mirror of https://github.com/M66B/NetGuard.git
M66B
parent
2181221a79
commit
24892ed67d
|
|
@ -50,15 +50,22 @@ int get_icmp_sessions() {
|
|||
return count;
|
||||
}
|
||||
|
||||
int check_icmp_sessions(const struct arguments *args) {
|
||||
time_t now = time(NULL);
|
||||
int get_icmp_timeout(const struct icmp_session *u, int sessions, int maxsessions) {
|
||||
int timeout = ICMP_TIMEOUT;
|
||||
|
||||
int count = get_icmp_sessions();
|
||||
int scale = 100 - sessions * 100 / maxsessions;
|
||||
timeout = timeout * scale / 100;
|
||||
|
||||
return timeout;
|
||||
}
|
||||
|
||||
void check_icmp_sessions(const struct arguments *args, int sessions, int maxsessions) {
|
||||
time_t now = time(NULL);
|
||||
|
||||
struct icmp_session *il = NULL;
|
||||
struct icmp_session *i = icmp_session;
|
||||
while (i != NULL) {
|
||||
int timeout = ICMP_TIMEOUT;
|
||||
int timeout = get_icmp_timeout(i, sessions, maxsessions);
|
||||
if (i->stop || i->time + timeout < now) {
|
||||
char source[INET6_ADDRSTRLEN + 1];
|
||||
char dest[INET6_ADDRSTRLEN + 1];
|
||||
|
|
@ -92,8 +99,6 @@ int check_icmp_sessions(const struct arguments *args) {
|
|||
i = i->next;
|
||||
}
|
||||
}
|
||||
|
||||
return count;
|
||||
}
|
||||
|
||||
void check_icmp_sockets(const struct arguments *args, fd_set *rfds, fd_set *wfds, fd_set *efds) {
|
||||
|
|
|
|||
|
|
@ -43,7 +43,6 @@
|
|||
#define UDP_TIMEOUT_53 15 // seconds
|
||||
#define UDP_TIMEOUT_ANY 300 // seconds
|
||||
#define UDP_KEEP_TIMEOUT 60 // seconds
|
||||
#define UDP_TIMEOUT_SCALE 25
|
||||
|
||||
#define TCP_RECV_WINDOW 16384 // bytes (maximum)
|
||||
#define TCP_SEND_WINDOW 16384 // bytes (maximum)
|
||||
|
|
@ -51,7 +50,6 @@
|
|||
#define TCP_IDLE_TIMEOUT 300 // seconds ~net.inet.tcp.keepidle
|
||||
#define TCP_CLOSE_TIMEOUT 30 // seconds
|
||||
#define TCP_KEEP_TIMEOUT 300 // seconds
|
||||
#define TCP_TIMEOUT_SCALE 50
|
||||
// https://en.wikipedia.org/wiki/Maximum_segment_lifetime
|
||||
|
||||
#define UID_DELAY 1 // milliseconds
|
||||
|
|
@ -288,17 +286,19 @@ void report_exit(const struct arguments *args, const char *fmt, ...);
|
|||
|
||||
void check_allowed(const struct arguments *args);
|
||||
|
||||
int check_icmp_sessions(const struct arguments *args);
|
||||
void check_icmp_sessions(const struct arguments *args, int sessions, int maxsessions);
|
||||
|
||||
int check_udp_sessions(const struct arguments *args);
|
||||
void check_udp_sessions(const struct arguments *args, int sessions, int maxsessions);
|
||||
|
||||
int check_tcp_sessions(const struct arguments *args);
|
||||
void check_tcp_sessions(const struct arguments *args, int sessions, int maxsessions);
|
||||
|
||||
int get_select_timeout(int isessions, int usessions, int tsessions);
|
||||
int get_select_timeout(int sessions, int maxsessions);
|
||||
|
||||
int get_udp_timeout(const struct udp_session *u, int sessions);
|
||||
int get_icmp_timeout(const struct icmp_session *u, int sessions, int maxsessions);
|
||||
|
||||
int get_tcp_timeout(const struct tcp_session *t, int sessions);
|
||||
int get_udp_timeout(const struct udp_session *u, int sessions, int maxsessions);
|
||||
|
||||
int get_tcp_timeout(const struct tcp_session *t, int sessions, int maxsessions);
|
||||
|
||||
