gfwleak/stellar-stellar
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Modify the stat of session

Browse Source
This commit is contained in:
luwenpeng
2024-04-09 15:07:53 +08:00
parent 3b00acab81
commit a5a133bf91
13 changed files with 671 additions and 732 deletions
Download Patch File Download Diff File Expand all files Collapse all files

435
src/session/session_manager.cpp
View File

@@ -31,77 +31,68 @@ struct session_manager
#define EVICTE_SESSION_BURST (RX_BURST_MAX)
/******************************************************************************
* Stat
* Session Manager Stat
******************************************************************************/
#define NR_SESS_STAT_INC(stat, state, type) \
{ \
switch ((state)) \
{ \
case SESSION_STATE_OPENING: \
(stat)->nr_##type##_sess_opening++; \
break; \
case SESSION_STATE_ACTIVE: \
(stat)->nr_##type##_sess_active++; \
break; \
case SESSION_STATE_CLOSING: \
(stat)->nr_##type##_sess_closing++; \
break; \
case SESSION_STATE_DISCARD: \
(stat)->nr_##type##_sess_discard++; \
break; \
case SESSION_STATE_CLOSED: \
(stat)->nr_##type##_sess_closed++; \
break; \
default: \
break; \
} \
}
#define NR_SESS_STAT_DEC(stat, state, type) \
{ \
switch ((state)) \
{ \
case SESSION_STATE_OPENING: \
(stat)->nr_##type##_sess_opening--; \
break; \
case SESSION_STATE_ACTIVE: \
(stat)->nr_##type##_sess_active--; \
break; \
case SESSION_STATE_CLOSING: \
(stat)->nr_##type##_sess_closing--; \
break; \
case SESSION_STATE_DISCARD: \
(stat)->nr_##type##_sess_discard--; \
break; \
case SESSION_STATE_CLOSED: \
(stat)->nr_##type##_sess_closed--; \
break; \
default: \
break; \
} \
}
#define NR_SESS_STAT_UPDATE(stat, curr, next, type) \
#define SESS_MGR_STAT_INC(stat, state, proto) \
{ \
if (curr != next) \
switch ((state)) \
{ \
NR_SESS_STAT_DEC(stat, curr, type); \
NR_SESS_STAT_INC(stat, next, type); \
case SESSION_STATE_OPENING: \
(stat)->nr_##proto##_sess_opening++; \
break; \
case SESSION_STATE_ACTIVE: \
(stat)->nr_##proto##_sess_active++; \
break; \
case SESSION_STATE_CLOSING: \
(stat)->nr_##proto##_sess_closing++; \
break; \
case SESSION_STATE_DISCARD: \
(stat)->nr_##proto##_sess_discard++; \
break; \
case SESSION_STATE_CLOSED: \
(stat)->nr_##proto##_sess_closed++; \
break; \
default: \
break; \
} \
}
#define NR_TCP_SESS_STAT_INC(stat, state) NR_SESS_STAT_INC(stat, state, tcp)
#define NR_UDP_SESS_STAT_INC(stat, state) NR_SESS_STAT_INC(stat, state, udp)
#define SESS_MGR_STAT_DEC(stat, state, proto) \
{ \
switch ((state)) \
{ \
case SESSION_STATE_OPENING: \
(stat)->nr_##proto##_sess_opening--; \
break; \
case SESSION_STATE_ACTIVE: \
(stat)->nr_##proto##_sess_active--; \
break; \
case SESSION_STATE_CLOSING: \
(stat)->nr_##proto##_sess_closing--; \
break; \
case SESSION_STATE_DISCARD: \
(stat)->nr_##proto##_sess_discard--; \
break; \
case SESSION_STATE_CLOSED: \
(stat)->nr_##proto##_sess_closed--; \
break; \
default: \
break; \
} \
}
#define NR_TCP_SESS_STAT_DEC(stat, state) NR_SESS_STAT_DEC(stat, state, tcp)
#define NR_UDP_SESS_STAT_DEC(stat, state) NR_SESS_STAT_DEC(stat, state, udp)
