TSG-14932: 控制报文中需增加service chaining和shaping的SID, 保证SID的顺序 , TFE -> service...
This commit is contained in:
刘学利
@@ -52,6 +52,7 @@ DEVICE_SN_FILENAME="/opt/tsg/etc/tsg_sn.json"
|
||||
DEVICE_ID_COMMAND="hostname | awk -F'-' '{print $3}'| awk -F'ADC' '{print $2}'"
|
||||
SERVICE_CHAINING_SID=1004
|
||||
SHAPING_SID=1005
|
||||
PROXY_SID=1006
|
||||
|
||||
[TRAFFIC_MIRROR]
|
||||
TRAFFIC_MIRROR_ENABLE=1
|
||||
|
||||
@@ -8,6 +8,7 @@ TOPIC INTERIM-SESSION-RECORD 4
|
||||
TOPIC TRANSACTION-RECORD 5
|
||||
TOPIC GTPC-RECORD 6
|
||||
TOPIC BGP-RECORD 7
|
||||
TOPIC PROXY-EVENT 8
|
||||
|
||||
#TYPE FIELD VALUE
|
||||
LONG common_policy_id 1
|
||||
|
||||
@@ -179,7 +179,7 @@ void *session_async_bridge_get_data(const struct streaminfo *a_stream, int bridg
|
||||
return NULL;
|
||||
}
|
||||
|
||||
const struct session_runtime_attribute *session_runtime_attribute_get(const struct streaminfo *a_stream)
|
||||
const struct session_runtime_attribute *session_runtime_attribute_new(const struct streaminfo *a_stream)
|
||||
{
|
||||
struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_async_bridge_get_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SESSION_ATTRIBUTE].id);
|
||||
if(srt_attribute==NULL)
|
||||
@@ -199,6 +199,11 @@ const struct session_runtime_attribute *session_runtime_attribute_get(const stru
|
||||
return (const struct session_runtime_attribute *)srt_attribute;
|
||||
}
|
||||
|
||||
const struct session_runtime_attribute *session_runtime_attribute_get(const struct streaminfo *a_stream)
|
||||
{
|
||||
return (struct session_runtime_attribute *)session_async_bridge_get_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SESSION_ATTRIBUTE].id);
|
||||
}
|
||||
|
||||
int srt_attribute_set_establish_latecy(const struct streaminfo *a_stream)
|
||||
{
|
||||
unsigned long long create_time=0;
|
||||
@@ -218,7 +223,7 @@ int srt_attribute_set_establish_latecy(const struct streaminfo *a_stream)
|
||||
return 0;
|
||||
}
|
||||
|
||||
struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_get(a_stream);
|
||||
struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_new(a_stream);
|
||||
if(srt_attribute)
|
||||
{
|
||||
srt_attribute->establish_latency_ms=current_time-create_time;
|
||||
@@ -230,7 +235,7 @@ int srt_attribute_set_establish_latecy(const struct streaminfo *a_stream)
|
||||
|
||||
int srt_attribute_set_protocol(const struct streaminfo *a_stream, TSG_PROTOCOL protocol)
|
||||
{
|
||||
struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_get(a_stream);
|
||||
struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_new(a_stream);
|
||||
if(srt_attribute)
|
||||
{
|
||||
srt_attribute->proto=protocol;
|
||||
@@ -242,7 +247,7 @@ int srt_attribute_set_protocol(const struct streaminfo *a_stream, TSG_PROTOCOL p
|
||||
|
||||
int srt_attribute_set_reponse_size(const struct streaminfo *a_stream, int http_action_file_size)
|
||||
{
|
||||
struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_get(a_stream);
|
||||
struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_new(a_stream);
|
||||
if(srt_attribute)
|
||||
{
|
||||
srt_attribute->http_action_file_size=http_action_file_size;
|
||||
@@ -254,7 +259,7 @@ int srt_attribute_set_reponse_size(const struct streaminfo *a_stream, int http_a
|
||||
|
||||
int srt_attribute_set_ja3_fingprint(const struct streaminfo *a_stream, const char *ja3_fingerprint)
|
||||
{
|
||||
struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_get(a_stream);
|
||||
struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_new(a_stream);
|
||||
if(srt_attribute)
|
||||
{
|
||||
srt_attribute->ja3_fingerprint=ja3_fingerprint;
|
||||
@@ -266,7 +271,7 @@ int srt_attribute_set_ja3_fingprint(const struct streaminfo *a_stream, const cha
|
||||
|
||||
int srt_atttribute_set_umts_user_info(const struct streaminfo *a_stream, struct umts_user_info *user_info)
|
||||
{
|
||||
struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_get(a_stream);
|
||||
struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_new(a_stream);
|
||||
if(srt_attribute)
|
||||
{
|
||||
srt_attribute->user_info=user_info;
|
||||
@@ -278,7 +283,7 @@ int srt_atttribute_set_umts_user_info(const struct streaminfo *a_stream, struct
|
||||
|
||||
int srt_atttribute_set_subscriber_id(const struct streaminfo *a_stream, struct subscribe_id_info *c_subscribe_id, struct subscribe_id_info *s_subscribe_id)
|
||||
{
|
||||
struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_get(a_stream);
|
||||
struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_new(a_stream);
|
||||
if(srt_attribute)
|
||||
{
|
||||
srt_attribute->client_subscribe_id=c_subscribe_id;
|
||||
@@ -291,7 +296,7 @@ int srt_atttribute_set_subscriber_id(const struct streaminfo *a_stream, struct s
|
||||
|
||||
int srt_atttribute_set_ip_asn(const struct streaminfo *a_stream, struct asn_info *c_asn, struct asn_info *s_asn)
|
||||
{
|
||||
struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_get(a_stream);
|
||||
struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_new(a_stream);
|
||||
if(srt_attribute)
|
||||
{
|
||||
srt_attribute->client_asn=c_asn;
|
||||
@@ -304,7 +309,7 @@ int srt_atttribute_set_ip_asn(const struct streaminfo *a_stream, struct asn_info
|
||||
|
||||
int srt_atttribute_set_ip_location(const struct streaminfo *a_stream, struct location_info *c_location, struct location_info *s_location)
|
||||
{
|
||||
struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_get(a_stream);
|
||||
struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_new(a_stream);
|
||||
if(srt_attribute)
|
||||
{
|
||||
srt_attribute->client_location=c_location;