int get_selects(const struct arguments *args, fd_set *rfds, fd_set *wfds, fd_set *efds);
|
||||
|
||||
|
|
|
|||
|
|
@ -90,19 +90,24 @@ void *handle_events(void *a) {
|
|||
while (!stopping) {
|
||||
log_android(ANDROID_LOG_DEBUG, "Loop thread %x", thread_id);
|
||||
|
||||
// Check sessions
|
||||
int isessions = check_icmp_sessions(args);
|
||||
int usessions = check_udp_sessions(args);
|
||||
int tsessions = check_tcp_sessions(args);
|
||||
// Count sessions
|
||||
int isessions = get_icmp_sessions();
|
||||
int usessions = get_udp_sessions();
|
||||
int tsessions = get_tcp_sessions();
|
||||
int sessions = isessions + usessions + tsessions;
|
||||
|
||||
// Check sessions
|
||||
check_icmp_sessions(args, sessions, maxsessions);
|
||||
check_udp_sessions(args, sessions, maxsessions);
|
||||
check_tcp_sessions(args, sessions, maxsessions);
|
||||
|
||||
// https://bugzilla.mozilla.org/show_bug.cgi?id=1093893
|
||||
int idle = (tsessions + usessions + tsessions == 0 && sdk >= 16);
|
||||
log_android(ANDROID_LOG_DEBUG, "sessions ICMP %d UDP %d TCP %d max %d/%d idle %d sdk %d",
|
||||
isessions, usessions, tsessions, sessions, maxsessions, idle, sdk);
|
||||
|
||||
// Next event time
|
||||
ts.tv_sec = (sdk < 16 ? 5 : get_select_timeout(isessions, usessions, tsessions));
|
||||
ts.tv_sec = (sdk < 16 ? 5 : get_select_timeout(sessions, maxsessions));
|
||||
ts.tv_nsec = 0;
|
||||
sigemptyset(&emptyset);
|
||||
|
||||
|
|
@ -213,14 +218,14 @@ void *handle_events(void *a) {
|
|||
return NULL;
|
||||
}
|
||||
|
||||
int get_select_timeout(int isessions, int usessions, int tsessions) {
|
||||
int get_select_timeout(int sessions, int maxsessions) {
|
||||
time_t now = time(NULL);
|
||||
int timeout = SELECT_TIMEOUT;
|
||||
|
||||
struct icmp_session *i = icmp_session;
|
||||
while (i != NULL) {
|
||||
if (!i->stop) {
|
||||
int stimeout = i->time + ICMP_TIMEOUT - now + 1;
|
||||
int stimeout = i->time + get_icmp_timeout(i, sessions, maxsessions) - now + 1;
|
||||
if (stimeout > 0 && stimeout < timeout)
|
||||
timeout = stimeout;
|
||||
}
|
||||
|
|
@ -230,7 +235,7 @@ int get_select_timeout(int isessions, int usessions, int tsessions) {
|
|||
struct udp_session *u = udp_session;
|
||||
while (u != NULL) {
|
||||
if (u->state == UDP_ACTIVE) {
|
||||
int stimeout = u->time + get_udp_timeout(u, usessions) - now + 1;
|
||||
int stimeout = u->time + get_udp_timeout(u, sessions, maxsessions) - now + 1;
|
||||
if (stimeout > 0 && stimeout < timeout)
|
||||
timeout = stimeout;
|
||||
}
|
||||
|
|
@ -240,7 +245,7 @@ int get_select_timeout(int isessions, int usessions, int tsessions) {
|
|||
struct tcp_session *t = tcp_session;
|
||||
while (t != NULL) {
|
||||
if (t->state != TCP_CLOSING && t->state != TCP_CLOSE) {
|
||||
int stimeout = t->time + get_tcp_timeout(t, tsessions) - now + 1;
|
||||
int stimeout = t->time + get_tcp_timeout(t, sessions, maxsessions) - now + 1;
|
||||
if (stimeout > 0 && stimeout < timeout)
|
||||
timeout = stimeout;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -61,7 +61,7 @@ int get_tcp_sessions() {
|
|||
return count;
|
||||
}
|
||||
|
||||
int get_tcp_timeout(const struct tcp_session *t, int sessions) {
|
||||
int get_tcp_timeout(const struct tcp_session *t, int sessions, int maxsessions) {
|
||||
int timeout;
|
||||
