tests: fix

2026-05-12 15:29:00 +00:00
parent ecc2cde1c2
commit e8fdf1268b
4 changed files with 102 additions and 152 deletions
@@ -49,71 +49,76 @@ type tcpFlowEntry struct {
 }

 func (f *tcpFlow) feed(l3 L3Info, tcp TCPInfo, payload []byte) io.Verdict {
-	if f.rulesetChanged() || f.virgin {
-		f.virgin = false
-		return io.VerdictAccept
-	}
-	if len(f.activeEntries) == 0 {
+	rs, version := f.currentRuleset()
+	rulesetChanged := version != f.rulesetVersion
+
+	if !f.virgin && !rulesetChanged && len(f.activeEntries) == 0 {
 		return f.lastVerdict
 	}

-	dir, rev := f.resolveDirection(tcp)
-
 	if tcp.RST || tcp.FIN {
 		f.closeActiveEntries()
+		f.runMatch(rs, version, rulesetChanged)
 		f.maybeFinalizeVerdict()
 		return f.lastVerdict
 	}

-	if len(payload) == 0 {
-		return io.VerdictAccept
+	if len(payload) > 0 {
+		dir, rev := f.resolveDirection(tcp)
+		expected := f.dirSeq[dir]
+		if !f.feedCalled[dir] || expected == 0 || tcp.Seq == expected {
+			f.feedCalled[dir] = true
+			f.dirBuf[dir] = append(f.dirBuf[dir], payload...)
+			f.dirSeq[dir] = tcp.Seq + uint32(len(payload))
+			if len(f.dirBuf[dir]) <= tcpFlowMaxBuffer {
+				f.feedAnalyzers(rev)
+			}
+		}
 	}

-	expected := f.dirSeq[dir]
-	if f.feedCalled[dir] && expected != 0 && tcp.Seq != expected {
-		return io.VerdictAccept
-	}
-	f.feedCalled[dir] = true
-	f.dirBuf[dir] = append(f.dirBuf[dir], payload...)
-	f.dirSeq[dir] = tcp.Seq + uint32(len(payload))
+	f.runMatch(rs, version, rulesetChanged)
+	f.maybeFinalizeVerdict()
+	return f.lastVerdict
+}

-	if len(f.dirBuf[dir]) > tcpFlowMaxBuffer {
-		return io.VerdictAccept
+func (f *tcpFlow) feedAnalyzers(rev bool) {
+	buf := f.dirBuf[uint8(tcpDirC2S)]
+	if rev {
+		buf = f.dirBuf[uint8(tcpDirS2C)]
 	}
-
-	updated := false
 	for i := len(f.activeEntries) - 1; i >= 0; i-- {
 		entry := f.activeEntries[i]
-		update, closeUpdate, done := feedFlowEntry(entry, rev, f.dirBuf[dir])
+		update, closeUpdate, done := feedFlowEntry(entry, rev, buf)
 		u1 := processPropUpdate(f.info.Props, entry.Name, update)
 		u2 := processPropUpdate(f.info.Props, entry.Name, closeUpdate)
-		updated = updated || u1 || u2
+		if u1 || u2 {
+			f.logger.TCPStreamPropUpdate(f.info, false)
+		}
 		if done {
 			f.activeEntries = append(f.activeEntries[:i], f.activeEntries[i+1:]...)
 			f.doneEntries = append(f.doneEntries, entry)
 		}
 	}
+}

-	if updated {
-		f.logger.TCPStreamPropUpdate(f.info, false)
-		rs, version := f.currentRuleset()
-		f.rulesetVersion = version
-		result := ruleset.MatchResult{Action: ruleset.ActionMaybe}
-		if rs != nil {
-			result = rs.Match(f.info)
-		}
-		action := result.Action
-		if action != ruleset.ActionMaybe && action != ruleset.ActionModify {
-			verdict := actionToTCPVerdict(action)
-			f.lastVerdict = verdict
-			f.closeActiveEntries()
-			f.logger.TCPStreamAction(f.info, action, false)
-			return verdict
-		}
+func (f *tcpFlow) runMatch(rs ruleset.Ruleset, version uint64, rulesetChanged bool) {
+	if !f.virgin && !rulesetChanged {
+		return
 	}
+	f.virgin = false
+	f.rulesetVersion = version

-	f.maybeFinalizeVerdict()
-	return f.lastVerdict
+	result := ruleset.MatchResult{Action: ruleset.ActionMaybe}
+	if rs != nil {
+		result = rs.Match(f.info)
+	}
+	action := result.Action
+	if action != ruleset.ActionMaybe && action != ruleset.ActionModify {
+		verdict := actionToTCPVerdict(action)
+		f.lastVerdict = verdict
+		f.closeActiveEntries()
+		f.logger.TCPStreamAction(f.info, action, false)
+	}
 }

 func (f *tcpFlow) maybeFinalizeVerdict() {
@@ -137,11 +142,6 @@ func (f *tcpFlow) currentRuleset() (ruleset.Ruleset, uint64) {
 	return f.rulesetSource()
 }

-func (f *tcpFlow) rulesetChanged() bool {
-	_, version := f.currentRuleset()
-	return version != f.rulesetVersion
-}
-
 func (f *tcpFlow) closeActiveEntries() {
 	updated := false
 	for _, entry := range f.activeEntries {