Skip to main content

stackforge_core/flow/
config.rs

1use std::path::PathBuf;
2use std::time::Duration;
3
4/// Configuration for the flow extraction engine.
5///
6/// Controls timeouts, buffer limits, and eviction thresholds for
7/// conversation tracking and TCP stream reassembly.
8#[derive(Debug, Clone)]
9pub struct FlowConfig {
10    /// Timeout for established TCP connections (default: 86400s / 24h).
11    pub tcp_established_timeout: Duration,
12    /// Timeout for half-open TCP connections (SYN sent, no ACK) (default: 5s).
13    pub tcp_half_open_timeout: Duration,
14    /// Timeout for TCP `TIME_WAIT` state (default: 120s).
15    pub tcp_time_wait_timeout: Duration,
16    /// Timeout for UDP pseudo-conversations (default: 120s).
17    pub udp_timeout: Duration,
18    /// Maximum reassembly buffer size per direction per flow (default: 16 MB).
19    pub max_reassembly_buffer: usize,
20    /// Maximum number of out-of-order fragments per direction (default: 100).
21    pub max_ooo_fragments: usize,
22    /// Interval between idle conversation eviction sweeps (default: 30s).
23    pub eviction_interval: Duration,
24    /// Track maximum packet length per direction (default: false).
25    pub track_max_packet_len: bool,
26    /// Track maximum flow length per direction (default: false).
27    pub track_max_flow_len: bool,
28    /// Total RAM budget for flow extraction (None = unlimited).
29    /// When set, reassembly buffers will be spilled to disk when exceeded.
30    pub memory_budget: Option<usize>,
31    /// Directory for spill files (None = system temp dir).
32    pub spill_dir: Option<PathBuf>,
33}
34
35impl Default for FlowConfig {
36    fn default() -> Self {
37        Self {
38            tcp_established_timeout: Duration::from_secs(86_400),
39            tcp_half_open_timeout: Duration::from_secs(5),
40            tcp_time_wait_timeout: Duration::from_secs(120),
41            udp_timeout: Duration::from_secs(120),
42            max_reassembly_buffer: 16 * 1024 * 1024, // 16 MB
43            max_ooo_fragments: 100,
44            eviction_interval: Duration::from_secs(30),
45            track_max_packet_len: false,
46            track_max_flow_len: false,
47            memory_budget: None,
48            spill_dir: None,
49        }
50    }
51}
52
53#[cfg(test)]
54mod tests {
55    use super::*;
56
57    #[test]
58    fn test_default_config() {
59        let config = FlowConfig::default();
60        assert_eq!(config.tcp_established_timeout, Duration::from_secs(86_400));
61        assert_eq!(config.tcp_half_open_timeout, Duration::from_secs(5));
62        assert_eq!(config.tcp_time_wait_timeout, Duration::from_secs(120));
63        assert_eq!(config.udp_timeout, Duration::from_secs(120));
64        assert_eq!(config.max_reassembly_buffer, 16 * 1024 * 1024);
65        assert_eq!(config.max_ooo_fragments, 100);
66        assert_eq!(config.eviction_interval, Duration::from_secs(30));
67        assert!(!config.track_max_packet_len);
68        assert!(!config.track_max_flow_len);
69    }
70}