gfwleak/tango-tsg-service-chaining-engine
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-13500 tsg-service-chaining-engine扫描策略

Browse Source
This commit is contained in:
luwenpeng
2023-02-06 10:34:23 +08:00
parent 72ba473aa5
commit 450d9ab0f2
23 changed files with 2253 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CMakeLists.txt
View File

@@ -56,6 +56,7 @@ add_custom_target("install-program" COMMAND ${CMAKE_COMMAND} ARGS -DCOMPONENT=Pr
add_custom_target("install-profile" COMMAND ${CMAKE_COMMAND} ARGS -DCOMPONENT=Profile -P cmake_install.cmake)
enable_testing()
add_subdirectory(conf)
add_subdirectory(vendor)
add_subdirectory(common)
add_subdirectory(platform)

2
common/CMakeLists.txt
View File

@@ -1,4 +1,4 @@
add_library(common src/addr_tuple4.cpp src/session_table.cpp src/raw_packet.cpp src/bfd.cpp)
add_library(common src/addr_tuple4.cpp src/session_table.cpp src/raw_packet.cpp src/bfd.cpp src/utils.cpp)
target_include_directories(common PUBLIC ${CMAKE_CURRENT_LIST_DIR}/include)

13
common/include/raw_packet.h
View File

@@ -6,6 +6,8 @@ extern "C"
{
#endif
#include <stdint.h>
enum layer_type
{
// 数据链路层
@@ -43,6 +45,15 @@ enum layer_type
LAYER_TYPE_UNKNOWN,
};
enum ldbc_method
{
LDBC_METHOD_HASH_INT_IP = 1,
LDBC_METHOD_HASH_EXT_IP = 2,
LDBC_METHOD_HASH_INT_IP_AND_EXT_IP = 3,
LDBC_METHOD_HASH_INNERMOST_INT_IP = 4,
LDBC_METHOD_HASH_INNERMOST_EXT_IP = 5,
};
enum parse_status
{
PARSE_STATUS_CONTINUE,
@@ -73,6 +84,8 @@ int raw_packet_parser_get_most_outer_tuple4(struct raw_pkt_parser *handler, stru
int raw_packet_parser_get_most_inner_address(struct raw_pkt_parser *handler, struct addr_tuple4 *addr);
int raw_packet_parser_get_most_outer_address(struct raw_pkt_parser *handler, struct addr_tuple4 *addr);
uint64_t raw_packet_parser_get_hash_value(struct raw_pkt_parser *handler, enum ldbc_method method, int dir_is_internal);
#ifdef __cpluscplus
}
#endif

31
common/include/utils.h Normal file
View File

@@ -0,0 +1,31 @@
#ifndef _UTILS_H
#define _UTILS_H
#ifdef __cpluscplus
extern "C"
{
#endif
#define MIN(a, b) ((a) > (b) ? (a) : (b))
#define LOG_TAG_POLICY "POLICY"
#define LOG_TAG_UTILS "UTILS"
struct fixed_num_array
{
int elems[128];
int num;
int size;
};
void fixed_num_array_init(struct fixed_num_array *array);
void fixed_num_array_add_elem(struct fixed_num_array *array, int elem);
void fixed_num_array_del_elem(struct fixed_num_array *array, int elem);
int fixed_num_array_count_elem(struct fixed_num_array *array);
int fixed_num_array_index_elem(struct fixed_num_array *array, int index);
#ifdef __cpluscplus
}
#endif
#endif

