diff --git a/src/duplicated_packet_filter/duplicated_packet_filter.cpp b/src/duplicated_packet_filter/duplicated_packet_filter.cpp index e68de3a..47b1826 100644 --- a/src/duplicated_packet_filter/duplicated_packet_filter.cpp +++ b/src/duplicated_packet_filter/duplicated_packet_filter.cpp @@ -22,7 +22,6 @@ struct duplicated_packet_key struct duplicated_packet_filter { - uint8_t enable; struct expiry_dablooms_handle *dablooms; }; @@ -62,65 +61,19 @@ static inline int duplicated_packet_key_get(const struct packet *packet, struct return 0; } -static int check_options(const struct duplicated_packet_filter_options *opts) -{ - if (opts == NULL) - { - DUPLICATED_PACKET_FILTER_LOG_ERROR("invalid options"); - return -1; - } - - if (opts->enable == 0) - { - return 0; - } - - // UINT32_MAX = 4294967295 - if (opts->capacity == 0) - { - DUPLICATED_PACKET_FILTER_LOG_ERROR("invalid capacity: %u, supported range: [1, 4294967295]", opts->capacity); - return -1; - } - - if (opts->timeout < 1 || opts->timeout > 60000) - { - DUPLICATED_PACKET_FILTER_LOG_ERROR("invalid timeout: %u, supported range: [1, 60000]", opts->timeout); - return -1; - } - - if (opts->error_rate < 0.0 || opts->error_rate > 1.0) - { - DUPLICATED_PACKET_FILTER_LOG_ERROR("invalid error_rate: %f, supported range: [0.0, 1.0]", opts->error_rate); - return -1; - } - - return 0; -} - /****************************************************************************** * Public API ******************************************************************************/ -struct duplicated_packet_filter *duplicated_packet_filter_new(const struct duplicated_packet_filter_options *opts, uint64_t now) +struct duplicated_packet_filter *duplicated_packet_filter_new(uint32_t capacity, uint32_t timeout, double error_rate, uint64_t now) { - if (check_options(opts) == -1) - { - return NULL; - } - struct duplicated_packet_filter *filter = (struct duplicated_packet_filter *)calloc(1, sizeof(struct duplicated_packet_filter)); if (filter == NULL) { return NULL; } - filter->enable = opts->enable; - if (filter->enable == 0) - { - return filter; - } - - filter->dablooms = expiry_dablooms_new(opts->capacity, opts->error_rate, now, opts->timeout); + filter->dablooms = expiry_dablooms_new(capacity, error_rate, now, timeout); if (filter->dablooms == NULL) { free(filter); @@ -148,11 +101,6 @@ void duplicated_packet_filter_free(struct duplicated_packet_filter *filter) // reutrn 0: no found int duplicated_packet_filter_lookup(struct duplicated_packet_filter *filter, const struct packet *packet, uint64_t now) { - if (filter->enable == 0) - { - return 0; - } - struct duplicated_packet_key key; if (duplicated_packet_key_get(packet, &key) == -1) { @@ -169,11 +117,6 @@ int duplicated_packet_filter_lookup(struct duplicated_packet_filter *filter, con void duplicated_packet_filter_add(struct duplicated_packet_filter *filter, const struct packet *packet, uint64_t now) { - if (filter->enable == 0) - { - return; - } - struct duplicated_packet_key key; if (duplicated_packet_key_get(packet, &key) == -1) { diff --git a/src/duplicated_packet_filter/duplicated_packet_filter.h b/src/duplicated_packet_filter/duplicated_packet_filter.h index 04e3489..4e09071 100644 --- a/src/duplicated_packet_filter/duplicated_packet_filter.h +++ b/src/duplicated_packet_filter/duplicated_packet_filter.h @@ -13,16 +13,8 @@ extern "C" #define DUPLICATED_PACKET_FILTER_LOG_ERROR(format, ...) LOG_ERROR("duplicated packet filter", format, ##__VA_ARGS__) -struct duplicated_packet_filter_options -{ - uint8_t enable; - uint32_t capacity; // range: [1, 4294967295] (UINT32_MAX = 4294967295) - uint32_t timeout; // range: [1, 60000] - double error_rate; // range: [0.0, 1.0] -}; - struct duplicated_packet_filter; -struct duplicated_packet_filter *duplicated_packet_filter_new(const struct duplicated_packet_filter_options *opts, uint64_t now); +struct duplicated_packet_filter *duplicated_packet_filter_new(uint32_t capacity, uint32_t timeout, double error_rate, uint64_t now); void duplicated_packet_filter_free(struct duplicated_packet_filter *filter); // return 1: found diff --git a/src/duplicated_packet_filter/test/gtest_duplicated_packet_filter.cpp b/src/duplicated_packet_filter/test/gtest_duplicated_packet_filter.cpp index 3c66126..733a047 100644 --- a/src/duplicated_packet_filter/test/gtest_duplicated_packet_filter.cpp +++ b/src/duplicated_packet_filter/test/gtest_duplicated_packet_filter.cpp @@ -64,19 +64,16 @@ unsigned char data[] = { 0x81, 0x80, 0x5c, 0x76, 0x00, 0x00, 0x00, 0x00, 0x80, 0x02, 0x20, 0x00, 0xf7, 0x57, 0x00, 0x00, 0x02, 0x04, 0x04, 0xc4, 0x01, 0x03, 0x03, 0x08, 0x01, 0x01, 0x04, 0x02}; -struct duplicated_packet_filter_options opts = { - .enable = 1, - .capacity = 1000000, - .timeout = 2, - .error_rate = 0.00001, -}; - TEST(DUPLICATED_PACKET_FILTER, TEST) { struct packet pkt; + uint32_t capacity = 1000000; + uint32_t timeout = 2; + double error_rate = 0.00001; + packet_parse(&pkt, (const char *)data, sizeof(data)); - struct duplicated_packet_filter *filter = duplicated_packet_filter_new(&opts, 1); + struct duplicated_packet_filter *filter = duplicated_packet_filter_new(capacity, timeout, error_rate, 1); EXPECT_TRUE(filter != nullptr); EXPECT_TRUE(duplicated_packet_filter_lookup(filter, &pkt, 1) == 0); // no found diff --git a/src/evicted_session_filter/evicted_session_filter.cpp b/src/evicted_session_filter/evicted_session_filter.cpp index feebcc3..8a11bc6 100644 --- a/src/evicted_session_filter/evicted_session_filter.cpp +++ b/src/evicted_session_filter/evicted_session_filter.cpp @@ -8,73 +8,22 @@ struct evicted_session_filter { - uint8_t enable; struct expiry_dablooms_handle *dablooms; }; -/****************************************************************************** - * Private API - ******************************************************************************/ - -static int check_options(const struct evicted_session_filter_options *opts) -{ - if (opts == NULL) - { - EVICTED_SESSION_FILTER_LOG_ERROR("invalid options"); - return -1; - } - - if (opts->enable == 0) - { - return 0; - } - - // UINT32_MAX = 4294967295 - if (opts->capacity == 0) - { - EVICTED_SESSION_FILTER_LOG_ERROR("invalid capacity: %u, supported range: [1, 4294967295]", opts->capacity); - return -1; - } - - if (opts->timeout < 1 || opts->timeout > 60000) - { - EVICTED_SESSION_FILTER_LOG_ERROR("invalid timeout: %u, supported range: [1, 60000]", opts->timeout); - return -1; - } - - if (opts->error_rate < 0.0 || opts->error_rate > 1.0) - { - EVICTED_SESSION_FILTER_LOG_ERROR("invalid error_rate: %f, supported range: [0.0, 1.0]", opts->error_rate); - return -1; - } - - return 0; -} - /****************************************************************************** * Public API ******************************************************************************/ -struct evicted_session_filter *evicted_session_filter_new(const struct evicted_session_filter_options *opts, uint64_t now) +struct evicted_session_filter *evicted_session_filter_new(uint32_t capacity, uint32_t timeout, double error_rate, uint64_t now) { - if (check_options(opts) == -1) - { - return NULL; - } - struct evicted_session_filter *filter = (struct evicted_session_filter *)calloc(1, sizeof(struct evicted_session_filter)); if (filter == NULL) { return NULL; } - filter->enable = opts->enable; - if (filter->enable == 0) - { - return filter; - } - - filter->dablooms = expiry_dablooms_new(opts->capacity, opts->error_rate, now, opts->timeout); + filter->dablooms = expiry_dablooms_new(capacity, error_rate, now, timeout); if (filter->dablooms == NULL) { free(filter); @@ -102,11 +51,6 @@ void evicted_session_filter_free(struct evicted_session_filter *filter) // reutrn 0: no found int evicted_session_filter_lookup(struct evicted_session_filter *filter, const struct tuple6 *key, uint64_t now) { - if (filter->enable == 0) - { - return 0; - } - if (expiry_dablooms_search(filter->dablooms, (const char *)key, sizeof(struct tuple6), now) == 1) { return 1; @@ -117,11 +61,6 @@ int evicted_session_filter_lookup(struct evicted_session_filter *filter, const s void evicted_session_filter_add(struct evicted_session_filter *filter, const struct tuple6 *key, uint64_t now) { - if (filter->enable == 0) - { - return; - } - struct tuple6 reverse_key; tuple6_reverse(key, &reverse_key); diff --git a/src/evicted_session_filter/evicted_session_filter.h b/src/evicted_session_filter/evicted_session_filter.h index a80fd70..186e19a 100644 --- a/src/evicted_session_filter/evicted_session_filter.h +++ b/src/evicted_session_filter/evicted_session_filter.h @@ -11,15 +11,7 @@ extern "C" #define EVICTED_SESSION_FILTER_LOG_ERROR(format, ...) LOG_ERROR("evicted session filter", format, ##__VA_ARGS__) -struct evicted_session_filter_options -{ - uint8_t enable; - uint32_t capacity; // range: [1, 4294967295] (UINT32_MAX = 4294967295) - uint32_t timeout; // range: [1, 60000] - double error_rate; // range: [0.0, 1.0] -}; - -struct evicted_session_filter *evicted_session_filter_new(const struct evicted_session_filter_options *opts, uint64_t now); +struct evicted_session_filter *evicted_session_filter_new(uint32_t capacity, uint32_t timeout, double error_rate, uint64_t now); void evicted_session_filter_free(struct evicted_session_filter *filter); // return 1: found diff --git a/src/evicted_session_filter/test/gtest_evicted_session_filter.cpp b/src/evicted_session_filter/test/gtest_evicted_session_filter.cpp index 02b98fc..4ae721d 100644 --- a/src/evicted_session_filter/test/gtest_evicted_session_filter.cpp +++ b/src/evicted_session_filter/test/gtest_evicted_session_filter.cpp @@ -2,18 +2,15 @@ #include "evicted_session_filter.h" -struct evicted_session_filter_options opts = { - .enable = 1, - .capacity = 1000000, - .timeout = 2, - .error_rate = 0.00001, -}; - TEST(EVICTED_SESSION_FILTER, TEST) { struct tuple6 c2s_key; struct tuple6 s2c_key; + uint32_t capacity = 1000000; + uint32_t timeout = 2; + double error_rate = 0.00001; + memset(&c2s_key, 0, sizeof(c2s_key)); c2s_key.ip_type = IP_TYPE_V4; c2s_key.src_addr.v4.s_addr = inet_addr("192.168.1.2"); @@ -32,7 +29,7 @@ TEST(EVICTED_SESSION_FILTER, TEST) s2c_key.ip_proto = 0x05; s2c_key.domain = 0x0606060606060606; - struct evicted_session_filter *filter = evicted_session_filter_new(&opts, 1); + struct evicted_session_filter *filter = evicted_session_filter_new(capacity, timeout, error_rate, 1); EXPECT_TRUE(filter != nullptr); EXPECT_TRUE(evicted_session_filter_lookup(filter, &c2s_key, 1) == 0); // no found diff --git a/src/session/session_manager.cpp b/src/session/session_manager.cpp index 3345001..82edb81 100644 --- a/src/session/session_manager.cpp +++ b/src/session/session_manager.cpp @@ -15,18 +15,17 @@ struct session_manager { - struct session_manager_options opts; - + struct list_head evicte_queue; struct session_pool *sess_pool; + struct session_timer *sess_timer; struct session_table *tcp_sess_table; struct session_table *udp_sess_table; - struct session_timer *sess_timer; - struct list_head evicte_queue; struct duplicated_packet_filter *dup_pkt_filter; struct evicted_session_filter *evicte_sess_filter; struct session_manager_stat stat; + struct session_manager_options opts; }; #define EVICTE_SESSION_BURST (RX_BURST_MAX) @@ -40,6 +39,7 @@ int check_options(const struct session_manager_options *opts) return -1; } + // max session number if (opts->max_tcp_session_num < EVICTE_SESSION_BURST * 2) { SESSION_LOG_ERROR("invalid max_tcp_session_num: %lu, supported range: [%u, %lu]", opts->max_tcp_session_num, EVICTE_SESSION_BURST * 2, UINT64_MAX); @@ -50,6 +50,10 @@ int check_options(const struct session_manager_options *opts) SESSION_LOG_ERROR("invalid max_udp_session_num: %lu, supported range: [%u, %lu]", opts->max_udp_session_num, EVICTE_SESSION_BURST * 2, UINT64_MAX); return -1; } + + // session overload (skip) + + // TCP timeout if (opts->tcp_init_timeout < 1 || opts->tcp_init_timeout > 60000) { SESSION_LOG_ERROR("invalid tcp_init_timeout: %lu, supported range: [1, 60000]", opts->tcp_init_timeout); @@ -85,12 +89,70 @@ int check_options(const struct session_manager_options *opts) SESSION_LOG_ERROR("invalid tcp_unverified_rst_timeout: %lu, supported range: [1, 600000]", opts->tcp_unverified_rst_timeout); return -1; } + // UDP timeout if (opts->udp_data_timeout < 1 || opts->udp_data_timeout > 15999999000) { SESSION_LOG_ERROR("invalid udp_data_timeout: %lu, supported range: [1, 15999999000]", opts->udp_data_timeout); return -1; } + // duplicate packet filter + if (opts->duplicated_packet_filter_enable) + { + if (opts->duplicated_packet_filter_capacity == 0) + { + // UINT32_MAX = 4294967295 + SESSION_LOG_ERROR("invalid duplicated_packet_filter_capacity: %u, supported range: [1, 4294967295]", opts->duplicated_packet_filter_capacity); + return -1; + } + if (opts->duplicated_packet_filter_timeout < 1 || opts->duplicated_packet_filter_timeout > 60000) + { + SESSION_LOG_ERROR("invalid duplicated_packet_filter_timeout: %u, supported range: [1, 60000]", opts->duplicated_packet_filter_timeout); + return -1; + } + if (opts->duplicated_packet_filter_error_rate < 0.0 || opts->duplicated_packet_filter_error_rate > 1.0) + { + SESSION_LOG_ERROR("invalid duplicated_packet_filter_error_rate: %f, supported range: [0.0, 1.0]", opts->duplicated_packet_filter_error_rate); + return -1; + } + } + + // evicted session filter + if (opts->evicted_session_filter_enable) + { + if (opts->evicted_session_filter_capacity == 0) + { + // UINT32_MAX = 4294967295 + SESSION_LOG_ERROR("invalid evicted_session_filter_capacity: %u, supported range: [1, 4294967295]", opts->evicted_session_filter_capacity); + return -1; + } + if (opts->evicted_session_filter_timeout < 1 || opts->evicted_session_filter_timeout > 60000) + { + SESSION_LOG_ERROR("invalid evicted_session_filter_timeout: %u, supported range: [1, 60000]", opts->evicted_session_filter_timeout); + return -1; + } + if (opts->evicted_session_filter_error_rate < 0.0 || opts->evicted_session_filter_error_rate > 1.0) + { + SESSION_LOG_ERROR("invalid evicted_session_filter_error_rate: %f, supported range: [0.0, 1.0]", opts->evicted_session_filter_error_rate); + return -1; + } + } + + // TCP reassembly + if (opts->tcp_reassembly_enable) + { + if (opts->tcp_reassembly_max_timeout < 1 || opts->tcp_reassembly_max_timeout > 60000) + { + SESSION_LOG_ERROR("invalid tcp_reassembly_max_timeout: %u, supported range: [1, 60000]", opts->tcp_reassembly_max_timeout); + return -1; + } + if (opts->tcp_reassembly_max_segments < 2 || opts->tcp_reassembly_max_segments > 32) + { + SESSION_LOG_ERROR("invalid tcp_reassembly_max_segments: %u, supported range: [2, 32]", opts->tcp_reassembly_max_segments); + return -1; + } + } + return 0; } @@ -126,10 +188,11 @@ static int tcp_pcb_init(struct