Pull request #4026: tcp: timeout for embryonic and idle session

author Shanmugam S (shanms) <shanms@cisco.com>

Wed, 27 Sep 2023 13:26:09 +0000 (13:26 +0000)

committer Shanmugam S (shanms) <shanms@cisco.com>

Wed, 27 Sep 2023 13:26:09 +0000 (13:26 +0000)
author Shanmugam S (shanms) <shanms@cisco.com>
Wed, 27 Sep 2023 13:26:09 +0000 (13:26 +0000)
committer Shanmugam S (shanms) <shanms@cisco.com>
Wed, 27 Sep 2023 13:26:09 +0000 (13:26 +0000)
diff --git a/src/flow/flow.h b/src/flow/flow.h

index 96abf805d22225700544de8f519639fd176812b9..3db187b97546161321d4c0c6012e7d87592b9b5e 100644 (file)
--- a/src/flow/flow.h
+++ b/src/flow/flow.h
@@ -410,6 +410,9 @@ public:
  
      bool trust_is_deferred()
      { return deferred_trust.is_deferred(); }
+ 
+    void set_idle_timeout(unsigned timeout)
+    { idle_timeout = timeout; }  
  
  public:  // FIXIT-M privatize if possible
      // fields are organized by initialization and size to minimize
@@ -460,11 +463,9 @@ public:  // FIXIT-M privatize if possible
      unsigned inspection_policy_id = 0;
      unsigned ips_policy_id = 0;
      unsigned reload_id = 0;
-
      uint32_t tenant = 0;
-
      uint32_t default_session_timeout = 0;
-
+    uint32_t idle_timeout = 0;
      int32_t client_intf = 0;
      int32_t server_intf = 0;
  
diff --git a/src/flow/flow_cache.cc b/src/flow/flow_cache.cc

index f7bafec1ca86215d66499b7490781155e559025d..6deb4a992d0a5fb5ed6ec5e228893f2640c235b5 100644 (file)
--- a/src/flow/flow_cache.cc
+++ b/src/flow/flow_cache.cc
@@ -176,6 +176,8 @@ Flow* FlowCache::allocate(const FlowKey* key)
      assert(flow);
      link_uni(flow);
      flow->last_data_seen = timestamp;
+    flow->set_idle_timeout(config.proto[to_utype(flow->key->pkt_type)].nominal_timeout);
+
      return flow;
  }
  
@@ -406,7 +408,7 @@ unsigned FlowCache::timeout(unsigned num_flows, time_t thetime)
                  if ( flow->expire_time > (uint64_t) thetime )
                      break;
              }
-            else if ( flow->last_data_seen + config.proto[to_utype(flow->key->pkt_type)].nominal_timeout > thetime )
+            else if ( flow->last_data_seen + flow->idle_timeout > thetime )
                  break;
  
              if ( HighAvailabilityManager::in_standby(flow) or
diff --git a/src/stream/tcp/tcp_module.cc b/src/stream/tcp/tcp_module.cc

index 9686f1207a6babaf27c1f9f3acd12833d9c05bb6..d9a15f0f3052c61bfe6eb85b34f84cc49c2a15bc 100644 (file)
--- a/src/stream/tcp/tcp_module.cc
+++ b/src/stream/tcp/tcp_module.cc
@@ -225,6 +225,12 @@ static const Parameter s_params[] =
      { "track_only", Parameter::PT_BOOL, nullptr, "false",
        "disable reassembly if true" },
  
+    { "embryonic_timeout", Parameter::PT_INT, "1:max31", "30",
+      "Non-established connection timeout" },
+
+    { "idle_timeout", Parameter::PT_INT, "1:max31", "3600",
+      "session deletion on idle " },
+
      { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
  };
  
@@ -335,6 +341,12 @@ bool StreamTcpModule::set(const char*, Value& v, SnortConfig*)
      else if ( v.is("session_timeout") )
          config->session_timeout = v.get_uint32();
  
+    else if ( v.is("embryonic_timeout") )
+        config->embryonic_timeout = v.get_uint32();
+
+    else if ( v.is("idle_timeout") )
+        config->idle_timeout = v.get_uint32();
+
      else if ( v.is("reassemble_async") )
      {
          if ( v.get_bool() )
diff --git a/src/stream/tcp/tcp_session.cc b/src/stream/tcp/tcp_session.cc

index 670bfc153fe1577f55bfd1ea7118a33835d425bc..a021c5c6e8a469941d719312746479edd0c94247 100644 (file)
--- a/src/stream/tcp/tcp_session.cc
+++ b/src/stream/tcp/tcp_session.cc
@@ -112,6 +112,7 @@ bool TcpSession::setup(Packet*)
  
      tcp_config = get_tcp_cfg(flow->ssn_server);
      flow->set_default_session_timeout(tcp_config->session_timeout, false);
+    flow->set_idle_timeout(tcp_config->embryonic_timeout);
      set_os_policy();
  
      SESSION_STATS_ADD(tcpStats)
diff --git a/src/stream/tcp/tcp_stream_config.h b/src/stream/tcp/tcp_stream_config.h

index 84e9bc4f0f984d44732081b239f4f42fcbdb3202..90364438fca030bd11c92606fd4b98e5d7972dde 100644 (file)
--- a/src/stream/tcp/tcp_stream_config.h
+++ b/src/stream/tcp/tcp_stream_config.h
@@ -71,6 +71,8 @@ public:
      int hs_timeout = -1;
  
      bool no_ack;
+    uint32_t embryonic_timeout = STREAM_DEFAULT_SSN_TIMEOUT;
+    uint32_t idle_timeout;
  };
  
  #endif
diff --git a/src/stream/tcp/tcp_stream_session.cc b/src/stream/tcp/tcp_stream_session.cc

index 3b75fd30b75fb5c76a5c369d95803b1f851888d4..2dd19d52ee524412cec1b4761ac9dd9463481075 100644 (file)
--- a/src/stream/tcp/tcp_stream_session.cc
+++ b/src/stream/tcp/tcp_stream_session.cc
@@ -344,6 +344,7 @@ void TcpStreamSession::set_established(const TcpSegmentDescriptor& tsd)
  {
      update_perf_base_state(TcpStreamTracker::TCP_ESTABLISHED);
      flow->session_state |= STREAM_STATE_ESTABLISHED;
+    flow->set_idle_timeout(this->tcp_config->idle_timeout);
      if (SSNFLAG_ESTABLISHED != (SSNFLAG_ESTABLISHED & flow->get_session_flags()))
      {
          flow->set_session_flags(SSNFLAG_ESTABLISHED);
author	Shanmugam S (shanms) <shanms@cisco.com>
	Wed, 27 Sep 2023 13:26:09 +0000 (13:26 +0000)
committer	Shanmugam S (shanms) <shanms@cisco.com>
	Wed, 27 Sep 2023 13:26:09 +0000 (13:26 +0000)
src/flow/flow.h		patch \| blob \| blame \| history
src/flow/flow_cache.cc		patch \| blob \| blame \| history
src/stream/tcp/tcp_module.cc		patch \| blob \| blame \| history
src/stream/tcp/tcp_session.cc		patch \| blob \| blame \| history
src/stream/tcp/tcp_stream_config.h		patch \| blob \| blame \| history
src/stream/tcp/tcp_stream_session.cc		patch \| blob \| blame \| history