if (t->state == TCP_LISTEN || t->state == TCP_SYN_RECV)
|
||||
timeout = TCP_INIT_TIMEOUT;
|
||||
|
|
@ -70,19 +70,15 @@ int get_tcp_timeout(const struct tcp_session *t, int sessions) {
|
|||
else
|
||||
timeout = TCP_CLOSE_TIMEOUT;
|
||||
|
||||
int scale = sessions / TCP_TIMEOUT_SCALE;
|
||||
if (scale < 1)
|
||||
scale = 1;
|
||||
timeout = timeout / scale;
|
||||
int scale = 100 - sessions * 100 / maxsessions;
|
||||
timeout = timeout * scale / 100;
|
||||
|
||||
return timeout;
|
||||
}
|
||||
|
||||
int check_tcp_sessions(const struct arguments *args) {
|
||||
void check_tcp_sessions(const struct arguments *args, int sessions, int maxsessions) {
|
||||
time_t now = time(NULL);
|
||||
|
||||
int count = get_tcp_sessions();
|
||||
|
||||
struct tcp_session *tl = NULL;
|
||||
struct tcp_session *t = tcp_session;
|
||||
while (t != NULL) {
|
||||
|
|
@ -101,7 +97,7 @@ int check_tcp_sessions(const struct arguments *args) {
|
|||
source, ntohs(t->source), dest, ntohs(t->dest), strstate(t->state), t->socket);
|
||||
|
||||
// Check session timeout
|
||||
int timeout = get_tcp_timeout(t, count);
|
||||
int timeout = get_tcp_timeout(t, sessions, maxsessions);
|
||||
if (t->state != TCP_CLOSING && t->state != TCP_CLOSE && t->time + timeout < now) {
|
||||
// TODO send keep alives?
|
||||
log_android(ANDROID_LOG_WARN, "%s idle %d/%d sec ", session, now - t->time, timeout);
|
||||
|
|
@ -141,8 +137,6 @@ int check_tcp_sessions(const struct arguments *args) {
|
|||
t = t->next;
|
||||
}
|
||||
}
|
||||
|
||||
return count;
|
||||
}
|
||||
|
||||
void check_tcp_sockets(const struct arguments *args, fd_set *rfds, fd_set *wfds, fd_set *efds) {
|
||||
|
|
|
|||
|
|
@ -50,18 +50,16 @@ int get_udp_sessions() {
|
|||
return count;
|
||||
}
|
||||
|
||||
int get_udp_timeout(const struct udp_session *u, int sessions) {
|
||||
int get_udp_timeout(const struct udp_session *u, int sessions, int maxsessions) {
|
||||
int timeout = (ntohs(u->dest) == 53 ? UDP_TIMEOUT_53 : UDP_TIMEOUT_ANY);
|
||||
|
||||
int scale = sessions / UDP_TIMEOUT_SCALE;
|
||||
if (scale < 1)
|
||||
scale = 1;
|
||||
timeout = timeout / scale;
|
||||
int scale = 100 - sessions * 100 / maxsessions;
|
||||
timeout = timeout * scale / 100;
|
||||
|
||||
return timeout;
|
||||
}
|
||||
|
||||
int check_udp_sessions(const struct arguments *args) {
|
||||
void check_udp_sessions(const struct arguments *args, int sessions, int maxsessions) {
|
||||
time_t now = time(NULL);
|
||||
|
||||
int count = get_udp_sessions();
|
||||
|
|
@ -81,7 +79,7 @@ int check_udp_sessions(const struct arguments *args) {
|
|||
}
|
||||
|
||||
// Check session timeout
|
||||
int timeout = get_udp_timeout(u, count);
|
||||
int timeout = get_udp_timeout(u, sessions, maxsessions);
|
||||
if (u->state == UDP_ACTIVE && u->time + timeout < now) {
|
||||
log_android(ANDROID_LOG_WARN, "UDP idle %d/%d sec state %d from %s/%u to %s/%u",
|
||||
now - u->time, timeout, u->state,
|
||||
|
|
@ -120,8 +118,6 @@ int check_udp_sessions(const struct arguments *args) {
|
|||
u = u->next;
|
||||
}
|
||||
}
|
||||
|
||||
return count;
|
||||
}
|
||||
|
||||
void check_udp_sockets(const struct arguments *args, fd_set *rfds, fd_set *wfds, fd_set *efds) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue