************************************************************************
* Public API * Public API
******************************************************************************/ ******************************************************************************/
struct duplicated_packet_filter *duplicated_packet_filter_new(const struct duplicated_packet_filter_options *opts, uint64_t now) struct duplicated_packet_filter *duplicated_packet_filter_new(const struct duplicated_packet_filter_options *opts, uint64_t now)
{ {
if (check_options(opts) == -1)
{
return NULL;
}
struct duplicated_packet_filter *filter = (struct duplicated_packet_filter *)calloc(1, sizeof(struct duplicated_packet_filter)); struct duplicated_packet_filter *filter = (struct duplicated_packet_filter *)calloc(1, sizeof(struct duplicated_packet_filter));
if (filter == NULL) if (filter == NULL)
{ {
return NULL; return NULL;
} }
memcpy(&filter->opts, opts, sizeof(struct duplicated_packet_filter_options));
if (filter->opts.enable == 0) filter->enable = opts->enable;
if (filter->enable == 0)
{ {
return filter; return filter;
} }
filter->dablooms = expiry_dablooms_new(filter->opts.capacity, filter->opts.error_rate, now, filter->opts.timeout_sec); filter->dablooms = expiry_dablooms_new(opts->capacity, opts->error_rate, now, opts->timeout);
if (filter->dablooms == NULL) if (filter->dablooms == NULL)
{ {
free(filter); free(filter);
@@ -108,7 +148,7 @@ void duplicated_packet_filter_free(struct duplicated_packet_filter *filter)
// reutrn 0: no found // reutrn 0: no found
int duplicated_packet_filter_lookup(struct duplicated_packet_filter *filter, const struct packet *packet, uint64_t now) int duplicated_packet_filter_lookup(struct duplicated_packet_filter *filter, const struct packet *packet, uint64_t now)
{ {
if (filter->opts.enable == 0) if (filter->enable == 0)
{ {
return 0; return 0;
} }
@@ -129,7 +169,7 @@ int duplicated_packet_filter_lookup(struct duplicated_packet_filter *filter, con
void duplicated_packet_filter_add(struct duplicated_packet_filter *filter, const struct packet *packet, uint64_t now) void duplicated_packet_filter_add(struct duplicated_packet_filter *filter, const struct packet *packet, uint64_t now)
{ {
if (filter->opts.enable == 0) if (filter->enable == 0)
{ {
return; return;
} }

10
src/duplicated_packet_filter/duplicated_packet_filter.h
View File

@@ -8,18 +8,20 @@ extern "C"
// Duplicated Packet Filter for IPv4-Based TCP Packet // Duplicated Packet Filter for IPv4-Based TCP Packet
#include "log.h"
#include "packet.h" #include "packet.h"
#define DUPLICATED_PACKET_FILTER_LOG_ERROR(format, ...) LOG_ERROR("duplicated packet filter", format, ##__VA_ARGS__)
struct duplicated_packet_filter_options struct duplicated_packet_filter_options
{ {
uint8_t enable; uint8_t enable;
uint32_t capacity; uint32_t capacity; // range: [1, 4294967295] (UINT32_MAX = 4294967295)
uint32_t timeout_sec; uint32_t timeout; // range: [1, 60000]
double error_rate; double error_rate; // range: [0.0, 1.0]
}; };
struct duplicated_packet_filter; struct duplicated_packet_filter;
struct duplicated_packet_filter *duplicated_packet_filter_new(const struct duplicated_packet_filter_options *opts, uint64_t now); struct duplicated_packet_filter *duplicated_packet_filter_new(const struct duplicated_packet_filter_options *opts, uint64_t now);
void duplicated_packet_filter_free(struct duplicated_packet_filter *filter); void duplicated_packet_filter_free(struct duplicated_packet_filter *filter);

2
src/duplicated_packet_filter/test/gtest_duplicated_packet_filter.cpp
View File

@@ -67,7 +67,7 @@ unsigned char data[] = {
struct duplicated_packet_filter_options opts = { struct duplicated_packet_filter_options opts = {
.enable = 1, .enable = 1,
.capacity = 1000000, .capacity = 1000000,
.timeout_sec = 2, .timeout = 2,
.error_rate = 0.00001, .error_rate = 0.00001,
}; };

56
src/evicted_session_filter/evicted_session_filter.cpp
View File

@@ -8,29 +8,73 @@
struct evicted_session_filter struct evicted_session_filter
{ {
struct evicted_session_filter_options opts; uint8_t enable;
struct expiry_dablooms_handle *dablooms; struct expiry_dablooms_handle *dablooms;
}; };
/******************************************************************************
* Private API
******************************************************************************/
static int check_options(const struct evicted_session_filter_options *opts)
{
if (opts == NULL)
{
EVICTED_SESSION_FILTER_LOG_ERROR("invalid options");
return -1;
}
if (opts->enable == 0)
{
return 0;
}
// UINT32_MAX = 4294967295
if (opts->capacity == 0)
{
EVICTED_SESSION_FILTER_LOG_ERROR("invalid capacity: %u, supported range: [1, 4294967295]", opts->capacity);
return -1;
}
if (opts->timeout < 1 || opts->timeout > 60000)
{
EVICTED_SESSION_FILTER_LOG_ERROR("invalid timeout: %u, supported range: [1, 60000]", opts->timeout);
return -1;
}
if (opts->error_rate < 0.0 || opts->error_rate > 1.0)
{
EVICTED_SESSION_FILTER_LOG_ERROR("invalid error_rate: %f, supported range: [0.0, 1.0]", opts->error_rate);
return -1;
}
return 0;
}
/****************************************************************************** /******************************************************************************
* Public API * Public API
******************************************************************************/ ******************************************************************************/
struct evicted_session_filter *evicted_session_filter_new(const struct evicted_session_filter_options *opts, uint64_t now) struct evicted_session_filter *evicted_session_filter_new(const struct evicted_session_filter_options *opts, uint64_t now)
{ {
if (check_options(opts) == -1)
{
return NULL;
}
struct evicted_session_filter *filter = (struct evicted_session_filter *)calloc(1, sizeof(struct evicted_session_filter)); struct evicted_session_filter *filter = (struct evicted_session_filter *)calloc(1, sizeof(struct evicted_session_filter));
if (filter == NULL) if (filter == NULL)
{ {
return NULL; return NULL;
} }
memcpy(&filter->opts, opts, sizeof(struct evicted_session_filter_options));
if (filter->opts.enable == 0) filter->enable = opts->enable;
if (filter->enable == 0)
{ {
return filter; return filter;
} }
filter->dablooms = expiry_dablooms_new(filter->opts.capacity, filter->opts.error_rate, now, filter->opts.timeout_sec); filter->dablooms = expiry_dablooms_new(opts->capacity, opts->error_rate, now, opts->timeout);
if (filter->dablooms == NULL) if (filter->dablooms == NULL)
{ {
free(filter); free(filter);
@@ -58,7 +102,7 @@ void evicted_session_filter_free(struct evicted_session_filter *filter)
// reutrn 0: no found // reutrn 0: no found
int evicted_session_filter_lookup(struct evicted_session_filter *filter, const struct tuple6 *key, uint64_t now) int evicted_session_filter_lookup(struct evicted_session_filter *filter, const struct tuple6 *key, uint64_t now)
{ {
if (filter->opts.enable == 0) if (filter->enable == 0)
{ {
return 0; return 0;
} }
@@ -73,7 +117,7 @@ int evicted_session_filter_lookup(struct evicted_session_filter *filter, const s
void evicted_session_filter_add(struct evicted_session_filter *filter, const struct tuple6 *key, uint64_t now) void evicted_session_filter_add(struct evicted_session_filter *filter, const struct tuple6 *key, uint64_t now)
{ {
if (filter->opts.enable == 0) if (filter->enable == 0)
{ {
return; return;
} }

9
src/evicted_session_filter/evicted_session_filter.h
View File

@@ -6,14 +6,17 @@ extern "C"
{ {
#endif #endif
#include "log.h"
#include "tuple.h" #include "tuple.h"
#define EVICTED_SESSION_FILTER_LOG_ERROR(format, ...) LOG_ERROR("evicted session filter", format, ##__VA_ARGS__)
struct evicted_session_filter_options struct evicted_session_filter_options
{ {
uint8_t enable; uint8_t enable;
uint32_t capacity; uint32_t capacity; // range: [1, 4294967295] (UINT32_MAX = 4294967295)
uint32_t timeout_sec; uint32_t timeout; // range: [1, 60000]
double error_rate; double error_rate; // range: [0.0, 1.0]
}; };
struct evicted_session_filter *evicted_session_filter_new(const struct evicted_session_filter_options *opts, uint64_t now); struct evicted_session_filter *evicted_session_filter_new(const struct evicted_session_filter_options *opts, uint64_t now);

2
src/evicted_session_filter/test/gtest_evicted_session_filter.cpp
View File

@@ -5,7 +5,7 @@
struct evicted_session_filter_options opts = { struct evicted_session_filter_options opts = {
.enable = 1, .enable = 1,
.capacity = 1000000, .capacity = 1000000,
.timeout_sec = 2, .timeout = 2,
.error_rate = 0.00001, .error_rate = 0.00001,
}; };

18
src/ip_reassembly/ip_reassembly.cpp
View File

@@ -112,7 +112,6 @@ struct ip_reassembly
bool enable; bool enable;
uint32_t timeout; uint32_t timeout;
uint32_t bucket_entries; uint32_t bucket_entries;
uint32_t bucket_num;
// runtime // runtime
uint32_t entry_used; uint32_t entry_used;
@@ -187,7 +186,7 @@ static inline int is_power_of_2(uint32_t n)
return n && !(n & (n - 1)); return n && !(n & (n - 1));
} }
static inline int ip_reassembly_check_options(const struct ip_reassembly_options *opts) static int check_options(const struct ip_reassembly_options *opts)
{ {
if (opts == NULL) if (opts == NULL)
{ {
@@ -197,21 +196,21 @@ static inline int ip_reassembly_check_options(const struct ip_reassembly_options
if (opts->enable) if (opts->enable)
{ {
if (opts->timeout == 0) if (opts->timeout < 1 || opts->timeout > 60000)
{ {
IP_REASSEMBLE_DEBUG("invalid timeout"); IP_REASSEMBLE_DEBUG("invalid timeout: %u, supported range: [1, 60000]", opts->timeout);
return -1; return -1;
} }
if (opts->bucket_entries == 0 || is_power_of_2(opts->bucket_entries) == 0) if (opts->bucket_entries < 1 || opts->bucket_entries > 256 || is_power_of_2(opts->bucket_entries) == 0)
{ {
IP_REASSEMBLE_DEBUG("invalid bucket entries, must be power of 2"); IP_REASSEMBLE_DEBUG("invalid bucket_entries: %u, supported range: [1, 256] (must be power of 2)", opts->bucket_entries);
return -1; return -1;
} }
if (opts->bucket_num == 0) if (opts->bucket_num == 0)
{ {
IP_REASSEMBLE_DEBUG("invalid bucket num"); IP_REASSEMBLE_DEBUG("invalid bucket_num: %u, supported range: [1, 4294967295]", opts->bucket_num);
return -1; return -1;
} }
} }
@@ -751,7 +750,7 @@ error_out_overlap:
struct ip_reassembly *ip_reassembly_new(const struct ip_reassembly_options *opts) struct ip_reassembly *ip_reassembly_new(const struct ip_reassembly_options *opts)
{ {
if (ip_reassembly_check_options(opts) != 0) if (check_options(opts) == -1)
{ {
return NULL; return NULL;
} }
@@ -765,14 +764,13 @@ struct ip_reassembly *ip_reassembly_new(const struct ip_reassembly_options *opts
assy->enable = opts->enable; assy->enable = opts->enable;
assy->timeout = opts->timeout; assy->timeout = opts->timeout;
assy->bucket_entries = opts->bucket_entries; assy->bucket_entries = opts->bucket_entries;
assy->bucket_num = opts->bucket_num;
if (!assy->enable) if (!assy->enable)
{ {
return assy; return assy;
} }
uint64_t entry_total = align32pow2(assy->bucket_num) * assy->bucket_entries * IP_FRAG_HASH_FNUM; uint64_t entry_total = align32pow2(opts->bucket_num) * assy->bucket_entries * IP_FRAG_HASH_FNUM;
if (entry_total > UINT32_MAX) if (entry_total > UINT32_MAX)
{ {
IP_REASSEMBLE_ERROR("bucket_num * bucket_entries is too large"); IP_REASSEMBLE_ERROR("bucket_num * bucket_entries is too large");

9
src/ip_reassembly/ip_reassembly.h
View File

@@ -14,11 +14,10 @@ extern "C"
struct ip_reassembly_options struct ip_reassembly_options
{ {
bool enable; uint8_t enable;
uint32_t timeout; // range: [1, 60000]
uint32_t timeout; uint32_t bucket_entries; // range: [1, 256] (must be power of 2)
uint32_t bucket_entries; uint32_t bucket_num; // range: [1, 4294967295]
uint32_t bucket_num;
}; };
struct ip_reassembly_stat struct ip_reassembly_stat

