fix: provide correct timestamp for TCP reassembler

This commit is contained in:
Toby 2024-05-06 14:35:31 -07:00
parent 245ac46b65
commit d7506264ad
3 changed files with 21 additions and 4 deletions

View File

@ -102,9 +102,11 @@ func (e *engine) dispatch(p io.Packet) bool {
_ = e.io.SetVerdict(p, io.VerdictAcceptStream, nil) _ = e.io.SetVerdict(p, io.VerdictAcceptStream, nil)
return true return true
} }
// Convert to gopacket.Packet
packet := gopacket.NewPacket(data, layerType, gopacket.DecodeOptions{Lazy: true, NoCopy: true})
packet.Metadata().Timestamp = p.Timestamp()
// Load balance by stream ID // Load balance by stream ID
index := p.StreamID() % uint32(len(e.workers)) index := p.StreamID() % uint32(len(e.workers))
packet := gopacket.NewPacket(data, layerType, gopacket.DecodeOptions{Lazy: true, NoCopy: true})
e.workers[index].Feed(&workerPacket{ e.workers[index].Feed(&workerPacket{
StreamID: p.StreamID(), StreamID: p.StreamID(),
Packet: packet, Packet: packet,

View File

@ -3,6 +3,7 @@ package io
import ( import (
"context" "context"
"net" "net"
"time"
) )
type Verdict int type Verdict int
@ -24,6 +25,8 @@ const (
type Packet interface { type Packet interface {
// StreamID is the ID of the stream the packet belongs to. // StreamID is the ID of the stream the packet belongs to.
StreamID() uint32 StreamID() uint32
// Timestamp is the time the packet was received.
Timestamp() time.Time
// Data is the raw packet data, starting with the IP header. // Data is the raw packet data, starting with the IP header.
Data() []byte Data() []byte
} }

View File

@ -10,6 +10,7 @@ import (
"strconv" "strconv"
"strings" "strings"
"syscall" "syscall"
"time"
"github.com/coreos/go-iptables/iptables" "github.com/coreos/go-iptables/iptables"
"github.com/florianl/go-nfqueue" "github.com/florianl/go-nfqueue"
@ -189,6 +190,12 @@ func (n *nfqueuePacketIO) Register(ctx context.Context, cb PacketCallback) error
streamID: ctIDFromCtBytes(*a.Ct), streamID: ctIDFromCtBytes(*a.Ct),
data: *a.Payload, data: *a.Payload,
} }
// Use timestamp from attribute if available, otherwise use current time as fallback
if a.Timestamp != nil {
p.timestamp = *a.Timestamp
} else {
p.timestamp = time.Now()
}
return okBoolToInt(cb(p, nil)) return okBoolToInt(cb(p, nil))
}, },
func(e error) int { func(e error) int {
@ -312,15 +319,20 @@ func (n *nfqueuePacketIO) setupIpt(local, rst, remove bool) error {
var _ Packet = (*nfqueuePacket)(nil) var _ Packet = (*nfqueuePacket)(nil)
type nfqueuePacket struct { type nfqueuePacket struct {
id uint32 id uint32
streamID uint32 streamID uint32
data []byte timestamp time.Time
data []byte
} }
func (p *nfqueuePacket) StreamID() uint32 { func (p *nfqueuePacket) StreamID() uint32 {
return p.streamID return p.streamID
} }
func (p *nfqueuePacket) Timestamp() time.Time {
return p.timestamp
}
func (p *nfqueuePacket) Data() []byte { func (p *nfqueuePacket) Data() []byte {
return p.data return p.data
} }