// TCP state machine test: init -> opening #include #include "times.h" #include "session_priv.h" #include "session_manager.h" #include "ipv4_utils.h" #include "test_packets.h" struct session_manager_options opts = { // max session number .max_tcp_session_num = 256, .max_udp_session_num = 256, // session overload .tcp_overload_evict_old_sess = 1, // 1: evict old session, 0: bypass new session .udp_overload_evict_old_sess = 1, // 1: evict old session, 0: bypass new session // tcp timeout .tcp_init_timeout = 1, .tcp_handshake_timeout = 2, .tcp_data_timeout = 3, .tcp_half_closed_timeout = 4, .tcp_time_wait_timeout = 5, .tcp_discard_timeout = 6, .tcp_unverified_rst_timeout = 7, // udp timeout .udp_data_timeout = 8, // duplicate packet filter .duplicated_packet_filter_enable = 1, .duplicated_packet_filter_capacity = 1000, .duplicated_packet_filter_timeout = 10, .duplicated_packet_filter_error_rate = 0.0001, // evicted session filter .evicted_session_filter_enable = 1, .evicted_session_filter_capacity = 1000, .evicted_session_filter_timeout = 10, .evicted_session_filter_error_rate = 0.0001, // TCP Reassembly .tcp_reassembly_enable = 1, .tcp_reassembly_max_timeout = 60000, .tcp_reassembly_max_segments = 16, }; /****************************************************************************** * case: TCP init -> opening (by SYN) ******************************************************************************/ #if 1 TEST(TCP_INIT_TO_OPENING, BY_SYN) { char buffer[1024] = {0}; struct packet pkt; struct session *sess = NULL; struct session_manager *mgr = NULL; struct session_manager_stat *stat = NULL; stellar_update_time_cache(); mgr = session_manager_new(&opts, 1); EXPECT_TRUE(mgr != NULL); // C2S SYN Packet printf("\n=> Packet Parse: TCP C2S SYN packet\n"); packet_parse(&pkt, (const char *)tcp_pkt1_c2s_syn, sizeof(tcp_pkt1_c2s_syn)); printf("<= Packet Parse: done\n\n"); // lookup session EXPECT_TRUE(session_manager_lookup_session(mgr, &pkt, 1) == NULL); // new session sess = session_manager_new_session(mgr, &pkt, 1); EXPECT_TRUE(sess); EXPECT_TRUE(session_get_id(sess) != 0); tuple6_to_str(session_get_tuple6(sess), buffer, sizeof(buffer)); EXPECT_STREQ(buffer, "192.168.38.105:60111-93.184.216.34:80-6-0"); EXPECT_TRUE(session_get_tuple6_direction(sess) == FLOW_DIRECTION_C2S); EXPECT_TRUE(session_get_current_state(sess) == SESSION_STATE_OPENING); EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP); EXPECT_TRUE(session_has_duplicate_traffic(sess) == 0); EXPECT_TRUE(session_get_closing_reason(sess) == 0); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_C2S, STAT_RAW_BYTES_RECEIVED) == 78); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_S2C, STAT_RAW_BYTES_RECEIVED) == 0); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_C2S, STAT_RAW_PACKETS_RECEIVED) == 1); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_S2C, STAT_RAW_PACKETS_RECEIVED) == 0); EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_START)); EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_LAST)); EXPECT_TRUE(session_get0_current_packet(sess) == &pkt); EXPECT_TRUE(session_get_current_flow_direction(sess) == FLOW_DIRECTION_C2S); EXPECT_TRUE(session_get_first_packet(sess, FLOW_DIRECTION_C2S) != NULL); EXPECT_TRUE(session_get_first_packet(sess, FLOW_DIRECTION_S2C) == NULL); session_print(sess); // check stat stat = session_manager_stat(mgr); EXPECT_TRUE(stat); EXPECT_TRUE(stat->curr_nr_tcp_sess_used == 1); EXPECT_TRUE(stat->curr_nr_tcp_sess_opening == 1); EXPECT_TRUE(stat->curr_nr_tcp_sess_active == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_closing == 0); // expire session EXPECT_TRUE(session_manager_get_expired_session(mgr, 1 + opts.tcp_init_timeout) == NULL); // opening -> closing sess = session_manager_get_expired_session(mgr, 1 + opts.tcp_init_timeout + opts.tcp_data_timeout); // closing -> closed EXPECT_TRUE(sess); EXPECT_TRUE(session_get_current_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); session_print(sess); // free session session_manager_free_session(mgr, sess); // check stat stat = session_manager_stat(mgr); EXPECT_TRUE(stat); EXPECT_TRUE(stat->curr_nr_tcp_sess_used == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_opening == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_active == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_closing == 0); session_manager_free(mgr); } #endif /****************************************************************************** * case: TCP init -> opening (by SYNACK) ******************************************************************************/ #if 1 TEST(TCP_INIT_TO_OPENING, BY_SYNACK) { char buffer[1024] = {0}; struct packet pkt; struct session *sess = NULL; struct session_manager *mgr = NULL; struct session_manager_stat *stat = NULL; stellar_update_time_cache(); mgr = session_manager_new(&opts, 1); EXPECT_TRUE(mgr != NULL); // S2C SYNACK Packet printf("\n=> Packet Parse: TCP S2C SYNACK packet\n"); packet_parse(&pkt, (const char *)tcp_pkt2_s2c_syn_ack, sizeof(tcp_pkt2_s2c_syn_ack)); printf("<= Packet Parse: done\n\n"); // lookup session EXPECT_TRUE(session_manager_lookup_session(mgr, &pkt, 1) == NULL); // new session sess = session_manager_new_session(mgr, &pkt, 1); EXPECT_TRUE(sess); EXPECT_TRUE(session_get_id(sess) != 0); tuple6_to_str(session_get_tuple6(sess), buffer, sizeof(buffer)); EXPECT_STREQ(buffer, "93.184.216.34:80-192.168.38.105:60111-6-0"); EXPECT_TRUE(session_get_tuple6_direction(sess) == FLOW_DIRECTION_S2C); EXPECT_TRUE(session_get_current_state(sess) == SESSION_STATE_OPENING); EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP); EXPECT_TRUE(session_has_duplicate_traffic(sess) == 0); EXPECT_TRUE(session_get_closing_reason(sess) == 0); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_C2S, STAT_RAW_BYTES_RECEIVED) == 0); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_S2C, STAT_RAW_BYTES_RECEIVED) == 74); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_C2S, STAT_RAW_PACKETS_RECEIVED) == 0); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_S2C, STAT_RAW_PACKETS_RECEIVED) == 1); EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_START)); EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_LAST)); EXPECT_TRUE(session_get0_current_packet(sess) == &pkt); EXPECT_TRUE(session_get_current_flow_direction(sess) == FLOW_DIRECTION_S2C); EXPECT_TRUE(session_get_first_packet(sess, FLOW_DIRECTION_C2S) == NULL); EXPECT_TRUE(session_get_first_packet(sess, FLOW_DIRECTION_S2C) != NULL); session_print(sess); // check stat stat = session_manager_stat(mgr); EXPECT_TRUE(stat); EXPECT_TRUE(stat->curr_nr_tcp_sess_used == 1); EXPECT_TRUE(stat->curr_nr_tcp_sess_opening == 1); EXPECT_TRUE(stat->curr_nr_tcp_sess_active == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_closing == 0); // expire session EXPECT_TRUE(session_manager_get_expired_session(mgr, 1 + opts.tcp_handshake_timeout) == NULL); sess = session_manager_get_expired_session(mgr, 1 + opts.tcp_handshake_timeout + opts.tcp_data_timeout); EXPECT_TRUE(sess); EXPECT_TRUE(session_get_current_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); session_print(sess); // free session session_manager_free_session(mgr, sess); // check stat stat = session_manager_stat(mgr); EXPECT_TRUE(stat); EXPECT_TRUE(stat->curr_nr_tcp_sess_used == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_opening == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_active == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_closing == 0); session_manager_free(mgr); } #endif /****************************************************************************** * case: TCP init -> opening (by SYN + SYNACK) ******************************************************************************/ #if 1 TEST(TCP_INIT_TO_OPENING, BY_SYN_SYNACK) { char buffer[1024] = {0}; struct packet pkt; struct session *sess = NULL; struct session_manager *mgr = NULL; struct session_manager_stat *stat = NULL; stellar_update_time_cache(); mgr = session_manager_new(&opts, 1); EXPECT_TRUE(mgr != NULL); // C2S SYN Packet printf("\n=> Packet Parse: TCP C2S SYN packet\n"); packet_parse(&pkt, (const char *)tcp_pkt1_c2s_syn, sizeof(tcp_pkt1_c2s_syn)); printf("<= Packet Parse: done\n\n"); // lookup session EXPECT_TRUE(session_manager_lookup_session(mgr, &pkt, 1) == NULL); // new session sess = session_manager_new_session(mgr, &pkt, 1); EXPECT_TRUE(sess); // S2C SYNACK Packet printf("\n=> Packet Parse: TCP S2C SYNACK packet\n"); packet_parse(&pkt, (const char *)tcp_pkt2_s2c_syn_ack, sizeof(tcp_pkt2_s2c_syn_ack)); printf("<= Packet Parse: done\n\n"); // lookup session sess = session_manager_lookup_session(mgr, &pkt, 2); EXPECT_TRUE(sess); // update session EXPECT_TRUE(session_manager_update_session(mgr, sess, &pkt, 2) == 0); EXPECT_TRUE(session_get_id(sess) != 0); tuple6_to_str(session_get_tuple6(sess), buffer, sizeof(buffer)); EXPECT_STREQ(buffer, "192.168.38.105:60111-93.184.216.34:80-6-0"); EXPECT_TRUE(session_get_tuple6_direction(sess) == FLOW_DIRECTION_C2S); EXPECT_TRUE(session_get_current_state(sess) == SESSION_STATE_OPENING); EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP); EXPECT_TRUE(session_has_duplicate_traffic(sess) == 0); EXPECT_TRUE(session_get_closing_reason(sess) == 0); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_C2S, STAT_RAW_BYTES_RECEIVED) == 78); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_S2C, STAT_RAW_BYTES_RECEIVED) == 74); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_C2S, STAT_RAW_PACKETS_RECEIVED) == 1); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_S2C, STAT_RAW_PACKETS_RECEIVED) == 1); EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_START)); EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_LAST)); EXPECT_TRUE(session_get0_current_packet(sess) == &pkt); EXPECT_TRUE(session_get_current_flow_direction(sess) == FLOW_DIRECTION_S2C); EXPECT_TRUE(session_get_first_packet(sess, FLOW_DIRECTION_C2S) != NULL); EXPECT_TRUE(session_get_first_packet(sess, FLOW_DIRECTION_S2C) != NULL); session_print(sess); // check stat stat = session_manager_stat(mgr); EXPECT_TRUE(stat); EXPECT_TRUE(stat->curr_nr_tcp_sess_used == 1); EXPECT_TRUE(stat->curr_nr_tcp_sess_opening == 1); EXPECT_TRUE(stat->curr_nr_tcp_sess_active == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_closing == 0); // expire session EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.tcp_handshake_timeout) == NULL); sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_handshake_timeout + opts.tcp_data_timeout); EXPECT_TRUE(sess); EXPECT_TRUE(session_get_current_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); session_print(sess); // free session session_manager_free_session(mgr, sess); // check stat stat = session_manager_stat(mgr); EXPECT_TRUE(stat); EXPECT_TRUE(stat->curr_nr_tcp_sess_used == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_opening == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_active == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_closing == 0); session_manager_free(mgr); } #endif /****************************************************************************** * case: TCP init -> opening (by SYN + SYNACK + ACK) ******************************************************************************/ #if 1 TEST(TCP_INIT_TO_OPENING, BY_SYN_SYNACK_ACK) { char buffer[1024] = {0}; struct packet pkt; struct session *sess = NULL; struct session_manager *mgr = NULL; struct session_manager_stat *stat = NULL; stellar_update_time_cache(); mgr = session_manager_new(&opts, 1); EXPECT_TRUE(mgr != NULL); // C2S SYN Packet printf("\n=> Packet Parse: TCP C2S SYN packet\n"); packet_parse(&pkt, (const char *)tcp_pkt1_c2s_syn, sizeof(tcp_pkt1_c2s_syn)); printf("<= Packet Parse: done\n\n"); // lookup session EXPECT_TRUE(session_manager_lookup_session(mgr, &pkt, 1) == NULL); // new session sess = session_manager_new_session(mgr, &pkt, 1); EXPECT_TRUE(sess); // S2C SYNACK Packet printf("\n=> Packet Parse: TCP S2C SYNACK packet\n"); packet_parse(&pkt, (const char *)tcp_pkt2_s2c_syn_ack, sizeof(tcp_pkt2_s2c_syn_ack)); printf("<= Packet Parse: done\n\n"); // lookup session sess = session_manager_lookup_session(mgr, &pkt, 2); EXPECT_TRUE(sess); // update session EXPECT_TRUE(session_manager_update_session(mgr, sess, &pkt, 2) == 0); // C2S ACK Packet printf("\n=> Packet Parse: TCP C2S ACK packet\n"); packet_parse(&pkt, (const char *)tcp_pkt3_c2s_ack, sizeof(tcp_pkt3_c2s_ack)); printf("<= Packet Parse: done\n\n"); // lookup session sess = session_manager_lookup_session(mgr, &pkt, 3); EXPECT_TRUE(sess); // update session EXPECT_TRUE(session_manager_update_session(mgr, sess, &pkt, 3) == 0); EXPECT_TRUE(session_get_id(sess) != 0); tuple6_to_str(session_get_tuple6(sess), buffer, sizeof(buffer)); EXPECT_STREQ(buffer, "192.168.38.105:60111-93.184.216.34:80-6-0"); EXPECT_TRUE(session_get_tuple6_direction(sess) == FLOW_DIRECTION_C2S); EXPECT_TRUE(session_get_current_state(sess) == SESSION_STATE_OPENING); EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP); EXPECT_TRUE(session_has_duplicate_traffic(sess) == 0); EXPECT_TRUE(session_get_closing_reason(sess) == 0); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_C2S, STAT_RAW_BYTES_RECEIVED) == 78 + 66); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_S2C, STAT_RAW_BYTES_RECEIVED) == 74); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_C2S, STAT_RAW_PACKETS_RECEIVED) == 1 + 1); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_S2C, STAT_RAW_PACKETS_RECEIVED) == 1); EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_START)); EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_LAST)); EXPECT_TRUE(session_get0_current_packet(sess) == &pkt); EXPECT_TRUE(session_get_current_flow_direction(sess) == FLOW_DIRECTION_C2S); EXPECT_TRUE(session_get_first_packet(sess, FLOW_DIRECTION_C2S) != NULL); EXPECT_TRUE(session_get_first_packet(sess, FLOW_DIRECTION_S2C) != NULL); session_print(sess); // check stat stat = session_manager_stat(mgr); EXPECT_TRUE(stat); EXPECT_TRUE(stat->curr_nr_tcp_sess_used == 1); EXPECT_TRUE(stat->curr_nr_tcp_sess_opening == 1); EXPECT_TRUE(stat->curr_nr_tcp_sess_active == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_closing == 0); // expire session EXPECT_TRUE(session_manager_get_expired_session(mgr, 3 + opts.tcp_data_timeout) == NULL); sess = session_manager_get_expired_session(mgr, 3 + opts.tcp_data_timeout + opts.tcp_data_timeout); EXPECT_TRUE(sess); EXPECT_TRUE(session_get_current_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); session_print(sess); // free session session_manager_free_session(mgr, sess); // check stat stat = session_manager_stat(mgr); EXPECT_TRUE(stat); EXPECT_TRUE(stat->curr_nr_tcp_sess_used == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_opening == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_active == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_closing == 0); session_manager_free(mgr); } #endif /****************************************************************************** * case: TCP init -> opening (by SYN retransmission) ******************************************************************************/ // overwrited ipid to build SYN retransmission #if 1 TEST(TCP_INIT_TO_OPENING, BY_SYN_RETRANSMISSION) { char buffer[1024] = {0}; struct packet pkt; struct session *sess = NULL; struct session_manager *mgr = NULL; struct session_manager_stat *stat = NULL; stellar_update_time_cache(); mgr = session_manager_new(&opts, 1); EXPECT_TRUE(mgr != NULL); // C2S SYN Packet printf("\n=> Packet Parse: TCP C2S SYN packet\n"); packet_parse(&pkt, (const char *)tcp_pkt1_c2s_syn, sizeof(tcp_pkt1_c2s_syn)); printf("<= Packet Parse: done\n\n"); // lookup session EXPECT_TRUE(session_manager_lookup_session(mgr, &pkt, 1) == NULL); // new session sess = session_manager_new_session(mgr, &pkt, 1); EXPECT_TRUE(sess); // C2S SYN Packet retransmission printf("\n=> Packet Parse: TCP C2S SYN retransmission packet\n"); char syn_retransmission[1500] = {0}; memcpy(syn_retransmission, tcp_pkt1_c2s_syn, sizeof(tcp_pkt1_c2s_syn)); packet_parse(&pkt, (const char *)syn_retransmission, sizeof(tcp_pkt1_c2s_syn)); const struct raw_layer *ipv4_layer = packet_get_innermost_raw_layer(&pkt, LAYER_PROTO_IPV4); struct ip *hdr = (struct ip *)ipv4_layer->hdr_ptr; ipv4_hdr_set_ipid(hdr, 0x1234); printf("<= Packet Parse: done\n\n"); // lookup session sess = session_manager_lookup_session(mgr, &pkt, 2); EXPECT_TRUE(sess); // update session EXPECT_TRUE(session_manager_update_session(mgr, sess, &pkt, 2) == 0); EXPECT_TRUE(session_get_id(sess) != 0); tuple6_to_str(session_get_tuple6(sess), buffer, sizeof(buffer)); EXPECT_STREQ(buffer, "192.168.38.105:60111-93.184.216.34:80-6-0"); EXPECT_TRUE(session_get_tuple6_direction(sess) == FLOW_DIRECTION_C2S); EXPECT_TRUE(session_get_current_state(sess) == SESSION_STATE_OPENING); EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP); EXPECT_TRUE(session_has_duplicate_traffic(sess) == 0); EXPECT_TRUE(session_get_closing_reason(sess) == 0); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_C2S, STAT_RAW_BYTES_RECEIVED) == 78 + 78); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_S2C, STAT_RAW_BYTES_RECEIVED) == 0); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_C2S, STAT_RAW_PACKETS_RECEIVED) == 1 + 1); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_S2C, STAT_RAW_PACKETS_RECEIVED) == 0); EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_START)); EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_LAST)); EXPECT_TRUE(session_get0_current_packet(sess) == &pkt); EXPECT_TRUE(session_get_current_flow_direction(sess) == FLOW_DIRECTION_C2S); EXPECT_TRUE(session_get_first_packet(sess, FLOW_DIRECTION_C2S) != NULL); EXPECT_TRUE(session_get_first_packet(sess, FLOW_DIRECTION_S2C) == NULL); session_print(sess); // check stat stat = session_manager_stat(mgr); EXPECT_TRUE(stat); EXPECT_TRUE(stat->curr_nr_tcp_sess_used == 1); EXPECT_TRUE(stat->curr_nr_tcp_sess_opening == 1); EXPECT_TRUE(stat->curr_nr_tcp_sess_active == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_closing == 0); // expire session EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.tcp_init_timeout) == NULL); sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_init_timeout + opts.tcp_data_timeout); EXPECT_TRUE(sess); EXPECT_TRUE(session_get_current_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); session_print(sess); // free session session_manager_free_session(mgr, sess); // check stat stat = session_manager_stat(mgr); EXPECT_TRUE(stat); EXPECT_TRUE(stat->curr_nr_tcp_sess_used == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_opening == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_active == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_closing == 0); session_manager_free(mgr); } #endif /****************************************************************************** * case: TCP init -> opening (by SYNACK retransmission) ******************************************************************************/ // overwrited ipid to build SYNACK retransmission #if 1 TEST(TCP_INIT_TO_OPENING, BY_SYNACK_RETRANSMISSION) { char buffer[1024] = {0}; struct packet pkt; struct session *sess = NULL; struct session_manager *mgr = NULL; struct session_manager_stat *stat = NULL; stellar_update_time_cache(); mgr = session_manager_new(&opts, 1); EXPECT_TRUE(mgr != NULL); // S2C SYNACK Packet printf("\n=> Packet Parse: TCP S2C SYNACK packet\n"); packet_parse(&pkt, (const char *)tcp_pkt2_s2c_syn_ack, sizeof(tcp_pkt2_s2c_syn_ack)); printf("<= Packet Parse: done\n\n"); // lookup session EXPECT_TRUE(session_manager_lookup_session(mgr, &pkt, 1) == NULL); // new session sess = session_manager_new_session(mgr, &pkt, 1); EXPECT_TRUE(sess); // SYNACK Packet retransmission printf("\n=> Packet Parse: TCP S2C SYNACK retransmission packet\n"); char tcp_pkt_s2c_synack_retransmission[1500] = {0}; memcpy(tcp_pkt_s2c_synack_retransmission, tcp_pkt2_s2c_syn_ack, sizeof(tcp_pkt2_s2c_syn_ack)); packet_parse(&pkt, (const char *)tcp_pkt_s2c_synack_retransmission, sizeof(tcp_pkt2_s2c_syn_ack)); const struct raw_layer *ipv4_layer = packet_get_innermost_raw_layer(&pkt, LAYER_PROTO_IPV4); EXPECT_TRUE(ipv4_layer); struct ip *hdr = (struct ip *)ipv4_layer->hdr_ptr; ipv4_hdr_set_ipid(hdr, 0x1234); printf("<= Packet Parse: done\n\n"); // lookup session sess = session_manager_lookup_session(mgr, &pkt, 2); EXPECT_TRUE(sess); // update session EXPECT_TRUE(session_manager_update_session(mgr, sess, &pkt, 2) == 0); EXPECT_TRUE(session_get_id(sess) != 0); tuple6_to_str(session_get_tuple6(sess), buffer, sizeof(buffer)); EXPECT_STREQ(buffer, "93.184.216.34:80-192.168.38.105:60111-6-0"); EXPECT_TRUE(session_get_tuple6_direction(sess) == FLOW_DIRECTION_S2C); EXPECT_TRUE(session_get_current_state(sess) == SESSION_STATE_OPENING); EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP); EXPECT_TRUE(session_has_duplicate_traffic(sess) == 0); EXPECT_TRUE(session_get_closing_reason(sess) == 0); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_C2S, STAT_RAW_BYTES_RECEIVED) == 0); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_S2C, STAT_RAW_BYTES_RECEIVED) == 74 + 74); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_C2S, STAT_RAW_PACKETS_RECEIVED) == 0); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_S2C, STAT_RAW_PACKETS_RECEIVED) == 1 + 1); EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_START)); EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_LAST)); EXPECT_TRUE(session_get0_current_packet(sess) == &pkt); EXPECT_TRUE(session_get_current_flow_direction(sess) == FLOW_DIRECTION_S2C); EXPECT_TRUE(session_get_first_packet(sess, FLOW_DIRECTION_C2S) == NULL); EXPECT_TRUE(session_get_first_packet(sess, FLOW_DIRECTION_S2C) != NULL); session_print(sess); // check stat stat = session_manager_stat(mgr); EXPECT_TRUE(stat); EXPECT_TRUE(stat->curr_nr_tcp_sess_used == 1); EXPECT_TRUE(stat->curr_nr_tcp_sess_opening == 1); EXPECT_TRUE(stat->curr_nr_tcp_sess_active == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_closing == 0); // expire session EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.tcp_handshake_timeout) == NULL); sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_handshake_timeout + opts.tcp_data_timeout); EXPECT_TRUE(sess); EXPECT_TRUE(session_get_current_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); session_print(sess); // free session session_manager_free_session(mgr, sess); // check stat stat = session_manager_stat(mgr); EXPECT_TRUE(stat); EXPECT_TRUE(stat->curr_nr_tcp_sess_used == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_opening == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_active == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_closing == 0); session_manager_free(mgr); } #endif /****************************************************************************** * case: TCP init -> opening (by C2S asymmetric) ******************************************************************************/ #if 1 TEST(TCP_INIT_TO_OPENING, BY_C2S_ASMMETRIC) { char buffer[1024] = {0}; struct packet pkt; struct session *sess = NULL; struct session_manager *mgr = NULL; struct session_manager_stat *stat = NULL; stellar_update_time_cache(); mgr = session_manager_new(&opts, 1); EXPECT_TRUE(mgr != NULL); // C2S SYN Packet printf("\n=> Packet Parse: TCP C2S SYN packet\n"); packet_parse(&pkt, (const char *)tcp_pkt1_c2s_syn, sizeof(tcp_pkt1_c2s_syn)); printf("<= Packet Parse: done\n\n"); // lookup session EXPECT_TRUE(session_manager_lookup_session(mgr, &pkt, 1) == NULL); // new session sess = session_manager_new_session(mgr, &pkt, 1); EXPECT_TRUE(sess); // C2S ACK Packet printf("\n=> Packet Parse: TCP C2S ACK packet\n"); packet_parse(&pkt, (const char *)tcp_pkt3_c2s_ack, sizeof(tcp_pkt3_c2s_ack)); printf("<= Packet Parse: done\n\n"); // lookup session sess = session_manager_lookup_session(mgr, &pkt, 2); EXPECT_TRUE(sess); // update session EXPECT_TRUE(session_manager_update_session(mgr, sess, &pkt, 2) == 0); EXPECT_TRUE(session_get_id(sess) != 0); tuple6_to_str(session_get_tuple6(sess), buffer, sizeof(buffer)); EXPECT_STREQ(buffer, "192.168.38.105:60111-93.184.216.34:80-6-0"); EXPECT_TRUE(session_get_tuple6_direction(sess) == FLOW_DIRECTION_C2S); EXPECT_TRUE(session_get_current_state(sess) == SESSION_STATE_OPENING); EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP); EXPECT_TRUE(session_has_duplicate_traffic(sess) == 0); EXPECT_TRUE(session_get_closing_reason(sess) == 0); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_C2S, STAT_RAW_BYTES_RECEIVED) == 78 + 66); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_S2C, STAT_RAW_BYTES_RECEIVED) == 0); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_C2S, STAT_RAW_PACKETS_RECEIVED) == 1 + 1); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_S2C, STAT_RAW_PACKETS_RECEIVED) == 0); EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_START)); EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_LAST)); EXPECT_TRUE(session_get0_current_packet(sess) == &pkt); EXPECT_TRUE(session_get_current_flow_direction(sess) == FLOW_DIRECTION_C2S); EXPECT_TRUE(session_get_first_packet(sess, FLOW_DIRECTION_C2S) != NULL); EXPECT_TRUE(session_get_first_packet(sess, FLOW_DIRECTION_S2C) == NULL); session_print(sess); // check stat stat = session_manager_stat(mgr); EXPECT_TRUE(stat); EXPECT_TRUE(stat->curr_nr_tcp_sess_used == 1); EXPECT_TRUE(stat->curr_nr_tcp_sess_opening == 1); EXPECT_TRUE(stat->curr_nr_tcp_sess_active == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_closing == 0); // expire session EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.tcp_data_timeout) == NULL); sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_data_timeout + opts.tcp_data_timeout); EXPECT_TRUE(sess); EXPECT_TRUE(session_get_current_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); session_print(sess); // free session session_manager_free_session(mgr, sess); // check stat stat = session_manager_stat(mgr); EXPECT_TRUE(stat); EXPECT_TRUE(stat->curr_nr_tcp_sess_used == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_opening == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_active == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_closing == 0); session_manager_free(mgr); } #endif /****************************************************************************** * case: TCP init -> opening (by S2C asymmetric) ******************************************************************************/ #if 1 TEST(TCP_INIT_TO_OPENING, BY_S2C_ASMMETRIC) { char buffer[1024] = {0}; struct packet pkt; struct session *sess = NULL; struct session_manager *mgr = NULL; struct session_manager_stat *stat = NULL; stellar_update_time_cache(); mgr = session_manager_new(&opts, 1); EXPECT_TRUE(mgr != NULL); // S2C SYNACK Packet printf("\n=> Packet Parse: TCP S2C SYNACK packet\n"); packet_parse(&pkt, (const char *)tcp_pkt2_s2c_syn_ack, sizeof(tcp_pkt2_s2c_syn_ack)); printf("<= Packet Parse: done\n\n"); // lookup session EXPECT_TRUE(session_manager_lookup_session(mgr, &pkt, 1) == NULL); // new session sess = session_manager_new_session(mgr, &pkt, 1); EXPECT_TRUE(sess); // S2C ACK Packet printf("\n=> Packet Parse: TCP S2C ACK packet\n"); packet_parse(&pkt, (const char *)tcp_pkt5_s2c_ack, sizeof(tcp_pkt5_s2c_ack)); printf("<= Packet Parse: done\n\n"); // lookup session sess = session_manager_lookup_session(mgr, &pkt, 2); EXPECT_TRUE(sess); // update session EXPECT_TRUE(session_manager_update_session(mgr, sess, &pkt, 2) == 0); EXPECT_TRUE(session_get_id(sess) != 0); tuple6_to_str(session_get_tuple6(sess), buffer, sizeof(buffer)); EXPECT_STREQ(buffer, "93.184.216.34:80-192.168.38.105:60111-6-0"); EXPECT_TRUE(session_get_tuple6_direction(sess) == FLOW_DIRECTION_S2C); EXPECT_TRUE(session_get_current_state(sess) == SESSION_STATE_OPENING); EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP); EXPECT_TRUE(session_has_duplicate_traffic(sess) == 0); EXPECT_TRUE(session_get_closing_reason(sess) == 0); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_C2S, STAT_RAW_BYTES_RECEIVED) == 0); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_S2C, STAT_RAW_BYTES_RECEIVED) == 74 + 66); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_C2S, STAT_RAW_PACKETS_RECEIVED) == 0); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_S2C, STAT_RAW_PACKETS_RECEIVED) == 1 + 1); EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_START)); EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_LAST)); EXPECT_TRUE(session_get0_current_packet(sess) == &pkt); EXPECT_TRUE(session_get_current_flow_direction(sess) == FLOW_DIRECTION_S2C); EXPECT_TRUE(session_get_first_packet(sess, FLOW_DIRECTION_C2S) == NULL); EXPECT_TRUE(session_get_first_packet(sess, FLOW_DIRECTION_S2C) != NULL); session_print(sess); // check stat stat = session_manager_stat(mgr); EXPECT_TRUE(stat); EXPECT_TRUE(stat->curr_nr_tcp_sess_used == 1); EXPECT_TRUE(stat->curr_nr_tcp_sess_opening == 1); EXPECT_TRUE(stat->curr_nr_tcp_sess_active == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_closing == 0); // expire session EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.tcp_data_timeout) == NULL); sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_data_timeout + opts.tcp_data_timeout); EXPECT_TRUE(sess); EXPECT_TRUE(session_get_current_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); session_print(sess); // free session session_manager_free_session(mgr, sess); // check stat stat = session_manager_stat(mgr); EXPECT_TRUE(stat); EXPECT_TRUE(stat->curr_nr_tcp_sess_used == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_opening == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_active == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_closing == 0); session_manager_free(mgr); } #endif int main(int argc, char **argv) { ::testing::InitGoogleTest(&argc, argv); return RUN_ALL_TESTS(); }