tcp_pcb *pcb, uint64_t max_timeout, uint64_t max_ return 0; } -static void tcp_half_update(struct tcp_half *half, const struct pkt_layer *tcp_layer, uint64_t now) +static void tcp_pcb_update(struct tcp_pcb *pcb, enum session_dir dir, const struct pkt_layer *tcp_layer, uint64_t now) { struct tcp_segment *seg; struct tcphdr *hdr = (struct tcphdr *)tcp_layer->hdr_ptr; + struct tcp_half *half = (dir == SESSION_DIR_C2S) ? &pcb->c2s : &pcb->s2c; uint8_t flags = tcp_hdr_get_flags(hdr); half->flags |= flags; @@ -351,7 +414,7 @@ static int session_manager_self_protection(struct session_manager *mgr, struct s // on pre new session static int session_manager_filter_evicted_session(struct session_manager *mgr, struct session *sess, const struct packet *pkt, const struct tuple6 *key, uint64_t now) { - if (evicted_session_filter_lookup(mgr->evicte_sess_filter, key, now)) + if (mgr->opts.evicted_session_filter_enable && evicted_session_filter_lookup(mgr->evicte_sess_filter, key, now)) { mgr->stat.evc_pkt.nr_pkts++; mgr->stat.evc_pkt.nr_bytes += packet_get_len(pkt); @@ -364,6 +427,11 @@ static int session_manager_filter_evicted_session(struct session_manager *mgr, s // on pre update session static int session_manager_filter_duplicated_packet(struct session_manager *mgr, struct session *sess, const struct packet *pkt, const struct tuple6 *key, uint64_t now) { + if (mgr->opts.duplicated_packet_filter_enable == 0) + { + return 0; + } + enum session_dir dir = identify_direction_by_history(sess, key); if ((dir == SESSION_DIR_C2S && session_get_metric(sess, SESSION_METRIC_C2S_PACKETS) < 3) || (dir == SESSION_DIR_S2C && session_get_metric(sess, SESSION_METRIC_S2C_PACKETS) < 3) || @@ -501,7 +569,10 @@ static void session_manager_evicte_session(struct session_manager *mgr, struct s SESSION_LOG_DEBUG("evicte udp old session: %lu", session_get_id(sess)); mgr->stat.udp_sess.nr_old_sess_evicted++; session_table_del(mgr->udp_sess_table, session_get_tuple(sess)); - evicted_session_filter_add(mgr->evicte_sess_filter, session_get_tuple(sess), now); + if (mgr->opts.evicted_session_filter_enable) + { + evicted_session_filter_add(mgr->evicte_sess_filter, session_get_tuple(sess), now); + } break; default: assert(0); @@ -542,8 +613,7 @@ static struct session *session_manager_new_tcp_session(struct session_manager *m session_pool_push(mgr->sess_pool, sess); return NULL; } - struct tcp_half *curr = (dir == SESSION_DIR_C2S) ? &sess->tcp_pcb.c2s : &sess->tcp_pcb.s2c; - tcp_half_update(curr, tcp_layer, now); + tcp_pcb_update(&sess->tcp_pcb, dir, tcp_layer, now); enum session_state next_state = session_transition_run(SESSION_STATE_INIT, TCP_SYN); session_update(sess, next_state, pkt, key, dir, now); @@ -554,7 +624,12 @@ static struct session *session_manager_new_tcp_session(struct session_manager *m session_timer_update(mgr->sess_timer, sess, now + timeout); session_table_add(mgr->tcp_sess_table, key, sess); - duplicated_packet_filter_add(mgr->dup_pkt_filter, pkt, now); + uint64_t curr_dir_pkts = (dir == SESSION_DIR_C2S) ? session_get_metric(sess, SESSION_METRIC_C2S_PACKETS) : session_get_metric(sess, SESSION_METRIC_S2C_PACKETS); + if (curr_dir_pkts < 3 && mgr->opts.duplicated_packet_filter_enable) + { + duplicated_packet_filter_add(mgr->dup_pkt_filter, pkt, now); + } + mgr->stat.tcp_sess.nr_sess_used++; return sess; @@ -613,9 +688,12 @@ static int session_manager_update_tcp_session(struct session_manager *mgr, struc session_transition_log(sess, curr_state, next_state, inputs); // update tcp pcb - struct tcp_half *curr = (dir == SESSION_DIR_C2S) ? &sess->tcp_pcb.c2s : &sess->tcp_pcb.s2c; - struct tcp_half *peer = (dir == SESSION_DIR_C2S) ? &sess->tcp_pcb.s2c : &sess->tcp_pcb.c2s; - tcp_half_update(curr, tcp_layer, now); + tcp_pcb_update(&sess->tcp_pcb, dir, tcp_layer, now); + + if (mgr->opts.duplicated_packet_filter_enable) + { + duplicated_packet_filter_add(mgr->dup_pkt_filter, pkt, now); + } // set closing reason if (next_state == SESSION_STATE_CLOSING && !session_get_closing_reason(sess)) @@ -631,6 +709,8 @@ static int session_manager_update_tcp_session(struct session_manager *mgr, struc } // update timeout + struct tcp_half *curr = (dir == SESSION_DIR_C2S) ? &sess->tcp_pcb.c2s : &sess->tcp_pcb.s2c; + struct tcp_half *peer = (dir == SESSION_DIR_C2S) ? &sess->tcp_pcb.s2c : &sess->tcp_pcb.c2s; uint64_t timeout = 0; switch (next_state) { @@ -704,34 +784,32 @@ struct session_manager *session_manager_new(struct session_manager_options *opts { return NULL; } - memcpy(&mgr->opts, opts, sizeof(struct session_manager_options)); - // duplicated packet filter - struct duplicated_packet_filter_options duplicated_packet_filter_opts = { - .enable = opts->duplicated_packet_filter_enable, - .capacity = opts->duplicated_packet_filter_capacity, - .timeout = opts->duplicated_packet_filter_timeout, - .error_rate = opts->duplicated_packet_filter_error_rate, - }; - // evicted session filter - struct evicted_session_filter_options evicted_session_filter_opts = { - .enable = opts->evicted_session_filter_enable, - .capacity = opts->evicted_session_filter_capacity, - .timeout = opts->evicted_session_filter_timeout, - .error_rate = opts->evicted_session_filter_error_rate, - }; - mgr->sess_pool = session_pool_new(mgr->opts.max_tcp_session_num + mgr->opts.max_udp_session_num); mgr->tcp_sess_table = session_table_new(); mgr->udp_sess_table = session_table_new(); mgr->sess_timer = session_timer_new(now); - mgr->dup_pkt_filter = duplicated_packet_filter_new(&duplicated_packet_filter_opts, now); - mgr->evicte_sess_filter = evicted_session_filter_new(&evicted_session_filter_opts, now); - if (mgr->sess_pool == NULL || mgr->tcp_sess_table == NULL || mgr->udp_sess_table == NULL || mgr->sess_timer == NULL || mgr->dup_pkt_filter == NULL || mgr->evicte_sess_filter == NULL) + if (mgr->sess_pool == NULL || mgr->tcp_sess_table == NULL || mgr->udp_sess_table == NULL || mgr->sess_timer == NULL) { goto error; } + if (mgr->opts.evicted_session_filter_enable) + { + mgr->evicte_sess_filter = evicted_session_filter_new(mgr->opts.evicted_session_filter_capacity, mgr->opts.evicted_session_filter_timeout, mgr->opts.evicted_session_filter_error_rate, now); + if (mgr->evicte_sess_filter == NULL) + { + goto error; + } + } + if (mgr->opts.duplicated_packet_filter_enable) + { + mgr->dup_pkt_filter = duplicated_packet_filter_new(mgr->opts.duplicated_packet_filter_capacity, mgr->opts.duplicated_packet_filter_timeout, mgr->opts.duplicated_packet_filter_error_rate, now); + if (mgr->dup_pkt_filter == NULL) + { + goto error; + } + } INIT_LIST_HEAD(&mgr->evicte_queue); session_filter_init(); @@ -766,8 +844,14 @@ void session_manager_free(struct session_manager *mgr) { session_manager_free_session(mgr, sess); } - evicted_session_filter_free(mgr->evicte_sess_filter); - duplicated_packet_filter_free(mgr->dup_pkt_filter); + if (mgr->opts.evicted_session_filter_enable) + { + evicted_session_filter_free(mgr->evicte_sess_filter); + } + if (mgr->opts.duplicated_packet_filter_enable) + { + duplicated_packet_filter_free(mgr->dup_pkt_filter); + } session_timer_free(mgr->sess_timer); session_table_free(mgr->udp_sess_table); session_table_free(mgr->tcp_sess_table); diff --git a/src/session/test/gtest_filter_tcp_dupkt.cpp b/src/session/test/gtest_filter_tcp_dupkt.cpp index 8b87102..12b088f 100644 --- a/src/session/test/gtest_filter_tcp_dupkt.cpp +++ b/src/session/test/gtest_filter_tcp_dupkt.cpp @@ -42,7 +42,7 @@ struct session_manager_options opts = { // TCP Reassembly .tcp_reassembly_enable = 1, .tcp_reassembly_max_timeout = 60000, - .tcp_reassembly_max_segments = 0, + .tcp_reassembly_max_segments = 16, }; static void packet_set_ip_id(struct packet *pkt, uint16_t ip_id) diff --git a/src/session/test/gtest_overload_evict_tcp_sess.cpp b/src/session/test/gtest_overload_evict_tcp_sess.cpp index 7b1ac57..3bb755f 100644 --- a/src/session/test/gtest_overload_evict_tcp_sess.cpp +++ b/src/session/test/gtest_overload_evict_tcp_sess.cpp @@ -44,7 +44,7 @@ struct session_manager_options opts = { // TCP Reassembly .tcp_reassembly_enable = 1, .tcp_reassembly_max_timeout = 60000, - .tcp_reassembly_max_segments = 0, + .tcp_reassembly_max_segments = 16, }; static void packet_set_tcp_src_addr(struct packet *pkt, uint32_t addr) diff --git a/src/session/test/gtest_overload_evict_udp_sess.cpp b/src/session/test/gtest_overload_evict_udp_sess.cpp index 4349376..c6b5ace 100644 --- a/src/session/test/gtest_overload_evict_udp_sess.cpp +++ b/src/session/test/gtest_overload_evict_udp_sess.cpp @@ -44,7 +44,7 @@ struct session_manager_options opts = { // TCP Reassembly .tcp_reassembly_enable = 1, .tcp_reassembly_max_timeout = 60000, - .tcp_reassembly_max_segments = 0, + .tcp_reassembly_max_segments = 16, }; static void packet_set_tcp_src_addr(struct packet *pkt, uint32_t addr) diff --git a/src/session/test/gtest_state_tcp_active_to_closing.cpp b/src/session/test/gtest_state_tcp_active_to_closing.cpp index 537e47c..5c000f7 100644 --- a/src/session/test/gtest_state_tcp_active_to_closing.cpp +++ b/src/session/test/gtest_state_tcp_active_to_closing.cpp @@ -43,7 +43,7 @@ struct session_manager_options opts = { // TCP Reassembly .tcp_reassembly_enable = 1, .tcp_reassembly_max_timeout = 60000, - .tcp_reassembly_max_segments = 0, + .tcp_reassembly_max_segments = 16, }; static void build_active_tcp_session(struct session_manager *mgr, struct session *sess) diff --git a/src/session/test/gtest_state_tcp_init_to_opening.cpp b/src/session/test/gtest_state_tcp_init_to_opening.cpp index ef55f33..7521a07 100644 --- a/src/session/test/gtest_state_tcp_init_to_opening.cpp +++ b/src/session/test/gtest_state_tcp_init_to_opening.cpp @@ -43,7 +43,7 @@ struct session_manager_options opts = { // TCP Reassembly .tcp_reassembly_enable = 1, .tcp_reassembly_max_timeout = 60000, - .tcp_reassembly_max_segments = 0, + .tcp_reassembly_max_segments = 16, }; /****************************************************************************** diff --git a/src/session/test/gtest_state_tcp_init_to_opening_to_active_to_closing_to_closed.cpp b/src/session/test/gtest_state_tcp_init_to_opening_to_active_to_closing_to_closed.cpp index 86e989e..c6845e8 100644 --- a/src/session/test/gtest_state_tcp_init_to_opening_to_active_to_closing_to_closed.cpp +++ b/src/session/test/gtest_state_tcp_init_to_opening_to_active_to_closing_to_closed.cpp @@ -42,7 +42,7 @@ struct session_manager_options opts = { // TCP Reassembly .tcp_reassembly_enable = 1, .tcp_reassembly_max_timeout = 60000, - .tcp_reassembly_max_segments = 0, + .tcp_reassembly_max_segments = 16, }; #if 1 diff --git a/src/session/test/gtest_state_tcp_opening_to_active.cpp b/src/session/test/gtest_state_tcp_opening_to_active.cpp index d7c50e3..534271e 100644 --- a/src/session/test/gtest_state_tcp_opening_to_active.cpp +++ b/src/session/test/gtest_state_tcp_opening_to_active.cpp @@ -42,7 +42,7 @@ struct session_manager_options opts = { // TCP Reassembly .tcp_reassembly_enable = 1, .tcp_reassembly_max_timeout = 60000, - .tcp_reassembly_max_segments = 0, + .tcp_reassembly_max_segments = 