#define NR_TCP_SESS_STAT_UPDATE(stat, curr, next) NR_SESS_STAT_UPDATE(stat, curr, next, tcp)
#define NR_UDP_SESS_STAT_UPDATE(stat, curr, next) NR_SESS_STAT_UPDATE(stat, curr, next, udp)
#define SESS_MGR_STAT_UPDATE(stat, curr, next, proto) \
{ \
if (curr != next) \
{ \
SESS_MGR_STAT_DEC(stat, curr, proto); \
SESS_MGR_STAT_INC(stat, next, proto); \
} \
}
/******************************************************************************
* Options
* Session Manager Options
******************************************************************************/
static int check_options(const struct session_manager_options *opts)
@@ -230,7 +221,7 @@ static int check_options(const struct session_manager_options *opts)
}
/******************************************************************************
* TCP protocol control block
* TCP
******************************************************************************/
/*
@@ -243,55 +234,56 @@ static inline bool before(uint32_t seq1, uint32_t seq2)
return (int32_t)(seq1 - seq2) < 0;
}
static void tcp_pcb_clean(struct tcp_pcb *pcb)
static void tcp_clean(struct session *sess)
{
if (pcb && pcb->tcp_reassembly_enable)
{
tcp_reassembly_free(pcb->c2s.assembler);
tcp_reassembly_free(pcb->s2c.assembler);
}
tcp_reassembly_free(sess->tcp_halfs[SESSION_DIR_C2S].assembler);
tcp_reassembly_free(sess->tcp_halfs[SESSION_DIR_S2C].assembler);
}
static int tcp_pcb_init(struct tcp_pcb *pcb, uint8_t tcp_reassembly_enable, uint64_t tcp_reassembly_max_timeout, uint64_t tcp_reassembly_max_segments)
static int tcp_init(struct session *sess, uint8_t tcp_reassembly_enable, uint64_t tcp_reassembly_max_timeout, uint64_t tcp_reassembly_max_segments)
{
pcb->tcp_reassembly_enable = tcp_reassembly_enable;
if (pcb->tcp_reassembly_enable == 0)
if (!tcp_reassembly_enable)
{
return 0;
}
pcb->c2s.assembler = tcp_reassembly_new(tcp_reassembly_max_timeout, tcp_reassembly_max_segments);
pcb->s2c.assembler = tcp_reassembly_new(tcp_reassembly_max_timeout, tcp_reassembly_max_segments);
if (pcb->c2s.assembler == NULL || pcb->s2c.assembler == NULL)
sess->tcp_halfs[SESSION_DIR_C2S].assembler = tcp_reassembly_new(tcp_reassembly_max_timeout, tcp_reassembly_max_segments);
sess->tcp_halfs[SESSION_DIR_S2C].assembler = tcp_reassembly_new(tcp_reassembly_max_timeout, tcp_reassembly_max_segments);
if (sess->tcp_halfs[SESSION_DIR_C2S].assembler == NULL || sess->tcp_halfs[SESSION_DIR_S2C].assembler == NULL)
{
tcp_pcb_clean(pcb);
tcp_clean(sess);
return -1;
}
return 0;
}
static void tcp_pcb_update(struct session_manager_stat *stat, struct tcp_pcb *pcb, enum session_dir dir, const struct pkt_layer *tcp_layer, uint64_t now)
static void tcp_update(struct session_manager *mgr, struct session *sess, enum session_dir dir, const struct pkt_layer *tcp_layer, uint64_t now)
{
struct tcp_segment *seg;
struct tcphdr *hdr = (struct tcphdr *)tcp_layer->hdr_ptr;
struct tcp_half *half = (dir == SESSION_DIR_C2S) ? &pcb->c2s : &pcb->s2c;
struct tcp_half *half = &sess->tcp_halfs[dir];
uint8_t flags = tcp_hdr_get_flags(hdr);