150
common/src/raw_packet.cpp
View File

@@ -12,6 +12,7 @@
#include <linux/ppp_defs.h>
#include "log.h"
#include "uthash.h"
#include "addr_tuple4.h"
#include "raw_packet.h"
@@ -89,6 +90,8 @@ struct raw_pkt_parser
* Static API
******************************************************************************/
static const char *ldbc_method_to_string(enum ldbc_method ldbc_method);
// parser utils
static void set_addr_tuple4(const void *data, enum layer_type layer_type, struct addr_tuple4 *addr);
static const char *layer_type2str(enum layer_type this_type);
@@ -353,10 +356,157 @@ int raw_packet_parser_get_most_outer_address(struct raw_pkt_parser *handler, str
return -1;
}
uint64_t raw_packet_parser_get_hash_value(struct raw_pkt_parser *handler, enum ldbc_method method, int dir_is_internal)
{
uint64_t temp = 0;
uint64_t hash_value = 1;
int inner_addr_len = 0;
int outer_addr_len = 0;
const char *inner_src_addr = NULL;
const char *inner_dst_addr = NULL;
const char *outer_src_addr = NULL;
const char *outer_dst_addr = NULL;
struct addr_tuple4 inner_addr;
struct addr_tuple4 outer_addr;
memset(&inner_addr, 0, sizeof(inner_addr));
memset(&outer_addr, 0, sizeof(outer_addr));
if (handler == NULL)
{
return hash_value;
}
if (raw_packet_parser_get_most_inner_address(handler, &inner_addr) == -1)
{
return hash_value;
}
if (raw_packet_parser_get_most_outer_address(handler, &outer_addr) == -1)
{
return hash_value;
}
if (inner_addr.addr_type == ADDR_TUPLE4_TYPE_V4)
{
inner_src_addr = (const char *)&(inner_addr.addr_v4.src_addr);
inner_dst_addr = (const char *)&(inner_addr.addr_v4.dst_addr);
inner_addr_len = sizeof(inner_addr.addr_v4.dst_addr);
}
else
{
inner_src_addr = (const char *)&(inner_addr.addr_v6.src_addr);
inner_dst_addr = (const char *)&(inner_addr.addr_v6.dst_addr);
inner_addr_len = sizeof(inner_addr.addr_v6.dst_addr);
}
if (outer_addr.addr_type == ADDR_TUPLE4_TYPE_V4)
{
outer_src_addr = (const char *)&(outer_addr.addr_v4.src_addr);
outer_dst_addr = (const char *)&(outer_addr.addr_v4.dst_addr);
outer_addr_len = sizeof(outer_addr.addr_v4.dst_addr);
}
else
{
outer_src_addr = (const char *)&(outer_addr.addr_v6.src_addr);
outer_dst_addr = (const char *)&(outer_addr.addr_v6.dst_addr);
outer_addr_len = sizeof(outer_addr.addr_v6.dst_addr);
}
switch (method)
{
case LDBC_METHOD_HASH_INT_IP:
if (dir_is_internal)
{
// outer src ip
HASH_VALUE(outer_src_addr, outer_addr_len, hash_value);
}
else
{
// outer dst ip
HASH_VALUE(outer_dst_addr, outer_addr_len, hash_value);
}
break;
case LDBC_METHOD_HASH_EXT_IP:
if (dir_is_internal)
{
// outer dst ip
HASH_VALUE(outer_dst_addr, outer_addr_len, hash_value);
}
else
{
// outer src ip
HASH_VALUE(outer_src_addr, outer_addr_len, hash_value);
}
break;
case LDBC_METHOD_HASH_INT_IP_AND_EXT_IP:
// outer dst ip ^ outer src ip
HASH_VALUE(outer_src_addr, outer_addr_len, hash_value);
HASH_VALUE(outer_dst_addr, outer_addr_len, temp);
hash_value = hash_value ^ temp;
break;
case LDBC_METHOD_HASH_INNERMOST_INT_IP:
if (dir_is_internal)
{
// innner src ip
HASH_VALUE(inner_src_addr, inner_addr_len, hash_value);
}
else
{
// innner dst ip
HASH_VALUE(inner_dst_addr, inner_addr_len, hash_value);
}
break;
case LDBC_METHOD_HASH_INNERMOST_EXT_IP:
if (dir_is_internal)
{
// innner dst ip
HASH_VALUE(inner_dst_addr, inner_addr_len, hash_value);
}
else
{
// innner src ip
HASH_VALUE(inner_src_addr, inner_addr_len, hash_value);
}
break;
default:
return hash_value;
}
char *inner_addr_str = addr_tuple4_to_str(&inner_addr);
char *outer_addr_str = addr_tuple4_to_str(&outer_addr);
LOG_ERROR("%s: pkt_trace_id: %lu, outer_addr: %s, inner_addr: %s, is_internal: %d, hash_method: %s, hash_value: %lu",
LOG_TAG, handler->pkt_trace_id, outer_addr_str, inner_addr_str, dir_is_internal, ldbc_method_to_string(method), hash_value);
free(inner_addr_str);
free(outer_addr_str);
return hash_value;
}
/******************************************************************************
* Private API
******************************************************************************/
static const char *ldbc_method_to_string(enum ldbc_method ldbc_method)
{
switch (ldbc_method)
{
case LDBC_METHOD_HASH_INT_IP:
return "outter_internal_ip";
case LDBC_METHOD_HASH_EXT_IP:
return "outter_external_ip";
case LDBC_METHOD_HASH_INT_IP_AND_EXT_IP:
return "outter_internal_ip_and_external_ip";
case LDBC_METHOD_HASH_INNERMOST_INT_IP:
return "inner_internal_ip";
case LDBC_METHOD_HASH_INNERMOST_EXT_IP:
return "inner_external_ip";
default:
return "unknown";
}
}
static void set_addr_tuple4(const void *data, enum layer_type layer_type, struct addr_tuple4 *addr)
{
const struct tcphdr *tcp_hdr = NULL;

63
common/src/utils.cpp Normal file
View File

@@ -0,0 +1,63 @@
#include <string.h>
#include <assert.h>
#include "utils.h"
#include "log.h"
void fixed_num_array_init(struct fixed_num_array *array)
{
memset(array, 0, sizeof(fixed_num_array));
array->num = 0;
array->size = sizeof(array->elems) / sizeof(array->elems[0]);
}
void fixed_num_array_add_elem(struct fixed_num_array *array, int elem)
{
if (array->num < array->size)
{
array->elems[array->num] = elem;
array->num++;
}
else
{
LOG_ERROR("%s: fixed num array add elem too much !!!", LOG_TAG_UTILS);
}
}
void fixed_num_array_del_elem(struct fixed_num_array *array, int elem)
{
for (int i = 0; i < array->num; i++)
{
if (array->elems[i] == elem)
{
if (i + 1 != array->size)
{
memmove(&(array->elems[i]), &(array->elems[i + 1]), sizeof(array->elems[0]) * (array->num - i - 1));
}
i--;
array->num--;
}
}
}
int fixed_num_array_count_elem(struct fixed_num_array *array)
{
if (array)
{
return array->num;
}
else
{
return 0;
}
}
int fixed_num_array_index_elem(struct fixed_num_array *array, int index)
{
if (index >= array->num)
{
assert(0);
}
return array->elems[index];
}

11
common/test/CMakeLists.txt
View File

@@ -22,6 +22,14 @@ add_executable(gtest_raw_packet gtest_raw_packet.cpp)
target_include_directories(gtest_raw_packet PUBLIC ${CMAKE_SOURCE_DIR}/common/include)
target_link_libraries(gtest_raw_packet common gtest)
###############################################################################
# gtest_utils
###############################################################################
add_executable(gtest_utils gtest_utils.cpp)
target_include_directories(gtest_utils PUBLIC ${CMAKE_SOURCE_DIR}/common/include)
target_link_libraries(gtest_utils common gtest)
###############################################################################
# gtest_discover_tests
###############################################################################
@@ -29,4 +37,5 @@ target_link_libraries(gtest_raw_packet common gtest)
include(GoogleTest)
gtest_discover_tests(gtest_addr_tuple4)
gtest_discover_tests(gtest_session_table)
gtest_discover_tests(gtest_raw_packet)
gtest_discover_tests(gtest_raw_packet)
gtest_discover_tests(gtest_utils)

21
common/test/gtest_raw_packet.cpp
View File

@@ -1371,6 +1371,27 @@ TEST(RAW_PACKET, ETH_MPLS_MPLS_PWETHCW_ETH_ARP)
raw_packet_parser_destory(handler);
}
TEST(RAW_PACKET, GET_HASH_VALUE)
{
struct raw_pkt_parser *handler = raw_packet_parser_create(LAYER_TYPE_ALL, 8);
EXPECT_TRUE(handler != nullptr);
const void *payload = raw_packet_parser_parse(handler, (const void *)data4, sizeof(data4));
EXPECT_TRUE(payload != nullptr);
EXPECT_TRUE((char *)payload - (char *)&data4 == 106);
// inner_addr_str: "2001:da8:200:900e:200:5efe:d24d:58a3 0 2600:140e:6::1702:1058 0"
// outer_addr_str: "210.77.88.163 0 59.66.4.50 0"
EXPECT_TRUE(raw_packet_parser_get_hash_value(handler, LDBC_METHOD_HASH_INT_IP, 1) == raw_packet_parser_get_hash_value(handler, LDBC_METHOD_HASH_EXT_IP, 0));
EXPECT_TRUE(raw_packet_parser_get_hash_value(handler, LDBC_METHOD_HASH_EXT_IP, 1) == raw_packet_parser_get_hash_value(handler, LDBC_METHOD_HASH_INT_IP, 0));
EXPECT_TRUE(raw_packet_parser_get_hash_value(handler, LDBC_METHOD_HASH_INT_IP_AND_EXT_IP, 1) == raw_packet_parser_get_hash_value(handler, LDBC_METHOD_HASH_INT_IP_AND_EXT_IP, 0));
EXPECT_TRUE(raw_packet_parser_get_hash_value(handler, LDBC_METHOD_HASH_INNERMOST_INT_IP, 1) == raw_packet_parser_get_hash_value(handler, LDBC_METHOD_HASH_INNERMOST_EXT_IP, 0));
raw_packet_parser_destory(handler);
}
int main(int argc, char **argv)
{
::testing::InitGoogleTest(&argc, argv);