93
src/session/session.cpp
View File

@@ -240,6 +240,99 @@ enum session_dir session_get_cur_dir(const struct session *sess)
* session tcp reassembly * session tcp reassembly
******************************************************************************/ ******************************************************************************/
int session_new_tcp_reassembly(struct session *sess, struct tcp_reassembly_options *opts)
{
sess->c2s_reassembly = tcp_reassembly_new(opts);
if (sess->c2s_reassembly == NULL)
{
return -1;
}
sess->s2c_reassembly = tcp_reassembly_new(opts);
if (sess->s2c_reassembly == NULL)
{
tcp_reassembly_free(sess->c2s_reassembly);
return -1;
}
return 0;
}
void session_free_tcp_reassembly(struct session *sess)
{
tcp_reassembly_free(sess->c2s_reassembly);
tcp_reassembly_free(sess->s2c_reassembly);
}
void session_init_tcp_seq(struct session *sess, uint32_t syn_seq)
{
if (sess->type != SESSION_TYPE_TCP)
{
assert(0);
return;
}
if (sess->cur_dir == SESSION_DIR_C2S)
{
sess->c2s_seq = syn_seq;
tcp_reassembly_init(sess->c2s_reassembly, syn_seq);
}
else
{
sess->s2c_seq = syn_seq;
tcp_reassembly_init(sess->s2c_reassembly, syn_seq);
}
}
void session_set_tcp_seq_ack(struct session *sess, uint32_t seq, uint32_t ack)
{
if (sess->type != SESSION_TYPE_TCP)
{
assert(0);
return;
}
if (sess->cur_dir == SESSION_DIR_C2S)
{
sess->c2s_seq = seq;
sess->c2s_ack = ack;
}
else
{
sess->s2c_seq = seq;
sess->s2c_ack = ack;
}
}
void session_insert_tcp_payload(struct session *sess, uint32_t seq, const char *payload, uint32_t len, uint64_t now)
{
if (sess->type != SESSION_TYPE_TCP)
{
assert(0);
return;
}
if (sess->cur_dir == SESSION_DIR_C2S)
{
tcp_reassembly_insert(sess->c2s_reassembly, seq, payload, len, now);
}
else
{
tcp_reassembly_insert(sess->s2c_reassembly, seq, payload, len, now);
}
}
void session_expire_tcp_payload(struct session *sess, uint64_t now)
{
if (sess->type != SESSION_TYPE_TCP)
{
assert(0);
return;
}
tcp_reassembly_expire(sess->c2s_reassembly, now);
tcp_reassembly_expire(sess->s2c_reassembly, now);
}
const char *session_peek_tcp_payload(struct session *sess, uint32_t *len) const char *session_peek_tcp_payload(struct session *sess, uint32_t *len)
{ {
if (sess->type != SESSION_TYPE_TCP) if (sess->type != SESSION_TYPE_TCP)

6
src/session/session.h
View File

@@ -125,6 +125,12 @@ enum session_dir session_get_cur_dir(const struct session *sess);
* session tcp reassembly * session tcp reassembly
******************************************************************************/ ******************************************************************************/
int session_new_tcp_reassembly(struct session *sess, struct tcp_reassembly_options *opts);
void session_free_tcp_reassembly(struct session *sess);
void session_init_tcp_seq(struct session *sess, uint32_t syn_seq);
void session_set_tcp_seq_ack(struct session *sess, uint32_t seq, uint32_t ack);
void session_insert_tcp_payload(struct session *sess, uint32_t offset, const char *payload, uint32_t len, uint64_t now);
void session_expire_tcp_payload(struct session *sess, uint64_t now);
const char *session_peek_tcp_payload(struct session *sess, uint32_t *len); const char *session_peek_tcp_payload(struct session *sess, uint32_t *len);
void session_consume_tcp_payload(struct session *sess, uint32_t len); void session_consume_tcp_payload(struct session *sess, uint32_t len);

383
src/session/session_manager.cpp
View File

@@ -17,6 +17,25 @@
struct session_manager struct session_manager
{ {
// max session number
uint64_t max_tcp_session_num;
uint64_t max_udp_session_num;
// session overload
uint8_t tcp_overload_evict_old_sess; // 1: evict old session, 0: bypass new session
uint8_t udp_overload_evict_old_sess; // 1: evict old session, 0: bypass new session
// TCP timeout
uint64_t tcp_init_timeout; // range: [1, 60000]
uint64_t tcp_handshake_timeout; // range: [1, 60000]
uint64_t tcp_data_timeout; // range: [1, 15999999000]
uint64_t tcp_half_closed_timeout; // range: [1, 604800000]
uint64_t tcp_time_wait_timeout; // range: [1, 600000]
uint64_t tcp_discard_timeout; // range: [1, 15999999000]
uint64_t tcp_unverified_rst_timeout; // range: [1, 600000]
// UDP timeout
uint64_t udp_data_timeout; // range: [1, 15999999000]
struct tcp_reassembly_options tcp_reassembly_opts;
struct session_pool *sess_pool; struct session_pool *sess_pool;
struct session_table *tcp_sess_table; struct session_table *tcp_sess_table;
struct session_table *udp_sess_table; struct session_table *udp_sess_table;
@@ -26,146 +45,123 @@ struct session_manager
struct duplicated_packet_filter *dup_pkt_filter; struct duplicated_packet_filter *dup_pkt_filter;
struct evicted_session_filter *evicte_sess_filter; struct evicted_session_filter *evicte_sess_filter;
struct session_manager_options opts;
struct session_manager_stat stat; struct session_manager_stat stat;
}; };
#define EVICTE_SESSION_BURST (RX_BURST_MAX) #define EVICTE_SESSION_BURST (RX_BURST_MAX)
struct tcp_reassembly_options tcp_reassembly_opts = {0}; enum tcp_flags
{
SYN_RECV = 1 << 0,
SYN_ACK_RECV = 1 << 1,
/****************************************************************************** C2S_FIN_RECV = 1 << 2,
* Options S2C_FIN_RECV = 1 << 3,
******************************************************************************/
static int check_options(struct session_manager_options *opts) C2S_RST_RECV = 1 << 4,
S2C_RST_RECV = 1 << 5,
C2S_UNVERIFIED_RST_RECV = 1 << 6,
S2C_UNVERIFIED_RST_RECV = 1 << 7,
};
// TODO
uint8_t tcp_flags_idx = 0;
static uint64_t tcp_flags_update(struct session *sess, uint8_t flags)
{
enum session_dir dir = session_get_cur_dir(sess);
uint64_t history = (uint64_t)session_get0_ex_data(sess, tcp_flags_idx);
if (flags & TH_SYN)
{
history |= (flags & TH_ACK) ? SYN_ACK_RECV : SYN_RECV;
}
if (flags & TH_FIN)
{
history |= (dir == SESSION_DIR_C2S ? C2S_FIN_RECV : S2C_FIN_RECV);
}
if (flags & TH_RST)
{
/*
* https://www.rfc-editor.org/rfc/rfc5961#section-3.2
*
* If the RST bit is set and the sequence number exactly matches the
* next expected sequence number (RCV.NXT), then TCP MUST reset the
* connection.
*/
uint16_t curr_seq = (dir == SESSION_DIR_C2S ? sess->c2s_seq : sess->s2c_seq);
uint16_t expect_seq = (dir == SESSION_DIR_C2S ? sess->s2c_ack : sess->c2s_ack);
// if fin is received, the expected sequence number should be increased by 1
expect_seq += (dir == SESSION_DIR_C2S ? (flags & S2C_FIN_RECV ? 1 : 0) : (flags & C2S_FIN_RECV ? 1 : 0));
if (curr_seq == expect_seq)
{
history |= (dir == SESSION_DIR_C2S ? C2S_RST_RECV : S2C_RST_RECV);
}
// RST is unverified if the sequence number is not as expected
else
{
history |= (dir == SESSION_DIR_C2S ? C2S_UNVERIFIED_RST_RECV : S2C_UNVERIFIED_RST_RECV);
}
}
session_set_ex_data(sess, tcp_flags_idx, (void *)history);
return history;
}
// TODO
int check_options(const struct session_manager_options *opts)
{ {
if (opts == NULL) if (opts == NULL)
{ {
SESSION_LOG_ERROR("invalid options"); SESSION_LOG_ERROR("invalid options");
return -1; return -1;
} }
// max session number
if (opts->max_tcp_session_num < EVICTE_SESSION_BURST * 2) if (opts->tcp_init_timeout < 1 || opts->tcp_init_timeout > 60000)
{ {
SESSION_LOG_ERROR("invalid max tcp session number, must be greater than %d", EVICTE_SESSION_BURST * 2); SESSION_LOG_ERROR("invalid tcp_init_timeout: %lu, supported range: [1, 60000]", opts->tcp_init_timeout);
return -1; return -1;
} }
if (opts->max_udp_session_num < EVICTE_SESSION_BURST * 2) if (opts->tcp_handshake_timeout < 1 || opts->tcp_handshake_timeout > 60000)
{ {
SESSION_LOG_ERROR("invalid max udp session number, must be greater than %d", EVICTE_SESSION_BURST * 2); SESSION_LOG_ERROR("invalid tcp_handshake_timeout: %lu, supported range: [1, 60000]", opts->tcp_handshake_timeout);
return -1; return -1;
} }
// session overload if (opts->tcp_data_timeout < 1 || opts->tcp_data_timeout > 15999999000)
if (opts->tcp_overload_evict_old_sess != 0 && opts->tcp_overload_evict_old_sess != 1)
{ {
SESSION_LOG_ERROR("invalid tcp overload evict old session, support range: 0-1"); SESSION_LOG_ERROR("invalid tcp_data_timeout: %lu, supported range: [1, 15999999000]", opts->tcp_data_timeout);
return -1; return -1;
} }
if (opts->udp_overload_evict_old_sess != 0 && opts->udp_overload_evict_old_sess != 1) if (opts->tcp_half_closed_timeout < 1 || opts->tcp_half_closed_timeout > 604800000)
{ {
SESSION_LOG_ERROR("invalid udp overload evict old session, support range: 0-1"); SESSION_LOG_ERROR("invalid tcp_half_closed_timeout: %lu, supported range: [1, 604800000]", opts->tcp_half_closed_timeout);
return -1; return -1;
} }
// TCP timeout opts if (opts->tcp_time_wait_timeout < 1 || opts->tcp_time_wait_timeout > 600000)
if (opts->tcp_timeout_init < 1 || opts->tcp_timeout_init > 60000)
{ {
SESSION_LOG_ERROR("invalid tcp timeout init, support range: 1-60,000"); SESSION_LOG_ERROR("invalid tcp_time_wait_timeout: %lu, supported range: [1, 600000]", opts->tcp_time_wait_timeout);
return -1; return -1;
} }
if (opts->tcp_timeout_handshake < 1 || opts->tcp_timeout_handshake > 60000) if (opts->tcp_discard_timeout < 1 || opts->tcp_discard_timeout > 15999999000)
{ {
SESSION_LOG_ERROR("invalid tcp timeout handshake, support range: 1-60,000"); SESSION_LOG_ERROR("invalid tcp_discard_timeout: %lu, supported range: [1, 15999999000]", opts->tcp_discard_timeout);
return -1; return -1;
} }
if (opts->tcp_timeout_data < 1 || opts->tcp_timeout_data > 15999999000) if (opts->tcp_unverified_rst_timeout < 1 || opts->tcp_unverified_rst_timeout > 600000)
{ {
SESSION_LOG_ERROR("invalid tcp timeout data, support range: 1-15,999,999,000"); SESSION_LOG_ERROR("invalid tcp_unverified_rst_timeout: %lu, supported range: [1, 600000]", opts->tcp_unverified_rst_timeout);
return -1; return -1;
} }
if (opts->tcp_timeout_half_closed < 1 || opts->tcp_timeout_half_closed > 604800000) if (opts->udp_data_timeout < 1 || opts->udp_data_timeout > 15999999000)
{ {
SESSION_LOG_ERROR("invalid tcp timeout half closed, support range: 1-604,800,000"); SESSION_LOG_ERROR("invalid udp_data_timeout: %lu, supported range: [1, 15999999000]", opts->udp_data_timeout);
return -1; return -1;
} }
if (opts->tcp_timeout_time_wait < 1 || opts->tcp_timeout_time_wait > 600000)
{
SESSION_LOG_ERROR("invalid tcp timeout time wait, support range: 1-600,000");
return -1;
}
if (opts->tcp_timeout_discard < 1 || opts->tcp_timeout_discard > 15999999000)
{
SESSION_LOG_ERROR("invalid tcp timeout discard, support range: 1-15,999,999,000");
return -1;
}
// UDP timeout opts
if (opts->udp_timeout_data < 1 || opts->udp_timeout_data > 15999999000)
{
SESSION_LOG_ERROR("invalid udp timeout data, support range: 1-15,999,999,000");
return -1;
}
// duplicate packet filter opts
if (opts->duplicated_packet_filter_enable != 0 && opts->duplicated_packet_filter_enable != 1)
{
SESSION_LOG_ERROR("invalid duplicate packet filter enable, support range: 0-1");
return -1;
}
if (opts->duplicated_packet_filter_enable)
{
if (opts->duplicated_packet_filter_capacity == 0)
{
SESSION_LOG_ERROR("invalid duplicate packet filter capacity");
return -1;
}
if (opts->duplicated_packet_filter_timeout < 1 || opts->duplicated_packet_filter_timeout > 60000)
{
SESSION_LOG_ERROR("invalid duplicate packet filter timeout, support range: 1-60,000");
return -1;
}
if (opts->duplicated_packet_filter_error_rate < 0 || opts->duplicated_packet_filter_error_rate > 1)
{
SESSION_LOG_ERROR("invalid duplicate packet filter error rate, support range: 0-1");
return -1;
}
}
// eviction filter opts
if (opts->evicted_session_filter_enable != 0 && opts->evicted_session_filter_enable != 1)
{
SESSION_LOG_ERROR("invalid eviction filter enable, support range: 0-1");
return -1;
}
if (opts->evicted_session_filter_enable)
{
if (opts->evicted_session_filter_capacity == 0)
{
SESSION_LOG_ERROR("invalid eviction filter capacity");
return -1;
}
if (opts->evicted_session_filter_timeout < 1 || opts->evicted_session_filter_timeout > 60000)
{
SESSION_LOG_ERROR("invalid eviction filter timeout, support range: 1-60,000");
return -1;
}
if (opts->evicted_session_filter_error_rate < 0 || opts->evicted_session_filter_error_rate > 1)
{
SESSION_LOG_ERROR("invalid eviction filter error rate, support range: 0-1");
return -1;
}
}
// TCP reassembly opts
if (opts->tcp_reassembly_enable != 0 && opts->tcp_reassembly_enable != 1)
{
SESSION_LOG_ERROR("invalid tcp reassembly enable, support range: 0-1");
return -1;
}
if (opts->tcp_reassembly_enable)
{
if (opts->tcp_reassembly_max_timeout < 1 || opts->tcp_reassembly_max_timeout > 60000)
{
SESSION_LOG_ERROR("invalid tcp reassembly max timeout, support range: 1-60,000");
return -1;
}
}
return 0; return 0;
} }
@@ -298,12 +294,11 @@ typedef int filter(struct session_manager *mgr, struct session *sess, const stru
// on pre new session // on pre new session
static int session_manager_self_protection(struct session_manager *mgr, struct session *sess, const struct packet *pkt, const struct tuple6 *key, uint64_t now) static int session_manager_self_protection(struct session_manager *mgr, struct session *sess, const struct packet *pkt, const struct tuple6 *key, uint64_t now)
{ {
struct session_manager_options *opts = &mgr->opts;
struct session_manager_stat *stat = &mgr->stat; struct session_manager_stat *stat = &mgr->stat;
switch (key->ip_proto) switch (key->ip_proto)
{ {
case IPPROTO_TCP: case IPPROTO_TCP:
if (stat->tcp_sess.nr_sess_used >= opts->max_tcp_session_num) if (stat->tcp_sess.nr_sess_used >= mgr->max_tcp_session_num)
{ {
stat->evc_pkt.nr_pkts++; stat->evc_pkt.nr_pkts++;
stat->evc_pkt.nr_bytes += packet_get_len(pkt); stat->evc_pkt.nr_bytes += packet_get_len(pkt);
@@ -312,7 +307,7 @@ static int session_manager_self_protection(struct session_manager *mgr, struct s
} }
break; break;
case IPPROTO_UDP: case IPPROTO_UDP:
if (stat->udp_sess.nr_sess_used >= opts->max_udp_session_num) if (stat->udp_sess.nr_sess_used >= mgr->max_udp_session_num)
{ {
stat->evc_pkt.nr_pkts++; stat->evc_pkt.nr_pkts++;
stat->evc_pkt.nr_bytes += packet_get_len(pkt); stat->evc_pkt.nr_bytes += packet_get_len(pkt);
@@ -495,16 +490,16 @@ static void session_manager_evicte_session(struct session_manager *mgr, struct s
static struct session *session_manager_new_tcp_session(struct session_manager *mgr, const struct packet *pkt, const struct tuple6 *key, uint64_t now) static struct session *session_manager_new_tcp_session(struct session_manager *mgr, const struct packet *pkt, const struct tuple6 *key, uint64_t now)
{ {
struct session_manager_options *opts = &mgr->opts;
const struct layer *tcp_layer = packet_get_innermost_layer(pkt, LAYER_TYPE_TCP); const struct layer *tcp_layer = packet_get_innermost_layer(pkt, LAYER_TYPE_TCP);
const struct tcphdr *hdr = (const struct tcphdr *)tcp_layer->hdr_ptr; const struct tcphdr *hdr = (const struct tcphdr *)tcp_layer->hdr_ptr;
if (!tcp_hdr_get_syn_flag(hdr)) uint8_t flags = tcp_hdr_get_flags(hdr);
if (!(flags & TH_SYN))
{ {
return NULL; return NULL;
} }
// tcp table full evict old session // tcp table full evict old session
if (opts->tcp_overload_evict_old_sess && mgr->stat.tcp_sess.nr_sess_used >= opts->max_tcp_session_num - EVICTE_SESSION_BURST) if (mgr->tcp_overload_evict_old_sess && mgr->stat.tcp_sess.nr_sess_used >= mgr->max_tcp_session_num - EVICTE_SESSION_BURST)
{ {
struct session *evic_sess = session_table_find_lru(mgr->tcp_sess_table); struct session *evic_sess = session_table_find_lru(mgr->tcp_sess_table);
session_manager_evicte_session(mgr, evic_sess, now); session_manager_evicte_session(mgr, evic_sess, now);
@@ -518,9 +513,7 @@ static struct session *session_manager_new_tcp_session(struct session_manager *m
} }
session_init(sess); session_init(sess);
session_set_id(sess, id_generator_alloc()); session_set_id(sess, id_generator_alloc());
sess->c2s_reassembly = tcp_reassembly_new(&tcp_reassembly_opts); if (session_new_tcp_reassembly(sess, &mgr->tcp_reassembly_opts) == -1)
sess->s2c_reassembly = tcp_reassembly_new(&tcp_reassembly_opts);
if (sess->c2s_reassembly == NULL || sess->s2c_reassembly == NULL)
{ {
assert(0); assert(0);
session_pool_push(mgr->sess_pool, sess); session_pool_push(mgr->sess_pool, sess);
@@ -535,14 +528,11 @@ static struct session *session_manager_new_tcp_session(struct session_manager *m
session_transition_log(sess, SESSION_STATE_INIT, next_state, TCP_SYN); session_transition_log(sess, SESSION_STATE_INIT, next_state, TCP_SYN);
session_stat_inc(&mgr->stat.tcp_sess, next_state); session_stat_inc(&mgr->stat.tcp_sess, next_state);
tcp_reassembly_init(dir == SESSION_DIR_C2S ? sess->c2s_reassembly : sess->s2c_reassembly, tcp_hdr_get_seq(hdr)); session_init_tcp_seq(sess, tcp_hdr_get_seq(hdr));
if (tcp_layer->pld_len) session_set_tcp_seq_ack(sess, tcp_hdr_get_seq(hdr), tcp_hdr_get_ack(hdr));
{ session_insert_tcp_payload(sess, tcp_hdr_get_seq(hdr), tcp_layer->pld_ptr, tcp_layer->pld_len, now);
tcp_reassembly_insert(dir == SESSION_DIR_C2S ? sess->c2s_reassembly : sess->s2c_reassembly,
tcp_hdr_get_seq(hdr), tcp_layer->pld_ptr, tcp_layer->pld_len, now);
}
uint64_t timeout = tcp_hdr_get_ack_flag(hdr) ? opts->tcp_timeout_handshake : opts->tcp_timeout_init; uint64_t timeout = (flags & TH_ACK) ? mgr->tcp_handshake_timeout : mgr->tcp_init_timeout;
timer_update(mgr->sess_timer, sess, now + timeout); timer_update(mgr->sess_timer, sess, now + timeout);
session_table_add(mgr->tcp_sess_table, key, sess); session_table_add(mgr->tcp_sess_table, key, sess);
@@ -553,10 +543,8 @@ static struct session *session_manager_new_tcp_session(struct session_manager *m
static struct session *session_manager_new_udp_session(struct session_manager *mgr, const struct packet *pkt, const struct tuple6 *key, uint64_t now) static struct session *session_manager_new_udp_session(struct session_manager *mgr, const struct packet *pkt, const struct tuple6 *key, uint64_t now)
{ {
struct session_manager_options *opts = &mgr->opts;
// udp table full evict old session // udp table full evict old session
if (opts->udp_overload_evict_old_sess && mgr->stat.udp_sess.nr_sess_used >= opts->max_udp_session_num - EVICTE_SESSION_BURST) if (mgr->udp_overload_evict_old_sess && mgr->stat.udp_sess.nr_sess_used >= mgr->max_udp_session_num - EVICTE_SESSION_BURST)
{ {
struct session *evic_sess = session_table_find_lru(mgr->udp_sess_table); struct session *evic_sess = session_table_find_lru(mgr->udp_sess_table);
session_manager_evicte_session(mgr, evic_sess, now); session_manager_evicte_session(mgr, evic_sess, now);
@@ -578,7 +566,7 @@ static struct session *session_manager_new_udp_session(struct session_manager *m
session_transition_log(sess, SESSION_STATE_INIT, next_state, UDP_DATA); session_transition_log(sess, SESSION_STATE_INIT, next_state, UDP_DATA);
session_stat_inc(&mgr->stat.udp_sess, next_state); session_stat_inc(&mgr->stat.udp_sess, next_state);
timer_update(mgr->sess_timer, sess, now + opts->udp_timeout_data); timer_update(mgr->sess_timer, sess, now + mgr->udp_data_timeout);
session_table_add(mgr->udp_sess_table, key, sess); session_table_add(mgr->udp_sess_table, key, sess);
return sess; return sess;
@@ -586,13 +574,13 @@ static struct session *session_manager_new_udp_session(struct session_manager *m
static int session_manager_update_tcp_session(struct session_manager *mgr, struct session *sess, const struct packet *pkt, const struct tuple6 *key, uint64_t now) static int session_manager_update_tcp_session(struct session_manager *mgr, struct session *sess, const struct packet *pkt, const struct tuple6 *key, uint64_t now)
{ {
struct session_manager_options *opts = &mgr->opts;
const struct layer *tcp_layer = packet_get_innermost_layer(pkt, LAYER_TYPE_TCP); const struct layer *tcp_layer = packet_get_innermost_layer(pkt, LAYER_TYPE_TCP);
const struct tcphdr *hdr = (const struct tcphdr *)tcp_layer->hdr_ptr; const struct tcphdr *hdr = (const struct tcphdr *)tcp_layer->hdr_ptr;
enum session_dir dir = identify_direction_by_history(sess, key); enum session_dir dir = identify_direction_by_history(sess, key);
int inputs = tcp_hdr_get_syn_flag(hdr) ? TCP_SYN : NONE; uint8_t flags = tcp_hdr_get_flags(hdr);
inputs |= tcp_hdr_get_fin_flag(hdr) ? TCP_FIN : NONE; int inputs = (flags & TH_SYN) ? TCP_SYN : NONE;
inputs |= tcp_hdr_get_rst_flag(hdr) ? TCP_RST : NONE; inputs |= (flags & TH_FIN) ? TCP_FIN : NONE;
inputs |= (flags & TH_RST) ? TCP_RST : NONE;
inputs |= tcp_layer->pld_len ? TCP_DATA : NONE; inputs |= tcp_layer->pld_len ? TCP_DATA : NONE;
enum session_state curr_state = session_get_state(sess); enum session_state curr_state = session_get_state(sess);
enum session_state next_state = session_transition_run(curr_state, inputs); enum session_state next_state = session_transition_run(curr_state, inputs);
@@ -602,41 +590,12 @@ static int session_manager_update_tcp_session(struct session_manager *mgr, struc
if (tcp_hdr_get_syn_flag(hdr)) if (tcp_hdr_get_syn_flag(hdr))
{ {
tcp_reassembly_init(dir == SESSION_DIR_C2S ? sess->c2s_reassembly : sess->s2c_reassembly, tcp_hdr_get_seq(hdr)); session_init_tcp_seq(sess, tcp_hdr_get_seq(hdr));
}
tcp_reassembly_expire(sess->c2s_reassembly, now);
tcp_reassembly_expire(sess->s2c_reassembly, now);
if (tcp_layer->pld_len)
{
tcp_reassembly_insert(dir == SESSION_DIR_C2S ? sess->c2s_reassembly : sess->s2c_reassembly,
tcp_hdr_get_seq(hdr), tcp_layer->pld_ptr, tcp_layer->pld_len, now);
} }
// select next timeout session_set_tcp_seq_ack(sess, tcp_hdr_get_seq(hdr), tcp_hdr_get_ack(hdr));
uint64_t timeout = 0; session_expire_tcp_payload(sess, now);
switch (next_state) session_insert_tcp_payload(sess, tcp_hdr_get_seq(hdr), tcp_layer->pld_ptr, tcp_layer->pld_len, now);
{
case SESSION_STATE_OPENING:
if (tcp_hdr_get_syn_flag(hdr))
{
timeout = tcp_hdr_get_ack_flag(hdr) ? opts->tcp_timeout_handshake : opts->tcp_timeout_init;
}
else
{
timeout = opts->tcp_timeout_data;
}
break;
case SESSION_STATE_ACTIVE:
timeout = opts->tcp_timeout_data;
break;
case SESSION_STATE_CLOSING:
timeout = opts->tcp_timeout_time_wait;
break;
default:
assert(0);
break;
}
timer_update(mgr->sess_timer, sess, now + timeout);
// set closing reason // set closing reason
if (next_state == SESSION_STATE_CLOSING && !session_get_closing_reason(sess)) if (next_state == SESSION_STATE_CLOSING && !session_get_closing_reason(sess))
@@ -651,19 +610,59 @@ static int session_manager_update_tcp_session(struct session_manager *mgr, struc
} }
} }
uint64_t history = tcp_flags_update(sess, flags);
uint64_t timeout = 0;
switch (next_state)
{
case SESSION_STATE_OPENING:
if (flags & TH_SYN)
{
timeout = (flags & TH_ACK) ? mgr->tcp_handshake_timeout : mgr->tcp_init_timeout;
}
else
{
timeout = mgr->tcp_data_timeout;
}
break;
case SESSION_STATE_ACTIVE:
timeout = mgr->tcp_data_timeout;
break;
case SESSION_STATE_CLOSING:
if (flags & TH_FIN)
{
timeout = (history & C2S_FIN_RECV && history & S2C_FIN_RECV) ? mgr->tcp_half_closed_timeout : mgr->tcp_time_wait_timeout;
}
else if (flags & TH_RST)
{
timeout = (history & C2S_RST_RECV || history & S2C_RST_RECV) ? mgr->tcp_time_wait_timeout : mgr->tcp_unverified_rst_timeout;
}
else
{
timeout = mgr->tcp_data_timeout;
}
break;
case SESSION_STATE_DISCARD:
timeout = mgr->tcp_discard_timeout;
break;
default:
assert(0);
break;
}
timer_update(mgr->sess_timer, sess, now + timeout);
return 0; return 0;
} }
static int session_manager_update_udp_session(struct session_manager *mgr, struct session *sess, const struct packet *pkt, const struct tuple6 *key, uint64_t now) static int session_manager_update_udp_session(struct session_manager *mgr, struct session *sess, const struct packet *pkt, const struct tuple6 *key, uint64_t now)
{ {
struct session_manager_options *opts = &mgr->opts;
enum session_dir dir = identify_direction_by_history(sess, key); enum session_dir dir = identify_direction_by_history(sess, key);
enum session_state curr_state = session_get_state(sess); enum session_state curr_state = session_get_state(sess);
enum session_state next_state = session_transition_run(curr_state, UDP_DATA); enum session_state next_state = session_transition_run(curr_state, UDP_DATA);
session_update(sess, next_state, pkt, key, dir, now); session_update(sess, next_state, pkt, key, dir, now);
session_transition_log(sess, curr_state, next_state, UDP_DATA); session_transition_log(sess, curr_state, next_state, UDP_DATA);
session_stat_update(mgr, sess, curr_state, next_state); session_stat_update(mgr, sess, curr_state, next_state);
timer_update(mgr->sess_timer, sess, now + opts->udp_timeout_data); timer_update(mgr->sess_timer, sess, now + mgr->udp_data_timeout);
return 0; return 0;
} }
@@ -678,46 +677,66 @@ struct session_manager *session_manager_new(struct session_manager_options *opts
{ {
return NULL; return NULL;
} }
struct session_manager *mgr = (struct session_manager *)calloc(1, sizeof(struct session_manager)); struct session_manager *mgr = (struct session_manager *)calloc(1, sizeof(struct session_manager));
if (mgr == NULL) if (mgr == NULL)
{ {
return NULL; return NULL;
} }
// max session number
memcpy(&mgr->opts, opts, sizeof(struct session_manager_options)); mgr->max_tcp_session_num = (opts->max_tcp_session_num < EVICTE_SESSION_BURST * 2) ? EVICTE_SESSION_BURST * 2 : opts->max_tcp_session_num;
struct duplicated_packet_filter_options dup_pkt_opts = { mgr->max_udp_session_num = (opts->max_udp_session_num < EVICTE_SESSION_BURST * 2) ? EVICTE_SESSION_BURST * 2 : opts->max_udp_session_num;
// session overload
mgr->stat.tcp_sess.nr_sess_init = 0;
mgr->tcp_overload_evict_old_sess = opts->tcp_overload_evict_old_sess;
mgr->udp_overload_evict_old_sess = opts->udp_overload_evict_old_sess;
// session timeout
mgr->tcp_init_timeout = opts->tcp_init_timeout;
mgr->tcp_handshake_timeout = opts->tcp_handshake_timeout;
mgr->tcp_data_timeout = opts->tcp_data_timeout;
mgr->tcp_half_closed_timeout = opts->tcp_half_closed_timeout;
mgr->tcp_time_wait_timeout = opts->tcp_time_wait_timeout;
mgr->tcp_discard_timeout = opts->tcp_discard_timeout;
mgr->tcp_unverified_rst_timeout = opts->tcp_unverified_rst_timeout;
mgr->udp_data_timeout = opts->udp_data_timeout;
// duplicated packet filter
struct duplicated_packet_filter_options duplicated_packet_filter_opts = {
.enable = opts->duplicated_packet_filter_enable, .enable = opts->duplicated_packet_filter_enable,
.capacity = opts->duplicated_packet_filter_capacity, .capacity = opts->duplicated_packet_filter_capacity,
.timeout_sec = opts->duplicated_packet_filter_timeout, .timeout = opts->duplicated_packet_filter_timeout,
.error_rate = opts->duplicated_packet_filter_error_rate, .error_rate = opts->duplicated_packet_filter_error_rate,
}; };
struct evicted_session_filter_options evc_sess_opts = { // evicted session filter
struct evicted_session_filter_options evicted_session_filter_opts = {
.enable = opts->evicted_session_filter_enable, .enable = opts->evicted_session_filter_enable,
.capacity = opts->evicted_session_filter_capacity, .capacity = opts->evicted_session_filter_capacity,
.timeout_sec = opts->evicted_session_filter_timeout, .timeout = opts->evicted_session_filter_timeout,
.error_rate = opts->evicted_session_filter_error_rate, .error_rate = opts->evicted_session_filter_error_rate,
}; };
tcp_reassembly_opts = { // tcp reassembly
mgr->tcp_reassembly_opts = {
.enable = opts->tcp_reassembly_enable, .enable = opts->tcp_reassembly_enable,
.max_timeout = opts->tcp_reassembly_max_timeout, .max_timeout = opts->tcp_reassembly_max_timeout,
.max_segments = opts->tcp_reassembly_max_segments, .max_segments = opts->tcp_reassembly_max_segments,
.max_bytes = opts->tcp_reassembly_max_bytes, .max_bytes = opts->tcp_reassembly_max_bytes,
}; };
mgr->sess_pool = session_pool_new(opts->max_tcp_session_num + opts->max_udp_session_num); mgr->sess_pool = session_pool_new(mgr->max_tcp_session_num + mgr->max_udp_session_num);
mgr->tcp_sess_table = session_table_new(); mgr->tcp_sess_table = session_table_new();
mgr->udp_sess_table = session_table_new(); mgr->udp_sess_table = session_table_new();
mgr->sess_timer = session_timer_new(); mgr->sess_timer = session_timer_new();
mgr->sess_evicte_queue = session_queue_new(); mgr->sess_evicte_queue = session_queue_new();
mgr->dup_pkt_filter = duplicated_packet_filter_new(&dup_pkt_opts, now); mgr->dup_pkt_filter = duplicated_packet_filter_new(&duplicated_packet_filter_opts, now);
mgr->evicte_sess_filter = evicted_session_filter_new(&evc_sess_opts, now); mgr->evicte_sess_filter = evicted_session_filter_new(&evicted_session_filter_opts, now);
if (mgr->sess_pool == NULL || mgr->tcp_sess_table == NULL || mgr->udp_sess_table == NULL || mgr->sess_timer == NULL || mgr->sess_evicte_queue == NULL || mgr->dup_pkt_filter == NULL || mgr->evicte_sess_filter == NULL) if (mgr->sess_pool == NULL || mgr->tcp_sess_table == NULL || mgr->udp_sess_table == NULL || mgr->sess_timer == NULL || mgr->sess_evicte_queue == NULL || mgr->dup_pkt_filter == NULL || mgr->evicte_sess_filter == NULL)
{ {
goto error; goto error;
} }
session_transition_init();
session_filter_init(); session_filter_init();
session_transition_init();
tcp_flags_idx = session_get_ex_new_index("tcp_flags", NULL, NULL);
return mgr; return mgr;
error: error:
@@ -789,8 +808,7 @@ void session_manager_free_session(struct session_manager *mgr, struct session *s
switch (session_get_type(sess)) switch (session_get_type(sess))
{ {
case SESSION_TYPE_TCP: case SESSION_TYPE_TCP:
tcp_reassembly_free(sess->c2s_reassembly); session_free_tcp_reassembly(sess);
tcp_reassembly_free(sess->s2c_reassembly);
session_table_del(mgr->tcp_sess_table, session_get0_key(sess)); session_table_del(mgr->tcp_sess_table, session_get0_key(sess));
session_stat_dec(&mgr->stat.tcp_sess, session_get_state(sess)); session_stat_dec(&mgr->stat.tcp_sess, session_get_state(sess));
mgr->stat.tcp_sess.nr_sess_used--; mgr->stat.tcp_sess.nr_sess_used--;
@@ -857,7 +875,6 @@ int session_manager_update_session(struct session_manager *mgr, struct session *
struct session *session_manager_get_expired_session(struct session_manager *mgr, uint64_t now) struct session *session_manager_get_expired_session(struct session_manager *mgr, uint64_t now)
{ {
struct session_manager_options *opts = &mgr->opts;
struct session *sess = session_timer_expire(mgr->sess_timer, now); struct session *sess = session_timer_expire(mgr->sess_timer, now);
if (sess) if (sess)
{ {
@@ -879,7 +896,19 @@ struct session *session_manager_get_expired_session(struct session_manager *mgr,
else else
{ {
// in closing state, only update timeout // in closing state, only update timeout
uint64_t timeout = session_get_type(sess) == SESSION_TYPE_TCP ? opts->tcp_timeout_time_wait : opts->udp_timeout_data; uint64_t timeout = 0;
switch (session_get_type(sess))
{
case SESSION_TYPE_TCP:
timeout = mgr->tcp_data_timeout;
break;
case SESSION_TYPE_UDP:
timeout = mgr->udp_data_timeout;
break;
default:
assert(0);
break;
}
timer_update(mgr->sess_timer, sess, now + timeout); timer_update(mgr->sess_timer, sess, now + timeout);
return NULL; return NULL;
} }

