perf: 优化策略扫描
This commit is contained in:
luwenpeng
@@ -14,17 +14,647 @@ unsigned char data1[] = {
|
||||
0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd,
|
||||
0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd};
|
||||
|
||||
TEST(POLICY, SELECTED_CHAINING_LIFE_CYCLE)
|
||||
// 都不同
|
||||
TEST(POLICY, SELECTED_CHAINING1)
|
||||
{
|
||||
struct selected_chaining *chaining = NULL;
|
||||
struct selected_chaining *chainings = NULL;
|
||||
|
||||
chaining = selected_chaining_create(128, 1, (char *)"1.1.1.1 11 2.2.2.2 22");
|
||||
EXPECT_TRUE(chaining != nullptr);
|
||||
chainings = selected_chaining_create(3, 1, (char *)"1.1.1.1 11 2.2.2.2 22");
|
||||
EXPECT_TRUE(chainings != nullptr);
|
||||
|
||||
selected_chaining_destory(chaining);
|
||||
chainings->chaining[chainings->chaining_used++].sf_profile_id = 1;
|
||||
chainings->chaining[chainings->chaining_used++].sf_profile_id = 2;
|
||||
chainings->chaining[chainings->chaining_used++].sf_profile_id = 3;
|
||||
|
||||
selected_chaining_uniq(chainings);
|
||||
selected_chaining_dump(chainings);
|
||||
|
||||
EXPECT_TRUE(chainings->chaining_used == 3);
|
||||
EXPECT_TRUE(chainings->chaining[0].sf_profile_id == 1);
|
||||
EXPECT_TRUE(chainings->chaining[1].sf_profile_id == 2);
|
||||
EXPECT_TRUE(chainings->chaining[2].sf_profile_id == 3);
|
||||
|
||||
selected_chaining_destory(chainings);
|
||||
}
|
||||
|
||||
TEST(POLICY, POLICY_ENFORCER_LIFE_CYCLE)
|
||||
// 都相同
|
||||
TEST(POLICY, SELECTED_CHAINING2)
|
||||
{
|
||||
struct selected_chaining *chainings = NULL;
|
||||
|
||||
chainings = selected_chaining_create(3, 1, (char *)"1.1.1.1 11 2.2.2.2 22");
|
||||
EXPECT_TRUE(chainings != nullptr);
|
||||
|
||||
chainings->chaining[chainings->chaining_used++].sf_profile_id = 1;
|
||||
chainings->chaining[chainings->chaining_used++].sf_profile_id = 1;
|
||||
chainings->chaining[chainings->chaining_used++].sf_profile_id = 1;
|
||||
|
||||
selected_chaining_uniq(chainings);
|
||||
selected_chaining_dump(chainings);
|
||||
|
||||
EXPECT_TRUE(chainings->chaining_used == 1);
|
||||
EXPECT_TRUE(chainings->chaining[0].sf_profile_id == 1);
|
||||
|
||||
selected_chaining_destory(chainings);
|
||||
}
|
||||
|
||||
// 两个相同 (1,2相同)
|
||||
TEST(POLICY, SELECTED_CHAINING3)
|
||||
{
|
||||
struct selected_chaining *chainings = NULL;
|
||||
|
||||
chainings = selected_chaining_create(3, 1, (char *)"1.1.1.1 11 2.2.2.2 22");
|
||||
EXPECT_TRUE(chainings != nullptr);
|
||||
|
||||
chainings->chaining[chainings->chaining_used++].sf_profile_id = 1;
|
||||
chainings->chaining[chainings->chaining_used++].sf_profile_id = 1;
|
||||
chainings->chaining[chainings->chaining_used++].sf_profile_id = 2;
|
||||
|
||||
selected_chaining_uniq(chainings);
|
||||
selected_chaining_dump(chainings);
|
||||
|
||||
EXPECT_TRUE(chainings->chaining_used == 2);
|
||||
EXPECT_TRUE(chainings->chaining[0].sf_profile_id == 1);
|
||||
EXPECT_TRUE(chainings->chaining[1].sf_profile_id == 2);
|
||||
|
||||
selected_chaining_destory(chainings);
|
||||
}
|
||||
|
||||
// 两个相同 (1,3相同)
|
||||
TEST(POLICY, SELECTED_CHAINING4)
|
||||
{
|
||||
struct selected_chaining *chainings = NULL;
|
||||
|
||||
chainings = selected_chaining_create(3, 1, (char *)"1.1.1.1 11 2.2.2.2 22");
|
||||
EXPECT_TRUE(chainings != nullptr);
|
||||
|
||||
chainings->chaining[chainings->chaining_used++].sf_profile_id = 1;
|
||||
chainings->chaining[chainings->chaining_used++].sf_profile_id = 2;
|
||||
chainings->chaining[chainings->chaining_used++].sf_profile_id = 1;
|
||||
|
||||
selected_chaining_uniq(chainings);
|
||||
selected_chaining_dump(chainings);
|
||||
|
||||
EXPECT_TRUE(chainings->chaining_used == 2);
|
||||
EXPECT_TRUE(chainings->chaining[0].sf_profile_id == 1);
|
||||
EXPECT_TRUE(chainings->chaining[1].sf_profile_id == 2);
|
||||
|
||||
selected_chaining_destory(chainings);
|
||||
}
|
||||
|
||||
// 两个相同 (2,3相同)
|
||||
TEST(POLICY, SELECTED_CHAINING5)
|
||||
{
|
||||
struct selected_chaining *chainings = NULL;
|
||||
|
||||
chainings = selected_chaining_create(3, 1, (char *)"1.1.1.1 11 2.2.2.2 22");
|
||||
EXPECT_TRUE(chainings != nullptr);
|
||||
|
||||
chainings->chaining[chainings->chaining_used++].sf_profile_id = 2;
|
||||
chainings->chaining[chainings->chaining_used++].sf_profile_id = 1;
|
||||
chainings->chaining[chainings->chaining_used++].sf_profile_id = 1;
|
||||
|
||||
selected_chaining_uniq(chainings);
|
||||
selected_chaining_dump(chainings);
|
||||
|
||||
EXPECT_TRUE(chainings->chaining_used == 2);
|
||||
EXPECT_TRUE(chainings->chaining[0].sf_profile_id == 2);
|
||||
EXPECT_TRUE(chainings->chaining[1].sf_profile_id == 1);
|
||||
|
||||