uint16_t len = tcp_layer->pld_len;
half->flags |= flags;
half->seq = tcp_hdr_get_seq(hdr);
half->ack = tcp_hdr_get_ack(hdr);
if (pcb->tcp_reassembly_enable == 0)
if (!mgr->opts.tcp_reassembly_enable)
{
if (tcp_layer->pld_len)
if (len)
{
half->nr_tcp_seg_received++;
half->nr_tcp_seg_inorder++;
stat->nr_tcp_seg_received++;
stat->nr_tcp_seg_inorder++;
half->order.data = tcp_layer->pld_ptr;
half->order.len = tcp_layer->pld_len;
session_inc_stat(sess, dir, STAT_TCP_SEGS_RX, 1);
session_inc_stat(sess, dir, STAT_TCP_PLDS_RX, len);
mgr->stat.nr_tcp_seg_received++;
session_inc_stat(sess, dir, STAT_TCP_SEGS_INORDER, 1);
session_inc_stat(sess, dir, STAT_TCP_PLDS_INORDER, len);
mgr->stat.nr_tcp_seg_inorder++;
half->in_order.data = tcp_layer->pld_ptr;
half->in_order.len = len;
}
return;
}
@@ -304,51 +296,63 @@ static void tcp_pcb_update(struct session_manager_stat *stat, struct tcp_pcb *pc
seg = tcp_reassembly_expire(half->assembler, now);
if (seg)
{
half->nr_tcp_seg_expired++;
half->nr_tcp_seg_released++;
stat->nr_tcp_seg_expired++;
stat->nr_tcp_seg_released++;
session_inc_stat(sess, dir, STAT_TCP_SEGS_EXPIRED, 1);
session_inc_stat(sess, dir, STAT_TCP_PLDS_EXPIRED, seg->len);
mgr->stat.nr_tcp_seg_expired++;
session_inc_stat(sess, dir, STAT_TCP_SEGS_RELEASED, 1);
session_inc_stat(sess, dir, STAT_TCP_PLDS_RELEASED, seg->len);
mgr->stat.nr_tcp_seg_released++;
tcp_segment_free(seg);
}
if (tcp_layer->pld_len)
if (len)
{
half->nr_tcp_seg_received++;
stat->nr_tcp_seg_received++;
session_inc_stat(sess, dir, STAT_TCP_SEGS_RX, 1);
session_inc_stat(sess, dir, STAT_TCP_PLDS_RX, len);
mgr->stat.nr_tcp_seg_received++;
uint32_t rcv_nxt = tcp_reassembly_get_recv_next(half->assembler);
if (half->seq == rcv_nxt)
{
half->nr_tcp_seg_inorder++;
stat->nr_tcp_seg_inorder++;
session_inc_stat(sess, dir, STAT_TCP_SEGS_INORDER, 1);
session_inc_stat(sess, dir, STAT_TCP_PLDS_INORDER, len);
mgr->stat.nr_tcp_seg_inorder++;
half->order.data = tcp_layer->pld_ptr;
half->order.len = tcp_layer->pld_len;
tcp_reassembly_inc_recv_next(half->assembler, tcp_layer->pld_len);
half->in_order.data = tcp_layer->pld_ptr;
half->in_order.len = len;
tcp_reassembly_inc_recv_next(half->assembler, len);
}
else if (before(half->seq, rcv_nxt))
{
half->nr_tcp_seg_overlap++;
stat->nr_tcp_seg_overlap++;
session_inc_stat(sess, dir, STAT_TCP_SEGS_OVERLAP, 1);
session_inc_stat(sess, dir, STAT_TCP_PLDS_OVERLAP, len);
mgr->stat.nr_tcp_seg_overlap++;
}
else if ((seg = tcp_segment_new(half->seq, tcp_layer->pld_ptr, tcp_layer->pld_len)))
else if ((seg = tcp_segment_new(half->seq, tcp_layer->pld_ptr, len)))
{
switch (tcp_reassembly_push(half->assembler, seg, now))
{
case -1:
half->nr_tcp_seg_no_space++;
stat->nr_tcp_seg_no_space++;
session_inc_stat(sess, dir, STAT_TCP_SEGS_NOSPACE, 1);
session_inc_stat(sess, dir, STAT_TCP_PLDS_NOSPACE, len);
mgr->stat.nr_tcp_seg_no_space++;
tcp_segment_free(seg);
break;
case 0:
half->nr_tcp_seg_buffered++;
stat->nr_tcp_seg_buffered++;
session_inc_stat(sess, dir, STAT_TCP_SEGS_BUFFERED, 1);
session_inc_stat(sess, dir, STAT_TCP_PLDS_BUFFERED, len);