43
common/test/gtest_utils.cpp Normal file
View File

@@ -0,0 +1,43 @@
#include <gtest/gtest.h>
#include "utils.h"
TEST(UTILS, FIXED_NUM_ARRAY)
{
struct fixed_num_array array;
fixed_num_array_init(&array);
fixed_num_array_add_elem(&array, 1);
fixed_num_array_add_elem(&array, 2);
fixed_num_array_add_elem(&array, 3);
fixed_num_array_add_elem(&array, 1);
fixed_num_array_add_elem(&array, 2);
EXPECT_TRUE(fixed_num_array_count_elem(&array) == 5);
EXPECT_TRUE(fixed_num_array_index_elem(&array, 0) == 1);
EXPECT_TRUE(fixed_num_array_index_elem(&array, 1) == 2);
EXPECT_TRUE(fixed_num_array_index_elem(&array, 2) == 3);
EXPECT_TRUE(fixed_num_array_index_elem(&array, 3) == 1);
EXPECT_TRUE(fixed_num_array_index_elem(&array, 4) == 2);
fixed_num_array_del_elem(&array, 3); // 1,2,1,2
EXPECT_TRUE(fixed_num_array_count_elem(&array) == 4);
EXPECT_TRUE(fixed_num_array_index_elem(&array, 0) == 1);
EXPECT_TRUE(fixed_num_array_index_elem(&array, 1) == 2);
EXPECT_TRUE(fixed_num_array_index_elem(&array, 2) == 1);
EXPECT_TRUE(fixed_num_array_index_elem(&array, 3) == 2);
fixed_num_array_del_elem(&array, 2); // 1,1
EXPECT_TRUE(fixed_num_array_count_elem(&array) == 2);
EXPECT_TRUE(fixed_num_array_index_elem(&array, 0) == 1);
EXPECT_TRUE(fixed_num_array_index_elem(&array, 1) == 1);
fixed_num_array_del_elem(&array, 1);
EXPECT_TRUE(fixed_num_array_count_elem(&array) == 0);
}
int main(int argc, char **argv)
{
::testing::InitGoogleTest(&argc, argv);
return RUN_ALL_TESTS();
}

1
conf/CMakeLists.txt Normal file
View File

@@ -0,0 +1 @@
install(FILES sce.conf DESTINATION conf COMPONENT Profile)

21
conf/sce.conf Normal file
View File

@@ -0,0 +1,21 @@
[system]
nr_worker_threads=8
[maat]
# 0:json 1:redis 2:iris
input_mode=1
stat_switch=1
perf_switch=1
scan_detail=0
deferred_load=0
effect_interval_ms=1000
stat_file=log/sce.fs2
table_info=resource/table_info.conf
accept_path=/opt/tsg/etc/tsg_device_tag.json
inc_cfg_dir=resource/inc/
ful_cfg_dir=resource/ful/
json_cfg_file=resource/sce.json
foreign_cont_dir=resource/foreign_files
redis_db_idx=0
redis_server=127.0.0.1
redis_port_range=6379

21
platform/CMakeLists.txt
View File

@@ -1,11 +1,14 @@
add_executable(sce src/main.cpp src/policy.cpp)
add_library(platform src/policy.cpp src/health_check.cpp)
target_link_libraries(platform PUBLIC common)
target_link_libraries(platform PUBLIC pthread)
target_link_libraries(platform PUBLIC MESA_handle_logger)
target_link_libraries(platform PUBLIC MESA_prof_load)
target_link_libraries(platform PUBLIC maatframe)
target_link_libraries(platform PUBLIC cjson)
target_include_directories(platform PUBLIC ${CMAKE_CURRENT_LIST_DIR}/include/)
target_include_directories(sce PUBLIC ${CMAKE_CURRENT_LIST_DIR}/include/)
target_link_libraries(sce PUBLIC common)
target_link_libraries(sce PUBLIC pthread)
target_link_libraries(sce PUBLIC MESA_handle_logger)
target_link_libraries(sce PUBLIC MESA_prof_load)
target_link_libraries(sce PUBLIC maatframe)
target_link_libraries(sce PUBLIC cjson)
add_executable(sce src/main.cpp)
target_link_libraries(sce PUBLIC platform)
install(TARGETS sce RUNTIME DESTINATION bin COMPONENT Program)
install(TARGETS sce RUNTIME DESTINATION bin COMPONENT Program)
add_subdirectory(test)

37
platform/include/health_check.h Normal file
View File

@@ -0,0 +1,37 @@
#ifndef _HEALTH_CHECK_H
#define _HEALTH_CHECK_H
#ifdef __cpluscplus
extern "C"
{
#endif
#include "policy.h"
void health_check_session_init();
// return 0 : success
// return -1 : key exist
// struct health_check *policy : need deep copy
int health_check_session_add(int session_id, const struct health_check *policy);
// return 0 : success
// return -1 : key not exist
int health_check_session_del(int session_id);
// return 1 : active
// return 0 : inactive
// return -1 : key not exist
int health_check_session_get_status(int session_id);
// return 0 : success
// return -1 : key not exist
int health_check_session_set_status(int session_id, int is_active);
void health_check_session_foreach();
#ifdef __cpluscplus
}
#endif
#endif

125
platform/include/policy.h Normal file
View File

@@ -0,0 +1,125 @@
#ifndef _POLICY_H
#define _POLICY_H
#ifdef __cpluscplus
extern "C"
{
#endif
#include "raw_packet.h"
enum traffic_type
{
TRAFFIC_TYPE_NONE = 0,
TRAFFIC_TYPE_RAW = 1,
TRAFFIC_TYPE_DECRYPTED = 2,
};
enum forward_type
{
FORWARD_TYPE_NONE = 0,
FORWARD_TYPE_STEERING = 1,
FORWARD_TYPE_MIRRORING = 2,
};
enum session_action
{
SESSION_ACTION_BYPASS = 0,
SESSION_ACTION_FORWARD = 1,
SESSION_ACTION_BLOCK = 2,
};
enum session_action_reason
{
ACTION_BYPASS_DUE_DEFAULT = 0x00,
ACTION_BYPASS_DUE_NO_AVAILABLE_SF = 0x11,
ACTION_BYPASS_DUE_HEALTH_SF_LIMIT = 0x12,
ACTION_BYPASS_DUE_UNAVAILABLE_ACTION = 0x13,
ACTION_BYPASS_DUE_FAILURE_ACTION = 0x14,
ACTION_BYPASS_DUE_INVALID_POLICY = 0x15,
ACTION_BLOCK_DUE_UNAVAILABLE_ACTION = 0x21,
ACTION_BLOCK_DUE_FAILURE_ACTION = 0x22,
ACTION_FORWAED_DUE_SELECTED_AVAILABLE_SF = 0x31,
};
enum package_method
{
PACKAGE_METHOD_NONE = 0,
PACKAGE_METHOD_LAYER2_SWITCH = 1,
PACKAGE_METHOD_LAYER3_SWITCH = 2,
PACKAGE_METHOD_VXLAN_G = 3,
};
enum health_check_method
{
HEALTH_CHECK_METHOD_NONE = 0,
HEALTH_CHECK_METHOD_IN_BAND_BFD = 1,
HEALTH_CHECK_METHOD_BFD = 2,
HEALTH_CHECK_METHOD_HTTP = 3,
};
struct health_check
{
enum health_check_method method;
char url[128];
char address[64];
int port;
int retires;
int interval_ms;
};
struct connectivity
{
enum package_method method;
int int_vlan_tag;
int ext_vlan_tag;
char dest_ip[64];
};
struct selected_sf
{
int sff_profile_id;
enum forward_type sff_forward_type;
int sf_profile_id;
enum session_action sf_action;
enum session_action_reason sf_action_reason;
struct connectivity sf_connectivity;
};
struct selected_chaining
{
int policy_id;
enum traffic_type traffic_type;
struct selected_sf *chaining;
int chaining_size;
int chaining_index;
};
// return NULL : error
// return !NULL : success
struct policy_enforcer *policy_enforcer_create(const char *instance, const char *profile, int thread_num, void *logger);
void policy_enforcer_destory(struct policy_enforcer *enforcer);
// return 0 : success
// return -1 : error
int policy_enforcer_register(struct policy_enforcer *enforcer);
struct selected_chaining *selected_chaining_create(int chaining_size);
void selected_chaining_destory(struct selected_chaining *chaining);
void selected_chaining_dump(struct selected_chaining *chaining);
void selected_chaining_bref(struct selected_chaining *chaining);
// return value need be free by selected_chaining_destory()
struct selected_chaining *policy_enforce_select_chaining(struct policy_enforcer *enforcer, struct raw_pkt_parser *parser, int policy_id, int dir_is_internal);
#ifdef __cpluscplus
}
#endif
#endif

