gfwleak/tango-tsg-service-chaining-engine
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

perf: 删除无效代码;修改变量命名;减少内存分配

Browse Source
This commit is contained in:
luwenpeng
2023-11-23 16:52:06 +08:00
parent cbac7fea29
commit bda50d79af
19 changed files with 2937 additions and 472 deletions
Download Patch File Download Diff File Expand all files Collapse all files

339
platform/test/gtest_policy.cpp
View File

@@ -178,31 +178,30 @@ TEST(POLICY, POLICY_ENFORCER_RAW_TRAFFIC1)
EXPECT_TRUE((char *)payload - (char *)&data1 == 70);
const char *profile = "./test_resource/sce.conf";
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8, NULL);
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8);
EXPECT_TRUE(enforcer != nullptr);
EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);
int dir_is_i2e = 1;
struct selected_chainings chainings;
chainings.chaining_raw = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 1, dir_is_i2e);
int direction = 1;
s_ctx.chaining_raw = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 1, direction);
/*
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 1, sff_profile_id 1, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action
*/
EXPECT_TRUE(chainings.chaining_raw->chaining_used == 1);
EXPECT_TRUE(s_ctx.chaining_raw->chaining_used == 1);
EXPECT_TRUE(chainings.chaining_raw->chaining[0].rule_id == 1);
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sff_profile_id == 1);
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sf_profile_id == -1);
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sf_action == SESSION_ACTION_BYPASS);
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].rule_id == 1);
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sff_profile_id == 1);
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_profile_id == -1);
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action == SESSION_ACTION_BYPASS);
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
selected_chaining_dump(chainings.chaining_raw);
selected_chaining_bref(chainings.chaining_raw);
selected_chaining_destory(chainings.chaining_raw);
selected_chaining_dump(s_ctx.chaining_raw);
selected_chaining_bref(s_ctx.chaining_raw);
selected_chaining_destory(s_ctx.chaining_raw);
printf("Before Sleep\n");
sleep(1);
@@ -231,14 +230,13 @@ TEST(POLICY, POLICY_ENFORCER_RAW_TRAFFIC2)
EXPECT_TRUE((char *)payload - (char *)&data1 == 70);
const char *profile = "./test_resource/sce.conf";
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8, NULL);
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8);
EXPECT_TRUE(enforcer != nullptr);
EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);
int dir_is_i2e = 1;
struct selected_chainings chainings;
chainings.chaining_raw = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 2, dir_is_i2e);
int direction = 1;
s_ctx.chaining_raw = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 2, direction);
/*
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
@@ -274,29 +272,29 @@ TEST(POLICY, POLICY_ENFORCER_RAW_TRAFFIC2)
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 10, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
*/
EXPECT_TRUE(chainings.chaining_raw->chaining_used == 3);
EXPECT_TRUE(s_ctx.chaining_raw->chaining_used == 3);
EXPECT_TRUE(chainings.chaining_raw->chaining[0].rule_id == 2);
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sff_profile_id == 1);
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sf_profile_id == -1);
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sf_action == SESSION_ACTION_BYPASS);
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].rule_id == 2);
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sff_profile_id == 1);
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_profile_id == -1);
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action == SESSION_ACTION_BYPASS);
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
EXPECT_TRUE(chainings.chaining_raw->chaining[1].rule_id == 2);
EXPECT_TRUE(chainings.chaining_raw->chaining[1].sff_profile_id == 3);
EXPECT_TRUE(chainings.chaining_raw->chaining[1].sf_profile_id == -1);
EXPECT_TRUE(chainings.chaining_raw->chaining[1].sf_action == SESSION_ACTION_BLOCK);
EXPECT_TRUE(chainings.chaining_raw->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].rule_id == 2);
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sff_profile_id == 3);
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_profile_id == -1);
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_action == SESSION_ACTION_BLOCK);
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
EXPECT_TRUE(chainings.chaining_raw->chaining[2].rule_id == 2);
EXPECT_TRUE(chainings.chaining_raw->chaining[2].sff_profile_id == 6);
EXPECT_TRUE(chainings.chaining_raw->chaining[2].sf_profile_id == 1);
EXPECT_TRUE(chainings.chaining_raw->chaining[2].sf_action == SESSION_ACTION_BLOCK);
EXPECT_TRUE(chainings.chaining_raw->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].rule_id == 2);
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sff_profile_id == 6);
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_profile_id == 1);
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_action == SESSION_ACTION_BLOCK);
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
selected_chaining_dump(chainings.chaining_raw);
selected_chaining_bref(chainings.chaining_raw);
selected_chaining_destory(chainings.chaining_raw);
selected_chaining_dump(s_ctx.chaining_raw);
selected_chaining_bref(s_ctx.chaining_raw);
selected_chaining_destory(s_ctx.chaining_raw);
printf("Before Sleep\n");
sleep(1);
@@ -325,15 +323,14 @@ TEST(POLICY, POLICY_ENFORCER_RAW_TRAFFIC_MUTIL_HITS)
EXPECT_TRUE((char *)payload - (char *)&data1 == 70);
const char *profile = "./test_resource/sce.conf";
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8, NULL);
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8);
EXPECT_TRUE(enforcer != nullptr);
EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);
int dir_is_i2e = 1;
struct selected_chainings chainings;