selected_chaining_destory(chainings);
|
||||
}
|
||||
|
||||
// 没有数据
|
||||
TEST(POLICY, SELECTED_CHAINING6)
|
||||
{
|
||||
struct selected_chaining *chainings = NULL;
|
||||
|
||||
chainings = selected_chaining_create(3, 1, (char *)"1.1.1.1 11 2.2.2.2 22");
|
||||
EXPECT_TRUE(chainings != nullptr);
|
||||
|
||||
selected_chaining_uniq(chainings);
|
||||
selected_chaining_dump(chainings);
|
||||
|
||||
EXPECT_TRUE(chainings->chaining_used == 0);
|
||||
|
||||
selected_chaining_destory(chainings);
|
||||
}
|
||||
|
||||
// 只有一个
|
||||
TEST(POLICY, SELECTED_CHAINING7)
|
||||
{
|
||||
struct selected_chaining *chainings = NULL;
|
||||
|
||||
chainings = selected_chaining_create(3, 1, (char *)"1.1.1.1 11 2.2.2.2 22");
|
||||
EXPECT_TRUE(chainings != nullptr);
|
||||
|
||||
chainings->chaining[chainings->chaining_used++].sf_profile_id = 1;
|
||||
|
||||
selected_chaining_uniq(chainings);
|
||||
selected_chaining_dump(chainings);
|
||||
|
||||
EXPECT_TRUE(chainings->chaining_used == 1);
|
||||
EXPECT_TRUE(chainings->chaining[0].sf_profile_id == 1);
|
||||
|
||||
selected_chaining_destory(chainings);
|
||||
}
|
||||
|
||||
#if 1
|
||||
TEST(POLICY, POLICY_ENFORCER_RAW_TRAFFIC1)
|
||||
{
|
||||
struct global_metrics global_metrics;
|
||||
struct thread_ctx t_ctx;
|
||||
struct session_ctx s_ctx;
|
||||
|
||||
t_ctx.ref_global_metrics = &global_metrics;
|
||||
s_ctx.ref_thread_ctx = &t_ctx;
|
||||
s_ctx.session_id = 1;
|
||||
s_ctx.session_addr = (char *)"1.1.1.1 11 2.2.2.2 22";
|
||||
|
||||
struct data_packet handler;
|
||||
|
||||
const void *payload = data_packet_parse(&handler, (const void *)data1, sizeof(data1), 0);
|
||||
EXPECT_TRUE(payload != nullptr);
|
||||
EXPECT_TRUE((char *)payload - (char *)&data1 == 70);
|
||||
|
||||
const char *profile = "./test_resource/sce.conf";
|
||||
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8, NULL);
|
||||
EXPECT_TRUE(enforcer != nullptr);
|
||||
EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);
|
||||
|
||||
int dir_is_i2e = 1;
|
||||
struct selected_chainings chainings;
|
||||
chainings.chaining_raw = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
||||
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 1, dir_is_i2e);
|
||||
|
||||
/*
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 1, sff_profile_id 1, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||||
*/
|
||||
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining_used == 1);
|
||||
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].rule_id == 1);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sff_profile_id == 1);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sf_profile_id == -1);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
||||
|
||||
selected_chaining_dump(chainings.chaining_raw);
|
||||
selected_chaining_bref(chainings.chaining_raw);
|
||||
selected_chaining_destory(chainings.chaining_raw);
|
||||
|
||||
printf("Before Sleep\n");
|
||||
sleep(1);
|
||||
printf("After Sleep\n");
|
||||
|
||||
policy_enforcer_destory(enforcer);
|
||||
}
|
||||
#endif
|
||||
|
||||
#if 1
|
||||
TEST(POLICY, POLICY_ENFORCER_RAW_TRAFFIC2)
|
||||
{
|
||||
struct global_metrics global_metrics;
|
||||
struct thread_ctx t_ctx;
|
||||
struct session_ctx s_ctx;
|
||||
|
||||
t_ctx.ref_global_metrics = &global_metrics;
|
||||
s_ctx.ref_thread_ctx = &t_ctx;
|
||||
s_ctx.session_id = 1;
|
||||
s_ctx.session_addr = (char *)"1.1.1.1 11 2.2.2.2 22";
|
||||
|
||||
struct data_packet handler;
|
||||
|
||||
const void *payload = data_packet_parse(&handler, (const void *)data1, sizeof(data1), 0);
|
||||
EXPECT_TRUE(payload != nullptr);
|
||||
EXPECT_TRUE((char *)payload - (char *)&data1 == 70);
|
||||
|
||||
const char *profile = "./test_resource/sce.conf";
|
||||
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8, NULL);
|
||||
EXPECT_TRUE(enforcer != nullptr);
|
||||
EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);
|
||||
|
||||
int dir_is_i2e = 1;
|
||||
struct selected_chainings chainings;
|
||||
chainings.chaining_raw = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
||||
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 2, dir_is_i2e);
|
||||
|
||||
/*
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 1, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 4 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 5 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 6 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_profile_id 7 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_profile_id 8 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 2, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 3, sf_profile_id -1, sf_action block, sf_action_desc block_due_failure_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 4, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_health_sf_limit
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 5, sf_profile_id -1, sf_action block, sf_action_desc block_due_unavailable_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 6, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 7, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 8, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 9, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 10, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||||
*/
|
||||
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining_used == 3);
|
||||
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].rule_id == 2);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sff_profile_id == 1);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sf_profile_id == -1);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
||||
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[1].rule_id == 2);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[1].sff_profile_id == 3);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[1].sf_profile_id == -1);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[1].sf_action == SESSION_ACTION_BLOCK);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||||
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[2].rule_id == 2);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[2].sff_profile_id == 6);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[2].sf_profile_id == 1);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[2].sf_action == SESSION_ACTION_BLOCK);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||||
|
||||
selected_chaining_dump(chainings.chaining_raw);
|
||||
selected_chaining_bref(chainings.chaining_raw);
|
||||
selected_chaining_destory(chainings.chaining_raw);
|
||||
|
||||
printf("Before Sleep\n");
|
||||
sleep(1);
|
||||
printf("After Sleep\n");
|
||||
|
||||
policy_enforcer_destory(enforcer);
|
||||
}
|
||||
#endif
|
||||
|
||||
#if 1
|
||||
TEST(POLICY, POLICY_ENFORCER_RAW_TRAFFIC_MUTIL_HITS)
|
||||
{
|
||||
struct global_metrics global_metrics;
|
||||
struct thread_ctx t_ctx;
|
||||
struct session_ctx s_ctx;
|
||||
|
||||
t_ctx.ref_global_metrics = &global_metrics;
|
||||
s_ctx.ref_thread_ctx = &t_ctx;
|
||||
s_ctx.session_id = 1;
|
||||
s_ctx.session_addr = (char *)"1.1.1.1 11 2.2.2.2 22";
|
||||
|
||||
struct data_packet handler;
|
||||
|
||||
const void *payload = data_packet_parse(&handler, (const void *)data1, sizeof(data1), 0);
|
||||
EXPECT_TRUE(payload != nullptr);
|
||||
EXPECT_TRUE((char *)payload - (char *)&data1 == 70);
|
||||
|
||||
const char *profile = "./test_resource/sce.conf";
|
||||
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8, NULL);
|
||||
EXPECT_TRUE(enforcer != nullptr);
|
||||
EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);
|
||||
|
||||
int dir_is_i2e = 1;
|
||||
struct selected_chainings chainings;
|
||||
chainings.chaining_raw = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
||||
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 1, dir_is_i2e);
|
||||
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 2, dir_is_i2e);
|
||||
|
||||
/*
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 1
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 1, sff_profile_id 1, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 1, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 4 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 5 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 6 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_profile_id 7 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_profile_id 8 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 2, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 3, sf_profile_id -1, sf_action block, sf_action_desc block_due_failure_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 4, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_health_sf_limit
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 5, sf_profile_id -1, sf_action block, sf_action_desc block_due_unavailable_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 6, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 7, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 8, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 9, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 10, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||||
*/
|
||||
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining_used == 3);
|
||||
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].rule_id == 1);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sff_profile_id == 1);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sf_profile_id == -1);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
||||
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[1].rule_id == 2);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[1].sff_profile_id == 3);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[1].sf_profile_id == -1);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[1].sf_action == SESSION_ACTION_BLOCK);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||||
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[2].rule_id == 2);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[2].sff_profile_id == 6);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[2].sf_profile_id == 1);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[2].sf_action == SESSION_ACTION_BLOCK);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||||
|
||||
selected_chaining_dump(chainings.chaining_raw);
|
||||
selected_chaining_bref(chainings.chaining_raw);
|
||||
selected_chaining_destory(chainings.chaining_raw);
|
||||
|
||||
printf("Before Sleep\n");
|
||||
sleep(1);
|
||||
printf("After Sleep\n");
|
||||
|
||||
policy_enforcer_destory(enforcer);
|
||||
}
|
||||
#endif
|
||||
|
||||
#if 1
|
||||
TEST(POLICY, POLICY_ENFORCER_DECRYPTED_TRAFFIC1)
|
||||
{
|
||||
struct global_metrics global_metrics;
|
||||
struct thread_ctx t_ctx;
|
||||
struct session_ctx s_ctx;
|
||||
|
||||
t_ctx.ref_global_metrics = &global_metrics;
|
||||
s_ctx.ref_thread_ctx = &t_ctx;
|
||||
s_ctx.session_id = 1;
|
||||
s_ctx.session_addr = (char *)"1.1.1.1 11 2.2.2.2 22";
|
||||
|
||||
struct data_packet handler;
|
||||
|
||||
const void *payload = data_packet_parse(&handler, (const void *)data1, sizeof(data1), 0);
|
||||
EXPECT_TRUE(payload != nullptr);
|
||||
EXPECT_TRUE((char *)payload - (char *)&data1 == 70);
|
||||
|
||||
const char *profile = "./test_resource/sce.conf";
|
||||
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8, NULL);
|
||||
EXPECT_TRUE(enforcer != nullptr);
|
||||
EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);
|
||||
|
||||
int dir_is_i2e = 1;
|
||||
struct selected_chainings chainings;
|
||||
chainings.chaining_decrypted = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
||||
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 11, dir_is_i2e);
|
||||
|
||||
/*
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 11
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 11, sff_profile_id 1, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||||
*/
|
||||
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining_used == 1);
|
||||
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].rule_id == 11);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sff_profile_id == 1);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sf_profile_id == -1);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
||||
|
||||
selected_chaining_dump(chainings.chaining_decrypted);
|
||||
selected_chaining_bref(chainings.chaining_decrypted);
|
||||
selected_chaining_destory(chainings.chaining_decrypted);
|
||||
|
||||
printf("Before Sleep\n");
|
||||
sleep(1);
|
||||
printf("After Sleep\n");
|
||||
|
||||
policy_enforcer_destory(enforcer);
|
||||
}
|
||||
#endif
|
||||
|
||||
#if 1
|
||||
TEST(POLICY, POLICY_ENFORCER_DECRYPTED_TRAFFIC2)
|
||||
{
|
||||
struct global_metrics global_metrics;
|
||||
struct thread_ctx t_ctx;
|
||||
struct session_ctx s_ctx;
|
||||
|
||||
t_ctx.ref_global_metrics = &global_metrics;
|
||||
s_ctx.ref_thread_ctx = &t_ctx;
|
||||
s_ctx.session_id = 1;
|
||||
s_ctx.session_addr = (char *)"1.1.1.1 11 2.2.2.2 22";
|
||||
|
||||
struct data_packet handler;
|
||||
|
||||
const void *payload = data_packet_parse(&handler, (const void *)data1, sizeof(data1), 0);
|
||||
EXPECT_TRUE(payload != nullptr);
|
||||
EXPECT_TRUE((char *)payload - (char *)&data1 == 70);
|
||||
|
||||
const char *profile = "./test_resource/sce.conf";
|
||||
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8, NULL);
|
||||
EXPECT_TRUE(enforcer != nullptr);
|
||||
EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);
|
||||
|
||||
int dir_is_i2e = 1;
|
||||
struct selected_chainings chainings;
|
||||
chainings.chaining_decrypted = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
||||
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 12, dir_is_i2e);
|
||||
|
||||
/*
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 1, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 4 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 5 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 6 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_profile_id 7 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_profile_id 8 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 2, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 3, sf_profile_id -1, sf_action block, sf_action_desc block_due_failure_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 4, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_health_sf_limit
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 5, sf_profile_id -1, sf_action block, sf_action_desc block_due_unavailable_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 6, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 7, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 8, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 9, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 10, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||||
*/
|
||||
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining_used == 3);
|
||||
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].rule_id == 12);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sff_profile_id == 1);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sf_profile_id == -1);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
||||
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].rule_id == 12);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].sff_profile_id == 3);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].sf_profile_id == -1);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].sf_action == SESSION_ACTION_BLOCK);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||||
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].rule_id == 12);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].sff_profile_id == 6);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].sf_profile_id == 1);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].sf_action == SESSION_ACTION_BLOCK);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||||
|
||||
selected_chaining_dump(chainings.chaining_decrypted);
|
||||
selected_chaining_bref(chainings.chaining_decrypted);
|
||||
selected_chaining_destory(chainings.chaining_decrypted);
|
||||
|
||||
printf("Before Sleep\n");
|
||||
sleep(1);
|
||||
printf("After Sleep\n");
|
||||
|
||||
policy_enforcer_destory(enforcer);
|
||||
}
|
||||
#endif
|
||||
|
||||
#if 1
|
||||
TEST(POLICY, POLICY_ENFORCER_DECRYPTED_TRAFFIC_MUTIL_HITS)
|
||||
{
|
||||
struct global_metrics global_metrics;
|
||||
struct thread_ctx t_ctx;
|
||||
struct session_ctx s_ctx;
|
||||
|
||||
t_ctx.ref_global_metrics = &global_metrics;
|
||||
s_ctx.ref_thread_ctx = &t_ctx;
|
||||
s_ctx.session_id = 1;
|
||||
s_ctx.session_addr = (char *)"1.1.1.1 11 2.2.2.2 22";
|
||||
|
||||
struct data_packet handler;
|
||||
|
||||
const void *payload = data_packet_parse(&handler, (const void *)data1, sizeof(data1), 0);
|
||||
EXPECT_TRUE(payload != nullptr);
|
||||
EXPECT_TRUE((char *)payload - (char *)&data1 == 70);
|
||||
|
||||
const char *profile = "./test_resource/sce.conf";
|
||||
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8, NULL);
|
||||
EXPECT_TRUE(enforcer != nullptr);
|
||||
EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);
|
||||
|
||||
int dir_is_i2e = 1;
|
||||
struct selected_chainings chainings;
|
||||
chainings.chaining_decrypted = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
||||
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 11, dir_is_i2e);
|
||||
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 12, dir_is_i2e);
|
||||
|
||||
/*
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 11
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 11, sff_profile_id 1, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 1, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 4 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 5 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 6 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_profile_id 7 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_profile_id 8 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 2, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 3, sf_profile_id -1, sf_action block, sf_action_desc block_due_failure_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 4, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_health_sf_limit
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 5, sf_profile_id -1, sf_action block, sf_action_desc block_due_unavailable_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 6, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 7, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 8, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 9, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 10, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||||
*/
|
||||
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining_used == 3);
|
||||
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].rule_id == 11);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sff_profile_id == 1);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sf_profile_id == -1);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
||||
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].rule_id == 12);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].sff_profile_id == 3);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].sf_profile_id == -1);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].sf_action == SESSION_ACTION_BLOCK);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||||
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].rule_id == 12);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].sff_profile_id == 6);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].sf_profile_id == 1);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].sf_action == SESSION_ACTION_BLOCK);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||||
|
||||
selected_chaining_dump(chainings.chaining_decrypted);
|
||||
selected_chaining_bref(chainings.chaining_decrypted);
|
||||
selected_chaining_destory(chainings.chaining_decrypted);
|
||||
|
||||
printf("Before Sleep\n");
|
||||
sleep(1);
|
||||
printf("After Sleep\n");
|
||||
|
||||
policy_enforcer_destory(enforcer);
|
||||
}
|
||||
#endif
|
||||
|
||||
#if 1
|
||||
TEST(POLICY, POLICY_ENFORCER_MIX_TRAFFIC_MUTIL_HITS)
|
||||
{
|
||||
struct global_metrics global_metrics;
|
||||
struct thread_ctx t_ctx;
|
||||
@@ -50,25 +680,151 @@ TEST(POLICY, POLICY_ENFORCER_LIFE_CYCLE)
|
||||
struct selected_chainings chainings;
|
||||
chainings.chaining_raw = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
||||
chainings.chaining_decrypted = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
||||
// raw traffic multi hits
|
||||
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 1, dir_is_i2e);
|
||||
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 2, dir_is_i2e);
|
||||
// decrypted traffic multi hits
|
||||
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 11, dir_is_i2e);
|
||||
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 12, dir_is_i2e);
|
||||
|
||||
/*
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 1
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 1, sff_profile_id 1, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 1, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 4 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 5 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 6 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_profile_id 7 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_profile_id 8 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 2, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 3, sf_profile_id -1, sf_action block, sf_action_desc block_due_failure_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 4, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_health_sf_limit
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 5, sf_profile_id -1, sf_action block, sf_action_desc block_due_unavailable_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 6, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 7, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 8, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 9, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 10, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 11
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 11, sff_profile_id 1, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 1, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 4 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 5 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 6 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_profile_id 7 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_profile_id 8 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 2, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 3, sf_profile_id -1, sf_action block, sf_action_desc block_due_failure_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 4, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_health_sf_limit
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 5, sf_profile_id -1, sf_action block, sf_action_desc block_due_unavailable_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 6, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 7, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 8, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 9, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 10, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 selected_chaining_bref: chaining_size:64, chaining_used:3, {
|
||||
"node[0]":{"rule_id":1,"sff_profile_id":1,"sf_profile_id":-1,"traffic_type":"raw","sff_forward_type":"steering","sf_action":"bypass","reason":"bypass_due_failure_action"},
|
||||
"node[1]":{"rule_id":2,"sff_profile_id":3,"sf_profile_id":-1,"traffic_type":"raw","sff_forward_type":"steering","sf_action":"block","reason":"block_due_failure_action"},
|
||||
"node[2]":{"rule_id":2,"sff_profile_id":6,"sf_profile_id":1,"traffic_type":"raw","sff_forward_type":"steering","sf_action":"block","reason":"block_due_failure_action"}}
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 selected_chaining_bref: chaining_size:64, chaining_used:3, {
|
||||
"node[0]":{"rule_id":11,"sff_profile_id":1,"sf_profile_id":-1,"traffic_type":"decrypted","sff_forward_type":"steering","sf_action":"bypass","reason":"bypass_due_failure_action"},
|
||||
"node[1]":{"rule_id":12,"sff_profile_id":3,"sf_profile_id":-1,"traffic_type":"decrypted","sff_forward_type":"steering","sf_action":"block","reason":"block_due_failure_action"},
|
||||
"node[2]":{"rule_id":12,"sff_profile_id":6,"sf_profile_id":1,"traffic_type":"decrypted","sff_forward_type":"steering","sf_action":"block","reason":"block_due_failure_action"}}
|
||||
*/
|
||||
|
||||
// raw traffic
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining_used == 3);
|
||||
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].rule_id == 1);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sff_profile_id == 1);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sf_profile_id == -1);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
||||
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[1].rule_id == 2);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[1].sff_profile_id == 3);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[1].sf_profile_id == -1);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[1].sf_action == SESSION_ACTION_BLOCK);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||||
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[2].rule_id == 2);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[2].sff_profile_id == 6);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[2].sf_profile_id == 1);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[2].sf_action == SESSION_ACTION_BLOCK);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||||
|
||||
selected_chaining_dump(chainings.chaining_raw);
|
||||
selected_chaining_bref(chainings.chaining_raw);
|
||||
selected_chaining_destory(chainings.chaining_raw);
|
||||
|
||||
// decrypted traffic
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining_used == 3);
|
||||
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].rule_id == 11);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sff_profile_id == 1);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sf_profile_id == -1);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
||||
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].rule_id == 12);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].sff_profile_id == 3);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].sf_profile_id == -1);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].sf_action == SESSION_ACTION_BLOCK);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||||
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].rule_id == 12);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].sff_profile_id == 6);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].sf_profile_id == 1);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].sf_action == SESSION_ACTION_BLOCK);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||||
|
||||
selected_chaining_dump(chainings.chaining_decrypted);
|
||||
selected_chaining_bref(chainings.chaining_decrypted);
|
||||
selected_chaining_destory(chainings.chaining_decrypted);
|
||||
|
||||
printf("Before Sleep\n");
|
||||
sleep(3);
|
||||
sleep(1);
|
||||
printf("After Sleep\n");
|
||||
|
||||
policy_enforcer_destory(enforcer);
|
||||
}
|
||||
#endif
|
||||
|
||||
int main(int argc, char **argv)
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user