65
platform/src/health_check.cpp Normal file
View File

@@ -0,0 +1,65 @@
#include <string.h>
#include "health_check.h"
struct session_table
{
// rwlock ???;
// handler;
};
static struct session_table g_handle;
struct session_iterm
{
int session_id; // key
struct health_check policy; // value1: deep copy
int is_active; // value2
};
void health_check_session_init()
{
memset(&g_handle, 0, sizeof(g_handle));
// TODO
}
// return 0 : success
// return -1 : key exist
// struct health_check *policy : need deep copy
int health_check_session_add(int session_id, const struct health_check *policy)
{
// TODO
return 0;
}
// return 0 : success
// return -1 : key not exist
int health_check_session_del(int session_id)
{
// TODO
return 0;
}
// return 1 : active
// return 0 : inactive
// return -1 : key not exist
int health_check_session_get_status(int session_id)
{
// TODO
return 1;
}
// return 0 : success
// return -1 : key not exist
int health_check_session_set_status(int session_id, int is_active)
{
// TODO
return 0;
}
void health_check_session_foreach()
{
// TODO
}

1479
platform/src/policy.cpp Normal file
View File

File diff suppressed because it is too large Load Diff

17
platform/test/CMakeLists.txt Normal file
View File

@@ -0,0 +1,17 @@
###############################################################################
# gtest_policy
###############################################################################
add_executable(gtest_policy gtest_policy.cpp)
target_include_directories(gtest_policy PUBLIC ${CMAKE_SOURCE_DIR}/common/include)
target_include_directories(gtest_policy PUBLIC ${CMAKE_SOURCE_DIR}/platform/include)
target_link_libraries(gtest_policy common platform gtest)
###############################################################################
# gtest_discover_tests
###############################################################################
include(GoogleTest)
gtest_discover_tests(gtest_policy)
file(COPY ./test_resource/ DESTINATION ./test_resource/)

54
platform/test/gtest_policy.cpp Normal file
View File

@@ -0,0 +1,54 @@
#include <gtest/gtest.h>
#include "policy.h"
#include "raw_packet.h"
unsigned char data1[] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0xa4, 0xc6, 0x4f, 0x3b, 0xb3, 0x9a, 0x81, 0x00, 0x66, 0x58, 0x81, 0x00, 0x61, 0xf9, 0x08, 0x00, 0x45, 0xb8, 0x00, 0x94,
0xe8, 0x58, 0x00, 0x00, 0xff, 0x04, 0x11, 0x48, 0x45, 0x43, 0x23, 0x92, 0x29, 0xca, 0x2e, 0x6e, 0x45, 0xb8, 0x00, 0x80, 0x00, 0x01, 0x00, 0x00, 0xfe, 0x11,
0xde, 0x84, 0x0a, 0x0a, 0x64, 0x19, 0x0a, 0x0a, 0x65, 0x02, 0xf3, 0x9f, 0x42, 0x68, 0x00, 0x6c, 0x4b, 0x9a, 0x00, 0x02, 0x00, 0x00, 0x04, 0x73, 0x6c, 0x10,
0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd,
0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd,
0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd,
0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd};
TEST(POLICY, SELECTED_CHAINING_LIFE_CYCLE)
{
struct selected_chaining *chaining = NULL;
chaining = selected_chaining_create(128);
EXPECT_TRUE(chaining != nullptr);
selected_chaining_destory(chaining);
}
TEST(POLICY, POLICY_ENFORCER_LIFE_CYCLE)
{
struct raw_pkt_parser *parser = raw_packet_parser_create(LAYER_TYPE_ALL, 8);
EXPECT_TRUE(parser != nullptr);
const void *payload = raw_packet_parser_parse(parser, (const void *)data1, sizeof(data1));
EXPECT_TRUE(payload != nullptr);
EXPECT_TRUE((char *)payload - (char *)&data1 == 70);
const char *profile = "./test_resource/sce.conf";
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8, NULL);
EXPECT_TRUE(enforcer != nullptr);
EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);
int policy_id = 2;
int dir_is_internal = 1;
struct selected_chaining *chaining = policy_enforce_select_chaining(enforcer, parser, policy_id, dir_is_internal);
EXPECT_TRUE(chaining != nullptr);
selected_chaining_dump(chaining);
selected_chaining_bref(chaining);
selected_chaining_destory(chaining);
policy_enforcer_destory(enforcer);
raw_packet_parser_destory(parser);
}
int main(int argc, char **argv)
{
::testing::InitGoogleTest(&argc, argv);
return RUN_ALL_TESTS();
}

21
platform/test/test_resource/sce.conf Normal file
View File

@@ -0,0 +1,21 @@
[system]
nr_worker_threads=8
[maat]
# 0:json 1:redis 2:iris
input_mode=0
stat_switch=1
perf_switch=1
scan_detail=0
deferred_load=0
effect_interval_ms=1000
stat_file=./sce.fs2
table_info=test_resource/table_info.conf
accept_path=/opt/tsg/etc/tsg_device_tag.json
inc_cfg_dir=test_resource/inc/
ful_cfg_dir=test_resource/ful/
json_cfg_file=test_resource/sce.json
foreign_cont_dir=test_resource/foreign_files
redis_db_idx=0
redis_server=127.0.0.1
redis_port_range=6379

41
platform/test/test_resource/sce.json Normal file
View File

@@ -0,0 +1,41 @@
{
"plugin_table": [
{
"table_name": "SERVICE_FUNCTION_PROFILE",
"table_content": [
"1\tdevice_group_a\t1\t{\"method\":\"vxlan_g\",\"dest_ip\":\"1.1.1.1\"}\t{\"method\":\"none\"}\t1",
"2\tdevice_group_a\t1\t{\"method\":\"vxlan_g\",\"dest_ip\":\"1.1.1.1\"}\t{\"method\":\"bfd\",\"address\":\"1.2.3.4\",\"port\":\"10000\",\"interval_ms\":100,\"retires\":5}\t1",
"3\tdevice_group_a\t1\t{\"method\":\"vxlan_g\",\"dest_ip\":\"1.1.1.1\"}\t{\"method\":\"in_band_bfd\",\"address\":\"1.2.3.4\",\"port\":\"10000\",\"interval_ms\":100,\"retires\":5}\t1",
"4\tdevice_group_a\t1\t{\"method\":\"vxlan_g\",\"dest_ip\":\"1.1.1.1\"}\t{\"method\":\"http\",\"url\":\"http://192.168.100.1:8080/health_check.index\",\"interval_ms\":100,\"retires\":5}\t1",
"5\tdevice_group_a\t1\t{\"method\":\"layer2_switch\",\"int_vlan_tag\":10,\"ext_vlan_tag\":5}\t{\"method\":\"none\"}\t1",
"6\tdevice_group_a\t1\t{\"method\":\"layer3_switch\",\"int_vlan_tag\":10,\"ext_vlan_tag\":5}\t{\"method\":\"none\"}\t1",
"7\tdevice_group_a\t0\t{\"method\":\"layer3_switch\",\"int_vlan_tag\":10,\"ext_vlan_tag\":5}\t{\"method\":\"none\"}\t1",
"8\tdevice_group_b\t0\t{\"method\":\"layer3_switch\",\"int_vlan_tag\":10,\"ext_vlan_tag\":5}\t{\"method\":\"none\"}\t1"
]
},
{
"table_name": "SERVICE_FUNCTION_FORWARDER_PROFILE",
"table_content": [
"1\t1\thash-int-ip\tnearby\tbypass\tnull\t[1]\t1",
"2\t1\thash-int-ip\tnearby\tbypass\tnull\t[1,2,3,4,5,6,7,8]\t1",
"3\t1\thash-int-ip\tnearby\tblock\tnull\t[1]\t1",
"4\t1\thash-int-ip\tnearby\tre-dispatch\t{\"action\":\"bypass\",\"health_service_func_lt\":2}\t[1,2,3]\t1",
"5\t1\thash-int-ip\tnearby\tre-dispatch\t{\"action\":\"block\"}\t[1,2,3]\t1",
"6\t1\thash-int-ip\tglobal\tblock\tnull\t[1]\t1",
"7\t1\thash-ext-ip\tglobal\tblock\tnull\t[1]\t1",
"8\t1\thash-int-ip-and-ext-ip\tglobal\tblock\tnull\t[1]\t1",
"9\t1\thash-innermost-int-ip\tglobal\tblock\tnull\t[1]\t1",
"10\t2\thash-innermost-int-ip\tglobal\tblock\tnull\t[1]\t1"
]
},
{
"table_name": "SERVICE_CHAINING_COMPILE",
"table_content": [
"1\t0\t2\t1\t1\t{}\t{\"targeted_traffic\":\"raw\",\"sff_profiles\":[1]}\t1\t2",
"2\t0\t2\t1\t1\t{}\t{\"targeted_traffic\":\"raw\",\"sff_profiles\":[1,2,3,4,5,6,7,8,9,10]}\t1\t2",
"11\t0\t2\t1\t1\t{}\t{\"targeted_traffic\":\"decrypted\",\"sff_profiles\":[1]}\t1\t2",
"12\t0\t2\t1\t1\t{}\t{\"targeted_traffic\":\"decrypted\",\"sff_profiles\":[1,2,3,4,5,6,7,8,9,10]}\t1\t2"
]
}
]
}

3
platform/test/test_resource/table_info.conf Normal file
View File

@@ -0,0 +1,3 @@
0 SERVICE_CHAINING_COMPILE plugin {"key":1,"valid":8}
1 SERVICE_FUNCTION_FORWARDER_PROFILE plugin {"key":1,"valid":8}
2 SERVICE_FUNCTION_PROFILE plugin {"key":1,"valid":6}