chainings.chaining_raw = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 1, dir_is_i2e);
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 2, dir_is_i2e);
int direction = 1;
s_ctx.chaining_raw = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 1, direction);
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 2, direction);
/*
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 1
@@ -373,29 +370,29 @@ TEST(POLICY, POLICY_ENFORCER_RAW_TRAFFIC_MUTIL_HITS)
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 10, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
*/
EXPECT_TRUE(chainings.chaining_raw->chaining_used == 3);
EXPECT_TRUE(s_ctx.chaining_raw->chaining_used == 3);
EXPECT_TRUE(chainings.chaining_raw->chaining[0].rule_id == 1);
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sff_profile_id == 1);
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sf_profile_id == -1);
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sf_action == SESSION_ACTION_BYPASS);
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].rule_id == 1);
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sff_profile_id == 1);
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_profile_id == -1);
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action == SESSION_ACTION_BYPASS);
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
EXPECT_TRUE(chainings.chaining_raw->chaining[1].rule_id == 2);
EXPECT_TRUE(chainings.chaining_raw->chaining[1].sff_profile_id == 3);
EXPECT_TRUE(chainings.chaining_raw->chaining[1].sf_profile_id == -1);
EXPECT_TRUE(chainings.chaining_raw->chaining[1].sf_action == SESSION_ACTION_BLOCK);
EXPECT_TRUE(chainings.chaining_raw->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].rule_id == 2);
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sff_profile_id == 3);
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_profile_id == -1);
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_action == SESSION_ACTION_BLOCK);
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
EXPECT_TRUE(chainings.chaining_raw->chaining[2].rule_id == 2);
EXPECT_TRUE(chainings.chaining_raw->chaining[2].sff_profile_id == 6);
EXPECT_TRUE(chainings.chaining_raw->chaining[2].sf_profile_id == 1);
EXPECT_TRUE(chainings.chaining_raw->chaining[2].sf_action == SESSION_ACTION_BLOCK);
EXPECT_TRUE(chainings.chaining_raw->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].rule_id == 2);
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sff_profile_id == 6);
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_profile_id == 1);
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_action == SESSION_ACTION_BLOCK);
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
selected_chaining_dump(chainings.chaining_raw);
selected_chaining_bref(chainings.chaining_raw);
selected_chaining_destory(chainings.chaining_raw);
selected_chaining_dump(s_ctx.chaining_raw);
selected_chaining_bref(s_ctx.chaining_raw);
selected_chaining_destory(s_ctx.chaining_raw);
printf("Before Sleep\n");
sleep(1);
@@ -424,14 +421,13 @@ TEST(POLICY, POLICY_ENFORCER_DECRYPTED_TRAFFIC1)
EXPECT_TRUE((char *)payload - (char *)&data1 == 70);
const char *profile = "./test_resource/sce.conf";
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8, NULL);
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8);
EXPECT_TRUE(enforcer != nullptr);
EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);
int dir_is_i2e = 1;
struct selected_chainings chainings;
chainings.chaining_decrypted = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 11, dir_is_i2e);
int direction = 1;
s_ctx.chaining_decrypted = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 11, direction);
/*
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 11
@@ -439,17 +435,17 @@ TEST(POLICY, POLICY_ENFORCER_DECRYPTED_TRAFFIC1)
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 11, sff_profile_id 1, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action
*/
EXPECT_TRUE(chainings.chaining_decrypted->chaining_used == 1);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining_used == 1);
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].rule_id == 11);
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sff_profile_id == 1);
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sf_profile_id == -1);
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sf_action == SESSION_ACTION_BYPASS);
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].rule_id == 11);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sff_profile_id == 1);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_profile_id == -1);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action == SESSION_ACTION_BYPASS);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
selected_chaining_dump(chainings.chaining_decrypted);
selected_chaining_bref(chainings.chaining_decrypted);
selected_chaining_destory(chainings.chaining_decrypted);
selected_chaining_dump(s_ctx.chaining_decrypted);
selected_chaining_bref(s_ctx.chaining_decrypted);
selected_chaining_destory(s_ctx.chaining_decrypted);
printf("Before Sleep\n");
sleep(1);
@@ -478,14 +474,13 @@ TEST(POLICY, POLICY_ENFORCER_DECRYPTED_TRAFFIC2)
EXPECT_TRUE((char *)payload - (char *)&data1 == 70);
const char *profile = "./test_resource/sce.conf";
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8, NULL);
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8);
EXPECT_TRUE(enforcer != nullptr);
EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);
int dir_is_i2e = 1;
struct selected_chainings chainings;
chainings.chaining_decrypted = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 12, dir_is_i2e);
int direction = 1;
s_ctx.chaining_decrypted = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 12, direction);
/*
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12
@@ -522,29 +517,29 @@ TEST(POLICY, POLICY_ENFORCER_DECRYPTED_TRAFFIC2)
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 10, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
*/
EXPECT_TRUE(chainings.chaining_decrypted->chaining_used == 3);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining_used == 3);
