增加基于tap设备的桥接访问模式

2025-08-10 22:56:11 +08:00 · 2020-09-14 17:17:50 +08:00
parent 3b64de19b8
commit 31b1f12dbe
57 changed files with 2598 additions and 703 deletions
--- a/sessdata/copy_struct.go
+++ b/sessdata/copy_struct.go
@@ -0,0 +1,53 @@
+package sessdata
+
+import (
+	"fmt"
+	"reflect"
+)
+
+// 用b的所有字段覆盖a的
+// 如果fields不为空, 表示用b的特定字段覆盖a的
+// a应该为结构体指针
+func CopyStruct(a interface{}, b interface{}, fields ...string) (err error) {
+	at := reflect.TypeOf(a)
+	av := reflect.ValueOf(a)
+	bt := reflect.TypeOf(b)
+	bv := reflect.ValueOf(b)
+
+	// 简单判断下
+	if at.Kind() != reflect.Ptr {
+		err = fmt.Errorf("a must be a struct pointer")
+		return
+	}
+	av = reflect.ValueOf(av.Interface())
+
+	// 要复制哪些字段
+	_fields := make([]string, 0)
+	if len(fields) > 0 {
+		_fields = fields
+	} else {
+		for i := 0; i < bv.NumField(); i++ {
+			_fields = append(_fields, bt.Field(i).Name)
+		}
+	}
+
+	if len(_fields) == 0 {
+		fmt.Println("no fields to copy")
+		return
+	}
+
+	// 复制
+	for i := 0; i < len(_fields); i++ {
+		name := _fields[i]
+		f := av.Elem().FieldByName(name)
+		bValue := bv.FieldByName(name)
+
+		// a中有同名的字段并且类型一致才复制
+		if f.IsValid() && f.Kind() == bValue.Kind() {
+			f.Set(bValue)
+		} else {
+			// fmt.Printf("no such field or different kind, fieldName: %s\n", name)
+		}
+	}
+	return
+}
--- a/sessdata/copy_struct_test.go
+++ b/sessdata/copy_struct_test.go
@@ -0,0 +1,38 @@
+package sessdata
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+type A struct {
+	Id   int
+	Name string
+	Age  int
+	Addr string
+}
+
+type B struct {
+	IdB   int
+	NameB string
+	Age   int
+	Addr  string
+}
+
+func TestCopyStruct(t *testing.T) {
+	assert := assert.New(t)
+	a := A{
+		Id:   1,
+		Name: "bob",
+		Age:  15,
+		Addr: "American",
+	}
+	b := B{}
+	err := CopyStruct(&b, a)
+	assert.Nil(err)
+	assert.Equal(b.IdB, 0)
+	assert.Equal(b.NameB, "")
+	assert.Equal(b.Age, 15)
+	assert.Equal(b.Addr, "American")
+}
--- a/sessdata/ip_pool.go
+++ b/sessdata/ip_pool.go
@@ -0,0 +1,171 @@
+package sessdata
+
+import (
+	"encoding/binary"
+	"net"
+	"sync"
+	"time"
+
+	"github.com/bjdgyc/anylink/common"
+	"github.com/bjdgyc/anylink/dbdata"
+)
+
+const (
+	// ip租期 (秒)
+	IpLease = 1209600
+)
+
+var (
+	IpPool  = &IpPoolConfig{}
+	macInfo = map[string]*MacIp{}
+	ipInfo  = map[string]*MacIp{}
+)
+
+type MacIp struct {
+	IsActive  bool
+	Ip        net.IP
+	MacAddr   string
+	LastLogin time.Time
+}
+
+type IpPoolConfig struct {
+	mux sync.Mutex
+	// 计算动态ip
+	Ipv4Gateway net.IP
+	Ipv4IPNet   net.IPNet
+	IpLongMin   uint32
+	IpLongMax   uint32
+}
+
+func initIpMac() {
+	macs := dbdata.GetAllMacIp()
+	for _, v := range macs {
+		mi := &MacIp{}
+		CopyStruct(mi, v)
+		macInfo[v.MacAddr] = mi
+		ipInfo[v.Ip.String()] = mi
+	}
+}
+
+func initIpPool() {
+
+	// 地址处理
+	// ip地址
+	ip := net.ParseIP(common.ServerCfg.Ipv4Network)
+	// 子网掩码
+	maskIp := net.ParseIP(common.ServerCfg.Ipv4Netmask).To4()
