diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 6f69be0..666e385 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -8,6 +8,8 @@ variables: stages: - build +- test +- package .build_before_script: before_script: @@ -42,7 +44,31 @@ stages: - ./ci/travis.sh tags: - share - + +run_test_for_centos7: + stage: test + extends: .build_by_travis_for_centos7 + script: + - yum makecache + - ./ci/travis.sh + - cd build + - make test + - cd testing + - ./gtest_rule + - ./gtest_master + +run_test_for_centos8: + stage: test + extends: .build_by_travis_for_centos8 + script: + - yum makecache + - ./ci/travis.sh + - cd build + - make test + - cd testing + - ./gtest_rule + - ./gtest_master + branch_build_debug_for_centos7: stage: build extends: .build_by_travis_for_centos7 @@ -101,7 +127,7 @@ develop_build_release_for_centos7: - /^master.*$/i release_build_debug_for_centos7: - stage: build + stage: package variables: BUILD_TYPE: Debug PACKAGE: 1 @@ -117,7 +143,7 @@ release_build_debug_for_centos7: - tags release_build_release_for_centos7: - stage: build + stage: package variables: BUILD_TYPE: RelWithDebInfo PACKAGE: 1 @@ -192,7 +218,7 @@ develop_build_release_for_centos8: - /^master.*$/i release_build_debug_for_centos8: - stage: build + stage: package variables: BUILD_TYPE: Debug PACKAGE: 1 @@ -208,7 +234,7 @@ release_build_debug_for_centos8: - tags release_build_release_for_centos8: - stage: build + stage: package variables: BUILD_TYPE: RelWithDebInfo PACKAGE: 1 diff --git a/CMakeLists.txt b/CMakeLists.txt index d39c8f4..9944579 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -37,7 +37,7 @@ set(CMAKE_INSTALL_PREFIX /home/mesasoft/sapp_run) add_subdirectory(support) add_subdirectory(src) add_subdirectory(vendor) -add_subdirectory(test) +add_subdirectory(test/src) enable_testing() add_subdirectory(./ctest) diff --git a/bin/tsg_log_field.conf b/bin/tsg_log_field.conf index 3a5b7f8..ecfaeb7 100644 --- a/bin/tsg_log_field.conf +++ b/bin/tsg_log_field.conf @@ -122,3 +122,4 @@ STRING common_tunnel_endpoint_b_desc 109 LONG common_t_vsys_id 110 STRING common_app_full_path 111 LONG common_flags 112 +LONG common_shaping_rule_ids 113 diff --git a/bin/tsg_static_tableinfo.conf b/bin/tsg_static_tableinfo.conf index d76ed27..dd9fa64 100644 --- a/bin/tsg_static_tableinfo.conf +++ b/bin/tsg_static_tableinfo.conf @@ -9,7 +9,9 @@ #quickswitch quickon or quick off #id name type src_charset dst_charset do_merge cross_cache quickswitch 0 TSG_SECURITY_COMPILE compile escape -- +0 TRAFFIC_SHAPING_COMPILE compile escape -- 1 GROUP_COMPILE_RELATION group2compile -- +1 GROUP_SHAPING_COMPILE_RELATION group2compile -- 2 GROUP_GROUP_RELATION group2group -- 3 TSG_OBJ_IP_ADDR ip_plus UTF8 UTF8 no 0 3 TSG_OBJ_IP_LEARNING_ADDR ip_plus UTF8 UTF8 no 0 @@ -90,4 +92,5 @@ 78 TSG_TUNNEL_LABEL plugin {"key":2,"valid":3} -- 79 TSG_SECURITY_TUNNEL virtual TSG_OBJ_TUNNEL_ID -- 80 TSG_OBJ_FLAG flag -- -81 TSG_SECURITY_FLAG virtual TSG_OBJ_FLAG -- \ No newline at end of file +81 TSG_SECURITY_FLAG virtual TSG_OBJ_FLAG -- +82 TRAFFIC_SHAPING_PROFILE plugin {"key":1,"valid":8} \ No newline at end of file diff --git a/ctest/CMakeLists.txt b/ctest/CMakeLists.txt index 9b22c63..ba5a437 100644 --- a/ctest/CMakeLists.txt +++ b/ctest/CMakeLists.txt @@ -2,16 +2,16 @@ cmake_minimum_required (VERSION 2.8) project(sapp_ctest) -add_test(NAME COPY_CREATE_DIR COMMAND sh -c "mkdir -p ${CMAKE_BINARY_DIR}/testing/ ${CMAKE_BINARY_DIR}/testing/plug") -add_test(NAME COPY_MASTER_GTEST_BIN COMMAND sh -c "cp ${CMAKE_BINARY_DIR}/test/master_gtest ${CMAKE_BINARY_DIR}/testing/") -add_test(NAME COPY_MASTER_GTEST_CONF COMMAND sh -c "cp -r ${CMAKE_SOURCE_DIR}/test/bin/etc/ ${CMAKE_BINARY_DIR}/testing/") -add_test(NAME COPY_MASTER_GTEST_CONFLIST COMMAND sh -c "cp -r ${CMAKE_SOURCE_DIR}/test/bin/conflist.inf ${CMAKE_BINARY_DIR}/testing/plug") +add_test(NAME COPY_CREATE_DIR COMMAND sh -c "mkdir -p ${CMAKE_BINARY_DIR}/testing/tsgconf/ ") +add_test(NAME COPY_GTEST_MAIN_CONF COMMAND sh -c "cp -r ${CMAKE_SOURCE_DIR}/bin/main.conf ${CMAKE_BINARY_DIR}/testing/tsgconf/") +add_test(NAME COPY_GTEST_MAAT_CONF COMMAND sh -c "cp -r ${CMAKE_SOURCE_DIR}/bin/maat.conf ${CMAKE_BINARY_DIR}/testing/tsgconf/") +add_test(NAME COPY_GTEST_LOG_CONF COMMAND sh -c "cp -r ${CMAKE_SOURCE_DIR}/bin/tsg_log_field.conf ${CMAKE_BINARY_DIR}/testing/tsgconf/") +add_test(NAME COPY_GTEST_PROTO_CONF COMMAND sh -c "cp -r ${CMAKE_SOURCE_DIR}/bin/tsg_l7_protocol.conf ${CMAKE_BINARY_DIR}/testing/tsgconf/") +add_test(NAME COPY_GTEST_TABLEINFO COMMAND sh -c "cp -r ${CMAKE_SOURCE_DIR}/bin/tsg_static_tableinfo.conf ${CMAKE_BINARY_DIR}/testing/tsgconf/") +add_test(NAME COPY_GTEST_MAAT_RULE COMMAND sh -c "cp -r ${CMAKE_SOURCE_DIR}/test/bin/gtest_maat.json ${CMAKE_BINARY_DIR}/testing/tsgconf/tsg_maat.json") - -add_test(NAME COPY_MASTER_DIR COMMAND sh -c "mkdir -p ${CMAKE_BINARY_DIR}/testing/plug/platform/tsg_master/") -add_test(NAME COPY_MASTER_INF COMMAND sh -c "cp ${CMAKE_SOURCE_DIR}/bin/tsg_master.inf ${CMAKE_BINARY_DIR}/testing/plug/platform/tsg_master/tsg_master.inf") -add_test(NAME COPY_MASTER_SO COMMAND sh -c "cp ${CMAKE_BINARY_DIR}/test/tsg_master_gtest.so ${CMAKE_BINARY_DIR}/testing/plug/platform/tsg_master/tsg_master.so") -add_test(NAME COPY_MASTER_CONF COMMAND sh -c "cp -r ${CMAKE_SOURCE_DIR}/bin/ ${CMAKE_BINARY_DIR}/testing/tsgconf") +add_test(NAME COPY_GTEST_RULE_BIN COMMAND sh -c "cp ${CMAKE_BINARY_DIR}/test/src/gtest_rule ${CMAKE_BINARY_DIR}/testing/") +add_test(NAME COPY_GTEST_MASTER COMMAND sh -c "cp -r ${CMAKE_BINARY_DIR}/test/src/gtest_master ${CMAKE_BINARY_DIR}/testing/") add_test(NAME FAKE_TEST COMMAND sh -c "pwd") diff --git a/inc/tsg_label.h b/inc/tsg_label.h index a674ded..03258e7 100644 --- a/inc/tsg_label.h +++ b/inc/tsg_label.h @@ -107,23 +107,6 @@ struct session_attribute_label unsigned long session_flags; }; -struct policy_priority_label -{ - tsg_protocol_t proto; //enum _tsg_protocol (tsg_types.h) - int domain_len; - int result_type; //enum _PULL_RESULT_TYPE (tsg_rule.h) - int result_num; - union - { - char *http_url; - char *quic_ua; - void *para; - }; - char domain[MAX_DOMAIN_LEN]; - Maat_rule_t result[MAX_RESULT_NUM]; -}; - - struct tsg_conn_sketch_notify_data { tsg_protocol_t protocol; @@ -135,6 +118,11 @@ struct tsg_conn_sketch_notify_data }pdata; }; +struct notify_shaping_policy +{ + int shaping_result_num; + struct Maat_rule_t shaping_result[MAX_RESULT_NUM]; +}; enum NOTIFY_TYPE { diff --git a/inc/tsg_rule.h b/inc/tsg_rule.h index 3545288..42f3542 100644 --- a/inc/tsg_rule.h +++ b/inc/tsg_rule.h @@ -12,6 +12,7 @@ #define TSG_ACTION_MONITOR 0x01 #define TSG_ACTION_INTERCEPT 0x02 #define TSG_ACTION_DENY 0x10 +#define TSG_ACTION_SHAPING 0x20 #define TSG_ACTION_MANIPULATE 0x30 #define TSG_ACTION_BYPASS 0x80 #define TSG_ACTION_MAX 0x80 @@ -54,6 +55,8 @@ int tsg_rule_init(const char *conffile, void *logger); int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *a_stream, tsg_protocol_t proto, scan_status_t *mid, Maat_rule_t*result, int result_num); int tsg_pull_policy_result(struct streaminfo *a_stream, PULL_RESULT_TYPE pull_result_type, Maat_rule_t*result, int result_num, struct identify_info *identify_info); +int tsg_pull_shaping_result(struct streaminfo *a_stream, Maat_rule_t*result, int result_num); + char *tsg_pull_quic_ua(struct streaminfo *a_stream); char *tsg_pull_http_url(struct streaminfo *a_stream); @@ -86,5 +89,6 @@ int tsg_get_fqdn_category_id(Maat_feather_t maat_feather, char *fqdn, unsigned i int tsg_scan_app_id_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *name, unsigned int id, int thread_seq); int tsg_scan_fqdn_category_id(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, int table_id, unsigned int *category_id, int category_id_num, int thread_seq); int tsg_notify_hited_monitor_result(const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, int thread_seq); +int tsg_notify_hited_shaping_result(const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, int thread_seq); #endif diff --git a/src/tsg_entry.cpp b/src/tsg_entry.cpp index 94f6b30..245bc9c 100644 --- a/src/tsg_entry.cpp +++ b/src/tsg_entry.cpp @@ -66,6 +66,7 @@ id2field_t g_tsg_fs2_field[TSG_FS2_MAX]={{0, TSG_FS2_TCP_LINKS, "tcp_links"}, {0, TSG_FS2_HIT_ADDR, "hit_addr"}, {0, TSG_FS2_HIT_SHARE, "hit_share"}, {0, TSG_FS2_INTERCEPT, "intercept"}, + {0, TSG_FS2_SHAPING, "shaping"}, {0, TSG_FS2_EXCLUSION, "exclusion"}, {0, TSG_FS2_APP_DPKT_RESULT, "D_result"}, {0, TSG_FS2_APP_Q_RESULT, "Q_result"}, @@ -880,6 +881,15 @@ static void free_tcpall_label(int thread_seq, void *project_req_value) return ; } +void free_shaping_result(const struct streaminfo *stream, int bridge_id, void *data) +{ + if(data!=NULL) + { + dictator_free(stream->threadnum, data); + data=NULL; + } +} + void free_policy_label(int thread_seq, void *project_req_value) { if(project_req_value!=NULL) @@ -956,84 +966,6 @@ static void copy_monitor_result(const struct streaminfo *a_stream, struct master } -static void copy_result_to_project(const struct streaminfo *a_stream, struct master_context *context, struct Maat_rule_t *p_result, PULL_RESULT_TYPE result_type, int thread_seq) -{ - int ret=0; - struct policy_priority_label *priority_label=NULL; - - priority_label=(struct policy_priority_label *)project_req_get_struct((struct streaminfo *)a_stream, g_tsg_para.priority_project_id); - if(priority_label==NULL) - { - priority_label=(struct policy_priority_label *)dictator_malloc(thread_seq, sizeof(struct policy_priority_label)); - memset(priority_label, 0, sizeof(struct policy_priority_label)); - } - else - { - MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_DEBUG, - "DUP_HIT_POLICY", - "Hit policy, domain: %s policy_id: %d action: %d addr: %s", - (context->domain!=NULL ? context->domain : ""), - p_result->config_id, - (unsigned char)p_result->action, - PRINTADDR(a_stream, g_tsg_para.level) - ); - } - - - priority_label->proto=context->proto; - if(context->domain!=NULL) - { - priority_label->domain_len=MIN(sizeof(priority_label->domain)-1 ,strlen(context->domain)); - memcpy(priority_label->domain, context->domain, priority_label->domain_len); - } - - if(context->para!=NULL) - { - int length=strlen(context->http_url); - priority_label->para=dictator_malloc(thread_seq,length+1); - memcpy(priority_label->para, context->para, length); - ((char *)priority_label->para)[length]='\0'; - } - - if(priority_label->result_num<=0 || (priority_label->result[0].action < p_result->action)) - { - priority_label->result_num=1; - priority_label->result_type=result_type; - memcpy(priority_label->result, p_result, sizeof(struct Maat_rule_t)); - } - - ret=project_req_add_struct((struct streaminfo *)a_stream, g_tsg_para.priority_project_id, (void *)priority_label); - if(ret<0) - { - free_policy_label(thread_seq, (void *)priority_label); - MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_FATAL, - "PROJECT_ADD", - "Add policy_priority_label failed, policy, domain: %s para(url/ua): %s policy_id: %d action: %d addr: %s", - (context->domain!=NULL ? context->domain : ""), - (context->para!=NULL ? context->http_url : ""), - priority_label->result[0].config_id, - (unsigned char)priority_label->result[0].action, - PRINTADDR(a_stream, g_tsg_para.level) - ); - return ; - } - - MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_DEBUG, - "COPY_RESULT", - "Hit policy, domain: %s para(url/ua): %s policy_id: %d action: %d addr: %s", - (context->domain!=NULL ? context->domain : ""), - (context->para!=NULL ? context->http_url : ""), - priority_label->result[0].config_id, - (unsigned char)priority_label->result[0].action, - PRINTADDR(a_stream, g_tsg_para.level) - ); - - return ; -} - static void copy_bypass_result(const struct streaminfo *a_stream, struct master_context *context, struct Maat_rule_t *p_result, int thread_seq) { if(context->result==NULL) @@ -1424,6 +1356,155 @@ char get_direction_from_tcpall(const struct streaminfo *a_stream) return -1; } +int get_shaping_result(struct Maat_rule_t *hit_result, int hit_num, struct Maat_rule_t *shaping_result, int shaping_result_num) +{ + int shaping_cnt=0; + for(int i=0; ishaping_result[shaping_label->shaping_result_num]); + int num=MIN(MAX_RESULT_NUM-shaping_label->shaping_result_num, p_result_num); + for(int i=0; ishaping_result_num+inc_result_num; j++) + { + if(p_result[i].config_id==shaping_label->shaping_result[j].config_id) + { + repeat_result=1; + break; + } + } + + if(repeat_result==0) + { + memcpy(&(inc_result[inc_result_num++]), &(p_result[i]), sizeof(struct Maat_rule_t)); + } + } + + struct notify_shaping_policy sync_result={0, {0}}; + sync_result.shaping_result_num=inc_result_num; + memcpy(sync_result.shaping_result, inc_result, inc_result_num*sizeof(struct Maat_rule_t)); + stream_bridge_sync_data_put(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT], (void *)&sync_result); + + shaping_label->shaping_result_num+=inc_result_num; + int ret=stream_bridge_async_data_put((struct streaminfo *)a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT], (void *)shaping_label); + if(ret<0) + { + free_shaping_result(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT], (void *)shaping_label); + return ; + } +} + +int tsg_notify_hited_shaping_result(const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, int thread_seq) +{ + set_shaping_result_to_project(a_stream, result, result_num, thread_seq); + return 0; +} + + +static void set_security_result_to_project(const struct streaminfo *a_stream, struct master_context *context, struct Maat_rule_t *p_result, int p_result_num, PULL_RESULT_TYPE result_type, int thread_seq) +{ + if(p_result==NULL || p_result_num==0) + { + return ; + } + + struct policy_priority_label *priority_label=(struct policy_priority_label *)project_req_get_struct((struct streaminfo *)a_stream, g_tsg_para.priority_project_id); + if(priority_label==NULL) + { + priority_label=(struct policy_priority_label *)dictator_malloc(thread_seq, sizeof(struct policy_priority_label)); + memset(priority_label, 0, sizeof(struct policy_priority_label)); + } + else + { + MESA_handle_runtime_log(g_tsg_para.logger, + RLOG_LV_DEBUG, + "DUP_HIT_POLICY", + "Hit policy, domain: %s policy_id: %d action: %d addr: %s", + (context->domain!=NULL ? context->domain : ""), + p_result->config_id, + (unsigned char)p_result->action, + PRINTADDR(a_stream, g_tsg_para.level) + ); + } + + priority_label->proto=context->proto; + if(context->domain!=NULL) + { + priority_label->domain_len=MIN(sizeof(priority_label->domain)-1 ,strlen(context->domain)); + memcpy(priority_label->domain, context->domain, priority_label->domain_len); + } + + if(context->para!=NULL) + { + int length=strlen(context->http_url); + priority_label->para=dictator_malloc(thread_seq,length+1); + memcpy(priority_label->para, context->para, length); + ((char *)priority_label->para)[length]='\0'; + } + + if(priority_label->security_result_num<=0 || (priority_label->security_result[0].action < p_result->action)) + { + priority_label->security_result_num=1; + priority_label->result_type=result_type; + memcpy(priority_label->security_result, p_result, sizeof(struct Maat_rule_t)); + } + + int ret=project_req_add_struct((struct streaminfo *)a_stream, g_tsg_para.priority_project_id, (void *)priority_label); + if(ret<0) + { + free_policy_label(thread_seq, (void *)priority_label); + MESA_handle_runtime_log(g_tsg_para.logger, + RLOG_LV_FATAL, + "PROJECT_ADD", + "Add policy_priority_label failed, policy, domain: %s para(url/ua): %s policy_id: %d action: %d addr: %s", + (context->domain!=NULL ? context->domain : ""), + (context->para!=NULL ? context->http_url : ""), + priority_label->security_result[0].config_id, + (unsigned char)priority_label->security_result[0].action, + PRINTADDR(a_stream, g_tsg_para.level) + ); + return ; + } + + MESA_handle_runtime_log(g_tsg_para.logger, + RLOG_LV_DEBUG, + "COPY_RESULT", + "Hit policy, domain: %s para(url/ua): %s policy_id: %d action: %d addr: %s", + (context->domain!=NULL ? context->domain : ""), + (context->para!=NULL ? context->http_url : ""), + priority_label->security_result[0].config_id, + (unsigned char)priority_label->security_result[0].action, + PRINTADDR(a_stream, g_tsg_para.level) + ); + + return ; +} + void set_session_attribute_label(const struct streaminfo *a_stream, enum TSG_ATTRIBUTE_TYPE type, void *value, int value_len, int thread_seq) { @@ -1654,6 +1735,11 @@ struct Maat_rule_t *tsg_policy_decision_criteria(Maat_rule_t *result, int result for(i=0; ithreadnum); + + FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_SHAPING], 0, FS_OP_ADD, 1); + set_method_to_tcpall(a_stream, TSG_METHOD_TYPE_UNKNOWN, a_stream->threadnum); + + return 0; +} + static unsigned char master_deal_scan_result(const struct streaminfo *a_stream, struct master_context *context, struct Maat_rule_t *result, int hit_num, const void *a_packet) { Maat_rule_t *p_result=NULL; - unsigned char state=APP_STATE_GIVEME; + unsigned char state=APP_STATE_GIVEME; p_result=tsg_policy_decision_criteria(result, hit_num); if(p_result!=NULL) @@ -1977,7 +2076,7 @@ static unsigned char master_deal_scan_result(const struct streaminfo *a_stream, if((state&APP_STATE_DROPPKT)==APP_STATE_DROPPKT || (state&APP_STATE_KILL_OTHER)) { copy_deny_result(a_stream, context, p_result, a_stream->threadnum); - copy_result_to_project(a_stream, context, p_result, PULL_FW_RESULT, a_stream->threadnum); + set_security_result_to_project(a_stream, context, p_result, 1, PULL_FW_RESULT, a_stream->threadnum); MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "DENY", @@ -1999,7 +2098,7 @@ static unsigned char master_deal_scan_result(const struct streaminfo *a_stream, break; case TSG_ACTION_BYPASS: copy_bypass_result(a_stream, context, p_result, a_stream->threadnum); - copy_result_to_project(a_stream, context, p_result, PULL_FW_RESULT, a_stream->threadnum); + set_security_result_to_project(a_stream, context, p_result, 1, PULL_FW_RESULT, a_stream->threadnum); FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_BYPASS], 0, FS_OP_ADD, 1); state=APP_STATE_GIVEME|APP_STATE_KILL_OTHER; @@ -2012,7 +2111,7 @@ static unsigned char master_deal_scan_result(const struct streaminfo *a_stream, break; } - copy_result_to_project(a_stream, context, p_result, PULL_KNI_RESULT, a_stream->threadnum); + set_security_result_to_project(a_stream, context, p_result, 1, PULL_KNI_RESULT, a_stream->threadnum); FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_INTERCEPT], 0, FS_OP_ADD, 1); state=APP_STATE_DROPME|APP_STATE_KILL_OTHER; @@ -2023,6 +2122,11 @@ static unsigned char master_deal_scan_result(const struct streaminfo *a_stream, } } + if(state==APP_STATE_GIVEME) + { + master_deal_shaping_result(a_stream, result, hit_num); + } + return state; } @@ -2030,7 +2134,7 @@ static int app_identify_result_cb(const struct streaminfo *a_stream, int bridge_ { int hit_num=0,app_id=-1; int is_parent_ssl=0; - struct master_context *context=NULL; + struct master_context *context=NULL; struct gather_app_result *gather_result=NULL; struct Maat_rule_t scan_result[MAX_RESULT_NUM]={0}, *p_result=NULL; struct app_identify_result *identify_result=(struct app_identify_result *)data; @@ -2139,7 +2243,6 @@ static int session_flags_identify_result_cb(const struct streaminfo *a_stream, i context->sync_cb_state=master_deal_scan_result(a_stream, context, scan_result, hit_num, NULL); - return 0; } @@ -2248,7 +2351,6 @@ static unsigned char tsg_master_data_entry(const struct streaminfo *a_stream, vo } hit_num+=deal_pending_state(a_stream, context, scan_result+hit_num, MAX_RESULT_NUM-hit_num, a_packet); - p_result=tsg_policy_decision_criteria(scan_result, hit_num); state=master_deal_scan_result(a_stream, context, scan_result, hit_num, a_packet); context->deal_pkt_num++; break; @@ -2348,7 +2450,7 @@ static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, uns struct Maat_rule_t *p_result=NULL; unsigned char state=APP_STATE_GIVEME; struct identify_info tmp_identify_info; - struct Maat_rule_t result[MAX_RESULT_NUM]={0}; + struct Maat_rule_t security_result[MAX_RESULT_NUM]={0}; struct tcpall_context *all_context=(struct tcpall_context *)(*pme); if(stream_state==OP_STATE_PENDING && all_context->method_type!=TSG_METHOD_TYPE_ALLOW && !(all_context->udp_data_dropme)) @@ -2359,21 +2461,29 @@ static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, uns all_context->default_policy_after_n_packets=get_default_para(a_stream, g_tsg_para.default_compile_id); } - hit_num=tsg_scan_nesting_addr(g_tsg_maat_feather, a_stream, PROTO_UNKONWN, &scan_mid, result, MAX_RESULT_NUM); + hit_num=tsg_scan_nesting_addr(g_tsg_maat_feather, a_stream, PROTO_UNKONWN, &scan_mid, security_result, MAX_RESULT_NUM); if(hit_num>0) { - p_result=tsg_policy_decision_criteria(result, hit_num); - switch(p_result->action) + p_result=tsg_policy_decision_criteria(security_result, hit_num); + if(p_result!=NULL) { - case TSG_ACTION_DENY: - state=tsg_deal_deny_action(a_stream, p_result, PROTO_UNKONWN, ACTION_RETURN_TYPE_TCPALL, a_packet); - master_send_log(a_stream, p_result, 1, NULL, thread_seq); - break; - case TSG_ACTION_MONITOR: - tsg_notify_hited_monitor_result(a_stream, result, hit_num, thread_seq); - break; - default: - break; + switch(p_result->action) + { + case TSG_ACTION_DENY: + state=tsg_deal_deny_action(a_stream, p_result, PROTO_UNKONWN, ACTION_RETURN_TYPE_TCPALL, a_packet); + master_send_log(a_stream, p_result, 1, NULL, thread_seq); + break; + case TSG_ACTION_MONITOR: + tsg_notify_hited_monitor_result(a_stream, security_result, hit_num, thread_seq); + break; + default: + break; + } + } + + if(state==APP_STATE_GIVEME) + { + master_deal_shaping_result(a_stream, security_result, hit_num); } } @@ -2396,21 +2506,22 @@ static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, uns state|=APP_STATE_GIVEME|APP_STATE_DROPPKT; } break; - case TSG_METHOD_TYPE_TAMPER: - if(0 == send_tamper_xxx(a_stream, &all_context->tamper_count, a_packet)){ - state|=APP_STATE_GIVEME|APP_STATE_DROPPKT; - } - break; + case TSG_METHOD_TYPE_TAMPER: + if(0 == send_tamper_xxx(a_stream, &all_context->tamper_count, a_packet)) + { + state|=APP_STATE_GIVEME|APP_STATE_DROPPKT; + } + break; case TSG_METHOD_TYPE_DEFAULT: if(!is_do_default_policy(a_stream, all_context->default_policy_after_n_packets) || stream_state==OP_STATE_CLOSE) { break; } - if(get_default_policy(g_tsg_para.default_compile_id, &result[0])) + if(get_default_policy(g_tsg_para.default_compile_id, &security_result[0])) { - state=tsg_deal_deny_action(a_stream, &result[0], PROTO_UNKONWN, ACTION_RETURN_TYPE_TCPALL, a_packet); - master_send_log(a_stream, &result[0], 1, NULL, thread_seq); + state=tsg_deal_deny_action(a_stream, &security_result[0], PROTO_UNKONWN, ACTION_RETURN_TYPE_TCPALL, a_packet); + master_send_log(a_stream, &security_result[0], 1, NULL, thread_seq); } break; case TSG_METHOD_TYPE_DROP: @@ -2424,7 +2535,7 @@ static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, uns break; } - ret=tsg_pull_policy_result((struct streaminfo *)a_stream,PULL_FW_RESULT, &result[0], 1, &tmp_identify_info); + ret=tsg_pull_policy_result((struct streaminfo *)a_stream,PULL_FW_RESULT, &security_result[0], 1, &tmp_identify_info); if(ret<=0) { break; @@ -2432,11 +2543,11 @@ static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, uns if(all_context->hited_para.hited_app_id<=0) { - state=tsg_deal_deny_action(a_stream, &result[0], all_context->protocol, ACTION_RETURN_TYPE_TCPALL, a_packet); + state=tsg_deal_deny_action(a_stream, &security_result[0], all_context->protocol, ACTION_RETURN_TYPE_TCPALL, a_packet); } else { - state=tsg_deny_application(a_stream, &result[0], all_context->protocol, all_context->hited_para.hited_app_id, ACTION_RETURN_TYPE_TCPALL, a_packet); + state=tsg_deny_application(a_stream, &security_result[0], all_context->protocol, all_context->hited_para.hited_app_id, ACTION_RETURN_TYPE_TCPALL, a_packet); } break; default: @@ -2625,6 +2736,7 @@ extern "C" int TSG_MASTER_INIT() MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "SKETCH_NOTIFY_BRIDGE_NAME", g_tsg_para.bridge_name[BRIDGE_TYPE_RECV_CONN_SKETCH_DATA],_MAX_TABLE_NAME_LEN, "TSG_CONN_SKETCH_NOTIFY_DATA"); MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "MASTER_NOTIFY_BRIDGE_NAME", g_tsg_para.bridge_name[BRIDGE_TYPE_SEND_CONN_SKETCH_DATA],_MAX_TABLE_NAME_LEN, "TSG_MASTER_NOTIFY_DATA"); MESA_load_profile_string_def(tsg_conffile, "SESSION_FLAGS", "FLAGS_NOTIFY_BRIDGE_NAME", g_tsg_para.bridge_name[BRIDGE_TYPE_NOTIFY_FLAGS],_MAX_TABLE_NAME_LEN, "SESSION_FLAGS_SYNC_NOTIFY_DATA"); + MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "SHAPING_RESULT_BRIDGE_NAME", g_tsg_para.bridge_name[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT],_MAX_TABLE_NAME_LEN, "NOTIFY_SHAPING_RESULT"); for(i=0; iproto=proto; - priority_label->result_num=1; + priority_label->security_result_num=1; priority_label->result_type=result_type; - memcpy(priority_label->result, p_result, sizeof(struct Maat_rule_t)); + memcpy(priority_label->security_result, p_result, sizeof(struct Maat_rule_t)); int ret=project_req_add_struct((struct streaminfo *)a_stream, g_tsg_para.priority_project_id, (void *)priority_label); if(ret<0) @@ -2259,8 +2259,8 @@ int tsg_set_policy_result(const struct streaminfo *a_stream, PULL_RESULT_TYPE re RLOG_LV_FATAL, "PROJECT_ADD", "Add policy_priority_label failed, policy, policy_id: %d action: %d addr: %s", - priority_label->result[0].config_id, - (unsigned char)priority_label->result[0].action, + priority_label->security_result[0].config_id, + (unsigned char)priority_label->security_result[0].action, PRINTADDR(a_stream, g_tsg_para.level) ); return -1; @@ -2270,14 +2270,26 @@ int tsg_set_policy_result(const struct streaminfo *a_stream, PULL_RESULT_TYPE re RLOG_LV_DEBUG, "COPY_RESULT", "Hit policy, policy_id: %d action: %d addr: %s", - priority_label->result[0].config_id, - (unsigned char)priority_label->result[0].action, + priority_label->security_result[0].config_id, + (unsigned char)priority_label->security_result[0].action, PRINTADDR(a_stream, g_tsg_para.level) ); return 0; } +int tsg_pull_shaping_result(struct streaminfo *a_stream, Maat_rule_t*result, int result_num) +{ + struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)stream_bridge_async_data_get(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT]); + if(shaping_label!=NULL && result!=NULL && result_num>0) + { + int num=MIN(shaping_label->shaping_result_num, result_num); + memcpy(result, shaping_label->shaping_result, num*sizeof(Maat_rule_t)); + return num; + } + + return 0; +} int tsg_pull_policy_result(struct streaminfo *a_stream, PULL_RESULT_TYPE pull_result_type, Maat_rule_t*result, int result_num, struct identify_info *identify_info) { @@ -2289,8 +2301,8 @@ int tsg_pull_policy_result(struct streaminfo *a_stream, PULL_RESULT_TYPE pull_re { if((label->result_type==pull_result_type) || (pull_result_type==PULL_ALL_RESULT)) { - num=MIN(label->result_num, result_num); - memcpy(result, label->result, num*sizeof(Maat_rule_t)); + num=MIN(label->security_result_num, result_num); + memcpy(result, label->security_result, num*sizeof(Maat_rule_t)); if(label->domain_len>0) { diff --git a/src/tsg_send_log.cpp b/src/tsg_send_log.cpp index bf9d74d..b28849a 100644 --- a/src/tsg_send_log.cpp +++ b/src/tsg_send_log.cpp @@ -1209,6 +1209,17 @@ struct TLD_handle_t *TLD_create(int thread_id) return _handle; } +int TLD_convert_json(struct TLD_handle_t *_handle, char *buff, unsigned int buff_len) +{ + StringBuffer sb(0, 2048); + Writer writer(sb); + _handle->document->Accept(writer); + + memcpy(buff, sb.GetString(), MIN(sb.GetSize(), buff_len)); + + return 1; +} + static int set_mail_eml(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream) { struct tsg_conn_sketch_notify_data *notify_mail=(struct tsg_conn_sketch_notify_data *)stream_bridge_async_data_get(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_RECV_CONN_SKETCH_DATA]); @@ -1326,6 +1337,27 @@ static int set_tunnel_ipv4v6_port(struct tsg_log_instance_t *_instance, struct T return 0; } +int set_shaping_rule_ids(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream) +{ + struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)stream_bridge_async_data_get(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT]); + if(shaping_label==NULL) + { + return 0; + } + + int offset=0; + char shaping_rule_ids[512]={0}; + for(int i=0; ishaping_result_num; i++) + { + offset+=snprintf(shaping_rule_ids+offset, sizeof(shaping_rule_ids)-offset, "%d,", shaping_label->shaping_result[i].config_id); + } + + shaping_rule_ids[offset-1]='\0'; + TLD_append(_handle, _instance->id2field[LOG_COMMON_SHAPING_RULE_IDS].name, (void *)shaping_rule_ids, TLD_TYPE_STRING); + + return 1; +} + static int set_common_tunnels(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream) { int ret=0; @@ -2082,7 +2114,7 @@ int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handl if(_instance->mode==CLOSE) { - TLD_cancel(handle); + TLD_cancel(handle); FS_operate(_instance->fs2_handle, _instance->sum_line_id, _instance->fs2_field_id[LOG_COLUMN_STATUS_DROP], FS_OP_ADD, 1); MESA_handle_runtime_log(_instance->logger, RLOG_LV_INFO, "TSG_SEND_LOG", "Disable tsg_send_log."); return 0; @@ -2108,6 +2140,11 @@ int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handl TLD_append(_handle, _instance->id2field[LOG_COMMON_TRAFFIC_VSYSTEM_ID].name, (void *)(long)_instance->vsystem_id, TLD_TYPE_LONG); set_application_behavior(_instance, _handle, log_msg->a_stream); + + if(log_msg->result[i].service_id==2 && log_msg->a_stream!=NULL) // stream of intercept is NULL + { + set_shaping_rule_ids(_instance, _handle, log_msg->a_stream); + } for(i=0;iresult_num; i++) { @@ -2170,7 +2207,7 @@ int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handl ); continue; } - + TLD_append(_handle, _instance->id2field[LOG_COMMON_POLICY_ID].name, (void *)(long)(log_msg->result[i].config_id), TLD_TYPE_LONG); TLD_append(_handle, _instance->id2field[LOG_COMMON_SERVICE].name, (void *)(long)(log_msg->result[i].service_id), TLD_TYPE_LONG); TLD_append(_handle, _instance->id2field[LOG_COMMON_ACTION].name, (void *)(long)((unsigned char)log_msg->result[i].action), TLD_TYPE_LONG); diff --git a/src/tsg_send_log_internal.h b/src/tsg_send_log_internal.h index f7dd452..aeef081 100644 --- a/src/tsg_send_log_internal.h +++ b/src/tsg_send_log_internal.h @@ -134,6 +134,7 @@ typedef enum _tsg_log_field_id LOG_COMMON_TRAFFIC_VSYSTEM_ID, LOG_COMMON_APP_FULL_PATH, LOG_COMMON_FLAGS, + LOG_COMMON_SHAPING_RULE_IDS, LOG_COMMON_MAX }tsg_log_field_id_t; diff --git a/src/tsg_variable.cpp b/src/tsg_variable.cpp new file mode 100644 index 0000000..8a6d55b --- /dev/null +++ b/src/tsg_variable.cpp @@ -0,0 +1,89 @@ +#include +#include +#include +#include +#include +#include + +#include "tsg_variable.h" + +g_tsg_para_t g_tsg_para; + +id2field_t g_tsg_fs2_field[TSG_FS2_MAX]={{0, TSG_FS2_TCP_LINKS, "tcp_links"}, + {0, TSG_FS2_UDP_LINKS, "udp_links"}, + {0, TSG_FS2_BYPASS, "bypass"}, + {0, TSG_FS2_HIT_ADDR, "hit_addr"}, + {0, TSG_FS2_HIT_SHARE, "hit_share"}, + {0, TSG_FS2_INTERCEPT, "intercept"}, + {0, TSG_FS2_SHAPING, "shaping"}, + {0, TSG_FS2_EXCLUSION, "exclusion"}, + {0, TSG_FS2_APP_DPKT_RESULT, "D_result"}, + {0, TSG_FS2_APP_Q_RESULT, "Q_result"}, + {0, TSG_FS2_APP_USER_RESULT, "U_result"}, + {0, TSG_FS2_APP_BUILT_IN_RESULT, "B_result"}, + {0, TSG_FS2_INJECT_PKT_SUCCESS, "inject_succuess"}, + {0, TSG_FS2_INJECT_PKT_FAILED, "inject_failed"}, + {0, TSG_FS2_MIRRORED_PKT_SUCCESS, "mirror_pkt_suc"}, + {0, TSG_FS2_MIRRORED_BYTE_SUCCESS, "mirror_byte_suc"}, + {0, TSG_FS2_MIRRORED_PKT_FAILED, "mirror_pkt_fai"}, + {0, TSG_FS2_MIRRORED_BYTE_FAILED, "mirror_byte_fai"}, + {0, TSG_FS2_SET_TIMOUT_SUCCESS, "set_timeout_suc"}, + {0, TSG_FS2_SET_TIMOUT_FAILED, "set_timeout_fai"}, + {0, TSG_FS2_SUCESS_TAMPER, "tamper_sucess"}, + {0, TSG_FS2_TAMPER_FAILED_PLOAD_LESS_4, "tamper_nopload"}, + {0, TSG_FS2_TAMPER_FAILED_NOSWAP, "tamper_noswap"}, + {0, TSG_FS2_ASN_ADD, "asn_add"}, + {0, TSG_FS2_ASN_DEL, "asn_del"}, + {0, TSG_FS2_GTPC_ADD, "gtpc_add"}, + {0, TSG_FS2_GTPC_DEL, "gtpc_del"}, + {0, TSG_FS2_LOCATION_ADD, "location_add"}, + {0, TSG_FS2_LOCATION_DEL, "location_del"}, + {0, TSG_FS2_FQDN_ADD, "fqdn_add"}, + {0, TSG_FS2_FQDN_DEL, "fqdn_del"}, + {0, TSG_FS2_SUBSCRIBER_ADD, "subscriber_add"}, + {0, TSG_FS2_SUBSCRIBER_DEL, "subscriber_del"}, + {0, TSG_FS2_SECURIRY_ADD, "security_add"}, + {0, TSG_FS2_SECURIRY_DEL, "security_del"}, + {0, TSG_FS2_MIRRORED_ADD, "mirrored_add"}, + {0, TSG_FS2_MIRRORED_DEL, "mirrored_del"}, + {0, TSG_FS2_HTTP_RES_ADD, "http_res_add"}, + {0, TSG_FS2_HTTP_RES_DEL, "http_res_del"}, + {0, TSG_FS2_DNS_RES_ADD, "dns_profile_add"}, + {0, TSG_FS2_DNS_RES_DEL, "dns_profile_del"}, + {0, TSG_FS2_APP_ID_ADD, "app_id_add"}, + {0, TSG_FS2_APP_ID_DEL, "app_id_del"}, + {0, TSG_FS2_TUNNEL_CATALOG_ADD, "t_catalog_add"}, + {0, TSG_FS2_TUNNEL_CATALOG_DEL, "t_catalog_del"}, + {0, TSG_FS2_TUNNEL_ENDPOINT_ADD, "t_endpoint_add"}, + {0, TSG_FS2_TUNNEL_ENDPOINT_DEL, "t_endpoint_del"}, + {0, TSG_FS2_TUNNEL_LABEL_ADD, "t_label_add"}, + {0, TSG_FS2_TUNNEL_LABEL_DEL, "t_label_del"} + }; + +id2field_t g_tsg_proto_name2id[PROTO_MAX]={{PROTO_UNKONWN, 0, "unknown"}, + {PROTO_IPv4, 0, "IPV4"}, + {PROTO_IPv6, 0, "IPV6"}, + {PROTO_TCP, 0, "TCP"}, + {PROTO_UDP, 0, "UDP"}, + {PROTO_HTTP, 0, "HTTP"}, + {PROTO_MAIL, 0, "MAIL"}, + {PROTO_DNS, 0, "DNS"}, + {PROTO_FTP, 0, "FTP"}, + {PROTO_SSL, 0, "SSL"}, + {PROTO_SIP, 0, "SIP"}, + {PROTO_BGP, 0, "BGP"}, + {PROTO_STREAMING_MEDIA, 0, "STREAMING_MEDIA"}, + {PROTO_QUIC, 0, "QUIC"}, + {PROTO_SSH, 0, "SSH"}, + {PROTO_SMTP, 0, "SMTP"}, + {PROTO_IMAP, 0, "IMAP"}, + {PROTO_POP3, 0, "POP3"}, + {PROTO_RTP, 0, "RTP"}, + {PROTO_APP, 0, "BASE"}, + {PROTO_L2TP, 0, "L2TP"}, + {PROTO_PPTP, 0, "PPTP"}, + {PROTO_STRATUM, 0, "Stratum"}, + {PROTO_RDP, 0, "RDP"}, + {PROTO_DTLS, 0, "DTLS"} + }; + diff --git a/src/tsg_variable.h b/src/tsg_variable.h new file mode 100644 index 0000000..0e4a433 --- /dev/null +++ b/src/tsg_variable.h @@ -0,0 +1,69 @@ +#pragma once + +struct reset_argv +{ + int pkt_num; + int seed1; + int seed2; + int th_flags; + int dir; + int remedy; +}; + +#define _MAX_TABLE_NAME_LEN 64 +typedef struct tsg_para +{ + int level; + short mirror_switch; + unsigned short timeout; + int dynamic_maat_switch; + int location_field_num; + int app_dict_field_num; + int device_seq_in_dc; + int datacenter_id; + int scan_signaling_switch; + int hash_timeout; + int hash_slot_size; + int hash_thread_safe; + int feature_tamper; + enum DEPLOY_MODE deploy_mode; + int scan_time_interval; + int identify_app_max_pkt_num; + int unknown_app_id; + int hit_path_switch; + int default_compile_id; + int table_id[TABLE_MAX]; + int dyn_table_id[DYN_TABLE_MAX]; + int priority_project_id; + int shaping_project_id; + int session_attribute_project_id; + int context_project_id; + int tcpall_project_id; + int gather_app_project_id; + int bridge_id[BRIDGE_TYPE_MAX]; + int proto_flag; //tsg_protocol_t + int fs2_field_id[TSG_FS2_MAX]; + char device_sn[MAX_DOMAIN_LEN/8]; + char log_path[MAX_DOMAIN_LEN/8]; + char device_id_command[MAX_DOMAIN_LEN/8]; + char data_center[_MAX_TABLE_NAME_LEN]; + char device_tag[MAX_DOMAIN_LEN/2]; + char table_name[TABLE_MAX][_MAX_TABLE_NAME_LEN]; + char dyn_table_name[DYN_TABLE_MAX][_MAX_TABLE_NAME_LEN]; + char bridge_name[BRIDGE_TYPE_MAX][_MAX_TABLE_NAME_LEN]; + void *logger; + void *maat_logger; + struct reset_argv reset; + struct mirrored_vlan default_vlan; + screen_stat_handle_t fs2_handle; + struct l7_protocol *name_by_id; + struct l7_protocol *id_by_name; + struct traffic_mirror *mirror_handle; + ctemplate::Template *tpl_403,*tpl_404; + ctemplate::Template *tpl_200,*tpl_204; + ctemplate::Template *tpl_303; +}g_tsg_para_t; + +extern g_tsg_para_t g_tsg_para; +extern Maat_feather_t g_tsg_dynamic_maat_feather; +extern id2field_t g_tsg_proto_name2id[PROTO_MAX]; \ No newline at end of file diff --git a/test/src/CMakeLists.txt b/test/src/CMakeLists.txt index bbd1323..40e398d 100644 --- a/test/src/CMakeLists.txt +++ b/test/src/CMakeLists.txt @@ -1,36 +1,30 @@ cmake_minimum_required(VERSION 2.8) -set(SRC ../src/tsg_entry.cpp ../src/tsg_rule.cpp ../src/tsg_ssl_utils.cpp ../src/tsg_send_log.cpp ../src/tsg_statistic.cpp ../src/tsg_ssh_utils.cpp ../src/tsg_gtp_signaling.cpp ../src/tsg_action.cpp ../src/tsg_leaky_bucket.cpp ../src/tsg_dns.cpp ../src/tsg_icmp.cpp ../src/tsg_tamper.cpp tsg_master_gtest_protocol.cpp tsg_master_gtest_entry.cpp) - include_directories(${CMAKE_SOURCE_DIR}/inc) include_directories(/opt/MESA/include/MESA/) include_directories(/opt/MESA/include) include_directories(/usr/include/) - -set(TSG_MASTER_DEPEND_DYN_LIB MESA_handle_logger MESA_prof_load maatframe pthread MESA_field_stat2 rdkafka cjson MESA_jump_layer) - -set(CMAKE_INSTALL_PREFIX /home/mesasoft/sapp_run) - -add_library(tsg_master_gtest SHARED ${SRC}) -set_target_properties(tsg_master_gtest PROPERTIES LINK_FLAGS "-Wl,--version-script=${PROJECT_SOURCE_DIR}/src/version.map") -target_link_libraries(tsg_master_gtest ${TSG_MASTER_DEPEND_DYN_LIB} ctemplate-static) -set_target_properties(tsg_master_gtest PROPERTIES PREFIX "") - -install(TARGETS tsg_master_gtest LIBRARY DESTINATION ${CMAKE_INSTALL_PREFIX}/plug/platform/tsg_master_gtest COMPONENT LIBRARIES) -install(FILES ../bin/tsg_master.inf DESTINATION ${CMAKE_INSTALL_PREFIX}/plug/platform/tsg_master_gtest COMPONENT PROFILE) - +include_directories(${PROJECT_SOURCE_DIR}/src/) add_definitions(-std=c++11) LINK_DIRECTORIES(/opt/MESA/lib) -file(GLOB TEST_CASE "tsg_master_gtest_main.cpp") - -add_executable(master_gtest ${TEST_CASE}) -target_compile_options(master_gtest PUBLIC ${MEM_POOL_DEFINITIONS}) -target_link_libraries(master_gtest nsl pthread dl m pcap systemd cjson MESA_prof_load MESA_htable MESA_handle_logger MESA_jump_layer breakpad_mini MESA_field_stat2 rdkafka) -target_link_libraries(master_gtest /home/mesasoft/sapp_run/lib/libsapp_devel.so) -target_link_libraries(master_gtest gtest-static ctemplate-static) - -install(TARGETS master_gtest DESTINATION ${CMAKE_INSTALL_PREFIX}/ COMPONENT EXECUTABLE) +add_executable(gtest_rule ${PROJECT_SOURCE_DIR}/src/tsg_rule.cpp gtest_common.cpp gtest_rule.cpp) +target_link_libraries(gtest_rule gtest-static ctemplate-static cjson MESA_prof_load MESA_handle_logger MESA_jump_layer MESA_field_stat2 maatframe) +set(TSG_MASTER_SRC ${PROJECT_SOURCE_DIR}/src/tsg_entry.cpp + ${PROJECT_SOURCE_DIR}/src/tsg_rule.cpp + ${PROJECT_SOURCE_DIR}/src/tsg_ssl_utils.cpp + ${PROJECT_SOURCE_DIR}/src/tsg_send_log.cpp + ${PROJECT_SOURCE_DIR}/src/tsg_statistic.cpp + ${PROJECT_SOURCE_DIR}/src/tsg_ssh_utils.cpp + ${PROJECT_SOURCE_DIR}/src/tsg_gtp_signaling.cpp + ${PROJECT_SOURCE_DIR}/src/tsg_action.cpp + ${PROJECT_SOURCE_DIR}/src/tsg_leaky_bucket.cpp + ${PROJECT_SOURCE_DIR}/src/tsg_dns.cpp + ${PROJECT_SOURCE_DIR}/src/tsg_icmp.cpp + ${PROJECT_SOURCE_DIR}/src/tsg_tamper.cpp +) +add_executable(gtest_master ${TSG_MASTER_SRC} gtest_common.cpp gtest_master.cpp) +target_link_libraries(gtest_master gtest-static ctemplate-static cjson MESA_prof_load MESA_handle_logger MESA_jump_layer MESA_field_stat2 maatframe rdkafka MESA_htable) diff --git a/test/src/gtest_common.cpp b/test/src/gtest_common.cpp new file mode 100644 index 0000000..105d812 --- /dev/null +++ b/test/src/gtest_common.cpp @@ -0,0 +1,239 @@ +#include +#include "tsg_entry.h" + +const char *gtest_addrlist="127.0.0.1.37690>127.0.0.1.443"; + +void dictator_free(int thread_seq, void * pbuf) +{ + free(pbuf); + pbuf=NULL; +} + +void *dictator_malloc(int thread_seq,size_t size) +{ + return calloc(1, size); +} + +const char *printaddr (const struct layer_addr *paddrinfo, int threadindex) +{ + return gtest_addrlist; +} + +int get_thread_count(void) +{ + return 1; +} + +int MESA_rst_tcp(struct streaminfo * stream, struct rst_tcp_para * paras, int para_len) +{ + return 0; +} + +int sapp_inject_pkt(struct streaminfo * stream, enum sapp_inject_opt sio, const void * payload, int payload_len, unsigned char snd_routedir) +{ + return 0; +} + + +unsigned char MESA_dir_reverse(unsigned char raw_route_dir) +{ + return 0; +} + +extern "C" int MESA_get_dev_ipv4(const char * device, int * ip_add) +{ + return 0; +} + + +extern "C" int sendpacket_do_checksum(unsigned char *buf, int protocol, int len) +{ + return 0; +} + +char *layer_addr_ntop_r(const struct streaminfo * pstream, char * out_buf, int out_buf_len) +{ + return NULL; +} + + +const char *layer_addr_prefix_ntop(const struct streaminfo * pstream) +{ + return NULL; +} + +int stream_addr_list_ntop(const struct streaminfo * pstream, char * dst, int size) +{ + return 0; +} + +int MESA_dir_link_to_human(int link_route_dir) +{ + return 0; +} + + +int MESA_set_stream_opt(const struct streaminfo * pstream, enum MESA_stream_opt opt, void * opt_val, int opt_val_len) +{ + return 0; +} + +int MESA_get_stream_opt(const struct streaminfo * pstream, enum MESA_stream_opt opt, void * opt_val, int * opt_val_len) +{ + return 0; +} + + +int sapp_get_platform_opt(enum sapp_platform_opt opt, void * opt_val, int * opt_val_len) +{ + return 0; +} + +int get_rawpkt_opt_from_streaminfo(const struct streaminfo * pstream, int type, void * out_value) +{ + return 0; +} + +#define MAX_BRIDGE_NUM 16 +void *g_bridge_async_data[MAX_BRIDGE_NUM]={0}; +stream_bridge_free_cb_t *g_bridge_async_free[MAX_BRIDGE_NUM]={0}; +stream_bridge_sync_cb_t *g_bridge_sync_cb[MAX_BRIDGE_NUM]={0}; + +int stream_bridge_register_data_free_cb(int bridge_id, stream_bridge_free_cb_t * free_cb_fun) +{ + g_bridge_async_free[bridge_id]=free_cb_fun; + + return 0; +} + +int stream_bridge_register_data_sync_cb(int bridge_id, stream_bridge_sync_cb_t * sync_cb_fun) +{ + if(g_bridge_sync_cb[bridge_id]) + { + g_bridge_sync_cb[bridge_id]=sync_cb_fun; + } + + return 0; +} + +int stream_bridge_sync_data_put(const struct streaminfo *stream, int bridge_id, void *data) +{ + if(g_bridge_sync_cb[bridge_id]) + { + g_bridge_sync_cb[bridge_id](stream, bridge_id, data); + } + + return 0; +} + +void *stream_bridge_async_data_get(const struct streaminfo *stream, int bridge_id) +{ + return g_bridge_async_data[bridge_id]; +} + +int stream_bridge_async_data_put(const struct streaminfo * stream, int bridge_id, void * data) +{ + g_bridge_async_data[bridge_id]=data; + return 0; +} + +int stream_bridge_build(const char * bridge_name, const char * rw_mode) +{ + static int bridge_id=0; + assert(bridge_id +#include +#include + +#include "gtest_common.h" +#include "tsg_rule.h" +#include "tsg_entry.h" +#include + +TEST(TSGMaster, ShapingSetRuleIds) +{ + const struct streaminfo a_stream={0}; + struct Maat_rule_t shaping_result[MAX_RESULT_NUM]={0}; + + for(int i=0; ishaping_result_num); + for(int i=0; ishaping_result_num; i++) + { + EXPECT_EQ(TSG_ACTION_SHAPING, shaping_label->shaping_result[i].action); + EXPECT_EQ(TSG_ACTION_SHAPING+i, shaping_label->shaping_result[i].config_id); + } + + free_shaping_result(&a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT], (void *)shaping_label); + stream_bridge_async_data_put(&a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT], NULL); + EXPECT_EQ(nullptr, stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT])); +} + +int shaping_policy_notify_cb(const struct streaminfo *stream, int bridge_id, void *data) +{ + struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)data; + EXPECT_NE(nullptr, shaping_label); + EXPECT_EQ(MAX_RESULT_NUM, shaping_label->shaping_result_num); + for(int i=0; ishaping_result_num; i++) + { + EXPECT_EQ(TSG_ACTION_SHAPING, shaping_label->shaping_result[i].action); + EXPECT_EQ(TSG_ACTION_SHAPING+i, shaping_label->shaping_result[i].config_id); + } + + return 0; +} + +TEST(TSGMaster, ShapingPolicyNotify) +{ + const struct streaminfo a_stream={0}; + struct Maat_rule_t shaping_result[MAX_RESULT_NUM]={0}; + + for(int i=0; ishaping_result_num); + for(int i=0; ishaping_result_num; i++) + { + EXPECT_EQ(TSG_ACTION_SHAPING, shaping_label->shaping_result[i].action); + EXPECT_EQ(TSG_ACTION_SHAPING+i, shaping_label->shaping_result[i].config_id); + } + + free_shaping_result(&a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT], (void *)shaping_label); + stream_bridge_async_data_put(&a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT], NULL); + EXPECT_EQ(nullptr, stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT])); +} + +int shaping_policy_notify_null_cb(const struct streaminfo *stream, int bridge_id, void *data) +{ + EXPECT_EQ(nullptr, data); + return 0; +} + +TEST(TSGMaster, ShapingPolicyNotifyNULL) +{ + const struct streaminfo a_stream={0}; + struct Maat_rule_t shaping_result[MAX_RESULT_NUM]={0}; + + stream_bridge_register_data_sync_cb(g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT], shaping_policy_notify_null_cb); + + tsg_notify_hited_shaping_result(&a_stream, shaping_result, 0, 0); + struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT]); + EXPECT_EQ(nullptr, shaping_label); +} + +int shaping_duplicate_policy_notify_cb(const struct streaminfo *stream, int bridge_id, void *data) +{ + struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)data; + EXPECT_NE(nullptr, shaping_label); + EXPECT_EQ(MAX_RESULT_NUM/2, shaping_label->shaping_result_num); + for(int i=0; ishaping_result_num; i++) + { + EXPECT_EQ(TSG_ACTION_SHAPING, shaping_label->shaping_result[i].action); + EXPECT_EQ(TSG_ACTION_SHAPING+i, shaping_label->shaping_result[i].config_id); + } + + return 0; +} + +TEST(TSGMaster, ShapingDuplicatePolicyNotify) +{ + const struct streaminfo a_stream={0}; + struct Maat_rule_t shaping_result[MAX_RESULT_NUM]={0}; + + for(int i=0; ishaping_result_num); + for(int i=0; ishaping_result_num; i++) + { + EXPECT_EQ(TSG_ACTION_SHAPING, shaping_label->shaping_result[i].action); + EXPECT_EQ(TSG_ACTION_SHAPING+i, shaping_label->shaping_result[i].config_id); + } + + free_shaping_result(&a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT], (void *)shaping_label); + stream_bridge_async_data_put(&a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT], NULL); + EXPECT_EQ(nullptr, stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT])); +} + +TEST(TSGMaster, ShapingDuplicatePolicyMultipleNotify) +{ + const struct streaminfo a_stream={0}; + struct Maat_rule_t shaping_result[MAX_RESULT_NUM]={0}; + + for(int i=0; ishaping_result_num); + for(int i=0; ishaping_result_num; i++) + { + EXPECT_EQ(TSG_ACTION_SHAPING, shaping_label->shaping_result[i].action); + EXPECT_EQ(TSG_ACTION_SHAPING+i, shaping_label->shaping_result[i].config_id); + } + + // Second notify + tsg_notify_hited_shaping_result(&a_stream, shaping_result, MAX_RESULT_NUM/2, 0); + shaping_result_num=tsg_pull_shaping_result((struct streaminfo *)&a_stream, shaping_result, MAX_RESULT_NUM); + EXPECT_EQ(MAX_RESULT_NUM/2, shaping_result_num); + for(int i=0; ishaping_result_num); + for(int i=0; ishaping_result_num; i++) + { + EXPECT_EQ(TSG_ACTION_SHAPING, shaping_label->shaping_result[i].action); + EXPECT_EQ(TSG_ACTION_SHAPING+i, shaping_label->shaping_result[i].config_id); + } + + free_shaping_result(&a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT], (void *)shaping_label); + stream_bridge_async_data_put(&a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT], NULL); + EXPECT_EQ(nullptr, stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT])); +} + +int main(int argc, char *argv[]) +{ + TSG_MASTER_INIT(); + testing::InitGoogleTest(&argc, argv); + return RUN_ALL_TESTS(); +} + diff --git a/test/src/tsg_master_gtest_protocol.cpp b/test/src/gtest_protocol.cpp similarity index 100% rename from test/src/tsg_master_gtest_protocol.cpp rename to test/src/gtest_protocol.cpp diff --git a/test/src/gtest_rule.cpp b/test/src/gtest_rule.cpp new file mode 100644 index 0000000..9b346ab --- /dev/null +++ b/test/src/gtest_rule.cpp @@ -0,0 +1,69 @@ +#include +#include +#include + +#include "tsg_entry.h" +#include "gtest_common.h" + +#include + +g_tsg_para_t g_tsg_para; +id2field_t g_tsg_proto_name2id[PROTO_MAX]={{PROTO_UNKONWN, 0, "unknown"}, + {PROTO_IPv4, 0, "IPV4"}, + {PROTO_IPv6, 0, "IPV6"}, + {PROTO_TCP, 0, "TCP"}, + {PROTO_UDP, 0, "UDP"}, + {PROTO_HTTP, 0, "HTTP"}, + {PROTO_MAIL, 0, "MAIL"}, + {PROTO_DNS, 0, "DNS"}, + {PROTO_FTP, 0, "FTP"}, + {PROTO_SSL, 0, "SSL"}, + {PROTO_SIP, 0, "SIP"}, + {PROTO_BGP, 0, "BGP"}, + {PROTO_STREAMING_MEDIA, 0, "STREAMING_MEDIA"}, + {PROTO_QUIC, 0, "QUIC"}, + {PROTO_SSH, 0, "SSH"}, + {PROTO_SMTP, 0, "SMTP"}, + {PROTO_IMAP, 0, "IMAP"}, + {PROTO_POP3, 0, "POP3"}, + {PROTO_RTP, 0, "RTP"}, + {PROTO_APP, 0, "BASE"}, + {PROTO_L2TP, 0, "L2TP"}, + {PROTO_PPTP, 0, "PPTP"}, + {PROTO_STRATUM, 0, "Stratum"}, + {PROTO_RDP, 0, "RDP"}, + {PROTO_DTLS, 0, "DTLS"} + }; + +unsigned int tsg_l7_protocol_name2id(const char *l7_protocol_name) +{ + return 0; +} + +void free_policy_label(int thread_seq, void *project_req_value) +{ +} + +void set_session_attribute_label(const struct streaminfo *a_stream, enum TSG_ATTRIBUTE_TYPE type, void *value, int value_len, int thread_seq) +{ +} + +int tsg_get_umts_user_info(const struct streaminfo *a_stream, struct umts_user_info **user_info) +{ + return 0; +} + + +TEST(MasterTest, SetVlan) +{ + //int ret=set_vlan(NULL, NULL, NULL, 0, NULL, LOG_COMMON_TUNNELS_VLAN_SRC_ID); + //EXPECT_EQ(1, ret); +} + + +int main(int argc, char *argv[]) +{ + testing::InitGoogleTest(&argc, argv); + return RUN_ALL_TESTS(); +} + diff --git a/test/src/gtest_sendlog.cpp b/test/src/gtest_sendlog.cpp new file mode 100644 index 0000000..e87d876 --- /dev/null +++ b/test/src/gtest_sendlog.cpp @@ -0,0 +1,41 @@ +#include +#include +#include + +#include "gtest_common.h" + +#include + +int tsg_app_id2name(int app_id, char *app_name, int app_name_len, int is_joint_parent) +{ + return 0; +} + +int tsg_get_location_type(void) +{ + return 19; +} + +char *tsg_l7_protocol_id2name(unsigned int l7_protocol_id) +{ + return NULL; +} + +char get_direction_from_tcpall(const struct streaminfo *a_stream) +{ + return 0; +} + +TEST(MasterTest, SetVlan) +{ + //int ret=set_vlan(NULL, NULL, NULL, 0, NULL, LOG_COMMON_TUNNELS_VLAN_SRC_ID); + //EXPECT_EQ(1, ret); +} + + +int main(int argc, char *argv[]) +{ + testing::InitGoogleTest(&argc, argv); + return RUN_ALL_TESTS(); +} + diff --git a/test/src/tsg_master_gtest_entry.cpp b/test/src/tsg_master_gtest_entry.cpp deleted file mode 100644 index 1c47b9d..0000000 --- a/test/src/tsg_master_gtest_entry.cpp +++ /dev/null @@ -1,207 +0,0 @@ -#include -#include -#include -#include -#include -#include - -#include "app_label.h" - -#include -#include -#include -#include - -enum GTEST_BRIDGE -{ - GTEST_BRIDGE_TYPE_APP_IDENTIFY_RESULT=0, - GTEST_BRIDGE_TYPE_MAX -}; - -struct gtest_para -{ - int bridge_id[GTEST_BRIDGE_TYPE_MAX]; - char bridge_name[GTEST_BRIDGE_TYPE_MAX][64]; -}; - - -struct gtest_para g_gtest_para; - -extern "C" unsigned char GTEST_APP_FULL_PATH_1_ENTRY(const struct streaminfo *a_stream, void **pme, int thread_seq, const void *a_packet) -{ - struct app_identify_result lpi; - memset(&lpi, 0, sizeof(lpi)); - - lpi.app_id_num=2; - lpi.origin=ORIGIN_BASIC_PROTOCOL; - lpi.app_id[0]=336; //openvpn - lpi.app_id[1]=199; //ssl - stream_bridge_sync_data_put(a_stream, g_gtest_para.bridge_id[GTEST_BRIDGE_TYPE_APP_IDENTIFY_RESULT], (void *)&lpi); - - struct app_identify_result user_define; - memset(&user_define, 0, sizeof(user_define)); - - user_define.app_id_num=1; - user_define.origin=ORIGIN_USER_DEFINE; - user_define.app_id[0]=3145; //qq_web - stream_bridge_sync_data_put(a_stream, g_gtest_para.bridge_id[GTEST_BRIDGE_TYPE_APP_IDENTIFY_RESULT], (void *)&user_define); - - struct app_identify_result qm; - memset(&qm, 0, sizeof(qm)); - - qm.app_id_num=4; - qm.origin=ORIGIN_QM_ENGINE; - qm.app_id[0]=336; //openvpn - qm.app_id[1]=199; //ssl - qm.app_id[2]=1241; //qq_web - qm.app_id[3]=3145; //qq_r2 - stream_bridge_sync_data_put(a_stream, g_gtest_para.bridge_id[GTEST_BRIDGE_TYPE_APP_IDENTIFY_RESULT], (void *)&qm); - - return APP_STATE_DROPME; -} - -extern "C" unsigned char GTEST_APP_FULL_PATH_2_ENTRY(const struct streaminfo *a_stream, void **pme, int thread_seq, const void *a_packet) -{ - struct app_identify_result lpi; - memset(&lpi, 0, sizeof(lpi)); - - lpi.app_id_num=2; - lpi.origin=ORIGIN_BASIC_PROTOCOL; - lpi.app_id[0]=336; //openvpn - lpi.app_id[1]=199; //ssl - stream_bridge_sync_data_put(a_stream, g_gtest_para.bridge_id[GTEST_BRIDGE_TYPE_APP_IDENTIFY_RESULT], (void *)&lpi); - - struct app_identify_result built_in; - memset(&built_in, 0, sizeof(built_in)); - - built_in.app_id_num=1; - built_in.origin=ORIGIN_BUILT_IN; - built_in.app_id[0]=3145; //qq_web - stream_bridge_sync_data_put(a_stream, g_gtest_para.bridge_id[GTEST_BRIDGE_TYPE_APP_IDENTIFY_RESULT], (void *)&built_in); - - struct app_identify_result qm; - memset(&qm, 0, sizeof(qm)); - - qm.app_id_num=3; - qm.origin=ORIGIN_QM_ENGINE; - qm.app_id[0]=336; //openvpn - qm.app_id[1]=1241; //qq_web - qm.app_id[2]=3145; //qq_r2 - stream_bridge_sync_data_put(a_stream, g_gtest_para.bridge_id[GTEST_BRIDGE_TYPE_APP_IDENTIFY_RESULT], (void *)&qm); - - return APP_STATE_DROPME; -} - -extern "C" unsigned char GTEST_APP_FULL_PATH_3_ENTRY(const struct streaminfo *a_stream, void **pme, int thread_seq, const void *a_packet) -{ - struct app_identify_result lpi; - memset(&lpi, 0, sizeof(lpi)); - - lpi.app_id_num=2; - lpi.origin=ORIGIN_BASIC_PROTOCOL; - lpi.app_id[0]=336; //openvpn - lpi.app_id[1]=199; //ssl - stream_bridge_sync_data_put(a_stream, g_gtest_para.bridge_id[GTEST_BRIDGE_TYPE_APP_IDENTIFY_RESULT], (void *)&lpi); - - struct app_identify_result built_in; - memset(&built_in, 0, sizeof(built_in)); - - built_in.app_id_num=1; - built_in.origin=ORIGIN_BUILT_IN; - built_in.app_id[0]=3145; //qq_web - stream_bridge_sync_data_put(a_stream, g_gtest_para.bridge_id[GTEST_BRIDGE_TYPE_APP_IDENTIFY_RESULT], (void *)&built_in); - - return APP_STATE_DROPME; -} - -extern "C" unsigned char GTEST_APP_FULL_PATH_4_ENTRY(const struct streaminfo *a_stream, void **pme, int thread_seq, const void *a_packet) -{ - struct app_identify_result lpi; - memset(&lpi, 0, sizeof(lpi)); - - lpi.app_id_num=1; - lpi.origin=ORIGIN_BASIC_PROTOCOL; - lpi.app_id[0]=199; //ssl - stream_bridge_sync_data_put(a_stream, g_gtest_para.bridge_id[GTEST_BRIDGE_TYPE_APP_IDENTIFY_RESULT], (void *)&lpi); - - struct app_identify_result user_define; - memset(&user_define, 0, sizeof(user_define)); - - struct app_identify_result built_in; - memset(&built_in, 0, sizeof(built_in)); - - built_in.app_id_num=2; - built_in.origin=ORIGIN_BUILT_IN; - built_in.app_id[0]=3145; //qq_web - built_in.app_id[1]=156; //qq - stream_bridge_sync_data_put(a_stream, g_gtest_para.bridge_id[GTEST_BRIDGE_TYPE_APP_IDENTIFY_RESULT], (void *)&built_in); - - - struct app_identify_result qm; - memset(&qm, 0, sizeof(qm)); - - qm.app_id_num=4; - qm.origin=ORIGIN_QM_ENGINE; - qm.app_id[0]=336; //openvpn - qm.app_id[1]=199; //ssl - qm.app_id[2]=1241; //qq_web - qm.app_id[3]=3145; //qq_r2 - stream_bridge_sync_data_put(a_stream, g_gtest_para.bridge_id[GTEST_BRIDGE_TYPE_APP_IDENTIFY_RESULT], (void *)&qm); - - return APP_STATE_DROPME; -} - -extern "C" unsigned char GTEST_APP_FULL_PATH_5_ENTRY(const struct streaminfo *a_stream, void **pme, int thread_seq, const void *a_packet) -{ - struct app_identify_result built_in; - memset(&built_in, 0, sizeof(built_in)); - - built_in.app_id_num=2; - built_in.origin=ORIGIN_BUILT_IN; - built_in.app_id[0]=3145; //qq_web - built_in.app_id[1]=156; //qq - stream_bridge_sync_data_put(a_stream, g_gtest_para.bridge_id[GTEST_BRIDGE_TYPE_APP_IDENTIFY_RESULT], (void *)&built_in); - - struct app_identify_result qm; - memset(&qm, 0, sizeof(qm)); - - qm.app_id_num=4; - qm.origin=ORIGIN_QM_ENGINE; - qm.app_id[0]=336; //openvpn - qm.app_id[1]=199; //ssl - qm.app_id[2]=1241; //qq_web - qm.app_id[3]=3145; //qq_r2 - stream_bridge_sync_data_put(a_stream, g_gtest_para.bridge_id[GTEST_BRIDGE_TYPE_APP_IDENTIFY_RESULT], (void *)&qm); - - return APP_STATE_DROPME; -} - -extern "C" unsigned char GTEST_UNKNOWN_APP_ENTRY(const struct streaminfo *a_stream, void **pme, int thread_seq, const void *a_packet) -{ - return APP_STATE_DROPME; -} - -extern "C" int GTEST_INIT() -{ - memset(&g_gtest_para, 0, sizeof(g_gtest_para)); - - MESA_load_profile_string_def("tsgconf/main.conf", "SYSTEM", "APP_IDENTIFY_RESULT_BRIDGE", g_gtest_para.bridge_name[GTEST_BRIDGE_TYPE_APP_IDENTIFY_RESULT], 64, "APP_IDENTIFY_RESULT_BRIDGE"); - - for(int i=0; i -#include -#include -#include "../inc/app_label.h" -#include "../inc/tsg_rule.h" -#include "../inc/tsg_send_log.h" -#include "../inc/tsg_statistic.h" -//#include "../src/tsg_entry.h" -#include "../src/tsg_send_log_internal.h" -#include "../inc/tsg_ssl_utils.h" -#include "../src/tsg_ssh_utils.h" -#include "../src/tsg_protocol_common.h" - -#include "tsg_master_gtest_function.h" - -#include - -/* - L7(openvpn), appSketch(psiphon), Thrid(openvpn.ssl.wechat) = openvpn.ssl.psiphon - L7(openvpn), appSketch(psiphon), Thrid(openvpn.qq_web.wechat) = openvpn.psiphon - L7(openvpn), appSketch(psiphon), Thrid(openvpn.wechat) = openvpn.psiphon - L7(openvpn.ssl), appSketch(psiphon), Thrid(openvpn.wechat) = openvpn.ssl.psiphon - L7(openvpn.ssl), appSketch(psiphon), Thrid(openvpn) = openvpn.ssl.psiphon - L7(openvpn.ssl), appSketch(psiphon), Thrid(openvpn.ssl.wechat) = openvpn.ssl.psiphon - L7(null), appSketch(psiphon), Thrid(openvpn.ssl.wechat) = openvpn.ssl.psiphon - L7(null), appSketch(psiphon), Thrid(wechat) = psiphon - L7(null), appSketch(null), Thrid(openvpn.ssl.wechat) = openvpn.ssl.wechat - L7(null), appSketch(null), Thrid(null) = unknown -*/ - -TEST(MasterTest, AppFullPath) -{ - -} - - -TEST(MasterTest, SetVlan) -{ - //int ret=set_vlan(NULL, NULL, NULL, 0, NULL, LOG_COMMON_TUNNELS_VLAN_SRC_ID); - //EXPECT_EQ(1, ret); -} - - -int main(int argc, char *argv[]) -{ - libsapp_setup_env(argc,argv); - testing::InitGoogleTest(&argc, argv); - return RUN_ALL_TESTS(); -} -