mgr->stat.nr_tcp_seg_buffered++;
break;
case 1:
half->nr_tcp_seg_buffered++;
half->nr_tcp_seg_overlap++;
stat->nr_tcp_seg_buffered++;
stat->nr_tcp_seg_overlap++;
session_inc_stat(sess, dir, STAT_TCP_SEGS_OVERLAP, 1);
session_inc_stat(sess, dir, STAT_TCP_PLDS_OVERLAP, len);
mgr->stat.nr_tcp_seg_overlap++;
session_inc_stat(sess, dir, STAT_TCP_SEGS_BUFFERED, 1);
session_inc_stat(sess, dir, STAT_TCP_PLDS_BUFFERED, len);
mgr->stat.nr_tcp_seg_buffered++;
break;
default:
assert(0);
@@ -357,8 +361,9 @@ static void tcp_pcb_update(struct session_manager_stat *stat, struct tcp_pcb *pc
}
else
{
half->nr_tcp_seg_no_space++;
stat->nr_tcp_seg_no_space++;
session_inc_stat(sess, dir, STAT_TCP_SEGS_NOSPACE, 1);
session_inc_stat(sess, dir, STAT_TCP_PLDS_NOSPACE, len);
mgr->stat.nr_tcp_seg_no_space++;
}
}
}
@@ -401,47 +406,26 @@ static enum session_dir identify_direction_by_history(const struct session *sess
* Session Filter
******************************************************************************/
#define MAX_FILTER_NUM_PER_STAGE 4
enum filter_stage
// on new session
static int tcp_overload_bypass(struct session_manager *mgr, const struct tuple6 *key, uint64_t now)
{
FILTER_STAGE_PRE_NEW_SESS,
FILTER_STAGE_PRE_UPDATE_SESS,
MAX_FILTER_STAGE,
};
// return 1: bypass
// return 0: not bypass
typedef int filter(struct session_manager *mgr, struct session *sess, const struct packet *pkt, const struct tuple6 *key, uint64_t now);
// on pre new session
static int session_manager_self_protection(struct session_manager *mgr, struct session *sess, const struct packet *pkt, const struct tuple6 *key, uint64_t now)
{
struct session_manager_stat *stat = &mgr->stat;
switch (key->ip_proto)
if (key->ip_proto == IPPROTO_TCP && mgr->stat.nr_tcp_sess_used >= mgr->opts.max_tcp_session_num)
{
case IPPROTO_TCP:
if (stat->nr_tcp_sess_used >= mgr->opts.max_tcp_session_num)
{
stat->nr_tcp_pkts_bypass_no_space++;
return 1;
}
break;
case IPPROTO_UDP:
if (stat->nr_udp_sess_used >= mgr->opts.max_udp_session_num)
{
stat->nr_udp_pkts_bypass_no_space++;
return 1;
}
break;
default:
break;
mgr->stat.nr_tcp_pkts_bypass_no_space++;
return 1;
}
return 0;
}
// on pre new session
static int session_manager_filter_evicted_session(struct session_manager *mgr, struct session *sess, const struct packet *pkt, const struct tuple6 *key, uint64_t now)
static int udp_overload_bypass(struct session_manager *mgr, const struct tuple6 *key, uint64_t now)
{
if (key->ip_proto == IPPROTO_UDP && mgr->stat.nr_udp_sess_used >= mgr->opts.max_udp_session_num)
{
mgr->stat.nr_udp_pkts_bypass_no_space++;
return 1;
}
return 0;
}
static int evicted_session_bypass(struct session_manager *mgr, const struct tuple6 *key, uint64_t now)
{
if (mgr->opts.evicted_session_filter_enable && evicted_session_filter_lookup(mgr->evicte_sess_filter, key, now))
{
@@ -451,9 +435,8 @@ static int session_manager_filter_evicted_session(struct session_manager *mgr, s
return 0;
}
// on pre update session
static int session_manager_filter_duplicated_packet(struct session_manager *mgr, struct session *sess, const struct packet *pkt, const struct tuple6 *key, uint64_t now)
// on update session
static int duplicated_packet_bypass(struct session_manager *mgr, struct session *sess, const struct packet *pkt, const struct tuple6 *key, uint64_t now)
{
if (mgr->opts.duplicated_packet_filter_enable == 0)
{
@@ -461,9 +444,7 @@ static int session_manager_filter_duplicated_packet(struct session_manager *mgr,
}
enum session_dir dir = identify_direction_by_history(sess, key);
if ((dir == SESSION_DIR_C2S && session_get_metric(sess, SESSION_METRIC_C2S_PACKETS) < 3) ||
(dir == SESSION_DIR_S2C && session_get_metric(sess, SESSION_METRIC_S2C_PACKETS) < 3) ||
(session_has_dup_traffic(sess) == 1))
if (session_get_stat(sess, dir, STAT_RAW_PKTS_RX) < 3 || session_has_dup_traffic(sess))
{
if (duplicated_packet_filter_lookup(mgr->dup_pkt_filter, pkt, now))
{
@@ -481,49 +462,6 @@ static int session_manager_filter_duplicated_packet(struct session_manager *mgr,
return 0;
}
filter *smf[MAX_FILTER_STAGE][MAX_FILTER_NUM_PER_STAGE];
static void session_filter_init()
{
for (int i = 0; i < MAX_FILTER_STAGE; i++)
{
for (int j = 0; j < MAX_FILTER_NUM_PER_STAGE; j++)
{
smf[i][j] = NULL;
}
}
smf[FILTER_STAGE_PRE_NEW_SESS][0] = session_manager_self_protection;
smf[FILTER_STAGE_PRE_NEW_SESS][1] = session_manager_filter_evicted_session;
smf[FILTER_STAGE_PRE_NEW_SESS][2] = NULL;
smf[FILTER_STAGE_PRE_UPDATE_SESS][0] = session_manager_filter_duplicated_packet;
smf[FILTER_STAGE_PRE_UPDATE_SESS][1] = NULL;
}
// return 1: bypass packet
// return 0: not bypass packet
static int session_filter_run(struct session_manager *mgr, enum filter_stage stage, struct session *sess, const struct packet *pkt, const struct tuple6 *key, uint64_t now)
{
filter **list = smf[stage];
for (int i = 0; i < MAX_FILTER_NUM_PER_STAGE; i++)
{
if (list[i])
{
if (list[i](mgr, sess, pkt, key, now))
{
return 1;
}
}
else
{
break;
}
}
return 0;
}
/******************************************************************************
* Session Manager
******************************************************************************/
@@ -549,20 +487,16 @@ static void session_update(struct session *sess, enum session_state next_state,
}
}
if (dir == SESSION_DIR_C2S)
session_inc_stat(sess, dir, STAT_RAW_PKTS_RX, 1);
session_inc_stat(sess, dir, STAT_RAW_BYTES_RX, packet_get_len(pkt));
if (!session_get_1st_packet(sess, dir))
{
session_inc_metric(sess, SESSION_METRIC_C2S_PACKETS, 1);
session_inc_metric(sess, SESSION_METRIC_C2S_BYTES, packet_get_len(pkt));
session_set_packet(sess, SESSION_PACKET_C2S_1ST, pkt);
session_set_1st_packet(sess, dir, pkt);
}
else
{
session_inc_metric(sess, SESSION_METRIC_S2C_PACKETS, 1);
session_inc_metric(sess, SESSION_METRIC_S2C_BYTES, packet_get_len(pkt));
session_set_packet(sess, SESSION_PACKET_S2C_1ST, pkt);
}
session_set_packet(sess, SESSION_PACKET_CURRENT, pkt);
session_set_cur_dir(sess, dir);
session_set_current_packet(sess, pkt);
session_set_current_dir(sess, dir);
session_set_timestamp(sess, SESSION_TIMESTAMP_LAST, now);
session_set_state(sess, next_state);
}