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].rule_id == 12);
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sff_profile_id == 1);
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sf_profile_id == -1);
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sf_action == SESSION_ACTION_BYPASS);
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].rule_id == 12);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sff_profile_id == 1);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_profile_id == -1);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action == SESSION_ACTION_BYPASS);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].rule_id == 12);
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].sff_profile_id == 3);
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].sf_profile_id == -1);
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].sf_action == SESSION_ACTION_BLOCK);
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].rule_id == 12);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sff_profile_id == 3);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_profile_id == -1);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_action == SESSION_ACTION_BLOCK);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].rule_id == 12);
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].sff_profile_id == 6);
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].sf_profile_id == 1);
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].sf_action == SESSION_ACTION_BLOCK);
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].rule_id == 12);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sff_profile_id == 6);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_profile_id == 1);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_action == SESSION_ACTION_BLOCK);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
selected_chaining_dump(chainings.chaining_decrypted);
selected_chaining_bref(chainings.chaining_decrypted);
selected_chaining_destory(chainings.chaining_decrypted);
selected_chaining_dump(s_ctx.chaining_decrypted);
selected_chaining_bref(s_ctx.chaining_decrypted);
selected_chaining_destory(s_ctx.chaining_decrypted);
printf("Before Sleep\n");
sleep(1);
@@ -573,15 +568,14 @@ TEST(POLICY, POLICY_ENFORCER_DECRYPTED_TRAFFIC_MUTIL_HITS)
EXPECT_TRUE((char *)payload - (char *)&data1 == 70);
const char *profile = "./test_resource/sce.conf";
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8, NULL);
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8);
EXPECT_TRUE(enforcer != nullptr);
EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);
int dir_is_i2e = 1;
struct selected_chainings chainings;
chainings.chaining_decrypted = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 11, dir_is_i2e);
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 12, dir_is_i2e);
int direction = 1;
s_ctx.chaining_decrypted = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 11, direction);
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 12, direction);
/*
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 11
@@ -621,29 +615,29 @@ TEST(POLICY, POLICY_ENFORCER_DECRYPTED_TRAFFIC_MUTIL_HITS)
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 10, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
*/
EXPECT_TRUE(chainings.chaining_decrypted->chaining_used == 3);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining_used == 3);
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].rule_id == 11);
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sff_profile_id == 1);
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sf_profile_id == -1);
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sf_action == SESSION_ACTION_BYPASS);
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].rule_id == 11);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sff_profile_id == 1);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_profile_id == -1);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action == SESSION_ACTION_BYPASS);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].rule_id == 12);
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].sff_profile_id == 3);
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].sf_profile_id == -1);
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].sf_action == SESSION_ACTION_BLOCK);
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].rule_id == 12);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sff_profile_id == 3);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_profile_id == -1);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_action == SESSION_ACTION_BLOCK);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].rule_id == 12);
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].sff_profile_id == 6);
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].sf_profile_id == 1);
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].sf_action == SESSION_ACTION_BLOCK);
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].rule_id == 12);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sff_profile_id == 6);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_profile_id == 1);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_action == SESSION_ACTION_BLOCK);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
selected_chaining_dump(chainings.chaining_decrypted);
selected_chaining_bref(chainings.chaining_decrypted);
selected_chaining_destory(chainings.chaining_decrypted);
selected_chaining_dump(s_ctx.chaining_decrypted);
selected_chaining_bref(s_ctx.chaining_decrypted);
selected_chaining_destory(s_ctx.chaining_decrypted);
printf("Before Sleep\n");
sleep(1);
@@ -672,20 +666,19 @@ TEST(POLICY, POLICY_ENFORCER_MIX_TRAFFIC_MUTIL_HITS)
EXPECT_TRUE((char *)payload - (char *)&data1 == 70);
const char *profile = "./test_resource/sce.conf";
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8, NULL);
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8);