41
resource/sce.json Normal file
View File

@@ -0,0 +1,41 @@
{
"plugin_table": [
{
"table_name": "SERVICE_FUNCTION_PROFILE",
"table_content": [
"1\tdevice_group_a\t1\t{\"method\":\"vxlan_g\",\"dest_ip\":\"1.1.1.1\"}\t{\"method\":\"none\"}\t1",
"2\tdevice_group_a\t1\t{\"method\":\"vxlan_g\",\"dest_ip\":\"1.1.1.1\"}\t{\"method\":\"bfd\",\"address\":\"1.2.3.4\",\"port\":\"10000\",\"interval_ms\":100,\"retires\":5}\t1",
"3\tdevice_group_a\t1\t{\"method\":\"vxlan_g\",\"dest_ip\":\"1.1.1.1\"}\t{\"method\":\"in_band_bfd\",\"address\":\"1.2.3.4\",\"port\":\"10000\",\"interval_ms\":100,\"retires\":5}\t1",
"4\tdevice_group_a\t1\t{\"method\":\"vxlan_g\",\"dest_ip\":\"1.1.1.1\"}\t{\"method\":\"http\",\"url\":\"http://192.168.100.1:8080/health_check.index\",\"interval_ms\":100,\"retires\":5}\t1",
"5\tdevice_group_a\t1\t{\"method\":\"layer2_switch\",\"int_vlan_tag\":10,\"ext_vlan_tag\":5}\t{\"method\":\"none\"}\t1",
"6\tdevice_group_a\t1\t{\"method\":\"layer3_switch\",\"int_vlan_tag\":10,\"ext_vlan_tag\":5}\t{\"method\":\"none\"}\t1",
"7\tdevice_group_a\t0\t{\"method\":\"layer3_switch\",\"int_vlan_tag\":10,\"ext_vlan_tag\":5}\t{\"method\":\"none\"}\t1",
"8\tdevice_group_b\t0\t{\"method\":\"layer3_switch\",\"int_vlan_tag\":10,\"ext_vlan_tag\":5}\t{\"method\":\"none\"}\t1"
]
},
{
"table_name": "SERVICE_FUNCTION_FORWARDER_PROFILE",
"table_content": [
"1\t1\thash-int-ip\tnearby\tbypass\tnull\t[1]\t1",
"2\t1\thash-int-ip\tnearby\tbypass\tnull\t[1,2,3,4,5,6,7,8]\t1",
"3\t1\thash-int-ip\tnearby\tblock\tnull\t[1]\t1",
"4\t1\thash-int-ip\tnearby\tre-dispatch\t{\"action\":\"bypass\",\"health_service_func_lt\":2}\t[1,2,3]\t1",
"5\t1\thash-int-ip\tnearby\tre-dispatch\t{\"action\":\"block\"}\t[1,2,3]\t1",
"6\t1\thash-int-ip\tglobal\tblock\tnull\t[1]\t1",
"7\t1\thash-ext-ip\tglobal\tblock\tnull\t[1]\t1",
"8\t1\thash-int-ip-and-ext-ip\tglobal\tblock\tnull\t[1]\t1",
"9\t1\thash-innermost-int-ip\tglobal\tblock\tnull\t[1]\t1",
"10\t2\thash-innermost-int-ip\tglobal\tblock\tnull\t[1]\t1"
]
},
{
"table_name": "SERVICE_CHAINING_COMPILE",
"table_content": [
"1\t0\t2\t1\t1\t{}\t{\"targeted_traffic\":\"raw\",\"sff_profiles\":[1]}\t1\t2",
"2\t0\t2\t1\t1\t{}\t{\"targeted_traffic\":\"raw\",\"sff_profiles\":[1,2,3,4,5,6,7,8,9,10]}\t1\t2",
"11\t0\t2\t1\t1\t{}\t{\"targeted_traffic\":\"decrypted\",\"sff_profiles\":[1]}\t1\t2",
"12\t0\t2\t1\t1\t{}\t{\"targeted_traffic\":\"decrypted\",\"sff_profiles\":[1,2,3,4,5,6,7,8,9,10]}\t1\t2"
]
}
]
}

3
resource/table_info.conf Normal file
View File

@@ -0,0 +1,3 @@
0 SERVICE_CHAINING_COMPILE plugin {"key":1,"valid":8}
1 SERVICE_FUNCTION_FORWARDER_PROFILE plugin {"key":1,"valid":8}
2 SERVICE_FUNCTION_PROFILE plugin {"key":1,"valid":6}