Skip to main content

stackforge_core/flow/
config.rs

1use std::path::PathBuf;
2use std::time::Duration;
3
4/// Configuration for the flow extraction engine.
5///
6/// Controls timeouts, buffer limits, and eviction thresholds for
7/// conversation tracking and TCP stream reassembly.
8#[derive(Debug, Clone)]
9pub struct FlowConfig {
10    /// Timeout for established TCP connections (default: 86400s / 24h).
11    pub tcp_established_timeout: Duration,
12    /// Timeout for half-open TCP connections (SYN sent, no ACK) (default: 5s).
13    pub tcp_half_open_timeout: Duration,
14    /// Timeout for TCP `TIME_WAIT` state (default: 120s).
15    pub tcp_time_wait_timeout: Duration,
16    /// Timeout for UDP pseudo-conversations (default: 120s).
17    pub udp_timeout: Duration,
18    /// Maximum reassembly buffer size per direction per flow (default: 16 MB).
19    pub max_reassembly_buffer: usize,
20    /// Maximum number of out-of-order fragments per direction (default: 100).
21    pub max_ooo_fragments: usize,
22    /// Interval between idle conversation eviction sweeps (default: 30s).
23    pub eviction_interval: Duration,
24    /// Track maximum packet length per direction (default: false).
25    pub track_max_packet_len: bool,
26    /// Track maximum flow length per direction (default: false).
27    pub track_max_flow_len: bool,
28    /// Total RAM budget for flow extraction (None = unlimited).
29    /// When set, reassembly buffers will be spilled to disk when exceeded.
30    pub memory_budget: Option<usize>,
31    /// Directory for spill files (None = system temp dir).
32    pub spill_dir: Option<PathBuf>,
33    /// Print progress feedback to stderr during flow extraction (default: false).
34    pub verbose: bool,
35    /// Store per-flow packet indices (default: true).
36    /// Disable for large captures to save memory (~8 bytes per packet).
37    pub store_packet_indices: bool,
38    /// Number of packets between progress reports when verbose is enabled (default: 100_000).
39    pub progress_interval: usize,
40}
41
42impl Default for FlowConfig {
43    fn default() -> Self {
44        Self {
45            tcp_established_timeout: Duration::from_secs(86_400),
46            tcp_half_open_timeout: Duration::from_secs(5),
47            tcp_time_wait_timeout: Duration::from_secs(120),
48            udp_timeout: Duration::from_secs(120),
49            max_reassembly_buffer: 16 * 1024 * 1024, // 16 MB
50            max_ooo_fragments: 100,
51            eviction_interval: Duration::from_secs(30),
52            track_max_packet_len: false,
53            track_max_flow_len: false,
54            memory_budget: None,
55            spill_dir: None,
56            verbose: false,
57            store_packet_indices: true,
58            progress_interval: 100_000,
59        }
60    }
61}
62
63#[cfg(test)]
64mod tests {
65    use super::*;
66
67    #[test]
68    fn test_default_config() {
69        let config = FlowConfig::default();
70        assert_eq!(config.tcp_established_timeout, Duration::from_secs(86_400));
71        assert_eq!(config.tcp_half_open_timeout, Duration::from_secs(5));
72        assert_eq!(config.tcp_time_wait_timeout, Duration::from_secs(120));
73        assert_eq!(config.udp_timeout, Duration::from_secs(120));
74        assert_eq!(config.max_reassembly_buffer, 16 * 1024 * 1024);
75        assert_eq!(config.max_ooo_fragments, 100);
76        assert_eq!(config.eviction_interval, Duration::from_secs(30));
77        assert!(!config.track_max_packet_len);
78        assert!(!config.track_max_flow_len);
79        assert!(config.store_packet_indices);
80        assert_eq!(config.progress_interval, 100_000);
81    }
82}