16, }; /****************************************************************************** diff --git a/src/session/test/gtest_state_tcp_opening_to_closing.cpp b/src/session/test/gtest_state_tcp_opening_to_closing.cpp index 27bf95f..271dbc3 100644 --- a/src/session/test/gtest_state_tcp_opening_to_closing.cpp +++ b/src/session/test/gtest_state_tcp_opening_to_closing.cpp @@ -43,7 +43,7 @@ struct session_manager_options opts = { // TCP Reassembly .tcp_reassembly_enable = 1, .tcp_reassembly_max_timeout = 60000, - .tcp_reassembly_max_segments = 0, + .tcp_reassembly_max_segments = 16, }; /****************************************************************************** diff --git a/src/session/test/gtest_state_udp_init_to_opening_to_active_to_closing.cpp b/src/session/test/gtest_state_udp_init_to_opening_to_active_to_closing.cpp index f574a15..2e97440 100644 --- a/src/session/test/gtest_state_udp_init_to_opening_to_active_to_closing.cpp +++ b/src/session/test/gtest_state_udp_init_to_opening_to_active_to_closing.cpp @@ -42,7 +42,7 @@ struct session_manager_options opts = { // TCP Reassembly .tcp_reassembly_enable = 1, .tcp_reassembly_max_timeout = 60000, - .tcp_reassembly_max_segments = 0, + .tcp_reassembly_max_segments = 16, }; #if 1 diff --git a/src/session/test/gtest_state_udp_init_to_opening_to_closing.cpp b/src/session/test/gtest_state_udp_init_to_opening_to_closing.cpp index 2eb1538..c538cc1 100644 --- a/src/session/test/gtest_state_udp_init_to_opening_to_closing.cpp +++ b/src/session/test/gtest_state_udp_init_to_opening_to_closing.cpp @@ -42,7 +42,7 @@ struct session_manager_options opts = { // TCP Reassembly .tcp_reassembly_enable = 1, .tcp_reassembly_max_timeout = 60000, - .tcp_reassembly_max_segments = 0, + .tcp_reassembly_max_segments = 16, }; /****************************************************************************** diff --git a/src/session/test/gtest_timeout_tcp_data.cpp b/src/session/test/gtest_timeout_tcp_data.cpp index 3d93cf0..2f488c7 100644 --- a/src/session/test/gtest_timeout_tcp_data.cpp +++ b/src/session/test/gtest_timeout_tcp_data.cpp @@ -41,7 +41,7 @@ struct session_manager_options opts = { // TCP Reassembly .tcp_reassembly_enable = 1, .tcp_reassembly_max_timeout = 60000, - .tcp_reassembly_max_segments = 0, + .tcp_reassembly_max_segments = 16, }; #if 1 diff --git a/src/session/test/gtest_timeout_tcp_handshake.cpp b/src/session/test/gtest_timeout_tcp_handshake.cpp index 5ccf110..b0518b6 100644 --- a/src/session/test/gtest_timeout_tcp_handshake.cpp +++ b/src/session/test/gtest_timeout_tcp_handshake.cpp @@ -42,7 +42,7 @@ struct session_manager_options opts = { // TCP Reassembly .tcp_reassembly_enable = 1, .tcp_reassembly_max_timeout = 60000, - .tcp_reassembly_max_segments = 0, + .tcp_reassembly_max_segments = 16, }; #if 1 diff --git a/src/session/test/gtest_timeout_tcp_init.cpp b/src/session/test/gtest_timeout_tcp_init.cpp index f5f830a..76896f7 100644 --- a/src/session/test/gtest_timeout_tcp_init.cpp +++ b/src/session/test/gtest_timeout_tcp_init.cpp @@ -42,7 +42,7 @@ struct session_manager_options opts = { // TCP Reassembly .tcp_reassembly_enable = 1, .tcp_reassembly_max_timeout = 60000, - .tcp_reassembly_max_segments = 0, + .tcp_reassembly_max_segments = 16, }; #if 1 diff --git a/src/session/test/gtest_timeout_udp_data.cpp b/src/session/test/gtest_timeout_udp_data.cpp index ffb4bee..9dd571c 100644 --- a/src/session/test/gtest_timeout_udp_data.cpp +++ b/src/session/test/gtest_timeout_udp_data.cpp @@ -41,7 +41,7 @@ struct session_manager_options opts = { // TCP Reassembly .tcp_reassembly_enable = 1, .tcp_reassembly_max_timeout = 60000, - .tcp_reassembly_max_segments = 0, + .tcp_reassembly_max_segments = 16, }; #if 1