34
src/session/session_manager.h
View File

@@ -23,33 +23,33 @@ struct session_manager_options
uint8_t udp_overload_evict_old_sess; // 1: evict old session, 0: bypass new session uint8_t udp_overload_evict_old_sess; // 1: evict old session, 0: bypass new session
// TCP timeout // TCP timeout
uint64_t tcp_timeout_init; // ms, Range: 1-60,000 uint64_t tcp_init_timeout; // range: [1, 60000] (ms)
uint64_t tcp_timeout_handshake; // ms, Range: 1-60,000 uint64_t tcp_handshake_timeout; // range: [1, 60000] (ms)
uint64_t tcp_timeout_data; // ms, Range: 1-15,999,999,000 uint64_t tcp_data_timeout; // range: [1, 15999999000] (ms)
uint64_t tcp_timeout_half_closed; // ms, Range: 1-604,800,000 uint64_t tcp_half_closed_timeout; // range: [1, 604800000] (ms)
uint64_t tcp_timeout_time_wait; // ms, Range: 1-600,000 uint64_t tcp_time_wait_timeout; // range: [1, 600000] (ms)
uint64_t tcp_timeout_discard; // ms, Range: 1-15,999,999,000 uint64_t tcp_discard_timeout; // range: [1, 15999999000] (ms)
uint64_t tcp_unverified_rst_timeout; // range: [1, 600000] (ms)
// UDP timeout // UDP timeout
uint64_t udp_timeout_data; // ms, Range: 1-15,999,999,000 uint64_t udp_data_timeout; // range: [1, 15999999000] (ms)
// duplicate packet filter // duplicate packet filter
uint8_t duplicated_packet_filter_enable; uint8_t duplicated_packet_filter_enable;
uint32_t duplicated_packet_filter_capacity; uint32_t duplicated_packet_filter_capacity; // range: [1, 4294967295]
uint32_t duplicated_packet_filter_timeout; // ms, Range: 1-60,000 uint32_t duplicated_packet_filter_timeout; // range: [1, 60000] (ms)
double duplicated_packet_filter_error_rate; double duplicated_packet_filter_error_rate; // range: [0.0, 1.0]
// evicted session filter // evicted session filter
uint8_t evicted_session_filter_enable; uint8_t evicted_session_filter_enable;
uint32_t evicted_session_filter_capacity; uint32_t evicted_session_filter_capacity; // range: [1, 4294967295]
uint32_t evicted_session_filter_timeout; // ms, Range: 1-60,000 uint32_t evicted_session_filter_timeout; // range: [1, 60000] (ms)
double evicted_session_filter_error_rate; double evicted_session_filter_error_rate; // range: [0.0, 1.0]
// TCP reassembly // TCP reassembly
uint8_t tcp_reassembly_enable; uint8_t tcp_reassembly_enable;
uint32_t tcp_reassembly_max_timeout; // ms, Range: 1-60,000 uint32_t tcp_reassembly_max_timeout; // range: [1, 60000] (ms)
uint32_t tcp_reassembly_max_segments; // 0: unlimited uint32_t tcp_reassembly_max_segments; // range: [2, 32]
uint32_t tcp_reassembly_max_bytes; // 0: unlimited uint32_t tcp_reassembly_max_bytes; // range: [2920, 46720] [2*MSS, 32*MSS]
}; };
struct session_stat struct session_stat

5
src/session/session_private.h
View File

@@ -58,6 +58,11 @@ struct session
struct tcp_reassembly *c2s_reassembly; struct tcp_reassembly *c2s_reassembly;
struct tcp_reassembly *s2c_reassembly; struct tcp_reassembly *s2c_reassembly;
uint32_t c2s_seq;
uint32_t s2c_seq;
uint32_t c2s_ack;
uint32_t s2c_ack;
/****************************** /******************************
* Session Current Packet * Session Current Packet
******************************/ ******************************/

15
src/session/test/gtest_filter_tcp_dupkt.cpp
View File

@@ -16,15 +16,16 @@ struct session_manager_options opts = {
.udp_overload_evict_old_sess = 1, // 1: evict old session, 0: bypass new session .udp_overload_evict_old_sess = 1, // 1: evict old session, 0: bypass new session
// tcp timeout // tcp timeout
.tcp_timeout_init = 1, .tcp_init_timeout = 1,
.tcp_timeout_handshake = 2, .tcp_handshake_timeout = 2,
.tcp_timeout_data = 3, .tcp_data_timeout = 3,
.tcp_timeout_half_closed = 4, .tcp_half_closed_timeout = 4,
.tcp_timeout_time_wait = 5, .tcp_time_wait_timeout = 5,
.tcp_timeout_discard = 6, .tcp_discard_timeout = 6,
.tcp_unverified_rst_timeout = 7,
// udp timeout // udp timeout
.udp_timeout_data = 7, .udp_data_timeout = 8,
// duplicate packet filter // duplicate packet filter
.duplicated_packet_filter_enable = 1, .duplicated_packet_filter_enable = 1,

15
src/session/test/gtest_overload_evict_tcp_sess.cpp
View File

@@ -17,15 +17,16 @@ struct session_manager_options opts = {
.udp_overload_evict_old_sess = 1, // 1: evict old session, 0: bypass new session .udp_overload_evict_old_sess = 1, // 1: evict old session, 0: bypass new session
// tcp timeout // tcp timeout
.tcp_timeout_init = 1, .tcp_init_timeout = 1,
.tcp_timeout_handshake = 2, .tcp_handshake_timeout = 2,
.tcp_timeout_data = 3, .tcp_data_timeout = 3,
.tcp_timeout_half_closed = 4, .tcp_half_closed_timeout = 4,
.tcp_timeout_time_wait = 5, .tcp_time_wait_timeout = 5,
.tcp_timeout_discard = 6, .tcp_discard_timeout = 6,
.tcp_unverified_rst_timeout = 7,
// udp timeout // udp timeout
.udp_timeout_data = 7, .udp_data_timeout = 8,
// duplicate packet filter // duplicate packet filter

15
src/session/test/gtest_overload_evict_udp_sess.cpp
View File

@@ -17,15 +17,16 @@ struct session_manager_options opts = {
.udp_overload_evict_old_sess = 1, // 1: evict old session, 0: bypass new session .udp_overload_evict_old_sess = 1, // 1: evict old session, 0: bypass new session
// tcp timeout // tcp timeout
.tcp_timeout_init = 1, .tcp_init_timeout = 1,
.tcp_timeout_handshake = 2, .tcp_handshake_timeout = 2,
.tcp_timeout_data = 3, .tcp_data_timeout = 3,
.tcp_timeout_half_closed = 4, .tcp_half_closed_timeout = 4,
.tcp_timeout_time_wait = 5, .tcp_time_wait_timeout = 5,
.tcp_timeout_discard = 6, .tcp_discard_timeout = 6,
.tcp_unverified_rst_timeout = 7,
// udp timeout // udp timeout
.udp_timeout_data = 7, .udp_data_timeout = 8,
// duplicate packet filter // duplicate packet filter

23
src/session/test/gtest_sess_mgr_tcp_reassembly.cpp
View File

@@ -16,15 +16,16 @@ struct session_manager_options opts = {
.udp_overload_evict_old_sess = 1, // 1: evict old session, 0: bypass new session .udp_overload_evict_old_sess = 1, // 1: evict old session, 0: bypass new session
// tcp timeout // tcp timeout
.tcp_timeout_init = 1, .tcp_init_timeout = 1,
.tcp_timeout_handshake = 2, .tcp_handshake_timeout = 2,
.tcp_timeout_data = 3, .tcp_data_timeout = 3,
.tcp_timeout_half_closed = 4, .tcp_half_closed_timeout = 4,
.tcp_timeout_time_wait = 5, .tcp_time_wait_timeout = 5,
.tcp_timeout_discard = 6, .tcp_discard_timeout = 6,
.tcp_unverified_rst_timeout = 7,
// udp timeout // udp timeout
.udp_timeout_data = 7, .udp_data_timeout = 8,
// duplicate packet filter // duplicate packet filter
.duplicated_packet_filter_enable = 1, .duplicated_packet_filter_enable = 1,
@@ -237,8 +238,8 @@ TEST(SESS_MGR_TCP_REASSEMBLY, OUT_OF_ORDER)
session_consume_tcp_payload(sess, len); session_consume_tcp_payload(sess, len);
// expire session // expire session
EXPECT_TRUE(session_manager_get_expired_session(mgr, 7 + opts.tcp_timeout_data) == NULL); // active -> closing EXPECT_TRUE(session_manager_get_expired_session(mgr, 7 + opts.tcp_data_timeout) == NULL); // active -> closing
sess = session_manager_get_expired_session(mgr, 7 + opts.tcp_timeout_data + opts.tcp_timeout_time_wait); // closing -> closed sess = session_manager_get_expired_session(mgr, 7 + opts.tcp_data_timeout + opts.tcp_time_wait_timeout); // closing -> closed
EXPECT_TRUE(sess); EXPECT_TRUE(sess);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED);
EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT);
@@ -329,8 +330,8 @@ TEST(SESS_MGR_TCP_REASSEMBLY, SEQ_WRAPAROUND)
session_consume_tcp_payload(sess, len); session_consume_tcp_payload(sess, len);
// expire session // expire session
EXPECT_TRUE(session_manager_get_expired_session(mgr, 4 + opts.tcp_timeout_data) == NULL); // active -> closing EXPECT_TRUE(session_manager_get_expired_session(mgr, 4 + opts.tcp_data_timeout) == NULL); // active -> closing
sess = session_manager_get_expired_session(mgr, 4 + opts.tcp_timeout_data + opts.tcp_timeout_time_wait); // closing -> closed sess = session_manager_get_expired_session(mgr, 4 + opts.tcp_data_timeout + opts.tcp_time_wait_timeout); // closing -> closed
EXPECT_TRUE(sess); EXPECT_TRUE(sess);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED);
EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT);

29
src/session/test/gtest_state_tcp_active_to_closing.cpp
View File

@@ -17,15 +17,16 @@ struct session_manager_options opts = {
.udp_overload_evict_old_sess = 1, // 1: evict old session, 0: bypass new session .udp_overload_evict_old_sess = 1, // 1: evict old session, 0: bypass new session
// tcp timeout // tcp timeout
.tcp_timeout_init = 1, .tcp_init_timeout = 1,
.tcp_timeout_handshake = 2, .tcp_handshake_timeout = 2,
.tcp_timeout_data = 3, .tcp_data_timeout = 3,
.tcp_timeout_half_closed = 4, .tcp_half_closed_timeout = 4,
.tcp_timeout_time_wait = 5, .tcp_time_wait_timeout = 5,
.tcp_timeout_discard = 6, .tcp_discard_timeout = 6,
.tcp_unverified_rst_timeout = 7,
// udp timeout // udp timeout
.udp_timeout_data = 7, .udp_data_timeout = 8,
// duplicate packet filter // duplicate packet filter
.duplicated_packet_filter_enable = 1, .duplicated_packet_filter_enable = 1,
@@ -144,7 +145,7 @@ TEST(TCP_ACTIVE_TO_CLOSING, BY_FIN_FIN)
EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 1); EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 1);
// expire session // expire session
sess = session_manager_get_expired_session(mgr, 3 + opts.tcp_timeout_time_wait); sess = session_manager_get_expired_session(mgr, 3 + opts.tcp_time_wait_timeout);
EXPECT_TRUE(sess); EXPECT_TRUE(sess);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED);
EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_CLIENT_FIN); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_CLIENT_FIN);
@@ -232,7 +233,7 @@ TEST(TCP_ACTIVE_TO_CLOSING, BY_C2S_RST)
EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 1); EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 1);
// expire session // expire session
sess = session_manager_get_expired_session(mgr, 3 + opts.tcp_timeout_time_wait); sess = session_manager_get_expired_session(mgr, 3 + opts.tcp_unverified_rst_timeout);
EXPECT_TRUE(sess); EXPECT_TRUE(sess);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED);
EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_CLIENT_RST); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_CLIENT_RST);
@@ -320,7 +321,7 @@ TEST(TCP_ACTIVE_TO_CLOSING, BY_S2C_RST)
EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 1); EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 1);
// expire session // expire session
sess = session_manager_get_expired_session(mgr, 3 + opts.tcp_timeout_time_wait); sess = session_manager_get_expired_session(mgr, 3 + opts.tcp_unverified_rst_timeout);
EXPECT_TRUE(sess); EXPECT_TRUE(sess);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED);
EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_SERVER_RST); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_SERVER_RST);
@@ -368,8 +369,8 @@ TEST(TCP_ACTIVE_TO_CLOSING, BY_DATA_TIMEOUT)
EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 0); EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 0);
// expire session // expire session
EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.tcp_timeout_data) == NULL); EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.tcp_data_timeout) == NULL);
sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_timeout_data + opts.tcp_timeout_time_wait); sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_data_timeout + opts.tcp_time_wait_timeout);
EXPECT_TRUE(sess); EXPECT_TRUE(sess);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED);
EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT);
@@ -450,7 +451,7 @@ TEST(TCP_ACTIVE_TO_CLOSING, BY_C2S_HALF_CLOSED_TIMEOUT)
EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 1); EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 1);
// expire session // expire session
sess = session_manager_get_expired_session(mgr, 3 + opts.tcp_timeout_time_wait); sess = session_manager_get_expired_session(mgr, 3 + opts.tcp_time_wait_timeout);
EXPECT_TRUE(sess); EXPECT_TRUE(sess);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED);
EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_CLIENT_FIN); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_CLIENT_FIN);
@@ -531,7 +532,7 @@ TEST(TCP_ACTIVE_TO_CLOSING, BY_S2C_HALF_CLOSED_TIMEOUT)
EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 1); EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 1);
// expire session // expire session
sess = session_manager_get_expired_session(mgr, 3 + opts.tcp_timeout_time_wait); sess = session_manager_get_expired_session(mgr, 3 + opts.tcp_time_wait_timeout);
EXPECT_TRUE(sess); EXPECT_TRUE(sess);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED);
EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_SERVER_FIN); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_SERVER_FIN);

47
src/session/test/gtest_state_tcp_init_to_opening.cpp
View File

@@ -17,15 +17,16 @@ struct session_manager_options opts = {
.udp_overload_evict_old_sess = 1, // 1: evict old session, 0: bypass new session .udp_overload_evict_old_sess = 1, // 1: evict old session, 0: bypass new session
// tcp timeout // tcp timeout
.tcp_timeout_init = 1, .tcp_init_timeout = 1,
.tcp_timeout_handshake = 2, .tcp_handshake_timeout = 2,
.tcp_timeout_data = 3, .tcp_data_timeout = 3,
.tcp_timeout_half_closed = 4, .tcp_half_closed_timeout = 4,
.tcp_timeout_time_wait = 5, .tcp_time_wait_timeout = 5,
.tcp_timeout_discard = 6, .tcp_discard_timeout = 6,
.tcp_unverified_rst_timeout = 7,
// udp timeout // udp timeout
.udp_timeout_data = 7, .udp_data_timeout = 8,
// duplicate packet filter // duplicate packet filter
.duplicated_packet_filter_enable = 1, .duplicated_packet_filter_enable = 1,
@@ -104,8 +105,8 @@ TEST(TCP_INIT_TO_OPENING, BY_SYN)
EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 0); EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 0);
// expire session // expire session
EXPECT_TRUE(session_manager_get_expired_session(mgr, 1 + opts.tcp_timeout_init) == NULL); // opening -> closing EXPECT_TRUE(session_manager_get_expired_session(mgr, 1 + opts.tcp_init_timeout) == NULL); // opening -> closing
sess = session_manager_get_expired_session(mgr, 1 + opts.tcp_timeout_init + opts.tcp_timeout_time_wait); // closing -> closed sess = session_manager_get_expired_session(mgr, 1 + opts.tcp_init_timeout + opts.tcp_time_wait_timeout); // closing -> closed
EXPECT_TRUE(sess); EXPECT_TRUE(sess);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED);
EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT);
@@ -184,8 +185,8 @@ TEST(TCP_INIT_TO_OPENING, BY_SYNACK)
EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 0); EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 0);
// expire session // expire session
EXPECT_TRUE(session_manager_get_expired_session(mgr, 1 + opts.tcp_timeout_handshake) == NULL); EXPECT_TRUE(session_manager_get_expired_session(mgr, 1 + opts.tcp_handshake_timeout) == NULL);
sess = session_manager_get_expired_session(mgr, 1 + opts.tcp_timeout_handshake + opts.tcp_timeout_time_wait); sess = session_manager_get_expired_session(mgr, 1 + opts.tcp_handshake_timeout + opts.tcp_time_wait_timeout);
EXPECT_TRUE(sess); EXPECT_TRUE(sess);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED);
EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT);
@@ -275,8 +276,8 @@ TEST(TCP_INIT_TO_OPENING, BY_SYN_SYNACK)
EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 0); EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 0);
// expire session // expire session
EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.tcp_timeout_handshake) == NULL); EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.tcp_handshake_timeout) == NULL);
sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_timeout_handshake + opts.tcp_timeout_time_wait); sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_handshake_timeout + opts.tcp_time_wait_timeout);
EXPECT_TRUE(sess); EXPECT_TRUE(sess);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED);
EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT);
@@ -376,8 +377,8 @@ TEST(TCP_INIT_TO_OPENING, BY_SYN_SYNACK_ACK)
EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 0); EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 0);
// expire session // expire session
EXPECT_TRUE(session_manager_get_expired_session(mgr, 3 + opts.tcp_timeout_data) == NULL); EXPECT_TRUE(session_manager_get_expired_session(mgr, 3 + opts.tcp_data_timeout) == NULL);
sess = session_manager_get_expired_session(mgr, 3 + opts.tcp_timeout_data + opts.tcp_timeout_time_wait); sess = session_manager_get_expired_session(mgr, 3 + opts.tcp_data_timeout + opts.tcp_time_wait_timeout);
EXPECT_TRUE(sess); EXPECT_TRUE(sess);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED);
EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT);
@@ -474,8 +475,8 @@ TEST(TCP_INIT_TO_OPENING, BY_SYN_RETRANSMISSION)
EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 0); EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 0);
// expire session // expire session
EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.tcp_timeout_init) == NULL); EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.tcp_init_timeout) == NULL);
sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_timeout_init + opts.tcp_timeout_time_wait); sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_init_timeout + opts.tcp_time_wait_timeout);
EXPECT_TRUE(sess); EXPECT_TRUE(sess);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED);
EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT);
@@ -573,8 +574,8 @@ TEST(TCP_INIT_TO_OPENING, BY_SYNACK_RETRANSMISSION)
EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 0); EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 0);
// expire session // expire session
EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.tcp_timeout_handshake) == NULL); EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.tcp_handshake_timeout) == NULL);
sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_timeout_handshake + opts.tcp_timeout_time_wait); sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_handshake_timeout + opts.tcp_time_wait_timeout);
EXPECT_TRUE(sess); EXPECT_TRUE(sess);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED);
EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT);
@@ -664,8 +665,8 @@ TEST(TCP_INIT_TO_OPENING, BY_C2S_ASMMETRIC)
EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 0); EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 0);
// expire session // expire session
EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.tcp_timeout_data) == NULL); EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.tcp_data_timeout) == NULL);
sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_timeout_data + opts.tcp_timeout_time_wait); sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_data_timeout + opts.tcp_time_wait_timeout);
EXPECT_TRUE(sess); EXPECT_TRUE(sess);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED);
EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT);
@@ -755,8 +756,8 @@ TEST(TCP_INIT_TO_OPENING, BY_S2C_ASMMETRIC)
EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 0); EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 0);
// expire session // expire session
EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.tcp_timeout_data) == NULL); EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.tcp_data_timeout) == NULL);
sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_timeout_data + opts.tcp_timeout_time_wait); sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_data_timeout + opts.tcp_time_wait_timeout);
EXPECT_TRUE(sess); EXPECT_TRUE(sess);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED);
EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT);

17
src/session/test/gtest_state_tcp_init_to_opening_to_active_to_closing_to_closed.cpp
View File

@@ -16,15 +16,16 @@ struct session_manager_options opts = {
.udp_overload_evict_old_sess = 1, // 1: evict old session, 0: bypass new session .udp_overload_evict_old_sess = 1, // 1: evict old session, 0: bypass new session
// tcp timeout // tcp timeout
.tcp_timeout_init = 1, .tcp_init_timeout = 1,
.tcp_timeout_handshake = 2, .tcp_handshake_timeout = 2,
.tcp_timeout_data = 3, .tcp_data_timeout = 3,
.tcp_timeout_half_closed = 4, .tcp_half_closed_timeout = 4,
.tcp_timeout_time_wait = 5, .tcp_time_wait_timeout = 5,
.tcp_timeout_discard = 6, .tcp_discard_timeout = 6,
.tcp_unverified_rst_timeout = 7,
// udp timeout // udp timeout
.udp_timeout_data = 7, .udp_data_timeout = 8,
// duplicate packet filter // duplicate packet filter
.duplicated_packet_filter_enable = 1, .duplicated_packet_filter_enable = 1,
@@ -408,7 +409,7 @@ TEST(TCP_INIT_TO_OPENING_TO_ACTIVE_TO_CLOSING_TO_CLOSED, TEST)
EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 1); EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 1);
// expire session // expire session
sess = session_manager_get_expired_session(mgr, 11 + opts.tcp_timeout_time_wait); sess = session_manager_get_expired_session(mgr, 11 + opts.tcp_time_wait_timeout);
EXPECT_TRUE(sess); EXPECT_TRUE(sess);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED);
EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_CLIENT_FIN); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_CLIENT_FIN);

23
src/session/test/gtest_state_tcp_opening_to_active.cpp
View File

@@ -16,15 +16,16 @@ struct session_manager_options opts = {
.udp_overload_evict_old_sess = 1, // 1: evict old session, 0: bypass new session .udp_overload_evict_old_sess = 1, // 1: evict old session, 0: bypass new session
// tcp timeout // tcp timeout
.tcp_timeout_init = 1, .tcp_init_timeout = 1,
.tcp_timeout_handshake = 2, .tcp_handshake_timeout = 2,
.tcp_timeout_data = 3, .tcp_data_timeout = 3,
.tcp_timeout_half_closed = 4, .tcp_half_closed_timeout = 4,
.tcp_timeout_time_wait = 5, .tcp_time_wait_timeout = 5,
.tcp_timeout_discard = 6, .tcp_discard_timeout = 6,
.tcp_unverified_rst_timeout = 7,
// udp timeout // udp timeout
.udp_timeout_data = 7, .udp_data_timeout = 8,
// duplicate packet filter // duplicate packet filter
.duplicated_packet_filter_enable = 1, .duplicated_packet_filter_enable = 1,
@@ -113,8 +114,8 @@ TEST(TCP_OPENING_TO_ACTIVE, BY_SYN_C2S_DATA)
EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 0); EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 0);
// expire session // expire session
EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.tcp_timeout_data) == NULL); EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.tcp_data_timeout) == NULL);
sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_timeout_data + opts.tcp_timeout_time_wait); sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_data_timeout + opts.tcp_time_wait_timeout);
EXPECT_TRUE(sess); EXPECT_TRUE(sess);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED);
EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT);
@@ -203,8 +204,8 @@ TEST(TCP_OPENING_TO_ACTIVE, BY_SYNACK_S2C_DATA)
EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 0); EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 0);
// expire session // expire session
EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.tcp_timeout_data) == NULL); EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.tcp_data_timeout) == NULL);
sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_timeout_data + opts.tcp_timeout_time_wait); sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_data_timeout + opts.tcp_time_wait_timeout);
EXPECT_TRUE(sess); EXPECT_TRUE(sess);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED);
EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT);

37
src/session/test/gtest_state_tcp_opening_to_closing.cpp
View File

@@ -17,15 +17,16 @@ struct session_manager_options opts = {
.udp_overload_evict_old_sess = 1, // 1: evict old session, 0: bypass new session .udp_overload_evict_old_sess = 1, // 1: evict old session, 0: bypass new session
// tcp timeout // tcp timeout
.tcp_timeout_init = 1, .tcp_init_timeout = 1,
.tcp_timeout_handshake = 2, .tcp_handshake_timeout = 2,
.tcp_timeout_data = 3, .tcp_data_timeout = 3,
.tcp_timeout_half_closed = 4, .tcp_half_closed_timeout = 4,
.tcp_timeout_time_wait = 5, .tcp_time_wait_timeout = 5,
.tcp_timeout_discard = 6, .tcp_discard_timeout = 6,
.tcp_unverified_rst_timeout = 7,
// udp timeout // udp timeout
.udp_timeout_data = 7, .udp_data_timeout = 8,
// duplicate packet filter // duplicate packet filter
.duplicated_packet_filter_enable = 1, .duplicated_packet_filter_enable = 1,
@@ -125,7 +126,7 @@ TEST(TCP_OPENING_TO_CLOSING, BY_FIN_FIN)
EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 1); EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 1);
// expire session // expire session
sess = session_manager_get_expired_session(mgr, 3 + opts.tcp_timeout_time_wait); sess = session_manager_get_expired_session(mgr, 3 + opts.tcp_time_wait_timeout);
EXPECT_TRUE(sess); EXPECT_TRUE(sess);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED);
EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_CLIENT_FIN); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_CLIENT_FIN);
@@ -221,7 +222,7 @@ TEST(TCP_OPENING_TO_CLOSING, BY_C2S_RST)
EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 1); EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 1);
// expire session // expire session
sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_timeout_time_wait); sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_unverified_rst_timeout);
EXPECT_TRUE(sess); EXPECT_TRUE(sess);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED);
EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_CLIENT_RST); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_CLIENT_RST);
@@ -317,7 +318,7 @@ TEST(TCP_OPENING_TO_CLOSING, BY_S2C_RST)
EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 1); EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 1);
// expire session // expire session
sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_timeout_time_wait); sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_unverified_rst_timeout);
EXPECT_TRUE(sess); EXPECT_TRUE(sess);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED);
EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_SERVER_RST); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_SERVER_RST);
@@ -374,8 +375,8 @@ TEST(TCP_OPENING_TO_CLOSING, BY_INIT_TIMEOUT)
EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 0); EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 0);
// expire session // expire session
EXPECT_TRUE(session_manager_get_expired_session(mgr, 1 + opts.tcp_timeout_init) == NULL); EXPECT_TRUE(session_manager_get_expired_session(mgr, 1 + opts.tcp_init_timeout) == NULL);
sess = session_manager_get_expired_session(mgr, 1 + opts.tcp_timeout_init + opts.tcp_timeout_time_wait); sess = session_manager_get_expired_session(mgr, 1 + opts.tcp_init_timeout + opts.tcp_time_wait_timeout);
EXPECT_TRUE(sess); EXPECT_TRUE(sess);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED);
EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT);
@@ -464,8 +465,8 @@ TEST(TCP_OPENING_TO_CLOSING, BY_HANDSHAKE_TIMEOUT)
EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 0); EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 0);
// expire session // expire session
EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.tcp_timeout_handshake) == NULL); EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.tcp_handshake_timeout) == NULL);
sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_timeout_handshake + opts.tcp_timeout_time_wait); sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_handshake_timeout + opts.tcp_time_wait_timeout);
EXPECT_TRUE(sess); EXPECT_TRUE(sess);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED);
EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT);
@@ -565,8 +566,8 @@ TEST(TCP_OPENING_TO_CLOSING, BY_DATA_TIMEOUT)
EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 0); EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 0);
// expire session // expire session
EXPECT_TRUE(session_manager_get_expired_session(mgr, 3 + opts.tcp_timeout_data) == NULL); EXPECT_TRUE(session_manager_get_expired_session(mgr, 3 + opts.tcp_data_timeout) == NULL);
sess = session_manager_get_expired_session(mgr, 3 + opts.tcp_timeout_data + opts.tcp_timeout_time_wait); sess = session_manager_get_expired_session(mgr, 3 + opts.tcp_data_timeout + opts.tcp_time_wait_timeout);
EXPECT_TRUE(sess); EXPECT_TRUE(sess);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED);
EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT);
@@ -655,7 +656,7 @@ TEST(TCP_OPENING_TO_CLOSING, BY_C2S_HALF_FIN)
EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 1); EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 1);
// expire session // expire session
sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_timeout_time_wait); sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_time_wait_timeout);
EXPECT_TRUE(sess); EXPECT_TRUE(sess);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED);
EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_CLIENT_FIN); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_CLIENT_FIN);
@@ -744,7 +745,7 @@ TEST(TCP_OPENING_TO_CLOSING, BY_S2C_HALF_FIN)
EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 1); EXPECT_TRUE(stat->tcp_sess.nr_sess_closing == 1);
// expire session // expire session
sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_timeout_time_wait); sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_time_wait_timeout);
EXPECT_TRUE(sess); EXPECT_TRUE(sess);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED);
EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_SERVER_FIN); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_SERVER_FIN);

19
src/session/test/gtest_state_udp_init_to_opening_to_active_to_closing.cpp
View File

@@ -16,15 +16,16 @@ struct session_manager_options opts = {
.udp_overload_evict_old_sess = 1, // 1: evict old session, 0: bypass new session .udp_overload_evict_old_sess = 1, // 1: evict old session, 0: bypass new session
// tcp timeout // tcp timeout
.tcp_timeout_init = 1, .tcp_init_timeout = 1,
.tcp_timeout_handshake = 2, .tcp_handshake_timeout = 2,
.tcp_timeout_data = 3, .tcp_data_timeout = 3,
.tcp_timeout_half_closed = 4, .tcp_half_closed_timeout = 4,
.tcp_timeout_time_wait = 5, .tcp_time_wait_timeout = 5,
.tcp_timeout_discard = 6, .tcp_discard_timeout = 6,
.tcp_unverified_rst_timeout = 7,
// udp timeout // udp timeout
.udp_timeout_data = 7, .udp_data_timeout = 8,
// duplicate packet filter // duplicate packet filter
.duplicated_packet_filter_enable = 1, .duplicated_packet_filter_enable = 1,
@@ -128,8 +129,8 @@ TEST(UDP_INIT_TO_OPENING_TO_ACTIVE_TO_CLOSING, TEST)
EXPECT_TRUE(stat->udp_sess.nr_sess_closing == 0); EXPECT_TRUE(stat->udp_sess.nr_sess_closing == 0);
// expire session // expire session
EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.udp_timeout_data) == NULL); // active -> closing EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.udp_data_timeout) == NULL); // active -> closing
sess = session_manager_get_expired_session(mgr, 2 + opts.udp_timeout_data + opts.udp_timeout_data); // closing -> closed sess = session_manager_get_expired_session(mgr, 2 + opts.udp_data_timeout + opts.udp_data_timeout); // closing -> closed
EXPECT_TRUE(sess); EXPECT_TRUE(sess);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED);
EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT);

23
src/session/test/gtest_state_udp_init_to_opening_to_closing.cpp
View File

@@ -16,15 +16,16 @@ struct session_manager_options opts = {
.udp_overload_evict_old_sess = 1, // 1: evict old session, 0: bypass new session .udp_overload_evict_old_sess = 1, // 1: evict old session, 0: bypass new session
// tcp timeout // tcp timeout
.tcp_timeout_init = 1, .tcp_init_timeout = 1,
.tcp_timeout_handshake = 2, .tcp_handshake_timeout = 2,
.tcp_timeout_data = 3, .tcp_data_timeout = 3,
.tcp_timeout_half_closed = 4, .tcp_half_closed_timeout = 4,
.tcp_timeout_time_wait = 5, .tcp_time_wait_timeout = 5,
.tcp_timeout_discard = 6, .tcp_discard_timeout = 6,
.tcp_unverified_rst_timeout = 7,
// udp timeout // udp timeout
.udp_timeout_data = 7, .udp_data_timeout = 8,
// duplicate packet filter // duplicate packet filter
.duplicated_packet_filter_enable = 1, .duplicated_packet_filter_enable = 1,
@@ -103,8 +104,8 @@ TEST(UDP_INIT_TO_OPENING_TO_CLOSING, BY_C2S)
EXPECT_TRUE(stat->udp_sess.nr_sess_closing == 0); EXPECT_TRUE(stat->udp_sess.nr_sess_closing == 0);
// expire session // expire session
EXPECT_TRUE(session_manager_get_expired_session(mgr, 1 + opts.udp_timeout_data) == NULL); // opening -> closing EXPECT_TRUE(session_manager_get_expired_session(mgr, 1 + opts.udp_data_timeout) == NULL); // opening -> closing
sess = session_manager_get_expired_session(mgr, 1 + opts.udp_timeout_data + opts.udp_timeout_data); // closing -> closed sess = session_manager_get_expired_session(mgr, 1 + opts.udp_data_timeout + opts.udp_data_timeout); // closing -> closed
EXPECT_TRUE(sess); EXPECT_TRUE(sess);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED);
EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT);
@@ -184,8 +185,8 @@ TEST(UDP_INIT_TO_OPENING_TO_CLOSING, BY_S2C)
EXPECT_TRUE(stat->udp_sess.nr_sess_closing == 0); EXPECT_TRUE(stat->udp_sess.nr_sess_closing == 0);
// expire session // expire session
EXPECT_TRUE(session_manager_get_expired_session(mgr, 1 + opts.udp_timeout_data) == NULL); // opening -> closing EXPECT_TRUE(session_manager_get_expired_session(mgr, 1 + opts.udp_data_timeout) == NULL); // opening -> closing
sess = session_manager_get_expired_session(mgr, 1 + opts.udp_timeout_data + opts.udp_timeout_data); // closing -> closed sess = session_manager_get_expired_session(mgr, 1 + opts.udp_data_timeout + opts.udp_data_timeout); // closing -> closed
EXPECT_TRUE(sess); EXPECT_TRUE(sess);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED);

19
src/session/test/gtest_timeout_tcp_data.cpp
View File

@@ -15,15 +15,16 @@ struct session_manager_options opts = {
.udp_overload_evict_old_sess = 1, // 1: evict old session, 0: bypass new session .udp_overload_evict_old_sess = 1, // 1: evict old session, 0: bypass new session
// tcp timeout // tcp timeout
.tcp_timeout_init = 1, .tcp_init_timeout = 1,
.tcp_timeout_handshake = 2, .tcp_handshake_timeout = 2,
.tcp_timeout_data = 3, .tcp_data_timeout = 3,
.tcp_timeout_half_closed = 4, .tcp_half_closed_timeout = 4,
.tcp_timeout_time_wait = 5, .tcp_time_wait_timeout = 5,
.tcp_timeout_discard = 6, .tcp_discard_timeout = 6,
.tcp_unverified_rst_timeout = 7,
// udp timeout // udp timeout
.udp_timeout_data = 7, .udp_data_timeout = 8,
// duplicate packet filter // duplicate packet filter
.duplicated_packet_filter_enable = 1, .duplicated_packet_filter_enable = 1,
@@ -77,8 +78,8 @@ TEST(TIMEOUT, TCP_TIMEOUT_DATA)
EXPECT_TRUE(session_manager_update_session(mgr, sess, &pkt, 2) == 0); EXPECT_TRUE(session_manager_update_session(mgr, sess, &pkt, 2) == 0);
// expire session // expire session
EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.tcp_timeout_data) == NULL); EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.tcp_data_timeout) == NULL);
sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_timeout_data + opts.tcp_timeout_time_wait); sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_data_timeout + opts.tcp_time_wait_timeout);
EXPECT_TRUE(sess); EXPECT_TRUE(sess);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED);
EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT);

19
src/session/test/gtest_timeout_tcp_handshake.cpp
View File

@@ -16,15 +16,16 @@ struct session_manager_options opts = {
.udp_overload_evict_old_sess = 1, // 1: evict old session, 0: bypass new session .udp_overload_evict_old_sess = 1, // 1: evict old session, 0: bypass new session
// tcp timeout // tcp timeout
.tcp_timeout_init = 1, .tcp_init_timeout = 1,
.tcp_timeout_handshake = 2, .tcp_handshake_timeout = 2,
.tcp_timeout_data = 3, .tcp_data_timeout = 3,
.tcp_timeout_half_closed = 4, .tcp_half_closed_timeout = 4,
.tcp_timeout_time_wait = 5, .tcp_time_wait_timeout = 5,
.tcp_timeout_discard = 6, .tcp_discard_timeout = 6,
.tcp_unverified_rst_timeout = 7,
// udp timeout // udp timeout
.udp_timeout_data = 7, .udp_data_timeout = 8,
// duplicate packet filter // duplicate packet filter
.duplicated_packet_filter_enable = 1, .duplicated_packet_filter_enable = 1,
@@ -67,8 +68,8 @@ TEST(TIMEOUT, TCP_TIMEOUT_HANDSHAKE)
EXPECT_TRUE(sess); EXPECT_TRUE(sess);
// expire session // expire session
EXPECT_TRUE(session_manager_get_expired_session(mgr, 1 + opts.tcp_timeout_handshake) == NULL); EXPECT_TRUE(session_manager_get_expired_session(mgr, 1 + opts.tcp_handshake_timeout) == NULL);
sess = session_manager_get_expired_session(mgr, 1 + opts.tcp_timeout_handshake + opts.tcp_timeout_time_wait); sess = session_manager_get_expired_session(mgr, 1 + opts.tcp_handshake_timeout + opts.tcp_time_wait_timeout);
EXPECT_TRUE(sess); EXPECT_TRUE(sess);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED);
EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT);

19
src/session/test/gtest_timeout_tcp_init.cpp
View File

@@ -16,15 +16,16 @@ struct session_manager_options opts = {
.udp_overload_evict_old_sess = 1, // 1: evict old session, 0: bypass new session .udp_overload_evict_old_sess = 1, // 1: evict old session, 0: bypass new session
// tcp timeout // tcp timeout
.tcp_timeout_init = 1, .tcp_init_timeout = 1,
.tcp_timeout_handshake = 2, .tcp_handshake_timeout = 2,
.tcp_timeout_data = 3, .tcp_data_timeout = 3,
.tcp_timeout_half_closed = 4, .tcp_half_closed_timeout = 4,
.tcp_timeout_time_wait = 5, .tcp_time_wait_timeout = 5,
.tcp_timeout_discard = 6, .tcp_discard_timeout = 6,
.tcp_unverified_rst_timeout = 7,
// udp timeout // udp timeout
.udp_timeout_data = 7, .udp_data_timeout = 8,
// duplicate packet filter // duplicate packet filter
.duplicated_packet_filter_enable = 1, .duplicated_packet_filter_enable = 1,
@@ -67,8 +68,8 @@ TEST(TIMEOUT, TCP_TIMEOUT_INIT)
EXPECT_TRUE(sess); EXPECT_TRUE(sess);
// expire session // expire session
EXPECT_TRUE(session_manager_get_expired_session(mgr, 1 + opts.tcp_timeout_init) == NULL); // opening -> closing EXPECT_TRUE(session_manager_get_expired_session(mgr, 1 + opts.tcp_init_timeout) == NULL); // opening -> closing
sess = session_manager_get_expired_session(mgr, 1 + opts.tcp_timeout_init + opts.tcp_timeout_time_wait); // closing -> closed sess = session_manager_get_expired_session(mgr, 1 + opts.tcp_init_timeout + opts.tcp_time_wait_timeout); // closing -> closed
EXPECT_TRUE(sess); EXPECT_TRUE(sess);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED);
EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT);

23
src/session/test/gtest_timeout_udp_data.cpp
View File

@@ -15,15 +15,16 @@ struct session_manager_options opts = {
.udp_overload_evict_old_sess = 1, // 1: evict old session, 0: bypass new session .udp_overload_evict_old_sess = 1, // 1: evict old session, 0: bypass new session
// tcp timeout // tcp timeout
.tcp_timeout_init = 1, .tcp_init_timeout = 1,
.tcp_timeout_handshake = 2, .tcp_handshake_timeout = 2,
.tcp_timeout_data = 3, .tcp_data_timeout = 3,
.tcp_timeout_half_closed = 4, .tcp_half_closed_timeout = 4,
.tcp_timeout_time_wait = 5, .tcp_time_wait_timeout = 5,
.tcp_timeout_discard = 6, .tcp_discard_timeout = 6,
.tcp_unverified_rst_timeout = 7,
// udp timeout // udp timeout
.udp_timeout_data = 7, .udp_data_timeout = 8,
// duplicate packet filter // duplicate packet filter
.duplicated_packet_filter_enable = 1, .duplicated_packet_filter_enable = 1,
@@ -66,8 +67,8 @@ TEST(TIMEOUT, UDP_TIMEOUT_DATA1)
EXPECT_TRUE(sess); EXPECT_TRUE(sess);
// expire session // expire session
EXPECT_TRUE(session_manager_get_expired_session(mgr, 1 + opts.udp_timeout_data) == NULL); // opening -> closing EXPECT_TRUE(session_manager_get_expired_session(mgr, 1 + opts.udp_data_timeout) == NULL); // opening -> closing
sess = session_manager_get_expired_session(mgr, 1 + opts.udp_timeout_data + opts.udp_timeout_data); // closing -> closed sess = session_manager_get_expired_session(mgr, 1 + opts.udp_data_timeout + opts.udp_data_timeout); // closing -> closed
EXPECT_TRUE(sess); EXPECT_TRUE(sess);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED);
EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT);
@@ -112,8 +113,8 @@ TEST(TIMEOUT, UDP_TIMEOUT_DATA2)
EXPECT_TRUE(session_manager_update_session(mgr, sess, &pkt, 2) == 0); EXPECT_TRUE(session_manager_update_session(mgr, sess, &pkt, 2) == 0);
// expire session // expire session
EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.udp_timeout_data) == NULL); // active -> closing EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.udp_data_timeout) == NULL); // active -> closing
sess = session_manager_get_expired_session(mgr, 2 + opts.udp_timeout_data + opts.udp_timeout_data); // closing -> closed sess = session_manager_get_expired_session(mgr, 2 + opts.udp_data_timeout + opts.udp_data_timeout); // closing -> closed
EXPECT_TRUE(sess); EXPECT_TRUE(sess);
EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED);
EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT);

18
src/stellar/stellar.cpp
View File

@@ -48,10 +48,10 @@ struct stellar_context stellar_context;
struct stellar_context *stellar_ctx = &stellar_context; struct stellar_context *stellar_ctx = &stellar_context;
// config // config
struct device_options *dev_opts = &stellar_context.config.dev_opts; struct device_options *device_opts = &stellar_context.config.device_opts;
struct packet_io_options *pkt_io_opts = &stellar_context.config.pkt_io_opts; struct packet_io_options *packet_io_opts = &stellar_context.config.packet_io_opts;
struct ip_reassembly_options *ip_reass_opts = &stellar_context.config.ip_reass_opts; struct ip_reassembly_options *ip_reassembly_opts = &stellar_context.config.ip_reassembly_opts;
struct session_manager_options *sess_mgr_opts = &stellar_context.config.sess_mgr_opts; struct session_manager_options *session_manager_opts = &stellar_context.config.session_manager_opts;
static const char *log_config_file = "./conf/log.toml"; static const char *log_config_file = "./conf/log.toml";
static const char *stellar_config_file = "./conf/stellar.toml"; static const char *stellar_config_file = "./conf/stellar.toml";
@@ -291,14 +291,14 @@ static int thread_context_init(struct stellar_context *ctx, uint8_t nr_threads)
threads_ctx->need_exit = 0; threads_ctx->need_exit = 0;
threads_ctx->is_runing = 0; threads_ctx->is_runing = 0;
threads_ctx->sess_mgr = session_manager_new(sess_mgr_opts, now); threads_ctx->sess_mgr = session_manager_new(session_manager_opts, now);
if (threads_ctx->sess_mgr == NULL) if (threads_ctx->sess_mgr == NULL)
{ {
STELLAR_LOG_ERROR("unable to create session manager"); STELLAR_LOG_ERROR("unable to create session manager");
return -1; return -1;
} }
threads_ctx->ip_mgr = ip_reassembly_new(ip_reass_opts); threads_ctx->ip_mgr = ip_reassembly_new(ip_reassembly_opts);
if (threads_ctx->ip_mgr == NULL) if (threads_ctx->ip_mgr == NULL)
{ {
STELLAR_LOG_ERROR("unable to create ip reassemble manager"); STELLAR_LOG_ERROR("unable to create ip reassemble manager");
@@ -382,7 +382,7 @@ int main(int argc, char **argv)
print_config_options(&stellar_ctx->config); print_config_options(&stellar_ctx->config);
if (id_generator_init(dev_opts->device_base, dev_opts->device_offset) != 0) if (id_generator_init(device_opts->device_base, device_opts->device_offset) != 0)
{ {
STELLAR_LOG_ERROR("unable to init id generator"); STELLAR_LOG_ERROR("unable to init id generator");
return -1; return -1;
@@ -390,8 +390,8 @@ int main(int argc, char **argv)
// TODO load plugin // TODO load plugin
uint8_t nr_threads = pkt_io_opts->nr_threads; uint8_t nr_threads = packet_io_opts->nr_threads;
stellar_ctx->packet_io = packet_io_new(pkt_io_opts); stellar_ctx->packet_io = packet_io_new(packet_io_opts);
if (stellar_ctx->packet_io == NULL) if (stellar_ctx->packet_io == NULL)
{ {
STELLAR_LOG_ERROR("unable to create packet io"); STELLAR_LOG_ERROR("unable to create packet io");

71
src/tcp_reassembly/tcp_reassembly.cpp
View File

@@ -18,7 +18,10 @@ struct segment
struct tcp_reassembly struct tcp_reassembly
{ {
struct tcp_reassembly_options opts; uint8_t enable;
uint32_t max_timeout;
uint32_t max_segments;
uint32_t max_bytes;
struct tcp_reassembly_stat stat; struct tcp_reassembly_stat stat;
struct rb_root_cached tree_root; struct rb_root_cached tree_root;
@@ -26,6 +29,10 @@ struct tcp_reassembly
uint64_t exp_seq; uint64_t exp_seq;
}; };
/******************************************************************************
* Private API
******************************************************************************/
/* /*
* The next routines deal with comparing 32 bit unsigned ints * The next routines deal with comparing 32 bit unsigned ints
* and worry about wraparound (automatic with unsigned arithmetic). * and worry about wraparound (automatic with unsigned arithmetic).
@@ -36,16 +43,46 @@ static inline bool before(uint32_t seq1, uint32_t seq2)
return (int32_t)(seq1 - seq2) < 0; return (int32_t)(seq1 - seq2) < 0;
} }
static int check_options(const struct tcp_reassembly_options *opts)
{
if (opts == NULL)
{
TCP_REASSEMBLE_ERROR("invalid options");
return -1;
}
if (opts->enable)
{
if (opts->max_timeout < 1 || opts->max_timeout > 60000)
{
TCP_REASSEMBLE_ERROR("invalid max_timeout: %u, supported range: [1, 60000]", opts->max_timeout);
return -1;
}
}
return 0;
}
/******************************************************************************
* Public API
******************************************************************************/
struct tcp_reassembly *tcp_reassembly_new(struct tcp_reassembly_options *opts) struct tcp_reassembly *tcp_reassembly_new(struct tcp_reassembly_options *opts)
{ {
struct tcp_reassembly *assy = NULL; if (check_options(opts) == -1)
{
return NULL;
}
assy = (struct tcp_reassembly *)calloc(1, sizeof(struct tcp_reassembly)); struct tcp_reassembly *assy = (struct tcp_reassembly *)calloc(1, sizeof(struct tcp_reassembly));
if (assy == NULL) if (assy == NULL)
{ {
return NULL; return NULL;
} }
memcpy(&assy->opts, opts, sizeof(struct tcp_reassembly_options)); assy->enable = opts->enable;
assy->max_timeout = opts->max_timeout;
assy->max_segments = opts->max_segments;
assy->max_bytes = opts->max_bytes;
assy->tree_root = RB_ROOT_CACHED; assy->tree_root = RB_ROOT_CACHED;
INIT_LIST_HEAD(&assy->list_root); INIT_LIST_HEAD(&assy->list_root);
@@ -74,7 +111,7 @@ void tcp_reassembly_free(struct tcp_reassembly *assy)
void tcp_reassembly_init(struct tcp_reassembly *assy, uint32_t syn_seq) void tcp_reassembly_init(struct tcp_reassembly *assy, uint32_t syn_seq)
{ {
if (!assy->opts.enable) if (!assy->enable)
{ {
return; return;
} }
@@ -85,7 +122,7 @@ void tcp_reassembly_init(struct tcp_reassembly *assy, uint32_t syn_seq)
void tcp_reassembly_expire(struct tcp_reassembly *assy, uint64_t now) void tcp_reassembly_expire(struct tcp_reassembly *assy, uint64_t now)
{ {
if (!assy->opts.enable) if (!assy->enable)
{ {
return; return;
} }
@@ -95,7 +132,7 @@ void tcp_reassembly_expire(struct tcp_reassembly *assy, uint64_t now)
while (!list_empty(&assy->list_root)) while (!list_empty(&assy->list_root))
{ {
seg = list_first_entry(&assy->list_root, struct segment, list_node); seg = list_first_entry(&assy->list_root, struct segment, list_node);
if (seg->time + assy->opts.max_timeout > now) if (seg->time + assy->max_timeout > now)
{ {
break; break;
} }
@@ -119,7 +156,7 @@ void tcp_reassembly_expire(struct tcp_reassembly *assy, uint64_t now)
void tcp_reassembly_insert(struct tcp_reassembly *assy, uint32_t offset, const char *payload, uint32_t len, uint64_t now) void tcp_reassembly_insert(struct tcp_reassembly *assy, uint32_t offset, const char *payload, uint32_t len, uint64_t now)
{ {
if (!assy->opts.enable) if (!assy->enable || len == 0)
{ {
return; return;
} }
@@ -130,23 +167,23 @@ void tcp_reassembly_insert(struct tcp_reassembly *assy, uint32_t offset, const c
assy->stat.insert_segments++; assy->stat.insert_segments++;
assy->stat.insert_bytes += len; assy->stat.insert_bytes += len;
if (assy->opts.max_segments > 0 && assy->stat.curr_segments >= assy->opts.max_segments) if (assy->max_segments > 0 && assy->stat.curr_segments >= assy->max_segments)
{ {
assy->stat.overload_bypass_segments++; assy->stat.overload_bypass_segments++;
assy->stat.overload_bypass_bytes += len; assy->stat.overload_bypass_bytes += len;
TCP_REASSEMBLE_DEBUG("reassembler %p insert [%lu, %lu] failed, reach max packets %u", assy, low, high, assy->opts.max_segments); TCP_REASSEMBLE_DEBUG("reassembler %p insert [%lu, %lu] failed, reach max packets %u", assy, low, high, assy->max_segments);
return; return;
} }
if (assy->opts.max_bytes > 0 && assy->stat.curr_bytes >= assy->opts.max_bytes) if (assy->max_bytes > 0 && assy->stat.curr_bytes >= assy->max_bytes)
{ {
assy->stat.overload_bypass_segments++; assy->stat.overload_bypass_segments++;
assy->stat.overload_bypass_bytes += len; assy->stat.overload_bypass_bytes += len;
TCP_REASSEMBLE_DEBUG("reassembler %p insert [%lu, %lu] failed, reach max bytes %u", assy, low, high, assy->opts.max_bytes); TCP_REASSEMBLE_DEBUG("reassembler %p insert [%lu, %lu] failed, reach max bytes %u", assy, low, high, assy->max_bytes);
return; return;
} }
if (len == 0 || before(offset + len, assy->exp_seq)) if (before(offset + len, assy->exp_seq))
{ {
assy->stat.retrans_bypass_segments++; assy->stat.retrans_bypass_segments++;
assy->stat.retrans_bypass_bytes += len; assy->stat.retrans_bypass_bytes += len;
@@ -183,7 +220,7 @@ const char *tcp_reassembly_peek(struct tcp_reassembly *assy, uint32_t *len)
{ {
*len = 0; *len = 0;
if (!assy->opts.enable) if (!assy->enable)
{ {
return NULL; return NULL;
} }
@@ -226,7 +263,7 @@ const char *tcp_reassembly_peek(struct tcp_reassembly *assy, uint32_t *len)
void tcp_reassembly_consume(struct tcp_reassembly *assy, uint32_t len) void tcp_reassembly_consume(struct tcp_reassembly *assy, uint32_t len)
{ {
if (!assy->opts.enable || len == 0) if (!assy->enable || len == 0)
{ {
return; return;
} }
@@ -293,7 +330,7 @@ void tcp_reassembly_consume(struct tcp_reassembly *assy, uint32_t len)
struct tcp_reassembly_stat *tcp_reassembly_get_stat(struct tcp_reassembly *assy) struct tcp_reassembly_stat *tcp_reassembly_get_stat(struct tcp_reassembly *assy)
{ {
if (!assy->opts.enable) if (!assy->enable)
{ {
return NULL; return NULL;
} }
@@ -303,7 +340,7 @@ struct tcp_reassembly_stat *tcp_reassembly_get_stat(struct tcp_reassembly *assy)
void tcp_reassembly_print_stat(struct tcp_reassembly *assy) void tcp_reassembly_print_stat(struct tcp_reassembly *assy)
{ {
if (!assy->opts.enable) if (!assy->enable)
{ {
return; return;
} }

6
src/tcp_reassembly/tcp_reassembly.h
View File

@@ -21,9 +21,9 @@ extern "C"
struct tcp_reassembly_options struct tcp_reassembly_options
{ {
uint8_t enable; uint8_t enable;
uint32_t max_timeout; uint32_t max_timeout; // range: [1, 60000]
uint32_t max_segments; uint32_t max_segments; // 0: unlimited
uint32_t max_bytes; uint32_t max_bytes; // 0: unlimited
}; };
struct tcp_reassembly_stat struct tcp_reassembly_stat