mirror
/
NetGuard
mirror of https://github.com/M66B/NetGuard.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Native scale timeout depending on number of sessions 

Refs #311
This commit is contained in:
M66B 2016-02-11 09:51:50 +01:00
parent 2181221a79
commit 24892ed67d
5 changed files with 43 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
app/src/main/jni/netguard/icmp.c
View File

@ -50,15 +50,22 @@ int get_icmp_sessions() {
return count; return count;
} }
int check_icmp_sessions(const struct arguments *args) { int get_icmp_timeout(const struct icmp_session *u, int sessions, int maxsessions) {
time_t now = time(NULL); int timeout = ICMP_TIMEOUT;
int count = get_icmp_sessions(); int scale = 100 - sessions * 100 / maxsessions;
timeout = timeout * scale / 100;
return timeout;
}
void check_icmp_sessions(const struct arguments *args, int sessions, int maxsessions) {
time_t now = time(NULL);
struct icmp_session *il = NULL; struct icmp_session *il = NULL;
struct icmp_session *i = icmp_session; struct icmp_session *i = icmp_session;
while (i != NULL) { while (i != NULL) {
int timeout = ICMP_TIMEOUT; int timeout = get_icmp_timeout(i, sessions, maxsessions);
if (i->stop || i->time + timeout < now) { if (i->stop || i->time + timeout < now) {
char source[INET6_ADDRSTRLEN + 1]; char source[INET6_ADDRSTRLEN + 1];
char dest[INET6_ADDRSTRLEN + 1]; char dest[INET6_ADDRSTRLEN + 1];
@ -92,8 +99,6 @@ int check_icmp_sessions(const struct arguments *args) {
i = i->next; i = i->next;
} }
} }
return count;
} }
void check_icmp_sockets(const struct arguments *args, fd_set *rfds, fd_set *wfds, fd_set *efds) { void check_icmp_sockets(const struct arguments *args, fd_set *rfds, fd_set *wfds, fd_set *efds) {

16
app/src/main/jni/netguard/netguard.h
View File

@ -43,7 +43,6 @@
#define UDP_TIMEOUT_53 15 // seconds #define UDP_TIMEOUT_53 15 // seconds
#define UDP_TIMEOUT_ANY 300 // seconds #define UDP_TIMEOUT_ANY 300 // seconds
#define UDP_KEEP_TIMEOUT 60 // seconds #define UDP_KEEP_TIMEOUT 60 // seconds
#define UDP_TIMEOUT_SCALE 25
#define TCP_RECV_WINDOW 16384 // bytes (maximum) #define TCP_RECV_WINDOW 16384 // bytes (maximum)
#define TCP_SEND_WINDOW 16384 // bytes (maximum) #define TCP_SEND_WINDOW 16384 // bytes (maximum)
@ -51,7 +50,6 @@
#define TCP_IDLE_TIMEOUT 300 // seconds ~net.inet.tcp.keepidle #define TCP_IDLE_TIMEOUT 300 // seconds ~net.inet.tcp.keepidle
#define TCP_CLOSE_TIMEOUT 30 // seconds #define TCP_CLOSE_TIMEOUT 30 // seconds
#define TCP_KEEP_TIMEOUT 300 // seconds #define TCP_KEEP_TIMEOUT 300 // seconds
#define TCP_TIMEOUT_SCALE 50
// https://en.wikipedia.org/wiki/Maximum_segment_lifetime // https://en.wikipedia.org/wiki/Maximum_segment_lifetime
#define UID_DELAY 1 // milliseconds #define UID_DELAY 1 // milliseconds
@ -288,17 +286,19 @@ void report_exit(const struct arguments *args, const char *fmt, ...);
void check_allowed(const struct arguments *args); void check_allowed(const struct arguments *args);
int check_icmp_sessions(const struct arguments *args); void check_icmp_sessions(const struct arguments *args, int sessions, int maxsessions);
int check_udp_sessions(const struct arguments *args); void check_udp_sessions(const struct arguments *args, int sessions, int maxsessions);
int check_tcp_sessions(const struct arguments *args); void check_tcp_sessions(const struct arguments *args, int sessions, int maxsessions);
int get_select_timeout(int isessions, int usessions, int tsessions); int get_select_timeout(int sessions, int maxsessions);
int get_udp_timeout(const struct udp_session *u, int sessions); int get_icmp_timeout(const struct icmp_session *u, int sessions, int maxsessions);
int get_tcp_timeout(const struct tcp_session *t, int sessions); int get_udp_timeout(const struct udp_session *u, int sessions, int maxsessions);
int get_tcp_timeout(const struct tcp_session *t, int sessions, int maxsessions);
int get_selects(const struct arguments *args, fd_set *rfds, fd_set *wfds, fd_set *efds); int get_selects(const struct arguments *args, fd_set *rfds, fd_set *wfds, fd_set *efds);

23
app/src/main/jni/netguard/session.c
View File

@ -90,19 +90,24 @@ void *handle_events(void *a) {
while (!stopping) { while (!stopping) {
log_android(ANDROID_LOG_DEBUG, "Loop thread %x", thread_id); log_android(ANDROID_LOG_DEBUG, "Loop thread %x", thread_id);
// Check sessions // Count sessions
int isessions = check_icmp_sessions(args); int isessions = get_icmp_sessions();
int usessions = check_udp_sessions(args); int usessions = get_udp_sessions();
int tsessions = check_tcp_sessions(args); int tsessions = get_tcp_sessions();
int sessions = isessions + usessions + tsessions; int sessions = isessions + usessions + tsessions;
// Check sessions
check_icmp_sessions(args, sessions, maxsessions);
check_udp_sessions(args, sessions, maxsessions);
check_tcp_sessions(args, sessions, maxsessions);
// https://bugzilla.mozilla.org/show_bug.cgi?id=1093893 // https://bugzilla.mozilla.org/show_bug.cgi?id=1093893
int idle = (tsessions + usessions + tsessions == 0 && sdk >= 16); int idle = (tsessions + usessions + tsessions == 0 && sdk >= 16);
log_android(ANDROID_LOG_DEBUG, "sessions ICMP %d UDP %d TCP %d max %d/%d idle %d sdk %d", log_android(ANDROID_LOG_DEBUG, "sessions ICMP %d UDP %d TCP %d max %d/%d idle %d sdk %d",
isessions, usessions, tsessions, sessions, maxsessions, idle, sdk); isessions, usessions, tsessions, sessions, maxsessions, idle, sdk);
// Next event time // Next event time
ts.tv_sec = (sdk < 16 ? 5 : get_select_timeout(isessions, usessions, tsessions)); ts.tv_sec = (sdk < 16 ? 5 : get_select_timeout(sessions, maxsessions));
ts.tv_nsec = 0; ts.tv_nsec = 0;
sigemptyset(&emptyset); sigemptyset(&emptyset);
@ -213,14 +218,14 @@ void *handle_events(void *a) {
return NULL; return NULL;
} }
int get_select_timeout(int isessions, int usessions, int tsessions) { int get_select_timeout(int sessions, int maxsessions) {
time_t now = time(NULL); time_t now = time(NULL);
int timeout = SELECT_TIMEOUT; int timeout = SELECT_TIMEOUT;
struct icmp_session *i = icmp_session; struct icmp_session *i = icmp_session;
while (i != NULL) { while (i != NULL) {
if (!i->stop) { if (!i->stop) {
int stimeout = i->time + ICMP_TIMEOUT - now + 1; int stimeout = i->time + get_icmp_timeout(i, sessions, maxsessions) - now + 1;
if (stimeout > 0 && stimeout < timeout) if (stimeout > 0 && stimeout < timeout)
timeout = stimeout; timeout = stimeout;
} }
@ -230,7 +235,7 @@ int get_select_timeout(int isessions, int usessions, int tsessions) {
struct udp_session *u = udp_session; struct udp_session *u = udp_session;
while (u != NULL) { while (u != NULL) {
if (u->state == UDP_ACTIVE) { if (u->state == UDP_ACTIVE) {
int stimeout = u->time + get_udp_timeout(u, usessions) - now + 1; int stimeout = u->time + get_udp_timeout(u, sessions, maxsessions) - now + 1;
if (stimeout > 0 && stimeout < timeout) if (stimeout > 0 && stimeout < timeout)
timeout = stimeout; timeout = stimeout;
} }
@ -240,7 +245,7 @@ int get_select_timeout(int isessions, int usessions, int tsessions) {
struct tcp_session *t = tcp_session; struct tcp_session *t = tcp_session;
while (t != NULL) { while (t != NULL) {
if (t->state != TCP_CLOSING && t->state != TCP_CLOSE) { if (t->state != TCP_CLOSING && t->state != TCP_CLOSE) {
int stimeout = t->time + get_tcp_timeout(t, tsessions) - now + 1; int stimeout = t->time + get_tcp_timeout(t, sessions, maxsessions) - now + 1;
if (stimeout > 0 && stimeout < timeout) if (stimeout > 0 && stimeout < timeout)
timeout = stimeout; timeout = stimeout;
} }

