tango-tsg-service-chaining-engine/platform/test/gtest_policy.cpp

#include <gtest/gtest.h>

#include "sce.h"
#include "policy.h"
#include "packet.h"
#include "global_metrics.h"

unsigned char data1[] = {
	0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0xa4, 0xc6, 0x4f, 0x3b, 0xb3, 0x9a, 0x81, 0x00, 0x66, 0x58, 0x81, 0x00, 0x61, 0xf9, 0x08, 0x00, 0x45, 0xb8, 0x00, 0x94,
	0xe8, 0x58, 0x00, 0x00, 0xff, 0x04, 0x11, 0x48, 0x45, 0x43, 0x23, 0x92, 0x29, 0xca, 0x2e, 0x6e, 0x45, 0xb8, 0x00, 0x80, 0x00, 0x01, 0x00, 0x00, 0xfe, 0x11,
	0xde, 0x84, 0x0a, 0x0a, 0x64, 0x19, 0x0a, 0x0a, 0x65, 0x02, 0xf3, 0x9f, 0x42, 0x68, 0x00, 0x6c, 0x4b, 0x9a, 0x00, 0x02, 0x00, 0x00, 0x04, 0x73, 0x6c, 0x10,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd,
	0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd,
	0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd,
	0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd};

uuid_t rule_uuid1;
uuid_t rule_uuid2;
uuid_t rule_uuid11;
uuid_t rule_uuid12;

uuid_t sff_uuid1;
uuid_t sff_uuid2;
uuid_t sff_uuid3;
uuid_t sff_uuid4;
uuid_t sff_uuid5;
uuid_t sff_uuid6;
uuid_t sff_uuid7;
uuid_t sff_uuid8;
uuid_t sff_uuid9;
uuid_t sff_uuid10;

uuid_t sf_uuid1;
uuid_t sf_uuid2;
uuid_t sf_uuid3;
uuid_t sf_uuid4;
uuid_t sf_uuid5;
uuid_t sf_uuid6;
uuid_t sf_uuid7;
uuid_t sf_uuid8;

const char rule_uuid1_str[] = "00000000-0000-0000-1111-000000000001";
const char rule_uuid2_str[] = "00000000-0000-0000-1111-000000000002";
const char rule_uuid11_str[] = "00000000-0000-0000-1111-000000000011";
const char rule_uuid12_str[] = "00000000-0000-0000-1111-000000000012";

const char sff_uuid1_str[] = "00000000-0000-0000-2222-000000000001";
const char sff_uuid2_str[] = "00000000-0000-0000-2222-000000000002";
const char sff_uuid3_str[] = "00000000-0000-0000-2222-000000000003";
const char sff_uuid4_str[] = "00000000-0000-0000-2222-000000000004";
const char sff_uuid5_str[] = "00000000-0000-0000-2222-000000000005";
const char sff_uuid6_str[] = "00000000-0000-0000-2222-000000000006";
const char sff_uuid7_str[] = "00000000-0000-0000-2222-000000000007";
const char sff_uuid8_str[] = "00000000-0000-0000-2222-000000000008";
const char sff_uuid9_str[] = "00000000-0000-0000-2222-000000000009";
const char sff_uuid10_str[] = "00000000-0000-0000-2222-000000000010";

const char sf_uuid1_str[] = "00000000-0000-0000-3333-000000000001";
const char sf_uuid2_str[] = "00000000-0000-0000-3333-000000000002";
const char sf_uuid3_str[] = "00000000-0000-0000-3333-000000000003";
const char sf_uuid4_str[] = "00000000-0000-0000-3333-000000000004";
const char sf_uuid5_str[] = "00000000-0000-0000-3333-000000000005";
const char sf_uuid6_str[] = "00000000-0000-0000-3333-000000000006";
const char sf_uuid7_str[] = "00000000-0000-0000-3333-000000000007";
const char sf_uuid8_str[] = "00000000-0000-0000-3333-000000000008";

static void uuid_init()
{
	uuid_parse(rule_uuid1_str, rule_uuid1);
	uuid_parse(rule_uuid2_str, rule_uuid2);
	uuid_parse(rule_uuid11_str, rule_uuid11);
	uuid_parse(rule_uuid12_str, rule_uuid12);

	uuid_parse(sff_uuid1_str, sff_uuid1);
	uuid_parse(sff_uuid2_str, sff_uuid2);
	uuid_parse(sff_uuid3_str, sff_uuid3);
	uuid_parse(sff_uuid4_str, sff_uuid4);
	uuid_parse(sff_uuid5_str, sff_uuid5);
	uuid_parse(sff_uuid6_str, sff_uuid6);
	uuid_parse(sff_uuid7_str, sff_uuid7);
	uuid_parse(sff_uuid8_str, sff_uuid8);
	uuid_parse(sff_uuid9_str, sff_uuid9);
	uuid_parse(sff_uuid10_str, sff_uuid10);

	uuid_parse(sf_uuid1_str, sf_uuid1);
	uuid_parse(sf_uuid2_str, sf_uuid2);
	uuid_parse(sf_uuid3_str, sf_uuid3);
	uuid_parse(sf_uuid4_str, sf_uuid4);
	uuid_parse(sf_uuid5_str, sf_uuid5);
	uuid_parse(sf_uuid6_str, sf_uuid6);
	uuid_parse(sf_uuid7_str, sf_uuid7);
	uuid_parse(sf_uuid8_str, sf_uuid8);
}

