// TCP state machine test: opening -> closing #include #include "times.h" #include "session_priv.h" #include "session_manager.h" #include "tcp_utils.h" #include "test_packets.h" struct session_manager_options opts = { // max session number .max_tcp_session_num = 256, .max_udp_session_num = 256, // session overload .tcp_overload_evict_old_sess = 1, // 1: evict old session, 0: bypass new session .udp_overload_evict_old_sess = 1, // 1: evict old session, 0: bypass new session // tcp timeout .tcp_init_timeout = 1, .tcp_handshake_timeout = 2, .tcp_data_timeout = 3, .tcp_half_closed_timeout = 4, .tcp_time_wait_timeout = 5, .tcp_discard_timeout = 6, .tcp_unverified_rst_timeout = 7, // udp timeout .udp_data_timeout = 8, // duplicate packet filter .duplicated_packet_filter_enable = 1, .duplicated_packet_filter_capacity = 1000, .duplicated_packet_filter_timeout = 10, .duplicated_packet_filter_error_rate = 0.0001, // evicted session filter .evicted_session_filter_enable = 1, .evicted_session_filter_capacity = 1000, .evicted_session_filter_timeout = 10, .evicted_session_filter_error_rate = 0.0001, // TCP Reassembly .tcp_reassembly_enable = 1, .tcp_reassembly_max_timeout = 60000, .tcp_reassembly_max_segments = 16, }; /****************************************************************************** * case: TCP opening -> closing (by FIN-FIN) ******************************************************************************/ #if 1 TEST(TCP_OPENING_TO_CLOSING, BY_FIN_FIN) { char buffer[1024] = {0}; struct packet pkt; struct session *sess = NULL; struct session_manager *mgr = NULL; struct session_manager_stat *stat = NULL; stellar_update_time_cache(); mgr = session_manager_new(&opts, 1); EXPECT_TRUE(mgr != NULL); // C2S SYN Packet printf("\n=> Packet Parse: TCP C2S SYN packet\n"); packet_parse(&pkt, (const char *)tcp_pkt1_c2s_syn, sizeof(tcp_pkt1_c2s_syn)); printf("<= Packet Parse: done\n\n"); // lookup session EXPECT_TRUE(session_manager_lookup_session(mgr, &pkt, 1) == NULL); // new session sess = session_manager_new_session(mgr, &pkt, 1); EXPECT_TRUE(sess); // C2S FIN Packet printf("\n=> Packet Parse: TCP C2S FIN packet\n"); packet_parse(&pkt, (const char *)tcp_pkt9_c2s_fin, sizeof(tcp_pkt9_c2s_fin)); printf("<= Packet Parse: done\n\n"); // lookup session sess = session_manager_lookup_session(mgr, &pkt, 2); EXPECT_TRUE(sess); // update session EXPECT_TRUE(session_manager_update_session(mgr, sess, &pkt, 2) == 0); // S2C FIN Packet printf("\n=> Packet Parse: TCP S2C FIN packet\n"); packet_parse(&pkt, (const char *)tcp_pkt10_s2c_fin, sizeof(tcp_pkt10_s2c_fin)); printf("<= Packet Parse: done\n\n"); // lookup session sess = session_manager_lookup_session(mgr, &pkt, 3); EXPECT_TRUE(sess); // update session EXPECT_TRUE(session_manager_update_session(mgr, sess, &pkt, 3) == 0); EXPECT_TRUE(session_get_id(sess) != 0); tuple6_to_str(session_get_tuple6(sess), buffer, sizeof(buffer)); EXPECT_STREQ(buffer, "192.168.38.105:60111-93.184.216.34:80-6-0"); EXPECT_TRUE(session_get_tuple6_direction(sess) == FLOW_DIRECTION_C2S); EXPECT_TRUE(session_get_current_state(sess) == SESSION_STATE_CLOSING); EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP); EXPECT_TRUE(session_has_duplicate_traffic(sess) == 0); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_CLIENT_FIN); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_C2S, STAT_RAW_BYTES_RECEIVED) == 78 + 66); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_S2C, STAT_RAW_BYTES_RECEIVED) == 66); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_C2S, STAT_RAW_PACKETS_RECEIVED) == 1 + 1); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_S2C, STAT_RAW_PACKETS_RECEIVED) == 1); EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_START)); EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_LAST)); EXPECT_TRUE(session_get0_current_packet(sess) == &pkt); EXPECT_TRUE(session_get_current_flow_direction(sess) == FLOW_DIRECTION_S2C); EXPECT_TRUE(session_get_first_packet(sess, FLOW_DIRECTION_C2S) != NULL); EXPECT_TRUE(session_get_first_packet(sess, FLOW_DIRECTION_S2C) != NULL); session_print(sess); // check stat stat = session_manager_stat(mgr); EXPECT_TRUE(stat); EXPECT_TRUE(stat->curr_nr_tcp_sess_used == 1); EXPECT_TRUE(stat->curr_nr_tcp_sess_opening == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_active == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_closing == 1); // expire session sess = session_manager_get_expired_session(mgr, 3 + opts.tcp_time_wait_timeout); EXPECT_TRUE(sess); EXPECT_TRUE(session_get_current_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_CLIENT_FIN); session_print(sess); // free session session_manager_free_session(mgr, sess); // check stat stat = session_manager_stat(mgr); EXPECT_TRUE(stat); EXPECT_TRUE(stat->curr_nr_tcp_sess_used == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_opening == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_active == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_closing == 0); session_manager_free(mgr); } #endif /****************************************************************************** * case: TCP opening -> closing (by C2S RST) ******************************************************************************/ #if 1 TEST(TCP_OPENING_TO_CLOSING, BY_C2S_RST) { char buffer[1024] = {0}; struct packet pkt; struct session *sess = NULL; struct session_manager *mgr = NULL; struct session_manager_stat *stat = NULL; stellar_update_time_cache(); mgr = session_manager_new(&opts, 1); EXPECT_TRUE(mgr != NULL); // C2S SYN Packet printf("\n=> Packet Parse: TCP C2S SYN packet\n"); packet_parse(&pkt, (const char *)tcp_pkt1_c2s_syn, sizeof(tcp_pkt1_c2s_syn)); printf("<= Packet Parse: done\n\n"); // lookup session EXPECT_TRUE(session_manager_lookup_session(mgr, &pkt, 1) == NULL); // new session sess = session_manager_new_session(mgr, &pkt, 1); EXPECT_TRUE(sess); // C2S RST Packet printf("\n=> Packet Parse: TCP C2S RST packet\n"); char tcp_pkt_c2s_rst[1500] = {0}; memcpy(tcp_pkt_c2s_rst, tcp_pkt9_c2s_fin, sizeof(tcp_pkt9_c2s_fin)); packet_parse(&pkt, (const char *)tcp_pkt_c2s_rst, sizeof(tcp_pkt9_c2s_fin)); const struct raw_layer *tcp_layer = packet_get_innermost_raw_layer(&pkt, LAYER_PROTO_TCP); EXPECT_TRUE(tcp_layer); struct tcphdr *hdr = (struct tcphdr *)tcp_layer->hdr_ptr; tcp_hdr_set_flags(hdr, 0); tcp_hdr_set_rst_flag(hdr, true); printf("<= Packet Parse: done\n\n"); // lookup session sess = session_manager_lookup_session(mgr, &pkt, 2); EXPECT_TRUE(sess); // update session EXPECT_TRUE(session_manager_update_session(mgr, sess, &pkt, 2) == 0); EXPECT_TRUE(session_get_id(sess) != 0); tuple6_to_str(session_get_tuple6(sess), buffer, sizeof(buffer)); EXPECT_STREQ(buffer, "192.168.38.105:60111-93.184.216.34:80-6-0"); EXPECT_TRUE(session_get_tuple6_direction(sess) == FLOW_DIRECTION_C2S); EXPECT_TRUE(session_get_current_state(sess) == SESSION_STATE_CLOSING); EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP); EXPECT_TRUE(session_has_duplicate_traffic(sess) == 0); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_CLIENT_RST); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_C2S, STAT_RAW_BYTES_RECEIVED) == 78 + 66); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_S2C, STAT_RAW_BYTES_RECEIVED) == 0); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_C2S, STAT_RAW_PACKETS_RECEIVED) == 1 + 1); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_S2C, STAT_RAW_PACKETS_RECEIVED) == 0); EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_START)); EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_LAST)); EXPECT_TRUE(session_get0_current_packet(sess) == &pkt); EXPECT_TRUE(session_get_current_flow_direction(sess) == FLOW_DIRECTION_C2S); EXPECT_TRUE(session_get_first_packet(sess, FLOW_DIRECTION_C2S) != NULL); EXPECT_TRUE(session_get_first_packet(sess, FLOW_DIRECTION_S2C) == NULL); session_print(sess); // check stat stat = session_manager_stat(mgr); EXPECT_TRUE(stat); EXPECT_TRUE(stat->curr_nr_tcp_sess_used == 1); EXPECT_TRUE(stat->curr_nr_tcp_sess_opening == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_active == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_closing == 1); // expire session sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_unverified_rst_timeout); EXPECT_TRUE(sess); EXPECT_TRUE(session_get_current_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_CLIENT_RST); session_print(sess); // free session session_manager_free_session(mgr, sess); // check stat stat = session_manager_stat(mgr); EXPECT_TRUE(stat); EXPECT_TRUE(stat->curr_nr_tcp_sess_used == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_opening == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_active == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_closing == 0); session_manager_free(mgr); } #endif /****************************************************************************** * case: TCP opening -> closing (by S2C RST) ******************************************************************************/ #if 1 TEST(TCP_OPENING_TO_CLOSING, BY_S2C_RST) { char buffer[1024] = {0}; struct packet pkt; struct session *sess = NULL; struct session_manager *mgr = NULL; struct session_manager_stat *stat = NULL; stellar_update_time_cache(); mgr = session_manager_new(&opts, 1); EXPECT_TRUE(mgr != NULL); // C2S SYN Packet printf("\n=> Packet Parse: TCP C2S SYN packet\n"); packet_parse(&pkt, (const char *)tcp_pkt1_c2s_syn, sizeof(tcp_pkt1_c2s_syn)); printf("<= Packet Parse: done\n\n"); // lookup session EXPECT_TRUE(session_manager_lookup_session(mgr, &pkt, 1) == NULL); // new session sess = session_manager_new_session(mgr, &pkt, 1); EXPECT_TRUE(sess); // S2C RST Packet printf("\n=> Packet Parse: TCP S2C RST packet\n"); char tcp_pkt_s2c_rst[1500] = {0}; memcpy(tcp_pkt_s2c_rst, tcp_pkt10_s2c_fin, sizeof(tcp_pkt10_s2c_fin)); packet_parse(&pkt, (const char *)tcp_pkt_s2c_rst, sizeof(tcp_pkt10_s2c_fin)); const struct raw_layer *tcp_layer = packet_get_innermost_raw_layer(&pkt, LAYER_PROTO_TCP); EXPECT_TRUE(tcp_layer); struct tcphdr *hdr = (struct tcphdr *)tcp_layer->hdr_ptr; tcp_hdr_set_flags(hdr, 0); tcp_hdr_set_rst_flag(hdr, true); printf("<= Packet Parse: done\n\n"); // lookup session sess = session_manager_lookup_session(mgr, &pkt, 2); EXPECT_TRUE(sess); // update session EXPECT_TRUE(session_manager_update_session(mgr, sess, &pkt, 2) == 0); EXPECT_TRUE(session_get_id(sess) != 0); tuple6_to_str(session_get_tuple6(sess), buffer, sizeof(buffer)); EXPECT_STREQ(buffer, "192.168.38.105:60111-93.184.216.34:80-6-0"); EXPECT_TRUE(session_get_tuple6_direction(sess) == FLOW_DIRECTION_C2S); EXPECT_TRUE(session_get_current_state(sess) == SESSION_STATE_CLOSING); EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP); EXPECT_TRUE(session_has_duplicate_traffic(sess) == 0); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_SERVER_RST); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_C2S, STAT_RAW_BYTES_RECEIVED) == 78); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_S2C, STAT_RAW_BYTES_RECEIVED) == 66); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_C2S, STAT_RAW_PACKETS_RECEIVED) == 1); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_S2C, STAT_RAW_PACKETS_RECEIVED) == 1); EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_START)); EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_LAST)); EXPECT_TRUE(session_get0_current_packet(sess) == &pkt); EXPECT_TRUE(session_get_current_flow_direction(sess) == FLOW_DIRECTION_S2C); EXPECT_TRUE(session_get_first_packet(sess, FLOW_DIRECTION_C2S) != NULL); EXPECT_TRUE(session_get_first_packet(sess, FLOW_DIRECTION_S2C) != NULL); session_print(sess); // check stat stat = session_manager_stat(mgr); EXPECT_TRUE(stat); EXPECT_TRUE(stat->curr_nr_tcp_sess_used == 1); EXPECT_TRUE(stat->curr_nr_tcp_sess_opening == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_active == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_closing == 1); // expire session sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_unverified_rst_timeout); EXPECT_TRUE(sess); EXPECT_TRUE(session_get_current_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_SERVER_RST); session_print(sess); // free session session_manager_free_session(mgr, sess); // check stat stat = session_manager_stat(mgr); EXPECT_TRUE(stat); EXPECT_TRUE(stat->curr_nr_tcp_sess_used == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_opening == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_active == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_closing == 0); session_manager_free(mgr); } #endif /****************************************************************************** * case: TCP opening -> closing (by init timeout) ******************************************************************************/ #if 1 TEST(TCP_OPENING_TO_CLOSING, BY_INIT_TIMEOUT) { struct packet pkt; struct session *sess = NULL; struct session_manager *mgr = NULL; struct session_manager_stat *stat = NULL; stellar_update_time_cache(); mgr = session_manager_new(&opts, 1); EXPECT_TRUE(mgr != NULL); // C2S SYN Packet printf("\n=> Packet Parse: TCP C2S SYN packet\n"); packet_parse(&pkt, (const char *)tcp_pkt1_c2s_syn, sizeof(tcp_pkt1_c2s_syn)); printf("<= Packet Parse: done\n\n"); // lookup session EXPECT_TRUE(session_manager_lookup_session(mgr, &pkt, 1) == NULL); // new session sess = session_manager_new_session(mgr, &pkt, 1); EXPECT_TRUE(sess); // check stat stat = session_manager_stat(mgr); EXPECT_TRUE(stat); EXPECT_TRUE(stat->curr_nr_tcp_sess_used == 1); EXPECT_TRUE(stat->curr_nr_tcp_sess_opening == 1); EXPECT_TRUE(stat->curr_nr_tcp_sess_active == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_closing == 0); // expire session EXPECT_TRUE(session_manager_get_expired_session(mgr, 1 + opts.tcp_init_timeout) == NULL); sess = session_manager_get_expired_session(mgr, 1 + opts.tcp_init_timeout + opts.tcp_data_timeout); EXPECT_TRUE(sess); EXPECT_TRUE(session_get_current_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); session_print(sess); // free session session_manager_free_session(mgr, sess); // check stat stat = session_manager_stat(mgr); EXPECT_TRUE(stat); EXPECT_TRUE(stat->curr_nr_tcp_sess_used == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_opening == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_active == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_closing == 0); session_manager_free(mgr); } #endif /****************************************************************************** * case: TCP opening -> closing (by handshake timeout) ******************************************************************************/ #if 1 TEST(TCP_OPENING_TO_CLOSING, BY_HANDSHAKE_TIMEOUT) { char buffer[1024] = {0}; struct packet pkt; struct session *sess = NULL; struct session_manager *mgr = NULL; struct session_manager_stat *stat = NULL; stellar_update_time_cache(); mgr = session_manager_new(&opts, 1); EXPECT_TRUE(mgr != NULL); // C2S SYN Packet printf("\n=> Packet Parse: TCP C2S SYN packet\n"); packet_parse(&pkt, (const char *)tcp_pkt1_c2s_syn, sizeof(tcp_pkt1_c2s_syn)); printf("<= Packet Parse: done\n\n"); // lookup session EXPECT_TRUE(session_manager_lookup_session(mgr, &pkt, 1) == NULL); // new session sess = session_manager_new_session(mgr, &pkt, 1); EXPECT_TRUE(sess); // S2C SYNACK Packet printf("\n=> Packet Parse: TCP S2C SYNACK packet\n"); packet_parse(&pkt, (const char *)tcp_pkt2_s2c_syn_ack, sizeof(tcp_pkt2_s2c_syn_ack)); printf("<= Packet Parse: done\n\n"); // lookup session sess = session_manager_lookup_session(mgr, &pkt, 2); EXPECT_TRUE(sess); // update session EXPECT_TRUE(session_manager_update_session(mgr, sess, &pkt, 2) == 0); EXPECT_TRUE(session_get_id(sess) != 0); tuple6_to_str(session_get_tuple6(sess), buffer, sizeof(buffer)); EXPECT_STREQ(buffer, "192.168.38.105:60111-93.184.216.34:80-6-0"); EXPECT_TRUE(session_get_tuple6_direction(sess) == FLOW_DIRECTION_C2S); EXPECT_TRUE(session_get_current_state(sess) == SESSION_STATE_OPENING); EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP); EXPECT_TRUE(session_has_duplicate_traffic(sess) == 0); EXPECT_TRUE(session_get_closing_reason(sess) == 0); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_C2S, STAT_RAW_BYTES_RECEIVED) == 78); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_S2C, STAT_RAW_BYTES_RECEIVED) == 74); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_C2S, STAT_RAW_PACKETS_RECEIVED) == 1); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_S2C, STAT_RAW_PACKETS_RECEIVED) == 1); EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_START)); EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_LAST)); EXPECT_TRUE(session_get0_current_packet(sess) == &pkt); EXPECT_TRUE(session_get_current_flow_direction(sess) == FLOW_DIRECTION_S2C); EXPECT_TRUE(session_get_first_packet(sess, FLOW_DIRECTION_C2S) != NULL); EXPECT_TRUE(session_get_first_packet(sess, FLOW_DIRECTION_S2C) != NULL); session_print(sess); // check stat stat = session_manager_stat(mgr); EXPECT_TRUE(stat); EXPECT_TRUE(stat->curr_nr_tcp_sess_used == 1); EXPECT_TRUE(stat->curr_nr_tcp_sess_opening == 1); EXPECT_TRUE(stat->curr_nr_tcp_sess_active == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_closing == 0); // expire session EXPECT_TRUE(session_manager_get_expired_session(mgr, 2 + opts.tcp_handshake_timeout) == NULL); sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_handshake_timeout + opts.tcp_data_timeout); EXPECT_TRUE(sess); EXPECT_TRUE(session_get_current_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); session_print(sess); // free session session_manager_free_session(mgr, sess); // check stat stat = session_manager_stat(mgr); EXPECT_TRUE(stat); EXPECT_TRUE(stat->curr_nr_tcp_sess_used == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_opening == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_active == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_closing == 0); session_manager_free(mgr); } #endif /****************************************************************************** * case: TCP opening -> closing (by data timeout) ******************************************************************************/ #if 1 TEST(TCP_OPENING_TO_CLOSING, BY_DATA_TIMEOUT) { char buffer[1024] = {0}; struct packet pkt; struct session *sess = NULL; struct session_manager *mgr = NULL; struct session_manager_stat *stat = NULL; stellar_update_time_cache(); mgr = session_manager_new(&opts, 1); EXPECT_TRUE(mgr != NULL); // C2S SYN Packet printf("\n=> Packet Parse: TCP C2S SYN packet\n"); packet_parse(&pkt, (const char *)tcp_pkt1_c2s_syn, sizeof(tcp_pkt1_c2s_syn)); printf("<= Packet Parse: done\n\n"); // lookup session EXPECT_TRUE(session_manager_lookup_session(mgr, &pkt, 1) == NULL); // new session sess = session_manager_new_session(mgr, &pkt, 1); EXPECT_TRUE(sess); // S2C SYNACK Packet printf("\n=> Packet Parse: TCP S2C SYNACK packet\n"); packet_parse(&pkt, (const char *)tcp_pkt2_s2c_syn_ack, sizeof(tcp_pkt2_s2c_syn_ack)); printf("<= Packet Parse: done\n\n"); // lookup session sess = session_manager_lookup_session(mgr, &pkt, 2); EXPECT_TRUE(sess); // update session EXPECT_TRUE(session_manager_update_session(mgr, sess, &pkt, 2) == 0); // C2S ACK Packet printf("\n=> Packet Parse: TCP C2S ACK packet\n"); packet_parse(&pkt, (const char *)tcp_pkt3_c2s_ack, sizeof(tcp_pkt3_c2s_ack)); printf("<= Packet Parse: done\n\n"); // lookup session sess = session_manager_lookup_session(mgr, &pkt, 3); EXPECT_TRUE(sess); // update session EXPECT_TRUE(session_manager_update_session(mgr, sess, &pkt, 3) == 0); EXPECT_TRUE(session_get_id(sess) != 0); tuple6_to_str(session_get_tuple6(sess), buffer, sizeof(buffer)); EXPECT_STREQ(buffer, "192.168.38.105:60111-93.184.216.34:80-6-0"); EXPECT_TRUE(session_get_tuple6_direction(sess) == FLOW_DIRECTION_C2S); EXPECT_TRUE(session_get_current_state(sess) == SESSION_STATE_OPENING); EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP); EXPECT_TRUE(session_has_duplicate_traffic(sess) == 0); EXPECT_TRUE(session_get_closing_reason(sess) == 0); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_C2S, STAT_RAW_BYTES_RECEIVED) == 78 + 66); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_S2C, STAT_RAW_BYTES_RECEIVED) == 74); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_C2S, STAT_RAW_PACKETS_RECEIVED) == 1 + 1); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_S2C, STAT_RAW_PACKETS_RECEIVED) == 1); EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_START)); EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_LAST)); EXPECT_TRUE(session_get0_current_packet(sess) == &pkt); EXPECT_TRUE(session_get_current_flow_direction(sess) == FLOW_DIRECTION_C2S); EXPECT_TRUE(session_get_first_packet(sess, FLOW_DIRECTION_C2S) != NULL); EXPECT_TRUE(session_get_first_packet(sess, FLOW_DIRECTION_S2C) != NULL); session_print(sess); // check stat stat = session_manager_stat(mgr); EXPECT_TRUE(stat); EXPECT_TRUE(stat->curr_nr_tcp_sess_used == 1); EXPECT_TRUE(stat->curr_nr_tcp_sess_opening == 1); EXPECT_TRUE(stat->curr_nr_tcp_sess_active == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_closing == 0); // expire session EXPECT_TRUE(session_manager_get_expired_session(mgr, 3 + opts.tcp_data_timeout) == NULL); sess = session_manager_get_expired_session(mgr, 3 + opts.tcp_data_timeout + opts.tcp_data_timeout); EXPECT_TRUE(sess); EXPECT_TRUE(session_get_current_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); session_print(sess); // free session session_manager_free_session(mgr, sess); // check stat stat = session_manager_stat(mgr); EXPECT_TRUE(stat); EXPECT_TRUE(stat->curr_nr_tcp_sess_used == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_opening == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_active == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_closing == 0); session_manager_free(mgr); } #endif /****************************************************************************** * case: TCP opening -> closing (by C2S half FIN) ******************************************************************************/ #if 1 TEST(TCP_OPENING_TO_CLOSING, BY_C2S_HALF_FIN) { char buffer[1024] = {0}; struct packet pkt; struct session *sess = NULL; struct session_manager *mgr = NULL; struct session_manager_stat *stat = NULL; stellar_update_time_cache(); mgr = session_manager_new(&opts, 1); EXPECT_TRUE(mgr != NULL); // C2S SYN Packet printf("\n=> Packet Parse: TCP C2S SYN packet\n"); packet_parse(&pkt, (const char *)tcp_pkt1_c2s_syn, sizeof(tcp_pkt1_c2s_syn)); printf("<= Packet Parse: done\n\n"); // lookup session EXPECT_TRUE(session_manager_lookup_session(mgr, &pkt, 1) == NULL); // new session sess = session_manager_new_session(mgr, &pkt, 1); EXPECT_TRUE(sess); // C2S FIN Packet printf("\n=> Packet Parse: TCP C2S FIN packet\n"); packet_parse(&pkt, (const char *)tcp_pkt9_c2s_fin, sizeof(tcp_pkt9_c2s_fin)); printf("<= Packet Parse: done\n\n"); // lookup session sess = session_manager_lookup_session(mgr, &pkt, 2); EXPECT_TRUE(sess); // update session EXPECT_TRUE(session_manager_update_session(mgr, sess, &pkt, 2) == 0); EXPECT_TRUE(session_get_id(sess) != 0); tuple6_to_str(session_get_tuple6(sess), buffer, sizeof(buffer)); EXPECT_STREQ(buffer, "192.168.38.105:60111-93.184.216.34:80-6-0"); EXPECT_TRUE(session_get_tuple6_direction(sess) == FLOW_DIRECTION_C2S); EXPECT_TRUE(session_get_current_state(sess) == SESSION_STATE_CLOSING); EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP); EXPECT_TRUE(session_has_duplicate_traffic(sess) == 0); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_CLIENT_FIN); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_C2S, STAT_RAW_BYTES_RECEIVED) == 78 + 66); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_S2C, STAT_RAW_BYTES_RECEIVED) == 0); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_C2S, STAT_RAW_PACKETS_RECEIVED) == 1 + 1); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_S2C, STAT_RAW_PACKETS_RECEIVED) == 0); EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_START)); EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_LAST)); EXPECT_TRUE(session_get0_current_packet(sess) == &pkt); EXPECT_TRUE(session_get_current_flow_direction(sess) == FLOW_DIRECTION_C2S); EXPECT_TRUE(session_get_first_packet(sess, FLOW_DIRECTION_C2S) != NULL); EXPECT_TRUE(session_get_first_packet(sess, FLOW_DIRECTION_S2C) == NULL); session_print(sess); // check stat stat = session_manager_stat(mgr); EXPECT_TRUE(stat); EXPECT_TRUE(stat->curr_nr_tcp_sess_used == 1); EXPECT_TRUE(stat->curr_nr_tcp_sess_opening == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_active == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_closing == 1); // expire session sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_half_closed_timeout); EXPECT_TRUE(sess); EXPECT_TRUE(session_get_current_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_CLIENT_FIN); session_print(sess); // free session session_manager_free_session(mgr, sess); // check stat stat = session_manager_stat(mgr); EXPECT_TRUE(stat); EXPECT_TRUE(stat->curr_nr_tcp_sess_used == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_opening == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_active == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_closing == 