mirror of
https://github.com/safing/portmaster
synced 2025-09-04 03:29:12 +00:00
Update network state tables if state is older than given packet
This commit is contained in:
Daniel
parent
f3e7abf908
commit
6f9fce39bb
5 changed files with 27 additions and 5 deletions
|
|
@ -48,6 +48,7 @@ func cleanConnections() (activePIDs map[int]struct{}) {
|
||||||
_ = module.RunMicroTask("clean connections", 0, func(ctx context.Context) error {
|
_ = module.RunMicroTask("clean connections", 0, func(ctx context.Context) error {
|
||||||
now := time.Now().UTC()
|
now := time.Now().UTC()
|
||||||
nowUnix := now.Unix()
|
nowUnix := now.Unix()
|
||||||
|
ignoreNewer := nowUnix - 1
|
||||||
deleteOlderThan := now.Add(-DeleteConnsAfterEndedThreshold).Unix()
|
deleteOlderThan := now.Add(-DeleteConnsAfterEndedThreshold).Unix()
|
||||||
deleteIncompleteOlderThan := now.Add(-DeleteIncompleteConnsAfterStartedThreshold).Unix()
|
deleteIncompleteOlderThan := now.Add(-DeleteIncompleteConnsAfterStartedThreshold).Unix()
|
||||||
|
|
||||||
|
|
@ -57,6 +58,8 @@ func cleanConnections() (activePIDs map[int]struct{}) {
|
||||||
|
|
||||||
// delete inactive connections
|
// delete inactive connections
|
||||||
switch {
|
switch {
|
||||||
|
case conn.Started >= ignoreNewer:
|
||||||
|
// Skip very fresh connections to evade edge cases.
|
||||||
case !conn.DataIsComplete():
|
case !conn.DataIsComplete():
|
||||||
// Step 0: delete old incomplete connections
|
// Step 0: delete old incomplete connections
|
||||||
if conn.Started < deleteIncompleteOlderThan {
|
if conn.Started < deleteIncompleteOlderThan {
|
||||||
|
|
@ -76,6 +79,7 @@ func cleanConnections() (activePIDs map[int]struct{}) {
|
||||||
Dst: conn.Entity.IP,
|
Dst: conn.Entity.IP,
|
||||||
DstPort: conn.Entity.Port,
|
DstPort: conn.Entity.Port,
|
||||||
PID: process.UndefinedProcessID,
|
PID: process.UndefinedProcessID,
|
||||||
|
SeenAt: time.Unix(conn.Started, 0), // State tables will be updated if older than this.
|
||||||
}, now)
|
}, now)
|
||||||
|
|
||||||
// Step 2: mark as ended
|
// Step 2: mark as ended
|
||||||
|
|
|
||||||
|
|
@ -35,6 +35,11 @@ func Exists(pktInfo *packet.Info, now time.Time) (exists bool) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (table *tcpTable) exists(pktInfo *packet.Info) (exists bool) {
|
func (table *tcpTable) exists(pktInfo *packet.Info) (exists bool) {
|
||||||
|
// Update tables if older than the connection that is checked.
|
||||||
|
if table.lastUpdateAt.Load() < pktInfo.SeenAt.UnixNano() {
|
||||||
|
table.updateTables(table.updateIter.Load())
|
||||||
|
}
|
||||||
|
|
||||||
table.lock.RLock()
|
table.lock.RLock()
|
||||||
defer table.lock.RUnlock()
|
defer table.lock.RUnlock()
|
||||||
|
|
||||||
|
|
@ -57,6 +62,11 @@ func (table *tcpTable) exists(pktInfo *packet.Info) (exists bool) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (table *udpTable) exists(pktInfo *packet.Info, now time.Time) (exists bool) {
|
func (table *udpTable) exists(pktInfo *packet.Info, now time.Time) (exists bool) {
|
||||||
|
// Update tables if older than the connection that is checked.
|
||||||
|
if table.lastUpdateAt.Load() < pktInfo.SeenAt.UnixNano() {
|
||||||
|
table.updateTables(table.updateIter.Load())
|
||||||
|
}
|
||||||
|
|
||||||
table.lock.RLock()
|
table.lock.RLock()
|
||||||
defer table.lock.RUnlock()
|
defer table.lock.RUnlock()
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -76,7 +76,7 @@ func (table *tcpTable) lookup(pktInfo *packet.Info, fast bool) (
|
||||||
// Search for the socket until found.
|
// Search for the socket until found.
|
||||||
for i := 1; i <= lookupTries; i++ {
|
for i := 1; i <= lookupTries; i++ {
|
||||||
// Get or update tables.
|
// Get or update tables.
|
||||||
if i == 1 {
|
if i == 1 && pktInfo.SeenAt.UnixNano() >= table.lastUpdateAt.Load() {
|
||||||
connections, listeners, updateIter = table.getCurrentTables()
|
connections, listeners, updateIter = table.getCurrentTables()
|
||||||
} else {
|
} else {
|
||||||
connections, listeners, updateIter = table.updateTables(updateIter)
|
connections, listeners, updateIter = table.updateTables(updateIter)
|
||||||
|
|
@ -179,7 +179,7 @@ func (table *udpTable) lookup(pktInfo *packet.Info, fast bool) (
|
||||||
// Search for the socket until found.
|
// Search for the socket until found.
|
||||||
for i := 1; i <= lookupTries; i++ {
|
for i := 1; i <= lookupTries; i++ {
|
||||||
// Get or update tables.
|
// Get or update tables.
|
||||||
if i == 1 {
|
if i == 1 && pktInfo.SeenAt.UnixNano() >= table.lastUpdateAt.Load() {
|
||||||
binds, updateIter = table.getCurrentTables()
|
binds, updateIter = table.getCurrentTables()
|
||||||
} else {
|
} else {
|
||||||
binds, updateIter = table.updateTables(updateIter)
|
binds, updateIter = table.updateTables(updateIter)
|
||||||
|
|
|
||||||
|
|
@ -17,9 +17,12 @@ type tcpTable struct {
|
||||||
|
|
||||||
connections []*socket.ConnectionInfo
|
connections []*socket.ConnectionInfo
|
||||||
listeners []*socket.BindInfo
|
listeners []*socket.BindInfo
|
||||||
updateIter atomic.Uint64
|
|
||||||
lock sync.RWMutex
|
lock sync.RWMutex
|
||||||
|
|
||||||
|
updateIter atomic.Uint64
|
||||||
|
// lastUpdateAt stores the time when the tables where last updated as unix nanoseconds.
|
||||||
|
lastUpdateAt atomic.Int64
|
||||||
|
|
||||||
fetchingLock sync.Mutex
|
fetchingLock sync.Mutex
|
||||||
fetchingInProgress bool
|
fetchingInProgress bool
|
||||||
fetchingDoneSignal chan struct{}
|
fetchingDoneSignal chan struct{}
|
||||||
|
|
@ -133,6 +136,7 @@ func (table *tcpTable) updateTables(previousUpdateIter uint64) (
|
||||||
table.connections = connections
|
table.connections = connections
|
||||||
table.listeners = listeners
|
table.listeners = listeners
|
||||||
table.updateIter.Add(1)
|
table.updateIter.Add(1)
|
||||||
|
table.lastUpdateAt.Store(time.Now().UnixNano())
|
||||||
|
|
||||||
// Return new tables immediately.
|
// Return new tables immediately.
|
||||||
return table.connections, table.listeners, table.updateIter.Load()
|
return table.connections, table.listeners, table.updateIter.Load()
|
||||||
|
|
|
||||||
|
|
@ -17,9 +17,12 @@ import (
|
||||||
type udpTable struct {
|
type udpTable struct {
|
||||||
version int
|
version int
|
||||||
|
|
||||||
binds []*socket.BindInfo
|
binds []*socket.BindInfo
|
||||||
|
lock sync.RWMutex
|
||||||
|
|
||||||
updateIter atomic.Uint64
|
updateIter atomic.Uint64
|
||||||
lock sync.RWMutex
|
// lastUpdateAt stores the time when the tables where last updated as unix nanoseconds.
|
||||||
|
lastUpdateAt atomic.Int64
|
||||||
|
|
||||||
fetchingLock sync.Mutex
|
fetchingLock sync.Mutex
|
||||||
fetchingInProgress bool
|
fetchingInProgress bool
|
||||||
|
|
@ -152,6 +155,7 @@ func (table *udpTable) updateTables(previousUpdateIter uint64) (
|
||||||
defer table.lock.Unlock()
|
defer table.lock.Unlock()
|
||||||
table.binds = binds
|
table.binds = binds
|
||||||
table.updateIter.Add(1)
|
table.updateIter.Add(1)
|
||||||
|
table.lastUpdateAt.Store(time.Now().UnixNano())
|
||||||
|
|
||||||
// Return new tables immediately.
|
// Return new tables immediately.
|
||||||
return table.binds, table.updateIter.Load()
|
return table.binds, table.updateIter.Load()
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue