gfwleak/stellar-stellar
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update API of manipulation session

Browse Source
This commit is contained in:
luwenpeng
2024-04-01 17:13:26 +08:00
parent 772860c1be
commit a509f0ce3b
32 changed files with 1145 additions and 1347 deletions
Download Patch File Download Diff File Expand all files Collapse all files

147
src/session/session_manager.cpp
View File

@@ -9,7 +9,6 @@
#include "session_table.h"
#include "session_timer.h"
#include "session_manager.h"
#include "session_private.h"
#include "session_transition.h"
#include "evicted_session_filter.h"
#include "duplicated_packet_filter.h"
@@ -49,69 +48,6 @@ struct session_manager
#define EVICTE_SESSION_BURST (RX_BURST_MAX)
enum tcp_flags
{
SYN_RECV = 1 << 0,
SYN_ACK_RECV = 1 << 1,
C2S_FIN_RECV = 1 << 2,
S2C_FIN_RECV = 1 << 3,
C2S_RST_RECV = 1 << 4,
S2C_RST_RECV = 1 << 5,
C2S_UNVERIFIED_RST_RECV = 1 << 6,
S2C_UNVERIFIED_RST_RECV = 1 << 7,
};
// TODO
uint8_t tcp_flags_idx = 0;
static uint64_t tcp_flags_update(struct session *sess, uint8_t flags)
{
enum session_dir dir = session_get_cur_dir(sess);
uint64_t history = (uint64_t)session_get0_ex_data(sess, tcp_flags_idx);
if (flags & TH_SYN)
{
history |= (flags & TH_ACK) ? SYN_ACK_RECV : SYN_RECV;
}
if (flags & TH_FIN)
{
history |= (dir == SESSION_DIR_C2S ? C2S_FIN_RECV : S2C_FIN_RECV);
}
if (flags & TH_RST)
{
/*
* https://www.rfc-editor.org/rfc/rfc5961#section-3.2
*
* If the RST bit is set and the sequence number exactly matches the
* next expected sequence number (RCV.NXT), then TCP MUST reset the
* connection.
*/
uint16_t curr_seq = (dir == SESSION_DIR_C2S ? sess->c2s_seq : sess->s2c_seq);
uint16_t expect_seq = (dir == SESSION_DIR_C2S ? sess->s2c_ack : sess->c2s_ack);
// if fin is received, the expected sequence number should be increased by 1
expect_seq += (dir == SESSION_DIR_C2S ? (flags & S2C_FIN_RECV ? 1 : 0) : (flags & C2S_FIN_RECV ? 1 : 0));
if (curr_seq == expect_seq)
{
history |= (dir == SESSION_DIR_C2S ? C2S_RST_RECV : S2C_RST_RECV);
}
// RST is unverified if the sequence number is not as expected
else
{
history |= (dir == SESSION_DIR_C2S ? C2S_UNVERIFIED_RST_RECV : S2C_UNVERIFIED_RST_RECV);
}
}
session_set_ex_data(sess, tcp_flags_idx, (void *)history);
return history;
}
// TODO
int check_options(const struct session_manager_options *opts)
{
@@ -264,13 +200,13 @@ static enum session_dir identify_direction_by_port(uint16_t src_port, uint16_t d
static enum session_dir identify_direction_by_history(const struct session *sess, const struct tuple6 *key)
{
if (tuple6_cmp(session_get0_key(sess), key) == 0)
if (tuple6_cmp(session_get_tuple(sess), key) == 0)
{
return session_get_key_dir(sess);
return session_get_tuple_dir(sess);
}
else
{
return (session_get_key_dir(sess) == SESSION_DIR_C2S ? SESSION_DIR_S2C : SESSION_DIR_C2S);
return (session_get_tuple_dir(sess) == SESSION_DIR_C2S ? SESSION_DIR_S2C : SESSION_DIR_C2S);
}
}
@@ -338,15 +274,15 @@ static int session_manager_filter_evicted_session(struct session_manager *mgr, s