0); session_manager_free(mgr); } #endif /****************************************************************************** * case: TCP opening -> closing (by S2C half FIN) ******************************************************************************/ #if 1 TEST(TCP_OPENING_TO_CLOSING, BY_S2C_HALF_FIN) { char buffer[1024] = {0}; struct packet pkt; struct session *sess = NULL; struct session_manager *mgr = NULL; struct session_manager_stat *stat = NULL; stellar_update_time_cache(); mgr = session_manager_new(&opts, 1); EXPECT_TRUE(mgr != NULL); // C2S SYN Packet printf("\n=> Packet Parse: TCP C2S SYN packet\n"); packet_parse(&pkt, (const char *)tcp_pkt1_c2s_syn, sizeof(tcp_pkt1_c2s_syn)); printf("<= Packet Parse: done\n\n"); // lookup session EXPECT_TRUE(session_manager_lookup_session(mgr, &pkt, 1) == NULL); // new session sess = session_manager_new_session(mgr, &pkt, 1); EXPECT_TRUE(sess); // S2C FIN Packet printf("\n=> Packet Parse: TCP S2C FIN packet\n"); packet_parse(&pkt, (const char *)tcp_pkt10_s2c_fin, sizeof(tcp_pkt10_s2c_fin)); printf("<= Packet Parse: done\n\n"); // lookup session sess = session_manager_lookup_session(mgr, &pkt, 2); EXPECT_TRUE(sess); // update session EXPECT_TRUE(session_manager_update_session(mgr, sess, &pkt, 2) == 0); EXPECT_TRUE(session_get_id(sess) != 0); tuple6_to_str(session_get_tuple6(sess), buffer, sizeof(buffer)); EXPECT_STREQ(buffer, "192.168.38.105:60111-93.184.216.34:80-6-0"); EXPECT_TRUE(session_get_tuple6_direction(sess) == FLOW_DIRECTION_C2S); EXPECT_TRUE(session_get_current_state(sess) == SESSION_STATE_CLOSING); EXPECT_TRUE(session_get_type(sess) == SESSION_TYPE_TCP); EXPECT_TRUE(session_has_duplicate_traffic(sess) == 0); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_SERVER_FIN); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_C2S, STAT_RAW_BYTES_RECEIVED) == 78); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_S2C, STAT_RAW_BYTES_RECEIVED) == 66); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_C2S, STAT_RAW_PACKETS_RECEIVED) == 1); EXPECT_TRUE(session_get_stat(sess, FLOW_DIRECTION_S2C, STAT_RAW_PACKETS_RECEIVED) == 1); EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_START)); EXPECT_TRUE(session_get_timestamp(sess, SESSION_TIMESTAMP_LAST)); EXPECT_TRUE(session_get0_current_packet(sess) == &pkt); EXPECT_TRUE(session_get_current_flow_direction(sess) == FLOW_DIRECTION_S2C); EXPECT_TRUE(session_get_first_packet(sess, FLOW_DIRECTION_C2S) != NULL); EXPECT_TRUE(session_get_first_packet(sess, FLOW_DIRECTION_S2C) != NULL); session_print(sess); // check stat stat = session_manager_stat(mgr); EXPECT_TRUE(stat); EXPECT_TRUE(stat->curr_nr_tcp_sess_used == 1); EXPECT_TRUE(stat->curr_nr_tcp_sess_opening == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_active == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_closing == 1); // expire session sess = session_manager_get_expired_session(mgr, 2 + opts.tcp_half_closed_timeout); EXPECT_TRUE(sess); EXPECT_TRUE(session_get_current_state(sess) == SESSION_STATE_CLOSED); EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_SERVER_FIN); session_print(sess); // free session session_manager_free_session(mgr, sess); // check stat stat = session_manager_stat(mgr); EXPECT_TRUE(stat); EXPECT_TRUE(stat->curr_nr_tcp_sess_used == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_opening == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_active == 0); EXPECT_TRUE(stat->curr_nr_tcp_sess_closing == 0); session_manager_free(mgr); } #endif int main(int argc, char **argv) { ::testing::InitGoogleTest(&argc, argv); return RUN_ALL_TESTS(); }