+	IpPool.Ipv4IPNet = net.IPNet{IP: ip, Mask: net.IPMask(maskIp)}
+	IpPool.Ipv4Gateway = net.ParseIP(common.ServerCfg.Ipv4Gateway)
+
+	// 网络地址零值
+	// zero := binary.BigEndian.Uint32(ip.Mask(mask))
+	// 广播地址
+	// one, _ := ipNet.Mask.Size()
+	// max := min | uint32(math.Pow(2, float64(32-one))-1)
+
+	// ip地址池
+	IpPool.IpLongMin = ip2long(net.ParseIP(common.ServerCfg.Ipv4Pool[0]))
+	IpPool.IpLongMax = ip2long(net.ParseIP(common.ServerCfg.Ipv4Pool[1]))
+}
+
+func long2ip(i uint32) net.IP {
+	ip := make([]byte, 4)
+	binary.BigEndian.PutUint32(ip, i)
+	return ip
+}
+
+func ip2long(ip net.IP) uint32 {
+	ip = ip.To4()
+	return binary.BigEndian.Uint32(ip)
+}
+
+// 获取动态ip
+func AcquireIp(macAddr string) net.IP {
+	IpPool.mux.Lock()
+	defer IpPool.mux.Unlock()
+	tNow := time.Now()
+
+	// 判断已经分配过
+	if mi, ok := macInfo[macAddr]; ok {
+		ip := mi.Ip
+		// 检测原有ip是否在新的ip池内
+		if IpPool.Ipv4IPNet.Contains(ip) {
+			mi.IsActive = true
+			mi.LastLogin = tNow
+			// 回写db数据
+			dbdata.Set(dbdata.BucketMacIp, macAddr, mi)
+			return ip
+		} else {
+			delete(macInfo, macAddr)
+			delete(ipInfo, ip.String())
+			dbdata.Del(dbdata.BucketMacIp, macAddr)
+		}
+	}
+
+	farMac := &MacIp{LastLogin: tNow}
+	// 全局遍历未分配ip
+	for i := IpPool.IpLongMin; i <= IpPool.IpLongMax; i++ {
+		ip := long2ip(i)
+		ipStr := ip.String()
+		v, ok := ipInfo[ipStr]
+		// 该ip没有被使用
+		if !ok {
+			mi := &MacIp{IsActive: true, Ip: ip, MacAddr: macAddr, LastLogin: tNow}
+			macInfo[macAddr] = mi
+			ipInfo[ipStr] = mi
+			// 回写db数据
+			dbdata.Set(dbdata.BucketMacIp, macAddr, mi)
+			return ip
+		}
+
+		// 跳过活跃连接
+		if v.IsActive {
+			continue
+		}
+		// 已经超过租期
+		if tNow.Sub(v.LastLogin) > IpLease*time.Second {
+			delete(macInfo, v.MacAddr)
+			mi := &MacIp{IsActive: true, Ip: ip, MacAddr: macAddr, LastLogin: tNow}
+			macInfo[macAddr] = mi
+			ipInfo[ipStr] = mi
+			// 回写db数据
+			dbdata.Del(dbdata.BucketMacIp, v.MacAddr)
+			dbdata.Set(dbdata.BucketMacIp, macAddr, mi)
+			return ip
+		}
+		// 其他情况判断最早登陆的mac
+		if v.LastLogin.Before(farMac.LastLogin) {
+			farMac = v
+		}
+	}
+
+	// 全都在线，没有数据可用
+	if farMac.MacAddr == "" {
+		return nil
+	}
+
+	// 使用最早登陆的mac ip
+	delete(macInfo, farMac.MacAddr)
+	ip := farMac.Ip
+	mi := &MacIp{IsActive: true, Ip: ip, MacAddr: macAddr, LastLogin: tNow}
+	macInfo[macAddr] = mi
+	ipInfo[ip.String()] = mi
+	// 回写db数据
+	dbdata.Del(dbdata.BucketMacIp, farMac.MacAddr)
+	dbdata.Set(dbdata.BucketMacIp, macAddr, mi)
+	return ip
+}
+
+// 回收ip
+func ReleaseIp(ip net.IP, macAddr string) {
+	IpPool.mux.Lock()
+	defer IpPool.mux.Unlock()
+	if mi, ok := macInfo[macAddr]; ok {
+		if mi.Ip.Equal(ip) {
+			mi.IsActive = false
+			mi.LastLogin = time.Now()
+			// 回写db数据
+			dbdata.Set(dbdata.BucketMacIp, macAddr, mi)
+		}
+	}
+}
--- a/sessdata/ip_pool_test.go
+++ b/sessdata/ip_pool_test.go
@@ -0,0 +1,58 @@
+package sessdata
+
+import (
+	"fmt"
+	"net"
+	"os"
+	"path"
+	"testing"
+
+	"github.com/bjdgyc/anylink/common"
+	"github.com/bjdgyc/anylink/dbdata"
+	"github.com/stretchr/testify/assert"
+)
+
+func preIpData() {
+	common.ServerCfg.Ipv4Network = "192.168.3.0"
+	common.ServerCfg.Ipv4Netmask = "255.255.255.0"
+	common.ServerCfg.Ipv4Pool = []string{"192.168.3.1", "192.168.3.199"}
+	tmpDb := path.Join(os.TempDir(), "anylink_test.db")
+	common.ServerCfg.DbFile = tmpDb
+	dbdata.Start()
+}
+
+func closeIpdata() {
+	dbdata.Stop()
+	tmpDb := path.Join(os.TempDir(), "anylink_test.db")
+	os.Remove(tmpDb)
+}
+
+func TestIpPool(t *testing.T) {
+	assert := assert.New(t)
+	preIpData()
+	defer closeIpdata()
+
+	macInfo = map[string]*MacIp{}
+	ipInfo = map[string]*MacIp{}
+	initIpPool()
+
+	var ip net.IP
+
+	for i := 1; i <= 100; i++ {
+		ip = AcquireIp(fmt.Sprintf("mac-%d", i))
+	}
+	ip = AcquireIp(fmt.Sprintf("mac-new"))
+	assert.True(net.IPv4(192, 168, 3, 101).Equal(ip))
+	for i := 102; i <= 199; i++ {
+		ip = AcquireIp(fmt.Sprintf("mac-%d", i))
+	}
+	assert.True(net.IPv4(192, 168, 3, 199).Equal(ip))
+	ip = AcquireIp(fmt.Sprintf("mac-nil"))
+	assert.Nil(ip)
+
+	ReleaseIp(net.IPv4(192, 168, 3, 88), "mac-88")
+	ReleaseIp(net.IPv4(192, 168, 3, 77), "mac-77")
+	// 最早过期的ip
+	ip = AcquireIp("mac-release-new")
+	assert.True(net.IPv4(192, 168, 3, 88).Equal(ip))
+}
--- a/sessdata/limit_client.go
+++ b/sessdata/limit_client.go
@@ -0,0 +1,46 @@
+package sessdata
+
+import (
+	"sync"
+
+	"github.com/bjdgyc/anylink/common"
+)
+
+const limitAllKey = "__ALL__"
+
+var (
+	limitClient = map[string]int{limitAllKey: 0}
+	limitMux    = sync.Mutex{}
+)
+
+func LimitClient(user string, close bool) bool {
+	limitMux.Lock()
+	defer limitMux.Unlock()
+	// defer fmt.Println(limitClient)
+
+	_all := limitClient[limitAllKey]
+	c, ok := limitClient[user]
+	if !ok { // 不存在用户
+		limitClient[user] = 0
+	}
+
+	if close {
+		limitClient[user] = c - 1
+		limitClient[limitAllKey] = _all - 1
+		return true
+	}
+
+	// 全局判断
+	if _all >= common.ServerCfg.MaxClient {
+		return false
+	}
+
+	// 超出同一个用户限制
+	if c >= common.ServerCfg.MaxUserClient {
+		return false
+	}
+
+	limitClient[user] = c + 1
+	limitClient[limitAllKey] = _all + 1
+	return true
+}
--- a/sessdata/limit_rate.go
+++ b/sessdata/limit_rate.go
@@ -0,0 +1,45 @@
+package sessdata
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	"github.com/bjdgyc/anylink/common"
+
+	"golang.org/x/time/rate"
+)
+
+var Sess = &ConnSession{}
+
+func init() {
+	return
+	tick := time.Tick(time.Second * 2)
+	go func() {
+		for range tick {
+			uP := common.HumanByte(float64(Sess.BandwidthUpPeriod / BandwidthPeriodSec))
+			dP := common.HumanByte(float64(Sess.BandwidthDownPeriod / BandwidthPeriodSec))
+			uA := common.HumanByte(float64(Sess.BandwidthUpAll))
+			dA := common.HumanByte(float64(Sess.BandwidthDownAll))
+
+			fmt.Printf("rateUp:%s rateDown:%s allUp %s allDown %s \n",
+				uP, dP, uA, dA)
+		}
+	}()
+}
+
+type LimitRater struct {
+	limit *rate.Limiter
+}
+
+// lim: 令牌产生速率
+// burst: 允许的最大爆发速率
+func NewLimitRater(lim, burst int) *LimitRater {
+	limit := rate.NewLimiter(rate.Limit(lim), burst)
+	return &LimitRater{limit: limit}
+}
+
+// bt 不能超过burst大小
+func (l *LimitRater) Wait(bt int) error {
+	return l.limit.WaitN(context.Background(), bt)
+}
--- a/sessdata/limit_test.go
+++ b/sessdata/limit_test.go
@@ -0,0 +1,55 @@
+package sessdata
+
+import (
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+
+	"github.com/bjdgyc/anylink/common"
+)
+
+// func TestCheckUser(t *testing.T) {
+// 	users["user1"] = User{Password: "7c4a8d09ca3762af61e59520943dc26494f8941b"}
+// 	users["user2"] = User{Password: "7c4a8d09ca3762af61e59520943dc26494f8941c"}
+//
+// 	var res bool
+// 	res = CheckUser("user1", "123456", "")
+// 	AssertTrue(t, res == true)
+//
+// 	res = CheckUser("user2", "123457", "")
+// 	AssertTrue(t, res == false)
+// }
+
+func TestLimitClient(t *testing.T) {
+	assert := assert.New(t)
+	common.ServerCfg.MaxClient = 2
+	common.ServerCfg.MaxUserClient = 1
+
+	res1 := LimitClient("user1", false)
+	res2 := LimitClient("user1", false)
+	res3 := LimitClient("user2", false)
+	res4 := LimitClient("user3", false)
+	res5 := LimitClient("user1", true)
+
+	assert.True(res1)
+	assert.False(res2)
+	assert.True(res3)
+	assert.False(res4)
+	assert.True(res5)
+
+}
+
+func TestLimitWait(t *testing.T) {
+	assert := assert.New(t)
+	limit := NewLimitRater(1, 2)
+	limit.Wait(2)
+	start := time.Now()
+	err := limit.Wait(2)
+	assert.Nil(err)
+	err = limit.Wait(1)
+	assert.Nil(err)
+	end := time.Now()
+	sub := end.Sub(start)
+	assert.Equal(3, int(sub.Seconds()))
+}
--- a/sessdata/protocol.go
+++ b/sessdata/protocol.go
@@ -0,0 +1,71 @@
+package sessdata
+
+type LType int8
+
+const (
+	LTypeEthernet LType = 1
+	LTypeIPData   LType = 2
+)
+
+type Payload struct {
+	PType byte  // payload types
+	LType LType // LinkType
+	Data  []byte
+}
+
+/*
+   var header = []byte{'S', 'T', 'F', 0x01, 0, 0, 0x00, 0}
+   https://tools.ietf.org/html/draft-mavrogiannopoulos-openconnect-02#section-2.2
+
+   +---------------------+---------------------------------------------+
+   |         byte        | value                                       |
+   +---------------------+---------------------------------------------+
+   |          0          | fixed to 0x53 (S)                           |
+   |                     |                                             |
+   |          1          | fixed to 0x54 (T)                           |
+   |                     |                                             |
+   |          2          | fixed to 0x46 (F)                           |
+   |                     |                                             |
+   |          3          | fixed to 0x01                               |
+   |                     |                                             |
+   |         4-5         | The length of the packet that follows this  |
+   |                     | header in big endian order                  |
+   |                     |                                             |
+   |          6          | The type of the payload that follows (see   |
+   |                     | Table 3 for available types)                |
+   |                     |                                             |
+   |          7          | fixed to 0x00                               |
+   +---------------------+---------------------------------------------+
+
+
+   The available payload types are listed in Table 3.
+   +---------------------+---------------------------------------------+
+   |        Value        | Description                                 |
+   +---------------------+---------------------------------------------+
+   |         0x00        | DATA: the TLS record packet contains an     |
+   |                     | IPv4 or IPv6 packet                         |
+   |                     |                                             |
+   |         0x03        | DPD-REQ: used for dead peer detection. Once |
+   |                     | sent the peer should reply with a DPD-RESP  |
+   |                     | packet, that has the same contents as the   |
+   |                     | original request.                           |
+   |                     |                                             |
+   |         0x04        | DPD-RESP: used as a response to a           |
+   |                     | previously received DPD-REQ.                |
+   |                     |                                             |
+   |         0x05        | DISCONNECT: sent by the client (or server)  |
+   |                     | to terminate the session.  No data is       |
+   |                     | associated with this request. The session   |
+   |                     | will be invalidated after such request.     |
+   |                     |                                             |
+   |         0x07        | KEEPALIVE: sent by any peer. No data is     |
+   |                     | associated with this request.               |
+   |                     |                                             |
+   |         0x08        | COMPRESSED DATA: a Data packet which is     |
+   |                     | compressed prior to encryption.             |
+   |                     |                                             |
+   |         0x09        | TERMINATE: sent by the server to indicate   |
+   |                     | that the server is shutting down. No data   |
+   |                     | is associated with this request.            |
+   +---------------------+---------------------------------------------+
+*/
--- a/sessdata/session.go
+++ b/sessdata/session.go
@@ -0,0 +1,258 @@
+package sessdata
+
+import (
+	"crypto/md5"
+	"fmt"
+	"log"
+	"math/rand"
+	"net"
+	"strconv"
+	"strings"
+	"sync"
+	"sync/atomic"
+	"time"
+
+	"github.com/bjdgyc/anylink/common"
+)
+
+const BandwidthPeriodSec = 2 // 流量速率统计周期(秒)
+
+var (
+	// session_token -> SessUser
+	sessions = sync.Map{} // make(map[string]*Session)
+)
+
+// 连接sess
+type ConnSession struct {
+	Sess                *Session
+	MasterSecret        string // dtls协议的 master_secret
+	Ip                  net.IP // 分配的ip地址
+	LocalIp             net.IP
+	MacHw               net.HardwareAddr // 客户端mac地址,从Session取出
+	RemoteAddr          string
+	Mtu                 int
+	TunName             string
+	Limit               *LimitRater
+	BandwidthUp         uint32 // 使用上行带宽 Byte
+	BandwidthDown       uint32 // 使用下行带宽 Byte
+	BandwidthUpPeriod   uint32 // 前一周期的总量
+	BandwidthDownPeriod uint32
+	BandwidthUpAll      uint32 // 使用上行带宽总量
+	BandwidthDownAll    uint32 // 使用下行带宽总量
+	closeOnce           sync.Once
+	CloseChan           chan struct{}
+	PayloadIn           chan *Payload
+	PayloadOut          chan *Payload
+	PayloadArp          chan *Payload
+}
+
+type Session struct {
+	mux            sync.Mutex
+	Sid            string // auth返回的 session-id
+	Token          string // session信息的唯一token
+	DtlsSid        string // dtls协议的 session_id
+	MacAddr        string // 客户端mac地址
+	UniqueIdGlobal string // 客户端唯一标示
+	UserName       string // 用户名
+
+	LastLogin time.Time
+	IsActive  bool
+
+	// 开启link需要设置的参数
+	CSess *ConnSession
+}
+
+func init() {
+	rand.Seed(time.Now().UnixNano())
+}
+
+func checkSession() {
+
+	// 检测过期的session
+	go func() {
+		if common.ServerCfg.SessionTimeout == 0 {
+			return
+		}
+		timeout := time.Duration(common.ServerCfg.SessionTimeout) * time.Second
+		tick := time.Tick(time.Second * 60)
+		for range tick {
+			t := time.Now()
+
+			sessions.Range(func(key, value interface{}) bool {
+				v := value.(*Session)
+				v.mux.Lock()
+				defer v.mux.Unlock()
+
+				if v.IsActive == true {
+					return true
+				}
+				if t.Sub(v.LastLogin) > timeout {
+					sessions.Delete(key)
+				}
+				return true
+			})
+
+		}
+	}()
+}
+
+func NewSession() *Session {
+	// 生成32位的 token
+	btoken := make([]byte, 32)
+	rand.Read(btoken)
+
+	// 生成 dtlsn session_id
+	dtlsid := make([]byte, 32)
+	rand.Read(dtlsid)
+
+	token := fmt.Sprintf("%x", btoken)
+	sess := &Session{
+		Sid:       fmt.Sprintf("%d", time.Now().Unix()),
+		Token:     token,
+		DtlsSid:   fmt.Sprintf("%x", dtlsid),
+		LastLogin: time.Now(),
+	}
+
+	sessions.Store(token, sess)
+	return sess
+}
+
+func (s *Session) NewConn() *ConnSession {
+	s.mux.Lock()
+	active := s.IsActive
+	macAddr := s.MacAddr
+	s.mux.Unlock()
+	if active == true {
+		s.CSess.Close()
+	}
+
+	limit := LimitClient(s.UserName, false)
+	if limit == false {
+		return nil
+	}
+	// 获取客户端mac地址
+	macHw, err := net.ParseMAC(macAddr)
+	if err != nil {
+		sum := md5.Sum([]byte(s.UniqueIdGlobal))
+		macHw = sum[8:13] // 5个byte
+		macHw = append([]byte{0x00}, macHw...)
+		macAddr = macHw.String()
+	}
+	ip := AcquireIp(macAddr)
+	if ip == nil {
+		return nil
+	}
+
+	cSess := &ConnSession{
+		Sess:       s,
+		MacHw:      macHw,
+		Ip:         ip,
+		closeOnce:  sync.Once{},
+		CloseChan:  make(chan struct{}),
+		PayloadIn:  make(chan *Payload),
+		PayloadOut: make(chan *Payload),
+		PayloadArp: make(chan *Payload, 1000),
+		// Limit:      NewLimitRater(1024 * 1024),
+	}
+
+	go cSess.ratePeriod()
+
+	s.mux.Lock()
+	s.MacAddr = macAddr
+	s.IsActive = true
+	s.CSess = cSess
+	s.mux.Unlock()
+	return cSess
+}
+
+func (cs *ConnSession) Close() {
+	cs.closeOnce.Do(func() {
+		log.Println("closeOnce:", cs.Ip)
+		cs.Sess.mux.Lock()
+		defer cs.Sess.mux.Unlock()
+
+		close(cs.CloseChan)
+		cs.Sess.IsActive = false
+		cs.Sess.LastLogin = time.Now()
+		cs.Sess.CSess = nil
+
+		ReleaseIp(cs.Ip, cs.Sess.MacAddr)
+		LimitClient(cs.Sess.UserName, true)
+	})
+}
+
+func (cs *ConnSession) ratePeriod() {
+	tick := time.Tick(time.Second * BandwidthPeriodSec)
+	for range tick {
+		select {
+		case <-cs.CloseChan:
+			return
+		default:
+		}
+
+		// 实时流量清零
+		rtUp := atomic.SwapUint32(&cs.BandwidthUp, 0)
+		rtDown := atomic.SwapUint32(&cs.BandwidthDown, 0)
+		// 设置上一周期的流量
+		atomic.SwapUint32(&cs.BandwidthUpPeriod, rtUp)
+		atomic.SwapUint32(&cs.BandwidthDownPeriod, rtDown)
+		// 累加所有流量
+		atomic.AddUint32(&cs.BandwidthUpAll, rtUp)
+		atomic.AddUint32(&cs.BandwidthDownAll, rtDown)
+	}
+}
+
+const MaxMtu = 1460
+
+func (cs *ConnSession) SetMtu(mtu string) {
+	cs.Mtu = MaxMtu
+
+	mi, err := strconv.Atoi(mtu)
+	if err != nil || mi < 100 {
+		return
+	}
+
+	if mi < MaxMtu {
+		cs.Mtu = mi
+	}
+}
+
+func (cs *ConnSession) RateLimit(byt int, isUp bool) error {
+	if isUp {
+		atomic.AddUint32(&cs.BandwidthUp, uint32(byt))
+		return nil
+	}
+	// 只对下行速率限制
+	atomic.AddUint32(&cs.BandwidthDown, uint32(byt))
+	if cs.Limit == nil {
+		return nil
+	}
+	return cs.Limit.Wait(byt)
+}
+
+func SToken2Sess(stoken string) *Session {
+	stoken = strings.TrimSpace(stoken)
+	sarr := strings.Split(stoken, "@")
+	token := sarr[1]
+
+	if sess, ok := sessions.Load(token); ok {
+		return sess.(*Session)
+	}
+
+	return nil
+}
+
+func Dtls2Sess(dtlsid []byte) *Session {
+	return nil
+}
+
+func DelSess(token string) {
+	// sessions.Delete(token)
+}
+
+func DelSessByStoken(stoken string) {
+	stoken = strings.TrimSpace(stoken)
+	sarr := strings.Split(stoken, "@")
+	token := sarr[1]
+	sessions.Delete(token)
+}
--- a/sessdata/session_test.go
+++ b/sessdata/session_test.go
@@ -0,0 +1,31 @@
+package sessdata
+
+import (
+	"sync"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestNewSession(t *testing.T) {
+	assert := assert.New(t)
+	sessions = sync.Map{}
+	sess := NewSession()
+	token := sess.Token
+	v, ok := sessions.Load(token)
+	assert.True(ok)
+	assert.Equal(sess, v)
+}
+
+func TestConnSession(t *testing.T) {
+	assert := assert.New(t)
+	preIpData()
+	defer closeIpdata()
+	sess := NewSession()
+	cSess := sess.NewConn()
+	cSess.RateLimit(100, true)
+	assert.Equal(cSess.BandwidthUp, uint32(100))
+	cSess.RateLimit(200, false)
+	assert.Equal(cSess.BandwidthDown, uint32(200))
+	cSess.Close()
+}
--- a/sessdata/start.go
+++ b/sessdata/start.go
@@ -0,0 +1,7 @@
+package sessdata
+
+func Start() {
+	initIpPool()
+	initIpMac()
+	checkSession()
+}