|
||||
@@ -317,7 +322,7 @@ int srt_atttribute_set_ip_location(const struct streaminfo *a_stream, struct loc
|
||||
|
||||
int srt_attribute_set_category_ids(const struct streaminfo *a_stream, unsigned int *category_ids, int n_category_ids)
|
||||
{
|
||||
struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_get(a_stream);
|
||||
struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_new(a_stream);
|
||||
if(srt_attribute)
|
||||
{
|
||||
if(n_category_ids<=0 || n_category_ids>MAX_CATEGORY_ID_NUM)
|
||||
@@ -335,7 +340,7 @@ int srt_attribute_set_category_ids(const struct streaminfo *a_stream, unsigned i
|
||||
|
||||
int srt_attribute_set_flags(const struct streaminfo *a_stream, unsigned long s_flags)
|
||||
{
|
||||
struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_get(a_stream);
|
||||
struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_new(a_stream);
|
||||
if(srt_attribute)
|
||||
{
|
||||
srt_attribute->session_flags=s_flags;
|
||||
@@ -431,7 +436,7 @@ int session_runtime_process_context_async(const struct streaminfo *a_stream, voi
|
||||
return session_async_bridge_set_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SESSION_PROCESS_CONTEXT].id, data);
|
||||
}
|
||||
|
||||
const struct session_runtime_process_context *session_runtime_process_context_get(const struct streaminfo *a_stream)
|
||||
const struct session_runtime_process_context *session_runtime_process_context_new(const struct streaminfo *a_stream)
|
||||
{
|
||||
struct session_runtime_process_context *srt_attribute=(struct session_runtime_process_context *)session_async_bridge_get_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SESSION_PROCESS_CONTEXT].id);
|
||||
if(srt_attribute==NULL)
|
||||
@@ -451,6 +456,11 @@ const struct session_runtime_process_context *session_runtime_process_context_ge
|
||||
return (const struct session_runtime_process_context *)srt_attribute;
|
||||
}
|
||||
|
||||
const struct session_runtime_process_context *session_runtime_process_context_get(const struct streaminfo *a_stream)
|
||||
{
|
||||
return (struct session_runtime_process_context *)session_async_bridge_get_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SESSION_PROCESS_CONTEXT].id);
|
||||
}
|
||||
|
||||
enum TSG_PROTOCOL srt_process_context_get_protocol(const struct session_runtime_process_context *srt_process_context)
|
||||
{
|
||||
if(srt_process_context!=NULL)
|
||||
@@ -496,6 +506,26 @@ int session_runtime_action_context_async(const struct streaminfo *a_stream, void
|
||||
return session_async_bridge_set_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SESSION_ACTION_CONTEXT].id, data);
|
||||
}
|
||||
|
||||
const struct session_runtime_action_context *session_runtime_action_context_new(const struct streaminfo *a_stream)
|
||||
{
|
||||
struct session_runtime_action_context *srt_action_context=(struct session_runtime_action_context *)session_async_bridge_get_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SESSION_PROCESS_CONTEXT].id);
|
||||
if(srt_action_context==NULL)
|
||||
{
|
||||
srt_action_context=(struct session_runtime_action_context *)dictator_malloc(a_stream->threadnum, sizeof(struct session_runtime_action_context));
|
||||
memset(srt_action_context, 0, sizeof(struct session_runtime_action_context));
|
||||
|
||||
int ret=session_async_bridge_set_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SESSION_ACTION_CONTEXT].id, (void *)srt_action_context);
|
||||
if(ret<0)
|
||||
{
|
||||
session_runtime_attribute_free(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SESSION_ACTION_CONTEXT].id, (void *)srt_action_context);
|
||||
srt_action_context=NULL;
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
||||
return (const struct session_runtime_action_context *)srt_action_context;
|
||||
}
|
||||
|
||||
const struct session_runtime_action_context *session_runtime_action_context_get(const struct streaminfo *a_stream)
|
||||
{
|
||||
return (const struct session_runtime_action_context *)session_async_bridge_get_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SESSION_ACTION_CONTEXT].id);
|
||||
@@ -503,7 +533,7 @@ const struct session_runtime_action_context *session_runtime_action_context_get(
|
||||
|
||||
int srt_action_context_set_after_n_packet(const struct streaminfo *a_stream, int after_n_packets, int thread_seq)
|
||||
{
|
||||
struct session_runtime_action_context *srt_action_context=(struct session_runtime_action_context *)session_runtime_action_context_get(a_stream);
|
||||
struct session_runtime_action_context *srt_action_context=(struct session_runtime_action_context *)session_runtime_action_context_new(a_stream);
|
||||
if(srt_action_context==NULL)
|
||||
{
|
||||
srt_action_context=(struct session_runtime_action_context *)dictator_malloc(thread_seq, sizeof(struct session_runtime_action_context));
|
||||
@@ -518,7 +548,7 @@ int srt_action_context_set_after_n_packet(const struct streaminfo *a_stream, int
|
||||
|
||||
int srt_action_context_set_hitted_app_id(const struct streaminfo *a_stream, int hited_app_id, int thread_seq)
|
||||
{
|
||||
struct session_runtime_action_context *srt_action_context=(struct session_runtime_action_context *)session_runtime_action_context_get(a_stream);
|
||||
struct session_runtime_action_context *srt_action_context=(struct session_runtime_action_context *)session_runtime_action_context_new(a_stream);
|
||||
if(srt_action_context==NULL)
|
||||
{
|
||||
srt_action_context=(struct session_runtime_action_context *)dictator_malloc(thread_seq, sizeof(struct session_runtime_action_context));
|
||||
@@ -533,7 +563,7 @@ int srt_action_context_set_hitted_app_id(const struct streaminfo *a_stream, int
|
||||
|
||||
int srt_action_context_set_l7_protocol(const struct streaminfo *a_stream, enum TSG_PROTOCOL protocol, int thread_seq)
|
||||
{
|
||||
struct session_runtime_action_context *srt_action_context=(struct session_runtime_action_context *)session_runtime_action_context_get(a_stream);
|
||||
struct session_runtime_action_context *srt_action_context=(struct session_runtime_action_context *)session_runtime_action_context_new(a_stream);
|
||||
if(srt_action_context==NULL)
|
||||
{
|
||||
srt_action_context=(struct session_runtime_action_context *)dictator_malloc(thread_seq, sizeof(struct session_runtime_action_context));
|
||||
@@ -548,7 +578,7 @@ int srt_action_context_set_l7_protocol(const struct streaminfo *a_stream, enum T
|
||||
|
||||
int srt_action_context_set_rule_method(const struct streaminfo *a_stream, enum TSG_METHOD_TYPE method_type, int thread_seq)
|
||||
{
|
||||
struct session_runtime_action_context *srt_action_context=(struct session_runtime_action_context *)session_runtime_action_context_get(a_stream);
|
||||
struct session_runtime_action_context *srt_action_context=(struct session_runtime_action_context *)session_runtime_action_context_new(a_stream);
|
||||
if(srt_action_context==NULL)
|
||||
{
|
||||
srt_action_context=(struct session_runtime_action_context *)dictator_malloc(thread_seq, sizeof(struct session_runtime_action_context));
|
||||
@@ -583,7 +613,7 @@ int srt_action_context_set_rule_method(const struct streaminfo *a_stream, enum T
|
||||
|
||||
int srt_action_context_set_leaky_bucket(const struct streaminfo *a_stream, struct leaky_bucket *bucket, int thread_seq)
|
||||
{
|
||||
struct session_runtime_action_context *srt_action_context=(struct session_runtime_action_context *)session_runtime_action_context_get(a_stream);
|
||||
struct session_runtime_action_context *srt_action_context=(struct session_runtime_action_context *)session_runtime_action_context_new(a_stream);
|
||||
if(srt_action_context==NULL)
|
||||
{
|
||||
srt_action_context=(struct session_runtime_action_context *)dictator_malloc(thread_seq, sizeof(struct session_runtime_action_context));
|
||||
@@ -783,14 +813,14 @@ void session_matched_rules_notify(const struct streaminfo *a_stream, TSG_SERVICE
|
||||
bridge_idx=BRIDGE_TYPE_SECURITY_RESULT;
|
||||
break;
|
||||
case TSG_SERVICE_INTERCEPT:
|
||||
bridge_idx=BRIDGE_TYPE_INTERCEPT_RESULT;
|
||||
break;
|
||||
//bridge_idx=BRIDGE_TYPE_INTERCEPT_RESULT;
|
||||
return;
|
||||
case TSG_SERVICE_CHAINING:
|
||||
matched_service_chaining_rules_deal(a_stream, rules, n_rules, thread_seq);
|
||||
break;
|
||||
return;
|
||||
case TSG_SERVICE_SHAPING:
|
||||
matched_shaping_rules_deal(a_stream, rules, n_rules, thread_seq);
|
||||
break;
|
||||
return;
|
||||
default:
|
||||
return ;
|
||||
}
|
||||
|
||||
@@ -163,6 +163,7 @@ int session_mirror_packets_sync(const struct streaminfo *a_stream, struct maat_r
|
||||
void session_matched_rules_notify(const struct streaminfo * a_stream, TSG_SERVICE service, struct maat_rule *results, size_t n_results, int thread_seq);
|
||||
|
||||
// session runtime attribute
|
||||
const struct session_runtime_attribute *session_runtime_attribute_new(const struct streaminfo *a_stream);
|
||||
int srt_attribute_set_protocol(const struct streaminfo * a_stream, TSG_PROTOCOL protocol);
|
||||
int srt_attribute_set_flags(const struct streaminfo * a_stream, unsigned long s_flags);
|
||||
int srt_attribute_set_establish_latecy(const struct streaminfo * a_stream);
|
||||
@@ -175,6 +176,7 @@ void *session_gather_app_results_get(const struct streaminfo * a_stream);
|
||||
|
||||
// session runtime do action context
|
||||
int session_runtime_action_context_async(const struct streaminfo *a_stream, void *data);
|
||||
const struct session_runtime_action_context *session_runtime_action_context_new(const struct streaminfo *a_stream);
|
||||
const struct session_runtime_action_context *session_runtime_action_context_get(const struct streaminfo *a_stream);
|
||||
int srt_action_context_set_leaky_bucket(const struct streaminfo * a_stream, struct leaky_bucket * bucket, int thread_seq);
|
||||
int srt_action_context_set_l7_protocol(const struct streaminfo * a_stream, TSG_PROTOCOL protocol, int thread_seq);
|
||||
|
||||
@@ -739,6 +739,11 @@ int session_state_sync_in_opening_and_closing(const struct streaminfo *a_stream,
|
||||
{
|
||||
struct segment_id_list sid_list={0};
|
||||
|
||||
if(g_tsg_para.intercept_sid>0)
|
||||
{
|
||||
sid_list.sid_list[sid_list.sz_sidlist++]=(unsigned short)g_tsg_para.intercept_sid;
|
||||
}
|
||||
|
||||
if(g_tsg_para.service_chaining_sid>0)
|
||||
{
|
||||
sid_list.sid_list[sid_list.sz_sidlist++]=(unsigned short)g_tsg_para.service_chaining_sid;
|
||||
@@ -801,6 +806,95 @@ int session_state_update_policy(struct update_policy *u_policy, struct maat_rule
|
||||
return 0;
|
||||
}
|
||||
|
||||
enum policy_type session_state_get_policy_type(TSG_SERVICE service)
|
||||
{
|
||||
enum policy_type p_type=POLICY_UPDATE_MAX;
|
||||
switch(service)
|
||||
{
|
||||
case TSG_SERVICE_CHAINING:
|
||||
if(g_tsg_para.service_chaining_sid==0)
|
||||
{
|
||||
break;
|
||||
}
|
||||
return POLICY_UPDATE_SERVICE_CHAINING;
|
||||
case TSG_SERVICE_SHAPING:
|
||||
if(g_tsg_para.shaping_sid==0)
|
||||
{
|
||||
break;
|
||||
}
|
||||
return POLICY_UPDATE_SHAPING;
|
||||
case TSG_SERVICE_INTERCEPT:
|
||||
if(g_tsg_para.intercept_sid==0)
|
||||
{
|
||||
break;
|
||||
}
|
||||
return POLICY_UPDATE_INTERCEPT;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
||||
return p_type;
|
||||
}
|
||||
|
||||
unsigned short session_state_update_segment_sids(struct segment_id_list *segment_ids, enum policy_type p_type)
|
||||
{
|
||||
unsigned short segment_id=0;
|
||||
unsigned short tmp_sids[POLICY_UPDATE_MAX]={0};
|
||||
|
||||
switch(p_type)
|
||||
{
|
||||
case POLICY_UPDATE_SHAPING:
|
||||
segment_id=g_tsg_para.shaping_sid;
|
||||
break;
|
||||
case POLICY_UPDATE_INTERCEPT:
|
||||
segment_id=g_tsg_para.intercept_sid;
|
||||
break;
|
||||
case POLICY_UPDATE_SERVICE_CHAINING:
|
||||
segment_id=g_tsg_para.service_chaining_sid;
|
||||
break;
|
||||
default:
|
||||
return 0;
|
||||
}
|
||||
|
||||
for(size_t i=0; i<segment_ids->sz_sidlist; i++)
|
||||
{
|
||||
if(segment_ids->sid_list[i]==segment_id || segment_id==0)
|
||||
{
|
||||
return segment_id;
|
||||
}
|
||||
|
||||
if(segment_ids->sid_list[i]==g_tsg_para.intercept_sid)
|
||||
{
|
||||
tmp_sids[POLICY_UPDATE_INTERCEPT]=segment_ids->sid_list[i];
|
||||
continue;
|
||||
}
|
||||
|
||||
if(segment_ids->sid_list[i]==g_tsg_para.service_chaining_sid)
|
||||
{
|
||||
tmp_sids[POLICY_UPDATE_SERVICE_CHAINING]=segment_ids->sid_list[i];
|
||||
continue;
|
||||
}
|
||||
|
||||
if(segment_ids->sid_list[i]==g_tsg_para.shaping_sid)
|
||||
{
|
||||
tmp_sids[POLICY_UPDATE_SHAPING]=segment_ids->sid_list[i];
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
||||
tmp_sids[p_type]=segment_id;
|
||||
segment_ids->sz_sidlist=0;
|
||||
for(int i=0; i<POLICY_UPDATE_MAX; i++)
|
||||
{
|
||||
if(tmp_sids[i]!=0)
|
||||
{
|
||||
segment_ids->sid_list[segment_ids->sz_sidlist++]=tmp_sids[i];
|
||||
}
|
||||
}
|
||||
|
||||
return segment_id;
|
||||
}
|
||||
|
||||
size_t matched_rules_increase_in_activing(const struct matched_policy_rules *matched_rules, struct maat_rule *new_rules, size_t n_new_rules, struct maat_rule *inc_rules, size_t n_inc_rules)
|
||||
{
|
||||
size_t n_inc_rules_offset=0;
|
||||
@@ -828,33 +922,12 @@ size_t matched_rules_increase_in_activing(const struct matched_policy_rules *mat
|
||||
|
||||
int session_set_segment_id_in_activing(const struct streaminfo *a_stream, TSG_SERVICE service, struct maat_rule *inc_rules, size_t n_inc_rules)
|
||||
{
|
||||
unsigned short segment_id=0;
|
||||
enum policy_type p_type=POLICY_UPDATE_MAX;
|
||||
switch(service)
|
||||
{
|
||||
case TSG_SERVICE_CHAINING:
|
||||
p_type=POLICY_UPDATE_SERVICE_CHAINING;
|
||||
segment_id=(unsigned short)g_tsg_para.service_chaining_sid;
|
||||
break;
|
||||
case TSG_SERVICE_SHAPING:
|
||||
p_type=POLICY_UPDATE_SHAPING;
|
||||
segment_id=(unsigned short)g_tsg_para.shaping_sid;
|
||||
break;
|
||||
case TSG_SERVICE_INTERCEPT:
|
||||
p_type=POLICY_UPDATE_INTERCEPT;
|
||||
segment_id=(unsigned short)g_tsg_para.intercept_sid;
|
||||
break;
|
||||
default:
|
||||
return 0;
|
||||
}
|
||||
|
||||
if(segment_id==0)
|
||||
enum policy_type p_type=session_state_get_policy_type(service);
|
||||
if(p_type>=POLICY_UPDATE_MAX)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_INFO, "set_segment_id", "set in active status , service:%d, sid:%u,session addr:%s", service, segment_id, PRINTADDR(a_stream, g_tsg_para.level));
|
||||
|
||||
struct segment_id_list *segment_ids=(struct segment_id_list *)session_control_segment_ids_get(a_stream);
|
||||
if(segment_ids==NULL)
|
||||
{
|
||||
@@ -862,20 +935,14 @@ int session_set_segment_id_in_activing(const struct streaminfo *a_stream, TSG_SE
|
||||
memset(segment_ids, 0, sizeof(struct segment_id_list));
|
||||
}
|
||||
|
||||
int add_sid=1;
|
||||
for(size_t i=0; i<segment_ids->sz_sidlist; i++)
|
||||
unsigned short segment_id=session_state_update_segment_sids(segment_ids, p_type);
|
||||
if(segment_id==0)
|
||||
{
|
||||
if(segment_ids->sid_list[i]==segment_id)
|
||||
{
|
||||
add_sid=0;
|
||||
break;
|
||||
}
|
||||
dictator_free(a_stream->threadnum, (void *)segment_ids);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if(add_sid==1)
|
||||
{
|
||||
segment_ids->sid_list[segment_ids->sz_sidlist++]=segment_id;
|
||||
}
|
||||
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_INFO, "set_segment_id", "set in active status , service:%d, sid:%u,session addr:%s", service, segment_id, PRINTADDR(a_stream, g_tsg_para.level));
|
||||
|
||||
struct segment_id_list sid_list;
|
||||
sid_list.sz_sidlist=1;
|
||||
@@ -888,7 +955,7 @@ int session_set_segment_id_in_activing(const struct streaminfo *a_stream, TSG_SE
|
||||
if(service==TSG_SERVICE_INTERCEPT)
|
||||
{
|
||||
memset(&policy_array[0].cmsg, 0, sizeof(struct proxy_cmsg));
|
||||
tsg_proxy_update_policy_fill(a_stream, &(policy_array[0]));
|
||||
tsg_proxy_update_policy_fill(a_stream, &(policy_array[0]), segment_ids);
|
||||
|
||||
struct matched_policy_rules *s_chaining = (struct matched_policy_rules *)session_matched_rules_get(a_stream, TSG_SERVICE_CHAINING);
|
||||
if(s_chaining!=NULL)
|
||||
@@ -1336,7 +1403,7 @@ static int session_l7_protocol_idnetify(const struct streaminfo *a_stream, struc
|
||||
|
||||
static size_t tsg_scan_fqdn_category_id(const struct streaminfo *a_stream, struct maat *feather, char *domain, int table_idx, struct maat_state *s_mid, maat_rule *results, size_t n_result)
|
||||
{
|
||||
struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_get(a_stream);
|
||||
struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_new(a_stream);
|
||||
if(srt_attribute!=NULL && domain!=NULL && table_idx>=0)
|
||||
{
|
||||
srt_attribute->n_fqdn_category_ids=tsg_get_fqdn_category_ids(g_tsg_maat_feather, domain, srt_attribute->fqdn_category_ids, MAX_CATEGORY_ID_NUM);
|
||||
@@ -1531,13 +1598,6 @@ unsigned char session_matched_rules_deal(const struct streaminfo *a_stream, stru
|
||||
matched_service_chaining_rules_deal(a_stream, s_chaining_rules, n_s_chaining_rules, a_stream->threadnum);
|
||||
}
|
||||
|
||||
struct maat_rule intercept_rules[MAX_RESULT_NUM]={0};
|
||||
size_t n_intercept_rules=tsg_select_rules_by_service_id(rules, n_rules, intercept_rules, MAX_RESULT_NUM, TSG_SERVICE_INTERCEPT);
|
||||
if(n_intercept_rules>0)
|
||||
{
|
||||
matched_intercept_rules_deal(a_stream, intercept_rules, n_intercept_rules, a_stream->threadnum);
|
||||
}
|
||||
|
||||
struct maat_rule shaping_rules[MAX_RESULT_NUM]={0};
|
||||
size_t n_shaping_rules=tsg_select_rules_by_service_id(rules, n_rules, shaping_rules, MAX_RESULT_NUM, TSG_SERVICE_SHAPING);
|
||||
if(n_shaping_rules>0)
|
||||
@@ -1545,6 +1605,13 @@ unsigned char session_matched_rules_deal(const struct streaminfo *a_stream, stru
|
||||
matched_shaping_rules_deal(a_stream, shaping_rules, n_shaping_rules, a_stream->threadnum);
|
||||
}
|
||||
|
||||
struct maat_rule intercept_rules[MAX_RESULT_NUM]={0};
|
||||
size_t n_intercept_rules=tsg_select_rules_by_service_id(rules, n_rules, intercept_rules, MAX_RESULT_NUM, TSG_SERVICE_INTERCEPT);
|
||||
if(n_intercept_rules>0)
|
||||
{
|
||||
matched_intercept_rules_deal(a_stream, intercept_rules, n_intercept_rules, a_stream->threadnum);
|
||||
}
|
||||
|
||||
struct maat_rule security_rules[MAX_RESULT_NUM]={0};
|
||||
size_t n_security_rules=tsg_select_rules_by_service_id(rules, n_rules, security_rules, MAX_RESULT_NUM, TSG_SERVICE_SECURITY);
|
||||
if(n_security_rules>0)
|
||||
|
||||
@@ -6,6 +6,7 @@
|
||||
#include "tsg_send_log.h"
|
||||
#include "tsg_sync_state.h"
|
||||
#include "tsg_proxy.h"
|
||||
#include "tsg_bridge.h"
|
||||
|
||||
#define DEFAULT_WINSCLE 0
|
||||
#define DEFAULT_MSS 1460
|
||||
@@ -20,6 +21,21 @@ enum tsg_proxy_ipv6hdr_parse_error{
|
||||
TSG_PROXY_IPV6HDR_INVALID_TYPE = -3,
|
||||
};
|
||||
|
||||
int update_segment_sids(struct cmsg_int16_array *d_sids_array, unsigned short *s_sids, unsigned int n_s_sids)
|
||||
{
|
||||
for(unsigned int i=0; i<n_s_sids; i++)
|
||||
{
|
||||
if(d_sids_array->num>=8)
|
||||
{
|
||||
break;
|
||||
}
|
||||
|
||||
d_sids_array->value[d_sids_array->num++]=s_sids[i];
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
int tsg_proxy_ipv6_header_parse(const void *a_packet, struct pkt_info *pktinfo){
|
||||
if(a_packet == NULL){
|
||||
return TSG_PROXY_IPV6HDR_NULL_PACKET;
|
||||
@@ -233,7 +249,7 @@ void tsg_proxy_tcp_parse(struct tsg_proxy_tcp_attribute *tcp_attr, struct pkt_in
|
||||
|
||||
static struct tsg_proxy_tcp_attribute *tsg_proxy_tcp_attribute_get(const struct streaminfo *stream)
|
||||
{
|
||||
struct session_runtime_attribute *srt_attribute = (struct session_runtime_attribute *)session_runtime_attribute_get(stream);
|
||||
struct session_runtime_attribute *srt_attribute = (struct session_runtime_attribute *)session_runtime_attribute_new(stream);
|
||||
if (srt_attribute == NULL) {
|
||||
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "PROXY", "Failed to get session runtime attribute, stream treaceid = %llu", tsg_get_stream_trace_id(stream));
|
||||
return NULL;
|
||||
@@ -497,7 +513,7 @@ static void tsg_proxy_tcp_attribute_dump(tsg_proxy_tcp_attribute *tcp_attr, stru
|
||||
return;
|
||||
}
|
||||
|
||||
void tsg_proxy_update_policy_fill(const struct streaminfo *stream, struct update_policy *policy)
|
||||
void tsg_proxy_update_policy_fill(const struct streaminfo *stream, struct update_policy *policy, struct segment_id_list *segment_ids)
|
||||
{
|
||||
struct proxy_cmsg *cmsg = &policy->cmsg;
|
||||
struct tsg_proxy_tcp_attribute *tcp_attr = tsg_proxy_tcp_attribute_get(stream);
|
||||
@@ -524,10 +540,8 @@ void tsg_proxy_update_policy_fill(const struct streaminfo *stream, struct update
|
||||
cmsg->tcp_seq_route_ctx.num = client->route_ctx_len;
|
||||
memcpy(cmsg->tcp_seq_route_ctx.value, client->route_ctx, client->route_ctx_len);
|
||||
|
||||
cmsg->tcp_seq_sids.num = client->sid_list.sz_sidlist;
|
||||
for (unsigned int i = 0; i < client->sid_list.sz_sidlist; i++) {
|
||||
cmsg->tcp_seq_sids.value[i] = client->sid_list.sid_list[i];
|
||||
}
|
||||
update_segment_sids(&cmsg->tcp_seq_sids, segment_ids->sid_list+1, segment_ids->sz_sidlist-1); // delete intercept sid
|
||||
update_segment_sids(&cmsg->tcp_seq_sids, client->sid_list.sid_list, client->sid_list.sz_sidlist);
|
||||
|
||||
cmsg->tcp_mss_server = server->mss;
|
||||
cmsg->tcp_sack_server = server->sack;
|
||||
@@ -538,10 +552,8 @@ void tsg_proxy_update_policy_fill(const struct streaminfo *stream, struct update
|
||||
cmsg->tcp_ack_route_ctx.num = server->route_ctx_len;
|
||||
memcpy(cmsg->tcp_ack_route_ctx.value, server->route_ctx, server->route_ctx_len);
|
||||
|
||||
cmsg->tcp_ack_sids.num = server->sid_list.sz_sidlist;
|
||||
for (unsigned int i = 0; i < server->sid_list.sz_sidlist; i++) {
|
||||
cmsg->tcp_ack_sids.value[i] = server->sid_list.sid_list[i];
|
||||
}
|
||||
update_segment_sids(&cmsg->tcp_seq_sids, segment_ids->sid_list+1, segment_ids->sz_sidlist-1); // delete intercept sid
|
||||
update_segment_sids(&cmsg->tcp_ack_sids, server->sid_list.sid_list, server->sid_list.sz_sidlist);
|
||||
|
||||
if (client->wscale_set && server->wscale_set) {
|
||||
cmsg->tcp_wsacle_exist = 1;
|
||||
|
||||
@@ -50,4 +50,4 @@ void tsg_proxy_tcp_parse(struct tsg_proxy_tcp_attribute *tcp_attr, struct pkt_in
|
||||
void tsg_proxy_first_data_process(const struct streaminfo *stream, struct tsg_proxy_tcp_attribute *tcp_attr, struct pkt_info *pktinfo);
|
||||
|
||||
void tsg_proxy_tcp_options_parse(const struct streaminfo *stream, const void *a_packet);
|
||||
void tsg_proxy_update_policy_fill(const struct streaminfo *stream, struct update_policy *policy);