@@ -579,9 +513,11 @@ static void session_manager_evicte_session(struct session_manager *mgr, struct s
enum session_state next_state = session_transition_run(curr_state, LRU_EVICT);
session_transition_log(sess, curr_state, next_state, LRU_EVICT);
session_set_state(sess, next_state);
if (!session_get_closing_reason(sess))
{
session_set_closing_reason(sess, CLOSING_BY_EVICTED);
}
session_timer_del(mgr->sess_timer, sess);
session_set_closing_reason(sess, CLOSING_BY_EVICTED);
list_add_tail(&sess->evicte, &mgr->evicte_queue);
switch (session_get_type(sess))
@@ -589,7 +525,7 @@ static void session_manager_evicte_session(struct session_manager *mgr, struct s
case SESSION_TYPE_TCP:
SESSION_LOG_DEBUG("evicte tcp old session: %lu", session_get_id(sess));
session_table_del(mgr->tcp_sess_table, session_get_tuple(sess));
NR_TCP_SESS_STAT_UPDATE(&mgr->stat, curr_state, next_state);
SESS_MGR_STAT_UPDATE(&mgr->stat, curr_state, next_state, tcp);
mgr->stat.nr_tcp_sess_evicted++;
break;
case SESSION_TYPE_UDP:
@@ -599,7 +535,7 @@ static void session_manager_evicte_session(struct session_manager *mgr, struct s
{
evicted_session_filter_add(mgr->evicte_sess_filter, session_get_tuple(sess), now);
}
NR_UDP_SESS_STAT_UPDATE(&mgr->stat, curr_state, next_state);
SESS_MGR_STAT_UPDATE(&mgr->stat, curr_state, next_state, udp);
mgr->stat.nr_udp_sess_evicted++;
break;
default:
@@ -637,13 +573,13 @@ static struct session *session_manager_new_tcp_session(struct session_manager *m
sess->mgr_stat = &mgr->stat;
session_set_id(sess, id_generator_alloc());
if (tcp_pcb_init(&sess->tcp_pcb, mgr->opts.tcp_reassembly_enable, mgr->opts.tcp_reassembly_max_timeout, mgr->opts.tcp_reassembly_max_segments) == -1)
if (tcp_init(sess, mgr->opts.tcp_reassembly_enable, mgr->opts.tcp_reassembly_max_timeout, mgr->opts.tcp_reassembly_max_segments) == -1)
{
assert(0);
session_pool_push(mgr->sess_pool, sess);
return NULL;
}
tcp_pcb_update(&mgr->stat, &sess->tcp_pcb, dir, tcp_layer, now);
tcp_update(mgr, sess, dir, tcp_layer, now);
enum session_state next_state = session_transition_run(SESSION_STATE_INIT, TCP_SYN);
session_update(sess, next_state, pkt, key, dir, now);
@@ -653,13 +589,12 @@ static struct session *session_manager_new_tcp_session(struct session_manager *m
session_timer_update(mgr->sess_timer, sess, now + timeout);
session_table_add(mgr->tcp_sess_table, key, sess);
uint64_t curr_dir_pkts = (dir == SESSION_DIR_C2S) ? session_get_metric(sess, SESSION_METRIC_C2S_PACKETS) : session_get_metric(sess, SESSION_METRIC_S2C_PACKETS);
if (curr_dir_pkts < 3 && mgr->opts.duplicated_packet_filter_enable)
if (session_get_stat(sess, dir, STAT_RAW_PKTS_RX) < 3 && mgr->opts.duplicated_packet_filter_enable)
{
duplicated_packet_filter_add(mgr->dup_pkt_filter, pkt, now);
}
NR_TCP_SESS_STAT_INC(&mgr->stat, next_state);
SESS_MGR_STAT_INC(&mgr->stat, next_state, tcp);
mgr->stat.nr_tcp_sess_used++;
return sess;
@@ -692,7 +627,7 @@ static struct session *session_manager_new_udp_session(struct session_manager *m
session_timer_update(mgr->sess_timer, sess, now + mgr->opts.udp_data_timeout);