EXPECT_TRUE(enforcer != nullptr);
EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);
int dir_is_i2e = 1;
struct selected_chainings chainings;
chainings.chaining_raw = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
chainings.chaining_decrypted = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
int direction = 1;
s_ctx.chaining_raw = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
s_ctx.chaining_decrypted = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
// raw traffic multi hits
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 1, dir_is_i2e);
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 2, dir_is_i2e);
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 1, direction);
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 2, direction);
// decrypted traffic multi hits
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 11, dir_is_i2e);
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 12, dir_is_i2e);
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 11, direction);
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 12, direction);
/*
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 1
@@ -769,54 +762,54 @@ TEST(POLICY, POLICY_ENFORCER_MIX_TRAFFIC_MUTIL_HITS)
*/
// raw traffic
EXPECT_TRUE(chainings.chaining_raw->chaining_used == 3);
EXPECT_TRUE(s_ctx.chaining_raw->chaining_used == 3);
EXPECT_TRUE(chainings.chaining_raw->chaining[0].rule_id == 1);
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sff_profile_id == 1);
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sf_profile_id == -1);
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sf_action == SESSION_ACTION_BYPASS);
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].rule_id == 1);
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sff_profile_id == 1);
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_profile_id == -1);
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action == SESSION_ACTION_BYPASS);
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
EXPECT_TRUE(chainings.chaining_raw->chaining[1].rule_id == 2);
EXPECT_TRUE(chainings.chaining_raw->chaining[1].sff_profile_id == 3);
EXPECT_TRUE(chainings.chaining_raw->chaining[1].sf_profile_id == -1);
EXPECT_TRUE(chainings.chaining_raw->chaining[1].sf_action == SESSION_ACTION_BLOCK);
EXPECT_TRUE(chainings.chaining_raw->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].rule_id == 2);
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sff_profile_id == 3);
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_profile_id == -1);
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_action == SESSION_ACTION_BLOCK);
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
EXPECT_TRUE(chainings.chaining_raw->chaining[2].rule_id == 2);
EXPECT_TRUE(chainings.chaining_raw->chaining[2].sff_profile_id == 6);
EXPECT_TRUE(chainings.chaining_raw->chaining[2].sf_profile_id == 1);
EXPECT_TRUE(chainings.chaining_raw->chaining[2].sf_action == SESSION_ACTION_BLOCK);
EXPECT_TRUE(chainings.chaining_raw->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].rule_id == 2);
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sff_profile_id == 6);
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_profile_id == 1);
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_action == SESSION_ACTION_BLOCK);
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
selected_chaining_dump(chainings.chaining_raw);
selected_chaining_bref(chainings.chaining_raw);
selected_chaining_destory(chainings.chaining_raw);
selected_chaining_dump(s_ctx.chaining_raw);
selected_chaining_bref(s_ctx.chaining_raw);
selected_chaining_destory(s_ctx.chaining_raw);
// decrypted traffic
EXPECT_TRUE(chainings.chaining_decrypted->chaining_used == 3);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining_used == 3);
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].rule_id == 11);
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sff_profile_id == 1);
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sf_profile_id == -1);
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sf_action == SESSION_ACTION_BYPASS);
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].rule_id == 11);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sff_profile_id == 1);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_profile_id == -1);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action == SESSION_ACTION_BYPASS);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].rule_id == 12);
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].sff_profile_id == 3);
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].sf_profile_id == -1);
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].sf_action == SESSION_ACTION_BLOCK);
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].rule_id == 12);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sff_profile_id == 3);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_profile_id == -1);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_action == SESSION_ACTION_BLOCK);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].rule_id == 12);
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].sff_profile_id == 6);
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].sf_profile_id == 1);
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].sf_action == SESSION_ACTION_BLOCK);
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].rule_id == 12);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sff_profile_id == 6);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_profile_id == 1);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_action == SESSION_ACTION_BLOCK);
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
selected_chaining_dump(chainings.chaining_decrypted);
selected_chaining_bref(chainings.chaining_decrypted);
selected_chaining_destory(chainings.chaining_decrypted);
selected_chaining_dump(s_ctx.chaining_decrypted);
selected_chaining_bref(s_ctx.chaining_decrypted);
selected_chaining_destory(s_ctx.chaining_decrypted);
printf("Before Sleep\n");
sleep(1);