16
app/src/main/jni/netguard/tcp.c
View File

@ -61,7 +61,7 @@ int get_tcp_sessions() {
return count; return count;
} }
int get_tcp_timeout(const struct tcp_session *t, int sessions) { int get_tcp_timeout(const struct tcp_session *t, int sessions, int maxsessions) {
int timeout; int timeout;
if (t->state == TCP_LISTEN || t->state == TCP_SYN_RECV) if (t->state == TCP_LISTEN || t->state == TCP_SYN_RECV)
timeout = TCP_INIT_TIMEOUT; timeout = TCP_INIT_TIMEOUT;
@ -70,19 +70,15 @@ int get_tcp_timeout(const struct tcp_session *t, int sessions) {
else else
timeout = TCP_CLOSE_TIMEOUT; timeout = TCP_CLOSE_TIMEOUT;
int scale = sessions / TCP_TIMEOUT_SCALE; int scale = 100 - sessions * 100 / maxsessions;
if (scale < 1) timeout = timeout * scale / 100;
scale = 1;
timeout = timeout / scale;
return timeout; return timeout;
} }
int check_tcp_sessions(const struct arguments *args) { void check_tcp_sessions(const struct arguments *args, int sessions, int maxsessions) {
time_t now = time(NULL); time_t now = time(NULL);
int count = get_tcp_sessions();
struct tcp_session *tl = NULL; struct tcp_session *tl = NULL;
struct tcp_session *t = tcp_session; struct tcp_session *t = tcp_session;
while (t != NULL) { while (t != NULL) {
@ -101,7 +97,7 @@ int check_tcp_sessions(const struct arguments *args) {
source, ntohs(t->source), dest, ntohs(t->dest), strstate(t->state), t->socket); source, ntohs(t->source), dest, ntohs(t->dest), strstate(t->state), t->socket);
// Check session timeout // Check session timeout
int timeout = get_tcp_timeout(t, count); int timeout = get_tcp_timeout(t, sessions, maxsessions);
if (t->state != TCP_CLOSING && t->state != TCP_CLOSE && t->time + timeout < now) { if (t->state != TCP_CLOSING && t->state != TCP_CLOSE && t->time + timeout < now) {
// TODO send keep alives? // TODO send keep alives?
log_android(ANDROID_LOG_WARN, "%s idle %d/%d sec ", session, now - t->time, timeout); log_android(ANDROID_LOG_WARN, "%s idle %d/%d sec ", session, now - t->time, timeout);
@ -141,8 +137,6 @@ int check_tcp_sessions(const struct arguments *args) {
t = t->next; t = t->next;
} }
} }
return count;
} }
void check_tcp_sockets(const struct arguments *args, fd_set *rfds, fd_set *wfds, fd_set *efds) { void check_tcp_sockets(const struct arguments *args, fd_set *rfds, fd_set *wfds, fd_set *efds) {

14
app/src/main/jni/netguard/udp.c
View File

@ -50,18 +50,16 @@ int get_udp_sessions() {
return count; return count;
} }
int get_udp_timeout(const struct udp_session *u, int sessions) { int get_udp_timeout(const struct udp_session *u, int sessions, int maxsessions) {
int timeout = (ntohs(u->dest) == 53 ? UDP_TIMEOUT_53 : UDP_TIMEOUT_ANY); int timeout = (ntohs(u->dest) == 53 ? UDP_TIMEOUT_53 : UDP_TIMEOUT_ANY);
int scale = sessions / UDP_TIMEOUT_SCALE; int scale = 100 - sessions * 100 / maxsessions;
if (scale < 1) timeout = timeout * scale / 100;
scale = 1;
timeout = timeout / scale;
return timeout; return timeout;
} }
int check_udp_sessions(const struct arguments *args) { void check_udp_sessions(const struct arguments *args, int sessions, int maxsessions) {
time_t now = time(NULL); time_t now = time(NULL);
int count = get_udp_sessions(); int count = get_udp_sessions();
@ -81,7 +79,7 @@ int check_udp_sessions(const struct arguments *args) {
} }
// Check session timeout // Check session timeout
int timeout = get_udp_timeout(u, count); int timeout = get_udp_timeout(u, sessions, maxsessions);
if (u->state == UDP_ACTIVE && u->time + timeout < now) { if (u->state == UDP_ACTIVE && u->time + timeout < now) {
log_android(ANDROID_LOG_WARN, "UDP idle %d/%d sec state %d from %s/%u to %s/%u", log_android(ANDROID_LOG_WARN, "UDP idle %d/%d sec state %d from %s/%u to %s/%u",
now - u->time, timeout, u->state, now - u->time, timeout, u->state,
@ -120,8 +118,6 @@ int check_udp_sessions(const struct arguments *args) {
u = u->next; u = u->next;
} }
} }
return count;
} }
void check_udp_sockets(const struct arguments *args, fd_set *rfds, fd_set *wfds, fd_set *efds) { void check_udp_sockets(const struct arguments *args, fd_set *rfds, fd_set *wfds, fd_set *efds) {