static int session_manager_filter_duplicated_packet(struct session_manager *mgr, struct session *sess, const struct packet *pkt, const struct tuple6 *key, uint64_t now)
{
enum session_dir dir = identify_direction_by_history(sess, key);
if ((dir == SESSION_DIR_C2S && session_get_c2s_packets(sess) < 3) ||
(dir == SESSION_DIR_S2C && session_get_s2c_packets(sess) < 3) ||
(session_get_dup_traffic_flag(sess) == DUP_TRAFFIC_YES))
if ((dir == SESSION_DIR_C2S && session_get_metric(sess, SESSION_METRIC_C2S_PACKETS) < 3) ||
(dir == SESSION_DIR_S2C && session_get_metric(sess, SESSION_METRIC_S2C_PACKETS) < 3) ||
(session_has_dup_traffic(sess) == 1))
{
if (duplicated_packet_filter_lookup(mgr->dup_pkt_filter, pkt, now))
{
mgr->stat.dup_pkt.nr_pkts++;
mgr->stat.dup_pkt.nr_bytes += packet_get_len(pkt);
session_set_dup_traffic_flag(sess, DUP_TRAFFIC_YES);
session_set_dup_traffic(sess);
return 1;
}
else
@@ -410,9 +346,9 @@ static void session_update(struct session *sess, enum session_state next_state,
{
if (session_get_state(sess) == SESSION_STATE_INIT)
{
session_set_key(sess, key);
session_set_key_dir(sess, dir);
session_set_new_time(sess, now);
session_set_tuple(sess, key);
session_set_tuple_dir(sess, dir);
session_set_timestamp(sess, SESSION_TIMESTAMP_NEW, now);
switch (key->ip_proto)
{
case IPPROTO_TCP:
@@ -429,17 +365,19 @@ static void session_update(struct session *sess, enum session_state next_state,
if (dir == SESSION_DIR_C2S)
{
session_inc_c2s_metrics(sess, 1, packet_get_len(pkt));
session_set_c2s_1st_pkt(sess, pkt);
session_inc_metric(sess, SESSION_METRIC_C2S_PACKETS, 1);
session_inc_metric(sess, SESSION_METRIC_C2S_BYTES, packet_get_len(pkt));
session_set_packet(sess, SESSION_PACKET_C2S_1ST, pkt);
}
else
{
session_inc_s2c_metrics(sess, 1, packet_get_len(pkt));
session_set_s2c_1st_pkt(sess, pkt);
session_inc_metric(sess, SESSION_METRIC_S2C_PACKETS, 1);
session_inc_metric(sess, SESSION_METRIC_S2C_BYTES, packet_get_len(pkt));
session_set_packet(sess, SESSION_PACKET_S2C_1ST, pkt);
}
session_set0_cur_pkt(sess, pkt);
session_set_packet(sess, SESSION_PACKET_CURRENT, pkt);
session_set_cur_dir(sess, dir);
session_set_last_time(sess, now);
session_set_timestamp(sess, SESSION_TIMESTAMP_LAST, now);
session_set_state(sess, next_state);
}
@@ -466,13 +404,13 @@ static void session_manager_evicte_session(struct session_manager *mgr, struct s
case SESSION_TYPE_TCP:
SESSION_LOG_DEBUG("evicte tcp old session: %lu", session_get_id(sess));
mgr->stat.tcp_sess.nr_old_sess_evicted++;
session_table_del(mgr->tcp_sess_table, session_get0_key(sess));
session_table_del(mgr->tcp_sess_table, session_get_tuple(sess));
break;
case SESSION_TYPE_UDP:
SESSION_LOG_DEBUG("evicte udp old session: %lu", session_get_id(sess));
mgr->stat.udp_sess.nr_old_sess_evicted++;
session_table_del(mgr->udp_sess_table, session_get0_key(sess));
evicted_session_filter_add(mgr->evicte_sess_filter, session_get0_key(sess), now);
session_table_del(mgr->udp_sess_table, session_get_tuple(sess));