session_table_add(mgr->udp_sess_table, key, sess);
NR_UDP_SESS_STAT_INC(&mgr->stat, next_state);
SESS_MGR_STAT_INC(&mgr->stat, next_state, udp);
mgr->stat.nr_udp_sess_used++;
return sess;
@@ -718,8 +653,8 @@ static int session_manager_update_tcp_session(struct session_manager *mgr, struc
session_update(sess, next_state, pkt, key, dir, now);
session_transition_log(sess, curr_state, next_state, inputs);
// update tcp pcb
tcp_pcb_update(&mgr->stat, &sess->tcp_pcb, dir, tcp_layer, now);
// update tcp
tcp_update(mgr, sess, dir, tcp_layer, now);
if (mgr->opts.duplicated_packet_filter_enable)
{
@@ -740,8 +675,8 @@ static int session_manager_update_tcp_session(struct session_manager *mgr, struc
}
// update timeout
struct tcp_half *curr = (dir == SESSION_DIR_C2S) ? &sess->tcp_pcb.c2s : &sess->tcp_pcb.s2c;
struct tcp_half *peer = (dir == SESSION_DIR_C2S) ? &sess->tcp_pcb.s2c : &sess->tcp_pcb.c2s;
struct tcp_half *curr = &sess->tcp_halfs[dir];
struct tcp_half *peer = &sess->tcp_halfs[(dir == SESSION_DIR_C2S ? SESSION_DIR_S2C : SESSION_DIR_C2S)];
uint64_t timeout = 0;
switch (next_state)
{
@@ -783,7 +718,7 @@ static int session_manager_update_tcp_session(struct session_manager *mgr, struc
}
session_timer_update(mgr->sess_timer, sess, now + timeout);
NR_TCP_SESS_STAT_UPDATE(&mgr->stat, curr_state, next_state);
SESS_MGR_STAT_UPDATE(&mgr->stat, curr_state, next_state, tcp);
return 0;
}
@@ -797,7 +732,7 @@ static int session_manager_update_udp_session(struct session_manager *mgr, struc
session_transition_log(sess, curr_state, next_state, UDP_DATA);
session_timer_update(mgr->sess_timer, sess, now + mgr->opts.udp_data_timeout);
NR_UDP_SESS_STAT_UPDATE(&mgr->stat, curr_state, next_state);
SESS_MGR_STAT_UPDATE(&mgr->stat, curr_state, next_state, udp);
return 0;
}
@@ -830,7 +765,9 @@ struct session_manager *session_manager_new(struct session_manager_options *opts
}
if (mgr->opts.evicted_session_filter_enable)
{
mgr->evicte_sess_filter = evicted_session_filter_new(mgr->opts.evicted_session_filter_capacity, mgr->opts.evicted_session_filter_timeout, mgr->opts.evicted_session_filter_error_rate, now);
mgr->evicte_sess_filter = evicted_session_filter_new(mgr->opts.evicted_session_filter_capacity,
mgr->opts.evicted_session_filter_timeout,
mgr->opts.evicted_session_filter_error_rate, now);
if (mgr->evicte_sess_filter == NULL)
{
goto error;
@@ -838,7 +775,9 @@ struct session_manager *session_manager_new(struct session_manager_options *opts
}
if (mgr->opts.duplicated_packet_filter_enable)
{
mgr->dup_pkt_filter = duplicated_packet_filter_new(mgr->opts.duplicated_packet_filter_capacity, mgr->opts.duplicated_packet_filter_timeout, mgr->opts.duplicated_packet_filter_error_rate, now);
mgr->dup_pkt_filter = duplicated_packet_filter_new(mgr->opts.duplicated_packet_filter_capacity,
mgr->opts.duplicated_packet_filter_timeout,
mgr->opts.duplicated_packet_filter_error_rate, now);
if (mgr->dup_pkt_filter == NULL)
{
goto error;
@@ -846,7 +785,6 @@ struct session_manager *session_manager_new(struct session_manager_options *opts
}
INIT_LIST_HEAD(&mgr->evicte_queue);
session_filter_init();
session_transition_init();
return mgr;
@@ -902,15 +840,23 @@ struct session *session_manager_new_session(struct session_manager *mgr, const s
{
return NULL;
}
if (session_filter_run(mgr, FILTER_STAGE_PRE_NEW_SESS, NULL, pkt, &key, now))
{
return NULL;
}
switch (key.ip_proto)
{
case IPPROTO_TCP:
if (tcp_overload_bypass(mgr, &key, now))
{
return NULL;
}
return session_manager_new_tcp_session(mgr, pkt, &key, now);
case IPPROTO_UDP:
if (udp_overload_bypass(mgr, &key, now))
{
return NULL;
}
if (evicted_session_bypass(mgr, &key, now))
{
return NULL;
}
return session_manager_new_udp_session(mgr, pkt, &key, now);
default:
return NULL;
@@ -927,24 +873,27 @@ void session_manager_free_session(struct session_manager *mgr, struct session *s
switch (session_get_type(sess))
{
case SESSION_TYPE_TCP:
tcp_pcb_clean(&sess->tcp_pcb);
tcp_clean(sess);
session_table_del(mgr->tcp_sess_table, session_get_tuple(sess));
NR_TCP_SESS_STAT_DEC(&mgr->stat, session_get_state(sess));
SESS_MGR_STAT_DEC(&mgr->stat, session_get_state(sess), tcp);
mgr->stat.nr_tcp_sess_used--;
break;
case SESSION_TYPE_UDP:
session_table_del(mgr->udp_sess_table, session_get_tuple(sess));
NR_UDP_SESS_STAT_DEC(&mgr->stat, session_get_state(sess));
SESS_MGR_STAT_DEC(&mgr->stat, session_get_state(sess), udp);
mgr->stat.nr_udp_sess_used--;
break;
default:
assert(0);
break;
}
session_clean_packet(sess, SESSION_PACKET_C2S_1ST);
session_clean_packet(sess, SESSION_PACKET_S2C_1ST);
session_clean_packet(sess, SESSION_PACKET_CURRENT);
session_set_cur_dir(sess, SESSION_DIR_NONE);
packet_free((struct packet *)session_get_1st_packet(sess, SESSION_DIR_C2S));
packet_free((struct packet *)session_get_1st_packet(sess, SESSION_DIR_S2C));
session_set_1st_packet(sess, SESSION_DIR_C2S, NULL);
session_set_1st_packet(sess, SESSION_DIR_S2C, NULL);
session_set_current_packet(sess, NULL);
session_set_current_dir(sess, SESSION_DIR_NONE);
session_free_all_ex_data(sess);
session_pool_push(mgr->sess_pool, sess);
sess = NULL;
@@ -976,13 +925,13 @@ int session_manager_update_session(struct session_manager *mgr, struct session *
{
return -1;
}
if (session_filter_run(mgr, FILTER_STAGE_PRE_UPDATE_SESS, sess, pkt, &key, now))
{
return -1;
}
switch (session_get_type(sess))
{
case SESSION_TYPE_TCP:
if (duplicated_packet_bypass(mgr, sess, pkt, &key, now))
{
return -1;
}
return session_manager_update_tcp_session(mgr, sess, pkt, &key, now);
case SESSION_TYPE_UDP:
return session_manager_update_udp_session(mgr, sess, pkt, &key, now);
@@ -1006,11 +955,11 @@ struct session *session_manager_get_expired_session(struct session_manager *mgr,
{
case SESSION_TYPE_TCP:
timeout = mgr->opts.tcp_data_timeout;
NR_TCP_SESS_STAT_UPDATE(&mgr->stat, curr_state, next_state);
SESS_MGR_STAT_UPDATE(&mgr->stat, curr_state, next_state, tcp);
break;
case SESSION_TYPE_UDP:
timeout = mgr->opts.udp_data_timeout;
NR_UDP_SESS_STAT_UPDATE(&mgr->stat, curr_state, next_state);
SESS_MGR_STAT_UPDATE(&mgr->stat, curr_state, next_state, udp);
break;
default:
assert(0);