#if 1
// 都不同
TEST(POLICY, SELECTED_CHAINING1)
{
	struct selected_chaining *chainings = NULL;

	chainings = selected_chaining_create(3, 1, (char *)"1.1.1.1 11 2.2.2.2 22");
	EXPECT_TRUE(chainings != nullptr);

	uuid_copy(chainings->chaining[chainings->chaining_used++].sf_uuid, sf_uuid1);
	uuid_copy(chainings->chaining[chainings->chaining_used++].sf_uuid, sf_uuid2);
	uuid_copy(chainings->chaining[chainings->chaining_used++].sf_uuid, sf_uuid3);

	selected_chaining_uniq(chainings);
	selected_chaining_dump(chainings);

	EXPECT_TRUE(chainings->chaining_used == 3);
	EXPECT_TRUE(uuid_compare(chainings->chaining[0].sf_uuid, sf_uuid1) == 0);
	EXPECT_TRUE(uuid_compare(chainings->chaining[1].sf_uuid, sf_uuid2) == 0);
	EXPECT_TRUE(uuid_compare(chainings->chaining[2].sf_uuid, sf_uuid3) == 0);

	selected_chaining_destory(chainings);
}
#endif

#if 1
// 都相同
TEST(POLICY, SELECTED_CHAINING2)
{
	struct selected_chaining *chainings = NULL;

	chainings = selected_chaining_create(3, 1, (char *)"1.1.1.1 11 2.2.2.2 22");
	EXPECT_TRUE(chainings != nullptr);

	uuid_copy(chainings->chaining[chainings->chaining_used++].sf_uuid, sf_uuid1);
	uuid_copy(chainings->chaining[chainings->chaining_used++].sf_uuid, sf_uuid1);
	uuid_copy(chainings->chaining[chainings->chaining_used++].sf_uuid, sf_uuid1);

	selected_chaining_uniq(chainings);
	selected_chaining_dump(chainings);

	EXPECT_TRUE(chainings->chaining_used == 1);
	EXPECT_TRUE(uuid_compare(chainings->chaining[0].sf_uuid, sf_uuid1) == 0);

	selected_chaining_destory(chainings);
}
#endif

#if 1
// 两个相同 (1,2相同)
TEST(POLICY, SELECTED_CHAINING3)
{
	struct selected_chaining *chainings = NULL;

	chainings = selected_chaining_create(3, 1, (char *)"1.1.1.1 11 2.2.2.2 22");
	EXPECT_TRUE(chainings != nullptr);

	uuid_copy(chainings->chaining[chainings->chaining_used++].sf_uuid, sf_uuid1);
	uuid_copy(chainings->chaining[chainings->chaining_used++].sf_uuid, sf_uuid1);
	uuid_copy(chainings->chaining[chainings->chaining_used++].sf_uuid, sf_uuid2);

	selected_chaining_uniq(chainings);
	selected_chaining_dump(chainings);

	EXPECT_TRUE(chainings->chaining_used == 2);
	EXPECT_TRUE(uuid_compare(chainings->chaining[0].sf_uuid, sf_uuid1) == 0);
	EXPECT_TRUE(uuid_compare(chainings->chaining[1].sf_uuid, sf_uuid2) == 0);

	selected_chaining_destory(chainings);
}
#endif

#if 1
// 两个相同 (1,3相同)
TEST(POLICY, SELECTED_CHAINING4)
{
	struct selected_chaining *chainings = NULL;

	chainings = selected_chaining_create(3, 1, (char *)"1.1.1.1 11 2.2.2.2 22");
	EXPECT_TRUE(chainings != nullptr);

	uuid_copy(chainings->chaining[chainings->chaining_used++].sf_uuid, sf_uuid1);
	uuid_copy(chainings->chaining[chainings->chaining_used++].sf_uuid, sf_uuid2);
	uuid_copy(chainings->chaining[chainings->chaining_used++].sf_uuid, sf_uuid1);

	selected_chaining_uniq(chainings);
	selected_chaining_dump(chainings);

	EXPECT_TRUE(chainings->chaining_used == 2);
	EXPECT_TRUE(uuid_compare(chainings->chaining[0].sf_uuid, sf_uuid1) == 0);
	EXPECT_TRUE(uuid_compare(chainings->chaining[1].sf_uuid, sf_uuid2) == 0);

	selected_chaining_destory(chainings);
}
#endif

#if 1
// 两个相同 (2，3相同)
TEST(POLICY, SELECTED_CHAINING5)
{
	struct selected_chaining *chainings = NULL;

	chainings = selected_chaining_create(3, 1, (char *)"1.1.1.1 11 2.2.2.2 22");
	EXPECT_TRUE(chainings != nullptr);

	uuid_copy(chainings->chaining[chainings->chaining_used++].sf_uuid, sf_uuid1);
	uuid_copy(chainings->chaining[chainings->chaining_used++].sf_uuid, sf_uuid2);
	uuid_copy(chainings->chaining[chainings->chaining_used++].sf_uuid, sf_uuid2);

	selected_chaining_uniq(chainings);
	selected_chaining_dump(chainings);

	EXPECT_TRUE(chainings->chaining_used == 2);
	EXPECT_TRUE(uuid_compare(chainings->chaining[0].sf_uuid, sf_uuid1) == 0);
	EXPECT_TRUE(uuid_compare(chainings->chaining[1].sf_uuid, sf_uuid2) == 0);

	selected_chaining_destory(chainings);
}
#endif

#if 1
// 没有数据
TEST(POLICY, SELECTED_CHAINING6)
{
	struct selected_chaining *chainings = NULL;

	chainings = selected_chaining_create(3, 1, (char *)"1.1.1.1 11 2.2.2.2 22");
	EXPECT_TRUE(chainings != nullptr);

	selected_chaining_uniq(chainings);
	selected_chaining_dump(chainings);

	EXPECT_TRUE(chainings->chaining_used == 0);

	selected_chaining_destory(chainings);
}
#endif

#if 1
// 只有一个
TEST(POLICY, SELECTED_CHAINING7)
{
	struct selected_chaining *chainings = NULL;

	chainings = selected_chaining_create(3, 1, (char *)"1.1.1.1 11 2.2.2.2 22");
	EXPECT_TRUE(chainings != nullptr);

	uuid_copy(chainings->chaining[chainings->chaining_used++].sf_uuid, sf_uuid1);

	selected_chaining_uniq(chainings);
	selected_chaining_dump(chainings);

	EXPECT_TRUE(chainings->chaining_used == 1);
	EXPECT_TRUE(uuid_compare(chainings->chaining[0].sf_uuid, sf_uuid1) == 0);

	selected_chaining_destory(chainings);
}
#endif

#if 1
TEST(POLICY, POLICY_ENFORCER_RAW_TRAFFIC1)
{
	struct global_metrics global_metrics;
	struct thread_ctx t_ctx;
	struct session_ctx s_ctx;

	t_ctx.ref_global_metrics = &global_metrics;
	s_ctx.ref_thread_ctx = &t_ctx;
	s_ctx.session_id = 1;
	s_ctx.session_addr = (char *)"1.1.1.1 11 2.2.2.2 22";
	uuid_array_init(&s_ctx.rule_uuid_array);

	struct packet handler;

	const char *payload = packet_parse(&handler, (const char *)data1, sizeof(data1));
	EXPECT_TRUE(payload != nullptr);
	EXPECT_TRUE((char *)payload - (char *)&data1 == 70);

	const char *profile = "./test_resource/sce.conf";
	struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8);
	EXPECT_TRUE(enforcer != nullptr);
	EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);

	int direction = 1;
	s_ctx.chaining_raw = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
	policy_enforce_select_chainings(enforcer, &s_ctx, &handler, &rule_uuid1, direction);

	/*
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 1, sff_uuid 1, sf_uuid -1, sf_action bypass, sf_action_desc bypass_due_failure_action
	*/

	EXPECT_TRUE(s_ctx.chaining_raw->chaining_used == 1);

	EXPECT_TRUE(uuid_compare(s_ctx.chaining_raw->chaining[0].rule_uuid, rule_uuid1) == 0);
	EXPECT_TRUE(uuid_compare(s_ctx.chaining_raw->chaining[0].sff_uuid, sff_uuid1) == 0);
	EXPECT_TRUE(uuid_is_null(s_ctx.chaining_raw->chaining[0].sf_uuid));
	EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action == SESSION_ACTION_BYPASS);
	EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);

	selected_chaining_dump(s_ctx.chaining_raw);
	selected_chaining_bref(s_ctx.chaining_raw);
	selected_chaining_destory(s_ctx.chaining_raw);

	printf("Before Sleep\n");
	sleep(1);
	printf("After Sleep\n");

	policy_enforcer_destory(enforcer);
}
#endif

#if 1
TEST(POLICY, POLICY_ENFORCER_RAW_TRAFFIC2)
{
	struct global_metrics global_metrics;
	struct thread_ctx t_ctx;
	struct session_ctx s_ctx;

	t_ctx.ref_global_metrics = &global_metrics;
	s_ctx.ref_thread_ctx = &t_ctx;
	s_ctx.session_id = 1;
	s_ctx.session_addr = (char *)"1.1.1.1 11 2.2.2.2 22";
	uuid_array_init(&s_ctx.rule_uuid_array);

	struct packet handler;

	const char *payload = packet_parse(&handler, (const char *)data1, sizeof(data1));
	EXPECT_TRUE(payload != nullptr);
	EXPECT_TRUE((char *)payload - (char *)&data1 == 70);

	const char *profile = "./test_resource/sce.conf";
	struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8);
	EXPECT_TRUE(enforcer != nullptr);
	EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);

	int direction = 1;
	s_ctx.chaining_raw = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
	policy_enforce_select_chainings(enforcer, &s_ctx, &handler, &rule_uuid2, direction);

	/*
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 1, sf_uuid -1, sf_action bypass, sf_action_desc bypass_due_failure_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 2 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 3 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 4 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 5 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 6 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_uuid 7 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_uuid 8 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 2, sf_uuid -1, sf_action bypass, sf_action_desc bypass_due_failure_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 3, sf_uuid -1, sf_action block, sf_action_desc block_due_failure_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 2 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 3 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 4, sf_uuid -1, sf_action bypass, sf_action_desc bypass_due_health_sf_limit
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 2 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 3 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 5, sf_uuid -1, sf_action block, sf_action_desc block_due_unavailable_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 6, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 7, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 8, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 9, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 10, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
	*/

	EXPECT_TRUE(s_ctx.chaining_raw->chaining_used == 3);

	EXPECT_TRUE(uuid_compare(s_ctx.chaining_raw->chaining[0].rule_uuid, rule_uuid2) == 0);
	EXPECT_TRUE(uuid_compare(s_ctx.chaining_raw->chaining[0].sff_uuid, sff_uuid1) == 0);
	EXPECT_TRUE(uuid_is_null(s_ctx.chaining_raw->chaining[0].sf_uuid));
	EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action == SESSION_ACTION_BYPASS);
	EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);

	EXPECT_TRUE(uuid_compare(s_ctx.chaining_raw->chaining[1].rule_uuid, rule_uuid2) == 0);
	EXPECT_TRUE(uuid_compare(s_ctx.chaining_raw->chaining[1].sff_uuid, sff_uuid3) == 0);
	EXPECT_TRUE(uuid_is_null(s_ctx.chaining_raw->chaining[1].sf_uuid));
	EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_action == SESSION_ACTION_BLOCK);
	EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);

	EXPECT_TRUE(uuid_compare(s_ctx.chaining_raw->chaining[2].rule_uuid, rule_uuid2) == 0);
	EXPECT_TRUE(uuid_compare(s_ctx.chaining_raw->chaining[2].sff_uuid, sff_uuid6) == 0);
	EXPECT_TRUE(uuid_compare(s_ctx.chaining_raw->chaining[2].sf_uuid, sf_uuid1) == 0);
	EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_action == SESSION_ACTION_BLOCK);
	EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);

	selected_chaining_dump(s_ctx.chaining_raw);
	selected_chaining_bref(s_ctx.chaining_raw);
	selected_chaining_destory(s_ctx.chaining_raw);

	printf("Before Sleep\n");
	sleep(1);
	printf("After Sleep\n");

	policy_enforcer_destory(enforcer);
}
#endif

#if 1
TEST(POLICY, POLICY_ENFORCER_RAW_TRAFFIC_MUTIL_HITS)
{
	struct global_metrics global_metrics;
	struct thread_ctx t_ctx;
	struct session_ctx s_ctx;

	t_ctx.ref_global_metrics = &global_metrics;
	s_ctx.ref_thread_ctx = &t_ctx;
	s_ctx.session_id = 1;
	s_ctx.session_addr = (char *)"1.1.1.1 11 2.2.2.2 22";
	uuid_array_init(&s_ctx.rule_uuid_array);

	struct packet handler;

	const char *payload = packet_parse(&handler, (const char *)data1, sizeof(data1));
	EXPECT_TRUE(payload != nullptr);
	EXPECT_TRUE((char *)payload - (char *)&data1 == 70);

	const char *profile = "./test_resource/sce.conf";
	struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8);
	EXPECT_TRUE(enforcer != nullptr);
	EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);

	int direction = 1;
	s_ctx.chaining_raw = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
	policy_enforce_select_chainings(enforcer, &s_ctx, &handler, &rule_uuid1, direction);
	policy_enforce_select_chainings(enforcer, &s_ctx, &handler, &rule_uuid2, direction);

	/*
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 1
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 1, sff_uuid 1, sf_uuid -1, sf_action bypass, sf_action_desc bypass_due_failure_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 1, sf_uuid -1, sf_action bypass, sf_action_desc bypass_due_failure_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 2 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 3 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 4 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 5 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 6 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_uuid 7 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_uuid 8 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 2, sf_uuid -1, sf_action bypass, sf_action_desc bypass_due_failure_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 3, sf_uuid -1, sf_action block, sf_action_desc block_due_failure_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 2 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 3 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 4, sf_uuid -1, sf_action bypass, sf_action_desc bypass_due_health_sf_limit
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 2 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 3 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 5, sf_uuid -1, sf_action block, sf_action_desc block_due_unavailable_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 6, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 7, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 8, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 9, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 10, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
	*/

	EXPECT_TRUE(s_ctx.chaining_raw->chaining_used == 3);

	EXPECT_TRUE(uuid_compare(s_ctx.chaining_raw->chaining[0].rule_uuid, rule_uuid1) == 0);
	EXPECT_TRUE(uuid_compare(s_ctx.chaining_raw->chaining[0].sff_uuid, sff_uuid1) == 0);
	EXPECT_TRUE(uuid_is_null(s_ctx.chaining_raw->chaining[0].sf_uuid));
	EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action == SESSION_ACTION_BYPASS);
	EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);

	EXPECT_TRUE(uuid_compare(s_ctx.chaining_raw->chaining[1].rule_uuid, rule_uuid2) == 0);
	EXPECT_TRUE(uuid_compare(s_ctx.chaining_raw->chaining[1].sff_uuid, sff_uuid3) == 0);
	EXPECT_TRUE(uuid_is_null(s_ctx.chaining_raw->chaining[1].sf_uuid));
	EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_action == SESSION_ACTION_BLOCK);
	EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);

	EXPECT_TRUE(uuid_compare(s_ctx.chaining_raw->chaining[2].rule_uuid, rule_uuid2) == 0);
	EXPECT_TRUE(uuid_compare(s_ctx.chaining_raw->chaining[2].sff_uuid, sff_uuid6) == 0);
	EXPECT_TRUE(uuid_compare(s_ctx.chaining_raw->chaining[2].sf_uuid, sf_uuid1) == 0);
	EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_action == SESSION_ACTION_BLOCK);
	EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);

	selected_chaining_dump(s_ctx.chaining_raw);
	selected_chaining_bref(s_ctx.chaining_raw);
	selected_chaining_destory(s_ctx.chaining_raw);

	printf("Before Sleep\n");
	sleep(1);
	printf("After Sleep\n");

	policy_enforcer_destory(enforcer);
}
#endif

#if 1
TEST(POLICY, POLICY_ENFORCER_DECRYPTED_TRAFFIC1)
{
	struct global_metrics global_metrics;
	struct thread_ctx t_ctx;
	struct session_ctx s_ctx;

	t_ctx.ref_global_metrics = &global_metrics;
	s_ctx.ref_thread_ctx = &t_ctx;
	s_ctx.session_id = 1;
	s_ctx.session_addr = (char *)"1.1.1.1 11 2.2.2.2 22";
	uuid_array_init(&s_ctx.rule_uuid_array);

	struct packet handler;

	const char *payload = packet_parse(&handler, (const char *)data1, sizeof(data1));
	EXPECT_TRUE(payload != nullptr);
	EXPECT_TRUE((char *)payload - (char *)&data1 == 70);

	const char *profile = "./test_resource/sce.conf";
	struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8);
	EXPECT_TRUE(enforcer != nullptr);
	EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);

	int direction = 1;
	s_ctx.chaining_decrypted = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
	policy_enforce_select_chainings(enforcer, &s_ctx, &handler, &rule_uuid11, direction);

	/*
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 11
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 11, sff_uuid 1, sf_uuid -1, sf_action bypass, sf_action_desc bypass_due_failure_action
	*/

	EXPECT_TRUE(s_ctx.chaining_decrypted->chaining_used == 1);

	EXPECT_TRUE(uuid_compare(s_ctx.chaining_decrypted->chaining[0].rule_uuid, rule_uuid11) == 0);
	EXPECT_TRUE(uuid_compare(s_ctx.chaining_decrypted->chaining[0].sff_uuid, sff_uuid1) == 0);
	EXPECT_TRUE(uuid_is_null(s_ctx.chaining_decrypted->chaining[0].sf_uuid));
	EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action == SESSION_ACTION_BYPASS);
	EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);

	selected_chaining_dump(s_ctx.chaining_decrypted);
	selected_chaining_bref(s_ctx.chaining_decrypted);
	selected_chaining_destory(s_ctx.chaining_decrypted);

	printf("Before Sleep\n");
	sleep(1);
	printf("After Sleep\n");

	policy_enforcer_destory(enforcer);
}
#endif

#if 1
TEST(POLICY, POLICY_ENFORCER_DECRYPTED_TRAFFIC2)
{
	struct global_metrics global_metrics;
	struct thread_ctx t_ctx;
	struct session_ctx s_ctx;

	t_ctx.ref_global_metrics = &global_metrics;
	s_ctx.ref_thread_ctx = &t_ctx;
	s_ctx.session_id = 1;
	s_ctx.session_addr = (char *)"1.1.1.1 11 2.2.2.2 22";
	uuid_array_init(&s_ctx.rule_uuid_array);

	struct packet handler;

	const char *payload = packet_parse(&handler, (const char *)data1, sizeof(data1));
	EXPECT_TRUE(payload != nullptr);
	EXPECT_TRUE((char *)payload - (char *)&data1 == 70);

	const char *profile = "./test_resource/sce.conf";
	struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8);
	EXPECT_TRUE(enforcer != nullptr);
	EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);

	int direction = 1;
	s_ctx.chaining_decrypted = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
	policy_enforce_select_chainings(enforcer, &s_ctx, &handler, &rule_uuid12, direction);

	/*
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 1, sf_uuid -1, sf_action bypass, sf_action_desc bypass_due_failure_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 2 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 3 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 4 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 5 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 6 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_uuid 7 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_uuid 8 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 2, sf_uuid -1, sf_action bypass, sf_action_desc bypass_due_failure_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 3, sf_uuid -1, sf_action block, sf_action_desc block_due_failure_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 2 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 3 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 4, sf_uuid -1, sf_action bypass, sf_action_desc bypass_due_health_sf_limit
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 2 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 3 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 5, sf_uuid -1, sf_action block, sf_action_desc block_due_unavailable_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 6, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 7, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 8, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 9, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 10, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
	*/

	EXPECT_TRUE(s_ctx.chaining_decrypted->chaining_used == 3);

	EXPECT_TRUE(uuid_compare(s_ctx.chaining_decrypted->chaining[0].rule_uuid, rule_uuid12) == 0);
	EXPECT_TRUE(uuid_compare(s_ctx.chaining_decrypted->chaining[0].sff_uuid, sff_uuid1) == 0);
	EXPECT_TRUE(uuid_is_null(s_ctx.chaining_decrypted->chaining[0].sf_uuid));
	EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action == SESSION_ACTION_BYPASS);
	EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);

	EXPECT_TRUE(uuid_compare(s_ctx.chaining_decrypted->chaining[1].rule_uuid, rule_uuid12) == 0);
	EXPECT_TRUE(uuid_compare(s_ctx.chaining_decrypted->chaining[1].sff_uuid, sff_uuid3) == 0);
	EXPECT_TRUE(uuid_is_null(s_ctx.chaining_decrypted->chaining[1].sf_uuid));
	EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_action == SESSION_ACTION_BLOCK);
	EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);

	EXPECT_TRUE(uuid_compare(s_ctx.chaining_decrypted->chaining[2].rule_uuid, rule_uuid12) == 0);
	EXPECT_TRUE(uuid_compare(s_ctx.chaining_decrypted->chaining[2].sff_uuid, sff_uuid6) == 0);
	EXPECT_TRUE(uuid_compare(s_ctx.chaining_decrypted->chaining[2].sf_uuid, sf_uuid1) == 0);
	EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_action == SESSION_ACTION_BLOCK);
	EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);

	selected_chaining_dump(s_ctx.chaining_decrypted);
	selected_chaining_bref(s_ctx.chaining_decrypted);
	selected_chaining_destory(s_ctx.chaining_decrypted);

	printf("Before Sleep\n");
	sleep(1);
	printf("After Sleep\n");

	policy_enforcer_destory(enforcer);
}
#endif

#if 1
TEST(POLICY, POLICY_ENFORCER_DECRYPTED_TRAFFIC_MUTIL_HITS)
{
	struct global_metrics global_metrics;
	struct thread_ctx t_ctx;
	struct session_ctx s_ctx;

	t_ctx.ref_global_metrics = &global_metrics;
	s_ctx.ref_thread_ctx = &t_ctx;
	s_ctx.session_id = 1;
	s_ctx.session_addr = (char *)"1.1.1.1 11 2.2.2.2 22";
	uuid_array_init(&s_ctx.rule_uuid_array);

	struct packet handler;

	const char *payload = packet_parse(&handler, (const char *)data1, sizeof(data1));
	EXPECT_TRUE(payload != nullptr);
	EXPECT_TRUE((char *)payload - (char *)&data1 == 70);

	const char *profile = "./test_resource/sce.conf";
	struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8);
	EXPECT_TRUE(enforcer != nullptr);
	EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);

	int direction = 1;
	s_ctx.chaining_decrypted = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
	policy_enforce_select_chainings(enforcer, &s_ctx, &handler, &rule_uuid11, direction);
	policy_enforce_select_chainings(enforcer, &s_ctx, &handler, &rule_uuid12, direction);

	/*
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 11
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 11, sff_uuid 1, sf_uuid -1, sf_action bypass, sf_action_desc bypass_due_failure_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 1, sf_uuid -1, sf_action bypass, sf_action_desc bypass_due_failure_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 2 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 3 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 4 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 5 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 6 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_uuid 7 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_uuid 8 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 2, sf_uuid -1, sf_action bypass, sf_action_desc bypass_due_failure_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 3, sf_uuid -1, sf_action block, sf_action_desc block_due_failure_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 2 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 3 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 4, sf_uuid -1, sf_action bypass, sf_action_desc bypass_due_health_sf_limit
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 2 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 3 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 5, sf_uuid -1, sf_action block, sf_action_desc block_due_unavailable_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 6, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 7, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 8, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 9, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 10, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
	*/

	EXPECT_TRUE(s_ctx.chaining_decrypted->chaining_used == 3);

	EXPECT_TRUE(uuid_compare(s_ctx.chaining_decrypted->chaining[0].rule_uuid, rule_uuid11) == 0);
	EXPECT_TRUE(uuid_compare(s_ctx.chaining_decrypted->chaining[0].sff_uuid, sff_uuid1) == 0);
	EXPECT_TRUE(uuid_is_null(s_ctx.chaining_decrypted->chaining[0].sf_uuid));
	EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action == SESSION_ACTION_BYPASS);
	EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);

	EXPECT_TRUE(uuid_compare(s_ctx.chaining_decrypted->chaining[1].rule_uuid, rule_uuid12) == 0);
	EXPECT_TRUE(uuid_compare(s_ctx.chaining_decrypted->chaining[1].sff_uuid, sff_uuid3) == 0);
	EXPECT_TRUE(uuid_is_null(s_ctx.chaining_decrypted->chaining[1].sf_uuid));
	EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_action == SESSION_ACTION_BLOCK);
	EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);

	EXPECT_TRUE(uuid_compare(s_ctx.chaining_decrypted->chaining[2].rule_uuid, rule_uuid12) == 0);
	EXPECT_TRUE(uuid_compare(s_ctx.chaining_decrypted->chaining[2].sff_uuid, sff_uuid6) == 0);
	EXPECT_TRUE(uuid_compare(s_ctx.chaining_decrypted->chaining[2].sf_uuid, sf_uuid1) == 0);
	EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_action == SESSION_ACTION_BLOCK);
	EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);

	selected_chaining_dump(s_ctx.chaining_decrypted);
	selected_chaining_bref(s_ctx.chaining_decrypted);
	selected_chaining_destory(s_ctx.chaining_decrypted);

	printf("Before Sleep\n");
	sleep(1);
	printf("After Sleep\n");

	policy_enforcer_destory(enforcer);
}
#endif

#if 1
TEST(POLICY, POLICY_ENFORCER_MIX_TRAFFIC_MUTIL_HITS)
{
	struct global_metrics global_metrics;
	struct thread_ctx t_ctx;
	struct session_ctx s_ctx;

	t_ctx.ref_global_metrics = &global_metrics;
	s_ctx.ref_thread_ctx = &t_ctx;
	s_ctx.session_id = 1;
	s_ctx.session_addr = (char *)"1.1.1.1 11 2.2.2.2 22";
	uuid_array_init(&s_ctx.rule_uuid_array);

	struct packet handler;

	const char *payload = packet_parse(&handler, (const char *)data1, sizeof(data1));
	EXPECT_TRUE(payload != nullptr);
	EXPECT_TRUE((char *)payload - (char *)&data1 == 70);

	const char *profile = "./test_resource/sce.conf";
	struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8);
	EXPECT_TRUE(enforcer != nullptr);
	EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);

	int direction = 1;
	s_ctx.chaining_raw = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
	s_ctx.chaining_decrypted = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
	// raw traffic multi hits
	policy_enforce_select_chainings(enforcer, &s_ctx, &handler, &rule_uuid1, direction);
	policy_enforce_select_chainings(enforcer, &s_ctx, &handler, &rule_uuid2, direction);
	// decrypted traffic multi hits
	policy_enforce_select_chainings(enforcer, &s_ctx, &handler, &rule_uuid11, direction);
	policy_enforce_select_chainings(enforcer, &s_ctx, &handler, &rule_uuid12, direction);

	/*
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 1
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 1, sff_uuid 1, sf_uuid -1, sf_action bypass, sf_action_desc bypass_due_failure_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 1, sf_uuid -1, sf_action bypass, sf_action_desc bypass_due_failure_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 2 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 3 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 4 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 5 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 6 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_uuid 7 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_uuid 8 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 2, sf_uuid -1, sf_action bypass, sf_action_desc bypass_due_failure_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 3, sf_uuid -1, sf_action block, sf_action_desc block_due_failure_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 2 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 3 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 4, sf_uuid -1, sf_action bypass, sf_action_desc bypass_due_health_sf_limit
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 2 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 3 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 5, sf_uuid -1, sf_action block, sf_action_desc block_due_unavailable_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 6, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 7, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 8, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 9, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 10, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 11
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 11, sff_uuid 1, sf_uuid -1, sf_action bypass, sf_action_desc bypass_due_failure_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 1, sf_uuid -1, sf_action bypass, sf_action_desc bypass_due_failure_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 2 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 3 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 4 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 5 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 6 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_uuid 7 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_uuid 8 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 2, sf_uuid -1, sf_action bypass, sf_action_desc bypass_due_failure_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 3, sf_uuid -1, sf_action block, sf_action_desc block_due_failure_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 2 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 3 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 4, sf_uuid -1, sf_action bypass, sf_action_desc bypass_due_health_sf_limit
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 2 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 3 to be excluded
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 5, sf_uuid -1, sf_action block, sf_action_desc block_due_unavailable_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 6, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 7, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 8, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 9, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 10, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 selected_chaining_bref: chaining_size:64, chaining_used:3, {
		"node[0]":{"rule_uuid":1,"sff_uuid":1,"sf_uuid":-1,"traffic_type":"raw","sff_forward_type":"steering","sf_action":"bypass","reason":"bypass_due_failure_action"},
		"node[1]":{"rule_uuid":2,"sff_uuid":3,"sf_uuid":-1,"traffic_type":"raw","sff_forward_type":"steering","sf_action":"block","reason":"block_due_failure_action"},
		"node[2]":{"rule_uuid":2,"sff_uuid":6,"sf_uuid":1,"traffic_type":"raw","sff_forward_type":"steering","sf_action":"block","reason":"block_due_failure_action"}}
	POLICY: session 1 1.1.1.1 11 2.2.2.2 22 selected_chaining_bref: chaining_size:64, chaining_used:3, {
		"node[0]":{"rule_uuid":11,"sff_uuid":1,"sf_uuid":-1,"traffic_type":"decrypted","sff_forward_type":"steering","sf_action":"bypass","reason":"bypass_due_failure_action"},
		"node[1]":{"rule_uuid":12,"sff_uuid":3,"sf_uuid":-1,"traffic_type":"decrypted","sff_forward_type":"steering","sf_action":"block","reason":"block_due_failure_action"},
		"node[2]":{"rule_uuid":12,"sff_uuid":6,"sf_uuid":1,"traffic_type":"decrypted","sff_forward_type":"steering","sf_action":"block","reason":"block_due_failure_action"}}
	*/

	// raw traffic
	EXPECT_TRUE(s_ctx.chaining_raw->chaining_used == 3);

	EXPECT_TRUE(uuid_compare(s_ctx.chaining_raw->chaining[0].rule_uuid, rule_uuid1) == 0);
	EXPECT_TRUE(uuid_compare(s_ctx.chaining_raw->chaining[0].sff_uuid, sff_uuid1) == 0);
	EXPECT_TRUE(uuid_is_null(s_ctx.chaining_raw->chaining[0].sf_uuid));
	EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action == SESSION_ACTION_BYPASS);
	EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);

	EXPECT_TRUE(uuid_compare(s_ctx.chaining_raw->chaining[1].rule_uuid, rule_uuid2) == 0);
	EXPECT_TRUE(uuid_compare(s_ctx.chaining_raw->chaining[1].sff_uuid, sff_uuid3) == 0);
	EXPECT_TRUE(uuid_is_null(s_ctx.chaining_raw->chaining[1].sf_uuid));
	EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_action == SESSION_ACTION_BLOCK);
	EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);

	EXPECT_TRUE(uuid_compare(s_ctx.chaining_raw->chaining[2].rule_uuid, rule_uuid2) == 0);
	EXPECT_TRUE(uuid_compare(s_ctx.chaining_raw->chaining[2].sff_uuid, sff_uuid6) == 0);
	EXPECT_TRUE(uuid_compare(s_ctx.chaining_raw->chaining[2].sf_uuid, sf_uuid1) == 0);
	EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_action == SESSION_ACTION_BLOCK);
	EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);

	selected_chaining_dump(s_ctx.chaining_raw);
	selected_chaining_bref(s_ctx.chaining_raw);
	selected_chaining_destory(s_ctx.chaining_raw);

	// decrypted traffic
	EXPECT_TRUE(s_ctx.chaining_decrypted->chaining_used == 3);

	EXPECT_TRUE(uuid_compare(s_ctx.chaining_decrypted->chaining[0].rule_uuid, rule_uuid11) == 0);
	EXPECT_TRUE(uuid_compare(s_ctx.chaining_decrypted->chaining[0].sff_uuid, sff_uuid1) == 0);
	EXPECT_TRUE(uuid_is_null(s_ctx.chaining_decrypted->chaining[0].sf_uuid));
	EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action == SESSION_ACTION_BYPASS);
	EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);

	EXPECT_TRUE(uuid_compare(s_ctx.chaining_decrypted->chaining[1].rule_uuid, rule_uuid12) == 0);
	EXPECT_TRUE(uuid_compare(s_ctx.chaining_decrypted->chaining[1].sff_uuid, sff_uuid3) == 0);
	EXPECT_TRUE(uuid_is_null(s_ctx.chaining_decrypted->chaining[1].sf_uuid));
	EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_action == SESSION_ACTION_BLOCK);
	EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);

	EXPECT_TRUE(uuid_compare(s_ctx.chaining_decrypted->chaining[2].rule_uuid, rule_uuid12) == 0);
	EXPECT_TRUE(uuid_compare(s_ctx.chaining_decrypted->chaining[2].sff_uuid, sff_uuid6) == 0);
	EXPECT_TRUE(uuid_compare(s_ctx.chaining_decrypted->chaining[2].sf_uuid, sf_uuid1) == 0);
	EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_action == SESSION_ACTION_BLOCK);
	EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);

	selected_chaining_dump(s_ctx.chaining_decrypted);
	selected_chaining_bref(s_ctx.chaining_decrypted);
	selected_chaining_destory(s_ctx.chaining_decrypted);

	printf("Before Sleep\n");
	sleep(1);
	printf("After Sleep\n");

	policy_enforcer_destory(enforcer);
}
#endif

int main(int argc, char **argv)
{
	uuid_init();
	::testing::InitGoogleTest(&argc, argv);
	return RUN_ALL_TESTS();
}