diff --git a/bin/main.conf b/bin/main.conf index 2f03a10..55fba42 100644 --- a/bin/main.conf +++ b/bin/main.conf @@ -52,6 +52,7 @@ DEVICE_SN_FILENAME="/opt/tsg/etc/tsg_sn.json" DEVICE_ID_COMMAND="hostname | awk -F'-' '{print $3}'| awk -F'ADC' '{print $2}'" SERVICE_CHAINING_SID=1004 SHAPING_SID=1005 +PROXY_SID=1006 [TRAFFIC_MIRROR] TRAFFIC_MIRROR_ENABLE=1 diff --git a/bin/tsg_log_field.conf b/bin/tsg_log_field.conf index 5253d68..0712221 100644 --- a/bin/tsg_log_field.conf +++ b/bin/tsg_log_field.conf @@ -8,6 +8,7 @@ TOPIC INTERIM-SESSION-RECORD 4 TOPIC TRANSACTION-RECORD 5 TOPIC GTPC-RECORD 6 TOPIC BGP-RECORD 7 +TOPIC PROXY-EVENT 8 #TYPE FIELD VALUE LONG common_policy_id 1 diff --git a/src/tsg_bridge.cpp b/src/tsg_bridge.cpp index 04c72ee..c2d2058 100644 --- a/src/tsg_bridge.cpp +++ b/src/tsg_bridge.cpp @@ -179,7 +179,7 @@ void *session_async_bridge_get_data(const struct streaminfo *a_stream, int bridg return NULL; } -const struct session_runtime_attribute *session_runtime_attribute_get(const struct streaminfo *a_stream) +const struct session_runtime_attribute *session_runtime_attribute_new(const struct streaminfo *a_stream) { struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_async_bridge_get_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SESSION_ATTRIBUTE].id); if(srt_attribute==NULL) @@ -199,6 +199,11 @@ const struct session_runtime_attribute *session_runtime_attribute_get(const stru return (const struct session_runtime_attribute *)srt_attribute; } +const struct session_runtime_attribute *session_runtime_attribute_get(const struct streaminfo *a_stream) +{ + return (struct session_runtime_attribute *)session_async_bridge_get_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SESSION_ATTRIBUTE].id); +} + int srt_attribute_set_establish_latecy(const struct streaminfo *a_stream) { unsigned long long create_time=0; @@ -218,7 +223,7 @@ int srt_attribute_set_establish_latecy(const struct streaminfo *a_stream) return 0; } - struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_get(a_stream); + struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_new(a_stream); if(srt_attribute) { srt_attribute->establish_latency_ms=current_time-create_time; @@ -230,7 +235,7 @@ int srt_attribute_set_establish_latecy(const struct streaminfo *a_stream) int srt_attribute_set_protocol(const struct streaminfo *a_stream, TSG_PROTOCOL protocol) { - struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_get(a_stream); + struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_new(a_stream); if(srt_attribute) { srt_attribute->proto=protocol; @@ -242,7 +247,7 @@ int srt_attribute_set_protocol(const struct streaminfo *a_stream, TSG_PROTOCOL p int srt_attribute_set_reponse_size(const struct streaminfo *a_stream, int http_action_file_size) { - struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_get(a_stream); + struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_new(a_stream); if(srt_attribute) { srt_attribute->http_action_file_size=http_action_file_size; @@ -254,7 +259,7 @@ int srt_attribute_set_reponse_size(const struct streaminfo *a_stream, int http_a int srt_attribute_set_ja3_fingprint(const struct streaminfo *a_stream, const char *ja3_fingerprint) { - struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_get(a_stream); + struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_new(a_stream); if(srt_attribute) { srt_attribute->ja3_fingerprint=ja3_fingerprint; @@ -266,7 +271,7 @@ int srt_attribute_set_ja3_fingprint(const struct streaminfo *a_stream, const cha int srt_atttribute_set_umts_user_info(const struct streaminfo *a_stream, struct umts_user_info *user_info) { - struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_get(a_stream); + struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_new(a_stream); if(srt_attribute) { srt_attribute->user_info=user_info; @@ -278,7 +283,7 @@ int srt_atttribute_set_umts_user_info(const struct streaminfo *a_stream, struct int srt_atttribute_set_subscriber_id(const struct streaminfo *a_stream, struct subscribe_id_info *c_subscribe_id, struct subscribe_id_info *s_subscribe_id) { - struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_get(a_stream); + struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_new(a_stream); if(srt_attribute) { srt_attribute->client_subscribe_id=c_subscribe_id; @@ -291,7 +296,7 @@ int srt_atttribute_set_subscriber_id(const struct streaminfo *a_stream, struct s int srt_atttribute_set_ip_asn(const struct streaminfo *a_stream, struct asn_info *c_asn, struct asn_info *s_asn) { - struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_get(a_stream); + struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_new(a_stream); if(srt_attribute) { srt_attribute->client_asn=c_asn; @@ -304,7 +309,7 @@ int srt_atttribute_set_ip_asn(const struct streaminfo *a_stream, struct asn_info int srt_atttribute_set_ip_location(const struct streaminfo *a_stream, struct location_info *c_location, struct location_info *s_location) { - struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_get(a_stream); + struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_new(a_stream); if(srt_attribute) { srt_attribute->client_location=c_location; @@ -317,7 +322,7 @@ int srt_atttribute_set_ip_location(const struct streaminfo *a_stream, struct loc int srt_attribute_set_category_ids(const struct streaminfo *a_stream, unsigned int *category_ids, int n_category_ids) { - struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_get(a_stream); + struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_new(a_stream); if(srt_attribute) { if(n_category_ids<=0 || n_category_ids>MAX_CATEGORY_ID_NUM) @@ -335,7 +340,7 @@ int srt_attribute_set_category_ids(const struct streaminfo *a_stream, unsigned i int srt_attribute_set_flags(const struct streaminfo *a_stream, unsigned long s_flags) { - struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_get(a_stream); + struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_new(a_stream); if(srt_attribute) { srt_attribute->session_flags=s_flags; @@ -431,7 +436,7 @@ int session_runtime_process_context_async(const struct streaminfo *a_stream, voi return session_async_bridge_set_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SESSION_PROCESS_CONTEXT].id, data); } -const struct session_runtime_process_context *session_runtime_process_context_get(const struct streaminfo *a_stream) +const struct session_runtime_process_context *session_runtime_process_context_new(const struct streaminfo *a_stream) { struct session_runtime_process_context *srt_attribute=(struct session_runtime_process_context *)session_async_bridge_get_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SESSION_PROCESS_CONTEXT].id); if(srt_attribute==NULL) @@ -451,6 +456,11 @@ const struct session_runtime_process_context *session_runtime_process_context_ge return (const struct session_runtime_process_context *)srt_attribute; } +const struct session_runtime_process_context *session_runtime_process_context_get(const struct streaminfo *a_stream) +{ + return (struct session_runtime_process_context *)session_async_bridge_get_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SESSION_PROCESS_CONTEXT].id); +} + enum TSG_PROTOCOL srt_process_context_get_protocol(const struct session_runtime_process_context *srt_process_context) { if(srt_process_context!=NULL) @@ -496,6 +506,26 @@ int session_runtime_action_context_async(const struct streaminfo *a_stream, void return session_async_bridge_set_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SESSION_ACTION_CONTEXT].id, data); } +const struct session_runtime_action_context *session_runtime_action_context_new(const struct streaminfo *a_stream) +{ + struct session_runtime_action_context *srt_action_context=(struct session_runtime_action_context *)session_async_bridge_get_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SESSION_PROCESS_CONTEXT].id); + if(srt_action_context==NULL) + { + srt_action_context=(struct session_runtime_action_context *)dictator_malloc(a_stream->threadnum, sizeof(struct session_runtime_action_context)); + memset(srt_action_context, 0, sizeof(struct session_runtime_action_context)); + + int ret=session_async_bridge_set_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SESSION_ACTION_CONTEXT].id, (void *)srt_action_context); + if(ret<0) + { + session_runtime_attribute_free(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SESSION_ACTION_CONTEXT].id, (void *)srt_action_context); + srt_action_context=NULL; + return NULL; + } + } + + return (const struct session_runtime_action_context *)srt_action_context; +} + const struct session_runtime_action_context *session_runtime_action_context_get(const struct streaminfo *a_stream) { return (const struct session_runtime_action_context *)session_async_bridge_get_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SESSION_ACTION_CONTEXT].id); @@ -503,7 +533,7 @@ const struct session_runtime_action_context *session_runtime_action_context_get( int srt_action_context_set_after_n_packet(const struct streaminfo *a_stream, int after_n_packets, int thread_seq) { - struct session_runtime_action_context *srt_action_context=(struct session_runtime_action_context *)session_runtime_action_context_get(a_stream); + struct session_runtime_action_context *srt_action_context=(struct session_runtime_action_context *)session_runtime_action_context_new(a_stream); if(srt_action_context==NULL) { srt_action_context=(struct session_runtime_action_context *)dictator_malloc(thread_seq, sizeof(struct session_runtime_action_context)); @@ -518,7 +548,7 @@ int srt_action_context_set_after_n_packet(const struct streaminfo *a_stream, int int srt_action_context_set_hitted_app_id(const struct streaminfo *a_stream, int hited_app_id, int thread_seq) { - struct session_runtime_action_context *srt_action_context=(struct session_runtime_action_context *)session_runtime_action_context_get(a_stream); + struct session_runtime_action_context *srt_action_context=(struct session_runtime_action_context *)session_runtime_action_context_new(a_stream); if(srt_action_context==NULL) { srt_action_context=(struct session_runtime_action_context *)dictator_malloc(thread_seq, sizeof(struct session_runtime_action_context)); @@ -533,7 +563,7 @@ int srt_action_context_set_hitted_app_id(const struct streaminfo *a_stream, int int srt_action_context_set_l7_protocol(const struct streaminfo *a_stream, enum TSG_PROTOCOL protocol, int thread_seq) { - struct session_runtime_action_context *srt_action_context=(struct session_runtime_action_context *)session_runtime_action_context_get(a_stream); + struct session_runtime_action_context *srt_action_context=(struct session_runtime_action_context *)session_runtime_action_context_new(a_stream); if(srt_action_context==NULL) { srt_action_context=(struct session_runtime_action_context *)dictator_malloc(thread_seq, sizeof(struct session_runtime_action_context)); @@ -548,7 +578,7 @@ int srt_action_context_set_l7_protocol(const struct streaminfo *a_stream, enum T int srt_action_context_set_rule_method(const struct streaminfo *a_stream, enum TSG_METHOD_TYPE method_type, int thread_seq) { - struct session_runtime_action_context *srt_action_context=(struct session_runtime_action_context *)session_runtime_action_context_get(a_stream); + struct session_runtime_action_context *srt_action_context=(struct session_runtime_action_context *)session_runtime_action_context_new(a_stream); if(srt_action_context==NULL) { srt_action_context=(struct session_runtime_action_context *)dictator_malloc(thread_seq, sizeof(struct session_runtime_action_context)); @@ -583,7 +613,7 @@ int srt_action_context_set_rule_method(const struct streaminfo *a_stream, enum T int srt_action_context_set_leaky_bucket(const struct streaminfo *a_stream, struct leaky_bucket *bucket, int thread_seq) { - struct session_runtime_action_context *srt_action_context=(struct session_runtime_action_context *)session_runtime_action_context_get(a_stream); + struct session_runtime_action_context *srt_action_context=(struct session_runtime_action_context *)session_runtime_action_context_new(a_stream); if(srt_action_context==NULL) { srt_action_context=(struct session_runtime_action_context *)dictator_malloc(thread_seq, sizeof(struct session_runtime_action_context)); @@ -783,14 +813,14 @@ void session_matched_rules_notify(const struct streaminfo *a_stream, TSG_SERVICE bridge_idx=BRIDGE_TYPE_SECURITY_RESULT; break; case TSG_SERVICE_INTERCEPT: - bridge_idx=BRIDGE_TYPE_INTERCEPT_RESULT; - break; + //bridge_idx=BRIDGE_TYPE_INTERCEPT_RESULT; + return; case TSG_SERVICE_CHAINING: matched_service_chaining_rules_deal(a_stream, rules, n_rules, thread_seq); - break; + return; case TSG_SERVICE_SHAPING: matched_shaping_rules_deal(a_stream, rules, n_rules, thread_seq); - break; + return; default: return ; } diff --git a/src/tsg_bridge.h b/src/tsg_bridge.h index f690154..62a062e 100644 --- a/src/tsg_bridge.h +++ b/src/tsg_bridge.h @@ -163,6 +163,7 @@ int session_mirror_packets_sync(const struct streaminfo *a_stream, struct maat_r void session_matched_rules_notify(const struct streaminfo * a_stream, TSG_SERVICE service, struct maat_rule *results, size_t n_results, int thread_seq); // session runtime attribute +const struct session_runtime_attribute *session_runtime_attribute_new(const struct streaminfo *a_stream); int srt_attribute_set_protocol(const struct streaminfo * a_stream, TSG_PROTOCOL protocol); int srt_attribute_set_flags(const struct streaminfo * a_stream, unsigned long s_flags); int srt_attribute_set_establish_latecy(const struct streaminfo * a_stream); @@ -175,6 +176,7 @@ void *session_gather_app_results_get(const struct streaminfo * a_stream); // session runtime do action context int session_runtime_action_context_async(const struct streaminfo *a_stream, void *data); +const struct session_runtime_action_context *session_runtime_action_context_new(const struct streaminfo *a_stream); const struct session_runtime_action_context *session_runtime_action_context_get(const struct streaminfo *a_stream); int srt_action_context_set_leaky_bucket(const struct streaminfo * a_stream, struct leaky_bucket * bucket, int thread_seq); int srt_action_context_set_l7_protocol(const struct streaminfo * a_stream, TSG_PROTOCOL protocol, int thread_seq); diff --git a/src/tsg_entry.cpp b/src/tsg_entry.cpp index 31c57b1..1ebbeb6 100644 --- a/src/tsg_entry.cpp +++ b/src/tsg_entry.cpp @@ -739,6 +739,11 @@ int session_state_sync_in_opening_and_closing(const struct streaminfo *a_stream, { struct segment_id_list sid_list={0}; + if(g_tsg_para.intercept_sid>0) + { + sid_list.sid_list[sid_list.sz_sidlist++]=(unsigned short)g_tsg_para.intercept_sid; + } + if(g_tsg_para.service_chaining_sid>0) { sid_list.sid_list[sid_list.sz_sidlist++]=(unsigned short)g_tsg_para.service_chaining_sid; @@ -801,6 +806,95 @@ int session_state_update_policy(struct update_policy *u_policy, struct maat_rule return 0; } +enum policy_type session_state_get_policy_type(TSG_SERVICE service) +{ + enum policy_type p_type=POLICY_UPDATE_MAX; + switch(service) + { + case TSG_SERVICE_CHAINING: + if(g_tsg_para.service_chaining_sid==0) + { + break; + } + return POLICY_UPDATE_SERVICE_CHAINING; + case TSG_SERVICE_SHAPING: + if(g_tsg_para.shaping_sid==0) + { + break; + } + return POLICY_UPDATE_SHAPING; + case TSG_SERVICE_INTERCEPT: + if(g_tsg_para.intercept_sid==0) + { + break; + } + return POLICY_UPDATE_INTERCEPT; + default: + break; + } + + return p_type; +} + +unsigned short session_state_update_segment_sids(struct segment_id_list *segment_ids, enum policy_type p_type) +{ + unsigned short segment_id=0; + unsigned short tmp_sids[POLICY_UPDATE_MAX]={0}; + + switch(p_type) + { + case POLICY_UPDATE_SHAPING: + segment_id=g_tsg_para.shaping_sid; + break; + case POLICY_UPDATE_INTERCEPT: + segment_id=g_tsg_para.intercept_sid; + break; + case POLICY_UPDATE_SERVICE_CHAINING: + segment_id=g_tsg_para.service_chaining_sid; + break; + default: + return 0; + } + + for(size_t i=0; isz_sidlist; i++) + { + if(segment_ids->sid_list[i]==segment_id || segment_id==0) + { + return segment_id; + } + + if(segment_ids->sid_list[i]==g_tsg_para.intercept_sid) + { + tmp_sids[POLICY_UPDATE_INTERCEPT]=segment_ids->sid_list[i]; + continue; + } + + if(segment_ids->sid_list[i]==g_tsg_para.service_chaining_sid) + { + tmp_sids[POLICY_UPDATE_SERVICE_CHAINING]=segment_ids->sid_list[i]; + continue; + } + + if(segment_ids->sid_list[i]==g_tsg_para.shaping_sid) + { + tmp_sids[POLICY_UPDATE_SHAPING]=segment_ids->sid_list[i]; + continue; + } + } + + tmp_sids[p_type]=segment_id; + segment_ids->sz_sidlist=0; + for(int i=0; isid_list[segment_ids->sz_sidlist++]=tmp_sids[i]; + } + } + + return segment_id; +} + size_t matched_rules_increase_in_activing(const struct matched_policy_rules *matched_rules, struct maat_rule *new_rules, size_t n_new_rules, struct maat_rule *inc_rules, size_t n_inc_rules) { size_t n_inc_rules_offset=0; @@ -828,33 +922,12 @@ size_t matched_rules_increase_in_activing(const struct matched_policy_rules *mat int session_set_segment_id_in_activing(const struct streaminfo *a_stream, TSG_SERVICE service, struct maat_rule *inc_rules, size_t n_inc_rules) { - unsigned short segment_id=0; - enum policy_type p_type=POLICY_UPDATE_MAX; - switch(service) - { - case TSG_SERVICE_CHAINING: - p_type=POLICY_UPDATE_SERVICE_CHAINING; - segment_id=(unsigned short)g_tsg_para.service_chaining_sid; - break; - case TSG_SERVICE_SHAPING: - p_type=POLICY_UPDATE_SHAPING; - segment_id=(unsigned short)g_tsg_para.shaping_sid; - break; - case TSG_SERVICE_INTERCEPT: - p_type=POLICY_UPDATE_INTERCEPT; - segment_id=(unsigned short)g_tsg_para.intercept_sid; - break; - default: - return 0; - } - - if(segment_id==0) + enum policy_type p_type=session_state_get_policy_type(service); + if(p_type>=POLICY_UPDATE_MAX) { return 0; } - MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_INFO, "set_segment_id", "set in active status , service:%d, sid:%u,session addr:%s", service, segment_id, PRINTADDR(a_stream, g_tsg_para.level)); - struct segment_id_list *segment_ids=(struct segment_id_list *)session_control_segment_ids_get(a_stream); if(segment_ids==NULL) { @@ -862,21 +935,15 @@ int session_set_segment_id_in_activing(const struct streaminfo *a_stream, TSG_SE memset(segment_ids, 0, sizeof(struct segment_id_list)); } - int add_sid=1; - for(size_t i=0; isz_sidlist; i++) + unsigned short segment_id=session_state_update_segment_sids(segment_ids, p_type); + if(segment_id==0) { - if(segment_ids->sid_list[i]==segment_id) - { - add_sid=0; - break; - } + dictator_free(a_stream->threadnum, (void *)segment_ids); + return 0; } - if(add_sid==1) - { - segment_ids->sid_list[segment_ids->sz_sidlist++]=segment_id; - } - + MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_INFO, "set_segment_id", "set in active status , service:%d, sid:%u,session addr:%s", service, segment_id, PRINTADDR(a_stream, g_tsg_para.level)); + struct segment_id_list sid_list; sid_list.sz_sidlist=1; sid_list.sid_list[0]=segment_id; @@ -888,7 +955,7 @@ int session_set_segment_id_in_activing(const struct streaminfo *a_stream, TSG_SE if(service==TSG_SERVICE_INTERCEPT) { memset(&policy_array[0].cmsg, 0, sizeof(struct proxy_cmsg)); - tsg_proxy_update_policy_fill(a_stream, &(policy_array[0])); + tsg_proxy_update_policy_fill(a_stream, &(policy_array[0]), segment_ids); struct matched_policy_rules *s_chaining = (struct matched_policy_rules *)session_matched_rules_get(a_stream, TSG_SERVICE_CHAINING); if(s_chaining!=NULL) @@ -1336,7 +1403,7 @@ static int session_l7_protocol_idnetify(const struct streaminfo *a_stream, struc static size_t tsg_scan_fqdn_category_id(const struct streaminfo *a_stream, struct maat *feather, char *domain, int table_idx, struct maat_state *s_mid, maat_rule *results, size_t n_result) { - struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_get(a_stream); + struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_new(a_stream); if(srt_attribute!=NULL && domain!=NULL && table_idx>=0) { srt_attribute->n_fqdn_category_ids=tsg_get_fqdn_category_ids(g_tsg_maat_feather, domain, srt_attribute->fqdn_category_ids, MAX_CATEGORY_ID_NUM); @@ -1530,13 +1597,6 @@ unsigned char session_matched_rules_deal(const struct streaminfo *a_stream, stru { matched_service_chaining_rules_deal(a_stream, s_chaining_rules, n_s_chaining_rules, a_stream->threadnum); } - - struct maat_rule intercept_rules[MAX_RESULT_NUM]={0}; - size_t n_intercept_rules=tsg_select_rules_by_service_id(rules, n_rules, intercept_rules, MAX_RESULT_NUM, TSG_SERVICE_INTERCEPT); - if(n_intercept_rules>0) - { - matched_intercept_rules_deal(a_stream, intercept_rules, n_intercept_rules, a_stream->threadnum); - } struct maat_rule shaping_rules[MAX_RESULT_NUM]={0}; size_t n_shaping_rules=tsg_select_rules_by_service_id(rules, n_rules, shaping_rules, MAX_RESULT_NUM, TSG_SERVICE_SHAPING); @@ -1545,6 +1605,13 @@ unsigned char session_matched_rules_deal(const struct streaminfo *a_stream, stru matched_shaping_rules_deal(a_stream, shaping_rules, n_shaping_rules, a_stream->threadnum); } + struct maat_rule intercept_rules[MAX_RESULT_NUM]={0}; + size_t n_intercept_rules=tsg_select_rules_by_service_id(rules, n_rules, intercept_rules, MAX_RESULT_NUM, TSG_SERVICE_INTERCEPT); + if(n_intercept_rules>0) + { + matched_intercept_rules_deal(a_stream, intercept_rules, n_intercept_rules, a_stream->threadnum); + } + struct maat_rule security_rules[MAX_RESULT_NUM]={0}; size_t n_security_rules=tsg_select_rules_by_service_id(rules, n_rules, security_rules, MAX_RESULT_NUM, TSG_SERVICE_SECURITY); if(n_security_rules>0) diff --git a/src/tsg_proxy.cpp b/src/tsg_proxy.cpp index 8e007fa..2601cda 100644 --- a/src/tsg_proxy.cpp +++ b/src/tsg_proxy.cpp @@ -6,6 +6,7 @@ #include "tsg_send_log.h" #include "tsg_sync_state.h" #include "tsg_proxy.h" +#include "tsg_bridge.h" #define DEFAULT_WINSCLE 0 #define DEFAULT_MSS 1460 @@ -20,6 +21,21 @@ enum tsg_proxy_ipv6hdr_parse_error{ TSG_PROXY_IPV6HDR_INVALID_TYPE = -3, }; +int update_segment_sids(struct cmsg_int16_array *d_sids_array, unsigned short *s_sids, unsigned int n_s_sids) +{ + for(unsigned int i=0; inum>=8) + { + break; + } + + d_sids_array->value[d_sids_array->num++]=s_sids[i]; + } + + return 1; +} + int tsg_proxy_ipv6_header_parse(const void *a_packet, struct pkt_info *pktinfo){ if(a_packet == NULL){ return TSG_PROXY_IPV6HDR_NULL_PACKET; @@ -233,7 +249,7 @@ void tsg_proxy_tcp_parse(struct tsg_proxy_tcp_attribute *tcp_attr, struct pkt_in static struct tsg_proxy_tcp_attribute *tsg_proxy_tcp_attribute_get(const struct streaminfo *stream) { - struct session_runtime_attribute *srt_attribute = (struct session_runtime_attribute *)session_runtime_attribute_get(stream); + struct session_runtime_attribute *srt_attribute = (struct session_runtime_attribute *)session_runtime_attribute_new(stream); if (srt_attribute == NULL) { MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "PROXY", "Failed to get session runtime attribute, stream treaceid = %llu", tsg_get_stream_trace_id(stream)); return NULL; @@ -497,7 +513,7 @@ static void tsg_proxy_tcp_attribute_dump(tsg_proxy_tcp_attribute *tcp_attr, stru return; } -void tsg_proxy_update_policy_fill(const struct streaminfo *stream, struct update_policy *policy) +void tsg_proxy_update_policy_fill(const struct streaminfo *stream, struct update_policy *policy, struct segment_id_list *segment_ids) { struct proxy_cmsg *cmsg = &policy->cmsg; struct tsg_proxy_tcp_attribute *tcp_attr = tsg_proxy_tcp_attribute_get(stream); @@ -524,10 +540,8 @@ void tsg_proxy_update_policy_fill(const struct streaminfo *stream, struct update cmsg->tcp_seq_route_ctx.num = client->route_ctx_len; memcpy(cmsg->tcp_seq_route_ctx.value, client->route_ctx, client->route_ctx_len); - cmsg->tcp_seq_sids.num = client->sid_list.sz_sidlist; - for (unsigned int i = 0; i < client->sid_list.sz_sidlist; i++) { - cmsg->tcp_seq_sids.value[i] = client->sid_list.sid_list[i]; - } + update_segment_sids(&cmsg->tcp_seq_sids, segment_ids->sid_list+1, segment_ids->sz_sidlist-1); // delete intercept sid + update_segment_sids(&cmsg->tcp_seq_sids, client->sid_list.sid_list, client->sid_list.sz_sidlist); cmsg->tcp_mss_server = server->mss; cmsg->tcp_sack_server = server->sack; @@ -538,10 +552,8 @@ void tsg_proxy_update_policy_fill(const struct streaminfo *stream, struct update cmsg->tcp_ack_route_ctx.num = server->route_ctx_len; memcpy(cmsg->tcp_ack_route_ctx.value, server->route_ctx, server->route_ctx_len); - cmsg->tcp_ack_sids.num = server->sid_list.sz_sidlist; - for (unsigned int i = 0; i < server->sid_list.sz_sidlist; i++) { - cmsg->tcp_ack_sids.value[i] = server->sid_list.sid_list[i]; - } + update_segment_sids(&cmsg->tcp_seq_sids, segment_ids->sid_list+1, segment_ids->sz_sidlist-1); // delete intercept sid + update_segment_sids(&cmsg->tcp_ack_sids, server->sid_list.sid_list, server->sid_list.sz_sidlist); if (client->wscale_set && server->wscale_set) { cmsg->tcp_wsacle_exist = 1; @@ -558,4 +570,4 @@ void tsg_proxy_update_policy_fill(const struct streaminfo *stream, struct update tsg_proxy_tcp_attribute_dump(tcp_attr, cmsg, stream); return; -} \ No newline at end of file +} diff --git a/src/tsg_proxy.h b/src/tsg_proxy.h index 7ad87dc..9565879 100644 --- a/src/tsg_proxy.h +++ b/src/tsg_proxy.h @@ -50,4 +50,4 @@ void tsg_proxy_tcp_parse(struct tsg_proxy_tcp_attribute *tcp_attr, struct pkt_in void tsg_proxy_first_data_process(const struct streaminfo *stream, struct tsg_proxy_tcp_attribute *tcp_attr, struct pkt_info *pktinfo); void tsg_proxy_tcp_options_parse(const struct streaminfo *stream, const void *a_packet); -void tsg_proxy_update_policy_fill(const struct streaminfo *stream, struct update_policy *policy); \ No newline at end of file +void tsg_proxy_update_policy_fill(const struct streaminfo *stream, struct update_policy *policy, struct segment_id_list *segment_ids); \ No newline at end of file diff --git a/src/tsg_sync_state.h b/src/tsg_sync_state.h index 801ebc1..ff9fe8f 100644 --- a/src/tsg_sync_state.h +++ b/src/tsg_sync_state.h @@ -5,7 +5,7 @@ enum policy_type { - POLICY_UPDATE_INTERCEPT = 0, + POLICY_UPDATE_INTERCEPT=0, POLICY_UPDATE_SERVICE_CHAINING, POLICY_UPDATE_SHAPING, POLICY_UPDATE_MAX diff --git a/test/src/gtest_master.cpp b/test/src/gtest_master.cpp index cf95413..76cc51a 100644 --- a/test/src/gtest_master.cpp +++ b/test/src/gtest_master.cpp @@ -10,7 +10,8 @@ extern int rd_kafka_get_sendlog_cnt(void); extern const char *rd_kafka_get_sendlog_payload(int idx); extern int matched_shaping_rules_deal(const struct streaminfo *a_stream, struct maat_rule *shaping_rules, size_t n_shaping_rules, int thread_seq);; -extern int matched_service_chaining_rules_deal(const struct streaminfo *a_stream, struct maat_rule *service_chaining_rules, size_t n_service_chaining_rules, int thread_seq);; +extern int matched_service_chaining_rules_deal(const struct streaminfo *a_stream, struct maat_rule *service_chaining_rules, size_t n_service_chaining_rules, int thread_seq); +extern int matched_intercept_rules_deal(const struct streaminfo * a_stream, struct maat_rule * intercept_rules, size_t n_intercept_rules, int thread_seq); extern void session_segment_id_free(const struct streaminfo * a_stream, int bridge_id, void * data); @@ -492,29 +493,38 @@ TEST(TSGMaster, SecurityDuplicatePolicyMultipleNotify) extern int session_packet_capture_by_rules_notify(const struct streaminfo *a_stream, struct maat_rule *rules, size_t n_rules, int thread_seq); -TEST(TSGMaster, SecurityPolicyIntercept) +TEST(TSGMaster, InterceptPolicyNotify) { const struct streaminfo a_stream={0}; struct maat_rule matched_policy[MAX_RESULT_NUM]={0}; matched_policy[1].action=TSG_ACTION_INTERCEPT; matched_policy[1].rule_id=TSG_ACTION_INTERCEPT; + matched_policy[1].service_id=TSG_SERVICE_INTERCEPT; // Set Intercept - session_matched_rules_notify(&a_stream, TSG_SERVICE_SECURITY, &matched_policy[1], 1, 0); + matched_intercept_rules_deal(&a_stream, &matched_policy[1], 1, 0); - const struct matched_policy_rules *hited_security=session_matched_rules_get(&a_stream, TSG_SERVICE_SECURITY); - EXPECT_NE(nullptr, hited_security); - EXPECT_EQ(1, hited_security->n_rules); - EXPECT_EQ(TSG_ACTION_INTERCEPT, hited_security->rules[0].action); - EXPECT_EQ(TSG_ACTION_INTERCEPT, hited_security->rules[0].rule_id); + const struct matched_policy_rules *hited_intercept=session_matched_rules_get(&a_stream, TSG_SERVICE_INTERCEPT); + EXPECT_NE(nullptr, hited_intercept); + EXPECT_EQ(1, hited_intercept->n_rules); + EXPECT_EQ(TSG_ACTION_INTERCEPT, hited_intercept->rules[0].action); + EXPECT_EQ(TSG_ACTION_INTERCEPT, hited_intercept->rules[0].rule_id); + EXPECT_EQ(TSG_SERVICE_INTERCEPT, hited_intercept->rules[0].service_id); - session_matched_rules_free(&a_stream, TSG_SERVICE_SECURITY, (void *)hited_security); - session_matched_rules_async(&a_stream, TSG_SERVICE_SECURITY, NULL); - EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_SECURITY)); + struct segment_id_list *segment_ids=(struct segment_id_list *)session_control_segment_ids_get(&a_stream); + EXPECT_NE(nullptr, segment_ids); + EXPECT_EQ(1, segment_ids->sz_sidlist); + EXPECT_EQ(g_tsg_para.intercept_sid, segment_ids->sid_list[0]); + + session_segment_id_free(&a_stream, 0, (void *)segment_ids); + session_control_segment_ids_async(&a_stream, NULL); + + session_matched_rules_free(&a_stream, TSG_SERVICE_INTERCEPT, (void *)hited_intercept); + session_matched_rules_async(&a_stream, TSG_SERVICE_INTERCEPT, NULL); + EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_INTERCEPT)); } - TEST(TSGMaster, SecurityMultiplePolicyMonitorToIntercept) { const struct streaminfo a_stream={0}; @@ -522,9 +532,11 @@ TEST(TSGMaster, SecurityMultiplePolicyMonitorToIntercept) matched_policy[0].action=TSG_ACTION_MONITOR; matched_policy[0].rule_id=TSG_ACTION_MONITOR; + matched_policy[0].service_id=TSG_SERVICE_SECURITY; matched_policy[1].action=TSG_ACTION_INTERCEPT; matched_policy[1].rule_id=TSG_ACTION_INTERCEPT; + matched_policy[1].service_id=TSG_SERVICE_INTERCEPT; // First Monitor, second Intercpt session_matched_rules_notify(&a_stream, TSG_SERVICE_SECURITY, &matched_policy[0], 1, 0); @@ -553,12 +565,13 @@ TEST(TSGMaster, SecurityMultiplePolicyMonitorToIntercept) EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_SECURITY)); // Set Intercept - session_matched_rules_notify(&a_stream, TSG_SERVICE_INTERCEPT, &matched_policy[1], 1, 0); + matched_intercept_rules_deal(&a_stream, &matched_policy[1], 1, 0); ret=session_matched_rules_copy(&a_stream, TSG_SERVICE_INTERCEPT, &(matched_policy[2]), 1); EXPECT_EQ(1, ret); EXPECT_EQ(TSG_ACTION_INTERCEPT, matched_policy[2].action); EXPECT_EQ(TSG_ACTION_INTERCEPT, matched_policy[2].rule_id); + EXPECT_EQ(TSG_SERVICE_INTERCEPT, matched_policy[2].service_id); ret=session_matched_rules_copy(&a_stream, TSG_SERVICE_INTERCEPT, &(matched_policy[2]), 1); EXPECT_EQ(1, ret); @@ -571,12 +584,19 @@ TEST(TSGMaster, SecurityMultiplePolicyMonitorToIntercept) EXPECT_EQ(TSG_ACTION_INTERCEPT, hited_intercept->rules[0].action); EXPECT_EQ(TSG_ACTION_INTERCEPT, hited_intercept->rules[0].rule_id); + struct segment_id_list *segment_ids=(struct segment_id_list *)session_control_segment_ids_get(&a_stream); + EXPECT_NE(nullptr, segment_ids); + EXPECT_EQ(1, segment_ids->sz_sidlist); + EXPECT_EQ(g_tsg_para.intercept_sid, segment_ids->sid_list[0]); + + session_segment_id_free(&a_stream, 0, (void *)segment_ids); + session_control_segment_ids_async(&a_stream, NULL); + session_matched_rules_free(&a_stream, TSG_SERVICE_INTERCEPT, (void *)hited_intercept); session_matched_rules_async(&a_stream, TSG_SERVICE_INTERCEPT, NULL); EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_INTERCEPT)); } - TEST(TSGMaster, ShapingAndServiceChainingPolicyNotify) { const struct streaminfo a_stream={0}; @@ -635,6 +655,198 @@ TEST(TSGMaster, ShapingAndServiceChainingPolicyNotify) EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_CHAINING)); } +TEST(TSGMaster, InterceptPolicy) +{ + const struct streaminfo a_stream={0}; + struct maat_rule matched_policy[MAX_RESULT_NUM]={0}; + + matched_policy[1].action=TSG_ACTION_INTERCEPT; + matched_policy[1].rule_id=TSG_ACTION_INTERCEPT; + matched_policy[1].service_id=TSG_SERVICE_INTERCEPT; + + // Set Intercept + matched_intercept_rules_deal(&a_stream, &matched_policy[1], 1, 0); + const struct matched_policy_rules *hited_intercept=session_matched_rules_get(&a_stream, TSG_SERVICE_INTERCEPT); + EXPECT_NE(nullptr, hited_intercept); + EXPECT_EQ(1, hited_intercept->n_rules); + EXPECT_EQ(TSG_ACTION_INTERCEPT, hited_intercept->rules[0].action); + EXPECT_EQ(TSG_ACTION_INTERCEPT, hited_intercept->rules[0].rule_id); + EXPECT_EQ(TSG_SERVICE_INTERCEPT, hited_intercept->rules[0].service_id); + + struct segment_id_list *segment_ids=(struct segment_id_list *)session_control_segment_ids_get(&a_stream); + EXPECT_NE(nullptr, segment_ids); + EXPECT_EQ(1, segment_ids->sz_sidlist); + EXPECT_EQ(g_tsg_para.intercept_sid, segment_ids->sid_list[0]); + + session_segment_id_free(&a_stream, 0, (void *)segment_ids); + session_control_segment_ids_async(&a_stream, NULL); + + session_matched_rules_free(&a_stream, TSG_SERVICE_INTERCEPT, (void *)hited_intercept); + session_matched_rules_async(&a_stream, TSG_SERVICE_INTERCEPT, NULL); + EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_INTERCEPT)); +} + +TEST(TSGMaster, InterceptAndNOInterceptPolicy) +{ + const struct streaminfo a_stream={0}; + struct maat_rule matched_policy[MAX_RESULT_NUM]={0}; + + matched_policy[0].action=TSG_ACTION_NO_INTERCEPT; + matched_policy[0].rule_id=TSG_ACTION_NO_INTERCEPT; + matched_policy[0].service_id=TSG_SERVICE_INTERCEPT; + + matched_policy[1].action=TSG_ACTION_INTERCEPT; + matched_policy[1].rule_id=TSG_ACTION_INTERCEPT; + matched_policy[1].service_id=TSG_SERVICE_INTERCEPT; + + // Set Intercept And NO Intercept + matched_intercept_rules_deal(&a_stream, matched_policy, 2, 0); + const struct matched_policy_rules *hited_intercept=session_matched_rules_get(&a_stream, TSG_SERVICE_INTERCEPT); + EXPECT_NE(nullptr, hited_intercept); + EXPECT_EQ(1, hited_intercept->n_rules); + EXPECT_EQ(TSG_ACTION_NO_INTERCEPT, hited_intercept->rules[0].action); + EXPECT_EQ(TSG_ACTION_NO_INTERCEPT, hited_intercept->rules[0].rule_id); + EXPECT_EQ(TSG_SERVICE_INTERCEPT, hited_intercept->rules[0].service_id); + + struct segment_id_list *segment_ids=(struct segment_id_list *)session_control_segment_ids_get(&a_stream); + EXPECT_NE(nullptr, segment_ids); + EXPECT_EQ(1, segment_ids->sz_sidlist); + EXPECT_EQ(g_tsg_para.intercept_sid, segment_ids->sid_list[0]); + + session_segment_id_free(&a_stream, 0, (void *)segment_ids); + session_control_segment_ids_async(&a_stream, NULL); + + session_matched_rules_free(&a_stream, TSG_SERVICE_INTERCEPT, (void *)hited_intercept); + session_matched_rules_async(&a_stream, TSG_SERVICE_INTERCEPT, NULL); + EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_INTERCEPT)); +} + +TEST(TSGMaster, ServiceChainingAndInterceptPolicy) +{ + const struct streaminfo a_stream={0}; + struct maat_rule matched_policy[MAX_RESULT_NUM]={0}; + + matched_policy[0].action=TSG_ACTION_S_CHAINING; + matched_policy[0].rule_id=TSG_ACTION_S_CHAINING; + + // Set Service chaining + matched_service_chaining_rules_deal(&a_stream, &matched_policy[0], 1, 0); + const struct matched_policy_rules *hited_s_chaining=session_matched_rules_get(&a_stream, TSG_SERVICE_CHAINING); + EXPECT_NE(nullptr, hited_s_chaining); + EXPECT_EQ(1, hited_s_chaining->n_rules); + EXPECT_EQ(TSG_ACTION_S_CHAINING, hited_s_chaining->rules[0].action); + EXPECT_EQ(TSG_ACTION_S_CHAINING, hited_s_chaining->rules[0].rule_id); + + struct segment_id_list *segment_ids=(struct segment_id_list *)session_control_segment_ids_get(&a_stream); + EXPECT_NE(nullptr, segment_ids); + EXPECT_EQ(1, segment_ids->sz_sidlist); + EXPECT_EQ(g_tsg_para.service_chaining_sid, segment_ids->sid_list[0]); + + // Set Intercept + matched_policy[1].action=TSG_ACTION_INTERCEPT; + matched_policy[1].rule_id=TSG_ACTION_INTERCEPT; + matched_policy[1].service_id=TSG_SERVICE_INTERCEPT; + + matched_intercept_rules_deal(&a_stream, &matched_policy[1], 1, 0); + const struct matched_policy_rules *hited_intercept=session_matched_rules_get(&a_stream, TSG_SERVICE_INTERCEPT); + EXPECT_NE(nullptr, hited_intercept); + EXPECT_EQ(1, hited_intercept->n_rules); + EXPECT_EQ(TSG_ACTION_INTERCEPT, hited_intercept->rules[0].action); + EXPECT_EQ(TSG_ACTION_INTERCEPT, hited_intercept->rules[0].rule_id); + EXPECT_EQ(TSG_SERVICE_INTERCEPT, hited_intercept->rules[0].service_id); + + segment_ids=(struct segment_id_list *)session_control_segment_ids_get(&a_stream); + EXPECT_NE(nullptr, segment_ids); + EXPECT_EQ(2, segment_ids->sz_sidlist); + EXPECT_EQ(g_tsg_para.intercept_sid, segment_ids->sid_list[0]); + EXPECT_EQ(g_tsg_para.service_chaining_sid, segment_ids->sid_list[1]); + + session_segment_id_free(&a_stream, 0, (void *)segment_ids); + session_control_segment_ids_async(&a_stream, NULL); + + session_matched_rules_free(&a_stream, TSG_SERVICE_CHAINING, (void *)hited_s_chaining); + session_matched_rules_async(&a_stream, TSG_SERVICE_CHAINING, NULL); + EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_CHAINING)); + + session_matched_rules_free(&a_stream, TSG_SERVICE_INTERCEPT, (void *)hited_intercept); + session_matched_rules_async(&a_stream, TSG_SERVICE_INTERCEPT, NULL); + EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_INTERCEPT)); +} + +TEST(TSGMaster, ServiceChainingAndShapingAndInterceptPolicy) +{ + const struct streaminfo a_stream={0}; + struct maat_rule matched_policy[MAX_RESULT_NUM]={0}; + + // Set Shaping + matched_policy[0].action=TSG_ACTION_SHAPING; + matched_policy[0].rule_id=TSG_ACTION_SHAPING; + + matched_shaping_rules_deal(&a_stream, &matched_policy[0], 1, 0); + const struct matched_policy_rules *hited_shaping=session_matched_rules_get(&a_stream, TSG_SERVICE_SHAPING); + EXPECT_NE(nullptr, hited_shaping); + EXPECT_EQ(1, hited_shaping->n_rules); + EXPECT_EQ(TSG_ACTION_SHAPING, hited_shaping->rules[0].action); + EXPECT_EQ(TSG_ACTION_SHAPING, hited_shaping->rules[0].rule_id); + + struct segment_id_list *segment_ids=(struct segment_id_list *)session_control_segment_ids_get(&a_stream); + EXPECT_NE(nullptr, segment_ids); + EXPECT_EQ(1, segment_ids->sz_sidlist); + EXPECT_EQ(g_tsg_para.shaping_sid, segment_ids->sid_list[0]); + + // Set Service chaining + matched_policy[0].action=TSG_ACTION_S_CHAINING; + matched_policy[0].rule_id=TSG_ACTION_S_CHAINING; + + matched_service_chaining_rules_deal(&a_stream, &matched_policy[0], 1, 0); + const struct matched_policy_rules *hited_s_chaining=session_matched_rules_get(&a_stream, TSG_SERVICE_CHAINING); + EXPECT_NE(nullptr, hited_s_chaining); + EXPECT_EQ(1, hited_s_chaining->n_rules); + EXPECT_EQ(TSG_ACTION_S_CHAINING, hited_s_chaining->rules[0].action); + EXPECT_EQ(TSG_ACTION_S_CHAINING, hited_s_chaining->rules[0].rule_id); + + segment_ids=(struct segment_id_list *)session_control_segment_ids_get(&a_stream); + EXPECT_NE(nullptr, segment_ids); + EXPECT_EQ(2, segment_ids->sz_sidlist); + EXPECT_EQ(g_tsg_para.service_chaining_sid, segment_ids->sid_list[0]); + EXPECT_EQ(g_tsg_para.shaping_sid, segment_ids->sid_list[1]); + + // Set Intercept + matched_policy[1].action=TSG_ACTION_INTERCEPT; + matched_policy[1].rule_id=TSG_ACTION_INTERCEPT; + matched_policy[1].service_id=TSG_SERVICE_INTERCEPT; + + matched_intercept_rules_deal(&a_stream, &matched_policy[1], 1, 0); + const struct matched_policy_rules *hited_intercept=session_matched_rules_get(&a_stream, TSG_SERVICE_INTERCEPT); + EXPECT_NE(nullptr, hited_intercept); + EXPECT_EQ(1, hited_intercept->n_rules); + EXPECT_EQ(TSG_ACTION_INTERCEPT, hited_intercept->rules[0].action); + EXPECT_EQ(TSG_ACTION_INTERCEPT, hited_intercept->rules[0].rule_id); + EXPECT_EQ(TSG_SERVICE_INTERCEPT, hited_intercept->rules[0].service_id); + + segment_ids=(struct segment_id_list *)session_control_segment_ids_get(&a_stream); + EXPECT_NE(nullptr, segment_ids); + EXPECT_EQ(3, segment_ids->sz_sidlist); + EXPECT_EQ(g_tsg_para.intercept_sid, segment_ids->sid_list[0]); + EXPECT_EQ(g_tsg_para.service_chaining_sid, segment_ids->sid_list[1]); + EXPECT_EQ(g_tsg_para.shaping_sid, segment_ids->sid_list[2]); + + session_segment_id_free(&a_stream, 0, (void *)segment_ids); + session_control_segment_ids_async(&a_stream, NULL); + + session_matched_rules_free(&a_stream, TSG_SERVICE_SHAPING, (void *)hited_shaping); + session_matched_rules_async(&a_stream, TSG_SERVICE_SHAPING, NULL); + EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_SHAPING)); + + session_matched_rules_free(&a_stream, TSG_SERVICE_CHAINING, (void *)hited_s_chaining); + session_matched_rules_async(&a_stream, TSG_SERVICE_CHAINING, NULL); + EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_CHAINING)); + + session_matched_rules_free(&a_stream, TSG_SERVICE_INTERCEPT, (void *)hited_intercept); + session_matched_rules_async(&a_stream, TSG_SERVICE_INTERCEPT, NULL); + EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_INTERCEPT)); +} + int main(int argc, char *argv[]) { TSG_MASTER_INIT(); diff --git a/test/src/gtest_sync_state.cpp b/test/src/gtest_sync_state.cpp index 5dd8629..14a6642 100644 --- a/test/src/gtest_sync_state.cpp +++ b/test/src/gtest_sync_state.cpp @@ -190,7 +190,7 @@ TEST(POLICY_UPDATE, Shaper) TEST(SESSION_STATE, ActiveStateServiceChainingAndShaping0) { struct streaminfo a_stream = {0}; - struct update_policy policy_array[2]; + struct update_policy policy_array[POLICY_UPDATE_MAX]; char test_str[256] = {0}; char ctrl_pkt_buf[1024]; int ctrl_pkt_len = 0; @@ -482,4 +482,4 @@ int main(int argc, char *argv[]) int ret = RUN_ALL_TESTS(); MESA_destroy_runtime_log_handle(g_tsg_para.logger); return ret; -} \ No newline at end of file +}