evicted_session_filter_add(mgr->evicte_sess_filter, session_get_tuple(sess), now);
break;
default:
assert(0);
@@ -482,7 +420,7 @@ static void session_manager_evicte_session(struct session_manager *mgr, struct s
static struct session *session_manager_new_tcp_session(struct session_manager *mgr, const struct packet *pkt, const struct tuple6 *key, uint64_t now)
{
const struct layer *tcp_layer = packet_get_innermost_layer(pkt, LAYER_TYPE_TCP);
const struct pkt_layer *tcp_layer = packet_get_innermost_layer(pkt, LAYER_TYPE_TCP);
const struct tcphdr *hdr = (const struct tcphdr *)tcp_layer->hdr_ptr;
uint8_t flags = tcp_hdr_get_flags(hdr);
if (!(flags & TH_SYN))
@@ -505,14 +443,13 @@ static struct session *session_manager_new_tcp_session(struct session_manager *m
}
session_init(sess);
session_set_id(sess, id_generator_alloc());
if (session_new_tcp_reassembly(sess, &mgr->tcp_reassembly_opts) == -1)
if (tcp_sess_init(sess, &mgr->tcp_reassembly_opts) == -1)
{
assert(0);
session_pool_push(mgr->sess_pool, sess);
return NULL;
}
mgr->stat.tcp_sess.nr_sess_used++;
SESSION_LOG_DEBUG("session %lu, c2s reassembler %p, s2c reassembler %p", session_get_id(sess), sess->c2s_reassembly, sess->s2c_reassembly);
enum session_dir dir = tcp_hdr_get_ack_flag(hdr) ? SESSION_DIR_S2C : SESSION_DIR_C2S;
enum session_state next_state = session_transition_run(SESSION_STATE_INIT, TCP_SYN);
@@ -520,9 +457,7 @@ static struct session *session_manager_new_tcp_session(struct session_manager *m
session_transition_log(sess, SESSION_STATE_INIT, next_state, TCP_SYN);
session_stat_inc(&mgr->stat.tcp_sess, next_state);
session_init_tcp_seq(sess, tcp_hdr_get_seq(hdr));
session_set_tcp_seq_ack(sess, tcp_hdr_get_seq(hdr), tcp_hdr_get_ack(hdr));
session_insert_tcp_payload(sess, tcp_hdr_get_seq(hdr), tcp_layer->pld_ptr, tcp_layer->pld_len, now);
tcp_data_enqueue(sess, tcp_layer, now);
uint64_t timeout = (flags & TH_ACK) ? mgr->tcp_handshake_timeout : mgr->tcp_init_timeout;
session_timer_update(mgr->sess_timer, sess, now + timeout);
@@ -566,7 +501,7 @@ static struct session *session_manager_new_udp_session(struct session_manager *m
static int session_manager_update_tcp_session(struct session_manager *mgr, struct session *sess, const struct packet *pkt, const struct tuple6 *key, uint64_t now)
{
const struct layer *tcp_layer = packet_get_innermost_layer(pkt, LAYER_TYPE_TCP);
const struct pkt_layer *tcp_layer = packet_get_innermost_layer(pkt, LAYER_TYPE_TCP);
const struct tcphdr *hdr = (const struct tcphdr *)tcp_layer->hdr_ptr;
enum session_dir dir = identify_direction_by_history(sess, key);
uint8_t flags = tcp_hdr_get_flags(hdr);
@@ -580,14 +515,8 @@ static int session_manager_update_tcp_session(struct session_manager *mgr, struc
session_transition_log(sess, curr_state, next_state, inputs);
session_stat_update(mgr, sess, curr_state, next_state);
if (tcp_hdr_get_syn_flag(hdr))
{
session_init_tcp_seq(sess, tcp_hdr_get_seq(hdr));
}
session_set_tcp_seq_ack(sess, tcp_hdr_get_seq(hdr), tcp_hdr_get_ack(hdr));
session_expire_tcp_payload(sess, now);
session_insert_tcp_payload(sess, tcp_hdr_get_seq(hdr), tcp_layer->pld_ptr, tcp_layer->pld_len, now);
tcp_data_expire(sess, now);
tcp_data_enqueue(sess, tcp_layer, now);
// set closing reason
if (next_state == SESSION_STATE_CLOSING && !session_get_closing_reason(sess))
@@ -602,7 +531,7 @@ static int session_manager_update_tcp_session(struct session_manager *mgr, struc
}
}
uint64_t history = tcp_flags_update(sess, flags);
uint16_t sub_state = sess->data.tcp.sub_state;
uint64_t timeout = 0;
switch (next_state)
@@ -623,11 +552,11 @@ static int session_manager_update_tcp_session(struct session_manager *mgr, struc
case SESSION_STATE_CLOSING:
if (flags & TH_FIN)
{
timeout = (history & C2S_FIN_RECV && history & S2C_FIN_RECV) ? mgr->tcp_time_wait_timeout : mgr->tcp_half_closed_timeout;
timeout = (sub_state & TCP_C2S_FIN_RCVD && sub_state & TCP_S2C_FIN_RCVD) ? mgr->tcp_time_wait_timeout : mgr->tcp_half_closed_timeout;
}
else if (flags & TH_RST)
{
timeout = (history & C2S_RST_RECV || history & S2C_RST_RECV) ? mgr->tcp_time_wait_timeout : mgr->tcp_unverified_rst_timeout;
timeout = (sub_state & TCP_C2S_RST_RCVD || sub_state & TCP_S2C_RST_RCVD) ? mgr->tcp_time_wait_timeout : mgr->tcp_unverified_rst_timeout;
}
else
{
@@ -727,7 +656,6 @@ struct session_manager *session_manager_new(struct session_manager_options *opts
INIT_LIST_HEAD(&mgr->evicte_queue);
session_filter_init();
session_transition_init();
tcp_flags_idx = session_get_ex_new_index("tcp_flags", NULL, NULL);
return mgr;
@@ -795,19 +723,19 @@ void session_manager_free_session(struct session_manager *mgr, struct session *s
{
if (sess)
{
SESSION_LOG_DEBUG("session %lu closed (%s)", session_get_id(sess), session_closing_reason_to_str(session_get_closing_reason(sess)));
SESSION_LOG_DEBUG("session %lu closed (%s)", session_get_id(sess), closing_reason_to_str(session_get_closing_reason(sess)));
session_timer_del(mgr->sess_timer, sess);
switch (session_get_type(sess))
{
case SESSION_TYPE_TCP:
session_free_tcp_reassembly(sess);
session_table_del(mgr->tcp_sess_table, session_get0_key(sess));
tcp_sess_clean(sess);
session_table_del(mgr->tcp_sess_table, session_get_tuple(sess));
session_stat_dec(&mgr->stat.tcp_sess, session_get_state(sess));
mgr->stat.tcp_sess.nr_sess_used--;
break;
case SESSION_TYPE_UDP:
session_table_del(mgr->udp_sess_table, session_get0_key(sess));
session_table_del(mgr->udp_sess_table, session_get_tuple(sess));
session_stat_dec(&mgr->stat.udp_sess, session_get_state(sess));
mgr->stat.udp_sess.nr_sess_used--;
break;
@@ -815,11 +743,10 @@ void session_manager_free_session(struct session_manager *mgr, struct session *s
assert(0);
break;
}
session_set0_cur_pkt(sess, NULL);
session_clean_packet(sess, SESSION_PACKET_C2S_1ST);
session_clean_packet(sess, SESSION_PACKET_S2C_1ST);
session_clean_packet(sess, SESSION_PACKET_CURRENT);
session_set_cur_dir(sess, SESSION_DIR_NONE);
packet_free(sess->c2s_1st_pkt);
packet_free(sess->s2c_1st_pkt);
session_free_all_ex_data(sess);
session_pool_push(mgr->sess_pool, sess);
sess = NULL;