|
||||
void tsg_proxy_update_policy_fill(const struct streaminfo *stream, struct update_policy *policy, struct segment_id_list *segment_ids);
|
||||
@@ -10,7 +10,8 @@
|
||||
extern int rd_kafka_get_sendlog_cnt(void);
|
||||
extern const char *rd_kafka_get_sendlog_payload(int idx);
|
||||
extern int matched_shaping_rules_deal(const struct streaminfo *a_stream, struct maat_rule *shaping_rules, size_t n_shaping_rules, int thread_seq);;
|
||||
extern int matched_service_chaining_rules_deal(const struct streaminfo *a_stream, struct maat_rule *service_chaining_rules, size_t n_service_chaining_rules, int thread_seq);;
|
||||
extern int matched_service_chaining_rules_deal(const struct streaminfo *a_stream, struct maat_rule *service_chaining_rules, size_t n_service_chaining_rules, int thread_seq);
|
||||
extern int matched_intercept_rules_deal(const struct streaminfo * a_stream, struct maat_rule * intercept_rules, size_t n_intercept_rules, int thread_seq);
|
||||
|
||||
extern void session_segment_id_free(const struct streaminfo * a_stream, int bridge_id, void * data);
|
||||
|
||||
@@ -492,29 +493,38 @@ TEST(TSGMaster, SecurityDuplicatePolicyMultipleNotify)
|
||||
|
||||
extern int session_packet_capture_by_rules_notify(const struct streaminfo *a_stream, struct maat_rule *rules, size_t n_rules, int thread_seq);
|
||||
|
||||
TEST(TSGMaster, SecurityPolicyIntercept)
|
||||
TEST(TSGMaster, InterceptPolicyNotify)
|
||||
{
|
||||
const struct streaminfo a_stream={0};
|
||||
struct maat_rule matched_policy[MAX_RESULT_NUM]={0};
|
||||
|
||||
matched_policy[1].action=TSG_ACTION_INTERCEPT;
|
||||
matched_policy[1].rule_id=TSG_ACTION_INTERCEPT;
|
||||
matched_policy[1].service_id=TSG_SERVICE_INTERCEPT;
|
||||
|
||||
// Set Intercept
|
||||
session_matched_rules_notify(&a_stream, TSG_SERVICE_SECURITY, &matched_policy[1], 1, 0);
|
||||
matched_intercept_rules_deal(&a_stream, &matched_policy[1], 1, 0);
|
||||
|
||||
const struct matched_policy_rules *hited_security=session_matched_rules_get(&a_stream, TSG_SERVICE_SECURITY);
|
||||
EXPECT_NE(nullptr, hited_security);
|
||||
EXPECT_EQ(1, hited_security->n_rules);
|
||||
EXPECT_EQ(TSG_ACTION_INTERCEPT, hited_security->rules[0].action);
|
||||
EXPECT_EQ(TSG_ACTION_INTERCEPT, hited_security->rules[0].rule_id);
|
||||
const struct matched_policy_rules *hited_intercept=session_matched_rules_get(&a_stream, TSG_SERVICE_INTERCEPT);
|
||||
EXPECT_NE(nullptr, hited_intercept);
|
||||
EXPECT_EQ(1, hited_intercept->n_rules);
|
||||
EXPECT_EQ(TSG_ACTION_INTERCEPT, hited_intercept->rules[0].action);
|
||||
EXPECT_EQ(TSG_ACTION_INTERCEPT, hited_intercept->rules[0].rule_id);
|
||||
EXPECT_EQ(TSG_SERVICE_INTERCEPT, hited_intercept->rules[0].service_id);
|
||||
|
||||
session_matched_rules_free(&a_stream, TSG_SERVICE_SECURITY, (void *)hited_security);
|
||||
session_matched_rules_async(&a_stream, TSG_SERVICE_SECURITY, NULL);
|
||||
EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_SECURITY));
|
||||
struct segment_id_list *segment_ids=(struct segment_id_list *)session_control_segment_ids_get(&a_stream);
|
||||
EXPECT_NE(nullptr, segment_ids);
|
||||
EXPECT_EQ(1, segment_ids->sz_sidlist);
|
||||
EXPECT_EQ(g_tsg_para.intercept_sid, segment_ids->sid_list[0]);
|
||||
|
||||
session_segment_id_free(&a_stream, 0, (void *)segment_ids);
|
||||
session_control_segment_ids_async(&a_stream, NULL);
|
||||
|
||||
session_matched_rules_free(&a_stream, TSG_SERVICE_INTERCEPT, (void *)hited_intercept);
|
||||
session_matched_rules_async(&a_stream, TSG_SERVICE_INTERCEPT, NULL);
|
||||
EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_INTERCEPT));
|
||||
}
|
||||
|
||||
|
||||
TEST(TSGMaster, SecurityMultiplePolicyMonitorToIntercept)
|
||||
{
|
||||
const struct streaminfo a_stream={0};
|
||||
@@ -522,9 +532,11 @@ TEST(TSGMaster, SecurityMultiplePolicyMonitorToIntercept)
|
||||
|
||||
matched_policy[0].action=TSG_ACTION_MONITOR;
|
||||
matched_policy[0].rule_id=TSG_ACTION_MONITOR;
|
||||
matched_policy[0].service_id=TSG_SERVICE_SECURITY;
|
||||
|
||||
matched_policy[1].action=TSG_ACTION_INTERCEPT;
|
||||
matched_policy[1].rule_id=TSG_ACTION_INTERCEPT;
|
||||
matched_policy[1].service_id=TSG_SERVICE_INTERCEPT;
|
||||
|
||||
// First Monitor, second Intercpt
|
||||
session_matched_rules_notify(&a_stream, TSG_SERVICE_SECURITY, &matched_policy[0], 1, 0);
|
||||
@@ -553,12 +565,13 @@ TEST(TSGMaster, SecurityMultiplePolicyMonitorToIntercept)
|
||||
EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_SECURITY));
|
||||
|
||||
// Set Intercept
|
||||
session_matched_rules_notify(&a_stream, TSG_SERVICE_INTERCEPT, &matched_policy[1], 1, 0);
|
||||
matched_intercept_rules_deal(&a_stream, &matched_policy[1], 1, 0);
|
||||
|
||||
ret=session_matched_rules_copy(&a_stream, TSG_SERVICE_INTERCEPT, &(matched_policy[2]), 1);
|
||||
EXPECT_EQ(1, ret);
|
||||
EXPECT_EQ(TSG_ACTION_INTERCEPT, matched_policy[2].action);
|
||||
EXPECT_EQ(TSG_ACTION_INTERCEPT, matched_policy[2].rule_id);
|
||||
EXPECT_EQ(TSG_SERVICE_INTERCEPT, matched_policy[2].service_id);
|
||||
|
||||
ret=session_matched_rules_copy(&a_stream, TSG_SERVICE_INTERCEPT, &(matched_policy[2]), 1);
|
||||
EXPECT_EQ(1, ret);
|
||||
@@ -571,12 +584,19 @@ TEST(TSGMaster, SecurityMultiplePolicyMonitorToIntercept)
|
||||
EXPECT_EQ(TSG_ACTION_INTERCEPT, hited_intercept->rules[0].action);
|
||||
EXPECT_EQ(TSG_ACTION_INTERCEPT, hited_intercept->rules[0].rule_id);
|
||||
|
||||
struct segment_id_list *segment_ids=(struct segment_id_list *)session_control_segment_ids_get(&a_stream);
|
||||
EXPECT_NE(nullptr, segment_ids);
|
||||
EXPECT_EQ(1, segment_ids->sz_sidlist);
|
||||
EXPECT_EQ(g_tsg_para.intercept_sid, segment_ids->sid_list[0]);
|
||||
|
||||
session_segment_id_free(&a_stream, 0, (void *)segment_ids);
|
||||
session_control_segment_ids_async(&a_stream, NULL);
|
||||
|
||||
session_matched_rules_free(&a_stream, TSG_SERVICE_INTERCEPT, (void *)hited_intercept);
|
||||
session_matched_rules_async(&a_stream, TSG_SERVICE_INTERCEPT, NULL);
|
||||
EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_INTERCEPT));
|
||||
}
|
||||
|
||||
|
||||
TEST(TSGMaster, ShapingAndServiceChainingPolicyNotify)
|
||||
{
|
||||
const struct streaminfo a_stream={0};
|
||||
@@ -635,6 +655,198 @@ TEST(TSGMaster, ShapingAndServiceChainingPolicyNotify)
|
||||
EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_CHAINING));
|
||||
}
|
||||
|
||||
TEST(TSGMaster, InterceptPolicy)
|
||||
{
|
||||
const struct streaminfo a_stream={0};
|
||||
struct maat_rule matched_policy[MAX_RESULT_NUM]={0};
|
||||
|
||||
matched_policy[1].action=TSG_ACTION_INTERCEPT;
|
||||
matched_policy[1].rule_id=TSG_ACTION_INTERCEPT;
|
||||
matched_policy[1].service_id=TSG_SERVICE_INTERCEPT;
|
||||
|
||||
// Set Intercept
|
||||
matched_intercept_rules_deal(&a_stream, &matched_policy[1], 1, 0);
|
||||
const struct matched_policy_rules *hited_intercept=session_matched_rules_get(&a_stream, TSG_SERVICE_INTERCEPT);
|
||||
EXPECT_NE(nullptr, hited_intercept);
|
||||
EXPECT_EQ(1, hited_intercept->n_rules);
|
||||
EXPECT_EQ(TSG_ACTION_INTERCEPT, hited_intercept->rules[0].action);
|
||||
EXPECT_EQ(TSG_ACTION_INTERCEPT, hited_intercept->rules[0].rule_id);
|
||||
EXPECT_EQ(TSG_SERVICE_INTERCEPT, hited_intercept->rules[0].service_id);
|
||||
|
||||
struct segment_id_list *segment_ids=(struct segment_id_list *)session_control_segment_ids_get(&a_stream);
|
||||
EXPECT_NE(nullptr, segment_ids);
|
||||
EXPECT_EQ(1, segment_ids->sz_sidlist);
|
||||
EXPECT_EQ(g_tsg_para.intercept_sid, segment_ids->sid_list[0]);
|
||||
|
||||
session_segment_id_free(&a_stream, 0, (void *)segment_ids);
|
||||
session_control_segment_ids_async(&a_stream, NULL);
|
||||
|
||||
session_matched_rules_free(&a_stream, TSG_SERVICE_INTERCEPT, (void *)hited_intercept);
|
||||
session_matched_rules_async(&a_stream, TSG_SERVICE_INTERCEPT, NULL);
|
||||
EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_INTERCEPT));
|
||||
}
|
||||
|
||||
TEST(TSGMaster, InterceptAndNOInterceptPolicy)
|
||||
{
|
||||
const struct streaminfo a_stream={0};
|
||||
struct maat_rule matched_policy[MAX_RESULT_NUM]={0};
|
||||
|
||||
matched_policy[0].action=TSG_ACTION_NO_INTERCEPT;
|
||||
matched_policy[0].rule_id=TSG_ACTION_NO_INTERCEPT;
|
||||
matched_policy[0].service_id=TSG_SERVICE_INTERCEPT;
|
||||
|
||||
matched_policy[1].action=TSG_ACTION_INTERCEPT;
|
||||
matched_policy[1].rule_id=TSG_ACTION_INTERCEPT;
|
||||
matched_policy[1].service_id=TSG_SERVICE_INTERCEPT;
|
||||
|
||||
// Set Intercept And NO Intercept
|
||||
matched_intercept_rules_deal(&a_stream, matched_policy, 2, 0);
|
||||
const struct matched_policy_rules *hited_intercept=session_matched_rules_get(&a_stream, TSG_SERVICE_INTERCEPT);
|
||||
EXPECT_NE(nullptr, hited_intercept);
|
||||
EXPECT_EQ(1, hited_intercept->n_rules);
|
||||
EXPECT_EQ(TSG_ACTION_NO_INTERCEPT, hited_intercept->rules[0].action);
|
||||
EXPECT_EQ(TSG_ACTION_NO_INTERCEPT, hited_intercept->rules[0].rule_id);
|
||||
EXPECT_EQ(TSG_SERVICE_INTERCEPT, hited_intercept->rules[0].service_id);
|
||||
|
||||
struct segment_id_list *segment_ids=(struct segment_id_list *)session_control_segment_ids_get(&a_stream);
|
||||
EXPECT_NE(nullptr, segment_ids);
|
||||
EXPECT_EQ(1, segment_ids->sz_sidlist);
|
||||
EXPECT_EQ(g_tsg_para.intercept_sid, segment_ids->sid_list[0]);
|
||||
|
||||
session_segment_id_free(&a_stream, 0, (void *)segment_ids);
|
||||
session_control_segment_ids_async(&a_stream, NULL);
|
||||
|
||||
session_matched_rules_free(&a_stream, TSG_SERVICE_INTERCEPT, (void *)hited_intercept);
|
||||
session_matched_rules_async(&a_stream, TSG_SERVICE_INTERCEPT, NULL);
|
||||
EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_INTERCEPT));
|
||||
}
|
||||
|
||||
TEST(TSGMaster, ServiceChainingAndInterceptPolicy)
|
||||
{
|
||||
const struct streaminfo a_stream={0};
|
||||
struct maat_rule matched_policy[MAX_RESULT_NUM]={0};
|
||||
|
||||
matched_policy[0].action=TSG_ACTION_S_CHAINING;
|
||||
matched_policy[0].rule_id=TSG_ACTION_S_CHAINING;
|
||||
|
||||
// Set Service chaining
|
||||
matched_service_chaining_rules_deal(&a_stream, &matched_policy[0], 1, 0);
|
||||
const struct matched_policy_rules *hited_s_chaining=session_matched_rules_get(&a_stream, TSG_SERVICE_CHAINING);
|
||||
EXPECT_NE(nullptr, hited_s_chaining);
|
||||
EXPECT_EQ(1, hited_s_chaining->n_rules);
|
||||
EXPECT_EQ(TSG_ACTION_S_CHAINING, hited_s_chaining->rules[0].action);
|
||||
EXPECT_EQ(TSG_ACTION_S_CHAINING, hited_s_chaining->rules[0].rule_id);
|
||||
|
||||
struct segment_id_list *segment_ids=(struct segment_id_list *)session_control_segment_ids_get(&a_stream);
|
||||
EXPECT_NE(nullptr, segment_ids);
|
||||
EXPECT_EQ(1, segment_ids->sz_sidlist);
|
||||
EXPECT_EQ(g_tsg_para.service_chaining_sid, segment_ids->sid_list[0]);
|
||||
|
||||
// Set Intercept
|
||||
matched_policy[1].action=TSG_ACTION_INTERCEPT;
|
||||
matched_policy[1].rule_id=TSG_ACTION_INTERCEPT;
|
||||
matched_policy[1].service_id=TSG_SERVICE_INTERCEPT;
|
||||
|
||||
matched_intercept_rules_deal(&a_stream, &matched_policy[1], 1, 0);
|
||||
const struct matched_policy_rules *hited_intercept=session_matched_rules_get(&a_stream, TSG_SERVICE_INTERCEPT);
|
||||
EXPECT_NE(nullptr, hited_intercept);
|
||||
EXPECT_EQ(1, hited_intercept->n_rules);
|
||||
EXPECT_EQ(TSG_ACTION_INTERCEPT, hited_intercept->rules[0].action);
|
||||
EXPECT_EQ(TSG_ACTION_INTERCEPT, hited_intercept->rules[0].rule_id);
|
||||
EXPECT_EQ(TSG_SERVICE_INTERCEPT, hited_intercept->rules[0].service_id);
|
||||
|
||||
segment_ids=(struct segment_id_list *)session_control_segment_ids_get(&a_stream);
|
||||
EXPECT_NE(nullptr, segment_ids);
|
||||
EXPECT_EQ(2, segment_ids->sz_sidlist);
|
||||
EXPECT_EQ(g_tsg_para.intercept_sid, segment_ids->sid_list[0]);
|
||||
EXPECT_EQ(g_tsg_para.service_chaining_sid, segment_ids->sid_list[1]);
|
||||
|
||||
session_segment_id_free(&a_stream, 0, (void *)segment_ids);
|
||||
session_control_segment_ids_async(&a_stream, NULL);
|
||||
|
||||
session_matched_rules_free(&a_stream, TSG_SERVICE_CHAINING, (void *)hited_s_chaining);
|
||||
session_matched_rules_async(&a_stream, TSG_SERVICE_CHAINING, NULL);
|
||||
EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_CHAINING));
|
||||
|
||||
session_matched_rules_free(&a_stream, TSG_SERVICE_INTERCEPT, (void *)hited_intercept);
|
||||
session_matched_rules_async(&a_stream, TSG_SERVICE_INTERCEPT, NULL);
|
||||
EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_INTERCEPT));
|
||||
}
|
||||
|
||||
TEST(TSGMaster, ServiceChainingAndShapingAndInterceptPolicy)
|
||||
{
|
||||
const struct streaminfo a_stream={0};
|
||||
struct maat_rule matched_policy[MAX_RESULT_NUM]={0};
|
||||
|
||||
// Set Shaping
|
||||
matched_policy[0].action=TSG_ACTION_SHAPING;
|
||||
matched_policy[0].rule_id=TSG_ACTION_SHAPING;
|
||||
|
||||
matched_shaping_rules_deal(&a_stream, &matched_policy[0], 1, 0);
|
||||
const struct matched_policy_rules *hited_shaping=session_matched_rules_get(&a_stream, TSG_SERVICE_SHAPING);
|
||||
EXPECT_NE(nullptr, hited_shaping);
|
||||
EXPECT_EQ(1, hited_shaping->n_rules);
|
||||
EXPECT_EQ(TSG_ACTION_SHAPING, hited_shaping->rules[0].action);
|
||||
EXPECT_EQ(TSG_ACTION_SHAPING, hited_shaping->rules[0].rule_id);
|
||||
|
||||
struct segment_id_list *segment_ids=(struct segment_id_list *)session_control_segment_ids_get(&a_stream);
|
||||
EXPECT_NE(nullptr, segment_ids);
|
||||
EXPECT_EQ(1, segment_ids->sz_sidlist);
|
||||
EXPECT_EQ(g_tsg_para.shaping_sid, segment_ids->sid_list[0]);
|
||||
|
||||
// Set Service chaining
|
||||
matched_policy[0].action=TSG_ACTION_S_CHAINING;
|
||||
matched_policy[0].rule_id=TSG_ACTION_S_CHAINING;
|
||||
|
||||
matched_service_chaining_rules_deal(&a_stream, &matched_policy[0], 1, 0);
|
||||
const struct matched_policy_rules *hited_s_chaining=session_matched_rules_get(&a_stream, TSG_SERVICE_CHAINING);
|
||||
EXPECT_NE(nullptr, hited_s_chaining);
|
||||
EXPECT_EQ(1, hited_s_chaining->n_rules);
|
||||
EXPECT_EQ(TSG_ACTION_S_CHAINING, hited_s_chaining->rules[0].action);
|
||||
EXPECT_EQ(TSG_ACTION_S_CHAINING, hited_s_chaining->rules[0].rule_id);
|
||||
|
||||
segment_ids=(struct segment_id_list *)session_control_segment_ids_get(&a_stream);
|
||||
EXPECT_NE(nullptr, segment_ids);
|
||||
EXPECT_EQ(2, segment_ids->sz_sidlist);
|
||||
EXPECT_EQ(g_tsg_para.service_chaining_sid, segment_ids->sid_list[0]);
|
||||
EXPECT_EQ(g_tsg_para.shaping_sid, segment_ids->sid_list[1]);
|
||||
|
||||
// Set Intercept
|
||||
matched_policy[1].action=TSG_ACTION_INTERCEPT;
|
||||
matched_policy[1].rule_id=TSG_ACTION_INTERCEPT;
|
||||
matched_policy[1].service_id=TSG_SERVICE_INTERCEPT;
|
||||
|
||||
matched_intercept_rules_deal(&a_stream, &matched_policy[1], 1, 0);
|
||||
const struct matched_policy_rules *hited_intercept=session_matched_rules_get(&a_stream, TSG_SERVICE_INTERCEPT);
|
||||
EXPECT_NE(nullptr, hited_intercept);
|
||||
EXPECT_EQ(1, hited_intercept->n_rules);
|
||||
EXPECT_EQ(TSG_ACTION_INTERCEPT, hited_intercept->rules[0].action);
|
||||
EXPECT_EQ(TSG_ACTION_INTERCEPT, hited_intercept->rules[0].rule_id);
|
||||
EXPECT_EQ(TSG_SERVICE_INTERCEPT, hited_intercept->rules[0].service_id);
|
||||
|
||||
segment_ids=(struct segment_id_list *)session_control_segment_ids_get(&a_stream);
|
||||
EXPECT_NE(nullptr, segment_ids);
|
||||
EXPECT_EQ(3, segment_ids->sz_sidlist);
|
||||
EXPECT_EQ(g_tsg_para.intercept_sid, segment_ids->sid_list[0]);
|
||||
EXPECT_EQ(g_tsg_para.service_chaining_sid, segment_ids->sid_list[1]);
|
||||
EXPECT_EQ(g_tsg_para.shaping_sid, segment_ids->sid_list[2]);
|
||||
|
||||
session_segment_id_free(&a_stream, 0, (void *)segment_ids);
|
||||
session_control_segment_ids_async(&a_stream, NULL);
|
||||
|
||||
session_matched_rules_free(&a_stream, TSG_SERVICE_SHAPING, (void *)hited_shaping);
|
||||
session_matched_rules_async(&a_stream, TSG_SERVICE_SHAPING, NULL);
|
||||
EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_SHAPING));
|
||||
|
||||
session_matched_rules_free(&a_stream, TSG_SERVICE_CHAINING, (void *)hited_s_chaining);
|
||||
session_matched_rules_async(&a_stream, TSG_SERVICE_CHAINING, NULL);
|
||||
EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_CHAINING));
|
||||
|
||||
session_matched_rules_free(&a_stream, TSG_SERVICE_INTERCEPT, (void *)hited_intercept);
|
||||
session_matched_rules_async(&a_stream, TSG_SERVICE_INTERCEPT, NULL);
|
||||
EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_INTERCEPT));
|
||||
}
|
||||
|
||||
int main(int argc, char *argv[])
|
||||
{
|
||||
TSG_MASTER_INIT();
|
||||
|
||||
@@ -190,7 +190,7 @@ TEST(POLICY_UPDATE, Shaper)
|
||||
TEST(SESSION_STATE, ActiveStateServiceChainingAndShaping0)
|
||||
{
|
||||
struct streaminfo a_stream = {0};
|
||||
struct update_policy policy_array[2];
|
||||
struct update_policy policy_array[POLICY_UPDATE_MAX];
|
||||
char test_str[256] = {0};
|
||||
char ctrl_pkt_buf[1024];
|
||||
int ctrl_pkt_len = 0;
|
||||
|
||||
Reference in New Issue
Block a user